Jun 22 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26165]: pam_unix(cron:session): session closed for user root
Jun 22 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session closed for user root
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[372]: Successful su for rubyman by root
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[372]: + ??? root:rubyman
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569277 of user rubyman.
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[372]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569277.
Jun 22 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session closed for user root
Jun 22 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[307]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 06:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Failed password for root from 193.37.70.224 port 58436 ssh2
Jun 22 06:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Connection closed by 193.37.70.224 port 58436 [preauth]
Jun 22 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31701]: pam_unix(cron:session): session closed for user root
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[867]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1000]: Successful su for rubyman by root
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1000]: + ??? root:rubyman
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569283 of user rubyman.
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1000]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569283.
Jun 22 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session closed for user root
Jun 22 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30268]: pam_unix(cron:session): session closed for user root
Jun 22 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[868]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32139]: pam_unix(cron:session): session closed for user root
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1459]: pam_unix(cron:session): session closed for user root
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1428]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1604]: Successful su for rubyman by root
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1604]: + ??? root:rubyman
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569286 of user rubyman.
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1604]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569286.
Jun 22 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1431]: pam_unix(cron:session): session closed for user root
Jun 22 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30680]: pam_unix(cron:session): session closed for user root
Jun 22 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1430]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session closed for user root
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2039]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2121]: Successful su for rubyman by root
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2121]: + ??? root:rubyman
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569294 of user rubyman.
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2121]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569294.
Jun 22 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2040]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31174]: pam_unix(cron:session): session closed for user root
Jun 22 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[870]: pam_unix(cron:session): session closed for user root
Jun 22 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2480]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2549]: Successful su for rubyman by root
Jun 22 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2549]: + ??? root:rubyman
Jun 22 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569297 of user rubyman.
Jun 22 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2549]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569297.
Jun 22 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31700]: pam_unix(cron:session): session closed for user root
Jun 22 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2481]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1444]: pam_unix(cron:session): session closed for user root
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2899]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2959]: Successful su for rubyman by root
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2959]: + ??? root:rubyman
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569300 of user rubyman.
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2959]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569300.
Jun 22 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32138]: pam_unix(cron:session): session closed for user root
Jun 22 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2901]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 06:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3177]: Failed password for root from 109.237.96.109 port 45642 ssh2
Jun 22 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3177]: Connection closed by 109.237.96.109 port 45642 [preauth]
Jun 22 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2048]: pam_unix(cron:session): session closed for user root
Jun 22 06:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Invalid user admin from 38.55.97.143
Jun 22 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: input_userauth_request: invalid user admin [preauth]
Jun 22 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 06:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Failed password for invalid user admin from 38.55.97.143 port 54172 ssh2
Jun 22 06:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Connection closed by 38.55.97.143 port 54172 [preauth]
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3292]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3356]: Successful su for rubyman by root
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3356]: + ??? root:rubyman
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569305 of user rubyman.
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3356]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569305.
Jun 22 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[308]: pam_unix(cron:session): session closed for user root
Jun 22 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3293]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: Invalid user orangepi from 38.55.97.143
Jun 22 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: input_userauth_request: invalid user orangepi [preauth]
Jun 22 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: Failed password for invalid user orangepi from 38.55.97.143 port 34908 ssh2
Jun 22 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: Connection closed by 38.55.97.143 port 34908 [preauth]
Jun 22 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2483]: pam_unix(cron:session): session closed for user root
Jun 22 06:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session closed for user root
Jun 22 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3792]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3873]: Successful su for rubyman by root
Jun 22 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3873]: + ??? root:rubyman
Jun 22 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569310 of user rubyman.
Jun 22 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3873]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569310.
Jun 22 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3795]: pam_unix(cron:session): session closed for user root
Jun 22 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[869]: pam_unix(cron:session): session closed for user root
Jun 22 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3794]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 06:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Failed password for root from 194.113.233.25 port 42548 ssh2
Jun 22 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Connection closed by 194.113.233.25 port 42548 [preauth]
Jun 22 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: Failed password for root from 38.55.97.143 port 37142 ssh2
Jun 22 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: Connection closed by 38.55.97.143 port 37142 [preauth]
Jun 22 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2903]: pam_unix(cron:session): session closed for user root
Jun 22 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: Failed password for root from 38.55.97.143 port 49068 ssh2
Jun 22 06:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: Connection closed by 38.55.97.143 port 49068 [preauth]
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4343]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4408]: Successful su for rubyman by root
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4408]: + ??? root:rubyman
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569314 of user rubyman.
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4408]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569314.
Jun 22 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1443]: pam_unix(cron:session): session closed for user root
Jun 22 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4344]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Failed password for root from 38.55.97.143 port 58680 ssh2
Jun 22 06:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Connection closed by 38.55.97.143 port 58680 [preauth]
Jun 22 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3295]: pam_unix(cron:session): session closed for user root
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: Successful su for rubyman by root
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: + ??? root:rubyman
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569318 of user rubyman.
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569318.
Jun 22 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2047]: pam_unix(cron:session): session closed for user root
Jun 22 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4775]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Failed password for root from 38.55.97.143 port 36520 ssh2
Jun 22 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Connection closed by 38.55.97.143 port 36520 [preauth]
Jun 22 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session closed for user root
Jun 22 06:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 06:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Failed password for root from 62.133.62.83 port 38718 ssh2
Jun 22 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Connection closed by 62.133.62.83 port 38718 [preauth]
Jun 22 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Failed password for root from 38.55.97.143 port 44658 ssh2
Jun 22 06:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Connection closed by 38.55.97.143 port 44658 [preauth]
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5266]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5332]: Successful su for rubyman by root
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5332]: + ??? root:rubyman
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569322 of user rubyman.
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5332]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569322.
Jun 22 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2482]: pam_unix(cron:session): session closed for user root
Jun 22 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5267]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: Failed password for root from 38.55.97.143 port 52400 ssh2
Jun 22 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: Connection closed by 38.55.97.143 port 52400 [preauth]
Jun 22 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4347]: pam_unix(cron:session): session closed for user root
Jun 22 06:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Invalid user test from 38.55.97.143
Jun 22 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: input_userauth_request: invalid user test [preauth]
Jun 22 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Failed password for invalid user test from 38.55.97.143 port 54504 ssh2
Jun 22 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Connection closed by 38.55.97.143 port 54504 [preauth]
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5727]: Successful su for rubyman by root
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5727]: + ??? root:rubyman
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569326 of user rubyman.
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5727]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569326.
Jun 22 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2902]: pam_unix(cron:session): session closed for user root
Jun 22 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: Received disconnect from 86.111.187.163 port 40420:11: disconnected by user [preauth]
Jun 22 06:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: Disconnected from 86.111.187.163 port 40420 [preauth]
Jun 22 06:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.138.26  user=root
Jun 22 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: Failed password for root from 36.88.138.26 port 48766 ssh2
Jun 22 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: Connection closed by 36.88.138.26 port 48766 [preauth]
Jun 22 06:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Invalid user user from 38.55.97.143
Jun 22 06:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: input_userauth_request: invalid user user [preauth]
Jun 22 06:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Failed password for invalid user user from 38.55.97.143 port 60856 ssh2
Jun 22 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Connection closed by 38.55.97.143 port 60856 [preauth]
Jun 22 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session closed for user root
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6067]: pam_unix(cron:session): session closed for user root
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6062]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6129]: Successful su for rubyman by root
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6129]: + ??? root:rubyman
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569332 of user rubyman.
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6129]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569332.
Jun 22 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3294]: pam_unix(cron:session): session closed for user root
Jun 22 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6064]: pam_unix(cron:session): session closed for user root
Jun 22 06:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6063]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6373]: Failed password for root from 38.55.97.143 port 56082 ssh2
Jun 22 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6373]: Connection closed by 38.55.97.143 port 56082 [preauth]
Jun 22 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5269]: pam_unix(cron:session): session closed for user root
Jun 22 06:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Invalid user admin from 38.55.97.143
Jun 22 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: input_userauth_request: invalid user admin [preauth]
Jun 22 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Failed password for invalid user admin from 38.55.97.143 port 48018 ssh2
Jun 22 06:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Connection closed by 38.55.97.143 port 48018 [preauth]
Jun 22 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6560]: Successful su for rubyman by root
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6560]: + ??? root:rubyman
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569337 of user rubyman.
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6560]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569337.
Jun 22 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: Failed password for root from 193.24.211.107 port 12642 ssh2
Jun 22 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: Received disconnect from 193.24.211.107 port 12642:11: Client disconnecting normally [preauth]
Jun 22 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: Disconnected from 193.24.211.107 port 12642 [preauth]
Jun 22 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3796]: pam_unix(cron:session): session closed for user root
Jun 22 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 06:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6745]: Failed password for root from 103.122.221.179 port 39834 ssh2
Jun 22 06:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6745]: Connection closed by 103.122.221.179 port 39834 [preauth]
Jun 22 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Invalid user cirros from 38.55.97.143
Jun 22 06:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: input_userauth_request: invalid user cirros [preauth]
Jun 22 06:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Failed password for invalid user cirros from 38.55.97.143 port 59958 ssh2
Jun 22 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Connection closed by 38.55.97.143 port 59958 [preauth]
Jun 22 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5671]: pam_unix(cron:session): session closed for user root
Jun 22 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6930]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6929]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6926]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7020]: Successful su for rubyman by root
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7020]: + ??? root:rubyman
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569342 of user rubyman.
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7020]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569342.
Jun 22 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Failed password for root from 38.55.97.143 port 34004 ssh2
Jun 22 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Connection closed by 38.55.97.143 port 34004 [preauth]
Jun 22 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4345]: pam_unix(cron:session): session closed for user root
Jun 22 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6928]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6066]: pam_unix(cron:session): session closed for user root
Jun 22 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Connection closed by 218.208.8.107 port 59438 [preauth]
Jun 22 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: Failed password for root from 38.55.97.143 port 38746 ssh2
Jun 22 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: Connection closed by 38.55.97.143 port 38746 [preauth]
Jun 22 06:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Failed password for root from 103.15.222.183 port 43980 ssh2
Jun 22 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Connection closed by 103.15.222.183 port 43980 [preauth]
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7420]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7479]: Successful su for rubyman by root
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7479]: + ??? root:rubyman
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569344 of user rubyman.
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7479]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569344.
Jun 22 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session closed for user root
Jun 22 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7421]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Invalid user user from 141.98.83.240
Jun 22 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: input_userauth_request: invalid user user [preauth]
Jun 22 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 06:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Invalid user admin from 38.55.97.143
Jun 22 06:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: input_userauth_request: invalid user admin [preauth]
Jun 22 06:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Failed password for invalid user user from 141.98.83.240 port 60362 ssh2
Jun 22 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Failed password for invalid user admin from 38.55.97.143 port 41564 ssh2
Jun 22 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Connection closed by 38.55.97.143 port 41564 [preauth]
Jun 22 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Failed password for invalid user user from 141.98.83.240 port 60362 ssh2
Jun 22 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Failed password for invalid user user from 141.98.83.240 port 60362 ssh2
Jun 22 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Connection closed by 141.98.83.240 port 60362 [preauth]
Jun 22 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session closed for user root
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7908]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7965]: Successful su for rubyman by root
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7965]: + ??? root:rubyman
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569349 of user rubyman.
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7965]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569349.
Jun 22 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5268]: pam_unix(cron:session): session closed for user root
Jun 22 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7909]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: Failed password for root from 38.55.97.143 port 57760 ssh2
Jun 22 06:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: Connection closed by 38.55.97.143 port 57760 [preauth]
Jun 22 06:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6930]: pam_unix(cron:session): session closed for user root
Jun 22 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session closed for user root
Jun 22 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8302]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8371]: Successful su for rubyman by root
Jun 22 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8371]: + ??? root:rubyman
Jun 22 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569354 of user rubyman.
Jun 22 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8371]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569354.
Jun 22 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5670]: pam_unix(cron:session): session closed for user root
Jun 22 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8304]: pam_unix(cron:session): session closed for user root
Jun 22 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8303]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Invalid user rpc from 38.55.97.143
Jun 22 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: input_userauth_request: invalid user rpc [preauth]
Jun 22 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 06:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Failed password for invalid user rpc from 38.55.97.143 port 43092 ssh2
Jun 22 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Connection closed by 38.55.97.143 port 43092 [preauth]
Jun 22 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session closed for user root
Jun 22 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Failed password for root from 103.27.238.116 port 33962 ssh2
Jun 22 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Connection closed by 103.27.238.116 port 33962 [preauth]
Jun 22 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8733]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8801]: Successful su for rubyman by root
Jun 22 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8801]: + ??? root:rubyman
Jun 22 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569358 of user rubyman.
Jun 22 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8801]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569358.
Jun 22 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6065]: pam_unix(cron:session): session closed for user root
Jun 22 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8734]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: Failed password for root from 38.55.97.143 port 55890 ssh2
Jun 22 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: Connection closed by 38.55.97.143 port 55890 [preauth]
Jun 22 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7911]: pam_unix(cron:session): session closed for user root
Jun 22 06:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Connection closed by 218.208.8.107 port 58000 [preauth]
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9152]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: Successful su for rubyman by root
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: + ??? root:rubyman
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569362 of user rubyman.
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569362.
Jun 22 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session closed for user root
Jun 22 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9153]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Failed password for root from 38.55.97.143 port 40602 ssh2
Jun 22 06:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Connection closed by 38.55.97.143 port 40602 [preauth]
Jun 22 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session closed for user root
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9536]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9607]: Successful su for rubyman by root
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9607]: + ??? root:rubyman
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569367 of user rubyman.
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9607]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569367.
Jun 22 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6929]: pam_unix(cron:session): session closed for user root
Jun 22 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9824]: Failed password for root from 38.55.97.143 port 53820 ssh2
Jun 22 06:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9824]: Connection closed by 38.55.97.143 port 53820 [preauth]
Jun 22 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8736]: pam_unix(cron:session): session closed for user root
Jun 22 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session closed for user p13x
Jun 22 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: Successful su for rubyman by root
Jun 22 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: + ??? root:rubyman
Jun 22 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569371 of user rubyman.
Jun 22 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: pam_unix(su:session): session closed for user rubyman
Jun 22 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569371.
Jun 22 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7422]: pam_unix(cron:session): session closed for user root
Jun 22 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session closed for user samftp
Jun 22 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Invalid user ayleen from 2.57.121.112
Jun 22 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: input_userauth_request: invalid user ayleen [preauth]
Jun 22 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Failed password for invalid user ayleen from 2.57.121.112 port 19590 ssh2
Jun 22 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Failed password for invalid user ayleen from 2.57.121.112 port 19590 ssh2
Jun 22 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Invalid user user1 from 38.55.97.143
Jun 22 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: input_userauth_request: invalid user user1 [preauth]
Jun 22 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Failed password for invalid user ayleen from 2.57.121.112 port 19590 ssh2
Jun 22 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Failed password for invalid user user1 from 38.55.97.143 port 39140 ssh2
Jun 22 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Connection closed by 38.55.97.143 port 39140 [preauth]
Jun 22 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Failed password for invalid user ayleen from 2.57.121.112 port 19590 ssh2
Jun 22 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Failed password for invalid user ayleen from 2.57.121.112 port 19590 ssh2
Jun 22 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Connection closed by 2.57.121.112 port 19590 [preauth]
Jun 22 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 22 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9155]: pam_unix(cron:session): session closed for user root
Jun 22 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10616]: pam_unix(cron:session): session closed for user root
Jun 22 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10612]: pam_unix(cron:session): session closed for user root
Jun 22 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10713]: Successful su for rubyman by root
Jun 22 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10713]: + ??? root:rubyman
Jun 22 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569379 of user rubyman.
Jun 22 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10713]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569379.
Jun 22 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7910]: pam_unix(cron:session): session closed for user root
Jun 22 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10613]: pam_unix(cron:session): session closed for user root
Jun 22 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9539]: pam_unix(cron:session): session closed for user root
Jun 22 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: Failed password for root from 38.55.97.143 port 52778 ssh2
Jun 22 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: Connection closed by 38.55.97.143 port 52778 [preauth]
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11136]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11208]: Successful su for rubyman by root
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11208]: + ??? root:rubyman
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569381 of user rubyman.
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11208]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569381.
Jun 22 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session closed for user root
Jun 22 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11137]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: Connection closed by 45.148.10.121 port 48774 [preauth]
Jun 22 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session closed for user root
Jun 22 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: Failed password for root from 37.233.85.71 port 55642 ssh2
Jun 22 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: Connection closed by 37.233.85.71 port 55642 [preauth]
Jun 22 07:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: Failed password for root from 38.55.97.143 port 42234 ssh2
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: Connection closed by 38.55.97.143 port 42234 [preauth]
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11632]: Successful su for rubyman by root
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11632]: + ??? root:rubyman
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569385 of user rubyman.
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11632]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569385.
Jun 22 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8735]: pam_unix(cron:session): session closed for user root
Jun 22 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10615]: pam_unix(cron:session): session closed for user root
Jun 22 07:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: Successful su for rubyman by root
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: + ??? root:rubyman
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569390 of user rubyman.
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569390.
Jun 22 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 22 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9154]: pam_unix(cron:session): session closed for user root
Jun 22 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12166]: Failed password for root from 147.45.211.215 port 32834 ssh2
Jun 22 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12166]: Connection closed by 147.45.211.215 port 32834 [preauth]
Jun 22 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: User nobody from 38.55.97.143 not allowed because not listed in AllowUsers
Jun 22 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: input_userauth_request: invalid user nobody [preauth]
Jun 22 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=nobody
Jun 22 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Failed password for invalid user nobody from 38.55.97.143 port 58132 ssh2
Jun 22 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: Failed password for root from 147.45.199.80 port 58726 ssh2
Jun 22 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: Connection closed by 147.45.199.80 port 58726 [preauth]
Jun 22 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Connection closed by 38.55.97.143 port 58132 [preauth]
Jun 22 07:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 07:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Failed password for root from 103.82.132.16 port 41762 ssh2
Jun 22 07:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Connection closed by 103.82.132.16 port 41762 [preauth]
Jun 22 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session closed for user root
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: Successful su for rubyman by root
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: + ??? root:rubyman
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569394 of user rubyman.
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569394.
Jun 22 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session closed for user root
Jun 22 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Invalid user kali from 38.55.97.143
Jun 22 07:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: input_userauth_request: invalid user kali [preauth]
Jun 22 07:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Failed password for invalid user kali from 38.55.97.143 port 43916 ssh2
Jun 22 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Connection closed by 38.55.97.143 port 43916 [preauth]
Jun 22 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session closed for user root
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12964]: pam_unix(cron:session): session closed for user root
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12959]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13031]: Successful su for rubyman by root
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13031]: + ??? root:rubyman
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569399 of user rubyman.
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13031]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569399.
Jun 22 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session closed for user root
Jun 22 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12961]: pam_unix(cron:session): session closed for user root
Jun 22 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12960]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 07:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Failed password for root from 80.66.85.226 port 34684 ssh2
Jun 22 07:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Connection closed by 80.66.85.226 port 34684 [preauth]
Jun 22 07:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13315]: Received disconnect from 96.8.116.34 port 46710:11: disconnected by user [preauth]
Jun 22 07:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13315]: Disconnected from 96.8.116.34 port 46710 [preauth]
Jun 22 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session closed for user root
Jun 22 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: Invalid user linaro from 38.55.97.143
Jun 22 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: input_userauth_request: invalid user linaro [preauth]
Jun 22 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: Failed password for invalid user linaro from 38.55.97.143 port 56562 ssh2
Jun 22 07:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: Connection closed by 38.55.97.143 port 56562 [preauth]
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13406]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13479]: Successful su for rubyman by root
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13479]: + ??? root:rubyman
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569404 of user rubyman.
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13479]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569404.
Jun 22 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10614]: pam_unix(cron:session): session closed for user root
Jun 22 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12550]: pam_unix(cron:session): session closed for user root
Jun 22 07:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: Failed password for root from 38.55.97.143 port 41458 ssh2
Jun 22 07:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: Connection closed by 38.55.97.143 port 41458 [preauth]
Jun 22 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: Received disconnect from 192.3.150.58 port 47662:11: disconnected by user [preauth]
Jun 22 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: Disconnected from 192.3.150.58 port 47662 [preauth]
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13885]: Successful su for rubyman by root
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13885]: + ??? root:rubyman
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569408 of user rubyman.
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13885]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569408.
Jun 22 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11138]: pam_unix(cron:session): session closed for user root
Jun 22 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12963]: pam_unix(cron:session): session closed for user root
Jun 22 07:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 07:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Failed password for root from 38.55.97.143 port 54772 ssh2
Jun 22 07:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Connection closed by 38.55.97.143 port 54772 [preauth]
Jun 22 07:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14208]: Failed password for root from 193.24.211.107 port 41440 ssh2
Jun 22 07:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14208]: Received disconnect from 193.24.211.107 port 41440:11: Client disconnecting normally [preauth]
Jun 22 07:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14208]: Disconnected from 193.24.211.107 port 41440 [preauth]
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14223]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14281]: Successful su for rubyman by root
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14281]: + ??? root:rubyman
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569412 of user rubyman.
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14281]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569412.
Jun 22 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Failed password for root from 38.93.206.2 port 54568 ssh2
Jun 22 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Connection closed by 38.93.206.2 port 54568 [preauth]
Jun 22 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session closed for user root
Jun 22 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14224]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13409]: pam_unix(cron:session): session closed for user root
Jun 22 07:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Failed password for root from 38.55.97.143 port 38946 ssh2
Jun 22 07:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Connection closed by 38.55.97.143 port 38946 [preauth]
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14606]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14815]: Successful su for rubyman by root
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14815]: + ??? root:rubyman
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569416 of user rubyman.
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14815]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569416.
Jun 22 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session closed for user root
Jun 22 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session closed for user root
Jun 22 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13827]: pam_unix(cron:session): session closed for user root
Jun 22 07:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Failed password for root from 38.55.97.143 port 51728 ssh2
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session closed for user root
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15190]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Connection closed by 38.55.97.143 port 51728 [preauth]
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15267]: Successful su for rubyman by root
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15267]: + ??? root:rubyman
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569425 of user rubyman.
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15267]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569425.
Jun 22 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session closed for user root
Jun 22 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session closed for user root
Jun 22 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15191]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14226]: pam_unix(cron:session): session closed for user root
Jun 22 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15607]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15674]: Successful su for rubyman by root
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15674]: + ??? root:rubyman
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569426 of user rubyman.
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15674]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569426.
Jun 22 07:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12962]: pam_unix(cron:session): session closed for user root
Jun 22 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15608]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Failed password for root from 38.55.97.143 port 37064 ssh2
Jun 22 07:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Connection closed by 38.55.97.143 port 37064 [preauth]
Jun 22 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14611]: pam_unix(cron:session): session closed for user root
Jun 22 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15999]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16059]: Successful su for rubyman by root
Jun 22 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16059]: + ??? root:rubyman
Jun 22 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569430 of user rubyman.
Jun 22 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16059]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569430.
Jun 22 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session closed for user root
Jun 22 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16000]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Failed password for root from 38.55.97.143 port 50718 ssh2
Jun 22 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Connection closed by 38.55.97.143 port 50718 [preauth]
Jun 22 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session closed for user root
Jun 22 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16391]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: Successful su for rubyman by root
Jun 22 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: + ??? root:rubyman
Jun 22 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569435 of user rubyman.
Jun 22 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569435.
Jun 22 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13826]: pam_unix(cron:session): session closed for user root
Jun 22 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16392]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Invalid user admin from 38.55.97.143
Jun 22 07:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: input_userauth_request: invalid user admin [preauth]
Jun 22 07:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Failed password for invalid user admin from 38.55.97.143 port 35508 ssh2
Jun 22 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Connection closed by 38.55.97.143 port 35508 [preauth]
Jun 22 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15610]: pam_unix(cron:session): session closed for user root
Jun 22 07:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16864]: Successful su for rubyman by root
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16864]: + ??? root:rubyman
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569438 of user rubyman.
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16864]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569438.
Jun 22 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14225]: pam_unix(cron:session): session closed for user root
Jun 22 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: Failed password for root from 38.55.97.143 port 48188 ssh2
Jun 22 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: Connection closed by 38.55.97.143 port 48188 [preauth]
Jun 22 07:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16002]: pam_unix(cron:session): session closed for user root
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17281]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17284]: pam_unix(cron:session): session closed for user root
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17279]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17355]: Successful su for rubyman by root
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17355]: + ??? root:rubyman
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569444 of user rubyman.
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17355]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569444.
Jun 22 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17281]: pam_unix(cron:session): session closed for user root
Jun 22 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14610]: pam_unix(cron:session): session closed for user root
Jun 22 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17280]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Failed password for root from 51.250.105.222 port 53300 ssh2
Jun 22 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Connection closed by 51.250.105.222 port 53300 [preauth]
Jun 22 07:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: Failed password for root from 38.55.97.143 port 60764 ssh2
Jun 22 07:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: Connection closed by 38.55.97.143 port 60764 [preauth]
Jun 22 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16394]: pam_unix(cron:session): session closed for user root
Jun 22 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: Failed password for root from 87.251.79.125 port 50398 ssh2
Jun 22 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: Connection closed by 87.251.79.125 port 50398 [preauth]
Jun 22 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17812]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17900]: Successful su for rubyman by root
Jun 22 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17900]: + ??? root:rubyman
Jun 22 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569448 of user rubyman.
Jun 22 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17900]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569448.
Jun 22 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session closed for user root
Jun 22 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session closed for user root
Jun 22 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for root from 38.55.97.143 port 51976 ssh2
Jun 22 07:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Connection closed by 38.55.97.143 port 51976 [preauth]
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session closed for user root
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18330]: Successful su for rubyman by root
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18330]: + ??? root:rubyman
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569452 of user rubyman.
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18330]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569452.
Jun 22 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15609]: pam_unix(cron:session): session closed for user root
Jun 22 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17283]: pam_unix(cron:session): session closed for user root
Jun 22 07:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Failed password for root from 38.55.97.143 port 37198 ssh2
Jun 22 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Connection closed by 38.55.97.143 port 37198 [preauth]
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18757]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: Successful su for rubyman by root
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: + ??? root:rubyman
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569459 of user rubyman.
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569459.
Jun 22 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16001]: pam_unix(cron:session): session closed for user root
Jun 22 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17815]: pam_unix(cron:session): session closed for user root
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19262]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19323]: Successful su for rubyman by root
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19323]: + ??? root:rubyman
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569461 of user rubyman.
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19323]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569461.
Jun 22 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16393]: pam_unix(cron:session): session closed for user root
Jun 22 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19263]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: Invalid user admin from 38.55.97.143
Jun 22 07:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: input_userauth_request: invalid user admin [preauth]
Jun 22 07:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: Failed password for invalid user admin from 38.55.97.143 port 50648 ssh2
Jun 22 07:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: Connection closed by 38.55.97.143 port 50648 [preauth]
Jun 22 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18261]: pam_unix(cron:session): session closed for user root
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session closed for user root
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: Successful su for rubyman by root
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: + ??? root:rubyman
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569468 of user rubyman.
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569468.
Jun 22 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16790]: pam_unix(cron:session): session closed for user root
Jun 22 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19881]: pam_unix(cron:session): session closed for user root
Jun 22 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19880]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18760]: pam_unix(cron:session): session closed for user root
Jun 22 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 22 07:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: Failed password for root from 176.32.39.21 port 53998 ssh2
Jun 22 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: Connection closed by 176.32.39.21 port 53998 [preauth]
Jun 22 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: Invalid user user from 38.55.97.143
Jun 22 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: input_userauth_request: invalid user user [preauth]
Jun 22 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20412]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20487]: Successful su for rubyman by root
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20487]: + ??? root:rubyman
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569471 of user rubyman.
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20487]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569471.
Jun 22 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: Failed password for invalid user user from 38.55.97.143 port 35636 ssh2
Jun 22 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: Connection closed by 38.55.97.143 port 35636 [preauth]
Jun 22 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17282]: pam_unix(cron:session): session closed for user root
Jun 22 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19265]: pam_unix(cron:session): session closed for user root
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20973]: Successful su for rubyman by root
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20973]: + ??? root:rubyman
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569476 of user rubyman.
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20973]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569476.
Jun 22 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17814]: pam_unix(cron:session): session closed for user root
Jun 22 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20914]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session closed for user root
Jun 22 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: Failed password for root from 38.55.97.143 port 52372 ssh2
Jun 22 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: Connection closed by 38.55.97.143 port 52372 [preauth]
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21312]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21381]: Successful su for rubyman by root
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21381]: + ??? root:rubyman
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569479 of user rubyman.
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21381]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569479.
Jun 22 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18260]: pam_unix(cron:session): session closed for user root
Jun 22 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21313]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20416]: pam_unix(cron:session): session closed for user root
Jun 22 07:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 07:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: Received disconnect from 188.44.20.24 port 34512:11: disconnected by user [preauth]
Jun 22 07:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: Disconnected from 188.44.20.24 port 34512 [preauth]
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21756]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21822]: Successful su for rubyman by root
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21822]: + ??? root:rubyman
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569484 of user rubyman.
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21822]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569484.
Jun 22 07:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session closed for user root
Jun 22 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: Received disconnect from 96.127.172.215 port 38728:11: disconnected by user [preauth]
Jun 22 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: Disconnected from 96.127.172.215 port 38728 [preauth]
Jun 22 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21757]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Failed password for root from 38.55.97.143 port 38826 ssh2
Jun 22 07:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Connection closed by 38.55.97.143 port 38826 [preauth]
Jun 22 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20916]: pam_unix(cron:session): session closed for user root
Jun 22 07:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22164]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22167]: pam_unix(cron:session): session closed for user root
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22162]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22234]: Successful su for rubyman by root
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22234]: + ??? root:rubyman
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569487 of user rubyman.
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22234]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569487.
Jun 22 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: Failed password for root from 193.24.211.107 port 54352 ssh2
Jun 22 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: Received disconnect from 193.24.211.107 port 54352:11: Client disconnecting normally [preauth]
Jun 22 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: Disconnected from 193.24.211.107 port 54352 [preauth]
Jun 22 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22164]: pam_unix(cron:session): session closed for user root
Jun 22 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19264]: pam_unix(cron:session): session closed for user root
Jun 22 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22163]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21316]: pam_unix(cron:session): session closed for user root
Jun 22 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Invalid user admin from 38.55.97.143
Jun 22 07:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: input_userauth_request: invalid user admin [preauth]
Jun 22 07:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Failed password for invalid user admin from 38.55.97.143 port 52188 ssh2
Jun 22 07:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Connection closed by 38.55.97.143 port 52188 [preauth]
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22679]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22749]: Successful su for rubyman by root
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22749]: + ??? root:rubyman
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569494 of user rubyman.
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22749]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569494.
Jun 22 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19882]: pam_unix(cron:session): session closed for user root
Jun 22 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21759]: pam_unix(cron:session): session closed for user root
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23152]: Successful su for rubyman by root
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23152]: + ??? root:rubyman
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569498 of user rubyman.
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23152]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569498.
Jun 22 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20415]: pam_unix(cron:session): session closed for user root
Jun 22 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: Failed password for root from 38.55.97.143 port 36728 ssh2
Jun 22 07:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: Connection closed by 38.55.97.143 port 36728 [preauth]
Jun 22 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 22 07:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23392]: Failed password for root from 46.19.67.181 port 33766 ssh2
Jun 22 07:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23392]: Connection closed by 46.19.67.181 port 33766 [preauth]
Jun 22 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22166]: pam_unix(cron:session): session closed for user root
Jun 22 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23516]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23514]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23576]: Successful su for rubyman by root
Jun 22 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23576]: + ??? root:rubyman
Jun 22 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569501 of user rubyman.
Jun 22 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23576]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569501.
Jun 22 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20915]: pam_unix(cron:session): session closed for user root
Jun 22 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23515]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 07:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Failed password for root from 103.149.28.157 port 41240 ssh2
Jun 22 07:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Connection closed by 103.149.28.157 port 41240 [preauth]
Jun 22 07:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22683]: pam_unix(cron:session): session closed for user root
Jun 22 07:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: Failed password for root from 38.55.97.143 port 47768 ssh2
Jun 22 07:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: Connection closed by 38.55.97.143 port 47768 [preauth]
Jun 22 07:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Invalid user cristian from 141.98.83.240
Jun 22 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: input_userauth_request: invalid user cristian [preauth]
Jun 22 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 07:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Failed password for invalid user cristian from 141.98.83.240 port 62126 ssh2
Jun 22 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Invalid user user from 193.46.255.86
Jun 22 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: input_userauth_request: invalid user user [preauth]
Jun 22 07:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.138.26  user=root
Jun 22 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Failed password for invalid user user from 193.46.255.86 port 39278 ssh2
Jun 22 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Failed password for invalid user cristian from 141.98.83.240 port 62126 ssh2
Jun 22 07:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: Failed password for root from 36.88.138.26 port 56405 ssh2
Jun 22 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: Connection closed by 36.88.138.26 port 56405 [preauth]
Jun 22 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Failed password for invalid user user from 193.46.255.86 port 39278 ssh2
Jun 22 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Failed password for invalid user cristian from 141.98.83.240 port 62126 ssh2
Jun 22 07:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Connection closed by 141.98.83.240 port 62126 [preauth]
Jun 22 07:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 07:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Failed password for invalid user user from 193.46.255.86 port 39278 ssh2
Jun 22 07:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Connection closed by 193.46.255.86 port 39278 [preauth]
Jun 22 07:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24036]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24096]: Successful su for rubyman by root
Jun 22 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24096]: + ??? root:rubyman
Jun 22 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569505 of user rubyman.
Jun 22 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24096]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569505.
Jun 22 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21314]: pam_unix(cron:session): session closed for user root
Jun 22 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24037]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23095]: pam_unix(cron:session): session closed for user root
Jun 22 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Failed password for root from 77.94.47.83 port 38616 ssh2
Jun 22 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Connection closed by 77.94.47.83 port 38616 [preauth]
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24457]: pam_unix(cron:session): session closed for user root
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24527]: Successful su for rubyman by root
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24527]: + ??? root:rubyman
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569511 of user rubyman.
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24527]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569511.
Jun 22 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24454]: pam_unix(cron:session): session closed for user root
Jun 22 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21758]: pam_unix(cron:session): session closed for user root
Jun 22 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24453]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: Invalid user postgres from 38.55.97.143
Jun 22 07:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: input_userauth_request: invalid user postgres [preauth]
Jun 22 07:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: Failed password for invalid user postgres from 38.55.97.143 port 58740 ssh2
Jun 22 07:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: Connection closed by 38.55.97.143 port 58740 [preauth]
Jun 22 07:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23517]: pam_unix(cron:session): session closed for user root
Jun 22 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: Connection closed by 194.59.206.2 port 46426 [preauth]
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24908]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24977]: Successful su for rubyman by root
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24977]: + ??? root:rubyman
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569516 of user rubyman.
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24977]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569516.
Jun 22 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22165]: pam_unix(cron:session): session closed for user root
Jun 22 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24909]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24039]: pam_unix(cron:session): session closed for user root
Jun 22 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Invalid user test from 45.148.10.121
Jun 22 07:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: input_userauth_request: invalid user test [preauth]
Jun 22 07:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 22 07:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Failed password for invalid user test from 45.148.10.121 port 44754 ssh2
Jun 22 07:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Connection closed by 45.148.10.121 port 44754 [preauth]
Jun 22 07:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Failed password for root from 38.55.97.143 port 42078 ssh2
Jun 22 07:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Connection closed by 38.55.97.143 port 42078 [preauth]
Jun 22 07:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Received disconnect from 62.210.36.194 port 56606:11: disconnected by user [preauth]
Jun 22 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Disconnected from 62.210.36.194 port 56606 [preauth]
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25324]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25385]: Successful su for rubyman by root
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25385]: + ??? root:rubyman
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569519 of user rubyman.
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25385]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569519.
Jun 22 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22682]: pam_unix(cron:session): session closed for user root
Jun 22 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25325]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24456]: pam_unix(cron:session): session closed for user root
Jun 22 07:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 07:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25702]: Failed password for root from 103.153.68.219 port 43792 ssh2
Jun 22 07:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25702]: Connection closed by 103.153.68.219 port 43792 [preauth]
Jun 22 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25715]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: Successful su for rubyman by root
Jun 22 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: + ??? root:rubyman
Jun 22 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569525 of user rubyman.
Jun 22 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569525.
Jun 22 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session closed for user root
Jun 22 07:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25716]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: Failed password for root from 38.55.97.143 port 57602 ssh2
Jun 22 07:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25701]: Connection closed by 38.55.97.143 port 57602 [preauth]
Jun 22 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24911]: pam_unix(cron:session): session closed for user root
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26102]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26167]: Successful su for rubyman by root
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26167]: + ??? root:rubyman
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569527 of user rubyman.
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26167]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569527.
Jun 22 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23516]: pam_unix(cron:session): session closed for user root
Jun 22 07:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26103]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25327]: pam_unix(cron:session): session closed for user root
Jun 22 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: Invalid user openhabian from 38.55.97.143
Jun 22 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: input_userauth_request: invalid user openhabian [preauth]
Jun 22 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: Failed password for invalid user openhabian from 38.55.97.143 port 43872 ssh2
Jun 22 07:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: Connection closed by 38.55.97.143 port 43872 [preauth]
Jun 22 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session closed for user root
Jun 22 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26504]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: Successful su for rubyman by root
Jun 22 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: + ??? root:rubyman
Jun 22 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569532 of user rubyman.
Jun 22 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569532.
Jun 22 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26506]: pam_unix(cron:session): session closed for user root
Jun 22 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24038]: pam_unix(cron:session): session closed for user root
Jun 22 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26505]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25718]: pam_unix(cron:session): session closed for user root
Jun 22 07:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27013]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27080]: Successful su for rubyman by root
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27080]: + ??? root:rubyman
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569537 of user rubyman.
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27080]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569537.
Jun 22 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24455]: pam_unix(cron:session): session closed for user root
Jun 22 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27015]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27001]: Failed password for root from 38.55.97.143 port 56100 ssh2
Jun 22 07:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27001]: Connection closed by 38.55.97.143 port 56100 [preauth]
Jun 22 07:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26106]: pam_unix(cron:session): session closed for user root
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27435]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27497]: Successful su for rubyman by root
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27497]: + ??? root:rubyman
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569543 of user rubyman.
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27497]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569543.
Jun 22 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24910]: pam_unix(cron:session): session closed for user root
Jun 22 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27436]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27568]: Connection closed by 218.208.8.107 port 57349 [preauth]
Jun 22 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Invalid user sshadmin from 38.55.97.143
Jun 22 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: input_userauth_request: invalid user sshadmin [preauth]
Jun 22 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Failed password for invalid user sshadmin from 38.55.97.143 port 43026 ssh2
Jun 22 07:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Connection closed by 38.55.97.143 port 43026 [preauth]
Jun 22 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session closed for user root
Jun 22 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27849]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27917]: Successful su for rubyman by root
Jun 22 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27917]: + ??? root:rubyman
Jun 22 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569545 of user rubyman.
Jun 22 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27917]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569545.
Jun 22 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25326]: pam_unix(cron:session): session closed for user root
Jun 22 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27855]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27017]: pam_unix(cron:session): session closed for user root
Jun 22 07:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 07:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28256]: Failed password for root from 103.77.175.15 port 42840 ssh2
Jun 22 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28256]: Connection closed by 103.77.175.15 port 42840 [preauth]
Jun 22 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Failed password for root from 38.55.97.143 port 54486 ssh2
Jun 22 07:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Connection closed by 38.55.97.143 port 54486 [preauth]
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28313]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28429]: Successful su for rubyman by root
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28429]: + ??? root:rubyman
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569550 of user rubyman.
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28429]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569550.
Jun 22 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28311]: pam_unix(cron:session): session closed for user root
Jun 22 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25717]: pam_unix(cron:session): session closed for user root
Jun 22 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28314]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27438]: pam_unix(cron:session): session closed for user root
Jun 22 07:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Invalid user frappe from 38.55.97.143
Jun 22 07:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: input_userauth_request: invalid user frappe [preauth]
Jun 22 07:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Failed password for invalid user frappe from 38.55.97.143 port 38750 ssh2
Jun 22 07:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Connection closed by 38.55.97.143 port 38750 [preauth]
Jun 22 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28910]: pam_unix(cron:session): session closed for user root
Jun 22 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28903]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28975]: Successful su for rubyman by root
Jun 22 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28975]: + ??? root:rubyman
Jun 22 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569558 of user rubyman.
Jun 22 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28975]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569558.
Jun 22 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26105]: pam_unix(cron:session): session closed for user root
Jun 22 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28905]: pam_unix(cron:session): session closed for user root
Jun 22 07:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28904]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27857]: pam_unix(cron:session): session closed for user root
Jun 22 07:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Invalid user huawei from 38.55.97.143
Jun 22 07:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: input_userauth_request: invalid user huawei [preauth]
Jun 22 07:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Failed password for invalid user huawei from 38.55.97.143 port 50522 ssh2
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: Successful su for rubyman by root
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: + ??? root:rubyman
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569560 of user rubyman.
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569560.
Jun 22 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Connection closed by 38.55.97.143 port 50522 [preauth]
Jun 22 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26507]: pam_unix(cron:session): session closed for user root
Jun 22 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28316]: pam_unix(cron:session): session closed for user root
Jun 22 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 07:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Failed password for root from 103.27.238.120 port 46178 ssh2
Jun 22 07:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Connection closed by 103.27.238.120 port 46178 [preauth]
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29910]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29969]: Successful su for rubyman by root
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29969]: + ??? root:rubyman
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569564 of user rubyman.
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29969]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569564.
Jun 22 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27016]: pam_unix(cron:session): session closed for user root
Jun 22 07:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29911]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Invalid user ubuntu from 38.55.97.143
Jun 22 07:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 07:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Failed password for invalid user ubuntu from 38.55.97.143 port 36654 ssh2
Jun 22 07:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Connection closed by 38.55.97.143 port 36654 [preauth]
Jun 22 07:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 07:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Failed password for root from 193.24.211.107 port 21706 ssh2
Jun 22 07:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Received disconnect from 193.24.211.107 port 21706:11: Client disconnecting normally [preauth]
Jun 22 07:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Disconnected from 193.24.211.107 port 21706 [preauth]
Jun 22 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28909]: pam_unix(cron:session): session closed for user root
Jun 22 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30325]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30384]: Successful su for rubyman by root
Jun 22 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30384]: + ??? root:rubyman
Jun 22 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569569 of user rubyman.
Jun 22 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30384]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569569.
Jun 22 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27437]: pam_unix(cron:session): session closed for user root
Jun 22 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30326]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: Invalid user vyos from 38.55.97.143
Jun 22 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: input_userauth_request: invalid user vyos [preauth]
Jun 22 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: Failed password for invalid user vyos from 38.55.97.143 port 50670 ssh2
Jun 22 07:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: Connection closed by 38.55.97.143 port 50670 [preauth]
Jun 22 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session closed for user root
Jun 22 07:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30733]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30794]: Successful su for rubyman by root
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30794]: + ??? root:rubyman
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569573 of user rubyman.
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30794]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569573.
Jun 22 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27856]: pam_unix(cron:session): session closed for user root
Jun 22 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30734]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: Failed password for root from 38.55.97.143 port 34066 ssh2
Jun 22 07:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: Connection closed by 38.55.97.143 port 34066 [preauth]
Jun 22 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29913]: pam_unix(cron:session): session closed for user root
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31229]: pam_unix(cron:session): session closed for user root
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31224]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31304]: Successful su for rubyman by root
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31304]: + ??? root:rubyman
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569576 of user rubyman.
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31304]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569576.
Jun 22 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session closed for user root
Jun 22 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28315]: pam_unix(cron:session): session closed for user root
Jun 22 07:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: Failed password for root from 38.55.97.143 port 45288 ssh2
Jun 22 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: Connection closed by 38.55.97.143 port 45288 [preauth]
Jun 22 07:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 22 07:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31554]: Failed password for root from 89.223.69.22 port 38296 ssh2
Jun 22 07:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31554]: Connection closed by 89.223.69.22 port 38296 [preauth]
Jun 22 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30328]: pam_unix(cron:session): session closed for user root
Jun 22 07:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31842]: Successful su for rubyman by root
Jun 22 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31842]: + ??? root:rubyman
Jun 22 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569583 of user rubyman.
Jun 22 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31842]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569583.
Jun 22 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: Invalid user admin from 38.55.97.143
Jun 22 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: input_userauth_request: invalid user admin [preauth]
Jun 22 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28906]: pam_unix(cron:session): session closed for user root
Jun 22 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31777]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: Failed password for invalid user admin from 38.55.97.143 port 56990 ssh2
Jun 22 07:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: Connection closed by 38.55.97.143 port 56990 [preauth]
Jun 22 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session closed for user root
Jun 22 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 07:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: Failed password for root from 103.77.242.62 port 38248 ssh2
Jun 22 07:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32143]: Connection closed by 103.77.242.62 port 38248 [preauth]
Jun 22 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: Invalid user p from 38.55.97.143
Jun 22 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: input_userauth_request: invalid user p [preauth]
Jun 22 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: Invalid user vendas from 156.38.73.89
Jun 22 07:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: input_userauth_request: invalid user vendas [preauth]
Jun 22 07:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: Failed password for invalid user p from 38.55.97.143 port 40714 ssh2
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32201]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32258]: Successful su for rubyman by root
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32258]: + ??? root:rubyman
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569586 of user rubyman.
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32258]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569586.
Jun 22 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: Failed password for invalid user vendas from 156.38.73.89 port 52288 ssh2
Jun 22 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: Received disconnect from 156.38.73.89 port 52288:11: Bye Bye [preauth]
Jun 22 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: Disconnected from 156.38.73.89 port 52288 [preauth]
Jun 22 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: Connection closed by 38.55.97.143 port 40714 [preauth]
Jun 22 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session closed for user root
Jun 22 07:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32202]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31228]: pam_unix(cron:session): session closed for user root
Jun 22 07:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Failed password for root from 38.55.97.143 port 52272 ssh2
Jun 22 07:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Connection closed by 38.55.97.143 port 52272 [preauth]
Jun 22 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32603]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32667]: Successful su for rubyman by root
Jun 22 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32667]: + ??? root:rubyman
Jun 22 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569591 of user rubyman.
Jun 22 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32667]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569591.
Jun 22 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29912]: pam_unix(cron:session): session closed for user root
Jun 22 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31779]: pam_unix(cron:session): session closed for user root
Jun 22 07:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Invalid user public from 38.55.97.143
Jun 22 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: input_userauth_request: invalid user public [preauth]
Jun 22 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Failed password for invalid user public from 38.55.97.143 port 34640 ssh2
Jun 22 07:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Connection closed by 38.55.97.143 port 34640 [preauth]
Jun 22 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[766]: Successful su for rubyman by root
Jun 22 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[766]: + ??? root:rubyman
Jun 22 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569594 of user rubyman.
Jun 22 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[766]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569594.
Jun 22 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30327]: pam_unix(cron:session): session closed for user root
Jun 22 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: Failed password for root from 103.82.20.28 port 55076 ssh2
Jun 22 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: Connection closed by 103.82.20.28 port 55076 [preauth]
Jun 22 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[703]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 07:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Failed password for root from 103.172.78.219 port 56776 ssh2
Jun 22 07:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Connection closed by 103.172.78.219 port 56776 [preauth]
Jun 22 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32204]: pam_unix(cron:session): session closed for user root
Jun 22 07:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Invalid user debian from 38.55.97.143
Jun 22 07:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: input_userauth_request: invalid user debian [preauth]
Jun 22 07:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Failed password for invalid user debian from 38.55.97.143 port 46916 ssh2
Jun 22 07:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Connection closed by 38.55.97.143 port 46916 [preauth]
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1159]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1157]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1161]: pam_unix(cron:session): session closed for user root
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1231]: Successful su for rubyman by root
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1231]: + ??? root:rubyman
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569601 of user rubyman.
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1231]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569601.
Jun 22 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1158]: pam_unix(cron:session): session closed for user root
Jun 22 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session closed for user root
Jun 22 07:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1157]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32606]: pam_unix(cron:session): session closed for user root
Jun 22 07:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Failed password for root from 38.93.206.2 port 38098 ssh2
Jun 22 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Connection closed by 38.93.206.2 port 38098 [preauth]
Jun 22 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Failed password for root from 38.55.97.143 port 58470 ssh2
Jun 22 07:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Connection closed by 38.55.97.143 port 58470 [preauth]
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1748]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1815]: Successful su for rubyman by root
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1815]: + ??? root:rubyman
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569604 of user rubyman.
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1815]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569604.
Jun 22 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31227]: pam_unix(cron:session): session closed for user root
Jun 22 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[705]: pam_unix(cron:session): session closed for user root
Jun 22 07:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Invalid user steam from 38.55.97.143
Jun 22 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: input_userauth_request: invalid user steam [preauth]
Jun 22 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 07:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Failed password for invalid user steam from 38.55.97.143 port 44788 ssh2
Jun 22 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 07:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Connection closed by 38.55.97.143 port 44788 [preauth]
Jun 22 07:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: Failed password for root from 193.37.70.224 port 44856 ssh2
Jun 22 07:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: Connection closed by 193.37.70.224 port 44856 [preauth]
Jun 22 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2240]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2303]: Successful su for rubyman by root
Jun 22 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2303]: + ??? root:rubyman
Jun 22 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569608 of user rubyman.
Jun 22 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2303]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569608.
Jun 22 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31778]: pam_unix(cron:session): session closed for user root
Jun 22 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2241]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1160]: pam_unix(cron:session): session closed for user root
Jun 22 07:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Failed password for root from 38.55.97.143 port 58898 ssh2
Jun 22 07:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Connection closed by 38.55.97.143 port 58898 [preauth]
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2664]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2730]: Successful su for rubyman by root
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2730]: + ??? root:rubyman
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569614 of user rubyman.
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2730]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569614.
Jun 22 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32203]: pam_unix(cron:session): session closed for user root
Jun 22 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2665]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1748]: pam_unix(cron:session): session closed for user root
Jun 22 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: Failed password for root from 38.55.97.143 port 43194 ssh2
Jun 22 07:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: Connection closed by 38.55.97.143 port 43194 [preauth]
Jun 22 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3063]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3122]: Successful su for rubyman by root
Jun 22 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3122]: + ??? root:rubyman
Jun 22 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569616 of user rubyman.
Jun 22 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3122]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569616.
Jun 22 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32605]: pam_unix(cron:session): session closed for user root
Jun 22 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3064]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2243]: pam_unix(cron:session): session closed for user root
Jun 22 07:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3372]: Failed password for root from 38.55.97.143 port 53866 ssh2
Jun 22 07:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3372]: Connection closed by 38.55.97.143 port 53866 [preauth]
Jun 22 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3457]: pam_unix(cron:session): session closed for user root
Jun 22 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3452]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: Successful su for rubyman by root
Jun 22 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: + ??? root:rubyman
Jun 22 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569623 of user rubyman.
Jun 22 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569623.
Jun 22 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session closed for user root
Jun 22 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[704]: pam_unix(cron:session): session closed for user root
Jun 22 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Failed password for root from 38.55.97.143 port 36814 ssh2
Jun 22 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session closed for user root
Jun 22 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Connection closed by 38.55.97.143 port 36814 [preauth]
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4155]: Successful su for rubyman by root
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4155]: + ??? root:rubyman
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569626 of user rubyman.
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4155]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569626.
Jun 22 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1159]: pam_unix(cron:session): session closed for user root
Jun 22 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3066]: pam_unix(cron:session): session closed for user root
Jun 22 07:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Failed password for root from 109.237.96.109 port 37864 ssh2
Jun 22 07:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: Failed password for root from 38.55.97.143 port 48438 ssh2
Jun 22 07:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Connection closed by 109.237.96.109 port 37864 [preauth]
Jun 22 07:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: Connection closed by 38.55.97.143 port 48438 [preauth]
Jun 22 07:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: Received disconnect from 192.95.10.202 port 16636:11: disconnected by user [preauth]
Jun 22 07:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: Disconnected from 192.95.10.202 port 16636 [preauth]
Jun 22 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4503]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4570]: Successful su for rubyman by root
Jun 22 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4570]: + ??? root:rubyman
Jun 22 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569631 of user rubyman.
Jun 22 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4570]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569631.
Jun 22 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1747]: pam_unix(cron:session): session closed for user root
Jun 22 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4504]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: Invalid user admin from 2.57.121.25
Jun 22 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: input_userauth_request: invalid user admin [preauth]
Jun 22 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: Failed password for invalid user admin from 2.57.121.25 port 36556 ssh2
Jun 22 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: Failed password for invalid user admin from 2.57.121.25 port 36556 ssh2
Jun 22 07:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: Failed password for invalid user admin from 2.57.121.25 port 36556 ssh2
Jun 22 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: Connection closed by 2.57.121.25 port 36556 [preauth]
Jun 22 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4835]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 07:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: Failed password for root from 38.55.97.143 port 59782 ssh2
Jun 22 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: Connection closed by 38.55.97.143 port 59782 [preauth]
Jun 22 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session closed for user root
Jun 22 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5022]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5080]: Successful su for rubyman by root
Jun 22 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5080]: + ??? root:rubyman
Jun 22 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569636 of user rubyman.
Jun 22 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5080]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569636.
Jun 22 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2242]: pam_unix(cron:session): session closed for user root
Jun 22 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5023]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for root from 194.113.233.25 port 60066 ssh2
Jun 22 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Connection closed by 194.113.233.25 port 60066 [preauth]
Jun 22 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: Failed password for root from 38.55.97.143 port 42352 ssh2
Jun 22 07:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: Connection closed by 38.55.97.143 port 42352 [preauth]
Jun 22 07:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4092]: pam_unix(cron:session): session closed for user root
Jun 22 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5439]: pam_unix(cron:session): session closed for user p13x
Jun 22 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: Successful su for rubyman by root
Jun 22 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: + ??? root:rubyman
Jun 22 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569639 of user rubyman.
Jun 22 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: pam_unix(su:session): session closed for user rubyman
Jun 22 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569639.
Jun 22 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2666]: pam_unix(cron:session): session closed for user root
Jun 22 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session closed for user samftp
Jun 22 07:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 07:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: Failed password for root from 38.55.97.143 port 53020 ssh2
Jun 22 07:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: Connection closed by 38.55.97.143 port 53020 [preauth]
Jun 22 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4506]: pam_unix(cron:session): session closed for user root
Jun 22 07:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 07:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 07:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: Failed password for root from 193.24.211.107 port 38303 ssh2
Jun 22 07:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: Received disconnect from 193.24.211.107 port 38303:11: Client disconnecting normally [preauth]
Jun 22 07:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: Disconnected from 193.24.211.107 port 38303 [preauth]
Jun 22 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5831]: pam_unix(cron:session): session closed for user root
Jun 22 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5837]: pam_unix(cron:session): session closed for user root
Jun 22 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5828]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: Successful su for rubyman by root
Jun 22 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: + ??? root:rubyman
Jun 22 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569646 of user rubyman.
Jun 22 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569646.
Jun 22 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3065]: pam_unix(cron:session): session closed for user root
Jun 22 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5832]: pam_unix(cron:session): session closed for user root
Jun 22 08:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5830]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Invalid user nvidia from 38.55.97.143
Jun 22 08:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: input_userauth_request: invalid user nvidia [preauth]
Jun 22 08:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Failed password for invalid user nvidia from 38.55.97.143 port 36440 ssh2
Jun 22 08:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Connection closed by 38.55.97.143 port 36440 [preauth]
Jun 22 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Failed password for root from 156.38.73.89 port 41402 ssh2
Jun 22 08:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Received disconnect from 156.38.73.89 port 41402:11: Bye Bye [preauth]
Jun 22 08:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Disconnected from 156.38.73.89 port 41402 [preauth]
Jun 22 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5025]: pam_unix(cron:session): session closed for user root
Jun 22 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6316]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6387]: Successful su for rubyman by root
Jun 22 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6387]: + ??? root:rubyman
Jun 22 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569651 of user rubyman.
Jun 22 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6387]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569651.
Jun 22 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session closed for user root
Jun 22 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6317]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Failed password for root from 38.55.97.143 port 47870 ssh2
Jun 22 08:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Connection closed by 38.55.97.143 port 47870 [preauth]
Jun 22 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5442]: pam_unix(cron:session): session closed for user root
Jun 22 08:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 08:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Failed password for root from 103.176.20.57 port 54854 ssh2
Jun 22 08:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Connection closed by 103.176.20.57 port 54854 [preauth]
Jun 22 08:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Invalid user admin from 38.55.97.143
Jun 22 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: input_userauth_request: invalid user admin [preauth]
Jun 22 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6729]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6806]: Successful su for rubyman by root
Jun 22 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6806]: + ??? root:rubyman
Jun 22 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569654 of user rubyman.
Jun 22 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6806]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569654.
Jun 22 08:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Failed password for invalid user admin from 38.55.97.143 port 33602 ssh2
Jun 22 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4091]: pam_unix(cron:session): session closed for user root
Jun 22 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Connection closed by 38.55.97.143 port 33602 [preauth]
Jun 22 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6730]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7134]: Connection closed by 45.148.10.121 port 55928 [preauth]
Jun 22 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5834]: pam_unix(cron:session): session closed for user root
Jun 22 08:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Failed password for root from 156.38.73.89 port 42148 ssh2
Jun 22 08:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Received disconnect from 156.38.73.89 port 42148:11: Bye Bye [preauth]
Jun 22 08:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Disconnected from 156.38.73.89 port 42148 [preauth]
Jun 22 08:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7244]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7241]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7302]: Successful su for rubyman by root
Jun 22 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7302]: + ??? root:rubyman
Jun 22 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569658 of user rubyman.
Jun 22 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7302]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569658.
Jun 22 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4505]: pam_unix(cron:session): session closed for user root
Jun 22 08:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7242]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: Failed password for root from 38.55.97.143 port 46188 ssh2
Jun 22 08:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: Connection closed by 38.55.97.143 port 46188 [preauth]
Jun 22 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6319]: pam_unix(cron:session): session closed for user root
Jun 22 08:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 08:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7590]: Failed password for root from 62.133.62.83 port 60580 ssh2
Jun 22 08:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7590]: Connection closed by 62.133.62.83 port 60580 [preauth]
Jun 22 08:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Invalid user guy from 141.98.83.240
Jun 22 08:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: input_userauth_request: invalid user guy [preauth]
Jun 22 08:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 08:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Failed password for invalid user guy from 141.98.83.240 port 27886 ssh2
Jun 22 08:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Failed password for invalid user guy from 141.98.83.240 port 27886 ssh2
Jun 22 08:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Failed password for invalid user guy from 141.98.83.240 port 27886 ssh2
Jun 22 08:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Connection closed by 141.98.83.240 port 27886 [preauth]
Jun 22 08:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7743]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7803]: Successful su for rubyman by root
Jun 22 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7803]: + ??? root:rubyman
Jun 22 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569662 of user rubyman.
Jun 22 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7803]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569662.
Jun 22 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5024]: pam_unix(cron:session): session closed for user root
Jun 22 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7744]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Failed password for root from 38.55.97.143 port 58092 ssh2
Jun 22 08:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Connection closed by 38.55.97.143 port 58092 [preauth]
Jun 22 08:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 08:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: Failed password for root from 103.27.238.114 port 44642 ssh2
Jun 22 08:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: Connection closed by 103.27.238.114 port 44642 [preauth]
Jun 22 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6732]: pam_unix(cron:session): session closed for user root
Jun 22 08:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Invalid user server from 156.38.73.89
Jun 22 08:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: input_userauth_request: invalid user server [preauth]
Jun 22 08:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Failed password for invalid user server from 156.38.73.89 port 57800 ssh2
Jun 22 08:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Received disconnect from 156.38.73.89 port 57800:11: Bye Bye [preauth]
Jun 22 08:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Disconnected from 156.38.73.89 port 57800 [preauth]
Jun 22 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8132]: pam_unix(cron:session): session closed for user root
Jun 22 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8202]: Successful su for rubyman by root
Jun 22 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8202]: + ??? root:rubyman
Jun 22 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569668 of user rubyman.
Jun 22 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8202]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569668.
Jun 22 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8129]: pam_unix(cron:session): session closed for user root
Jun 22 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5441]: pam_unix(cron:session): session closed for user root
Jun 22 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8127]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: Invalid user test from 38.55.97.143
Jun 22 08:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: input_userauth_request: invalid user test [preauth]
Jun 22 08:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: Failed password for invalid user test from 38.55.97.143 port 41018 ssh2
Jun 22 08:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: Connection closed by 38.55.97.143 port 41018 [preauth]
Jun 22 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7244]: pam_unix(cron:session): session closed for user root
Jun 22 08:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 08:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: Received disconnect from 179.61.232.245 port 43428:11: disconnected by user [preauth]
Jun 22 08:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: Disconnected from 179.61.232.245 port 43428 [preauth]
Jun 22 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8567]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8632]: Successful su for rubyman by root
Jun 22 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8632]: + ??? root:rubyman
Jun 22 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569672 of user rubyman.
Jun 22 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8632]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569672.
Jun 22 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5833]: pam_unix(cron:session): session closed for user root
Jun 22 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8568]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: Failed password for root from 38.55.97.143 port 52704 ssh2
Jun 22 08:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: Connection closed by 38.55.97.143 port 52704 [preauth]
Jun 22 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7746]: pam_unix(cron:session): session closed for user root
Jun 22 08:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Invalid user manuel from 156.38.73.89
Jun 22 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: input_userauth_request: invalid user manuel [preauth]
Jun 22 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8965]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: Successful su for rubyman by root
Jun 22 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: + ??? root:rubyman
Jun 22 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569675 of user rubyman.
Jun 22 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569675.
Jun 22 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Failed password for invalid user manuel from 156.38.73.89 port 54458 ssh2
Jun 22 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Received disconnect from 156.38.73.89 port 54458:11: Bye Bye [preauth]
Jun 22 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Disconnected from 156.38.73.89 port 54458 [preauth]
Jun 22 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6318]: pam_unix(cron:session): session closed for user root
Jun 22 08:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8966]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Failed password for root from 38.55.97.143 port 37292 ssh2
Jun 22 08:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Connection closed by 38.55.97.143 port 37292 [preauth]
Jun 22 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8131]: pam_unix(cron:session): session closed for user root
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9360]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9419]: Successful su for rubyman by root
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9419]: + ??? root:rubyman
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569680 of user rubyman.
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9419]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569680.
Jun 22 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6731]: pam_unix(cron:session): session closed for user root
Jun 22 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9361]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Invalid user guest from 38.55.97.143
Jun 22 08:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: input_userauth_request: invalid user guest [preauth]
Jun 22 08:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Failed password for invalid user guest from 38.55.97.143 port 48506 ssh2
Jun 22 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Connection closed by 38.55.97.143 port 48506 [preauth]
Jun 22 08:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8570]: pam_unix(cron:session): session closed for user root
Jun 22 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9758]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9893]: Successful su for rubyman by root
Jun 22 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9893]: + ??? root:rubyman
Jun 22 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569683 of user rubyman.
Jun 22 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9893]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569683.
Jun 22 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9756]: pam_unix(cron:session): session closed for user root
Jun 22 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7243]: pam_unix(cron:session): session closed for user root
Jun 22 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9759]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Failed password for root from 38.55.97.143 port 60192 ssh2
Jun 22 08:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: Failed password for root from 156.38.73.89 port 33678 ssh2
Jun 22 08:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: Received disconnect from 156.38.73.89 port 33678:11: Bye Bye [preauth]
Jun 22 08:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: Disconnected from 156.38.73.89 port 33678 [preauth]
Jun 22 08:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Connection closed by 38.55.97.143 port 60192 [preauth]
Jun 22 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8969]: pam_unix(cron:session): session closed for user root
Jun 22 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10516]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10519]: pam_unix(cron:session): session closed for user root
Jun 22 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10514]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10585]: Successful su for rubyman by root
Jun 22 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10585]: + ??? root:rubyman
Jun 22 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569688 of user rubyman.
Jun 22 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10585]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569688.
Jun 22 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10516]: pam_unix(cron:session): session closed for user root
Jun 22 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7745]: pam_unix(cron:session): session closed for user root
Jun 22 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10515]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Invalid user admin from 38.55.97.143
Jun 22 08:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: input_userauth_request: invalid user admin [preauth]
Jun 22 08:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Failed password for invalid user admin from 38.55.97.143 port 43824 ssh2
Jun 22 08:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Connection closed by 38.55.97.143 port 43824 [preauth]
Jun 22 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session closed for user root
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11038]: Successful su for rubyman by root
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11038]: + ??? root:rubyman
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569694 of user rubyman.
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11038]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569694.
Jun 22 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8130]: pam_unix(cron:session): session closed for user root
Jun 22 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10969]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Invalid user msf from 156.38.73.89
Jun 22 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: input_userauth_request: invalid user msf [preauth]
Jun 22 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Failed password for invalid user msf from 156.38.73.89 port 60078 ssh2
Jun 22 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Received disconnect from 156.38.73.89 port 60078:11: Bye Bye [preauth]
Jun 22 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Disconnected from 156.38.73.89 port 60078 [preauth]
Jun 22 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: Failed password for root from 38.55.97.143 port 54684 ssh2
Jun 22 08:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: Connection closed by 38.55.97.143 port 54684 [preauth]
Jun 22 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9761]: pam_unix(cron:session): session closed for user root
Jun 22 08:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Failed password for root from 38.55.97.143 port 40592 ssh2
Jun 22 08:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Connection closed by 38.55.97.143 port 40592 [preauth]
Jun 22 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11400]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11471]: Successful su for rubyman by root
Jun 22 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11471]: + ??? root:rubyman
Jun 22 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569698 of user rubyman.
Jun 22 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11471]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569698.
Jun 22 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8569]: pam_unix(cron:session): session closed for user root
Jun 22 08:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11401]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10518]: pam_unix(cron:session): session closed for user root
Jun 22 08:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Invalid user demo from 38.55.97.143
Jun 22 08:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: input_userauth_request: invalid user demo [preauth]
Jun 22 08:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Failed password for invalid user demo from 38.55.97.143 port 54108 ssh2
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: Successful su for rubyman by root
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: + ??? root:rubyman
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569703 of user rubyman.
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569703.
Jun 22 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Connection closed by 38.55.97.143 port 54108 [preauth]
Jun 22 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8968]: pam_unix(cron:session): session closed for user root
Jun 22 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11836]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: Failed password for root from 156.38.73.89 port 37336 ssh2
Jun 22 08:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: Received disconnect from 156.38.73.89 port 37336:11: Bye Bye [preauth]
Jun 22 08:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: Disconnected from 156.38.73.89 port 37336 [preauth]
Jun 22 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session closed for user root
Jun 22 08:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12377]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: Successful su for rubyman by root
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: + ??? root:rubyman
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569708 of user rubyman.
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569708.
Jun 22 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9362]: pam_unix(cron:session): session closed for user root
Jun 22 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Failed password for root from 38.55.97.143 port 38010 ssh2
Jun 22 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12378]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Connection closed by 38.55.97.143 port 38010 [preauth]
Jun 22 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11404]: pam_unix(cron:session): session closed for user root
Jun 22 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12803]: pam_unix(cron:session): session closed for user root
Jun 22 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12877]: Successful su for rubyman by root
Jun 22 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12877]: + ??? root:rubyman
Jun 22 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569712 of user rubyman.
Jun 22 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12877]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569712.
Jun 22 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for root from 38.55.97.143 port 49608 ssh2
Jun 22 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9760]: pam_unix(cron:session): session closed for user root
Jun 22 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12799]: pam_unix(cron:session): session closed for user root
Jun 22 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Connection closed by 38.55.97.143 port 49608 [preauth]
Jun 22 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12798]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: Failed password for root from 156.38.73.89 port 59530 ssh2
Jun 22 08:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: Received disconnect from 156.38.73.89 port 59530:11: Bye Bye [preauth]
Jun 22 08:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: Disconnected from 156.38.73.89 port 59530 [preauth]
Jun 22 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11838]: pam_unix(cron:session): session closed for user root
Jun 22 08:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Received disconnect from 45.175.123.254 port 61472:11: disconnected by user [preauth]
Jun 22 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Disconnected from 45.175.123.254 port 61472 [preauth]
Jun 22 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13249]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13321]: Successful su for rubyman by root
Jun 22 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13321]: + ??? root:rubyman
Jun 22 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569716 of user rubyman.
Jun 22 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13321]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569716.
Jun 22 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Failed password for root from 38.55.97.143 port 33218 ssh2
Jun 22 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10517]: pam_unix(cron:session): session closed for user root
Jun 22 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Connection closed by 38.55.97.143 port 33218 [preauth]
Jun 22 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13250]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session closed for user root
Jun 22 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 08:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Failed password for root from 103.15.222.183 port 54424 ssh2
Jun 22 08:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Connection closed by 103.15.222.183 port 54424 [preauth]
Jun 22 08:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13651]: pam_unix(cron:session): session closed for user root
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13718]: Successful su for rubyman by root
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13718]: + ??? root:rubyman
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569720 of user rubyman.
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13718]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569720.
Jun 22 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session closed for user root
Jun 22 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13649]: Failed password for root from 38.55.97.143 port 44976 ssh2
Jun 22 08:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13649]: Connection closed by 38.55.97.143 port 44976 [preauth]
Jun 22 08:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Failed password for root from 193.24.211.107 port 56747 ssh2
Jun 22 08:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Received disconnect from 193.24.211.107 port 56747:11: Client disconnecting normally [preauth]
Jun 22 08:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Disconnected from 193.24.211.107 port 56747 [preauth]
Jun 22 08:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Failed password for root from 147.45.199.80 port 60434 ssh2
Jun 22 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Connection closed by 147.45.199.80 port 60434 [preauth]
Jun 22 08:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 08:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13938]: Failed password for root from 37.233.85.71 port 38896 ssh2
Jun 22 08:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13938]: Connection closed by 37.233.85.71 port 38896 [preauth]
Jun 22 08:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12801]: pam_unix(cron:session): session closed for user root
Jun 22 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Failed password for root from 156.38.73.89 port 52624 ssh2
Jun 22 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Received disconnect from 156.38.73.89 port 52624:11: Bye Bye [preauth]
Jun 22 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Disconnected from 156.38.73.89 port 52624 [preauth]
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14071]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14132]: Successful su for rubyman by root
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14132]: + ??? root:rubyman
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569727 of user rubyman.
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14132]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569727.
Jun 22 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11403]: pam_unix(cron:session): session closed for user root
Jun 22 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14072]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: Failed password for root from 38.55.97.143 port 57374 ssh2
Jun 22 08:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: Connection closed by 38.55.97.143 port 57374 [preauth]
Jun 22 08:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: Failed password for root from 80.66.85.226 port 42752 ssh2
Jun 22 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: Connection closed by 80.66.85.226 port 42752 [preauth]
Jun 22 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13252]: pam_unix(cron:session): session closed for user root
Jun 22 08:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 08:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14425]: Failed password for root from 103.122.221.179 port 60016 ssh2
Jun 22 08:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14425]: Connection closed by 103.122.221.179 port 60016 [preauth]
Jun 22 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14525]: Successful su for rubyman by root
Jun 22 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14525]: + ??? root:rubyman
Jun 22 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569730 of user rubyman.
Jun 22 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14525]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569730.
Jun 22 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11837]: pam_unix(cron:session): session closed for user root
Jun 22 08:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Failed password for root from 38.55.97.143 port 42564 ssh2
Jun 22 08:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Connection closed by 38.55.97.143 port 42564 [preauth]
Jun 22 08:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13656]: pam_unix(cron:session): session closed for user root
Jun 22 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: Failed password for root from 156.38.73.89 port 43326 ssh2
Jun 22 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: Received disconnect from 156.38.73.89 port 43326:11: Bye Bye [preauth]
Jun 22 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: Disconnected from 156.38.73.89 port 43326 [preauth]
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14953]: pam_unix(cron:session): session closed for user root
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14947]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15018]: Successful su for rubyman by root
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15018]: + ??? root:rubyman
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569735 of user rubyman.
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15018]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569735.
Jun 22 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14949]: pam_unix(cron:session): session closed for user root
Jun 22 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session closed for user root
Jun 22 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14948]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: Failed password for root from 38.55.97.143 port 54504 ssh2
Jun 22 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: Connection closed by 38.55.97.143 port 54504 [preauth]
Jun 22 08:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14074]: pam_unix(cron:session): session closed for user root
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15375]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: Successful su for rubyman by root
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: + ??? root:rubyman
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569740 of user rubyman.
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569740.
Jun 22 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12800]: pam_unix(cron:session): session closed for user root
Jun 22 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15376]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: Invalid user vpn from 38.55.97.143
Jun 22 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: input_userauth_request: invalid user vpn [preauth]
Jun 22 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session closed for user root
Jun 22 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: Failed password for invalid user vpn from 38.55.97.143 port 38644 ssh2
Jun 22 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: Connection closed by 38.55.97.143 port 38644 [preauth]
Jun 22 08:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: Failed password for root from 156.38.73.89 port 36500 ssh2
Jun 22 08:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: Received disconnect from 156.38.73.89 port 36500:11: Bye Bye [preauth]
Jun 22 08:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: Disconnected from 156.38.73.89 port 36500 [preauth]
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15774]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15830]: Successful su for rubyman by root
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15830]: + ??? root:rubyman
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569743 of user rubyman.
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15830]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569743.
Jun 22 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13251]: pam_unix(cron:session): session closed for user root
Jun 22 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Received disconnect from 176.65.131.188 port 57864:11: disconnected by user [preauth]
Jun 22 08:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Disconnected from 176.65.131.188 port 57864 [preauth]
Jun 22 08:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Failed password for root from 38.55.97.143 port 52464 ssh2
Jun 22 08:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session closed for user root
Jun 22 08:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Connection closed by 38.55.97.143 port 52464 [preauth]
Jun 22 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 08:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: Failed password for root from 103.27.238.116 port 56884 ssh2
Jun 22 08:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: Connection closed by 103.27.238.116 port 56884 [preauth]
Jun 22 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16230]: Successful su for rubyman by root
Jun 22 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16230]: + ??? root:rubyman
Jun 22 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569747 of user rubyman.
Jun 22 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16230]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569747.
Jun 22 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13655]: pam_unix(cron:session): session closed for user root
Jun 22 08:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: Invalid user deploy from 38.55.97.143
Jun 22 08:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: input_userauth_request: invalid user deploy [preauth]
Jun 22 08:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session closed for user root
Jun 22 08:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: Failed password for invalid user deploy from 38.55.97.143 port 36412 ssh2
Jun 22 08:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: Connection closed by 38.55.97.143 port 36412 [preauth]
Jun 22 08:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: Invalid user devuser from 156.38.73.89
Jun 22 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: input_userauth_request: invalid user devuser [preauth]
Jun 22 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: Failed password for invalid user devuser from 156.38.73.89 port 40708 ssh2
Jun 22 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: Received disconnect from 156.38.73.89 port 40708:11: Bye Bye [preauth]
Jun 22 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: Disconnected from 156.38.73.89 port 40708 [preauth]
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16619]: Successful su for rubyman by root
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16619]: + ??? root:rubyman
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569751 of user rubyman.
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16619]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569751.
Jun 22 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14073]: pam_unix(cron:session): session closed for user root
Jun 22 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16561]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: Failed password for root from 38.55.97.143 port 47984 ssh2
Jun 22 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15774]: pam_unix(cron:session): session closed for user root
Jun 22 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: Connection closed by 38.55.97.143 port 47984 [preauth]
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17060]: pam_unix(cron:session): session closed for user root
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17054]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17123]: Successful su for rubyman by root
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17123]: + ??? root:rubyman
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569760 of user rubyman.
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17123]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569760.
Jun 22 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17057]: pam_unix(cron:session): session closed for user root
Jun 22 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14468]: pam_unix(cron:session): session closed for user root
Jun 22 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17056]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: Failed password for root from 38.55.97.143 port 59476 ssh2
Jun 22 08:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: Connection closed by 38.55.97.143 port 59476 [preauth]
Jun 22 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16169]: pam_unix(cron:session): session closed for user root
Jun 22 08:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Failed password for root from 156.38.73.89 port 41934 ssh2
Jun 22 08:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Received disconnect from 156.38.73.89 port 41934:11: Bye Bye [preauth]
Jun 22 08:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Disconnected from 156.38.73.89 port 41934 [preauth]
Jun 22 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17503]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: Successful su for rubyman by root
Jun 22 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: + ??? root:rubyman
Jun 22 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569763 of user rubyman.
Jun 22 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569763.
Jun 22 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session closed for user root
Jun 22 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17504]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Failed password for root from 38.55.97.143 port 42580 ssh2
Jun 22 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Connection closed by 38.55.97.143 port 42580 [preauth]
Jun 22 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16563]: pam_unix(cron:session): session closed for user root
Jun 22 08:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 08:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Failed password for root from 103.82.132.16 port 42100 ssh2
Jun 22 08:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Connection closed by 103.82.132.16 port 42100 [preauth]
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18005]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18075]: Successful su for rubyman by root
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18075]: + ??? root:rubyman
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569766 of user rubyman.
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18075]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569766.
Jun 22 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session closed for user root
Jun 22 08:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: Failed password for root from 38.55.97.143 port 54874 ssh2
Jun 22 08:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: Connection closed by 38.55.97.143 port 54874 [preauth]
Jun 22 08:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17059]: pam_unix(cron:session): session closed for user root
Jun 22 08:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Failed password for root from 156.38.73.89 port 38914 ssh2
Jun 22 08:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Received disconnect from 156.38.73.89 port 38914:11: Bye Bye [preauth]
Jun 22 08:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Disconnected from 156.38.73.89 port 38914 [preauth]
Jun 22 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18516]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18578]: Successful su for rubyman by root
Jun 22 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18578]: + ??? root:rubyman
Jun 22 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569770 of user rubyman.
Jun 22 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18578]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569770.
Jun 22 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15773]: pam_unix(cron:session): session closed for user root
Jun 22 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18517]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17506]: pam_unix(cron:session): session closed for user root
Jun 22 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: Failed password for root from 38.55.97.143 port 37950 ssh2
Jun 22 08:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: Connection closed by 38.55.97.143 port 37950 [preauth]
Jun 22 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18948]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19010]: Successful su for rubyman by root
Jun 22 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19010]: + ??? root:rubyman
Jun 22 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569774 of user rubyman.
Jun 22 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19010]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569774.
Jun 22 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16168]: pam_unix(cron:session): session closed for user root
Jun 22 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18949]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session closed for user root
Jun 22 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Invalid user admin from 38.55.97.143
Jun 22 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: input_userauth_request: invalid user admin [preauth]
Jun 22 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Failed password for invalid user admin from 38.55.97.143 port 49408 ssh2
Jun 22 08:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Connection closed by 38.55.97.143 port 49408 [preauth]
Jun 22 08:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Invalid user discord from 156.38.73.89
Jun 22 08:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: input_userauth_request: invalid user discord [preauth]
Jun 22 08:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Failed password for invalid user discord from 156.38.73.89 port 51466 ssh2
Jun 22 08:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Received disconnect from 156.38.73.89 port 51466:11: Bye Bye [preauth]
Jun 22 08:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19411]: Disconnected from 156.38.73.89 port 51466 [preauth]
Jun 22 08:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 08:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: Failed password for root from 87.251.79.125 port 56308 ssh2
Jun 22 08:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: Connection closed by 87.251.79.125 port 56308 [preauth]
Jun 22 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19448]: pam_unix(cron:session): session closed for user root
Jun 22 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19708]: Successful su for rubyman by root
Jun 22 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19708]: + ??? root:rubyman
Jun 22 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569777 of user rubyman.
Jun 22 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19708]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569777.
Jun 22 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19445]: pam_unix(cron:session): session closed for user root
Jun 22 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session closed for user root
Jun 22 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19441]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Connection closed by 194.59.206.2 port 50186 [preauth]
Jun 22 08:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session closed for user root
Jun 22 08:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: Invalid user alan from 38.55.97.143
Jun 22 08:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: input_userauth_request: invalid user alan [preauth]
Jun 22 08:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: Failed password for invalid user alan from 38.55.97.143 port 32900 ssh2
Jun 22 08:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: Connection closed by 38.55.97.143 port 32900 [preauth]
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20081]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20241]: Successful su for rubyman by root
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20241]: + ??? root:rubyman
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569783 of user rubyman.
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20241]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569783.
Jun 22 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session closed for user root
Jun 22 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20082]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: Received disconnect from 172.110.221.82 port 60862:11: disconnected by user [preauth]
Jun 22 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: Disconnected from 172.110.221.82 port 60862 [preauth]
Jun 22 08:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18951]: pam_unix(cron:session): session closed for user root
Jun 22 08:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: Invalid user admin from 38.55.97.143
Jun 22 08:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: input_userauth_request: invalid user admin [preauth]
Jun 22 08:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: Failed password for invalid user admin from 38.55.97.143 port 44266 ssh2
Jun 22 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20514]: Connection closed by 38.55.97.143 port 44266 [preauth]
Jun 22 08:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Invalid user sal from 156.38.73.89
Jun 22 08:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: input_userauth_request: invalid user sal [preauth]
Jun 22 08:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Failed password for invalid user sal from 156.38.73.89 port 41824 ssh2
Jun 22 08:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Received disconnect from 156.38.73.89 port 41824:11: Bye Bye [preauth]
Jun 22 08:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Disconnected from 156.38.73.89 port 41824 [preauth]
Jun 22 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20602]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: Successful su for rubyman by root
Jun 22 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: + ??? root:rubyman
Jun 22 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569787 of user rubyman.
Jun 22 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569787.
Jun 22 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17505]: pam_unix(cron:session): session closed for user root
Jun 22 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20603]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 22 08:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Failed password for root from 45.148.10.121 port 39264 ssh2
Jun 22 08:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Connection closed by 45.148.10.121 port 39264 [preauth]
Jun 22 08:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Failed password for root from 38.55.97.143 port 57184 ssh2
Jun 22 08:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Connection closed by 38.55.97.143 port 57184 [preauth]
Jun 22 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19447]: pam_unix(cron:session): session closed for user root
Jun 22 08:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 08:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: Failed password for root from 38.93.206.2 port 52818 ssh2
Jun 22 08:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: Connection closed by 38.93.206.2 port 52818 [preauth]
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21101]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21170]: Successful su for rubyman by root
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21170]: + ??? root:rubyman
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569791 of user rubyman.
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21170]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569791.
Jun 22 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18008]: pam_unix(cron:session): session closed for user root
Jun 22 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21102]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: Failed password for root from 38.55.97.143 port 41342 ssh2
Jun 22 08:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: Connection closed by 38.55.97.143 port 41342 [preauth]
Jun 22 08:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 08:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Received disconnect from 190.8.175.28 port 43022:11: disconnected by user [preauth]
Jun 22 08:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Disconnected from 190.8.175.28 port 43022 [preauth]
Jun 22 08:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session closed for user root
Jun 22 08:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: Failed password for root from 156.38.73.89 port 53406 ssh2
Jun 22 08:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: Received disconnect from 156.38.73.89 port 53406:11: Bye Bye [preauth]
Jun 22 08:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: Disconnected from 156.38.73.89 port 53406 [preauth]
Jun 22 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21518]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21593]: Successful su for rubyman by root
Jun 22 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21593]: + ??? root:rubyman
Jun 22 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569796 of user rubyman.
Jun 22 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21593]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569796.
Jun 22 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session closed for user root
Jun 22 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: Invalid user ubnt from 193.46.255.86
Jun 22 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: input_userauth_request: invalid user ubnt [preauth]
Jun 22 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 08:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: Failed password for invalid user ubnt from 193.46.255.86 port 8534 ssh2
Jun 22 08:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: Failed password for invalid user ubnt from 193.46.255.86 port 8534 ssh2
Jun 22 08:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: Failed password for invalid user ubnt from 193.46.255.86 port 8534 ssh2
Jun 22 08:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: Connection closed by 193.46.255.86 port 8534 [preauth]
Jun 22 08:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 08:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 08:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Failed password for root from 193.24.211.107 port 1128 ssh2
Jun 22 08:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Received disconnect from 193.24.211.107 port 1128:11: Client disconnecting normally [preauth]
Jun 22 08:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Disconnected from 193.24.211.107 port 1128 [preauth]
Jun 22 08:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21836]: Failed password for root from 38.55.97.143 port 52844 ssh2
Jun 22 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21836]: Connection closed by 38.55.97.143 port 52844 [preauth]
Jun 22 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20609]: pam_unix(cron:session): session closed for user root
Jun 22 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21958]: pam_unix(cron:session): session closed for user root
Jun 22 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21953]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22024]: Successful su for rubyman by root
Jun 22 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22024]: + ??? root:rubyman
Jun 22 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569800 of user rubyman.
Jun 22 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22024]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569800.
Jun 22 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18950]: pam_unix(cron:session): session closed for user root
Jun 22 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21955]: pam_unix(cron:session): session closed for user root
Jun 22 08:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21954]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 08:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Failed password for root from 51.250.105.222 port 53714 ssh2
Jun 22 08:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Connection closed by 51.250.105.222 port 53714 [preauth]
Jun 22 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: Invalid user username from 38.55.97.143
Jun 22 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: input_userauth_request: invalid user username [preauth]
Jun 22 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session closed for user root
Jun 22 08:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: Failed password for invalid user username from 38.55.97.143 port 36740 ssh2
Jun 22 08:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: Connection closed by 38.55.97.143 port 36740 [preauth]
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: Successful su for rubyman by root
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: + ??? root:rubyman
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569805 of user rubyman.
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569805.
Jun 22 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19446]: pam_unix(cron:session): session closed for user root
Jun 22 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22474]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: Failed password for root from 156.38.73.89 port 44464 ssh2
Jun 22 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: Received disconnect from 156.38.73.89 port 44464:11: Bye Bye [preauth]
Jun 22 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: Disconnected from 156.38.73.89 port 44464 [preauth]
Jun 22 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22767]: Failed password for root from 38.55.97.143 port 48160 ssh2
Jun 22 08:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22767]: Connection closed by 38.55.97.143 port 48160 [preauth]
Jun 22 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21524]: pam_unix(cron:session): session closed for user root
Jun 22 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22957]: Successful su for rubyman by root
Jun 22 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22957]: + ??? root:rubyman
Jun 22 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569809 of user rubyman.
Jun 22 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22957]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569809.
Jun 22 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20083]: pam_unix(cron:session): session closed for user root
Jun 22 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21957]: pam_unix(cron:session): session closed for user root
Jun 22 08:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Failed password for root from 38.55.97.143 port 58896 ssh2
Jun 22 08:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Connection closed by 38.55.97.143 port 58896 [preauth]
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23368]: Successful su for rubyman by root
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23368]: + ??? root:rubyman
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569814 of user rubyman.
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23368]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569814.
Jun 22 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session closed for user root
Jun 22 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23296]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: Invalid user ospite from 156.38.73.89
Jun 22 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: input_userauth_request: invalid user ospite [preauth]
Jun 22 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: Failed password for invalid user ospite from 156.38.73.89 port 51170 ssh2
Jun 22 08:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: Received disconnect from 156.38.73.89 port 51170:11: Bye Bye [preauth]
Jun 22 08:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: Disconnected from 156.38.73.89 port 51170 [preauth]
Jun 22 08:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Invalid user reuben from 141.98.83.240
Jun 22 08:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: input_userauth_request: invalid user reuben [preauth]
Jun 22 08:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 08:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Failed password for invalid user reuben from 141.98.83.240 port 63848 ssh2
Jun 22 08:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Failed password for invalid user reuben from 141.98.83.240 port 63848 ssh2
Jun 22 08:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Failed password for invalid user reuben from 141.98.83.240 port 63848 ssh2
Jun 22 08:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Connection closed by 141.98.83.240 port 63848 [preauth]
Jun 22 08:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 08:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22476]: pam_unix(cron:session): session closed for user root
Jun 22 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: Failed password for root from 38.55.97.143 port 42108 ssh2
Jun 22 08:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: Connection closed by 38.55.97.143 port 42108 [preauth]
Jun 22 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23722]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23942]: Successful su for rubyman by root
Jun 22 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23942]: + ??? root:rubyman
Jun 22 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569818 of user rubyman.
Jun 22 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23942]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569818.
Jun 22 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23720]: pam_unix(cron:session): session closed for user root
Jun 22 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21103]: pam_unix(cron:session): session closed for user root
Jun 22 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23724]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Failed password for root from 38.55.97.143 port 52550 ssh2
Jun 22 08:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Connection closed by 38.55.97.143 port 52550 [preauth]
Jun 22 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session closed for user root
Jun 22 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session closed for user root
Jun 22 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24347]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24412]: Successful su for rubyman by root
Jun 22 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24412]: + ??? root:rubyman
Jun 22 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569824 of user rubyman.
Jun 22 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24412]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569824.
Jun 22 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24349]: pam_unix(cron:session): session closed for user root
Jun 22 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21523]: pam_unix(cron:session): session closed for user root
Jun 22 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: Invalid user pc from 156.38.73.89
Jun 22 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: input_userauth_request: invalid user pc [preauth]
Jun 22 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: Failed password for invalid user pc from 156.38.73.89 port 43586 ssh2
Jun 22 08:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: Received disconnect from 156.38.73.89 port 43586:11: Bye Bye [preauth]
Jun 22 08:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24664]: Disconnected from 156.38.73.89 port 43586 [preauth]
Jun 22 08:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24678]: Invalid user rema from 38.55.97.143
Jun 22 08:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24678]: input_userauth_request: invalid user rema [preauth]
Jun 22 08:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24678]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24678]: Failed password for invalid user rema from 38.55.97.143 port 35386 ssh2
Jun 22 08:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24678]: Connection closed by 38.55.97.143 port 35386 [preauth]
Jun 22 08:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23298]: pam_unix(cron:session): session closed for user root
Jun 22 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24869]: Successful su for rubyman by root
Jun 22 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24869]: + ??? root:rubyman
Jun 22 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569828 of user rubyman.
Jun 22 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24869]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569828.
Jun 22 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21956]: pam_unix(cron:session): session closed for user root
Jun 22 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24806]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Failed password for root from 38.55.97.143 port 46454 ssh2
Jun 22 08:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Connection closed by 38.55.97.143 port 46454 [preauth]
Jun 22 08:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23726]: pam_unix(cron:session): session closed for user root
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25210]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25267]: Successful su for rubyman by root
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25267]: + ??? root:rubyman
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569832 of user rubyman.
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25267]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569832.
Jun 22 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22475]: pam_unix(cron:session): session closed for user root
Jun 22 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25211]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: Failed password for root from 38.55.97.143 port 59610 ssh2
Jun 22 08:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: Connection closed by 38.55.97.143 port 59610 [preauth]
Jun 22 08:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25509]: Invalid user postgres from 156.38.73.89
Jun 22 08:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25509]: input_userauth_request: invalid user postgres [preauth]
Jun 22 08:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25509]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25509]: Failed password for invalid user postgres from 156.38.73.89 port 43580 ssh2
Jun 22 08:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25509]: Received disconnect from 156.38.73.89 port 43580:11: Bye Bye [preauth]
Jun 22 08:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25509]: Disconnected from 156.38.73.89 port 43580 [preauth]
Jun 22 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session closed for user root
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25655]: Successful su for rubyman by root
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25655]: + ??? root:rubyman
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569836 of user rubyman.
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25655]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569836.
Jun 22 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session closed for user root
Jun 22 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25866]: Invalid user test from 38.55.97.143
Jun 22 08:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25866]: input_userauth_request: invalid user test [preauth]
Jun 22 08:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25866]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25866]: Failed password for invalid user test from 38.55.97.143 port 45724 ssh2
Jun 22 08:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25866]: Connection closed by 38.55.97.143 port 45724 [preauth]
Jun 22 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session closed for user root
Jun 22 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25991]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26049]: Successful su for rubyman by root
Jun 22 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26049]: + ??? root:rubyman
Jun 22 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569840 of user rubyman.
Jun 22 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26049]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569840.
Jun 22 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23297]: pam_unix(cron:session): session closed for user root
Jun 22 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25992]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: Invalid user odroid from 38.55.97.143
Jun 22 08:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: input_userauth_request: invalid user odroid [preauth]
Jun 22 08:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: Failed password for invalid user odroid from 38.55.97.143 port 57652 ssh2
Jun 22 08:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: Connection closed by 38.55.97.143 port 57652 [preauth]
Jun 22 08:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89  user=root
Jun 22 08:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Failed password for root from 156.38.73.89 port 42552 ssh2
Jun 22 08:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Received disconnect from 156.38.73.89 port 42552:11: Bye Bye [preauth]
Jun 22 08:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Disconnected from 156.38.73.89 port 42552 [preauth]
Jun 22 08:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25213]: pam_unix(cron:session): session closed for user root
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session closed for user root
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26386]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: Successful su for rubyman by root
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: + ??? root:rubyman
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569848 of user rubyman.
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569848.
Jun 22 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26388]: pam_unix(cron:session): session closed for user root
Jun 22 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session closed for user root
Jun 22 08:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26387]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Invalid user ftpuser from 38.55.97.143
Jun 22 08:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 08:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Failed password for invalid user ftpuser from 38.55.97.143 port 39882 ssh2
Jun 22 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Connection closed by 38.55.97.143 port 39882 [preauth]
Jun 22 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session closed for user root
Jun 22 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26894]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26964]: Successful su for rubyman by root
Jun 22 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26964]: + ??? root:rubyman
Jun 22 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569850 of user rubyman.
Jun 22 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26964]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569850.
Jun 22 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session closed for user root
Jun 22 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: Failed password for root from 38.55.97.143 port 51492 ssh2
Jun 22 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Invalid user ivana from 156.38.73.89
Jun 22 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: input_userauth_request: invalid user ivana [preauth]
Jun 22 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: Connection closed by 38.55.97.143 port 51492 [preauth]
Jun 22 08:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Failed password for invalid user ivana from 156.38.73.89 port 49298 ssh2
Jun 22 08:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Received disconnect from 156.38.73.89 port 49298:11: Bye Bye [preauth]
Jun 22 08:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Disconnected from 156.38.73.89 port 49298 [preauth]
Jun 22 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session closed for user root
Jun 22 08:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Connection closed by 218.208.8.107 port 62191 [preauth]
Jun 22 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27329]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27395]: Successful su for rubyman by root
Jun 22 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27395]: + ??? root:rubyman
Jun 22 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569855 of user rubyman.
Jun 22 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27395]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569855.
Jun 22 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session closed for user root
Jun 22 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 08:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: Invalid user ftpuser from 38.55.97.143
Jun 22 08:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 08:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: Failed password for root from 77.94.47.83 port 47882 ssh2
Jun 22 08:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: Connection closed by 77.94.47.83 port 47882 [preauth]
Jun 22 08:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: Failed password for invalid user ftpuser from 38.55.97.143 port 34294 ssh2
Jun 22 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: Connection closed by 38.55.97.143 port 34294 [preauth]
Jun 22 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26390]: pam_unix(cron:session): session closed for user root
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27799]: Successful su for rubyman by root
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27799]: + ??? root:rubyman
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569860 of user rubyman.
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27799]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569860.
Jun 22 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25212]: pam_unix(cron:session): session closed for user root
Jun 22 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27740]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Failed password for root from 38.55.97.143 port 45468 ssh2
Jun 22 08:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Connection closed by 38.55.97.143 port 45468 [preauth]
Jun 22 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26897]: pam_unix(cron:session): session closed for user root
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28262]: Successful su for rubyman by root
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28262]: + ??? root:rubyman
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569863 of user rubyman.
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28262]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569863.
Jun 22 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session closed for user root
Jun 22 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: Invalid user ll from 156.38.73.89
Jun 22 08:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: input_userauth_request: invalid user ll [preauth]
Jun 22 08:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: Failed password for invalid user ll from 156.38.73.89 port 48922 ssh2
Jun 22 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: Received disconnect from 156.38.73.89 port 48922:11: Bye Bye [preauth]
Jun 22 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: Disconnected from 156.38.73.89 port 48922 [preauth]
Jun 22 08:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: Failed password for root from 38.55.97.143 port 57700 ssh2
Jun 22 08:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: Connection closed by 38.55.97.143 port 57700 [preauth]
Jun 22 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27333]: pam_unix(cron:session): session closed for user root
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28688]: pam_unix(cron:session): session closed for user root
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28683]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28765]: Successful su for rubyman by root
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28765]: + ??? root:rubyman
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569868 of user rubyman.
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28765]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569868.
Jun 22 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28685]: pam_unix(cron:session): session closed for user root
Jun 22 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25993]: pam_unix(cron:session): session closed for user root
Jun 22 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28684]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.138.26  user=root
Jun 22 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: Failed password for root from 36.88.138.26 port 14256 ssh2
Jun 22 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: Connection closed by 36.88.138.26 port 14256 [preauth]
Jun 22 08:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29047]: Invalid user oracle from 38.55.97.143
Jun 22 08:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29047]: input_userauth_request: invalid user oracle [preauth]
Jun 22 08:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29047]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29047]: Failed password for invalid user oracle from 38.55.97.143 port 40050 ssh2
Jun 22 08:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29047]: Connection closed by 38.55.97.143 port 40050 [preauth]
Jun 22 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session closed for user root
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29151]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29224]: Successful su for rubyman by root
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29224]: + ??? root:rubyman
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569872 of user rubyman.
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29224]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569872.
Jun 22 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26389]: pam_unix(cron:session): session closed for user root
Jun 22 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29152]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Invalid user brynne from 2.57.121.112
Jun 22 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: input_userauth_request: invalid user brynne [preauth]
Jun 22 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Failed password for invalid user brynne from 2.57.121.112 port 40650 ssh2
Jun 22 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Failed password for invalid user brynne from 2.57.121.112 port 40650 ssh2
Jun 22 08:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Failed password for invalid user brynne from 2.57.121.112 port 40650 ssh2
Jun 22 08:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Failed password for invalid user brynne from 2.57.121.112 port 40650 ssh2
Jun 22 08:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Failed password for invalid user brynne from 2.57.121.112 port 40650 ssh2
Jun 22 08:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Connection closed by 2.57.121.112 port 40650 [preauth]
Jun 22 08:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 08:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 22 08:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Failed password for root from 38.55.97.143 port 51082 ssh2
Jun 22 08:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Connection closed by 38.55.97.143 port 51082 [preauth]
Jun 22 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28203]: pam_unix(cron:session): session closed for user root
Jun 22 08:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Invalid user user1 from 156.38.73.89
Jun 22 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: input_userauth_request: invalid user user1 [preauth]
Jun 22 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 08:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Failed password for invalid user user1 from 156.38.73.89 port 59452 ssh2
Jun 22 08:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Received disconnect from 156.38.73.89 port 59452:11: Bye Bye [preauth]
Jun 22 08:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Disconnected from 156.38.73.89 port 59452 [preauth]
Jun 22 08:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Failed password for root from 193.24.211.107 port 8725 ssh2
Jun 22 08:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Received disconnect from 193.24.211.107 port 8725:11: Client disconnecting normally [preauth]
Jun 22 08:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Disconnected from 193.24.211.107 port 8725 [preauth]
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29675]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29674]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29673]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29672]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29672]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: Successful su for rubyman by root
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: + ??? root:rubyman
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569877 of user rubyman.
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569877.
Jun 22 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26896]: pam_unix(cron:session): session closed for user root
Jun 22 08:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29673]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: Failed password for root from 38.55.97.143 port 34508 ssh2
Jun 22 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: Connection closed by 38.55.97.143 port 34508 [preauth]
Jun 22 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28687]: pam_unix(cron:session): session closed for user root
Jun 22 08:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: Received disconnect from 158.69.227.40 port 49458:11: disconnected by user [preauth]
Jun 22 08:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: Disconnected from 158.69.227.40 port 49458 [preauth]
Jun 22 08:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30118]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30193]: Successful su for rubyman by root
Jun 22 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30193]: + ??? root:rubyman
Jun 22 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569881 of user rubyman.
Jun 22 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30193]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569881.
Jun 22 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27331]: pam_unix(cron:session): session closed for user root
Jun 22 08:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30119]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30438]: Invalid user aaa from 38.55.97.143
Jun 22 08:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30438]: input_userauth_request: invalid user aaa [preauth]
Jun 22 08:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30438]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30438]: Failed password for invalid user aaa from 38.55.97.143 port 54652 ssh2
Jun 22 08:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30438]: Connection closed by 38.55.97.143 port 54652 [preauth]
Jun 22 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session closed for user root
Jun 22 08:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30511]: Invalid user frappe from 156.38.73.89
Jun 22 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30511]: input_userauth_request: invalid user frappe [preauth]
Jun 22 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30511]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30511]: Failed password for invalid user frappe from 156.38.73.89 port 58116 ssh2
Jun 22 08:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30511]: Received disconnect from 156.38.73.89 port 58116:11: Bye Bye [preauth]
Jun 22 08:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30511]: Disconnected from 156.38.73.89 port 58116 [preauth]
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30608]: Successful su for rubyman by root
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30608]: + ??? root:rubyman
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569885 of user rubyman.
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30608]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569885.
Jun 22 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27741]: pam_unix(cron:session): session closed for user root
Jun 22 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30832]: Invalid user debian from 38.55.97.143
Jun 22 08:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30832]: input_userauth_request: invalid user debian [preauth]
Jun 22 08:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30832]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30832]: Failed password for invalid user debian from 38.55.97.143 port 37880 ssh2
Jun 22 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30832]: Connection closed by 38.55.97.143 port 37880 [preauth]
Jun 22 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Received disconnect from 178.32.156.208 port 44498:11: disconnected by user [preauth]
Jun 22 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Disconnected from 178.32.156.208 port 44498 [preauth]
Jun 22 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29675]: pam_unix(cron:session): session closed for user root
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31060]: pam_unix(cron:session): session closed for user root
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31125]: Successful su for rubyman by root
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31125]: + ??? root:rubyman
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569888 of user rubyman.
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31125]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569888.
Jun 22 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31057]: pam_unix(cron:session): session closed for user root
Jun 22 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28202]: pam_unix(cron:session): session closed for user root
Jun 22 08:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31055]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: Invalid user user from 38.55.97.143
Jun 22 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: input_userauth_request: invalid user user [preauth]
Jun 22 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: Failed password for invalid user user from 38.55.97.143 port 50082 ssh2
Jun 22 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: Connection closed by 38.55.97.143 port 50082 [preauth]
Jun 22 08:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30122]: pam_unix(cron:session): session closed for user root
Jun 22 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 08:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31457]: Failed password for root from 103.149.28.157 port 51746 ssh2
Jun 22 08:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31457]: Connection closed by 103.149.28.157 port 51746 [preauth]
Jun 22 08:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: Invalid user shiv from 156.38.73.89
Jun 22 08:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: input_userauth_request: invalid user shiv [preauth]
Jun 22 08:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: Failed password for invalid user shiv from 156.38.73.89 port 58634 ssh2
Jun 22 08:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: Received disconnect from 156.38.73.89 port 58634:11: Bye Bye [preauth]
Jun 22 08:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31467]: Disconnected from 156.38.73.89 port 58634 [preauth]
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31490]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31654]: Successful su for rubyman by root
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31654]: + ??? root:rubyman
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569896 of user rubyman.
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31654]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569896.
Jun 22 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28686]: pam_unix(cron:session): session closed for user root
Jun 22 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30538]: pam_unix(cron:session): session closed for user root
Jun 22 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Failed password for root from 38.55.97.143 port 33200 ssh2
Jun 22 08:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Connection closed by 38.55.97.143 port 33200 [preauth]
Jun 22 08:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 22 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31992]: Failed password for root from 94.159.110.201 port 40754 ssh2
Jun 22 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31992]: Connection closed by 94.159.110.201 port 40754 [preauth]
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32003]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32073]: Successful su for rubyman by root
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32073]: + ??? root:rubyman
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569900 of user rubyman.
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32073]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569900.
Jun 22 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29153]: pam_unix(cron:session): session closed for user root
Jun 22 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32005]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 08:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: Failed password for root from 103.153.68.219 port 43974 ssh2
Jun 22 08:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: Connection closed by 103.153.68.219 port 43974 [preauth]
Jun 22 08:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Invalid user vagrant from 38.55.97.143
Jun 22 08:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: input_userauth_request: invalid user vagrant [preauth]
Jun 22 08:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31059]: pam_unix(cron:session): session closed for user root
Jun 22 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Failed password for invalid user vagrant from 38.55.97.143 port 44066 ssh2
Jun 22 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: Received disconnect from 198.23.249.85 port 53082:11: disconnected by user [preauth]
Jun 22 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: Disconnected from 198.23.249.85 port 53082 [preauth]
Jun 22 08:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Connection closed by 38.55.97.143 port 44066 [preauth]
Jun 22 08:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Invalid user mssql from 156.38.73.89
Jun 22 08:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: input_userauth_request: invalid user mssql [preauth]
Jun 22 08:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Failed password for invalid user mssql from 156.38.73.89 port 47862 ssh2
Jun 22 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Received disconnect from 156.38.73.89 port 47862:11: Bye Bye [preauth]
Jun 22 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Disconnected from 156.38.73.89 port 47862 [preauth]
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32412]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: Successful su for rubyman by root
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: + ??? root:rubyman
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569903 of user rubyman.
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569903.
Jun 22 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29674]: pam_unix(cron:session): session closed for user root
Jun 22 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32413]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 08:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: message repeated 2 times: [ userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]]
Jun 22 08:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: Received disconnect from 185.134.49.116 port 34780:11: disconnected by user [preauth]
Jun 22 08:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: Disconnected from 185.134.49.116 port 34780 [preauth]
Jun 22 08:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session closed for user root
Jun 22 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Failed password for root from 38.55.97.143 port 55204 ssh2
Jun 22 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Connection closed by 38.55.97.143 port 55204 [preauth]
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[376]: pam_unix(cron:session): session closed for user p13x
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: Successful su for rubyman by root
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: + ??? root:rubyman
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569906 of user rubyman.
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: pam_unix(su:session): session closed for user rubyman
Jun 22 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569906.
Jun 22 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30120]: pam_unix(cron:session): session closed for user root
Jun 22 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[377]: pam_unix(cron:session): session closed for user samftp
Jun 22 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32008]: pam_unix(cron:session): session closed for user root
Jun 22 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 08:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Failed password for root from 38.55.97.143 port 37388 ssh2
Jun 22 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Connection closed by 38.55.97.143 port 37388 [preauth]
Jun 22 08:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: Invalid user brian from 156.38.73.89
Jun 22 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: input_userauth_request: invalid user brian [preauth]
Jun 22 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.73.89
Jun 22 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: Failed password for invalid user brian from 156.38.73.89 port 45748 ssh2
Jun 22 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: Received disconnect from 156.38.73.89 port 45748:11: Bye Bye [preauth]
Jun 22 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: Disconnected from 156.38.73.89 port 45748 [preauth]
Jun 22 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[944]: pam_unix(cron:session): session closed for user root
Jun 22 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[940]: pam_unix(cron:session): session closed for user root
Jun 22 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[938]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1041]: Successful su for rubyman by root
Jun 22 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1041]: + ??? root:rubyman
Jun 22 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569910 of user rubyman.
Jun 22 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1041]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569910.
Jun 22 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[941]: pam_unix(cron:session): session closed for user root
Jun 22 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30537]: pam_unix(cron:session): session closed for user root
Jun 22 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[939]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32415]: pam_unix(cron:session): session closed for user root
Jun 22 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: Failed password for root from 38.55.97.143 port 48402 ssh2
Jun 22 09:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: Connection closed by 38.55.97.143 port 48402 [preauth]
Jun 22 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1610]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1689]: Successful su for rubyman by root
Jun 22 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1689]: + ??? root:rubyman
Jun 22 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569917 of user rubyman.
Jun 22 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1689]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569917.
Jun 22 09:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31058]: pam_unix(cron:session): session closed for user root
Jun 22 09:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[379]: pam_unix(cron:session): session closed for user root
Jun 22 09:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Failed password for root from 38.55.97.143 port 58780 ssh2
Jun 22 09:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Connection closed by 38.55.97.143 port 58780 [preauth]
Jun 22 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2099]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2178]: Successful su for rubyman by root
Jun 22 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2178]: + ??? root:rubyman
Jun 22 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569922 of user rubyman.
Jun 22 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2178]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569922.
Jun 22 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session closed for user root
Jun 22 09:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2100]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Invalid user test from 38.55.97.143
Jun 22 09:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: input_userauth_request: invalid user test [preauth]
Jun 22 09:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Failed password for invalid user test from 38.55.97.143 port 41808 ssh2
Jun 22 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[943]: pam_unix(cron:session): session closed for user root
Jun 22 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Connection closed by 38.55.97.143 port 41808 [preauth]
Jun 22 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2533]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2607]: Successful su for rubyman by root
Jun 22 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2607]: + ??? root:rubyman
Jun 22 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569925 of user rubyman.
Jun 22 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2607]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569925.
Jun 22 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32007]: pam_unix(cron:session): session closed for user root
Jun 22 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2534]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: Failed password for root from 38.55.97.143 port 55554 ssh2
Jun 22 09:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1615]: pam_unix(cron:session): session closed for user root
Jun 22 09:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: Connection closed by 38.55.97.143 port 55554 [preauth]
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2943]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3003]: Successful su for rubyman by root
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3003]: + ??? root:rubyman
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569930 of user rubyman.
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3003]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569930.
Jun 22 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32414]: pam_unix(cron:session): session closed for user root
Jun 22 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2944]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3244]: Connection reset by 45.148.10.141 port 33166 [preauth]
Jun 22 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2102]: pam_unix(cron:session): session closed for user root
Jun 22 09:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: Failed password for root from 193.37.70.224 port 33074 ssh2
Jun 22 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: Connection closed by 193.37.70.224 port 33074 [preauth]
Jun 22 09:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3341]: pam_unix(cron:session): session closed for user root
Jun 22 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: Successful su for rubyman by root
Jun 22 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: + ??? root:rubyman
Jun 22 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569934 of user rubyman.
Jun 22 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569934.
Jun 22 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: Invalid user admin from 45.148.10.121
Jun 22 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: input_userauth_request: invalid user admin [preauth]
Jun 22 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 22 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[378]: pam_unix(cron:session): session closed for user root
Jun 22 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: Failed password for invalid user admin from 45.148.10.121 port 42134 ssh2
Jun 22 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3338]: pam_unix(cron:session): session closed for user root
Jun 22 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: Connection closed by 45.148.10.121 port 42134 [preauth]
Jun 22 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3337]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: Failed password for root from 38.55.97.143 port 38048 ssh2
Jun 22 09:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: Connection closed by 38.55.97.143 port 38048 [preauth]
Jun 22 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2536]: pam_unix(cron:session): session closed for user root
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3871]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4009]: Successful su for rubyman by root
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4009]: + ??? root:rubyman
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569942 of user rubyman.
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4009]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569942.
Jun 22 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[942]: pam_unix(cron:session): session closed for user root
Jun 22 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3872]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: Invalid user debian from 38.55.97.143
Jun 22 09:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: input_userauth_request: invalid user debian [preauth]
Jun 22 09:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: Failed password for invalid user debian from 38.55.97.143 port 48690 ssh2
Jun 22 09:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: Connection closed by 38.55.97.143 port 48690 [preauth]
Jun 22 09:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2946]: pam_unix(cron:session): session closed for user root
Jun 22 09:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4389]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4448]: Successful su for rubyman by root
Jun 22 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4448]: + ??? root:rubyman
Jun 22 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569945 of user rubyman.
Jun 22 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4448]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569945.
Jun 22 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Failed password for root from 103.27.238.120 port 56852 ssh2
Jun 22 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Connection closed by 103.27.238.120 port 56852 [preauth]
Jun 22 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session closed for user root
Jun 22 09:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4390]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 09:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4645]: Failed password for root from 193.24.211.107 port 51404 ssh2
Jun 22 09:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4645]: Received disconnect from 193.24.211.107 port 51404:11: Client disconnecting normally [preauth]
Jun 22 09:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4645]: Disconnected from 193.24.211.107 port 51404 [preauth]
Jun 22 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4647]: Failed password for root from 38.55.97.143 port 59870 ssh2
Jun 22 09:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4647]: Connection closed by 38.55.97.143 port 59870 [preauth]
Jun 22 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session closed for user root
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4970]: Successful su for rubyman by root
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4970]: + ??? root:rubyman
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569947 of user rubyman.
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4970]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569947.
Jun 22 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2101]: pam_unix(cron:session): session closed for user root
Jun 22 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Invalid user admin from 38.55.97.143
Jun 22 09:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: input_userauth_request: invalid user admin [preauth]
Jun 22 09:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Failed password for invalid user admin from 38.55.97.143 port 43332 ssh2
Jun 22 09:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Connection closed by 38.55.97.143 port 43332 [preauth]
Jun 22 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3874]: pam_unix(cron:session): session closed for user root
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5297]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: Successful su for rubyman by root
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: + ??? root:rubyman
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569952 of user rubyman.
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569952.
Jun 22 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session closed for user root
Jun 22 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2535]: pam_unix(cron:session): session closed for user root
Jun 22 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5298]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: Failed password for root from 38.55.97.143 port 53890 ssh2
Jun 22 09:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: Connection closed by 38.55.97.143 port 53890 [preauth]
Jun 22 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4392]: pam_unix(cron:session): session closed for user root
Jun 22 09:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 09:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Failed password for root from 109.237.96.109 port 52108 ssh2
Jun 22 09:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Connection closed by 109.237.96.109 port 52108 [preauth]
Jun 22 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5802]: pam_unix(cron:session): session closed for user root
Jun 22 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5797]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: Successful su for rubyman by root
Jun 22 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: + ??? root:rubyman
Jun 22 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569960 of user rubyman.
Jun 22 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569960.
Jun 22 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2945]: pam_unix(cron:session): session closed for user root
Jun 22 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5799]: pam_unix(cron:session): session closed for user root
Jun 22 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5798]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6106]: Failed password for root from 38.55.97.143 port 36500 ssh2
Jun 22 09:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6106]: Connection closed by 38.55.97.143 port 36500 [preauth]
Jun 22 09:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4875]: pam_unix(cron:session): session closed for user root
Jun 22 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6288]: Successful su for rubyman by root
Jun 22 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6288]: + ??? root:rubyman
Jun 22 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569963 of user rubyman.
Jun 22 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6288]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569963.
Jun 22 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session closed for user root
Jun 22 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6223]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Failed password for root from 38.55.97.143 port 47164 ssh2
Jun 22 09:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Connection closed by 38.55.97.143 port 47164 [preauth]
Jun 22 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5300]: pam_unix(cron:session): session closed for user root
Jun 22 09:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 09:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Failed password for root from 194.113.233.25 port 46504 ssh2
Jun 22 09:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Connection closed by 194.113.233.25 port 46504 [preauth]
Jun 22 09:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Invalid user admin from 2.57.121.25
Jun 22 09:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: input_userauth_request: invalid user admin [preauth]
Jun 22 09:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 09:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Failed password for invalid user admin from 2.57.121.25 port 10504 ssh2
Jun 22 09:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Failed password for invalid user admin from 2.57.121.25 port 10504 ssh2
Jun 22 09:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Failed password for invalid user admin from 2.57.121.25 port 10504 ssh2
Jun 22 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Connection closed by 2.57.121.25 port 10504 [preauth]
Jun 22 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6623]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6684]: Successful su for rubyman by root
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6684]: + ??? root:rubyman
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569966 of user rubyman.
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6684]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569966.
Jun 22 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3873]: pam_unix(cron:session): session closed for user root
Jun 22 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6624]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Failed password for root from 38.55.97.143 port 57288 ssh2
Jun 22 09:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Connection closed by 38.55.97.143 port 57288 [preauth]
Jun 22 09:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session closed for user root
Jun 22 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 22 09:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7058]: Failed password for root from 141.98.83.240 port 64744 ssh2
Jun 22 09:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7058]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 64744 ssh2]
Jun 22 09:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7058]: Connection closed by 141.98.83.240 port 64744 [preauth]
Jun 22 09:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7058]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7126]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7192]: Successful su for rubyman by root
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7192]: + ??? root:rubyman
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569970 of user rubyman.
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7192]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569970.
Jun 22 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4391]: pam_unix(cron:session): session closed for user root
Jun 22 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7127]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Failed password for root from 38.55.97.143 port 41108 ssh2
Jun 22 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Connection closed by 38.55.97.143 port 41108 [preauth]
Jun 22 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6225]: pam_unix(cron:session): session closed for user root
Jun 22 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7534]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7603]: Successful su for rubyman by root
Jun 22 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7603]: + ??? root:rubyman
Jun 22 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569974 of user rubyman.
Jun 22 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7603]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569974.
Jun 22 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4874]: pam_unix(cron:session): session closed for user root
Jun 22 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7535]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6626]: pam_unix(cron:session): session closed for user root
Jun 22 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7929]: Invalid user ansible from 38.55.97.143
Jun 22 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7929]: input_userauth_request: invalid user ansible [preauth]
Jun 22 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7929]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7929]: Failed password for invalid user ansible from 38.55.97.143 port 52438 ssh2
Jun 22 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: Failed password for root from 103.172.78.219 port 52960 ssh2
Jun 22 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: Connection closed by 103.172.78.219 port 52960 [preauth]
Jun 22 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7929]: Connection closed by 38.55.97.143 port 52438 [preauth]
Jun 22 09:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: Received disconnect from 148.153.121.224 port 37850:11: disconnected by user [preauth]
Jun 22 09:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: Disconnected from 148.153.121.224 port 37850 [preauth]
Jun 22 09:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 09:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7974]: Failed password for root from 103.82.20.28 port 59600 ssh2
Jun 22 09:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7974]: Connection closed by 103.82.20.28 port 59600 [preauth]
Jun 22 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8030]: pam_unix(cron:session): session closed for user root
Jun 22 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8093]: Successful su for rubyman by root
Jun 22 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8093]: + ??? root:rubyman
Jun 22 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569979 of user rubyman.
Jun 22 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8093]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569979.
Jun 22 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8027]: pam_unix(cron:session): session closed for user root
Jun 22 09:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5299]: pam_unix(cron:session): session closed for user root
Jun 22 09:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8026]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: Failed password for root from 38.93.206.2 port 24202 ssh2
Jun 22 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: Connection closed by 38.93.206.2 port 24202 [preauth]
Jun 22 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7129]: pam_unix(cron:session): session closed for user root
Jun 22 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Failed password for root from 38.55.97.143 port 35492 ssh2
Jun 22 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Connection closed by 38.55.97.143 port 35492 [preauth]
Jun 22 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8452]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8522]: Successful su for rubyman by root
Jun 22 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8522]: + ??? root:rubyman
Jun 22 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569985 of user rubyman.
Jun 22 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8522]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569985.
Jun 22 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5800]: pam_unix(cron:session): session closed for user root
Jun 22 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8453]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7537]: pam_unix(cron:session): session closed for user root
Jun 22 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Failed password for root from 38.55.97.143 port 47116 ssh2
Jun 22 09:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Connection closed by 38.55.97.143 port 47116 [preauth]
Jun 22 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8853]: pam_unix(cron:session): session closed for user root
Jun 22 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8928]: Successful su for rubyman by root
Jun 22 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8928]: + ??? root:rubyman
Jun 22 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569988 of user rubyman.
Jun 22 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8928]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569988.
Jun 22 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6224]: pam_unix(cron:session): session closed for user root
Jun 22 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 22 09:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: Failed password for root from 147.45.211.215 port 55208 ssh2
Jun 22 09:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: Connection closed by 147.45.211.215 port 55208 [preauth]
Jun 22 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8029]: pam_unix(cron:session): session closed for user root
Jun 22 09:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: Failed password for root from 38.55.97.143 port 58108 ssh2
Jun 22 09:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: Connection closed by 38.55.97.143 port 58108 [preauth]
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9264]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: Successful su for rubyman by root
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: + ??? root:rubyman
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569993 of user rubyman.
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569993.
Jun 22 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6625]: pam_unix(cron:session): session closed for user root
Jun 22 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9266]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8455]: pam_unix(cron:session): session closed for user root
Jun 22 09:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9598]: Failed password for root from 38.55.97.143 port 41064 ssh2
Jun 22 09:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9598]: Connection closed by 38.55.97.143 port 41064 [preauth]
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9650]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9713]: Successful su for rubyman by root
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9713]: + ??? root:rubyman
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 569998 of user rubyman.
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9713]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 569998.
Jun 22 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7128]: pam_unix(cron:session): session closed for user root
Jun 22 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9651]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 09:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: Failed password for root from 62.133.62.83 port 49488 ssh2
Jun 22 09:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: Connection closed by 62.133.62.83 port 49488 [preauth]
Jun 22 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8859]: pam_unix(cron:session): session closed for user root
Jun 22 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Failed password for root from 38.55.97.143 port 52182 ssh2
Jun 22 09:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Connection closed by 38.55.97.143 port 52182 [preauth]
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10319]: pam_unix(cron:session): session closed for user root
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: Successful su for rubyman by root
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: + ??? root:rubyman
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570002 of user rubyman.
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570002.
Jun 22 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session closed for user root
Jun 22 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7536]: pam_unix(cron:session): session closed for user root
Jun 22 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9268]: pam_unix(cron:session): session closed for user root
Jun 22 09:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 09:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Failed password for root from 103.77.242.62 port 48954 ssh2
Jun 22 09:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Connection closed by 103.77.242.62 port 48954 [preauth]
Jun 22 09:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10738]: Invalid user testuser from 38.55.97.143
Jun 22 09:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10738]: input_userauth_request: invalid user testuser [preauth]
Jun 22 09:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10738]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10738]: Failed password for invalid user testuser from 38.55.97.143 port 34982 ssh2
Jun 22 09:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10738]: Connection closed by 38.55.97.143 port 34982 [preauth]
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10840]: Successful su for rubyman by root
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10840]: + ??? root:rubyman
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570007 of user rubyman.
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10840]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570007.
Jun 22 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8028]: pam_unix(cron:session): session closed for user root
Jun 22 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10764]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9653]: pam_unix(cron:session): session closed for user root
Jun 22 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: Failed password for root from 193.24.211.107 port 51832 ssh2
Jun 22 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: Received disconnect from 193.24.211.107 port 51832:11: Client disconnecting normally [preauth]
Jun 22 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: Disconnected from 193.24.211.107 port 51832 [preauth]
Jun 22 09:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Failed password for root from 38.55.97.143 port 46376 ssh2
Jun 22 09:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Connection closed by 38.55.97.143 port 46376 [preauth]
Jun 22 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11260]: Successful su for rubyman by root
Jun 22 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11260]: + ??? root:rubyman
Jun 22 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570012 of user rubyman.
Jun 22 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11260]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570012.
Jun 22 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8454]: pam_unix(cron:session): session closed for user root
Jun 22 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session closed for user root
Jun 22 09:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 09:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11557]: Failed password for root from 103.77.175.15 port 53268 ssh2
Jun 22 09:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11557]: Connection closed by 103.77.175.15 port 53268 [preauth]
Jun 22 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: Failed password for root from 38.55.97.143 port 58090 ssh2
Jun 22 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: Connection closed by 38.55.97.143 port 58090 [preauth]
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11608]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11670]: Successful su for rubyman by root
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11670]: + ??? root:rubyman
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570015 of user rubyman.
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11670]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570015.
Jun 22 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session closed for user root
Jun 22 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11609]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10766]: pam_unix(cron:session): session closed for user root
Jun 22 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Invalid user test1 from 38.55.97.143
Jun 22 09:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: input_userauth_request: invalid user test1 [preauth]
Jun 22 09:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Failed password for invalid user test1 from 38.55.97.143 port 42896 ssh2
Jun 22 09:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Connection closed by 38.55.97.143 port 42896 [preauth]
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12123]: Successful su for rubyman by root
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12123]: + ??? root:rubyman
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570020 of user rubyman.
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12123]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570020.
Jun 22 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9267]: pam_unix(cron:session): session closed for user root
Jun 22 09:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11200]: pam_unix(cron:session): session closed for user root
Jun 22 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12593]: pam_unix(cron:session): session closed for user root
Jun 22 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12661]: Successful su for rubyman by root
Jun 22 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12661]: + ??? root:rubyman
Jun 22 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570027 of user rubyman.
Jun 22 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12661]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570027.
Jun 22 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9652]: pam_unix(cron:session): session closed for user root
Jun 22 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12590]: pam_unix(cron:session): session closed for user root
Jun 22 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12587]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Failed password for root from 38.55.97.143 port 43532 ssh2
Jun 22 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Connection closed by 38.55.97.143 port 43532 [preauth]
Jun 22 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11611]: pam_unix(cron:session): session closed for user root
Jun 22 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 09:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Failed password for root from 103.176.20.57 port 55018 ssh2
Jun 22 09:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Connection closed by 103.176.20.57 port 55018 [preauth]
Jun 22 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13034]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13100]: Successful su for rubyman by root
Jun 22 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13100]: + ??? root:rubyman
Jun 22 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570030 of user rubyman.
Jun 22 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13100]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570030.
Jun 22 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session closed for user root
Jun 22 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13035]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session closed for user root
Jun 22 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13452]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13450]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13510]: Successful su for rubyman by root
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13510]: + ??? root:rubyman
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570034 of user rubyman.
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13510]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570034.
Jun 22 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10765]: pam_unix(cron:session): session closed for user root
Jun 22 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13451]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Failed password for root from 38.55.97.143 port 55968 ssh2
Jun 22 09:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Connection closed by 38.55.97.143 port 55968 [preauth]
Jun 22 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 22 09:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13724]: Failed password for root from 176.32.39.21 port 44286 ssh2
Jun 22 09:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13724]: Connection closed by 176.32.39.21 port 44286 [preauth]
Jun 22 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12592]: pam_unix(cron:session): session closed for user root
Jun 22 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13858]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13925]: Successful su for rubyman by root
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13925]: + ??? root:rubyman
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570038 of user rubyman.
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13925]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570038.
Jun 22 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11198]: pam_unix(cron:session): session closed for user root
Jun 22 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13859]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Invalid user ali from 38.55.97.143
Jun 22 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: input_userauth_request: invalid user ali [preauth]
Jun 22 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Failed password for invalid user ali from 38.55.97.143 port 34946 ssh2
Jun 22 09:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Connection closed by 38.55.97.143 port 34946 [preauth]
Jun 22 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13037]: pam_unix(cron:session): session closed for user root
Jun 22 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14256]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14313]: Successful su for rubyman by root
Jun 22 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14313]: + ??? root:rubyman
Jun 22 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570041 of user rubyman.
Jun 22 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14313]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570041.
Jun 22 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11610]: pam_unix(cron:session): session closed for user root
Jun 22 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14254]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 09:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14502]: Failed password for root from 103.27.238.114 port 55186 ssh2
Jun 22 09:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14502]: Connection closed by 103.27.238.114 port 55186 [preauth]
Jun 22 09:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: Failed password for root from 38.55.97.143 port 41912 ssh2
Jun 22 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: Connection closed by 38.55.97.143 port 41912 [preauth]
Jun 22 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13453]: pam_unix(cron:session): session closed for user root
Jun 22 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session closed for user root
Jun 22 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14675]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14797]: Successful su for rubyman by root
Jun 22 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14797]: + ??? root:rubyman
Jun 22 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570046 of user rubyman.
Jun 22 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14797]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570046.
Jun 22 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14678]: pam_unix(cron:session): session closed for user root
Jun 22 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12067]: pam_unix(cron:session): session closed for user root
Jun 22 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14677]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session closed for user root
Jun 22 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: Connection closed by 194.59.206.2 port 56890 [preauth]
Jun 22 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: Invalid user teste from 38.55.97.143
Jun 22 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: input_userauth_request: invalid user teste [preauth]
Jun 22 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: Failed password for invalid user teste from 38.55.97.143 port 48430 ssh2
Jun 22 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: Connection closed by 38.55.97.143 port 48430 [preauth]
Jun 22 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15231]: Successful su for rubyman by root
Jun 22 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15231]: + ??? root:rubyman
Jun 22 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570051 of user rubyman.
Jun 22 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15231]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570051.
Jun 22 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12591]: pam_unix(cron:session): session closed for user root
Jun 22 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 09:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Failed password for root from 147.45.199.80 port 34786 ssh2
Jun 22 09:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Connection closed by 147.45.199.80 port 34786 [preauth]
Jun 22 09:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 09:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: Failed password for root from 80.66.85.226 port 43588 ssh2
Jun 22 09:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: Connection closed by 80.66.85.226 port 43588 [preauth]
Jun 22 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14256]: pam_unix(cron:session): session closed for user root
Jun 22 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15560]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: Successful su for rubyman by root
Jun 22 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: + ??? root:rubyman
Jun 22 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570056 of user rubyman.
Jun 22 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570056.
Jun 22 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13036]: pam_unix(cron:session): session closed for user root
Jun 22 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15808]: Invalid user admin from 38.55.97.143
Jun 22 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15808]: input_userauth_request: invalid user admin [preauth]
Jun 22 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15808]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15808]: Failed password for invalid user admin from 38.55.97.143 port 35718 ssh2
Jun 22 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15808]: Connection closed by 38.55.97.143 port 35718 [preauth]
Jun 22 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Failed password for root from 37.233.85.71 port 52010 ssh2
Jun 22 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14683]: pam_unix(cron:session): session closed for user root
Jun 22 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Connection closed by 37.233.85.71 port 52010 [preauth]
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16012]: Successful su for rubyman by root
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16012]: + ??? root:rubyman
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570059 of user rubyman.
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16012]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570059.
Jun 22 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13452]: pam_unix(cron:session): session closed for user root
Jun 22 09:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session closed for user root
Jun 22 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Failed password for root from 38.55.97.143 port 42972 ssh2
Jun 22 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Connection closed by 38.55.97.143 port 42972 [preauth]
Jun 22 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16337]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16397]: Successful su for rubyman by root
Jun 22 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16397]: + ??? root:rubyman
Jun 22 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570063 of user rubyman.
Jun 22 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16397]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570063.
Jun 22 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13860]: pam_unix(cron:session): session closed for user root
Jun 22 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16338]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15564]: pam_unix(cron:session): session closed for user root
Jun 22 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session closed for user root
Jun 22 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16732]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16807]: Successful su for rubyman by root
Jun 22 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16807]: + ??? root:rubyman
Jun 22 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570071 of user rubyman.
Jun 22 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16807]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570071.
Jun 22 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14255]: pam_unix(cron:session): session closed for user root
Jun 22 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session closed for user root
Jun 22 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Invalid user user from 38.55.97.143
Jun 22 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: input_userauth_request: invalid user user [preauth]
Jun 22 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Failed password for invalid user user from 38.55.97.143 port 48720 ssh2
Jun 22 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Connection closed by 38.55.97.143 port 48720 [preauth]
Jun 22 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15957]: pam_unix(cron:session): session closed for user root
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17262]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17335]: Successful su for rubyman by root
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17335]: + ??? root:rubyman
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570073 of user rubyman.
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17335]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570073.
Jun 22 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14679]: pam_unix(cron:session): session closed for user root
Jun 22 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17263]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: Failed password for root from 38.55.97.143 port 53100 ssh2
Jun 22 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: Connection closed by 38.55.97.143 port 53100 [preauth]
Jun 22 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 09:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17570]: Failed password for root from 193.24.211.107 port 30588 ssh2
Jun 22 09:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17570]: Received disconnect from 193.24.211.107 port 30588:11: Client disconnecting normally [preauth]
Jun 22 09:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17570]: Disconnected from 193.24.211.107 port 30588 [preauth]
Jun 22 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session closed for user root
Jun 22 09:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.138.26  user=root
Jun 22 09:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: Failed password for root from 36.88.138.26 port 30362 ssh2
Jun 22 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: Connection closed by 36.88.138.26 port 30362 [preauth]
Jun 22 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17766]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17837]: Successful su for rubyman by root
Jun 22 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17837]: + ??? root:rubyman
Jun 22 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570077 of user rubyman.
Jun 22 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17837]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570077.
Jun 22 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session closed for user root
Jun 22 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17767]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: Invalid user pi from 38.55.97.143
Jun 22 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: input_userauth_request: invalid user pi [preauth]
Jun 22 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: Failed password for invalid user pi from 38.55.97.143 port 58060 ssh2
Jun 22 09:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: Connection closed by 38.55.97.143 port 58060 [preauth]
Jun 22 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: Invalid user admin from 45.148.10.121
Jun 22 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: input_userauth_request: invalid user admin [preauth]
Jun 22 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 22 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: Failed password for invalid user admin from 45.148.10.121 port 52234 ssh2
Jun 22 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: Connection closed by 45.148.10.121 port 52234 [preauth]
Jun 22 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session closed for user root
Jun 22 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: Invalid user httpadmin from 38.55.97.143
Jun 22 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: input_userauth_request: invalid user httpadmin [preauth]
Jun 22 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: Failed password for invalid user httpadmin from 38.55.97.143 port 35024 ssh2
Jun 22 09:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: Connection closed by 38.55.97.143 port 35024 [preauth]
Jun 22 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18193]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: Successful su for rubyman by root
Jun 22 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: + ??? root:rubyman
Jun 22 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570083 of user rubyman.
Jun 22 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570083.
Jun 22 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15562]: pam_unix(cron:session): session closed for user root
Jun 22 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18194]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 22 09:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Failed password for root from 193.46.255.86 port 38328 ssh2
Jun 22 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 38328 ssh2]
Jun 22 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Connection closed by 193.46.255.86 port 38328 [preauth]
Jun 22 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 22 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17265]: pam_unix(cron:session): session closed for user root
Jun 22 09:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: Invalid user admin from 38.55.97.143
Jun 22 09:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: input_userauth_request: invalid user admin [preauth]
Jun 22 09:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: Failed password for invalid user admin from 38.55.97.143 port 39824 ssh2
Jun 22 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: Connection closed by 38.55.97.143 port 39824 [preauth]
Jun 22 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18710]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18853]: Successful su for rubyman by root
Jun 22 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18853]: + ??? root:rubyman
Jun 22 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570089 of user rubyman.
Jun 22 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18853]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570089.
Jun 22 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18706]: pam_unix(cron:session): session closed for user root
Jun 22 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session closed for user root
Jun 22 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17770]: pam_unix(cron:session): session closed for user root
Jun 22 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: Failed password for root from 103.15.222.183 port 36668 ssh2
Jun 22 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: Connection closed by 103.15.222.183 port 36668 [preauth]
Jun 22 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Invalid user teamspeak from 38.55.97.143
Jun 22 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Failed password for invalid user teamspeak from 38.55.97.143 port 44224 ssh2
Jun 22 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Connection closed by 38.55.97.143 port 44224 [preauth]
Jun 22 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19318]: pam_unix(cron:session): session closed for user root
Jun 22 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19381]: Successful su for rubyman by root
Jun 22 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19381]: + ??? root:rubyman
Jun 22 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570093 of user rubyman.
Jun 22 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19381]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570093.
Jun 22 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19314]: pam_unix(cron:session): session closed for user root
Jun 22 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16339]: pam_unix(cron:session): session closed for user root
Jun 22 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19313]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18198]: pam_unix(cron:session): session closed for user root
Jun 22 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: Successful su for rubyman by root
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: + ??? root:rubyman
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570096 of user rubyman.
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570096.
Jun 22 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16735]: pam_unix(cron:session): session closed for user root
Jun 22 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19957]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Received disconnect from 208.87.242.161 port 33232:11: disconnected by user [preauth]
Jun 22 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Disconnected from 208.87.242.161 port 33232 [preauth]
Jun 22 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Failed password for root from 38.55.97.143 port 49790 ssh2
Jun 22 09:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Connection closed by 38.55.97.143 port 49790 [preauth]
Jun 22 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session closed for user root
Jun 22 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20470]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20531]: Successful su for rubyman by root
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20531]: + ??? root:rubyman
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570100 of user rubyman.
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20531]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570100.
Jun 22 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17264]: pam_unix(cron:session): session closed for user root
Jun 22 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20471]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: Failed password for root from 38.55.97.143 port 56130 ssh2
Jun 22 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: Connection closed by 38.55.97.143 port 56130 [preauth]
Jun 22 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19317]: pam_unix(cron:session): session closed for user root
Jun 22 09:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: Failed password for root from 38.55.97.143 port 33162 ssh2
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20965]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: Successful su for rubyman by root
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: + ??? root:rubyman
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570105 of user rubyman.
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570105.
Jun 22 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: Connection closed by 38.55.97.143 port 33162 [preauth]
Jun 22 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17769]: pam_unix(cron:session): session closed for user root
Jun 22 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20966]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19959]: pam_unix(cron:session): session closed for user root
Jun 22 09:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 09:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Failed password for root from 103.122.221.179 port 54678 ssh2
Jun 22 09:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Connection closed by 103.122.221.179 port 54678 [preauth]
Jun 22 09:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: Failed password for root from 38.55.97.143 port 38042 ssh2
Jun 22 09:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: Connection closed by 38.55.97.143 port 38042 [preauth]
Jun 22 09:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Failed password for root from 87.251.79.125 port 58546 ssh2
Jun 22 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Connection closed by 87.251.79.125 port 58546 [preauth]
Jun 22 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21379]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21441]: Successful su for rubyman by root
Jun 22 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21441]: + ??? root:rubyman
Jun 22 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570110 of user rubyman.
Jun 22 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21441]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570110.
Jun 22 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18197]: pam_unix(cron:session): session closed for user root
Jun 22 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21380]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20473]: pam_unix(cron:session): session closed for user root
Jun 22 09:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: Failed password for root from 38.55.97.143 port 43276 ssh2
Jun 22 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: Connection closed by 38.55.97.143 port 43276 [preauth]
Jun 22 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21817]: pam_unix(cron:session): session closed for user root
Jun 22 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21812]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21884]: Successful su for rubyman by root
Jun 22 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21884]: + ??? root:rubyman
Jun 22 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570113 of user rubyman.
Jun 22 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21884]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570113.
Jun 22 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21814]: pam_unix(cron:session): session closed for user root
Jun 22 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18712]: pam_unix(cron:session): session closed for user root
Jun 22 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21813]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session closed for user root
Jun 22 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Failed password for root from 38.55.97.143 port 47566 ssh2
Jun 22 09:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Connection closed by 38.55.97.143 port 47566 [preauth]
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22245]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22406]: Successful su for rubyman by root
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22406]: + ??? root:rubyman
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570119 of user rubyman.
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22406]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570119.
Jun 22 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19315]: pam_unix(cron:session): session closed for user root
Jun 22 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Failed password for root from 38.55.97.143 port 49220 ssh2
Jun 22 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Connection closed by 38.55.97.143 port 49220 [preauth]
Jun 22 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session closed for user root
Jun 22 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: Invalid user user from 141.98.83.240
Jun 22 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: input_userauth_request: invalid user user [preauth]
Jun 22 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22745]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22816]: Successful su for rubyman by root
Jun 22 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22816]: + ??? root:rubyman
Jun 22 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570122 of user rubyman.
Jun 22 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22816]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570122.
Jun 22 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: Failed password for invalid user user from 141.98.83.240 port 54622 ssh2
Jun 22 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session closed for user root
Jun 22 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: Failed password for invalid user user from 141.98.83.240 port 54622 ssh2
Jun 22 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22746]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: Failed password for invalid user user from 141.98.83.240 port 54622 ssh2
Jun 22 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: Connection closed by 141.98.83.240 port 54622 [preauth]
Jun 22 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22734]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: Invalid user admin from 38.55.97.143
Jun 22 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: input_userauth_request: invalid user admin [preauth]
Jun 22 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: Failed password for invalid user admin from 38.55.97.143 port 52578 ssh2
Jun 22 09:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: Connection closed by 38.55.97.143 port 52578 [preauth]
Jun 22 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21816]: pam_unix(cron:session): session closed for user root
Jun 22 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 09:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: Failed password for root from 103.27.238.116 port 35688 ssh2
Jun 22 09:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: Connection closed by 103.27.238.116 port 35688 [preauth]
Jun 22 09:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: Invalid user admin from 38.55.97.143
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: input_userauth_request: invalid user admin [preauth]
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23148]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23213]: Successful su for rubyman by root
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23213]: + ??? root:rubyman
Jun 22 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570127 of user rubyman.
Jun 22 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23213]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570127.
Jun 22 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: Failed password for invalid user admin from 38.55.97.143 port 55592 ssh2
Jun 22 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: Connection closed by 38.55.97.143 port 55592 [preauth]
Jun 22 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session closed for user root
Jun 22 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23149]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Received disconnect from 78.111.67.246 port 35596:11: disconnected by user [preauth]
Jun 22 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Disconnected from 78.111.67.246 port 35596 [preauth]
Jun 22 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22248]: pam_unix(cron:session): session closed for user root
Jun 22 09:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Failed password for root from 38.55.97.143 port 58996 ssh2
Jun 22 09:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Connection closed by 38.55.97.143 port 58996 [preauth]
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23571]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23633]: Successful su for rubyman by root
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23633]: + ??? root:rubyman
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570131 of user rubyman.
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23633]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570131.
Jun 22 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session closed for user root
Jun 22 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23572]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Failed password for root from 38.55.97.143 port 34006 ssh2
Jun 22 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Connection closed by 38.55.97.143 port 34006 [preauth]
Jun 22 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22749]: pam_unix(cron:session): session closed for user root
Jun 22 09:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 09:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Failed password for root from 103.82.132.16 port 42542 ssh2
Jun 22 09:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Connection closed by 103.82.132.16 port 42542 [preauth]
Jun 22 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24096]: pam_unix(cron:session): session closed for user root
Jun 22 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24091]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24161]: Successful su for rubyman by root
Jun 22 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24161]: + ??? root:rubyman
Jun 22 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570136 of user rubyman.
Jun 22 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24161]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570136.
Jun 22 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session closed for user root
Jun 22 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21381]: pam_unix(cron:session): session closed for user root
Jun 22 09:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24092]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24393]: Failed password for root from 38.55.97.143 port 36324 ssh2
Jun 22 09:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24393]: Connection closed by 38.55.97.143 port 36324 [preauth]
Jun 22 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session closed for user root
Jun 22 09:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 09:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: Failed password for root from 193.24.211.107 port 52420 ssh2
Jun 22 09:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: Received disconnect from 193.24.211.107 port 52420:11: Client disconnecting normally [preauth]
Jun 22 09:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: Disconnected from 193.24.211.107 port 52420 [preauth]
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24553]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24625]: Successful su for rubyman by root
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24625]: + ??? root:rubyman
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570141 of user rubyman.
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24625]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570141.
Jun 22 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21815]: pam_unix(cron:session): session closed for user root
Jun 22 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24554]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: Failed password for root from 38.55.97.143 port 39488 ssh2
Jun 22 09:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24540]: Connection closed by 38.55.97.143 port 39488 [preauth]
Jun 22 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23574]: pam_unix(cron:session): session closed for user root
Jun 22 09:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24956]: Failed password for root from 38.55.97.143 port 42504 ssh2
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24968]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25034]: Successful su for rubyman by root
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25034]: + ??? root:rubyman
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570144 of user rubyman.
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25034]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570144.
Jun 22 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24956]: Connection closed by 38.55.97.143 port 42504 [preauth]
Jun 22 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session closed for user root
Jun 22 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24969]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24095]: pam_unix(cron:session): session closed for user root
Jun 22 09:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Invalid user pi from 38.55.97.143
Jun 22 09:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: input_userauth_request: invalid user pi [preauth]
Jun 22 09:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Failed password for invalid user pi from 38.55.97.143 port 48688 ssh2
Jun 22 09:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Connection closed by 38.55.97.143 port 48688 [preauth]
Jun 22 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: Received disconnect from 176.65.131.188 port 11530:11: disconnected by user [preauth]
Jun 22 09:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: Disconnected from 176.65.131.188 port 11530 [preauth]
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25369]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25434]: Successful su for rubyman by root
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25434]: + ??? root:rubyman
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570148 of user rubyman.
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25434]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570148.
Jun 22 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22747]: pam_unix(cron:session): session closed for user root
Jun 22 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25370]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24556]: pam_unix(cron:session): session closed for user root
Jun 22 09:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Invalid user admin from 38.55.97.143
Jun 22 09:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: input_userauth_request: invalid user admin [preauth]
Jun 22 09:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Failed password for invalid user admin from 38.55.97.143 port 55646 ssh2
Jun 22 09:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Connection closed by 38.55.97.143 port 55646 [preauth]
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25769]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25833]: Successful su for rubyman by root
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25833]: + ??? root:rubyman
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570152 of user rubyman.
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25833]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570152.
Jun 22 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23150]: pam_unix(cron:session): session closed for user root
Jun 22 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25770]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24972]: pam_unix(cron:session): session closed for user root
Jun 22 09:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Invalid user user from 38.55.97.143
Jun 22 09:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: input_userauth_request: invalid user user [preauth]
Jun 22 09:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Failed password for invalid user user from 38.55.97.143 port 57268 ssh2
Jun 22 09:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Connection closed by 38.55.97.143 port 57268 [preauth]
Jun 22 09:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 09:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: Failed password for root from 51.250.105.222 port 54124 ssh2
Jun 22 09:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: Connection closed by 51.250.105.222 port 54124 [preauth]
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26164]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26165]: pam_unix(cron:session): session closed for user root
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26231]: Successful su for rubyman by root
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26231]: + ??? root:rubyman
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570159 of user rubyman.
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26231]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570159.
Jun 22 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26162]: pam_unix(cron:session): session closed for user root
Jun 22 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23573]: pam_unix(cron:session): session closed for user root
Jun 22 09:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26161]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26444]: Invalid user server from 38.55.97.143
Jun 22 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26444]: input_userauth_request: invalid user server [preauth]
Jun 22 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26444]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26444]: Failed password for invalid user server from 38.55.97.143 port 57940 ssh2
Jun 22 09:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26444]: Connection closed by 38.55.97.143 port 57940 [preauth]
Jun 22 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25372]: pam_unix(cron:session): session closed for user root
Jun 22 09:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26587]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26658]: Successful su for rubyman by root
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26658]: + ??? root:rubyman
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570162 of user rubyman.
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26658]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570162.
Jun 22 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: Failed password for root from 38.55.97.143 port 57724 ssh2
Jun 22 09:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: Connection closed by 38.55.97.143 port 57724 [preauth]
Jun 22 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24094]: pam_unix(cron:session): session closed for user root
Jun 22 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26588]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25772]: pam_unix(cron:session): session closed for user root
Jun 22 09:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Failed password for root from 38.55.97.143 port 56670 ssh2
Jun 22 09:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Connection closed by 38.55.97.143 port 56670 [preauth]
Jun 22 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Received disconnect from 213.152.185.117 port 23802:11: disconnected by user [preauth]
Jun 22 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Disconnected from 213.152.185.117 port 23802 [preauth]
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27074]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27138]: Successful su for rubyman by root
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27138]: + ??? root:rubyman
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570167 of user rubyman.
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27138]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570167.
Jun 22 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session closed for user root
Jun 22 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27075]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Failed password for root from 38.55.97.143 port 54900 ssh2
Jun 22 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Connection closed by 38.55.97.143 port 54900 [preauth]
Jun 22 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26164]: pam_unix(cron:session): session closed for user root
Jun 22 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27438]: Failed password for root from 38.93.206.2 port 64196 ssh2
Jun 22 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27438]: Connection closed by 38.93.206.2 port 64196 [preauth]
Jun 22 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27503]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27574]: Successful su for rubyman by root
Jun 22 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27574]: + ??? root:rubyman
Jun 22 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570170 of user rubyman.
Jun 22 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27574]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570170.
Jun 22 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24970]: pam_unix(cron:session): session closed for user root
Jun 22 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27508]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Failed password for root from 38.55.97.143 port 53864 ssh2
Jun 22 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27501]: Connection closed by 38.55.97.143 port 53864 [preauth]
Jun 22 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26592]: pam_unix(cron:session): session closed for user root
Jun 22 09:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: Failed password for root from 38.55.97.143 port 54208 ssh2
Jun 22 09:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: Connection closed by 38.55.97.143 port 54208 [preauth]
Jun 22 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27913]: pam_unix(cron:session): session closed for user p13x
Jun 22 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27978]: Successful su for rubyman by root
Jun 22 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27978]: + ??? root:rubyman
Jun 22 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570174 of user rubyman.
Jun 22 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27978]: pam_unix(su:session): session closed for user rubyman
Jun 22 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570174.
Jun 22 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25371]: pam_unix(cron:session): session closed for user root
Jun 22 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session closed for user samftp
Jun 22 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27077]: pam_unix(cron:session): session closed for user root
Jun 22 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 09:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 09:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: Failed password for root from 38.55.97.143 port 54068 ssh2
Jun 22 09:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: Connection closed by 38.55.97.143 port 54068 [preauth]
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28372]: pam_unix(cron:session): session closed for user root
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28376]: pam_unix(cron:session): session closed for user root
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28460]: Successful su for rubyman by root
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28460]: + ??? root:rubyman
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570180 of user rubyman.
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28460]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570180.
Jun 22 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28373]: pam_unix(cron:session): session closed for user root
Jun 22 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25771]: pam_unix(cron:session): session closed for user root
Jun 22 10:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28371]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: User ftp from 38.55.97.143 not allowed because not listed in AllowUsers
Jun 22 10:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: input_userauth_request: invalid user ftp [preauth]
Jun 22 10:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=ftp
Jun 22 10:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Failed password for invalid user ftp from 38.55.97.143 port 54100 ssh2
Jun 22 10:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Connection closed by 38.55.97.143 port 54100 [preauth]
Jun 22 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27511]: pam_unix(cron:session): session closed for user root
Jun 22 10:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28985]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29061]: Successful su for rubyman by root
Jun 22 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29061]: + ??? root:rubyman
Jun 22 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570185 of user rubyman.
Jun 22 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29061]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570185.
Jun 22 10:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26163]: pam_unix(cron:session): session closed for user root
Jun 22 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28974]: Failed password for root from 38.55.97.143 port 52072 ssh2
Jun 22 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28986]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28974]: Connection closed by 38.55.97.143 port 52072 [preauth]
Jun 22 10:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session closed for user root
Jun 22 10:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29356]: Failed password for root from 38.55.97.143 port 49250 ssh2
Jun 22 10:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29356]: Connection closed by 38.55.97.143 port 49250 [preauth]
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29413]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29481]: Successful su for rubyman by root
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29481]: + ??? root:rubyman
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570190 of user rubyman.
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29481]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570190.
Jun 22 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26589]: pam_unix(cron:session): session closed for user root
Jun 22 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29414]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: Failed password for root from 38.55.97.143 port 45480 ssh2
Jun 22 10:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: Connection closed by 38.55.97.143 port 45480 [preauth]
Jun 22 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28375]: pam_unix(cron:session): session closed for user root
Jun 22 10:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30009]: Successful su for rubyman by root
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30009]: + ??? root:rubyman
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570195 of user rubyman.
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30009]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570195.
Jun 22 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: Invalid user minecraft from 38.55.97.143
Jun 22 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: Failed password for invalid user minecraft from 38.55.97.143 port 43404 ssh2
Jun 22 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27076]: pam_unix(cron:session): session closed for user root
Jun 22 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: Connection closed by 38.55.97.143 port 43404 [preauth]
Jun 22 10:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28990]: pam_unix(cron:session): session closed for user root
Jun 22 10:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: Invalid user huawei from 38.55.97.143
Jun 22 10:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: input_userauth_request: invalid user huawei [preauth]
Jun 22 10:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: Failed password for invalid user huawei from 38.55.97.143 port 44524 ssh2
Jun 22 10:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: Connection closed by 38.55.97.143 port 44524 [preauth]
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30367]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30424]: Successful su for rubyman by root
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30424]: + ??? root:rubyman
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570197 of user rubyman.
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30424]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570197.
Jun 22 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27510]: pam_unix(cron:session): session closed for user root
Jun 22 10:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30368]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Invalid user student from 38.55.97.143
Jun 22 10:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: input_userauth_request: invalid user student [preauth]
Jun 22 10:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Failed password for invalid user student from 38.55.97.143 port 45296 ssh2
Jun 22 10:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Connection closed by 38.55.97.143 port 45296 [preauth]
Jun 22 10:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29416]: pam_unix(cron:session): session closed for user root
Jun 22 10:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Connection reset by 147.185.132.37 port 63268 [preauth]
Jun 22 10:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30791]: pam_unix(cron:session): session closed for user root
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30861]: Successful su for rubyman by root
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30861]: + ??? root:rubyman
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570203 of user rubyman.
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30861]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570203.
Jun 22 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30788]: pam_unix(cron:session): session closed for user root
Jun 22 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session closed for user root
Jun 22 10:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: Failed password for root from 38.55.97.143 port 43498 ssh2
Jun 22 10:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: Connection closed by 38.55.97.143 port 43498 [preauth]
Jun 22 10:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session closed for user root
Jun 22 10:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31266]: Failed password for root from 38.55.97.143 port 41196 ssh2
Jun 22 10:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31266]: Connection closed by 38.55.97.143 port 41196 [preauth]
Jun 22 10:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.178  user=root
Jun 22 10:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: Failed password for root from 80.94.92.178 port 45224 ssh2
Jun 22 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: message repeated 4 times: [ Failed password for root from 80.94.92.178 port 45224 ssh2]
Jun 22 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31317]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: Successful su for rubyman by root
Jun 22 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: + ??? root:rubyman
Jun 22 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570207 of user rubyman.
Jun 22 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570207.
Jun 22 10:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28374]: pam_unix(cron:session): session closed for user root
Jun 22 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31318]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: Failed password for root from 80.94.92.178 port 45224 ssh2
Jun 22 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: error: maximum authentication attempts exceeded for root from 80.94.92.178 port 45224 ssh2 [preauth]
Jun 22 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: Disconnecting: Too many authentication failures [preauth]
Jun 22 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.178  user=root
Jun 22 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31289]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 10:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 10:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Failed password for root from 193.24.211.107 port 31904 ssh2
Jun 22 10:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Received disconnect from 193.24.211.107 port 31904:11: Client disconnecting normally [preauth]
Jun 22 10:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Disconnected from 193.24.211.107 port 31904 [preauth]
Jun 22 10:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.178  user=root
Jun 22 10:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 10:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for root from 80.94.92.178 port 63332 ssh2
Jun 22 10:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Failed password for root from 77.94.47.83 port 41918 ssh2
Jun 22 10:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Connection closed by 77.94.47.83 port 41918 [preauth]
Jun 22 10:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for root from 80.94.92.178 port 63332 ssh2
Jun 22 10:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for root from 80.94.92.178 port 63332 ssh2
Jun 22 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Received disconnect from 78.111.67.137 port 47560:11: disconnected by user [preauth]
Jun 22 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Disconnected from 78.111.67.137 port 47560 [preauth]
Jun 22 10:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Failed password for root from 38.55.97.143 port 39084 ssh2
Jun 22 10:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Connection closed by 38.55.97.143 port 39084 [preauth]
Jun 22 10:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for root from 80.94.92.178 port 63332 ssh2
Jun 22 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30370]: pam_unix(cron:session): session closed for user root
Jun 22 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for root from 80.94.92.178 port 63332 ssh2
Jun 22 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for root from 80.94.92.178 port 63332 ssh2
Jun 22 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: error: maximum authentication attempts exceeded for root from 80.94.92.178 port 63332 ssh2 [preauth]
Jun 22 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Disconnecting: Too many authentication failures [preauth]
Jun 22 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.178  user=root
Jun 22 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 10:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.178  user=root
Jun 22 10:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: Failed password for root from 80.94.92.178 port 30046 ssh2
Jun 22 10:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: message repeated 5 times: [ Failed password for root from 80.94.92.178 port 30046 ssh2]
Jun 22 10:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: error: maximum authentication attempts exceeded for root from 80.94.92.178 port 30046 ssh2 [preauth]
Jun 22 10:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: Disconnecting: Too many authentication failures [preauth]
Jun 22 10:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.178  user=root
Jun 22 10:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 10:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31839]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: Successful su for rubyman by root
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: + ??? root:rubyman
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570211 of user rubyman.
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570211.
Jun 22 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Connection reset by 80.94.92.178 port 32972 [preauth]
Jun 22 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28989]: pam_unix(cron:session): session closed for user root
Jun 22 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31840]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: Failed password for root from 38.55.97.143 port 36878 ssh2
Jun 22 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: Connection closed by 38.55.97.143 port 36878 [preauth]
Jun 22 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30790]: pam_unix(cron:session): session closed for user root
Jun 22 10:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Failed password for root from 38.55.97.143 port 34366 ssh2
Jun 22 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Connection closed by 38.55.97.143 port 34366 [preauth]
Jun 22 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32260]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: Successful su for rubyman by root
Jun 22 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: + ??? root:rubyman
Jun 22 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570216 of user rubyman.
Jun 22 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570216.
Jun 22 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29415]: pam_unix(cron:session): session closed for user root
Jun 22 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32261]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31320]: pam_unix(cron:session): session closed for user root
Jun 22 10:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: Failed password for root from 38.55.97.143 port 60584 ssh2
Jun 22 10:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: Connection closed by 38.55.97.143 port 60584 [preauth]
Jun 22 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32674]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[335]: Successful su for rubyman by root
Jun 22 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[335]: + ??? root:rubyman
Jun 22 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570219 of user rubyman.
Jun 22 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[335]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570219.
Jun 22 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32670]: pam_unix(cron:session): session closed for user root
Jun 22 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session closed for user root
Jun 22 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32675]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: Invalid user test from 38.55.97.143
Jun 22 10:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: input_userauth_request: invalid user test [preauth]
Jun 22 10:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: Failed password for invalid user test from 38.55.97.143 port 58592 ssh2
Jun 22 10:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: Connection closed by 38.55.97.143 port 58592 [preauth]
Jun 22 10:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31842]: pam_unix(cron:session): session closed for user root
Jun 22 10:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: Failed password for root from 38.55.97.143 port 55536 ssh2
Jun 22 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: Connection closed by 38.55.97.143 port 55536 [preauth]
Jun 22 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[867]: pam_unix(cron:session): session closed for user root
Jun 22 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[862]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[937]: Successful su for rubyman by root
Jun 22 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[937]: + ??? root:rubyman
Jun 22 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570226 of user rubyman.
Jun 22 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[937]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570226.
Jun 22 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30369]: pam_unix(cron:session): session closed for user root
Jun 22 10:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[864]: pam_unix(cron:session): session closed for user root
Jun 22 10:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[863]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session closed for user root
Jun 22 10:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: Failed password for root from 38.55.97.143 port 51944 ssh2
Jun 22 10:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: Connection closed by 38.55.97.143 port 51944 [preauth]
Jun 22 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1472]: Successful su for rubyman by root
Jun 22 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1472]: + ??? root:rubyman
Jun 22 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570231 of user rubyman.
Jun 22 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1472]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570231.
Jun 22 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30789]: pam_unix(cron:session): session closed for user root
Jun 22 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Failed password for root from 38.55.97.143 port 50236 ssh2
Jun 22 10:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Connection closed by 38.55.97.143 port 50236 [preauth]
Jun 22 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32677]: pam_unix(cron:session): session closed for user root
Jun 22 10:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1924]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1922]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2010]: Successful su for rubyman by root
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2010]: + ??? root:rubyman
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570235 of user rubyman.
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2010]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570235.
Jun 22 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31319]: pam_unix(cron:session): session closed for user root
Jun 22 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: Failed password for root from 38.55.97.143 port 48168 ssh2
Jun 22 10:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1923]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: Connection closed by 38.55.97.143 port 48168 [preauth]
Jun 22 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[866]: pam_unix(cron:session): session closed for user root
Jun 22 10:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Failed password for root from 38.55.97.143 port 45736 ssh2
Jun 22 10:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Connection closed by 38.55.97.143 port 45736 [preauth]
Jun 22 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2389]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2450]: Successful su for rubyman by root
Jun 22 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2450]: + ??? root:rubyman
Jun 22 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570238 of user rubyman.
Jun 22 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2450]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570238.
Jun 22 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31841]: pam_unix(cron:session): session closed for user root
Jun 22 10:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2390]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Received disconnect from 78.111.67.235 port 53146:11: disconnected by user [preauth]
Jun 22 10:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Disconnected from 78.111.67.235 port 53146 [preauth]
Jun 22 10:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Invalid user test from 38.55.97.143
Jun 22 10:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: input_userauth_request: invalid user test [preauth]
Jun 22 10:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Failed password for invalid user test from 38.55.97.143 port 42946 ssh2
Jun 22 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: Failed password for root from 20.87.219.67 port 55018 ssh2
Jun 22 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Connection closed by 38.55.97.143 port 42946 [preauth]
Jun 22 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: Received disconnect from 20.87.219.67 port 55018:11: Bye Bye [preauth]
Jun 22 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: Disconnected from 20.87.219.67 port 55018 [preauth]
Jun 22 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session closed for user root
Jun 22 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2816]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2876]: Successful su for rubyman by root
Jun 22 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2876]: + ??? root:rubyman
Jun 22 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570244 of user rubyman.
Jun 22 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2876]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570244.
Jun 22 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32262]: pam_unix(cron:session): session closed for user root
Jun 22 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2817]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Invalid user test from 38.55.97.143
Jun 22 10:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: input_userauth_request: invalid user test [preauth]
Jun 22 10:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Failed password for invalid user test from 38.55.97.143 port 47588 ssh2
Jun 22 10:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Connection closed by 38.55.97.143 port 47588 [preauth]
Jun 22 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1925]: pam_unix(cron:session): session closed for user root
Jun 22 10:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Failed password for root from 38.55.97.143 port 45050 ssh2
Jun 22 10:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Connection closed by 38.55.97.143 port 45050 [preauth]
Jun 22 10:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 10:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Received disconnect from 185.65.107.14 port 34200:11: disconnected by user [preauth]
Jun 22 10:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Disconnected from 185.65.107.14 port 34200 [preauth]
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session closed for user root
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3205]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3286]: Successful su for rubyman by root
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3286]: + ??? root:rubyman
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570247 of user rubyman.
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3286]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570247.
Jun 22 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3207]: pam_unix(cron:session): session closed for user root
Jun 22 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32676]: pam_unix(cron:session): session closed for user root
Jun 22 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3206]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2392]: pam_unix(cron:session): session closed for user root
Jun 22 10:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: Failed password for root from 38.55.97.143 port 43014 ssh2
Jun 22 10:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: Connection closed by 38.55.97.143 port 43014 [preauth]
Jun 22 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3642]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: Successful su for rubyman by root
Jun 22 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: + ??? root:rubyman
Jun 22 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570253 of user rubyman.
Jun 22 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570253.
Jun 22 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session closed for user root
Jun 22 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3643]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: Invalid user postgres from 38.55.97.143
Jun 22 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: input_userauth_request: invalid user postgres [preauth]
Jun 22 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: Failed password for invalid user postgres from 38.55.97.143 port 41150 ssh2
Jun 22 10:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: Connection closed by 38.55.97.143 port 41150 [preauth]
Jun 22 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2819]: pam_unix(cron:session): session closed for user root
Jun 22 10:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: Invalid user jenkins from 38.55.97.143
Jun 22 10:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 10:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: Failed password for invalid user jenkins from 38.55.97.143 port 37822 ssh2
Jun 22 10:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: Connection closed by 38.55.97.143 port 37822 [preauth]
Jun 22 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4256]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4250]: pam_unix(cron:session): session closed for user root
Jun 22 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4252]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4321]: Successful su for rubyman by root
Jun 22 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4321]: + ??? root:rubyman
Jun 22 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570257 of user rubyman.
Jun 22 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4321]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570257.
Jun 22 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1368]: pam_unix(cron:session): session closed for user root
Jun 22 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4253]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3209]: pam_unix(cron:session): session closed for user root
Jun 22 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Failed password for root from 38.55.97.143 port 34884 ssh2
Jun 22 10:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Connection closed by 38.55.97.143 port 34884 [preauth]
Jun 22 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4657]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4736]: Successful su for rubyman by root
Jun 22 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4736]: + ??? root:rubyman
Jun 22 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570262 of user rubyman.
Jun 22 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4736]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570262.
Jun 22 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1924]: pam_unix(cron:session): session closed for user root
Jun 22 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4658]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 10:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: Failed password for root from 193.37.70.224 port 53870 ssh2
Jun 22 10:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: Connection closed by 193.37.70.224 port 53870 [preauth]
Jun 22 10:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Failed password for root from 38.55.97.143 port 60952 ssh2
Jun 22 10:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Connection closed by 38.55.97.143 port 60952 [preauth]
Jun 22 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3645]: pam_unix(cron:session): session closed for user root
Jun 22 10:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: Failed password for root from 38.55.97.143 port 58632 ssh2
Jun 22 10:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: Connection closed by 38.55.97.143 port 58632 [preauth]
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5178]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5238]: Successful su for rubyman by root
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5238]: + ??? root:rubyman
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570267 of user rubyman.
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5238]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570267.
Jun 22 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2391]: pam_unix(cron:session): session closed for user root
Jun 22 10:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5179]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4256]: pam_unix(cron:session): session closed for user root
Jun 22 10:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Failed password for root from 38.55.97.143 port 56536 ssh2
Jun 22 10:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Connection closed by 38.55.97.143 port 56536 [preauth]
Jun 22 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5591]: pam_unix(cron:session): session closed for user root
Jun 22 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5586]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5650]: Successful su for rubyman by root
Jun 22 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5650]: + ??? root:rubyman
Jun 22 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570272 of user rubyman.
Jun 22 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5650]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570272.
Jun 22 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5588]: pam_unix(cron:session): session closed for user root
Jun 22 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2818]: pam_unix(cron:session): session closed for user root
Jun 22 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5587]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: Failed password for root from 38.55.97.143 port 53350 ssh2
Jun 22 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: Connection closed by 38.55.97.143 port 53350 [preauth]
Jun 22 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4660]: pam_unix(cron:session): session closed for user root
Jun 22 10:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: Invalid user ubnt from 141.98.83.240
Jun 22 10:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: input_userauth_request: invalid user ubnt [preauth]
Jun 22 10:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 10:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: Failed password for invalid user ubnt from 141.98.83.240 port 12652 ssh2
Jun 22 10:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: Failed password for invalid user ubnt from 141.98.83.240 port 12652 ssh2
Jun 22 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: Failed password for invalid user ubnt from 141.98.83.240 port 12652 ssh2
Jun 22 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: Connection closed by 141.98.83.240 port 12652 [preauth]
Jun 22 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: Invalid user ubuntu from 38.55.97.143
Jun 22 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.138.26  user=root
Jun 22 10:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: Failed password for invalid user ubuntu from 38.55.97.143 port 50348 ssh2
Jun 22 10:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: Connection closed by 38.55.97.143 port 50348 [preauth]
Jun 22 10:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: Failed password for root from 36.88.138.26 port 42087 ssh2
Jun 22 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: Connection closed by 36.88.138.26 port 42087 [preauth]
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6010]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6075]: Successful su for rubyman by root
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6075]: + ??? root:rubyman
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570275 of user rubyman.
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6075]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570275.
Jun 22 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3208]: pam_unix(cron:session): session closed for user root
Jun 22 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6011]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5181]: pam_unix(cron:session): session closed for user root
Jun 22 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Invalid user test2 from 38.55.97.143
Jun 22 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: input_userauth_request: invalid user test2 [preauth]
Jun 22 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Failed password for invalid user test2 from 38.55.97.143 port 48706 ssh2
Jun 22 10:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Connection closed by 38.55.97.143 port 48706 [preauth]
Jun 22 10:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 10:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 10:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: Failed password for root from 103.153.68.219 port 44142 ssh2
Jun 22 10:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: Connection closed by 103.153.68.219 port 44142 [preauth]
Jun 22 10:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Failed password for root from 193.24.211.107 port 31200 ssh2
Jun 22 10:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Received disconnect from 193.24.211.107 port 31200:11: Client disconnecting normally [preauth]
Jun 22 10:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Disconnected from 193.24.211.107 port 31200 [preauth]
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6478]: Successful su for rubyman by root
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6478]: + ??? root:rubyman
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570280 of user rubyman.
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6478]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570280.
Jun 22 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3644]: pam_unix(cron:session): session closed for user root
Jun 22 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Failed password for root from 38.55.97.143 port 47504 ssh2
Jun 22 10:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Connection closed by 38.55.97.143 port 47504 [preauth]
Jun 22 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5590]: pam_unix(cron:session): session closed for user root
Jun 22 10:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Failed password for root from 38.55.97.143 port 44866 ssh2
Jun 22 10:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Connection closed by 38.55.97.143 port 44866 [preauth]
Jun 22 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6896]: Successful su for rubyman by root
Jun 22 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6896]: + ??? root:rubyman
Jun 22 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570283 of user rubyman.
Jun 22 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6896]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570283.
Jun 22 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4255]: pam_unix(cron:session): session closed for user root
Jun 22 10:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 10:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: Failed password for root from 109.237.96.109 port 52676 ssh2
Jun 22 10:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: Connection closed by 109.237.96.109 port 52676 [preauth]
Jun 22 10:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: Failed password for root from 38.55.97.143 port 43134 ssh2
Jun 22 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6013]: pam_unix(cron:session): session closed for user root
Jun 22 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: Connection closed by 38.55.97.143 port 43134 [preauth]
Jun 22 10:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Failed password for root from 103.149.28.157 port 34048 ssh2
Jun 22 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Connection closed by 103.149.28.157 port 34048 [preauth]
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7328]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7394]: Successful su for rubyman by root
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7394]: + ??? root:rubyman
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570289 of user rubyman.
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7394]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570289.
Jun 22 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4659]: pam_unix(cron:session): session closed for user root
Jun 22 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: Invalid user admin from 2.57.121.25
Jun 22 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: input_userauth_request: invalid user admin [preauth]
Jun 22 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7330]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: Failed password for invalid user admin from 2.57.121.25 port 6868 ssh2
Jun 22 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: Failed password for invalid user admin from 2.57.121.25 port 6868 ssh2
Jun 22 10:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: Failed password for invalid user admin from 2.57.121.25 port 6868 ssh2
Jun 22 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: Connection closed by 2.57.121.25 port 6868 [preauth]
Jun 22 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7541]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 10:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7576]: Failed password for root from 38.55.97.143 port 49122 ssh2
Jun 22 10:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7576]: Connection closed by 38.55.97.143 port 49122 [preauth]
Jun 22 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session closed for user root
Jun 22 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 10:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: Failed password for root from 38.55.97.143 port 49608 ssh2
Jun 22 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Failed password for root from 194.113.233.25 port 49138 ssh2
Jun 22 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Connection closed by 194.113.233.25 port 49138 [preauth]
Jun 22 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: Connection closed by 38.55.97.143 port 49608 [preauth]
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7833]: pam_unix(cron:session): session closed for user root
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7828]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7893]: Successful su for rubyman by root
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7893]: + ??? root:rubyman
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570294 of user rubyman.
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7893]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570294.
Jun 22 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5180]: pam_unix(cron:session): session closed for user root
Jun 22 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7830]: pam_unix(cron:session): session closed for user root
Jun 22 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7829]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session closed for user root
Jun 22 10:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: Invalid user zjw from 38.55.97.143
Jun 22 10:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: input_userauth_request: invalid user zjw [preauth]
Jun 22 10:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: Failed password for invalid user zjw from 38.55.97.143 port 50526 ssh2
Jun 22 10:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: Connection closed by 38.55.97.143 port 50526 [preauth]
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8256]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8253]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8316]: Successful su for rubyman by root
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8316]: + ??? root:rubyman
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570298 of user rubyman.
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8316]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570298.
Jun 22 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5589]: pam_unix(cron:session): session closed for user root
Jun 22 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8254]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.221.66.246 port 46180
Jun 22 10:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8504]: Connection closed by 20.221.66.246 port 46164 [preauth]
Jun 22 10:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Failed password for root from 38.55.97.143 port 49020 ssh2
Jun 22 10:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Connection closed by 38.55.97.143 port 49020 [preauth]
Jun 22 10:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7332]: pam_unix(cron:session): session closed for user root
Jun 22 10:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 10:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Failed password for root from 20.87.219.67 port 50522 ssh2
Jun 22 10:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Received disconnect from 20.87.219.67 port 50522:11: Bye Bye [preauth]
Jun 22 10:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Disconnected from 20.87.219.67 port 50522 [preauth]
Jun 22 10:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8650]: Failed password for root from 38.55.97.143 port 47550 ssh2
Jun 22 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8665]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8662]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8723]: Successful su for rubyman by root
Jun 22 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8723]: + ??? root:rubyman
Jun 22 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570302 of user rubyman.
Jun 22 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8723]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570302.
Jun 22 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8650]: Connection closed by 38.55.97.143 port 47550 [preauth]
Jun 22 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6012]: pam_unix(cron:session): session closed for user root
Jun 22 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8663]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7832]: pam_unix(cron:session): session closed for user root
Jun 22 10:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Failed password for root from 38.55.97.143 port 44684 ssh2
Jun 22 10:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Connection closed by 38.55.97.143 port 44684 [preauth]
Jun 22 10:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9049]: Received disconnect from 31.58.144.12 port 47118:11: disconnected by user [preauth]
Jun 22 10:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9049]: Disconnected from 31.58.144.12 port 47118 [preauth]
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9061]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9119]: Successful su for rubyman by root
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9119]: + ??? root:rubyman
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570305 of user rubyman.
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9119]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570305.
Jun 22 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session closed for user root
Jun 22 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9062]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Invalid user admin from 38.55.97.143
Jun 22 10:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: input_userauth_request: invalid user admin [preauth]
Jun 22 10:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Failed password for invalid user admin from 38.55.97.143 port 43430 ssh2
Jun 22 10:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Connection closed by 38.55.97.143 port 43430 [preauth]
Jun 22 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8256]: pam_unix(cron:session): session closed for user root
Jun 22 10:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9457]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9514]: Successful su for rubyman by root
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9514]: + ??? root:rubyman
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570311 of user rubyman.
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9514]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570311.
Jun 22 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Invalid user user from 38.55.97.143
Jun 22 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: input_userauth_request: invalid user user [preauth]
Jun 22 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session closed for user root
Jun 22 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9458]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Failed password for invalid user user from 38.55.97.143 port 41114 ssh2
Jun 22 10:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Connection closed by 38.55.97.143 port 41114 [preauth]
Jun 22 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8665]: pam_unix(cron:session): session closed for user root
Jun 22 10:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: Failed password for root from 38.55.97.143 port 39044 ssh2
Jun 22 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: Connection closed by 38.55.97.143 port 39044 [preauth]
Jun 22 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9801]: Received disconnect from 185.134.49.116 port 48888:11: disconnected by user [preauth]
Jun 22 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9801]: Disconnected from 185.134.49.116 port 48888 [preauth]
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9868]: pam_unix(cron:session): session closed for user root
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9859]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10093]: Successful su for rubyman by root
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10093]: + ??? root:rubyman
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570313 of user rubyman.
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10093]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570313.
Jun 22 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7331]: pam_unix(cron:session): session closed for user root
Jun 22 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session closed for user root
Jun 22 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9861]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Invalid user evin from 20.87.219.67
Jun 22 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: input_userauth_request: invalid user evin [preauth]
Jun 22 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 10:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Failed password for invalid user evin from 20.87.219.67 port 46276 ssh2
Jun 22 10:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Received disconnect from 20.87.219.67 port 46276:11: Bye Bye [preauth]
Jun 22 10:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Disconnected from 20.87.219.67 port 46276 [preauth]
Jun 22 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Failed password for root from 38.55.97.143 port 37430 ssh2
Jun 22 10:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Connection closed by 38.55.97.143 port 37430 [preauth]
Jun 22 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session closed for user root
Jun 22 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10540]: Connection closed by 194.59.206.2 port 53920 [preauth]
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10551]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10622]: Successful su for rubyman by root
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10622]: + ??? root:rubyman
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570319 of user rubyman.
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10622]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570319.
Jun 22 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7831]: pam_unix(cron:session): session closed for user root
Jun 22 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10740]: Invalid user admin from 38.55.97.143
Jun 22 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10740]: input_userauth_request: invalid user admin [preauth]
Jun 22 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10740]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10552]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10740]: Failed password for invalid user admin from 38.55.97.143 port 36148 ssh2
Jun 22 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10740]: Connection closed by 38.55.97.143 port 36148 [preauth]
Jun 22 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session closed for user root
Jun 22 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Failed password for root from 38.55.97.143 port 33374 ssh2
Jun 22 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Connection closed by 38.55.97.143 port 33374 [preauth]
Jun 22 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Received disconnect from 167.114.156.169 port 35776:11: disconnected by user [preauth]
Jun 22 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Disconnected from 167.114.156.169 port 35776 [preauth]
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10992]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11056]: Successful su for rubyman by root
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11056]: + ??? root:rubyman
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570324 of user rubyman.
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11056]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570324.
Jun 22 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8255]: pam_unix(cron:session): session closed for user root
Jun 22 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Failed password for root from 103.27.238.120 port 39306 ssh2
Jun 22 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Connection closed by 103.27.238.120 port 39306 [preauth]
Jun 22 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11283]: Failed password for root from 38.55.97.143 port 33848 ssh2
Jun 22 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11283]: Connection closed by 38.55.97.143 port 33848 [preauth]
Jun 22 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session closed for user root
Jun 22 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11493]: Successful su for rubyman by root
Jun 22 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11493]: + ??? root:rubyman
Jun 22 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570329 of user rubyman.
Jun 22 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11493]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570329.
Jun 22 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: Failed password for root from 38.55.97.143 port 60460 ssh2
Jun 22 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8664]: pam_unix(cron:session): session closed for user root
Jun 22 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: Connection closed by 38.55.97.143 port 60460 [preauth]
Jun 22 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10556]: pam_unix(cron:session): session closed for user root
Jun 22 10:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Invalid user testuser from 38.55.97.143
Jun 22 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: input_userauth_request: invalid user testuser [preauth]
Jun 22 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Invalid user ubuntu from 20.87.219.67
Jun 22 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 10:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: Invalid user dalila from 2.57.121.112
Jun 22 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: input_userauth_request: invalid user dalila [preauth]
Jun 22 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Failed password for invalid user testuser from 38.55.97.143 port 58360 ssh2
Jun 22 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Connection closed by 38.55.97.143 port 58360 [preauth]
Jun 22 10:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Failed password for invalid user ubuntu from 20.87.219.67 port 40804 ssh2
Jun 22 10:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Received disconnect from 20.87.219.67 port 40804:11: Bye Bye [preauth]
Jun 22 10:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Disconnected from 20.87.219.67 port 40804 [preauth]
Jun 22 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: Failed password for invalid user dalila from 2.57.121.112 port 14592 ssh2
Jun 22 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: Failed password for invalid user dalila from 2.57.121.112 port 14592 ssh2
Jun 22 10:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: Failed password for invalid user dalila from 2.57.121.112 port 14592 ssh2
Jun 22 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: Failed password for invalid user dalila from 2.57.121.112 port 14592 ssh2
Jun 22 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: Failed password for invalid user dalila from 2.57.121.112 port 14592 ssh2
Jun 22 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: Connection closed by 2.57.121.112 port 14592 [preauth]
Jun 22 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11814]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11853]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11944]: Successful su for rubyman by root
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11944]: + ??? root:rubyman
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570331 of user rubyman.
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11944]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570331.
Jun 22 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9063]: pam_unix(cron:session): session closed for user root
Jun 22 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11854]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: Failed password for root from 38.55.97.143 port 38416 ssh2
Jun 22 10:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: Connection closed by 38.55.97.143 port 38416 [preauth]
Jun 22 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session closed for user root
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12415]: pam_unix(cron:session): session closed for user root
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12408]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12483]: Successful su for rubyman by root
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12483]: + ??? root:rubyman
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570338 of user rubyman.
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12483]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570338.
Jun 22 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12411]: pam_unix(cron:session): session closed for user root
Jun 22 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9459]: pam_unix(cron:session): session closed for user root
Jun 22 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12409]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: Failed password for root from 38.55.97.143 port 38660 ssh2
Jun 22 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: Connection closed by 38.55.97.143 port 38660 [preauth]
Jun 22 10:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session closed for user root
Jun 22 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Failed password for root from 62.133.62.83 port 47938 ssh2
Jun 22 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Connection closed by 62.133.62.83 port 47938 [preauth]
Jun 22 10:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: User backup from 38.55.97.143 not allowed because not listed in AllowUsers
Jun 22 10:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: input_userauth_request: invalid user backup [preauth]
Jun 22 10:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=backup
Jun 22 10:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: Failed password for invalid user backup from 38.55.97.143 port 38318 ssh2
Jun 22 10:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: Connection closed by 38.55.97.143 port 38318 [preauth]
Jun 22 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12853]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12928]: Successful su for rubyman by root
Jun 22 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12928]: + ??? root:rubyman
Jun 22 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570342 of user rubyman.
Jun 22 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12928]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570342.
Jun 22 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session closed for user root
Jun 22 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12857]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Invalid user admin from 38.55.97.143
Jun 22 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: input_userauth_request: invalid user admin [preauth]
Jun 22 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Failed password for invalid user admin from 38.55.97.143 port 36474 ssh2
Jun 22 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11856]: pam_unix(cron:session): session closed for user root
Jun 22 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Connection closed by 38.55.97.143 port 36474 [preauth]
Jun 22 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13274]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13337]: Successful su for rubyman by root
Jun 22 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13337]: + ??? root:rubyman
Jun 22 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570346 of user rubyman.
Jun 22 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13337]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570346.
Jun 22 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10555]: pam_unix(cron:session): session closed for user root
Jun 22 10:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Invalid user developer from 20.87.219.67
Jun 22 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: input_userauth_request: invalid user developer [preauth]
Jun 22 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 10:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: Failed password for root from 38.55.97.143 port 34508 ssh2
Jun 22 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Failed password for invalid user developer from 20.87.219.67 port 41320 ssh2
Jun 22 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Received disconnect from 20.87.219.67 port 41320:11: Bye Bye [preauth]
Jun 22 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Disconnected from 20.87.219.67 port 41320 [preauth]
Jun 22 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: Connection closed by 38.55.97.143 port 34508 [preauth]
Jun 22 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12414]: pam_unix(cron:session): session closed for user root
Jun 22 10:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Failed password for root from 38.55.97.143 port 60936 ssh2
Jun 22 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: Failed password for root from 193.24.211.107 port 19374 ssh2
Jun 22 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: Received disconnect from 193.24.211.107 port 19374:11: Client disconnecting normally [preauth]
Jun 22 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: Disconnected from 193.24.211.107 port 19374 [preauth]
Jun 22 10:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Connection closed by 38.55.97.143 port 60936 [preauth]
Jun 22 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13678]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13752]: Successful su for rubyman by root
Jun 22 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13752]: + ??? root:rubyman
Jun 22 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570351 of user rubyman.
Jun 22 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13752]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570351.
Jun 22 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session closed for user root
Jun 22 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13679]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13976]: Failed password for root from 38.55.97.143 port 59032 ssh2
Jun 22 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13976]: Connection closed by 38.55.97.143 port 59032 [preauth]
Jun 22 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12861]: pam_unix(cron:session): session closed for user root
Jun 22 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14091]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14199]: Successful su for rubyman by root
Jun 22 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14199]: + ??? root:rubyman
Jun 22 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570355 of user rubyman.
Jun 22 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14199]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570355.
Jun 22 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14089]: pam_unix(cron:session): session closed for user root
Jun 22 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session closed for user root
Jun 22 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14092]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Failed password for root from 38.55.97.143 port 56274 ssh2
Jun 22 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Connection closed by 38.55.97.143 port 56274 [preauth]
Jun 22 10:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13277]: pam_unix(cron:session): session closed for user root
Jun 22 10:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: Invalid user linuxadmin from 38.55.97.143
Jun 22 10:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: input_userauth_request: invalid user linuxadmin [preauth]
Jun 22 10:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: Failed password for invalid user linuxadmin from 38.55.97.143 port 54950 ssh2
Jun 22 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: Failed password for root from 38.93.206.2 port 57648 ssh2
Jun 22 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: Connection closed by 38.93.206.2 port 57648 [preauth]
Jun 22 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: Connection closed by 38.55.97.143 port 54950 [preauth]
Jun 22 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Failed password for root from 103.172.78.219 port 54292 ssh2
Jun 22 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Connection closed by 103.172.78.219 port 54292 [preauth]
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session closed for user root
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14567]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14650]: Successful su for rubyman by root
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14650]: + ??? root:rubyman
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570362 of user rubyman.
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14650]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570362.
Jun 22 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11855]: pam_unix(cron:session): session closed for user root
Jun 22 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14569]: pam_unix(cron:session): session closed for user root
Jun 22 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14568]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 10:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: Failed password for root from 103.82.20.28 port 33354 ssh2
Jun 22 10:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: Connection closed by 103.82.20.28 port 33354 [preauth]
Jun 22 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: Invalid user ftpuser from 38.55.97.143
Jun 22 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13682]: pam_unix(cron:session): session closed for user root
Jun 22 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: Failed password for invalid user ftpuser from 38.55.97.143 port 53140 ssh2
Jun 22 10:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: Connection closed by 38.55.97.143 port 53140 [preauth]
Jun 22 10:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Received disconnect from 200.26.188.219 port 64532:11: disconnected by user [preauth]
Jun 22 10:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Disconnected from 200.26.188.219 port 64532 [preauth]
Jun 22 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15088]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: Successful su for rubyman by root
Jun 22 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: + ??? root:rubyman
Jun 22 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570365 of user rubyman.
Jun 22 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570365.
Jun 22 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12412]: pam_unix(cron:session): session closed for user root
Jun 22 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15089]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15341]: Invalid user useradmin from 38.55.97.143
Jun 22 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15341]: input_userauth_request: invalid user useradmin [preauth]
Jun 22 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15341]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15341]: Failed password for invalid user useradmin from 38.55.97.143 port 50880 ssh2
Jun 22 10:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15341]: Connection closed by 38.55.97.143 port 50880 [preauth]
Jun 22 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14094]: pam_unix(cron:session): session closed for user root
Jun 22 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: Invalid user admin from 193.46.255.86
Jun 22 10:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: input_userauth_request: invalid user admin [preauth]
Jun 22 10:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 10:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: Failed password for invalid user admin from 193.46.255.86 port 24290 ssh2
Jun 22 10:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: Failed password for invalid user admin from 193.46.255.86 port 24290 ssh2
Jun 22 10:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: Failed password for invalid user admin from 193.46.255.86 port 24290 ssh2
Jun 22 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: Connection closed by 193.46.255.86 port 24290 [preauth]
Jun 22 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15467]: Failed password for root from 38.55.97.143 port 49706 ssh2
Jun 22 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15467]: Connection closed by 38.55.97.143 port 49706 [preauth]
Jun 22 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15495]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15553]: Successful su for rubyman by root
Jun 22 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15553]: + ??? root:rubyman
Jun 22 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570369 of user rubyman.
Jun 22 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15553]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570369.
Jun 22 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12860]: pam_unix(cron:session): session closed for user root
Jun 22 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15496]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Failed password for root from 38.55.97.143 port 47912 ssh2
Jun 22 10:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Connection closed by 38.55.97.143 port 47912 [preauth]
Jun 22 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session closed for user root
Jun 22 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15885]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15943]: Successful su for rubyman by root
Jun 22 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15943]: + ??? root:rubyman
Jun 22 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570372 of user rubyman.
Jun 22 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15943]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570372.
Jun 22 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13276]: pam_unix(cron:session): session closed for user root
Jun 22 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15886]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Invalid user ftptest from 38.55.97.143
Jun 22 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: input_userauth_request: invalid user ftptest [preauth]
Jun 22 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Failed password for invalid user ftptest from 38.55.97.143 port 44984 ssh2
Jun 22 10:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Connection closed by 38.55.97.143 port 44984 [preauth]
Jun 22 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15091]: pam_unix(cron:session): session closed for user root
Jun 22 10:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: Failed password for root from 38.55.97.143 port 42984 ssh2
Jun 22 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: Connection closed by 38.55.97.143 port 42984 [preauth]
Jun 22 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16274]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16273]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16332]: Successful su for rubyman by root
Jun 22 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16332]: + ??? root:rubyman
Jun 22 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570376 of user rubyman.
Jun 22 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16332]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570376.
Jun 22 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session closed for user root
Jun 22 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Failed password for root from 20.87.219.67 port 32778 ssh2
Jun 22 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Received disconnect from 20.87.219.67 port 32778:11: Bye Bye [preauth]
Jun 22 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Disconnected from 20.87.219.67 port 32778 [preauth]
Jun 22 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16274]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15499]: pam_unix(cron:session): session closed for user root
Jun 22 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Failed password for root from 38.55.97.143 port 50566 ssh2
Jun 22 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Connection closed by 38.55.97.143 port 50566 [preauth]
Jun 22 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Did not receive identification string from 91.92.40.10
Jun 22 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: Failed password for root from 80.66.85.226 port 43006 ssh2
Jun 22 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: Connection closed by 80.66.85.226 port 43006 [preauth]
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16683]: pam_unix(cron:session): session closed for user root
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16746]: Successful su for rubyman by root
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16746]: + ??? root:rubyman
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570384 of user rubyman.
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16746]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570384.
Jun 22 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session closed for user root
Jun 22 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14093]: pam_unix(cron:session): session closed for user root
Jun 22 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: Failed password for root from 38.55.97.143 port 51584 ssh2
Jun 22 10:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: Connection closed by 38.55.97.143 port 51584 [preauth]
Jun 22 10:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 10:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Failed password for root from 147.45.199.80 port 32846 ssh2
Jun 22 10:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Connection closed by 147.45.199.80 port 32846 [preauth]
Jun 22 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15888]: pam_unix(cron:session): session closed for user root
Jun 22 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: Failed password for root from 38.55.97.143 port 52198 ssh2
Jun 22 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: Connection closed by 38.55.97.143 port 52198 [preauth]
Jun 22 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17273]: Successful su for rubyman by root
Jun 22 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17273]: + ??? root:rubyman
Jun 22 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570387 of user rubyman.
Jun 22 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17273]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570387.
Jun 22 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session closed for user root
Jun 22 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16276]: pam_unix(cron:session): session closed for user root
Jun 22 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: Invalid user node from 38.55.97.143
Jun 22 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: input_userauth_request: invalid user node [preauth]
Jun 22 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: Failed password for invalid user node from 38.55.97.143 port 50698 ssh2
Jun 22 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: Connection closed by 38.55.97.143 port 50698 [preauth]
Jun 22 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17617]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17764]: Successful su for rubyman by root
Jun 22 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17764]: + ??? root:rubyman
Jun 22 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570390 of user rubyman.
Jun 22 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17764]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570390.
Jun 22 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15090]: pam_unix(cron:session): session closed for user root
Jun 22 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Invalid user builder from 38.55.97.143
Jun 22 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: input_userauth_request: invalid user builder [preauth]
Jun 22 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Failed password for invalid user builder from 38.55.97.143 port 49654 ssh2
Jun 22 10:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Connection closed by 38.55.97.143 port 49654 [preauth]
Jun 22 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session closed for user root
Jun 22 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 10:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Failed password for root from 20.87.219.67 port 48390 ssh2
Jun 22 10:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Received disconnect from 20.87.219.67 port 48390:11: Bye Bye [preauth]
Jun 22 10:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Disconnected from 20.87.219.67 port 48390 [preauth]
Jun 22 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Failed password for root from 38.55.97.143 port 48638 ssh2
Jun 22 10:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Connection closed by 38.55.97.143 port 48638 [preauth]
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18128]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18193]: Successful su for rubyman by root
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18193]: + ??? root:rubyman
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570395 of user rubyman.
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18193]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570395.
Jun 22 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15498]: pam_unix(cron:session): session closed for user root
Jun 22 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18129]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session closed for user root
Jun 22 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: Invalid user postgres from 38.55.97.143
Jun 22 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: input_userauth_request: invalid user postgres [preauth]
Jun 22 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: Failed password for invalid user postgres from 38.55.97.143 port 46846 ssh2
Jun 22 10:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: Connection closed by 38.55.97.143 port 46846 [preauth]
Jun 22 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: Successful su for rubyman by root
Jun 22 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: + ??? root:rubyman
Jun 22 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570398 of user rubyman.
Jun 22 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570398.
Jun 22 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15887]: pam_unix(cron:session): session closed for user root
Jun 22 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18640]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.10  user=root
Jun 22 10:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Failed password for root from 91.92.40.10 port 55802 ssh2
Jun 22 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Connection closed by 91.92.40.10 port 55802 [preauth]
Jun 22 10:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: Invalid user lab from 38.55.97.143
Jun 22 10:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: input_userauth_request: invalid user lab [preauth]
Jun 22 10:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 10:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: Failed password for invalid user lab from 38.55.97.143 port 44856 ssh2
Jun 22 10:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: Connection closed by 38.55.97.143 port 44856 [preauth]
Jun 22 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18945]: Failed password for root from 37.233.85.71 port 48178 ssh2
Jun 22 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18945]: Connection closed by 37.233.85.71 port 48178 [preauth]
Jun 22 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session closed for user root
Jun 22 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: Invalid user sftpuser from 38.55.97.143
Jun 22 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: input_userauth_request: invalid user sftpuser [preauth]
Jun 22 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: Failed password for invalid user sftpuser from 38.55.97.143 port 43840 ssh2
Jun 22 10:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: Connection closed by 38.55.97.143 port 43840 [preauth]
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19069]: pam_unix(cron:session): session closed for user root
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19064]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: Successful su for rubyman by root
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: + ??? root:rubyman
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570403 of user rubyman.
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570403.
Jun 22 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session closed for user root
Jun 22 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16275]: pam_unix(cron:session): session closed for user root
Jun 22 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18131]: pam_unix(cron:session): session closed for user root
Jun 22 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: Failed password for root from 38.55.97.143 port 41244 ssh2
Jun 22 10:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: Connection closed by 38.55.97.143 port 41244 [preauth]
Jun 22 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19771]: Failed password for root from 103.176.20.57 port 55170 ssh2
Jun 22 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19771]: Connection closed by 103.176.20.57 port 55170 [preauth]
Jun 22 10:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.10  user=root
Jun 22 10:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19774]: Failed password for root from 91.92.40.10 port 37962 ssh2
Jun 22 10:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19774]: Connection closed by 91.92.40.10 port 37962 [preauth]
Jun 22 10:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Failed password for root from 20.87.219.67 port 53000 ssh2
Jun 22 10:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Received disconnect from 20.87.219.67 port 53000:11: Bye Bye [preauth]
Jun 22 10:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Disconnected from 20.87.219.67 port 53000 [preauth]
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: Successful su for rubyman by root
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: + ??? root:rubyman
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570408 of user rubyman.
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570408.
Jun 22 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session closed for user root
Jun 22 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19800]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: Failed password for root from 38.55.97.143 port 39154 ssh2
Jun 22 10:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: Connection closed by 38.55.97.143 port 39154 [preauth]
Jun 22 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18642]: pam_unix(cron:session): session closed for user root
Jun 22 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: Invalid user 1234 from 38.55.97.143
Jun 22 10:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: input_userauth_request: invalid user 1234 [preauth]
Jun 22 10:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: Failed password for invalid user 1234 from 38.55.97.143 port 38168 ssh2
Jun 22 10:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: Connection closed by 38.55.97.143 port 38168 [preauth]
Jun 22 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20316]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20387]: Successful su for rubyman by root
Jun 22 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20387]: + ??? root:rubyman
Jun 22 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570412 of user rubyman.
Jun 22 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20387]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570412.
Jun 22 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session closed for user root
Jun 22 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20318]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Failed password for root from 38.55.97.143 port 35718 ssh2
Jun 22 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Connection closed by 38.55.97.143 port 35718 [preauth]
Jun 22 10:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19068]: pam_unix(cron:session): session closed for user root
Jun 22 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.10  user=root
Jun 22 10:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: Failed password for root from 91.92.40.10 port 42226 ssh2
Jun 22 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: Connection closed by 91.92.40.10 port 42226 [preauth]
Jun 22 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20890]: Successful su for rubyman by root
Jun 22 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20890]: + ??? root:rubyman
Jun 22 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570416 of user rubyman.
Jun 22 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20890]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570416.
Jun 22 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session closed for user root
Jun 22 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20875]: Failed password for root from 38.55.97.143 port 35706 ssh2
Jun 22 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20875]: Connection closed by 38.55.97.143 port 35706 [preauth]
Jun 22 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19802]: pam_unix(cron:session): session closed for user root
Jun 22 10:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 10:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: Failed password for root from 193.24.211.107 port 2064 ssh2
Jun 22 10:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: Received disconnect from 193.24.211.107 port 2064:11: Client disconnecting normally [preauth]
Jun 22 10:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: Disconnected from 193.24.211.107 port 2064 [preauth]
Jun 22 10:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21203]: Invalid user admin from 38.55.97.143
Jun 22 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21203]: input_userauth_request: invalid user admin [preauth]
Jun 22 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21203]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21203]: Failed password for invalid user admin from 38.55.97.143 port 34808 ssh2
Jun 22 10:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21203]: Connection closed by 38.55.97.143 port 34808 [preauth]
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21231]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21292]: Successful su for rubyman by root
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21292]: + ??? root:rubyman
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570420 of user rubyman.
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21292]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570420.
Jun 22 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18130]: pam_unix(cron:session): session closed for user root
Jun 22 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21232]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Invalid user ftpuser from 141.98.83.240
Jun 22 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Failed password for invalid user ftpuser from 141.98.83.240 port 56846 ssh2
Jun 22 10:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Failed password for invalid user ftpuser from 141.98.83.240 port 56846 ssh2
Jun 22 10:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Failed password for invalid user ftpuser from 141.98.83.240 port 56846 ssh2
Jun 22 10:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Connection closed by 141.98.83.240 port 56846 [preauth]
Jun 22 10:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 10:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Failed password for root from 38.55.97.143 port 43172 ssh2
Jun 22 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: Failed password for root from 103.27.238.114 port 37536 ssh2
Jun 22 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: Connection closed by 20.87.219.67 port 38848 [preauth]
Jun 22 10:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: Connection closed by 103.27.238.114 port 37536 [preauth]
Jun 22 10:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Connection closed by 38.55.97.143 port 43172 [preauth]
Jun 22 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20320]: pam_unix(cron:session): session closed for user root
Jun 22 10:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.10  user=root
Jun 22 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Failed password for root from 91.92.40.10 port 38458 ssh2
Jun 22 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Connection closed by 91.92.40.10 port 38458 [preauth]
Jun 22 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session closed for user root
Jun 22 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21678]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21750]: Successful su for rubyman by root
Jun 22 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21750]: + ??? root:rubyman
Jun 22 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570424 of user rubyman.
Jun 22 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21750]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570424.
Jun 22 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18641]: pam_unix(cron:session): session closed for user root
Jun 22 10:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21681]: pam_unix(cron:session): session closed for user root
Jun 22 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21680]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Failed password for root from 38.55.97.143 port 43472 ssh2
Jun 22 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Connection closed by 38.55.97.143 port 43472 [preauth]
Jun 22 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session closed for user root
Jun 22 10:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Failed password for root from 38.55.97.143 port 43200 ssh2
Jun 22 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Connection closed by 38.55.97.143 port 43200 [preauth]
Jun 22 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22114]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22187]: Successful su for rubyman by root
Jun 22 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22187]: + ??? root:rubyman
Jun 22 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570431 of user rubyman.
Jun 22 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22187]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570431.
Jun 22 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session closed for user root
Jun 22 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: Invalid user a from 38.55.97.143
Jun 22 10:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: input_userauth_request: invalid user a [preauth]
Jun 22 10:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: Failed password for invalid user a from 38.55.97.143 port 41642 ssh2
Jun 22 10:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: Connection closed by 38.55.97.143 port 41642 [preauth]
Jun 22 10:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.10  user=root
Jun 22 10:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22524]: Failed password for root from 91.92.40.10 port 34092 ssh2
Jun 22 10:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22524]: Connection closed by 91.92.40.10 port 34092 [preauth]
Jun 22 10:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21234]: pam_unix(cron:session): session closed for user root
Jun 22 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22673]: Successful su for rubyman by root
Jun 22 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22673]: + ??? root:rubyman
Jun 22 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570434 of user rubyman.
Jun 22 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22673]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570434.
Jun 22 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19801]: pam_unix(cron:session): session closed for user root
Jun 22 10:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22754]: Invalid user test123 from 38.55.97.143
Jun 22 10:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22754]: input_userauth_request: invalid user test123 [preauth]
Jun 22 10:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22754]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 10:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22754]: Failed password for invalid user test123 from 38.55.97.143 port 40264 ssh2
Jun 22 10:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22754]: Connection closed by 38.55.97.143 port 40264 [preauth]
Jun 22 10:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21683]: pam_unix(cron:session): session closed for user root
Jun 22 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: Received disconnect from 175.110.112.8 port 40790:11: disconnected by user [preauth]
Jun 22 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: Disconnected from 175.110.112.8 port 40790 [preauth]
Jun 22 10:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: Failed password for root from 38.55.97.143 port 40336 ssh2
Jun 22 10:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: Connection closed by 38.55.97.143 port 40336 [preauth]
Jun 22 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Invalid user ftpuser from 20.87.219.67
Jun 22 10:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 10:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 10:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 10:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Failed password for invalid user ftpuser from 20.87.219.67 port 44234 ssh2
Jun 22 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Received disconnect from 20.87.219.67 port 44234:11: Bye Bye [preauth]
Jun 22 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Disconnected from 20.87.219.67 port 44234 [preauth]
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23021]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23081]: Successful su for rubyman by root
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23081]: + ??? root:rubyman
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570438 of user rubyman.
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23081]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570438.
Jun 22 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20319]: pam_unix(cron:session): session closed for user root
Jun 22 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 10:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: Failed password for root from 87.251.79.125 port 60310 ssh2
Jun 22 10:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: Connection closed by 87.251.79.125 port 60310 [preauth]
Jun 22 10:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.10  user=root
Jun 22 10:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: Failed password for root from 91.92.40.10 port 36962 ssh2
Jun 22 10:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: Connection closed by 91.92.40.10 port 36962 [preauth]
Jun 22 10:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: Failed password for root from 38.55.97.143 port 38916 ssh2
Jun 22 10:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: Connection closed by 38.55.97.143 port 38916 [preauth]
Jun 22 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22117]: pam_unix(cron:session): session closed for user root
Jun 22 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session closed for user p13x
Jun 22 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23513]: Successful su for rubyman by root
Jun 22 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23513]: + ??? root:rubyman
Jun 22 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570442 of user rubyman.
Jun 22 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23513]: pam_unix(su:session): session closed for user rubyman
Jun 22 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570442.
Jun 22 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user root
Jun 22 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23449]: pam_unix(cron:session): session closed for user samftp
Jun 22 10:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: Failed password for root from 38.55.97.143 port 37710 ssh2
Jun 22 10:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: Connection closed by 38.55.97.143 port 37710 [preauth]
Jun 22 10:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22616]: pam_unix(cron:session): session closed for user root
Jun 22 10:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 10:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 10:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Failed password for root from 38.55.97.143 port 36422 ssh2
Jun 22 10:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Connection closed by 38.55.97.143 port 36422 [preauth]
Jun 22 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23970]: pam_unix(cron:session): session closed for user root
Jun 22 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session closed for user root
Jun 22 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23962]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24054]: Successful su for rubyman by root
Jun 22 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24054]: + ??? root:rubyman
Jun 22 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570451 of user rubyman.
Jun 22 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24054]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570451.
Jun 22 11:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session closed for user root
Jun 22 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21233]: pam_unix(cron:session): session closed for user root
Jun 22 11:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.10  user=root
Jun 22 11:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23963]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: Failed password for root from 91.92.40.10 port 46404 ssh2
Jun 22 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: Connection closed by 91.92.40.10 port 46404 [preauth]
Jun 22 11:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Failed password for root from 38.55.97.143 port 34988 ssh2
Jun 22 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Connection closed by 38.55.97.143 port 34988 [preauth]
Jun 22 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23024]: pam_unix(cron:session): session closed for user root
Jun 22 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24557]: Successful su for rubyman by root
Jun 22 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24557]: + ??? root:rubyman
Jun 22 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570454 of user rubyman.
Jun 22 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24557]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570454.
Jun 22 11:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21682]: pam_unix(cron:session): session closed for user root
Jun 22 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24718]: Failed password for root from 38.55.97.143 port 33398 ssh2
Jun 22 11:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24718]: Connection closed by 38.55.97.143 port 33398 [preauth]
Jun 22 11:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: Invalid user yuval from 20.87.219.67
Jun 22 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: input_userauth_request: invalid user yuval [preauth]
Jun 22 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: Failed password for invalid user yuval from 20.87.219.67 port 39564 ssh2
Jun 22 11:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: Received disconnect from 20.87.219.67 port 39564:11: Bye Bye [preauth]
Jun 22 11:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: Disconnected from 20.87.219.67 port 39564 [preauth]
Jun 22 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23451]: pam_unix(cron:session): session closed for user root
Jun 22 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: Failed password for root from 38.55.97.143 port 60576 ssh2
Jun 22 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: Connection closed by 38.55.97.143 port 60576 [preauth]
Jun 22 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24914]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24979]: Successful su for rubyman by root
Jun 22 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24979]: + ??? root:rubyman
Jun 22 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570457 of user rubyman.
Jun 22 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24979]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570457.
Jun 22 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22116]: pam_unix(cron:session): session closed for user root
Jun 22 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session closed for user root
Jun 22 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Failed password for root from 38.55.97.143 port 59472 ssh2
Jun 22 11:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Connection closed by 38.55.97.143 port 59472 [preauth]
Jun 22 11:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Failed password for root from 103.15.222.183 port 47054 ssh2
Jun 22 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Connection closed by 103.15.222.183 port 47054 [preauth]
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25322]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25382]: Successful su for rubyman by root
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25382]: + ??? root:rubyman
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570461 of user rubyman.
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25382]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570461.
Jun 22 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22615]: pam_unix(cron:session): session closed for user root
Jun 22 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25323]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25569]: Failed password for root from 38.55.97.143 port 57924 ssh2
Jun 22 11:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25569]: Connection closed by 38.55.97.143 port 57924 [preauth]
Jun 22 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 11:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: Failed password for root from 103.77.175.15 port 35460 ssh2
Jun 22 11:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: Connection closed by 103.77.175.15 port 35460 [preauth]
Jun 22 11:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24494]: pam_unix(cron:session): session closed for user root
Jun 22 11:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: Failed password for root from 38.55.97.143 port 57306 ssh2
Jun 22 11:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: Connection closed by 38.55.97.143 port 57306 [preauth]
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25783]: Successful su for rubyman by root
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25783]: + ??? root:rubyman
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570465 of user rubyman.
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25783]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570465.
Jun 22 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23023]: pam_unix(cron:session): session closed for user root
Jun 22 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25725]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: Failed password for root from 38.55.97.143 port 35412 ssh2
Jun 22 11:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: Connection closed by 38.55.97.143 port 35412 [preauth]
Jun 22 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24917]: pam_unix(cron:session): session closed for user root
Jun 22 11:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Invalid user arman from 20.87.219.67
Jun 22 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: input_userauth_request: invalid user arman [preauth]
Jun 22 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Failed password for invalid user arman from 20.87.219.67 port 48618 ssh2
Jun 22 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Received disconnect from 20.87.219.67 port 48618:11: Bye Bye [preauth]
Jun 22 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Disconnected from 20.87.219.67 port 48618 [preauth]
Jun 22 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session closed for user root
Jun 22 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26186]: Successful su for rubyman by root
Jun 22 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26186]: + ??? root:rubyman
Jun 22 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570472 of user rubyman.
Jun 22 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26186]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570472.
Jun 22 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session closed for user root
Jun 22 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23450]: pam_unix(cron:session): session closed for user root
Jun 22 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: Failed password for root from 38.55.97.143 port 36730 ssh2
Jun 22 11:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: Connection closed by 38.55.97.143 port 36730 [preauth]
Jun 22 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25325]: pam_unix(cron:session): session closed for user root
Jun 22 11:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: Invalid user git from 38.55.97.143
Jun 22 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: input_userauth_request: invalid user git [preauth]
Jun 22 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: Failed password for invalid user git from 38.55.97.143 port 37408 ssh2
Jun 22 11:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: Connection closed by 38.55.97.143 port 37408 [preauth]
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26544]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26618]: Successful su for rubyman by root
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26618]: + ??? root:rubyman
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570476 of user rubyman.
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26618]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570476.
Jun 22 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session closed for user root
Jun 22 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26545]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26937]: Invalid user admin from 38.55.97.143
Jun 22 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26937]: input_userauth_request: invalid user admin [preauth]
Jun 22 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26937]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25727]: pam_unix(cron:session): session closed for user root
Jun 22 11:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26937]: Failed password for invalid user admin from 38.55.97.143 port 36900 ssh2
Jun 22 11:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26937]: Connection closed by 38.55.97.143 port 36900 [preauth]
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27033]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27094]: Successful su for rubyman by root
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27094]: + ??? root:rubyman
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570480 of user rubyman.
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27094]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570480.
Jun 22 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24493]: pam_unix(cron:session): session closed for user root
Jun 22 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27034]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: Invalid user user from 38.55.97.143
Jun 22 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: input_userauth_request: invalid user user [preauth]
Jun 22 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: Failed password for invalid user user from 38.55.97.143 port 36090 ssh2
Jun 22 11:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: Connection closed by 38.55.97.143 port 36090 [preauth]
Jun 22 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session closed for user root
Jun 22 11:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27431]: Failed password for root from 38.55.97.143 port 35852 ssh2
Jun 22 11:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27431]: Connection closed by 38.55.97.143 port 35852 [preauth]
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27459]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27527]: Successful su for rubyman by root
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27527]: + ??? root:rubyman
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570483 of user rubyman.
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27527]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570483.
Jun 22 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24916]: pam_unix(cron:session): session closed for user root
Jun 22 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27460]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Failed password for root from 20.87.219.67 port 54006 ssh2
Jun 22 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Received disconnect from 20.87.219.67 port 54006:11: Bye Bye [preauth]
Jun 22 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Disconnected from 20.87.219.67 port 54006 [preauth]
Jun 22 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Failed password for root from 38.55.97.143 port 35616 ssh2
Jun 22 11:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Connection closed by 38.55.97.143 port 35616 [preauth]
Jun 22 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26547]: pam_unix(cron:session): session closed for user root
Jun 22 11:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Failed password for root from 103.122.221.179 port 34906 ssh2
Jun 22 11:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Connection closed by 103.122.221.179 port 34906 [preauth]
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: Successful su for rubyman by root
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: + ??? root:rubyman
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570487 of user rubyman.
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570487.
Jun 22 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session closed for user root
Jun 22 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25324]: pam_unix(cron:session): session closed for user root
Jun 22 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27875]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Failed password for root from 38.55.97.143 port 34538 ssh2
Jun 22 11:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Connection closed by 38.55.97.143 port 34538 [preauth]
Jun 22 11:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Received disconnect from 199.195.251.168 port 44778:11: disconnected by user [preauth]
Jun 22 11:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Disconnected from 199.195.251.168 port 44778 [preauth]
Jun 22 11:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27036]: pam_unix(cron:session): session closed for user root
Jun 22 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 11:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Failed password for root from 193.24.211.107 port 33436 ssh2
Jun 22 11:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Received disconnect from 193.24.211.107 port 33436:11: Client disconnecting normally [preauth]
Jun 22 11:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Disconnected from 193.24.211.107 port 33436 [preauth]
Jun 22 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: Failed password for root from 38.55.97.143 port 33942 ssh2
Jun 22 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: Connection closed by 38.55.97.143 port 33942 [preauth]
Jun 22 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28432]: pam_unix(cron:session): session closed for user root
Jun 22 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28427]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: Successful su for rubyman by root
Jun 22 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: + ??? root:rubyman
Jun 22 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570493 of user rubyman.
Jun 22 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570493.
Jun 22 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28429]: pam_unix(cron:session): session closed for user root
Jun 22 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25726]: pam_unix(cron:session): session closed for user root
Jun 22 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27462]: pam_unix(cron:session): session closed for user root
Jun 22 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28866]: Failed password for root from 38.55.97.143 port 60774 ssh2
Jun 22 11:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28866]: Connection closed by 38.55.97.143 port 60774 [preauth]
Jun 22 11:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28958]: Received disconnect from 103.149.26.43 port 46948:11: disconnected by user [preauth]
Jun 22 11:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28958]: Disconnected from 103.149.26.43 port 46948 [preauth]
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28970]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29044]: Successful su for rubyman by root
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29044]: + ??? root:rubyman
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570500 of user rubyman.
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29044]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570500.
Jun 22 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session closed for user root
Jun 22 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28972]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Failed password for root from 38.55.97.143 port 60020 ssh2
Jun 22 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Connection closed by 38.55.97.143 port 60020 [preauth]
Jun 22 11:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27878]: pam_unix(cron:session): session closed for user root
Jun 22 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: Invalid user system from 20.87.219.67
Jun 22 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: input_userauth_request: invalid user system [preauth]
Jun 22 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 11:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: Failed password for invalid user system from 20.87.219.67 port 43504 ssh2
Jun 22 11:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: Received disconnect from 20.87.219.67 port 43504:11: Bye Bye [preauth]
Jun 22 11:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: Disconnected from 20.87.219.67 port 43504 [preauth]
Jun 22 11:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29383]: Failed password for root from 38.55.97.143 port 51270 ssh2
Jun 22 11:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29383]: Connection closed by 38.55.97.143 port 51270 [preauth]
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29402]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29465]: Successful su for rubyman by root
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29465]: + ??? root:rubyman
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570502 of user rubyman.
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29465]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570502.
Jun 22 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26546]: pam_unix(cron:session): session closed for user root
Jun 22 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29403]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: Invalid user deployer from 38.55.97.143
Jun 22 11:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: input_userauth_request: invalid user deployer [preauth]
Jun 22 11:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: Failed password for invalid user deployer from 38.55.97.143 port 57216 ssh2
Jun 22 11:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: Connection closed by 38.55.97.143 port 57216 [preauth]
Jun 22 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28431]: pam_unix(cron:session): session closed for user root
Jun 22 11:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: Invalid user 1 from 38.55.97.143
Jun 22 11:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: input_userauth_request: invalid user 1 [preauth]
Jun 22 11:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 11:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: Failed password for invalid user 1 from 38.55.97.143 port 37814 ssh2
Jun 22 11:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: Connection closed by 38.55.97.143 port 37814 [preauth]
Jun 22 11:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Failed password for root from 103.27.238.116 port 59342 ssh2
Jun 22 11:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Connection closed by 103.27.238.116 port 59342 [preauth]
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29947]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30008]: Successful su for rubyman by root
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30008]: + ??? root:rubyman
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570506 of user rubyman.
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30008]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570506.
Jun 22 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27035]: pam_unix(cron:session): session closed for user root
Jun 22 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30273]: Invalid user test1 from 38.55.97.143
Jun 22 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30273]: input_userauth_request: invalid user test1 [preauth]
Jun 22 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30273]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30273]: Failed password for invalid user test1 from 38.55.97.143 port 42946 ssh2
Jun 22 11:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30273]: Connection closed by 38.55.97.143 port 42946 [preauth]
Jun 22 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28974]: pam_unix(cron:session): session closed for user root
Jun 22 11:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 11:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: Failed password for root from 103.82.132.16 port 42874 ssh2
Jun 22 11:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: Connection closed by 103.82.132.16 port 42874 [preauth]
Jun 22 11:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30371]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30428]: Successful su for rubyman by root
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30428]: + ??? root:rubyman
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570510 of user rubyman.
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30428]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570510.
Jun 22 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: Failed password for root from 38.55.97.143 port 54044 ssh2
Jun 22 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: Connection closed by 38.55.97.143 port 54044 [preauth]
Jun 22 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27461]: pam_unix(cron:session): session closed for user root
Jun 22 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30372]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29405]: pam_unix(cron:session): session closed for user root
Jun 22 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: Failed password for root from 38.55.97.143 port 39870 ssh2
Jun 22 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: Connection closed by 38.55.97.143 port 39870 [preauth]
Jun 22 11:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session closed for user root
Jun 22 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30781]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30855]: Successful su for rubyman by root
Jun 22 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30855]: + ??? root:rubyman
Jun 22 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570515 of user rubyman.
Jun 22 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30855]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570515.
Jun 22 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Failed password for root from 20.87.219.67 port 38750 ssh2
Jun 22 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Received disconnect from 20.87.219.67 port 38750:11: Bye Bye [preauth]
Jun 22 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Disconnected from 20.87.219.67 port 38750 [preauth]
Jun 22 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30783]: pam_unix(cron:session): session closed for user root
Jun 22 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27876]: pam_unix(cron:session): session closed for user root
Jun 22 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Failed password for root from 51.250.105.222 port 54562 ssh2
Jun 22 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Connection closed by 51.250.105.222 port 54562 [preauth]
Jun 22 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31164]: Failed password for root from 38.55.97.143 port 53004 ssh2
Jun 22 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31164]: Connection closed by 38.55.97.143 port 53004 [preauth]
Jun 22 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session closed for user root
Jun 22 11:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Failed password for root from 38.55.97.143 port 37538 ssh2
Jun 22 11:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Connection closed by 38.55.97.143 port 37538 [preauth]
Jun 22 11:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31287]: Received disconnect from 185.65.107.14 port 48594:11: disconnected by user [preauth]
Jun 22 11:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31287]: Disconnected from 185.65.107.14 port 48594 [preauth]
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: Successful su for rubyman by root
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: + ??? root:rubyman
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570521 of user rubyman.
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570521.
Jun 22 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28430]: pam_unix(cron:session): session closed for user root
Jun 22 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31701]: Failed password for root from 38.55.97.143 port 46544 ssh2
Jun 22 11:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31701]: Connection closed by 38.55.97.143 port 46544 [preauth]
Jun 22 11:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30374]: pam_unix(cron:session): session closed for user root
Jun 22 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: Failed password for root from 38.55.97.143 port 57648 ssh2
Jun 22 11:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: Connection closed by 38.55.97.143 port 57648 [preauth]
Jun 22 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session closed for user root
Jun 22 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31896]: Successful su for rubyman by root
Jun 22 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31896]: + ??? root:rubyman
Jun 22 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570526 of user rubyman.
Jun 22 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31896]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570526.
Jun 22 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28973]: pam_unix(cron:session): session closed for user root
Jun 22 11:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31837]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: Failed password for root from 38.55.97.143 port 42842 ssh2
Jun 22 11:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: Connection closed by 38.55.97.143 port 42842 [preauth]
Jun 22 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30785]: pam_unix(cron:session): session closed for user root
Jun 22 11:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 22 11:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.245.93
Jun 22 11:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32257]: Failed password for root from 38.55.97.143 port 44260 ssh2
Jun 22 11:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32257]: Connection closed by 38.55.97.143 port 44260 [preauth]
Jun 22 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32276]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32333]: Successful su for rubyman by root
Jun 22 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32333]: + ??? root:rubyman
Jun 22 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570529 of user rubyman.
Jun 22 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32333]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570529.
Jun 22 11:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session closed for user root
Jun 22 11:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32277]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: Failed password for root from 38.55.97.143 port 53528 ssh2
Jun 22 11:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: Connection closed by 38.55.97.143 port 53528 [preauth]
Jun 22 11:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Connection closed by 20.87.219.67 port 50622 [preauth]
Jun 22 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31318]: pam_unix(cron:session): session closed for user root
Jun 22 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: Invalid user alex from 38.55.97.143
Jun 22 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: input_userauth_request: invalid user alex [preauth]
Jun 22 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32691]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: Failed password for invalid user alex from 38.55.97.143 port 35600 ssh2
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: Successful su for rubyman by root
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: + ??? root:rubyman
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570534 of user rubyman.
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570534.
Jun 22 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: Connection closed by 38.55.97.143 port 35600 [preauth]
Jun 22 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session closed for user root
Jun 22 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32692]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: Invalid user sammy from 38.55.97.143
Jun 22 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: input_userauth_request: invalid user sammy [preauth]
Jun 22 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31839]: pam_unix(cron:session): session closed for user root
Jun 22 11:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: Failed password for invalid user sammy from 38.55.97.143 port 36994 ssh2
Jun 22 11:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: Connection closed by 38.55.97.143 port 36994 [preauth]
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session closed for user root
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[791]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[867]: Successful su for rubyman by root
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[867]: + ??? root:rubyman
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570537 of user rubyman.
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[867]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570537.
Jun 22 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30373]: pam_unix(cron:session): session closed for user root
Jun 22 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[793]: pam_unix(cron:session): session closed for user root
Jun 22 11:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[792]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Failed password for root from 38.55.97.143 port 43592 ssh2
Jun 22 11:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Connection closed by 38.55.97.143 port 43592 [preauth]
Jun 22 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32279]: pam_unix(cron:session): session closed for user root
Jun 22 11:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: Failed password for root from 38.55.97.143 port 50532 ssh2
Jun 22 11:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: Connection closed by 38.55.97.143 port 50532 [preauth]
Jun 22 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1281]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1362]: Successful su for rubyman by root
Jun 22 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1362]: + ??? root:rubyman
Jun 22 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570544 of user rubyman.
Jun 22 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1362]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570544.
Jun 22 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30784]: pam_unix(cron:session): session closed for user root
Jun 22 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1282]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Failed password for root from 38.55.97.143 port 33084 ssh2
Jun 22 11:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Connection closed by 38.55.97.143 port 33084 [preauth]
Jun 22 11:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32695]: pam_unix(cron:session): session closed for user root
Jun 22 11:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Invalid user postgres from 38.55.97.143
Jun 22 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: input_userauth_request: invalid user postgres [preauth]
Jun 22 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Failed password for invalid user postgres from 38.55.97.143 port 40028 ssh2
Jun 22 11:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Connection closed by 38.55.97.143 port 40028 [preauth]
Jun 22 11:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: Invalid user vpn from 20.87.219.67
Jun 22 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: input_userauth_request: invalid user vpn [preauth]
Jun 22 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 11:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: Failed password for invalid user vpn from 20.87.219.67 port 39776 ssh2
Jun 22 11:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: Received disconnect from 20.87.219.67 port 39776:11: Bye Bye [preauth]
Jun 22 11:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: Disconnected from 20.87.219.67 port 39776 [preauth]
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1837]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1913]: Successful su for rubyman by root
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1913]: + ??? root:rubyman
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570547 of user rubyman.
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1913]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570547.
Jun 22 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31317]: pam_unix(cron:session): session closed for user root
Jun 22 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1838]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 11:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: Failed password for root from 38.93.206.2 port 4910 ssh2
Jun 22 11:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: Connection closed by 38.93.206.2 port 4910 [preauth]
Jun 22 11:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: User mysql from 38.55.97.143 not allowed because not listed in AllowUsers
Jun 22 11:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: input_userauth_request: invalid user mysql [preauth]
Jun 22 11:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=mysql
Jun 22 11:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Failed password for invalid user mysql from 38.55.97.143 port 49050 ssh2
Jun 22 11:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Connection closed by 38.55.97.143 port 49050 [preauth]
Jun 22 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session closed for user root
Jun 22 11:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: Invalid user mc from 38.55.97.143
Jun 22 11:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: input_userauth_request: invalid user mc [preauth]
Jun 22 11:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: Failed password for invalid user mc from 38.55.97.143 port 59084 ssh2
Jun 22 11:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: Connection closed by 38.55.97.143 port 59084 [preauth]
Jun 22 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2337]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2395]: Successful su for rubyman by root
Jun 22 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2395]: + ??? root:rubyman
Jun 22 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570552 of user rubyman.
Jun 22 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2395]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570552.
Jun 22 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31838]: pam_unix(cron:session): session closed for user root
Jun 22 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: Invalid user tester from 38.55.97.143
Jun 22 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: input_userauth_request: invalid user tester [preauth]
Jun 22 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: Failed password for invalid user tester from 38.55.97.143 port 42754 ssh2
Jun 22 11:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: Connection closed by 38.55.97.143 port 42754 [preauth]
Jun 22 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1284]: pam_unix(cron:session): session closed for user root
Jun 22 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: Received disconnect from 185.28.37.194 port 39698:11: disconnected by user [preauth]
Jun 22 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: Disconnected from 185.28.37.194 port 39698 [preauth]
Jun 22 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: Invalid user temp from 38.55.97.143
Jun 22 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: input_userauth_request: invalid user temp [preauth]
Jun 22 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: Failed password for invalid user temp from 38.55.97.143 port 50524 ssh2
Jun 22 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: Connection closed by 38.55.97.143 port 50524 [preauth]
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2759]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: Successful su for rubyman by root
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: + ??? root:rubyman
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570555 of user rubyman.
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570555.
Jun 22 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32278]: pam_unix(cron:session): session closed for user root
Jun 22 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2760]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1840]: pam_unix(cron:session): session closed for user root
Jun 22 11:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Failed password for root from 38.55.97.143 port 37200 ssh2
Jun 22 11:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Connection closed by 38.55.97.143 port 37200 [preauth]
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3153]: pam_unix(cron:session): session closed for user root
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3148]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3216]: Successful su for rubyman by root
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3216]: + ??? root:rubyman
Jun 22 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570560 of user rubyman.
Jun 22 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3216]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570560.
Jun 22 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3150]: pam_unix(cron:session): session closed for user root
Jun 22 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32693]: pam_unix(cron:session): session closed for user root
Jun 22 11:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3149]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Failed password for root from 38.55.97.143 port 46084 ssh2
Jun 22 11:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Connection closed by 38.55.97.143 port 46084 [preauth]
Jun 22 11:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Invalid user server from 20.87.219.67
Jun 22 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: input_userauth_request: invalid user server [preauth]
Jun 22 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 11:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Failed password for invalid user server from 20.87.219.67 port 45320 ssh2
Jun 22 11:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Received disconnect from 20.87.219.67 port 45320:11: Bye Bye [preauth]
Jun 22 11:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Disconnected from 20.87.219.67 port 45320 [preauth]
Jun 22 11:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session closed for user root
Jun 22 11:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: Failed password for root from 193.24.211.107 port 36413 ssh2
Jun 22 11:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: Received disconnect from 193.24.211.107 port 36413:11: Client disconnecting normally [preauth]
Jun 22 11:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: Disconnected from 193.24.211.107 port 36413 [preauth]
Jun 22 11:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Failed password for root from 38.55.97.143 port 59756 ssh2
Jun 22 11:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Connection closed by 38.55.97.143 port 59756 [preauth]
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: Successful su for rubyman by root
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: + ??? root:rubyman
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570565 of user rubyman.
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570565.
Jun 22 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[794]: pam_unix(cron:session): session closed for user root
Jun 22 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3584]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: Failed password for root from 38.55.97.143 port 38126 ssh2
Jun 22 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: Connection closed by 38.55.97.143 port 38126 [preauth]
Jun 22 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2762]: pam_unix(cron:session): session closed for user root
Jun 22 11:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: Failed password for root from 38.55.97.143 port 51516 ssh2
Jun 22 11:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: Connection closed by 38.55.97.143 port 51516 [preauth]
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4195]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: Successful su for rubyman by root
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: + ??? root:rubyman
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570569 of user rubyman.
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570569.
Jun 22 11:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session closed for user root
Jun 22 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4196]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Failed password for root from 38.55.97.143 port 38100 ssh2
Jun 22 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Connection closed by 38.55.97.143 port 38100 [preauth]
Jun 22 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3152]: pam_unix(cron:session): session closed for user root
Jun 22 11:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Invalid user admin from 141.98.83.240
Jun 22 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: input_userauth_request: invalid user admin [preauth]
Jun 22 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Failed password for invalid user admin from 141.98.83.240 port 22972 ssh2
Jun 22 11:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: Failed password for root from 38.55.97.143 port 46682 ssh2
Jun 22 11:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: Connection closed by 38.55.97.143 port 46682 [preauth]
Jun 22 11:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Failed password for invalid user admin from 141.98.83.240 port 22972 ssh2
Jun 22 11:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Failed password for invalid user admin from 141.98.83.240 port 22972 ssh2
Jun 22 11:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Connection closed by 141.98.83.240 port 22972 [preauth]
Jun 22 11:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: Successful su for rubyman by root
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: + ??? root:rubyman
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570573 of user rubyman.
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570573.
Jun 22 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1839]: pam_unix(cron:session): session closed for user root
Jun 22 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 22 11:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: Failed password for root from 89.223.69.22 port 41038 ssh2
Jun 22 11:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: Connection closed by 89.223.69.22 port 41038 [preauth]
Jun 22 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 11:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: Failed password for root from 77.94.47.83 port 43740 ssh2
Jun 22 11:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: Connection closed by 77.94.47.83 port 43740 [preauth]
Jun 22 11:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Failed password for root from 38.55.97.143 port 59824 ssh2
Jun 22 11:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Connection closed by 38.55.97.143 port 59824 [preauth]
Jun 22 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3586]: pam_unix(cron:session): session closed for user root
Jun 22 11:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Connection closed by 20.87.219.67 port 41302 [preauth]
Jun 22 11:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5119]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5183]: Successful su for rubyman by root
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5183]: + ??? root:rubyman
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570577 of user rubyman.
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5183]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570577.
Jun 22 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: Failed password for root from 38.55.97.143 port 43572 ssh2
Jun 22 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: Connection closed by 38.55.97.143 port 43572 [preauth]
Jun 22 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2339]: pam_unix(cron:session): session closed for user root
Jun 22 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5120]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4198]: pam_unix(cron:session): session closed for user root
Jun 22 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: Failed password for root from 38.55.97.143 port 52588 ssh2
Jun 22 11:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: Connection closed by 38.55.97.143 port 52588 [preauth]
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5542]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5540]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5541]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5542]: pam_unix(cron:session): session closed for user root
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5537]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5606]: Successful su for rubyman by root
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5606]: + ??? root:rubyman
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570583 of user rubyman.
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5606]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570583.
Jun 22 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5539]: pam_unix(cron:session): session closed for user root
Jun 22 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2761]: pam_unix(cron:session): session closed for user root
Jun 22 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5538]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: Failed password for root from 38.55.97.143 port 60990 ssh2
Jun 22 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: Connection closed by 38.55.97.143 port 60990 [preauth]
Jun 22 11:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session closed for user root
Jun 22 11:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Invalid user deploy from 38.55.97.143
Jun 22 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: input_userauth_request: invalid user deploy [preauth]
Jun 22 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Failed password for invalid user deploy from 38.55.97.143 port 38484 ssh2
Jun 22 11:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Connection closed by 38.55.97.143 port 38484 [preauth]
Jun 22 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5961]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6027]: Successful su for rubyman by root
Jun 22 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6027]: + ??? root:rubyman
Jun 22 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570587 of user rubyman.
Jun 22 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6027]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570587.
Jun 22 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3151]: pam_unix(cron:session): session closed for user root
Jun 22 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Failed password for root from 38.55.97.143 port 46320 ssh2
Jun 22 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Connection closed by 38.55.97.143 port 46320 [preauth]
Jun 22 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: Connection closed by 194.59.206.2 port 43546 [preauth]
Jun 22 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5122]: pam_unix(cron:session): session closed for user root
Jun 22 11:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 11:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Failed password for root from 193.37.70.224 port 57754 ssh2
Jun 22 11:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Connection closed by 193.37.70.224 port 57754 [preauth]
Jun 22 11:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: Failed password for root from 38.55.97.143 port 55648 ssh2
Jun 22 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: Connection closed by 38.55.97.143 port 55648 [preauth]
Jun 22 11:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 22 11:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Failed password for root from 147.45.211.215 port 51736 ssh2
Jun 22 11:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Connection closed by 147.45.211.215 port 51736 [preauth]
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6370]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6429]: Successful su for rubyman by root
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6429]: + ??? root:rubyman
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570593 of user rubyman.
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6429]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570593.
Jun 22 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3585]: pam_unix(cron:session): session closed for user root
Jun 22 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Invalid user ftpuser from 20.87.219.67
Jun 22 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6371]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Failed password for invalid user ftpuser from 20.87.219.67 port 53548 ssh2
Jun 22 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Received disconnect from 20.87.219.67 port 53548:11: Bye Bye [preauth]
Jun 22 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Disconnected from 20.87.219.67 port 53548 [preauth]
Jun 22 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Failed password for root from 38.55.97.143 port 57936 ssh2
Jun 22 11:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Connection closed by 38.55.97.143 port 57936 [preauth]
Jun 22 11:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5541]: pam_unix(cron:session): session closed for user root
Jun 22 11:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: Received disconnect from 192.3.206.66 port 49038:11: disconnected by user [preauth]
Jun 22 11:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: Disconnected from 192.3.206.66 port 49038 [preauth]
Jun 22 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: Failed password for root from 38.55.97.143 port 42366 ssh2
Jun 22 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: Connection closed by 38.55.97.143 port 42366 [preauth]
Jun 22 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6791]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: Successful su for rubyman by root
Jun 22 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: + ??? root:rubyman
Jun 22 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570596 of user rubyman.
Jun 22 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570596.
Jun 22 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4197]: pam_unix(cron:session): session closed for user root
Jun 22 11:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: Failed password for root from 38.55.97.143 port 52900 ssh2
Jun 22 11:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: Connection closed by 38.55.97.143 port 52900 [preauth]
Jun 22 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session closed for user root
Jun 22 11:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: Failed password for root from 38.55.97.143 port 55782 ssh2
Jun 22 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: Connection closed by 38.55.97.143 port 55782 [preauth]
Jun 22 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7284]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7347]: Successful su for rubyman by root
Jun 22 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7347]: + ??? root:rubyman
Jun 22 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570601 of user rubyman.
Jun 22 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7347]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570601.
Jun 22 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session closed for user root
Jun 22 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7285]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6373]: pam_unix(cron:session): session closed for user root
Jun 22 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: Failed password for root from 38.55.97.143 port 39320 ssh2
Jun 22 11:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: Connection closed by 38.55.97.143 port 39320 [preauth]
Jun 22 11:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Invalid user admin from 2.57.121.25
Jun 22 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: input_userauth_request: invalid user admin [preauth]
Jun 22 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7788]: pam_unix(cron:session): session closed for user root
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7783]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7848]: Successful su for rubyman by root
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7848]: + ??? root:rubyman
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570605 of user rubyman.
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7848]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570605.
Jun 22 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Failed password for invalid user admin from 2.57.121.25 port 39130 ssh2
Jun 22 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5121]: pam_unix(cron:session): session closed for user root
Jun 22 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7785]: pam_unix(cron:session): session closed for user root
Jun 22 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Failed password for invalid user admin from 2.57.121.25 port 39130 ssh2
Jun 22 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7784]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Failed password for invalid user admin from 2.57.121.25 port 39130 ssh2
Jun 22 11:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Connection closed by 2.57.121.25 port 39130 [preauth]
Jun 22 11:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 11:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: Failed password for root from 38.55.97.143 port 59186 ssh2
Jun 22 11:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: Connection closed by 38.55.97.143 port 59186 [preauth]
Jun 22 11:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Invalid user aman from 20.87.219.67
Jun 22 11:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: input_userauth_request: invalid user aman [preauth]
Jun 22 11:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6794]: pam_unix(cron:session): session closed for user root
Jun 22 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Failed password for invalid user aman from 20.87.219.67 port 45036 ssh2
Jun 22 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Received disconnect from 20.87.219.67 port 45036:11: Bye Bye [preauth]
Jun 22 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Disconnected from 20.87.219.67 port 45036 [preauth]
Jun 22 11:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Invalid user odoo from 38.55.97.143
Jun 22 11:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: input_userauth_request: invalid user odoo [preauth]
Jun 22 11:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Failed password for invalid user odoo from 38.55.97.143 port 45130 ssh2
Jun 22 11:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Connection closed by 38.55.97.143 port 45130 [preauth]
Jun 22 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8205]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8275]: Successful su for rubyman by root
Jun 22 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8275]: + ??? root:rubyman
Jun 22 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570609 of user rubyman.
Jun 22 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8275]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570609.
Jun 22 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 22 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5540]: pam_unix(cron:session): session closed for user root
Jun 22 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: Failed password for root from 176.32.39.21 port 35914 ssh2
Jun 22 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8206]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: Connection closed by 176.32.39.21 port 35914 [preauth]
Jun 22 11:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Invalid user server from 38.55.97.143
Jun 22 11:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: input_userauth_request: invalid user server [preauth]
Jun 22 11:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Failed password for invalid user server from 38.55.97.143 port 56702 ssh2
Jun 22 11:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Connection closed by 38.55.97.143 port 56702 [preauth]
Jun 22 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7287]: pam_unix(cron:session): session closed for user root
Jun 22 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: Invalid user wpuser from 185.40.30.168
Jun 22 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: input_userauth_request: invalid user wpuser [preauth]
Jun 22 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: Failed password for invalid user wpuser from 185.40.30.168 port 60424 ssh2
Jun 22 11:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: Received disconnect from 185.40.30.168 port 60424:11: Bye Bye [preauth]
Jun 22 11:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: Disconnected from 185.40.30.168 port 60424 [preauth]
Jun 22 11:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 11:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8570]: Failed password for root from 109.237.96.109 port 45802 ssh2
Jun 22 11:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8570]: Connection closed by 109.237.96.109 port 45802 [preauth]
Jun 22 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Failed password for root from 38.55.97.143 port 36034 ssh2
Jun 22 11:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Connection closed by 38.55.97.143 port 36034 [preauth]
Jun 22 11:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 11:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Failed password for root from 103.77.242.62 port 59588 ssh2
Jun 22 11:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Connection closed by 103.77.242.62 port 59588 [preauth]
Jun 22 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8622]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8621]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8681]: Successful su for rubyman by root
Jun 22 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8681]: + ??? root:rubyman
Jun 22 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570613 of user rubyman.
Jun 22 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8681]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570613.
Jun 22 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session closed for user root
Jun 22 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8622]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Failed password for root from 38.55.97.143 port 47554 ssh2
Jun 22 11:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Connection closed by 38.55.97.143 port 47554 [preauth]
Jun 22 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7787]: pam_unix(cron:session): session closed for user root
Jun 22 11:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: Failed password for root from 38.55.97.143 port 53566 ssh2
Jun 22 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: Connection closed by 38.55.97.143 port 53566 [preauth]
Jun 22 11:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: Connection closed by 66.132.172.222 port 50790 [preauth]
Jun 22 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9084]: Successful su for rubyman by root
Jun 22 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9084]: + ??? root:rubyman
Jun 22 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570617 of user rubyman.
Jun 22 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9084]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570617.
Jun 22 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6372]: pam_unix(cron:session): session closed for user root
Jun 22 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 11:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: Failed password for root from 38.55.97.143 port 37116 ssh2
Jun 22 11:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: Connection closed by 38.55.97.143 port 37116 [preauth]
Jun 22 11:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Failed password for root from 194.113.233.25 port 41502 ssh2
Jun 22 11:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Connection closed by 194.113.233.25 port 41502 [preauth]
Jun 22 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8208]: pam_unix(cron:session): session closed for user root
Jun 22 11:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 11:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: Failed password for root from 20.87.219.67 port 45530 ssh2
Jun 22 11:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9414]: Invalid user kafka from 38.55.97.143
Jun 22 11:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9414]: input_userauth_request: invalid user kafka [preauth]
Jun 22 11:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9414]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: Received disconnect from 20.87.219.67 port 45530:11: Bye Bye [preauth]
Jun 22 11:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: Disconnected from 20.87.219.67 port 45530 [preauth]
Jun 22 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9418]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9526]: Successful su for rubyman by root
Jun 22 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9526]: + ??? root:rubyman
Jun 22 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570622 of user rubyman.
Jun 22 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9526]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570622.
Jun 22 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9414]: Failed password for invalid user kafka from 38.55.97.143 port 50664 ssh2
Jun 22 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9416]: pam_unix(cron:session): session closed for user root
Jun 22 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9414]: Connection closed by 38.55.97.143 port 50664 [preauth]
Jun 22 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6793]: pam_unix(cron:session): session closed for user root
Jun 22 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9419]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8624]: pam_unix(cron:session): session closed for user root
Jun 22 11:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Invalid user phil from 185.40.30.168
Jun 22 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: input_userauth_request: invalid user phil [preauth]
Jun 22 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Failed password for invalid user phil from 185.40.30.168 port 33412 ssh2
Jun 22 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Received disconnect from 185.40.30.168 port 33412:11: Bye Bye [preauth]
Jun 22 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Disconnected from 185.40.30.168 port 33412 [preauth]
Jun 22 11:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: Invalid user git from 38.55.97.143
Jun 22 11:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: input_userauth_request: invalid user git [preauth]
Jun 22 11:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: Failed password for invalid user git from 38.55.97.143 port 58216 ssh2
Jun 22 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: Connection closed by 38.55.97.143 port 58216 [preauth]
Jun 22 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10085]: pam_unix(cron:session): session closed for user root
Jun 22 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10080]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10152]: Successful su for rubyman by root
Jun 22 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10152]: + ??? root:rubyman
Jun 22 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570631 of user rubyman.
Jun 22 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10152]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570631.
Jun 22 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10082]: pam_unix(cron:session): session closed for user root
Jun 22 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7286]: pam_unix(cron:session): session closed for user root
Jun 22 11:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10081]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: Invalid user dolphinscheduler from 38.55.97.143
Jun 22 11:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 22 11:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: Failed password for invalid user dolphinscheduler from 38.55.97.143 port 51422 ssh2
Jun 22 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: Connection closed by 38.55.97.143 port 51422 [preauth]
Jun 22 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session closed for user root
Jun 22 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Invalid user docker from 38.55.97.143
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: input_userauth_request: invalid user docker [preauth]
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10609]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10683]: Successful su for rubyman by root
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10683]: + ??? root:rubyman
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570633 of user rubyman.
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10683]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570633.
Jun 22 11:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Failed password for invalid user docker from 38.55.97.143 port 59512 ssh2
Jun 22 11:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Connection closed by 38.55.97.143 port 59512 [preauth]
Jun 22 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7786]: pam_unix(cron:session): session closed for user root
Jun 22 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 11:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Failed password for root from 193.24.211.107 port 19887 ssh2
Jun 22 11:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Received disconnect from 193.24.211.107 port 19887:11: Client disconnecting normally [preauth]
Jun 22 11:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Disconnected from 193.24.211.107 port 19887 [preauth]
Jun 22 11:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: Invalid user code87 from 185.40.30.168
Jun 22 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: input_userauth_request: invalid user code87 [preauth]
Jun 22 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session closed for user root
Jun 22 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: Invalid user test from 38.55.97.143
Jun 22 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: input_userauth_request: invalid user test [preauth]
Jun 22 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: Failed password for invalid user code87 from 185.40.30.168 port 37962 ssh2
Jun 22 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: Received disconnect from 185.40.30.168 port 37962:11: Bye Bye [preauth]
Jun 22 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: Disconnected from 185.40.30.168 port 37962 [preauth]
Jun 22 11:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: Failed password for invalid user test from 38.55.97.143 port 41616 ssh2
Jun 22 11:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: Connection closed by 38.55.97.143 port 41616 [preauth]
Jun 22 11:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Invalid user lee from 5.164.6.184
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: input_userauth_request: invalid user lee [preauth]
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11108]: Successful su for rubyman by root
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11108]: + ??? root:rubyman
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570637 of user rubyman.
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11108]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570637.
Jun 22 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Failed password for invalid user lee from 5.164.6.184 port 38242 ssh2
Jun 22 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Received disconnect from 5.164.6.184 port 38242:11: Bye Bye [preauth]
Jun 22 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Disconnected from 5.164.6.184 port 38242 [preauth]
Jun 22 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8207]: pam_unix(cron:session): session closed for user root
Jun 22 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11042]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: Failed password for root from 38.55.97.143 port 50580 ssh2
Jun 22 11:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: Connection closed by 38.55.97.143 port 50580 [preauth]
Jun 22 11:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Invalid user station from 20.87.219.67
Jun 22 11:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: input_userauth_request: invalid user station [preauth]
Jun 22 11:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Failed password for invalid user station from 20.87.219.67 port 48206 ssh2
Jun 22 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Received disconnect from 20.87.219.67 port 48206:11: Bye Bye [preauth]
Jun 22 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Disconnected from 20.87.219.67 port 48206 [preauth]
Jun 22 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10084]: pam_unix(cron:session): session closed for user root
Jun 22 11:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: Failed password for root from 38.55.97.143 port 35366 ssh2
Jun 22 11:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: Connection closed by 38.55.97.143 port 35366 [preauth]
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11464]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: Successful su for rubyman by root
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: + ??? root:rubyman
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570642 of user rubyman.
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570642.
Jun 22 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8623]: pam_unix(cron:session): session closed for user root
Jun 22 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11465]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: Failed password for root from 38.55.97.143 port 45796 ssh2
Jun 22 11:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: Connection closed by 38.55.97.143 port 45796 [preauth]
Jun 22 11:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168  user=root
Jun 22 11:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: Failed password for root from 185.40.30.168 port 56070 ssh2
Jun 22 11:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: Received disconnect from 185.40.30.168 port 56070:11: Bye Bye [preauth]
Jun 22 11:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: Disconnected from 185.40.30.168 port 56070 [preauth]
Jun 22 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10612]: pam_unix(cron:session): session closed for user root
Jun 22 11:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: Failed password for root from 38.55.97.143 port 58816 ssh2
Jun 22 11:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: Connection closed by 38.55.97.143 port 58816 [preauth]
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12000]: Successful su for rubyman by root
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12000]: + ??? root:rubyman
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570645 of user rubyman.
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12000]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570645.
Jun 22 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session closed for user root
Jun 22 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 22 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: Failed password for root from 193.46.255.86 port 57238 ssh2
Jun 22 11:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Failed password for root from 38.55.97.143 port 40254 ssh2
Jun 22 11:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Connection closed by 38.55.97.143 port 40254 [preauth]
Jun 22 11:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: Failed password for root from 193.46.255.86 port 57238 ssh2
Jun 22 11:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: Failed password for root from 193.46.255.86 port 57238 ssh2
Jun 22 11:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: Connection closed by 193.46.255.86 port 57238 [preauth]
Jun 22 11:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 22 11:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11046]: pam_unix(cron:session): session closed for user root
Jun 22 11:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Did not receive identification string from 185.87.48.144
Jun 22 11:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.87.48.144  user=root
Jun 22 11:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Failed password for root from 185.87.48.144 port 44418 ssh2
Jun 22 11:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Connection closed by 185.87.48.144 port 44418 [preauth]
Jun 22 11:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.87.48.144  user=root
Jun 22 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Failed password for root from 185.87.48.144 port 44428 ssh2
Jun 22 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Connection closed by 185.87.48.144 port 44428 [preauth]
Jun 22 11:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Invalid user book from 185.40.30.168
Jun 22 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: input_userauth_request: invalid user book [preauth]
Jun 22 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Failed password for invalid user book from 185.40.30.168 port 51450 ssh2
Jun 22 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Received disconnect from 185.40.30.168 port 51450:11: Bye Bye [preauth]
Jun 22 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Disconnected from 185.40.30.168 port 51450 [preauth]
Jun 22 11:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Failed password for root from 38.55.97.143 port 57602 ssh2
Jun 22 11:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Connection closed by 38.55.97.143 port 57602 [preauth]
Jun 22 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session closed for user root
Jun 22 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12467]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12534]: Successful su for rubyman by root
Jun 22 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12534]: + ??? root:rubyman
Jun 22 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570651 of user rubyman.
Jun 22 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12534]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570651.
Jun 22 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session closed for user root
Jun 22 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12469]: pam_unix(cron:session): session closed for user root
Jun 22 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12468]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Failed password for root from 38.55.97.143 port 37944 ssh2
Jun 22 11:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Connection closed by 38.55.97.143 port 37944 [preauth]
Jun 22 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session closed for user root
Jun 22 11:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 11:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Failed password for root from 20.87.219.67 port 37608 ssh2
Jun 22 11:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Received disconnect from 20.87.219.67 port 37608:11: Bye Bye [preauth]
Jun 22 11:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Disconnected from 20.87.219.67 port 37608 [preauth]
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12980]: Successful su for rubyman by root
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12980]: + ??? root:rubyman
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570654 of user rubyman.
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12980]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570654.
Jun 22 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Failed password for root from 38.55.97.143 port 49376 ssh2
Jun 22 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Connection closed by 38.55.97.143 port 49376 [preauth]
Jun 22 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10083]: pam_unix(cron:session): session closed for user root
Jun 22 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Invalid user ubuntu from 5.164.6.184
Jun 22 11:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 11:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 11:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Failed password for invalid user ubuntu from 5.164.6.184 port 40268 ssh2
Jun 22 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Received disconnect from 5.164.6.184 port 40268:11: Bye Bye [preauth]
Jun 22 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Disconnected from 5.164.6.184 port 40268 [preauth]
Jun 22 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: Failed password for root from 103.153.68.219 port 44310 ssh2
Jun 22 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: Connection closed by 103.153.68.219 port 44310 [preauth]
Jun 22 11:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: Invalid user salih from 185.40.30.168
Jun 22 11:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: input_userauth_request: invalid user salih [preauth]
Jun 22 11:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 11:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: Failed password for invalid user salih from 185.40.30.168 port 33404 ssh2
Jun 22 11:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: Received disconnect from 185.40.30.168 port 33404:11: Bye Bye [preauth]
Jun 22 11:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13220]: Disconnected from 185.40.30.168 port 33404 [preauth]
Jun 22 11:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11917]: pam_unix(cron:session): session closed for user root
Jun 22 11:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13275]: Failed password for root from 38.55.97.143 port 55982 ssh2
Jun 22 11:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13275]: Connection closed by 38.55.97.143 port 55982 [preauth]
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13344]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13407]: Successful su for rubyman by root
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13407]: + ??? root:rubyman
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570658 of user rubyman.
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13407]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570658.
Jun 22 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session closed for user root
Jun 22 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13345]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for root from 38.55.97.143 port 37332 ssh2
Jun 22 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Connection closed by 38.55.97.143 port 37332 [preauth]
Jun 22 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session closed for user root
Jun 22 11:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13684]: Received disconnect from 91.208.197.64 port 38094:11: disconnected by user [preauth]
Jun 22 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13684]: Disconnected from 91.208.197.64 port 38094 [preauth]
Jun 22 11:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: Invalid user prueba from 38.55.97.143
Jun 22 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: input_userauth_request: invalid user prueba [preauth]
Jun 22 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: Failed password for invalid user prueba from 38.55.97.143 port 48108 ssh2
Jun 22 11:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: Connection closed by 38.55.97.143 port 48108 [preauth]
Jun 22 11:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168  user=root
Jun 22 11:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: Failed password for root from 185.40.30.168 port 36868 ssh2
Jun 22 11:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: Received disconnect from 185.40.30.168 port 36868:11: Bye Bye [preauth]
Jun 22 11:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: Disconnected from 185.40.30.168 port 36868 [preauth]
Jun 22 11:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13741]: Invalid user remoteuser from 5.164.6.184
Jun 22 11:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13741]: input_userauth_request: invalid user remoteuser [preauth]
Jun 22 11:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13741]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 11:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13741]: Failed password for invalid user remoteuser from 5.164.6.184 port 49558 ssh2
Jun 22 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13741]: Received disconnect from 5.164.6.184 port 49558:11: Bye Bye [preauth]
Jun 22 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13741]: Disconnected from 5.164.6.184 port 49558 [preauth]
Jun 22 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13815]: Successful su for rubyman by root
Jun 22 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13815]: + ??? root:rubyman
Jun 22 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570663 of user rubyman.
Jun 22 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13815]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570663.
Jun 22 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session closed for user root
Jun 22 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Invalid user user1 from 38.55.97.143
Jun 22 11:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: input_userauth_request: invalid user user1 [preauth]
Jun 22 11:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Failed password for invalid user user1 from 38.55.97.143 port 56336 ssh2
Jun 22 11:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Connection closed by 38.55.97.143 port 56336 [preauth]
Jun 22 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session closed for user root
Jun 22 11:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: Invalid user support from 38.55.97.143
Jun 22 11:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: input_userauth_request: invalid user support [preauth]
Jun 22 11:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: Failed password for invalid user support from 38.55.97.143 port 40752 ssh2
Jun 22 11:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: Connection closed by 38.55.97.143 port 40752 [preauth]
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14151]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14212]: Successful su for rubyman by root
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14212]: + ??? root:rubyman
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570666 of user rubyman.
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14212]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570666.
Jun 22 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11466]: pam_unix(cron:session): session closed for user root
Jun 22 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14152]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 11:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: Failed password for root from 20.87.219.67 port 41920 ssh2
Jun 22 11:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: Received disconnect from 20.87.219.67 port 41920:11: Bye Bye [preauth]
Jun 22 11:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: Disconnected from 20.87.219.67 port 41920 [preauth]
Jun 22 11:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Failed password for root from 38.55.97.143 port 54884 ssh2
Jun 22 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Connection closed by 38.55.97.143 port 54884 [preauth]
Jun 22 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: Invalid user student6 from 185.40.30.168
Jun 22 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: input_userauth_request: invalid user student6 [preauth]
Jun 22 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: Failed password for invalid user student6 from 185.40.30.168 port 53772 ssh2
Jun 22 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: Received disconnect from 185.40.30.168 port 53772:11: Bye Bye [preauth]
Jun 22 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: Disconnected from 185.40.30.168 port 53772 [preauth]
Jun 22 11:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13347]: pam_unix(cron:session): session closed for user root
Jun 22 11:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Invalid user django from 5.164.6.184
Jun 22 11:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: input_userauth_request: invalid user django [preauth]
Jun 22 11:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 11:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Failed password for invalid user django from 5.164.6.184 port 35806 ssh2
Jun 22 11:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Received disconnect from 5.164.6.184 port 35806:11: Bye Bye [preauth]
Jun 22 11:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Disconnected from 5.164.6.184 port 35806 [preauth]
Jun 22 11:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: Failed password for root from 38.55.97.143 port 36532 ssh2
Jun 22 11:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: Connection closed by 38.55.97.143 port 36532 [preauth]
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14549]: pam_unix(cron:session): session closed for user root
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14544]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14619]: Successful su for rubyman by root
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14619]: + ??? root:rubyman
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570671 of user rubyman.
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14619]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570671.
Jun 22 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14546]: pam_unix(cron:session): session closed for user root
Jun 22 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11916]: pam_unix(cron:session): session closed for user root
Jun 22 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14545]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Failed password for root from 38.55.97.143 port 47194 ssh2
Jun 22 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Connection closed by 38.55.97.143 port 47194 [preauth]
Jun 22 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13757]: pam_unix(cron:session): session closed for user root
Jun 22 11:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: Invalid user devuser from 185.40.30.168
Jun 22 11:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: input_userauth_request: invalid user devuser [preauth]
Jun 22 11:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15068]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15141]: Successful su for rubyman by root
Jun 22 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15141]: + ??? root:rubyman
Jun 22 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570677 of user rubyman.
Jun 22 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15141]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570677.
Jun 22 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: Failed password for invalid user devuser from 185.40.30.168 port 53922 ssh2
Jun 22 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: Received disconnect from 185.40.30.168 port 53922:11: Bye Bye [preauth]
Jun 22 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: Disconnected from 185.40.30.168 port 53922 [preauth]
Jun 22 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session closed for user root
Jun 22 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15069]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Failed password for root from 38.55.97.143 port 60238 ssh2
Jun 22 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Connection closed by 38.55.97.143 port 60238 [preauth]
Jun 22 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 11:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Failed password for root from 103.149.28.157 port 44606 ssh2
Jun 22 11:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Connection closed by 103.149.28.157 port 44606 [preauth]
Jun 22 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session closed for user root
Jun 22 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Failed password for root from 5.164.6.184 port 59938 ssh2
Jun 22 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Received disconnect from 5.164.6.184 port 59938:11: Bye Bye [preauth]
Jun 22 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Disconnected from 5.164.6.184 port 59938 [preauth]
Jun 22 11:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: Failed password for root from 38.55.97.143 port 39690 ssh2
Jun 22 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: Connection closed by 38.55.97.143 port 39690 [preauth]
Jun 22 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15472]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: Successful su for rubyman by root
Jun 22 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: + ??? root:rubyman
Jun 22 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570680 of user rubyman.
Jun 22 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570680.
Jun 22 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session closed for user root
Jun 22 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Failed password for root from 62.133.62.83 port 37860 ssh2
Jun 22 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Connection closed by 62.133.62.83 port 37860 [preauth]
Jun 22 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15473]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15726]: Failed password for root from 38.55.97.143 port 56002 ssh2
Jun 22 11:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15726]: Connection closed by 38.55.97.143 port 56002 [preauth]
Jun 22 11:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Did not receive identification string from 139.59.10.17
Jun 22 11:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Received disconnect from 107.172.88.206 port 56208:11: disconnected by user [preauth]
Jun 22 11:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Disconnected from 107.172.88.206 port 56208 [preauth]
Jun 22 11:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session closed for user root
Jun 22 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Invalid user vlado from 185.40.30.168
Jun 22 11:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: input_userauth_request: invalid user vlado [preauth]
Jun 22 11:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 11:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Failed password for invalid user vlado from 185.40.30.168 port 33332 ssh2
Jun 22 11:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Received disconnect from 185.40.30.168 port 33332:11: Bye Bye [preauth]
Jun 22 11:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Disconnected from 185.40.30.168 port 33332 [preauth]
Jun 22 11:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Invalid user upload from 38.55.97.143
Jun 22 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: input_userauth_request: invalid user upload [preauth]
Jun 22 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Failed password for invalid user upload from 38.55.97.143 port 34862 ssh2
Jun 22 11:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Connection closed by 38.55.97.143 port 34862 [preauth]
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: Successful su for rubyman by root
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: + ??? root:rubyman
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570685 of user rubyman.
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570685.
Jun 22 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13346]: pam_unix(cron:session): session closed for user root
Jun 22 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15871]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 11:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16144]: Failed password for root from 38.55.97.143 port 48304 ssh2
Jun 22 11:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16144]: Connection closed by 38.55.97.143 port 48304 [preauth]
Jun 22 11:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16147]: Failed password for root from 5.164.6.184 port 48062 ssh2
Jun 22 11:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16147]: Received disconnect from 5.164.6.184 port 48062:11: Bye Bye [preauth]
Jun 22 11:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16147]: Disconnected from 5.164.6.184 port 48062 [preauth]
Jun 22 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session closed for user root
Jun 22 11:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: Failed password for root from 38.55.97.143 port 35438 ssh2
Jun 22 11:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: Connection closed by 38.55.97.143 port 35438 [preauth]
Jun 22 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16272]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16271]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16269]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16326]: Successful su for rubyman by root
Jun 22 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16326]: + ??? root:rubyman
Jun 22 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570690 of user rubyman.
Jun 22 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16326]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570690.
Jun 22 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session closed for user root
Jun 22 11:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16270]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168  user=root
Jun 22 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Failed password for root from 185.40.30.168 port 37422 ssh2
Jun 22 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Received disconnect from 185.40.30.168 port 37422:11: Bye Bye [preauth]
Jun 22 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Disconnected from 185.40.30.168 port 37422 [preauth]
Jun 22 11:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: Failed password for root from 38.55.97.143 port 42840 ssh2
Jun 22 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: Connection closed by 38.55.97.143 port 42840 [preauth]
Jun 22 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15475]: pam_unix(cron:session): session closed for user root
Jun 22 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16672]: pam_unix(cron:session): session closed for user root
Jun 22 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16732]: Successful su for rubyman by root
Jun 22 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16732]: + ??? root:rubyman
Jun 22 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570696 of user rubyman.
Jun 22 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16732]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570696.
Jun 22 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: Failed password for root from 38.55.97.143 port 37658 ssh2
Jun 22 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: Connection closed by 38.55.97.143 port 37658 [preauth]
Jun 22 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16669]: pam_unix(cron:session): session closed for user root
Jun 22 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14153]: pam_unix(cron:session): session closed for user root
Jun 22 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16668]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Invalid user strapi from 5.164.6.184
Jun 22 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: input_userauth_request: invalid user strapi [preauth]
Jun 22 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Failed password for invalid user strapi from 5.164.6.184 port 36306 ssh2
Jun 22 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Received disconnect from 5.164.6.184 port 36306:11: Bye Bye [preauth]
Jun 22 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Disconnected from 5.164.6.184 port 36306 [preauth]
Jun 22 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15873]: pam_unix(cron:session): session closed for user root
Jun 22 11:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Failed password for root from 38.55.97.143 port 54084 ssh2
Jun 22 11:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Connection closed by 38.55.97.143 port 54084 [preauth]
Jun 22 11:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Invalid user rob from 185.40.30.168
Jun 22 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: input_userauth_request: invalid user rob [preauth]
Jun 22 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 11:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Failed password for invalid user rob from 185.40.30.168 port 38700 ssh2
Jun 22 11:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Received disconnect from 185.40.30.168 port 38700:11: Bye Bye [preauth]
Jun 22 11:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Disconnected from 185.40.30.168 port 38700 [preauth]
Jun 22 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17193]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17262]: Successful su for rubyman by root
Jun 22 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17262]: + ??? root:rubyman
Jun 22 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570700 of user rubyman.
Jun 22 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17262]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570700.
Jun 22 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14547]: pam_unix(cron:session): session closed for user root
Jun 22 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17194]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: Invalid user admin from 38.55.97.143
Jun 22 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: input_userauth_request: invalid user admin [preauth]
Jun 22 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67  user=root
Jun 22 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: Failed password for invalid user admin from 38.55.97.143 port 40720 ssh2
Jun 22 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: Connection closed by 38.55.97.143 port 40720 [preauth]
Jun 22 11:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: Failed password for root from 20.87.219.67 port 52018 ssh2
Jun 22 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: Received disconnect from 20.87.219.67 port 52018:11: Bye Bye [preauth]
Jun 22 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: Disconnected from 20.87.219.67 port 52018 [preauth]
Jun 22 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16272]: pam_unix(cron:session): session closed for user root
Jun 22 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Failed password for root from 38.55.97.143 port 55106 ssh2
Jun 22 11:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Connection closed by 38.55.97.143 port 55106 [preauth]
Jun 22 11:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 11:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Failed password for root from 103.27.238.120 port 50002 ssh2
Jun 22 11:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Connection closed by 103.27.238.120 port 50002 [preauth]
Jun 22 11:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Failed password for root from 5.164.6.184 port 56886 ssh2
Jun 22 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Received disconnect from 5.164.6.184 port 56886:11: Bye Bye [preauth]
Jun 22 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Disconnected from 5.164.6.184 port 56886 [preauth]
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17622]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17621]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17770]: Successful su for rubyman by root
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17770]: + ??? root:rubyman
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570702 of user rubyman.
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17770]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570702.
Jun 22 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session closed for user root
Jun 22 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17622]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: Failed password for root from 38.55.97.143 port 41570 ssh2
Jun 22 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: Connection closed by 38.55.97.143 port 41570 [preauth]
Jun 22 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Invalid user tt from 185.40.30.168
Jun 22 11:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: input_userauth_request: invalid user tt [preauth]
Jun 22 11:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Failed password for invalid user tt from 185.40.30.168 port 50752 ssh2
Jun 22 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Received disconnect from 185.40.30.168 port 50752:11: Bye Bye [preauth]
Jun 22 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Disconnected from 185.40.30.168 port 50752 [preauth]
Jun 22 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16671]: pam_unix(cron:session): session closed for user root
Jun 22 11:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Failed password for root from 38.55.97.143 port 56258 ssh2
Jun 22 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Connection closed by 38.55.97.143 port 56258 [preauth]
Jun 22 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: Failed password for root from 193.24.211.107 port 11228 ssh2
Jun 22 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: Received disconnect from 193.24.211.107 port 11228:11: Client disconnecting normally [preauth]
Jun 22 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: Disconnected from 193.24.211.107 port 11228 [preauth]
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18135]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: Successful su for rubyman by root
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: + ??? root:rubyman
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570706 of user rubyman.
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570706.
Jun 22 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15474]: pam_unix(cron:session): session closed for user root
Jun 22 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18136]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Failed password for root from 80.66.85.226 port 49468 ssh2
Jun 22 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Connection closed by 80.66.85.226 port 49468 [preauth]
Jun 22 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: Failed password for root from 38.55.97.143 port 42620 ssh2
Jun 22 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: Connection closed by 38.55.97.143 port 42620 [preauth]
Jun 22 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session closed for user root
Jun 22 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: Invalid user turtle from 5.164.6.184
Jun 22 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: input_userauth_request: invalid user turtle [preauth]
Jun 22 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 11:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: Failed password for invalid user turtle from 5.164.6.184 port 58360 ssh2
Jun 22 11:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: Received disconnect from 5.164.6.184 port 58360:11: Bye Bye [preauth]
Jun 22 11:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: Disconnected from 5.164.6.184 port 58360 [preauth]
Jun 22 11:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18633]: Failed password for root from 38.55.97.143 port 47668 ssh2
Jun 22 11:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18633]: Connection closed by 38.55.97.143 port 47668 [preauth]
Jun 22 11:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168  user=root
Jun 22 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Failed password for root from 185.40.30.168 port 46366 ssh2
Jun 22 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Received disconnect from 185.40.30.168 port 46366:11: Bye Bye [preauth]
Jun 22 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Disconnected from 185.40.30.168 port 46366 [preauth]
Jun 22 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18649]: pam_unix(cron:session): session closed for user p13x
Jun 22 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18715]: Successful su for rubyman by root
Jun 22 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18715]: + ??? root:rubyman
Jun 22 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570710 of user rubyman.
Jun 22 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18715]: pam_unix(su:session): session closed for user rubyman
Jun 22 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570710.
Jun 22 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15872]: pam_unix(cron:session): session closed for user root
Jun 22 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18650]: pam_unix(cron:session): session closed for user samftp
Jun 22 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: Failed password for root from 38.55.97.143 port 60518 ssh2
Jun 22 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 11:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: Connection closed by 38.55.97.143 port 60518 [preauth]
Jun 22 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: Invalid user prueba from 20.87.219.67
Jun 22 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: input_userauth_request: invalid user prueba [preauth]
Jun 22 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: Failed password for invalid user prueba from 20.87.219.67 port 33956 ssh2
Jun 22 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: Received disconnect from 20.87.219.67 port 33956:11: Bye Bye [preauth]
Jun 22 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: Disconnected from 20.87.219.67 port 33956 [preauth]
Jun 22 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17624]: pam_unix(cron:session): session closed for user root
Jun 22 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19075]: pam_unix(cron:session): session closed for user root
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19071]: pam_unix(cron:session): session closed for user root
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19069]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19266]: Successful su for rubyman by root
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19266]: + ??? root:rubyman
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570717 of user rubyman.
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19266]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570717.
Jun 22 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Invalid user peertube from 38.55.97.143
Jun 22 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: input_userauth_request: invalid user peertube [preauth]
Jun 22 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session closed for user root
Jun 22 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16271]: pam_unix(cron:session): session closed for user root
Jun 22 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Failed password for invalid user peertube from 38.55.97.143 port 46580 ssh2
Jun 22 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Connection closed by 38.55.97.143 port 46580 [preauth]
Jun 22 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19070]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18138]: pam_unix(cron:session): session closed for user root
Jun 22 12:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19757]: Invalid user mohamad from 185.40.30.168
Jun 22 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19757]: input_userauth_request: invalid user mohamad [preauth]
Jun 22 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19757]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: Invalid user bitrix from 5.164.6.184
Jun 22 12:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: input_userauth_request: invalid user bitrix [preauth]
Jun 22 12:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 12:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19757]: Failed password for invalid user mohamad from 185.40.30.168 port 58658 ssh2
Jun 22 12:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19757]: Received disconnect from 185.40.30.168 port 58658:11: Bye Bye [preauth]
Jun 22 12:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19757]: Disconnected from 185.40.30.168 port 58658 [preauth]
Jun 22 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: Failed password for invalid user bitrix from 5.164.6.184 port 43220 ssh2
Jun 22 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: Invalid user osboxes from 38.55.97.143
Jun 22 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: input_userauth_request: invalid user osboxes [preauth]
Jun 22 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: Received disconnect from 5.164.6.184 port 43220:11: Bye Bye [preauth]
Jun 22 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: Disconnected from 5.164.6.184 port 43220 [preauth]
Jun 22 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: Failed password for invalid user osboxes from 38.55.97.143 port 51352 ssh2
Jun 22 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: Connection closed by 38.55.97.143 port 51352 [preauth]
Jun 22 12:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Received disconnect from 198.38.91.141 port 36508:11: disconnected by user [preauth]
Jun 22 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Disconnected from 198.38.91.141 port 36508 [preauth]
Jun 22 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: Successful su for rubyman by root
Jun 22 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: + ??? root:rubyman
Jun 22 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570721 of user rubyman.
Jun 22 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570721.
Jun 22 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16670]: pam_unix(cron:session): session closed for user root
Jun 22 12:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: Failed password for root from 38.55.97.143 port 60736 ssh2
Jun 22 12:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20231]: Connection closed by 38.55.97.143 port 60736 [preauth]
Jun 22 12:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 12:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20258]: Failed password for root from 147.45.199.80 port 57904 ssh2
Jun 22 12:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20258]: Connection closed by 147.45.199.80 port 57904 [preauth]
Jun 22 12:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 22 12:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: Failed password for root from 141.98.83.240 port 13274 ssh2
Jun 22 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 13274 ssh2]
Jun 22 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: Connection closed by 141.98.83.240 port 13274 [preauth]
Jun 22 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 22 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18652]: pam_unix(cron:session): session closed for user root
Jun 22 12:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: Failed password for root from 38.55.97.143 port 38460 ssh2
Jun 22 12:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: Connection closed by 38.55.97.143 port 38460 [preauth]
Jun 22 12:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20406]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Invalid user root1 from 185.40.30.168
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: input_userauth_request: invalid user root1 [preauth]
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20476]: Successful su for rubyman by root
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20476]: + ??? root:rubyman
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570727 of user rubyman.
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20476]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570727.
Jun 22 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Failed password for invalid user root1 from 185.40.30.168 port 57032 ssh2
Jun 22 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Received disconnect from 185.40.30.168 port 57032:11: Bye Bye [preauth]
Jun 22 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Disconnected from 185.40.30.168 port 57032 [preauth]
Jun 22 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session closed for user root
Jun 22 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20408]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20766]: Failed password for root from 38.55.97.143 port 51600 ssh2
Jun 22 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20766]: Connection closed by 38.55.97.143 port 51600 [preauth]
Jun 22 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 12:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20789]: Failed password for root from 5.164.6.184 port 37934 ssh2
Jun 22 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20789]: Received disconnect from 5.164.6.184 port 37934:11: Bye Bye [preauth]
Jun 22 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20789]: Disconnected from 5.164.6.184 port 37934 [preauth]
Jun 22 12:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19074]: pam_unix(cron:session): session closed for user root
Jun 22 12:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20888]: Failed password for root from 38.55.97.143 port 38464 ssh2
Jun 22 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20888]: Connection closed by 38.55.97.143 port 38464 [preauth]
Jun 22 12:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: Invalid user centos from 20.87.219.67
Jun 22 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: input_userauth_request: invalid user centos [preauth]
Jun 22 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.219.67
Jun 22 12:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: Failed password for invalid user centos from 20.87.219.67 port 59212 ssh2
Jun 22 12:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: Received disconnect from 20.87.219.67 port 59212:11: Bye Bye [preauth]
Jun 22 12:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: Disconnected from 20.87.219.67 port 59212 [preauth]
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20910]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: Successful su for rubyman by root
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: + ??? root:rubyman
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570730 of user rubyman.
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570730.
Jun 22 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17623]: pam_unix(cron:session): session closed for user root
Jun 22 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20911]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: Failed password for root from 38.55.97.143 port 49730 ssh2
Jun 22 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: Connection closed by 38.55.97.143 port 49730 [preauth]
Jun 22 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19898]: pam_unix(cron:session): session closed for user root
Jun 22 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: Invalid user george from 185.40.30.168
Jun 22 12:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: input_userauth_request: invalid user george [preauth]
Jun 22 12:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: Failed password for invalid user george from 185.40.30.168 port 50456 ssh2
Jun 22 12:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: Received disconnect from 185.40.30.168 port 50456:11: Bye Bye [preauth]
Jun 22 12:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: Disconnected from 185.40.30.168 port 50456 [preauth]
Jun 22 12:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Failed password for root from 38.55.97.143 port 33450 ssh2
Jun 22 12:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Connection closed by 38.55.97.143 port 33450 [preauth]
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21313]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21389]: Successful su for rubyman by root
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21389]: + ??? root:rubyman
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570735 of user rubyman.
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21389]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570735.
Jun 22 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18137]: pam_unix(cron:session): session closed for user root
Jun 22 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21314]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Invalid user dietpi from 5.164.6.184
Jun 22 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: input_userauth_request: invalid user dietpi [preauth]
Jun 22 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 12:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Failed password for invalid user dietpi from 5.164.6.184 port 58800 ssh2
Jun 22 12:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Received disconnect from 5.164.6.184 port 58800:11: Bye Bye [preauth]
Jun 22 12:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Disconnected from 5.164.6.184 port 58800 [preauth]
Jun 22 12:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session closed for user root
Jun 22 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Failed password for root from 38.55.97.143 port 45102 ssh2
Jun 22 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Connection closed by 38.55.97.143 port 45102 [preauth]
Jun 22 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 12:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: Failed password for root from 38.93.206.2 port 37888 ssh2
Jun 22 12:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: Connection closed by 38.93.206.2 port 37888 [preauth]
Jun 22 12:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 12:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: Failed password for root from 103.172.78.219 port 49364 ssh2
Jun 22 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: Connection closed by 103.172.78.219 port 49364 [preauth]
Jun 22 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21768]: pam_unix(cron:session): session closed for user root
Jun 22 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21761]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21835]: Successful su for rubyman by root
Jun 22 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21835]: + ??? root:rubyman
Jun 22 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570739 of user rubyman.
Jun 22 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21835]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570739.
Jun 22 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21764]: pam_unix(cron:session): session closed for user root
Jun 22 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18651]: pam_unix(cron:session): session closed for user root
Jun 22 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21763]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21983]: Failed password for root from 38.55.97.143 port 60346 ssh2
Jun 22 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21989]: Failed password for root from 37.233.85.71 port 39350 ssh2
Jun 22 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21989]: Connection closed by 37.233.85.71 port 39350 [preauth]
Jun 22 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21983]: Connection closed by 38.55.97.143 port 60346 [preauth]
Jun 22 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: Invalid user zhangsan from 185.40.30.168
Jun 22 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: input_userauth_request: invalid user zhangsan [preauth]
Jun 22 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: Failed password for invalid user zhangsan from 185.40.30.168 port 39406 ssh2
Jun 22 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: Received disconnect from 185.40.30.168 port 39406:11: Bye Bye [preauth]
Jun 22 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: Disconnected from 185.40.30.168 port 39406 [preauth]
Jun 22 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session closed for user root
Jun 22 12:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: User mysql from 38.55.97.143 not allowed because not listed in AllowUsers
Jun 22 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: input_userauth_request: invalid user mysql [preauth]
Jun 22 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=mysql
Jun 22 12:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: Failed password for invalid user mysql from 38.55.97.143 port 52216 ssh2
Jun 22 12:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: Connection closed by 38.55.97.143 port 52216 [preauth]
Jun 22 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22274]: Successful su for rubyman by root
Jun 22 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22274]: + ??? root:rubyman
Jun 22 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570744 of user rubyman.
Jun 22 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22274]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570744.
Jun 22 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19073]: pam_unix(cron:session): session closed for user root
Jun 22 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Invalid user yy from 5.164.6.184
Jun 22 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: input_userauth_request: invalid user yy [preauth]
Jun 22 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22209]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Failed password for invalid user yy from 5.164.6.184 port 59110 ssh2
Jun 22 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Received disconnect from 5.164.6.184 port 59110:11: Bye Bye [preauth]
Jun 22 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Disconnected from 5.164.6.184 port 59110 [preauth]
Jun 22 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 12:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Failed password for root from 103.82.20.28 port 44634 ssh2
Jun 22 12:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Connection closed by 103.82.20.28 port 44634 [preauth]
Jun 22 12:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Invalid user ubuntu from 38.55.97.143
Jun 22 12:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 12:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Failed password for invalid user ubuntu from 38.55.97.143 port 37646 ssh2
Jun 22 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Connection closed by 38.55.97.143 port 37646 [preauth]
Jun 22 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21319]: pam_unix(cron:session): session closed for user root
Jun 22 12:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: Invalid user minecraft from 185.40.30.168
Jun 22 12:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 12:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: Failed password for invalid user minecraft from 185.40.30.168 port 42434 ssh2
Jun 22 12:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: Received disconnect from 185.40.30.168 port 42434:11: Bye Bye [preauth]
Jun 22 12:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: Disconnected from 185.40.30.168 port 42434 [preauth]
Jun 22 12:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Failed password for root from 38.55.97.143 port 53060 ssh2
Jun 22 12:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Connection closed by 38.55.97.143 port 53060 [preauth]
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22703]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22767]: Successful su for rubyman by root
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22767]: + ??? root:rubyman
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570747 of user rubyman.
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22767]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570747.
Jun 22 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session closed for user root
Jun 22 12:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22704]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: Failed password for root from 38.55.97.143 port 38900 ssh2
Jun 22 12:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: Connection closed by 38.55.97.143 port 38900 [preauth]
Jun 22 12:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21766]: pam_unix(cron:session): session closed for user root
Jun 22 12:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 12:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Failed password for root from 5.164.6.184 port 44820 ssh2
Jun 22 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Received disconnect from 5.164.6.184 port 44820:11: Bye Bye [preauth]
Jun 22 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Disconnected from 5.164.6.184 port 44820 [preauth]
Jun 22 12:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: Failed password for root from 38.55.97.143 port 45592 ssh2
Jun 22 12:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: Connection closed by 38.55.97.143 port 45592 [preauth]
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23113]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23177]: Successful su for rubyman by root
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23177]: + ??? root:rubyman
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570751 of user rubyman.
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23177]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570751.
Jun 22 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session closed for user root
Jun 22 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: Received disconnect from 62.210.209.225 port 43942:11: disconnected by user [preauth]
Jun 22 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: Disconnected from 62.210.209.225 port 43942 [preauth]
Jun 22 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: Invalid user developer from 185.40.30.168
Jun 22 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: input_userauth_request: invalid user developer [preauth]
Jun 22 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: Failed password for invalid user developer from 185.40.30.168 port 51490 ssh2
Jun 22 12:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: Received disconnect from 185.40.30.168 port 51490:11: Bye Bye [preauth]
Jun 22 12:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: Disconnected from 185.40.30.168 port 51490 [preauth]
Jun 22 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: Failed password for root from 38.55.97.143 port 57142 ssh2
Jun 22 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: Connection closed by 38.55.97.143 port 57142 [preauth]
Jun 22 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22211]: pam_unix(cron:session): session closed for user root
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23545]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23541]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23543]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23673]: Successful su for rubyman by root
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23673]: + ??? root:rubyman
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570757 of user rubyman.
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23673]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570757.
Jun 22 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23541]: pam_unix(cron:session): session closed for user root
Jun 22 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20912]: pam_unix(cron:session): session closed for user root
Jun 22 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23724]: Failed password for root from 38.55.97.143 port 42352 ssh2
Jun 22 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23724]: Connection closed by 38.55.97.143 port 42352 [preauth]
Jun 22 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23544]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session closed for user root
Jun 22 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: Failed password for root from 38.55.97.143 port 54636 ssh2
Jun 22 12:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: Connection closed by 38.55.97.143 port 54636 [preauth]
Jun 22 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: Failed password for root from 5.164.6.184 port 40904 ssh2
Jun 22 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: Received disconnect from 5.164.6.184 port 40904:11: Bye Bye [preauth]
Jun 22 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: Disconnected from 5.164.6.184 port 40904 [preauth]
Jun 22 12:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: Invalid user m from 185.40.30.168
Jun 22 12:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: input_userauth_request: invalid user m [preauth]
Jun 22 12:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: Failed password for invalid user m from 185.40.30.168 port 36038 ssh2
Jun 22 12:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: Received disconnect from 185.40.30.168 port 36038:11: Bye Bye [preauth]
Jun 22 12:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: Disconnected from 185.40.30.168 port 36038 [preauth]
Jun 22 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24155]: pam_unix(cron:session): session closed for user root
Jun 22 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24225]: Successful su for rubyman by root
Jun 22 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24225]: + ??? root:rubyman
Jun 22 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570762 of user rubyman.
Jun 22 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24225]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570762.
Jun 22 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user root
Jun 22 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21316]: pam_unix(cron:session): session closed for user root
Jun 22 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: Invalid user user01 from 38.55.97.143
Jun 22 12:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: input_userauth_request: invalid user user01 [preauth]
Jun 22 12:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: Failed password for invalid user user01 from 38.55.97.143 port 39012 ssh2
Jun 22 12:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: Connection closed by 38.55.97.143 port 39012 [preauth]
Jun 22 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23116]: pam_unix(cron:session): session closed for user root
Jun 22 12:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Failed password for root from 38.55.97.143 port 53896 ssh2
Jun 22 12:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Connection closed by 38.55.97.143 port 53896 [preauth]
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24696]: Successful su for rubyman by root
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24696]: + ??? root:rubyman
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570767 of user rubyman.
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24696]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570767.
Jun 22 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21765]: pam_unix(cron:session): session closed for user root
Jun 22 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24611]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24907]: Failed password for root from 38.55.97.143 port 39194 ssh2
Jun 22 12:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24907]: Connection closed by 38.55.97.143 port 39194 [preauth]
Jun 22 12:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168  user=root
Jun 22 12:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Failed password for root from 185.40.30.168 port 34092 ssh2
Jun 22 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Received disconnect from 185.40.30.168 port 34092:11: Bye Bye [preauth]
Jun 22 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Disconnected from 185.40.30.168 port 34092 [preauth]
Jun 22 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23547]: pam_unix(cron:session): session closed for user root
Jun 22 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Failed password for root from 5.164.6.184 port 39236 ssh2
Jun 22 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Received disconnect from 5.164.6.184 port 39236:11: Bye Bye [preauth]
Jun 22 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Disconnected from 5.164.6.184 port 39236 [preauth]
Jun 22 12:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: Invalid user user1 from 38.55.97.143
Jun 22 12:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: input_userauth_request: invalid user user1 [preauth]
Jun 22 12:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: Failed password for invalid user user1 from 38.55.97.143 port 53990 ssh2
Jun 22 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: Connection closed by 38.55.97.143 port 53990 [preauth]
Jun 22 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25042]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25109]: Successful su for rubyman by root
Jun 22 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25109]: + ??? root:rubyman
Jun 22 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570772 of user rubyman.
Jun 22 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25109]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570772.
Jun 22 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22210]: pam_unix(cron:session): session closed for user root
Jun 22 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25044]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: Invalid user user from 38.55.97.143
Jun 22 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: input_userauth_request: invalid user user [preauth]
Jun 22 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: Failed password for invalid user user from 38.55.97.143 port 57902 ssh2
Jun 22 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25340]: Connection closed by 38.55.97.143 port 57902 [preauth]
Jun 22 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24154]: pam_unix(cron:session): session closed for user root
Jun 22 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 12:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25380]: Failed password for root from 87.251.79.125 port 38662 ssh2
Jun 22 12:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25380]: Connection closed by 87.251.79.125 port 38662 [preauth]
Jun 22 12:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: Invalid user ubuntu from 38.55.97.143
Jun 22 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25507]: Successful su for rubyman by root
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25507]: + ??? root:rubyman
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570776 of user rubyman.
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25507]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168  user=root
Jun 22 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570776.
Jun 22 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: Failed password for invalid user ubuntu from 38.55.97.143 port 43398 ssh2
Jun 22 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: Connection closed by 38.55.97.143 port 43398 [preauth]
Jun 22 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25438]: Failed password for root from 185.40.30.168 port 38290 ssh2
Jun 22 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25438]: Received disconnect from 185.40.30.168 port 38290:11: Bye Bye [preauth]
Jun 22 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25438]: Disconnected from 185.40.30.168 port 38290 [preauth]
Jun 22 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session closed for user root
Jun 22 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 12:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Failed password for root from 5.164.6.184 port 37432 ssh2
Jun 22 12:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Received disconnect from 5.164.6.184 port 37432:11: Bye Bye [preauth]
Jun 22 12:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Disconnected from 5.164.6.184 port 37432 [preauth]
Jun 22 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session closed for user root
Jun 22 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Failed password for root from 38.55.97.143 port 57630 ssh2
Jun 22 12:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Connection closed by 38.55.97.143 port 57630 [preauth]
Jun 22 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: Invalid user erykah from 2.57.121.112
Jun 22 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: input_userauth_request: invalid user erykah [preauth]
Jun 22 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: Failed password for invalid user erykah from 2.57.121.112 port 16934 ssh2
Jun 22 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: Failed password for invalid user erykah from 2.57.121.112 port 16934 ssh2
Jun 22 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: Failed password for invalid user erykah from 2.57.121.112 port 16934 ssh2
Jun 22 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: Failed password for invalid user erykah from 2.57.121.112 port 16934 ssh2
Jun 22 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: Failed password for invalid user erykah from 2.57.121.112 port 16934 ssh2
Jun 22 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: Connection closed by 2.57.121.112 port 16934 [preauth]
Jun 22 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25842]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25903]: Successful su for rubyman by root
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25903]: + ??? root:rubyman
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570779 of user rubyman.
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25903]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570779.
Jun 22 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23115]: pam_unix(cron:session): session closed for user root
Jun 22 12:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25843]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: Failed password for root from 38.55.97.143 port 41492 ssh2
Jun 22 12:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: Connection closed by 38.55.97.143 port 41492 [preauth]
Jun 22 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168  user=root
Jun 22 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Failed password for root from 185.40.30.168 port 47198 ssh2
Jun 22 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Received disconnect from 185.40.30.168 port 47198:11: Bye Bye [preauth]
Jun 22 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Disconnected from 185.40.30.168 port 47198 [preauth]
Jun 22 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25047]: pam_unix(cron:session): session closed for user root
Jun 22 12:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: Failed password for root from 38.55.97.143 port 54576 ssh2
Jun 22 12:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: Connection closed by 38.55.97.143 port 54576 [preauth]
Jun 22 12:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for root from 193.24.211.107 port 30078 ssh2
Jun 22 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Received disconnect from 193.24.211.107 port 30078:11: Client disconnecting normally [preauth]
Jun 22 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Disconnected from 193.24.211.107 port 30078 [preauth]
Jun 22 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session closed for user root
Jun 22 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26316]: Successful su for rubyman by root
Jun 22 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26316]: + ??? root:rubyman
Jun 22 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570786 of user rubyman.
Jun 22 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26316]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570786.
Jun 22 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26247]: pam_unix(cron:session): session closed for user root
Jun 22 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23545]: pam_unix(cron:session): session closed for user root
Jun 22 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26499]: Failed password for root from 103.176.20.57 port 55332 ssh2
Jun 22 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26499]: Connection closed by 103.176.20.57 port 55332 [preauth]
Jun 22 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Invalid user ftpu from 5.164.6.184
Jun 22 12:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: input_userauth_request: invalid user ftpu [preauth]
Jun 22 12:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 12:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Failed password for invalid user ftpu from 5.164.6.184 port 60842 ssh2
Jun 22 12:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Received disconnect from 5.164.6.184 port 60842:11: Bye Bye [preauth]
Jun 22 12:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Disconnected from 5.164.6.184 port 60842 [preauth]
Jun 22 12:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Failed password for root from 38.55.97.143 port 35578 ssh2
Jun 22 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Connection closed by 38.55.97.143 port 35578 [preauth]
Jun 22 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session closed for user root
Jun 22 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Failed password for root from 38.55.97.143 port 34288 ssh2
Jun 22 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Connection closed by 38.55.97.143 port 34288 [preauth]
Jun 22 12:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168  user=root
Jun 22 12:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Failed password for root from 185.40.30.168 port 40596 ssh2
Jun 22 12:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Received disconnect from 185.40.30.168 port 40596:11: Bye Bye [preauth]
Jun 22 12:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Disconnected from 185.40.30.168 port 40596 [preauth]
Jun 22 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26765]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: Successful su for rubyman by root
Jun 22 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: + ??? root:rubyman
Jun 22 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570788 of user rubyman.
Jun 22 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570788.
Jun 22 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24153]: pam_unix(cron:session): session closed for user root
Jun 22 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26766]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: Received disconnect from 195.26.87.217 port 40918:11: disconnected by user [preauth]
Jun 22 12:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: Disconnected from 195.26.87.217 port 40918 [preauth]
Jun 22 12:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: Failed password for root from 38.55.97.143 port 50058 ssh2
Jun 22 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: Connection closed by 38.55.97.143 port 50058 [preauth]
Jun 22 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25845]: pam_unix(cron:session): session closed for user root
Jun 22 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Invalid user marmot from 5.164.6.184
Jun 22 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: input_userauth_request: invalid user marmot [preauth]
Jun 22 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27167]: pam_unix(cron:session): session closed for user root
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27169]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27240]: Successful su for rubyman by root
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27240]: + ??? root:rubyman
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570792 of user rubyman.
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27240]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570792.
Jun 22 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Failed password for invalid user marmot from 5.164.6.184 port 46682 ssh2
Jun 22 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Received disconnect from 5.164.6.184 port 46682:11: Bye Bye [preauth]
Jun 22 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Disconnected from 5.164.6.184 port 46682 [preauth]
Jun 22 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: Failed password for root from 38.55.97.143 port 59832 ssh2
Jun 22 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27165]: Connection closed by 38.55.97.143 port 59832 [preauth]
Jun 22 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session closed for user root
Jun 22 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168  user=root
Jun 22 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: Failed password for root from 185.40.30.168 port 36810 ssh2
Jun 22 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: Received disconnect from 185.40.30.168 port 36810:11: Bye Bye [preauth]
Jun 22 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27499]: Disconnected from 185.40.30.168 port 36810 [preauth]
Jun 22 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26249]: pam_unix(cron:session): session closed for user root
Jun 22 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: Failed password for root from 38.55.97.143 port 47550 ssh2
Jun 22 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: Connection closed by 38.55.97.143 port 47550 [preauth]
Jun 22 12:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27605]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27667]: Successful su for rubyman by root
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27667]: + ??? root:rubyman
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570799 of user rubyman.
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27667]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570799.
Jun 22 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25046]: pam_unix(cron:session): session closed for user root
Jun 22 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27607]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: Invalid user prueba from 38.55.97.143
Jun 22 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: input_userauth_request: invalid user prueba [preauth]
Jun 22 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: Failed password for invalid user prueba from 38.55.97.143 port 60118 ssh2
Jun 22 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: Connection closed by 38.55.97.143 port 60118 [preauth]
Jun 22 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26768]: pam_unix(cron:session): session closed for user root
Jun 22 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: Invalid user what from 38.55.97.143
Jun 22 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: input_userauth_request: invalid user what [preauth]
Jun 22 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: Failed password for invalid user what from 38.55.97.143 port 45880 ssh2
Jun 22 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: Connection closed by 38.55.97.143 port 45880 [preauth]
Jun 22 12:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: Failed password for root from 5.164.6.184 port 44116 ssh2
Jun 22 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: Received disconnect from 5.164.6.184 port 44116:11: Bye Bye [preauth]
Jun 22 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: Disconnected from 5.164.6.184 port 44116 [preauth]
Jun 22 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Invalid user old from 185.40.30.168
Jun 22 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: input_userauth_request: invalid user old [preauth]
Jun 22 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28143]: Successful su for rubyman by root
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28143]: + ??? root:rubyman
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570802 of user rubyman.
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28143]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570802.
Jun 22 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Failed password for invalid user old from 185.40.30.168 port 39948 ssh2
Jun 22 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Received disconnect from 185.40.30.168 port 39948:11: Bye Bye [preauth]
Jun 22 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Disconnected from 185.40.30.168 port 39948 [preauth]
Jun 22 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session closed for user root
Jun 22 12:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: Invalid user samba from 38.55.97.143
Jun 22 12:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: input_userauth_request: invalid user samba [preauth]
Jun 22 12:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 12:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: Failed password for invalid user samba from 38.55.97.143 port 34214 ssh2
Jun 22 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: Connection closed by 38.55.97.143 port 34214 [preauth]
Jun 22 12:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Failed password for root from 103.27.238.114 port 48068 ssh2
Jun 22 12:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Connection closed by 103.27.238.114 port 48068 [preauth]
Jun 22 12:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session closed for user root
Jun 22 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Failed password for root from 38.55.97.143 port 44378 ssh2
Jun 22 12:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Connection closed by 38.55.97.143 port 44378 [preauth]
Jun 22 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28480]: pam_unix(cron:session): session closed for user root
Jun 22 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28474]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28551]: Successful su for rubyman by root
Jun 22 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28551]: + ??? root:rubyman
Jun 22 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570807 of user rubyman.
Jun 22 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28551]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570807.
Jun 22 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28477]: pam_unix(cron:session): session closed for user root
Jun 22 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25844]: pam_unix(cron:session): session closed for user root
Jun 22 12:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28866]: Did not receive identification string from 72.14.178.148
Jun 22 12:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28902]: Failed password for root from 38.55.97.143 port 58236 ssh2
Jun 22 12:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28902]: Connection closed by 38.55.97.143 port 58236 [preauth]
Jun 22 12:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: Invalid user liu from 185.40.30.168
Jun 22 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: input_userauth_request: invalid user liu [preauth]
Jun 22 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27609]: pam_unix(cron:session): session closed for user root
Jun 22 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: Failed password for invalid user liu from 185.40.30.168 port 55122 ssh2
Jun 22 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: Received disconnect from 185.40.30.168 port 55122:11: Bye Bye [preauth]
Jun 22 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: Disconnected from 185.40.30.168 port 55122 [preauth]
Jun 22 12:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 12:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28977]: Failed password for root from 5.164.6.184 port 43480 ssh2
Jun 22 12:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28977]: Received disconnect from 5.164.6.184 port 43480:11: Bye Bye [preauth]
Jun 22 12:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28977]: Disconnected from 5.164.6.184 port 43480 [preauth]
Jun 22 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29027]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29099]: Successful su for rubyman by root
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29099]: + ??? root:rubyman
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570811 of user rubyman.
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29099]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570811.
Jun 22 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29023]: Failed password for root from 38.55.97.143 port 44736 ssh2
Jun 22 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29023]: Connection closed by 38.55.97.143 port 44736 [preauth]
Jun 22 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session closed for user root
Jun 22 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29028]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29371]: Received disconnect from 38.96.178.220 port 33138:11: disconnected by user [preauth]
Jun 22 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29371]: Disconnected from 38.96.178.220 port 33138 [preauth]
Jun 22 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28035]: pam_unix(cron:session): session closed for user root
Jun 22 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: Failed password for root from 38.55.97.143 port 54830 ssh2
Jun 22 12:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: Connection closed by 38.55.97.143 port 54830 [preauth]
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29461]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29619]: Successful su for rubyman by root
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29619]: + ??? root:rubyman
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570815 of user rubyman.
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29619]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570815.
Jun 22 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26767]: pam_unix(cron:session): session closed for user root
Jun 22 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29462]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: Invalid user dps from 185.40.30.168
Jun 22 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: input_userauth_request: invalid user dps [preauth]
Jun 22 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: Failed password for invalid user dps from 185.40.30.168 port 52538 ssh2
Jun 22 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Failed password for root from 38.55.97.143 port 41684 ssh2
Jun 22 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: Received disconnect from 185.40.30.168 port 52538:11: Bye Bye [preauth]
Jun 22 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: Disconnected from 185.40.30.168 port 52538 [preauth]
Jun 22 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Connection closed by 38.55.97.143 port 41684 [preauth]
Jun 22 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28479]: pam_unix(cron:session): session closed for user root
Jun 22 12:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29950]: Invalid user music from 38.55.97.143
Jun 22 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29950]: input_userauth_request: invalid user music [preauth]
Jun 22 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29950]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29947]: Failed password for root from 5.164.6.184 port 52658 ssh2
Jun 22 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29947]: Received disconnect from 5.164.6.184 port 52658:11: Bye Bye [preauth]
Jun 22 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29947]: Disconnected from 5.164.6.184 port 52658 [preauth]
Jun 22 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29950]: Failed password for invalid user music from 38.55.97.143 port 52506 ssh2
Jun 22 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29950]: Connection closed by 38.55.97.143 port 52506 [preauth]
Jun 22 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30070]: Successful su for rubyman by root
Jun 22 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30070]: + ??? root:rubyman
Jun 22 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570820 of user rubyman.
Jun 22 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30070]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570820.
Jun 22 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session closed for user root
Jun 22 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30007]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Invalid user ftpuser from 38.55.97.143
Jun 22 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Failed password for invalid user ftpuser from 38.55.97.143 port 38192 ssh2
Jun 22 12:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Connection closed by 38.55.97.143 port 38192 [preauth]
Jun 22 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29030]: pam_unix(cron:session): session closed for user root
Jun 22 12:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30372]: Invalid user hdd from 185.40.30.168
Jun 22 12:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30372]: input_userauth_request: invalid user hdd [preauth]
Jun 22 12:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30372]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.30.168
Jun 22 12:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30372]: Failed password for invalid user hdd from 185.40.30.168 port 46860 ssh2
Jun 22 12:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30372]: Received disconnect from 185.40.30.168 port 46860:11: Bye Bye [preauth]
Jun 22 12:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30372]: Disconnected from 185.40.30.168 port 46860 [preauth]
Jun 22 12:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Invalid user download from 38.55.97.143
Jun 22 12:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: input_userauth_request: invalid user download [preauth]
Jun 22 12:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Failed password for invalid user download from 38.55.97.143 port 52712 ssh2
Jun 22 12:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Connection closed by 38.55.97.143 port 52712 [preauth]
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30421]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30485]: Successful su for rubyman by root
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30485]: + ??? root:rubyman
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570823 of user rubyman.
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30485]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570823.
Jun 22 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27608]: pam_unix(cron:session): session closed for user root
Jun 22 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30422]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: Failed password for root from 38.55.97.143 port 34846 ssh2
Jun 22 12:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: Connection closed by 38.55.97.143 port 34846 [preauth]
Jun 22 12:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: Invalid user rahul from 5.164.6.184
Jun 22 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: input_userauth_request: invalid user rahul [preauth]
Jun 22 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: Failed password for invalid user rahul from 5.164.6.184 port 35090 ssh2
Jun 22 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: Received disconnect from 5.164.6.184 port 35090:11: Bye Bye [preauth]
Jun 22 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: Disconnected from 5.164.6.184 port 35090 [preauth]
Jun 22 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29466]: pam_unix(cron:session): session closed for user root
Jun 22 12:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: Failed password for root from 38.55.97.143 port 45818 ssh2
Jun 22 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: Connection closed by 38.55.97.143 port 45818 [preauth]
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30851]: pam_unix(cron:session): session closed for user root
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30845]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31014]: Successful su for rubyman by root
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31014]: + ??? root:rubyman
Jun 22 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570829 of user rubyman.
Jun 22 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31014]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570829.
Jun 22 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30848]: pam_unix(cron:session): session closed for user root
Jun 22 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28034]: pam_unix(cron:session): session closed for user root
Jun 22 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30847]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: Failed password for root from 38.55.97.143 port 59584 ssh2
Jun 22 12:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: Connection closed by 38.55.97.143 port 59584 [preauth]
Jun 22 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session closed for user root
Jun 22 12:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Received disconnect from 199.127.63.58 port 48458:11: disconnected by user [preauth]
Jun 22 12:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Disconnected from 199.127.63.58 port 48458 [preauth]
Jun 22 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31378]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31451]: Successful su for rubyman by root
Jun 22 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31451]: + ??? root:rubyman
Jun 22 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570833 of user rubyman.
Jun 22 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31451]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570833.
Jun 22 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28478]: pam_unix(cron:session): session closed for user root
Jun 22 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31440]: Failed password for root from 38.55.97.143 port 50404 ssh2
Jun 22 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31440]: Connection closed by 38.55.97.143 port 50404 [preauth]
Jun 22 12:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31379]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31690]: Failed password for root from 103.15.222.183 port 57494 ssh2
Jun 22 12:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31690]: Connection closed by 103.15.222.183 port 57494 [preauth]
Jun 22 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31767]: Failed password for root from 5.164.6.184 port 50838 ssh2
Jun 22 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31767]: Received disconnect from 5.164.6.184 port 50838:11: Bye Bye [preauth]
Jun 22 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31767]: Disconnected from 5.164.6.184 port 50838 [preauth]
Jun 22 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session closed for user root
Jun 22 12:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Invalid user developer from 38.55.97.143
Jun 22 12:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: input_userauth_request: invalid user developer [preauth]
Jun 22 12:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Failed password for invalid user developer from 38.55.97.143 port 38034 ssh2
Jun 22 12:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Connection closed by 38.55.97.143 port 38034 [preauth]
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31889]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31960]: Successful su for rubyman by root
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31960]: + ??? root:rubyman
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570838 of user rubyman.
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31960]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570838.
Jun 22 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29029]: pam_unix(cron:session): session closed for user root
Jun 22 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: Invalid user user2 from 38.55.97.143
Jun 22 12:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: input_userauth_request: invalid user user2 [preauth]
Jun 22 12:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: Failed password for invalid user user2 from 38.55.97.143 port 52028 ssh2
Jun 22 12:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: Connection closed by 38.55.97.143 port 52028 [preauth]
Jun 22 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30850]: pam_unix(cron:session): session closed for user root
Jun 22 12:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Failed password for root from 38.55.97.143 port 37578 ssh2
Jun 22 12:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Connection closed by 38.55.97.143 port 37578 [preauth]
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32301]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: Successful su for rubyman by root
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: + ??? root:rubyman
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570844 of user rubyman.
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570844.
Jun 22 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29465]: pam_unix(cron:session): session closed for user root
Jun 22 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32302]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184  user=root
Jun 22 12:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: Failed password for root from 5.164.6.184 port 39108 ssh2
Jun 22 12:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: Received disconnect from 5.164.6.184 port 39108:11: Bye Bye [preauth]
Jun 22 12:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: Disconnected from 5.164.6.184 port 39108 [preauth]
Jun 22 12:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: Failed password for root from 38.55.97.143 port 48508 ssh2
Jun 22 12:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: Connection closed by 38.55.97.143 port 48508 [preauth]
Jun 22 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31383]: pam_unix(cron:session): session closed for user root
Jun 22 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Failed password for root from 38.55.97.143 port 33822 ssh2
Jun 22 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Connection closed by 38.55.97.143 port 33822 [preauth]
Jun 22 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32733]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[326]: Successful su for rubyman by root
Jun 22 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[326]: + ??? root:rubyman
Jun 22 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570847 of user rubyman.
Jun 22 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[326]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570847.
Jun 22 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30008]: pam_unix(cron:session): session closed for user root
Jun 22 12:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32731]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Invalid user pi from 38.55.97.143
Jun 22 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: input_userauth_request: invalid user pi [preauth]
Jun 22 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Failed password for invalid user pi from 38.55.97.143 port 46276 ssh2
Jun 22 12:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Connection closed by 38.55.97.143 port 46276 [preauth]
Jun 22 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session closed for user root
Jun 22 12:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Invalid user 0 from 38.55.97.143
Jun 22 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: input_userauth_request: invalid user 0 [preauth]
Jun 22 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Failed password for invalid user 0 from 38.55.97.143 port 57304 ssh2
Jun 22 12:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Connection closed by 38.55.97.143 port 57304 [preauth]
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[829]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[830]: pam_unix(cron:session): session closed for user root
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[825]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: Successful su for rubyman by root
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: + ??? root:rubyman
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570851 of user rubyman.
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570851.
Jun 22 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[827]: pam_unix(cron:session): session closed for user root
Jun 22 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30423]: pam_unix(cron:session): session closed for user root
Jun 22 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: Invalid user vhpadmin from 5.164.6.184
Jun 22 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: input_userauth_request: invalid user vhpadmin [preauth]
Jun 22 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[826]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: Failed password for invalid user vhpadmin from 5.164.6.184 port 59022 ssh2
Jun 22 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: Received disconnect from 5.164.6.184 port 59022:11: Bye Bye [preauth]
Jun 22 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: Disconnected from 5.164.6.184 port 59022 [preauth]
Jun 22 12:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Invalid user steam from 38.55.97.143
Jun 22 12:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: input_userauth_request: invalid user steam [preauth]
Jun 22 12:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32304]: pam_unix(cron:session): session closed for user root
Jun 22 12:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Failed password for invalid user steam from 38.55.97.143 port 38242 ssh2
Jun 22 12:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Connection closed by 38.55.97.143 port 38242 [preauth]
Jun 22 12:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 22 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: Failed password for root from 94.159.110.201 port 40290 ssh2
Jun 22 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: Connection closed by 94.159.110.201 port 40290 [preauth]
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1320]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1401]: Successful su for rubyman by root
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1401]: + ??? root:rubyman
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570856 of user rubyman.
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1401]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570856.
Jun 22 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30849]: pam_unix(cron:session): session closed for user root
Jun 22 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1321]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: Failed password for root from 38.55.97.143 port 49312 ssh2
Jun 22 12:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: Connection closed by 38.55.97.143 port 49312 [preauth]
Jun 22 12:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Connection closed by 194.59.206.2 port 13898 [preauth]
Jun 22 12:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session closed for user root
Jun 22 12:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 12:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Failed password for root from 193.24.211.107 port 24236 ssh2
Jun 22 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Received disconnect from 193.24.211.107 port 24236:11: Client disconnecting normally [preauth]
Jun 22 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Disconnected from 193.24.211.107 port 24236 [preauth]
Jun 22 12:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1829]: Failed password for root from 38.55.97.143 port 59890 ssh2
Jun 22 12:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1829]: Connection closed by 38.55.97.143 port 59890 [preauth]
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1870]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1965]: Successful su for rubyman by root
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1965]: + ??? root:rubyman
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570861 of user rubyman.
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1965]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570861.
Jun 22 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31382]: pam_unix(cron:session): session closed for user root
Jun 22 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1871]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Invalid user wireguard from 5.164.6.184
Jun 22 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: input_userauth_request: invalid user wireguard [preauth]
Jun 22 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Failed password for invalid user wireguard from 5.164.6.184 port 58994 ssh2
Jun 22 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Received disconnect from 5.164.6.184 port 58994:11: Bye Bye [preauth]
Jun 22 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Disconnected from 5.164.6.184 port 58994 [preauth]
Jun 22 12:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: Failed password for root from 38.55.97.143 port 43972 ssh2
Jun 22 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: Connection closed by 38.55.97.143 port 43972 [preauth]
Jun 22 12:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[829]: pam_unix(cron:session): session closed for user root
Jun 22 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: Failed password for root from 38.55.97.143 port 52832 ssh2
Jun 22 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: Connection closed by 38.55.97.143 port 52832 [preauth]
Jun 22 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2369]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2428]: Successful su for rubyman by root
Jun 22 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2428]: + ??? root:rubyman
Jun 22 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570863 of user rubyman.
Jun 22 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2428]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570863.
Jun 22 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session closed for user root
Jun 22 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2370]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 12:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Failed password for root from 103.122.221.179 port 36122 ssh2
Jun 22 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Connection closed by 103.122.221.179 port 36122 [preauth]
Jun 22 12:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2685]: Failed password for root from 38.55.97.143 port 38152 ssh2
Jun 22 12:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2685]: Connection closed by 38.55.97.143 port 38152 [preauth]
Jun 22 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1323]: pam_unix(cron:session): session closed for user root
Jun 22 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Invalid user carlos from 5.164.6.184
Jun 22 12:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: input_userauth_request: invalid user carlos [preauth]
Jun 22 12:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Failed password for invalid user carlos from 5.164.6.184 port 34826 ssh2
Jun 22 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Received disconnect from 5.164.6.184 port 34826:11: Bye Bye [preauth]
Jun 22 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Disconnected from 5.164.6.184 port 34826 [preauth]
Jun 22 12:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2794]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: Successful su for rubyman by root
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: + ??? root:rubyman
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570867 of user rubyman.
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570867.
Jun 22 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Failed password for root from 38.55.97.143 port 49808 ssh2
Jun 22 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Connection closed by 38.55.97.143 port 49808 [preauth]
Jun 22 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session closed for user root
Jun 22 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2795]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Received disconnect from 51.79.99.235 port 35850:11: disconnected by user [preauth]
Jun 22 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Disconnected from 51.79.99.235 port 35850 [preauth]
Jun 22 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Invalid user adrian from 141.98.83.240
Jun 22 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: input_userauth_request: invalid user adrian [preauth]
Jun 22 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Failed password for invalid user adrian from 141.98.83.240 port 53322 ssh2
Jun 22 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1873]: pam_unix(cron:session): session closed for user root
Jun 22 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Failed password for invalid user adrian from 141.98.83.240 port 53322 ssh2
Jun 22 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Failed password for invalid user adrian from 141.98.83.240 port 53322 ssh2
Jun 22 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Connection closed by 141.98.83.240 port 53322 [preauth]
Jun 22 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 12:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Invalid user hadoop from 38.55.97.143
Jun 22 12:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 12:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Failed password for invalid user hadoop from 38.55.97.143 port 54840 ssh2
Jun 22 12:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Connection closed by 38.55.97.143 port 54840 [preauth]
Jun 22 12:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 12:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Failed password for root from 51.250.105.222 port 55032 ssh2
Jun 22 12:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Connection closed by 51.250.105.222 port 55032 [preauth]
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session closed for user root
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3187]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: Successful su for rubyman by root
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: + ??? root:rubyman
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570874 of user rubyman.
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570874.
Jun 22 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3189]: pam_unix(cron:session): session closed for user root
Jun 22 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32733]: pam_unix(cron:session): session closed for user root
Jun 22 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Invalid user ahmed from 38.55.97.143
Jun 22 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: input_userauth_request: invalid user ahmed [preauth]
Jun 22 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Failed password for invalid user ahmed from 38.55.97.143 port 55498 ssh2
Jun 22 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Connection closed by 38.55.97.143 port 55498 [preauth]
Jun 22 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session closed for user root
Jun 22 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: Invalid user web from 38.55.97.143
Jun 22 12:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: input_userauth_request: invalid user web [preauth]
Jun 22 12:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: Failed password for invalid user web from 38.55.97.143 port 46364 ssh2
Jun 22 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: Connection closed by 38.55.97.143 port 46364 [preauth]
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3628]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: Successful su for rubyman by root
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: + ??? root:rubyman
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570879 of user rubyman.
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570879.
Jun 22 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[828]: pam_unix(cron:session): session closed for user root
Jun 22 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3629]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Invalid user super from 38.55.97.143
Jun 22 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: input_userauth_request: invalid user super [preauth]
Jun 22 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Failed password for invalid user super from 38.55.97.143 port 38852 ssh2
Jun 22 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Connection closed by 38.55.97.143 port 38852 [preauth]
Jun 22 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session closed for user root
Jun 22 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4225]: Failed password for root from 103.82.132.16 port 43298 ssh2
Jun 22 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4225]: Connection closed by 103.82.132.16 port 43298 [preauth]
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4244]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4241]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4305]: Successful su for rubyman by root
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4305]: + ??? root:rubyman
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570882 of user rubyman.
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4305]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570882.
Jun 22 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Failed password for root from 38.55.97.143 port 51886 ssh2
Jun 22 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Connection closed by 38.55.97.143 port 51886 [preauth]
Jun 22 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1322]: pam_unix(cron:session): session closed for user root
Jun 22 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4242]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3191]: pam_unix(cron:session): session closed for user root
Jun 22 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: Failed password for root from 38.55.97.143 port 36152 ssh2
Jun 22 12:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: Connection closed by 38.55.97.143 port 36152 [preauth]
Jun 22 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Invalid user nodejs from 5.164.6.184
Jun 22 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: input_userauth_request: invalid user nodejs [preauth]
Jun 22 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.164.6.184
Jun 22 12:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Failed password for invalid user nodejs from 5.164.6.184 port 32988 ssh2
Jun 22 12:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Received disconnect from 5.164.6.184 port 32988:11: Bye Bye [preauth]
Jun 22 12:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Disconnected from 5.164.6.184 port 32988 [preauth]
Jun 22 12:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 12:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: Failed password for root from 103.27.238.116 port 44264 ssh2
Jun 22 12:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: Connection closed by 103.27.238.116 port 44264 [preauth]
Jun 22 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4653]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4723]: Successful su for rubyman by root
Jun 22 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4723]: + ??? root:rubyman
Jun 22 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570886 of user rubyman.
Jun 22 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4723]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570886.
Jun 22 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1872]: pam_unix(cron:session): session closed for user root
Jun 22 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4654]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: Failed password for root from 38.55.97.143 port 48810 ssh2
Jun 22 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: Connection closed by 38.55.97.143 port 48810 [preauth]
Jun 22 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session closed for user root
Jun 22 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5110]: Failed password for root from 38.55.97.143 port 34846 ssh2
Jun 22 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5110]: Connection closed by 38.55.97.143 port 34846 [preauth]
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5173]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5292]: Successful su for rubyman by root
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5292]: + ??? root:rubyman
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570891 of user rubyman.
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5292]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570891.
Jun 22 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5171]: pam_unix(cron:session): session closed for user root
Jun 22 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session closed for user root
Jun 22 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5531]: Failed password for root from 38.55.97.143 port 49006 ssh2
Jun 22 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5531]: Connection closed by 38.55.97.143 port 49006 [preauth]
Jun 22 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4244]: pam_unix(cron:session): session closed for user root
Jun 22 12:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: Invalid user ftpuser from 38.55.97.143
Jun 22 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: Failed password for invalid user ftpuser from 38.55.97.143 port 33694 ssh2
Jun 22 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: Connection closed by 38.55.97.143 port 33694 [preauth]
Jun 22 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session closed for user root
Jun 22 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5666]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5733]: Successful su for rubyman by root
Jun 22 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5733]: + ??? root:rubyman
Jun 22 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570896 of user rubyman.
Jun 22 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5733]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570896.
Jun 22 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2796]: pam_unix(cron:session): session closed for user root
Jun 22 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session closed for user root
Jun 22 12:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Invalid user user from 38.55.97.143
Jun 22 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: input_userauth_request: invalid user user [preauth]
Jun 22 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Failed password for invalid user user from 38.55.97.143 port 41512 ssh2
Jun 22 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Connection closed by 38.55.97.143 port 41512 [preauth]
Jun 22 12:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4656]: pam_unix(cron:session): session closed for user root
Jun 22 12:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Invalid user ubuntu from 38.55.97.143
Jun 22 12:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 12:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Failed password for invalid user ubuntu from 38.55.97.143 port 54354 ssh2
Jun 22 12:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Connection closed by 38.55.97.143 port 54354 [preauth]
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6158]: Successful su for rubyman by root
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6158]: + ??? root:rubyman
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570900 of user rubyman.
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6158]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570900.
Jun 22 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3190]: pam_unix(cron:session): session closed for user root
Jun 22 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6088]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Failed password for root from 38.55.97.143 port 38408 ssh2
Jun 22 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5176]: pam_unix(cron:session): session closed for user root
Jun 22 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Connection closed by 38.55.97.143 port 38408 [preauth]
Jun 22 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6555]: Successful su for rubyman by root
Jun 22 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6555]: + ??? root:rubyman
Jun 22 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570905 of user rubyman.
Jun 22 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6555]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570905.
Jun 22 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3630]: pam_unix(cron:session): session closed for user root
Jun 22 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: Failed password for root from 38.55.97.143 port 45170 ssh2
Jun 22 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: Connection closed by 38.55.97.143 port 45170 [preauth]
Jun 22 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Received disconnect from 193.142.43.122 port 46580:11: disconnected by user [preauth]
Jun 22 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Disconnected from 193.142.43.122 port 46580 [preauth]
Jun 22 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5671]: pam_unix(cron:session): session closed for user root
Jun 22 12:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Failed password for root from 38.55.97.143 port 60188 ssh2
Jun 22 12:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Connection closed by 38.55.97.143 port 60188 [preauth]
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6913]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6997]: Successful su for rubyman by root
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6997]: + ??? root:rubyman
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570908 of user rubyman.
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6997]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570908.
Jun 22 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4243]: pam_unix(cron:session): session closed for user root
Jun 22 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6914]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Failed password for root from 38.55.97.143 port 45210 ssh2
Jun 22 12:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Connection closed by 38.55.97.143 port 45210 [preauth]
Jun 22 12:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 12:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: Failed password for root from 103.77.175.15 port 45906 ssh2
Jun 22 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: Connection closed by 103.77.175.15 port 45906 [preauth]
Jun 22 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session closed for user root
Jun 22 12:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7382]: Failed password for root from 38.55.97.143 port 58886 ssh2
Jun 22 12:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7382]: Connection closed by 38.55.97.143 port 58886 [preauth]
Jun 22 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7470]: Successful su for rubyman by root
Jun 22 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7470]: + ??? root:rubyman
Jun 22 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570912 of user rubyman.
Jun 22 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7470]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570912.
Jun 22 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4655]: pam_unix(cron:session): session closed for user root
Jun 22 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7412]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Invalid user pi from 38.55.97.143
Jun 22 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: input_userauth_request: invalid user pi [preauth]
Jun 22 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Failed password for invalid user pi from 38.55.97.143 port 44208 ssh2
Jun 22 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Connection closed by 38.55.97.143 port 44208 [preauth]
Jun 22 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session closed for user root
Jun 22 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Invalid user oracle from 38.55.97.143
Jun 22 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: input_userauth_request: invalid user oracle [preauth]
Jun 22 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Failed password for invalid user oracle from 38.55.97.143 port 55100 ssh2
Jun 22 12:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Connection closed by 38.55.97.143 port 55100 [preauth]
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session closed for user root
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7899]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7963]: Successful su for rubyman by root
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7963]: + ??? root:rubyman
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570919 of user rubyman.
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7963]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570919.
Jun 22 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7901]: pam_unix(cron:session): session closed for user root
Jun 22 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5175]: pam_unix(cron:session): session closed for user root
Jun 22 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7900]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: Invalid user admin from 2.57.121.25
Jun 22 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: input_userauth_request: invalid user admin [preauth]
Jun 22 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 12:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: Failed password for invalid user admin from 2.57.121.25 port 59824 ssh2
Jun 22 12:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: Failed password for invalid user admin from 2.57.121.25 port 59824 ssh2
Jun 22 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: Failed password for invalid user admin from 2.57.121.25 port 59824 ssh2
Jun 22 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: Connection closed by 2.57.121.25 port 59824 [preauth]
Jun 22 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 12:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: Failed password for root from 193.37.70.224 port 44106 ssh2
Jun 22 12:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: Connection closed by 193.37.70.224 port 44106 [preauth]
Jun 22 12:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: Invalid user mcserver from 38.55.97.143
Jun 22 12:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: input_userauth_request: invalid user mcserver [preauth]
Jun 22 12:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: Failed password for invalid user mcserver from 38.55.97.143 port 38968 ssh2
Jun 22 12:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: Connection closed by 38.55.97.143 port 38968 [preauth]
Jun 22 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6917]: pam_unix(cron:session): session closed for user root
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8320]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8391]: Successful su for rubyman by root
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8391]: + ??? root:rubyman
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570924 of user rubyman.
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8391]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570924.
Jun 22 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5670]: pam_unix(cron:session): session closed for user root
Jun 22 12:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: Invalid user test from 193.46.255.86
Jun 22 12:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: input_userauth_request: invalid user test [preauth]
Jun 22 12:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 12:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: Failed password for invalid user test from 193.46.255.86 port 51784 ssh2
Jun 22 12:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: Invalid user adam from 38.55.97.143
Jun 22 12:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: input_userauth_request: invalid user adam [preauth]
Jun 22 12:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: Failed password for invalid user adam from 38.55.97.143 port 38626 ssh2
Jun 22 12:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: Failed password for invalid user test from 193.46.255.86 port 51784 ssh2
Jun 22 12:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: Connection closed by 38.55.97.143 port 38626 [preauth]
Jun 22 12:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: Failed password for invalid user test from 193.46.255.86 port 51784 ssh2
Jun 22 12:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: Connection closed by 193.46.255.86 port 51784 [preauth]
Jun 22 12:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session closed for user root
Jun 22 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Invalid user ts3 from 38.55.97.143
Jun 22 12:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: input_userauth_request: invalid user ts3 [preauth]
Jun 22 12:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Failed password for invalid user ts3 from 38.55.97.143 port 59082 ssh2
Jun 22 12:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Connection closed by 38.55.97.143 port 59082 [preauth]
Jun 22 12:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8727]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8727]: Received disconnect from 176.65.131.147 port 55456:11: disconnected by user [preauth]
Jun 22 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8727]: Disconnected from 176.65.131.147 port 55456 [preauth]
Jun 22 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8738]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8799]: Successful su for rubyman by root
Jun 22 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8799]: + ??? root:rubyman
Jun 22 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570926 of user rubyman.
Jun 22 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8799]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570926.
Jun 22 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session closed for user root
Jun 22 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8739]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: Invalid user test from 38.55.97.143
Jun 22 12:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: input_userauth_request: invalid user test [preauth]
Jun 22 12:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: Failed password for invalid user test from 38.55.97.143 port 44908 ssh2
Jun 22 12:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: Connection closed by 38.55.97.143 port 44908 [preauth]
Jun 22 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7903]: pam_unix(cron:session): session closed for user root
Jun 22 12:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9115]: Failed password for root from 38.55.97.143 port 54904 ssh2
Jun 22 12:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9115]: Connection closed by 38.55.97.143 port 54904 [preauth]
Jun 22 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9136]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9197]: Successful su for rubyman by root
Jun 22 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9197]: + ??? root:rubyman
Jun 22 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570931 of user rubyman.
Jun 22 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9197]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570931.
Jun 22 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session closed for user root
Jun 22 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9137]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 12:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9438]: Failed password for root from 193.24.211.107 port 35798 ssh2
Jun 22 12:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9438]: Received disconnect from 193.24.211.107 port 35798:11: Client disconnecting normally [preauth]
Jun 22 12:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9438]: Disconnected from 193.24.211.107 port 35798 [preauth]
Jun 22 12:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 12:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: Failed password for root from 38.55.97.143 port 42538 ssh2
Jun 22 12:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: Connection closed by 38.55.97.143 port 42538 [preauth]
Jun 22 12:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: Failed password for root from 38.93.206.2 port 55760 ssh2
Jun 22 12:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: Connection closed by 38.93.206.2 port 55760 [preauth]
Jun 22 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8323]: pam_unix(cron:session): session closed for user root
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9585]: Successful su for rubyman by root
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9585]: + ??? root:rubyman
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570934 of user rubyman.
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9585]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570934.
Jun 22 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6915]: pam_unix(cron:session): session closed for user root
Jun 22 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Failed password for root from 38.55.97.143 port 57174 ssh2
Jun 22 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Connection closed by 38.55.97.143 port 57174 [preauth]
Jun 22 12:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 12:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Failed password for root from 77.94.47.83 port 39996 ssh2
Jun 22 12:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Connection closed by 77.94.47.83 port 39996 [preauth]
Jun 22 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8741]: pam_unix(cron:session): session closed for user root
Jun 22 12:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Failed password for root from 38.55.97.143 port 40890 ssh2
Jun 22 12:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Connection closed by 38.55.97.143 port 40890 [preauth]
Jun 22 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session closed for user root
Jun 22 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10108]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: Successful su for rubyman by root
Jun 22 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: + ??? root:rubyman
Jun 22 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570938 of user rubyman.
Jun 22 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570938.
Jun 22 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session closed for user root
Jun 22 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7413]: pam_unix(cron:session): session closed for user root
Jun 22 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10109]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 12:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Failed password for root from 38.55.97.143 port 54804 ssh2
Jun 22 12:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Connection closed by 38.55.97.143 port 54804 [preauth]
Jun 22 12:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10492]: Failed password for root from 109.237.96.109 port 54934 ssh2
Jun 22 12:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10492]: Connection closed by 109.237.96.109 port 54934 [preauth]
Jun 22 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9139]: pam_unix(cron:session): session closed for user root
Jun 22 12:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: Failed password for root from 38.55.97.143 port 37222 ssh2
Jun 22 12:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: Connection closed by 38.55.97.143 port 37222 [preauth]
Jun 22 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10639]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: Successful su for rubyman by root
Jun 22 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: + ??? root:rubyman
Jun 22 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570944 of user rubyman.
Jun 22 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570944.
Jun 22 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7902]: pam_unix(cron:session): session closed for user root
Jun 22 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10640]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Failed password for root from 38.55.97.143 port 51216 ssh2
Jun 22 12:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Connection closed by 38.55.97.143 port 51216 [preauth]
Jun 22 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9528]: pam_unix(cron:session): session closed for user root
Jun 22 12:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11046]: Received disconnect from 51.79.99.235 port 58532:11: disconnected by user [preauth]
Jun 22 12:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11046]: Disconnected from 51.79.99.235 port 58532 [preauth]
Jun 22 12:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 12:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: Failed password for root from 38.55.97.143 port 39400 ssh2
Jun 22 12:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: Connection closed by 38.55.97.143 port 39400 [preauth]
Jun 22 12:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: Failed password for root from 194.113.233.25 port 44342 ssh2
Jun 22 12:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: Connection closed by 194.113.233.25 port 44342 [preauth]
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11073]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11137]: Successful su for rubyman by root
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11137]: + ??? root:rubyman
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570949 of user rubyman.
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11137]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570949.
Jun 22 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session closed for user root
Jun 22 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11075]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Failed password for root from 38.55.97.143 port 50832 ssh2
Jun 22 12:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Connection closed by 38.55.97.143 port 50832 [preauth]
Jun 22 12:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10114]: pam_unix(cron:session): session closed for user root
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11503]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11561]: Successful su for rubyman by root
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11561]: + ??? root:rubyman
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570954 of user rubyman.
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11561]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570954.
Jun 22 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8740]: pam_unix(cron:session): session closed for user root
Jun 22 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: Failed password for root from 38.55.97.143 port 37906 ssh2
Jun 22 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: Connection closed by 38.55.97.143 port 37906 [preauth]
Jun 22 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11504]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10644]: pam_unix(cron:session): session closed for user root
Jun 22 12:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Failed password for root from 38.55.97.143 port 51220 ssh2
Jun 22 12:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Connection closed by 38.55.97.143 port 51220 [preauth]
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11954]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: Successful su for rubyman by root
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: + ??? root:rubyman
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570957 of user rubyman.
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570957.
Jun 22 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9138]: pam_unix(cron:session): session closed for user root
Jun 22 12:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11959]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: Failed password for root from 38.55.97.143 port 36802 ssh2
Jun 22 12:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: Connection closed by 38.55.97.143 port 36802 [preauth]
Jun 22 12:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11077]: pam_unix(cron:session): session closed for user root
Jun 22 12:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12432]: Failed password for root from 38.55.97.143 port 51200 ssh2
Jun 22 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12432]: Connection closed by 38.55.97.143 port 51200 [preauth]
Jun 22 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12484]: pam_unix(cron:session): session closed for user root
Jun 22 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12479]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: Successful su for rubyman by root
Jun 22 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: + ??? root:rubyman
Jun 22 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570964 of user rubyman.
Jun 22 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570964.
Jun 22 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9527]: pam_unix(cron:session): session closed for user root
Jun 22 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12481]: pam_unix(cron:session): session closed for user root
Jun 22 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12480]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: Failed password for root from 38.55.97.143 port 60250 ssh2
Jun 22 12:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: Connection closed by 38.55.97.143 port 60250 [preauth]
Jun 22 12:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session closed for user root
Jun 22 12:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: Failed password for root from 38.55.97.143 port 45952 ssh2
Jun 22 12:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: Connection closed by 38.55.97.143 port 45952 [preauth]
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12924]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12990]: Successful su for rubyman by root
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12990]: + ??? root:rubyman
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570966 of user rubyman.
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12990]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570966.
Jun 22 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10113]: pam_unix(cron:session): session closed for user root
Jun 22 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session closed for user root
Jun 22 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: Failed password for root from 38.55.97.143 port 48966 ssh2
Jun 22 12:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: Connection closed by 38.55.97.143 port 48966 [preauth]
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13347]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13410]: Successful su for rubyman by root
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13410]: + ??? root:rubyman
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570970 of user rubyman.
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13410]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570970.
Jun 22 12:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session closed for user root
Jun 22 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13348]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Invalid user huawei from 38.55.97.143
Jun 22 12:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: input_userauth_request: invalid user huawei [preauth]
Jun 22 12:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Failed password for invalid user huawei from 38.55.97.143 port 34586 ssh2
Jun 22 12:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Connection closed by 38.55.97.143 port 34586 [preauth]
Jun 22 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12483]: pam_unix(cron:session): session closed for user root
Jun 22 12:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: Invalid user sysadmin from 38.55.97.143
Jun 22 12:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: input_userauth_request: invalid user sysadmin [preauth]
Jun 22 12:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 12:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: Failed password for invalid user sysadmin from 38.55.97.143 port 49574 ssh2
Jun 22 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: Connection closed by 38.55.97.143 port 49574 [preauth]
Jun 22 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13751]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13812]: Successful su for rubyman by root
Jun 22 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13812]: + ??? root:rubyman
Jun 22 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570974 of user rubyman.
Jun 22 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13812]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570974.
Jun 22 12:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11076]: pam_unix(cron:session): session closed for user root
Jun 22 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Failed password for root from 38.55.97.143 port 34304 ssh2
Jun 22 12:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Connection closed by 38.55.97.143 port 34304 [preauth]
Jun 22 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12927]: pam_unix(cron:session): session closed for user root
Jun 22 12:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14128]: Failed password for root from 38.55.97.143 port 46912 ssh2
Jun 22 12:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14128]: Connection closed by 38.55.97.143 port 46912 [preauth]
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14147]: pam_unix(cron:session): session closed for user p13x
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14208]: Successful su for rubyman by root
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14208]: + ??? root:rubyman
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570978 of user rubyman.
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14208]: pam_unix(su:session): session closed for user rubyman
Jun 22 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570978.
Jun 22 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11505]: pam_unix(cron:session): session closed for user root
Jun 22 12:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session closed for user samftp
Jun 22 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Failed password for root from 38.55.97.143 port 33172 ssh2
Jun 22 12:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Connection closed by 38.55.97.143 port 33172 [preauth]
Jun 22 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13350]: pam_unix(cron:session): session closed for user root
Jun 22 12:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 12:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: Failed password for root from 38.55.97.143 port 44708 ssh2
Jun 22 13:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: Connection closed by 38.55.97.143 port 44708 [preauth]
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14545]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session closed for user root
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14544]: pam_unix(cron:session): session closed for user root
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14542]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: Successful su for rubyman by root
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: + ??? root:rubyman
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570987 of user rubyman.
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570987.
Jun 22 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14545]: pam_unix(cron:session): session closed for user root
Jun 22 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session closed for user root
Jun 22 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14543]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session closed for user root
Jun 22 13:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: Failed password for root from 38.55.97.143 port 57082 ssh2
Jun 22 13:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: Connection closed by 38.55.97.143 port 57082 [preauth]
Jun 22 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15197]: Successful su for rubyman by root
Jun 22 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15197]: + ??? root:rubyman
Jun 22 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570990 of user rubyman.
Jun 22 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15197]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570990.
Jun 22 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12482]: pam_unix(cron:session): session closed for user root
Jun 22 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Failed password for root from 38.55.97.143 port 41480 ssh2
Jun 22 13:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Connection closed by 38.55.97.143 port 41480 [preauth]
Jun 22 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14151]: pam_unix(cron:session): session closed for user root
Jun 22 13:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15472]: Failed password for root from 38.55.97.143 port 52558 ssh2
Jun 22 13:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15472]: Connection closed by 38.55.97.143 port 52558 [preauth]
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15521]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15580]: Successful su for rubyman by root
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15580]: + ??? root:rubyman
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570994 of user rubyman.
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15580]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570994.
Jun 22 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12926]: pam_unix(cron:session): session closed for user root
Jun 22 13:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15522]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Failed password for root from 38.55.97.143 port 36292 ssh2
Jun 22 13:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Connection closed by 38.55.97.143 port 36292 [preauth]
Jun 22 13:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 22 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14547]: pam_unix(cron:session): session closed for user root
Jun 22 13:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Failed password for root from 46.19.67.181 port 49158 ssh2
Jun 22 13:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Connection closed by 46.19.67.181 port 49158 [preauth]
Jun 22 13:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Did not receive identification string from 52.15.76.227
Jun 22 13:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: Failed password for root from 38.55.97.143 port 49808 ssh2
Jun 22 13:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: Connection closed by 38.55.97.143 port 49808 [preauth]
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15930]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15928]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15988]: Successful su for rubyman by root
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15988]: + ??? root:rubyman
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 570998 of user rubyman.
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15988]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 570998.
Jun 22 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13349]: pam_unix(cron:session): session closed for user root
Jun 22 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15929]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Failed password for root from 38.55.97.143 port 35104 ssh2
Jun 22 13:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Connection closed by 38.55.97.143 port 35104 [preauth]
Jun 22 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session closed for user root
Jun 22 13:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: Failed password for root from 38.55.97.143 port 46292 ssh2
Jun 22 13:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: Connection closed by 38.55.97.143 port 46292 [preauth]
Jun 22 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16321]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16318]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: Successful su for rubyman by root
Jun 22 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: + ??? root:rubyman
Jun 22 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571004 of user rubyman.
Jun 22 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571004.
Jun 22 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13753]: pam_unix(cron:session): session closed for user root
Jun 22 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16319]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session closed for user root
Jun 22 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: Failed password for root from 38.55.97.143 port 60636 ssh2
Jun 22 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: Connection closed by 38.55.97.143 port 60636 [preauth]
Jun 22 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16718]: pam_unix(cron:session): session closed for user root
Jun 22 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16781]: Successful su for rubyman by root
Jun 22 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16781]: + ??? root:rubyman
Jun 22 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571006 of user rubyman.
Jun 22 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16781]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571006.
Jun 22 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14150]: pam_unix(cron:session): session closed for user root
Jun 22 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16715]: pam_unix(cron:session): session closed for user root
Jun 22 13:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Failed password for root from 38.55.97.143 port 47342 ssh2
Jun 22 13:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Connection closed by 38.55.97.143 port 47342 [preauth]
Jun 22 13:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16714]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 13:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: Failed password for root from 193.24.211.107 port 46267 ssh2
Jun 22 13:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: Received disconnect from 193.24.211.107 port 46267:11: Client disconnecting normally [preauth]
Jun 22 13:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: Disconnected from 193.24.211.107 port 46267 [preauth]
Jun 22 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15931]: pam_unix(cron:session): session closed for user root
Jun 22 13:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: Failed password for root from 38.55.97.143 port 39470 ssh2
Jun 22 13:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: Connection closed by 38.55.97.143 port 39470 [preauth]
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17237]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17311]: Successful su for rubyman by root
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17311]: + ??? root:rubyman
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571011 of user rubyman.
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17311]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571011.
Jun 22 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14546]: pam_unix(cron:session): session closed for user root
Jun 22 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: Failed password for root from 38.55.97.143 port 57944 ssh2
Jun 22 13:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: Connection closed by 38.55.97.143 port 57944 [preauth]
Jun 22 13:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16321]: pam_unix(cron:session): session closed for user root
Jun 22 13:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Failed password for root from 38.55.97.143 port 48930 ssh2
Jun 22 13:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Connection closed by 38.55.97.143 port 48930 [preauth]
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17748]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17816]: Successful su for rubyman by root
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17816]: + ??? root:rubyman
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571017 of user rubyman.
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17816]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571017.
Jun 22 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session closed for user root
Jun 22 13:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17738]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Failed password for root from 38.55.97.143 port 34396 ssh2
Jun 22 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Connection closed by 38.55.97.143 port 34396 [preauth]
Jun 22 13:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Invalid user amani from 141.98.83.240
Jun 22 13:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: input_userauth_request: invalid user amani [preauth]
Jun 22 13:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 13:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Failed password for invalid user amani from 141.98.83.240 port 61132 ssh2
Jun 22 13:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Failed password for invalid user amani from 141.98.83.240 port 61132 ssh2
Jun 22 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16717]: pam_unix(cron:session): session closed for user root
Jun 22 13:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Failed password for invalid user amani from 141.98.83.240 port 61132 ssh2
Jun 22 13:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Connection closed by 141.98.83.240 port 61132 [preauth]
Jun 22 13:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 13:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 13:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18146]: Failed password for root from 62.133.62.83 port 48818 ssh2
Jun 22 13:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18146]: Connection closed by 62.133.62.83 port 48818 [preauth]
Jun 22 13:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18170]: User mysql from 38.55.97.143 not allowed because not listed in AllowUsers
Jun 22 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18170]: input_userauth_request: invalid user mysql [preauth]
Jun 22 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=mysql
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18181]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18170]: Failed password for invalid user mysql from 38.55.97.143 port 48798 ssh2
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18170]: Connection closed by 38.55.97.143 port 48798 [preauth]
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18252]: Successful su for rubyman by root
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18252]: + ??? root:rubyman
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571019 of user rubyman.
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18252]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571019.
Jun 22 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session closed for user root
Jun 22 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18182]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session closed for user root
Jun 22 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: Invalid user max from 38.55.97.143
Jun 22 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: input_userauth_request: invalid user max [preauth]
Jun 22 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: Failed password for invalid user max from 38.55.97.143 port 34822 ssh2
Jun 22 13:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18602]: Connection closed by 38.55.97.143 port 34822 [preauth]
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18686]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: Successful su for rubyman by root
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: + ??? root:rubyman
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571025 of user rubyman.
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571025.
Jun 22 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session closed for user root
Jun 22 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15930]: pam_unix(cron:session): session closed for user root
Jun 22 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18687]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Invalid user master from 38.55.97.143
Jun 22 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: input_userauth_request: invalid user master [preauth]
Jun 22 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Failed password for invalid user master from 38.55.97.143 port 48504 ssh2
Jun 22 13:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Connection closed by 38.55.97.143 port 48504 [preauth]
Jun 22 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17748]: pam_unix(cron:session): session closed for user root
Jun 22 13:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19237]: Invalid user ftpadmin from 38.55.97.143
Jun 22 13:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19237]: input_userauth_request: invalid user ftpadmin [preauth]
Jun 22 13:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19237]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19237]: Failed password for invalid user ftpadmin from 38.55.97.143 port 35010 ssh2
Jun 22 13:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19237]: Connection closed by 38.55.97.143 port 35010 [preauth]
Jun 22 13:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Did not receive identification string from 137.184.82.243
Jun 22 13:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: Bad protocol version identification '' from 137.184.82.243 port 43018
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19297]: pam_unix(cron:session): session closed for user root
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19360]: Successful su for rubyman by root
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19360]: + ??? root:rubyman
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571029 of user rubyman.
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19360]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571029.
Jun 22 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session closed for user root
Jun 22 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session closed for user root
Jun 22 13:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19293]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: Invalid user dspace from 38.55.97.143
Jun 22 13:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: input_userauth_request: invalid user dspace [preauth]
Jun 22 13:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: Failed password for invalid user dspace from 38.55.97.143 port 50164 ssh2
Jun 22 13:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: Connection closed by 38.55.97.143 port 50164 [preauth]
Jun 22 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18184]: pam_unix(cron:session): session closed for user root
Jun 22 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Invalid user admin from 38.55.97.143
Jun 22 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: input_userauth_request: invalid user admin [preauth]
Jun 22 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Failed password for invalid user admin from 38.55.97.143 port 33640 ssh2
Jun 22 13:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Connection closed by 38.55.97.143 port 33640 [preauth]
Jun 22 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19960]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20029]: Successful su for rubyman by root
Jun 22 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20029]: + ??? root:rubyman
Jun 22 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571034 of user rubyman.
Jun 22 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20029]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571034.
Jun 22 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16716]: pam_unix(cron:session): session closed for user root
Jun 22 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19961]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 13:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: Failed password for root from 103.153.68.219 port 44486 ssh2
Jun 22 13:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: Connection closed by 103.153.68.219 port 44486 [preauth]
Jun 22 13:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: Failed password for root from 38.55.97.143 port 47646 ssh2
Jun 22 13:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: Connection closed by 38.55.97.143 port 47646 [preauth]
Jun 22 13:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18689]: pam_unix(cron:session): session closed for user root
Jun 22 13:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 13:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20432]: Failed password for root from 80.66.85.226 port 57964 ssh2
Jun 22 13:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20432]: Connection closed by 80.66.85.226 port 57964 [preauth]
Jun 22 13:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: Failed password for root from 38.55.97.143 port 34362 ssh2
Jun 22 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20492]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: Connection closed by 38.55.97.143 port 34362 [preauth]
Jun 22 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20553]: Successful su for rubyman by root
Jun 22 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20553]: + ??? root:rubyman
Jun 22 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571038 of user rubyman.
Jun 22 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20553]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571038.
Jun 22 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17239]: pam_unix(cron:session): session closed for user root
Jun 22 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20493]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19296]: pam_unix(cron:session): session closed for user root
Jun 22 13:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: Failed password for root from 38.55.97.143 port 47712 ssh2
Jun 22 13:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: Connection closed by 38.55.97.143 port 47712 [preauth]
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20980]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: Successful su for rubyman by root
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: + ??? root:rubyman
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571042 of user rubyman.
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571042.
Jun 22 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17740]: pam_unix(cron:session): session closed for user root
Jun 22 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Failed password for root from 38.55.97.143 port 34638 ssh2
Jun 22 13:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Connection closed by 38.55.97.143 port 34638 [preauth]
Jun 22 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19964]: pam_unix(cron:session): session closed for user root
Jun 22 13:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: Failed password for root from 38.55.97.143 port 48898 ssh2
Jun 22 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: Connection closed by 38.55.97.143 port 48898 [preauth]
Jun 22 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: Successful su for rubyman by root
Jun 22 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: + ??? root:rubyman
Jun 22 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571046 of user rubyman.
Jun 22 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571046.
Jun 22 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18183]: pam_unix(cron:session): session closed for user root
Jun 22 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Failed password for root from 38.55.97.143 port 34620 ssh2
Jun 22 13:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Connection closed by 38.55.97.143 port 34620 [preauth]
Jun 22 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session closed for user root
Jun 22 13:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: Failed password for root from 38.55.97.143 port 49760 ssh2
Jun 22 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: Connection closed by 38.55.97.143 port 49760 [preauth]
Jun 22 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21837]: pam_unix(cron:session): session closed for user root
Jun 22 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21831]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21903]: Successful su for rubyman by root
Jun 22 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21903]: + ??? root:rubyman
Jun 22 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571054 of user rubyman.
Jun 22 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21903]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571054.
Jun 22 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21833]: pam_unix(cron:session): session closed for user root
Jun 22 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18688]: pam_unix(cron:session): session closed for user root
Jun 22 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21832]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Failed password for root from 38.55.97.143 port 35882 ssh2
Jun 22 13:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Connection closed by 38.55.97.143 port 35882 [preauth]
Jun 22 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session closed for user root
Jun 22 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Failed password for root from 147.45.199.80 port 36254 ssh2
Jun 22 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Connection closed by 147.45.199.80 port 36254 [preauth]
Jun 22 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22291]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22446]: Successful su for rubyman by root
Jun 22 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22446]: + ??? root:rubyman
Jun 22 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571056 of user rubyman.
Jun 22 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22446]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571056.
Jun 22 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: Failed password for root from 38.55.97.143 port 49648 ssh2
Jun 22 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: Connection closed by 38.55.97.143 port 49648 [preauth]
Jun 22 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session closed for user root
Jun 22 13:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22292]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21393]: pam_unix(cron:session): session closed for user root
Jun 22 13:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: Failed password for root from 38.55.97.143 port 50542 ssh2
Jun 22 13:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: Connection closed by 38.55.97.143 port 50542 [preauth]
Jun 22 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22777]: pam_unix(cron:session): session closed for user root
Jun 22 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22779]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22852]: Successful su for rubyman by root
Jun 22 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22852]: + ??? root:rubyman
Jun 22 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571062 of user rubyman.
Jun 22 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22852]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571062.
Jun 22 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19962]: pam_unix(cron:session): session closed for user root
Jun 22 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22781]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: Failed password for root from 38.55.97.143 port 47932 ssh2
Jun 22 13:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: Connection closed by 38.55.97.143 port 47932 [preauth]
Jun 22 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21836]: pam_unix(cron:session): session closed for user root
Jun 22 13:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: Failed password for root from 38.55.97.143 port 34818 ssh2
Jun 22 13:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: Connection closed by 38.55.97.143 port 34818 [preauth]
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23255]: Successful su for rubyman by root
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23255]: + ??? root:rubyman
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571066 of user rubyman.
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23255]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571066.
Jun 22 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session closed for user root
Jun 22 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23183]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Failed password for root from 38.55.97.143 port 47272 ssh2
Jun 22 13:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Connection closed by 38.55.97.143 port 47272 [preauth]
Jun 22 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session closed for user root
Jun 22 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23615]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23684]: Successful su for rubyman by root
Jun 22 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23684]: + ??? root:rubyman
Jun 22 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571070 of user rubyman.
Jun 22 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23684]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571070.
Jun 22 13:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20982]: pam_unix(cron:session): session closed for user root
Jun 22 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23616]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Failed password for root from 38.55.97.143 port 59766 ssh2
Jun 22 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Connection closed by 38.55.97.143 port 59766 [preauth]
Jun 22 13:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22783]: pam_unix(cron:session): session closed for user root
Jun 22 13:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24065]: Failed password for root from 38.55.97.143 port 46054 ssh2
Jun 22 13:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24065]: Connection closed by 38.55.97.143 port 46054 [preauth]
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session closed for user root
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24126]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24197]: Successful su for rubyman by root
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24197]: + ??? root:rubyman
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571076 of user rubyman.
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24197]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571076.
Jun 22 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session closed for user root
Jun 22 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21392]: pam_unix(cron:session): session closed for user root
Jun 22 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: Failed password for root from 103.149.28.157 port 55166 ssh2
Jun 22 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: Connection closed by 103.149.28.157 port 55166 [preauth]
Jun 22 13:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Failed password for root from 38.55.97.143 port 33200 ssh2
Jun 22 13:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Connection closed by 38.55.97.143 port 33200 [preauth]
Jun 22 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23185]: pam_unix(cron:session): session closed for user root
Jun 22 13:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: Received disconnect from 154.16.115.17 port 42026:11: disconnected by user [preauth]
Jun 22 13:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24533]: Disconnected from 154.16.115.17 port 42026 [preauth]
Jun 22 13:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 22 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: Failed password for root from 89.223.69.22 port 41212 ssh2
Jun 22 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: Connection closed by 89.223.69.22 port 41212 [preauth]
Jun 22 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 13:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: Failed password for root from 38.55.97.143 port 46324 ssh2
Jun 22 13:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: Connection closed by 38.55.97.143 port 46324 [preauth]
Jun 22 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: Failed password for root from 37.233.85.71 port 38466 ssh2
Jun 22 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: Connection closed by 37.233.85.71 port 38466 [preauth]
Jun 22 13:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Invalid user admin from 117.175.140.121
Jun 22 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: input_userauth_request: invalid user admin [preauth]
Jun 22 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.175.140.121
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24595]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24683]: Successful su for rubyman by root
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24683]: + ??? root:rubyman
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571079 of user rubyman.
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24683]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571079.
Jun 22 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Failed password for invalid user admin from 117.175.140.121 port 55036 ssh2
Jun 22 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Connection closed by 117.175.140.121 port 55036 [preauth]
Jun 22 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21835]: pam_unix(cron:session): session closed for user root
Jun 22 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24596]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Failed password for root from 38.55.97.143 port 36400 ssh2
Jun 22 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Connection closed by 38.55.97.143 port 36400 [preauth]
Jun 22 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23618]: pam_unix(cron:session): session closed for user root
Jun 22 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Invalid user orangepi from 117.175.140.121
Jun 22 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: input_userauth_request: invalid user orangepi [preauth]
Jun 22 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.175.140.121
Jun 22 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Failed password for invalid user orangepi from 117.175.140.121 port 38938 ssh2
Jun 22 13:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Connection closed by 117.175.140.121 port 38938 [preauth]
Jun 22 13:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 13:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: Failed password for root from 103.27.238.120 port 60750 ssh2
Jun 22 13:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: Connection closed by 103.27.238.120 port 60750 [preauth]
Jun 22 13:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: Invalid user test from 38.55.97.143
Jun 22 13:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: input_userauth_request: invalid user test [preauth]
Jun 22 13:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: Failed password for invalid user test from 38.55.97.143 port 54830 ssh2
Jun 22 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: Connection closed by 38.55.97.143 port 54830 [preauth]
Jun 22 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25029]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25096]: Successful su for rubyman by root
Jun 22 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25096]: + ??? root:rubyman
Jun 22 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571084 of user rubyman.
Jun 22 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25096]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571084.
Jun 22 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22293]: pam_unix(cron:session): session closed for user root
Jun 22 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25030]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Failed password for root from 193.24.211.107 port 33737 ssh2
Jun 22 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Received disconnect from 193.24.211.107 port 33737:11: Client disconnecting normally [preauth]
Jun 22 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Disconnected from 193.24.211.107 port 33737 [preauth]
Jun 22 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.175.140.121  user=root
Jun 22 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: Failed password for root from 117.175.140.121 port 53566 ssh2
Jun 22 13:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: Connection closed by 117.175.140.121 port 53566 [preauth]
Jun 22 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user root
Jun 22 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Invalid user test1 from 38.55.97.143
Jun 22 13:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: input_userauth_request: invalid user test1 [preauth]
Jun 22 13:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Failed password for invalid user test1 from 38.55.97.143 port 40332 ssh2
Jun 22 13:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Connection closed by 38.55.97.143 port 40332 [preauth]
Jun 22 13:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.175.140.121  user=root
Jun 22 13:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25400]: Failed password for root from 117.175.140.121 port 43666 ssh2
Jun 22 13:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25400]: Connection closed by 117.175.140.121 port 43666 [preauth]
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: Successful su for rubyman by root
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: + ??? root:rubyman
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571087 of user rubyman.
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571087.
Jun 22 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22782]: pam_unix(cron:session): session closed for user root
Jun 22 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25429]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: Invalid user telnet from 38.55.97.143
Jun 22 13:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: input_userauth_request: invalid user telnet [preauth]
Jun 22 13:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: Failed password for invalid user telnet from 38.55.97.143 port 57484 ssh2
Jun 22 13:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: Connection closed by 38.55.97.143 port 57484 [preauth]
Jun 22 13:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.175.140.121  user=root
Jun 22 13:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: Failed password for root from 117.175.140.121 port 51662 ssh2
Jun 22 13:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: Connection closed by 117.175.140.121 port 51662 [preauth]
Jun 22 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24599]: pam_unix(cron:session): session closed for user root
Jun 22 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: Failed password for root from 38.55.97.143 port 43876 ssh2
Jun 22 13:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: Connection closed by 38.55.97.143 port 43876 [preauth]
Jun 22 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25888]: Successful su for rubyman by root
Jun 22 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25888]: + ??? root:rubyman
Jun 22 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571091 of user rubyman.
Jun 22 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25888]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571091.
Jun 22 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23184]: pam_unix(cron:session): session closed for user root
Jun 22 13:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.175.140.121  user=root
Jun 22 13:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Failed password for root from 117.175.140.121 port 33154 ssh2
Jun 22 13:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Connection closed by 117.175.140.121 port 33154 [preauth]
Jun 22 13:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Failed password for root from 38.55.97.143 port 33152 ssh2
Jun 22 13:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Connection closed by 38.55.97.143 port 33152 [preauth]
Jun 22 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25032]: pam_unix(cron:session): session closed for user root
Jun 22 13:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.175.140.121  user=root
Jun 22 13:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Failed password for root from 117.175.140.121 port 51908 ssh2
Jun 22 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Connection closed by 117.175.140.121 port 51908 [preauth]
Jun 22 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: Failed password for root from 38.55.97.143 port 49370 ssh2
Jun 22 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: Connection closed by 38.55.97.143 port 49370 [preauth]
Jun 22 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26233]: pam_unix(cron:session): session closed for user root
Jun 22 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26301]: Successful su for rubyman by root
Jun 22 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26301]: + ??? root:rubyman
Jun 22 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571098 of user rubyman.
Jun 22 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26301]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571098.
Jun 22 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session closed for user root
Jun 22 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23617]: pam_unix(cron:session): session closed for user root
Jun 22 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25431]: pam_unix(cron:session): session closed for user root
Jun 22 13:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: Failed password for root from 38.55.97.143 port 34806 ssh2
Jun 22 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: Connection closed by 38.55.97.143 port 34806 [preauth]
Jun 22 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26808]: Successful su for rubyman by root
Jun 22 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26808]: + ??? root:rubyman
Jun 22 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571102 of user rubyman.
Jun 22 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26808]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571102.
Jun 22 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session closed for user root
Jun 22 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26658]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: Failed password for root from 38.55.97.143 port 50892 ssh2
Jun 22 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: Connection closed by 38.55.97.143 port 50892 [preauth]
Jun 22 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25831]: pam_unix(cron:session): session closed for user root
Jun 22 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27110]: Failed password for root from 38.55.97.143 port 50790 ssh2
Jun 22 13:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27110]: Connection closed by 38.55.97.143 port 50790 [preauth]
Jun 22 13:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 13:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Failed password for root from 87.251.79.125 port 37728 ssh2
Jun 22 13:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Connection closed by 87.251.79.125 port 37728 [preauth]
Jun 22 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27143]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27208]: Successful su for rubyman by root
Jun 22 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27208]: + ??? root:rubyman
Jun 22 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571105 of user rubyman.
Jun 22 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27208]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571105.
Jun 22 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24597]: pam_unix(cron:session): session closed for user root
Jun 22 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27144]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: Failed password for root from 38.55.97.143 port 50250 ssh2
Jun 22 13:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: Connection closed by 38.55.97.143 port 50250 [preauth]
Jun 22 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26232]: pam_unix(cron:session): session closed for user root
Jun 22 13:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27568]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27630]: Successful su for rubyman by root
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27630]: + ??? root:rubyman
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571110 of user rubyman.
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27630]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571110.
Jun 22 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Failed password for root from 38.55.97.143 port 38150 ssh2
Jun 22 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Connection closed by 38.55.97.143 port 38150 [preauth]
Jun 22 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25031]: pam_unix(cron:session): session closed for user root
Jun 22 13:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session closed for user root
Jun 22 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Failed password for root from 38.55.97.143 port 55984 ssh2
Jun 22 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Connection closed by 38.55.97.143 port 55984 [preauth]
Jun 22 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27980]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28049]: Successful su for rubyman by root
Jun 22 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28049]: + ??? root:rubyman
Jun 22 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571113 of user rubyman.
Jun 22 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28049]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571113.
Jun 22 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Did not receive identification string from 198.235.24.114
Jun 22 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25430]: pam_unix(cron:session): session closed for user root
Jun 22 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Failed password for root from 38.55.97.143 port 44926 ssh2
Jun 22 13:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Connection closed by 38.55.97.143 port 44926 [preauth]
Jun 22 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27146]: pam_unix(cron:session): session closed for user root
Jun 22 13:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Failed password for root from 38.55.97.143 port 34192 ssh2
Jun 22 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Connection closed by 38.55.97.143 port 34192 [preauth]
Jun 22 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session closed for user root
Jun 22 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28430]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28502]: Successful su for rubyman by root
Jun 22 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28502]: + ??? root:rubyman
Jun 22 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571118 of user rubyman.
Jun 22 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28502]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571118.
Jun 22 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28432]: pam_unix(cron:session): session closed for user root
Jun 22 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25830]: pam_unix(cron:session): session closed for user root
Jun 22 13:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28548]: Failed password for root from 103.172.78.219 port 38646 ssh2
Jun 22 13:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28548]: Connection closed by 103.172.78.219 port 38646 [preauth]
Jun 22 13:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28431]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: Failed password for root from 38.55.97.143 port 51266 ssh2
Jun 22 13:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: Connection closed by 38.55.97.143 port 51266 [preauth]
Jun 22 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session closed for user root
Jun 22 13:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: Failed password for root from 38.55.97.143 port 36272 ssh2
Jun 22 13:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: Connection closed by 38.55.97.143 port 36272 [preauth]
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28975]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29049]: Successful su for rubyman by root
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29049]: + ??? root:rubyman
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571123 of user rubyman.
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29049]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571123.
Jun 22 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session closed for user root
Jun 22 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28976]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 13:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: Failed password for root from 38.93.206.2 port 51786 ssh2
Jun 22 13:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: Connection closed by 38.93.206.2 port 51786 [preauth]
Jun 22 13:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: Connection closed by 194.59.206.2 port 31980 [preauth]
Jun 22 13:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29323]: Failed password for root from 38.55.97.143 port 51972 ssh2
Jun 22 13:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29323]: Connection closed by 38.55.97.143 port 51972 [preauth]
Jun 22 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session closed for user root
Jun 22 13:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Invalid user citrix from 87.106.65.126
Jun 22 13:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: input_userauth_request: invalid user citrix [preauth]
Jun 22 13:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Failed password for invalid user citrix from 87.106.65.126 port 41612 ssh2
Jun 22 13:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Received disconnect from 87.106.65.126 port 41612:11: Bye Bye [preauth]
Jun 22 13:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Disconnected from 87.106.65.126 port 41612 [preauth]
Jun 22 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 13:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Failed password for root from 103.82.20.28 port 53692 ssh2
Jun 22 13:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Connection closed by 103.82.20.28 port 53692 [preauth]
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29411]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29488]: Successful su for rubyman by root
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29488]: + ??? root:rubyman
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571127 of user rubyman.
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29488]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571127.
Jun 22 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session closed for user root
Jun 22 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29412]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Failed password for root from 38.55.97.143 port 39444 ssh2
Jun 22 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Connection closed by 38.55.97.143 port 39444 [preauth]
Jun 22 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session closed for user root
Jun 22 13:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Failed password for root from 38.55.97.143 port 52596 ssh2
Jun 22 13:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Connection closed by 38.55.97.143 port 52596 [preauth]
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29956]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30016]: Successful su for rubyman by root
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30016]: + ??? root:rubyman
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571132 of user rubyman.
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30016]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571132.
Jun 22 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27145]: pam_unix(cron:session): session closed for user root
Jun 22 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29957]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30242]: Failed password for root from 38.55.97.143 port 37756 ssh2
Jun 22 13:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30242]: Connection closed by 38.55.97.143 port 37756 [preauth]
Jun 22 13:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: Failed password for root from 103.77.242.62 port 42014 ssh2
Jun 22 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: Connection closed by 103.77.242.62 port 42014 [preauth]
Jun 22 13:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28978]: pam_unix(cron:session): session closed for user root
Jun 22 13:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Failed password for root from 38.55.97.143 port 52140 ssh2
Jun 22 13:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Connection closed by 38.55.97.143 port 52140 [preauth]
Jun 22 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30374]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: Successful su for rubyman by root
Jun 22 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: + ??? root:rubyman
Jun 22 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571135 of user rubyman.
Jun 22 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571135.
Jun 22 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session closed for user root
Jun 22 13:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30375]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: Failed password for root from 38.55.97.143 port 40192 ssh2
Jun 22 13:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: Connection closed by 38.55.97.143 port 40192 [preauth]
Jun 22 13:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29414]: pam_unix(cron:session): session closed for user root
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session closed for user root
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30856]: Successful su for rubyman by root
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30856]: + ??? root:rubyman
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571142 of user rubyman.
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30856]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571142.
Jun 22 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30784]: pam_unix(cron:session): session closed for user root
Jun 22 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session closed for user root
Jun 22 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30783]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31153]: Failed password for root from 38.55.97.143 port 58488 ssh2
Jun 22 13:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31153]: Connection closed by 38.55.97.143 port 58488 [preauth]
Jun 22 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29959]: pam_unix(cron:session): session closed for user root
Jun 22 13:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Failed password for root from 38.55.97.143 port 47572 ssh2
Jun 22 13:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Connection closed by 38.55.97.143 port 47572 [preauth]
Jun 22 13:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31312]: User mysql from 87.106.65.126 not allowed because not listed in AllowUsers
Jun 22 13:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31312]: input_userauth_request: invalid user mysql [preauth]
Jun 22 13:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126  user=mysql
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31312]: Failed password for invalid user mysql from 87.106.65.126 port 8412 ssh2
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31312]: Received disconnect from 87.106.65.126 port 8412:11: Bye Bye [preauth]
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31312]: Disconnected from 87.106.65.126 port 8412 [preauth]
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: Successful su for rubyman by root
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: + ??? root:rubyman
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571146 of user rubyman.
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571146.
Jun 22 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28434]: pam_unix(cron:session): session closed for user root
Jun 22 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31701]: Failed password for root from 38.55.97.143 port 38460 ssh2
Jun 22 13:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31701]: Connection closed by 38.55.97.143 port 38460 [preauth]
Jun 22 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30377]: pam_unix(cron:session): session closed for user root
Jun 22 13:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: Invalid user postgres from 38.55.97.143
Jun 22 13:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: input_userauth_request: invalid user postgres [preauth]
Jun 22 13:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31893]: Successful su for rubyman by root
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31893]: + ??? root:rubyman
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571150 of user rubyman.
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31893]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571150.
Jun 22 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: Failed password for invalid user postgres from 38.55.97.143 port 41782 ssh2
Jun 22 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: Connection closed by 38.55.97.143 port 41782 [preauth]
Jun 22 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28977]: pam_unix(cron:session): session closed for user root
Jun 22 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 13:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Received disconnect from 103.149.26.43 port 37292:11: disconnected by user [preauth]
Jun 22 13:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Disconnected from 103.149.26.43 port 37292 [preauth]
Jun 22 13:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session closed for user root
Jun 22 13:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: Invalid user postgres from 38.55.97.143
Jun 22 13:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: input_userauth_request: invalid user postgres [preauth]
Jun 22 13:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: Failed password for invalid user postgres from 38.55.97.143 port 39504 ssh2
Jun 22 13:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: Connection closed by 38.55.97.143 port 39504 [preauth]
Jun 22 13:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: Received disconnect from 51.79.99.235 port 54278:11: disconnected by user [preauth]
Jun 22 13:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: Disconnected from 51.79.99.235 port 54278 [preauth]
Jun 22 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32250]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32307]: Successful su for rubyman by root
Jun 22 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32307]: + ??? root:rubyman
Jun 22 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571153 of user rubyman.
Jun 22 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32307]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571153.
Jun 22 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32441]: Invalid user jjh from 87.106.65.126
Jun 22 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32441]: input_userauth_request: invalid user jjh [preauth]
Jun 22 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32441]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29413]: pam_unix(cron:session): session closed for user root
Jun 22 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32251]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32441]: Failed password for invalid user jjh from 87.106.65.126 port 10668 ssh2
Jun 22 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32441]: Received disconnect from 87.106.65.126 port 10668:11: Bye Bye [preauth]
Jun 22 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32441]: Disconnected from 87.106.65.126 port 10668 [preauth]
Jun 22 13:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Invalid user postgres from 38.55.97.143
Jun 22 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: input_userauth_request: invalid user postgres [preauth]
Jun 22 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Failed password for invalid user postgres from 38.55.97.143 port 59194 ssh2
Jun 22 13:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Connection closed by 38.55.97.143 port 59194 [preauth]
Jun 22 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31318]: pam_unix(cron:session): session closed for user root
Jun 22 13:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: Invalid user peter from 38.55.97.143
Jun 22 13:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: input_userauth_request: invalid user peter [preauth]
Jun 22 13:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: Failed password for invalid user peter from 38.55.97.143 port 48486 ssh2
Jun 22 13:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: Connection closed by 38.55.97.143 port 48486 [preauth]
Jun 22 13:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32665]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[325]: Successful su for rubyman by root
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[325]: + ??? root:rubyman
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571157 of user rubyman.
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[325]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571157.
Jun 22 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32662]: pam_unix(cron:session): session closed for user root
Jun 22 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29958]: pam_unix(cron:session): session closed for user root
Jun 22 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: Failed password for root from 193.24.211.107 port 41004 ssh2
Jun 22 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: Received disconnect from 193.24.211.107 port 41004:11: Client disconnecting normally [preauth]
Jun 22 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: Disconnected from 193.24.211.107 port 41004 [preauth]
Jun 22 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32666]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Invalid user admin from 38.55.97.143
Jun 22 13:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: input_userauth_request: invalid user admin [preauth]
Jun 22 13:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Failed password for invalid user admin from 38.55.97.143 port 35982 ssh2
Jun 22 13:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Connection closed by 38.55.97.143 port 35982 [preauth]
Jun 22 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31838]: pam_unix(cron:session): session closed for user root
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[858]: pam_unix(cron:session): session closed for user root
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[852]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[935]: Successful su for rubyman by root
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[935]: + ??? root:rubyman
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571165 of user rubyman.
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[935]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571165.
Jun 22 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[855]: pam_unix(cron:session): session closed for user root
Jun 22 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30376]: pam_unix(cron:session): session closed for user root
Jun 22 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Invalid user admin from 38.55.97.143
Jun 22 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: input_userauth_request: invalid user admin [preauth]
Jun 22 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Failed password for invalid user admin from 38.55.97.143 port 59402 ssh2
Jun 22 13:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Connection closed by 38.55.97.143 port 59402 [preauth]
Jun 22 13:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 13:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: Invalid user lee from 87.106.65.126
Jun 22 13:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: input_userauth_request: invalid user lee [preauth]
Jun 22 13:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: Failed password for root from 103.176.20.57 port 55524 ssh2
Jun 22 13:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: Connection closed by 103.176.20.57 port 55524 [preauth]
Jun 22 13:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: Failed password for invalid user lee from 87.106.65.126 port 7296 ssh2
Jun 22 13:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: Received disconnect from 87.106.65.126 port 7296:11: Bye Bye [preauth]
Jun 22 13:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: Disconnected from 87.106.65.126 port 7296 [preauth]
Jun 22 13:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Invalid user admin from 141.98.83.240
Jun 22 13:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: input_userauth_request: invalid user admin [preauth]
Jun 22 13:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for invalid user admin from 141.98.83.240 port 10146 ssh2
Jun 22 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32253]: pam_unix(cron:session): session closed for user root
Jun 22 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for invalid user admin from 141.98.83.240 port 10146 ssh2
Jun 22 13:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for invalid user admin from 141.98.83.240 port 10146 ssh2
Jun 22 13:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Connection closed by 141.98.83.240 port 10146 [preauth]
Jun 22 13:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 13:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: Invalid user admin from 38.55.97.143
Jun 22 13:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: input_userauth_request: invalid user admin [preauth]
Jun 22 13:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: Failed password for invalid user admin from 38.55.97.143 port 51750 ssh2
Jun 22 13:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: Connection closed by 38.55.97.143 port 51750 [preauth]
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: Successful su for rubyman by root
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: + ??? root:rubyman
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571168 of user rubyman.
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1478]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571168.
Jun 22 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30785]: pam_unix(cron:session): session closed for user root
Jun 22 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1375]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: Failed password for root from 38.55.97.143 port 41796 ssh2
Jun 22 13:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: Connection closed by 38.55.97.143 port 41796 [preauth]
Jun 22 13:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32668]: pam_unix(cron:session): session closed for user root
Jun 22 13:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1916]: Failed password for root from 38.55.97.143 port 33298 ssh2
Jun 22 13:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1916]: Connection closed by 38.55.97.143 port 33298 [preauth]
Jun 22 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1933]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1930]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2021]: Successful su for rubyman by root
Jun 22 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2021]: + ??? root:rubyman
Jun 22 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571173 of user rubyman.
Jun 22 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2021]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571173.
Jun 22 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31317]: pam_unix(cron:session): session closed for user root
Jun 22 13:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1931]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Failed password for root from 38.55.97.143 port 53724 ssh2
Jun 22 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[857]: pam_unix(cron:session): session closed for user root
Jun 22 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Connection closed by 38.55.97.143 port 53724 [preauth]
Jun 22 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Invalid user northwest from 87.106.65.126
Jun 22 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: input_userauth_request: invalid user northwest [preauth]
Jun 22 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Failed password for invalid user northwest from 87.106.65.126 port 47422 ssh2
Jun 22 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Received disconnect from 87.106.65.126 port 47422:11: Bye Bye [preauth]
Jun 22 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Disconnected from 87.106.65.126 port 47422 [preauth]
Jun 22 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2398]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: Successful su for rubyman by root
Jun 22 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: + ??? root:rubyman
Jun 22 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571176 of user rubyman.
Jun 22 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571176.
Jun 22 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31837]: pam_unix(cron:session): session closed for user root
Jun 22 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2399]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: Failed password for root from 38.55.97.143 port 45002 ssh2
Jun 22 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: Connection closed by 38.55.97.143 port 45002 [preauth]
Jun 22 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1377]: pam_unix(cron:session): session closed for user root
Jun 22 13:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Failed password for root from 38.55.97.143 port 60100 ssh2
Jun 22 13:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Connection closed by 38.55.97.143 port 60100 [preauth]
Jun 22 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2831]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2891]: Successful su for rubyman by root
Jun 22 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2891]: + ??? root:rubyman
Jun 22 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571182 of user rubyman.
Jun 22 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2891]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571182.
Jun 22 13:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32252]: pam_unix(cron:session): session closed for user root
Jun 22 13:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2832]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 13:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: Failed password for root from 103.27.238.114 port 58644 ssh2
Jun 22 13:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: Connection closed by 103.27.238.114 port 58644 [preauth]
Jun 22 13:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: Failed password for root from 38.55.97.143 port 46140 ssh2
Jun 22 13:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: Connection closed by 38.55.97.143 port 46140 [preauth]
Jun 22 13:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1933]: pam_unix(cron:session): session closed for user root
Jun 22 13:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: Invalid user infocenter from 87.106.65.126
Jun 22 13:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: input_userauth_request: invalid user infocenter [preauth]
Jun 22 13:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3200]: Received disconnect from 5.135.167.5 port 37412:11: disconnected by user [preauth]
Jun 22 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3200]: Disconnected from 5.135.167.5 port 37412 [preauth]
Jun 22 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: Failed password for invalid user infocenter from 87.106.65.126 port 23000 ssh2
Jun 22 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: Received disconnect from 87.106.65.126 port 23000:11: Bye Bye [preauth]
Jun 22 13:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: Disconnected from 87.106.65.126 port 23000 [preauth]
Jun 22 13:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: Failed password for root from 38.55.97.143 port 60960 ssh2
Jun 22 13:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: Connection closed by 38.55.97.143 port 60960 [preauth]
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session closed for user root
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3226]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3298]: Successful su for rubyman by root
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3298]: + ??? root:rubyman
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571186 of user rubyman.
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3298]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571186.
Jun 22 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3228]: pam_unix(cron:session): session closed for user root
Jun 22 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32667]: pam_unix(cron:session): session closed for user root
Jun 22 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2402]: pam_unix(cron:session): session closed for user root
Jun 22 13:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3576]: Failed password for root from 38.55.97.143 port 49766 ssh2
Jun 22 13:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3576]: Connection closed by 38.55.97.143 port 49766 [preauth]
Jun 22 13:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 22 13:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Failed password for root from 147.45.211.215 port 56102 ssh2
Jun 22 13:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Connection closed by 147.45.211.215 port 56102 [preauth]
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3654]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3819]: Successful su for rubyman by root
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3819]: + ??? root:rubyman
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571191 of user rubyman.
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3819]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571191.
Jun 22 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[856]: pam_unix(cron:session): session closed for user root
Jun 22 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3655]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: Failed password for root from 38.55.97.143 port 41220 ssh2
Jun 22 13:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: Connection closed by 38.55.97.143 port 41220 [preauth]
Jun 22 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 13:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Failed password for root from 202.178.126.219 port 26824 ssh2
Jun 22 13:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Connection closed by 202.178.126.219 port 26824 [preauth]
Jun 22 13:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2834]: pam_unix(cron:session): session closed for user root
Jun 22 13:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: Failed password for root from 38.55.97.143 port 34662 ssh2
Jun 22 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4236]: Connection closed by 38.55.97.143 port 34662 [preauth]
Jun 22 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4349]: Successful su for rubyman by root
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4349]: + ??? root:rubyman
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571194 of user rubyman.
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4349]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571194.
Jun 22 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 22 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: Failed password for root from 176.32.39.21 port 38864 ssh2
Jun 22 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: Connection closed by 176.32.39.21 port 38864 [preauth]
Jun 22 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1376]: pam_unix(cron:session): session closed for user root
Jun 22 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: Invalid user sge from 87.106.65.126
Jun 22 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: input_userauth_request: invalid user sge [preauth]
Jun 22 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: Received disconnect from 66.90.98.90 port 12994:11: disconnected by user [preauth]
Jun 22 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: Disconnected from 66.90.98.90 port 12994 [preauth]
Jun 22 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: Failed password for invalid user sge from 87.106.65.126 port 39682 ssh2
Jun 22 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: Received disconnect from 87.106.65.126 port 39682:11: Bye Bye [preauth]
Jun 22 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: Disconnected from 87.106.65.126 port 39682 [preauth]
Jun 22 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: Invalid user admin from 193.46.255.86
Jun 22 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: input_userauth_request: invalid user admin [preauth]
Jun 22 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4594]: Failed password for root from 38.55.97.143 port 43378 ssh2
Jun 22 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4594]: Connection closed by 38.55.97.143 port 43378 [preauth]
Jun 22 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: Failed password for invalid user admin from 193.46.255.86 port 38606 ssh2
Jun 22 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session closed for user root
Jun 22 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: Failed password for invalid user admin from 193.46.255.86 port 38606 ssh2
Jun 22 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: Failed password for invalid user admin from 193.46.255.86 port 38606 ssh2
Jun 22 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: Connection closed by 193.46.255.86 port 38606 [preauth]
Jun 22 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4698]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4792]: Successful su for rubyman by root
Jun 22 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4792]: + ??? root:rubyman
Jun 22 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571199 of user rubyman.
Jun 22 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4792]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571199.
Jun 22 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1932]: pam_unix(cron:session): session closed for user root
Jun 22 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4699]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: Failed password for root from 38.55.97.143 port 38698 ssh2
Jun 22 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: Connection closed by 38.55.97.143 port 38698 [preauth]
Jun 22 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3658]: pam_unix(cron:session): session closed for user root
Jun 22 13:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Failed password for root from 38.55.97.143 port 60558 ssh2
Jun 22 13:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Connection closed by 38.55.97.143 port 60558 [preauth]
Jun 22 13:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: Failed password for root from 103.15.222.183 port 39782 ssh2
Jun 22 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: Connection closed by 103.15.222.183 port 39782 [preauth]
Jun 22 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5206]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5271]: Successful su for rubyman by root
Jun 22 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5271]: + ??? root:rubyman
Jun 22 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571202 of user rubyman.
Jun 22 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5271]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571202.
Jun 22 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2401]: pam_unix(cron:session): session closed for user root
Jun 22 13:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Failed password for root from 38.55.97.143 port 32990 ssh2
Jun 22 13:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Connection closed by 38.55.97.143 port 32990 [preauth]
Jun 22 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session closed for user root
Jun 22 13:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: Invalid user iserver from 87.106.65.126
Jun 22 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: input_userauth_request: invalid user iserver [preauth]
Jun 22 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: Failed password for invalid user iserver from 87.106.65.126 port 38220 ssh2
Jun 22 13:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: Received disconnect from 87.106.65.126 port 38220:11: Bye Bye [preauth]
Jun 22 13:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: Disconnected from 87.106.65.126 port 38220 [preauth]
Jun 22 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5620]: pam_unix(cron:session): session closed for user root
Jun 22 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5615]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5681]: Successful su for rubyman by root
Jun 22 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5681]: + ??? root:rubyman
Jun 22 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571207 of user rubyman.
Jun 22 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5681]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571207.
Jun 22 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session closed for user root
Jun 22 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2833]: pam_unix(cron:session): session closed for user root
Jun 22 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: Failed password for root from 38.55.97.143 port 53136 ssh2
Jun 22 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: Connection closed by 38.55.97.143 port 53136 [preauth]
Jun 22 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5616]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4701]: pam_unix(cron:session): session closed for user root
Jun 22 13:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5985]: Invalid user postgres from 38.55.97.143
Jun 22 13:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5985]: input_userauth_request: invalid user postgres [preauth]
Jun 22 13:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5985]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5985]: Failed password for invalid user postgres from 38.55.97.143 port 44150 ssh2
Jun 22 13:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5985]: Connection closed by 38.55.97.143 port 44150 [preauth]
Jun 22 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6042]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6107]: Successful su for rubyman by root
Jun 22 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6107]: + ??? root:rubyman
Jun 22 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571212 of user rubyman.
Jun 22 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6107]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571212.
Jun 22 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session closed for user root
Jun 22 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6043]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Invalid user osmc from 38.55.97.143
Jun 22 13:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: input_userauth_request: invalid user osmc [preauth]
Jun 22 13:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Failed password for invalid user osmc from 38.55.97.143 port 40246 ssh2
Jun 22 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Connection closed by 38.55.97.143 port 40246 [preauth]
Jun 22 13:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session closed for user root
Jun 22 13:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6423]: Invalid user broadband from 87.106.65.126
Jun 22 13:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6423]: input_userauth_request: invalid user broadband [preauth]
Jun 22 13:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6423]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6423]: Failed password for invalid user broadband from 87.106.65.126 port 58270 ssh2
Jun 22 13:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6423]: Received disconnect from 87.106.65.126 port 58270:11: Bye Bye [preauth]
Jun 22 13:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6423]: Disconnected from 87.106.65.126 port 58270 [preauth]
Jun 22 13:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Invalid user maria from 38.55.97.143
Jun 22 13:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: input_userauth_request: invalid user maria [preauth]
Jun 22 13:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Failed password for invalid user maria from 38.55.97.143 port 60916 ssh2
Jun 22 13:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Connection closed by 38.55.97.143 port 60916 [preauth]
Jun 22 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6445]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6505]: Successful su for rubyman by root
Jun 22 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6505]: + ??? root:rubyman
Jun 22 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571217 of user rubyman.
Jun 22 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6505]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571217.
Jun 22 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3656]: pam_unix(cron:session): session closed for user root
Jun 22 13:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Invalid user ileana from 2.57.121.112
Jun 22 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: input_userauth_request: invalid user ileana [preauth]
Jun 22 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 13:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Failed password for invalid user ileana from 2.57.121.112 port 16866 ssh2
Jun 22 13:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Failed password for invalid user ileana from 2.57.121.112 port 16866 ssh2
Jun 22 13:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Failed password for invalid user ileana from 2.57.121.112 port 16866 ssh2
Jun 22 13:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Failed password for invalid user ileana from 2.57.121.112 port 16866 ssh2
Jun 22 13:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Failed password for invalid user ileana from 2.57.121.112 port 16866 ssh2
Jun 22 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Connection closed by 2.57.121.112 port 16866 [preauth]
Jun 22 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 22 13:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session closed for user root
Jun 22 13:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: Invalid user jack from 38.55.97.143
Jun 22 13:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: input_userauth_request: invalid user jack [preauth]
Jun 22 13:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: Failed password for invalid user jack from 38.55.97.143 port 51208 ssh2
Jun 22 13:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: Connection closed by 38.55.97.143 port 51208 [preauth]
Jun 22 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6856]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6919]: Successful su for rubyman by root
Jun 22 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6919]: + ??? root:rubyman
Jun 22 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571220 of user rubyman.
Jun 22 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6919]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571220.
Jun 22 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session closed for user root
Jun 22 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6857]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: Invalid user admin from 38.55.97.143
Jun 22 13:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: input_userauth_request: invalid user admin [preauth]
Jun 22 13:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: Failed password for invalid user admin from 38.55.97.143 port 41208 ssh2
Jun 22 13:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7208]: Connection closed by 38.55.97.143 port 41208 [preauth]
Jun 22 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6045]: pam_unix(cron:session): session closed for user root
Jun 22 13:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: Invalid user zabbix from 38.55.97.143
Jun 22 13:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: input_userauth_request: invalid user zabbix [preauth]
Jun 22 13:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 13:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: Failed password for invalid user zabbix from 38.55.97.143 port 33496 ssh2
Jun 22 13:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: Connection closed by 38.55.97.143 port 33496 [preauth]
Jun 22 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: Successful su for rubyman by root
Jun 22 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: + ??? root:rubyman
Jun 22 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571225 of user rubyman.
Jun 22 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571225.
Jun 22 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4700]: pam_unix(cron:session): session closed for user root
Jun 22 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: Invalid user tecnologia from 87.106.65.126
Jun 22 13:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: input_userauth_request: invalid user tecnologia [preauth]
Jun 22 13:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: Failed password for invalid user tecnologia from 87.106.65.126 port 51624 ssh2
Jun 22 13:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: Received disconnect from 87.106.65.126 port 51624:11: Bye Bye [preauth]
Jun 22 13:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: Disconnected from 87.106.65.126 port 51624 [preauth]
Jun 22 13:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7760]: Failed password for root from 38.55.97.143 port 52700 ssh2
Jun 22 13:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7760]: Connection closed by 38.55.97.143 port 52700 [preauth]
Jun 22 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6448]: pam_unix(cron:session): session closed for user root
Jun 22 13:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: Invalid user admin from 2.57.121.25
Jun 22 13:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: input_userauth_request: invalid user admin [preauth]
Jun 22 13:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 13:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: Failed password for invalid user admin from 2.57.121.25 port 3918 ssh2
Jun 22 13:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: Failed password for invalid user admin from 2.57.121.25 port 3918 ssh2
Jun 22 13:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: Failed password for invalid user admin from 2.57.121.25 port 3918 ssh2
Jun 22 13:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: Connection closed by 2.57.121.25 port 3918 [preauth]
Jun 22 13:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 13:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7862]: pam_unix(cron:session): session closed for user root
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7857]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7923]: Successful su for rubyman by root
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7923]: + ??? root:rubyman
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571228 of user rubyman.
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7923]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571228.
Jun 22 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: Failed password for root from 38.55.97.143 port 44816 ssh2
Jun 22 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: Connection closed by 38.55.97.143 port 44816 [preauth]
Jun 22 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7859]: pam_unix(cron:session): session closed for user root
Jun 22 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5209]: pam_unix(cron:session): session closed for user root
Jun 22 13:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7858]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 13:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8126]: Failed password for root from 51.250.105.222 port 55420 ssh2
Jun 22 13:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8126]: Connection closed by 51.250.105.222 port 55420 [preauth]
Jun 22 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session closed for user root
Jun 22 13:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: Failed password for root from 38.55.97.143 port 36820 ssh2
Jun 22 13:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8219]: Connection closed by 38.55.97.143 port 36820 [preauth]
Jun 22 13:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 13:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8267]: Failed password for root from 193.24.211.107 port 25359 ssh2
Jun 22 13:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8267]: Received disconnect from 193.24.211.107 port 25359:11: Client disconnecting normally [preauth]
Jun 22 13:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8267]: Disconnected from 193.24.211.107 port 25359 [preauth]
Jun 22 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8281]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8278]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8343]: Successful su for rubyman by root
Jun 22 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8343]: + ??? root:rubyman
Jun 22 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571236 of user rubyman.
Jun 22 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8343]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571236.
Jun 22 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session closed for user root
Jun 22 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8279]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Failed password for root from 38.55.97.143 port 58060 ssh2
Jun 22 13:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Connection closed by 38.55.97.143 port 58060 [preauth]
Jun 22 13:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: Invalid user dialin from 87.106.65.126
Jun 22 13:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: input_userauth_request: invalid user dialin [preauth]
Jun 22 13:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: Failed password for invalid user dialin from 87.106.65.126 port 30970 ssh2
Jun 22 13:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: Received disconnect from 87.106.65.126 port 30970:11: Bye Bye [preauth]
Jun 22 13:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: Disconnected from 87.106.65.126 port 30970 [preauth]
Jun 22 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session closed for user root
Jun 22 13:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Failed password for root from 38.55.97.143 port 48904 ssh2
Jun 22 13:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Connection closed by 38.55.97.143 port 48904 [preauth]
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8683]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8747]: Successful su for rubyman by root
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8747]: + ??? root:rubyman
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571238 of user rubyman.
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8747]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571238.
Jun 22 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6044]: pam_unix(cron:session): session closed for user root
Jun 22 13:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8684]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7861]: pam_unix(cron:session): session closed for user root
Jun 22 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Failed password for root from 38.55.97.143 port 55704 ssh2
Jun 22 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Connection closed by 38.55.97.143 port 55704 [preauth]
Jun 22 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9089]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9148]: Successful su for rubyman by root
Jun 22 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9148]: + ??? root:rubyman
Jun 22 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571242 of user rubyman.
Jun 22 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9148]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571242.
Jun 22 13:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6447]: pam_unix(cron:session): session closed for user root
Jun 22 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9090]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 13:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Failed password for root from 103.122.221.179 port 34248 ssh2
Jun 22 13:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Connection closed by 103.122.221.179 port 34248 [preauth]
Jun 22 13:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Failed password for root from 38.55.97.143 port 54624 ssh2
Jun 22 13:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Connection closed by 38.55.97.143 port 54624 [preauth]
Jun 22 13:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Failed password for root from 193.37.70.224 port 48420 ssh2
Jun 22 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Connection closed by 193.37.70.224 port 48420 [preauth]
Jun 22 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8281]: pam_unix(cron:session): session closed for user root
Jun 22 13:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: Invalid user ftp6 from 87.106.65.126
Jun 22 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: input_userauth_request: invalid user ftp6 [preauth]
Jun 22 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 13:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9454]: Failed password for root from 38.55.97.143 port 48376 ssh2
Jun 22 13:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9454]: Connection closed by 38.55.97.143 port 48376 [preauth]
Jun 22 13:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: Failed password for invalid user ftp6 from 87.106.65.126 port 40990 ssh2
Jun 22 13:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: Received disconnect from 87.106.65.126 port 40990:11: Bye Bye [preauth]
Jun 22 13:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: Disconnected from 87.106.65.126 port 40990 [preauth]
Jun 22 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9483]: pam_unix(cron:session): session closed for user p13x
Jun 22 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9541]: Successful su for rubyman by root
Jun 22 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9541]: + ??? root:rubyman
Jun 22 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571247 of user rubyman.
Jun 22 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9541]: pam_unix(su:session): session closed for user rubyman
Jun 22 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571247.
Jun 22 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6858]: pam_unix(cron:session): session closed for user root
Jun 22 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9484]: pam_unix(cron:session): session closed for user samftp
Jun 22 13:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 13:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 13:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9765]: Failed password for root from 38.55.97.143 port 40360 ssh2
Jun 22 13:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9765]: Connection closed by 38.55.97.143 port 40360 [preauth]
Jun 22 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session closed for user root
Jun 22 13:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9916]: pam_unix(cron:session): session closed for user root
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9909]: pam_unix(cron:session): session closed for user root
Jun 22 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9904]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10149]: Successful su for rubyman by root
Jun 22 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10149]: + ??? root:rubyman
Jun 22 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571254 of user rubyman.
Jun 22 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10149]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571254.
Jun 22 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: Failed password for root from 38.55.97.143 port 60670 ssh2
Jun 22 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: Connection closed by 38.55.97.143 port 60670 [preauth]
Jun 22 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session closed for user root
Jun 22 14:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9910]: pam_unix(cron:session): session closed for user root
Jun 22 14:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9908]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 14:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9092]: pam_unix(cron:session): session closed for user root
Jun 22 14:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10520]: Failed password for root from 202.178.126.219 port 10795 ssh2
Jun 22 14:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10604]: Failed password for root from 38.55.97.143 port 55376 ssh2
Jun 22 14:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10604]: Connection closed by 38.55.97.143 port 55376 [preauth]
Jun 22 14:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10520]: Connection closed by 202.178.126.219 port 10795 [preauth]
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10722]: Successful su for rubyman by root
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10722]: + ??? root:rubyman
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571257 of user rubyman.
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10722]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571257.
Jun 22 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session closed for user root
Jun 22 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Invalid user hirlevel from 87.106.65.126
Jun 22 14:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: input_userauth_request: invalid user hirlevel [preauth]
Jun 22 14:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 14:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Failed password for invalid user hirlevel from 87.106.65.126 port 61534 ssh2
Jun 22 14:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Received disconnect from 87.106.65.126 port 61534:11: Bye Bye [preauth]
Jun 22 14:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Disconnected from 87.106.65.126 port 61534 [preauth]
Jun 22 14:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10963]: Failed password for root from 38.55.97.143 port 51816 ssh2
Jun 22 14:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10963]: Connection closed by 38.55.97.143 port 51816 [preauth]
Jun 22 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9486]: pam_unix(cron:session): session closed for user root
Jun 22 14:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Failed password for root from 38.55.97.143 port 44746 ssh2
Jun 22 14:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Connection closed by 38.55.97.143 port 44746 [preauth]
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11089]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11155]: Successful su for rubyman by root
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11155]: + ??? root:rubyman
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571262 of user rubyman.
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11155]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571262.
Jun 22 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8280]: pam_unix(cron:session): session closed for user root
Jun 22 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11091]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Failed password for root from 103.82.132.16 port 43690 ssh2
Jun 22 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Connection closed by 103.82.132.16 port 43690 [preauth]
Jun 22 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9912]: pam_unix(cron:session): session closed for user root
Jun 22 14:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Failed password for root from 38.55.97.143 port 37212 ssh2
Jun 22 14:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Connection closed by 38.55.97.143 port 37212 [preauth]
Jun 22 14:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11515]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11574]: Successful su for rubyman by root
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11574]: + ??? root:rubyman
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571266 of user rubyman.
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11574]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571266.
Jun 22 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Failed password for root from 103.27.238.116 port 34894 ssh2
Jun 22 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Connection closed by 103.27.238.116 port 34894 [preauth]
Jun 22 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8685]: pam_unix(cron:session): session closed for user root
Jun 22 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11516]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11818]: Failed password for root from 38.55.97.143 port 37540 ssh2
Jun 22 14:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11818]: Connection closed by 38.55.97.143 port 37540 [preauth]
Jun 22 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: Invalid user achieve from 87.106.65.126
Jun 22 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: input_userauth_request: invalid user achieve [preauth]
Jun 22 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: Failed password for invalid user achieve from 87.106.65.126 port 39716 ssh2
Jun 22 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: Received disconnect from 87.106.65.126 port 39716:11: Bye Bye [preauth]
Jun 22 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: Disconnected from 87.106.65.126 port 39716 [preauth]
Jun 22 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session closed for user root
Jun 22 14:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 14:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Failed password for root from 109.237.96.109 port 49730 ssh2
Jun 22 14:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Connection closed by 109.237.96.109 port 49730 [preauth]
Jun 22 14:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11962]: Failed password for root from 38.55.97.143 port 60960 ssh2
Jun 22 14:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11962]: Connection closed by 38.55.97.143 port 60960 [preauth]
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11973]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12036]: Successful su for rubyman by root
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12036]: + ??? root:rubyman
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571270 of user rubyman.
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12036]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571270.
Jun 22 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9091]: pam_unix(cron:session): session closed for user root
Jun 22 14:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11974]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11093]: pam_unix(cron:session): session closed for user root
Jun 22 14:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Failed password for root from 38.55.97.143 port 33478 ssh2
Jun 22 14:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Connection closed by 38.55.97.143 port 33478 [preauth]
Jun 22 14:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 14:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 14:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Received disconnect from 23.94.23.226 port 59626:11: disconnected by user [preauth]
Jun 22 14:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Disconnected from 23.94.23.226 port 59626 [preauth]
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session closed for user root
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12504]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12569]: Successful su for rubyman by root
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12569]: + ??? root:rubyman
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571273 of user rubyman.
Jun 22 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12569]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571273.
Jun 22 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12506]: pam_unix(cron:session): session closed for user root
Jun 22 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9485]: pam_unix(cron:session): session closed for user root
Jun 22 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12505]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 14:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12818]: Failed password for root from 38.55.97.143 port 34620 ssh2
Jun 22 14:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12818]: Connection closed by 38.55.97.143 port 34620 [preauth]
Jun 22 14:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: Failed password for root from 194.113.233.25 port 48320 ssh2
Jun 22 14:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: Connection closed by 194.113.233.25 port 48320 [preauth]
Jun 22 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11518]: pam_unix(cron:session): session closed for user root
Jun 22 14:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Invalid user omni from 87.106.65.126
Jun 22 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: input_userauth_request: invalid user omni [preauth]
Jun 22 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 14:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Failed password for invalid user omni from 87.106.65.126 port 35908 ssh2
Jun 22 14:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Received disconnect from 87.106.65.126 port 35908:11: Bye Bye [preauth]
Jun 22 14:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Disconnected from 87.106.65.126 port 35908 [preauth]
Jun 22 14:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: Failed password for root from 38.55.97.143 port 59624 ssh2
Jun 22 14:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: Connection closed by 38.55.97.143 port 59624 [preauth]
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12953]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13019]: Successful su for rubyman by root
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13019]: + ??? root:rubyman
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571279 of user rubyman.
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13019]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571279.
Jun 22 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12954]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9911]: pam_unix(cron:session): session closed for user root
Jun 22 14:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11976]: pam_unix(cron:session): session closed for user root
Jun 22 14:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13310]: Failed password for root from 38.55.97.143 port 51952 ssh2
Jun 22 14:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13310]: Connection closed by 38.55.97.143 port 51952 [preauth]
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13367]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: Successful su for rubyman by root
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: + ??? root:rubyman
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571283 of user rubyman.
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571283.
Jun 22 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10653]: pam_unix(cron:session): session closed for user root
Jun 22 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13368]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13640]: Failed password for root from 38.55.97.143 port 32846 ssh2
Jun 22 14:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13640]: Connection closed by 38.55.97.143 port 32846 [preauth]
Jun 22 14:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12508]: pam_unix(cron:session): session closed for user root
Jun 22 14:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13841]: Successful su for rubyman by root
Jun 22 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13841]: + ??? root:rubyman
Jun 22 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571287 of user rubyman.
Jun 22 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13841]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571287.
Jun 22 14:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: Failed password for root from 38.55.97.143 port 39404 ssh2
Jun 22 14:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: Connection closed by 38.55.97.143 port 39404 [preauth]
Jun 22 14:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11092]: pam_unix(cron:session): session closed for user root
Jun 22 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: Invalid user websites from 87.106.65.126
Jun 22 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: input_userauth_request: invalid user websites [preauth]
Jun 22 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 14:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13781]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: Failed password for invalid user websites from 87.106.65.126 port 43404 ssh2
Jun 22 14:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: Received disconnect from 87.106.65.126 port 43404:11: Bye Bye [preauth]
Jun 22 14:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: Disconnected from 87.106.65.126 port 43404 [preauth]
Jun 22 14:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12956]: pam_unix(cron:session): session closed for user root
Jun 22 14:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: Failed password for root from 38.55.97.143 port 33676 ssh2
Jun 22 14:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: Connection closed by 38.55.97.143 port 33676 [preauth]
Jun 22 14:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 14:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Failed password for root from 77.94.47.83 port 50974 ssh2
Jun 22 14:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Connection closed by 77.94.47.83 port 50974 [preauth]
Jun 22 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14297]: Successful su for rubyman by root
Jun 22 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14297]: + ??? root:rubyman
Jun 22 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571291 of user rubyman.
Jun 22 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14297]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571291.
Jun 22 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14179]: pam_unix(cron:session): session closed for user root
Jun 22 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11517]: pam_unix(cron:session): session closed for user root
Jun 22 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Failed password for root from 38.55.97.143 port 53890 ssh2
Jun 22 14:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Connection closed by 38.55.97.143 port 53890 [preauth]
Jun 22 14:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13370]: pam_unix(cron:session): session closed for user root
Jun 22 14:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Invalid user nexus from 38.55.97.143
Jun 22 14:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: input_userauth_request: invalid user nexus [preauth]
Jun 22 14:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Failed password for invalid user nexus from 38.55.97.143 port 46694 ssh2
Jun 22 14:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Connection closed by 38.55.97.143 port 46694 [preauth]
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14706]: pam_unix(cron:session): session closed for user root
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14698]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14812]: Successful su for rubyman by root
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14812]: + ??? root:rubyman
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571301 of user rubyman.
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14812]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571301.
Jun 22 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11975]: pam_unix(cron:session): session closed for user root
Jun 22 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14700]: pam_unix(cron:session): session closed for user root
Jun 22 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14699]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Invalid user moderator from 87.106.65.126
Jun 22 14:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: input_userauth_request: invalid user moderator [preauth]
Jun 22 14:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 14:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Failed password for invalid user moderator from 87.106.65.126 port 24006 ssh2
Jun 22 14:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Received disconnect from 87.106.65.126 port 24006:11: Bye Bye [preauth]
Jun 22 14:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Disconnected from 87.106.65.126 port 24006 [preauth]
Jun 22 14:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: Invalid user media from 38.55.97.143
Jun 22 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: input_userauth_request: invalid user media [preauth]
Jun 22 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13783]: pam_unix(cron:session): session closed for user root
Jun 22 14:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: Failed password for invalid user media from 38.55.97.143 port 39528 ssh2
Jun 22 14:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: Connection closed by 38.55.97.143 port 39528 [preauth]
Jun 22 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15177]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15258]: Successful su for rubyman by root
Jun 22 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15258]: + ??? root:rubyman
Jun 22 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571302 of user rubyman.
Jun 22 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15258]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571302.
Jun 22 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12507]: pam_unix(cron:session): session closed for user root
Jun 22 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15178]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: Invalid user mc from 38.55.97.143
Jun 22 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: input_userauth_request: invalid user mc [preauth]
Jun 22 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: Failed password for invalid user mc from 38.55.97.143 port 59704 ssh2
Jun 22 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: Connection closed by 38.55.97.143 port 59704 [preauth]
Jun 22 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session closed for user root
Jun 22 14:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: User ftp from 38.55.97.143 not allowed because not listed in AllowUsers
Jun 22 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: input_userauth_request: invalid user ftp [preauth]
Jun 22 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=ftp
Jun 22 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Failed password for invalid user ftp from 38.55.97.143 port 53232 ssh2
Jun 22 14:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Connection closed by 38.55.97.143 port 53232 [preauth]
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15833]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15893]: Successful su for rubyman by root
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15893]: + ??? root:rubyman
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571308 of user rubyman.
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15893]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571308.
Jun 22 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12955]: pam_unix(cron:session): session closed for user root
Jun 22 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15834]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Invalid user elasticsearch from 38.55.97.143
Jun 22 14:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 22 14:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Failed password for invalid user elasticsearch from 38.55.97.143 port 50772 ssh2
Jun 22 14:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Connection closed by 38.55.97.143 port 50772 [preauth]
Jun 22 14:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14702]: pam_unix(cron:session): session closed for user root
Jun 22 14:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: Invalid user fang from 87.106.65.126
Jun 22 14:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: input_userauth_request: invalid user fang [preauth]
Jun 22 14:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: Failed password for invalid user fang from 87.106.65.126 port 49310 ssh2
Jun 22 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: Received disconnect from 87.106.65.126 port 49310:11: Bye Bye [preauth]
Jun 22 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: Disconnected from 87.106.65.126 port 49310 [preauth]
Jun 22 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 14:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Failed password for root from 193.24.211.107 port 55501 ssh2
Jun 22 14:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Received disconnect from 193.24.211.107 port 55501:11: Client disconnecting normally [preauth]
Jun 22 14:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Disconnected from 193.24.211.107 port 55501 [preauth]
Jun 22 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: Successful su for rubyman by root
Jun 22 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: + ??? root:rubyman
Jun 22 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571311 of user rubyman.
Jun 22 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571311.
Jun 22 14:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13369]: pam_unix(cron:session): session closed for user root
Jun 22 14:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16226]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: Invalid user deploy from 38.55.97.143
Jun 22 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: input_userauth_request: invalid user deploy [preauth]
Jun 22 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: Invalid user user from 141.98.83.240
Jun 22 14:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: input_userauth_request: invalid user user [preauth]
Jun 22 14:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 14:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: Failed password for invalid user deploy from 38.55.97.143 port 50064 ssh2
Jun 22 14:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: Connection closed by 38.55.97.143 port 50064 [preauth]
Jun 22 14:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: Failed password for invalid user user from 141.98.83.240 port 51080 ssh2
Jun 22 14:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: Failed password for invalid user user from 141.98.83.240 port 51080 ssh2
Jun 22 14:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: Failed password for invalid user user from 141.98.83.240 port 51080 ssh2
Jun 22 14:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: Connection closed by 141.98.83.240 port 51080 [preauth]
Jun 22 14:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16463]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15180]: pam_unix(cron:session): session closed for user root
Jun 22 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 14:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: Failed password for root from 38.93.206.2 port 3720 ssh2
Jun 22 14:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: Connection closed by 38.93.206.2 port 3720 [preauth]
Jun 22 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: Invalid user dan from 38.55.97.143
Jun 22 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: input_userauth_request: invalid user dan [preauth]
Jun 22 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: Failed password for invalid user dan from 38.55.97.143 port 46406 ssh2
Jun 22 14:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: Connection closed by 38.55.97.143 port 46406 [preauth]
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16625]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16687]: Successful su for rubyman by root
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16687]: + ??? root:rubyman
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571314 of user rubyman.
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16687]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571314.
Jun 22 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13782]: pam_unix(cron:session): session closed for user root
Jun 22 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16626]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: Invalid user bot from 38.55.97.143
Jun 22 14:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: input_userauth_request: invalid user bot [preauth]
Jun 22 14:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: Failed password for invalid user bot from 38.55.97.143 port 45434 ssh2
Jun 22 14:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: Connection closed by 38.55.97.143 port 45434 [preauth]
Jun 22 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15836]: pam_unix(cron:session): session closed for user root
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17125]: pam_unix(cron:session): session closed for user root
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17195]: Successful su for rubyman by root
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17195]: + ??? root:rubyman
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571320 of user rubyman.
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17195]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571320.
Jun 22 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17179]: Invalid user up from 87.106.65.126
Jun 22 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17179]: input_userauth_request: invalid user up [preauth]
Jun 22 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17179]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17179]: Failed password for invalid user up from 87.106.65.126 port 58344 ssh2
Jun 22 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17179]: Received disconnect from 87.106.65.126 port 58344:11: Bye Bye [preauth]
Jun 22 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17179]: Disconnected from 87.106.65.126 port 58344 [preauth]
Jun 22 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17122]: pam_unix(cron:session): session closed for user root
Jun 22 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session closed for user root
Jun 22 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17121]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Invalid user arkserver from 38.55.97.143
Jun 22 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: input_userauth_request: invalid user arkserver [preauth]
Jun 22 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Failed password for invalid user arkserver from 38.55.97.143 port 39598 ssh2
Jun 22 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Connection closed by 38.55.97.143 port 39598 [preauth]
Jun 22 14:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16228]: pam_unix(cron:session): session closed for user root
Jun 22 14:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Invalid user ubuntu from 38.55.97.143
Jun 22 14:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 14:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Failed password for invalid user ubuntu from 38.55.97.143 port 35458 ssh2
Jun 22 14:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Connection closed by 38.55.97.143 port 35458 [preauth]
Jun 22 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17571]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17634]: Successful su for rubyman by root
Jun 22 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17634]: + ??? root:rubyman
Jun 22 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571324 of user rubyman.
Jun 22 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17634]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571324.
Jun 22 14:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14701]: pam_unix(cron:session): session closed for user root
Jun 22 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17572]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: Failed password for root from 38.55.97.143 port 57236 ssh2
Jun 22 14:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: Connection closed by 38.55.97.143 port 57236 [preauth]
Jun 22 14:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16628]: pam_unix(cron:session): session closed for user root
Jun 22 14:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18084]: pam_unix(cron:session): session closed for user root
Jun 22 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18086]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18149]: Successful su for rubyman by root
Jun 22 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18149]: + ??? root:rubyman
Jun 22 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571329 of user rubyman.
Jun 22 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18149]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571329.
Jun 22 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18082]: Failed password for root from 38.55.97.143 port 49896 ssh2
Jun 22 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18082]: Connection closed by 38.55.97.143 port 49896 [preauth]
Jun 22 14:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15179]: pam_unix(cron:session): session closed for user root
Jun 22 14:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18087]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Invalid user brisbane from 87.106.65.126
Jun 22 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: input_userauth_request: invalid user brisbane [preauth]
Jun 22 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.65.126
Jun 22 14:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Failed password for invalid user brisbane from 87.106.65.126 port 57462 ssh2
Jun 22 14:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Received disconnect from 87.106.65.126 port 57462:11: Bye Bye [preauth]
Jun 22 14:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Disconnected from 87.106.65.126 port 57462 [preauth]
Jun 22 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17124]: pam_unix(cron:session): session closed for user root
Jun 22 14:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: Failed password for root from 38.55.97.143 port 36066 ssh2
Jun 22 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: Connection closed by 38.55.97.143 port 36066 [preauth]
Jun 22 14:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Received disconnect from 217.156.65.251 port 59970:11: disconnected by user [preauth]
Jun 22 14:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Disconnected from 217.156.65.251 port 59970 [preauth]
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18598]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18662]: Successful su for rubyman by root
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18662]: + ??? root:rubyman
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571333 of user rubyman.
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18662]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571333.
Jun 22 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Received disconnect from 172.110.221.82 port 13966:11: disconnected by user [preauth]
Jun 22 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Disconnected from 172.110.221.82 port 13966 [preauth]
Jun 22 14:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15835]: pam_unix(cron:session): session closed for user root
Jun 22 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18599]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: Failed password for root from 38.55.97.143 port 39744 ssh2
Jun 22 14:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: Connection closed by 38.55.97.143 port 39744 [preauth]
Jun 22 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17574]: pam_unix(cron:session): session closed for user root
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19027]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19086]: Successful su for rubyman by root
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19086]: + ??? root:rubyman
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571339 of user rubyman.
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19086]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571339.
Jun 22 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session closed for user root
Jun 22 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19028]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19367]: Failed password for root from 38.55.97.143 port 37762 ssh2
Jun 22 14:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19367]: Connection closed by 38.55.97.143 port 37762 [preauth]
Jun 22 14:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18089]: pam_unix(cron:session): session closed for user root
Jun 22 14:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: Failed password for root from 38.55.97.143 port 60852 ssh2
Jun 22 14:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: Connection closed by 38.55.97.143 port 60852 [preauth]
Jun 22 14:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session closed for user root
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19720]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19793]: Successful su for rubyman by root
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19793]: + ??? root:rubyman
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571341 of user rubyman.
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19793]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571341.
Jun 22 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session closed for user root
Jun 22 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19715]: Failed password for root from 103.77.175.15 port 56394 ssh2
Jun 22 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19715]: Connection closed by 103.77.175.15 port 56394 [preauth]
Jun 22 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16627]: pam_unix(cron:session): session closed for user root
Jun 22 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Failed password for root from 38.55.97.143 port 58566 ssh2
Jun 22 14:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Connection closed by 38.55.97.143 port 58566 [preauth]
Jun 22 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18601]: pam_unix(cron:session): session closed for user root
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20252]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20325]: Successful su for rubyman by root
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20325]: + ??? root:rubyman
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571347 of user rubyman.
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20325]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571347.
Jun 22 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17123]: pam_unix(cron:session): session closed for user root
Jun 22 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20253]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Failed password for root from 38.55.97.143 port 56356 ssh2
Jun 22 14:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Connection closed by 38.55.97.143 port 56356 [preauth]
Jun 22 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19030]: pam_unix(cron:session): session closed for user root
Jun 22 14:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Failed password for root from 38.55.97.143 port 53812 ssh2
Jun 22 14:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Connection closed by 38.55.97.143 port 53812 [preauth]
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20765]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20840]: Successful su for rubyman by root
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20840]: + ??? root:rubyman
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571351 of user rubyman.
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20840]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571351.
Jun 22 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17573]: pam_unix(cron:session): session closed for user root
Jun 22 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20766]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21088]: Failed password for root from 38.55.97.143 port 56884 ssh2
Jun 22 14:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21088]: Connection closed by 38.55.97.143 port 56884 [preauth]
Jun 22 14:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19724]: pam_unix(cron:session): session closed for user root
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21184]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21244]: Successful su for rubyman by root
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21244]: + ??? root:rubyman
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571355 of user rubyman.
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21244]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571355.
Jun 22 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session closed for user root
Jun 22 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: Failed password for root from 38.55.97.143 port 53954 ssh2
Jun 22 14:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: Connection closed by 38.55.97.143 port 53954 [preauth]
Jun 22 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20255]: pam_unix(cron:session): session closed for user root
Jun 22 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Failed password for root from 62.133.62.83 port 50346 ssh2
Jun 22 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Connection closed by 62.133.62.83 port 50346 [preauth]
Jun 22 14:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: Bad protocol version identification '\026\003\001' from 165.154.120.29 port 33680
Jun 22 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Received disconnect from 82.64.200.144 port 44900:11: disconnected by user [preauth]
Jun 22 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Disconnected from 82.64.200.144 port 44900 [preauth]
Jun 22 14:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Failed password for root from 38.55.97.143 port 48826 ssh2
Jun 22 14:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Connection closed by 38.55.97.143 port 48826 [preauth]
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21614]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: Successful su for rubyman by root
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: + ??? root:rubyman
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571359 of user rubyman.
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571359.
Jun 22 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: Did not receive identification string from 165.154.120.29
Jun 22 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: Connection closed by 165.154.120.29 port 39506 [preauth]
Jun 22 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Protocol major versions differ for 165.154.120.29: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
Jun 22 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18600]: pam_unix(cron:session): session closed for user root
Jun 22 14:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: Failed password for root from 38.55.97.143 port 43648 ssh2
Jun 22 14:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: Connection closed by 38.55.97.143 port 43648 [preauth]
Jun 22 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20779]: pam_unix(cron:session): session closed for user root
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22038]: pam_unix(cron:session): session closed for user root
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22033]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22105]: Successful su for rubyman by root
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22105]: + ??? root:rubyman
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571367 of user rubyman.
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22105]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571367.
Jun 22 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22035]: pam_unix(cron:session): session closed for user root
Jun 22 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19029]: pam_unix(cron:session): session closed for user root
Jun 22 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22034]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: Failed password for root from 80.66.85.226 port 38230 ssh2
Jun 22 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: Connection closed by 80.66.85.226 port 38230 [preauth]
Jun 22 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22404]: Failed password for root from 38.55.97.143 port 39096 ssh2
Jun 22 14:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22404]: Connection closed by 38.55.97.143 port 39096 [preauth]
Jun 22 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21187]: pam_unix(cron:session): session closed for user root
Jun 22 14:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: Failed password for root from 38.55.97.143 port 35104 ssh2
Jun 22 14:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: Connection closed by 38.55.97.143 port 35104 [preauth]
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: Successful su for rubyman by root
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: + ??? root:rubyman
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571369 of user rubyman.
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571369.
Jun 22 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session closed for user root
Jun 22 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22560]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22883]: Failed password for root from 38.55.97.143 port 33012 ssh2
Jun 22 14:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22883]: Connection closed by 38.55.97.143 port 33012 [preauth]
Jun 22 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21618]: pam_unix(cron:session): session closed for user root
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22972]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23030]: Successful su for rubyman by root
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23030]: + ??? root:rubyman
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571373 of user rubyman.
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23030]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571373.
Jun 22 14:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20254]: pam_unix(cron:session): session closed for user root
Jun 22 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22973]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23216]: Failed password for root from 38.55.97.143 port 60494 ssh2
Jun 22 14:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23216]: Connection closed by 38.55.97.143 port 60494 [preauth]
Jun 22 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22037]: pam_unix(cron:session): session closed for user root
Jun 22 14:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: Failed password for root from 38.55.97.143 port 48144 ssh2
Jun 22 14:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: Connection closed by 38.55.97.143 port 48144 [preauth]
Jun 22 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23396]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23458]: Successful su for rubyman by root
Jun 22 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23458]: + ??? root:rubyman
Jun 22 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571377 of user rubyman.
Jun 22 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23458]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571377.
Jun 22 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20768]: pam_unix(cron:session): session closed for user root
Jun 22 14:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23397]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session closed for user root
Jun 22 14:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23751]: Failed password for root from 38.55.97.143 port 58250 ssh2
Jun 22 14:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23751]: Connection closed by 38.55.97.143 port 58250 [preauth]
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23823]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23972]: Successful su for rubyman by root
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23972]: + ??? root:rubyman
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571381 of user rubyman.
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23972]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571381.
Jun 22 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21186]: pam_unix(cron:session): session closed for user root
Jun 22 14:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23824]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Failed password for root from 38.55.97.143 port 57248 ssh2
Jun 22 14:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Connection closed by 38.55.97.143 port 57248 [preauth]
Jun 22 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22975]: pam_unix(cron:session): session closed for user root
Jun 22 14:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 14:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: Failed password for root from 193.24.211.107 port 56071 ssh2
Jun 22 14:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: Received disconnect from 193.24.211.107 port 56071:11: Client disconnecting normally [preauth]
Jun 22 14:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: Disconnected from 193.24.211.107 port 56071 [preauth]
Jun 22 14:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: Failed password for root from 38.55.97.143 port 58828 ssh2
Jun 22 14:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: Connection closed by 38.55.97.143 port 58828 [preauth]
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24342]: pam_unix(cron:session): session closed for user root
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24336]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: Successful su for rubyman by root
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: + ??? root:rubyman
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571385 of user rubyman.
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571385.
Jun 22 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24338]: pam_unix(cron:session): session closed for user root
Jun 22 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session closed for user root
Jun 22 14:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24337]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 14:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Failed password for root from 147.45.199.80 port 48242 ssh2
Jun 22 14:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Connection closed by 147.45.199.80 port 48242 [preauth]
Jun 22 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23399]: pam_unix(cron:session): session closed for user root
Jun 22 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: Failed password for root from 38.55.97.143 port 54366 ssh2
Jun 22 14:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: Connection closed by 38.55.97.143 port 54366 [preauth]
Jun 22 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24866]: Successful su for rubyman by root
Jun 22 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24866]: + ??? root:rubyman
Jun 22 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571391 of user rubyman.
Jun 22 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24866]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571391.
Jun 22 14:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22036]: pam_unix(cron:session): session closed for user root
Jun 22 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: Connection closed by 194.59.206.2 port 52512 [preauth]
Jun 22 14:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: Failed password for root from 38.55.97.143 port 49488 ssh2
Jun 22 14:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: Connection closed by 38.55.97.143 port 49488 [preauth]
Jun 22 14:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23826]: pam_unix(cron:session): session closed for user root
Jun 22 14:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25211]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Failed password for root from 38.55.97.143 port 52360 ssh2
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25268]: Successful su for rubyman by root
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25268]: + ??? root:rubyman
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571397 of user rubyman.
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25268]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571397.
Jun 22 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Connection closed by 38.55.97.143 port 52360 [preauth]
Jun 22 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session closed for user root
Jun 22 14:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25212]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24340]: pam_unix(cron:session): session closed for user root
Jun 22 14:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: Failed password for root from 38.55.97.143 port 54138 ssh2
Jun 22 14:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: Connection closed by 38.55.97.143 port 54138 [preauth]
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25596]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25654]: Successful su for rubyman by root
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25654]: + ??? root:rubyman
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571400 of user rubyman.
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25654]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571400.
Jun 22 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22974]: pam_unix(cron:session): session closed for user root
Jun 22 14:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: Failed password for root from 38.55.97.143 port 53532 ssh2
Jun 22 14:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: Connection closed by 38.55.97.143 port 53532 [preauth]
Jun 22 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session closed for user root
Jun 22 14:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25988]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25985]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26043]: Successful su for rubyman by root
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26043]: + ??? root:rubyman
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571404 of user rubyman.
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26043]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571404.
Jun 22 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25982]: Failed password for root from 38.55.97.143 port 50956 ssh2
Jun 22 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25982]: Connection closed by 38.55.97.143 port 50956 [preauth]
Jun 22 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23398]: pam_unix(cron:session): session closed for user root
Jun 22 14:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25986]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25214]: pam_unix(cron:session): session closed for user root
Jun 22 14:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26330]: Failed password for root from 38.55.97.143 port 50272 ssh2
Jun 22 14:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26330]: Connection closed by 38.55.97.143 port 50272 [preauth]
Jun 22 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session closed for user root
Jun 22 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26386]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: Successful su for rubyman by root
Jun 22 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: + ??? root:rubyman
Jun 22 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571407 of user rubyman.
Jun 22 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571407.
Jun 22 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23825]: pam_unix(cron:session): session closed for user root
Jun 22 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26388]: pam_unix(cron:session): session closed for user root
Jun 22 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26387]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: Failed password for root from 38.55.97.143 port 46554 ssh2
Jun 22 14:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: Connection closed by 38.55.97.143 port 46554 [preauth]
Jun 22 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session closed for user root
Jun 22 14:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26893]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26963]: Successful su for rubyman by root
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26963]: + ??? root:rubyman
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571413 of user rubyman.
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26963]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571413.
Jun 22 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: Failed password for root from 38.55.97.143 port 43828 ssh2
Jun 22 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: Connection closed by 38.55.97.143 port 43828 [preauth]
Jun 22 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24339]: pam_unix(cron:session): session closed for user root
Jun 22 14:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26894]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 14:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Failed password for root from 103.153.68.219 port 44674 ssh2
Jun 22 14:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Connection closed by 103.153.68.219 port 44674 [preauth]
Jun 22 14:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 14:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Failed password for root from 37.233.85.71 port 57760 ssh2
Jun 22 14:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Connection closed by 37.233.85.71 port 57760 [preauth]
Jun 22 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25988]: pam_unix(cron:session): session closed for user root
Jun 22 14:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: Failed password for root from 38.55.97.143 port 41128 ssh2
Jun 22 14:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: Connection closed by 38.55.97.143 port 41128 [preauth]
Jun 22 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27320]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27385]: Successful su for rubyman by root
Jun 22 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27385]: + ??? root:rubyman
Jun 22 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571417 of user rubyman.
Jun 22 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27385]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571417.
Jun 22 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session closed for user root
Jun 22 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27321]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: Failed password for root from 38.55.97.143 port 42708 ssh2
Jun 22 14:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: Connection closed by 38.55.97.143 port 42708 [preauth]
Jun 22 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26390]: pam_unix(cron:session): session closed for user root
Jun 22 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27733]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27795]: Successful su for rubyman by root
Jun 22 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27795]: + ??? root:rubyman
Jun 22 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571421 of user rubyman.
Jun 22 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27795]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571421.
Jun 22 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25213]: pam_unix(cron:session): session closed for user root
Jun 22 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27734]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: Failed password for root from 38.55.97.143 port 35360 ssh2
Jun 22 14:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: Connection closed by 38.55.97.143 port 35360 [preauth]
Jun 22 14:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26896]: pam_unix(cron:session): session closed for user root
Jun 22 14:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: Invalid user plex from 38.55.97.143
Jun 22 14:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: input_userauth_request: invalid user plex [preauth]
Jun 22 14:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: Failed password for invalid user plex from 38.55.97.143 port 37736 ssh2
Jun 22 14:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: Connection closed by 38.55.97.143 port 37736 [preauth]
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28311]: Successful su for rubyman by root
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28311]: + ??? root:rubyman
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571426 of user rubyman.
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28311]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571426.
Jun 22 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28197]: pam_unix(cron:session): session closed for user root
Jun 22 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session closed for user root
Jun 22 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: Invalid user guest from 38.55.97.143
Jun 22 14:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: input_userauth_request: invalid user guest [preauth]
Jun 22 14:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: Failed password for invalid user guest from 38.55.97.143 port 40968 ssh2
Jun 22 14:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: Connection closed by 38.55.97.143 port 40968 [preauth]
Jun 22 14:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27323]: pam_unix(cron:session): session closed for user root
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28784]: pam_unix(cron:session): session closed for user root
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28779]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28845]: Successful su for rubyman by root
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28845]: + ??? root:rubyman
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571430 of user rubyman.
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28845]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571430.
Jun 22 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28781]: pam_unix(cron:session): session closed for user root
Jun 22 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25987]: pam_unix(cron:session): session closed for user root
Jun 22 14:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28780]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: Invalid user dev from 38.55.97.143
Jun 22 14:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: input_userauth_request: invalid user dev [preauth]
Jun 22 14:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: Failed password for invalid user dev from 38.55.97.143 port 46126 ssh2
Jun 22 14:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: Connection closed by 38.55.97.143 port 46126 [preauth]
Jun 22 14:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: Received disconnect from 176.65.131.147 port 52132:11: disconnected by user [preauth]
Jun 22 14:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: Disconnected from 176.65.131.147 port 52132 [preauth]
Jun 22 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session closed for user root
Jun 22 14:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Invalid user ae from 38.55.97.143
Jun 22 14:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: input_userauth_request: invalid user ae [preauth]
Jun 22 14:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Failed password for invalid user ae from 38.55.97.143 port 51826 ssh2
Jun 22 14:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Connection closed by 38.55.97.143 port 51826 [preauth]
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29237]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29323]: Successful su for rubyman by root
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29323]: + ??? root:rubyman
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571438 of user rubyman.
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29323]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571438.
Jun 22 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26389]: pam_unix(cron:session): session closed for user root
Jun 22 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29240]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 14:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: Failed password for root from 87.251.79.125 port 33722 ssh2
Jun 22 14:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: Connection closed by 87.251.79.125 port 33722 [preauth]
Jun 22 14:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28202]: pam_unix(cron:session): session closed for user root
Jun 22 14:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: Invalid user telecomadmin from 38.55.97.143
Jun 22 14:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: input_userauth_request: invalid user telecomadmin [preauth]
Jun 22 14:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 14:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: Failed password for invalid user telecomadmin from 38.55.97.143 port 51556 ssh2
Jun 22 14:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: Connection closed by 38.55.97.143 port 51556 [preauth]
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29858]: Successful su for rubyman by root
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29858]: + ??? root:rubyman
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571440 of user rubyman.
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29858]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571440.
Jun 22 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session closed for user root
Jun 22 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: Failed password for root from 38.55.97.143 port 50490 ssh2
Jun 22 14:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: Connection closed by 38.55.97.143 port 50490 [preauth]
Jun 22 14:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28783]: pam_unix(cron:session): session closed for user root
Jun 22 14:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30200]: Failed password for root from 38.55.97.143 port 50418 ssh2
Jun 22 14:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30200]: Connection closed by 38.55.97.143 port 50418 [preauth]
Jun 22 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30273]: Successful su for rubyman by root
Jun 22 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30273]: + ??? root:rubyman
Jun 22 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571445 of user rubyman.
Jun 22 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30273]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571445.
Jun 22 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27322]: pam_unix(cron:session): session closed for user root
Jun 22 14:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29242]: pam_unix(cron:session): session closed for user root
Jun 22 14:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Failed password for root from 38.55.97.143 port 49144 ssh2
Jun 22 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Connection closed by 38.55.97.143 port 49144 [preauth]
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30627]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30686]: Successful su for rubyman by root
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30686]: + ??? root:rubyman
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571449 of user rubyman.
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30686]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571449.
Jun 22 14:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session closed for user root
Jun 22 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31004]: Failed password for root from 38.55.97.143 port 52492 ssh2
Jun 22 14:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31004]: Connection closed by 38.55.97.143 port 52492 [preauth]
Jun 22 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29788]: pam_unix(cron:session): session closed for user root
Jun 22 14:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Received disconnect from 130.185.239.222 port 48748:11: disconnected by user [preauth]
Jun 22 14:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Disconnected from 130.185.239.222 port 48748 [preauth]
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31134]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31134]: pam_unix(cron:session): session closed for user root
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31128]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31196]: Successful su for rubyman by root
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31196]: + ??? root:rubyman
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571452 of user rubyman.
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31196]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571452.
Jun 22 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31130]: pam_unix(cron:session): session closed for user root
Jun 22 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session closed for user root
Jun 22 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31129]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Failed password for root from 38.55.97.143 port 60338 ssh2
Jun 22 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Connection closed by 38.55.97.143 port 60338 [preauth]
Jun 22 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30216]: pam_unix(cron:session): session closed for user root
Jun 22 14:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Invalid user ming from 141.98.83.240
Jun 22 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: input_userauth_request: invalid user ming [preauth]
Jun 22 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Failed password for invalid user ming from 141.98.83.240 port 28744 ssh2
Jun 22 14:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Failed password for root from 38.55.97.143 port 33402 ssh2
Jun 22 14:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Connection closed by 38.55.97.143 port 33402 [preauth]
Jun 22 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Failed password for invalid user ming from 141.98.83.240 port 28744 ssh2
Jun 22 14:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Failed password for invalid user ming from 141.98.83.240 port 28744 ssh2
Jun 22 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Connection closed by 141.98.83.240 port 28744 [preauth]
Jun 22 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session closed for user root
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: Successful su for rubyman by root
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: + ??? root:rubyman
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571459 of user rubyman.
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571459.
Jun 22 14:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28782]: pam_unix(cron:session): session closed for user root
Jun 22 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31664]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: Failed password for root from 103.27.238.120 port 43188 ssh2
Jun 22 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: Connection closed by 103.27.238.120 port 43188 [preauth]
Jun 22 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: Failed password for root from 38.55.97.143 port 35126 ssh2
Jun 22 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: Connection closed by 38.55.97.143 port 35126 [preauth]
Jun 22 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30630]: pam_unix(cron:session): session closed for user root
Jun 22 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 14:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Failed password for root from 193.24.211.107 port 39381 ssh2
Jun 22 14:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Received disconnect from 193.24.211.107 port 39381:11: Client disconnecting normally [preauth]
Jun 22 14:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Disconnected from 193.24.211.107 port 39381 [preauth]
Jun 22 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32161]: Successful su for rubyman by root
Jun 22 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32161]: + ??? root:rubyman
Jun 22 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571464 of user rubyman.
Jun 22 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32161]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571464.
Jun 22 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29241]: pam_unix(cron:session): session closed for user root
Jun 22 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Failed password for root from 38.55.97.143 port 36930 ssh2
Jun 22 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Connection closed by 38.55.97.143 port 36930 [preauth]
Jun 22 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31132]: pam_unix(cron:session): session closed for user root
Jun 22 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Failed password for root from 38.55.97.143 port 42960 ssh2
Jun 22 14:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Connection closed by 38.55.97.143 port 42960 [preauth]
Jun 22 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32507]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: Successful su for rubyman by root
Jun 22 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: + ??? root:rubyman
Jun 22 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571467 of user rubyman.
Jun 22 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571467.
Jun 22 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29787]: pam_unix(cron:session): session closed for user root
Jun 22 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: Received disconnect from 85.120.81.241 port 40008:11: disconnected by user [preauth]
Jun 22 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: Disconnected from 85.120.81.241 port 40008 [preauth]
Jun 22 14:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31667]: pam_unix(cron:session): session closed for user root
Jun 22 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: Failed password for root from 38.55.97.143 port 49230 ssh2
Jun 22 14:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 22 14:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: Connection closed by 38.55.97.143 port 49230 [preauth]
Jun 22 14:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Failed password for root from 193.46.255.86 port 11628 ssh2
Jun 22 14:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Failed password for root from 193.46.255.86 port 11628 ssh2
Jun 22 14:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Failed password for root from 193.46.255.86 port 11628 ssh2
Jun 22 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: Failed password for root from 103.149.28.157 port 37422 ssh2
Jun 22 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Connection closed by 193.46.255.86 port 11628 [preauth]
Jun 22 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 22 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: Connection closed by 103.149.28.157 port 37422 [preauth]
Jun 22 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[603]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[665]: Successful su for rubyman by root
Jun 22 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[665]: + ??? root:rubyman
Jun 22 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571471 of user rubyman.
Jun 22 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[665]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571471.
Jun 22 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30215]: pam_unix(cron:session): session closed for user root
Jun 22 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[601]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: Failed password for root from 38.55.97.143 port 51476 ssh2
Jun 22 14:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: Connection closed by 38.55.97.143 port 51476 [preauth]
Jun 22 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session closed for user root
Jun 22 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: Failed password for root from 38.55.97.143 port 53644 ssh2
Jun 22 14:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: Connection closed by 38.55.97.143 port 53644 [preauth]
Jun 22 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1036]: pam_unix(cron:session): session closed for user root
Jun 22 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1027]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1129]: Successful su for rubyman by root
Jun 22 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1129]: + ??? root:rubyman
Jun 22 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571477 of user rubyman.
Jun 22 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1129]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571477.
Jun 22 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1029]: pam_unix(cron:session): session closed for user root
Jun 22 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session closed for user root
Jun 22 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1028]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32510]: pam_unix(cron:session): session closed for user root
Jun 22 14:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: Failed password for root from 38.55.97.143 port 57202 ssh2
Jun 22 14:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: Connection closed by 38.55.97.143 port 57202 [preauth]
Jun 22 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 22 14:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1620]: Failed password for root from 46.19.67.181 port 52552 ssh2
Jun 22 14:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1620]: Connection closed by 46.19.67.181 port 52552 [preauth]
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1636]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1708]: Successful su for rubyman by root
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1708]: + ??? root:rubyman
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571482 of user rubyman.
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1708]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571482.
Jun 22 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31131]: pam_unix(cron:session): session closed for user root
Jun 22 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1637]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1969]: Failed password for root from 38.55.97.143 port 33338 ssh2
Jun 22 14:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1969]: Connection closed by 38.55.97.143 port 33338 [preauth]
Jun 22 14:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: Did not receive identification string from 129.222.172.38
Jun 22 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[603]: pam_unix(cron:session): session closed for user root
Jun 22 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2130]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2208]: Successful su for rubyman by root
Jun 22 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2208]: + ??? root:rubyman
Jun 22 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571486 of user rubyman.
Jun 22 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2208]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571486.
Jun 22 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session closed for user root
Jun 22 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Failed password for root from 38.55.97.143 port 40006 ssh2
Jun 22 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Connection closed by 38.55.97.143 port 40006 [preauth]
Jun 22 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2131]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1035]: pam_unix(cron:session): session closed for user root
Jun 22 14:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2511]: Failed password for root from 38.55.97.143 port 47058 ssh2
Jun 22 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2511]: Connection closed by 38.55.97.143 port 47058 [preauth]
Jun 22 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2556]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2629]: Successful su for rubyman by root
Jun 22 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2629]: + ??? root:rubyman
Jun 22 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571490 of user rubyman.
Jun 22 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2629]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571490.
Jun 22 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Connection closed by 45.148.10.121 port 57124 [preauth]
Jun 22 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session closed for user root
Jun 22 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2557]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Failed password for root from 38.55.97.143 port 53064 ssh2
Jun 22 14:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Connection closed by 38.55.97.143 port 53064 [preauth]
Jun 22 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session closed for user root
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2966]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3029]: Successful su for rubyman by root
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3029]: + ??? root:rubyman
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571493 of user rubyman.
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3029]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571493.
Jun 22 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32509]: pam_unix(cron:session): session closed for user root
Jun 22 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2967]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: Failed password for root from 38.55.97.143 port 55544 ssh2
Jun 22 14:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: Connection closed by 38.55.97.143 port 55544 [preauth]
Jun 22 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2133]: pam_unix(cron:session): session closed for user root
Jun 22 14:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: Failed password for root from 38.55.97.143 port 56166 ssh2
Jun 22 14:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: Connection closed by 38.55.97.143 port 56166 [preauth]
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3372]: pam_unix(cron:session): session closed for user root
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3367]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3432]: Successful su for rubyman by root
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3432]: + ??? root:rubyman
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571500 of user rubyman.
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3432]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571500.
Jun 22 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3369]: pam_unix(cron:session): session closed for user root
Jun 22 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[602]: pam_unix(cron:session): session closed for user root
Jun 22 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Failed password for root from 103.172.78.219 port 45976 ssh2
Jun 22 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Connection closed by 103.172.78.219 port 45976 [preauth]
Jun 22 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2559]: pam_unix(cron:session): session closed for user root
Jun 22 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Failed password for root from 38.55.97.143 port 55612 ssh2
Jun 22 14:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Connection closed by 38.55.97.143 port 55612 [preauth]
Jun 22 14:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Failed password for root from 38.93.206.2 port 18116 ssh2
Jun 22 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Connection closed by 38.93.206.2 port 18116 [preauth]
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3953]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4069]: Successful su for rubyman by root
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4069]: + ??? root:rubyman
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571505 of user rubyman.
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4069]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571505.
Jun 22 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1031]: pam_unix(cron:session): session closed for user root
Jun 22 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3954]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Failed password for root from 38.55.97.143 port 58976 ssh2
Jun 22 14:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Connection closed by 38.55.97.143 port 58976 [preauth]
Jun 22 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2969]: pam_unix(cron:session): session closed for user root
Jun 22 14:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Failed password for root from 38.55.97.143 port 34370 ssh2
Jun 22 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Connection closed by 38.55.97.143 port 34370 [preauth]
Jun 22 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4417]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4480]: Successful su for rubyman by root
Jun 22 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4480]: + ??? root:rubyman
Jun 22 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571507 of user rubyman.
Jun 22 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4480]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571507.
Jun 22 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1638]: pam_unix(cron:session): session closed for user root
Jun 22 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4418]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3371]: pam_unix(cron:session): session closed for user root
Jun 22 14:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: Failed password for root from 38.55.97.143 port 40184 ssh2
Jun 22 14:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: Connection closed by 38.55.97.143 port 40184 [preauth]
Jun 22 14:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 14:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: Failed password for root from 103.82.20.28 port 41078 ssh2
Jun 22 14:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: Connection closed by 103.82.20.28 port 41078 [preauth]
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4930]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4999]: Successful su for rubyman by root
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4999]: + ??? root:rubyman
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571513 of user rubyman.
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4999]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571513.
Jun 22 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2132]: pam_unix(cron:session): session closed for user root
Jun 22 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Failed password for root from 38.55.97.143 port 60128 ssh2
Jun 22 14:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Connection closed by 38.55.97.143 port 60128 [preauth]
Jun 22 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3956]: pam_unix(cron:session): session closed for user root
Jun 22 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5342]: pam_unix(cron:session): session closed for user p13x
Jun 22 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5413]: Successful su for rubyman by root
Jun 22 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5413]: + ??? root:rubyman
Jun 22 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571515 of user rubyman.
Jun 22 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5413]: pam_unix(su:session): session closed for user rubyman
Jun 22 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571515.
Jun 22 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2558]: pam_unix(cron:session): session closed for user root
Jun 22 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5343]: pam_unix(cron:session): session closed for user samftp
Jun 22 14:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5602]: Failed password for root from 38.55.97.143 port 38900 ssh2
Jun 22 14:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5602]: Connection closed by 38.55.97.143 port 38900 [preauth]
Jun 22 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 14:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: Received disconnect from 23.239.96.154 port 48050:11: disconnected by user [preauth]
Jun 22 14:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: Disconnected from 23.239.96.154 port 48050 [preauth]
Jun 22 14:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4420]: pam_unix(cron:session): session closed for user root
Jun 22 14:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 14:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: Failed password for root from 38.55.97.143 port 43068 ssh2
Jun 22 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: Connection closed by 38.55.97.143 port 43068 [preauth]
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5747]: pam_unix(cron:session): session closed for user root
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5743]: pam_unix(cron:session): session closed for user root
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5741]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5833]: Successful su for rubyman by root
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5833]: + ??? root:rubyman
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571521 of user rubyman.
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5833]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571521.
Jun 22 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5744]: pam_unix(cron:session): session closed for user root
Jun 22 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2968]: pam_unix(cron:session): session closed for user root
Jun 22 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5742]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: Failed password for root from 103.77.242.62 port 52580 ssh2
Jun 22 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: Connection closed by 103.77.242.62 port 52580 [preauth]
Jun 22 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4934]: pam_unix(cron:session): session closed for user root
Jun 22 15:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Failed password for root from 38.55.97.143 port 42246 ssh2
Jun 22 15:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Connection closed by 38.55.97.143 port 42246 [preauth]
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6233]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6297]: Successful su for rubyman by root
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6297]: + ??? root:rubyman
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571527 of user rubyman.
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6297]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571527.
Jun 22 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3370]: pam_unix(cron:session): session closed for user root
Jun 22 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6234]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Failed password for root from 38.55.97.143 port 41988 ssh2
Jun 22 15:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Connection closed by 38.55.97.143 port 41988 [preauth]
Jun 22 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session closed for user root
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6637]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: Successful su for rubyman by root
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: + ??? root:rubyman
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571532 of user rubyman.
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571532.
Jun 22 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: Failed password for root from 38.55.97.143 port 42700 ssh2
Jun 22 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3955]: pam_unix(cron:session): session closed for user root
Jun 22 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: Connection closed by 38.55.97.143 port 42700 [preauth]
Jun 22 15:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6638]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5746]: pam_unix(cron:session): session closed for user root
Jun 22 15:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7067]: Failed password for root from 38.55.97.143 port 43486 ssh2
Jun 22 15:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7067]: Connection closed by 38.55.97.143 port 43486 [preauth]
Jun 22 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7143]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7209]: Successful su for rubyman by root
Jun 22 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7209]: + ??? root:rubyman
Jun 22 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571535 of user rubyman.
Jun 22 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7209]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571535.
Jun 22 15:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session closed for user root
Jun 22 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7144]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 15:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Failed password for root from 193.24.211.107 port 26070 ssh2
Jun 22 15:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Received disconnect from 193.24.211.107 port 26070:11: Client disconnecting normally [preauth]
Jun 22 15:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Disconnected from 193.24.211.107 port 26070 [preauth]
Jun 22 15:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Failed password for root from 38.55.97.143 port 45562 ssh2
Jun 22 15:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Connection closed by 38.55.97.143 port 45562 [preauth]
Jun 22 15:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: Invalid user admin from 2.57.121.25
Jun 22 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: input_userauth_request: invalid user admin [preauth]
Jun 22 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6236]: pam_unix(cron:session): session closed for user root
Jun 22 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: Failed password for invalid user admin from 2.57.121.25 port 41150 ssh2
Jun 22 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: Failed password for invalid user admin from 2.57.121.25 port 41150 ssh2
Jun 22 15:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: Failed password for invalid user admin from 2.57.121.25 port 41150 ssh2
Jun 22 15:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: Connection closed by 2.57.121.25 port 41150 [preauth]
Jun 22 15:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7544]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: Successful su for rubyman by root
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: + ??? root:rubyman
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571539 of user rubyman.
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571539.
Jun 22 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4932]: pam_unix(cron:session): session closed for user root
Jun 22 15:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7545]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Failed password for root from 38.55.97.143 port 51630 ssh2
Jun 22 15:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Connection closed by 38.55.97.143 port 51630 [preauth]
Jun 22 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6640]: pam_unix(cron:session): session closed for user root
Jun 22 15:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: Failed password for root from 38.55.97.143 port 33680 ssh2
Jun 22 15:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: Connection closed by 38.55.97.143 port 33680 [preauth]
Jun 22 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session closed for user root
Jun 22 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8031]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8107]: Successful su for rubyman by root
Jun 22 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8107]: + ??? root:rubyman
Jun 22 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571546 of user rubyman.
Jun 22 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8107]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571546.
Jun 22 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session closed for user root
Jun 22 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session closed for user root
Jun 22 15:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: Failed password for root from 103.176.20.57 port 55688 ssh2
Jun 22 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8372]: Connection closed by 103.176.20.57 port 55688 [preauth]
Jun 22 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session closed for user root
Jun 22 15:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: Failed password for root from 38.55.97.143 port 42790 ssh2
Jun 22 15:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: Connection closed by 38.55.97.143 port 42790 [preauth]
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8538]: Successful su for rubyman by root
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8538]: + ??? root:rubyman
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571549 of user rubyman.
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8538]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571549.
Jun 22 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5745]: pam_unix(cron:session): session closed for user root
Jun 22 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: Failed password for root from 38.55.97.143 port 48428 ssh2
Jun 22 15:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: Connection closed by 38.55.97.143 port 48428 [preauth]
Jun 22 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7548]: pam_unix(cron:session): session closed for user root
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8868]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: Successful su for rubyman by root
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: + ??? root:rubyman
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571552 of user rubyman.
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571552.
Jun 22 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session closed for user root
Jun 22 15:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: Invalid user oracle from 38.55.97.143
Jun 22 15:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: input_userauth_request: invalid user oracle [preauth]
Jun 22 15:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: Failed password for invalid user oracle from 38.55.97.143 port 52186 ssh2
Jun 22 15:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: Connection closed by 38.55.97.143 port 52186 [preauth]
Jun 22 15:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9181]: Received disconnect from 200.26.188.219 port 19848:11: disconnected by user [preauth]
Jun 22 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9181]: Disconnected from 200.26.188.219 port 19848 [preauth]
Jun 22 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session closed for user root
Jun 22 15:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9267]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: Invalid user nick from 38.55.97.143
Jun 22 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: input_userauth_request: invalid user nick [preauth]
Jun 22 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9329]: Successful su for rubyman by root
Jun 22 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9329]: + ??? root:rubyman
Jun 22 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571558 of user rubyman.
Jun 22 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9329]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571558.
Jun 22 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: Failed password for invalid user nick from 38.55.97.143 port 39586 ssh2
Jun 22 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: Connection closed by 38.55.97.143 port 39586 [preauth]
Jun 22 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6639]: pam_unix(cron:session): session closed for user root
Jun 22 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9268]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8469]: pam_unix(cron:session): session closed for user root
Jun 22 15:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 15:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: Failed password for root from 103.27.238.114 port 40932 ssh2
Jun 22 15:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: Connection closed by 103.27.238.114 port 40932 [preauth]
Jun 22 15:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Invalid user nexus from 38.55.97.143
Jun 22 15:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: input_userauth_request: invalid user nexus [preauth]
Jun 22 15:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Failed password for invalid user nexus from 38.55.97.143 port 54800 ssh2
Jun 22 15:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Connection closed by 38.55.97.143 port 54800 [preauth]
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9656]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9786]: Successful su for rubyman by root
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9786]: + ??? root:rubyman
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571562 of user rubyman.
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9786]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571562.
Jun 22 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9654]: pam_unix(cron:session): session closed for user root
Jun 22 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7145]: pam_unix(cron:session): session closed for user root
Jun 22 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9657]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: Invalid user git from 38.55.97.143
Jun 22 15:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: input_userauth_request: invalid user git [preauth]
Jun 22 15:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: Failed password for invalid user git from 38.55.97.143 port 33140 ssh2
Jun 22 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8871]: pam_unix(cron:session): session closed for user root
Jun 22 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: Connection closed by 38.55.97.143 port 33140 [preauth]
Jun 22 15:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session closed for user root
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10420]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: Successful su for rubyman by root
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: + ??? root:rubyman
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571565 of user rubyman.
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571565.
Jun 22 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session closed for user root
Jun 22 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7547]: pam_unix(cron:session): session closed for user root
Jun 22 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10421]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Invalid user es from 38.55.97.143
Jun 22 15:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: input_userauth_request: invalid user es [preauth]
Jun 22 15:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Failed password for invalid user es from 38.55.97.143 port 41052 ssh2
Jun 22 15:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Connection closed by 38.55.97.143 port 41052 [preauth]
Jun 22 15:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 15:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: Failed password for root from 202.178.126.219 port 51480 ssh2
Jun 22 15:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: Connection closed by 202.178.126.219 port 51480 [preauth]
Jun 22 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9270]: pam_unix(cron:session): session closed for user root
Jun 22 15:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: Connection reset by 45.148.10.141 port 11842 [preauth]
Jun 22 15:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: Invalid user dd from 38.55.97.143
Jun 22 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: input_userauth_request: invalid user dd [preauth]
Jun 22 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10876]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: Successful su for rubyman by root
Jun 22 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: + ??? root:rubyman
Jun 22 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571572 of user rubyman.
Jun 22 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571572.
Jun 22 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: Failed password for invalid user dd from 38.55.97.143 port 51674 ssh2
Jun 22 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: Connection closed by 38.55.97.143 port 51674 [preauth]
Jun 22 15:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session closed for user root
Jun 22 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10877]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 15:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: Failed password for root from 103.15.222.183 port 50298 ssh2
Jun 22 15:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: Connection closed by 103.15.222.183 port 50298 [preauth]
Jun 22 15:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11138]: Connection reset by 198.235.24.77 port 61482 [preauth]
Jun 22 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9659]: pam_unix(cron:session): session closed for user root
Jun 22 15:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: Invalid user bitrix from 38.55.97.143
Jun 22 15:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: input_userauth_request: invalid user bitrix [preauth]
Jun 22 15:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: Failed password for invalid user bitrix from 38.55.97.143 port 38262 ssh2
Jun 22 15:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: Connection closed by 38.55.97.143 port 38262 [preauth]
Jun 22 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11302]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11366]: Successful su for rubyman by root
Jun 22 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11366]: + ??? root:rubyman
Jun 22 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571575 of user rubyman.
Jun 22 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11366]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571575.
Jun 22 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8468]: pam_unix(cron:session): session closed for user root
Jun 22 15:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11369]: Failed password for root from 193.37.70.224 port 47780 ssh2
Jun 22 15:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11369]: Connection closed by 193.37.70.224 port 47780 [preauth]
Jun 22 15:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11303]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10424]: pam_unix(cron:session): session closed for user root
Jun 22 15:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: Invalid user api from 38.55.97.143
Jun 22 15:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: input_userauth_request: invalid user api [preauth]
Jun 22 15:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: Failed password for invalid user api from 38.55.97.143 port 37328 ssh2
Jun 22 15:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: Connection closed by 38.55.97.143 port 37328 [preauth]
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11722]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11719]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11812]: Successful su for rubyman by root
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11812]: + ??? root:rubyman
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571579 of user rubyman.
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11812]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571579.
Jun 22 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session closed for user root
Jun 22 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11720]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10879]: pam_unix(cron:session): session closed for user root
Jun 22 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: Invalid user admin from 38.55.97.143
Jun 22 15:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: input_userauth_request: invalid user admin [preauth]
Jun 22 15:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: Failed password for invalid user admin from 38.55.97.143 port 54112 ssh2
Jun 22 15:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: Connection closed by 38.55.97.143 port 54112 [preauth]
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12168]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12235]: Successful su for rubyman by root
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12235]: + ??? root:rubyman
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571584 of user rubyman.
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12235]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571584.
Jun 22 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9269]: pam_unix(cron:session): session closed for user root
Jun 22 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12169]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: Invalid user admin from 38.55.97.143
Jun 22 15:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: input_userauth_request: invalid user admin [preauth]
Jun 22 15:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: Failed password for invalid user admin from 38.55.97.143 port 39636 ssh2
Jun 22 15:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12579]: Connection closed by 38.55.97.143 port 39636 [preauth]
Jun 22 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11305]: pam_unix(cron:session): session closed for user root
Jun 22 15:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Failed password for root from 51.250.105.222 port 55798 ssh2
Jun 22 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Connection closed by 51.250.105.222 port 55798 [preauth]
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12701]: pam_unix(cron:session): session closed for user root
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12696]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: Successful su for rubyman by root
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: + ??? root:rubyman
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571590 of user rubyman.
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571590.
Jun 22 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12698]: pam_unix(cron:session): session closed for user root
Jun 22 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9658]: pam_unix(cron:session): session closed for user root
Jun 22 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Invalid user user from 38.55.97.143
Jun 22 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: input_userauth_request: invalid user user [preauth]
Jun 22 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12697]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Failed password for invalid user user from 38.55.97.143 port 46338 ssh2
Jun 22 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Connection closed by 38.55.97.143 port 46338 [preauth]
Jun 22 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11722]: pam_unix(cron:session): session closed for user root
Jun 22 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Invalid user ubuntu from 38.55.97.143
Jun 22 15:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 15:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Failed password for invalid user ubuntu from 38.55.97.143 port 52806 ssh2
Jun 22 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Connection closed by 38.55.97.143 port 52806 [preauth]
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13145]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13224]: Successful su for rubyman by root
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13224]: + ??? root:rubyman
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571593 of user rubyman.
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13224]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571593.
Jun 22 15:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session closed for user root
Jun 22 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13147]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13472]: Failed password for root from 38.55.97.143 port 59482 ssh2
Jun 22 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13472]: Connection closed by 38.55.97.143 port 59482 [preauth]
Jun 22 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session closed for user root
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13561]: pam_unix(cron:session): session closed for user root
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13563]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13627]: Successful su for rubyman by root
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13627]: + ??? root:rubyman
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571599 of user rubyman.
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13627]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571599.
Jun 22 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10878]: pam_unix(cron:session): session closed for user root
Jun 22 15:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13564]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 15:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Failed password for root from 109.237.96.109 port 47030 ssh2
Jun 22 15:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Connection closed by 109.237.96.109 port 47030 [preauth]
Jun 22 15:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: Failed password for root from 38.55.97.143 port 38312 ssh2
Jun 22 15:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: Connection closed by 38.55.97.143 port 38312 [preauth]
Jun 22 15:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Received disconnect from 209.90.232.249 port 40218:11: disconnected by user [preauth]
Jun 22 15:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Disconnected from 209.90.232.249 port 40218 [preauth]
Jun 22 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12700]: pam_unix(cron:session): session closed for user root
Jun 22 15:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13986]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13983]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14043]: Successful su for rubyman by root
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14043]: + ??? root:rubyman
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571602 of user rubyman.
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14043]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571602.
Jun 22 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: Failed password for root from 38.55.97.143 port 50050 ssh2
Jun 22 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: Connection closed by 38.55.97.143 port 50050 [preauth]
Jun 22 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11304]: pam_unix(cron:session): session closed for user root
Jun 22 15:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13984]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Invalid user neal from 141.98.83.240
Jun 22 15:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: input_userauth_request: invalid user neal [preauth]
Jun 22 15:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Failed password for invalid user neal from 141.98.83.240 port 28604 ssh2
Jun 22 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Failed password for invalid user neal from 141.98.83.240 port 28604 ssh2
Jun 22 15:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Failed password for invalid user neal from 141.98.83.240 port 28604 ssh2
Jun 22 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Connection closed by 141.98.83.240 port 28604 [preauth]
Jun 22 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session closed for user root
Jun 22 15:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 15:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Failed password for root from 194.113.233.25 port 35990 ssh2
Jun 22 15:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Failed password for root from 38.55.97.143 port 42700 ssh2
Jun 22 15:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Connection closed by 194.113.233.25 port 35990 [preauth]
Jun 22 15:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Connection closed by 38.55.97.143 port 42700 [preauth]
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14366]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: Successful su for rubyman by root
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: + ??? root:rubyman
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571606 of user rubyman.
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571606.
Jun 22 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11721]: pam_unix(cron:session): session closed for user root
Jun 22 15:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14367]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13566]: pam_unix(cron:session): session closed for user root
Jun 22 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14726]: Failed password for root from 38.55.97.143 port 49056 ssh2
Jun 22 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14726]: Connection closed by 38.55.97.143 port 49056 [preauth]
Jun 22 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14817]: Received disconnect from 91.223.69.87 port 51418:11: disconnected by user [preauth]
Jun 22 15:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14817]: Disconnected from 91.223.69.87 port 51418 [preauth]
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14862]: pam_unix(cron:session): session closed for user root
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14856]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14927]: Successful su for rubyman by root
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14927]: + ??? root:rubyman
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571610 of user rubyman.
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14927]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571610.
Jun 22 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14858]: pam_unix(cron:session): session closed for user root
Jun 22 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12170]: pam_unix(cron:session): session closed for user root
Jun 22 15:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14857]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: Failed password for root from 38.55.97.143 port 55464 ssh2
Jun 22 15:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: Connection closed by 38.55.97.143 port 55464 [preauth]
Jun 22 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 15:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: Failed password for root from 193.24.211.107 port 53357 ssh2
Jun 22 15:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: Received disconnect from 193.24.211.107 port 53357:11: Client disconnecting normally [preauth]
Jun 22 15:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: Disconnected from 193.24.211.107 port 53357 [preauth]
Jun 22 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13986]: pam_unix(cron:session): session closed for user root
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15294]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15360]: Successful su for rubyman by root
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15360]: + ??? root:rubyman
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571616 of user rubyman.
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15360]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571616.
Jun 22 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: Failed password for root from 38.55.97.143 port 39446 ssh2
Jun 22 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: Connection closed by 38.55.97.143 port 39446 [preauth]
Jun 22 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12699]: pam_unix(cron:session): session closed for user root
Jun 22 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15295]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14369]: pam_unix(cron:session): session closed for user root
Jun 22 15:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Failed password for root from 38.55.97.143 port 48172 ssh2
Jun 22 15:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Connection closed by 38.55.97.143 port 48172 [preauth]
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15680]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15749]: Successful su for rubyman by root
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15749]: + ??? root:rubyman
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571620 of user rubyman.
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15749]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571620.
Jun 22 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session closed for user root
Jun 22 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15681]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: Failed password for root from 38.55.97.143 port 58670 ssh2
Jun 22 15:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: Connection closed by 38.55.97.143 port 58670 [preauth]
Jun 22 15:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14861]: pam_unix(cron:session): session closed for user root
Jun 22 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16076]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16135]: Successful su for rubyman by root
Jun 22 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16135]: + ??? root:rubyman
Jun 22 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571626 of user rubyman.
Jun 22 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16135]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571626.
Jun 22 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13565]: pam_unix(cron:session): session closed for user root
Jun 22 15:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16077]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 15:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Failed password for root from 38.55.97.143 port 38508 ssh2
Jun 22 15:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Connection closed by 38.55.97.143 port 38508 [preauth]
Jun 22 15:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: Failed password for root from 103.122.221.179 port 54978 ssh2
Jun 22 15:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: Connection closed by 103.122.221.179 port 54978 [preauth]
Jun 22 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15297]: pam_unix(cron:session): session closed for user root
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16465]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16533]: Successful su for rubyman by root
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16533]: + ??? root:rubyman
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571628 of user rubyman.
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16533]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571628.
Jun 22 15:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13985]: pam_unix(cron:session): session closed for user root
Jun 22 15:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16466]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: Failed password for root from 38.55.97.143 port 51378 ssh2
Jun 22 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16711]: Connection closed by 38.55.97.143 port 51378 [preauth]
Jun 22 15:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15684]: pam_unix(cron:session): session closed for user root
Jun 22 15:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: Failed password for root from 38.55.97.143 port 33056 ssh2
Jun 22 15:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: Connection closed by 38.55.97.143 port 33056 [preauth]
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16906]: pam_unix(cron:session): session closed for user root
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16901]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17034]: Successful su for rubyman by root
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17034]: + ??? root:rubyman
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571632 of user rubyman.
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17034]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571632.
Jun 22 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16903]: pam_unix(cron:session): session closed for user root
Jun 22 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14368]: pam_unix(cron:session): session closed for user root
Jun 22 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16902]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16079]: pam_unix(cron:session): session closed for user root
Jun 22 15:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17341]: Failed password for root from 38.55.97.143 port 42390 ssh2
Jun 22 15:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17341]: Connection closed by 38.55.97.143 port 42390 [preauth]
Jun 22 15:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17403]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17486]: Successful su for rubyman by root
Jun 22 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17486]: + ??? root:rubyman
Jun 22 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571639 of user rubyman.
Jun 22 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17486]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571639.
Jun 22 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: Failed password for root from 103.82.132.16 port 44062 ssh2
Jun 22 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: Connection closed by 103.82.132.16 port 44062 [preauth]
Jun 22 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14860]: pam_unix(cron:session): session closed for user root
Jun 22 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17404]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Failed password for root from 38.55.97.143 port 49968 ssh2
Jun 22 15:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Connection closed by 38.55.97.143 port 49968 [preauth]
Jun 22 15:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16468]: pam_unix(cron:session): session closed for user root
Jun 22 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: Successful su for rubyman by root
Jun 22 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: + ??? root:rubyman
Jun 22 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571642 of user rubyman.
Jun 22 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571642.
Jun 22 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15296]: pam_unix(cron:session): session closed for user root
Jun 22 15:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18154]: Failed password for root from 38.55.97.143 port 59068 ssh2
Jun 22 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18154]: Connection closed by 38.55.97.143 port 59068 [preauth]
Jun 22 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: Failed password for root from 103.27.238.116 port 50544 ssh2
Jun 22 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: Connection closed by 103.27.238.116 port 50544 [preauth]
Jun 22 15:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16905]: pam_unix(cron:session): session closed for user root
Jun 22 15:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 15:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: Failed password for root from 77.94.47.83 port 37820 ssh2
Jun 22 15:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: Connection closed by 77.94.47.83 port 37820 [preauth]
Jun 22 15:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: Failed password for root from 38.55.97.143 port 41796 ssh2
Jun 22 15:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: Connection closed by 38.55.97.143 port 41796 [preauth]
Jun 22 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18347]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18491]: Successful su for rubyman by root
Jun 22 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18491]: + ??? root:rubyman
Jun 22 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571648 of user rubyman.
Jun 22 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18491]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571648.
Jun 22 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15682]: pam_unix(cron:session): session closed for user root
Jun 22 15:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18348]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17406]: pam_unix(cron:session): session closed for user root
Jun 22 15:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18829]: Failed password for root from 38.55.97.143 port 53540 ssh2
Jun 22 15:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18829]: Connection closed by 38.55.97.143 port 53540 [preauth]
Jun 22 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Invalid user jaila from 2.57.121.112
Jun 22 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: input_userauth_request: invalid user jaila [preauth]
Jun 22 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 15:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Failed password for invalid user jaila from 2.57.121.112 port 36982 ssh2
Jun 22 15:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Failed password for invalid user jaila from 2.57.121.112 port 36982 ssh2
Jun 22 15:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18920]: Successful su for rubyman by root
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18920]: + ??? root:rubyman
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571651 of user rubyman.
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18920]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571651.
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Failed password for invalid user jaila from 2.57.121.112 port 36982 ssh2
Jun 22 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Failed password for invalid user jaila from 2.57.121.112 port 36982 ssh2
Jun 22 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Connection closed by 2.57.121.112 port 36982 [preauth]
Jun 22 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 22 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16078]: pam_unix(cron:session): session closed for user root
Jun 22 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Invalid user jaila from 2.57.121.112
Jun 22 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: input_userauth_request: invalid user jaila [preauth]
Jun 22 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18862]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Failed password for invalid user jaila from 2.57.121.112 port 16884 ssh2
Jun 22 15:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Connection closed by 2.57.121.112 port 16884 [preauth]
Jun 22 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17919]: pam_unix(cron:session): session closed for user root
Jun 22 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: Failed password for root from 38.55.97.143 port 46876 ssh2
Jun 22 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: Connection closed by 38.55.97.143 port 46876 [preauth]
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19362]: pam_unix(cron:session): session closed for user root
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19356]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19427]: Successful su for rubyman by root
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19427]: + ??? root:rubyman
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571654 of user rubyman.
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19427]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571654.
Jun 22 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16467]: pam_unix(cron:session): session closed for user root
Jun 22 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19359]: pam_unix(cron:session): session closed for user root
Jun 22 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19358]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Invalid user admin from 45.148.10.121
Jun 22 15:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: input_userauth_request: invalid user admin [preauth]
Jun 22 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 22 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: Failed password for root from 38.55.97.143 port 59494 ssh2
Jun 22 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: Connection closed by 38.55.97.143 port 59494 [preauth]
Jun 22 15:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Failed password for invalid user admin from 45.148.10.121 port 49002 ssh2
Jun 22 15:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Connection closed by 45.148.10.121 port 49002 [preauth]
Jun 22 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session closed for user root
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20004]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20069]: Successful su for rubyman by root
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20069]: + ??? root:rubyman
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571661 of user rubyman.
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20069]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571661.
Jun 22 15:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16904]: pam_unix(cron:session): session closed for user root
Jun 22 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20005]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: Failed password for root from 38.55.97.143 port 42348 ssh2
Jun 22 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: Connection closed by 38.55.97.143 port 42348 [preauth]
Jun 22 15:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20369]: Connection closed by 194.59.206.2 port 33338 [preauth]
Jun 22 15:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18864]: pam_unix(cron:session): session closed for user root
Jun 22 15:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Failed password for root from 38.55.97.143 port 51444 ssh2
Jun 22 15:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Connection closed by 38.55.97.143 port 51444 [preauth]
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20516]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20577]: Successful su for rubyman by root
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20577]: + ??? root:rubyman
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571664 of user rubyman.
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20577]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571664.
Jun 22 15:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17405]: pam_unix(cron:session): session closed for user root
Jun 22 15:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20517]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19361]: pam_unix(cron:session): session closed for user root
Jun 22 15:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20928]: Failed password for root from 38.55.97.143 port 59982 ssh2
Jun 22 15:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20928]: Connection closed by 38.55.97.143 port 59982 [preauth]
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21012]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21079]: Successful su for rubyman by root
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21079]: + ??? root:rubyman
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571669 of user rubyman.
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21079]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571669.
Jun 22 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17918]: pam_unix(cron:session): session closed for user root
Jun 22 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21013]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: Failed password for root from 38.55.97.143 port 39188 ssh2
Jun 22 15:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: Connection closed by 38.55.97.143 port 39188 [preauth]
Jun 22 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session closed for user root
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21489]: Successful su for rubyman by root
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21489]: + ??? root:rubyman
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571672 of user rubyman.
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21489]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571672.
Jun 22 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18349]: pam_unix(cron:session): session closed for user root
Jun 22 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21425]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: Failed password for root from 38.55.97.143 port 54420 ssh2
Jun 22 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: Connection closed by 38.55.97.143 port 54420 [preauth]
Jun 22 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session closed for user root
Jun 22 15:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21848]: Failed password for root from 38.55.97.143 port 40506 ssh2
Jun 22 15:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21848]: Connection closed by 38.55.97.143 port 40506 [preauth]
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21866]: pam_unix(cron:session): session closed for user root
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21859]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21933]: Successful su for rubyman by root
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21933]: + ??? root:rubyman
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571681 of user rubyman.
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21933]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571681.
Jun 22 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18863]: pam_unix(cron:session): session closed for user root
Jun 22 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21862]: pam_unix(cron:session): session closed for user root
Jun 22 15:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21860]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21015]: pam_unix(cron:session): session closed for user root
Jun 22 15:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: Failed password for root from 38.55.97.143 port 53568 ssh2
Jun 22 15:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: Connection closed by 38.55.97.143 port 53568 [preauth]
Jun 22 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22304]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22456]: Successful su for rubyman by root
Jun 22 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22456]: + ??? root:rubyman
Jun 22 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571683 of user rubyman.
Jun 22 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22456]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571683.
Jun 22 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19360]: pam_unix(cron:session): session closed for user root
Jun 22 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22305]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Failed password for root from 38.55.97.143 port 36868 ssh2
Jun 22 15:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Connection closed by 38.55.97.143 port 36868 [preauth]
Jun 22 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21427]: pam_unix(cron:session): session closed for user root
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22793]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22859]: Successful su for rubyman by root
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22859]: + ??? root:rubyman
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571686 of user rubyman.
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22859]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571686.
Jun 22 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20006]: pam_unix(cron:session): session closed for user root
Jun 22 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22794]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 15:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: Failed password for root from 193.24.211.107 port 57265 ssh2
Jun 22 15:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: Received disconnect from 193.24.211.107 port 57265:11: Client disconnecting normally [preauth]
Jun 22 15:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: Disconnected from 193.24.211.107 port 57265 [preauth]
Jun 22 15:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: Failed password for root from 38.55.97.143 port 50008 ssh2
Jun 22 15:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: Connection closed by 38.55.97.143 port 50008 [preauth]
Jun 22 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21864]: pam_unix(cron:session): session closed for user root
Jun 22 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23192]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23266]: Successful su for rubyman by root
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23266]: + ??? root:rubyman
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571692 of user rubyman.
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23266]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571692.
Jun 22 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: Failed password for root from 38.93.206.2 port 41788 ssh2
Jun 22 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: Connection closed by 38.93.206.2 port 41788 [preauth]
Jun 22 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20518]: pam_unix(cron:session): session closed for user root
Jun 22 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: Failed password for root from 38.55.97.143 port 34416 ssh2
Jun 22 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: Connection closed by 38.55.97.143 port 34416 [preauth]
Jun 22 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23193]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 15:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session closed for user root
Jun 22 15:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23538]: Failed password for root from 80.66.85.226 port 49730 ssh2
Jun 22 15:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23538]: Connection closed by 80.66.85.226 port 49730 [preauth]
Jun 22 15:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23608]: Failed password for root from 38.55.97.143 port 38492 ssh2
Jun 22 15:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23608]: Connection closed by 38.55.97.143 port 38492 [preauth]
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23622]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23758]: Successful su for rubyman by root
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23758]: + ??? root:rubyman
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571695 of user rubyman.
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23758]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571695.
Jun 22 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23620]: pam_unix(cron:session): session closed for user root
Jun 22 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21014]: pam_unix(cron:session): session closed for user root
Jun 22 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23623]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22796]: pam_unix(cron:session): session closed for user root
Jun 22 15:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 15:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: Failed password for root from 38.55.97.143 port 56788 ssh2
Jun 22 15:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: Connection closed by 38.55.97.143 port 56788 [preauth]
Jun 22 15:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Failed password for root from 62.133.62.83 port 35924 ssh2
Jun 22 15:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Connection closed by 62.133.62.83 port 35924 [preauth]
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24244]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24244]: pam_unix(cron:session): session closed for user root
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24326]: Successful su for rubyman by root
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24326]: + ??? root:rubyman
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571702 of user rubyman.
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24326]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571702.
Jun 22 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24241]: pam_unix(cron:session): session closed for user root
Jun 22 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21426]: pam_unix(cron:session): session closed for user root
Jun 22 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24240]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Failed password for root from 38.55.97.143 port 41094 ssh2
Jun 22 15:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Connection closed by 38.55.97.143 port 41094 [preauth]
Jun 22 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23195]: pam_unix(cron:session): session closed for user root
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24709]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24781]: Successful su for rubyman by root
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24781]: + ??? root:rubyman
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571706 of user rubyman.
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24781]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571706.
Jun 22 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21863]: pam_unix(cron:session): session closed for user root
Jun 22 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24710]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Failed password for root from 38.55.97.143 port 57100 ssh2
Jun 22 15:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Connection closed by 38.55.97.143 port 57100 [preauth]
Jun 22 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23625]: pam_unix(cron:session): session closed for user root
Jun 22 15:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25114]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: Successful su for rubyman by root
Jun 22 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: + ??? root:rubyman
Jun 22 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571709 of user rubyman.
Jun 22 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571709.
Jun 22 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: Failed password for root from 38.55.97.143 port 44066 ssh2
Jun 22 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: Connection closed by 38.55.97.143 port 44066 [preauth]
Jun 22 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session closed for user root
Jun 22 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25115]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24243]: pam_unix(cron:session): session closed for user root
Jun 22 15:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25482]: Failed password for root from 38.55.97.143 port 55834 ssh2
Jun 22 15:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25482]: Connection closed by 38.55.97.143 port 55834 [preauth]
Jun 22 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25505]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25574]: Successful su for rubyman by root
Jun 22 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25574]: + ??? root:rubyman
Jun 22 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571714 of user rubyman.
Jun 22 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25574]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571714.
Jun 22 15:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22795]: pam_unix(cron:session): session closed for user root
Jun 22 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25506]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24712]: pam_unix(cron:session): session closed for user root
Jun 22 15:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25844]: Failed password for root from 38.55.97.143 port 41632 ssh2
Jun 22 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25844]: Connection closed by 38.55.97.143 port 41632 [preauth]
Jun 22 15:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25854]: Received disconnect from 102.129.200.117 port 62934:11: disconnected by user [preauth]
Jun 22 15:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25854]: Disconnected from 102.129.200.117 port 62934 [preauth]
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25905]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25964]: Successful su for rubyman by root
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25964]: + ??? root:rubyman
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571717 of user rubyman.
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25964]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571717.
Jun 22 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23194]: pam_unix(cron:session): session closed for user root
Jun 22 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25906]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: Failed password for root from 38.55.97.143 port 56586 ssh2
Jun 22 15:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: Connection closed by 38.55.97.143 port 56586 [preauth]
Jun 22 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25117]: pam_unix(cron:session): session closed for user root
Jun 22 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 15:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Failed password for root from 147.45.199.80 port 59044 ssh2
Jun 22 15:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Connection closed by 147.45.199.80 port 59044 [preauth]
Jun 22 15:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 15:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: Received disconnect from 209.141.57.35 port 46202:11: disconnected by user [preauth]
Jun 22 15:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: Disconnected from 209.141.57.35 port 46202 [preauth]
Jun 22 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26307]: pam_unix(cron:session): session closed for user root
Jun 22 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26301]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26371]: Successful su for rubyman by root
Jun 22 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26371]: + ??? root:rubyman
Jun 22 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571723 of user rubyman.
Jun 22 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26371]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571723.
Jun 22 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26303]: pam_unix(cron:session): session closed for user root
Jun 22 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23624]: pam_unix(cron:session): session closed for user root
Jun 22 15:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26302]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Failed password for root from 38.55.97.143 port 44532 ssh2
Jun 22 15:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Connection closed by 38.55.97.143 port 44532 [preauth]
Jun 22 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25509]: pam_unix(cron:session): session closed for user root
Jun 22 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Invalid user otsmanager from 38.55.97.143
Jun 22 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: input_userauth_request: invalid user otsmanager [preauth]
Jun 22 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Failed password for invalid user otsmanager from 38.55.97.143 port 58044 ssh2
Jun 22 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Connection closed by 38.55.97.143 port 58044 [preauth]
Jun 22 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26810]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26874]: Successful su for rubyman by root
Jun 22 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26874]: + ??? root:rubyman
Jun 22 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571730 of user rubyman.
Jun 22 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26874]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571730.
Jun 22 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24242]: pam_unix(cron:session): session closed for user root
Jun 22 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26811]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25908]: pam_unix(cron:session): session closed for user root
Jun 22 15:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Invalid user oracle from 38.55.97.143
Jun 22 15:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: input_userauth_request: invalid user oracle [preauth]
Jun 22 15:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Failed password for invalid user oracle from 38.55.97.143 port 41328 ssh2
Jun 22 15:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Connection closed by 38.55.97.143 port 41328 [preauth]
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27212]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27297]: Successful su for rubyman by root
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27297]: + ??? root:rubyman
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571731 of user rubyman.
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27297]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571731.
Jun 22 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24711]: pam_unix(cron:session): session closed for user root
Jun 22 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27213]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27551]: Invalid user oracle from 38.55.97.143
Jun 22 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27551]: input_userauth_request: invalid user oracle [preauth]
Jun 22 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27551]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27551]: Failed password for invalid user oracle from 38.55.97.143 port 53638 ssh2
Jun 22 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27551]: Connection closed by 38.55.97.143 port 53638 [preauth]
Jun 22 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26305]: pam_unix(cron:session): session closed for user root
Jun 22 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27640]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27701]: Successful su for rubyman by root
Jun 22 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27701]: + ??? root:rubyman
Jun 22 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571735 of user rubyman.
Jun 22 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27701]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571735.
Jun 22 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25116]: pam_unix(cron:session): session closed for user root
Jun 22 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27641]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Invalid user main from 38.55.97.143
Jun 22 15:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: input_userauth_request: invalid user main [preauth]
Jun 22 15:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Failed password for invalid user main from 38.55.97.143 port 39332 ssh2
Jun 22 15:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Connection closed by 38.55.97.143 port 39332 [preauth]
Jun 22 15:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26813]: pam_unix(cron:session): session closed for user root
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28052]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28167]: Successful su for rubyman by root
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28167]: + ??? root:rubyman
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571739 of user rubyman.
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28167]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571739.
Jun 22 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25507]: pam_unix(cron:session): session closed for user root
Jun 22 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28053]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Invalid user HwHiAiUser from 38.55.97.143
Jun 22 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: input_userauth_request: invalid user HwHiAiUser [preauth]
Jun 22 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Failed password for invalid user HwHiAiUser from 38.55.97.143 port 50254 ssh2
Jun 22 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Connection closed by 38.55.97.143 port 50254 [preauth]
Jun 22 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Invalid user admin from 193.46.255.86
Jun 22 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: input_userauth_request: invalid user admin [preauth]
Jun 22 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 15:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Failed password for invalid user admin from 193.46.255.86 port 14368 ssh2
Jun 22 15:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Failed password for invalid user admin from 193.46.255.86 port 14368 ssh2
Jun 22 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Failed password for invalid user admin from 193.46.255.86 port 14368 ssh2
Jun 22 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Connection closed by 193.46.255.86 port 14368 [preauth]
Jun 22 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27215]: pam_unix(cron:session): session closed for user root
Jun 22 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28499]: pam_unix(cron:session): session closed for user root
Jun 22 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28494]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: Successful su for rubyman by root
Jun 22 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: + ??? root:rubyman
Jun 22 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571745 of user rubyman.
Jun 22 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571745.
Jun 22 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28496]: pam_unix(cron:session): session closed for user root
Jun 22 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25907]: pam_unix(cron:session): session closed for user root
Jun 22 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28843]: Invalid user guest from 38.55.97.143
Jun 22 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28843]: input_userauth_request: invalid user guest [preauth]
Jun 22 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28843]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28495]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28843]: Failed password for invalid user guest from 38.55.97.143 port 40526 ssh2
Jun 22 15:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28843]: Connection closed by 38.55.97.143 port 40526 [preauth]
Jun 22 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27643]: pam_unix(cron:session): session closed for user root
Jun 22 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: Invalid user turner from 141.98.83.240
Jun 22 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: input_userauth_request: invalid user turner [preauth]
Jun 22 15:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 15:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: Failed password for invalid user turner from 141.98.83.240 port 61650 ssh2
Jun 22 15:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: Failed password for invalid user turner from 141.98.83.240 port 61650 ssh2
Jun 22 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: Failed password for invalid user turner from 141.98.83.240 port 61650 ssh2
Jun 22 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: Connection closed by 141.98.83.240 port 61650 [preauth]
Jun 22 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28985]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 15:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: Invalid user git from 38.55.97.143
Jun 22 15:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: input_userauth_request: invalid user git [preauth]
Jun 22 15:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: Failed password for invalid user git from 38.55.97.143 port 54580 ssh2
Jun 22 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: Connection closed by 38.55.97.143 port 54580 [preauth]
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29049]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29124]: Successful su for rubyman by root
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29124]: + ??? root:rubyman
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571749 of user rubyman.
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29124]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571749.
Jun 22 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26304]: pam_unix(cron:session): session closed for user root
Jun 22 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29050]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28055]: pam_unix(cron:session): session closed for user root
Jun 22 15:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: Invalid user git from 38.55.97.143
Jun 22 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: input_userauth_request: invalid user git [preauth]
Jun 22 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: Failed password for invalid user git from 38.55.97.143 port 40380 ssh2
Jun 22 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: Connection closed by 38.55.97.143 port 40380 [preauth]
Jun 22 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29481]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29632]: Successful su for rubyman by root
Jun 22 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29632]: + ??? root:rubyman
Jun 22 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571753 of user rubyman.
Jun 22 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29632]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571753.
Jun 22 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26812]: pam_unix(cron:session): session closed for user root
Jun 22 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29482]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: Failed password for root from 37.233.85.71 port 36860 ssh2
Jun 22 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: Connection closed by 37.233.85.71 port 36860 [preauth]
Jun 22 15:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Invalid user ftpuser from 38.55.97.143
Jun 22 15:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 15:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Failed password for invalid user ftpuser from 38.55.97.143 port 49774 ssh2
Jun 22 15:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Connection closed by 38.55.97.143 port 49774 [preauth]
Jun 22 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28498]: pam_unix(cron:session): session closed for user root
Jun 22 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30075]: Successful su for rubyman by root
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30075]: + ??? root:rubyman
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571757 of user rubyman.
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30075]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571757.
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Received disconnect from 62.210.189.225 port 35872:11: disconnected by user [preauth]
Jun 22 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Disconnected from 62.210.189.225 port 35872 [preauth]
Jun 22 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27214]: pam_unix(cron:session): session closed for user root
Jun 22 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: Invalid user free from 38.55.97.143
Jun 22 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: input_userauth_request: invalid user free [preauth]
Jun 22 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: Failed password for invalid user free from 38.55.97.143 port 33104 ssh2
Jun 22 15:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: Connection closed by 38.55.97.143 port 33104 [preauth]
Jun 22 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29052]: pam_unix(cron:session): session closed for user root
Jun 22 15:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Invalid user daniel from 38.55.97.143
Jun 22 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: input_userauth_request: invalid user daniel [preauth]
Jun 22 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30432]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30497]: Successful su for rubyman by root
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30497]: + ??? root:rubyman
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571763 of user rubyman.
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30497]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571763.
Jun 22 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Failed password for invalid user daniel from 38.55.97.143 port 45988 ssh2
Jun 22 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Connection closed by 38.55.97.143 port 45988 [preauth]
Jun 22 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: Failed password for root from 193.24.211.107 port 24873 ssh2
Jun 22 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: Received disconnect from 193.24.211.107 port 24873:11: Client disconnecting normally [preauth]
Jun 22 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: Disconnected from 193.24.211.107 port 24873 [preauth]
Jun 22 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27642]: pam_unix(cron:session): session closed for user root
Jun 22 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29484]: pam_unix(cron:session): session closed for user root
Jun 22 15:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Invalid user cyber from 38.55.97.143
Jun 22 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: input_userauth_request: invalid user cyber [preauth]
Jun 22 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Failed password for invalid user cyber from 38.55.97.143 port 35878 ssh2
Jun 22 15:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Connection closed by 38.55.97.143 port 35878 [preauth]
Jun 22 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 22 15:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Failed password for root from 176.32.39.21 port 38406 ssh2
Jun 22 15:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Connection closed by 176.32.39.21 port 38406 [preauth]
Jun 22 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30864]: pam_unix(cron:session): session closed for user root
Jun 22 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31026]: Successful su for rubyman by root
Jun 22 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31026]: + ??? root:rubyman
Jun 22 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571765 of user rubyman.
Jun 22 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31026]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571765.
Jun 22 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28054]: pam_unix(cron:session): session closed for user root
Jun 22 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30861]: pam_unix(cron:session): session closed for user root
Jun 22 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30013]: pam_unix(cron:session): session closed for user root
Jun 22 15:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: Invalid user www from 38.55.97.143
Jun 22 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: input_userauth_request: invalid user www [preauth]
Jun 22 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: Failed password for invalid user www from 38.55.97.143 port 52506 ssh2
Jun 22 15:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: Connection closed by 38.55.97.143 port 52506 [preauth]
Jun 22 15:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Failed password for root from 87.251.79.125 port 46770 ssh2
Jun 22 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Connection closed by 87.251.79.125 port 46770 [preauth]
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31387]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: Successful su for rubyman by root
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: + ??? root:rubyman
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571771 of user rubyman.
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571771.
Jun 22 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28497]: pam_unix(cron:session): session closed for user root
Jun 22 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31388]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: Invalid user user from 38.55.97.143
Jun 22 15:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: input_userauth_request: invalid user user [preauth]
Jun 22 15:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: Failed password for invalid user user from 38.55.97.143 port 37820 ssh2
Jun 22 15:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: Connection closed by 38.55.97.143 port 37820 [preauth]
Jun 22 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30435]: pam_unix(cron:session): session closed for user root
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31893]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31964]: Successful su for rubyman by root
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31964]: + ??? root:rubyman
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571775 of user rubyman.
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31964]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571775.
Jun 22 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29051]: pam_unix(cron:session): session closed for user root
Jun 22 15:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: Invalid user user2 from 38.55.97.143
Jun 22 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: input_userauth_request: invalid user user2 [preauth]
Jun 22 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: Failed password for invalid user user2 from 38.55.97.143 port 54430 ssh2
Jun 22 15:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: Connection closed by 38.55.97.143 port 54430 [preauth]
Jun 22 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30863]: pam_unix(cron:session): session closed for user root
Jun 22 15:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: Invalid user ubuntu from 38.55.97.143
Jun 22 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32376]: Successful su for rubyman by root
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32376]: + ??? root:rubyman
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571781 of user rubyman.
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32376]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571781.
Jun 22 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: Failed password for invalid user ubuntu from 38.55.97.143 port 43578 ssh2
Jun 22 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: Connection closed by 38.55.97.143 port 43578 [preauth]
Jun 22 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29483]: pam_unix(cron:session): session closed for user root
Jun 22 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31390]: pam_unix(cron:session): session closed for user root
Jun 22 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: Failed password for root from 38.55.97.143 port 41048 ssh2
Jun 22 15:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: Connection closed by 38.55.97.143 port 41048 [preauth]
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session closed for user p13x
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: Successful su for rubyman by root
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: + ??? root:rubyman
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571784 of user rubyman.
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: pam_unix(su:session): session closed for user rubyman
Jun 22 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571784.
Jun 22 15:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30012]: pam_unix(cron:session): session closed for user root
Jun 22 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32728]: pam_unix(cron:session): session closed for user samftp
Jun 22 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session closed for user root
Jun 22 15:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 15:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 15:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Failed password for root from 38.55.97.143 port 43382 ssh2
Jun 22 15:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Connection closed by 38.55.97.143 port 43382 [preauth]
Jun 22 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[826]: pam_unix(cron:session): session closed for user root
Jun 22 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[822]: pam_unix(cron:session): session closed for user root
Jun 22 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[820]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[933]: Successful su for rubyman by root
Jun 22 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[933]: + ??? root:rubyman
Jun 22 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571789 of user rubyman.
Jun 22 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[933]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571789.
Jun 22 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session closed for user root
Jun 22 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[823]: pam_unix(cron:session): session closed for user root
Jun 22 16:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[821]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32315]: pam_unix(cron:session): session closed for user root
Jun 22 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: Failed password for root from 38.55.97.143 port 34596 ssh2
Jun 22 16:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: Connection closed by 38.55.97.143 port 34596 [preauth]
Jun 22 16:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 16:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1330]: Failed password for root from 103.153.68.219 port 44844 ssh2
Jun 22 16:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1330]: Connection closed by 103.153.68.219 port 44844 [preauth]
Jun 22 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1402]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1566]: Successful su for rubyman by root
Jun 22 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1566]: + ??? root:rubyman
Jun 22 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571797 of user rubyman.
Jun 22 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1566]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571797.
Jun 22 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30862]: pam_unix(cron:session): session closed for user root
Jun 22 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1403]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 16:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Failed password for root from 103.77.175.15 port 38628 ssh2
Jun 22 16:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Connection closed by 103.77.175.15 port 38628 [preauth]
Jun 22 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Failed password for root from 38.55.97.143 port 53408 ssh2
Jun 22 16:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Connection closed by 38.55.97.143 port 53408 [preauth]
Jun 22 16:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32731]: pam_unix(cron:session): session closed for user root
Jun 22 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1964]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2059]: Successful su for rubyman by root
Jun 22 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2059]: + ??? root:rubyman
Jun 22 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571798 of user rubyman.
Jun 22 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2059]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571798.
Jun 22 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31389]: pam_unix(cron:session): session closed for user root
Jun 22 16:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1965]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Failed password for root from 38.55.97.143 port 44052 ssh2
Jun 22 16:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Connection closed by 38.55.97.143 port 44052 [preauth]
Jun 22 16:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[825]: pam_unix(cron:session): session closed for user root
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2420]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2484]: Successful su for rubyman by root
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2484]: + ??? root:rubyman
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571803 of user rubyman.
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2484]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571803.
Jun 22 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session closed for user root
Jun 22 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2421]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Failed password for root from 38.55.97.143 port 59792 ssh2
Jun 22 16:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Connection closed by 38.55.97.143 port 59792 [preauth]
Jun 22 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1405]: pam_unix(cron:session): session closed for user root
Jun 22 16:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Failed password for root from 38.55.97.143 port 44646 ssh2
Jun 22 16:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Connection closed by 38.55.97.143 port 44646 [preauth]
Jun 22 16:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2855]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2915]: Successful su for rubyman by root
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2915]: + ??? root:rubyman
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571807 of user rubyman.
Jun 22 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2915]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571807.
Jun 22 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Failed password for root from 147.45.211.215 port 59726 ssh2
Jun 22 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Connection closed by 147.45.211.215 port 59726 [preauth]
Jun 22 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32314]: pam_unix(cron:session): session closed for user root
Jun 22 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2856]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session closed for user root
Jun 22 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Failed password for root from 38.55.97.143 port 59440 ssh2
Jun 22 16:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Connection closed by 38.55.97.143 port 59440 [preauth]
Jun 22 16:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 22 16:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Failed password for root from 94.159.110.201 port 48688 ssh2
Jun 22 16:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Connection closed by 94.159.110.201 port 48688 [preauth]
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session closed for user root
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3243]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: Successful su for rubyman by root
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: + ??? root:rubyman
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571812 of user rubyman.
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571812.
Jun 22 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session closed for user root
Jun 22 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3246]: pam_unix(cron:session): session closed for user root
Jun 22 16:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3244]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3563]: Failed password for root from 38.55.97.143 port 48368 ssh2
Jun 22 16:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3563]: Connection closed by 38.55.97.143 port 48368 [preauth]
Jun 22 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2423]: pam_unix(cron:session): session closed for user root
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3675]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3839]: Successful su for rubyman by root
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3839]: + ??? root:rubyman
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571817 of user rubyman.
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3839]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571817.
Jun 22 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[824]: pam_unix(cron:session): session closed for user root
Jun 22 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Failed password for root from 38.55.97.143 port 36988 ssh2
Jun 22 16:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Connection closed by 38.55.97.143 port 36988 [preauth]
Jun 22 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2858]: pam_unix(cron:session): session closed for user root
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4287]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4359]: Successful su for rubyman by root
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4359]: + ??? root:rubyman
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571821 of user rubyman.
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4359]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571821.
Jun 22 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1404]: pam_unix(cron:session): session closed for user root
Jun 22 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4288]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for root from 38.55.97.143 port 57288 ssh2
Jun 22 16:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Connection closed by 38.55.97.143 port 57288 [preauth]
Jun 22 16:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3248]: pam_unix(cron:session): session closed for user root
Jun 22 16:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4700]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4831]: Successful su for rubyman by root
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4831]: + ??? root:rubyman
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571824 of user rubyman.
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4831]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571824.
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: Failed password for root from 38.55.97.143 port 47584 ssh2
Jun 22 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: Connection closed by 38.55.97.143 port 47584 [preauth]
Jun 22 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1967]: pam_unix(cron:session): session closed for user root
Jun 22 16:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4701]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session closed for user root
Jun 22 16:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Failed password for root from 38.55.97.143 port 46624 ssh2
Jun 22 16:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Connection closed by 38.55.97.143 port 46624 [preauth]
Jun 22 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5204]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5345]: Successful su for rubyman by root
Jun 22 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5345]: + ??? root:rubyman
Jun 22 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571829 of user rubyman.
Jun 22 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5345]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571829.
Jun 22 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5202]: pam_unix(cron:session): session closed for user root
Jun 22 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2422]: pam_unix(cron:session): session closed for user root
Jun 22 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5206]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4290]: pam_unix(cron:session): session closed for user root
Jun 22 16:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for root from 38.55.97.143 port 49454 ssh2
Jun 22 16:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Connection closed by 38.55.97.143 port 49454 [preauth]
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5710]: pam_unix(cron:session): session closed for user root
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5704]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5775]: Successful su for rubyman by root
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5775]: + ??? root:rubyman
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571835 of user rubyman.
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5775]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571835.
Jun 22 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5707]: pam_unix(cron:session): session closed for user root
Jun 22 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2857]: pam_unix(cron:session): session closed for user root
Jun 22 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Failed password for root from 103.27.238.120 port 53822 ssh2
Jun 22 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Connection closed by 103.27.238.120 port 53822 [preauth]
Jun 22 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Invalid user AdminGPON from 45.148.10.121
Jun 22 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: input_userauth_request: invalid user AdminGPON [preauth]
Jun 22 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 22 16:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Failed password for invalid user AdminGPON from 45.148.10.121 port 44232 ssh2
Jun 22 16:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Connection closed by 45.148.10.121 port 44232 [preauth]
Jun 22 16:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4703]: pam_unix(cron:session): session closed for user root
Jun 22 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: Failed password for root from 38.55.97.143 port 35342 ssh2
Jun 22 16:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: Connection closed by 38.55.97.143 port 35342 [preauth]
Jun 22 16:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 16:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: Failed password for root from 193.24.211.107 port 15508 ssh2
Jun 22 16:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: Received disconnect from 193.24.211.107 port 15508:11: Client disconnecting normally [preauth]
Jun 22 16:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: Disconnected from 193.24.211.107 port 15508 [preauth]
Jun 22 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6127]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: Successful su for rubyman by root
Jun 22 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: + ??? root:rubyman
Jun 22 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571841 of user rubyman.
Jun 22 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571841.
Jun 22 16:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3247]: pam_unix(cron:session): session closed for user root
Jun 22 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6413]: Failed password for root from 38.55.97.143 port 50948 ssh2
Jun 22 16:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6413]: Connection closed by 38.55.97.143 port 50948 [preauth]
Jun 22 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5209]: pam_unix(cron:session): session closed for user root
Jun 22 16:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 16:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: Received disconnect from 148.153.121.146 port 43632:11: disconnected by user [preauth]
Jun 22 16:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: Disconnected from 148.153.121.146 port 43632 [preauth]
Jun 22 16:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: Invalid user admin from 2.57.121.25
Jun 22 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: input_userauth_request: invalid user admin [preauth]
Jun 22 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 16:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: Failed password for invalid user admin from 2.57.121.25 port 42034 ssh2
Jun 22 16:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: Failed password for invalid user admin from 2.57.121.25 port 42034 ssh2
Jun 22 16:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: Failed password for invalid user admin from 2.57.121.25 port 42034 ssh2
Jun 22 16:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: Connection closed by 2.57.121.25 port 42034 [preauth]
Jun 22 16:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6533]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6593]: Successful su for rubyman by root
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6593]: + ??? root:rubyman
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571844 of user rubyman.
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6593]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571844.
Jun 22 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session closed for user root
Jun 22 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6534]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: Failed password for root from 38.55.97.143 port 45302 ssh2
Jun 22 16:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: Connection closed by 38.55.97.143 port 45302 [preauth]
Jun 22 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5709]: pam_unix(cron:session): session closed for user root
Jun 22 16:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6952]: Failed password for root from 38.55.97.143 port 37176 ssh2
Jun 22 16:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6952]: Connection closed by 38.55.97.143 port 37176 [preauth]
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6967]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: Successful su for rubyman by root
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: + ??? root:rubyman
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571847 of user rubyman.
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571847.
Jun 22 16:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4289]: pam_unix(cron:session): session closed for user root
Jun 22 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6968]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6131]: pam_unix(cron:session): session closed for user root
Jun 22 16:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: Failed password for root from 38.55.97.143 port 55846 ssh2
Jun 22 16:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: Connection closed by 38.55.97.143 port 55846 [preauth]
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7449]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: Successful su for rubyman by root
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: + ??? root:rubyman
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571853 of user rubyman.
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571853.
Jun 22 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4702]: pam_unix(cron:session): session closed for user root
Jun 22 16:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6536]: pam_unix(cron:session): session closed for user root
Jun 22 16:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: Failed password for root from 38.55.97.143 port 48116 ssh2
Jun 22 16:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: Connection closed by 38.55.97.143 port 48116 [preauth]
Jun 22 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7936]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session closed for user root
Jun 22 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7933]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: Successful su for rubyman by root
Jun 22 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: + ??? root:rubyman
Jun 22 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571856 of user rubyman.
Jun 22 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571856.
Jun 22 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session closed for user root
Jun 22 16:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session closed for user root
Jun 22 16:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7934]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6972]: pam_unix(cron:session): session closed for user root
Jun 22 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Failed password for root from 38.55.97.143 port 40450 ssh2
Jun 22 16:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Connection closed by 38.55.97.143 port 40450 [preauth]
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8359]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8429]: Successful su for rubyman by root
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8429]: + ??? root:rubyman
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571862 of user rubyman.
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8429]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571862.
Jun 22 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5708]: pam_unix(cron:session): session closed for user root
Jun 22 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8361]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: Failed password for root from 103.149.28.157 port 48020 ssh2
Jun 22 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: Connection closed by 103.149.28.157 port 48020 [preauth]
Jun 22 16:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Failed password for root from 38.55.97.143 port 55792 ssh2
Jun 22 16:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Connection closed by 38.55.97.143 port 55792 [preauth]
Jun 22 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session closed for user root
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8765]: pam_unix(cron:session): session closed for user root
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8767]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8829]: Successful su for rubyman by root
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8829]: + ??? root:rubyman
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571867 of user rubyman.
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8829]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571867.
Jun 22 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session closed for user root
Jun 22 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8768]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Failed password for root from 38.55.97.143 port 45354 ssh2
Jun 22 16:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Connection closed by 38.55.97.143 port 45354 [preauth]
Jun 22 16:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: Invalid user peter from 46.135.109.64
Jun 22 16:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: input_userauth_request: invalid user peter [preauth]
Jun 22 16:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 16:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: Failed password for invalid user peter from 46.135.109.64 port 29820 ssh2
Jun 22 16:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: Received disconnect from 46.135.109.64 port 29820:11: Bye Bye [preauth]
Jun 22 16:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: Disconnected from 46.135.109.64 port 29820 [preauth]
Jun 22 16:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session closed for user root
Jun 22 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: Failed password for root from 38.55.97.143 port 34486 ssh2
Jun 22 16:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: Connection closed by 38.55.97.143 port 34486 [preauth]
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9167]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9230]: Successful su for rubyman by root
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9230]: + ??? root:rubyman
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571870 of user rubyman.
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9230]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571870.
Jun 22 16:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6535]: pam_unix(cron:session): session closed for user root
Jun 22 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9168]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8363]: pam_unix(cron:session): session closed for user root
Jun 22 16:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9532]: Failed password for root from 38.55.97.143 port 52304 ssh2
Jun 22 16:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9532]: Connection closed by 38.55.97.143 port 52304 [preauth]
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9551]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9620]: Successful su for rubyman by root
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9620]: + ??? root:rubyman
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571874 of user rubyman.
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9620]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571874.
Jun 22 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6971]: pam_unix(cron:session): session closed for user root
Jun 22 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9552]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 16:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: Failed password for root from 149.56.132.12 port 60600 ssh2
Jun 22 16:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: Received disconnect from 149.56.132.12 port 60600:11: Bye Bye [preauth]
Jun 22 16:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: Disconnected from 149.56.132.12 port 60600 [preauth]
Jun 22 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8771]: pam_unix(cron:session): session closed for user root
Jun 22 16:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: Failed password for root from 38.55.97.143 port 33154 ssh2
Jun 22 16:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: Connection closed by 38.55.97.143 port 33154 [preauth]
Jun 22 16:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10141]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10144]: pam_unix(cron:session): session closed for user root
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10139]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: Failed password for root from 103.172.78.219 port 59730 ssh2
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: Connection closed by 103.172.78.219 port 59730 [preauth]
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: Successful su for rubyman by root
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: + ??? root:rubyman
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571880 of user rubyman.
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571880.
Jun 22 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10141]: pam_unix(cron:session): session closed for user root
Jun 22 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session closed for user root
Jun 22 16:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10140]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 16:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 16:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Failed password for root from 38.93.206.2 port 45170 ssh2
Jun 22 16:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Connection closed by 38.93.206.2 port 45170 [preauth]
Jun 22 16:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: Failed password for root from 158.174.210.161 port 11116 ssh2
Jun 22 16:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: Received disconnect from 158.174.210.161 port 11116:11: Bye Bye [preauth]
Jun 22 16:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: Disconnected from 158.174.210.161 port 11116 [preauth]
Jun 22 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9170]: pam_unix(cron:session): session closed for user root
Jun 22 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10607]: Failed password for root from 38.55.97.143 port 59456 ssh2
Jun 22 16:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10607]: Connection closed by 38.55.97.143 port 59456 [preauth]
Jun 22 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10675]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10674]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10672]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10672]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10744]: Successful su for rubyman by root
Jun 22 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10744]: + ??? root:rubyman
Jun 22 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571885 of user rubyman.
Jun 22 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10744]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571885.
Jun 22 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7936]: pam_unix(cron:session): session closed for user root
Jun 22 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Did not receive identification string from 91.92.40.7
Jun 22 16:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: Failed password for root from 38.55.97.143 port 52314 ssh2
Jun 22 16:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: Connection closed by 38.55.97.143 port 52314 [preauth]
Jun 22 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9555]: pam_unix(cron:session): session closed for user root
Jun 22 16:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Received disconnect from 209.141.57.35 port 40420:11: disconnected by user [preauth]
Jun 22 16:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Disconnected from 209.141.57.35 port 40420 [preauth]
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11099]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11167]: Successful su for rubyman by root
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11167]: + ??? root:rubyman
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571890 of user rubyman.
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11167]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571890.
Jun 22 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8362]: pam_unix(cron:session): session closed for user root
Jun 22 16:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 16:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: Failed password for root from 202.178.126.219 port 33681 ssh2
Jun 22 16:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Failed password for root from 91.92.40.7 port 36754 ssh2
Jun 22 16:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Connection closed by 91.92.40.7 port 36754 [preauth]
Jun 22 16:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Failed password for root from 38.55.97.143 port 42386 ssh2
Jun 22 16:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Connection closed by 38.55.97.143 port 42386 [preauth]
Jun 22 16:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: Connection closed by 202.178.126.219 port 33681 [preauth]
Jun 22 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session closed for user root
Jun 22 16:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 22 16:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: Failed password for root from 141.98.83.240 port 24380 ssh2
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11595]: Successful su for rubyman by root
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11595]: + ??? root:rubyman
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571894 of user rubyman.
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11595]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571894.
Jun 22 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: Failed password for root from 141.98.83.240 port 24380 ssh2
Jun 22 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: Failed password for root from 38.55.97.143 port 60548 ssh2
Jun 22 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: Connection closed by 38.55.97.143 port 60548 [preauth]
Jun 22 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8769]: pam_unix(cron:session): session closed for user root
Jun 22 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: Failed password for root from 141.98.83.240 port 24380 ssh2
Jun 22 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: Connection closed by 141.98.83.240 port 24380 [preauth]
Jun 22 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 22 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: Failed password for root from 91.92.40.7 port 41964 ssh2
Jun 22 16:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: Connection closed by 91.92.40.7 port 41964 [preauth]
Jun 22 16:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10675]: pam_unix(cron:session): session closed for user root
Jun 22 16:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Failed password for root from 103.82.20.28 port 34976 ssh2
Jun 22 16:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Connection closed by 103.82.20.28 port 34976 [preauth]
Jun 22 16:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Invalid user admin from 43.153.59.240
Jun 22 16:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: input_userauth_request: invalid user admin [preauth]
Jun 22 16:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Failed password for invalid user admin from 43.153.59.240 port 59940 ssh2
Jun 22 16:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Received disconnect from 43.153.59.240 port 59940:11: Bye Bye [preauth]
Jun 22 16:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Disconnected from 43.153.59.240 port 59940 [preauth]
Jun 22 16:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Failed password for root from 38.55.97.143 port 51874 ssh2
Jun 22 16:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Connection closed by 38.55.97.143 port 51874 [preauth]
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: Successful su for rubyman by root
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: + ??? root:rubyman
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571896 of user rubyman.
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571896.
Jun 22 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9169]: pam_unix(cron:session): session closed for user root
Jun 22 16:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session closed for user root
Jun 22 16:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Failed password for root from 91.92.40.7 port 35066 ssh2
Jun 22 16:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Connection closed by 91.92.40.7 port 35066 [preauth]
Jun 22 16:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Failed password for root from 38.55.97.143 port 42182 ssh2
Jun 22 16:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Connection closed by 38.55.97.143 port 42182 [preauth]
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12521]: pam_unix(cron:session): session closed for user root
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12516]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12582]: Successful su for rubyman by root
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12582]: + ??? root:rubyman
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571902 of user rubyman.
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12582]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571902.
Jun 22 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12518]: pam_unix(cron:session): session closed for user root
Jun 22 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9553]: pam_unix(cron:session): session closed for user root
Jun 22 16:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12517]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 16:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Failed password for root from 193.37.70.224 port 43868 ssh2
Jun 22 16:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Connection closed by 193.37.70.224 port 43868 [preauth]
Jun 22 16:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session closed for user root
Jun 22 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Failed password for root from 38.55.97.143 port 34866 ssh2
Jun 22 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Connection closed by 38.55.97.143 port 34866 [preauth]
Jun 22 16:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 16:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Failed password for root from 103.77.242.62 port 34994 ssh2
Jun 22 16:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Connection closed by 103.77.242.62 port 34994 [preauth]
Jun 22 16:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: Failed password for root from 91.92.40.7 port 55240 ssh2
Jun 22 16:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: Connection closed by 91.92.40.7 port 55240 [preauth]
Jun 22 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12974]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13042]: Successful su for rubyman by root
Jun 22 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13042]: + ??? root:rubyman
Jun 22 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571907 of user rubyman.
Jun 22 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13042]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571907.
Jun 22 16:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10142]: pam_unix(cron:session): session closed for user root
Jun 22 16:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: Failed password for root from 38.55.97.143 port 56370 ssh2
Jun 22 16:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: Connection closed by 38.55.97.143 port 56370 [preauth]
Jun 22 16:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12001]: pam_unix(cron:session): session closed for user root
Jun 22 16:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13394]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: Failed password for root from 91.92.40.7 port 48386 ssh2
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13453]: Successful su for rubyman by root
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13453]: + ??? root:rubyman
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571910 of user rubyman.
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13453]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571910.
Jun 22 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: Connection closed by 91.92.40.7 port 48386 [preauth]
Jun 22 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10674]: pam_unix(cron:session): session closed for user root
Jun 22 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13395]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: Failed password for root from 38.55.97.143 port 52308 ssh2
Jun 22 16:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: Connection closed by 38.55.97.143 port 52308 [preauth]
Jun 22 16:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12520]: pam_unix(cron:session): session closed for user root
Jun 22 16:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 16:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: Failed password for root from 193.24.211.107 port 25553 ssh2
Jun 22 16:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: Received disconnect from 193.24.211.107 port 25553:11: Client disconnecting normally [preauth]
Jun 22 16:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: Disconnected from 193.24.211.107 port 25553 [preauth]
Jun 22 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13796]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13856]: Successful su for rubyman by root
Jun 22 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13856]: + ??? root:rubyman
Jun 22 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571915 of user rubyman.
Jun 22 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13856]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571915.
Jun 22 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session closed for user root
Jun 22 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: Failed password for root from 38.55.97.143 port 47420 ssh2
Jun 22 16:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: Connection closed by 38.55.97.143 port 47420 [preauth]
Jun 22 16:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Failed password for root from 91.92.40.7 port 42694 ssh2
Jun 22 16:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Connection closed by 91.92.40.7 port 42694 [preauth]
Jun 22 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12977]: pam_unix(cron:session): session closed for user root
Jun 22 16:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: Failed password for root from 38.55.97.143 port 44100 ssh2
Jun 22 16:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: Connection closed by 38.55.97.143 port 44100 [preauth]
Jun 22 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14203]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: Successful su for rubyman by root
Jun 22 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: + ??? root:rubyman
Jun 22 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571919 of user rubyman.
Jun 22 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571919.
Jun 22 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11537]: pam_unix(cron:session): session closed for user root
Jun 22 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14204]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: Failed password for root from 91.92.40.7 port 49256 ssh2
Jun 22 16:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: Connection closed by 91.92.40.7 port 49256 [preauth]
Jun 22 16:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session closed for user root
Jun 22 16:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 16:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: Failed password for root from 103.176.20.57 port 55852 ssh2
Jun 22 16:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: Connection closed by 103.176.20.57 port 55852 [preauth]
Jun 22 16:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Failed password for root from 38.55.97.143 port 54542 ssh2
Jun 22 16:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Connection closed by 38.55.97.143 port 54542 [preauth]
Jun 22 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14597]: pam_unix(cron:session): session closed for user root
Jun 22 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14707]: Successful su for rubyman by root
Jun 22 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14707]: + ??? root:rubyman
Jun 22 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571923 of user rubyman.
Jun 22 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14707]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571923.
Jun 22 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session closed for user root
Jun 22 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12000]: pam_unix(cron:session): session closed for user root
Jun 22 16:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Failed password for root from 91.92.40.7 port 43764 ssh2
Jun 22 16:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Connection closed by 91.92.40.7 port 43764 [preauth]
Jun 22 16:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: Failed password for root from 149.56.132.12 port 38122 ssh2
Jun 22 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: Received disconnect from 149.56.132.12 port 38122:11: Bye Bye [preauth]
Jun 22 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: Disconnected from 149.56.132.12 port 38122 [preauth]
Jun 22 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session closed for user root
Jun 22 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 16:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: Failed password for root from 109.237.96.109 port 54524 ssh2
Jun 22 16:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: Connection closed by 109.237.96.109 port 54524 [preauth]
Jun 22 16:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 16:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Failed password for root from 38.55.97.143 port 47218 ssh2
Jun 22 16:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Connection closed by 38.55.97.143 port 47218 [preauth]
Jun 22 16:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Failed password for root from 158.174.210.161 port 65456 ssh2
Jun 22 16:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: Connection closed by 194.59.206.2 port 36476 [preauth]
Jun 22 16:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Received disconnect from 158.174.210.161 port 65456:11: Bye Bye [preauth]
Jun 22 16:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Disconnected from 158.174.210.161 port 65456 [preauth]
Jun 22 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15124]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15193]: Successful su for rubyman by root
Jun 22 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15193]: + ??? root:rubyman
Jun 22 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571928 of user rubyman.
Jun 22 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15193]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571928.
Jun 22 16:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12519]: pam_unix(cron:session): session closed for user root
Jun 22 16:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15125]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: Invalid user univnantes2 from 43.153.59.240
Jun 22 16:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: input_userauth_request: invalid user univnantes2 [preauth]
Jun 22 16:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: Failed password for invalid user univnantes2 from 43.153.59.240 port 45962 ssh2
Jun 22 16:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: Received disconnect from 43.153.59.240 port 45962:11: Bye Bye [preauth]
Jun 22 16:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: Disconnected from 43.153.59.240 port 45962 [preauth]
Jun 22 16:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Failed password for root from 91.92.40.7 port 53846 ssh2
Jun 22 16:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Connection closed by 91.92.40.7 port 53846 [preauth]
Jun 22 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14206]: pam_unix(cron:session): session closed for user root
Jun 22 16:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Failed password for root from 38.55.97.143 port 42546 ssh2
Jun 22 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Connection closed by 38.55.97.143 port 42546 [preauth]
Jun 22 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15590]: Successful su for rubyman by root
Jun 22 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15590]: + ??? root:rubyman
Jun 22 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571934 of user rubyman.
Jun 22 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15590]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571934.
Jun 22 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12976]: pam_unix(cron:session): session closed for user root
Jun 22 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 16:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: Failed password for root from 194.113.233.25 port 39442 ssh2
Jun 22 16:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: Connection closed by 194.113.233.25 port 39442 [preauth]
Jun 22 16:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Invalid user ftpuser from 149.56.132.12
Jun 22 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Failed password for invalid user ftpuser from 149.56.132.12 port 60812 ssh2
Jun 22 16:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Received disconnect from 149.56.132.12 port 60812:11: Bye Bye [preauth]
Jun 22 16:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Disconnected from 149.56.132.12 port 60812 [preauth]
Jun 22 16:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: Failed password for root from 38.55.97.143 port 37956 ssh2
Jun 22 16:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: Connection closed by 38.55.97.143 port 37956 [preauth]
Jun 22 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session closed for user root
Jun 22 16:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 16:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: Failed password for root from 103.27.238.114 port 51554 ssh2
Jun 22 16:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Failed password for root from 91.92.40.7 port 58330 ssh2
Jun 22 16:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: Connection closed by 103.27.238.114 port 51554 [preauth]
Jun 22 16:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Connection closed by 91.92.40.7 port 58330 [preauth]
Jun 22 16:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Received disconnect from 103.112.62.144 port 59358:11: disconnected by user [preauth]
Jun 22 16:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Disconnected from 103.112.62.144 port 59358 [preauth]
Jun 22 16:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Invalid user steam from 43.153.59.240
Jun 22 16:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: input_userauth_request: invalid user steam [preauth]
Jun 22 16:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Failed password for invalid user steam from 43.153.59.240 port 39626 ssh2
Jun 22 16:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Received disconnect from 43.153.59.240 port 39626:11: Bye Bye [preauth]
Jun 22 16:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Disconnected from 43.153.59.240 port 39626 [preauth]
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15932]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15992]: Successful su for rubyman by root
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15992]: + ??? root:rubyman
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15992]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571936 of user rubyman.
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15992]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571936.
Jun 22 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session closed for user root
Jun 22 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15933]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Invalid user as from 158.174.210.161
Jun 22 16:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: input_userauth_request: invalid user as [preauth]
Jun 22 16:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 16:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Failed password for invalid user as from 158.174.210.161 port 10937 ssh2
Jun 22 16:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Received disconnect from 158.174.210.161 port 10937:11: Bye Bye [preauth]
Jun 22 16:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Disconnected from 158.174.210.161 port 10937 [preauth]
Jun 22 16:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: Failed password for root from 38.55.97.143 port 33764 ssh2
Jun 22 16:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: Connection closed by 38.55.97.143 port 33764 [preauth]
Jun 22 16:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 16:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Failed password for root from 103.15.222.183 port 60794 ssh2
Jun 22 16:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Connection closed by 103.15.222.183 port 60794 [preauth]
Jun 22 16:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session closed for user root
Jun 22 16:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16299]: Failed password for root from 91.92.40.7 port 41184 ssh2
Jun 22 16:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16299]: Connection closed by 91.92.40.7 port 41184 [preauth]
Jun 22 16:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 16:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Failed password for root from 149.56.132.12 port 39426 ssh2
Jun 22 16:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Received disconnect from 149.56.132.12 port 39426:11: Bye Bye [preauth]
Jun 22 16:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Disconnected from 149.56.132.12 port 39426 [preauth]
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16325]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16385]: Successful su for rubyman by root
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16385]: + ??? root:rubyman
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571941 of user rubyman.
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16385]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571941.
Jun 22 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session closed for user root
Jun 22 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16326]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: Failed password for root from 38.55.97.143 port 55882 ssh2
Jun 22 16:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: Connection closed by 38.55.97.143 port 55882 [preauth]
Jun 22 16:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: Invalid user as from 46.135.109.64
Jun 22 16:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: input_userauth_request: invalid user as [preauth]
Jun 22 16:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 16:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: Failed password for invalid user as from 46.135.109.64 port 25139 ssh2
Jun 22 16:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: Received disconnect from 46.135.109.64 port 25139:11: Bye Bye [preauth]
Jun 22 16:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: Disconnected from 46.135.109.64 port 25139 [preauth]
Jun 22 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15533]: pam_unix(cron:session): session closed for user root
Jun 22 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Invalid user halo from 43.153.59.240
Jun 22 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: input_userauth_request: invalid user halo [preauth]
Jun 22 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Failed password for invalid user halo from 43.153.59.240 port 45810 ssh2
Jun 22 16:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Received disconnect from 43.153.59.240 port 45810:11: Bye Bye [preauth]
Jun 22 16:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Disconnected from 43.153.59.240 port 45810 [preauth]
Jun 22 16:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16738]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16739]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16739]: pam_unix(cron:session): session closed for user root
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16721]: Failed password for root from 91.92.40.7 port 57806 ssh2
Jun 22 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16721]: Connection closed by 91.92.40.7 port 57806 [preauth]
Jun 22 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16805]: Successful su for rubyman by root
Jun 22 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16805]: + ??? root:rubyman
Jun 22 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571948 of user rubyman.
Jun 22 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16805]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571948.
Jun 22 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: Failed password for root from 38.55.97.143 port 48900 ssh2
Jun 22 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: Connection closed by 38.55.97.143 port 48900 [preauth]
Jun 22 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session closed for user root
Jun 22 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14205]: pam_unix(cron:session): session closed for user root
Jun 22 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Failed password for root from 51.250.105.222 port 56230 ssh2
Jun 22 16:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Connection closed by 51.250.105.222 port 56230 [preauth]
Jun 22 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16735]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Invalid user vpn from 149.56.132.12
Jun 22 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: input_userauth_request: invalid user vpn [preauth]
Jun 22 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15935]: pam_unix(cron:session): session closed for user root
Jun 22 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Failed password for invalid user vpn from 149.56.132.12 port 55790 ssh2
Jun 22 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Received disconnect from 149.56.132.12 port 55790:11: Bye Bye [preauth]
Jun 22 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Disconnected from 149.56.132.12 port 55790 [preauth]
Jun 22 16:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: Invalid user hani from 158.174.210.161
Jun 22 16:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: input_userauth_request: invalid user hani [preauth]
Jun 22 16:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 16:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: Failed password for invalid user hani from 158.174.210.161 port 5985 ssh2
Jun 22 16:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: Received disconnect from 158.174.210.161 port 5985:11: Bye Bye [preauth]
Jun 22 16:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: Disconnected from 158.174.210.161 port 5985 [preauth]
Jun 22 16:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Failed password for root from 38.55.97.143 port 39382 ssh2
Jun 22 16:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Connection closed by 38.55.97.143 port 39382 [preauth]
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17266]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17340]: Successful su for rubyman by root
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17340]: + ??? root:rubyman
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571950 of user rubyman.
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17340]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571950.
Jun 22 16:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session closed for user root
Jun 22 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17267]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Invalid user setup from 43.153.59.240
Jun 22 16:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: input_userauth_request: invalid user setup [preauth]
Jun 22 16:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Failed password for invalid user setup from 43.153.59.240 port 48900 ssh2
Jun 22 16:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Received disconnect from 43.153.59.240 port 48900:11: Bye Bye [preauth]
Jun 22 16:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Disconnected from 43.153.59.240 port 48900 [preauth]
Jun 22 16:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Failed password for root from 91.92.40.7 port 33686 ssh2
Jun 22 16:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Connection closed by 91.92.40.7 port 33686 [preauth]
Jun 22 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16328]: pam_unix(cron:session): session closed for user root
Jun 22 16:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17633]: Failed password for root from 38.55.97.143 port 56256 ssh2
Jun 22 16:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17633]: Connection closed by 38.55.97.143 port 56256 [preauth]
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17774]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17772]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17841]: Successful su for rubyman by root
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17841]: + ??? root:rubyman
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571955 of user rubyman.
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17841]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571955.
Jun 22 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session closed for user root
Jun 22 16:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17773]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: Invalid user api_user from 149.56.132.12
Jun 22 16:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: input_userauth_request: invalid user api_user [preauth]
Jun 22 16:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: Failed password for invalid user api_user from 149.56.132.12 port 58780 ssh2
Jun 22 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: Received disconnect from 149.56.132.12 port 58780:11: Bye Bye [preauth]
Jun 22 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: Disconnected from 149.56.132.12 port 58780 [preauth]
Jun 22 16:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.7  user=root
Jun 22 16:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Failed password for root from 91.92.40.7 port 48490 ssh2
Jun 22 16:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Connection closed by 91.92.40.7 port 48490 [preauth]
Jun 22 16:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18107]: Failed password for root from 38.55.97.143 port 50146 ssh2
Jun 22 16:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18107]: Connection closed by 38.55.97.143 port 50146 [preauth]
Jun 22 16:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16738]: pam_unix(cron:session): session closed for user root
Jun 22 16:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: Invalid user crystal from 43.153.59.240
Jun 22 16:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: input_userauth_request: invalid user crystal [preauth]
Jun 22 16:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: Failed password for invalid user crystal from 43.153.59.240 port 49646 ssh2
Jun 22 16:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: Received disconnect from 43.153.59.240 port 49646:11: Bye Bye [preauth]
Jun 22 16:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: Disconnected from 43.153.59.240 port 49646 [preauth]
Jun 22 16:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: Invalid user ict from 158.174.210.161
Jun 22 16:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: input_userauth_request: invalid user ict [preauth]
Jun 22 16:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 16:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: Failed password for invalid user ict from 158.174.210.161 port 53279 ssh2
Jun 22 16:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: Received disconnect from 158.174.210.161 port 53279:11: Bye Bye [preauth]
Jun 22 16:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: Disconnected from 158.174.210.161 port 53279 [preauth]
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18207]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18288]: Successful su for rubyman by root
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18288]: + ??? root:rubyman
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571959 of user rubyman.
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18288]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571959.
Jun 22 16:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session closed for user root
Jun 22 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18208]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18596]: Failed password for root from 38.55.97.143 port 45702 ssh2
Jun 22 16:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18596]: Connection closed by 38.55.97.143 port 45702 [preauth]
Jun 22 16:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17269]: pam_unix(cron:session): session closed for user root
Jun 22 16:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 16:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Failed password for root from 149.56.132.12 port 56668 ssh2
Jun 22 16:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Received disconnect from 149.56.132.12 port 56668:11: Bye Bye [preauth]
Jun 22 16:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Disconnected from 149.56.132.12 port 56668 [preauth]
Jun 22 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18722]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18867]: Successful su for rubyman by root
Jun 22 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18867]: + ??? root:rubyman
Jun 22 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571962 of user rubyman.
Jun 22 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18867]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571962.
Jun 22 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18720]: pam_unix(cron:session): session closed for user root
Jun 22 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15934]: pam_unix(cron:session): session closed for user root
Jun 22 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19105]: Failed password for root from 38.55.97.143 port 51924 ssh2
Jun 22 16:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19105]: Connection closed by 38.55.97.143 port 51924 [preauth]
Jun 22 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: Invalid user smart from 43.153.59.240
Jun 22 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: input_userauth_request: invalid user smart [preauth]
Jun 22 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: Failed password for invalid user smart from 43.153.59.240 port 55330 ssh2
Jun 22 16:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: Received disconnect from 43.153.59.240 port 55330:11: Bye Bye [preauth]
Jun 22 16:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: Disconnected from 43.153.59.240 port 55330 [preauth]
Jun 22 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17775]: pam_unix(cron:session): session closed for user root
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19329]: pam_unix(cron:session): session closed for user root
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19323]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19392]: Successful su for rubyman by root
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19392]: + ??? root:rubyman
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571971 of user rubyman.
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19392]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571971.
Jun 22 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19326]: pam_unix(cron:session): session closed for user root
Jun 22 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16327]: pam_unix(cron:session): session closed for user root
Jun 22 16:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19324]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 16:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: Failed password for root from 158.174.210.161 port 10774 ssh2
Jun 22 16:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: Received disconnect from 158.174.210.161 port 10774:11: Bye Bye [preauth]
Jun 22 16:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: Disconnected from 158.174.210.161 port 10774 [preauth]
Jun 22 16:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 16:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Failed password for root from 38.55.97.143 port 35792 ssh2
Jun 22 16:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Connection closed by 38.55.97.143 port 35792 [preauth]
Jun 22 16:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: Failed password for root from 149.56.132.12 port 39892 ssh2
Jun 22 16:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: Received disconnect from 149.56.132.12 port 39892:11: Bye Bye [preauth]
Jun 22 16:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: Disconnected from 149.56.132.12 port 39892 [preauth]
Jun 22 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18210]: pam_unix(cron:session): session closed for user root
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19975]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20041]: Successful su for rubyman by root
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20041]: + ??? root:rubyman
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571974 of user rubyman.
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20041]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571974.
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Invalid user vpn from 43.153.59.240
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: input_userauth_request: invalid user vpn [preauth]
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Invalid user ict from 46.135.109.64
Jun 22 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: input_userauth_request: invalid user ict [preauth]
Jun 22 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Failed password for invalid user vpn from 43.153.59.240 port 44060 ssh2
Jun 22 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Received disconnect from 43.153.59.240 port 44060:11: Bye Bye [preauth]
Jun 22 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Disconnected from 43.153.59.240 port 44060 [preauth]
Jun 22 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Failed password for invalid user ict from 46.135.109.64 port 16157 ssh2
Jun 22 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Received disconnect from 46.135.109.64 port 16157:11: Bye Bye [preauth]
Jun 22 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Disconnected from 46.135.109.64 port 16157 [preauth]
Jun 22 16:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session closed for user root
Jun 22 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19977]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: Invalid user photo from 38.55.97.143
Jun 22 16:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: input_userauth_request: invalid user photo [preauth]
Jun 22 16:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: Failed password for invalid user photo from 38.55.97.143 port 35142 ssh2
Jun 22 16:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: Connection closed by 38.55.97.143 port 35142 [preauth]
Jun 22 16:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18727]: pam_unix(cron:session): session closed for user root
Jun 22 16:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: Invalid user ceph from 149.56.132.12
Jun 22 16:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: input_userauth_request: invalid user ceph [preauth]
Jun 22 16:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: Failed password for invalid user ceph from 149.56.132.12 port 45254 ssh2
Jun 22 16:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: Received disconnect from 149.56.132.12 port 45254:11: Bye Bye [preauth]
Jun 22 16:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: Disconnected from 149.56.132.12 port 45254 [preauth]
Jun 22 16:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20500]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20561]: Successful su for rubyman by root
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20561]: + ??? root:rubyman
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571978 of user rubyman.
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20561]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571978.
Jun 22 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Invalid user oracle from 38.55.97.143
Jun 22 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: input_userauth_request: invalid user oracle [preauth]
Jun 22 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session closed for user root
Jun 22 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Received disconnect from 157.173.100.92 port 54034:11: disconnected by user [preauth]
Jun 22 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Disconnected from 157.173.100.92 port 54034 [preauth]
Jun 22 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Failed password for invalid user oracle from 38.55.97.143 port 60352 ssh2
Jun 22 16:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Connection closed by 38.55.97.143 port 60352 [preauth]
Jun 22 16:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Invalid user ubuntu from 158.174.210.161
Jun 22 16:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 16:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 16:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Failed password for invalid user ubuntu from 158.174.210.161 port 40957 ssh2
Jun 22 16:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Received disconnect from 158.174.210.161 port 40957:11: Bye Bye [preauth]
Jun 22 16:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Disconnected from 158.174.210.161 port 40957 [preauth]
Jun 22 16:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19328]: pam_unix(cron:session): session closed for user root
Jun 22 16:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Invalid user ca from 43.153.59.240
Jun 22 16:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: input_userauth_request: invalid user ca [preauth]
Jun 22 16:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Failed password for invalid user ca from 43.153.59.240 port 52304 ssh2
Jun 22 16:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Received disconnect from 43.153.59.240 port 52304:11: Bye Bye [preauth]
Jun 22 16:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Disconnected from 43.153.59.240 port 52304 [preauth]
Jun 22 16:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: Invalid user moxa from 38.55.97.143
Jun 22 16:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: input_userauth_request: invalid user moxa [preauth]
Jun 22 16:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: Failed password for invalid user moxa from 38.55.97.143 port 53940 ssh2
Jun 22 16:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: Connection closed by 38.55.97.143 port 53940 [preauth]
Jun 22 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: Successful su for rubyman by root
Jun 22 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: + ??? root:rubyman
Jun 22 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571981 of user rubyman.
Jun 22 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571981.
Jun 22 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17774]: pam_unix(cron:session): session closed for user root
Jun 22 16:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20996]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 16:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Failed password for root from 149.56.132.12 port 49904 ssh2
Jun 22 16:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Received disconnect from 149.56.132.12 port 49904:11: Bye Bye [preauth]
Jun 22 16:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Disconnected from 149.56.132.12 port 49904 [preauth]
Jun 22 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19979]: pam_unix(cron:session): session closed for user root
Jun 22 16:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21382]: Invalid user miner from 38.55.97.143
Jun 22 16:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21382]: input_userauth_request: invalid user miner [preauth]
Jun 22 16:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21382]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21382]: Failed password for invalid user miner from 38.55.97.143 port 48958 ssh2
Jun 22 16:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21382]: Connection closed by 38.55.97.143 port 48958 [preauth]
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21407]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: Successful su for rubyman by root
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: + ??? root:rubyman
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571985 of user rubyman.
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571985.
Jun 22 16:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18209]: pam_unix(cron:session): session closed for user root
Jun 22 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21408]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: Invalid user pentest from 43.153.59.240
Jun 22 16:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: input_userauth_request: invalid user pentest [preauth]
Jun 22 16:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: Failed password for invalid user pentest from 43.153.59.240 port 43278 ssh2
Jun 22 16:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: Received disconnect from 43.153.59.240 port 43278:11: Bye Bye [preauth]
Jun 22 16:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21715]: Disconnected from 43.153.59.240 port 43278 [preauth]
Jun 22 16:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 16:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Failed password for root from 193.24.211.107 port 42503 ssh2
Jun 22 16:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Received disconnect from 193.24.211.107 port 42503:11: Client disconnecting normally [preauth]
Jun 22 16:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Disconnected from 193.24.211.107 port 42503 [preauth]
Jun 22 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20503]: pam_unix(cron:session): session closed for user root
Jun 22 16:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Invalid user install from 38.55.97.143
Jun 22 16:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: input_userauth_request: invalid user install [preauth]
Jun 22 16:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Failed password for invalid user install from 38.55.97.143 port 45862 ssh2
Jun 22 16:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Connection closed by 38.55.97.143 port 45862 [preauth]
Jun 22 16:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 22 16:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: Failed password for root from 45.148.10.121 port 37584 ssh2
Jun 22 16:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: Connection closed by 45.148.10.121 port 37584 [preauth]
Jun 22 16:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 16:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21826]: Failed password for root from 158.174.210.161 port 1684 ssh2
Jun 22 16:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21826]: Received disconnect from 158.174.210.161 port 1684:11: Bye Bye [preauth]
Jun 22 16:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21826]: Disconnected from 158.174.210.161 port 1684 [preauth]
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21864]: pam_unix(cron:session): session closed for user root
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21858]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21929]: Successful su for rubyman by root
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21929]: + ??? root:rubyman
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571992 of user rubyman.
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21929]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571992.
Jun 22 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21860]: pam_unix(cron:session): session closed for user root
Jun 22 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session closed for user root
Jun 22 16:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21859]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: Invalid user hari from 149.56.132.12
Jun 22 16:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: input_userauth_request: invalid user hari [preauth]
Jun 22 16:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: Failed password for invalid user hari from 149.56.132.12 port 42930 ssh2
Jun 22 16:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: Received disconnect from 149.56.132.12 port 42930:11: Bye Bye [preauth]
Jun 22 16:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22137]: Disconnected from 149.56.132.12 port 42930 [preauth]
Jun 22 16:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 16:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Failed password for root from 77.94.47.83 port 60552 ssh2
Jun 22 16:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Connection closed by 77.94.47.83 port 60552 [preauth]
Jun 22 16:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: Invalid user ftpuser from 38.55.97.143
Jun 22 16:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 16:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20998]: pam_unix(cron:session): session closed for user root
Jun 22 16:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: Failed password for invalid user ftpuser from 38.55.97.143 port 41544 ssh2
Jun 22 16:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: Connection closed by 38.55.97.143 port 41544 [preauth]
Jun 22 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: Invalid user app from 43.153.59.240
Jun 22 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: input_userauth_request: invalid user app [preauth]
Jun 22 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22454]: Successful su for rubyman by root
Jun 22 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22454]: + ??? root:rubyman
Jun 22 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 571995 of user rubyman.
Jun 22 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22454]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 571995.
Jun 22 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: Failed password for invalid user app from 43.153.59.240 port 52994 ssh2
Jun 22 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: Received disconnect from 43.153.59.240 port 52994:11: Bye Bye [preauth]
Jun 22 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: Disconnected from 43.153.59.240 port 52994 [preauth]
Jun 22 16:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19327]: pam_unix(cron:session): session closed for user root
Jun 22 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22303]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: User ftp from 38.55.97.143 not allowed because not listed in AllowUsers
Jun 22 16:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: input_userauth_request: invalid user ftp [preauth]
Jun 22 16:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=ftp
Jun 22 16:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: Failed password for invalid user ftp from 38.55.97.143 port 38618 ssh2
Jun 22 16:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: Connection closed by 38.55.97.143 port 38618 [preauth]
Jun 22 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21410]: pam_unix(cron:session): session closed for user root
Jun 22 16:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22768]: Invalid user ab from 149.56.132.12
Jun 22 16:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22768]: input_userauth_request: invalid user ab [preauth]
Jun 22 16:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22768]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22768]: Failed password for invalid user ab from 149.56.132.12 port 55388 ssh2
Jun 22 16:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22768]: Received disconnect from 149.56.132.12 port 55388:11: Bye Bye [preauth]
Jun 22 16:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22768]: Disconnected from 149.56.132.12 port 55388 [preauth]
Jun 22 16:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22794]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22860]: Successful su for rubyman by root
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22860]: + ??? root:rubyman
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572000 of user rubyman.
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22860]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572000.
Jun 22 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19978]: pam_unix(cron:session): session closed for user root
Jun 22 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Failed password for root from 202.178.126.219 port 52786 ssh2
Jun 22 16:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Connection closed by 202.178.126.219 port 52786 [preauth]
Jun 22 16:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22795]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: Invalid user sonar from 158.174.210.161
Jun 22 16:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: input_userauth_request: invalid user sonar [preauth]
Jun 22 16:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 16:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: Failed password for invalid user sonar from 158.174.210.161 port 22302 ssh2
Jun 22 16:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: Received disconnect from 158.174.210.161 port 22302:11: Bye Bye [preauth]
Jun 22 16:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: Disconnected from 158.174.210.161 port 22302 [preauth]
Jun 22 16:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: Invalid user fa from 38.55.97.143
Jun 22 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: input_userauth_request: invalid user fa [preauth]
Jun 22 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: Failed password for invalid user fa from 38.55.97.143 port 38032 ssh2
Jun 22 16:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: Connection closed by 38.55.97.143 port 38032 [preauth]
Jun 22 16:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21863]: pam_unix(cron:session): session closed for user root
Jun 22 16:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23151]: Invalid user sbot from 46.135.109.64
Jun 22 16:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23151]: input_userauth_request: invalid user sbot [preauth]
Jun 22 16:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23151]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 16:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Invalid user test from 43.153.59.240
Jun 22 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: input_userauth_request: invalid user test [preauth]
Jun 22 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23151]: Failed password for invalid user sbot from 46.135.109.64 port 16573 ssh2
Jun 22 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23151]: Received disconnect from 46.135.109.64 port 16573:11: Bye Bye [preauth]
Jun 22 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23151]: Disconnected from 46.135.109.64 port 16573 [preauth]
Jun 22 16:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Failed password for invalid user test from 43.153.59.240 port 35938 ssh2
Jun 22 16:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Received disconnect from 43.153.59.240 port 35938:11: Bye Bye [preauth]
Jun 22 16:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Disconnected from 43.153.59.240 port 35938 [preauth]
Jun 22 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23206]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23279]: Successful su for rubyman by root
Jun 22 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23279]: + ??? root:rubyman
Jun 22 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572004 of user rubyman.
Jun 22 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23279]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572004.
Jun 22 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20502]: pam_unix(cron:session): session closed for user root
Jun 22 16:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23207]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Invalid user deployer from 38.55.97.143
Jun 22 16:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: input_userauth_request: invalid user deployer [preauth]
Jun 22 16:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Failed password for invalid user deployer from 38.55.97.143 port 41726 ssh2
Jun 22 16:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Connection closed by 38.55.97.143 port 41726 [preauth]
Jun 22 16:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Failed password for root from 149.56.132.12 port 39776 ssh2
Jun 22 16:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 16:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Received disconnect from 149.56.132.12 port 39776:11: Bye Bye [preauth]
Jun 22 16:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Disconnected from 149.56.132.12 port 39776 [preauth]
Jun 22 16:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Failed password for root from 103.122.221.179 port 53610 ssh2
Jun 22 16:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Connection closed by 103.122.221.179 port 53610 [preauth]
Jun 22 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22305]: pam_unix(cron:session): session closed for user root
Jun 22 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23701]: Successful su for rubyman by root
Jun 22 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23701]: + ??? root:rubyman
Jun 22 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572009 of user rubyman.
Jun 22 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23701]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572009.
Jun 22 16:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20997]: pam_unix(cron:session): session closed for user root
Jun 22 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23919]: Invalid user deploy from 38.55.97.143
Jun 22 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23919]: input_userauth_request: invalid user deploy [preauth]
Jun 22 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23919]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23919]: Failed password for invalid user deploy from 38.55.97.143 port 40342 ssh2
Jun 22 16:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23919]: Connection closed by 38.55.97.143 port 40342 [preauth]
Jun 22 16:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 16:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24003]: Failed password for root from 103.82.132.16 port 44402 ssh2
Jun 22 16:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24003]: Connection closed by 103.82.132.16 port 44402 [preauth]
Jun 22 16:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: Invalid user sbot from 158.174.210.161
Jun 22 16:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: input_userauth_request: invalid user sbot [preauth]
Jun 22 16:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 16:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: Failed password for invalid user sbot from 158.174.210.161 port 51258 ssh2
Jun 22 16:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=root
Jun 22 16:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: Received disconnect from 158.174.210.161 port 51258:11: Bye Bye [preauth]
Jun 22 16:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: Disconnected from 158.174.210.161 port 51258 [preauth]
Jun 22 16:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: Failed password for root from 43.153.59.240 port 54678 ssh2
Jun 22 16:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: Received disconnect from 43.153.59.240 port 54678:11: Bye Bye [preauth]
Jun 22 16:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: Disconnected from 43.153.59.240 port 54678 [preauth]
Jun 22 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22797]: pam_unix(cron:session): session closed for user root
Jun 22 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Invalid user user from 193.46.255.86
Jun 22 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: input_userauth_request: invalid user user [preauth]
Jun 22 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 16:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Failed password for invalid user user from 193.46.255.86 port 41654 ssh2
Jun 22 16:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Failed password for invalid user user from 193.46.255.86 port 41654 ssh2
Jun 22 16:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Failed password for invalid user user from 193.46.255.86 port 41654 ssh2
Jun 22 16:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Connection closed by 193.46.255.86 port 41654 [preauth]
Jun 22 16:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24156]: pam_unix(cron:session): session closed for user root
Jun 22 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: Successful su for rubyman by root
Jun 22 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: + ??? root:rubyman
Jun 22 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572015 of user rubyman.
Jun 22 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572015.
Jun 22 16:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24153]: pam_unix(cron:session): session closed for user root
Jun 22 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21409]: pam_unix(cron:session): session closed for user root
Jun 22 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: Invalid user debian from 38.55.97.143
Jun 22 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: input_userauth_request: invalid user debian [preauth]
Jun 22 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for root from 149.56.132.12 port 35562 ssh2
Jun 22 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Received disconnect from 149.56.132.12 port 35562:11: Bye Bye [preauth]
Jun 22 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Disconnected from 149.56.132.12 port 35562 [preauth]
Jun 22 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: Failed password for invalid user debian from 38.55.97.143 port 50582 ssh2
Jun 22 16:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: Connection closed by 38.55.97.143 port 50582 [preauth]
Jun 22 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23210]: pam_unix(cron:session): session closed for user root
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24611]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24700]: Successful su for rubyman by root
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24700]: + ??? root:rubyman
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572018 of user rubyman.
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24700]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572018.
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Invalid user cacti from 38.55.97.143
Jun 22 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: input_userauth_request: invalid user cacti [preauth]
Jun 22 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: Failed password for root from 103.27.238.116 port 43974 ssh2
Jun 22 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21862]: pam_unix(cron:session): session closed for user root
Jun 22 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: Connection closed by 103.27.238.116 port 43974 [preauth]
Jun 22 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64  user=root
Jun 22 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Failed password for invalid user cacti from 38.55.97.143 port 55134 ssh2
Jun 22 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: Invalid user mohit from 43.153.59.240
Jun 22 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: input_userauth_request: invalid user mohit [preauth]
Jun 22 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Connection closed by 38.55.97.143 port 55134 [preauth]
Jun 22 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Failed password for root from 46.135.109.64 port 19953 ssh2
Jun 22 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Received disconnect from 46.135.109.64 port 19953:11: Bye Bye [preauth]
Jun 22 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Disconnected from 46.135.109.64 port 19953 [preauth]
Jun 22 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: Failed password for invalid user mohit from 43.153.59.240 port 56082 ssh2
Jun 22 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: Received disconnect from 43.153.59.240 port 56082:11: Bye Bye [preauth]
Jun 22 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: Disconnected from 43.153.59.240 port 56082 [preauth]
Jun 22 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session closed for user root
Jun 22 16:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: Invalid user scsadmin from 149.56.132.12
Jun 22 16:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: input_userauth_request: invalid user scsadmin [preauth]
Jun 22 16:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 16:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: Failed password for invalid user scsadmin from 149.56.132.12 port 34988 ssh2
Jun 22 16:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: Received disconnect from 149.56.132.12 port 34988:11: Bye Bye [preauth]
Jun 22 16:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: Disconnected from 149.56.132.12 port 34988 [preauth]
Jun 22 16:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Failed password for root from 158.174.210.161 port 17103 ssh2
Jun 22 16:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Received disconnect from 158.174.210.161 port 17103:11: Bye Bye [preauth]
Jun 22 16:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Disconnected from 158.174.210.161 port 17103 [preauth]
Jun 22 16:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 16:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Failed password for root from 80.66.85.226 port 36332 ssh2
Jun 22 16:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Connection closed by 80.66.85.226 port 36332 [preauth]
Jun 22 16:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: Invalid user amssys from 38.55.97.143
Jun 22 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: input_userauth_request: invalid user amssys [preauth]
Jun 22 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25054]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25118]: Successful su for rubyman by root
Jun 22 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25118]: + ??? root:rubyman
Jun 22 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572021 of user rubyman.
Jun 22 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25118]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572021.
Jun 22 16:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: Failed password for invalid user amssys from 38.55.97.143 port 34414 ssh2
Jun 22 16:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: Connection closed by 38.55.97.143 port 34414 [preauth]
Jun 22 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22304]: pam_unix(cron:session): session closed for user root
Jun 22 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25055]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24155]: pam_unix(cron:session): session closed for user root
Jun 22 16:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=root
Jun 22 16:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: Failed password for root from 43.153.59.240 port 41688 ssh2
Jun 22 16:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: Received disconnect from 43.153.59.240 port 41688:11: Bye Bye [preauth]
Jun 22 16:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: Disconnected from 43.153.59.240 port 41688 [preauth]
Jun 22 16:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: Invalid user test from 38.55.97.143
Jun 22 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: input_userauth_request: invalid user test [preauth]
Jun 22 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: Failed password for invalid user test from 38.55.97.143 port 59256 ssh2
Jun 22 16:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: Connection closed by 38.55.97.143 port 59256 [preauth]
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25446]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25512]: Successful su for rubyman by root
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25512]: + ??? root:rubyman
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572026 of user rubyman.
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25512]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572026.
Jun 22 16:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22796]: pam_unix(cron:session): session closed for user root
Jun 22 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: Received disconnect from 107.181.228.82 port 52604:11: disconnected by user [preauth]
Jun 22 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: Disconnected from 107.181.228.82 port 52604 [preauth]
Jun 22 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25447]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: Invalid user cloud from 149.56.132.12
Jun 22 16:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: input_userauth_request: invalid user cloud [preauth]
Jun 22 16:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: Failed password for invalid user cloud from 149.56.132.12 port 41892 ssh2
Jun 22 16:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: Received disconnect from 149.56.132.12 port 41892:11: Bye Bye [preauth]
Jun 22 16:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: Disconnected from 149.56.132.12 port 41892 [preauth]
Jun 22 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24614]: pam_unix(cron:session): session closed for user root
Jun 22 16:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: Invalid user tester from 38.55.97.143
Jun 22 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: input_userauth_request: invalid user tester [preauth]
Jun 22 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: Failed password for invalid user tester from 38.55.97.143 port 58968 ssh2
Jun 22 16:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: Connection closed by 38.55.97.143 port 58968 [preauth]
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25845]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: Successful su for rubyman by root
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: + ??? root:rubyman
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572029 of user rubyman.
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572029.
Jun 22 16:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23208]: pam_unix(cron:session): session closed for user root
Jun 22 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25846]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 16:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Failed password for root from 158.174.210.161 port 55664 ssh2
Jun 22 16:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Received disconnect from 158.174.210.161 port 55664:11: Bye Bye [preauth]
Jun 22 16:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Disconnected from 158.174.210.161 port 55664 [preauth]
Jun 22 16:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: Invalid user bounce from 43.153.59.240
Jun 22 16:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: input_userauth_request: invalid user bounce [preauth]
Jun 22 16:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: Failed password for invalid user bounce from 43.153.59.240 port 44188 ssh2
Jun 22 16:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: Received disconnect from 43.153.59.240 port 44188:11: Bye Bye [preauth]
Jun 22 16:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: Disconnected from 43.153.59.240 port 44188 [preauth]
Jun 22 16:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Invalid user egarcia from 46.135.109.64
Jun 22 16:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: input_userauth_request: invalid user egarcia [preauth]
Jun 22 16:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session closed for user root
Jun 22 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Failed password for invalid user egarcia from 46.135.109.64 port 30755 ssh2
Jun 22 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Received disconnect from 46.135.109.64 port 30755:11: Bye Bye [preauth]
Jun 22 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Disconnected from 46.135.109.64 port 30755 [preauth]
Jun 22 16:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: Invalid user scanner from 38.55.97.143
Jun 22 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: input_userauth_request: invalid user scanner [preauth]
Jun 22 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: Failed password for invalid user scanner from 38.55.97.143 port 55966 ssh2
Jun 22 16:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: Connection closed by 38.55.97.143 port 55966 [preauth]
Jun 22 16:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: Invalid user ftpuser from 149.56.132.12
Jun 22 16:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 16:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: Failed password for invalid user ftpuser from 149.56.132.12 port 49080 ssh2
Jun 22 16:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: Received disconnect from 149.56.132.12 port 49080:11: Bye Bye [preauth]
Jun 22 16:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: Disconnected from 149.56.132.12 port 49080 [preauth]
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session closed for user root
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26321]: Successful su for rubyman by root
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26321]: + ??? root:rubyman
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572034 of user rubyman.
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26321]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572034.
Jun 22 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26252]: pam_unix(cron:session): session closed for user root
Jun 22 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session closed for user root
Jun 22 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26251]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Invalid user user from 141.98.83.240
Jun 22 16:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: input_userauth_request: invalid user user [preauth]
Jun 22 16:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 16:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Failed password for invalid user user from 141.98.83.240 port 63980 ssh2
Jun 22 16:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Failed password for invalid user user from 141.98.83.240 port 63980 ssh2
Jun 22 16:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Failed password for invalid user user from 141.98.83.240 port 63980 ssh2
Jun 22 16:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Connection closed by 141.98.83.240 port 63980 [preauth]
Jun 22 16:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 16:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 16:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Failed password for root from 62.133.62.83 port 41066 ssh2
Jun 22 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Invalid user rust from 38.55.97.143
Jun 22 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: input_userauth_request: invalid user rust [preauth]
Jun 22 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Connection closed by 62.133.62.83 port 41066 [preauth]
Jun 22 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25449]: pam_unix(cron:session): session closed for user root
Jun 22 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Failed password for invalid user rust from 38.55.97.143 port 52174 ssh2
Jun 22 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Connection closed by 38.55.97.143 port 52174 [preauth]
Jun 22 16:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Did not receive identification string from 91.92.40.4
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26767]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26832]: Successful su for rubyman by root
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26832]: + ??? root:rubyman
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572039 of user rubyman.
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26832]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572039.
Jun 22 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24154]: pam_unix(cron:session): session closed for user root
Jun 22 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=root
Jun 22 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26768]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27001]: Failed password for root from 43.153.59.240 port 38590 ssh2
Jun 22 16:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27001]: Received disconnect from 43.153.59.240 port 38590:11: Bye Bye [preauth]
Jun 22 16:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27001]: Disconnected from 43.153.59.240 port 38590 [preauth]
Jun 22 16:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Failed password for root from 38.55.97.143 port 49012 ssh2
Jun 22 16:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Connection closed by 38.55.97.143 port 49012 [preauth]
Jun 22 16:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 16:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27079]: Invalid user user from 149.56.132.12
Jun 22 16:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27079]: input_userauth_request: invalid user user [preauth]
Jun 22 16:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27079]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27068]: Failed password for root from 158.174.210.161 port 10304 ssh2
Jun 22 16:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27068]: Received disconnect from 158.174.210.161 port 10304:11: Bye Bye [preauth]
Jun 22 16:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27068]: Disconnected from 158.174.210.161 port 10304 [preauth]
Jun 22 16:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27079]: Failed password for invalid user user from 149.56.132.12 port 37774 ssh2
Jun 22 16:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27079]: Received disconnect from 149.56.132.12 port 37774:11: Bye Bye [preauth]
Jun 22 16:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27079]: Disconnected from 149.56.132.12 port 37774 [preauth]
Jun 22 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25848]: pam_unix(cron:session): session closed for user root
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27169]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27241]: Successful su for rubyman by root
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27241]: + ??? root:rubyman
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572043 of user rubyman.
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27241]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572043.
Jun 22 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session closed for user root
Jun 22 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Received disconnect from 176.65.131.188 port 39276:11: disconnected by user [preauth]
Jun 22 16:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Disconnected from 176.65.131.188 port 39276 [preauth]
Jun 22 16:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: Failed password for root from 38.55.97.143 port 42870 ssh2
Jun 22 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: Connection closed by 38.55.97.143 port 42870 [preauth]
Jun 22 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26254]: pam_unix(cron:session): session closed for user root
Jun 22 16:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=root
Jun 22 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64  user=root
Jun 22 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: Failed password for root from 43.153.59.240 port 58032 ssh2
Jun 22 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: Received disconnect from 43.153.59.240 port 58032:11: Bye Bye [preauth]
Jun 22 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: Disconnected from 43.153.59.240 port 58032 [preauth]
Jun 22 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27580]: Failed password for root from 46.135.109.64 port 18772 ssh2
Jun 22 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27580]: Received disconnect from 46.135.109.64 port 18772:11: Bye Bye [preauth]
Jun 22 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27580]: Disconnected from 46.135.109.64 port 18772 [preauth]
Jun 22 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27609]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27668]: Successful su for rubyman by root
Jun 22 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27668]: + ??? root:rubyman
Jun 22 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572047 of user rubyman.
Jun 22 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27668]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572047.
Jun 22 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: Invalid user user1 from 149.56.132.12
Jun 22 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: input_userauth_request: invalid user user1 [preauth]
Jun 22 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25056]: pam_unix(cron:session): session closed for user root
Jun 22 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: Failed password for invalid user user1 from 149.56.132.12 port 33482 ssh2
Jun 22 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: Received disconnect from 149.56.132.12 port 33482:11: Bye Bye [preauth]
Jun 22 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27806]: Disconnected from 149.56.132.12 port 33482 [preauth]
Jun 22 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27610]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: Failed password for root from 38.55.97.143 port 40490 ssh2
Jun 22 16:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: Connection closed by 38.55.97.143 port 40490 [preauth]
Jun 22 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.4  user=root
Jun 22 16:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: Failed password for root from 91.92.40.4 port 36062 ssh2
Jun 22 16:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: Connection closed by 91.92.40.4 port 36062 [preauth]
Jun 22 16:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26770]: pam_unix(cron:session): session closed for user root
Jun 22 16:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Invalid user builder from 158.174.210.161
Jun 22 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: input_userauth_request: invalid user builder [preauth]
Jun 22 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 16:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Failed password for invalid user builder from 158.174.210.161 port 45341 ssh2
Jun 22 16:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Received disconnect from 158.174.210.161 port 45341:11: Bye Bye [preauth]
Jun 22 16:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Disconnected from 158.174.210.161 port 45341 [preauth]
Jun 22 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session closed for user p13x
Jun 22 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Failed password for root from 147.45.199.80 port 59996 ssh2
Jun 22 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Connection closed by 147.45.199.80 port 59996 [preauth]
Jun 22 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: Successful su for rubyman by root
Jun 22 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: + ??? root:rubyman
Jun 22 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572051 of user rubyman.
Jun 22 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: pam_unix(su:session): session closed for user rubyman
Jun 22 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572051.
Jun 22 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25448]: pam_unix(cron:session): session closed for user root
Jun 22 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28212]: Failed password for root from 38.55.97.143 port 39038 ssh2
Jun 22 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28212]: Connection closed by 38.55.97.143 port 39038 [preauth]
Jun 22 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28030]: pam_unix(cron:session): session closed for user samftp
Jun 22 16:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 22 16:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session closed for user root
Jun 22 16:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28390]: Failed password for root from 89.223.69.22 port 42524 ssh2
Jun 22 16:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28390]: Connection closed by 89.223.69.22 port 42524 [preauth]
Jun 22 16:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Invalid user ubuntu from 43.153.59.240
Jun 22 16:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 16:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 16:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 16:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Failed password for invalid user ubuntu from 43.153.59.240 port 54874 ssh2
Jun 22 16:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Received disconnect from 43.153.59.240 port 54874:11: Bye Bye [preauth]
Jun 22 16:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Disconnected from 43.153.59.240 port 54874 [preauth]
Jun 22 16:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 16:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Failed password for root from 149.56.132.12 port 53056 ssh2
Jun 22 16:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Received disconnect from 149.56.132.12 port 53056:11: Bye Bye [preauth]
Jun 22 16:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Disconnected from 149.56.132.12 port 53056 [preauth]
Jun 22 16:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.4  user=root
Jun 22 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28456]: Failed password for root from 91.92.40.4 port 43944 ssh2
Jun 22 16:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28456]: Connection closed by 91.92.40.4 port 43944 [preauth]
Jun 22 16:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 16:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 16:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: Failed password for root from 38.55.97.143 port 37430 ssh2
Jun 22 16:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: Connection closed by 38.55.97.143 port 37430 [preauth]
Jun 22 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28481]: pam_unix(cron:session): session closed for user root
Jun 22 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28485]: pam_unix(cron:session): session closed for user root
Jun 22 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28479]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28669]: Successful su for rubyman by root
Jun 22 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28669]: + ??? root:rubyman
Jun 22 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572061 of user rubyman.
Jun 22 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28669]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572061.
Jun 22 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25847]: pam_unix(cron:session): session closed for user root
Jun 22 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28482]: pam_unix(cron:session): session closed for user root
Jun 22 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28480]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27612]: pam_unix(cron:session): session closed for user root
Jun 22 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: Failed password for root from 38.55.97.143 port 34262 ssh2
Jun 22 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: Connection closed by 38.55.97.143 port 34262 [preauth]
Jun 22 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29098]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29174]: Successful su for rubyman by root
Jun 22 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29174]: + ??? root:rubyman
Jun 22 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572063 of user rubyman.
Jun 22 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29174]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572063.
Jun 22 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26253]: pam_unix(cron:session): session closed for user root
Jun 22 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29099]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 17:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Failed password for root from 158.174.210.161 port 9390 ssh2
Jun 22 17:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Received disconnect from 158.174.210.161 port 9390:11: Bye Bye [preauth]
Jun 22 17:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Disconnected from 158.174.210.161 port 9390 [preauth]
Jun 22 17:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 17:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29378]: Invalid user ubuntu from 46.135.109.64
Jun 22 17:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29378]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29378]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 17:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Failed password for root from 149.56.132.12 port 50794 ssh2
Jun 22 17:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Received disconnect from 149.56.132.12 port 50794:11: Bye Bye [preauth]
Jun 22 17:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Disconnected from 149.56.132.12 port 50794 [preauth]
Jun 22 17:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29378]: Failed password for invalid user ubuntu from 46.135.109.64 port 16476 ssh2
Jun 22 17:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29378]: Received disconnect from 46.135.109.64 port 16476:11: Bye Bye [preauth]
Jun 22 17:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29378]: Disconnected from 46.135.109.64 port 16476 [preauth]
Jun 22 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Invalid user nova from 43.153.59.240
Jun 22 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: input_userauth_request: invalid user nova [preauth]
Jun 22 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 17:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 17:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Failed password for invalid user nova from 43.153.59.240 port 36098 ssh2
Jun 22 17:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Received disconnect from 43.153.59.240 port 36098:11: Bye Bye [preauth]
Jun 22 17:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Disconnected from 43.153.59.240 port 36098 [preauth]
Jun 22 17:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Failed password for root from 193.24.211.107 port 6517 ssh2
Jun 22 17:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Received disconnect from 193.24.211.107 port 6517:11: Client disconnecting normally [preauth]
Jun 22 17:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Disconnected from 193.24.211.107 port 6517 [preauth]
Jun 22 17:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.4  user=root
Jun 22 17:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Failed password for root from 91.92.40.4 port 36624 ssh2
Jun 22 17:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Connection closed by 91.92.40.4 port 36624 [preauth]
Jun 22 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session closed for user root
Jun 22 17:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Failed password for root from 38.55.97.143 port 56118 ssh2
Jun 22 17:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Connection closed by 38.55.97.143 port 56118 [preauth]
Jun 22 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29699]: Successful su for rubyman by root
Jun 22 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29699]: + ??? root:rubyman
Jun 22 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572066 of user rubyman.
Jun 22 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29699]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572066.
Jun 22 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26769]: pam_unix(cron:session): session closed for user root
Jun 22 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session closed for user root
Jun 22 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Failed password for root from 38.55.97.143 port 54482 ssh2
Jun 22 17:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Connection closed by 38.55.97.143 port 54482 [preauth]
Jun 22 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Invalid user developer from 149.56.132.12
Jun 22 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: input_userauth_request: invalid user developer [preauth]
Jun 22 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 17:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Failed password for invalid user developer from 149.56.132.12 port 41914 ssh2
Jun 22 17:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Received disconnect from 149.56.132.12 port 41914:11: Bye Bye [preauth]
Jun 22 17:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Disconnected from 149.56.132.12 port 41914 [preauth]
Jun 22 17:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Invalid user web from 43.153.59.240
Jun 22 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: input_userauth_request: invalid user web [preauth]
Jun 22 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user web from 43.153.59.240 port 39214 ssh2
Jun 22 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Received disconnect from 43.153.59.240 port 39214:11: Bye Bye [preauth]
Jun 22 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Disconnected from 43.153.59.240 port 39214 [preauth]
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30076]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30148]: Successful su for rubyman by root
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30148]: + ??? root:rubyman
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572070 of user rubyman.
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30148]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572070.
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30073]: Failed password for root from 38.93.206.2 port 19500 ssh2
Jun 22 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30073]: Connection closed by 38.93.206.2 port 19500 [preauth]
Jun 22 17:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session closed for user root
Jun 22 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30077]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: Invalid user bli from 158.174.210.161
Jun 22 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: input_userauth_request: invalid user bli [preauth]
Jun 22 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 17:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: Failed password for invalid user bli from 158.174.210.161 port 25033 ssh2
Jun 22 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: Received disconnect from 158.174.210.161 port 25033:11: Bye Bye [preauth]
Jun 22 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: Disconnected from 158.174.210.161 port 25033 [preauth]
Jun 22 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29101]: pam_unix(cron:session): session closed for user root
Jun 22 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30407]: Failed password for root from 38.55.97.143 port 53824 ssh2
Jun 22 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30407]: Connection closed by 38.55.97.143 port 53824 [preauth]
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30489]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30557]: Successful su for rubyman by root
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30557]: + ??? root:rubyman
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572074 of user rubyman.
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30557]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572074.
Jun 22 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27611]: pam_unix(cron:session): session closed for user root
Jun 22 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30490]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for root from 38.55.97.143 port 53738 ssh2
Jun 22 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Connection closed by 38.55.97.143 port 53738 [preauth]
Jun 22 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user root
Jun 22 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: Invalid user jessalyn from 2.57.121.112
Jun 22 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: input_userauth_request: invalid user jessalyn [preauth]
Jun 22 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: Failed password for root from 149.56.132.12 port 55576 ssh2
Jun 22 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: Received disconnect from 149.56.132.12 port 55576:11: Bye Bye [preauth]
Jun 22 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: Disconnected from 149.56.132.12 port 55576 [preauth]
Jun 22 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: Invalid user ubuntu from 46.135.109.64
Jun 22 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: Failed password for invalid user jessalyn from 2.57.121.112 port 57550 ssh2
Jun 22 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: Failed password for invalid user ubuntu from 46.135.109.64 port 18385 ssh2
Jun 22 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: Received disconnect from 46.135.109.64 port 18385:11: Bye Bye [preauth]
Jun 22 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: Disconnected from 46.135.109.64 port 18385 [preauth]
Jun 22 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: Failed password for invalid user jessalyn from 2.57.121.112 port 57550 ssh2
Jun 22 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: Invalid user clawd from 43.153.59.240
Jun 22 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: input_userauth_request: invalid user clawd [preauth]
Jun 22 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 17:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: Failed password for invalid user jessalyn from 2.57.121.112 port 57550 ssh2
Jun 22 17:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: Failed password for invalid user clawd from 43.153.59.240 port 45828 ssh2
Jun 22 17:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: Received disconnect from 43.153.59.240 port 45828:11: Bye Bye [preauth]
Jun 22 17:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: Disconnected from 43.153.59.240 port 45828 [preauth]
Jun 22 17:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: Failed password for invalid user jessalyn from 2.57.121.112 port 57550 ssh2
Jun 22 17:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: Failed password for invalid user jessalyn from 2.57.121.112 port 57550 ssh2
Jun 22 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: Connection closed by 2.57.121.112 port 57550 [preauth]
Jun 22 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 22 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31019]: pam_unix(cron:session): session closed for user root
Jun 22 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31014]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: Successful su for rubyman by root
Jun 22 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: + ??? root:rubyman
Jun 22 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572079 of user rubyman.
Jun 22 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572079.
Jun 22 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31016]: pam_unix(cron:session): session closed for user root
Jun 22 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28031]: pam_unix(cron:session): session closed for user root
Jun 22 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31015]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: Failed password for root from 38.55.97.143 port 53396 ssh2
Jun 22 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: Connection closed by 38.55.97.143 port 53396 [preauth]
Jun 22 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session closed for user root
Jun 22 17:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Invalid user test from 158.174.210.161
Jun 22 17:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: input_userauth_request: invalid user test [preauth]
Jun 22 17:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Failed password for invalid user test from 158.174.210.161 port 27501 ssh2
Jun 22 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Received disconnect from 158.174.210.161 port 27501:11: Bye Bye [preauth]
Jun 22 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Disconnected from 158.174.210.161 port 27501 [preauth]
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31451]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31522]: Successful su for rubyman by root
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31522]: + ??? root:rubyman
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572086 of user rubyman.
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31522]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572086.
Jun 22 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28483]: pam_unix(cron:session): session closed for user root
Jun 22 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31453]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Invalid user ubuntu from 149.56.132.12
Jun 22 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31830]: Received disconnect from 172.110.221.82 port 17286:11: disconnected by user [preauth]
Jun 22 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31830]: Disconnected from 172.110.221.82 port 17286 [preauth]
Jun 22 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Failed password for invalid user ubuntu from 149.56.132.12 port 34276 ssh2
Jun 22 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Received disconnect from 149.56.132.12 port 34276:11: Bye Bye [preauth]
Jun 22 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Disconnected from 149.56.132.12 port 34276 [preauth]
Jun 22 17:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=root
Jun 22 17:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: Failed password for root from 43.153.59.240 port 60752 ssh2
Jun 22 17:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: Received disconnect from 43.153.59.240 port 60752:11: Bye Bye [preauth]
Jun 22 17:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: Disconnected from 43.153.59.240 port 60752 [preauth]
Jun 22 17:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: Failed password for root from 38.55.97.143 port 36056 ssh2
Jun 22 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: Connection closed by 38.55.97.143 port 36056 [preauth]
Jun 22 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30492]: pam_unix(cron:session): session closed for user root
Jun 22 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31969]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32040]: Successful su for rubyman by root
Jun 22 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32040]: + ??? root:rubyman
Jun 22 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572088 of user rubyman.
Jun 22 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32040]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572088.
Jun 22 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29100]: pam_unix(cron:session): session closed for user root
Jun 22 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31970]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: Failed password for root from 38.55.97.143 port 42880 ssh2
Jun 22 17:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: Connection closed by 38.55.97.143 port 42880 [preauth]
Jun 22 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31018]: pam_unix(cron:session): session closed for user root
Jun 22 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Invalid user ahmed from 149.56.132.12
Jun 22 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: input_userauth_request: invalid user ahmed [preauth]
Jun 22 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Failed password for invalid user ahmed from 149.56.132.12 port 49566 ssh2
Jun 22 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Received disconnect from 149.56.132.12 port 49566:11: Bye Bye [preauth]
Jun 22 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Disconnected from 149.56.132.12 port 49566 [preauth]
Jun 22 17:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 17:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: Failed password for root from 37.233.85.71 port 33198 ssh2
Jun 22 17:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: Connection closed by 37.233.85.71 port 33198 [preauth]
Jun 22 17:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=root
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32377]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32452]: Successful su for rubyman by root
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32452]: + ??? root:rubyman
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572092 of user rubyman.
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32452]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572092.
Jun 22 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: Failed password for root from 43.153.59.240 port 37032 ssh2
Jun 22 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: Received disconnect from 43.153.59.240 port 37032:11: Bye Bye [preauth]
Jun 22 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: Disconnected from 43.153.59.240 port 37032 [preauth]
Jun 22 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user root
Jun 22 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32378]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: Failed password for root from 38.55.97.143 port 41072 ssh2
Jun 22 17:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: Connection closed by 38.55.97.143 port 41072 [preauth]
Jun 22 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: Invalid user hamid from 158.174.210.161
Jun 22 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: input_userauth_request: invalid user hamid [preauth]
Jun 22 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: Failed password for invalid user hamid from 158.174.210.161 port 39974 ssh2
Jun 22 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: Received disconnect from 158.174.210.161 port 39974:11: Bye Bye [preauth]
Jun 22 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: Disconnected from 158.174.210.161 port 39974 [preauth]
Jun 22 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31455]: pam_unix(cron:session): session closed for user root
Jun 22 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[341]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: Successful su for rubyman by root
Jun 22 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: + ??? root:rubyman
Jun 22 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572097 of user rubyman.
Jun 22 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572097.
Jun 22 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[338]: pam_unix(cron:session): session closed for user root
Jun 22 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30078]: pam_unix(cron:session): session closed for user root
Jun 22 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[342]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: Failed password for root from 38.55.97.143 port 37456 ssh2
Jun 22 17:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: Connection closed by 38.55.97.143 port 37456 [preauth]
Jun 22 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Invalid user greg from 149.56.132.12
Jun 22 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: input_userauth_request: invalid user greg [preauth]
Jun 22 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 17:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Failed password for invalid user greg from 149.56.132.12 port 38280 ssh2
Jun 22 17:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Received disconnect from 149.56.132.12 port 38280:11: Bye Bye [preauth]
Jun 22 17:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Disconnected from 149.56.132.12 port 38280 [preauth]
Jun 22 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session closed for user root
Jun 22 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=root
Jun 22 17:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Failed password for root from 43.153.59.240 port 59698 ssh2
Jun 22 17:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Received disconnect from 43.153.59.240 port 59698:11: Bye Bye [preauth]
Jun 22 17:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Disconnected from 43.153.59.240 port 59698 [preauth]
Jun 22 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[990]: Failed password for root from 38.55.97.143 port 34708 ssh2
Jun 22 17:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[990]: Connection closed by 38.55.97.143 port 34708 [preauth]
Jun 22 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session closed for user root
Jun 22 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1004]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1104]: Successful su for rubyman by root
Jun 22 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1104]: + ??? root:rubyman
Jun 22 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572102 of user rubyman.
Jun 22 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1104]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572102.
Jun 22 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1006]: pam_unix(cron:session): session closed for user root
Jun 22 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30491]: pam_unix(cron:session): session closed for user root
Jun 22 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1005]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 17:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: Failed password for root from 87.251.79.125 port 47990 ssh2
Jun 22 17:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: Connection closed by 87.251.79.125 port 47990 [preauth]
Jun 22 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32382]: pam_unix(cron:session): session closed for user root
Jun 22 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: Invalid user ubuntu from 158.174.210.161
Jun 22 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 17:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: Failed password for invalid user ubuntu from 158.174.210.161 port 60980 ssh2
Jun 22 17:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: Received disconnect from 158.174.210.161 port 60980:11: Bye Bye [preauth]
Jun 22 17:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: Disconnected from 158.174.210.161 port 60980 [preauth]
Jun 22 17:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1594]: Failed password for root from 38.55.97.143 port 58214 ssh2
Jun 22 17:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1594]: Connection closed by 38.55.97.143 port 58214 [preauth]
Jun 22 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1690]: Successful su for rubyman by root
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1690]: + ??? root:rubyman
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572108 of user rubyman.
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1690]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572108.
Jun 22 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Failed password for root from 149.56.132.12 port 58014 ssh2
Jun 22 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Received disconnect from 149.56.132.12 port 58014:11: Bye Bye [preauth]
Jun 22 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Disconnected from 149.56.132.12 port 58014 [preauth]
Jun 22 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31017]: pam_unix(cron:session): session closed for user root
Jun 22 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: Invalid user frontend from 46.135.109.64
Jun 22 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: input_userauth_request: invalid user frontend [preauth]
Jun 22 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 17:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: Failed password for invalid user frontend from 46.135.109.64 port 27757 ssh2
Jun 22 17:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: Received disconnect from 46.135.109.64 port 27757:11: Bye Bye [preauth]
Jun 22 17:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: Disconnected from 46.135.109.64 port 27757 [preauth]
Jun 22 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=root
Jun 22 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1978]: Failed password for root from 43.153.59.240 port 51938 ssh2
Jun 22 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1978]: Received disconnect from 43.153.59.240 port 51938:11: Bye Bye [preauth]
Jun 22 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1978]: Disconnected from 43.153.59.240 port 51938 [preauth]
Jun 22 17:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[344]: pam_unix(cron:session): session closed for user root
Jun 22 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: Failed password for root from 38.55.97.143 port 55994 ssh2
Jun 22 17:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: Connection closed by 38.55.97.143 port 55994 [preauth]
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2111]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2185]: Successful su for rubyman by root
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2185]: + ??? root:rubyman
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572113 of user rubyman.
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2185]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572113.
Jun 22 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31454]: pam_unix(cron:session): session closed for user root
Jun 22 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2112]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Invalid user pal from 149.56.132.12
Jun 22 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: input_userauth_request: invalid user pal [preauth]
Jun 22 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1008]: pam_unix(cron:session): session closed for user root
Jun 22 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for invalid user pal from 149.56.132.12 port 36932 ssh2
Jun 22 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Received disconnect from 149.56.132.12 port 36932:11: Bye Bye [preauth]
Jun 22 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Disconnected from 149.56.132.12 port 36932 [preauth]
Jun 22 17:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: Failed password for root from 38.55.97.143 port 55334 ssh2
Jun 22 17:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: Connection closed by 38.55.97.143 port 55334 [preauth]
Jun 22 17:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: Failed password for root from 158.174.210.161 port 63827 ssh2
Jun 22 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: Received disconnect from 158.174.210.161 port 63827:11: Bye Bye [preauth]
Jun 22 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: Disconnected from 158.174.210.161 port 63827 [preauth]
Jun 22 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: Successful su for rubyman by root
Jun 22 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: + ??? root:rubyman
Jun 22 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572116 of user rubyman.
Jun 22 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572116.
Jun 22 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31972]: pam_unix(cron:session): session closed for user root
Jun 22 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2545]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=root
Jun 22 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: Failed password for root from 43.153.59.240 port 33376 ssh2
Jun 22 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: Received disconnect from 43.153.59.240 port 33376:11: Bye Bye [preauth]
Jun 22 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: Disconnected from 43.153.59.240 port 33376 [preauth]
Jun 22 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1617]: pam_unix(cron:session): session closed for user root
Jun 22 17:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: Failed password for root from 38.55.97.143 port 53998 ssh2
Jun 22 17:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: Connection closed by 38.55.97.143 port 53998 [preauth]
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2955]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3016]: Successful su for rubyman by root
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3016]: + ??? root:rubyman
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572121 of user rubyman.
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3016]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572121.
Jun 22 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32381]: pam_unix(cron:session): session closed for user root
Jun 22 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Invalid user circleci from 149.56.132.12
Jun 22 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: input_userauth_request: invalid user circleci [preauth]
Jun 22 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12
Jun 22 17:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Failed password for invalid user circleci from 149.56.132.12 port 49338 ssh2
Jun 22 17:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Received disconnect from 149.56.132.12 port 49338:11: Bye Bye [preauth]
Jun 22 17:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Disconnected from 149.56.132.12 port 49338 [preauth]
Jun 22 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2114]: pam_unix(cron:session): session closed for user root
Jun 22 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Invalid user bli from 46.135.109.64
Jun 22 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: input_userauth_request: invalid user bli [preauth]
Jun 22 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Failed password for invalid user bli from 46.135.109.64 port 21470 ssh2
Jun 22 17:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Received disconnect from 46.135.109.64 port 21470:11: Bye Bye [preauth]
Jun 22 17:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Disconnected from 46.135.109.64 port 21470 [preauth]
Jun 22 17:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Failed password for root from 38.55.97.143 port 48756 ssh2
Jun 22 17:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Connection closed by 38.55.97.143 port 48756 [preauth]
Jun 22 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Invalid user deni from 43.153.59.240
Jun 22 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: input_userauth_request: invalid user deni [preauth]
Jun 22 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Failed password for invalid user deni from 43.153.59.240 port 38310 ssh2
Jun 22 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Received disconnect from 43.153.59.240 port 38310:11: Bye Bye [preauth]
Jun 22 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Disconnected from 43.153.59.240 port 38310 [preauth]
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3356]: pam_unix(cron:session): session closed for user root
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: Successful su for rubyman by root
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: + ??? root:rubyman
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572126 of user rubyman.
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572126.
Jun 22 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3353]: pam_unix(cron:session): session closed for user root
Jun 22 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[343]: pam_unix(cron:session): session closed for user root
Jun 22 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Invalid user bot from 158.174.210.161
Jun 22 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: input_userauth_request: invalid user bot [preauth]
Jun 22 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Failed password for invalid user bot from 158.174.210.161 port 35798 ssh2
Jun 22 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Received disconnect from 158.174.210.161 port 35798:11: Bye Bye [preauth]
Jun 22 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Disconnected from 158.174.210.161 port 35798 [preauth]
Jun 22 17:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 17:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: Received disconnect from 195.26.87.217 port 52112:11: disconnected by user [preauth]
Jun 22 17:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: Disconnected from 195.26.87.217 port 52112 [preauth]
Jun 22 17:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3787]: Failed password for root from 38.55.97.143 port 44178 ssh2
Jun 22 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3787]: Connection closed by 38.55.97.143 port 44178 [preauth]
Jun 22 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2547]: pam_unix(cron:session): session closed for user root
Jun 22 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.132.12  user=root
Jun 22 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: Failed password for root from 149.56.132.12 port 41926 ssh2
Jun 22 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: Received disconnect from 149.56.132.12 port 41926:11: Bye Bye [preauth]
Jun 22 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: Disconnected from 149.56.132.12 port 41926 [preauth]
Jun 22 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4064]: Successful su for rubyman by root
Jun 22 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4064]: + ??? root:rubyman
Jun 22 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572129 of user rubyman.
Jun 22 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4064]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572129.
Jun 22 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1007]: pam_unix(cron:session): session closed for user root
Jun 22 17:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4319]: Failed password for root from 38.55.97.143 port 34982 ssh2
Jun 22 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4319]: Connection closed by 38.55.97.143 port 34982 [preauth]
Jun 22 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session closed for user root
Jun 22 17:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=root
Jun 22 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4363]: Failed password for root from 43.153.59.240 port 57730 ssh2
Jun 22 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4363]: Received disconnect from 43.153.59.240 port 57730:11: Bye Bye [preauth]
Jun 22 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4363]: Disconnected from 43.153.59.240 port 57730 [preauth]
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4410]: pam_unix(cron:session): session closed for user root
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4412]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4477]: Successful su for rubyman by root
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4477]: + ??? root:rubyman
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572134 of user rubyman.
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4477]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572134.
Jun 22 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1615]: pam_unix(cron:session): session closed for user root
Jun 22 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4413]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Invalid user peter from 158.174.210.161
Jun 22 17:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: input_userauth_request: invalid user peter [preauth]
Jun 22 17:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 17:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Failed password for invalid user peter from 158.174.210.161 port 39593 ssh2
Jun 22 17:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Received disconnect from 158.174.210.161 port 39593:11: Bye Bye [preauth]
Jun 22 17:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Disconnected from 158.174.210.161 port 39593 [preauth]
Jun 22 17:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: Failed password for root from 38.55.97.143 port 49350 ssh2
Jun 22 17:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3355]: pam_unix(cron:session): session closed for user root
Jun 22 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: Connection closed by 38.55.97.143 port 49350 [preauth]
Jun 22 17:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64  user=root
Jun 22 17:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Failed password for root from 46.135.109.64 port 16391 ssh2
Jun 22 17:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Received disconnect from 46.135.109.64 port 16391:11: Bye Bye [preauth]
Jun 22 17:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Disconnected from 46.135.109.64 port 16391 [preauth]
Jun 22 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4930]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5006]: Successful su for rubyman by root
Jun 22 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5006]: + ??? root:rubyman
Jun 22 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572138 of user rubyman.
Jun 22 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5006]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572138.
Jun 22 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2113]: pam_unix(cron:session): session closed for user root
Jun 22 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 17:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: Failed password for root from 193.24.211.107 port 51955 ssh2
Jun 22 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: Received disconnect from 193.24.211.107 port 51955:11: Client disconnecting normally [preauth]
Jun 22 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: Disconnected from 193.24.211.107 port 51955 [preauth]
Jun 22 17:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: Invalid user user from 45.148.10.121
Jun 22 17:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: input_userauth_request: invalid user user [preauth]
Jun 22 17:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 22 17:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: Failed password for invalid user user from 45.148.10.121 port 51226 ssh2
Jun 22 17:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: Connection closed by 45.148.10.121 port 51226 [preauth]
Jun 22 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: Invalid user accounting from 43.153.59.240
Jun 22 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: input_userauth_request: invalid user accounting [preauth]
Jun 22 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 22 17:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: Failed password for invalid user accounting from 43.153.59.240 port 40710 ssh2
Jun 22 17:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: Received disconnect from 43.153.59.240 port 40710:11: Bye Bye [preauth]
Jun 22 17:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: Disconnected from 43.153.59.240 port 40710 [preauth]
Jun 22 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5256]: Failed password for root from 38.55.97.143 port 51748 ssh2
Jun 22 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5256]: Connection closed by 38.55.97.143 port 51748 [preauth]
Jun 22 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3950]: pam_unix(cron:session): session closed for user root
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5420]: Successful su for rubyman by root
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5420]: + ??? root:rubyman
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572142 of user rubyman.
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5420]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572142.
Jun 22 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2546]: pam_unix(cron:session): session closed for user root
Jun 22 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4415]: pam_unix(cron:session): session closed for user root
Jun 22 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Failed password for root from 38.55.97.143 port 56792 ssh2
Jun 22 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Connection closed by 38.55.97.143 port 56792 [preauth]
Jun 22 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5722]: Failed password for root from 158.174.210.161 port 2858 ssh2
Jun 22 17:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5722]: Received disconnect from 158.174.210.161 port 2858:11: Bye Bye [preauth]
Jun 22 17:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5722]: Disconnected from 158.174.210.161 port 2858 [preauth]
Jun 22 17:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Invalid user admin from 2.57.121.25
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5758]: pam_unix(cron:session): session closed for user root
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5753]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5824]: Successful su for rubyman by root
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5824]: + ??? root:rubyman
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572151 of user rubyman.
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5824]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572151.
Jun 22 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Failed password for invalid user admin from 2.57.121.25 port 7000 ssh2
Jun 22 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5755]: pam_unix(cron:session): session closed for user root
Jun 22 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session closed for user root
Jun 22 17:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Failed password for invalid user admin from 2.57.121.25 port 7000 ssh2
Jun 22 17:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5754]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Failed password for invalid user admin from 2.57.121.25 port 7000 ssh2
Jun 22 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Connection closed by 2.57.121.25 port 7000 [preauth]
Jun 22 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 17:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4934]: pam_unix(cron:session): session closed for user root
Jun 22 17:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6091]: Failed password for root from 38.55.97.143 port 33068 ssh2
Jun 22 17:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6091]: Connection closed by 38.55.97.143 port 33068 [preauth]
Jun 22 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6247]: Successful su for rubyman by root
Jun 22 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6247]: + ??? root:rubyman
Jun 22 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572152 of user rubyman.
Jun 22 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6247]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572152.
Jun 22 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3354]: pam_unix(cron:session): session closed for user root
Jun 22 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: Invalid user builder from 46.135.109.64
Jun 22 17:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: input_userauth_request: invalid user builder [preauth]
Jun 22 17:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 17:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: Failed password for invalid user builder from 46.135.109.64 port 20159 ssh2
Jun 22 17:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: Received disconnect from 46.135.109.64 port 20159:11: Bye Bye [preauth]
Jun 22 17:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: Disconnected from 46.135.109.64 port 20159 [preauth]
Jun 22 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5355]: pam_unix(cron:session): session closed for user root
Jun 22 17:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: Failed password for root from 38.55.97.143 port 49644 ssh2
Jun 22 17:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: Connection closed by 38.55.97.143 port 49644 [preauth]
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6579]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6644]: Successful su for rubyman by root
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6644]: + ??? root:rubyman
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572156 of user rubyman.
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6644]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572156.
Jun 22 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session closed for user root
Jun 22 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6580]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Invalid user compras from 158.174.210.161
Jun 22 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: input_userauth_request: invalid user compras [preauth]
Jun 22 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Failed password for invalid user compras from 158.174.210.161 port 57515 ssh2
Jun 22 17:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Received disconnect from 158.174.210.161 port 57515:11: Bye Bye [preauth]
Jun 22 17:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Disconnected from 158.174.210.161 port 57515 [preauth]
Jun 22 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5757]: pam_unix(cron:session): session closed for user root
Jun 22 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Failed password for root from 38.55.97.143 port 53560 ssh2
Jun 22 17:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Connection closed by 38.55.97.143 port 53560 [preauth]
Jun 22 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7149]: Successful su for rubyman by root
Jun 22 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7149]: + ??? root:rubyman
Jun 22 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572161 of user rubyman.
Jun 22 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7149]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572161.
Jun 22 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4414]: pam_unix(cron:session): session closed for user root
Jun 22 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7030]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session closed for user root
Jun 22 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Failed password for root from 38.55.97.143 port 54204 ssh2
Jun 22 17:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Connection closed by 38.55.97.143 port 54204 [preauth]
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7487]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7548]: Successful su for rubyman by root
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7548]: + ??? root:rubyman
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572167 of user rubyman.
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7548]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572167.
Jun 22 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4932]: pam_unix(cron:session): session closed for user root
Jun 22 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Invalid user ebi from 158.174.210.161
Jun 22 17:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: input_userauth_request: invalid user ebi [preauth]
Jun 22 17:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 17:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6582]: pam_unix(cron:session): session closed for user root
Jun 22 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Failed password for root from 38.55.97.143 port 56546 ssh2
Jun 22 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Connection closed by 38.55.97.143 port 56546 [preauth]
Jun 22 17:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Failed password for invalid user ebi from 158.174.210.161 port 31439 ssh2
Jun 22 17:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Received disconnect from 158.174.210.161 port 31439:11: Bye Bye [preauth]
Jun 22 17:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Disconnected from 158.174.210.161 port 31439 [preauth]
Jun 22 17:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 17:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: Failed password for root from 103.153.68.219 port 45018 ssh2
Jun 22 17:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: Connection closed by 103.153.68.219 port 45018 [preauth]
Jun 22 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7988]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7986]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7989]: pam_unix(cron:session): session closed for user root
Jun 22 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7984]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8054]: Successful su for rubyman by root
Jun 22 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8054]: + ??? root:rubyman
Jun 22 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572170 of user rubyman.
Jun 22 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8054]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572170.
Jun 22 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session closed for user root
Jun 22 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7986]: pam_unix(cron:session): session closed for user root
Jun 22 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7985]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: Failed password for root from 38.55.97.143 port 59388 ssh2
Jun 22 17:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: Connection closed by 38.55.97.143 port 59388 [preauth]
Jun 22 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7034]: pam_unix(cron:session): session closed for user root
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8406]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8478]: Successful su for rubyman by root
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8478]: + ??? root:rubyman
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572175 of user rubyman.
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8478]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572175.
Jun 22 17:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5756]: pam_unix(cron:session): session closed for user root
Jun 22 17:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8407]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Failed password for root from 38.55.97.143 port 44718 ssh2
Jun 22 17:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Connection closed by 38.55.97.143 port 44718 [preauth]
Jun 22 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7490]: pam_unix(cron:session): session closed for user root
Jun 22 17:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 17:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Failed password for root from 158.174.210.161 port 1982 ssh2
Jun 22 17:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Received disconnect from 158.174.210.161 port 1982:11: Bye Bye [preauth]
Jun 22 17:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Disconnected from 158.174.210.161 port 1982 [preauth]
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8810]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8873]: Successful su for rubyman by root
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8873]: + ??? root:rubyman
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572179 of user rubyman.
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8873]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572179.
Jun 22 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session closed for user root
Jun 22 17:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8811]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Invalid user admin from 141.98.83.240
Jun 22 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 17:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Failed password for invalid user admin from 141.98.83.240 port 55496 ssh2
Jun 22 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: Failed password for root from 38.55.97.143 port 53632 ssh2
Jun 22 17:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: Connection closed by 38.55.97.143 port 53632 [preauth]
Jun 22 17:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Failed password for invalid user admin from 141.98.83.240 port 55496 ssh2
Jun 22 17:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Failed password for invalid user admin from 141.98.83.240 port 55496 ssh2
Jun 22 17:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Connection closed by 141.98.83.240 port 55496 [preauth]
Jun 22 17:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7988]: pam_unix(cron:session): session closed for user root
Jun 22 17:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64  user=root
Jun 22 17:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9198]: Failed password for root from 46.135.109.64 port 17711 ssh2
Jun 22 17:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9198]: Received disconnect from 46.135.109.64 port 17711:11: Bye Bye [preauth]
Jun 22 17:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9198]: Disconnected from 46.135.109.64 port 17711 [preauth]
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9218]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9282]: Successful su for rubyman by root
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9282]: + ??? root:rubyman
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572183 of user rubyman.
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9282]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572183.
Jun 22 17:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6581]: pam_unix(cron:session): session closed for user root
Jun 22 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9219]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: Failed password for root from 38.55.97.143 port 50384 ssh2
Jun 22 17:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: Connection closed by 38.55.97.143 port 50384 [preauth]
Jun 22 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session closed for user root
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9603]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9667]: Successful su for rubyman by root
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9667]: + ??? root:rubyman
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572187 of user rubyman.
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9667]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572187.
Jun 22 17:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7031]: pam_unix(cron:session): session closed for user root
Jun 22 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: Invalid user frontend from 158.174.210.161
Jun 22 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: input_userauth_request: invalid user frontend [preauth]
Jun 22 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9605]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: Failed password for invalid user frontend from 158.174.210.161 port 57729 ssh2
Jun 22 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: Received disconnect from 158.174.210.161 port 57729:11: Bye Bye [preauth]
Jun 22 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: Disconnected from 158.174.210.161 port 57729 [preauth]
Jun 22 17:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: Failed password for root from 38.55.97.143 port 52828 ssh2
Jun 22 17:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: Connection closed by 38.55.97.143 port 52828 [preauth]
Jun 22 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8813]: pam_unix(cron:session): session closed for user root
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10189]: pam_unix(cron:session): session closed for user root
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10180]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10346]: Successful su for rubyman by root
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10346]: + ??? root:rubyman
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572195 of user rubyman.
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10346]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572195.
Jun 22 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session closed for user root
Jun 22 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10182]: pam_unix(cron:session): session closed for user root
Jun 22 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: Failed password for root from 38.55.97.143 port 36526 ssh2
Jun 22 17:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: Connection closed by 38.55.97.143 port 36526 [preauth]
Jun 22 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9221]: pam_unix(cron:session): session closed for user root
Jun 22 17:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Connection closed by 194.59.206.2 port 31342 [preauth]
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10713]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10793]: Successful su for rubyman by root
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10793]: + ??? root:rubyman
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572196 of user rubyman.
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10793]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572196.
Jun 22 17:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7987]: pam_unix(cron:session): session closed for user root
Jun 22 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10714]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: Invalid user hani from 46.135.109.64
Jun 22 17:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: input_userauth_request: invalid user hani [preauth]
Jun 22 17:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 17:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: Failed password for invalid user hani from 46.135.109.64 port 29065 ssh2
Jun 22 17:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: Received disconnect from 46.135.109.64 port 29065:11: Bye Bye [preauth]
Jun 22 17:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11013]: Disconnected from 46.135.109.64 port 29065 [preauth]
Jun 22 17:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Failed password for root from 38.55.97.143 port 36994 ssh2
Jun 22 17:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Connection closed by 38.55.97.143 port 36994 [preauth]
Jun 22 17:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Invalid user egarcia from 158.174.210.161
Jun 22 17:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: input_userauth_request: invalid user egarcia [preauth]
Jun 22 17:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161
Jun 22 17:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Failed password for invalid user egarcia from 158.174.210.161 port 22620 ssh2
Jun 22 17:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Received disconnect from 158.174.210.161 port 22620:11: Bye Bye [preauth]
Jun 22 17:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Disconnected from 158.174.210.161 port 22620 [preauth]
Jun 22 17:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9607]: pam_unix(cron:session): session closed for user root
Jun 22 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11152]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11215]: Successful su for rubyman by root
Jun 22 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11215]: + ??? root:rubyman
Jun 22 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572201 of user rubyman.
Jun 22 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11215]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572201.
Jun 22 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session closed for user root
Jun 22 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11153]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Failed password for root from 38.55.97.143 port 40390 ssh2
Jun 22 17:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Connection closed by 38.55.97.143 port 40390 [preauth]
Jun 22 17:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 22 17:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.77.217.12
Jun 22 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10188]: pam_unix(cron:session): session closed for user root
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11579]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11640]: Successful su for rubyman by root
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11640]: + ??? root:rubyman
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572205 of user rubyman.
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11640]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572205.
Jun 22 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8812]: pam_unix(cron:session): session closed for user root
Jun 22 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11580]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: Failed password for root from 38.55.97.143 port 42530 ssh2
Jun 22 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: Connection closed by 38.55.97.143 port 42530 [preauth]
Jun 22 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 17:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for root from 103.77.175.15 port 49120 ssh2
Jun 22 17:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Connection closed by 103.77.175.15 port 49120 [preauth]
Jun 22 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10716]: pam_unix(cron:session): session closed for user root
Jun 22 17:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 17:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Failed password for root from 158.174.210.161 port 21083 ssh2
Jun 22 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Received disconnect from 158.174.210.161 port 21083:11: Bye Bye [preauth]
Jun 22 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Disconnected from 158.174.210.161 port 21083 [preauth]
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12099]: Successful su for rubyman by root
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12099]: + ??? root:rubyman
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572208 of user rubyman.
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12099]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572208.
Jun 22 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9220]: pam_unix(cron:session): session closed for user root
Jun 22 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: Failed password for root from 103.27.238.120 port 36268 ssh2
Jun 22 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: Connection closed by 103.27.238.120 port 36268 [preauth]
Jun 22 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: Failed password for root from 38.55.97.143 port 43770 ssh2
Jun 22 17:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: Connection closed by 38.55.97.143 port 43770 [preauth]
Jun 22 17:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Received disconnect from 78.111.67.247 port 46928:11: disconnected by user [preauth]
Jun 22 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Disconnected from 78.111.67.247 port 46928 [preauth]
Jun 22 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11155]: pam_unix(cron:session): session closed for user root
Jun 22 17:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: Failed password for root from 193.24.211.107 port 37763 ssh2
Jun 22 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: Received disconnect from 193.24.211.107 port 37763:11: Client disconnecting normally [preauth]
Jun 22 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: Disconnected from 193.24.211.107 port 37763 [preauth]
Jun 22 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12573]: pam_unix(cron:session): session closed for user root
Jun 22 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12568]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12640]: Successful su for rubyman by root
Jun 22 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12640]: + ??? root:rubyman
Jun 22 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572215 of user rubyman.
Jun 22 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12640]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572215.
Jun 22 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9606]: pam_unix(cron:session): session closed for user root
Jun 22 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12570]: pam_unix(cron:session): session closed for user root
Jun 22 17:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12569]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Failed password for root from 38.55.97.143 port 47016 ssh2
Jun 22 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Connection closed by 38.55.97.143 port 47016 [preauth]
Jun 22 17:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11582]: pam_unix(cron:session): session closed for user root
Jun 22 17:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.174.210.161  user=root
Jun 22 17:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13004]: Failed password for root from 158.174.210.161 port 56056 ssh2
Jun 22 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13004]: Received disconnect from 158.174.210.161 port 56056:11: Bye Bye [preauth]
Jun 22 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13004]: Disconnected from 158.174.210.161 port 56056 [preauth]
Jun 22 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13085]: Successful su for rubyman by root
Jun 22 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13085]: + ??? root:rubyman
Jun 22 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572220 of user rubyman.
Jun 22 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13085]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572220.
Jun 22 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10183]: pam_unix(cron:session): session closed for user root
Jun 22 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13164]: Failed password for root from 38.55.97.143 port 50370 ssh2
Jun 22 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13018]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13164]: Connection closed by 38.55.97.143 port 50370 [preauth]
Jun 22 17:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12045]: pam_unix(cron:session): session closed for user root
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13433]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13493]: Successful su for rubyman by root
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13493]: + ??? root:rubyman
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572224 of user rubyman.
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13493]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572224.
Jun 22 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10715]: pam_unix(cron:session): session closed for user root
Jun 22 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13434]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: Failed password for root from 38.55.97.143 port 44132 ssh2
Jun 22 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: Connection closed by 38.55.97.143 port 44132 [preauth]
Jun 22 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 17:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Failed password for root from 202.178.126.219 port 27083 ssh2
Jun 22 17:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Connection closed by 202.178.126.219 port 27083 [preauth]
Jun 22 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12572]: pam_unix(cron:session): session closed for user root
Jun 22 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64  user=root
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13847]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13910]: Successful su for rubyman by root
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13910]: + ??? root:rubyman
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572226 of user rubyman.
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13910]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572226.
Jun 22 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: Failed password for root from 46.135.109.64 port 17427 ssh2
Jun 22 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: Received disconnect from 46.135.109.64 port 17427:11: Bye Bye [preauth]
Jun 22 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: Disconnected from 46.135.109.64 port 17427 [preauth]
Jun 22 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11154]: pam_unix(cron:session): session closed for user root
Jun 22 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13848]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for root from 38.55.97.143 port 52194 ssh2
Jun 22 17:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Connection closed by 38.55.97.143 port 52194 [preauth]
Jun 22 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13020]: pam_unix(cron:session): session closed for user root
Jun 22 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 17:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Failed password for root from 193.37.70.224 port 58444 ssh2
Jun 22 17:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Connection closed by 193.37.70.224 port 58444 [preauth]
Jun 22 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14244]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: Successful su for rubyman by root
Jun 22 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: + ??? root:rubyman
Jun 22 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572230 of user rubyman.
Jun 22 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572230.
Jun 22 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14242]: pam_unix(cron:session): session closed for user root
Jun 22 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11581]: pam_unix(cron:session): session closed for user root
Jun 22 17:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14245]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: Failed password for root from 38.55.97.143 port 60524 ssh2
Jun 22 17:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: Connection closed by 38.55.97.143 port 60524 [preauth]
Jun 22 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13436]: pam_unix(cron:session): session closed for user root
Jun 22 17:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14815]: pam_unix(cron:session): session closed for user root
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14810]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14880]: Successful su for rubyman by root
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14880]: + ??? root:rubyman
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572235 of user rubyman.
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14880]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572235.
Jun 22 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14812]: pam_unix(cron:session): session closed for user root
Jun 22 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: Failed password for root from 38.55.97.143 port 36024 ssh2
Jun 22 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: Connection closed by 38.55.97.143 port 36024 [preauth]
Jun 22 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12043]: pam_unix(cron:session): session closed for user root
Jun 22 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14811]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13850]: pam_unix(cron:session): session closed for user root
Jun 22 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15245]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15321]: Successful su for rubyman by root
Jun 22 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15321]: + ??? root:rubyman
Jun 22 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572241 of user rubyman.
Jun 22 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15321]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572241.
Jun 22 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: Failed password for root from 38.55.97.143 port 38666 ssh2
Jun 22 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15313]: Connection closed by 38.55.97.143 port 38666 [preauth]
Jun 22 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12571]: pam_unix(cron:session): session closed for user root
Jun 22 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15246]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Invalid user bot from 46.135.109.64
Jun 22 17:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: input_userauth_request: invalid user bot [preauth]
Jun 22 17:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Failed password for invalid user bot from 46.135.109.64 port 28799 ssh2
Jun 22 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Received disconnect from 46.135.109.64 port 28799:11: Bye Bye [preauth]
Jun 22 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Disconnected from 46.135.109.64 port 28799 [preauth]
Jun 22 17:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session closed for user root
Jun 22 17:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15644]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15708]: Successful su for rubyman by root
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15708]: + ??? root:rubyman
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572247 of user rubyman.
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15708]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572247.
Jun 22 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: Failed password for root from 38.55.97.143 port 49792 ssh2
Jun 22 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: Connection closed by 38.55.97.143 port 49792 [preauth]
Jun 22 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session closed for user root
Jun 22 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15645]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14814]: pam_unix(cron:session): session closed for user root
Jun 22 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Failed password for root from 38.55.97.143 port 53068 ssh2
Jun 22 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Connection closed by 38.55.97.143 port 53068 [preauth]
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16093]: Successful su for rubyman by root
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16093]: + ??? root:rubyman
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572251 of user rubyman.
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16093]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572251.
Jun 22 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13435]: pam_unix(cron:session): session closed for user root
Jun 22 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Failed password for root from 186.241.84.15 port 48856 ssh2
Jun 22 17:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Connection closed by 186.241.84.15 port 48856 [preauth]
Jun 22 17:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Failed password for root from 186.241.84.15 port 36294 ssh2
Jun 22 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Connection closed by 186.241.84.15 port 36294 [preauth]
Jun 22 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16306]: Failed password for root from 186.241.84.15 port 36310 ssh2
Jun 22 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16306]: Connection closed by 186.241.84.15 port 36310 [preauth]
Jun 22 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16308]: Failed password for root from 186.241.84.15 port 36324 ssh2
Jun 22 17:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16308]: Connection closed by 186.241.84.15 port 36324 [preauth]
Jun 22 17:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Failed password for root from 186.241.84.15 port 36334 ssh2
Jun 22 17:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Connection closed by 186.241.84.15 port 36334 [preauth]
Jun 22 17:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: Failed password for root from 186.241.84.15 port 52730 ssh2
Jun 22 17:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: Connection closed by 186.241.84.15 port 52730 [preauth]
Jun 22 17:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Received disconnect from 31.42.176.142 port 34236:11: disconnected by user [preauth]
Jun 22 17:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Disconnected from 31.42.176.142 port 34236 [preauth]
Jun 22 17:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Failed password for root from 186.241.84.15 port 52738 ssh2
Jun 22 17:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Connection closed by 186.241.84.15 port 52738 [preauth]
Jun 22 17:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: Failed password for root from 186.241.84.15 port 52746 ssh2
Jun 22 17:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: Connection closed by 186.241.84.15 port 52746 [preauth]
Jun 22 17:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Failed password for root from 186.241.84.15 port 52754 ssh2
Jun 22 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Connection closed by 186.241.84.15 port 52754 [preauth]
Jun 22 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15248]: pam_unix(cron:session): session closed for user root
Jun 22 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Failed password for root from 103.149.28.157 port 58582 ssh2
Jun 22 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Failed password for root from 186.241.84.15 port 41912 ssh2
Jun 22 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Connection closed by 186.241.84.15 port 41912 [preauth]
Jun 22 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Connection closed by 103.149.28.157 port 58582 [preauth]
Jun 22 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Failed password for root from 186.241.84.15 port 41920 ssh2
Jun 22 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Connection closed by 186.241.84.15 port 41920 [preauth]
Jun 22 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: Failed password for root from 186.241.84.15 port 41924 ssh2
Jun 22 17:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: Connection closed by 186.241.84.15 port 41924 [preauth]
Jun 22 17:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: Failed password for root from 186.241.84.15 port 41930 ssh2
Jun 22 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: Connection closed by 186.241.84.15 port 41930 [preauth]
Jun 22 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Failed password for root from 186.241.84.15 port 41942 ssh2
Jun 22 17:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Connection closed by 186.241.84.15 port 41942 [preauth]
Jun 22 17:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Failed password for root from 186.241.84.15 port 37958 ssh2
Jun 22 17:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Connection closed by 186.241.84.15 port 37958 [preauth]
Jun 22 17:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Failed password for root from 186.241.84.15 port 37962 ssh2
Jun 22 17:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Connection closed by 186.241.84.15 port 37962 [preauth]
Jun 22 17:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: Failed password for root from 186.241.84.15 port 37966 ssh2
Jun 22 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: Connection closed by 186.241.84.15 port 37966 [preauth]
Jun 22 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16446]: Failed password for root from 186.241.84.15 port 37980 ssh2
Jun 22 17:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16446]: Connection closed by 186.241.84.15 port 37980 [preauth]
Jun 22 17:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16450]: Failed password for root from 186.241.84.15 port 39254 ssh2
Jun 22 17:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16450]: Connection closed by 186.241.84.15 port 39254 [preauth]
Jun 22 17:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Failed password for root from 38.55.97.143 port 56376 ssh2
Jun 22 17:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Connection closed by 38.55.97.143 port 56376 [preauth]
Jun 22 17:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: Failed password for root from 186.241.84.15 port 39268 ssh2
Jun 22 17:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: Connection closed by 186.241.84.15 port 39268 [preauth]
Jun 22 17:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16464]: Failed password for root from 186.241.84.15 port 39284 ssh2
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16464]: Connection closed by 186.241.84.15 port 39284 [preauth]
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16471]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16542]: Successful su for rubyman by root
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16542]: + ??? root:rubyman
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572256 of user rubyman.
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16542]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572256.
Jun 22 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Failed password for root from 186.241.84.15 port 39286 ssh2
Jun 22 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Connection closed by 186.241.84.15 port 39286 [preauth]
Jun 22 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13849]: pam_unix(cron:session): session closed for user root
Jun 22 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: Failed password for root from 186.241.84.15 port 51078 ssh2
Jun 22 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: Connection closed by 186.241.84.15 port 51078 [preauth]
Jun 22 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Failed password for root from 109.237.96.109 port 34572 ssh2
Jun 22 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Connection closed by 109.237.96.109 port 34572 [preauth]
Jun 22 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16472]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Failed password for root from 186.241.84.15 port 51092 ssh2
Jun 22 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Connection closed by 186.241.84.15 port 51092 [preauth]
Jun 22 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16721]: Failed password for root from 186.241.84.15 port 51108 ssh2
Jun 22 17:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16721]: Connection closed by 186.241.84.15 port 51108 [preauth]
Jun 22 17:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: Failed password for root from 186.241.84.15 port 51118 ssh2
Jun 22 17:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: Connection closed by 186.241.84.15 port 51118 [preauth]
Jun 22 17:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Failed password for root from 186.241.84.15 port 51128 ssh2
Jun 22 17:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Connection closed by 186.241.84.15 port 51128 [preauth]
Jun 22 17:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: Failed password for root from 186.241.84.15 port 46558 ssh2
Jun 22 17:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: Connection closed by 186.241.84.15 port 46558 [preauth]
Jun 22 17:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: Failed password for root from 186.241.84.15 port 46572 ssh2
Jun 22 17:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: Connection closed by 186.241.84.15 port 46572 [preauth]
Jun 22 17:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: Failed password for root from 186.241.84.15 port 46576 ssh2
Jun 22 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: Connection closed by 186.241.84.15 port 46576 [preauth]
Jun 22 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Failed password for root from 186.241.84.15 port 46584 ssh2
Jun 22 17:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Connection closed by 186.241.84.15 port 46584 [preauth]
Jun 22 17:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Failed password for root from 186.241.84.15 port 42998 ssh2
Jun 22 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Connection closed by 186.241.84.15 port 42998 [preauth]
Jun 22 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16798]: Failed password for root from 186.241.84.15 port 43008 ssh2
Jun 22 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16798]: Connection closed by 186.241.84.15 port 43008 [preauth]
Jun 22 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Failed password for root from 186.241.84.15 port 43014 ssh2
Jun 22 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Connection closed by 186.241.84.15 port 43014 [preauth]
Jun 22 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Failed password for root from 186.241.84.15 port 43026 ssh2
Jun 22 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Connection closed by 186.241.84.15 port 43026 [preauth]
Jun 22 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15647]: pam_unix(cron:session): session closed for user root
Jun 22 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Failed password for root from 186.241.84.15 port 35148 ssh2
Jun 22 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Connection closed by 186.241.84.15 port 35148 [preauth]
Jun 22 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: Failed password for root from 186.241.84.15 port 35164 ssh2
Jun 22 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: Connection closed by 186.241.84.15 port 35164 [preauth]
Jun 22 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Failed password for root from 186.241.84.15 port 35174 ssh2
Jun 22 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Connection closed by 186.241.84.15 port 35174 [preauth]
Jun 22 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: Failed password for root from 186.241.84.15 port 35178 ssh2
Jun 22 17:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: Connection closed by 186.241.84.15 port 35178 [preauth]
Jun 22 17:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64  user=root
Jun 22 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16898]: Failed password for root from 46.135.109.64 port 17373 ssh2
Jun 22 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: Failed password for root from 186.241.84.15 port 35180 ssh2
Jun 22 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: Connection closed by 186.241.84.15 port 35180 [preauth]
Jun 22 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16898]: Received disconnect from 46.135.109.64 port 17373:11: Bye Bye [preauth]
Jun 22 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16898]: Disconnected from 46.135.109.64 port 17373 [preauth]
Jun 22 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: Failed password for root from 186.241.84.15 port 56002 ssh2
Jun 22 17:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: Connection closed by 186.241.84.15 port 56002 [preauth]
Jun 22 17:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: Failed password for root from 186.241.84.15 port 56008 ssh2
Jun 22 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: Connection closed by 186.241.84.15 port 56008 [preauth]
Jun 22 17:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16999]: Failed password for root from 186.241.84.15 port 56024 ssh2
Jun 22 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16999]: Connection closed by 186.241.84.15 port 56024 [preauth]
Jun 22 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Failed password for root from 38.55.97.143 port 33774 ssh2
Jun 22 17:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Connection closed by 38.55.97.143 port 33774 [preauth]
Jun 22 17:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: Failed password for root from 186.241.84.15 port 56026 ssh2
Jun 22 17:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: Connection closed by 186.241.84.15 port 56026 [preauth]
Jun 22 17:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17010]: Failed password for root from 186.241.84.15 port 33414 ssh2
Jun 22 17:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17010]: Connection closed by 186.241.84.15 port 33414 [preauth]
Jun 22 17:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: Failed password for root from 186.241.84.15 port 33420 ssh2
Jun 22 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: Connection closed by 186.241.84.15 port 33420 [preauth]
Jun 22 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17042]: pam_unix(cron:session): session closed for user root
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17037]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Failed password for root from 186.241.84.15 port 33422 ssh2
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Connection closed by 186.241.84.15 port 33422 [preauth]
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17109]: Successful su for rubyman by root
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17109]: + ??? root:rubyman
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572259 of user rubyman.
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17109]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572259.
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Failed password for root from 103.172.78.219 port 46556 ssh2
Jun 22 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Connection closed by 103.172.78.219 port 46556 [preauth]
Jun 22 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17039]: pam_unix(cron:session): session closed for user root
Jun 22 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Failed password for root from 186.241.84.15 port 33430 ssh2
Jun 22 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Connection closed by 186.241.84.15 port 33430 [preauth]
Jun 22 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14246]: pam_unix(cron:session): session closed for user root
Jun 22 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: Failed password for root from 186.241.84.15 port 59398 ssh2
Jun 22 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: Connection closed by 186.241.84.15 port 59398 [preauth]
Jun 22 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17038]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Failed password for root from 186.241.84.15 port 59402 ssh2
Jun 22 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Connection closed by 186.241.84.15 port 59402 [preauth]
Jun 22 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Failed password for root from 186.241.84.15 port 59414 ssh2
Jun 22 17:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Connection closed by 186.241.84.15 port 59414 [preauth]
Jun 22 17:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: Failed password for root from 186.241.84.15 port 59416 ssh2
Jun 22 17:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: Connection closed by 186.241.84.15 port 59416 [preauth]
Jun 22 17:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Failed password for root from 186.241.84.15 port 53706 ssh2
Jun 22 17:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Connection closed by 186.241.84.15 port 53706 [preauth]
Jun 22 17:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Failed password for root from 186.241.84.15 port 53710 ssh2
Jun 22 17:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Connection closed by 186.241.84.15 port 53710 [preauth]
Jun 22 17:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Failed password for root from 186.241.84.15 port 53726 ssh2
Jun 22 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Connection closed by 186.241.84.15 port 53726 [preauth]
Jun 22 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: Failed password for root from 186.241.84.15 port 53728 ssh2
Jun 22 17:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: Connection closed by 186.241.84.15 port 53728 [preauth]
Jun 22 17:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Failed password for root from 186.241.84.15 port 53732 ssh2
Jun 22 17:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Connection closed by 186.241.84.15 port 53732 [preauth]
Jun 22 17:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: Failed password for root from 186.241.84.15 port 53324 ssh2
Jun 22 17:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: Connection closed by 186.241.84.15 port 53324 [preauth]
Jun 22 17:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: Failed password for root from 186.241.84.15 port 53338 ssh2
Jun 22 17:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: Connection closed by 186.241.84.15 port 53338 [preauth]
Jun 22 17:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Failed password for root from 186.241.84.15 port 53342 ssh2
Jun 22 17:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Connection closed by 186.241.84.15 port 53342 [preauth]
Jun 22 17:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: Failed password for root from 186.241.84.15 port 53356 ssh2
Jun 22 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16034]: pam_unix(cron:session): session closed for user root
Jun 22 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: Connection closed by 186.241.84.15 port 53356 [preauth]
Jun 22 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: Failed password for root from 186.241.84.15 port 56236 ssh2
Jun 22 17:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: Connection closed by 186.241.84.15 port 56236 [preauth]
Jun 22 17:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Failed password for root from 186.241.84.15 port 56248 ssh2
Jun 22 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Connection closed by 186.241.84.15 port 56248 [preauth]
Jun 22 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 17:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Failed password for root from 186.241.84.15 port 56274 ssh2
Jun 22 17:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Failed password for root from 194.113.233.25 port 40398 ssh2
Jun 22 17:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Connection closed by 186.241.84.15 port 56274 [preauth]
Jun 22 17:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Connection closed by 194.113.233.25 port 40398 [preauth]
Jun 22 17:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Failed password for root from 186.241.84.15 port 56302 ssh2
Jun 22 17:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Connection closed by 186.241.84.15 port 56302 [preauth]
Jun 22 17:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: Failed password for root from 186.241.84.15 port 56316 ssh2
Jun 22 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: Connection closed by 186.241.84.15 port 56316 [preauth]
Jun 22 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Failed password for root from 186.241.84.15 port 37830 ssh2
Jun 22 17:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Connection closed by 186.241.84.15 port 37830 [preauth]
Jun 22 17:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Failed password for root from 186.241.84.15 port 37836 ssh2
Jun 22 17:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Connection closed by 186.241.84.15 port 37836 [preauth]
Jun 22 17:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Failed password for root from 186.241.84.15 port 37850 ssh2
Jun 22 17:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Connection closed by 186.241.84.15 port 37850 [preauth]
Jun 22 17:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: Invalid user oracle from 38.55.97.143
Jun 22 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: input_userauth_request: invalid user oracle [preauth]
Jun 22 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: Failed password for root from 186.241.84.15 port 37862 ssh2
Jun 22 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: Connection closed by 186.241.84.15 port 37862 [preauth]
Jun 22 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: Failed password for invalid user oracle from 38.55.97.143 port 37630 ssh2
Jun 22 17:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: Connection closed by 38.55.97.143 port 37630 [preauth]
Jun 22 17:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Failed password for root from 186.241.84.15 port 37876 ssh2
Jun 22 17:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Connection closed by 186.241.84.15 port 37876 [preauth]
Jun 22 17:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: Failed password for root from 186.241.84.15 port 34726 ssh2
Jun 22 17:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: Connection closed by 186.241.84.15 port 34726 [preauth]
Jun 22 17:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: Failed password for root from 186.241.84.15 port 34738 ssh2
Jun 22 17:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: Connection closed by 186.241.84.15 port 34738 [preauth]
Jun 22 17:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Failed password for root from 186.241.84.15 port 34744 ssh2
Jun 22 17:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Connection closed by 186.241.84.15 port 34744 [preauth]
Jun 22 17:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17540]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17541]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17538]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17603]: Successful su for rubyman by root
Jun 22 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17603]: + ??? root:rubyman
Jun 22 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572264 of user rubyman.
Jun 22 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17603]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572264.
Jun 22 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17535]: Failed password for root from 186.241.84.15 port 34756 ssh2
Jun 22 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17535]: Connection closed by 186.241.84.15 port 34756 [preauth]
Jun 22 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: Failed password for root from 186.241.84.15 port 34758 ssh2
Jun 22 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: Connection closed by 186.241.84.15 port 34758 [preauth]
Jun 22 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14813]: pam_unix(cron:session): session closed for user root
Jun 22 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17539]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: Failed password for root from 186.241.84.15 port 43544 ssh2
Jun 22 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: Connection closed by 186.241.84.15 port 43544 [preauth]
Jun 22 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: Failed password for root from 186.241.84.15 port 43552 ssh2
Jun 22 17:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: Connection closed by 186.241.84.15 port 43552 [preauth]
Jun 22 17:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: Failed password for root from 186.241.84.15 port 43562 ssh2
Jun 22 17:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: Connection closed by 186.241.84.15 port 43562 [preauth]
Jun 22 17:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: Failed password for root from 186.241.84.15 port 43568 ssh2
Jun 22 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: Connection closed by 186.241.84.15 port 43568 [preauth]
Jun 22 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: Failed password for root from 186.241.84.15 port 46544 ssh2
Jun 22 17:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: Connection closed by 186.241.84.15 port 46544 [preauth]
Jun 22 17:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=root
Jun 22 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Failed password for root from 186.241.84.15 port 46548 ssh2
Jun 22 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Connection closed by 186.241.84.15 port 46548 [preauth]
Jun 22 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: Invalid user user from 186.241.84.15
Jun 22 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: Failed password for invalid user user from 186.241.84.15 port 46558 ssh2
Jun 22 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: Connection closed by 186.241.84.15 port 46558 [preauth]
Jun 22 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Invalid user user from 186.241.84.15
Jun 22 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Failed password for invalid user user from 186.241.84.15 port 46562 ssh2
Jun 22 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Connection closed by 186.241.84.15 port 46562 [preauth]
Jun 22 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Invalid user user from 186.241.84.15
Jun 22 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: Failed password for root from 38.93.206.2 port 45036 ssh2
Jun 22 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: Connection closed by 38.93.206.2 port 45036 [preauth]
Jun 22 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Failed password for invalid user user from 186.241.84.15 port 46574 ssh2
Jun 22 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Connection closed by 186.241.84.15 port 46574 [preauth]
Jun 22 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Invalid user user from 186.241.84.15
Jun 22 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Failed password for invalid user user from 186.241.84.15 port 45520 ssh2
Jun 22 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Connection closed by 186.241.84.15 port 45520 [preauth]
Jun 22 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Invalid user user from 186.241.84.15
Jun 22 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Failed password for invalid user user from 186.241.84.15 port 45536 ssh2
Jun 22 17:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Connection closed by 186.241.84.15 port 45536 [preauth]
Jun 22 17:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Invalid user user from 186.241.84.15
Jun 22 17:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for invalid user user from 186.241.84.15 port 45548 ssh2
Jun 22 17:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Connection closed by 186.241.84.15 port 45548 [preauth]
Jun 22 17:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Invalid user user from 186.241.84.15
Jun 22 17:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16474]: pam_unix(cron:session): session closed for user root
Jun 22 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Failed password for invalid user user from 186.241.84.15 port 45564 ssh2
Jun 22 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Connection closed by 186.241.84.15 port 45564 [preauth]
Jun 22 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Invalid user user from 186.241.84.15
Jun 22 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Failed password for invalid user user from 186.241.84.15 port 32834 ssh2
Jun 22 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Connection closed by 186.241.84.15 port 32834 [preauth]
Jun 22 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Invalid user user from 186.241.84.15
Jun 22 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Failed password for invalid user user from 186.241.84.15 port 32846 ssh2
Jun 22 17:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Connection closed by 186.241.84.15 port 32846 [preauth]
Jun 22 17:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: Invalid user user from 186.241.84.15
Jun 22 17:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: Failed password for invalid user user from 186.241.84.15 port 32850 ssh2
Jun 22 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: Connection closed by 186.241.84.15 port 32850 [preauth]
Jun 22 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: Invalid user user from 186.241.84.15
Jun 22 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: Failed password for invalid user user from 186.241.84.15 port 32854 ssh2
Jun 22 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: Connection closed by 186.241.84.15 port 32854 [preauth]
Jun 22 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Invalid user user from 186.241.84.15
Jun 22 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Failed password for invalid user user from 186.241.84.15 port 32870 ssh2
Jun 22 17:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Connection closed by 186.241.84.15 port 32870 [preauth]
Jun 22 17:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Invalid user user from 186.241.84.15
Jun 22 17:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Failed password for invalid user user from 186.241.84.15 port 42960 ssh2
Jun 22 17:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Connection closed by 186.241.84.15 port 42960 [preauth]
Jun 22 17:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Invalid user user from 186.241.84.15
Jun 22 17:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Failed password for invalid user user from 186.241.84.15 port 42976 ssh2
Jun 22 17:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Connection closed by 186.241.84.15 port 42976 [preauth]
Jun 22 17:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Invalid user user from 186.241.84.15
Jun 22 17:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Failed password for invalid user user from 186.241.84.15 port 42988 ssh2
Jun 22 17:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Connection closed by 186.241.84.15 port 42988 [preauth]
Jun 22 17:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: Invalid user user from 186.241.84.15
Jun 22 17:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: Failed password for invalid user user from 186.241.84.15 port 42994 ssh2
Jun 22 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: Connection closed by 186.241.84.15 port 42994 [preauth]
Jun 22 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Invalid user user from 186.241.84.15
Jun 22 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Failed password for invalid user user from 186.241.84.15 port 40408 ssh2
Jun 22 17:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Connection closed by 186.241.84.15 port 40408 [preauth]
Jun 22 17:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: Invalid user user from 186.241.84.15
Jun 22 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: Invalid user oracle from 38.55.97.143
Jun 22 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: input_userauth_request: invalid user oracle [preauth]
Jun 22 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: Failed password for invalid user user from 186.241.84.15 port 40416 ssh2
Jun 22 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: Connection closed by 186.241.84.15 port 40416 [preauth]
Jun 22 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: Invalid user user from 186.241.84.15
Jun 22 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: Failed password for invalid user oracle from 38.55.97.143 port 35382 ssh2
Jun 22 17:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18089]: Connection closed by 38.55.97.143 port 35382 [preauth]
Jun 22 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: Failed password for invalid user user from 186.241.84.15 port 40428 ssh2
Jun 22 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: Connection closed by 186.241.84.15 port 40428 [preauth]
Jun 22 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Invalid user user from 186.241.84.15
Jun 22 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: input_userauth_request: invalid user user [preauth]
Jun 22 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Failed password for invalid user user from 186.241.84.15 port 40440 ssh2
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Connection closed by 186.241.84.15 port 40440 [preauth]
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18107]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Invalid user user from 186.241.84.15
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18182]: Successful su for rubyman by root
Jun 22 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18182]: + ??? root:rubyman
Jun 22 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572269 of user rubyman.
Jun 22 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18182]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572269.
Jun 22 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Failed password for invalid user user from 186.241.84.15 port 40442 ssh2
Jun 22 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Connection closed by 186.241.84.15 port 40442 [preauth]
Jun 22 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15247]: pam_unix(cron:session): session closed for user root
Jun 22 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: Invalid user user from 186.241.84.15
Jun 22 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18108]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: Failed password for invalid user user from 186.241.84.15 port 42280 ssh2
Jun 22 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: Connection closed by 186.241.84.15 port 42280 [preauth]
Jun 22 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: Invalid user user from 186.241.84.15
Jun 22 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: Failed password for invalid user user from 186.241.84.15 port 42282 ssh2
Jun 22 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: Connection closed by 186.241.84.15 port 42282 [preauth]
Jun 22 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Invalid user user from 186.241.84.15
Jun 22 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Failed password for invalid user user from 186.241.84.15 port 42298 ssh2
Jun 22 17:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Connection closed by 186.241.84.15 port 42298 [preauth]
Jun 22 17:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: Invalid user user from 186.241.84.15
Jun 22 17:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: Failed password for invalid user user from 186.241.84.15 port 42310 ssh2
Jun 22 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: Connection closed by 186.241.84.15 port 42310 [preauth]
Jun 22 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: Invalid user user from 186.241.84.15
Jun 22 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: Failed password for invalid user user from 186.241.84.15 port 48628 ssh2
Jun 22 17:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: Connection closed by 186.241.84.15 port 48628 [preauth]
Jun 22 17:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: Invalid user user from 186.241.84.15
Jun 22 17:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: Failed password for invalid user user from 186.241.84.15 port 48640 ssh2
Jun 22 17:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: Connection closed by 186.241.84.15 port 48640 [preauth]
Jun 22 17:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: Invalid user user from 186.241.84.15
Jun 22 17:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: Failed password for invalid user user from 186.241.84.15 port 48646 ssh2
Jun 22 17:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: Connection closed by 186.241.84.15 port 48646 [preauth]
Jun 22 17:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: Invalid user user from 186.241.84.15
Jun 22 17:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: Failed password for invalid user user from 186.241.84.15 port 48660 ssh2
Jun 22 17:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: Connection closed by 186.241.84.15 port 48660 [preauth]
Jun 22 17:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: Invalid user user from 186.241.84.15
Jun 22 17:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: Failed password for invalid user user from 186.241.84.15 port 53392 ssh2
Jun 22 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: Connection closed by 186.241.84.15 port 53392 [preauth]
Jun 22 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Invalid user user from 186.241.84.15
Jun 22 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Failed password for invalid user user from 186.241.84.15 port 53406 ssh2
Jun 22 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Connection closed by 186.241.84.15 port 53406 [preauth]
Jun 22 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: Invalid user user from 186.241.84.15
Jun 22 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: Failed password for invalid user user from 186.241.84.15 port 53420 ssh2
Jun 22 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: Connection closed by 186.241.84.15 port 53420 [preauth]
Jun 22 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: Invalid user user from 186.241.84.15
Jun 22 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: Failed password for invalid user user from 186.241.84.15 port 53436 ssh2
Jun 22 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18558]: Connection closed by 186.241.84.15 port 53436 [preauth]
Jun 22 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: Invalid user user from 186.241.84.15
Jun 22 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17041]: pam_unix(cron:session): session closed for user root
Jun 22 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: Failed password for invalid user user from 186.241.84.15 port 53450 ssh2
Jun 22 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: Connection closed by 186.241.84.15 port 53450 [preauth]
Jun 22 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: Invalid user user from 186.241.84.15
Jun 22 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: Failed password for invalid user user from 186.241.84.15 port 59268 ssh2
Jun 22 17:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: Connection closed by 186.241.84.15 port 59268 [preauth]
Jun 22 17:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: Invalid user user from 186.241.84.15
Jun 22 17:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: Failed password for invalid user user from 186.241.84.15 port 59272 ssh2
Jun 22 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Invalid user user from 186.241.84.15
Jun 22 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: Connection closed by 186.241.84.15 port 59272 [preauth]
Jun 22 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Failed password for invalid user user from 186.241.84.15 port 59276 ssh2
Jun 22 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Connection closed by 186.241.84.15 port 59276 [preauth]
Jun 22 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: Invalid user user from 186.241.84.15
Jun 22 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: Failed password for invalid user user from 186.241.84.15 port 59288 ssh2
Jun 22 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18607]: Connection closed by 186.241.84.15 port 59288 [preauth]
Jun 22 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Invalid user user from 186.241.84.15
Jun 22 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Failed password for invalid user user from 186.241.84.15 port 38734 ssh2
Jun 22 17:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Connection closed by 186.241.84.15 port 38734 [preauth]
Jun 22 17:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Invalid user user from 186.241.84.15
Jun 22 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Failed password for invalid user user from 186.241.84.15 port 38736 ssh2
Jun 22 17:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Connection closed by 186.241.84.15 port 38736 [preauth]
Jun 22 17:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: Invalid user user from 186.241.84.15
Jun 22 17:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: Failed password for invalid user user from 186.241.84.15 port 38740 ssh2
Jun 22 17:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: Connection closed by 186.241.84.15 port 38740 [preauth]
Jun 22 17:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: Invalid user user from 186.241.84.15
Jun 22 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: Failed password for invalid user user from 186.241.84.15 port 38756 ssh2
Jun 22 17:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: Connection closed by 186.241.84.15 port 38756 [preauth]
Jun 22 17:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: Invalid user user from 186.241.84.15
Jun 22 17:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: Failed password for invalid user user from 186.241.84.15 port 47342 ssh2
Jun 22 17:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: Connection closed by 186.241.84.15 port 47342 [preauth]
Jun 22 17:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: Invalid user user from 186.241.84.15
Jun 22 17:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: Invalid user oracle from 38.55.97.143
Jun 22 17:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: input_userauth_request: invalid user oracle [preauth]
Jun 22 17:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: Failed password for invalid user user from 186.241.84.15 port 47366 ssh2
Jun 22 17:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: Connection closed by 186.241.84.15 port 47366 [preauth]
Jun 22 17:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: Invalid user user from 186.241.84.15
Jun 22 17:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: input_userauth_request: invalid user user [preauth]
Jun 22 17:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: Failed password for invalid user oracle from 38.55.97.143 port 43614 ssh2
Jun 22 17:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: Connection closed by 38.55.97.143 port 43614 [preauth]
Jun 22 17:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64  user=root
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: Failed password for invalid user user from 186.241.84.15 port 47374 ssh2
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: Connection closed by 186.241.84.15 port 47374 [preauth]
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: Invalid user user from 186.241.84.15
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18748]: Successful su for rubyman by root
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18748]: + ??? root:rubyman
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572271 of user rubyman.
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18748]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572271.
Jun 22 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Failed password for root from 46.135.109.64 port 17635 ssh2
Jun 22 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Received disconnect from 46.135.109.64 port 17635:11: Bye Bye [preauth]
Jun 22 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Disconnected from 46.135.109.64 port 17635 [preauth]
Jun 22 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: Failed password for invalid user user from 186.241.84.15 port 47388 ssh2
Jun 22 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: Connection closed by 186.241.84.15 port 47388 [preauth]
Jun 22 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15646]: pam_unix(cron:session): session closed for user root
Jun 22 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: Invalid user user from 186.241.84.15
Jun 22 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: Failed password for invalid user user from 186.241.84.15 port 43572 ssh2
Jun 22 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: Connection closed by 186.241.84.15 port 43572 [preauth]
Jun 22 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: Invalid user user from 186.241.84.15
Jun 22 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: Failed password for invalid user user from 186.241.84.15 port 43574 ssh2
Jun 22 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: Connection closed by 186.241.84.15 port 43574 [preauth]
Jun 22 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Invalid user user from 186.241.84.15
Jun 22 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Failed password for invalid user user from 186.241.84.15 port 43586 ssh2
Jun 22 17:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Connection closed by 186.241.84.15 port 43586 [preauth]
Jun 22 17:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: Invalid user user from 186.241.84.15
Jun 22 17:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: Failed password for invalid user user from 186.241.84.15 port 43602 ssh2
Jun 22 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: Connection closed by 186.241.84.15 port 43602 [preauth]
Jun 22 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Invalid user user from 186.241.84.15
Jun 22 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Failed password for invalid user user from 186.241.84.15 port 40250 ssh2
Jun 22 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Connection closed by 186.241.84.15 port 40250 [preauth]
Jun 22 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Invalid user user from 186.241.84.15
Jun 22 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Failed password for invalid user user from 186.241.84.15 port 40264 ssh2
Jun 22 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Connection closed by 186.241.84.15 port 40264 [preauth]
Jun 22 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: Invalid user user from 186.241.84.15
Jun 22 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: Failed password for invalid user user from 186.241.84.15 port 40270 ssh2
Jun 22 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: Connection closed by 186.241.84.15 port 40270 [preauth]
Jun 22 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: Invalid user user from 186.241.84.15
Jun 22 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: Failed password for invalid user user from 186.241.84.15 port 40278 ssh2
Jun 22 17:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18994]: Connection closed by 186.241.84.15 port 40278 [preauth]
Jun 22 17:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Invalid user user from 186.241.84.15
Jun 22 17:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Failed password for invalid user user from 186.241.84.15 port 42062 ssh2
Jun 22 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Connection closed by 186.241.84.15 port 42062 [preauth]
Jun 22 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: Invalid user user from 186.241.84.15
Jun 22 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: Failed password for invalid user user from 186.241.84.15 port 42066 ssh2
Jun 22 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: Connection closed by 186.241.84.15 port 42066 [preauth]
Jun 22 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: Invalid user user from 186.241.84.15
Jun 22 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: Failed password for invalid user user from 186.241.84.15 port 42080 ssh2
Jun 22 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: Connection closed by 186.241.84.15 port 42080 [preauth]
Jun 22 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: Invalid user user from 186.241.84.15
Jun 22 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: Failed password for invalid user user from 186.241.84.15 port 42092 ssh2
Jun 22 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: Connection closed by 186.241.84.15 port 42092 [preauth]
Jun 22 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: Invalid user user from 186.241.84.15
Jun 22 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17541]: pam_unix(cron:session): session closed for user root
Jun 22 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: Failed password for invalid user user from 186.241.84.15 port 42104 ssh2
Jun 22 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: Connection closed by 186.241.84.15 port 42104 [preauth]
Jun 22 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: Invalid user user from 186.241.84.15
Jun 22 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: Failed password for invalid user user from 186.241.84.15 port 44464 ssh2
Jun 22 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: Connection closed by 186.241.84.15 port 44464 [preauth]
Jun 22 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: Invalid user user from 186.241.84.15
Jun 22 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: Failed password for invalid user user from 186.241.84.15 port 44476 ssh2
Jun 22 17:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: Connection closed by 186.241.84.15 port 44476 [preauth]
Jun 22 17:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: Invalid user user from 186.241.84.15
Jun 22 17:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: Failed password for invalid user user from 186.241.84.15 port 44488 ssh2
Jun 22 17:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: Connection closed by 186.241.84.15 port 44488 [preauth]
Jun 22 17:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: Invalid user user from 186.241.84.15
Jun 22 17:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: Failed password for invalid user user from 186.241.84.15 port 44498 ssh2
Jun 22 17:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: Connection closed by 186.241.84.15 port 44498 [preauth]
Jun 22 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Invalid user user from 186.241.84.15
Jun 22 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Failed password for invalid user user from 186.241.84.15 port 49928 ssh2
Jun 22 17:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Connection closed by 186.241.84.15 port 49928 [preauth]
Jun 22 17:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Invalid user user from 186.241.84.15
Jun 22 17:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Failed password for invalid user user from 186.241.84.15 port 49934 ssh2
Jun 22 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Connection closed by 186.241.84.15 port 49934 [preauth]
Jun 22 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: Invalid user user from 186.241.84.15
Jun 22 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: Failed password for invalid user user from 186.241.84.15 port 49946 ssh2
Jun 22 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: Connection closed by 186.241.84.15 port 49946 [preauth]
Jun 22 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Invalid user user from 186.241.84.15
Jun 22 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Failed password for invalid user user from 186.241.84.15 port 49950 ssh2
Jun 22 17:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Connection closed by 186.241.84.15 port 49950 [preauth]
Jun 22 17:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19224]: Invalid user user from 186.241.84.15
Jun 22 17:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19224]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19224]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19224]: Failed password for invalid user user from 186.241.84.15 port 49514 ssh2
Jun 22 17:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19224]: Connection closed by 186.241.84.15 port 49514 [preauth]
Jun 22 17:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: Invalid user user from 186.241.84.15
Jun 22 17:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: Failed password for invalid user user from 186.241.84.15 port 49530 ssh2
Jun 22 17:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: Connection closed by 186.241.84.15 port 49530 [preauth]
Jun 22 17:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Invalid user user from 186.241.84.15
Jun 22 17:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: input_userauth_request: invalid user user [preauth]
Jun 22 17:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Failed password for invalid user user from 186.241.84.15 port 49546 ssh2
Jun 22 17:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Connection closed by 186.241.84.15 port 49546 [preauth]
Jun 22 17:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: Invalid user user from 186.241.84.15
Jun 22 17:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19242]: Invalid user nginx from 38.55.97.143
Jun 22 17:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19242]: input_userauth_request: invalid user nginx [preauth]
Jun 22 17:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19242]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19247]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: Successful su for rubyman by root
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: + ??? root:rubyman
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572275 of user rubyman.
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572275.
Jun 22 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: Failed password for invalid user user from 186.241.84.15 port 49562 ssh2
Jun 22 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: Connection closed by 186.241.84.15 port 49562 [preauth]
Jun 22 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19242]: Failed password for invalid user nginx from 38.55.97.143 port 51222 ssh2
Jun 22 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Invalid user user from 186.241.84.15
Jun 22 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19242]: Connection closed by 38.55.97.143 port 51222 [preauth]
Jun 22 17:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16033]: pam_unix(cron:session): session closed for user root
Jun 22 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Failed password for invalid user user from 186.241.84.15 port 44926 ssh2
Jun 22 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Connection closed by 186.241.84.15 port 44926 [preauth]
Jun 22 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: Invalid user user from 186.241.84.15
Jun 22 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19248]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: Failed password for invalid user user from 186.241.84.15 port 44940 ssh2
Jun 22 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: Connection closed by 186.241.84.15 port 44940 [preauth]
Jun 22 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Invalid user user from 186.241.84.15
Jun 22 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Failed password for invalid user user from 186.241.84.15 port 44952 ssh2
Jun 22 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Connection closed by 186.241.84.15 port 44952 [preauth]
Jun 22 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: Invalid user user from 186.241.84.15
Jun 22 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Invalid user support from 193.46.255.86
Jun 22 17:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: input_userauth_request: invalid user support [preauth]
Jun 22 17:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 17:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: Failed password for invalid user user from 186.241.84.15 port 44962 ssh2
Jun 22 17:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: Connection closed by 186.241.84.15 port 44962 [preauth]
Jun 22 17:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: Invalid user user from 186.241.84.15
Jun 22 17:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Failed password for invalid user support from 193.46.255.86 port 58132 ssh2
Jun 22 17:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: Failed password for invalid user user from 186.241.84.15 port 44974 ssh2
Jun 22 17:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19710]: Connection closed by 186.241.84.15 port 44974 [preauth]
Jun 22 17:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: Invalid user user from 186.241.84.15
Jun 22 17:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Failed password for invalid user support from 193.46.255.86 port 58132 ssh2
Jun 22 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: Failed password for invalid user user from 186.241.84.15 port 46240 ssh2
Jun 22 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: Connection closed by 186.241.84.15 port 46240 [preauth]
Jun 22 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: Invalid user user from 186.241.84.15
Jun 22 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Failed password for invalid user support from 193.46.255.86 port 58132 ssh2
Jun 22 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Connection closed by 193.46.255.86 port 58132 [preauth]
Jun 22 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: Failed password for invalid user user from 186.241.84.15 port 46254 ssh2
Jun 22 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: Connection closed by 186.241.84.15 port 46254 [preauth]
Jun 22 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: Invalid user user from 186.241.84.15
Jun 22 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: Failed password for invalid user user from 186.241.84.15 port 46258 ssh2
Jun 22 17:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: Connection closed by 186.241.84.15 port 46258 [preauth]
Jun 22 17:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: Invalid user user from 186.241.84.15
Jun 22 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: Failed password for invalid user user from 186.241.84.15 port 46266 ssh2
Jun 22 17:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: Connection closed by 186.241.84.15 port 46266 [preauth]
Jun 22 17:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Invalid user user from 186.241.84.15
Jun 22 17:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Failed password for invalid user user from 186.241.84.15 port 51148 ssh2
Jun 22 17:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Connection closed by 186.241.84.15 port 51148 [preauth]
Jun 22 17:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: Invalid user user from 186.241.84.15
Jun 22 17:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: input_userauth_request: invalid user user [preauth]
Jun 22 17:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: Failed password for invalid user user from 186.241.84.15 port 51154 ssh2
Jun 22 17:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: Connection closed by 186.241.84.15 port 51154 [preauth]
Jun 22 17:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 17:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: Failed password for invalid user ubuntu from 186.241.84.15 port 51170 ssh2
Jun 22 17:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: Connection closed by 186.241.84.15 port 51170 [preauth]
Jun 22 17:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19782]: Failed password for root from 103.82.20.28 port 37314 ssh2
Jun 22 17:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19782]: Connection closed by 103.82.20.28 port 37314 [preauth]
Jun 22 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Failed password for invalid user ubuntu from 186.241.84.15 port 51186 ssh2
Jun 22 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Connection closed by 186.241.84.15 port 51186 [preauth]
Jun 22 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18110]: pam_unix(cron:session): session closed for user root
Jun 22 17:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Failed password for invalid user ubuntu from 186.241.84.15 port 37064 ssh2
Jun 22 17:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Connection closed by 186.241.84.15 port 37064 [preauth]
Jun 22 17:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Failed password for invalid user ubuntu from 186.241.84.15 port 37072 ssh2
Jun 22 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Connection closed by 186.241.84.15 port 37072 [preauth]
Jun 22 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Failed password for invalid user ubuntu from 186.241.84.15 port 37078 ssh2
Jun 22 17:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Connection closed by 186.241.84.15 port 37078 [preauth]
Jun 22 17:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: Failed password for invalid user ubuntu from 186.241.84.15 port 37084 ssh2
Jun 22 17:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: Connection closed by 186.241.84.15 port 37084 [preauth]
Jun 22 17:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: Failed password for invalid user ubuntu from 186.241.84.15 port 55538 ssh2
Jun 22 17:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: Connection closed by 186.241.84.15 port 55538 [preauth]
Jun 22 17:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: Failed password for invalid user ubuntu from 186.241.84.15 port 55544 ssh2
Jun 22 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: Connection closed by 186.241.84.15 port 55544 [preauth]
Jun 22 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: Failed password for invalid user ubuntu from 186.241.84.15 port 55560 ssh2
Jun 22 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: Connection closed by 186.241.84.15 port 55560 [preauth]
Jun 22 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: Failed password for invalid user ubuntu from 186.241.84.15 port 55570 ssh2
Jun 22 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: Connection closed by 186.241.84.15 port 55570 [preauth]
Jun 22 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19899]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19899]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19899]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19899]: Failed password for invalid user ubuntu from 186.241.84.15 port 55576 ssh2
Jun 22 17:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19899]: Connection closed by 186.241.84.15 port 55576 [preauth]
Jun 22 17:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: Failed password for invalid user ubuntu from 186.241.84.15 port 33014 ssh2
Jun 22 17:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: Connection closed by 186.241.84.15 port 33014 [preauth]
Jun 22 17:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Failed password for invalid user ubuntu from 186.241.84.15 port 33016 ssh2
Jun 22 17:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Connection closed by 186.241.84.15 port 33016 [preauth]
Jun 22 17:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: Failed password for invalid user ubuntu from 186.241.84.15 port 33030 ssh2
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: Connection closed by 186.241.84.15 port 33030 [preauth]
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19930]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session closed for user root
Jun 22 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19928]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19997]: Successful su for rubyman by root
Jun 22 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Invalid user manager from 38.55.97.143
Jun 22 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: input_userauth_request: invalid user manager [preauth]
Jun 22 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19997]: + ??? root:rubyman
Jun 22 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572281 of user rubyman.
Jun 22 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19997]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572281.
Jun 22 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Failed password for invalid user ubuntu from 186.241.84.15 port 33040 ssh2
Jun 22 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Connection closed by 186.241.84.15 port 33040 [preauth]
Jun 22 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16473]: pam_unix(cron:session): session closed for user root
Jun 22 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19930]: pam_unix(cron:session): session closed for user root
Jun 22 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user manager from 38.55.97.143 port 60094 ssh2
Jun 22 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Connection closed by 38.55.97.143 port 60094 [preauth]
Jun 22 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: Failed password for invalid user ubuntu from 186.241.84.15 port 51524 ssh2
Jun 22 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: Connection closed by 186.241.84.15 port 51524 [preauth]
Jun 22 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19929]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: Failed password for invalid user ubuntu from 186.241.84.15 port 51534 ssh2
Jun 22 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: Connection closed by 186.241.84.15 port 51534 [preauth]
Jun 22 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Failed password for invalid user ubuntu from 186.241.84.15 port 51544 ssh2
Jun 22 17:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Connection closed by 186.241.84.15 port 51544 [preauth]
Jun 22 17:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: Failed password for invalid user ubuntu from 186.241.84.15 port 51556 ssh2
Jun 22 17:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: Connection closed by 186.241.84.15 port 51556 [preauth]
Jun 22 17:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: Failed password for invalid user ubuntu from 186.241.84.15 port 43700 ssh2
Jun 22 17:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: Connection closed by 186.241.84.15 port 43700 [preauth]
Jun 22 17:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Failed password for invalid user ubuntu from 186.241.84.15 port 43706 ssh2
Jun 22 17:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Connection closed by 186.241.84.15 port 43706 [preauth]
Jun 22 17:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: Failed password for invalid user ubuntu from 186.241.84.15 port 43720 ssh2
Jun 22 17:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: Connection closed by 186.241.84.15 port 43720 [preauth]
Jun 22 17:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: Failed password for invalid user ubuntu from 186.241.84.15 port 43732 ssh2
Jun 22 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: Connection closed by 186.241.84.15 port 43732 [preauth]
Jun 22 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Failed password for invalid user ubuntu from 186.241.84.15 port 43738 ssh2
Jun 22 17:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Connection closed by 186.241.84.15 port 43738 [preauth]
Jun 22 17:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: Failed password for invalid user ubuntu from 186.241.84.15 port 53338 ssh2
Jun 22 17:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: Connection closed by 186.241.84.15 port 53338 [preauth]
Jun 22 17:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20380]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20380]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20380]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20380]: Failed password for invalid user ubuntu from 186.241.84.15 port 53348 ssh2
Jun 22 17:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20380]: Connection closed by 186.241.84.15 port 53348 [preauth]
Jun 22 17:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: Failed password for invalid user ubuntu from 186.241.84.15 port 53354 ssh2
Jun 22 17:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: Connection closed by 186.241.84.15 port 53354 [preauth]
Jun 22 17:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18686]: pam_unix(cron:session): session closed for user root
Jun 22 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: Failed password for invalid user ubuntu from 186.241.84.15 port 53368 ssh2
Jun 22 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: Connection closed by 186.241.84.15 port 53368 [preauth]
Jun 22 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20411]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20411]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20411]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20411]: Failed password for invalid user ubuntu from 186.241.84.15 port 52968 ssh2
Jun 22 17:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20411]: Connection closed by 186.241.84.15 port 52968 [preauth]
Jun 22 17:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Failed password for invalid user ubuntu from 186.241.84.15 port 52984 ssh2
Jun 22 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Connection closed by 186.241.84.15 port 52984 [preauth]
Jun 22 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Failed password for invalid user ubuntu from 186.241.84.15 port 52990 ssh2
Jun 22 17:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Connection closed by 186.241.84.15 port 52990 [preauth]
Jun 22 17:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: Failed password for invalid user ubuntu from 186.241.84.15 port 52992 ssh2
Jun 22 17:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: Connection closed by 186.241.84.15 port 52992 [preauth]
Jun 22 17:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20461]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20461]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20461]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20461]: Failed password for invalid user ubuntu from 186.241.84.15 port 56196 ssh2
Jun 22 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20461]: Connection closed by 186.241.84.15 port 56196 [preauth]
Jun 22 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: Failed password for invalid user ubuntu from 186.241.84.15 port 56200 ssh2
Jun 22 17:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: Connection closed by 186.241.84.15 port 56200 [preauth]
Jun 22 17:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20478]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20478]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20478]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20478]: Failed password for invalid user ubuntu from 186.241.84.15 port 56216 ssh2
Jun 22 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20478]: Connection closed by 186.241.84.15 port 56216 [preauth]
Jun 22 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: Failed password for invalid user ubuntu from 186.241.84.15 port 56222 ssh2
Jun 22 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: Connection closed by 186.241.84.15 port 56222 [preauth]
Jun 22 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: Failed password for invalid user ubuntu from 186.241.84.15 port 54998 ssh2
Jun 22 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: Connection closed by 186.241.84.15 port 54998 [preauth]
Jun 22 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Failed password for invalid user ubuntu from 186.241.84.15 port 55008 ssh2
Jun 22 17:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Connection closed by 186.241.84.15 port 55008 [preauth]
Jun 22 17:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Failed password for invalid user ubuntu from 186.241.84.15 port 55018 ssh2
Jun 22 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Connection closed by 186.241.84.15 port 55018 [preauth]
Jun 22 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Invalid user jan from 38.55.97.143
Jun 22 17:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: input_userauth_request: invalid user jan [preauth]
Jun 22 17:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: Failed password for invalid user ubuntu from 186.241.84.15 port 55030 ssh2
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: Connection closed by 186.241.84.15 port 55030 [preauth]
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: Successful su for rubyman by root
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: + ??? root:rubyman
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572287 of user rubyman.
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572287.
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Failed password for invalid user jan from 38.55.97.143 port 35898 ssh2
Jun 22 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Connection closed by 38.55.97.143 port 35898 [preauth]
Jun 22 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Failed password for root from 103.77.242.62 port 45696 ssh2
Jun 22 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Connection closed by 103.77.242.62 port 45696 [preauth]
Jun 22 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: Failed password for invalid user ubuntu from 186.241.84.15 port 55046 ssh2
Jun 22 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: Connection closed by 186.241.84.15 port 55046 [preauth]
Jun 22 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17040]: pam_unix(cron:session): session closed for user root
Jun 22 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: Failed password for invalid user ubuntu from 186.241.84.15 port 44748 ssh2
Jun 22 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: Connection closed by 186.241.84.15 port 44748 [preauth]
Jun 22 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: Failed password for invalid user ubuntu from 186.241.84.15 port 44750 ssh2
Jun 22 17:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: Connection closed by 186.241.84.15 port 44750 [preauth]
Jun 22 17:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Failed password for invalid user ubuntu from 186.241.84.15 port 44766 ssh2
Jun 22 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Connection closed by 186.241.84.15 port 44766 [preauth]
Jun 22 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: Failed password for invalid user ubuntu from 186.241.84.15 port 44768 ssh2
Jun 22 17:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: Connection closed by 186.241.84.15 port 44768 [preauth]
Jun 22 17:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: Failed password for invalid user ubuntu from 186.241.84.15 port 44774 ssh2
Jun 22 17:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20889]: Connection closed by 186.241.84.15 port 44774 [preauth]
Jun 22 17:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: Failed password for invalid user ubuntu from 186.241.84.15 port 32940 ssh2
Jun 22 17:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: Connection closed by 186.241.84.15 port 32940 [preauth]
Jun 22 17:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Failed password for invalid user ubuntu from 186.241.84.15 port 32954 ssh2
Jun 22 17:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Connection closed by 186.241.84.15 port 32954 [preauth]
Jun 22 17:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: Failed password for invalid user ubuntu from 186.241.84.15 port 32970 ssh2
Jun 22 17:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: Connection closed by 186.241.84.15 port 32970 [preauth]
Jun 22 17:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 22 17:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: Invalid user ebi from 46.135.109.64
Jun 22 17:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: input_userauth_request: invalid user ebi [preauth]
Jun 22 17:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 17:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: Failed password for invalid user ubuntu from 186.241.84.15 port 32978 ssh2
Jun 22 17:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: Connection closed by 186.241.84.15 port 32978 [preauth]
Jun 22 17:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Failed password for root from 45.148.10.121 port 42450 ssh2
Jun 22 17:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: Failed password for invalid user ebi from 46.135.109.64 port 18352 ssh2
Jun 22 17:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Connection closed by 45.148.10.121 port 42450 [preauth]
Jun 22 17:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: Received disconnect from 46.135.109.64 port 18352:11: Bye Bye [preauth]
Jun 22 17:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: Disconnected from 46.135.109.64 port 18352 [preauth]
Jun 22 17:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: Failed password for invalid user ubuntu from 186.241.84.15 port 49312 ssh2
Jun 22 17:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: Connection closed by 186.241.84.15 port 49312 [preauth]
Jun 22 17:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for invalid user ubuntu from 186.241.84.15 port 49316 ssh2
Jun 22 17:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Connection closed by 186.241.84.15 port 49316 [preauth]
Jun 22 17:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Failed password for invalid user ubuntu from 186.241.84.15 port 49328 ssh2
Jun 22 17:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Connection closed by 186.241.84.15 port 49328 [preauth]
Jun 22 17:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: Failed password for invalid user ubuntu from 186.241.84.15 port 49332 ssh2
Jun 22 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20959]: Connection closed by 186.241.84.15 port 49332 [preauth]
Jun 22 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19251]: pam_unix(cron:session): session closed for user root
Jun 22 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Failed password for invalid user ubuntu from 186.241.84.15 port 49334 ssh2
Jun 22 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Connection closed by 186.241.84.15 port 49334 [preauth]
Jun 22 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: Failed password for invalid user ubuntu from 186.241.84.15 port 58714 ssh2
Jun 22 17:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: Connection closed by 186.241.84.15 port 58714 [preauth]
Jun 22 17:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Failed password for invalid user ubuntu from 186.241.84.15 port 58728 ssh2
Jun 22 17:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Connection closed by 186.241.84.15 port 58728 [preauth]
Jun 22 17:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21004]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21004]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21004]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21004]: Failed password for invalid user ubuntu from 186.241.84.15 port 58730 ssh2
Jun 22 17:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21004]: Connection closed by 186.241.84.15 port 58730 [preauth]
Jun 22 17:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Failed password for invalid user ubuntu from 186.241.84.15 port 58742 ssh2
Jun 22 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Connection closed by 186.241.84.15 port 58742 [preauth]
Jun 22 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21006]: Failed password for root from 193.24.211.107 port 53079 ssh2
Jun 22 17:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21006]: Received disconnect from 193.24.211.107 port 53079:11: Client disconnecting normally [preauth]
Jun 22 17:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21006]: Disconnected from 193.24.211.107 port 53079 [preauth]
Jun 22 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Failed password for invalid user ubuntu from 186.241.84.15 port 56288 ssh2
Jun 22 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Connection closed by 186.241.84.15 port 56288 [preauth]
Jun 22 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Failed password for invalid user ubuntu from 186.241.84.15 port 56294 ssh2
Jun 22 17:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Connection closed by 186.241.84.15 port 56294 [preauth]
Jun 22 17:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: Failed password for invalid user ubuntu from 186.241.84.15 port 56302 ssh2
Jun 22 17:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: Connection closed by 186.241.84.15 port 56302 [preauth]
Jun 22 17:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: Failed password for invalid user ubuntu from 186.241.84.15 port 56308 ssh2
Jun 22 17:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: Connection closed by 186.241.84.15 port 56308 [preauth]
Jun 22 17:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Failed password for invalid user ubuntu from 186.241.84.15 port 56322 ssh2
Jun 22 17:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Connection closed by 186.241.84.15 port 56322 [preauth]
Jun 22 17:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Failed password for invalid user ubuntu from 186.241.84.15 port 59424 ssh2
Jun 22 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Connection closed by 186.241.84.15 port 59424 [preauth]
Jun 22 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Failed password for invalid user ubuntu from 186.241.84.15 port 59440 ssh2
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: Invalid user hacluster from 38.55.97.143
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: input_userauth_request: invalid user hacluster [preauth]
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Connection closed by 186.241.84.15 port 59440 [preauth]
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: Failed password for invalid user hacluster from 38.55.97.143 port 40748 ssh2
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21149]: Successful su for rubyman by root
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21149]: + ??? root:rubyman
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572290 of user rubyman.
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21149]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572290.
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: Failed password for invalid user ubuntu from 186.241.84.15 port 59446 ssh2
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21080]: Connection closed by 186.241.84.15 port 59446 [preauth]
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: Connection closed by 38.55.97.143 port 40748 [preauth]
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Failed password for invalid user ubuntu from 186.241.84.15 port 59450 ssh2
Jun 22 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Connection closed by 186.241.84.15 port 59450 [preauth]
Jun 22 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17540]: pam_unix(cron:session): session closed for user root
Jun 22 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Failed password for invalid user ubuntu from 186.241.84.15 port 50580 ssh2
Jun 22 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Connection closed by 186.241.84.15 port 50580 [preauth]
Jun 22 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Failed password for invalid user ubuntu from 186.241.84.15 port 50590 ssh2
Jun 22 17:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Connection closed by 186.241.84.15 port 50590 [preauth]
Jun 22 17:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: Failed password for invalid user ubuntu from 186.241.84.15 port 50592 ssh2
Jun 22 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: Connection closed by 186.241.84.15 port 50592 [preauth]
Jun 22 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21358]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21358]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21358]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21358]: Failed password for invalid user ubuntu from 186.241.84.15 port 50598 ssh2
Jun 22 17:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21358]: Connection closed by 186.241.84.15 port 50598 [preauth]
Jun 22 17:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: Failed password for invalid user ubuntu from 186.241.84.15 port 50608 ssh2
Jun 22 17:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: Connection closed by 186.241.84.15 port 50608 [preauth]
Jun 22 17:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: Failed password for invalid user ubuntu from 186.241.84.15 port 48304 ssh2
Jun 22 17:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: Connection closed by 186.241.84.15 port 48304 [preauth]
Jun 22 17:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Failed password for invalid user ubuntu from 186.241.84.15 port 48310 ssh2
Jun 22 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Connection closed by 186.241.84.15 port 48310 [preauth]
Jun 22 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: Failed password for invalid user ubuntu from 186.241.84.15 port 48312 ssh2
Jun 22 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: Connection closed by 186.241.84.15 port 48312 [preauth]
Jun 22 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: Failed password for invalid user ubuntu from 186.241.84.15 port 48328 ssh2
Jun 22 17:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: Connection closed by 186.241.84.15 port 48328 [preauth]
Jun 22 17:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: Failed password for invalid user ubuntu from 186.241.84.15 port 48710 ssh2
Jun 22 17:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: Connection closed by 186.241.84.15 port 48710 [preauth]
Jun 22 17:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21416]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21416]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21416]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21416]: Failed password for invalid user ubuntu from 186.241.84.15 port 48712 ssh2
Jun 22 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21416]: Connection closed by 186.241.84.15 port 48712 [preauth]
Jun 22 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: Failed password for invalid user ubuntu from 186.241.84.15 port 48728 ssh2
Jun 22 17:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: Connection closed by 186.241.84.15 port 48728 [preauth]
Jun 22 17:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21429]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21429]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21429]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21429]: Failed password for invalid user ubuntu from 186.241.84.15 port 48742 ssh2
Jun 22 17:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21429]: Connection closed by 186.241.84.15 port 48742 [preauth]
Jun 22 17:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: Invalid user ubuntu from 186.241.84.15
Jun 22 17:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 17:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: Failed password for invalid user ubuntu from 186.241.84.15 port 48746 ssh2
Jun 22 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: Connection closed by 186.241.84.15 port 48746 [preauth]
Jun 22 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: Invalid user debian from 186.241.84.15
Jun 22 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19932]: pam_unix(cron:session): session closed for user root
Jun 22 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: Failed password for invalid user debian from 186.241.84.15 port 36136 ssh2
Jun 22 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: Connection closed by 186.241.84.15 port 36136 [preauth]
Jun 22 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: Invalid user debian from 186.241.84.15
Jun 22 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: Received disconnect from 206.212.244.18 port 60454:11: disconnected by user [preauth]
Jun 22 17:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: Disconnected from 206.212.244.18 port 60454 [preauth]
Jun 22 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: Failed password for invalid user debian from 186.241.84.15 port 36152 ssh2
Jun 22 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: Connection closed by 186.241.84.15 port 36152 [preauth]
Jun 22 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Invalid user debian from 186.241.84.15
Jun 22 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Failed password for invalid user debian from 186.241.84.15 port 36174 ssh2
Jun 22 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Connection closed by 186.241.84.15 port 36174 [preauth]
Jun 22 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Invalid user debian from 186.241.84.15
Jun 22 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Failed password for invalid user debian from 186.241.84.15 port 36178 ssh2
Jun 22 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Connection closed by 186.241.84.15 port 36178 [preauth]
Jun 22 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: Invalid user debian from 186.241.84.15
Jun 22 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: Failed password for invalid user debian from 186.241.84.15 port 36190 ssh2
Jun 22 17:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: Connection closed by 186.241.84.15 port 36190 [preauth]
Jun 22 17:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Invalid user debian from 186.241.84.15
Jun 22 17:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Failed password for invalid user debian from 186.241.84.15 port 36192 ssh2
Jun 22 17:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Connection closed by 186.241.84.15 port 36192 [preauth]
Jun 22 17:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: Invalid user debian from 186.241.84.15
Jun 22 17:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: Failed password for invalid user debian from 186.241.84.15 port 47286 ssh2
Jun 22 17:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: Connection closed by 186.241.84.15 port 47286 [preauth]
Jun 22 17:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: Invalid user debian from 186.241.84.15
Jun 22 17:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: Failed password for invalid user debian from 186.241.84.15 port 47292 ssh2
Jun 22 17:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: Connection closed by 186.241.84.15 port 47292 [preauth]
Jun 22 17:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: Invalid user debian from 186.241.84.15
Jun 22 17:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: Failed password for invalid user debian from 186.241.84.15 port 47298 ssh2
Jun 22 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: Connection closed by 186.241.84.15 port 47298 [preauth]
Jun 22 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: Invalid user debian from 186.241.84.15
Jun 22 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: Failed password for invalid user debian from 186.241.84.15 port 47310 ssh2
Jun 22 17:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: Connection closed by 186.241.84.15 port 47310 [preauth]
Jun 22 17:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Invalid user debian from 186.241.84.15
Jun 22 17:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Failed password for invalid user debian from 186.241.84.15 port 39820 ssh2
Jun 22 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Connection closed by 186.241.84.15 port 39820 [preauth]
Jun 22 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Invalid user debian from 186.241.84.15
Jun 22 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Invalid user git from 38.55.97.143
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: input_userauth_request: invalid user git [preauth]
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Failed password for invalid user debian from 186.241.84.15 port 39824 ssh2
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Connection closed by 186.241.84.15 port 39824 [preauth]
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Invalid user debian from 186.241.84.15
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Failed password for invalid user git from 38.55.97.143 port 42928 ssh2
Jun 22 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Connection closed by 38.55.97.143 port 42928 [preauth]
Jun 22 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Failed password for invalid user debian from 186.241.84.15 port 39840 ssh2
Jun 22 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Connection closed by 186.241.84.15 port 39840 [preauth]
Jun 22 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21570]: Invalid user debian from 186.241.84.15
Jun 22 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21570]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21570]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21570]: Failed password for invalid user debian from 186.241.84.15 port 39854 ssh2
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21570]: Connection closed by 186.241.84.15 port 39854 [preauth]
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: Invalid user debian from 186.241.84.15
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21576]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21643]: Successful su for rubyman by root
Jun 22 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21643]: + ??? root:rubyman
Jun 22 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572295 of user rubyman.
Jun 22 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21643]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572295.
Jun 22 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: Failed password for invalid user debian from 186.241.84.15 port 39856 ssh2
Jun 22 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: Connection closed by 186.241.84.15 port 39856 [preauth]
Jun 22 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: Invalid user debian from 186.241.84.15
Jun 22 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18109]: pam_unix(cron:session): session closed for user root
Jun 22 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: Failed password for invalid user debian from 186.241.84.15 port 50240 ssh2
Jun 22 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21734]: Connection closed by 186.241.84.15 port 50240 [preauth]
Jun 22 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: Invalid user debian from 186.241.84.15
Jun 22 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21577]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: Failed password for invalid user debian from 186.241.84.15 port 50252 ssh2
Jun 22 17:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: Connection closed by 186.241.84.15 port 50252 [preauth]
Jun 22 17:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Invalid user debian from 186.241.84.15
Jun 22 17:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Failed password for invalid user debian from 186.241.84.15 port 50264 ssh2
Jun 22 17:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Connection closed by 186.241.84.15 port 50264 [preauth]
Jun 22 17:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: Invalid user debian from 186.241.84.15
Jun 22 17:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: Failed password for invalid user debian from 186.241.84.15 port 50280 ssh2
Jun 22 17:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: Connection closed by 186.241.84.15 port 50280 [preauth]
Jun 22 17:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: Invalid user debian from 186.241.84.15
Jun 22 17:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: Failed password for invalid user debian from 186.241.84.15 port 50286 ssh2
Jun 22 17:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: Connection closed by 186.241.84.15 port 50286 [preauth]
Jun 22 17:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: Invalid user debian from 186.241.84.15
Jun 22 17:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: Failed password for invalid user debian from 186.241.84.15 port 57306 ssh2
Jun 22 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: Connection closed by 186.241.84.15 port 57306 [preauth]
Jun 22 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21886]: Invalid user debian from 186.241.84.15
Jun 22 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21886]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21886]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21886]: Failed password for invalid user debian from 186.241.84.15 port 57318 ssh2
Jun 22 17:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21886]: Connection closed by 186.241.84.15 port 57318 [preauth]
Jun 22 17:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21888]: Invalid user debian from 186.241.84.15
Jun 22 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21888]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21888]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21888]: Failed password for invalid user debian from 186.241.84.15 port 57328 ssh2
Jun 22 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21888]: Connection closed by 186.241.84.15 port 57328 [preauth]
Jun 22 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Invalid user debian from 186.241.84.15
Jun 22 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Failed password for invalid user debian from 186.241.84.15 port 57332 ssh2
Jun 22 17:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Connection closed by 186.241.84.15 port 57332 [preauth]
Jun 22 17:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Invalid user debian from 186.241.84.15
Jun 22 17:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Failed password for invalid user debian from 186.241.84.15 port 57338 ssh2
Jun 22 17:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Connection closed by 186.241.84.15 port 57338 [preauth]
Jun 22 17:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Invalid user debian from 186.241.84.15
Jun 22 17:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Failed password for invalid user debian from 186.241.84.15 port 53868 ssh2
Jun 22 17:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Connection closed by 186.241.84.15 port 53868 [preauth]
Jun 22 17:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21928]: Invalid user debian from 186.241.84.15
Jun 22 17:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21928]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21928]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21928]: Failed password for invalid user debian from 186.241.84.15 port 53878 ssh2
Jun 22 17:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21928]: Connection closed by 186.241.84.15 port 53878 [preauth]
Jun 22 17:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Invalid user debian from 186.241.84.15
Jun 22 17:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Failed password for invalid user debian from 186.241.84.15 port 53884 ssh2
Jun 22 17:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Connection closed by 186.241.84.15 port 53884 [preauth]
Jun 22 17:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: Invalid user debian from 186.241.84.15
Jun 22 17:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session closed for user root
Jun 22 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: Failed password for invalid user debian from 186.241.84.15 port 53888 ssh2
Jun 22 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: Connection closed by 186.241.84.15 port 53888 [preauth]
Jun 22 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: Invalid user debian from 186.241.84.15
Jun 22 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: Failed password for invalid user debian from 186.241.84.15 port 52234 ssh2
Jun 22 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: Connection closed by 186.241.84.15 port 52234 [preauth]
Jun 22 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: Invalid user debian from 186.241.84.15
Jun 22 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: Failed password for invalid user debian from 186.241.84.15 port 52248 ssh2
Jun 22 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: Connection closed by 186.241.84.15 port 52248 [preauth]
Jun 22 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: Invalid user debian from 186.241.84.15
Jun 22 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: Failed password for invalid user debian from 186.241.84.15 port 52254 ssh2
Jun 22 17:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: Connection closed by 186.241.84.15 port 52254 [preauth]
Jun 22 17:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: Invalid user debian from 186.241.84.15
Jun 22 17:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: Failed password for invalid user debian from 186.241.84.15 port 52256 ssh2
Jun 22 17:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: Connection closed by 186.241.84.15 port 52256 [preauth]
Jun 22 17:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Invalid user debian from 186.241.84.15
Jun 22 17:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Failed password for invalid user debian from 186.241.84.15 port 52264 ssh2
Jun 22 17:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Connection closed by 186.241.84.15 port 52264 [preauth]
Jun 22 17:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22002]: Invalid user debian from 186.241.84.15
Jun 22 17:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22002]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22002]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22002]: Failed password for invalid user debian from 186.241.84.15 port 40016 ssh2
Jun 22 17:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22002]: Connection closed by 186.241.84.15 port 40016 [preauth]
Jun 22 17:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Invalid user debian from 186.241.84.15
Jun 22 17:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Failed password for invalid user debian from 186.241.84.15 port 40018 ssh2
Jun 22 17:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Connection closed by 186.241.84.15 port 40018 [preauth]
Jun 22 17:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: Invalid user debian from 186.241.84.15
Jun 22 17:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: Failed password for invalid user debian from 186.241.84.15 port 40030 ssh2
Jun 22 17:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: Connection closed by 186.241.84.15 port 40030 [preauth]
Jun 22 17:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22024]: Invalid user debian from 186.241.84.15
Jun 22 17:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22024]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22024]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: Invalid user frappe from 38.55.97.143
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: input_userauth_request: invalid user frappe [preauth]
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22024]: Failed password for invalid user debian from 186.241.84.15 port 40038 ssh2
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22024]: Connection closed by 186.241.84.15 port 40038 [preauth]
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: Invalid user debian from 186.241.84.15
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: Failed password for invalid user frappe from 38.55.97.143 port 47252 ssh2
Jun 22 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: Connection closed by 38.55.97.143 port 47252 [preauth]
Jun 22 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: Failed password for invalid user debian from 186.241.84.15 port 34294 ssh2
Jun 22 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: Connection closed by 186.241.84.15 port 34294 [preauth]
Jun 22 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: Invalid user debian from 186.241.84.15
Jun 22 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: Failed password for invalid user debian from 186.241.84.15 port 34306 ssh2
Jun 22 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: Connection closed by 186.241.84.15 port 34306 [preauth]
Jun 22 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: Invalid user debian from 186.241.84.15
Jun 22 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: Failed password for invalid user debian from 186.241.84.15 port 34320 ssh2
Jun 22 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: Connection closed by 186.241.84.15 port 34320 [preauth]
Jun 22 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Invalid user debian from 186.241.84.15
Jun 22 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22052]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Failed password for invalid user debian from 186.241.84.15 port 34322 ssh2
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Connection closed by 186.241.84.15 port 34322 [preauth]
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22120]: Successful su for rubyman by root
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22120]: + ??? root:rubyman
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572298 of user rubyman.
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22120]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572298.
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: Invalid user debian from 186.241.84.15
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: Failed password for invalid user debian from 186.241.84.15 port 34326 ssh2
Jun 22 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18685]: pam_unix(cron:session): session closed for user root
Jun 22 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: Connection closed by 186.241.84.15 port 34326 [preauth]
Jun 22 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Invalid user debian from 186.241.84.15
Jun 22 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22053]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Failed password for invalid user debian from 186.241.84.15 port 58564 ssh2
Jun 22 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Connection closed by 186.241.84.15 port 58564 [preauth]
Jun 22 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Invalid user debian from 186.241.84.15
Jun 22 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Failed password for invalid user debian from 186.241.84.15 port 58580 ssh2
Jun 22 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Connection closed by 186.241.84.15 port 58580 [preauth]
Jun 22 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Invalid user debian from 186.241.84.15
Jun 22 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Failed password for invalid user debian from 186.241.84.15 port 58592 ssh2
Jun 22 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Connection closed by 186.241.84.15 port 58592 [preauth]
Jun 22 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Invalid user debian from 186.241.84.15
Jun 22 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 17:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22408]: Failed password for root from 103.176.20.57 port 56024 ssh2
Jun 22 17:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Failed password for invalid user debian from 186.241.84.15 port 58606 ssh2
Jun 22 17:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22408]: Connection closed by 103.176.20.57 port 56024 [preauth]
Jun 22 17:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Connection closed by 186.241.84.15 port 58606 [preauth]
Jun 22 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: Invalid user debian from 186.241.84.15
Jun 22 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: Failed password for root from 51.250.105.222 port 56654 ssh2
Jun 22 17:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: Connection closed by 51.250.105.222 port 56654 [preauth]
Jun 22 17:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: Failed password for invalid user debian from 186.241.84.15 port 60270 ssh2
Jun 22 17:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: Connection closed by 186.241.84.15 port 60270 [preauth]
Jun 22 17:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Invalid user debian from 186.241.84.15
Jun 22 17:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Failed password for invalid user debian from 186.241.84.15 port 60284 ssh2
Jun 22 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Connection closed by 186.241.84.15 port 60284 [preauth]
Jun 22 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Invalid user debian from 186.241.84.15
Jun 22 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Failed password for invalid user debian from 186.241.84.15 port 60286 ssh2
Jun 22 17:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Connection closed by 186.241.84.15 port 60286 [preauth]
Jun 22 17:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Invalid user debian from 186.241.84.15
Jun 22 17:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Failed password for invalid user debian from 186.241.84.15 port 60294 ssh2
Jun 22 17:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Connection closed by 186.241.84.15 port 60294 [preauth]
Jun 22 17:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: Invalid user debian from 186.241.84.15
Jun 22 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: Failed password for invalid user debian from 186.241.84.15 port 46472 ssh2
Jun 22 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: Connection closed by 186.241.84.15 port 46472 [preauth]
Jun 22 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Invalid user debian from 186.241.84.15
Jun 22 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Failed password for invalid user debian from 186.241.84.15 port 46482 ssh2
Jun 22 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Connection closed by 186.241.84.15 port 46482 [preauth]
Jun 22 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Invalid user debian from 186.241.84.15
Jun 22 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Failed password for invalid user debian from 186.241.84.15 port 46486 ssh2
Jun 22 17:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22483]: Connection closed by 186.241.84.15 port 46486 [preauth]
Jun 22 17:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: Invalid user debian from 186.241.84.15
Jun 22 17:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: Failed password for invalid user debian from 186.241.84.15 port 46496 ssh2
Jun 22 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: Connection closed by 186.241.84.15 port 46496 [preauth]
Jun 22 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: Invalid user debian from 186.241.84.15
Jun 22 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session closed for user root
Jun 22 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: Failed password for invalid user debian from 186.241.84.15 port 46502 ssh2
Jun 22 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: Connection closed by 186.241.84.15 port 46502 [preauth]
Jun 22 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Invalid user debian from 186.241.84.15
Jun 22 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Failed password for invalid user debian from 186.241.84.15 port 43548 ssh2
Jun 22 17:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Connection closed by 186.241.84.15 port 43548 [preauth]
Jun 22 17:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: Invalid user debian from 186.241.84.15
Jun 22 17:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: Failed password for invalid user debian from 186.241.84.15 port 43556 ssh2
Jun 22 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: Connection closed by 186.241.84.15 port 43556 [preauth]
Jun 22 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: Invalid user debian from 186.241.84.15
Jun 22 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: Failed password for invalid user debian from 186.241.84.15 port 43558 ssh2
Jun 22 17:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: Connection closed by 186.241.84.15 port 43558 [preauth]
Jun 22 17:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: Invalid user debian from 186.241.84.15
Jun 22 17:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: Invalid user test from 46.135.109.64
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: input_userauth_request: invalid user test [preauth]
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: Failed password for invalid user debian from 186.241.84.15 port 43568 ssh2
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: Connection closed by 186.241.84.15 port 43568 [preauth]
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: Invalid user debian from 186.241.84.15
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: Failed password for invalid user test from 46.135.109.64 port 17623 ssh2
Jun 22 17:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: Received disconnect from 46.135.109.64 port 17623:11: Bye Bye [preauth]
Jun 22 17:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: Disconnected from 46.135.109.64 port 17623 [preauth]
Jun 22 17:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: Failed password for invalid user debian from 186.241.84.15 port 45590 ssh2
Jun 22 17:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: Connection closed by 186.241.84.15 port 45590 [preauth]
Jun 22 17:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Invalid user debian from 186.241.84.15
Jun 22 17:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Failed password for invalid user debian from 186.241.84.15 port 45604 ssh2
Jun 22 17:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Connection closed by 186.241.84.15 port 45604 [preauth]
Jun 22 17:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: Invalid user debian from 186.241.84.15
Jun 22 17:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: Failed password for invalid user debian from 186.241.84.15 port 45616 ssh2
Jun 22 17:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: Connection closed by 186.241.84.15 port 45616 [preauth]
Jun 22 17:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: Invalid user debian from 186.241.84.15
Jun 22 17:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: Failed password for invalid user debian from 186.241.84.15 port 45622 ssh2
Jun 22 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: Connection closed by 186.241.84.15 port 45622 [preauth]
Jun 22 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: Invalid user debian from 186.241.84.15
Jun 22 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Invalid user es from 38.55.97.143
Jun 22 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: input_userauth_request: invalid user es [preauth]
Jun 22 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: Failed password for invalid user debian from 186.241.84.15 port 49278 ssh2
Jun 22 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: Connection closed by 186.241.84.15 port 49278 [preauth]
Jun 22 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22592]: Invalid user debian from 186.241.84.15
Jun 22 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22592]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22592]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Failed password for invalid user es from 38.55.97.143 port 51708 ssh2
Jun 22 17:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Connection closed by 38.55.97.143 port 51708 [preauth]
Jun 22 17:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22592]: Failed password for invalid user debian from 186.241.84.15 port 49290 ssh2
Jun 22 17:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22592]: Connection closed by 186.241.84.15 port 49290 [preauth]
Jun 22 17:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Invalid user debian from 186.241.84.15
Jun 22 17:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Failed password for invalid user debian from 186.241.84.15 port 49302 ssh2
Jun 22 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Connection closed by 186.241.84.15 port 49302 [preauth]
Jun 22 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: Invalid user debian from 186.241.84.15
Jun 22 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session closed for user root
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22609]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22676]: Successful su for rubyman by root
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22676]: + ??? root:rubyman
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572303 of user rubyman.
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22676]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572303.
Jun 22 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: Failed password for invalid user debian from 186.241.84.15 port 49310 ssh2
Jun 22 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: Connection closed by 186.241.84.15 port 49310 [preauth]
Jun 22 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22776]: Invalid user debian from 186.241.84.15
Jun 22 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22776]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22776]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22611]: pam_unix(cron:session): session closed for user root
Jun 22 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19250]: pam_unix(cron:session): session closed for user root
Jun 22 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22776]: Failed password for invalid user debian from 186.241.84.15 port 44060 ssh2
Jun 22 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22776]: Connection closed by 186.241.84.15 port 44060 [preauth]
Jun 22 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Invalid user debian from 186.241.84.15
Jun 22 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22610]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Failed password for invalid user debian from 186.241.84.15 port 44074 ssh2
Jun 22 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Connection closed by 186.241.84.15 port 44074 [preauth]
Jun 22 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: Invalid user debian from 186.241.84.15
Jun 22 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: Failed password for invalid user debian from 186.241.84.15 port 44076 ssh2
Jun 22 17:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: Connection closed by 186.241.84.15 port 44076 [preauth]
Jun 22 17:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Invalid user debian from 186.241.84.15
Jun 22 17:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Failed password for invalid user debian from 186.241.84.15 port 44086 ssh2
Jun 22 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Connection closed by 186.241.84.15 port 44086 [preauth]
Jun 22 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22912]: Invalid user debian from 186.241.84.15
Jun 22 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22912]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22912]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22912]: Failed password for invalid user debian from 186.241.84.15 port 44094 ssh2
Jun 22 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22912]: Connection closed by 186.241.84.15 port 44094 [preauth]
Jun 22 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Invalid user debian from 186.241.84.15
Jun 22 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Failed password for invalid user debian from 186.241.84.15 port 39438 ssh2
Jun 22 17:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Connection closed by 186.241.84.15 port 39438 [preauth]
Jun 22 17:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: Invalid user debian from 186.241.84.15
Jun 22 17:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: Failed password for invalid user debian from 186.241.84.15 port 39440 ssh2
Jun 22 17:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: Connection closed by 186.241.84.15 port 39440 [preauth]
Jun 22 17:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Invalid user debian from 186.241.84.15
Jun 22 17:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Failed password for invalid user debian from 186.241.84.15 port 39444 ssh2
Jun 22 17:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Connection closed by 186.241.84.15 port 39444 [preauth]
Jun 22 17:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Invalid user debian from 186.241.84.15
Jun 22 17:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Failed password for invalid user debian from 186.241.84.15 port 60076 ssh2
Jun 22 17:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Connection closed by 186.241.84.15 port 60076 [preauth]
Jun 22 17:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: Invalid user debian from 186.241.84.15
Jun 22 17:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: Failed password for invalid user debian from 186.241.84.15 port 60078 ssh2
Jun 22 17:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: Connection closed by 186.241.84.15 port 60078 [preauth]
Jun 22 17:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Invalid user debian from 186.241.84.15
Jun 22 17:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Failed password for invalid user debian from 186.241.84.15 port 60094 ssh2
Jun 22 17:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Connection closed by 186.241.84.15 port 60094 [preauth]
Jun 22 17:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: Invalid user debian from 186.241.84.15
Jun 22 17:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: Failed password for invalid user debian from 186.241.84.15 port 60110 ssh2
Jun 22 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: Connection closed by 186.241.84.15 port 60110 [preauth]
Jun 22 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22990]: Invalid user debian from 186.241.84.15
Jun 22 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22990]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22990]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21580]: pam_unix(cron:session): session closed for user root
Jun 22 17:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22990]: Failed password for invalid user debian from 186.241.84.15 port 60120 ssh2
Jun 22 17:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22990]: Connection closed by 186.241.84.15 port 60120 [preauth]
Jun 22 17:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: Invalid user debian from 186.241.84.15
Jun 22 17:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: input_userauth_request: invalid user debian [preauth]
Jun 22 17:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 17:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: Failed password for invalid user debian from 186.241.84.15 port 56006 ssh2
Jun 22 17:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: Connection closed by 186.241.84.15 port 56006 [preauth]
Jun 22 17:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Invalid user admin from 186.241.84.15
Jun 22 17:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: Failed password for root from 103.15.222.183 port 43122 ssh2
Jun 22 17:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: Connection closed by 103.15.222.183 port 43122 [preauth]
Jun 22 17:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Failed password for invalid user admin from 186.241.84.15 port 56012 ssh2
Jun 22 17:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Connection closed by 186.241.84.15 port 56012 [preauth]
Jun 22 17:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: Invalid user admin from 186.241.84.15
Jun 22 17:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: Failed password for invalid user admin from 186.241.84.15 port 56020 ssh2
Jun 22 17:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: Connection closed by 186.241.84.15 port 56020 [preauth]
Jun 22 17:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23036]: Invalid user admin from 186.241.84.15
Jun 22 17:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23036]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23036]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23036]: Failed password for invalid user admin from 186.241.84.15 port 56022 ssh2
Jun 22 17:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23036]: Connection closed by 186.241.84.15 port 56022 [preauth]
Jun 22 17:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Invalid user admin from 186.241.84.15
Jun 22 17:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Failed password for invalid user admin from 186.241.84.15 port 48948 ssh2
Jun 22 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Connection closed by 186.241.84.15 port 48948 [preauth]
Jun 22 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: Invalid user admin from 186.241.84.15
Jun 22 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: Failed password for invalid user admin from 186.241.84.15 port 48960 ssh2
Jun 22 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: Connection closed by 186.241.84.15 port 48960 [preauth]
Jun 22 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: Invalid user admin from 186.241.84.15
Jun 22 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: Failed password for invalid user admin from 186.241.84.15 port 48968 ssh2
Jun 22 17:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: Connection closed by 186.241.84.15 port 48968 [preauth]
Jun 22 17:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Invalid user admin from 186.241.84.15
Jun 22 17:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Failed password for invalid user admin from 186.241.84.15 port 48974 ssh2
Jun 22 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Connection closed by 186.241.84.15 port 48974 [preauth]
Jun 22 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23077]: Invalid user admin from 186.241.84.15
Jun 22 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23077]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23077]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23077]: Failed password for invalid user admin from 186.241.84.15 port 47860 ssh2
Jun 22 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23077]: Connection closed by 186.241.84.15 port 47860 [preauth]
Jun 22 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23080]: Invalid user admin from 186.241.84.15
Jun 22 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23080]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23080]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: Invalid user cloud from 38.55.97.143
Jun 22 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: input_userauth_request: invalid user cloud [preauth]
Jun 22 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23080]: Failed password for invalid user admin from 186.241.84.15 port 47866 ssh2
Jun 22 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23080]: Connection closed by 186.241.84.15 port 47866 [preauth]
Jun 22 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: Failed password for invalid user cloud from 38.55.97.143 port 54936 ssh2
Jun 22 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23092]: Invalid user admin from 186.241.84.15
Jun 22 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23092]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23092]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: Connection closed by 38.55.97.143 port 54936 [preauth]
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23092]: Failed password for invalid user admin from 186.241.84.15 port 47880 ssh2
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23092]: Connection closed by 186.241.84.15 port 47880 [preauth]
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: Invalid user admin from 186.241.84.15
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23097]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23163]: Successful su for rubyman by root
Jun 22 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23163]: + ??? root:rubyman
Jun 22 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572307 of user rubyman.
Jun 22 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23163]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572307.
Jun 22 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: Failed password for invalid user admin from 186.241.84.15 port 47882 ssh2
Jun 22 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: Connection closed by 186.241.84.15 port 47882 [preauth]
Jun 22 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: Invalid user admin from 186.241.84.15
Jun 22 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19931]: pam_unix(cron:session): session closed for user root
Jun 22 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: Failed password for invalid user admin from 186.241.84.15 port 48844 ssh2
Jun 22 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: Connection closed by 186.241.84.15 port 48844 [preauth]
Jun 22 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: Invalid user admin from 186.241.84.15
Jun 22 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23098]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: Failed password for invalid user admin from 186.241.84.15 port 48854 ssh2
Jun 22 17:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: Connection closed by 186.241.84.15 port 48854 [preauth]
Jun 22 17:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: Invalid user admin from 186.241.84.15
Jun 22 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: Failed password for invalid user admin from 186.241.84.15 port 48860 ssh2
Jun 22 17:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23376]: Connection closed by 186.241.84.15 port 48860 [preauth]
Jun 22 17:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23387]: Invalid user admin from 186.241.84.15
Jun 22 17:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23387]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23387]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23387]: Failed password for invalid user admin from 186.241.84.15 port 48864 ssh2
Jun 22 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23387]: Connection closed by 186.241.84.15 port 48864 [preauth]
Jun 22 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: Invalid user admin from 186.241.84.15
Jun 22 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: Failed password for invalid user admin from 186.241.84.15 port 33476 ssh2
Jun 22 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: Connection closed by 186.241.84.15 port 33476 [preauth]
Jun 22 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Invalid user admin from 186.241.84.15
Jun 22 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Failed password for invalid user admin from 186.241.84.15 port 33484 ssh2
Jun 22 17:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Connection closed by 186.241.84.15 port 33484 [preauth]
Jun 22 17:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: Invalid user admin from 186.241.84.15
Jun 22 17:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: Failed password for invalid user admin from 186.241.84.15 port 33500 ssh2
Jun 22 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: Connection closed by 186.241.84.15 port 33500 [preauth]
Jun 22 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: Invalid user admin from 186.241.84.15
Jun 22 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: Failed password for invalid user admin from 186.241.84.15 port 33516 ssh2
Jun 22 17:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: Connection closed by 186.241.84.15 port 33516 [preauth]
Jun 22 17:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Invalid user admin from 186.241.84.15
Jun 22 17:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Failed password for invalid user admin from 186.241.84.15 port 40218 ssh2
Jun 22 17:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Connection closed by 186.241.84.15 port 40218 [preauth]
Jun 22 17:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Invalid user admin from 186.241.84.15
Jun 22 17:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Failed password for invalid user admin from 186.241.84.15 port 40222 ssh2
Jun 22 17:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Connection closed by 186.241.84.15 port 40222 [preauth]
Jun 22 17:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: Invalid user admin from 186.241.84.15
Jun 22 17:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: Failed password for invalid user admin from 186.241.84.15 port 40228 ssh2
Jun 22 17:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: Connection closed by 186.241.84.15 port 40228 [preauth]
Jun 22 17:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: Invalid user admin from 186.241.84.15
Jun 22 17:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: Failed password for invalid user admin from 186.241.84.15 port 40230 ssh2
Jun 22 17:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: Connection closed by 186.241.84.15 port 40230 [preauth]
Jun 22 17:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Invalid user admin from 186.241.84.15
Jun 22 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session closed for user root
Jun 22 17:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Failed password for invalid user admin from 186.241.84.15 port 55688 ssh2
Jun 22 17:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Connection closed by 186.241.84.15 port 55688 [preauth]
Jun 22 17:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Invalid user admin from 186.241.84.15
Jun 22 17:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Failed password for invalid user admin from 186.241.84.15 port 55690 ssh2
Jun 22 17:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Connection closed by 186.241.84.15 port 55690 [preauth]
Jun 22 17:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: Invalid user admin from 186.241.84.15
Jun 22 17:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: Failed password for invalid user admin from 186.241.84.15 port 55696 ssh2
Jun 22 17:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: Connection closed by 186.241.84.15 port 55696 [preauth]
Jun 22 17:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: Invalid user admin from 186.241.84.15
Jun 22 17:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: Failed password for invalid user admin from 186.241.84.15 port 55700 ssh2
Jun 22 17:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: Connection closed by 186.241.84.15 port 55700 [preauth]
Jun 22 17:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Invalid user admin from 186.241.84.15
Jun 22 17:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Failed password for invalid user admin from 186.241.84.15 port 55708 ssh2
Jun 22 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Connection closed by 186.241.84.15 port 55708 [preauth]
Jun 22 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23541]: Invalid user admin from 186.241.84.15
Jun 22 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23541]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23541]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23541]: Failed password for invalid user admin from 186.241.84.15 port 41436 ssh2
Jun 22 17:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23541]: Connection closed by 186.241.84.15 port 41436 [preauth]
Jun 22 17:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Invalid user admin from 186.241.84.15
Jun 22 17:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Failed password for invalid user admin from 186.241.84.15 port 41452 ssh2
Jun 22 17:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Connection closed by 186.241.84.15 port 41452 [preauth]
Jun 22 17:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: Invalid user admin from 186.241.84.15
Jun 22 17:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: Failed password for invalid user admin from 186.241.84.15 port 41454 ssh2
Jun 22 17:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: Connection closed by 186.241.84.15 port 41454 [preauth]
Jun 22 17:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: Invalid user admin from 186.241.84.15
Jun 22 17:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: Failed password for invalid user admin from 186.241.84.15 port 41464 ssh2
Jun 22 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: Connection closed by 186.241.84.15 port 41464 [preauth]
Jun 22 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: Invalid user admin from 186.241.84.15
Jun 22 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: Failed password for invalid user admin from 186.241.84.15 port 51172 ssh2
Jun 22 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: Connection closed by 186.241.84.15 port 51172 [preauth]
Jun 22 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23571]: Invalid user admin from 186.241.84.15
Jun 22 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23571]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Invalid user client from 38.55.97.143
Jun 22 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: input_userauth_request: invalid user client [preauth]
Jun 22 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23571]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Failed password for invalid user client from 38.55.97.143 port 59414 ssh2
Jun 22 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23571]: Failed password for invalid user admin from 186.241.84.15 port 51188 ssh2
Jun 22 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23571]: Connection closed by 186.241.84.15 port 51188 [preauth]
Jun 22 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Connection closed by 38.55.97.143 port 59414 [preauth]
Jun 22 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: Invalid user admin from 186.241.84.15
Jun 22 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: Failed password for invalid user admin from 186.241.84.15 port 51190 ssh2
Jun 22 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23581]: Connection closed by 186.241.84.15 port 51190 [preauth]
Jun 22 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: Invalid user admin from 186.241.84.15
Jun 22 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23586]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: Successful su for rubyman by root
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: + ??? root:rubyman
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572311 of user rubyman.
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572311.
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: Failed password for invalid user admin from 186.241.84.15 port 51196 ssh2
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: Connection closed by 186.241.84.15 port 51196 [preauth]
Jun 22 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Invalid user admin from 186.241.84.15
Jun 22 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session closed for user root
Jun 22 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Failed password for invalid user admin from 186.241.84.15 port 51208 ssh2
Jun 22 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Connection closed by 186.241.84.15 port 51208 [preauth]
Jun 22 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: Invalid user admin from 186.241.84.15
Jun 22 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23587]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23939]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 17:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: Failed password for invalid user admin from 186.241.84.15 port 54136 ssh2
Jun 22 17:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: Connection closed by 186.241.84.15 port 54136 [preauth]
Jun 22 17:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Invalid user admin from 186.241.84.15
Jun 22 17:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23939]: Received disconnect from 62.182.85.212 port 40868:11: disconnected by user [preauth]
Jun 22 17:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23939]: Disconnected from 62.182.85.212 port 40868 [preauth]
Jun 22 17:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Failed password for invalid user admin from 186.241.84.15 port 54138 ssh2
Jun 22 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Connection closed by 186.241.84.15 port 54138 [preauth]
Jun 22 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: Invalid user admin from 186.241.84.15
Jun 22 17:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: Failed password for invalid user admin from 186.241.84.15 port 54154 ssh2
Jun 22 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: Connection closed by 186.241.84.15 port 54154 [preauth]
Jun 22 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Invalid user admin from 186.241.84.15
Jun 22 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Failed password for invalid user admin from 186.241.84.15 port 54164 ssh2
Jun 22 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Connection closed by 186.241.84.15 port 54164 [preauth]
Jun 22 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Invalid user admin from 186.241.84.15
Jun 22 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Failed password for invalid user admin from 186.241.84.15 port 59634 ssh2
Jun 22 17:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Connection closed by 186.241.84.15 port 59634 [preauth]
Jun 22 17:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23993]: Invalid user admin from 186.241.84.15
Jun 22 17:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23993]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23993]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23993]: Failed password for invalid user admin from 186.241.84.15 port 59648 ssh2
Jun 22 17:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23993]: Connection closed by 186.241.84.15 port 59648 [preauth]
Jun 22 17:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: Invalid user admin from 186.241.84.15
Jun 22 17:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: Failed password for invalid user admin from 186.241.84.15 port 59658 ssh2
Jun 22 17:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: Connection closed by 186.241.84.15 port 59658 [preauth]
Jun 22 17:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: Invalid user admin from 186.241.84.15
Jun 22 17:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: Failed password for invalid user admin from 186.241.84.15 port 59662 ssh2
Jun 22 17:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: Connection closed by 186.241.84.15 port 59662 [preauth]
Jun 22 17:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: Invalid user admin from 186.241.84.15
Jun 22 17:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: Failed password for invalid user admin from 186.241.84.15 port 59672 ssh2
Jun 22 17:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: Connection closed by 186.241.84.15 port 59672 [preauth]
Jun 22 17:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Invalid user admin from 186.241.84.15
Jun 22 17:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Failed password for invalid user admin from 186.241.84.15 port 59004 ssh2
Jun 22 17:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Connection closed by 186.241.84.15 port 59004 [preauth]
Jun 22 17:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Invalid user admin from 186.241.84.15
Jun 22 17:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Failed password for invalid user admin from 186.241.84.15 port 59006 ssh2
Jun 22 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Connection closed by 186.241.84.15 port 59006 [preauth]
Jun 22 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Invalid user admin from 186.241.84.15
Jun 22 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Failed password for invalid user admin from 186.241.84.15 port 59014 ssh2
Jun 22 17:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Connection closed by 186.241.84.15 port 59014 [preauth]
Jun 22 17:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Invalid user admin from 186.241.84.15
Jun 22 17:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Failed password for invalid user admin from 186.241.84.15 port 59024 ssh2
Jun 22 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Connection closed by 186.241.84.15 port 59024 [preauth]
Jun 22 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Invalid user admin from 186.241.84.15
Jun 22 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session closed for user root
Jun 22 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Failed password for invalid user admin from 186.241.84.15 port 59028 ssh2
Jun 22 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Connection closed by 186.241.84.15 port 59028 [preauth]
Jun 22 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Invalid user admin from 186.241.84.15
Jun 22 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Failed password for invalid user admin from 186.241.84.15 port 47316 ssh2
Jun 22 17:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Connection closed by 186.241.84.15 port 47316 [preauth]
Jun 22 17:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Invalid user admin from 186.241.84.15
Jun 22 17:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Failed password for invalid user admin from 186.241.84.15 port 47324 ssh2
Jun 22 17:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Connection closed by 186.241.84.15 port 47324 [preauth]
Jun 22 17:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: Invalid user admin from 186.241.84.15
Jun 22 17:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: Failed password for invalid user admin from 186.241.84.15 port 47332 ssh2
Jun 22 17:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: Connection closed by 186.241.84.15 port 47332 [preauth]
Jun 22 17:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Invalid user admin from 186.241.84.15
Jun 22 17:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Failed password for invalid user admin from 186.241.84.15 port 47338 ssh2
Jun 22 17:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Connection closed by 186.241.84.15 port 47338 [preauth]
Jun 22 17:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: Invalid user admin from 186.241.84.15
Jun 22 17:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: Failed password for invalid user admin from 186.241.84.15 port 47352 ssh2
Jun 22 17:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: Connection closed by 186.241.84.15 port 47352 [preauth]
Jun 22 17:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: Invalid user admin from 186.241.84.15
Jun 22 17:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: Failed password for invalid user admin from 186.241.84.15 port 42250 ssh2
Jun 22 17:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: Connection closed by 186.241.84.15 port 42250 [preauth]
Jun 22 17:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: Invalid user admin from 186.241.84.15
Jun 22 17:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: Failed password for invalid user admin from 186.241.84.15 port 42260 ssh2
Jun 22 17:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: Connection closed by 186.241.84.15 port 42260 [preauth]
Jun 22 17:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Invalid user admin from 186.241.84.15
Jun 22 17:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Failed password for invalid user admin from 186.241.84.15 port 42262 ssh2
Jun 22 17:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Connection closed by 186.241.84.15 port 42262 [preauth]
Jun 22 17:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24138]: Invalid user admin from 186.241.84.15
Jun 22 17:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24138]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24138]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24138]: Failed password for invalid user admin from 186.241.84.15 port 42268 ssh2
Jun 22 17:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24138]: Connection closed by 186.241.84.15 port 42268 [preauth]
Jun 22 17:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: Invalid user admin from 186.241.84.15
Jun 22 17:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: Failed password for invalid user admin from 186.241.84.15 port 58730 ssh2
Jun 22 17:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: Connection closed by 186.241.84.15 port 58730 [preauth]
Jun 22 17:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: Invalid user admin from 186.241.84.15
Jun 22 17:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: Failed password for invalid user admin from 186.241.84.15 port 58738 ssh2
Jun 22 17:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: Connection closed by 186.241.84.15 port 58738 [preauth]
Jun 22 17:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: Invalid user admin from 186.241.84.15
Jun 22 17:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: Failed password for invalid user admin from 186.241.84.15 port 58744 ssh2
Jun 22 17:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24153]: Connection closed by 186.241.84.15 port 58744 [preauth]
Jun 22 17:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Invalid user admin from 186.241.84.15
Jun 22 17:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24168]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Failed password for invalid user admin from 186.241.84.15 port 58752 ssh2
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Connection closed by 186.241.84.15 port 58752 [preauth]
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24245]: Successful su for rubyman by root
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24245]: + ??? root:rubyman
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572315 of user rubyman.
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24245]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572315.
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24243]: Invalid user admin from 186.241.84.15
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24243]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24243]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: Invalid user bot from 38.55.97.143
Jun 22 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: input_userauth_request: invalid user bot [preauth]
Jun 22 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24243]: Failed password for invalid user admin from 186.241.84.15 port 58756 ssh2
Jun 22 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24243]: Connection closed by 186.241.84.15 port 58756 [preauth]
Jun 22 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21086]: pam_unix(cron:session): session closed for user root
Jun 22 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: Invalid user admin from 186.241.84.15
Jun 22 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: Failed password for invalid user bot from 38.55.97.143 port 50028 ssh2
Jun 22 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: Connection closed by 38.55.97.143 port 50028 [preauth]
Jun 22 17:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24169]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: Failed password for invalid user admin from 186.241.84.15 port 49086 ssh2
Jun 22 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: Connection closed by 186.241.84.15 port 49086 [preauth]
Jun 22 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24441]: Invalid user admin from 186.241.84.15
Jun 22 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24441]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24441]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24441]: Failed password for invalid user admin from 186.241.84.15 port 49098 ssh2
Jun 22 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24441]: Connection closed by 186.241.84.15 port 49098 [preauth]
Jun 22 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24443]: Invalid user admin from 186.241.84.15
Jun 22 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24443]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24443]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24443]: Failed password for invalid user admin from 186.241.84.15 port 49114 ssh2
Jun 22 17:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24443]: Connection closed by 186.241.84.15 port 49114 [preauth]
Jun 22 17:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Invalid user admin from 186.241.84.15
Jun 22 17:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Failed password for invalid user admin from 186.241.84.15 port 49122 ssh2
Jun 22 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Connection closed by 186.241.84.15 port 49122 [preauth]
Jun 22 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: Invalid user admin from 186.241.84.15
Jun 22 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: Failed password for invalid user admin from 186.241.84.15 port 49132 ssh2
Jun 22 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: Connection closed by 186.241.84.15 port 49132 [preauth]
Jun 22 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Invalid user admin from 186.241.84.15
Jun 22 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Failed password for invalid user admin from 186.241.84.15 port 32986 ssh2
Jun 22 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Connection closed by 186.241.84.15 port 32986 [preauth]
Jun 22 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Invalid user admin from 186.241.84.15
Jun 22 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Failed password for invalid user admin from 186.241.84.15 port 33002 ssh2
Jun 22 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Connection closed by 186.241.84.15 port 33002 [preauth]
Jun 22 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Invalid user admin from 186.241.84.15
Jun 22 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Failed password for invalid user admin from 186.241.84.15 port 33018 ssh2
Jun 22 17:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Connection closed by 186.241.84.15 port 33018 [preauth]
Jun 22 17:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Invalid user admin from 186.241.84.15
Jun 22 17:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Failed password for invalid user admin from 186.241.84.15 port 33034 ssh2
Jun 22 17:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Connection closed by 186.241.84.15 port 33034 [preauth]
Jun 22 17:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24504]: Invalid user admin from 186.241.84.15
Jun 22 17:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24504]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24504]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24504]: Failed password for invalid user admin from 186.241.84.15 port 33048 ssh2
Jun 22 17:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24504]: Connection closed by 186.241.84.15 port 33048 [preauth]
Jun 22 17:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Invalid user admin from 186.241.84.15
Jun 22 17:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Failed password for invalid user admin from 186.241.84.15 port 38884 ssh2
Jun 22 17:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Connection closed by 186.241.84.15 port 38884 [preauth]
Jun 22 17:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: Invalid user admin from 186.241.84.15
Jun 22 17:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: Failed password for invalid user admin from 186.241.84.15 port 38886 ssh2
Jun 22 17:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: Connection closed by 186.241.84.15 port 38886 [preauth]
Jun 22 17:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Invalid user admin from 186.241.84.15
Jun 22 17:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Failed password for invalid user admin from 186.241.84.15 port 38902 ssh2
Jun 22 17:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Connection closed by 186.241.84.15 port 38902 [preauth]
Jun 22 17:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: Invalid user admin from 186.241.84.15
Jun 22 17:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: Failed password for invalid user admin from 186.241.84.15 port 38908 ssh2
Jun 22 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: Connection closed by 186.241.84.15 port 38908 [preauth]
Jun 22 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Invalid user admin from 186.241.84.15
Jun 22 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Failed password for invalid user admin from 186.241.84.15 port 38916 ssh2
Jun 22 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Connection closed by 186.241.84.15 port 38916 [preauth]
Jun 22 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: Invalid user admin from 186.241.84.15
Jun 22 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23100]: pam_unix(cron:session): session closed for user root
Jun 22 17:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: Failed password for invalid user admin from 186.241.84.15 port 60024 ssh2
Jun 22 17:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: Connection closed by 186.241.84.15 port 60024 [preauth]
Jun 22 17:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Invalid user admin from 186.241.84.15
Jun 22 17:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: input_userauth_request: invalid user admin [preauth]
Jun 22 17:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Failed password for invalid user admin from 186.241.84.15 port 60040 ssh2
Jun 22 17:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Connection closed by 186.241.84.15 port 60040 [preauth]
Jun 22 17:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: Invalid user pi from 186.241.84.15
Jun 22 17:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: input_userauth_request: invalid user pi [preauth]
Jun 22 17:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15
Jun 22 17:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: Failed password for invalid user pi from 186.241.84.15 port 60052 ssh2
Jun 22 17:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: Connection closed by 186.241.84.15 port 60052 [preauth]
Jun 22 17:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: User ftp from 186.241.84.15 not allowed because not listed in AllowUsers
Jun 22 17:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: input_userauth_request: invalid user ftp [preauth]
Jun 22 17:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.241.84.15  user=ftp
Jun 22 17:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: Failed password for invalid user ftp from 186.241.84.15 port 60064 ssh2
Jun 22 17:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: Connection closed by 186.241.84.15 port 60064 [preauth]
Jun 22 17:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 17:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: Failed password for root from 103.27.238.114 port 33862 ssh2
Jun 22 17:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: Connection closed by 103.27.238.114 port 33862 [preauth]
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24649]: pam_unix(cron:session): session closed for user p13x
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24719]: Successful su for rubyman by root
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24719]: + ??? root:rubyman
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572321 of user rubyman.
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24719]: pam_unix(su:session): session closed for user rubyman
Jun 22 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572321.
Jun 22 17:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21579]: pam_unix(cron:session): session closed for user root
Jun 22 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Invalid user ansible from 38.55.97.143
Jun 22 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: input_userauth_request: invalid user ansible [preauth]
Jun 22 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24650]: pam_unix(cron:session): session closed for user samftp
Jun 22 17:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Failed password for invalid user ansible from 38.55.97.143 port 55026 ssh2
Jun 22 17:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Connection closed by 38.55.97.143 port 55026 [preauth]
Jun 22 17:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 22 17:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: Failed password for root from 176.32.39.21 port 41998 ssh2
Jun 22 17:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: Connection closed by 176.32.39.21 port 41998 [preauth]
Jun 22 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23589]: pam_unix(cron:session): session closed for user root
Jun 22 17:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 17:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 22 17:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25011]: Failed password for root from 141.98.83.240 port 7608 ssh2
Jun 22 17:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25011]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 7608 ssh2]
Jun 22 17:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25011]: Connection closed by 141.98.83.240 port 7608 [preauth]
Jun 22 17:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25011]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 22 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session closed for user root
Jun 22 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25059]: pam_unix(cron:session): session closed for user root
Jun 22 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25056]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25158]: Successful su for rubyman by root
Jun 22 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25158]: + ??? root:rubyman
Jun 22 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572324 of user rubyman.
Jun 22 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25158]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572324.
Jun 22 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session closed for user root
Jun 22 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Invalid user vpn from 38.55.97.143
Jun 22 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: input_userauth_request: invalid user vpn [preauth]
Jun 22 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25060]: pam_unix(cron:session): session closed for user root
Jun 22 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Failed password for invalid user vpn from 38.55.97.143 port 36224 ssh2
Jun 22 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Connection closed by 38.55.97.143 port 36224 [preauth]
Jun 22 18:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24171]: pam_unix(cron:session): session closed for user root
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25551]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25625]: Successful su for rubyman by root
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25625]: + ??? root:rubyman
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572332 of user rubyman.
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25625]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572332.
Jun 22 18:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22612]: pam_unix(cron:session): session closed for user root
Jun 22 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25552]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: Invalid user ubuntu from 38.55.97.143
Jun 22 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 18:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: Failed password for invalid user ubuntu from 38.55.97.143 port 43390 ssh2
Jun 22 18:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: Connection closed by 38.55.97.143 port 43390 [preauth]
Jun 22 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64  user=root
Jun 22 18:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25859]: Failed password for root from 46.135.109.64 port 27850 ssh2
Jun 22 18:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25859]: Received disconnect from 46.135.109.64 port 27850:11: Bye Bye [preauth]
Jun 22 18:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25859]: Disconnected from 46.135.109.64 port 27850 [preauth]
Jun 22 18:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session closed for user root
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25954]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: Successful su for rubyman by root
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: + ??? root:rubyman
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572336 of user rubyman.
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572336.
Jun 22 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23099]: pam_unix(cron:session): session closed for user root
Jun 22 18:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25955]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Failed password for root from 38.55.97.143 port 52164 ssh2
Jun 22 18:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Connection closed by 38.55.97.143 port 52164 [preauth]
Jun 22 18:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25062]: pam_unix(cron:session): session closed for user root
Jun 22 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26350]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26408]: Successful su for rubyman by root
Jun 22 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26408]: + ??? root:rubyman
Jun 22 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572338 of user rubyman.
Jun 22 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26408]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572338.
Jun 22 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23588]: pam_unix(cron:session): session closed for user root
Jun 22 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Failed password for root from 77.94.47.83 port 33534 ssh2
Jun 22 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Connection closed by 77.94.47.83 port 33534 [preauth]
Jun 22 18:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26351]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: Failed password for root from 38.55.97.143 port 59296 ssh2
Jun 22 18:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: Connection closed by 38.55.97.143 port 59296 [preauth]
Jun 22 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25554]: pam_unix(cron:session): session closed for user root
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26824]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26881]: Successful su for rubyman by root
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26881]: + ??? root:rubyman
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572343 of user rubyman.
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26881]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572343.
Jun 22 18:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24170]: pam_unix(cron:session): session closed for user root
Jun 22 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26825]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: Failed password for root from 38.55.97.143 port 41430 ssh2
Jun 22 18:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: Connection closed by 38.55.97.143 port 41430 [preauth]
Jun 22 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25957]: pam_unix(cron:session): session closed for user root
Jun 22 18:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.135.109.64  user=root
Jun 22 18:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: Failed password for root from 46.135.109.64 port 19747 ssh2
Jun 22 18:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: Received disconnect from 46.135.109.64 port 19747:11: Bye Bye [preauth]
Jun 22 18:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: Disconnected from 46.135.109.64 port 19747 [preauth]
Jun 22 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27239]: pam_unix(cron:session): session closed for user root
Jun 22 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: Successful su for rubyman by root
Jun 22 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: + ??? root:rubyman
Jun 22 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572350 of user rubyman.
Jun 22 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572350.
Jun 22 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session closed for user root
Jun 22 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24652]: pam_unix(cron:session): session closed for user root
Jun 22 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: Failed password for root from 38.55.97.143 port 49648 ssh2
Jun 22 18:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: Connection closed by 38.55.97.143 port 49648 [preauth]
Jun 22 18:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 18:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Failed password for root from 80.66.85.226 port 41948 ssh2
Jun 22 18:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Connection closed by 80.66.85.226 port 41948 [preauth]
Jun 22 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26353]: pam_unix(cron:session): session closed for user root
Jun 22 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27683]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27758]: Successful su for rubyman by root
Jun 22 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27758]: + ??? root:rubyman
Jun 22 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572352 of user rubyman.
Jun 22 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27758]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572352.
Jun 22 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25061]: pam_unix(cron:session): session closed for user root
Jun 22 18:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27684]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27947]: Failed password for root from 38.55.97.143 port 55632 ssh2
Jun 22 18:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27947]: Connection closed by 38.55.97.143 port 55632 [preauth]
Jun 22 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26827]: pam_unix(cron:session): session closed for user root
Jun 22 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28153]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: Successful su for rubyman by root
Jun 22 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: + ??? root:rubyman
Jun 22 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572357 of user rubyman.
Jun 22 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572357.
Jun 22 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25553]: pam_unix(cron:session): session closed for user root
Jun 22 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28154]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: Failed password for root from 38.55.97.143 port 60342 ssh2
Jun 22 18:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: Connection closed by 38.55.97.143 port 60342 [preauth]
Jun 22 18:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27238]: pam_unix(cron:session): session closed for user root
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28557]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: Successful su for rubyman by root
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: + ??? root:rubyman
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572360 of user rubyman.
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572360.
Jun 22 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25956]: pam_unix(cron:session): session closed for user root
Jun 22 18:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28558]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Failed password for root from 38.55.97.143 port 43612 ssh2
Jun 22 18:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Connection closed by 38.55.97.143 port 43612 [preauth]
Jun 22 18:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 18:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: Failed password for root from 193.24.211.107 port 51888 ssh2
Jun 22 18:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: Received disconnect from 193.24.211.107 port 51888:11: Client disconnecting normally [preauth]
Jun 22 18:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: Disconnected from 193.24.211.107 port 51888 [preauth]
Jun 22 18:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27686]: pam_unix(cron:session): session closed for user root
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29070]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: Successful su for rubyman by root
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: + ??? root:rubyman
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572364 of user rubyman.
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572364.
Jun 22 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29068]: pam_unix(cron:session): session closed for user root
Jun 22 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26352]: pam_unix(cron:session): session closed for user root
Jun 22 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29071]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: Failed password for root from 38.55.97.143 port 60232 ssh2
Jun 22 18:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: Connection closed by 38.55.97.143 port 60232 [preauth]
Jun 22 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session closed for user root
Jun 22 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29675]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29678]: pam_unix(cron:session): session closed for user root
Jun 22 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29673]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29768]: Successful su for rubyman by root
Jun 22 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29768]: + ??? root:rubyman
Jun 22 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572372 of user rubyman.
Jun 22 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29768]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572372.
Jun 22 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29675]: pam_unix(cron:session): session closed for user root
Jun 22 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26826]: pam_unix(cron:session): session closed for user root
Jun 22 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29674]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: Failed password for root from 38.55.97.143 port 41944 ssh2
Jun 22 18:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: Connection closed by 38.55.97.143 port 41944 [preauth]
Jun 22 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28560]: pam_unix(cron:session): session closed for user root
Jun 22 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: Received disconnect from 185.28.37.194 port 37946:11: disconnected by user [preauth]
Jun 22 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30065]: Disconnected from 185.28.37.194 port 37946 [preauth]
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30228]: Successful su for rubyman by root
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30228]: + ??? root:rubyman
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572377 of user rubyman.
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30228]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572377.
Jun 22 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session closed for user root
Jun 22 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Failed password for root from 38.55.97.143 port 52042 ssh2
Jun 22 18:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Connection closed by 38.55.97.143 port 52042 [preauth]
Jun 22 18:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 18:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29073]: pam_unix(cron:session): session closed for user root
Jun 22 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: Failed password for root from 62.133.62.83 port 38510 ssh2
Jun 22 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: Connection closed by 62.133.62.83 port 38510 [preauth]
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30583]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30656]: Successful su for rubyman by root
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30656]: + ??? root:rubyman
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572380 of user rubyman.
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30656]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572380.
Jun 22 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27685]: pam_unix(cron:session): session closed for user root
Jun 22 18:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30585]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Failed password for root from 38.55.97.143 port 35846 ssh2
Jun 22 18:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Connection closed by 38.55.97.143 port 35846 [preauth]
Jun 22 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29677]: pam_unix(cron:session): session closed for user root
Jun 22 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31022]: Failed password for root from 103.82.132.16 port 44758 ssh2
Jun 22 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31022]: Connection closed by 103.82.132.16 port 44758 [preauth]
Jun 22 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31152]: Successful su for rubyman by root
Jun 22 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31152]: + ??? root:rubyman
Jun 22 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572385 of user rubyman.
Jun 22 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31152]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572385.
Jun 22 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session closed for user root
Jun 22 18:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31090]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 18:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: Failed password for root from 147.45.199.80 port 41092 ssh2
Jun 22 18:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: Connection closed by 147.45.199.80 port 41092 [preauth]
Jun 22 18:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Failed password for root from 38.55.97.143 port 44530 ssh2
Jun 22 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Connection closed by 38.55.97.143 port 44530 [preauth]
Jun 22 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30157]: pam_unix(cron:session): session closed for user root
Jun 22 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 18:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: Failed password for root from 103.122.221.179 port 56406 ssh2
Jun 22 18:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: Connection closed by 103.122.221.179 port 56406 [preauth]
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31564]: Successful su for rubyman by root
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31564]: + ??? root:rubyman
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572387 of user rubyman.
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31564]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572387.
Jun 22 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28559]: pam_unix(cron:session): session closed for user root
Jun 22 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: Failed password for root from 38.55.97.143 port 52480 ssh2
Jun 22 18:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: Connection closed by 38.55.97.143 port 52480 [preauth]
Jun 22 18:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30587]: pam_unix(cron:session): session closed for user root
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32014]: pam_unix(cron:session): session closed for user root
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32007]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32083]: Successful su for rubyman by root
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32083]: + ??? root:rubyman
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572392 of user rubyman.
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32083]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572392.
Jun 22 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32009]: pam_unix(cron:session): session closed for user root
Jun 22 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29072]: pam_unix(cron:session): session closed for user root
Jun 22 18:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32008]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: Failed password for root from 103.27.238.116 port 39024 ssh2
Jun 22 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32287]: Connection closed by 103.27.238.116 port 39024 [preauth]
Jun 22 18:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: Failed password for root from 38.55.97.143 port 59322 ssh2
Jun 22 18:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: Connection closed by 38.55.97.143 port 59322 [preauth]
Jun 22 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31092]: pam_unix(cron:session): session closed for user root
Jun 22 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32442]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32519]: Successful su for rubyman by root
Jun 22 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32519]: + ??? root:rubyman
Jun 22 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572397 of user rubyman.
Jun 22 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32519]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572397.
Jun 22 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29676]: pam_unix(cron:session): session closed for user root
Jun 22 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32444]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: Failed password for root from 38.55.97.143 port 43044 ssh2
Jun 22 18:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: Connection closed by 38.55.97.143 port 43044 [preauth]
Jun 22 18:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: Invalid user  from 176.65.139.217
Jun 22 18:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: input_userauth_request: invalid user  [preauth]
Jun 22 18:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: Connection closed by 176.65.139.217 port 41430 [preauth]
Jun 22 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31495]: pam_unix(cron:session): session closed for user root
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[401]: pam_unix(cron:session): session closed for user root
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[607]: Successful su for rubyman by root
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[607]: + ??? root:rubyman
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572401 of user rubyman.
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[607]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572401.
Jun 22 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30156]: pam_unix(cron:session): session closed for user root
Jun 22 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[408]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[835]: Failed password for root from 38.55.97.143 port 52664 ssh2
Jun 22 18:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[835]: Connection closed by 38.55.97.143 port 52664 [preauth]
Jun 22 18:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: Invalid user minecraft from 176.65.139.217
Jun 22 18:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 18:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: Failed password for invalid user minecraft from 176.65.139.217 port 57172 ssh2
Jun 22 18:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: Connection closed by 176.65.139.217 port 57172 [preauth]
Jun 22 18:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Invalid user ec2-user from 176.65.139.217
Jun 22 18:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: input_userauth_request: invalid user ec2-user [preauth]
Jun 22 18:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Failed password for invalid user ec2-user from 176.65.139.217 port 57210 ssh2
Jun 22 18:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Connection closed by 176.65.139.217 port 57210 [preauth]
Jun 22 18:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32011]: pam_unix(cron:session): session closed for user root
Jun 22 18:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Invalid user fastuser from 176.65.139.217
Jun 22 18:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Failed password for invalid user fastuser from 176.65.139.217 port 49116 ssh2
Jun 22 18:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Connection closed by 176.65.139.217 port 49116 [preauth]
Jun 22 18:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Failed password for invalid user ubuntu from 176.65.139.217 port 49176 ssh2
Jun 22 18:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Connection closed by 176.65.139.217 port 49176 [preauth]
Jun 22 18:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: Invalid user newuser from 176.65.139.217
Jun 22 18:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: input_userauth_request: invalid user newuser [preauth]
Jun 22 18:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: Failed password for invalid user newuser from 176.65.139.217 port 37328 ssh2
Jun 22 18:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: Connection closed by 176.65.139.217 port 37328 [preauth]
Jun 22 18:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: Invalid user ftpuser1 from 176.65.139.217
Jun 22 18:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 22 18:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: Failed password for invalid user ftpuser1 from 176.65.139.217 port 37406 ssh2
Jun 22 18:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: Connection closed by 176.65.139.217 port 37406 [preauth]
Jun 22 18:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: Invalid user fivem from 176.65.139.217
Jun 22 18:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: input_userauth_request: invalid user fivem [preauth]
Jun 22 18:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: Failed password for invalid user fivem from 176.65.139.217 port 37480 ssh2
Jun 22 18:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: Connection closed by 176.65.139.217 port 37480 [preauth]
Jun 22 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: Invalid user erpnext from 176.65.139.217
Jun 22 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: input_userauth_request: invalid user erpnext [preauth]
Jun 22 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: Failed password for invalid user erpnext from 176.65.139.217 port 45174 ssh2
Jun 22 18:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: Connection closed by 176.65.139.217 port 45174 [preauth]
Jun 22 18:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Invalid user user3 from 176.65.139.217
Jun 22 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: input_userauth_request: invalid user user3 [preauth]
Jun 22 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[994]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1076]: Successful su for rubyman by root
Jun 22 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1076]: + ??? root:rubyman
Jun 22 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572408 of user rubyman.
Jun 22 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1076]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572408.
Jun 22 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Failed password for invalid user user3 from 176.65.139.217 port 45240 ssh2
Jun 22 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Connection closed by 176.65.139.217 port 45240 [preauth]
Jun 22 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30586]: pam_unix(cron:session): session closed for user root
Jun 22 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[995]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1255]: Failed password for root from 176.65.139.217 port 52686 ssh2
Jun 22 18:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1255]: Connection closed by 176.65.139.217 port 52686 [preauth]
Jun 22 18:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: Failed password for root from 176.65.139.217 port 52736 ssh2
Jun 22 18:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: Connection closed by 176.65.139.217 port 52736 [preauth]
Jun 22 18:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Failed password for root from 176.65.139.217 port 56876 ssh2
Jun 22 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Connection closed by 176.65.139.217 port 56876 [preauth]
Jun 22 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Invalid user labuser from 176.65.139.217
Jun 22 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: input_userauth_request: invalid user labuser [preauth]
Jun 22 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Failed password for invalid user labuser from 176.65.139.217 port 56972 ssh2
Jun 22 18:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Connection closed by 176.65.139.217 port 56972 [preauth]
Jun 22 18:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Invalid user portal from 176.65.139.217
Jun 22 18:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: input_userauth_request: invalid user portal [preauth]
Jun 22 18:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Failed password for invalid user portal from 176.65.139.217 port 48230 ssh2
Jun 22 18:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Connection closed by 176.65.139.217 port 48230 [preauth]
Jun 22 18:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Failed password for root from 176.65.139.217 port 48292 ssh2
Jun 22 18:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Connection closed by 176.65.139.217 port 48292 [preauth]
Jun 22 18:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Failed password for root from 38.55.97.143 port 44602 ssh2
Jun 22 18:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Connection closed by 38.55.97.143 port 44602 [preauth]
Jun 22 18:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Invalid user hadoop from 176.65.139.217
Jun 22 18:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 18:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Failed password for invalid user hadoop from 176.65.139.217 port 48382 ssh2
Jun 22 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Connection closed by 176.65.139.217 port 48382 [preauth]
Jun 22 18:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32446]: pam_unix(cron:session): session closed for user root
Jun 22 18:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: User nobody from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: input_userauth_request: invalid user nobody [preauth]
Jun 22 18:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=nobody
Jun 22 18:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: Failed password for invalid user nobody from 176.65.139.217 port 44324 ssh2
Jun 22 18:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: Connection closed by 176.65.139.217 port 44324 [preauth]
Jun 22 18:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Failed password for root from 176.65.139.217 port 44362 ssh2
Jun 22 18:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Connection closed by 176.65.139.217 port 44362 [preauth]
Jun 22 18:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Invalid user ethan from 176.65.139.217
Jun 22 18:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: input_userauth_request: invalid user ethan [preauth]
Jun 22 18:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Failed password for invalid user ethan from 176.65.139.217 port 39642 ssh2
Jun 22 18:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Connection closed by 176.65.139.217 port 39642 [preauth]
Jun 22 18:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: Invalid user test from 176.65.139.217
Jun 22 18:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: input_userauth_request: invalid user test [preauth]
Jun 22 18:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: Failed password for invalid user test from 176.65.139.217 port 39680 ssh2
Jun 22 18:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: Connection closed by 176.65.139.217 port 39680 [preauth]
Jun 22 18:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Invalid user admin from 176.65.139.217
Jun 22 18:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Failed password for invalid user admin from 176.65.139.217 port 33962 ssh2
Jun 22 18:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Connection closed by 176.65.139.217 port 33962 [preauth]
Jun 22 18:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: Invalid user amit from 176.65.139.217
Jun 22 18:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: input_userauth_request: invalid user amit [preauth]
Jun 22 18:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1586]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: Failed password for invalid user amit from 176.65.139.217 port 33992 ssh2
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: Connection closed by 176.65.139.217 port 33992 [preauth]
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1662]: Successful su for rubyman by root
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1662]: + ??? root:rubyman
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572410 of user rubyman.
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1662]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572410.
Jun 22 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Invalid user devops from 176.65.139.217
Jun 22 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: input_userauth_request: invalid user devops [preauth]
Jun 22 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31091]: pam_unix(cron:session): session closed for user root
Jun 22 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Failed password for invalid user devops from 176.65.139.217 port 59684 ssh2
Jun 22 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Connection closed by 176.65.139.217 port 59684 [preauth]
Jun 22 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1590]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: Invalid user test1 from 176.65.139.217
Jun 22 18:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: input_userauth_request: invalid user test1 [preauth]
Jun 22 18:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: Failed password for invalid user test1 from 176.65.139.217 port 59708 ssh2
Jun 22 18:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: Connection closed by 176.65.139.217 port 59708 [preauth]
Jun 22 18:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Invalid user vagrant from 176.65.139.217
Jun 22 18:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: input_userauth_request: invalid user vagrant [preauth]
Jun 22 18:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Failed password for invalid user vagrant from 176.65.139.217 port 59770 ssh2
Jun 22 18:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Connection closed by 176.65.139.217 port 59770 [preauth]
Jun 22 18:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: Invalid user ansible from 176.65.139.217
Jun 22 18:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: input_userauth_request: invalid user ansible [preauth]
Jun 22 18:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: Failed password for invalid user ansible from 176.65.139.217 port 41118 ssh2
Jun 22 18:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: Connection closed by 176.65.139.217 port 41118 [preauth]
Jun 22 18:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1921]: Failed password for root from 176.65.139.217 port 41180 ssh2
Jun 22 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1921]: Connection closed by 176.65.139.217 port 41180 [preauth]
Jun 22 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: Invalid user admin from 176.65.139.217
Jun 22 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: Failed password for invalid user admin from 176.65.139.217 port 33900 ssh2
Jun 22 18:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: Connection closed by 176.65.139.217 port 33900 [preauth]
Jun 22 18:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Invalid user dev from 176.65.139.217
Jun 22 18:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: input_userauth_request: invalid user dev [preauth]
Jun 22 18:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: Failed password for root from 38.55.97.143 port 59154 ssh2
Jun 22 18:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Failed password for invalid user dev from 176.65.139.217 port 33952 ssh2
Jun 22 18:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Connection closed by 176.65.139.217 port 33952 [preauth]
Jun 22 18:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: Connection closed by 38.55.97.143 port 59154 [preauth]
Jun 22 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session closed for user root
Jun 22 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: Invalid user test from 176.65.139.217
Jun 22 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: input_userauth_request: invalid user test [preauth]
Jun 22 18:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: Failed password for invalid user test from 176.65.139.217 port 38554 ssh2
Jun 22 18:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: Connection closed by 176.65.139.217 port 38554 [preauth]
Jun 22 18:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Invalid user system from 176.65.139.217
Jun 22 18:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: input_userauth_request: invalid user system [preauth]
Jun 22 18:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Failed password for invalid user system from 176.65.139.217 port 38586 ssh2
Jun 22 18:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Connection closed by 176.65.139.217 port 38586 [preauth]
Jun 22 18:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: Failed password for root from 176.65.139.217 port 45796 ssh2
Jun 22 18:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: Connection closed by 176.65.139.217 port 45796 [preauth]
Jun 22 18:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: Failed password for root from 176.65.139.217 port 45846 ssh2
Jun 22 18:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: Connection closed by 176.65.139.217 port 45846 [preauth]
Jun 22 18:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: Invalid user crafty from 176.65.139.217
Jun 22 18:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: input_userauth_request: invalid user crafty [preauth]
Jun 22 18:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: Failed password for invalid user crafty from 176.65.139.217 port 48938 ssh2
Jun 22 18:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: Connection closed by 176.65.139.217 port 48938 [preauth]
Jun 22 18:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Invalid user myuser from 176.65.139.217
Jun 22 18:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: input_userauth_request: invalid user myuser [preauth]
Jun 22 18:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Failed password for invalid user myuser from 176.65.139.217 port 48966 ssh2
Jun 22 18:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Connection closed by 176.65.139.217 port 48966 [preauth]
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2104]: pam_unix(cron:session): session closed for user root
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2099]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2188]: Successful su for rubyman by root
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2188]: + ??? root:rubyman
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572416 of user rubyman.
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2188]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572416.
Jun 22 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2163]: Failed password for root from 176.65.139.217 port 48990 ssh2
Jun 22 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2163]: Connection closed by 176.65.139.217 port 48990 [preauth]
Jun 22 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31494]: pam_unix(cron:session): session closed for user root
Jun 22 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2101]: pam_unix(cron:session): session closed for user root
Jun 22 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2100]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2386]: Failed password for root from 176.65.139.217 port 35130 ssh2
Jun 22 18:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2386]: Connection closed by 176.65.139.217 port 35130 [preauth]
Jun 22 18:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Invalid user admin from 176.65.139.217
Jun 22 18:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Failed password for invalid user admin from 176.65.139.217 port 35152 ssh2
Jun 22 18:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Connection closed by 176.65.139.217 port 35152 [preauth]
Jun 22 18:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Invalid user user from 176.65.139.217
Jun 22 18:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: input_userauth_request: invalid user user [preauth]
Jun 22 18:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Failed password for invalid user user from 176.65.139.217 port 48600 ssh2
Jun 22 18:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Connection closed by 176.65.139.217 port 48600 [preauth]
Jun 22 18:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Invalid user sysupdate from 176.65.139.217
Jun 22 18:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: input_userauth_request: invalid user sysupdate [preauth]
Jun 22 18:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Failed password for invalid user sysupdate from 176.65.139.217 port 48626 ssh2
Jun 22 18:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Connection closed by 176.65.139.217 port 48626 [preauth]
Jun 22 18:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: Invalid user a from 176.65.139.217
Jun 22 18:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: input_userauth_request: invalid user a [preauth]
Jun 22 18:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: Failed password for invalid user a from 176.65.139.217 port 34706 ssh2
Jun 22 18:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: Connection closed by 176.65.139.217 port 34706 [preauth]
Jun 22 18:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: Invalid user server from 176.65.139.217
Jun 22 18:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: input_userauth_request: invalid user server [preauth]
Jun 22 18:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: Failed password for invalid user server from 176.65.139.217 port 34776 ssh2
Jun 22 18:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: Connection closed by 176.65.139.217 port 34776 [preauth]
Jun 22 18:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session closed for user root
Jun 22 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Failed password for root from 38.55.97.143 port 39864 ssh2
Jun 22 18:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Connection closed by 38.55.97.143 port 39864 [preauth]
Jun 22 18:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: Failed password for root from 176.65.139.217 port 53998 ssh2
Jun 22 18:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: Connection closed by 176.65.139.217 port 53998 [preauth]
Jun 22 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Invalid user media from 176.65.139.217
Jun 22 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: input_userauth_request: invalid user media [preauth]
Jun 22 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Failed password for invalid user media from 176.65.139.217 port 54012 ssh2
Jun 22 18:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Connection closed by 176.65.139.217 port 54012 [preauth]
Jun 22 18:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: Invalid user administrator from 176.65.139.217
Jun 22 18:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: input_userauth_request: invalid user administrator [preauth]
Jun 22 18:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: Failed password for invalid user administrator from 176.65.139.217 port 46230 ssh2
Jun 22 18:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: Connection closed by 176.65.139.217 port 46230 [preauth]
Jun 22 18:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Failed password for root from 176.65.139.217 port 46284 ssh2
Jun 22 18:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Connection closed by 176.65.139.217 port 46284 [preauth]
Jun 22 18:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2580]: Invalid user dev from 176.65.139.217
Jun 22 18:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2580]: input_userauth_request: invalid user dev [preauth]
Jun 22 18:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2580]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2580]: Failed password for invalid user dev from 176.65.139.217 port 43098 ssh2
Jun 22 18:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2580]: Connection closed by 176.65.139.217 port 43098 [preauth]
Jun 22 18:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Invalid user ts from 176.65.139.217
Jun 22 18:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: input_userauth_request: invalid user ts [preauth]
Jun 22 18:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Failed password for invalid user ts from 176.65.139.217 port 43142 ssh2
Jun 22 18:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Connection closed by 176.65.139.217 port 43142 [preauth]
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2609]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: Successful su for rubyman by root
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: + ??? root:rubyman
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572421 of user rubyman.
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572421.
Jun 22 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: Invalid user bot from 176.65.139.217
Jun 22 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: input_userauth_request: invalid user bot [preauth]
Jun 22 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32010]: pam_unix(cron:session): session closed for user root
Jun 22 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: Failed password for invalid user bot from 176.65.139.217 port 43196 ssh2
Jun 22 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: Connection closed by 176.65.139.217 port 43196 [preauth]
Jun 22 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Invalid user ranga from 176.65.139.217
Jun 22 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: input_userauth_request: invalid user ranga [preauth]
Jun 22 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Failed password for invalid user ranga from 176.65.139.217 port 45686 ssh2
Jun 22 18:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Connection closed by 176.65.139.217 port 45686 [preauth]
Jun 22 18:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Invalid user hu from 176.65.139.217
Jun 22 18:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: input_userauth_request: invalid user hu [preauth]
Jun 22 18:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Failed password for invalid user hu from 176.65.139.217 port 45696 ssh2
Jun 22 18:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Connection closed by 176.65.139.217 port 45696 [preauth]
Jun 22 18:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Invalid user openclaw from 176.65.139.217
Jun 22 18:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 18:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Failed password for invalid user openclaw from 176.65.139.217 port 33302 ssh2
Jun 22 18:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Connection closed by 176.65.139.217 port 33302 [preauth]
Jun 22 18:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: Invalid user admin1 from 176.65.139.217
Jun 22 18:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 18:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: Failed password for invalid user admin1 from 176.65.139.217 port 33362 ssh2
Jun 22 18:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: Connection closed by 176.65.139.217 port 33362 [preauth]
Jun 22 18:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Invalid user guest from 176.65.139.217
Jun 22 18:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: input_userauth_request: invalid user guest [preauth]
Jun 22 18:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Failed password for invalid user guest from 176.65.139.217 port 59346 ssh2
Jun 22 18:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Connection closed by 176.65.139.217 port 59346 [preauth]
Jun 22 18:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Failed password for root from 176.65.139.217 port 59364 ssh2
Jun 22 18:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Connection closed by 176.65.139.217 port 59364 [preauth]
Jun 22 18:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1592]: pam_unix(cron:session): session closed for user root
Jun 22 18:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Failed password for root from 38.55.97.143 port 51522 ssh2
Jun 22 18:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Connection closed by 38.55.97.143 port 51522 [preauth]
Jun 22 18:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Failed password for root from 176.65.139.217 port 41040 ssh2
Jun 22 18:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Connection closed by 176.65.139.217 port 41040 [preauth]
Jun 22 18:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Invalid user debian from 176.65.139.217
Jun 22 18:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: input_userauth_request: invalid user debian [preauth]
Jun 22 18:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Failed password for invalid user debian from 176.65.139.217 port 41088 ssh2
Jun 22 18:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Connection closed by 176.65.139.217 port 41088 [preauth]
Jun 22 18:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: Invalid user deploy from 176.65.139.217
Jun 22 18:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: Failed password for invalid user deploy from 176.65.139.217 port 57308 ssh2
Jun 22 18:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: Connection closed by 176.65.139.217 port 57308 [preauth]
Jun 22 18:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Invalid user uploader from 176.65.139.217
Jun 22 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: input_userauth_request: invalid user uploader [preauth]
Jun 22 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Failed password for invalid user uploader from 176.65.139.217 port 57352 ssh2
Jun 22 18:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Connection closed by 176.65.139.217 port 57352 [preauth]
Jun 22 18:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3019]: Invalid user jakob from 176.65.139.217
Jun 22 18:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3019]: input_userauth_request: invalid user jakob [preauth]
Jun 22 18:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3019]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3019]: Failed password for invalid user jakob from 176.65.139.217 port 33624 ssh2
Jun 22 18:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3019]: Connection closed by 176.65.139.217 port 33624 [preauth]
Jun 22 18:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: Invalid user app from 176.65.139.217
Jun 22 18:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: input_userauth_request: invalid user app [preauth]
Jun 22 18:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: Failed password for invalid user app from 176.65.139.217 port 33662 ssh2
Jun 22 18:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: Connection closed by 176.65.139.217 port 33662 [preauth]
Jun 22 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3043]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3103]: Successful su for rubyman by root
Jun 22 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3103]: + ??? root:rubyman
Jun 22 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572424 of user rubyman.
Jun 22 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3103]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572424.
Jun 22 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Invalid user default from 176.65.139.217
Jun 22 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: input_userauth_request: invalid user default [preauth]
Jun 22 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32445]: pam_unix(cron:session): session closed for user root
Jun 22 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Failed password for invalid user default from 176.65.139.217 port 33694 ssh2
Jun 22 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Connection closed by 176.65.139.217 port 33694 [preauth]
Jun 22 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Failed password for root from 176.65.139.217 port 45626 ssh2
Jun 22 18:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Connection closed by 176.65.139.217 port 45626 [preauth]
Jun 22 18:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Invalid user main from 176.65.139.217
Jun 22 18:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: input_userauth_request: invalid user main [preauth]
Jun 22 18:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 22 18:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Failed password for invalid user main from 176.65.139.217 port 45658 ssh2
Jun 22 18:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Connection closed by 176.65.139.217 port 45658 [preauth]
Jun 22 18:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Failed password for root from 147.45.211.215 port 36734 ssh2
Jun 22 18:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Connection closed by 147.45.211.215 port 36734 [preauth]
Jun 22 18:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Invalid user bitrix from 176.65.139.217
Jun 22 18:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: input_userauth_request: invalid user bitrix [preauth]
Jun 22 18:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Failed password for invalid user bitrix from 176.65.139.217 port 48556 ssh2
Jun 22 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Connection closed by 176.65.139.217 port 48556 [preauth]
Jun 22 18:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Failed password for root from 176.65.139.217 port 48628 ssh2
Jun 22 18:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Connection closed by 176.65.139.217 port 48628 [preauth]
Jun 22 18:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: Failed password for root from 176.65.139.217 port 44876 ssh2
Jun 22 18:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: Connection closed by 176.65.139.217 port 44876 [preauth]
Jun 22 18:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: User mysql from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: input_userauth_request: invalid user mysql [preauth]
Jun 22 18:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=mysql
Jun 22 18:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: Failed password for invalid user mysql from 176.65.139.217 port 44926 ssh2
Jun 22 18:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: Connection closed by 176.65.139.217 port 44926 [preauth]
Jun 22 18:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2103]: pam_unix(cron:session): session closed for user root
Jun 22 18:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3374]: Failed password for root from 38.55.97.143 port 34496 ssh2
Jun 22 18:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: Invalid user user from 176.65.139.217
Jun 22 18:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: input_userauth_request: invalid user user [preauth]
Jun 22 18:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3374]: Connection closed by 38.55.97.143 port 34496 [preauth]
Jun 22 18:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: Failed password for invalid user user from 176.65.139.217 port 60588 ssh2
Jun 22 18:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: Connection closed by 176.65.139.217 port 60588 [preauth]
Jun 22 18:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Invalid user asterisk from 176.65.139.217
Jun 22 18:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: input_userauth_request: invalid user asterisk [preauth]
Jun 22 18:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Failed password for invalid user asterisk from 176.65.139.217 port 60602 ssh2
Jun 22 18:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Connection closed by 176.65.139.217 port 60602 [preauth]
Jun 22 18:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Invalid user root1 from 176.65.139.217
Jun 22 18:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: input_userauth_request: invalid user root1 [preauth]
Jun 22 18:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Failed password for invalid user root1 from 176.65.139.217 port 48102 ssh2
Jun 22 18:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Connection closed by 176.65.139.217 port 48102 [preauth]
Jun 22 18:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Failed password for root from 176.65.139.217 port 48144 ssh2
Jun 22 18:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Connection closed by 176.65.139.217 port 48144 [preauth]
Jun 22 18:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Invalid user erp from 176.65.139.217
Jun 22 18:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: input_userauth_request: invalid user erp [preauth]
Jun 22 18:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Failed password for invalid user erp from 176.65.139.217 port 53486 ssh2
Jun 22 18:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Connection closed by 176.65.139.217 port 53486 [preauth]
Jun 22 18:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: Failed password for root from 176.65.139.217 port 53550 ssh2
Jun 22 18:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: Connection closed by 176.65.139.217 port 53550 [preauth]
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: Successful su for rubyman by root
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: + ??? root:rubyman
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572429 of user rubyman.
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572429.
Jun 22 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session closed for user root
Jun 22 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: Failed password for root from 176.65.139.217 port 47416 ssh2
Jun 22 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: Connection closed by 176.65.139.217 port 47416 [preauth]
Jun 22 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: Invalid user developer from 176.65.139.217
Jun 22 18:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: input_userauth_request: invalid user developer [preauth]
Jun 22 18:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: Failed password for invalid user developer from 176.65.139.217 port 47454 ssh2
Jun 22 18:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: Connection closed by 176.65.139.217 port 47454 [preauth]
Jun 22 18:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Failed password for root from 176.65.139.217 port 47528 ssh2
Jun 22 18:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Connection closed by 176.65.139.217 port 47528 [preauth]
Jun 22 18:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: Failed password for root from 176.65.139.217 port 51076 ssh2
Jun 22 18:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: Connection closed by 176.65.139.217 port 51076 [preauth]
Jun 22 18:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: Invalid user testuser from 176.65.139.217
Jun 22 18:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: input_userauth_request: invalid user testuser [preauth]
Jun 22 18:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: Failed password for invalid user testuser from 176.65.139.217 port 51112 ssh2
Jun 22 18:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: Connection closed by 176.65.139.217 port 51112 [preauth]
Jun 22 18:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: Invalid user osmc from 176.65.139.217
Jun 22 18:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: input_userauth_request: invalid user osmc [preauth]
Jun 22 18:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: Failed password for invalid user osmc from 176.65.139.217 port 38772 ssh2
Jun 22 18:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: Connection closed by 176.65.139.217 port 38772 [preauth]
Jun 22 18:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Failed password for root from 176.65.139.217 port 38804 ssh2
Jun 22 18:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Connection closed by 176.65.139.217 port 38804 [preauth]
Jun 22 18:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2612]: pam_unix(cron:session): session closed for user root
Jun 22 18:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: Invalid user prefect from 176.65.139.217
Jun 22 18:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: input_userauth_request: invalid user prefect [preauth]
Jun 22 18:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: Failed password for invalid user prefect from 176.65.139.217 port 56274 ssh2
Jun 22 18:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: Connection closed by 176.65.139.217 port 56274 [preauth]
Jun 22 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3998]: Failed password for root from 38.55.97.143 port 41356 ssh2
Jun 22 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3998]: Connection closed by 38.55.97.143 port 41356 [preauth]
Jun 22 18:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Invalid user vyos from 176.65.139.217
Jun 22 18:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: input_userauth_request: invalid user vyos [preauth]
Jun 22 18:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Failed password for invalid user vyos from 176.65.139.217 port 56330 ssh2
Jun 22 18:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Connection closed by 176.65.139.217 port 56330 [preauth]
Jun 22 18:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Invalid user www from 176.65.139.217
Jun 22 18:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: input_userauth_request: invalid user www [preauth]
Jun 22 18:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Failed password for invalid user www from 176.65.139.217 port 41938 ssh2
Jun 22 18:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Connection closed by 176.65.139.217 port 41938 [preauth]
Jun 22 18:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Invalid user webuser from 176.65.139.217
Jun 22 18:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: input_userauth_request: invalid user webuser [preauth]
Jun 22 18:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Failed password for invalid user webuser from 176.65.139.217 port 41984 ssh2
Jun 22 18:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Connection closed by 176.65.139.217 port 41984 [preauth]
Jun 22 18:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 18:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Failed password for root from 37.233.85.71 port 42944 ssh2
Jun 22 18:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Connection closed by 37.233.85.71 port 42944 [preauth]
Jun 22 18:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: User vncuser from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: input_userauth_request: invalid user vncuser [preauth]
Jun 22 18:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=vncuser
Jun 22 18:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: Failed password for invalid user vncuser from 176.65.139.217 port 41234 ssh2
Jun 22 18:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: Connection closed by 176.65.139.217 port 41234 [preauth]
Jun 22 18:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Invalid user ec2-user from 176.65.139.217
Jun 22 18:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: input_userauth_request: invalid user ec2-user [preauth]
Jun 22 18:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Failed password for invalid user ec2-user from 176.65.139.217 port 41314 ssh2
Jun 22 18:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Connection closed by 176.65.139.217 port 41314 [preauth]
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4101]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4164]: Successful su for rubyman by root
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4164]: + ??? root:rubyman
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572432 of user rubyman.
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4164]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572432.
Jun 22 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Invalid user newuser from 176.65.139.217
Jun 22 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: input_userauth_request: invalid user newuser [preauth]
Jun 22 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[996]: pam_unix(cron:session): session closed for user root
Jun 22 18:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4102]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Failed password for invalid user newuser from 176.65.139.217 port 59436 ssh2
Jun 22 18:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Connection closed by 176.65.139.217 port 59436 [preauth]
Jun 22 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4364]: Invalid user ubnt from 45.148.10.121
Jun 22 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4364]: input_userauth_request: invalid user ubnt [preauth]
Jun 22 18:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4364]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 22 18:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: Invalid user minecraft from 176.65.139.217
Jun 22 18:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 18:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4364]: Failed password for invalid user ubnt from 45.148.10.121 port 56590 ssh2
Jun 22 18:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4364]: Connection closed by 45.148.10.121 port 56590 [preauth]
Jun 22 18:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: Failed password for invalid user minecraft from 176.65.139.217 port 59498 ssh2
Jun 22 18:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: Connection closed by 176.65.139.217 port 59498 [preauth]
Jun 22 18:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Failed password for root from 176.65.139.217 port 36514 ssh2
Jun 22 18:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Connection closed by 176.65.139.217 port 36514 [preauth]
Jun 22 18:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: Invalid user debian from 176.65.139.217
Jun 22 18:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: input_userauth_request: invalid user debian [preauth]
Jun 22 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: Failed password for invalid user debian from 176.65.139.217 port 36548 ssh2
Jun 22 18:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: Connection closed by 176.65.139.217 port 36548 [preauth]
Jun 22 18:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: Invalid user gitlab-runner from 176.65.139.217
Jun 22 18:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 22 18:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: Failed password for invalid user gitlab-runner from 176.65.139.217 port 33946 ssh2
Jun 22 18:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: Connection closed by 176.65.139.217 port 33946 [preauth]
Jun 22 18:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Failed password for root from 176.65.139.217 port 33992 ssh2
Jun 22 18:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Connection closed by 176.65.139.217 port 33992 [preauth]
Jun 22 18:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 18:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: Invalid user gitlab-runner from 176.65.139.217
Jun 22 18:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 22 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: Failed password for root from 87.251.79.125 port 53648 ssh2
Jun 22 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: Connection closed by 87.251.79.125 port 53648 [preauth]
Jun 22 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session closed for user root
Jun 22 18:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: Failed password for invalid user gitlab-runner from 176.65.139.217 port 34012 ssh2
Jun 22 18:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: Connection closed by 176.65.139.217 port 34012 [preauth]
Jun 22 18:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Invalid user amir from 176.65.139.217
Jun 22 18:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: input_userauth_request: invalid user amir [preauth]
Jun 22 18:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Failed password for invalid user amir from 176.65.139.217 port 45292 ssh2
Jun 22 18:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Connection closed by 176.65.139.217 port 45292 [preauth]
Jun 22 18:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4467]: Failed password for root from 38.55.97.143 port 51658 ssh2
Jun 22 18:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4467]: Connection closed by 38.55.97.143 port 51658 [preauth]
Jun 22 18:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4480]: Invalid user developer from 176.65.139.217
Jun 22 18:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4480]: input_userauth_request: invalid user developer [preauth]
Jun 22 18:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4480]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4480]: Failed password for invalid user developer from 176.65.139.217 port 45314 ssh2
Jun 22 18:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4480]: Connection closed by 176.65.139.217 port 45314 [preauth]
Jun 22 18:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Invalid user app from 176.65.139.217
Jun 22 18:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: input_userauth_request: invalid user app [preauth]
Jun 22 18:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Failed password for invalid user app from 176.65.139.217 port 55230 ssh2
Jun 22 18:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Connection closed by 176.65.139.217 port 55230 [preauth]
Jun 22 18:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: Invalid user pi from 176.65.139.217
Jun 22 18:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: input_userauth_request: invalid user pi [preauth]
Jun 22 18:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: Failed password for invalid user pi from 176.65.139.217 port 55268 ssh2
Jun 22 18:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: Connection closed by 176.65.139.217 port 55268 [preauth]
Jun 22 18:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Invalid user claude from 176.65.139.217
Jun 22 18:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: input_userauth_request: invalid user claude [preauth]
Jun 22 18:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Failed password for invalid user claude from 176.65.139.217 port 48788 ssh2
Jun 22 18:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Connection closed by 176.65.139.217 port 48788 [preauth]
Jun 22 18:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: Invalid user david from 176.65.139.217
Jun 22 18:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: input_userauth_request: invalid user david [preauth]
Jun 22 18:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: Failed password for invalid user david from 176.65.139.217 port 48812 ssh2
Jun 22 18:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: Connection closed by 176.65.139.217 port 48812 [preauth]
Jun 22 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4552]: pam_unix(cron:session): session closed for user root
Jun 22 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4547]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4617]: Successful su for rubyman by root
Jun 22 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4617]: + ??? root:rubyman
Jun 22 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572436 of user rubyman.
Jun 22 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4617]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572436.
Jun 22 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: User ftp from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: input_userauth_request: invalid user ftp [preauth]
Jun 22 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=ftp
Jun 22 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1591]: pam_unix(cron:session): session closed for user root
Jun 22 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4549]: pam_unix(cron:session): session closed for user root
Jun 22 18:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for invalid user ftp from 176.65.139.217 port 48844 ssh2
Jun 22 18:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Connection closed by 176.65.139.217 port 48844 [preauth]
Jun 22 18:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: Failed password for root from 193.24.211.107 port 33551 ssh2
Jun 22 18:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: Received disconnect from 193.24.211.107 port 33551:11: Client disconnecting normally [preauth]
Jun 22 18:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: Disconnected from 193.24.211.107 port 33551 [preauth]
Jun 22 18:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: Invalid user dolphinscheduler from 176.65.139.217
Jun 22 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 22 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: Failed password for invalid user dolphinscheduler from 176.65.139.217 port 59648 ssh2
Jun 22 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: Connection closed by 176.65.139.217 port 59648 [preauth]
Jun 22 18:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: User john from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: input_userauth_request: invalid user john [preauth]
Jun 22 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=john
Jun 22 18:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Failed password for invalid user john from 176.65.139.217 port 59692 ssh2
Jun 22 18:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Connection closed by 176.65.139.217 port 59692 [preauth]
Jun 22 18:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: User ftp from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: input_userauth_request: invalid user ftp [preauth]
Jun 22 18:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=ftp
Jun 22 18:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: Failed password for invalid user ftp from 176.65.139.217 port 48428 ssh2
Jun 22 18:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: Connection closed by 176.65.139.217 port 48428 [preauth]
Jun 22 18:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4982]: Invalid user frappe from 176.65.139.217
Jun 22 18:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4982]: input_userauth_request: invalid user frappe [preauth]
Jun 22 18:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4982]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4982]: Failed password for invalid user frappe from 176.65.139.217 port 48466 ssh2
Jun 22 18:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4982]: Connection closed by 176.65.139.217 port 48466 [preauth]
Jun 22 18:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: Invalid user student from 176.65.139.217
Jun 22 18:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: input_userauth_request: invalid user student [preauth]
Jun 22 18:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: Failed password for invalid user student from 176.65.139.217 port 48502 ssh2
Jun 22 18:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: Connection closed by 176.65.139.217 port 48502 [preauth]
Jun 22 18:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5013]: Invalid user appuser from 176.65.139.217
Jun 22 18:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5013]: input_userauth_request: invalid user appuser [preauth]
Jun 22 18:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5013]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5013]: Failed password for invalid user appuser from 176.65.139.217 port 36578 ssh2
Jun 22 18:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5013]: Connection closed by 176.65.139.217 port 36578 [preauth]
Jun 22 18:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: Failed password for root from 176.65.139.217 port 36628 ssh2
Jun 22 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: Connection closed by 176.65.139.217 port 36628 [preauth]
Jun 22 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3470]: pam_unix(cron:session): session closed for user root
Jun 22 18:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Failed password for root from 176.65.139.217 port 41712 ssh2
Jun 22 18:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Connection closed by 176.65.139.217 port 41712 [preauth]
Jun 22 18:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5058]: Invalid user ai from 176.65.139.217
Jun 22 18:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5058]: input_userauth_request: invalid user ai [preauth]
Jun 22 18:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5058]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5056]: Failed password for root from 38.55.97.143 port 34704 ssh2
Jun 22 18:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5056]: Connection closed by 38.55.97.143 port 34704 [preauth]
Jun 22 18:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5058]: Failed password for invalid user ai from 176.65.139.217 port 41722 ssh2
Jun 22 18:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5058]: Connection closed by 176.65.139.217 port 41722 [preauth]
Jun 22 18:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Failed password for root from 176.65.139.217 port 59448 ssh2
Jun 22 18:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Connection closed by 176.65.139.217 port 59448 [preauth]
Jun 22 18:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: Invalid user gary from 176.65.139.217
Jun 22 18:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: input_userauth_request: invalid user gary [preauth]
Jun 22 18:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: Failed password for invalid user gary from 176.65.139.217 port 59514 ssh2
Jun 22 18:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: Connection closed by 176.65.139.217 port 59514 [preauth]
Jun 22 18:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5092]: Failed password for root from 176.65.139.217 port 59558 ssh2
Jun 22 18:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5092]: Connection closed by 176.65.139.217 port 59558 [preauth]
Jun 22 18:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: Invalid user tom from 176.65.139.217
Jun 22 18:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: input_userauth_request: invalid user tom [preauth]
Jun 22 18:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: Failed password for invalid user tom from 176.65.139.217 port 33206 ssh2
Jun 22 18:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: Connection closed by 176.65.139.217 port 33206 [preauth]
Jun 22 18:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: Invalid user hduser from 176.65.139.217
Jun 22 18:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: input_userauth_request: invalid user hduser [preauth]
Jun 22 18:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: Failed password for invalid user hduser from 176.65.139.217 port 33264 ssh2
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: Connection closed by 176.65.139.217 port 33264 [preauth]
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5116]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5187]: Successful su for rubyman by root
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5187]: + ??? root:rubyman
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572442 of user rubyman.
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5187]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572442.
Jun 22 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Invalid user rdpuser from 176.65.139.217
Jun 22 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 18:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Failed password for invalid user rdpuser from 176.65.139.217 port 56022 ssh2
Jun 22 18:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Connection closed by 176.65.139.217 port 56022 [preauth]
Jun 22 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2102]: pam_unix(cron:session): session closed for user root
Jun 22 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5117]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5381]: Invalid user admin from 176.65.139.217
Jun 22 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5381]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5381]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5381]: Failed password for invalid user admin from 176.65.139.217 port 56044 ssh2
Jun 22 18:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5381]: Connection closed by 176.65.139.217 port 56044 [preauth]
Jun 22 18:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Invalid user deploy from 176.65.139.217
Jun 22 18:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Failed password for invalid user deploy from 176.65.139.217 port 56068 ssh2
Jun 22 18:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Connection closed by 176.65.139.217 port 56068 [preauth]
Jun 22 18:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: Invalid user ts3 from 176.65.139.217
Jun 22 18:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: input_userauth_request: invalid user ts3 [preauth]
Jun 22 18:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: Failed password for invalid user ts3 from 176.65.139.217 port 48866 ssh2
Jun 22 18:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: Connection closed by 176.65.139.217 port 48866 [preauth]
Jun 22 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Invalid user git from 176.65.139.217
Jun 22 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: input_userauth_request: invalid user git [preauth]
Jun 22 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Failed password for invalid user git from 176.65.139.217 port 48914 ssh2
Jun 22 18:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Connection closed by 176.65.139.217 port 48914 [preauth]
Jun 22 18:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: Invalid user username from 176.65.139.217
Jun 22 18:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: input_userauth_request: invalid user username [preauth]
Jun 22 18:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: Failed password for invalid user username from 176.65.139.217 port 49610 ssh2
Jun 22 18:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: Connection closed by 176.65.139.217 port 49610 [preauth]
Jun 22 18:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: Invalid user alex from 176.65.139.217
Jun 22 18:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: input_userauth_request: invalid user alex [preauth]
Jun 22 18:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: Failed password for invalid user alex from 176.65.139.217 port 49644 ssh2
Jun 22 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: Connection closed by 176.65.139.217 port 49644 [preauth]
Jun 22 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Invalid user kali from 176.65.139.217
Jun 22 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: input_userauth_request: invalid user kali [preauth]
Jun 22 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Failed password for invalid user kali from 176.65.139.217 port 49678 ssh2
Jun 22 18:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Connection closed by 176.65.139.217 port 49678 [preauth]
Jun 22 18:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4104]: pam_unix(cron:session): session closed for user root
Jun 22 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: Invalid user arthur from 176.65.139.217
Jun 22 18:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: input_userauth_request: invalid user arthur [preauth]
Jun 22 18:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: Failed password for invalid user arthur from 176.65.139.217 port 42236 ssh2
Jun 22 18:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: Connection closed by 176.65.139.217 port 42236 [preauth]
Jun 22 18:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: Invalid user odoo18 from 176.65.139.217
Jun 22 18:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: input_userauth_request: invalid user odoo18 [preauth]
Jun 22 18:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: Failed password for invalid user odoo18 from 176.65.139.217 port 42254 ssh2
Jun 22 18:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: Connection closed by 176.65.139.217 port 42254 [preauth]
Jun 22 18:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: Invalid user sam from 176.65.139.217
Jun 22 18:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: input_userauth_request: invalid user sam [preauth]
Jun 22 18:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Failed password for root from 38.55.97.143 port 46138 ssh2
Jun 22 18:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Connection closed by 38.55.97.143 port 46138 [preauth]
Jun 22 18:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: Failed password for invalid user sam from 176.65.139.217 port 42268 ssh2
Jun 22 18:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: Connection closed by 176.65.139.217 port 42268 [preauth]
Jun 22 18:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Failed password for root from 176.65.139.217 port 45348 ssh2
Jun 22 18:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Connection closed by 176.65.139.217 port 45348 [preauth]
Jun 22 18:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: Failed password for invalid user ubuntu from 176.65.139.217 port 45402 ssh2
Jun 22 18:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: Connection closed by 176.65.139.217 port 45402 [preauth]
Jun 22 18:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Invalid user fivem from 176.65.139.217
Jun 22 18:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: input_userauth_request: invalid user fivem [preauth]
Jun 22 18:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Failed password for invalid user fivem from 176.65.139.217 port 55758 ssh2
Jun 22 18:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Connection closed by 176.65.139.217 port 55758 [preauth]
Jun 22 18:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Invalid user minecraft from 176.65.139.217
Jun 22 18:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 18:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Failed password for invalid user minecraft from 176.65.139.217 port 55778 ssh2
Jun 22 18:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Connection closed by 176.65.139.217 port 55778 [preauth]
Jun 22 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Invalid user trader from 176.65.139.217
Jun 22 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: input_userauth_request: invalid user trader [preauth]
Jun 22 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5578]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: Successful su for rubyman by root
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: + ??? root:rubyman
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572446 of user rubyman.
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572446.
Jun 22 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Failed password for invalid user trader from 176.65.139.217 port 55792 ssh2
Jun 22 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2611]: pam_unix(cron:session): session closed for user root
Jun 22 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Connection closed by 176.65.139.217 port 55792 [preauth]
Jun 22 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: Invalid user postgres from 176.65.139.217
Jun 22 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: input_userauth_request: invalid user postgres [preauth]
Jun 22 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5579]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: Failed password for invalid user postgres from 176.65.139.217 port 59716 ssh2
Jun 22 18:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: Connection closed by 176.65.139.217 port 59716 [preauth]
Jun 22 18:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: Invalid user fahmi from 176.65.139.217
Jun 22 18:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: input_userauth_request: invalid user fahmi [preauth]
Jun 22 18:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: Failed password for invalid user fahmi from 176.65.139.217 port 59778 ssh2
Jun 22 18:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: Connection closed by 176.65.139.217 port 59778 [preauth]
Jun 22 18:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5844]: Invalid user deploy from 176.65.139.217
Jun 22 18:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5844]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5844]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5844]: Failed password for invalid user deploy from 176.65.139.217 port 54452 ssh2
Jun 22 18:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5844]: Connection closed by 176.65.139.217 port 54452 [preauth]
Jun 22 18:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: Invalid user cursor from 176.65.139.217
Jun 22 18:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: input_userauth_request: invalid user cursor [preauth]
Jun 22 18:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: Failed password for invalid user cursor from 176.65.139.217 port 54508 ssh2
Jun 22 18:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: Connection closed by 176.65.139.217 port 54508 [preauth]
Jun 22 18:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: Failed password for root from 176.65.139.217 port 55174 ssh2
Jun 22 18:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: Connection closed by 176.65.139.217 port 55174 [preauth]
Jun 22 18:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5888]: Invalid user calvin from 176.65.139.217
Jun 22 18:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5888]: input_userauth_request: invalid user calvin [preauth]
Jun 22 18:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5888]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5888]: Failed password for invalid user calvin from 176.65.139.217 port 55220 ssh2
Jun 22 18:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5888]: Connection closed by 176.65.139.217 port 55220 [preauth]
Jun 22 18:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: Invalid user private from 176.65.139.217
Jun 22 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: input_userauth_request: invalid user private [preauth]
Jun 22 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4551]: pam_unix(cron:session): session closed for user root
Jun 22 18:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: Failed password for invalid user private from 176.65.139.217 port 53388 ssh2
Jun 22 18:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: Connection closed by 176.65.139.217 port 53388 [preauth]
Jun 22 18:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: Invalid user installer from 176.65.139.217
Jun 22 18:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: input_userauth_request: invalid user installer [preauth]
Jun 22 18:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: Failed password for invalid user installer from 176.65.139.217 port 53436 ssh2
Jun 22 18:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5920]: Connection closed by 176.65.139.217 port 53436 [preauth]
Jun 22 18:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Invalid user fivem from 176.65.139.217
Jun 22 18:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: input_userauth_request: invalid user fivem [preauth]
Jun 22 18:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Failed password for invalid user fivem from 176.65.139.217 port 53490 ssh2
Jun 22 18:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Connection closed by 176.65.139.217 port 53490 [preauth]
Jun 22 18:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Invalid user username from 176.65.139.217
Jun 22 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: input_userauth_request: invalid user username [preauth]
Jun 22 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Invalid user admin from 2.57.121.25
Jun 22 18:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 18:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Failed password for invalid user username from 176.65.139.217 port 60102 ssh2
Jun 22 18:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Connection closed by 176.65.139.217 port 60102 [preauth]
Jun 22 18:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Failed password for invalid user admin from 2.57.121.25 port 23916 ssh2
Jun 22 18:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Failed password for root from 38.55.97.143 port 34770 ssh2
Jun 22 18:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Connection closed by 38.55.97.143 port 34770 [preauth]
Jun 22 18:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Invalid user openvpn from 176.65.139.217
Jun 22 18:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: input_userauth_request: invalid user openvpn [preauth]
Jun 22 18:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Failed password for invalid user admin from 2.57.121.25 port 23916 ssh2
Jun 22 18:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Failed password for invalid user openvpn from 176.65.139.217 port 60170 ssh2
Jun 22 18:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Connection closed by 176.65.139.217 port 60170 [preauth]
Jun 22 18:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Failed password for invalid user admin from 2.57.121.25 port 23916 ssh2
Jun 22 18:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Connection closed by 2.57.121.25 port 23916 [preauth]
Jun 22 18:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 18:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: Failed password for root from 176.65.139.217 port 57702 ssh2
Jun 22 18:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: Connection closed by 176.65.139.217 port 57702 [preauth]
Jun 22 18:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Invalid user kingbase from 176.65.139.217
Jun 22 18:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: input_userauth_request: invalid user kingbase [preauth]
Jun 22 18:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Failed password for invalid user kingbase from 176.65.139.217 port 57768 ssh2
Jun 22 18:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Connection closed by 176.65.139.217 port 57768 [preauth]
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6049]: Successful su for rubyman by root
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6049]: + ??? root:rubyman
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572450 of user rubyman.
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6049]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572450.
Jun 22 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Invalid user alex from 176.65.139.217
Jun 22 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: input_userauth_request: invalid user alex [preauth]
Jun 22 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session closed for user root
Jun 22 18:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user alex from 176.65.139.217 port 42914 ssh2
Jun 22 18:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Connection closed by 176.65.139.217 port 42914 [preauth]
Jun 22 18:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6238]: Invalid user testuser from 176.65.139.217
Jun 22 18:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6238]: input_userauth_request: invalid user testuser [preauth]
Jun 22 18:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6238]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6238]: Failed password for invalid user testuser from 176.65.139.217 port 42934 ssh2
Jun 22 18:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6238]: Connection closed by 176.65.139.217 port 42934 [preauth]
Jun 22 18:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Invalid user ivan from 176.65.139.217
Jun 22 18:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: input_userauth_request: invalid user ivan [preauth]
Jun 22 18:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Failed password for invalid user ivan from 176.65.139.217 port 42982 ssh2
Jun 22 18:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Connection closed by 176.65.139.217 port 42982 [preauth]
Jun 22 18:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Invalid user deployer from 176.65.139.217
Jun 22 18:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: input_userauth_request: invalid user deployer [preauth]
Jun 22 18:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Failed password for invalid user deployer from 176.65.139.217 port 59962 ssh2
Jun 22 18:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Connection closed by 176.65.139.217 port 59962 [preauth]
Jun 22 18:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Invalid user deployer from 176.65.139.217
Jun 22 18:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: input_userauth_request: invalid user deployer [preauth]
Jun 22 18:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Failed password for invalid user deployer from 176.65.139.217 port 59998 ssh2
Jun 22 18:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Connection closed by 176.65.139.217 port 59998 [preauth]
Jun 22 18:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Invalid user nexus from 176.65.139.217
Jun 22 18:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: input_userauth_request: invalid user nexus [preauth]
Jun 22 18:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Failed password for invalid user nexus from 176.65.139.217 port 57904 ssh2
Jun 22 18:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Connection closed by 176.65.139.217 port 57904 [preauth]
Jun 22 18:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: Invalid user btc from 176.65.139.217
Jun 22 18:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: input_userauth_request: invalid user btc [preauth]
Jun 22 18:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Connection closed by 218.208.8.69 port 3073 [preauth]
Jun 22 18:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: Failed password for invalid user btc from 176.65.139.217 port 57956 ssh2
Jun 22 18:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6307]: Connection closed by 176.65.139.217 port 57956 [preauth]
Jun 22 18:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5119]: pam_unix(cron:session): session closed for user root
Jun 22 18:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: Failed password for root from 176.65.139.217 port 58824 ssh2
Jun 22 18:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: Connection closed by 176.65.139.217 port 58824 [preauth]
Jun 22 18:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Failed password for root from 176.65.139.217 port 58844 ssh2
Jun 22 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Connection closed by 176.65.139.217 port 58844 [preauth]
Jun 22 18:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Invalid user hadoop from 176.65.139.217
Jun 22 18:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 18:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Failed password for invalid user hadoop from 176.65.139.217 port 58912 ssh2
Jun 22 18:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Connection closed by 176.65.139.217 port 58912 [preauth]
Jun 22 18:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Connection closed by 218.208.8.69 port 3093 [preauth]
Jun 22 18:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Failed password for root from 176.65.139.217 port 39868 ssh2
Jun 22 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Connection closed by 176.65.139.217 port 39868 [preauth]
Jun 22 18:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Failed password for root from 176.65.139.217 port 39932 ssh2
Jun 22 18:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Connection closed by 176.65.139.217 port 39932 [preauth]
Jun 22 18:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Invalid user kafka from 176.65.139.217
Jun 22 18:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: input_userauth_request: invalid user kafka [preauth]
Jun 22 18:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Failed password for invalid user kafka from 176.65.139.217 port 37714 ssh2
Jun 22 18:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Connection closed by 176.65.139.217 port 37714 [preauth]
Jun 22 18:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Invalid user odoo16 from 176.65.139.217
Jun 22 18:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: input_userauth_request: invalid user odoo16 [preauth]
Jun 22 18:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6473]: Successful su for rubyman by root
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6473]: + ??? root:rubyman
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572454 of user rubyman.
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6473]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572454.
Jun 22 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Failed password for invalid user odoo16 from 176.65.139.217 port 37748 ssh2
Jun 22 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Connection closed by 176.65.139.217 port 37748 [preauth]
Jun 22 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3469]: pam_unix(cron:session): session closed for user root
Jun 22 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: Invalid user user from 176.65.139.217
Jun 22 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: input_userauth_request: invalid user user [preauth]
Jun 22 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: Failed password for invalid user user from 176.65.139.217 port 38296 ssh2
Jun 22 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6640]: Connection closed by 176.65.139.217 port 38296 [preauth]
Jun 22 18:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: Failed password for root from 38.55.97.143 port 33916 ssh2
Jun 22 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: Connection closed by 38.55.97.143 port 33916 [preauth]
Jun 22 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: Received disconnect from 62.210.189.225 port 16798:11: disconnected by user [preauth]
Jun 22 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: Disconnected from 62.210.189.225 port 16798 [preauth]
Jun 22 18:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: Invalid user testuser from 176.65.139.217
Jun 22 18:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: input_userauth_request: invalid user testuser [preauth]
Jun 22 18:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: Failed password for invalid user testuser from 176.65.139.217 port 38362 ssh2
Jun 22 18:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: Connection closed by 176.65.139.217 port 38362 [preauth]
Jun 22 18:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: Invalid user test from 176.65.139.217
Jun 22 18:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: input_userauth_request: invalid user test [preauth]
Jun 22 18:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: Failed password for invalid user test from 176.65.139.217 port 56568 ssh2
Jun 22 18:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: Connection closed by 176.65.139.217 port 56568 [preauth]
Jun 22 18:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Failed password for root from 176.65.139.217 port 56620 ssh2
Jun 22 18:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Connection closed by 176.65.139.217 port 56620 [preauth]
Jun 22 18:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Invalid user neptune from 176.65.139.217
Jun 22 18:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: input_userauth_request: invalid user neptune [preauth]
Jun 22 18:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Failed password for invalid user neptune from 176.65.139.217 port 45622 ssh2
Jun 22 18:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Connection closed by 176.65.139.217 port 45622 [preauth]
Jun 22 18:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: Invalid user jellyfin from 176.65.139.217
Jun 22 18:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: input_userauth_request: invalid user jellyfin [preauth]
Jun 22 18:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: Failed password for invalid user jellyfin from 176.65.139.217 port 45656 ssh2
Jun 22 18:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: Connection closed by 176.65.139.217 port 45656 [preauth]
Jun 22 18:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5581]: pam_unix(cron:session): session closed for user root
Jun 22 18:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Failed password for root from 176.65.139.217 port 45694 ssh2
Jun 22 18:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Connection closed by 176.65.139.217 port 45694 [preauth]
Jun 22 18:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: Invalid user splunk from 176.65.139.217
Jun 22 18:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: input_userauth_request: invalid user splunk [preauth]
Jun 22 18:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: Failed password for invalid user splunk from 176.65.139.217 port 43674 ssh2
Jun 22 18:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: Connection closed by 176.65.139.217 port 43674 [preauth]
Jun 22 18:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Invalid user deploy from 176.65.139.217
Jun 22 18:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Failed password for invalid user deploy from 176.65.139.217 port 43710 ssh2
Jun 22 18:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Connection closed by 176.65.139.217 port 43710 [preauth]
Jun 22 18:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: Failed password for root from 176.65.139.217 port 57446 ssh2
Jun 22 18:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: Connection closed by 176.65.139.217 port 57446 [preauth]
Jun 22 18:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Invalid user myuser from 176.65.139.217
Jun 22 18:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: input_userauth_request: invalid user myuser [preauth]
Jun 22 18:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 18:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Failed password for invalid user myuser from 176.65.139.217 port 57494 ssh2
Jun 22 18:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Connection closed by 176.65.139.217 port 57494 [preauth]
Jun 22 18:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Failed password for root from 38.93.206.2 port 37586 ssh2
Jun 22 18:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Connection closed by 38.93.206.2 port 37586 [preauth]
Jun 22 18:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: Invalid user demo from 176.65.139.217
Jun 22 18:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: input_userauth_request: invalid user demo [preauth]
Jun 22 18:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: Failed password for invalid user demo from 176.65.139.217 port 39832 ssh2
Jun 22 18:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: Connection closed by 176.65.139.217 port 39832 [preauth]
Jun 22 18:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Invalid user gitlab from 176.65.139.217
Jun 22 18:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: input_userauth_request: invalid user gitlab [preauth]
Jun 22 18:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Failed password for invalid user gitlab from 176.65.139.217 port 39896 ssh2
Jun 22 18:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Connection closed by 176.65.139.217 port 39896 [preauth]
Jun 22 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6871]: pam_unix(cron:session): session closed for user root
Jun 22 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Invalid user gateway from 176.65.139.217
Jun 22 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: input_userauth_request: invalid user gateway [preauth]
Jun 22 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6940]: Successful su for rubyman by root
Jun 22 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6940]: + ??? root:rubyman
Jun 22 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572458 of user rubyman.
Jun 22 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6940]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572458.
Jun 22 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4103]: pam_unix(cron:session): session closed for user root
Jun 22 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6868]: pam_unix(cron:session): session closed for user root
Jun 22 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Failed password for invalid user gateway from 176.65.139.217 port 39940 ssh2
Jun 22 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Connection closed by 176.65.139.217 port 39940 [preauth]
Jun 22 18:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Invalid user admin from 176.65.139.217
Jun 22 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Failed password for invalid user admin from 176.65.139.217 port 60524 ssh2
Jun 22 18:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Connection closed by 176.65.139.217 port 60524 [preauth]
Jun 22 18:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Failed password for root from 38.55.97.143 port 49804 ssh2
Jun 22 18:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Invalid user app from 176.65.139.217
Jun 22 18:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: input_userauth_request: invalid user app [preauth]
Jun 22 18:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Connection closed by 38.55.97.143 port 49804 [preauth]
Jun 22 18:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Failed password for invalid user app from 176.65.139.217 port 60560 ssh2
Jun 22 18:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Connection closed by 176.65.139.217 port 60560 [preauth]
Jun 22 18:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Invalid user chris from 176.65.139.217
Jun 22 18:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: input_userauth_request: invalid user chris [preauth]
Jun 22 18:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 22 18:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Failed password for invalid user chris from 176.65.139.217 port 36194 ssh2
Jun 22 18:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Connection closed by 176.65.139.217 port 36194 [preauth]
Jun 22 18:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: Failed password for root from 46.19.67.181 port 44400 ssh2
Jun 22 18:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: Connection closed by 46.19.67.181 port 44400 [preauth]
Jun 22 18:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Invalid user rock from 176.65.139.217
Jun 22 18:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: input_userauth_request: invalid user rock [preauth]
Jun 22 18:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Failed password for invalid user rock from 176.65.139.217 port 36256 ssh2
Jun 22 18:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Connection closed by 176.65.139.217 port 36256 [preauth]
Jun 22 18:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Invalid user admin from 176.65.139.217
Jun 22 18:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Failed password for invalid user admin from 176.65.139.217 port 40232 ssh2
Jun 22 18:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Connection closed by 176.65.139.217 port 40232 [preauth]
Jun 22 18:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: Failed password for root from 176.65.139.217 port 40294 ssh2
Jun 22 18:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: Connection closed by 176.65.139.217 port 40294 [preauth]
Jun 22 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5994]: pam_unix(cron:session): session closed for user root
Jun 22 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Connection closed by 194.59.206.2 port 64880 [preauth]
Jun 22 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Failed password for invalid user ubuntu from 176.65.139.217 port 43966 ssh2
Jun 22 18:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Connection closed by 176.65.139.217 port 43966 [preauth]
Jun 22 18:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Invalid user runner from 176.65.139.217
Jun 22 18:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: input_userauth_request: invalid user runner [preauth]
Jun 22 18:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for invalid user runner from 176.65.139.217 port 43986 ssh2
Jun 22 18:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Connection closed by 176.65.139.217 port 43986 [preauth]
Jun 22 18:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Invalid user frank from 176.65.139.217
Jun 22 18:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: input_userauth_request: invalid user frank [preauth]
Jun 22 18:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Failed password for invalid user frank from 176.65.139.217 port 44022 ssh2
Jun 22 18:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Connection closed by 176.65.139.217 port 44022 [preauth]
Jun 22 18:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: User nobody from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: input_userauth_request: invalid user nobody [preauth]
Jun 22 18:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=nobody
Jun 22 18:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for invalid user nobody from 176.65.139.217 port 50182 ssh2
Jun 22 18:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Connection closed by 176.65.139.217 port 50182 [preauth]
Jun 22 18:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Invalid user crafty from 176.65.139.217
Jun 22 18:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: input_userauth_request: invalid user crafty [preauth]
Jun 22 18:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Failed password for invalid user crafty from 176.65.139.217 port 50204 ssh2
Jun 22 18:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Connection closed by 176.65.139.217 port 50204 [preauth]
Jun 22 18:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Invalid user bot from 176.65.139.217
Jun 22 18:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: input_userauth_request: invalid user bot [preauth]
Jun 22 18:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Failed password for invalid user bot from 176.65.139.217 port 56540 ssh2
Jun 22 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Connection closed by 176.65.139.217 port 56540 [preauth]
Jun 22 18:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Invalid user splunk from 176.65.139.217
Jun 22 18:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: input_userauth_request: invalid user splunk [preauth]
Jun 22 18:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: Successful su for rubyman by root
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: + ??? root:rubyman
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572464 of user rubyman.
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572464.
Jun 22 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Failed password for invalid user splunk from 176.65.139.217 port 56582 ssh2
Jun 22 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Connection closed by 176.65.139.217 port 56582 [preauth]
Jun 22 18:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4550]: pam_unix(cron:session): session closed for user root
Jun 22 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: Failed password for root from 176.65.139.217 port 59610 ssh2
Jun 22 18:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: Connection closed by 176.65.139.217 port 59610 [preauth]
Jun 22 18:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Invalid user debian from 176.65.139.217
Jun 22 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: input_userauth_request: invalid user debian [preauth]
Jun 22 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Failed password for root from 38.55.97.143 port 58688 ssh2
Jun 22 18:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Connection closed by 38.55.97.143 port 58688 [preauth]
Jun 22 18:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Failed password for invalid user debian from 176.65.139.217 port 59674 ssh2
Jun 22 18:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Connection closed by 176.65.139.217 port 59674 [preauth]
Jun 22 18:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: Invalid user username from 176.65.139.217
Jun 22 18:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: input_userauth_request: invalid user username [preauth]
Jun 22 18:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: Failed password for invalid user username from 176.65.139.217 port 41564 ssh2
Jun 22 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: Connection closed by 176.65.139.217 port 41564 [preauth]
Jun 22 18:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Invalid user www from 176.65.139.217
Jun 22 18:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: input_userauth_request: invalid user www [preauth]
Jun 22 18:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Failed password for invalid user www from 176.65.139.217 port 41612 ssh2
Jun 22 18:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Connection closed by 176.65.139.217 port 41612 [preauth]
Jun 22 18:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Invalid user support from 176.65.139.217
Jun 22 18:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: input_userauth_request: invalid user support [preauth]
Jun 22 18:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Failed password for invalid user support from 176.65.139.217 port 54870 ssh2
Jun 22 18:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Connection closed by 176.65.139.217 port 54870 [preauth]
Jun 22 18:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Invalid user usuario from 176.65.139.217
Jun 22 18:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: input_userauth_request: invalid user usuario [preauth]
Jun 22 18:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Failed password for invalid user usuario from 176.65.139.217 port 54920 ssh2
Jun 22 18:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Connection closed by 176.65.139.217 port 54920 [preauth]
Jun 22 18:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6418]: pam_unix(cron:session): session closed for user root
Jun 22 18:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Failed password for root from 176.65.139.217 port 54956 ssh2
Jun 22 18:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Connection closed by 176.65.139.217 port 54956 [preauth]
Jun 22 18:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7876]: Failed password for root from 176.65.139.217 port 40462 ssh2
Jun 22 18:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7876]: Connection closed by 176.65.139.217 port 40462 [preauth]
Jun 22 18:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: Invalid user test from 176.65.139.217
Jun 22 18:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: input_userauth_request: invalid user test [preauth]
Jun 22 18:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Invalid user dayne from 141.98.83.240
Jun 22 18:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: input_userauth_request: invalid user dayne [preauth]
Jun 22 18:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 18:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: Failed password for invalid user test from 176.65.139.217 port 40496 ssh2
Jun 22 18:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: Connection closed by 176.65.139.217 port 40496 [preauth]
Jun 22 18:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Failed password for invalid user dayne from 141.98.83.240 port 49622 ssh2
Jun 22 18:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Failed password for invalid user dayne from 141.98.83.240 port 49622 ssh2
Jun 22 18:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Invalid user openclaw from 176.65.139.217
Jun 22 18:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 18:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Failed password for invalid user dayne from 141.98.83.240 port 49622 ssh2
Jun 22 18:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Failed password for invalid user openclaw from 176.65.139.217 port 43280 ssh2
Jun 22 18:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Connection closed by 141.98.83.240 port 49622 [preauth]
Jun 22 18:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 18:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Connection closed by 176.65.139.217 port 43280 [preauth]
Jun 22 18:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: Invalid user webmaster from 176.65.139.217
Jun 22 18:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: input_userauth_request: invalid user webmaster [preauth]
Jun 22 18:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: Failed password for invalid user webmaster from 176.65.139.217 port 43326 ssh2
Jun 22 18:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: Connection closed by 176.65.139.217 port 43326 [preauth]
Jun 22 18:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: Invalid user localhost from 176.65.139.217
Jun 22 18:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: input_userauth_request: invalid user localhost [preauth]
Jun 22 18:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: Failed password for invalid user localhost from 176.65.139.217 port 58444 ssh2
Jun 22 18:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: Connection closed by 176.65.139.217 port 58444 [preauth]
Jun 22 18:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: Invalid user support from 176.65.139.217
Jun 22 18:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: input_userauth_request: invalid user support [preauth]
Jun 22 18:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7944]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: Failed password for invalid user support from 176.65.139.217 port 58482 ssh2
Jun 22 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8004]: Successful su for rubyman by root
Jun 22 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8004]: + ??? root:rubyman
Jun 22 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572469 of user rubyman.
Jun 22 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8004]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572469.
Jun 22 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: Connection closed by 176.65.139.217 port 58482 [preauth]
Jun 22 18:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: Invalid user user from 176.65.139.217
Jun 22 18:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: input_userauth_request: invalid user user [preauth]
Jun 22 18:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5118]: pam_unix(cron:session): session closed for user root
Jun 22 18:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: Failed password for invalid user user from 176.65.139.217 port 41278 ssh2
Jun 22 18:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: Connection closed by 176.65.139.217 port 41278 [preauth]
Jun 22 18:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7945]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Invalid user user1 from 176.65.139.217
Jun 22 18:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: input_userauth_request: invalid user user1 [preauth]
Jun 22 18:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Failed password for invalid user user1 from 176.65.139.217 port 41350 ssh2
Jun 22 18:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Connection closed by 176.65.139.217 port 41350 [preauth]
Jun 22 18:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8202]: Invalid user user from 176.65.139.217
Jun 22 18:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8202]: input_userauth_request: invalid user user [preauth]
Jun 22 18:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8202]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8202]: Failed password for invalid user user from 176.65.139.217 port 41408 ssh2
Jun 22 18:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8202]: Connection closed by 176.65.139.217 port 41408 [preauth]
Jun 22 18:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: Failed password for root from 38.55.97.143 port 40902 ssh2
Jun 22 18:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Invalid user www from 176.65.139.217
Jun 22 18:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: input_userauth_request: invalid user www [preauth]
Jun 22 18:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: Connection closed by 38.55.97.143 port 40902 [preauth]
Jun 22 18:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Failed password for invalid user www from 176.65.139.217 port 49894 ssh2
Jun 22 18:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Connection closed by 176.65.139.217 port 49894 [preauth]
Jun 22 18:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Invalid user runner from 176.65.139.217
Jun 22 18:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: input_userauth_request: invalid user runner [preauth]
Jun 22 18:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Failed password for invalid user runner from 176.65.139.217 port 49920 ssh2
Jun 22 18:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Connection closed by 176.65.139.217 port 49920 [preauth]
Jun 22 18:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Invalid user media from 176.65.139.217
Jun 22 18:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: input_userauth_request: invalid user media [preauth]
Jun 22 18:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Failed password for invalid user media from 176.65.139.217 port 49666 ssh2
Jun 22 18:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Connection closed by 176.65.139.217 port 49666 [preauth]
Jun 22 18:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8262]: Invalid user zabbix from 176.65.139.217
Jun 22 18:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8262]: input_userauth_request: invalid user zabbix [preauth]
Jun 22 18:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8262]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8262]: Failed password for invalid user zabbix from 176.65.139.217 port 49696 ssh2
Jun 22 18:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8262]: Connection closed by 176.65.139.217 port 49696 [preauth]
Jun 22 18:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Invalid user root1 from 176.65.139.217
Jun 22 18:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: input_userauth_request: invalid user root1 [preauth]
Jun 22 18:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6870]: pam_unix(cron:session): session closed for user root
Jun 22 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for invalid user root1 from 176.65.139.217 port 33860 ssh2
Jun 22 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Connection closed by 176.65.139.217 port 33860 [preauth]
Jun 22 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Invalid user azureuser from 176.65.139.217
Jun 22 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: input_userauth_request: invalid user azureuser [preauth]
Jun 22 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Failed password for invalid user azureuser from 176.65.139.217 port 33892 ssh2
Jun 22 18:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Connection closed by 176.65.139.217 port 33892 [preauth]
Jun 22 18:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: Invalid user test from 176.65.139.217
Jun 22 18:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: input_userauth_request: invalid user test [preauth]
Jun 22 18:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: Failed password for invalid user test from 176.65.139.217 port 33946 ssh2
Jun 22 18:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: Connection closed by 176.65.139.217 port 33946 [preauth]
Jun 22 18:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Failed password for root from 176.65.139.217 port 41230 ssh2
Jun 22 18:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Connection closed by 176.65.139.217 port 41230 [preauth]
Jun 22 18:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Failed password for invalid user ubuntu from 176.65.139.217 port 41274 ssh2
Jun 22 18:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Connection closed by 176.65.139.217 port 41274 [preauth]
Jun 22 18:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Invalid user ai from 176.65.139.217
Jun 22 18:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: input_userauth_request: invalid user ai [preauth]
Jun 22 18:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Failed password for invalid user ai from 176.65.139.217 port 57182 ssh2
Jun 22 18:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Connection closed by 176.65.139.217 port 57182 [preauth]
Jun 22 18:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: Invalid user runner from 176.65.139.217
Jun 22 18:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: input_userauth_request: invalid user runner [preauth]
Jun 22 18:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: Failed password for invalid user runner from 176.65.139.217 port 57292 ssh2
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: Connection closed by 176.65.139.217 port 57292 [preauth]
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8370]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8433]: Successful su for rubyman by root
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8433]: + ??? root:rubyman
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572472 of user rubyman.
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8433]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572472.
Jun 22 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Invalid user ftpuser from 176.65.139.217
Jun 22 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5580]: pam_unix(cron:session): session closed for user root
Jun 22 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Failed password for invalid user ftpuser from 176.65.139.217 port 39498 ssh2
Jun 22 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Connection closed by 176.65.139.217 port 39498 [preauth]
Jun 22 18:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8371]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Invalid user odoo14 from 176.65.139.217
Jun 22 18:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: input_userauth_request: invalid user odoo14 [preauth]
Jun 22 18:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Failed password for invalid user odoo14 from 176.65.139.217 port 39512 ssh2
Jun 22 18:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Connection closed by 176.65.139.217 port 39512 [preauth]
Jun 22 18:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8624]: Invalid user claude from 176.65.139.217
Jun 22 18:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8624]: input_userauth_request: invalid user claude [preauth]
Jun 22 18:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8624]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8624]: Failed password for invalid user claude from 176.65.139.217 port 39518 ssh2
Jun 22 18:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8624]: Connection closed by 176.65.139.217 port 39518 [preauth]
Jun 22 18:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Invalid user tester from 176.65.139.217
Jun 22 18:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: input_userauth_request: invalid user tester [preauth]
Jun 22 18:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Failed password for invalid user tester from 176.65.139.217 port 34878 ssh2
Jun 22 18:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Connection closed by 176.65.139.217 port 34878 [preauth]
Jun 22 18:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: Failed password for root from 38.55.97.143 port 58548 ssh2
Jun 22 18:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: Connection closed by 38.55.97.143 port 58548 [preauth]
Jun 22 18:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Failed password for root from 176.65.139.217 port 34932 ssh2
Jun 22 18:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Connection closed by 176.65.139.217 port 34932 [preauth]
Jun 22 18:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: Invalid user test from 176.65.139.217
Jun 22 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: input_userauth_request: invalid user test [preauth]
Jun 22 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: Failed password for invalid user test from 176.65.139.217 port 53630 ssh2
Jun 22 18:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: Connection closed by 176.65.139.217 port 53630 [preauth]
Jun 22 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: Invalid user admin123 from 176.65.139.217
Jun 22 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: input_userauth_request: invalid user admin123 [preauth]
Jun 22 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: Failed password for invalid user admin123 from 176.65.139.217 port 53640 ssh2
Jun 22 18:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: Connection closed by 176.65.139.217 port 53640 [preauth]
Jun 22 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7429]: pam_unix(cron:session): session closed for user root
Jun 22 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Failed password for root from 176.65.139.217 port 34704 ssh2
Jun 22 18:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Connection closed by 176.65.139.217 port 34704 [preauth]
Jun 22 18:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: Invalid user rdpuser from 176.65.139.217
Jun 22 18:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 18:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: Failed password for invalid user rdpuser from 176.65.139.217 port 34758 ssh2
Jun 22 18:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8736]: Connection closed by 176.65.139.217 port 34758 [preauth]
Jun 22 18:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Invalid user teamspeak from 176.65.139.217
Jun 22 18:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 18:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Failed password for invalid user teamspeak from 176.65.139.217 port 46650 ssh2
Jun 22 18:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Connection closed by 176.65.139.217 port 46650 [preauth]
Jun 22 18:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: Invalid user minecraft from 176.65.139.217
Jun 22 18:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 18:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: Failed password for invalid user minecraft from 176.65.139.217 port 46738 ssh2
Jun 22 18:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: Connection closed by 176.65.139.217 port 46738 [preauth]
Jun 22 18:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Invalid user jay from 176.65.139.217
Jun 22 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: input_userauth_request: invalid user jay [preauth]
Jun 22 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Failed password for invalid user jay from 176.65.139.217 port 46806 ssh2
Jun 22 18:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Connection closed by 176.65.139.217 port 46806 [preauth]
Jun 22 18:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: Invalid user stack from 176.65.139.217
Jun 22 18:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: input_userauth_request: invalid user stack [preauth]
Jun 22 18:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: Failed password for invalid user stack from 176.65.139.217 port 34696 ssh2
Jun 22 18:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: Connection closed by 176.65.139.217 port 34696 [preauth]
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8795]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: Successful su for rubyman by root
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: + ??? root:rubyman
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572476 of user rubyman.
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572476.
Jun 22 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: Invalid user liyang from 176.65.139.217
Jun 22 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: input_userauth_request: invalid user liyang [preauth]
Jun 22 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5993]: pam_unix(cron:session): session closed for user root
Jun 22 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: Failed password for invalid user liyang from 176.65.139.217 port 34760 ssh2
Jun 22 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: Connection closed by 176.65.139.217 port 34760 [preauth]
Jun 22 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8796]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Invalid user ducc0x from 176.65.139.217
Jun 22 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: input_userauth_request: invalid user ducc0x [preauth]
Jun 22 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Failed password for invalid user ducc0x from 176.65.139.217 port 38330 ssh2
Jun 22 18:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Connection closed by 176.65.139.217 port 38330 [preauth]
Jun 22 18:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Invalid user dmdba from 176.65.139.217
Jun 22 18:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: input_userauth_request: invalid user dmdba [preauth]
Jun 22 18:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Failed password for invalid user dmdba from 176.65.139.217 port 38362 ssh2
Jun 22 18:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Connection closed by 176.65.139.217 port 38362 [preauth]
Jun 22 18:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Failed password for root from 176.65.139.217 port 54182 ssh2
Jun 22 18:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Connection closed by 176.65.139.217 port 54182 [preauth]
Jun 22 18:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Invalid user monitor from 176.65.139.217
Jun 22 18:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: input_userauth_request: invalid user monitor [preauth]
Jun 22 18:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Failed password for invalid user monitor from 176.65.139.217 port 54210 ssh2
Jun 22 18:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Connection closed by 176.65.139.217 port 54210 [preauth]
Jun 22 18:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: Failed password for root from 38.55.97.143 port 48882 ssh2
Jun 22 18:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: Connection closed by 38.55.97.143 port 48882 [preauth]
Jun 22 18:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Invalid user rancher from 176.65.139.217
Jun 22 18:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: input_userauth_request: invalid user rancher [preauth]
Jun 22 18:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Failed password for invalid user rancher from 176.65.139.217 port 33422 ssh2
Jun 22 18:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Connection closed by 176.65.139.217 port 33422 [preauth]
Jun 22 18:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: Invalid user admin2 from 176.65.139.217
Jun 22 18:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: input_userauth_request: invalid user admin2 [preauth]
Jun 22 18:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: Failed password for invalid user admin2 from 176.65.139.217 port 33480 ssh2
Jun 22 18:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: Connection closed by 176.65.139.217 port 33480 [preauth]
Jun 22 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7947]: pam_unix(cron:session): session closed for user root
Jun 22 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: Invalid user admin1 from 176.65.139.217
Jun 22 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: Failed password for invalid user admin1 from 176.65.139.217 port 59248 ssh2
Jun 22 18:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: Connection closed by 176.65.139.217 port 59248 [preauth]
Jun 22 18:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: Failed password for root from 176.65.139.217 port 59296 ssh2
Jun 22 18:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: Connection closed by 176.65.139.217 port 59296 [preauth]
Jun 22 18:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9169]: Failed password for root from 176.65.139.217 port 47148 ssh2
Jun 22 18:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9169]: Connection closed by 176.65.139.217 port 47148 [preauth]
Jun 22 18:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9195]: Invalid user user3 from 176.65.139.217
Jun 22 18:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9195]: input_userauth_request: invalid user user3 [preauth]
Jun 22 18:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9195]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9195]: Failed password for invalid user user3 from 176.65.139.217 port 47226 ssh2
Jun 22 18:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9195]: Connection closed by 176.65.139.217 port 47226 [preauth]
Jun 22 18:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: Invalid user admin from 176.65.139.217
Jun 22 18:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: Failed password for invalid user admin from 176.65.139.217 port 46282 ssh2
Jun 22 18:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9204]: Connection closed by 176.65.139.217 port 46282 [preauth]
Jun 22 18:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: Invalid user bob from 176.65.139.217
Jun 22 18:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: input_userauth_request: invalid user bob [preauth]
Jun 22 18:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: Failed password for invalid user bob from 176.65.139.217 port 46364 ssh2
Jun 22 18:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: Connection closed by 176.65.139.217 port 46364 [preauth]
Jun 22 18:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Invalid user systemd from 176.65.139.217
Jun 22 18:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: input_userauth_request: invalid user systemd [preauth]
Jun 22 18:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9227]: pam_unix(cron:session): session closed for user root
Jun 22 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9222]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9293]: Successful su for rubyman by root
Jun 22 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9293]: + ??? root:rubyman
Jun 22 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572483 of user rubyman.
Jun 22 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9293]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572483.
Jun 22 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for invalid user systemd from 176.65.139.217 port 46396 ssh2
Jun 22 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Connection closed by 176.65.139.217 port 46396 [preauth]
Jun 22 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session closed for user root
Jun 22 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9224]: pam_unix(cron:session): session closed for user root
Jun 22 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: Invalid user git from 176.65.139.217
Jun 22 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: input_userauth_request: invalid user git [preauth]
Jun 22 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9223]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: Failed password for invalid user git from 176.65.139.217 port 44696 ssh2
Jun 22 18:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: Connection closed by 176.65.139.217 port 44696 [preauth]
Jun 22 18:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Invalid user gitlab-runner from 176.65.139.217
Jun 22 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 22 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Failed password for invalid user gitlab-runner from 176.65.139.217 port 44734 ssh2
Jun 22 18:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Connection closed by 176.65.139.217 port 44734 [preauth]
Jun 22 18:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: Failed password for invalid user ubuntu from 176.65.139.217 port 49298 ssh2
Jun 22 18:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: Connection closed by 176.65.139.217 port 49298 [preauth]
Jun 22 18:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Invalid user prem from 176.65.139.217
Jun 22 18:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: input_userauth_request: invalid user prem [preauth]
Jun 22 18:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Failed password for invalid user prem from 176.65.139.217 port 49336 ssh2
Jun 22 18:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Connection closed by 176.65.139.217 port 49336 [preauth]
Jun 22 18:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Failed password for root from 176.65.139.217 port 41918 ssh2
Jun 22 18:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Connection closed by 176.65.139.217 port 41918 [preauth]
Jun 22 18:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9564]: Invalid user lighthouse from 176.65.139.217
Jun 22 18:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9564]: input_userauth_request: invalid user lighthouse [preauth]
Jun 22 18:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9564]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: Failed password for root from 38.55.97.143 port 37232 ssh2
Jun 22 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: Connection closed by 38.55.97.143 port 37232 [preauth]
Jun 22 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9564]: Failed password for invalid user lighthouse from 176.65.139.217 port 41988 ssh2
Jun 22 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9564]: Connection closed by 176.65.139.217 port 41988 [preauth]
Jun 22 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8373]: pam_unix(cron:session): session closed for user root
Jun 22 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: Failed password for root from 176.65.139.217 port 47480 ssh2
Jun 22 18:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: Connection closed by 176.65.139.217 port 47480 [preauth]
Jun 22 18:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Invalid user security from 176.65.139.217
Jun 22 18:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: input_userauth_request: invalid user security [preauth]
Jun 22 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Failed password for invalid user security from 176.65.139.217 port 47532 ssh2
Jun 22 18:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Connection closed by 176.65.139.217 port 47532 [preauth]
Jun 22 18:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: Invalid user bernard from 176.65.139.217
Jun 22 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: input_userauth_request: invalid user bernard [preauth]
Jun 22 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: Failed password for invalid user bernard from 176.65.139.217 port 46386 ssh2
Jun 22 18:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: Connection closed by 176.65.139.217 port 46386 [preauth]
Jun 22 18:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: Failed password for root from 176.65.139.217 port 46406 ssh2
Jun 22 18:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: Connection closed by 176.65.139.217 port 46406 [preauth]
Jun 22 18:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: Invalid user jenkins from 176.65.139.217
Jun 22 18:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 18:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: Failed password for invalid user jenkins from 176.65.139.217 port 46436 ssh2
Jun 22 18:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Received disconnect from 104.236.66.186 port 56964:11: disconnected by user [preauth]
Jun 22 18:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Disconnected from 104.236.66.186 port 56964 [preauth]
Jun 22 18:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9646]: Connection closed by 176.65.139.217 port 46436 [preauth]
Jun 22 18:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Invalid user claude from 176.65.139.217
Jun 22 18:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: input_userauth_request: invalid user claude [preauth]
Jun 22 18:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Failed password for invalid user claude from 176.65.139.217 port 52624 ssh2
Jun 22 18:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Connection closed by 176.65.139.217 port 52624 [preauth]
Jun 22 18:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9675]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9673]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9740]: Successful su for rubyman by root
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9740]: + ??? root:rubyman
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572486 of user rubyman.
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9740]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572486.
Jun 22 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Failed password for root from 176.65.139.217 port 52670 ssh2
Jun 22 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Connection closed by 176.65.139.217 port 52670 [preauth]
Jun 22 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: Invalid user rocky from 176.65.139.217
Jun 22 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: input_userauth_request: invalid user rocky [preauth]
Jun 22 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6869]: pam_unix(cron:session): session closed for user root
Jun 22 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9674]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: Failed password for invalid user rocky from 176.65.139.217 port 50558 ssh2
Jun 22 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: Connection closed by 176.65.139.217 port 50558 [preauth]
Jun 22 18:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Invalid user deploy from 176.65.139.217
Jun 22 18:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Failed password for invalid user deploy from 176.65.139.217 port 50638 ssh2
Jun 22 18:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Connection closed by 176.65.139.217 port 50638 [preauth]
Jun 22 18:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Invalid user fred from 176.65.139.217
Jun 22 18:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: input_userauth_request: invalid user fred [preauth]
Jun 22 18:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Failed password for invalid user fred from 176.65.139.217 port 37442 ssh2
Jun 22 18:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Connection closed by 176.65.139.217 port 37442 [preauth]
Jun 22 18:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Invalid user sysupdate from 176.65.139.217
Jun 22 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: input_userauth_request: invalid user sysupdate [preauth]
Jun 22 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Failed password for invalid user sysupdate from 176.65.139.217 port 37474 ssh2
Jun 22 18:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Connection closed by 176.65.139.217 port 37474 [preauth]
Jun 22 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Invalid user minecraft from 176.65.139.217
Jun 22 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Failed password for invalid user minecraft from 176.65.139.217 port 34312 ssh2
Jun 22 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Connection closed by 176.65.139.217 port 34312 [preauth]
Jun 22 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Invalid user agent from 176.65.139.217
Jun 22 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: input_userauth_request: invalid user agent [preauth]
Jun 22 18:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Failed password for invalid user agent from 176.65.139.217 port 34350 ssh2
Jun 22 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Connection closed by 176.65.139.217 port 34350 [preauth]
Jun 22 18:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Invalid user tester from 176.65.139.217
Jun 22 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: input_userauth_request: invalid user tester [preauth]
Jun 22 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: Failed password for root from 38.55.97.143 port 50748 ssh2
Jun 22 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8798]: pam_unix(cron:session): session closed for user root
Jun 22 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: Connection closed by 38.55.97.143 port 50748 [preauth]
Jun 22 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Failed password for invalid user tester from 176.65.139.217 port 34370 ssh2
Jun 22 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Connection closed by 176.65.139.217 port 34370 [preauth]
Jun 22 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Connection closed by 211.25.195.253 port 11804 [preauth]
Jun 22 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: Failed password for invalid user ubuntu from 176.65.139.217 port 60364 ssh2
Jun 22 18:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: Connection closed by 176.65.139.217 port 60364 [preauth]
Jun 22 18:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: Invalid user frappe from 176.65.139.217
Jun 22 18:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: input_userauth_request: invalid user frappe [preauth]
Jun 22 18:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: Failed password for invalid user frappe from 176.65.139.217 port 60394 ssh2
Jun 22 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: Connection closed by 176.65.139.217 port 60394 [preauth]
Jun 22 18:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10346]: Invalid user deploy from 176.65.139.217
Jun 22 18:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10346]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10346]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10346]: Failed password for invalid user deploy from 176.65.139.217 port 60926 ssh2
Jun 22 18:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10346]: Connection closed by 176.65.139.217 port 60926 [preauth]
Jun 22 18:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: Invalid user oracle from 176.65.139.217
Jun 22 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: input_userauth_request: invalid user oracle [preauth]
Jun 22 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: Failed password for invalid user oracle from 176.65.139.217 port 60982 ssh2
Jun 22 18:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: Connection closed by 176.65.139.217 port 60982 [preauth]
Jun 22 18:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Invalid user odoo14 from 176.65.139.217
Jun 22 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: input_userauth_request: invalid user odoo14 [preauth]
Jun 22 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Failed password for invalid user odoo14 from 176.65.139.217 port 37332 ssh2
Jun 22 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Connection closed by 176.65.139.217 port 37332 [preauth]
Jun 22 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Invalid user openclaw from 176.65.139.217
Jun 22 18:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 18:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Failed password for invalid user openclaw from 176.65.139.217 port 37362 ssh2
Jun 22 18:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Connection closed by 176.65.139.217 port 37362 [preauth]
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10442]: Successful su for rubyman by root
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10442]: + ??? root:rubyman
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572491 of user rubyman.
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10442]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572491.
Jun 22 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7427]: pam_unix(cron:session): session closed for user root
Jun 22 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Failed password for root from 176.65.139.217 port 37450 ssh2
Jun 22 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Connection closed by 176.65.139.217 port 37450 [preauth]
Jun 22 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10382]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10622]: Failed password for root from 176.65.139.217 port 35542 ssh2
Jun 22 18:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10622]: Connection closed by 176.65.139.217 port 35542 [preauth]
Jun 22 18:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10635]: Invalid user test2 from 176.65.139.217
Jun 22 18:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10635]: input_userauth_request: invalid user test2 [preauth]
Jun 22 18:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10635]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10635]: Failed password for invalid user test2 from 176.65.139.217 port 35566 ssh2
Jun 22 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10635]: Connection closed by 176.65.139.217 port 35566 [preauth]
Jun 22 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Invalid user appuser from 176.65.139.217
Jun 22 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: input_userauth_request: invalid user appuser [preauth]
Jun 22 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Failed password for invalid user appuser from 176.65.139.217 port 35172 ssh2
Jun 22 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Connection closed by 176.65.139.217 port 35172 [preauth]
Jun 22 18:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: Invalid user nagios from 176.65.139.217
Jun 22 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: input_userauth_request: invalid user nagios [preauth]
Jun 22 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: Failed password for invalid user nagios from 176.65.139.217 port 35234 ssh2
Jun 22 18:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: Connection closed by 176.65.139.217 port 35234 [preauth]
Jun 22 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Invalid user solana from 176.65.139.217
Jun 22 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: input_userauth_request: invalid user solana [preauth]
Jun 22 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Failed password for invalid user solana from 176.65.139.217 port 59120 ssh2
Jun 22 18:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Connection closed by 176.65.139.217 port 59120 [preauth]
Jun 22 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10707]: Invalid user web from 176.65.139.217
Jun 22 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10707]: input_userauth_request: invalid user web [preauth]
Jun 22 18:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10707]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10707]: Failed password for invalid user web from 176.65.139.217 port 59152 ssh2
Jun 22 18:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10707]: Connection closed by 176.65.139.217 port 59152 [preauth]
Jun 22 18:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Invalid user devops from 176.65.139.217
Jun 22 18:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: input_userauth_request: invalid user devops [preauth]
Jun 22 18:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Failed password for root from 38.55.97.143 port 32922 ssh2
Jun 22 18:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Connection closed by 38.55.97.143 port 32922 [preauth]
Jun 22 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Failed password for invalid user devops from 176.65.139.217 port 59206 ssh2
Jun 22 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9226]: pam_unix(cron:session): session closed for user root
Jun 22 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Connection closed by 176.65.139.217 port 59206 [preauth]
Jun 22 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Failed password for root from 176.65.139.217 port 49548 ssh2
Jun 22 18:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Connection closed by 176.65.139.217 port 49548 [preauth]
Jun 22 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Invalid user minecraft from 176.65.139.217
Jun 22 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Failed password for invalid user minecraft from 176.65.139.217 port 49628 ssh2
Jun 22 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Connection closed by 176.65.139.217 port 49628 [preauth]
Jun 22 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: Failed password for root from 176.65.139.217 port 44170 ssh2
Jun 22 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: Connection closed by 176.65.139.217 port 44170 [preauth]
Jun 22 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Invalid user dmdba from 176.65.139.217
Jun 22 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: input_userauth_request: invalid user dmdba [preauth]
Jun 22 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Failed password for invalid user dmdba from 176.65.139.217 port 44224 ssh2
Jun 22 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Connection closed by 176.65.139.217 port 44224 [preauth]
Jun 22 18:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: Failed password for root from 176.65.139.217 port 55366 ssh2
Jun 22 18:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: Connection closed by 176.65.139.217 port 55366 [preauth]
Jun 22 18:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Failed password for root from 176.65.139.217 port 55394 ssh2
Jun 22 18:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Connection closed by 176.65.139.217 port 55394 [preauth]
Jun 22 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10828]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: Successful su for rubyman by root
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: + ??? root:rubyman
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572495 of user rubyman.
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572495.
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Invalid user ftpuser from 176.65.139.217
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7946]: pam_unix(cron:session): session closed for user root
Jun 22 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Failed password for invalid user ftpuser from 176.65.139.217 port 49528 ssh2
Jun 22 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Connection closed by 176.65.139.217 port 49528 [preauth]
Jun 22 18:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10829]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: Invalid user frappe from 176.65.139.217
Jun 22 18:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: input_userauth_request: invalid user frappe [preauth]
Jun 22 18:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: Failed password for invalid user frappe from 176.65.139.217 port 49616 ssh2
Jun 22 18:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: Connection closed by 176.65.139.217 port 49616 [preauth]
Jun 22 18:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: Invalid user odoo from 176.65.139.217
Jun 22 18:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: input_userauth_request: invalid user odoo [preauth]
Jun 22 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: Failed password for invalid user odoo from 176.65.139.217 port 49664 ssh2
Jun 22 18:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: Connection closed by 176.65.139.217 port 49664 [preauth]
Jun 22 18:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Invalid user elasticsearch from 176.65.139.217
Jun 22 18:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 22 18:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Failed password for invalid user elasticsearch from 176.65.139.217 port 55898 ssh2
Jun 22 18:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Connection closed by 176.65.139.217 port 55898 [preauth]
Jun 22 18:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Failed password for root from 176.65.139.217 port 55938 ssh2
Jun 22 18:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Connection closed by 176.65.139.217 port 55938 [preauth]
Jun 22 18:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: Invalid user onkar from 176.65.139.217
Jun 22 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: input_userauth_request: invalid user onkar [preauth]
Jun 22 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: Failed password for invalid user onkar from 176.65.139.217 port 59650 ssh2
Jun 22 18:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: Connection closed by 176.65.139.217 port 59650 [preauth]
Jun 22 18:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: Invalid user claude from 176.65.139.217
Jun 22 18:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: input_userauth_request: invalid user claude [preauth]
Jun 22 18:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: Failed password for invalid user claude from 176.65.139.217 port 59704 ssh2
Jun 22 18:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: Connection closed by 176.65.139.217 port 59704 [preauth]
Jun 22 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9676]: pam_unix(cron:session): session closed for user root
Jun 22 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Invalid user aaa from 176.65.139.217
Jun 22 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: input_userauth_request: invalid user aaa [preauth]
Jun 22 18:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Failed password for invalid user aaa from 176.65.139.217 port 35848 ssh2
Jun 22 18:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Connection closed by 176.65.139.217 port 35848 [preauth]
Jun 22 18:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: Failed password for root from 38.55.97.143 port 60420 ssh2
Jun 22 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: Invalid user fa from 176.65.139.217
Jun 22 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: input_userauth_request: invalid user fa [preauth]
Jun 22 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: Connection closed by 38.55.97.143 port 60420 [preauth]
Jun 22 18:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: Failed password for invalid user fa from 176.65.139.217 port 35894 ssh2
Jun 22 18:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: Connection closed by 176.65.139.217 port 35894 [preauth]
Jun 22 18:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Invalid user milad from 176.65.139.217
Jun 22 18:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: input_userauth_request: invalid user milad [preauth]
Jun 22 18:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Failed password for invalid user milad from 176.65.139.217 port 37978 ssh2
Jun 22 18:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Connection closed by 176.65.139.217 port 37978 [preauth]
Jun 22 18:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: Invalid user ghost from 176.65.139.217
Jun 22 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: input_userauth_request: invalid user ghost [preauth]
Jun 22 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: Failed password for invalid user ghost from 176.65.139.217 port 38010 ssh2
Jun 22 18:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: Connection closed by 176.65.139.217 port 38010 [preauth]
Jun 22 18:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Invalid user sftpuser from 176.65.139.217
Jun 22 18:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: input_userauth_request: invalid user sftpuser [preauth]
Jun 22 18:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Failed password for invalid user sftpuser from 176.65.139.217 port 38032 ssh2
Jun 22 18:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Connection closed by 176.65.139.217 port 38032 [preauth]
Jun 22 18:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: Failed password for root from 176.65.139.217 port 36728 ssh2
Jun 22 18:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11255]: Connection closed by 176.65.139.217 port 36728 [preauth]
Jun 22 18:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Failed password for root from 176.65.139.217 port 36770 ssh2
Jun 22 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11396]: Successful su for rubyman by root
Jun 22 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11396]: + ??? root:rubyman
Jun 22 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572498 of user rubyman.
Jun 22 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11396]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572498.
Jun 22 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Connection closed by 176.65.139.217 port 36770 [preauth]
Jun 22 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11268]: pam_unix(cron:session): session closed for user root
Jun 22 18:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8372]: pam_unix(cron:session): session closed for user root
Jun 22 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: Invalid user lin from 176.65.139.217
Jun 22 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: input_userauth_request: invalid user lin [preauth]
Jun 22 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: Failed password for invalid user lin from 176.65.139.217 port 40462 ssh2
Jun 22 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: Connection closed by 176.65.139.217 port 40462 [preauth]
Jun 22 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: Received disconnect from 91.208.197.64 port 55224:11: disconnected by user [preauth]
Jun 22 18:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: Disconnected from 91.208.197.64 port 55224 [preauth]
Jun 22 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: Invalid user ansible from 176.65.139.217
Jun 22 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: input_userauth_request: invalid user ansible [preauth]
Jun 22 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: Failed password for invalid user ansible from 176.65.139.217 port 40490 ssh2
Jun 22 18:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: Connection closed by 176.65.139.217 port 40490 [preauth]
Jun 22 18:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Invalid user config from 176.65.139.217
Jun 22 18:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: input_userauth_request: invalid user config [preauth]
Jun 22 18:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Failed password for invalid user config from 176.65.139.217 port 44798 ssh2
Jun 22 18:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Connection closed by 176.65.139.217 port 44798 [preauth]
Jun 22 18:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Invalid user aiuser from 176.65.139.217
Jun 22 18:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: input_userauth_request: invalid user aiuser [preauth]
Jun 22 18:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Invalid user kirstyn from 2.57.121.112
Jun 22 18:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: input_userauth_request: invalid user kirstyn [preauth]
Jun 22 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Failed password for invalid user aiuser from 176.65.139.217 port 44826 ssh2
Jun 22 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Connection closed by 176.65.139.217 port 44826 [preauth]
Jun 22 18:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Invalid user chris from 176.65.139.217
Jun 22 18:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: input_userauth_request: invalid user chris [preauth]
Jun 22 18:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Failed password for invalid user kirstyn from 2.57.121.112 port 14690 ssh2
Jun 22 18:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Failed password for invalid user chris from 176.65.139.217 port 44894 ssh2
Jun 22 18:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Connection closed by 176.65.139.217 port 44894 [preauth]
Jun 22 18:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Failed password for invalid user kirstyn from 2.57.121.112 port 14690 ssh2
Jun 22 18:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Failed password for invalid user kirstyn from 2.57.121.112 port 14690 ssh2
Jun 22 18:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: Failed password for root from 176.65.139.217 port 45494 ssh2
Jun 22 18:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: Connection closed by 176.65.139.217 port 45494 [preauth]
Jun 22 18:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Failed password for invalid user kirstyn from 2.57.121.112 port 14690 ssh2
Jun 22 18:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Connection closed by 2.57.121.112 port 14690 [preauth]
Jun 22 18:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 18:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 22 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: Invalid user kirstyn from 2.57.121.112
Jun 22 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: input_userauth_request: invalid user kirstyn [preauth]
Jun 22 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Invalid user test1 from 176.65.139.217
Jun 22 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: input_userauth_request: invalid user test1 [preauth]
Jun 22 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: Failed password for invalid user kirstyn from 2.57.121.112 port 4236 ssh2
Jun 22 18:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Failed password for invalid user test1 from 176.65.139.217 port 45548 ssh2
Jun 22 18:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: Connection closed by 2.57.121.112 port 4236 [preauth]
Jun 22 18:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Connection closed by 176.65.139.217 port 45548 [preauth]
Jun 22 18:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10384]: pam_unix(cron:session): session closed for user root
Jun 22 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Invalid user guest from 176.65.139.217
Jun 22 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: input_userauth_request: invalid user guest [preauth]
Jun 22 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Failed password for invalid user guest from 176.65.139.217 port 56614 ssh2
Jun 22 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Connection closed by 176.65.139.217 port 56614 [preauth]
Jun 22 18:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: Invalid user odoo16 from 176.65.139.217
Jun 22 18:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: input_userauth_request: invalid user odoo16 [preauth]
Jun 22 18:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: Failed password for invalid user odoo16 from 176.65.139.217 port 56642 ssh2
Jun 22 18:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: Connection closed by 176.65.139.217 port 56642 [preauth]
Jun 22 18:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Failed password for root from 38.55.97.143 port 51076 ssh2
Jun 22 18:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Connection closed by 38.55.97.143 port 51076 [preauth]
Jun 22 18:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Failed password for root from 176.65.139.217 port 56672 ssh2
Jun 22 18:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Connection closed by 176.65.139.217 port 56672 [preauth]
Jun 22 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: Invalid user steam from 176.65.139.217
Jun 22 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: input_userauth_request: invalid user steam [preauth]
Jun 22 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: Failed password for invalid user steam from 176.65.139.217 port 41726 ssh2
Jun 22 18:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: Connection closed by 176.65.139.217 port 41726 [preauth]
Jun 22 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: Invalid user system from 176.65.139.217
Jun 22 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: input_userauth_request: invalid user system [preauth]
Jun 22 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: Failed password for invalid user system from 176.65.139.217 port 41768 ssh2
Jun 22 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: Connection closed by 176.65.139.217 port 41768 [preauth]
Jun 22 18:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: Failed password for root from 176.65.139.217 port 45516 ssh2
Jun 22 18:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: Connection closed by 176.65.139.217 port 45516 [preauth]
Jun 22 18:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Failed password for root from 176.65.139.217 port 45556 ssh2
Jun 22 18:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Connection closed by 176.65.139.217 port 45556 [preauth]
Jun 22 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session closed for user root
Jun 22 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11846]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11945]: Successful su for rubyman by root
Jun 22 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11945]: + ??? root:rubyman
Jun 22 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572505 of user rubyman.
Jun 22 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11945]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572505.
Jun 22 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session closed for user root
Jun 22 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8797]: pam_unix(cron:session): session closed for user root
Jun 22 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: Failed password for root from 176.65.139.217 port 45620 ssh2
Jun 22 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: Connection closed by 176.65.139.217 port 45620 [preauth]
Jun 22 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Invalid user david from 176.65.139.217
Jun 22 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: input_userauth_request: invalid user david [preauth]
Jun 22 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11847]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Failed password for invalid user david from 176.65.139.217 port 35322 ssh2
Jun 22 18:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Connection closed by 176.65.139.217 port 35322 [preauth]
Jun 22 18:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: Invalid user dmdba from 176.65.139.217
Jun 22 18:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: input_userauth_request: invalid user dmdba [preauth]
Jun 22 18:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: Failed password for invalid user dmdba from 176.65.139.217 port 35356 ssh2
Jun 22 18:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: Connection closed by 176.65.139.217 port 35356 [preauth]
Jun 22 18:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Invalid user master from 176.65.139.217
Jun 22 18:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: input_userauth_request: invalid user master [preauth]
Jun 22 18:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Failed password for invalid user master from 176.65.139.217 port 35756 ssh2
Jun 22 18:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Connection closed by 176.65.139.217 port 35756 [preauth]
Jun 22 18:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Failed password for root from 176.65.139.217 port 35794 ssh2
Jun 22 18:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Connection closed by 176.65.139.217 port 35794 [preauth]
Jun 22 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Invalid user uftp from 176.65.139.217
Jun 22 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: input_userauth_request: invalid user uftp [preauth]
Jun 22 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Failed password for invalid user uftp from 176.65.139.217 port 45704 ssh2
Jun 22 18:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Connection closed by 176.65.139.217 port 45704 [preauth]
Jun 22 18:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12219]: Invalid user gpadmin from 176.65.139.217
Jun 22 18:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12219]: input_userauth_request: invalid user gpadmin [preauth]
Jun 22 18:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12219]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12219]: Failed password for invalid user gpadmin from 176.65.139.217 port 45734 ssh2
Jun 22 18:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12219]: Connection closed by 176.65.139.217 port 45734 [preauth]
Jun 22 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Invalid user postgres from 176.65.139.217
Jun 22 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: input_userauth_request: invalid user postgres [preauth]
Jun 22 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10831]: pam_unix(cron:session): session closed for user root
Jun 22 18:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Failed password for invalid user postgres from 176.65.139.217 port 53256 ssh2
Jun 22 18:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Connection closed by 176.65.139.217 port 53256 [preauth]
Jun 22 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: Invalid user user1 from 176.65.139.217
Jun 22 18:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: input_userauth_request: invalid user user1 [preauth]
Jun 22 18:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: Failed password for invalid user user1 from 176.65.139.217 port 53298 ssh2
Jun 22 18:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: Connection closed by 176.65.139.217 port 53298 [preauth]
Jun 22 18:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12388]: Failed password for root from 176.65.139.217 port 53360 ssh2
Jun 22 18:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12388]: Connection closed by 176.65.139.217 port 53360 [preauth]
Jun 22 18:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: Invalid user deployer from 176.65.139.217
Jun 22 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: input_userauth_request: invalid user deployer [preauth]
Jun 22 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: Failed password for invalid user deployer from 176.65.139.217 port 32950 ssh2
Jun 22 18:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: Connection closed by 176.65.139.217 port 32950 [preauth]
Jun 22 18:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Failed password for root from 38.55.97.143 port 40328 ssh2
Jun 22 18:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Connection closed by 38.55.97.143 port 40328 [preauth]
Jun 22 18:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Failed password for root from 176.65.139.217 port 32976 ssh2
Jun 22 18:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Connection closed by 176.65.139.217 port 32976 [preauth]
Jun 22 18:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: Invalid user testuser from 176.65.139.217
Jun 22 18:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: input_userauth_request: invalid user testuser [preauth]
Jun 22 18:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: Failed password for invalid user testuser from 176.65.139.217 port 53992 ssh2
Jun 22 18:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: Connection closed by 176.65.139.217 port 53992 [preauth]
Jun 22 18:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 18:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Failed password for root from 202.178.126.219 port 46624 ssh2
Jun 22 18:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Connection closed by 202.178.126.219 port 46624 [preauth]
Jun 22 18:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: Failed password for invalid user ubuntu from 176.65.139.217 port 54042 ssh2
Jun 22 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: Connection closed by 176.65.139.217 port 54042 [preauth]
Jun 22 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12460]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12527]: Successful su for rubyman by root
Jun 22 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12527]: + ??? root:rubyman
Jun 22 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572509 of user rubyman.
Jun 22 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12527]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572509.
Jun 22 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12587]: Invalid user rocky from 176.65.139.217
Jun 22 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12587]: input_userauth_request: invalid user rocky [preauth]
Jun 22 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12587]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9225]: pam_unix(cron:session): session closed for user root
Jun 22 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12587]: Failed password for invalid user rocky from 176.65.139.217 port 38454 ssh2
Jun 22 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12587]: Connection closed by 176.65.139.217 port 38454 [preauth]
Jun 22 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12461]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Invalid user parsa from 176.65.139.217
Jun 22 18:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: input_userauth_request: invalid user parsa [preauth]
Jun 22 18:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Failed password for invalid user parsa from 176.65.139.217 port 38522 ssh2
Jun 22 18:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Connection closed by 176.65.139.217 port 38522 [preauth]
Jun 22 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Invalid user pi from 176.65.139.217
Jun 22 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: input_userauth_request: invalid user pi [preauth]
Jun 22 18:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Failed password for invalid user pi from 176.65.139.217 port 54328 ssh2
Jun 22 18:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Connection closed by 176.65.139.217 port 54328 [preauth]
Jun 22 18:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Invalid user deploy from 176.65.139.217
Jun 22 18:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Failed password for invalid user deploy from 176.65.139.217 port 54356 ssh2
Jun 22 18:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Connection closed by 176.65.139.217 port 54356 [preauth]
Jun 22 18:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: Invalid user gabriel from 176.65.139.217
Jun 22 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: input_userauth_request: invalid user gabriel [preauth]
Jun 22 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: Failed password for invalid user gabriel from 176.65.139.217 port 43772 ssh2
Jun 22 18:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: Connection closed by 176.65.139.217 port 43772 [preauth]
Jun 22 18:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: Invalid user postgres from 176.65.139.217
Jun 22 18:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: input_userauth_request: invalid user postgres [preauth]
Jun 22 18:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: Failed password for invalid user postgres from 176.65.139.217 port 43824 ssh2
Jun 22 18:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: Connection closed by 176.65.139.217 port 43824 [preauth]
Jun 22 18:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12801]: Invalid user ts3 from 176.65.139.217
Jun 22 18:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12801]: input_userauth_request: invalid user ts3 [preauth]
Jun 22 18:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12801]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11274]: pam_unix(cron:session): session closed for user root
Jun 22 18:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12801]: Failed password for invalid user ts3 from 176.65.139.217 port 47292 ssh2
Jun 22 18:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12801]: Connection closed by 176.65.139.217 port 47292 [preauth]
Jun 22 18:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Invalid user admin1 from 176.65.139.217
Jun 22 18:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 18:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Failed password for invalid user admin1 from 176.65.139.217 port 47312 ssh2
Jun 22 18:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Connection closed by 176.65.139.217 port 47312 [preauth]
Jun 22 18:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Invalid user admin from 176.65.139.217
Jun 22 18:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Failed password for invalid user admin from 176.65.139.217 port 47350 ssh2
Jun 22 18:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Connection closed by 176.65.139.217 port 47350 [preauth]
Jun 22 18:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Invalid user daniel from 176.65.139.217
Jun 22 18:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: input_userauth_request: invalid user daniel [preauth]
Jun 22 18:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Failed password for invalid user daniel from 176.65.139.217 port 48388 ssh2
Jun 22 18:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Connection closed by 176.65.139.217 port 48388 [preauth]
Jun 22 18:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: Invalid user rdpuser from 176.65.139.217
Jun 22 18:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 18:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Failed password for root from 38.55.97.143 port 57938 ssh2
Jun 22 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Connection closed by 38.55.97.143 port 57938 [preauth]
Jun 22 18:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: Failed password for invalid user rdpuser from 176.65.139.217 port 48434 ssh2
Jun 22 18:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: Connection closed by 176.65.139.217 port 48434 [preauth]
Jun 22 18:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Failed password for root from 193.24.211.107 port 50450 ssh2
Jun 22 18:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Received disconnect from 193.24.211.107 port 50450:11: Client disconnecting normally [preauth]
Jun 22 18:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Disconnected from 193.24.211.107 port 50450 [preauth]
Jun 22 18:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Invalid user user from 176.65.139.217
Jun 22 18:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: input_userauth_request: invalid user user [preauth]
Jun 22 18:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Failed password for invalid user user from 176.65.139.217 port 59686 ssh2
Jun 22 18:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Connection closed by 176.65.139.217 port 59686 [preauth]
Jun 22 18:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: Invalid user user2 from 176.65.139.217
Jun 22 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: input_userauth_request: invalid user user2 [preauth]
Jun 22 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: Failed password for invalid user user2 from 176.65.139.217 port 59712 ssh2
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12968]: Successful su for rubyman by root
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12968]: + ??? root:rubyman
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572514 of user rubyman.
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12968]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572514.
Jun 22 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: Connection closed by 176.65.139.217 port 59712 [preauth]
Jun 22 18:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9675]: pam_unix(cron:session): session closed for user root
Jun 22 18:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12910]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: Failed password for root from 176.65.139.217 port 50940 ssh2
Jun 22 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: Connection closed by 176.65.139.217 port 50940 [preauth]
Jun 22 18:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: Invalid user claude from 176.65.139.217
Jun 22 18:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: input_userauth_request: invalid user claude [preauth]
Jun 22 18:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: Failed password for invalid user claude from 176.65.139.217 port 51018 ssh2
Jun 22 18:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: Connection closed by 176.65.139.217 port 51018 [preauth]
Jun 22 18:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Invalid user coder from 176.65.139.217
Jun 22 18:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: input_userauth_request: invalid user coder [preauth]
Jun 22 18:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Failed password for invalid user coder from 176.65.139.217 port 41652 ssh2
Jun 22 18:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Connection closed by 176.65.139.217 port 41652 [preauth]
Jun 22 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: Invalid user cloud from 176.65.139.217
Jun 22 18:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: input_userauth_request: invalid user cloud [preauth]
Jun 22 18:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: Failed password for invalid user cloud from 176.65.139.217 port 41728 ssh2
Jun 22 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: Connection closed by 176.65.139.217 port 41728 [preauth]
Jun 22 18:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: Invalid user grok from 176.65.139.217
Jun 22 18:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: input_userauth_request: invalid user grok [preauth]
Jun 22 18:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: Failed password for invalid user grok from 176.65.139.217 port 51886 ssh2
Jun 22 18:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: Connection closed by 176.65.139.217 port 51886 [preauth]
Jun 22 18:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Failed password for root from 176.65.139.217 port 51928 ssh2
Jun 22 18:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Connection closed by 176.65.139.217 port 51928 [preauth]
Jun 22 18:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: Invalid user ali from 176.65.139.217
Jun 22 18:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: input_userauth_request: invalid user ali [preauth]
Jun 22 18:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: Failed password for invalid user ali from 176.65.139.217 port 51962 ssh2
Jun 22 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session closed for user root
Jun 22 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: Connection closed by 176.65.139.217 port 51962 [preauth]
Jun 22 18:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: Invalid user guest from 176.65.139.217
Jun 22 18:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: input_userauth_request: invalid user guest [preauth]
Jun 22 18:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: Failed password for invalid user guest from 176.65.139.217 port 49928 ssh2
Jun 22 18:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: Connection closed by 176.65.139.217 port 49928 [preauth]
Jun 22 18:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: Failed password for root from 176.65.139.217 port 49966 ssh2
Jun 22 18:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: Connection closed by 176.65.139.217 port 49966 [preauth]
Jun 22 18:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: Invalid user jack from 176.65.139.217
Jun 22 18:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: input_userauth_request: invalid user jack [preauth]
Jun 22 18:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: Failed password for invalid user jack from 176.65.139.217 port 56376 ssh2
Jun 22 18:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: Connection closed by 176.65.139.217 port 56376 [preauth]
Jun 22 18:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: Invalid user lucas from 176.65.139.217
Jun 22 18:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: input_userauth_request: invalid user lucas [preauth]
Jun 22 18:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: Failed password for invalid user lucas from 176.65.139.217 port 56398 ssh2
Jun 22 18:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: Connection closed by 176.65.139.217 port 56398 [preauth]
Jun 22 18:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Failed password for root from 38.55.97.143 port 41006 ssh2
Jun 22 18:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Connection closed by 38.55.97.143 port 41006 [preauth]
Jun 22 18:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Failed password for invalid user ubuntu from 176.65.139.217 port 53670 ssh2
Jun 22 18:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Connection closed by 176.65.139.217 port 53670 [preauth]
Jun 22 18:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Invalid user adminuser from 176.65.139.217
Jun 22 18:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: input_userauth_request: invalid user adminuser [preauth]
Jun 22 18:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: Successful su for rubyman by root
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: + ??? root:rubyman
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572518 of user rubyman.
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572518.
Jun 22 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Failed password for invalid user adminuser from 176.65.139.217 port 53688 ssh2
Jun 22 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Connection closed by 176.65.139.217 port 53688 [preauth]
Jun 22 18:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10383]: pam_unix(cron:session): session closed for user root
Jun 22 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: Invalid user milad from 176.65.139.217
Jun 22 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: input_userauth_request: invalid user milad [preauth]
Jun 22 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: Failed password for invalid user milad from 176.65.139.217 port 47320 ssh2
Jun 22 18:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: Connection closed by 176.65.139.217 port 47320 [preauth]
Jun 22 18:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Invalid user frappe from 176.65.139.217
Jun 22 18:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: input_userauth_request: invalid user frappe [preauth]
Jun 22 18:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Failed password for invalid user frappe from 176.65.139.217 port 47350 ssh2
Jun 22 18:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Connection closed by 176.65.139.217 port 47350 [preauth]
Jun 22 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Invalid user core from 176.65.139.217
Jun 22 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: input_userauth_request: invalid user core [preauth]
Jun 22 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Failed password for invalid user core from 176.65.139.217 port 36318 ssh2
Jun 22 18:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Connection closed by 176.65.139.217 port 36318 [preauth]
Jun 22 18:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Invalid user admin from 176.65.139.217
Jun 22 18:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Failed password for invalid user admin from 176.65.139.217 port 36430 ssh2
Jun 22 18:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Connection closed by 176.65.139.217 port 36430 [preauth]
Jun 22 18:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Invalid user runner from 176.65.139.217
Jun 22 18:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: input_userauth_request: invalid user runner [preauth]
Jun 22 18:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Failed password for invalid user runner from 176.65.139.217 port 42058 ssh2
Jun 22 18:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Connection closed by 176.65.139.217 port 42058 [preauth]
Jun 22 18:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Invalid user airflow from 176.65.139.217
Jun 22 18:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: input_userauth_request: invalid user airflow [preauth]
Jun 22 18:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Failed password for invalid user airflow from 176.65.139.217 port 42082 ssh2
Jun 22 18:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Connection closed by 176.65.139.217 port 42082 [preauth]
Jun 22 18:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: Invalid user student from 176.65.139.217
Jun 22 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: input_userauth_request: invalid user student [preauth]
Jun 22 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12464]: pam_unix(cron:session): session closed for user root
Jun 22 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: Failed password for invalid user student from 176.65.139.217 port 42106 ssh2
Jun 22 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: Connection closed by 176.65.139.217 port 42106 [preauth]
Jun 22 18:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13701]: Failed password for root from 176.65.139.217 port 39202 ssh2
Jun 22 18:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13701]: Connection closed by 176.65.139.217 port 39202 [preauth]
Jun 22 18:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: Invalid user kingbase from 176.65.139.217
Jun 22 18:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: input_userauth_request: invalid user kingbase [preauth]
Jun 22 18:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: Failed password for invalid user kingbase from 176.65.139.217 port 39260 ssh2
Jun 22 18:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: Connection closed by 176.65.139.217 port 39260 [preauth]
Jun 22 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13743]: Invalid user admin from 176.65.139.217
Jun 22 18:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13743]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13743]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13743]: Failed password for invalid user admin from 176.65.139.217 port 52168 ssh2
Jun 22 18:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13743]: Connection closed by 176.65.139.217 port 52168 [preauth]
Jun 22 18:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Invalid user bot from 176.65.139.217
Jun 22 18:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: input_userauth_request: invalid user bot [preauth]
Jun 22 18:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Failed password for invalid user bot from 176.65.139.217 port 52204 ssh2
Jun 22 18:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Connection closed by 176.65.139.217 port 52204 [preauth]
Jun 22 18:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: Invalid user omm from 176.65.139.217
Jun 22 18:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: input_userauth_request: invalid user omm [preauth]
Jun 22 18:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: Failed password for invalid user omm from 176.65.139.217 port 34108 ssh2
Jun 22 18:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: Connection closed by 176.65.139.217 port 34108 [preauth]
Jun 22 18:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: Failed password for root from 38.55.97.143 port 51642 ssh2
Jun 22 18:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: Connection closed by 38.55.97.143 port 51642 [preauth]
Jun 22 18:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13770]: Failed password for root from 176.65.139.217 port 34122 ssh2
Jun 22 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13770]: Connection closed by 176.65.139.217 port 34122 [preauth]
Jun 22 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13782]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: Successful su for rubyman by root
Jun 22 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: + ??? root:rubyman
Jun 22 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572522 of user rubyman.
Jun 22 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572522.
Jun 22 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: Invalid user newuser from 176.65.139.217
Jun 22 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: input_userauth_request: invalid user newuser [preauth]
Jun 22 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10830]: pam_unix(cron:session): session closed for user root
Jun 22 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: Failed password for invalid user newuser from 176.65.139.217 port 35536 ssh2
Jun 22 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: Connection closed by 176.65.139.217 port 35536 [preauth]
Jun 22 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13783]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: Invalid user openvpn from 176.65.139.217
Jun 22 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: input_userauth_request: invalid user openvpn [preauth]
Jun 22 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: Failed password for invalid user openvpn from 176.65.139.217 port 35580 ssh2
Jun 22 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: Connection closed by 176.65.139.217 port 35580 [preauth]
Jun 22 18:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Invalid user administrator from 176.65.139.217
Jun 22 18:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: input_userauth_request: invalid user administrator [preauth]
Jun 22 18:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Failed password for invalid user administrator from 176.65.139.217 port 35616 ssh2
Jun 22 18:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Connection closed by 176.65.139.217 port 35616 [preauth]
Jun 22 18:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: Invalid user bot from 176.65.139.217
Jun 22 18:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: input_userauth_request: invalid user bot [preauth]
Jun 22 18:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: Failed password for invalid user bot from 176.65.139.217 port 38312 ssh2
Jun 22 18:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: Connection closed by 176.65.139.217 port 38312 [preauth]
Jun 22 18:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: Invalid user odoo17 from 176.65.139.217
Jun 22 18:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: input_userauth_request: invalid user odoo17 [preauth]
Jun 22 18:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: Failed password for invalid user odoo17 from 176.65.139.217 port 38352 ssh2
Jun 22 18:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: Connection closed by 176.65.139.217 port 38352 [preauth]
Jun 22 18:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14093]: Invalid user operator from 176.65.139.217
Jun 22 18:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14093]: input_userauth_request: invalid user operator [preauth]
Jun 22 18:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14093]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14093]: Failed password for invalid user operator from 176.65.139.217 port 41828 ssh2
Jun 22 18:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14093]: Connection closed by 176.65.139.217 port 41828 [preauth]
Jun 22 18:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14104]: Failed password for root from 176.65.139.217 port 41852 ssh2
Jun 22 18:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14104]: Connection closed by 176.65.139.217 port 41852 [preauth]
Jun 22 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12912]: pam_unix(cron:session): session closed for user root
Jun 22 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Invalid user worker from 176.65.139.217
Jun 22 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: input_userauth_request: invalid user worker [preauth]
Jun 22 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Failed password for invalid user worker from 176.65.139.217 port 45926 ssh2
Jun 22 18:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Connection closed by 176.65.139.217 port 45926 [preauth]
Jun 22 18:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Invalid user dani from 176.65.139.217
Jun 22 18:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: input_userauth_request: invalid user dani [preauth]
Jun 22 18:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Failed password for invalid user dani from 176.65.139.217 port 46012 ssh2
Jun 22 18:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Connection closed by 176.65.139.217 port 46012 [preauth]
Jun 22 18:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14159]: Failed password for root from 176.65.139.217 port 52268 ssh2
Jun 22 18:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14159]: Connection closed by 176.65.139.217 port 52268 [preauth]
Jun 22 18:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: Invalid user guest from 176.65.139.217
Jun 22 18:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: input_userauth_request: invalid user guest [preauth]
Jun 22 18:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: Failed password for invalid user guest from 176.65.139.217 port 52308 ssh2
Jun 22 18:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: Connection closed by 176.65.139.217 port 52308 [preauth]
Jun 22 18:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14181]: Invalid user runner from 176.65.139.217
Jun 22 18:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14181]: input_userauth_request: invalid user runner [preauth]
Jun 22 18:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14181]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14181]: Failed password for invalid user runner from 176.65.139.217 port 52326 ssh2
Jun 22 18:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14181]: Connection closed by 176.65.139.217 port 52326 [preauth]
Jun 22 18:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Failed password for invalid user ubuntu from 176.65.139.217 port 50224 ssh2
Jun 22 18:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Connection closed by 176.65.139.217 port 50224 [preauth]
Jun 22 18:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: Failed password for root from 38.55.97.143 port 36360 ssh2
Jun 22 18:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: Connection closed by 38.55.97.143 port 36360 [preauth]
Jun 22 18:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14212]: pam_unix(cron:session): session closed for user root
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14206]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14273]: Successful su for rubyman by root
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14273]: + ??? root:rubyman
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572530 of user rubyman.
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14273]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572530.
Jun 22 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14203]: Failed password for root from 176.65.139.217 port 50282 ssh2
Jun 22 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14203]: Connection closed by 176.65.139.217 port 50282 [preauth]
Jun 22 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14208]: pam_unix(cron:session): session closed for user root
Jun 22 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11273]: pam_unix(cron:session): session closed for user root
Jun 22 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: Invalid user ec2-user from 176.65.139.217
Jun 22 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: input_userauth_request: invalid user ec2-user [preauth]
Jun 22 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14207]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: Failed password for invalid user ec2-user from 176.65.139.217 port 55406 ssh2
Jun 22 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: Connection closed by 176.65.139.217 port 55406 [preauth]
Jun 22 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14480]: Failed password for root from 176.65.139.217 port 55424 ssh2
Jun 22 18:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14480]: Connection closed by 176.65.139.217 port 55424 [preauth]
Jun 22 18:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: Failed password for root from 176.65.139.217 port 56520 ssh2
Jun 22 18:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: Connection closed by 176.65.139.217 port 56520 [preauth]
Jun 22 18:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: Invalid user tester from 176.65.139.217
Jun 22 18:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: input_userauth_request: invalid user tester [preauth]
Jun 22 18:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: Failed password for invalid user tester from 176.65.139.217 port 56562 ssh2
Jun 22 18:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: Connection closed by 176.65.139.217 port 56562 [preauth]
Jun 22 18:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: Failed password for root from 176.65.139.217 port 54610 ssh2
Jun 22 18:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: Connection closed by 176.65.139.217 port 54610 [preauth]
Jun 22 18:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Failed password for root from 176.65.139.217 port 54630 ssh2
Jun 22 18:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Connection closed by 176.65.139.217 port 54630 [preauth]
Jun 22 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Invalid user trade from 176.65.139.217
Jun 22 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: input_userauth_request: invalid user trade [preauth]
Jun 22 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session closed for user root
Jun 22 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Failed password for invalid user trade from 176.65.139.217 port 54692 ssh2
Jun 22 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Connection closed by 176.65.139.217 port 54692 [preauth]
Jun 22 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Failed password for root from 176.65.139.217 port 33632 ssh2
Jun 22 18:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Connection closed by 176.65.139.217 port 33632 [preauth]
Jun 22 18:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: Invalid user test from 176.65.139.217
Jun 22 18:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: input_userauth_request: invalid user test [preauth]
Jun 22 18:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: Failed password for invalid user test from 176.65.139.217 port 33684 ssh2
Jun 22 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: Connection closed by 176.65.139.217 port 33684 [preauth]
Jun 22 18:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: Invalid user clawdbot from 176.65.139.217
Jun 22 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: input_userauth_request: invalid user clawdbot [preauth]
Jun 22 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: Failed password for invalid user clawdbot from 176.65.139.217 port 46378 ssh2
Jun 22 18:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: Connection closed by 176.65.139.217 port 46378 [preauth]
Jun 22 18:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Failed password for root from 176.65.139.217 port 46432 ssh2
Jun 22 18:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Connection closed by 176.65.139.217 port 46432 [preauth]
Jun 22 18:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Invalid user user1 from 176.65.139.217
Jun 22 18:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: input_userauth_request: invalid user user1 [preauth]
Jun 22 18:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Failed password for invalid user user1 from 176.65.139.217 port 42570 ssh2
Jun 22 18:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Connection closed by 176.65.139.217 port 42570 [preauth]
Jun 22 18:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: Invalid user labuser from 176.65.139.217
Jun 22 18:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: input_userauth_request: invalid user labuser [preauth]
Jun 22 18:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: Failed password for invalid user labuser from 176.65.139.217 port 42618 ssh2
Jun 22 18:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: Connection closed by 176.65.139.217 port 42618 [preauth]
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14693]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14811]: Successful su for rubyman by root
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14811]: + ??? root:rubyman
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572531 of user rubyman.
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14811]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572531.
Jun 22 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Invalid user ark from 176.65.139.217
Jun 22 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: input_userauth_request: invalid user ark [preauth]
Jun 22 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Failed password for invalid user ark from 176.65.139.217 port 34116 ssh2
Jun 22 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session closed for user root
Jun 22 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Connection closed by 176.65.139.217 port 34116 [preauth]
Jun 22 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Failed password for root from 38.55.97.143 port 50838 ssh2
Jun 22 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Connection closed by 38.55.97.143 port 50838 [preauth]
Jun 22 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14694]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: Invalid user webuser from 176.65.139.217
Jun 22 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: input_userauth_request: invalid user webuser [preauth]
Jun 22 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: Failed password for invalid user webuser from 176.65.139.217 port 34148 ssh2
Jun 22 18:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: Connection closed by 176.65.139.217 port 34148 [preauth]
Jun 22 18:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: Failed password for root from 176.65.139.217 port 34192 ssh2
Jun 22 18:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: Connection closed by 176.65.139.217 port 34192 [preauth]
Jun 22 18:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Invalid user dev from 176.65.139.217
Jun 22 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: input_userauth_request: invalid user dev [preauth]
Jun 22 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Failed password for invalid user dev from 176.65.139.217 port 40746 ssh2
Jun 22 18:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Connection closed by 176.65.139.217 port 40746 [preauth]
Jun 22 18:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Invalid user user from 176.65.139.217
Jun 22 18:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: input_userauth_request: invalid user user [preauth]
Jun 22 18:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Failed password for invalid user user from 176.65.139.217 port 40782 ssh2
Jun 22 18:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Connection closed by 176.65.139.217 port 40782 [preauth]
Jun 22 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Failed password for invalid user ubuntu from 176.65.139.217 port 47642 ssh2
Jun 22 18:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Connection closed by 176.65.139.217 port 47642 [preauth]
Jun 22 18:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: Invalid user test from 176.65.139.217
Jun 22 18:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: input_userauth_request: invalid user test [preauth]
Jun 22 18:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: Failed password for invalid user test from 176.65.139.217 port 47704 ssh2
Jun 22 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: Connection closed by 176.65.139.217 port 47704 [preauth]
Jun 22 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13785]: pam_unix(cron:session): session closed for user root
Jun 22 18:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: Failed password for invalid user ubuntu from 176.65.139.217 port 46098 ssh2
Jun 22 18:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: Connection closed by 176.65.139.217 port 46098 [preauth]
Jun 22 18:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15120]: Invalid user main from 176.65.139.217
Jun 22 18:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15120]: input_userauth_request: invalid user main [preauth]
Jun 22 18:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15120]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15120]: Failed password for invalid user main from 176.65.139.217 port 46124 ssh2
Jun 22 18:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15120]: Connection closed by 176.65.139.217 port 46124 [preauth]
Jun 22 18:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Invalid user user from 176.65.139.217
Jun 22 18:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: input_userauth_request: invalid user user [preauth]
Jun 22 18:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Failed password for invalid user user from 176.65.139.217 port 49708 ssh2
Jun 22 18:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Connection closed by 176.65.139.217 port 49708 [preauth]
Jun 22 18:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: Failed password for root from 176.65.139.217 port 49726 ssh2
Jun 22 18:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: Connection closed by 176.65.139.217 port 49726 [preauth]
Jun 22 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: Invalid user user1 from 176.65.139.217
Jun 22 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: input_userauth_request: invalid user user1 [preauth]
Jun 22 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: Failed password for invalid user user1 from 176.65.139.217 port 60586 ssh2
Jun 22 18:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: Connection closed by 176.65.139.217 port 60586 [preauth]
Jun 22 18:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Invalid user claude from 176.65.139.217
Jun 22 18:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: input_userauth_request: invalid user claude [preauth]
Jun 22 18:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15183]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15248]: Successful su for rubyman by root
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15248]: + ??? root:rubyman
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572537 of user rubyman.
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15248]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572537.
Jun 22 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Failed password for invalid user claude from 176.65.139.217 port 60634 ssh2
Jun 22 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Connection closed by 176.65.139.217 port 60634 [preauth]
Jun 22 18:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12463]: pam_unix(cron:session): session closed for user root
Jun 22 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Invalid user claude from 176.65.139.217
Jun 22 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: input_userauth_request: invalid user claude [preauth]
Jun 22 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15184]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Failed password for invalid user claude from 176.65.139.217 port 36734 ssh2
Jun 22 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Connection closed by 176.65.139.217 port 36734 [preauth]
Jun 22 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Invalid user customer from 176.65.139.217
Jun 22 18:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: input_userauth_request: invalid user customer [preauth]
Jun 22 18:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: Failed password for root from 38.55.97.143 port 37628 ssh2
Jun 22 18:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Failed password for invalid user customer from 176.65.139.217 port 36772 ssh2
Jun 22 18:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: Connection closed by 38.55.97.143 port 37628 [preauth]
Jun 22 18:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Connection closed by 176.65.139.217 port 36772 [preauth]
Jun 22 18:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: Invalid user admin from 176.65.139.217
Jun 22 18:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: Failed password for invalid user admin from 176.65.139.217 port 57258 ssh2
Jun 22 18:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: Connection closed by 176.65.139.217 port 57258 [preauth]
Jun 22 18:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Invalid user ftpuser from 176.65.139.217
Jun 22 18:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 18:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Failed password for invalid user ftpuser from 176.65.139.217 port 57306 ssh2
Jun 22 18:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Connection closed by 176.65.139.217 port 57306 [preauth]
Jun 22 18:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Failed password for root from 176.65.139.217 port 57338 ssh2
Jun 22 18:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Connection closed by 176.65.139.217 port 57338 [preauth]
Jun 22 18:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Invalid user deploy from 176.65.139.217
Jun 22 18:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Failed password for invalid user deploy from 176.65.139.217 port 38680 ssh2
Jun 22 18:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Connection closed by 176.65.139.217 port 38680 [preauth]
Jun 22 18:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14211]: pam_unix(cron:session): session closed for user root
Jun 22 18:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: Failed password for root from 176.65.139.217 port 38704 ssh2
Jun 22 18:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: Connection closed by 176.65.139.217 port 38704 [preauth]
Jun 22 18:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Invalid user openclaw from 176.65.139.217
Jun 22 18:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 18:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Failed password for invalid user openclaw from 176.65.139.217 port 32806 ssh2
Jun 22 18:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Connection closed by 176.65.139.217 port 32806 [preauth]
Jun 22 18:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: Invalid user root1 from 176.65.139.217
Jun 22 18:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: input_userauth_request: invalid user root1 [preauth]
Jun 22 18:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: Failed password for invalid user root1 from 176.65.139.217 port 32826 ssh2
Jun 22 18:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: Connection closed by 176.65.139.217 port 32826 [preauth]
Jun 22 18:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15557]: Invalid user app from 176.65.139.217
Jun 22 18:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15557]: input_userauth_request: invalid user app [preauth]
Jun 22 18:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15557]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15557]: Failed password for invalid user app from 176.65.139.217 port 41278 ssh2
Jun 22 18:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15557]: Connection closed by 176.65.139.217 port 41278 [preauth]
Jun 22 18:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: Invalid user user from 176.65.139.217
Jun 22 18:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: input_userauth_request: invalid user user [preauth]
Jun 22 18:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: Failed password for invalid user user from 176.65.139.217 port 41330 ssh2
Jun 22 18:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: Connection closed by 176.65.139.217 port 41330 [preauth]
Jun 22 18:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: Invalid user admin from 176.65.139.217
Jun 22 18:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: Failed password for invalid user admin from 176.65.139.217 port 35814 ssh2
Jun 22 18:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: Connection closed by 176.65.139.217 port 35814 [preauth]
Jun 22 18:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: Invalid user home from 176.65.139.217
Jun 22 18:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: input_userauth_request: invalid user home [preauth]
Jun 22 18:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: Successful su for rubyman by root
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: + ??? root:rubyman
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572539 of user rubyman.
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572539.
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: Failed password for invalid user home from 176.65.139.217 port 35836 ssh2
Jun 22 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: Connection closed by 176.65.139.217 port 35836 [preauth]
Jun 22 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session closed for user root
Jun 22 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: Failed password for root from 176.65.139.217 port 34652 ssh2
Jun 22 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: Connection closed by 176.65.139.217 port 34652 [preauth]
Jun 22 18:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Invalid user pi from 176.65.139.217
Jun 22 18:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: input_userauth_request: invalid user pi [preauth]
Jun 22 18:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Failed password for invalid user pi from 176.65.139.217 port 34712 ssh2
Jun 22 18:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Connection closed by 176.65.139.217 port 34712 [preauth]
Jun 22 18:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Invalid user dev from 176.65.139.217
Jun 22 18:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: input_userauth_request: invalid user dev [preauth]
Jun 22 18:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Failed password for invalid user dev from 176.65.139.217 port 44702 ssh2
Jun 22 18:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Connection closed by 176.65.139.217 port 44702 [preauth]
Jun 22 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Invalid user pi from 176.65.139.217
Jun 22 18:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: input_userauth_request: invalid user pi [preauth]
Jun 22 18:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: Failed password for root from 38.55.97.143 port 38710 ssh2
Jun 22 18:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: Connection closed by 38.55.97.143 port 38710 [preauth]
Jun 22 18:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Failed password for invalid user pi from 176.65.139.217 port 44792 ssh2
Jun 22 18:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Connection closed by 176.65.139.217 port 44792 [preauth]
Jun 22 18:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Invalid user kim from 176.65.139.217
Jun 22 18:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: input_userauth_request: invalid user kim [preauth]
Jun 22 18:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Failed password for invalid user kim from 176.65.139.217 port 38628 ssh2
Jun 22 18:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Connection closed by 176.65.139.217 port 38628 [preauth]
Jun 22 18:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: Failed password for root from 176.65.139.217 port 38682 ssh2
Jun 22 18:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: Connection closed by 176.65.139.217 port 38682 [preauth]
Jun 22 18:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Invalid user debian from 176.65.139.217
Jun 22 18:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: input_userauth_request: invalid user debian [preauth]
Jun 22 18:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14696]: pam_unix(cron:session): session closed for user root
Jun 22 18:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Failed password for invalid user debian from 176.65.139.217 port 38728 ssh2
Jun 22 18:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Connection closed by 176.65.139.217 port 38728 [preauth]
Jun 22 18:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Invalid user administrator from 193.46.255.86
Jun 22 18:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: input_userauth_request: invalid user administrator [preauth]
Jun 22 18:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 18:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: Invalid user alex from 176.65.139.217
Jun 22 18:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: input_userauth_request: invalid user alex [preauth]
Jun 22 18:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Failed password for invalid user administrator from 193.46.255.86 port 22354 ssh2
Jun 22 18:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: Failed password for invalid user alex from 176.65.139.217 port 43816 ssh2
Jun 22 18:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: Connection closed by 176.65.139.217 port 43816 [preauth]
Jun 22 18:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Failed password for invalid user administrator from 193.46.255.86 port 22354 ssh2
Jun 22 18:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: Invalid user tester from 176.65.139.217
Jun 22 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: input_userauth_request: invalid user tester [preauth]
Jun 22 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Failed password for invalid user administrator from 193.46.255.86 port 22354 ssh2
Jun 22 18:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Connection closed by 193.46.255.86 port 22354 [preauth]
Jun 22 18:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 18:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: Failed password for invalid user tester from 176.65.139.217 port 43876 ssh2
Jun 22 18:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: Connection closed by 176.65.139.217 port 43876 [preauth]
Jun 22 18:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Invalid user teamspeak from 176.65.139.217
Jun 22 18:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 18:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Failed password for invalid user teamspeak from 176.65.139.217 port 51026 ssh2
Jun 22 18:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Connection closed by 176.65.139.217 port 51026 [preauth]
Jun 22 18:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Invalid user jellyfin from 176.65.139.217
Jun 22 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: input_userauth_request: invalid user jellyfin [preauth]
Jun 22 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Failed password for invalid user jellyfin from 176.65.139.217 port 51078 ssh2
Jun 22 18:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Connection closed by 176.65.139.217 port 51078 [preauth]
Jun 22 18:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Failed password for root from 176.65.139.217 port 57966 ssh2
Jun 22 18:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Connection closed by 176.65.139.217 port 57966 [preauth]
Jun 22 18:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: Invalid user deployer from 176.65.139.217
Jun 22 18:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: input_userauth_request: invalid user deployer [preauth]
Jun 22 18:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: Failed password for invalid user deployer from 176.65.139.217 port 57994 ssh2
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: Connection closed by 176.65.139.217 port 57994 [preauth]
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16011]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: Successful su for rubyman by root
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: + ??? root:rubyman
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572543 of user rubyman.
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572543.
Jun 22 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Invalid user student from 176.65.139.217
Jun 22 18:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: input_userauth_request: invalid user student [preauth]
Jun 22 18:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session closed for user root
Jun 22 18:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16012]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Failed password for invalid user student from 176.65.139.217 port 42988 ssh2
Jun 22 18:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Connection closed by 176.65.139.217 port 42988 [preauth]
Jun 22 18:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: Invalid user git from 176.65.139.217
Jun 22 18:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: input_userauth_request: invalid user git [preauth]
Jun 22 18:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: Failed password for invalid user git from 176.65.139.217 port 43056 ssh2
Jun 22 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: Connection closed by 176.65.139.217 port 43056 [preauth]
Jun 22 18:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Invalid user openclaw from 176.65.139.217
Jun 22 18:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 18:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Failed password for invalid user openclaw from 176.65.139.217 port 48068 ssh2
Jun 22 18:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Connection closed by 176.65.139.217 port 48068 [preauth]
Jun 22 18:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16291]: Invalid user ai from 176.65.139.217
Jun 22 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16291]: input_userauth_request: invalid user ai [preauth]
Jun 22 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16291]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Failed password for root from 103.153.68.219 port 45192 ssh2
Jun 22 18:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16291]: Failed password for invalid user ai from 176.65.139.217 port 48084 ssh2
Jun 22 18:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Connection closed by 103.153.68.219 port 45192 [preauth]
Jun 22 18:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16291]: Connection closed by 176.65.139.217 port 48084 [preauth]
Jun 22 18:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Invalid user sam from 176.65.139.217
Jun 22 18:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: input_userauth_request: invalid user sam [preauth]
Jun 22 18:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Failed password for invalid user sam from 176.65.139.217 port 48106 ssh2
Jun 22 18:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Connection closed by 176.65.139.217 port 48106 [preauth]
Jun 22 18:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: Failed password for root from 176.65.139.217 port 57308 ssh2
Jun 22 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: Connection closed by 176.65.139.217 port 57308 [preauth]
Jun 22 18:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Invalid user appuser from 176.65.139.217
Jun 22 18:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: input_userauth_request: invalid user appuser [preauth]
Jun 22 18:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Failed password for invalid user appuser from 176.65.139.217 port 57338 ssh2
Jun 22 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15186]: pam_unix(cron:session): session closed for user root
Jun 22 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Connection closed by 176.65.139.217 port 57338 [preauth]
Jun 22 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Invalid user test from 176.65.139.217
Jun 22 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: input_userauth_request: invalid user test [preauth]
Jun 22 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: Failed password for root from 38.55.97.143 port 33940 ssh2
Jun 22 18:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: Connection closed by 38.55.97.143 port 33940 [preauth]
Jun 22 18:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Failed password for invalid user test from 176.65.139.217 port 49072 ssh2
Jun 22 18:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Connection closed by 176.65.139.217 port 49072 [preauth]
Jun 22 18:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: Failed password for root from 176.65.139.217 port 49098 ssh2
Jun 22 18:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: Connection closed by 176.65.139.217 port 49098 [preauth]
Jun 22 18:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Invalid user adminuser from 176.65.139.217
Jun 22 18:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: input_userauth_request: invalid user adminuser [preauth]
Jun 22 18:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Failed password for invalid user adminuser from 176.65.139.217 port 44474 ssh2
Jun 22 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Connection closed by 176.65.139.217 port 44474 [preauth]
Jun 22 18:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Invalid user deployer from 176.65.139.217
Jun 22 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: input_userauth_request: invalid user deployer [preauth]
Jun 22 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Failed password for invalid user deployer from 176.65.139.217 port 44502 ssh2
Jun 22 18:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Connection closed by 176.65.139.217 port 44502 [preauth]
Jun 22 18:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16413]: Invalid user martin from 176.65.139.217
Jun 22 18:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16413]: input_userauth_request: invalid user martin [preauth]
Jun 22 18:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16413]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16413]: Failed password for invalid user martin from 176.65.139.217 port 40156 ssh2
Jun 22 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16413]: Connection closed by 176.65.139.217 port 40156 [preauth]
Jun 22 18:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: Failed password for invalid user ubuntu from 176.65.139.217 port 40168 ssh2
Jun 22 18:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: Connection closed by 176.65.139.217 port 40168 [preauth]
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16442]: pam_unix(cron:session): session closed for user root
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16437]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16513]: Successful su for rubyman by root
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16513]: + ??? root:rubyman
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572551 of user rubyman.
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16513]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572551.
Jun 22 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: Invalid user guest from 176.65.139.217
Jun 22 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: input_userauth_request: invalid user guest [preauth]
Jun 22 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16439]: pam_unix(cron:session): session closed for user root
Jun 22 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13784]: pam_unix(cron:session): session closed for user root
Jun 22 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: Failed password for invalid user guest from 176.65.139.217 port 58480 ssh2
Jun 22 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: Connection closed by 176.65.139.217 port 58480 [preauth]
Jun 22 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16438]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Invalid user student from 176.65.139.217
Jun 22 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: input_userauth_request: invalid user student [preauth]
Jun 22 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Failed password for invalid user student from 176.65.139.217 port 58512 ssh2
Jun 22 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Connection closed by 176.65.139.217 port 58512 [preauth]
Jun 22 18:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: Invalid user karel from 176.65.139.217
Jun 22 18:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: input_userauth_request: invalid user karel [preauth]
Jun 22 18:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: Failed password for invalid user karel from 176.65.139.217 port 58536 ssh2
Jun 22 18:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: Connection closed by 176.65.139.217 port 58536 [preauth]
Jun 22 18:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Invalid user student from 176.65.139.217
Jun 22 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: input_userauth_request: invalid user student [preauth]
Jun 22 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Failed password for invalid user student from 176.65.139.217 port 37962 ssh2
Jun 22 18:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Connection closed by 176.65.139.217 port 37962 [preauth]
Jun 22 18:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Invalid user admin123 from 176.65.139.217
Jun 22 18:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: input_userauth_request: invalid user admin123 [preauth]
Jun 22 18:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Failed password for invalid user admin123 from 176.65.139.217 port 38022 ssh2
Jun 22 18:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Connection closed by 176.65.139.217 port 38022 [preauth]
Jun 22 18:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Invalid user zahra from 176.65.139.217
Jun 22 18:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: input_userauth_request: invalid user zahra [preauth]
Jun 22 18:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Failed password for invalid user zahra from 176.65.139.217 port 55426 ssh2
Jun 22 18:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Connection closed by 176.65.139.217 port 55426 [preauth]
Jun 22 18:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Invalid user home from 176.65.139.217
Jun 22 18:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: input_userauth_request: invalid user home [preauth]
Jun 22 18:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Failed password for invalid user home from 176.65.139.217 port 55454 ssh2
Jun 22 18:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Connection closed by 176.65.139.217 port 55454 [preauth]
Jun 22 18:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15597]: pam_unix(cron:session): session closed for user root
Jun 22 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Invalid user user from 176.65.139.217
Jun 22 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: input_userauth_request: invalid user user [preauth]
Jun 22 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Failed password for invalid user user from 176.65.139.217 port 41130 ssh2
Jun 22 18:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Connection closed by 176.65.139.217 port 41130 [preauth]
Jun 22 18:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Invalid user deploy from 176.65.139.217
Jun 22 18:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Failed password for invalid user deploy from 176.65.139.217 port 41164 ssh2
Jun 22 18:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Connection closed by 176.65.139.217 port 41164 [preauth]
Jun 22 18:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: Failed password for invalid user ubuntu from 176.65.139.217 port 47884 ssh2
Jun 22 18:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: Connection closed by 176.65.139.217 port 47884 [preauth]
Jun 22 18:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16894]: Failed password for root from 38.55.97.143 port 37904 ssh2
Jun 22 18:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16894]: Connection closed by 38.55.97.143 port 37904 [preauth]
Jun 22 18:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Failed password for root from 176.65.139.217 port 47948 ssh2
Jun 22 18:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Connection closed by 176.65.139.217 port 47948 [preauth]
Jun 22 18:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: Invalid user openclaw from 176.65.139.217
Jun 22 18:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: Failed password for invalid user openclaw from 176.65.139.217 port 47984 ssh2
Jun 22 18:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: Connection closed by 176.65.139.217 port 47984 [preauth]
Jun 22 18:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16950]: Invalid user bot from 176.65.139.217
Jun 22 18:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16950]: input_userauth_request: invalid user bot [preauth]
Jun 22 18:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16950]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16950]: Failed password for invalid user bot from 176.65.139.217 port 34704 ssh2
Jun 22 18:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16950]: Connection closed by 176.65.139.217 port 34704 [preauth]
Jun 22 18:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: Successful su for rubyman by root
Jun 22 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: + ??? root:rubyman
Jun 22 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572553 of user rubyman.
Jun 22 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572553.
Jun 22 18:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: Failed password for root from 176.65.139.217 port 34746 ssh2
Jun 22 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: Connection closed by 176.65.139.217 port 34746 [preauth]
Jun 22 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14209]: pam_unix(cron:session): session closed for user root
Jun 22 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Invalid user claude from 176.65.139.217
Jun 22 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: input_userauth_request: invalid user claude [preauth]
Jun 22 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Failed password for invalid user claude from 176.65.139.217 port 59358 ssh2
Jun 22 18:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Connection closed by 176.65.139.217 port 59358 [preauth]
Jun 22 18:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: Failed password for root from 176.65.139.217 port 59400 ssh2
Jun 22 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: Connection closed by 176.65.139.217 port 59400 [preauth]
Jun 22 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Invalid user hadoop from 176.65.139.217
Jun 22 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Failed password for invalid user hadoop from 176.65.139.217 port 43438 ssh2
Jun 22 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Connection closed by 176.65.139.217 port 43438 [preauth]
Jun 22 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: User vncuser from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: input_userauth_request: invalid user vncuser [preauth]
Jun 22 18:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=vncuser
Jun 22 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Failed password for invalid user vncuser from 176.65.139.217 port 43512 ssh2
Jun 22 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Connection closed by 176.65.139.217 port 43512 [preauth]
Jun 22 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Invalid user odoo from 176.65.139.217
Jun 22 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: input_userauth_request: invalid user odoo [preauth]
Jun 22 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Failed password for invalid user odoo from 176.65.139.217 port 37448 ssh2
Jun 22 18:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Connection closed by 176.65.139.217 port 37448 [preauth]
Jun 22 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Invalid user frappe from 176.65.139.217
Jun 22 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: input_userauth_request: invalid user frappe [preauth]
Jun 22 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Failed password for invalid user frappe from 176.65.139.217 port 37506 ssh2
Jun 22 18:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Connection closed by 176.65.139.217 port 37506 [preauth]
Jun 22 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16014]: pam_unix(cron:session): session closed for user root
Jun 22 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Failed password for root from 176.65.139.217 port 53102 ssh2
Jun 22 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Connection closed by 176.65.139.217 port 53102 [preauth]
Jun 22 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Invalid user rocky from 176.65.139.217
Jun 22 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: input_userauth_request: invalid user rocky [preauth]
Jun 22 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Failed password for invalid user rocky from 176.65.139.217 port 53152 ssh2
Jun 22 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Connection closed by 176.65.139.217 port 53152 [preauth]
Jun 22 18:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: Invalid user sftpuser from 176.65.139.217
Jun 22 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: input_userauth_request: invalid user sftpuser [preauth]
Jun 22 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: Failed password for invalid user sftpuser from 176.65.139.217 port 56432 ssh2
Jun 22 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17378]: Connection closed by 176.65.139.217 port 56432 [preauth]
Jun 22 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Failed password for root from 176.65.139.217 port 56502 ssh2
Jun 22 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Connection closed by 176.65.139.217 port 56502 [preauth]
Jun 22 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: Invalid user manoj from 176.65.139.217
Jun 22 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: input_userauth_request: invalid user manoj [preauth]
Jun 22 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: Failed password for invalid user manoj from 176.65.139.217 port 56562 ssh2
Jun 22 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: Connection closed by 176.65.139.217 port 56562 [preauth]
Jun 22 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: Invalid user niaoyun from 176.65.139.217
Jun 22 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: input_userauth_request: invalid user niaoyun [preauth]
Jun 22 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: Failed password for invalid user niaoyun from 176.65.139.217 port 34026 ssh2
Jun 22 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: Connection closed by 176.65.139.217 port 34026 [preauth]
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17437]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17501]: Successful su for rubyman by root
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17501]: + ??? root:rubyman
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572558 of user rubyman.
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17501]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572558.
Jun 22 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14695]: pam_unix(cron:session): session closed for user root
Jun 22 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: Failed password for root from 176.65.139.217 port 34092 ssh2
Jun 22 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: Connection closed by 176.65.139.217 port 34092 [preauth]
Jun 22 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17438]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Invalid user user1 from 176.65.139.217
Jun 22 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: input_userauth_request: invalid user user1 [preauth]
Jun 22 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Failed password for invalid user user1 from 176.65.139.217 port 33448 ssh2
Jun 22 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Connection closed by 176.65.139.217 port 33448 [preauth]
Jun 22 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: Failed password for root from 176.65.139.217 port 33536 ssh2
Jun 22 18:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: Connection closed by 176.65.139.217 port 33536 [preauth]
Jun 22 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: Failed password for root from 193.37.70.224 port 44960 ssh2
Jun 22 18:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: Connection closed by 193.37.70.224 port 44960 [preauth]
Jun 22 18:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: Failed password for invalid user ubuntu from 176.65.139.217 port 33034 ssh2
Jun 22 18:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: Connection closed by 176.65.139.217 port 33034 [preauth]
Jun 22 18:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: Invalid user deployer from 176.65.139.217
Jun 22 18:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: input_userauth_request: invalid user deployer [preauth]
Jun 22 18:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: Failed password for invalid user deployer from 176.65.139.217 port 33060 ssh2
Jun 22 18:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: Connection closed by 176.65.139.217 port 33060 [preauth]
Jun 22 18:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: Invalid user gd from 176.65.139.217
Jun 22 18:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: input_userauth_request: invalid user gd [preauth]
Jun 22 18:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: Failed password for invalid user gd from 176.65.139.217 port 45116 ssh2
Jun 22 18:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: Connection closed by 176.65.139.217 port 45116 [preauth]
Jun 22 18:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: Invalid user amine from 176.65.139.217
Jun 22 18:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: input_userauth_request: invalid user amine [preauth]
Jun 22 18:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: Failed password for invalid user amine from 176.65.139.217 port 45162 ssh2
Jun 22 18:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: Connection closed by 176.65.139.217 port 45162 [preauth]
Jun 22 18:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16441]: pam_unix(cron:session): session closed for user root
Jun 22 18:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Failed password for root from 176.65.139.217 port 57572 ssh2
Jun 22 18:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Connection closed by 176.65.139.217 port 57572 [preauth]
Jun 22 18:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: Failed password for root from 176.65.139.217 port 57674 ssh2
Jun 22 18:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: Connection closed by 176.65.139.217 port 57674 [preauth]
Jun 22 18:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: Invalid user data from 176.65.139.217
Jun 22 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: input_userauth_request: invalid user data [preauth]
Jun 22 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: Failed password for invalid user data from 176.65.139.217 port 57744 ssh2
Jun 22 18:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: Connection closed by 176.65.139.217 port 57744 [preauth]
Jun 22 18:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Invalid user postgres from 176.65.139.217
Jun 22 18:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: input_userauth_request: invalid user postgres [preauth]
Jun 22 18:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Failed password for invalid user postgres from 176.65.139.217 port 59544 ssh2
Jun 22 18:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Connection closed by 176.65.139.217 port 59544 [preauth]
Jun 22 18:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Invalid user devuser from 176.65.139.217
Jun 22 18:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: input_userauth_request: invalid user devuser [preauth]
Jun 22 18:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Failed password for invalid user devuser from 176.65.139.217 port 59590 ssh2
Jun 22 18:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Connection closed by 176.65.139.217 port 59590 [preauth]
Jun 22 18:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: Failed password for root from 176.65.139.217 port 58602 ssh2
Jun 22 18:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: Connection closed by 176.65.139.217 port 58602 [preauth]
Jun 22 18:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Failed password for root from 38.55.97.143 port 55812 ssh2
Jun 22 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17969]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Connection closed by 38.55.97.143 port 55812 [preauth]
Jun 22 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18040]: Successful su for rubyman by root
Jun 22 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18040]: + ??? root:rubyman
Jun 22 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572561 of user rubyman.
Jun 22 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18040]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572561.
Jun 22 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: Failed password for root from 176.65.139.217 port 58640 ssh2
Jun 22 18:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: Connection closed by 176.65.139.217 port 58640 [preauth]
Jun 22 18:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15185]: pam_unix(cron:session): session closed for user root
Jun 22 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: Invalid user test from 176.65.139.217
Jun 22 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: input_userauth_request: invalid user test [preauth]
Jun 22 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17970]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: Failed password for invalid user test from 176.65.139.217 port 43896 ssh2
Jun 22 18:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: Connection closed by 176.65.139.217 port 43896 [preauth]
Jun 22 18:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Invalid user vbox from 176.65.139.217
Jun 22 18:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: input_userauth_request: invalid user vbox [preauth]
Jun 22 18:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Failed password for invalid user vbox from 176.65.139.217 port 43936 ssh2
Jun 22 18:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Connection closed by 176.65.139.217 port 43936 [preauth]
Jun 22 18:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Invalid user test from 176.65.139.217
Jun 22 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: input_userauth_request: invalid user test [preauth]
Jun 22 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Connection closed by 45.148.10.121 port 55746 [preauth]
Jun 22 18:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Failed password for invalid user test from 176.65.139.217 port 38990 ssh2
Jun 22 18:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Connection closed by 176.65.139.217 port 38990 [preauth]
Jun 22 18:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Invalid user oracle from 176.65.139.217
Jun 22 18:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: input_userauth_request: invalid user oracle [preauth]
Jun 22 18:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Failed password for invalid user oracle from 176.65.139.217 port 39036 ssh2
Jun 22 18:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Connection closed by 176.65.139.217 port 39036 [preauth]
Jun 22 18:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Failed password for root from 176.65.139.217 port 39068 ssh2
Jun 22 18:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Connection closed by 176.65.139.217 port 39068 [preauth]
Jun 22 18:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Invalid user vpn from 176.65.139.217
Jun 22 18:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: input_userauth_request: invalid user vpn [preauth]
Jun 22 18:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Failed password for invalid user vpn from 176.65.139.217 port 53848 ssh2
Jun 22 18:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Connection closed by 176.65.139.217 port 53848 [preauth]
Jun 22 18:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Invalid user git from 176.65.139.217
Jun 22 18:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: input_userauth_request: invalid user git [preauth]
Jun 22 18:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16998]: pam_unix(cron:session): session closed for user root
Jun 22 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Failed password for invalid user git from 176.65.139.217 port 53886 ssh2
Jun 22 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Connection closed by 176.65.139.217 port 53886 [preauth]
Jun 22 18:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Invalid user playground from 176.65.139.217
Jun 22 18:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: input_userauth_request: invalid user playground [preauth]
Jun 22 18:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Failed password for invalid user playground from 176.65.139.217 port 49332 ssh2
Jun 22 18:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Connection closed by 176.65.139.217 port 49332 [preauth]
Jun 22 18:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Invalid user sam from 176.65.139.217
Jun 22 18:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: input_userauth_request: invalid user sam [preauth]
Jun 22 18:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Failed password for invalid user sam from 176.65.139.217 port 49392 ssh2
Jun 22 18:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Connection closed by 176.65.139.217 port 49392 [preauth]
Jun 22 18:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Invalid user bob from 176.65.139.217
Jun 22 18:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: input_userauth_request: invalid user bob [preauth]
Jun 22 18:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Failed password for invalid user bob from 176.65.139.217 port 52220 ssh2
Jun 22 18:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Connection closed by 176.65.139.217 port 52220 [preauth]
Jun 22 18:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Failed password for root from 176.65.139.217 port 52304 ssh2
Jun 22 18:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Connection closed by 176.65.139.217 port 52304 [preauth]
Jun 22 18:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: Invalid user rancher from 176.65.139.217
Jun 22 18:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: input_userauth_request: invalid user rancher [preauth]
Jun 22 18:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: Failed password for invalid user rancher from 176.65.139.217 port 35806 ssh2
Jun 22 18:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: Connection closed by 176.65.139.217 port 35806 [preauth]
Jun 22 18:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: User mysql from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: input_userauth_request: invalid user mysql [preauth]
Jun 22 18:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=mysql
Jun 22 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: Failed password for invalid user mysql from 176.65.139.217 port 35882 ssh2
Jun 22 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18506]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: Connection closed by 176.65.139.217 port 35882 [preauth]
Jun 22 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: Successful su for rubyman by root
Jun 22 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: + ??? root:rubyman
Jun 22 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572566 of user rubyman.
Jun 22 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572566.
Jun 22 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: Invalid user tom from 176.65.139.217
Jun 22 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: input_userauth_request: invalid user tom [preauth]
Jun 22 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session closed for user root
Jun 22 18:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: Failed password for invalid user tom from 176.65.139.217 port 33454 ssh2
Jun 22 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: Connection closed by 176.65.139.217 port 33454 [preauth]
Jun 22 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18507]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: Invalid user deploy from 176.65.139.217
Jun 22 18:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: Failed password for invalid user deploy from 176.65.139.217 port 33502 ssh2
Jun 22 18:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: Connection closed by 176.65.139.217 port 33502 [preauth]
Jun 22 18:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Invalid user operator from 176.65.139.217
Jun 22 18:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: input_userauth_request: invalid user operator [preauth]
Jun 22 18:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Failed password for invalid user operator from 176.65.139.217 port 54980 ssh2
Jun 22 18:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Connection closed by 176.65.139.217 port 54980 [preauth]
Jun 22 18:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: Invalid user tomcat from 176.65.139.217
Jun 22 18:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: input_userauth_request: invalid user tomcat [preauth]
Jun 22 18:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: Failed password for invalid user tomcat from 176.65.139.217 port 55016 ssh2
Jun 22 18:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: Connection closed by 176.65.139.217 port 55016 [preauth]
Jun 22 18:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Invalid user system from 176.65.139.217
Jun 22 18:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: input_userauth_request: invalid user system [preauth]
Jun 22 18:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Failed password for invalid user system from 176.65.139.217 port 43138 ssh2
Jun 22 18:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Connection closed by 176.65.139.217 port 43138 [preauth]
Jun 22 18:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Invalid user frappe from 176.65.139.217
Jun 22 18:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: input_userauth_request: invalid user frappe [preauth]
Jun 22 18:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Failed password for invalid user frappe from 176.65.139.217 port 43198 ssh2
Jun 22 18:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Connection closed by 176.65.139.217 port 43198 [preauth]
Jun 22 18:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: Invalid user newuser from 176.65.139.217
Jun 22 18:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: input_userauth_request: invalid user newuser [preauth]
Jun 22 18:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session closed for user root
Jun 22 18:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: Failed password for invalid user newuser from 176.65.139.217 port 43244 ssh2
Jun 22 18:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: Connection closed by 176.65.139.217 port 43244 [preauth]
Jun 22 18:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: Invalid user dev from 176.65.139.217
Jun 22 18:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: input_userauth_request: invalid user dev [preauth]
Jun 22 18:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: Failed password for invalid user dev from 176.65.139.217 port 35218 ssh2
Jun 22 18:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: Connection closed by 176.65.139.217 port 35218 [preauth]
Jun 22 18:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18907]: Failed password for root from 176.65.139.217 port 35230 ssh2
Jun 22 18:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18907]: Connection closed by 176.65.139.217 port 35230 [preauth]
Jun 22 18:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: Failed password for root from 176.65.139.217 port 59618 ssh2
Jun 22 18:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: Connection closed by 176.65.139.217 port 59618 [preauth]
Jun 22 18:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: User mysql from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: input_userauth_request: invalid user mysql [preauth]
Jun 22 18:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=mysql
Jun 22 18:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: Failed password for invalid user mysql from 176.65.139.217 port 59724 ssh2
Jun 22 18:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: Connection closed by 176.65.139.217 port 59724 [preauth]
Jun 22 18:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Invalid user nginx from 176.65.139.217
Jun 22 18:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: input_userauth_request: invalid user nginx [preauth]
Jun 22 18:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Failed password for invalid user nginx from 176.65.139.217 port 37920 ssh2
Jun 22 18:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Connection closed by 176.65.139.217 port 37920 [preauth]
Jun 22 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: Invalid user admin2 from 176.65.139.217
Jun 22 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: input_userauth_request: invalid user admin2 [preauth]
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18961]: pam_unix(cron:session): session closed for user root
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19025]: Successful su for rubyman by root
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19025]: + ??? root:rubyman
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572570 of user rubyman.
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19025]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572570.
Jun 22 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: Failed password for invalid user admin2 from 176.65.139.217 port 37942 ssh2
Jun 22 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: Connection closed by 176.65.139.217 port 37942 [preauth]
Jun 22 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18958]: pam_unix(cron:session): session closed for user root
Jun 22 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16013]: pam_unix(cron:session): session closed for user root
Jun 22 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Invalid user centreon from 176.65.139.217
Jun 22 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: input_userauth_request: invalid user centreon [preauth]
Jun 22 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18957]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Failed password for invalid user centreon from 176.65.139.217 port 50378 ssh2
Jun 22 18:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Connection closed by 176.65.139.217 port 50378 [preauth]
Jun 22 18:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Invalid user admin from 176.65.139.217
Jun 22 18:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: input_userauth_request: invalid user admin [preauth]
Jun 22 18:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Failed password for invalid user admin from 176.65.139.217 port 50426 ssh2
Jun 22 18:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Connection closed by 176.65.139.217 port 50426 [preauth]
Jun 22 18:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Invalid user trinity from 176.65.139.217
Jun 22 18:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: input_userauth_request: invalid user trinity [preauth]
Jun 22 18:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Failed password for invalid user trinity from 176.65.139.217 port 40374 ssh2
Jun 22 18:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Connection closed by 176.65.139.217 port 40374 [preauth]
Jun 22 18:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Failed password for root from 176.65.139.217 port 40424 ssh2
Jun 22 18:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Connection closed by 176.65.139.217 port 40424 [preauth]
Jun 22 18:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: Invalid user username from 176.65.139.217
Jun 22 18:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: input_userauth_request: invalid user username [preauth]
Jun 22 18:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: Failed password for invalid user username from 176.65.139.217 port 34910 ssh2
Jun 22 18:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: Connection closed by 176.65.139.217 port 34910 [preauth]
Jun 22 18:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: Failed password for root from 176.65.139.217 port 34974 ssh2
Jun 22 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: Connection closed by 176.65.139.217 port 34974 [preauth]
Jun 22 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17972]: pam_unix(cron:session): session closed for user root
Jun 22 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19426]: Invalid user user from 176.65.139.217
Jun 22 18:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19426]: input_userauth_request: invalid user user [preauth]
Jun 22 18:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19426]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19426]: Failed password for invalid user user from 176.65.139.217 port 39990 ssh2
Jun 22 18:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19426]: Connection closed by 176.65.139.217 port 39990 [preauth]
Jun 22 18:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Failed password for invalid user ubuntu from 176.65.139.217 port 40072 ssh2
Jun 22 18:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Connection closed by 176.65.139.217 port 40072 [preauth]
Jun 22 18:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: Failed password for root from 176.65.139.217 port 46010 ssh2
Jun 22 18:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: Connection closed by 176.65.139.217 port 46010 [preauth]
Jun 22 18:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Invalid user deploy from 176.65.139.217
Jun 22 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Failed password for invalid user deploy from 176.65.139.217 port 46056 ssh2
Jun 22 18:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19486]: Connection closed by 176.65.139.217 port 46056 [preauth]
Jun 22 18:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: Failed password for root from 38.55.97.143 port 34794 ssh2
Jun 22 18:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: Connection closed by 38.55.97.143 port 34794 [preauth]
Jun 22 18:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: Invalid user admin1 from 176.65.139.217
Jun 22 18:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 18:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: Failed password for invalid user admin1 from 176.65.139.217 port 34042 ssh2
Jun 22 18:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19598]: Connection closed by 176.65.139.217 port 34042 [preauth]
Jun 22 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: Invalid user mcserver from 176.65.139.217
Jun 22 18:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: input_userauth_request: invalid user mcserver [preauth]
Jun 22 18:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: Failed password for invalid user mcserver from 176.65.139.217 port 34116 ssh2
Jun 22 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19611]: Connection closed by 176.65.139.217 port 34116 [preauth]
Jun 22 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19714]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19712]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19785]: Successful su for rubyman by root
Jun 22 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19785]: + ??? root:rubyman
Jun 22 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572575 of user rubyman.
Jun 22 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19785]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572575.
Jun 22 18:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Failed password for root from 176.65.139.217 port 34144 ssh2
Jun 22 18:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Connection closed by 176.65.139.217 port 34144 [preauth]
Jun 22 18:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session closed for user root
Jun 22 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19713]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: Invalid user user from 176.65.139.217
Jun 22 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: input_userauth_request: invalid user user [preauth]
Jun 22 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: Failed password for invalid user user from 176.65.139.217 port 45542 ssh2
Jun 22 18:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19975]: Connection closed by 176.65.139.217 port 45542 [preauth]
Jun 22 18:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: Invalid user test from 176.65.139.217
Jun 22 18:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: input_userauth_request: invalid user test [preauth]
Jun 22 18:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: Failed password for invalid user test from 176.65.139.217 port 45586 ssh2
Jun 22 18:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19986]: Connection closed by 176.65.139.217 port 45586 [preauth]
Jun 22 18:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Invalid user root1 from 176.65.139.217
Jun 22 18:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: input_userauth_request: invalid user root1 [preauth]
Jun 22 18:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Failed password for invalid user root1 from 176.65.139.217 port 39848 ssh2
Jun 22 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Connection closed by 176.65.139.217 port 39848 [preauth]
Jun 22 18:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Invalid user server from 176.65.139.217
Jun 22 18:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: input_userauth_request: invalid user server [preauth]
Jun 22 18:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Failed password for invalid user server from 176.65.139.217 port 39880 ssh2
Jun 22 18:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Connection closed by 176.65.139.217 port 39880 [preauth]
Jun 22 18:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: Failed password for root from 176.65.139.217 port 46524 ssh2
Jun 22 18:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20044]: Received disconnect from 78.111.67.242 port 37720:11: disconnected by user [preauth]
Jun 22 18:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20044]: Disconnected from 78.111.67.242 port 37720 [preauth]
Jun 22 18:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: Connection closed by 176.65.139.217 port 46524 [preauth]
Jun 22 18:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Invalid user deploy from 176.65.139.217
Jun 22 18:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Failed password for invalid user deploy from 176.65.139.217 port 46580 ssh2
Jun 22 18:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Connection closed by 176.65.139.217 port 46580 [preauth]
Jun 22 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: Invalid user user from 176.65.139.217
Jun 22 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: input_userauth_request: invalid user user [preauth]
Jun 22 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18510]: pam_unix(cron:session): session closed for user root
Jun 22 18:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: Failed password for invalid user user from 176.65.139.217 port 57600 ssh2
Jun 22 18:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: Connection closed by 176.65.139.217 port 57600 [preauth]
Jun 22 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: Invalid user devops from 176.65.139.217
Jun 22 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: input_userauth_request: invalid user devops [preauth]
Jun 22 18:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: Failed password for invalid user devops from 176.65.139.217 port 57624 ssh2
Jun 22 18:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: Connection closed by 176.65.139.217 port 57624 [preauth]
Jun 22 18:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: Invalid user deploy from 176.65.139.217
Jun 22 18:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: input_userauth_request: invalid user deploy [preauth]
Jun 22 18:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: Failed password for invalid user deploy from 176.65.139.217 port 57654 ssh2
Jun 22 18:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20098]: Connection closed by 176.65.139.217 port 57654 [preauth]
Jun 22 18:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20122]: Invalid user testuser from 176.65.139.217
Jun 22 18:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20122]: input_userauth_request: invalid user testuser [preauth]
Jun 22 18:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20122]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20122]: Failed password for invalid user testuser from 176.65.139.217 port 41772 ssh2
Jun 22 18:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20122]: Connection closed by 176.65.139.217 port 41772 [preauth]
Jun 22 18:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: Invalid user packer from 176.65.139.217
Jun 22 18:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: input_userauth_request: invalid user packer [preauth]
Jun 22 18:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: Failed password for invalid user packer from 176.65.139.217 port 41842 ssh2
Jun 22 18:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: Connection closed by 176.65.139.217 port 41842 [preauth]
Jun 22 18:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: User vncuser from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 18:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: input_userauth_request: invalid user vncuser [preauth]
Jun 22 18:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=vncuser
Jun 22 18:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: Failed password for invalid user vncuser from 176.65.139.217 port 59318 ssh2
Jun 22 18:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: Connection closed by 176.65.139.217 port 59318 [preauth]
Jun 22 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: Failed password for root from 176.65.139.217 port 59322 ssh2
Jun 22 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: Connection closed by 176.65.139.217 port 59322 [preauth]
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20248]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20314]: Successful su for rubyman by root
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20314]: + ??? root:rubyman
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572579 of user rubyman.
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20314]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572579.
Jun 22 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: Invalid user oscar from 176.65.139.217
Jun 22 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: input_userauth_request: invalid user oscar [preauth]
Jun 22 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session closed for user root
Jun 22 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: Failed password for invalid user oscar from 176.65.139.217 port 48168 ssh2
Jun 22 18:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: Connection closed by 176.65.139.217 port 48168 [preauth]
Jun 22 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20249]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: Failed password for root from 176.65.139.217 port 48228 ssh2
Jun 22 18:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: Connection closed by 176.65.139.217 port 48228 [preauth]
Jun 22 18:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Invalid user master from 176.65.139.217
Jun 22 18:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: input_userauth_request: invalid user master [preauth]
Jun 22 18:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Failed password for invalid user master from 176.65.139.217 port 48264 ssh2
Jun 22 18:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Connection closed by 176.65.139.217 port 48264 [preauth]
Jun 22 18:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Invalid user user from 176.65.139.217
Jun 22 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: input_userauth_request: invalid user user [preauth]
Jun 22 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Failed password for invalid user user from 176.65.139.217 port 37688 ssh2
Jun 22 18:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Connection closed by 176.65.139.217 port 37688 [preauth]
Jun 22 18:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: Failed password for root from 176.65.139.217 port 37720 ssh2
Jun 22 18:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: Connection closed by 176.65.139.217 port 37720 [preauth]
Jun 22 18:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Invalid user sonar from 176.65.139.217
Jun 22 18:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: input_userauth_request: invalid user sonar [preauth]
Jun 22 18:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Failed password for invalid user sonar from 176.65.139.217 port 39156 ssh2
Jun 22 18:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Connection closed by 176.65.139.217 port 39156 [preauth]
Jun 22 18:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 18:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20585]: Failed password for root from 176.65.139.217 port 39200 ssh2
Jun 22 18:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20585]: Connection closed by 176.65.139.217 port 39200 [preauth]
Jun 22 18:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: Failed password for root from 109.237.96.109 port 46056 ssh2
Jun 22 18:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: Connection closed by 109.237.96.109 port 46056 [preauth]
Jun 22 18:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18960]: pam_unix(cron:session): session closed for user root
Jun 22 18:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: Failed password for root from 176.65.139.217 port 60806 ssh2
Jun 22 18:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: Connection closed by 176.65.139.217 port 60806 [preauth]
Jun 22 18:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: Invalid user work from 176.65.139.217
Jun 22 18:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: input_userauth_request: invalid user work [preauth]
Jun 22 18:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: Failed password for invalid user work from 176.65.139.217 port 60864 ssh2
Jun 22 18:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: Connection closed by 176.65.139.217 port 60864 [preauth]
Jun 22 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: Invalid user developer from 176.65.139.217
Jun 22 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: input_userauth_request: invalid user developer [preauth]
Jun 22 18:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: Failed password for invalid user developer from 176.65.139.217 port 47676 ssh2
Jun 22 18:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: Connection closed by 176.65.139.217 port 47676 [preauth]
Jun 22 18:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: Invalid user nvidia from 176.65.139.217
Jun 22 18:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: input_userauth_request: invalid user nvidia [preauth]
Jun 22 18:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: Failed password for invalid user nvidia from 176.65.139.217 port 47708 ssh2
Jun 22 18:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: Connection closed by 176.65.139.217 port 47708 [preauth]
Jun 22 18:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Invalid user user from 176.65.139.217
Jun 22 18:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: input_userauth_request: invalid user user [preauth]
Jun 22 18:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Failed password for invalid user user from 176.65.139.217 port 47726 ssh2
Jun 22 18:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Connection closed by 176.65.139.217 port 47726 [preauth]
Jun 22 18:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: Invalid user teamspeak from 176.65.139.217
Jun 22 18:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 18:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: Failed password for invalid user teamspeak from 176.65.139.217 port 46968 ssh2
Jun 22 18:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: Connection closed by 176.65.139.217 port 46968 [preauth]
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20781]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20848]: Successful su for rubyman by root
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20848]: + ??? root:rubyman
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572584 of user rubyman.
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20848]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572584.
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: Failed password for invalid user ubuntu from 176.65.139.217 port 47026 ssh2
Jun 22 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: Connection closed by 176.65.139.217 port 47026 [preauth]
Jun 22 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17439]: pam_unix(cron:session): session closed for user root
Jun 22 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20782]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Failed password for root from 103.27.238.120 port 47024 ssh2
Jun 22 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Connection closed by 103.27.238.120 port 47024 [preauth]
Jun 22 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Failed password for root from 176.65.139.217 port 34680 ssh2
Jun 22 18:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Connection closed by 176.65.139.217 port 34680 [preauth]
Jun 22 18:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: Invalid user kevin from 176.65.139.217
Jun 22 18:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: input_userauth_request: invalid user kevin [preauth]
Jun 22 18:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: Failed password for invalid user kevin from 176.65.139.217 port 34756 ssh2
Jun 22 18:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21047]: Connection closed by 176.65.139.217 port 34756 [preauth]
Jun 22 18:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21073]: Invalid user azureuser from 176.65.139.217
Jun 22 18:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21073]: input_userauth_request: invalid user azureuser [preauth]
Jun 22 18:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21073]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21073]: Failed password for invalid user azureuser from 176.65.139.217 port 45704 ssh2
Jun 22 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21073]: Connection closed by 176.65.139.217 port 45704 [preauth]
Jun 22 18:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Invalid user appuser from 176.65.139.217
Jun 22 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: input_userauth_request: invalid user appuser [preauth]
Jun 22 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Failed password for invalid user appuser from 176.65.139.217 port 45736 ssh2
Jun 22 18:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Connection closed by 176.65.139.217 port 45736 [preauth]
Jun 22 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 18:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21087]: Failed password for root from 38.55.97.143 port 41338 ssh2
Jun 22 18:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21087]: Connection closed by 38.55.97.143 port 41338 [preauth]
Jun 22 18:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Failed password for root from 176.65.139.217 port 51386 ssh2
Jun 22 18:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Connection closed by 176.65.139.217 port 51386 [preauth]
Jun 22 18:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21116]: Invalid user odoo17 from 176.65.139.217
Jun 22 18:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21116]: input_userauth_request: invalid user odoo17 [preauth]
Jun 22 18:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21116]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21116]: Failed password for invalid user odoo17 from 176.65.139.217 port 51428 ssh2
Jun 22 18:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21116]: Connection closed by 176.65.139.217 port 51428 [preauth]
Jun 22 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19715]: pam_unix(cron:session): session closed for user root
Jun 22 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: Invalid user debian from 176.65.139.217
Jun 22 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: input_userauth_request: invalid user debian [preauth]
Jun 22 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21132]: Failed password for root from 193.24.211.107 port 18034 ssh2
Jun 22 18:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21132]: Received disconnect from 193.24.211.107 port 18034:11: Client disconnecting normally [preauth]
Jun 22 18:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21132]: Disconnected from 193.24.211.107 port 18034 [preauth]
Jun 22 18:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: Failed password for invalid user debian from 176.65.139.217 port 52238 ssh2
Jun 22 18:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: Connection closed by 176.65.139.217 port 52238 [preauth]
Jun 22 18:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: Invalid user minecraft from 176.65.139.217
Jun 22 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: Failed password for invalid user minecraft from 176.65.139.217 port 52288 ssh2
Jun 22 18:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: Connection closed by 176.65.139.217 port 52288 [preauth]
Jun 22 18:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: Invalid user master from 176.65.139.217
Jun 22 18:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: input_userauth_request: invalid user master [preauth]
Jun 22 18:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: Failed password for invalid user master from 176.65.139.217 port 54316 ssh2
Jun 22 18:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: Connection closed by 176.65.139.217 port 54316 [preauth]
Jun 22 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: Invalid user user1 from 176.65.139.217
Jun 22 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: input_userauth_request: invalid user user1 [preauth]
Jun 22 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: Failed password for invalid user user1 from 176.65.139.217 port 54328 ssh2
Jun 22 18:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: Connection closed by 176.65.139.217 port 54328 [preauth]
Jun 22 18:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Invalid user alex from 176.65.139.217
Jun 22 18:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: input_userauth_request: invalid user alex [preauth]
Jun 22 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Failed password for invalid user alex from 176.65.139.217 port 54102 ssh2
Jun 22 18:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Connection closed by 176.65.139.217 port 54102 [preauth]
Jun 22 18:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: Invalid user pi from 176.65.139.217
Jun 22 18:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: input_userauth_request: invalid user pi [preauth]
Jun 22 18:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: Failed password for invalid user pi from 176.65.139.217 port 54128 ssh2
Jun 22 18:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: Connection closed by 176.65.139.217 port 54128 [preauth]
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21234]: pam_unix(cron:session): session closed for user p13x
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21295]: Successful su for rubyman by root
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21295]: + ??? root:rubyman
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572587 of user rubyman.
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21295]: pam_unix(su:session): session closed for user rubyman
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572587.
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21231]: Invalid user ecommerce from 176.65.139.217
Jun 22 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21231]: input_userauth_request: invalid user ecommerce [preauth]
Jun 22 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21231]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21231]: Failed password for invalid user ecommerce from 176.65.139.217 port 54166 ssh2
Jun 22 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21231]: Connection closed by 176.65.139.217 port 54166 [preauth]
Jun 22 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17971]: pam_unix(cron:session): session closed for user root
Jun 22 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Failed password for root from 194.113.233.25 port 46138 ssh2
Jun 22 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Connection closed by 194.113.233.25 port 46138 [preauth]
Jun 22 18:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21235]: pam_unix(cron:session): session closed for user samftp
Jun 22 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Invalid user hamed from 176.65.139.217
Jun 22 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: input_userauth_request: invalid user hamed [preauth]
Jun 22 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Failed password for invalid user hamed from 176.65.139.217 port 36868 ssh2
Jun 22 18:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Connection closed by 176.65.139.217 port 36868 [preauth]
Jun 22 18:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Invalid user claude from 176.65.139.217
Jun 22 18:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: input_userauth_request: invalid user claude [preauth]
Jun 22 18:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Failed password for invalid user claude from 176.65.139.217 port 36928 ssh2
Jun 22 18:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Received disconnect from 121.78.125.123 port 46024:11: disconnected by user [preauth]
Jun 22 18:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Disconnected from 121.78.125.123 port 46024 [preauth]
Jun 22 18:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Connection closed by 176.65.139.217 port 36928 [preauth]
Jun 22 18:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: Failed password for root from 176.65.139.217 port 50828 ssh2
Jun 22 18:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: Connection closed by 176.65.139.217 port 50828 [preauth]
Jun 22 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Invalid user xiao from 176.65.139.217
Jun 22 18:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: input_userauth_request: invalid user xiao [preauth]
Jun 22 18:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Failed password for invalid user xiao from 176.65.139.217 port 50866 ssh2
Jun 22 18:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Connection closed by 176.65.139.217 port 50866 [preauth]
Jun 22 18:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Invalid user plex from 176.65.139.217
Jun 22 18:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: input_userauth_request: invalid user plex [preauth]
Jun 22 18:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Failed password for invalid user plex from 176.65.139.217 port 42072 ssh2
Jun 22 18:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Connection closed by 176.65.139.217 port 42072 [preauth]
Jun 22 18:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Invalid user redhat from 176.65.139.217
Jun 22 18:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: input_userauth_request: invalid user redhat [preauth]
Jun 22 18:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Failed password for invalid user redhat from 176.65.139.217 port 42086 ssh2
Jun 22 18:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Connection closed by 176.65.139.217 port 42086 [preauth]
Jun 22 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20251]: pam_unix(cron:session): session closed for user root
Jun 22 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: Invalid user martin from 176.65.139.217
Jun 22 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: input_userauth_request: invalid user martin [preauth]
Jun 22 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: Failed password for invalid user martin from 176.65.139.217 port 37364 ssh2
Jun 22 18:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: Connection closed by 176.65.139.217 port 37364 [preauth]
Jun 22 18:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: Invalid user ubuntu from 176.65.139.217
Jun 22 18:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 18:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: Failed password for invalid user ubuntu from 176.65.139.217 port 37384 ssh2
Jun 22 18:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: Connection closed by 176.65.139.217 port 37384 [preauth]
Jun 22 18:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: Failed password for root from 176.65.139.217 port 53818 ssh2
Jun 22 18:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: Connection closed by 176.65.139.217 port 53818 [preauth]
Jun 22 18:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: Invalid user user2 from 176.65.139.217
Jun 22 18:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: input_userauth_request: invalid user user2 [preauth]
Jun 22 18:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: Failed password for invalid user user2 from 176.65.139.217 port 53872 ssh2
Jun 22 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: Connection closed by 176.65.139.217 port 53872 [preauth]
Jun 22 18:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: Invalid user alex from 176.65.139.217
Jun 22 18:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: input_userauth_request: invalid user alex [preauth]
Jun 22 18:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 18:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 18:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: Failed password for invalid user alex from 176.65.139.217 port 53936 ssh2
Jun 22 18:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: Connection closed by 176.65.139.217 port 53936 [preauth]
Jun 22 18:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 18:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21681]: Failed password for root from 176.65.139.217 port 54482 ssh2
Jun 22 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21681]: Connection closed by 176.65.139.217 port 54482 [preauth]
Jun 22 19:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: Invalid user toto from 176.65.139.217
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: input_userauth_request: invalid user toto [preauth]
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21705]: pam_unix(cron:session): session closed for user root
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session closed for user root
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21697]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21798]: Successful su for rubyman by root
Jun 22 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21798]: + ??? root:rubyman
Jun 22 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572591 of user rubyman.
Jun 22 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21798]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572591.
Jun 22 19:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: Failed password for invalid user toto from 176.65.139.217 port 54514 ssh2
Jun 22 19:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: Connection closed by 176.65.139.217 port 54514 [preauth]
Jun 22 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session closed for user root
Jun 22 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18508]: pam_unix(cron:session): session closed for user root
Jun 22 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: User ftp from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: input_userauth_request: invalid user ftp [preauth]
Jun 22 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=ftp
Jun 22 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: Failed password for invalid user ftp from 176.65.139.217 port 34454 ssh2
Jun 22 19:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: Connection closed by 176.65.139.217 port 34454 [preauth]
Jun 22 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: Failed password for root from 176.65.139.217 port 34516 ssh2
Jun 22 19:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: Connection closed by 176.65.139.217 port 34516 [preauth]
Jun 22 19:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: Invalid user deploy from 176.65.139.217
Jun 22 19:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: Failed password for invalid user deploy from 176.65.139.217 port 42170 ssh2
Jun 22 19:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: Connection closed by 176.65.139.217 port 42170 [preauth]
Jun 22 19:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: Invalid user user10 from 176.65.139.217
Jun 22 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: input_userauth_request: invalid user user10 [preauth]
Jun 22 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: Failed password for invalid user user10 from 176.65.139.217 port 42228 ssh2
Jun 22 19:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: Connection closed by 176.65.139.217 port 42228 [preauth]
Jun 22 19:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Failed password for root from 176.65.139.217 port 33698 ssh2
Jun 22 19:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Connection closed by 176.65.139.217 port 33698 [preauth]
Jun 22 19:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Invalid user server from 176.65.139.217
Jun 22 19:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: input_userauth_request: invalid user server [preauth]
Jun 22 19:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Failed password for invalid user server from 176.65.139.217 port 33762 ssh2
Jun 22 19:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Connection closed by 176.65.139.217 port 33762 [preauth]
Jun 22 19:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20785]: pam_unix(cron:session): session closed for user root
Jun 22 19:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: Failed password for root from 176.65.139.217 port 40824 ssh2
Jun 22 19:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: Connection closed by 176.65.139.217 port 40824 [preauth]
Jun 22 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Invalid user user3 from 176.65.139.217
Jun 22 19:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: input_userauth_request: invalid user user3 [preauth]
Jun 22 19:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Failed password for invalid user user3 from 176.65.139.217 port 40848 ssh2
Jun 22 19:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Connection closed by 176.65.139.217 port 40848 [preauth]
Jun 22 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: Invalid user steam from 176.65.139.217
Jun 22 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: input_userauth_request: invalid user steam [preauth]
Jun 22 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: Failed password for invalid user steam from 176.65.139.217 port 40898 ssh2
Jun 22 19:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: Connection closed by 176.65.139.217 port 40898 [preauth]
Jun 22 19:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Invalid user gitlab from 176.65.139.217
Jun 22 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: input_userauth_request: invalid user gitlab [preauth]
Jun 22 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Failed password for invalid user gitlab from 176.65.139.217 port 40762 ssh2
Jun 22 19:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Connection closed by 176.65.139.217 port 40762 [preauth]
Jun 22 19:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: User john from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 19:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: input_userauth_request: invalid user john [preauth]
Jun 22 19:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=john
Jun 22 19:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Failed password for invalid user john from 176.65.139.217 port 40782 ssh2
Jun 22 19:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Connection closed by 176.65.139.217 port 40782 [preauth]
Jun 22 19:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Invalid user node from 176.65.139.217
Jun 22 19:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: input_userauth_request: invalid user node [preauth]
Jun 22 19:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Failed password for invalid user node from 176.65.139.217 port 58332 ssh2
Jun 22 19:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Connection closed by 176.65.139.217 port 58332 [preauth]
Jun 22 19:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: Invalid user myuser from 176.65.139.217
Jun 22 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: input_userauth_request: invalid user myuser [preauth]
Jun 22 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22228]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22302]: Successful su for rubyman by root
Jun 22 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22302]: + ??? root:rubyman
Jun 22 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572598 of user rubyman.
Jun 22 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22302]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572598.
Jun 22 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: Failed password for invalid user myuser from 176.65.139.217 port 58396 ssh2
Jun 22 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: Connection closed by 176.65.139.217 port 58396 [preauth]
Jun 22 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18959]: pam_unix(cron:session): session closed for user root
Jun 22 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: Invalid user cloud from 176.65.139.217
Jun 22 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: input_userauth_request: invalid user cloud [preauth]
Jun 22 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22229]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: Failed password for invalid user cloud from 176.65.139.217 port 57896 ssh2
Jun 22 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: Connection closed by 176.65.139.217 port 57896 [preauth]
Jun 22 19:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: Invalid user steam from 176.65.139.217
Jun 22 19:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: input_userauth_request: invalid user steam [preauth]
Jun 22 19:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: Failed password for invalid user steam from 176.65.139.217 port 57928 ssh2
Jun 22 19:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: Connection closed by 176.65.139.217 port 57928 [preauth]
Jun 22 19:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: Invalid user sam from 176.65.139.217
Jun 22 19:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: input_userauth_request: invalid user sam [preauth]
Jun 22 19:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: Failed password for invalid user sam from 176.65.139.217 port 59346 ssh2
Jun 22 19:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: Connection closed by 176.65.139.217 port 59346 [preauth]
Jun 22 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Invalid user debian from 176.65.139.217
Jun 22 19:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: input_userauth_request: invalid user debian [preauth]
Jun 22 19:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Failed password for invalid user debian from 176.65.139.217 port 59422 ssh2
Jun 22 19:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Connection closed by 176.65.139.217 port 59422 [preauth]
Jun 22 19:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22605]: Failed password for root from 38.55.97.143 port 52858 ssh2
Jun 22 19:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22605]: Connection closed by 38.55.97.143 port 52858 [preauth]
Jun 22 19:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Failed password for root from 176.65.139.217 port 43780 ssh2
Jun 22 19:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Connection closed by 176.65.139.217 port 43780 [preauth]
Jun 22 19:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Invalid user ubuntu from 176.65.139.217
Jun 22 19:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Failed password for invalid user ubuntu from 176.65.139.217 port 43836 ssh2
Jun 22 19:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Connection closed by 176.65.139.217 port 43836 [preauth]
Jun 22 19:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21237]: pam_unix(cron:session): session closed for user root
Jun 22 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: Invalid user tactical from 176.65.139.217
Jun 22 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: input_userauth_request: invalid user tactical [preauth]
Jun 22 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: Failed password for invalid user tactical from 176.65.139.217 port 46884 ssh2
Jun 22 19:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: Connection closed by 176.65.139.217 port 46884 [preauth]
Jun 22 19:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Invalid user admin2 from 176.65.139.217
Jun 22 19:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: input_userauth_request: invalid user admin2 [preauth]
Jun 22 19:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Failed password for invalid user admin2 from 176.65.139.217 port 46972 ssh2
Jun 22 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Connection closed by 176.65.139.217 port 46972 [preauth]
Jun 22 19:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: Invalid user linux from 176.65.139.217
Jun 22 19:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: input_userauth_request: invalid user linux [preauth]
Jun 22 19:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: Failed password for invalid user linux from 176.65.139.217 port 47042 ssh2
Jun 22 19:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22694]: Connection closed by 176.65.139.217 port 47042 [preauth]
Jun 22 19:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: Invalid user mc from 176.65.139.217
Jun 22 19:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: input_userauth_request: invalid user mc [preauth]
Jun 22 19:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: Failed password for invalid user mc from 176.65.139.217 port 55150 ssh2
Jun 22 19:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: Connection closed by 176.65.139.217 port 55150 [preauth]
Jun 22 19:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: Invalid user user from 176.65.139.217
Jun 22 19:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: input_userauth_request: invalid user user [preauth]
Jun 22 19:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: Failed password for invalid user user from 176.65.139.217 port 55178 ssh2
Jun 22 19:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22720]: Connection closed by 176.65.139.217 port 55178 [preauth]
Jun 22 19:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22732]: Invalid user wso2 from 176.65.139.217
Jun 22 19:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22732]: input_userauth_request: invalid user wso2 [preauth]
Jun 22 19:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22732]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22732]: Failed password for invalid user wso2 from 176.65.139.217 port 37826 ssh2
Jun 22 19:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22732]: Connection closed by 176.65.139.217 port 37826 [preauth]
Jun 22 19:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22742]: Invalid user ts3 from 176.65.139.217
Jun 22 19:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22742]: input_userauth_request: invalid user ts3 [preauth]
Jun 22 19:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22742]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22745]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: Successful su for rubyman by root
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: + ??? root:rubyman
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572603 of user rubyman.
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572603.
Jun 22 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22742]: Failed password for invalid user ts3 from 176.65.139.217 port 37858 ssh2
Jun 22 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22742]: Connection closed by 176.65.139.217 port 37858 [preauth]
Jun 22 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19714]: pam_unix(cron:session): session closed for user root
Jun 22 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22746]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: Failed password for root from 176.65.139.217 port 38670 ssh2
Jun 22 19:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: Connection closed by 176.65.139.217 port 38670 [preauth]
Jun 22 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Failed password for root from 176.65.139.217 port 38698 ssh2
Jun 22 19:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Connection closed by 176.65.139.217 port 38698 [preauth]
Jun 22 19:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: Invalid user mohammad from 176.65.139.217
Jun 22 19:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: input_userauth_request: invalid user mohammad [preauth]
Jun 22 19:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: Failed password for invalid user mohammad from 176.65.139.217 port 59976 ssh2
Jun 22 19:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: Connection closed by 176.65.139.217 port 59976 [preauth]
Jun 22 19:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: Failed password for root from 176.65.139.217 port 60048 ssh2
Jun 22 19:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23033]: Connection closed by 176.65.139.217 port 60048 [preauth]
Jun 22 19:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Invalid user gns3 from 176.65.139.217
Jun 22 19:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: input_userauth_request: invalid user gns3 [preauth]
Jun 22 19:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Failed password for invalid user gns3 from 176.65.139.217 port 34876 ssh2
Jun 22 19:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Connection closed by 176.65.139.217 port 34876 [preauth]
Jun 22 19:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: Failed password for root from 176.65.139.217 port 34906 ssh2
Jun 22 19:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: Connection closed by 176.65.139.217 port 34906 [preauth]
Jun 22 19:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Invalid user ansible from 176.65.139.217
Jun 22 19:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: input_userauth_request: invalid user ansible [preauth]
Jun 22 19:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21704]: pam_unix(cron:session): session closed for user root
Jun 22 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Failed password for invalid user ansible from 176.65.139.217 port 34954 ssh2
Jun 22 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Connection closed by 176.65.139.217 port 34954 [preauth]
Jun 22 19:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Invalid user oscar from 176.65.139.217
Jun 22 19:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: input_userauth_request: invalid user oscar [preauth]
Jun 22 19:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Failed password for invalid user oscar from 176.65.139.217 port 41288 ssh2
Jun 22 19:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Connection closed by 176.65.139.217 port 41288 [preauth]
Jun 22 19:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Failed password for root from 176.65.139.217 port 41368 ssh2
Jun 22 19:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Connection closed by 176.65.139.217 port 41368 [preauth]
Jun 22 19:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: Invalid user nexus from 176.65.139.217
Jun 22 19:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: input_userauth_request: invalid user nexus [preauth]
Jun 22 19:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: Failed password for invalid user nexus from 176.65.139.217 port 33606 ssh2
Jun 22 19:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: Connection closed by 176.65.139.217 port 33606 [preauth]
Jun 22 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: Invalid user administrator from 176.65.139.217
Jun 22 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: input_userauth_request: invalid user administrator [preauth]
Jun 22 19:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: Failed password for invalid user administrator from 176.65.139.217 port 33652 ssh2
Jun 22 19:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: Connection closed by 176.65.139.217 port 33652 [preauth]
Jun 22 19:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: Invalid user appuser from 176.65.139.217
Jun 22 19:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: input_userauth_request: invalid user appuser [preauth]
Jun 22 19:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: Failed password for invalid user appuser from 176.65.139.217 port 43968 ssh2
Jun 22 19:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: Connection closed by 176.65.139.217 port 43968 [preauth]
Jun 22 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: Invalid user deploy from 176.65.139.217
Jun 22 19:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23254]: Successful su for rubyman by root
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23254]: + ??? root:rubyman
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572606 of user rubyman.
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23254]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572606.
Jun 22 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: Failed password for invalid user deploy from 176.65.139.217 port 44012 ssh2
Jun 22 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: Connection closed by 176.65.139.217 port 44012 [preauth]
Jun 22 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20250]: pam_unix(cron:session): session closed for user root
Jun 22 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: Invalid user jenkins from 176.65.139.217
Jun 22 19:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 19:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23181]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: Failed password for invalid user jenkins from 176.65.139.217 port 50094 ssh2
Jun 22 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: Connection closed by 176.65.139.217 port 50094 [preauth]
Jun 22 19:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Failed password for root from 176.65.139.217 port 50120 ssh2
Jun 22 19:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Connection closed by 176.65.139.217 port 50120 [preauth]
Jun 22 19:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: Invalid user oracle from 176.65.139.217
Jun 22 19:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: input_userauth_request: invalid user oracle [preauth]
Jun 22 19:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: Failed password for invalid user oracle from 176.65.139.217 port 35148 ssh2
Jun 22 19:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: Connection closed by 176.65.139.217 port 35148 [preauth]
Jun 22 19:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: Failed password for root from 176.65.139.217 port 35202 ssh2
Jun 22 19:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: Connection closed by 176.65.139.217 port 35202 [preauth]
Jun 22 19:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Invalid user user from 176.65.139.217
Jun 22 19:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: input_userauth_request: invalid user user [preauth]
Jun 22 19:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Failed password for invalid user user from 176.65.139.217 port 59836 ssh2
Jun 22 19:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Connection closed by 176.65.139.217 port 59836 [preauth]
Jun 22 19:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23523]: Invalid user wizard from 176.65.139.217
Jun 22 19:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23523]: input_userauth_request: invalid user wizard [preauth]
Jun 22 19:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23523]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23523]: Failed password for invalid user wizard from 176.65.139.217 port 59894 ssh2
Jun 22 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23523]: Connection closed by 176.65.139.217 port 59894 [preauth]
Jun 22 19:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23527]: Invalid user sam from 176.65.139.217
Jun 22 19:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23527]: input_userauth_request: invalid user sam [preauth]
Jun 22 19:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23527]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session closed for user root
Jun 22 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23527]: Failed password for invalid user sam from 176.65.139.217 port 59964 ssh2
Jun 22 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23527]: Connection closed by 176.65.139.217 port 59964 [preauth]
Jun 22 19:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23560]: Invalid user devops from 176.65.139.217
Jun 22 19:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23560]: input_userauth_request: invalid user devops [preauth]
Jun 22 19:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23560]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23560]: Failed password for invalid user devops from 176.65.139.217 port 56364 ssh2
Jun 22 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23560]: Connection closed by 176.65.139.217 port 56364 [preauth]
Jun 22 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: Invalid user core from 176.65.139.217
Jun 22 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: input_userauth_request: invalid user core [preauth]
Jun 22 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: Failed password for invalid user core from 176.65.139.217 port 56392 ssh2
Jun 22 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: Connection closed by 176.65.139.217 port 56392 [preauth]
Jun 22 19:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Invalid user admin from 141.98.83.240
Jun 22 19:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 19:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: Failed password for root from 176.65.139.217 port 54566 ssh2
Jun 22 19:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: Connection closed by 176.65.139.217 port 54566 [preauth]
Jun 22 19:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Failed password for invalid user admin from 141.98.83.240 port 13906 ssh2
Jun 22 19:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Failed password for invalid user admin from 141.98.83.240 port 13906 ssh2
Jun 22 19:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23608]: Failed password for root from 176.65.139.217 port 54598 ssh2
Jun 22 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23608]: Connection closed by 176.65.139.217 port 54598 [preauth]
Jun 22 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Failed password for invalid user admin from 141.98.83.240 port 13906 ssh2
Jun 22 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Connection closed by 141.98.83.240 port 13906 [preauth]
Jun 22 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 19:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: Failed password for root from 176.65.139.217 port 36894 ssh2
Jun 22 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: Connection closed by 176.65.139.217 port 36894 [preauth]
Jun 22 19:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: Invalid user kipt from 176.65.139.217
Jun 22 19:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: input_userauth_request: invalid user kipt [preauth]
Jun 22 19:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23701]: Successful su for rubyman by root
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23701]: + ??? root:rubyman
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572610 of user rubyman.
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23701]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572610.
Jun 22 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: Failed password for invalid user kipt from 176.65.139.217 port 36918 ssh2
Jun 22 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23629]: Connection closed by 176.65.139.217 port 36918 [preauth]
Jun 22 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20783]: pam_unix(cron:session): session closed for user root
Jun 22 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: Invalid user grid from 176.65.139.217
Jun 22 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: input_userauth_request: invalid user grid [preauth]
Jun 22 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: Failed password for invalid user grid from 176.65.139.217 port 51298 ssh2
Jun 22 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: Connection closed by 176.65.139.217 port 51298 [preauth]
Jun 22 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: Invalid user admin from 176.65.139.217
Jun 22 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: Failed password for invalid user admin from 176.65.139.217 port 51334 ssh2
Jun 22 19:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: Connection closed by 176.65.139.217 port 51334 [preauth]
Jun 22 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: Failed password for root from 38.55.97.143 port 59160 ssh2
Jun 22 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Failed password for root from 176.65.139.217 port 53062 ssh2
Jun 22 19:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23995]: Connection closed by 38.55.97.143 port 59160 [preauth]
Jun 22 19:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Connection closed by 176.65.139.217 port 53062 [preauth]
Jun 22 19:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24033]: Invalid user guest from 176.65.139.217
Jun 22 19:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24033]: input_userauth_request: invalid user guest [preauth]
Jun 22 19:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24033]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24033]: Failed password for invalid user guest from 176.65.139.217 port 53098 ssh2
Jun 22 19:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24033]: Connection closed by 176.65.139.217 port 53098 [preauth]
Jun 22 19:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Invalid user runner from 176.65.139.217
Jun 22 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: input_userauth_request: invalid user runner [preauth]
Jun 22 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Failed password for invalid user runner from 176.65.139.217 port 53182 ssh2
Jun 22 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Connection closed by 176.65.139.217 port 53182 [preauth]
Jun 22 19:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: Invalid user user from 176.65.139.217
Jun 22 19:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: input_userauth_request: invalid user user [preauth]
Jun 22 19:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: Failed password for invalid user user from 176.65.139.217 port 47368 ssh2
Jun 22 19:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: Connection closed by 176.65.139.217 port 47368 [preauth]
Jun 22 19:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Invalid user admin from 176.65.139.217
Jun 22 19:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22749]: pam_unix(cron:session): session closed for user root
Jun 22 19:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Failed password for invalid user admin from 176.65.139.217 port 47446 ssh2
Jun 22 19:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Connection closed by 176.65.139.217 port 47446 [preauth]
Jun 22 19:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Failed password for root from 176.65.139.217 port 41860 ssh2
Jun 22 19:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Connection closed by 176.65.139.217 port 41860 [preauth]
Jun 22 19:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24111]: Failed password for root from 176.65.139.217 port 41898 ssh2
Jun 22 19:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24111]: Connection closed by 176.65.139.217 port 41898 [preauth]
Jun 22 19:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: Invalid user rajvir from 176.65.139.217
Jun 22 19:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: input_userauth_request: invalid user rajvir [preauth]
Jun 22 19:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: Failed password for invalid user rajvir from 176.65.139.217 port 48040 ssh2
Jun 22 19:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: Connection closed by 176.65.139.217 port 48040 [preauth]
Jun 22 19:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: Invalid user fastuser from 176.65.139.217
Jun 22 19:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 19:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: Failed password for invalid user fastuser from 176.65.139.217 port 48080 ssh2
Jun 22 19:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: Connection closed by 176.65.139.217 port 48080 [preauth]
Jun 22 19:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: Invalid user fastuser from 176.65.139.217
Jun 22 19:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 19:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: Failed password for invalid user fastuser from 176.65.139.217 port 54430 ssh2
Jun 22 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: Connection closed by 176.65.139.217 port 54430 [preauth]
Jun 22 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: Invalid user devops from 176.65.139.217
Jun 22 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: input_userauth_request: invalid user devops [preauth]
Jun 22 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24176]: pam_unix(cron:session): session closed for user root
Jun 22 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24170]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: Failed password for invalid user devops from 176.65.139.217 port 54468 ssh2
Jun 22 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: Connection closed by 176.65.139.217 port 54468 [preauth]
Jun 22 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24257]: Successful su for rubyman by root
Jun 22 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24257]: + ??? root:rubyman
Jun 22 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572616 of user rubyman.
Jun 22 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24257]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572616.
Jun 22 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24173]: pam_unix(cron:session): session closed for user root
Jun 22 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21236]: pam_unix(cron:session): session closed for user root
Jun 22 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: Failed password for root from 176.65.139.217 port 49420 ssh2
Jun 22 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: Connection closed by 176.65.139.217 port 49420 [preauth]
Jun 22 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24171]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Invalid user term2 from 176.65.139.217
Jun 22 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: input_userauth_request: invalid user term2 [preauth]
Jun 22 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Failed password for invalid user term2 from 176.65.139.217 port 49444 ssh2
Jun 22 19:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Connection closed by 176.65.139.217 port 49444 [preauth]
Jun 22 19:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Invalid user user2 from 176.65.139.217
Jun 22 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: input_userauth_request: invalid user user2 [preauth]
Jun 22 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Failed password for invalid user user2 from 176.65.139.217 port 60982 ssh2
Jun 22 19:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Connection closed by 176.65.139.217 port 60982 [preauth]
Jun 22 19:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Invalid user ftpuser from 176.65.139.217
Jun 22 19:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 19:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Failed password for invalid user ftpuser from 176.65.139.217 port 32812 ssh2
Jun 22 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Connection closed by 176.65.139.217 port 32812 [preauth]
Jun 22 19:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: Invalid user postgres from 176.65.139.217
Jun 22 19:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: input_userauth_request: invalid user postgres [preauth]
Jun 22 19:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: Failed password for invalid user postgres from 176.65.139.217 port 59276 ssh2
Jun 22 19:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: Connection closed by 176.65.139.217 port 59276 [preauth]
Jun 22 19:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: Invalid user bob from 176.65.139.217
Jun 22 19:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: input_userauth_request: invalid user bob [preauth]
Jun 22 19:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: Failed password for invalid user bob from 176.65.139.217 port 59308 ssh2
Jun 22 19:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: Connection closed by 176.65.139.217 port 59308 [preauth]
Jun 22 19:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: Invalid user jellyfin from 176.65.139.217
Jun 22 19:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: input_userauth_request: invalid user jellyfin [preauth]
Jun 22 19:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23183]: pam_unix(cron:session): session closed for user root
Jun 22 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: Failed password for invalid user jellyfin from 176.65.139.217 port 59354 ssh2
Jun 22 19:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: Connection closed by 176.65.139.217 port 59354 [preauth]
Jun 22 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Invalid user teamspeak from 176.65.139.217
Jun 22 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 19:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: Received disconnect from 104.194.9.81 port 55628:11: disconnected by user [preauth]
Jun 22 19:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: Disconnected from 104.194.9.81 port 55628 [preauth]
Jun 22 19:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Failed password for invalid user teamspeak from 176.65.139.217 port 58412 ssh2
Jun 22 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Connection closed by 176.65.139.217 port 58412 [preauth]
Jun 22 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Invalid user opc from 176.65.139.217
Jun 22 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: input_userauth_request: invalid user opc [preauth]
Jun 22 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Failed password for invalid user opc from 176.65.139.217 port 58428 ssh2
Jun 22 19:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Connection closed by 176.65.139.217 port 58428 [preauth]
Jun 22 19:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24622]: Invalid user developer from 176.65.139.217
Jun 22 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24622]: input_userauth_request: invalid user developer [preauth]
Jun 22 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24622]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24622]: Failed password for invalid user developer from 176.65.139.217 port 53758 ssh2
Jun 22 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24622]: Connection closed by 176.65.139.217 port 53758 [preauth]
Jun 22 19:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: Invalid user postgres from 176.65.139.217
Jun 22 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: input_userauth_request: invalid user postgres [preauth]
Jun 22 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: Failed password for invalid user postgres from 176.65.139.217 port 53774 ssh2
Jun 22 19:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: Connection closed by 176.65.139.217 port 53774 [preauth]
Jun 22 19:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: Failed password for root from 176.65.139.217 port 34410 ssh2
Jun 22 19:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: Connection closed by 176.65.139.217 port 34410 [preauth]
Jun 22 19:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Failed password for root from 176.65.139.217 port 34428 ssh2
Jun 22 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Connection closed by 176.65.139.217 port 34428 [preauth]
Jun 22 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24683]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24753]: Successful su for rubyman by root
Jun 22 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24753]: + ??? root:rubyman
Jun 22 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572621 of user rubyman.
Jun 22 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24753]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572621.
Jun 22 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: Invalid user ossuser from 176.65.139.217
Jun 22 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: input_userauth_request: invalid user ossuser [preauth]
Jun 22 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21703]: pam_unix(cron:session): session closed for user root
Jun 22 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: Failed password for invalid user ossuser from 176.65.139.217 port 39838 ssh2
Jun 22 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: Connection closed by 176.65.139.217 port 39838 [preauth]
Jun 22 19:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: Invalid user user2 from 176.65.139.217
Jun 22 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: input_userauth_request: invalid user user2 [preauth]
Jun 22 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: Failed password for invalid user user2 from 176.65.139.217 port 39858 ssh2
Jun 22 19:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: Connection closed by 176.65.139.217 port 39858 [preauth]
Jun 22 19:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Invalid user cloud from 176.65.139.217
Jun 22 19:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: input_userauth_request: invalid user cloud [preauth]
Jun 22 19:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Failed password for invalid user cloud from 176.65.139.217 port 39892 ssh2
Jun 22 19:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Connection closed by 176.65.139.217 port 39892 [preauth]
Jun 22 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: Invalid user teste from 176.65.139.217
Jun 22 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: input_userauth_request: invalid user teste [preauth]
Jun 22 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: Failed password for invalid user teste from 176.65.139.217 port 60528 ssh2
Jun 22 19:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24957]: Connection closed by 176.65.139.217 port 60528 [preauth]
Jun 22 19:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Failed password for root from 176.65.139.217 port 60606 ssh2
Jun 22 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Connection closed by 176.65.139.217 port 60606 [preauth]
Jun 22 19:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: Invalid user pi from 176.65.139.217
Jun 22 19:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: Failed password for invalid user pi from 176.65.139.217 port 53506 ssh2
Jun 22 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: Connection closed by 176.65.139.217 port 53506 [preauth]
Jun 22 19:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: Invalid user admin from 176.65.139.217
Jun 22 19:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: Failed password for invalid user admin from 176.65.139.217 port 53522 ssh2
Jun 22 19:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: Connection closed by 176.65.139.217 port 53522 [preauth]
Jun 22 19:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session closed for user root
Jun 22 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: Invalid user cw from 176.65.139.217
Jun 22 19:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: input_userauth_request: invalid user cw [preauth]
Jun 22 19:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: Failed password for invalid user cw from 176.65.139.217 port 37648 ssh2
Jun 22 19:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: Connection closed by 176.65.139.217 port 37648 [preauth]
Jun 22 19:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Invalid user aaa from 176.65.139.217
Jun 22 19:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: input_userauth_request: invalid user aaa [preauth]
Jun 22 19:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Failed password for invalid user aaa from 176.65.139.217 port 37700 ssh2
Jun 22 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Connection closed by 176.65.139.217 port 37700 [preauth]
Jun 22 19:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Invalid user ftpuser from 176.65.139.217
Jun 22 19:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 19:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Failed password for invalid user ftpuser from 176.65.139.217 port 52726 ssh2
Jun 22 19:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Connection closed by 176.65.139.217 port 52726 [preauth]
Jun 22 19:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Invalid user ubuntu from 176.65.139.217
Jun 22 19:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Failed password for invalid user ubuntu from 176.65.139.217 port 52790 ssh2
Jun 22 19:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Connection closed by 176.65.139.217 port 52790 [preauth]
Jun 22 19:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: Invalid user zimbra from 176.65.139.217
Jun 22 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: input_userauth_request: invalid user zimbra [preauth]
Jun 22 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: Failed password for invalid user zimbra from 176.65.139.217 port 52872 ssh2
Jun 22 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25092]: Connection closed by 176.65.139.217 port 52872 [preauth]
Jun 22 19:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25102]: Invalid user odoo18 from 176.65.139.217
Jun 22 19:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25102]: input_userauth_request: invalid user odoo18 [preauth]
Jun 22 19:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25102]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25102]: Failed password for invalid user odoo18 from 176.65.139.217 port 55296 ssh2
Jun 22 19:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25102]: Connection closed by 176.65.139.217 port 55296 [preauth]
Jun 22 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25116]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Invalid user fastuser from 176.65.139.217
Jun 22 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25179]: Successful su for rubyman by root
Jun 22 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25179]: + ??? root:rubyman
Jun 22 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572625 of user rubyman.
Jun 22 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25179]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572625.
Jun 22 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session closed for user root
Jun 22 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Failed password for invalid user fastuser from 176.65.139.217 port 55348 ssh2
Jun 22 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Connection closed by 176.65.139.217 port 55348 [preauth]
Jun 22 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25117]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Invalid user csgo from 176.65.139.217
Jun 22 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: input_userauth_request: invalid user csgo [preauth]
Jun 22 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Failed password for invalid user csgo from 176.65.139.217 port 34390 ssh2
Jun 22 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Connection closed by 176.65.139.217 port 34390 [preauth]
Jun 22 19:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: Failed password for root from 176.65.139.217 port 34452 ssh2
Jun 22 19:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Failed password for root from 38.55.97.143 port 36286 ssh2
Jun 22 19:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: Connection closed by 176.65.139.217 port 34452 [preauth]
Jun 22 19:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Connection closed by 38.55.97.143 port 36286 [preauth]
Jun 22 19:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Invalid user admin from 176.65.139.217
Jun 22 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Failed password for invalid user admin from 176.65.139.217 port 60398 ssh2
Jun 22 19:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Connection closed by 176.65.139.217 port 60398 [preauth]
Jun 22 19:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: Invalid user runner from 176.65.139.217
Jun 22 19:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: input_userauth_request: invalid user runner [preauth]
Jun 22 19:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: Failed password for invalid user runner from 176.65.139.217 port 60438 ssh2
Jun 22 19:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: Connection closed by 176.65.139.217 port 60438 [preauth]
Jun 22 19:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25407]: Failed password for root from 176.65.139.217 port 33644 ssh2
Jun 22 19:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25407]: Connection closed by 176.65.139.217 port 33644 [preauth]
Jun 22 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: Invalid user crafty from 176.65.139.217
Jun 22 19:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: input_userauth_request: invalid user crafty [preauth]
Jun 22 19:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: Failed password for invalid user crafty from 176.65.139.217 port 33706 ssh2
Jun 22 19:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25428]: Connection closed by 176.65.139.217 port 33706 [preauth]
Jun 22 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25448]: Invalid user chenxi from 176.65.139.217
Jun 22 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25448]: input_userauth_request: invalid user chenxi [preauth]
Jun 22 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25448]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24175]: pam_unix(cron:session): session closed for user root
Jun 22 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25448]: Failed password for invalid user chenxi from 176.65.139.217 port 56234 ssh2
Jun 22 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25448]: Connection closed by 176.65.139.217 port 56234 [preauth]
Jun 22 19:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: Invalid user test from 176.65.139.217
Jun 22 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: input_userauth_request: invalid user test [preauth]
Jun 22 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: Failed password for invalid user test from 176.65.139.217 port 56290 ssh2
Jun 22 19:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: Connection closed by 176.65.139.217 port 56290 [preauth]
Jun 22 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: Invalid user node from 176.65.139.217
Jun 22 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: input_userauth_request: invalid user node [preauth]
Jun 22 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: Failed password for invalid user node from 176.65.139.217 port 60976 ssh2
Jun 22 19:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: Connection closed by 176.65.139.217 port 60976 [preauth]
Jun 22 19:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25499]: Invalid user user from 176.65.139.217
Jun 22 19:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25499]: input_userauth_request: invalid user user [preauth]
Jun 22 19:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25499]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25499]: Failed password for invalid user user from 176.65.139.217 port 32838 ssh2
Jun 22 19:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25499]: Connection closed by 176.65.139.217 port 32838 [preauth]
Jun 22 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Invalid user rdpuser from 176.65.139.217
Jun 22 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Failed password for invalid user rdpuser from 176.65.139.217 port 32876 ssh2
Jun 22 19:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Connection closed by 176.65.139.217 port 32876 [preauth]
Jun 22 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Invalid user cloud from 176.65.139.217
Jun 22 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: input_userauth_request: invalid user cloud [preauth]
Jun 22 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Failed password for invalid user cloud from 176.65.139.217 port 56594 ssh2
Jun 22 19:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Connection closed by 176.65.139.217 port 56594 [preauth]
Jun 22 19:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: Invalid user minecraft from 176.65.139.217
Jun 22 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25536]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: Successful su for rubyman by root
Jun 22 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: + ??? root:rubyman
Jun 22 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572629 of user rubyman.
Jun 22 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572629.
Jun 22 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: Failed password for invalid user minecraft from 176.65.139.217 port 56644 ssh2
Jun 22 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: Connection closed by 176.65.139.217 port 56644 [preauth]
Jun 22 19:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22747]: pam_unix(cron:session): session closed for user root
Jun 22 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: Invalid user support from 176.65.139.217
Jun 22 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: input_userauth_request: invalid user support [preauth]
Jun 22 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25537]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: Failed password for invalid user support from 176.65.139.217 port 49640 ssh2
Jun 22 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: Connection closed by 176.65.139.217 port 49640 [preauth]
Jun 22 19:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: Failed password for root from 176.65.139.217 port 49680 ssh2
Jun 22 19:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: Connection closed by 176.65.139.217 port 49680 [preauth]
Jun 22 19:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25810]: Failed password for root from 176.65.139.217 port 58040 ssh2
Jun 22 19:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25810]: Connection closed by 176.65.139.217 port 58040 [preauth]
Jun 22 19:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: Invalid user dev from 176.65.139.217
Jun 22 19:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: Failed password for invalid user dev from 176.65.139.217 port 58068 ssh2
Jun 22 19:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: Connection closed by 176.65.139.217 port 58068 [preauth]
Jun 22 19:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: Invalid user server from 176.65.139.217
Jun 22 19:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: input_userauth_request: invalid user server [preauth]
Jun 22 19:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: Failed password for invalid user server from 176.65.139.217 port 48726 ssh2
Jun 22 19:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: Connection closed by 176.65.139.217 port 48726 [preauth]
Jun 22 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25847]: Invalid user developer from 176.65.139.217
Jun 22 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25847]: input_userauth_request: invalid user developer [preauth]
Jun 22 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25847]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25847]: Failed password for invalid user developer from 176.65.139.217 port 48758 ssh2
Jun 22 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25847]: Connection closed by 176.65.139.217 port 48758 [preauth]
Jun 22 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Invalid user teamspeak from 176.65.139.217
Jun 22 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session closed for user root
Jun 22 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Failed password for invalid user teamspeak from 176.65.139.217 port 48254 ssh2
Jun 22 19:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Connection closed by 176.65.139.217 port 48254 [preauth]
Jun 22 19:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Invalid user git from 176.65.139.217
Jun 22 19:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: input_userauth_request: invalid user git [preauth]
Jun 22 19:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Failed password for invalid user git from 176.65.139.217 port 48266 ssh2
Jun 22 19:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Connection closed by 176.65.139.217 port 48266 [preauth]
Jun 22 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Failed password for root from 176.65.139.217 port 48282 ssh2
Jun 22 19:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Connection closed by 176.65.139.217 port 48282 [preauth]
Jun 22 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: Invalid user steam from 176.65.139.217
Jun 22 19:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: input_userauth_request: invalid user steam [preauth]
Jun 22 19:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: Failed password for invalid user steam from 176.65.139.217 port 52268 ssh2
Jun 22 19:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: Connection closed by 176.65.139.217 port 52268 [preauth]
Jun 22 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: Invalid user pi from 176.65.139.217
Jun 22 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: Failed password for invalid user pi from 176.65.139.217 port 52306 ssh2
Jun 22 19:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: Connection closed by 176.65.139.217 port 52306 [preauth]
Jun 22 19:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: Failed password for root from 176.65.139.217 port 44082 ssh2
Jun 22 19:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: Connection closed by 176.65.139.217 port 44082 [preauth]
Jun 22 19:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: Invalid user admin from 176.65.139.217
Jun 22 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: Failed password for invalid user admin from 176.65.139.217 port 44132 ssh2
Jun 22 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: Connection closed by 176.65.139.217 port 44132 [preauth]
Jun 22 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25948]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26071]: Successful su for rubyman by root
Jun 22 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26071]: + ??? root:rubyman
Jun 22 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572633 of user rubyman.
Jun 22 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26071]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572633.
Jun 22 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25946]: pam_unix(cron:session): session closed for user root
Jun 22 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session closed for user root
Jun 22 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Failed password for root from 176.65.139.217 port 36214 ssh2
Jun 22 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Connection closed by 176.65.139.217 port 36214 [preauth]
Jun 22 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: Invalid user openclaw from 176.65.139.217
Jun 22 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25949]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: Failed password for invalid user openclaw from 176.65.139.217 port 36240 ssh2
Jun 22 19:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: Connection closed by 176.65.139.217 port 36240 [preauth]
Jun 22 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: Invalid user avax from 176.65.139.217
Jun 22 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: input_userauth_request: invalid user avax [preauth]
Jun 22 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: Failed password for invalid user avax from 176.65.139.217 port 36270 ssh2
Jun 22 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: Connection closed by 176.65.139.217 port 36270 [preauth]
Jun 22 19:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Invalid user x from 176.65.139.217
Jun 22 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: input_userauth_request: invalid user x [preauth]
Jun 22 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Failed password for invalid user x from 176.65.139.217 port 42924 ssh2
Jun 22 19:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Connection closed by 176.65.139.217 port 42924 [preauth]
Jun 22 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: Invalid user admin from 176.65.139.217
Jun 22 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: Failed password for invalid user admin from 176.65.139.217 port 42980 ssh2
Jun 22 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: Connection closed by 176.65.139.217 port 42980 [preauth]
Jun 22 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Invalid user gg from 176.65.139.217
Jun 22 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: input_userauth_request: invalid user gg [preauth]
Jun 22 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Failed password for invalid user gg from 176.65.139.217 port 43038 ssh2
Jun 22 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Connection closed by 176.65.139.217 port 43038 [preauth]
Jun 22 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: Failed password for root from 176.65.139.217 port 34326 ssh2
Jun 22 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: Connection closed by 176.65.139.217 port 34326 [preauth]
Jun 22 19:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: Invalid user es from 176.65.139.217
Jun 22 19:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: input_userauth_request: invalid user es [preauth]
Jun 22 19:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 19:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: Failed password for invalid user es from 176.65.139.217 port 34372 ssh2
Jun 22 19:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: Connection closed by 176.65.139.217 port 34372 [preauth]
Jun 22 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: Failed password for root from 103.77.175.15 port 59594 ssh2
Jun 22 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: Connection closed by 103.77.175.15 port 59594 [preauth]
Jun 22 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26372]: Invalid user sam from 176.65.139.217
Jun 22 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26372]: input_userauth_request: invalid user sam [preauth]
Jun 22 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26372]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25119]: pam_unix(cron:session): session closed for user root
Jun 22 19:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26372]: Failed password for invalid user sam from 176.65.139.217 port 34408 ssh2
Jun 22 19:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26372]: Connection closed by 176.65.139.217 port 34408 [preauth]
Jun 22 19:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: Invalid user ftpuser from 176.65.139.217
Jun 22 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: Failed password for invalid user ftpuser from 176.65.139.217 port 60898 ssh2
Jun 22 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: Connection closed by 176.65.139.217 port 60898 [preauth]
Jun 22 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26403]: Invalid user master from 176.65.139.217
Jun 22 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26403]: input_userauth_request: invalid user master [preauth]
Jun 22 19:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26403]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26403]: Failed password for invalid user master from 176.65.139.217 port 60952 ssh2
Jun 22 19:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26403]: Connection closed by 176.65.139.217 port 60952 [preauth]
Jun 22 19:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Invalid user odoo17 from 176.65.139.217
Jun 22 19:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: input_userauth_request: invalid user odoo17 [preauth]
Jun 22 19:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Failed password for invalid user odoo17 from 176.65.139.217 port 32788 ssh2
Jun 22 19:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Connection closed by 176.65.139.217 port 32788 [preauth]
Jun 22 19:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: Invalid user linuxuser from 176.65.139.217
Jun 22 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: input_userauth_request: invalid user linuxuser [preauth]
Jun 22 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: Failed password for invalid user linuxuser from 176.65.139.217 port 57994 ssh2
Jun 22 19:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: Connection closed by 176.65.139.217 port 57994 [preauth]
Jun 22 19:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: Invalid user admin1 from 176.65.139.217
Jun 22 19:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 19:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: Failed password for invalid user admin1 from 176.65.139.217 port 58018 ssh2
Jun 22 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: Connection closed by 176.65.139.217 port 58018 [preauth]
Jun 22 19:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: Invalid user drcomadmin from 176.65.139.217
Jun 22 19:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 22 19:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: Failed password for invalid user drcomadmin from 176.65.139.217 port 45462 ssh2
Jun 22 19:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26450]: Connection closed by 176.65.139.217 port 45462 [preauth]
Jun 22 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: Failed password for root from 38.55.97.143 port 44990 ssh2
Jun 22 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 19:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: Connection closed by 38.55.97.143 port 44990 [preauth]
Jun 22 19:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26462]: Failed password for root from 176.65.139.217 port 45498 ssh2
Jun 22 19:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26462]: Connection closed by 176.65.139.217 port 45498 [preauth]
Jun 22 19:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26460]: Failed password for root from 103.172.78.219 port 37492 ssh2
Jun 22 19:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26460]: Connection closed by 103.172.78.219 port 37492 [preauth]
Jun 22 19:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: Invalid user server from 176.65.139.217
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: input_userauth_request: invalid user server [preauth]
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26482]: pam_unix(cron:session): session closed for user root
Jun 22 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26476]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: Successful su for rubyman by root
Jun 22 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: + ??? root:rubyman
Jun 22 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572638 of user rubyman.
Jun 22 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572638.
Jun 22 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: Failed password for invalid user server from 176.65.139.217 port 45562 ssh2
Jun 22 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: Connection closed by 176.65.139.217 port 45562 [preauth]
Jun 22 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26478]: pam_unix(cron:session): session closed for user root
Jun 22 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session closed for user root
Jun 22 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: Invalid user www from 176.65.139.217
Jun 22 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: input_userauth_request: invalid user www [preauth]
Jun 22 19:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26477]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: Failed password for invalid user www from 176.65.139.217 port 36438 ssh2
Jun 22 19:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: Connection closed by 176.65.139.217 port 36438 [preauth]
Jun 22 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Invalid user nutanix from 176.65.139.217
Jun 22 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: input_userauth_request: invalid user nutanix [preauth]
Jun 22 19:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Failed password for invalid user nutanix from 176.65.139.217 port 36482 ssh2
Jun 22 19:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Connection closed by 176.65.139.217 port 36482 [preauth]
Jun 22 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: Invalid user elastic from 176.65.139.217
Jun 22 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: input_userauth_request: invalid user elastic [preauth]
Jun 22 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: Failed password for invalid user elastic from 176.65.139.217 port 36522 ssh2
Jun 22 19:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: Connection closed by 176.65.139.217 port 36522 [preauth]
Jun 22 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26865]: Invalid user dev from 176.65.139.217
Jun 22 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26865]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26865]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26865]: Failed password for invalid user dev from 176.65.139.217 port 56596 ssh2
Jun 22 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26865]: Connection closed by 176.65.139.217 port 56596 [preauth]
Jun 22 19:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26875]: Invalid user debian from 176.65.139.217
Jun 22 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26875]: input_userauth_request: invalid user debian [preauth]
Jun 22 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26875]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26875]: Failed password for invalid user debian from 176.65.139.217 port 56638 ssh2
Jun 22 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26875]: Connection closed by 176.65.139.217 port 56638 [preauth]
Jun 22 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Invalid user gabriel from 176.65.139.217
Jun 22 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: input_userauth_request: invalid user gabriel [preauth]
Jun 22 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Failed password for invalid user gabriel from 176.65.139.217 port 48844 ssh2
Jun 22 19:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Connection closed by 176.65.139.217 port 48844 [preauth]
Jun 22 19:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26902]: Failed password for root from 176.65.139.217 port 48876 ssh2
Jun 22 19:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26902]: Connection closed by 176.65.139.217 port 48876 [preauth]
Jun 22 19:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: Invalid user user1 from 176.65.139.217
Jun 22 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: input_userauth_request: invalid user user1 [preauth]
Jun 22 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: Failed password for invalid user user1 from 176.65.139.217 port 48906 ssh2
Jun 22 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: Connection closed by 176.65.139.217 port 48906 [preauth]
Jun 22 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25539]: pam_unix(cron:session): session closed for user root
Jun 22 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: Invalid user deploy from 176.65.139.217
Jun 22 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: Failed password for invalid user deploy from 176.65.139.217 port 50316 ssh2
Jun 22 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26947]: Connection closed by 176.65.139.217 port 50316 [preauth]
Jun 22 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Failed password for root from 176.65.139.217 port 50364 ssh2
Jun 22 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Connection closed by 176.65.139.217 port 50364 [preauth]
Jun 22 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: Invalid user myuser from 176.65.139.217
Jun 22 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: input_userauth_request: invalid user myuser [preauth]
Jun 22 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: Failed password for invalid user myuser from 176.65.139.217 port 50384 ssh2
Jun 22 19:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: Connection closed by 176.65.139.217 port 50384 [preauth]
Jun 22 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Invalid user user from 176.65.139.217
Jun 22 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: input_userauth_request: invalid user user [preauth]
Jun 22 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Failed password for invalid user user from 176.65.139.217 port 50366 ssh2
Jun 22 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Connection closed by 176.65.139.217 port 50366 [preauth]
Jun 22 19:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: Invalid user ai from 176.65.139.217
Jun 22 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: input_userauth_request: invalid user ai [preauth]
Jun 22 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: Failed password for invalid user ai from 176.65.139.217 port 50414 ssh2
Jun 22 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: Connection closed by 176.65.139.217 port 50414 [preauth]
Jun 22 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: Invalid user appuser from 176.65.139.217
Jun 22 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: input_userauth_request: invalid user appuser [preauth]
Jun 22 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: Failed password for invalid user appuser from 176.65.139.217 port 33682 ssh2
Jun 22 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27000]: Connection closed by 176.65.139.217 port 33682 [preauth]
Jun 22 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: Invalid user node from 176.65.139.217
Jun 22 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: input_userauth_request: invalid user node [preauth]
Jun 22 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: Failed password for invalid user node from 176.65.139.217 port 33710 ssh2
Jun 22 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: Connection closed by 176.65.139.217 port 33710 [preauth]
Jun 22 19:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27026]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: Successful su for rubyman by root
Jun 22 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: + ??? root:rubyman
Jun 22 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572643 of user rubyman.
Jun 22 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572643.
Jun 22 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27023]: Failed password for root from 176.65.139.217 port 33724 ssh2
Jun 22 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27023]: Connection closed by 176.65.139.217 port 33724 [preauth]
Jun 22 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24174]: pam_unix(cron:session): session closed for user root
Jun 22 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27027]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Failed password for root from 176.65.139.217 port 59364 ssh2
Jun 22 19:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Connection closed by 176.65.139.217 port 59364 [preauth]
Jun 22 19:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Invalid user amin from 176.65.139.217
Jun 22 19:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: input_userauth_request: invalid user amin [preauth]
Jun 22 19:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Failed password for invalid user amin from 176.65.139.217 port 59392 ssh2
Jun 22 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Connection closed by 176.65.139.217 port 59392 [preauth]
Jun 22 19:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Failed password for root from 176.65.139.217 port 48080 ssh2
Jun 22 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Connection closed by 176.65.139.217 port 48080 [preauth]
Jun 22 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27326]: Failed password for root from 103.149.28.157 port 40874 ssh2
Jun 22 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27326]: Connection closed by 103.149.28.157 port 40874 [preauth]
Jun 22 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27337]: Invalid user potok from 176.65.139.217
Jun 22 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27337]: input_userauth_request: invalid user potok [preauth]
Jun 22 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27337]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27337]: Failed password for invalid user potok from 176.65.139.217 port 48096 ssh2
Jun 22 19:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27337]: Connection closed by 176.65.139.217 port 48096 [preauth]
Jun 22 19:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27349]: Invalid user sdadmin from 176.65.139.217
Jun 22 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27349]: input_userauth_request: invalid user sdadmin [preauth]
Jun 22 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27349]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27349]: Failed password for invalid user sdadmin from 176.65.139.217 port 48160 ssh2
Jun 22 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27349]: Connection closed by 176.65.139.217 port 48160 [preauth]
Jun 22 19:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: Invalid user docker from 176.65.139.217
Jun 22 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: input_userauth_request: invalid user docker [preauth]
Jun 22 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: Failed password for invalid user docker from 176.65.139.217 port 46088 ssh2
Jun 22 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: Connection closed by 176.65.139.217 port 46088 [preauth]
Jun 22 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27378]: Invalid user jenkins from 176.65.139.217
Jun 22 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27378]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27378]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27378]: Failed password for invalid user jenkins from 176.65.139.217 port 46118 ssh2
Jun 22 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27378]: Connection closed by 176.65.139.217 port 46118 [preauth]
Jun 22 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session closed for user root
Jun 22 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Invalid user admin from 176.65.139.217
Jun 22 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Failed password for invalid user admin from 176.65.139.217 port 43032 ssh2
Jun 22 19:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Connection closed by 176.65.139.217 port 43032 [preauth]
Jun 22 19:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: Invalid user guest from 176.65.139.217
Jun 22 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: input_userauth_request: invalid user guest [preauth]
Jun 22 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: Failed password for invalid user guest from 176.65.139.217 port 43092 ssh2
Jun 22 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: Connection closed by 176.65.139.217 port 43092 [preauth]
Jun 22 19:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27427]: Failed password for root from 176.65.139.217 port 55414 ssh2
Jun 22 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27427]: Connection closed by 176.65.139.217 port 55414 [preauth]
Jun 22 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Invalid user gabriel from 176.65.139.217
Jun 22 19:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: input_userauth_request: invalid user gabriel [preauth]
Jun 22 19:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Failed password for invalid user gabriel from 176.65.139.217 port 55462 ssh2
Jun 22 19:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Connection closed by 176.65.139.217 port 55462 [preauth]
Jun 22 19:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: Failed password for root from 176.65.139.217 port 55500 ssh2
Jun 22 19:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: Connection closed by 176.65.139.217 port 55500 [preauth]
Jun 22 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: Invalid user user4 from 176.65.139.217
Jun 22 19:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: input_userauth_request: invalid user user4 [preauth]
Jun 22 19:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: Failed password for invalid user user4 from 176.65.139.217 port 46070 ssh2
Jun 22 19:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: Connection closed by 176.65.139.217 port 46070 [preauth]
Jun 22 19:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: Invalid user pi from 176.65.139.217
Jun 22 19:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: Failed password for invalid user pi from 176.65.139.217 port 46104 ssh2
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27480]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: Connection closed by 176.65.139.217 port 46104 [preauth]
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27548]: Successful su for rubyman by root
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27548]: + ??? root:rubyman
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572647 of user rubyman.
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27548]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572647.
Jun 22 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27603]: Invalid user jack from 176.65.139.217
Jun 22 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27603]: input_userauth_request: invalid user jack [preauth]
Jun 22 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24685]: pam_unix(cron:session): session closed for user root
Jun 22 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27603]: Failed password for invalid user jack from 176.65.139.217 port 42454 ssh2
Jun 22 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27603]: Connection closed by 176.65.139.217 port 42454 [preauth]
Jun 22 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: Invalid user test1 from 176.65.139.217
Jun 22 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: input_userauth_request: invalid user test1 [preauth]
Jun 22 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: Failed password for invalid user test1 from 176.65.139.217 port 42478 ssh2
Jun 22 19:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: Connection closed by 176.65.139.217 port 42478 [preauth]
Jun 22 19:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: Invalid user deployer from 176.65.139.217
Jun 22 19:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: input_userauth_request: invalid user deployer [preauth]
Jun 22 19:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: Failed password for invalid user deployer from 176.65.139.217 port 42514 ssh2
Jun 22 19:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: Connection closed by 176.65.139.217 port 42514 [preauth]
Jun 22 19:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Invalid user dspace from 176.65.139.217
Jun 22 19:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: input_userauth_request: invalid user dspace [preauth]
Jun 22 19:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Failed password for invalid user dspace from 176.65.139.217 port 58080 ssh2
Jun 22 19:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Connection closed by 176.65.139.217 port 58080 [preauth]
Jun 22 19:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: Invalid user admin from 176.65.139.217
Jun 22 19:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: Failed password for invalid user admin from 176.65.139.217 port 58130 ssh2
Jun 22 19:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: Connection closed by 176.65.139.217 port 58130 [preauth]
Jun 22 19:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Failed password for root from 176.65.139.217 port 58170 ssh2
Jun 22 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Connection closed by 176.65.139.217 port 58170 [preauth]
Jun 22 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Invalid user test3 from 176.65.139.217
Jun 22 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: input_userauth_request: invalid user test3 [preauth]
Jun 22 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Failed password for invalid user test3 from 176.65.139.217 port 36630 ssh2
Jun 22 19:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Connection closed by 176.65.139.217 port 36630 [preauth]
Jun 22 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: Invalid user deploy from 176.65.139.217
Jun 22 19:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: Failed password for invalid user deploy from 176.65.139.217 port 36720 ssh2
Jun 22 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: Connection closed by 176.65.139.217 port 36720 [preauth]
Jun 22 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26481]: pam_unix(cron:session): session closed for user root
Jun 22 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: Invalid user ubuntu from 176.65.139.217
Jun 22 19:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: Failed password for invalid user ubuntu from 176.65.139.217 port 51836 ssh2
Jun 22 19:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: Connection closed by 176.65.139.217 port 51836 [preauth]
Jun 22 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Invalid user data from 176.65.139.217
Jun 22 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: input_userauth_request: invalid user data [preauth]
Jun 22 19:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Failed password for invalid user data from 176.65.139.217 port 51860 ssh2
Jun 22 19:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Connection closed by 176.65.139.217 port 51860 [preauth]
Jun 22 19:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: Failed password for root from 176.65.139.217 port 36404 ssh2
Jun 22 19:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: Failed password for root from 38.55.97.143 port 51456 ssh2
Jun 22 19:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: Connection closed by 176.65.139.217 port 36404 [preauth]
Jun 22 19:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27856]: Connection closed by 38.55.97.143 port 51456 [preauth]
Jun 22 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Invalid user angel from 176.65.139.217
Jun 22 19:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: input_userauth_request: invalid user angel [preauth]
Jun 22 19:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Failed password for invalid user angel from 176.65.139.217 port 36456 ssh2
Jun 22 19:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Connection closed by 176.65.139.217 port 36456 [preauth]
Jun 22 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: Invalid user deploy from 176.65.139.217
Jun 22 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: Failed password for invalid user deploy from 176.65.139.217 port 47210 ssh2
Jun 22 19:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: Connection closed by 176.65.139.217 port 47210 [preauth]
Jun 22 19:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27915]: Invalid user pi from 176.65.139.217
Jun 22 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27915]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27915]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27915]: Failed password for invalid user pi from 176.65.139.217 port 47242 ssh2
Jun 22 19:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27915]: Connection closed by 176.65.139.217 port 47242 [preauth]
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27929]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27992]: Successful su for rubyman by root
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27992]: + ??? root:rubyman
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27992]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572651 of user rubyman.
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27992]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572651.
Jun 22 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Invalid user claude from 176.65.139.217
Jun 22 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25118]: pam_unix(cron:session): session closed for user root
Jun 22 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Failed password for invalid user claude from 176.65.139.217 port 47268 ssh2
Jun 22 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Connection closed by 176.65.139.217 port 47268 [preauth]
Jun 22 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27930]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: Invalid user botuser from 176.65.139.217
Jun 22 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: input_userauth_request: invalid user botuser [preauth]
Jun 22 19:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: Failed password for invalid user botuser from 176.65.139.217 port 52102 ssh2
Jun 22 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: Connection closed by 176.65.139.217 port 52102 [preauth]
Jun 22 19:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Failed password for root from 176.65.139.217 port 52164 ssh2
Jun 22 19:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Connection closed by 176.65.139.217 port 52164 [preauth]
Jun 22 19:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Invalid user reza from 176.65.139.217
Jun 22 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: input_userauth_request: invalid user reza [preauth]
Jun 22 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Failed password for invalid user reza from 176.65.139.217 port 48632 ssh2
Jun 22 19:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Connection closed by 176.65.139.217 port 48632 [preauth]
Jun 22 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=root
Jun 22 19:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Failed password for root from 176.65.139.217 port 48676 ssh2
Jun 22 19:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Connection closed by 176.65.139.217 port 48676 [preauth]
Jun 22 19:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: Invalid user vm from 176.65.139.217
Jun 22 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: input_userauth_request: invalid user vm [preauth]
Jun 22 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: Failed password for invalid user vm from 176.65.139.217 port 56968 ssh2
Jun 22 19:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: Connection closed by 176.65.139.217 port 56968 [preauth]
Jun 22 19:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Invalid user dev from 176.65.139.217
Jun 22 19:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Failed password for invalid user dev from 176.65.139.217 port 57024 ssh2
Jun 22 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Connection closed by 176.65.139.217 port 57024 [preauth]
Jun 22 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: Invalid user username from 176.65.139.217
Jun 22 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: input_userauth_request: invalid user username [preauth]
Jun 22 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session closed for user root
Jun 22 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: Failed password for invalid user username from 176.65.139.217 port 38366 ssh2
Jun 22 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: Connection closed by 176.65.139.217 port 38366 [preauth]
Jun 22 19:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: Invalid user cloud from 176.65.139.217
Jun 22 19:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: input_userauth_request: invalid user cloud [preauth]
Jun 22 19:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: Failed password for invalid user cloud from 176.65.139.217 port 38412 ssh2
Jun 22 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28336]: Connection closed by 176.65.139.217 port 38412 [preauth]
Jun 22 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: User mysql from 176.65.139.217 not allowed because not listed in AllowUsers
Jun 22 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: input_userauth_request: invalid user mysql [preauth]
Jun 22 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217  user=mysql
Jun 22 19:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Failed password for invalid user mysql from 176.65.139.217 port 38462 ssh2
Jun 22 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Connection closed by 176.65.139.217 port 38462 [preauth]
Jun 22 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: Failed password for root from 38.93.206.2 port 18278 ssh2
Jun 22 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: Connection closed by 38.93.206.2 port 18278 [preauth]
Jun 22 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28372]: Invalid user cloud-user from 176.65.139.217
Jun 22 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28372]: input_userauth_request: invalid user cloud-user [preauth]
Jun 22 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28372]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.217
Jun 22 19:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28372]: Failed password for invalid user cloud-user from 176.65.139.217 port 41224 ssh2
Jun 22 19:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28372]: Connection closed by 176.65.139.217 port 41224 [preauth]
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28462]: Successful su for rubyman by root
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28462]: + ??? root:rubyman
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572655 of user rubyman.
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28462]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572655.
Jun 22 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25538]: pam_unix(cron:session): session closed for user root
Jun 22 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27483]: pam_unix(cron:session): session closed for user root
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28909]: pam_unix(cron:session): session closed for user root
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28902]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28974]: Successful su for rubyman by root
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28974]: + ??? root:rubyman
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572662 of user rubyman.
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28974]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572662.
Jun 22 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28904]: pam_unix(cron:session): session closed for user root
Jun 22 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session closed for user root
Jun 22 19:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28903]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Invalid user fliruser from 193.24.211.107
Jun 22 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: input_userauth_request: invalid user fliruser [preauth]
Jun 22 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107
Jun 22 19:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Failed password for invalid user fliruser from 193.24.211.107 port 16000 ssh2
Jun 22 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Received disconnect from 193.24.211.107 port 16000:11: Client disconnecting normally [preauth]
Jun 22 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Disconnected from 193.24.211.107 port 16000 [preauth]
Jun 22 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 19:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Failed password for root from 103.82.20.28 port 35946 ssh2
Jun 22 19:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Connection closed by 103.82.20.28 port 35946 [preauth]
Jun 22 19:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session closed for user root
Jun 22 19:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Failed password for root from 38.55.97.143 port 56922 ssh2
Jun 22 19:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Connection closed by 38.55.97.143 port 56922 [preauth]
Jun 22 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29440]: Successful su for rubyman by root
Jun 22 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29440]: + ??? root:rubyman
Jun 22 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572666 of user rubyman.
Jun 22 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29440]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572666.
Jun 22 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26480]: pam_unix(cron:session): session closed for user root
Jun 22 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 19:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Failed password for root from 51.250.105.222 port 57094 ssh2
Jun 22 19:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Connection closed by 51.250.105.222 port 57094 [preauth]
Jun 22 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28403]: pam_unix(cron:session): session closed for user root
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29912]: pam_unix(cron:session): session closed for user root
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29975]: Successful su for rubyman by root
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29975]: + ??? root:rubyman
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572670 of user rubyman.
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29975]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572670.
Jun 22 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27028]: pam_unix(cron:session): session closed for user root
Jun 22 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Failed password for root from 103.77.242.62 port 56398 ssh2
Jun 22 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Connection closed by 103.77.242.62 port 56398 [preauth]
Jun 22 19:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: Invalid user  from 176.65.132.129
Jun 22 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: input_userauth_request: invalid user  [preauth]
Jun 22 19:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: Connection closed by 176.65.132.129 port 38006 [preauth]
Jun 22 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28906]: pam_unix(cron:session): session closed for user root
Jun 22 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30331]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30390]: Successful su for rubyman by root
Jun 22 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30390]: + ??? root:rubyman
Jun 22 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572674 of user rubyman.
Jun 22 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30390]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572674.
Jun 22 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27482]: pam_unix(cron:session): session closed for user root
Jun 22 19:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30332]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: Failed password for root from 38.55.97.143 port 33536 ssh2
Jun 22 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: Connection closed by 38.55.97.143 port 33536 [preauth]
Jun 22 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session closed for user root
Jun 22 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Invalid user student from 176.65.132.129
Jun 22 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: input_userauth_request: invalid user student [preauth]
Jun 22 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Failed password for invalid user student from 176.65.132.129 port 43368 ssh2
Jun 22 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Connection closed by 176.65.132.129 port 43368 [preauth]
Jun 22 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Invalid user milad from 176.65.132.129
Jun 22 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: input_userauth_request: invalid user milad [preauth]
Jun 22 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Failed password for root from 103.15.222.183 port 53622 ssh2
Jun 22 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Failed password for invalid user milad from 176.65.132.129 port 43378 ssh2
Jun 22 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Connection closed by 103.15.222.183 port 53622 [preauth]
Jun 22 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Connection closed by 176.65.132.129 port 43378 [preauth]
Jun 22 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Invalid user azureuser from 176.65.132.129
Jun 22 19:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: input_userauth_request: invalid user azureuser [preauth]
Jun 22 19:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 19:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Failed password for root from 80.66.85.226 port 56916 ssh2
Jun 22 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Failed password for invalid user azureuser from 176.65.132.129 port 43384 ssh2
Jun 22 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Connection closed by 80.66.85.226 port 56916 [preauth]
Jun 22 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Connection closed by 176.65.132.129 port 43384 [preauth]
Jun 22 19:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: Invalid user fivem from 176.65.132.129
Jun 22 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: input_userauth_request: invalid user fivem [preauth]
Jun 22 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: Failed password for invalid user fivem from 176.65.132.129 port 42494 ssh2
Jun 22 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: Connection closed by 176.65.132.129 port 42494 [preauth]
Jun 22 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Invalid user frappe from 176.65.132.129
Jun 22 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: input_userauth_request: invalid user frappe [preauth]
Jun 22 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 19:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Failed password for invalid user frappe from 176.65.132.129 port 42500 ssh2
Jun 22 19:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Connection closed by 176.65.132.129 port 42500 [preauth]
Jun 22 19:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Invalid user test from 176.65.132.129
Jun 22 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: input_userauth_request: invalid user test [preauth]
Jun 22 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30737]: Failed password for root from 103.176.20.57 port 56170 ssh2
Jun 22 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30737]: Connection closed by 103.176.20.57 port 56170 [preauth]
Jun 22 19:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Failed password for invalid user test from 176.65.132.129 port 42516 ssh2
Jun 22 19:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Connection closed by 176.65.132.129 port 42516 [preauth]
Jun 22 19:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Failed password for root from 176.65.132.129 port 36278 ssh2
Jun 22 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Connection closed by 176.65.132.129 port 36278 [preauth]
Jun 22 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Invalid user labuser from 176.65.132.129
Jun 22 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: input_userauth_request: invalid user labuser [preauth]
Jun 22 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Failed password for invalid user labuser from 176.65.132.129 port 36286 ssh2
Jun 22 19:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Connection closed by 176.65.132.129 port 36286 [preauth]
Jun 22 19:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Failed password for root from 176.65.132.129 port 36300 ssh2
Jun 22 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Connection closed by 176.65.132.129 port 36300 [preauth]
Jun 22 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30773]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30842]: Successful su for rubyman by root
Jun 22 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30842]: + ??? root:rubyman
Jun 22 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572679 of user rubyman.
Jun 22 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30842]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572679.
Jun 22 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Invalid user ts3 from 176.65.132.129
Jun 22 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: input_userauth_request: invalid user ts3 [preauth]
Jun 22 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session closed for user root
Jun 22 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Failed password for invalid user ts3 from 176.65.132.129 port 40366 ssh2
Jun 22 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Connection closed by 176.65.132.129 port 40366 [preauth]
Jun 22 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30774]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Failed password for root from 176.65.132.129 port 40382 ssh2
Jun 22 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Connection closed by 176.65.132.129 port 40382 [preauth]
Jun 22 19:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: Failed password for root from 176.65.132.129 port 40394 ssh2
Jun 22 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: Connection closed by 176.65.132.129 port 40394 [preauth]
Jun 22 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31130]: Invalid user deploy from 176.65.132.129
Jun 22 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31130]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31130]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31130]: Failed password for invalid user deploy from 176.65.132.129 port 40400 ssh2
Jun 22 19:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31130]: Connection closed by 176.65.132.129 port 40400 [preauth]
Jun 22 19:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: Invalid user crafty from 176.65.132.129
Jun 22 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: input_userauth_request: invalid user crafty [preauth]
Jun 22 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: Failed password for invalid user crafty from 176.65.132.129 port 54026 ssh2
Jun 22 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: Connection closed by 176.65.132.129 port 54026 [preauth]
Jun 22 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Invalid user deployer from 176.65.132.129
Jun 22 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: input_userauth_request: invalid user deployer [preauth]
Jun 22 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Failed password for invalid user deployer from 176.65.132.129 port 54030 ssh2
Jun 22 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Connection closed by 176.65.132.129 port 54030 [preauth]
Jun 22 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: Invalid user ali from 176.65.132.129
Jun 22 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: input_userauth_request: invalid user ali [preauth]
Jun 22 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: Failed password for invalid user ali from 176.65.132.129 port 54040 ssh2
Jun 22 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: Connection closed by 176.65.132.129 port 54040 [preauth]
Jun 22 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Invalid user test from 176.65.132.129
Jun 22 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: input_userauth_request: invalid user test [preauth]
Jun 22 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for invalid user test from 176.65.132.129 port 54410 ssh2
Jun 22 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Connection closed by 176.65.132.129 port 54410 [preauth]
Jun 22 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: Invalid user appuser from 176.65.132.129
Jun 22 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: input_userauth_request: invalid user appuser [preauth]
Jun 22 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: Failed password for invalid user appuser from 176.65.132.129 port 54418 ssh2
Jun 22 19:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: Connection closed by 176.65.132.129 port 54418 [preauth]
Jun 22 19:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Invalid user jakob from 176.65.132.129
Jun 22 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: input_userauth_request: invalid user jakob [preauth]
Jun 22 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Failed password for invalid user jakob from 176.65.132.129 port 54426 ssh2
Jun 22 19:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Connection closed by 176.65.132.129 port 54426 [preauth]
Jun 22 19:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Invalid user postgres from 176.65.132.129
Jun 22 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: input_userauth_request: invalid user postgres [preauth]
Jun 22 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session closed for user root
Jun 22 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Failed password for invalid user postgres from 176.65.132.129 port 41602 ssh2
Jun 22 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Connection closed by 176.65.132.129 port 41602 [preauth]
Jun 22 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Failed password for root from 176.65.132.129 port 41616 ssh2
Jun 22 19:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Connection closed by 176.65.132.129 port 41616 [preauth]
Jun 22 19:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: Failed password for root from 176.65.132.129 port 41620 ssh2
Jun 22 19:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: Connection closed by 176.65.132.129 port 41620 [preauth]
Jun 22 19:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: Failed password for root from 176.65.132.129 port 46950 ssh2
Jun 22 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: Connection closed by 176.65.132.129 port 46950 [preauth]
Jun 22 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Invalid user home from 176.65.132.129
Jun 22 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: input_userauth_request: invalid user home [preauth]
Jun 22 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Failed password for invalid user home from 176.65.132.129 port 46968 ssh2
Jun 22 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Connection closed by 176.65.132.129 port 46968 [preauth]
Jun 22 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: Failed password for root from 176.65.132.129 port 46980 ssh2
Jun 22 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: Connection closed by 176.65.132.129 port 46980 [preauth]
Jun 22 19:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: Invalid user fastuser from 176.65.132.129
Jun 22 19:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 19:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: Failed password for invalid user fastuser from 176.65.132.129 port 46998 ssh2
Jun 22 19:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: Connection closed by 176.65.132.129 port 46998 [preauth]
Jun 22 19:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Invalid user user from 176.65.132.129
Jun 22 19:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: input_userauth_request: invalid user user [preauth]
Jun 22 19:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Failed password for invalid user user from 176.65.132.129 port 52918 ssh2
Jun 22 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Connection closed by 176.65.132.129 port 52918 [preauth]
Jun 22 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Invalid user frappe from 176.65.132.129
Jun 22 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: input_userauth_request: invalid user frappe [preauth]
Jun 22 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Failed password for invalid user frappe from 176.65.132.129 port 52928 ssh2
Jun 22 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Connection closed by 176.65.132.129 port 52928 [preauth]
Jun 22 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Invalid user minecraft from 176.65.132.129
Jun 22 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31317]: pam_unix(cron:session): session closed for user root
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31312]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Failed password for invalid user minecraft from 176.65.132.129 port 52944 ssh2
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31384]: Successful su for rubyman by root
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31384]: + ??? root:rubyman
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572686 of user rubyman.
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31384]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Connection closed by 176.65.132.129 port 52944 [preauth]
Jun 22 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572686.
Jun 22 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: Invalid user admin1 from 176.65.132.129
Jun 22 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session closed for user root
Jun 22 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session closed for user root
Jun 22 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: Failed password for invalid user admin1 from 176.65.132.129 port 42370 ssh2
Jun 22 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: Connection closed by 176.65.132.129 port 42370 [preauth]
Jun 22 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Invalid user solana from 176.65.132.129
Jun 22 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: input_userauth_request: invalid user solana [preauth]
Jun 22 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31313]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Failed password for invalid user solana from 176.65.132.129 port 42378 ssh2
Jun 22 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Connection closed by 176.65.132.129 port 42378 [preauth]
Jun 22 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: Failed password for root from 176.65.132.129 port 42394 ssh2
Jun 22 19:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: Connection closed by 176.65.132.129 port 42394 [preauth]
Jun 22 19:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Invalid user main from 176.65.132.129
Jun 22 19:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: input_userauth_request: invalid user main [preauth]
Jun 22 19:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Failed password for invalid user main from 176.65.132.129 port 47970 ssh2
Jun 22 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Connection closed by 176.65.132.129 port 47970 [preauth]
Jun 22 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Invalid user deploy from 176.65.132.129
Jun 22 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Failed password for invalid user deploy from 176.65.132.129 port 47986 ssh2
Jun 22 19:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Connection closed by 176.65.132.129 port 47986 [preauth]
Jun 22 19:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Invalid user user from 176.65.132.129
Jun 22 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: input_userauth_request: invalid user user [preauth]
Jun 22 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Failed password for invalid user user from 176.65.132.129 port 47990 ssh2
Jun 22 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Connection closed by 176.65.132.129 port 47990 [preauth]
Jun 22 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31738]: Invalid user user from 176.65.132.129
Jun 22 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31738]: input_userauth_request: invalid user user [preauth]
Jun 22 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31738]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31738]: Failed password for invalid user user from 176.65.132.129 port 48000 ssh2
Jun 22 19:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31738]: Connection closed by 176.65.132.129 port 48000 [preauth]
Jun 22 19:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: Invalid user odoo18 from 176.65.132.129
Jun 22 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: input_userauth_request: invalid user odoo18 [preauth]
Jun 22 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: Failed password for invalid user odoo18 from 176.65.132.129 port 40828 ssh2
Jun 22 19:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: Connection closed by 176.65.132.129 port 40828 [preauth]
Jun 22 19:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Invalid user developer from 176.65.132.129
Jun 22 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: input_userauth_request: invalid user developer [preauth]
Jun 22 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Failed password for invalid user developer from 176.65.132.129 port 40848 ssh2
Jun 22 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Connection closed by 176.65.132.129 port 40848 [preauth]
Jun 22 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Invalid user user3 from 176.65.132.129
Jun 22 19:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: input_userauth_request: invalid user user3 [preauth]
Jun 22 19:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Failed password for invalid user user3 from 176.65.132.129 port 40862 ssh2
Jun 22 19:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Connection closed by 176.65.132.129 port 40862 [preauth]
Jun 22 19:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31781]: Invalid user user1 from 176.65.132.129
Jun 22 19:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31781]: input_userauth_request: invalid user user1 [preauth]
Jun 22 19:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31781]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30335]: pam_unix(cron:session): session closed for user root
Jun 22 19:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31781]: Failed password for invalid user user1 from 176.65.132.129 port 42572 ssh2
Jun 22 19:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31781]: Connection closed by 176.65.132.129 port 42572 [preauth]
Jun 22 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: Invalid user gns3 from 176.65.132.129
Jun 22 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: input_userauth_request: invalid user gns3 [preauth]
Jun 22 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: Failed password for invalid user gns3 from 176.65.132.129 port 42584 ssh2
Jun 22 19:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: Connection closed by 176.65.132.129 port 42584 [preauth]
Jun 22 19:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31822]: Invalid user dev from 176.65.132.129
Jun 22 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31822]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31822]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31822]: Failed password for invalid user dev from 176.65.132.129 port 42590 ssh2
Jun 22 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31822]: Connection closed by 176.65.132.129 port 42590 [preauth]
Jun 22 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: Invalid user odoo16 from 176.65.132.129
Jun 22 19:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: input_userauth_request: invalid user odoo16 [preauth]
Jun 22 19:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: Failed password for invalid user odoo16 from 176.65.132.129 port 36390 ssh2
Jun 22 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: Connection closed by 176.65.132.129 port 36390 [preauth]
Jun 22 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Received disconnect from 209.90.232.249 port 60460:11: disconnected by user [preauth]
Jun 22 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Disconnected from 209.90.232.249 port 60460 [preauth]
Jun 22 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: Invalid user hamed from 176.65.132.129
Jun 22 19:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: input_userauth_request: invalid user hamed [preauth]
Jun 22 19:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: Failed password for invalid user hamed from 176.65.132.129 port 36394 ssh2
Jun 22 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: Connection closed by 176.65.132.129 port 36394 [preauth]
Jun 22 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Invalid user devuser from 176.65.132.129
Jun 22 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: input_userauth_request: invalid user devuser [preauth]
Jun 22 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31851]: Failed password for root from 77.94.47.83 port 44910 ssh2
Jun 22 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31851]: Connection closed by 77.94.47.83 port 44910 [preauth]
Jun 22 19:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Failed password for invalid user devuser from 176.65.132.129 port 36404 ssh2
Jun 22 19:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Connection closed by 176.65.132.129 port 36404 [preauth]
Jun 22 19:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Invalid user test from 176.65.132.129
Jun 22 19:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: input_userauth_request: invalid user test [preauth]
Jun 22 19:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Failed password for invalid user test from 176.65.132.129 port 36420 ssh2
Jun 22 19:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Connection closed by 176.65.132.129 port 36420 [preauth]
Jun 22 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31865]: Failed password for root from 176.65.132.129 port 48980 ssh2
Jun 22 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31865]: Connection closed by 176.65.132.129 port 48980 [preauth]
Jun 22 19:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: Invalid user wizard from 176.65.132.129
Jun 22 19:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: input_userauth_request: invalid user wizard [preauth]
Jun 22 19:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: Failed password for invalid user wizard from 176.65.132.129 port 48994 ssh2
Jun 22 19:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: Connection closed by 176.65.132.129 port 48994 [preauth]
Jun 22 19:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31886]: Failed password for root from 176.65.132.129 port 49000 ssh2
Jun 22 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31886]: Connection closed by 176.65.132.129 port 49000 [preauth]
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31889]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31968]: Successful su for rubyman by root
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31968]: + ??? root:rubyman
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572688 of user rubyman.
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31968]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572688.
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Invalid user oracle from 176.65.132.129
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: input_userauth_request: invalid user oracle [preauth]
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28905]: pam_unix(cron:session): session closed for user root
Jun 22 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Failed password for invalid user oracle from 176.65.132.129 port 37954 ssh2
Jun 22 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Connection closed by 176.65.132.129 port 37954 [preauth]
Jun 22 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: Invalid user admin1 from 176.65.132.129
Jun 22 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: Failed password for invalid user admin1 from 176.65.132.129 port 37964 ssh2
Jun 22 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: Connection closed by 176.65.132.129 port 37964 [preauth]
Jun 22 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: Invalid user claude from 176.65.132.129
Jun 22 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: Failed password for invalid user claude from 176.65.132.129 port 37980 ssh2
Jun 22 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: Connection closed by 176.65.132.129 port 37980 [preauth]
Jun 22 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32182]: Invalid user ts3 from 176.65.132.129
Jun 22 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32182]: input_userauth_request: invalid user ts3 [preauth]
Jun 22 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32182]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32182]: Failed password for invalid user ts3 from 176.65.132.129 port 46522 ssh2
Jun 22 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32182]: Connection closed by 176.65.132.129 port 46522 [preauth]
Jun 22 19:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: Invalid user server from 176.65.132.129
Jun 22 19:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: input_userauth_request: invalid user server [preauth]
Jun 22 19:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: Failed password for invalid user server from 176.65.132.129 port 46526 ssh2
Jun 22 19:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: Connection closed by 176.65.132.129 port 46526 [preauth]
Jun 22 19:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: Invalid user fahmi from 176.65.132.129
Jun 22 19:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: input_userauth_request: invalid user fahmi [preauth]
Jun 22 19:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: Failed password for invalid user fahmi from 176.65.132.129 port 46538 ssh2
Jun 22 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: Connection closed by 176.65.132.129 port 46538 [preauth]
Jun 22 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Invalid user rocky from 176.65.132.129
Jun 22 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: input_userauth_request: invalid user rocky [preauth]
Jun 22 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32169]: Failed password for root from 38.55.97.143 port 42578 ssh2
Jun 22 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32169]: Connection closed by 38.55.97.143 port 42578 [preauth]
Jun 22 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Failed password for invalid user rocky from 176.65.132.129 port 46542 ssh2
Jun 22 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Connection closed by 176.65.132.129 port 46542 [preauth]
Jun 22 19:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Invalid user deploy from 176.65.132.129
Jun 22 19:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Failed password for invalid user deploy from 176.65.132.129 port 43526 ssh2
Jun 22 19:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Connection closed by 176.65.132.129 port 43526 [preauth]
Jun 22 19:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Invalid user username from 176.65.132.129
Jun 22 19:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: input_userauth_request: invalid user username [preauth]
Jun 22 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Failed password for invalid user username from 176.65.132.129 port 43552 ssh2
Jun 22 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Connection closed by 176.65.132.129 port 43552 [preauth]
Jun 22 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: Invalid user cloud from 176.65.132.129
Jun 22 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: input_userauth_request: invalid user cloud [preauth]
Jun 22 19:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: Failed password for invalid user cloud from 176.65.132.129 port 43574 ssh2
Jun 22 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: Connection closed by 176.65.132.129 port 43574 [preauth]
Jun 22 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32254]: Invalid user testuser from 176.65.132.129
Jun 22 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32254]: input_userauth_request: invalid user testuser [preauth]
Jun 22 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32254]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30776]: pam_unix(cron:session): session closed for user root
Jun 22 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32254]: Failed password for invalid user testuser from 176.65.132.129 port 52686 ssh2
Jun 22 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32254]: Connection closed by 176.65.132.129 port 52686 [preauth]
Jun 22 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: Failed password for root from 176.65.132.129 port 52690 ssh2
Jun 22 19:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: Connection closed by 176.65.132.129 port 52690 [preauth]
Jun 22 19:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: Invalid user dev from 176.65.132.129
Jun 22 19:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: Failed password for invalid user dev from 176.65.132.129 port 52704 ssh2
Jun 22 19:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: Connection closed by 176.65.132.129 port 52704 [preauth]
Jun 22 19:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32295]: Invalid user jellyfin from 176.65.132.129
Jun 22 19:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32295]: input_userauth_request: invalid user jellyfin [preauth]
Jun 22 19:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32295]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32295]: Failed password for invalid user jellyfin from 176.65.132.129 port 49648 ssh2
Jun 22 19:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32295]: Connection closed by 176.65.132.129 port 49648 [preauth]
Jun 22 19:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: Invalid user deployer from 176.65.132.129
Jun 22 19:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: input_userauth_request: invalid user deployer [preauth]
Jun 22 19:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: Failed password for invalid user deployer from 176.65.132.129 port 49678 ssh2
Jun 22 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: Connection closed by 176.65.132.129 port 49678 [preauth]
Jun 22 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Failed password for invalid user ubuntu from 176.65.132.129 port 49692 ssh2
Jun 22 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Connection closed by 176.65.132.129 port 49692 [preauth]
Jun 22 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: Invalid user elasticsearch from 176.65.132.129
Jun 22 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 22 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: Failed password for invalid user elasticsearch from 176.65.132.129 port 49720 ssh2
Jun 22 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: Connection closed by 176.65.132.129 port 49720 [preauth]
Jun 22 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Invalid user customer from 176.65.132.129
Jun 22 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: input_userauth_request: invalid user customer [preauth]
Jun 22 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Failed password for invalid user customer from 176.65.132.129 port 38214 ssh2
Jun 22 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Connection closed by 176.65.132.129 port 38214 [preauth]
Jun 22 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Invalid user system from 176.65.132.129
Jun 22 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: input_userauth_request: invalid user system [preauth]
Jun 22 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Failed password for invalid user system from 176.65.132.129 port 38224 ssh2
Jun 22 19:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Connection closed by 176.65.132.129 port 38224 [preauth]
Jun 22 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Invalid user deploy from 176.65.132.129
Jun 22 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Failed password for invalid user deploy from 176.65.132.129 port 38238 ssh2
Jun 22 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Connection closed by 176.65.132.129 port 38238 [preauth]
Jun 22 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: Successful su for rubyman by root
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: + ??? root:rubyman
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572693 of user rubyman.
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572693.
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: Invalid user frappe from 176.65.132.129
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: input_userauth_request: invalid user frappe [preauth]
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session closed for user root
Jun 22 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: Failed password for invalid user frappe from 176.65.132.129 port 50856 ssh2
Jun 22 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: Connection closed by 176.65.132.129 port 50856 [preauth]
Jun 22 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: Invalid user potok from 176.65.132.129
Jun 22 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: input_userauth_request: invalid user potok [preauth]
Jun 22 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: Failed password for invalid user potok from 176.65.132.129 port 50858 ssh2
Jun 22 19:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: Connection closed by 176.65.132.129 port 50858 [preauth]
Jun 22 19:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: Invalid user admin1 from 176.65.132.129
Jun 22 19:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 19:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: Failed password for invalid user admin1 from 176.65.132.129 port 50864 ssh2
Jun 22 19:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: Connection closed by 176.65.132.129 port 50864 [preauth]
Jun 22 19:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: Invalid user debian from 176.65.132.129
Jun 22 19:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: input_userauth_request: invalid user debian [preauth]
Jun 22 19:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: Failed password for invalid user debian from 176.65.132.129 port 43766 ssh2
Jun 22 19:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: Connection closed by 176.65.132.129 port 43766 [preauth]
Jun 22 19:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 19:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Failed password for invalid user ubuntu from 176.65.132.129 port 43770 ssh2
Jun 22 19:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Connection closed by 176.65.132.129 port 43770 [preauth]
Jun 22 19:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Invalid user system from 176.65.132.129
Jun 22 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: input_userauth_request: invalid user system [preauth]
Jun 22 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: Failed password for root from 202.178.126.219 port 56327 ssh2
Jun 22 19:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Failed password for invalid user system from 176.65.132.129 port 43784 ssh2
Jun 22 19:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Connection closed by 176.65.132.129 port 43784 [preauth]
Jun 22 19:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: Connection closed by 202.178.126.219 port 56327 [preauth]
Jun 22 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: Invalid user cloud from 176.65.132.129
Jun 22 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: input_userauth_request: invalid user cloud [preauth]
Jun 22 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: Failed password for invalid user cloud from 176.65.132.129 port 43812 ssh2
Jun 22 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: Connection closed by 176.65.132.129 port 43812 [preauth]
Jun 22 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: Invalid user sam from 176.65.132.129
Jun 22 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: input_userauth_request: invalid user sam [preauth]
Jun 22 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: Failed password for invalid user sam from 176.65.132.129 port 43720 ssh2
Jun 22 19:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: Connection closed by 176.65.132.129 port 43720 [preauth]
Jun 22 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Invalid user dev from 176.65.132.129
Jun 22 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user dev from 176.65.132.129 port 43728 ssh2
Jun 22 19:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Connection closed by 176.65.132.129 port 43728 [preauth]
Jun 22 19:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32704]: Failed password for root from 176.65.132.129 port 43736 ssh2
Jun 22 19:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32704]: Connection closed by 176.65.132.129 port 43736 [preauth]
Jun 22 19:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Invalid user test from 176.65.132.129
Jun 22 19:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: input_userauth_request: invalid user test [preauth]
Jun 22 19:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session closed for user root
Jun 22 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Failed password for invalid user test from 176.65.132.129 port 37466 ssh2
Jun 22 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Connection closed by 176.65.132.129 port 37466 [preauth]
Jun 22 19:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Invalid user amin from 176.65.132.129
Jun 22 19:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: input_userauth_request: invalid user amin [preauth]
Jun 22 19:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Failed password for invalid user amin from 176.65.132.129 port 37468 ssh2
Jun 22 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Connection closed by 176.65.132.129 port 37468 [preauth]
Jun 22 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Invalid user term2 from 176.65.132.129
Jun 22 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: input_userauth_request: invalid user term2 [preauth]
Jun 22 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Failed password for invalid user term2 from 176.65.132.129 port 37480 ssh2
Jun 22 19:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Connection closed by 176.65.132.129 port 37480 [preauth]
Jun 22 19:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Failed password for root from 176.65.132.129 port 45352 ssh2
Jun 22 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Connection closed by 176.65.132.129 port 45352 [preauth]
Jun 22 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: Invalid user user from 176.65.132.129
Jun 22 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: input_userauth_request: invalid user user [preauth]
Jun 22 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: Failed password for invalid user user from 176.65.132.129 port 45382 ssh2
Jun 22 19:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: Connection closed by 176.65.132.129 port 45382 [preauth]
Jun 22 19:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: Invalid user support from 176.65.132.129
Jun 22 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: input_userauth_request: invalid user support [preauth]
Jun 22 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: Failed password for invalid user support from 176.65.132.129 port 45410 ssh2
Jun 22 19:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: Connection closed by 176.65.132.129 port 45410 [preauth]
Jun 22 19:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: Invalid user guest from 176.65.132.129
Jun 22 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: input_userauth_request: invalid user guest [preauth]
Jun 22 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: Failed password for invalid user guest from 176.65.132.129 port 45448 ssh2
Jun 22 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: Connection closed by 176.65.132.129 port 45448 [preauth]
Jun 22 19:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[324]: Invalid user admin from 176.65.132.129
Jun 22 19:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[324]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[324]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[324]: Failed password for invalid user admin from 176.65.132.129 port 56390 ssh2
Jun 22 19:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[324]: Connection closed by 176.65.132.129 port 56390 [preauth]
Jun 22 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[338]: Invalid user oracle from 176.65.132.129
Jun 22 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[338]: input_userauth_request: invalid user oracle [preauth]
Jun 22 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[338]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[338]: Failed password for invalid user oracle from 176.65.132.129 port 56400 ssh2
Jun 22 19:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[338]: Connection closed by 176.65.132.129 port 56400 [preauth]
Jun 22 19:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: Invalid user test from 176.65.132.129
Jun 22 19:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: input_userauth_request: invalid user test [preauth]
Jun 22 19:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[355]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[432]: Successful su for rubyman by root
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[432]: + ??? root:rubyman
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572697 of user rubyman.
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[432]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572697.
Jun 22 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: Failed password for invalid user test from 176.65.132.129 port 56406 ssh2
Jun 22 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: Connection closed by 176.65.132.129 port 56406 [preauth]
Jun 22 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: Invalid user kingbase from 176.65.132.129
Jun 22 19:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: input_userauth_request: invalid user kingbase [preauth]
Jun 22 19:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: Failed password for root from 103.27.238.114 port 44432 ssh2
Jun 22 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: Connection closed by 103.27.238.114 port 44432 [preauth]
Jun 22 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29916]: pam_unix(cron:session): session closed for user root
Jun 22 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: Failed password for invalid user kingbase from 176.65.132.129 port 51260 ssh2
Jun 22 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: Connection closed by 176.65.132.129 port 51260 [preauth]
Jun 22 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[358]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: Failed password for root from 176.65.132.129 port 51276 ssh2
Jun 22 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: Connection closed by 176.65.132.129 port 51276 [preauth]
Jun 22 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Invalid user lin from 176.65.132.129
Jun 22 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: input_userauth_request: invalid user lin [preauth]
Jun 22 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Failed password for invalid user lin from 176.65.132.129 port 51280 ssh2
Jun 22 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Connection closed by 176.65.132.129 port 51280 [preauth]
Jun 22 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: Invalid user user1 from 176.65.132.129
Jun 22 19:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: input_userauth_request: invalid user user1 [preauth]
Jun 22 19:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: Failed password for invalid user user1 from 176.65.132.129 port 40236 ssh2
Jun 22 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: Connection closed by 176.65.132.129 port 40236 [preauth]
Jun 22 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: Invalid user rock from 176.65.132.129
Jun 22 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: input_userauth_request: invalid user rock [preauth]
Jun 22 19:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: Failed password for invalid user rock from 176.65.132.129 port 40242 ssh2
Jun 22 19:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: Connection closed by 176.65.132.129 port 40242 [preauth]
Jun 22 19:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Failed password for root from 176.65.132.129 port 40244 ssh2
Jun 22 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Connection closed by 176.65.132.129 port 40244 [preauth]
Jun 22 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Invalid user linux from 176.65.132.129
Jun 22 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: input_userauth_request: invalid user linux [preauth]
Jun 22 19:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Failed password for invalid user linux from 176.65.132.129 port 40250 ssh2
Jun 22 19:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Connection closed by 176.65.132.129 port 40250 [preauth]
Jun 22 19:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: User mysql from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: input_userauth_request: invalid user mysql [preauth]
Jun 22 19:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=mysql
Jun 22 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Failed password for invalid user mysql from 176.65.132.129 port 35038 ssh2
Jun 22 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Connection closed by 176.65.132.129 port 35038 [preauth]
Jun 22 19:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Invalid user test1 from 176.65.132.129
Jun 22 19:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: input_userauth_request: invalid user test1 [preauth]
Jun 22 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Failed password for invalid user test1 from 176.65.132.129 port 35054 ssh2
Jun 22 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Connection closed by 176.65.132.129 port 35054 [preauth]
Jun 22 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Invalid user alex from 176.65.132.129
Jun 22 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: input_userauth_request: invalid user alex [preauth]
Jun 22 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Failed password for invalid user alex from 176.65.132.129 port 35066 ssh2
Jun 22 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Connection closed by 176.65.132.129 port 35066 [preauth]
Jun 22 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: Invalid user test1 from 176.65.132.129
Jun 22 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: input_userauth_request: invalid user test1 [preauth]
Jun 22 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session closed for user root
Jun 22 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: Failed password for invalid user test1 from 176.65.132.129 port 57496 ssh2
Jun 22 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: Connection closed by 176.65.132.129 port 57496 [preauth]
Jun 22 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: Invalid user trader from 176.65.132.129
Jun 22 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: input_userauth_request: invalid user trader [preauth]
Jun 22 19:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: Failed password for invalid user trader from 176.65.132.129 port 57528 ssh2
Jun 22 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: Connection closed by 176.65.132.129 port 57528 [preauth]
Jun 22 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: Invalid user kafka from 176.65.132.129
Jun 22 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: input_userauth_request: invalid user kafka [preauth]
Jun 22 19:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: Failed password for invalid user kafka from 176.65.132.129 port 57558 ssh2
Jun 22 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: Connection closed by 176.65.132.129 port 57558 [preauth]
Jun 22 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Invalid user jellyfin from 176.65.132.129
Jun 22 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: input_userauth_request: invalid user jellyfin [preauth]
Jun 22 19:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Invalid user test from 45.148.10.121
Jun 22 19:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: input_userauth_request: invalid user test [preauth]
Jun 22 19:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 22 19:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Failed password for invalid user jellyfin from 176.65.132.129 port 41944 ssh2
Jun 22 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Connection closed by 176.65.132.129 port 41944 [preauth]
Jun 22 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Failed password for invalid user test from 45.148.10.121 port 42640 ssh2
Jun 22 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: Invalid user jack from 176.65.132.129
Jun 22 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: input_userauth_request: invalid user jack [preauth]
Jun 22 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Connection closed by 45.148.10.121 port 42640 [preauth]
Jun 22 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: Failed password for invalid user jack from 176.65.132.129 port 41954 ssh2
Jun 22 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: Connection closed by 176.65.132.129 port 41954 [preauth]
Jun 22 19:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: Failed password for root from 176.65.132.129 port 41966 ssh2
Jun 22 19:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: Connection closed by 176.65.132.129 port 41966 [preauth]
Jun 22 19:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: Failed password for invalid user ubuntu from 176.65.132.129 port 41968 ssh2
Jun 22 19:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: Connection closed by 176.65.132.129 port 41968 [preauth]
Jun 22 19:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[937]: Invalid user root1 from 176.65.132.129
Jun 22 19:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[937]: input_userauth_request: invalid user root1 [preauth]
Jun 22 19:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[937]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[937]: Failed password for invalid user root1 from 176.65.132.129 port 47166 ssh2
Jun 22 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[937]: Connection closed by 176.65.132.129 port 47166 [preauth]
Jun 22 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: Invalid user prefect from 176.65.132.129
Jun 22 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: input_userauth_request: invalid user prefect [preauth]
Jun 22 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: Failed password for invalid user prefect from 176.65.132.129 port 47194 ssh2
Jun 22 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: Connection closed by 176.65.132.129 port 47194 [preauth]
Jun 22 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: Invalid user ghost from 176.65.132.129
Jun 22 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: input_userauth_request: invalid user ghost [preauth]
Jun 22 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Failed password for root from 38.55.97.143 port 49190 ssh2
Jun 22 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: Failed password for invalid user ghost from 176.65.132.129 port 47224 ssh2
Jun 22 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[961]: Connection closed by 176.65.132.129 port 47224 [preauth]
Jun 22 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[964]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Connection closed by 38.55.97.143 port 49190 [preauth]
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1036]: Successful su for rubyman by root
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1036]: + ??? root:rubyman
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572702 of user rubyman.
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1036]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572702.
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: Invalid user testuser from 176.65.132.129
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: input_userauth_request: invalid user testuser [preauth]
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30333]: pam_unix(cron:session): session closed for user root
Jun 22 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: Failed password for invalid user testuser from 176.65.132.129 port 38374 ssh2
Jun 22 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: Connection closed by 176.65.132.129 port 38374 [preauth]
Jun 22 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1236]: Invalid user centreon from 176.65.132.129
Jun 22 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1236]: input_userauth_request: invalid user centreon [preauth]
Jun 22 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1236]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[966]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1236]: Failed password for invalid user centreon from 176.65.132.129 port 38392 ssh2
Jun 22 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1236]: Connection closed by 176.65.132.129 port 38392 [preauth]
Jun 22 19:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: Failed password for root from 176.65.132.129 port 38404 ssh2
Jun 22 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: Connection closed by 176.65.132.129 port 38404 [preauth]
Jun 22 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Invalid user rdpuser from 176.65.132.129
Jun 22 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Failed password for invalid user rdpuser from 176.65.132.129 port 37334 ssh2
Jun 22 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Connection closed by 176.65.132.129 port 37334 [preauth]
Jun 22 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: Invalid user angel from 176.65.132.129
Jun 22 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: input_userauth_request: invalid user angel [preauth]
Jun 22 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: Failed password for invalid user angel from 176.65.132.129 port 37342 ssh2
Jun 22 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: Connection closed by 176.65.132.129 port 37342 [preauth]
Jun 22 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: Failed password for root from 176.65.132.129 port 37352 ssh2
Jun 22 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: Connection closed by 176.65.132.129 port 37352 [preauth]
Jun 22 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1313]: User mysql from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1313]: input_userauth_request: invalid user mysql [preauth]
Jun 22 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=mysql
Jun 22 19:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1313]: Failed password for invalid user mysql from 176.65.132.129 port 37366 ssh2
Jun 22 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1313]: Connection closed by 176.65.132.129 port 37366 [preauth]
Jun 22 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Invalid user btc from 176.65.132.129
Jun 22 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: input_userauth_request: invalid user btc [preauth]
Jun 22 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Failed password for invalid user btc from 176.65.132.129 port 58852 ssh2
Jun 22 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Connection closed by 176.65.132.129 port 58852 [preauth]
Jun 22 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: Failed password for invalid user ubuntu from 176.65.132.129 port 58866 ssh2
Jun 22 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Invalid user david from 176.65.132.129
Jun 22 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: input_userauth_request: invalid user david [preauth]
Jun 22 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: Connection closed by 176.65.132.129 port 58866 [preauth]
Jun 22 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Failed password for invalid user david from 176.65.132.129 port 58870 ssh2
Jun 22 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Connection closed by 176.65.132.129 port 58870 [preauth]
Jun 22 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1361]: Invalid user pi from 176.65.132.129
Jun 22 19:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1361]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1361]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32355]: pam_unix(cron:session): session closed for user root
Jun 22 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1361]: Failed password for invalid user pi from 176.65.132.129 port 32802 ssh2
Jun 22 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1361]: Connection closed by 176.65.132.129 port 32802 [preauth]
Jun 22 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: Invalid user deploy from 176.65.132.129
Jun 22 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: Failed password for invalid user deploy from 176.65.132.129 port 32806 ssh2
Jun 22 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: Connection closed by 176.65.132.129 port 32806 [preauth]
Jun 22 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: Invalid user administrator from 176.65.132.129
Jun 22 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: input_userauth_request: invalid user administrator [preauth]
Jun 22 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: Failed password for invalid user administrator from 176.65.132.129 port 32818 ssh2
Jun 22 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: Connection closed by 176.65.132.129 port 32818 [preauth]
Jun 22 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: Invalid user admin from 176.65.132.129
Jun 22 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: Failed password for invalid user admin from 176.65.132.129 port 59530 ssh2
Jun 22 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1404]: Connection closed by 176.65.132.129 port 59530 [preauth]
Jun 22 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Invalid user user from 176.65.132.129
Jun 22 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: input_userauth_request: invalid user user [preauth]
Jun 22 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Failed password for invalid user user from 176.65.132.129 port 59534 ssh2
Jun 22 19:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Connection closed by 176.65.132.129 port 59534 [preauth]
Jun 22 19:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Invalid user ts from 176.65.132.129
Jun 22 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: input_userauth_request: invalid user ts [preauth]
Jun 22 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Failed password for invalid user ts from 176.65.132.129 port 59542 ssh2
Jun 22 19:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Connection closed by 176.65.132.129 port 59542 [preauth]
Jun 22 19:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: Invalid user vm from 176.65.132.129
Jun 22 19:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: input_userauth_request: invalid user vm [preauth]
Jun 22 19:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: Failed password for invalid user vm from 176.65.132.129 port 59552 ssh2
Jun 22 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: Connection closed by 176.65.132.129 port 59552 [preauth]
Jun 22 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1484]: Invalid user jay from 176.65.132.129
Jun 22 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1484]: input_userauth_request: invalid user jay [preauth]
Jun 22 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1484]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: Received disconnect from 51.75.149.221 port 37990:11: disconnected by user [preauth]
Jun 22 19:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: Disconnected from 51.75.149.221 port 37990 [preauth]
Jun 22 19:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Connection closed by 211.25.195.253 port 23292 [preauth]
Jun 22 19:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1484]: Failed password for invalid user jay from 176.65.132.129 port 35996 ssh2
Jun 22 19:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1484]: Connection closed by 176.65.132.129 port 35996 [preauth]
Jun 22 19:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Invalid user deploy from 176.65.132.129
Jun 22 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Failed password for invalid user deploy from 176.65.132.129 port 36012 ssh2
Jun 22 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Connection closed by 176.65.132.129 port 36012 [preauth]
Jun 22 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: Invalid user admin from 176.65.132.129
Jun 22 19:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1575]: pam_unix(cron:session): session closed for user root
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1566]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1659]: Successful su for rubyman by root
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1659]: + ??? root:rubyman
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572706 of user rubyman.
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1659]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572706.
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: Failed password for invalid user admin from 176.65.132.129 port 36024 ssh2
Jun 22 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: Connection closed by 176.65.132.129 port 36024 [preauth]
Jun 22 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Invalid user pi from 176.65.132.129
Jun 22 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1571]: pam_unix(cron:session): session closed for user root
Jun 22 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Failed password for invalid user pi from 176.65.132.129 port 55476 ssh2
Jun 22 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30775]: pam_unix(cron:session): session closed for user root
Jun 22 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Connection closed by 176.65.132.129 port 55476 [preauth]
Jun 22 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: Invalid user admin from 176.65.132.129
Jun 22 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1567]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: Failed password for invalid user admin from 176.65.132.129 port 55486 ssh2
Jun 22 19:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: Connection closed by 176.65.132.129 port 55486 [preauth]
Jun 22 19:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: Invalid user node from 176.65.132.129
Jun 22 19:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: input_userauth_request: invalid user node [preauth]
Jun 22 19:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: Failed password for invalid user node from 176.65.132.129 port 55492 ssh2
Jun 22 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: Connection closed by 176.65.132.129 port 55492 [preauth]
Jun 22 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: Invalid user splunk from 176.65.132.129
Jun 22 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: input_userauth_request: invalid user splunk [preauth]
Jun 22 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: Failed password for invalid user splunk from 176.65.132.129 port 55506 ssh2
Jun 22 19:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: Connection closed by 176.65.132.129 port 55506 [preauth]
Jun 22 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Failed password for root from 176.65.132.129 port 53972 ssh2
Jun 22 19:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Connection closed by 176.65.132.129 port 53972 [preauth]
Jun 22 19:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: Invalid user admin2 from 176.65.132.129
Jun 22 19:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: input_userauth_request: invalid user admin2 [preauth]
Jun 22 19:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: Failed password for invalid user admin2 from 176.65.132.129 port 53984 ssh2
Jun 22 19:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: Connection closed by 176.65.132.129 port 53984 [preauth]
Jun 22 19:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1957]: Invalid user admin2 from 176.65.132.129
Jun 22 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1957]: input_userauth_request: invalid user admin2 [preauth]
Jun 22 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1957]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1957]: Failed password for invalid user admin2 from 176.65.132.129 port 53986 ssh2
Jun 22 19:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1957]: Connection closed by 176.65.132.129 port 53986 [preauth]
Jun 22 19:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Invalid user admin from 176.65.132.129
Jun 22 19:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Failed password for invalid user admin from 176.65.132.129 port 58994 ssh2
Jun 22 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Connection closed by 176.65.132.129 port 58994 [preauth]
Jun 22 19:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: Failed password for root from 176.65.132.129 port 59008 ssh2
Jun 22 19:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: Connection closed by 176.65.132.129 port 59008 [preauth]
Jun 22 19:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1996]: Invalid user claude from 176.65.132.129
Jun 22 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1996]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1996]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1996]: Failed password for invalid user claude from 176.65.132.129 port 59022 ssh2
Jun 22 19:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1996]: Connection closed by 176.65.132.129 port 59022 [preauth]
Jun 22 19:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[360]: pam_unix(cron:session): session closed for user root
Jun 22 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2015]: Failed password for root from 176.65.132.129 port 56368 ssh2
Jun 22 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2015]: Connection closed by 176.65.132.129 port 56368 [preauth]
Jun 22 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: Failed password for invalid user ubuntu from 176.65.132.129 port 56376 ssh2
Jun 22 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: Connection closed by 176.65.132.129 port 56376 [preauth]
Jun 22 19:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: Failed password for invalid user ubuntu from 176.65.132.129 port 56390 ssh2
Jun 22 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: Connection closed by 176.65.132.129 port 56390 [preauth]
Jun 22 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2077]: Invalid user guest from 176.65.132.129
Jun 22 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2077]: input_userauth_request: invalid user guest [preauth]
Jun 22 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2077]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2077]: Failed password for invalid user guest from 176.65.132.129 port 56396 ssh2
Jun 22 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2077]: Connection closed by 176.65.132.129 port 56396 [preauth]
Jun 22 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: Invalid user bot from 176.65.132.129
Jun 22 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: input_userauth_request: invalid user bot [preauth]
Jun 22 19:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: Failed password for invalid user bot from 176.65.132.129 port 52044 ssh2
Jun 22 19:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2086]: Connection closed by 176.65.132.129 port 52044 [preauth]
Jun 22 19:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Invalid user administrator from 176.65.132.129
Jun 22 19:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: input_userauth_request: invalid user administrator [preauth]
Jun 22 19:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Failed password for invalid user administrator from 176.65.132.129 port 52052 ssh2
Jun 22 19:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Connection closed by 176.65.132.129 port 52052 [preauth]
Jun 22 19:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Invalid user student from 176.65.132.129
Jun 22 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: input_userauth_request: invalid user student [preauth]
Jun 22 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Failed password for invalid user student from 176.65.132.129 port 52054 ssh2
Jun 22 19:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Connection closed by 176.65.132.129 port 52054 [preauth]
Jun 22 19:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Failed password for invalid user ubuntu from 176.65.132.129 port 55426 ssh2
Jun 22 19:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Connection closed by 176.65.132.129 port 55426 [preauth]
Jun 22 19:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: Invalid user dev from 176.65.132.129
Jun 22 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: Failed password for invalid user dev from 176.65.132.129 port 55440 ssh2
Jun 22 19:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: Connection closed by 176.65.132.129 port 55440 [preauth]
Jun 22 19:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: Invalid user gitlab-runner from 176.65.132.129
Jun 22 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 22 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Failed password for root from 38.55.97.143 port 57828 ssh2
Jun 22 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Connection closed by 38.55.97.143 port 57828 [preauth]
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2141]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2138]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: Failed password for invalid user gitlab-runner from 176.65.132.129 port 55448 ssh2
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2233]: Successful su for rubyman by root
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2233]: + ??? root:rubyman
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572710 of user rubyman.
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2233]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572710.
Jun 22 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: Connection closed by 176.65.132.129 port 55448 [preauth]
Jun 22 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Failed password for root from 176.65.132.129 port 58498 ssh2
Jun 22 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Connection closed by 176.65.132.129 port 58498 [preauth]
Jun 22 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session closed for user root
Jun 22 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Invalid user odoo from 176.65.132.129
Jun 22 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: input_userauth_request: invalid user odoo [preauth]
Jun 22 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2140]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Failed password for invalid user odoo from 176.65.132.129 port 58500 ssh2
Jun 22 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Connection closed by 176.65.132.129 port 58500 [preauth]
Jun 22 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Invalid user xiao from 176.65.132.129
Jun 22 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: input_userauth_request: invalid user xiao [preauth]
Jun 22 19:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Failed password for invalid user xiao from 176.65.132.129 port 58510 ssh2
Jun 22 19:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Connection closed by 176.65.132.129 port 58510 [preauth]
Jun 22 19:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: Invalid user test from 176.65.132.129
Jun 22 19:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: input_userauth_request: invalid user test [preauth]
Jun 22 19:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: Failed password for invalid user test from 176.65.132.129 port 58520 ssh2
Jun 22 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: Connection closed by 176.65.132.129 port 58520 [preauth]
Jun 22 19:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Failed password for root from 176.65.132.129 port 42882 ssh2
Jun 22 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Connection closed by 176.65.132.129 port 42882 [preauth]
Jun 22 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: Invalid user git from 176.65.132.129
Jun 22 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: input_userauth_request: invalid user git [preauth]
Jun 22 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: Failed password for invalid user git from 176.65.132.129 port 42908 ssh2
Jun 22 19:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: Connection closed by 176.65.132.129 port 42908 [preauth]
Jun 22 19:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: Invalid user user from 176.65.132.129
Jun 22 19:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: input_userauth_request: invalid user user [preauth]
Jun 22 19:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: Failed password for invalid user user from 176.65.132.129 port 42918 ssh2
Jun 22 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: Connection closed by 176.65.132.129 port 42918 [preauth]
Jun 22 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Failed password for root from 176.65.132.129 port 60926 ssh2
Jun 22 19:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Connection closed by 176.65.132.129 port 60926 [preauth]
Jun 22 19:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Invalid user webuser from 176.65.132.129
Jun 22 19:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: input_userauth_request: invalid user webuser [preauth]
Jun 22 19:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Failed password for invalid user webuser from 176.65.132.129 port 60952 ssh2
Jun 22 19:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Connection closed by 176.65.132.129 port 60952 [preauth]
Jun 22 19:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: Invalid user debian from 176.65.132.129
Jun 22 19:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: input_userauth_request: invalid user debian [preauth]
Jun 22 19:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: Failed password for invalid user debian from 176.65.132.129 port 60992 ssh2
Jun 22 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: Connection closed by 176.65.132.129 port 60992 [preauth]
Jun 22 19:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[968]: pam_unix(cron:session): session closed for user root
Jun 22 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: Failed password for root from 176.65.132.129 port 59018 ssh2
Jun 22 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: Connection closed by 176.65.132.129 port 59018 [preauth]
Jun 22 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Invalid user fred from 176.65.132.129
Jun 22 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: input_userauth_request: invalid user fred [preauth]
Jun 22 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Failed password for invalid user fred from 176.65.132.129 port 59038 ssh2
Jun 22 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Connection closed by 176.65.132.129 port 59038 [preauth]
Jun 22 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Invalid user oscar from 176.65.132.129
Jun 22 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: input_userauth_request: invalid user oscar [preauth]
Jun 22 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Failed password for invalid user oscar from 176.65.132.129 port 59052 ssh2
Jun 22 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Connection closed by 176.65.132.129 port 59052 [preauth]
Jun 22 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Invalid user es from 176.65.132.129
Jun 22 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: input_userauth_request: invalid user es [preauth]
Jun 22 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Failed password for invalid user es from 176.65.132.129 port 59070 ssh2
Jun 22 19:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Connection closed by 176.65.132.129 port 59070 [preauth]
Jun 22 19:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Invalid user fivem from 176.65.132.129
Jun 22 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: input_userauth_request: invalid user fivem [preauth]
Jun 22 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Failed password for invalid user fivem from 176.65.132.129 port 39874 ssh2
Jun 22 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Connection closed by 176.65.132.129 port 39874 [preauth]
Jun 22 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Invalid user openclaw from 176.65.132.129
Jun 22 19:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 19:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Failed password for invalid user openclaw from 176.65.132.129 port 39878 ssh2
Jun 22 19:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Connection closed by 176.65.132.129 port 39878 [preauth]
Jun 22 19:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Invalid user dev from 176.65.132.129
Jun 22 19:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Failed password for invalid user dev from 176.65.132.129 port 39890 ssh2
Jun 22 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Connection closed by 176.65.132.129 port 39890 [preauth]
Jun 22 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Invalid user osmc from 176.65.132.129
Jun 22 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: input_userauth_request: invalid user osmc [preauth]
Jun 22 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Failed password for root from 62.133.62.83 port 41828 ssh2
Jun 22 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Connection closed by 62.133.62.83 port 41828 [preauth]
Jun 22 19:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Failed password for invalid user osmc from 176.65.132.129 port 39564 ssh2
Jun 22 19:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Connection closed by 176.65.132.129 port 39564 [preauth]
Jun 22 19:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: Invalid user runner from 176.65.132.129
Jun 22 19:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: input_userauth_request: invalid user runner [preauth]
Jun 22 19:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: Failed password for invalid user runner from 176.65.132.129 port 39578 ssh2
Jun 22 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: Connection closed by 176.65.132.129 port 39578 [preauth]
Jun 22 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: User ftp from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: input_userauth_request: invalid user ftp [preauth]
Jun 22 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=ftp
Jun 22 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: Failed password for invalid user ftp from 176.65.132.129 port 39580 ssh2
Jun 22 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: Connection closed by 176.65.132.129 port 39580 [preauth]
Jun 22 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2637]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: User mysql from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: input_userauth_request: invalid user mysql [preauth]
Jun 22 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2698]: Successful su for rubyman by root
Jun 22 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2698]: + ??? root:rubyman
Jun 22 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572715 of user rubyman.
Jun 22 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2698]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572715.
Jun 22 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=mysql
Jun 22 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Failed password for invalid user mysql from 176.65.132.129 port 49312 ssh2
Jun 22 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Connection closed by 176.65.132.129 port 49312 [preauth]
Jun 22 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session closed for user root
Jun 22 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Failed password for root from 38.55.97.143 port 43464 ssh2
Jun 22 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: Invalid user azureuser from 176.65.132.129
Jun 22 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: input_userauth_request: invalid user azureuser [preauth]
Jun 22 19:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Connection closed by 38.55.97.143 port 43464 [preauth]
Jun 22 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: Failed password for invalid user azureuser from 176.65.132.129 port 49320 ssh2
Jun 22 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: Connection closed by 176.65.132.129 port 49320 [preauth]
Jun 22 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Invalid user ftpuser from 176.65.132.129
Jun 22 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 19:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Failed password for invalid user ftpuser from 176.65.132.129 port 49336 ssh2
Jun 22 19:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Connection closed by 176.65.132.129 port 49336 [preauth]
Jun 22 19:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2893]: Invalid user myuser from 176.65.132.129
Jun 22 19:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2893]: input_userauth_request: invalid user myuser [preauth]
Jun 22 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2893]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2893]: Failed password for invalid user myuser from 176.65.132.129 port 49348 ssh2
Jun 22 19:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2893]: Connection closed by 176.65.132.129 port 49348 [preauth]
Jun 22 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Invalid user cloud from 176.65.132.129
Jun 22 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: input_userauth_request: invalid user cloud [preauth]
Jun 22 19:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for invalid user cloud from 176.65.132.129 port 52192 ssh2
Jun 22 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Connection closed by 176.65.132.129 port 52192 [preauth]
Jun 22 19:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: Invalid user systemd from 176.65.132.129
Jun 22 19:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: input_userauth_request: invalid user systemd [preauth]
Jun 22 19:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: Failed password for invalid user systemd from 176.65.132.129 port 52212 ssh2
Jun 22 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: Connection closed by 176.65.132.129 port 52212 [preauth]
Jun 22 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Invalid user omm from 176.65.132.129
Jun 22 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: input_userauth_request: invalid user omm [preauth]
Jun 22 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Failed password for invalid user omm from 176.65.132.129 port 52218 ssh2
Jun 22 19:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Connection closed by 176.65.132.129 port 52218 [preauth]
Jun 22 19:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Invalid user deploy from 176.65.132.129
Jun 22 19:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Failed password for invalid user deploy from 176.65.132.129 port 56416 ssh2
Jun 22 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Connection closed by 176.65.132.129 port 56416 [preauth]
Jun 22 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Invalid user rocky from 176.65.132.129
Jun 22 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: input_userauth_request: invalid user rocky [preauth]
Jun 22 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Failed password for invalid user rocky from 176.65.132.129 port 56432 ssh2
Jun 22 19:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Connection closed by 176.65.132.129 port 56432 [preauth]
Jun 22 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: Invalid user www from 176.65.132.129
Jun 22 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: input_userauth_request: invalid user www [preauth]
Jun 22 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: Failed password for invalid user www from 176.65.132.129 port 56434 ssh2
Jun 22 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2966]: Failed password for root from 147.45.199.80 port 45698 ssh2
Jun 22 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: Connection closed by 176.65.132.129 port 56434 [preauth]
Jun 22 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2966]: Connection closed by 147.45.199.80 port 45698 [preauth]
Jun 22 19:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1574]: pam_unix(cron:session): session closed for user root
Jun 22 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: Failed password for root from 176.65.132.129 port 33774 ssh2
Jun 22 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: Connection closed by 176.65.132.129 port 33774 [preauth]
Jun 22 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: Invalid user admin from 176.65.132.129
Jun 22 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: Failed password for invalid user admin from 176.65.132.129 port 33776 ssh2
Jun 22 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: Connection closed by 176.65.132.129 port 33776 [preauth]
Jun 22 19:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Failed password for root from 176.65.132.129 port 33790 ssh2
Jun 22 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Connection closed by 176.65.132.129 port 33790 [preauth]
Jun 22 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: Invalid user deploy from 176.65.132.129
Jun 22 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: Failed password for invalid user deploy from 176.65.132.129 port 33792 ssh2
Jun 22 19:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: Connection closed by 176.65.132.129 port 33792 [preauth]
Jun 22 19:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Invalid user amir from 176.65.132.129
Jun 22 19:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: input_userauth_request: invalid user amir [preauth]
Jun 22 19:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Failed password for invalid user amir from 176.65.132.129 port 48764 ssh2
Jun 22 19:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Connection closed by 176.65.132.129 port 48764 [preauth]
Jun 22 19:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: User ftp from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: input_userauth_request: invalid user ftp [preauth]
Jun 22 19:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=ftp
Jun 22 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: Failed password for invalid user ftp from 176.65.132.129 port 48776 ssh2
Jun 22 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: Connection closed by 176.65.132.129 port 48776 [preauth]
Jun 22 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: Invalid user admin from 176.65.132.129
Jun 22 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: Failed password for invalid user admin from 176.65.132.129 port 48784 ssh2
Jun 22 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: Connection closed by 176.65.132.129 port 48784 [preauth]
Jun 22 19:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: Invalid user openclaw from 176.65.132.129
Jun 22 19:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 19:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: Failed password for invalid user openclaw from 176.65.132.129 port 40780 ssh2
Jun 22 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: Connection closed by 176.65.132.129 port 40780 [preauth]
Jun 22 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: User vncuser from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: input_userauth_request: invalid user vncuser [preauth]
Jun 22 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=vncuser
Jun 22 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Failed password for invalid user vncuser from 176.65.132.129 port 40784 ssh2
Jun 22 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Connection closed by 176.65.132.129 port 40784 [preauth]
Jun 22 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Invalid user admin from 176.65.132.129
Jun 22 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Failed password for invalid user admin from 176.65.132.129 port 40788 ssh2
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Connection closed by 176.65.132.129 port 40788 [preauth]
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3142]: Successful su for rubyman by root
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3142]: + ??? root:rubyman
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572718 of user rubyman.
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3142]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572718.
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: Invalid user rocky from 176.65.132.129
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: input_userauth_request: invalid user rocky [preauth]
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: Failed password for invalid user rocky from 176.65.132.129 port 32902 ssh2
Jun 22 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: Connection closed by 176.65.132.129 port 32902 [preauth]
Jun 22 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session closed for user root
Jun 22 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3081]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: Invalid user oracle from 38.55.97.143
Jun 22 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: input_userauth_request: invalid user oracle [preauth]
Jun 22 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: Failed password for root from 176.65.132.129 port 32910 ssh2
Jun 22 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: Connection closed by 176.65.132.129 port 32910 [preauth]
Jun 22 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: Failed password for invalid user oracle from 38.55.97.143 port 56526 ssh2
Jun 22 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: Connection closed by 38.55.97.143 port 56526 [preauth]
Jun 22 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3330]: Failed password for root from 176.65.132.129 port 32920 ssh2
Jun 22 19:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3330]: Connection closed by 176.65.132.129 port 32920 [preauth]
Jun 22 19:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3341]: Failed password for root from 176.65.132.129 port 32922 ssh2
Jun 22 19:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3341]: Connection closed by 176.65.132.129 port 32922 [preauth]
Jun 22 19:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: Failed password for root from 176.65.132.129 port 46064 ssh2
Jun 22 19:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: Connection closed by 176.65.132.129 port 46064 [preauth]
Jun 22 19:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Invalid user bob from 176.65.132.129
Jun 22 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: input_userauth_request: invalid user bob [preauth]
Jun 22 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Failed password for invalid user bob from 176.65.132.129 port 46072 ssh2
Jun 22 19:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Connection closed by 176.65.132.129 port 46072 [preauth]
Jun 22 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: Invalid user master from 176.65.132.129
Jun 22 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: input_userauth_request: invalid user master [preauth]
Jun 22 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: Failed password for invalid user master from 176.65.132.129 port 46088 ssh2
Jun 22 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: Connection closed by 176.65.132.129 port 46088 [preauth]
Jun 22 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: Invalid user ai from 176.65.132.129
Jun 22 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: input_userauth_request: invalid user ai [preauth]
Jun 22 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: Failed password for invalid user ai from 176.65.132.129 port 60614 ssh2
Jun 22 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: Connection closed by 176.65.132.129 port 60614 [preauth]
Jun 22 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Failed password for root from 176.65.132.129 port 60622 ssh2
Jun 22 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Connection closed by 176.65.132.129 port 60622 [preauth]
Jun 22 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Invalid user core from 176.65.132.129
Jun 22 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: input_userauth_request: invalid user core [preauth]
Jun 22 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Failed password for invalid user core from 176.65.132.129 port 60638 ssh2
Jun 22 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Connection closed by 176.65.132.129 port 60638 [preauth]
Jun 22 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3413]: Invalid user sam from 176.65.132.129
Jun 22 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3413]: input_userauth_request: invalid user sam [preauth]
Jun 22 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3413]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2142]: pam_unix(cron:session): session closed for user root
Jun 22 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3413]: Failed password for invalid user sam from 176.65.132.129 port 34138 ssh2
Jun 22 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3413]: Connection closed by 176.65.132.129 port 34138 [preauth]
Jun 22 19:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Invalid user postgres from 176.65.132.129
Jun 22 19:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: input_userauth_request: invalid user postgres [preauth]
Jun 22 19:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Failed password for invalid user postgres from 176.65.132.129 port 34146 ssh2
Jun 22 19:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Connection closed by 176.65.132.129 port 34146 [preauth]
Jun 22 19:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: Invalid user frank from 176.65.132.129
Jun 22 19:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: input_userauth_request: invalid user frank [preauth]
Jun 22 19:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: Failed password for invalid user frank from 176.65.132.129 port 34156 ssh2
Jun 22 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: Connection closed by 176.65.132.129 port 34156 [preauth]
Jun 22 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: Failed password for root from 176.65.132.129 port 34168 ssh2
Jun 22 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: Connection closed by 176.65.132.129 port 34168 [preauth]
Jun 22 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Invalid user testuser from 176.65.132.129
Jun 22 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: input_userauth_request: invalid user testuser [preauth]
Jun 22 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Failed password for invalid user testuser from 176.65.132.129 port 44946 ssh2
Jun 22 19:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Connection closed by 176.65.132.129 port 44946 [preauth]
Jun 22 19:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Failed password for root from 176.65.132.129 port 44954 ssh2
Jun 22 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Connection closed by 176.65.132.129 port 44954 [preauth]
Jun 22 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: Invalid user trinity from 176.65.132.129
Jun 22 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: input_userauth_request: invalid user trinity [preauth]
Jun 22 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: Failed password for invalid user trinity from 176.65.132.129 port 44970 ssh2
Jun 22 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: Connection closed by 176.65.132.129 port 44970 [preauth]
Jun 22 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Invalid user dmdba from 176.65.132.129
Jun 22 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: input_userauth_request: invalid user dmdba [preauth]
Jun 22 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Failed password for invalid user dmdba from 176.65.132.129 port 56788 ssh2
Jun 22 19:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Connection closed by 176.65.132.129 port 56788 [preauth]
Jun 22 19:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Invalid user ftpuser from 176.65.132.129
Jun 22 19:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 19:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Failed password for invalid user ftpuser from 176.65.132.129 port 56798 ssh2
Jun 22 19:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Connection closed by 176.65.132.129 port 56798 [preauth]
Jun 22 19:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Invalid user debian from 176.65.132.129
Jun 22 19:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: input_userauth_request: invalid user debian [preauth]
Jun 22 19:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Failed password for invalid user debian from 176.65.132.129 port 56802 ssh2
Jun 22 19:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Connection closed by 176.65.132.129 port 56802 [preauth]
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3518]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3587]: Successful su for rubyman by root
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3587]: + ??? root:rubyman
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572722 of user rubyman.
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3587]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572722.
Jun 22 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[359]: pam_unix(cron:session): session closed for user root
Jun 22 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Failed password for root from 176.65.132.129 port 38730 ssh2
Jun 22 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Connection closed by 176.65.132.129 port 38730 [preauth]
Jun 22 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3519]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Failed password for invalid user ubuntu from 176.65.132.129 port 38746 ssh2
Jun 22 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Connection closed by 176.65.132.129 port 38746 [preauth]
Jun 22 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Invalid user zimbra from 176.65.132.129
Jun 22 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: input_userauth_request: invalid user zimbra [preauth]
Jun 22 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Failed password for invalid user zimbra from 176.65.132.129 port 38758 ssh2
Jun 22 19:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Connection closed by 176.65.132.129 port 38758 [preauth]
Jun 22 19:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Invalid user openclaw from 176.65.132.129
Jun 22 19:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 19:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Failed password for invalid user openclaw from 176.65.132.129 port 38768 ssh2
Jun 22 19:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Connection closed by 176.65.132.129 port 38768 [preauth]
Jun 22 19:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: Failed password for root from 176.65.132.129 port 58904 ssh2
Jun 22 19:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: Connection closed by 176.65.132.129 port 58904 [preauth]
Jun 22 19:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: Failed password for root from 176.65.132.129 port 58908 ssh2
Jun 22 19:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: Connection closed by 176.65.132.129 port 58908 [preauth]
Jun 22 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3977]: Invalid user claude from 176.65.132.129
Jun 22 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3977]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3977]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3962]: Invalid user hadoop from 38.55.97.143
Jun 22 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3962]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3962]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3977]: Failed password for invalid user claude from 176.65.132.129 port 58920 ssh2
Jun 22 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3962]: Failed password for invalid user hadoop from 38.55.97.143 port 38892 ssh2
Jun 22 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3977]: Connection closed by 176.65.132.129 port 58920 [preauth]
Jun 22 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3984]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3984]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3962]: Connection closed by 38.55.97.143 port 38892 [preauth]
Jun 22 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3984]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3984]: Failed password for invalid user ubuntu from 176.65.132.129 port 39578 ssh2
Jun 22 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3984]: Connection closed by 176.65.132.129 port 39578 [preauth]
Jun 22 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Invalid user deploy from 176.65.132.129
Jun 22 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Failed password for invalid user deploy from 176.65.132.129 port 39584 ssh2
Jun 22 19:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Connection closed by 176.65.132.129 port 39584 [preauth]
Jun 22 19:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Invalid user system from 176.65.132.129
Jun 22 19:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: input_userauth_request: invalid user system [preauth]
Jun 22 19:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Failed password for invalid user system from 176.65.132.129 port 39594 ssh2
Jun 22 19:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Connection closed by 176.65.132.129 port 39594 [preauth]
Jun 22 19:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Invalid user node from 176.65.132.129
Jun 22 19:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: input_userauth_request: invalid user node [preauth]
Jun 22 19:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2640]: pam_unix(cron:session): session closed for user root
Jun 22 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Failed password for invalid user node from 176.65.132.129 port 52698 ssh2
Jun 22 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Connection closed by 176.65.132.129 port 52698 [preauth]
Jun 22 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Invalid user student from 176.65.132.129
Jun 22 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: input_userauth_request: invalid user student [preauth]
Jun 22 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Failed password for invalid user student from 176.65.132.129 port 52702 ssh2
Jun 22 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Connection closed by 176.65.132.129 port 52702 [preauth]
Jun 22 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Invalid user crafty from 176.65.132.129
Jun 22 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: input_userauth_request: invalid user crafty [preauth]
Jun 22 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Failed password for invalid user crafty from 176.65.132.129 port 52704 ssh2
Jun 22 19:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Connection closed by 176.65.132.129 port 52704 [preauth]
Jun 22 19:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Invalid user tester from 176.65.132.129
Jun 22 19:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: input_userauth_request: invalid user tester [preauth]
Jun 22 19:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Failed password for invalid user tester from 176.65.132.129 port 52716 ssh2
Jun 22 19:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Connection closed by 176.65.132.129 port 52716 [preauth]
Jun 22 19:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: Failed password for root from 176.65.132.129 port 37106 ssh2
Jun 22 19:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: Connection closed by 176.65.132.129 port 37106 [preauth]
Jun 22 19:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: Invalid user guest from 176.65.132.129
Jun 22 19:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: input_userauth_request: invalid user guest [preauth]
Jun 22 19:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: Failed password for invalid user guest from 176.65.132.129 port 37128 ssh2
Jun 22 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: Connection closed by 176.65.132.129 port 37128 [preauth]
Jun 22 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Invalid user main from 176.65.132.129
Jun 22 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: input_userauth_request: invalid user main [preauth]
Jun 22 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Failed password for invalid user main from 176.65.132.129 port 37152 ssh2
Jun 22 19:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Connection closed by 176.65.132.129 port 37152 [preauth]
Jun 22 19:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Invalid user user2 from 176.65.132.129
Jun 22 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: input_userauth_request: invalid user user2 [preauth]
Jun 22 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Failed password for invalid user user2 from 176.65.132.129 port 55692 ssh2
Jun 22 19:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Connection closed by 176.65.132.129 port 55692 [preauth]
Jun 22 19:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Invalid user user from 176.65.132.129
Jun 22 19:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: input_userauth_request: invalid user user [preauth]
Jun 22 19:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for invalid user user from 176.65.132.129 port 55694 ssh2
Jun 22 19:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Connection closed by 176.65.132.129 port 55694 [preauth]
Jun 22 19:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: Invalid user minecraft from 176.65.132.129
Jun 22 19:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 19:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Did not receive identification string from 120.76.158.232
Jun 22 19:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: Failed password for invalid user minecraft from 176.65.132.129 port 55708 ssh2
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: Connection closed by 176.65.132.129 port 55708 [preauth]
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session closed for user root
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4172]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: Invalid user nginx from 176.65.132.129
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: input_userauth_request: invalid user nginx [preauth]
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: Successful su for rubyman by root
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: + ??? root:rubyman
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572726 of user rubyman.
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572726.
Jun 22 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4174]: pam_unix(cron:session): session closed for user root
Jun 22 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: Failed password for invalid user nginx from 176.65.132.129 port 55096 ssh2
Jun 22 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4167]: Connection closed by 176.65.132.129 port 55096 [preauth]
Jun 22 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[967]: pam_unix(cron:session): session closed for user root
Jun 22 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: Failed password for invalid user ubuntu from 176.65.132.129 port 55110 ssh2
Jun 22 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: Connection closed by 176.65.132.129 port 55110 [preauth]
Jun 22 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: Invalid user app from 176.65.132.129
Jun 22 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: input_userauth_request: invalid user app [preauth]
Jun 22 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: Failed password for invalid user app from 176.65.132.129 port 55120 ssh2
Jun 22 19:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: Connection closed by 176.65.132.129 port 55120 [preauth]
Jun 22 19:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Invalid user developer from 176.65.132.129
Jun 22 19:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: input_userauth_request: invalid user developer [preauth]
Jun 22 19:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Failed password for invalid user developer from 176.65.132.129 port 55132 ssh2
Jun 22 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Connection closed by 176.65.132.129 port 55132 [preauth]
Jun 22 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Invalid user fivem from 176.65.132.129
Jun 22 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: input_userauth_request: invalid user fivem [preauth]
Jun 22 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Failed password for invalid user fivem from 176.65.132.129 port 40502 ssh2
Jun 22 19:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Connection closed by 176.65.132.129 port 40502 [preauth]
Jun 22 19:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Invalid user test from 176.65.132.129
Jun 22 19:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: input_userauth_request: invalid user test [preauth]
Jun 22 19:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for invalid user test from 176.65.132.129 port 40524 ssh2
Jun 22 19:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Connection closed by 176.65.132.129 port 40524 [preauth]
Jun 22 19:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: Invalid user claude from 176.65.132.129
Jun 22 19:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: Failed password for invalid user claude from 176.65.132.129 port 40550 ssh2
Jun 22 19:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Invalid user kali from 176.65.132.129
Jun 22 19:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: input_userauth_request: invalid user kali [preauth]
Jun 22 19:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: Connection closed by 176.65.132.129 port 40550 [preauth]
Jun 22 19:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Failed password for invalid user kali from 176.65.132.129 port 48430 ssh2
Jun 22 19:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Connection closed by 176.65.132.129 port 48430 [preauth]
Jun 22 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Invalid user ftpuser from 176.65.132.129
Jun 22 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Failed password for invalid user ftpuser from 176.65.132.129 port 48438 ssh2
Jun 22 19:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Connection closed by 176.65.132.129 port 48438 [preauth]
Jun 22 19:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: Invalid user guest from 176.65.132.129
Jun 22 19:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: input_userauth_request: invalid user guest [preauth]
Jun 22 19:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: Failed password for invalid user guest from 176.65.132.129 port 48466 ssh2
Jun 22 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: Connection closed by 176.65.132.129 port 48466 [preauth]
Jun 22 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Invalid user jenkins from 176.65.132.129
Jun 22 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: Invalid user ftptest from 38.55.97.143
Jun 22 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: input_userauth_request: invalid user ftptest [preauth]
Jun 22 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Connection closed by 194.59.206.2 port 62644 [preauth]
Jun 22 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3083]: pam_unix(cron:session): session closed for user root
Jun 22 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: Failed password for invalid user ftptest from 38.55.97.143 port 47742 ssh2
Jun 22 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: Connection closed by 38.55.97.143 port 47742 [preauth]
Jun 22 19:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for invalid user jenkins from 176.65.132.129 port 39830 ssh2
Jun 22 19:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Invalid user gitlab-runner from 176.65.132.129
Jun 22 19:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 22 19:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Connection closed by 176.65.132.129 port 39830 [preauth]
Jun 22 19:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Failed password for invalid user gitlab-runner from 176.65.132.129 port 39834 ssh2
Jun 22 19:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Connection closed by 176.65.132.129 port 39834 [preauth]
Jun 22 19:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Invalid user user from 176.65.132.129
Jun 22 19:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: input_userauth_request: invalid user user [preauth]
Jun 22 19:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Failed password for invalid user user from 176.65.132.129 port 39842 ssh2
Jun 22 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Connection closed by 176.65.132.129 port 39842 [preauth]
Jun 22 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Failed password for root from 176.65.132.129 port 39846 ssh2
Jun 22 19:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Connection closed by 176.65.132.129 port 39846 [preauth]
Jun 22 19:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Invalid user alex from 176.65.132.129
Jun 22 19:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: input_userauth_request: invalid user alex [preauth]
Jun 22 19:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Failed password for invalid user alex from 176.65.132.129 port 37626 ssh2
Jun 22 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Invalid user postgres from 176.65.132.129
Jun 22 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: input_userauth_request: invalid user postgres [preauth]
Jun 22 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Connection closed by 176.65.132.129 port 37626 [preauth]
Jun 22 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for invalid user postgres from 176.65.132.129 port 37634 ssh2
Jun 22 19:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Connection closed by 176.65.132.129 port 37634 [preauth]
Jun 22 19:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Invalid user devops from 176.65.132.129
Jun 22 19:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: input_userauth_request: invalid user devops [preauth]
Jun 22 19:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Failed password for invalid user devops from 176.65.132.129 port 37644 ssh2
Jun 22 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Connection closed by 176.65.132.129 port 37644 [preauth]
Jun 22 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4629]: Invalid user testuser from 176.65.132.129
Jun 22 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4629]: input_userauth_request: invalid user testuser [preauth]
Jun 22 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4629]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4629]: Failed password for invalid user testuser from 176.65.132.129 port 49982 ssh2
Jun 22 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4629]: Connection closed by 176.65.132.129 port 49982 [preauth]
Jun 22 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Invalid user martin from 176.65.132.129
Jun 22 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: input_userauth_request: invalid user martin [preauth]
Jun 22 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Failed password for invalid user martin from 176.65.132.129 port 50020 ssh2
Jun 22 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Connection closed by 176.65.132.129 port 50020 [preauth]
Jun 22 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Invalid user core from 176.65.132.129
Jun 22 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: input_userauth_request: invalid user core [preauth]
Jun 22 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Failed password for invalid user core from 176.65.132.129 port 50046 ssh2
Jun 22 19:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Connection closed by 176.65.132.129 port 50046 [preauth]
Jun 22 19:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4657]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4735]: Successful su for rubyman by root
Jun 22 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4735]: + ??? root:rubyman
Jun 22 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572734 of user rubyman.
Jun 22 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4735]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572734.
Jun 22 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Failed password for root from 176.65.132.129 port 50060 ssh2
Jun 22 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Connection closed by 176.65.132.129 port 50060 [preauth]
Jun 22 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4923]: Invalid user bob from 176.65.132.129
Jun 22 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4923]: input_userauth_request: invalid user bob [preauth]
Jun 22 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4923]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1572]: pam_unix(cron:session): session closed for user root
Jun 22 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4658]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4923]: Failed password for invalid user bob from 176.65.132.129 port 60520 ssh2
Jun 22 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4923]: Connection closed by 176.65.132.129 port 60520 [preauth]
Jun 22 19:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: Invalid user root1 from 176.65.132.129
Jun 22 19:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: input_userauth_request: invalid user root1 [preauth]
Jun 22 19:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: Failed password for invalid user root1 from 176.65.132.129 port 60536 ssh2
Jun 22 19:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: Connection closed by 176.65.132.129 port 60536 [preauth]
Jun 22 19:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5032]: Failed password for root from 176.65.132.129 port 60564 ssh2
Jun 22 19:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5032]: Connection closed by 176.65.132.129 port 60564 [preauth]
Jun 22 19:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5039]: Invalid user ftpuser from 176.65.132.129
Jun 22 19:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5039]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 19:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5039]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5039]: Failed password for invalid user ftpuser from 176.65.132.129 port 52848 ssh2
Jun 22 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5062]: Invalid user config from 176.65.132.129
Jun 22 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5062]: input_userauth_request: invalid user config [preauth]
Jun 22 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5039]: Connection closed by 176.65.132.129 port 52848 [preauth]
Jun 22 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5062]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5062]: Failed password for invalid user config from 176.65.132.129 port 52858 ssh2
Jun 22 19:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5062]: Connection closed by 176.65.132.129 port 52858 [preauth]
Jun 22 19:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: Invalid user odoo18 from 176.65.132.129
Jun 22 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: input_userauth_request: invalid user odoo18 [preauth]
Jun 22 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: Failed password for invalid user odoo18 from 176.65.132.129 port 52864 ssh2
Jun 22 19:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: Connection closed by 176.65.132.129 port 52864 [preauth]
Jun 22 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: Invalid user guest from 176.65.132.129
Jun 22 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: input_userauth_request: invalid user guest [preauth]
Jun 22 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: Failed password for invalid user guest from 176.65.132.129 port 38422 ssh2
Jun 22 19:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: Connection closed by 176.65.132.129 port 38422 [preauth]
Jun 22 19:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5088]: Failed password for root from 176.65.132.129 port 38438 ssh2
Jun 22 19:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5088]: Connection closed by 176.65.132.129 port 38438 [preauth]
Jun 22 19:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5098]: Failed password for root from 176.65.132.129 port 38444 ssh2
Jun 22 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5098]: Connection closed by 176.65.132.129 port 38444 [preauth]
Jun 22 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: Invalid user deploy from 176.65.132.129
Jun 22 19:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3522]: pam_unix(cron:session): session closed for user root
Jun 22 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: Failed password for invalid user deploy from 176.65.132.129 port 38460 ssh2
Jun 22 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: Connection closed by 176.65.132.129 port 38460 [preauth]
Jun 22 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: Invalid user docker from 176.65.132.129
Jun 22 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: input_userauth_request: invalid user docker [preauth]
Jun 22 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: Failed password for invalid user docker from 176.65.132.129 port 56892 ssh2
Jun 22 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: Connection closed by 176.65.132.129 port 56892 [preauth]
Jun 22 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: Invalid user docker from 38.55.97.143
Jun 22 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: input_userauth_request: invalid user docker [preauth]
Jun 22 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5144]: Invalid user kipt from 176.65.132.129
Jun 22 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5144]: input_userauth_request: invalid user kipt [preauth]
Jun 22 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5144]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: Failed password for invalid user docker from 38.55.97.143 port 39516 ssh2
Jun 22 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: Connection closed by 38.55.97.143 port 39516 [preauth]
Jun 22 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5144]: Failed password for invalid user kipt from 176.65.132.129 port 56896 ssh2
Jun 22 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Invalid user username from 176.65.132.129
Jun 22 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: input_userauth_request: invalid user username [preauth]
Jun 22 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5144]: Connection closed by 176.65.132.129 port 56896 [preauth]
Jun 22 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Failed password for invalid user username from 176.65.132.129 port 56910 ssh2
Jun 22 19:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Connection closed by 176.65.132.129 port 56910 [preauth]
Jun 22 19:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Failed password for root from 176.65.132.129 port 58830 ssh2
Jun 22 19:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Connection closed by 176.65.132.129 port 58830 [preauth]
Jun 22 19:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Failed password for root from 176.65.132.129 port 58832 ssh2
Jun 22 19:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Connection closed by 176.65.132.129 port 58832 [preauth]
Jun 22 19:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: Invalid user crafty from 176.65.132.129
Jun 22 19:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: input_userauth_request: invalid user crafty [preauth]
Jun 22 19:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Invalid user openclaw from 176.65.132.129
Jun 22 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: Failed password for invalid user crafty from 176.65.132.129 port 58838 ssh2
Jun 22 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: Connection closed by 176.65.132.129 port 58838 [preauth]
Jun 22 19:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Failed password for invalid user openclaw from 176.65.132.129 port 43716 ssh2
Jun 22 19:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Connection closed by 176.65.132.129 port 43716 [preauth]
Jun 22 19:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Invalid user plex from 176.65.132.129
Jun 22 19:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: input_userauth_request: invalid user plex [preauth]
Jun 22 19:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Failed password for invalid user plex from 176.65.132.129 port 43718 ssh2
Jun 22 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Connection closed by 176.65.132.129 port 43718 [preauth]
Jun 22 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: Invalid user karel from 176.65.132.129
Jun 22 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: input_userauth_request: invalid user karel [preauth]
Jun 22 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: Failed password for invalid user karel from 176.65.132.129 port 43730 ssh2
Jun 22 19:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: Connection closed by 176.65.132.129 port 43730 [preauth]
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5215]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5280]: Successful su for rubyman by root
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5280]: + ??? root:rubyman
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572737 of user rubyman.
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5280]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572737.
Jun 22 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Failed password for root from 176.65.132.129 port 43734 ssh2
Jun 22 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2141]: pam_unix(cron:session): session closed for user root
Jun 22 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Connection closed by 176.65.132.129 port 43734 [preauth]
Jun 22 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5216]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: Failed password for root from 176.65.132.129 port 36308 ssh2
Jun 22 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: Connection closed by 176.65.132.129 port 36308 [preauth]
Jun 22 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: Invalid user guest from 176.65.132.129
Jun 22 19:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: input_userauth_request: invalid user guest [preauth]
Jun 22 19:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: Failed password for invalid user guest from 176.65.132.129 port 36310 ssh2
Jun 22 19:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: Connection closed by 176.65.132.129 port 36310 [preauth]
Jun 22 19:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: Invalid user administrator from 176.65.132.129
Jun 22 19:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: input_userauth_request: invalid user administrator [preauth]
Jun 22 19:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: Failed password for invalid user administrator from 176.65.132.129 port 36318 ssh2
Jun 22 19:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: Connection closed by 176.65.132.129 port 36318 [preauth]
Jun 22 19:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: Invalid user test from 176.65.132.129
Jun 22 19:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: input_userauth_request: invalid user test [preauth]
Jun 22 19:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: Failed password for invalid user test from 176.65.132.129 port 47648 ssh2
Jun 22 19:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: Connection closed by 176.65.132.129 port 47648 [preauth]
Jun 22 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: Invalid user fastuser from 176.65.132.129
Jun 22 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Invalid user debian from 193.24.211.107
Jun 22 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: input_userauth_request: invalid user debian [preauth]
Jun 22 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107
Jun 22 19:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: Failed password for invalid user fastuser from 176.65.132.129 port 47660 ssh2
Jun 22 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Failed password for invalid user debian from 193.24.211.107 port 21118 ssh2
Jun 22 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: Connection closed by 176.65.132.129 port 47660 [preauth]
Jun 22 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Received disconnect from 193.24.211.107 port 21118:11: Client disconnecting normally [preauth]
Jun 22 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Disconnected from 193.24.211.107 port 21118 [preauth]
Jun 22 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Invalid user ts3 from 176.65.132.129
Jun 22 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: input_userauth_request: invalid user ts3 [preauth]
Jun 22 19:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Failed password for invalid user ts3 from 176.65.132.129 port 47674 ssh2
Jun 22 19:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Connection closed by 176.65.132.129 port 47674 [preauth]
Jun 22 19:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Invalid user prem from 176.65.132.129
Jun 22 19:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: input_userauth_request: invalid user prem [preauth]
Jun 22 19:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Failed password for invalid user prem from 176.65.132.129 port 35100 ssh2
Jun 22 19:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Connection closed by 176.65.132.129 port 35100 [preauth]
Jun 22 19:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Invalid user deploy from 176.65.132.129
Jun 22 19:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Failed password for invalid user deploy from 176.65.132.129 port 35114 ssh2
Jun 22 19:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Connection closed by 176.65.132.129 port 35114 [preauth]
Jun 22 19:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Invalid user steam from 176.65.132.129
Jun 22 19:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: input_userauth_request: invalid user steam [preauth]
Jun 22 19:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Failed password for invalid user steam from 176.65.132.129 port 35130 ssh2
Jun 22 19:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Connection closed by 176.65.132.129 port 35130 [preauth]
Jun 22 19:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Invalid user ethan from 176.65.132.129
Jun 22 19:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: input_userauth_request: invalid user ethan [preauth]
Jun 22 19:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Failed password for invalid user ethan from 176.65.132.129 port 35132 ssh2
Jun 22 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Connection closed by 176.65.132.129 port 35132 [preauth]
Jun 22 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Invalid user odoo16 from 176.65.132.129
Jun 22 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: input_userauth_request: invalid user odoo16 [preauth]
Jun 22 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session closed for user root
Jun 22 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Failed password for invalid user odoo16 from 176.65.132.129 port 55424 ssh2
Jun 22 19:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Connection closed by 176.65.132.129 port 55424 [preauth]
Jun 22 19:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: Invalid user gitlab from 176.65.132.129
Jun 22 19:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: input_userauth_request: invalid user gitlab [preauth]
Jun 22 19:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: Failed password for invalid user gitlab from 176.65.132.129 port 55426 ssh2
Jun 22 19:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: Connection closed by 176.65.132.129 port 55426 [preauth]
Jun 22 19:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: Invalid user mohammad from 176.65.132.129
Jun 22 19:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: input_userauth_request: invalid user mohammad [preauth]
Jun 22 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: Failed password for invalid user mohammad from 176.65.132.129 port 55442 ssh2
Jun 22 19:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: Connection closed by 176.65.132.129 port 55442 [preauth]
Jun 22 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: Invalid user cloud-user from 176.65.132.129
Jun 22 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: input_userauth_request: invalid user cloud-user [preauth]
Jun 22 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Invalid user devuser from 38.55.97.143
Jun 22 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: input_userauth_request: invalid user devuser [preauth]
Jun 22 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: Failed password for invalid user cloud-user from 176.65.132.129 port 57036 ssh2
Jun 22 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5612]: Connection closed by 176.65.132.129 port 57036 [preauth]
Jun 22 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5633]: Invalid user username from 176.65.132.129
Jun 22 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5633]: input_userauth_request: invalid user username [preauth]
Jun 22 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Failed password for invalid user devuser from 38.55.97.143 port 60034 ssh2
Jun 22 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5633]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Connection closed by 38.55.97.143 port 60034 [preauth]
Jun 22 19:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5633]: Failed password for invalid user username from 176.65.132.129 port 57052 ssh2
Jun 22 19:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5633]: Connection closed by 176.65.132.129 port 57052 [preauth]
Jun 22 19:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5636]: Invalid user bitrix from 176.65.132.129
Jun 22 19:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5636]: input_userauth_request: invalid user bitrix [preauth]
Jun 22 19:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5636]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5636]: Failed password for invalid user bitrix from 176.65.132.129 port 57076 ssh2
Jun 22 19:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5636]: Connection closed by 176.65.132.129 port 57076 [preauth]
Jun 22 19:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: Invalid user runner from 176.65.132.129
Jun 22 19:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: input_userauth_request: invalid user runner [preauth]
Jun 22 19:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: Failed password for invalid user runner from 176.65.132.129 port 36442 ssh2
Jun 22 19:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: Connection closed by 176.65.132.129 port 36442 [preauth]
Jun 22 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5648]: Invalid user app from 176.65.132.129
Jun 22 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5648]: input_userauth_request: invalid user app [preauth]
Jun 22 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5648]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5648]: Failed password for invalid user app from 176.65.132.129 port 36462 ssh2
Jun 22 19:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5648]: Connection closed by 176.65.132.129 port 36462 [preauth]
Jun 22 19:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Invalid user ossuser from 176.65.132.129
Jun 22 19:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: input_userauth_request: invalid user ossuser [preauth]
Jun 22 19:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Failed password for invalid user ossuser from 176.65.132.129 port 36474 ssh2
Jun 22 19:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Connection closed by 176.65.132.129 port 36474 [preauth]
Jun 22 19:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Invalid user teamspeak from 176.65.132.129
Jun 22 19:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 19:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5671]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5731]: Successful su for rubyman by root
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5731]: + ??? root:rubyman
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572740 of user rubyman.
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5731]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572740.
Jun 22 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Failed password for invalid user teamspeak from 176.65.132.129 port 36488 ssh2
Jun 22 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Connection closed by 176.65.132.129 port 36488 [preauth]
Jun 22 19:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5847]: Invalid user zabbix from 176.65.132.129
Jun 22 19:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5847]: input_userauth_request: invalid user zabbix [preauth]
Jun 22 19:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5847]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2639]: pam_unix(cron:session): session closed for user root
Jun 22 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5847]: Failed password for invalid user zabbix from 176.65.132.129 port 49376 ssh2
Jun 22 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5847]: Connection closed by 176.65.132.129 port 49376 [preauth]
Jun 22 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: User john from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: input_userauth_request: invalid user john [preauth]
Jun 22 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=john
Jun 22 19:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: Failed password for invalid user john from 176.65.132.129 port 49380 ssh2
Jun 22 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: Connection closed by 176.65.132.129 port 49380 [preauth]
Jun 22 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: Invalid user gary from 176.65.132.129
Jun 22 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: input_userauth_request: invalid user gary [preauth]
Jun 22 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: Failed password for invalid user gary from 176.65.132.129 port 49402 ssh2
Jun 22 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: Connection closed by 176.65.132.129 port 49402 [preauth]
Jun 22 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Invalid user bot from 176.65.132.129
Jun 22 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: input_userauth_request: invalid user bot [preauth]
Jun 22 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Failed password for invalid user bot from 176.65.132.129 port 41054 ssh2
Jun 22 19:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Connection closed by 176.65.132.129 port 41054 [preauth]
Jun 22 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Invalid user pi from 176.65.132.129
Jun 22 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Failed password for invalid user pi from 176.65.132.129 port 41068 ssh2
Jun 22 19:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Connection closed by 176.65.132.129 port 41068 [preauth]
Jun 22 19:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: Invalid user ftpuser from 176.65.132.129
Jun 22 19:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 19:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: Failed password for invalid user ftpuser from 176.65.132.129 port 41072 ssh2
Jun 22 19:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: Connection closed by 176.65.132.129 port 41072 [preauth]
Jun 22 19:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Invalid user vagrant from 176.65.132.129
Jun 22 19:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: input_userauth_request: invalid user vagrant [preauth]
Jun 22 19:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Failed password for invalid user vagrant from 176.65.132.129 port 57138 ssh2
Jun 22 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Connection closed by 176.65.132.129 port 57138 [preauth]
Jun 22 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Invalid user chenxi from 176.65.132.129
Jun 22 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: input_userauth_request: invalid user chenxi [preauth]
Jun 22 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Failed password for invalid user chenxi from 176.65.132.129 port 57152 ssh2
Jun 22 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Connection closed by 176.65.132.129 port 57152 [preauth]
Jun 22 19:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Invalid user openclaw from 176.65.132.129
Jun 22 19:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 19:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Failed password for invalid user openclaw from 176.65.132.129 port 57160 ssh2
Jun 22 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Connection closed by 176.65.132.129 port 57160 [preauth]
Jun 22 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: Failed password for root from 176.65.132.129 port 57166 ssh2
Jun 22 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: Connection closed by 176.65.132.129 port 57166 [preauth]
Jun 22 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4660]: pam_unix(cron:session): session closed for user root
Jun 22 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: Failed password for root from 176.65.132.129 port 39954 ssh2
Jun 22 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: Connection closed by 176.65.132.129 port 39954 [preauth]
Jun 22 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Failed password for invalid user ubuntu from 176.65.132.129 port 39958 ssh2
Jun 22 19:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Connection closed by 176.65.132.129 port 39958 [preauth]
Jun 22 19:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: Invalid user onkar from 176.65.132.129
Jun 22 19:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: input_userauth_request: invalid user onkar [preauth]
Jun 22 19:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: Failed password for invalid user onkar from 176.65.132.129 port 39966 ssh2
Jun 22 19:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: Connection closed by 176.65.132.129 port 39966 [preauth]
Jun 22 19:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Invalid user master from 176.65.132.129
Jun 22 19:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: input_userauth_request: invalid user master [preauth]
Jun 22 19:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Failed password for invalid user master from 176.65.132.129 port 45272 ssh2
Jun 22 19:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Connection closed by 176.65.132.129 port 45272 [preauth]
Jun 22 19:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Failed password for root from 176.65.132.129 port 45288 ssh2
Jun 22 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Connection closed by 176.65.132.129 port 45288 [preauth]
Jun 22 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: Invalid user gd from 176.65.132.129
Jun 22 19:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: input_userauth_request: invalid user gd [preauth]
Jun 22 19:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: Failed password for invalid user gd from 176.65.132.129 port 45298 ssh2
Jun 22 19:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: Connection closed by 176.65.132.129 port 45298 [preauth]
Jun 22 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Invalid user d from 38.55.97.143
Jun 22 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: input_userauth_request: invalid user d [preauth]
Jun 22 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Invalid user dmdba from 176.65.132.129
Jun 22 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: input_userauth_request: invalid user dmdba [preauth]
Jun 22 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for invalid user d from 38.55.97.143 port 48086 ssh2
Jun 22 19:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Connection closed by 38.55.97.143 port 48086 [preauth]
Jun 22 19:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Failed password for invalid user dmdba from 176.65.132.129 port 45310 ssh2
Jun 22 19:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Connection closed by 176.65.132.129 port 45310 [preauth]
Jun 22 19:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Invalid user ranga from 176.65.132.129
Jun 22 19:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: input_userauth_request: invalid user ranga [preauth]
Jun 22 19:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Failed password for invalid user ranga from 176.65.132.129 port 47230 ssh2
Jun 22 19:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Connection closed by 176.65.132.129 port 47230 [preauth]
Jun 22 19:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Invalid user devops from 176.65.132.129
Jun 22 19:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: input_userauth_request: invalid user devops [preauth]
Jun 22 19:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Failed password for invalid user devops from 176.65.132.129 port 47246 ssh2
Jun 22 19:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Connection closed by 176.65.132.129 port 47246 [preauth]
Jun 22 19:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Invalid user user4 from 176.65.132.129
Jun 22 19:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: input_userauth_request: invalid user user4 [preauth]
Jun 22 19:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6100]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6163]: Successful su for rubyman by root
Jun 22 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6163]: + ??? root:rubyman
Jun 22 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572744 of user rubyman.
Jun 22 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6163]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572744.
Jun 22 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Failed password for invalid user user4 from 176.65.132.129 port 47250 ssh2
Jun 22 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Connection closed by 176.65.132.129 port 47250 [preauth]
Jun 22 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Invalid user chris from 176.65.132.129
Jun 22 19:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: input_userauth_request: invalid user chris [preauth]
Jun 22 19:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3082]: pam_unix(cron:session): session closed for user root
Jun 22 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Failed password for invalid user chris from 176.65.132.129 port 59586 ssh2
Jun 22 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Connection closed by 176.65.132.129 port 59586 [preauth]
Jun 22 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Received disconnect from 198.46.134.148 port 59988:11: disconnected by user [preauth]
Jun 22 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Disconnected from 198.46.134.148 port 59988 [preauth]
Jun 22 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6101]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: Failed password for root from 176.65.132.129 port 59594 ssh2
Jun 22 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6335]: Connection closed by 176.65.132.129 port 59594 [preauth]
Jun 22 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Invalid user deploy from 176.65.132.129
Jun 22 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Failed password for invalid user deploy from 176.65.132.129 port 59610 ssh2
Jun 22 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Connection closed by 176.65.132.129 port 59610 [preauth]
Jun 22 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Invalid user rancher from 176.65.132.129
Jun 22 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: input_userauth_request: invalid user rancher [preauth]
Jun 22 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Failed password for invalid user rancher from 176.65.132.129 port 43244 ssh2
Jun 22 19:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Connection closed by 176.65.132.129 port 43244 [preauth]
Jun 22 19:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Failed password for invalid user ubuntu from 176.65.132.129 port 43256 ssh2
Jun 22 19:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Connection closed by 176.65.132.129 port 43256 [preauth]
Jun 22 19:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Invalid user hadoop from 176.65.132.129
Jun 22 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Failed password for invalid user hadoop from 176.65.132.129 port 43258 ssh2
Jun 22 19:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Connection closed by 176.65.132.129 port 43258 [preauth]
Jun 22 19:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Invalid user ec2-user from 176.65.132.129
Jun 22 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: input_userauth_request: invalid user ec2-user [preauth]
Jun 22 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Failed password for invalid user ec2-user from 176.65.132.129 port 32806 ssh2
Jun 22 19:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Connection closed by 176.65.132.129 port 32806 [preauth]
Jun 22 19:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: Failed password for root from 176.65.132.129 port 32816 ssh2
Jun 22 19:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: Connection closed by 176.65.132.129 port 32816 [preauth]
Jun 22 19:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Invalid user teamspeak from 176.65.132.129
Jun 22 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Failed password for invalid user teamspeak from 176.65.132.129 port 32820 ssh2
Jun 22 19:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Connection closed by 176.65.132.129 port 32820 [preauth]
Jun 22 19:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Invalid user hadoop from 176.65.132.129
Jun 22 19:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 19:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Failed password for invalid user hadoop from 176.65.132.129 port 32822 ssh2
Jun 22 19:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Connection closed by 176.65.132.129 port 32822 [preauth]
Jun 22 19:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5218]: pam_unix(cron:session): session closed for user root
Jun 22 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6439]: Failed password for root from 176.65.132.129 port 32812 ssh2
Jun 22 19:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6439]: Connection closed by 176.65.132.129 port 32812 [preauth]
Jun 22 19:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Invalid user pi from 176.65.132.129
Jun 22 19:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Failed password for invalid user pi from 176.65.132.129 port 32822 ssh2
Jun 22 19:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Connection closed by 176.65.132.129 port 32822 [preauth]
Jun 22 19:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Invalid user zahra from 176.65.132.129
Jun 22 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: input_userauth_request: invalid user zahra [preauth]
Jun 22 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Failed password for invalid user zahra from 176.65.132.129 port 32824 ssh2
Jun 22 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Connection closed by 176.65.132.129 port 32824 [preauth]
Jun 22 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Invalid user student from 176.65.132.129
Jun 22 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: input_userauth_request: invalid user student [preauth]
Jun 22 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Failed password for invalid user student from 176.65.132.129 port 35702 ssh2
Jun 22 19:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Connection closed by 176.65.132.129 port 35702 [preauth]
Jun 22 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: Invalid user elastic from 176.65.132.129
Jun 22 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: input_userauth_request: invalid user elastic [preauth]
Jun 22 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: Failed password for invalid user elastic from 176.65.132.129 port 35708 ssh2
Jun 22 19:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: Connection closed by 176.65.132.129 port 35708 [preauth]
Jun 22 19:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Failed password for root from 176.65.132.129 port 35718 ssh2
Jun 22 19:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Connection closed by 176.65.132.129 port 35718 [preauth]
Jun 22 19:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: Invalid user erpnext from 176.65.132.129
Jun 22 19:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: input_userauth_request: invalid user erpnext [preauth]
Jun 22 19:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: Failed password for invalid user erpnext from 176.65.132.129 port 56220 ssh2
Jun 22 19:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: Connection closed by 176.65.132.129 port 56220 [preauth]
Jun 22 19:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Invalid user gitlab-runner from 176.65.132.129
Jun 22 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 22 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: User daemon from 38.55.97.143 not allowed because not listed in AllowUsers
Jun 22 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: input_userauth_request: invalid user daemon [preauth]
Jun 22 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=daemon
Jun 22 19:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Failed password for invalid user gitlab-runner from 176.65.132.129 port 56234 ssh2
Jun 22 19:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Connection closed by 176.65.132.129 port 56234 [preauth]
Jun 22 19:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Failed password for invalid user daemon from 38.55.97.143 port 60744 ssh2
Jun 22 19:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Connection closed by 38.55.97.143 port 60744 [preauth]
Jun 22 19:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: Failed password for root from 176.65.132.129 port 56258 ssh2
Jun 22 19:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: Connection closed by 176.65.132.129 port 56258 [preauth]
Jun 22 19:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: Invalid user odoo14 from 176.65.132.129
Jun 22 19:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: input_userauth_request: invalid user odoo14 [preauth]
Jun 22 19:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6541]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6542]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6540]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6543]: pam_unix(cron:session): session closed for user root
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6538]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6607]: Successful su for rubyman by root
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6607]: + ??? root:rubyman
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572750 of user rubyman.
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6607]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572750.
Jun 22 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: Failed password for invalid user odoo14 from 176.65.132.129 port 56274 ssh2
Jun 22 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: Connection closed by 176.65.132.129 port 56274 [preauth]
Jun 22 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Invalid user dspace from 176.65.132.129
Jun 22 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: input_userauth_request: invalid user dspace [preauth]
Jun 22 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6540]: pam_unix(cron:session): session closed for user root
Jun 22 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3520]: pam_unix(cron:session): session closed for user root
Jun 22 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Failed password for invalid user dspace from 176.65.132.129 port 52300 ssh2
Jun 22 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Connection closed by 176.65.132.129 port 52300 [preauth]
Jun 22 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6539]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: Failed password for root from 176.65.132.129 port 52308 ssh2
Jun 22 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: Connection closed by 176.65.132.129 port 52308 [preauth]
Jun 22 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Invalid user admin from 176.65.132.129
Jun 22 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Failed password for invalid user admin from 176.65.132.129 port 52322 ssh2
Jun 22 19:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Connection closed by 176.65.132.129 port 52322 [preauth]
Jun 22 19:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Invalid user localhost from 176.65.132.129
Jun 22 19:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: input_userauth_request: invalid user localhost [preauth]
Jun 22 19:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Failed password for invalid user localhost from 176.65.132.129 port 59696 ssh2
Jun 22 19:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Connection closed by 176.65.132.129 port 59696 [preauth]
Jun 22 19:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Invalid user gabriel from 176.65.132.129
Jun 22 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: input_userauth_request: invalid user gabriel [preauth]
Jun 22 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Invalid user admin from 2.57.121.25
Jun 22 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Failed password for invalid user gabriel from 176.65.132.129 port 59708 ssh2
Jun 22 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Connection closed by 176.65.132.129 port 59708 [preauth]
Jun 22 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for invalid user admin from 2.57.121.25 port 55420 ssh2
Jun 22 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Invalid user steam from 176.65.132.129
Jun 22 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: input_userauth_request: invalid user steam [preauth]
Jun 22 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for invalid user admin from 2.57.121.25 port 55420 ssh2
Jun 22 19:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Failed password for invalid user steam from 176.65.132.129 port 59710 ssh2
Jun 22 19:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Connection closed by 176.65.132.129 port 59710 [preauth]
Jun 22 19:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for invalid user admin from 2.57.121.25 port 55420 ssh2
Jun 22 19:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Connection closed by 2.57.121.25 port 55420 [preauth]
Jun 22 19:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 19:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: Failed password for root from 176.65.132.129 port 34600 ssh2
Jun 22 19:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: Connection closed by 176.65.132.129 port 34600 [preauth]
Jun 22 19:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: Failed password for root from 176.65.132.129 port 34606 ssh2
Jun 22 19:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: Connection closed by 176.65.132.129 port 34606 [preauth]
Jun 22 19:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Invalid user bob from 176.65.132.129
Jun 22 19:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: input_userauth_request: invalid user bob [preauth]
Jun 22 19:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Failed password for invalid user bob from 176.65.132.129 port 34612 ssh2
Jun 22 19:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Connection closed by 176.65.132.129 port 34612 [preauth]
Jun 22 19:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: Failed password for root from 176.65.132.129 port 34618 ssh2
Jun 22 19:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: Connection closed by 176.65.132.129 port 34618 [preauth]
Jun 22 19:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session closed for user root
Jun 22 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: Invalid user openclaw from 176.65.132.129
Jun 22 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: Failed password for invalid user openclaw from 176.65.132.129 port 45258 ssh2
Jun 22 19:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: Connection closed by 176.65.132.129 port 45258 [preauth]
Jun 22 19:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Invalid user bot from 176.65.132.129
Jun 22 19:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: input_userauth_request: invalid user bot [preauth]
Jun 22 19:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Failed password for invalid user bot from 176.65.132.129 port 45270 ssh2
Jun 22 19:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Connection closed by 176.65.132.129 port 45270 [preauth]
Jun 22 19:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Invalid user liyang from 176.65.132.129
Jun 22 19:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: input_userauth_request: invalid user liyang [preauth]
Jun 22 19:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Failed password for invalid user liyang from 176.65.132.129 port 45280 ssh2
Jun 22 19:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Connection closed by 176.65.132.129 port 45280 [preauth]
Jun 22 19:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Invalid user odoo17 from 176.65.132.129
Jun 22 19:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: input_userauth_request: invalid user odoo17 [preauth]
Jun 22 19:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Failed password for invalid user odoo17 from 176.65.132.129 port 38328 ssh2
Jun 22 19:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Connection closed by 176.65.132.129 port 38328 [preauth]
Jun 22 19:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: User ftp from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: input_userauth_request: invalid user ftp [preauth]
Jun 22 19:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=ftp
Jun 22 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Failed password for invalid user ftp from 176.65.132.129 port 38336 ssh2
Jun 22 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Connection closed by 176.65.132.129 port 38336 [preauth]
Jun 22 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: Invalid user user from 141.98.83.240
Jun 22 19:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: input_userauth_request: invalid user user [preauth]
Jun 22 19:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Invalid user deployer from 176.65.132.129
Jun 22 19:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: input_userauth_request: invalid user deployer [preauth]
Jun 22 19:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 19:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: Failed password for invalid user user from 141.98.83.240 port 8204 ssh2
Jun 22 19:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Failed password for invalid user deployer from 176.65.132.129 port 38352 ssh2
Jun 22 19:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Connection closed by 176.65.132.129 port 38352 [preauth]
Jun 22 19:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Invalid user master from 176.65.132.129
Jun 22 19:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: input_userauth_request: invalid user master [preauth]
Jun 22 19:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: Failed password for invalid user user from 141.98.83.240 port 8204 ssh2
Jun 22 19:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Failed password for invalid user master from 176.65.132.129 port 38360 ssh2
Jun 22 19:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Connection closed by 176.65.132.129 port 38360 [preauth]
Jun 22 19:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: Failed password for invalid user user from 141.98.83.240 port 8204 ssh2
Jun 22 19:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: Invalid user claude from 176.65.132.129
Jun 22 19:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: Connection closed by 141.98.83.240 port 8204 [preauth]
Jun 22 19:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7030]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 19:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: Failed password for invalid user claude from 176.65.132.129 port 44594 ssh2
Jun 22 19:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: Connection closed by 176.65.132.129 port 44594 [preauth]
Jun 22 19:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Invalid user carlos from 38.55.97.143
Jun 22 19:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: input_userauth_request: invalid user carlos [preauth]
Jun 22 19:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: Invalid user splunk from 176.65.132.129
Jun 22 19:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: input_userauth_request: invalid user splunk [preauth]
Jun 22 19:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Failed password for invalid user carlos from 38.55.97.143 port 47468 ssh2
Jun 22 19:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Connection closed by 38.55.97.143 port 47468 [preauth]
Jun 22 19:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: Failed password for invalid user splunk from 176.65.132.129 port 44614 ssh2
Jun 22 19:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: Connection closed by 176.65.132.129 port 44614 [preauth]
Jun 22 19:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7129]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7204]: Successful su for rubyman by root
Jun 22 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7204]: + ??? root:rubyman
Jun 22 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572754 of user rubyman.
Jun 22 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7204]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572754.
Jun 22 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: Failed password for root from 176.65.132.129 port 44640 ssh2
Jun 22 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: Connection closed by 176.65.132.129 port 44640 [preauth]
Jun 22 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session closed for user root
Jun 22 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: Failed password for root from 176.65.132.129 port 42588 ssh2
Jun 22 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: Connection closed by 176.65.132.129 port 42588 [preauth]
Jun 22 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Invalid user stack from 176.65.132.129
Jun 22 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: input_userauth_request: invalid user stack [preauth]
Jun 22 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7130]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Failed password for invalid user stack from 176.65.132.129 port 42602 ssh2
Jun 22 19:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Connection closed by 176.65.132.129 port 42602 [preauth]
Jun 22 19:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7395]: Invalid user work from 176.65.132.129
Jun 22 19:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7395]: input_userauth_request: invalid user work [preauth]
Jun 22 19:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7395]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7395]: Failed password for invalid user work from 176.65.132.129 port 42606 ssh2
Jun 22 19:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7395]: Connection closed by 176.65.132.129 port 42606 [preauth]
Jun 22 19:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: Invalid user appuser from 176.65.132.129
Jun 22 19:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: input_userauth_request: invalid user appuser [preauth]
Jun 22 19:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: Failed password for invalid user appuser from 176.65.132.129 port 39050 ssh2
Jun 22 19:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7397]: Connection closed by 176.65.132.129 port 39050 [preauth]
Jun 22 19:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Invalid user david from 176.65.132.129
Jun 22 19:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: input_userauth_request: invalid user david [preauth]
Jun 22 19:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Failed password for invalid user david from 176.65.132.129 port 39060 ssh2
Jun 22 19:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Connection closed by 176.65.132.129 port 39060 [preauth]
Jun 22 19:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: Failed password for root from 176.65.132.129 port 39064 ssh2
Jun 22 19:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: Connection closed by 176.65.132.129 port 39064 [preauth]
Jun 22 19:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: Invalid user trade from 176.65.132.129
Jun 22 19:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: input_userauth_request: invalid user trade [preauth]
Jun 22 19:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: Failed password for invalid user trade from 176.65.132.129 port 39068 ssh2
Jun 22 19:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: Connection closed by 176.65.132.129 port 39068 [preauth]
Jun 22 19:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: Failed password for invalid user ubuntu from 176.65.132.129 port 36316 ssh2
Jun 22 19:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: Connection closed by 176.65.132.129 port 36316 [preauth]
Jun 22 19:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Invalid user test2 from 176.65.132.129
Jun 22 19:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: input_userauth_request: invalid user test2 [preauth]
Jun 22 19:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Failed password for invalid user test2 from 176.65.132.129 port 36328 ssh2
Jun 22 19:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Connection closed by 176.65.132.129 port 36328 [preauth]
Jun 22 19:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: Invalid user claude from 176.65.132.129
Jun 22 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: Failed password for invalid user claude from 176.65.132.129 port 36344 ssh2
Jun 22 19:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: Connection closed by 176.65.132.129 port 36344 [preauth]
Jun 22 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Invalid user www from 176.65.132.129
Jun 22 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: input_userauth_request: invalid user www [preauth]
Jun 22 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6103]: pam_unix(cron:session): session closed for user root
Jun 22 19:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Failed password for invalid user www from 176.65.132.129 port 43488 ssh2
Jun 22 19:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Connection closed by 176.65.132.129 port 43488 [preauth]
Jun 22 19:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7499]: Failed password for root from 176.65.132.129 port 43504 ssh2
Jun 22 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7499]: Connection closed by 176.65.132.129 port 43504 [preauth]
Jun 22 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7508]: Invalid user claude from 176.65.132.129
Jun 22 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7508]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7508]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7508]: Failed password for invalid user claude from 176.65.132.129 port 43514 ssh2
Jun 22 19:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7508]: Connection closed by 176.65.132.129 port 43514 [preauth]
Jun 22 19:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Invalid user admin123 from 176.65.132.129
Jun 22 19:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: input_userauth_request: invalid user admin123 [preauth]
Jun 22 19:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Failed password for invalid user admin123 from 176.65.132.129 port 41618 ssh2
Jun 22 19:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Connection closed by 176.65.132.129 port 41618 [preauth]
Jun 22 19:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: Invalid user clawdbot from 176.65.132.129
Jun 22 19:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: input_userauth_request: invalid user clawdbot [preauth]
Jun 22 19:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: Failed password for invalid user clawdbot from 176.65.132.129 port 41638 ssh2
Jun 22 19:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: Connection closed by 176.65.132.129 port 41638 [preauth]
Jun 22 19:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Failed password for root from 176.65.132.129 port 41664 ssh2
Jun 22 19:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Connection closed by 176.65.132.129 port 41664 [preauth]
Jun 22 19:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7549]: Failed password for root from 176.65.132.129 port 41678 ssh2
Jun 22 19:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7549]: Connection closed by 176.65.132.129 port 41678 [preauth]
Jun 22 19:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Invalid user deployer from 176.65.132.129
Jun 22 19:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: input_userauth_request: invalid user deployer [preauth]
Jun 22 19:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Failed password for invalid user deployer from 176.65.132.129 port 59264 ssh2
Jun 22 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Connection closed by 176.65.132.129 port 59264 [preauth]
Jun 22 19:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7565]: Invalid user redhat from 176.65.132.129
Jun 22 19:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7565]: input_userauth_request: invalid user redhat [preauth]
Jun 22 19:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7565]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7565]: Failed password for invalid user redhat from 176.65.132.129 port 59270 ssh2
Jun 22 19:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7565]: Connection closed by 176.65.132.129 port 59270 [preauth]
Jun 22 19:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7743]: Successful su for rubyman by root
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7743]: + ??? root:rubyman
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572758 of user rubyman.
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7743]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572758.
Jun 22 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: Failed password for root from 176.65.132.129 port 59282 ssh2
Jun 22 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: Connection closed by 176.65.132.129 port 59282 [preauth]
Jun 22 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Invalid user openclaw from 176.65.132.129
Jun 22 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: Invalid user admin from 38.55.97.143
Jun 22 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4659]: pam_unix(cron:session): session closed for user root
Jun 22 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Failed password for invalid user openclaw from 176.65.132.129 port 52624 ssh2
Jun 22 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Connection closed by 176.65.132.129 port 52624 [preauth]
Jun 22 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: Failed password for invalid user admin from 38.55.97.143 port 36894 ssh2
Jun 22 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7803]: Connection closed by 38.55.97.143 port 36894 [preauth]
Jun 22 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Invalid user appuser from 176.65.132.129
Jun 22 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: input_userauth_request: invalid user appuser [preauth]
Jun 22 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Failed password for invalid user appuser from 176.65.132.129 port 52656 ssh2
Jun 22 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Connection closed by 176.65.132.129 port 52656 [preauth]
Jun 22 19:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: Invalid user server from 176.65.132.129
Jun 22 19:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: input_userauth_request: invalid user server [preauth]
Jun 22 19:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: Failed password for invalid user server from 176.65.132.129 port 52668 ssh2
Jun 22 19:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: Connection closed by 176.65.132.129 port 52668 [preauth]
Jun 22 19:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: Invalid user pi from 176.65.132.129
Jun 22 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: Failed password for invalid user pi from 176.65.132.129 port 60294 ssh2
Jun 22 19:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7931]: Connection closed by 176.65.132.129 port 60294 [preauth]
Jun 22 19:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: Invalid user tester from 176.65.132.129
Jun 22 19:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: input_userauth_request: invalid user tester [preauth]
Jun 22 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: Failed password for invalid user tester from 176.65.132.129 port 60306 ssh2
Jun 22 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: Connection closed by 176.65.132.129 port 60306 [preauth]
Jun 22 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Failed password for root from 176.65.132.129 port 60320 ssh2
Jun 22 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Connection closed by 176.65.132.129 port 60320 [preauth]
Jun 22 19:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: Invalid user deploy from 176.65.132.129
Jun 22 19:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: Failed password for invalid user deploy from 176.65.132.129 port 60336 ssh2
Jun 22 19:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: Connection closed by 176.65.132.129 port 60336 [preauth]
Jun 22 19:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 19:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Invalid user runner from 176.65.132.129
Jun 22 19:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: input_userauth_request: invalid user runner [preauth]
Jun 22 19:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Failed password for invalid user runner from 176.65.132.129 port 38378 ssh2
Jun 22 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Connection closed by 176.65.132.129 port 38378 [preauth]
Jun 22 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Failed password for root from 103.82.132.16 port 45442 ssh2
Jun 22 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Connection closed by 103.82.132.16 port 45442 [preauth]
Jun 22 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: Invalid user jack from 176.65.132.129
Jun 22 19:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: input_userauth_request: invalid user jack [preauth]
Jun 22 19:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: Failed password for invalid user jack from 176.65.132.129 port 38388 ssh2
Jun 22 19:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: Connection closed by 176.65.132.129 port 38388 [preauth]
Jun 22 19:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: Failed password for root from 176.65.132.129 port 38402 ssh2
Jun 22 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Invalid user openvpn from 176.65.132.129
Jun 22 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: input_userauth_request: invalid user openvpn [preauth]
Jun 22 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: Connection closed by 176.65.132.129 port 38402 [preauth]
Jun 22 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6542]: pam_unix(cron:session): session closed for user root
Jun 22 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Failed password for invalid user openvpn from 176.65.132.129 port 57970 ssh2
Jun 22 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Connection closed by 176.65.132.129 port 57970 [preauth]
Jun 22 19:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: Invalid user debian from 176.65.132.129
Jun 22 19:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: input_userauth_request: invalid user debian [preauth]
Jun 22 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: Failed password for invalid user debian from 176.65.132.129 port 57980 ssh2
Jun 22 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: Connection closed by 176.65.132.129 port 57980 [preauth]
Jun 22 19:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8043]: Failed password for root from 176.65.132.129 port 57994 ssh2
Jun 22 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8043]: Connection closed by 176.65.132.129 port 57994 [preauth]
Jun 22 19:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Invalid user ivan from 176.65.132.129
Jun 22 19:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: input_userauth_request: invalid user ivan [preauth]
Jun 22 19:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Failed password for invalid user ivan from 176.65.132.129 port 55528 ssh2
Jun 22 19:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Connection closed by 176.65.132.129 port 55528 [preauth]
Jun 22 19:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Invalid user newuser from 176.65.132.129
Jun 22 19:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: input_userauth_request: invalid user newuser [preauth]
Jun 22 19:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Failed password for invalid user newuser from 176.65.132.129 port 55532 ssh2
Jun 22 19:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Connection closed by 176.65.132.129 port 55532 [preauth]
Jun 22 19:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: Invalid user gg from 176.65.132.129
Jun 22 19:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: input_userauth_request: invalid user gg [preauth]
Jun 22 19:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: Failed password for invalid user gg from 176.65.132.129 port 55538 ssh2
Jun 22 19:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: Connection closed by 176.65.132.129 port 55538 [preauth]
Jun 22 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Invalid user a from 176.65.132.129
Jun 22 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: input_userauth_request: invalid user a [preauth]
Jun 22 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Failed password for invalid user a from 176.65.132.129 port 55552 ssh2
Jun 22 19:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Connection closed by 176.65.132.129 port 55552 [preauth]
Jun 22 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: Invalid user myuser from 176.65.132.129
Jun 22 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: input_userauth_request: invalid user myuser [preauth]
Jun 22 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: Failed password for invalid user myuser from 176.65.132.129 port 41686 ssh2
Jun 22 19:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: Connection closed by 176.65.132.129 port 41686 [preauth]
Jun 22 19:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: Invalid user master from 176.65.132.129
Jun 22 19:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: input_userauth_request: invalid user master [preauth]
Jun 22 19:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: Failed password for invalid user master from 176.65.132.129 port 41694 ssh2
Jun 22 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: Connection closed by 176.65.132.129 port 41694 [preauth]
Jun 22 19:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: Invalid user private from 176.65.132.129
Jun 22 19:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: input_userauth_request: invalid user private [preauth]
Jun 22 19:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: Failed password for invalid user private from 176.65.132.129 port 41696 ssh2
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: Connection closed by 176.65.132.129 port 41696 [preauth]
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8171]: Successful su for rubyman by root
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8171]: + ??? root:rubyman
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572763 of user rubyman.
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8171]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572763.
Jun 22 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5217]: pam_unix(cron:session): session closed for user root
Jun 22 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: Failed password for invalid user ubuntu from 176.65.132.129 port 36998 ssh2
Jun 22 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: Connection closed by 176.65.132.129 port 36998 [preauth]
Jun 22 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Invalid user dev from 176.65.132.129
Jun 22 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8108]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Failed password for invalid user dev from 176.65.132.129 port 37000 ssh2
Jun 22 19:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Connection closed by 176.65.132.129 port 37000 [preauth]
Jun 22 19:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8354]: Invalid user niaoyun from 176.65.132.129
Jun 22 19:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8354]: input_userauth_request: invalid user niaoyun [preauth]
Jun 22 19:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8354]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: Invalid user vpn from 38.55.97.143
Jun 22 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: input_userauth_request: invalid user vpn [preauth]
Jun 22 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8354]: Failed password for invalid user niaoyun from 176.65.132.129 port 37010 ssh2
Jun 22 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8354]: Connection closed by 176.65.132.129 port 37010 [preauth]
Jun 22 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: Failed password for invalid user vpn from 38.55.97.143 port 53188 ssh2
Jun 22 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: Connection closed by 38.55.97.143 port 53188 [preauth]
Jun 22 19:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: Invalid user newuser from 176.65.132.129
Jun 22 19:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: input_userauth_request: invalid user newuser [preauth]
Jun 22 19:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: Failed password for invalid user newuser from 176.65.132.129 port 42488 ssh2
Jun 22 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: Connection closed by 176.65.132.129 port 42488 [preauth]
Jun 22 19:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for root from 176.65.132.129 port 42514 ssh2
Jun 22 19:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Connection closed by 176.65.132.129 port 42514 [preauth]
Jun 22 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: Failed password for root from 176.65.132.129 port 42520 ssh2
Jun 22 19:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: Connection closed by 176.65.132.129 port 42520 [preauth]
Jun 22 19:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Failed password for root from 176.65.132.129 port 42530 ssh2
Jun 22 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Connection closed by 176.65.132.129 port 42530 [preauth]
Jun 22 19:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: Failed password for root from 176.65.132.129 port 60464 ssh2
Jun 22 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: Connection closed by 176.65.132.129 port 60464 [preauth]
Jun 22 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Invalid user deploy from 176.65.132.129
Jun 22 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Failed password for invalid user deploy from 176.65.132.129 port 60468 ssh2
Jun 22 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Connection closed by 176.65.132.129 port 60468 [preauth]
Jun 22 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8431]: Invalid user installer from 176.65.132.129
Jun 22 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8431]: input_userauth_request: invalid user installer [preauth]
Jun 22 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8431]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8431]: Failed password for invalid user installer from 176.65.132.129 port 60484 ssh2
Jun 22 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8431]: Connection closed by 176.65.132.129 port 60484 [preauth]
Jun 22 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8443]: Invalid user operator from 176.65.132.129
Jun 22 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8443]: input_userauth_request: invalid user operator [preauth]
Jun 22 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8443]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7133]: pam_unix(cron:session): session closed for user root
Jun 22 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8443]: Failed password for invalid user operator from 176.65.132.129 port 38996 ssh2
Jun 22 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8443]: Connection closed by 176.65.132.129 port 38996 [preauth]
Jun 22 19:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: Failed password for root from 176.65.132.129 port 39028 ssh2
Jun 22 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: Connection closed by 176.65.132.129 port 39028 [preauth]
Jun 22 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: Failed password for root from 176.65.132.129 port 39042 ssh2
Jun 22 19:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: Connection closed by 176.65.132.129 port 39042 [preauth]
Jun 22 19:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: User vncuser from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: input_userauth_request: invalid user vncuser [preauth]
Jun 22 19:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=vncuser
Jun 22 19:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 19:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Failed password for invalid user vncuser from 176.65.132.129 port 52914 ssh2
Jun 22 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Connection closed by 176.65.132.129 port 52914 [preauth]
Jun 22 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Failed password for root from 103.122.221.179 port 46406 ssh2
Jun 22 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Connection closed by 103.122.221.179 port 46406 [preauth]
Jun 22 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: Invalid user odoo17 from 176.65.132.129
Jun 22 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: input_userauth_request: invalid user odoo17 [preauth]
Jun 22 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: Failed password for invalid user odoo17 from 176.65.132.129 port 52920 ssh2
Jun 22 19:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: Connection closed by 176.65.132.129 port 52920 [preauth]
Jun 22 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: Invalid user ark from 176.65.132.129
Jun 22 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: input_userauth_request: invalid user ark [preauth]
Jun 22 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: Failed password for invalid user ark from 176.65.132.129 port 52934 ssh2
Jun 22 19:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: Connection closed by 176.65.132.129 port 52934 [preauth]
Jun 22 19:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8520]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8520]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8520]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 22 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8520]: Failed password for invalid user ubuntu from 176.65.132.129 port 52950 ssh2
Jun 22 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8520]: Connection closed by 176.65.132.129 port 52950 [preauth]
Jun 22 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Failed password for root from 94.159.110.201 port 34190 ssh2
Jun 22 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Connection closed by 94.159.110.201 port 34190 [preauth]
Jun 22 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 19:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: Invalid user ansible from 176.65.132.129
Jun 22 19:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: input_userauth_request: invalid user ansible [preauth]
Jun 22 19:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: Failed password for root from 87.251.79.125 port 59972 ssh2
Jun 22 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: Connection closed by 87.251.79.125 port 59972 [preauth]
Jun 22 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: Failed password for invalid user ansible from 176.65.132.129 port 36494 ssh2
Jun 22 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: Connection closed by 176.65.132.129 port 36494 [preauth]
Jun 22 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Invalid user mc from 176.65.132.129
Jun 22 19:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: input_userauth_request: invalid user mc [preauth]
Jun 22 19:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Failed password for invalid user mc from 176.65.132.129 port 36508 ssh2
Jun 22 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Connection closed by 176.65.132.129 port 36508 [preauth]
Jun 22 19:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Invalid user lighthouse from 176.65.132.129
Jun 22 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: input_userauth_request: invalid user lighthouse [preauth]
Jun 22 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8556]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8680]: Successful su for rubyman by root
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8680]: + ??? root:rubyman
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572767 of user rubyman.
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8680]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572767.
Jun 22 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8554]: pam_unix(cron:session): session closed for user root
Jun 22 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Failed password for invalid user lighthouse from 176.65.132.129 port 36514 ssh2
Jun 22 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Connection closed by 176.65.132.129 port 36514 [preauth]
Jun 22 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: Invalid user node from 176.65.132.129
Jun 22 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: input_userauth_request: invalid user node [preauth]
Jun 22 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5673]: pam_unix(cron:session): session closed for user root
Jun 22 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: Failed password for invalid user node from 176.65.132.129 port 52378 ssh2
Jun 22 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: Connection closed by 176.65.132.129 port 52378 [preauth]
Jun 22 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: Invalid user user1 from 176.65.132.129
Jun 22 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: input_userauth_request: invalid user user1 [preauth]
Jun 22 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: Failed password for invalid user user1 from 176.65.132.129 port 52410 ssh2
Jun 22 19:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: Connection closed by 176.65.132.129 port 52410 [preauth]
Jun 22 19:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: Invalid user home from 176.65.132.129
Jun 22 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: input_userauth_request: invalid user home [preauth]
Jun 22 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: Failed password for invalid user home from 176.65.132.129 port 52430 ssh2
Jun 22 19:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: Connection closed by 176.65.132.129 port 52430 [preauth]
Jun 22 19:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: Invalid user test1 from 176.65.132.129
Jun 22 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: input_userauth_request: invalid user test1 [preauth]
Jun 22 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: Failed password for invalid user test1 from 176.65.132.129 port 32876 ssh2
Jun 22 19:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: Connection closed by 176.65.132.129 port 32876 [preauth]
Jun 22 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: Invalid user dani from 176.65.132.129
Jun 22 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: input_userauth_request: invalid user dani [preauth]
Jun 22 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: Failed password for invalid user dani from 176.65.132.129 port 32888 ssh2
Jun 22 19:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: Connection closed by 176.65.132.129 port 32888 [preauth]
Jun 22 19:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: Invalid user x from 176.65.132.129
Jun 22 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: input_userauth_request: invalid user x [preauth]
Jun 22 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 19:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: Failed password for invalid user x from 176.65.132.129 port 32898 ssh2
Jun 22 19:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: Connection closed by 176.65.132.129 port 32898 [preauth]
Jun 22 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Failed password for root from 103.27.238.116 port 36222 ssh2
Jun 22 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Connection closed by 103.27.238.116 port 36222 [preauth]
Jun 22 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Invalid user ecommerce from 176.65.132.129
Jun 22 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: input_userauth_request: invalid user ecommerce [preauth]
Jun 22 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Failed password for invalid user ecommerce from 176.65.132.129 port 37064 ssh2
Jun 22 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Connection closed by 176.65.132.129 port 37064 [preauth]
Jun 22 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Invalid user victor from 38.55.97.143
Jun 22 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: input_userauth_request: invalid user victor [preauth]
Jun 22 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8954]: Invalid user web from 176.65.132.129
Jun 22 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8954]: input_userauth_request: invalid user web [preauth]
Jun 22 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8954]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Failed password for invalid user victor from 38.55.97.143 port 60248 ssh2
Jun 22 19:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Connection closed by 38.55.97.143 port 60248 [preauth]
Jun 22 19:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8954]: Failed password for invalid user web from 176.65.132.129 port 37078 ssh2
Jun 22 19:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8954]: Connection closed by 176.65.132.129 port 37078 [preauth]
Jun 22 19:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8973]: Failed password for root from 176.65.132.129 port 37084 ssh2
Jun 22 19:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8973]: Connection closed by 176.65.132.129 port 37084 [preauth]
Jun 22 19:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Failed password for root from 176.65.132.129 port 37090 ssh2
Jun 22 19:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Connection closed by 176.65.132.129 port 37090 [preauth]
Jun 22 19:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session closed for user root
Jun 22 19:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Failed password for root from 176.65.132.129 port 45988 ssh2
Jun 22 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Connection closed by 176.65.132.129 port 45988 [preauth]
Jun 22 19:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: Invalid user git from 176.65.132.129
Jun 22 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: input_userauth_request: invalid user git [preauth]
Jun 22 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: Failed password for invalid user git from 176.65.132.129 port 46008 ssh2
Jun 22 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: Connection closed by 176.65.132.129 port 46008 [preauth]
Jun 22 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: Invalid user ftpuser from 176.65.132.129
Jun 22 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.233.85.71  user=root
Jun 22 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Failed password for root from 37.233.85.71 port 37876 ssh2
Jun 22 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: Failed password for invalid user ftpuser from 176.65.132.129 port 46024 ssh2
Jun 22 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Connection closed by 37.233.85.71 port 37876 [preauth]
Jun 22 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: Connection closed by 176.65.132.129 port 46024 [preauth]
Jun 22 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: Invalid user alex from 176.65.132.129
Jun 22 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: input_userauth_request: invalid user alex [preauth]
Jun 22 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: Failed password for invalid user alex from 176.65.132.129 port 55076 ssh2
Jun 22 19:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: Connection closed by 176.65.132.129 port 55076 [preauth]
Jun 22 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: Invalid user test from 176.65.132.129
Jun 22 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: input_userauth_request: invalid user test [preauth]
Jun 22 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: Failed password for invalid user test from 176.65.132.129 port 55082 ssh2
Jun 22 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: Connection closed by 176.65.132.129 port 55082 [preauth]
Jun 22 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Invalid user gabriel from 176.65.132.129
Jun 22 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: input_userauth_request: invalid user gabriel [preauth]
Jun 22 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Failed password for invalid user gabriel from 176.65.132.129 port 55088 ssh2
Jun 22 19:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Connection closed by 176.65.132.129 port 55088 [preauth]
Jun 22 19:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Invalid user erp from 176.65.132.129
Jun 22 19:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: input_userauth_request: invalid user erp [preauth]
Jun 22 19:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Failed password for invalid user erp from 176.65.132.129 port 45164 ssh2
Jun 22 19:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Connection closed by 176.65.132.129 port 45164 [preauth]
Jun 22 19:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: Invalid user gpadmin from 176.65.132.129
Jun 22 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: input_userauth_request: invalid user gpadmin [preauth]
Jun 22 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: Failed password for invalid user gpadmin from 176.65.132.129 port 45190 ssh2
Jun 22 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: Connection closed by 176.65.132.129 port 45190 [preauth]
Jun 22 19:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Invalid user claude from 176.65.132.129
Jun 22 19:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Failed password for invalid user claude from 176.65.132.129 port 45210 ssh2
Jun 22 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Connection closed by 176.65.132.129 port 45210 [preauth]
Jun 22 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Invalid user daniel from 176.65.132.129
Jun 22 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: input_userauth_request: invalid user daniel [preauth]
Jun 22 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9100]: pam_unix(cron:session): session closed for user root
Jun 22 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9095]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9162]: Successful su for rubyman by root
Jun 22 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9162]: + ??? root:rubyman
Jun 22 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572774 of user rubyman.
Jun 22 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9162]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572774.
Jun 22 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Failed password for invalid user daniel from 176.65.132.129 port 45218 ssh2
Jun 22 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Connection closed by 176.65.132.129 port 45218 [preauth]
Jun 22 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: Invalid user newuser from 176.65.132.129
Jun 22 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: input_userauth_request: invalid user newuser [preauth]
Jun 22 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9097]: pam_unix(cron:session): session closed for user root
Jun 22 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6102]: pam_unix(cron:session): session closed for user root
Jun 22 19:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: Failed password for invalid user newuser from 176.65.132.129 port 43184 ssh2
Jun 22 19:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: Connection closed by 176.65.132.129 port 43184 [preauth]
Jun 22 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Invalid user guest from 176.65.132.129
Jun 22 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: input_userauth_request: invalid user guest [preauth]
Jun 22 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9096]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Failed password for invalid user guest from 176.65.132.129 port 43188 ssh2
Jun 22 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Connection closed by 176.65.132.129 port 43188 [preauth]
Jun 22 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: Invalid user frappe from 176.65.132.129
Jun 22 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: input_userauth_request: invalid user frappe [preauth]
Jun 22 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: Failed password for invalid user frappe from 176.65.132.129 port 43200 ssh2
Jun 22 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: Connection closed by 176.65.132.129 port 43200 [preauth]
Jun 22 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: Failed password for root from 176.65.132.129 port 34878 ssh2
Jun 22 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: Connection closed by 176.65.132.129 port 34878 [preauth]
Jun 22 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: Invalid user git from 176.65.132.129
Jun 22 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: input_userauth_request: invalid user git [preauth]
Jun 22 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: Failed password for invalid user git from 176.65.132.129 port 34892 ssh2
Jun 22 19:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: Connection closed by 176.65.132.129 port 34892 [preauth]
Jun 22 19:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Failed password for root from 176.65.132.129 port 34908 ssh2
Jun 22 19:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Connection closed by 176.65.132.129 port 34908 [preauth]
Jun 22 19:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: Invalid user tester from 176.65.132.129
Jun 22 19:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: input_userauth_request: invalid user tester [preauth]
Jun 22 19:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: Failed password for invalid user tester from 176.65.132.129 port 52238 ssh2
Jun 22 19:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: Connection closed by 176.65.132.129 port 52238 [preauth]
Jun 22 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Failed password for root from 176.65.132.129 port 52242 ssh2
Jun 22 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Connection closed by 176.65.132.129 port 52242 [preauth]
Jun 22 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Invalid user martin from 176.65.132.129
Jun 22 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: input_userauth_request: invalid user martin [preauth]
Jun 22 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Failed password for invalid user martin from 176.65.132.129 port 52244 ssh2
Jun 22 19:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Connection closed by 176.65.132.129 port 52244 [preauth]
Jun 22 19:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Invalid user frappe from 176.65.132.129
Jun 22 19:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: input_userauth_request: invalid user frappe [preauth]
Jun 22 19:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Failed password for invalid user frappe from 176.65.132.129 port 52250 ssh2
Jun 22 19:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Connection closed by 176.65.132.129 port 52250 [preauth]
Jun 22 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session closed for user root
Jun 22 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: Invalid user admin from 176.65.132.129
Jun 22 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: Failed password for invalid user admin from 176.65.132.129 port 37684 ssh2
Jun 22 19:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: Connection closed by 176.65.132.129 port 37684 [preauth]
Jun 22 19:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Failed password for root from 176.65.132.129 port 37692 ssh2
Jun 22 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Connection closed by 176.65.132.129 port 37692 [preauth]
Jun 22 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Invalid user teamspeak from 176.65.132.129
Jun 22 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9489]: Invalid user ubuntu from 38.55.97.143
Jun 22 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9489]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9489]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Failed password for invalid user teamspeak from 176.65.132.129 port 37694 ssh2
Jun 22 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Connection closed by 176.65.132.129 port 37694 [preauth]
Jun 22 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Invalid user milad from 176.65.132.129
Jun 22 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: input_userauth_request: invalid user milad [preauth]
Jun 22 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9489]: Failed password for invalid user ubuntu from 38.55.97.143 port 47984 ssh2
Jun 22 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9489]: Connection closed by 38.55.97.143 port 47984 [preauth]
Jun 22 19:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Failed password for invalid user milad from 176.65.132.129 port 35318 ssh2
Jun 22 19:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Connection closed by 176.65.132.129 port 35318 [preauth]
Jun 22 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: Invalid user postgres from 176.65.132.129
Jun 22 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: input_userauth_request: invalid user postgres [preauth]
Jun 22 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: Failed password for invalid user postgres from 176.65.132.129 port 35320 ssh2
Jun 22 19:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: Connection closed by 176.65.132.129 port 35320 [preauth]
Jun 22 19:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: Invalid user user from 176.65.132.129
Jun 22 19:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: input_userauth_request: invalid user user [preauth]
Jun 22 19:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: Failed password for invalid user user from 176.65.132.129 port 35326 ssh2
Jun 22 19:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: Connection closed by 176.65.132.129 port 35326 [preauth]
Jun 22 19:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: Invalid user runner from 176.65.132.129
Jun 22 19:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: input_userauth_request: invalid user runner [preauth]
Jun 22 19:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: Failed password for invalid user runner from 176.65.132.129 port 35906 ssh2
Jun 22 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: Connection closed by 176.65.132.129 port 35906 [preauth]
Jun 22 19:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: Invalid user alex from 176.65.132.129
Jun 22 19:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: input_userauth_request: invalid user alex [preauth]
Jun 22 19:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: Failed password for invalid user alex from 176.65.132.129 port 35920 ssh2
Jun 22 19:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: Connection closed by 176.65.132.129 port 35920 [preauth]
Jun 22 19:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Invalid user ai from 176.65.132.129
Jun 22 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: input_userauth_request: invalid user ai [preauth]
Jun 22 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Failed password for invalid user ai from 176.65.132.129 port 35932 ssh2
Jun 22 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Connection closed by 176.65.132.129 port 35932 [preauth]
Jun 22 19:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9551]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9625]: Successful su for rubyman by root
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9625]: + ??? root:rubyman
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572778 of user rubyman.
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9625]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572778.
Jun 22 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Failed password for root from 176.65.132.129 port 35946 ssh2
Jun 22 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Connection closed by 176.65.132.129 port 35946 [preauth]
Jun 22 19:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: Invalid user default from 176.65.132.129
Jun 22 19:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: input_userauth_request: invalid user default [preauth]
Jun 22 19:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6541]: pam_unix(cron:session): session closed for user root
Jun 22 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: Failed password for invalid user default from 176.65.132.129 port 40718 ssh2
Jun 22 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: Connection closed by 176.65.132.129 port 40718 [preauth]
Jun 22 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9552]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9811]: Invalid user git from 176.65.132.129
Jun 22 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9811]: input_userauth_request: invalid user git [preauth]
Jun 22 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9811]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9811]: Failed password for invalid user git from 176.65.132.129 port 40728 ssh2
Jun 22 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9811]: Connection closed by 176.65.132.129 port 40728 [preauth]
Jun 22 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: Invalid user dev from 176.65.132.129
Jun 22 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: Failed password for invalid user dev from 176.65.132.129 port 40744 ssh2
Jun 22 19:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9813]: Connection closed by 176.65.132.129 port 40744 [preauth]
Jun 22 19:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Invalid user portal from 176.65.132.129
Jun 22 19:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: input_userauth_request: invalid user portal [preauth]
Jun 22 19:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Failed password for invalid user portal from 176.65.132.129 port 49712 ssh2
Jun 22 19:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Connection closed by 176.65.132.129 port 49712 [preauth]
Jun 22 19:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: Invalid user appuser from 176.65.132.129
Jun 22 19:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: input_userauth_request: invalid user appuser [preauth]
Jun 22 19:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: Failed password for invalid user appuser from 176.65.132.129 port 49726 ssh2
Jun 22 19:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: Connection closed by 176.65.132.129 port 49726 [preauth]
Jun 22 19:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: Failed password for root from 176.65.132.129 port 49738 ssh2
Jun 22 19:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: Connection closed by 176.65.132.129 port 49738 [preauth]
Jun 22 19:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Failed password for root from 176.65.132.129 port 41766 ssh2
Jun 22 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Connection closed by 176.65.132.129 port 41766 [preauth]
Jun 22 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: Invalid user support from 176.65.132.129
Jun 22 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: input_userauth_request: invalid user support [preauth]
Jun 22 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: Failed password for invalid user support from 176.65.132.129 port 41782 ssh2
Jun 22 19:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: Connection closed by 176.65.132.129 port 41782 [preauth]
Jun 22 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Invalid user user3 from 176.65.132.129
Jun 22 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: input_userauth_request: invalid user user3 [preauth]
Jun 22 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Failed password for invalid user user3 from 176.65.132.129 port 41788 ssh2
Jun 22 19:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Connection closed by 176.65.132.129 port 41788 [preauth]
Jun 22 19:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: Failed password for root from 176.65.132.129 port 41798 ssh2
Jun 22 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: Connection closed by 176.65.132.129 port 41798 [preauth]
Jun 22 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session closed for user root
Jun 22 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: Failed password for root from 176.65.132.129 port 40572 ssh2
Jun 22 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: Connection closed by 176.65.132.129 port 40572 [preauth]
Jun 22 19:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: Invalid user user from 176.65.132.129
Jun 22 19:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: input_userauth_request: invalid user user [preauth]
Jun 22 19:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: Failed password for invalid user user from 176.65.132.129 port 40576 ssh2
Jun 22 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: Connection closed by 176.65.132.129 port 40576 [preauth]
Jun 22 19:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Invalid user fastuser from 176.65.132.129
Jun 22 19:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 19:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Failed password for invalid user fastuser from 176.65.132.129 port 40582 ssh2
Jun 22 19:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Connection closed by 176.65.132.129 port 40582 [preauth]
Jun 22 19:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Invalid user minecraft from 176.65.132.129
Jun 22 19:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 19:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Failed password for invalid user minecraft from 176.65.132.129 port 38900 ssh2
Jun 22 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Connection closed by 176.65.132.129 port 38900 [preauth]
Jun 22 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Invalid user security from 176.65.132.129
Jun 22 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: input_userauth_request: invalid user security [preauth]
Jun 22 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Failed password for invalid user security from 176.65.132.129 port 38910 ssh2
Jun 22 19:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Connection closed by 176.65.132.129 port 38910 [preauth]
Jun 22 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: Invalid user amit from 176.65.132.129
Jun 22 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: input_userauth_request: invalid user amit [preauth]
Jun 22 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Invalid user service from 38.55.97.143
Jun 22 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: input_userauth_request: invalid user service [preauth]
Jun 22 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: Failed password for invalid user amit from 176.65.132.129 port 38912 ssh2
Jun 22 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: Connection closed by 176.65.132.129 port 38912 [preauth]
Jun 22 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Invalid user ansible from 176.65.132.129
Jun 22 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: input_userauth_request: invalid user ansible [preauth]
Jun 22 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Failed password for invalid user service from 38.55.97.143 port 48926 ssh2
Jun 22 19:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Connection closed by 38.55.97.143 port 48926 [preauth]
Jun 22 19:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Failed password for invalid user ansible from 176.65.132.129 port 45800 ssh2
Jun 22 19:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Connection closed by 176.65.132.129 port 45800 [preauth]
Jun 22 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: Invalid user amine from 176.65.132.129
Jun 22 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: input_userauth_request: invalid user amine [preauth]
Jun 22 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: Failed password for invalid user amine from 176.65.132.129 port 45814 ssh2
Jun 22 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: Connection closed by 176.65.132.129 port 45814 [preauth]
Jun 22 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: Failed password for root from 176.65.132.129 port 45818 ssh2
Jun 22 19:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: Connection closed by 176.65.132.129 port 45818 [preauth]
Jun 22 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Invalid user teamspeak from 176.65.132.129
Jun 22 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10174]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10336]: Successful su for rubyman by root
Jun 22 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10336]: + ??? root:rubyman
Jun 22 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572781 of user rubyman.
Jun 22 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10336]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572781.
Jun 22 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Failed password for invalid user teamspeak from 176.65.132.129 port 45830 ssh2
Jun 22 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Connection closed by 176.65.132.129 port 45830 [preauth]
Jun 22 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7131]: pam_unix(cron:session): session closed for user root
Jun 22 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Failed password for invalid user ubuntu from 176.65.132.129 port 35926 ssh2
Jun 22 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Connection closed by 176.65.132.129 port 35926 [preauth]
Jun 22 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10175]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: Invalid user steam from 176.65.132.129
Jun 22 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: input_userauth_request: invalid user steam [preauth]
Jun 22 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: Failed password for invalid user steam from 176.65.132.129 port 35932 ssh2
Jun 22 19:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: Connection closed by 176.65.132.129 port 35932 [preauth]
Jun 22 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: Invalid user user1 from 176.65.132.129
Jun 22 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: input_userauth_request: invalid user user1 [preauth]
Jun 22 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: Failed password for invalid user user1 from 176.65.132.129 port 35944 ssh2
Jun 22 19:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: Connection closed by 176.65.132.129 port 35944 [preauth]
Jun 22 19:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Failed password for root from 176.65.132.129 port 41302 ssh2
Jun 22 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Connection closed by 176.65.132.129 port 41302 [preauth]
Jun 22 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: Invalid user tom from 176.65.132.129
Jun 22 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: input_userauth_request: invalid user tom [preauth]
Jun 22 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: Failed password for invalid user tom from 176.65.132.129 port 41314 ssh2
Jun 22 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: Connection closed by 176.65.132.129 port 41314 [preauth]
Jun 22 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Invalid user dev from 176.65.132.129
Jun 22 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: input_userauth_request: invalid user dev [preauth]
Jun 22 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Failed password for invalid user dev from 176.65.132.129 port 41322 ssh2
Jun 22 19:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Connection closed by 176.65.132.129 port 41322 [preauth]
Jun 22 19:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Failed password for root from 176.65.132.129 port 55890 ssh2
Jun 22 19:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Connection closed by 176.65.132.129 port 55890 [preauth]
Jun 22 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Invalid user chris from 176.65.132.129
Jun 22 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: input_userauth_request: invalid user chris [preauth]
Jun 22 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Failed password for invalid user chris from 176.65.132.129 port 55892 ssh2
Jun 22 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Connection closed by 176.65.132.129 port 55892 [preauth]
Jun 22 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Invalid user ec2-user from 176.65.132.129
Jun 22 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: input_userauth_request: invalid user ec2-user [preauth]
Jun 22 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Failed password for invalid user ec2-user from 176.65.132.129 port 55902 ssh2
Jun 22 19:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Connection closed by 176.65.132.129 port 55902 [preauth]
Jun 22 19:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Failed password for root from 176.65.132.129 port 55906 ssh2
Jun 22 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Connection closed by 176.65.132.129 port 55906 [preauth]
Jun 22 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session closed for user root
Jun 22 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: Failed password for root from 176.65.132.129 port 42338 ssh2
Jun 22 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: Connection closed by 176.65.132.129 port 42338 [preauth]
Jun 22 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Invalid user openvpn from 176.65.132.129
Jun 22 19:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: input_userauth_request: invalid user openvpn [preauth]
Jun 22 19:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Failed password for invalid user openvpn from 176.65.132.129 port 42352 ssh2
Jun 22 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Connection closed by 176.65.132.129 port 42352 [preauth]
Jun 22 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Failed password for root from 176.65.132.129 port 42360 ssh2
Jun 22 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Connection closed by 176.65.132.129 port 42360 [preauth]
Jun 22 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Invalid user data from 176.65.132.129
Jun 22 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: input_userauth_request: invalid user data [preauth]
Jun 22 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Failed password for invalid user data from 176.65.132.129 port 45936 ssh2
Jun 22 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Connection closed by 176.65.132.129 port 45936 [preauth]
Jun 22 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: Invalid user wso2 from 176.65.132.129
Jun 22 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: input_userauth_request: invalid user wso2 [preauth]
Jun 22 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: Failed password for invalid user wso2 from 176.65.132.129 port 45952 ssh2
Jun 22 19:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10673]: Connection closed by 176.65.132.129 port 45952 [preauth]
Jun 22 19:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Invalid user airflow from 176.65.132.129
Jun 22 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: input_userauth_request: invalid user airflow [preauth]
Jun 22 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Failed password for invalid user airflow from 176.65.132.129 port 45968 ssh2
Jun 22 19:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Connection closed by 176.65.132.129 port 45968 [preauth]
Jun 22 19:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10695]: Failed password for root from 176.65.132.129 port 45980 ssh2
Jun 22 19:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10695]: Connection closed by 176.65.132.129 port 45980 [preauth]
Jun 22 19:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10698]: Failed password for root from 176.65.132.129 port 50300 ssh2
Jun 22 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10698]: Connection closed by 176.65.132.129 port 50300 [preauth]
Jun 22 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Invalid user admin from 176.65.132.129
Jun 22 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Failed password for root from 38.55.97.143 port 41186 ssh2
Jun 22 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Connection closed by 38.55.97.143 port 41186 [preauth]
Jun 22 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Failed password for invalid user admin from 176.65.132.129 port 50306 ssh2
Jun 22 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Connection closed by 176.65.132.129 port 50306 [preauth]
Jun 22 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Invalid user sysupdate from 176.65.132.129
Jun 22 19:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: input_userauth_request: invalid user sysupdate [preauth]
Jun 22 19:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10725]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10797]: Successful su for rubyman by root
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10797]: + ??? root:rubyman
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572786 of user rubyman.
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10797]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572786.
Jun 22 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Failed password for invalid user sysupdate from 176.65.132.129 port 50308 ssh2
Jun 22 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Connection closed by 176.65.132.129 port 50308 [preauth]
Jun 22 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: Invalid user rdpuser from 176.65.132.129
Jun 22 19:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 19:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7581]: pam_unix(cron:session): session closed for user root
Jun 22 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: Failed password for invalid user rdpuser from 176.65.132.129 port 35078 ssh2
Jun 22 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: Connection closed by 176.65.132.129 port 35078 [preauth]
Jun 22 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10728]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: Failed password for root from 176.65.132.129 port 35098 ssh2
Jun 22 19:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: Connection closed by 176.65.132.129 port 35098 [preauth]
Jun 22 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: Invalid user pi from 176.65.132.129
Jun 22 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: Failed password for invalid user pi from 176.65.132.129 port 35118 ssh2
Jun 22 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: Connection closed by 176.65.132.129 port 35118 [preauth]
Jun 22 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: Invalid user playground from 176.65.132.129
Jun 22 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: input_userauth_request: invalid user playground [preauth]
Jun 22 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: Failed password for invalid user playground from 176.65.132.129 port 48068 ssh2
Jun 22 19:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11003]: Connection closed by 176.65.132.129 port 48068 [preauth]
Jun 22 19:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: Invalid user runner from 176.65.132.129
Jun 22 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: input_userauth_request: invalid user runner [preauth]
Jun 22 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: Failed password for invalid user runner from 176.65.132.129 port 48084 ssh2
Jun 22 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: Connection closed by 176.65.132.129 port 48084 [preauth]
Jun 22 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: Invalid user cloud from 176.65.132.129
Jun 22 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: input_userauth_request: invalid user cloud [preauth]
Jun 22 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: Failed password for invalid user cloud from 176.65.132.129 port 48098 ssh2
Jun 22 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: Connection closed by 176.65.132.129 port 48098 [preauth]
Jun 22 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Invalid user dolphinscheduler from 176.65.132.129
Jun 22 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 22 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Failed password for invalid user dolphinscheduler from 176.65.132.129 port 48104 ssh2
Jun 22 19:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Connection closed by 176.65.132.129 port 48104 [preauth]
Jun 22 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: Invalid user sftpuser from 176.65.132.129
Jun 22 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: input_userauth_request: invalid user sftpuser [preauth]
Jun 22 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: Failed password for invalid user sftpuser from 176.65.132.129 port 60104 ssh2
Jun 22 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11055]: Connection closed by 176.65.132.129 port 60104 [preauth]
Jun 22 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: Invalid user nutanix from 176.65.132.129
Jun 22 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: input_userauth_request: invalid user nutanix [preauth]
Jun 22 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: Failed password for invalid user nutanix from 176.65.132.129 port 60124 ssh2
Jun 22 19:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: Connection closed by 176.65.132.129 port 60124 [preauth]
Jun 22 19:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: Invalid user hduser from 176.65.132.129
Jun 22 19:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: input_userauth_request: invalid user hduser [preauth]
Jun 22 19:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: Failed password for invalid user hduser from 176.65.132.129 port 60140 ssh2
Jun 22 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: Connection closed by 176.65.132.129 port 60140 [preauth]
Jun 22 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9555]: pam_unix(cron:session): session closed for user root
Jun 22 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: Invalid user runner from 176.65.132.129
Jun 22 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: input_userauth_request: invalid user runner [preauth]
Jun 22 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: Failed password for invalid user runner from 176.65.132.129 port 43244 ssh2
Jun 22 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: Connection closed by 176.65.132.129 port 43244 [preauth]
Jun 22 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: Failed password for root from 176.65.132.129 port 43250 ssh2
Jun 22 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: Connection closed by 176.65.132.129 port 43250 [preauth]
Jun 22 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Invalid user deployer from 176.65.132.129
Jun 22 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: input_userauth_request: invalid user deployer [preauth]
Jun 22 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Failed password for invalid user deployer from 176.65.132.129 port 43262 ssh2
Jun 22 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Connection closed by 176.65.132.129 port 43262 [preauth]
Jun 22 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Failed password for root from 176.65.132.129 port 47854 ssh2
Jun 22 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Connection closed by 176.65.132.129 port 47854 [preauth]
Jun 22 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Invalid user user from 176.65.132.129
Jun 22 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: input_userauth_request: invalid user user [preauth]
Jun 22 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Failed password for invalid user user from 176.65.132.129 port 47866 ssh2
Jun 22 19:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Connection closed by 176.65.132.129 port 47866 [preauth]
Jun 22 19:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: Failed password for root from 176.65.132.129 port 47882 ssh2
Jun 22 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11146]: Connection closed by 176.65.132.129 port 47882 [preauth]
Jun 22 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: Invalid user support from 176.65.132.129
Jun 22 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: input_userauth_request: invalid user support [preauth]
Jun 22 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: Failed password for invalid user support from 176.65.132.129 port 47896 ssh2
Jun 22 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11158]: Connection closed by 176.65.132.129 port 47896 [preauth]
Jun 22 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: Invalid user hu from 176.65.132.129
Jun 22 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: input_userauth_request: invalid user hu [preauth]
Jun 22 19:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: Failed password for invalid user hu from 176.65.132.129 port 47314 ssh2
Jun 22 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: Connection closed by 176.65.132.129 port 47314 [preauth]
Jun 22 19:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: Failed password for root from 176.65.132.129 port 47326 ssh2
Jun 22 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: Connection closed by 176.65.132.129 port 47326 [preauth]
Jun 22 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Invalid user devops from 176.65.132.129
Jun 22 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: input_userauth_request: invalid user devops [preauth]
Jun 22 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11190]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Failed password for invalid user devops from 176.65.132.129 port 47328 ssh2
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11256]: Successful su for rubyman by root
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11256]: + ??? root:rubyman
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572790 of user rubyman.
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11256]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Connection closed by 176.65.132.129 port 47328 [preauth]
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572790.
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Invalid user mcserver from 176.65.132.129
Jun 22 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: input_userauth_request: invalid user mcserver [preauth]
Jun 22 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: Failed password for root from 38.55.97.143 port 34986 ssh2
Jun 22 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: Connection closed by 38.55.97.143 port 34986 [preauth]
Jun 22 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8109]: pam_unix(cron:session): session closed for user root
Jun 22 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Failed password for invalid user mcserver from 176.65.132.129 port 52858 ssh2
Jun 22 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Connection closed by 176.65.132.129 port 52858 [preauth]
Jun 22 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Invalid user reza from 176.65.132.129
Jun 22 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: input_userauth_request: invalid user reza [preauth]
Jun 22 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11191]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Failed password for invalid user reza from 176.65.132.129 port 52874 ssh2
Jun 22 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Connection closed by 176.65.132.129 port 52874 [preauth]
Jun 22 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: Failed password for root from 176.65.132.129 port 52890 ssh2
Jun 22 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: Connection closed by 176.65.132.129 port 52890 [preauth]
Jun 22 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: Invalid user user from 176.65.132.129
Jun 22 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: input_userauth_request: invalid user user [preauth]
Jun 22 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: Failed password for invalid user user from 176.65.132.129 port 57306 ssh2
Jun 22 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: Connection closed by 176.65.132.129 port 57306 [preauth]
Jun 22 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: Invalid user test from 176.65.132.129
Jun 22 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: input_userauth_request: invalid user test [preauth]
Jun 22 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: Failed password for invalid user test from 176.65.132.129 port 57324 ssh2
Jun 22 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: Connection closed by 176.65.132.129 port 57324 [preauth]
Jun 22 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11498]: Invalid user gitlab from 176.65.132.129
Jun 22 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11498]: input_userauth_request: invalid user gitlab [preauth]
Jun 22 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11498]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11498]: Failed password for invalid user gitlab from 176.65.132.129 port 57332 ssh2
Jun 22 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11498]: Connection closed by 176.65.132.129 port 57332 [preauth]
Jun 22 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Invalid user nagios from 176.65.132.129
Jun 22 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: input_userauth_request: invalid user nagios [preauth]
Jun 22 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Failed password for invalid user nagios from 176.65.132.129 port 57348 ssh2
Jun 22 19:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Connection closed by 176.65.132.129 port 57348 [preauth]
Jun 22 19:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Invalid user rajvir from 176.65.132.129
Jun 22 19:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: input_userauth_request: invalid user rajvir [preauth]
Jun 22 19:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Failed password for invalid user rajvir from 176.65.132.129 port 49230 ssh2
Jun 22 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Connection closed by 176.65.132.129 port 49230 [preauth]
Jun 22 19:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Invalid user adminuser from 176.65.132.129
Jun 22 19:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: input_userauth_request: invalid user adminuser [preauth]
Jun 22 19:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Failed password for invalid user adminuser from 176.65.132.129 port 49240 ssh2
Jun 22 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: Invalid user csgo from 176.65.132.129
Jun 22 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: input_userauth_request: invalid user csgo [preauth]
Jun 22 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Connection closed by 176.65.132.129 port 49240 [preauth]
Jun 22 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: Failed password for invalid user csgo from 176.65.132.129 port 49256 ssh2
Jun 22 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: Connection closed by 176.65.132.129 port 49256 [preauth]
Jun 22 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: Invalid user sam from 176.65.132.129
Jun 22 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: input_userauth_request: invalid user sam [preauth]
Jun 22 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10177]: pam_unix(cron:session): session closed for user root
Jun 22 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: Failed password for invalid user sam from 176.65.132.129 port 54380 ssh2
Jun 22 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: Connection closed by 176.65.132.129 port 54380 [preauth]
Jun 22 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11565]: Failed password for root from 176.65.132.129 port 54392 ssh2
Jun 22 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11565]: Connection closed by 176.65.132.129 port 54392 [preauth]
Jun 22 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Invalid user user from 176.65.132.129
Jun 22 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: input_userauth_request: invalid user user [preauth]
Jun 22 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Failed password for invalid user user from 176.65.132.129 port 54406 ssh2
Jun 22 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Connection closed by 176.65.132.129 port 54406 [preauth]
Jun 22 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: User john from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: input_userauth_request: invalid user john [preauth]
Jun 22 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=john
Jun 22 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Failed password for invalid user john from 176.65.132.129 port 59798 ssh2
Jun 22 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Connection closed by 176.65.132.129 port 59798 [preauth]
Jun 22 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: Failed password for root from 176.65.132.129 port 59804 ssh2
Jun 22 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: Connection closed by 176.65.132.129 port 59804 [preauth]
Jun 22 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Invalid user lucas from 176.65.132.129
Jun 22 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: input_userauth_request: invalid user lucas [preauth]
Jun 22 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Failed password for invalid user lucas from 176.65.132.129 port 59826 ssh2
Jun 22 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Connection closed by 176.65.132.129 port 59826 [preauth]
Jun 22 19:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: Invalid user deploy from 176.65.132.129
Jun 22 19:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: Failed password for invalid user deploy from 176.65.132.129 port 59840 ssh2
Jun 22 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: Connection closed by 176.65.132.129 port 59840 [preauth]
Jun 22 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Failed password for root from 176.65.132.129 port 39654 ssh2
Jun 22 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Connection closed by 176.65.132.129 port 39654 [preauth]
Jun 22 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Failed password for root from 176.65.132.129 port 39664 ssh2
Jun 22 19:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Connection closed by 176.65.132.129 port 39664 [preauth]
Jun 22 19:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Invalid user sftpuser from 176.65.132.129
Jun 22 19:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: input_userauth_request: invalid user sftpuser [preauth]
Jun 22 19:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Failed password for invalid user sftpuser from 176.65.132.129 port 39666 ssh2
Jun 22 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Connection closed by 176.65.132.129 port 39666 [preauth]
Jun 22 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11647]: pam_unix(cron:session): session closed for user root
Jun 22 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11642]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11722]: Successful su for rubyman by root
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11722]: + ??? root:rubyman
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572796 of user rubyman.
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11722]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572796.
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: Invalid user usuario from 176.65.132.129
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: input_userauth_request: invalid user usuario [preauth]
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session closed for user root
Jun 22 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11644]: pam_unix(cron:session): session closed for user root
Jun 22 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: Failed password for invalid user usuario from 176.65.132.129 port 51266 ssh2
Jun 22 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: Connection closed by 176.65.132.129 port 51266 [preauth]
Jun 22 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11888]: Invalid user aiuser from 176.65.132.129
Jun 22 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11888]: input_userauth_request: invalid user aiuser [preauth]
Jun 22 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11888]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11643]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11888]: Failed password for invalid user aiuser from 176.65.132.129 port 51276 ssh2
Jun 22 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11888]: Connection closed by 176.65.132.129 port 51276 [preauth]
Jun 22 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Failed password for invalid user ubuntu from 176.65.132.129 port 51290 ssh2
Jun 22 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Connection closed by 176.65.132.129 port 51290 [preauth]
Jun 22 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: Failed password for root from 38.55.97.143 port 53666 ssh2
Jun 22 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: Invalid user user1 from 176.65.132.129
Jun 22 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: input_userauth_request: invalid user user1 [preauth]
Jun 22 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: Connection closed by 38.55.97.143 port 53666 [preauth]
Jun 22 19:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: Failed password for invalid user user1 from 176.65.132.129 port 53080 ssh2
Jun 22 19:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: Connection closed by 176.65.132.129 port 53080 [preauth]
Jun 22 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Failed password for root from 176.65.132.129 port 53088 ssh2
Jun 22 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Connection closed by 176.65.132.129 port 53088 [preauth]
Jun 22 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: Invalid user cursor from 176.65.132.129
Jun 22 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: input_userauth_request: invalid user cursor [preauth]
Jun 22 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: Failed password for invalid user cursor from 176.65.132.129 port 53098 ssh2
Jun 22 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: Connection closed by 176.65.132.129 port 53098 [preauth]
Jun 22 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: Invalid user sdadmin from 176.65.132.129
Jun 22 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: input_userauth_request: invalid user sdadmin [preauth]
Jun 22 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: Failed password for invalid user sdadmin from 176.65.132.129 port 53100 ssh2
Jun 22 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: Connection closed by 176.65.132.129 port 53100 [preauth]
Jun 22 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12049]: Received disconnect from 198.199.106.159 port 60682:11: disconnected by user [preauth]
Jun 22 19:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12049]: Disconnected from 198.199.106.159 port 60682 [preauth]
Jun 22 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Failed password for invalid user ubuntu from 176.65.132.129 port 33836 ssh2
Jun 22 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Connection closed by 176.65.132.129 port 33836 [preauth]
Jun 22 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for root from 176.65.132.129 port 33852 ssh2
Jun 22 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Connection closed by 176.65.132.129 port 33852 [preauth]
Jun 22 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Failed password for root from 176.65.132.129 port 33874 ssh2
Jun 22 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Connection closed by 176.65.132.129 port 33874 [preauth]
Jun 22 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: Invalid user postgres from 176.65.132.129
Jun 22 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: input_userauth_request: invalid user postgres [preauth]
Jun 22 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10730]: pam_unix(cron:session): session closed for user root
Jun 22 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: Failed password for invalid user postgres from 176.65.132.129 port 60864 ssh2
Jun 22 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: Connection closed by 176.65.132.129 port 60864 [preauth]
Jun 22 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Invalid user operator from 176.65.132.129
Jun 22 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: input_userauth_request: invalid user operator [preauth]
Jun 22 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Failed password for invalid user operator from 176.65.132.129 port 60874 ssh2
Jun 22 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Connection closed by 176.65.132.129 port 60874 [preauth]
Jun 22 19:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: Failed password for root from 176.65.132.129 port 60886 ssh2
Jun 22 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: Connection closed by 176.65.132.129 port 60886 [preauth]
Jun 22 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Invalid user git from 176.65.132.129
Jun 22 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: input_userauth_request: invalid user git [preauth]
Jun 22 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Failed password for invalid user git from 176.65.132.129 port 37312 ssh2
Jun 22 19:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Connection closed by 176.65.132.129 port 37312 [preauth]
Jun 22 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Invalid user testuser from 176.65.132.129
Jun 22 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: input_userauth_request: invalid user testuser [preauth]
Jun 22 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Failed password for invalid user testuser from 176.65.132.129 port 37320 ssh2
Jun 22 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Connection closed by 176.65.132.129 port 37320 [preauth]
Jun 22 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Invalid user minecraft from 176.65.132.129
Jun 22 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Failed password for invalid user minecraft from 176.65.132.129 port 37344 ssh2
Jun 22 19:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Connection closed by 176.65.132.129 port 37344 [preauth]
Jun 22 19:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: Failed password for root from 176.65.132.129 port 37356 ssh2
Jun 22 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: Connection closed by 176.65.132.129 port 37356 [preauth]
Jun 22 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: Invalid user minecraft from 176.65.132.129
Jun 22 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: Failed password for invalid user minecraft from 176.65.132.129 port 60828 ssh2
Jun 22 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12155]: Connection closed by 176.65.132.129 port 60828 [preauth]
Jun 22 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Failed password for root from 176.65.132.129 port 60844 ssh2
Jun 22 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Connection closed by 176.65.132.129 port 60844 [preauth]
Jun 22 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Invalid user tom from 176.65.132.129
Jun 22 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: input_userauth_request: invalid user tom [preauth]
Jun 22 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Failed password for invalid user tom from 176.65.132.129 port 60856 ssh2
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Connection closed by 176.65.132.129 port 60856 [preauth]
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12370]: Successful su for rubyman by root
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12370]: + ??? root:rubyman
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572799 of user rubyman.
Jun 22 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12370]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572799.
Jun 22 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Invalid user frappe from 176.65.132.129
Jun 22 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: input_userauth_request: invalid user frappe [preauth]
Jun 22 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Failed password for invalid user frappe from 176.65.132.129 port 47612 ssh2
Jun 22 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Connection closed by 176.65.132.129 port 47612 [preauth]
Jun 22 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session closed for user root
Jun 22 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: Invalid user grid from 176.65.132.129
Jun 22 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: input_userauth_request: invalid user grid [preauth]
Jun 22 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12172]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: Failed password for invalid user grid from 176.65.132.129 port 47614 ssh2
Jun 22 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: Connection closed by 176.65.132.129 port 47614 [preauth]
Jun 22 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Failed password for root from 176.65.132.129 port 47622 ssh2
Jun 22 19:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Connection closed by 176.65.132.129 port 47622 [preauth]
Jun 22 19:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: Invalid user test3 from 176.65.132.129
Jun 22 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: input_userauth_request: invalid user test3 [preauth]
Jun 22 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: Failed password for invalid user test3 from 176.65.132.129 port 59378 ssh2
Jun 22 19:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: Connection closed by 176.65.132.129 port 59378 [preauth]
Jun 22 19:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12583]: Invalid user user10 from 176.65.132.129
Jun 22 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12583]: input_userauth_request: invalid user user10 [preauth]
Jun 22 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12583]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12583]: Failed password for invalid user user10 from 176.65.132.129 port 59386 ssh2
Jun 22 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12583]: Connection closed by 176.65.132.129 port 59386 [preauth]
Jun 22 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12592]: Failed password for root from 176.65.132.129 port 59392 ssh2
Jun 22 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12592]: Connection closed by 176.65.132.129 port 59392 [preauth]
Jun 22 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: Failed password for root from 38.55.97.143 port 43944 ssh2
Jun 22 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: Connection closed by 38.55.97.143 port 43944 [preauth]
Jun 22 19:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12605]: Failed password for root from 176.65.132.129 port 59394 ssh2
Jun 22 19:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12605]: Connection closed by 176.65.132.129 port 59394 [preauth]
Jun 22 19:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: Invalid user app from 176.65.132.129
Jun 22 19:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: input_userauth_request: invalid user app [preauth]
Jun 22 19:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: Failed password for invalid user app from 176.65.132.129 port 52746 ssh2
Jun 22 19:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: Connection closed by 176.65.132.129 port 52746 [preauth]
Jun 22 19:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Invalid user monitor from 176.65.132.129
Jun 22 19:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: input_userauth_request: invalid user monitor [preauth]
Jun 22 19:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Failed password for invalid user monitor from 176.65.132.129 port 52758 ssh2
Jun 22 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Connection closed by 176.65.132.129 port 52758 [preauth]
Jun 22 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Invalid user developer from 176.65.132.129
Jun 22 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: input_userauth_request: invalid user developer [preauth]
Jun 22 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Failed password for invalid user developer from 176.65.132.129 port 52784 ssh2
Jun 22 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Connection closed by 176.65.132.129 port 52784 [preauth]
Jun 22 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11193]: pam_unix(cron:session): session closed for user root
Jun 22 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: Failed password for root from 176.65.132.129 port 39108 ssh2
Jun 22 19:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: Connection closed by 176.65.132.129 port 39108 [preauth]
Jun 22 19:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12678]: Invalid user claude from 176.65.132.129
Jun 22 19:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12678]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12678]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12678]: Failed password for invalid user claude from 176.65.132.129 port 39116 ssh2
Jun 22 19:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12678]: Connection closed by 176.65.132.129 port 39116 [preauth]
Jun 22 19:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Failed password for root from 176.65.132.129 port 39122 ssh2
Jun 22 19:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Connection closed by 176.65.132.129 port 39122 [preauth]
Jun 22 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12692]: Invalid user deployer from 176.65.132.129
Jun 22 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12692]: input_userauth_request: invalid user deployer [preauth]
Jun 22 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12692]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12692]: Failed password for invalid user deployer from 176.65.132.129 port 48172 ssh2
Jun 22 19:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12692]: Connection closed by 176.65.132.129 port 48172 [preauth]
Jun 22 19:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Failed password for root from 176.65.132.129 port 48186 ssh2
Jun 22 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Connection closed by 176.65.132.129 port 48186 [preauth]
Jun 22 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Failed password for root from 176.65.132.129 port 48198 ssh2
Jun 22 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Connection closed by 176.65.132.129 port 48198 [preauth]
Jun 22 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Invalid user worker from 176.65.132.129
Jun 22 19:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: input_userauth_request: invalid user worker [preauth]
Jun 22 19:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Failed password for invalid user worker from 176.65.132.129 port 48208 ssh2
Jun 22 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Connection closed by 176.65.132.129 port 48208 [preauth]
Jun 22 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Invalid user jenkins from 176.65.132.129
Jun 22 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Failed password for invalid user jenkins from 176.65.132.129 port 41280 ssh2
Jun 22 19:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Connection closed by 176.65.132.129 port 41280 [preauth]
Jun 22 19:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Invalid user deployer from 176.65.132.129
Jun 22 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: input_userauth_request: invalid user deployer [preauth]
Jun 22 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Failed password for invalid user deployer from 176.65.132.129 port 41282 ssh2
Jun 22 19:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Connection closed by 176.65.132.129 port 41282 [preauth]
Jun 22 19:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Invalid user aaa from 176.65.132.129
Jun 22 19:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: input_userauth_request: invalid user aaa [preauth]
Jun 22 19:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Failed password for invalid user aaa from 176.65.132.129 port 41284 ssh2
Jun 22 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Connection closed by 176.65.132.129 port 41284 [preauth]
Jun 22 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12763]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12827]: Successful su for rubyman by root
Jun 22 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12827]: + ??? root:rubyman
Jun 22 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572804 of user rubyman.
Jun 22 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12827]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572804.
Jun 22 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Invalid user admin from 176.65.132.129
Jun 22 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9553]: pam_unix(cron:session): session closed for user root
Jun 22 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Failed password for invalid user admin from 176.65.132.129 port 44188 ssh2
Jun 22 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Connection closed by 176.65.132.129 port 44188 [preauth]
Jun 22 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: Invalid user server from 176.65.132.129
Jun 22 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: input_userauth_request: invalid user server [preauth]
Jun 22 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12764]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: Failed password for invalid user server from 176.65.132.129 port 44204 ssh2
Jun 22 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: Connection closed by 176.65.132.129 port 44204 [preauth]
Jun 22 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Invalid user user1 from 176.65.132.129
Jun 22 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: input_userauth_request: invalid user user1 [preauth]
Jun 22 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Failed password for invalid user user1 from 176.65.132.129 port 44208 ssh2
Jun 22 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Connection closed by 176.65.132.129 port 44208 [preauth]
Jun 22 19:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: User mysql from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: input_userauth_request: invalid user mysql [preauth]
Jun 22 19:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=mysql
Jun 22 19:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: Failed password for invalid user mysql from 176.65.132.129 port 44224 ssh2
Jun 22 19:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: Connection closed by 176.65.132.129 port 44224 [preauth]
Jun 22 19:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: Invalid user app from 176.65.132.129
Jun 22 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: input_userauth_request: invalid user app [preauth]
Jun 22 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: Failed password for invalid user app from 176.65.132.129 port 47786 ssh2
Jun 22 19:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: Connection closed by 176.65.132.129 port 47786 [preauth]
Jun 22 19:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Failed password for root from 176.65.132.129 port 47800 ssh2
Jun 22 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Connection closed by 176.65.132.129 port 47800 [preauth]
Jun 22 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: Failed password for root from 176.65.132.129 port 47810 ssh2
Jun 22 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: Connection closed by 176.65.132.129 port 47810 [preauth]
Jun 22 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Invalid user user from 176.65.132.129
Jun 22 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: input_userauth_request: invalid user user [preauth]
Jun 22 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Failed password for invalid user user from 176.65.132.129 port 57616 ssh2
Jun 22 19:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Connection closed by 176.65.132.129 port 57616 [preauth]
Jun 22 19:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Invalid user bernard from 176.65.132.129
Jun 22 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: input_userauth_request: invalid user bernard [preauth]
Jun 22 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Failed password for root from 38.55.97.143 port 35468 ssh2
Jun 22 19:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Connection closed by 38.55.97.143 port 35468 [preauth]
Jun 22 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Failed password for invalid user bernard from 176.65.132.129 port 57638 ssh2
Jun 22 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Connection closed by 176.65.132.129 port 57638 [preauth]
Jun 22 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Invalid user manoj from 176.65.132.129
Jun 22 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: input_userauth_request: invalid user manoj [preauth]
Jun 22 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Failed password for invalid user manoj from 176.65.132.129 port 57646 ssh2
Jun 22 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Connection closed by 176.65.132.129 port 57646 [preauth]
Jun 22 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: Invalid user drcomadmin from 176.65.132.129
Jun 22 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 22 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: Failed password for invalid user drcomadmin from 176.65.132.129 port 37208 ssh2
Jun 22 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: Connection closed by 176.65.132.129 port 37208 [preauth]
Jun 22 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session closed for user root
Jun 22 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: Invalid user parsa from 176.65.132.129
Jun 22 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: input_userauth_request: invalid user parsa [preauth]
Jun 22 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: Failed password for invalid user parsa from 176.65.132.129 port 37210 ssh2
Jun 22 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: Connection closed by 176.65.132.129 port 37210 [preauth]
Jun 22 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Invalid user asterisk from 176.65.132.129
Jun 22 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: input_userauth_request: invalid user asterisk [preauth]
Jun 22 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Failed password for invalid user asterisk from 176.65.132.129 port 37216 ssh2
Jun 22 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Connection closed by 176.65.132.129 port 37216 [preauth]
Jun 22 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Invalid user runner from 176.65.132.129
Jun 22 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: input_userauth_request: invalid user runner [preauth]
Jun 22 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Failed password for invalid user runner from 176.65.132.129 port 45116 ssh2
Jun 22 19:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Connection closed by 176.65.132.129 port 45116 [preauth]
Jun 22 19:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Invalid user admin123 from 176.65.132.129
Jun 22 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: input_userauth_request: invalid user admin123 [preauth]
Jun 22 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Failed password for invalid user admin123 from 176.65.132.129 port 45140 ssh2
Jun 22 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Connection closed by 176.65.132.129 port 45140 [preauth]
Jun 22 19:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: Invalid user sonar from 176.65.132.129
Jun 22 19:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: input_userauth_request: invalid user sonar [preauth]
Jun 22 19:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: Failed password for invalid user sonar from 176.65.132.129 port 45166 ssh2
Jun 22 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: Connection closed by 176.65.132.129 port 45166 [preauth]
Jun 22 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Invalid user newuser from 176.65.132.129
Jun 22 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: input_userauth_request: invalid user newuser [preauth]
Jun 22 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Failed password for invalid user newuser from 176.65.132.129 port 45184 ssh2
Jun 22 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Connection closed by 176.65.132.129 port 45184 [preauth]
Jun 22 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Invalid user appuser from 176.65.132.129
Jun 22 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: input_userauth_request: invalid user appuser [preauth]
Jun 22 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Failed password for invalid user appuser from 176.65.132.129 port 38224 ssh2
Jun 22 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Connection closed by 176.65.132.129 port 38224 [preauth]
Jun 22 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: Invalid user user from 176.65.132.129
Jun 22 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: input_userauth_request: invalid user user [preauth]
Jun 22 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: Failed password for invalid user user from 176.65.132.129 port 38230 ssh2
Jun 22 19:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: Connection closed by 176.65.132.129 port 38230 [preauth]
Jun 22 19:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Invalid user debian from 176.65.132.129
Jun 22 19:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: input_userauth_request: invalid user debian [preauth]
Jun 22 19:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13220]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Failed password for invalid user debian from 176.65.132.129 port 38238 ssh2
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Connection closed by 176.65.132.129 port 38238 [preauth]
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: Successful su for rubyman by root
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: + ??? root:rubyman
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572809 of user rubyman.
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572809.
Jun 22 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Invalid user admin from 193.46.255.86
Jun 22 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10176]: pam_unix(cron:session): session closed for user root
Jun 22 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for invalid user admin from 193.46.255.86 port 6612 ssh2
Jun 22 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: Failed password for root from 176.65.132.129 port 38880 ssh2
Jun 22 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13285]: Connection closed by 176.65.132.129 port 38880 [preauth]
Jun 22 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Invalid user admin from 176.65.132.129
Jun 22 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13221]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for invalid user admin from 193.46.255.86 port 6612 ssh2
Jun 22 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Failed password for invalid user admin from 176.65.132.129 port 38890 ssh2
Jun 22 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Connection closed by 176.65.132.129 port 38890 [preauth]
Jun 22 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13471]: Invalid user cloud from 176.65.132.129
Jun 22 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13471]: input_userauth_request: invalid user cloud [preauth]
Jun 22 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13471]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for invalid user admin from 193.46.255.86 port 6612 ssh2
Jun 22 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Connection closed by 193.46.255.86 port 6612 [preauth]
Jun 22 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 19:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13471]: Failed password for invalid user cloud from 176.65.132.129 port 38904 ssh2
Jun 22 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13471]: Connection closed by 176.65.132.129 port 38904 [preauth]
Jun 22 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: Invalid user pi from 176.65.132.129
Jun 22 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: Failed password for invalid user pi from 176.65.132.129 port 52674 ssh2
Jun 22 19:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: Connection closed by 176.65.132.129 port 52674 [preauth]
Jun 22 19:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Invalid user cw from 176.65.132.129
Jun 22 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: input_userauth_request: invalid user cw [preauth]
Jun 22 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Failed password for invalid user cw from 176.65.132.129 port 52686 ssh2
Jun 22 19:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Connection closed by 176.65.132.129 port 52686 [preauth]
Jun 22 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: Invalid user alex from 176.65.132.129
Jun 22 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: input_userauth_request: invalid user alex [preauth]
Jun 22 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: Failed password for invalid user alex from 176.65.132.129 port 52692 ssh2
Jun 22 19:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13508]: Connection closed by 176.65.132.129 port 52692 [preauth]
Jun 22 19:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: Invalid user arthur from 176.65.132.129
Jun 22 19:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: input_userauth_request: invalid user arthur [preauth]
Jun 22 19:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: Failed password for invalid user arthur from 176.65.132.129 port 52696 ssh2
Jun 22 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: Connection closed by 176.65.132.129 port 52696 [preauth]
Jun 22 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: Invalid user calvin from 176.65.132.129
Jun 22 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: input_userauth_request: invalid user calvin [preauth]
Jun 22 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: Failed password for invalid user calvin from 176.65.132.129 port 44092 ssh2
Jun 22 19:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: Connection closed by 176.65.132.129 port 44092 [preauth]
Jun 22 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: Invalid user sam from 176.65.132.129
Jun 22 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: input_userauth_request: invalid user sam [preauth]
Jun 22 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: Failed password for invalid user sam from 176.65.132.129 port 44106 ssh2
Jun 22 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: Connection closed by 176.65.132.129 port 44106 [preauth]
Jun 22 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Invalid user www from 176.65.132.129
Jun 22 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: input_userauth_request: invalid user www [preauth]
Jun 22 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Failed password for invalid user www from 176.65.132.129 port 44122 ssh2
Jun 22 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Connection closed by 176.65.132.129 port 44122 [preauth]
Jun 22 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session closed for user root
Jun 22 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: Failed password for root from 38.55.97.143 port 54860 ssh2
Jun 22 19:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: Connection closed by 38.55.97.143 port 54860 [preauth]
Jun 22 19:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: Invalid user admin from 193.24.211.107
Jun 22 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107
Jun 22 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13561]: Failed password for root from 176.65.132.129 port 35002 ssh2
Jun 22 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13561]: Connection closed by 176.65.132.129 port 35002 [preauth]
Jun 22 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Invalid user ftpuser1 from 176.65.132.129
Jun 22 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 22 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: Failed password for invalid user admin from 193.24.211.107 port 22715 ssh2
Jun 22 19:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: Received disconnect from 193.24.211.107 port 22715:11: Client disconnecting normally [preauth]
Jun 22 19:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: Disconnected from 193.24.211.107 port 22715 [preauth]
Jun 22 19:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Failed password for invalid user ftpuser1 from 176.65.132.129 port 35040 ssh2
Jun 22 19:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Connection closed by 176.65.132.129 port 35040 [preauth]
Jun 22 19:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: User vncuser from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: input_userauth_request: invalid user vncuser [preauth]
Jun 22 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=vncuser
Jun 22 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: Failed password for invalid user vncuser from 176.65.132.129 port 35066 ssh2
Jun 22 19:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: Connection closed by 176.65.132.129 port 35066 [preauth]
Jun 22 19:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Invalid user linuxuser from 176.65.132.129
Jun 22 19:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: input_userauth_request: invalid user linuxuser [preauth]
Jun 22 19:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Failed password for invalid user linuxuser from 176.65.132.129 port 35104 ssh2
Jun 22 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Connection closed by 176.65.132.129 port 35104 [preauth]
Jun 22 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Invalid user minecraft from 176.65.132.129
Jun 22 19:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 19:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Failed password for invalid user minecraft from 176.65.132.129 port 40256 ssh2
Jun 22 19:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Connection closed by 176.65.132.129 port 40256 [preauth]
Jun 22 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Invalid user claude from 176.65.132.129
Jun 22 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: input_userauth_request: invalid user claude [preauth]
Jun 22 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Failed password for invalid user claude from 176.65.132.129 port 40272 ssh2
Jun 22 19:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Connection closed by 176.65.132.129 port 40272 [preauth]
Jun 22 19:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Failed password for root from 176.65.132.129 port 40282 ssh2
Jun 22 19:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Connection closed by 176.65.132.129 port 40282 [preauth]
Jun 22 19:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13646]: Failed password for root from 176.65.132.129 port 45826 ssh2
Jun 22 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13646]: Connection closed by 176.65.132.129 port 45826 [preauth]
Jun 22 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: Invalid user sam from 176.65.132.129
Jun 22 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: input_userauth_request: invalid user sam [preauth]
Jun 22 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: Failed password for invalid user sam from 176.65.132.129 port 45828 ssh2
Jun 22 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: Connection closed by 176.65.132.129 port 45828 [preauth]
Jun 22 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: Invalid user fastuser from 176.65.132.129
Jun 22 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: Failed password for invalid user fastuser from 176.65.132.129 port 45832 ssh2
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: Connection closed by 176.65.132.129 port 45832 [preauth]
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13665]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13663]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Invalid user username from 176.65.132.129
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: input_userauth_request: invalid user username [preauth]
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13726]: Successful su for rubyman by root
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13726]: + ??? root:rubyman
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572812 of user rubyman.
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13726]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572812.
Jun 22 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Failed password for invalid user username from 176.65.132.129 port 41868 ssh2
Jun 22 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10729]: pam_unix(cron:session): session closed for user root
Jun 22 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Connection closed by 176.65.132.129 port 41868 [preauth]
Jun 22 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Invalid user user2 from 176.65.132.129
Jun 22 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: input_userauth_request: invalid user user2 [preauth]
Jun 22 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13664]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Failed password for invalid user user2 from 176.65.132.129 port 41886 ssh2
Jun 22 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Connection closed by 176.65.132.129 port 41886 [preauth]
Jun 22 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Failed password for root from 176.65.132.129 port 41898 ssh2
Jun 22 19:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Connection closed by 176.65.132.129 port 41898 [preauth]
Jun 22 19:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Invalid user ducc0x from 176.65.132.129
Jun 22 19:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: input_userauth_request: invalid user ducc0x [preauth]
Jun 22 19:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for invalid user ducc0x from 176.65.132.129 port 41906 ssh2
Jun 22 19:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Connection closed by 176.65.132.129 port 41906 [preauth]
Jun 22 19:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Invalid user tomcat from 176.65.132.129
Jun 22 19:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: input_userauth_request: invalid user tomcat [preauth]
Jun 22 19:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Failed password for invalid user tomcat from 176.65.132.129 port 47108 ssh2
Jun 22 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Connection closed by 176.65.132.129 port 47108 [preauth]
Jun 22 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: Invalid user pi from 176.65.132.129
Jun 22 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: Failed password for invalid user pi from 176.65.132.129 port 47118 ssh2
Jun 22 19:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: Connection closed by 176.65.132.129 port 47118 [preauth]
Jun 22 19:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Invalid user vyos from 176.65.132.129
Jun 22 19:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: input_userauth_request: invalid user vyos [preauth]
Jun 22 19:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Failed password for invalid user vyos from 176.65.132.129 port 47130 ssh2
Jun 22 19:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Connection closed by 176.65.132.129 port 47130 [preauth]
Jun 22 19:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: Invalid user user2 from 176.65.132.129
Jun 22 19:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: input_userauth_request: invalid user user2 [preauth]
Jun 22 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: Failed password for invalid user user2 from 176.65.132.129 port 52714 ssh2
Jun 22 19:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: Connection closed by 176.65.132.129 port 52714 [preauth]
Jun 22 19:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Invalid user ai from 176.65.132.129
Jun 22 19:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: input_userauth_request: invalid user ai [preauth]
Jun 22 19:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Failed password for invalid user ai from 176.65.132.129 port 52720 ssh2
Jun 22 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Connection closed by 176.65.132.129 port 52720 [preauth]
Jun 22 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Invalid user uftp from 176.65.132.129
Jun 22 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: input_userauth_request: invalid user uftp [preauth]
Jun 22 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Failed password for invalid user uftp from 176.65.132.129 port 52730 ssh2
Jun 22 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Connection closed by 176.65.132.129 port 52730 [preauth]
Jun 22 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: Invalid user fa from 176.65.132.129
Jun 22 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: input_userauth_request: invalid user fa [preauth]
Jun 22 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: Failed password for invalid user fa from 176.65.132.129 port 52732 ssh2
Jun 22 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: Connection closed by 176.65.132.129 port 52732 [preauth]
Jun 22 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Invalid user developer from 176.65.132.129
Jun 22 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: input_userauth_request: invalid user developer [preauth]
Jun 22 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12767]: pam_unix(cron:session): session closed for user root
Jun 22 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Failed password for invalid user developer from 176.65.132.129 port 53582 ssh2
Jun 22 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Connection closed by 176.65.132.129 port 53582 [preauth]
Jun 22 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: Failed password for root from 176.65.132.129 port 53588 ssh2
Jun 22 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14047]: Connection closed by 176.65.132.129 port 53588 [preauth]
Jun 22 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Invalid user teamspeak from 176.65.132.129
Jun 22 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Failed password for invalid user teamspeak from 176.65.132.129 port 53592 ssh2
Jun 22 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Connection closed by 176.65.132.129 port 53592 [preauth]
Jun 22 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: Invalid user jellyfin from 176.65.132.129
Jun 22 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: input_userauth_request: invalid user jellyfin [preauth]
Jun 22 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Failed password for root from 38.55.97.143 port 55000 ssh2
Jun 22 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Connection closed by 38.55.97.143 port 55000 [preauth]
Jun 22 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: Failed password for invalid user jellyfin from 176.65.132.129 port 56868 ssh2
Jun 22 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: Connection closed by 176.65.132.129 port 56868 [preauth]
Jun 22 19:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: Invalid user user1 from 176.65.132.129
Jun 22 19:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: input_userauth_request: invalid user user1 [preauth]
Jun 22 19:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: Failed password for invalid user user1 from 176.65.132.129 port 56876 ssh2
Jun 22 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14076]: Connection closed by 176.65.132.129 port 56876 [preauth]
Jun 22 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: Invalid user server from 176.65.132.129
Jun 22 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: input_userauth_request: invalid user server [preauth]
Jun 22 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: Failed password for invalid user server from 176.65.132.129 port 56886 ssh2
Jun 22 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: Connection closed by 176.65.132.129 port 56886 [preauth]
Jun 22 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Invalid user user from 176.65.132.129
Jun 22 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: input_userauth_request: invalid user user [preauth]
Jun 22 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Failed password for invalid user user from 176.65.132.129 port 56896 ssh2
Jun 22 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Connection closed by 176.65.132.129 port 56896 [preauth]
Jun 22 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Failed password for root from 176.65.132.129 port 48980 ssh2
Jun 22 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Connection closed by 176.65.132.129 port 48980 [preauth]
Jun 22 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Invalid user bot from 176.65.132.129
Jun 22 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: input_userauth_request: invalid user bot [preauth]
Jun 22 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Failed password for invalid user bot from 176.65.132.129 port 48996 ssh2
Jun 22 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Connection closed by 176.65.132.129 port 48996 [preauth]
Jun 22 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session closed for user root
Jun 22 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14111]: Failed password for root from 176.65.132.129 port 49010 ssh2
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14193]: Successful su for rubyman by root
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14193]: + ??? root:rubyman
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572816 of user rubyman.
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14193]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14111]: Connection closed by 176.65.132.129 port 49010 [preauth]
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572816.
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: Invalid user root1 from 176.65.132.129
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: input_userauth_request: invalid user root1 [preauth]
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14124]: pam_unix(cron:session): session closed for user root
Jun 22 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: Failed password for invalid user root1 from 176.65.132.129 port 36904 ssh2
Jun 22 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11192]: pam_unix(cron:session): session closed for user root
Jun 22 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: Connection closed by 176.65.132.129 port 36904 [preauth]
Jun 22 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Invalid user deploy from 176.65.132.129
Jun 22 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Failed password for invalid user deploy from 176.65.132.129 port 36910 ssh2
Jun 22 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Connection closed by 176.65.132.129 port 36910 [preauth]
Jun 22 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Invalid user jenkins from 176.65.132.129
Jun 22 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Failed password for invalid user jenkins from 176.65.132.129 port 36916 ssh2
Jun 22 19:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: Invalid user rdpuser from 176.65.132.129
Jun 22 19:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 19:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Connection closed by 176.65.132.129 port 36916 [preauth]
Jun 22 19:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: Failed password for invalid user rdpuser from 176.65.132.129 port 36930 ssh2
Jun 22 19:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: Connection closed by 176.65.132.129 port 36930 [preauth]
Jun 22 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Invalid user pi from 176.65.132.129
Jun 22 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: input_userauth_request: invalid user pi [preauth]
Jun 22 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Failed password for invalid user pi from 176.65.132.129 port 50912 ssh2
Jun 22 19:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Connection closed by 176.65.132.129 port 50912 [preauth]
Jun 22 19:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Failed password for root from 176.65.132.129 port 50918 ssh2
Jun 22 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Connection closed by 176.65.132.129 port 50918 [preauth]
Jun 22 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Failed password for root from 176.65.132.129 port 50930 ssh2
Jun 22 19:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Connection closed by 176.65.132.129 port 50930 [preauth]
Jun 22 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Invalid user vpn from 176.65.132.129
Jun 22 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: input_userauth_request: invalid user vpn [preauth]
Jun 22 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Failed password for invalid user vpn from 176.65.132.129 port 42688 ssh2
Jun 22 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Connection closed by 176.65.132.129 port 42688 [preauth]
Jun 22 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Failed password for root from 176.65.132.129 port 42702 ssh2
Jun 22 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Connection closed by 176.65.132.129 port 42702 [preauth]
Jun 22 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Invalid user nexus from 176.65.132.129
Jun 22 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: input_userauth_request: invalid user nexus [preauth]
Jun 22 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Failed password for invalid user nexus from 176.65.132.129 port 42718 ssh2
Jun 22 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Connection closed by 176.65.132.129 port 42718 [preauth]
Jun 22 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Failed password for root from 176.65.132.129 port 42722 ssh2
Jun 22 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13224]: pam_unix(cron:session): session closed for user root
Jun 22 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Connection closed by 176.65.132.129 port 42722 [preauth]
Jun 22 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Invalid user ec2-user from 176.65.132.129
Jun 22 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: input_userauth_request: invalid user ec2-user [preauth]
Jun 22 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Failed password for invalid user ec2-user from 176.65.132.129 port 56078 ssh2
Jun 22 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Connection closed by 176.65.132.129 port 56078 [preauth]
Jun 22 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Invalid user admin from 176.65.132.129
Jun 22 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Failed password for invalid user admin from 176.65.132.129 port 56094 ssh2
Jun 22 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Connection closed by 176.65.132.129 port 56094 [preauth]
Jun 22 19:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Invalid user appuser from 176.65.132.129
Jun 22 19:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: input_userauth_request: invalid user appuser [preauth]
Jun 22 19:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Failed password for invalid user appuser from 176.65.132.129 port 56110 ssh2
Jun 22 19:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Connection closed by 176.65.132.129 port 56110 [preauth]
Jun 22 19:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: Invalid user nexus from 176.65.132.129
Jun 22 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: input_userauth_request: invalid user nexus [preauth]
Jun 22 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: Failed password for invalid user nexus from 176.65.132.129 port 36370 ssh2
Jun 22 19:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: Connection closed by 176.65.132.129 port 36370 [preauth]
Jun 22 19:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: Invalid user packer from 176.65.132.129
Jun 22 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: input_userauth_request: invalid user packer [preauth]
Jun 22 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: Failed password for invalid user packer from 176.65.132.129 port 36376 ssh2
Jun 22 19:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14542]: Connection closed by 176.65.132.129 port 36376 [preauth]
Jun 22 19:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: Invalid user debian from 176.65.132.129
Jun 22 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: input_userauth_request: invalid user debian [preauth]
Jun 22 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: Failed password for invalid user debian from 176.65.132.129 port 36390 ssh2
Jun 22 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: Connection closed by 176.65.132.129 port 36390 [preauth]
Jun 22 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14554]: Invalid user ai from 176.65.132.129
Jun 22 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14554]: input_userauth_request: invalid user ai [preauth]
Jun 22 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14554]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14554]: Failed password for invalid user ai from 176.65.132.129 port 36398 ssh2
Jun 22 19:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14554]: Connection closed by 176.65.132.129 port 36398 [preauth]
Jun 22 19:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Invalid user admin1 from 176.65.132.129
Jun 22 19:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 19:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Failed password for invalid user admin1 from 176.65.132.129 port 33032 ssh2
Jun 22 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Connection closed by 176.65.132.129 port 33032 [preauth]
Jun 22 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: Invalid user teste from 176.65.132.129
Jun 22 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: input_userauth_request: invalid user teste [preauth]
Jun 22 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Failed password for root from 38.55.97.143 port 41386 ssh2
Jun 22 19:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Connection closed by 38.55.97.143 port 41386 [preauth]
Jun 22 19:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: Failed password for invalid user teste from 176.65.132.129 port 33050 ssh2
Jun 22 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: Connection closed by 176.65.132.129 port 33050 [preauth]
Jun 22 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: Invalid user devops from 176.65.132.129
Jun 22 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: input_userauth_request: invalid user devops [preauth]
Jun 22 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: Successful su for rubyman by root
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: + ??? root:rubyman
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572821 of user rubyman.
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572821.
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: Failed password for invalid user devops from 176.65.132.129 port 33066 ssh2
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: Connection closed by 176.65.132.129 port 33066 [preauth]
Jun 22 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Invalid user admin2 from 176.65.132.129
Jun 22 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: input_userauth_request: invalid user admin2 [preauth]
Jun 22 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Failed password for invalid user admin2 from 176.65.132.129 port 42998 ssh2
Jun 22 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Connection closed by 176.65.132.129 port 42998 [preauth]
Jun 22 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: Invalid user sysupdate from 176.65.132.129
Jun 22 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: input_userauth_request: invalid user sysupdate [preauth]
Jun 22 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11645]: pam_unix(cron:session): session closed for user root
Jun 22 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14584]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: Failed password for invalid user sysupdate from 176.65.132.129 port 43014 ssh2
Jun 22 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: Connection closed by 176.65.132.129 port 43014 [preauth]
Jun 22 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Failed password for root from 176.65.132.129 port 43026 ssh2
Jun 22 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Connection closed by 176.65.132.129 port 43026 [preauth]
Jun 22 19:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: Invalid user myuser from 176.65.132.129
Jun 22 19:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: input_userauth_request: invalid user myuser [preauth]
Jun 22 19:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: Failed password for invalid user myuser from 176.65.132.129 port 43034 ssh2
Jun 22 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: Connection closed by 176.65.132.129 port 43034 [preauth]
Jun 22 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Failed password for root from 176.65.132.129 port 53132 ssh2
Jun 22 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Connection closed by 176.65.132.129 port 53132 [preauth]
Jun 22 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Invalid user steam from 176.65.132.129
Jun 22 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: input_userauth_request: invalid user steam [preauth]
Jun 22 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Failed password for invalid user steam from 176.65.132.129 port 53162 ssh2
Jun 22 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Connection closed by 176.65.132.129 port 53162 [preauth]
Jun 22 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: Failed password for root from 176.65.132.129 port 53178 ssh2
Jun 22 19:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: Connection closed by 176.65.132.129 port 53178 [preauth]
Jun 22 19:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14980]: Invalid user test from 176.65.132.129
Jun 22 19:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14980]: input_userauth_request: invalid user test [preauth]
Jun 22 19:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14980]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14980]: Failed password for invalid user test from 176.65.132.129 port 45270 ssh2
Jun 22 19:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14980]: Connection closed by 176.65.132.129 port 45270 [preauth]
Jun 22 19:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14996]: Failed password for root from 176.65.132.129 port 45278 ssh2
Jun 22 19:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14996]: Connection closed by 176.65.132.129 port 45278 [preauth]
Jun 22 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Invalid user dmdba from 176.65.132.129
Jun 22 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: input_userauth_request: invalid user dmdba [preauth]
Jun 22 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Failed password for invalid user dmdba from 176.65.132.129 port 45306 ssh2
Jun 22 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Connection closed by 176.65.132.129 port 45306 [preauth]
Jun 22 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: Invalid user rdpuser from 176.65.132.129
Jun 22 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13666]: pam_unix(cron:session): session closed for user root
Jun 22 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: Failed password for invalid user rdpuser from 176.65.132.129 port 41986 ssh2
Jun 22 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: Connection closed by 176.65.132.129 port 41986 [preauth]
Jun 22 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: Invalid user neptune from 176.65.132.129
Jun 22 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: input_userauth_request: invalid user neptune [preauth]
Jun 22 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: Failed password for invalid user neptune from 176.65.132.129 port 41994 ssh2
Jun 22 19:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: Connection closed by 176.65.132.129 port 41994 [preauth]
Jun 22 19:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: Invalid user coder from 176.65.132.129
Jun 22 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: input_userauth_request: invalid user coder [preauth]
Jun 22 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: Failed password for invalid user coder from 176.65.132.129 port 42008 ssh2
Jun 22 19:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: Connection closed by 176.65.132.129 port 42008 [preauth]
Jun 22 19:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Invalid user root1 from 176.65.132.129
Jun 22 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: input_userauth_request: invalid user root1 [preauth]
Jun 22 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Failed password for invalid user root1 from 176.65.132.129 port 42012 ssh2
Jun 22 19:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Connection closed by 176.65.132.129 port 42012 [preauth]
Jun 22 19:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Invalid user admin1 from 176.65.132.129
Jun 22 19:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 19:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Failed password for invalid user admin1 from 176.65.132.129 port 43248 ssh2
Jun 22 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Connection closed by 176.65.132.129 port 43248 [preauth]
Jun 22 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: User nobody from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: input_userauth_request: invalid user nobody [preauth]
Jun 22 19:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=nobody
Jun 22 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Failed password for invalid user nobody from 176.65.132.129 port 43276 ssh2
Jun 22 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Connection closed by 176.65.132.129 port 43276 [preauth]
Jun 22 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: Failed password for root from 176.65.132.129 port 43292 ssh2
Jun 22 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: Connection closed by 176.65.132.129 port 43292 [preauth]
Jun 22 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: Invalid user data from 176.65.132.129
Jun 22 19:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: input_userauth_request: invalid user data [preauth]
Jun 22 19:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: Failed password for invalid user data from 176.65.132.129 port 45162 ssh2
Jun 22 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: Connection closed by 176.65.132.129 port 45162 [preauth]
Jun 22 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Invalid user postgres from 176.65.132.129
Jun 22 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: input_userauth_request: invalid user postgres [preauth]
Jun 22 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Failed password for invalid user postgres from 176.65.132.129 port 45178 ssh2
Jun 22 19:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Connection closed by 176.65.132.129 port 45178 [preauth]
Jun 22 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15114]: Failed password for root from 176.65.132.129 port 45182 ssh2
Jun 22 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15114]: Connection closed by 176.65.132.129 port 45182 [preauth]
Jun 22 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Invalid user toto from 176.65.132.129
Jun 22 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: input_userauth_request: invalid user toto [preauth]
Jun 22 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15122]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: Successful su for rubyman by root
Jun 22 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: + ??? root:rubyman
Jun 22 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572825 of user rubyman.
Jun 22 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572825.
Jun 22 19:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Failed password for invalid user toto from 176.65.132.129 port 45190 ssh2
Jun 22 19:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Connection closed by 176.65.132.129 port 45190 [preauth]
Jun 22 19:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Failed password for root from 38.55.97.143 port 36146 ssh2
Jun 22 19:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Connection closed by 38.55.97.143 port 36146 [preauth]
Jun 22 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session closed for user root
Jun 22 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Failed password for root from 176.65.132.129 port 43264 ssh2
Jun 22 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Connection closed by 176.65.132.129 port 43264 [preauth]
Jun 22 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15124]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Invalid user avax from 176.65.132.129
Jun 22 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: input_userauth_request: invalid user avax [preauth]
Jun 22 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Failed password for invalid user avax from 176.65.132.129 port 43270 ssh2
Jun 22 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Connection closed by 176.65.132.129 port 43270 [preauth]
Jun 22 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Invalid user aaa from 176.65.132.129
Jun 22 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: input_userauth_request: invalid user aaa [preauth]
Jun 22 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Failed password for invalid user aaa from 176.65.132.129 port 43280 ssh2
Jun 22 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Connection closed by 176.65.132.129 port 43280 [preauth]
Jun 22 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: Failed password for root from 176.65.132.129 port 36584 ssh2
Jun 22 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: Connection closed by 176.65.132.129 port 36584 [preauth]
Jun 22 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Failed password for root from 176.65.132.129 port 36608 ssh2
Jun 22 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Connection closed by 176.65.132.129 port 36608 [preauth]
Jun 22 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Failed password for root from 176.65.132.129 port 36632 ssh2
Jun 22 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Connection closed by 176.65.132.129 port 36632 [preauth]
Jun 22 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Invalid user nvidia from 176.65.132.129
Jun 22 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: input_userauth_request: invalid user nvidia [preauth]
Jun 22 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user nvidia from 176.65.132.129 port 36640 ssh2
Jun 22 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Connection closed by 176.65.132.129 port 36640 [preauth]
Jun 22 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Invalid user gabriel from 176.65.132.129
Jun 22 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: input_userauth_request: invalid user gabriel [preauth]
Jun 22 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Failed password for invalid user gabriel from 176.65.132.129 port 49234 ssh2
Jun 22 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Connection closed by 176.65.132.129 port 49234 [preauth]
Jun 22 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: Connection closed by 45.148.10.121 port 51612 [preauth]
Jun 22 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Failed password for root from 176.65.132.129 port 49248 ssh2
Jun 22 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Connection closed by 176.65.132.129 port 49248 [preauth]
Jun 22 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Failed password for root from 176.65.132.129 port 49252 ssh2
Jun 22 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Connection closed by 176.65.132.129 port 49252 [preauth]
Jun 22 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Invalid user user from 176.65.132.129
Jun 22 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: input_userauth_request: invalid user user [preauth]
Jun 22 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14126]: pam_unix(cron:session): session closed for user root
Jun 22 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Failed password for invalid user user from 176.65.132.129 port 58616 ssh2
Jun 22 19:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Connection closed by 176.65.132.129 port 58616 [preauth]
Jun 22 19:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15487]: Failed password for root from 176.65.132.129 port 58628 ssh2
Jun 22 19:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15487]: Connection closed by 176.65.132.129 port 58628 [preauth]
Jun 22 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: Invalid user www from 176.65.132.129
Jun 22 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: input_userauth_request: invalid user www [preauth]
Jun 22 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: Failed password for invalid user www from 176.65.132.129 port 58638 ssh2
Jun 22 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: Connection closed by 176.65.132.129 port 58638 [preauth]
Jun 22 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Failed password for root from 176.65.132.129 port 45622 ssh2
Jun 22 19:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Connection closed by 176.65.132.129 port 45622 [preauth]
Jun 22 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Invalid user kim from 176.65.132.129
Jun 22 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: input_userauth_request: invalid user kim [preauth]
Jun 22 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Failed password for invalid user kim from 176.65.132.129 port 45632 ssh2
Jun 22 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Connection closed by 176.65.132.129 port 45632 [preauth]
Jun 22 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Invalid user media from 176.65.132.129
Jun 22 19:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: input_userauth_request: invalid user media [preauth]
Jun 22 19:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Failed password for invalid user media from 176.65.132.129 port 45640 ssh2
Jun 22 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Connection closed by 176.65.132.129 port 45640 [preauth]
Jun 22 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Failed password for root from 176.65.132.129 port 45656 ssh2
Jun 22 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Connection closed by 176.65.132.129 port 45656 [preauth]
Jun 22 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15537]: Invalid user rancher from 176.65.132.129
Jun 22 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15537]: input_userauth_request: invalid user rancher [preauth]
Jun 22 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15537]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15537]: Failed password for invalid user rancher from 176.65.132.129 port 34684 ssh2
Jun 22 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15537]: Connection closed by 176.65.132.129 port 34684 [preauth]
Jun 22 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: Invalid user user2 from 176.65.132.129
Jun 22 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: input_userauth_request: invalid user user2 [preauth]
Jun 22 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: Failed password for invalid user user2 from 176.65.132.129 port 34688 ssh2
Jun 22 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: Connection closed by 176.65.132.129 port 34688 [preauth]
Jun 22 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Invalid user webuser from 176.65.132.129
Jun 22 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: input_userauth_request: invalid user webuser [preauth]
Jun 22 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Failed password for invalid user webuser from 176.65.132.129 port 34702 ssh2
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Connection closed by 176.65.132.129 port 34702 [preauth]
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15552]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: Successful su for rubyman by root
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: + ??? root:rubyman
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572829 of user rubyman.
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572829.
Jun 22 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Invalid user webmaster from 176.65.132.129
Jun 22 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: input_userauth_request: invalid user webmaster [preauth]
Jun 22 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Failed password for invalid user webmaster from 176.65.132.129 port 54666 ssh2
Jun 22 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12765]: pam_unix(cron:session): session closed for user root
Jun 22 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Connection closed by 176.65.132.129 port 54666 [preauth]
Jun 22 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15553]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: Failed password for root from 38.55.97.143 port 55178 ssh2
Jun 22 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: Connection closed by 38.55.97.143 port 55178 [preauth]
Jun 22 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: Failed password for root from 176.65.132.129 port 54676 ssh2
Jun 22 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: Connection closed by 176.65.132.129 port 54676 [preauth]
Jun 22 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: Invalid user test from 176.65.132.129
Jun 22 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: input_userauth_request: invalid user test [preauth]
Jun 22 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: Failed password for invalid user test from 176.65.132.129 port 54680 ssh2
Jun 22 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: Connection closed by 176.65.132.129 port 54680 [preauth]
Jun 22 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: Invalid user bot from 176.65.132.129
Jun 22 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: input_userauth_request: invalid user bot [preauth]
Jun 22 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: Failed password for invalid user bot from 176.65.132.129 port 54686 ssh2
Jun 22 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: Connection closed by 176.65.132.129 port 54686 [preauth]
Jun 22 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Invalid user kevin from 176.65.132.129
Jun 22 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: input_userauth_request: invalid user kevin [preauth]
Jun 22 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Failed password for invalid user kevin from 176.65.132.129 port 40632 ssh2
Jun 22 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Connection closed by 176.65.132.129 port 40632 [preauth]
Jun 22 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Invalid user gateway from 176.65.132.129
Jun 22 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: input_userauth_request: invalid user gateway [preauth]
Jun 22 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Failed password for invalid user gateway from 176.65.132.129 port 40644 ssh2
Jun 22 19:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Connection closed by 176.65.132.129 port 40644 [preauth]
Jun 22 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: Failed password for root from 176.65.132.129 port 40658 ssh2
Jun 22 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: Connection closed by 176.65.132.129 port 40658 [preauth]
Jun 22 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Invalid user admin from 176.65.132.129
Jun 22 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Failed password for invalid user admin from 176.65.132.129 port 55534 ssh2
Jun 22 19:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Connection closed by 176.65.132.129 port 55534 [preauth]
Jun 22 19:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Invalid user sam from 176.65.132.129
Jun 22 19:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: input_userauth_request: invalid user sam [preauth]
Jun 22 19:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Failed password for invalid user sam from 176.65.132.129 port 55542 ssh2
Jun 22 19:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Connection closed by 176.65.132.129 port 55542 [preauth]
Jun 22 19:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: Invalid user username from 176.65.132.129
Jun 22 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: input_userauth_request: invalid user username [preauth]
Jun 22 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: Failed password for invalid user username from 176.65.132.129 port 55558 ssh2
Jun 22 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: Connection closed by 176.65.132.129 port 55558 [preauth]
Jun 22 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session closed for user root
Jun 22 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: Failed password for root from 176.65.132.129 port 55560 ssh2
Jun 22 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: Connection closed by 176.65.132.129 port 55560 [preauth]
Jun 22 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: Invalid user minecraft from 176.65.132.129
Jun 22 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: Failed password for invalid user minecraft from 176.65.132.129 port 41192 ssh2
Jun 22 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: Connection closed by 176.65.132.129 port 41192 [preauth]
Jun 22 19:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Failed password for root from 176.65.132.129 port 41198 ssh2
Jun 22 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Connection closed by 176.65.132.129 port 41198 [preauth]
Jun 22 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15931]: Invalid user server from 176.65.132.129
Jun 22 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15931]: input_userauth_request: invalid user server [preauth]
Jun 22 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15931]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15931]: Failed password for invalid user server from 176.65.132.129 port 41200 ssh2
Jun 22 19:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15931]: Connection closed by 176.65.132.129 port 41200 [preauth]
Jun 22 19:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: Invalid user botuser from 176.65.132.129
Jun 22 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: input_userauth_request: invalid user botuser [preauth]
Jun 22 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: Failed password for invalid user botuser from 176.65.132.129 port 40174 ssh2
Jun 22 19:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: Connection closed by 176.65.132.129 port 40174 [preauth]
Jun 22 19:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: Failed password for root from 176.65.132.129 port 40176 ssh2
Jun 22 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: Connection closed by 176.65.132.129 port 40176 [preauth]
Jun 22 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Invalid user opc from 176.65.132.129
Jun 22 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: input_userauth_request: invalid user opc [preauth]
Jun 22 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Failed password for invalid user opc from 176.65.132.129 port 40178 ssh2
Jun 22 19:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Connection closed by 176.65.132.129 port 40178 [preauth]
Jun 22 19:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: Failed password for invalid user ubuntu from 176.65.132.129 port 58120 ssh2
Jun 22 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: Connection closed by 176.65.132.129 port 58120 [preauth]
Jun 22 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Invalid user minecraft from 176.65.132.129
Jun 22 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 19:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Failed password for invalid user minecraft from 176.65.132.129 port 58126 ssh2
Jun 22 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Connection closed by 176.65.132.129 port 58126 [preauth]
Jun 22 19:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: Failed password for root from 176.65.132.129 port 58140 ssh2
Jun 22 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: Connection closed by 176.65.132.129 port 58140 [preauth]
Jun 22 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Invalid user grok from 176.65.132.129
Jun 22 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: input_userauth_request: invalid user grok [preauth]
Jun 22 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15997]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16057]: Successful su for rubyman by root
Jun 22 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16057]: + ??? root:rubyman
Jun 22 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572833 of user rubyman.
Jun 22 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16057]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572833.
Jun 22 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Failed password for invalid user grok from 176.65.132.129 port 58148 ssh2
Jun 22 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Connection closed by 176.65.132.129 port 58148 [preauth]
Jun 22 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Invalid user demo from 176.65.132.129
Jun 22 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: input_userauth_request: invalid user demo [preauth]
Jun 22 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13223]: pam_unix(cron:session): session closed for user root
Jun 22 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Failed password for invalid user demo from 176.65.132.129 port 38108 ssh2
Jun 22 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Connection closed by 176.65.132.129 port 38108 [preauth]
Jun 22 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15998]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: Invalid user user3 from 176.65.132.129
Jun 22 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: input_userauth_request: invalid user user3 [preauth]
Jun 22 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: Failed password for invalid user user3 from 176.65.132.129 port 38118 ssh2
Jun 22 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: Connection closed by 176.65.132.129 port 38118 [preauth]
Jun 22 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Invalid user user from 176.65.132.129
Jun 22 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: input_userauth_request: invalid user user [preauth]
Jun 22 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Failed password for invalid user user from 176.65.132.129 port 38124 ssh2
Jun 22 19:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Connection closed by 176.65.132.129 port 38124 [preauth]
Jun 22 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: Failed password for root from 38.55.97.143 port 45196 ssh2
Jun 22 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: Invalid user admin from 176.65.132.129
Jun 22 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: Connection closed by 38.55.97.143 port 45196 [preauth]
Jun 22 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: Failed password for invalid user admin from 176.65.132.129 port 33752 ssh2
Jun 22 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: Connection closed by 176.65.132.129 port 33752 [preauth]
Jun 22 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: Invalid user admin from 176.65.132.129
Jun 22 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: Failed password for invalid user admin from 176.65.132.129 port 33756 ssh2
Jun 22 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: Connection closed by 176.65.132.129 port 33756 [preauth]
Jun 22 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: Invalid user myuser from 176.65.132.129
Jun 22 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: input_userauth_request: invalid user myuser [preauth]
Jun 22 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: Failed password for invalid user myuser from 176.65.132.129 port 33768 ssh2
Jun 22 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: Connection closed by 176.65.132.129 port 33768 [preauth]
Jun 22 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: Invalid user developer from 176.65.132.129
Jun 22 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: input_userauth_request: invalid user developer [preauth]
Jun 22 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: Failed password for invalid user developer from 176.65.132.129 port 33770 ssh2
Jun 22 19:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: Connection closed by 176.65.132.129 port 33770 [preauth]
Jun 22 19:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Failed password for root from 176.65.132.129 port 34084 ssh2
Jun 22 19:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Connection closed by 176.65.132.129 port 34084 [preauth]
Jun 22 19:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Invalid user uploader from 176.65.132.129
Jun 22 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: input_userauth_request: invalid user uploader [preauth]
Jun 22 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Failed password for invalid user uploader from 176.65.132.129 port 34088 ssh2
Jun 22 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Connection closed by 176.65.132.129 port 34088 [preauth]
Jun 22 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: User nobody from 176.65.132.129 not allowed because not listed in AllowUsers
Jun 22 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: input_userauth_request: invalid user nobody [preauth]
Jun 22 19:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=nobody
Jun 22 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Failed password for invalid user nobody from 176.65.132.129 port 34102 ssh2
Jun 22 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Connection closed by 176.65.132.129 port 34102 [preauth]
Jun 22 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: Invalid user tactical from 176.65.132.129
Jun 22 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: input_userauth_request: invalid user tactical [preauth]
Jun 22 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session closed for user root
Jun 22 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: Failed password for invalid user tactical from 176.65.132.129 port 35440 ssh2
Jun 22 19:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Invalid user admin from 176.65.132.129
Jun 22 19:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: Connection closed by 176.65.132.129 port 35440 [preauth]
Jun 22 19:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Failed password for invalid user admin from 176.65.132.129 port 35456 ssh2
Jun 22 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Connection closed by 176.65.132.129 port 35456 [preauth]
Jun 22 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Invalid user tester from 176.65.132.129
Jun 22 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: input_userauth_request: invalid user tester [preauth]
Jun 22 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Failed password for invalid user tester from 176.65.132.129 port 35458 ssh2
Jun 22 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Connection closed by 176.65.132.129 port 35458 [preauth]
Jun 22 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: Invalid user odoo17 from 176.65.132.129
Jun 22 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: input_userauth_request: invalid user odoo17 [preauth]
Jun 22 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: Failed password for invalid user odoo17 from 176.65.132.129 port 47162 ssh2
Jun 22 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: Connection closed by 176.65.132.129 port 47162 [preauth]
Jun 22 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Invalid user adminuser from 176.65.132.129
Jun 22 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: input_userauth_request: invalid user adminuser [preauth]
Jun 22 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Failed password for invalid user adminuser from 176.65.132.129 port 47184 ssh2
Jun 22 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Connection closed by 176.65.132.129 port 47184 [preauth]
Jun 22 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Invalid user media from 176.65.132.129
Jun 22 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: input_userauth_request: invalid user media [preauth]
Jun 22 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Failed password for invalid user media from 176.65.132.129 port 47214 ssh2
Jun 22 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Connection closed by 176.65.132.129 port 47214 [preauth]
Jun 22 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Invalid user devops from 176.65.132.129
Jun 22 19:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: input_userauth_request: invalid user devops [preauth]
Jun 22 19:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Failed password for invalid user devops from 176.65.132.129 port 47246 ssh2
Jun 22 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Connection closed by 176.65.132.129 port 47246 [preauth]
Jun 22 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Failed password for root from 176.65.132.129 port 44658 ssh2
Jun 22 19:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Connection closed by 176.65.132.129 port 44658 [preauth]
Jun 22 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: Invalid user admin from 176.65.132.129
Jun 22 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: Failed password for invalid user admin from 176.65.132.129 port 44666 ssh2
Jun 22 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: Connection closed by 176.65.132.129 port 44666 [preauth]
Jun 22 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: Invalid user oracle from 176.65.132.129
Jun 22 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: input_userauth_request: invalid user oracle [preauth]
Jun 22 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: Failed password for invalid user oracle from 176.65.132.129 port 44678 ssh2
Jun 22 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: Connection closed by 176.65.132.129 port 44678 [preauth]
Jun 22 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16433]: pam_unix(cron:session): session closed for user root
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16426]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Invalid user user from 176.65.132.129
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: input_userauth_request: invalid user user [preauth]
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16500]: Successful su for rubyman by root
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16500]: + ??? root:rubyman
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572839 of user rubyman.
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16500]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572839.
Jun 22 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Failed password for invalid user user from 176.65.132.129 port 43724 ssh2
Jun 22 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Connection closed by 176.65.132.129 port 43724 [preauth]
Jun 22 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16428]: pam_unix(cron:session): session closed for user root
Jun 22 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13665]: pam_unix(cron:session): session closed for user root
Jun 22 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16620]: Invalid user deploy from 176.65.132.129
Jun 22 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16620]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16620]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16620]: Failed password for invalid user deploy from 176.65.132.129 port 43744 ssh2
Jun 22 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16620]: Connection closed by 176.65.132.129 port 43744 [preauth]
Jun 22 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16427]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16703]: Failed password for root from 176.65.132.129 port 43768 ssh2
Jun 22 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16703]: Connection closed by 176.65.132.129 port 43768 [preauth]
Jun 22 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16717]: Invalid user odoo from 176.65.132.129
Jun 22 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16717]: input_userauth_request: invalid user odoo [preauth]
Jun 22 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16717]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16717]: Failed password for invalid user odoo from 176.65.132.129 port 43798 ssh2
Jun 22 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16717]: Connection closed by 176.65.132.129 port 43798 [preauth]
Jun 22 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16720]: Invalid user oscar from 176.65.132.129
Jun 22 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16720]: input_userauth_request: invalid user oscar [preauth]
Jun 22 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16720]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16720]: Failed password for invalid user oscar from 176.65.132.129 port 44998 ssh2
Jun 22 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16720]: Connection closed by 176.65.132.129 port 44998 [preauth]
Jun 22 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Invalid user vbox from 176.65.132.129
Jun 22 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: input_userauth_request: invalid user vbox [preauth]
Jun 22 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Failed password for invalid user vbox from 176.65.132.129 port 45014 ssh2
Jun 22 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Connection closed by 176.65.132.129 port 45014 [preauth]
Jun 22 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16746]: Failed password for root from 38.55.97.143 port 33670 ssh2
Jun 22 19:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16746]: Connection closed by 38.55.97.143 port 33670 [preauth]
Jun 22 19:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: Failed password for root from 176.65.132.129 port 45018 ssh2
Jun 22 19:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: Connection closed by 176.65.132.129 port 45018 [preauth]
Jun 22 19:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16758]: Failed password for root from 176.65.132.129 port 56938 ssh2
Jun 22 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16758]: Connection closed by 176.65.132.129 port 56938 [preauth]
Jun 22 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: Invalid user deploy from 176.65.132.129
Jun 22 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: input_userauth_request: invalid user deploy [preauth]
Jun 22 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: Failed password for invalid user deploy from 176.65.132.129 port 56950 ssh2
Jun 22 19:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16760]: Connection closed by 176.65.132.129 port 56950 [preauth]
Jun 22 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Invalid user ubuntu from 176.65.132.129
Jun 22 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Failed password for invalid user ubuntu from 176.65.132.129 port 56954 ssh2
Jun 22 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Connection closed by 176.65.132.129 port 56954 [preauth]
Jun 22 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Invalid user kingbase from 176.65.132.129
Jun 22 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: input_userauth_request: invalid user kingbase [preauth]
Jun 22 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session closed for user root
Jun 22 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Failed password for invalid user kingbase from 176.65.132.129 port 56968 ssh2
Jun 22 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Connection closed by 176.65.132.129 port 56968 [preauth]
Jun 22 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Failed password for root from 176.65.132.129 port 43232 ssh2
Jun 22 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Connection closed by 176.65.132.129 port 43232 [preauth]
Jun 22 19:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Invalid user debian from 176.65.132.129
Jun 22 19:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: input_userauth_request: invalid user debian [preauth]
Jun 22 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Failed password for invalid user debian from 176.65.132.129 port 43246 ssh2
Jun 22 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Connection closed by 176.65.132.129 port 43246 [preauth]
Jun 22 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Invalid user odoo14 from 176.65.132.129
Jun 22 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: input_userauth_request: invalid user odoo14 [preauth]
Jun 22 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Invalid user admin from 176.65.132.129
Jun 22 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Failed password for invalid user odoo14 from 176.65.132.129 port 43262 ssh2
Jun 22 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Connection closed by 176.65.132.129 port 43262 [preauth]
Jun 22 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Failed password for invalid user admin from 176.65.132.129 port 41514 ssh2
Jun 22 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Connection closed by 176.65.132.129 port 41514 [preauth]
Jun 22 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16895]: Invalid user user from 176.65.132.129
Jun 22 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16895]: input_userauth_request: invalid user user [preauth]
Jun 22 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16895]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16895]: Failed password for invalid user user from 176.65.132.129 port 41520 ssh2
Jun 22 19:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16895]: Connection closed by 176.65.132.129 port 41520 [preauth]
Jun 22 19:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: Failed password for root from 176.65.132.129 port 41536 ssh2
Jun 22 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: Connection closed by 176.65.132.129 port 41536 [preauth]
Jun 22 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Failed password for root from 176.65.132.129 port 41550 ssh2
Jun 22 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Connection closed by 176.65.132.129 port 41550 [preauth]
Jun 22 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Invalid user hadoop from 176.65.132.129
Jun 22 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Failed password for invalid user hadoop from 176.65.132.129 port 51606 ssh2
Jun 22 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Connection closed by 176.65.132.129 port 51606 [preauth]
Jun 22 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: Invalid user test from 176.65.132.129
Jun 22 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: input_userauth_request: invalid user test [preauth]
Jun 22 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: Failed password for invalid user test from 176.65.132.129 port 51620 ssh2
Jun 22 19:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16953]: Connection closed by 176.65.132.129 port 51620 [preauth]
Jun 22 19:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Invalid user labuser from 176.65.132.129
Jun 22 19:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: input_userauth_request: invalid user labuser [preauth]
Jun 22 19:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16998]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Failed password for invalid user labuser from 176.65.132.129 port 51628 ssh2
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17071]: Successful su for rubyman by root
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17071]: + ??? root:rubyman
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Connection closed by 176.65.132.129 port 51628 [preauth]
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572843 of user rubyman.
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17071]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572843.
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Invalid user ansible from 176.65.132.129
Jun 22 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: input_userauth_request: invalid user ansible [preauth]
Jun 22 19:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14125]: pam_unix(cron:session): session closed for user root
Jun 22 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Failed password for invalid user ansible from 176.65.132.129 port 36016 ssh2
Jun 22 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Connection closed by 176.65.132.129 port 36016 [preauth]
Jun 22 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Invalid user student from 176.65.132.129
Jun 22 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: input_userauth_request: invalid user student [preauth]
Jun 22 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16999]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Failed password for invalid user student from 176.65.132.129 port 36030 ssh2
Jun 22 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Connection closed by 176.65.132.129 port 36030 [preauth]
Jun 22 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129  user=root
Jun 22 19:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Failed password for root from 176.65.132.129 port 36042 ssh2
Jun 22 19:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Connection closed by 176.65.132.129 port 36042 [preauth]
Jun 22 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Failed password for root from 176.65.132.129 port 59456 ssh2
Jun 22 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Connection closed by 176.65.132.129 port 59456 [preauth]
Jun 22 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Invalid user admin from 176.65.132.129
Jun 22 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: input_userauth_request: invalid user admin [preauth]
Jun 22 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Failed password for invalid user admin from 176.65.132.129 port 59460 ssh2
Jun 22 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Connection closed by 176.65.132.129 port 59460 [preauth]
Jun 22 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: Invalid user agent from 176.65.132.129
Jun 22 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: input_userauth_request: invalid user agent [preauth]
Jun 22 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.132.129
Jun 22 19:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: Failed password for invalid user agent from 176.65.132.129 port 59474 ssh2
Jun 22 19:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: Connection closed by 176.65.132.129 port 59474 [preauth]
Jun 22 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: Failed password for root from 38.55.97.143 port 54652 ssh2
Jun 22 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: Connection closed by 38.55.97.143 port 54652 [preauth]
Jun 22 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16000]: pam_unix(cron:session): session closed for user root
Jun 22 19:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: Failed password for root from 38.93.206.2 port 19120 ssh2
Jun 22 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: Connection closed by 38.93.206.2 port 19120 [preauth]
Jun 22 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17439]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17503]: Successful su for rubyman by root
Jun 22 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17503]: + ??? root:rubyman
Jun 22 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572850 of user rubyman.
Jun 22 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17503]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572850.
Jun 22 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session closed for user root
Jun 22 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17826]: Failed password for root from 38.55.97.143 port 47532 ssh2
Jun 22 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17826]: Connection closed by 38.55.97.143 port 47532 [preauth]
Jun 22 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16430]: pam_unix(cron:session): session closed for user root
Jun 22 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17936]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17932]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17992]: Successful su for rubyman by root
Jun 22 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17992]: + ??? root:rubyman
Jun 22 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17992]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572851 of user rubyman.
Jun 22 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17992]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572851.
Jun 22 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15125]: pam_unix(cron:session): session closed for user root
Jun 22 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17933]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17001]: pam_unix(cron:session): session closed for user root
Jun 22 19:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: Failed password for root from 38.55.97.143 port 40042 ssh2
Jun 22 19:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: Connection closed by 38.55.97.143 port 40042 [preauth]
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18355]: pam_unix(cron:session): session closed for user p13x
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18502]: Successful su for rubyman by root
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18502]: + ??? root:rubyman
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572855 of user rubyman.
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18502]: pam_unix(su:session): session closed for user rubyman
Jun 22 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572855.
Jun 22 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session closed for user root
Jun 22 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18359]: pam_unix(cron:session): session closed for user samftp
Jun 22 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17442]: pam_unix(cron:session): session closed for user root
Jun 22 19:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: Failed password for root from 38.55.97.143 port 56470 ssh2
Jun 22 19:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: Connection closed by 38.55.97.143 port 56470 [preauth]
Jun 22 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session closed for user root
Jun 22 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18879]: pam_unix(cron:session): session closed for user root
Jun 22 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18876]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18967]: Successful su for rubyman by root
Jun 22 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18967]: + ??? root:rubyman
Jun 22 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572861 of user rubyman.
Jun 22 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18967]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572861.
Jun 22 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session closed for user root
Jun 22 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15999]: pam_unix(cron:session): session closed for user root
Jun 22 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17936]: pam_unix(cron:session): session closed for user root
Jun 22 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: Failed password for root from 38.55.97.143 port 51334 ssh2
Jun 22 20:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: Connection closed by 38.55.97.143 port 51334 [preauth]
Jun 22 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19472]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19469]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19729]: Successful su for rubyman by root
Jun 22 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19729]: + ??? root:rubyman
Jun 22 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572867 of user rubyman.
Jun 22 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19729]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572867.
Jun 22 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16429]: pam_unix(cron:session): session closed for user root
Jun 22 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19470]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18363]: pam_unix(cron:session): session closed for user root
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20074]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: Successful su for rubyman by root
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: + ??? root:rubyman
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572871 of user rubyman.
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572871.
Jun 22 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17000]: pam_unix(cron:session): session closed for user root
Jun 22 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20075]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: Failed password for root from 38.55.97.143 port 50062 ssh2
Jun 22 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: Connection closed by 38.55.97.143 port 50062 [preauth]
Jun 22 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20447]: Received disconnect from 172.110.219.251 port 35212:11: disconnected by user [preauth]
Jun 22 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20447]: Disconnected from 172.110.219.251 port 35212 [preauth]
Jun 22 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18882]: pam_unix(cron:session): session closed for user root
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20682]: Successful su for rubyman by root
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20682]: + ??? root:rubyman
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572874 of user rubyman.
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20682]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572874.
Jun 22 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session closed for user root
Jun 22 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Failed password for root from 38.55.97.143 port 42564 ssh2
Jun 22 20:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Connection closed by 38.55.97.143 port 42564 [preauth]
Jun 22 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19472]: pam_unix(cron:session): session closed for user root
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21086]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21152]: Successful su for rubyman by root
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21152]: + ??? root:rubyman
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572878 of user rubyman.
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21152]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572878.
Jun 22 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17935]: pam_unix(cron:session): session closed for user root
Jun 22 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21394]: Failed password for root from 38.55.97.143 port 40516 ssh2
Jun 22 20:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21394]: Connection closed by 38.55.97.143 port 40516 [preauth]
Jun 22 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20077]: pam_unix(cron:session): session closed for user root
Jun 22 20:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Invalid user administrator from 193.24.211.107
Jun 22 20:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: input_userauth_request: invalid user administrator [preauth]
Jun 22 20:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107
Jun 22 20:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Failed password for invalid user administrator from 193.24.211.107 port 46093 ssh2
Jun 22 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Received disconnect from 193.24.211.107 port 46093:11: Client disconnecting normally [preauth]
Jun 22 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Disconnected from 193.24.211.107 port 46093 [preauth]
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21504]: pam_unix(cron:session): session closed for user root
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21583]: Successful su for rubyman by root
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21583]: + ??? root:rubyman
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572883 of user rubyman.
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21583]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572883.
Jun 22 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18362]: pam_unix(cron:session): session closed for user root
Jun 22 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session closed for user root
Jun 22 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20594]: pam_unix(cron:session): session closed for user root
Jun 22 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: Failed password for root from 38.55.97.143 port 33388 ssh2
Jun 22 20:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: Connection closed by 38.55.97.143 port 33388 [preauth]
Jun 22 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: Failed password for root from 193.37.70.224 port 47130 ssh2
Jun 22 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: Connection closed by 193.37.70.224 port 47130 [preauth]
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22027]: Successful su for rubyman by root
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22027]: + ??? root:rubyman
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572888 of user rubyman.
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22027]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572888.
Jun 22 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18881]: pam_unix(cron:session): session closed for user root
Jun 22 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session closed for user root
Jun 22 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 22 20:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22288]: Failed password for root from 176.32.39.21 port 38730 ssh2
Jun 22 20:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22288]: Connection closed by 176.32.39.21 port 38730 [preauth]
Jun 22 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Failed password for root from 38.55.97.143 port 55208 ssh2
Jun 22 20:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Connection closed by 38.55.97.143 port 55208 [preauth]
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22467]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22528]: Successful su for rubyman by root
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22528]: + ??? root:rubyman
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572893 of user rubyman.
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22528]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572893.
Jun 22 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19471]: pam_unix(cron:session): session closed for user root
Jun 22 20:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22468]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21503]: pam_unix(cron:session): session closed for user root
Jun 22 20:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: Invalid user kali from 141.98.83.240
Jun 22 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: input_userauth_request: invalid user kali [preauth]
Jun 22 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 20:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: Failed password for invalid user kali from 141.98.83.240 port 43188 ssh2
Jun 22 20:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: Failed password for invalid user kali from 141.98.83.240 port 43188 ssh2
Jun 22 20:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: Failed password for invalid user kali from 141.98.83.240 port 43188 ssh2
Jun 22 20:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: Connection closed by 141.98.83.240 port 43188 [preauth]
Jun 22 20:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22810]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22836]: Failed password for root from 38.55.97.143 port 50104 ssh2
Jun 22 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22836]: Connection closed by 38.55.97.143 port 50104 [preauth]
Jun 22 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22873]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22936]: Successful su for rubyman by root
Jun 22 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22936]: + ??? root:rubyman
Jun 22 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572896 of user rubyman.
Jun 22 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22936]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572896.
Jun 22 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20076]: pam_unix(cron:session): session closed for user root
Jun 22 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22874]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session closed for user root
Jun 22 20:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Failed password for root from 38.55.97.143 port 44916 ssh2
Jun 22 20:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Connection closed by 38.55.97.143 port 44916 [preauth]
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23277]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23405]: Successful su for rubyman by root
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23405]: + ??? root:rubyman
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572900 of user rubyman.
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23405]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572900.
Jun 22 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23273]: pam_unix(cron:session): session closed for user root
Jun 22 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20593]: pam_unix(cron:session): session closed for user root
Jun 22 20:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23278]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22470]: pam_unix(cron:session): session closed for user root
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23817]: pam_unix(cron:session): session closed for user root
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23804]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23972]: Successful su for rubyman by root
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23972]: + ??? root:rubyman
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572908 of user rubyman.
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23972]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572908.
Jun 22 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23810]: pam_unix(cron:session): session closed for user root
Jun 22 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Failed password for root from 38.55.97.143 port 41826 ssh2
Jun 22 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Connection closed by 38.55.97.143 port 41826 [preauth]
Jun 22 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session closed for user root
Jun 22 20:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23809]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22877]: pam_unix(cron:session): session closed for user root
Jun 22 20:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24355]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24418]: Successful su for rubyman by root
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24418]: + ??? root:rubyman
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572911 of user rubyman.
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24418]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572911.
Jun 22 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for root from 109.237.96.109 port 38124 ssh2
Jun 22 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Connection closed by 109.237.96.109 port 38124 [preauth]
Jun 22 20:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session closed for user root
Jun 22 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24356]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: Failed password for root from 38.55.97.143 port 44212 ssh2
Jun 22 20:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: Connection closed by 38.55.97.143 port 44212 [preauth]
Jun 22 20:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23280]: pam_unix(cron:session): session closed for user root
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24785]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24843]: Successful su for rubyman by root
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24843]: + ??? root:rubyman
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572915 of user rubyman.
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24843]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572915.
Jun 22 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21965]: pam_unix(cron:session): session closed for user root
Jun 22 20:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24786]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Failed password for root from 194.113.233.25 port 49732 ssh2
Jun 22 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Connection closed by 194.113.233.25 port 49732 [preauth]
Jun 22 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23816]: pam_unix(cron:session): session closed for user root
Jun 22 20:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Failed password for root from 38.55.97.143 port 56790 ssh2
Jun 22 20:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Connection closed by 38.55.97.143 port 56790 [preauth]
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25252]: Successful su for rubyman by root
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25252]: + ??? root:rubyman
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572919 of user rubyman.
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25252]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572919.
Jun 22 20:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22469]: pam_unix(cron:session): session closed for user root
Jun 22 20:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Invalid user margo from 2.57.121.112
Jun 22 20:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: input_userauth_request: invalid user margo [preauth]
Jun 22 20:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 20:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Failed password for invalid user margo from 2.57.121.112 port 32074 ssh2
Jun 22 20:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Failed password for invalid user margo from 2.57.121.112 port 32074 ssh2
Jun 22 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 20:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Failed password for invalid user margo from 2.57.121.112 port 32074 ssh2
Jun 22 20:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: Received disconnect from 210.210.155.71 port 54890:11: disconnected by user [preauth]
Jun 22 20:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: Disconnected from 210.210.155.71 port 54890 [preauth]
Jun 22 20:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Failed password for invalid user margo from 2.57.121.112 port 32074 ssh2
Jun 22 20:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Failed password for invalid user margo from 2.57.121.112 port 32074 ssh2
Jun 22 20:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Connection closed by 2.57.121.112 port 32074 [preauth]
Jun 22 20:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 20:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 22 20:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24358]: pam_unix(cron:session): session closed for user root
Jun 22 20:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 20:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Failed password for root from 103.153.68.219 port 45352 ssh2
Jun 22 20:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Connection closed by 103.153.68.219 port 45352 [preauth]
Jun 22 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25586]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25644]: Successful su for rubyman by root
Jun 22 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25644]: + ??? root:rubyman
Jun 22 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572923 of user rubyman.
Jun 22 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25644]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572923.
Jun 22 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Failed password for root from 38.55.97.143 port 33852 ssh2
Jun 22 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22876]: pam_unix(cron:session): session closed for user root
Jun 22 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Connection closed by 38.55.97.143 port 33852 [preauth]
Jun 22 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25587]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session closed for user root
Jun 22 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25976]: pam_unix(cron:session): session closed for user root
Jun 22 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26037]: Successful su for rubyman by root
Jun 22 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26037]: + ??? root:rubyman
Jun 22 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572932 of user rubyman.
Jun 22 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26037]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572932.
Jun 22 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23279]: pam_unix(cron:session): session closed for user root
Jun 22 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25973]: pam_unix(cron:session): session closed for user root
Jun 22 20:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25972]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Failed password for root from 38.55.97.143 port 36702 ssh2
Jun 22 20:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Connection closed by 38.55.97.143 port 36702 [preauth]
Jun 22 20:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Received disconnect from 195.26.87.217 port 58740:11: disconnected by user [preauth]
Jun 22 20:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Disconnected from 195.26.87.217 port 58740 [preauth]
Jun 22 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25197]: pam_unix(cron:session): session closed for user root
Jun 22 20:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Invalid user postgres from 186.96.158.180
Jun 22 20:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: input_userauth_request: invalid user postgres [preauth]
Jun 22 20:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Failed password for invalid user postgres from 186.96.158.180 port 62152 ssh2
Jun 22 20:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Received disconnect from 186.96.158.180 port 62152:11: Bye Bye [preauth]
Jun 22 20:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Disconnected from 186.96.158.180 port 62152 [preauth]
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26403]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: Successful su for rubyman by root
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: + ??? root:rubyman
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572935 of user rubyman.
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572935.
Jun 22 20:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23811]: pam_unix(cron:session): session closed for user root
Jun 22 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26404]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: Failed password for root from 38.55.97.143 port 34126 ssh2
Jun 22 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: Connection closed by 38.55.97.143 port 34126 [preauth]
Jun 22 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25589]: pam_unix(cron:session): session closed for user root
Jun 22 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26884]: pam_unix(cron:session): session closed for user root
Jun 22 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26886]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26954]: Successful su for rubyman by root
Jun 22 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26954]: + ??? root:rubyman
Jun 22 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572938 of user rubyman.
Jun 22 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26954]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572938.
Jun 22 20:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24357]: pam_unix(cron:session): session closed for user root
Jun 22 20:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26887]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27200]: Failed password for root from 38.55.97.143 port 58280 ssh2
Jun 22 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25975]: pam_unix(cron:session): session closed for user root
Jun 22 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27200]: Connection closed by 38.55.97.143 port 58280 [preauth]
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27305]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27372]: Successful su for rubyman by root
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27372]: + ??? root:rubyman
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572943 of user rubyman.
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27372]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572943.
Jun 22 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24787]: pam_unix(cron:session): session closed for user root
Jun 22 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27307]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session closed for user root
Jun 22 20:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: Failed password for root from 38.55.97.143 port 50016 ssh2
Jun 22 20:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: Connection closed by 38.55.97.143 port 50016 [preauth]
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27708]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27779]: Successful su for rubyman by root
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27779]: + ??? root:rubyman
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572946 of user rubyman.
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27779]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572946.
Jun 22 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session closed for user root
Jun 22 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27709]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 22 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: Failed password for root from 46.19.67.181 port 51928 ssh2
Jun 22 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: Connection closed by 46.19.67.181 port 51928 [preauth]
Jun 22 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26889]: pam_unix(cron:session): session closed for user root
Jun 22 20:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Failed password for root from 38.55.97.143 port 42878 ssh2
Jun 22 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Connection closed by 38.55.97.143 port 42878 [preauth]
Jun 22 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Invalid user wyy from 201.184.50.251
Jun 22 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: input_userauth_request: invalid user wyy [preauth]
Jun 22 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 20:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Failed password for invalid user wyy from 201.184.50.251 port 59924 ssh2
Jun 22 20:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Received disconnect from 201.184.50.251 port 59924:11: Bye Bye [preauth]
Jun 22 20:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Disconnected from 201.184.50.251 port 59924 [preauth]
Jun 22 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28190]: pam_unix(cron:session): session closed for user root
Jun 22 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28185]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28254]: Successful su for rubyman by root
Jun 22 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28254]: + ??? root:rubyman
Jun 22 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572953 of user rubyman.
Jun 22 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28254]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572953.
Jun 22 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28187]: pam_unix(cron:session): session closed for user root
Jun 22 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25588]: pam_unix(cron:session): session closed for user root
Jun 22 20:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28186]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28486]: Failed password for root from 203.142.160.143 port 60164 ssh2
Jun 22 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28486]: Received disconnect from 203.142.160.143 port 60164:11: Bye Bye [preauth]
Jun 22 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28486]: Disconnected from 203.142.160.143 port 60164 [preauth]
Jun 22 20:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: Received disconnect from 50.7.127.99 port 55042:11: disconnected by user [preauth]
Jun 22 20:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: Disconnected from 50.7.127.99 port 55042 [preauth]
Jun 22 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27309]: pam_unix(cron:session): session closed for user root
Jun 22 20:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28781]: Successful su for rubyman by root
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28781]: + ??? root:rubyman
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572956 of user rubyman.
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28781]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572956.
Jun 22 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Failed password for root from 38.55.97.143 port 58232 ssh2
Jun 22 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Connection closed by 38.55.97.143 port 58232 [preauth]
Jun 22 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Invalid user security from 193.24.211.107
Jun 22 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: input_userauth_request: invalid user security [preauth]
Jun 22 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107
Jun 22 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25974]: pam_unix(cron:session): session closed for user root
Jun 22 20:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28705]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Failed password for invalid user security from 193.24.211.107 port 22793 ssh2
Jun 22 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Received disconnect from 193.24.211.107 port 22793:11: Client disconnecting normally [preauth]
Jun 22 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Disconnected from 193.24.211.107 port 22793 [preauth]
Jun 22 20:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 20:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: Failed password for root from 202.178.126.219 port 61309 ssh2
Jun 22 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: Connection closed by 202.178.126.219 port 61309 [preauth]
Jun 22 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27711]: pam_unix(cron:session): session closed for user root
Jun 22 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29137]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29202]: Successful su for rubyman by root
Jun 22 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29202]: + ??? root:rubyman
Jun 22 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572961 of user rubyman.
Jun 22 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29202]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572961.
Jun 22 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session closed for user root
Jun 22 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29138]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 20:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29405]: Failed password for root from 38.55.97.143 port 33044 ssh2
Jun 22 20:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29405]: Connection closed by 38.55.97.143 port 33044 [preauth]
Jun 22 20:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Failed password for root from 103.27.238.120 port 57696 ssh2
Jun 22 20:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Connection closed by 103.27.238.120 port 57696 [preauth]
Jun 22 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28189]: pam_unix(cron:session): session closed for user root
Jun 22 20:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 22 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Failed password for root from 45.148.10.121 port 35000 ssh2
Jun 22 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Connection closed by 45.148.10.121 port 35000 [preauth]
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29740]: Successful su for rubyman by root
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29740]: + ??? root:rubyman
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572965 of user rubyman.
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29740]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572965.
Jun 22 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26888]: pam_unix(cron:session): session closed for user root
Jun 22 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29655]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29972]: Failed password for root from 38.55.97.143 port 33036 ssh2
Jun 22 20:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29972]: Connection closed by 38.55.97.143 port 33036 [preauth]
Jun 22 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28708]: pam_unix(cron:session): session closed for user root
Jun 22 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30098]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: Successful su for rubyman by root
Jun 22 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: + ??? root:rubyman
Jun 22 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572968 of user rubyman.
Jun 22 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572968.
Jun 22 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27308]: pam_unix(cron:session): session closed for user root
Jun 22 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30099]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: Failed password for root from 38.55.97.143 port 58826 ssh2
Jun 22 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: Connection closed by 38.55.97.143 port 58826 [preauth]
Jun 22 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29140]: pam_unix(cron:session): session closed for user root
Jun 22 20:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30486]: Received disconnect from 148.113.221.114 port 40780:11: disconnected by user [preauth]
Jun 22 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30486]: Disconnected from 148.113.221.114 port 40780 [preauth]
Jun 22 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30513]: pam_unix(cron:session): session closed for user root
Jun 22 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30508]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30586]: Successful su for rubyman by root
Jun 22 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30586]: + ??? root:rubyman
Jun 22 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572972 of user rubyman.
Jun 22 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30586]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572972.
Jun 22 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27710]: pam_unix(cron:session): session closed for user root
Jun 22 20:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30510]: pam_unix(cron:session): session closed for user root
Jun 22 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30509]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29658]: pam_unix(cron:session): session closed for user root
Jun 22 20:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: Failed password for root from 38.55.97.143 port 52624 ssh2
Jun 22 20:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: Connection closed by 38.55.97.143 port 52624 [preauth]
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31053]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31121]: Successful su for rubyman by root
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31121]: + ??? root:rubyman
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572978 of user rubyman.
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31121]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572978.
Jun 22 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28188]: pam_unix(cron:session): session closed for user root
Jun 22 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session closed for user root
Jun 22 20:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31414]: Failed password for root from 38.55.97.143 port 46388 ssh2
Jun 22 20:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31414]: Connection closed by 38.55.97.143 port 46388 [preauth]
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31466]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31535]: Successful su for rubyman by root
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31535]: + ??? root:rubyman
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572984 of user rubyman.
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31535]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572984.
Jun 22 20:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session closed for user root
Jun 22 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31467]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30512]: pam_unix(cron:session): session closed for user root
Jun 22 20:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31960]: Failed password for root from 38.55.97.143 port 46968 ssh2
Jun 22 20:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31960]: Connection closed by 38.55.97.143 port 46968 [preauth]
Jun 22 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: Successful su for rubyman by root
Jun 22 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: + ??? root:rubyman
Jun 22 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572986 of user rubyman.
Jun 22 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572986.
Jun 22 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29139]: pam_unix(cron:session): session closed for user root
Jun 22 20:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31975]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 20:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Failed password for root from 201.184.50.251 port 47056 ssh2
Jun 22 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Received disconnect from 201.184.50.251 port 47056:11: Bye Bye [preauth]
Jun 22 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Disconnected from 201.184.50.251 port 47056 [preauth]
Jun 22 20:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32270]: Invalid user devops from 203.142.160.143
Jun 22 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32270]: input_userauth_request: invalid user devops [preauth]
Jun 22 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32270]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 20:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32270]: Failed password for invalid user devops from 203.142.160.143 port 45076 ssh2
Jun 22 20:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32270]: Received disconnect from 203.142.160.143 port 45076:11: Bye Bye [preauth]
Jun 22 20:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32270]: Disconnected from 203.142.160.143 port 45076 [preauth]
Jun 22 20:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31057]: pam_unix(cron:session): session closed for user root
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32376]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32442]: Successful su for rubyman by root
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32442]: + ??? root:rubyman
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572991 of user rubyman.
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32442]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572991.
Jun 22 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29657]: pam_unix(cron:session): session closed for user root
Jun 22 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32377]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: Failed password for root from 38.55.97.143 port 43710 ssh2
Jun 22 20:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: Connection closed by 38.55.97.143 port 43710 [preauth]
Jun 22 20:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: Received disconnect from 176.65.131.147 port 50386:11: disconnected by user [preauth]
Jun 22 20:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: Disconnected from 176.65.131.147 port 50386 [preauth]
Jun 22 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31469]: pam_unix(cron:session): session closed for user root
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[342]: pam_unix(cron:session): session closed for user root
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[336]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[414]: Successful su for rubyman by root
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[414]: + ??? root:rubyman
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 572995 of user rubyman.
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[414]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 572995.
Jun 22 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[338]: pam_unix(cron:session): session closed for user root
Jun 22 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30100]: pam_unix(cron:session): session closed for user root
Jun 22 20:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[337]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31977]: pam_unix(cron:session): session closed for user root
Jun 22 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 20:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: Failed password for root from 201.184.50.251 port 56792 ssh2
Jun 22 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: Received disconnect from 201.184.50.251 port 56792:11: Bye Bye [preauth]
Jun 22 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: Disconnected from 201.184.50.251 port 56792 [preauth]
Jun 22 20:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: Failed password for root from 38.55.97.143 port 40848 ssh2
Jun 22 20:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: Connection closed by 38.55.97.143 port 40848 [preauth]
Jun 22 20:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Connection closed by 194.59.206.2 port 37944 [preauth]
Jun 22 20:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[921]: Invalid user jenkins from 203.142.160.143
Jun 22 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[921]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[921]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[921]: Failed password for invalid user jenkins from 203.142.160.143 port 53898 ssh2
Jun 22 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[921]: Received disconnect from 203.142.160.143 port 53898:11: Bye Bye [preauth]
Jun 22 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[921]: Disconnected from 203.142.160.143 port 53898 [preauth]
Jun 22 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[935]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: Successful su for rubyman by root
Jun 22 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: + ??? root:rubyman
Jun 22 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573000 of user rubyman.
Jun 22 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573000.
Jun 22 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30511]: pam_unix(cron:session): session closed for user root
Jun 22 20:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[937]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32381]: pam_unix(cron:session): session closed for user root
Jun 22 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: Connection closed by 172.94.9.55 port 49894 [preauth]
Jun 22 20:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Failed password for root from 38.55.97.143 port 39470 ssh2
Jun 22 20:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Connection closed by 38.55.97.143 port 39470 [preauth]
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1413]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1567]: Successful su for rubyman by root
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1567]: + ??? root:rubyman
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573005 of user rubyman.
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1567]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573005.
Jun 22 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31055]: pam_unix(cron:session): session closed for user root
Jun 22 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1414]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: Failed password for root from 80.66.85.226 port 47878 ssh2
Jun 22 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: Connection closed by 80.66.85.226 port 47878 [preauth]
Jun 22 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[341]: pam_unix(cron:session): session closed for user root
Jun 22 20:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: Invalid user bacula from 201.184.50.251
Jun 22 20:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: input_userauth_request: invalid user bacula [preauth]
Jun 22 20:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 20:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: Failed password for invalid user bacula from 201.184.50.251 port 38264 ssh2
Jun 22 20:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: Received disconnect from 201.184.50.251 port 38264:11: Bye Bye [preauth]
Jun 22 20:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: Disconnected from 201.184.50.251 port 38264 [preauth]
Jun 22 20:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1978]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2074]: Successful su for rubyman by root
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2074]: + ??? root:rubyman
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573008 of user rubyman.
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2074]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573008.
Jun 22 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31468]: pam_unix(cron:session): session closed for user root
Jun 22 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Failed password for root from 38.55.97.143 port 43592 ssh2
Jun 22 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Connection closed by 38.55.97.143 port 43592 [preauth]
Jun 22 20:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1979]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Invalid user bacula from 203.142.160.143
Jun 22 20:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: input_userauth_request: invalid user bacula [preauth]
Jun 22 20:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 20:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for invalid user bacula from 203.142.160.143 port 39474 ssh2
Jun 22 20:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Received disconnect from 203.142.160.143 port 39474:11: Bye Bye [preauth]
Jun 22 20:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Disconnected from 203.142.160.143 port 39474 [preauth]
Jun 22 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[939]: pam_unix(cron:session): session closed for user root
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2430]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2496]: Successful su for rubyman by root
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2496]: + ??? root:rubyman
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573014 of user rubyman.
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2496]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573014.
Jun 22 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session closed for user root
Jun 22 20:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2431]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Failed password for root from 38.55.97.143 port 48394 ssh2
Jun 22 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Connection closed by 38.55.97.143 port 48394 [preauth]
Jun 22 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1416]: pam_unix(cron:session): session closed for user root
Jun 22 20:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Received disconnect from 78.111.67.235 port 51274:11: disconnected by user [preauth]
Jun 22 20:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Disconnected from 78.111.67.235 port 51274 [preauth]
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2860]: pam_unix(cron:session): session closed for user root
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2855]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2924]: Successful su for rubyman by root
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2924]: + ??? root:rubyman
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573016 of user rubyman.
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2924]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573016.
Jun 22 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Failed password for root from 186.96.158.180 port 62151 ssh2
Jun 22 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Received disconnect from 186.96.158.180 port 62151:11: Bye Bye [preauth]
Jun 22 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Disconnected from 186.96.158.180 port 62151 [preauth]
Jun 22 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32378]: pam_unix(cron:session): session closed for user root
Jun 22 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2857]: pam_unix(cron:session): session closed for user root
Jun 22 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2856]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Invalid user devops from 201.184.50.251
Jun 22 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: input_userauth_request: invalid user devops [preauth]
Jun 22 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Failed password for invalid user devops from 201.184.50.251 port 47994 ssh2
Jun 22 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Received disconnect from 201.184.50.251 port 47994:11: Bye Bye [preauth]
Jun 22 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Disconnected from 201.184.50.251 port 47994 [preauth]
Jun 22 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: Failed password for root from 103.172.78.219 port 41544 ssh2
Jun 22 20:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: Connection closed by 103.172.78.219 port 41544 [preauth]
Jun 22 20:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: Failed password for root from 38.55.97.143 port 52686 ssh2
Jun 22 20:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: Connection closed by 38.55.97.143 port 52686 [preauth]
Jun 22 20:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1981]: pam_unix(cron:session): session closed for user root
Jun 22 20:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: Invalid user cyber from 203.142.160.143
Jun 22 20:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: input_userauth_request: invalid user cyber [preauth]
Jun 22 20:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: Failed password for invalid user cyber from 203.142.160.143 port 48950 ssh2
Jun 22 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: Received disconnect from 203.142.160.143 port 48950:11: Bye Bye [preauth]
Jun 22 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: Disconnected from 203.142.160.143 port 48950 [preauth]
Jun 22 20:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3291]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Failed password for root from 51.250.105.222 port 57502 ssh2
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3364]: Successful su for rubyman by root
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3364]: + ??? root:rubyman
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573022 of user rubyman.
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3364]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573022.
Jun 22 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Connection closed by 51.250.105.222 port 57502 [preauth]
Jun 22 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[340]: pam_unix(cron:session): session closed for user root
Jun 22 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3292]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2433]: pam_unix(cron:session): session closed for user root
Jun 22 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: Failed password for root from 38.55.97.143 port 54472 ssh2
Jun 22 20:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: Connection closed by 38.55.97.143 port 54472 [preauth]
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3795]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: Successful su for rubyman by root
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: + ??? root:rubyman
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573026 of user rubyman.
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573026.
Jun 22 20:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[938]: pam_unix(cron:session): session closed for user root
Jun 22 20:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3796]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: User mysql from 201.184.50.251 not allowed because not listed in AllowUsers
Jun 22 20:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: input_userauth_request: invalid user mysql [preauth]
Jun 22 20:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=mysql
Jun 22 20:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Failed password for invalid user mysql from 201.184.50.251 port 57678 ssh2
Jun 22 20:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Received disconnect from 201.184.50.251 port 57678:11: Bye Bye [preauth]
Jun 22 20:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Disconnected from 201.184.50.251 port 57678 [preauth]
Jun 22 20:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 20:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Failed password for root from 193.24.211.107 port 6150 ssh2
Jun 22 20:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Received disconnect from 193.24.211.107 port 6150:11: Client disconnecting normally [preauth]
Jun 22 20:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Disconnected from 193.24.211.107 port 6150 [preauth]
Jun 22 20:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2859]: pam_unix(cron:session): session closed for user root
Jun 22 20:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Failed password for root from 38.55.97.143 port 52502 ssh2
Jun 22 20:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Connection closed by 38.55.97.143 port 52502 [preauth]
Jun 22 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4311]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4376]: Successful su for rubyman by root
Jun 22 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4376]: + ??? root:rubyman
Jun 22 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573031 of user rubyman.
Jun 22 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4376]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573031.
Jun 22 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1415]: pam_unix(cron:session): session closed for user root
Jun 22 20:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4312]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4590]: Failed password for root from 203.142.160.143 port 48010 ssh2
Jun 22 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4590]: Received disconnect from 203.142.160.143 port 48010:11: Bye Bye [preauth]
Jun 22 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4590]: Disconnected from 203.142.160.143 port 48010 [preauth]
Jun 22 20:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 20:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 22 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3294]: pam_unix(cron:session): session closed for user root
Jun 22 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4630]: Failed password for root from 77.94.47.83 port 50160 ssh2
Jun 22 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4630]: Connection closed by 77.94.47.83 port 50160 [preauth]
Jun 22 20:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4632]: Failed password for root from 89.223.69.22 port 42968 ssh2
Jun 22 20:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4632]: Connection closed by 89.223.69.22 port 42968 [preauth]
Jun 22 20:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Received disconnect from 212.192.216.2 port 53302:11: disconnected by user [preauth]
Jun 22 20:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Disconnected from 212.192.216.2 port 53302 [preauth]
Jun 22 20:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 20:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: Failed password for root from 186.96.158.180 port 8852 ssh2
Jun 22 20:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: Received disconnect from 186.96.158.180 port 8852:11: Bye Bye [preauth]
Jun 22 20:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: Disconnected from 186.96.158.180 port 8852 [preauth]
Jun 22 20:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Failed password for root from 38.55.97.143 port 54026 ssh2
Jun 22 20:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Connection closed by 38.55.97.143 port 54026 [preauth]
Jun 22 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4722]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4724]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4968]: Successful su for rubyman by root
Jun 22 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4968]: + ??? root:rubyman
Jun 22 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573037 of user rubyman.
Jun 22 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4968]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573037.
Jun 22 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4722]: pam_unix(cron:session): session closed for user root
Jun 22 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1980]: pam_unix(cron:session): session closed for user root
Jun 22 20:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4725]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 20:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: Invalid user matthew from 141.98.83.240
Jun 22 20:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: input_userauth_request: invalid user matthew [preauth]
Jun 22 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5199]: Failed password for root from 103.149.28.157 port 51376 ssh2
Jun 22 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5199]: Connection closed by 103.149.28.157 port 51376 [preauth]
Jun 22 20:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: Failed password for invalid user matthew from 141.98.83.240 port 18166 ssh2
Jun 22 20:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: Failed password for invalid user matthew from 141.98.83.240 port 18166 ssh2
Jun 22 20:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: Failed password for invalid user matthew from 141.98.83.240 port 18166 ssh2
Jun 22 20:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: Connection closed by 141.98.83.240 port 18166 [preauth]
Jun 22 20:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5211]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 20:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session closed for user root
Jun 22 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5342]: pam_unix(cron:session): session closed for user root
Jun 22 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5337]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5415]: Successful su for rubyman by root
Jun 22 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5415]: + ??? root:rubyman
Jun 22 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573043 of user rubyman.
Jun 22 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5415]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573043.
Jun 22 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5339]: pam_unix(cron:session): session closed for user root
Jun 22 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session closed for user root
Jun 22 20:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5338]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: Failed password for root from 38.55.97.143 port 54256 ssh2
Jun 22 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: Connection closed by 38.55.97.143 port 54256 [preauth]
Jun 22 20:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 22 20:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Failed password for root from 147.45.211.215 port 35822 ssh2
Jun 22 20:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 20:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Connection closed by 147.45.211.215 port 35822 [preauth]
Jun 22 20:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5651]: Failed password for root from 103.77.175.15 port 41892 ssh2
Jun 22 20:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5651]: Connection closed by 103.77.175.15 port 41892 [preauth]
Jun 22 20:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: Failed password for root from 38.93.206.2 port 5186 ssh2
Jun 22 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: Connection closed by 38.93.206.2 port 5186 [preauth]
Jun 22 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session closed for user root
Jun 22 20:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 20:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: Failed password for root from 203.142.160.143 port 44668 ssh2
Jun 22 20:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: Received disconnect from 203.142.160.143 port 44668:11: Bye Bye [preauth]
Jun 22 20:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: Disconnected from 203.142.160.143 port 44668 [preauth]
Jun 22 20:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 20:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Failed password for root from 103.15.222.183 port 35878 ssh2
Jun 22 20:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Connection closed by 103.15.222.183 port 35878 [preauth]
Jun 22 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5846]: Successful su for rubyman by root
Jun 22 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5846]: + ??? root:rubyman
Jun 22 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573047 of user rubyman.
Jun 22 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5846]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573047.
Jun 22 20:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2858]: pam_unix(cron:session): session closed for user root
Jun 22 20:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6029]: Invalid user ubuntu from 201.184.50.251
Jun 22 20:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6029]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 20:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6029]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 20:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6029]: Failed password for invalid user ubuntu from 201.184.50.251 port 39282 ssh2
Jun 22 20:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6029]: Received disconnect from 201.184.50.251 port 39282:11: Bye Bye [preauth]
Jun 22 20:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6029]: Disconnected from 201.184.50.251 port 39282 [preauth]
Jun 22 20:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 20:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for root from 103.82.20.28 port 37360 ssh2
Jun 22 20:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Connection closed by 103.82.20.28 port 37360 [preauth]
Jun 22 20:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Failed password for root from 38.55.97.143 port 52526 ssh2
Jun 22 20:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Connection closed by 38.55.97.143 port 52526 [preauth]
Jun 22 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4734]: pam_unix(cron:session): session closed for user root
Jun 22 20:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: Failed password for root from 147.45.199.80 port 58548 ssh2
Jun 22 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: Connection closed by 147.45.199.80 port 58548 [preauth]
Jun 22 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6239]: Successful su for rubyman by root
Jun 22 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6239]: + ??? root:rubyman
Jun 22 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573051 of user rubyman.
Jun 22 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6239]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573051.
Jun 22 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3293]: pam_unix(cron:session): session closed for user root
Jun 22 20:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Invalid user admin from 2.57.121.25
Jun 22 20:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: input_userauth_request: invalid user admin [preauth]
Jun 22 20:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 20:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Failed password for invalid user admin from 2.57.121.25 port 55610 ssh2
Jun 22 20:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Failed password for invalid user admin from 2.57.121.25 port 55610 ssh2
Jun 22 20:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Failed password for invalid user admin from 2.57.121.25 port 55610 ssh2
Jun 22 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Connection closed by 2.57.121.25 port 55610 [preauth]
Jun 22 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 20:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5341]: pam_unix(cron:session): session closed for user root
Jun 22 20:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6504]: Failed password for root from 38.55.97.143 port 58134 ssh2
Jun 22 20:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6504]: Connection closed by 38.55.97.143 port 58134 [preauth]
Jun 22 20:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 20:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 20:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Failed password for root from 62.133.62.83 port 38006 ssh2
Jun 22 20:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Connection closed by 62.133.62.83 port 38006 [preauth]
Jun 22 20:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Failed password for root from 103.77.242.62 port 38864 ssh2
Jun 22 20:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Connection closed by 103.77.242.62 port 38864 [preauth]
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6642]: Successful su for rubyman by root
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6642]: + ??? root:rubyman
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573053 of user rubyman.
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6642]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573053.
Jun 22 20:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session closed for user root
Jun 22 20:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 20:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Failed password for root from 203.142.160.143 port 45856 ssh2
Jun 22 20:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Received disconnect from 203.142.160.143 port 45856:11: Bye Bye [preauth]
Jun 22 20:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Disconnected from 203.142.160.143 port 45856 [preauth]
Jun 22 20:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 20:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: Failed password for root from 186.96.158.180 port 11456 ssh2
Jun 22 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: Received disconnect from 186.96.158.180 port 11456:11: Bye Bye [preauth]
Jun 22 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: Disconnected from 186.96.158.180 port 11456 [preauth]
Jun 22 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Failed password for root from 201.184.50.251 port 48934 ssh2
Jun 22 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Received disconnect from 201.184.50.251 port 48934:11: Bye Bye [preauth]
Jun 22 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Disconnected from 201.184.50.251 port 48934 [preauth]
Jun 22 20:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5778]: pam_unix(cron:session): session closed for user root
Jun 22 20:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Failed password for root from 103.176.20.57 port 56312 ssh2
Jun 22 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Connection closed by 103.176.20.57 port 56312 [preauth]
Jun 22 20:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: Failed password for root from 38.55.97.143 port 55582 ssh2
Jun 22 20:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: Connection closed by 38.55.97.143 port 55582 [preauth]
Jun 22 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7155]: Successful su for rubyman by root
Jun 22 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7155]: + ??? root:rubyman
Jun 22 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573057 of user rubyman.
Jun 22 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7155]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573057.
Jun 22 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4313]: pam_unix(cron:session): session closed for user root
Jun 22 20:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7037]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6179]: pam_unix(cron:session): session closed for user root
Jun 22 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Failed password for root from 38.55.97.143 port 51978 ssh2
Jun 22 20:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Connection closed by 38.55.97.143 port 51978 [preauth]
Jun 22 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7496]: pam_unix(cron:session): session closed for user root
Jun 22 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7491]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7562]: Successful su for rubyman by root
Jun 22 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7562]: + ??? root:rubyman
Jun 22 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573062 of user rubyman.
Jun 22 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7562]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573062.
Jun 22 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4726]: pam_unix(cron:session): session closed for user root
Jun 22 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7493]: pam_unix(cron:session): session closed for user root
Jun 22 20:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7492]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Invalid user jenkins from 201.184.50.251
Jun 22 20:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 20:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session closed for user root
Jun 22 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Failed password for invalid user jenkins from 201.184.50.251 port 58590 ssh2
Jun 22 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Received disconnect from 201.184.50.251 port 58590:11: Bye Bye [preauth]
Jun 22 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Disconnected from 201.184.50.251 port 58590 [preauth]
Jun 22 20:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Invalid user abc from 203.142.160.143
Jun 22 20:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: input_userauth_request: invalid user abc [preauth]
Jun 22 20:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 20:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Failed password for invalid user abc from 203.142.160.143 port 40320 ssh2
Jun 22 20:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Received disconnect from 203.142.160.143 port 40320:11: Bye Bye [preauth]
Jun 22 20:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Disconnected from 203.142.160.143 port 40320 [preauth]
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8009]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8077]: Successful su for rubyman by root
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8077]: + ??? root:rubyman
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573068 of user rubyman.
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8077]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573068.
Jun 22 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8010]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5340]: pam_unix(cron:session): session closed for user root
Jun 22 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8142]: Failed password for root from 38.55.97.143 port 52354 ssh2
Jun 22 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8142]: Connection closed by 38.55.97.143 port 52354 [preauth]
Jun 22 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7039]: pam_unix(cron:session): session closed for user root
Jun 22 20:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: Invalid user ftpuser from 193.46.255.86
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8416]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8482]: Successful su for rubyman by root
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8482]: + ??? root:rubyman
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573071 of user rubyman.
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8482]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573071.
Jun 22 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: Failed password for invalid user ftpuser from 193.46.255.86 port 27550 ssh2
Jun 22 20:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5777]: pam_unix(cron:session): session closed for user root
Jun 22 20:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: Failed password for invalid user ftpuser from 193.46.255.86 port 27550 ssh2
Jun 22 20:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: Failed password for invalid user ftpuser from 193.46.255.86 port 27550 ssh2
Jun 22 20:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: Connection closed by 193.46.255.86 port 27550 [preauth]
Jun 22 20:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 20:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Failed password for root from 38.55.97.143 port 56362 ssh2
Jun 22 20:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Connection closed by 38.55.97.143 port 56362 [preauth]
Jun 22 20:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session closed for user root
Jun 22 20:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 20:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 20:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Failed password for root from 201.184.50.251 port 40044 ssh2
Jun 22 20:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Received disconnect from 201.184.50.251 port 40044:11: Bye Bye [preauth]
Jun 22 20:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Disconnected from 201.184.50.251 port 40044 [preauth]
Jun 22 20:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: Failed password for root from 103.27.238.114 port 54978 ssh2
Jun 22 20:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: Connection closed by 103.27.238.114 port 54978 [preauth]
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8816]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8879]: Successful su for rubyman by root
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8879]: + ??? root:rubyman
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573076 of user rubyman.
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8879]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573076.
Jun 22 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session closed for user root
Jun 22 20:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8817]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Invalid user postgres from 203.142.160.143
Jun 22 20:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: input_userauth_request: invalid user postgres [preauth]
Jun 22 20:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 20:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Failed password for invalid user postgres from 203.142.160.143 port 38914 ssh2
Jun 22 20:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Received disconnect from 203.142.160.143 port 38914:11: Bye Bye [preauth]
Jun 22 20:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Disconnected from 203.142.160.143 port 38914 [preauth]
Jun 22 20:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 20:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9127]: Failed password for root from 186.96.158.180 port 46364 ssh2
Jun 22 20:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9127]: Received disconnect from 186.96.158.180 port 46364:11: Bye Bye [preauth]
Jun 22 20:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9127]: Disconnected from 186.96.158.180 port 46364 [preauth]
Jun 22 20:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8013]: pam_unix(cron:session): session closed for user root
Jun 22 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: Failed password for root from 38.55.97.143 port 36964 ssh2
Jun 22 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: Connection closed by 38.55.97.143 port 36964 [preauth]
Jun 22 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9218]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9281]: Successful su for rubyman by root
Jun 22 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9281]: + ??? root:rubyman
Jun 22 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573079 of user rubyman.
Jun 22 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9281]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573079.
Jun 22 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session closed for user root
Jun 22 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9219]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session closed for user root
Jun 22 20:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9571]: Failed password for root from 38.55.97.143 port 48408 ssh2
Jun 22 20:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9571]: Connection closed by 38.55.97.143 port 48408 [preauth]
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9608]: pam_unix(cron:session): session closed for user root
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9602]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: Successful su for rubyman by root
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: + ??? root:rubyman
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573085 of user rubyman.
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573085.
Jun 22 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9605]: pam_unix(cron:session): session closed for user root
Jun 22 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session closed for user root
Jun 22 20:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Failed password for root from 201.184.50.251 port 49718 ssh2
Jun 22 20:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Received disconnect from 201.184.50.251 port 49718:11: Bye Bye [preauth]
Jun 22 20:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Disconnected from 201.184.50.251 port 49718 [preauth]
Jun 22 20:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9603]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8819]: pam_unix(cron:session): session closed for user root
Jun 22 20:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 20:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Failed password for root from 203.142.160.143 port 59528 ssh2
Jun 22 20:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Received disconnect from 203.142.160.143 port 59528:11: Bye Bye [preauth]
Jun 22 20:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Disconnected from 203.142.160.143 port 59528 [preauth]
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10380]: Successful su for rubyman by root
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10380]: + ??? root:rubyman
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573089 of user rubyman.
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10380]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573089.
Jun 22 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: Failed password for root from 38.55.97.143 port 41386 ssh2
Jun 22 20:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: Connection closed by 38.55.97.143 port 41386 [preauth]
Jun 22 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7494]: pam_unix(cron:session): session closed for user root
Jun 22 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9221]: pam_unix(cron:session): session closed for user root
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10722]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: Successful su for rubyman by root
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: + ??? root:rubyman
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573094 of user rubyman.
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573094.
Jun 22 20:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8011]: pam_unix(cron:session): session closed for user root
Jun 22 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10723]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Invalid user postgres from 201.184.50.251
Jun 22 20:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: input_userauth_request: invalid user postgres [preauth]
Jun 22 20:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 20:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Failed password for invalid user postgres from 201.184.50.251 port 59380 ssh2
Jun 22 20:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Received disconnect from 201.184.50.251 port 59380:11: Bye Bye [preauth]
Jun 22 20:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Disconnected from 201.184.50.251 port 59380 [preauth]
Jun 22 20:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Failed password for root from 38.55.97.143 port 41128 ssh2
Jun 22 20:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Connection closed by 38.55.97.143 port 41128 [preauth]
Jun 22 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9607]: pam_unix(cron:session): session closed for user root
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11142]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: Successful su for rubyman by root
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: + ??? root:rubyman
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573097 of user rubyman.
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573097.
Jun 22 20:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session closed for user root
Jun 22 20:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11143]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11409]: Invalid user ftpuser from 203.142.160.143
Jun 22 20:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11409]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 20:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11409]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 20:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11409]: Failed password for invalid user ftpuser from 203.142.160.143 port 33986 ssh2
Jun 22 20:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11409]: Received disconnect from 203.142.160.143 port 33986:11: Bye Bye [preauth]
Jun 22 20:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11409]: Disconnected from 203.142.160.143 port 33986 [preauth]
Jun 22 20:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session closed for user root
Jun 22 20:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11477]: Failed password for root from 87.251.79.125 port 41374 ssh2
Jun 22 20:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11477]: Connection closed by 87.251.79.125 port 41374 [preauth]
Jun 22 20:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 20:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Failed password for root from 193.24.211.107 port 50185 ssh2
Jun 22 20:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Received disconnect from 193.24.211.107 port 50185:11: Client disconnecting normally [preauth]
Jun 22 20:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Disconnected from 193.24.211.107 port 50185 [preauth]
Jun 22 20:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: Failed password for root from 38.55.97.143 port 58252 ssh2
Jun 22 20:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11516]: Connection closed by 38.55.97.143 port 58252 [preauth]
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: Successful su for rubyman by root
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: + ??? root:rubyman
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573104 of user rubyman.
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573104.
Jun 22 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8818]: pam_unix(cron:session): session closed for user root
Jun 22 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: Invalid user jenkins from 186.96.158.180
Jun 22 20:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 20:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 20:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: Failed password for invalid user jenkins from 186.96.158.180 port 55028 ssh2
Jun 22 20:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: Received disconnect from 186.96.158.180 port 55028:11: Bye Bye [preauth]
Jun 22 20:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: Disconnected from 186.96.158.180 port 55028 [preauth]
Jun 22 20:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 20:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Failed password for root from 201.184.50.251 port 40834 ssh2
Jun 22 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Received disconnect from 201.184.50.251 port 40834:11: Bye Bye [preauth]
Jun 22 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Disconnected from 201.184.50.251 port 40834 [preauth]
Jun 22 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10725]: pam_unix(cron:session): session closed for user root
Jun 22 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Invalid user admin from 45.148.10.121
Jun 22 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: input_userauth_request: invalid user admin [preauth]
Jun 22 20:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 22 20:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Failed password for invalid user admin from 45.148.10.121 port 40138 ssh2
Jun 22 20:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Connection closed by 45.148.10.121 port 40138 [preauth]
Jun 22 20:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 20:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: Failed password for root from 38.55.97.143 port 45284 ssh2
Jun 22 20:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: Connection closed by 38.55.97.143 port 45284 [preauth]
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session closed for user root
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12036]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12102]: Successful su for rubyman by root
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12102]: + ??? root:rubyman
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573105 of user rubyman.
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12102]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573105.
Jun 22 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12038]: pam_unix(cron:session): session closed for user root
Jun 22 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9220]: pam_unix(cron:session): session closed for user root
Jun 22 20:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12037]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11145]: pam_unix(cron:session): session closed for user root
Jun 22 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 20:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Failed password for root from 203.142.160.143 port 33444 ssh2
Jun 22 20:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Received disconnect from 203.142.160.143 port 33444:11: Bye Bye [preauth]
Jun 22 20:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Disconnected from 203.142.160.143 port 33444 [preauth]
Jun 22 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12582]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12654]: Successful su for rubyman by root
Jun 22 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12654]: + ??? root:rubyman
Jun 22 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573112 of user rubyman.
Jun 22 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12654]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573112.
Jun 22 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9606]: pam_unix(cron:session): session closed for user root
Jun 22 20:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12583]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: Invalid user michael from 38.55.97.143
Jun 22 20:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: input_userauth_request: invalid user michael [preauth]
Jun 22 20:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 20:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: Failed password for invalid user michael from 38.55.97.143 port 60282 ssh2
Jun 22 20:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: Connection closed by 38.55.97.143 port 60282 [preauth]
Jun 22 20:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session closed for user root
Jun 22 20:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: Did not receive identification string from 69.5.169.229
Jun 22 20:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Invalid user ftpuser1 from 201.184.50.251
Jun 22 20:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 22 20:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 20:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Failed password for invalid user ftpuser1 from 201.184.50.251 port 50502 ssh2
Jun 22 20:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Received disconnect from 201.184.50.251 port 50502:11: Bye Bye [preauth]
Jun 22 20:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Disconnected from 201.184.50.251 port 50502 [preauth]
Jun 22 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13012]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13075]: Successful su for rubyman by root
Jun 22 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13075]: + ??? root:rubyman
Jun 22 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573117 of user rubyman.
Jun 22 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13075]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573117.
Jun 22 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session closed for user root
Jun 22 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: Invalid user k from 38.55.97.143
Jun 22 20:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: input_userauth_request: invalid user k [preauth]
Jun 22 20:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: Failed password for invalid user k from 38.55.97.143 port 38872 ssh2
Jun 22 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: Connection closed by 38.55.97.143 port 38872 [preauth]
Jun 22 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12040]: pam_unix(cron:session): session closed for user root
Jun 22 20:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Bad protocol version identification 'GET / HTTP/1.1' from 69.5.169.65 port 10614
Jun 22 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13426]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13486]: Successful su for rubyman by root
Jun 22 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13486]: + ??? root:rubyman
Jun 22 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573119 of user rubyman.
Jun 22 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13486]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573119.
Jun 22 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10724]: pam_unix(cron:session): session closed for user root
Jun 22 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: Failed password for root from 203.142.160.143 port 46526 ssh2
Jun 22 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: Received disconnect from 203.142.160.143 port 46526:11: Bye Bye [preauth]
Jun 22 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: Disconnected from 203.142.160.143 port 46526 [preauth]
Jun 22 20:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13427]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session closed for user root
Jun 22 20:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Invalid user kafka from 38.55.97.143
Jun 22 20:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: input_userauth_request: invalid user kafka [preauth]
Jun 22 20:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 20:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Failed password for invalid user kafka from 38.55.97.143 port 43472 ssh2
Jun 22 20:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Connection closed by 38.55.97.143 port 43472 [preauth]
Jun 22 20:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 20:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Failed password for root from 201.184.50.251 port 60180 ssh2
Jun 22 20:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Received disconnect from 201.184.50.251 port 60180:11: Bye Bye [preauth]
Jun 22 20:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Disconnected from 201.184.50.251 port 60180 [preauth]
Jun 22 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13830]: pam_unix(cron:session): session closed for user p13x
Jun 22 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13890]: Successful su for rubyman by root
Jun 22 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13890]: + ??? root:rubyman
Jun 22 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573124 of user rubyman.
Jun 22 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13890]: pam_unix(su:session): session closed for user rubyman
Jun 22 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573124.
Jun 22 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11144]: pam_unix(cron:session): session closed for user root
Jun 22 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13831]: pam_unix(cron:session): session closed for user samftp
Jun 22 20:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session closed for user root
Jun 22 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Received disconnect from 103.57.224.219 port 36780:11: disconnected by user [preauth]
Jun 22 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Disconnected from 103.57.224.219 port 36780 [preauth]
Jun 22 20:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 20:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Invalid user danny from 38.55.97.143
Jun 22 20:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: input_userauth_request: invalid user danny [preauth]
Jun 22 20:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 20:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 20:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Failed password for invalid user danny from 38.55.97.143 port 52502 ssh2
Jun 22 20:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Connection closed by 38.55.97.143 port 52502 [preauth]
Jun 22 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14241]: pam_unix(cron:session): session closed for user root
Jun 22 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session closed for user root
Jun 22 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14235]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14326]: Successful su for rubyman by root
Jun 22 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14326]: + ??? root:rubyman
Jun 22 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573129 of user rubyman.
Jun 22 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14326]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573129.
Jun 22 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session closed for user root
Jun 22 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14238]: pam_unix(cron:session): session closed for user root
Jun 22 21:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14236]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: User mysql from 186.96.158.180 not allowed because not listed in AllowUsers
Jun 22 21:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: input_userauth_request: invalid user mysql [preauth]
Jun 22 21:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=mysql
Jun 22 21:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: Failed password for invalid user mysql from 186.96.158.180 port 54709 ssh2
Jun 22 21:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: Received disconnect from 186.96.158.180 port 54709:11: Bye Bye [preauth]
Jun 22 21:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: Disconnected from 186.96.158.180 port 54709 [preauth]
Jun 22 21:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13429]: pam_unix(cron:session): session closed for user root
Jun 22 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Failed password for root from 203.142.160.143 port 46146 ssh2
Jun 22 21:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Received disconnect from 203.142.160.143 port 46146:11: Bye Bye [preauth]
Jun 22 21:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Disconnected from 203.142.160.143 port 46146 [preauth]
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14812]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14881]: Successful su for rubyman by root
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14881]: + ??? root:rubyman
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573136 of user rubyman.
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14881]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573136.
Jun 22 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 21:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Failed password for root from 201.184.50.251 port 41618 ssh2
Jun 22 21:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Received disconnect from 201.184.50.251 port 41618:11: Bye Bye [preauth]
Jun 22 21:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Disconnected from 201.184.50.251 port 41618 [preauth]
Jun 22 21:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12039]: pam_unix(cron:session): session closed for user root
Jun 22 21:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14813]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Invalid user client from 38.55.97.143
Jun 22 21:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: input_userauth_request: invalid user client [preauth]
Jun 22 21:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 21:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Failed password for invalid user client from 38.55.97.143 port 33018 ssh2
Jun 22 21:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Connection closed by 38.55.97.143 port 33018 [preauth]
Jun 22 21:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 21:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15131]: Failed password for root from 103.82.132.16 port 46116 ssh2
Jun 22 21:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15131]: Connection closed by 103.82.132.16 port 46116 [preauth]
Jun 22 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13833]: pam_unix(cron:session): session closed for user root
Jun 22 21:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: Received disconnect from 172.110.219.251 port 47122:11: disconnected by user [preauth]
Jun 22 21:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: Disconnected from 172.110.219.251 port 47122 [preauth]
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15225]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15290]: Successful su for rubyman by root
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15290]: + ??? root:rubyman
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573140 of user rubyman.
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15290]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573140.
Jun 22 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12584]: pam_unix(cron:session): session closed for user root
Jun 22 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15226]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: Invalid user asterisk from 38.55.97.143
Jun 22 21:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: input_userauth_request: invalid user asterisk [preauth]
Jun 22 21:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 21:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: Failed password for invalid user asterisk from 38.55.97.143 port 58738 ssh2
Jun 22 21:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: Connection closed by 38.55.97.143 port 58738 [preauth]
Jun 22 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14240]: pam_unix(cron:session): session closed for user root
Jun 22 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15607]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15675]: Successful su for rubyman by root
Jun 22 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15675]: + ??? root:rubyman
Jun 22 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573144 of user rubyman.
Jun 22 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15675]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573144.
Jun 22 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session closed for user root
Jun 22 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Invalid user dev from 203.142.160.143
Jun 22 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: input_userauth_request: invalid user dev [preauth]
Jun 22 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15608]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Failed password for invalid user dev from 203.142.160.143 port 49630 ssh2
Jun 22 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Received disconnect from 203.142.160.143 port 49630:11: Bye Bye [preauth]
Jun 22 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Disconnected from 203.142.160.143 port 49630 [preauth]
Jun 22 21:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 21:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15883]: Failed password for root from 201.184.50.251 port 51298 ssh2
Jun 22 21:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15883]: Received disconnect from 201.184.50.251 port 51298:11: Bye Bye [preauth]
Jun 22 21:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15883]: Disconnected from 201.184.50.251 port 51298 [preauth]
Jun 22 21:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14815]: pam_unix(cron:session): session closed for user root
Jun 22 21:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Invalid user wordpress from 38.55.97.143
Jun 22 21:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: input_userauth_request: invalid user wordpress [preauth]
Jun 22 21:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 21:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Failed password for invalid user wordpress from 38.55.97.143 port 34954 ssh2
Jun 22 21:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Connection closed by 38.55.97.143 port 34954 [preauth]
Jun 22 21:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 21:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: Failed password for root from 103.27.238.116 port 51784 ssh2
Jun 22 21:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: Connection closed by 103.27.238.116 port 51784 [preauth]
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16009]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16071]: Successful su for rubyman by root
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16071]: + ??? root:rubyman
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573146 of user rubyman.
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16071]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573146.
Jun 22 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session closed for user root
Jun 22 21:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16010]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 21:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Failed password for root from 103.122.221.179 port 58406 ssh2
Jun 22 21:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Connection closed by 103.122.221.179 port 58406 [preauth]
Jun 22 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15228]: pam_unix(cron:session): session closed for user root
Jun 22 21:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16375]: Invalid user user from 38.55.97.143
Jun 22 21:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16375]: input_userauth_request: invalid user user [preauth]
Jun 22 21:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16375]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 21:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16375]: Failed password for invalid user user from 38.55.97.143 port 37296 ssh2
Jun 22 21:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16375]: Connection closed by 38.55.97.143 port 37296 [preauth]
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16401]: pam_unix(cron:session): session closed for user root
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16396]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16466]: Successful su for rubyman by root
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16466]: + ??? root:rubyman
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573150 of user rubyman.
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16466]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573150.
Jun 22 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16398]: pam_unix(cron:session): session closed for user root
Jun 22 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13832]: pam_unix(cron:session): session closed for user root
Jun 22 21:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16397]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: Invalid user dev from 201.184.50.251
Jun 22 21:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: input_userauth_request: invalid user dev [preauth]
Jun 22 21:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: Failed password for invalid user dev from 201.184.50.251 port 60986 ssh2
Jun 22 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: Received disconnect from 201.184.50.251 port 60986:11: Bye Bye [preauth]
Jun 22 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16743]: Disconnected from 201.184.50.251 port 60986 [preauth]
Jun 22 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15610]: pam_unix(cron:session): session closed for user root
Jun 22 21:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Invalid user oracle from 203.142.160.143
Jun 22 21:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: input_userauth_request: invalid user oracle [preauth]
Jun 22 21:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 21:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Failed password for invalid user oracle from 203.142.160.143 port 44180 ssh2
Jun 22 21:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Received disconnect from 203.142.160.143 port 44180:11: Bye Bye [preauth]
Jun 22 21:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Disconnected from 203.142.160.143 port 44180 [preauth]
Jun 22 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16834]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17008]: Successful su for rubyman by root
Jun 22 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17008]: + ??? root:rubyman
Jun 22 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573157 of user rubyman.
Jun 22 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17008]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573157.
Jun 22 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Invalid user ubuntu from 38.55.97.143
Jun 22 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Failed password for invalid user ubuntu from 38.55.97.143 port 42000 ssh2
Jun 22 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14239]: pam_unix(cron:session): session closed for user root
Jun 22 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Connection closed by 38.55.97.143 port 42000 [preauth]
Jun 22 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16835]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Invalid user botuser from 186.96.158.180
Jun 22 21:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: input_userauth_request: invalid user botuser [preauth]
Jun 22 21:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 21:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Failed password for invalid user botuser from 186.96.158.180 port 22865 ssh2
Jun 22 21:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Received disconnect from 186.96.158.180 port 22865:11: Bye Bye [preauth]
Jun 22 21:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Disconnected from 186.96.158.180 port 22865 [preauth]
Jun 22 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16012]: pam_unix(cron:session): session closed for user root
Jun 22 21:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 21:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: Received disconnect from 172.96.172.91 port 55342:11: disconnected by user [preauth]
Jun 22 21:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: Disconnected from 172.96.172.91 port 55342 [preauth]
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17344]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17415]: Successful su for rubyman by root
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17415]: + ??? root:rubyman
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573161 of user rubyman.
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17415]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573161.
Jun 22 21:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14814]: pam_unix(cron:session): session closed for user root
Jun 22 21:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17345]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: Invalid user ts3server from 38.55.97.143
Jun 22 21:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: input_userauth_request: invalid user ts3server [preauth]
Jun 22 21:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 21:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: Failed password for invalid user ts3server from 38.55.97.143 port 43256 ssh2
Jun 22 21:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: Connection closed by 38.55.97.143 port 43256 [preauth]
Jun 22 21:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16400]: pam_unix(cron:session): session closed for user root
Jun 22 21:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 21:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17808]: Failed password for root from 201.184.50.251 port 42422 ssh2
Jun 22 21:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17808]: Received disconnect from 201.184.50.251 port 42422:11: Bye Bye [preauth]
Jun 22 21:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17808]: Disconnected from 201.184.50.251 port 42422 [preauth]
Jun 22 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17843]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17914]: Successful su for rubyman by root
Jun 22 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17914]: + ??? root:rubyman
Jun 22 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573165 of user rubyman.
Jun 22 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17914]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573165.
Jun 22 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15227]: pam_unix(cron:session): session closed for user root
Jun 22 21:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17844]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: Invalid user rex from 203.142.160.143
Jun 22 21:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: input_userauth_request: invalid user rex [preauth]
Jun 22 21:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 21:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: Failed password for invalid user rex from 203.142.160.143 port 36298 ssh2
Jun 22 21:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: Received disconnect from 203.142.160.143 port 36298:11: Bye Bye [preauth]
Jun 22 21:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: Disconnected from 203.142.160.143 port 36298 [preauth]
Jun 22 21:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: Invalid user system from 38.55.97.143
Jun 22 21:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: input_userauth_request: invalid user system [preauth]
Jun 22 21:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 21:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: Failed password for invalid user system from 38.55.97.143 port 44672 ssh2
Jun 22 21:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: Connection closed by 38.55.97.143 port 44672 [preauth]
Jun 22 21:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session closed for user root
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18272]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18482]: Successful su for rubyman by root
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18482]: + ??? root:rubyman
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573170 of user rubyman.
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18482]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573170.
Jun 22 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18270]: pam_unix(cron:session): session closed for user root
Jun 22 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15609]: pam_unix(cron:session): session closed for user root
Jun 22 21:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17349]: pam_unix(cron:session): session closed for user root
Jun 22 21:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Invalid user student from 38.55.97.143
Jun 22 21:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: input_userauth_request: invalid user student [preauth]
Jun 22 21:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 21:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Failed password for invalid user student from 38.55.97.143 port 46962 ssh2
Jun 22 21:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Connection closed by 38.55.97.143 port 46962 [preauth]
Jun 22 21:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 21:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: Failed password for root from 193.24.211.107 port 41267 ssh2
Jun 22 21:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: Received disconnect from 193.24.211.107 port 41267:11: Client disconnecting normally [preauth]
Jun 22 21:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: Disconnected from 193.24.211.107 port 41267 [preauth]
Jun 22 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session closed for user root
Jun 22 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18891]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18957]: Successful su for rubyman by root
Jun 22 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18957]: + ??? root:rubyman
Jun 22 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573177 of user rubyman.
Jun 22 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18957]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573177.
Jun 22 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: Invalid user abc from 201.184.50.251
Jun 22 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: input_userauth_request: invalid user abc [preauth]
Jun 22 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16011]: pam_unix(cron:session): session closed for user root
Jun 22 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18893]: pam_unix(cron:session): session closed for user root
Jun 22 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: Failed password for invalid user abc from 201.184.50.251 port 52088 ssh2
Jun 22 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: Received disconnect from 201.184.50.251 port 52088:11: Bye Bye [preauth]
Jun 22 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: Disconnected from 201.184.50.251 port 52088 [preauth]
Jun 22 21:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18892]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19322]: Received disconnect from 78.111.67.247 port 33478:11: disconnected by user [preauth]
Jun 22 21:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19322]: Disconnected from 78.111.67.247 port 33478 [preauth]
Jun 22 21:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17847]: pam_unix(cron:session): session closed for user root
Jun 22 21:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: Invalid user gokul from 203.142.160.143
Jun 22 21:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: input_userauth_request: invalid user gokul [preauth]
Jun 22 21:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 21:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: Failed password for invalid user gokul from 203.142.160.143 port 35794 ssh2
Jun 22 21:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: Received disconnect from 203.142.160.143 port 35794:11: Bye Bye [preauth]
Jun 22 21:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: Disconnected from 203.142.160.143 port 35794 [preauth]
Jun 22 21:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: Invalid user sonar from 38.55.97.143
Jun 22 21:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: input_userauth_request: invalid user sonar [preauth]
Jun 22 21:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: Failed password for invalid user sonar from 38.55.97.143 port 51512 ssh2
Jun 22 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: Connection closed by 38.55.97.143 port 51512 [preauth]
Jun 22 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19417]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19491]: Successful su for rubyman by root
Jun 22 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19491]: + ??? root:rubyman
Jun 22 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573180 of user rubyman.
Jun 22 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19491]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573180.
Jun 22 21:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16399]: pam_unix(cron:session): session closed for user root
Jun 22 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Invalid user admin from 141.98.83.240
Jun 22 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: input_userauth_request: invalid user admin [preauth]
Jun 22 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19418]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Failed password for invalid user admin from 141.98.83.240 port 4870 ssh2
Jun 22 21:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Failed password for invalid user admin from 141.98.83.240 port 4870 ssh2
Jun 22 21:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Failed password for invalid user admin from 141.98.83.240 port 4870 ssh2
Jun 22 21:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Connection closed by 141.98.83.240 port 4870 [preauth]
Jun 22 21:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 21:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Invalid user health from 103.187.147.214
Jun 22 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: input_userauth_request: invalid user health [preauth]
Jun 22 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session closed for user root
Jun 22 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Failed password for invalid user health from 103.187.147.214 port 34810 ssh2
Jun 22 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Received disconnect from 103.187.147.214 port 34810:11: Bye Bye [preauth]
Jun 22 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Disconnected from 103.187.147.214 port 34810 [preauth]
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20036]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20096]: Successful su for rubyman by root
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20096]: + ??? root:rubyman
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573186 of user rubyman.
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20096]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573186.
Jun 22 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16836]: pam_unix(cron:session): session closed for user root
Jun 22 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20037]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: Failed password for root from 38.55.97.143 port 44230 ssh2
Jun 22 21:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: Connection closed by 38.55.97.143 port 44230 [preauth]
Jun 22 21:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Invalid user oracle from 201.184.50.251
Jun 22 21:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: input_userauth_request: invalid user oracle [preauth]
Jun 22 21:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 21:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Failed password for invalid user oracle from 201.184.50.251 port 33536 ssh2
Jun 22 21:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Received disconnect from 201.184.50.251 port 33536:11: Bye Bye [preauth]
Jun 22 21:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Disconnected from 201.184.50.251 port 33536 [preauth]
Jun 22 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18895]: pam_unix(cron:session): session closed for user root
Jun 22 21:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 21:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: Failed password for root from 186.96.158.180 port 64182 ssh2
Jun 22 21:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: Received disconnect from 186.96.158.180 port 64182:11: Bye Bye [preauth]
Jun 22 21:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20479]: Disconnected from 186.96.158.180 port 64182 [preauth]
Jun 22 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20553]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: Successful su for rubyman by root
Jun 22 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: + ??? root:rubyman
Jun 22 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573187 of user rubyman.
Jun 22 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573187.
Jun 22 21:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17348]: pam_unix(cron:session): session closed for user root
Jun 22 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Invalid user user_01 from 203.142.160.143
Jun 22 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: input_userauth_request: invalid user user_01 [preauth]
Jun 22 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20554]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Failed password for invalid user user_01 from 203.142.160.143 port 47456 ssh2
Jun 22 21:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Received disconnect from 203.142.160.143 port 47456:11: Bye Bye [preauth]
Jun 22 21:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Disconnected from 203.142.160.143 port 47456 [preauth]
Jun 22 21:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for root from 38.55.97.143 port 53512 ssh2
Jun 22 21:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Connection closed by 38.55.97.143 port 53512 [preauth]
Jun 22 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19420]: pam_unix(cron:session): session closed for user root
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: Successful su for rubyman by root
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: + ??? root:rubyman
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573192 of user rubyman.
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573192.
Jun 22 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17846]: pam_unix(cron:session): session closed for user root
Jun 22 21:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 21:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21366]: Failed password for root from 201.184.50.251 port 43202 ssh2
Jun 22 21:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21366]: Received disconnect from 201.184.50.251 port 43202:11: Bye Bye [preauth]
Jun 22 21:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21366]: Disconnected from 201.184.50.251 port 43202 [preauth]
Jun 22 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20039]: pam_unix(cron:session): session closed for user root
Jun 22 21:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: Failed password for root from 38.55.97.143 port 59972 ssh2
Jun 22 21:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: Connection closed by 38.55.97.143 port 59972 [preauth]
Jun 22 21:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Invalid user magnitogorsk from 103.187.147.214
Jun 22 21:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: input_userauth_request: invalid user magnitogorsk [preauth]
Jun 22 21:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Failed password for invalid user magnitogorsk from 103.187.147.214 port 45908 ssh2
Jun 22 21:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Received disconnect from 103.187.147.214 port 45908:11: Bye Bye [preauth]
Jun 22 21:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Disconnected from 103.187.147.214 port 45908 [preauth]
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21465]: pam_unix(cron:session): session closed for user root
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: Successful su for rubyman by root
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: + ??? root:rubyman
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573196 of user rubyman.
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573196.
Jun 22 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session closed for user root
Jun 22 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21462]: pam_unix(cron:session): session closed for user root
Jun 22 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21461]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: Invalid user ftpuser1 from 203.142.160.143
Jun 22 21:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 22 21:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 21:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: Failed password for invalid user ftpuser1 from 203.142.160.143 port 56230 ssh2
Jun 22 21:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: Received disconnect from 203.142.160.143 port 56230:11: Bye Bye [preauth]
Jun 22 21:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: Disconnected from 203.142.160.143 port 56230 [preauth]
Jun 22 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20556]: pam_unix(cron:session): session closed for user root
Jun 22 21:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 21:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: Received disconnect from 191.101.33.115 port 49734:11: disconnected by user [preauth]
Jun 22 21:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: Disconnected from 191.101.33.115 port 49734 [preauth]
Jun 22 21:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Failed password for root from 38.55.97.143 port 39408 ssh2
Jun 22 21:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Connection closed by 38.55.97.143 port 39408 [preauth]
Jun 22 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21933]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21929]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21998]: Successful su for rubyman by root
Jun 22 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21998]: + ??? root:rubyman
Jun 22 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573204 of user rubyman.
Jun 22 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21998]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573204.
Jun 22 21:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18894]: pam_unix(cron:session): session closed for user root
Jun 22 21:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21932]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 21:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Failed password for root from 202.178.126.219 port 57069 ssh2
Jun 22 21:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Connection closed by 202.178.126.219 port 57069 [preauth]
Jun 22 21:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21047]: pam_unix(cron:session): session closed for user root
Jun 22 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: Invalid user gokul from 201.184.50.251
Jun 22 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: input_userauth_request: invalid user gokul [preauth]
Jun 22 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 21:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: Failed password for invalid user gokul from 201.184.50.251 port 52880 ssh2
Jun 22 21:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: Received disconnect from 201.184.50.251 port 52880:11: Bye Bye [preauth]
Jun 22 21:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: Disconnected from 201.184.50.251 port 52880 [preauth]
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22432]: pam_unix(cron:session): session closed for user root
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22499]: Successful su for rubyman by root
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22499]: + ??? root:rubyman
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573208 of user rubyman.
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22499]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573208.
Jun 22 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19419]: pam_unix(cron:session): session closed for user root
Jun 22 21:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22680]: Failed password for root from 38.55.97.143 port 42010 ssh2
Jun 22 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22680]: Connection closed by 38.55.97.143 port 42010 [preauth]
Jun 22 21:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22699]: Invalid user mak from 103.187.147.214
Jun 22 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22699]: input_userauth_request: invalid user mak [preauth]
Jun 22 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22699]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22699]: Failed password for invalid user mak from 103.187.147.214 port 50376 ssh2
Jun 22 21:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22699]: Received disconnect from 103.187.147.214 port 50376:11: Bye Bye [preauth]
Jun 22 21:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22699]: Disconnected from 103.187.147.214 port 50376 [preauth]
Jun 22 21:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21464]: pam_unix(cron:session): session closed for user root
Jun 22 21:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: Invalid user wyy from 203.142.160.143
Jun 22 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: input_userauth_request: invalid user wyy [preauth]
Jun 22 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 21:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: Failed password for invalid user wyy from 203.142.160.143 port 43664 ssh2
Jun 22 21:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: Received disconnect from 203.142.160.143 port 43664:11: Bye Bye [preauth]
Jun 22 21:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: Disconnected from 203.142.160.143 port 43664 [preauth]
Jun 22 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22845]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22906]: Successful su for rubyman by root
Jun 22 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22906]: + ??? root:rubyman
Jun 22 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573211 of user rubyman.
Jun 22 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22906]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573211.
Jun 22 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20038]: pam_unix(cron:session): session closed for user root
Jun 22 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22846]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: Failed password for root from 38.55.97.143 port 45216 ssh2
Jun 22 21:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: Connection closed by 38.55.97.143 port 45216 [preauth]
Jun 22 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21934]: pam_unix(cron:session): session closed for user root
Jun 22 21:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Invalid user cyber from 201.184.50.251
Jun 22 21:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: input_userauth_request: invalid user cyber [preauth]
Jun 22 21:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 21:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Failed password for invalid user cyber from 201.184.50.251 port 34322 ssh2
Jun 22 21:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Received disconnect from 201.184.50.251 port 34322:11: Bye Bye [preauth]
Jun 22 21:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Disconnected from 201.184.50.251 port 34322 [preauth]
Jun 22 21:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: Invalid user devops from 186.96.158.180
Jun 22 21:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: input_userauth_request: invalid user devops [preauth]
Jun 22 21:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: Failed password for invalid user devops from 186.96.158.180 port 8896 ssh2
Jun 22 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: Received disconnect from 186.96.158.180 port 8896:11: Bye Bye [preauth]
Jun 22 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: Disconnected from 186.96.158.180 port 8896 [preauth]
Jun 22 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23248]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23320]: Successful su for rubyman by root
Jun 22 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23320]: + ??? root:rubyman
Jun 22 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573215 of user rubyman.
Jun 22 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23320]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573215.
Jun 22 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20555]: pam_unix(cron:session): session closed for user root
Jun 22 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23249]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: Failed password for root from 193.37.70.224 port 45460 ssh2
Jun 22 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: Connection closed by 193.37.70.224 port 45460 [preauth]
Jun 22 21:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22438]: pam_unix(cron:session): session closed for user root
Jun 22 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Invalid user sydney from 103.187.147.214
Jun 22 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: input_userauth_request: invalid user sydney [preauth]
Jun 22 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Failed password for invalid user sydney from 103.187.147.214 port 49482 ssh2
Jun 22 21:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Received disconnect from 103.187.147.214 port 49482:11: Bye Bye [preauth]
Jun 22 21:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Disconnected from 103.187.147.214 port 49482 [preauth]
Jun 22 21:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: Failed password for root from 38.55.97.143 port 51860 ssh2
Jun 22 21:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: Connection closed by 38.55.97.143 port 51860 [preauth]
Jun 22 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23689]: pam_unix(cron:session): session closed for user root
Jun 22 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23684]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23761]: Successful su for rubyman by root
Jun 22 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23761]: + ??? root:rubyman
Jun 22 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573221 of user rubyman.
Jun 22 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23761]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573221.
Jun 22 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23686]: pam_unix(cron:session): session closed for user root
Jun 22 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session closed for user root
Jun 22 21:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23685]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Invalid user ubuntu from 203.142.160.143
Jun 22 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Failed password for invalid user ubuntu from 203.142.160.143 port 41934 ssh2
Jun 22 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Received disconnect from 203.142.160.143 port 41934:11: Bye Bye [preauth]
Jun 22 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Disconnected from 203.142.160.143 port 41934 [preauth]
Jun 22 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session closed for user root
Jun 22 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: Invalid user user_01 from 201.184.50.251
Jun 22 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: input_userauth_request: invalid user user_01 [preauth]
Jun 22 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: Failed password for invalid user user_01 from 201.184.50.251 port 43994 ssh2
Jun 22 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: Received disconnect from 201.184.50.251 port 43994:11: Bye Bye [preauth]
Jun 22 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: Disconnected from 201.184.50.251 port 43994 [preauth]
Jun 22 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Failed password for root from 38.55.97.143 port 53628 ssh2
Jun 22 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Connection closed by 38.55.97.143 port 53628 [preauth]
Jun 22 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24229]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24315]: Successful su for rubyman by root
Jun 22 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24315]: + ??? root:rubyman
Jun 22 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573226 of user rubyman.
Jun 22 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24315]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573226.
Jun 22 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21463]: pam_unix(cron:session): session closed for user root
Jun 22 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24231]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23253]: pam_unix(cron:session): session closed for user root
Jun 22 21:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: Invalid user groupware from 103.187.147.214
Jun 22 21:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: input_userauth_request: invalid user groupware [preauth]
Jun 22 21:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: Failed password for invalid user groupware from 103.187.147.214 port 38372 ssh2
Jun 22 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: Received disconnect from 103.187.147.214 port 38372:11: Bye Bye [preauth]
Jun 22 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: Disconnected from 103.187.147.214 port 38372 [preauth]
Jun 22 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24739]: Successful su for rubyman by root
Jun 22 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24739]: + ??? root:rubyman
Jun 22 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573230 of user rubyman.
Jun 22 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24739]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573230.
Jun 22 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21933]: pam_unix(cron:session): session closed for user root
Jun 22 21:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: Failed password for root from 38.55.97.143 port 55512 ssh2
Jun 22 21:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24942]: Connection closed by 38.55.97.143 port 55512 [preauth]
Jun 22 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23688]: pam_unix(cron:session): session closed for user root
Jun 22 21:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 21:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 21:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: Failed password for root from 203.142.160.143 port 50960 ssh2
Jun 22 21:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: Received disconnect from 203.142.160.143 port 50960:11: Bye Bye [preauth]
Jun 22 21:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: Disconnected from 203.142.160.143 port 50960 [preauth]
Jun 22 21:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Failed password for root from 38.93.206.2 port 59980 ssh2
Jun 22 21:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Connection closed by 38.93.206.2 port 59980 [preauth]
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25084]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25142]: Successful su for rubyman by root
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25142]: + ??? root:rubyman
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573232 of user rubyman.
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25142]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573232.
Jun 22 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22437]: pam_unix(cron:session): session closed for user root
Jun 22 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25085]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25325]: Invalid user get from 51.178.114.78
Jun 22 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25325]: input_userauth_request: invalid user get [preauth]
Jun 22 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25325]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25325]: Failed password for invalid user get from 51.178.114.78 port 51312 ssh2
Jun 22 21:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25325]: Received disconnect from 51.178.114.78 port 51312:11: Bye Bye [preauth]
Jun 22 21:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25325]: Disconnected from 51.178.114.78 port 51312 [preauth]
Jun 22 21:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: Invalid user botuser from 201.184.50.251
Jun 22 21:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: input_userauth_request: invalid user botuser [preauth]
Jun 22 21:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: Failed password for invalid user botuser from 201.184.50.251 port 53656 ssh2
Jun 22 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: Received disconnect from 201.184.50.251 port 53656:11: Bye Bye [preauth]
Jun 22 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: Disconnected from 201.184.50.251 port 53656 [preauth]
Jun 22 21:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24233]: pam_unix(cron:session): session closed for user root
Jun 22 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: Failed password for root from 38.55.97.143 port 55602 ssh2
Jun 22 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: Connection closed by 38.55.97.143 port 55602 [preauth]
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25477]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25542]: Successful su for rubyman by root
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25542]: + ??? root:rubyman
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573237 of user rubyman.
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25542]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573237.
Jun 22 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: Invalid user rdns from 103.187.147.214
Jun 22 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: input_userauth_request: invalid user rdns [preauth]
Jun 22 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session closed for user root
Jun 22 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25478]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: Failed password for invalid user rdns from 103.187.147.214 port 47984 ssh2
Jun 22 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: Received disconnect from 103.187.147.214 port 47984:11: Bye Bye [preauth]
Jun 22 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: Disconnected from 103.187.147.214 port 47984 [preauth]
Jun 22 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24672]: pam_unix(cron:session): session closed for user root
Jun 22 21:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 21:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Received disconnect from 78.111.67.247 port 41042:11: disconnected by user [preauth]
Jun 22 21:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Disconnected from 78.111.67.247 port 41042 [preauth]
Jun 22 21:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 21:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: Failed password for root from 109.237.96.109 port 55378 ssh2
Jun 22 21:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: Connection closed by 109.237.96.109 port 55378 [preauth]
Jun 22 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25854]: Failed password for root from 38.55.97.143 port 46986 ssh2
Jun 22 21:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25854]: Connection closed by 38.55.97.143 port 46986 [preauth]
Jun 22 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Invalid user gokul from 186.96.158.180
Jun 22 21:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: input_userauth_request: invalid user gokul [preauth]
Jun 22 21:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Failed password for invalid user gokul from 186.96.158.180 port 5190 ssh2
Jun 22 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Received disconnect from 186.96.158.180 port 5190:11: Bye Bye [preauth]
Jun 22 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Disconnected from 186.96.158.180 port 5190 [preauth]
Jun 22 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25881]: pam_unix(cron:session): session closed for user root
Jun 22 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25875]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25951]: Successful su for rubyman by root
Jun 22 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25951]: + ??? root:rubyman
Jun 22 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573241 of user rubyman.
Jun 22 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25951]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573241.
Jun 22 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23250]: pam_unix(cron:session): session closed for user root
Jun 22 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25877]: pam_unix(cron:session): session closed for user root
Jun 22 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25876]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Invalid user rex from 201.184.50.251
Jun 22 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: input_userauth_request: invalid user rex [preauth]
Jun 22 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Failed password for invalid user rex from 201.184.50.251 port 35102 ssh2
Jun 22 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Received disconnect from 201.184.50.251 port 35102:11: Bye Bye [preauth]
Jun 22 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Disconnected from 201.184.50.251 port 35102 [preauth]
Jun 22 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25087]: pam_unix(cron:session): session closed for user root
Jun 22 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26302]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Received disconnect from 78.111.67.47 port 56756:11: disconnected by user [preauth]
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Disconnected from 78.111.67.47 port 56756 [preauth]
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26377]: Successful su for rubyman by root
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26377]: + ??? root:rubyman
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573246 of user rubyman.
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26377]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573246.
Jun 22 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23687]: pam_unix(cron:session): session closed for user root
Jun 22 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26303]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26436]: Failed password for root from 193.24.211.107 port 43876 ssh2
Jun 22 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26436]: Received disconnect from 193.24.211.107 port 43876:11: Client disconnecting normally [preauth]
Jun 22 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26436]: Disconnected from 193.24.211.107 port 43876 [preauth]
Jun 22 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Failed password for root from 38.55.97.143 port 33518 ssh2
Jun 22 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Connection closed by 38.55.97.143 port 33518 [preauth]
Jun 22 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: Invalid user admin from 45.148.10.121
Jun 22 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: input_userauth_request: invalid user admin [preauth]
Jun 22 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 22 21:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: Failed password for invalid user admin from 45.148.10.121 port 46892 ssh2
Jun 22 21:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: Connection closed by 45.148.10.121 port 46892 [preauth]
Jun 22 21:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 21:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26596]: Failed password for root from 194.113.233.25 port 48932 ssh2
Jun 22 21:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26596]: Connection closed by 194.113.233.25 port 48932 [preauth]
Jun 22 21:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Invalid user grid from 103.187.147.214
Jun 22 21:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: input_userauth_request: invalid user grid [preauth]
Jun 22 21:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Failed password for invalid user grid from 103.187.147.214 port 34158 ssh2
Jun 22 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Received disconnect from 103.187.147.214 port 34158:11: Bye Bye [preauth]
Jun 22 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Disconnected from 103.187.147.214 port 34158 [preauth]
Jun 22 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session closed for user root
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26801]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: Successful su for rubyman by root
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: + ??? root:rubyman
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573250 of user rubyman.
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573250.
Jun 22 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24232]: pam_unix(cron:session): session closed for user root
Jun 22 21:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26802]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: Failed password for root from 38.55.97.143 port 40894 ssh2
Jun 22 21:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: Connection closed by 38.55.97.143 port 40894 [preauth]
Jun 22 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25880]: pam_unix(cron:session): session closed for user root
Jun 22 21:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251  user=root
Jun 22 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27144]: Failed password for root from 201.184.50.251 port 44742 ssh2
Jun 22 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27144]: Received disconnect from 201.184.50.251 port 44742:11: Bye Bye [preauth]
Jun 22 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27144]: Disconnected from 201.184.50.251 port 44742 [preauth]
Jun 22 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27198]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27262]: Successful su for rubyman by root
Jun 22 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27262]: + ??? root:rubyman
Jun 22 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573255 of user rubyman.
Jun 22 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27262]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573255.
Jun 22 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session closed for user root
Jun 22 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27199]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26305]: pam_unix(cron:session): session closed for user root
Jun 22 21:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: Failed password for root from 38.55.97.143 port 45858 ssh2
Jun 22 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: Connection closed by 38.55.97.143 port 45858 [preauth]
Jun 22 21:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27592]: Invalid user bugtracker from 103.187.147.214
Jun 22 21:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27592]: input_userauth_request: invalid user bugtracker [preauth]
Jun 22 21:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27592]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27592]: Failed password for invalid user bugtracker from 103.187.147.214 port 59124 ssh2
Jun 22 21:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27592]: Received disconnect from 103.187.147.214 port 59124:11: Bye Bye [preauth]
Jun 22 21:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27592]: Disconnected from 103.187.147.214 port 59124 [preauth]
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27622]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27621]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27680]: Successful su for rubyman by root
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27680]: + ??? root:rubyman
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573259 of user rubyman.
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27680]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573259.
Jun 22 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25086]: pam_unix(cron:session): session closed for user root
Jun 22 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27622]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26804]: pam_unix(cron:session): session closed for user root
Jun 22 21:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Invalid user foundry from 201.184.50.251
Jun 22 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: input_userauth_request: invalid user foundry [preauth]
Jun 22 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 21:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Failed password for root from 38.55.97.143 port 45318 ssh2
Jun 22 21:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Connection closed by 38.55.97.143 port 45318 [preauth]
Jun 22 21:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Failed password for invalid user foundry from 201.184.50.251 port 54416 ssh2
Jun 22 21:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Received disconnect from 201.184.50.251 port 54416:11: Bye Bye [preauth]
Jun 22 21:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Disconnected from 201.184.50.251 port 54416 [preauth]
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28049]: pam_unix(cron:session): session closed for user root
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: Successful su for rubyman by root
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: + ??? root:rubyman
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573265 of user rubyman.
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573265.
Jun 22 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session closed for user root
Jun 22 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25479]: pam_unix(cron:session): session closed for user root
Jun 22 21:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28440]: Connection closed by 194.59.206.2 port 52834 [preauth]
Jun 22 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27201]: pam_unix(cron:session): session closed for user root
Jun 22 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Invalid user ftpuser1 from 186.96.158.180
Jun 22 21:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 22 21:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 21:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Failed password for invalid user ftpuser1 from 186.96.158.180 port 40978 ssh2
Jun 22 21:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Received disconnect from 186.96.158.180 port 40978:11: Bye Bye [preauth]
Jun 22 21:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Disconnected from 186.96.158.180 port 40978 [preauth]
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: Successful su for rubyman by root
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: + ??? root:rubyman
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573270 of user rubyman.
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573270.
Jun 22 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25879]: pam_unix(cron:session): session closed for user root
Jun 22 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: Invalid user h10 from 103.187.147.214
Jun 22 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: input_userauth_request: invalid user h10 [preauth]
Jun 22 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: Failed password for invalid user h10 from 103.187.147.214 port 36796 ssh2
Jun 22 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: Received disconnect from 103.187.147.214 port 36796:11: Bye Bye [preauth]
Jun 22 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: Disconnected from 103.187.147.214 port 36796 [preauth]
Jun 22 21:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: Failed password for root from 38.55.97.143 port 47020 ssh2
Jun 22 21:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: Connection closed by 38.55.97.143 port 47020 [preauth]
Jun 22 21:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Invalid user cargo from 51.178.114.78
Jun 22 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: input_userauth_request: invalid user cargo [preauth]
Jun 22 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Failed password for invalid user cargo from 51.178.114.78 port 45874 ssh2
Jun 22 21:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Received disconnect from 51.178.114.78 port 45874:11: Bye Bye [preauth]
Jun 22 21:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Disconnected from 51.178.114.78 port 45874 [preauth]
Jun 22 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27625]: pam_unix(cron:session): session closed for user root
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29040]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29108]: Successful su for rubyman by root
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29108]: + ??? root:rubyman
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573272 of user rubyman.
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29108]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573272.
Jun 22 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: Invalid user ftpuser from 201.184.50.251
Jun 22 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jun 22 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26304]: pam_unix(cron:session): session closed for user root
Jun 22 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: Failed password for invalid user ftpuser from 201.184.50.251 port 35850 ssh2
Jun 22 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: Received disconnect from 201.184.50.251 port 35850:11: Bye Bye [preauth]
Jun 22 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: Disconnected from 201.184.50.251 port 35850 [preauth]
Jun 22 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29041]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28048]: pam_unix(cron:session): session closed for user root
Jun 22 21:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: Failed password for root from 38.55.97.143 port 49556 ssh2
Jun 22 21:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: Connection closed by 38.55.97.143 port 49556 [preauth]
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29467]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: Successful su for rubyman by root
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: + ??? root:rubyman
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573276 of user rubyman.
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573276.
Jun 22 21:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26803]: pam_unix(cron:session): session closed for user root
Jun 22 21:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29468]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Invalid user jun from 51.178.114.78
Jun 22 21:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: input_userauth_request: invalid user jun [preauth]
Jun 22 21:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Failed password for invalid user jun from 51.178.114.78 port 52236 ssh2
Jun 22 21:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Received disconnect from 51.178.114.78 port 52236:11: Bye Bye [preauth]
Jun 22 21:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Disconnected from 51.178.114.78 port 52236 [preauth]
Jun 22 21:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Invalid user ak from 103.187.147.214
Jun 22 21:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: input_userauth_request: invalid user ak [preauth]
Jun 22 21:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Failed password for invalid user ak from 103.187.147.214 port 34404 ssh2
Jun 22 21:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Received disconnect from 103.187.147.214 port 34404:11: Bye Bye [preauth]
Jun 22 21:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Disconnected from 103.187.147.214 port 34404 [preauth]
Jun 22 21:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28525]: pam_unix(cron:session): session closed for user root
Jun 22 21:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Failed password for root from 38.55.97.143 port 56114 ssh2
Jun 22 21:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Connection closed by 38.55.97.143 port 56114 [preauth]
Jun 22 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30001]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30066]: Successful su for rubyman by root
Jun 22 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30066]: + ??? root:rubyman
Jun 22 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573281 of user rubyman.
Jun 22 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30066]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573281.
Jun 22 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27200]: pam_unix(cron:session): session closed for user root
Jun 22 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30002]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29043]: pam_unix(cron:session): session closed for user root
Jun 22 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30417]: pam_unix(cron:session): session closed for user root
Jun 22 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30412]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30487]: Successful su for rubyman by root
Jun 22 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30487]: + ??? root:rubyman
Jun 22 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573285 of user rubyman.
Jun 22 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30487]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573285.
Jun 22 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27623]: pam_unix(cron:session): session closed for user root
Jun 22 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session closed for user root
Jun 22 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: Failed password for root from 38.55.97.143 port 55218 ssh2
Jun 22 21:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: Connection closed by 38.55.97.143 port 55218 [preauth]
Jun 22 21:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Invalid user hosting3 from 51.178.114.78
Jun 22 21:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: input_userauth_request: invalid user hosting3 [preauth]
Jun 22 21:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Failed password for invalid user hosting3 from 51.178.114.78 port 34576 ssh2
Jun 22 21:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Received disconnect from 51.178.114.78 port 34576:11: Bye Bye [preauth]
Jun 22 21:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Disconnected from 51.178.114.78 port 34576 [preauth]
Jun 22 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29470]: pam_unix(cron:session): session closed for user root
Jun 22 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: Invalid user cph from 103.187.147.214
Jun 22 21:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: input_userauth_request: invalid user cph [preauth]
Jun 22 21:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: Failed password for invalid user cph from 103.187.147.214 port 37832 ssh2
Jun 22 21:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: Received disconnect from 103.187.147.214 port 37832:11: Bye Bye [preauth]
Jun 22 21:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: Disconnected from 103.187.147.214 port 37832 [preauth]
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30873]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31038]: Successful su for rubyman by root
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31038]: + ??? root:rubyman
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573290 of user rubyman.
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31038]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573290.
Jun 22 21:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28046]: pam_unix(cron:session): session closed for user root
Jun 22 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30874]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Failed password for root from 186.96.158.180 port 29868 ssh2
Jun 22 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Received disconnect from 186.96.158.180 port 29868:11: Bye Bye [preauth]
Jun 22 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Disconnected from 186.96.158.180 port 29868 [preauth]
Jun 22 21:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Failed password for root from 38.55.97.143 port 60702 ssh2
Jun 22 21:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Connection closed by 38.55.97.143 port 60702 [preauth]
Jun 22 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30004]: pam_unix(cron:session): session closed for user root
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31377]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31442]: Successful su for rubyman by root
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31442]: + ??? root:rubyman
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573294 of user rubyman.
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31442]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573294.
Jun 22 21:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session closed for user root
Jun 22 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31378]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: Invalid user botany from 51.178.114.78
Jun 22 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: input_userauth_request: invalid user botany [preauth]
Jun 22 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: Failed password for invalid user botany from 51.178.114.78 port 55746 ssh2
Jun 22 21:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: Received disconnect from 51.178.114.78 port 55746:11: Bye Bye [preauth]
Jun 22 21:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: Disconnected from 51.178.114.78 port 55746 [preauth]
Jun 22 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session closed for user root
Jun 22 21:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Failed password for root from 38.55.97.143 port 39810 ssh2
Jun 22 21:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Connection closed by 38.55.97.143 port 39810 [preauth]
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31878]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31948]: Successful su for rubyman by root
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31948]: + ??? root:rubyman
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573298 of user rubyman.
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31948]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573298.
Jun 22 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: Invalid user signature from 103.187.147.214
Jun 22 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: input_userauth_request: invalid user signature [preauth]
Jun 22 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29042]: pam_unix(cron:session): session closed for user root
Jun 22 21:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: Failed password for invalid user signature from 103.187.147.214 port 57102 ssh2
Jun 22 21:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: Received disconnect from 103.187.147.214 port 57102:11: Bye Bye [preauth]
Jun 22 21:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: Disconnected from 103.187.147.214 port 57102 [preauth]
Jun 22 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31879]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: Received disconnect from 212.192.240.126 port 63294:11: disconnected by user [preauth]
Jun 22 21:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: Disconnected from 212.192.240.126 port 63294 [preauth]
Jun 22 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30876]: pam_unix(cron:session): session closed for user root
Jun 22 21:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 21:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: Failed password for root from 103.153.68.219 port 45514 ssh2
Jun 22 21:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: Connection closed by 103.153.68.219 port 45514 [preauth]
Jun 22 21:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: Invalid user negocios from 209.99.190.200
Jun 22 21:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: input_userauth_request: invalid user negocios [preauth]
Jun 22 21:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: Failed password for invalid user negocios from 209.99.190.200 port 50460 ssh2
Jun 22 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: Received disconnect from 209.99.190.200 port 50460:11: Bye Bye [preauth]
Jun 22 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: Disconnected from 209.99.190.200 port 50460 [preauth]
Jun 22 21:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Invalid user cid from 51.178.114.78
Jun 22 21:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: input_userauth_request: invalid user cid [preauth]
Jun 22 21:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 21:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Failed password for invalid user cid from 51.178.114.78 port 39588 ssh2
Jun 22 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Received disconnect from 51.178.114.78 port 39588:11: Bye Bye [preauth]
Jun 22 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Disconnected from 51.178.114.78 port 39588 [preauth]
Jun 22 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32300]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32427]: Successful su for rubyman by root
Jun 22 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32427]: + ??? root:rubyman
Jun 22 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573302 of user rubyman.
Jun 22 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32427]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573302.
Jun 22 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Failed password for root from 203.142.160.143 port 46430 ssh2
Jun 22 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Received disconnect from 203.142.160.143 port 46430:11: Bye Bye [preauth]
Jun 22 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Disconnected from 203.142.160.143 port 46430 [preauth]
Jun 22 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32298]: pam_unix(cron:session): session closed for user root
Jun 22 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29469]: pam_unix(cron:session): session closed for user root
Jun 22 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Failed password for root from 38.55.97.143 port 52354 ssh2
Jun 22 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32301]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Connection closed by 38.55.97.143 port 52354 [preauth]
Jun 22 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31382]: pam_unix(cron:session): session closed for user root
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session closed for user root
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[348]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[433]: Successful su for rubyman by root
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[433]: + ??? root:rubyman
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573311 of user rubyman.
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[433]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573311.
Jun 22 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[350]: pam_unix(cron:session): session closed for user root
Jun 22 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30003]: pam_unix(cron:session): session closed for user root
Jun 22 21:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[349]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: Failed password for root from 38.55.97.143 port 59302 ssh2
Jun 22 21:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: Connection closed by 38.55.97.143 port 59302 [preauth]
Jun 22 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Invalid user mb from 103.187.147.214
Jun 22 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: input_userauth_request: invalid user mb [preauth]
Jun 22 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Failed password for invalid user mb from 103.187.147.214 port 49314 ssh2
Jun 22 21:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Received disconnect from 103.187.147.214 port 49314:11: Bye Bye [preauth]
Jun 22 21:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Disconnected from 103.187.147.214 port 49314 [preauth]
Jun 22 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31881]: pam_unix(cron:session): session closed for user root
Jun 22 21:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Invalid user rqd from 51.178.114.78
Jun 22 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: input_userauth_request: invalid user rqd [preauth]
Jun 22 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Failed password for invalid user rqd from 51.178.114.78 port 37126 ssh2
Jun 22 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Received disconnect from 51.178.114.78 port 37126:11: Bye Bye [preauth]
Jun 22 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Disconnected from 51.178.114.78 port 37126 [preauth]
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[946]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: Successful su for rubyman by root
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: + ??? root:rubyman
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573315 of user rubyman.
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573315.
Jun 22 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30415]: pam_unix(cron:session): session closed for user root
Jun 22 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[947]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: Invalid user foundry from 203.142.160.143
Jun 22 21:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: input_userauth_request: invalid user foundry [preauth]
Jun 22 21:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143
Jun 22 21:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: Failed password for invalid user foundry from 203.142.160.143 port 44658 ssh2
Jun 22 21:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: Received disconnect from 203.142.160.143 port 44658:11: Bye Bye [preauth]
Jun 22 21:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: Disconnected from 203.142.160.143 port 44658 [preauth]
Jun 22 21:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session closed for user root
Jun 22 21:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Invalid user oracle from 186.96.158.180
Jun 22 21:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: input_userauth_request: invalid user oracle [preauth]
Jun 22 21:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 21:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: Failed password for root from 38.55.97.143 port 34364 ssh2
Jun 22 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1354]: Connection closed by 38.55.97.143 port 34364 [preauth]
Jun 22 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Failed password for invalid user oracle from 186.96.158.180 port 28239 ssh2
Jun 22 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Received disconnect from 186.96.158.180 port 28239:11: Bye Bye [preauth]
Jun 22 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Disconnected from 186.96.158.180 port 28239 [preauth]
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1590]: Successful su for rubyman by root
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1590]: + ??? root:rubyman
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573317 of user rubyman.
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1590]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573317.
Jun 22 21:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30875]: pam_unix(cron:session): session closed for user root
Jun 22 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: Failed password for root from 193.24.211.107 port 15263 ssh2
Jun 22 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: Received disconnect from 193.24.211.107 port 15263:11: Client disconnecting normally [preauth]
Jun 22 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: Disconnected from 193.24.211.107 port 15263 [preauth]
Jun 22 21:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session closed for user root
Jun 22 21:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Invalid user clustermail from 51.178.114.78
Jun 22 21:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: input_userauth_request: invalid user clustermail [preauth]
Jun 22 21:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Failed password for invalid user clustermail from 51.178.114.78 port 46852 ssh2
Jun 22 21:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Received disconnect from 51.178.114.78 port 46852:11: Bye Bye [preauth]
Jun 22 21:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Disconnected from 51.178.114.78 port 46852 [preauth]
Jun 22 21:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: Invalid user da4 from 103.187.147.214
Jun 22 21:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: input_userauth_request: invalid user da4 [preauth]
Jun 22 21:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: Failed password for invalid user da4 from 103.187.147.214 port 55490 ssh2
Jun 22 21:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: Received disconnect from 103.187.147.214 port 55490:11: Bye Bye [preauth]
Jun 22 21:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: Disconnected from 103.187.147.214 port 55490 [preauth]
Jun 22 21:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: Invalid user chris from 141.98.83.240
Jun 22 21:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: input_userauth_request: invalid user chris [preauth]
Jun 22 21:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 21:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Failed password for root from 38.55.97.143 port 38498 ssh2
Jun 22 21:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Connection closed by 38.55.97.143 port 38498 [preauth]
Jun 22 21:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: Failed password for invalid user chris from 141.98.83.240 port 52932 ssh2
Jun 22 21:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: Failed password for invalid user chris from 141.98.83.240 port 52932 ssh2
Jun 22 21:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: Failed password for invalid user chris from 141.98.83.240 port 52932 ssh2
Jun 22 21:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: Connection closed by 141.98.83.240 port 52932 [preauth]
Jun 22 21:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1962]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2090]: Successful su for rubyman by root
Jun 22 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2090]: + ??? root:rubyman
Jun 22 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573323 of user rubyman.
Jun 22 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2090]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573323.
Jun 22 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31379]: pam_unix(cron:session): session closed for user root
Jun 22 21:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2008]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.142.160.143  user=root
Jun 22 21:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Failed password for root from 203.142.160.143 port 49326 ssh2
Jun 22 21:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Received disconnect from 203.142.160.143 port 49326:11: Bye Bye [preauth]
Jun 22 21:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Disconnected from 203.142.160.143 port 49326 [preauth]
Jun 22 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session closed for user root
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2447]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: Successful su for rubyman by root
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: + ??? root:rubyman
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573325 of user rubyman.
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573325.
Jun 22 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31880]: pam_unix(cron:session): session closed for user root
Jun 22 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2448]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Failed password for root from 38.55.97.143 port 47066 ssh2
Jun 22 21:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Connection closed by 38.55.97.143 port 47066 [preauth]
Jun 22 21:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1430]: pam_unix(cron:session): session closed for user root
Jun 22 21:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Invalid user karate from 51.178.114.78
Jun 22 21:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: input_userauth_request: invalid user karate [preauth]
Jun 22 21:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Failed password for invalid user karate from 51.178.114.78 port 49564 ssh2
Jun 22 21:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Received disconnect from 51.178.114.78 port 49564:11: Bye Bye [preauth]
Jun 22 21:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Disconnected from 51.178.114.78 port 49564 [preauth]
Jun 22 21:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Invalid user person from 125.247.116.158
Jun 22 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: input_userauth_request: invalid user person [preauth]
Jun 22 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 21:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Failed password for invalid user person from 125.247.116.158 port 57378 ssh2
Jun 22 21:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Received disconnect from 125.247.116.158 port 57378:11: Bye Bye [preauth]
Jun 22 21:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Disconnected from 125.247.116.158 port 57378 [preauth]
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2878]: pam_unix(cron:session): session closed for user root
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2939]: Successful su for rubyman by root
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2939]: + ??? root:rubyman
Jun 22 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573329 of user rubyman.
Jun 22 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2939]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573329.
Jun 22 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2875]: pam_unix(cron:session): session closed for user root
Jun 22 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32302]: pam_unix(cron:session): session closed for user root
Jun 22 21:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2873]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Invalid user cpp from 103.187.147.214
Jun 22 21:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: input_userauth_request: invalid user cpp [preauth]
Jun 22 21:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Failed password for invalid user cpp from 103.187.147.214 port 34640 ssh2
Jun 22 21:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Received disconnect from 103.187.147.214 port 34640:11: Bye Bye [preauth]
Jun 22 21:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Disconnected from 103.187.147.214 port 34640 [preauth]
Jun 22 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for root from 38.55.97.143 port 35814 ssh2
Jun 22 21:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Connection closed by 38.55.97.143 port 35814 [preauth]
Jun 22 21:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2010]: pam_unix(cron:session): session closed for user root
Jun 22 21:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Invalid user admin from 193.46.255.86
Jun 22 21:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: input_userauth_request: invalid user admin [preauth]
Jun 22 21:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 21:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Failed password for invalid user admin from 193.46.255.86 port 51302 ssh2
Jun 22 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3379]: Successful su for rubyman by root
Jun 22 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3379]: + ??? root:rubyman
Jun 22 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573335 of user rubyman.
Jun 22 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3379]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573335.
Jun 22 21:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: Failed password for root from 80.66.85.226 port 51162 ssh2
Jun 22 21:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: Connection closed by 80.66.85.226 port 51162 [preauth]
Jun 22 21:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Failed password for invalid user admin from 193.46.255.86 port 51302 ssh2
Jun 22 21:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session closed for user root
Jun 22 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Failed password for invalid user admin from 193.46.255.86 port 51302 ssh2
Jun 22 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Connection closed by 193.46.255.86 port 51302 [preauth]
Jun 22 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: Invalid user myia from 2.57.121.112
Jun 22 21:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: input_userauth_request: invalid user myia [preauth]
Jun 22 21:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 21:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: Failed password for invalid user myia from 2.57.121.112 port 3132 ssh2
Jun 22 21:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: Failed password for invalid user myia from 2.57.121.112 port 3132 ssh2
Jun 22 21:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: Failed password for invalid user myia from 2.57.121.112 port 3132 ssh2
Jun 22 21:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: Failed password for invalid user myia from 2.57.121.112 port 3132 ssh2
Jun 22 21:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: Failed password for invalid user myia from 2.57.121.112 port 3132 ssh2
Jun 22 21:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: Connection closed by 2.57.121.112 port 3132 [preauth]
Jun 22 21:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 21:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3588]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 22 21:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2450]: pam_unix(cron:session): session closed for user root
Jun 22 21:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: Invalid user backstage from 51.178.114.78
Jun 22 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: input_userauth_request: invalid user backstage [preauth]
Jun 22 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: Failed password for invalid user backstage from 51.178.114.78 port 55324 ssh2
Jun 22 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: Received disconnect from 51.178.114.78 port 55324:11: Bye Bye [preauth]
Jun 22 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: Disconnected from 51.178.114.78 port 55324 [preauth]
Jun 22 21:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Failed password for root from 38.55.97.143 port 47744 ssh2
Jun 22 21:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Connection closed by 38.55.97.143 port 47744 [preauth]
Jun 22 21:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 21:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Failed password for root from 103.27.238.120 port 40152 ssh2
Jun 22 21:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Connection closed by 103.27.238.120 port 40152 [preauth]
Jun 22 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3816]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3932]: Successful su for rubyman by root
Jun 22 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3932]: + ??? root:rubyman
Jun 22 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573339 of user rubyman.
Jun 22 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3932]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573339.
Jun 22 21:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session closed for user root
Jun 22 21:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3817]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Invalid user temp3 from 206.1.62.191
Jun 22 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: input_userauth_request: invalid user temp3 [preauth]
Jun 22 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Failed password for invalid user temp3 from 206.1.62.191 port 56183 ssh2
Jun 22 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Received disconnect from 206.1.62.191 port 56183:11: Bye Bye [preauth]
Jun 22 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Disconnected from 206.1.62.191 port 56183 [preauth]
Jun 22 21:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 21:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Failed password for root from 186.96.158.180 port 32207 ssh2
Jun 22 21:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Received disconnect from 186.96.158.180 port 32207:11: Bye Bye [preauth]
Jun 22 21:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Disconnected from 186.96.158.180 port 32207 [preauth]
Jun 22 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2877]: pam_unix(cron:session): session closed for user root
Jun 22 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Invalid user kursk from 103.187.147.214
Jun 22 21:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: input_userauth_request: invalid user kursk [preauth]
Jun 22 21:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Failed password for invalid user kursk from 103.187.147.214 port 41548 ssh2
Jun 22 21:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Received disconnect from 103.187.147.214 port 41548:11: Bye Bye [preauth]
Jun 22 21:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Disconnected from 103.187.147.214 port 41548 [preauth]
Jun 22 21:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Failed password for root from 38.55.97.143 port 52878 ssh2
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4339]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4397]: Successful su for rubyman by root
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4397]: + ??? root:rubyman
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573343 of user rubyman.
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4397]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573343.
Jun 22 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Connection closed by 38.55.97.143 port 52878 [preauth]
Jun 22 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1428]: pam_unix(cron:session): session closed for user root
Jun 22 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4340]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Invalid user admin from 2.57.121.25
Jun 22 21:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: input_userauth_request: invalid user admin [preauth]
Jun 22 21:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 21:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: Invalid user roundcube from 51.178.114.78
Jun 22 21:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: input_userauth_request: invalid user roundcube [preauth]
Jun 22 21:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Failed password for invalid user admin from 2.57.121.25 port 32564 ssh2
Jun 22 21:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: Failed password for invalid user roundcube from 51.178.114.78 port 49718 ssh2
Jun 22 21:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: Received disconnect from 51.178.114.78 port 49718:11: Bye Bye [preauth]
Jun 22 21:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: Disconnected from 51.178.114.78 port 49718 [preauth]
Jun 22 21:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Failed password for invalid user admin from 2.57.121.25 port 32564 ssh2
Jun 22 21:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Failed password for invalid user admin from 2.57.121.25 port 32564 ssh2
Jun 22 21:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Connection closed by 2.57.121.25 port 32564 [preauth]
Jun 22 21:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3316]: pam_unix(cron:session): session closed for user root
Jun 22 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: Successful su for rubyman by root
Jun 22 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: + ??? root:rubyman
Jun 22 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573347 of user rubyman.
Jun 22 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573347.
Jun 22 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session closed for user root
Jun 22 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4775]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5106]: Failed password for root from 38.55.97.143 port 56524 ssh2
Jun 22 21:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5106]: Connection closed by 38.55.97.143 port 56524 [preauth]
Jun 22 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3819]: pam_unix(cron:session): session closed for user root
Jun 22 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5257]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5260]: pam_unix(cron:session): session closed for user root
Jun 22 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5254]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5328]: Successful su for rubyman by root
Jun 22 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5328]: + ??? root:rubyman
Jun 22 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573351 of user rubyman.
Jun 22 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5328]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573351.
Jun 22 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: Invalid user award from 103.187.147.214
Jun 22 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: input_userauth_request: invalid user award [preauth]
Jun 22 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5257]: pam_unix(cron:session): session closed for user root
Jun 22 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session closed for user root
Jun 22 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: Failed password for invalid user award from 103.187.147.214 port 33878 ssh2
Jun 22 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: Received disconnect from 103.187.147.214 port 33878:11: Bye Bye [preauth]
Jun 22 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: Disconnected from 103.187.147.214 port 33878 [preauth]
Jun 22 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5256]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Invalid user lims from 51.178.114.78
Jun 22 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: input_userauth_request: invalid user lims [preauth]
Jun 22 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Failed password for invalid user lims from 51.178.114.78 port 41462 ssh2
Jun 22 21:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Received disconnect from 51.178.114.78 port 41462:11: Bye Bye [preauth]
Jun 22 21:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Disconnected from 51.178.114.78 port 41462 [preauth]
Jun 22 21:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4342]: pam_unix(cron:session): session closed for user root
Jun 22 21:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: Failed password for root from 38.55.97.143 port 40506 ssh2
Jun 22 21:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: Connection closed by 38.55.97.143 port 40506 [preauth]
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: Successful su for rubyman by root
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: + ??? root:rubyman
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573358 of user rubyman.
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573358.
Jun 22 21:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2876]: pam_unix(cron:session): session closed for user root
Jun 22 21:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Did not receive identification string from 45.91.64.7
Jun 22 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Invalid user ru from 125.247.116.158
Jun 22 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: input_userauth_request: invalid user ru [preauth]
Jun 22 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 21:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Failed password for invalid user ru from 125.247.116.158 port 33562 ssh2
Jun 22 21:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Received disconnect from 125.247.116.158 port 33562:11: Bye Bye [preauth]
Jun 22 21:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Disconnected from 125.247.116.158 port 33562 [preauth]
Jun 22 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session closed for user root
Jun 22 21:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Failed password for root from 38.55.97.143 port 51414 ssh2
Jun 22 21:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Connection closed by 38.55.97.143 port 51414 [preauth]
Jun 22 21:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Invalid user mad from 209.99.190.200
Jun 22 21:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: input_userauth_request: invalid user mad [preauth]
Jun 22 21:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6095]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Failed password for invalid user mad from 209.99.190.200 port 50818 ssh2
Jun 22 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: Successful su for rubyman by root
Jun 22 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: + ??? root:rubyman
Jun 22 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573361 of user rubyman.
Jun 22 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573361.
Jun 22 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Received disconnect from 209.99.190.200 port 50818:11: Bye Bye [preauth]
Jun 22 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Disconnected from 209.99.190.200 port 50818 [preauth]
Jun 22 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3315]: pam_unix(cron:session): session closed for user root
Jun 22 21:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6096]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: Invalid user consulta from 51.178.114.78
Jun 22 21:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: input_userauth_request: invalid user consulta [preauth]
Jun 22 21:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: Failed password for invalid user consulta from 51.178.114.78 port 52036 ssh2
Jun 22 21:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: Received disconnect from 51.178.114.78 port 52036:11: Bye Bye [preauth]
Jun 22 21:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: Disconnected from 51.178.114.78 port 52036 [preauth]
Jun 22 21:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Invalid user db from 103.187.147.214
Jun 22 21:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: input_userauth_request: invalid user db [preauth]
Jun 22 21:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Failed password for invalid user db from 103.187.147.214 port 32782 ssh2
Jun 22 21:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Received disconnect from 103.187.147.214 port 32782:11: Bye Bye [preauth]
Jun 22 21:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Disconnected from 103.187.147.214 port 32782 [preauth]
Jun 22 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5259]: pam_unix(cron:session): session closed for user root
Jun 22 21:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Invalid user user_01 from 186.96.158.180
Jun 22 21:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: input_userauth_request: invalid user user_01 [preauth]
Jun 22 21:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 21:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Failed password for invalid user user_01 from 186.96.158.180 port 35314 ssh2
Jun 22 21:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Received disconnect from 186.96.158.180 port 35314:11: Bye Bye [preauth]
Jun 22 21:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Disconnected from 186.96.158.180 port 35314 [preauth]
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6553]: Successful su for rubyman by root
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6553]: + ??? root:rubyman
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573365 of user rubyman.
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6553]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573365.
Jun 22 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3818]: pam_unix(cron:session): session closed for user root
Jun 22 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: Invalid user sensor from 125.247.116.158
Jun 22 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: input_userauth_request: invalid user sensor [preauth]
Jun 22 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: Failed password for invalid user sensor from 125.247.116.158 port 51846 ssh2
Jun 22 21:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: Failed password for root from 38.55.97.143 port 59526 ssh2
Jun 22 21:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: Received disconnect from 125.247.116.158 port 51846:11: Bye Bye [preauth]
Jun 22 21:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: Disconnected from 125.247.116.158 port 51846 [preauth]
Jun 22 21:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: Connection closed by 38.55.97.143 port 59526 [preauth]
Jun 22 21:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Invalid user ycbf3 from 206.1.62.191
Jun 22 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: input_userauth_request: invalid user ycbf3 [preauth]
Jun 22 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5692]: pam_unix(cron:session): session closed for user root
Jun 22 21:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Failed password for invalid user ycbf3 from 206.1.62.191 port 21642 ssh2
Jun 22 21:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Received disconnect from 206.1.62.191 port 21642:11: Bye Bye [preauth]
Jun 22 21:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Disconnected from 206.1.62.191 port 21642 [preauth]
Jun 22 21:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Invalid user advent from 209.99.190.200
Jun 22 21:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: input_userauth_request: invalid user advent [preauth]
Jun 22 21:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 21:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Failed password for invalid user advent from 209.99.190.200 port 48544 ssh2
Jun 22 21:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Received disconnect from 209.99.190.200 port 48544:11: Bye Bye [preauth]
Jun 22 21:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Disconnected from 209.99.190.200 port 48544 [preauth]
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6911]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: Successful su for rubyman by root
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: + ??? root:rubyman
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573370 of user rubyman.
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573370.
Jun 22 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: Invalid user webspace from 51.178.114.78
Jun 22 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: input_userauth_request: invalid user webspace [preauth]
Jun 22 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4341]: pam_unix(cron:session): session closed for user root
Jun 22 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6912]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: Failed password for invalid user webspace from 51.178.114.78 port 47912 ssh2
Jun 22 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: Received disconnect from 51.178.114.78 port 47912:11: Bye Bye [preauth]
Jun 22 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: Disconnected from 51.178.114.78 port 47912 [preauth]
Jun 22 21:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6098]: pam_unix(cron:session): session closed for user root
Jun 22 21:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Failed password for root from 38.55.97.143 port 56488 ssh2
Jun 22 21:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Connection closed by 38.55.97.143 port 56488 [preauth]
Jun 22 21:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Invalid user formosa from 103.187.147.214
Jun 22 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: input_userauth_request: invalid user formosa [preauth]
Jun 22 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Failed password for invalid user formosa from 103.187.147.214 port 55652 ssh2
Jun 22 21:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Received disconnect from 103.187.147.214 port 55652:11: Bye Bye [preauth]
Jun 22 21:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Disconnected from 103.187.147.214 port 55652 [preauth]
Jun 22 21:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Invalid user sjc from 125.247.116.158
Jun 22 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: input_userauth_request: invalid user sjc [preauth]
Jun 22 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session closed for user root
Jun 22 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7418]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Failed password for invalid user sjc from 125.247.116.158 port 33666 ssh2
Jun 22 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7485]: Successful su for rubyman by root
Jun 22 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7485]: + ??? root:rubyman
Jun 22 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573373 of user rubyman.
Jun 22 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7485]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Received disconnect from 125.247.116.158 port 33666:11: Bye Bye [preauth]
Jun 22 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Disconnected from 125.247.116.158 port 33666 [preauth]
Jun 22 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573373.
Jun 22 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7420]: pam_unix(cron:session): session closed for user root
Jun 22 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session closed for user root
Jun 22 21:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7419]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Invalid user proposals from 209.99.190.200
Jun 22 21:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: input_userauth_request: invalid user proposals [preauth]
Jun 22 21:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 21:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Failed password for invalid user proposals from 209.99.190.200 port 47908 ssh2
Jun 22 21:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Received disconnect from 209.99.190.200 port 47908:11: Bye Bye [preauth]
Jun 22 21:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Disconnected from 209.99.190.200 port 47908 [preauth]
Jun 22 21:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: Invalid user courses from 206.1.62.191
Jun 22 21:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: input_userauth_request: invalid user courses [preauth]
Jun 22 21:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 21:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: Failed password for invalid user courses from 206.1.62.191 port 53611 ssh2
Jun 22 21:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: Received disconnect from 206.1.62.191 port 53611:11: Bye Bye [preauth]
Jun 22 21:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: Disconnected from 206.1.62.191 port 53611 [preauth]
Jun 22 21:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session closed for user root
Jun 22 21:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: Invalid user sysadmin from 51.178.114.78
Jun 22 21:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: input_userauth_request: invalid user sysadmin [preauth]
Jun 22 21:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: Failed password for invalid user sysadmin from 51.178.114.78 port 56086 ssh2
Jun 22 21:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: Received disconnect from 51.178.114.78 port 56086:11: Bye Bye [preauth]
Jun 22 21:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7920]: Disconnected from 51.178.114.78 port 56086 [preauth]
Jun 22 21:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Failed password for root from 38.55.97.143 port 60142 ssh2
Jun 22 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Connection closed by 38.55.97.143 port 60142 [preauth]
Jun 22 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7941]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8007]: Successful su for rubyman by root
Jun 22 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8007]: + ??? root:rubyman
Jun 22 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573379 of user rubyman.
Jun 22 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8007]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573379.
Jun 22 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5258]: pam_unix(cron:session): session closed for user root
Jun 22 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7942]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: Did not receive identification string from 95.215.0.144
Jun 22 21:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Connection closed by 95.215.0.144 port 44018 [preauth]
Jun 22 21:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 21:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: Failed password for root from 51.250.105.222 port 57948 ssh2
Jun 22 21:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: Connection closed by 51.250.105.222 port 57948 [preauth]
Jun 22 21:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 21:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: Failed password for root from 77.94.47.83 port 59430 ssh2
Jun 22 21:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: Connection closed by 77.94.47.83 port 59430 [preauth]
Jun 22 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6914]: pam_unix(cron:session): session closed for user root
Jun 22 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 21:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Failed password for root from 147.45.199.80 port 51650 ssh2
Jun 22 21:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Connection closed by 147.45.199.80 port 51650 [preauth]
Jun 22 21:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: Invalid user nameserver from 209.99.190.200
Jun 22 21:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: input_userauth_request: invalid user nameserver [preauth]
Jun 22 21:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 21:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: Failed password for invalid user nameserver from 209.99.190.200 port 33654 ssh2
Jun 22 21:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: Received disconnect from 209.99.190.200 port 33654:11: Bye Bye [preauth]
Jun 22 21:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: Disconnected from 209.99.190.200 port 33654 [preauth]
Jun 22 21:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Invalid user mobileapps from 125.247.116.158
Jun 22 21:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: input_userauth_request: invalid user mobileapps [preauth]
Jun 22 21:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 21:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Failed password for invalid user mobileapps from 125.247.116.158 port 39406 ssh2
Jun 22 21:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Received disconnect from 125.247.116.158 port 39406:11: Bye Bye [preauth]
Jun 22 21:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Disconnected from 125.247.116.158 port 39406 [preauth]
Jun 22 21:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: Connection reset by 147.185.132.144 port 57370 [preauth]
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8349]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8411]: Successful su for rubyman by root
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8411]: + ??? root:rubyman
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573383 of user rubyman.
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8411]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573383.
Jun 22 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Invalid user text from 103.187.147.214
Jun 22 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: input_userauth_request: invalid user text [preauth]
Jun 22 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.187.147.214
Jun 22 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5691]: pam_unix(cron:session): session closed for user root
Jun 22 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Failed password for invalid user text from 103.187.147.214 port 33232 ssh2
Jun 22 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Received disconnect from 103.187.147.214 port 33232:11: Bye Bye [preauth]
Jun 22 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Disconnected from 103.187.147.214 port 33232 [preauth]
Jun 22 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8350]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: Failed password for root from 38.55.97.143 port 47236 ssh2
Jun 22 21:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: Connection closed by 38.55.97.143 port 47236 [preauth]
Jun 22 21:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Invalid user prensa from 206.1.62.191
Jun 22 21:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: input_userauth_request: invalid user prensa [preauth]
Jun 22 21:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 21:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Failed password for invalid user prensa from 206.1.62.191 port 30989 ssh2
Jun 22 21:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Received disconnect from 206.1.62.191 port 30989:11: Bye Bye [preauth]
Jun 22 21:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Disconnected from 206.1.62.191 port 30989 [preauth]
Jun 22 21:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7422]: pam_unix(cron:session): session closed for user root
Jun 22 21:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8735]: Invalid user cel from 51.178.114.78
Jun 22 21:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8735]: input_userauth_request: invalid user cel [preauth]
Jun 22 21:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8735]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8735]: Failed password for invalid user cel from 51.178.114.78 port 37026 ssh2
Jun 22 21:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8735]: Received disconnect from 51.178.114.78 port 37026:11: Bye Bye [preauth]
Jun 22 21:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8735]: Disconnected from 51.178.114.78 port 37026 [preauth]
Jun 22 21:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Invalid user bacula from 186.96.158.180
Jun 22 21:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: input_userauth_request: invalid user bacula [preauth]
Jun 22 21:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 21:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Failed password for invalid user bacula from 186.96.158.180 port 22701 ssh2
Jun 22 21:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Received disconnect from 186.96.158.180 port 22701:11: Bye Bye [preauth]
Jun 22 21:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Disconnected from 186.96.158.180 port 22701 [preauth]
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8754]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8823]: Successful su for rubyman by root
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8823]: + ??? root:rubyman
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573388 of user rubyman.
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8823]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573388.
Jun 22 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6097]: pam_unix(cron:session): session closed for user root
Jun 22 21:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Invalid user ycbf3 from 209.99.190.200
Jun 22 21:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: input_userauth_request: invalid user ycbf3 [preauth]
Jun 22 21:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 21:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Failed password for invalid user ycbf3 from 209.99.190.200 port 51130 ssh2
Jun 22 21:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Received disconnect from 209.99.190.200 port 51130:11: Bye Bye [preauth]
Jun 22 21:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Disconnected from 209.99.190.200 port 51130 [preauth]
Jun 22 21:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 21:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: Failed password for root from 193.24.211.107 port 27031 ssh2
Jun 22 21:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: Received disconnect from 193.24.211.107 port 27031:11: Client disconnecting normally [preauth]
Jun 22 21:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: Disconnected from 193.24.211.107 port 27031 [preauth]
Jun 22 21:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 21:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7944]: pam_unix(cron:session): session closed for user root
Jun 22 21:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: Failed password for root from 38.55.97.143 port 57788 ssh2
Jun 22 21:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: Connection closed by 38.55.97.143 port 57788 [preauth]
Jun 22 21:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: Invalid user jl from 125.247.116.158
Jun 22 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: input_userauth_request: invalid user jl [preauth]
Jun 22 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 21:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: Failed password for invalid user jl from 125.247.116.158 port 42380 ssh2
Jun 22 21:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: Received disconnect from 125.247.116.158 port 42380:11: Bye Bye [preauth]
Jun 22 21:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: Disconnected from 125.247.116.158 port 42380 [preauth]
Jun 22 21:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9155]: Failed password for root from 62.133.62.83 port 46502 ssh2
Jun 22 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9155]: Connection closed by 62.133.62.83 port 46502 [preauth]
Jun 22 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9166]: pam_unix(cron:session): session closed for user p13x
Jun 22 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9229]: Successful su for rubyman by root
Jun 22 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9229]: + ??? root:rubyman
Jun 22 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573391 of user rubyman.
Jun 22 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9229]: pam_unix(su:session): session closed for user rubyman
Jun 22 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573391.
Jun 22 21:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session closed for user root
Jun 22 21:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9167]: pam_unix(cron:session): session closed for user samftp
Jun 22 21:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Invalid user proposals from 206.1.62.191
Jun 22 21:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: input_userauth_request: invalid user proposals [preauth]
Jun 22 21:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 21:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Failed password for invalid user proposals from 206.1.62.191 port 11749 ssh2
Jun 22 21:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Received disconnect from 206.1.62.191 port 11749:11: Bye Bye [preauth]
Jun 22 21:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Disconnected from 206.1.62.191 port 11749 [preauth]
Jun 22 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8352]: pam_unix(cron:session): session closed for user root
Jun 22 21:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: Invalid user mtc from 51.178.114.78
Jun 22 21:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: input_userauth_request: invalid user mtc [preauth]
Jun 22 21:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 21:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: Failed password for invalid user mtc from 51.178.114.78 port 56798 ssh2
Jun 22 21:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: Received disconnect from 51.178.114.78 port 56798:11: Bye Bye [preauth]
Jun 22 21:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: Disconnected from 51.178.114.78 port 56798 [preauth]
Jun 22 21:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 21:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Invalid user temp3 from 209.99.190.200
Jun 22 21:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: input_userauth_request: invalid user temp3 [preauth]
Jun 22 21:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 21:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 21:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Failed password for invalid user temp3 from 209.99.190.200 port 33146 ssh2
Jun 22 21:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Received disconnect from 209.99.190.200 port 33146:11: Bye Bye [preauth]
Jun 22 21:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Disconnected from 209.99.190.200 port 33146 [preauth]
Jun 22 21:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9564]: pam_unix(cron:session): session closed for user root
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9560]: pam_unix(cron:session): session closed for user root
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9557]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9652]: Successful su for rubyman by root
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9652]: + ??? root:rubyman
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573400 of user rubyman.
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9652]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573400.
Jun 22 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9561]: pam_unix(cron:session): session closed for user root
Jun 22 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6913]: pam_unix(cron:session): session closed for user root
Jun 22 22:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Failed password for root from 38.55.97.143 port 42552 ssh2
Jun 22 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9558]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Connection closed by 38.55.97.143 port 42552 [preauth]
Jun 22 22:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: Invalid user franchise from 125.247.116.158
Jun 22 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: input_userauth_request: invalid user franchise [preauth]
Jun 22 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 22:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: Failed password for invalid user franchise from 125.247.116.158 port 44824 ssh2
Jun 22 22:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for root from 103.172.78.219 port 40014 ssh2
Jun 22 22:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: Received disconnect from 125.247.116.158 port 44824:11: Bye Bye [preauth]
Jun 22 22:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: Disconnected from 125.247.116.158 port 44824 [preauth]
Jun 22 22:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Connection closed by 103.172.78.219 port 40014 [preauth]
Jun 22 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8757]: pam_unix(cron:session): session closed for user root
Jun 22 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10326]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10395]: Successful su for rubyman by root
Jun 22 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10395]: + ??? root:rubyman
Jun 22 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573402 of user rubyman.
Jun 22 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10395]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573402.
Jun 22 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7421]: pam_unix(cron:session): session closed for user root
Jun 22 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10327]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: Invalid user logo from 206.1.62.191
Jun 22 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: input_userauth_request: invalid user logo [preauth]
Jun 22 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: Failed password for invalid user logo from 206.1.62.191 port 32733 ssh2
Jun 22 22:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: Received disconnect from 206.1.62.191 port 32733:11: Bye Bye [preauth]
Jun 22 22:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: Disconnected from 206.1.62.191 port 32733 [preauth]
Jun 22 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: Invalid user webalizer from 209.99.190.200
Jun 22 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: input_userauth_request: invalid user webalizer [preauth]
Jun 22 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: Failed password for invalid user webalizer from 209.99.190.200 port 57208 ssh2
Jun 22 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: Received disconnect from 209.99.190.200 port 57208:11: Bye Bye [preauth]
Jun 22 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: Disconnected from 209.99.190.200 port 57208 [preauth]
Jun 22 22:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Invalid user vestibular from 51.178.114.78
Jun 22 22:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: input_userauth_request: invalid user vestibular [preauth]
Jun 22 22:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9169]: pam_unix(cron:session): session closed for user root
Jun 22 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Failed password for invalid user vestibular from 51.178.114.78 port 42912 ssh2
Jun 22 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Received disconnect from 51.178.114.78 port 42912:11: Bye Bye [preauth]
Jun 22 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Disconnected from 51.178.114.78 port 42912 [preauth]
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10755]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10825]: Successful su for rubyman by root
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10825]: + ??? root:rubyman
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573406 of user rubyman.
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10825]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573406.
Jun 22 22:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7943]: pam_unix(cron:session): session closed for user root
Jun 22 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10756]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: Received disconnect from 212.192.216.2 port 3368:11: disconnected by user [preauth]
Jun 22 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: Disconnected from 212.192.216.2 port 3368 [preauth]
Jun 22 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Invalid user pv from 125.247.116.158
Jun 22 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: input_userauth_request: invalid user pv [preauth]
Jun 22 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Failed password for invalid user pv from 125.247.116.158 port 46128 ssh2
Jun 22 22:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Received disconnect from 125.247.116.158 port 46128:11: Bye Bye [preauth]
Jun 22 22:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Disconnected from 125.247.116.158 port 46128 [preauth]
Jun 22 22:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Failed password for root from 186.96.158.180 port 2288 ssh2
Jun 22 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Received disconnect from 186.96.158.180 port 2288:11: Bye Bye [preauth]
Jun 22 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Disconnected from 186.96.158.180 port 2288 [preauth]
Jun 22 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9563]: pam_unix(cron:session): session closed for user root
Jun 22 22:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Invalid user taipei from 209.99.190.200
Jun 22 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: input_userauth_request: invalid user taipei [preauth]
Jun 22 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Failed password for invalid user taipei from 209.99.190.200 port 45602 ssh2
Jun 22 22:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Received disconnect from 209.99.190.200 port 45602:11: Bye Bye [preauth]
Jun 22 22:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Disconnected from 209.99.190.200 port 45602 [preauth]
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: Successful su for rubyman by root
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: + ??? root:rubyman
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573410 of user rubyman.
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573410.
Jun 22 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Invalid user mobiletest from 206.1.62.191
Jun 22 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: input_userauth_request: invalid user mobiletest [preauth]
Jun 22 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8351]: pam_unix(cron:session): session closed for user root
Jun 22 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Failed password for invalid user mobiletest from 206.1.62.191 port 41761 ssh2
Jun 22 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Received disconnect from 206.1.62.191 port 41761:11: Bye Bye [preauth]
Jun 22 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Disconnected from 206.1.62.191 port 41761 [preauth]
Jun 22 22:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: Failed password for root from 103.15.222.183 port 46404 ssh2
Jun 22 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: Connection closed by 103.15.222.183 port 46404 [preauth]
Jun 22 22:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Invalid user sugarcrm from 51.178.114.78
Jun 22 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: input_userauth_request: invalid user sugarcrm [preauth]
Jun 22 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 22:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: Failed password for root from 38.55.97.143 port 44680 ssh2
Jun 22 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Failed password for invalid user sugarcrm from 51.178.114.78 port 56796 ssh2
Jun 22 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Received disconnect from 51.178.114.78 port 56796:11: Bye Bye [preauth]
Jun 22 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Disconnected from 51.178.114.78 port 56796 [preauth]
Jun 22 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: Connection closed by 38.55.97.143 port 44680 [preauth]
Jun 22 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10330]: pam_unix(cron:session): session closed for user root
Jun 22 22:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Invalid user wtest from 125.247.116.158
Jun 22 22:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: input_userauth_request: invalid user wtest [preauth]
Jun 22 22:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11598]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Failed password for invalid user wtest from 125.247.116.158 port 57258 ssh2
Jun 22 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11659]: Successful su for rubyman by root
Jun 22 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11659]: + ??? root:rubyman
Jun 22 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573414 of user rubyman.
Jun 22 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11659]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573414.
Jun 22 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Received disconnect from 125.247.116.158 port 57258:11: Bye Bye [preauth]
Jun 22 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Disconnected from 125.247.116.158 port 57258 [preauth]
Jun 22 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8756]: pam_unix(cron:session): session closed for user root
Jun 22 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11599]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Invalid user gl from 209.99.190.200
Jun 22 22:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: input_userauth_request: invalid user gl [preauth]
Jun 22 22:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Failed password for invalid user gl from 209.99.190.200 port 53722 ssh2
Jun 22 22:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Received disconnect from 209.99.190.200 port 53722:11: Bye Bye [preauth]
Jun 22 22:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Disconnected from 209.99.190.200 port 53722 [preauth]
Jun 22 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session closed for user root
Jun 22 22:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: Invalid user gl from 206.1.62.191
Jun 22 22:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: input_userauth_request: invalid user gl [preauth]
Jun 22 22:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: Failed password for invalid user gl from 206.1.62.191 port 8957 ssh2
Jun 22 22:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: Received disconnect from 206.1.62.191 port 8957:11: Bye Bye [preauth]
Jun 22 22:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: Disconnected from 206.1.62.191 port 8957 [preauth]
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session closed for user root
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12129]: Successful su for rubyman by root
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12129]: + ??? root:rubyman
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573421 of user rubyman.
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12129]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573421.
Jun 22 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12062]: pam_unix(cron:session): session closed for user root
Jun 22 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9168]: pam_unix(cron:session): session closed for user root
Jun 22 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 22:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: Failed password for root from 38.93.206.2 port 48286 ssh2
Jun 22 22:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: Connection closed by 38.93.206.2 port 48286 [preauth]
Jun 22 22:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: Invalid user bellatrix from 51.178.114.78
Jun 22 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: input_userauth_request: invalid user bellatrix [preauth]
Jun 22 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 22 22:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: Failed password for invalid user bellatrix from 51.178.114.78 port 41582 ssh2
Jun 22 22:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: Received disconnect from 51.178.114.78 port 41582:11: Bye Bye [preauth]
Jun 22 22:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: Disconnected from 51.178.114.78 port 41582 [preauth]
Jun 22 22:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11179]: pam_unix(cron:session): session closed for user root
Jun 22 22:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: Invalid user biurokarier from 125.247.116.158
Jun 22 22:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: input_userauth_request: invalid user biurokarier [preauth]
Jun 22 22:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: Failed password for invalid user biurokarier from 125.247.116.158 port 35844 ssh2
Jun 22 22:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: Received disconnect from 125.247.116.158 port 35844:11: Bye Bye [preauth]
Jun 22 22:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: Disconnected from 125.247.116.158 port 35844 [preauth]
Jun 22 22:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: Invalid user asl from 209.99.190.200
Jun 22 22:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: input_userauth_request: invalid user asl [preauth]
Jun 22 22:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: Failed password for invalid user asl from 209.99.190.200 port 40868 ssh2
Jun 22 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: Received disconnect from 209.99.190.200 port 40868:11: Bye Bye [preauth]
Jun 22 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: Disconnected from 209.99.190.200 port 40868 [preauth]
Jun 22 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12623]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: Successful su for rubyman by root
Jun 22 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: + ??? root:rubyman
Jun 22 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573425 of user rubyman.
Jun 22 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573425.
Jun 22 22:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9562]: pam_unix(cron:session): session closed for user root
Jun 22 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12624]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11601]: pam_unix(cron:session): session closed for user root
Jun 22 22:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Invalid user nameserver from 206.1.62.191
Jun 22 22:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: input_userauth_request: invalid user nameserver [preauth]
Jun 22 22:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Failed password for invalid user nameserver from 206.1.62.191 port 47808 ssh2
Jun 22 22:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Received disconnect from 206.1.62.191 port 47808:11: Bye Bye [preauth]
Jun 22 22:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Disconnected from 206.1.62.191 port 47808 [preauth]
Jun 22 22:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Failed password for root from 38.55.97.143 port 50856 ssh2
Jun 22 22:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Connection closed by 38.55.97.143 port 50856 [preauth]
Jun 22 22:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: Invalid user ftpuser from 186.96.158.180
Jun 22 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13102]: Successful su for rubyman by root
Jun 22 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13102]: + ??? root:rubyman
Jun 22 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573428 of user rubyman.
Jun 22 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13102]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573428.
Jun 22 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: Failed password for invalid user ftpuser from 186.96.158.180 port 21933 ssh2
Jun 22 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: Received disconnect from 186.96.158.180 port 21933:11: Bye Bye [preauth]
Jun 22 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: Disconnected from 186.96.158.180 port 21933 [preauth]
Jun 22 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session closed for user root
Jun 22 22:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 22:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Failed password for root from 103.149.28.157 port 33630 ssh2
Jun 22 22:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Connection closed by 103.149.28.157 port 33630 [preauth]
Jun 22 22:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: Invalid user col from 209.99.190.200
Jun 22 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: input_userauth_request: invalid user col [preauth]
Jun 22 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: Failed password for invalid user col from 209.99.190.200 port 49546 ssh2
Jun 22 22:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: Received disconnect from 209.99.190.200 port 49546:11: Bye Bye [preauth]
Jun 22 22:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: Disconnected from 209.99.190.200 port 49546 [preauth]
Jun 22 22:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 22:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12064]: pam_unix(cron:session): session closed for user root
Jun 22 22:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: Failed password for root from 103.82.20.28 port 46644 ssh2
Jun 22 22:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: Connection closed by 103.82.20.28 port 46644 [preauth]
Jun 22 22:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: Invalid user perfil from 125.247.116.158
Jun 22 22:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: input_userauth_request: invalid user perfil [preauth]
Jun 22 22:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: Failed password for invalid user perfil from 125.247.116.158 port 33898 ssh2
Jun 22 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: Received disconnect from 125.247.116.158 port 33898:11: Bye Bye [preauth]
Jun 22 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: Disconnected from 125.247.116.158 port 33898 [preauth]
Jun 22 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13457]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13520]: Successful su for rubyman by root
Jun 22 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13520]: + ??? root:rubyman
Jun 22 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573433 of user rubyman.
Jun 22 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13520]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573433.
Jun 22 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session closed for user root
Jun 22 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13458]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 22:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13711]: Failed password for root from 87.251.79.125 port 39614 ssh2
Jun 22 22:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13711]: Connection closed by 87.251.79.125 port 39614 [preauth]
Jun 22 22:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 22 22:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 22:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: Failed password for root from 46.19.67.181 port 32876 ssh2
Jun 22 22:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: Connection closed by 46.19.67.181 port 32876 [preauth]
Jun 22 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: Failed password for root from 103.176.20.57 port 56486 ssh2
Jun 22 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: Connection closed by 103.176.20.57 port 56486 [preauth]
Jun 22 22:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 22:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: Failed password for root from 103.77.242.62 port 49538 ssh2
Jun 22 22:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: Connection closed by 103.77.242.62 port 49538 [preauth]
Jun 22 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12626]: pam_unix(cron:session): session closed for user root
Jun 22 22:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Invalid user historia from 206.1.62.191
Jun 22 22:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: input_userauth_request: invalid user historia [preauth]
Jun 22 22:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Failed password for invalid user historia from 206.1.62.191 port 5007 ssh2
Jun 22 22:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Received disconnect from 206.1.62.191 port 5007:11: Bye Bye [preauth]
Jun 22 22:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Disconnected from 206.1.62.191 port 5007 [preauth]
Jun 22 22:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: Invalid user logo from 209.99.190.200
Jun 22 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: input_userauth_request: invalid user logo [preauth]
Jun 22 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: Failed password for invalid user logo from 209.99.190.200 port 48880 ssh2
Jun 22 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: Received disconnect from 209.99.190.200 port 48880:11: Bye Bye [preauth]
Jun 22 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: Disconnected from 209.99.190.200 port 48880 [preauth]
Jun 22 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13880]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14008]: Successful su for rubyman by root
Jun 22 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14008]: + ??? root:rubyman
Jun 22 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573436 of user rubyman.
Jun 22 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14008]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573436.
Jun 22 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session closed for user root
Jun 22 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11177]: pam_unix(cron:session): session closed for user root
Jun 22 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13881]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13045]: pam_unix(cron:session): session closed for user root
Jun 22 22:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Invalid user answers from 125.247.116.158
Jun 22 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: input_userauth_request: invalid user answers [preauth]
Jun 22 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Failed password for invalid user answers from 125.247.116.158 port 60546 ssh2
Jun 22 22:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Received disconnect from 125.247.116.158 port 60546:11: Bye Bye [preauth]
Jun 22 22:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Disconnected from 125.247.116.158 port 60546 [preauth]
Jun 22 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14364]: pam_unix(cron:session): session closed for user root
Jun 22 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14359]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: Successful su for rubyman by root
Jun 22 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: + ??? root:rubyman
Jun 22 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573445 of user rubyman.
Jun 22 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573445.
Jun 22 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 22 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session closed for user root
Jun 22 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11600]: pam_unix(cron:session): session closed for user root
Jun 22 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: Failed password for root from 176.32.39.21 port 39370 ssh2
Jun 22 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: Connection closed by 176.32.39.21 port 39370 [preauth]
Jun 22 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Failed password for root from 38.55.97.143 port 53026 ssh2
Jun 22 22:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Connection closed by 38.55.97.143 port 53026 [preauth]
Jun 22 22:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Invalid user prensa from 209.99.190.200
Jun 22 22:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: input_userauth_request: invalid user prensa [preauth]
Jun 22 22:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Invalid user col from 206.1.62.191
Jun 22 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: input_userauth_request: invalid user col [preauth]
Jun 22 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Failed password for invalid user prensa from 209.99.190.200 port 50860 ssh2
Jun 22 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Received disconnect from 209.99.190.200 port 50860:11: Bye Bye [preauth]
Jun 22 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Disconnected from 209.99.190.200 port 50860 [preauth]
Jun 22 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Failed password for invalid user col from 206.1.62.191 port 58210 ssh2
Jun 22 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Received disconnect from 206.1.62.191 port 58210:11: Bye Bye [preauth]
Jun 22 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Disconnected from 206.1.62.191 port 58210 [preauth]
Jun 22 22:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13460]: pam_unix(cron:session): session closed for user root
Jun 22 22:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Invalid user  from 91.92.40.171
Jun 22 22:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: input_userauth_request: invalid user  [preauth]
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14880]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Connection closed by 91.92.40.171 port 38836 [preauth]
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14949]: Successful su for rubyman by root
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14949]: + ??? root:rubyman
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573449 of user rubyman.
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14949]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573449.
Jun 22 22:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12063]: pam_unix(cron:session): session closed for user root
Jun 22 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14881]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Invalid user cam1 from 125.247.116.158
Jun 22 22:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: input_userauth_request: invalid user cam1 [preauth]
Jun 22 22:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Failed password for invalid user cam1 from 125.247.116.158 port 48632 ssh2
Jun 22 22:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Received disconnect from 125.247.116.158 port 48632:11: Bye Bye [preauth]
Jun 22 22:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Disconnected from 125.247.116.158 port 48632 [preauth]
Jun 22 22:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15202]: Failed password for root from 91.92.40.171 port 42772 ssh2
Jun 22 22:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15202]: Connection closed by 91.92.40.171 port 42772 [preauth]
Jun 22 22:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session closed for user root
Jun 22 22:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Failed password for root from 91.92.40.171 port 44832 ssh2
Jun 22 22:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Connection closed by 91.92.40.171 port 44832 [preauth]
Jun 22 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: Invalid user mc from 91.92.40.171
Jun 22 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: input_userauth_request: invalid user mc [preauth]
Jun 22 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: Failed password for invalid user mc from 91.92.40.171 port 44882 ssh2
Jun 22 22:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: Connection closed by 91.92.40.171 port 44882 [preauth]
Jun 22 22:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: Failed password for root from 91.92.40.171 port 52374 ssh2
Jun 22 22:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Invalid user admin from 91.92.40.171
Jun 22 22:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: Connection closed by 91.92.40.171 port 52374 [preauth]
Jun 22 22:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Invalid user historia from 209.99.190.200
Jun 22 22:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: input_userauth_request: invalid user historia [preauth]
Jun 22 22:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Failed password for invalid user admin from 91.92.40.171 port 47706 ssh2
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: Successful su for rubyman by root
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: + ??? root:rubyman
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573453 of user rubyman.
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Failed password for invalid user historia from 209.99.190.200 port 55762 ssh2
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573453.
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Received disconnect from 209.99.190.200 port 55762:11: Bye Bye [preauth]
Jun 22 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Disconnected from 209.99.190.200 port 55762 [preauth]
Jun 22 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Connection closed by 91.92.40.171 port 47706 [preauth]
Jun 22 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12625]: pam_unix(cron:session): session closed for user root
Jun 22 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15306]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 22:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: Failed password for root from 91.92.40.171 port 47770 ssh2
Jun 22 22:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Failed password for root from 186.96.158.180 port 14667 ssh2
Jun 22 22:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Received disconnect from 186.96.158.180 port 14667:11: Bye Bye [preauth]
Jun 22 22:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Disconnected from 186.96.158.180 port 14667 [preauth]
Jun 22 22:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: Connection closed by 91.92.40.171 port 47770 [preauth]
Jun 22 22:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Invalid user appuser from 91.92.40.171
Jun 22 22:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: input_userauth_request: invalid user appuser [preauth]
Jun 22 22:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Failed password for invalid user appuser from 91.92.40.171 port 33366 ssh2
Jun 22 22:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Connection closed by 91.92.40.171 port 33366 [preauth]
Jun 22 22:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Invalid user git from 91.92.40.171
Jun 22 22:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: input_userauth_request: invalid user git [preauth]
Jun 22 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Failed password for invalid user git from 91.92.40.171 port 33486 ssh2
Jun 22 22:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Connection closed by 91.92.40.171 port 33486 [preauth]
Jun 22 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Invalid user dev from 91.92.40.171
Jun 22 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: input_userauth_request: invalid user dev [preauth]
Jun 22 22:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Failed password for invalid user dev from 91.92.40.171 port 48490 ssh2
Jun 22 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Connection closed by 91.92.40.171 port 48490 [preauth]
Jun 22 22:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Invalid user coder from 91.92.40.171
Jun 22 22:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: input_userauth_request: invalid user coder [preauth]
Jun 22 22:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Invalid user asl from 206.1.62.191
Jun 22 22:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: input_userauth_request: invalid user asl [preauth]
Jun 22 22:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Failed password for invalid user coder from 91.92.40.171 port 50084 ssh2
Jun 22 22:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Failed password for invalid user asl from 206.1.62.191 port 57413 ssh2
Jun 22 22:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Connection closed by 91.92.40.171 port 50084 [preauth]
Jun 22 22:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Received disconnect from 206.1.62.191 port 57413:11: Bye Bye [preauth]
Jun 22 22:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Disconnected from 206.1.62.191 port 57413 [preauth]
Jun 22 22:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: User john from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 22:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: input_userauth_request: invalid user john [preauth]
Jun 22 22:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=john
Jun 22 22:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Failed password for invalid user john from 91.92.40.171 port 50128 ssh2
Jun 22 22:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Connection closed by 91.92.40.171 port 50128 [preauth]
Jun 22 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14363]: pam_unix(cron:session): session closed for user root
Jun 22 22:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: Failed password for root from 91.92.40.171 port 39476 ssh2
Jun 22 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Failed password for root from 103.27.238.114 port 37306 ssh2
Jun 22 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: Connection closed by 91.92.40.171 port 39476 [preauth]
Jun 22 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Connection closed by 103.27.238.114 port 37306 [preauth]
Jun 22 22:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: Failed password for root from 91.92.40.171 port 41522 ssh2
Jun 22 22:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: Connection closed by 91.92.40.171 port 41522 [preauth]
Jun 22 22:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: Invalid user kipt from 91.92.40.171
Jun 22 22:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: input_userauth_request: invalid user kipt [preauth]
Jun 22 22:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: Failed password for invalid user kipt from 91.92.40.171 port 41590 ssh2
Jun 22 22:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: Connection closed by 91.92.40.171 port 41590 [preauth]
Jun 22 22:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: User mysql from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 22:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: input_userauth_request: invalid user mysql [preauth]
Jun 22 22:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=mysql
Jun 22 22:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Failed password for invalid user mysql from 91.92.40.171 port 33540 ssh2
Jun 22 22:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Connection closed by 91.92.40.171 port 33540 [preauth]
Jun 22 22:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: Invalid user bitrix from 91.92.40.171
Jun 22 22:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: input_userauth_request: invalid user bitrix [preauth]
Jun 22 22:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: Failed password for invalid user bitrix from 91.92.40.171 port 33620 ssh2
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: Connection closed by 91.92.40.171 port 33620 [preauth]
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15722]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: Successful su for rubyman by root
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: + ??? root:rubyman
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573455 of user rubyman.
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573455.
Jun 22 22:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13044]: pam_unix(cron:session): session closed for user root
Jun 22 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15724]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: Failed password for root from 91.92.40.171 port 40900 ssh2
Jun 22 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: Connection closed by 91.92.40.171 port 40900 [preauth]
Jun 22 22:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: Invalid user test1 from 91.92.40.171
Jun 22 22:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: input_userauth_request: invalid user test1 [preauth]
Jun 22 22:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: Invalid user zmail from 125.247.116.158
Jun 22 22:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: input_userauth_request: invalid user zmail [preauth]
Jun 22 22:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: Failed password for invalid user test1 from 91.92.40.171 port 40938 ssh2
Jun 22 22:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: Failed password for invalid user zmail from 125.247.116.158 port 49834 ssh2
Jun 22 22:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15962]: Connection closed by 91.92.40.171 port 40938 [preauth]
Jun 22 22:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: Received disconnect from 125.247.116.158 port 49834:11: Bye Bye [preauth]
Jun 22 22:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: Disconnected from 125.247.116.158 port 49834 [preauth]
Jun 22 22:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: Invalid user niaoyun from 91.92.40.171
Jun 22 22:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: input_userauth_request: invalid user niaoyun [preauth]
Jun 22 22:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: Failed password for invalid user niaoyun from 91.92.40.171 port 39316 ssh2
Jun 22 22:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: Connection closed by 91.92.40.171 port 39316 [preauth]
Jun 22 22:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Invalid user admin from 91.92.40.171
Jun 22 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Failed password for invalid user admin from 91.92.40.171 port 39404 ssh2
Jun 22 22:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Connection closed by 91.92.40.171 port 39404 [preauth]
Jun 22 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Invalid user mobiletest from 209.99.190.200
Jun 22 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: input_userauth_request: invalid user mobiletest [preauth]
Jun 22 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: Invalid user media from 91.92.40.171
Jun 22 22:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: input_userauth_request: invalid user media [preauth]
Jun 22 22:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Failed password for invalid user mobiletest from 209.99.190.200 port 59600 ssh2
Jun 22 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Received disconnect from 209.99.190.200 port 59600:11: Bye Bye [preauth]
Jun 22 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Disconnected from 209.99.190.200 port 59600 [preauth]
Jun 22 22:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: Failed password for invalid user media from 91.92.40.171 port 41726 ssh2
Jun 22 22:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16025]: Connection closed by 91.92.40.171 port 41726 [preauth]
Jun 22 22:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Invalid user minecraft from 91.92.40.171
Jun 22 22:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14883]: pam_unix(cron:session): session closed for user root
Jun 22 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Failed password for invalid user minecraft from 91.92.40.171 port 36842 ssh2
Jun 22 22:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Connection closed by 91.92.40.171 port 36842 [preauth]
Jun 22 22:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Failed password for root from 38.55.97.143 port 54660 ssh2
Jun 22 22:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Connection closed by 38.55.97.143 port 54660 [preauth]
Jun 22 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Invalid user testuser from 91.92.40.171
Jun 22 22:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: input_userauth_request: invalid user testuser [preauth]
Jun 22 22:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Failed password for invalid user testuser from 91.92.40.171 port 36874 ssh2
Jun 22 22:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Connection closed by 91.92.40.171 port 36874 [preauth]
Jun 22 22:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 22:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: Invalid user airflow from 91.92.40.171
Jun 22 22:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: input_userauth_request: invalid user airflow [preauth]
Jun 22 22:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: Failed password for root from 103.77.175.15 port 52392 ssh2
Jun 22 22:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: Connection closed by 103.77.175.15 port 52392 [preauth]
Jun 22 22:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: Failed password for invalid user airflow from 91.92.40.171 port 43890 ssh2
Jun 22 22:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: Connection closed by 91.92.40.171 port 43890 [preauth]
Jun 22 22:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: Invalid user webmaster from 91.92.40.171
Jun 22 22:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: input_userauth_request: invalid user webmaster [preauth]
Jun 22 22:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: Failed password for invalid user webmaster from 91.92.40.171 port 43932 ssh2
Jun 22 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: Connection closed by 91.92.40.171 port 43932 [preauth]
Jun 22 22:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: Invalid user omm from 91.92.40.171
Jun 22 22:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: input_userauth_request: invalid user omm [preauth]
Jun 22 22:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: Failed password for invalid user omm from 91.92.40.171 port 37016 ssh2
Jun 22 22:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: Connection closed by 91.92.40.171 port 37016 [preauth]
Jun 22 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: Invalid user system from 91.92.40.171
Jun 22 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: input_userauth_request: invalid user system [preauth]
Jun 22 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: Successful su for rubyman by root
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: + ??? root:rubyman
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573461 of user rubyman.
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573461.
Jun 22 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: Failed password for invalid user system from 91.92.40.171 port 37048 ssh2
Jun 22 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: Connection closed by 91.92.40.171 port 37048 [preauth]
Jun 22 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13459]: pam_unix(cron:session): session closed for user root
Jun 22 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: Invalid user amine from 91.92.40.171
Jun 22 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: input_userauth_request: invalid user amine [preauth]
Jun 22 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: Failed password for invalid user amine from 91.92.40.171 port 55306 ssh2
Jun 22 22:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: Connection closed by 91.92.40.171 port 55306 [preauth]
Jun 22 22:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: User vncuser from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 22:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: input_userauth_request: invalid user vncuser [preauth]
Jun 22 22:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=vncuser
Jun 22 22:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: Failed password for invalid user vncuser from 91.92.40.171 port 55386 ssh2
Jun 22 22:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: Connection closed by 91.92.40.171 port 55386 [preauth]
Jun 22 22:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Invalid user drcomadmin from 91.92.40.171
Jun 22 22:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 22 22:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Invalid user moses from 206.1.62.191
Jun 22 22:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: input_userauth_request: invalid user moses [preauth]
Jun 22 22:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Failed password for invalid user drcomadmin from 91.92.40.171 port 40556 ssh2
Jun 22 22:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Connection closed by 91.92.40.171 port 40556 [preauth]
Jun 22 22:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Failed password for invalid user moses from 206.1.62.191 port 36901 ssh2
Jun 22 22:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Received disconnect from 206.1.62.191 port 36901:11: Bye Bye [preauth]
Jun 22 22:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Disconnected from 206.1.62.191 port 36901 [preauth]
Jun 22 22:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: Invalid user cloud-user from 91.92.40.171
Jun 22 22:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: input_userauth_request: invalid user cloud-user [preauth]
Jun 22 22:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: Failed password for invalid user cloud-user from 91.92.40.171 port 52652 ssh2
Jun 22 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: Connection closed by 91.92.40.171 port 52652 [preauth]
Jun 22 22:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Failed password for root from 193.24.211.107 port 5873 ssh2
Jun 22 22:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Received disconnect from 193.24.211.107 port 5873:11: Client disconnecting normally [preauth]
Jun 22 22:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Disconnected from 193.24.211.107 port 5873 [preauth]
Jun 22 22:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Invalid user admin from 141.98.83.240
Jun 22 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 22:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16446]: Failed password for root from 91.92.40.171 port 52754 ssh2
Jun 22 22:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16446]: Connection closed by 91.92.40.171 port 52754 [preauth]
Jun 22 22:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Failed password for invalid user admin from 141.98.83.240 port 23524 ssh2
Jun 22 22:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Failed password for invalid user admin from 141.98.83.240 port 23524 ssh2
Jun 22 22:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session closed for user root
Jun 22 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Invalid user jack from 91.92.40.171
Jun 22 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: input_userauth_request: invalid user jack [preauth]
Jun 22 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Failed password for invalid user admin from 141.98.83.240 port 23524 ssh2
Jun 22 22:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: Connection closed by 141.98.83.240 port 23524 [preauth]
Jun 22 22:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16448]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 22:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Failed password for invalid user jack from 91.92.40.171 port 44618 ssh2
Jun 22 22:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Connection closed by 91.92.40.171 port 44618 [preauth]
Jun 22 22:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: Invalid user claude from 91.92.40.171
Jun 22 22:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: input_userauth_request: invalid user claude [preauth]
Jun 22 22:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: Failed password for invalid user claude from 91.92.40.171 port 44672 ssh2
Jun 22 22:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: Connection closed by 91.92.40.171 port 44672 [preauth]
Jun 22 22:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Invalid user work from 91.92.40.171
Jun 22 22:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: input_userauth_request: invalid user work [preauth]
Jun 22 22:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Failed password for invalid user work from 91.92.40.171 port 57932 ssh2
Jun 22 22:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Connection closed by 91.92.40.171 port 57932 [preauth]
Jun 22 22:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16532]: Invalid user bot from 91.92.40.171
Jun 22 22:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16532]: input_userauth_request: invalid user bot [preauth]
Jun 22 22:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Invalid user traffic from 209.99.190.200
Jun 22 22:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: input_userauth_request: invalid user traffic [preauth]
Jun 22 22:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16532]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Failed password for invalid user traffic from 209.99.190.200 port 55106 ssh2
Jun 22 22:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Received disconnect from 209.99.190.200 port 55106:11: Bye Bye [preauth]
Jun 22 22:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Disconnected from 209.99.190.200 port 55106 [preauth]
Jun 22 22:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16532]: Failed password for invalid user bot from 91.92.40.171 port 57976 ssh2
Jun 22 22:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16532]: Connection closed by 91.92.40.171 port 57976 [preauth]
Jun 22 22:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 22:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: Failed password for root from 202.178.126.219 port 60102 ssh2
Jun 22 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Invalid user test from 91.92.40.171
Jun 22 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: input_userauth_request: invalid user test [preauth]
Jun 22 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: Invalid user total from 125.247.116.158
Jun 22 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: input_userauth_request: invalid user total [preauth]
Jun 22 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: Failed password for invalid user total from 125.247.116.158 port 45258 ssh2
Jun 22 22:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Failed password for invalid user test from 91.92.40.171 port 42020 ssh2
Jun 22 22:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: Received disconnect from 125.247.116.158 port 45258:11: Bye Bye [preauth]
Jun 22 22:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: Disconnected from 125.247.116.158 port 45258 [preauth]
Jun 22 22:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Connection closed by 91.92.40.171 port 42020 [preauth]
Jun 22 22:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: Connection closed by 202.178.126.219 port 60102 [preauth]
Jun 22 22:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Invalid user bob from 91.92.40.171
Jun 22 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: input_userauth_request: invalid user bob [preauth]
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16566]: pam_unix(cron:session): session closed for user root
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16561]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16634]: Successful su for rubyman by root
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16634]: + ??? root:rubyman
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573464 of user rubyman.
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16634]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573464.
Jun 22 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Failed password for invalid user bob from 91.92.40.171 port 42070 ssh2
Jun 22 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Connection closed by 91.92.40.171 port 42070 [preauth]
Jun 22 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16563]: pam_unix(cron:session): session closed for user root
Jun 22 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13882]: pam_unix(cron:session): session closed for user root
Jun 22 22:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: Failed password for root from 91.92.40.171 port 50640 ssh2
Jun 22 22:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: Connection closed by 91.92.40.171 port 50640 [preauth]
Jun 22 22:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: Invalid user user4 from 91.92.40.171
Jun 22 22:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: input_userauth_request: invalid user user4 [preauth]
Jun 22 22:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: Failed password for invalid user user4 from 91.92.40.171 port 47976 ssh2
Jun 22 22:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16859]: Connection closed by 91.92.40.171 port 47976 [preauth]
Jun 22 22:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Invalid user newuser from 91.92.40.171
Jun 22 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: input_userauth_request: invalid user newuser [preauth]
Jun 22 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Failed password for invalid user newuser from 91.92.40.171 port 47992 ssh2
Jun 22 22:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Connection closed by 91.92.40.171 port 47992 [preauth]
Jun 22 22:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Invalid user devops from 91.92.40.171
Jun 22 22:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: input_userauth_request: invalid user devops [preauth]
Jun 22 22:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Failed password for invalid user devops from 91.92.40.171 port 56148 ssh2
Jun 22 22:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Connection closed by 91.92.40.171 port 56148 [preauth]
Jun 22 22:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Invalid user asterisk from 91.92.40.171
Jun 22 22:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: input_userauth_request: invalid user asterisk [preauth]
Jun 22 22:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Failed password for invalid user asterisk from 91.92.40.171 port 56246 ssh2
Jun 22 22:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Connection closed by 91.92.40.171 port 56246 [preauth]
Jun 22 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15726]: pam_unix(cron:session): session closed for user root
Jun 22 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Invalid user rdpuser from 91.92.40.171
Jun 22 22:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 22:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Failed password for invalid user rdpuser from 91.92.40.171 port 60424 ssh2
Jun 22 22:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Connection closed by 91.92.40.171 port 60424 [preauth]
Jun 22 22:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: Invalid user ossuser from 91.92.40.171
Jun 22 22:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: input_userauth_request: invalid user ossuser [preauth]
Jun 22 22:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: Failed password for invalid user ossuser from 91.92.40.171 port 60478 ssh2
Jun 22 22:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: Connection closed by 91.92.40.171 port 60478 [preauth]
Jun 22 22:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: Failed password for invalid user ubuntu from 91.92.40.171 port 57684 ssh2
Jun 22 22:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: Connection closed by 91.92.40.171 port 57684 [preauth]
Jun 22 22:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: Invalid user guest from 91.92.40.171
Jun 22 22:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: input_userauth_request: invalid user guest [preauth]
Jun 22 22:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: Failed password for invalid user guest from 91.92.40.171 port 57796 ssh2
Jun 22 22:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: Connection closed by 91.92.40.171 port 57796 [preauth]
Jun 22 22:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Invalid user data from 91.92.40.171
Jun 22 22:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: input_userauth_request: invalid user data [preauth]
Jun 22 22:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Failed password for invalid user data from 91.92.40.171 port 42726 ssh2
Jun 22 22:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Connection closed by 91.92.40.171 port 42726 [preauth]
Jun 22 22:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17182]: Successful su for rubyman by root
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17182]: + ??? root:rubyman
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573472 of user rubyman.
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17182]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573472.
Jun 22 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Invalid user advent from 206.1.62.191
Jun 22 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: input_userauth_request: invalid user advent [preauth]
Jun 22 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: Failed password for root from 91.92.40.171 port 56540 ssh2
Jun 22 22:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: Connection closed by 91.92.40.171 port 56540 [preauth]
Jun 22 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session closed for user root
Jun 22 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Failed password for invalid user advent from 206.1.62.191 port 28880 ssh2
Jun 22 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Received disconnect from 206.1.62.191 port 28880:11: Bye Bye [preauth]
Jun 22 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Disconnected from 206.1.62.191 port 28880 [preauth]
Jun 22 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Invalid user sftpuser from 91.92.40.171
Jun 22 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: input_userauth_request: invalid user sftpuser [preauth]
Jun 22 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Failed password for invalid user sftpuser from 91.92.40.171 port 56618 ssh2
Jun 22 22:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Connection closed by 91.92.40.171 port 56618 [preauth]
Jun 22 22:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17388]: Invalid user jellyfin from 91.92.40.171
Jun 22 22:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17388]: input_userauth_request: invalid user jellyfin [preauth]
Jun 22 22:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17388]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17388]: Failed password for invalid user jellyfin from 91.92.40.171 port 43930 ssh2
Jun 22 22:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17388]: Connection closed by 91.92.40.171 port 43930 [preauth]
Jun 22 22:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: Invalid user admin from 91.92.40.171
Jun 22 22:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: Failed password for invalid user admin from 91.92.40.171 port 43974 ssh2
Jun 22 22:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: Connection closed by 91.92.40.171 port 43974 [preauth]
Jun 22 22:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Invalid user asd from 209.99.190.200
Jun 22 22:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: input_userauth_request: invalid user asd [preauth]
Jun 22 22:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: User mysql from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 22:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: input_userauth_request: invalid user mysql [preauth]
Jun 22 22:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=mysql
Jun 22 22:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Failed password for invalid user asd from 209.99.190.200 port 35104 ssh2
Jun 22 22:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Received disconnect from 209.99.190.200 port 35104:11: Bye Bye [preauth]
Jun 22 22:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Disconnected from 209.99.190.200 port 35104 [preauth]
Jun 22 22:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Failed password for invalid user mysql from 91.92.40.171 port 37638 ssh2
Jun 22 22:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Connection closed by 91.92.40.171 port 37638 [preauth]
Jun 22 22:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: Invalid user support from 91.92.40.171
Jun 22 22:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: input_userauth_request: invalid user support [preauth]
Jun 22 22:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: Failed password for invalid user support from 91.92.40.171 port 37674 ssh2
Jun 22 22:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: Connection closed by 91.92.40.171 port 37674 [preauth]
Jun 22 22:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session closed for user root
Jun 22 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Invalid user deployer from 91.92.40.171
Jun 22 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: input_userauth_request: invalid user deployer [preauth]
Jun 22 22:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Failed password for invalid user deployer from 91.92.40.171 port 33642 ssh2
Jun 22 22:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Connection closed by 91.92.40.171 port 33642 [preauth]
Jun 22 22:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17503]: Failed password for root from 91.92.40.171 port 33682 ssh2
Jun 22 22:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17503]: Connection closed by 91.92.40.171 port 33682 [preauth]
Jun 22 22:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Invalid user gazeta from 125.247.116.158
Jun 22 22:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: input_userauth_request: invalid user gazeta [preauth]
Jun 22 22:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: Failed password for root from 38.55.97.143 port 58532 ssh2
Jun 22 22:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: Invalid user server from 91.92.40.171
Jun 22 22:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: input_userauth_request: invalid user server [preauth]
Jun 22 22:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: Connection closed by 38.55.97.143 port 58532 [preauth]
Jun 22 22:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Failed password for invalid user gazeta from 125.247.116.158 port 41610 ssh2
Jun 22 22:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Received disconnect from 125.247.116.158 port 41610:11: Bye Bye [preauth]
Jun 22 22:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Disconnected from 125.247.116.158 port 41610 [preauth]
Jun 22 22:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: Failed password for invalid user server from 91.92.40.171 port 57548 ssh2
Jun 22 22:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: Connection closed by 91.92.40.171 port 57548 [preauth]
Jun 22 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Invalid user git from 91.92.40.171
Jun 22 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: input_userauth_request: invalid user git [preauth]
Jun 22 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Failed password for invalid user git from 91.92.40.171 port 57590 ssh2
Jun 22 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Connection closed by 91.92.40.171 port 57590 [preauth]
Jun 22 22:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Invalid user user10 from 91.92.40.171
Jun 22 22:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: input_userauth_request: invalid user user10 [preauth]
Jun 22 22:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Failed password for invalid user user10 from 91.92.40.171 port 59258 ssh2
Jun 22 22:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Connection closed by 91.92.40.171 port 59258 [preauth]
Jun 22 22:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: Invalid user jack from 91.92.40.171
Jun 22 22:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: input_userauth_request: invalid user jack [preauth]
Jun 22 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session closed for user root
Jun 22 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17563]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17622]: Successful su for rubyman by root
Jun 22 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17622]: + ??? root:rubyman
Jun 22 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573474 of user rubyman.
Jun 22 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17622]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573474.
Jun 22 22:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: Failed password for invalid user jack from 91.92.40.171 port 59304 ssh2
Jun 22 22:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: Connection closed by 91.92.40.171 port 59304 [preauth]
Jun 22 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14882]: pam_unix(cron:session): session closed for user root
Jun 22 22:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Invalid user dmdba from 91.92.40.171
Jun 22 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: input_userauth_request: invalid user dmdba [preauth]
Jun 22 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17564]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Failed password for invalid user dmdba from 91.92.40.171 port 40490 ssh2
Jun 22 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Connection closed by 91.92.40.171 port 40490 [preauth]
Jun 22 22:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: Invalid user hu from 91.92.40.171
Jun 22 22:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: input_userauth_request: invalid user hu [preauth]
Jun 22 22:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: Failed password for invalid user hu from 91.92.40.171 port 40574 ssh2
Jun 22 22:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: Connection closed by 91.92.40.171 port 40574 [preauth]
Jun 22 22:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Invalid user chenxi from 91.92.40.171
Jun 22 22:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: input_userauth_request: invalid user chenxi [preauth]
Jun 22 22:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Failed password for invalid user chenxi from 91.92.40.171 port 57086 ssh2
Jun 22 22:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Connection closed by 91.92.40.171 port 57086 [preauth]
Jun 22 22:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: Failed password for root from 91.92.40.171 port 47152 ssh2
Jun 22 22:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Invalid user dev from 186.96.158.180
Jun 22 22:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: input_userauth_request: invalid user dev [preauth]
Jun 22 22:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 22:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: Connection closed by 91.92.40.171 port 47152 [preauth]
Jun 22 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Failed password for invalid user dev from 186.96.158.180 port 40913 ssh2
Jun 22 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Received disconnect from 186.96.158.180 port 40913:11: Bye Bye [preauth]
Jun 22 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Disconnected from 186.96.158.180 port 40913 [preauth]
Jun 22 22:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Invalid user cloud from 91.92.40.171
Jun 22 22:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: input_userauth_request: invalid user cloud [preauth]
Jun 22 22:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Failed password for invalid user cloud from 91.92.40.171 port 47190 ssh2
Jun 22 22:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Connection closed by 91.92.40.171 port 47190 [preauth]
Jun 22 22:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16565]: pam_unix(cron:session): session closed for user root
Jun 22 22:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Failed password for root from 91.92.40.171 port 60148 ssh2
Jun 22 22:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Connection closed by 91.92.40.171 port 60148 [preauth]
Jun 22 22:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: User vncuser from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 22:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: input_userauth_request: invalid user vncuser [preauth]
Jun 22 22:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=vncuser
Jun 22 22:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: Failed password for invalid user vncuser from 91.92.40.171 port 60160 ssh2
Jun 22 22:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: Connection closed by 91.92.40.171 port 60160 [preauth]
Jun 22 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18042]: Invalid user user from 91.92.40.171
Jun 22 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18042]: input_userauth_request: invalid user user [preauth]
Jun 22 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18042]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18042]: Failed password for invalid user user from 91.92.40.171 port 41674 ssh2
Jun 22 22:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18042]: Connection closed by 91.92.40.171 port 41674 [preauth]
Jun 22 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: Invalid user devuser from 91.92.40.171
Jun 22 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: input_userauth_request: invalid user devuser [preauth]
Jun 22 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: Failed password for invalid user devuser from 91.92.40.171 port 41684 ssh2
Jun 22 22:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18068]: Connection closed by 91.92.40.171 port 41684 [preauth]
Jun 22 22:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Invalid user reza from 91.92.40.171
Jun 22 22:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: input_userauth_request: invalid user reza [preauth]
Jun 22 22:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Failed password for invalid user reza from 91.92.40.171 port 50448 ssh2
Jun 22 22:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Connection closed by 91.92.40.171 port 50448 [preauth]
Jun 22 22:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Invalid user deploy from 91.92.40.171
Jun 22 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: input_userauth_request: invalid user deploy [preauth]
Jun 22 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Invalid user moses from 209.99.190.200
Jun 22 22:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: input_userauth_request: invalid user moses [preauth]
Jun 22 22:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Failed password for invalid user deploy from 91.92.40.171 port 50490 ssh2
Jun 22 22:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Connection closed by 91.92.40.171 port 50490 [preauth]
Jun 22 22:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Failed password for invalid user moses from 209.99.190.200 port 58798 ssh2
Jun 22 22:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Received disconnect from 209.99.190.200 port 58798:11: Bye Bye [preauth]
Jun 22 22:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Disconnected from 209.99.190.200 port 58798 [preauth]
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18093]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18161]: Successful su for rubyman by root
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18161]: + ??? root:rubyman
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573478 of user rubyman.
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18161]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573478.
Jun 22 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18117]: Invalid user mad from 206.1.62.191
Jun 22 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18117]: input_userauth_request: invalid user mad [preauth]
Jun 22 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18117]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: Invalid user erp from 91.92.40.171
Jun 22 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: input_userauth_request: invalid user erp [preauth]
Jun 22 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session closed for user root
Jun 22 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18117]: Failed password for invalid user mad from 206.1.62.191 port 58128 ssh2
Jun 22 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18117]: Received disconnect from 206.1.62.191 port 58128:11: Bye Bye [preauth]
Jun 22 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18117]: Disconnected from 206.1.62.191 port 58128 [preauth]
Jun 22 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: Failed password for invalid user erp from 91.92.40.171 port 60768 ssh2
Jun 22 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: Connection closed by 91.92.40.171 port 60768 [preauth]
Jun 22 22:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18094]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18368]: Invalid user guest from 91.92.40.171
Jun 22 22:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18368]: input_userauth_request: invalid user guest [preauth]
Jun 22 22:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18368]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18368]: Failed password for invalid user guest from 91.92.40.171 port 60810 ssh2
Jun 22 22:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18368]: Connection closed by 91.92.40.171 port 60810 [preauth]
Jun 22 22:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18387]: Invalid user teamspeak from 91.92.40.171
Jun 22 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18387]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18387]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18387]: Failed password for invalid user teamspeak from 91.92.40.171 port 56854 ssh2
Jun 22 22:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18387]: Connection closed by 91.92.40.171 port 56854 [preauth]
Jun 22 22:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Invalid user admin from 91.92.40.171
Jun 22 22:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Failed password for invalid user admin from 91.92.40.171 port 56900 ssh2
Jun 22 22:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Connection closed by 91.92.40.171 port 56900 [preauth]
Jun 22 22:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18491]: Failed password for root from 91.92.40.171 port 33384 ssh2
Jun 22 22:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18491]: Connection closed by 91.92.40.171 port 33384 [preauth]
Jun 22 22:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: Failed password for invalid user ubuntu from 91.92.40.171 port 33460 ssh2
Jun 22 22:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18519]: Connection closed by 91.92.40.171 port 33460 [preauth]
Jun 22 22:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: Invalid user master from 91.92.40.171
Jun 22 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: input_userauth_request: invalid user master [preauth]
Jun 22 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17121]: pam_unix(cron:session): session closed for user root
Jun 22 22:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: Failed password for invalid user master from 91.92.40.171 port 52590 ssh2
Jun 22 22:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: Connection closed by 91.92.40.171 port 52590 [preauth]
Jun 22 22:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18562]: Invalid user certificate from 125.247.116.158
Jun 22 22:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18562]: input_userauth_request: invalid user certificate [preauth]
Jun 22 22:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18562]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18562]: Failed password for invalid user certificate from 125.247.116.158 port 38802 ssh2
Jun 22 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18562]: Received disconnect from 125.247.116.158 port 38802:11: Bye Bye [preauth]
Jun 22 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18562]: Disconnected from 125.247.116.158 port 38802 [preauth]
Jun 22 22:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: Invalid user rocky from 91.92.40.171
Jun 22 22:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: input_userauth_request: invalid user rocky [preauth]
Jun 22 22:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: Failed password for invalid user rocky from 91.92.40.171 port 52626 ssh2
Jun 22 22:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: Connection closed by 91.92.40.171 port 52626 [preauth]
Jun 22 22:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Invalid user dmdba from 91.92.40.171
Jun 22 22:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: input_userauth_request: invalid user dmdba [preauth]
Jun 22 22:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Failed password for invalid user dmdba from 91.92.40.171 port 53184 ssh2
Jun 22 22:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Connection closed by 91.92.40.171 port 53184 [preauth]
Jun 22 22:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: Received disconnect from 69.175.33.170 port 35308:11: disconnected by user [preauth]
Jun 22 22:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: Disconnected from 69.175.33.170 port 35308 [preauth]
Jun 22 22:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: Invalid user teste from 91.92.40.171
Jun 22 22:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: input_userauth_request: invalid user teste [preauth]
Jun 22 22:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: Failed password for invalid user teste from 91.92.40.171 port 53302 ssh2
Jun 22 22:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: Connection closed by 91.92.40.171 port 53302 [preauth]
Jun 22 22:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: Failed password for root from 91.92.40.171 port 42198 ssh2
Jun 22 22:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: Connection closed by 91.92.40.171 port 42198 [preauth]
Jun 22 22:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Invalid user deployer from 91.92.40.171
Jun 22 22:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: input_userauth_request: invalid user deployer [preauth]
Jun 22 22:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Failed password for invalid user deployer from 91.92.40.171 port 42222 ssh2
Jun 22 22:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Connection closed by 91.92.40.171 port 42222 [preauth]
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18635]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: Successful su for rubyman by root
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: + ??? root:rubyman
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573482 of user rubyman.
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573482.
Jun 22 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Invalid user claude from 91.92.40.171
Jun 22 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: input_userauth_request: invalid user claude [preauth]
Jun 22 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15725]: pam_unix(cron:session): session closed for user root
Jun 22 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Failed password for invalid user claude from 91.92.40.171 port 56482 ssh2
Jun 22 22:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Connection closed by 91.92.40.171 port 56482 [preauth]
Jun 22 22:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Failed password for root from 91.92.40.171 port 56510 ssh2
Jun 22 22:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Connection closed by 91.92.40.171 port 56510 [preauth]
Jun 22 22:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: Failed password for root from 91.92.40.171 port 56618 ssh2
Jun 22 22:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: Connection closed by 91.92.40.171 port 56618 [preauth]
Jun 22 22:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: Invalid user arthur from 91.92.40.171
Jun 22 22:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: input_userauth_request: invalid user arthur [preauth]
Jun 22 22:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: Failed password for invalid user arthur from 91.92.40.171 port 56690 ssh2
Jun 22 22:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: Connection closed by 91.92.40.171 port 56690 [preauth]
Jun 22 22:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: Invalid user hadoop from 91.92.40.171
Jun 22 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: Failed password for invalid user hadoop from 91.92.40.171 port 40784 ssh2
Jun 22 22:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: Connection closed by 91.92.40.171 port 40784 [preauth]
Jun 22 22:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18968]: Invalid user courses from 209.99.190.200
Jun 22 22:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18968]: input_userauth_request: invalid user courses [preauth]
Jun 22 22:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18968]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.190.200
Jun 22 22:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: Invalid user nexus from 91.92.40.171
Jun 22 22:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: input_userauth_request: invalid user nexus [preauth]
Jun 22 22:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18968]: Failed password for invalid user courses from 209.99.190.200 port 53744 ssh2
Jun 22 22:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18968]: Received disconnect from 209.99.190.200 port 53744:11: Bye Bye [preauth]
Jun 22 22:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18968]: Disconnected from 209.99.190.200 port 53744 [preauth]
Jun 22 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: Failed password for invalid user nexus from 91.92.40.171 port 40832 ssh2
Jun 22 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: Connection closed by 91.92.40.171 port 40832 [preauth]
Jun 22 22:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17566]: pam_unix(cron:session): session closed for user root
Jun 22 22:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19008]: Failed password for root from 91.92.40.171 port 53072 ssh2
Jun 22 22:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19008]: Connection closed by 91.92.40.171 port 53072 [preauth]
Jun 22 22:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: Invalid user www from 91.92.40.171
Jun 22 22:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: input_userauth_request: invalid user www [preauth]
Jun 22 22:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: Failed password for invalid user www from 91.92.40.171 port 53076 ssh2
Jun 22 22:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: Connection closed by 91.92.40.171 port 53076 [preauth]
Jun 22 22:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: Failed password for root from 91.92.40.171 port 37082 ssh2
Jun 22 22:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19045]: Connection closed by 91.92.40.171 port 37082 [preauth]
Jun 22 22:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: Invalid user ghost from 91.92.40.171
Jun 22 22:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: input_userauth_request: invalid user ghost [preauth]
Jun 22 22:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: Failed password for invalid user ghost from 91.92.40.171 port 37160 ssh2
Jun 22 22:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: Connection closed by 91.92.40.171 port 37160 [preauth]
Jun 22 22:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: Invalid user taipei from 206.1.62.191
Jun 22 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: input_userauth_request: invalid user taipei [preauth]
Jun 22 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: Failed password for root from 91.92.40.171 port 55404 ssh2
Jun 22 22:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: Failed password for invalid user taipei from 206.1.62.191 port 16733 ssh2
Jun 22 22:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19069]: Connection closed by 91.92.40.171 port 55404 [preauth]
Jun 22 22:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: Received disconnect from 206.1.62.191 port 16733:11: Bye Bye [preauth]
Jun 22 22:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19067]: Disconnected from 206.1.62.191 port 16733 [preauth]
Jun 22 22:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: Failed password for root from 38.55.97.143 port 32952 ssh2
Jun 22 22:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19057]: Connection closed by 38.55.97.143 port 32952 [preauth]
Jun 22 22:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: Invalid user fastuser from 91.92.40.171
Jun 22 22:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 22:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19088]: pam_unix(cron:session): session closed for user root
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19082]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19250]: Successful su for rubyman by root
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19250]: + ??? root:rubyman
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573491 of user rubyman.
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19250]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573491.
Jun 22 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: Failed password for invalid user fastuser from 91.92.40.171 port 55444 ssh2
Jun 22 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19079]: Connection closed by 91.92.40.171 port 55444 [preauth]
Jun 22 22:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19084]: pam_unix(cron:session): session closed for user root
Jun 22 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16136]: pam_unix(cron:session): session closed for user root
Jun 22 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Invalid user kali from 91.92.40.171
Jun 22 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: input_userauth_request: invalid user kali [preauth]
Jun 22 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19083]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Failed password for invalid user kali from 91.92.40.171 port 49240 ssh2
Jun 22 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Connection closed by 91.92.40.171 port 49240 [preauth]
Jun 22 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: Invalid user newuser from 91.92.40.171
Jun 22 22:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: input_userauth_request: invalid user newuser [preauth]
Jun 22 22:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: Failed password for invalid user newuser from 91.92.40.171 port 49334 ssh2
Jun 22 22:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: Connection closed by 91.92.40.171 port 49334 [preauth]
Jun 22 22:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Failed password for root from 91.92.40.171 port 47022 ssh2
Jun 22 22:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Connection closed by 91.92.40.171 port 47022 [preauth]
Jun 22 22:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Invalid user server from 91.92.40.171
Jun 22 22:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: input_userauth_request: invalid user server [preauth]
Jun 22 22:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Failed password for invalid user server from 91.92.40.171 port 50946 ssh2
Jun 22 22:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Connection closed by 91.92.40.171 port 50946 [preauth]
Jun 22 22:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19716]: Invalid user forestdnszones from 125.247.116.158
Jun 22 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19716]: input_userauth_request: invalid user forestdnszones [preauth]
Jun 22 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19716]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: Invalid user admin from 91.92.40.171
Jun 22 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19716]: Failed password for invalid user forestdnszones from 125.247.116.158 port 34616 ssh2
Jun 22 22:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19716]: Received disconnect from 125.247.116.158 port 34616:11: Bye Bye [preauth]
Jun 22 22:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19716]: Disconnected from 125.247.116.158 port 34616 [preauth]
Jun 22 22:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: Failed password for invalid user admin from 91.92.40.171 port 51008 ssh2
Jun 22 22:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: Connection closed by 91.92.40.171 port 51008 [preauth]
Jun 22 22:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18096]: pam_unix(cron:session): session closed for user root
Jun 22 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: Failed password for root from 91.92.40.171 port 41470 ssh2
Jun 22 22:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: Connection closed by 91.92.40.171 port 41470 [preauth]
Jun 22 22:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: Failed password for root from 91.92.40.171 port 41486 ssh2
Jun 22 22:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: Connection closed by 91.92.40.171 port 41486 [preauth]
Jun 22 22:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: Failed password for root from 91.92.40.171 port 45830 ssh2
Jun 22 22:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19784]: Connection closed by 91.92.40.171 port 45830 [preauth]
Jun 22 22:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Invalid user user from 91.92.40.171
Jun 22 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: input_userauth_request: invalid user user [preauth]
Jun 22 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: Received disconnect from 78.111.67.246 port 39834:11: disconnected by user [preauth]
Jun 22 22:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: Disconnected from 78.111.67.246 port 39834 [preauth]
Jun 22 22:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Failed password for invalid user user from 91.92.40.171 port 45868 ssh2
Jun 22 22:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Connection closed by 91.92.40.171 port 45868 [preauth]
Jun 22 22:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: Invalid user runner from 91.92.40.171
Jun 22 22:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: input_userauth_request: invalid user runner [preauth]
Jun 22 22:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: Failed password for invalid user runner from 91.92.40.171 port 42094 ssh2
Jun 22 22:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: Connection closed by 91.92.40.171 port 42094 [preauth]
Jun 22 22:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: Invalid user runner from 91.92.40.171
Jun 22 22:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: input_userauth_request: invalid user runner [preauth]
Jun 22 22:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: Failed password for invalid user runner from 91.92.40.171 port 42148 ssh2
Jun 22 22:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: Connection closed by 91.92.40.171 port 42148 [preauth]
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: Successful su for rubyman by root
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: + ??? root:rubyman
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573492 of user rubyman.
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573492.
Jun 22 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Invalid user portal from 91.92.40.171
Jun 22 22:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: input_userauth_request: invalid user portal [preauth]
Jun 22 22:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session closed for user root
Jun 22 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Failed password for invalid user portal from 91.92.40.171 port 56478 ssh2
Jun 22 22:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Connection closed by 91.92.40.171 port 56478 [preauth]
Jun 22 22:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Invalid user adminuser from 91.92.40.171
Jun 22 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: input_userauth_request: invalid user adminuser [preauth]
Jun 22 22:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Failed password for invalid user adminuser from 91.92.40.171 port 56548 ssh2
Jun 22 22:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Connection closed by 91.92.40.171 port 56548 [preauth]
Jun 22 22:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Failed password for root from 91.92.40.171 port 55988 ssh2
Jun 22 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Connection closed by 91.92.40.171 port 55988 [preauth]
Jun 22 22:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: Invalid user bob from 91.92.40.171
Jun 22 22:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: input_userauth_request: invalid user bob [preauth]
Jun 22 22:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: Failed password for invalid user bob from 91.92.40.171 port 56018 ssh2
Jun 22 22:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20237]: Connection closed by 91.92.40.171 port 56018 [preauth]
Jun 22 22:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: Invalid user user1 from 91.92.40.171
Jun 22 22:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: input_userauth_request: invalid user user1 [preauth]
Jun 22 22:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: Failed password for invalid user user1 from 91.92.40.171 port 34472 ssh2
Jun 22 22:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: Connection closed by 91.92.40.171 port 34472 [preauth]
Jun 22 22:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session closed for user root
Jun 22 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: Failed password for root from 91.92.40.171 port 34484 ssh2
Jun 22 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: Connection closed by 91.92.40.171 port 34484 [preauth]
Jun 22 22:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Invalid user main from 91.92.40.171
Jun 22 22:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: input_userauth_request: invalid user main [preauth]
Jun 22 22:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Failed password for invalid user main from 91.92.40.171 port 50752 ssh2
Jun 22 22:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Connection closed by 91.92.40.171 port 50752 [preauth]
Jun 22 22:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: Invalid user claude from 91.92.40.171
Jun 22 22:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: input_userauth_request: invalid user claude [preauth]
Jun 22 22:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: Failed password for invalid user claude from 91.92.40.171 port 50792 ssh2
Jun 22 22:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: Connection closed by 91.92.40.171 port 50792 [preauth]
Jun 22 22:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: Invalid user webalizer from 206.1.62.191
Jun 22 22:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: input_userauth_request: invalid user webalizer [preauth]
Jun 22 22:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: Invalid user postgres from 91.92.40.171
Jun 22 22:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: input_userauth_request: invalid user postgres [preauth]
Jun 22 22:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: Failed password for invalid user webalizer from 206.1.62.191 port 62387 ssh2
Jun 22 22:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: Received disconnect from 206.1.62.191 port 62387:11: Bye Bye [preauth]
Jun 22 22:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: Disconnected from 206.1.62.191 port 62387 [preauth]
Jun 22 22:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: Failed password for invalid user postgres from 91.92.40.171 port 56454 ssh2
Jun 22 22:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: Connection closed by 91.92.40.171 port 56454 [preauth]
Jun 22 22:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Invalid user claude from 91.92.40.171
Jun 22 22:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: input_userauth_request: invalid user claude [preauth]
Jun 22 22:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Failed password for invalid user claude from 91.92.40.171 port 41974 ssh2
Jun 22 22:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Connection closed by 91.92.40.171 port 41974 [preauth]
Jun 22 22:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Invalid user calvin from 91.92.40.171
Jun 22 22:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: input_userauth_request: invalid user calvin [preauth]
Jun 22 22:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Failed password for invalid user calvin from 91.92.40.171 port 41994 ssh2
Jun 22 22:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Connection closed by 91.92.40.171 port 41994 [preauth]
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20450]: Successful su for rubyman by root
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20450]: + ??? root:rubyman
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573497 of user rubyman.
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20450]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573497.
Jun 22 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session closed for user root
Jun 22 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: Failed password for root from 91.92.40.171 port 47118 ssh2
Jun 22 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: Connection closed by 91.92.40.171 port 47118 [preauth]
Jun 22 22:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: Invalid user openvpn from 91.92.40.171
Jun 22 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: input_userauth_request: invalid user openvpn [preauth]
Jun 22 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: Failed password for invalid user openvpn from 91.92.40.171 port 47172 ssh2
Jun 22 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: Connection closed by 91.92.40.171 port 47172 [preauth]
Jun 22 22:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Invalid user onkar from 91.92.40.171
Jun 22 22:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: input_userauth_request: invalid user onkar [preauth]
Jun 22 22:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Failed password for invalid user onkar from 91.92.40.171 port 34462 ssh2
Jun 22 22:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Connection closed by 91.92.40.171 port 34462 [preauth]
Jun 22 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: Invalid user lan from 125.247.116.158
Jun 22 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: input_userauth_request: invalid user lan [preauth]
Jun 22 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: Failed password for invalid user lan from 125.247.116.158 port 37572 ssh2
Jun 22 22:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: Received disconnect from 125.247.116.158 port 37572:11: Bye Bye [preauth]
Jun 22 22:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: Disconnected from 125.247.116.158 port 37572 [preauth]
Jun 22 22:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: Invalid user user3 from 91.92.40.171
Jun 22 22:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: input_userauth_request: invalid user user3 [preauth]
Jun 22 22:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: Failed password for invalid user user3 from 91.92.40.171 port 45590 ssh2
Jun 22 22:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: Connection closed by 91.92.40.171 port 45590 [preauth]
Jun 22 22:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: Invalid user docker from 91.92.40.171
Jun 22 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: input_userauth_request: invalid user docker [preauth]
Jun 22 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: Failed password for invalid user docker from 91.92.40.171 port 45714 ssh2
Jun 22 22:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: Connection closed by 91.92.40.171 port 45714 [preauth]
Jun 22 22:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19087]: pam_unix(cron:session): session closed for user root
Jun 22 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Failed password for root from 91.92.40.171 port 54934 ssh2
Jun 22 22:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Connection closed by 91.92.40.171 port 54934 [preauth]
Jun 22 22:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Invalid user username from 91.92.40.171
Jun 22 22:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: input_userauth_request: invalid user username [preauth]
Jun 22 22:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Failed password for invalid user username from 91.92.40.171 port 54962 ssh2
Jun 22 22:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Connection closed by 91.92.40.171 port 54962 [preauth]
Jun 22 22:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: Failed password for root from 91.92.40.171 port 51612 ssh2
Jun 22 22:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: Connection closed by 91.92.40.171 port 51612 [preauth]
Jun 22 22:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Invalid user ansible from 91.92.40.171
Jun 22 22:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: input_userauth_request: invalid user ansible [preauth]
Jun 22 22:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Failed password for invalid user ansible from 91.92.40.171 port 51660 ssh2
Jun 22 22:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Connection closed by 91.92.40.171 port 51660 [preauth]
Jun 22 22:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: Invalid user ts3 from 91.92.40.171
Jun 22 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: input_userauth_request: invalid user ts3 [preauth]
Jun 22 22:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: Failed password for invalid user ts3 from 91.92.40.171 port 51208 ssh2
Jun 22 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: Connection closed by 91.92.40.171 port 51208 [preauth]
Jun 22 22:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: Invalid user ranga from 91.92.40.171
Jun 22 22:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: input_userauth_request: invalid user ranga [preauth]
Jun 22 22:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20911]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20970]: Successful su for rubyman by root
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20970]: + ??? root:rubyman
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573501 of user rubyman.
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20970]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573501.
Jun 22 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Invalid user rex from 186.96.158.180
Jun 22 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: input_userauth_request: invalid user rex [preauth]
Jun 22 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: Failed password for invalid user ranga from 91.92.40.171 port 51266 ssh2
Jun 22 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: Connection closed by 91.92.40.171 port 51266 [preauth]
Jun 22 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Failed password for invalid user rex from 186.96.158.180 port 1657 ssh2
Jun 22 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Received disconnect from 186.96.158.180 port 1657:11: Bye Bye [preauth]
Jun 22 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Disconnected from 186.96.158.180 port 1657 [preauth]
Jun 22 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17565]: pam_unix(cron:session): session closed for user root
Jun 22 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Invalid user dev from 91.92.40.171
Jun 22 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: input_userauth_request: invalid user dev [preauth]
Jun 22 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20912]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Failed password for invalid user dev from 91.92.40.171 port 37254 ssh2
Jun 22 22:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Connection closed by 91.92.40.171 port 37254 [preauth]
Jun 22 22:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Invalid user ts3 from 91.92.40.171
Jun 22 22:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: input_userauth_request: invalid user ts3 [preauth]
Jun 22 22:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Failed password for invalid user ts3 from 91.92.40.171 port 37326 ssh2
Jun 22 22:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Connection closed by 91.92.40.171 port 37326 [preauth]
Jun 22 22:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Invalid user teamspeak from 91.92.40.171
Jun 22 22:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 22:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Failed password for invalid user teamspeak from 91.92.40.171 port 60692 ssh2
Jun 22 22:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Connection closed by 91.92.40.171 port 60692 [preauth]
Jun 22 22:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: Failed password for root from 38.55.97.143 port 33584 ssh2
Jun 22 22:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: Connection closed by 38.55.97.143 port 33584 [preauth]
Jun 22 22:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Invalid user oracle from 91.92.40.171
Jun 22 22:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: input_userauth_request: invalid user oracle [preauth]
Jun 22 22:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Failed password for invalid user oracle from 91.92.40.171 port 60724 ssh2
Jun 22 22:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Connection closed by 91.92.40.171 port 60724 [preauth]
Jun 22 22:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Invalid user toto from 91.92.40.171
Jun 22 22:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: input_userauth_request: invalid user toto [preauth]
Jun 22 22:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Failed password for invalid user toto from 91.92.40.171 port 48228 ssh2
Jun 22 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Connection closed by 91.92.40.171 port 48228 [preauth]
Jun 22 22:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: Invalid user odoo17 from 91.92.40.171
Jun 22 22:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: input_userauth_request: invalid user odoo17 [preauth]
Jun 22 22:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session closed for user root
Jun 22 22:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: Failed password for invalid user odoo17 from 91.92.40.171 port 58722 ssh2
Jun 22 22:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: Connection closed by 91.92.40.171 port 58722 [preauth]
Jun 22 22:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21277]: Invalid user administrator from 91.92.40.171
Jun 22 22:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21277]: input_userauth_request: invalid user administrator [preauth]
Jun 22 22:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21277]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21277]: Failed password for invalid user administrator from 91.92.40.171 port 58766 ssh2
Jun 22 22:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21277]: Connection closed by 91.92.40.171 port 58766 [preauth]
Jun 22 22:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Invalid user negocios from 206.1.62.191
Jun 22 22:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: input_userauth_request: invalid user negocios [preauth]
Jun 22 22:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: Invalid user ali from 91.92.40.171
Jun 22 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: input_userauth_request: invalid user ali [preauth]
Jun 22 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Failed password for invalid user negocios from 206.1.62.191 port 35639 ssh2
Jun 22 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Received disconnect from 206.1.62.191 port 35639:11: Bye Bye [preauth]
Jun 22 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Disconnected from 206.1.62.191 port 35639 [preauth]
Jun 22 22:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: Failed password for invalid user ali from 91.92.40.171 port 43628 ssh2
Jun 22 22:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: Connection closed by 91.92.40.171 port 43628 [preauth]
Jun 22 22:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21312]: Failed password for root from 91.92.40.171 port 43724 ssh2
Jun 22 22:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21312]: Connection closed by 91.92.40.171 port 43724 [preauth]
Jun 22 22:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: Invalid user cloud from 91.92.40.171
Jun 22 22:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: input_userauth_request: invalid user cloud [preauth]
Jun 22 22:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: Failed password for invalid user cloud from 91.92.40.171 port 38502 ssh2
Jun 22 22:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: Connection closed by 91.92.40.171 port 38502 [preauth]
Jun 22 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Invalid user david from 91.92.40.171
Jun 22 22:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: input_userauth_request: invalid user david [preauth]
Jun 22 22:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21343]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21405]: Successful su for rubyman by root
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21405]: + ??? root:rubyman
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573504 of user rubyman.
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21405]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573504.
Jun 22 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Failed password for invalid user david from 91.92.40.171 port 38570 ssh2
Jun 22 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Connection closed by 91.92.40.171 port 38570 [preauth]
Jun 22 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18095]: pam_unix(cron:session): session closed for user root
Jun 22 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: Invalid user tomcat from 91.92.40.171
Jun 22 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: input_userauth_request: invalid user tomcat [preauth]
Jun 22 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21345]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: Failed password for invalid user tomcat from 91.92.40.171 port 56344 ssh2
Jun 22 22:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: Connection closed by 91.92.40.171 port 56344 [preauth]
Jun 22 22:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: Invalid user admin from 91.92.40.171
Jun 22 22:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: Failed password for invalid user admin from 91.92.40.171 port 56436 ssh2
Jun 22 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: Connection closed by 91.92.40.171 port 56436 [preauth]
Jun 22 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21647]: Invalid user fastuser from 91.92.40.171
Jun 22 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21647]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21647]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: Invalid user usuarios from 125.247.116.158
Jun 22 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: input_userauth_request: invalid user usuarios [preauth]
Jun 22 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.247.116.158
Jun 22 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21647]: Failed password for invalid user fastuser from 91.92.40.171 port 58306 ssh2
Jun 22 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21647]: Connection closed by 91.92.40.171 port 58306 [preauth]
Jun 22 22:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: Failed password for invalid user usuarios from 125.247.116.158 port 43252 ssh2
Jun 22 22:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: Received disconnect from 125.247.116.158 port 43252:11: Bye Bye [preauth]
Jun 22 22:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: Disconnected from 125.247.116.158 port 43252 [preauth]
Jun 22 22:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Invalid user claude from 91.92.40.171
Jun 22 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: input_userauth_request: invalid user claude [preauth]
Jun 22 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Failed password for invalid user claude from 91.92.40.171 port 59474 ssh2
Jun 22 22:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Connection closed by 91.92.40.171 port 59474 [preauth]
Jun 22 22:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Invalid user opc from 91.92.40.171
Jun 22 22:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: input_userauth_request: invalid user opc [preauth]
Jun 22 22:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Failed password for invalid user opc from 91.92.40.171 port 59528 ssh2
Jun 22 22:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Connection closed by 91.92.40.171 port 59528 [preauth]
Jun 22 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: Invalid user dev from 91.92.40.171
Jun 22 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: input_userauth_request: invalid user dev [preauth]
Jun 22 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20390]: pam_unix(cron:session): session closed for user root
Jun 22 22:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: Failed password for invalid user dev from 91.92.40.171 port 36634 ssh2
Jun 22 22:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: Connection closed by 91.92.40.171 port 36634 [preauth]
Jun 22 22:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: Invalid user dev from 91.92.40.171
Jun 22 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: input_userauth_request: invalid user dev [preauth]
Jun 22 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: Failed password for invalid user dev from 91.92.40.171 port 36706 ssh2
Jun 22 22:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: Connection closed by 91.92.40.171 port 36706 [preauth]
Jun 22 22:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Invalid user sam from 91.92.40.171
Jun 22 22:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: input_userauth_request: invalid user sam [preauth]
Jun 22 22:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Failed password for invalid user sam from 91.92.40.171 port 35448 ssh2
Jun 22 22:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Connection closed by 91.92.40.171 port 35448 [preauth]
Jun 22 22:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: Invalid user core from 91.92.40.171
Jun 22 22:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: input_userauth_request: invalid user core [preauth]
Jun 22 22:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: Failed password for invalid user core from 91.92.40.171 port 35476 ssh2
Jun 22 22:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: Connection closed by 91.92.40.171 port 35476 [preauth]
Jun 22 22:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Failed password for root from 91.92.40.171 port 56726 ssh2
Jun 22 22:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Connection closed by 91.92.40.171 port 56726 [preauth]
Jun 22 22:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21805]: pam_unix(cron:session): session closed for user root
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21799]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21878]: Successful su for rubyman by root
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21878]: + ??? root:rubyman
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573510 of user rubyman.
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21878]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573510.
Jun 22 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Failed password for root from 91.92.40.171 port 56762 ssh2
Jun 22 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Connection closed by 91.92.40.171 port 56762 [preauth]
Jun 22 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21802]: pam_unix(cron:session): session closed for user root
Jun 22 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18637]: pam_unix(cron:session): session closed for user root
Jun 22 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22049]: Invalid user runner from 91.92.40.171
Jun 22 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22049]: input_userauth_request: invalid user runner [preauth]
Jun 22 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22049]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21800]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22049]: Failed password for invalid user runner from 91.92.40.171 port 41610 ssh2
Jun 22 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22049]: Connection closed by 91.92.40.171 port 41610 [preauth]
Jun 22 22:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22083]: Invalid user deploy from 91.92.40.171
Jun 22 22:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22083]: input_userauth_request: invalid user deploy [preauth]
Jun 22 22:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22083]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22083]: Failed password for invalid user deploy from 91.92.40.171 port 41652 ssh2
Jun 22 22:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22083]: Connection closed by 91.92.40.171 port 41652 [preauth]
Jun 22 22:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Invalid user claude from 91.92.40.171
Jun 22 22:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: input_userauth_request: invalid user claude [preauth]
Jun 22 22:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Failed password for invalid user claude from 91.92.40.171 port 46386 ssh2
Jun 22 22:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Connection closed by 91.92.40.171 port 46386 [preauth]
Jun 22 22:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 22:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Invalid user ansible from 91.92.40.171
Jun 22 22:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: input_userauth_request: invalid user ansible [preauth]
Jun 22 22:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Failed password for root from 103.82.132.16 port 46476 ssh2
Jun 22 22:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Connection closed by 103.82.132.16 port 46476 [preauth]
Jun 22 22:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Failed password for invalid user ansible from 91.92.40.171 port 55758 ssh2
Jun 22 22:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Connection closed by 91.92.40.171 port 55758 [preauth]
Jun 22 22:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: Invalid user jay from 91.92.40.171
Jun 22 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: input_userauth_request: invalid user jay [preauth]
Jun 22 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: Failed password for invalid user jay from 91.92.40.171 port 55780 ssh2
Jun 22 22:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: Connection closed by 91.92.40.171 port 55780 [preauth]
Jun 22 22:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20914]: pam_unix(cron:session): session closed for user root
Jun 22 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Failed password for root from 91.92.40.171 port 35130 ssh2
Jun 22 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Connection closed by 91.92.40.171 port 35130 [preauth]
Jun 22 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: Invalid user asd from 206.1.62.191
Jun 22 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: input_userauth_request: invalid user asd [preauth]
Jun 22 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: Failed password for invalid user asd from 206.1.62.191 port 36455 ssh2
Jun 22 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: Received disconnect from 206.1.62.191 port 36455:11: Bye Bye [preauth]
Jun 22 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: Disconnected from 206.1.62.191 port 36455 [preauth]
Jun 22 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: Invalid user jenkins from 91.92.40.171
Jun 22 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: Failed password for invalid user jenkins from 91.92.40.171 port 35164 ssh2
Jun 22 22:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: Connection closed by 91.92.40.171 port 35164 [preauth]
Jun 22 22:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: Invalid user lighthouse from 91.92.40.171
Jun 22 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: input_userauth_request: invalid user lighthouse [preauth]
Jun 22 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: Failed password for invalid user lighthouse from 91.92.40.171 port 44240 ssh2
Jun 22 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22211]: Connection closed by 91.92.40.171 port 44240 [preauth]
Jun 22 22:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: Invalid user kingbase from 91.92.40.171
Jun 22 22:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: input_userauth_request: invalid user kingbase [preauth]
Jun 22 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: Failed password for invalid user kingbase from 91.92.40.171 port 44294 ssh2
Jun 22 22:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: Connection closed by 91.92.40.171 port 44294 [preauth]
Jun 22 22:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22244]: Invalid user deploy from 91.92.40.171
Jun 22 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22244]: input_userauth_request: invalid user deploy [preauth]
Jun 22 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22244]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22244]: Failed password for invalid user deploy from 91.92.40.171 port 48854 ssh2
Jun 22 22:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22244]: Connection closed by 91.92.40.171 port 48854 [preauth]
Jun 22 22:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: Invalid user minecraft from 91.92.40.171
Jun 22 22:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 22:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: Failed password for invalid user minecraft from 91.92.40.171 port 48920 ssh2
Jun 22 22:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: Connection closed by 91.92.40.171 port 48920 [preauth]
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22425]: Successful su for rubyman by root
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22425]: + ??? root:rubyman
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573515 of user rubyman.
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22425]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573515.
Jun 22 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Invalid user username from 91.92.40.171
Jun 22 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: input_userauth_request: invalid user username [preauth]
Jun 22 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19086]: pam_unix(cron:session): session closed for user root
Jun 22 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Failed password for invalid user username from 91.92.40.171 port 56922 ssh2
Jun 22 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Connection closed by 91.92.40.171 port 56922 [preauth]
Jun 22 22:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22609]: Invalid user tactical from 91.92.40.171
Jun 22 22:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22609]: input_userauth_request: invalid user tactical [preauth]
Jun 22 22:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22609]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22609]: Failed password for invalid user tactical from 91.92.40.171 port 56960 ssh2
Jun 22 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22609]: Connection closed by 91.92.40.171 port 56960 [preauth]
Jun 22 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Invalid user fred from 91.92.40.171
Jun 22 22:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: input_userauth_request: invalid user fred [preauth]
Jun 22 22:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Failed password for invalid user fred from 91.92.40.171 port 56952 ssh2
Jun 22 22:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Connection closed by 91.92.40.171 port 56952 [preauth]
Jun 22 22:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22641]: Invalid user testuser from 91.92.40.171
Jun 22 22:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22641]: input_userauth_request: invalid user testuser [preauth]
Jun 22 22:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22641]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22641]: Failed password for invalid user testuser from 91.92.40.171 port 57012 ssh2
Jun 22 22:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22641]: Connection closed by 91.92.40.171 port 57012 [preauth]
Jun 22 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: Invalid user user1 from 91.92.40.171
Jun 22 22:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: input_userauth_request: invalid user user1 [preauth]
Jun 22 22:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: Failed password for invalid user user1 from 91.92.40.171 port 44496 ssh2
Jun 22 22:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: Connection closed by 91.92.40.171 port 44496 [preauth]
Jun 22 22:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: Failed password for root from 38.55.97.143 port 36514 ssh2
Jun 22 22:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: Connection closed by 38.55.97.143 port 36514 [preauth]
Jun 22 22:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: Invalid user alex from 91.92.40.171
Jun 22 22:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: input_userauth_request: invalid user alex [preauth]
Jun 22 22:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: Failed password for invalid user alex from 91.92.40.171 port 44558 ssh2
Jun 22 22:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: Connection closed by 91.92.40.171 port 44558 [preauth]
Jun 22 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21347]: pam_unix(cron:session): session closed for user root
Jun 22 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: Failed password for root from 91.92.40.171 port 52034 ssh2
Jun 22 22:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: Connection closed by 91.92.40.171 port 52034 [preauth]
Jun 22 22:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: Invalid user tester from 91.92.40.171
Jun 22 22:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: input_userauth_request: invalid user tester [preauth]
Jun 22 22:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: Failed password for invalid user tester from 91.92.40.171 port 52080 ssh2
Jun 22 22:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: Connection closed by 91.92.40.171 port 52080 [preauth]
Jun 22 22:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22746]: Invalid user user2 from 91.92.40.171
Jun 22 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22746]: input_userauth_request: invalid user user2 [preauth]
Jun 22 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22746]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22746]: Failed password for invalid user user2 from 91.92.40.171 port 38392 ssh2
Jun 22 22:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22746]: Connection closed by 91.92.40.171 port 38392 [preauth]
Jun 22 22:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: Invalid user vpn from 91.92.40.171
Jun 22 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: input_userauth_request: invalid user vpn [preauth]
Jun 22 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: Failed password for invalid user vpn from 91.92.40.171 port 38460 ssh2
Jun 22 22:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: Connection closed by 91.92.40.171 port 38460 [preauth]
Jun 22 22:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: Invalid user bot from 91.92.40.171
Jun 22 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: input_userauth_request: invalid user bot [preauth]
Jun 22 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: Failed password for invalid user bot from 91.92.40.171 port 56538 ssh2
Jun 22 22:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: Connection closed by 91.92.40.171 port 56538 [preauth]
Jun 22 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22783]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22779]: Invalid user appuser from 91.92.40.171
Jun 22 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22779]: input_userauth_request: invalid user appuser [preauth]
Jun 22 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22853]: Successful su for rubyman by root
Jun 22 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22853]: + ??? root:rubyman
Jun 22 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573519 of user rubyman.
Jun 22 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22853]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573519.
Jun 22 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22779]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session closed for user root
Jun 22 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22779]: Failed password for invalid user appuser from 91.92.40.171 port 43054 ssh2
Jun 22 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22779]: Connection closed by 91.92.40.171 port 43054 [preauth]
Jun 22 22:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22784]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: Failed password for root from 91.92.40.171 port 43164 ssh2
Jun 22 22:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: Connection closed by 91.92.40.171 port 43164 [preauth]
Jun 22 22:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: Invalid user rdpuser from 91.92.40.171
Jun 22 22:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 22:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: Failed password for invalid user rdpuser from 91.92.40.171 port 50202 ssh2
Jun 22 22:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: Connection closed by 91.92.40.171 port 50202 [preauth]
Jun 22 22:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Failed password for root from 91.92.40.171 port 50222 ssh2
Jun 22 22:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Connection closed by 91.92.40.171 port 50222 [preauth]
Jun 22 22:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: Invalid user traffic from 206.1.62.191
Jun 22 22:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: input_userauth_request: invalid user traffic [preauth]
Jun 22 22:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.1.62.191
Jun 22 22:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: Invalid user username from 91.92.40.171
Jun 22 22:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: input_userauth_request: invalid user username [preauth]
Jun 22 22:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: Failed password for invalid user traffic from 206.1.62.191 port 51887 ssh2
Jun 22 22:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: Received disconnect from 206.1.62.191 port 51887:11: Bye Bye [preauth]
Jun 22 22:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23079]: Disconnected from 206.1.62.191 port 51887 [preauth]
Jun 22 22:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: Failed password for invalid user username from 91.92.40.171 port 54582 ssh2
Jun 22 22:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: Connection closed by 91.92.40.171 port 54582 [preauth]
Jun 22 22:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 22 22:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Invalid user david from 91.92.40.171
Jun 22 22:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: input_userauth_request: invalid user david [preauth]
Jun 22 22:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: Failed password for root from 89.223.69.22 port 43176 ssh2
Jun 22 22:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23105]: Connection closed by 89.223.69.22 port 43176 [preauth]
Jun 22 22:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Failed password for invalid user david from 91.92.40.171 port 54620 ssh2
Jun 22 22:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Connection closed by 91.92.40.171 port 54620 [preauth]
Jun 22 22:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: Invalid user openclaw from 91.92.40.171
Jun 22 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21804]: pam_unix(cron:session): session closed for user root
Jun 22 22:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: Failed password for invalid user openclaw from 91.92.40.171 port 34632 ssh2
Jun 22 22:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: Connection closed by 91.92.40.171 port 34632 [preauth]
Jun 22 22:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Invalid user fivem from 91.92.40.171
Jun 22 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: input_userauth_request: invalid user fivem [preauth]
Jun 22 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Failed password for invalid user fivem from 91.92.40.171 port 34698 ssh2
Jun 22 22:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Connection closed by 91.92.40.171 port 34698 [preauth]
Jun 22 22:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: Invalid user customer from 91.92.40.171
Jun 22 22:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: input_userauth_request: invalid user customer [preauth]
Jun 22 22:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: Failed password for invalid user customer from 91.92.40.171 port 51514 ssh2
Jun 22 22:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: Connection closed by 91.92.40.171 port 51514 [preauth]
Jun 22 22:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: Invalid user alex from 91.92.40.171
Jun 22 22:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: input_userauth_request: invalid user alex [preauth]
Jun 22 22:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: Failed password for invalid user alex from 91.92.40.171 port 51540 ssh2
Jun 22 22:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: Connection closed by 91.92.40.171 port 51540 [preauth]
Jun 22 22:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Invalid user sonar from 91.92.40.171
Jun 22 22:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: input_userauth_request: invalid user sonar [preauth]
Jun 22 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Failed password for invalid user sonar from 91.92.40.171 port 46990 ssh2
Jun 22 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Connection closed by 91.92.40.171 port 46990 [preauth]
Jun 22 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: Invalid user trader from 91.92.40.171
Jun 22 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: input_userauth_request: invalid user trader [preauth]
Jun 22 22:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23211]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: Failed password for invalid user trader from 91.92.40.171 port 47036 ssh2
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: Connection closed by 91.92.40.171 port 47036 [preauth]
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23282]: Successful su for rubyman by root
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23282]: + ??? root:rubyman
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573522 of user rubyman.
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23282]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573522.
Jun 22 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20389]: pam_unix(cron:session): session closed for user root
Jun 22 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: Invalid user oscar from 91.92.40.171
Jun 22 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: input_userauth_request: invalid user oscar [preauth]
Jun 22 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23213]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: Failed password for invalid user oscar from 91.92.40.171 port 53568 ssh2
Jun 22 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: Connection closed by 91.92.40.171 port 53568 [preauth]
Jun 22 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: Invalid user dev from 91.92.40.171
Jun 22 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: input_userauth_request: invalid user dev [preauth]
Jun 22 22:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: Failed password for invalid user dev from 91.92.40.171 port 53598 ssh2
Jun 22 22:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: Connection closed by 91.92.40.171 port 53598 [preauth]
Jun 22 22:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Invalid user openclaw from 91.92.40.171
Jun 22 22:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 22:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Failed password for invalid user openclaw from 91.92.40.171 port 50268 ssh2
Jun 22 22:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Connection closed by 91.92.40.171 port 50268 [preauth]
Jun 22 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: Invalid user ec2-user from 91.92.40.171
Jun 22 22:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: input_userauth_request: invalid user ec2-user [preauth]
Jun 22 22:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: Failed password for invalid user ec2-user from 91.92.40.171 port 50282 ssh2
Jun 22 22:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: Connection closed by 91.92.40.171 port 50282 [preauth]
Jun 22 22:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: Invalid user neptune from 91.92.40.171
Jun 22 22:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: input_userauth_request: invalid user neptune [preauth]
Jun 22 22:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: Failed password for invalid user neptune from 91.92.40.171 port 58070 ssh2
Jun 22 22:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: Connection closed by 91.92.40.171 port 58070 [preauth]
Jun 22 22:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23562]: Invalid user ai from 91.92.40.171
Jun 22 22:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23562]: input_userauth_request: invalid user ai [preauth]
Jun 22 22:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23562]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22269]: pam_unix(cron:session): session closed for user root
Jun 22 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23562]: Failed password for invalid user ai from 91.92.40.171 port 58116 ssh2
Jun 22 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23562]: Connection closed by 91.92.40.171 port 58116 [preauth]
Jun 22 22:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: Invalid user postgres from 91.92.40.171
Jun 22 22:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: input_userauth_request: invalid user postgres [preauth]
Jun 22 22:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: Failed password for invalid user postgres from 91.92.40.171 port 40836 ssh2
Jun 22 22:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: Connection closed by 91.92.40.171 port 40836 [preauth]
Jun 22 22:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 22:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: Failed password for root from 103.27.238.116 port 54242 ssh2
Jun 22 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: Connection closed by 103.27.238.116 port 54242 [preauth]
Jun 22 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: Invalid user runner from 91.92.40.171
Jun 22 22:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: input_userauth_request: invalid user runner [preauth]
Jun 22 22:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: Failed password for invalid user runner from 91.92.40.171 port 44482 ssh2
Jun 22 22:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23609]: Connection closed by 91.92.40.171 port 44482 [preauth]
Jun 22 22:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23632]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23632]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23632]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 22:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23632]: Failed password for invalid user ubuntu from 91.92.40.171 port 44526 ssh2
Jun 22 22:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23632]: Connection closed by 91.92.40.171 port 44526 [preauth]
Jun 22 22:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Failed password for root from 186.96.158.180 port 52541 ssh2
Jun 22 22:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Received disconnect from 186.96.158.180 port 52541:11: Bye Bye [preauth]
Jun 22 22:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Disconnected from 186.96.158.180 port 52541 [preauth]
Jun 22 22:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Failed password for root from 91.92.40.171 port 36626 ssh2
Jun 22 22:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Connection closed by 91.92.40.171 port 36626 [preauth]
Jun 22 22:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: Failed password for root from 91.92.40.171 port 36684 ssh2
Jun 22 22:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: Connection closed by 91.92.40.171 port 36684 [preauth]
Jun 22 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23676]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: Successful su for rubyman by root
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: + ??? root:rubyman
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573526 of user rubyman.
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573526.
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: Invalid user rajvir from 91.92.40.171
Jun 22 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: input_userauth_request: invalid user rajvir [preauth]
Jun 22 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session closed for user root
Jun 22 22:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: Failed password for invalid user rajvir from 91.92.40.171 port 33816 ssh2
Jun 22 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: Connection closed by 91.92.40.171 port 33816 [preauth]
Jun 22 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: Invalid user server from 91.92.40.171
Jun 22 22:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: input_userauth_request: invalid user server [preauth]
Jun 22 22:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: Failed password for invalid user server from 91.92.40.171 port 33846 ssh2
Jun 22 22:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: Connection closed by 91.92.40.171 port 33846 [preauth]
Jun 22 22:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: Invalid user test3 from 91.92.40.171
Jun 22 22:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: input_userauth_request: invalid user test3 [preauth]
Jun 22 22:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: Failed password for invalid user test3 from 91.92.40.171 port 59992 ssh2
Jun 22 22:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: Connection closed by 91.92.40.171 port 59992 [preauth]
Jun 22 22:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Invalid user admin from 91.92.40.171
Jun 22 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Failed password for invalid user admin from 91.92.40.171 port 60046 ssh2
Jun 22 22:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Connection closed by 91.92.40.171 port 60046 [preauth]
Jun 22 22:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Failed password for root from 91.92.40.171 port 60644 ssh2
Jun 22 22:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Connection closed by 91.92.40.171 port 60644 [preauth]
Jun 22 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: Invalid user avax from 91.92.40.171
Jun 22 22:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: input_userauth_request: invalid user avax [preauth]
Jun 22 22:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: Failed password for invalid user avax from 91.92.40.171 port 60668 ssh2
Jun 22 22:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: Connection closed by 91.92.40.171 port 60668 [preauth]
Jun 22 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22786]: pam_unix(cron:session): session closed for user root
Jun 22 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: Invalid user appuser from 91.92.40.171
Jun 22 22:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: input_userauth_request: invalid user appuser [preauth]
Jun 22 22:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: Failed password for invalid user appuser from 91.92.40.171 port 37104 ssh2
Jun 22 22:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: Connection closed by 91.92.40.171 port 37104 [preauth]
Jun 22 22:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Invalid user openclaw from 91.92.40.171
Jun 22 22:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 22:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Failed password for invalid user openclaw from 91.92.40.171 port 37156 ssh2
Jun 22 22:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Connection closed by 91.92.40.171 port 37156 [preauth]
Jun 22 22:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: Invalid user devops from 91.92.40.171
Jun 22 22:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: input_userauth_request: invalid user devops [preauth]
Jun 22 22:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: Failed password for invalid user devops from 91.92.40.171 port 38704 ssh2
Jun 22 22:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: Connection closed by 91.92.40.171 port 38704 [preauth]
Jun 22 22:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Invalid user karel from 91.92.40.171
Jun 22 22:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: input_userauth_request: invalid user karel [preauth]
Jun 22 22:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Failed password for invalid user karel from 91.92.40.171 port 38768 ssh2
Jun 22 22:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: Failed password for root from 38.55.97.143 port 36698 ssh2
Jun 22 22:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Connection closed by 91.92.40.171 port 38768 [preauth]
Jun 22 22:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: Connection closed by 38.55.97.143 port 36698 [preauth]
Jun 22 22:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: Invalid user tester from 91.92.40.171
Jun 22 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: input_userauth_request: invalid user tester [preauth]
Jun 22 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: Failed password for invalid user tester from 91.92.40.171 port 35794 ssh2
Jun 22 22:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: Connection closed by 91.92.40.171 port 35794 [preauth]
Jun 22 22:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24209]: pam_unix(cron:session): session closed for user root
Jun 22 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24203]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24295]: Successful su for rubyman by root
Jun 22 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24295]: + ??? root:rubyman
Jun 22 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573534 of user rubyman.
Jun 22 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24295]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573534.
Jun 22 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: Failed password for root from 91.92.40.171 port 35822 ssh2
Jun 22 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: Connection closed by 91.92.40.171 port 35822 [preauth]
Jun 22 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session closed for user root
Jun 22 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21346]: pam_unix(cron:session): session closed for user root
Jun 22 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Invalid user master from 91.92.40.171
Jun 22 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: input_userauth_request: invalid user master [preauth]
Jun 22 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Failed password for invalid user master from 91.92.40.171 port 39830 ssh2
Jun 22 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Connection closed by 91.92.40.171 port 39830 [preauth]
Jun 22 22:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: Invalid user alex from 91.92.40.171
Jun 22 22:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: input_userauth_request: invalid user alex [preauth]
Jun 22 22:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: Failed password for invalid user alex from 91.92.40.171 port 41838 ssh2
Jun 22 22:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: Connection closed by 91.92.40.171 port 41838 [preauth]
Jun 22 22:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Failed password for root from 91.92.40.171 port 41926 ssh2
Jun 22 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Connection closed by 91.92.40.171 port 41926 [preauth]
Jun 22 22:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: Invalid user bot from 91.92.40.171
Jun 22 22:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: input_userauth_request: invalid user bot [preauth]
Jun 22 22:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: Failed password for invalid user bot from 91.92.40.171 port 41608 ssh2
Jun 22 22:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: Connection closed by 91.92.40.171 port 41608 [preauth]
Jun 22 22:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 22:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: Failed password for root from 103.122.221.179 port 55528 ssh2
Jun 22 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: Connection closed by 103.122.221.179 port 55528 [preauth]
Jun 22 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: Failed password for root from 193.24.211.107 port 55244 ssh2
Jun 22 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: Received disconnect from 193.24.211.107 port 55244:11: Client disconnecting normally [preauth]
Jun 22 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24571]: Disconnected from 193.24.211.107 port 55244 [preauth]
Jun 22 22:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: Failed password for root from 91.92.40.171 port 41642 ssh2
Jun 22 22:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: Connection closed by 91.92.40.171 port 41642 [preauth]
Jun 22 22:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: Connection closed by 194.59.206.2 port 21834 [preauth]
Jun 22 22:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23215]: pam_unix(cron:session): session closed for user root
Jun 22 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Failed password for root from 91.92.40.171 port 41724 ssh2
Jun 22 22:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Connection closed by 91.92.40.171 port 41724 [preauth]
Jun 22 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Failed password for root from 91.92.40.171 port 41800 ssh2
Jun 22 22:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Connection closed by 91.92.40.171 port 41800 [preauth]
Jun 22 22:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Invalid user testuser from 91.92.40.171
Jun 22 22:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: input_userauth_request: invalid user testuser [preauth]
Jun 22 22:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Failed password for invalid user testuser from 91.92.40.171 port 41770 ssh2
Jun 22 22:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Connection closed by 91.92.40.171 port 41770 [preauth]
Jun 22 22:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Invalid user oracle from 91.92.40.171
Jun 22 22:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: input_userauth_request: invalid user oracle [preauth]
Jun 22 22:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Failed password for invalid user oracle from 91.92.40.171 port 41830 ssh2
Jun 22 22:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Connection closed by 91.92.40.171 port 41830 [preauth]
Jun 22 22:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Invalid user prem from 91.92.40.171
Jun 22 22:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: input_userauth_request: invalid user prem [preauth]
Jun 22 22:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Failed password for invalid user prem from 91.92.40.171 port 48070 ssh2
Jun 22 22:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Connection closed by 91.92.40.171 port 48070 [preauth]
Jun 22 22:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24708]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24780]: Successful su for rubyman by root
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24780]: + ??? root:rubyman
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573538 of user rubyman.
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24780]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573538.
Jun 22 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Failed password for root from 91.92.40.171 port 48128 ssh2
Jun 22 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Connection closed by 91.92.40.171 port 48128 [preauth]
Jun 22 22:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21803]: pam_unix(cron:session): session closed for user root
Jun 22 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: Invalid user claude from 91.92.40.171
Jun 22 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: input_userauth_request: invalid user claude [preauth]
Jun 22 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24709]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: Failed password for invalid user claude from 91.92.40.171 port 37292 ssh2
Jun 22 22:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: Connection closed by 91.92.40.171 port 37292 [preauth]
Jun 22 22:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: Failed password for root from 91.92.40.171 port 37350 ssh2
Jun 22 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: Connection closed by 91.92.40.171 port 37350 [preauth]
Jun 22 22:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: Invalid user odoo17 from 91.92.40.171
Jun 22 22:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: input_userauth_request: invalid user odoo17 [preauth]
Jun 22 22:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: Failed password for invalid user odoo17 from 91.92.40.171 port 43310 ssh2
Jun 22 22:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: Connection closed by 91.92.40.171 port 43310 [preauth]
Jun 22 22:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Invalid user crafty from 91.92.40.171
Jun 22 22:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: input_userauth_request: invalid user crafty [preauth]
Jun 22 22:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Failed password for invalid user crafty from 91.92.40.171 port 34004 ssh2
Jun 22 22:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Connection closed by 91.92.40.171 port 34004 [preauth]
Jun 22 22:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: Invalid user kafka from 91.92.40.171
Jun 22 22:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: input_userauth_request: invalid user kafka [preauth]
Jun 22 22:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: Failed password for invalid user kafka from 91.92.40.171 port 34072 ssh2
Jun 22 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: Connection closed by 91.92.40.171 port 34072 [preauth]
Jun 22 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: Invalid user fivem from 91.92.40.171
Jun 22 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: input_userauth_request: invalid user fivem [preauth]
Jun 22 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23680]: pam_unix(cron:session): session closed for user root
Jun 22 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: Failed password for invalid user fivem from 91.92.40.171 port 36588 ssh2
Jun 22 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: Connection closed by 91.92.40.171 port 36588 [preauth]
Jun 22 22:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: Invalid user git from 91.92.40.171
Jun 22 22:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: input_userauth_request: invalid user git [preauth]
Jun 22 22:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: Failed password for invalid user git from 91.92.40.171 port 36634 ssh2
Jun 22 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: Connection closed by 91.92.40.171 port 36634 [preauth]
Jun 22 22:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Invalid user user3 from 91.92.40.171
Jun 22 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: input_userauth_request: invalid user user3 [preauth]
Jun 22 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Failed password for invalid user user3 from 91.92.40.171 port 57616 ssh2
Jun 22 22:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Connection closed by 91.92.40.171 port 57616 [preauth]
Jun 22 22:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: Invalid user gitlab-runner from 91.92.40.171
Jun 22 22:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 22 22:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: Failed password for invalid user gitlab-runner from 91.92.40.171 port 57624 ssh2
Jun 22 22:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: Connection closed by 91.92.40.171 port 57624 [preauth]
Jun 22 22:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Failed password for root from 91.92.40.171 port 60422 ssh2
Jun 22 22:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Connection closed by 91.92.40.171 port 60422 [preauth]
Jun 22 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Invalid user pi from 91.92.40.171
Jun 22 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: input_userauth_request: invalid user pi [preauth]
Jun 22 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25141]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25139]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25209]: Successful su for rubyman by root
Jun 22 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25209]: + ??? root:rubyman
Jun 22 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573541 of user rubyman.
Jun 22 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25209]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573541.
Jun 22 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Failed password for invalid user pi from 91.92.40.171 port 60488 ssh2
Jun 22 22:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Connection closed by 91.92.40.171 port 60488 [preauth]
Jun 22 22:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22268]: pam_unix(cron:session): session closed for user root
Jun 22 22:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25140]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25363]: Failed password for root from 91.92.40.171 port 59704 ssh2
Jun 22 22:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25363]: Connection closed by 91.92.40.171 port 59704 [preauth]
Jun 22 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: Invalid user chris from 91.92.40.171
Jun 22 22:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: input_userauth_request: invalid user chris [preauth]
Jun 22 22:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: Failed password for invalid user chris from 91.92.40.171 port 41394 ssh2
Jun 22 22:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: Connection closed by 91.92.40.171 port 41394 [preauth]
Jun 22 22:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: Failed password for invalid user ubuntu from 91.92.40.171 port 41422 ssh2
Jun 22 22:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: Connection closed by 91.92.40.171 port 41422 [preauth]
Jun 22 22:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25417]: Failed password for root from 91.92.40.171 port 59914 ssh2
Jun 22 22:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25417]: Connection closed by 91.92.40.171 port 59914 [preauth]
Jun 22 22:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Invalid user dev from 91.92.40.171
Jun 22 22:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: input_userauth_request: invalid user dev [preauth]
Jun 22 22:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Failed password for invalid user dev from 91.92.40.171 port 59962 ssh2
Jun 22 22:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Connection closed by 91.92.40.171 port 59962 [preauth]
Jun 22 22:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24208]: pam_unix(cron:session): session closed for user root
Jun 22 22:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25458]: Invalid user test from 91.92.40.171
Jun 22 22:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25458]: input_userauth_request: invalid user test [preauth]
Jun 22 22:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25458]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25458]: Failed password for invalid user test from 91.92.40.171 port 57108 ssh2
Jun 22 22:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25458]: Connection closed by 91.92.40.171 port 57108 [preauth]
Jun 22 22:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Invalid user bernard from 91.92.40.171
Jun 22 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: input_userauth_request: invalid user bernard [preauth]
Jun 22 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Failed password for invalid user bernard from 91.92.40.171 port 57140 ssh2
Jun 22 22:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Connection closed by 91.92.40.171 port 57140 [preauth]
Jun 22 22:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Invalid user student from 91.92.40.171
Jun 22 22:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: input_userauth_request: invalid user student [preauth]
Jun 22 22:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Failed password for invalid user student from 91.92.40.171 port 36266 ssh2
Jun 22 22:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Connection closed by 91.92.40.171 port 36266 [preauth]
Jun 22 22:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Invalid user jellyfin from 91.92.40.171
Jun 22 22:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: input_userauth_request: invalid user jellyfin [preauth]
Jun 22 22:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Failed password for invalid user jellyfin from 91.92.40.171 port 36312 ssh2
Jun 22 22:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Connection closed by 91.92.40.171 port 36312 [preauth]
Jun 22 22:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Invalid user bot from 91.92.40.171
Jun 22 22:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: input_userauth_request: invalid user bot [preauth]
Jun 22 22:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Failed password for invalid user bot from 91.92.40.171 port 49816 ssh2
Jun 22 22:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Connection closed by 91.92.40.171 port 49816 [preauth]
Jun 22 22:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25554]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25615]: Successful su for rubyman by root
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25615]: + ??? root:rubyman
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573546 of user rubyman.
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25615]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573546.
Jun 22 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: Invalid user administrator from 91.92.40.171
Jun 22 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: input_userauth_request: invalid user administrator [preauth]
Jun 22 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: Failed password for invalid user administrator from 91.92.40.171 port 49898 ssh2
Jun 22 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25551]: Connection closed by 91.92.40.171 port 49898 [preauth]
Jun 22 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22785]: pam_unix(cron:session): session closed for user root
Jun 22 22:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25555]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Invalid user appuser from 91.92.40.171
Jun 22 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: input_userauth_request: invalid user appuser [preauth]
Jun 22 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Failed password for invalid user appuser from 91.92.40.171 port 42058 ssh2
Jun 22 22:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 22:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Connection closed by 91.92.40.171 port 42058 [preauth]
Jun 22 22:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: Failed password for root from 193.37.70.224 port 59222 ssh2
Jun 22 22:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: Connection closed by 193.37.70.224 port 59222 [preauth]
Jun 22 22:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Invalid user pi from 91.92.40.171
Jun 22 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: input_userauth_request: invalid user pi [preauth]
Jun 22 22:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Failed password for invalid user pi from 91.92.40.171 port 60896 ssh2
Jun 22 22:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Connection closed by 91.92.40.171 port 60896 [preauth]
Jun 22 22:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: Invalid user fastuser from 91.92.40.171
Jun 22 22:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 22:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: Failed password for invalid user fastuser from 91.92.40.171 port 60930 ssh2
Jun 22 22:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: Connection closed by 91.92.40.171 port 60930 [preauth]
Jun 22 22:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25845]: Invalid user testuser from 91.92.40.171
Jun 22 22:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25845]: input_userauth_request: invalid user testuser [preauth]
Jun 22 22:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25845]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Failed password for root from 38.55.97.143 port 37282 ssh2
Jun 22 22:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25845]: Failed password for invalid user testuser from 91.92.40.171 port 56314 ssh2
Jun 22 22:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25845]: Connection closed by 91.92.40.171 port 56314 [preauth]
Jun 22 22:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Connection closed by 38.55.97.143 port 37282 [preauth]
Jun 22 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: Invalid user daniel from 91.92.40.171
Jun 22 22:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: input_userauth_request: invalid user daniel [preauth]
Jun 22 22:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: Failed password for invalid user daniel from 91.92.40.171 port 56376 ssh2
Jun 22 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: Connection closed by 91.92.40.171 port 56376 [preauth]
Jun 22 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24711]: pam_unix(cron:session): session closed for user root
Jun 22 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Invalid user tom from 91.92.40.171
Jun 22 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: input_userauth_request: invalid user tom [preauth]
Jun 22 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Failed password for invalid user tom from 91.92.40.171 port 43076 ssh2
Jun 22 22:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Connection closed by 91.92.40.171 port 43076 [preauth]
Jun 22 22:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Invalid user developer from 91.92.40.171
Jun 22 22:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: input_userauth_request: invalid user developer [preauth]
Jun 22 22:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Failed password for invalid user developer from 91.92.40.171 port 43118 ssh2
Jun 22 22:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Connection closed by 91.92.40.171 port 43118 [preauth]
Jun 22 22:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: Invalid user ec2-user from 91.92.40.171
Jun 22 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: input_userauth_request: invalid user ec2-user [preauth]
Jun 22 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: Failed password for invalid user ec2-user from 91.92.40.171 port 56156 ssh2
Jun 22 22:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: Connection closed by 91.92.40.171 port 56156 [preauth]
Jun 22 22:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Invalid user gateway from 91.92.40.171
Jun 22 22:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: input_userauth_request: invalid user gateway [preauth]
Jun 22 22:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Failed password for invalid user gateway from 91.92.40.171 port 56222 ssh2
Jun 22 22:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Connection closed by 91.92.40.171 port 56222 [preauth]
Jun 22 22:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: Invalid user admin from 91.92.40.171
Jun 22 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: Failed password for invalid user admin from 91.92.40.171 port 45528 ssh2
Jun 22 22:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: Connection closed by 91.92.40.171 port 45528 [preauth]
Jun 22 22:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: Successful su for rubyman by root
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: + ??? root:rubyman
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573550 of user rubyman.
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573550.
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: Invalid user hamed from 91.92.40.171
Jun 22 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: input_userauth_request: invalid user hamed [preauth]
Jun 22 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23214]: pam_unix(cron:session): session closed for user root
Jun 22 22:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: Failed password for invalid user hamed from 91.92.40.171 port 45594 ssh2
Jun 22 22:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: Connection closed by 91.92.40.171 port 45594 [preauth]
Jun 22 22:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: Invalid user trinity from 91.92.40.171
Jun 22 22:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: input_userauth_request: invalid user trinity [preauth]
Jun 22 22:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: Failed password for invalid user trinity from 91.92.40.171 port 43826 ssh2
Jun 22 22:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: Connection closed by 91.92.40.171 port 43826 [preauth]
Jun 22 22:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: Invalid user debian from 91.92.40.171
Jun 22 22:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: input_userauth_request: invalid user debian [preauth]
Jun 22 22:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: Failed password for invalid user debian from 91.92.40.171 port 39126 ssh2
Jun 22 22:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: Connection closed by 91.92.40.171 port 39126 [preauth]
Jun 22 22:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Failed password for root from 91.92.40.171 port 39178 ssh2
Jun 22 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Connection closed by 91.92.40.171 port 39178 [preauth]
Jun 22 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Invalid user manoj from 91.92.40.171
Jun 22 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: input_userauth_request: invalid user manoj [preauth]
Jun 22 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Failed password for invalid user manoj from 91.92.40.171 port 57914 ssh2
Jun 22 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Connection closed by 91.92.40.171 port 57914 [preauth]
Jun 22 22:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: Invalid user ai from 91.92.40.171
Jun 22 22:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: input_userauth_request: invalid user ai [preauth]
Jun 22 22:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: Failed password for invalid user ai from 91.92.40.171 port 57940 ssh2
Jun 22 22:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: Connection closed by 91.92.40.171 port 57940 [preauth]
Jun 22 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25142]: pam_unix(cron:session): session closed for user root
Jun 22 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: Invalid user guest from 91.92.40.171
Jun 22 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: input_userauth_request: invalid user guest [preauth]
Jun 22 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: Failed password for invalid user guest from 91.92.40.171 port 57762 ssh2
Jun 22 22:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: Connection closed by 91.92.40.171 port 57762 [preauth]
Jun 22 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: Invalid user admin1 from 91.92.40.171
Jun 22 22:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 22:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: Failed password for invalid user admin1 from 91.92.40.171 port 57810 ssh2
Jun 22 22:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26322]: Connection closed by 91.92.40.171 port 57810 [preauth]
Jun 22 22:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Invalid user grid from 91.92.40.171
Jun 22 22:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: input_userauth_request: invalid user grid [preauth]
Jun 22 22:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Failed password for invalid user grid from 91.92.40.171 port 60200 ssh2
Jun 22 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Connection closed by 91.92.40.171 port 60200 [preauth]
Jun 22 22:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Failed password for root from 186.96.158.180 port 52732 ssh2
Jun 22 22:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Received disconnect from 186.96.158.180 port 52732:11: Bye Bye [preauth]
Jun 22 22:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Disconnected from 186.96.158.180 port 52732 [preauth]
Jun 22 22:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: Failed password for root from 91.92.40.171 port 60240 ssh2
Jun 22 22:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: Connection closed by 91.92.40.171 port 60240 [preauth]
Jun 22 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: Invalid user teamspeak from 91.92.40.171
Jun 22 22:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 22:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: Failed password for invalid user teamspeak from 91.92.40.171 port 57112 ssh2
Jun 22 22:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: Connection closed by 91.92.40.171 port 57112 [preauth]
Jun 22 22:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session closed for user root
Jun 22 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Invalid user openclaw from 91.92.40.171
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26458]: Successful su for rubyman by root
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26458]: + ??? root:rubyman
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573556 of user rubyman.
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26458]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573556.
Jun 22 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26456]: Received disconnect from 191.101.33.115 port 43136:11: disconnected by user [preauth]
Jun 22 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26456]: Disconnected from 191.101.33.115 port 43136 [preauth]
Jun 22 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Failed password for invalid user openclaw from 91.92.40.171 port 57156 ssh2
Jun 22 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Connection closed by 91.92.40.171 port 57156 [preauth]
Jun 22 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23678]: pam_unix(cron:session): session closed for user root
Jun 22 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26393]: pam_unix(cron:session): session closed for user root
Jun 22 22:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: Invalid user user from 91.92.40.171
Jun 22 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: input_userauth_request: invalid user user [preauth]
Jun 22 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: Failed password for invalid user user from 91.92.40.171 port 39286 ssh2
Jun 22 22:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: Connection closed by 91.92.40.171 port 39286 [preauth]
Jun 22 22:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26680]: Failed password for root from 91.92.40.171 port 34438 ssh2
Jun 22 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26680]: Connection closed by 91.92.40.171 port 34438 [preauth]
Jun 22 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26785]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26785]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26785]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26785]: Failed password for invalid user ubuntu from 91.92.40.171 port 34502 ssh2
Jun 22 22:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26785]: Connection closed by 91.92.40.171 port 34502 [preauth]
Jun 22 22:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Invalid user devops from 91.92.40.171
Jun 22 22:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: input_userauth_request: invalid user devops [preauth]
Jun 22 22:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Failed password for invalid user devops from 91.92.40.171 port 58186 ssh2
Jun 22 22:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Connection closed by 91.92.40.171 port 58186 [preauth]
Jun 22 22:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: Invalid user solana from 91.92.40.171
Jun 22 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: input_userauth_request: invalid user solana [preauth]
Jun 22 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: Failed password for invalid user solana from 91.92.40.171 port 58230 ssh2
Jun 22 22:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: Connection closed by 91.92.40.171 port 58230 [preauth]
Jun 22 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25557]: pam_unix(cron:session): session closed for user root
Jun 22 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Failed password for root from 91.92.40.171 port 34504 ssh2
Jun 22 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Connection closed by 91.92.40.171 port 34504 [preauth]
Jun 22 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26861]: Invalid user amit from 91.92.40.171
Jun 22 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26861]: input_userauth_request: invalid user amit [preauth]
Jun 22 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26861]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26861]: Failed password for invalid user amit from 91.92.40.171 port 34544 ssh2
Jun 22 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26861]: Connection closed by 91.92.40.171 port 34544 [preauth]
Jun 22 22:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Failed password for root from 91.92.40.171 port 49564 ssh2
Jun 22 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Connection closed by 91.92.40.171 port 49564 [preauth]
Jun 22 22:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Failed password for root from 91.92.40.171 port 39574 ssh2
Jun 22 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Connection closed by 91.92.40.171 port 39574 [preauth]
Jun 22 22:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26906]: Invalid user myuser from 91.92.40.171
Jun 22 22:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26906]: input_userauth_request: invalid user myuser [preauth]
Jun 22 22:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26906]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26906]: Failed password for invalid user myuser from 91.92.40.171 port 39618 ssh2
Jun 22 22:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26906]: Connection closed by 91.92.40.171 port 39618 [preauth]
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26921]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26920]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26918]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26987]: Successful su for rubyman by root
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26987]: + ??? root:rubyman
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573558 of user rubyman.
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26987]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573558.
Jun 22 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Invalid user linux from 91.92.40.171
Jun 22 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: input_userauth_request: invalid user linux [preauth]
Jun 22 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24207]: pam_unix(cron:session): session closed for user root
Jun 22 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Failed password for invalid user linux from 91.92.40.171 port 48930 ssh2
Jun 22 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Connection closed by 91.92.40.171 port 48930 [preauth]
Jun 22 22:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Invalid user steam from 91.92.40.171
Jun 22 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: input_userauth_request: invalid user steam [preauth]
Jun 22 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Failed password for invalid user steam from 91.92.40.171 port 48966 ssh2
Jun 22 22:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Connection closed by 91.92.40.171 port 48966 [preauth]
Jun 22 22:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Invalid user erpnext from 91.92.40.171
Jun 22 22:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: input_userauth_request: invalid user erpnext [preauth]
Jun 22 22:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Failed password for invalid user erpnext from 91.92.40.171 port 60098 ssh2
Jun 22 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Connection closed by 91.92.40.171 port 60098 [preauth]
Jun 22 22:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for root from 91.92.40.171 port 60150 ssh2
Jun 22 22:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Connection closed by 91.92.40.171 port 60150 [preauth]
Jun 22 22:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Invalid user node from 91.92.40.171
Jun 22 22:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: input_userauth_request: invalid user node [preauth]
Jun 22 22:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Failed password for invalid user node from 91.92.40.171 port 41368 ssh2
Jun 22 22:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Connection closed by 91.92.40.171 port 41368 [preauth]
Jun 22 22:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27256]: Invalid user angel from 91.92.40.171
Jun 22 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27256]: input_userauth_request: invalid user angel [preauth]
Jun 22 22:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27256]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session closed for user root
Jun 22 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27256]: Failed password for invalid user angel from 91.92.40.171 port 41966 ssh2
Jun 22 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27256]: Connection closed by 91.92.40.171 port 41966 [preauth]
Jun 22 22:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: Failed password for root from 38.55.97.143 port 42910 ssh2
Jun 22 22:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27311]: Invalid user lucas from 91.92.40.171
Jun 22 22:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27311]: input_userauth_request: invalid user lucas [preauth]
Jun 22 22:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27311]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: Connection closed by 38.55.97.143 port 42910 [preauth]
Jun 22 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27311]: Failed password for invalid user lucas from 91.92.40.171 port 42040 ssh2
Jun 22 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27311]: Connection closed by 91.92.40.171 port 42040 [preauth]
Jun 22 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Invalid user sam from 91.92.40.171
Jun 22 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: input_userauth_request: invalid user sam [preauth]
Jun 22 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Failed password for invalid user sam from 91.92.40.171 port 40704 ssh2
Jun 22 22:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Connection closed by 91.92.40.171 port 40704 [preauth]
Jun 22 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27346]: Failed password for root from 91.92.40.171 port 40740 ssh2
Jun 22 22:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27346]: Connection closed by 91.92.40.171 port 40740 [preauth]
Jun 22 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: Invalid user devops from 91.92.40.171
Jun 22 22:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: input_userauth_request: invalid user devops [preauth]
Jun 22 22:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: Failed password for invalid user devops from 91.92.40.171 port 59068 ssh2
Jun 22 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: Connection closed by 91.92.40.171 port 59068 [preauth]
Jun 22 22:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: Invalid user gitlab from 91.92.40.171
Jun 22 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: input_userauth_request: invalid user gitlab [preauth]
Jun 22 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27375]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: Failed password for invalid user gitlab from 91.92.40.171 port 59134 ssh2
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: Connection closed by 91.92.40.171 port 59134 [preauth]
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27434]: Successful su for rubyman by root
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27434]: + ??? root:rubyman
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573562 of user rubyman.
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27434]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573562.
Jun 22 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24710]: pam_unix(cron:session): session closed for user root
Jun 22 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27376]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: Failed password for root from 91.92.40.171 port 40810 ssh2
Jun 22 22:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: Connection closed by 91.92.40.171 port 40810 [preauth]
Jun 22 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Invalid user test from 91.92.40.171
Jun 22 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: input_userauth_request: invalid user test [preauth]
Jun 22 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Failed password for invalid user test from 91.92.40.171 port 40862 ssh2
Jun 22 22:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Connection closed by 91.92.40.171 port 40862 [preauth]
Jun 22 22:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: Failed password for root from 91.92.40.171 port 59850 ssh2
Jun 22 22:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: Connection closed by 91.92.40.171 port 59850 [preauth]
Jun 22 22:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Invalid user app from 91.92.40.171
Jun 22 22:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: input_userauth_request: invalid user app [preauth]
Jun 22 22:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Failed password for invalid user app from 91.92.40.171 port 54636 ssh2
Jun 22 22:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Connection closed by 91.92.40.171 port 54636 [preauth]
Jun 22 22:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: Invalid user webuser from 91.92.40.171
Jun 22 22:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: input_userauth_request: invalid user webuser [preauth]
Jun 22 22:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: Failed password for invalid user webuser from 91.92.40.171 port 54694 ssh2
Jun 22 22:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: Connection closed by 91.92.40.171 port 54694 [preauth]
Jun 22 22:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27703]: Invalid user mcserver from 91.92.40.171
Jun 22 22:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27703]: input_userauth_request: invalid user mcserver [preauth]
Jun 22 22:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27703]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session closed for user root
Jun 22 22:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27703]: Failed password for invalid user mcserver from 91.92.40.171 port 58896 ssh2
Jun 22 22:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27703]: Connection closed by 91.92.40.171 port 58896 [preauth]
Jun 22 22:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: Failed password for root from 91.92.40.171 port 58962 ssh2
Jun 22 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: Connection closed by 91.92.40.171 port 58962 [preauth]
Jun 22 22:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Invalid user alex from 91.92.40.171
Jun 22 22:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: input_userauth_request: invalid user alex [preauth]
Jun 22 22:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Failed password for invalid user alex from 91.92.40.171 port 34928 ssh2
Jun 22 22:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Connection closed by 91.92.40.171 port 34928 [preauth]
Jun 22 22:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: Invalid user admin from 91.92.40.171
Jun 22 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: Failed password for invalid user admin from 91.92.40.171 port 34990 ssh2
Jun 22 22:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: Connection closed by 91.92.40.171 port 34990 [preauth]
Jun 22 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Invalid user rocky from 91.92.40.171
Jun 22 22:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: input_userauth_request: invalid user rocky [preauth]
Jun 22 22:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Failed password for invalid user rocky from 91.92.40.171 port 56246 ssh2
Jun 22 22:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Connection closed by 91.92.40.171 port 56246 [preauth]
Jun 22 22:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: Invalid user deployer from 91.92.40.171
Jun 22 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: input_userauth_request: invalid user deployer [preauth]
Jun 22 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27797]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27870]: Successful su for rubyman by root
Jun 22 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27870]: + ??? root:rubyman
Jun 22 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573567 of user rubyman.
Jun 22 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27870]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573567.
Jun 22 22:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: Failed password for invalid user deployer from 91.92.40.171 port 56312 ssh2
Jun 22 22:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27794]: Connection closed by 91.92.40.171 port 56312 [preauth]
Jun 22 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25141]: pam_unix(cron:session): session closed for user root
Jun 22 22:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27798]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: Invalid user wso2 from 91.92.40.171
Jun 22 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: input_userauth_request: invalid user wso2 [preauth]
Jun 22 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: Failed password for invalid user wso2 from 91.92.40.171 port 58340 ssh2
Jun 22 22:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: Connection closed by 91.92.40.171 port 58340 [preauth]
Jun 22 22:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Invalid user minecraft from 91.92.40.171
Jun 22 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Failed password for invalid user minecraft from 91.92.40.171 port 58326 ssh2
Jun 22 22:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Connection closed by 91.92.40.171 port 58326 [preauth]
Jun 22 22:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28142]: Failed password for root from 91.92.40.171 port 58362 ssh2
Jun 22 22:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28142]: Connection closed by 91.92.40.171 port 58362 [preauth]
Jun 22 22:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: Failed password for root from 91.92.40.171 port 49334 ssh2
Jun 22 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: Connection closed by 91.92.40.171 port 49334 [preauth]
Jun 22 22:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Failed password for root from 91.92.40.171 port 49414 ssh2
Jun 22 22:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Connection closed by 91.92.40.171 port 49414 [preauth]
Jun 22 22:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 22:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: Failed password for root from 109.237.96.109 port 43222 ssh2
Jun 22 22:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: Connection closed by 109.237.96.109 port 43222 [preauth]
Jun 22 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26921]: pam_unix(cron:session): session closed for user root
Jun 22 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: Invalid user guest from 91.92.40.171
Jun 22 22:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: input_userauth_request: invalid user guest [preauth]
Jun 22 22:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: Failed password for invalid user guest from 91.92.40.171 port 57610 ssh2
Jun 22 22:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: Connection closed by 91.92.40.171 port 57610 [preauth]
Jun 22 22:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Invalid user hduser from 91.92.40.171
Jun 22 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: input_userauth_request: invalid user hduser [preauth]
Jun 22 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Failed password for invalid user hduser from 91.92.40.171 port 57644 ssh2
Jun 22 22:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Connection closed by 91.92.40.171 port 57644 [preauth]
Jun 22 22:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: Invalid user debian from 91.92.40.171
Jun 22 22:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: input_userauth_request: invalid user debian [preauth]
Jun 22 22:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: Failed password for invalid user debian from 91.92.40.171 port 35076 ssh2
Jun 22 22:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: Connection closed by 91.92.40.171 port 35076 [preauth]
Jun 22 22:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Invalid user ts3 from 91.92.40.171
Jun 22 22:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: input_userauth_request: invalid user ts3 [preauth]
Jun 22 22:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Failed password for invalid user ts3 from 91.92.40.171 port 35146 ssh2
Jun 22 22:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Connection closed by 91.92.40.171 port 35146 [preauth]
Jun 22 22:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Invalid user odoo18 from 91.92.40.171
Jun 22 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: input_userauth_request: invalid user odoo18 [preauth]
Jun 22 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Failed password for invalid user odoo18 from 91.92.40.171 port 49398 ssh2
Jun 22 22:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Connection closed by 91.92.40.171 port 49398 [preauth]
Jun 22 22:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28291]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Invalid user master from 91.92.40.171
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: input_userauth_request: invalid user master [preauth]
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28406]: Successful su for rubyman by root
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28406]: + ??? root:rubyman
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573571 of user rubyman.
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28406]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573571.
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session closed for user root
Jun 22 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Failed password for invalid user master from 91.92.40.171 port 49432 ssh2
Jun 22 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Connection closed by 91.92.40.171 port 49432 [preauth]
Jun 22 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25556]: pam_unix(cron:session): session closed for user root
Jun 22 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28292]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: Failed password for root from 91.92.40.171 port 60304 ssh2
Jun 22 22:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: Connection closed by 91.92.40.171 port 60304 [preauth]
Jun 22 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Invalid user gitlab from 91.92.40.171
Jun 22 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: input_userauth_request: invalid user gitlab [preauth]
Jun 22 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Failed password for invalid user gitlab from 91.92.40.171 port 43764 ssh2
Jun 22 22:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Connection closed by 91.92.40.171 port 43764 [preauth]
Jun 22 22:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: Invalid user user1 from 91.92.40.171
Jun 22 22:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: input_userauth_request: invalid user user1 [preauth]
Jun 22 22:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: Failed password for invalid user user1 from 91.92.40.171 port 43836 ssh2
Jun 22 22:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: Connection closed by 91.92.40.171 port 43836 [preauth]
Jun 22 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Invalid user steam from 91.92.40.171
Jun 22 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: input_userauth_request: invalid user steam [preauth]
Jun 22 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Failed password for invalid user steam from 91.92.40.171 port 60114 ssh2
Jun 22 22:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Connection closed by 91.92.40.171 port 60114 [preauth]
Jun 22 22:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Failed password for root from 91.92.40.171 port 60164 ssh2
Jun 22 22:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Connection closed by 91.92.40.171 port 60164 [preauth]
Jun 22 22:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27378]: pam_unix(cron:session): session closed for user root
Jun 22 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Invalid user tester from 91.92.40.171
Jun 22 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: input_userauth_request: invalid user tester [preauth]
Jun 22 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Failed password for invalid user tester from 91.92.40.171 port 44888 ssh2
Jun 22 22:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Connection closed by 91.92.40.171 port 44888 [preauth]
Jun 22 22:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: Invalid user lin from 91.92.40.171
Jun 22 22:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: input_userauth_request: invalid user lin [preauth]
Jun 22 22:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: Failed password for invalid user lin from 91.92.40.171 port 44970 ssh2
Jun 22 22:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: Connection closed by 91.92.40.171 port 44970 [preauth]
Jun 22 22:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: Invalid user gabriel from 91.92.40.171
Jun 22 22:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: input_userauth_request: invalid user gabriel [preauth]
Jun 22 22:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: Failed password for invalid user gabriel from 91.92.40.171 port 57742 ssh2
Jun 22 22:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: Connection closed by 91.92.40.171 port 57742 [preauth]
Jun 22 22:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: Invalid user stack from 91.92.40.171
Jun 22 22:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: input_userauth_request: invalid user stack [preauth]
Jun 22 22:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: Failed password for invalid user stack from 91.92.40.171 port 57780 ssh2
Jun 22 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: Connection closed by 91.92.40.171 port 57780 [preauth]
Jun 22 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: Invalid user pi from 91.92.40.171
Jun 22 22:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: input_userauth_request: invalid user pi [preauth]
Jun 22 22:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: Failed password for invalid user pi from 91.92.40.171 port 59524 ssh2
Jun 22 22:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28883]: Connection closed by 91.92.40.171 port 59524 [preauth]
Jun 22 22:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 22:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: Failed password for root from 38.55.97.143 port 45792 ssh2
Jun 22 22:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28903]: Invalid user test from 91.92.40.171
Jun 22 22:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28903]: input_userauth_request: invalid user test [preauth]
Jun 22 22:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28903]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: Failed password for root from 194.113.233.25 port 51894 ssh2
Jun 22 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: Connection closed by 194.113.233.25 port 51894 [preauth]
Jun 22 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28913]: pam_unix(cron:session): session closed for user root
Jun 22 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28906]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28978]: Successful su for rubyman by root
Jun 22 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28978]: + ??? root:rubyman
Jun 22 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573578 of user rubyman.
Jun 22 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28978]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573578.
Jun 22 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28903]: Failed password for invalid user test from 91.92.40.171 port 59628 ssh2
Jun 22 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28903]: Connection closed by 91.92.40.171 port 59628 [preauth]
Jun 22 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: Connection closed by 38.55.97.143 port 45792 [preauth]
Jun 22 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28910]: pam_unix(cron:session): session closed for user root
Jun 22 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25970]: pam_unix(cron:session): session closed for user root
Jun 22 22:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Invalid user postgres from 91.92.40.171
Jun 22 22:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: input_userauth_request: invalid user postgres [preauth]
Jun 22 22:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28909]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Failed password for invalid user postgres from 91.92.40.171 port 41062 ssh2
Jun 22 22:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Connection closed by 91.92.40.171 port 41062 [preauth]
Jun 22 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Invalid user admin123 from 91.92.40.171
Jun 22 22:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: input_userauth_request: invalid user admin123 [preauth]
Jun 22 22:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Failed password for invalid user admin123 from 91.92.40.171 port 41116 ssh2
Jun 22 22:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Connection closed by 91.92.40.171 port 41116 [preauth]
Jun 22 22:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Failed password for root from 91.92.40.171 port 45450 ssh2
Jun 22 22:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Connection closed by 91.92.40.171 port 45450 [preauth]
Jun 22 22:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Invalid user systemd from 91.92.40.171
Jun 22 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: input_userauth_request: invalid user systemd [preauth]
Jun 22 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for invalid user systemd from 91.92.40.171 port 54630 ssh2
Jun 22 22:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Connection closed by 91.92.40.171 port 54630 [preauth]
Jun 22 22:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Invalid user pi from 91.92.40.171
Jun 22 22:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: input_userauth_request: invalid user pi [preauth]
Jun 22 22:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Failed password for invalid user pi from 91.92.40.171 port 54734 ssh2
Jun 22 22:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Connection closed by 91.92.40.171 port 54734 [preauth]
Jun 22 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: Invalid user chris from 91.92.40.171
Jun 22 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: input_userauth_request: invalid user chris [preauth]
Jun 22 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session closed for user root
Jun 22 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: Failed password for invalid user chris from 91.92.40.171 port 48636 ssh2
Jun 22 22:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: Connection closed by 91.92.40.171 port 48636 [preauth]
Jun 22 22:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Invalid user odoo18 from 91.92.40.171
Jun 22 22:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: input_userauth_request: invalid user odoo18 [preauth]
Jun 22 22:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Failed password for invalid user odoo18 from 91.92.40.171 port 48734 ssh2
Jun 22 22:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Connection closed by 91.92.40.171 port 48734 [preauth]
Jun 22 22:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Invalid user vm from 91.92.40.171
Jun 22 22:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: input_userauth_request: invalid user vm [preauth]
Jun 22 22:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Failed password for invalid user vm from 91.92.40.171 port 42656 ssh2
Jun 22 22:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Connection closed by 91.92.40.171 port 42656 [preauth]
Jun 22 22:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: Invalid user user from 91.92.40.171
Jun 22 22:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: input_userauth_request: invalid user user [preauth]
Jun 22 22:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: Failed password for invalid user user from 91.92.40.171 port 42692 ssh2
Jun 22 22:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: Connection closed by 91.92.40.171 port 42692 [preauth]
Jun 22 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: Invalid user deploy from 91.92.40.171
Jun 22 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: input_userauth_request: invalid user deploy [preauth]
Jun 22 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Invalid user foundry from 186.96.158.180
Jun 22 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: input_userauth_request: invalid user foundry [preauth]
Jun 22 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 22:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Failed password for invalid user foundry from 186.96.158.180 port 33758 ssh2
Jun 22 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Received disconnect from 186.96.158.180 port 33758:11: Bye Bye [preauth]
Jun 22 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Disconnected from 186.96.158.180 port 33758 [preauth]
Jun 22 22:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: Failed password for invalid user deploy from 91.92.40.171 port 44942 ssh2
Jun 22 22:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: Connection closed by 91.92.40.171 port 44942 [preauth]
Jun 22 22:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: Invalid user agent from 91.92.40.171
Jun 22 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: input_userauth_request: invalid user agent [preauth]
Jun 22 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29387]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29453]: Successful su for rubyman by root
Jun 22 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29453]: + ??? root:rubyman
Jun 22 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573581 of user rubyman.
Jun 22 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29453]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573581.
Jun 22 22:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: Failed password for invalid user agent from 91.92.40.171 port 44984 ssh2
Jun 22 22:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: Connection closed by 91.92.40.171 port 44984 [preauth]
Jun 22 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session closed for user root
Jun 22 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29388]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: Invalid user rancher from 91.92.40.171
Jun 22 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: input_userauth_request: invalid user rancher [preauth]
Jun 22 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: Failed password for invalid user rancher from 91.92.40.171 port 42284 ssh2
Jun 22 22:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: Connection closed by 91.92.40.171 port 42284 [preauth]
Jun 22 22:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Invalid user openclaw from 91.92.40.171
Jun 22 22:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 22:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Failed password for invalid user openclaw from 91.92.40.171 port 32854 ssh2
Jun 22 22:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Connection closed by 91.92.40.171 port 32854 [preauth]
Jun 22 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29800]: Invalid user runner from 91.92.40.171
Jun 22 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29800]: input_userauth_request: invalid user runner [preauth]
Jun 22 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29800]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29800]: Failed password for invalid user runner from 91.92.40.171 port 32912 ssh2
Jun 22 22:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29800]: Connection closed by 91.92.40.171 port 32912 [preauth]
Jun 22 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Invalid user sam from 91.92.40.171
Jun 22 22:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: input_userauth_request: invalid user sam [preauth]
Jun 22 22:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Failed password for invalid user sam from 91.92.40.171 port 59050 ssh2
Jun 22 22:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Connection closed by 91.92.40.171 port 59050 [preauth]
Jun 22 22:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Invalid user steam from 91.92.40.171
Jun 22 22:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: input_userauth_request: invalid user steam [preauth]
Jun 22 22:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Failed password for invalid user steam from 91.92.40.171 port 59100 ssh2
Jun 22 22:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Connection closed by 91.92.40.171 port 59100 [preauth]
Jun 22 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28294]: pam_unix(cron:session): session closed for user root
Jun 22 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29863]: Invalid user nginx from 91.92.40.171
Jun 22 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29863]: input_userauth_request: invalid user nginx [preauth]
Jun 22 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29863]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29863]: Failed password for invalid user nginx from 91.92.40.171 port 33386 ssh2
Jun 22 22:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29863]: Connection closed by 91.92.40.171 port 33386 [preauth]
Jun 22 22:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: Invalid user deploy from 91.92.40.171
Jun 22 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: input_userauth_request: invalid user deploy [preauth]
Jun 22 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: Failed password for invalid user deploy from 91.92.40.171 port 33458 ssh2
Jun 22 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: Connection closed by 91.92.40.171 port 33458 [preauth]
Jun 22 22:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: Invalid user guest from 91.92.40.171
Jun 22 22:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: input_userauth_request: invalid user guest [preauth]
Jun 22 22:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: Failed password for invalid user guest from 91.92.40.171 port 54544 ssh2
Jun 22 22:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: Connection closed by 91.92.40.171 port 54544 [preauth]
Jun 22 22:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: Invalid user frappe from 91.92.40.171
Jun 22 22:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: input_userauth_request: invalid user frappe [preauth]
Jun 22 22:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: Failed password for invalid user frappe from 91.92.40.171 port 54582 ssh2
Jun 22 22:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: Connection closed by 91.92.40.171 port 54582 [preauth]
Jun 22 22:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29933]: Invalid user admin from 91.92.40.171
Jun 22 22:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29933]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29933]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29933]: Failed password for invalid user admin from 91.92.40.171 port 38588 ssh2
Jun 22 22:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29933]: Connection closed by 91.92.40.171 port 38588 [preauth]
Jun 22 22:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29946]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30007]: Successful su for rubyman by root
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30007]: + ??? root:rubyman
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573585 of user rubyman.
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30007]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573585.
Jun 22 22:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29943]: Failed password for root from 91.92.40.171 port 38646 ssh2
Jun 22 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29943]: Connection closed by 91.92.40.171 port 38646 [preauth]
Jun 22 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26920]: pam_unix(cron:session): session closed for user root
Jun 22 22:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29947]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: Invalid user admin2 from 91.92.40.171
Jun 22 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: input_userauth_request: invalid user admin2 [preauth]
Jun 22 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: Failed password for invalid user admin2 from 91.92.40.171 port 60664 ssh2
Jun 22 22:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: Connection closed by 91.92.40.171 port 60664 [preauth]
Jun 22 22:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30222]: Invalid user fivem from 91.92.40.171
Jun 22 22:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30222]: input_userauth_request: invalid user fivem [preauth]
Jun 22 22:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30222]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30222]: Failed password for invalid user fivem from 91.92.40.171 port 50818 ssh2
Jun 22 22:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30222]: Connection closed by 91.92.40.171 port 50818 [preauth]
Jun 22 22:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: Failed password for root from 91.92.40.171 port 50896 ssh2
Jun 22 22:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: Connection closed by 91.92.40.171 port 50896 [preauth]
Jun 22 22:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: Invalid user user from 91.92.40.171
Jun 22 22:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: input_userauth_request: invalid user user [preauth]
Jun 22 22:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: Failed password for invalid user user from 91.92.40.171 port 38722 ssh2
Jun 22 22:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: Connection closed by 91.92.40.171 port 38722 [preauth]
Jun 22 22:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Invalid user user from 91.92.40.171
Jun 22 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: input_userauth_request: invalid user user [preauth]
Jun 22 22:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Failed password for invalid user user from 91.92.40.171 port 38750 ssh2
Jun 22 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Connection closed by 91.92.40.171 port 38750 [preauth]
Jun 22 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28912]: pam_unix(cron:session): session closed for user root
Jun 22 22:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: Failed password for root from 91.92.40.171 port 35610 ssh2
Jun 22 22:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: Connection closed by 91.92.40.171 port 35610 [preauth]
Jun 22 22:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Failed password for root from 91.92.40.171 port 35668 ssh2
Jun 22 22:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Connection closed by 91.92.40.171 port 35668 [preauth]
Jun 22 22:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: Invalid user app from 91.92.40.171
Jun 22 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: input_userauth_request: invalid user app [preauth]
Jun 22 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: Failed password for invalid user app from 91.92.40.171 port 43310 ssh2
Jun 22 22:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: Connection closed by 91.92.40.171 port 43310 [preauth]
Jun 22 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30366]: Invalid user minecraft from 91.92.40.171
Jun 22 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30366]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30366]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30366]: Failed password for invalid user minecraft from 91.92.40.171 port 40962 ssh2
Jun 22 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30366]: Connection closed by 91.92.40.171 port 40962 [preauth]
Jun 22 22:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: Invalid user jenkins from 91.92.40.171
Jun 22 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: Failed password for invalid user jenkins from 91.92.40.171 port 41070 ssh2
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: Connection closed by 91.92.40.171 port 41070 [preauth]
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30387]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30449]: Successful su for rubyman by root
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30449]: + ??? root:rubyman
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573591 of user rubyman.
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30449]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573591.
Jun 22 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Invalid user postgres from 91.92.40.171
Jun 22 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: input_userauth_request: invalid user postgres [preauth]
Jun 22 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27377]: pam_unix(cron:session): session closed for user root
Jun 22 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Failed password for invalid user postgres from 91.92.40.171 port 48972 ssh2
Jun 22 22:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Connection closed by 91.92.40.171 port 48972 [preauth]
Jun 22 22:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Invalid user www from 91.92.40.171
Jun 22 22:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: input_userauth_request: invalid user www [preauth]
Jun 22 22:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Failed password for invalid user www from 91.92.40.171 port 49018 ssh2
Jun 22 22:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Connection closed by 91.92.40.171 port 49018 [preauth]
Jun 22 22:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: Invalid user root1 from 91.92.40.171
Jun 22 22:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: input_userauth_request: invalid user root1 [preauth]
Jun 22 22:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: Failed password for invalid user root1 from 91.92.40.171 port 42866 ssh2
Jun 22 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: Connection closed by 91.92.40.171 port 42866 [preauth]
Jun 22 22:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Invalid user myuser from 91.92.40.171
Jun 22 22:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: input_userauth_request: invalid user myuser [preauth]
Jun 22 22:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Failed password for invalid user myuser from 91.92.40.171 port 42896 ssh2
Jun 22 22:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Connection closed by 91.92.40.171 port 42896 [preauth]
Jun 22 22:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: Failed password for root from 91.92.40.171 port 45382 ssh2
Jun 22 22:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: Connection closed by 91.92.40.171 port 45382 [preauth]
Jun 22 22:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Invalid user hadoop from 91.92.40.171
Jun 22 22:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 22:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for invalid user hadoop from 91.92.40.171 port 45418 ssh2
Jun 22 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: Failed password for root from 38.55.97.143 port 48264 ssh2
Jun 22 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Connection closed by 91.92.40.171 port 45418 [preauth]
Jun 22 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29390]: pam_unix(cron:session): session closed for user root
Jun 22 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: Connection closed by 38.55.97.143 port 48264 [preauth]
Jun 22 22:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Failed password for root from 91.92.40.171 port 43770 ssh2
Jun 22 22:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Connection closed by 91.92.40.171 port 43770 [preauth]
Jun 22 22:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Invalid user admin from 91.92.40.171
Jun 22 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Failed password for invalid user admin from 91.92.40.171 port 50582 ssh2
Jun 22 22:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Connection closed by 91.92.40.171 port 50582 [preauth]
Jun 22 22:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: Invalid user admin from 91.92.40.171
Jun 22 22:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: Failed password for invalid user admin from 91.92.40.171 port 50614 ssh2
Jun 22 22:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: Connection closed by 91.92.40.171 port 50614 [preauth]
Jun 22 22:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: Invalid user uploader from 91.92.40.171
Jun 22 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: input_userauth_request: invalid user uploader [preauth]
Jun 22 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: Failed password for invalid user uploader from 91.92.40.171 port 59496 ssh2
Jun 22 22:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: Connection closed by 91.92.40.171 port 59496 [preauth]
Jun 22 22:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for root from 91.92.40.171 port 59542 ssh2
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Connection closed by 91.92.40.171 port 59542 [preauth]
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30822]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30887]: Successful su for rubyman by root
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30887]: + ??? root:rubyman
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573593 of user rubyman.
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30887]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573593.
Jun 22 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: Invalid user btc from 91.92.40.171
Jun 22 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: input_userauth_request: invalid user btc [preauth]
Jun 22 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27799]: pam_unix(cron:session): session closed for user root
Jun 22 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30823]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: Failed password for invalid user btc from 91.92.40.171 port 41846 ssh2
Jun 22 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: Connection closed by 91.92.40.171 port 41846 [preauth]
Jun 22 22:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: Failed password for invalid user ubuntu from 91.92.40.171 port 41892 ssh2
Jun 22 22:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: Connection closed by 91.92.40.171 port 41892 [preauth]
Jun 22 22:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Invalid user user3 from 91.92.40.171
Jun 22 22:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: input_userauth_request: invalid user user3 [preauth]
Jun 22 22:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Failed password for invalid user user3 from 91.92.40.171 port 47232 ssh2
Jun 22 22:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Connection closed by 91.92.40.171 port 47232 [preauth]
Jun 22 22:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31204]: Failed password for root from 91.92.40.171 port 47292 ssh2
Jun 22 22:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31204]: Connection closed by 91.92.40.171 port 47292 [preauth]
Jun 22 22:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31227]: Failed password for root from 91.92.40.171 port 52954 ssh2
Jun 22 22:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31227]: Connection closed by 91.92.40.171 port 52954 [preauth]
Jun 22 22:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: Invalid user debian from 91.92.40.171
Jun 22 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: input_userauth_request: invalid user debian [preauth]
Jun 22 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session closed for user root
Jun 22 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: Failed password for invalid user debian from 91.92.40.171 port 53028 ssh2
Jun 22 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: Connection closed by 91.92.40.171 port 53028 [preauth]
Jun 22 22:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: Invalid user splunk from 91.92.40.171
Jun 22 22:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: input_userauth_request: invalid user splunk [preauth]
Jun 22 22:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: Failed password for invalid user splunk from 91.92.40.171 port 42982 ssh2
Jun 22 22:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: Connection closed by 91.92.40.171 port 42982 [preauth]
Jun 22 22:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: Invalid user user from 91.92.40.171
Jun 22 22:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: input_userauth_request: invalid user user [preauth]
Jun 22 22:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: Failed password for invalid user user from 91.92.40.171 port 43436 ssh2
Jun 22 22:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: Connection closed by 91.92.40.171 port 43436 [preauth]
Jun 22 22:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Failed password for invalid user ubuntu from 91.92.40.171 port 43526 ssh2
Jun 22 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Connection closed by 91.92.40.171 port 43526 [preauth]
Jun 22 22:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: Failed password for invalid user ubuntu from 91.92.40.171 port 48284 ssh2
Jun 22 22:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: Connection closed by 91.92.40.171 port 48284 [preauth]
Jun 22 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 22 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: Invalid user term2 from 91.92.40.171
Jun 22 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: input_userauth_request: invalid user term2 [preauth]
Jun 22 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31337]: Failed password for root from 193.46.255.86 port 52254 ssh2
Jun 22 22:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: Failed password for invalid user term2 from 91.92.40.171 port 48340 ssh2
Jun 22 22:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: Connection closed by 91.92.40.171 port 48340 [preauth]
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session closed for user root
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31343]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: Successful su for rubyman by root
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: + ??? root:rubyman
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573602 of user rubyman.
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573602.
Jun 22 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31337]: Failed password for root from 193.46.255.86 port 52254 ssh2
Jun 22 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28293]: pam_unix(cron:session): session closed for user root
Jun 22 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session closed for user root
Jun 22 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31337]: Failed password for root from 193.46.255.86 port 52254 ssh2
Jun 22 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Invalid user trade from 91.92.40.171
Jun 22 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: input_userauth_request: invalid user trade [preauth]
Jun 22 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31337]: Connection closed by 193.46.255.86 port 52254 [preauth]
Jun 22 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31337]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 22 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for invalid user trade from 91.92.40.171 port 42182 ssh2
Jun 22 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Connection closed by 91.92.40.171 port 42182 [preauth]
Jun 22 22:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: Invalid user user from 91.92.40.171
Jun 22 22:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: input_userauth_request: invalid user user [preauth]
Jun 22 22:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: Failed password for invalid user user from 91.92.40.171 port 42246 ssh2
Jun 22 22:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: Connection closed by 91.92.40.171 port 42246 [preauth]
Jun 22 22:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31760]: Invalid user developer from 91.92.40.171
Jun 22 22:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31760]: input_userauth_request: invalid user developer [preauth]
Jun 22 22:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31760]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31760]: Failed password for invalid user developer from 91.92.40.171 port 39020 ssh2
Jun 22 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31760]: Connection closed by 91.92.40.171 port 39020 [preauth]
Jun 22 22:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Failed password for root from 91.92.40.171 port 39098 ssh2
Jun 22 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Connection closed by 91.92.40.171 port 39098 [preauth]
Jun 22 22:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: Invalid user cloud from 91.92.40.171
Jun 22 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: input_userauth_request: invalid user cloud [preauth]
Jun 22 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: Failed password for invalid user cloud from 91.92.40.171 port 45812 ssh2
Jun 22 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: Connection closed by 91.92.40.171 port 45812 [preauth]
Jun 22 22:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31809]: Invalid user deploy from 91.92.40.171
Jun 22 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31809]: input_userauth_request: invalid user deploy [preauth]
Jun 22 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31809]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30390]: pam_unix(cron:session): session closed for user root
Jun 22 22:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31809]: Failed password for invalid user deploy from 91.92.40.171 port 47228 ssh2
Jun 22 22:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31809]: Connection closed by 91.92.40.171 port 47228 [preauth]
Jun 22 22:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: Failed password for root from 91.92.40.171 port 47290 ssh2
Jun 22 22:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: Connection closed by 91.92.40.171 port 47290 [preauth]
Jun 22 22:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Invalid user milad from 91.92.40.171
Jun 22 22:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: input_userauth_request: invalid user milad [preauth]
Jun 22 22:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Failed password for invalid user milad from 91.92.40.171 port 34226 ssh2
Jun 22 22:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Connection closed by 91.92.40.171 port 34226 [preauth]
Jun 22 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: Failed password for root from 91.92.40.171 port 34350 ssh2
Jun 22 22:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: Connection closed by 91.92.40.171 port 34350 [preauth]
Jun 22 22:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: Invalid user myuser from 91.92.40.171
Jun 22 22:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: input_userauth_request: invalid user myuser [preauth]
Jun 22 22:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: Failed password for invalid user myuser from 91.92.40.171 port 53864 ssh2
Jun 22 22:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: Connection closed by 91.92.40.171 port 53864 [preauth]
Jun 22 22:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: Failed password for root from 91.92.40.171 port 53930 ssh2
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: Connection closed by 91.92.40.171 port 53930 [preauth]
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31900]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31982]: Successful su for rubyman by root
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31982]: + ??? root:rubyman
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573604 of user rubyman.
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31982]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573604.
Jun 22 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 22 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: Invalid user user from 141.98.83.240
Jun 22 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: input_userauth_request: invalid user user [preauth]
Jun 22 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28911]: pam_unix(cron:session): session closed for user root
Jun 22 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: User mysql from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: input_userauth_request: invalid user mysql [preauth]
Jun 22 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=mysql
Jun 22 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Failed password for root from 202.178.126.219 port 34933 ssh2
Jun 22 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31902]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: Failed password for invalid user user from 141.98.83.240 port 16494 ssh2
Jun 22 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Connection closed by 202.178.126.219 port 34933 [preauth]
Jun 22 22:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Failed password for invalid user mysql from 91.92.40.171 port 55140 ssh2
Jun 22 22:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Connection closed by 91.92.40.171 port 55140 [preauth]
Jun 22 22:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: Failed password for invalid user user from 141.98.83.240 port 16494 ssh2
Jun 22 22:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: Invalid user ai from 91.92.40.171
Jun 22 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: input_userauth_request: invalid user ai [preauth]
Jun 22 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: Failed password for invalid user user from 141.98.83.240 port 16494 ssh2
Jun 22 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: Connection closed by 141.98.83.240 port 16494 [preauth]
Jun 22 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 22:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: Failed password for invalid user ai from 91.92.40.171 port 55174 ssh2
Jun 22 22:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: Connection closed by 91.92.40.171 port 55174 [preauth]
Jun 22 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: Failed password for root from 91.92.40.171 port 52636 ssh2
Jun 22 22:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: Connection closed by 91.92.40.171 port 52636 [preauth]
Jun 22 22:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Invalid user test from 91.92.40.171
Jun 22 22:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: input_userauth_request: invalid user test [preauth]
Jun 22 22:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Failed password for invalid user test from 91.92.40.171 port 52738 ssh2
Jun 22 22:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Connection closed by 91.92.40.171 port 52738 [preauth]
Jun 22 22:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Invalid user zimbra from 91.92.40.171
Jun 22 22:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: input_userauth_request: invalid user zimbra [preauth]
Jun 22 22:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Failed password for invalid user zimbra from 91.92.40.171 port 54450 ssh2
Jun 22 22:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Connection closed by 91.92.40.171 port 54450 [preauth]
Jun 22 22:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 22:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: Failed password for root from 193.24.211.107 port 15651 ssh2
Jun 22 22:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: Received disconnect from 193.24.211.107 port 15651:11: Client disconnecting normally [preauth]
Jun 22 22:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: Disconnected from 193.24.211.107 port 15651 [preauth]
Jun 22 22:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: Invalid user kim from 91.92.40.171
Jun 22 22:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: input_userauth_request: invalid user kim [preauth]
Jun 22 22:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30825]: pam_unix(cron:session): session closed for user root
Jun 22 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: Failed password for invalid user kim from 91.92.40.171 port 55084 ssh2
Jun 22 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32255]: Connection closed by 91.92.40.171 port 55084 [preauth]
Jun 22 22:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: Invalid user user2 from 91.92.40.171
Jun 22 22:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: input_userauth_request: invalid user user2 [preauth]
Jun 22 22:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: Failed password for invalid user user2 from 91.92.40.171 port 55158 ssh2
Jun 22 22:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: Connection closed by 91.92.40.171 port 55158 [preauth]
Jun 22 22:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Failed password for root from 91.92.40.171 port 59308 ssh2
Jun 22 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Connection closed by 91.92.40.171 port 59308 [preauth]
Jun 22 22:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32318]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32318]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32318]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32318]: Failed password for invalid user ubuntu from 91.92.40.171 port 59348 ssh2
Jun 22 22:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32318]: Connection closed by 91.92.40.171 port 59348 [preauth]
Jun 22 22:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Failed password for root from 38.55.97.143 port 54296 ssh2
Jun 22 22:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: Invalid user monitor from 91.92.40.171
Jun 22 22:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: input_userauth_request: invalid user monitor [preauth]
Jun 22 22:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Connection closed by 38.55.97.143 port 54296 [preauth]
Jun 22 22:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: Failed password for invalid user monitor from 91.92.40.171 port 49306 ssh2
Jun 22 22:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: Connection closed by 91.92.40.171 port 49306 [preauth]
Jun 22 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: Invalid user ubuntu from 186.96.158.180
Jun 22 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32340]: Invalid user web from 91.92.40.171
Jun 22 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32340]: input_userauth_request: invalid user web [preauth]
Jun 22 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32340]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: Failed password for invalid user ubuntu from 186.96.158.180 port 55472 ssh2
Jun 22 22:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: Received disconnect from 186.96.158.180 port 55472:11: Bye Bye [preauth]
Jun 22 22:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: Disconnected from 186.96.158.180 port 55472 [preauth]
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32340]: Failed password for invalid user web from 91.92.40.171 port 49322 ssh2
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32422]: Successful su for rubyman by root
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32422]: + ??? root:rubyman
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573607 of user rubyman.
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32422]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573607.
Jun 22 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32340]: Connection closed by 91.92.40.171 port 49322 [preauth]
Jun 22 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29389]: pam_unix(cron:session): session closed for user root
Jun 22 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: Invalid user admin123 from 91.92.40.171
Jun 22 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: input_userauth_request: invalid user admin123 [preauth]
Jun 22 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32355]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: Failed password for invalid user admin123 from 91.92.40.171 port 40964 ssh2
Jun 22 22:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: Connection closed by 91.92.40.171 port 40964 [preauth]
Jun 22 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Invalid user runner from 91.92.40.171
Jun 22 22:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: input_userauth_request: invalid user runner [preauth]
Jun 22 22:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Failed password for invalid user runner from 91.92.40.171 port 41060 ssh2
Jun 22 22:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Connection closed by 91.92.40.171 port 41060 [preauth]
Jun 22 22:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Failed password for root from 91.92.40.171 port 60424 ssh2
Jun 22 22:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Connection closed by 91.92.40.171 port 60424 [preauth]
Jun 22 22:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Invalid user teamspeak from 91.92.40.171
Jun 22 22:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 22:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Failed password for invalid user teamspeak from 91.92.40.171 port 48714 ssh2
Jun 22 22:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Connection closed by 91.92.40.171 port 48714 [preauth]
Jun 22 22:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 22:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: Connection closed by 85.217.149.3 port 60248 [preauth]
Jun 22 22:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: Failed password for root from 38.93.206.2 port 16162 ssh2
Jun 22 22:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: Connection closed by 38.93.206.2 port 16162 [preauth]
Jun 22 22:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Failed password for root from 91.92.40.171 port 48764 ssh2
Jun 22 22:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Connection closed by 91.92.40.171 port 48764 [preauth]
Jun 22 22:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Invalid user localhost from 91.92.40.171
Jun 22 22:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: input_userauth_request: invalid user localhost [preauth]
Jun 22 22:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session closed for user root
Jun 22 22:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user localhost from 91.92.40.171 port 46256 ssh2
Jun 22 22:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Connection closed by 91.92.40.171 port 46256 [preauth]
Jun 22 22:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: Invalid user sam from 91.92.40.171
Jun 22 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: input_userauth_request: invalid user sam [preauth]
Jun 22 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: Failed password for invalid user sam from 91.92.40.171 port 46364 ssh2
Jun 22 22:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: Connection closed by 91.92.40.171 port 46364 [preauth]
Jun 22 22:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Invalid user jenkins from 91.92.40.171
Jun 22 22:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: input_userauth_request: invalid user jenkins [preauth]
Jun 22 22:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Failed password for invalid user jenkins from 91.92.40.171 port 48130 ssh2
Jun 22 22:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Connection closed by 91.92.40.171 port 48130 [preauth]
Jun 22 22:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32763]: Invalid user user from 91.92.40.171
Jun 22 22:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32763]: input_userauth_request: invalid user user [preauth]
Jun 22 22:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32763]: Failed password for invalid user user from 91.92.40.171 port 48168 ssh2
Jun 22 22:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32763]: Connection closed by 91.92.40.171 port 48168 [preauth]
Jun 22 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: Invalid user uftp from 91.92.40.171
Jun 22 22:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: input_userauth_request: invalid user uftp [preauth]
Jun 22 22:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: Failed password for invalid user uftp from 91.92.40.171 port 34878 ssh2
Jun 22 22:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: Connection closed by 91.92.40.171 port 34878 [preauth]
Jun 22 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: Invalid user splunk from 91.92.40.171
Jun 22 22:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: input_userauth_request: invalid user splunk [preauth]
Jun 22 22:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[327]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[397]: Successful su for rubyman by root
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[397]: + ??? root:rubyman
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573612 of user rubyman.
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[397]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573612.
Jun 22 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: Failed password for invalid user splunk from 91.92.40.171 port 34926 ssh2
Jun 22 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: Connection closed by 91.92.40.171 port 34926 [preauth]
Jun 22 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session closed for user root
Jun 22 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Failed password for root from 91.92.40.171 port 45320 ssh2
Jun 22 22:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Connection closed by 91.92.40.171 port 45320 [preauth]
Jun 22 22:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Invalid user user from 91.92.40.171
Jun 22 22:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: input_userauth_request: invalid user user [preauth]
Jun 22 22:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Failed password for invalid user user from 91.92.40.171 port 45436 ssh2
Jun 22 22:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Connection closed by 91.92.40.171 port 45436 [preauth]
Jun 22 22:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Invalid user crafty from 91.92.40.171
Jun 22 22:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: input_userauth_request: invalid user crafty [preauth]
Jun 22 22:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Failed password for invalid user crafty from 91.92.40.171 port 34192 ssh2
Jun 22 22:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Connection closed by 91.92.40.171 port 34192 [preauth]
Jun 22 22:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: Invalid user gpadmin from 91.92.40.171
Jun 22 22:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: input_userauth_request: invalid user gpadmin [preauth]
Jun 22 22:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: Failed password for invalid user gpadmin from 91.92.40.171 port 45490 ssh2
Jun 22 22:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: Connection closed by 91.92.40.171 port 45490 [preauth]
Jun 22 22:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: Invalid user odoo14 from 91.92.40.171
Jun 22 22:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: input_userauth_request: invalid user odoo14 [preauth]
Jun 22 22:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: Failed password for invalid user odoo14 from 91.92.40.171 port 45522 ssh2
Jun 22 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: Connection closed by 91.92.40.171 port 45522 [preauth]
Jun 22 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: Invalid user config from 91.92.40.171
Jun 22 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: input_userauth_request: invalid user config [preauth]
Jun 22 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31904]: pam_unix(cron:session): session closed for user root
Jun 22 22:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: Failed password for invalid user config from 91.92.40.171 port 39072 ssh2
Jun 22 22:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: Connection closed by 91.92.40.171 port 39072 [preauth]
Jun 22 22:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: Invalid user pi from 91.92.40.171
Jun 22 22:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: input_userauth_request: invalid user pi [preauth]
Jun 22 22:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: Failed password for invalid user pi from 91.92.40.171 port 39148 ssh2
Jun 22 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: Connection closed by 91.92.40.171 port 39148 [preauth]
Jun 22 22:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Invalid user support from 91.92.40.171
Jun 22 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: input_userauth_request: invalid user support [preauth]
Jun 22 22:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Failed password for invalid user support from 91.92.40.171 port 40528 ssh2
Jun 22 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Connection closed by 91.92.40.171 port 40528 [preauth]
Jun 22 22:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: Invalid user minecraft from 91.92.40.171
Jun 22 22:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 22:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: Failed password for invalid user minecraft from 91.92.40.171 port 40574 ssh2
Jun 22 22:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: Connection closed by 91.92.40.171 port 40574 [preauth]
Jun 22 22:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: Invalid user fahmi from 91.92.40.171
Jun 22 22:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: input_userauth_request: invalid user fahmi [preauth]
Jun 22 22:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: Failed password for invalid user fahmi from 91.92.40.171 port 41474 ssh2
Jun 22 22:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: Connection closed by 91.92.40.171 port 41474 [preauth]
Jun 22 22:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[909]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[976]: Successful su for rubyman by root
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[976]: + ??? root:rubyman
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573615 of user rubyman.
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[976]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573615.
Jun 22 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: Failed password for root from 91.92.40.171 port 41594 ssh2
Jun 22 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: Connection closed by 91.92.40.171 port 41594 [preauth]
Jun 22 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30389]: pam_unix(cron:session): session closed for user root
Jun 22 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Invalid user debian from 91.92.40.171
Jun 22 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: input_userauth_request: invalid user debian [preauth]
Jun 22 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[910]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Failed password for invalid user debian from 91.92.40.171 port 37018 ssh2
Jun 22 22:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Connection closed by 91.92.40.171 port 37018 [preauth]
Jun 22 22:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: Invalid user pi from 91.92.40.171
Jun 22 22:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: input_userauth_request: invalid user pi [preauth]
Jun 22 22:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: Received disconnect from 62.210.189.225 port 55284:11: disconnected by user [preauth]
Jun 22 22:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1212]: Disconnected from 62.210.189.225 port 55284 [preauth]
Jun 22 22:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: Failed password for invalid user pi from 91.92.40.171 port 37042 ssh2
Jun 22 22:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: Connection closed by 91.92.40.171 port 37042 [preauth]
Jun 22 22:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Invalid user admin1 from 91.92.40.171
Jun 22 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Failed password for invalid user admin1 from 91.92.40.171 port 34162 ssh2
Jun 22 22:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Connection closed by 91.92.40.171 port 34162 [preauth]
Jun 22 22:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: Invalid user grok from 91.92.40.171
Jun 22 22:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: input_userauth_request: invalid user grok [preauth]
Jun 22 22:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: Failed password for invalid user grok from 91.92.40.171 port 40546 ssh2
Jun 22 22:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: Connection closed by 91.92.40.171 port 40546 [preauth]
Jun 22 22:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: Invalid user gg from 91.92.40.171
Jun 22 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: input_userauth_request: invalid user gg [preauth]
Jun 22 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: Failed password for invalid user gg from 91.92.40.171 port 40676 ssh2
Jun 22 22:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: Connection closed by 91.92.40.171 port 40676 [preauth]
Jun 22 22:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32357]: pam_unix(cron:session): session closed for user root
Jun 22 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: User mysql from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: input_userauth_request: invalid user mysql [preauth]
Jun 22 22:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=mysql
Jun 22 22:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Failed password for invalid user mysql from 91.92.40.171 port 35016 ssh2
Jun 22 22:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Connection closed by 91.92.40.171 port 35016 [preauth]
Jun 22 22:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Invalid user bob from 91.92.40.171
Jun 22 22:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: input_userauth_request: invalid user bob [preauth]
Jun 22 22:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Failed password for invalid user bob from 91.92.40.171 port 35092 ssh2
Jun 22 22:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Connection closed by 91.92.40.171 port 35092 [preauth]
Jun 22 22:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Invalid user labuser from 91.92.40.171
Jun 22 22:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: input_userauth_request: invalid user labuser [preauth]
Jun 22 22:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Failed password for invalid user labuser from 91.92.40.171 port 48842 ssh2
Jun 22 22:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Connection closed by 91.92.40.171 port 48842 [preauth]
Jun 22 22:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Failed password for root from 91.92.40.171 port 48880 ssh2
Jun 22 22:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Connection closed by 91.92.40.171 port 48880 [preauth]
Jun 22 22:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Invalid user adminuser from 91.92.40.171
Jun 22 22:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: input_userauth_request: invalid user adminuser [preauth]
Jun 22 22:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Failed password for invalid user adminuser from 91.92.40.171 port 52472 ssh2
Jun 22 22:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Connection closed by 91.92.40.171 port 52472 [preauth]
Jun 22 22:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1419]: pam_unix(cron:session): session closed for user root
Jun 22 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1579]: Successful su for rubyman by root
Jun 22 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1579]: + ??? root:rubyman
Jun 22 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573624 of user rubyman.
Jun 22 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1579]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573624.
Jun 22 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Failed password for root from 91.92.40.171 port 60428 ssh2
Jun 22 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Connection closed by 91.92.40.171 port 60428 [preauth]
Jun 22 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30824]: pam_unix(cron:session): session closed for user root
Jun 22 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1414]: pam_unix(cron:session): session closed for user root
Jun 22 22:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Invalid user vyos from 91.92.40.171
Jun 22 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: input_userauth_request: invalid user vyos [preauth]
Jun 22 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1413]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Failed password for invalid user vyos from 91.92.40.171 port 60444 ssh2
Jun 22 22:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Connection closed by 91.92.40.171 port 60444 [preauth]
Jun 22 22:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Invalid user sam from 91.92.40.171
Jun 22 22:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: input_userauth_request: invalid user sam [preauth]
Jun 22 22:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Failed password for invalid user sam from 91.92.40.171 port 43812 ssh2
Jun 22 22:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Connection closed by 91.92.40.171 port 43812 [preauth]
Jun 22 22:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: Invalid user amir from 91.92.40.171
Jun 22 22:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: input_userauth_request: invalid user amir [preauth]
Jun 22 22:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: Failed password for root from 38.55.97.143 port 58006 ssh2
Jun 22 22:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: Connection closed by 38.55.97.143 port 58006 [preauth]
Jun 22 22:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: Failed password for invalid user amir from 91.92.40.171 port 43880 ssh2
Jun 22 22:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: Connection closed by 91.92.40.171 port 43880 [preauth]
Jun 22 22:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Failed password for root from 91.92.40.171 port 52580 ssh2
Jun 22 22:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Connection closed by 91.92.40.171 port 52580 [preauth]
Jun 22 22:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Invalid user admin2 from 91.92.40.171
Jun 22 22:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: input_userauth_request: invalid user admin2 [preauth]
Jun 22 22:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Failed password for invalid user admin2 from 91.92.40.171 port 52680 ssh2
Jun 22 22:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Connection closed by 91.92.40.171 port 52680 [preauth]
Jun 22 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session closed for user root
Jun 22 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1930]: User nobody from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 22:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1930]: input_userauth_request: invalid user nobody [preauth]
Jun 22 22:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=nobody
Jun 22 22:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1930]: Failed password for invalid user nobody from 91.92.40.171 port 36830 ssh2
Jun 22 22:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1930]: Connection closed by 91.92.40.171 port 36830 [preauth]
Jun 22 22:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Invalid user ec2-user from 91.92.40.171
Jun 22 22:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: input_userauth_request: invalid user ec2-user [preauth]
Jun 22 22:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Failed password for invalid user ec2-user from 91.92.40.171 port 36898 ssh2
Jun 22 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Connection closed by 91.92.40.171 port 36898 [preauth]
Jun 22 22:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: Invalid user botuser from 91.92.40.171
Jun 22 22:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: input_userauth_request: invalid user botuser [preauth]
Jun 22 22:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: Failed password for invalid user botuser from 91.92.40.171 port 58348 ssh2
Jun 22 22:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: Connection closed by 91.92.40.171 port 58348 [preauth]
Jun 22 22:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: Invalid user user1 from 91.92.40.171
Jun 22 22:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: input_userauth_request: invalid user user1 [preauth]
Jun 22 22:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: Failed password for invalid user user1 from 91.92.40.171 port 32996 ssh2
Jun 22 22:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2010]: Connection closed by 91.92.40.171 port 32996 [preauth]
Jun 22 22:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Invalid user gabriel from 91.92.40.171
Jun 22 22:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: input_userauth_request: invalid user gabriel [preauth]
Jun 22 22:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Failed password for invalid user gabriel from 91.92.40.171 port 33056 ssh2
Jun 22 22:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Connection closed by 91.92.40.171 port 33056 [preauth]
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2047]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2123]: Successful su for rubyman by root
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2123]: + ??? root:rubyman
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573626 of user rubyman.
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2123]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573626.
Jun 22 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: Failed password for root from 91.92.40.171 port 40574 ssh2
Jun 22 22:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: Connection closed by 91.92.40.171 port 40574 [preauth]
Jun 22 22:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session closed for user root
Jun 22 22:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2048]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Failed password for root from 91.92.40.171 port 40642 ssh2
Jun 22 22:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Connection closed by 91.92.40.171 port 40642 [preauth]
Jun 22 22:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Invalid user operator from 91.92.40.171
Jun 22 22:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: input_userauth_request: invalid user operator [preauth]
Jun 22 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Failed password for invalid user operator from 91.92.40.171 port 49984 ssh2
Jun 22 22:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Connection closed by 91.92.40.171 port 49984 [preauth]
Jun 22 22:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Invalid user azureuser from 91.92.40.171
Jun 22 22:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: input_userauth_request: invalid user azureuser [preauth]
Jun 22 22:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Failed password for invalid user azureuser from 91.92.40.171 port 50074 ssh2
Jun 22 22:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Connection closed by 91.92.40.171 port 50074 [preauth]
Jun 22 22:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Invalid user deploy from 91.92.40.171
Jun 22 22:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: input_userauth_request: invalid user deploy [preauth]
Jun 22 22:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Failed password for invalid user deploy from 91.92.40.171 port 48768 ssh2
Jun 22 22:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Connection closed by 91.92.40.171 port 48768 [preauth]
Jun 22 22:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Invalid user deploy from 91.92.40.171
Jun 22 22:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: input_userauth_request: invalid user deploy [preauth]
Jun 22 22:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Failed password for invalid user deploy from 91.92.40.171 port 48836 ssh2
Jun 22 22:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Connection closed by 91.92.40.171 port 48836 [preauth]
Jun 22 22:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[912]: pam_unix(cron:session): session closed for user root
Jun 22 22:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: Invalid user sysupdate from 91.92.40.171
Jun 22 22:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: input_userauth_request: invalid user sysupdate [preauth]
Jun 22 22:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: Failed password for invalid user sysupdate from 91.92.40.171 port 33740 ssh2
Jun 22 22:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: Connection closed by 91.92.40.171 port 33740 [preauth]
Jun 22 22:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: Invalid user appuser from 91.92.40.171
Jun 22 22:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: input_userauth_request: invalid user appuser [preauth]
Jun 22 22:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: Failed password for invalid user appuser from 91.92.40.171 port 33790 ssh2
Jun 22 22:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: Connection closed by 91.92.40.171 port 33790 [preauth]
Jun 22 22:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: Invalid user admin from 91.92.40.171
Jun 22 22:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: Failed password for invalid user admin from 91.92.40.171 port 54958 ssh2
Jun 22 22:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: Connection closed by 91.92.40.171 port 54958 [preauth]
Jun 22 22:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Invalid user openclaw from 91.92.40.171
Jun 22 22:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 22:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Failed password for invalid user openclaw from 91.92.40.171 port 44420 ssh2
Jun 22 22:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Connection closed by 91.92.40.171 port 44420 [preauth]
Jun 22 22:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Failed password for root from 91.92.40.171 port 44534 ssh2
Jun 22 22:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Connection closed by 91.92.40.171 port 44534 [preauth]
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: Successful su for rubyman by root
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: + ??? root:rubyman
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573630 of user rubyman.
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573630.
Jun 22 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Invalid user guest from 91.92.40.171
Jun 22 22:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: input_userauth_request: invalid user guest [preauth]
Jun 22 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31903]: pam_unix(cron:session): session closed for user root
Jun 22 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2506]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Failed password for invalid user guest from 91.92.40.171 port 46232 ssh2
Jun 22 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Connection closed by 91.92.40.171 port 46232 [preauth]
Jun 22 22:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Invalid user frappe from 91.92.40.171
Jun 22 22:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: input_userauth_request: invalid user frappe [preauth]
Jun 22 22:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Failed password for invalid user frappe from 91.92.40.171 port 46276 ssh2
Jun 22 22:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Connection closed by 91.92.40.171 port 46276 [preauth]
Jun 22 22:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: Invalid user pi from 91.92.40.171
Jun 22 22:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: input_userauth_request: invalid user pi [preauth]
Jun 22 22:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: Failed password for invalid user pi from 91.92.40.171 port 41024 ssh2
Jun 22 22:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: Connection closed by 91.92.40.171 port 41024 [preauth]
Jun 22 22:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: Invalid user amin from 91.92.40.171
Jun 22 22:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: input_userauth_request: invalid user amin [preauth]
Jun 22 22:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: Failed password for invalid user amin from 91.92.40.171 port 41106 ssh2
Jun 22 22:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: Connection closed by 91.92.40.171 port 41106 [preauth]
Jun 22 22:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Invalid user packer from 91.92.40.171
Jun 22 22:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: input_userauth_request: invalid user packer [preauth]
Jun 22 22:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Failed password for invalid user packer from 91.92.40.171 port 55164 ssh2
Jun 22 22:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Connection closed by 91.92.40.171 port 55164 [preauth]
Jun 22 22:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Failed password for root from 91.92.40.171 port 55214 ssh2
Jun 22 22:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Connection closed by 91.92.40.171 port 55214 [preauth]
Jun 22 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1416]: pam_unix(cron:session): session closed for user root
Jun 22 22:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: Invalid user deploy from 91.92.40.171
Jun 22 22:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: input_userauth_request: invalid user deploy [preauth]
Jun 22 22:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: Failed password for invalid user deploy from 91.92.40.171 port 37262 ssh2
Jun 22 22:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: Connection closed by 91.92.40.171 port 37262 [preauth]
Jun 22 22:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: Invalid user test from 91.92.40.171
Jun 22 22:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: input_userauth_request: invalid user test [preauth]
Jun 22 22:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: Failed password for invalid user test from 91.92.40.171 port 48446 ssh2
Jun 22 22:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: Connection closed by 91.92.40.171 port 48446 [preauth]
Jun 22 22:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2909]: Failed password for root from 91.92.40.171 port 48490 ssh2
Jun 22 22:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2909]: Connection closed by 91.92.40.171 port 48490 [preauth]
Jun 22 22:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: Invalid user es from 91.92.40.171
Jun 22 22:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: input_userauth_request: invalid user es [preauth]
Jun 22 22:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: Failed password for invalid user es from 91.92.40.171 port 52458 ssh2
Jun 22 22:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: Connection closed by 91.92.40.171 port 52458 [preauth]
Jun 22 22:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: Failed password for root from 91.92.40.171 port 52510 ssh2
Jun 22 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: Connection closed by 91.92.40.171 port 52510 [preauth]
Jun 22 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2944]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3004]: Successful su for rubyman by root
Jun 22 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3004]: + ??? root:rubyman
Jun 22 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573633 of user rubyman.
Jun 22 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3004]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573633.
Jun 22 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32356]: pam_unix(cron:session): session closed for user root
Jun 22 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Invalid user wyy from 186.96.158.180
Jun 22 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: input_userauth_request: invalid user wyy [preauth]
Jun 22 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2945]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: Failed password for root from 91.92.40.171 port 40080 ssh2
Jun 22 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3032]: Connection closed by 91.92.40.171 port 40080 [preauth]
Jun 22 22:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Failed password for invalid user wyy from 186.96.158.180 port 59341 ssh2
Jun 22 22:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Received disconnect from 186.96.158.180 port 59341:11: Bye Bye [preauth]
Jun 22 22:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Disconnected from 186.96.158.180 port 59341 [preauth]
Jun 22 22:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: Invalid user pi from 91.92.40.171
Jun 22 22:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: input_userauth_request: invalid user pi [preauth]
Jun 22 22:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: Failed password for invalid user pi from 91.92.40.171 port 40122 ssh2
Jun 22 22:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: Connection closed by 91.92.40.171 port 40122 [preauth]
Jun 22 22:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: Invalid user dolphinscheduler from 91.92.40.171
Jun 22 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 22 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: Failed password for invalid user dolphinscheduler from 91.92.40.171 port 40040 ssh2
Jun 22 22:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: Connection closed by 91.92.40.171 port 40040 [preauth]
Jun 22 22:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Invalid user plex from 91.92.40.171
Jun 22 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: input_userauth_request: invalid user plex [preauth]
Jun 22 22:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Failed password for invalid user plex from 91.92.40.171 port 40074 ssh2
Jun 22 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Connection closed by 91.92.40.171 port 40074 [preauth]
Jun 22 22:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Failed password for root from 91.92.40.171 port 58782 ssh2
Jun 22 22:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Connection closed by 91.92.40.171 port 58782 [preauth]
Jun 22 22:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: Invalid user media from 91.92.40.171
Jun 22 22:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: input_userauth_request: invalid user media [preauth]
Jun 22 22:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: Failed password for invalid user media from 91.92.40.171 port 58864 ssh2
Jun 22 22:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: Connection closed by 91.92.40.171 port 58864 [preauth]
Jun 22 22:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session closed for user root
Jun 22 22:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: Failed password for root from 91.92.40.171 port 36306 ssh2
Jun 22 22:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Failed password for root from 38.55.97.143 port 59576 ssh2
Jun 22 22:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: Connection closed by 91.92.40.171 port 36306 [preauth]
Jun 22 22:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Connection closed by 38.55.97.143 port 59576 [preauth]
Jun 22 22:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Invalid user martin from 91.92.40.171
Jun 22 22:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: input_userauth_request: invalid user martin [preauth]
Jun 22 22:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Failed password for invalid user martin from 91.92.40.171 port 36344 ssh2
Jun 22 22:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Connection closed by 91.92.40.171 port 36344 [preauth]
Jun 22 22:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Invalid user ftpuser1 from 91.92.40.171
Jun 22 22:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 22 22:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Failed password for invalid user ftpuser1 from 91.92.40.171 port 58810 ssh2
Jun 22 22:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Connection closed by 91.92.40.171 port 58810 [preauth]
Jun 22 22:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: Invalid user odoo14 from 91.92.40.171
Jun 22 22:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: input_userauth_request: invalid user odoo14 [preauth]
Jun 22 22:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: Failed password for invalid user odoo14 from 91.92.40.171 port 58852 ssh2
Jun 22 22:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: Connection closed by 91.92.40.171 port 58852 [preauth]
Jun 22 22:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: Failed password for root from 91.92.40.171 port 41802 ssh2
Jun 22 22:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: Connection closed by 91.92.40.171 port 41802 [preauth]
Jun 22 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3370]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: Invalid user frappe from 91.92.40.171
Jun 22 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: input_userauth_request: invalid user frappe [preauth]
Jun 22 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3429]: Successful su for rubyman by root
Jun 22 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3429]: + ??? root:rubyman
Jun 22 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573639 of user rubyman.
Jun 22 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3429]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573639.
Jun 22 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session closed for user root
Jun 22 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: Failed password for invalid user frappe from 91.92.40.171 port 56028 ssh2
Jun 22 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: Connection closed by 91.92.40.171 port 56028 [preauth]
Jun 22 22:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3371]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Invalid user admin from 91.92.40.171
Jun 22 22:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Failed password for invalid user admin from 91.92.40.171 port 56062 ssh2
Jun 22 22:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Connection closed by 91.92.40.171 port 56062 [preauth]
Jun 22 22:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: Invalid user newuser from 91.92.40.171
Jun 22 22:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: input_userauth_request: invalid user newuser [preauth]
Jun 22 22:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: Failed password for invalid user newuser from 91.92.40.171 port 40476 ssh2
Jun 22 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: Connection closed by 91.92.40.171 port 40476 [preauth]
Jun 22 22:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Invalid user frappe from 91.92.40.171
Jun 22 22:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: input_userauth_request: invalid user frappe [preauth]
Jun 22 22:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Failed password for invalid user frappe from 91.92.40.171 port 40556 ssh2
Jun 22 22:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Connection closed by 91.92.40.171 port 40556 [preauth]
Jun 22 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: Invalid user username from 91.92.40.171
Jun 22 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: input_userauth_request: invalid user username [preauth]
Jun 22 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: Failed password for invalid user username from 91.92.40.171 port 60816 ssh2
Jun 22 22:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: Connection closed by 91.92.40.171 port 60816 [preauth]
Jun 22 22:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Invalid user debian from 91.92.40.171
Jun 22 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: input_userauth_request: invalid user debian [preauth]
Jun 22 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Failed password for invalid user debian from 91.92.40.171 port 60862 ssh2
Jun 22 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Connection closed by 91.92.40.171 port 60862 [preauth]
Jun 22 22:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session closed for user root
Jun 22 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Invalid user ethan from 91.92.40.171
Jun 22 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: input_userauth_request: invalid user ethan [preauth]
Jun 22 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Failed password for invalid user ethan from 91.92.40.171 port 33436 ssh2
Jun 22 22:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Connection closed by 91.92.40.171 port 33436 [preauth]
Jun 22 22:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: Invalid user admin from 91.92.40.171
Jun 22 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: Invalid user admin from 2.57.121.25
Jun 22 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: Failed password for invalid user admin from 91.92.40.171 port 33476 ssh2
Jun 22 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: Connection closed by 91.92.40.171 port 33476 [preauth]
Jun 22 22:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: Failed password for invalid user admin from 2.57.121.25 port 21354 ssh2
Jun 22 22:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: Failed password for invalid user admin from 2.57.121.25 port 21354 ssh2
Jun 22 22:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Invalid user aiuser from 91.92.40.171
Jun 22 22:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: input_userauth_request: invalid user aiuser [preauth]
Jun 22 22:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: Failed password for invalid user admin from 2.57.121.25 port 21354 ssh2
Jun 22 22:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Failed password for invalid user aiuser from 91.92.40.171 port 47386 ssh2
Jun 22 22:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: Connection closed by 2.57.121.25 port 21354 [preauth]
Jun 22 22:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3828]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 22 22:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Connection closed by 91.92.40.171 port 47386 [preauth]
Jun 22 22:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: Invalid user dev from 91.92.40.171
Jun 22 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: input_userauth_request: invalid user dev [preauth]
Jun 22 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: Failed password for invalid user dev from 91.92.40.171 port 47438 ssh2
Jun 22 22:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: Connection closed by 91.92.40.171 port 47438 [preauth]
Jun 22 22:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: Invalid user tom from 91.92.40.171
Jun 22 22:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: input_userauth_request: invalid user tom [preauth]
Jun 22 22:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: Failed password for invalid user tom from 91.92.40.171 port 38366 ssh2
Jun 22 22:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: Connection closed by 91.92.40.171 port 38366 [preauth]
Jun 22 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session closed for user root
Jun 22 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Invalid user ansible from 91.92.40.171
Jun 22 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: input_userauth_request: invalid user ansible [preauth]
Jun 22 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4060]: Successful su for rubyman by root
Jun 22 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4060]: + ??? root:rubyman
Jun 22 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573645 of user rubyman.
Jun 22 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4060]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573645.
Jun 22 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Failed password for invalid user ansible from 91.92.40.171 port 40564 ssh2
Jun 22 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[911]: pam_unix(cron:session): session closed for user root
Jun 22 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session closed for user root
Jun 22 22:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Connection closed by 91.92.40.171 port 40564 [preauth]
Jun 22 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Invalid user sdadmin from 91.92.40.171
Jun 22 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: input_userauth_request: invalid user sdadmin [preauth]
Jun 22 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Failed password for invalid user sdadmin from 91.92.40.171 port 40630 ssh2
Jun 22 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Connection closed by 91.92.40.171 port 40630 [preauth]
Jun 22 22:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: Invalid user tester from 91.92.40.171
Jun 22 22:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: input_userauth_request: invalid user tester [preauth]
Jun 22 22:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: Failed password for invalid user tester from 91.92.40.171 port 38364 ssh2
Jun 22 22:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: Connection closed by 91.92.40.171 port 38364 [preauth]
Jun 22 22:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: Failed password for root from 91.92.40.171 port 38432 ssh2
Jun 22 22:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: Connection closed by 91.92.40.171 port 38432 [preauth]
Jun 22 22:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: Invalid user admin from 91.92.40.171
Jun 22 22:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: Failed password for invalid user admin from 91.92.40.171 port 42644 ssh2
Jun 22 22:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4327]: Connection closed by 91.92.40.171 port 42644 [preauth]
Jun 22 22:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4355]: Invalid user frank from 91.92.40.171
Jun 22 22:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4355]: input_userauth_request: invalid user frank [preauth]
Jun 22 22:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4355]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4355]: Failed password for invalid user frank from 91.92.40.171 port 42686 ssh2
Jun 22 22:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4355]: Connection closed by 91.92.40.171 port 42686 [preauth]
Jun 22 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2947]: pam_unix(cron:session): session closed for user root
Jun 22 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: Failed password for invalid user ubuntu from 91.92.40.171 port 43482 ssh2
Jun 22 22:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: Connection closed by 91.92.40.171 port 43482 [preauth]
Jun 22 22:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: Invalid user user1 from 91.92.40.171
Jun 22 22:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: input_userauth_request: invalid user user1 [preauth]
Jun 22 22:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: Failed password for invalid user user1 from 91.92.40.171 port 43526 ssh2
Jun 22 22:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: Connection closed by 91.92.40.171 port 43526 [preauth]
Jun 22 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: Failed password for root from 91.92.40.171 port 56792 ssh2
Jun 22 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: Connection closed by 91.92.40.171 port 56792 [preauth]
Jun 22 22:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Failed password for invalid user ubuntu from 91.92.40.171 port 56844 ssh2
Jun 22 22:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Connection closed by 91.92.40.171 port 56844 [preauth]
Jun 22 22:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: Invalid user user from 91.92.40.171
Jun 22 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: input_userauth_request: invalid user user [preauth]
Jun 22 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: Failed password for invalid user user from 91.92.40.171 port 45956 ssh2
Jun 22 22:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: Connection closed by 91.92.40.171 port 45956 [preauth]
Jun 22 22:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4451]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Invalid user root1 from 91.92.40.171
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: input_userauth_request: invalid user root1 [preauth]
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4518]: Successful su for rubyman by root
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4518]: + ??? root:rubyman
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573647 of user rubyman.
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4518]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573647.
Jun 22 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Failed password for invalid user root1 from 91.92.40.171 port 46008 ssh2
Jun 22 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Connection closed by 91.92.40.171 port 46008 [preauth]
Jun 22 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1415]: pam_unix(cron:session): session closed for user root
Jun 22 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4452]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Invalid user user2 from 91.92.40.171
Jun 22 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: input_userauth_request: invalid user user2 [preauth]
Jun 22 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Failed password for invalid user user2 from 91.92.40.171 port 58530 ssh2
Jun 22 22:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Connection closed by 91.92.40.171 port 58530 [preauth]
Jun 22 22:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Invalid user claude from 91.92.40.171
Jun 22 22:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: input_userauth_request: invalid user claude [preauth]
Jun 22 22:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Failed password for invalid user claude from 91.92.40.171 port 44860 ssh2
Jun 22 22:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Connection closed by 91.92.40.171 port 44860 [preauth]
Jun 22 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Failed password for root from 91.92.40.171 port 44906 ssh2
Jun 22 22:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Connection closed by 91.92.40.171 port 44906 [preauth]
Jun 22 22:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Invalid user dmdba from 91.92.40.171
Jun 22 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: input_userauth_request: invalid user dmdba [preauth]
Jun 22 22:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Failed password for invalid user dmdba from 91.92.40.171 port 36682 ssh2
Jun 22 22:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Connection closed by 91.92.40.171 port 36682 [preauth]
Jun 22 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Invalid user centreon from 91.92.40.171
Jun 22 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: input_userauth_request: invalid user centreon [preauth]
Jun 22 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Failed password for invalid user centreon from 91.92.40.171 port 36706 ssh2
Jun 22 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Connection closed by 91.92.40.171 port 36706 [preauth]
Jun 22 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: User vncuser from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: input_userauth_request: invalid user vncuser [preauth]
Jun 22 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3373]: pam_unix(cron:session): session closed for user root
Jun 22 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=vncuser
Jun 22 22:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: Failed password for invalid user vncuser from 91.92.40.171 port 51432 ssh2
Jun 22 22:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: Connection closed by 91.92.40.171 port 51432 [preauth]
Jun 22 22:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: Invalid user www from 91.92.40.171
Jun 22 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: input_userauth_request: invalid user www [preauth]
Jun 22 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: Failed password for invalid user www from 91.92.40.171 port 51482 ssh2
Jun 22 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: Connection closed by 91.92.40.171 port 51482 [preauth]
Jun 22 22:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Invalid user dspace from 91.92.40.171
Jun 22 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: input_userauth_request: invalid user dspace [preauth]
Jun 22 22:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Failed password for invalid user dspace from 91.92.40.171 port 52908 ssh2
Jun 22 22:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Connection closed by 91.92.40.171 port 52908 [preauth]
Jun 22 22:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: Invalid user master from 91.92.40.171
Jun 22 22:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: input_userauth_request: invalid user master [preauth]
Jun 22 22:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: Failed password for invalid user master from 91.92.40.171 port 52988 ssh2
Jun 22 22:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: Connection closed by 91.92.40.171 port 52988 [preauth]
Jun 22 22:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 22:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: Failed password for root from 38.55.97.143 port 39304 ssh2
Jun 22 22:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: Connection closed by 38.55.97.143 port 39304 [preauth]
Jun 22 22:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4987]: Invalid user sysupdate from 91.92.40.171
Jun 22 22:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4987]: input_userauth_request: invalid user sysupdate [preauth]
Jun 22 22:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4987]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4987]: Failed password for invalid user sysupdate from 91.92.40.171 port 46228 ssh2
Jun 22 22:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4987]: Connection closed by 91.92.40.171 port 46228 [preauth]
Jun 22 22:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4997]: Invalid user openclaw from 91.92.40.171
Jun 22 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4997]: input_userauth_request: invalid user openclaw [preauth]
Jun 22 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4997]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5008]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5066]: Successful su for rubyman by root
Jun 22 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5066]: + ??? root:rubyman
Jun 22 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573651 of user rubyman.
Jun 22 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5066]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573651.
Jun 22 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4997]: Failed password for invalid user openclaw from 91.92.40.171 port 46274 ssh2
Jun 22 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4997]: Connection closed by 91.92.40.171 port 46274 [preauth]
Jun 22 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2050]: pam_unix(cron:session): session closed for user root
Jun 22 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5009]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5239]: Invalid user gns3 from 91.92.40.171
Jun 22 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5239]: input_userauth_request: invalid user gns3 [preauth]
Jun 22 22:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5239]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5239]: Failed password for invalid user gns3 from 91.92.40.171 port 44628 ssh2
Jun 22 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5239]: Connection closed by 91.92.40.171 port 44628 [preauth]
Jun 22 22:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: Invalid user administrator from 91.92.40.171
Jun 22 22:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: input_userauth_request: invalid user administrator [preauth]
Jun 22 22:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: Failed password for invalid user administrator from 91.92.40.171 port 60286 ssh2
Jun 22 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: Connection closed by 91.92.40.171 port 60286 [preauth]
Jun 22 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Invalid user openvpn from 91.92.40.171
Jun 22 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: input_userauth_request: invalid user openvpn [preauth]
Jun 22 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Failed password for invalid user openvpn from 91.92.40.171 port 60394 ssh2
Jun 22 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Connection closed by 91.92.40.171 port 60394 [preauth]
Jun 22 22:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Invalid user nexus from 91.92.40.171
Jun 22 22:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: input_userauth_request: invalid user nexus [preauth]
Jun 22 22:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Failed password for invalid user nexus from 91.92.40.171 port 49242 ssh2
Jun 22 22:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Connection closed by 91.92.40.171 port 49242 [preauth]
Jun 22 22:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Invalid user admin from 91.92.40.171
Jun 22 22:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: input_userauth_request: invalid user admin [preauth]
Jun 22 22:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Failed password for invalid user admin from 91.92.40.171 port 49300 ssh2
Jun 22 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Connection closed by 91.92.40.171 port 49300 [preauth]
Jun 22 22:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session closed for user root
Jun 22 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: User ftp from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: input_userauth_request: invalid user ftp [preauth]
Jun 22 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=ftp
Jun 22 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.126.224  user=root
Jun 22 22:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Failed password for invalid user ftp from 91.92.40.171 port 35132 ssh2
Jun 22 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Connection closed by 91.92.40.171 port 35132 [preauth]
Jun 22 22:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Failed password for root from 64.226.126.224 port 54040 ssh2
Jun 22 22:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Failed password for root from 64.226.126.224 port 54040 ssh2
Jun 22 22:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: Failed password for root from 91.92.40.171 port 35198 ssh2
Jun 22 22:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: Connection closed by 91.92.40.171 port 35198 [preauth]
Jun 22 22:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Failed password for root from 64.226.126.224 port 54040 ssh2
Jun 22 22:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Failed password for root from 64.226.126.224 port 54040 ssh2
Jun 22 22:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Failed password for root from 64.226.126.224 port 54040 ssh2
Jun 22 22:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Failed password for root from 91.92.40.171 port 57292 ssh2
Jun 22 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Connection closed by 91.92.40.171 port 57292 [preauth]
Jun 22 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Failed password for root from 64.226.126.224 port 54040 ssh2
Jun 22 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: error: maximum authentication attempts exceeded for root from 64.226.126.224 port 54040 ssh2 [preauth]
Jun 22 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Disconnecting: Too many authentication failures [preauth]
Jun 22 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.126.224  user=root
Jun 22 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.126.224  user=root
Jun 22 22:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Failed password for root from 64.226.126.224 port 45450 ssh2
Jun 22 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5415]: Invalid user system from 91.92.40.171
Jun 22 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5415]: input_userauth_request: invalid user system [preauth]
Jun 22 22:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5415]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Failed password for root from 64.226.126.224 port 45450 ssh2
Jun 22 22:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5415]: Failed password for invalid user system from 91.92.40.171 port 57358 ssh2
Jun 22 22:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5415]: Connection closed by 91.92.40.171 port 57358 [preauth]
Jun 22 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Failed password for root from 64.226.126.224 port 45450 ssh2
Jun 22 22:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5426]: Invalid user ftpuser from 91.92.40.171
Jun 22 22:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5426]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 22:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5426]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Failed password for root from 64.226.126.224 port 45450 ssh2
Jun 22 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5426]: Failed password for invalid user ftpuser from 91.92.40.171 port 44592 ssh2
Jun 22 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5426]: Connection closed by 91.92.40.171 port 44592 [preauth]
Jun 22 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Failed password for root from 64.226.126.224 port 45450 ssh2
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5438]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: Successful su for rubyman by root
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: + ??? root:rubyman
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573655 of user rubyman.
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573655.
Jun 22 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Failed password for root from 64.226.126.224 port 45450 ssh2
Jun 22 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: error: maximum authentication attempts exceeded for root from 64.226.126.224 port 45450 ssh2 [preauth]
Jun 22 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Disconnecting: Too many authentication failures [preauth]
Jun 22 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.126.224  user=root
Jun 22 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: Invalid user node from 91.92.40.171
Jun 22 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: input_userauth_request: invalid user node [preauth]
Jun 22 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session closed for user root
Jun 22 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: Failed password for invalid user node from 91.92.40.171 port 59450 ssh2
Jun 22 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: Connection closed by 91.92.40.171 port 59450 [preauth]
Jun 22 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5439]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: Invalid user frappe from 91.92.40.171
Jun 22 22:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: input_userauth_request: invalid user frappe [preauth]
Jun 22 22:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: Failed password for invalid user frappe from 91.92.40.171 port 59504 ssh2
Jun 22 22:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: Connection closed by 91.92.40.171 port 59504 [preauth]
Jun 22 22:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.126.224  user=root
Jun 22 22:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for root from 64.226.126.224 port 42994 ssh2
Jun 22 22:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for root from 64.226.126.224 port 42994 ssh2
Jun 22 22:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: Failed password for root from 91.92.40.171 port 52370 ssh2
Jun 22 22:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: Connection closed by 91.92.40.171 port 52370 [preauth]
Jun 22 22:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for root from 64.226.126.224 port 42994 ssh2
Jun 22 22:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for root from 64.226.126.224 port 42994 ssh2
Jun 22 22:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for root from 64.226.126.224 port 42994 ssh2
Jun 22 22:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Failed password for root from 91.92.40.171 port 52444 ssh2
Jun 22 22:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Connection closed by 91.92.40.171 port 52444 [preauth]
Jun 22 22:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for root from 64.226.126.224 port 42994 ssh2
Jun 22 22:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: error: maximum authentication attempts exceeded for root from 64.226.126.224 port 42994 ssh2 [preauth]
Jun 22 22:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Disconnecting: Too many authentication failures [preauth]
Jun 22 22:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.126.224  user=root
Jun 22 22:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 22:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.126.224  user=root
Jun 22 22:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: Failed password for root from 64.226.126.224 port 53010 ssh2
Jun 22 22:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: Received disconnect from 64.226.126.224 port 53010:11: disconnected by user [preauth]
Jun 22 22:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: Disconnected from 64.226.126.224 port 53010 [preauth]
Jun 22 22:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Failed password for root from 91.92.40.171 port 58574 ssh2
Jun 22 22:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Connection closed by 91.92.40.171 port 58574 [preauth]
Jun 22 22:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Invalid user test from 91.92.40.171
Jun 22 22:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: input_userauth_request: invalid user test [preauth]
Jun 22 22:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Failed password for invalid user test from 91.92.40.171 port 58598 ssh2
Jun 22 22:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Connection closed by 91.92.40.171 port 58598 [preauth]
Jun 22 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session closed for user root
Jun 22 22:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Failed password for root from 91.92.40.171 port 57270 ssh2
Jun 22 22:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Connection closed by 91.92.40.171 port 57270 [preauth]
Jun 22 22:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: Invalid user debian from 91.92.40.171
Jun 22 22:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: input_userauth_request: invalid user debian [preauth]
Jun 22 22:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: Failed password for invalid user debian from 91.92.40.171 port 57350 ssh2
Jun 22 22:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: Connection closed by 91.92.40.171 port 57350 [preauth]
Jun 22 22:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: Invalid user core from 91.92.40.171
Jun 22 22:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: input_userauth_request: invalid user core [preauth]
Jun 22 22:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: Failed password for invalid user core from 91.92.40.171 port 52994 ssh2
Jun 22 22:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: Connection closed by 91.92.40.171 port 52994 [preauth]
Jun 22 22:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5828]: Invalid user odoo16 from 91.92.40.171
Jun 22 22:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5828]: input_userauth_request: invalid user odoo16 [preauth]
Jun 22 22:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5828]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5828]: Failed password for invalid user odoo16 from 91.92.40.171 port 53680 ssh2
Jun 22 22:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5828]: Connection closed by 91.92.40.171 port 53680 [preauth]
Jun 22 22:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5842]: Failed password for root from 91.92.40.171 port 53750 ssh2
Jun 22 22:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5842]: Connection closed by 91.92.40.171 port 53750 [preauth]
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5854]: pam_unix(cron:session): session closed for user p13x
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5913]: Successful su for rubyman by root
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5913]: + ??? root:rubyman
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573659 of user rubyman.
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5913]: pam_unix(su:session): session closed for user rubyman
Jun 22 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573659.
Jun 22 22:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Invalid user vagrant from 91.92.40.171
Jun 22 22:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: input_userauth_request: invalid user vagrant [preauth]
Jun 22 22:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2946]: pam_unix(cron:session): session closed for user root
Jun 22 22:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5855]: pam_unix(cron:session): session closed for user samftp
Jun 22 22:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Failed password for invalid user vagrant from 91.92.40.171 port 40970 ssh2
Jun 22 22:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Connection closed by 91.92.40.171 port 40970 [preauth]
Jun 22 22:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: Failed password for root from 91.92.40.171 port 41000 ssh2
Jun 22 22:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: Connection closed by 91.92.40.171 port 41000 [preauth]
Jun 22 22:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: Received disconnect from 186.233.184.67 port 60712:11: disconnected by user [preauth]
Jun 22 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: Disconnected from 186.233.184.67 port 60712 [preauth]
Jun 22 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6115]: Failed password for root from 91.92.40.171 port 33336 ssh2
Jun 22 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6115]: Connection closed by 91.92.40.171 port 33336 [preauth]
Jun 22 22:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Invalid user cyber from 186.96.158.180
Jun 22 22:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: input_userauth_request: invalid user cyber [preauth]
Jun 22 22:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 22:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Failed password for invalid user cyber from 186.96.158.180 port 32439 ssh2
Jun 22 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: Failed password for root from 91.92.40.171 port 33434 ssh2
Jun 22 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Received disconnect from 186.96.158.180 port 32439:11: Bye Bye [preauth]
Jun 22 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Disconnected from 186.96.158.180 port 32439 [preauth]
Jun 22 22:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: Connection closed by 91.92.40.171 port 33434 [preauth]
Jun 22 22:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Invalid user ubuntu from 91.92.40.171
Jun 22 22:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 22:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Failed password for invalid user ubuntu from 91.92.40.171 port 54112 ssh2
Jun 22 22:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Connection closed by 91.92.40.171 port 54112 [preauth]
Jun 22 22:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Failed password for root from 91.92.40.171 port 54204 ssh2
Jun 22 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Connection closed by 91.92.40.171 port 54204 [preauth]
Jun 22 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5011]: pam_unix(cron:session): session closed for user root
Jun 22 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 22 22:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Failed password for root from 80.66.85.226 port 55258 ssh2
Jun 22 22:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Connection closed by 80.66.85.226 port 55258 [preauth]
Jun 22 22:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: Invalid user app from 91.92.40.171
Jun 22 22:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: input_userauth_request: invalid user app [preauth]
Jun 22 22:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: Failed password for invalid user app from 91.92.40.171 port 45146 ssh2
Jun 22 22:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: Connection closed by 91.92.40.171 port 45146 [preauth]
Jun 22 22:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Invalid user postgres from 91.92.40.171
Jun 22 22:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: input_userauth_request: invalid user postgres [preauth]
Jun 22 22:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Failed password for invalid user postgres from 91.92.40.171 port 57752 ssh2
Jun 22 22:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Connection closed by 91.92.40.171 port 57752 [preauth]
Jun 22 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Invalid user ts from 91.92.40.171
Jun 22 22:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: input_userauth_request: invalid user ts [preauth]
Jun 22 22:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Failed password for invalid user ts from 91.92.40.171 port 57762 ssh2
Jun 22 22:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Connection closed by 91.92.40.171 port 57762 [preauth]
Jun 22 22:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: Invalid user osmc from 91.92.40.171
Jun 22 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: input_userauth_request: invalid user osmc [preauth]
Jun 22 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 22:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: Failed password for invalid user osmc from 91.92.40.171 port 47114 ssh2
Jun 22 22:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: Connection closed by 91.92.40.171 port 47114 [preauth]
Jun 22 22:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 22:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: Failed password for root from 91.92.40.171 port 47164 ssh2
Jun 22 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: Connection closed by 91.92.40.171 port 47164 [preauth]
Jun 22 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6281]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6281]: pam_unix(cron:session): session closed for user root
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6277]: pam_unix(cron:session): session closed for user root
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: Successful su for rubyman by root
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: + ??? root:rubyman
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573667 of user rubyman.
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573667.
Jun 22 23:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: Invalid user test from 91.92.40.171
Jun 22 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: input_userauth_request: invalid user test [preauth]
Jun 22 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3372]: pam_unix(cron:session): session closed for user root
Jun 22 23:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6278]: pam_unix(cron:session): session closed for user root
Jun 22 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: Failed password for invalid user test from 91.92.40.171 port 38020 ssh2
Jun 22 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: Connection closed by 91.92.40.171 port 38020 [preauth]
Jun 22 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Invalid user dev from 91.92.40.171
Jun 22 23:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: input_userauth_request: invalid user dev [preauth]
Jun 22 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Failed password for invalid user dev from 91.92.40.171 port 38034 ssh2
Jun 22 23:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Connection closed by 91.92.40.171 port 38034 [preauth]
Jun 22 23:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Failed password for root from 91.92.40.171 port 37074 ssh2
Jun 22 23:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Connection closed by 91.92.40.171 port 37074 [preauth]
Jun 22 23:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: Invalid user home from 91.92.40.171
Jun 22 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: input_userauth_request: invalid user home [preauth]
Jun 22 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 23:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: Failed password for invalid user home from 91.92.40.171 port 37166 ssh2
Jun 22 23:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: Failed password for root from 38.55.97.143 port 43098 ssh2
Jun 22 23:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: Connection closed by 91.92.40.171 port 37166 [preauth]
Jun 22 23:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: Connection closed by 38.55.97.143 port 43098 [preauth]
Jun 22 23:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6636]: Invalid user alex from 91.92.40.171
Jun 22 23:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6636]: input_userauth_request: invalid user alex [preauth]
Jun 22 23:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6636]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6636]: Failed password for invalid user alex from 91.92.40.171 port 50234 ssh2
Jun 22 23:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6636]: Connection closed by 91.92.40.171 port 50234 [preauth]
Jun 22 23:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5441]: pam_unix(cron:session): session closed for user root
Jun 22 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6658]: Failed password for root from 91.92.40.171 port 50258 ssh2
Jun 22 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6658]: Connection closed by 91.92.40.171 port 50258 [preauth]
Jun 22 23:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Invalid user deployer from 91.92.40.171
Jun 22 23:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: input_userauth_request: invalid user deployer [preauth]
Jun 22 23:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Failed password for invalid user deployer from 91.92.40.171 port 44614 ssh2
Jun 22 23:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Connection closed by 91.92.40.171 port 44614 [preauth]
Jun 22 23:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Failed password for root from 91.92.40.171 port 49892 ssh2
Jun 22 23:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Connection closed by 91.92.40.171 port 49892 [preauth]
Jun 22 23:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6762]: Invalid user claude from 91.92.40.171
Jun 22 23:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6762]: input_userauth_request: invalid user claude [preauth]
Jun 22 23:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6762]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6762]: Failed password for invalid user claude from 91.92.40.171 port 49940 ssh2
Jun 22 23:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6762]: Connection closed by 91.92.40.171 port 49940 [preauth]
Jun 22 23:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Invalid user user from 91.92.40.171
Jun 22 23:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: input_userauth_request: invalid user user [preauth]
Jun 22 23:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Failed password for invalid user user from 91.92.40.171 port 46152 ssh2
Jun 22 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Connection closed by 91.92.40.171 port 46152 [preauth]
Jun 22 23:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Invalid user wizard from 91.92.40.171
Jun 22 23:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: input_userauth_request: invalid user wizard [preauth]
Jun 22 23:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Failed password for invalid user wizard from 91.92.40.171 port 46190 ssh2
Jun 22 23:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Connection closed by 91.92.40.171 port 46190 [preauth]
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6805]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6873]: Successful su for rubyman by root
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6873]: + ??? root:rubyman
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573672 of user rubyman.
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6873]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573672.
Jun 22 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session closed for user root
Jun 22 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Failed password for root from 91.92.40.171 port 60358 ssh2
Jun 22 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Connection closed by 91.92.40.171 port 60358 [preauth]
Jun 22 23:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: Invalid user developer from 91.92.40.171
Jun 22 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: input_userauth_request: invalid user developer [preauth]
Jun 22 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: Failed password for invalid user developer from 91.92.40.171 port 60450 ssh2
Jun 22 23:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: Connection closed by 91.92.40.171 port 60450 [preauth]
Jun 22 23:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7172]: User john from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 23:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7172]: input_userauth_request: invalid user john [preauth]
Jun 22 23:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=john
Jun 22 23:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7172]: Failed password for invalid user john from 91.92.40.171 port 35428 ssh2
Jun 22 23:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7172]: Connection closed by 91.92.40.171 port 35428 [preauth]
Jun 22 23:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: Invalid user admin from 91.92.40.171
Jun 22 23:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: input_userauth_request: invalid user admin [preauth]
Jun 22 23:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: Failed password for invalid user admin from 91.92.40.171 port 35448 ssh2
Jun 22 23:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7188]: Connection closed by 91.92.40.171 port 35448 [preauth]
Jun 22 23:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Invalid user milad from 91.92.40.171
Jun 22 23:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: input_userauth_request: invalid user milad [preauth]
Jun 22 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Failed password for invalid user milad from 91.92.40.171 port 51358 ssh2
Jun 22 23:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Connection closed by 91.92.40.171 port 51358 [preauth]
Jun 22 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5857]: pam_unix(cron:session): session closed for user root
Jun 22 23:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Failed password for root from 91.92.40.171 port 45452 ssh2
Jun 22 23:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Connection closed by 91.92.40.171 port 45452 [preauth]
Jun 22 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7257]: Invalid user installer from 91.92.40.171
Jun 22 23:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7257]: input_userauth_request: invalid user installer [preauth]
Jun 22 23:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7257]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7257]: Failed password for invalid user installer from 91.92.40.171 port 45544 ssh2
Jun 22 23:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7257]: Connection closed by 91.92.40.171 port 45544 [preauth]
Jun 22 23:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: Failed password for root from 91.92.40.171 port 55552 ssh2
Jun 22 23:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: Connection closed by 91.92.40.171 port 55552 [preauth]
Jun 22 23:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: Invalid user git from 91.92.40.171
Jun 22 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: input_userauth_request: invalid user git [preauth]
Jun 22 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: Failed password for invalid user git from 91.92.40.171 port 55570 ssh2
Jun 22 23:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: Connection closed by 91.92.40.171 port 55570 [preauth]
Jun 22 23:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Invalid user system from 91.92.40.171
Jun 22 23:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: input_userauth_request: invalid user system [preauth]
Jun 22 23:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Failed password for invalid user system from 91.92.40.171 port 58236 ssh2
Jun 22 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Connection closed by 91.92.40.171 port 58236 [preauth]
Jun 22 23:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Invalid user deployer from 91.92.40.171
Jun 22 23:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: input_userauth_request: invalid user deployer [preauth]
Jun 22 23:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Failed password for invalid user deployer from 91.92.40.171 port 58304 ssh2
Jun 22 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7390]: Successful su for rubyman by root
Jun 22 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7390]: + ??? root:rubyman
Jun 22 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573674 of user rubyman.
Jun 22 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7390]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573674.
Jun 22 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Connection closed by 91.92.40.171 port 58304 [preauth]
Jun 22 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session closed for user root
Jun 22 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: Invalid user rocky from 91.92.40.171
Jun 22 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: input_userauth_request: invalid user rocky [preauth]
Jun 22 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: Failed password for invalid user rocky from 91.92.40.171 port 57786 ssh2
Jun 22 23:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: Connection closed by 91.92.40.171 port 57786 [preauth]
Jun 22 23:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Invalid user prefect from 91.92.40.171
Jun 22 23:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: input_userauth_request: invalid user prefect [preauth]
Jun 22 23:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Failed password for invalid user prefect from 91.92.40.171 port 57848 ssh2
Jun 22 23:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Connection closed by 91.92.40.171 port 57848 [preauth]
Jun 22 23:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Invalid user user from 91.92.40.171
Jun 22 23:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: input_userauth_request: invalid user user [preauth]
Jun 22 23:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Failed password for invalid user user from 91.92.40.171 port 39580 ssh2
Jun 22 23:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Connection closed by 91.92.40.171 port 39580 [preauth]
Jun 22 23:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7636]: Invalid user admin2 from 91.92.40.171
Jun 22 23:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7636]: input_userauth_request: invalid user admin2 [preauth]
Jun 22 23:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7636]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7636]: Failed password for invalid user admin2 from 91.92.40.171 port 33000 ssh2
Jun 22 23:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7636]: Connection closed by 91.92.40.171 port 33000 [preauth]
Jun 22 23:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 23:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7640]: Failed password for root from 193.24.211.107 port 50956 ssh2
Jun 22 23:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7640]: Received disconnect from 193.24.211.107 port 50956:11: Client disconnecting normally [preauth]
Jun 22 23:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7640]: Disconnected from 193.24.211.107 port 50956 [preauth]
Jun 22 23:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: Failed password for root from 91.92.40.171 port 33022 ssh2
Jun 22 23:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: Connection closed by 91.92.40.171 port 33022 [preauth]
Jun 22 23:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: Failed password for root from 91.92.40.171 port 33186 ssh2
Jun 22 23:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: Connection closed by 91.92.40.171 port 33186 [preauth]
Jun 22 23:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session closed for user root
Jun 22 23:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Invalid user testuser from 91.92.40.171
Jun 22 23:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: input_userauth_request: invalid user testuser [preauth]
Jun 22 23:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Failed password for invalid user testuser from 91.92.40.171 port 33244 ssh2
Jun 22 23:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Connection closed by 91.92.40.171 port 33244 [preauth]
Jun 22 23:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Invalid user test1 from 91.92.40.171
Jun 22 23:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: input_userauth_request: invalid user test1 [preauth]
Jun 22 23:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Failed password for invalid user test1 from 91.92.40.171 port 40670 ssh2
Jun 22 23:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Connection closed by 91.92.40.171 port 40670 [preauth]
Jun 22 23:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Invalid user frappe from 91.92.40.171
Jun 22 23:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: input_userauth_request: invalid user frappe [preauth]
Jun 22 23:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Failed password for invalid user frappe from 91.92.40.171 port 40698 ssh2
Jun 22 23:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Connection closed by 91.92.40.171 port 40698 [preauth]
Jun 22 23:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Invalid user root1 from 91.92.40.171
Jun 22 23:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: input_userauth_request: invalid user root1 [preauth]
Jun 22 23:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Failed password for invalid user root1 from 91.92.40.171 port 55680 ssh2
Jun 22 23:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Connection closed by 91.92.40.171 port 55680 [preauth]
Jun 22 23:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: Invalid user ubuntu from 91.92.40.171
Jun 22 23:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7842]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7900]: Successful su for rubyman by root
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7900]: + ??? root:rubyman
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573678 of user rubyman.
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7900]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573678.
Jun 22 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: Failed password for invalid user ubuntu from 91.92.40.171 port 55726 ssh2
Jun 22 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: Connection closed by 91.92.40.171 port 55726 [preauth]
Jun 22 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5010]: pam_unix(cron:session): session closed for user root
Jun 22 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: Invalid user minecraft from 91.92.40.171
Jun 22 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7843]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: Failed password for invalid user minecraft from 91.92.40.171 port 59264 ssh2
Jun 22 23:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: Connection closed by 91.92.40.171 port 59264 [preauth]
Jun 22 23:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Invalid user elastic from 91.92.40.171
Jun 22 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: input_userauth_request: invalid user elastic [preauth]
Jun 22 23:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 22 23:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for invalid user elastic from 91.92.40.171 port 59308 ssh2
Jun 22 23:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 91.92.40.171 port 59308 [preauth]
Jun 22 23:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: Failed password for root from 103.153.68.219 port 45648 ssh2
Jun 22 23:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8090]: Connection closed by 103.153.68.219 port 45648 [preauth]
Jun 22 23:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Invalid user root1 from 91.92.40.171
Jun 22 23:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: input_userauth_request: invalid user root1 [preauth]
Jun 22 23:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Failed password for invalid user root1 from 91.92.40.171 port 55928 ssh2
Jun 22 23:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Connection closed by 91.92.40.171 port 55928 [preauth]
Jun 22 23:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Invalid user ubuntu from 91.92.40.171
Jun 22 23:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Failed password for invalid user ubuntu from 91.92.40.171 port 33220 ssh2
Jun 22 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Connection closed by 91.92.40.171 port 33220 [preauth]
Jun 22 23:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: Invalid user bot from 91.92.40.171
Jun 22 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: input_userauth_request: invalid user bot [preauth]
Jun 22 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: Failed password for invalid user bot from 91.92.40.171 port 33276 ssh2
Jun 22 23:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: Connection closed by 91.92.40.171 port 33276 [preauth]
Jun 22 23:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session closed for user root
Jun 22 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: Invalid user test2 from 91.92.40.171
Jun 22 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: input_userauth_request: invalid user test2 [preauth]
Jun 22 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: Failed password for invalid user test2 from 91.92.40.171 port 42736 ssh2
Jun 22 23:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: Connection closed by 91.92.40.171 port 42736 [preauth]
Jun 22 23:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Invalid user azureuser from 91.92.40.171
Jun 22 23:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: input_userauth_request: invalid user azureuser [preauth]
Jun 22 23:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Failed password for invalid user azureuser from 91.92.40.171 port 42796 ssh2
Jun 22 23:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Connection closed by 91.92.40.171 port 42796 [preauth]
Jun 22 23:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 23:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: Failed password for root from 91.92.40.171 port 45960 ssh2
Jun 22 23:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: Failed password for root from 38.55.97.143 port 45276 ssh2
Jun 22 23:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: Connection closed by 91.92.40.171 port 45960 [preauth]
Jun 22 23:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: Connection closed by 38.55.97.143 port 45276 [preauth]
Jun 22 23:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Invalid user test from 91.92.40.171
Jun 22 23:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: input_userauth_request: invalid user test [preauth]
Jun 22 23:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Failed password for invalid user test from 91.92.40.171 port 46010 ssh2
Jun 22 23:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Connection closed by 91.92.40.171 port 46010 [preauth]
Jun 22 23:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: Invalid user gabriel from 91.92.40.171
Jun 22 23:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: input_userauth_request: invalid user gabriel [preauth]
Jun 22 23:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: Failed password for invalid user gabriel from 91.92.40.171 port 45552 ssh2
Jun 22 23:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: Connection closed by 91.92.40.171 port 45552 [preauth]
Jun 22 23:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Invalid user postgres from 91.92.40.171
Jun 22 23:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: input_userauth_request: invalid user postgres [preauth]
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8318]: Successful su for rubyman by root
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8318]: + ??? root:rubyman
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573682 of user rubyman.
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8318]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573682.
Jun 22 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Failed password for invalid user postgres from 91.92.40.171 port 45584 ssh2
Jun 22 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Connection closed by 91.92.40.171 port 45584 [preauth]
Jun 22 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session closed for user root
Jun 22 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8262]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: Invalid user deploy from 91.92.40.171
Jun 22 23:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: input_userauth_request: invalid user deploy [preauth]
Jun 22 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: Failed password for invalid user deploy from 91.92.40.171 port 44238 ssh2
Jun 22 23:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: Connection closed by 91.92.40.171 port 44238 [preauth]
Jun 22 23:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: Invalid user user from 91.92.40.171
Jun 22 23:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: input_userauth_request: invalid user user [preauth]
Jun 22 23:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: Failed password for invalid user user from 91.92.40.171 port 44302 ssh2
Jun 22 23:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: Connection closed by 91.92.40.171 port 44302 [preauth]
Jun 22 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Invalid user ubuntu from 91.92.40.171
Jun 22 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Failed password for invalid user ubuntu from 91.92.40.171 port 43536 ssh2
Jun 22 23:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Connection closed by 91.92.40.171 port 43536 [preauth]
Jun 22 23:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8544]: Failed password for root from 91.92.40.171 port 56434 ssh2
Jun 22 23:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8544]: Connection closed by 91.92.40.171 port 56434 [preauth]
Jun 22 23:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Failed password for root from 91.92.40.171 port 56526 ssh2
Jun 22 23:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Connection closed by 91.92.40.171 port 56526 [preauth]
Jun 22 23:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Invalid user deployer from 91.92.40.171
Jun 22 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: input_userauth_request: invalid user deployer [preauth]
Jun 22 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7328]: pam_unix(cron:session): session closed for user root
Jun 22 23:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Failed password for invalid user deployer from 91.92.40.171 port 34672 ssh2
Jun 22 23:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Connection closed by 91.92.40.171 port 34672 [preauth]
Jun 22 23:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Invalid user developer from 91.92.40.171
Jun 22 23:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: input_userauth_request: invalid user developer [preauth]
Jun 22 23:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Failed password for invalid user developer from 91.92.40.171 port 34738 ssh2
Jun 22 23:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Connection closed by 91.92.40.171 port 34738 [preauth]
Jun 22 23:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: Invalid user user1 from 91.92.40.171
Jun 22 23:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: input_userauth_request: invalid user user1 [preauth]
Jun 22 23:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: Failed password for invalid user user1 from 91.92.40.171 port 38878 ssh2
Jun 22 23:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: Connection closed by 91.92.40.171 port 38878 [preauth]
Jun 22 23:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: Invalid user git from 91.92.40.171
Jun 22 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: input_userauth_request: invalid user git [preauth]
Jun 22 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: Failed password for invalid user git from 91.92.40.171 port 38934 ssh2
Jun 22 23:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: Connection closed by 91.92.40.171 port 38934 [preauth]
Jun 22 23:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: Invalid user rancher from 91.92.40.171
Jun 22 23:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: input_userauth_request: invalid user rancher [preauth]
Jun 22 23:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: Failed password for invalid user rancher from 91.92.40.171 port 48156 ssh2
Jun 22 23:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: Connection closed by 91.92.40.171 port 48156 [preauth]
Jun 22 23:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8681]: pam_unix(cron:session): session closed for user root
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8676]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8745]: Successful su for rubyman by root
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8745]: + ??? root:rubyman
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573688 of user rubyman.
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8745]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573688.
Jun 22 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: Failed password for root from 91.92.40.171 port 48228 ssh2
Jun 22 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: Connection closed by 91.92.40.171 port 48228 [preauth]
Jun 22 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5856]: pam_unix(cron:session): session closed for user root
Jun 22 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8678]: pam_unix(cron:session): session closed for user root
Jun 22 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: Invalid user minecraft from 91.92.40.171
Jun 22 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8677]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: Failed password for invalid user minecraft from 91.92.40.171 port 35028 ssh2
Jun 22 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: Connection closed by 91.92.40.171 port 35028 [preauth]
Jun 22 23:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Invalid user test from 91.92.40.171
Jun 22 23:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: input_userauth_request: invalid user test [preauth]
Jun 22 23:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Failed password for invalid user test from 91.92.40.171 port 35078 ssh2
Jun 22 23:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Connection closed by 91.92.40.171 port 35078 [preauth]
Jun 22 23:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Invalid user runner from 91.92.40.171
Jun 22 23:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: input_userauth_request: invalid user runner [preauth]
Jun 22 23:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Failed password for invalid user runner from 91.92.40.171 port 60498 ssh2
Jun 22 23:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Connection closed by 91.92.40.171 port 60498 [preauth]
Jun 22 23:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: User nobody from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 23:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: input_userauth_request: invalid user nobody [preauth]
Jun 22 23:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=nobody
Jun 22 23:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: Failed password for invalid user nobody from 91.92.40.171 port 47530 ssh2
Jun 22 23:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: Connection closed by 91.92.40.171 port 47530 [preauth]
Jun 22 23:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9026]: Invalid user mohammad from 91.92.40.171
Jun 22 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9026]: input_userauth_request: invalid user mohammad [preauth]
Jun 22 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9026]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9026]: Failed password for invalid user mohammad from 91.92.40.171 port 47652 ssh2
Jun 22 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9026]: Connection closed by 91.92.40.171 port 47652 [preauth]
Jun 22 23:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Invalid user nagios from 91.92.40.171
Jun 22 23:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: input_userauth_request: invalid user nagios [preauth]
Jun 22 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7845]: pam_unix(cron:session): session closed for user root
Jun 22 23:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Failed password for invalid user nagios from 91.92.40.171 port 53106 ssh2
Jun 22 23:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Connection closed by 91.92.40.171 port 53106 [preauth]
Jun 22 23:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: Invalid user abc from 186.96.158.180
Jun 22 23:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: input_userauth_request: invalid user abc [preauth]
Jun 22 23:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 22 23:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: Failed password for invalid user abc from 186.96.158.180 port 30445 ssh2
Jun 22 23:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: Received disconnect from 186.96.158.180 port 30445:11: Bye Bye [preauth]
Jun 22 23:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: Disconnected from 186.96.158.180 port 30445 [preauth]
Jun 22 23:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Invalid user app from 91.92.40.171
Jun 22 23:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: input_userauth_request: invalid user app [preauth]
Jun 22 23:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Failed password for invalid user app from 91.92.40.171 port 53170 ssh2
Jun 22 23:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Connection closed by 91.92.40.171 port 53170 [preauth]
Jun 22 23:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9081]: Invalid user rock from 91.92.40.171
Jun 22 23:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9081]: input_userauth_request: invalid user rock [preauth]
Jun 22 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9081]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9081]: Failed password for invalid user rock from 91.92.40.171 port 56984 ssh2
Jun 22 23:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9081]: Connection closed by 91.92.40.171 port 56984 [preauth]
Jun 22 23:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Failed password for root from 91.92.40.171 port 57028 ssh2
Jun 22 23:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Connection closed by 91.92.40.171 port 57028 [preauth]
Jun 22 23:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: Invalid user operator from 91.92.40.171
Jun 22 23:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: input_userauth_request: invalid user operator [preauth]
Jun 22 23:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: Failed password for invalid user operator from 91.92.40.171 port 35628 ssh2
Jun 22 23:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: Connection closed by 91.92.40.171 port 35628 [preauth]
Jun 22 23:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Invalid user ivan from 91.92.40.171
Jun 22 23:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: input_userauth_request: invalid user ivan [preauth]
Jun 22 23:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9127]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9195]: Successful su for rubyman by root
Jun 22 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9195]: + ??? root:rubyman
Jun 22 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573692 of user rubyman.
Jun 22 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9195]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573692.
Jun 22 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Failed password for invalid user ivan from 91.92.40.171 port 35742 ssh2
Jun 22 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Connection closed by 91.92.40.171 port 35742 [preauth]
Jun 22 23:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: Invalid user nutanix from 91.92.40.171
Jun 22 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: input_userauth_request: invalid user nutanix [preauth]
Jun 22 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session closed for user root
Jun 22 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9128]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: Failed password for invalid user nutanix from 91.92.40.171 port 40732 ssh2
Jun 22 23:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: Connection closed by 91.92.40.171 port 40732 [preauth]
Jun 22 23:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: Invalid user sftpuser from 91.92.40.171
Jun 22 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: input_userauth_request: invalid user sftpuser [preauth]
Jun 22 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: Failed password for invalid user sftpuser from 91.92.40.171 port 40790 ssh2
Jun 22 23:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: Connection closed by 91.92.40.171 port 40790 [preauth]
Jun 22 23:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: Failed password for root from 91.92.40.171 port 56472 ssh2
Jun 22 23:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: Connection closed by 91.92.40.171 port 56472 [preauth]
Jun 22 23:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: Invalid user ducc0x from 91.92.40.171
Jun 22 23:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: input_userauth_request: invalid user ducc0x [preauth]
Jun 22 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: Failed password for invalid user ducc0x from 91.92.40.171 port 48794 ssh2
Jun 22 23:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: Connection closed by 91.92.40.171 port 48794 [preauth]
Jun 22 23:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Invalid user clawdbot from 91.92.40.171
Jun 22 23:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: input_userauth_request: invalid user clawdbot [preauth]
Jun 22 23:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Failed password for invalid user clawdbot from 91.92.40.171 port 48872 ssh2
Jun 22 23:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Connection closed by 91.92.40.171 port 48872 [preauth]
Jun 22 23:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8264]: pam_unix(cron:session): session closed for user root
Jun 22 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: Invalid user user from 91.92.40.171
Jun 22 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: input_userauth_request: invalid user user [preauth]
Jun 22 23:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: Failed password for invalid user user from 91.92.40.171 port 50740 ssh2
Jun 22 23:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: Connection closed by 91.92.40.171 port 50740 [preauth]
Jun 22 23:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: Invalid user fastuser from 91.92.40.171
Jun 22 23:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: input_userauth_request: invalid user fastuser [preauth]
Jun 22 23:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: Failed password for invalid user fastuser from 91.92.40.171 port 50780 ssh2
Jun 22 23:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: Connection closed by 91.92.40.171 port 50780 [preauth]
Jun 22 23:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: Invalid user www from 91.92.40.171
Jun 22 23:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: input_userauth_request: invalid user www [preauth]
Jun 22 23:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: Failed password for invalid user www from 91.92.40.171 port 60490 ssh2
Jun 22 23:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: Connection closed by 91.92.40.171 port 60490 [preauth]
Jun 22 23:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Invalid user username from 91.92.40.171
Jun 22 23:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: input_userauth_request: invalid user username [preauth]
Jun 22 23:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Failed password for invalid user username from 91.92.40.171 port 60526 ssh2
Jun 22 23:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Connection closed by 91.92.40.171 port 60526 [preauth]
Jun 22 23:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: User ftp from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 23:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: input_userauth_request: invalid user ftp [preauth]
Jun 22 23:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=ftp
Jun 22 23:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Received disconnect from 157.173.100.92 port 36598:11: disconnected by user [preauth]
Jun 22 23:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Disconnected from 157.173.100.92 port 36598 [preauth]
Jun 22 23:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 23:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: Failed password for invalid user ftp from 91.92.40.171 port 59458 ssh2
Jun 22 23:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: Connection closed by 91.92.40.171 port 59458 [preauth]
Jun 22 23:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: Failed password for root from 38.55.97.143 port 52256 ssh2
Jun 22 23:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: Connection closed by 38.55.97.143 port 52256 [preauth]
Jun 22 23:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Invalid user odoo17 from 91.92.40.171
Jun 22 23:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: input_userauth_request: invalid user odoo17 [preauth]
Jun 22 23:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9550]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9614]: Successful su for rubyman by root
Jun 22 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9614]: + ??? root:rubyman
Jun 22 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573698 of user rubyman.
Jun 22 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9614]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573698.
Jun 22 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Failed password for invalid user odoo17 from 91.92.40.171 port 59524 ssh2
Jun 22 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Connection closed by 91.92.40.171 port 59524 [preauth]
Jun 22 23:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session closed for user root
Jun 22 23:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: Invalid user playground from 91.92.40.171
Jun 22 23:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: input_userauth_request: invalid user playground [preauth]
Jun 22 23:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9551]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: Failed password for invalid user playground from 91.92.40.171 port 37778 ssh2
Jun 22 23:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: Connection closed by 91.92.40.171 port 37778 [preauth]
Jun 22 23:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: Invalid user debian from 91.92.40.171
Jun 22 23:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: input_userauth_request: invalid user debian [preauth]
Jun 22 23:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: Failed password for invalid user debian from 91.92.40.171 port 37798 ssh2
Jun 22 23:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9802]: Connection closed by 91.92.40.171 port 37798 [preauth]
Jun 22 23:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9826]: Failed password for root from 91.92.40.171 port 58464 ssh2
Jun 22 23:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9826]: Connection closed by 91.92.40.171 port 58464 [preauth]
Jun 22 23:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: Failed password for root from 91.92.40.171 port 58496 ssh2
Jun 22 23:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: Connection closed by 91.92.40.171 port 58496 [preauth]
Jun 22 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: Failed password for root from 91.92.40.171 port 36350 ssh2
Jun 22 23:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: Connection closed by 91.92.40.171 port 36350 [preauth]
Jun 22 23:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Invalid user ftpuser from 91.92.40.171
Jun 22 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8680]: pam_unix(cron:session): session closed for user root
Jun 22 23:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Failed password for invalid user ftpuser from 91.92.40.171 port 42190 ssh2
Jun 22 23:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Connection closed by 91.92.40.171 port 42190 [preauth]
Jun 22 23:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Failed password for root from 91.92.40.171 port 42252 ssh2
Jun 22 23:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Connection closed by 91.92.40.171 port 42252 [preauth]
Jun 22 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: Invalid user cloud from 91.92.40.171
Jun 22 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: input_userauth_request: invalid user cloud [preauth]
Jun 22 23:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: Failed password for invalid user cloud from 91.92.40.171 port 53104 ssh2
Jun 22 23:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: Connection closed by 91.92.40.171 port 53104 [preauth]
Jun 22 23:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10113]: Invalid user deploy from 91.92.40.171
Jun 22 23:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10113]: input_userauth_request: invalid user deploy [preauth]
Jun 22 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10113]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10113]: Failed password for invalid user deploy from 91.92.40.171 port 53162 ssh2
Jun 22 23:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10113]: Connection closed by 91.92.40.171 port 53162 [preauth]
Jun 22 23:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Invalid user ftpuser from 91.92.40.171
Jun 22 23:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 23:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Failed password for invalid user ftpuser from 91.92.40.171 port 55704 ssh2
Jun 22 23:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Connection closed by 91.92.40.171 port 55704 [preauth]
Jun 22 23:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Failed password for root from 91.92.40.171 port 55762 ssh2
Jun 22 23:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Connection closed by 91.92.40.171 port 55762 [preauth]
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10146]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: Successful su for rubyman by root
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: + ??? root:rubyman
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573700 of user rubyman.
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573700.
Jun 22 23:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Invalid user deploy from 91.92.40.171
Jun 22 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: input_userauth_request: invalid user deploy [preauth]
Jun 22 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7327]: pam_unix(cron:session): session closed for user root
Jun 22 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10147]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Failed password for invalid user deploy from 91.92.40.171 port 58216 ssh2
Jun 22 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Connection closed by 91.92.40.171 port 58216 [preauth]
Jun 22 23:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: Invalid user hadoop from 91.92.40.171
Jun 22 23:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: input_userauth_request: invalid user hadoop [preauth]
Jun 22 23:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: Failed password for invalid user hadoop from 91.92.40.171 port 58270 ssh2
Jun 22 23:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: Connection closed by 91.92.40.171 port 58270 [preauth]
Jun 22 23:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Invalid user ubuntu from 91.92.40.171
Jun 22 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Failed password for invalid user ubuntu from 91.92.40.171 port 43296 ssh2
Jun 22 23:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Connection closed by 91.92.40.171 port 43296 [preauth]
Jun 22 23:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: Invalid user minecraft from 91.92.40.171
Jun 22 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: input_userauth_request: invalid user minecraft [preauth]
Jun 22 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: Failed password for invalid user minecraft from 91.92.40.171 port 43334 ssh2
Jun 22 23:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: Connection closed by 91.92.40.171 port 43334 [preauth]
Jun 22 23:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: Invalid user appuser from 91.92.40.171
Jun 22 23:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: input_userauth_request: invalid user appuser [preauth]
Jun 22 23:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: Failed password for invalid user appuser from 91.92.40.171 port 60314 ssh2
Jun 22 23:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: Connection closed by 91.92.40.171 port 60314 [preauth]
Jun 22 23:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9130]: pam_unix(cron:session): session closed for user root
Jun 22 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: Failed password for root from 91.92.40.171 port 45774 ssh2
Jun 22 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: Connection closed by 91.92.40.171 port 45774 [preauth]
Jun 22 23:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: Invalid user sam from 91.92.40.171
Jun 22 23:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: input_userauth_request: invalid user sam [preauth]
Jun 22 23:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: Failed password for invalid user sam from 91.92.40.171 port 45828 ssh2
Jun 22 23:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: Connection closed by 91.92.40.171 port 45828 [preauth]
Jun 22 23:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Invalid user user2 from 91.92.40.171
Jun 22 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: input_userauth_request: invalid user user2 [preauth]
Jun 22 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Failed password for invalid user user2 from 91.92.40.171 port 38162 ssh2
Jun 22 23:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Connection closed by 91.92.40.171 port 38162 [preauth]
Jun 22 23:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Invalid user data from 91.92.40.171
Jun 22 23:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: input_userauth_request: invalid user data [preauth]
Jun 22 23:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Failed password for invalid user data from 91.92.40.171 port 38190 ssh2
Jun 22 23:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Connection closed by 91.92.40.171 port 38190 [preauth]
Jun 22 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Invalid user server from 91.92.40.171
Jun 22 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: input_userauth_request: invalid user server [preauth]
Jun 22 23:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Failed password for invalid user server from 91.92.40.171 port 58312 ssh2
Jun 22 23:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Connection closed by 91.92.40.171 port 58312 [preauth]
Jun 22 23:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10668]: Invalid user ai from 91.92.40.171
Jun 22 23:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10668]: input_userauth_request: invalid user ai [preauth]
Jun 22 23:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10668]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10668]: Failed password for invalid user ai from 91.92.40.171 port 58346 ssh2
Jun 22 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10668]: Connection closed by 91.92.40.171 port 58346 [preauth]
Jun 22 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10679]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10828]: Successful su for rubyman by root
Jun 22 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10828]: + ??? root:rubyman
Jun 22 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573705 of user rubyman.
Jun 22 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10828]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573705.
Jun 22 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session closed for user root
Jun 22 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Invalid user admin1 from 91.92.40.171
Jun 22 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7844]: pam_unix(cron:session): session closed for user root
Jun 22 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Failed password for invalid user admin1 from 91.92.40.171 port 46752 ssh2
Jun 22 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Connection closed by 91.92.40.171 port 46752 [preauth]
Jun 22 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10681]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Invalid user ecommerce from 91.92.40.171
Jun 22 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: input_userauth_request: invalid user ecommerce [preauth]
Jun 22 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Failed password for invalid user ecommerce from 91.92.40.171 port 46786 ssh2
Jun 22 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Connection closed by 91.92.40.171 port 46786 [preauth]
Jun 22 23:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: Invalid user liyang from 91.92.40.171
Jun 22 23:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: input_userauth_request: invalid user liyang [preauth]
Jun 22 23:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: Failed password for invalid user liyang from 91.92.40.171 port 55422 ssh2
Jun 22 23:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: Connection closed by 91.92.40.171 port 55422 [preauth]
Jun 22 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11073]: Invalid user deploy from 91.92.40.171
Jun 22 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11073]: input_userauth_request: invalid user deploy [preauth]
Jun 22 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11073]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11073]: Failed password for invalid user deploy from 91.92.40.171 port 55456 ssh2
Jun 22 23:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11073]: Connection closed by 91.92.40.171 port 55456 [preauth]
Jun 22 23:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11097]: Invalid user odoo from 91.92.40.171
Jun 22 23:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11097]: input_userauth_request: invalid user odoo [preauth]
Jun 22 23:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11097]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11097]: Failed password for invalid user odoo from 91.92.40.171 port 49940 ssh2
Jun 22 23:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11097]: Connection closed by 91.92.40.171 port 49940 [preauth]
Jun 22 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Failed password for root from 91.92.40.171 port 49984 ssh2
Jun 22 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Connection closed by 91.92.40.171 port 49984 [preauth]
Jun 22 23:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9553]: pam_unix(cron:session): session closed for user root
Jun 22 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11134]: Invalid user admin from 91.92.40.171
Jun 22 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11134]: input_userauth_request: invalid user admin [preauth]
Jun 22 23:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11134]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11134]: Failed password for invalid user admin from 91.92.40.171 port 45058 ssh2
Jun 22 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11134]: Connection closed by 91.92.40.171 port 45058 [preauth]
Jun 22 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Invalid user admin1 from 91.92.40.171
Jun 22 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 23:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Failed password for invalid user admin1 from 91.92.40.171 port 45104 ssh2
Jun 22 23:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Connection closed by 91.92.40.171 port 45104 [preauth]
Jun 22 23:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: Invalid user ftpuser from 91.92.40.171
Jun 22 23:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 23:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: Failed password for invalid user ftpuser from 91.92.40.171 port 45148 ssh2
Jun 22 23:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: Connection closed by 91.92.40.171 port 45148 [preauth]
Jun 22 23:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: Invalid user  from 64.62.197.221
Jun 22 23:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: input_userauth_request: invalid user  [preauth]
Jun 22 23:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Invalid user ubuntu from 91.92.40.171
Jun 22 23:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: Connection closed by 64.62.197.221 port 22307 [preauth]
Jun 22 23:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Failed password for invalid user ubuntu from 91.92.40.171 port 45190 ssh2
Jun 22 23:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Connection closed by 91.92.40.171 port 45190 [preauth]
Jun 22 23:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: Invalid user student from 91.92.40.171
Jun 22 23:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: input_userauth_request: invalid user student [preauth]
Jun 22 23:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: Failed password for invalid user student from 91.92.40.171 port 45762 ssh2
Jun 22 23:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: Connection closed by 91.92.40.171 port 45762 [preauth]
Jun 22 23:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: Invalid user student from 91.92.40.171
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: input_userauth_request: invalid user student [preauth]
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11222]: pam_unix(cron:session): session closed for user root
Jun 22 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11217]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11293]: Successful su for rubyman by root
Jun 22 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11293]: + ??? root:rubyman
Jun 22 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573710 of user rubyman.
Jun 22 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11293]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573710.
Jun 22 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: Failed password for invalid user student from 91.92.40.171 port 45820 ssh2
Jun 22 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: Connection closed by 91.92.40.171 port 45820 [preauth]
Jun 22 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11219]: pam_unix(cron:session): session closed for user root
Jun 22 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8263]: pam_unix(cron:session): session closed for user root
Jun 22 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Invalid user admin from 91.92.40.171
Jun 22 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: input_userauth_request: invalid user admin [preauth]
Jun 22 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11218]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Failed password for invalid user admin from 91.92.40.171 port 40674 ssh2
Jun 22 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Connection closed by 91.92.40.171 port 40674 [preauth]
Jun 22 23:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11526]: Failed password for root from 91.92.40.171 port 40708 ssh2
Jun 22 23:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11526]: Connection closed by 91.92.40.171 port 40708 [preauth]
Jun 22 23:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Invalid user cloud from 91.92.40.171
Jun 22 23:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: input_userauth_request: invalid user cloud [preauth]
Jun 22 23:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Failed password for invalid user cloud from 91.92.40.171 port 52368 ssh2
Jun 22 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Connection closed by 91.92.40.171 port 52368 [preauth]
Jun 22 23:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: Invalid user test from 91.92.40.171
Jun 22 23:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: input_userauth_request: invalid user test [preauth]
Jun 22 23:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: Failed password for invalid user test from 91.92.40.171 port 52434 ssh2
Jun 22 23:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: Connection closed by 91.92.40.171 port 52434 [preauth]
Jun 22 23:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: Invalid user ubuntu from 91.92.40.171
Jun 22 23:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 23:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: Failed password for invalid user ubuntu from 91.92.40.171 port 47556 ssh2
Jun 22 23:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: Connection closed by 91.92.40.171 port 47556 [preauth]
Jun 22 23:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: Failed password for root from 38.55.97.143 port 54100 ssh2
Jun 22 23:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: Connection closed by 38.55.97.143 port 54100 [preauth]
Jun 22 23:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: Invalid user user from 91.92.40.171
Jun 22 23:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: input_userauth_request: invalid user user [preauth]
Jun 22 23:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10149]: pam_unix(cron:session): session closed for user root
Jun 22 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: Failed password for invalid user user from 91.92.40.171 port 47588 ssh2
Jun 22 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: Connection closed by 91.92.40.171 port 47588 [preauth]
Jun 22 23:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Failed password for root from 91.92.40.171 port 35516 ssh2
Jun 22 23:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Connection closed by 91.92.40.171 port 35516 [preauth]
Jun 22 23:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Failed password for root from 91.92.40.171 port 50254 ssh2
Jun 22 23:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Connection closed by 91.92.40.171 port 50254 [preauth]
Jun 22 23:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: User ftp from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 22 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: input_userauth_request: invalid user ftp [preauth]
Jun 22 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=ftp
Jun 22 23:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Failed password for invalid user ftp from 91.92.40.171 port 50278 ssh2
Jun 22 23:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Connection closed by 91.92.40.171 port 50278 [preauth]
Jun 22 23:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Invalid user dani from 91.92.40.171
Jun 22 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: input_userauth_request: invalid user dani [preauth]
Jun 22 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Failed password for invalid user dani from 91.92.40.171 port 38440 ssh2
Jun 22 23:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Connection closed by 91.92.40.171 port 38440 [preauth]
Jun 22 23:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Invalid user gary from 91.92.40.171
Jun 22 23:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: input_userauth_request: invalid user gary [preauth]
Jun 22 23:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Failed password for invalid user gary from 91.92.40.171 port 38504 ssh2
Jun 22 23:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Connection closed by 91.92.40.171 port 38504 [preauth]
Jun 22 23:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 22 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11696]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11783]: Successful su for rubyman by root
Jun 22 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11783]: + ??? root:rubyman
Jun 22 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573716 of user rubyman.
Jun 22 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11783]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573716.
Jun 22 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Invalid user pi from 91.92.40.171
Jun 22 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: input_userauth_request: invalid user pi [preauth]
Jun 22 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Failed password for root from 147.45.199.80 port 40240 ssh2
Jun 22 23:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Connection closed by 147.45.199.80 port 40240 [preauth]
Jun 22 23:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Failed password for invalid user pi from 91.92.40.171 port 57928 ssh2
Jun 22 23:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Connection closed by 91.92.40.171 port 57928 [preauth]
Jun 22 23:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8679]: pam_unix(cron:session): session closed for user root
Jun 22 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11697]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: Invalid user deploy from 91.92.40.171
Jun 22 23:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: input_userauth_request: invalid user deploy [preauth]
Jun 22 23:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: Failed password for invalid user deploy from 91.92.40.171 port 58016 ssh2
Jun 22 23:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: Connection closed by 91.92.40.171 port 58016 [preauth]
Jun 22 23:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: Invalid user jellyfin from 91.92.40.171
Jun 22 23:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: input_userauth_request: invalid user jellyfin [preauth]
Jun 22 23:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: Failed password for invalid user jellyfin from 91.92.40.171 port 53316 ssh2
Jun 22 23:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: Connection closed by 91.92.40.171 port 53316 [preauth]
Jun 22 23:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: Failed password for root from 91.92.40.171 port 53408 ssh2
Jun 22 23:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: Connection closed by 91.92.40.171 port 53408 [preauth]
Jun 22 23:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12057]: Invalid user steam from 91.92.40.171
Jun 22 23:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12057]: input_userauth_request: invalid user steam [preauth]
Jun 22 23:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12057]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12057]: Failed password for invalid user steam from 91.92.40.171 port 59896 ssh2
Jun 22 23:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12057]: Connection closed by 91.92.40.171 port 59896 [preauth]
Jun 22 23:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 22 23:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: Failed password for root from 103.27.238.120 port 50778 ssh2
Jun 22 23:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: Connection closed by 103.27.238.120 port 50778 [preauth]
Jun 22 23:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: Invalid user myuser from 91.92.40.171
Jun 22 23:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: input_userauth_request: invalid user myuser [preauth]
Jun 22 23:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: Failed password for invalid user myuser from 91.92.40.171 port 59936 ssh2
Jun 22 23:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: Connection closed by 91.92.40.171 port 59936 [preauth]
Jun 22 23:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10683]: pam_unix(cron:session): session closed for user root
Jun 22 23:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: Failed password for root from 91.92.40.171 port 54460 ssh2
Jun 22 23:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: Connection closed by 91.92.40.171 port 54460 [preauth]
Jun 22 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: Invalid user elasticsearch from 91.92.40.171
Jun 22 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 22 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 22 23:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: Failed password for invalid user elasticsearch from 91.92.40.171 port 54512 ssh2
Jun 22 23:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: Connection closed by 91.92.40.171 port 54512 [preauth]
Jun 22 23:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: Failed password for root from 186.96.158.180 port 30601 ssh2
Jun 22 23:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: Received disconnect from 186.96.158.180 port 30601:11: Bye Bye [preauth]
Jun 22 23:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: Disconnected from 186.96.158.180 port 30601 [preauth]
Jun 22 23:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: Invalid user main from 91.92.40.171
Jun 22 23:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: input_userauth_request: invalid user main [preauth]
Jun 22 23:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: Failed password for invalid user main from 91.92.40.171 port 42212 ssh2
Jun 22 23:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: Connection closed by 91.92.40.171 port 42212 [preauth]
Jun 22 23:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Invalid user labuser from 91.92.40.171
Jun 22 23:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: input_userauth_request: invalid user labuser [preauth]
Jun 22 23:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Failed password for invalid user labuser from 91.92.40.171 port 59452 ssh2
Jun 22 23:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Connection closed by 91.92.40.171 port 59452 [preauth]
Jun 22 23:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Invalid user deploy from 91.92.40.171
Jun 22 23:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: input_userauth_request: invalid user deploy [preauth]
Jun 22 23:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Failed password for invalid user deploy from 91.92.40.171 port 59558 ssh2
Jun 22 23:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Connection closed by 91.92.40.171 port 59558 [preauth]
Jun 22 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12362]: Successful su for rubyman by root
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12362]: + ??? root:rubyman
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573719 of user rubyman.
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12362]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573719.
Jun 22 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9129]: pam_unix(cron:session): session closed for user root
Jun 22 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: Failed password for root from 91.92.40.171 port 57102 ssh2
Jun 22 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: Connection closed by 91.92.40.171 port 57102 [preauth]
Jun 22 23:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Invalid user odoo16 from 91.92.40.171
Jun 22 23:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: input_userauth_request: invalid user odoo16 [preauth]
Jun 22 23:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Failed password for invalid user odoo16 from 91.92.40.171 port 57178 ssh2
Jun 22 23:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Connection closed by 91.92.40.171 port 57178 [preauth]
Jun 22 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Invalid user test from 91.92.40.171
Jun 22 23:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: input_userauth_request: invalid user test [preauth]
Jun 22 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 22 23:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Failed password for invalid user test from 91.92.40.171 port 42650 ssh2
Jun 22 23:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Connection closed by 91.92.40.171 port 42650 [preauth]
Jun 22 23:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for root from 94.159.110.201 port 58380 ssh2
Jun 22 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Connection closed by 94.159.110.201 port 58380 [preauth]
Jun 22 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12590]: Invalid user linuxuser from 91.92.40.171
Jun 22 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12590]: input_userauth_request: invalid user linuxuser [preauth]
Jun 22 23:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12590]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12590]: Failed password for invalid user linuxuser from 91.92.40.171 port 42678 ssh2
Jun 22 23:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12590]: Connection closed by 91.92.40.171 port 42678 [preauth]
Jun 22 23:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: Invalid user security from 91.92.40.171
Jun 22 23:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: input_userauth_request: invalid user security [preauth]
Jun 22 23:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: Failed password for invalid user security from 91.92.40.171 port 33894 ssh2
Jun 22 23:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: Connection closed by 91.92.40.171 port 33894 [preauth]
Jun 22 23:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: Failed password for root from 91.92.40.171 port 33966 ssh2
Jun 22 23:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: Connection closed by 91.92.40.171 port 33966 [preauth]
Jun 22 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11221]: pam_unix(cron:session): session closed for user root
Jun 22 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Invalid user kevin from 91.92.40.171
Jun 22 23:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: input_userauth_request: invalid user kevin [preauth]
Jun 22 23:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Failed password for invalid user kevin from 91.92.40.171 port 48690 ssh2
Jun 22 23:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Connection closed by 91.92.40.171 port 48690 [preauth]
Jun 22 23:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: Failed password for root from 91.92.40.171 port 48742 ssh2
Jun 22 23:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: Connection closed by 91.92.40.171 port 48742 [preauth]
Jun 22 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12694]: Invalid user test from 91.92.40.171
Jun 22 23:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12694]: input_userauth_request: invalid user test [preauth]
Jun 22 23:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12694]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12694]: Failed password for invalid user test from 91.92.40.171 port 51642 ssh2
Jun 22 23:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12694]: Connection closed by 91.92.40.171 port 51642 [preauth]
Jun 22 23:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: Invalid user rdpuser from 91.92.40.171
Jun 22 23:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 23:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: Failed password for invalid user rdpuser from 91.92.40.171 port 51674 ssh2
Jun 22 23:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: Connection closed by 91.92.40.171 port 51674 [preauth]
Jun 22 23:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: Invalid user jakob from 91.92.40.171
Jun 22 23:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: input_userauth_request: invalid user jakob [preauth]
Jun 22 23:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: Failed password for invalid user jakob from 91.92.40.171 port 49614 ssh2
Jun 22 23:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: Connection closed by 91.92.40.171 port 49614 [preauth]
Jun 22 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12733]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12730]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: Invalid user gd from 91.92.40.171
Jun 22 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: input_userauth_request: invalid user gd [preauth]
Jun 22 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12798]: Successful su for rubyman by root
Jun 22 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12798]: + ??? root:rubyman
Jun 22 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573723 of user rubyman.
Jun 22 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12798]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573723.
Jun 22 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9552]: pam_unix(cron:session): session closed for user root
Jun 22 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: Failed password for invalid user gd from 91.92.40.171 port 54002 ssh2
Jun 22 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: Connection closed by 91.92.40.171 port 54002 [preauth]
Jun 22 23:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12732]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12989]: Failed password for root from 91.92.40.171 port 54050 ssh2
Jun 22 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12989]: Connection closed by 91.92.40.171 port 54050 [preauth]
Jun 22 23:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12999]: Invalid user admin from 91.92.40.171
Jun 22 23:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12999]: input_userauth_request: invalid user admin [preauth]
Jun 22 23:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12999]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12999]: Failed password for invalid user admin from 91.92.40.171 port 49676 ssh2
Jun 22 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12999]: Connection closed by 91.92.40.171 port 49676 [preauth]
Jun 22 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: Failed password for root from 91.92.40.171 port 49734 ssh2
Jun 22 23:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: Connection closed by 91.92.40.171 port 49734 [preauth]
Jun 22 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13035]: Invalid user potok from 91.92.40.171
Jun 22 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13035]: input_userauth_request: invalid user potok [preauth]
Jun 22 23:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13035]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13035]: Failed password for invalid user potok from 91.92.40.171 port 56894 ssh2
Jun 22 23:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13035]: Connection closed by 91.92.40.171 port 56894 [preauth]
Jun 22 23:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Invalid user zahra from 91.92.40.171
Jun 22 23:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: input_userauth_request: invalid user zahra [preauth]
Jun 22 23:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Failed password for invalid user zahra from 91.92.40.171 port 56926 ssh2
Jun 22 23:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Connection closed by 91.92.40.171 port 56926 [preauth]
Jun 22 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11699]: pam_unix(cron:session): session closed for user root
Jun 22 23:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: Failed password for root from 91.92.40.171 port 42528 ssh2
Jun 22 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: Connection closed by 91.92.40.171 port 42528 [preauth]
Jun 22 23:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Invalid user support from 91.92.40.171
Jun 22 23:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: input_userauth_request: invalid user support [preauth]
Jun 22 23:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Failed password for invalid user support from 91.92.40.171 port 42590 ssh2
Jun 22 23:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Connection closed by 91.92.40.171 port 42590 [preauth]
Jun 22 23:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: Invalid user redhat from 91.92.40.171
Jun 22 23:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: input_userauth_request: invalid user redhat [preauth]
Jun 22 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: Failed password for invalid user redhat from 91.92.40.171 port 52056 ssh2
Jun 22 23:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 23:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: Connection closed by 91.92.40.171 port 52056 [preauth]
Jun 22 23:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: Failed password for root from 38.55.97.143 port 57208 ssh2
Jun 22 23:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: Connection closed by 38.55.97.143 port 57208 [preauth]
Jun 22 23:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: Invalid user ark from 91.92.40.171
Jun 22 23:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: input_userauth_request: invalid user ark [preauth]
Jun 22 23:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: Failed password for invalid user ark from 91.92.40.171 port 32850 ssh2
Jun 22 23:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: Connection closed by 91.92.40.171 port 32850 [preauth]
Jun 22 23:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13171]: Invalid user default from 91.92.40.171
Jun 22 23:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13171]: input_userauth_request: invalid user default [preauth]
Jun 22 23:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13171]: Failed password for invalid user default from 91.92.40.171 port 32910 ssh2
Jun 22 23:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13171]: Connection closed by 91.92.40.171 port 32910 [preauth]
Jun 22 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13245]: Successful su for rubyman by root
Jun 22 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13245]: + ??? root:rubyman
Jun 22 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573727 of user rubyman.
Jun 22 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13245]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573727.
Jun 22 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13277]: Invalid user student from 91.92.40.171
Jun 22 23:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13277]: input_userauth_request: invalid user student [preauth]
Jun 22 23:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13277]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10148]: pam_unix(cron:session): session closed for user root
Jun 22 23:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13277]: Failed password for invalid user student from 91.92.40.171 port 46246 ssh2
Jun 22 23:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13277]: Connection closed by 91.92.40.171 port 46246 [preauth]
Jun 22 23:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13184]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: Failed password for root from 91.92.40.171 port 46324 ssh2
Jun 22 23:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: Connection closed by 91.92.40.171 port 46324 [preauth]
Jun 22 23:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Failed password for root from 91.92.40.171 port 50368 ssh2
Jun 22 23:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Connection closed by 91.92.40.171 port 50368 [preauth]
Jun 22 23:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: Invalid user ftpuser from 91.92.40.171
Jun 22 23:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 23:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: Failed password for invalid user ftpuser from 91.92.40.171 port 50478 ssh2
Jun 22 23:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: Connection closed by 91.92.40.171 port 50478 [preauth]
Jun 22 23:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Invalid user developer from 91.92.40.171
Jun 22 23:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: input_userauth_request: invalid user developer [preauth]
Jun 22 23:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Failed password for invalid user developer from 91.92.40.171 port 51992 ssh2
Jun 22 23:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Connection closed by 91.92.40.171 port 51992 [preauth]
Jun 22 23:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 22 23:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: Failed password for root from 77.94.47.83 port 39186 ssh2
Jun 22 23:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: Connection closed by 77.94.47.83 port 39186 [preauth]
Jun 22 23:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Invalid user ftpuser from 91.92.40.171
Jun 22 23:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 23:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session closed for user root
Jun 22 23:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Failed password for invalid user ftpuser from 91.92.40.171 port 52060 ssh2
Jun 22 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Connection closed by 91.92.40.171 port 52060 [preauth]
Jun 22 23:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: Invalid user deploy from 91.92.40.171
Jun 22 23:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: input_userauth_request: invalid user deploy [preauth]
Jun 22 23:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: Failed password for invalid user deploy from 91.92.40.171 port 37990 ssh2
Jun 22 23:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: Connection closed by 91.92.40.171 port 37990 [preauth]
Jun 22 23:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Invalid user oscar from 91.92.40.171
Jun 22 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: input_userauth_request: invalid user oscar [preauth]
Jun 22 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Failed password for invalid user oscar from 91.92.40.171 port 59074 ssh2
Jun 22 23:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Connection closed by 91.92.40.171 port 59074 [preauth]
Jun 22 23:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Failed password for root from 91.92.40.171 port 59120 ssh2
Jun 22 23:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Connection closed by 91.92.40.171 port 59120 [preauth]
Jun 22 23:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 22 23:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: Failed password for root from 62.133.62.83 port 52390 ssh2
Jun 22 23:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: Connection closed by 62.133.62.83 port 52390 [preauth]
Jun 22 23:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Invalid user parsa from 91.92.40.171
Jun 22 23:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: input_userauth_request: invalid user parsa [preauth]
Jun 22 23:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Failed password for invalid user parsa from 91.92.40.171 port 48544 ssh2
Jun 22 23:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Connection closed by 91.92.40.171 port 48544 [preauth]
Jun 22 23:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Failed password for root from 91.92.40.171 port 48616 ssh2
Jun 22 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Connection closed by 91.92.40.171 port 48616 [preauth]
Jun 22 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13610]: pam_unix(cron:session): session closed for user root
Jun 22 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13605]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13670]: Successful su for rubyman by root
Jun 22 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13670]: + ??? root:rubyman
Jun 22 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573735 of user rubyman.
Jun 22 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13670]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573735.
Jun 22 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13607]: pam_unix(cron:session): session closed for user root
Jun 22 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: Invalid user user from 91.92.40.171
Jun 22 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: input_userauth_request: invalid user user [preauth]
Jun 22 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10682]: pam_unix(cron:session): session closed for user root
Jun 22 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13606]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: Failed password for invalid user user from 91.92.40.171 port 32898 ssh2
Jun 22 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: Connection closed by 91.92.40.171 port 32898 [preauth]
Jun 22 23:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Failed password for root from 91.92.40.171 port 32948 ssh2
Jun 22 23:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Connection closed by 91.92.40.171 port 32948 [preauth]
Jun 22 23:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Invalid user admin1 from 91.92.40.171
Jun 22 23:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: input_userauth_request: invalid user admin1 [preauth]
Jun 22 23:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Failed password for invalid user admin1 from 91.92.40.171 port 38050 ssh2
Jun 22 23:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Connection closed by 91.92.40.171 port 38050 [preauth]
Jun 22 23:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13927]: Invalid user gitlab-runner from 91.92.40.171
Jun 22 23:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13927]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 22 23:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13927]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13927]: Failed password for invalid user gitlab-runner from 91.92.40.171 port 38110 ssh2
Jun 22 23:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13927]: Connection closed by 91.92.40.171 port 38110 [preauth]
Jun 22 23:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: Invalid user user from 91.92.40.171
Jun 22 23:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: input_userauth_request: invalid user user [preauth]
Jun 22 23:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: Failed password for invalid user user from 91.92.40.171 port 57248 ssh2
Jun 22 23:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: Connection closed by 91.92.40.171 port 57248 [preauth]
Jun 22 23:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: Invalid user zabbix from 91.92.40.171
Jun 22 23:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: input_userauth_request: invalid user zabbix [preauth]
Jun 22 23:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 22 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: Failed password for invalid user zabbix from 91.92.40.171 port 57284 ssh2
Jun 22 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: Connection closed by 91.92.40.171 port 57284 [preauth]
Jun 22 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13969]: Failed password for root from 51.250.105.222 port 58344 ssh2
Jun 22 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13969]: Connection closed by 51.250.105.222 port 58344 [preauth]
Jun 22 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12734]: pam_unix(cron:session): session closed for user root
Jun 22 23:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14001]: Failed password for root from 91.92.40.171 port 58540 ssh2
Jun 22 23:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14001]: Connection closed by 91.92.40.171 port 58540 [preauth]
Jun 22 23:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14014]: Invalid user newuser from 91.92.40.171
Jun 22 23:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14014]: input_userauth_request: invalid user newuser [preauth]
Jun 22 23:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14014]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14014]: Failed password for invalid user newuser from 91.92.40.171 port 48554 ssh2
Jun 22 23:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14014]: Connection closed by 91.92.40.171 port 48554 [preauth]
Jun 22 23:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: Invalid user user from 91.92.40.171
Jun 22 23:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: input_userauth_request: invalid user user [preauth]
Jun 22 23:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: Failed password for invalid user user from 91.92.40.171 port 48558 ssh2
Jun 22 23:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14036]: Connection closed by 91.92.40.171 port 48558 [preauth]
Jun 22 23:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Failed password for root from 91.92.40.171 port 42694 ssh2
Jun 22 23:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Connection closed by 91.92.40.171 port 42694 [preauth]
Jun 22 23:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: Invalid user test1 from 91.92.40.171
Jun 22 23:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: input_userauth_request: invalid user test1 [preauth]
Jun 22 23:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: Failed password for invalid user test1 from 91.92.40.171 port 42742 ssh2
Jun 22 23:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14056]: Connection closed by 91.92.40.171 port 42742 [preauth]
Jun 22 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14132]: Successful su for rubyman by root
Jun 22 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14132]: + ??? root:rubyman
Jun 22 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573739 of user rubyman.
Jun 22 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14132]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573739.
Jun 22 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: Invalid user x from 91.92.40.171
Jun 22 23:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: input_userauth_request: invalid user x [preauth]
Jun 22 23:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11220]: pam_unix(cron:session): session closed for user root
Jun 22 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: Failed password for invalid user x from 91.92.40.171 port 52196 ssh2
Jun 22 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: Connection closed by 91.92.40.171 port 52196 [preauth]
Jun 22 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14069]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Invalid user ubuntu from 91.92.40.171
Jun 22 23:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Failed password for invalid user ubuntu from 91.92.40.171 port 52240 ssh2
Jun 22 23:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Connection closed by 91.92.40.171 port 52240 [preauth]
Jun 22 23:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Failed password for root from 91.92.40.171 port 34954 ssh2
Jun 22 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Connection closed by 91.92.40.171 port 34954 [preauth]
Jun 22 23:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: Invalid user aaa from 91.92.40.171
Jun 22 23:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: input_userauth_request: invalid user aaa [preauth]
Jun 22 23:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: Failed password for invalid user aaa from 91.92.40.171 port 35008 ssh2
Jun 22 23:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: Connection closed by 91.92.40.171 port 35008 [preauth]
Jun 22 23:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Invalid user crafty from 91.92.40.171
Jun 22 23:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: input_userauth_request: invalid user crafty [preauth]
Jun 22 23:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Failed password for invalid user crafty from 91.92.40.171 port 36142 ssh2
Jun 22 23:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Connection closed by 91.92.40.171 port 36142 [preauth]
Jun 22 23:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: Invalid user demo from 91.92.40.171
Jun 22 23:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: input_userauth_request: invalid user demo [preauth]
Jun 22 23:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13186]: pam_unix(cron:session): session closed for user root
Jun 22 23:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: Failed password for invalid user demo from 91.92.40.171 port 44494 ssh2
Jun 22 23:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: Connection closed by 91.92.40.171 port 44494 [preauth]
Jun 22 23:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Invalid user nvidia from 91.92.40.171
Jun 22 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: input_userauth_request: invalid user nvidia [preauth]
Jun 22 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Failed password for invalid user nvidia from 91.92.40.171 port 44576 ssh2
Jun 22 23:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Connection closed by 91.92.40.171 port 44576 [preauth]
Jun 22 23:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Invalid user gitlab-runner from 91.92.40.171
Jun 22 23:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 22 23:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Failed password for invalid user gitlab-runner from 91.92.40.171 port 38614 ssh2
Jun 22 23:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Connection closed by 91.92.40.171 port 38614 [preauth]
Jun 22 23:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Invalid user odoo from 91.92.40.171
Jun 22 23:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: input_userauth_request: invalid user odoo [preauth]
Jun 22 23:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Failed password for invalid user odoo from 91.92.40.171 port 38674 ssh2
Jun 22 23:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Connection closed by 91.92.40.171 port 38674 [preauth]
Jun 22 23:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Invalid user user from 91.92.40.171
Jun 22 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: input_userauth_request: invalid user user [preauth]
Jun 22 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Failed password for invalid user user from 91.92.40.171 port 58412 ssh2
Jun 22 23:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Connection closed by 91.92.40.171 port 58412 [preauth]
Jun 22 23:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: Invalid user kingbase from 91.92.40.171
Jun 22 23:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: input_userauth_request: invalid user kingbase [preauth]
Jun 22 23:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: Failed password for invalid user kingbase from 91.92.40.171 port 58452 ssh2
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14478]: pam_unix(cron:session): session closed for user root
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14480]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: Connection closed by 91.92.40.171 port 58452 [preauth]
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14547]: Successful su for rubyman by root
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14547]: + ??? root:rubyman
Jun 22 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573741 of user rubyman.
Jun 22 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14547]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573741.
Jun 22 23:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11698]: pam_unix(cron:session): session closed for user root
Jun 22 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14481]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: Failed password for root from 91.92.40.171 port 46372 ssh2
Jun 22 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: Connection closed by 91.92.40.171 port 46372 [preauth]
Jun 22 23:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Invalid user usuario from 91.92.40.171
Jun 22 23:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: input_userauth_request: invalid user usuario [preauth]
Jun 22 23:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 23:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Failed password for invalid user usuario from 91.92.40.171 port 46434 ssh2
Jun 22 23:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Connection closed by 91.92.40.171 port 46434 [preauth]
Jun 22 23:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: Failed password for root from 38.55.97.143 port 36000 ssh2
Jun 22 23:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: Connection closed by 38.55.97.143 port 36000 [preauth]
Jun 22 23:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Invalid user cw from 91.92.40.171
Jun 22 23:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: input_userauth_request: invalid user cw [preauth]
Jun 22 23:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Failed password for invalid user cw from 91.92.40.171 port 58624 ssh2
Jun 22 23:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Connection closed by 91.92.40.171 port 58624 [preauth]
Jun 22 23:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: Received disconnect from 50.7.127.99 port 36536:11: disconnected by user [preauth]
Jun 22 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: Disconnected from 50.7.127.99 port 36536 [preauth]
Jun 22 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: Failed password for root from 91.92.40.171 port 58680 ssh2
Jun 22 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: Connection closed by 91.92.40.171 port 58680 [preauth]
Jun 22 23:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Invalid user aaa from 91.92.40.171
Jun 22 23:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: input_userauth_request: invalid user aaa [preauth]
Jun 22 23:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Failed password for invalid user aaa from 91.92.40.171 port 40056 ssh2
Jun 22 23:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Connection closed by 91.92.40.171 port 40056 [preauth]
Jun 22 23:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Invalid user deploy from 91.92.40.171
Jun 22 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: input_userauth_request: invalid user deploy [preauth]
Jun 22 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Invalid user wendy from 141.98.83.240
Jun 22 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: input_userauth_request: invalid user wendy [preauth]
Jun 22 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Failed password for invalid user deploy from 91.92.40.171 port 40098 ssh2
Jun 22 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Connection closed by 91.92.40.171 port 40098 [preauth]
Jun 22 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Failed password for invalid user wendy from 141.98.83.240 port 14952 ssh2
Jun 22 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13609]: pam_unix(cron:session): session closed for user root
Jun 22 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Failed password for invalid user wendy from 141.98.83.240 port 14952 ssh2
Jun 22 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Invalid user home from 91.92.40.171
Jun 22 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: input_userauth_request: invalid user home [preauth]
Jun 22 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Failed password for invalid user wendy from 141.98.83.240 port 14952 ssh2
Jun 22 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Connection closed by 141.98.83.240 port 14952 [preauth]
Jun 22 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Failed password for invalid user home from 91.92.40.171 port 38710 ssh2
Jun 22 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Connection closed by 91.92.40.171 port 38710 [preauth]
Jun 22 23:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14941]: Failed password for root from 91.92.40.171 port 36948 ssh2
Jun 22 23:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14941]: Connection closed by 91.92.40.171 port 36948 [preauth]
Jun 22 23:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Failed password for root from 91.92.40.171 port 36992 ssh2
Jun 22 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Connection closed by 91.92.40.171 port 36992 [preauth]
Jun 22 23:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Failed password for root from 91.92.40.171 port 50918 ssh2
Jun 22 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Connection closed by 91.92.40.171 port 50918 [preauth]
Jun 22 23:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Invalid user fa from 91.92.40.171
Jun 22 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: input_userauth_request: invalid user fa [preauth]
Jun 22 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Failed password for invalid user fa from 91.92.40.171 port 50938 ssh2
Jun 22 23:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Connection closed by 91.92.40.171 port 50938 [preauth]
Jun 22 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Received disconnect from 64.227.59.76 port 47722:11: disconnected by user [preauth]
Jun 22 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Disconnected from 64.227.59.76 port 47722 [preauth]
Jun 22 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15004]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15063]: Successful su for rubyman by root
Jun 22 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15063]: + ??? root:rubyman
Jun 22 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573747 of user rubyman.
Jun 22 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15063]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573747.
Jun 22 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: Invalid user martin from 91.92.40.171
Jun 22 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: input_userauth_request: invalid user martin [preauth]
Jun 22 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12186]: pam_unix(cron:session): session closed for user root
Jun 22 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: Failed password for invalid user martin from 91.92.40.171 port 38588 ssh2
Jun 22 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: Connection closed by 91.92.40.171 port 38588 [preauth]
Jun 22 23:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15005]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: Invalid user worker from 91.92.40.171
Jun 22 23:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: input_userauth_request: invalid user worker [preauth]
Jun 22 23:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: Failed password for invalid user worker from 91.92.40.171 port 38606 ssh2
Jun 22 23:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: Connection closed by 91.92.40.171 port 38606 [preauth]
Jun 22 23:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34  user=root
Jun 22 23:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for root from 24.212.56.34 port 31420 ssh2
Jun 22 23:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Invalid user mykala from 2.57.121.112
Jun 22 23:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: input_userauth_request: invalid user mykala [preauth]
Jun 22 23:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 23:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Invalid user private from 91.92.40.171
Jun 22 23:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: input_userauth_request: invalid user private [preauth]
Jun 22 23:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for root from 24.212.56.34 port 31420 ssh2
Jun 22 23:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Failed password for invalid user mykala from 2.57.121.112 port 19630 ssh2
Jun 22 23:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Failed password for invalid user private from 91.92.40.171 port 42058 ssh2
Jun 22 23:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Connection closed by 91.92.40.171 port 42058 [preauth]
Jun 22 23:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for root from 24.212.56.34 port 31420 ssh2
Jun 22 23:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Failed password for invalid user mykala from 2.57.121.112 port 19630 ssh2
Jun 22 23:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Invalid user csgo from 91.92.40.171
Jun 22 23:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: input_userauth_request: invalid user csgo [preauth]
Jun 22 23:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for root from 24.212.56.34 port 31420 ssh2
Jun 22 23:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Failed password for invalid user mykala from 2.57.121.112 port 19630 ssh2
Jun 22 23:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Failed password for invalid user csgo from 91.92.40.171 port 42124 ssh2
Jun 22 23:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for root from 24.212.56.34 port 31420 ssh2
Jun 22 23:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Connection closed by 91.92.40.171 port 42124 [preauth]
Jun 22 23:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Failed password for invalid user mykala from 2.57.121.112 port 19630 ssh2
Jun 22 23:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for root from 24.212.56.34 port 31420 ssh2
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: error: maximum authentication attempts exceeded for root from 24.212.56.34 port 31420 ssh2 [preauth]
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34  user=root
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Failed password for invalid user mykala from 2.57.121.112 port 19630 ssh2
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Connection closed by 2.57.121.112 port 19630 [preauth]
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34  user=root
Jun 22 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Failed password for root from 193.24.211.107 port 17127 ssh2
Jun 22 23:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Received disconnect from 193.24.211.107 port 17127:11: Client disconnecting normally [preauth]
Jun 22 23:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Disconnected from 193.24.211.107 port 17127 [preauth]
Jun 22 23:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Failed password for root from 24.212.56.34 port 12889 ssh2
Jun 22 23:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Failed password for root from 91.92.40.171 port 45970 ssh2
Jun 22 23:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Connection closed by 91.92.40.171 port 45970 [preauth]
Jun 22 23:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Failed password for root from 24.212.56.34 port 12889 ssh2
Jun 22 23:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15332]: Invalid user claude from 91.92.40.171
Jun 22 23:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15332]: input_userauth_request: invalid user claude [preauth]
Jun 22 23:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15332]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Failed password for root from 24.212.56.34 port 12889 ssh2
Jun 22 23:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15332]: Failed password for invalid user claude from 91.92.40.171 port 45998 ssh2
Jun 22 23:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15332]: Connection closed by 91.92.40.171 port 45998 [preauth]
Jun 22 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Failed password for root from 24.212.56.34 port 12889 ssh2
Jun 22 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14071]: pam_unix(cron:session): session closed for user root
Jun 22 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Invalid user student from 91.92.40.171
Jun 22 23:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: input_userauth_request: invalid user student [preauth]
Jun 22 23:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Failed password for root from 24.212.56.34 port 12889 ssh2
Jun 22 23:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Failed password for invalid user student from 91.92.40.171 port 55362 ssh2
Jun 22 23:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Connection closed by 91.92.40.171 port 55362 [preauth]
Jun 22 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Failed password for root from 24.212.56.34 port 12889 ssh2
Jun 22 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: error: maximum authentication attempts exceeded for root from 24.212.56.34 port 12889 ssh2 [preauth]
Jun 22 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34  user=root
Jun 22 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34  user=root
Jun 22 23:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Failed password for root from 24.212.56.34 port 14150 ssh2
Jun 22 23:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: Failed password for root from 91.92.40.171 port 55394 ssh2
Jun 22 23:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: Connection closed by 91.92.40.171 port 55394 [preauth]
Jun 22 23:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Failed password for root from 24.212.56.34 port 14150 ssh2
Jun 22 23:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Failed password for root from 24.212.56.34 port 14150 ssh2
Jun 22 23:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Invalid user oracle from 91.92.40.171
Jun 22 23:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: input_userauth_request: invalid user oracle [preauth]
Jun 22 23:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Failed password for root from 24.212.56.34 port 14150 ssh2
Jun 22 23:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Failed password for invalid user oracle from 91.92.40.171 port 54578 ssh2
Jun 22 23:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Connection closed by 91.92.40.171 port 54578 [preauth]
Jun 22 23:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Failed password for root from 24.212.56.34 port 14150 ssh2
Jun 22 23:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Invalid user webuser from 91.92.40.171
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: input_userauth_request: invalid user webuser [preauth]
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Failed password for root from 24.212.56.34 port 14150 ssh2
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: error: maximum authentication attempts exceeded for root from 24.212.56.34 port 14150 ssh2 [preauth]
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34  user=root
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34  user=root
Jun 22 23:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Failed password for invalid user webuser from 91.92.40.171 port 56266 ssh2
Jun 22 23:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Connection closed by 91.92.40.171 port 56266 [preauth]
Jun 22 23:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Failed password for root from 24.212.56.34 port 16523 ssh2
Jun 22 23:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Received disconnect from 24.212.56.34 port 16523:11: disconnected by user [preauth]
Jun 22 23:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Disconnected from 24.212.56.34 port 16523 [preauth]
Jun 22 23:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Invalid user admin from 24.212.56.34
Jun 22 23:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: input_userauth_request: invalid user admin [preauth]
Jun 22 23:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Invalid user vbox from 91.92.40.171
Jun 22 23:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: input_userauth_request: invalid user vbox [preauth]
Jun 22 23:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user admin from 24.212.56.34 port 13305 ssh2
Jun 22 23:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user admin from 24.212.56.34 port 13305 ssh2
Jun 22 23:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Failed password for invalid user vbox from 91.92.40.171 port 56310 ssh2
Jun 22 23:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Connection closed by 91.92.40.171 port 56310 [preauth]
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15432]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15490]: Successful su for rubyman by root
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15490]: + ??? root:rubyman
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573750 of user rubyman.
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15490]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573750.
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user admin from 24.212.56.34 port 13305 ssh2
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Invalid user ubuntu from 91.92.40.171
Jun 22 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user admin from 24.212.56.34 port 13305 ssh2
Jun 22 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12733]: pam_unix(cron:session): session closed for user root
Jun 22 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Failed password for invalid user ubuntu from 91.92.40.171 port 34130 ssh2
Jun 22 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Connection closed by 91.92.40.171 port 34130 [preauth]
Jun 22 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15433]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user admin from 24.212.56.34 port 13305 ssh2
Jun 22 23:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user admin from 24.212.56.34 port 13305 ssh2
Jun 22 23:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: error: maximum authentication attempts exceeded for invalid user admin from 24.212.56.34 port 13305 ssh2 [preauth]
Jun 22 23:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Invalid user admin from 24.212.56.34
Jun 22 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: input_userauth_request: invalid user admin [preauth]
Jun 22 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: Failed password for root from 91.92.40.171 port 34208 ssh2
Jun 22 23:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: Connection closed by 91.92.40.171 port 34208 [preauth]
Jun 22 23:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Failed password for invalid user admin from 24.212.56.34 port 30417 ssh2
Jun 22 23:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Invalid user server from 91.92.40.171
Jun 22 23:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: input_userauth_request: invalid user server [preauth]
Jun 22 23:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Failed password for invalid user admin from 24.212.56.34 port 30417 ssh2
Jun 22 23:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Failed password for invalid user server from 91.92.40.171 port 32936 ssh2
Jun 22 23:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Connection closed by 91.92.40.171 port 32936 [preauth]
Jun 22 23:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Failed password for invalid user admin from 24.212.56.34 port 30417 ssh2
Jun 22 23:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Failed password for invalid user admin from 24.212.56.34 port 30417 ssh2
Jun 22 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: Invalid user guest from 91.92.40.171
Jun 22 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: input_userauth_request: invalid user guest [preauth]
Jun 22 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Failed password for invalid user admin from 24.212.56.34 port 30417 ssh2
Jun 22 23:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: Failed password for invalid user guest from 91.92.40.171 port 32988 ssh2
Jun 22 23:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: Connection closed by 91.92.40.171 port 32988 [preauth]
Jun 22 23:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Failed password for invalid user admin from 24.212.56.34 port 30417 ssh2
Jun 22 23:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: error: maximum authentication attempts exceeded for invalid user admin from 24.212.56.34 port 30417 ssh2 [preauth]
Jun 22 23:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: Invalid user admin from 24.212.56.34
Jun 22 23:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: input_userauth_request: invalid user admin [preauth]
Jun 22 23:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: Failed password for root from 91.92.40.171 port 54780 ssh2
Jun 22 23:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: Failed password for invalid user admin from 24.212.56.34 port 39674 ssh2
Jun 22 23:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: Connection closed by 91.92.40.171 port 54780 [preauth]
Jun 22 23:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: Failed password for invalid user admin from 24.212.56.34 port 39674 ssh2
Jun 22 23:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15753]: Invalid user cursor from 91.92.40.171
Jun 22 23:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15753]: input_userauth_request: invalid user cursor [preauth]
Jun 22 23:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15753]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: Failed password for invalid user admin from 24.212.56.34 port 39674 ssh2
Jun 22 23:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15753]: Failed password for invalid user cursor from 91.92.40.171 port 54822 ssh2
Jun 22 23:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15753]: Connection closed by 91.92.40.171 port 54822 [preauth]
Jun 22 23:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: Failed password for invalid user admin from 24.212.56.34 port 39674 ssh2
Jun 22 23:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: Received disconnect from 24.212.56.34 port 39674:11: disconnected by user [preauth]
Jun 22 23:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: Disconnected from 24.212.56.34 port 39674 [preauth]
Jun 22 23:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15727]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 22 23:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Invalid user oracle from 24.212.56.34
Jun 22 23:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: input_userauth_request: invalid user oracle [preauth]
Jun 22 23:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Invalid user devops from 91.92.40.171
Jun 22 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: input_userauth_request: invalid user devops [preauth]
Jun 22 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14483]: pam_unix(cron:session): session closed for user root
Jun 22 23:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Failed password for invalid user oracle from 24.212.56.34 port 18878 ssh2
Jun 22 23:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Failed password for invalid user devops from 91.92.40.171 port 54260 ssh2
Jun 22 23:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Connection closed by 91.92.40.171 port 54260 [preauth]
Jun 22 23:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Failed password for invalid user oracle from 24.212.56.34 port 18878 ssh2
Jun 22 23:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Failed password for invalid user oracle from 24.212.56.34 port 18878 ssh2
Jun 22 23:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Invalid user user1 from 91.92.40.171
Jun 22 23:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: input_userauth_request: invalid user user1 [preauth]
Jun 22 23:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Failed password for invalid user oracle from 24.212.56.34 port 18878 ssh2
Jun 22 23:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Failed password for invalid user user1 from 91.92.40.171 port 54298 ssh2
Jun 22 23:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Connection closed by 91.92.40.171 port 54298 [preauth]
Jun 22 23:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Failed password for invalid user oracle from 24.212.56.34 port 18878 ssh2
Jun 22 23:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: Invalid user a from 91.92.40.171
Jun 22 23:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: input_userauth_request: invalid user a [preauth]
Jun 22 23:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Failed password for invalid user oracle from 24.212.56.34 port 18878 ssh2
Jun 22 23:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: error: maximum authentication attempts exceeded for invalid user oracle from 24.212.56.34 port 18878 ssh2 [preauth]
Jun 22 23:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Invalid user oracle from 24.212.56.34
Jun 22 23:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: input_userauth_request: invalid user oracle [preauth]
Jun 22 23:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: Failed password for invalid user a from 91.92.40.171 port 50672 ssh2
Jun 22 23:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: Connection closed by 91.92.40.171 port 50672 [preauth]
Jun 22 23:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Failed password for invalid user oracle from 24.212.56.34 port 19640 ssh2
Jun 22 23:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Invalid user node from 91.92.40.171
Jun 22 23:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: input_userauth_request: invalid user node [preauth]
Jun 22 23:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Failed password for invalid user oracle from 24.212.56.34 port 19640 ssh2
Jun 22 23:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Failed password for invalid user node from 91.92.40.171 port 50704 ssh2
Jun 22 23:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Connection closed by 91.92.40.171 port 50704 [preauth]
Jun 22 23:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Failed password for invalid user oracle from 24.212.56.34 port 19640 ssh2
Jun 22 23:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Failed password for invalid user oracle from 24.212.56.34 port 19640 ssh2
Jun 22 23:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: Invalid user rdpuser from 91.92.40.171
Jun 22 23:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: input_userauth_request: invalid user rdpuser [preauth]
Jun 22 23:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Failed password for invalid user oracle from 24.212.56.34 port 19640 ssh2
Jun 22 23:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: Failed password for invalid user rdpuser from 91.92.40.171 port 38816 ssh2
Jun 22 23:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: Connection closed by 91.92.40.171 port 38816 [preauth]
Jun 22 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Failed password for invalid user oracle from 24.212.56.34 port 19640 ssh2
Jun 22 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: error: maximum authentication attempts exceeded for invalid user oracle from 24.212.56.34 port 19640 ssh2 [preauth]
Jun 22 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Invalid user deploy from 91.92.40.171
Jun 22 23:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: input_userauth_request: invalid user deploy [preauth]
Jun 22 23:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: Invalid user oracle from 24.212.56.34
Jun 22 23:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: input_userauth_request: invalid user oracle [preauth]
Jun 22 23:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15861]: pam_unix(cron:session): session closed for user root
Jun 22 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15925]: Successful su for rubyman by root
Jun 22 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15925]: + ??? root:rubyman
Jun 22 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573754 of user rubyman.
Jun 22 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15925]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573754.
Jun 22 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: Failed password for invalid user oracle from 24.212.56.34 port 48037 ssh2
Jun 22 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Failed password for invalid user deploy from 91.92.40.171 port 38860 ssh2
Jun 22 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Connection closed by 91.92.40.171 port 38860 [preauth]
Jun 22 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15858]: pam_unix(cron:session): session closed for user root
Jun 22 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13185]: pam_unix(cron:session): session closed for user root
Jun 22 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: Failed password for invalid user oracle from 24.212.56.34 port 48037 ssh2
Jun 22 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: Received disconnect from 24.212.56.34 port 48037:11: disconnected by user [preauth]
Jun 22 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: Disconnected from 24.212.56.34 port 48037 [preauth]
Jun 22 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Invalid user usuario from 24.212.56.34
Jun 22 23:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: input_userauth_request: invalid user usuario [preauth]
Jun 22 23:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Failed password for invalid user usuario from 24.212.56.34 port 32268 ssh2
Jun 22 23:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16096]: Failed password for root from 91.92.40.171 port 50632 ssh2
Jun 22 23:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16096]: Connection closed by 91.92.40.171 port 50632 [preauth]
Jun 22 23:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Failed password for invalid user usuario from 24.212.56.34 port 32268 ssh2
Jun 22 23:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16136]: Invalid user xiao from 91.92.40.171
Jun 22 23:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16136]: input_userauth_request: invalid user xiao [preauth]
Jun 22 23:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16136]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Failed password for invalid user usuario from 24.212.56.34 port 32268 ssh2
Jun 22 23:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16136]: Failed password for invalid user xiao from 91.92.40.171 port 50700 ssh2
Jun 22 23:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16136]: Connection closed by 91.92.40.171 port 50700 [preauth]
Jun 22 23:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Failed password for invalid user usuario from 24.212.56.34 port 32268 ssh2
Jun 22 23:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Invalid user teamspeak from 91.92.40.171
Jun 22 23:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: input_userauth_request: invalid user teamspeak [preauth]
Jun 22 23:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Failed password for invalid user usuario from 24.212.56.34 port 32268 ssh2
Jun 22 23:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Failed password for invalid user teamspeak from 91.92.40.171 port 47058 ssh2
Jun 22 23:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Connection closed by 91.92.40.171 port 47058 [preauth]
Jun 22 23:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Failed password for invalid user usuario from 24.212.56.34 port 32268 ssh2
Jun 22 23:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: error: maximum authentication attempts exceeded for invalid user usuario from 24.212.56.34 port 32268 ssh2 [preauth]
Jun 22 23:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Invalid user usuario from 24.212.56.34
Jun 22 23:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: input_userauth_request: invalid user usuario [preauth]
Jun 22 23:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 22 23:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Failed password for invalid user usuario from 24.212.56.34 port 60059 ssh2
Jun 22 23:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: Failed password for root from 91.92.40.171 port 47108 ssh2
Jun 22 23:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: Connection closed by 91.92.40.171 port 47108 [preauth]
Jun 22 23:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Failed password for invalid user usuario from 24.212.56.34 port 60059 ssh2
Jun 22 23:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Invalid user deployer from 91.92.40.171
Jun 22 23:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: input_userauth_request: invalid user deployer [preauth]
Jun 22 23:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 22 23:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Failed password for invalid user usuario from 24.212.56.34 port 60059 ssh2
Jun 22 23:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Failed password for invalid user deployer from 91.92.40.171 port 38110 ssh2
Jun 22 23:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Connection closed by 91.92.40.171 port 38110 [preauth]
Jun 22 23:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Failed password for invalid user usuario from 24.212.56.34 port 60059 ssh2
Jun 22 23:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Failed password for invalid user usuario from 24.212.56.34 port 60059 ssh2
Jun 22 23:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Failed password for invalid user usuario from 24.212.56.34 port 60059 ssh2
Jun 22 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: error: maximum authentication attempts exceeded for invalid user usuario from 24.212.56.34 port 60059 ssh2 [preauth]
Jun 22 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: Invalid user usuario from 24.212.56.34
Jun 22 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: input_userauth_request: invalid user usuario [preauth]
Jun 22 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15007]: pam_unix(cron:session): session closed for user root
Jun 22 23:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: Failed password for invalid user usuario from 24.212.56.34 port 34357 ssh2
Jun 22 23:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: Failed password for invalid user usuario from 24.212.56.34 port 34357 ssh2
Jun 22 23:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: Received disconnect from 24.212.56.34 port 34357:11: disconnected by user [preauth]
Jun 22 23:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: Disconnected from 24.212.56.34 port 34357 [preauth]
Jun 22 23:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16212]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Invalid user test from 24.212.56.34
Jun 22 23:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: input_userauth_request: invalid user test [preauth]
Jun 22 23:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for invalid user test from 24.212.56.34 port 61612 ssh2
Jun 22 23:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 23:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Failed password for root from 38.55.97.143 port 39616 ssh2
Jun 22 23:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for invalid user test from 24.212.56.34 port 61612 ssh2
Jun 22 23:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for invalid user test from 24.212.56.34 port 61612 ssh2
Jun 22 23:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Connection closed by 38.55.97.143 port 39616 [preauth]
Jun 22 23:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for invalid user test from 24.212.56.34 port 61612 ssh2
Jun 22 23:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for invalid user test from 24.212.56.34 port 61612 ssh2
Jun 22 23:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for invalid user test from 24.212.56.34 port 61612 ssh2
Jun 22 23:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: error: maximum authentication attempts exceeded for invalid user test from 24.212.56.34 port 61612 ssh2 [preauth]
Jun 22 23:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Invalid user test from 24.212.56.34
Jun 22 23:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: input_userauth_request: invalid user test [preauth]
Jun 22 23:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for invalid user test from 24.212.56.34 port 44622 ssh2
Jun 22 23:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16365]: Successful su for rubyman by root
Jun 22 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16365]: + ??? root:rubyman
Jun 22 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573760 of user rubyman.
Jun 22 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16365]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573760.
Jun 22 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for invalid user test from 24.212.56.34 port 44622 ssh2
Jun 22 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for invalid user test from 24.212.56.34 port 44622 ssh2
Jun 22 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13608]: pam_unix(cron:session): session closed for user root
Jun 22 23:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for invalid user test from 24.212.56.34 port 44622 ssh2
Jun 22 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for invalid user test from 24.212.56.34 port 44622 ssh2
Jun 22 23:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for invalid user test from 24.212.56.34 port 44622 ssh2
Jun 22 23:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: error: maximum authentication attempts exceeded for invalid user test from 24.212.56.34 port 44622 ssh2 [preauth]
Jun 22 23:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Invalid user test from 24.212.56.34
Jun 22 23:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: input_userauth_request: invalid user test [preauth]
Jun 22 23:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Failed password for invalid user test from 24.212.56.34 port 46777 ssh2
Jun 22 23:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Failed password for invalid user test from 24.212.56.34 port 46777 ssh2
Jun 22 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Received disconnect from 24.212.56.34 port 46777:11: disconnected by user [preauth]
Jun 22 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Disconnected from 24.212.56.34 port 46777 [preauth]
Jun 22 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: Invalid user user from 24.212.56.34
Jun 22 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: input_userauth_request: invalid user user [preauth]
Jun 22 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: Failed password for invalid user user from 24.212.56.34 port 48815 ssh2
Jun 22 23:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: Failed password for invalid user user from 24.212.56.34 port 48815 ssh2
Jun 22 23:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: Failed password for invalid user user from 24.212.56.34 port 48815 ssh2
Jun 22 23:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: Failed password for invalid user user from 24.212.56.34 port 48815 ssh2
Jun 22 23:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: Failed password for invalid user user from 24.212.56.34 port 48815 ssh2
Jun 22 23:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: Failed password for invalid user user from 24.212.56.34 port 48815 ssh2
Jun 22 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: error: maximum authentication attempts exceeded for invalid user user from 24.212.56.34 port 48815 ssh2 [preauth]
Jun 22 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15435]: pam_unix(cron:session): session closed for user root
Jun 22 23:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Invalid user user from 24.212.56.34
Jun 22 23:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: input_userauth_request: invalid user user [preauth]
Jun 22 23:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Failed password for invalid user user from 24.212.56.34 port 46024 ssh2
Jun 22 23:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Failed password for invalid user user from 24.212.56.34 port 46024 ssh2
Jun 22 23:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Failed password for invalid user user from 24.212.56.34 port 46024 ssh2
Jun 22 23:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Failed password for invalid user user from 24.212.56.34 port 46024 ssh2
Jun 22 23:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Failed password for invalid user user from 24.212.56.34 port 46024 ssh2
Jun 22 23:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Failed password for invalid user user from 24.212.56.34 port 46024 ssh2
Jun 22 23:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: error: maximum authentication attempts exceeded for invalid user user from 24.212.56.34 port 46024 ssh2 [preauth]
Jun 22 23:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Invalid user user from 24.212.56.34
Jun 22 23:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: input_userauth_request: invalid user user [preauth]
Jun 22 23:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Failed password for invalid user user from 24.212.56.34 port 47319 ssh2
Jun 22 23:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Failed password for invalid user user from 24.212.56.34 port 47319 ssh2
Jun 22 23:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Failed password for invalid user user from 24.212.56.34 port 47319 ssh2
Jun 22 23:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Failed password for invalid user user from 24.212.56.34 port 47319 ssh2
Jun 22 23:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Received disconnect from 24.212.56.34 port 47319:11: disconnected by user [preauth]
Jun 22 23:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Disconnected from 24.212.56.34 port 47319 [preauth]
Jun 22 23:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 22 23:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Invalid user ftpuser from 24.212.56.34
Jun 22 23:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 23:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Failed password for invalid user ftpuser from 24.212.56.34 port 15030 ssh2
Jun 22 23:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16708]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: Successful su for rubyman by root
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: + ??? root:rubyman
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573765 of user rubyman.
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573765.
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Failed password for invalid user ftpuser from 24.212.56.34 port 15030 ssh2
Jun 22 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Failed password for invalid user ftpuser from 24.212.56.34 port 15030 ssh2
Jun 22 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14070]: pam_unix(cron:session): session closed for user root
Jun 22 23:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16709]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Failed password for invalid user ftpuser from 24.212.56.34 port 15030 ssh2
Jun 22 23:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Failed password for invalid user ftpuser from 24.212.56.34 port 15030 ssh2
Jun 22 23:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Failed password for invalid user ftpuser from 24.212.56.34 port 15030 ssh2
Jun 22 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: error: maximum authentication attempts exceeded for invalid user ftpuser from 24.212.56.34 port 15030 ssh2 [preauth]
Jun 22 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Invalid user ftpuser from 24.212.56.34
Jun 22 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Failed password for invalid user ftpuser from 24.212.56.34 port 40330 ssh2
Jun 22 23:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Failed password for invalid user ftpuser from 24.212.56.34 port 40330 ssh2
Jun 22 23:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Failed password for invalid user ftpuser from 24.212.56.34 port 40330 ssh2
Jun 22 23:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Failed password for invalid user ftpuser from 24.212.56.34 port 40330 ssh2
Jun 22 23:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Failed password for invalid user ftpuser from 24.212.56.34 port 40330 ssh2
Jun 22 23:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Failed password for invalid user ftpuser from 24.212.56.34 port 40330 ssh2
Jun 22 23:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: error: maximum authentication attempts exceeded for invalid user ftpuser from 24.212.56.34 port 40330 ssh2 [preauth]
Jun 22 23:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Invalid user ftpuser from 24.212.56.34
Jun 22 23:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: input_userauth_request: invalid user ftpuser [preauth]
Jun 22 23:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Failed password for invalid user ftpuser from 24.212.56.34 port 27543 ssh2
Jun 22 23:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Failed password for invalid user ftpuser from 24.212.56.34 port 27543 ssh2
Jun 22 23:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Failed password for invalid user ftpuser from 24.212.56.34 port 27543 ssh2
Jun 22 23:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Failed password for invalid user ftpuser from 24.212.56.34 port 27543 ssh2
Jun 22 23:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Received disconnect from 24.212.56.34 port 27543:11: disconnected by user [preauth]
Jun 22 23:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Disconnected from 24.212.56.34 port 27543 [preauth]
Jun 22 23:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 22 23:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Invalid user test1 from 24.212.56.34
Jun 22 23:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: input_userauth_request: invalid user test1 [preauth]
Jun 22 23:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15860]: pam_unix(cron:session): session closed for user root
Jun 22 23:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Failed password for invalid user test1 from 24.212.56.34 port 13953 ssh2
Jun 22 23:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Failed password for invalid user test1 from 24.212.56.34 port 13953 ssh2
Jun 22 23:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Failed password for invalid user test1 from 24.212.56.34 port 13953 ssh2
Jun 22 23:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Failed password for invalid user test1 from 24.212.56.34 port 13953 ssh2
Jun 22 23:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Failed password for invalid user test1 from 24.212.56.34 port 13953 ssh2
Jun 22 23:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Failed password for invalid user test1 from 24.212.56.34 port 13953 ssh2
Jun 22 23:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: error: maximum authentication attempts exceeded for invalid user test1 from 24.212.56.34 port 13953 ssh2 [preauth]
Jun 22 23:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Invalid user test1 from 24.212.56.34
Jun 22 23:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: input_userauth_request: invalid user test1 [preauth]
Jun 22 23:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Failed password for invalid user test1 from 24.212.56.34 port 24327 ssh2
Jun 22 23:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Failed password for invalid user test1 from 24.212.56.34 port 24327 ssh2
Jun 22 23:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 22 23:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Failed password for invalid user test1 from 24.212.56.34 port 24327 ssh2
Jun 22 23:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Failed password for root from 87.251.79.125 port 39136 ssh2
Jun 22 23:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Connection closed by 87.251.79.125 port 39136 [preauth]
Jun 22 23:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Failed password for invalid user test1 from 24.212.56.34 port 24327 ssh2
Jun 22 23:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Failed password for invalid user test1 from 24.212.56.34 port 24327 ssh2
Jun 22 23:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Failed password for invalid user test1 from 24.212.56.34 port 24327 ssh2
Jun 22 23:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: error: maximum authentication attempts exceeded for invalid user test1 from 24.212.56.34 port 24327 ssh2 [preauth]
Jun 22 23:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Invalid user test1 from 24.212.56.34
Jun 22 23:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: input_userauth_request: invalid user test1 [preauth]
Jun 22 23:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Failed password for invalid user test1 from 24.212.56.34 port 56121 ssh2
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17208]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17271]: Successful su for rubyman by root
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17271]: + ??? root:rubyman
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573768 of user rubyman.
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17271]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573768.
Jun 22 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Failed password for invalid user test1 from 24.212.56.34 port 56121 ssh2
Jun 22 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Received disconnect from 24.212.56.34 port 56121:11: disconnected by user [preauth]
Jun 22 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Disconnected from 24.212.56.34 port 56121 [preauth]
Jun 22 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Invalid user test2 from 24.212.56.34
Jun 22 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: input_userauth_request: invalid user test2 [preauth]
Jun 22 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14482]: pam_unix(cron:session): session closed for user root
Jun 22 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Failed password for invalid user test2 from 24.212.56.34 port 22465 ssh2
Jun 22 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17209]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Failed password for invalid user test2 from 24.212.56.34 port 22465 ssh2
Jun 22 23:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Failed password for invalid user test2 from 24.212.56.34 port 22465 ssh2
Jun 22 23:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Failed password for invalid user test2 from 24.212.56.34 port 22465 ssh2
Jun 22 23:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Failed password for invalid user test2 from 24.212.56.34 port 22465 ssh2
Jun 22 23:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Failed password for invalid user test2 from 24.212.56.34 port 22465 ssh2
Jun 22 23:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: error: maximum authentication attempts exceeded for invalid user test2 from 24.212.56.34 port 22465 ssh2 [preauth]
Jun 22 23:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: Invalid user test2 from 24.212.56.34
Jun 22 23:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: input_userauth_request: invalid user test2 [preauth]
Jun 22 23:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: Failed password for invalid user test2 from 24.212.56.34 port 9585 ssh2
Jun 22 23:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: Failed password for invalid user test2 from 24.212.56.34 port 9585 ssh2
Jun 22 23:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: Failed password for invalid user test2 from 24.212.56.34 port 9585 ssh2
Jun 22 23:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: Failed password for invalid user test2 from 24.212.56.34 port 9585 ssh2
Jun 22 23:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: Failed password for invalid user test2 from 24.212.56.34 port 9585 ssh2
Jun 22 23:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: Failed password for invalid user test2 from 24.212.56.34 port 9585 ssh2
Jun 22 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: error: maximum authentication attempts exceeded for invalid user test2 from 24.212.56.34 port 9585 ssh2 [preauth]
Jun 22 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17507]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Invalid user test2 from 24.212.56.34
Jun 22 23:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: input_userauth_request: invalid user test2 [preauth]
Jun 22 23:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Failed password for invalid user test2 from 24.212.56.34 port 12957 ssh2
Jun 22 23:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Failed password for invalid user test2 from 24.212.56.34 port 12957 ssh2
Jun 22 23:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Received disconnect from 24.212.56.34 port 12957:11: disconnected by user [preauth]
Jun 22 23:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Disconnected from 24.212.56.34 port 12957 [preauth]
Jun 22 23:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Invalid user ubuntu from 24.212.56.34
Jun 22 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session closed for user root
Jun 22 23:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Failed password for invalid user ubuntu from 24.212.56.34 port 34436 ssh2
Jun 22 23:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Failed password for invalid user ubuntu from 24.212.56.34 port 34436 ssh2
Jun 22 23:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Failed password for invalid user ubuntu from 24.212.56.34 port 34436 ssh2
Jun 22 23:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Failed password for invalid user ubuntu from 24.212.56.34 port 34436 ssh2
Jun 22 23:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Failed password for invalid user ubuntu from 24.212.56.34 port 34436 ssh2
Jun 22 23:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Failed password for invalid user ubuntu from 24.212.56.34 port 34436 ssh2
Jun 22 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: error: maximum authentication attempts exceeded for invalid user ubuntu from 24.212.56.34 port 34436 ssh2 [preauth]
Jun 22 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17547]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Invalid user ubuntu from 24.212.56.34
Jun 22 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Failed password for invalid user ubuntu from 24.212.56.34 port 12542 ssh2
Jun 22 23:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Failed password for invalid user ubuntu from 24.212.56.34 port 12542 ssh2
Jun 22 23:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Failed password for invalid user ubuntu from 24.212.56.34 port 12542 ssh2
Jun 22 23:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Failed password for invalid user ubuntu from 24.212.56.34 port 12542 ssh2
Jun 22 23:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Failed password for invalid user ubuntu from 24.212.56.34 port 12542 ssh2
Jun 22 23:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Failed password for invalid user ubuntu from 24.212.56.34 port 12542 ssh2
Jun 22 23:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: error: maximum authentication attempts exceeded for invalid user ubuntu from 24.212.56.34 port 12542 ssh2 [preauth]
Jun 22 23:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Disconnecting: Too many authentication failures [preauth]
Jun 22 23:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 22 23:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Invalid user ubuntu from 24.212.56.34
Jun 22 23:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: input_userauth_request: invalid user ubuntu [preauth]
Jun 22 23:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17634]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Failed password for invalid user ubuntu from 24.212.56.34 port 35968 ssh2
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17785]: Successful su for rubyman by root
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17785]: + ??? root:rubyman
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573772 of user rubyman.
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17785]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573772.
Jun 22 23:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Failed password for invalid user ubuntu from 24.212.56.34 port 35968 ssh2
Jun 22 23:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15006]: pam_unix(cron:session): session closed for user root
Jun 22 23:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17635]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Failed password for invalid user ubuntu from 24.212.56.34 port 35968 ssh2
Jun 22 23:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Failed password for invalid user ubuntu from 24.212.56.34 port 35968 ssh2
Jun 22 23:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Received disconnect from 24.212.56.34 port 35968:11: disconnected by user [preauth]
Jun 22 23:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Disconnected from 24.212.56.34 port 35968 [preauth]
Jun 22 23:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 22 23:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Invalid user pi from 24.212.56.34
Jun 22 23:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: input_userauth_request: invalid user pi [preauth]
Jun 22 23:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Failed password for invalid user pi from 24.212.56.34 port 56057 ssh2
Jun 22 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Failed password for invalid user pi from 24.212.56.34 port 56057 ssh2
Jun 22 23:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Failed password for invalid user pi from 24.212.56.34 port 56057 ssh2
Jun 22 23:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Failed password for invalid user pi from 24.212.56.34 port 56057 ssh2
Jun 22 23:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Received disconnect from 24.212.56.34 port 56057:11: disconnected by user [preauth]
Jun 22 23:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Disconnected from 24.212.56.34 port 56057 [preauth]
Jun 22 23:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 22 23:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Invalid user baikal from 24.212.56.34
Jun 22 23:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: input_userauth_request: invalid user baikal [preauth]
Jun 22 23:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.212.56.34
Jun 22 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Failed password for invalid user baikal from 24.212.56.34 port 16023 ssh2
Jun 22 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Received disconnect from 24.212.56.34 port 16023:11: disconnected by user [preauth]
Jun 22 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Disconnected from 24.212.56.34 port 16023 [preauth]
Jun 22 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 22 23:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: Failed password for root from 38.55.97.143 port 41170 ssh2
Jun 22 23:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: Connection closed by 38.55.97.143 port 41170 [preauth]
Jun 22 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16711]: pam_unix(cron:session): session closed for user root
Jun 22 23:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: Did not receive identification string from 91.92.40.6
Jun 22 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18157]: pam_unix(cron:session): session closed for user root
Jun 22 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18148]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18230]: Successful su for rubyman by root
Jun 22 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18230]: + ??? root:rubyman
Jun 22 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573776 of user rubyman.
Jun 22 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18230]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573776.
Jun 22 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15434]: pam_unix(cron:session): session closed for user root
Jun 22 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18153]: pam_unix(cron:session): session closed for user root
Jun 22 23:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18149]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session closed for user root
Jun 22 23:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 22 23:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: Failed password for root from 103.172.78.219 port 54052 ssh2
Jun 22 23:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: Connection closed by 103.172.78.219 port 54052 [preauth]
Jun 22 23:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 22 23:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Failed password for root from 103.15.222.183 port 56944 ssh2
Jun 22 23:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Connection closed by 103.15.222.183 port 56944 [preauth]
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18693]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18764]: Successful su for rubyman by root
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18764]: + ??? root:rubyman
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573782 of user rubyman.
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18764]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573782.
Jun 22 23:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15859]: pam_unix(cron:session): session closed for user root
Jun 22 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18694]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: Failed password for root from 91.92.40.6 port 42588 ssh2
Jun 22 23:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: Connection closed by 91.92.40.6 port 42588 [preauth]
Jun 22 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17637]: pam_unix(cron:session): session closed for user root
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19113]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19276]: Successful su for rubyman by root
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19276]: + ??? root:rubyman
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573787 of user rubyman.
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19276]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573787.
Jun 22 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session closed for user root
Jun 22 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19114]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19723]: Received disconnect from 23.237.188.34 port 59008:11: disconnected by user [preauth]
Jun 22 23:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19723]: Disconnected from 23.237.188.34 port 59008 [preauth]
Jun 22 23:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18156]: pam_unix(cron:session): session closed for user root
Jun 22 23:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Invalid user postgres from 38.55.97.143
Jun 22 23:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: input_userauth_request: invalid user postgres [preauth]
Jun 22 23:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 23:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Failed password for invalid user postgres from 38.55.97.143 port 44976 ssh2
Jun 22 23:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Connection closed by 38.55.97.143 port 44976 [preauth]
Jun 22 23:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: Failed password for root from 91.92.40.6 port 42128 ssh2
Jun 22 23:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: Connection closed by 91.92.40.6 port 42128 [preauth]
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19898]: Successful su for rubyman by root
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19898]: + ??? root:rubyman
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573791 of user rubyman.
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19898]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573791.
Jun 22 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16710]: pam_unix(cron:session): session closed for user root
Jun 22 23:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18696]: pam_unix(cron:session): session closed for user root
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20321]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20319]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20390]: Successful su for rubyman by root
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20390]: + ??? root:rubyman
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573794 of user rubyman.
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20390]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573794.
Jun 22 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17210]: pam_unix(cron:session): session closed for user root
Jun 22 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20320]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: Failed password for root from 91.92.40.6 port 42104 ssh2
Jun 22 23:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: Connection closed by 91.92.40.6 port 42104 [preauth]
Jun 22 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session closed for user root
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session closed for user root
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20896]: Successful su for rubyman by root
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20896]: + ??? root:rubyman
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573800 of user rubyman.
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20896]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573800.
Jun 22 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user root
Jun 22 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17636]: pam_unix(cron:session): session closed for user root
Jun 22 23:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 22 23:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: Failed password for root from 38.93.206.2 port 54260 ssh2
Jun 22 23:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: Connection closed by 38.93.206.2 port 54260 [preauth]
Jun 22 23:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: Failed password for root from 91.92.40.6 port 52146 ssh2
Jun 22 23:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: Connection closed by 91.92.40.6 port 52146 [preauth]
Jun 22 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19830]: pam_unix(cron:session): session closed for user root
Jun 22 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21188]: Connection closed by 194.59.206.2 port 26318 [preauth]
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21262]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21346]: Successful su for rubyman by root
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21346]: + ??? root:rubyman
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573804 of user rubyman.
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21346]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573804.
Jun 22 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18154]: pam_unix(cron:session): session closed for user root
Jun 22 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21263]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Invalid user pedro from 38.55.97.143
Jun 22 23:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: input_userauth_request: invalid user pedro [preauth]
Jun 22 23:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 23:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Failed password for invalid user pedro from 38.55.97.143 port 47628 ssh2
Jun 22 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20322]: pam_unix(cron:session): session closed for user root
Jun 22 23:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Connection closed by 38.55.97.143 port 47628 [preauth]
Jun 22 23:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Failed password for root from 91.92.40.6 port 41614 ssh2
Jun 22 23:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Connection closed by 91.92.40.6 port 41614 [preauth]
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21716]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: Successful su for rubyman by root
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: + ??? root:rubyman
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573809 of user rubyman.
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573809.
Jun 22 23:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18695]: pam_unix(cron:session): session closed for user root
Jun 22 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21717]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session closed for user root
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22112]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22179]: Successful su for rubyman by root
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22179]: + ??? root:rubyman
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573813 of user rubyman.
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22179]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573813.
Jun 22 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session closed for user root
Jun 22 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: Failed password for root from 91.92.40.6 port 38386 ssh2
Jun 22 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: Connection closed by 91.92.40.6 port 38386 [preauth]
Jun 22 23:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22113]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 22 23:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: Failed password for root from 103.176.20.57 port 56642 ssh2
Jun 22 23:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: Connection closed by 103.176.20.57 port 56642 [preauth]
Jun 22 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session closed for user root
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22604]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22667]: Successful su for rubyman by root
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22667]: + ??? root:rubyman
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573816 of user rubyman.
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22667]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573816.
Jun 22 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session closed for user root
Jun 22 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22605]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 22 23:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 23:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Failed password for root from 103.77.242.62 port 60166 ssh2
Jun 22 23:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Connection closed by 103.77.242.62 port 60166 [preauth]
Jun 22 23:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: Failed password for root from 91.92.40.6 port 58288 ssh2
Jun 22 23:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: Connection closed by 91.92.40.6 port 58288 [preauth]
Jun 22 23:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22901]: Failed password for root from 193.24.211.107 port 51825 ssh2
Jun 22 23:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22901]: Received disconnect from 193.24.211.107 port 51825:11: Client disconnecting normally [preauth]
Jun 22 23:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22901]: Disconnected from 193.24.211.107 port 51825 [preauth]
Jun 22 23:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21719]: pam_unix(cron:session): session closed for user root
Jun 22 23:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Invalid user oracle from 38.55.97.143
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: input_userauth_request: invalid user oracle [preauth]
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23027]: pam_unix(cron:session): session closed for user root
Jun 22 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23090]: Successful su for rubyman by root
Jun 22 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23090]: + ??? root:rubyman
Jun 22 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573823 of user rubyman.
Jun 22 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23090]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573823.
Jun 22 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 22 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Failed password for invalid user oracle from 38.55.97.143 port 50474 ssh2
Jun 22 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Connection closed by 38.55.97.143 port 50474 [preauth]
Jun 22 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23024]: pam_unix(cron:session): session closed for user root
Jun 22 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20321]: pam_unix(cron:session): session closed for user root
Jun 22 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: Failed password for root from 103.82.20.28 port 40460 ssh2
Jun 22 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: Connection closed by 103.82.20.28 port 40460 [preauth]
Jun 22 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23023]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 22 23:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: Failed password for root from 103.149.28.157 port 44118 ssh2
Jun 22 23:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: Connection closed by 103.149.28.157 port 44118 [preauth]
Jun 22 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session closed for user root
Jun 22 23:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Failed password for root from 91.92.40.6 port 52374 ssh2
Jun 22 23:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Connection closed by 91.92.40.6 port 52374 [preauth]
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23471]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23545]: Successful su for rubyman by root
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23545]: + ??? root:rubyman
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573826 of user rubyman.
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23545]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573826.
Jun 22 23:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session closed for user root
Jun 22 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23472]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22607]: pam_unix(cron:session): session closed for user root
Jun 22 23:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23983]: Failed password for root from 91.92.40.6 port 58366 ssh2
Jun 22 23:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23983]: Connection closed by 91.92.40.6 port 58366 [preauth]
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23994]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24056]: Successful su for rubyman by root
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24056]: + ??? root:rubyman
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573830 of user rubyman.
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24056]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573830.
Jun 22 23:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session closed for user root
Jun 22 23:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23995]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 22 23:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Failed password for root from 103.27.238.114 port 47904 ssh2
Jun 22 23:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Connection closed by 103.27.238.114 port 47904 [preauth]
Jun 22 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23026]: pam_unix(cron:session): session closed for user root
Jun 22 23:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24410]: Received disconnect from 172.96.172.91 port 36000:11: disconnected by user [preauth]
Jun 22 23:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24410]: Disconnected from 172.96.172.91 port 36000 [preauth]
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24493]: Successful su for rubyman by root
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24493]: + ??? root:rubyman
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573835 of user rubyman.
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24493]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573835.
Jun 22 23:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21718]: pam_unix(cron:session): session closed for user root
Jun 22 23:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24422]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Failed password for root from 91.92.40.6 port 50788 ssh2
Jun 22 23:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Connection closed by 91.92.40.6 port 50788 [preauth]
Jun 22 23:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Invalid user myshake from 38.55.97.143
Jun 22 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: input_userauth_request: invalid user myshake [preauth]
Jun 22 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Failed password for invalid user myshake from 38.55.97.143 port 51486 ssh2
Jun 22 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session closed for user root
Jun 22 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Connection closed by 38.55.97.143 port 51486 [preauth]
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24850]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24963]: Successful su for rubyman by root
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24963]: + ??? root:rubyman
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573838 of user rubyman.
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24963]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573838.
Jun 22 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24847]: pam_unix(cron:session): session closed for user root
Jun 22 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22114]: pam_unix(cron:session): session closed for user root
Jun 22 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24851]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23997]: pam_unix(cron:session): session closed for user root
Jun 22 23:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25257]: Failed password for root from 91.92.40.6 port 35720 ssh2
Jun 22 23:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25257]: Connection closed by 91.92.40.6 port 35720 [preauth]
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25336]: pam_unix(cron:session): session closed for user root
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25331]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25400]: Successful su for rubyman by root
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25400]: + ??? root:rubyman
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573843 of user rubyman.
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25400]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573843.
Jun 22 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22606]: pam_unix(cron:session): session closed for user root
Jun 22 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25333]: pam_unix(cron:session): session closed for user root
Jun 22 23:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25332]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24424]: pam_unix(cron:session): session closed for user root
Jun 22 23:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25732]: Failed password for root from 91.92.40.6 port 58230 ssh2
Jun 22 23:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25732]: Connection closed by 91.92.40.6 port 58230 [preauth]
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25752]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25823]: Successful su for rubyman by root
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25823]: + ??? root:rubyman
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573849 of user rubyman.
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25823]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573849.
Jun 22 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23025]: pam_unix(cron:session): session closed for user root
Jun 22 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25754]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24853]: pam_unix(cron:session): session closed for user root
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26218]: Successful su for rubyman by root
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26218]: + ??? root:rubyman
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573854 of user rubyman.
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26218]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573854.
Jun 22 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23473]: pam_unix(cron:session): session closed for user root
Jun 22 23:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Invalid user matt from 38.55.97.143
Jun 22 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: input_userauth_request: invalid user matt [preauth]
Jun 22 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Failed password for invalid user matt from 38.55.97.143 port 53392 ssh2
Jun 22 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26391]: Failed password for root from 91.92.40.6 port 44318 ssh2
Jun 22 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26391]: Connection closed by 91.92.40.6 port 44318 [preauth]
Jun 22 23:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Connection closed by 38.55.97.143 port 53392 [preauth]
Jun 22 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25335]: pam_unix(cron:session): session closed for user root
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26546]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26612]: Successful su for rubyman by root
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26612]: + ??? root:rubyman
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573858 of user rubyman.
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26612]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573858.
Jun 22 23:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23996]: pam_unix(cron:session): session closed for user root
Jun 22 23:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26547]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26929]: Failed password for root from 91.92.40.6 port 43708 ssh2
Jun 22 23:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26929]: Connection closed by 91.92.40.6 port 43708 [preauth]
Jun 22 23:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session closed for user root
Jun 22 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: Invalid user admin from 193.46.255.86
Jun 22 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: input_userauth_request: invalid user admin [preauth]
Jun 22 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 23:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: Failed password for invalid user admin from 193.46.255.86 port 6582 ssh2
Jun 22 23:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: Failed password for invalid user admin from 193.46.255.86 port 6582 ssh2
Jun 22 23:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: Failed password for invalid user admin from 193.46.255.86 port 6582 ssh2
Jun 22 23:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: Connection closed by 193.46.255.86 port 6582 [preauth]
Jun 22 23:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27028]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27089]: Successful su for rubyman by root
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27089]: + ??? root:rubyman
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573862 of user rubyman.
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27089]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573862.
Jun 22 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session closed for user root
Jun 22 23:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session closed for user root
Jun 22 23:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Failed password for root from 91.92.40.6 port 46852 ssh2
Jun 22 23:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Connection closed by 91.92.40.6 port 46852 [preauth]
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27458]: pam_unix(cron:session): session closed for user root
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27452]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27529]: Successful su for rubyman by root
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27529]: + ??? root:rubyman
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573866 of user rubyman.
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27529]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573866.
Jun 22 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session closed for user root
Jun 22 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24852]: pam_unix(cron:session): session closed for user root
Jun 22 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26549]: pam_unix(cron:session): session closed for user root
Jun 22 23:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Invalid user info from 38.55.97.143
Jun 22 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: input_userauth_request: invalid user info [preauth]
Jun 22 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 23:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Failed password for invalid user info from 38.55.97.143 port 56438 ssh2
Jun 22 23:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Connection closed by 38.55.97.143 port 56438 [preauth]
Jun 22 23:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Failed password for root from 91.92.40.6 port 56402 ssh2
Jun 22 23:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Connection closed by 91.92.40.6 port 56402 [preauth]
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27967]: Successful su for rubyman by root
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27967]: + ??? root:rubyman
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573871 of user rubyman.
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27967]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573871.
Jun 22 23:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25334]: pam_unix(cron:session): session closed for user root
Jun 22 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27898]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27031]: pam_unix(cron:session): session closed for user root
Jun 22 23:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 22 23:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Failed password for root from 193.37.70.224 port 36974 ssh2
Jun 22 23:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Connection closed by 193.37.70.224 port 36974 [preauth]
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28355]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28413]: Successful su for rubyman by root
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28413]: + ??? root:rubyman
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573875 of user rubyman.
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28413]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573875.
Jun 22 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session closed for user root
Jun 22 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28356]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: Failed password for root from 91.92.40.6 port 58986 ssh2
Jun 22 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: Connection closed by 91.92.40.6 port 58986 [preauth]
Jun 22 23:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: Received disconnect from 104.236.66.186 port 58156:11: disconnected by user [preauth]
Jun 22 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: Disconnected from 104.236.66.186 port 58156 [preauth]
Jun 22 23:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27457]: pam_unix(cron:session): session closed for user root
Jun 22 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28857]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28931]: Successful su for rubyman by root
Jun 22 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28931]: + ??? root:rubyman
Jun 22 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573879 of user rubyman.
Jun 22 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28931]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573879.
Jun 22 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session closed for user root
Jun 22 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28859]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: Failed password for root from 91.92.40.6 port 44744 ssh2
Jun 22 23:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: Connection closed by 91.92.40.6 port 44744 [preauth]
Jun 22 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27900]: pam_unix(cron:session): session closed for user root
Jun 22 23:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 22 23:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29232]: Failed password for root from 103.77.175.15 port 34672 ssh2
Jun 22 23:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29232]: Connection closed by 103.77.175.15 port 34672 [preauth]
Jun 22 23:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Invalid user user from 141.98.83.240
Jun 22 23:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: input_userauth_request: invalid user user [preauth]
Jun 22 23:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 23:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Failed password for invalid user user from 141.98.83.240 port 17370 ssh2
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29359]: Successful su for rubyman by root
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29359]: + ??? root:rubyman
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573884 of user rubyman.
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29359]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573884.
Jun 22 23:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Failed password for invalid user user from 141.98.83.240 port 17370 ssh2
Jun 22 23:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26548]: pam_unix(cron:session): session closed for user root
Jun 22 23:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Failed password for invalid user user from 141.98.83.240 port 17370 ssh2
Jun 22 23:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29302]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Connection closed by 141.98.83.240 port 17370 [preauth]
Jun 22 23:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 22 23:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 22 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Failed password for root from 103.82.132.16 port 46846 ssh2
Jun 22 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Connection closed by 103.82.132.16 port 46846 [preauth]
Jun 22 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28358]: pam_unix(cron:session): session closed for user root
Jun 22 23:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29774]: Failed password for root from 91.92.40.6 port 52238 ssh2
Jun 22 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29774]: Connection closed by 91.92.40.6 port 52238 [preauth]
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29831]: pam_unix(cron:session): session closed for user root
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29822]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29903]: Successful su for rubyman by root
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29903]: + ??? root:rubyman
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573887 of user rubyman.
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29903]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573887.
Jun 22 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27030]: pam_unix(cron:session): session closed for user root
Jun 22 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29824]: pam_unix(cron:session): session closed for user root
Jun 22 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29823]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 22 23:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30130]: Failed password for root from 193.24.211.107 port 31397 ssh2
Jun 22 23:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30130]: Received disconnect from 193.24.211.107 port 31397:11: Client disconnecting normally [preauth]
Jun 22 23:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30130]: Disconnected from 193.24.211.107 port 31397 [preauth]
Jun 22 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28861]: pam_unix(cron:session): session closed for user root
Jun 22 23:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for root from 91.92.40.6 port 55266 ssh2
Jun 22 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Connection closed by 91.92.40.6 port 55266 [preauth]
Jun 22 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: Successful su for rubyman by root
Jun 22 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: + ??? root:rubyman
Jun 22 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573893 of user rubyman.
Jun 22 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573893.
Jun 22 23:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session closed for user root
Jun 22 23:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: Invalid user dev from 38.55.97.143
Jun 22 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: input_userauth_request: invalid user dev [preauth]
Jun 22 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 23:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: Failed password for invalid user dev from 38.55.97.143 port 36638 ssh2
Jun 22 23:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: Connection closed by 38.55.97.143 port 36638 [preauth]
Jun 22 23:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29304]: pam_unix(cron:session): session closed for user root
Jun 22 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30705]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30764]: Successful su for rubyman by root
Jun 22 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30764]: + ??? root:rubyman
Jun 22 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573897 of user rubyman.
Jun 22 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30764]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573897.
Jun 22 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27899]: pam_unix(cron:session): session closed for user root
Jun 22 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30706]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 22 23:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: Failed password for root from 91.92.40.6 port 36098 ssh2
Jun 22 23:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: Connection closed by 91.92.40.6 port 36098 [preauth]
Jun 22 23:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Failed password for root from 109.237.96.109 port 51032 ssh2
Jun 22 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Connection closed by 109.237.96.109 port 51032 [preauth]
Jun 22 23:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29830]: pam_unix(cron:session): session closed for user root
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31201]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: Successful su for rubyman by root
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: + ??? root:rubyman
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573901 of user rubyman.
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573901.
Jun 22 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28357]: pam_unix(cron:session): session closed for user root
Jun 22 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 22 23:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Failed password for root from 103.27.238.116 port 46286 ssh2
Jun 22 23:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Connection closed by 103.27.238.116 port 46286 [preauth]
Jun 22 23:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: Failed password for root from 91.92.40.6 port 44856 ssh2
Jun 22 23:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: Connection closed by 91.92.40.6 port 44856 [preauth]
Jun 22 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30285]: pam_unix(cron:session): session closed for user root
Jun 22 23:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 22 23:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31676]: Failed password for root from 194.113.233.25 port 38734 ssh2
Jun 22 23:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31676]: Connection closed by 194.113.233.25 port 38734 [preauth]
Jun 22 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31713]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: Successful su for rubyman by root
Jun 22 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: + ??? root:rubyman
Jun 22 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573906 of user rubyman.
Jun 22 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573906.
Jun 22 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28860]: pam_unix(cron:session): session closed for user root
Jun 22 23:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31714]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session closed for user root
Jun 22 23:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32103]: Failed password for root from 91.92.40.6 port 57954 ssh2
Jun 22 23:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32103]: Connection closed by 91.92.40.6 port 57954 [preauth]
Jun 22 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32134]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32135]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32138]: pam_unix(cron:session): session closed for user root
Jun 22 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32132]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32204]: Successful su for rubyman by root
Jun 22 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32204]: + ??? root:rubyman
Jun 22 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573909 of user rubyman.
Jun 22 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32204]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573909.
Jun 22 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29303]: pam_unix(cron:session): session closed for user root
Jun 22 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32134]: pam_unix(cron:session): session closed for user root
Jun 22 23:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32133]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31204]: pam_unix(cron:session): session closed for user root
Jun 22 23:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 22 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: Failed password for root from 103.122.221.179 port 54504 ssh2
Jun 22 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: Connection closed by 103.122.221.179 port 54504 [preauth]
Jun 22 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32567]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32634]: Successful su for rubyman by root
Jun 22 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32634]: + ??? root:rubyman
Jun 22 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573916 of user rubyman.
Jun 22 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32634]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573916.
Jun 22 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: Failed password for root from 91.92.40.6 port 35214 ssh2
Jun 22 23:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session closed for user root
Jun 22 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: Connection closed by 91.92.40.6 port 35214 [preauth]
Jun 22 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32568]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[397]: Received disconnect from 62.182.85.212 port 48522:11: disconnected by user [preauth]
Jun 22 23:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[397]: Disconnected from 62.182.85.212 port 48522 [preauth]
Jun 22 23:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31716]: pam_unix(cron:session): session closed for user root
Jun 22 23:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Invalid user deploy from 38.55.97.143
Jun 22 23:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: input_userauth_request: invalid user deploy [preauth]
Jun 22 23:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): check pass; user unknown
Jun 22 23:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 22 23:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Failed password for invalid user deploy from 38.55.97.143 port 41632 ssh2
Jun 22 23:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Connection closed by 38.55.97.143 port 41632 [preauth]
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[665]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[660]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[725]: Successful su for rubyman by root
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[725]: + ??? root:rubyman
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573919 of user rubyman.
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[725]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573919.
Jun 22 23:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30284]: pam_unix(cron:session): session closed for user root
Jun 22 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[661]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Failed password for root from 91.92.40.6 port 51626 ssh2
Jun 22 23:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Connection closed by 91.92.40.6 port 51626 [preauth]
Jun 22 23:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32137]: pam_unix(cron:session): session closed for user root
Jun 22 23:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1124]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: Successful su for rubyman by root
Jun 22 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: + ??? root:rubyman
Jun 22 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573924 of user rubyman.
Jun 22 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573924.
Jun 22 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session closed for user root
Jun 22 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1125]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32570]: pam_unix(cron:session): session closed for user root
Jun 22 23:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1595]: Failed password for root from 91.92.40.6 port 55108 ssh2
Jun 22 23:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1595]: Connection closed by 91.92.40.6 port 55108 [preauth]
Jun 22 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 22 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 22 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 22 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1667]: pam_unix(cron:session): session closed for user p13x
Jun 22 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1740]: Successful su for rubyman by root
Jun 22 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1740]: + ??? root:rubyman
Jun 22 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 22 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573927 of user rubyman.
Jun 22 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1740]: pam_unix(su:session): session closed for user rubyman
Jun 22 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573927.
Jun 22 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session closed for user root
Jun 22 23:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1668]: pam_unix(cron:session): session closed for user samftp
Jun 22 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[665]: pam_unix(cron:session): session closed for user root
Jun 22 23:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 22 23:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 22 23:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Failed password for root from 91.92.40.6 port 58942 ssh2
Jun 22 23:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Connection closed by 91.92.40.6 port 58942 [preauth]
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2148]: pam_unix(cron:session): session closed for user root
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2143]: pam_unix(cron:session): session closed for user root
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2141]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2248]: Successful su for rubyman by root
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2248]: + ??? root:rubyman
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573931 of user rubyman.
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2248]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573931.
Jun 23 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2145]: pam_unix(cron:session): session closed for user root
Jun 23 00:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31715]: pam_unix(cron:session): session closed for user root
Jun 23 00:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2142]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: Received disconnect from 194.42.205.100 port 52682:11: disconnected by user [preauth]
Jun 23 00:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: Disconnected from 194.42.205.100 port 52682 [preauth]
Jun 23 00:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1127]: pam_unix(cron:session): session closed for user root
Jun 23 00:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Invalid user admin from 2.57.121.25
Jun 23 00:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 00:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Failed password for invalid user admin from 2.57.121.25 port 6754 ssh2
Jun 23 00:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Failed password for invalid user admin from 2.57.121.25 port 6754 ssh2
Jun 23 00:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Failed password for invalid user admin from 2.57.121.25 port 6754 ssh2
Jun 23 00:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Connection closed by 2.57.121.25 port 6754 [preauth]
Jun 23 00:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2688]: pam_unix(cron:session): session closed for user root
Jun 23 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2690]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: Successful su for rubyman by root
Jun 23 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: + ??? root:rubyman
Jun 23 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573939 of user rubyman.
Jun 23 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573939.
Jun 23 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32135]: pam_unix(cron:session): session closed for user root
Jun 23 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2691]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Failed password for root from 91.92.40.6 port 58184 ssh2
Jun 23 00:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Connection closed by 91.92.40.6 port 58184 [preauth]
Jun 23 00:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1670]: pam_unix(cron:session): session closed for user root
Jun 23 00:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3161]: Successful su for rubyman by root
Jun 23 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3161]: + ??? root:rubyman
Jun 23 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573943 of user rubyman.
Jun 23 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3161]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573943.
Jun 23 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: Invalid user david from 38.55.97.143
Jun 23 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: input_userauth_request: invalid user david [preauth]
Jun 23 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 23 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32569]: pam_unix(cron:session): session closed for user root
Jun 23 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: Failed password for invalid user david from 38.55.97.143 port 48802 ssh2
Jun 23 00:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: Connection closed by 38.55.97.143 port 48802 [preauth]
Jun 23 00:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Failed password for root from 91.92.40.6 port 34120 ssh2
Jun 23 00:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Connection closed by 91.92.40.6 port 34120 [preauth]
Jun 23 00:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2147]: pam_unix(cron:session): session closed for user root
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3492]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3560]: Successful su for rubyman by root
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3560]: + ??? root:rubyman
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573948 of user rubyman.
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3560]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573948.
Jun 23 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[664]: pam_unix(cron:session): session closed for user root
Jun 23 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3493]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2693]: pam_unix(cron:session): session closed for user root
Jun 23 00:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Failed password for root from 91.92.40.6 port 41636 ssh2
Jun 23 00:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Connection closed by 91.92.40.6 port 41636 [preauth]
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4098]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4158]: Successful su for rubyman by root
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4158]: + ??? root:rubyman
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573951 of user rubyman.
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4158]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573951.
Jun 23 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1126]: pam_unix(cron:session): session closed for user root
Jun 23 00:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4099]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3101]: pam_unix(cron:session): session closed for user root
Jun 23 00:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4483]: Failed password for root from 91.92.40.6 port 39062 ssh2
Jun 23 00:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4483]: Connection closed by 91.92.40.6 port 39062 [preauth]
Jun 23 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session closed for user root
Jun 23 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4502]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4577]: Successful su for rubyman by root
Jun 23 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4577]: + ??? root:rubyman
Jun 23 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573956 of user rubyman.
Jun 23 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4577]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573956.
Jun 23 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4504]: pam_unix(cron:session): session closed for user root
Jun 23 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1669]: pam_unix(cron:session): session closed for user root
Jun 23 00:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4503]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3495]: pam_unix(cron:session): session closed for user root
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5048]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5113]: Successful su for rubyman by root
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5113]: + ??? root:rubyman
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573961 of user rubyman.
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5113]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573961.
Jun 23 00:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2146]: pam_unix(cron:session): session closed for user root
Jun 23 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5049]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: Failed password for root from 193.24.211.107 port 9968 ssh2
Jun 23 00:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: Received disconnect from 193.24.211.107 port 9968:11: Client disconnecting normally [preauth]
Jun 23 00:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5273]: Disconnected from 193.24.211.107 port 9968 [preauth]
Jun 23 00:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: Failed password for root from 91.92.40.6 port 59306 ssh2
Jun 23 00:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: Connection closed by 91.92.40.6 port 59306 [preauth]
Jun 23 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Received disconnect from 62.210.209.225 port 18762:11: disconnected by user [preauth]
Jun 23 00:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Disconnected from 62.210.209.225 port 18762 [preauth]
Jun 23 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4101]: pam_unix(cron:session): session closed for user root
Jun 23 00:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: Invalid user app from 38.55.97.143
Jun 23 00:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: input_userauth_request: invalid user app [preauth]
Jun 23 00:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 23 00:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: Failed password for invalid user app from 38.55.97.143 port 49484 ssh2
Jun 23 00:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5461]: Connection closed by 38.55.97.143 port 49484 [preauth]
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5539]: Successful su for rubyman by root
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5539]: + ??? root:rubyman
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573965 of user rubyman.
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5539]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573965.
Jun 23 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2692]: pam_unix(cron:session): session closed for user root
Jun 23 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5481]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: Connection reset by 45.148.10.152 port 46002 [preauth]
Jun 23 00:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: Failed password for root from 91.92.40.6 port 44950 ssh2
Jun 23 00:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: Connection closed by 91.92.40.6 port 44950 [preauth]
Jun 23 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4506]: pam_unix(cron:session): session closed for user root
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5871]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: Successful su for rubyman by root
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: + ??? root:rubyman
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573969 of user rubyman.
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573969.
Jun 23 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session closed for user root
Jun 23 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5872]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5051]: pam_unix(cron:session): session closed for user root
Jun 23 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Failed password for root from 91.92.40.6 port 55854 ssh2
Jun 23 00:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Connection closed by 91.92.40.6 port 55854 [preauth]
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6258]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6257]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6378]: Successful su for rubyman by root
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6378]: + ??? root:rubyman
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573973 of user rubyman.
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6378]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573973.
Jun 23 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6255]: pam_unix(cron:session): session closed for user root
Jun 23 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session closed for user root
Jun 23 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6258]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5483]: pam_unix(cron:session): session closed for user root
Jun 23 00:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Failed password for root from 91.92.40.6 port 51632 ssh2
Jun 23 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Connection closed by 91.92.40.6 port 51632 [preauth]
Jun 23 00:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Received disconnect from 179.61.232.245 port 45130:11: disconnected by user [preauth]
Jun 23 00:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Disconnected from 179.61.232.245 port 45130 [preauth]
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6759]: pam_unix(cron:session): session closed for user root
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6754]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: Successful su for rubyman by root
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: + ??? root:rubyman
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573978 of user rubyman.
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573978.
Jun 23 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6756]: pam_unix(cron:session): session closed for user root
Jun 23 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4100]: pam_unix(cron:session): session closed for user root
Jun 23 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6755]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5874]: pam_unix(cron:session): session closed for user root
Jun 23 00:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7287]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7356]: Successful su for rubyman by root
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7356]: + ??? root:rubyman
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573984 of user rubyman.
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7356]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573984.
Jun 23 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: Failed password for root from 91.92.40.6 port 42608 ssh2
Jun 23 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: Connection closed by 91.92.40.6 port 42608 [preauth]
Jun 23 00:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4505]: pam_unix(cron:session): session closed for user root
Jun 23 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7288]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6260]: pam_unix(cron:session): session closed for user root
Jun 23 00:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Invalid user signin from 165.154.227.158
Jun 23 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: input_userauth_request: invalid user signin [preauth]
Jun 23 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Failed password for invalid user signin from 165.154.227.158 port 44732 ssh2
Jun 23 00:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Received disconnect from 165.154.227.158 port 44732:11: Bye Bye [preauth]
Jun 23 00:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Disconnected from 165.154.227.158 port 44732 [preauth]
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7790]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7848]: Successful su for rubyman by root
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7848]: + ??? root:rubyman
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573989 of user rubyman.
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7848]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573989.
Jun 23 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5050]: pam_unix(cron:session): session closed for user root
Jun 23 00:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7791]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: Failed password for root from 91.92.40.6 port 37884 ssh2
Jun 23 00:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: Connection closed by 91.92.40.6 port 37884 [preauth]
Jun 23 00:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: Invalid user test from 38.55.97.143
Jun 23 00:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: input_userauth_request: invalid user test [preauth]
Jun 23 00:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 23 00:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: Failed password for invalid user test from 38.55.97.143 port 49164 ssh2
Jun 23 00:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: Connection closed by 38.55.97.143 port 49164 [preauth]
Jun 23 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6758]: pam_unix(cron:session): session closed for user root
Jun 23 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8184]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8244]: Successful su for rubyman by root
Jun 23 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8244]: + ??? root:rubyman
Jun 23 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573993 of user rubyman.
Jun 23 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8244]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573993.
Jun 23 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5482]: pam_unix(cron:session): session closed for user root
Jun 23 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 00:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Failed password for root from 80.66.85.226 port 33178 ssh2
Jun 23 00:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Connection closed by 80.66.85.226 port 33178 [preauth]
Jun 23 00:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Failed password for root from 91.92.40.6 port 36790 ssh2
Jun 23 00:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Connection closed by 91.92.40.6 port 36790 [preauth]
Jun 23 00:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session closed for user root
Jun 23 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Failed password for root from 38.93.206.2 port 45140 ssh2
Jun 23 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Connection closed by 38.93.206.2 port 45140 [preauth]
Jun 23 00:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 00:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8576]: Failed password for root from 176.32.39.21 port 58788 ssh2
Jun 23 00:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8576]: Connection closed by 176.32.39.21 port 58788 [preauth]
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8589]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8648]: Successful su for rubyman by root
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8648]: + ??? root:rubyman
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 573996 of user rubyman.
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8648]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 573996.
Jun 23 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5873]: pam_unix(cron:session): session closed for user root
Jun 23 00:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Invalid user ssm from 165.154.227.158
Jun 23 00:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: input_userauth_request: invalid user ssm [preauth]
Jun 23 00:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7793]: pam_unix(cron:session): session closed for user root
Jun 23 00:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Failed password for invalid user ssm from 165.154.227.158 port 20500 ssh2
Jun 23 00:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Received disconnect from 165.154.227.158 port 20500:11: Bye Bye [preauth]
Jun 23 00:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Disconnected from 165.154.227.158 port 20500 [preauth]
Jun 23 00:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Failed password for root from 91.92.40.6 port 54364 ssh2
Jun 23 00:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Connection closed by 91.92.40.6 port 54364 [preauth]
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8988]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session closed for user root
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8985]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9055]: Successful su for rubyman by root
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9055]: + ??? root:rubyman
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574000 of user rubyman.
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9055]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574000.
Jun 23 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6259]: pam_unix(cron:session): session closed for user root
Jun 23 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8987]: pam_unix(cron:session): session closed for user root
Jun 23 00:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8986]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8187]: pam_unix(cron:session): session closed for user root
Jun 23 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Received disconnect from 86.111.187.163 port 39556:11: disconnected by user [preauth]
Jun 23 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Disconnected from 86.111.187.163 port 39556 [preauth]
Jun 23 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: Failed password for root from 91.92.40.6 port 41418 ssh2
Jun 23 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: Connection closed by 91.92.40.6 port 41418 [preauth]
Jun 23 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9407]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9475]: Successful su for rubyman by root
Jun 23 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9475]: + ??? root:rubyman
Jun 23 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574006 of user rubyman.
Jun 23 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9475]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574006.
Jun 23 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6757]: pam_unix(cron:session): session closed for user root
Jun 23 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session closed for user root
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session closed for user root
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9813]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9902]: Successful su for rubyman by root
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9902]: + ??? root:rubyman
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574012 of user rubyman.
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9902]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574012.
Jun 23 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Invalid user peer from 165.154.227.158
Jun 23 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: input_userauth_request: invalid user peer [preauth]
Jun 23 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7289]: pam_unix(cron:session): session closed for user root
Jun 23 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Failed password for invalid user peer from 165.154.227.158 port 60474 ssh2
Jun 23 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Received disconnect from 165.154.227.158 port 60474:11: Bye Bye [preauth]
Jun 23 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Disconnected from 165.154.227.158 port 60474 [preauth]
Jun 23 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9814]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: Failed password for root from 91.92.40.6 port 41782 ssh2
Jun 23 00:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: Connection closed by 91.92.40.6 port 41782 [preauth]
Jun 23 00:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: Invalid user sam from 38.55.97.143
Jun 23 00:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: input_userauth_request: invalid user sam [preauth]
Jun 23 00:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143
Jun 23 00:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: Failed password for invalid user sam from 38.55.97.143 port 55562 ssh2
Jun 23 00:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: Connection closed by 38.55.97.143 port 55562 [preauth]
Jun 23 00:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session closed for user root
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: Successful su for rubyman by root
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: + ??? root:rubyman
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574015 of user rubyman.
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574015.
Jun 23 00:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7792]: pam_unix(cron:session): session closed for user root
Jun 23 00:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10482]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: Failed password for root from 91.92.40.6 port 41962 ssh2
Jun 23 00:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: Connection closed by 91.92.40.6 port 41962 [preauth]
Jun 23 00:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9410]: pam_unix(cron:session): session closed for user root
Jun 23 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10904]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10976]: Successful su for rubyman by root
Jun 23 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10976]: + ??? root:rubyman
Jun 23 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574021 of user rubyman.
Jun 23 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10976]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574021.
Jun 23 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 23 00:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8186]: pam_unix(cron:session): session closed for user root
Jun 23 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: Failed password for root from 89.223.69.22 port 43654 ssh2
Jun 23 00:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: Connection closed by 89.223.69.22 port 43654 [preauth]
Jun 23 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10905]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 00:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Failed password for root from 202.178.126.219 port 11692 ssh2
Jun 23 00:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Connection closed by 202.178.126.219 port 11692 [preauth]
Jun 23 00:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Invalid user bosch from 165.154.227.158
Jun 23 00:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: input_userauth_request: invalid user bosch [preauth]
Jun 23 00:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9816]: pam_unix(cron:session): session closed for user root
Jun 23 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Failed password for invalid user bosch from 165.154.227.158 port 35678 ssh2
Jun 23 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Received disconnect from 165.154.227.158 port 35678:11: Bye Bye [preauth]
Jun 23 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Disconnected from 165.154.227.158 port 35678 [preauth]
Jun 23 00:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Failed password for root from 91.92.40.6 port 45506 ssh2
Jun 23 00:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Connection closed by 91.92.40.6 port 45506 [preauth]
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11333]: pam_unix(cron:session): session closed for user root
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11328]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11399]: Successful su for rubyman by root
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11399]: + ??? root:rubyman
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574024 of user rubyman.
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11399]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574024.
Jun 23 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11330]: pam_unix(cron:session): session closed for user root
Jun 23 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session closed for user root
Jun 23 00:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11329]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: Invalid user admin1 from 141.98.83.240
Jun 23 00:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 00:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 00:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: Failed password for invalid user admin1 from 141.98.83.240 port 48006 ssh2
Jun 23 00:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: Failed password for invalid user admin1 from 141.98.83.240 port 48006 ssh2
Jun 23 00:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session closed for user root
Jun 23 00:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: Failed password for invalid user admin1 from 141.98.83.240 port 48006 ssh2
Jun 23 00:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: Connection closed by 141.98.83.240 port 48006 [preauth]
Jun 23 00:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 00:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: Failed password for root from 38.55.97.143 port 52322 ssh2
Jun 23 00:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: Connection closed by 38.55.97.143 port 52322 [preauth]
Jun 23 00:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Failed password for root from 91.92.40.6 port 54902 ssh2
Jun 23 00:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Connection closed by 91.92.40.6 port 54902 [preauth]
Jun 23 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11787]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: Successful su for rubyman by root
Jun 23 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: + ??? root:rubyman
Jun 23 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574031 of user rubyman.
Jun 23 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574031.
Jun 23 00:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8988]: pam_unix(cron:session): session closed for user root
Jun 23 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11788]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session closed for user root
Jun 23 00:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 00:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Failed password for root from 193.24.211.107 port 52154 ssh2
Jun 23 00:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Received disconnect from 193.24.211.107 port 52154:11: Client disconnecting normally [preauth]
Jun 23 00:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Disconnected from 193.24.211.107 port 52154 [preauth]
Jun 23 00:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Invalid user hj from 165.154.227.158
Jun 23 00:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: input_userauth_request: invalid user hj [preauth]
Jun 23 00:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Failed password for invalid user hj from 165.154.227.158 port 11074 ssh2
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Received disconnect from 165.154.227.158 port 11074:11: Bye Bye [preauth]
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Disconnected from 165.154.227.158 port 11074 [preauth]
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: Successful su for rubyman by root
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: + ??? root:rubyman
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574034 of user rubyman.
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574034.
Jun 23 00:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session closed for user root
Jun 23 00:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: Failed password for root from 91.92.40.6 port 40422 ssh2
Jun 23 00:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: Connection closed by 91.92.40.6 port 40422 [preauth]
Jun 23 00:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session closed for user root
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12768]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12833]: Successful su for rubyman by root
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12833]: + ??? root:rubyman
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574037 of user rubyman.
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12833]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574037.
Jun 23 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9815]: pam_unix(cron:session): session closed for user root
Jun 23 00:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12769]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Failed password for root from 91.92.40.6 port 41588 ssh2
Jun 23 00:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Connection closed by 91.92.40.6 port 41588 [preauth]
Jun 23 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session closed for user root
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13185]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13247]: Successful su for rubyman by root
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13247]: + ??? root:rubyman
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574042 of user rubyman.
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13247]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574042.
Jun 23 00:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10483]: pam_unix(cron:session): session closed for user root
Jun 23 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13186]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Received disconnect from 185.65.107.14 port 56634:11: disconnected by user [preauth]
Jun 23 00:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Disconnected from 185.65.107.14 port 56634 [preauth]
Jun 23 00:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Invalid user personel from 165.154.227.158
Jun 23 00:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: input_userauth_request: invalid user personel [preauth]
Jun 23 00:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Failed password for invalid user personel from 165.154.227.158 port 50808 ssh2
Jun 23 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Received disconnect from 165.154.227.158 port 50808:11: Bye Bye [preauth]
Jun 23 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Disconnected from 165.154.227.158 port 50808 [preauth]
Jun 23 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session closed for user root
Jun 23 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: Failed password for root from 91.92.40.6 port 48804 ssh2
Jun 23 00:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: Connection closed by 91.92.40.6 port 48804 [preauth]
Jun 23 00:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13579]: Failed password for root from 38.55.97.143 port 49760 ssh2
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session closed for user root
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13656]: Successful su for rubyman by root
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13656]: + ??? root:rubyman
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574048 of user rubyman.
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13656]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574048.
Jun 23 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13579]: Connection closed by 38.55.97.143 port 49760 [preauth]
Jun 23 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session closed for user root
Jun 23 00:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session closed for user root
Jun 23 00:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12771]: pam_unix(cron:session): session closed for user root
Jun 23 00:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: Failed password for root from 91.92.40.6 port 38650 ssh2
Jun 23 00:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: Connection closed by 91.92.40.6 port 38650 [preauth]
Jun 23 00:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 00:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: Failed password for root from 147.45.199.80 port 41760 ssh2
Jun 23 00:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: Connection closed by 147.45.199.80 port 41760 [preauth]
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14102]: Successful su for rubyman by root
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14102]: + ??? root:rubyman
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574054 of user rubyman.
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14102]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574054.
Jun 23 00:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11331]: pam_unix(cron:session): session closed for user root
Jun 23 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13188]: pam_unix(cron:session): session closed for user root
Jun 23 00:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Invalid user bestbuy from 165.154.227.158
Jun 23 00:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: input_userauth_request: invalid user bestbuy [preauth]
Jun 23 00:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Failed password for invalid user bestbuy from 165.154.227.158 port 26180 ssh2
Jun 23 00:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Received disconnect from 165.154.227.158 port 26180:11: Bye Bye [preauth]
Jun 23 00:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Disconnected from 165.154.227.158 port 26180 [preauth]
Jun 23 00:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: Failed password for root from 91.92.40.6 port 35592 ssh2
Jun 23 00:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: Connection closed by 91.92.40.6 port 35592 [preauth]
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14427]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14491]: Successful su for rubyman by root
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14491]: + ??? root:rubyman
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574055 of user rubyman.
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14491]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574055.
Jun 23 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11789]: pam_unix(cron:session): session closed for user root
Jun 23 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14428]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session closed for user root
Jun 23 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14907]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14970]: Successful su for rubyman by root
Jun 23 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14970]: + ??? root:rubyman
Jun 23 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574060 of user rubyman.
Jun 23 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14970]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574060.
Jun 23 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session closed for user root
Jun 23 00:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14908]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: Failed password for root from 91.92.40.6 port 36302 ssh2
Jun 23 00:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: Connection closed by 91.92.40.6 port 36302 [preauth]
Jun 23 00:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: Failed password for root from 38.55.97.143 port 50176 ssh2
Jun 23 00:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: Connection closed by 38.55.97.143 port 50176 [preauth]
Jun 23 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14035]: pam_unix(cron:session): session closed for user root
Jun 23 00:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Bad protocol version identification 'GET / HTTP/1.1' from 159.65.188.42 port 39972
Jun 23 00:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Bad protocol version identification 'GET /favicon.ico HTTP/1.1' from 159.65.188.42 port 39986
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15372]: Successful su for rubyman by root
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15372]: + ??? root:rubyman
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574063 of user rubyman.
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15372]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574063.
Jun 23 00:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12770]: pam_unix(cron:session): session closed for user root
Jun 23 00:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Invalid user ucs from 165.154.227.158
Jun 23 00:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: input_userauth_request: invalid user ucs [preauth]
Jun 23 00:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Failed password for invalid user ucs from 165.154.227.158 port 1378 ssh2
Jun 23 00:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Received disconnect from 165.154.227.158 port 1378:11: Bye Bye [preauth]
Jun 23 00:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Disconnected from 165.154.227.158 port 1378 [preauth]
Jun 23 00:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Failed password for root from 91.92.40.6 port 58588 ssh2
Jun 23 00:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Connection closed by 91.92.40.6 port 58588 [preauth]
Jun 23 00:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14430]: pam_unix(cron:session): session closed for user root
Jun 23 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15714]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15714]: pam_unix(cron:session): session closed for user root
Jun 23 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: Successful su for rubyman by root
Jun 23 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: + ??? root:rubyman
Jun 23 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574069 of user rubyman.
Jun 23 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574069.
Jun 23 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13187]: pam_unix(cron:session): session closed for user root
Jun 23 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15710]: pam_unix(cron:session): session closed for user root
Jun 23 00:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15708]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14910]: pam_unix(cron:session): session closed for user root
Jun 23 00:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Connection closed by 194.59.206.2 port 44688 [preauth]
Jun 23 00:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Failed password for root from 91.92.40.6 port 57992 ssh2
Jun 23 00:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Connection closed by 91.92.40.6 port 57992 [preauth]
Jun 23 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16197]: Successful su for rubyman by root
Jun 23 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16197]: + ??? root:rubyman
Jun 23 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574074 of user rubyman.
Jun 23 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16197]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574074.
Jun 23 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session closed for user root
Jun 23 00:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16127]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 00:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Failed password for root from 62.133.62.83 port 50152 ssh2
Jun 23 00:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Connection closed by 62.133.62.83 port 50152 [preauth]
Jun 23 00:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 00:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Failed password for root from 103.153.68.219 port 45832 ssh2
Jun 23 00:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Connection closed by 103.153.68.219 port 45832 [preauth]
Jun 23 00:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15317]: pam_unix(cron:session): session closed for user root
Jun 23 00:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: Failed password for root from 38.55.97.143 port 46910 ssh2
Jun 23 00:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: Connection closed by 38.55.97.143 port 46910 [preauth]
Jun 23 00:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: Invalid user mebel from 165.154.227.158
Jun 23 00:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: input_userauth_request: invalid user mebel [preauth]
Jun 23 00:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: Failed password for invalid user mebel from 165.154.227.158 port 41282 ssh2
Jun 23 00:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: Received disconnect from 165.154.227.158 port 41282:11: Bye Bye [preauth]
Jun 23 00:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: Disconnected from 165.154.227.158 port 41282 [preauth]
Jun 23 00:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Failed password for root from 91.92.40.6 port 58944 ssh2
Jun 23 00:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Connection closed by 91.92.40.6 port 58944 [preauth]
Jun 23 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16535]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: Successful su for rubyman by root
Jun 23 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: + ??? root:rubyman
Jun 23 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574077 of user rubyman.
Jun 23 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574077.
Jun 23 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14034]: pam_unix(cron:session): session closed for user root
Jun 23 00:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16536]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session closed for user root
Jun 23 00:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Invalid user admin from 144.225.187.123
Jun 23 00:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Failed password for invalid user admin from 144.225.187.123 port 33458 ssh2
Jun 23 00:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Connection closed by 144.225.187.123 port 33458 [preauth]
Jun 23 00:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 00:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Failed password for root from 77.94.47.83 port 47988 ssh2
Jun 23 00:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Connection closed by 77.94.47.83 port 47988 [preauth]
Jun 23 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17097]: Successful su for rubyman by root
Jun 23 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17097]: + ??? root:rubyman
Jun 23 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574082 of user rubyman.
Jun 23 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17097]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574082.
Jun 23 00:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14429]: pam_unix(cron:session): session closed for user root
Jun 23 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for root from 91.92.40.6 port 39542 ssh2
Jun 23 00:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Connection closed by 91.92.40.6 port 39542 [preauth]
Jun 23 00:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17030]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Invalid user orangepi from 144.225.187.123
Jun 23 00:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: input_userauth_request: invalid user orangepi [preauth]
Jun 23 00:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Failed password for invalid user orangepi from 144.225.187.123 port 46300 ssh2
Jun 23 00:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Connection closed by 144.225.187.123 port 46300 [preauth]
Jun 23 00:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17304]: Received disconnect from 50.7.127.99 port 6570:11: disconnected by user [preauth]
Jun 23 00:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17304]: Disconnected from 50.7.127.99 port 6570 [preauth]
Jun 23 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16129]: pam_unix(cron:session): session closed for user root
Jun 23 00:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: Failed password for root from 144.225.187.123 port 57732 ssh2
Jun 23 00:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: Connection closed by 144.225.187.123 port 57732 [preauth]
Jun 23 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17514]: Successful su for rubyman by root
Jun 23 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17514]: + ??? root:rubyman
Jun 23 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574088 of user rubyman.
Jun 23 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17514]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574088.
Jun 23 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14909]: pam_unix(cron:session): session closed for user root
Jun 23 00:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17454]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: Invalid user cloudfront from 165.154.227.158
Jun 23 00:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: input_userauth_request: invalid user cloudfront [preauth]
Jun 23 00:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: Failed password for invalid user cloudfront from 165.154.227.158 port 16480 ssh2
Jun 23 00:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: Received disconnect from 165.154.227.158 port 16480:11: Bye Bye [preauth]
Jun 23 00:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: Disconnected from 165.154.227.158 port 16480 [preauth]
Jun 23 00:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Failed password for root from 144.225.187.123 port 57646 ssh2
Jun 23 00:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Connection closed by 144.225.187.123 port 57646 [preauth]
Jun 23 00:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: Failed password for root from 91.92.40.6 port 41830 ssh2
Jun 23 00:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: Connection closed by 91.92.40.6 port 41830 [preauth]
Jun 23 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16538]: pam_unix(cron:session): session closed for user root
Jun 23 00:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Failed password for root from 144.225.187.123 port 55970 ssh2
Jun 23 00:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Connection closed by 144.225.187.123 port 55970 [preauth]
Jun 23 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17956]: pam_unix(cron:session): session closed for user root
Jun 23 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17951]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18025]: Successful su for rubyman by root
Jun 23 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18025]: + ??? root:rubyman
Jun 23 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574089 of user rubyman.
Jun 23 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18025]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574089.
Jun 23 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17953]: pam_unix(cron:session): session closed for user root
Jun 23 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session closed for user root
Jun 23 00:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17952]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Failed password for root from 144.225.187.123 port 36674 ssh2
Jun 23 00:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Connection closed by 144.225.187.123 port 36674 [preauth]
Jun 23 00:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17032]: pam_unix(cron:session): session closed for user root
Jun 23 00:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18329]: Failed password for root from 91.92.40.6 port 49992 ssh2
Jun 23 00:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18329]: Connection closed by 91.92.40.6 port 49992 [preauth]
Jun 23 00:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: Failed password for root from 38.55.97.143 port 44062 ssh2
Jun 23 00:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18411]: Failed password for root from 144.225.187.123 port 36094 ssh2
Jun 23 00:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18411]: Connection closed by 144.225.187.123 port 36094 [preauth]
Jun 23 00:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: Connection closed by 38.55.97.143 port 44062 [preauth]
Jun 23 00:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 00:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Failed password for root from 51.250.105.222 port 58744 ssh2
Jun 23 00:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Connection closed by 51.250.105.222 port 58744 [preauth]
Jun 23 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18500]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: Successful su for rubyman by root
Jun 23 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: + ??? root:rubyman
Jun 23 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574095 of user rubyman.
Jun 23 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574095.
Jun 23 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session closed for user root
Jun 23 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18501]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 00:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: Failed password for root from 103.27.238.120 port 33252 ssh2
Jun 23 00:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: Connection closed by 103.27.238.120 port 33252 [preauth]
Jun 23 00:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: Failed password for root from 144.225.187.123 port 51740 ssh2
Jun 23 00:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: Connection closed by 144.225.187.123 port 51740 [preauth]
Jun 23 00:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17456]: pam_unix(cron:session): session closed for user root
Jun 23 00:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: Invalid user bem from 165.154.227.158
Jun 23 00:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: input_userauth_request: invalid user bem [preauth]
Jun 23 00:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: Failed password for invalid user bem from 165.154.227.158 port 56412 ssh2
Jun 23 00:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: Received disconnect from 165.154.227.158 port 56412:11: Bye Bye [preauth]
Jun 23 00:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: Disconnected from 165.154.227.158 port 56412 [preauth]
Jun 23 00:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: Failed password for root from 91.92.40.6 port 54596 ssh2
Jun 23 00:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: Connection closed by 91.92.40.6 port 54596 [preauth]
Jun 23 00:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: Invalid user test from 144.225.187.123
Jun 23 00:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: input_userauth_request: invalid user test [preauth]
Jun 23 00:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: Failed password for invalid user test from 144.225.187.123 port 55970 ssh2
Jun 23 00:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: Connection closed by 144.225.187.123 port 55970 [preauth]
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18948]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19011]: Successful su for rubyman by root
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19011]: + ??? root:rubyman
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574102 of user rubyman.
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19011]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574102.
Jun 23 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16128]: pam_unix(cron:session): session closed for user root
Jun 23 00:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18949]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: Invalid user user from 144.225.187.123
Jun 23 00:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: input_userauth_request: invalid user user [preauth]
Jun 23 00:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: Failed password for invalid user user from 144.225.187.123 port 49272 ssh2
Jun 23 00:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: Connection closed by 144.225.187.123 port 49272 [preauth]
Jun 23 00:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17955]: pam_unix(cron:session): session closed for user root
Jun 23 00:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 00:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: Failed password for root from 193.24.211.107 port 53296 ssh2
Jun 23 00:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: Received disconnect from 193.24.211.107 port 53296:11: Client disconnecting normally [preauth]
Jun 23 00:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: Disconnected from 193.24.211.107 port 53296 [preauth]
Jun 23 00:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 00:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: Failed password for root from 87.251.79.125 port 42820 ssh2
Jun 23 00:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: Connection closed by 87.251.79.125 port 42820 [preauth]
Jun 23 00:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19424]: Failed password for root from 91.92.40.6 port 36024 ssh2
Jun 23 00:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19424]: Connection closed by 91.92.40.6 port 36024 [preauth]
Jun 23 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19448]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19706]: Successful su for rubyman by root
Jun 23 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19706]: + ??? root:rubyman
Jun 23 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574103 of user rubyman.
Jun 23 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19706]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: Failed password for root from 144.225.187.123 port 41688 ssh2
Jun 23 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574103.
Jun 23 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: Connection closed by 144.225.187.123 port 41688 [preauth]
Jun 23 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16537]: pam_unix(cron:session): session closed for user root
Jun 23 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19449]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: Invalid user admin from 144.225.187.123
Jun 23 00:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18503]: pam_unix(cron:session): session closed for user root
Jun 23 00:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: Failed password for invalid user admin from 144.225.187.123 port 51246 ssh2
Jun 23 00:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: Connection closed by 144.225.187.123 port 51246 [preauth]
Jun 23 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Invalid user sarah from 165.154.227.158
Jun 23 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: input_userauth_request: invalid user sarah [preauth]
Jun 23 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Failed password for invalid user sarah from 165.154.227.158 port 31546 ssh2
Jun 23 00:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Received disconnect from 165.154.227.158 port 31546:11: Bye Bye [preauth]
Jun 23 00:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Disconnected from 165.154.227.158 port 31546 [preauth]
Jun 23 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20060]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20268]: Successful su for rubyman by root
Jun 23 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20268]: + ??? root:rubyman
Jun 23 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574108 of user rubyman.
Jun 23 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20268]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574108.
Jun 23 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session closed for user root
Jun 23 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17031]: pam_unix(cron:session): session closed for user root
Jun 23 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: Invalid user cirros from 144.225.187.123
Jun 23 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: input_userauth_request: invalid user cirros [preauth]
Jun 23 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: Failed password for invalid user cirros from 144.225.187.123 port 59404 ssh2
Jun 23 00:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20061]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: Connection closed by 144.225.187.123 port 59404 [preauth]
Jun 23 00:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20491]: Failed password for root from 91.92.40.6 port 49688 ssh2
Jun 23 00:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20491]: Connection closed by 91.92.40.6 port 49688 [preauth]
Jun 23 00:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: Failed password for root from 38.55.97.143 port 46434 ssh2
Jun 23 00:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: Connection closed by 38.55.97.143 port 46434 [preauth]
Jun 23 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18951]: pam_unix(cron:session): session closed for user root
Jun 23 00:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: Failed password for root from 144.225.187.123 port 38106 ssh2
Jun 23 00:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: Connection closed by 144.225.187.123 port 38106 [preauth]
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session closed for user root
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20689]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20824]: Successful su for rubyman by root
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20824]: + ??? root:rubyman
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574112 of user rubyman.
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20824]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574112.
Jun 23 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session closed for user root
Jun 23 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17455]: pam_unix(cron:session): session closed for user root
Jun 23 00:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20700]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21041]: Failed password for root from 144.225.187.123 port 48472 ssh2
Jun 23 00:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21041]: Connection closed by 144.225.187.123 port 48472 [preauth]
Jun 23 00:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21067]: Failed password for root from 91.92.40.6 port 35004 ssh2
Jun 23 00:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21067]: Connection closed by 91.92.40.6 port 35004 [preauth]
Jun 23 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session closed for user root
Jun 23 00:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: Invalid user admin from 144.225.187.123
Jun 23 00:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: Failed password for invalid user admin from 144.225.187.123 port 35534 ssh2
Jun 23 00:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: Connection closed by 144.225.187.123 port 35534 [preauth]
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21206]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21274]: Successful su for rubyman by root
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21274]: + ??? root:rubyman
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574118 of user rubyman.
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21274]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574118.
Jun 23 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17954]: pam_unix(cron:session): session closed for user root
Jun 23 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21207]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Failed password for root from 144.225.187.123 port 38716 ssh2
Jun 23 00:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Connection closed by 144.225.187.123 port 38716 [preauth]
Jun 23 00:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Invalid user helios from 165.154.227.158
Jun 23 00:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: input_userauth_request: invalid user helios [preauth]
Jun 23 00:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Failed password for invalid user helios from 165.154.227.158 port 6868 ssh2
Jun 23 00:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Received disconnect from 165.154.227.158 port 6868:11: Bye Bye [preauth]
Jun 23 00:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Disconnected from 165.154.227.158 port 6868 [preauth]
Jun 23 00:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Failed password for root from 91.92.40.6 port 57174 ssh2
Jun 23 00:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Connection closed by 91.92.40.6 port 57174 [preauth]
Jun 23 00:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20063]: pam_unix(cron:session): session closed for user root
Jun 23 00:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Invalid user rpc from 144.225.187.123
Jun 23 00:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: input_userauth_request: invalid user rpc [preauth]
Jun 23 00:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Failed password for invalid user rpc from 144.225.187.123 port 51056 ssh2
Jun 23 00:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Connection closed by 144.225.187.123 port 51056 [preauth]
Jun 23 00:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: Invalid user guest from 193.46.255.86
Jun 23 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: input_userauth_request: invalid user guest [preauth]
Jun 23 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: Failed password for invalid user guest from 193.46.255.86 port 35718 ssh2
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21715]: Successful su for rubyman by root
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21715]: + ??? root:rubyman
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574122 of user rubyman.
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21715]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574122.
Jun 23 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: Failed password for invalid user guest from 193.46.255.86 port 35718 ssh2
Jun 23 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18502]: pam_unix(cron:session): session closed for user root
Jun 23 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: Failed password for invalid user guest from 193.46.255.86 port 35718 ssh2
Jun 23 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: Connection closed by 193.46.255.86 port 35718 [preauth]
Jun 23 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 00:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: Failed password for root from 144.225.187.123 port 46992 ssh2
Jun 23 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: Connection closed by 144.225.187.123 port 46992 [preauth]
Jun 23 00:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session closed for user root
Jun 23 00:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: Failed password for root from 91.92.40.6 port 58956 ssh2
Jun 23 00:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: Connection closed by 91.92.40.6 port 58956 [preauth]
Jun 23 00:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Failed password for root from 144.225.187.123 port 36640 ssh2
Jun 23 00:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Connection closed by 144.225.187.123 port 36640 [preauth]
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22053]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22121]: Successful su for rubyman by root
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22121]: + ??? root:rubyman
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574126 of user rubyman.
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22121]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574126.
Jun 23 00:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18950]: pam_unix(cron:session): session closed for user root
Jun 23 00:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Failed password for root from 144.225.187.123 port 44160 ssh2
Jun 23 00:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Connection closed by 144.225.187.123 port 44160 [preauth]
Jun 23 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21209]: pam_unix(cron:session): session closed for user root
Jun 23 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: Invalid user kia from 165.154.227.158
Jun 23 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: input_userauth_request: invalid user kia [preauth]
Jun 23 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: Failed password for invalid user kia from 165.154.227.158 port 46946 ssh2
Jun 23 00:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: Received disconnect from 165.154.227.158 port 46946:11: Bye Bye [preauth]
Jun 23 00:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: Disconnected from 165.154.227.158 port 46946 [preauth]
Jun 23 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: Invalid user user1 from 144.225.187.123
Jun 23 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: input_userauth_request: invalid user user1 [preauth]
Jun 23 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: Failed password for root from 91.92.40.6 port 49734 ssh2
Jun 23 00:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: Connection closed by 91.92.40.6 port 49734 [preauth]
Jun 23 00:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: Failed password for invalid user user1 from 144.225.187.123 port 47576 ssh2
Jun 23 00:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: Connection closed by 144.225.187.123 port 47576 [preauth]
Jun 23 00:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22623]: Successful su for rubyman by root
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22623]: + ??? root:rubyman
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574132 of user rubyman.
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22623]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574132.
Jun 23 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19450]: pam_unix(cron:session): session closed for user root
Jun 23 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22560]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: Failed password for root from 38.55.97.143 port 45098 ssh2
Jun 23 00:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: Connection closed by 38.55.97.143 port 45098 [preauth]
Jun 23 00:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: Failed password for root from 144.225.187.123 port 60912 ssh2
Jun 23 00:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: Connection closed by 144.225.187.123 port 60912 [preauth]
Jun 23 00:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21647]: pam_unix(cron:session): session closed for user root
Jun 23 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 00:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Received disconnect from 108.178.7.34 port 60786:11: disconnected by user [preauth]
Jun 23 00:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Disconnected from 108.178.7.34 port 60786 [preauth]
Jun 23 00:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Failed password for root from 144.225.187.123 port 32822 ssh2
Jun 23 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22977]: pam_unix(cron:session): session closed for user root
Jun 23 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22972]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Connection closed by 144.225.187.123 port 32822 [preauth]
Jun 23 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23038]: Successful su for rubyman by root
Jun 23 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23038]: + ??? root:rubyman
Jun 23 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574136 of user rubyman.
Jun 23 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23038]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574136.
Jun 23 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22974]: pam_unix(cron:session): session closed for user root
Jun 23 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20062]: pam_unix(cron:session): session closed for user root
Jun 23 00:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22973]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: Failed password for root from 91.92.40.6 port 37296 ssh2
Jun 23 00:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: Connection closed by 91.92.40.6 port 37296 [preauth]
Jun 23 00:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: User nobody from 144.225.187.123 not allowed because not listed in AllowUsers
Jun 23 00:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: input_userauth_request: invalid user nobody [preauth]
Jun 23 00:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=nobody
Jun 23 00:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: Failed password for invalid user nobody from 144.225.187.123 port 56724 ssh2
Jun 23 00:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: Connection closed by 144.225.187.123 port 56724 [preauth]
Jun 23 00:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session closed for user root
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23420]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23486]: Successful su for rubyman by root
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23486]: + ??? root:rubyman
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574140 of user rubyman.
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23486]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574140.
Jun 23 00:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: Invalid user kali from 144.225.187.123
Jun 23 00:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: input_userauth_request: invalid user kali [preauth]
Jun 23 00:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20702]: pam_unix(cron:session): session closed for user root
Jun 23 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23421]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: Failed password for invalid user kali from 144.225.187.123 port 43046 ssh2
Jun 23 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: Connection closed by 144.225.187.123 port 43046 [preauth]
Jun 23 00:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Invalid user sponsor from 165.154.227.158
Jun 23 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: input_userauth_request: invalid user sponsor [preauth]
Jun 23 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Failed password for invalid user sponsor from 165.154.227.158 port 22236 ssh2
Jun 23 00:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Received disconnect from 165.154.227.158 port 22236:11: Bye Bye [preauth]
Jun 23 00:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Disconnected from 165.154.227.158 port 22236 [preauth]
Jun 23 00:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23721]: Failed password for root from 91.92.40.6 port 42976 ssh2
Jun 23 00:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23721]: Connection closed by 91.92.40.6 port 42976 [preauth]
Jun 23 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session closed for user root
Jun 23 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: Invalid user linaro from 144.225.187.123
Jun 23 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: input_userauth_request: invalid user linaro [preauth]
Jun 23 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: Failed password for invalid user linaro from 144.225.187.123 port 46384 ssh2
Jun 23 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: Connection closed by 144.225.187.123 port 46384 [preauth]
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23947]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24014]: Successful su for rubyman by root
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24014]: + ??? root:rubyman
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574144 of user rubyman.
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24014]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574144.
Jun 23 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21208]: pam_unix(cron:session): session closed for user root
Jun 23 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23948]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Failed password for root from 144.225.187.123 port 46714 ssh2
Jun 23 00:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Connection closed by 144.225.187.123 port 46714 [preauth]
Jun 23 00:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24246]: Failed password for root from 38.55.97.143 port 39160 ssh2
Jun 23 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24246]: Connection closed by 38.55.97.143 port 39160 [preauth]
Jun 23 00:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: Failed password for root from 91.92.40.6 port 45918 ssh2
Jun 23 00:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: Connection closed by 91.92.40.6 port 45918 [preauth]
Jun 23 00:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22976]: pam_unix(cron:session): session closed for user root
Jun 23 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: Failed password for root from 144.225.187.123 port 38252 ssh2
Jun 23 00:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: Connection closed by 144.225.187.123 port 38252 [preauth]
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24381]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: Successful su for rubyman by root
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: + ??? root:rubyman
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574148 of user rubyman.
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574148.
Jun 23 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21646]: pam_unix(cron:session): session closed for user root
Jun 23 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24382]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Failed password for root from 144.225.187.123 port 58606 ssh2
Jun 23 00:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Connection closed by 144.225.187.123 port 58606 [preauth]
Jun 23 00:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: Failed password for root from 103.15.222.183 port 39196 ssh2
Jun 23 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: Connection closed by 103.15.222.183 port 39196 [preauth]
Jun 23 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23423]: pam_unix(cron:session): session closed for user root
Jun 23 00:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: Invalid user icdenetim from 165.154.227.158
Jun 23 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: input_userauth_request: invalid user icdenetim [preauth]
Jun 23 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: Failed password for invalid user icdenetim from 165.154.227.158 port 62030 ssh2
Jun 23 00:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: Received disconnect from 165.154.227.158 port 62030:11: Bye Bye [preauth]
Jun 23 00:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: Disconnected from 165.154.227.158 port 62030 [preauth]
Jun 23 00:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: Failed password for root from 91.92.40.6 port 56466 ssh2
Jun 23 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: Connection closed by 91.92.40.6 port 56466 [preauth]
Jun 23 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Failed password for root from 144.225.187.123 port 57284 ssh2
Jun 23 00:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Connection closed by 144.225.187.123 port 57284 [preauth]
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24815]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24873]: Successful su for rubyman by root
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24873]: + ??? root:rubyman
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574153 of user rubyman.
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24873]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574153.
Jun 23 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session closed for user root
Jun 23 00:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24816]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25089]: Failed password for root from 144.225.187.123 port 38146 ssh2
Jun 23 00:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25089]: Connection closed by 144.225.187.123 port 38146 [preauth]
Jun 23 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23950]: pam_unix(cron:session): session closed for user root
Jun 23 00:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25193]: Failed password for root from 144.225.187.123 port 34472 ssh2
Jun 23 00:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25193]: Connection closed by 144.225.187.123 port 34472 [preauth]
Jun 23 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: Received disconnect from 104.248.177.83 port 59210:11: disconnected by user [preauth]
Jun 23 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: Disconnected from 104.248.177.83 port 59210 [preauth]
Jun 23 00:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: Invalid user stacie from 2.57.121.112
Jun 23 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: input_userauth_request: invalid user stacie [preauth]
Jun 23 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Failed password for root from 91.92.40.6 port 48478 ssh2
Jun 23 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Connection closed by 91.92.40.6 port 48478 [preauth]
Jun 23 00:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: Failed password for invalid user stacie from 2.57.121.112 port 59752 ssh2
Jun 23 00:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25226]: pam_unix(cron:session): session closed for user root
Jun 23 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25221]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: Failed password for invalid user stacie from 2.57.121.112 port 59752 ssh2
Jun 23 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25288]: Successful su for rubyman by root
Jun 23 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25288]: + ??? root:rubyman
Jun 23 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574157 of user rubyman.
Jun 23 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25288]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574157.
Jun 23 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: Failed password for invalid user stacie from 2.57.121.112 port 59752 ssh2
Jun 23 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session closed for user root
Jun 23 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25223]: pam_unix(cron:session): session closed for user root
Jun 23 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: Failed password for invalid user stacie from 2.57.121.112 port 59752 ssh2
Jun 23 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25222]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: Failed password for invalid user stacie from 2.57.121.112 port 59752 ssh2
Jun 23 00:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: Connection closed by 2.57.121.112 port 59752 [preauth]
Jun 23 00:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 00:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25218]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 00:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Invalid user admin from 144.225.187.123
Jun 23 00:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Failed password for invalid user admin from 144.225.187.123 port 35206 ssh2
Jun 23 00:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Connection closed by 144.225.187.123 port 35206 [preauth]
Jun 23 00:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session closed for user root
Jun 23 00:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Failed password for root from 144.225.187.123 port 48668 ssh2
Jun 23 00:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Connection closed by 144.225.187.123 port 48668 [preauth]
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: Successful su for rubyman by root
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: + ??? root:rubyman
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574162 of user rubyman.
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574162.
Jun 23 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22975]: pam_unix(cron:session): session closed for user root
Jun 23 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: Invalid user grafik from 165.154.227.158
Jun 23 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: input_userauth_request: invalid user grafik [preauth]
Jun 23 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: Failed password for root from 103.172.78.219 port 58260 ssh2
Jun 23 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: Connection closed by 103.172.78.219 port 58260 [preauth]
Jun 23 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: Failed password for invalid user grafik from 165.154.227.158 port 37306 ssh2
Jun 23 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: Received disconnect from 165.154.227.158 port 37306:11: Bye Bye [preauth]
Jun 23 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: Disconnected from 165.154.227.158 port 37306 [preauth]
Jun 23 00:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: Failed password for root from 91.92.40.6 port 58196 ssh2
Jun 23 00:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: Connection closed by 91.92.40.6 port 58196 [preauth]
Jun 23 00:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25888]: Failed password for root from 38.55.97.143 port 35616 ssh2
Jun 23 00:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25888]: Connection closed by 38.55.97.143 port 35616 [preauth]
Jun 23 00:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Failed password for root from 144.225.187.123 port 34650 ssh2
Jun 23 00:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Connection closed by 144.225.187.123 port 34650 [preauth]
Jun 23 00:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session closed for user root
Jun 23 00:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: Invalid user admin from 141.98.83.240
Jun 23 00:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 00:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: Failed password for invalid user admin from 141.98.83.240 port 17362 ssh2
Jun 23 00:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: Failed password for invalid user admin from 141.98.83.240 port 17362 ssh2
Jun 23 00:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: Failed password for invalid user admin from 141.98.83.240 port 17362 ssh2
Jun 23 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: Connection closed by 141.98.83.240 port 17362 [preauth]
Jun 23 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Failed password for root from 144.225.187.123 port 60578 ssh2
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Connection closed by 144.225.187.123 port 60578 [preauth]
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26051]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26114]: Successful su for rubyman by root
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26114]: + ??? root:rubyman
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574166 of user rubyman.
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26114]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574166.
Jun 23 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23422]: pam_unix(cron:session): session closed for user root
Jun 23 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26052]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26332]: Failed password for root from 91.92.40.6 port 55898 ssh2
Jun 23 00:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26332]: Connection closed by 91.92.40.6 port 55898 [preauth]
Jun 23 00:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: Failed password for root from 144.225.187.123 port 56606 ssh2
Jun 23 00:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: Connection closed by 144.225.187.123 port 56606 [preauth]
Jun 23 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25225]: pam_unix(cron:session): session closed for user root
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26446]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26507]: Successful su for rubyman by root
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26507]: + ??? root:rubyman
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574170 of user rubyman.
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26507]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574170.
Jun 23 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: Invalid user admin from 144.225.187.123
Jun 23 00:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23949]: pam_unix(cron:session): session closed for user root
Jun 23 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: Failed password for invalid user admin from 144.225.187.123 port 39028 ssh2
Jun 23 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: Connection closed by 144.225.187.123 port 39028 [preauth]
Jun 23 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26447]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 00:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Failed password for root from 193.24.211.107 port 1418 ssh2
Jun 23 00:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Received disconnect from 193.24.211.107 port 1418:11: Client disconnecting normally [preauth]
Jun 23 00:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Disconnected from 193.24.211.107 port 1418 [preauth]
Jun 23 00:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26840]: Failed password for root from 91.92.40.6 port 46512 ssh2
Jun 23 00:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26840]: Connection closed by 91.92.40.6 port 46512 [preauth]
Jun 23 00:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session closed for user root
Jun 23 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Invalid user sitemap from 165.154.227.158
Jun 23 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: input_userauth_request: invalid user sitemap [preauth]
Jun 23 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: Received disconnect from 192.210.194.2 port 52498:11: disconnected by user [preauth]
Jun 23 00:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: Disconnected from 192.210.194.2 port 52498 [preauth]
Jun 23 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Failed password for invalid user sitemap from 165.154.227.158 port 12730 ssh2
Jun 23 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: Invalid user user from 144.225.187.123
Jun 23 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: input_userauth_request: invalid user user [preauth]
Jun 23 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Received disconnect from 165.154.227.158 port 12730:11: Bye Bye [preauth]
Jun 23 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Disconnected from 165.154.227.158 port 12730 [preauth]
Jun 23 00:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: Failed password for invalid user user from 144.225.187.123 port 56114 ssh2
Jun 23 00:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: Connection closed by 144.225.187.123 port 56114 [preauth]
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26935]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26995]: Successful su for rubyman by root
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26995]: + ??? root:rubyman
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574175 of user rubyman.
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26995]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574175.
Jun 23 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24383]: pam_unix(cron:session): session closed for user root
Jun 23 00:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26936]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: Failed password for root from 144.225.187.123 port 59564 ssh2
Jun 23 00:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: Connection closed by 144.225.187.123 port 59564 [preauth]
Jun 23 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26054]: pam_unix(cron:session): session closed for user root
Jun 23 00:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: Failed password for root from 144.225.187.123 port 58058 ssh2
Jun 23 00:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: Connection closed by 144.225.187.123 port 58058 [preauth]
Jun 23 00:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: Failed password for root from 91.92.40.6 port 56824 ssh2
Jun 23 00:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: Connection closed by 91.92.40.6 port 56824 [preauth]
Jun 23 00:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: Failed password for root from 38.55.97.143 port 57468 ssh2
Jun 23 00:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: Connection closed by 38.55.97.143 port 57468 [preauth]
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27375]: pam_unix(cron:session): session closed for user root
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27369]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: Successful su for rubyman by root
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: + ??? root:rubyman
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574179 of user rubyman.
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574179.
Jun 23 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27372]: pam_unix(cron:session): session closed for user root
Jun 23 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24817]: pam_unix(cron:session): session closed for user root
Jun 23 00:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27370]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Invalid user admin from 144.225.187.123
Jun 23 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Failed password for invalid user admin from 144.225.187.123 port 44328 ssh2
Jun 23 00:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Connection closed by 144.225.187.123 port 44328 [preauth]
Jun 23 00:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26449]: pam_unix(cron:session): session closed for user root
Jun 23 00:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27777]: Failed password for root from 144.225.187.123 port 46154 ssh2
Jun 23 00:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27777]: Connection closed by 144.225.187.123 port 46154 [preauth]
Jun 23 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=root
Jun 23 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Failed password for root from 91.92.40.6 port 42230 ssh2
Jun 23 00:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Connection closed by 91.92.40.6 port 42230 [preauth]
Jun 23 00:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Invalid user ssotest from 165.154.227.158
Jun 23 00:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: input_userauth_request: invalid user ssotest [preauth]
Jun 23 00:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Failed password for invalid user ssotest from 165.154.227.158 port 52356 ssh2
Jun 23 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Received disconnect from 165.154.227.158 port 52356:11: Bye Bye [preauth]
Jun 23 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Disconnected from 165.154.227.158 port 52356 [preauth]
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27809]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: Successful su for rubyman by root
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: + ??? root:rubyman
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574187 of user rubyman.
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574187.
Jun 23 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25224]: pam_unix(cron:session): session closed for user root
Jun 23 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27811]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Failed password for root from 144.225.187.123 port 49562 ssh2
Jun 23 00:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Connection closed by 144.225.187.123 port 49562 [preauth]
Jun 23 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26938]: pam_unix(cron:session): session closed for user root
Jun 23 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 00:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28205]: Failed password for root from 38.93.206.2 port 61920 ssh2
Jun 23 00:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28205]: Connection closed by 38.93.206.2 port 61920 [preauth]
Jun 23 00:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: Invalid user postgres from 144.225.187.123
Jun 23 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: input_userauth_request: invalid user postgres [preauth]
Jun 23 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: Failed password for invalid user postgres from 144.225.187.123 port 33160 ssh2
Jun 23 00:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: Connection closed by 144.225.187.123 port 33160 [preauth]
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28281]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28338]: Successful su for rubyman by root
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28338]: + ??? root:rubyman
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574188 of user rubyman.
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28338]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574188.
Jun 23 00:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25641]: pam_unix(cron:session): session closed for user root
Jun 23 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: Invalid user admin from 91.92.40.6
Jun 23 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 00:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28282]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: Failed password for invalid user admin from 91.92.40.6 port 38814 ssh2
Jun 23 00:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: Connection closed by 91.92.40.6 port 38814 [preauth]
Jun 23 00:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: Failed password for root from 144.225.187.123 port 41950 ssh2
Jun 23 00:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: Connection closed by 144.225.187.123 port 41950 [preauth]
Jun 23 00:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27374]: pam_unix(cron:session): session closed for user root
Jun 23 00:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Failed password for root from 144.225.187.123 port 47546 ssh2
Jun 23 00:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Connection closed by 144.225.187.123 port 47546 [preauth]
Jun 23 00:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28785]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28844]: Successful su for rubyman by root
Jun 23 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28844]: + ??? root:rubyman
Jun 23 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574192 of user rubyman.
Jun 23 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28844]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574192.
Jun 23 00:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26053]: pam_unix(cron:session): session closed for user root
Jun 23 00:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28786]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 00:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Failed password for root from 38.55.97.143 port 57570 ssh2
Jun 23 00:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Connection closed by 38.55.97.143 port 57570 [preauth]
Jun 23 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: Invalid user admin from 91.92.40.6
Jun 23 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 00:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 00:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: Failed password for invalid user admin from 91.92.40.6 port 48840 ssh2
Jun 23 00:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: Connection closed by 91.92.40.6 port 48840 [preauth]
Jun 23 00:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Failed password for root from 103.176.20.57 port 56780 ssh2
Jun 23 00:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Connection closed by 103.176.20.57 port 56780 [preauth]
Jun 23 00:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: Invalid user a from 165.154.227.158
Jun 23 00:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: input_userauth_request: invalid user a [preauth]
Jun 23 00:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.227.158
Jun 23 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: Failed password for invalid user a from 165.154.227.158 port 27790 ssh2
Jun 23 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: Received disconnect from 165.154.227.158 port 27790:11: Bye Bye [preauth]
Jun 23 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: Disconnected from 165.154.227.158 port 27790 [preauth]
Jun 23 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29115]: Invalid user openhabian from 144.225.187.123
Jun 23 00:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29115]: input_userauth_request: invalid user openhabian [preauth]
Jun 23 00:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29115]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29115]: Failed password for invalid user openhabian from 144.225.187.123 port 57338 ssh2
Jun 23 00:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29115]: Connection closed by 144.225.187.123 port 57338 [preauth]
Jun 23 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27813]: pam_unix(cron:session): session closed for user root
Jun 23 00:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session closed for user p13x
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29292]: Successful su for rubyman by root
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29292]: + ??? root:rubyman
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574196 of user rubyman.
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29292]: pam_unix(su:session): session closed for user rubyman
Jun 23 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574196.
Jun 23 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: Failed password for root from 144.225.187.123 port 55642 ssh2
Jun 23 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: Connection closed by 144.225.187.123 port 55642 [preauth]
Jun 23 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26448]: pam_unix(cron:session): session closed for user root
Jun 23 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session closed for user samftp
Jun 23 00:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: Invalid user admin from 91.92.40.6
Jun 23 00:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: input_userauth_request: invalid user admin [preauth]
Jun 23 00:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 00:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: Failed password for invalid user admin from 91.92.40.6 port 51540 ssh2
Jun 23 00:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: Connection closed by 91.92.40.6 port 51540 [preauth]
Jun 23 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28284]: pam_unix(cron:session): session closed for user root
Jun 23 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: Invalid user sshadmin from 144.225.187.123
Jun 23 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: input_userauth_request: invalid user sshadmin [preauth]
Jun 23 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: Failed password for invalid user sshadmin from 144.225.187.123 port 36836 ssh2
Jun 23 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: Connection closed by 144.225.187.123 port 36836 [preauth]
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29742]: pam_unix(cron:session): session closed for user root
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29746]: pam_unix(cron:session): session closed for user root
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29846]: Successful su for rubyman by root
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29846]: + ??? root:rubyman
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574205 of user rubyman.
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29846]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574205.
Jun 23 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26937]: pam_unix(cron:session): session closed for user root
Jun 23 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session closed for user root
Jun 23 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29741]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Failed password for root from 144.225.187.123 port 44730 ssh2
Jun 23 01:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Connection closed by 144.225.187.123 port 44730 [preauth]
Jun 23 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 01:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Failed password for root from 103.77.242.62 port 42602 ssh2
Jun 23 01:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Connection closed by 103.77.242.62 port 42602 [preauth]
Jun 23 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28788]: pam_unix(cron:session): session closed for user root
Jun 23 01:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: Invalid user frappe from 144.225.187.123
Jun 23 01:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: input_userauth_request: invalid user frappe [preauth]
Jun 23 01:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Invalid user admin from 91.92.40.6
Jun 23 01:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: Failed password for invalid user frappe from 144.225.187.123 port 39392 ssh2
Jun 23 01:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: Connection closed by 144.225.187.123 port 39392 [preauth]
Jun 23 01:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Failed password for invalid user admin from 91.92.40.6 port 47862 ssh2
Jun 23 01:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Connection closed by 91.92.40.6 port 47862 [preauth]
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30349]: Successful su for rubyman by root
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30349]: + ??? root:rubyman
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574209 of user rubyman.
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30349]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574209.
Jun 23 01:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27373]: pam_unix(cron:session): session closed for user root
Jun 23 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30543]: Invalid user huawei from 144.225.187.123
Jun 23 01:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30543]: input_userauth_request: invalid user huawei [preauth]
Jun 23 01:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30543]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30543]: Failed password for invalid user huawei from 144.225.187.123 port 51412 ssh2
Jun 23 01:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30543]: Connection closed by 144.225.187.123 port 51412 [preauth]
Jun 23 01:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 01:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: Failed password for root from 193.37.70.224 port 47790 ssh2
Jun 23 01:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: Connection closed by 193.37.70.224 port 47790 [preauth]
Jun 23 01:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session closed for user root
Jun 23 01:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: Failed password for root from 38.55.97.143 port 55464 ssh2
Jun 23 01:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 01:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: Connection closed by 38.55.97.143 port 55464 [preauth]
Jun 23 01:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Failed password for root from 103.82.20.28 port 38258 ssh2
Jun 23 01:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Connection closed by 103.82.20.28 port 38258 [preauth]
Jun 23 01:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Invalid user ubuntu from 144.225.187.123
Jun 23 01:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 01:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Failed password for invalid user ubuntu from 144.225.187.123 port 49042 ssh2
Jun 23 01:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Connection closed by 144.225.187.123 port 49042 [preauth]
Jun 23 01:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30695]: Invalid user admin from 91.92.40.6
Jun 23 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30695]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30695]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30695]: Failed password for invalid user admin from 91.92.40.6 port 50524 ssh2
Jun 23 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30695]: Connection closed by 91.92.40.6 port 50524 [preauth]
Jun 23 01:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Did not receive identification string from 119.148.49.82
Jun 23 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30715]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30776]: Successful su for rubyman by root
Jun 23 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30776]: + ??? root:rubyman
Jun 23 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574211 of user rubyman.
Jun 23 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30776]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574211.
Jun 23 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27812]: pam_unix(cron:session): session closed for user root
Jun 23 01:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30716]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: Failed password for root from 103.27.238.114 port 58488 ssh2
Jun 23 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: Connection closed by 103.27.238.114 port 58488 [preauth]
Jun 23 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: Invalid user vyos from 144.225.187.123
Jun 23 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: input_userauth_request: invalid user vyos [preauth]
Jun 23 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: Failed password for invalid user vyos from 144.225.187.123 port 58300 ssh2
Jun 23 01:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: Connection closed by 144.225.187.123 port 58300 [preauth]
Jun 23 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29745]: pam_unix(cron:session): session closed for user root
Jun 23 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: Received disconnect from 104.194.10.248 port 44522:11: disconnected by user [preauth]
Jun 23 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: Disconnected from 104.194.10.248 port 44522 [preauth]
Jun 23 01:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Failed password for root from 144.225.187.123 port 38972 ssh2
Jun 23 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Connection closed by 144.225.187.123 port 38972 [preauth]
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31218]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31282]: Successful su for rubyman by root
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31282]: + ??? root:rubyman
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574216 of user rubyman.
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31282]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574216.
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: Invalid user admin from 91.92.40.6
Jun 23 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: Failed password for invalid user admin from 91.92.40.6 port 33360 ssh2
Jun 23 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: Connection closed by 91.92.40.6 port 33360 [preauth]
Jun 23 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session closed for user root
Jun 23 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31219]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: Failed password for root from 144.225.187.123 port 40258 ssh2
Jun 23 01:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: Connection closed by 144.225.187.123 port 40258 [preauth]
Jun 23 01:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 01:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session closed for user root
Jun 23 01:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31554]: Failed password for root from 103.149.28.157 port 54680 ssh2
Jun 23 01:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31554]: Connection closed by 103.149.28.157 port 54680 [preauth]
Jun 23 01:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: Invalid user admin from 144.225.187.123
Jun 23 01:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: Failed password for invalid user admin from 144.225.187.123 port 35016 ssh2
Jun 23 01:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: Connection closed by 144.225.187.123 port 35016 [preauth]
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31724]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31790]: Successful su for rubyman by root
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31790]: + ??? root:rubyman
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574221 of user rubyman.
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31790]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574221.
Jun 23 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28787]: pam_unix(cron:session): session closed for user root
Jun 23 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Invalid user admin from 91.92.40.6
Jun 23 01:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Failed password for invalid user admin from 91.92.40.6 port 50084 ssh2
Jun 23 01:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Connection closed by 91.92.40.6 port 50084 [preauth]
Jun 23 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Invalid user p from 144.225.187.123
Jun 23 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: input_userauth_request: invalid user p [preauth]
Jun 23 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Failed password for invalid user p from 144.225.187.123 port 47810 ssh2
Jun 23 01:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Connection closed by 144.225.187.123 port 47810 [preauth]
Jun 23 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30718]: pam_unix(cron:session): session closed for user root
Jun 23 01:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: Failed password for root from 144.225.187.123 port 54046 ssh2
Jun 23 01:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: Connection closed by 144.225.187.123 port 54046 [preauth]
Jun 23 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32156]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32163]: pam_unix(cron:session): session closed for user root
Jun 23 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32156]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32225]: Successful su for rubyman by root
Jun 23 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32225]: + ??? root:rubyman
Jun 23 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574227 of user rubyman.
Jun 23 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32225]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574227.
Jun 23 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session closed for user root
Jun 23 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32160]: pam_unix(cron:session): session closed for user root
Jun 23 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: Failed password for root from 38.55.97.143 port 50150 ssh2
Jun 23 01:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32159]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: Connection closed by 38.55.97.143 port 50150 [preauth]
Jun 23 01:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Invalid user admin from 91.92.40.6
Jun 23 01:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Failed password for invalid user admin from 91.92.40.6 port 54228 ssh2
Jun 23 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Connection closed by 91.92.40.6 port 54228 [preauth]
Jun 23 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Invalid user public from 144.225.187.123
Jun 23 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: input_userauth_request: invalid user public [preauth]
Jun 23 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Failed password for invalid user public from 144.225.187.123 port 49694 ssh2
Jun 23 01:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Connection closed by 144.225.187.123 port 49694 [preauth]
Jun 23 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session closed for user root
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32589]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32660]: Successful su for rubyman by root
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32660]: + ??? root:rubyman
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574229 of user rubyman.
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32660]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574229.
Jun 23 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Invalid user debian from 144.225.187.123
Jun 23 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: input_userauth_request: invalid user debian [preauth]
Jun 23 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Failed password for invalid user debian from 144.225.187.123 port 50264 ssh2
Jun 23 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Connection closed by 144.225.187.123 port 50264 [preauth]
Jun 23 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29744]: pam_unix(cron:session): session closed for user root
Jun 23 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32590]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: Invalid user admin from 2.57.121.25
Jun 23 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: Failed password for invalid user admin from 2.57.121.25 port 38564 ssh2
Jun 23 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: Failed password for invalid user admin from 2.57.121.25 port 38564 ssh2
Jun 23 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: Failed password for invalid user admin from 2.57.121.25 port 38564 ssh2
Jun 23 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: Connection closed by 2.57.121.25 port 38564 [preauth]
Jun 23 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[594]: Invalid user admin from 91.92.40.6
Jun 23 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[594]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[594]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[594]: Failed password for invalid user admin from 91.92.40.6 port 50880 ssh2
Jun 23 01:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[594]: Connection closed by 91.92.40.6 port 50880 [preauth]
Jun 23 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31727]: pam_unix(cron:session): session closed for user root
Jun 23 01:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Failed password for root from 144.225.187.123 port 59952 ssh2
Jun 23 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Connection closed by 144.225.187.123 port 59952 [preauth]
Jun 23 01:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: Failed password for root from 109.237.96.109 port 33486 ssh2
Jun 23 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: Connection closed by 109.237.96.109 port 33486 [preauth]
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[694]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: Successful su for rubyman by root
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: + ??? root:rubyman
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574234 of user rubyman.
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574234.
Jun 23 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session closed for user root
Jun 23 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[695]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: Invalid user steam from 144.225.187.123
Jun 23 01:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: input_userauth_request: invalid user steam [preauth]
Jun 23 01:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: Failed password for invalid user steam from 144.225.187.123 port 44554 ssh2
Jun 23 01:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: Connection closed by 144.225.187.123 port 44554 [preauth]
Jun 23 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32162]: pam_unix(cron:session): session closed for user root
Jun 23 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1080]: Invalid user admin from 91.92.40.6
Jun 23 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1080]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1080]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1080]: Failed password for invalid user admin from 91.92.40.6 port 33474 ssh2
Jun 23 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1080]: Connection closed by 91.92.40.6 port 33474 [preauth]
Jun 23 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1090]: Failed password for root from 144.225.187.123 port 55116 ssh2
Jun 23 01:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1090]: Connection closed by 144.225.187.123 port 55116 [preauth]
Jun 23 01:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1130]: Received disconnect from 186.233.184.67 port 56052:11: disconnected by user [preauth]
Jun 23 01:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1130]: Disconnected from 186.233.184.67 port 56052 [preauth]
Jun 23 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1158]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1224]: Successful su for rubyman by root
Jun 23 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1224]: + ??? root:rubyman
Jun 23 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574238 of user rubyman.
Jun 23 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1224]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574238.
Jun 23 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30717]: pam_unix(cron:session): session closed for user root
Jun 23 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1159]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1475]: Failed password for root from 194.113.233.25 port 48786 ssh2
Jun 23 01:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1475]: Connection closed by 194.113.233.25 port 48786 [preauth]
Jun 23 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1477]: Failed password for root from 144.225.187.123 port 59336 ssh2
Jun 23 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1477]: Connection closed by 144.225.187.123 port 59336 [preauth]
Jun 23 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: Failed password for root from 38.55.97.143 port 52870 ssh2
Jun 23 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: Connection closed by 38.55.97.143 port 52870 [preauth]
Jun 23 01:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32593]: pam_unix(cron:session): session closed for user root
Jun 23 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Invalid user admin from 91.92.40.6
Jun 23 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Failed password for invalid user admin from 91.92.40.6 port 58456 ssh2
Jun 23 01:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Connection closed by 91.92.40.6 port 58456 [preauth]
Jun 23 01:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1683]: Failed password for root from 144.225.187.123 port 47200 ssh2
Jun 23 01:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1683]: Connection closed by 144.225.187.123 port 47200 [preauth]
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1715]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: Successful su for rubyman by root
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: + ??? root:rubyman
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574241 of user rubyman.
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574241.
Jun 23 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session closed for user root
Jun 23 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31220]: pam_unix(cron:session): session closed for user root
Jun 23 01:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1719]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Failed password for root from 193.24.211.107 port 25617 ssh2
Jun 23 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Received disconnect from 193.24.211.107 port 25617:11: Client disconnecting normally [preauth]
Jun 23 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Disconnected from 193.24.211.107 port 25617 [preauth]
Jun 23 01:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Failed password for root from 144.225.187.123 port 51162 ssh2
Jun 23 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Connection closed by 144.225.187.123 port 51162 [preauth]
Jun 23 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session closed for user root
Jun 23 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Failed password for root from 38.55.97.143 port 57114 ssh2
Jun 23 01:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Connection closed by 38.55.97.143 port 57114 [preauth]
Jun 23 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: Invalid user admin from 91.92.40.6
Jun 23 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Failed password for root from 144.225.187.123 port 51178 ssh2
Jun 23 01:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Connection closed by 144.225.187.123 port 51178 [preauth]
Jun 23 01:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: Failed password for invalid user admin from 91.92.40.6 port 59266 ssh2
Jun 23 01:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: Connection closed by 91.92.40.6 port 59266 [preauth]
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session closed for user root
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2377]: Successful su for rubyman by root
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2377]: + ??? root:rubyman
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574246 of user rubyman.
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2377]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574246.
Jun 23 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31726]: pam_unix(cron:session): session closed for user root
Jun 23 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session closed for user root
Jun 23 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Failed password for root from 144.225.187.123 port 52460 ssh2
Jun 23 01:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Connection closed by 144.225.187.123 port 52460 [preauth]
Jun 23 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1161]: pam_unix(cron:session): session closed for user root
Jun 23 01:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: Failed password for root from 38.55.97.143 port 60752 ssh2
Jun 23 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: Connection closed by 38.55.97.143 port 60752 [preauth]
Jun 23 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Failed password for root from 144.225.187.123 port 57234 ssh2
Jun 23 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Connection closed by 144.225.187.123 port 57234 [preauth]
Jun 23 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2842]: Successful su for rubyman by root
Jun 23 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2842]: + ??? root:rubyman
Jun 23 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574252 of user rubyman.
Jun 23 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2842]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574252.
Jun 23 01:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: Invalid user admin from 91.92.40.6
Jun 23 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32161]: pam_unix(cron:session): session closed for user root
Jun 23 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2768]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: Failed password for invalid user admin from 91.92.40.6 port 52456 ssh2
Jun 23 01:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: Connection closed by 91.92.40.6 port 52456 [preauth]
Jun 23 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1721]: pam_unix(cron:session): session closed for user root
Jun 23 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3087]: Failed password for root from 144.225.187.123 port 48836 ssh2
Jun 23 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3087]: Connection closed by 144.225.187.123 port 48836 [preauth]
Jun 23 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3175]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3236]: Successful su for rubyman by root
Jun 23 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3236]: + ??? root:rubyman
Jun 23 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574256 of user rubyman.
Jun 23 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3236]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574256.
Jun 23 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32591]: pam_unix(cron:session): session closed for user root
Jun 23 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Invalid user nvidia from 144.225.187.123
Jun 23 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: input_userauth_request: invalid user nvidia [preauth]
Jun 23 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3176]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Failed password for invalid user nvidia from 144.225.187.123 port 53996 ssh2
Jun 23 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Connection closed by 144.225.187.123 port 53996 [preauth]
Jun 23 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: Invalid user admin from 91.92.40.6
Jun 23 01:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3428]: Failed password for root from 38.55.97.143 port 34364 ssh2
Jun 23 01:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3428]: Connection closed by 38.55.97.143 port 34364 [preauth]
Jun 23 01:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: Failed password for invalid user admin from 91.92.40.6 port 46058 ssh2
Jun 23 01:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: Connection closed by 91.92.40.6 port 46058 [preauth]
Jun 23 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2306]: pam_unix(cron:session): session closed for user root
Jun 23 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: Failed password for root from 144.225.187.123 port 55922 ssh2
Jun 23 01:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: Connection closed by 144.225.187.123 port 55922 [preauth]
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3581]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3640]: Successful su for rubyman by root
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3640]: + ??? root:rubyman
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574260 of user rubyman.
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3640]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574260.
Jun 23 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[696]: pam_unix(cron:session): session closed for user root
Jun 23 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3582]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3988]: Failed password for root from 103.82.132.16 port 47206 ssh2
Jun 23 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3988]: Connection closed by 103.82.132.16 port 47206 [preauth]
Jun 23 01:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4006]: Invalid user admin from 144.225.187.123
Jun 23 01:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4006]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4006]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4006]: Failed password for invalid user admin from 144.225.187.123 port 56428 ssh2
Jun 23 01:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4006]: Connection closed by 144.225.187.123 port 56428 [preauth]
Jun 23 01:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Invalid user admin from 91.92.40.6
Jun 23 01:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Failed password for invalid user admin from 91.92.40.6 port 56300 ssh2
Jun 23 01:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Connection closed by 91.92.40.6 port 56300 [preauth]
Jun 23 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session closed for user root
Jun 23 01:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4148]: Failed password for root from 144.225.187.123 port 44742 ssh2
Jun 23 01:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4148]: Connection closed by 144.225.187.123 port 44742 [preauth]
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: Successful su for rubyman by root
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: + ??? root:rubyman
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574264 of user rubyman.
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574264.
Jun 23 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1160]: pam_unix(cron:session): session closed for user root
Jun 23 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: Failed password for root from 144.225.187.123 port 47128 ssh2
Jun 23 01:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: Connection closed by 144.225.187.123 port 47128 [preauth]
Jun 23 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3178]: pam_unix(cron:session): session closed for user root
Jun 23 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: Invalid user admin from 91.92.40.6
Jun 23 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: Failed password for invalid user admin from 91.92.40.6 port 41950 ssh2
Jun 23 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: Connection closed by 91.92.40.6 port 41950 [preauth]
Jun 23 01:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: Failed password for root from 38.55.97.143 port 60312 ssh2
Jun 23 01:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4539]: Connection closed by 38.55.97.143 port 60312 [preauth]
Jun 23 01:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: Invalid user test from 144.225.187.123
Jun 23 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: input_userauth_request: invalid user test [preauth]
Jun 23 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: Failed password for invalid user test from 144.225.187.123 port 60500 ssh2
Jun 23 01:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: Connection closed by 144.225.187.123 port 60500 [preauth]
Jun 23 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4610]: pam_unix(cron:session): session closed for user root
Jun 23 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4675]: Successful su for rubyman by root
Jun 23 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4675]: + ??? root:rubyman
Jun 23 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574272 of user rubyman.
Jun 23 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4675]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574272.
Jun 23 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session closed for user root
Jun 23 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1720]: pam_unix(cron:session): session closed for user root
Jun 23 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: Failed password for root from 144.225.187.123 port 34442 ssh2
Jun 23 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: Connection closed by 144.225.187.123 port 34442 [preauth]
Jun 23 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3584]: pam_unix(cron:session): session closed for user root
Jun 23 01:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Failed password for root from 147.45.211.215 port 60182 ssh2
Jun 23 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Connection closed by 147.45.211.215 port 60182 [preauth]
Jun 23 01:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5119]: Invalid user admin from 91.92.40.6
Jun 23 01:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5119]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5119]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5119]: Failed password for invalid user admin from 91.92.40.6 port 33420 ssh2
Jun 23 01:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5119]: Connection closed by 91.92.40.6 port 33420 [preauth]
Jun 23 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Failed password for root from 144.225.187.123 port 45204 ssh2
Jun 23 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Connection closed by 144.225.187.123 port 45204 [preauth]
Jun 23 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5141]: Failed password for root from 38.55.97.143 port 36736 ssh2
Jun 23 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5141]: Connection closed by 38.55.97.143 port 36736 [preauth]
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5153]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: Successful su for rubyman by root
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: + ??? root:rubyman
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574274 of user rubyman.
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574274.
Jun 23 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session closed for user root
Jun 23 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5154]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: Invalid user guest from 144.225.187.123
Jun 23 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: input_userauth_request: invalid user guest [preauth]
Jun 23 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: Failed password for invalid user guest from 144.225.187.123 port 33712 ssh2
Jun 23 01:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: Connection closed by 144.225.187.123 port 33712 [preauth]
Jun 23 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session closed for user root
Jun 23 01:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5559]: Invalid user admin from 91.92.40.6
Jun 23 01:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5559]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5559]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5559]: Failed password for invalid user admin from 91.92.40.6 port 41926 ssh2
Jun 23 01:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5559]: Connection closed by 91.92.40.6 port 41926 [preauth]
Jun 23 01:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5575]: pam_unix(cron:session): session closed for user root
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5577]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5636]: Successful su for rubyman by root
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5636]: + ??? root:rubyman
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574280 of user rubyman.
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5636]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574280.
Jun 23 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: Failed password for root from 144.225.187.123 port 48166 ssh2
Jun 23 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: Connection closed by 144.225.187.123 port 48166 [preauth]
Jun 23 01:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session closed for user root
Jun 23 01:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5578]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5859]: Failed password for root from 38.55.97.143 port 37736 ssh2
Jun 23 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5859]: Connection closed by 38.55.97.143 port 37736 [preauth]
Jun 23 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4609]: pam_unix(cron:session): session closed for user root
Jun 23 01:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: Invalid user admin from 144.225.187.123
Jun 23 01:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: Failed password for invalid user admin from 144.225.187.123 port 33372 ssh2
Jun 23 01:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5890]: Connection closed by 144.225.187.123 port 33372 [preauth]
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5965]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: Successful su for rubyman by root
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: + ??? root:rubyman
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574284 of user rubyman.
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574284.
Jun 23 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Invalid user admin from 91.92.40.6
Jun 23 01:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3177]: pam_unix(cron:session): session closed for user root
Jun 23 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Failed password for invalid user admin from 91.92.40.6 port 55556 ssh2
Jun 23 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Connection closed by 91.92.40.6 port 55556 [preauth]
Jun 23 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Failed password for root from 144.225.187.123 port 60652 ssh2
Jun 23 01:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Connection closed by 144.225.187.123 port 60652 [preauth]
Jun 23 01:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: Failed password for root from 103.27.238.116 port 53142 ssh2
Jun 23 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: Connection closed by 103.27.238.116 port 53142 [preauth]
Jun 23 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5156]: pam_unix(cron:session): session closed for user root
Jun 23 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: Failed password for root from 144.225.187.123 port 47750 ssh2
Jun 23 01:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: Connection closed by 144.225.187.123 port 47750 [preauth]
Jun 23 01:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: Failed password for root from 38.55.97.143 port 49438 ssh2
Jun 23 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: Connection closed by 38.55.97.143 port 49438 [preauth]
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6374]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6434]: Successful su for rubyman by root
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6434]: + ??? root:rubyman
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574287 of user rubyman.
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6434]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574287.
Jun 23 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session closed for user root
Jun 23 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6375]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6615]: Invalid user admin from 91.92.40.6
Jun 23 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6615]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6615]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6615]: Failed password for invalid user admin from 91.92.40.6 port 50606 ssh2
Jun 23 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6615]: Connection closed by 91.92.40.6 port 50606 [preauth]
Jun 23 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: Invalid user demo from 144.225.187.123
Jun 23 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: input_userauth_request: invalid user demo [preauth]
Jun 23 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: Failed password for invalid user demo from 144.225.187.123 port 33502 ssh2
Jun 23 01:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: Connection closed by 144.225.187.123 port 33502 [preauth]
Jun 23 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5580]: pam_unix(cron:session): session closed for user root
Jun 23 01:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: Failed password for root from 144.225.187.123 port 53772 ssh2
Jun 23 01:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: Connection closed by 144.225.187.123 port 53772 [preauth]
Jun 23 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6790]: pam_unix(cron:session): session closed for user root
Jun 23 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6779]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6855]: Successful su for rubyman by root
Jun 23 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6855]: + ??? root:rubyman
Jun 23 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574293 of user rubyman.
Jun 23 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6855]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574293.
Jun 23 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6784]: pam_unix(cron:session): session closed for user root
Jun 23 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session closed for user root
Jun 23 01:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6782]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7170]: Failed password for root from 38.55.97.143 port 51432 ssh2
Jun 23 01:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7170]: Connection closed by 38.55.97.143 port 51432 [preauth]
Jun 23 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7192]: Invalid user admin from 91.92.40.6
Jun 23 01:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7192]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7192]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: Failed password for root from 144.225.187.123 port 36376 ssh2
Jun 23 01:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: Connection closed by 144.225.187.123 port 36376 [preauth]
Jun 23 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7192]: Failed password for invalid user admin from 91.92.40.6 port 56336 ssh2
Jun 23 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7192]: Connection closed by 91.92.40.6 port 56336 [preauth]
Jun 23 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session closed for user root
Jun 23 01:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: Failed password for root from 144.225.187.123 port 47086 ssh2
Jun 23 01:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: Connection closed by 144.225.187.123 port 47086 [preauth]
Jun 23 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7314]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7387]: Successful su for rubyman by root
Jun 23 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7387]: + ??? root:rubyman
Jun 23 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574298 of user rubyman.
Jun 23 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7387]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574298.
Jun 23 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session closed for user root
Jun 23 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7315]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: Invalid user admin from 91.92.40.6
Jun 23 01:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: Failed password for root from 144.225.187.123 port 45066 ssh2
Jun 23 01:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: Connection closed by 144.225.187.123 port 45066 [preauth]
Jun 23 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: Failed password for invalid user admin from 91.92.40.6 port 49012 ssh2
Jun 23 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: Connection closed by 91.92.40.6 port 49012 [preauth]
Jun 23 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6377]: pam_unix(cron:session): session closed for user root
Jun 23 01:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 01:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Failed password for root from 103.122.221.179 port 44712 ssh2
Jun 23 01:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Connection closed by 103.122.221.179 port 44712 [preauth]
Jun 23 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7811]: Failed password for root from 202.178.126.219 port 30871 ssh2
Jun 23 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7811]: Connection closed by 202.178.126.219 port 30871 [preauth]
Jun 23 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7832]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7890]: Successful su for rubyman by root
Jun 23 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7890]: + ??? root:rubyman
Jun 23 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574302 of user rubyman.
Jun 23 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7890]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574302.
Jun 23 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5155]: pam_unix(cron:session): session closed for user root
Jun 23 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7821]: Failed password for root from 144.225.187.123 port 57218 ssh2
Jun 23 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7821]: Connection closed by 144.225.187.123 port 57218 [preauth]
Jun 23 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7833]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8129]: Invalid user admin from 91.92.40.6
Jun 23 01:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8129]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8129]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6789]: pam_unix(cron:session): session closed for user root
Jun 23 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8129]: Failed password for invalid user admin from 91.92.40.6 port 34382 ssh2
Jun 23 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8129]: Connection closed by 91.92.40.6 port 34382 [preauth]
Jun 23 01:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: Failed password for root from 144.225.187.123 port 60044 ssh2
Jun 23 01:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: Connection closed by 144.225.187.123 port 60044 [preauth]
Jun 23 01:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Failed password for root from 38.55.97.143 port 55022 ssh2
Jun 23 01:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Connection closed by 38.55.97.143 port 55022 [preauth]
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8281]: Successful su for rubyman by root
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8281]: + ??? root:rubyman
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574307 of user rubyman.
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8281]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574307.
Jun 23 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5579]: pam_unix(cron:session): session closed for user root
Jun 23 01:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8223]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: Failed password for root from 144.225.187.123 port 36826 ssh2
Jun 23 01:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: Connection closed by 144.225.187.123 port 36826 [preauth]
Jun 23 01:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Invalid user admin from 91.92.40.6
Jun 23 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 01:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Failed password for invalid user admin from 91.92.40.6 port 34458 ssh2
Jun 23 01:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Connection closed by 91.92.40.6 port 34458 [preauth]
Jun 23 01:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: Failed password for root from 141.98.83.240 port 5330 ssh2
Jun 23 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: Failed password for root from 141.98.83.240 port 5330 ssh2
Jun 23 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session closed for user root
Jun 23 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: Failed password for root from 141.98.83.240 port 5330 ssh2
Jun 23 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: Connection closed by 141.98.83.240 port 5330 [preauth]
Jun 23 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8534]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 01:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: Invalid user vpn from 144.225.187.123
Jun 23 01:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: input_userauth_request: invalid user vpn [preauth]
Jun 23 01:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: Failed password for invalid user vpn from 144.225.187.123 port 60130 ssh2
Jun 23 01:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: Connection closed by 144.225.187.123 port 60130 [preauth]
Jun 23 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8624]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8685]: Successful su for rubyman by root
Jun 23 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8685]: + ??? root:rubyman
Jun 23 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574310 of user rubyman.
Jun 23 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8685]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574310.
Jun 23 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session closed for user root
Jun 23 01:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Failed password for root from 38.55.97.143 port 46948 ssh2
Jun 23 01:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Connection closed by 38.55.97.143 port 46948 [preauth]
Jun 23 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8625]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: Failed password for root from 144.225.187.123 port 33134 ssh2
Jun 23 01:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: Connection closed by 144.225.187.123 port 33134 [preauth]
Jun 23 01:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Invalid user admin from 91.92.40.6
Jun 23 01:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Failed password for invalid user admin from 91.92.40.6 port 42918 ssh2
Jun 23 01:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Connection closed by 91.92.40.6 port 42918 [preauth]
Jun 23 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7835]: pam_unix(cron:session): session closed for user root
Jun 23 01:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8992]: Failed password for root from 193.24.211.107 port 21997 ssh2
Jun 23 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8992]: Received disconnect from 193.24.211.107 port 21997:11: Client disconnecting normally [preauth]
Jun 23 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8992]: Disconnected from 193.24.211.107 port 21997 [preauth]
Jun 23 01:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: Invalid user deploy from 144.225.187.123
Jun 23 01:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: input_userauth_request: invalid user deploy [preauth]
Jun 23 01:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: Failed password for invalid user deploy from 144.225.187.123 port 37348 ssh2
Jun 23 01:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: Connection closed by 144.225.187.123 port 37348 [preauth]
Jun 23 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9042]: pam_unix(cron:session): session closed for user root
Jun 23 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9037]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9106]: Successful su for rubyman by root
Jun 23 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9106]: + ??? root:rubyman
Jun 23 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574318 of user rubyman.
Jun 23 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9106]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574318.
Jun 23 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9039]: pam_unix(cron:session): session closed for user root
Jun 23 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6376]: pam_unix(cron:session): session closed for user root
Jun 23 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9038]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9334]: Failed password for root from 38.55.97.143 port 50674 ssh2
Jun 23 01:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9334]: Connection closed by 38.55.97.143 port 50674 [preauth]
Jun 23 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: Invalid user admin from 91.92.40.6
Jun 23 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9347]: Failed password for root from 144.225.187.123 port 52742 ssh2
Jun 23 01:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9347]: Connection closed by 144.225.187.123 port 52742 [preauth]
Jun 23 01:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: Failed password for invalid user admin from 91.92.40.6 port 57166 ssh2
Jun 23 01:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: Connection closed by 91.92.40.6 port 57166 [preauth]
Jun 23 01:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 01:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: Failed password for root from 103.77.175.15 port 45124 ssh2
Jun 23 01:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: Connection closed by 103.77.175.15 port 45124 [preauth]
Jun 23 01:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session closed for user root
Jun 23 01:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Failed password for root from 144.225.187.123 port 40270 ssh2
Jun 23 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Connection closed by 144.225.187.123 port 40270 [preauth]
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9465]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9529]: Successful su for rubyman by root
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9529]: + ??? root:rubyman
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574321 of user rubyman.
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9529]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574321.
Jun 23 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6787]: pam_unix(cron:session): session closed for user root
Jun 23 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9466]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: Invalid user admin from 91.92.40.6
Jun 23 01:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: Failed password for invalid user admin from 91.92.40.6 port 54074 ssh2
Jun 23 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: Connection closed by 91.92.40.6 port 54074 [preauth]
Jun 23 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: Failed password for root from 38.55.97.143 port 54866 ssh2
Jun 23 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: Connection closed by 38.55.97.143 port 54866 [preauth]
Jun 23 01:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Failed password for root from 144.225.187.123 port 55384 ssh2
Jun 23 01:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Connection closed by 144.225.187.123 port 55384 [preauth]
Jun 23 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8627]: pam_unix(cron:session): session closed for user root
Jun 23 01:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Received disconnect from 198.199.106.159 port 41428:11: disconnected by user [preauth]
Jun 23 01:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Disconnected from 198.199.106.159 port 41428 [preauth]
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9892]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10108]: Successful su for rubyman by root
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10108]: + ??? root:rubyman
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574324 of user rubyman.
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10108]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574324.
Jun 23 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7316]: pam_unix(cron:session): session closed for user root
Jun 23 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Failed password for root from 144.225.187.123 port 55292 ssh2
Jun 23 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Connection closed by 144.225.187.123 port 55292 [preauth]
Jun 23 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9893]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Invalid user admin from 91.92.40.6
Jun 23 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Failed password for invalid user admin from 91.92.40.6 port 47354 ssh2
Jun 23 01:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Connection closed by 91.92.40.6 port 47354 [preauth]
Jun 23 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9041]: pam_unix(cron:session): session closed for user root
Jun 23 01:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: Failed password for root from 144.225.187.123 port 44440 ssh2
Jun 23 01:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: Connection closed by 144.225.187.123 port 44440 [preauth]
Jun 23 01:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 01:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: Failed password for root from 80.66.85.226 port 36568 ssh2
Jun 23 01:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: Connection closed by 80.66.85.226 port 36568 [preauth]
Jun 23 01:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10532]: Failed password for root from 38.55.97.143 port 33754 ssh2
Jun 23 01:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10532]: Connection closed by 38.55.97.143 port 33754 [preauth]
Jun 23 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10545]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10614]: Successful su for rubyman by root
Jun 23 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10614]: + ??? root:rubyman
Jun 23 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574328 of user rubyman.
Jun 23 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10614]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574328.
Jun 23 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7834]: pam_unix(cron:session): session closed for user root
Jun 23 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10546]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: Invalid user admin from 144.225.187.123
Jun 23 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: Failed password for invalid user admin from 144.225.187.123 port 54478 ssh2
Jun 23 01:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: Connection closed by 144.225.187.123 port 54478 [preauth]
Jun 23 01:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: Invalid user admin from 91.92.40.6
Jun 23 01:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: Failed password for invalid user admin from 91.92.40.6 port 57302 ssh2
Jun 23 01:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: Connection closed by 91.92.40.6 port 57302 [preauth]
Jun 23 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9468]: pam_unix(cron:session): session closed for user root
Jun 23 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Invalid user alan from 144.225.187.123
Jun 23 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: input_userauth_request: invalid user alan [preauth]
Jun 23 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Failed password for invalid user alan from 144.225.187.123 port 51704 ssh2
Jun 23 01:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Connection closed by 144.225.187.123 port 51704 [preauth]
Jun 23 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10980]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: Successful su for rubyman by root
Jun 23 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: + ??? root:rubyman
Jun 23 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574331 of user rubyman.
Jun 23 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574331.
Jun 23 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8224]: pam_unix(cron:session): session closed for user root
Jun 23 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10981]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11252]: Invalid user admin from 144.225.187.123
Jun 23 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11252]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11252]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11252]: Failed password for invalid user admin from 144.225.187.123 port 53110 ssh2
Jun 23 01:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11252]: Connection closed by 144.225.187.123 port 53110 [preauth]
Jun 23 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: Invalid user admin from 91.92.40.6
Jun 23 01:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: Failed password for invalid user admin from 91.92.40.6 port 56886 ssh2
Jun 23 01:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: Connection closed by 91.92.40.6 port 56886 [preauth]
Jun 23 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9901]: pam_unix(cron:session): session closed for user root
Jun 23 01:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: Failed password for root from 144.225.187.123 port 48948 ssh2
Jun 23 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: Connection closed by 144.225.187.123 port 48948 [preauth]
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11400]: pam_unix(cron:session): session closed for user root
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11395]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11473]: Successful su for rubyman by root
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11473]: + ??? root:rubyman
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574339 of user rubyman.
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11473]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574339.
Jun 23 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11397]: pam_unix(cron:session): session closed for user root
Jun 23 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8626]: pam_unix(cron:session): session closed for user root
Jun 23 01:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11396]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: Failed password for root from 38.55.97.143 port 45170 ssh2
Jun 23 01:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: Connection closed by 38.55.97.143 port 45170 [preauth]
Jun 23 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: Failed password for root from 144.225.187.123 port 53484 ssh2
Jun 23 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: Connection closed by 144.225.187.123 port 53484 [preauth]
Jun 23 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: Invalid user admin from 91.92.40.6
Jun 23 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: Failed password for invalid user admin from 91.92.40.6 port 59140 ssh2
Jun 23 01:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: Connection closed by 91.92.40.6 port 59140 [preauth]
Jun 23 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10548]: pam_unix(cron:session): session closed for user root
Jun 23 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: Connection closed by 194.59.206.2 port 48312 [preauth]
Jun 23 01:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11857]: Failed password for root from 144.225.187.123 port 52030 ssh2
Jun 23 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11857]: Connection closed by 144.225.187.123 port 52030 [preauth]
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11878]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11970]: Successful su for rubyman by root
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11970]: + ??? root:rubyman
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574341 of user rubyman.
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11970]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574341.
Jun 23 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9040]: pam_unix(cron:session): session closed for user root
Jun 23 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11879]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Invalid user username from 144.225.187.123
Jun 23 01:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: input_userauth_request: invalid user username [preauth]
Jun 23 01:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: Invalid user admin from 91.92.40.6
Jun 23 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Failed password for invalid user username from 144.225.187.123 port 54660 ssh2
Jun 23 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Connection closed by 144.225.187.123 port 54660 [preauth]
Jun 23 01:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: Failed password for invalid user admin from 91.92.40.6 port 51214 ssh2
Jun 23 01:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: Connection closed by 91.92.40.6 port 51214 [preauth]
Jun 23 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10983]: pam_unix(cron:session): session closed for user root
Jun 23 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Received disconnect from 148.153.121.224 port 47778:11: disconnected by user [preauth]
Jun 23 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Disconnected from 148.153.121.224 port 47778 [preauth]
Jun 23 01:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: Failed password for root from 38.55.97.143 port 42440 ssh2
Jun 23 01:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: Connection closed by 38.55.97.143 port 42440 [preauth]
Jun 23 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12441]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Failed password for root from 144.225.187.123 port 44024 ssh2
Jun 23 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Connection closed by 144.225.187.123 port 44024 [preauth]
Jun 23 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12505]: Successful su for rubyman by root
Jun 23 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12505]: + ??? root:rubyman
Jun 23 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574346 of user rubyman.
Jun 23 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12505]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574346.
Jun 23 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9467]: pam_unix(cron:session): session closed for user root
Jun 23 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12442]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Invalid user admin from 91.92.40.6
Jun 23 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: Failed password for root from 144.225.187.123 port 39228 ssh2
Jun 23 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: Connection closed by 144.225.187.123 port 39228 [preauth]
Jun 23 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11399]: pam_unix(cron:session): session closed for user root
Jun 23 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Failed password for invalid user admin from 91.92.40.6 port 60800 ssh2
Jun 23 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Connection closed by 91.92.40.6 port 60800 [preauth]
Jun 23 01:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12790]: Connection closed by 118.69.233.167 port 54847 [preauth]
Jun 23 01:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Invalid user asd from 118.69.233.167
Jun 23 01:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: input_userauth_request: invalid user asd [preauth]
Jun 23 01:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.69.233.167
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12866]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12929]: Successful su for rubyman by root
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12929]: + ??? root:rubyman
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574350 of user rubyman.
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12929]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574350.
Jun 23 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Failed password for invalid user asd from 118.69.233.167 port 57938 ssh2
Jun 23 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Connection closed by 118.69.233.167 port 57938 [preauth]
Jun 23 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9900]: pam_unix(cron:session): session closed for user root
Jun 23 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12867]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Failed password for root from 144.225.187.123 port 33750 ssh2
Jun 23 01:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Connection closed by 144.225.187.123 port 33750 [preauth]
Jun 23 01:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11882]: pam_unix(cron:session): session closed for user root
Jun 23 01:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: Invalid user admin from 91.92.40.6
Jun 23 01:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: Failed password for invalid user admin from 91.92.40.6 port 35172 ssh2
Jun 23 01:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: Connection closed by 91.92.40.6 port 35172 [preauth]
Jun 23 01:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: Failed password for root from 144.225.187.123 port 42974 ssh2
Jun 23 01:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: Connection closed by 144.225.187.123 port 42974 [preauth]
Jun 23 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13279]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13342]: Successful su for rubyman by root
Jun 23 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13342]: + ??? root:rubyman
Jun 23 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574354 of user rubyman.
Jun 23 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13342]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574354.
Jun 23 01:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10547]: pam_unix(cron:session): session closed for user root
Jun 23 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13281]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: Invalid user rema from 144.225.187.123
Jun 23 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: input_userauth_request: invalid user rema [preauth]
Jun 23 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: Failed password for invalid user rema from 144.225.187.123 port 41114 ssh2
Jun 23 01:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: Connection closed by 144.225.187.123 port 41114 [preauth]
Jun 23 01:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12445]: pam_unix(cron:session): session closed for user root
Jun 23 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: Invalid user admin from 91.92.40.6
Jun 23 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: Failed password for invalid user admin from 91.92.40.6 port 59536 ssh2
Jun 23 01:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: Connection closed by 91.92.40.6 port 59536 [preauth]
Jun 23 01:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: Failed password for root from 144.225.187.123 port 50378 ssh2
Jun 23 01:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: Connection closed by 144.225.187.123 port 50378 [preauth]
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session closed for user root
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13675]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13757]: Successful su for rubyman by root
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13757]: + ??? root:rubyman
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574357 of user rubyman.
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13757]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574357.
Jun 23 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13677]: pam_unix(cron:session): session closed for user root
Jun 23 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10982]: pam_unix(cron:session): session closed for user root
Jun 23 01:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13676]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: Failed password for root from 144.225.187.123 port 33174 ssh2
Jun 23 01:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: Connection closed by 144.225.187.123 port 33174 [preauth]
Jun 23 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12870]: pam_unix(cron:session): session closed for user root
Jun 23 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: Invalid user admin from 91.92.40.6
Jun 23 01:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: Failed password for invalid user admin from 91.92.40.6 port 44804 ssh2
Jun 23 01:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: Connection closed by 91.92.40.6 port 44804 [preauth]
Jun 23 01:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Invalid user test from 144.225.187.123
Jun 23 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: input_userauth_request: invalid user test [preauth]
Jun 23 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Failed password for invalid user test from 144.225.187.123 port 57546 ssh2
Jun 23 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Connection closed by 144.225.187.123 port 57546 [preauth]
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14195]: Successful su for rubyman by root
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14195]: + ??? root:rubyman
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574363 of user rubyman.
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14195]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574363.
Jun 23 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11398]: pam_unix(cron:session): session closed for user root
Jun 23 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Invalid user odroid from 144.225.187.123
Jun 23 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: input_userauth_request: invalid user odroid [preauth]
Jun 23 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Failed password for invalid user odroid from 144.225.187.123 port 44484 ssh2
Jun 23 01:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Connection closed by 144.225.187.123 port 44484 [preauth]
Jun 23 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13283]: pam_unix(cron:session): session closed for user root
Jun 23 01:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Failed password for root from 38.55.97.143 port 45376 ssh2
Jun 23 01:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Connection closed by 38.55.97.143 port 45376 [preauth]
Jun 23 01:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: Invalid user admin from 91.92.40.6
Jun 23 01:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: Failed password for invalid user admin from 91.92.40.6 port 54934 ssh2
Jun 23 01:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: Connection closed by 91.92.40.6 port 54934 [preauth]
Jun 23 01:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Invalid user ftpuser from 144.225.187.123
Jun 23 01:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 01:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Failed password for invalid user ftpuser from 144.225.187.123 port 37424 ssh2
Jun 23 01:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Connection closed by 144.225.187.123 port 37424 [preauth]
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14525]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: Successful su for rubyman by root
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: + ??? root:rubyman
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574368 of user rubyman.
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574368.
Jun 23 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11880]: pam_unix(cron:session): session closed for user root
Jun 23 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14526]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Failed password for root from 144.225.187.123 port 45284 ssh2
Jun 23 01:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Connection closed by 144.225.187.123 port 45284 [preauth]
Jun 23 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13679]: pam_unix(cron:session): session closed for user root
Jun 23 01:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Invalid user admin from 91.92.40.6
Jun 23 01:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Failed password for invalid user admin from 91.92.40.6 port 55824 ssh2
Jun 23 01:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Connection closed by 91.92.40.6 port 55824 [preauth]
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15071]: Successful su for rubyman by root
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15071]: + ??? root:rubyman
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574371 of user rubyman.
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15071]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574371.
Jun 23 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12444]: pam_unix(cron:session): session closed for user root
Jun 23 01:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15013]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: Invalid user ftpuser from 144.225.187.123
Jun 23 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: Failed password for invalid user ftpuser from 144.225.187.123 port 45378 ssh2
Jun 23 01:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: Connection closed by 144.225.187.123 port 45378 [preauth]
Jun 23 01:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14131]: pam_unix(cron:session): session closed for user root
Jun 23 01:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15360]: Invalid user admin from 91.92.40.6
Jun 23 01:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15360]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15360]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15360]: Failed password for invalid user admin from 91.92.40.6 port 50504 ssh2
Jun 23 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15360]: Connection closed by 91.92.40.6 port 50504 [preauth]
Jun 23 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Failed password for root from 144.225.187.123 port 40378 ssh2
Jun 23 01:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Connection closed by 144.225.187.123 port 40378 [preauth]
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15419]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: Successful su for rubyman by root
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: + ??? root:rubyman
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574375 of user rubyman.
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574375.
Jun 23 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15417]: pam_unix(cron:session): session closed for user root
Jun 23 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12869]: pam_unix(cron:session): session closed for user root
Jun 23 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15420]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: Failed password for root from 144.225.187.123 port 34656 ssh2
Jun 23 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: Connection closed by 144.225.187.123 port 34656 [preauth]
Jun 23 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14528]: pam_unix(cron:session): session closed for user root
Jun 23 01:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Invalid user admin from 91.92.40.6
Jun 23 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Failed password for invalid user admin from 91.92.40.6 port 34536 ssh2
Jun 23 01:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Connection closed by 91.92.40.6 port 34536 [preauth]
Jun 23 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: Invalid user oracle from 144.225.187.123
Jun 23 01:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: input_userauth_request: invalid user oracle [preauth]
Jun 23 01:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: Failed password for invalid user oracle from 144.225.187.123 port 42134 ssh2
Jun 23 01:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: Connection closed by 144.225.187.123 port 42134 [preauth]
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15904]: pam_unix(cron:session): session closed for user root
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15966]: Successful su for rubyman by root
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15966]: + ??? root:rubyman
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574382 of user rubyman.
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15966]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574382.
Jun 23 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session closed for user root
Jun 23 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13282]: pam_unix(cron:session): session closed for user root
Jun 23 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Invalid user admin from 193.46.255.86
Jun 23 01:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 01:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Failed password for invalid user admin from 193.46.255.86 port 62092 ssh2
Jun 23 01:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Failed password for invalid user admin from 193.46.255.86 port 62092 ssh2
Jun 23 01:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: Failed password for root from 144.225.187.123 port 52380 ssh2
Jun 23 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: Connection closed by 144.225.187.123 port 52380 [preauth]
Jun 23 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Failed password for invalid user admin from 193.46.255.86 port 62092 ssh2
Jun 23 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Connection closed by 193.46.255.86 port 62092 [preauth]
Jun 23 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 01:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Failed password for root from 193.24.211.107 port 13949 ssh2
Jun 23 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Received disconnect from 193.24.211.107 port 13949:11: Client disconnecting normally [preauth]
Jun 23 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Disconnected from 193.24.211.107 port 13949 [preauth]
Jun 23 01:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session closed for user root
Jun 23 01:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Invalid user admin from 91.92.40.6
Jun 23 01:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Failed password for invalid user admin from 91.92.40.6 port 40752 ssh2
Jun 23 01:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Connection closed by 91.92.40.6 port 40752 [preauth]
Jun 23 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Failed password for root from 144.225.187.123 port 60558 ssh2
Jun 23 01:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Connection closed by 144.225.187.123 port 60558 [preauth]
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16323]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: Successful su for rubyman by root
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: + ??? root:rubyman
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574387 of user rubyman.
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574387.
Jun 23 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13678]: pam_unix(cron:session): session closed for user root
Jun 23 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Failed password for root from 147.45.199.80 port 41248 ssh2
Jun 23 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Connection closed by 147.45.199.80 port 41248 [preauth]
Jun 23 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16324]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16587]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16587]: Received disconnect from 192.95.10.202 port 9166:11: disconnected by user [preauth]
Jun 23 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16587]: Disconnected from 192.95.10.202 port 9166 [preauth]
Jun 23 01:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Invalid user aaa from 144.225.187.123
Jun 23 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: input_userauth_request: invalid user aaa [preauth]
Jun 23 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Failed password for invalid user aaa from 144.225.187.123 port 45646 ssh2
Jun 23 01:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Connection closed by 144.225.187.123 port 45646 [preauth]
Jun 23 01:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15422]: pam_unix(cron:session): session closed for user root
Jun 23 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: Invalid user ansible from 91.92.40.6
Jun 23 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: input_userauth_request: invalid user ansible [preauth]
Jun 23 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: Failed password for invalid user ansible from 91.92.40.6 port 49422 ssh2
Jun 23 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: Connection closed by 91.92.40.6 port 49422 [preauth]
Jun 23 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Invalid user debian from 144.225.187.123
Jun 23 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: input_userauth_request: invalid user debian [preauth]
Jun 23 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: Successful su for rubyman by root
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: + ??? root:rubyman
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574391 of user rubyman.
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574391.
Jun 23 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Failed password for invalid user debian from 144.225.187.123 port 37878 ssh2
Jun 23 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Connection closed by 144.225.187.123 port 37878 [preauth]
Jun 23 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session closed for user root
Jun 23 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16731]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Invalid user user from 144.225.187.123
Jun 23 01:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: input_userauth_request: invalid user user [preauth]
Jun 23 01:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15903]: pam_unix(cron:session): session closed for user root
Jun 23 01:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Failed password for invalid user user from 144.225.187.123 port 58572 ssh2
Jun 23 01:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Connection closed by 144.225.187.123 port 58572 [preauth]
Jun 23 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: Invalid user ansible from 91.92.40.6
Jun 23 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: input_userauth_request: invalid user ansible [preauth]
Jun 23 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: Failed password for invalid user ansible from 91.92.40.6 port 56748 ssh2
Jun 23 01:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: Connection closed by 91.92.40.6 port 56748 [preauth]
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17230]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17296]: Successful su for rubyman by root
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17296]: + ??? root:rubyman
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574395 of user rubyman.
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17296]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574395.
Jun 23 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14527]: pam_unix(cron:session): session closed for user root
Jun 23 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17231]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: Failed password for root from 144.225.187.123 port 44912 ssh2
Jun 23 01:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: Connection closed by 144.225.187.123 port 44912 [preauth]
Jun 23 01:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: Failed password for root from 38.93.206.2 port 30344 ssh2
Jun 23 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: Connection closed by 38.93.206.2 port 30344 [preauth]
Jun 23 01:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16326]: pam_unix(cron:session): session closed for user root
Jun 23 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: Invalid user apache from 91.92.40.6
Jun 23 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: input_userauth_request: invalid user apache [preauth]
Jun 23 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: Failed password for invalid user apache from 91.92.40.6 port 50486 ssh2
Jun 23 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: Connection closed by 91.92.40.6 port 50486 [preauth]
Jun 23 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: Invalid user vagrant from 144.225.187.123
Jun 23 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: input_userauth_request: invalid user vagrant [preauth]
Jun 23 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: Failed password for invalid user vagrant from 144.225.187.123 port 45920 ssh2
Jun 23 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: Connection closed by 144.225.187.123 port 45920 [preauth]
Jun 23 01:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Failed password for root from 38.55.97.143 port 40548 ssh2
Jun 23 01:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Connection closed by 38.55.97.143 port 40548 [preauth]
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17674]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17800]: Successful su for rubyman by root
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17800]: + ??? root:rubyman
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574398 of user rubyman.
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17800]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574398.
Jun 23 01:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15014]: pam_unix(cron:session): session closed for user root
Jun 23 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17675]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Failed password for root from 144.225.187.123 port 34770 ssh2
Jun 23 01:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Connection closed by 144.225.187.123 port 34770 [preauth]
Jun 23 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session closed for user root
Jun 23 01:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Invalid user apache from 91.92.40.6
Jun 23 01:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: input_userauth_request: invalid user apache [preauth]
Jun 23 01:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Failed password for invalid user apache from 91.92.40.6 port 38154 ssh2
Jun 23 01:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Connection closed by 91.92.40.6 port 38154 [preauth]
Jun 23 01:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: Failed password for root from 144.225.187.123 port 56474 ssh2
Jun 23 01:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: Connection closed by 144.225.187.123 port 56474 [preauth]
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18169]: pam_unix(cron:session): session closed for user root
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18163]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18239]: Successful su for rubyman by root
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18239]: + ??? root:rubyman
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574406 of user rubyman.
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18239]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574406.
Jun 23 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18166]: pam_unix(cron:session): session closed for user root
Jun 23 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15421]: pam_unix(cron:session): session closed for user root
Jun 23 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18164]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: Failed password for root from 144.225.187.123 port 40128 ssh2
Jun 23 01:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: Connection closed by 144.225.187.123 port 40128 [preauth]
Jun 23 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17233]: pam_unix(cron:session): session closed for user root
Jun 23 01:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Invalid user apache from 91.92.40.6
Jun 23 01:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: input_userauth_request: invalid user apache [preauth]
Jun 23 01:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6
Jun 23 01:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Failed password for invalid user apache from 91.92.40.6 port 35950 ssh2
Jun 23 01:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Connection closed by 91.92.40.6 port 35950 [preauth]
Jun 23 01:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Failed password for root from 144.225.187.123 port 38018 ssh2
Jun 23 01:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Connection closed by 144.225.187.123 port 38018 [preauth]
Jun 23 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18786]: Successful su for rubyman by root
Jun 23 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18786]: + ??? root:rubyman
Jun 23 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574410 of user rubyman.
Jun 23 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18786]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574410.
Jun 23 01:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15902]: pam_unix(cron:session): session closed for user root
Jun 23 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: Invalid user test from 144.225.187.123
Jun 23 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: input_userauth_request: invalid user test [preauth]
Jun 23 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: Failed password for invalid user test from 144.225.187.123 port 41072 ssh2
Jun 23 01:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: Connection closed by 144.225.187.123 port 41072 [preauth]
Jun 23 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17680]: pam_unix(cron:session): session closed for user root
Jun 23 01:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 23 01:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Failed password for root from 46.19.67.181 port 41824 ssh2
Jun 23 01:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Connection closed by 46.19.67.181 port 41824 [preauth]
Jun 23 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: User backup from 91.92.40.6 not allowed because not listed in AllowUsers
Jun 23 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: input_userauth_request: invalid user backup [preauth]
Jun 23 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=backup
Jun 23 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Failed password for invalid user backup from 91.92.40.6 port 50566 ssh2
Jun 23 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Connection closed by 91.92.40.6 port 50566 [preauth]
Jun 23 01:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19235]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Failed password for root from 144.225.187.123 port 60834 ssh2
Jun 23 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19299]: Successful su for rubyman by root
Jun 23 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19299]: + ??? root:rubyman
Jun 23 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Connection closed by 144.225.187.123 port 60834 [preauth]
Jun 23 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574412 of user rubyman.
Jun 23 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19299]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574412.
Jun 23 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16325]: pam_unix(cron:session): session closed for user root
Jun 23 01:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19237]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session closed for user root
Jun 23 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: Failed password for root from 144.225.187.123 port 37236 ssh2
Jun 23 01:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19752]: Connection closed by 144.225.187.123 port 37236 [preauth]
Jun 23 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: User backup from 91.92.40.6 not allowed because not listed in AllowUsers
Jun 23 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: input_userauth_request: invalid user backup [preauth]
Jun 23 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=backup
Jun 23 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19913]: Successful su for rubyman by root
Jun 23 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19913]: + ??? root:rubyman
Jun 23 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574416 of user rubyman.
Jun 23 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19913]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574416.
Jun 23 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Failed password for invalid user backup from 91.92.40.6 port 36254 ssh2
Jun 23 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Connection closed by 91.92.40.6 port 36254 [preauth]
Jun 23 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16732]: pam_unix(cron:session): session closed for user root
Jun 23 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20093]: Invalid user debian from 144.225.187.123
Jun 23 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20093]: input_userauth_request: invalid user debian [preauth]
Jun 23 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20093]: Failed password for invalid user debian from 144.225.187.123 port 43760 ssh2
Jun 23 01:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20093]: Connection closed by 144.225.187.123 port 43760 [preauth]
Jun 23 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session closed for user root
Jun 23 01:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: Failed password for root from 144.225.187.123 port 32852 ssh2
Jun 23 01:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: Connection closed by 144.225.187.123 port 32852 [preauth]
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20420]: Successful su for rubyman by root
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20420]: + ??? root:rubyman
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574420 of user rubyman.
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20420]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574420.
Jun 23 01:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17232]: pam_unix(cron:session): session closed for user root
Jun 23 01:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: User backup from 91.92.40.6 not allowed because not listed in AllowUsers
Jun 23 01:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: input_userauth_request: invalid user backup [preauth]
Jun 23 01:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.6  user=backup
Jun 23 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: Failed password for invalid user backup from 91.92.40.6 port 53556 ssh2
Jun 23 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: Connection closed by 91.92.40.6 port 53556 [preauth]
Jun 23 01:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: Invalid user admin from 144.225.187.123
Jun 23 01:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: Failed password for invalid user admin from 144.225.187.123 port 47808 ssh2
Jun 23 01:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: Connection closed by 144.225.187.123 port 47808 [preauth]
Jun 23 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 01:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: Failed password for root from 62.133.62.83 port 43474 ssh2
Jun 23 01:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: Connection closed by 62.133.62.83 port 43474 [preauth]
Jun 23 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19239]: pam_unix(cron:session): session closed for user root
Jun 23 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: Failed password for root from 144.225.187.123 port 45034 ssh2
Jun 23 01:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: Connection closed by 144.225.187.123 port 45034 [preauth]
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20865]: pam_unix(cron:session): session closed for user root
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20931]: Successful su for rubyman by root
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20931]: + ??? root:rubyman
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574429 of user rubyman.
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20931]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574429.
Jun 23 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20862]: pam_unix(cron:session): session closed for user root
Jun 23 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17679]: pam_unix(cron:session): session closed for user root
Jun 23 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20861]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: Failed password for root from 144.225.187.123 port 49782 ssh2
Jun 23 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: Connection closed by 144.225.187.123 port 49782 [preauth]
Jun 23 01:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21189]: Failed password for root from 38.55.97.143 port 56808 ssh2
Jun 23 01:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21189]: Connection closed by 38.55.97.143 port 56808 [preauth]
Jun 23 01:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session closed for user root
Jun 23 01:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: Failed password for root from 144.225.187.123 port 42592 ssh2
Jun 23 01:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: Connection closed by 144.225.187.123 port 42592 [preauth]
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21301]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21376]: Successful su for rubyman by root
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21376]: + ??? root:rubyman
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574431 of user rubyman.
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21376]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574431.
Jun 23 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session closed for user root
Jun 23 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21302]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 01:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Failed password for root from 77.94.47.83 port 51086 ssh2
Jun 23 01:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Connection closed by 77.94.47.83 port 51086 [preauth]
Jun 23 01:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: Failed password for root from 144.225.187.123 port 54708 ssh2
Jun 23 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: Connection closed by 144.225.187.123 port 54708 [preauth]
Jun 23 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20346]: pam_unix(cron:session): session closed for user root
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21743]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21816]: Successful su for rubyman by root
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21816]: + ??? root:rubyman
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574434 of user rubyman.
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21816]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574434.
Jun 23 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session closed for user root
Jun 23 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Failed password for root from 144.225.187.123 port 52048 ssh2
Jun 23 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Connection closed by 144.225.187.123 port 52048 [preauth]
Jun 23 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21744]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20864]: pam_unix(cron:session): session closed for user root
Jun 23 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: Invalid user ansible from 144.225.187.123
Jun 23 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: input_userauth_request: invalid user ansible [preauth]
Jun 23 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Failed password for root from 87.251.79.125 port 40046 ssh2
Jun 23 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Connection closed by 87.251.79.125 port 40046 [preauth]
Jun 23 01:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: Failed password for invalid user ansible from 144.225.187.123 port 60466 ssh2
Jun 23 01:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: Connection closed by 144.225.187.123 port 60466 [preauth]
Jun 23 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22159]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22224]: Successful su for rubyman by root
Jun 23 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22224]: + ??? root:rubyman
Jun 23 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574438 of user rubyman.
Jun 23 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22224]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574438.
Jun 23 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19238]: pam_unix(cron:session): session closed for user root
Jun 23 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22160]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Failed password for root from 144.225.187.123 port 56246 ssh2
Jun 23 01:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Connection closed by 144.225.187.123 port 56246 [preauth]
Jun 23 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21304]: pam_unix(cron:session): session closed for user root
Jun 23 01:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Failed password for root from 144.225.187.123 port 53152 ssh2
Jun 23 01:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Connection closed by 144.225.187.123 port 53152 [preauth]
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22644]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22707]: Successful su for rubyman by root
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22707]: + ??? root:rubyman
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574442 of user rubyman.
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22707]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574442.
Jun 23 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session closed for user root
Jun 23 01:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22645]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Failed password for root from 144.225.187.123 port 47778 ssh2
Jun 23 01:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Connection closed by 144.225.187.123 port 47778 [preauth]
Jun 23 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21746]: pam_unix(cron:session): session closed for user root
Jun 23 01:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: Failed password for root from 144.225.187.123 port 35456 ssh2
Jun 23 01:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: Connection closed by 144.225.187.123 port 35456 [preauth]
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23054]: pam_unix(cron:session): session closed for user root
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23049]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23121]: Successful su for rubyman by root
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23121]: + ??? root:rubyman
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574446 of user rubyman.
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23121]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574446.
Jun 23 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20345]: pam_unix(cron:session): session closed for user root
Jun 23 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23051]: pam_unix(cron:session): session closed for user root
Jun 23 01:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23050]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23379]: Failed password for root from 51.250.105.222 port 59124 ssh2
Jun 23 01:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23379]: Connection closed by 51.250.105.222 port 59124 [preauth]
Jun 23 01:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: Failed password for root from 144.225.187.123 port 60980 ssh2
Jun 23 01:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: Connection closed by 144.225.187.123 port 60980 [preauth]
Jun 23 01:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: Received disconnect from 209.90.232.249 port 48606:11: disconnected by user [preauth]
Jun 23 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: Disconnected from 209.90.232.249 port 48606 [preauth]
Jun 23 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22162]: pam_unix(cron:session): session closed for user root
Jun 23 01:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: Invalid user testuser from 144.225.187.123
Jun 23 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: input_userauth_request: invalid user testuser [preauth]
Jun 23 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: Failed password for invalid user testuser from 144.225.187.123 port 59638 ssh2
Jun 23 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: Connection closed by 144.225.187.123 port 59638 [preauth]
Jun 23 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 01:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: Failed password for root from 193.24.211.107 port 57140 ssh2
Jun 23 01:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: Received disconnect from 193.24.211.107 port 57140:11: Client disconnecting normally [preauth]
Jun 23 01:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: Disconnected from 193.24.211.107 port 57140 [preauth]
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23519]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23587]: Successful su for rubyman by root
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23587]: + ??? root:rubyman
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574452 of user rubyman.
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23587]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574452.
Jun 23 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20863]: pam_unix(cron:session): session closed for user root
Jun 23 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 01:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: Failed password for root from 103.153.68.219 port 45998 ssh2
Jun 23 01:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: Connection closed by 103.153.68.219 port 45998 [preauth]
Jun 23 01:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Failed password for root from 144.225.187.123 port 60054 ssh2
Jun 23 01:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Connection closed by 144.225.187.123 port 60054 [preauth]
Jun 23 01:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22647]: pam_unix(cron:session): session closed for user root
Jun 23 01:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24042]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24105]: Successful su for rubyman by root
Jun 23 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24105]: + ??? root:rubyman
Jun 23 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: Failed password for root from 144.225.187.123 port 37272 ssh2
Jun 23 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574456 of user rubyman.
Jun 23 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24105]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574456.
Jun 23 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: Connection closed by 144.225.187.123 port 37272 [preauth]
Jun 23 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21303]: pam_unix(cron:session): session closed for user root
Jun 23 01:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Failed password for root from 38.55.97.143 port 53640 ssh2
Jun 23 01:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Connection closed by 38.55.97.143 port 53640 [preauth]
Jun 23 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24043]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Invalid user test1 from 144.225.187.123
Jun 23 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: input_userauth_request: invalid user test1 [preauth]
Jun 23 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23053]: pam_unix(cron:session): session closed for user root
Jun 23 01:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Failed password for invalid user test1 from 144.225.187.123 port 50362 ssh2
Jun 23 01:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Connection closed by 144.225.187.123 port 50362 [preauth]
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24460]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24528]: Successful su for rubyman by root
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24528]: + ??? root:rubyman
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574460 of user rubyman.
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24528]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574460.
Jun 23 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21745]: pam_unix(cron:session): session closed for user root
Jun 23 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24461]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Failed password for root from 144.225.187.123 port 58978 ssh2
Jun 23 01:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Connection closed by 144.225.187.123 port 58978 [preauth]
Jun 23 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23522]: pam_unix(cron:session): session closed for user root
Jun 23 01:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Failed password for root from 144.225.187.123 port 50728 ssh2
Jun 23 01:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Connection closed by 144.225.187.123 port 50728 [preauth]
Jun 23 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session closed for user p13x
Jun 23 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: Successful su for rubyman by root
Jun 23 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: + ??? root:rubyman
Jun 23 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574466 of user rubyman.
Jun 23 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: pam_unix(su:session): session closed for user rubyman
Jun 23 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574466.
Jun 23 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: Invalid user  from 141.98.83.240
Jun 23 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: input_userauth_request: invalid user  [preauth]
Jun 23 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22161]: pam_unix(cron:session): session closed for user root
Jun 23 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: Failed password for invalid user  from 141.98.83.240 port 20802 ssh2
Jun 23 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: Connection closed by 141.98.83.240 port 20802 [preauth]
Jun 23 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Invalid user admin from 141.98.83.240
Jun 23 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: input_userauth_request: invalid user admin [preauth]
Jun 23 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24894]: pam_unix(cron:session): session closed for user samftp
Jun 23 01:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Failed password for invalid user admin from 141.98.83.240 port 20814 ssh2
Jun 23 01:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Failed password for invalid user admin from 141.98.83.240 port 20814 ssh2
Jun 23 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Connection closed by 141.98.83.240 port 20814 [preauth]
Jun 23 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Invalid user ali from 144.225.187.123
Jun 23 01:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: input_userauth_request: invalid user ali [preauth]
Jun 23 01:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 01:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 01:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Failed password for invalid user ali from 144.225.187.123 port 39888 ssh2
Jun 23 01:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Connection closed by 144.225.187.123 port 39888 [preauth]
Jun 23 01:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24045]: pam_unix(cron:session): session closed for user root
Jun 23 01:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25249]: Received disconnect from 212.192.240.126 port 4282:11: disconnected by user [preauth]
Jun 23 01:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25249]: Disconnected from 212.192.240.126 port 4282 [preauth]
Jun 23 01:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 01:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 01:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Failed password for root from 144.225.187.123 port 34342 ssh2
Jun 23 01:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Connection closed by 144.225.187.123 port 34342 [preauth]
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session closed for user root
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25300]: pam_unix(cron:session): session closed for user root
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25386]: Successful su for rubyman by root
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25386]: + ??? root:rubyman
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574471 of user rubyman.
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25386]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574471.
Jun 23 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25301]: pam_unix(cron:session): session closed for user root
Jun 23 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22646]: pam_unix(cron:session): session closed for user root
Jun 23 02:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: Invalid user teste from 144.225.187.123
Jun 23 02:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: input_userauth_request: invalid user teste [preauth]
Jun 23 02:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: Failed password for invalid user teste from 144.225.187.123 port 37112 ssh2
Jun 23 02:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: Connection closed by 144.225.187.123 port 37112 [preauth]
Jun 23 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session closed for user root
Jun 23 02:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Invalid user admin from 144.225.187.123
Jun 23 02:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: input_userauth_request: invalid user admin [preauth]
Jun 23 02:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Failed password for invalid user admin from 144.225.187.123 port 39942 ssh2
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Connection closed by 144.225.187.123 port 39942 [preauth]
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25784]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25855]: Successful su for rubyman by root
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25855]: + ??? root:rubyman
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574475 of user rubyman.
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25855]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574475.
Jun 23 02:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23052]: pam_unix(cron:session): session closed for user root
Jun 23 02:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25785]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Failed password for root from 38.55.97.143 port 51760 ssh2
Jun 23 02:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Connection closed by 38.55.97.143 port 51760 [preauth]
Jun 23 02:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 02:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Failed password for root from 103.27.238.120 port 43878 ssh2
Jun 23 02:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Connection closed by 103.27.238.120 port 43878 [preauth]
Jun 23 02:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for root from 144.225.187.123 port 40958 ssh2
Jun 23 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24896]: pam_unix(cron:session): session closed for user root
Jun 23 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Connection closed by 144.225.187.123 port 40958 [preauth]
Jun 23 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26195]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26256]: Successful su for rubyman by root
Jun 23 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26256]: + ??? root:rubyman
Jun 23 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574480 of user rubyman.
Jun 23 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26256]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574480.
Jun 23 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23521]: pam_unix(cron:session): session closed for user root
Jun 23 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: Invalid user user from 144.225.187.123
Jun 23 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: input_userauth_request: invalid user user [preauth]
Jun 23 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: Failed password for invalid user user from 144.225.187.123 port 60520 ssh2
Jun 23 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26196]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: Connection closed by 144.225.187.123 port 60520 [preauth]
Jun 23 02:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session closed for user root
Jun 23 02:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Failed password for root from 144.225.187.123 port 57646 ssh2
Jun 23 02:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Connection closed by 144.225.187.123 port 57646 [preauth]
Jun 23 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26588]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26649]: Successful su for rubyman by root
Jun 23 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26649]: + ??? root:rubyman
Jun 23 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574484 of user rubyman.
Jun 23 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26649]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574484.
Jun 23 02:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24044]: pam_unix(cron:session): session closed for user root
Jun 23 02:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26589]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Invalid user pi from 144.225.187.123
Jun 23 02:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: input_userauth_request: invalid user pi [preauth]
Jun 23 02:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Failed password for invalid user pi from 144.225.187.123 port 51730 ssh2
Jun 23 02:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Connection closed by 144.225.187.123 port 51730 [preauth]
Jun 23 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25790]: pam_unix(cron:session): session closed for user root
Jun 23 02:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: Invalid user httpadmin from 144.225.187.123
Jun 23 02:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: input_userauth_request: invalid user httpadmin [preauth]
Jun 23 02:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: Failed password for invalid user httpadmin from 144.225.187.123 port 42280 ssh2
Jun 23 02:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: Connection closed by 144.225.187.123 port 42280 [preauth]
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27066]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27129]: Successful su for rubyman by root
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27129]: + ??? root:rubyman
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574489 of user rubyman.
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27129]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574489.
Jun 23 02:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24462]: pam_unix(cron:session): session closed for user root
Jun 23 02:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27067]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: Invalid user admin from 144.225.187.123
Jun 23 02:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: input_userauth_request: invalid user admin [preauth]
Jun 23 02:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: Failed password for invalid user admin from 144.225.187.123 port 45302 ssh2
Jun 23 02:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: Connection closed by 144.225.187.123 port 45302 [preauth]
Jun 23 02:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26199]: pam_unix(cron:session): session closed for user root
Jun 23 02:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Invalid user teamspeak from 144.225.187.123
Jun 23 02:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 02:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Failed password for invalid user teamspeak from 144.225.187.123 port 51194 ssh2
Jun 23 02:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Connection closed by 144.225.187.123 port 51194 [preauth]
Jun 23 02:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27508]: pam_unix(cron:session): session closed for user root
Jun 23 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27499]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27577]: Successful su for rubyman by root
Jun 23 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27577]: + ??? root:rubyman
Jun 23 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574493 of user rubyman.
Jun 23 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27577]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574493.
Jun 23 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27501]: pam_unix(cron:session): session closed for user root
Jun 23 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24895]: pam_unix(cron:session): session closed for user root
Jun 23 02:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: Connection closed by 118.69.233.167 port 55498 [preauth]
Jun 23 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27500]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: Failed password for root from 38.55.97.143 port 60742 ssh2
Jun 23 02:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: Connection closed by 38.55.97.143 port 60742 [preauth]
Jun 23 02:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27839]: Failed password for root from 144.225.187.123 port 60438 ssh2
Jun 23 02:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27839]: Connection closed by 144.225.187.123 port 60438 [preauth]
Jun 23 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26594]: pam_unix(cron:session): session closed for user root
Jun 23 02:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27946]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Failed password for root from 144.225.187.123 port 58324 ssh2
Jun 23 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28019]: Successful su for rubyman by root
Jun 23 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28019]: + ??? root:rubyman
Jun 23 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574497 of user rubyman.
Jun 23 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28019]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574497.
Jun 23 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Connection closed by 144.225.187.123 port 58324 [preauth]
Jun 23 02:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session closed for user root
Jun 23 02:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27947]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Bad protocol version identification '\252\257\241\340\213Jdr(\360D\3639\213\226n\345#\f\001\025V\257F\260.\003\300\024\337\276-e>9^\027\203\214\211rC\211\b\273\323HIO\343m\024\330\374E\022\3712\036\315y\341\215\350\003\366\345\202\312\270\232\237\272M\344\237t\261\213\251\360\377l\205\2034\201\256\263\200\272\345\300^RS\267\207.}' from 102.214.164.79 port 37870
Jun 23 02:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: Did not receive identification string from 120.76.158.232
Jun 23 02:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27069]: pam_unix(cron:session): session closed for user root
Jun 23 02:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Failed password for root from 144.225.187.123 port 50768 ssh2
Jun 23 02:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Connection closed by 144.225.187.123 port 50768 [preauth]
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28463]: Successful su for rubyman by root
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28463]: + ??? root:rubyman
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574503 of user rubyman.
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28463]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574503.
Jun 23 02:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25789]: pam_unix(cron:session): session closed for user root
Jun 23 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Failed password for root from 144.225.187.123 port 57360 ssh2
Jun 23 02:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Connection closed by 144.225.187.123 port 57360 [preauth]
Jun 23 02:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27503]: pam_unix(cron:session): session closed for user root
Jun 23 02:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Failed password for root from 144.225.187.123 port 47146 ssh2
Jun 23 02:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Connection closed by 144.225.187.123 port 47146 [preauth]
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28916]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28978]: Successful su for rubyman by root
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28978]: + ??? root:rubyman
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574505 of user rubyman.
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28978]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574505.
Jun 23 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26198]: pam_unix(cron:session): session closed for user root
Jun 23 02:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: Failed password for root from 144.225.187.123 port 33248 ssh2
Jun 23 02:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: Connection closed by 144.225.187.123 port 33248 [preauth]
Jun 23 02:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27949]: pam_unix(cron:session): session closed for user root
Jun 23 02:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 23 02:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Failed password for root from 89.223.69.22 port 44052 ssh2
Jun 23 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Connection closed by 89.223.69.22 port 44052 [preauth]
Jun 23 02:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: Failed password for root from 38.55.97.143 port 51604 ssh2
Jun 23 02:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29295]: Connection closed by 38.55.97.143 port 51604 [preauth]
Jun 23 02:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Failed password for root from 144.225.187.123 port 41532 ssh2
Jun 23 02:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Connection closed by 144.225.187.123 port 41532 [preauth]
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29348]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: Successful su for rubyman by root
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: + ??? root:rubyman
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574510 of user rubyman.
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574510.
Jun 23 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29346]: pam_unix(cron:session): session closed for user root
Jun 23 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26592]: pam_unix(cron:session): session closed for user root
Jun 23 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29349]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Invalid user admin from 144.225.187.123
Jun 23 02:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: input_userauth_request: invalid user admin [preauth]
Jun 23 02:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Failed password for invalid user admin from 144.225.187.123 port 43506 ssh2
Jun 23 02:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Connection closed by 144.225.187.123 port 43506 [preauth]
Jun 23 02:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28404]: pam_unix(cron:session): session closed for user root
Jun 23 02:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Received disconnect from 86.111.176.100 port 41816:11: disconnected by user [preauth]
Jun 23 02:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Disconnected from 86.111.176.100 port 41816 [preauth]
Jun 23 02:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Invalid user admin from 144.225.187.123
Jun 23 02:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: input_userauth_request: invalid user admin [preauth]
Jun 23 02:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Failed password for invalid user admin from 144.225.187.123 port 42496 ssh2
Jun 23 02:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Connection closed by 144.225.187.123 port 42496 [preauth]
Jun 23 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29976]: pam_unix(cron:session): session closed for user root
Jun 23 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29971]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30042]: Successful su for rubyman by root
Jun 23 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30042]: + ??? root:rubyman
Jun 23 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574518 of user rubyman.
Jun 23 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30042]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574518.
Jun 23 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27068]: pam_unix(cron:session): session closed for user root
Jun 23 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29973]: pam_unix(cron:session): session closed for user root
Jun 23 02:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 02:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30333]: Failed password for root from 144.225.187.123 port 50596 ssh2
Jun 23 02:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30333]: Connection closed by 144.225.187.123 port 50596 [preauth]
Jun 23 02:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30331]: Failed password for root from 202.178.126.219 port 3393 ssh2
Jun 23 02:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30331]: Connection closed by 202.178.126.219 port 3393 [preauth]
Jun 23 02:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session closed for user root
Jun 23 02:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30498]: Successful su for rubyman by root
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30498]: + ??? root:rubyman
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574521 of user rubyman.
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30498]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574521.
Jun 23 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27502]: pam_unix(cron:session): session closed for user root
Jun 23 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: Failed password for root from 144.225.187.123 port 41988 ssh2
Jun 23 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: Connection closed by 144.225.187.123 port 41988 [preauth]
Jun 23 02:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 02:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Failed password for root from 193.24.211.107 port 47072 ssh2
Jun 23 02:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Received disconnect from 193.24.211.107 port 47072:11: Client disconnecting normally [preauth]
Jun 23 02:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Disconnected from 193.24.211.107 port 47072 [preauth]
Jun 23 02:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29351]: pam_unix(cron:session): session closed for user root
Jun 23 02:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: Failed password for root from 144.225.187.123 port 58678 ssh2
Jun 23 02:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: Connection closed by 144.225.187.123 port 58678 [preauth]
Jun 23 02:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Invalid user admin from 2.57.121.25
Jun 23 02:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: input_userauth_request: invalid user admin [preauth]
Jun 23 02:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 02:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Failed password for invalid user admin from 2.57.121.25 port 9754 ssh2
Jun 23 02:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Failed password for invalid user admin from 2.57.121.25 port 9754 ssh2
Jun 23 02:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Failed password for invalid user admin from 2.57.121.25 port 9754 ssh2
Jun 23 02:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Connection closed by 2.57.121.25 port 9754 [preauth]
Jun 23 02:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31013]: Successful su for rubyman by root
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31013]: + ??? root:rubyman
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574524 of user rubyman.
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31013]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574524.
Jun 23 02:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27948]: pam_unix(cron:session): session closed for user root
Jun 23 02:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 02:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: Failed password for root from 144.225.187.123 port 38812 ssh2
Jun 23 02:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: Connection closed by 144.225.187.123 port 38812 [preauth]
Jun 23 02:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Failed password for root from 103.15.222.183 port 49682 ssh2
Jun 23 02:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Connection closed by 103.15.222.183 port 49682 [preauth]
Jun 23 02:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: Failed password for root from 38.55.97.143 port 32934 ssh2
Jun 23 02:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: Connection closed by 38.55.97.143 port 32934 [preauth]
Jun 23 02:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: Received disconnect from 69.175.33.170 port 46110:11: disconnected by user [preauth]
Jun 23 02:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: Disconnected from 69.175.33.170 port 46110 [preauth]
Jun 23 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29975]: pam_unix(cron:session): session closed for user root
Jun 23 02:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: Failed password for root from 144.225.187.123 port 44380 ssh2
Jun 23 02:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: Connection closed by 144.225.187.123 port 44380 [preauth]
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31426]: Successful su for rubyman by root
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31426]: + ??? root:rubyman
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574529 of user rubyman.
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31426]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574529.
Jun 23 02:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28403]: pam_unix(cron:session): session closed for user root
Jun 23 02:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31362]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Invalid user pi from 144.225.187.123
Jun 23 02:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: input_userauth_request: invalid user pi [preauth]
Jun 23 02:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Failed password for invalid user pi from 144.225.187.123 port 38714 ssh2
Jun 23 02:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Connection closed by 144.225.187.123 port 38714 [preauth]
Jun 23 02:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session closed for user root
Jun 23 02:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Invalid user admin from 144.225.187.123
Jun 23 02:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: input_userauth_request: invalid user admin [preauth]
Jun 23 02:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Failed password for invalid user admin from 144.225.187.123 port 49638 ssh2
Jun 23 02:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Connection closed by 144.225.187.123 port 49638 [preauth]
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31861]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: Successful su for rubyman by root
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: + ??? root:rubyman
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574532 of user rubyman.
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574532.
Jun 23 02:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28918]: pam_unix(cron:session): session closed for user root
Jun 23 02:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31862]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32191]: Invalid user user from 144.225.187.123
Jun 23 02:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32191]: input_userauth_request: invalid user user [preauth]
Jun 23 02:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32191]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32191]: Failed password for invalid user user from 144.225.187.123 port 60878 ssh2
Jun 23 02:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32191]: Connection closed by 144.225.187.123 port 60878 [preauth]
Jun 23 02:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session closed for user root
Jun 23 02:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: Invalid user server from 144.225.187.123
Jun 23 02:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: input_userauth_request: invalid user server [preauth]
Jun 23 02:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: Failed password for invalid user server from 144.225.187.123 port 39542 ssh2
Jun 23 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: Connection closed by 144.225.187.123 port 39542 [preauth]
Jun 23 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32288]: pam_unix(cron:session): session closed for user root
Jun 23 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32283]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32348]: Successful su for rubyman by root
Jun 23 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32348]: + ??? root:rubyman
Jun 23 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574536 of user rubyman.
Jun 23 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32348]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574536.
Jun 23 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32285]: pam_unix(cron:session): session closed for user root
Jun 23 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29350]: pam_unix(cron:session): session closed for user root
Jun 23 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32284]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 02:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Failed password for root from 193.37.70.224 port 39006 ssh2
Jun 23 02:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Connection closed by 193.37.70.224 port 39006 [preauth]
Jun 23 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 02:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Failed password for root from 176.32.39.21 port 52306 ssh2
Jun 23 02:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Connection closed by 176.32.39.21 port 52306 [preauth]
Jun 23 02:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: Failed password for root from 144.225.187.123 port 60966 ssh2
Jun 23 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31364]: pam_unix(cron:session): session closed for user root
Jun 23 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: Connection closed by 144.225.187.123 port 60966 [preauth]
Jun 23 02:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32679]: Failed password for root from 38.55.97.143 port 40416 ssh2
Jun 23 02:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32679]: Connection closed by 38.55.97.143 port 40416 [preauth]
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32733]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: Successful su for rubyman by root
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: + ??? root:rubyman
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574542 of user rubyman.
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574542.
Jun 23 02:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29974]: pam_unix(cron:session): session closed for user root
Jun 23 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: Failed password for root from 144.225.187.123 port 52344 ssh2
Jun 23 02:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: Connection closed by 144.225.187.123 port 52344 [preauth]
Jun 23 02:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31864]: pam_unix(cron:session): session closed for user root
Jun 23 02:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Failed password for root from 144.225.187.123 port 41034 ssh2
Jun 23 02:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Connection closed by 144.225.187.123 port 41034 [preauth]
Jun 23 02:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 02:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: Failed password for root from 103.172.78.219 port 55928 ssh2
Jun 23 02:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: Connection closed by 103.172.78.219 port 55928 [preauth]
Jun 23 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session closed for user root
Jun 23 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: Successful su for rubyman by root
Jun 23 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: + ??? root:rubyman
Jun 23 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574546 of user rubyman.
Jun 23 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574546.
Jun 23 02:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session closed for user root
Jun 23 02:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[838]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Failed password for root from 144.225.187.123 port 45750 ssh2
Jun 23 02:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Connection closed by 144.225.187.123 port 45750 [preauth]
Jun 23 02:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32287]: pam_unix(cron:session): session closed for user root
Jun 23 02:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: Failed password for root from 144.225.187.123 port 40148 ssh2
Jun 23 02:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: Connection closed by 144.225.187.123 port 40148 [preauth]
Jun 23 02:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1301]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: Successful su for rubyman by root
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: + ??? root:rubyman
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574551 of user rubyman.
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574551.
Jun 23 02:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session closed for user root
Jun 23 02:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1302]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Failed password for root from 38.55.97.143 port 45924 ssh2
Jun 23 02:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Connection closed by 38.55.97.143 port 45924 [preauth]
Jun 23 02:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1730]: Failed password for root from 144.225.187.123 port 33474 ssh2
Jun 23 02:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1730]: Connection closed by 144.225.187.123 port 33474 [preauth]
Jun 23 02:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session closed for user root
Jun 23 02:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: User ftp from 144.225.187.123 not allowed because not listed in AllowUsers
Jun 23 02:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: input_userauth_request: invalid user ftp [preauth]
Jun 23 02:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=ftp
Jun 23 02:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: Failed password for invalid user ftp from 144.225.187.123 port 49772 ssh2
Jun 23 02:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: Connection closed by 144.225.187.123 port 49772 [preauth]
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1852]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1931]: Successful su for rubyman by root
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1931]: + ??? root:rubyman
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574556 of user rubyman.
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1931]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574556.
Jun 23 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31363]: pam_unix(cron:session): session closed for user root
Jun 23 02:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1853]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: Connection closed by 118.69.233.167 port 58938 [preauth]
Jun 23 02:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: Connection closed by 118.69.233.167 port 59051 [preauth]
Jun 23 02:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for root from 144.225.187.123 port 56786 ssh2
Jun 23 02:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Connection closed by 144.225.187.123 port 56786 [preauth]
Jun 23 02:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[840]: pam_unix(cron:session): session closed for user root
Jun 23 02:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2349]: pam_unix(cron:session): session closed for user root
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2343]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2410]: Successful su for rubyman by root
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2410]: + ??? root:rubyman
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574562 of user rubyman.
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2410]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574562.
Jun 23 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Failed password for root from 144.225.187.123 port 57840 ssh2
Jun 23 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Connection closed by 144.225.187.123 port 57840 [preauth]
Jun 23 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session closed for user root
Jun 23 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31863]: pam_unix(cron:session): session closed for user root
Jun 23 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Failed password for root from 38.55.97.143 port 56586 ssh2
Jun 23 02:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Connection closed by 38.55.97.143 port 56586 [preauth]
Jun 23 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1305]: pam_unix(cron:session): session closed for user root
Jun 23 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Failed password for root from 144.225.187.123 port 35912 ssh2
Jun 23 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Connection closed by 144.225.187.123 port 35912 [preauth]
Jun 23 02:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Invalid user tristin from 2.57.121.112
Jun 23 02:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: input_userauth_request: invalid user tristin [preauth]
Jun 23 02:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 02:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Failed password for invalid user tristin from 2.57.121.112 port 35360 ssh2
Jun 23 02:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Failed password for invalid user tristin from 2.57.121.112 port 35360 ssh2
Jun 23 02:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 02:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Failed password for root from 109.237.96.109 port 35158 ssh2
Jun 23 02:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Failed password for invalid user tristin from 2.57.121.112 port 35360 ssh2
Jun 23 02:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Connection closed by 109.237.96.109 port 35158 [preauth]
Jun 23 02:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Failed password for invalid user tristin from 2.57.121.112 port 35360 ssh2
Jun 23 02:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Failed password for invalid user tristin from 2.57.121.112 port 35360 ssh2
Jun 23 02:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Connection closed by 2.57.121.112 port 35360 [preauth]
Jun 23 02:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 02:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2869]: Successful su for rubyman by root
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2869]: + ??? root:rubyman
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574566 of user rubyman.
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2869]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574566.
Jun 23 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32286]: pam_unix(cron:session): session closed for user root
Jun 23 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2802]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Invalid user minecraft from 144.225.187.123
Jun 23 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: Received disconnect from 108.178.7.34 port 55202:11: disconnected by user [preauth]
Jun 23 02:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: Disconnected from 108.178.7.34 port 55202 [preauth]
Jun 23 02:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Failed password for invalid user minecraft from 144.225.187.123 port 34530 ssh2
Jun 23 02:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Connection closed by 144.225.187.123 port 34530 [preauth]
Jun 23 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session closed for user root
Jun 23 02:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Invalid user huawei from 144.225.187.123
Jun 23 02:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: input_userauth_request: invalid user huawei [preauth]
Jun 23 02:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Failed password for invalid user huawei from 144.225.187.123 port 46198 ssh2
Jun 23 02:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Connection closed by 144.225.187.123 port 46198 [preauth]
Jun 23 02:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: Successful su for rubyman by root
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: + ??? root:rubyman
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574569 of user rubyman.
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574569.
Jun 23 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session closed for user root
Jun 23 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3211]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: Failed password for root from 194.113.233.25 port 51830 ssh2
Jun 23 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: Connection closed by 194.113.233.25 port 51830 [preauth]
Jun 23 02:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: Invalid user student from 144.225.187.123
Jun 23 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: input_userauth_request: invalid user student [preauth]
Jun 23 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: Failed password for invalid user student from 144.225.187.123 port 52544 ssh2
Jun 23 02:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: Connection closed by 144.225.187.123 port 52544 [preauth]
Jun 23 02:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session closed for user root
Jun 23 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: Failed password for root from 144.225.187.123 port 50178 ssh2
Jun 23 02:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: Connection closed by 144.225.187.123 port 50178 [preauth]
Jun 23 02:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Failed password for root from 38.55.97.143 port 32828 ssh2
Jun 23 02:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Connection closed by 38.55.97.143 port 32828 [preauth]
Jun 23 02:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: Received disconnect from 109.236.86.20 port 46200:11: disconnected by user [preauth]
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: Disconnected from 109.236.86.20 port 46200 [preauth]
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3687]: Successful su for rubyman by root
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3687]: + ??? root:rubyman
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574575 of user rubyman.
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3687]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574575.
Jun 23 02:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[839]: pam_unix(cron:session): session closed for user root
Jun 23 02:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3620]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Failed password for root from 144.225.187.123 port 54544 ssh2
Jun 23 02:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Connection closed by 144.225.187.123 port 54544 [preauth]
Jun 23 02:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 02:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: Failed password for root from 103.176.20.57 port 56962 ssh2
Jun 23 02:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: Connection closed by 103.176.20.57 port 56962 [preauth]
Jun 23 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session closed for user root
Jun 23 02:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4200]: Failed password for root from 144.225.187.123 port 47628 ssh2
Jun 23 02:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4200]: Connection closed by 144.225.187.123 port 47628 [preauth]
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4220]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4286]: Successful su for rubyman by root
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4286]: + ??? root:rubyman
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574577 of user rubyman.
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4286]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574577.
Jun 23 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1303]: pam_unix(cron:session): session closed for user root
Jun 23 02:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4223]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: Failed password for root from 144.225.187.123 port 50730 ssh2
Jun 23 02:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: Connection closed by 144.225.187.123 port 50730 [preauth]
Jun 23 02:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3214]: pam_unix(cron:session): session closed for user root
Jun 23 02:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: Failed password for root from 144.225.187.123 port 32786 ssh2
Jun 23 02:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: Connection closed by 144.225.187.123 port 32786 [preauth]
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4645]: pam_unix(cron:session): session closed for user root
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4638]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: Successful su for rubyman by root
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: + ??? root:rubyman
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574583 of user rubyman.
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574583.
Jun 23 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4640]: pam_unix(cron:session): session closed for user root
Jun 23 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session closed for user root
Jun 23 02:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4639]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5090]: Failed password for root from 144.225.187.123 port 34372 ssh2
Jun 23 02:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5090]: Connection closed by 144.225.187.123 port 34372 [preauth]
Jun 23 02:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3622]: pam_unix(cron:session): session closed for user root
Jun 23 02:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5183]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5254]: Successful su for rubyman by root
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5254]: + ??? root:rubyman
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574589 of user rubyman.
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5254]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574589.
Jun 23 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Invalid user test from 144.225.187.123
Jun 23 02:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: input_userauth_request: invalid user test [preauth]
Jun 23 02:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session closed for user root
Jun 23 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Failed password for invalid user test from 144.225.187.123 port 54040 ssh2
Jun 23 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Connection closed by 144.225.187.123 port 54040 [preauth]
Jun 23 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: Failed password for root from 38.55.97.143 port 38590 ssh2
Jun 23 02:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: Connection closed by 38.55.97.143 port 38590 [preauth]
Jun 23 02:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 02:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: Failed password for root from 103.77.242.62 port 53292 ssh2
Jun 23 02:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: Connection closed by 103.77.242.62 port 53292 [preauth]
Jun 23 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4225]: pam_unix(cron:session): session closed for user root
Jun 23 02:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: Failed password for root from 144.225.187.123 port 53358 ssh2
Jun 23 02:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: Connection closed by 144.225.187.123 port 53358 [preauth]
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5658]: Successful su for rubyman by root
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5658]: + ??? root:rubyman
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574591 of user rubyman.
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5658]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574591.
Jun 23 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 02:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session closed for user root
Jun 23 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: Failed password for root from 193.24.211.107 port 6436 ssh2
Jun 23 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: Received disconnect from 193.24.211.107 port 6436:11: Client disconnecting normally [preauth]
Jun 23 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: Disconnected from 193.24.211.107 port 6436 [preauth]
Jun 23 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: Failed password for root from 144.225.187.123 port 51364 ssh2
Jun 23 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: Connection closed by 144.225.187.123 port 51364 [preauth]
Jun 23 02:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4642]: pam_unix(cron:session): session closed for user root
Jun 23 02:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: Failed password for root from 144.225.187.123 port 54330 ssh2
Jun 23 02:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: Connection closed by 144.225.187.123 port 54330 [preauth]
Jun 23 02:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 02:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: Failed password for root from 103.27.238.114 port 40854 ssh2
Jun 23 02:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: Connection closed by 103.27.238.114 port 40854 [preauth]
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6058]: Successful su for rubyman by root
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6058]: + ??? root:rubyman
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574596 of user rubyman.
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6058]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574596.
Jun 23 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session closed for user root
Jun 23 02:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 02:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: Failed password for root from 103.82.20.28 port 58984 ssh2
Jun 23 02:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: Connection closed by 103.82.20.28 port 58984 [preauth]
Jun 23 02:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: Failed password for root from 144.225.187.123 port 35528 ssh2
Jun 23 02:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: Connection closed by 144.225.187.123 port 35528 [preauth]
Jun 23 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5186]: pam_unix(cron:session): session closed for user root
Jun 23 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Received disconnect from 191.101.33.110 port 49522:11: disconnected by user [preauth]
Jun 23 02:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Disconnected from 191.101.33.110 port 49522 [preauth]
Jun 23 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: Failed password for root from 144.225.187.123 port 51178 ssh2
Jun 23 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: Connection closed by 144.225.187.123 port 51178 [preauth]
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6400]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6459]: Successful su for rubyman by root
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6459]: + ??? root:rubyman
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574601 of user rubyman.
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6459]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574601.
Jun 23 02:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3621]: pam_unix(cron:session): session closed for user root
Jun 23 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: Failed password for root from 38.55.97.143 port 48482 ssh2
Jun 23 02:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: Connection closed by 38.55.97.143 port 48482 [preauth]
Jun 23 02:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Invalid user test from 144.225.187.123
Jun 23 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: input_userauth_request: invalid user test [preauth]
Jun 23 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Failed password for invalid user test from 144.225.187.123 port 60216 ssh2
Jun 23 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Connection closed by 144.225.187.123 port 60216 [preauth]
Jun 23 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session closed for user root
Jun 23 02:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Invalid user test from 144.225.187.123
Jun 23 02:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: input_userauth_request: invalid user test [preauth]
Jun 23 02:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6816]: pam_unix(cron:session): session closed for user root
Jun 23 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6811]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Failed password for invalid user test from 144.225.187.123 port 58950 ssh2
Jun 23 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Connection closed by 144.225.187.123 port 58950 [preauth]
Jun 23 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6881]: Successful su for rubyman by root
Jun 23 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6881]: + ??? root:rubyman
Jun 23 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574607 of user rubyman.
Jun 23 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6881]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574607.
Jun 23 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4224]: pam_unix(cron:session): session closed for user root
Jun 23 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6813]: pam_unix(cron:session): session closed for user root
Jun 23 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session closed for user root
Jun 23 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: Connection closed by 194.59.206.2 port 36918 [preauth]
Jun 23 02:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Failed password for root from 144.225.187.123 port 36064 ssh2
Jun 23 02:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Connection closed by 144.225.187.123 port 36064 [preauth]
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7337]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: Successful su for rubyman by root
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: + ??? root:rubyman
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574611 of user rubyman.
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574611.
Jun 23 02:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4641]: pam_unix(cron:session): session closed for user root
Jun 23 02:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7339]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7593]: Failed password for root from 144.225.187.123 port 34236 ssh2
Jun 23 02:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7593]: Connection closed by 144.225.187.123 port 34236 [preauth]
Jun 23 02:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session closed for user root
Jun 23 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Invalid user aysha from 141.98.83.240
Jun 23 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: input_userauth_request: invalid user aysha [preauth]
Jun 23 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 02:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for invalid user aysha from 141.98.83.240 port 34964 ssh2
Jun 23 02:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for invalid user aysha from 141.98.83.240 port 34964 ssh2
Jun 23 02:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for invalid user aysha from 141.98.83.240 port 34964 ssh2
Jun 23 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Connection closed by 141.98.83.240 port 34964 [preauth]
Jun 23 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Invalid user postgres from 144.225.187.123
Jun 23 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: input_userauth_request: invalid user postgres [preauth]
Jun 23 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Failed password for invalid user postgres from 144.225.187.123 port 51852 ssh2
Jun 23 02:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Connection closed by 144.225.187.123 port 51852 [preauth]
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7848]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: Successful su for rubyman by root
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: + ??? root:rubyman
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574613 of user rubyman.
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574613.
Jun 23 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5185]: pam_unix(cron:session): session closed for user root
Jun 23 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7849]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: Invalid user jenkins from 144.225.187.123
Jun 23 02:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 02:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: Failed password for invalid user jenkins from 144.225.187.123 port 52748 ssh2
Jun 23 02:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: Connection closed by 144.225.187.123 port 52748 [preauth]
Jun 23 02:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8141]: Failed password for root from 103.149.28.157 port 36972 ssh2
Jun 23 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8141]: Connection closed by 103.149.28.157 port 36972 [preauth]
Jun 23 02:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8124]: Failed password for root from 38.55.97.143 port 55108 ssh2
Jun 23 02:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8124]: Connection closed by 38.55.97.143 port 55108 [preauth]
Jun 23 02:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6815]: pam_unix(cron:session): session closed for user root
Jun 23 02:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8212]: Failed password for root from 144.225.187.123 port 39864 ssh2
Jun 23 02:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8212]: Connection closed by 144.225.187.123 port 39864 [preauth]
Jun 23 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8240]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8298]: Successful su for rubyman by root
Jun 23 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8298]: + ??? root:rubyman
Jun 23 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574617 of user rubyman.
Jun 23 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8298]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574617.
Jun 23 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session closed for user root
Jun 23 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8241]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Failed password for root from 144.225.187.123 port 43120 ssh2
Jun 23 02:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Connection closed by 144.225.187.123 port 43120 [preauth]
Jun 23 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7341]: pam_unix(cron:session): session closed for user root
Jun 23 02:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Failed password for root from 144.225.187.123 port 49928 ssh2
Jun 23 02:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Connection closed by 144.225.187.123 port 49928 [preauth]
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8636]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8696]: Successful su for rubyman by root
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8696]: + ??? root:rubyman
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574621 of user rubyman.
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8696]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574621.
Jun 23 02:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6001]: pam_unix(cron:session): session closed for user root
Jun 23 02:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8637]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: Failed password for root from 144.225.187.123 port 57302 ssh2
Jun 23 02:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: Connection closed by 144.225.187.123 port 57302 [preauth]
Jun 23 02:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session closed for user root
Jun 23 02:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9052]: pam_unix(cron:session): session closed for user root
Jun 23 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9046]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9112]: Successful su for rubyman by root
Jun 23 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9112]: + ??? root:rubyman
Jun 23 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574627 of user rubyman.
Jun 23 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9112]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574627.
Jun 23 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: Failed password for root from 144.225.187.123 port 50428 ssh2
Jun 23 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: Connection closed by 144.225.187.123 port 50428 [preauth]
Jun 23 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6402]: pam_unix(cron:session): session closed for user root
Jun 23 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9048]: pam_unix(cron:session): session closed for user root
Jun 23 02:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9321]: Failed password for root from 38.55.97.143 port 56392 ssh2
Jun 23 02:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9321]: Connection closed by 38.55.97.143 port 56392 [preauth]
Jun 23 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 02:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Failed password for root from 38.93.206.2 port 16332 ssh2
Jun 23 02:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Connection closed by 38.93.206.2 port 16332 [preauth]
Jun 23 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8243]: pam_unix(cron:session): session closed for user root
Jun 23 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Invalid user ubuntu from 144.225.187.123
Jun 23 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Failed password for invalid user ubuntu from 144.225.187.123 port 49732 ssh2
Jun 23 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Connection closed by 144.225.187.123 port 49732 [preauth]
Jun 23 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9467]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: Successful su for rubyman by root
Jun 23 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: + ??? root:rubyman
Jun 23 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574631 of user rubyman.
Jun 23 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574631.
Jun 23 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6814]: pam_unix(cron:session): session closed for user root
Jun 23 02:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9468]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: Invalid user test2 from 144.225.187.123
Jun 23 02:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: input_userauth_request: invalid user test2 [preauth]
Jun 23 02:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: Failed password for invalid user test2 from 144.225.187.123 port 45964 ssh2
Jun 23 02:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: Connection closed by 144.225.187.123 port 45964 [preauth]
Jun 23 02:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8639]: pam_unix(cron:session): session closed for user root
Jun 23 02:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: Failed password for root from 144.225.187.123 port 60276 ssh2
Jun 23 02:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: Connection closed by 144.225.187.123 port 60276 [preauth]
Jun 23 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9883]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10104]: Successful su for rubyman by root
Jun 23 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10104]: + ??? root:rubyman
Jun 23 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574635 of user rubyman.
Jun 23 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10104]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574635.
Jun 23 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7340]: pam_unix(cron:session): session closed for user root
Jun 23 02:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9889]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10391]: Connection closed by 45.148.10.121 port 33286 [preauth]
Jun 23 02:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10415]: Failed password for root from 144.225.187.123 port 42806 ssh2
Jun 23 02:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10415]: Connection closed by 144.225.187.123 port 42806 [preauth]
Jun 23 02:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Received disconnect from 208.115.214.194 port 57302:11: disconnected by user [preauth]
Jun 23 02:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Disconnected from 208.115.214.194 port 57302 [preauth]
Jun 23 02:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 02:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Failed password for root from 103.82.132.16 port 47596 ssh2
Jun 23 02:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Connection closed by 103.82.132.16 port 47596 [preauth]
Jun 23 02:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Failed password for root from 38.55.97.143 port 58924 ssh2
Jun 23 02:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Connection closed by 38.55.97.143 port 58924 [preauth]
Jun 23 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9051]: pam_unix(cron:session): session closed for user root
Jun 23 02:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: Failed password for root from 144.225.187.123 port 60352 ssh2
Jun 23 02:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: Connection closed by 144.225.187.123 port 60352 [preauth]
Jun 23 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10545]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10607]: Successful su for rubyman by root
Jun 23 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10607]: + ??? root:rubyman
Jun 23 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574640 of user rubyman.
Jun 23 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10607]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574640.
Jun 23 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session closed for user root
Jun 23 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10544]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Invalid user service from 193.46.255.86
Jun 23 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: input_userauth_request: invalid user service [preauth]
Jun 23 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 02:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Failed password for invalid user service from 193.46.255.86 port 62866 ssh2
Jun 23 02:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Failed password for invalid user service from 193.46.255.86 port 62866 ssh2
Jun 23 02:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Failed password for invalid user service from 193.46.255.86 port 62866 ssh2
Jun 23 02:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Connection closed by 193.46.255.86 port 62866 [preauth]
Jun 23 02:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: Failed password for root from 144.225.187.123 port 43078 ssh2
Jun 23 02:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: Connection closed by 144.225.187.123 port 43078 [preauth]
Jun 23 02:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9470]: pam_unix(cron:session): session closed for user root
Jun 23 02:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10978]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Failed password for root from 144.225.187.123 port 39892 ssh2
Jun 23 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11104]: Successful su for rubyman by root
Jun 23 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11104]: + ??? root:rubyman
Jun 23 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574644 of user rubyman.
Jun 23 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11104]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574644.
Jun 23 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Connection closed by 144.225.187.123 port 39892 [preauth]
Jun 23 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10976]: pam_unix(cron:session): session closed for user root
Jun 23 02:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8242]: pam_unix(cron:session): session closed for user root
Jun 23 02:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10979]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9891]: pam_unix(cron:session): session closed for user root
Jun 23 02:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Invalid user zjw from 144.225.187.123
Jun 23 02:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: input_userauth_request: invalid user zjw [preauth]
Jun 23 02:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Failed password for invalid user zjw from 144.225.187.123 port 45610 ssh2
Jun 23 02:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Connection closed by 144.225.187.123 port 45610 [preauth]
Jun 23 02:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Failed password for root from 38.55.97.143 port 35180 ssh2
Jun 23 02:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Connection closed by 38.55.97.143 port 35180 [preauth]
Jun 23 02:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Connection closed by 118.69.233.167 port 65221 [preauth]
Jun 23 02:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11505]: pam_unix(cron:session): session closed for user root
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11564]: Successful su for rubyman by root
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11564]: + ??? root:rubyman
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574652 of user rubyman.
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11564]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574652.
Jun 23 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11502]: pam_unix(cron:session): session closed for user root
Jun 23 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8638]: pam_unix(cron:session): session closed for user root
Jun 23 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11501]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Failed password for root from 144.225.187.123 port 44058 ssh2
Jun 23 02:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Connection closed by 144.225.187.123 port 44058 [preauth]
Jun 23 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10546]: pam_unix(cron:session): session closed for user root
Jun 23 02:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Failed password for root from 144.225.187.123 port 58382 ssh2
Jun 23 02:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Connection closed by 144.225.187.123 port 58382 [preauth]
Jun 23 02:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11991]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12057]: Successful su for rubyman by root
Jun 23 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12057]: + ??? root:rubyman
Jun 23 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574654 of user rubyman.
Jun 23 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12057]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574654.
Jun 23 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9049]: pam_unix(cron:session): session closed for user root
Jun 23 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11992]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: Failed password for root from 144.225.187.123 port 55126 ssh2
Jun 23 02:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: Connection closed by 144.225.187.123 port 55126 [preauth]
Jun 23 02:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10981]: pam_unix(cron:session): session closed for user root
Jun 23 02:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: Failed password for root from 38.55.97.143 port 38476 ssh2
Jun 23 02:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: Connection closed by 38.55.97.143 port 38476 [preauth]
Jun 23 02:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: Invalid user admin from 144.225.187.123
Jun 23 02:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: input_userauth_request: invalid user admin [preauth]
Jun 23 02:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 02:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: Failed password for invalid user admin from 144.225.187.123 port 50758 ssh2
Jun 23 02:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: Connection closed by 144.225.187.123 port 50758 [preauth]
Jun 23 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Failed password for root from 80.66.85.226 port 56628 ssh2
Jun 23 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Connection closed by 80.66.85.226 port 56628 [preauth]
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12519]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12585]: Successful su for rubyman by root
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12585]: + ??? root:rubyman
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574658 of user rubyman.
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12585]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574658.
Jun 23 02:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9469]: pam_unix(cron:session): session closed for user root
Jun 23 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12520]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11968]: Connection closed by 118.69.233.166 port 64622 [preauth]
Jun 23 02:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: Invalid user user from 144.225.187.123
Jun 23 02:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: input_userauth_request: invalid user user [preauth]
Jun 23 02:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: Failed password for invalid user user from 144.225.187.123 port 56824 ssh2
Jun 23 02:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: Connection closed by 144.225.187.123 port 56824 [preauth]
Jun 23 02:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11504]: pam_unix(cron:session): session closed for user root
Jun 23 02:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 02:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: Failed password for root from 193.24.211.107 port 56665 ssh2
Jun 23 02:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: Received disconnect from 193.24.211.107 port 56665:11: Client disconnecting normally [preauth]
Jun 23 02:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: Disconnected from 193.24.211.107 port 56665 [preauth]
Jun 23 02:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: Failed password for root from 144.225.187.123 port 33442 ssh2
Jun 23 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: Connection closed by 144.225.187.123 port 33442 [preauth]
Jun 23 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13002]: Successful su for rubyman by root
Jun 23 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13002]: + ??? root:rubyman
Jun 23 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574663 of user rubyman.
Jun 23 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13002]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574663.
Jun 23 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9890]: pam_unix(cron:session): session closed for user root
Jun 23 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session closed for user root
Jun 23 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13262]: Failed password for root from 144.225.187.123 port 36102 ssh2
Jun 23 02:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13262]: Connection closed by 144.225.187.123 port 36102 [preauth]
Jun 23 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13351]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13414]: Successful su for rubyman by root
Jun 23 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13414]: + ??? root:rubyman
Jun 23 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574666 of user rubyman.
Jun 23 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13414]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574666.
Jun 23 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10545]: pam_unix(cron:session): session closed for user root
Jun 23 02:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: Invalid user admin from 144.225.187.123
Jun 23 02:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: input_userauth_request: invalid user admin [preauth]
Jun 23 02:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: Failed password for invalid user admin from 144.225.187.123 port 54232 ssh2
Jun 23 02:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: Connection closed by 144.225.187.123 port 54232 [preauth]
Jun 23 02:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 02:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Failed password for root from 103.27.238.116 port 54530 ssh2
Jun 23 02:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Connection closed by 103.27.238.116 port 54530 [preauth]
Jun 23 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session closed for user root
Jun 23 02:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: Failed password for root from 144.225.187.123 port 32792 ssh2
Jun 23 02:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: Connection closed by 144.225.187.123 port 32792 [preauth]
Jun 23 02:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.55.97.143  user=root
Jun 23 02:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Failed password for root from 38.55.97.143 port 42482 ssh2
Jun 23 02:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Connection closed by 38.55.97.143 port 42482 [preauth]
Jun 23 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13765]: pam_unix(cron:session): session closed for user root
Jun 23 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13759]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: Successful su for rubyman by root
Jun 23 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: + ??? root:rubyman
Jun 23 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574671 of user rubyman.
Jun 23 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574671.
Jun 23 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13761]: pam_unix(cron:session): session closed for user root
Jun 23 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10980]: pam_unix(cron:session): session closed for user root
Jun 23 02:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: Failed password for root from 144.225.187.123 port 37598 ssh2
Jun 23 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: Connection closed by 144.225.187.123 port 37598 [preauth]
Jun 23 02:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12947]: pam_unix(cron:session): session closed for user root
Jun 23 02:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for root from 144.225.187.123 port 56234 ssh2
Jun 23 02:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Connection closed by 144.225.187.123 port 56234 [preauth]
Jun 23 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: Successful su for rubyman by root
Jun 23 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: + ??? root:rubyman
Jun 23 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574677 of user rubyman.
Jun 23 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14262]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574677.
Jun 23 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11503]: pam_unix(cron:session): session closed for user root
Jun 23 02:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: Invalid user testuser from 144.225.187.123
Jun 23 02:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: input_userauth_request: invalid user testuser [preauth]
Jun 23 02:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: Failed password for invalid user testuser from 144.225.187.123 port 52300 ssh2
Jun 23 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: Connection closed by 144.225.187.123 port 52300 [preauth]
Jun 23 02:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session closed for user root
Jun 23 02:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14563]: Received disconnect from 109.236.86.20 port 42714:11: disconnected by user [preauth]
Jun 23 02:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14563]: Disconnected from 109.236.86.20 port 42714 [preauth]
Jun 23 02:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Failed password for root from 144.225.187.123 port 43932 ssh2
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Connection closed by 144.225.187.123 port 43932 [preauth]
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: Successful su for rubyman by root
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: + ??? root:rubyman
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574683 of user rubyman.
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574683.
Jun 23 02:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11993]: pam_unix(cron:session): session closed for user root
Jun 23 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 02:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Failed password for root from 103.122.221.179 port 50466 ssh2
Jun 23 02:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Connection closed by 103.122.221.179 port 50466 [preauth]
Jun 23 02:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13764]: pam_unix(cron:session): session closed for user root
Jun 23 02:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Failed password for root from 144.225.187.123 port 45868 ssh2
Jun 23 02:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Connection closed by 144.225.187.123 port 45868 [preauth]
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15147]: Successful su for rubyman by root
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15147]: + ??? root:rubyman
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574684 of user rubyman.
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15147]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574684.
Jun 23 02:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12521]: pam_unix(cron:session): session closed for user root
Jun 23 02:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15079]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15331]: User backup from 144.225.187.123 not allowed because not listed in AllowUsers
Jun 23 02:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15331]: input_userauth_request: invalid user backup [preauth]
Jun 23 02:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=backup
Jun 23 02:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15331]: Failed password for invalid user backup from 144.225.187.123 port 40056 ssh2
Jun 23 02:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15331]: Connection closed by 144.225.187.123 port 40056 [preauth]
Jun 23 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session closed for user root
Jun 23 02:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: Invalid user admin from 144.225.187.123
Jun 23 02:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: input_userauth_request: invalid user admin [preauth]
Jun 23 02:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: Failed password for invalid user admin from 144.225.187.123 port 45318 ssh2
Jun 23 02:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: Connection closed by 144.225.187.123 port 45318 [preauth]
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15541]: Successful su for rubyman by root
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15541]: + ??? root:rubyman
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574688 of user rubyman.
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15541]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574688.
Jun 23 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12946]: pam_unix(cron:session): session closed for user root
Jun 23 02:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: Connection closed by 38.55.97.143 port 46458 [preauth]
Jun 23 02:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Failed password for root from 144.225.187.123 port 44104 ssh2
Jun 23 02:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Connection closed by 144.225.187.123 port 44104 [preauth]
Jun 23 02:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session closed for user root
Jun 23 02:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for root from 144.225.187.123 port 36808 ssh2
Jun 23 02:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Connection closed by 144.225.187.123 port 36808 [preauth]
Jun 23 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15881]: pam_unix(cron:session): session closed for user root
Jun 23 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15875]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15943]: Successful su for rubyman by root
Jun 23 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15943]: + ??? root:rubyman
Jun 23 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574693 of user rubyman.
Jun 23 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15943]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574693.
Jun 23 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15877]: pam_unix(cron:session): session closed for user root
Jun 23 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session closed for user root
Jun 23 02:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15876]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 02:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Failed password for root from 202.178.126.219 port 11246 ssh2
Jun 23 02:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Connection closed by 202.178.126.219 port 11246 [preauth]
Jun 23 02:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for root from 144.225.187.123 port 39492 ssh2
Jun 23 02:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Connection closed by 144.225.187.123 port 39492 [preauth]
Jun 23 02:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session closed for user root
Jun 23 02:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Invalid user cbt from 101.126.157.138
Jun 23 02:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: input_userauth_request: invalid user cbt [preauth]
Jun 23 02:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.157.138
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Failed password for root from 144.225.187.123 port 38850 ssh2
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16298]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16362]: Successful su for rubyman by root
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16362]: + ??? root:rubyman
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Connection closed by 144.225.187.123 port 38850 [preauth]
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574699 of user rubyman.
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16362]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574699.
Jun 23 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Failed password for invalid user cbt from 101.126.157.138 port 35276 ssh2
Jun 23 02:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Received disconnect from 101.126.157.138 port 35276:11: Bye Bye [preauth]
Jun 23 02:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Disconnected from 101.126.157.138 port 35276 [preauth]
Jun 23 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13763]: pam_unix(cron:session): session closed for user root
Jun 23 02:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16299]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Invalid user linuxadmin from 144.225.187.123
Jun 23 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: input_userauth_request: invalid user linuxadmin [preauth]
Jun 23 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session closed for user root
Jun 23 02:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Failed password for invalid user linuxadmin from 144.225.187.123 port 56470 ssh2
Jun 23 02:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Connection closed by 144.225.187.123 port 56470 [preauth]
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16705]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16765]: Successful su for rubyman by root
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16765]: + ??? root:rubyman
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574702 of user rubyman.
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16765]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574702.
Jun 23 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session closed for user root
Jun 23 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16706]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: Invalid user ftpuser from 144.225.187.123
Jun 23 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: Failed password for invalid user ftpuser from 144.225.187.123 port 51782 ssh2
Jun 23 02:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: Connection closed by 144.225.187.123 port 51782 [preauth]
Jun 23 02:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15880]: pam_unix(cron:session): session closed for user root
Jun 23 02:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Invalid user useradmin from 144.225.187.123
Jun 23 02:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: input_userauth_request: invalid user useradmin [preauth]
Jun 23 02:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Failed password for invalid user useradmin from 144.225.187.123 port 37344 ssh2
Jun 23 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Connection closed by 144.225.187.123 port 37344 [preauth]
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17261]: Successful su for rubyman by root
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17261]: + ??? root:rubyman
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574706 of user rubyman.
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17261]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574706.
Jun 23 02:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session closed for user root
Jun 23 02:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17199]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: Failed password for root from 144.225.187.123 port 53168 ssh2
Jun 23 02:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17474]: Connection closed by 144.225.187.123 port 53168 [preauth]
Jun 23 02:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session closed for user root
Jun 23 02:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: Failed password for root from 144.225.187.123 port 37502 ssh2
Jun 23 02:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17589]: Connection closed by 144.225.187.123 port 37502 [preauth]
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17608]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17752]: Successful su for rubyman by root
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17752]: + ??? root:rubyman
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574710 of user rubyman.
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17752]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574710.
Jun 23 02:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15080]: pam_unix(cron:session): session closed for user root
Jun 23 02:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17609]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Invalid user ftptest from 144.225.187.123
Jun 23 02:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: input_userauth_request: invalid user ftptest [preauth]
Jun 23 02:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Failed password for invalid user ftptest from 144.225.187.123 port 53086 ssh2
Jun 23 02:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Connection closed by 144.225.187.123 port 53086 [preauth]
Jun 23 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16708]: pam_unix(cron:session): session closed for user root
Jun 23 02:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Failed password for root from 144.225.187.123 port 40282 ssh2
Jun 23 02:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Connection closed by 144.225.187.123 port 40282 [preauth]
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18121]: pam_unix(cron:session): session closed for user root
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18192]: Successful su for rubyman by root
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18192]: + ??? root:rubyman
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574716 of user rubyman.
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18192]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574716.
Jun 23 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18117]: pam_unix(cron:session): session closed for user root
Jun 23 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session closed for user root
Jun 23 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: Failed password for root from 144.225.187.123 port 42666 ssh2
Jun 23 02:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: Connection closed by 144.225.187.123 port 42666 [preauth]
Jun 23 02:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session closed for user root
Jun 23 02:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 02:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18624]: Failed password for root from 147.45.199.80 port 58600 ssh2
Jun 23 02:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18624]: Connection closed by 147.45.199.80 port 58600 [preauth]
Jun 23 02:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Did not receive identification string from 18.191.69.170
Jun 23 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18675]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18673]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18745]: Successful su for rubyman by root
Jun 23 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18745]: + ??? root:rubyman
Jun 23 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574720 of user rubyman.
Jun 23 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18745]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574720.
Jun 23 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15879]: pam_unix(cron:session): session closed for user root
Jun 23 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Failed password for root from 144.225.187.123 port 55804 ssh2
Jun 23 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Connection closed by 144.225.187.123 port 55804 [preauth]
Jun 23 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18674]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17611]: pam_unix(cron:session): session closed for user root
Jun 23 02:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: Failed password for root from 144.225.187.123 port 55444 ssh2
Jun 23 02:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: Connection closed by 144.225.187.123 port 55444 [preauth]
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19097]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19255]: Successful su for rubyman by root
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19255]: + ??? root:rubyman
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574726 of user rubyman.
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19255]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574726.
Jun 23 02:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16300]: pam_unix(cron:session): session closed for user root
Jun 23 02:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19098]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Invalid user node from 144.225.187.123
Jun 23 02:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: input_userauth_request: invalid user node [preauth]
Jun 23 02:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Failed password for invalid user node from 144.225.187.123 port 58246 ssh2
Jun 23 02:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Connection closed by 144.225.187.123 port 58246 [preauth]
Jun 23 02:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18119]: pam_unix(cron:session): session closed for user root
Jun 23 02:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19761]: Invalid user builder from 144.225.187.123
Jun 23 02:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19761]: input_userauth_request: invalid user builder [preauth]
Jun 23 02:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19761]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19761]: Failed password for invalid user builder from 144.225.187.123 port 57092 ssh2
Jun 23 02:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19761]: Connection closed by 144.225.187.123 port 57092 [preauth]
Jun 23 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19793]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19875]: Successful su for rubyman by root
Jun 23 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19875]: + ??? root:rubyman
Jun 23 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574728 of user rubyman.
Jun 23 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19875]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574728.
Jun 23 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16707]: pam_unix(cron:session): session closed for user root
Jun 23 02:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: Failed password for root from 193.24.211.107 port 1745 ssh2
Jun 23 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: Received disconnect from 193.24.211.107 port 1745:11: Client disconnecting normally [preauth]
Jun 23 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: Disconnected from 193.24.211.107 port 1745 [preauth]
Jun 23 02:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 02:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: Failed password for root from 144.225.187.123 port 45506 ssh2
Jun 23 02:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: Connection closed by 144.225.187.123 port 45506 [preauth]
Jun 23 02:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: Received disconnect from 198.199.106.159 port 39120:11: disconnected by user [preauth]
Jun 23 02:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: Disconnected from 198.199.106.159 port 39120 [preauth]
Jun 23 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18676]: pam_unix(cron:session): session closed for user root
Jun 23 02:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: Invalid user postgres from 144.225.187.123
Jun 23 02:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: input_userauth_request: invalid user postgres [preauth]
Jun 23 02:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: Failed password for invalid user postgres from 144.225.187.123 port 38240 ssh2
Jun 23 02:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: Connection closed by 144.225.187.123 port 38240 [preauth]
Jun 23 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20310]: pam_unix(cron:session): session closed for user p13x
Jun 23 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20380]: Successful su for rubyman by root
Jun 23 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20380]: + ??? root:rubyman
Jun 23 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574732 of user rubyman.
Jun 23 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20380]: pam_unix(su:session): session closed for user rubyman
Jun 23 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574732.
Jun 23 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session closed for user root
Jun 23 02:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20311]: pam_unix(cron:session): session closed for user samftp
Jun 23 02:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: Invalid user lab from 144.225.187.123
Jun 23 02:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: input_userauth_request: invalid user lab [preauth]
Jun 23 02:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 02:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 02:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: Failed password for invalid user lab from 144.225.187.123 port 33174 ssh2
Jun 23 02:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: Connection closed by 144.225.187.123 port 33174 [preauth]
Jun 23 02:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19100]: pam_unix(cron:session): session closed for user root
Jun 23 02:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 02:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20819]: pam_unix(cron:session): session closed for user root
Jun 23 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user root
Jun 23 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20816]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: Invalid user sftpuser from 144.225.187.123
Jun 23 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: input_userauth_request: invalid user sftpuser [preauth]
Jun 23 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20919]: Successful su for rubyman by root
Jun 23 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20919]: + ??? root:rubyman
Jun 23 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574742 of user rubyman.
Jun 23 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20919]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574742.
Jun 23 03:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: Failed password for invalid user sftpuser from 144.225.187.123 port 47888 ssh2
Jun 23 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20820]: pam_unix(cron:session): session closed for user root
Jun 23 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: Connection closed by 144.225.187.123 port 47888 [preauth]
Jun 23 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17610]: pam_unix(cron:session): session closed for user root
Jun 23 03:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20817]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19797]: pam_unix(cron:session): session closed for user root
Jun 23 03:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Failed password for root from 144.225.187.123 port 39744 ssh2
Jun 23 03:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Connection closed by 144.225.187.123 port 39744 [preauth]
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21326]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21397]: Successful su for rubyman by root
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21397]: + ??? root:rubyman
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574743 of user rubyman.
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21397]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574743.
Jun 23 03:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18118]: pam_unix(cron:session): session closed for user root
Jun 23 03:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21327]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: Failed password for root from 144.225.187.123 port 33856 ssh2
Jun 23 03:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: Connection closed by 144.225.187.123 port 33856 [preauth]
Jun 23 03:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20313]: pam_unix(cron:session): session closed for user root
Jun 23 03:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Invalid user 1234 from 144.225.187.123
Jun 23 03:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: input_userauth_request: invalid user 1234 [preauth]
Jun 23 03:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Failed password for invalid user 1234 from 144.225.187.123 port 58164 ssh2
Jun 23 03:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Connection closed by 144.225.187.123 port 58164 [preauth]
Jun 23 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21779]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21844]: Successful su for rubyman by root
Jun 23 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21844]: + ??? root:rubyman
Jun 23 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574748 of user rubyman.
Jun 23 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21844]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574748.
Jun 23 03:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18675]: pam_unix(cron:session): session closed for user root
Jun 23 03:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21780]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22044]: Failed password for root from 144.225.187.123 port 50310 ssh2
Jun 23 03:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Did not receive identification string from 141.11.88.12
Jun 23 03:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22044]: Connection closed by 144.225.187.123 port 50310 [preauth]
Jun 23 03:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 03:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: Failed password for root from 141.98.83.240 port 23474 ssh2
Jun 23 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 23474 ssh2]
Jun 23 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: Connection closed by 141.98.83.240 port 23474 [preauth]
Jun 23 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session closed for user root
Jun 23 03:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: Failed password for root from 141.11.88.12 port 34614 ssh2
Jun 23 03:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: Connection closed by 141.11.88.12 port 34614 [preauth]
Jun 23 03:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: Failed password for root from 144.225.187.123 port 55158 ssh2
Jun 23 03:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: Connection closed by 144.225.187.123 port 55158 [preauth]
Jun 23 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22187]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22250]: Successful su for rubyman by root
Jun 23 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22250]: + ??? root:rubyman
Jun 23 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574753 of user rubyman.
Jun 23 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22250]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574753.
Jun 23 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19099]: pam_unix(cron:session): session closed for user root
Jun 23 03:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22188]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Invalid user dev from 195.178.191.5
Jun 23 03:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: input_userauth_request: invalid user dev [preauth]
Jun 23 03:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Failed password for invalid user dev from 195.178.191.5 port 58566 ssh2
Jun 23 03:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Received disconnect from 195.178.191.5 port 58566:11: Bye Bye [preauth]
Jun 23 03:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Disconnected from 195.178.191.5 port 58566 [preauth]
Jun 23 03:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: Invalid user admin from 144.225.187.123
Jun 23 03:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: Failed password for invalid user admin from 144.225.187.123 port 45112 ssh2
Jun 23 03:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: Connection closed by 144.225.187.123 port 45112 [preauth]
Jun 23 03:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21332]: pam_unix(cron:session): session closed for user root
Jun 23 03:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22671]: Failed password for root from 144.225.187.123 port 37518 ssh2
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22674]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22671]: Connection closed by 144.225.187.123 port 37518 [preauth]
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22738]: Successful su for rubyman by root
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22738]: + ??? root:rubyman
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574756 of user rubyman.
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22738]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574756.
Jun 23 03:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19796]: pam_unix(cron:session): session closed for user root
Jun 23 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22675]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21782]: pam_unix(cron:session): session closed for user root
Jun 23 03:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Failed password for root from 144.225.187.123 port 53712 ssh2
Jun 23 03:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Connection closed by 144.225.187.123 port 53712 [preauth]
Jun 23 03:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: Invalid user user from 141.11.88.12
Jun 23 03:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: input_userauth_request: invalid user user [preauth]
Jun 23 03:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: Failed password for invalid user user from 141.11.88.12 port 46372 ssh2
Jun 23 03:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23067]: Connection closed by 141.11.88.12 port 46372 [preauth]
Jun 23 03:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Invalid user mc from 141.11.88.12
Jun 23 03:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: input_userauth_request: invalid user mc [preauth]
Jun 23 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session closed for user root
Jun 23 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23088]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23157]: Successful su for rubyman by root
Jun 23 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23157]: + ??? root:rubyman
Jun 23 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574764 of user rubyman.
Jun 23 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23157]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574764.
Jun 23 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Failed password for invalid user mc from 141.11.88.12 port 46400 ssh2
Jun 23 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Connection closed by 141.11.88.12 port 46400 [preauth]
Jun 23 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user root
Jun 23 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20312]: pam_unix(cron:session): session closed for user root
Jun 23 03:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23090]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: Invalid user sasha from 141.11.88.12
Jun 23 03:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: input_userauth_request: invalid user sasha [preauth]
Jun 23 03:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: Failed password for invalid user sasha from 141.11.88.12 port 39446 ssh2
Jun 23 03:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: Connection closed by 141.11.88.12 port 39446 [preauth]
Jun 23 03:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23373]: Failed password for root from 144.225.187.123 port 38776 ssh2
Jun 23 03:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23373]: Connection closed by 144.225.187.123 port 38776 [preauth]
Jun 23 03:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: Failed password for invalid user ubuntu from 141.11.88.12 port 39476 ssh2
Jun 23 03:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: Connection closed by 141.11.88.12 port 39476 [preauth]
Jun 23 03:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Invalid user elastic from 141.11.88.12
Jun 23 03:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: input_userauth_request: invalid user elastic [preauth]
Jun 23 03:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Failed password for invalid user elastic from 141.11.88.12 port 10642 ssh2
Jun 23 03:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Connection closed by 141.11.88.12 port 10642 [preauth]
Jun 23 03:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 03:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Invalid user jenkins from 141.11.88.12
Jun 23 03:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 03:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23430]: Failed password for root from 103.77.175.15 port 55616 ssh2
Jun 23 03:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23430]: Connection closed by 103.77.175.15 port 55616 [preauth]
Jun 23 03:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Failed password for invalid user jenkins from 141.11.88.12 port 22862 ssh2
Jun 23 03:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Connection closed by 141.11.88.12 port 22862 [preauth]
Jun 23 03:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22190]: pam_unix(cron:session): session closed for user root
Jun 23 03:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: Failed password for root from 195.178.191.5 port 40386 ssh2
Jun 23 03:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: Received disconnect from 195.178.191.5 port 40386:11: Bye Bye [preauth]
Jun 23 03:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: Disconnected from 195.178.191.5 port 40386 [preauth]
Jun 23 03:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: Invalid user admin2 from 141.11.88.12
Jun 23 03:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: input_userauth_request: invalid user admin2 [preauth]
Jun 23 03:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: Failed password for invalid user admin2 from 141.11.88.12 port 31880 ssh2
Jun 23 03:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: Connection closed by 141.11.88.12 port 31880 [preauth]
Jun 23 03:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Invalid user deploy from 141.11.88.12
Jun 23 03:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Failed password for invalid user deploy from 141.11.88.12 port 31902 ssh2
Jun 23 03:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Connection closed by 141.11.88.12 port 31902 [preauth]
Jun 23 03:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: Invalid user a from 144.225.187.123
Jun 23 03:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: input_userauth_request: invalid user a [preauth]
Jun 23 03:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: Failed password for invalid user a from 144.225.187.123 port 42924 ssh2
Jun 23 03:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23512]: Connection closed by 144.225.187.123 port 42924 [preauth]
Jun 23 03:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23537]: Failed password for root from 141.11.88.12 port 38820 ssh2
Jun 23 03:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23537]: Connection closed by 141.11.88.12 port 38820 [preauth]
Jun 23 03:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: Invalid user deployer from 141.11.88.12
Jun 23 03:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: input_userauth_request: invalid user deployer [preauth]
Jun 23 03:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: Failed password for invalid user deployer from 141.11.88.12 port 31302 ssh2
Jun 23 03:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: Connection closed by 141.11.88.12 port 31302 [preauth]
Jun 23 03:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: Invalid user test from 141.11.88.12
Jun 23 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: input_userauth_request: invalid user test [preauth]
Jun 23 03:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23570]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23640]: Successful su for rubyman by root
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23640]: + ??? root:rubyman
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574765 of user rubyman.
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23640]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574765.
Jun 23 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: Failed password for invalid user test from 141.11.88.12 port 31368 ssh2
Jun 23 03:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: Connection closed by 141.11.88.12 port 31368 [preauth]
Jun 23 03:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session closed for user root
Jun 23 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23571]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Failed password for invalid user ubuntu from 141.11.88.12 port 27096 ssh2
Jun 23 03:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Connection closed by 141.11.88.12 port 27096 [preauth]
Jun 23 03:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: Invalid user afk from 141.11.88.12
Jun 23 03:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: input_userauth_request: invalid user afk [preauth]
Jun 23 03:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: Failed password for invalid user afk from 141.11.88.12 port 13232 ssh2
Jun 23 03:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: Connection closed by 141.11.88.12 port 13232 [preauth]
Jun 23 03:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: Invalid user test123 from 144.225.187.123
Jun 23 03:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: input_userauth_request: invalid user test123 [preauth]
Jun 23 03:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23974]: Invalid user admin from 141.11.88.12
Jun 23 03:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23974]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23974]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: Failed password for invalid user test123 from 144.225.187.123 port 55376 ssh2
Jun 23 03:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: Connection closed by 144.225.187.123 port 55376 [preauth]
Jun 23 03:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23974]: Failed password for invalid user admin from 141.11.88.12 port 13282 ssh2
Jun 23 03:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23974]: Connection closed by 141.11.88.12 port 13282 [preauth]
Jun 23 03:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 03:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: Failed password for root from 62.133.62.83 port 40800 ssh2
Jun 23 03:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: Connection closed by 62.133.62.83 port 40800 [preauth]
Jun 23 03:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: Failed password for invalid user ubuntu from 141.11.88.12 port 11030 ssh2
Jun 23 03:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: Connection closed by 141.11.88.12 port 11030 [preauth]
Jun 23 03:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: Invalid user testuser from 141.11.88.12
Jun 23 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: input_userauth_request: invalid user testuser [preauth]
Jun 23 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22678]: pam_unix(cron:session): session closed for user root
Jun 23 03:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: Failed password for invalid user testuser from 141.11.88.12 port 19256 ssh2
Jun 23 03:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24022]: Connection closed by 141.11.88.12 port 19256 [preauth]
Jun 23 03:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Invalid user sahil from 141.11.88.12
Jun 23 03:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: input_userauth_request: invalid user sahil [preauth]
Jun 23 03:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Failed password for invalid user sahil from 141.11.88.12 port 19310 ssh2
Jun 23 03:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Connection closed by 141.11.88.12 port 19310 [preauth]
Jun 23 03:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: Failed password for root from 141.11.88.12 port 33154 ssh2
Jun 23 03:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: Connection closed by 141.11.88.12 port 33154 [preauth]
Jun 23 03:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: Failed password for root from 144.225.187.123 port 55298 ssh2
Jun 23 03:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: Failed password for root from 141.11.88.12 port 33832 ssh2
Jun 23 03:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: Connection closed by 144.225.187.123 port 55298 [preauth]
Jun 23 03:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: Connection closed by 141.11.88.12 port 33832 [preauth]
Jun 23 03:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: Invalid user azureuser from 141.11.88.12
Jun 23 03:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24111]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24173]: Successful su for rubyman by root
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24173]: + ??? root:rubyman
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574769 of user rubyman.
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24173]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574769.
Jun 23 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: Failed password for invalid user azureuser from 141.11.88.12 port 33872 ssh2
Jun 23 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24107]: Connection closed by 141.11.88.12 port 33872 [preauth]
Jun 23 03:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21331]: pam_unix(cron:session): session closed for user root
Jun 23 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: Failed password for root from 195.178.191.5 port 54576 ssh2
Jun 23 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: Received disconnect from 195.178.191.5 port 54576:11: Bye Bye [preauth]
Jun 23 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: Disconnected from 195.178.191.5 port 54576 [preauth]
Jun 23 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: Connection reset by 45.148.10.141 port 16866 [preauth]
Jun 23 03:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Failed password for invalid user ubuntu from 141.11.88.12 port 40582 ssh2
Jun 23 03:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Connection closed by 141.11.88.12 port 40582 [preauth]
Jun 23 03:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: Failed password for root from 141.11.88.12 port 10196 ssh2
Jun 23 03:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: Connection closed by 141.11.88.12 port 10196 [preauth]
Jun 23 03:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Invalid user debian from 141.11.88.12
Jun 23 03:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: input_userauth_request: invalid user debian [preauth]
Jun 23 03:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 03:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Failed password for invalid user debian from 141.11.88.12 port 10202 ssh2
Jun 23 03:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Connection closed by 141.11.88.12 port 10202 [preauth]
Jun 23 03:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24426]: Failed password for root from 87.251.79.125 port 41000 ssh2
Jun 23 03:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24426]: Connection closed by 87.251.79.125 port 41000 [preauth]
Jun 23 03:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24454]: Invalid user github from 141.11.88.12
Jun 23 03:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24454]: input_userauth_request: invalid user github [preauth]
Jun 23 03:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24454]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: Failed password for root from 144.225.187.123 port 33370 ssh2
Jun 23 03:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24454]: Failed password for invalid user github from 141.11.88.12 port 14108 ssh2
Jun 23 03:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24454]: Connection closed by 141.11.88.12 port 14108 [preauth]
Jun 23 03:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: Connection closed by 144.225.187.123 port 33370 [preauth]
Jun 23 03:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session closed for user root
Jun 23 03:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Failed password for root from 141.11.88.12 port 30242 ssh2
Jun 23 03:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Connection closed by 141.11.88.12 port 30242 [preauth]
Jun 23 03:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Invalid user node from 141.11.88.12
Jun 23 03:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: input_userauth_request: invalid user node [preauth]
Jun 23 03:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Failed password for invalid user node from 141.11.88.12 port 16560 ssh2
Jun 23 03:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Connection closed by 141.11.88.12 port 16560 [preauth]
Jun 23 03:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Invalid user admin from 141.11.88.12
Jun 23 03:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Failed password for invalid user admin from 141.11.88.12 port 16604 ssh2
Jun 23 03:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Connection closed by 141.11.88.12 port 16604 [preauth]
Jun 23 03:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: Received disconnect from 104.248.177.83 port 44388:11: disconnected by user [preauth]
Jun 23 03:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: Disconnected from 104.248.177.83 port 44388 [preauth]
Jun 23 03:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Invalid user andreas from 141.11.88.12
Jun 23 03:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: input_userauth_request: invalid user andreas [preauth]
Jun 23 03:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Failed password for invalid user andreas from 141.11.88.12 port 50084 ssh2
Jun 23 03:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Connection closed by 141.11.88.12 port 50084 [preauth]
Jun 23 03:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: Invalid user azureuser from 141.11.88.12
Jun 23 03:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 03:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24636]: Successful su for rubyman by root
Jun 23 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24636]: + ??? root:rubyman
Jun 23 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574773 of user rubyman.
Jun 23 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24636]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574773.
Jun 23 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: Failed password for invalid user azureuser from 141.11.88.12 port 50154 ssh2
Jun 23 03:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: Connection closed by 141.11.88.12 port 50154 [preauth]
Jun 23 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Failed password for root from 144.225.187.123 port 55406 ssh2
Jun 23 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Connection closed by 144.225.187.123 port 55406 [preauth]
Jun 23 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21781]: pam_unix(cron:session): session closed for user root
Jun 23 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24565]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24833]: Failed password for root from 141.11.88.12 port 51562 ssh2
Jun 23 03:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24833]: Connection closed by 141.11.88.12 port 51562 [preauth]
Jun 23 03:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Invalid user odoo from 141.11.88.12
Jun 23 03:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: input_userauth_request: invalid user odoo [preauth]
Jun 23 03:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Failed password for invalid user odoo from 141.11.88.12 port 51440 ssh2
Jun 23 03:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Connection closed by 141.11.88.12 port 51440 [preauth]
Jun 23 03:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: Invalid user scanner from 141.11.88.12
Jun 23 03:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: input_userauth_request: invalid user scanner [preauth]
Jun 23 03:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: Failed password for invalid user scanner from 141.11.88.12 port 51462 ssh2
Jun 23 03:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: Connection closed by 141.11.88.12 port 51462 [preauth]
Jun 23 03:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Invalid user admin1 from 141.11.88.12
Jun 23 03:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 03:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Failed password for invalid user admin1 from 141.11.88.12 port 19060 ssh2
Jun 23 03:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Connection closed by 141.11.88.12 port 19060 [preauth]
Jun 23 03:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: Invalid user bot from 141.11.88.12
Jun 23 03:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: input_userauth_request: invalid user bot [preauth]
Jun 23 03:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23573]: pam_unix(cron:session): session closed for user root
Jun 23 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: Failed password for invalid user bot from 141.11.88.12 port 65390 ssh2
Jun 23 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: Connection closed by 141.11.88.12 port 65390 [preauth]
Jun 23 03:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: Invalid user iptv from 141.11.88.12
Jun 23 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: input_userauth_request: invalid user iptv [preauth]
Jun 23 03:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24934]: Failed password for root from 144.225.187.123 port 55872 ssh2
Jun 23 03:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24934]: Connection closed by 144.225.187.123 port 55872 [preauth]
Jun 23 03:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: Failed password for invalid user iptv from 141.11.88.12 port 65466 ssh2
Jun 23 03:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: Connection closed by 141.11.88.12 port 65466 [preauth]
Jun 23 03:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Failed password for root from 195.178.191.5 port 47750 ssh2
Jun 23 03:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Received disconnect from 195.178.191.5 port 47750:11: Bye Bye [preauth]
Jun 23 03:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Disconnected from 195.178.191.5 port 47750 [preauth]
Jun 23 03:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Invalid user k from 141.11.88.12
Jun 23 03:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: input_userauth_request: invalid user k [preauth]
Jun 23 03:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Failed password for invalid user k from 141.11.88.12 port 32304 ssh2
Jun 23 03:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Connection closed by 141.11.88.12 port 32304 [preauth]
Jun 23 03:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: Invalid user hadoop from 141.11.88.12
Jun 23 03:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 03:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: Failed password for invalid user hadoop from 141.11.88.12 port 32334 ssh2
Jun 23 03:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: Connection closed by 141.11.88.12 port 32334 [preauth]
Jun 23 03:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: Failed password for invalid user ubuntu from 141.11.88.12 port 25210 ssh2
Jun 23 03:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: Connection closed by 141.11.88.12 port 25210 [preauth]
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25005]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25133]: Successful su for rubyman by root
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25133]: + ??? root:rubyman
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574778 of user rubyman.
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25133]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574778.
Jun 23 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25003]: pam_unix(cron:session): session closed for user root
Jun 23 03:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22189]: pam_unix(cron:session): session closed for user root
Jun 23 03:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Invalid user try from 141.11.88.12
Jun 23 03:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: input_userauth_request: invalid user try [preauth]
Jun 23 03:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25006]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Failed password for invalid user try from 141.11.88.12 port 59312 ssh2
Jun 23 03:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Connection closed by 141.11.88.12 port 59312 [preauth]
Jun 23 03:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: Failed password for root from 144.225.187.123 port 55866 ssh2
Jun 23 03:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Failed password for root from 141.11.88.12 port 27718 ssh2
Jun 23 03:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Connection closed by 141.11.88.12 port 27718 [preauth]
Jun 23 03:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25346]: Connection closed by 144.225.187.123 port 55866 [preauth]
Jun 23 03:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Failed password for root from 141.11.88.12 port 27792 ssh2
Jun 23 03:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Connection closed by 141.11.88.12 port 27792 [preauth]
Jun 23 03:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: Invalid user user3 from 141.11.88.12
Jun 23 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: input_userauth_request: invalid user user3 [preauth]
Jun 23 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: Failed password for invalid user user3 from 141.11.88.12 port 63106 ssh2
Jun 23 03:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25391]: Connection closed by 141.11.88.12 port 63106 [preauth]
Jun 23 03:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: Invalid user andre from 141.11.88.12
Jun 23 03:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: input_userauth_request: invalid user andre [preauth]
Jun 23 03:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: Failed password for invalid user andre from 141.11.88.12 port 63152 ssh2
Jun 23 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session closed for user root
Jun 23 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: Connection closed by 141.11.88.12 port 63152 [preauth]
Jun 23 03:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: Invalid user toto from 141.11.88.12
Jun 23 03:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: input_userauth_request: invalid user toto [preauth]
Jun 23 03:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: Failed password for invalid user toto from 141.11.88.12 port 10938 ssh2
Jun 23 03:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: Connection closed by 141.11.88.12 port 10938 [preauth]
Jun 23 03:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: Invalid user appuser from 141.11.88.12
Jun 23 03:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: input_userauth_request: invalid user appuser [preauth]
Jun 23 03:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: Failed password for invalid user appuser from 141.11.88.12 port 51968 ssh2
Jun 23 03:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: Connection closed by 141.11.88.12 port 51968 [preauth]
Jun 23 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: Failed password for root from 144.225.187.123 port 47472 ssh2
Jun 23 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: Connection closed by 144.225.187.123 port 47472 [preauth]
Jun 23 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Failed password for root from 141.11.88.12 port 51974 ssh2
Jun 23 03:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Connection closed by 141.11.88.12 port 51974 [preauth]
Jun 23 03:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Invalid user ftpuser from 141.11.88.12
Jun 23 03:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 03:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Failed password for invalid user ftpuser from 141.11.88.12 port 17140 ssh2
Jun 23 03:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Connection closed by 141.11.88.12 port 17140 [preauth]
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25528]: pam_unix(cron:session): session closed for user root
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25591]: Successful su for rubyman by root
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25591]: + ??? root:rubyman
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574786 of user rubyman.
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25591]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574786.
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Failed password for invalid user ubuntu from 141.11.88.12 port 19908 ssh2
Jun 23 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Connection closed by 141.11.88.12 port 19908 [preauth]
Jun 23 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25525]: pam_unix(cron:session): session closed for user root
Jun 23 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22676]: pam_unix(cron:session): session closed for user root
Jun 23 03:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25524]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Invalid user gg from 141.11.88.12
Jun 23 03:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: input_userauth_request: invalid user gg [preauth]
Jun 23 03:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Failed password for invalid user gg from 141.11.88.12 port 19970 ssh2
Jun 23 03:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 03:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Connection closed by 141.11.88.12 port 19970 [preauth]
Jun 23 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Invalid user eagle from 195.178.191.5
Jun 23 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: input_userauth_request: invalid user eagle [preauth]
Jun 23 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: Failed password for root from 77.94.47.83 port 40740 ssh2
Jun 23 03:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: Connection closed by 77.94.47.83 port 40740 [preauth]
Jun 23 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Failed password for invalid user eagle from 195.178.191.5 port 44052 ssh2
Jun 23 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Received disconnect from 195.178.191.5 port 44052:11: Bye Bye [preauth]
Jun 23 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Disconnected from 195.178.191.5 port 44052 [preauth]
Jun 23 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Failed password for root from 141.11.88.12 port 16034 ssh2
Jun 23 03:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Connection closed by 141.11.88.12 port 16034 [preauth]
Jun 23 03:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25836]: Invalid user noah from 141.11.88.12
Jun 23 03:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25836]: input_userauth_request: invalid user noah [preauth]
Jun 23 03:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25836]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25836]: Failed password for invalid user noah from 141.11.88.12 port 16076 ssh2
Jun 23 03:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25836]: Connection closed by 141.11.88.12 port 16076 [preauth]
Jun 23 03:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: Failed password for root from 144.225.187.123 port 38126 ssh2
Jun 23 03:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: Connection closed by 144.225.187.123 port 38126 [preauth]
Jun 23 03:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: Invalid user nina from 141.11.88.12
Jun 23 03:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: input_userauth_request: invalid user nina [preauth]
Jun 23 03:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: Failed password for invalid user nina from 141.11.88.12 port 21638 ssh2
Jun 23 03:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25867]: Connection closed by 141.11.88.12 port 21638 [preauth]
Jun 23 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24567]: pam_unix(cron:session): session closed for user root
Jun 23 03:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Invalid user david from 141.11.88.12
Jun 23 03:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: input_userauth_request: invalid user david [preauth]
Jun 23 03:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Failed password for invalid user david from 141.11.88.12 port 28462 ssh2
Jun 23 03:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Connection closed by 141.11.88.12 port 28462 [preauth]
Jun 23 03:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25913]: Failed password for root from 141.11.88.12 port 32548 ssh2
Jun 23 03:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25913]: Connection closed by 141.11.88.12 port 32548 [preauth]
Jun 23 03:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: Invalid user mcserver from 141.11.88.12
Jun 23 03:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: input_userauth_request: invalid user mcserver [preauth]
Jun 23 03:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: Failed password for invalid user mcserver from 141.11.88.12 port 32584 ssh2
Jun 23 03:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: Connection closed by 141.11.88.12 port 32584 [preauth]
Jun 23 03:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: Invalid user administrator from 141.11.88.12
Jun 23 03:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: input_userauth_request: invalid user administrator [preauth]
Jun 23 03:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: Failed password for invalid user administrator from 141.11.88.12 port 55022 ssh2
Jun 23 03:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: Connection closed by 141.11.88.12 port 55022 [preauth]
Jun 23 03:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Failed password for root from 144.225.187.123 port 52662 ssh2
Jun 23 03:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Connection closed by 144.225.187.123 port 52662 [preauth]
Jun 23 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26031]: Successful su for rubyman by root
Jun 23 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26031]: + ??? root:rubyman
Jun 23 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574788 of user rubyman.
Jun 23 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26031]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574788.
Jun 23 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: Invalid user weblogic from 141.11.88.12
Jun 23 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: input_userauth_request: invalid user weblogic [preauth]
Jun 23 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session closed for user root
Jun 23 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: Failed password for invalid user weblogic from 141.11.88.12 port 60840 ssh2
Jun 23 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25964]: Connection closed by 141.11.88.12 port 60840 [preauth]
Jun 23 03:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for root from 141.11.88.12 port 60860 ssh2
Jun 23 03:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Connection closed by 141.11.88.12 port 60860 [preauth]
Jun 23 03:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Invalid user weblogic from 141.11.88.12
Jun 23 03:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: input_userauth_request: invalid user weblogic [preauth]
Jun 23 03:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Failed password for invalid user weblogic from 141.11.88.12 port 58222 ssh2
Jun 23 03:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Connection closed by 141.11.88.12 port 58222 [preauth]
Jun 23 03:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: Failed password for root from 141.11.88.12 port 21756 ssh2
Jun 23 03:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: Connection closed by 141.11.88.12 port 21756 [preauth]
Jun 23 03:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: Invalid user idempiere from 141.11.88.12
Jun 23 03:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: input_userauth_request: invalid user idempiere [preauth]
Jun 23 03:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: Failed password for invalid user idempiere from 141.11.88.12 port 21774 ssh2
Jun 23 03:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: Failed password for root from 144.225.187.123 port 46732 ssh2
Jun 23 03:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: Connection closed by 144.225.187.123 port 46732 [preauth]
Jun 23 03:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: Connection closed by 141.11.88.12 port 21774 [preauth]
Jun 23 03:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25011]: pam_unix(cron:session): session closed for user root
Jun 23 03:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Invalid user lucas from 141.11.88.12
Jun 23 03:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: input_userauth_request: invalid user lucas [preauth]
Jun 23 03:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Failed password for invalid user lucas from 141.11.88.12 port 37444 ssh2
Jun 23 03:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Connection closed by 141.11.88.12 port 37444 [preauth]
Jun 23 03:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Failed password for root from 141.11.88.12 port 37490 ssh2
Jun 23 03:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: Failed password for root from 195.178.191.5 port 52320 ssh2
Jun 23 03:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: Received disconnect from 195.178.191.5 port 52320:11: Bye Bye [preauth]
Jun 23 03:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: Disconnected from 195.178.191.5 port 52320 [preauth]
Jun 23 03:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Connection closed by 141.11.88.12 port 37490 [preauth]
Jun 23 03:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: Failed password for root from 141.11.88.12 port 62084 ssh2
Jun 23 03:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: Connection closed by 141.11.88.12 port 62084 [preauth]
Jun 23 03:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: Invalid user gitlab from 141.11.88.12
Jun 23 03:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: input_userauth_request: invalid user gitlab [preauth]
Jun 23 03:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: Failed password for invalid user gitlab from 141.11.88.12 port 43578 ssh2
Jun 23 03:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: Connection closed by 141.11.88.12 port 43578 [preauth]
Jun 23 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Invalid user abc from 141.11.88.12
Jun 23 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: input_userauth_request: invalid user abc [preauth]
Jun 23 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26387]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: Successful su for rubyman by root
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: + ??? root:rubyman
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574792 of user rubyman.
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26451]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574792.
Jun 23 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Failed password for invalid user abc from 141.11.88.12 port 43588 ssh2
Jun 23 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Connection closed by 141.11.88.12 port 43588 [preauth]
Jun 23 03:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23572]: pam_unix(cron:session): session closed for user root
Jun 23 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: Failed password for root from 144.225.187.123 port 45752 ssh2
Jun 23 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: Connection closed by 144.225.187.123 port 45752 [preauth]
Jun 23 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26388]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26609]: Failed password for root from 141.11.88.12 port 23804 ssh2
Jun 23 03:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26609]: Connection closed by 141.11.88.12 port 23804 [preauth]
Jun 23 03:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Invalid user pi from 141.11.88.12
Jun 23 03:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: input_userauth_request: invalid user pi [preauth]
Jun 23 03:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Failed password for invalid user pi from 141.11.88.12 port 23860 ssh2
Jun 23 03:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Connection closed by 141.11.88.12 port 23860 [preauth]
Jun 23 03:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Failed password for root from 141.11.88.12 port 16826 ssh2
Jun 23 03:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Connection closed by 141.11.88.12 port 16826 [preauth]
Jun 23 03:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Invalid user testing from 141.11.88.12
Jun 23 03:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: input_userauth_request: invalid user testing [preauth]
Jun 23 03:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Failed password for invalid user testing from 141.11.88.12 port 18870 ssh2
Jun 23 03:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Connection closed by 141.11.88.12 port 18870 [preauth]
Jun 23 03:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: Invalid user a from 141.11.88.12
Jun 23 03:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: input_userauth_request: invalid user a [preauth]
Jun 23 03:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: Failed password for invalid user a from 141.11.88.12 port 18894 ssh2
Jun 23 03:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: Connection closed by 141.11.88.12 port 18894 [preauth]
Jun 23 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session closed for user root
Jun 23 03:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: Invalid user spark from 141.11.88.12
Jun 23 03:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: input_userauth_request: invalid user spark [preauth]
Jun 23 03:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: Failed password for invalid user spark from 141.11.88.12 port 17282 ssh2
Jun 23 03:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26825]: Failed password for root from 144.225.187.123 port 40354 ssh2
Jun 23 03:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: Connection closed by 141.11.88.12 port 17282 [preauth]
Jun 23 03:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26825]: Connection closed by 144.225.187.123 port 40354 [preauth]
Jun 23 03:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: Failed password for root from 141.11.88.12 port 61824 ssh2
Jun 23 03:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26837]: Connection closed by 141.11.88.12 port 61824 [preauth]
Jun 23 03:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Invalid user test from 141.11.88.12
Jun 23 03:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: input_userauth_request: invalid user test [preauth]
Jun 23 03:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Failed password for invalid user test from 141.11.88.12 port 61838 ssh2
Jun 23 03:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Connection closed by 141.11.88.12 port 61838 [preauth]
Jun 23 03:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Failed password for root from 141.11.88.12 port 33994 ssh2
Jun 23 03:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Connection closed by 141.11.88.12 port 33994 [preauth]
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26888]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26954]: Successful su for rubyman by root
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26954]: + ??? root:rubyman
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574796 of user rubyman.
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26954]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574796.
Jun 23 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: Invalid user user from 141.11.88.12
Jun 23 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: input_userauth_request: invalid user user [preauth]
Jun 23 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: Invalid user sonic from 195.178.191.5
Jun 23 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: input_userauth_request: invalid user sonic [preauth]
Jun 23 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24113]: pam_unix(cron:session): session closed for user root
Jun 23 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: Failed password for invalid user user from 141.11.88.12 port 28952 ssh2
Jun 23 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: Failed password for invalid user sonic from 195.178.191.5 port 47104 ssh2
Jun 23 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: Connection closed by 141.11.88.12 port 28952 [preauth]
Jun 23 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: Received disconnect from 195.178.191.5 port 47104:11: Bye Bye [preauth]
Jun 23 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: Disconnected from 195.178.191.5 port 47104 [preauth]
Jun 23 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26889]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Failed password for root from 144.225.187.123 port 58640 ssh2
Jun 23 03:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Connection closed by 144.225.187.123 port 58640 [preauth]
Jun 23 03:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Failed password for root from 141.11.88.12 port 29000 ssh2
Jun 23 03:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Connection closed by 141.11.88.12 port 29000 [preauth]
Jun 23 03:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: Invalid user redmine from 141.11.88.12
Jun 23 03:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: input_userauth_request: invalid user redmine [preauth]
Jun 23 03:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: Failed password for invalid user redmine from 141.11.88.12 port 23096 ssh2
Jun 23 03:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: Connection closed by 141.11.88.12 port 23096 [preauth]
Jun 23 03:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: Failed password for root from 141.11.88.12 port 29584 ssh2
Jun 23 03:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: Connection closed by 141.11.88.12 port 29584 [preauth]
Jun 23 03:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: User john from 141.11.88.12 not allowed because not listed in AllowUsers
Jun 23 03:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: input_userauth_request: invalid user john [preauth]
Jun 23 03:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=john
Jun 23 03:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: Failed password for invalid user john from 141.11.88.12 port 29620 ssh2
Jun 23 03:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: Connection closed by 141.11.88.12 port 29620 [preauth]
Jun 23 03:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session closed for user root
Jun 23 03:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: Invalid user zookeeper from 141.11.88.12
Jun 23 03:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: input_userauth_request: invalid user zookeeper [preauth]
Jun 23 03:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: Failed password for invalid user zookeeper from 141.11.88.12 port 45898 ssh2
Jun 23 03:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: Connection closed by 141.11.88.12 port 45898 [preauth]
Jun 23 03:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: Invalid user admin from 141.11.88.12
Jun 23 03:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: Failed password for root from 193.24.211.107 port 17074 ssh2
Jun 23 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: Received disconnect from 193.24.211.107 port 17074:11: Client disconnecting normally [preauth]
Jun 23 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: Disconnected from 193.24.211.107 port 17074 [preauth]
Jun 23 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: Invalid user git from 144.225.187.123
Jun 23 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: input_userauth_request: invalid user git [preauth]
Jun 23 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: Failed password for invalid user admin from 141.11.88.12 port 13072 ssh2
Jun 23 03:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: Failed password for invalid user git from 144.225.187.123 port 36454 ssh2
Jun 23 03:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: Connection closed by 141.11.88.12 port 13072 [preauth]
Jun 23 03:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: Connection closed by 144.225.187.123 port 36454 [preauth]
Jun 23 03:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Invalid user stef from 141.11.88.12
Jun 23 03:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: input_userauth_request: invalid user stef [preauth]
Jun 23 03:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Failed password for invalid user stef from 141.11.88.12 port 13100 ssh2
Jun 23 03:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Connection closed by 141.11.88.12 port 13100 [preauth]
Jun 23 03:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Failed password for root from 141.11.88.12 port 53782 ssh2
Jun 23 03:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Connection closed by 141.11.88.12 port 53782 [preauth]
Jun 23 03:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: Invalid user user1 from 141.11.88.12
Jun 23 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: input_userauth_request: invalid user user1 [preauth]
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27337]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27334]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27398]: Successful su for rubyman by root
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27398]: + ??? root:rubyman
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574802 of user rubyman.
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27398]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574802.
Jun 23 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: Failed password for invalid user user1 from 141.11.88.12 port 53814 ssh2
Jun 23 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: Connection closed by 141.11.88.12 port 53814 [preauth]
Jun 23 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24566]: pam_unix(cron:session): session closed for user root
Jun 23 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27335]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Invalid user readonlyuser from 141.11.88.12
Jun 23 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: input_userauth_request: invalid user readonlyuser [preauth]
Jun 23 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Failed password for invalid user readonlyuser from 141.11.88.12 port 13780 ssh2
Jun 23 03:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Connection closed by 141.11.88.12 port 13780 [preauth]
Jun 23 03:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: User john from 141.11.88.12 not allowed because not listed in AllowUsers
Jun 23 03:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: input_userauth_request: invalid user john [preauth]
Jun 23 03:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=john
Jun 23 03:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: Failed password for invalid user john from 141.11.88.12 port 46722 ssh2
Jun 23 03:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: Connection closed by 141.11.88.12 port 46722 [preauth]
Jun 23 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Invalid user admin from 144.225.187.123
Jun 23 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Invalid user piyush from 141.11.88.12
Jun 23 03:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: input_userauth_request: invalid user piyush [preauth]
Jun 23 03:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Failed password for invalid user admin from 144.225.187.123 port 57742 ssh2
Jun 23 03:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Connection closed by 144.225.187.123 port 57742 [preauth]
Jun 23 03:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Failed password for invalid user piyush from 141.11.88.12 port 46772 ssh2
Jun 23 03:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Connection closed by 141.11.88.12 port 46772 [preauth]
Jun 23 03:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: Invalid user celeste from 141.11.88.12
Jun 23 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: input_userauth_request: invalid user celeste [preauth]
Jun 23 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: Failed password for invalid user celeste from 141.11.88.12 port 49948 ssh2
Jun 23 03:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: Connection closed by 141.11.88.12 port 49948 [preauth]
Jun 23 03:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: Invalid user sky from 195.178.191.5
Jun 23 03:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: input_userauth_request: invalid user sky [preauth]
Jun 23 03:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: Failed password for invalid user sky from 195.178.191.5 port 33248 ssh2
Jun 23 03:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: Received disconnect from 195.178.191.5 port 33248:11: Bye Bye [preauth]
Jun 23 03:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: Disconnected from 195.178.191.5 port 33248 [preauth]
Jun 23 03:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Invalid user zabbix from 141.11.88.12
Jun 23 03:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: input_userauth_request: invalid user zabbix [preauth]
Jun 23 03:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Failed password for invalid user zabbix from 141.11.88.12 port 13490 ssh2
Jun 23 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26390]: pam_unix(cron:session): session closed for user root
Jun 23 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Connection closed by 141.11.88.12 port 13490 [preauth]
Jun 23 03:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: Connection reset by 205.210.31.66 port 58418 [preauth]
Jun 23 03:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Failed password for root from 141.11.88.12 port 13520 ssh2
Jun 23 03:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Connection closed by 141.11.88.12 port 13520 [preauth]
Jun 23 03:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Failed password for invalid user ubuntu from 141.11.88.12 port 36028 ssh2
Jun 23 03:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Connection closed by 141.11.88.12 port 36028 [preauth]
Jun 23 03:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: Invalid user user from 144.225.187.123
Jun 23 03:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: input_userauth_request: invalid user user [preauth]
Jun 23 03:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: Invalid user oracle from 141.11.88.12
Jun 23 03:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: input_userauth_request: invalid user oracle [preauth]
Jun 23 03:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: Failed password for invalid user user from 144.225.187.123 port 32920 ssh2
Jun 23 03:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: Connection closed by 144.225.187.123 port 32920 [preauth]
Jun 23 03:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: Failed password for invalid user oracle from 141.11.88.12 port 20086 ssh2
Jun 23 03:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: Connection closed by 141.11.88.12 port 20086 [preauth]
Jun 23 03:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Invalid user openclaw from 141.11.88.12
Jun 23 03:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 03:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27772]: pam_unix(cron:session): session closed for user root
Jun 23 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27767]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27842]: Successful su for rubyman by root
Jun 23 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27842]: + ??? root:rubyman
Jun 23 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574806 of user rubyman.
Jun 23 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27842]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574806.
Jun 23 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Failed password for invalid user openclaw from 141.11.88.12 port 20098 ssh2
Jun 23 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Connection closed by 141.11.88.12 port 20098 [preauth]
Jun 23 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27769]: pam_unix(cron:session): session closed for user root
Jun 23 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25007]: pam_unix(cron:session): session closed for user root
Jun 23 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27768]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Failed password for root from 141.11.88.12 port 61624 ssh2
Jun 23 03:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Connection closed by 141.11.88.12 port 61624 [preauth]
Jun 23 03:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Invalid user minecraft from 141.11.88.12
Jun 23 03:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 03:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Failed password for invalid user minecraft from 141.11.88.12 port 50042 ssh2
Jun 23 03:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Connection closed by 141.11.88.12 port 50042 [preauth]
Jun 23 03:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Invalid user test from 141.11.88.12
Jun 23 03:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: input_userauth_request: invalid user test [preauth]
Jun 23 03:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Failed password for invalid user test from 141.11.88.12 port 50044 ssh2
Jun 23 03:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Connection closed by 141.11.88.12 port 50044 [preauth]
Jun 23 03:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: Failed password for root from 144.225.187.123 port 45750 ssh2
Jun 23 03:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Invalid user user2 from 141.11.88.12
Jun 23 03:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: input_userauth_request: invalid user user2 [preauth]
Jun 23 03:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28152]: Connection closed by 144.225.187.123 port 45750 [preauth]
Jun 23 03:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Failed password for invalid user user2 from 141.11.88.12 port 23048 ssh2
Jun 23 03:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Connection closed by 141.11.88.12 port 23048 [preauth]
Jun 23 03:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26893]: pam_unix(cron:session): session closed for user root
Jun 23 03:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28205]: Failed password for root from 141.11.88.12 port 44366 ssh2
Jun 23 03:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28205]: Connection closed by 141.11.88.12 port 44366 [preauth]
Jun 23 03:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 03:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: Failed password for root from 51.250.105.222 port 59530 ssh2
Jun 23 03:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: Connection closed by 51.250.105.222 port 59530 [preauth]
Jun 23 03:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Invalid user runner from 141.11.88.12
Jun 23 03:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: input_userauth_request: invalid user runner [preauth]
Jun 23 03:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Failed password for invalid user runner from 141.11.88.12 port 30142 ssh2
Jun 23 03:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Connection closed by 141.11.88.12 port 30142 [preauth]
Jun 23 03:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: Invalid user green from 141.11.88.12
Jun 23 03:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: input_userauth_request: invalid user green [preauth]
Jun 23 03:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Invalid user ana from 141.11.88.12
Jun 23 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: input_userauth_request: invalid user ana [preauth]
Jun 23 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: Failed password for invalid user green from 141.11.88.12 port 30156 ssh2
Jun 23 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: Connection closed by 141.11.88.12 port 30156 [preauth]
Jun 23 03:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Invalid user dev from 195.178.191.5
Jun 23 03:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: input_userauth_request: invalid user dev [preauth]
Jun 23 03:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Failed password for invalid user ana from 141.11.88.12 port 57476 ssh2
Jun 23 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Connection closed by 141.11.88.12 port 57476 [preauth]
Jun 23 03:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Failed password for invalid user dev from 195.178.191.5 port 39636 ssh2
Jun 23 03:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Received disconnect from 195.178.191.5 port 39636:11: Bye Bye [preauth]
Jun 23 03:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Disconnected from 195.178.191.5 port 39636 [preauth]
Jun 23 03:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Failed password for root from 144.225.187.123 port 35542 ssh2
Jun 23 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Connection closed by 144.225.187.123 port 35542 [preauth]
Jun 23 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: Invalid user master from 141.11.88.12
Jun 23 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: input_userauth_request: invalid user master [preauth]
Jun 23 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28292]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28357]: Successful su for rubyman by root
Jun 23 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28357]: + ??? root:rubyman
Jun 23 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574811 of user rubyman.
Jun 23 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28357]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574811.
Jun 23 03:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: Failed password for invalid user master from 141.11.88.12 port 57496 ssh2
Jun 23 03:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: Connection closed by 141.11.88.12 port 57496 [preauth]
Jun 23 03:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session closed for user root
Jun 23 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28293]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: Failed password for root from 141.11.88.12 port 37900 ssh2
Jun 23 03:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: Connection closed by 141.11.88.12 port 37900 [preauth]
Jun 23 03:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Invalid user brenda from 141.11.88.12
Jun 23 03:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: input_userauth_request: invalid user brenda [preauth]
Jun 23 03:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Failed password for invalid user brenda from 141.11.88.12 port 37800 ssh2
Jun 23 03:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Connection closed by 141.11.88.12 port 37800 [preauth]
Jun 23 03:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: Invalid user student from 141.11.88.12
Jun 23 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: input_userauth_request: invalid user student [preauth]
Jun 23 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: Failed password for invalid user student from 141.11.88.12 port 52712 ssh2
Jun 23 03:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28675]: Connection closed by 141.11.88.12 port 52712 [preauth]
Jun 23 03:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Invalid user aiuser from 141.11.88.12
Jun 23 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: input_userauth_request: invalid user aiuser [preauth]
Jun 23 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27337]: pam_unix(cron:session): session closed for user root
Jun 23 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Failed password for invalid user aiuser from 141.11.88.12 port 54222 ssh2
Jun 23 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Connection closed by 141.11.88.12 port 54222 [preauth]
Jun 23 03:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: Failed password for root from 144.225.187.123 port 56554 ssh2
Jun 23 03:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: Connection closed by 144.225.187.123 port 56554 [preauth]
Jun 23 03:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Invalid user deployer from 141.11.88.12
Jun 23 03:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: input_userauth_request: invalid user deployer [preauth]
Jun 23 03:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Failed password for invalid user deployer from 141.11.88.12 port 54264 ssh2
Jun 23 03:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Connection closed by 141.11.88.12 port 54264 [preauth]
Jun 23 03:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: Invalid user aaa from 141.11.88.12
Jun 23 03:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: input_userauth_request: invalid user aaa [preauth]
Jun 23 03:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: Failed password for invalid user aaa from 141.11.88.12 port 52040 ssh2
Jun 23 03:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: Connection closed by 141.11.88.12 port 52040 [preauth]
Jun 23 03:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Invalid user admin from 2.57.121.25
Jun 23 03:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 03:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Failed password for invalid user admin from 2.57.121.25 port 8288 ssh2
Jun 23 03:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Invalid user monitor from 141.11.88.12
Jun 23 03:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: input_userauth_request: invalid user monitor [preauth]
Jun 23 03:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Failed password for invalid user admin from 2.57.121.25 port 8288 ssh2
Jun 23 03:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Failed password for invalid user monitor from 141.11.88.12 port 46630 ssh2
Jun 23 03:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Connection closed by 141.11.88.12 port 46630 [preauth]
Jun 23 03:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Failed password for invalid user admin from 2.57.121.25 port 8288 ssh2
Jun 23 03:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Connection closed by 2.57.121.25 port 8288 [preauth]
Jun 23 03:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28804]: pam_unix(cron:session): session closed for user root
Jun 23 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28806]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28869]: Successful su for rubyman by root
Jun 23 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28869]: + ??? root:rubyman
Jun 23 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574814 of user rubyman.
Jun 23 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28869]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574814.
Jun 23 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: Invalid user dneo from 141.11.88.12
Jun 23 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: input_userauth_request: invalid user dneo [preauth]
Jun 23 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25970]: pam_unix(cron:session): session closed for user root
Jun 23 03:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28809]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: Failed password for invalid user dneo from 141.11.88.12 port 40174 ssh2
Jun 23 03:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: Connection closed by 141.11.88.12 port 40174 [preauth]
Jun 23 03:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29052]: Received disconnect from 185.134.49.116 port 41304:11: disconnected by user [preauth]
Jun 23 03:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29052]: Disconnected from 185.134.49.116 port 41304 [preauth]
Jun 23 03:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29062]: Failed password for root from 144.225.187.123 port 51526 ssh2
Jun 23 03:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29062]: Connection closed by 144.225.187.123 port 51526 [preauth]
Jun 23 03:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29088]: Invalid user alex from 141.11.88.12
Jun 23 03:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29088]: input_userauth_request: invalid user alex [preauth]
Jun 23 03:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29088]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29088]: Failed password for invalid user alex from 141.11.88.12 port 40192 ssh2
Jun 23 03:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29088]: Connection closed by 141.11.88.12 port 40192 [preauth]
Jun 23 03:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Invalid user appuser from 141.11.88.12
Jun 23 03:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: input_userauth_request: invalid user appuser [preauth]
Jun 23 03:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed password for invalid user appuser from 141.11.88.12 port 26680 ssh2
Jun 23 03:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Connection closed by 141.11.88.12 port 26680 [preauth]
Jun 23 03:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: Invalid user chloe from 195.178.191.5
Jun 23 03:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: input_userauth_request: invalid user chloe [preauth]
Jun 23 03:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: Failed password for invalid user chloe from 195.178.191.5 port 39776 ssh2
Jun 23 03:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: Received disconnect from 195.178.191.5 port 39776:11: Bye Bye [preauth]
Jun 23 03:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: Disconnected from 195.178.191.5 port 39776 [preauth]
Jun 23 03:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: Invalid user ai from 141.11.88.12
Jun 23 03:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: input_userauth_request: invalid user ai [preauth]
Jun 23 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: Failed password for invalid user ai from 141.11.88.12 port 30304 ssh2
Jun 23 03:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: Connection closed by 141.11.88.12 port 30304 [preauth]
Jun 23 03:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Invalid user professor from 141.11.88.12
Jun 23 03:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: input_userauth_request: invalid user professor [preauth]
Jun 23 03:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27771]: pam_unix(cron:session): session closed for user root
Jun 23 03:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Failed password for invalid user professor from 141.11.88.12 port 30334 ssh2
Jun 23 03:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Connection closed by 141.11.88.12 port 30334 [preauth]
Jun 23 03:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: Invalid user ai from 141.11.88.12
Jun 23 03:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: input_userauth_request: invalid user ai [preauth]
Jun 23 03:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: Failed password for invalid user ai from 141.11.88.12 port 63926 ssh2
Jun 23 03:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: Connection closed by 141.11.88.12 port 63926 [preauth]
Jun 23 03:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Failed password for root from 144.225.187.123 port 43776 ssh2
Jun 23 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Connection closed by 144.225.187.123 port 43776 [preauth]
Jun 23 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Invalid user ali from 141.11.88.12
Jun 23 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: input_userauth_request: invalid user ali [preauth]
Jun 23 03:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Failed password for invalid user ali from 141.11.88.12 port 14948 ssh2
Jun 23 03:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Connection closed by 141.11.88.12 port 14948 [preauth]
Jun 23 03:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29233]: Failed password for root from 141.11.88.12 port 15046 ssh2
Jun 23 03:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29233]: Connection closed by 141.11.88.12 port 15046 [preauth]
Jun 23 03:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: Invalid user deploy from 141.11.88.12
Jun 23 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: Failed password for invalid user deploy from 141.11.88.12 port 48338 ssh2
Jun 23 03:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: Connection closed by 141.11.88.12 port 48338 [preauth]
Jun 23 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29271]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29265]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29332]: Successful su for rubyman by root
Jun 23 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29332]: + ??? root:rubyman
Jun 23 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574819 of user rubyman.
Jun 23 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29332]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574819.
Jun 23 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: Invalid user aaa from 141.11.88.12
Jun 23 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: input_userauth_request: invalid user aaa [preauth]
Jun 23 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26389]: pam_unix(cron:session): session closed for user root
Jun 23 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29266]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: Failed password for invalid user aaa from 141.11.88.12 port 60498 ssh2
Jun 23 03:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: Connection closed by 141.11.88.12 port 60498 [preauth]
Jun 23 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: Invalid user oracle from 141.11.88.12
Jun 23 03:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: input_userauth_request: invalid user oracle [preauth]
Jun 23 03:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: Failed password for invalid user oracle from 141.11.88.12 port 60530 ssh2
Jun 23 03:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: Connection closed by 141.11.88.12 port 60530 [preauth]
Jun 23 03:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: Failed password for root from 144.225.187.123 port 42890 ssh2
Jun 23 03:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: Connection closed by 144.225.187.123 port 42890 [preauth]
Jun 23 03:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Failed password for root from 141.11.88.12 port 48498 ssh2
Jun 23 03:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Connection closed by 141.11.88.12 port 48498 [preauth]
Jun 23 03:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: Invalid user deployer from 141.11.88.12
Jun 23 03:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: input_userauth_request: invalid user deployer [preauth]
Jun 23 03:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: Failed password for invalid user deployer from 141.11.88.12 port 21502 ssh2
Jun 23 03:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: Connection closed by 141.11.88.12 port 21502 [preauth]
Jun 23 03:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Invalid user scanner from 141.11.88.12
Jun 23 03:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: input_userauth_request: invalid user scanner [preauth]
Jun 23 03:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28295]: pam_unix(cron:session): session closed for user root
Jun 23 03:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Failed password for invalid user scanner from 141.11.88.12 port 50938 ssh2
Jun 23 03:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Connection closed by 141.11.88.12 port 50938 [preauth]
Jun 23 03:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Invalid user dany from 141.11.88.12
Jun 23 03:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: input_userauth_request: invalid user dany [preauth]
Jun 23 03:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Failed password for invalid user dany from 141.11.88.12 port 50978 ssh2
Jun 23 03:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Connection closed by 141.11.88.12 port 50978 [preauth]
Jun 23 03:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: Invalid user initial from 141.11.88.12
Jun 23 03:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: input_userauth_request: invalid user initial [preauth]
Jun 23 03:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: Failed password for invalid user initial from 141.11.88.12 port 33012 ssh2
Jun 23 03:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: Connection closed by 141.11.88.12 port 33012 [preauth]
Jun 23 03:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29783]: Failed password for root from 144.225.187.123 port 37244 ssh2
Jun 23 03:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29783]: Connection closed by 144.225.187.123 port 37244 [preauth]
Jun 23 03:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Invalid user jenkins from 141.11.88.12
Jun 23 03:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 03:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: Failed password for root from 195.178.191.5 port 51588 ssh2
Jun 23 03:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: Received disconnect from 195.178.191.5 port 51588:11: Bye Bye [preauth]
Jun 23 03:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: Disconnected from 195.178.191.5 port 51588 [preauth]
Jun 23 03:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Failed password for invalid user jenkins from 141.11.88.12 port 29072 ssh2
Jun 23 03:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Connection closed by 141.11.88.12 port 29072 [preauth]
Jun 23 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29808]: Invalid user term2 from 141.11.88.12
Jun 23 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29808]: input_userauth_request: invalid user term2 [preauth]
Jun 23 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29808]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29822]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29808]: Failed password for invalid user term2 from 141.11.88.12 port 29092 ssh2
Jun 23 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29808]: Connection closed by 141.11.88.12 port 29092 [preauth]
Jun 23 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29891]: Successful su for rubyman by root
Jun 23 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29891]: + ??? root:rubyman
Jun 23 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574823 of user rubyman.
Jun 23 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29891]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574823.
Jun 23 03:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26890]: pam_unix(cron:session): session closed for user root
Jun 23 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29823]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: Failed password for root from 141.11.88.12 port 25922 ssh2
Jun 23 03:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: Connection closed by 141.11.88.12 port 25922 [preauth]
Jun 23 03:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: Invalid user osm from 141.11.88.12
Jun 23 03:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: input_userauth_request: invalid user osm [preauth]
Jun 23 03:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: Failed password for invalid user osm from 141.11.88.12 port 45932 ssh2
Jun 23 03:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: Connection closed by 141.11.88.12 port 45932 [preauth]
Jun 23 03:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30116]: Invalid user localhost from 141.11.88.12
Jun 23 03:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30116]: input_userauth_request: invalid user localhost [preauth]
Jun 23 03:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30116]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30116]: Failed password for invalid user localhost from 141.11.88.12 port 45988 ssh2
Jun 23 03:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30116]: Connection closed by 141.11.88.12 port 45988 [preauth]
Jun 23 03:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Invalid user deployer from 144.225.187.123
Jun 23 03:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: input_userauth_request: invalid user deployer [preauth]
Jun 23 03:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Failed password for invalid user deployer from 144.225.187.123 port 51298 ssh2
Jun 23 03:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Connection closed by 144.225.187.123 port 51298 [preauth]
Jun 23 03:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: Invalid user RPM from 141.11.88.12
Jun 23 03:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: input_userauth_request: invalid user RPM [preauth]
Jun 23 03:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: Failed password for invalid user RPM from 141.11.88.12 port 26638 ssh2
Jun 23 03:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: Connection closed by 141.11.88.12 port 26638 [preauth]
Jun 23 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28811]: pam_unix(cron:session): session closed for user root
Jun 23 03:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: Invalid user tfj from 141.11.88.12
Jun 23 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: input_userauth_request: invalid user tfj [preauth]
Jun 23 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: Failed password for invalid user tfj from 141.11.88.12 port 53142 ssh2
Jun 23 03:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: Connection closed by 141.11.88.12 port 53142 [preauth]
Jun 23 03:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Invalid user www from 141.11.88.12
Jun 23 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: input_userauth_request: invalid user www [preauth]
Jun 23 03:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Failed password for invalid user www from 141.11.88.12 port 25046 ssh2
Jun 23 03:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Connection closed by 141.11.88.12 port 25046 [preauth]
Jun 23 03:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Invalid user calvin from 141.11.88.12
Jun 23 03:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: input_userauth_request: invalid user calvin [preauth]
Jun 23 03:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Failed password for invalid user calvin from 141.11.88.12 port 25110 ssh2
Jun 23 03:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Connection closed by 141.11.88.12 port 25110 [preauth]
Jun 23 03:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30249]: Invalid user rancher from 141.11.88.12
Jun 23 03:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30249]: input_userauth_request: invalid user rancher [preauth]
Jun 23 03:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30249]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30249]: Failed password for invalid user rancher from 141.11.88.12 port 59584 ssh2
Jun 23 03:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30251]: Invalid user 1 from 144.225.187.123
Jun 23 03:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30251]: input_userauth_request: invalid user 1 [preauth]
Jun 23 03:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30251]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30249]: Connection closed by 141.11.88.12 port 59584 [preauth]
Jun 23 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30251]: Failed password for invalid user 1 from 144.225.187.123 port 49462 ssh2
Jun 23 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30251]: Connection closed by 144.225.187.123 port 49462 [preauth]
Jun 23 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30267]: pam_unix(cron:session): session closed for user root
Jun 23 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30262]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30335]: Successful su for rubyman by root
Jun 23 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30335]: + ??? root:rubyman
Jun 23 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574828 of user rubyman.
Jun 23 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30335]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574828.
Jun 23 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30264]: pam_unix(cron:session): session closed for user root
Jun 23 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27336]: pam_unix(cron:session): session closed for user root
Jun 23 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30415]: Invalid user fa from 141.11.88.12
Jun 23 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30415]: input_userauth_request: invalid user fa [preauth]
Jun 23 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30415]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30263]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30415]: Failed password for invalid user fa from 141.11.88.12 port 29200 ssh2
Jun 23 03:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30415]: Connection closed by 141.11.88.12 port 29200 [preauth]
Jun 23 03:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Invalid user steam from 141.11.88.12
Jun 23 03:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: input_userauth_request: invalid user steam [preauth]
Jun 23 03:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Failed password for invalid user steam from 141.11.88.12 port 42616 ssh2
Jun 23 03:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Connection closed by 141.11.88.12 port 42616 [preauth]
Jun 23 03:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Invalid user admin from 45.148.10.121
Jun 23 03:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 03:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Invalid user sam from 141.11.88.12
Jun 23 03:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: input_userauth_request: invalid user sam [preauth]
Jun 23 03:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Failed password for invalid user admin from 45.148.10.121 port 58564 ssh2
Jun 23 03:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Connection closed by 45.148.10.121 port 58564 [preauth]
Jun 23 03:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Failed password for invalid user sam from 141.11.88.12 port 42676 ssh2
Jun 23 03:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Connection closed by 141.11.88.12 port 42676 [preauth]
Jun 23 03:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: Failed password for root from 195.178.191.5 port 60230 ssh2
Jun 23 03:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: Received disconnect from 195.178.191.5 port 60230:11: Bye Bye [preauth]
Jun 23 03:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: Disconnected from 195.178.191.5 port 60230 [preauth]
Jun 23 03:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: Invalid user deploy from 141.11.88.12
Jun 23 03:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: Failed password for invalid user deploy from 141.11.88.12 port 35952 ssh2
Jun 23 03:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: Connection closed by 141.11.88.12 port 35952 [preauth]
Jun 23 03:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Invalid user user from 141.11.88.12
Jun 23 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: input_userauth_request: invalid user user [preauth]
Jun 23 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Invalid user test1 from 144.225.187.123
Jun 23 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: input_userauth_request: invalid user test1 [preauth]
Jun 23 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29271]: pam_unix(cron:session): session closed for user root
Jun 23 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Failed password for invalid user test1 from 144.225.187.123 port 43852 ssh2
Jun 23 03:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Failed password for invalid user user from 141.11.88.12 port 12906 ssh2
Jun 23 03:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Connection closed by 144.225.187.123 port 43852 [preauth]
Jun 23 03:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Connection closed by 141.11.88.12 port 12906 [preauth]
Jun 23 03:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: Failed password for root from 141.11.88.12 port 12974 ssh2
Jun 23 03:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: Connection closed by 141.11.88.12 port 12974 [preauth]
Jun 23 03:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Failed password for root from 141.11.88.12 port 62074 ssh2
Jun 23 03:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Connection closed by 141.11.88.12 port 62074 [preauth]
Jun 23 03:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: Failed password for root from 141.11.88.12 port 35624 ssh2
Jun 23 03:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: Connection closed by 141.11.88.12 port 35624 [preauth]
Jun 23 03:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Invalid user gd from 141.11.88.12
Jun 23 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: input_userauth_request: invalid user gd [preauth]
Jun 23 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30729]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: Successful su for rubyman by root
Jun 23 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: + ??? root:rubyman
Jun 23 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574833 of user rubyman.
Jun 23 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574833.
Jun 23 03:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Failed password for invalid user gd from 141.11.88.12 port 34172 ssh2
Jun 23 03:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Connection closed by 141.11.88.12 port 34172 [preauth]
Jun 23 03:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27770]: pam_unix(cron:session): session closed for user root
Jun 23 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30730]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: Invalid user user from 141.11.88.12
Jun 23 03:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: input_userauth_request: invalid user user [preauth]
Jun 23 03:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: Failed password for root from 144.225.187.123 port 46654 ssh2
Jun 23 03:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: Connection closed by 144.225.187.123 port 46654 [preauth]
Jun 23 03:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: Failed password for invalid user user from 141.11.88.12 port 34204 ssh2
Jun 23 03:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: Connection closed by 141.11.88.12 port 34204 [preauth]
Jun 23 03:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: Invalid user daniel from 141.11.88.12
Jun 23 03:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: input_userauth_request: invalid user daniel [preauth]
Jun 23 03:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: Failed password for invalid user daniel from 141.11.88.12 port 36484 ssh2
Jun 23 03:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: Connection closed by 141.11.88.12 port 36484 [preauth]
Jun 23 03:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Invalid user danny from 141.11.88.12
Jun 23 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: input_userauth_request: invalid user danny [preauth]
Jun 23 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Failed password for invalid user danny from 141.11.88.12 port 24270 ssh2
Jun 23 03:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Connection closed by 141.11.88.12 port 24270 [preauth]
Jun 23 03:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 03:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31156]: Invalid user jenkins from 141.11.88.12
Jun 23 03:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31156]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 03:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31156]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: Failed password for root from 38.93.206.2 port 15996 ssh2
Jun 23 03:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: Connection closed by 38.93.206.2 port 15996 [preauth]
Jun 23 03:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31156]: Failed password for invalid user jenkins from 141.11.88.12 port 24282 ssh2
Jun 23 03:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31156]: Connection closed by 141.11.88.12 port 24282 [preauth]
Jun 23 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session closed for user root
Jun 23 03:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: Failed password for root from 141.11.88.12 port 41544 ssh2
Jun 23 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: Connection closed by 141.11.88.12 port 41544 [preauth]
Jun 23 03:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: Failed password for root from 144.225.187.123 port 35968 ssh2
Jun 23 03:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: Connection closed by 144.225.187.123 port 35968 [preauth]
Jun 23 03:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: Failed password for invalid user ubuntu from 141.11.88.12 port 41560 ssh2
Jun 23 03:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: Connection closed by 141.11.88.12 port 41560 [preauth]
Jun 23 03:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Invalid user user3 from 141.11.88.12
Jun 23 03:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: input_userauth_request: invalid user user3 [preauth]
Jun 23 03:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Failed password for invalid user user3 from 141.11.88.12 port 24778 ssh2
Jun 23 03:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Connection closed by 141.11.88.12 port 24778 [preauth]
Jun 23 03:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Invalid user sdadmin from 141.11.88.12
Jun 23 03:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: input_userauth_request: invalid user sdadmin [preauth]
Jun 23 03:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Failed password for invalid user sdadmin from 141.11.88.12 port 47620 ssh2
Jun 23 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Connection closed by 141.11.88.12 port 47620 [preauth]
Jun 23 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: Invalid user bot from 141.11.88.12
Jun 23 03:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: input_userauth_request: invalid user bot [preauth]
Jun 23 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31252]: Failed password for root from 195.178.191.5 port 45616 ssh2
Jun 23 03:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31252]: Received disconnect from 195.178.191.5 port 45616:11: Bye Bye [preauth]
Jun 23 03:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31252]: Disconnected from 195.178.191.5 port 45616 [preauth]
Jun 23 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: Failed password for invalid user bot from 141.11.88.12 port 47628 ssh2
Jun 23 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: Connection closed by 141.11.88.12 port 47628 [preauth]
Jun 23 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: Successful su for rubyman by root
Jun 23 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: + ??? root:rubyman
Jun 23 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574839 of user rubyman.
Jun 23 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574839.
Jun 23 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28294]: pam_unix(cron:session): session closed for user root
Jun 23 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: Invalid user claude from 141.11.88.12
Jun 23 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: input_userauth_request: invalid user claude [preauth]
Jun 23 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31270]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: Failed password for invalid user claude from 141.11.88.12 port 58110 ssh2
Jun 23 03:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: Connection closed by 141.11.88.12 port 58110 [preauth]
Jun 23 03:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Invalid user rosa from 141.11.88.12
Jun 23 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: input_userauth_request: invalid user rosa [preauth]
Jun 23 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Failed password for invalid user rosa from 141.11.88.12 port 55920 ssh2
Jun 23 03:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Connection closed by 141.11.88.12 port 55920 [preauth]
Jun 23 03:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for root from 144.225.187.123 port 51692 ssh2
Jun 23 03:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Connection closed by 144.225.187.123 port 51692 [preauth]
Jun 23 03:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: Invalid user dany from 141.11.88.12
Jun 23 03:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: input_userauth_request: invalid user dany [preauth]
Jun 23 03:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: Failed password for invalid user dany from 141.11.88.12 port 55978 ssh2
Jun 23 03:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: Connection closed by 141.11.88.12 port 55978 [preauth]
Jun 23 03:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: Invalid user sam from 141.11.88.12
Jun 23 03:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: input_userauth_request: invalid user sam [preauth]
Jun 23 03:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: Failed password for invalid user sam from 141.11.88.12 port 22792 ssh2
Jun 23 03:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: Connection closed by 141.11.88.12 port 22792 [preauth]
Jun 23 03:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30266]: pam_unix(cron:session): session closed for user root
Jun 23 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31690]: Failed password for root from 141.11.88.12 port 21188 ssh2
Jun 23 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31690]: Connection closed by 141.11.88.12 port 21188 [preauth]
Jun 23 03:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: Invalid user elasticsearch from 141.11.88.12
Jun 23 03:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 03:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 03:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: Failed password for invalid user elasticsearch from 141.11.88.12 port 21194 ssh2
Jun 23 03:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: Connection closed by 141.11.88.12 port 21194 [preauth]
Jun 23 03:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Failed password for root from 103.153.68.219 port 46164 ssh2
Jun 23 03:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Connection closed by 103.153.68.219 port 46164 [preauth]
Jun 23 03:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: Failed password for root from 141.11.88.12 port 14902 ssh2
Jun 23 03:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: Connection closed by 141.11.88.12 port 14902 [preauth]
Jun 23 03:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: Failed password for root from 144.225.187.123 port 50862 ssh2
Jun 23 03:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: Connection closed by 144.225.187.123 port 50862 [preauth]
Jun 23 03:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Invalid user fox from 141.11.88.12
Jun 23 03:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: input_userauth_request: invalid user fox [preauth]
Jun 23 03:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Failed password for invalid user fox from 141.11.88.12 port 17698 ssh2
Jun 23 03:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Connection closed by 141.11.88.12 port 17698 [preauth]
Jun 23 03:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Invalid user oracle from 141.11.88.12
Jun 23 03:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: input_userauth_request: invalid user oracle [preauth]
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31797]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31856]: Successful su for rubyman by root
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31856]: + ??? root:rubyman
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574842 of user rubyman.
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31856]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574842.
Jun 23 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Failed password for invalid user oracle from 141.11.88.12 port 17770 ssh2
Jun 23 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Connection closed by 141.11.88.12 port 17770 [preauth]
Jun 23 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28810]: pam_unix(cron:session): session closed for user root
Jun 23 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31798]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: Invalid user admin from 141.11.88.12
Jun 23 03:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: Failed password for invalid user admin from 141.11.88.12 port 42078 ssh2
Jun 23 03:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: Connection closed by 141.11.88.12 port 42078 [preauth]
Jun 23 03:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: User mysql from 141.11.88.12 not allowed because not listed in AllowUsers
Jun 23 03:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: input_userauth_request: invalid user mysql [preauth]
Jun 23 03:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=mysql
Jun 23 03:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Failed password for invalid user mysql from 141.11.88.12 port 63532 ssh2
Jun 23 03:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Connection closed by 141.11.88.12 port 63532 [preauth]
Jun 23 03:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: Invalid user test from 141.11.88.12
Jun 23 03:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: input_userauth_request: invalid user test [preauth]
Jun 23 03:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: Failed password for invalid user test from 141.11.88.12 port 23732 ssh2
Jun 23 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: Connection closed by 141.11.88.12 port 23732 [preauth]
Jun 23 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: Failed password for root from 144.225.187.123 port 54514 ssh2
Jun 23 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: Connection closed by 144.225.187.123 port 54514 [preauth]
Jun 23 03:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32128]: Failed password for root from 141.11.88.12 port 23740 ssh2
Jun 23 03:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32128]: Connection closed by 141.11.88.12 port 23740 [preauth]
Jun 23 03:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Failed password for root from 195.178.191.5 port 35984 ssh2
Jun 23 03:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Received disconnect from 195.178.191.5 port 35984:11: Bye Bye [preauth]
Jun 23 03:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Disconnected from 195.178.191.5 port 35984 [preauth]
Jun 23 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30732]: pam_unix(cron:session): session closed for user root
Jun 23 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32165]: Failed password for root from 141.11.88.12 port 34428 ssh2
Jun 23 03:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32165]: Connection closed by 141.11.88.12 port 34428 [preauth]
Jun 23 03:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: Failed password for root from 141.11.88.12 port 44932 ssh2
Jun 23 03:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: Connection closed by 141.11.88.12 port 44932 [preauth]
Jun 23 03:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: Invalid user deploy from 141.11.88.12
Jun 23 03:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: Failed password for invalid user deploy from 141.11.88.12 port 44958 ssh2
Jun 23 03:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: Connection closed by 141.11.88.12 port 44958 [preauth]
Jun 23 03:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: Invalid user composer from 141.11.88.12
Jun 23 03:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: input_userauth_request: invalid user composer [preauth]
Jun 23 03:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Failed password for root from 144.225.187.123 port 56532 ssh2
Jun 23 03:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: Failed password for invalid user composer from 141.11.88.12 port 27628 ssh2
Jun 23 03:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Connection closed by 144.225.187.123 port 56532 [preauth]
Jun 23 03:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: Connection closed by 141.11.88.12 port 27628 [preauth]
Jun 23 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32233]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Invalid user debian from 141.11.88.12
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: input_userauth_request: invalid user debian [preauth]
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32290]: Successful su for rubyman by root
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32290]: + ??? root:rubyman
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574845 of user rubyman.
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32290]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574845.
Jun 23 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Failed password for invalid user debian from 141.11.88.12 port 50808 ssh2
Jun 23 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29270]: pam_unix(cron:session): session closed for user root
Jun 23 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Connection closed by 141.11.88.12 port 50808 [preauth]
Jun 23 03:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32234]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32484]: Invalid user david from 141.11.88.12
Jun 23 03:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32484]: input_userauth_request: invalid user david [preauth]
Jun 23 03:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32484]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32484]: Failed password for invalid user david from 141.11.88.12 port 50828 ssh2
Jun 23 03:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32484]: Connection closed by 141.11.88.12 port 50828 [preauth]
Jun 23 03:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Invalid user demo from 141.11.88.12
Jun 23 03:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: input_userauth_request: invalid user demo [preauth]
Jun 23 03:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Failed password for invalid user demo from 141.11.88.12 port 40842 ssh2
Jun 23 03:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Connection closed by 141.11.88.12 port 40842 [preauth]
Jun 23 03:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32520]: Failed password for root from 141.11.88.12 port 40886 ssh2
Jun 23 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32520]: Connection closed by 141.11.88.12 port 40886 [preauth]
Jun 23 03:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: Invalid user mcserver from 141.11.88.12
Jun 23 03:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: input_userauth_request: invalid user mcserver [preauth]
Jun 23 03:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: Failed password for invalid user mcserver from 141.11.88.12 port 49062 ssh2
Jun 23 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: Connection closed by 141.11.88.12 port 49062 [preauth]
Jun 23 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: Invalid user root1 from 141.11.88.12
Jun 23 03:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: input_userauth_request: invalid user root1 [preauth]
Jun 23 03:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32553]: Failed password for root from 144.225.187.123 port 35382 ssh2
Jun 23 03:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32553]: Connection closed by 144.225.187.123 port 35382 [preauth]
Jun 23 03:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: Failed password for invalid user root1 from 141.11.88.12 port 49074 ssh2
Jun 23 03:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session closed for user root
Jun 23 03:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32564]: Connection closed by 141.11.88.12 port 49074 [preauth]
Jun 23 03:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: Failed password for root from 141.11.88.12 port 55826 ssh2
Jun 23 03:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: Connection closed by 141.11.88.12 port 55826 [preauth]
Jun 23 03:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Invalid user anna from 141.11.88.12
Jun 23 03:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: input_userauth_request: invalid user anna [preauth]
Jun 23 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Failed password for invalid user anna from 141.11.88.12 port 47548 ssh2
Jun 23 03:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Connection closed by 141.11.88.12 port 47548 [preauth]
Jun 23 03:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: Failed password for invalid user ubuntu from 141.11.88.12 port 47584 ssh2
Jun 23 03:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: Connection closed by 141.11.88.12 port 47584 [preauth]
Jun 23 03:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: Received disconnect from 31.42.176.142 port 1384:11: disconnected by user [preauth]
Jun 23 03:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: Disconnected from 31.42.176.142 port 1384 [preauth]
Jun 23 03:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32642]: Invalid user budda from 141.11.88.12
Jun 23 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32642]: input_userauth_request: invalid user budda [preauth]
Jun 23 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32642]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32642]: Failed password for invalid user budda from 141.11.88.12 port 33506 ssh2
Jun 23 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32642]: Connection closed by 141.11.88.12 port 33506 [preauth]
Jun 23 03:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: Invalid user vaibhav from 195.178.191.5
Jun 23 03:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: input_userauth_request: invalid user vaibhav [preauth]
Jun 23 03:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: Failed password for invalid user vaibhav from 195.178.191.5 port 44976 ssh2
Jun 23 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: Received disconnect from 195.178.191.5 port 44976:11: Bye Bye [preauth]
Jun 23 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: Disconnected from 195.178.191.5 port 44976 [preauth]
Jun 23 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32665]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32666]: pam_unix(cron:session): session closed for user root
Jun 23 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32660]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32744]: Successful su for rubyman by root
Jun 23 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32744]: + ??? root:rubyman
Jun 23 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574849 of user rubyman.
Jun 23 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32744]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574849.
Jun 23 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32657]: Failed password for root from 141.11.88.12 port 33558 ssh2
Jun 23 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32657]: Connection closed by 141.11.88.12 port 33558 [preauth]
Jun 23 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32662]: pam_unix(cron:session): session closed for user root
Jun 23 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29824]: pam_unix(cron:session): session closed for user root
Jun 23 03:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[321]: Failed password for root from 144.225.187.123 port 51656 ssh2
Jun 23 03:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32661]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[321]: Connection closed by 144.225.187.123 port 51656 [preauth]
Jun 23 03:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Invalid user dani from 141.11.88.12
Jun 23 03:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: input_userauth_request: invalid user dani [preauth]
Jun 23 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Failed password for invalid user dani from 141.11.88.12 port 60654 ssh2
Jun 23 03:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Connection closed by 141.11.88.12 port 60654 [preauth]
Jun 23 03:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Invalid user openclaw from 141.11.88.12
Jun 23 03:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 03:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Failed password for invalid user openclaw from 141.11.88.12 port 46102 ssh2
Jun 23 03:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Connection closed by 141.11.88.12 port 46102 [preauth]
Jun 23 03:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: Invalid user logs from 141.11.88.12
Jun 23 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: input_userauth_request: invalid user logs [preauth]
Jun 23 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: Failed password for invalid user logs from 141.11.88.12 port 46160 ssh2
Jun 23 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[665]: Connection closed by 141.11.88.12 port 46160 [preauth]
Jun 23 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: Invalid user user1 from 141.11.88.12
Jun 23 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: input_userauth_request: invalid user user1 [preauth]
Jun 23 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: Failed password for invalid user user1 from 141.11.88.12 port 62016 ssh2
Jun 23 03:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: Connection closed by 141.11.88.12 port 62016 [preauth]
Jun 23 03:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: Invalid user sam from 141.11.88.12
Jun 23 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: input_userauth_request: invalid user sam [preauth]
Jun 23 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: Failed password for invalid user sam from 141.11.88.12 port 62040 ssh2
Jun 23 03:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: Connection closed by 141.11.88.12 port 62040 [preauth]
Jun 23 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31800]: pam_unix(cron:session): session closed for user root
Jun 23 03:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Invalid user claude from 141.11.88.12
Jun 23 03:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: input_userauth_request: invalid user claude [preauth]
Jun 23 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Failed password for invalid user claude from 141.11.88.12 port 48844 ssh2
Jun 23 03:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Connection closed by 141.11.88.12 port 48844 [preauth]
Jun 23 03:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[745]: Failed password for root from 144.225.187.123 port 33036 ssh2
Jun 23 03:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Invalid user gary from 141.11.88.12
Jun 23 03:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: input_userauth_request: invalid user gary [preauth]
Jun 23 03:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[745]: Connection closed by 144.225.187.123 port 33036 [preauth]
Jun 23 03:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Failed password for invalid user gary from 141.11.88.12 port 48878 ssh2
Jun 23 03:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Connection closed by 141.11.88.12 port 48878 [preauth]
Jun 23 03:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: Invalid user nominatim from 141.11.88.12
Jun 23 03:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: input_userauth_request: invalid user nominatim [preauth]
Jun 23 03:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: Failed password for invalid user nominatim from 141.11.88.12 port 38352 ssh2
Jun 23 03:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: Connection closed by 141.11.88.12 port 38352 [preauth]
Jun 23 03:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[793]: Failed password for root from 141.11.88.12 port 64254 ssh2
Jun 23 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[793]: Connection closed by 141.11.88.12 port 64254 [preauth]
Jun 23 03:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Invalid user test from 141.11.88.12
Jun 23 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: input_userauth_request: invalid user test [preauth]
Jun 23 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Failed password for invalid user test from 141.11.88.12 port 64308 ssh2
Jun 23 03:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Connection closed by 141.11.88.12 port 64308 [preauth]
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[824]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[894]: Successful su for rubyman by root
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[894]: + ??? root:rubyman
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574856 of user rubyman.
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[894]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574856.
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: Invalid user openhabian from 141.11.88.12
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: input_userauth_request: invalid user openhabian [preauth]
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: Failed password for invalid user openhabian from 141.11.88.12 port 17218 ssh2
Jun 23 03:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: Connection closed by 141.11.88.12 port 17218 [preauth]
Jun 23 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30265]: pam_unix(cron:session): session closed for user root
Jun 23 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[825]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Invalid user ftpuser2 from 141.11.88.12
Jun 23 03:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: input_userauth_request: invalid user ftpuser2 [preauth]
Jun 23 03:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Failed password for invalid user ftpuser2 from 141.11.88.12 port 17246 ssh2
Jun 23 03:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Connection closed by 141.11.88.12 port 17246 [preauth]
Jun 23 03:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Invalid user alex from 144.225.187.123
Jun 23 03:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: input_userauth_request: invalid user alex [preauth]
Jun 23 03:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Failed password for invalid user alex from 144.225.187.123 port 54318 ssh2
Jun 23 03:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Connection closed by 144.225.187.123 port 54318 [preauth]
Jun 23 03:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Invalid user kelvin from 141.11.88.12
Jun 23 03:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: input_userauth_request: invalid user kelvin [preauth]
Jun 23 03:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: Invalid user master from 141.11.88.12
Jun 23 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: input_userauth_request: invalid user master [preauth]
Jun 23 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Failed password for invalid user kelvin from 141.11.88.12 port 31050 ssh2
Jun 23 03:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Connection closed by 141.11.88.12 port 31050 [preauth]
Jun 23 03:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: Failed password for invalid user master from 141.11.88.12 port 31028 ssh2
Jun 23 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: Invalid user amine from 141.11.88.12
Jun 23 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: input_userauth_request: invalid user amine [preauth]
Jun 23 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Invalid user guillaume from 195.178.191.5
Jun 23 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: input_userauth_request: invalid user guillaume [preauth]
Jun 23 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: Connection closed by 141.11.88.12 port 31028 [preauth]
Jun 23 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Failed password for invalid user guillaume from 195.178.191.5 port 37698 ssh2
Jun 23 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: Failed password for invalid user amine from 141.11.88.12 port 25032 ssh2
Jun 23 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Received disconnect from 195.178.191.5 port 37698:11: Bye Bye [preauth]
Jun 23 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Disconnected from 195.178.191.5 port 37698 [preauth]
Jun 23 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: Connection closed by 141.11.88.12 port 25032 [preauth]
Jun 23 03:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Invalid user admin from 141.11.88.12
Jun 23 03:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Failed password for invalid user admin from 141.11.88.12 port 25082 ssh2
Jun 23 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Connection closed by 141.11.88.12 port 25082 [preauth]
Jun 23 03:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Invalid user anton from 141.11.88.12
Jun 23 03:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: input_userauth_request: invalid user anton [preauth]
Jun 23 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32236]: pam_unix(cron:session): session closed for user root
Jun 23 03:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Failed password for invalid user anton from 141.11.88.12 port 12596 ssh2
Jun 23 03:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Connection closed by 141.11.88.12 port 12596 [preauth]
Jun 23 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Invalid user guest from 141.11.88.12
Jun 23 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: input_userauth_request: invalid user guest [preauth]
Jun 23 03:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Failed password for invalid user guest from 141.11.88.12 port 12658 ssh2
Jun 23 03:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Connection closed by 141.11.88.12 port 12658 [preauth]
Jun 23 03:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Invalid user deploy from 141.11.88.12
Jun 23 03:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for invalid user deploy from 141.11.88.12 port 10924 ssh2
Jun 23 03:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Connection closed by 141.11.88.12 port 10924 [preauth]
Jun 23 03:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Invalid user sammy from 144.225.187.123
Jun 23 03:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: input_userauth_request: invalid user sammy [preauth]
Jun 23 03:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Invalid user pi from 141.11.88.12
Jun 23 03:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: input_userauth_request: invalid user pi [preauth]
Jun 23 03:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Failed password for invalid user sammy from 144.225.187.123 port 54710 ssh2
Jun 23 03:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Connection closed by 144.225.187.123 port 54710 [preauth]
Jun 23 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Failed password for invalid user pi from 141.11.88.12 port 10934 ssh2
Jun 23 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Connection closed by 141.11.88.12 port 10934 [preauth]
Jun 23 03:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: Invalid user admin from 141.11.88.12
Jun 23 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: Failed password for invalid user admin from 141.11.88.12 port 52370 ssh2
Jun 23 03:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: Connection closed by 141.11.88.12 port 52370 [preauth]
Jun 23 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: Invalid user leo from 141.11.88.12
Jun 23 03:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: input_userauth_request: invalid user leo [preauth]
Jun 23 03:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1314]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: Successful su for rubyman by root
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: + ??? root:rubyman
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574861 of user rubyman.
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574861.
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: Failed password for invalid user leo from 141.11.88.12 port 52384 ssh2
Jun 23 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1310]: Connection closed by 141.11.88.12 port 52384 [preauth]
Jun 23 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30731]: pam_unix(cron:session): session closed for user root
Jun 23 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Invalid user bob from 141.11.88.12
Jun 23 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: input_userauth_request: invalid user bob [preauth]
Jun 23 03:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1316]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Failed password for invalid user bob from 141.11.88.12 port 42026 ssh2
Jun 23 03:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Connection closed by 141.11.88.12 port 42026 [preauth]
Jun 23 03:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: Invalid user teamspeak from 141.11.88.12
Jun 23 03:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 03:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: Failed password for invalid user teamspeak from 141.11.88.12 port 42066 ssh2
Jun 23 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: Connection closed by 141.11.88.12 port 42066 [preauth]
Jun 23 03:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Invalid user vyos from 141.11.88.12
Jun 23 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: input_userauth_request: invalid user vyos [preauth]
Jun 23 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Failed password for invalid user vyos from 141.11.88.12 port 41922 ssh2
Jun 23 03:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Connection closed by 141.11.88.12 port 41922 [preauth]
Jun 23 03:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: Invalid user lin from 141.11.88.12
Jun 23 03:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: input_userauth_request: invalid user lin [preauth]
Jun 23 03:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: Failed password for root from 144.225.187.123 port 37996 ssh2
Jun 23 03:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: Connection closed by 144.225.187.123 port 37996 [preauth]
Jun 23 03:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: Failed password for invalid user lin from 141.11.88.12 port 31508 ssh2
Jun 23 03:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: Connection closed by 141.11.88.12 port 31508 [preauth]
Jun 23 03:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: Invalid user hadoop from 141.11.88.12
Jun 23 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32665]: pam_unix(cron:session): session closed for user root
Jun 23 03:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: Failed password for invalid user hadoop from 141.11.88.12 port 56018 ssh2
Jun 23 03:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: Connection closed by 141.11.88.12 port 56018 [preauth]
Jun 23 03:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Invalid user main from 141.11.88.12
Jun 23 03:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: input_userauth_request: invalid user main [preauth]
Jun 23 03:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for invalid user main from 141.11.88.12 port 56064 ssh2
Jun 23 03:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Connection closed by 141.11.88.12 port 56064 [preauth]
Jun 23 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: Invalid user app from 141.11.88.12
Jun 23 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: input_userauth_request: invalid user app [preauth]
Jun 23 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: Invalid user gns3 from 141.11.88.12
Jun 23 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: input_userauth_request: invalid user gns3 [preauth]
Jun 23 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: Failed password for invalid user app from 141.11.88.12 port 31512 ssh2
Jun 23 03:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: Connection closed by 141.11.88.12 port 31512 [preauth]
Jun 23 03:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: Failed password for invalid user gns3 from 141.11.88.12 port 60098 ssh2
Jun 23 03:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: Connection closed by 141.11.88.12 port 60098 [preauth]
Jun 23 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Invalid user nvidia from 141.11.88.12
Jun 23 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: input_userauth_request: invalid user nvidia [preauth]
Jun 23 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Failed password for invalid user nvidia from 141.11.88.12 port 60120 ssh2
Jun 23 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Invalid user rapid from 195.178.191.5
Jun 23 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: input_userauth_request: invalid user rapid [preauth]
Jun 23 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Connection closed by 141.11.88.12 port 60120 [preauth]
Jun 23 03:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: Failed password for root from 103.27.238.120 port 54564 ssh2
Jun 23 03:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1855]: Connection closed by 103.27.238.120 port 54564 [preauth]
Jun 23 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Failed password for invalid user rapid from 195.178.191.5 port 46926 ssh2
Jun 23 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Received disconnect from 195.178.191.5 port 46926:11: Bye Bye [preauth]
Jun 23 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Disconnected from 195.178.191.5 port 46926 [preauth]
Jun 23 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Invalid user maud from 141.11.88.12
Jun 23 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: input_userauth_request: invalid user maud [preauth]
Jun 23 03:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: Failed password for root from 144.225.187.123 port 57736 ssh2
Jun 23 03:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: Connection closed by 144.225.187.123 port 57736 [preauth]
Jun 23 03:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Failed password for invalid user maud from 141.11.88.12 port 26398 ssh2
Jun 23 03:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Connection closed by 141.11.88.12 port 26398 [preauth]
Jun 23 03:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1885]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1975]: Successful su for rubyman by root
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1975]: + ??? root:rubyman
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574864 of user rubyman.
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1975]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574864.
Jun 23 03:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Failed password for root from 141.11.88.12 port 26466 ssh2
Jun 23 03:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Connection closed by 141.11.88.12 port 26466 [preauth]
Jun 23 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session closed for user root
Jun 23 03:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: Failed password for root from 141.11.88.12 port 44542 ssh2
Jun 23 03:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: Connection closed by 141.11.88.12 port 44542 [preauth]
Jun 23 03:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: Invalid user ftptest from 141.11.88.12
Jun 23 03:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: input_userauth_request: invalid user ftptest [preauth]
Jun 23 03:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: Failed password for invalid user ftptest from 141.11.88.12 port 26640 ssh2
Jun 23 03:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: Connection closed by 141.11.88.12 port 26640 [preauth]
Jun 23 03:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: Invalid user user1 from 141.11.88.12
Jun 23 03:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: input_userauth_request: invalid user user1 [preauth]
Jun 23 03:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: Failed password for invalid user user1 from 141.11.88.12 port 26712 ssh2
Jun 23 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2248]: Connection closed by 141.11.88.12 port 26712 [preauth]
Jun 23 03:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: Invalid user client from 141.11.88.12
Jun 23 03:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: input_userauth_request: invalid user client [preauth]
Jun 23 03:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: Failed password for invalid user client from 141.11.88.12 port 21978 ssh2
Jun 23 03:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: Connection closed by 141.11.88.12 port 21978 [preauth]
Jun 23 03:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Invalid user manoj from 141.11.88.12
Jun 23 03:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: input_userauth_request: invalid user manoj [preauth]
Jun 23 03:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Failed password for invalid user manoj from 141.11.88.12 port 22020 ssh2
Jun 23 03:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2284]: Failed password for root from 144.225.187.123 port 45150 ssh2
Jun 23 03:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Connection closed by 141.11.88.12 port 22020 [preauth]
Jun 23 03:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2284]: Connection closed by 144.225.187.123 port 45150 [preauth]
Jun 23 03:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[827]: pam_unix(cron:session): session closed for user root
Jun 23 03:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: Invalid user ivan from 141.11.88.12
Jun 23 03:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: input_userauth_request: invalid user ivan [preauth]
Jun 23 03:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: Failed password for invalid user ivan from 141.11.88.12 port 59434 ssh2
Jun 23 03:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: Connection closed by 141.11.88.12 port 59434 [preauth]
Jun 23 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for root from 141.11.88.12 port 59482 ssh2
Jun 23 03:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Connection closed by 141.11.88.12 port 59482 [preauth]
Jun 23 03:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Invalid user guest from 141.11.88.12
Jun 23 03:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: input_userauth_request: invalid user guest [preauth]
Jun 23 03:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Failed password for invalid user guest from 141.11.88.12 port 39350 ssh2
Jun 23 03:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Connection closed by 141.11.88.12 port 39350 [preauth]
Jun 23 03:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: Failed password for root from 141.11.88.12 port 39364 ssh2
Jun 23 03:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: Connection closed by 141.11.88.12 port 39364 [preauth]
Jun 23 03:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Invalid user admin from 141.11.88.12
Jun 23 03:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Failed password for invalid user admin from 141.11.88.12 port 14544 ssh2
Jun 23 03:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Connection closed by 141.11.88.12 port 14544 [preauth]
Jun 23 03:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Invalid user mh from 141.11.88.12
Jun 23 03:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: input_userauth_request: invalid user mh [preauth]
Jun 23 03:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2404]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Failed password for invalid user mh from 141.11.88.12 port 14556 ssh2
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: Successful su for rubyman by root
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: + ??? root:rubyman
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574868 of user rubyman.
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574868.
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Connection closed by 141.11.88.12 port 14556 [preauth]
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: Invalid user postgres from 144.225.187.123
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: input_userauth_request: invalid user postgres [preauth]
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31799]: pam_unix(cron:session): session closed for user root
Jun 23 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: Failed password for invalid user postgres from 144.225.187.123 port 48776 ssh2
Jun 23 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: Connection closed by 144.225.187.123 port 48776 [preauth]
Jun 23 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: Failed password for root from 193.37.70.224 port 44004 ssh2
Jun 23 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: Connection closed by 193.37.70.224 port 44004 [preauth]
Jun 23 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 03:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: Failed password for root from 141.11.88.12 port 30796 ssh2
Jun 23 03:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: Failed password for root from 193.24.211.107 port 59143 ssh2
Jun 23 03:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: Received disconnect from 193.24.211.107 port 59143:11: Client disconnecting normally [preauth]
Jun 23 03:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: Disconnected from 193.24.211.107 port 59143 [preauth]
Jun 23 03:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: Connection closed by 141.11.88.12 port 30796 [preauth]
Jun 23 03:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for root from 141.11.88.12 port 57242 ssh2
Jun 23 03:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Connection closed by 141.11.88.12 port 57242 [preauth]
Jun 23 03:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2698]: Invalid user alex from 141.11.88.12
Jun 23 03:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2698]: input_userauth_request: invalid user alex [preauth]
Jun 23 03:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2698]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2698]: Failed password for invalid user alex from 141.11.88.12 port 57272 ssh2
Jun 23 03:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2698]: Connection closed by 141.11.88.12 port 57272 [preauth]
Jun 23 03:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 03:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: Failed password for root from 147.45.211.215 port 41100 ssh2
Jun 23 03:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: Connection closed by 147.45.211.215 port 41100 [preauth]
Jun 23 03:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Failed password for root from 195.178.191.5 port 38152 ssh2
Jun 23 03:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Received disconnect from 195.178.191.5 port 38152:11: Bye Bye [preauth]
Jun 23 03:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Disconnected from 195.178.191.5 port 38152 [preauth]
Jun 23 03:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Failed password for root from 141.11.88.12 port 57300 ssh2
Jun 23 03:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Connection closed by 141.11.88.12 port 57300 [preauth]
Jun 23 03:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for root from 141.11.88.12 port 54320 ssh2
Jun 23 03:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Connection closed by 141.11.88.12 port 54320 [preauth]
Jun 23 03:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: Invalid user kevin from 141.11.88.12
Jun 23 03:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: input_userauth_request: invalid user kevin [preauth]
Jun 23 03:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1319]: pam_unix(cron:session): session closed for user root
Jun 23 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: Failed password for invalid user kevin from 141.11.88.12 port 30454 ssh2
Jun 23 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: Connection closed by 141.11.88.12 port 30454 [preauth]
Jun 23 03:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: User mysql from 144.225.187.123 not allowed because not listed in AllowUsers
Jun 23 03:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: input_userauth_request: invalid user mysql [preauth]
Jun 23 03:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=mysql
Jun 23 03:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: Invalid user apex from 141.11.88.12
Jun 23 03:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: input_userauth_request: invalid user apex [preauth]
Jun 23 03:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Failed password for invalid user mysql from 144.225.187.123 port 60046 ssh2
Jun 23 03:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Connection closed by 144.225.187.123 port 60046 [preauth]
Jun 23 03:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: Failed password for invalid user apex from 141.11.88.12 port 30490 ssh2
Jun 23 03:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2790]: Connection closed by 141.11.88.12 port 30490 [preauth]
Jun 23 03:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Invalid user user from 141.11.88.12
Jun 23 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: input_userauth_request: invalid user user [preauth]
Jun 23 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Failed password for invalid user user from 141.11.88.12 port 40060 ssh2
Jun 23 03:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Connection closed by 141.11.88.12 port 40060 [preauth]
Jun 23 03:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Invalid user oracle from 141.11.88.12
Jun 23 03:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: input_userauth_request: invalid user oracle [preauth]
Jun 23 03:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Failed password for invalid user oracle from 141.11.88.12 port 48438 ssh2
Jun 23 03:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Connection closed by 141.11.88.12 port 48438 [preauth]
Jun 23 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Failed password for root from 141.11.88.12 port 48462 ssh2
Jun 23 03:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Connection closed by 141.11.88.12 port 48462 [preauth]
Jun 23 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2862]: pam_unix(cron:session): session closed for user root
Jun 23 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2857]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2926]: Successful su for rubyman by root
Jun 23 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2926]: + ??? root:rubyman
Jun 23 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574874 of user rubyman.
Jun 23 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2926]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574874.
Jun 23 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: Invalid user chris from 141.11.88.12
Jun 23 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: input_userauth_request: invalid user chris [preauth]
Jun 23 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: Failed password for invalid user chris from 141.11.88.12 port 35412 ssh2
Jun 23 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: Connection closed by 141.11.88.12 port 35412 [preauth]
Jun 23 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2859]: pam_unix(cron:session): session closed for user root
Jun 23 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32235]: pam_unix(cron:session): session closed for user root
Jun 23 03:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2858]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: Invalid user bpadmin from 141.11.88.12
Jun 23 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: input_userauth_request: invalid user bpadmin [preauth]
Jun 23 03:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: Failed password for invalid user bpadmin from 141.11.88.12 port 35436 ssh2
Jun 23 03:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: Connection closed by 141.11.88.12 port 35436 [preauth]
Jun 23 03:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Invalid user mc from 144.225.187.123
Jun 23 03:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: input_userauth_request: invalid user mc [preauth]
Jun 23 03:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Failed password for invalid user mc from 144.225.187.123 port 53810 ssh2
Jun 23 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Invalid user server from 141.11.88.12
Jun 23 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: input_userauth_request: invalid user server [preauth]
Jun 23 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Connection closed by 144.225.187.123 port 53810 [preauth]
Jun 23 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Failed password for invalid user server from 141.11.88.12 port 13508 ssh2
Jun 23 03:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Connection closed by 141.11.88.12 port 13508 [preauth]
Jun 23 03:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: Invalid user repo from 141.11.88.12
Jun 23 03:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: input_userauth_request: invalid user repo [preauth]
Jun 23 03:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: Failed password for invalid user repo from 141.11.88.12 port 13560 ssh2
Jun 23 03:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3168]: Connection closed by 141.11.88.12 port 13560 [preauth]
Jun 23 03:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Invalid user student from 141.11.88.12
Jun 23 03:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: input_userauth_request: invalid user student [preauth]
Jun 23 03:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Failed password for invalid user student from 141.11.88.12 port 37470 ssh2
Jun 23 03:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Connection closed by 141.11.88.12 port 37470 [preauth]
Jun 23 03:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1890]: pam_unix(cron:session): session closed for user root
Jun 23 03:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: Failed password for root from 141.11.88.12 port 36112 ssh2
Jun 23 03:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: Connection closed by 141.11.88.12 port 36112 [preauth]
Jun 23 03:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3233]: Connection closed by 194.59.206.2 port 59556 [preauth]
Jun 23 03:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Failed password for invalid user ubuntu from 141.11.88.12 port 36132 ssh2
Jun 23 03:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Connection closed by 141.11.88.12 port 36132 [preauth]
Jun 23 03:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Invalid user user1 from 141.11.88.12
Jun 23 03:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: input_userauth_request: invalid user user1 [preauth]
Jun 23 03:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Invalid user tester from 144.225.187.123
Jun 23 03:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: input_userauth_request: invalid user tester [preauth]
Jun 23 03:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Failed password for invalid user user1 from 141.11.88.12 port 48372 ssh2
Jun 23 03:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Connection closed by 141.11.88.12 port 48372 [preauth]
Jun 23 03:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Failed password for invalid user tester from 144.225.187.123 port 46814 ssh2
Jun 23 03:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Connection closed by 144.225.187.123 port 46814 [preauth]
Jun 23 03:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: Failed password for root from 195.178.191.5 port 57764 ssh2
Jun 23 03:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: Received disconnect from 195.178.191.5 port 57764:11: Bye Bye [preauth]
Jun 23 03:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: Disconnected from 195.178.191.5 port 57764 [preauth]
Jun 23 03:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Failed password for root from 141.11.88.12 port 48414 ssh2
Jun 23 03:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Connection closed by 141.11.88.12 port 48414 [preauth]
Jun 23 03:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: Invalid user jay from 141.11.88.12
Jun 23 03:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: input_userauth_request: invalid user jay [preauth]
Jun 23 03:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: Failed password for invalid user jay from 141.11.88.12 port 39620 ssh2
Jun 23 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: Connection closed by 141.11.88.12 port 39620 [preauth]
Jun 23 03:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3377]: Successful su for rubyman by root
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3377]: + ??? root:rubyman
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574879 of user rubyman.
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3377]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574879.
Jun 23 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: Failed password for root from 141.11.88.12 port 39666 ssh2
Jun 23 03:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: Connection closed by 141.11.88.12 port 39666 [preauth]
Jun 23 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32663]: pam_unix(cron:session): session closed for user root
Jun 23 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3312]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: Invalid user karel from 141.11.88.12
Jun 23 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: input_userauth_request: invalid user karel [preauth]
Jun 23 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: Failed password for invalid user karel from 141.11.88.12 port 46030 ssh2
Jun 23 03:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: Connection closed by 141.11.88.12 port 46030 [preauth]
Jun 23 03:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Invalid user deployer from 141.11.88.12
Jun 23 03:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: input_userauth_request: invalid user deployer [preauth]
Jun 23 03:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Failed password for invalid user deployer from 141.11.88.12 port 35798 ssh2
Jun 23 03:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Connection closed by 141.11.88.12 port 35798 [preauth]
Jun 23 03:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: Invalid user temp from 144.225.187.123
Jun 23 03:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: input_userauth_request: invalid user temp [preauth]
Jun 23 03:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: Failed password for invalid user temp from 144.225.187.123 port 50508 ssh2
Jun 23 03:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: Connection closed by 144.225.187.123 port 50508 [preauth]
Jun 23 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Invalid user centos from 141.11.88.12
Jun 23 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: input_userauth_request: invalid user centos [preauth]
Jun 23 03:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Failed password for invalid user centos from 141.11.88.12 port 10808 ssh2
Jun 23 03:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Connection closed by 141.11.88.12 port 10808 [preauth]
Jun 23 03:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: Invalid user tom from 141.11.88.12
Jun 23 03:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: input_userauth_request: invalid user tom [preauth]
Jun 23 03:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: Failed password for invalid user tom from 141.11.88.12 port 10848 ssh2
Jun 23 03:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: Connection closed by 141.11.88.12 port 10848 [preauth]
Jun 23 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2407]: pam_unix(cron:session): session closed for user root
Jun 23 03:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: Invalid user web from 141.11.88.12
Jun 23 03:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: input_userauth_request: invalid user web [preauth]
Jun 23 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: Failed password for invalid user web from 141.11.88.12 port 39162 ssh2
Jun 23 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: Connection closed by 141.11.88.12 port 39162 [preauth]
Jun 23 03:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Invalid user splunk from 141.11.88.12
Jun 23 03:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: input_userauth_request: invalid user splunk [preauth]
Jun 23 03:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Failed password for invalid user splunk from 141.11.88.12 port 39174 ssh2
Jun 23 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Connection closed by 141.11.88.12 port 39174 [preauth]
Jun 23 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Invalid user server from 141.11.88.12
Jun 23 03:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: input_userauth_request: invalid user server [preauth]
Jun 23 03:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Failed password for invalid user server from 141.11.88.12 port 47594 ssh2
Jun 23 03:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Connection closed by 141.11.88.12 port 47594 [preauth]
Jun 23 03:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Invalid user deploy from 141.11.88.12
Jun 23 03:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: Failed password for root from 144.225.187.123 port 52768 ssh2
Jun 23 03:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Failed password for invalid user deploy from 141.11.88.12 port 29780 ssh2
Jun 23 03:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: Connection closed by 144.225.187.123 port 52768 [preauth]
Jun 23 03:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Connection closed by 141.11.88.12 port 29780 [preauth]
Jun 23 03:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Invalid user cloud from 141.11.88.12
Jun 23 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: input_userauth_request: invalid user cloud [preauth]
Jun 23 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3842]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3957]: Successful su for rubyman by root
Jun 23 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3957]: + ??? root:rubyman
Jun 23 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574881 of user rubyman.
Jun 23 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3957]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574881.
Jun 23 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Failed password for invalid user cloud from 141.11.88.12 port 27586 ssh2
Jun 23 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Connection closed by 141.11.88.12 port 27586 [preauth]
Jun 23 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[826]: pam_unix(cron:session): session closed for user root
Jun 23 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3843]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: Invalid user dst from 141.11.88.12
Jun 23 03:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: input_userauth_request: invalid user dst [preauth]
Jun 23 03:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: Failed password for invalid user dst from 141.11.88.12 port 27632 ssh2
Jun 23 03:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: Connection closed by 141.11.88.12 port 27632 [preauth]
Jun 23 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Failed password for root from 195.178.191.5 port 33786 ssh2
Jun 23 03:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Received disconnect from 195.178.191.5 port 33786:11: Bye Bye [preauth]
Jun 23 03:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Disconnected from 195.178.191.5 port 33786 [preauth]
Jun 23 03:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Failed password for root from 141.11.88.12 port 24498 ssh2
Jun 23 03:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Connection closed by 141.11.88.12 port 24498 [preauth]
Jun 23 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: Invalid user oracle from 141.11.88.12
Jun 23 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: input_userauth_request: invalid user oracle [preauth]
Jun 23 03:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: Failed password for invalid user oracle from 141.11.88.12 port 24526 ssh2
Jun 23 03:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4230]: Connection closed by 141.11.88.12 port 24526 [preauth]
Jun 23 03:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Invalid user marketing from 141.11.88.12
Jun 23 03:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: input_userauth_request: invalid user marketing [preauth]
Jun 23 03:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4255]: Failed password for root from 144.225.187.123 port 33738 ssh2
Jun 23 03:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4255]: Connection closed by 144.225.187.123 port 33738 [preauth]
Jun 23 03:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Failed password for invalid user marketing from 141.11.88.12 port 13564 ssh2
Jun 23 03:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Connection closed by 141.11.88.12 port 13564 [preauth]
Jun 23 03:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2861]: pam_unix(cron:session): session closed for user root
Jun 23 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: Invalid user alex from 141.11.88.12
Jun 23 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: input_userauth_request: invalid user alex [preauth]
Jun 23 03:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: Failed password for invalid user alex from 141.11.88.12 port 47316 ssh2
Jun 23 03:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: Connection closed by 141.11.88.12 port 47316 [preauth]
Jun 23 03:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: Invalid user deploy from 141.11.88.12
Jun 23 03:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: Failed password for invalid user deploy from 141.11.88.12 port 47340 ssh2
Jun 23 03:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: Connection closed by 141.11.88.12 port 47340 [preauth]
Jun 23 03:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: Failed password for root from 141.11.88.12 port 27152 ssh2
Jun 23 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: Connection closed by 141.11.88.12 port 27152 [preauth]
Jun 23 03:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Invalid user bot from 141.11.88.12
Jun 23 03:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: input_userauth_request: invalid user bot [preauth]
Jun 23 03:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Failed password for invalid user bot from 141.11.88.12 port 37648 ssh2
Jun 23 03:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Connection closed by 141.11.88.12 port 37648 [preauth]
Jun 23 03:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Failed password for invalid user ubuntu from 141.11.88.12 port 37678 ssh2
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Connection closed by 141.11.88.12 port 37678 [preauth]
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4375]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4434]: Successful su for rubyman by root
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4434]: + ??? root:rubyman
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574885 of user rubyman.
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4434]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574885.
Jun 23 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Failed password for root from 144.225.187.123 port 53262 ssh2
Jun 23 03:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1318]: pam_unix(cron:session): session closed for user root
Jun 23 03:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Connection closed by 144.225.187.123 port 53262 [preauth]
Jun 23 03:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Invalid user deploy from 141.11.88.12
Jun 23 03:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4376]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Failed password for invalid user deploy from 141.11.88.12 port 40326 ssh2
Jun 23 03:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Connection closed by 141.11.88.12 port 40326 [preauth]
Jun 23 03:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: Invalid user deajah from 141.98.83.240
Jun 23 03:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: input_userauth_request: invalid user deajah [preauth]
Jun 23 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 03:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: Failed password for invalid user deajah from 141.98.83.240 port 4710 ssh2
Jun 23 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Invalid user s from 141.11.88.12
Jun 23 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: input_userauth_request: invalid user s [preauth]
Jun 23 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: Failed password for invalid user deajah from 141.98.83.240 port 4710 ssh2
Jun 23 03:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Failed password for invalid user s from 141.11.88.12 port 44698 ssh2
Jun 23 03:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Connection closed by 141.11.88.12 port 44698 [preauth]
Jun 23 03:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: Failed password for invalid user deajah from 141.98.83.240 port 4710 ssh2
Jun 23 03:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: Connection closed by 141.98.83.240 port 4710 [preauth]
Jun 23 03:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 03:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Failed password for root from 141.11.88.12 port 44720 ssh2
Jun 23 03:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Connection closed by 141.11.88.12 port 44720 [preauth]
Jun 23 03:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: Invalid user ftpuser from 141.11.88.12
Jun 23 03:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 03:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: Failed password for invalid user ftpuser from 141.11.88.12 port 29562 ssh2
Jun 23 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: Connection closed by 141.11.88.12 port 29562 [preauth]
Jun 23 03:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Invalid user client from 141.11.88.12
Jun 23 03:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: input_userauth_request: invalid user client [preauth]
Jun 23 03:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Failed password for invalid user client from 141.11.88.12 port 29590 ssh2
Jun 23 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session closed for user root
Jun 23 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Connection closed by 141.11.88.12 port 29590 [preauth]
Jun 23 03:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: Invalid user farmacia from 141.11.88.12
Jun 23 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: input_userauth_request: invalid user farmacia [preauth]
Jun 23 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: Invalid user newadmin from 195.178.191.5
Jun 23 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: input_userauth_request: invalid user newadmin [preauth]
Jun 23 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: Failed password for root from 144.225.187.123 port 47542 ssh2
Jun 23 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: Connection closed by 144.225.187.123 port 47542 [preauth]
Jun 23 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: Failed password for invalid user farmacia from 141.11.88.12 port 25626 ssh2
Jun 23 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: Connection closed by 141.11.88.12 port 25626 [preauth]
Jun 23 03:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: Failed password for invalid user newadmin from 195.178.191.5 port 35044 ssh2
Jun 23 03:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: Received disconnect from 195.178.191.5 port 35044:11: Bye Bye [preauth]
Jun 23 03:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: Disconnected from 195.178.191.5 port 35044 [preauth]
Jun 23 03:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: Invalid user b2 from 141.11.88.12
Jun 23 03:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: input_userauth_request: invalid user b2 [preauth]
Jun 23 03:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: Failed password for invalid user b2 from 141.11.88.12 port 44034 ssh2
Jun 23 03:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: Connection closed by 141.11.88.12 port 44034 [preauth]
Jun 23 03:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Invalid user rocky from 141.11.88.12
Jun 23 03:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: input_userauth_request: invalid user rocky [preauth]
Jun 23 03:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for invalid user rocky from 141.11.88.12 port 44074 ssh2
Jun 23 03:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Connection closed by 141.11.88.12 port 44074 [preauth]
Jun 23 03:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: User mysql from 141.11.88.12 not allowed because not listed in AllowUsers
Jun 23 03:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: input_userauth_request: invalid user mysql [preauth]
Jun 23 03:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=mysql
Jun 23 03:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: Failed password for invalid user mysql from 141.11.88.12 port 14972 ssh2
Jun 23 03:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: Connection closed by 141.11.88.12 port 14972 [preauth]
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4901]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4978]: Successful su for rubyman by root
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4978]: + ??? root:rubyman
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574890 of user rubyman.
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4978]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574890.
Jun 23 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: Invalid user deployer from 141.11.88.12
Jun 23 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: input_userauth_request: invalid user deployer [preauth]
Jun 23 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session closed for user root
Jun 23 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: Failed password for invalid user deployer from 141.11.88.12 port 13584 ssh2
Jun 23 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: Connection closed by 141.11.88.12 port 13584 [preauth]
Jun 23 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4902]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: Failed password for root from 141.11.88.12 port 13620 ssh2
Jun 23 03:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: Connection closed by 141.11.88.12 port 13620 [preauth]
Jun 23 03:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: Failed password for root from 144.225.187.123 port 58302 ssh2
Jun 23 03:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: Connection closed by 144.225.187.123 port 58302 [preauth]
Jun 23 03:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Invalid user steam from 141.11.88.12
Jun 23 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: input_userauth_request: invalid user steam [preauth]
Jun 23 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Failed password for invalid user steam from 141.11.88.12 port 19576 ssh2
Jun 23 03:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Connection closed by 141.11.88.12 port 19576 [preauth]
Jun 23 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: Failed password for root from 141.11.88.12 port 55770 ssh2
Jun 23 03:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: Connection closed by 141.11.88.12 port 55770 [preauth]
Jun 23 03:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Failed password for root from 141.11.88.12 port 55858 ssh2
Jun 23 03:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Connection closed by 141.11.88.12 port 55858 [preauth]
Jun 23 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session closed for user root
Jun 23 03:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: Invalid user arthur from 141.11.88.12
Jun 23 03:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: input_userauth_request: invalid user arthur [preauth]
Jun 23 03:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: Failed password for invalid user arthur from 141.11.88.12 port 44712 ssh2
Jun 23 03:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: Connection closed by 141.11.88.12 port 44712 [preauth]
Jun 23 03:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5282]: Failed password for root from 141.11.88.12 port 24912 ssh2
Jun 23 03:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5282]: Connection closed by 141.11.88.12 port 24912 [preauth]
Jun 23 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5296]: Failed password for root from 144.225.187.123 port 51300 ssh2
Jun 23 03:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 03:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5296]: Connection closed by 144.225.187.123 port 51300 [preauth]
Jun 23 03:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Invalid user public from 141.11.88.12
Jun 23 03:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: input_userauth_request: invalid user public [preauth]
Jun 23 03:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: Failed password for root from 109.237.96.109 port 48380 ssh2
Jun 23 03:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: Connection closed by 109.237.96.109 port 48380 [preauth]
Jun 23 03:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Failed password for invalid user public from 141.11.88.12 port 24964 ssh2
Jun 23 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Connection closed by 141.11.88.12 port 24964 [preauth]
Jun 23 03:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Invalid user user from 141.11.88.12
Jun 23 03:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: input_userauth_request: invalid user user [preauth]
Jun 23 03:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Failed password for invalid user user from 141.11.88.12 port 57834 ssh2
Jun 23 03:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Connection closed by 141.11.88.12 port 57834 [preauth]
Jun 23 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session closed for user root
Jun 23 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5424]: Successful su for rubyman by root
Jun 23 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5424]: + ??? root:rubyman
Jun 23 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574895 of user rubyman.
Jun 23 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5424]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574895.
Jun 23 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session closed for user root
Jun 23 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session closed for user root
Jun 23 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: Failed password for root from 141.11.88.12 port 11986 ssh2
Jun 23 03:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: Connection closed by 141.11.88.12 port 11986 [preauth]
Jun 23 03:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: Invalid user test from 141.11.88.12
Jun 23 03:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: input_userauth_request: invalid user test [preauth]
Jun 23 03:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: Failed password for invalid user test from 141.11.88.12 port 16196 ssh2
Jun 23 03:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: Connection closed by 141.11.88.12 port 16196 [preauth]
Jun 23 03:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: Failed password for root from 195.178.191.5 port 37548 ssh2
Jun 23 03:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: Received disconnect from 195.178.191.5 port 37548:11: Bye Bye [preauth]
Jun 23 03:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5639]: Disconnected from 195.178.191.5 port 37548 [preauth]
Jun 23 03:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: Invalid user cloud from 141.11.88.12
Jun 23 03:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: input_userauth_request: invalid user cloud [preauth]
Jun 23 03:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: Failed password for invalid user cloud from 141.11.88.12 port 16252 ssh2
Jun 23 03:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: Connection closed by 141.11.88.12 port 16252 [preauth]
Jun 23 03:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5663]: Failed password for root from 144.225.187.123 port 44278 ssh2
Jun 23 03:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5663]: Connection closed by 144.225.187.123 port 44278 [preauth]
Jun 23 03:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Invalid user trader from 141.11.88.12
Jun 23 03:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: input_userauth_request: invalid user trader [preauth]
Jun 23 03:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Failed password for invalid user trader from 141.11.88.12 port 57984 ssh2
Jun 23 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Connection closed by 141.11.88.12 port 57984 [preauth]
Jun 23 03:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: Invalid user admin from 141.11.88.12
Jun 23 03:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: Failed password for invalid user admin from 141.11.88.12 port 58062 ssh2
Jun 23 03:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: Connection closed by 141.11.88.12 port 58062 [preauth]
Jun 23 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4378]: pam_unix(cron:session): session closed for user root
Jun 23 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 23 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Invalid user no from 141.11.88.12
Jun 23 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: input_userauth_request: invalid user no [preauth]
Jun 23 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5720]: Failed password for root from 46.19.67.181 port 53658 ssh2
Jun 23 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5720]: Connection closed by 46.19.67.181 port 53658 [preauth]
Jun 23 03:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Failed password for invalid user no from 141.11.88.12 port 55792 ssh2
Jun 23 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Connection closed by 141.11.88.12 port 55792 [preauth]
Jun 23 03:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: Invalid user ubnt from 193.46.255.86
Jun 23 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: input_userauth_request: invalid user ubnt [preauth]
Jun 23 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 03:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: Invalid user student from 141.11.88.12
Jun 23 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: input_userauth_request: invalid user student [preauth]
Jun 23 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: Failed password for invalid user ubnt from 193.46.255.86 port 10198 ssh2
Jun 23 03:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 03:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: Failed password for invalid user student from 141.11.88.12 port 26636 ssh2
Jun 23 03:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: Connection closed by 141.11.88.12 port 26636 [preauth]
Jun 23 03:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: Failed password for invalid user ubnt from 193.46.255.86 port 10198 ssh2
Jun 23 03:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: Failed password for root from 103.15.222.183 port 60150 ssh2
Jun 23 03:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: Connection closed by 103.15.222.183 port 60150 [preauth]
Jun 23 03:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: Failed password for invalid user ubnt from 193.46.255.86 port 10198 ssh2
Jun 23 03:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: Connection closed by 193.46.255.86 port 10198 [preauth]
Jun 23 03:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5741]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 03:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: Invalid user maarch from 141.11.88.12
Jun 23 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: input_userauth_request: invalid user maarch [preauth]
Jun 23 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: Failed password for invalid user maarch from 141.11.88.12 port 26652 ssh2
Jun 23 03:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: Connection closed by 141.11.88.12 port 26652 [preauth]
Jun 23 03:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Failed password for root from 144.225.187.123 port 34062 ssh2
Jun 23 03:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Connection closed by 144.225.187.123 port 34062 [preauth]
Jun 23 03:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Invalid user installer from 141.11.88.12
Jun 23 03:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: input_userauth_request: invalid user installer [preauth]
Jun 23 03:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Failed password for invalid user installer from 141.11.88.12 port 53882 ssh2
Jun 23 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Connection closed by 141.11.88.12 port 53882 [preauth]
Jun 23 03:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: Successful su for rubyman by root
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: + ??? root:rubyman
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574900 of user rubyman.
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574900.
Jun 23 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: Failed password for root from 194.113.233.25 port 57254 ssh2
Jun 23 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5792]: Connection closed by 194.113.233.25 port 57254 [preauth]
Jun 23 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: Invalid user claude from 141.11.88.12
Jun 23 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: input_userauth_request: invalid user claude [preauth]
Jun 23 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2860]: pam_unix(cron:session): session closed for user root
Jun 23 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: Failed password for invalid user claude from 141.11.88.12 port 19454 ssh2
Jun 23 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5805]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: Connection closed by 141.11.88.12 port 19454 [preauth]
Jun 23 03:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Invalid user abuse from 141.11.88.12
Jun 23 03:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: input_userauth_request: invalid user abuse [preauth]
Jun 23 03:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Failed password for invalid user abuse from 141.11.88.12 port 19488 ssh2
Jun 23 03:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Connection closed by 141.11.88.12 port 19488 [preauth]
Jun 23 03:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Failed password for root from 141.11.88.12 port 30406 ssh2
Jun 23 03:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Connection closed by 141.11.88.12 port 30406 [preauth]
Jun 23 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Invalid user runner from 141.11.88.12
Jun 23 03:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: input_userauth_request: invalid user runner [preauth]
Jun 23 03:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Failed password for invalid user runner from 141.11.88.12 port 49130 ssh2
Jun 23 03:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Connection closed by 141.11.88.12 port 49130 [preauth]
Jun 23 03:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6117]: Invalid user administrador from 141.11.88.12
Jun 23 03:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6117]: input_userauth_request: invalid user administrador [preauth]
Jun 23 03:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6117]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6117]: Failed password for invalid user administrador from 141.11.88.12 port 49190 ssh2
Jun 23 03:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6117]: Connection closed by 141.11.88.12 port 49190 [preauth]
Jun 23 03:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6107]: Failed password for root from 144.225.187.123 port 58886 ssh2
Jun 23 03:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6107]: Connection closed by 144.225.187.123 port 58886 [preauth]
Jun 23 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4905]: pam_unix(cron:session): session closed for user root
Jun 23 03:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Invalid user developer1 from 141.11.88.12
Jun 23 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: input_userauth_request: invalid user developer1 [preauth]
Jun 23 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Failed password for invalid user developer1 from 141.11.88.12 port 13728 ssh2
Jun 23 03:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Connection closed by 141.11.88.12 port 13728 [preauth]
Jun 23 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: Invalid user cyber from 141.11.88.12
Jun 23 03:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: input_userauth_request: invalid user cyber [preauth]
Jun 23 03:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: Failed password for invalid user cyber from 141.11.88.12 port 47936 ssh2
Jun 23 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: Connection closed by 141.11.88.12 port 47936 [preauth]
Jun 23 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Invalid user lzy from 195.178.191.5
Jun 23 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: input_userauth_request: invalid user lzy [preauth]
Jun 23 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Failed password for invalid user lzy from 195.178.191.5 port 53944 ssh2
Jun 23 03:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Received disconnect from 195.178.191.5 port 53944:11: Bye Bye [preauth]
Jun 23 03:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Disconnected from 195.178.191.5 port 53944 [preauth]
Jun 23 03:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6198]: Invalid user dev from 141.11.88.12
Jun 23 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6198]: input_userauth_request: invalid user dev [preauth]
Jun 23 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6198]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6198]: Failed password for invalid user dev from 141.11.88.12 port 47970 ssh2
Jun 23 03:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6198]: Connection closed by 141.11.88.12 port 47970 [preauth]
Jun 23 03:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Invalid user ian from 141.11.88.12
Jun 23 03:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: input_userauth_request: invalid user ian [preauth]
Jun 23 03:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Failed password for invalid user ian from 141.11.88.12 port 41948 ssh2
Jun 23 03:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Connection closed by 141.11.88.12 port 41948 [preauth]
Jun 23 03:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6226]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6286]: Successful su for rubyman by root
Jun 23 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6286]: + ??? root:rubyman
Jun 23 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574903 of user rubyman.
Jun 23 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6286]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574903.
Jun 23 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Invalid user postgres from 141.11.88.12
Jun 23 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: input_userauth_request: invalid user postgres [preauth]
Jun 23 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Failed password for root from 144.225.187.123 port 48264 ssh2
Jun 23 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session closed for user root
Jun 23 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Connection closed by 144.225.187.123 port 48264 [preauth]
Jun 23 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Failed password for invalid user postgres from 141.11.88.12 port 41972 ssh2
Jun 23 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Connection closed by 141.11.88.12 port 41972 [preauth]
Jun 23 03:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Invalid user test from 141.11.88.12
Jun 23 03:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: input_userauth_request: invalid user test [preauth]
Jun 23 03:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Failed password for invalid user test from 141.11.88.12 port 37490 ssh2
Jun 23 03:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Connection closed by 141.11.88.12 port 37490 [preauth]
Jun 23 03:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: Invalid user debian from 141.11.88.12
Jun 23 03:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: input_userauth_request: invalid user debian [preauth]
Jun 23 03:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: Failed password for invalid user debian from 141.11.88.12 port 34450 ssh2
Jun 23 03:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: Connection closed by 141.11.88.12 port 34450 [preauth]
Jun 23 03:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: Failed password for root from 141.11.88.12 port 34506 ssh2
Jun 23 03:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: Connection closed by 141.11.88.12 port 34506 [preauth]
Jun 23 03:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: Invalid user deployer from 141.11.88.12
Jun 23 03:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: input_userauth_request: invalid user deployer [preauth]
Jun 23 03:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: Failed password for invalid user deployer from 141.11.88.12 port 61144 ssh2
Jun 23 03:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: Connection closed by 141.11.88.12 port 61144 [preauth]
Jun 23 03:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session closed for user root
Jun 23 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: Failed password for root from 141.11.88.12 port 59688 ssh2
Jun 23 03:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: Connection closed by 141.11.88.12 port 59688 [preauth]
Jun 23 03:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: Failed password for root from 144.225.187.123 port 57524 ssh2
Jun 23 03:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: Connection closed by 144.225.187.123 port 57524 [preauth]
Jun 23 03:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: Invalid user frank from 141.11.88.12
Jun 23 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: input_userauth_request: invalid user frank [preauth]
Jun 23 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: Failed password for invalid user frank from 141.11.88.12 port 59700 ssh2
Jun 23 03:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: Connection closed by 141.11.88.12 port 59700 [preauth]
Jun 23 03:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Invalid user bot from 141.11.88.12
Jun 23 03:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: input_userauth_request: invalid user bot [preauth]
Jun 23 03:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Failed password for invalid user bot from 141.11.88.12 port 25134 ssh2
Jun 23 03:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Connection closed by 141.11.88.12 port 25134 [preauth]
Jun 23 03:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: Invalid user zabbix from 141.11.88.12
Jun 23 03:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: input_userauth_request: invalid user zabbix [preauth]
Jun 23 03:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: Failed password for invalid user zabbix from 141.11.88.12 port 49130 ssh2
Jun 23 03:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: Connection closed by 141.11.88.12 port 49130 [preauth]
Jun 23 03:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6633]: Invalid user test3 from 141.11.88.12
Jun 23 03:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6633]: input_userauth_request: invalid user test3 [preauth]
Jun 23 03:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6633]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6643]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6708]: Successful su for rubyman by root
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6708]: + ??? root:rubyman
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574907 of user rubyman.
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6708]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574907.
Jun 23 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6633]: Failed password for invalid user test3 from 141.11.88.12 port 49162 ssh2
Jun 23 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6633]: Connection closed by 141.11.88.12 port 49162 [preauth]
Jun 23 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session closed for user root
Jun 23 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6644]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Invalid user pruebas from 141.11.88.12
Jun 23 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: input_userauth_request: invalid user pruebas [preauth]
Jun 23 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Failed password for invalid user pruebas from 141.11.88.12 port 51696 ssh2
Jun 23 03:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Invalid user deploy from 144.225.187.123
Jun 23 03:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Connection closed by 141.11.88.12 port 51696 [preauth]
Jun 23 03:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Failed password for invalid user deploy from 144.225.187.123 port 34492 ssh2
Jun 23 03:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Connection closed by 144.225.187.123 port 34492 [preauth]
Jun 23 03:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Invalid user eduardo from 141.11.88.12
Jun 23 03:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: input_userauth_request: invalid user eduardo [preauth]
Jun 23 03:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6937]: Invalid user postgres from 195.178.191.5
Jun 23 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6937]: input_userauth_request: invalid user postgres [preauth]
Jun 23 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6937]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Failed password for invalid user eduardo from 141.11.88.12 port 40984 ssh2
Jun 23 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Connection closed by 141.11.88.12 port 40984 [preauth]
Jun 23 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6937]: Failed password for invalid user postgres from 195.178.191.5 port 34740 ssh2
Jun 23 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6937]: Received disconnect from 195.178.191.5 port 34740:11: Bye Bye [preauth]
Jun 23 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6937]: Disconnected from 195.178.191.5 port 34740 [preauth]
Jun 23 03:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Invalid user benjamin from 141.11.88.12
Jun 23 03:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: input_userauth_request: invalid user benjamin [preauth]
Jun 23 03:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Failed password for invalid user benjamin from 141.11.88.12 port 41030 ssh2
Jun 23 03:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Connection closed by 141.11.88.12 port 41030 [preauth]
Jun 23 03:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Failed password for root from 141.11.88.12 port 44622 ssh2
Jun 23 03:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Connection closed by 141.11.88.12 port 44622 [preauth]
Jun 23 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session closed for user root
Jun 23 03:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Failed password for root from 141.11.88.12 port 51844 ssh2
Jun 23 03:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Connection closed by 141.11.88.12 port 51844 [preauth]
Jun 23 03:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: Failed password for root from 141.11.88.12 port 51878 ssh2
Jun 23 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: Connection closed by 141.11.88.12 port 51878 [preauth]
Jun 23 03:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7067]: Failed password for root from 144.225.187.123 port 58280 ssh2
Jun 23 03:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7067]: Connection closed by 144.225.187.123 port 58280 [preauth]
Jun 23 03:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Invalid user soporte from 141.11.88.12
Jun 23 03:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: input_userauth_request: invalid user soporte [preauth]
Jun 23 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Failed password for invalid user soporte from 141.11.88.12 port 28752 ssh2
Jun 23 03:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Connection closed by 141.11.88.12 port 28752 [preauth]
Jun 23 03:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7148]: Invalid user sammy from 141.11.88.12
Jun 23 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7148]: input_userauth_request: invalid user sammy [preauth]
Jun 23 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7148]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7148]: Failed password for invalid user sammy from 141.11.88.12 port 56346 ssh2
Jun 23 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7148]: Connection closed by 141.11.88.12 port 56346 [preauth]
Jun 23 03:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Invalid user anna from 141.11.88.12
Jun 23 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: input_userauth_request: invalid user anna [preauth]
Jun 23 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7173]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7298]: Successful su for rubyman by root
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7298]: + ??? root:rubyman
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574913 of user rubyman.
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7298]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574913.
Jun 23 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Failed password for invalid user anna from 141.11.88.12 port 56410 ssh2
Jun 23 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Connection closed by 141.11.88.12 port 56410 [preauth]
Jun 23 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7171]: pam_unix(cron:session): session closed for user root
Jun 23 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4377]: pam_unix(cron:session): session closed for user root
Jun 23 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7174]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Invalid user osmc from 141.11.88.12
Jun 23 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: input_userauth_request: invalid user osmc [preauth]
Jun 23 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Failed password for invalid user osmc from 141.11.88.12 port 20844 ssh2
Jun 23 03:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Connection closed by 141.11.88.12 port 20844 [preauth]
Jun 23 03:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: Invalid user d from 141.11.88.12
Jun 23 03:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: input_userauth_request: invalid user d [preauth]
Jun 23 03:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: Failed password for invalid user d from 141.11.88.12 port 10386 ssh2
Jun 23 03:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: Connection closed by 141.11.88.12 port 10386 [preauth]
Jun 23 03:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: Invalid user pakchoi from 141.11.88.12
Jun 23 03:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: input_userauth_request: invalid user pakchoi [preauth]
Jun 23 03:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7544]: Failed password for root from 144.225.187.123 port 38036 ssh2
Jun 23 03:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7544]: Connection closed by 144.225.187.123 port 38036 [preauth]
Jun 23 03:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: Failed password for invalid user pakchoi from 141.11.88.12 port 10444 ssh2
Jun 23 03:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: Connection closed by 141.11.88.12 port 10444 [preauth]
Jun 23 03:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Invalid user postgres from 141.11.88.12
Jun 23 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: input_userauth_request: invalid user postgres [preauth]
Jun 23 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Failed password for invalid user postgres from 141.11.88.12 port 19522 ssh2
Jun 23 03:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Connection closed by 141.11.88.12 port 19522 [preauth]
Jun 23 03:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: Invalid user joe from 141.11.88.12
Jun 23 03:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: input_userauth_request: invalid user joe [preauth]
Jun 23 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6231]: pam_unix(cron:session): session closed for user root
Jun 23 03:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: Failed password for invalid user joe from 141.11.88.12 port 20632 ssh2
Jun 23 03:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: Connection closed by 141.11.88.12 port 20632 [preauth]
Jun 23 03:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Invalid user ranga from 141.11.88.12
Jun 23 03:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: input_userauth_request: invalid user ranga [preauth]
Jun 23 03:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Failed password for invalid user ranga from 141.11.88.12 port 20690 ssh2
Jun 23 03:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Connection closed by 141.11.88.12 port 20690 [preauth]
Jun 23 03:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Invalid user be from 195.178.191.5
Jun 23 03:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: input_userauth_request: invalid user be [preauth]
Jun 23 03:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Failed password for invalid user be from 195.178.191.5 port 58996 ssh2
Jun 23 03:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Received disconnect from 195.178.191.5 port 58996:11: Bye Bye [preauth]
Jun 23 03:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Disconnected from 195.178.191.5 port 58996 [preauth]
Jun 23 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Invalid user myuser from 141.11.88.12
Jun 23 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: input_userauth_request: invalid user myuser [preauth]
Jun 23 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Failed password for invalid user myuser from 141.11.88.12 port 49380 ssh2
Jun 23 03:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Connection closed by 141.11.88.12 port 49380 [preauth]
Jun 23 03:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for invalid user ubuntu from 141.11.88.12 port 49444 ssh2
Jun 23 03:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Connection closed by 141.11.88.12 port 49444 [preauth]
Jun 23 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Failed password for root from 144.225.187.123 port 41780 ssh2
Jun 23 03:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Connection closed by 144.225.187.123 port 41780 [preauth]
Jun 23 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: Invalid user user from 141.11.88.12
Jun 23 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: input_userauth_request: invalid user user [preauth]
Jun 23 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: Failed password for invalid user user from 141.11.88.12 port 43382 ssh2
Jun 23 03:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: Connection closed by 141.11.88.12 port 43382 [preauth]
Jun 23 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7791]: pam_unix(cron:session): session closed for user root
Jun 23 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7786]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7851]: Successful su for rubyman by root
Jun 23 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7851]: + ??? root:rubyman
Jun 23 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574918 of user rubyman.
Jun 23 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7851]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574918.
Jun 23 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7788]: pam_unix(cron:session): session closed for user root
Jun 23 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4903]: pam_unix(cron:session): session closed for user root
Jun 23 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7787]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7950]: Failed password for root from 141.11.88.12 port 62110 ssh2
Jun 23 03:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7950]: Connection closed by 141.11.88.12 port 62110 [preauth]
Jun 23 03:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Invalid user username from 141.11.88.12
Jun 23 03:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: input_userauth_request: invalid user username [preauth]
Jun 23 03:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Failed password for invalid user username from 141.11.88.12 port 62146 ssh2
Jun 23 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Connection closed by 141.11.88.12 port 62146 [preauth]
Jun 23 03:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: Invalid user ftpuser from 141.11.88.12
Jun 23 03:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 03:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: Failed password for invalid user ftpuser from 141.11.88.12 port 43476 ssh2
Jun 23 03:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: Connection closed by 141.11.88.12 port 43476 [preauth]
Jun 23 03:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Invalid user admin from 141.11.88.12
Jun 23 03:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Failed password for invalid user admin from 141.11.88.12 port 39496 ssh2
Jun 23 03:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Connection closed by 141.11.88.12 port 39496 [preauth]
Jun 23 03:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8123]: Received disconnect from 170.238.136.42 port 52586:11: disconnected by user [preauth]
Jun 23 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8123]: Disconnected from 170.238.136.42 port 52586 [preauth]
Jun 23 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8121]: Failed password for root from 144.225.187.123 port 41944 ssh2
Jun 23 03:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8121]: Connection closed by 144.225.187.123 port 41944 [preauth]
Jun 23 03:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Failed password for invalid user ubuntu from 141.11.88.12 port 39500 ssh2
Jun 23 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Connection closed by 141.11.88.12 port 39500 [preauth]
Jun 23 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6646]: pam_unix(cron:session): session closed for user root
Jun 23 03:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: Invalid user brad from 141.11.88.12
Jun 23 03:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: input_userauth_request: invalid user brad [preauth]
Jun 23 03:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: Failed password for invalid user brad from 141.11.88.12 port 17608 ssh2
Jun 23 03:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: Connection closed by 141.11.88.12 port 17608 [preauth]
Jun 23 03:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Invalid user user from 141.11.88.12
Jun 23 03:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: input_userauth_request: invalid user user [preauth]
Jun 23 03:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Failed password for invalid user user from 141.11.88.12 port 60928 ssh2
Jun 23 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Connection closed by 141.11.88.12 port 60928 [preauth]
Jun 23 03:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: Invalid user jboss from 141.11.88.12
Jun 23 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: input_userauth_request: invalid user jboss [preauth]
Jun 23 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: Failed password for invalid user jboss from 141.11.88.12 port 17234 ssh2
Jun 23 03:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: Connection closed by 141.11.88.12 port 17234 [preauth]
Jun 23 03:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8212]: Failed password for root from 141.11.88.12 port 17272 ssh2
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8212]: Connection closed by 141.11.88.12 port 17272 [preauth]
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: Successful su for rubyman by root
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: + ??? root:rubyman
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574924 of user rubyman.
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574924.
Jun 23 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: Failed password for root from 144.225.187.123 port 41660 ssh2
Jun 23 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: Connection closed by 144.225.187.123 port 41660 [preauth]
Jun 23 03:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session closed for user root
Jun 23 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Failed password for root from 141.11.88.12 port 13102 ssh2
Jun 23 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8226]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Connection closed by 141.11.88.12 port 13102 [preauth]
Jun 23 03:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8488]: Invalid user dev from 141.11.88.12
Jun 23 03:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8488]: input_userauth_request: invalid user dev [preauth]
Jun 23 03:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8488]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Invalid user monitor from 195.178.191.5
Jun 23 03:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: input_userauth_request: invalid user monitor [preauth]
Jun 23 03:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8488]: Failed password for invalid user dev from 141.11.88.12 port 13116 ssh2
Jun 23 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Failed password for invalid user monitor from 195.178.191.5 port 49884 ssh2
Jun 23 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8488]: Connection closed by 141.11.88.12 port 13116 [preauth]
Jun 23 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Received disconnect from 195.178.191.5 port 49884:11: Bye Bye [preauth]
Jun 23 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Disconnected from 195.178.191.5 port 49884 [preauth]
Jun 23 03:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Invalid user steam from 141.11.88.12
Jun 23 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: input_userauth_request: invalid user steam [preauth]
Jun 23 03:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Failed password for invalid user steam from 141.11.88.12 port 35430 ssh2
Jun 23 03:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Connection closed by 141.11.88.12 port 35430 [preauth]
Jun 23 03:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Invalid user user from 141.11.88.12
Jun 23 03:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: input_userauth_request: invalid user user [preauth]
Jun 23 03:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Failed password for invalid user user from 141.11.88.12 port 31224 ssh2
Jun 23 03:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Connection closed by 141.11.88.12 port 31224 [preauth]
Jun 23 03:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Invalid user csserver from 141.11.88.12
Jun 23 03:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: input_userauth_request: invalid user csserver [preauth]
Jun 23 03:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7177]: pam_unix(cron:session): session closed for user root
Jun 23 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Failed password for invalid user csserver from 141.11.88.12 port 31294 ssh2
Jun 23 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Connection closed by 141.11.88.12 port 31294 [preauth]
Jun 23 03:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8591]: Invalid user a from 141.11.88.12
Jun 23 03:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8591]: input_userauth_request: invalid user a [preauth]
Jun 23 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8591]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8591]: Failed password for invalid user a from 141.11.88.12 port 36872 ssh2
Jun 23 03:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8591]: Connection closed by 141.11.88.12 port 36872 [preauth]
Jun 23 03:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8593]: Failed password for root from 144.225.187.123 port 55616 ssh2
Jun 23 03:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8593]: Connection closed by 144.225.187.123 port 55616 [preauth]
Jun 23 03:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Invalid user share from 141.11.88.12
Jun 23 03:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: input_userauth_request: invalid user share [preauth]
Jun 23 03:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Failed password for invalid user share from 141.11.88.12 port 29484 ssh2
Jun 23 03:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Connection closed by 141.11.88.12 port 29484 [preauth]
Jun 23 03:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Invalid user web from 141.11.88.12
Jun 23 03:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: input_userauth_request: invalid user web [preauth]
Jun 23 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Failed password for invalid user web from 141.11.88.12 port 29546 ssh2
Jun 23 03:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Connection closed by 141.11.88.12 port 29546 [preauth]
Jun 23 03:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Failed password for root from 141.11.88.12 port 21640 ssh2
Jun 23 03:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Connection closed by 141.11.88.12 port 21640 [preauth]
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8718]: Successful su for rubyman by root
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8718]: + ??? root:rubyman
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574926 of user rubyman.
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8718]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574926.
Jun 23 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5806]: pam_unix(cron:session): session closed for user root
Jun 23 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: Failed password for root from 141.11.88.12 port 65270 ssh2
Jun 23 03:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: Connection closed by 141.11.88.12 port 65270 [preauth]
Jun 23 03:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8659]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: Failed password for root from 141.11.88.12 port 65290 ssh2
Jun 23 03:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8902]: Connection closed by 141.11.88.12 port 65290 [preauth]
Jun 23 03:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Failed password for root from 144.225.187.123 port 42036 ssh2
Jun 23 03:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Connection closed by 144.225.187.123 port 42036 [preauth]
Jun 23 03:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Failed password for root from 141.11.88.12 port 49062 ssh2
Jun 23 03:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Connection closed by 141.11.88.12 port 49062 [preauth]
Jun 23 03:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 03:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Failed password for root from 103.172.78.219 port 57456 ssh2
Jun 23 03:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Connection closed by 103.172.78.219 port 57456 [preauth]
Jun 23 03:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8941]: Failed password for root from 141.11.88.12 port 54652 ssh2
Jun 23 03:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8941]: Connection closed by 141.11.88.12 port 54652 [preauth]
Jun 23 03:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8978]: Failed password for root from 141.11.88.12 port 54692 ssh2
Jun 23 03:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8978]: Connection closed by 141.11.88.12 port 54692 [preauth]
Jun 23 03:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7790]: pam_unix(cron:session): session closed for user root
Jun 23 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Invalid user rock from 141.11.88.12
Jun 23 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: input_userauth_request: invalid user rock [preauth]
Jun 23 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Failed password for invalid user rock from 141.11.88.12 port 34796 ssh2
Jun 23 03:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Connection closed by 141.11.88.12 port 34796 [preauth]
Jun 23 03:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Invalid user github from 195.178.191.5
Jun 23 03:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: input_userauth_request: invalid user github [preauth]
Jun 23 03:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5
Jun 23 03:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Failed password for invalid user github from 195.178.191.5 port 51322 ssh2
Jun 23 03:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Received disconnect from 195.178.191.5 port 51322:11: Bye Bye [preauth]
Jun 23 03:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Disconnected from 195.178.191.5 port 51322 [preauth]
Jun 23 03:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: Failed password for invalid user ubuntu from 141.11.88.12 port 34848 ssh2
Jun 23 03:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9022]: Connection closed by 141.11.88.12 port 34848 [preauth]
Jun 23 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: Invalid user osboxes from 141.11.88.12
Jun 23 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: input_userauth_request: invalid user osboxes [preauth]
Jun 23 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: Failed password for invalid user osboxes from 141.11.88.12 port 49986 ssh2
Jun 23 03:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: Connection closed by 141.11.88.12 port 49986 [preauth]
Jun 23 03:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Failed password for root from 144.225.187.123 port 54802 ssh2
Jun 23 03:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Connection closed by 144.225.187.123 port 54802 [preauth]
Jun 23 03:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Invalid user newuser from 141.11.88.12
Jun 23 03:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: input_userauth_request: invalid user newuser [preauth]
Jun 23 03:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Failed password for invalid user newuser from 141.11.88.12 port 43744 ssh2
Jun 23 03:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Connection closed by 141.11.88.12 port 43744 [preauth]
Jun 23 03:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9081]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Failed password for invalid user ubuntu from 141.11.88.12 port 43772 ssh2
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9140]: Successful su for rubyman by root
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9140]: + ??? root:rubyman
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574931 of user rubyman.
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9140]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574931.
Jun 23 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Connection closed by 141.11.88.12 port 43772 [preauth]
Jun 23 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6230]: pam_unix(cron:session): session closed for user root
Jun 23 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Invalid user test from 141.11.88.12
Jun 23 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: input_userauth_request: invalid user test [preauth]
Jun 23 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Failed password for invalid user test from 141.11.88.12 port 21300 ssh2
Jun 23 03:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Connection closed by 141.11.88.12 port 21300 [preauth]
Jun 23 03:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Failed password for root from 141.11.88.12 port 53170 ssh2
Jun 23 03:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Connection closed by 141.11.88.12 port 53170 [preauth]
Jun 23 03:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Invalid user user1 from 141.11.88.12
Jun 23 03:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: input_userauth_request: invalid user user1 [preauth]
Jun 23 03:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user user1 from 141.11.88.12 port 53182 ssh2
Jun 23 03:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Connection closed by 141.11.88.12 port 53182 [preauth]
Jun 23 03:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: Invalid user odoo from 144.225.187.123
Jun 23 03:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: input_userauth_request: invalid user odoo [preauth]
Jun 23 03:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Invalid user alec from 141.11.88.12
Jun 23 03:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: input_userauth_request: invalid user alec [preauth]
Jun 23 03:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: Failed password for invalid user odoo from 144.225.187.123 port 59458 ssh2
Jun 23 03:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Failed password for invalid user alec from 141.11.88.12 port 35492 ssh2
Jun 23 03:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: Connection closed by 144.225.187.123 port 59458 [preauth]
Jun 23 03:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Connection closed by 141.11.88.12 port 35492 [preauth]
Jun 23 03:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Invalid user idempiere from 141.11.88.12
Jun 23 03:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: input_userauth_request: invalid user idempiere [preauth]
Jun 23 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8228]: pam_unix(cron:session): session closed for user root
Jun 23 03:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Failed password for invalid user idempiere from 141.11.88.12 port 31234 ssh2
Jun 23 03:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Connection closed by 141.11.88.12 port 31234 [preauth]
Jun 23 03:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: Invalid user flow from 141.11.88.12
Jun 23 03:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: input_userauth_request: invalid user flow [preauth]
Jun 23 03:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: Invalid user tuan from 141.11.88.12
Jun 23 03:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: input_userauth_request: invalid user tuan [preauth]
Jun 23 03:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: Failed password for invalid user tuan from 141.11.88.12 port 18914 ssh2
Jun 23 03:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: Connection closed by 141.11.88.12 port 18914 [preauth]
Jun 23 03:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: Failed password for invalid user flow from 141.11.88.12 port 31240 ssh2
Jun 23 03:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: Connection closed by 141.11.88.12 port 31240 [preauth]
Jun 23 03:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: Invalid user runner from 141.11.88.12
Jun 23 03:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: input_userauth_request: invalid user runner [preauth]
Jun 23 03:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: Failed password for invalid user runner from 141.11.88.12 port 18964 ssh2
Jun 23 03:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9464]: Connection closed by 141.11.88.12 port 18964 [preauth]
Jun 23 03:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: Invalid user deploy from 141.11.88.12
Jun 23 03:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: Failed password for invalid user deploy from 141.11.88.12 port 31904 ssh2
Jun 23 03:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: Connection closed by 141.11.88.12 port 31904 [preauth]
Jun 23 03:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: Invalid user server from 144.225.187.123
Jun 23 03:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: input_userauth_request: invalid user server [preauth]
Jun 23 03:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: Failed password for invalid user server from 144.225.187.123 port 34162 ssh2
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: Connection closed by 144.225.187.123 port 34162 [preauth]
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9489]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: Invalid user kim from 141.11.88.12
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: input_userauth_request: invalid user kim [preauth]
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9547]: Successful su for rubyman by root
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9547]: + ??? root:rubyman
Jun 23 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574934 of user rubyman.
Jun 23 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9547]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574934.
Jun 23 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: Failed password for invalid user kim from 141.11.88.12 port 29474 ssh2
Jun 23 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9486]: Connection closed by 141.11.88.12 port 29474 [preauth]
Jun 23 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6645]: pam_unix(cron:session): session closed for user root
Jun 23 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: Received disconnect from 86.111.176.100 port 51336:11: disconnected by user [preauth]
Jun 23 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: Disconnected from 86.111.176.100 port 51336 [preauth]
Jun 23 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9707]: Failed password for root from 195.178.191.5 port 54668 ssh2
Jun 23 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9707]: Received disconnect from 195.178.191.5 port 54668:11: Bye Bye [preauth]
Jun 23 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9707]: Disconnected from 195.178.191.5 port 54668 [preauth]
Jun 23 03:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: Failed password for root from 141.11.88.12 port 29516 ssh2
Jun 23 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: Connection closed by 141.11.88.12 port 29516 [preauth]
Jun 23 03:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: Invalid user user01 from 141.11.88.12
Jun 23 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: input_userauth_request: invalid user user01 [preauth]
Jun 23 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: Failed password for invalid user user01 from 141.11.88.12 port 60586 ssh2
Jun 23 03:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: Connection closed by 141.11.88.12 port 60586 [preauth]
Jun 23 03:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Invalid user deployer from 141.11.88.12
Jun 23 03:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: input_userauth_request: invalid user deployer [preauth]
Jun 23 03:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Failed password for invalid user deployer from 141.11.88.12 port 60626 ssh2
Jun 23 03:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Connection closed by 141.11.88.12 port 60626 [preauth]
Jun 23 03:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: Invalid user tony from 141.11.88.12
Jun 23 03:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: input_userauth_request: invalid user tony [preauth]
Jun 23 03:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: Failed password for invalid user tony from 141.11.88.12 port 51066 ssh2
Jun 23 03:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: Connection closed by 141.11.88.12 port 51066 [preauth]
Jun 23 03:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: Invalid user test from 141.11.88.12
Jun 23 03:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: input_userauth_request: invalid user test [preauth]
Jun 23 03:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8661]: pam_unix(cron:session): session closed for user root
Jun 23 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: Failed password for invalid user test from 141.11.88.12 port 33674 ssh2
Jun 23 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: Connection closed by 141.11.88.12 port 33674 [preauth]
Jun 23 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9819]: Failed password for root from 144.225.187.123 port 53246 ssh2
Jun 23 03:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9819]: Connection closed by 144.225.187.123 port 53246 [preauth]
Jun 23 03:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: Failed password for root from 193.24.211.107 port 52568 ssh2
Jun 23 03:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: Received disconnect from 193.24.211.107 port 52568:11: Client disconnecting normally [preauth]
Jun 23 03:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: Disconnected from 193.24.211.107 port 52568 [preauth]
Jun 23 03:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Invalid user frappe from 141.11.88.12
Jun 23 03:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: input_userauth_request: invalid user frappe [preauth]
Jun 23 03:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Failed password for invalid user frappe from 141.11.88.12 port 33724 ssh2
Jun 23 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Connection closed by 141.11.88.12 port 33724 [preauth]
Jun 23 03:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Invalid user frappe from 141.11.88.12
Jun 23 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: input_userauth_request: invalid user frappe [preauth]
Jun 23 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Failed password for invalid user frappe from 141.11.88.12 port 15542 ssh2
Jun 23 03:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Connection closed by 141.11.88.12 port 15542 [preauth]
Jun 23 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Invalid user admin from 141.11.88.12
Jun 23 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Failed password for invalid user admin from 141.11.88.12 port 24958 ssh2
Jun 23 03:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Connection closed by 141.11.88.12 port 24958 [preauth]
Jun 23 03:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Invalid user git from 141.11.88.12
Jun 23 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: input_userauth_request: invalid user git [preauth]
Jun 23 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10099]: pam_unix(cron:session): session closed for user root
Jun 23 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10092]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Failed password for invalid user git from 141.11.88.12 port 24980 ssh2
Jun 23 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10163]: Successful su for rubyman by root
Jun 23 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10163]: + ??? root:rubyman
Jun 23 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Connection closed by 141.11.88.12 port 24980 [preauth]
Jun 23 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574940 of user rubyman.
Jun 23 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10163]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574940.
Jun 23 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10094]: pam_unix(cron:session): session closed for user root
Jun 23 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7176]: pam_unix(cron:session): session closed for user root
Jun 23 03:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Invalid user alfred from 141.11.88.12
Jun 23 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: input_userauth_request: invalid user alfred [preauth]
Jun 23 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10093]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Failed password for invalid user alfred from 141.11.88.12 port 10758 ssh2
Jun 23 03:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Connection closed by 141.11.88.12 port 10758 [preauth]
Jun 23 03:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: Failed password for root from 144.225.187.123 port 35556 ssh2
Jun 23 03:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: Connection closed by 144.225.187.123 port 35556 [preauth]
Jun 23 03:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: Failed password for root from 141.11.88.12 port 58186 ssh2
Jun 23 03:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: Connection closed by 141.11.88.12 port 58186 [preauth]
Jun 23 03:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: Invalid user j from 141.11.88.12
Jun 23 03:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: input_userauth_request: invalid user j [preauth]
Jun 23 03:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: Failed password for invalid user j from 141.11.88.12 port 58224 ssh2
Jun 23 03:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: Connection closed by 141.11.88.12 port 58224 [preauth]
Jun 23 03:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Invalid user wet from 141.11.88.12
Jun 23 03:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: input_userauth_request: invalid user wet [preauth]
Jun 23 03:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Failed password for invalid user wet from 141.11.88.12 port 56720 ssh2
Jun 23 03:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Connection closed by 141.11.88.12 port 56720 [preauth]
Jun 23 03:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: Invalid user cyrus from 141.11.88.12
Jun 23 03:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: input_userauth_request: invalid user cyrus [preauth]
Jun 23 03:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9084]: pam_unix(cron:session): session closed for user root
Jun 23 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10538]: Failed password for root from 195.178.191.5 port 39910 ssh2
Jun 23 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10538]: Received disconnect from 195.178.191.5 port 39910:11: Bye Bye [preauth]
Jun 23 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10538]: Disconnected from 195.178.191.5 port 39910 [preauth]
Jun 23 03:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: Failed password for invalid user cyrus from 141.11.88.12 port 29302 ssh2
Jun 23 03:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: Connection closed by 141.11.88.12 port 29302 [preauth]
Jun 23 03:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Invalid user ly from 141.11.88.12
Jun 23 03:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: input_userauth_request: invalid user ly [preauth]
Jun 23 03:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for invalid user ly from 141.11.88.12 port 29370 ssh2
Jun 23 03:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Connection closed by 141.11.88.12 port 29370 [preauth]
Jun 23 03:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Invalid user n8n from 141.11.88.12
Jun 23 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: input_userauth_request: invalid user n8n [preauth]
Jun 23 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: Failed password for root from 144.225.187.123 port 54122 ssh2
Jun 23 03:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: Connection closed by 144.225.187.123 port 54122 [preauth]
Jun 23 03:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Failed password for invalid user n8n from 141.11.88.12 port 43350 ssh2
Jun 23 03:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Connection closed by 141.11.88.12 port 43350 [preauth]
Jun 23 03:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Invalid user ali from 141.11.88.12
Jun 23 03:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: input_userauth_request: invalid user ali [preauth]
Jun 23 03:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Failed password for invalid user ali from 141.11.88.12 port 43374 ssh2
Jun 23 03:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Connection closed by 141.11.88.12 port 43374 [preauth]
Jun 23 03:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: Invalid user frappe from 141.11.88.12
Jun 23 03:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: input_userauth_request: invalid user frappe [preauth]
Jun 23 03:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: Failed password for invalid user frappe from 141.11.88.12 port 40622 ssh2
Jun 23 03:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: Connection closed by 141.11.88.12 port 40622 [preauth]
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10647]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10717]: Successful su for rubyman by root
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10717]: + ??? root:rubyman
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574945 of user rubyman.
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10717]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574945.
Jun 23 03:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Invalid user odoo from 141.11.88.12
Jun 23 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: input_userauth_request: invalid user odoo [preauth]
Jun 23 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7789]: pam_unix(cron:session): session closed for user root
Jun 23 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Failed password for invalid user odoo from 141.11.88.12 port 62928 ssh2
Jun 23 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Connection closed by 141.11.88.12 port 62928 [preauth]
Jun 23 03:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10927]: Invalid user ftptest from 141.11.88.12
Jun 23 03:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10927]: input_userauth_request: invalid user ftptest [preauth]
Jun 23 03:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10927]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10927]: Failed password for invalid user ftptest from 141.11.88.12 port 39008 ssh2
Jun 23 03:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10927]: Connection closed by 141.11.88.12 port 39008 [preauth]
Jun 23 03:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: Failed password for root from 144.225.187.123 port 55914 ssh2
Jun 23 03:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: Failed password for root from 141.11.88.12 port 39056 ssh2
Jun 23 03:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: Connection closed by 144.225.187.123 port 55914 [preauth]
Jun 23 03:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10955]: Connection closed by 141.11.88.12 port 39056 [preauth]
Jun 23 03:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Invalid user madhuri from 141.11.88.12
Jun 23 03:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: input_userauth_request: invalid user madhuri [preauth]
Jun 23 03:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Failed password for invalid user madhuri from 141.11.88.12 port 11378 ssh2
Jun 23 03:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Connection closed by 141.11.88.12 port 11378 [preauth]
Jun 23 03:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Invalid user anders from 141.11.88.12
Jun 23 03:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: input_userauth_request: invalid user anders [preauth]
Jun 23 03:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Failed password for invalid user anders from 141.11.88.12 port 11404 ssh2
Jun 23 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Connection closed by 141.11.88.12 port 11404 [preauth]
Jun 23 03:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session closed for user root
Jun 23 03:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Failed password for root from 141.11.88.12 port 29352 ssh2
Jun 23 03:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Connection closed by 141.11.88.12 port 29352 [preauth]
Jun 23 03:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Invalid user bot from 141.11.88.12
Jun 23 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: input_userauth_request: invalid user bot [preauth]
Jun 23 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Failed password for invalid user bot from 141.11.88.12 port 37414 ssh2
Jun 23 03:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Connection closed by 141.11.88.12 port 37414 [preauth]
Jun 23 03:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: Invalid user kafka from 141.11.88.12
Jun 23 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: input_userauth_request: invalid user kafka [preauth]
Jun 23 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: Invalid user kafka from 144.225.187.123
Jun 23 03:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: input_userauth_request: invalid user kafka [preauth]
Jun 23 03:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: Failed password for invalid user kafka from 141.11.88.12 port 37490 ssh2
Jun 23 03:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: Connection closed by 141.11.88.12 port 37490 [preauth]
Jun 23 03:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: Failed password for invalid user kafka from 144.225.187.123 port 35500 ssh2
Jun 23 03:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: Connection closed by 144.225.187.123 port 35500 [preauth]
Jun 23 03:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: Invalid user cloud from 141.11.88.12
Jun 23 03:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: input_userauth_request: invalid user cloud [preauth]
Jun 23 03:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: Failed password for invalid user cloud from 141.11.88.12 port 23198 ssh2
Jun 23 03:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: Connection closed by 141.11.88.12 port 23198 [preauth]
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11159]: Successful su for rubyman by root
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11159]: + ??? root:rubyman
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574948 of user rubyman.
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11159]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574948.
Jun 23 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.191.5  user=root
Jun 23 03:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Invalid user minecraft from 141.11.88.12
Jun 23 03:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 03:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session closed for user root
Jun 23 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: Failed password for root from 195.178.191.5 port 58864 ssh2
Jun 23 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: Received disconnect from 195.178.191.5 port 58864:11: Bye Bye [preauth]
Jun 23 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: Disconnected from 195.178.191.5 port 58864 [preauth]
Jun 23 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Failed password for invalid user minecraft from 141.11.88.12 port 35598 ssh2
Jun 23 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Connection closed by 141.11.88.12 port 35598 [preauth]
Jun 23 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Invalid user dm from 141.11.88.12
Jun 23 03:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: input_userauth_request: invalid user dm [preauth]
Jun 23 03:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for invalid user dm from 141.11.88.12 port 35626 ssh2
Jun 23 03:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Connection closed by 141.11.88.12 port 35626 [preauth]
Jun 23 03:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Failed password for root from 141.11.88.12 port 14680 ssh2
Jun 23 03:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Connection closed by 141.11.88.12 port 14680 [preauth]
Jun 23 03:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11399]: Invalid user dummy from 141.11.88.12
Jun 23 03:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11399]: input_userauth_request: invalid user dummy [preauth]
Jun 23 03:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11399]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11399]: Failed password for invalid user dummy from 141.11.88.12 port 52184 ssh2
Jun 23 03:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11399]: Connection closed by 141.11.88.12 port 52184 [preauth]
Jun 23 03:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Invalid user git from 144.225.187.123
Jun 23 03:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: input_userauth_request: invalid user git [preauth]
Jun 23 03:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Failed password for invalid user git from 144.225.187.123 port 56990 ssh2
Jun 23 03:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Connection closed by 144.225.187.123 port 56990 [preauth]
Jun 23 03:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Failed password for root from 141.11.88.12 port 52224 ssh2
Jun 23 03:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Connection closed by 141.11.88.12 port 52224 [preauth]
Jun 23 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10098]: pam_unix(cron:session): session closed for user root
Jun 23 03:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Failed password for root from 141.11.88.12 port 23110 ssh2
Jun 23 03:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Connection closed by 141.11.88.12 port 23110 [preauth]
Jun 23 03:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Invalid user test from 141.11.88.12
Jun 23 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: input_userauth_request: invalid user test [preauth]
Jun 23 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Failed password for invalid user test from 141.11.88.12 port 12890 ssh2
Jun 23 03:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Connection closed by 141.11.88.12 port 12890 [preauth]
Jun 23 03:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Failed password for root from 141.11.88.12 port 12938 ssh2
Jun 23 03:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Connection closed by 141.11.88.12 port 12938 [preauth]
Jun 23 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: Failed password for root from 141.11.88.12 port 57876 ssh2
Jun 23 03:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: Connection closed by 141.11.88.12 port 57876 [preauth]
Jun 23 03:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11547]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11606]: Successful su for rubyman by root
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11606]: + ??? root:rubyman
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574952 of user rubyman.
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11606]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574952.
Jun 23 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: Invalid user no-reply from 141.11.88.12
Jun 23 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: input_userauth_request: invalid user no-reply [preauth]
Jun 23 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: Invalid user dolphinscheduler from 144.225.187.123
Jun 23 03:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 23 03:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8660]: pam_unix(cron:session): session closed for user root
Jun 23 03:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: Failed password for invalid user no-reply from 141.11.88.12 port 24828 ssh2
Jun 23 03:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: Connection closed by 141.11.88.12 port 24828 [preauth]
Jun 23 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: Failed password for invalid user dolphinscheduler from 144.225.187.123 port 34258 ssh2
Jun 23 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11534]: Connection closed by 144.225.187.123 port 34258 [preauth]
Jun 23 03:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: Invalid user fahmi from 141.11.88.12
Jun 23 03:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: input_userauth_request: invalid user fahmi [preauth]
Jun 23 03:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: Failed password for invalid user fahmi from 141.11.88.12 port 24866 ssh2
Jun 23 03:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: Connection closed by 141.11.88.12 port 24866 [preauth]
Jun 23 03:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: Failed password for root from 141.11.88.12 port 27274 ssh2
Jun 23 03:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: Connection closed by 141.11.88.12 port 27274 [preauth]
Jun 23 03:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Invalid user dmdba from 141.11.88.12
Jun 23 03:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: input_userauth_request: invalid user dmdba [preauth]
Jun 23 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: Received disconnect from 103.161.34.59 port 11502:11: disconnected by user [preauth]
Jun 23 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: Disconnected from 103.161.34.59 port 11502 [preauth]
Jun 23 03:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Failed password for invalid user dmdba from 141.11.88.12 port 27332 ssh2
Jun 23 03:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Connection closed by 141.11.88.12 port 27332 [preauth]
Jun 23 03:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Failed password for root from 141.11.88.12 port 55202 ssh2
Jun 23 03:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Connection closed by 141.11.88.12 port 55202 [preauth]
Jun 23 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session closed for user root
Jun 23 03:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Invalid user root1 from 141.11.88.12
Jun 23 03:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: input_userauth_request: invalid user root1 [preauth]
Jun 23 03:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Failed password for invalid user root1 from 141.11.88.12 port 53886 ssh2
Jun 23 03:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Connection closed by 141.11.88.12 port 53886 [preauth]
Jun 23 03:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Invalid user docker from 144.225.187.123
Jun 23 03:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: input_userauth_request: invalid user docker [preauth]
Jun 23 03:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Failed password for invalid user docker from 144.225.187.123 port 49000 ssh2
Jun 23 03:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Connection closed by 144.225.187.123 port 49000 [preauth]
Jun 23 03:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: Failed password for root from 141.11.88.12 port 53942 ssh2
Jun 23 03:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: Connection closed by 141.11.88.12 port 53942 [preauth]
Jun 23 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Invalid user user from 141.11.88.12
Jun 23 03:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: input_userauth_request: invalid user user [preauth]
Jun 23 03:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Failed password for invalid user user from 141.11.88.12 port 45940 ssh2
Jun 23 03:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Connection closed by 141.11.88.12 port 45940 [preauth]
Jun 23 03:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: Invalid user kafka from 141.11.88.12
Jun 23 03:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: input_userauth_request: invalid user kafka [preauth]
Jun 23 03:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: Failed password for invalid user kafka from 141.11.88.12 port 48198 ssh2
Jun 23 03:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: Connection closed by 141.11.88.12 port 48198 [preauth]
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12083]: Successful su for rubyman by root
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12083]: + ??? root:rubyman
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574959 of user rubyman.
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12083]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574959.
Jun 23 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session closed for user root
Jun 23 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: Failed password for invalid user ubuntu from 141.11.88.12 port 55410 ssh2
Jun 23 03:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: Connection closed by 141.11.88.12 port 55410 [preauth]
Jun 23 03:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Invalid user pi from 141.11.88.12
Jun 23 03:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: input_userauth_request: invalid user pi [preauth]
Jun 23 03:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Failed password for invalid user pi from 141.11.88.12 port 55438 ssh2
Jun 23 03:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Connection closed by 141.11.88.12 port 55438 [preauth]
Jun 23 03:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: Invalid user test from 144.225.187.123
Jun 23 03:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: input_userauth_request: invalid user test [preauth]
Jun 23 03:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: Failed password for invalid user test from 144.225.187.123 port 48086 ssh2
Jun 23 03:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: Connection closed by 144.225.187.123 port 48086 [preauth]
Jun 23 03:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: Failed password for root from 141.11.88.12 port 32878 ssh2
Jun 23 03:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: Connection closed by 141.11.88.12 port 32878 [preauth]
Jun 23 03:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: Invalid user cloudera from 141.11.88.12
Jun 23 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: input_userauth_request: invalid user cloudera [preauth]
Jun 23 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: Failed password for invalid user cloudera from 141.11.88.12 port 16030 ssh2
Jun 23 03:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: Connection closed by 141.11.88.12 port 16030 [preauth]
Jun 23 03:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Invalid user wangchen from 141.11.88.12
Jun 23 03:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: input_userauth_request: invalid user wangchen [preauth]
Jun 23 03:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Failed password for invalid user wangchen from 141.11.88.12 port 16040 ssh2
Jun 23 03:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Connection closed by 141.11.88.12 port 16040 [preauth]
Jun 23 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11097]: pam_unix(cron:session): session closed for user root
Jun 23 03:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Invalid user user from 141.11.88.12
Jun 23 03:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: input_userauth_request: invalid user user [preauth]
Jun 23 03:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Failed password for invalid user user from 141.11.88.12 port 13696 ssh2
Jun 23 03:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Connection closed by 141.11.88.12 port 13696 [preauth]
Jun 23 03:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: Failed password for root from 141.11.88.12 port 49724 ssh2
Jun 23 03:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: Connection closed by 141.11.88.12 port 49724 [preauth]
Jun 23 03:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Invalid user admin1 from 141.11.88.12
Jun 23 03:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 03:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Failed password for root from 144.225.187.123 port 38646 ssh2
Jun 23 03:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Connection closed by 144.225.187.123 port 38646 [preauth]
Jun 23 03:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Failed password for invalid user admin1 from 141.11.88.12 port 49766 ssh2
Jun 23 03:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Connection closed by 141.11.88.12 port 49766 [preauth]
Jun 23 03:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Failed password for invalid user ubuntu from 141.11.88.12 port 32882 ssh2
Jun 23 03:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Connection closed by 141.11.88.12 port 32882 [preauth]
Jun 23 03:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12567]: pam_unix(cron:session): session closed for user root
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12562]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: Invalid user odoo from 141.11.88.12
Jun 23 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: input_userauth_request: invalid user odoo [preauth]
Jun 23 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12635]: Successful su for rubyman by root
Jun 23 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12635]: + ??? root:rubyman
Jun 23 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574960 of user rubyman.
Jun 23 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12635]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574960.
Jun 23 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: Failed password for root from 103.176.20.57 port 57160 ssh2
Jun 23 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: Connection closed by 103.176.20.57 port 57160 [preauth]
Jun 23 03:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: Failed password for invalid user odoo from 141.11.88.12 port 60518 ssh2
Jun 23 03:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: Connection closed by 141.11.88.12 port 60518 [preauth]
Jun 23 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9491]: pam_unix(cron:session): session closed for user root
Jun 23 03:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12564]: pam_unix(cron:session): session closed for user root
Jun 23 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12563]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Invalid user aaa from 141.11.88.12
Jun 23 03:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: input_userauth_request: invalid user aaa [preauth]
Jun 23 03:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Failed password for invalid user aaa from 141.11.88.12 port 60550 ssh2
Jun 23 03:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Connection closed by 141.11.88.12 port 60550 [preauth]
Jun 23 03:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Invalid user config from 141.11.88.12
Jun 23 03:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: input_userauth_request: invalid user config [preauth]
Jun 23 03:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Failed password for invalid user config from 141.11.88.12 port 57098 ssh2
Jun 23 03:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Connection closed by 141.11.88.12 port 57098 [preauth]
Jun 23 03:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Invalid user pz from 141.11.88.12
Jun 23 03:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: input_userauth_request: invalid user pz [preauth]
Jun 23 03:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Failed password for invalid user pz from 141.11.88.12 port 32188 ssh2
Jun 23 03:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Connection closed by 141.11.88.12 port 32188 [preauth]
Jun 23 03:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12905]: Failed password for root from 144.225.187.123 port 52064 ssh2
Jun 23 03:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12905]: Connection closed by 144.225.187.123 port 52064 [preauth]
Jun 23 03:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Failed password for root from 141.11.88.12 port 32212 ssh2
Jun 23 03:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Connection closed by 141.11.88.12 port 32212 [preauth]
Jun 23 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11550]: pam_unix(cron:session): session closed for user root
Jun 23 03:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Invalid user olga from 141.11.88.12
Jun 23 03:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: input_userauth_request: invalid user olga [preauth]
Jun 23 03:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Failed password for invalid user olga from 141.11.88.12 port 27390 ssh2
Jun 23 03:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Connection closed by 141.11.88.12 port 27390 [preauth]
Jun 23 03:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Invalid user auston from 2.57.121.112
Jun 23 03:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: input_userauth_request: invalid user auston [preauth]
Jun 23 03:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 03:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Invalid user devuser from 141.11.88.12
Jun 23 03:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: input_userauth_request: invalid user devuser [preauth]
Jun 23 03:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Failed password for invalid user auston from 2.57.121.112 port 8022 ssh2
Jun 23 03:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Failed password for invalid user devuser from 141.11.88.12 port 55964 ssh2
Jun 23 03:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Connection closed by 141.11.88.12 port 55964 [preauth]
Jun 23 03:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Failed password for invalid user auston from 2.57.121.112 port 8022 ssh2
Jun 23 03:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Failed password for invalid user auston from 2.57.121.112 port 8022 ssh2
Jun 23 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Failed password for invalid user auston from 2.57.121.112 port 8022 ssh2
Jun 23 03:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Invalid user testuser from 141.11.88.12
Jun 23 03:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: input_userauth_request: invalid user testuser [preauth]
Jun 23 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Failed password for invalid user auston from 2.57.121.112 port 8022 ssh2
Jun 23 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Connection closed by 2.57.121.112 port 8022 [preauth]
Jun 23 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 03:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Failed password for invalid user testuser from 141.11.88.12 port 56068 ssh2
Jun 23 03:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Connection closed by 141.11.88.12 port 56068 [preauth]
Jun 23 03:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Failed password for root from 141.11.88.12 port 33496 ssh2
Jun 23 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Failed password for root from 144.225.187.123 port 43514 ssh2
Jun 23 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Connection closed by 141.11.88.12 port 33496 [preauth]
Jun 23 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Connection closed by 144.225.187.123 port 43514 [preauth]
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13029]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13095]: Successful su for rubyman by root
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13095]: + ??? root:rubyman
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574966 of user rubyman.
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13095]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574966.
Jun 23 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: Invalid user minecraft from 141.11.88.12
Jun 23 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10095]: pam_unix(cron:session): session closed for user root
Jun 23 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13030]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: Failed password for invalid user minecraft from 141.11.88.12 port 13898 ssh2
Jun 23 03:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: Connection closed by 141.11.88.12 port 13898 [preauth]
Jun 23 03:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Invalid user user from 141.11.88.12
Jun 23 03:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: input_userauth_request: invalid user user [preauth]
Jun 23 03:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Failed password for invalid user user from 141.11.88.12 port 13936 ssh2
Jun 23 03:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Connection closed by 141.11.88.12 port 13936 [preauth]
Jun 23 03:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Invalid user ts3 from 141.11.88.12
Jun 23 03:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 03:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Failed password for invalid user ts3 from 141.11.88.12 port 31354 ssh2
Jun 23 03:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Connection closed by 141.11.88.12 port 31354 [preauth]
Jun 23 03:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Failed password for root from 141.11.88.12 port 63228 ssh2
Jun 23 03:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Connection closed by 141.11.88.12 port 63228 [preauth]
Jun 23 03:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Invalid user deployer from 141.11.88.12
Jun 23 03:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: input_userauth_request: invalid user deployer [preauth]
Jun 23 03:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Failed password for invalid user deployer from 141.11.88.12 port 63252 ssh2
Jun 23 03:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Connection closed by 141.11.88.12 port 63252 [preauth]
Jun 23 03:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session closed for user root
Jun 23 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Invalid user dbs from 141.11.88.12
Jun 23 03:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: input_userauth_request: invalid user dbs [preauth]
Jun 23 03:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: Failed password for root from 144.225.187.123 port 58506 ssh2
Jun 23 03:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: Connection closed by 144.225.187.123 port 58506 [preauth]
Jun 23 03:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Failed password for invalid user dbs from 141.11.88.12 port 45460 ssh2
Jun 23 03:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Connection closed by 141.11.88.12 port 45460 [preauth]
Jun 23 03:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: Invalid user moodle from 141.11.88.12
Jun 23 03:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: input_userauth_request: invalid user moodle [preauth]
Jun 23 03:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: Failed password for invalid user moodle from 141.11.88.12 port 15998 ssh2
Jun 23 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: Connection closed by 141.11.88.12 port 15998 [preauth]
Jun 23 03:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13440]: Invalid user git from 141.11.88.12
Jun 23 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13440]: input_userauth_request: invalid user git [preauth]
Jun 23 03:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13440]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13440]: Failed password for invalid user git from 141.11.88.12 port 16054 ssh2
Jun 23 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13440]: Connection closed by 141.11.88.12 port 16054 [preauth]
Jun 23 03:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Invalid user bot from 141.11.88.12
Jun 23 03:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: input_userauth_request: invalid user bot [preauth]
Jun 23 03:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Failed password for invalid user bot from 141.11.88.12 port 40566 ssh2
Jun 23 03:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Connection closed by 141.11.88.12 port 40566 [preauth]
Jun 23 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13472]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: Invalid user vss from 141.11.88.12
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: input_userauth_request: invalid user vss [preauth]
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13536]: Successful su for rubyman by root
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13536]: + ??? root:rubyman
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574970 of user rubyman.
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13536]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574970.
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: Failed password for invalid user vss from 141.11.88.12 port 32832 ssh2
Jun 23 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session closed for user root
Jun 23 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: Connection closed by 141.11.88.12 port 32832 [preauth]
Jun 23 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13473]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Invalid user student from 141.11.88.12
Jun 23 03:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: input_userauth_request: invalid user student [preauth]
Jun 23 03:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Failed password for invalid user student from 141.11.88.12 port 32854 ssh2
Jun 23 03:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Connection closed by 141.11.88.12 port 32854 [preauth]
Jun 23 03:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Failed password for root from 144.225.187.123 port 51350 ssh2
Jun 23 03:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Connection closed by 144.225.187.123 port 51350 [preauth]
Jun 23 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Invalid user rogelio from 141.11.88.12
Jun 23 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: input_userauth_request: invalid user rogelio [preauth]
Jun 23 03:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Failed password for invalid user rogelio from 141.11.88.12 port 18942 ssh2
Jun 23 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Connection closed by 141.11.88.12 port 18942 [preauth]
Jun 23 03:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: Invalid user user from 141.11.88.12
Jun 23 03:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: input_userauth_request: invalid user user [preauth]
Jun 23 03:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: Failed password for invalid user user from 141.11.88.12 port 18976 ssh2
Jun 23 03:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: Connection closed by 141.11.88.12 port 18976 [preauth]
Jun 23 03:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13789]: Invalid user linux from 141.11.88.12
Jun 23 03:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13789]: input_userauth_request: invalid user linux [preauth]
Jun 23 03:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13789]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13789]: Failed password for invalid user linux from 141.11.88.12 port 17832 ssh2
Jun 23 03:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13789]: Connection closed by 141.11.88.12 port 17832 [preauth]
Jun 23 03:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: Invalid user btc from 141.11.88.12
Jun 23 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: input_userauth_request: invalid user btc [preauth]
Jun 23 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12566]: pam_unix(cron:session): session closed for user root
Jun 23 03:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: Failed password for invalid user btc from 141.11.88.12 port 45930 ssh2
Jun 23 03:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: Connection closed by 141.11.88.12 port 45930 [preauth]
Jun 23 03:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Failed password for root from 141.11.88.12 port 45952 ssh2
Jun 23 03:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Connection closed by 141.11.88.12 port 45952 [preauth]
Jun 23 03:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Failed password for invalid user ubuntu from 141.11.88.12 port 26324 ssh2
Jun 23 03:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Connection closed by 141.11.88.12 port 26324 [preauth]
Jun 23 03:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: Failed password for root from 144.225.187.123 port 45744 ssh2
Jun 23 03:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: Connection closed by 144.225.187.123 port 45744 [preauth]
Jun 23 03:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: Invalid user testuser from 141.11.88.12
Jun 23 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: input_userauth_request: invalid user testuser [preauth]
Jun 23 03:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: Failed password for invalid user testuser from 141.11.88.12 port 26374 ssh2
Jun 23 03:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13866]: Connection closed by 141.11.88.12 port 26374 [preauth]
Jun 23 03:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Invalid user chris from 141.11.88.12
Jun 23 03:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: input_userauth_request: invalid user chris [preauth]
Jun 23 03:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for invalid user chris from 141.11.88.12 port 26400 ssh2
Jun 23 03:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Connection closed by 141.11.88.12 port 26400 [preauth]
Jun 23 03:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Failed password for root from 141.11.88.12 port 26410 ssh2
Jun 23 03:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Connection closed by 141.11.88.12 port 26410 [preauth]
Jun 23 03:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Invalid user cacti from 141.11.88.12
Jun 23 03:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: input_userauth_request: invalid user cacti [preauth]
Jun 23 03:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Failed password for invalid user cacti from 141.11.88.12 port 26446 ssh2
Jun 23 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Connection closed by 141.11.88.12 port 26446 [preauth]
Jun 23 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13901]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: Successful su for rubyman by root
Jun 23 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: + ??? root:rubyman
Jun 23 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574975 of user rubyman.
Jun 23 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574975.
Jun 23 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: Invalid user winston from 141.11.88.12
Jun 23 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: input_userauth_request: invalid user winston [preauth]
Jun 23 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session closed for user root
Jun 23 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: Failed password for invalid user winston from 141.11.88.12 port 10876 ssh2
Jun 23 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: Connection closed by 141.11.88.12 port 10876 [preauth]
Jun 23 03:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13902]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: Invalid user intranet from 141.11.88.12
Jun 23 03:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: input_userauth_request: invalid user intranet [preauth]
Jun 23 03:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: Failed password for invalid user intranet from 141.11.88.12 port 10878 ssh2
Jun 23 03:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: Connection closed by 141.11.88.12 port 10878 [preauth]
Jun 23 03:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Invalid user gold from 141.11.88.12
Jun 23 03:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: input_userauth_request: invalid user gold [preauth]
Jun 23 03:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Failed password for invalid user gold from 141.11.88.12 port 58712 ssh2
Jun 23 03:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Connection closed by 141.11.88.12 port 58712 [preauth]
Jun 23 03:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14186]: Failed password for root from 144.225.187.123 port 38002 ssh2
Jun 23 03:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14186]: Connection closed by 144.225.187.123 port 38002 [preauth]
Jun 23 03:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: Failed password for root from 141.11.88.12 port 58724 ssh2
Jun 23 03:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: Connection closed by 141.11.88.12 port 58724 [preauth]
Jun 23 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Invalid user min from 141.11.88.12
Jun 23 03:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: input_userauth_request: invalid user min [preauth]
Jun 23 03:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Failed password for invalid user min from 141.11.88.12 port 14678 ssh2
Jun 23 03:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14198]: Connection closed by 141.11.88.12 port 14678 [preauth]
Jun 23 03:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: Invalid user jakob from 141.11.88.12
Jun 23 03:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: input_userauth_request: invalid user jakob [preauth]
Jun 23 03:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: Failed password for invalid user jakob from 141.11.88.12 port 14696 ssh2
Jun 23 03:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: Connection closed by 141.11.88.12 port 14696 [preauth]
Jun 23 03:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: Received disconnect from 199.127.62.250 port 25974:11: disconnected by user [preauth]
Jun 23 03:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: Disconnected from 199.127.62.250 port 25974 [preauth]
Jun 23 03:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: Invalid user admin1 from 141.11.88.12
Jun 23 03:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 03:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session closed for user root
Jun 23 03:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: Failed password for invalid user admin1 from 141.11.88.12 port 63272 ssh2
Jun 23 03:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: Connection closed by 141.11.88.12 port 63272 [preauth]
Jun 23 03:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: Failed password for root from 141.11.88.12 port 63302 ssh2
Jun 23 03:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: Connection closed by 141.11.88.12 port 63302 [preauth]
Jun 23 03:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Failed password for invalid user ubuntu from 141.11.88.12 port 63326 ssh2
Jun 23 03:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Connection closed by 141.11.88.12 port 63326 [preauth]
Jun 23 03:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: Invalid user azureuser from 141.11.88.12
Jun 23 03:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 03:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: Failed password for invalid user azureuser from 141.11.88.12 port 44900 ssh2
Jun 23 03:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: Connection closed by 141.11.88.12 port 44900 [preauth]
Jun 23 03:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Invalid user odoo18 from 141.11.88.12
Jun 23 03:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: input_userauth_request: invalid user odoo18 [preauth]
Jun 23 03:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Failed password for invalid user odoo18 from 141.11.88.12 port 44946 ssh2
Jun 23 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Connection closed by 141.11.88.12 port 44946 [preauth]
Jun 23 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Invalid user adam from 141.11.88.12
Jun 23 03:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: input_userauth_request: invalid user adam [preauth]
Jun 23 03:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14301]: Failed password for root from 144.225.187.123 port 39982 ssh2
Jun 23 03:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14301]: Connection closed by 144.225.187.123 port 39982 [preauth]
Jun 23 03:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Failed password for invalid user adam from 141.11.88.12 port 60620 ssh2
Jun 23 03:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Connection closed by 141.11.88.12 port 60620 [preauth]
Jun 23 03:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Invalid user redhat from 141.11.88.12
Jun 23 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: input_userauth_request: invalid user redhat [preauth]
Jun 23 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Failed password for invalid user redhat from 141.11.88.12 port 60694 ssh2
Jun 23 03:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Connection closed by 141.11.88.12 port 60694 [preauth]
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14325]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14387]: Successful su for rubyman by root
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14387]: + ??? root:rubyman
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574978 of user rubyman.
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14387]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574978.
Jun 23 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Invalid user ark from 141.11.88.12
Jun 23 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: input_userauth_request: invalid user ark [preauth]
Jun 23 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session closed for user root
Jun 23 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Failed password for invalid user ark from 141.11.88.12 port 50972 ssh2
Jun 23 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Connection closed by 141.11.88.12 port 50972 [preauth]
Jun 23 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14326]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Invalid user erpnext from 141.11.88.12
Jun 23 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: input_userauth_request: invalid user erpnext [preauth]
Jun 23 03:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Failed password for invalid user erpnext from 141.11.88.12 port 50990 ssh2
Jun 23 03:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Connection closed by 141.11.88.12 port 50990 [preauth]
Jun 23 03:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Invalid user marketing from 141.11.88.12
Jun 23 03:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: input_userauth_request: invalid user marketing [preauth]
Jun 23 03:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Failed password for invalid user marketing from 141.11.88.12 port 51012 ssh2
Jun 23 03:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Connection closed by 141.11.88.12 port 51012 [preauth]
Jun 23 03:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: Failed password for root from 141.11.88.12 port 35872 ssh2
Jun 23 03:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: Connection closed by 141.11.88.12 port 35872 [preauth]
Jun 23 03:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 03:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Received disconnect from 209.141.34.44 port 48162:11: disconnected by user [preauth]
Jun 23 03:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Disconnected from 209.141.34.44 port 48162 [preauth]
Jun 23 03:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: Failed password for root from 141.11.88.12 port 35892 ssh2
Jun 23 03:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: Connection closed by 141.11.88.12 port 35892 [preauth]
Jun 23 03:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: Invalid user steam from 141.11.88.12
Jun 23 03:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: input_userauth_request: invalid user steam [preauth]
Jun 23 03:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: Failed password for invalid user steam from 141.11.88.12 port 51772 ssh2
Jun 23 03:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: Connection closed by 141.11.88.12 port 51772 [preauth]
Jun 23 03:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: Failed password for root from 144.225.187.123 port 32962 ssh2
Jun 23 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Invalid user adminuser from 141.11.88.12
Jun 23 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: input_userauth_request: invalid user adminuser [preauth]
Jun 23 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: Connection closed by 144.225.187.123 port 32962 [preauth]
Jun 23 03:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Failed password for invalid user adminuser from 141.11.88.12 port 51780 ssh2
Jun 23 03:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Connection closed by 141.11.88.12 port 51780 [preauth]
Jun 23 03:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13477]: pam_unix(cron:session): session closed for user root
Jun 23 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: Failed password for root from 141.11.88.12 port 44292 ssh2
Jun 23 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: Failed password for root from 103.27.238.114 port 51364 ssh2
Jun 23 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: Connection closed by 141.11.88.12 port 44292 [preauth]
Jun 23 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: Connection closed by 103.27.238.114 port 51364 [preauth]
Jun 23 03:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: Invalid user elina from 141.11.88.12
Jun 23 03:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: input_userauth_request: invalid user elina [preauth]
Jun 23 03:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: Failed password for invalid user elina from 141.11.88.12 port 44316 ssh2
Jun 23 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: Connection closed by 141.11.88.12 port 44316 [preauth]
Jun 23 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14746]: Failed password for root from 103.82.20.28 port 54228 ssh2
Jun 23 03:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14746]: Connection closed by 103.82.20.28 port 54228 [preauth]
Jun 23 03:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Invalid user claude from 141.11.88.12
Jun 23 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: input_userauth_request: invalid user claude [preauth]
Jun 23 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Failed password for invalid user claude from 141.11.88.12 port 48308 ssh2
Jun 23 03:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Connection closed by 141.11.88.12 port 48308 [preauth]
Jun 23 03:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Invalid user myuser from 141.11.88.12
Jun 23 03:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: input_userauth_request: invalid user myuser [preauth]
Jun 23 03:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Failed password for invalid user myuser from 141.11.88.12 port 48354 ssh2
Jun 23 03:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Connection closed by 141.11.88.12 port 48354 [preauth]
Jun 23 03:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Invalid user ftpadmin from 141.11.88.12
Jun 23 03:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: input_userauth_request: invalid user ftpadmin [preauth]
Jun 23 03:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Failed password for invalid user ftpadmin from 141.11.88.12 port 48384 ssh2
Jun 23 03:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Connection closed by 141.11.88.12 port 48384 [preauth]
Jun 23 03:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14833]: Invalid user admin from 141.11.88.12
Jun 23 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14833]: input_userauth_request: invalid user admin [preauth]
Jun 23 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14833]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14833]: Failed password for invalid user admin from 141.11.88.12 port 64382 ssh2
Jun 23 03:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14833]: Connection closed by 141.11.88.12 port 64382 [preauth]
Jun 23 03:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14846]: pam_unix(cron:session): session closed for user root
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14840]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14923]: Successful su for rubyman by root
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14923]: + ??? root:rubyman
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574982 of user rubyman.
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14923]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574982.
Jun 23 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Invalid user openclaw from 141.11.88.12
Jun 23 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14835]: Failed password for root from 144.225.187.123 port 46492 ssh2
Jun 23 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14837]: Failed password for root from 103.77.242.62 port 35744 ssh2
Jun 23 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14835]: Connection closed by 144.225.187.123 port 46492 [preauth]
Jun 23 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14837]: Connection closed by 103.77.242.62 port 35744 [preauth]
Jun 23 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14843]: pam_unix(cron:session): session closed for user root
Jun 23 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session closed for user root
Jun 23 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Failed password for invalid user openclaw from 141.11.88.12 port 40658 ssh2
Jun 23 03:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Connection closed by 141.11.88.12 port 40658 [preauth]
Jun 23 03:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14842]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: Failed password for root from 141.11.88.12 port 40682 ssh2
Jun 23 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: Connection closed by 141.11.88.12 port 40682 [preauth]
Jun 23 03:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Failed password for invalid user ubuntu from 141.11.88.12 port 26838 ssh2
Jun 23 03:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Connection closed by 141.11.88.12 port 26838 [preauth]
Jun 23 03:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: Invalid user webtest from 141.11.88.12
Jun 23 03:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: input_userauth_request: invalid user webtest [preauth]
Jun 23 03:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: Failed password for invalid user webtest from 141.11.88.12 port 26846 ssh2
Jun 23 03:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: Connection closed by 141.11.88.12 port 26846 [preauth]
Jun 23 03:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Invalid user myuser from 141.11.88.12
Jun 23 03:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: input_userauth_request: invalid user myuser [preauth]
Jun 23 03:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Failed password for invalid user myuser from 141.11.88.12 port 11462 ssh2
Jun 23 03:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Connection closed by 141.11.88.12 port 11462 [preauth]
Jun 23 03:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: Failed password for root from 141.11.88.12 port 11516 ssh2
Jun 23 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: Connection closed by 141.11.88.12 port 11516 [preauth]
Jun 23 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13905]: pam_unix(cron:session): session closed for user root
Jun 23 03:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Invalid user ubuntu from 141.11.88.12
Jun 23 03:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 03:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15209]: Invalid user prueba from 144.225.187.123
Jun 23 03:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15209]: input_userauth_request: invalid user prueba [preauth]
Jun 23 03:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15209]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15209]: Failed password for invalid user prueba from 144.225.187.123 port 38814 ssh2
Jun 23 03:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Failed password for invalid user ubuntu from 141.11.88.12 port 56408 ssh2
Jun 23 03:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Connection closed by 141.11.88.12 port 56408 [preauth]
Jun 23 03:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15209]: Connection closed by 144.225.187.123 port 38814 [preauth]
Jun 23 03:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Invalid user guest from 141.11.88.12
Jun 23 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: input_userauth_request: invalid user guest [preauth]
Jun 23 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Failed password for invalid user guest from 141.11.88.12 port 56440 ssh2
Jun 23 03:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Connection closed by 141.11.88.12 port 56440 [preauth]
Jun 23 03:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15279]: Failed password for root from 141.11.88.12 port 14436 ssh2
Jun 23 03:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15279]: Connection closed by 141.11.88.12 port 14436 [preauth]
Jun 23 03:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: Failed password for root from 80.66.85.226 port 45104 ssh2
Jun 23 03:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: Connection closed by 80.66.85.226 port 45104 [preauth]
Jun 23 03:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Invalid user dev from 141.11.88.12
Jun 23 03:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: input_userauth_request: invalid user dev [preauth]
Jun 23 03:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Failed password for invalid user dev from 141.11.88.12 port 49318 ssh2
Jun 23 03:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Connection closed by 141.11.88.12 port 49318 [preauth]
Jun 23 03:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Invalid user alex from 141.11.88.12
Jun 23 03:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: input_userauth_request: invalid user alex [preauth]
Jun 23 03:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Failed password for invalid user alex from 141.11.88.12 port 49330 ssh2
Jun 23 03:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Connection closed by 141.11.88.12 port 49330 [preauth]
Jun 23 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15312]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15376]: Successful su for rubyman by root
Jun 23 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15376]: + ??? root:rubyman
Jun 23 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574988 of user rubyman.
Jun 23 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15376]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574988.
Jun 23 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Failed password for root from 141.11.88.12 port 52718 ssh2
Jun 23 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Connection closed by 141.11.88.12 port 52718 [preauth]
Jun 23 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12565]: pam_unix(cron:session): session closed for user root
Jun 23 03:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15313]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15553]: Invalid user andrew from 141.11.88.12
Jun 23 03:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15553]: input_userauth_request: invalid user andrew [preauth]
Jun 23 03:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15553]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15553]: Failed password for invalid user andrew from 141.11.88.12 port 52784 ssh2
Jun 23 03:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15553]: Connection closed by 141.11.88.12 port 52784 [preauth]
Jun 23 03:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Invalid user user1 from 144.225.187.123
Jun 23 03:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: input_userauth_request: invalid user user1 [preauth]
Jun 23 03:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Failed password for invalid user user1 from 144.225.187.123 port 43766 ssh2
Jun 23 03:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Connection closed by 144.225.187.123 port 43766 [preauth]
Jun 23 03:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Invalid user server from 141.11.88.12
Jun 23 03:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: input_userauth_request: invalid user server [preauth]
Jun 23 03:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Failed password for invalid user server from 141.11.88.12 port 56284 ssh2
Jun 23 03:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Connection closed by 141.11.88.12 port 56284 [preauth]
Jun 23 03:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: Invalid user tmp from 141.11.88.12
Jun 23 03:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: input_userauth_request: invalid user tmp [preauth]
Jun 23 03:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: Failed password for invalid user tmp from 141.11.88.12 port 56304 ssh2
Jun 23 03:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: Connection closed by 141.11.88.12 port 56304 [preauth]
Jun 23 03:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Invalid user airflow from 141.11.88.12
Jun 23 03:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: input_userauth_request: invalid user airflow [preauth]
Jun 23 03:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Failed password for invalid user airflow from 141.11.88.12 port 41016 ssh2
Jun 23 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Connection closed by 141.11.88.12 port 41016 [preauth]
Jun 23 03:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: Invalid user deploy from 141.11.88.12
Jun 23 03:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: Failed password for invalid user deploy from 141.11.88.12 port 41054 ssh2
Jun 23 03:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: Connection closed by 141.11.88.12 port 41054 [preauth]
Jun 23 03:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Invalid user user from 141.11.88.12
Jun 23 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: input_userauth_request: invalid user user [preauth]
Jun 23 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14328]: pam_unix(cron:session): session closed for user root
Jun 23 03:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Failed password for invalid user user from 141.11.88.12 port 40664 ssh2
Jun 23 03:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Connection closed by 141.11.88.12 port 40664 [preauth]
Jun 23 03:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: Invalid user armin from 141.11.88.12
Jun 23 03:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: input_userauth_request: invalid user armin [preauth]
Jun 23 03:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: Failed password for invalid user armin from 141.11.88.12 port 40674 ssh2
Jun 23 03:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: Connection closed by 141.11.88.12 port 40674 [preauth]
Jun 23 03:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Failed password for root from 141.11.88.12 port 43680 ssh2
Jun 23 03:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Connection closed by 141.11.88.12 port 43680 [preauth]
Jun 23 03:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Invalid user support from 144.225.187.123
Jun 23 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: input_userauth_request: invalid user support [preauth]
Jun 23 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 03:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15695]: Failed password for root from 141.11.88.12 port 43720 ssh2
Jun 23 03:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15695]: Connection closed by 141.11.88.12 port 43720 [preauth]
Jun 23 03:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Failed password for invalid user support from 144.225.187.123 port 48064 ssh2
Jun 23 03:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Connection closed by 144.225.187.123 port 48064 [preauth]
Jun 23 03:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Failed password for root from 141.11.88.12 port 43770 ssh2
Jun 23 03:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Connection closed by 141.11.88.12 port 43770 [preauth]
Jun 23 03:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: Invalid user deploy from 141.11.88.12
Jun 23 03:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: input_userauth_request: invalid user deploy [preauth]
Jun 23 03:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: Failed password for invalid user deploy from 141.11.88.12 port 27488 ssh2
Jun 23 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: Connection closed by 141.11.88.12 port 27488 [preauth]
Jun 23 03:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Invalid user ftpuser from 141.11.88.12
Jun 23 03:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 03:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15733]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Failed password for invalid user ftpuser from 141.11.88.12 port 27500 ssh2
Jun 23 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Connection closed by 141.11.88.12 port 27500 [preauth]
Jun 23 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15793]: Successful su for rubyman by root
Jun 23 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15793]: + ??? root:rubyman
Jun 23 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574993 of user rubyman.
Jun 23 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15793]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574993.
Jun 23 03:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13031]: pam_unix(cron:session): session closed for user root
Jun 23 03:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Failed password for root from 141.11.88.12 port 15384 ssh2
Jun 23 03:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Connection closed by 141.11.88.12 port 15384 [preauth]
Jun 23 03:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15734]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Failed password for root from 141.11.88.12 port 15410 ssh2
Jun 23 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Connection closed by 141.11.88.12 port 15410 [preauth]
Jun 23 03:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: Invalid user aaa from 141.11.88.12
Jun 23 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: input_userauth_request: invalid user aaa [preauth]
Jun 23 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: Failed password for invalid user aaa from 141.11.88.12 port 17158 ssh2
Jun 23 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15981]: Connection closed by 141.11.88.12 port 17158 [preauth]
Jun 23 03:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Invalid user appuser from 141.11.88.12
Jun 23 03:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: input_userauth_request: invalid user appuser [preauth]
Jun 23 03:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Failed password for invalid user appuser from 141.11.88.12 port 17188 ssh2
Jun 23 03:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Connection closed by 141.11.88.12 port 17188 [preauth]
Jun 23 03:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Invalid user george from 141.11.88.12
Jun 23 03:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: input_userauth_request: invalid user george [preauth]
Jun 23 03:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: Failed password for root from 144.225.187.123 port 58354 ssh2
Jun 23 03:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Failed password for invalid user george from 141.11.88.12 port 29570 ssh2
Jun 23 03:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Connection closed by 141.11.88.12 port 29570 [preauth]
Jun 23 03:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: Connection closed by 144.225.187.123 port 58354 [preauth]
Jun 23 03:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Invalid user postgres from 141.11.88.12
Jun 23 03:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: input_userauth_request: invalid user postgres [preauth]
Jun 23 03:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Failed password for invalid user postgres from 141.11.88.12 port 29614 ssh2
Jun 23 03:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Connection closed by 141.11.88.12 port 29614 [preauth]
Jun 23 03:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16041]: Invalid user eva from 141.11.88.12
Jun 23 03:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16041]: input_userauth_request: invalid user eva [preauth]
Jun 23 03:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16041]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16041]: Failed password for invalid user eva from 141.11.88.12 port 29640 ssh2
Jun 23 03:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16041]: Connection closed by 141.11.88.12 port 29640 [preauth]
Jun 23 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: Invalid user ops from 141.11.88.12
Jun 23 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: input_userauth_request: invalid user ops [preauth]
Jun 23 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14845]: pam_unix(cron:session): session closed for user root
Jun 23 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: Failed password for invalid user ops from 141.11.88.12 port 45684 ssh2
Jun 23 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: Connection closed by 141.11.88.12 port 45684 [preauth]
Jun 23 03:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: Invalid user AdminGPON from 45.148.10.121
Jun 23 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: input_userauth_request: invalid user AdminGPON [preauth]
Jun 23 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Invalid user pi from 141.11.88.12
Jun 23 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: input_userauth_request: invalid user pi [preauth]
Jun 23 03:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: Failed password for invalid user AdminGPON from 45.148.10.121 port 50820 ssh2
Jun 23 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: Connection closed by 45.148.10.121 port 50820 [preauth]
Jun 23 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Failed password for invalid user pi from 141.11.88.12 port 45722 ssh2
Jun 23 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Connection closed by 141.11.88.12 port 45722 [preauth]
Jun 23 03:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Failed password for root from 141.11.88.12 port 22916 ssh2
Jun 23 03:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Connection closed by 141.11.88.12 port 22916 [preauth]
Jun 23 03:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: Invalid user botuser from 141.11.88.12
Jun 23 03:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: input_userauth_request: invalid user botuser [preauth]
Jun 23 03:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: Failed password for invalid user botuser from 141.11.88.12 port 22932 ssh2
Jun 23 03:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: Connection closed by 141.11.88.12 port 22932 [preauth]
Jun 23 03:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Invalid user fastuser from 141.11.88.12
Jun 23 03:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: input_userauth_request: invalid user fastuser [preauth]
Jun 23 03:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Failed password for invalid user fastuser from 141.11.88.12 port 63660 ssh2
Jun 23 03:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Connection closed by 141.11.88.12 port 63660 [preauth]
Jun 23 03:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: Failed password for root from 144.225.187.123 port 33694 ssh2
Jun 23 03:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: Connection closed by 144.225.187.123 port 33694 [preauth]
Jun 23 03:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16146]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16211]: Successful su for rubyman by root
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16211]: + ??? root:rubyman
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 574996 of user rubyman.
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16211]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Failed password for root from 141.11.88.12 port 63710 ssh2
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 574996.
Jun 23 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Connection closed by 141.11.88.12 port 63710 [preauth]
Jun 23 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session closed for user root
Jun 23 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Invalid user web from 141.11.88.12
Jun 23 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: input_userauth_request: invalid user web [preauth]
Jun 23 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16147]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Failed password for invalid user web from 141.11.88.12 port 46986 ssh2
Jun 23 03:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Connection closed by 141.11.88.12 port 46986 [preauth]
Jun 23 03:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: Failed password for root from 141.11.88.12 port 47002 ssh2
Jun 23 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: Connection closed by 141.11.88.12 port 47002 [preauth]
Jun 23 03:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: Invalid user centreon from 141.11.88.12
Jun 23 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: input_userauth_request: invalid user centreon [preauth]
Jun 23 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: Failed password for invalid user centreon from 141.11.88.12 port 30060 ssh2
Jun 23 03:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: Connection closed by 141.11.88.12 port 30060 [preauth]
Jun 23 03:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: Invalid user localadmin from 141.11.88.12
Jun 23 03:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: input_userauth_request: invalid user localadmin [preauth]
Jun 23 03:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: Failed password for invalid user localadmin from 141.11.88.12 port 43390 ssh2
Jun 23 03:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16452]: Connection closed by 141.11.88.12 port 43390 [preauth]
Jun 23 03:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session closed for user root
Jun 23 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: Failed password for root from 141.11.88.12 port 12092 ssh2
Jun 23 03:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: Connection closed by 141.11.88.12 port 12092 [preauth]
Jun 23 03:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16464]: Failed password for root from 144.225.187.123 port 48568 ssh2
Jun 23 03:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16464]: Connection closed by 144.225.187.123 port 48568 [preauth]
Jun 23 03:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: Failed password for root from 141.11.88.12 port 12166 ssh2
Jun 23 03:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: Connection closed by 141.11.88.12 port 12166 [preauth]
Jun 23 03:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Invalid user trade from 141.11.88.12
Jun 23 03:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: input_userauth_request: invalid user trade [preauth]
Jun 23 03:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Failed password for invalid user trade from 141.11.88.12 port 52234 ssh2
Jun 23 03:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Connection closed by 141.11.88.12 port 52234 [preauth]
Jun 23 03:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Invalid user testuser from 141.11.88.12
Jun 23 03:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: input_userauth_request: invalid user testuser [preauth]
Jun 23 03:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Failed password for invalid user testuser from 141.11.88.12 port 65304 ssh2
Jun 23 03:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Connection closed by 141.11.88.12 port 65304 [preauth]
Jun 23 03:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: Invalid user developer from 141.11.88.12
Jun 23 03:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: input_userauth_request: invalid user developer [preauth]
Jun 23 03:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: Failed password for invalid user developer from 141.11.88.12 port 65322 ssh2
Jun 23 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: Connection closed by 141.11.88.12 port 65322 [preauth]
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16567]: pam_unix(cron:session): session closed for user p13x
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16627]: Successful su for rubyman by root
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16627]: + ??? root:rubyman
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575001 of user rubyman.
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16627]: pam_unix(su:session): session closed for user rubyman
Jun 23 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575001.
Jun 23 03:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16735]: Invalid user seed from 141.11.88.12
Jun 23 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16735]: input_userauth_request: invalid user seed [preauth]
Jun 23 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13904]: pam_unix(cron:session): session closed for user root
Jun 23 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16735]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16568]: pam_unix(cron:session): session closed for user samftp
Jun 23 03:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16735]: Failed password for invalid user seed from 141.11.88.12 port 43782 ssh2
Jun 23 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16735]: Connection closed by 141.11.88.12 port 43782 [preauth]
Jun 23 03:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Failed password for root from 144.225.187.123 port 37574 ssh2
Jun 23 03:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Connection closed by 144.225.187.123 port 37574 [preauth]
Jun 23 03:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: Failed password for root from 141.11.88.12 port 43814 ssh2
Jun 23 03:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: Connection closed by 141.11.88.12 port 43814 [preauth]
Jun 23 03:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Invalid user testuser from 141.11.88.12
Jun 23 03:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: input_userauth_request: invalid user testuser [preauth]
Jun 23 03:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Failed password for invalid user testuser from 141.11.88.12 port 64316 ssh2
Jun 23 03:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Connection closed by 141.11.88.12 port 64316 [preauth]
Jun 23 03:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Invalid user aa from 141.11.88.12
Jun 23 03:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: input_userauth_request: invalid user aa [preauth]
Jun 23 03:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Failed password for invalid user aa from 141.11.88.12 port 64368 ssh2
Jun 23 03:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Connection closed by 141.11.88.12 port 64368 [preauth]
Jun 23 03:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: Failed password for root from 141.11.88.12 port 16002 ssh2
Jun 23 03:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: Connection closed by 141.11.88.12 port 16002 [preauth]
Jun 23 03:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16952]: Invalid user demo from 141.11.88.12
Jun 23 03:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16952]: input_userauth_request: invalid user demo [preauth]
Jun 23 03:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16952]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15736]: pam_unix(cron:session): session closed for user root
Jun 23 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16952]: Failed password for invalid user demo from 141.11.88.12 port 28698 ssh2
Jun 23 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16952]: Connection closed by 141.11.88.12 port 28698 [preauth]
Jun 23 03:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Invalid user student from 141.11.88.12
Jun 23 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: input_userauth_request: invalid user student [preauth]
Jun 23 03:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Failed password for root from 202.178.126.219 port 55657 ssh2
Jun 23 03:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Connection closed by 202.178.126.219 port 55657 [preauth]
Jun 23 03:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Failed password for invalid user student from 141.11.88.12 port 28714 ssh2
Jun 23 03:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Connection closed by 141.11.88.12 port 28714 [preauth]
Jun 23 03:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 03:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Failed password for root from 144.225.187.123 port 41922 ssh2
Jun 23 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Invalid user rdpuser from 141.11.88.12
Jun 23 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Connection closed by 144.225.187.123 port 41922 [preauth]
Jun 23 03:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Failed password for invalid user rdpuser from 141.11.88.12 port 21528 ssh2
Jun 23 03:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Connection closed by 141.11.88.12 port 21528 [preauth]
Jun 23 03:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 03:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Failed password for root from 193.24.211.107 port 9364 ssh2
Jun 23 03:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Received disconnect from 193.24.211.107 port 9364:11: Client disconnecting normally [preauth]
Jun 23 03:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Disconnected from 193.24.211.107 port 9364 [preauth]
Jun 23 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: Invalid user elasticsearch from 141.11.88.12
Jun 23 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Bad protocol version identification 'GET / HTTP/1.1' from 74.82.47.3 port 5166
Jun 23 03:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: Failed password for invalid user elasticsearch from 141.11.88.12 port 30894 ssh2
Jun 23 03:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: Failed password for root from 141.11.88.12 port 30884 ssh2
Jun 23 03:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: Connection closed by 141.11.88.12 port 30894 [preauth]
Jun 23 03:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: Connection closed by 141.11.88.12 port 30884 [preauth]
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17098]: pam_unix(cron:session): session closed for user root
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17093]: pam_unix(cron:session): session closed for user root
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17091]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17179]: Successful su for rubyman by root
Jun 23 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17179]: + ??? root:rubyman
Jun 23 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575007 of user rubyman.
Jun 23 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17179]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575007.
Jun 23 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17095]: pam_unix(cron:session): session closed for user root
Jun 23 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14327]: pam_unix(cron:session): session closed for user root
Jun 23 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: Failed password for root from 141.11.88.12 port 16300 ssh2
Jun 23 04:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: Connection closed by 141.11.88.12 port 16300 [preauth]
Jun 23 04:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17092]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: Failed password for root from 141.11.88.12 port 16314 ssh2
Jun 23 04:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: Connection closed by 141.11.88.12 port 16314 [preauth]
Jun 23 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Invalid user dev from 141.11.88.12
Jun 23 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: input_userauth_request: invalid user dev [preauth]
Jun 23 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for invalid user dev from 141.11.88.12 port 53678 ssh2
Jun 23 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Connection closed by 141.11.88.12 port 53678 [preauth]
Jun 23 04:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Invalid user ts3 from 141.11.88.12
Jun 23 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Failed password for root from 144.225.187.123 port 34030 ssh2
Jun 23 04:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Connection closed by 144.225.187.123 port 34030 [preauth]
Jun 23 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Failed password for invalid user ts3 from 141.11.88.12 port 53698 ssh2
Jun 23 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Connection closed by 141.11.88.12 port 53698 [preauth]
Jun 23 04:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Invalid user webuser from 141.11.88.12
Jun 23 04:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: input_userauth_request: invalid user webuser [preauth]
Jun 23 04:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Failed password for invalid user webuser from 141.11.88.12 port 10172 ssh2
Jun 23 04:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Connection closed by 141.11.88.12 port 10172 [preauth]
Jun 23 04:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Invalid user carlos from 141.11.88.12
Jun 23 04:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: input_userauth_request: invalid user carlos [preauth]
Jun 23 04:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Failed password for invalid user carlos from 141.11.88.12 port 10200 ssh2
Jun 23 04:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Connection closed by 141.11.88.12 port 10200 [preauth]
Jun 23 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16149]: pam_unix(cron:session): session closed for user root
Jun 23 04:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: Invalid user fernando from 141.11.88.12
Jun 23 04:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: input_userauth_request: invalid user fernando [preauth]
Jun 23 04:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: Failed password for invalid user fernando from 141.11.88.12 port 12458 ssh2
Jun 23 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: Connection closed by 141.11.88.12 port 12458 [preauth]
Jun 23 04:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for root from 141.11.88.12 port 30522 ssh2
Jun 23 04:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Connection closed by 141.11.88.12 port 30522 [preauth]
Jun 23 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: Invalid user sharon from 141.11.88.12
Jun 23 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: input_userauth_request: invalid user sharon [preauth]
Jun 23 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: Failed password for invalid user sharon from 141.11.88.12 port 30592 ssh2
Jun 23 04:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: Connection closed by 141.11.88.12 port 30592 [preauth]
Jun 23 04:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Invalid user kafka from 141.11.88.12
Jun 23 04:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: input_userauth_request: invalid user kafka [preauth]
Jun 23 04:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: Invalid user upload from 144.225.187.123
Jun 23 04:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: input_userauth_request: invalid user upload [preauth]
Jun 23 04:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Failed password for invalid user kafka from 141.11.88.12 port 37130 ssh2
Jun 23 04:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17603]: Connection closed by 141.11.88.12 port 37130 [preauth]
Jun 23 04:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: Failed password for invalid user upload from 144.225.187.123 port 39598 ssh2
Jun 23 04:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: Connection closed by 144.225.187.123 port 39598 [preauth]
Jun 23 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17617]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17772]: Successful su for rubyman by root
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17772]: + ??? root:rubyman
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575011 of user rubyman.
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17772]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575011.
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: Failed password for root from 141.11.88.12 port 37158 ssh2
Jun 23 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: Connection closed by 141.11.88.12 port 37158 [preauth]
Jun 23 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14844]: pam_unix(cron:session): session closed for user root
Jun 23 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Invalid user avalanche from 141.11.88.12
Jun 23 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: input_userauth_request: invalid user avalanche [preauth]
Jun 23 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Failed password for invalid user avalanche from 141.11.88.12 port 20372 ssh2
Jun 23 04:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Connection closed by 141.11.88.12 port 20372 [preauth]
Jun 23 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: Invalid user cloud from 141.11.88.12
Jun 23 04:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: input_userauth_request: invalid user cloud [preauth]
Jun 23 04:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: Failed password for invalid user cloud from 141.11.88.12 port 39752 ssh2
Jun 23 04:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: Connection closed by 141.11.88.12 port 39752 [preauth]
Jun 23 04:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Invalid user aman from 141.11.88.12
Jun 23 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: input_userauth_request: invalid user aman [preauth]
Jun 23 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Failed password for invalid user aman from 141.11.88.12 port 39780 ssh2
Jun 23 04:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Connection closed by 141.11.88.12 port 39780 [preauth]
Jun 23 04:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Invalid user test from 141.11.88.12
Jun 23 04:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: input_userauth_request: invalid user test [preauth]
Jun 23 04:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Failed password for invalid user test from 141.11.88.12 port 28246 ssh2
Jun 23 04:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Connection closed by 141.11.88.12 port 28246 [preauth]
Jun 23 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Invalid user root1 from 141.11.88.12
Jun 23 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: input_userauth_request: invalid user root1 [preauth]
Jun 23 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: Failed password for root from 144.225.187.123 port 43164 ssh2
Jun 23 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: Connection closed by 144.225.187.123 port 43164 [preauth]
Jun 23 04:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Failed password for invalid user root1 from 141.11.88.12 port 28276 ssh2
Jun 23 04:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Connection closed by 141.11.88.12 port 28276 [preauth]
Jun 23 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16570]: pam_unix(cron:session): session closed for user root
Jun 23 04:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: Invalid user log from 141.11.88.12
Jun 23 04:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: input_userauth_request: invalid user log [preauth]
Jun 23 04:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: Failed password for invalid user log from 141.11.88.12 port 10700 ssh2
Jun 23 04:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: Connection closed by 141.11.88.12 port 10700 [preauth]
Jun 23 04:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Invalid user andrea from 141.11.88.12
Jun 23 04:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: input_userauth_request: invalid user andrea [preauth]
Jun 23 04:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Failed password for invalid user andrea from 141.11.88.12 port 12380 ssh2
Jun 23 04:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Connection closed by 141.11.88.12 port 12380 [preauth]
Jun 23 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18128]: Invalid user app from 141.11.88.12
Jun 23 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18128]: input_userauth_request: invalid user app [preauth]
Jun 23 04:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18128]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18128]: Failed password for invalid user app from 141.11.88.12 port 12412 ssh2
Jun 23 04:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18128]: Connection closed by 141.11.88.12 port 12412 [preauth]
Jun 23 04:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: Failed password for root from 141.11.88.12 port 16168 ssh2
Jun 23 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: Connection closed by 141.11.88.12 port 16168 [preauth]
Jun 23 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Invalid user user from 141.11.88.12
Jun 23 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: input_userauth_request: invalid user user [preauth]
Jun 23 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18164]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18233]: Successful su for rubyman by root
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18233]: + ??? root:rubyman
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575015 of user rubyman.
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18233]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575015.
Jun 23 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Failed password for invalid user user from 141.11.88.12 port 16296 ssh2
Jun 23 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Connection closed by 141.11.88.12 port 16296 [preauth]
Jun 23 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session closed for user root
Jun 23 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18481]: Invalid user vagrant from 141.11.88.12
Jun 23 04:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18481]: input_userauth_request: invalid user vagrant [preauth]
Jun 23 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18481]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18166]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: Failed password for root from 144.225.187.123 port 53258 ssh2
Jun 23 04:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: Connection closed by 144.225.187.123 port 53258 [preauth]
Jun 23 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18481]: Failed password for invalid user vagrant from 141.11.88.12 port 25050 ssh2
Jun 23 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18481]: Connection closed by 141.11.88.12 port 25050 [preauth]
Jun 23 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Invalid user webadm from 141.11.88.12
Jun 23 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: input_userauth_request: invalid user webadm [preauth]
Jun 23 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Failed password for invalid user webadm from 141.11.88.12 port 44310 ssh2
Jun 23 04:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Connection closed by 141.11.88.12 port 44310 [preauth]
Jun 23 04:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18551]: Invalid user ftpuser from 141.11.88.12
Jun 23 04:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18551]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 04:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18551]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18551]: Failed password for invalid user ftpuser from 141.11.88.12 port 44350 ssh2
Jun 23 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18551]: Connection closed by 141.11.88.12 port 44350 [preauth]
Jun 23 04:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Invalid user xiao from 141.11.88.12
Jun 23 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: input_userauth_request: invalid user xiao [preauth]
Jun 23 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Failed password for root from 103.149.28.157 port 47510 ssh2
Jun 23 04:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Connection closed by 103.149.28.157 port 47510 [preauth]
Jun 23 04:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Failed password for invalid user xiao from 141.11.88.12 port 43514 ssh2
Jun 23 04:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Connection closed by 141.11.88.12 port 43514 [preauth]
Jun 23 04:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: Invalid user admin from 141.11.88.12
Jun 23 04:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: input_userauth_request: invalid user admin [preauth]
Jun 23 04:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17097]: pam_unix(cron:session): session closed for user root
Jun 23 04:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: Failed password for invalid user admin from 141.11.88.12 port 14450 ssh2
Jun 23 04:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: Connection closed by 141.11.88.12 port 14450 [preauth]
Jun 23 04:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Invalid user devops from 141.11.88.12
Jun 23 04:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: input_userauth_request: invalid user devops [preauth]
Jun 23 04:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: Failed password for root from 144.225.187.123 port 41922 ssh2
Jun 23 04:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: Connection closed by 144.225.187.123 port 41922 [preauth]
Jun 23 04:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Failed password for invalid user devops from 141.11.88.12 port 14494 ssh2
Jun 23 04:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Connection closed by 141.11.88.12 port 14494 [preauth]
Jun 23 04:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 04:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: Failed password for root from 103.82.132.16 port 47978 ssh2
Jun 23 04:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: Connection closed by 103.82.132.16 port 47978 [preauth]
Jun 23 04:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Failed password for root from 141.11.88.12 port 42646 ssh2
Jun 23 04:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Connection closed by 141.11.88.12 port 42646 [preauth]
Jun 23 04:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18661]: Invalid user test from 141.11.88.12
Jun 23 04:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18661]: input_userauth_request: invalid user test [preauth]
Jun 23 04:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18661]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18661]: Failed password for invalid user test from 141.11.88.12 port 42662 ssh2
Jun 23 04:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18661]: Connection closed by 141.11.88.12 port 42662 [preauth]
Jun 23 04:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: Invalid user jack from 141.11.88.12
Jun 23 04:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: input_userauth_request: invalid user jack [preauth]
Jun 23 04:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: Failed password for invalid user jack from 141.11.88.12 port 41970 ssh2
Jun 23 04:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18673]: Connection closed by 141.11.88.12 port 41970 [preauth]
Jun 23 04:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18688]: Invalid user hs from 141.11.88.12
Jun 23 04:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18688]: input_userauth_request: invalid user hs [preauth]
Jun 23 04:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18688]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18697]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18762]: Successful su for rubyman by root
Jun 23 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18762]: + ??? root:rubyman
Jun 23 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575020 of user rubyman.
Jun 23 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18762]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575020.
Jun 23 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18688]: Failed password for invalid user hs from 141.11.88.12 port 42010 ssh2
Jun 23 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18688]: Connection closed by 141.11.88.12 port 42010 [preauth]
Jun 23 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15735]: pam_unix(cron:session): session closed for user root
Jun 23 04:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18698]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: Invalid user kafka from 141.11.88.12
Jun 23 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: input_userauth_request: invalid user kafka [preauth]
Jun 23 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: Failed password for invalid user kafka from 141.11.88.12 port 36174 ssh2
Jun 23 04:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: Connection closed by 141.11.88.12 port 36174 [preauth]
Jun 23 04:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18976]: Failed password for root from 141.11.88.12 port 33184 ssh2
Jun 23 04:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Failed password for root from 144.225.187.123 port 39908 ssh2
Jun 23 04:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18976]: Connection closed by 141.11.88.12 port 33184 [preauth]
Jun 23 04:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Connection closed by 144.225.187.123 port 39908 [preauth]
Jun 23 04:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: Invalid user admin from 141.11.88.12
Jun 23 04:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: input_userauth_request: invalid user admin [preauth]
Jun 23 04:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: Failed password for invalid user admin from 141.11.88.12 port 33188 ssh2
Jun 23 04:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: Connection closed by 141.11.88.12 port 33188 [preauth]
Jun 23 04:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: Failed password for root from 141.11.88.12 port 45830 ssh2
Jun 23 04:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: Connection closed by 141.11.88.12 port 45830 [preauth]
Jun 23 04:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Failed password for root from 141.11.88.12 port 45856 ssh2
Jun 23 04:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Connection closed by 141.11.88.12 port 45856 [preauth]
Jun 23 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session closed for user root
Jun 23 04:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: Invalid user python from 141.11.88.12
Jun 23 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: input_userauth_request: invalid user python [preauth]
Jun 23 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: Failed password for invalid user python from 141.11.88.12 port 16742 ssh2
Jun 23 04:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: Connection closed by 141.11.88.12 port 16742 [preauth]
Jun 23 04:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: Invalid user demo from 141.11.88.12
Jun 23 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: input_userauth_request: invalid user demo [preauth]
Jun 23 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: Failed password for invalid user demo from 141.11.88.12 port 16752 ssh2
Jun 23 04:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19074]: Connection closed by 141.11.88.12 port 16752 [preauth]
Jun 23 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: Failed password for root from 141.11.88.12 port 14306 ssh2
Jun 23 04:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: Connection closed by 141.11.88.12 port 14306 [preauth]
Jun 23 04:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: Failed password for root from 144.225.187.123 port 47628 ssh2
Jun 23 04:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: Connection closed by 144.225.187.123 port 47628 [preauth]
Jun 23 04:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: Invalid user user from 141.98.83.240
Jun 23 04:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: input_userauth_request: invalid user user [preauth]
Jun 23 04:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 04:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: Failed password for invalid user user from 141.98.83.240 port 19946 ssh2
Jun 23 04:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Failed password for root from 141.11.88.12 port 14362 ssh2
Jun 23 04:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Connection closed by 141.11.88.12 port 14362 [preauth]
Jun 23 04:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: Failed password for invalid user user from 141.98.83.240 port 19946 ssh2
Jun 23 04:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: Failed password for invalid user user from 141.98.83.240 port 19946 ssh2
Jun 23 04:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: Invalid user www from 141.11.88.12
Jun 23 04:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: input_userauth_request: invalid user www [preauth]
Jun 23 04:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: Connection closed by 141.98.83.240 port 19946 [preauth]
Jun 23 04:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 04:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: Failed password for invalid user www from 141.11.88.12 port 17988 ssh2
Jun 23 04:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19219]: Connection closed by 141.11.88.12 port 17988 [preauth]
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19232]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19296]: Successful su for rubyman by root
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19296]: + ??? root:rubyman
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575023 of user rubyman.
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19296]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575023.
Jun 23 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Invalid user avax from 141.11.88.12
Jun 23 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: input_userauth_request: invalid user avax [preauth]
Jun 23 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16148]: pam_unix(cron:session): session closed for user root
Jun 23 04:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Failed password for invalid user avax from 141.11.88.12 port 61760 ssh2
Jun 23 04:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Connection closed by 141.11.88.12 port 61760 [preauth]
Jun 23 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19233]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for root from 141.11.88.12 port 61776 ssh2
Jun 23 04:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Connection closed by 141.11.88.12 port 61776 [preauth]
Jun 23 04:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Invalid user alpha from 141.11.88.12
Jun 23 04:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: input_userauth_request: invalid user alpha [preauth]
Jun 23 04:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Failed password for invalid user alpha from 141.11.88.12 port 50078 ssh2
Jun 23 04:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Connection closed by 141.11.88.12 port 50078 [preauth]
Jun 23 04:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19714]: Invalid user gmod from 141.11.88.12
Jun 23 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19714]: input_userauth_request: invalid user gmod [preauth]
Jun 23 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19714]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19714]: Failed password for invalid user gmod from 141.11.88.12 port 50102 ssh2
Jun 23 04:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19714]: Connection closed by 141.11.88.12 port 50102 [preauth]
Jun 23 04:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Invalid user admin from 144.225.187.123
Jun 23 04:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: input_userauth_request: invalid user admin [preauth]
Jun 23 04:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Failed password for invalid user admin from 144.225.187.123 port 44656 ssh2
Jun 23 04:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Connection closed by 144.225.187.123 port 44656 [preauth]
Jun 23 04:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: Invalid user security from 141.11.88.12
Jun 23 04:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: input_userauth_request: invalid user security [preauth]
Jun 23 04:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: Failed password for invalid user security from 141.11.88.12 port 30232 ssh2
Jun 23 04:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: Connection closed by 141.11.88.12 port 30232 [preauth]
Jun 23 04:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Invalid user g from 141.11.88.12
Jun 23 04:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: input_userauth_request: invalid user g [preauth]
Jun 23 04:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Failed password for invalid user g from 141.11.88.12 port 43932 ssh2
Jun 23 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Connection closed by 141.11.88.12 port 43932 [preauth]
Jun 23 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session closed for user root
Jun 23 04:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19797]: Invalid user system from 141.11.88.12
Jun 23 04:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19797]: input_userauth_request: invalid user system [preauth]
Jun 23 04:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19797]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19797]: Failed password for invalid user system from 141.11.88.12 port 43954 ssh2
Jun 23 04:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19797]: Connection closed by 141.11.88.12 port 43954 [preauth]
Jun 23 04:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: Failed password for root from 141.11.88.12 port 49162 ssh2
Jun 23 04:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: Connection closed by 141.11.88.12 port 49162 [preauth]
Jun 23 04:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 04:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Failed password for root from 38.93.206.2 port 23200 ssh2
Jun 23 04:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Connection closed by 38.93.206.2 port 23200 [preauth]
Jun 23 04:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Invalid user xbot from 141.11.88.12
Jun 23 04:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: input_userauth_request: invalid user xbot [preauth]
Jun 23 04:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Failed password for invalid user xbot from 141.11.88.12 port 49168 ssh2
Jun 23 04:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Connection closed by 141.11.88.12 port 49168 [preauth]
Jun 23 04:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: Invalid user app from 141.11.88.12
Jun 23 04:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: input_userauth_request: invalid user app [preauth]
Jun 23 04:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: Failed password for invalid user app from 141.11.88.12 port 60642 ssh2
Jun 23 04:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: Connection closed by 141.11.88.12 port 60642 [preauth]
Jun 23 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: Failed password for root from 144.225.187.123 port 59190 ssh2
Jun 23 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: Connection closed by 144.225.187.123 port 59190 [preauth]
Jun 23 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session closed for user root
Jun 23 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: Successful su for rubyman by root
Jun 23 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: + ??? root:rubyman
Jun 23 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575030 of user rubyman.
Jun 23 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575030.
Jun 23 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Invalid user sam from 141.11.88.12
Jun 23 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: input_userauth_request: invalid user sam [preauth]
Jun 23 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session closed for user root
Jun 23 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16569]: pam_unix(cron:session): session closed for user root
Jun 23 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Failed password for invalid user sam from 141.11.88.12 port 17404 ssh2
Jun 23 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Connection closed by 141.11.88.12 port 17404 [preauth]
Jun 23 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Invalid user admin from 95.182.81.3
Jun 23 04:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: input_userauth_request: invalid user admin [preauth]
Jun 23 04:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.182.81.3
Jun 23 04:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: Invalid user jeff from 141.11.88.12
Jun 23 04:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: input_userauth_request: invalid user jeff [preauth]
Jun 23 04:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Failed password for invalid user admin from 95.182.81.3 port 49388 ssh2
Jun 23 04:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Connection closed by 95.182.81.3 port 49388 [preauth]
Jun 23 04:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: Failed password for invalid user jeff from 141.11.88.12 port 17412 ssh2
Jun 23 04:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: Connection closed by 141.11.88.12 port 17412 [preauth]
Jun 23 04:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Invalid user ubnt from 95.182.81.3
Jun 23 04:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: input_userauth_request: invalid user ubnt [preauth]
Jun 23 04:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.182.81.3
Jun 23 04:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Failed password for invalid user ubnt from 95.182.81.3 port 49396 ssh2
Jun 23 04:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Connection closed by 95.182.81.3 port 49396 [preauth]
Jun 23 04:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: Failed password for root from 141.11.88.12 port 20762 ssh2
Jun 23 04:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: Connection closed by 141.11.88.12 port 20762 [preauth]
Jun 23 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: Invalid user support from 95.182.81.3
Jun 23 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: input_userauth_request: invalid user support [preauth]
Jun 23 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.182.81.3
Jun 23 04:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: Failed password for invalid user support from 95.182.81.3 port 39156 ssh2
Jun 23 04:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20280]: Connection closed by 95.182.81.3 port 39156 [preauth]
Jun 23 04:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20293]: Invalid user deploy from 141.11.88.12
Jun 23 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20293]: input_userauth_request: invalid user deploy [preauth]
Jun 23 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20295]: Invalid user RPM from 95.182.81.3
Jun 23 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20295]: input_userauth_request: invalid user RPM [preauth]
Jun 23 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20295]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.182.81.3
Jun 23 04:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20293]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20295]: Failed password for invalid user RPM from 95.182.81.3 port 39166 ssh2
Jun 23 04:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20295]: Connection closed by 95.182.81.3 port 39166 [preauth]
Jun 23 04:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20293]: Failed password for invalid user deploy from 141.11.88.12 port 13016 ssh2
Jun 23 04:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20293]: Connection closed by 141.11.88.12 port 13016 [preauth]
Jun 23 04:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Invalid user p from 141.11.88.12
Jun 23 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: input_userauth_request: invalid user p [preauth]
Jun 23 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: User sshd from 95.182.81.3 not allowed because not listed in AllowUsers
Jun 23 04:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: input_userauth_request: invalid user sshd [preauth]
Jun 23 04:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.182.81.3  user=sshd
Jun 23 04:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Failed password for invalid user p from 141.11.88.12 port 13052 ssh2
Jun 23 04:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Failed password for invalid user sshd from 95.182.81.3 port 53536 ssh2
Jun 23 04:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Connection closed by 95.182.81.3 port 53536 [preauth]
Jun 23 04:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Connection closed by 141.11.88.12 port 13052 [preauth]
Jun 23 04:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18700]: pam_unix(cron:session): session closed for user root
Jun 23 04:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: Failed password for root from 144.225.187.123 port 46492 ssh2
Jun 23 04:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20336]: Connection closed by 144.225.187.123 port 46492 [preauth]
Jun 23 04:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: Invalid user debian from 141.11.88.12
Jun 23 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: input_userauth_request: invalid user debian [preauth]
Jun 23 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Invalid user monitor from 95.182.81.3
Jun 23 04:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: input_userauth_request: invalid user monitor [preauth]
Jun 23 04:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.182.81.3
Jun 23 04:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: Failed password for invalid user debian from 141.11.88.12 port 49958 ssh2
Jun 23 04:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: Connection closed by 141.11.88.12 port 49958 [preauth]
Jun 23 04:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Failed password for invalid user monitor from 95.182.81.3 port 46884 ssh2
Jun 23 04:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Connection closed by 95.182.81.3 port 46884 [preauth]
Jun 23 04:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: Invalid user bot from 141.11.88.12
Jun 23 04:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: input_userauth_request: invalid user bot [preauth]
Jun 23 04:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: Failed password for invalid user bot from 141.11.88.12 port 47906 ssh2
Jun 23 04:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: Connection closed by 141.11.88.12 port 47906 [preauth]
Jun 23 04:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: Invalid user minecraft from 141.11.88.12
Jun 23 04:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 04:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: Failed password for invalid user minecraft from 141.11.88.12 port 47972 ssh2
Jun 23 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: Connection closed by 141.11.88.12 port 47972 [preauth]
Jun 23 04:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Invalid user devuser from 141.11.88.12
Jun 23 04:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: input_userauth_request: invalid user devuser [preauth]
Jun 23 04:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Failed password for invalid user devuser from 141.11.88.12 port 31602 ssh2
Jun 23 04:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Connection closed by 141.11.88.12 port 31602 [preauth]
Jun 23 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20446]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20518]: Successful su for rubyman by root
Jun 23 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20518]: + ??? root:rubyman
Jun 23 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575033 of user rubyman.
Jun 23 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20518]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575033.
Jun 23 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: Invalid user chenxi from 141.11.88.12
Jun 23 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: input_userauth_request: invalid user chenxi [preauth]
Jun 23 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: Failed password for invalid user chenxi from 141.11.88.12 port 11544 ssh2
Jun 23 04:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20443]: Connection closed by 141.11.88.12 port 11544 [preauth]
Jun 23 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17096]: pam_unix(cron:session): session closed for user root
Jun 23 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20447]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Invalid user kali from 141.11.88.12
Jun 23 04:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: input_userauth_request: invalid user kali [preauth]
Jun 23 04:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: Failed password for root from 144.225.187.123 port 50532 ssh2
Jun 23 04:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: Connection closed by 144.225.187.123 port 50532 [preauth]
Jun 23 04:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Failed password for invalid user kali from 141.11.88.12 port 11572 ssh2
Jun 23 04:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Connection closed by 141.11.88.12 port 11572 [preauth]
Jun 23 04:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: Invalid user vpn from 141.11.88.12
Jun 23 04:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: input_userauth_request: invalid user vpn [preauth]
Jun 23 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: Failed password for invalid user vpn from 141.11.88.12 port 34958 ssh2
Jun 23 04:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: Connection closed by 141.11.88.12 port 34958 [preauth]
Jun 23 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: Invalid user botuser from 141.11.88.12
Jun 23 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: input_userauth_request: invalid user botuser [preauth]
Jun 23 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: Failed password for invalid user botuser from 141.11.88.12 port 36862 ssh2
Jun 23 04:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: Connection closed by 141.11.88.12 port 36862 [preauth]
Jun 23 04:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Invalid user qwer from 141.11.88.12
Jun 23 04:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: input_userauth_request: invalid user qwer [preauth]
Jun 23 04:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Failed password for invalid user qwer from 141.11.88.12 port 36936 ssh2
Jun 23 04:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Connection closed by 141.11.88.12 port 36936 [preauth]
Jun 23 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19235]: pam_unix(cron:session): session closed for user root
Jun 23 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20900]: Invalid user uftp from 141.11.88.12
Jun 23 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20900]: input_userauth_request: invalid user uftp [preauth]
Jun 23 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20900]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20900]: Failed password for invalid user uftp from 141.11.88.12 port 22556 ssh2
Jun 23 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20900]: Connection closed by 141.11.88.12 port 22556 [preauth]
Jun 23 04:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20925]: Invalid user local from 141.11.88.12
Jun 23 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20925]: input_userauth_request: invalid user local [preauth]
Jun 23 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20925]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for root from 144.225.187.123 port 53422 ssh2
Jun 23 04:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20925]: Failed password for invalid user local from 141.11.88.12 port 65170 ssh2
Jun 23 04:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Connection closed by 144.225.187.123 port 53422 [preauth]
Jun 23 04:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20925]: Connection closed by 141.11.88.12 port 65170 [preauth]
Jun 23 04:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Failed password for root from 141.11.88.12 port 65206 ssh2
Jun 23 04:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Connection closed by 141.11.88.12 port 65206 [preauth]
Jun 23 04:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Failed password for invalid user ubuntu from 141.11.88.12 port 46784 ssh2
Jun 23 04:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Connection closed by 141.11.88.12 port 46784 [preauth]
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20965]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: Successful su for rubyman by root
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: + ??? root:rubyman
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575037 of user rubyman.
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575037.
Jun 23 04:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session closed for user root
Jun 23 04:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20966]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Failed password for root from 141.11.88.12 port 11384 ssh2
Jun 23 04:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Connection closed by 141.11.88.12 port 11384 [preauth]
Jun 23 04:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Invalid user dev from 141.11.88.12
Jun 23 04:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: input_userauth_request: invalid user dev [preauth]
Jun 23 04:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Failed password for invalid user dev from 141.11.88.12 port 11406 ssh2
Jun 23 04:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Connection closed by 141.11.88.12 port 11406 [preauth]
Jun 23 04:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: Invalid user hadoop from 141.11.88.12
Jun 23 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: Failed password for invalid user hadoop from 141.11.88.12 port 46072 ssh2
Jun 23 04:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: Connection closed by 141.11.88.12 port 46072 [preauth]
Jun 23 04:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Invalid user user from 141.11.88.12
Jun 23 04:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: input_userauth_request: invalid user user [preauth]
Jun 23 04:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Failed password for invalid user user from 141.11.88.12 port 23462 ssh2
Jun 23 04:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Connection closed by 141.11.88.12 port 23462 [preauth]
Jun 23 04:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: Invalid user test from 141.11.88.12
Jun 23 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: input_userauth_request: invalid user test [preauth]
Jun 23 04:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: Failed password for invalid user test from 141.11.88.12 port 23506 ssh2
Jun 23 04:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: Connection closed by 141.11.88.12 port 23506 [preauth]
Jun 23 04:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19877]: pam_unix(cron:session): session closed for user root
Jun 23 04:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Invalid user claude from 141.11.88.12
Jun 23 04:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: input_userauth_request: invalid user claude [preauth]
Jun 23 04:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Failed password for invalid user claude from 141.11.88.12 port 59092 ssh2
Jun 23 04:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Connection closed by 141.11.88.12 port 59092 [preauth]
Jun 23 04:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: Invalid user bob from 141.11.88.12
Jun 23 04:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: input_userauth_request: invalid user bob [preauth]
Jun 23 04:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21337]: Failed password for root from 144.225.187.123 port 46612 ssh2
Jun 23 04:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: Failed password for invalid user bob from 141.11.88.12 port 18132 ssh2
Jun 23 04:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21348]: Connection closed by 141.11.88.12 port 18132 [preauth]
Jun 23 04:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21337]: Connection closed by 144.225.187.123 port 46612 [preauth]
Jun 23 04:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: Invalid user user from 141.11.88.12
Jun 23 04:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: input_userauth_request: invalid user user [preauth]
Jun 23 04:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: Failed password for invalid user user from 141.11.88.12 port 18226 ssh2
Jun 23 04:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: Connection closed by 141.11.88.12 port 18226 [preauth]
Jun 23 04:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Invalid user zabbix from 141.11.88.12
Jun 23 04:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: input_userauth_request: invalid user zabbix [preauth]
Jun 23 04:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Failed password for invalid user zabbix from 141.11.88.12 port 59928 ssh2
Jun 23 04:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Connection closed by 141.11.88.12 port 59928 [preauth]
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21394]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21459]: Successful su for rubyman by root
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21459]: + ??? root:rubyman
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575041 of user rubyman.
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21459]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575041.
Jun 23 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Invalid user deployer from 141.11.88.12
Jun 23 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: input_userauth_request: invalid user deployer [preauth]
Jun 23 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session closed for user root
Jun 23 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Failed password for invalid user deployer from 141.11.88.12 port 54344 ssh2
Jun 23 04:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Connection closed by 141.11.88.12 port 54344 [preauth]
Jun 23 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21395]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: Invalid user sysupdate from 141.11.88.12
Jun 23 04:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: input_userauth_request: invalid user sysupdate [preauth]
Jun 23 04:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: Failed password for invalid user sysupdate from 141.11.88.12 port 54450 ssh2
Jun 23 04:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: Connection closed by 141.11.88.12 port 54450 [preauth]
Jun 23 04:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: Failed password for root from 141.11.88.12 port 39734 ssh2
Jun 23 04:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: Connection closed by 141.11.88.12 port 39734 [preauth]
Jun 23 04:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: Failed password for root from 141.11.88.12 port 39798 ssh2
Jun 23 04:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: Connection closed by 141.11.88.12 port 39798 [preauth]
Jun 23 04:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: Invalid user peter from 141.11.88.12
Jun 23 04:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: input_userauth_request: invalid user peter [preauth]
Jun 23 04:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: Failed password for invalid user peter from 141.11.88.12 port 30858 ssh2
Jun 23 04:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: Connection closed by 141.11.88.12 port 30858 [preauth]
Jun 23 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20449]: pam_unix(cron:session): session closed for user root
Jun 23 04:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: Invalid user ahmad from 141.11.88.12
Jun 23 04:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: input_userauth_request: invalid user ahmad [preauth]
Jun 23 04:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: Failed password for invalid user ahmad from 141.11.88.12 port 16174 ssh2
Jun 23 04:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: Connection closed by 141.11.88.12 port 16174 [preauth]
Jun 23 04:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Invalid user test from 141.11.88.12
Jun 23 04:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: input_userauth_request: invalid user test [preauth]
Jun 23 04:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Failed password for invalid user test from 141.11.88.12 port 16196 ssh2
Jun 23 04:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Connection closed by 141.11.88.12 port 16196 [preauth]
Jun 23 04:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Invalid user bitnami from 141.11.88.12
Jun 23 04:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: input_userauth_request: invalid user bitnami [preauth]
Jun 23 04:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Failed password for invalid user bitnami from 141.11.88.12 port 39398 ssh2
Jun 23 04:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Connection closed by 141.11.88.12 port 39398 [preauth]
Jun 23 04:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Failed password for root from 144.225.187.123 port 55860 ssh2
Jun 23 04:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Connection closed by 144.225.187.123 port 55860 [preauth]
Jun 23 04:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: Failed password for root from 141.11.88.12 port 43336 ssh2
Jun 23 04:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: Connection closed by 141.11.88.12 port 43336 [preauth]
Jun 23 04:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Failed password for invalid user ubuntu from 141.11.88.12 port 43376 ssh2
Jun 23 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Connection closed by 141.11.88.12 port 43376 [preauth]
Jun 23 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21859]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21979]: Successful su for rubyman by root
Jun 23 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21979]: + ??? root:rubyman
Jun 23 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575045 of user rubyman.
Jun 23 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21979]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575045.
Jun 23 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21857]: pam_unix(cron:session): session closed for user root
Jun 23 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18699]: pam_unix(cron:session): session closed for user root
Jun 23 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: Invalid user postgres from 141.11.88.12
Jun 23 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: input_userauth_request: invalid user postgres [preauth]
Jun 23 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21860]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: Failed password for invalid user postgres from 141.11.88.12 port 62684 ssh2
Jun 23 04:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: Connection closed by 141.11.88.12 port 62684 [preauth]
Jun 23 04:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: Invalid user cp from 141.11.88.12
Jun 23 04:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: input_userauth_request: invalid user cp [preauth]
Jun 23 04:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: Failed password for invalid user cp from 141.11.88.12 port 62700 ssh2
Jun 23 04:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22202]: Connection closed by 141.11.88.12 port 62700 [preauth]
Jun 23 04:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: Invalid user ftpadmin from 141.11.88.12
Jun 23 04:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: input_userauth_request: invalid user ftpadmin [preauth]
Jun 23 04:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: Failed password for invalid user ftpadmin from 141.11.88.12 port 42470 ssh2
Jun 23 04:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: Connection closed by 141.11.88.12 port 42470 [preauth]
Jun 23 04:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Invalid user admin123 from 141.11.88.12
Jun 23 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: input_userauth_request: invalid user admin123 [preauth]
Jun 23 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Failed password for invalid user admin123 from 141.11.88.12 port 44000 ssh2
Jun 23 04:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Connection closed by 141.11.88.12 port 44000 [preauth]
Jun 23 04:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: Invalid user codex from 141.11.88.12
Jun 23 04:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: input_userauth_request: invalid user codex [preauth]
Jun 23 04:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: Failed password for invalid user codex from 141.11.88.12 port 44012 ssh2
Jun 23 04:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: Connection closed by 141.11.88.12 port 44012 [preauth]
Jun 23 04:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session closed for user root
Jun 23 04:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Invalid user tactical from 141.11.88.12
Jun 23 04:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: input_userauth_request: invalid user tactical [preauth]
Jun 23 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Failed password for invalid user tactical from 141.11.88.12 port 56290 ssh2
Jun 23 04:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Connection closed by 141.11.88.12 port 56290 [preauth]
Jun 23 04:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22403]: Invalid user ts3 from 141.11.88.12
Jun 23 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22403]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 04:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22403]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22403]: Failed password for invalid user ts3 from 141.11.88.12 port 45298 ssh2
Jun 23 04:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22403]: Connection closed by 141.11.88.12 port 45298 [preauth]
Jun 23 04:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Invalid user matias from 141.11.88.12
Jun 23 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: input_userauth_request: invalid user matias [preauth]
Jun 23 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Failed password for invalid user matias from 141.11.88.12 port 45330 ssh2
Jun 23 04:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Connection closed by 141.11.88.12 port 45330 [preauth]
Jun 23 04:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22425]: Invalid user peertube from 144.225.187.123
Jun 23 04:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22425]: input_userauth_request: invalid user peertube [preauth]
Jun 23 04:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22425]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22425]: Failed password for invalid user peertube from 144.225.187.123 port 37322 ssh2
Jun 23 04:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Invalid user user from 141.11.88.12
Jun 23 04:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: input_userauth_request: invalid user user [preauth]
Jun 23 04:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22425]: Connection closed by 144.225.187.123 port 37322 [preauth]
Jun 23 04:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Failed password for invalid user user from 141.11.88.12 port 34268 ssh2
Jun 23 04:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Connection closed by 141.11.88.12 port 34268 [preauth]
Jun 23 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22464]: pam_unix(cron:session): session closed for user root
Jun 23 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22528]: Successful su for rubyman by root
Jun 23 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22528]: + ??? root:rubyman
Jun 23 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575050 of user rubyman.
Jun 23 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22528]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575050.
Jun 23 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22461]: pam_unix(cron:session): session closed for user root
Jun 23 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19234]: pam_unix(cron:session): session closed for user root
Jun 23 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: Failed password for invalid user ubuntu from 141.11.88.12 port 54186 ssh2
Jun 23 04:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: Connection closed by 141.11.88.12 port 54186 [preauth]
Jun 23 04:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22460]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22737]: Invalid user martin from 141.11.88.12
Jun 23 04:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22737]: input_userauth_request: invalid user martin [preauth]
Jun 23 04:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22737]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22737]: Failed password for invalid user martin from 141.11.88.12 port 54198 ssh2
Jun 23 04:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22737]: Connection closed by 141.11.88.12 port 54198 [preauth]
Jun 23 04:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22747]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22747]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22747]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22747]: Failed password for invalid user ubuntu from 141.11.88.12 port 63042 ssh2
Jun 23 04:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22747]: Connection closed by 141.11.88.12 port 63042 [preauth]
Jun 23 04:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: Invalid user alex from 141.11.88.12
Jun 23 04:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: input_userauth_request: invalid user alex [preauth]
Jun 23 04:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: Failed password for invalid user alex from 141.11.88.12 port 63092 ssh2
Jun 23 04:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: Connection closed by 141.11.88.12 port 63092 [preauth]
Jun 23 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22812]: Invalid user ecommerce from 141.11.88.12
Jun 23 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22812]: input_userauth_request: invalid user ecommerce [preauth]
Jun 23 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22812]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 04:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22812]: Failed password for invalid user ecommerce from 141.11.88.12 port 18296 ssh2
Jun 23 04:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22812]: Connection closed by 141.11.88.12 port 18296 [preauth]
Jun 23 04:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22815]: Failed password for root from 147.45.199.80 port 39048 ssh2
Jun 23 04:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22815]: Connection closed by 147.45.199.80 port 39048 [preauth]
Jun 23 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21397]: pam_unix(cron:session): session closed for user root
Jun 23 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Failed password for invalid user ubuntu from 141.11.88.12 port 11364 ssh2
Jun 23 04:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Connection closed by 141.11.88.12 port 11364 [preauth]
Jun 23 04:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22857]: Invalid user headscale from 141.11.88.12
Jun 23 04:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22857]: input_userauth_request: invalid user headscale [preauth]
Jun 23 04:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22857]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22857]: Failed password for invalid user headscale from 141.11.88.12 port 11388 ssh2
Jun 23 04:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22857]: Connection closed by 141.11.88.12 port 11388 [preauth]
Jun 23 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: Invalid user solana from 141.11.88.12
Jun 23 04:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: input_userauth_request: invalid user solana [preauth]
Jun 23 04:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: Failed password for invalid user solana from 141.11.88.12 port 40352 ssh2
Jun 23 04:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: Connection closed by 141.11.88.12 port 40352 [preauth]
Jun 23 04:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Invalid user deploy from 141.11.88.12
Jun 23 04:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: input_userauth_request: invalid user deploy [preauth]
Jun 23 04:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Failed password for invalid user deploy from 141.11.88.12 port 23966 ssh2
Jun 23 04:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Connection closed by 141.11.88.12 port 23966 [preauth]
Jun 23 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: Invalid user osboxes from 144.225.187.123
Jun 23 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: input_userauth_request: invalid user osboxes [preauth]
Jun 23 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: Invalid user user from 141.11.88.12
Jun 23 04:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: input_userauth_request: invalid user user [preauth]
Jun 23 04:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: Failed password for invalid user osboxes from 144.225.187.123 port 52518 ssh2
Jun 23 04:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 04:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: Connection closed by 144.225.187.123 port 52518 [preauth]
Jun 23 04:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: Failed password for invalid user user from 141.11.88.12 port 23988 ssh2
Jun 23 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: Connection closed by 141.11.88.12 port 23988 [preauth]
Jun 23 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22987]: Successful su for rubyman by root
Jun 23 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22987]: + ??? root:rubyman
Jun 23 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575058 of user rubyman.
Jun 23 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22987]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575058.
Jun 23 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: Failed password for root from 103.27.238.116 port 48042 ssh2
Jun 23 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: Connection closed by 103.27.238.116 port 48042 [preauth]
Jun 23 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Invalid user jarvis from 141.11.88.12
Jun 23 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: input_userauth_request: invalid user jarvis [preauth]
Jun 23 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session closed for user root
Jun 23 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22921]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Failed password for invalid user jarvis from 141.11.88.12 port 53410 ssh2
Jun 23 04:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Connection closed by 141.11.88.12 port 53410 [preauth]
Jun 23 04:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: Invalid user cc from 141.11.88.12
Jun 23 04:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: input_userauth_request: invalid user cc [preauth]
Jun 23 04:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: Failed password for invalid user cc from 141.11.88.12 port 53432 ssh2
Jun 23 04:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: Connection closed by 141.11.88.12 port 53432 [preauth]
Jun 23 04:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23203]: Invalid user openclaw from 141.11.88.12
Jun 23 04:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23203]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 04:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23203]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23203]: Failed password for invalid user openclaw from 141.11.88.12 port 51462 ssh2
Jun 23 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23203]: Connection closed by 141.11.88.12 port 51462 [preauth]
Jun 23 04:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23215]: Failed password for root from 141.11.88.12 port 45174 ssh2
Jun 23 04:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23215]: Connection closed by 141.11.88.12 port 45174 [preauth]
Jun 23 04:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Invalid user teamspeak from 141.11.88.12
Jun 23 04:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 04:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Failed password for invalid user teamspeak from 141.11.88.12 port 45202 ssh2
Jun 23 04:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Connection closed by 141.11.88.12 port 45202 [preauth]
Jun 23 04:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21863]: pam_unix(cron:session): session closed for user root
Jun 23 04:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Failed password for invalid user ubuntu from 141.11.88.12 port 42368 ssh2
Jun 23 04:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Connection closed by 141.11.88.12 port 42368 [preauth]
Jun 23 04:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Invalid user postgres from 141.11.88.12
Jun 23 04:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: input_userauth_request: invalid user postgres [preauth]
Jun 23 04:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Failed password for invalid user postgres from 141.11.88.12 port 16504 ssh2
Jun 23 04:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Connection closed by 141.11.88.12 port 16504 [preauth]
Jun 23 04:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Invalid user odroid from 141.11.88.12
Jun 23 04:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: input_userauth_request: invalid user odroid [preauth]
Jun 23 04:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Failed password for invalid user odroid from 141.11.88.12 port 16544 ssh2
Jun 23 04:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Connection closed by 141.11.88.12 port 16544 [preauth]
Jun 23 04:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Invalid user www from 141.11.88.12
Jun 23 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: input_userauth_request: invalid user www [preauth]
Jun 23 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Failed password for invalid user www from 141.11.88.12 port 30416 ssh2
Jun 23 04:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Connection closed by 141.11.88.12 port 30416 [preauth]
Jun 23 04:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23364]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Failed password for root from 144.225.187.123 port 38404 ssh2
Jun 23 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23429]: Successful su for rubyman by root
Jun 23 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23429]: + ??? root:rubyman
Jun 23 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575062 of user rubyman.
Jun 23 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23429]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575062.
Jun 23 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Connection closed by 144.225.187.123 port 38404 [preauth]
Jun 23 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: Invalid user jenkins from 141.11.88.12
Jun 23 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20448]: pam_unix(cron:session): session closed for user root
Jun 23 04:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: Failed password for invalid user jenkins from 141.11.88.12 port 19934 ssh2
Jun 23 04:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23461]: Connection closed by 141.11.88.12 port 19934 [preauth]
Jun 23 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23365]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: Invalid user kevin from 141.11.88.12
Jun 23 04:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: input_userauth_request: invalid user kevin [preauth]
Jun 23 04:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: Failed password for invalid user kevin from 141.11.88.12 port 19958 ssh2
Jun 23 04:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: Connection closed by 141.11.88.12 port 19958 [preauth]
Jun 23 04:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Invalid user debian from 141.11.88.12
Jun 23 04:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: input_userauth_request: invalid user debian [preauth]
Jun 23 04:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: Received disconnect from 195.160.220.149 port 41494:11: disconnected by user [preauth]
Jun 23 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: Disconnected from 195.160.220.149 port 41494 [preauth]
Jun 23 04:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Failed password for invalid user debian from 141.11.88.12 port 46926 ssh2
Jun 23 04:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Connection closed by 141.11.88.12 port 46926 [preauth]
Jun 23 04:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: Invalid user deployer from 141.11.88.12
Jun 23 04:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: input_userauth_request: invalid user deployer [preauth]
Jun 23 04:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: Failed password for invalid user deployer from 141.11.88.12 port 64620 ssh2
Jun 23 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: Connection closed by 141.11.88.12 port 64620 [preauth]
Jun 23 04:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Invalid user web from 141.11.88.12
Jun 23 04:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: input_userauth_request: invalid user web [preauth]
Jun 23 04:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Failed password for invalid user web from 141.11.88.12 port 64656 ssh2
Jun 23 04:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Connection closed by 141.11.88.12 port 64656 [preauth]
Jun 23 04:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22463]: pam_unix(cron:session): session closed for user root
Jun 23 04:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23731]: Invalid user kafka from 141.11.88.12
Jun 23 04:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23731]: input_userauth_request: invalid user kafka [preauth]
Jun 23 04:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23731]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23731]: Failed password for invalid user kafka from 141.11.88.12 port 43758 ssh2
Jun 23 04:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23731]: Connection closed by 141.11.88.12 port 43758 [preauth]
Jun 23 04:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: Invalid user user from 141.11.88.12
Jun 23 04:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: input_userauth_request: invalid user user [preauth]
Jun 23 04:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: Failed password for invalid user user from 141.11.88.12 port 21774 ssh2
Jun 23 04:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23746]: Connection closed by 141.11.88.12 port 21774 [preauth]
Jun 23 04:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23772]: Invalid user postgres from 141.11.88.12
Jun 23 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23772]: input_userauth_request: invalid user postgres [preauth]
Jun 23 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23772]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23772]: Failed password for invalid user postgres from 141.11.88.12 port 21872 ssh2
Jun 23 04:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23772]: Connection closed by 141.11.88.12 port 21872 [preauth]
Jun 23 04:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 04:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: Failed password for root from 103.122.221.179 port 32842 ssh2
Jun 23 04:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: Connection closed by 103.122.221.179 port 32842 [preauth]
Jun 23 04:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Failed password for invalid user ubuntu from 141.11.88.12 port 24500 ssh2
Jun 23 04:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Connection closed by 141.11.88.12 port 24500 [preauth]
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23816]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: Successful su for rubyman by root
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: + ??? root:rubyman
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575064 of user rubyman.
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575064.
Jun 23 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23821]: Invalid user odoo from 141.11.88.12
Jun 23 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23821]: input_userauth_request: invalid user odoo [preauth]
Jun 23 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23821]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session closed for user root
Jun 23 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23821]: Failed password for invalid user odoo from 141.11.88.12 port 62802 ssh2
Jun 23 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23821]: Connection closed by 141.11.88.12 port 62802 [preauth]
Jun 23 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23817]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: Invalid user azureuser from 141.11.88.12
Jun 23 04:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 04:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: Failed password for invalid user azureuser from 141.11.88.12 port 62860 ssh2
Jun 23 04:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: Connection closed by 141.11.88.12 port 62860 [preauth]
Jun 23 04:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: Failed password for root from 144.225.187.123 port 60104 ssh2
Jun 23 04:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Invalid user cloud from 141.11.88.12
Jun 23 04:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: input_userauth_request: invalid user cloud [preauth]
Jun 23 04:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: Connection closed by 144.225.187.123 port 60104 [preauth]
Jun 23 04:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Failed password for invalid user cloud from 141.11.88.12 port 52308 ssh2
Jun 23 04:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Connection closed by 141.11.88.12 port 52308 [preauth]
Jun 23 04:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: Invalid user develop from 141.11.88.12
Jun 23 04:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: input_userauth_request: invalid user develop [preauth]
Jun 23 04:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: Failed password for invalid user develop from 141.11.88.12 port 52344 ssh2
Jun 23 04:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: Connection closed by 141.11.88.12 port 52344 [preauth]
Jun 23 04:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Invalid user deploy from 141.11.88.12
Jun 23 04:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: input_userauth_request: invalid user deploy [preauth]
Jun 23 04:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Failed password for invalid user deploy from 141.11.88.12 port 48512 ssh2
Jun 23 04:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Connection closed by 141.11.88.12 port 48512 [preauth]
Jun 23 04:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22923]: pam_unix(cron:session): session closed for user root
Jun 23 04:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Failed password for root from 141.11.88.12 port 36654 ssh2
Jun 23 04:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Connection closed by 141.11.88.12 port 36654 [preauth]
Jun 23 04:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: Invalid user jpg from 141.11.88.12
Jun 23 04:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: input_userauth_request: invalid user jpg [preauth]
Jun 23 04:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: Failed password for invalid user jpg from 141.11.88.12 port 36664 ssh2
Jun 23 04:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: Connection closed by 141.11.88.12 port 36664 [preauth]
Jun 23 04:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: Invalid user main from 141.11.88.12
Jun 23 04:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: input_userauth_request: invalid user main [preauth]
Jun 23 04:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: Failed password for invalid user main from 141.11.88.12 port 46786 ssh2
Jun 23 04:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: Connection closed by 141.11.88.12 port 46786 [preauth]
Jun 23 04:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: Invalid user sss from 141.11.88.12
Jun 23 04:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: input_userauth_request: invalid user sss [preauth]
Jun 23 04:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: Failed password for invalid user sss from 141.11.88.12 port 46816 ssh2
Jun 23 04:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: Connection closed by 141.11.88.12 port 46816 [preauth]
Jun 23 04:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Invalid user bob from 141.11.88.12
Jun 23 04:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: input_userauth_request: invalid user bob [preauth]
Jun 23 04:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Failed password for invalid user bob from 141.11.88.12 port 35692 ssh2
Jun 23 04:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Connection closed by 141.11.88.12 port 35692 [preauth]
Jun 23 04:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24349]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24406]: Successful su for rubyman by root
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24406]: + ??? root:rubyman
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575070 of user rubyman.
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24406]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575070.
Jun 23 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21396]: pam_unix(cron:session): session closed for user root
Jun 23 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: Failed password for root from 141.11.88.12 port 42512 ssh2
Jun 23 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: Connection closed by 141.11.88.12 port 42512 [preauth]
Jun 23 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24597]: Invalid user dstserver from 141.11.88.12
Jun 23 04:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24597]: input_userauth_request: invalid user dstserver [preauth]
Jun 23 04:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24597]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24597]: Failed password for invalid user dstserver from 141.11.88.12 port 42542 ssh2
Jun 23 04:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24597]: Connection closed by 141.11.88.12 port 42542 [preauth]
Jun 23 04:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: Invalid user anmol from 141.11.88.12
Jun 23 04:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: input_userauth_request: invalid user anmol [preauth]
Jun 23 04:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: Failed password for invalid user anmol from 141.11.88.12 port 64900 ssh2
Jun 23 04:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: Connection closed by 141.11.88.12 port 64900 [preauth]
Jun 23 04:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Failed password for root from 141.11.88.12 port 51278 ssh2
Jun 23 04:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Connection closed by 141.11.88.12 port 51278 [preauth]
Jun 23 04:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: Failed password for root from 144.225.187.123 port 53890 ssh2
Jun 23 04:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Invalid user claude from 141.11.88.12
Jun 23 04:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: input_userauth_request: invalid user claude [preauth]
Jun 23 04:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24639]: Connection closed by 144.225.187.123 port 53890 [preauth]
Jun 23 04:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Failed password for invalid user claude from 141.11.88.12 port 51312 ssh2
Jun 23 04:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Connection closed by 141.11.88.12 port 51312 [preauth]
Jun 23 04:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23367]: pam_unix(cron:session): session closed for user root
Jun 23 04:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Failed password for root from 141.11.88.12 port 19956 ssh2
Jun 23 04:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Connection closed by 141.11.88.12 port 19956 [preauth]
Jun 23 04:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: Failed password for invalid user ubuntu from 141.11.88.12 port 55970 ssh2
Jun 23 04:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24734]: Connection closed by 141.11.88.12 port 55970 [preauth]
Jun 23 04:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: Invalid user sales from 141.11.88.12
Jun 23 04:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: input_userauth_request: invalid user sales [preauth]
Jun 23 04:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: Failed password for invalid user sales from 141.11.88.12 port 56034 ssh2
Jun 23 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: Connection closed by 141.11.88.12 port 56034 [preauth]
Jun 23 04:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: Invalid user admin from 141.11.88.12
Jun 23 04:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: input_userauth_request: invalid user admin [preauth]
Jun 23 04:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: Failed password for invalid user admin from 141.11.88.12 port 52514 ssh2
Jun 23 04:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: Connection closed by 141.11.88.12 port 52514 [preauth]
Jun 23 04:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24797]: pam_unix(cron:session): session closed for user root
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24791]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24857]: Successful su for rubyman by root
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24857]: + ??? root:rubyman
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Invalid user arm from 141.11.88.12
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: input_userauth_request: invalid user arm [preauth]
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575073 of user rubyman.
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24857]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575073.
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Failed password for invalid user arm from 141.11.88.12 port 42098 ssh2
Jun 23 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Connection closed by 141.11.88.12 port 42098 [preauth]
Jun 23 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24794]: pam_unix(cron:session): session closed for user root
Jun 23 04:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21862]: pam_unix(cron:session): session closed for user root
Jun 23 04:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24793]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: Invalid user monitor from 141.11.88.12
Jun 23 04:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: input_userauth_request: invalid user monitor [preauth]
Jun 23 04:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: Failed password for invalid user monitor from 141.11.88.12 port 42122 ssh2
Jun 23 04:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: Connection closed by 141.11.88.12 port 42122 [preauth]
Jun 23 04:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: Invalid user admin from 141.11.88.12
Jun 23 04:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: input_userauth_request: invalid user admin [preauth]
Jun 23 04:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: Failed password for invalid user admin from 141.11.88.12 port 13622 ssh2
Jun 23 04:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: Connection closed by 141.11.88.12 port 13622 [preauth]
Jun 23 04:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: Failed password for root from 141.11.88.12 port 19706 ssh2
Jun 23 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: Connection closed by 141.11.88.12 port 19706 [preauth]
Jun 23 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Failed password for root from 193.24.211.107 port 4418 ssh2
Jun 23 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Received disconnect from 193.24.211.107 port 4418:11: Client disconnecting normally [preauth]
Jun 23 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Disconnected from 193.24.211.107 port 4418 [preauth]
Jun 23 04:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Invalid user debian from 141.11.88.12
Jun 23 04:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: input_userauth_request: invalid user debian [preauth]
Jun 23 04:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Failed password for invalid user debian from 141.11.88.12 port 19736 ssh2
Jun 23 04:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Connection closed by 141.11.88.12 port 19736 [preauth]
Jun 23 04:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: Failed password for root from 144.225.187.123 port 51614 ssh2
Jun 23 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23820]: pam_unix(cron:session): session closed for user root
Jun 23 04:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: Connection closed by 144.225.187.123 port 51614 [preauth]
Jun 23 04:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 04:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25147]: Invalid user ui from 141.11.88.12
Jun 23 04:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25147]: input_userauth_request: invalid user ui [preauth]
Jun 23 04:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25147]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: Failed password for root from 176.32.39.21 port 54458 ssh2
Jun 23 04:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: Connection closed by 176.32.39.21 port 54458 [preauth]
Jun 23 04:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25147]: Failed password for invalid user ui from 141.11.88.12 port 28422 ssh2
Jun 23 04:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25147]: Connection closed by 141.11.88.12 port 28422 [preauth]
Jun 23 04:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: Invalid user user from 141.11.88.12
Jun 23 04:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: input_userauth_request: invalid user user [preauth]
Jun 23 04:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: Failed password for invalid user user from 141.11.88.12 port 28466 ssh2
Jun 23 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: Connection closed by 141.11.88.12 port 28466 [preauth]
Jun 23 04:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: Invalid user www from 141.11.88.12
Jun 23 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: input_userauth_request: invalid user www [preauth]
Jun 23 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: Failed password for invalid user www from 141.11.88.12 port 54742 ssh2
Jun 23 04:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: Connection closed by 141.11.88.12 port 54742 [preauth]
Jun 23 04:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Invalid user postgres from 141.11.88.12
Jun 23 04:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: input_userauth_request: invalid user postgres [preauth]
Jun 23 04:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Failed password for invalid user postgres from 141.11.88.12 port 36432 ssh2
Jun 23 04:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Connection closed by 141.11.88.12 port 36432 [preauth]
Jun 23 04:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Invalid user odoo from 141.11.88.12
Jun 23 04:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: input_userauth_request: invalid user odoo [preauth]
Jun 23 04:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Failed password for invalid user odoo from 141.11.88.12 port 36456 ssh2
Jun 23 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25250]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Connection closed by 141.11.88.12 port 36456 [preauth]
Jun 23 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25314]: Successful su for rubyman by root
Jun 23 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25314]: + ??? root:rubyman
Jun 23 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575078 of user rubyman.
Jun 23 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25314]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575078.
Jun 23 04:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22462]: pam_unix(cron:session): session closed for user root
Jun 23 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: Invalid user ftpuser from 141.11.88.12
Jun 23 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25251]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: Failed password for invalid user ftpuser from 141.11.88.12 port 62702 ssh2
Jun 23 04:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: Connection closed by 141.11.88.12 port 62702 [preauth]
Jun 23 04:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25493]: Failed password for root from 144.225.187.123 port 58012 ssh2
Jun 23 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25493]: Connection closed by 144.225.187.123 port 58012 [preauth]
Jun 23 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Invalid user pi from 141.11.88.12
Jun 23 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: input_userauth_request: invalid user pi [preauth]
Jun 23 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Failed password for invalid user pi from 141.11.88.12 port 43228 ssh2
Jun 23 04:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Connection closed by 141.11.88.12 port 43228 [preauth]
Jun 23 04:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: Invalid user deploy from 141.11.88.12
Jun 23 04:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: input_userauth_request: invalid user deploy [preauth]
Jun 23 04:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: Failed password for invalid user deploy from 141.11.88.12 port 43288 ssh2
Jun 23 04:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: Connection closed by 141.11.88.12 port 43288 [preauth]
Jun 23 04:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25545]: Invalid user openclaw from 141.11.88.12
Jun 23 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25545]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25545]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25545]: Failed password for invalid user openclaw from 141.11.88.12 port 49128 ssh2
Jun 23 04:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25545]: Connection closed by 141.11.88.12 port 49128 [preauth]
Jun 23 04:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: Invalid user botuser from 141.11.88.12
Jun 23 04:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: input_userauth_request: invalid user botuser [preauth]
Jun 23 04:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: Failed password for invalid user botuser from 141.11.88.12 port 49156 ssh2
Jun 23 04:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: Connection closed by 141.11.88.12 port 49156 [preauth]
Jun 23 04:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session closed for user root
Jun 23 04:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: Failed password for root from 141.11.88.12 port 45542 ssh2
Jun 23 04:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: Connection closed by 141.11.88.12 port 45542 [preauth]
Jun 23 04:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: Invalid user kiran from 141.11.88.12
Jun 23 04:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: input_userauth_request: invalid user kiran [preauth]
Jun 23 04:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25610]: Failed password for root from 144.225.187.123 port 37000 ssh2
Jun 23 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: Failed password for invalid user kiran from 141.11.88.12 port 20100 ssh2
Jun 23 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: Connection closed by 141.11.88.12 port 20100 [preauth]
Jun 23 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25610]: Connection closed by 144.225.187.123 port 37000 [preauth]
Jun 23 04:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Invalid user telegram from 141.11.88.12
Jun 23 04:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: input_userauth_request: invalid user telegram [preauth]
Jun 23 04:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Failed password for invalid user telegram from 141.11.88.12 port 20144 ssh2
Jun 23 04:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Connection closed by 141.11.88.12 port 20144 [preauth]
Jun 23 04:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Invalid user hades from 141.11.88.12
Jun 23 04:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: input_userauth_request: invalid user hades [preauth]
Jun 23 04:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Failed password for invalid user hades from 141.11.88.12 port 16706 ssh2
Jun 23 04:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Connection closed by 141.11.88.12 port 16706 [preauth]
Jun 23 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25662]: pam_unix(cron:session): session closed for user root
Jun 23 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25728]: Successful su for rubyman by root
Jun 23 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25728]: + ??? root:rubyman
Jun 23 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575084 of user rubyman.
Jun 23 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25728]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575084.
Jun 23 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: Invalid user user from 141.11.88.12
Jun 23 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: input_userauth_request: invalid user user [preauth]
Jun 23 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22922]: pam_unix(cron:session): session closed for user root
Jun 23 04:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: Failed password for invalid user user from 141.11.88.12 port 11318 ssh2
Jun 23 04:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: Connection closed by 141.11.88.12 port 11318 [preauth]
Jun 23 04:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: Invalid user bob from 141.11.88.12
Jun 23 04:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: input_userauth_request: invalid user bob [preauth]
Jun 23 04:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: Failed password for invalid user bob from 141.11.88.12 port 11372 ssh2
Jun 23 04:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: Connection closed by 141.11.88.12 port 11372 [preauth]
Jun 23 04:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25921]: Received disconnect from 185.65.107.14 port 35856:11: disconnected by user [preauth]
Jun 23 04:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25921]: Disconnected from 185.65.107.14 port 35856 [preauth]
Jun 23 04:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25936]: Failed password for root from 141.11.88.12 port 15410 ssh2
Jun 23 04:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25936]: Connection closed by 141.11.88.12 port 15410 [preauth]
Jun 23 04:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Failed password for root from 144.225.187.123 port 56046 ssh2
Jun 23 04:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Connection closed by 144.225.187.123 port 56046 [preauth]
Jun 23 04:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: Invalid user yellow from 141.11.88.12
Jun 23 04:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: input_userauth_request: invalid user yellow [preauth]
Jun 23 04:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: Failed password for invalid user yellow from 141.11.88.12 port 37144 ssh2
Jun 23 04:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: Connection closed by 141.11.88.12 port 37144 [preauth]
Jun 23 04:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25981]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25981]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25981]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25981]: Failed password for invalid user ubuntu from 141.11.88.12 port 37176 ssh2
Jun 23 04:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25981]: Connection closed by 141.11.88.12 port 37176 [preauth]
Jun 23 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24796]: pam_unix(cron:session): session closed for user root
Jun 23 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: Invalid user testuser from 141.11.88.12
Jun 23 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: input_userauth_request: invalid user testuser [preauth]
Jun 23 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: Failed password for invalid user testuser from 141.11.88.12 port 41588 ssh2
Jun 23 04:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: Connection closed by 141.11.88.12 port 41588 [preauth]
Jun 23 04:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: Invalid user a1 from 141.11.88.12
Jun 23 04:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: input_userauth_request: invalid user a1 [preauth]
Jun 23 04:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: Failed password for invalid user a1 from 141.11.88.12 port 57782 ssh2
Jun 23 04:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: Connection closed by 141.11.88.12 port 57782 [preauth]
Jun 23 04:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: Invalid user audi from 141.11.88.12
Jun 23 04:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: input_userauth_request: invalid user audi [preauth]
Jun 23 04:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: Failed password for invalid user audi from 141.11.88.12 port 57804 ssh2
Jun 23 04:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: Connection closed by 141.11.88.12 port 57804 [preauth]
Jun 23 04:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26053]: Failed password for root from 144.225.187.123 port 39750 ssh2
Jun 23 04:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26053]: Connection closed by 144.225.187.123 port 39750 [preauth]
Jun 23 04:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Invalid user sysupdate from 141.11.88.12
Jun 23 04:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: input_userauth_request: invalid user sysupdate [preauth]
Jun 23 04:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Failed password for invalid user sysupdate from 141.11.88.12 port 51014 ssh2
Jun 23 04:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Connection closed by 141.11.88.12 port 51014 [preauth]
Jun 23 04:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: Invalid user claude from 141.11.88.12
Jun 23 04:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: input_userauth_request: invalid user claude [preauth]
Jun 23 04:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26076]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26140]: Successful su for rubyman by root
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26140]: + ??? root:rubyman
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575087 of user rubyman.
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26140]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575087.
Jun 23 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: Failed password for invalid user claude from 141.11.88.12 port 51056 ssh2
Jun 23 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: Connection closed by 141.11.88.12 port 51056 [preauth]
Jun 23 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23366]: pam_unix(cron:session): session closed for user root
Jun 23 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26077]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: Invalid user backend from 141.11.88.12
Jun 23 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: input_userauth_request: invalid user backend [preauth]
Jun 23 04:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: Failed password for invalid user backend from 141.11.88.12 port 59550 ssh2
Jun 23 04:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: Connection closed by 141.11.88.12 port 59550 [preauth]
Jun 23 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Invalid user anderson from 141.11.88.12
Jun 23 04:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: input_userauth_request: invalid user anderson [preauth]
Jun 23 04:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Failed password for invalid user anderson from 141.11.88.12 port 13028 ssh2
Jun 23 04:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Connection closed by 141.11.88.12 port 13028 [preauth]
Jun 23 04:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: Failed password for root from 141.11.88.12 port 13114 ssh2
Jun 23 04:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: Connection closed by 141.11.88.12 port 13114 [preauth]
Jun 23 04:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: User mysql from 144.225.187.123 not allowed because not listed in AllowUsers
Jun 23 04:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: input_userauth_request: invalid user mysql [preauth]
Jun 23 04:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=mysql
Jun 23 04:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Invalid user mostafa from 141.11.88.12
Jun 23 04:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: input_userauth_request: invalid user mostafa [preauth]
Jun 23 04:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Failed password for invalid user mysql from 144.225.187.123 port 34300 ssh2
Jun 23 04:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Connection closed by 144.225.187.123 port 34300 [preauth]
Jun 23 04:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Failed password for invalid user mostafa from 141.11.88.12 port 46804 ssh2
Jun 23 04:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Connection closed by 141.11.88.12 port 46804 [preauth]
Jun 23 04:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25253]: pam_unix(cron:session): session closed for user root
Jun 23 04:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26423]: Failed password for root from 141.11.88.12 port 63220 ssh2
Jun 23 04:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26423]: Connection closed by 141.11.88.12 port 63220 [preauth]
Jun 23 04:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: Failed password for invalid user ubuntu from 141.11.88.12 port 36068 ssh2
Jun 23 04:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: Connection closed by 141.11.88.12 port 36068 [preauth]
Jun 23 04:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26464]: Invalid user ts3server from 141.11.88.12
Jun 23 04:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26464]: input_userauth_request: invalid user ts3server [preauth]
Jun 23 04:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26464]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26464]: Failed password for invalid user ts3server from 141.11.88.12 port 36074 ssh2
Jun 23 04:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26464]: Connection closed by 141.11.88.12 port 36074 [preauth]
Jun 23 04:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26474]: Failed password for root from 141.11.88.12 port 13966 ssh2
Jun 23 04:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26474]: Connection closed by 141.11.88.12 port 13966 [preauth]
Jun 23 04:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: Invalid user test from 141.11.88.12
Jun 23 04:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: input_userauth_request: invalid user test [preauth]
Jun 23 04:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26500]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: Successful su for rubyman by root
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: + ??? root:rubyman
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575091 of user rubyman.
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575091.
Jun 23 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: Failed password for invalid user test from 141.11.88.12 port 13990 ssh2
Jun 23 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: Connection closed by 141.11.88.12 port 13990 [preauth]
Jun 23 04:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26489]: Invalid user ubuntu from 144.225.187.123
Jun 23 04:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26489]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26489]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23819]: pam_unix(cron:session): session closed for user root
Jun 23 04:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26489]: Failed password for invalid user ubuntu from 144.225.187.123 port 60074 ssh2
Jun 23 04:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26501]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26489]: Connection closed by 144.225.187.123 port 60074 [preauth]
Jun 23 04:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Invalid user dev from 141.11.88.12
Jun 23 04:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: input_userauth_request: invalid user dev [preauth]
Jun 23 04:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Failed password for invalid user dev from 141.11.88.12 port 54316 ssh2
Jun 23 04:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Connection closed by 141.11.88.12 port 54316 [preauth]
Jun 23 04:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26853]: Invalid user devops from 141.11.88.12
Jun 23 04:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26853]: input_userauth_request: invalid user devops [preauth]
Jun 23 04:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26853]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26853]: Failed password for invalid user devops from 141.11.88.12 port 38166 ssh2
Jun 23 04:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26853]: Connection closed by 141.11.88.12 port 38166 [preauth]
Jun 23 04:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26863]: Invalid user pi from 141.11.88.12
Jun 23 04:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26863]: input_userauth_request: invalid user pi [preauth]
Jun 23 04:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26863]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26863]: Failed password for invalid user pi from 141.11.88.12 port 55450 ssh2
Jun 23 04:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26863]: Connection closed by 141.11.88.12 port 55450 [preauth]
Jun 23 04:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Invalid user devops from 141.11.88.12
Jun 23 04:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: input_userauth_request: invalid user devops [preauth]
Jun 23 04:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Failed password for invalid user devops from 141.11.88.12 port 55502 ssh2
Jun 23 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Connection closed by 141.11.88.12 port 55502 [preauth]
Jun 23 04:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session closed for user root
Jun 23 04:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Invalid user kafka from 141.11.88.12
Jun 23 04:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: input_userauth_request: invalid user kafka [preauth]
Jun 23 04:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Failed password for invalid user kafka from 141.11.88.12 port 23300 ssh2
Jun 23 04:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Connection closed by 141.11.88.12 port 23300 [preauth]
Jun 23 04:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: Failed password for root from 144.225.187.123 port 35366 ssh2
Jun 23 04:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: Connection closed by 144.225.187.123 port 35366 [preauth]
Jun 23 04:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: Invalid user deploy from 141.11.88.12
Jun 23 04:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: input_userauth_request: invalid user deploy [preauth]
Jun 23 04:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: Failed password for invalid user deploy from 141.11.88.12 port 38100 ssh2
Jun 23 04:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: Connection closed by 141.11.88.12 port 38100 [preauth]
Jun 23 04:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: Invalid user steam from 141.11.88.12
Jun 23 04:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: input_userauth_request: invalid user steam [preauth]
Jun 23 04:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: Failed password for invalid user steam from 141.11.88.12 port 38188 ssh2
Jun 23 04:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: Connection closed by 141.11.88.12 port 38188 [preauth]
Jun 23 04:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26984]: Failed password for root from 141.11.88.12 port 12230 ssh2
Jun 23 04:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26984]: Connection closed by 141.11.88.12 port 12230 [preauth]
Jun 23 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27000]: pam_unix(cron:session): session closed for user root
Jun 23 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26995]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27066]: Successful su for rubyman by root
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27066]: + ??? root:rubyman
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575095 of user rubyman.
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27066]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575095.
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27055]: Invalid user amir from 141.11.88.12
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27055]: input_userauth_request: invalid user amir [preauth]
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27055]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session closed for user root
Jun 23 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26997]: pam_unix(cron:session): session closed for user root
Jun 23 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27055]: Failed password for invalid user amir from 141.11.88.12 port 46836 ssh2
Jun 23 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27055]: Connection closed by 141.11.88.12 port 46836 [preauth]
Jun 23 04:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26996]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Invalid user test from 141.11.88.12
Jun 23 04:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: input_userauth_request: invalid user test [preauth]
Jun 23 04:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Failed password for invalid user test from 141.11.88.12 port 46878 ssh2
Jun 23 04:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Connection closed by 141.11.88.12 port 46878 [preauth]
Jun 23 04:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27307]: Failed password for root from 144.225.187.123 port 39920 ssh2
Jun 23 04:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27307]: Connection closed by 144.225.187.123 port 39920 [preauth]
Jun 23 04:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: Invalid user game from 141.11.88.12
Jun 23 04:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: input_userauth_request: invalid user game [preauth]
Jun 23 04:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: Failed password for invalid user game from 141.11.88.12 port 34092 ssh2
Jun 23 04:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: Connection closed by 141.11.88.12 port 34092 [preauth]
Jun 23 04:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: Invalid user milad from 141.11.88.12
Jun 23 04:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: input_userauth_request: invalid user milad [preauth]
Jun 23 04:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: Failed password for invalid user milad from 141.11.88.12 port 34096 ssh2
Jun 23 04:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27333]: Connection closed by 141.11.88.12 port 34096 [preauth]
Jun 23 04:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: Invalid user jenkins from 141.11.88.12
Jun 23 04:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 04:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: Failed password for invalid user jenkins from 141.11.88.12 port 16766 ssh2
Jun 23 04:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: Connection closed by 141.11.88.12 port 16766 [preauth]
Jun 23 04:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26079]: pam_unix(cron:session): session closed for user root
Jun 23 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: Invalid user amit from 141.11.88.12
Jun 23 04:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: input_userauth_request: invalid user amit [preauth]
Jun 23 04:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: Failed password for invalid user amit from 141.11.88.12 port 49336 ssh2
Jun 23 04:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: Connection closed by 141.11.88.12 port 49336 [preauth]
Jun 23 04:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: Invalid user student from 141.11.88.12
Jun 23 04:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: input_userauth_request: invalid user student [preauth]
Jun 23 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: Failed password for invalid user student from 141.11.88.12 port 41690 ssh2
Jun 23 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: Connection closed by 141.11.88.12 port 41690 [preauth]
Jun 23 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27433]: Failed password for root from 144.225.187.123 port 37316 ssh2
Jun 23 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27433]: Connection closed by 144.225.187.123 port 37316 [preauth]
Jun 23 04:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: Failed password for root from 141.11.88.12 port 41708 ssh2
Jun 23 04:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: Connection closed by 141.11.88.12 port 41708 [preauth]
Jun 23 04:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: Invalid user odoo from 141.11.88.12
Jun 23 04:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: input_userauth_request: invalid user odoo [preauth]
Jun 23 04:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: Failed password for invalid user odoo from 141.11.88.12 port 12540 ssh2
Jun 23 04:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27453]: Connection closed by 141.11.88.12 port 12540 [preauth]
Jun 23 04:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: Invalid user odoo17 from 141.11.88.12
Jun 23 04:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: input_userauth_request: invalid user odoo17 [preauth]
Jun 23 04:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27469]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: Failed password for invalid user odoo17 from 141.11.88.12 port 12598 ssh2
Jun 23 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27544]: Successful su for rubyman by root
Jun 23 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27544]: + ??? root:rubyman
Jun 23 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575104 of user rubyman.
Jun 23 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27544]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575104.
Jun 23 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: Connection closed by 141.11.88.12 port 12598 [preauth]
Jun 23 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24795]: pam_unix(cron:session): session closed for user root
Jun 23 04:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27470]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Failed password for root from 141.11.88.12 port 33918 ssh2
Jun 23 04:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Connection closed by 141.11.88.12 port 33918 [preauth]
Jun 23 04:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27743]: Invalid user gituser from 141.11.88.12
Jun 23 04:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27743]: input_userauth_request: invalid user gituser [preauth]
Jun 23 04:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27743]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27743]: Failed password for invalid user gituser from 141.11.88.12 port 10402 ssh2
Jun 23 04:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27743]: Connection closed by 141.11.88.12 port 10402 [preauth]
Jun 23 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: Failed password for root from 141.11.88.12 port 10430 ssh2
Jun 23 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: Connection closed by 141.11.88.12 port 10430 [preauth]
Jun 23 04:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: Failed password for root from 141.11.88.12 port 29330 ssh2
Jun 23 04:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: Connection closed by 141.11.88.12 port 29330 [preauth]
Jun 23 04:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Failed password for root from 144.225.187.123 port 56466 ssh2
Jun 23 04:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Connection closed by 144.225.187.123 port 56466 [preauth]
Jun 23 04:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: Invalid user elasticsearch from 141.11.88.12
Jun 23 04:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 04:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: Failed password for invalid user elasticsearch from 141.11.88.12 port 29364 ssh2
Jun 23 04:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: Connection closed by 141.11.88.12 port 29364 [preauth]
Jun 23 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26503]: pam_unix(cron:session): session closed for user root
Jun 23 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27829]: Invalid user linux from 141.11.88.12
Jun 23 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27829]: input_userauth_request: invalid user linux [preauth]
Jun 23 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27829]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27829]: Failed password for invalid user linux from 141.11.88.12 port 27040 ssh2
Jun 23 04:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27829]: Connection closed by 141.11.88.12 port 27040 [preauth]
Jun 23 04:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Failed password for root from 141.11.88.12 port 27054 ssh2
Jun 23 04:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Connection closed by 141.11.88.12 port 27054 [preauth]
Jun 23 04:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Invalid user admin from 2.57.121.25
Jun 23 04:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: input_userauth_request: invalid user admin [preauth]
Jun 23 04:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 04:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Failed password for invalid user admin from 2.57.121.25 port 29768 ssh2
Jun 23 04:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Failed password for invalid user admin from 2.57.121.25 port 29768 ssh2
Jun 23 04:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Invalid user ftptest from 141.11.88.12
Jun 23 04:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: input_userauth_request: invalid user ftptest [preauth]
Jun 23 04:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Failed password for invalid user admin from 2.57.121.25 port 29768 ssh2
Jun 23 04:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Connection closed by 2.57.121.25 port 29768 [preauth]
Jun 23 04:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 04:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Failed password for invalid user ftptest from 141.11.88.12 port 18528 ssh2
Jun 23 04:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Connection closed by 141.11.88.12 port 18528 [preauth]
Jun 23 04:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Failed password for root from 141.11.88.12 port 45082 ssh2
Jun 23 04:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Connection closed by 141.11.88.12 port 45082 [preauth]
Jun 23 04:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: Invalid user operator from 141.11.88.12
Jun 23 04:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: input_userauth_request: invalid user operator [preauth]
Jun 23 04:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27898]: Failed password for root from 144.225.187.123 port 60698 ssh2
Jun 23 04:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27898]: Connection closed by 144.225.187.123 port 60698 [preauth]
Jun 23 04:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: Failed password for invalid user operator from 141.11.88.12 port 45100 ssh2
Jun 23 04:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: Connection closed by 141.11.88.12 port 45100 [preauth]
Jun 23 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27912]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: Successful su for rubyman by root
Jun 23 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: + ??? root:rubyman
Jun 23 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575106 of user rubyman.
Jun 23 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575106.
Jun 23 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25252]: pam_unix(cron:session): session closed for user root
Jun 23 04:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Failed password for invalid user ubuntu from 141.11.88.12 port 44250 ssh2
Jun 23 04:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Connection closed by 141.11.88.12 port 44250 [preauth]
Jun 23 04:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27913]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Invalid user pi from 141.11.88.12
Jun 23 04:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: input_userauth_request: invalid user pi [preauth]
Jun 23 04:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Failed password for invalid user pi from 141.11.88.12 port 44266 ssh2
Jun 23 04:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Connection closed by 141.11.88.12 port 44266 [preauth]
Jun 23 04:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Invalid user ethan from 141.11.88.12
Jun 23 04:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: input_userauth_request: invalid user ethan [preauth]
Jun 23 04:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Failed password for invalid user ethan from 141.11.88.12 port 36514 ssh2
Jun 23 04:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Connection closed by 141.11.88.12 port 36514 [preauth]
Jun 23 04:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28265]: Invalid user ubuntu from 141.11.88.12
Jun 23 04:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28265]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28265]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 04:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28265]: Failed password for invalid user ubuntu from 141.11.88.12 port 36534 ssh2
Jun 23 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28265]: Connection closed by 141.11.88.12 port 36534 [preauth]
Jun 23 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Failed password for root from 87.251.79.125 port 41452 ssh2
Jun 23 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Connection closed by 87.251.79.125 port 41452 [preauth]
Jun 23 04:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: Invalid user matt from 141.11.88.12
Jun 23 04:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: input_userauth_request: invalid user matt [preauth]
Jun 23 04:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: Failed password for invalid user matt from 141.11.88.12 port 58688 ssh2
Jun 23 04:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: Connection closed by 141.11.88.12 port 58688 [preauth]
Jun 23 04:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: Invalid user pds from 141.11.88.12
Jun 23 04:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: input_userauth_request: invalid user pds [preauth]
Jun 23 04:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: Failed password for invalid user pds from 141.11.88.12 port 58722 ssh2
Jun 23 04:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: Connection closed by 141.11.88.12 port 58722 [preauth]
Jun 23 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Failed password for root from 144.225.187.123 port 34836 ssh2
Jun 23 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26999]: pam_unix(cron:session): session closed for user root
Jun 23 04:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Connection closed by 144.225.187.123 port 34836 [preauth]
Jun 23 04:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Invalid user azureuser from 141.11.88.12
Jun 23 04:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 04:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Failed password for invalid user azureuser from 141.11.88.12 port 60814 ssh2
Jun 23 04:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Connection closed by 141.11.88.12 port 60814 [preauth]
Jun 23 04:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Invalid user rdpuser from 141.11.88.12
Jun 23 04:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 04:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12
Jun 23 04:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Failed password for invalid user rdpuser from 141.11.88.12 port 36438 ssh2
Jun 23 04:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Connection closed by 141.11.88.12 port 36438 [preauth]
Jun 23 04:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.11.88.12  user=root
Jun 23 04:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: Failed password for root from 141.11.88.12 port 36504 ssh2
Jun 23 04:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: Connection closed by 141.11.88.12 port 36504 [preauth]
Jun 23 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28453]: Successful su for rubyman by root
Jun 23 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28453]: + ??? root:rubyman
Jun 23 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575110 of user rubyman.
Jun 23 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28453]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575110.
Jun 23 04:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session closed for user root
Jun 23 04:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28392]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: Invalid user user01 from 144.225.187.123
Jun 23 04:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: input_userauth_request: invalid user user01 [preauth]
Jun 23 04:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: Failed password for invalid user user01 from 144.225.187.123 port 47668 ssh2
Jun 23 04:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: Connection closed by 144.225.187.123 port 47668 [preauth]
Jun 23 04:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 04:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Failed password for root from 62.133.62.83 port 51454 ssh2
Jun 23 04:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Connection closed by 62.133.62.83 port 51454 [preauth]
Jun 23 04:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session closed for user root
Jun 23 04:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Failed password for root from 144.225.187.123 port 51262 ssh2
Jun 23 04:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Connection closed by 144.225.187.123 port 51262 [preauth]
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28898]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28962]: Successful su for rubyman by root
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28962]: + ??? root:rubyman
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575113 of user rubyman.
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28962]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575113.
Jun 23 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26078]: pam_unix(cron:session): session closed for user root
Jun 23 04:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28899]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: Failed password for root from 144.225.187.123 port 56128 ssh2
Jun 23 04:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: Connection closed by 144.225.187.123 port 56128 [preauth]
Jun 23 04:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session closed for user root
Jun 23 04:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: Invalid user user1 from 144.225.187.123
Jun 23 04:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: input_userauth_request: invalid user user1 [preauth]
Jun 23 04:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: Failed password for invalid user user1 from 144.225.187.123 port 60922 ssh2
Jun 23 04:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: Connection closed by 144.225.187.123 port 60922 [preauth]
Jun 23 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29333]: pam_unix(cron:session): session closed for user root
Jun 23 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29328]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29400]: Successful su for rubyman by root
Jun 23 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29400]: + ??? root:rubyman
Jun 23 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575120 of user rubyman.
Jun 23 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29400]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575120.
Jun 23 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26502]: pam_unix(cron:session): session closed for user root
Jun 23 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29330]: pam_unix(cron:session): session closed for user root
Jun 23 04:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29329]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: Invalid user user from 144.225.187.123
Jun 23 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: input_userauth_request: invalid user user [preauth]
Jun 23 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: Failed password for invalid user user from 144.225.187.123 port 35124 ssh2
Jun 23 04:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: Connection closed by 144.225.187.123 port 35124 [preauth]
Jun 23 04:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28395]: pam_unix(cron:session): session closed for user root
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29895]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29965]: Successful su for rubyman by root
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29965]: + ??? root:rubyman
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575124 of user rubyman.
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29965]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575124.
Jun 23 04:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26998]: pam_unix(cron:session): session closed for user root
Jun 23 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29900]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30103]: Invalid user ubuntu from 144.225.187.123
Jun 23 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30103]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30103]: Failed password for invalid user ubuntu from 144.225.187.123 port 45642 ssh2
Jun 23 04:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30103]: Connection closed by 144.225.187.123 port 45642 [preauth]
Jun 23 04:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28902]: pam_unix(cron:session): session closed for user root
Jun 23 04:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: Failed password for root from 144.225.187.123 port 36096 ssh2
Jun 23 04:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: Connection closed by 144.225.187.123 port 36096 [preauth]
Jun 23 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30321]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30380]: Successful su for rubyman by root
Jun 23 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30380]: + ??? root:rubyman
Jun 23 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575127 of user rubyman.
Jun 23 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30380]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575127.
Jun 23 04:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27471]: pam_unix(cron:session): session closed for user root
Jun 23 04:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30322]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Failed password for root from 144.225.187.123 port 53466 ssh2
Jun 23 04:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Connection closed by 144.225.187.123 port 53466 [preauth]
Jun 23 04:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29332]: pam_unix(cron:session): session closed for user root
Jun 23 04:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: Failed password for root from 144.225.187.123 port 39208 ssh2
Jun 23 04:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: Connection closed by 144.225.187.123 port 39208 [preauth]
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30738]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: Successful su for rubyman by root
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: + ??? root:rubyman
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575132 of user rubyman.
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575132.
Jun 23 04:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session closed for user root
Jun 23 04:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Failed password for root from 144.225.187.123 port 37158 ssh2
Jun 23 04:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Connection closed by 144.225.187.123 port 37158 [preauth]
Jun 23 04:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29902]: pam_unix(cron:session): session closed for user root
Jun 23 04:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31250]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: Successful su for rubyman by root
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: + ??? root:rubyman
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575137 of user rubyman.
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575137.
Jun 23 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: Failed password for root from 144.225.187.123 port 41264 ssh2
Jun 23 04:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: Connection closed by 144.225.187.123 port 41264 [preauth]
Jun 23 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28394]: pam_unix(cron:session): session closed for user root
Jun 23 04:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31251]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30324]: pam_unix(cron:session): session closed for user root
Jun 23 04:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: Failed password for root from 144.225.187.123 port 48934 ssh2
Jun 23 04:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: Connection closed by 144.225.187.123 port 48934 [preauth]
Jun 23 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31756]: pam_unix(cron:session): session closed for user root
Jun 23 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31824]: Successful su for rubyman by root
Jun 23 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31824]: + ??? root:rubyman
Jun 23 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575142 of user rubyman.
Jun 23 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31824]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575142.
Jun 23 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28901]: pam_unix(cron:session): session closed for user root
Jun 23 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session closed for user root
Jun 23 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31751]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: Failed password for root from 144.225.187.123 port 43794 ssh2
Jun 23 04:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: Connection closed by 144.225.187.123 port 43794 [preauth]
Jun 23 04:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30738]: pam_unix(cron:session): session closed for user root
Jun 23 04:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Connection closed by 194.59.206.2 port 63848 [preauth]
Jun 23 04:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: Failed password for root from 144.225.187.123 port 47610 ssh2
Jun 23 04:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: Connection closed by 144.225.187.123 port 47610 [preauth]
Jun 23 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32206]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32269]: Successful su for rubyman by root
Jun 23 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32269]: + ??? root:rubyman
Jun 23 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575145 of user rubyman.
Jun 23 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32269]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575145.
Jun 23 04:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29331]: pam_unix(cron:session): session closed for user root
Jun 23 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32207]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 04:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Failed password for root from 77.94.47.83 port 46612 ssh2
Jun 23 04:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Connection closed by 77.94.47.83 port 46612 [preauth]
Jun 23 04:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 04:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: Failed password for root from 193.24.211.107 port 24504 ssh2
Jun 23 04:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: Received disconnect from 193.24.211.107 port 24504:11: Client disconnecting normally [preauth]
Jun 23 04:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: Disconnected from 193.24.211.107 port 24504 [preauth]
Jun 23 04:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: Invalid user prueba from 144.225.187.123
Jun 23 04:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: input_userauth_request: invalid user prueba [preauth]
Jun 23 04:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: Failed password for invalid user prueba from 144.225.187.123 port 60012 ssh2
Jun 23 04:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: Connection closed by 144.225.187.123 port 60012 [preauth]
Jun 23 04:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31253]: pam_unix(cron:session): session closed for user root
Jun 23 04:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: Invalid user what from 144.225.187.123
Jun 23 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: input_userauth_request: invalid user what [preauth]
Jun 23 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: Failed password for invalid user what from 144.225.187.123 port 54332 ssh2
Jun 23 04:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: Connection closed by 144.225.187.123 port 54332 [preauth]
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32624]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32690]: Successful su for rubyman by root
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32690]: + ??? root:rubyman
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575149 of user rubyman.
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32690]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575149.
Jun 23 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29901]: pam_unix(cron:session): session closed for user root
Jun 23 04:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: Received disconnect from 209.90.232.249 port 53238:11: disconnected by user [preauth]
Jun 23 04:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: Disconnected from 209.90.232.249 port 53238 [preauth]
Jun 23 04:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Invalid user samba from 144.225.187.123
Jun 23 04:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: input_userauth_request: invalid user samba [preauth]
Jun 23 04:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Failed password for invalid user samba from 144.225.187.123 port 56212 ssh2
Jun 23 04:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Connection closed by 144.225.187.123 port 56212 [preauth]
Jun 23 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session closed for user root
Jun 23 04:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Failed password for root from 45.148.10.121 port 50984 ssh2
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Connection closed by 45.148.10.121 port 50984 [preauth]
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[718]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[783]: Successful su for rubyman by root
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[783]: + ??? root:rubyman
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575153 of user rubyman.
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[783]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575153.
Jun 23 04:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30323]: pam_unix(cron:session): session closed for user root
Jun 23 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[719]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Failed password for root from 144.225.187.123 port 38700 ssh2
Jun 23 04:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Connection closed by 144.225.187.123 port 38700 [preauth]
Jun 23 04:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Invalid user admin from 193.46.255.86
Jun 23 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: input_userauth_request: invalid user admin [preauth]
Jun 23 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 04:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Failed password for invalid user admin from 193.46.255.86 port 11060 ssh2
Jun 23 04:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Failed password for invalid user admin from 193.46.255.86 port 11060 ssh2
Jun 23 04:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Failed password for invalid user admin from 193.46.255.86 port 11060 ssh2
Jun 23 04:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Connection closed by 193.46.255.86 port 11060 [preauth]
Jun 23 04:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 04:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32209]: pam_unix(cron:session): session closed for user root
Jun 23 04:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Failed password for root from 144.225.187.123 port 56350 ssh2
Jun 23 04:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Connection closed by 144.225.187.123 port 56350 [preauth]
Jun 23 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1175]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1242]: Successful su for rubyman by root
Jun 23 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1242]: + ??? root:rubyman
Jun 23 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575157 of user rubyman.
Jun 23 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1242]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575157.
Jun 23 04:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30737]: pam_unix(cron:session): session closed for user root
Jun 23 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1176]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Invalid user genaro from 141.98.83.240
Jun 23 04:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: input_userauth_request: invalid user genaro [preauth]
Jun 23 04:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 04:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Failed password for root from 144.225.187.123 port 59606 ssh2
Jun 23 04:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Connection closed by 144.225.187.123 port 59606 [preauth]
Jun 23 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Failed password for invalid user genaro from 141.98.83.240 port 25794 ssh2
Jun 23 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Failed password for invalid user genaro from 141.98.83.240 port 25794 ssh2
Jun 23 04:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Failed password for invalid user genaro from 141.98.83.240 port 25794 ssh2
Jun 23 04:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Connection closed by 141.98.83.240 port 25794 [preauth]
Jun 23 04:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32627]: pam_unix(cron:session): session closed for user root
Jun 23 04:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 04:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: Failed password for root from 144.225.187.123 port 41750 ssh2
Jun 23 04:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: Failed password for root from 51.250.105.222 port 59946 ssh2
Jun 23 04:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: Connection closed by 51.250.105.222 port 59946 [preauth]
Jun 23 04:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: Connection closed by 144.225.187.123 port 41750 [preauth]
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1747]: pam_unix(cron:session): session closed for user root
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1741]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1814]: Successful su for rubyman by root
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1814]: + ??? root:rubyman
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575164 of user rubyman.
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1814]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575164.
Jun 23 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1743]: pam_unix(cron:session): session closed for user root
Jun 23 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31252]: pam_unix(cron:session): session closed for user root
Jun 23 04:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1742]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2140]: Failed password for root from 144.225.187.123 port 58784 ssh2
Jun 23 04:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2140]: Connection closed by 144.225.187.123 port 58784 [preauth]
Jun 23 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[721]: pam_unix(cron:session): session closed for user root
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2256]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2252]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2331]: Successful su for rubyman by root
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2331]: + ??? root:rubyman
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575167 of user rubyman.
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2331]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575167.
Jun 23 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: Invalid user music from 144.225.187.123
Jun 23 04:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: input_userauth_request: invalid user music [preauth]
Jun 23 04:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session closed for user root
Jun 23 04:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2254]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: Failed password for invalid user music from 144.225.187.123 port 44200 ssh2
Jun 23 04:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: Connection closed by 144.225.187.123 port 44200 [preauth]
Jun 23 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1178]: pam_unix(cron:session): session closed for user root
Jun 23 04:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Invalid user ftpuser from 144.225.187.123
Jun 23 04:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 04:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Failed password for invalid user ftpuser from 144.225.187.123 port 39418 ssh2
Jun 23 04:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Connection closed by 144.225.187.123 port 39418 [preauth]
Jun 23 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2680]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2750]: Successful su for rubyman by root
Jun 23 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2750]: + ??? root:rubyman
Jun 23 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575171 of user rubyman.
Jun 23 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2750]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575171.
Jun 23 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32208]: pam_unix(cron:session): session closed for user root
Jun 23 04:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2681]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Invalid user download from 144.225.187.123
Jun 23 04:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: input_userauth_request: invalid user download [preauth]
Jun 23 04:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Failed password for invalid user download from 144.225.187.123 port 58462 ssh2
Jun 23 04:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Connection closed by 144.225.187.123 port 58462 [preauth]
Jun 23 04:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session closed for user root
Jun 23 04:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: Failed password for root from 144.225.187.123 port 47710 ssh2
Jun 23 04:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: Connection closed by 144.225.187.123 port 47710 [preauth]
Jun 23 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3081]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3147]: Successful su for rubyman by root
Jun 23 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3147]: + ??? root:rubyman
Jun 23 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575177 of user rubyman.
Jun 23 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3147]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575177.
Jun 23 04:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session closed for user root
Jun 23 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3082]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Failed password for root from 144.225.187.123 port 58620 ssh2
Jun 23 04:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Connection closed by 144.225.187.123 port 58620 [preauth]
Jun 23 04:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2256]: pam_unix(cron:session): session closed for user root
Jun 23 04:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3486]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3610]: Successful su for rubyman by root
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3610]: + ??? root:rubyman
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575182 of user rubyman.
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3610]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575182.
Jun 23 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3484]: pam_unix(cron:session): session closed for user root
Jun 23 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: Failed password for root from 144.225.187.123 port 36312 ssh2
Jun 23 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: Connection closed by 144.225.187.123 port 36312 [preauth]
Jun 23 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[720]: pam_unix(cron:session): session closed for user root
Jun 23 04:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3487]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2683]: pam_unix(cron:session): session closed for user root
Jun 23 04:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Failed password for root from 144.225.187.123 port 59906 ssh2
Jun 23 04:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Connection closed by 144.225.187.123 port 59906 [preauth]
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session closed for user root
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4250]: Successful su for rubyman by root
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4250]: + ??? root:rubyman
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575184 of user rubyman.
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4250]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575184.
Jun 23 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session closed for user root
Jun 23 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1177]: pam_unix(cron:session): session closed for user root
Jun 23 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Invalid user developer from 144.225.187.123
Jun 23 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: input_userauth_request: invalid user developer [preauth]
Jun 23 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Failed password for invalid user developer from 144.225.187.123 port 33292 ssh2
Jun 23 04:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Connection closed by 144.225.187.123 port 33292 [preauth]
Jun 23 04:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3084]: pam_unix(cron:session): session closed for user root
Jun 23 04:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Invalid user user2 from 144.225.187.123
Jun 23 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: input_userauth_request: invalid user user2 [preauth]
Jun 23 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Failed password for invalid user user2 from 144.225.187.123 port 42788 ssh2
Jun 23 04:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Connection closed by 144.225.187.123 port 42788 [preauth]
Jun 23 04:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4616]: Received disconnect from 50.6.197.105 port 46660:11: disconnected by user [preauth]
Jun 23 04:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4616]: Disconnected from 50.6.197.105 port 46660 [preauth]
Jun 23 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4692]: Successful su for rubyman by root
Jun 23 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4692]: + ??? root:rubyman
Jun 23 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575190 of user rubyman.
Jun 23 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4692]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575190.
Jun 23 04:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session closed for user root
Jun 23 04:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4620]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Failed password for root from 144.225.187.123 port 47952 ssh2
Jun 23 04:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Connection closed by 144.225.187.123 port 47952 [preauth]
Jun 23 04:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3489]: pam_unix(cron:session): session closed for user root
Jun 23 04:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5129]: Failed password for root from 144.225.187.123 port 39706 ssh2
Jun 23 04:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5129]: Connection closed by 144.225.187.123 port 39706 [preauth]
Jun 23 04:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 04:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5131]: Failed password for root from 202.178.126.219 port 6986 ssh2
Jun 23 04:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5131]: Connection closed by 202.178.126.219 port 6986 [preauth]
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5151]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5215]: Successful su for rubyman by root
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5215]: + ??? root:rubyman
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575195 of user rubyman.
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5215]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575195.
Jun 23 04:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2255]: pam_unix(cron:session): session closed for user root
Jun 23 04:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5152]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5476]: Failed password for root from 144.225.187.123 port 53396 ssh2
Jun 23 04:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5476]: Connection closed by 144.225.187.123 port 53396 [preauth]
Jun 23 04:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4179]: pam_unix(cron:session): session closed for user root
Jun 23 04:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 04:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Failed password for root from 193.37.70.224 port 34360 ssh2
Jun 23 04:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Connection closed by 193.37.70.224 port 34360 [preauth]
Jun 23 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5564]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5624]: Successful su for rubyman by root
Jun 23 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5624]: + ??? root:rubyman
Jun 23 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575198 of user rubyman.
Jun 23 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5624]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575198.
Jun 23 04:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2682]: pam_unix(cron:session): session closed for user root
Jun 23 04:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5565]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Invalid user pi from 144.225.187.123
Jun 23 04:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: input_userauth_request: invalid user pi [preauth]
Jun 23 04:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Failed password for invalid user pi from 144.225.187.123 port 38166 ssh2
Jun 23 04:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Connection closed by 144.225.187.123 port 38166 [preauth]
Jun 23 04:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4622]: pam_unix(cron:session): session closed for user root
Jun 23 04:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5904]: Invalid user 0 from 144.225.187.123
Jun 23 04:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5904]: input_userauth_request: invalid user 0 [preauth]
Jun 23 04:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5904]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5904]: Failed password for invalid user 0 from 144.225.187.123 port 60844 ssh2
Jun 23 04:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5904]: Connection closed by 144.225.187.123 port 60844 [preauth]
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6011]: Successful su for rubyman by root
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6011]: + ??? root:rubyman
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575202 of user rubyman.
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6011]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575202.
Jun 23 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3083]: pam_unix(cron:session): session closed for user root
Jun 23 04:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Invalid user steam from 144.225.187.123
Jun 23 04:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: input_userauth_request: invalid user steam [preauth]
Jun 23 04:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Failed password for invalid user steam from 144.225.187.123 port 56596 ssh2
Jun 23 04:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Connection closed by 144.225.187.123 port 56596 [preauth]
Jun 23 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5154]: pam_unix(cron:session): session closed for user root
Jun 23 04:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Failed password for root from 144.225.187.123 port 59098 ssh2
Jun 23 04:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Connection closed by 144.225.187.123 port 59098 [preauth]
Jun 23 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6358]: pam_unix(cron:session): session closed for user root
Jun 23 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6353]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6420]: Successful su for rubyman by root
Jun 23 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6420]: + ??? root:rubyman
Jun 23 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575210 of user rubyman.
Jun 23 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6420]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575210.
Jun 23 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session closed for user root
Jun 23 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3488]: pam_unix(cron:session): session closed for user root
Jun 23 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6354]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Failed password for root from 144.225.187.123 port 59918 ssh2
Jun 23 04:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Connection closed by 144.225.187.123 port 59918 [preauth]
Jun 23 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5567]: pam_unix(cron:session): session closed for user root
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6862]: Successful su for rubyman by root
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6862]: + ??? root:rubyman
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575212 of user rubyman.
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6862]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575212.
Jun 23 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4178]: pam_unix(cron:session): session closed for user root
Jun 23 04:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Failed password for root from 144.225.187.123 port 40660 ssh2
Jun 23 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Connection closed by 144.225.187.123 port 40660 [preauth]
Jun 23 04:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6796]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5955]: pam_unix(cron:session): session closed for user root
Jun 23 04:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 04:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7244]: Failed password for root from 103.77.175.15 port 37848 ssh2
Jun 23 04:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7244]: Connection closed by 103.77.175.15 port 37848 [preauth]
Jun 23 04:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: Failed password for root from 144.225.187.123 port 48370 ssh2
Jun 23 04:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: Connection closed by 144.225.187.123 port 48370 [preauth]
Jun 23 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7294]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7356]: Successful su for rubyman by root
Jun 23 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7356]: + ??? root:rubyman
Jun 23 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575216 of user rubyman.
Jun 23 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7356]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575216.
Jun 23 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4621]: pam_unix(cron:session): session closed for user root
Jun 23 04:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7296]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: Failed password for root from 144.225.187.123 port 45068 ssh2
Jun 23 04:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: Connection closed by 144.225.187.123 port 45068 [preauth]
Jun 23 04:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 04:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Failed password for root from 193.24.211.107 port 40958 ssh2
Jun 23 04:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Received disconnect from 193.24.211.107 port 40958:11: Client disconnecting normally [preauth]
Jun 23 04:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Disconnected from 193.24.211.107 port 40958 [preauth]
Jun 23 04:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6357]: pam_unix(cron:session): session closed for user root
Jun 23 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: Failed password for root from 144.225.187.123 port 46018 ssh2
Jun 23 04:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: Connection closed by 144.225.187.123 port 46018 [preauth]
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7794]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7852]: Successful su for rubyman by root
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7852]: + ??? root:rubyman
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575220 of user rubyman.
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7852]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575220.
Jun 23 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5153]: pam_unix(cron:session): session closed for user root
Jun 23 04:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7795]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8068]: Invalid user hadoop from 144.225.187.123
Jun 23 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8068]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8068]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8066]: Failed password for root from 38.93.206.2 port 43596 ssh2
Jun 23 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8066]: Connection closed by 38.93.206.2 port 43596 [preauth]
Jun 23 04:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8068]: Failed password for invalid user hadoop from 144.225.187.123 port 57806 ssh2
Jun 23 04:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8068]: Connection closed by 144.225.187.123 port 57806 [preauth]
Jun 23 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6798]: pam_unix(cron:session): session closed for user root
Jun 23 04:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 04:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8130]: Failed password for root from 109.237.96.109 port 36402 ssh2
Jun 23 04:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8130]: Connection closed by 109.237.96.109 port 36402 [preauth]
Jun 23 04:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 04:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8142]: Failed password for root from 103.153.68.219 port 46320 ssh2
Jun 23 04:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8142]: Connection closed by 103.153.68.219 port 46320 [preauth]
Jun 23 04:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Invalid user ahmed from 144.225.187.123
Jun 23 04:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: input_userauth_request: invalid user ahmed [preauth]
Jun 23 04:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Failed password for invalid user ahmed from 144.225.187.123 port 60266 ssh2
Jun 23 04:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Connection closed by 144.225.187.123 port 60266 [preauth]
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8194]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8255]: Successful su for rubyman by root
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8255]: + ??? root:rubyman
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575225 of user rubyman.
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8255]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575225.
Jun 23 04:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5566]: pam_unix(cron:session): session closed for user root
Jun 23 04:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8195]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8499]: Invalid user web from 144.225.187.123
Jun 23 04:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8499]: input_userauth_request: invalid user web [preauth]
Jun 23 04:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8499]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7298]: pam_unix(cron:session): session closed for user root
Jun 23 04:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8499]: Failed password for invalid user web from 144.225.187.123 port 36558 ssh2
Jun 23 04:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8499]: Connection closed by 144.225.187.123 port 36558 [preauth]
Jun 23 04:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 04:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: Failed password for root from 194.113.233.25 port 54768 ssh2
Jun 23 04:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: Connection closed by 194.113.233.25 port 54768 [preauth]
Jun 23 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8598]: pam_unix(cron:session): session closed for user root
Jun 23 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8660]: Successful su for rubyman by root
Jun 23 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8660]: + ??? root:rubyman
Jun 23 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575229 of user rubyman.
Jun 23 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8660]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575229.
Jun 23 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session closed for user root
Jun 23 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session closed for user root
Jun 23 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8594]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: Invalid user super from 144.225.187.123
Jun 23 04:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: input_userauth_request: invalid user super [preauth]
Jun 23 04:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: Failed password for invalid user super from 144.225.187.123 port 52910 ssh2
Jun 23 04:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: Connection closed by 144.225.187.123 port 52910 [preauth]
Jun 23 04:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7798]: pam_unix(cron:session): session closed for user root
Jun 23 04:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: Failed password for root from 144.225.187.123 port 59954 ssh2
Jun 23 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: Connection closed by 144.225.187.123 port 59954 [preauth]
Jun 23 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: Successful su for rubyman by root
Jun 23 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: + ??? root:rubyman
Jun 23 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575235 of user rubyman.
Jun 23 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575235.
Jun 23 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6356]: pam_unix(cron:session): session closed for user root
Jun 23 04:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: Failed password for root from 144.225.187.123 port 46038 ssh2
Jun 23 04:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: Connection closed by 144.225.187.123 port 46038 [preauth]
Jun 23 04:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8197]: pam_unix(cron:session): session closed for user root
Jun 23 04:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Failed password for root from 144.225.187.123 port 54524 ssh2
Jun 23 04:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Connection closed by 144.225.187.123 port 54524 [preauth]
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9419]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: Successful su for rubyman by root
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: + ??? root:rubyman
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575238 of user rubyman.
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575238.
Jun 23 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6797]: pam_unix(cron:session): session closed for user root
Jun 23 04:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Failed password for root from 144.225.187.123 port 45390 ssh2
Jun 23 04:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Connection closed by 144.225.187.123 port 45390 [preauth]
Jun 23 04:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8597]: pam_unix(cron:session): session closed for user root
Jun 23 04:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: Successful su for rubyman by root
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: + ??? root:rubyman
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575243 of user rubyman.
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575243.
Jun 23 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9810]: Failed password for root from 144.225.187.123 port 35548 ssh2
Jun 23 04:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9810]: Connection closed by 144.225.187.123 port 35548 [preauth]
Jun 23 04:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7297]: pam_unix(cron:session): session closed for user root
Jun 23 04:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session closed for user root
Jun 23 04:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10412]: Invalid user ftpuser from 144.225.187.123
Jun 23 04:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10412]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 04:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10412]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10412]: Failed password for invalid user ftpuser from 144.225.187.123 port 42260 ssh2
Jun 23 04:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10412]: Connection closed by 144.225.187.123 port 42260 [preauth]
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10547]: Successful su for rubyman by root
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10547]: + ??? root:rubyman
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575246 of user rubyman.
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10547]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575246.
Jun 23 04:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7797]: pam_unix(cron:session): session closed for user root
Jun 23 04:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10485]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: Invalid user user from 144.225.187.123
Jun 23 04:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: input_userauth_request: invalid user user [preauth]
Jun 23 04:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 04:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: Failed password for invalid user user from 144.225.187.123 port 43634 ssh2
Jun 23 04:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Failed password for root from 103.27.238.120 port 37022 ssh2
Jun 23 04:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10742]: Connection closed by 144.225.187.123 port 43634 [preauth]
Jun 23 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Connection closed by 103.27.238.120 port 37022 [preauth]
Jun 23 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9422]: pam_unix(cron:session): session closed for user root
Jun 23 04:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Invalid user ubuntu from 144.225.187.123
Jun 23 04:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 04:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Failed password for invalid user ubuntu from 144.225.187.123 port 44810 ssh2
Jun 23 04:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Connection closed by 144.225.187.123 port 44810 [preauth]
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10913]: pam_unix(cron:session): session closed for user root
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10984]: Successful su for rubyman by root
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10984]: + ??? root:rubyman
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575254 of user rubyman.
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10984]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575254.
Jun 23 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session closed for user root
Jun 23 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8196]: pam_unix(cron:session): session closed for user root
Jun 23 04:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: Received disconnect from 208.115.214.194 port 58534:11: disconnected by user [preauth]
Jun 23 04:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: Disconnected from 208.115.214.194 port 58534 [preauth]
Jun 23 04:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11238]: Failed password for root from 144.225.187.123 port 54724 ssh2
Jun 23 04:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11238]: Connection closed by 144.225.187.123 port 54724 [preauth]
Jun 23 04:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session closed for user root
Jun 23 04:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Failed password for root from 144.225.187.123 port 50810 ssh2
Jun 23 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Connection closed by 144.225.187.123 port 50810 [preauth]
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11356]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: Successful su for rubyman by root
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: + ??? root:rubyman
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575256 of user rubyman.
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575256.
Jun 23 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8596]: pam_unix(cron:session): session closed for user root
Jun 23 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11630]: Did not receive identification string from 91.92.40.12
Jun 23 04:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10488]: pam_unix(cron:session): session closed for user root
Jun 23 04:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: Failed password for root from 144.225.187.123 port 46720 ssh2
Jun 23 04:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: Connection closed by 144.225.187.123 port 46720 [preauth]
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11812]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11879]: Successful su for rubyman by root
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11879]: + ??? root:rubyman
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575260 of user rubyman.
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11879]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575260.
Jun 23 04:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session closed for user root
Jun 23 04:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: Failed password for root from 144.225.187.123 port 37250 ssh2
Jun 23 04:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: Connection closed by 144.225.187.123 port 37250 [preauth]
Jun 23 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10912]: pam_unix(cron:session): session closed for user root
Jun 23 04:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 04:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: Failed password for root from 144.225.187.123 port 52370 ssh2
Jun 23 04:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: Connection closed by 144.225.187.123 port 52370 [preauth]
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12419]: Successful su for rubyman by root
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12419]: + ??? root:rubyman
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575264 of user rubyman.
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12419]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575264.
Jun 23 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session closed for user root
Jun 23 04:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 04:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Invalid user pi from 144.225.187.123
Jun 23 04:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: input_userauth_request: invalid user pi [preauth]
Jun 23 04:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: Failed password for root from 91.92.40.12 port 44808 ssh2
Jun 23 04:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: Connection closed by 91.92.40.12 port 44808 [preauth]
Jun 23 04:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Failed password for invalid user pi from 144.225.187.123 port 50704 ssh2
Jun 23 04:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Connection closed by 144.225.187.123 port 50704 [preauth]
Jun 23 04:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session closed for user root
Jun 23 04:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: Invalid user oracle from 144.225.187.123
Jun 23 04:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: input_userauth_request: invalid user oracle [preauth]
Jun 23 04:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12767]: pam_unix(cron:session): session closed for user p13x
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12838]: Successful su for rubyman by root
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12838]: + ??? root:rubyman
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575269 of user rubyman.
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12838]: pam_unix(su:session): session closed for user rubyman
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575269.
Jun 23 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: Failed password for invalid user oracle from 144.225.187.123 port 32804 ssh2
Jun 23 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: Connection closed by 144.225.187.123 port 32804 [preauth]
Jun 23 04:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session closed for user root
Jun 23 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12768]: pam_unix(cron:session): session closed for user samftp
Jun 23 04:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 04:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: Failed password for root from 103.15.222.183 port 42368 ssh2
Jun 23 04:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: Connection closed by 103.15.222.183 port 42368 [preauth]
Jun 23 04:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 04:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11815]: pam_unix(cron:session): session closed for user root
Jun 23 04:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Invalid user mcserver from 144.225.187.123
Jun 23 04:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: input_userauth_request: invalid user mcserver [preauth]
Jun 23 04:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 04:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 04:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Failed password for invalid user mcserver from 144.225.187.123 port 45274 ssh2
Jun 23 04:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Connection closed by 144.225.187.123 port 45274 [preauth]
Jun 23 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13198]: pam_unix(cron:session): session closed for user root
Jun 23 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13203]: pam_unix(cron:session): session closed for user root
Jun 23 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13289]: Successful su for rubyman by root
Jun 23 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13289]: + ??? root:rubyman
Jun 23 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575272 of user rubyman.
Jun 23 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13289]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575272.
Jun 23 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10487]: pam_unix(cron:session): session closed for user root
Jun 23 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13199]: pam_unix(cron:session): session closed for user root
Jun 23 05:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13197]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Invalid user adam from 144.225.187.123
Jun 23 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: input_userauth_request: invalid user adam [preauth]
Jun 23 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Failed password for invalid user adam from 144.225.187.123 port 50510 ssh2
Jun 23 05:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Connection closed by 144.225.187.123 port 50510 [preauth]
Jun 23 05:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: Failed password for root from 91.92.40.12 port 33516 ssh2
Jun 23 05:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: Connection closed by 91.92.40.12 port 33516 [preauth]
Jun 23 05:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12240]: pam_unix(cron:session): session closed for user root
Jun 23 05:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Invalid user ts3 from 144.225.187.123
Jun 23 05:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 05:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Failed password for invalid user ts3 from 144.225.187.123 port 57350 ssh2
Jun 23 05:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Connection closed by 144.225.187.123 port 57350 [preauth]
Jun 23 05:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: Received disconnect from 172.245.225.106 port 41474:11: disconnected by user [preauth]
Jun 23 05:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: Disconnected from 172.245.225.106 port 41474 [preauth]
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13695]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13774]: Successful su for rubyman by root
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13774]: + ??? root:rubyman
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575280 of user rubyman.
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13774]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575280.
Jun 23 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session closed for user root
Jun 23 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13696]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: Invalid user test from 144.225.187.123
Jun 23 05:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: input_userauth_request: invalid user test [preauth]
Jun 23 05:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: Failed password for invalid user test from 144.225.187.123 port 54344 ssh2
Jun 23 05:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: Connection closed by 144.225.187.123 port 54344 [preauth]
Jun 23 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12770]: pam_unix(cron:session): session closed for user root
Jun 23 05:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Failed password for root from 144.225.187.123 port 39006 ssh2
Jun 23 05:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Connection closed by 144.225.187.123 port 39006 [preauth]
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14111]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14177]: Successful su for rubyman by root
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14177]: + ??? root:rubyman
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575283 of user rubyman.
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14177]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575283.
Jun 23 05:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session closed for user root
Jun 23 05:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14112]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Failed password for root from 144.225.187.123 port 42312 ssh2
Jun 23 05:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Connection closed by 144.225.187.123 port 42312 [preauth]
Jun 23 05:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13202]: pam_unix(cron:session): session closed for user root
Jun 23 05:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Failed password for root from 91.92.40.12 port 37064 ssh2
Jun 23 05:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Connection closed by 91.92.40.12 port 37064 [preauth]
Jun 23 05:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14509]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14569]: Successful su for rubyman by root
Jun 23 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14569]: + ??? root:rubyman
Jun 23 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575288 of user rubyman.
Jun 23 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14569]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575288.
Jun 23 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11814]: pam_unix(cron:session): session closed for user root
Jun 23 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: Failed password for root from 144.225.187.123 port 38748 ssh2
Jun 23 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: Connection closed by 144.225.187.123 port 38748 [preauth]
Jun 23 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14510]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 05:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Failed password for root from 193.24.211.107 port 42101 ssh2
Jun 23 05:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Received disconnect from 193.24.211.107 port 42101:11: Client disconnecting normally [preauth]
Jun 23 05:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Disconnected from 193.24.211.107 port 42101 [preauth]
Jun 23 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session closed for user root
Jun 23 05:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Failed password for root from 144.225.187.123 port 39978 ssh2
Jun 23 05:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Connection closed by 144.225.187.123 port 39978 [preauth]
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14995]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15055]: Successful su for rubyman by root
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15055]: + ??? root:rubyman
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575292 of user rubyman.
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15055]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575292.
Jun 23 05:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12239]: pam_unix(cron:session): session closed for user root
Jun 23 05:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14996]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: Failed password for root from 144.225.187.123 port 40970 ssh2
Jun 23 05:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: Connection closed by 144.225.187.123 port 40970 [preauth]
Jun 23 05:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14114]: pam_unix(cron:session): session closed for user root
Jun 23 05:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: Failed password for root from 91.92.40.12 port 39564 ssh2
Jun 23 05:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: Connection closed by 91.92.40.12 port 39564 [preauth]
Jun 23 05:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Failed password for root from 144.225.187.123 port 60664 ssh2
Jun 23 05:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Connection closed by 144.225.187.123 port 60664 [preauth]
Jun 23 05:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Invalid user admin from 141.98.83.240
Jun 23 05:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15401]: pam_unix(cron:session): session closed for user root
Jun 23 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Failed password for invalid user admin from 141.98.83.240 port 65434 ssh2
Jun 23 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15467]: Successful su for rubyman by root
Jun 23 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15467]: + ??? root:rubyman
Jun 23 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575297 of user rubyman.
Jun 23 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15467]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575297.
Jun 23 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Failed password for invalid user admin from 141.98.83.240 port 65434 ssh2
Jun 23 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15397]: pam_unix(cron:session): session closed for user root
Jun 23 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12769]: pam_unix(cron:session): session closed for user root
Jun 23 05:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Failed password for invalid user admin from 141.98.83.240 port 65434 ssh2
Jun 23 05:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Connection closed by 141.98.83.240 port 65434 [preauth]
Jun 23 05:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 05:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15695]: Failed password for root from 144.225.187.123 port 37746 ssh2
Jun 23 05:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15695]: Connection closed by 144.225.187.123 port 37746 [preauth]
Jun 23 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session closed for user root
Jun 23 05:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Failed password for root from 144.225.187.123 port 50898 ssh2
Jun 23 05:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Connection closed by 144.225.187.123 port 50898 [preauth]
Jun 23 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15825]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15891]: Successful su for rubyman by root
Jun 23 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15891]: + ??? root:rubyman
Jun 23 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575302 of user rubyman.
Jun 23 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15891]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575302.
Jun 23 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13200]: pam_unix(cron:session): session closed for user root
Jun 23 05:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15826]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: Failed password for root from 144.225.187.123 port 37416 ssh2
Jun 23 05:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: Connection closed by 144.225.187.123 port 37416 [preauth]
Jun 23 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14998]: pam_unix(cron:session): session closed for user root
Jun 23 05:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: Failed password for root from 91.92.40.12 port 34286 ssh2
Jun 23 05:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16190]: Connection closed by 91.92.40.12 port 34286 [preauth]
Jun 23 05:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16220]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16279]: Successful su for rubyman by root
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16279]: + ??? root:rubyman
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575305 of user rubyman.
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16279]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575305.
Jun 23 05:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13698]: pam_unix(cron:session): session closed for user root
Jun 23 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Failed password for root from 144.225.187.123 port 37922 ssh2
Jun 23 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Connection closed by 144.225.187.123 port 37922 [preauth]
Jun 23 05:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16222]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: Invalid user user from 45.148.10.121
Jun 23 05:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: input_userauth_request: invalid user user [preauth]
Jun 23 05:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 05:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: Failed password for invalid user user from 45.148.10.121 port 37206 ssh2
Jun 23 05:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: Connection closed by 45.148.10.121 port 37206 [preauth]
Jun 23 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15400]: pam_unix(cron:session): session closed for user root
Jun 23 05:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16554]: Failed password for root from 144.225.187.123 port 48660 ssh2
Jun 23 05:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16554]: Connection closed by 144.225.187.123 port 48660 [preauth]
Jun 23 05:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 05:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: Failed password for root from 103.172.78.219 port 33922 ssh2
Jun 23 05:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: Connection closed by 103.172.78.219 port 33922 [preauth]
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16619]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16682]: Successful su for rubyman by root
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16682]: + ??? root:rubyman
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575309 of user rubyman.
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16682]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575309.
Jun 23 05:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14113]: pam_unix(cron:session): session closed for user root
Jun 23 05:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16620]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Failed password for root from 144.225.187.123 port 37918 ssh2
Jun 23 05:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Connection closed by 144.225.187.123 port 37918 [preauth]
Jun 23 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15828]: pam_unix(cron:session): session closed for user root
Jun 23 05:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17090]: Failed password for root from 91.92.40.12 port 43106 ssh2
Jun 23 05:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17090]: Connection closed by 91.92.40.12 port 43106 [preauth]
Jun 23 05:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: Failed password for root from 144.225.187.123 port 55454 ssh2
Jun 23 05:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: Connection closed by 144.225.187.123 port 55454 [preauth]
Jun 23 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17129]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17236]: Successful su for rubyman by root
Jun 23 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17236]: + ??? root:rubyman
Jun 23 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575313 of user rubyman.
Jun 23 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17236]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575313.
Jun 23 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17127]: pam_unix(cron:session): session closed for user root
Jun 23 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14511]: pam_unix(cron:session): session closed for user root
Jun 23 05:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17130]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: Failed password for root from 144.225.187.123 port 36394 ssh2
Jun 23 05:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: Connection closed by 144.225.187.123 port 36394 [preauth]
Jun 23 05:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 05:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: Failed password for root from 80.66.85.226 port 55962 ssh2
Jun 23 05:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17539]: Connection closed by 80.66.85.226 port 55962 [preauth]
Jun 23 05:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16224]: pam_unix(cron:session): session closed for user root
Jun 23 05:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: Failed password for root from 144.225.187.123 port 45946 ssh2
Jun 23 05:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: Connection closed by 144.225.187.123 port 45946 [preauth]
Jun 23 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17630]: pam_unix(cron:session): session closed for user root
Jun 23 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17625]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17782]: Successful su for rubyman by root
Jun 23 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17782]: + ??? root:rubyman
Jun 23 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575320 of user rubyman.
Jun 23 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17782]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575320.
Jun 23 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session closed for user root
Jun 23 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14997]: pam_unix(cron:session): session closed for user root
Jun 23 05:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Received disconnect from 50.7.127.99 port 5940:11: disconnected by user [preauth]
Jun 23 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Disconnected from 50.7.127.99 port 5940 [preauth]
Jun 23 05:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session closed for user root
Jun 23 05:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18079]: Failed password for root from 144.225.187.123 port 60706 ssh2
Jun 23 05:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18079]: Connection closed by 144.225.187.123 port 60706 [preauth]
Jun 23 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Failed password for root from 91.92.40.12 port 51112 ssh2
Jun 23 05:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Connection closed by 91.92.40.12 port 51112 [preauth]
Jun 23 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18173]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18250]: Successful su for rubyman by root
Jun 23 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18250]: + ??? root:rubyman
Jun 23 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575324 of user rubyman.
Jun 23 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18250]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575324.
Jun 23 05:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15399]: pam_unix(cron:session): session closed for user root
Jun 23 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18174]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: Invalid user huawei from 144.225.187.123
Jun 23 05:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: input_userauth_request: invalid user huawei [preauth]
Jun 23 05:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: Failed password for invalid user huawei from 144.225.187.123 port 43218 ssh2
Jun 23 05:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: Connection closed by 144.225.187.123 port 43218 [preauth]
Jun 23 05:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session closed for user root
Jun 23 05:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: Invalid user sysadmin from 144.225.187.123
Jun 23 05:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: input_userauth_request: invalid user sysadmin [preauth]
Jun 23 05:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: Failed password for invalid user sysadmin from 144.225.187.123 port 54760 ssh2
Jun 23 05:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: Connection closed by 144.225.187.123 port 54760 [preauth]
Jun 23 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18690]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18758]: Successful su for rubyman by root
Jun 23 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18758]: + ??? root:rubyman
Jun 23 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575329 of user rubyman.
Jun 23 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18758]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575329.
Jun 23 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15827]: pam_unix(cron:session): session closed for user root
Jun 23 05:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18692]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18990]: Failed password for root from 144.225.187.123 port 50756 ssh2
Jun 23 05:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18990]: Connection closed by 144.225.187.123 port 50756 [preauth]
Jun 23 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session closed for user root
Jun 23 05:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: Failed password for root from 91.92.40.12 port 60102 ssh2
Jun 23 05:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: Connection closed by 91.92.40.12 port 60102 [preauth]
Jun 23 05:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19112]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: Failed password for root from 144.225.187.123 port 35488 ssh2
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19270]: Successful su for rubyman by root
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19270]: + ??? root:rubyman
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575333 of user rubyman.
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19270]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575333.
Jun 23 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: Connection closed by 144.225.187.123 port 35488 [preauth]
Jun 23 05:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16223]: pam_unix(cron:session): session closed for user root
Jun 23 05:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19113]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18176]: pam_unix(cron:session): session closed for user root
Jun 23 05:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19724]: Failed password for root from 144.225.187.123 port 42912 ssh2
Jun 23 05:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19724]: Connection closed by 144.225.187.123 port 42912 [preauth]
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19899]: Successful su for rubyman by root
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19899]: + ??? root:rubyman
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575336 of user rubyman.
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19899]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575336.
Jun 23 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session closed for user root
Jun 23 05:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: Failed password for root from 144.225.187.123 port 34308 ssh2
Jun 23 05:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: Connection closed by 144.225.187.123 port 34308 [preauth]
Jun 23 05:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20235]: Failed password for root from 91.92.40.12 port 55908 ssh2
Jun 23 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20235]: Connection closed by 91.92.40.12 port 55908 [preauth]
Jun 23 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18694]: pam_unix(cron:session): session closed for user root
Jun 23 05:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Failed password for root from 144.225.187.123 port 35586 ssh2
Jun 23 05:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Connection closed by 144.225.187.123 port 35586 [preauth]
Jun 23 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20336]: pam_unix(cron:session): session closed for user root
Jun 23 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: Successful su for rubyman by root
Jun 23 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: + ??? root:rubyman
Jun 23 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575342 of user rubyman.
Jun 23 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575342.
Jun 23 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17131]: pam_unix(cron:session): session closed for user root
Jun 23 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20332]: pam_unix(cron:session): session closed for user root
Jun 23 05:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: Failed password for root from 144.225.187.123 port 47414 ssh2
Jun 23 05:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: Connection closed by 144.225.187.123 port 47414 [preauth]
Jun 23 05:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session closed for user root
Jun 23 05:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20869]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20946]: Successful su for rubyman by root
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20946]: + ??? root:rubyman
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575347 of user rubyman.
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20946]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575347.
Jun 23 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20863]: Failed password for root from 144.225.187.123 port 39244 ssh2
Jun 23 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20863]: Connection closed by 144.225.187.123 port 39244 [preauth]
Jun 23 05:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Failed password for root from 103.176.20.57 port 57320 ssh2
Jun 23 05:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Connection closed by 103.176.20.57 port 57320 [preauth]
Jun 23 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session closed for user root
Jun 23 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20870]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Failed password for root from 91.92.40.12 port 34356 ssh2
Jun 23 05:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Connection closed by 91.92.40.12 port 34356 [preauth]
Jun 23 05:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19831]: pam_unix(cron:session): session closed for user root
Jun 23 05:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: Failed password for root from 144.225.187.123 port 54650 ssh2
Jun 23 05:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: Connection closed by 144.225.187.123 port 54650 [preauth]
Jun 23 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21289]: pam_unix(cron:session): session closed for user root
Jun 23 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21291]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21361]: Successful su for rubyman by root
Jun 23 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21361]: + ??? root:rubyman
Jun 23 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575350 of user rubyman.
Jun 23 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21361]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575350.
Jun 23 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18175]: pam_unix(cron:session): session closed for user root
Jun 23 05:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21292]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21561]: Failed password for root from 144.225.187.123 port 37730 ssh2
Jun 23 05:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21561]: Connection closed by 144.225.187.123 port 37730 [preauth]
Jun 23 05:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20334]: pam_unix(cron:session): session closed for user root
Jun 23 05:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Failed password for root from 144.225.187.123 port 40656 ssh2
Jun 23 05:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Connection closed by 144.225.187.123 port 40656 [preauth]
Jun 23 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21795]: Successful su for rubyman by root
Jun 23 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21795]: + ??? root:rubyman
Jun 23 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575356 of user rubyman.
Jun 23 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21795]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575356.
Jun 23 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18693]: pam_unix(cron:session): session closed for user root
Jun 23 05:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21730]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: Failed password for root from 91.92.40.12 port 56800 ssh2
Jun 23 05:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: Connection closed by 91.92.40.12 port 56800 [preauth]
Jun 23 05:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: Failed password for root from 144.225.187.123 port 48672 ssh2
Jun 23 05:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: Connection closed by 144.225.187.123 port 48672 [preauth]
Jun 23 05:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20872]: pam_unix(cron:session): session closed for user root
Jun 23 05:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22130]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22200]: Successful su for rubyman by root
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22200]: + ??? root:rubyman
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575359 of user rubyman.
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22200]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575359.
Jun 23 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22127]: Failed password for root from 144.225.187.123 port 35998 ssh2
Jun 23 05:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22127]: Connection closed by 144.225.187.123 port 35998 [preauth]
Jun 23 05:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19114]: pam_unix(cron:session): session closed for user root
Jun 23 05:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22132]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: Failed password for root from 193.24.211.107 port 18306 ssh2
Jun 23 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: Received disconnect from 193.24.211.107 port 18306:11: Client disconnecting normally [preauth]
Jun 23 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: Disconnected from 193.24.211.107 port 18306 [preauth]
Jun 23 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21294]: pam_unix(cron:session): session closed for user root
Jun 23 05:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: Failed password for root from 144.225.187.123 port 44336 ssh2
Jun 23 05:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: Connection closed by 144.225.187.123 port 44336 [preauth]
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22635]: pam_unix(cron:session): session closed for user root
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22630]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22701]: Successful su for rubyman by root
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22701]: + ??? root:rubyman
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575365 of user rubyman.
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22701]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575365.
Jun 23 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22632]: pam_unix(cron:session): session closed for user root
Jun 23 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19830]: pam_unix(cron:session): session closed for user root
Jun 23 05:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22631]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: Failed password for root from 144.225.187.123 port 42006 ssh2
Jun 23 05:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: Connection closed by 144.225.187.123 port 42006 [preauth]
Jun 23 05:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Failed password for root from 91.92.40.12 port 50962 ssh2
Jun 23 05:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Connection closed by 91.92.40.12 port 50962 [preauth]
Jun 23 05:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: Invalid user camryn from 2.57.121.112
Jun 23 05:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: input_userauth_request: invalid user camryn [preauth]
Jun 23 05:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 05:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: Failed password for invalid user camryn from 2.57.121.112 port 9480 ssh2
Jun 23 05:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: Failed password for invalid user camryn from 2.57.121.112 port 9480 ssh2
Jun 23 05:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: Failed password for invalid user camryn from 2.57.121.112 port 9480 ssh2
Jun 23 05:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: Failed password for invalid user camryn from 2.57.121.112 port 9480 ssh2
Jun 23 05:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: Failed password for invalid user camryn from 2.57.121.112 port 9480 ssh2
Jun 23 05:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: Connection closed by 2.57.121.112 port 9480 [preauth]
Jun 23 05:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 05:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22955]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 05:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21732]: pam_unix(cron:session): session closed for user root
Jun 23 05:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 05:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Failed password for root from 103.82.20.28 port 53436 ssh2
Jun 23 05:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Connection closed by 103.82.20.28 port 53436 [preauth]
Jun 23 05:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23042]: Failed password for root from 144.225.187.123 port 43396 ssh2
Jun 23 05:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23042]: Connection closed by 144.225.187.123 port 43396 [preauth]
Jun 23 05:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 05:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: Failed password for root from 103.27.238.114 port 33628 ssh2
Jun 23 05:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: Connection closed by 103.27.238.114 port 33628 [preauth]
Jun 23 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23076]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23143]: Successful su for rubyman by root
Jun 23 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23143]: + ??? root:rubyman
Jun 23 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575371 of user rubyman.
Jun 23 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23143]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575371.
Jun 23 05:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session closed for user root
Jun 23 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23077]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23380]: Failed password for root from 144.225.187.123 port 51840 ssh2
Jun 23 05:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23380]: Connection closed by 144.225.187.123 port 51840 [preauth]
Jun 23 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22138]: pam_unix(cron:session): session closed for user root
Jun 23 05:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: Failed password for root from 144.225.187.123 port 48274 ssh2
Jun 23 05:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: Connection closed by 144.225.187.123 port 48274 [preauth]
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23568]: Successful su for rubyman by root
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23568]: + ??? root:rubyman
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575374 of user rubyman.
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23568]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575374.
Jun 23 05:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20871]: pam_unix(cron:session): session closed for user root
Jun 23 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23505]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23781]: Failed password for root from 91.92.40.12 port 49924 ssh2
Jun 23 05:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23781]: Connection closed by 91.92.40.12 port 49924 [preauth]
Jun 23 05:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 05:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: Failed password for root from 103.77.242.62 port 46394 ssh2
Jun 23 05:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: Connection closed by 103.77.242.62 port 46394 [preauth]
Jun 23 05:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23936]: User mysql from 144.225.187.123 not allowed because not listed in AllowUsers
Jun 23 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23936]: input_userauth_request: invalid user mysql [preauth]
Jun 23 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=mysql
Jun 23 05:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23936]: Failed password for invalid user mysql from 144.225.187.123 port 55406 ssh2
Jun 23 05:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23936]: Connection closed by 144.225.187.123 port 55406 [preauth]
Jun 23 05:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22634]: pam_unix(cron:session): session closed for user root
Jun 23 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24037]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24097]: Successful su for rubyman by root
Jun 23 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24097]: + ??? root:rubyman
Jun 23 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575377 of user rubyman.
Jun 23 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24097]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575377.
Jun 23 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21293]: pam_unix(cron:session): session closed for user root
Jun 23 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24038]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Invalid user max from 144.225.187.123
Jun 23 05:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: input_userauth_request: invalid user max [preauth]
Jun 23 05:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Failed password for invalid user max from 144.225.187.123 port 54622 ssh2
Jun 23 05:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Connection closed by 144.225.187.123 port 54622 [preauth]
Jun 23 05:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23079]: pam_unix(cron:session): session closed for user root
Jun 23 05:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: Invalid user master from 144.225.187.123
Jun 23 05:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: input_userauth_request: invalid user master [preauth]
Jun 23 05:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: Failed password for invalid user master from 144.225.187.123 port 38544 ssh2
Jun 23 05:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: Connection closed by 144.225.187.123 port 38544 [preauth]
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24455]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24523]: Successful su for rubyman by root
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24523]: + ??? root:rubyman
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575381 of user rubyman.
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24523]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575381.
Jun 23 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session closed for user root
Jun 23 05:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24456]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24729]: Failed password for root from 91.92.40.12 port 57862 ssh2
Jun 23 05:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24729]: Connection closed by 91.92.40.12 port 57862 [preauth]
Jun 23 05:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24753]: Invalid user ftpadmin from 144.225.187.123
Jun 23 05:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24753]: input_userauth_request: invalid user ftpadmin [preauth]
Jun 23 05:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24753]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24753]: Failed password for invalid user ftpadmin from 144.225.187.123 port 51226 ssh2
Jun 23 05:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24753]: Connection closed by 144.225.187.123 port 51226 [preauth]
Jun 23 05:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23507]: pam_unix(cron:session): session closed for user root
Jun 23 05:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: Invalid user dspace from 144.225.187.123
Jun 23 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: input_userauth_request: invalid user dspace [preauth]
Jun 23 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: Failed password for invalid user dspace from 144.225.187.123 port 33876 ssh2
Jun 23 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: Connection closed by 144.225.187.123 port 33876 [preauth]
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session closed for user root
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: Successful su for rubyman by root
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: + ??? root:rubyman
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575386 of user rubyman.
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575386.
Jun 23 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22137]: pam_unix(cron:session): session closed for user root
Jun 23 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24883]: pam_unix(cron:session): session closed for user root
Jun 23 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Failed password for root from 147.45.199.80 port 56254 ssh2
Jun 23 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Connection closed by 147.45.199.80 port 56254 [preauth]
Jun 23 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24882]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: Invalid user admin from 144.225.187.123
Jun 23 05:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: Failed password for invalid user admin from 144.225.187.123 port 46408 ssh2
Jun 23 05:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: Connection closed by 144.225.187.123 port 46408 [preauth]
Jun 23 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24040]: pam_unix(cron:session): session closed for user root
Jun 23 05:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25320]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25388]: Successful su for rubyman by root
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25388]: + ??? root:rubyman
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575392 of user rubyman.
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25388]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575392.
Jun 23 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25407]: Failed password for root from 91.92.40.12 port 60356 ssh2
Jun 23 05:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22633]: pam_unix(cron:session): session closed for user root
Jun 23 05:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25407]: Connection closed by 91.92.40.12 port 60356 [preauth]
Jun 23 05:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25310]: Failed password for root from 144.225.187.123 port 59802 ssh2
Jun 23 05:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25310]: Connection closed by 144.225.187.123 port 59802 [preauth]
Jun 23 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25321]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Invalid user admin from 2.57.121.25
Jun 23 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 05:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Failed password for invalid user admin from 2.57.121.25 port 28884 ssh2
Jun 23 05:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Failed password for invalid user admin from 2.57.121.25 port 28884 ssh2
Jun 23 05:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Failed password for invalid user admin from 2.57.121.25 port 28884 ssh2
Jun 23 05:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Connection closed by 2.57.121.25 port 28884 [preauth]
Jun 23 05:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 05:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24458]: pam_unix(cron:session): session closed for user root
Jun 23 05:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: Failed password for root from 144.225.187.123 port 33356 ssh2
Jun 23 05:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: Connection closed by 144.225.187.123 port 33356 [preauth]
Jun 23 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25780]: Successful su for rubyman by root
Jun 23 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25780]: + ??? root:rubyman
Jun 23 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575395 of user rubyman.
Jun 23 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25780]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575395.
Jun 23 05:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23078]: pam_unix(cron:session): session closed for user root
Jun 23 05:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Failed password for root from 144.225.187.123 port 48428 ssh2
Jun 23 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Connection closed by 144.225.187.123 port 48428 [preauth]
Jun 23 05:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 05:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Failed password for root from 103.82.132.16 port 49704 ssh2
Jun 23 05:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Connection closed by 103.82.132.16 port 49704 [preauth]
Jun 23 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24885]: pam_unix(cron:session): session closed for user root
Jun 23 05:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: Failed password for root from 144.225.187.123 port 41020 ssh2
Jun 23 05:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: Connection closed by 144.225.187.123 port 41020 [preauth]
Jun 23 05:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Failed password for root from 91.92.40.12 port 54470 ssh2
Jun 23 05:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Connection closed by 91.92.40.12 port 54470 [preauth]
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: Successful su for rubyman by root
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: + ??? root:rubyman
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575399 of user rubyman.
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575399.
Jun 23 05:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23506]: pam_unix(cron:session): session closed for user root
Jun 23 05:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: Failed password for root from 144.225.187.123 port 49446 ssh2
Jun 23 05:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: Connection closed by 144.225.187.123 port 49446 [preauth]
Jun 23 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25323]: pam_unix(cron:session): session closed for user root
Jun 23 05:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Failed password for root from 144.225.187.123 port 42362 ssh2
Jun 23 05:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Connection closed by 144.225.187.123 port 42362 [preauth]
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26516]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26578]: Successful su for rubyman by root
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26578]: + ??? root:rubyman
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575403 of user rubyman.
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26578]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575403.
Jun 23 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24039]: pam_unix(cron:session): session closed for user root
Jun 23 05:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26517]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session closed for user root
Jun 23 05:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Failed password for root from 144.225.187.123 port 55070 ssh2
Jun 23 05:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Connection closed by 144.225.187.123 port 55070 [preauth]
Jun 23 05:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Failed password for root from 91.92.40.12 port 32888 ssh2
Jun 23 05:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Connection closed by 91.92.40.12 port 32888 [preauth]
Jun 23 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27008]: pam_unix(cron:session): session closed for user root
Jun 23 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27003]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27072]: Successful su for rubyman by root
Jun 23 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27072]: + ??? root:rubyman
Jun 23 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575409 of user rubyman.
Jun 23 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27072]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575409.
Jun 23 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24457]: pam_unix(cron:session): session closed for user root
Jun 23 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session closed for user root
Jun 23 05:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27004]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Failed password for root from 144.225.187.123 port 45052 ssh2
Jun 23 05:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Connection closed by 144.225.187.123 port 45052 [preauth]
Jun 23 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session closed for user root
Jun 23 05:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: Connection closed by 194.59.206.2 port 33536 [preauth]
Jun 23 05:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: Invalid user user from 193.46.255.86
Jun 23 05:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: input_userauth_request: invalid user user [preauth]
Jun 23 05:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 05:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: Failed password for invalid user user from 193.46.255.86 port 28754 ssh2
Jun 23 05:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: Failed password for invalid user user from 193.46.255.86 port 28754 ssh2
Jun 23 05:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: Failed password for invalid user user from 193.46.255.86 port 28754 ssh2
Jun 23 05:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: Connection closed by 193.46.255.86 port 28754 [preauth]
Jun 23 05:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 05:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: Failed password for root from 144.225.187.123 port 55608 ssh2
Jun 23 05:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: Connection closed by 144.225.187.123 port 55608 [preauth]
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27458]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27534]: Successful su for rubyman by root
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27534]: + ??? root:rubyman
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575413 of user rubyman.
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27534]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575413.
Jun 23 05:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24884]: pam_unix(cron:session): session closed for user root
Jun 23 05:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27459]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: Failed password for root from 144.225.187.123 port 60796 ssh2
Jun 23 05:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: Connection closed by 144.225.187.123 port 60796 [preauth]
Jun 23 05:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26519]: pam_unix(cron:session): session closed for user root
Jun 23 05:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Failed password for root from 91.92.40.12 port 36580 ssh2
Jun 23 05:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Connection closed by 91.92.40.12 port 36580 [preauth]
Jun 23 05:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 05:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Failed password for root from 103.149.28.157 port 58054 ssh2
Jun 23 05:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Connection closed by 103.149.28.157 port 58054 [preauth]
Jun 23 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 05:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Failed password for root from 38.93.206.2 port 17164 ssh2
Jun 23 05:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Connection closed by 38.93.206.2 port 17164 [preauth]
Jun 23 05:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Failed password for root from 144.225.187.123 port 42388 ssh2
Jun 23 05:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Connection closed by 144.225.187.123 port 42388 [preauth]
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27885]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: Successful su for rubyman by root
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: + ??? root:rubyman
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575417 of user rubyman.
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575417.
Jun 23 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25322]: pam_unix(cron:session): session closed for user root
Jun 23 05:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 23 05:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: Failed password for root from 46.19.67.181 port 55990 ssh2
Jun 23 05:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: Connection closed by 46.19.67.181 port 55990 [preauth]
Jun 23 05:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Failed password for root from 144.225.187.123 port 55120 ssh2
Jun 23 05:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Connection closed by 144.225.187.123 port 55120 [preauth]
Jun 23 05:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27007]: pam_unix(cron:session): session closed for user root
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28347]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28405]: Successful su for rubyman by root
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28405]: + ??? root:rubyman
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575421 of user rubyman.
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28405]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575421.
Jun 23 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session closed for user root
Jun 23 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28348]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28654]: Failed password for root from 144.225.187.123 port 51912 ssh2
Jun 23 05:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28654]: Connection closed by 144.225.187.123 port 51912 [preauth]
Jun 23 05:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: Failed password for root from 91.92.40.12 port 59234 ssh2
Jun 23 05:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: Connection closed by 91.92.40.12 port 59234 [preauth]
Jun 23 05:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27461]: pam_unix(cron:session): session closed for user root
Jun 23 05:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28792]: Failed password for root from 144.225.187.123 port 33130 ssh2
Jun 23 05:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28792]: Connection closed by 144.225.187.123 port 33130 [preauth]
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28841]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28914]: Successful su for rubyman by root
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28914]: + ??? root:rubyman
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575426 of user rubyman.
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28914]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575426.
Jun 23 05:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session closed for user root
Jun 23 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28842]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29139]: Failed password for root from 144.225.187.123 port 53710 ssh2
Jun 23 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29139]: Connection closed by 144.225.187.123 port 53710 [preauth]
Jun 23 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27888]: pam_unix(cron:session): session closed for user root
Jun 23 05:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: Failed password for root from 144.225.187.123 port 55372 ssh2
Jun 23 05:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: Connection closed by 144.225.187.123 port 55372 [preauth]
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29288]: pam_unix(cron:session): session closed for user root
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29277]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29348]: Successful su for rubyman by root
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29348]: + ??? root:rubyman
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575433 of user rubyman.
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29348]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575433.
Jun 23 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26518]: pam_unix(cron:session): session closed for user root
Jun 23 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29283]: pam_unix(cron:session): session closed for user root
Jun 23 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29278]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=root
Jun 23 05:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Failed password for root from 91.92.40.12 port 48738 ssh2
Jun 23 05:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Connection closed by 91.92.40.12 port 48738 [preauth]
Jun 23 05:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Invalid user humberto from 141.98.83.240
Jun 23 05:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: input_userauth_request: invalid user humberto [preauth]
Jun 23 05:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 05:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Failed password for invalid user humberto from 141.98.83.240 port 60228 ssh2
Jun 23 05:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 05:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Failed password for invalid user humberto from 141.98.83.240 port 60228 ssh2
Jun 23 05:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Failed password for root from 193.24.211.107 port 44512 ssh2
Jun 23 05:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Received disconnect from 193.24.211.107 port 44512:11: Client disconnecting normally [preauth]
Jun 23 05:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Disconnected from 193.24.211.107 port 44512 [preauth]
Jun 23 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Failed password for invalid user humberto from 141.98.83.240 port 60228 ssh2
Jun 23 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Connection closed by 141.98.83.240 port 60228 [preauth]
Jun 23 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 05:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: Failed password for root from 144.225.187.123 port 51634 ssh2
Jun 23 05:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: Connection closed by 144.225.187.123 port 51634 [preauth]
Jun 23 05:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28350]: pam_unix(cron:session): session closed for user root
Jun 23 05:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: Bad protocol version identification '' from 45.33.109.18 port 44349
Jun 23 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29856]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29926]: Successful su for rubyman by root
Jun 23 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29926]: + ??? root:rubyman
Jun 23 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575438 of user rubyman.
Jun 23 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29926]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575438.
Jun 23 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session closed for user root
Jun 23 05:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29857]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29945]: Failed password for root from 144.225.187.123 port 49378 ssh2
Jun 23 05:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29945]: Connection closed by 144.225.187.123 port 49378 [preauth]
Jun 23 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28844]: pam_unix(cron:session): session closed for user root
Jun 23 05:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Invalid user test from 144.225.187.123
Jun 23 05:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: input_userauth_request: invalid user test [preauth]
Jun 23 05:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Failed password for invalid user test from 144.225.187.123 port 53486 ssh2
Jun 23 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Connection closed by 144.225.187.123 port 53486 [preauth]
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30342]: Successful su for rubyman by root
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30342]: + ??? root:rubyman
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575441 of user rubyman.
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30342]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575441.
Jun 23 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: Invalid user admin from 91.92.40.12
Jun 23 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27460]: pam_unix(cron:session): session closed for user root
Jun 23 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: Failed password for invalid user admin from 91.92.40.12 port 50826 ssh2
Jun 23 05:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: Connection closed by 91.92.40.12 port 50826 [preauth]
Jun 23 05:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 05:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30527]: Failed password for root from 87.251.79.125 port 43332 ssh2
Jun 23 05:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30527]: Connection closed by 87.251.79.125 port 43332 [preauth]
Jun 23 05:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Invalid user test1 from 144.225.187.123
Jun 23 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: input_userauth_request: invalid user test1 [preauth]
Jun 23 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Failed password for invalid user test1 from 144.225.187.123 port 59306 ssh2
Jun 23 05:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Connection closed by 144.225.187.123 port 59306 [preauth]
Jun 23 05:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 05:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29286]: pam_unix(cron:session): session closed for user root
Jun 23 05:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: Failed password for root from 103.27.238.116 port 41556 ssh2
Jun 23 05:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: Connection closed by 103.27.238.116 port 41556 [preauth]
Jun 23 05:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Invalid user telnet from 144.225.187.123
Jun 23 05:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: input_userauth_request: invalid user telnet [preauth]
Jun 23 05:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Failed password for invalid user telnet from 144.225.187.123 port 38394 ssh2
Jun 23 05:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Connection closed by 144.225.187.123 port 38394 [preauth]
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30699]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30761]: Successful su for rubyman by root
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30761]: + ??? root:rubyman
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575445 of user rubyman.
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30761]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575445.
Jun 23 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27887]: pam_unix(cron:session): session closed for user root
Jun 23 05:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30700]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: Failed password for root from 144.225.187.123 port 58428 ssh2
Jun 23 05:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: Connection closed by 144.225.187.123 port 58428 [preauth]
Jun 23 05:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session closed for user root
Jun 23 05:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: Failed password for root from 103.122.221.179 port 39506 ssh2
Jun 23 05:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: Connection closed by 103.122.221.179 port 39506 [preauth]
Jun 23 05:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: Invalid user admin from 91.92.40.12
Jun 23 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: Failed password for invalid user admin from 91.92.40.12 port 59834 ssh2
Jun 23 05:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: Connection closed by 91.92.40.12 port 59834 [preauth]
Jun 23 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31212]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31340]: Successful su for rubyman by root
Jun 23 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31340]: + ??? root:rubyman
Jun 23 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575449 of user rubyman.
Jun 23 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31340]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575449.
Jun 23 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31210]: pam_unix(cron:session): session closed for user root
Jun 23 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28349]: pam_unix(cron:session): session closed for user root
Jun 23 05:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31213]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: Failed password for root from 144.225.187.123 port 40294 ssh2
Jun 23 05:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: Connection closed by 144.225.187.123 port 40294 [preauth]
Jun 23 05:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session closed for user root
Jun 23 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: Failed password for root from 144.225.187.123 port 39038 ssh2
Jun 23 05:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: Connection closed by 144.225.187.123 port 39038 [preauth]
Jun 23 05:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 05:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: Failed password for root from 62.133.62.83 port 56670 ssh2
Jun 23 05:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: Connection closed by 62.133.62.83 port 56670 [preauth]
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31817]: pam_unix(cron:session): session closed for user root
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31879]: Successful su for rubyman by root
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31879]: + ??? root:rubyman
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575455 of user rubyman.
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31879]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575455.
Jun 23 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31814]: pam_unix(cron:session): session closed for user root
Jun 23 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session closed for user root
Jun 23 05:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Failed password for root from 144.225.187.123 port 54812 ssh2
Jun 23 05:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Connection closed by 144.225.187.123 port 54812 [preauth]
Jun 23 05:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: Received disconnect from 51.79.99.235 port 33942:11: disconnected by user [preauth]
Jun 23 05:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: Disconnected from 51.79.99.235 port 33942 [preauth]
Jun 23 05:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30702]: pam_unix(cron:session): session closed for user root
Jun 23 05:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Invalid user admin from 91.92.40.12
Jun 23 05:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Failed password for invalid user admin from 91.92.40.12 port 33754 ssh2
Jun 23 05:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Connection closed by 91.92.40.12 port 33754 [preauth]
Jun 23 05:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Failed password for root from 144.225.187.123 port 39328 ssh2
Jun 23 05:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Connection closed by 144.225.187.123 port 39328 [preauth]
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32262]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32325]: Successful su for rubyman by root
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32325]: + ??? root:rubyman
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575458 of user rubyman.
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32325]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575458.
Jun 23 05:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29284]: pam_unix(cron:session): session closed for user root
Jun 23 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 05:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: Failed password for root from 202.178.126.219 port 14499 ssh2
Jun 23 05:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Failed password for root from 144.225.187.123 port 53250 ssh2
Jun 23 05:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Connection closed by 144.225.187.123 port 53250 [preauth]
Jun 23 05:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: Connection closed by 202.178.126.219 port 14499 [preauth]
Jun 23 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session closed for user root
Jun 23 05:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 23 05:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32607]: Failed password for root from 45.148.10.121 port 36500 ssh2
Jun 23 05:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32607]: Connection closed by 45.148.10.121 port 36500 [preauth]
Jun 23 05:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32680]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: Successful su for rubyman by root
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: + ??? root:rubyman
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575462 of user rubyman.
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575462.
Jun 23 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29858]: pam_unix(cron:session): session closed for user root
Jun 23 05:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: Failed password for root from 144.225.187.123 port 36942 ssh2
Jun 23 05:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32678]: Connection closed by 144.225.187.123 port 36942 [preauth]
Jun 23 05:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32681]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 05:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31816]: pam_unix(cron:session): session closed for user root
Jun 23 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: Failed password for root from 147.45.211.215 port 36028 ssh2
Jun 23 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: Connection closed by 147.45.211.215 port 36028 [preauth]
Jun 23 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Invalid user admin from 91.92.40.12
Jun 23 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Failed password for invalid user admin from 91.92.40.12 port 44978 ssh2
Jun 23 05:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Failed password for root from 144.225.187.123 port 58248 ssh2
Jun 23 05:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Connection closed by 144.225.187.123 port 58248 [preauth]
Jun 23 05:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Connection closed by 91.92.40.12 port 44978 [preauth]
Jun 23 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[782]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: Successful su for rubyman by root
Jun 23 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: + ??? root:rubyman
Jun 23 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575468 of user rubyman.
Jun 23 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575468.
Jun 23 05:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session closed for user root
Jun 23 05:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[783]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Failed password for root from 144.225.187.123 port 54748 ssh2
Jun 23 05:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Connection closed by 144.225.187.123 port 54748 [preauth]
Jun 23 05:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32265]: pam_unix(cron:session): session closed for user root
Jun 23 05:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1204]: Failed password for root from 144.225.187.123 port 58160 ssh2
Jun 23 05:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1204]: Connection closed by 144.225.187.123 port 58160 [preauth]
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1238]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: Successful su for rubyman by root
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: + ??? root:rubyman
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575472 of user rubyman.
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575472.
Jun 23 05:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30701]: pam_unix(cron:session): session closed for user root
Jun 23 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Invalid user admin from 91.92.40.12
Jun 23 05:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Failed password for root from 144.225.187.123 port 48040 ssh2
Jun 23 05:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Connection closed by 144.225.187.123 port 48040 [preauth]
Jun 23 05:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Failed password for invalid user admin from 91.92.40.12 port 49000 ssh2
Jun 23 05:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Connection closed by 91.92.40.12 port 49000 [preauth]
Jun 23 05:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session closed for user root
Jun 23 05:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: Failed password for root from 144.225.187.123 port 42370 ssh2
Jun 23 05:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: Connection closed by 144.225.187.123 port 42370 [preauth]
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1799]: pam_unix(cron:session): session closed for user root
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1794]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1862]: Successful su for rubyman by root
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1862]: + ??? root:rubyman
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575477 of user rubyman.
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1862]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575477.
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1873]: Did not receive identification string from 91.92.40.48
Jun 23 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1796]: pam_unix(cron:session): session closed for user root
Jun 23 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31214]: pam_unix(cron:session): session closed for user root
Jun 23 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1795]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2215]: Failed password for root from 144.225.187.123 port 51126 ssh2
Jun 23 05:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Failed password for root from 91.92.40.48 port 53954 ssh2
Jun 23 05:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Connection closed by 91.92.40.48 port 53954 [preauth]
Jun 23 05:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2215]: Connection closed by 144.225.187.123 port 51126 [preauth]
Jun 23 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session closed for user root
Jun 23 05:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Invalid user admin from 91.92.40.12
Jun 23 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2327]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2391]: Successful su for rubyman by root
Jun 23 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2391]: + ??? root:rubyman
Jun 23 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575480 of user rubyman.
Jun 23 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2391]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575480.
Jun 23 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Failed password for invalid user admin from 91.92.40.12 port 57974 ssh2
Jun 23 05:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Connection closed by 91.92.40.12 port 57974 [preauth]
Jun 23 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31815]: pam_unix(cron:session): session closed for user root
Jun 23 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2318]: Failed password for root from 144.225.187.123 port 57626 ssh2
Jun 23 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2318]: Connection closed by 144.225.187.123 port 57626 [preauth]
Jun 23 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2328]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1242]: pam_unix(cron:session): session closed for user root
Jun 23 05:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Failed password for root from 144.225.187.123 port 35674 ssh2
Jun 23 05:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Connection closed by 144.225.187.123 port 35674 [preauth]
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: Successful su for rubyman by root
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: + ??? root:rubyman
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575484 of user rubyman.
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575484.
Jun 23 05:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32264]: pam_unix(cron:session): session closed for user root
Jun 23 05:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2751]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Failed password for root from 144.225.187.123 port 42426 ssh2
Jun 23 05:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Connection closed by 144.225.187.123 port 42426 [preauth]
Jun 23 05:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1798]: pam_unix(cron:session): session closed for user root
Jun 23 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Invalid user csserver from 91.92.40.48
Jun 23 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: input_userauth_request: invalid user csserver [preauth]
Jun 23 05:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Failed password for invalid user csserver from 91.92.40.48 port 57782 ssh2
Jun 23 05:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Connection closed by 91.92.40.48 port 57782 [preauth]
Jun 23 05:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Invalid user admin from 91.92.40.12
Jun 23 05:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Failed password for root from 91.92.40.48 port 38790 ssh2
Jun 23 05:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for root from 144.225.187.123 port 52182 ssh2
Jun 23 05:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Connection closed by 144.225.187.123 port 52182 [preauth]
Jun 23 05:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Failed password for invalid user admin from 91.92.40.12 port 51504 ssh2
Jun 23 05:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Connection closed by 91.92.40.12 port 51504 [preauth]
Jun 23 05:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Connection closed by 91.92.40.48 port 38790 [preauth]
Jun 23 05:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Invalid user abuse from 91.92.40.48
Jun 23 05:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: input_userauth_request: invalid user abuse [preauth]
Jun 23 05:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Failed password for invalid user abuse from 91.92.40.48 port 24492 ssh2
Jun 23 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Connection closed by 91.92.40.48 port 24492 [preauth]
Jun 23 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: Invalid user cloudera from 91.92.40.48
Jun 23 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: input_userauth_request: invalid user cloudera [preauth]
Jun 23 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3154]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3212]: Successful su for rubyman by root
Jun 23 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3212]: + ??? root:rubyman
Jun 23 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575489 of user rubyman.
Jun 23 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3212]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575489.
Jun 23 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session closed for user root
Jun 23 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: Failed password for invalid user cloudera from 91.92.40.48 port 24516 ssh2
Jun 23 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: Connection closed by 91.92.40.48 port 24516 [preauth]
Jun 23 05:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3155]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: Invalid user lucas from 91.92.40.48
Jun 23 05:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: input_userauth_request: invalid user lucas [preauth]
Jun 23 05:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: Failed password for invalid user lucas from 91.92.40.48 port 40840 ssh2
Jun 23 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: Connection closed by 91.92.40.48 port 40840 [preauth]
Jun 23 05:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: Invalid user user1 from 91.92.40.48
Jun 23 05:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: input_userauth_request: invalid user user1 [preauth]
Jun 23 05:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: Failed password for invalid user user1 from 91.92.40.48 port 19782 ssh2
Jun 23 05:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Failed password for root from 144.225.187.123 port 57182 ssh2
Jun 23 05:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Connection closed by 144.225.187.123 port 57182 [preauth]
Jun 23 05:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3406]: Connection closed by 91.92.40.48 port 19782 [preauth]
Jun 23 05:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3429]: Invalid user tactical from 91.92.40.48
Jun 23 05:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3429]: input_userauth_request: invalid user tactical [preauth]
Jun 23 05:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3429]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3429]: Failed password for invalid user tactical from 91.92.40.48 port 19830 ssh2
Jun 23 05:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3429]: Connection closed by 91.92.40.48 port 19830 [preauth]
Jun 23 05:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session closed for user root
Jun 23 05:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: Invalid user jeff from 91.92.40.48
Jun 23 05:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: input_userauth_request: invalid user jeff [preauth]
Jun 23 05:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: Failed password for invalid user jeff from 91.92.40.48 port 52264 ssh2
Jun 23 05:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Invalid user admin from 91.92.40.48
Jun 23 05:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: Connection closed by 91.92.40.48 port 52264 [preauth]
Jun 23 05:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Failed password for invalid user admin from 91.92.40.48 port 51890 ssh2
Jun 23 05:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Connection closed by 91.92.40.48 port 51890 [preauth]
Jun 23 05:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3510]: Invalid user admin1 from 91.92.40.48
Jun 23 05:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3510]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 05:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3510]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3510]: Failed password for invalid user admin1 from 91.92.40.48 port 59448 ssh2
Jun 23 05:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: Invalid user tfj from 91.92.40.48
Jun 23 05:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: input_userauth_request: invalid user tfj [preauth]
Jun 23 05:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3510]: Connection closed by 91.92.40.48 port 59448 [preauth]
Jun 23 05:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Failed password for root from 144.225.187.123 port 41728 ssh2
Jun 23 05:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Connection closed by 144.225.187.123 port 41728 [preauth]
Jun 23 05:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: Failed password for invalid user tfj from 91.92.40.48 port 59478 ssh2
Jun 23 05:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: Connection closed by 91.92.40.48 port 59478 [preauth]
Jun 23 05:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3581]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3640]: Successful su for rubyman by root
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3640]: + ??? root:rubyman
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575492 of user rubyman.
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3640]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575492.
Jun 23 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Invalid user marketing from 91.92.40.48
Jun 23 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: input_userauth_request: invalid user marketing [preauth]
Jun 23 05:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[784]: pam_unix(cron:session): session closed for user root
Jun 23 05:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3582]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Failed password for invalid user marketing from 91.92.40.48 port 33222 ssh2
Jun 23 05:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Connection closed by 91.92.40.48 port 33222 [preauth]
Jun 23 05:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3570]: Failed password for root from 91.92.40.48 port 47154 ssh2
Jun 23 05:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Invalid user anton from 91.92.40.48
Jun 23 05:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: input_userauth_request: invalid user anton [preauth]
Jun 23 05:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3570]: Connection closed by 91.92.40.48 port 47154 [preauth]
Jun 23 05:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Failed password for invalid user anton from 91.92.40.48 port 47210 ssh2
Jun 23 05:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Connection closed by 91.92.40.48 port 47210 [preauth]
Jun 23 05:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: Invalid user g from 91.92.40.48
Jun 23 05:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: input_userauth_request: invalid user g [preauth]
Jun 23 05:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Invalid user admin from 91.92.40.12
Jun 23 05:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Failed password for invalid user admin from 91.92.40.12 port 49610 ssh2
Jun 23 05:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Connection closed by 91.92.40.12 port 49610 [preauth]
Jun 23 05:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: Failed password for invalid user g from 91.92.40.48 port 20920 ssh2
Jun 23 05:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Failed password for root from 144.225.187.123 port 37298 ssh2
Jun 23 05:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Connection closed by 144.225.187.123 port 37298 [preauth]
Jun 23 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Invalid user ftpuser from 91.92.40.48
Jun 23 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2753]: pam_unix(cron:session): session closed for user root
Jun 23 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: Connection closed by 91.92.40.48 port 20920 [preauth]
Jun 23 05:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Failed password for invalid user ftpuser from 91.92.40.48 port 44044 ssh2
Jun 23 05:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: Invalid user devuser from 91.92.40.48
Jun 23 05:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: input_userauth_request: invalid user devuser [preauth]
Jun 23 05:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Connection closed by 91.92.40.48 port 44044 [preauth]
Jun 23 05:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: Failed password for invalid user devuser from 91.92.40.48 port 58234 ssh2
Jun 23 05:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Invalid user openclaw from 91.92.40.48
Jun 23 05:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 05:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: Connection closed by 91.92.40.48 port 58234 [preauth]
Jun 23 05:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Failed password for invalid user openclaw from 91.92.40.48 port 58300 ssh2
Jun 23 05:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Invalid user debian from 91.92.40.48
Jun 23 05:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: input_userauth_request: invalid user debian [preauth]
Jun 23 05:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Connection closed by 91.92.40.48 port 58300 [preauth]
Jun 23 05:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Failed password for invalid user debian from 91.92.40.48 port 19336 ssh2
Jun 23 05:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: Invalid user postgres from 91.92.40.48
Jun 23 05:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: input_userauth_request: invalid user postgres [preauth]
Jun 23 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Connection closed by 91.92.40.48 port 19336 [preauth]
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session closed for user root
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4197]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4271]: Successful su for rubyman by root
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4271]: + ??? root:rubyman
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575499 of user rubyman.
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4271]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575499.
Jun 23 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: Failed password for invalid user postgres from 91.92.40.48 port 19364 ssh2
Jun 23 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4199]: pam_unix(cron:session): session closed for user root
Jun 23 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session closed for user root
Jun 23 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: Connection closed by 91.92.40.48 port 19364 [preauth]
Jun 23 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: Failed password for root from 144.225.187.123 port 52700 ssh2
Jun 23 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4198]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: Connection closed by 144.225.187.123 port 52700 [preauth]
Jun 23 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Invalid user sam from 91.92.40.48
Jun 23 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: input_userauth_request: invalid user sam [preauth]
Jun 23 05:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Failed password for invalid user sam from 91.92.40.48 port 40368 ssh2
Jun 23 05:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Invalid user sales from 91.92.40.48
Jun 23 05:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: input_userauth_request: invalid user sales [preauth]
Jun 23 05:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Connection closed by 91.92.40.48 port 40368 [preauth]
Jun 23 05:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Failed password for invalid user sales from 91.92.40.48 port 48980 ssh2
Jun 23 05:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: Invalid user bitnami from 91.92.40.48
Jun 23 05:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: input_userauth_request: invalid user bitnami [preauth]
Jun 23 05:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Connection closed by 91.92.40.48 port 48980 [preauth]
Jun 23 05:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: Failed password for invalid user bitnami from 91.92.40.48 port 49012 ssh2
Jun 23 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Invalid user ubuntu from 91.92.40.48
Jun 23 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 05:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3157]: pam_unix(cron:session): session closed for user root
Jun 23 05:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: Connection closed by 91.92.40.48 port 49012 [preauth]
Jun 23 05:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Failed password for invalid user ubuntu from 91.92.40.48 port 55590 ssh2
Jun 23 05:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Invalid user odoo17 from 91.92.40.48
Jun 23 05:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: input_userauth_request: invalid user odoo17 [preauth]
Jun 23 05:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Failed password for root from 144.225.187.123 port 38780 ssh2
Jun 23 05:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Connection closed by 144.225.187.123 port 38780 [preauth]
Jun 23 05:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Connection closed by 91.92.40.48 port 55590 [preauth]
Jun 23 05:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Failed password for invalid user odoo17 from 91.92.40.48 port 56314 ssh2
Jun 23 05:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Connection closed by 91.92.40.48 port 56314 [preauth]
Jun 23 05:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4557]: Failed password for root from 91.92.40.48 port 17214 ssh2
Jun 23 05:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4557]: Connection closed by 91.92.40.48 port 17214 [preauth]
Jun 23 05:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4610]: Invalid user dev from 91.92.40.48
Jun 23 05:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4610]: input_userauth_request: invalid user dev [preauth]
Jun 23 05:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: Failed password for root from 91.92.40.48 port 17284 ssh2
Jun 23 05:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4610]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: Connection closed by 91.92.40.48 port 17284 [preauth]
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4655]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4726]: Successful su for rubyman by root
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4726]: + ??? root:rubyman
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575502 of user rubyman.
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4726]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4610]: Failed password for invalid user dev from 91.92.40.48 port 11208 ssh2
Jun 23 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575502.
Jun 23 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4610]: Connection closed by 91.92.40.48 port 11208 [preauth]
Jun 23 05:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1797]: pam_unix(cron:session): session closed for user root
Jun 23 05:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Invalid user azureuser from 91.92.40.48
Jun 23 05:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4656]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Failed password for invalid user azureuser from 91.92.40.48 port 24514 ssh2
Jun 23 05:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5034]: Invalid user admin from 91.92.40.12
Jun 23 05:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5034]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5034]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5034]: Failed password for invalid user admin from 91.92.40.12 port 49718 ssh2
Jun 23 05:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Connection closed by 91.92.40.48 port 24514 [preauth]
Jun 23 05:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5034]: Connection closed by 91.92.40.12 port 49718 [preauth]
Jun 23 05:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: Invalid user weblogic from 91.92.40.48
Jun 23 05:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: input_userauth_request: invalid user weblogic [preauth]
Jun 23 05:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Invalid user postgres from 144.225.187.123
Jun 23 05:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: input_userauth_request: invalid user postgres [preauth]
Jun 23 05:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: Failed password for invalid user weblogic from 91.92.40.48 port 28882 ssh2
Jun 23 05:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Failed password for invalid user postgres from 144.225.187.123 port 41292 ssh2
Jun 23 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Connection closed by 144.225.187.123 port 41292 [preauth]
Jun 23 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: Connection closed by 91.92.40.48 port 28882 [preauth]
Jun 23 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: Failed password for root from 91.92.40.48 port 58752 ssh2
Jun 23 05:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: Connection closed by 91.92.40.48 port 58752 [preauth]
Jun 23 05:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 05:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5091]: Failed password for root from 193.24.211.107 port 59097 ssh2
Jun 23 05:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Invalid user oracle from 91.92.40.48
Jun 23 05:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: input_userauth_request: invalid user oracle [preauth]
Jun 23 05:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5091]: Received disconnect from 193.24.211.107 port 59097:11: Client disconnecting normally [preauth]
Jun 23 05:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5091]: Disconnected from 193.24.211.107 port 59097 [preauth]
Jun 23 05:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Failed password for invalid user oracle from 91.92.40.48 port 37332 ssh2
Jun 23 05:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3584]: pam_unix(cron:session): session closed for user root
Jun 23 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Connection closed by 91.92.40.48 port 37332 [preauth]
Jun 23 05:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: Invalid user guest from 91.92.40.48
Jun 23 05:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: input_userauth_request: invalid user guest [preauth]
Jun 23 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: Failed password for invalid user guest from 91.92.40.48 port 37412 ssh2
Jun 23 05:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: Connection closed by 91.92.40.48 port 37412 [preauth]
Jun 23 05:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Invalid user uftp from 91.92.40.48
Jun 23 05:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: input_userauth_request: invalid user uftp [preauth]
Jun 23 05:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Failed password for invalid user uftp from 91.92.40.48 port 45122 ssh2
Jun 23 05:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 05:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: Invalid user composer from 91.92.40.48
Jun 23 05:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: input_userauth_request: invalid user composer [preauth]
Jun 23 05:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Connection closed by 91.92.40.48 port 45122 [preauth]
Jun 23 05:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: Failed password for root from 77.94.47.83 port 35520 ssh2
Jun 23 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: Connection closed by 77.94.47.83 port 35520 [preauth]
Jun 23 05:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5173]: Invalid user postgres from 144.225.187.123
Jun 23 05:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5173]: input_userauth_request: invalid user postgres [preauth]
Jun 23 05:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5173]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: Failed password for invalid user composer from 91.92.40.48 port 36956 ssh2
Jun 23 05:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5173]: Failed password for invalid user postgres from 144.225.187.123 port 46820 ssh2
Jun 23 05:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5173]: Connection closed by 144.225.187.123 port 46820 [preauth]
Jun 23 05:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: Connection closed by 91.92.40.48 port 36956 [preauth]
Jun 23 05:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: Invalid user user from 91.92.40.48
Jun 23 05:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: input_userauth_request: invalid user user [preauth]
Jun 23 05:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: Failed password for invalid user user from 91.92.40.48 port 13692 ssh2
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5204]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5270]: Successful su for rubyman by root
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5270]: + ??? root:rubyman
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575507 of user rubyman.
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5270]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575507.
Jun 23 05:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Invalid user deployer from 91.92.40.48
Jun 23 05:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: input_userauth_request: invalid user deployer [preauth]
Jun 23 05:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: Connection closed by 91.92.40.48 port 13692 [preauth]
Jun 23 05:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2329]: pam_unix(cron:session): session closed for user root
Jun 23 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5206]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Failed password for invalid user deployer from 91.92.40.48 port 13760 ssh2
Jun 23 05:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Connection closed by 91.92.40.48 port 13760 [preauth]
Jun 23 05:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: Invalid user initial from 91.92.40.48
Jun 23 05:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: input_userauth_request: invalid user initial [preauth]
Jun 23 05:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: Failed password for invalid user initial from 91.92.40.48 port 31010 ssh2
Jun 23 05:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: Connection closed by 91.92.40.48 port 31010 [preauth]
Jun 23 05:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: Invalid user anmol from 91.92.40.48
Jun 23 05:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: input_userauth_request: invalid user anmol [preauth]
Jun 23 05:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: Failed password for invalid user anmol from 91.92.40.48 port 40554 ssh2
Jun 23 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Invalid user nominatim from 91.92.40.48
Jun 23 05:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: input_userauth_request: invalid user nominatim [preauth]
Jun 23 05:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5469]: Connection closed by 91.92.40.48 port 40554 [preauth]
Jun 23 05:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: Invalid user postgres from 144.225.187.123
Jun 23 05:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: input_userauth_request: invalid user postgres [preauth]
Jun 23 05:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: Failed password for invalid user postgres from 144.225.187.123 port 48552 ssh2
Jun 23 05:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: Connection closed by 144.225.187.123 port 48552 [preauth]
Jun 23 05:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Failed password for invalid user nominatim from 91.92.40.48 port 40592 ssh2
Jun 23 05:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Connection closed by 91.92.40.48 port 40592 [preauth]
Jun 23 05:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Invalid user xiao from 91.92.40.48
Jun 23 05:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: input_userauth_request: invalid user xiao [preauth]
Jun 23 05:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4201]: pam_unix(cron:session): session closed for user root
Jun 23 05:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Failed password for invalid user xiao from 91.92.40.48 port 33268 ssh2
Jun 23 05:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Connection closed by 91.92.40.48 port 33268 [preauth]
Jun 23 05:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: Failed password for root from 91.92.40.48 port 12526 ssh2
Jun 23 05:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: Connection closed by 91.92.40.48 port 12526 [preauth]
Jun 23 05:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: Invalid user tmp from 91.92.40.48
Jun 23 05:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: input_userauth_request: invalid user tmp [preauth]
Jun 23 05:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: Failed password for invalid user tmp from 91.92.40.48 port 46744 ssh2
Jun 23 05:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: Connection closed by 91.92.40.48 port 46744 [preauth]
Jun 23 05:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: Invalid user admin from 91.92.40.12
Jun 23 05:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: Invalid user log from 91.92.40.48
Jun 23 05:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: input_userauth_request: invalid user log [preauth]
Jun 23 05:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: Failed password for invalid user admin from 91.92.40.12 port 50444 ssh2
Jun 23 05:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: Connection closed by 91.92.40.12 port 50444 [preauth]
Jun 23 05:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: Failed password for invalid user log from 91.92.40.48 port 46840 ssh2
Jun 23 05:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: Connection closed by 91.92.40.48 port 46840 [preauth]
Jun 23 05:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Invalid user peter from 144.225.187.123
Jun 23 05:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: input_userauth_request: invalid user peter [preauth]
Jun 23 05:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: User mysql from 91.92.40.48 not allowed because not listed in AllowUsers
Jun 23 05:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: input_userauth_request: invalid user mysql [preauth]
Jun 23 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=mysql
Jun 23 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Failed password for invalid user peter from 144.225.187.123 port 59446 ssh2
Jun 23 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5632]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5690]: Successful su for rubyman by root
Jun 23 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5690]: + ??? root:rubyman
Jun 23 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575510 of user rubyman.
Jun 23 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5690]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575510.
Jun 23 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Connection closed by 144.225.187.123 port 59446 [preauth]
Jun 23 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Failed password for invalid user mysql from 91.92.40.48 port 13958 ssh2
Jun 23 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2752]: pam_unix(cron:session): session closed for user root
Jun 23 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Connection closed by 91.92.40.48 port 13958 [preauth]
Jun 23 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5633]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Invalid user config from 91.92.40.48
Jun 23 05:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: input_userauth_request: invalid user config [preauth]
Jun 23 05:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Failed password for invalid user config from 91.92.40.48 port 14976 ssh2
Jun 23 05:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Connection closed by 91.92.40.48 port 14976 [preauth]
Jun 23 05:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: Invalid user developer from 91.92.40.48
Jun 23 05:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: input_userauth_request: invalid user developer [preauth]
Jun 23 05:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: Failed password for invalid user developer from 91.92.40.48 port 14236 ssh2
Jun 23 05:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5878]: Connection closed by 91.92.40.48 port 14236 [preauth]
Jun 23 05:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: Failed password for root from 91.92.40.48 port 14276 ssh2
Jun 23 05:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: Invalid user testuser from 91.92.40.48
Jun 23 05:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: input_userauth_request: invalid user testuser [preauth]
Jun 23 05:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: Connection closed by 91.92.40.48 port 14276 [preauth]
Jun 23 05:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: Failed password for invalid user testuser from 91.92.40.48 port 64476 ssh2
Jun 23 05:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: Connection closed by 91.92.40.48 port 64476 [preauth]
Jun 23 05:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4658]: pam_unix(cron:session): session closed for user root
Jun 23 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Invalid user admin from 144.225.187.123
Jun 23 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Failed password for invalid user admin from 144.225.187.123 port 53644 ssh2
Jun 23 05:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Connection closed by 144.225.187.123 port 53644 [preauth]
Jun 23 05:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Failed password for root from 91.92.40.48 port 23188 ssh2
Jun 23 05:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Connection closed by 91.92.40.48 port 23188 [preauth]
Jun 23 05:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Invalid user afk from 91.92.40.48
Jun 23 05:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: input_userauth_request: invalid user afk [preauth]
Jun 23 05:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Failed password for invalid user afk from 91.92.40.48 port 51028 ssh2
Jun 23 05:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Connection closed by 91.92.40.48 port 51028 [preauth]
Jun 23 05:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: Invalid user user3 from 91.92.40.48
Jun 23 05:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: input_userauth_request: invalid user user3 [preauth]
Jun 23 05:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 23 05:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: Failed password for root from 89.223.69.22 port 44528 ssh2
Jun 23 05:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: Connection closed by 89.223.69.22 port 44528 [preauth]
Jun 23 05:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: Failed password for invalid user user3 from 91.92.40.48 port 51104 ssh2
Jun 23 05:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: Connection closed by 91.92.40.48 port 51104 [preauth]
Jun 23 05:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Invalid user openhabian from 91.92.40.48
Jun 23 05:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: input_userauth_request: invalid user openhabian [preauth]
Jun 23 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6038]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6096]: Successful su for rubyman by root
Jun 23 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6096]: + ??? root:rubyman
Jun 23 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575514 of user rubyman.
Jun 23 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6096]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575514.
Jun 23 05:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Failed password for invalid user openhabian from 91.92.40.48 port 58226 ssh2
Jun 23 05:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3156]: pam_unix(cron:session): session closed for user root
Jun 23 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6039]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Connection closed by 91.92.40.48 port 58226 [preauth]
Jun 23 05:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: Invalid user admin from 144.225.187.123
Jun 23 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: Failed password for invalid user admin from 144.225.187.123 port 42440 ssh2
Jun 23 05:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: Connection closed by 144.225.187.123 port 42440 [preauth]
Jun 23 05:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6027]: Failed password for root from 91.92.40.48 port 16156 ssh2
Jun 23 05:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6027]: Connection closed by 91.92.40.48 port 16156 [preauth]
Jun 23 05:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: Invalid user user1 from 91.92.40.48
Jun 23 05:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: input_userauth_request: invalid user user1 [preauth]
Jun 23 05:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: Failed password for invalid user user1 from 91.92.40.48 port 16270 ssh2
Jun 23 05:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Invalid user rocky from 91.92.40.48
Jun 23 05:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: input_userauth_request: invalid user rocky [preauth]
Jun 23 05:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: Connection closed by 91.92.40.48 port 16270 [preauth]
Jun 23 05:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Failed password for invalid user rocky from 91.92.40.48 port 30904 ssh2
Jun 23 05:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Connection closed by 91.92.40.48 port 30904 [preauth]
Jun 23 05:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5209]: pam_unix(cron:session): session closed for user root
Jun 23 05:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Failed password for root from 91.92.40.48 port 45566 ssh2
Jun 23 05:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Invalid user min from 91.92.40.48
Jun 23 05:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: input_userauth_request: invalid user min [preauth]
Jun 23 05:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Connection closed by 91.92.40.48 port 45566 [preauth]
Jun 23 05:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Invalid user admin from 91.92.40.12
Jun 23 05:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Failed password for invalid user admin from 91.92.40.12 port 58754 ssh2
Jun 23 05:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Connection closed by 91.92.40.12 port 58754 [preauth]
Jun 23 05:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Failed password for invalid user min from 91.92.40.48 port 45616 ssh2
Jun 23 05:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Invalid user debian from 91.92.40.48
Jun 23 05:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: input_userauth_request: invalid user debian [preauth]
Jun 23 05:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: Invalid user admin from 144.225.187.123
Jun 23 05:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 05:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Connection closed by 91.92.40.48 port 45616 [preauth]
Jun 23 05:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: Failed password for invalid user admin from 144.225.187.123 port 45382 ssh2
Jun 23 05:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: Connection closed by 144.225.187.123 port 45382 [preauth]
Jun 23 05:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Failed password for invalid user debian from 91.92.40.48 port 58500 ssh2
Jun 23 05:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Invalid user k from 91.92.40.48
Jun 23 05:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: input_userauth_request: invalid user k [preauth]
Jun 23 05:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Connection closed by 91.92.40.48 port 58500 [preauth]
Jun 23 05:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Failed password for invalid user k from 91.92.40.48 port 42920 ssh2
Jun 23 05:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Connection closed by 91.92.40.48 port 42920 [preauth]
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6457]: pam_unix(cron:session): session closed for user root
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6452]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6520]: Successful su for rubyman by root
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6520]: + ??? root:rubyman
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575519 of user rubyman.
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6520]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575519.
Jun 23 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: Failed password for root from 91.92.40.48 port 42950 ssh2
Jun 23 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6454]: pam_unix(cron:session): session closed for user root
Jun 23 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session closed for user root
Jun 23 05:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: Connection closed by 91.92.40.48 port 42950 [preauth]
Jun 23 05:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6453]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Failed password for root from 91.92.40.48 port 13238 ssh2
Jun 23 05:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Connection closed by 91.92.40.48 port 13238 [preauth]
Jun 23 05:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: Failed password for root from 91.92.40.48 port 16922 ssh2
Jun 23 05:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Invalid user backend from 91.92.40.48
Jun 23 05:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: input_userauth_request: invalid user backend [preauth]
Jun 23 05:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: Connection closed by 91.92.40.48 port 16922 [preauth]
Jun 23 05:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: Failed password for root from 144.225.187.123 port 53854 ssh2
Jun 23 05:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: Connection closed by 144.225.187.123 port 53854 [preauth]
Jun 23 05:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Failed password for invalid user backend from 91.92.40.48 port 16956 ssh2
Jun 23 05:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: Invalid user kelvin from 91.92.40.48
Jun 23 05:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: input_userauth_request: invalid user kelvin [preauth]
Jun 23 05:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Connection closed by 91.92.40.48 port 16956 [preauth]
Jun 23 05:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: Failed password for invalid user kelvin from 91.92.40.48 port 44368 ssh2
Jun 23 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5635]: pam_unix(cron:session): session closed for user root
Jun 23 05:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Invalid user gns3 from 91.92.40.48
Jun 23 05:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: input_userauth_request: invalid user gns3 [preauth]
Jun 23 05:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: Connection closed by 91.92.40.48 port 44368 [preauth]
Jun 23 05:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Failed password for invalid user gns3 from 91.92.40.48 port 59598 ssh2
Jun 23 05:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 05:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: Failed password for root from 51.250.105.222 port 60370 ssh2
Jun 23 05:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: Connection closed by 51.250.105.222 port 60370 [preauth]
Jun 23 05:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Connection closed by 91.92.40.48 port 59598 [preauth]
Jun 23 05:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Invalid user deployer from 91.92.40.48
Jun 23 05:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: input_userauth_request: invalid user deployer [preauth]
Jun 23 05:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: Failed password for root from 91.92.40.48 port 59642 ssh2
Jun 23 05:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Failed password for root from 144.225.187.123 port 55754 ssh2
Jun 23 05:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Connection closed by 144.225.187.123 port 55754 [preauth]
Jun 23 05:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: Connection closed by 91.92.40.48 port 59642 [preauth]
Jun 23 05:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Failed password for invalid user deployer from 91.92.40.48 port 24432 ssh2
Jun 23 05:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: Invalid user ubuntu from 91.92.40.48
Jun 23 05:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6930]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6928]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7027]: Successful su for rubyman by root
Jun 23 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7027]: + ??? root:rubyman
Jun 23 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575525 of user rubyman.
Jun 23 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7027]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575525.
Jun 23 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Connection closed by 91.92.40.48 port 24432 [preauth]
Jun 23 05:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4200]: pam_unix(cron:session): session closed for user root
Jun 23 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6929]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: Invalid user piyush from 91.92.40.48
Jun 23 05:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: input_userauth_request: invalid user piyush [preauth]
Jun 23 05:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: Failed password for invalid user ubuntu from 91.92.40.48 port 39906 ssh2
Jun 23 05:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: Connection closed by 91.92.40.48 port 39906 [preauth]
Jun 23 05:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: Invalid user eva from 91.92.40.48
Jun 23 05:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: input_userauth_request: invalid user eva [preauth]
Jun 23 05:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: Failed password for invalid user piyush from 91.92.40.48 port 39946 ssh2
Jun 23 05:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: Failed password for invalid user eva from 91.92.40.48 port 37800 ssh2
Jun 23 05:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: Connection closed by 91.92.40.48 port 39946 [preauth]
Jun 23 05:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Invalid user nvidia from 91.92.40.48
Jun 23 05:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: input_userauth_request: invalid user nvidia [preauth]
Jun 23 05:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: Connection closed by 91.92.40.48 port 37800 [preauth]
Jun 23 05:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Invalid user admin from 91.92.40.12
Jun 23 05:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Failed password for invalid user admin from 91.92.40.12 port 47520 ssh2
Jun 23 05:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Connection closed by 91.92.40.12 port 47520 [preauth]
Jun 23 05:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Failed password for invalid user nvidia from 91.92.40.48 port 48146 ssh2
Jun 23 05:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Failed password for root from 144.225.187.123 port 43388 ssh2
Jun 23 05:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Connection closed by 144.225.187.123 port 43388 [preauth]
Jun 23 05:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Connection closed by 91.92.40.48 port 48146 [preauth]
Jun 23 05:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Failed password for root from 91.92.40.48 port 39538 ssh2
Jun 23 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Connection closed by 91.92.40.48 port 39538 [preauth]
Jun 23 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6041]: pam_unix(cron:session): session closed for user root
Jun 23 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: Failed password for root from 91.92.40.48 port 39604 ssh2
Jun 23 05:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Invalid user postgres from 91.92.40.48
Jun 23 05:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: input_userauth_request: invalid user postgres [preauth]
Jun 23 05:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: Connection closed by 91.92.40.48 port 39604 [preauth]
Jun 23 05:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Failed password for invalid user postgres from 91.92.40.48 port 60270 ssh2
Jun 23 05:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 05:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Connection closed by 91.92.40.48 port 60270 [preauth]
Jun 23 05:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Failed password for root from 193.37.70.224 port 36792 ssh2
Jun 23 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Connection closed by 193.37.70.224 port 36792 [preauth]
Jun 23 05:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Invalid user devuser from 91.92.40.48
Jun 23 05:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: input_userauth_request: invalid user devuser [preauth]
Jun 23 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Failed password for invalid user devuser from 91.92.40.48 port 58986 ssh2
Jun 23 05:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Invalid user test from 91.92.40.48
Jun 23 05:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: input_userauth_request: invalid user test [preauth]
Jun 23 05:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Connection closed by 91.92.40.48 port 58986 [preauth]
Jun 23 05:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Failed password for invalid user test from 91.92.40.48 port 58306 ssh2
Jun 23 05:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Invalid user vyos from 91.92.40.48
Jun 23 05:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: input_userauth_request: invalid user vyos [preauth]
Jun 23 05:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Connection closed by 91.92.40.48 port 58306 [preauth]
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: Successful su for rubyman by root
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: + ??? root:rubyman
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575528 of user rubyman.
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7507]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575528.
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4657]: pam_unix(cron:session): session closed for user root
Jun 23 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Failed password for root from 144.225.187.123 port 50894 ssh2
Jun 23 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Failed password for invalid user vyos from 91.92.40.48 port 24582 ssh2
Jun 23 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Connection closed by 144.225.187.123 port 50894 [preauth]
Jun 23 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Invalid user ubuntu from 91.92.40.48
Jun 23 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 05:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Connection closed by 91.92.40.48 port 24582 [preauth]
Jun 23 05:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7449]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Failed password for invalid user ubuntu from 91.92.40.48 port 24640 ssh2
Jun 23 05:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Connection closed by 91.92.40.48 port 24640 [preauth]
Jun 23 05:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Failed password for root from 91.92.40.48 port 65336 ssh2
Jun 23 05:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Connection closed by 91.92.40.48 port 65336 [preauth]
Jun 23 05:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Invalid user ubuntu from 91.92.40.48
Jun 23 05:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 05:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Failed password for invalid user ubuntu from 91.92.40.48 port 47328 ssh2
Jun 23 05:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Connection closed by 91.92.40.48 port 47328 [preauth]
Jun 23 05:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: Invalid user demo from 91.92.40.48
Jun 23 05:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: input_userauth_request: invalid user demo [preauth]
Jun 23 05:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: Failed password for invalid user demo from 91.92.40.48 port 64572 ssh2
Jun 23 05:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: Connection closed by 91.92.40.48 port 64572 [preauth]
Jun 23 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6456]: pam_unix(cron:session): session closed for user root
Jun 23 05:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for root from 91.92.40.48 port 29360 ssh2
Jun 23 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Connection closed by 91.92.40.48 port 29360 [preauth]
Jun 23 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Received disconnect from 51.79.67.63 port 36852:11: disconnected by user [preauth]
Jun 23 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Disconnected from 51.79.67.63 port 36852 [preauth]
Jun 23 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: Failed password for root from 144.225.187.123 port 37836 ssh2
Jun 23 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Invalid user public from 91.92.40.48
Jun 23 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: input_userauth_request: invalid user public [preauth]
Jun 23 05:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: Connection closed by 144.225.187.123 port 37836 [preauth]
Jun 23 05:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Failed password for invalid user public from 91.92.40.48 port 29410 ssh2
Jun 23 05:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Connection closed by 91.92.40.48 port 29410 [preauth]
Jun 23 05:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Invalid user toto from 91.92.40.48
Jun 23 05:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: input_userauth_request: invalid user toto [preauth]
Jun 23 05:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Failed password for invalid user toto from 91.92.40.48 port 38768 ssh2
Jun 23 05:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Connection closed by 91.92.40.48 port 38768 [preauth]
Jun 23 05:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Invalid user ftpuser from 91.92.40.48
Jun 23 05:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 05:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Failed password for invalid user ftpuser from 91.92.40.48 port 15928 ssh2
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7951]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8011]: Successful su for rubyman by root
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8011]: + ??? root:rubyman
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575532 of user rubyman.
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8011]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575532.
Jun 23 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Connection closed by 91.92.40.48 port 15928 [preauth]
Jun 23 05:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: Invalid user admin from 91.92.40.12
Jun 23 05:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session closed for user root
Jun 23 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: Failed password for invalid user admin from 91.92.40.12 port 56746 ssh2
Jun 23 05:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: Connection closed by 91.92.40.12 port 56746 [preauth]
Jun 23 05:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Invalid user ubuntu from 91.92.40.48
Jun 23 05:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 05:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7952]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Failed password for invalid user ubuntu from 91.92.40.48 port 16004 ssh2
Jun 23 05:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Connection closed by 91.92.40.48 port 16004 [preauth]
Jun 23 05:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: Invalid user chenxi from 91.92.40.48
Jun 23 05:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: input_userauth_request: invalid user chenxi [preauth]
Jun 23 05:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: Failed password for root from 144.225.187.123 port 55224 ssh2
Jun 23 05:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: Connection closed by 144.225.187.123 port 55224 [preauth]
Jun 23 05:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: Failed password for invalid user chenxi from 91.92.40.48 port 32804 ssh2
Jun 23 05:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: Connection closed by 91.92.40.48 port 32804 [preauth]
Jun 23 05:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: Invalid user armin from 91.92.40.48
Jun 23 05:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: input_userauth_request: invalid user armin [preauth]
Jun 23 05:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: Failed password for invalid user armin from 91.92.40.48 port 56720 ssh2
Jun 23 05:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: Connection closed by 91.92.40.48 port 56720 [preauth]
Jun 23 05:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: Invalid user ali from 91.92.40.48
Jun 23 05:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: input_userauth_request: invalid user ali [preauth]
Jun 23 05:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6931]: pam_unix(cron:session): session closed for user root
Jun 23 05:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: Failed password for invalid user ali from 91.92.40.48 port 27338 ssh2
Jun 23 05:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8234]: Connection closed by 91.92.40.48 port 27338 [preauth]
Jun 23 05:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: Failed password for root from 91.92.40.48 port 27402 ssh2
Jun 23 05:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Invalid user audi from 91.92.40.48
Jun 23 05:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: input_userauth_request: invalid user audi [preauth]
Jun 23 05:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: Connection closed by 91.92.40.48 port 27402 [preauth]
Jun 23 05:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Failed password for invalid user audi from 91.92.40.48 port 45284 ssh2
Jun 23 05:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Failed password for root from 144.225.187.123 port 48056 ssh2
Jun 23 05:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Connection closed by 144.225.187.123 port 48056 [preauth]
Jun 23 05:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Connection closed by 91.92.40.48 port 45284 [preauth]
Jun 23 05:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Invalid user deployer from 91.92.40.48
Jun 23 05:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: input_userauth_request: invalid user deployer [preauth]
Jun 23 05:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Failed password for invalid user deployer from 91.92.40.48 port 14414 ssh2
Jun 23 05:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Invalid user bot from 91.92.40.48
Jun 23 05:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: input_userauth_request: invalid user bot [preauth]
Jun 23 05:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Connection closed by 91.92.40.48 port 14414 [preauth]
Jun 23 05:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Failed password for invalid user bot from 91.92.40.48 port 35072 ssh2
Jun 23 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8368]: pam_unix(cron:session): session closed for user p13x
Jun 23 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8431]: Successful su for rubyman by root
Jun 23 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8431]: + ??? root:rubyman
Jun 23 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575536 of user rubyman.
Jun 23 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8431]: pam_unix(su:session): session closed for user rubyman
Jun 23 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575536.
Jun 23 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Connection closed by 91.92.40.48 port 35072 [preauth]
Jun 23 05:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: Invalid user user from 91.92.40.48
Jun 23 05:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: input_userauth_request: invalid user user [preauth]
Jun 23 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5634]: pam_unix(cron:session): session closed for user root
Jun 23 05:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8369]: pam_unix(cron:session): session closed for user samftp
Jun 23 05:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: Failed password for invalid user user from 91.92.40.48 port 36234 ssh2
Jun 23 05:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: Connection closed by 91.92.40.48 port 36234 [preauth]
Jun 23 05:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8598]: Failed password for root from 91.92.40.48 port 36282 ssh2
Jun 23 05:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8598]: Connection closed by 91.92.40.48 port 36282 [preauth]
Jun 23 05:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: Invalid user vss from 91.92.40.48
Jun 23 05:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: input_userauth_request: invalid user vss [preauth]
Jun 23 05:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: Failed password for root from 144.225.187.123 port 53816 ssh2
Jun 23 05:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: Connection closed by 144.225.187.123 port 53816 [preauth]
Jun 23 05:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: Failed password for invalid user vss from 91.92.40.48 port 54958 ssh2
Jun 23 05:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Invalid user master from 91.92.40.48
Jun 23 05:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: input_userauth_request: invalid user master [preauth]
Jun 23 05:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: Connection closed by 91.92.40.48 port 54958 [preauth]
Jun 23 05:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session closed for user root
Jun 23 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Invalid user rosa from 91.92.40.48
Jun 23 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: input_userauth_request: invalid user rosa [preauth]
Jun 23 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Failed password for invalid user master from 91.92.40.48 port 51754 ssh2
Jun 23 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Connection closed by 91.92.40.48 port 51754 [preauth]
Jun 23 05:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Failed password for invalid user rosa from 91.92.40.48 port 51830 ssh2
Jun 23 05:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Connection closed by 91.92.40.48 port 51830 [preauth]
Jun 23 05:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 05:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Failed password for root from 91.92.40.48 port 64800 ssh2
Jun 23 05:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Connection closed by 91.92.40.48 port 64800 [preauth]
Jun 23 05:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Invalid user admin from 91.92.40.12
Jun 23 05:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 05:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Failed password for invalid user admin from 91.92.40.12 port 33762 ssh2
Jun 23 05:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Invalid user admin from 91.92.40.48
Jun 23 05:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: input_userauth_request: invalid user admin [preauth]
Jun 23 05:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Connection closed by 91.92.40.12 port 33762 [preauth]
Jun 23 05:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Failed password for invalid user admin from 91.92.40.48 port 50398 ssh2
Jun 23 05:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Connection closed by 91.92.40.48 port 50398 [preauth]
Jun 23 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: Invalid user arm from 91.92.40.48
Jun 23 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: input_userauth_request: invalid user arm [preauth]
Jun 23 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 05:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 05:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: Failed password for invalid user arm from 91.92.40.48 port 27158 ssh2
Jun 23 05:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 05:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: Connection closed by 91.92.40.48 port 27158 [preauth]
Jun 23 05:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: Failed password for root from 144.225.187.123 port 59332 ssh2
Jun 23 05:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: Connection closed by 144.225.187.123 port 59332 [preauth]
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session closed for user root
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8794]: pam_unix(cron:session): session closed for user root
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8879]: Successful su for rubyman by root
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8879]: + ??? root:rubyman
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575543 of user rubyman.
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8879]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575543.
Jun 23 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: Invalid user green from 91.92.40.48
Jun 23 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: input_userauth_request: invalid user green [preauth]
Jun 23 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session closed for user root
Jun 23 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6040]: pam_unix(cron:session): session closed for user root
Jun 23 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: Failed password for invalid user green from 91.92.40.48 port 49468 ssh2
Jun 23 06:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: Connection closed by 91.92.40.48 port 49468 [preauth]
Jun 23 06:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: Failed password for root from 91.92.40.48 port 49522 ssh2
Jun 23 06:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: Connection closed by 91.92.40.48 port 49522 [preauth]
Jun 23 06:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: Invalid user aaa from 91.92.40.48
Jun 23 06:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: input_userauth_request: invalid user aaa [preauth]
Jun 23 06:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: Failed password for invalid user aaa from 91.92.40.48 port 10836 ssh2
Jun 23 06:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: Connection closed by 91.92.40.48 port 10836 [preauth]
Jun 23 06:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: Invalid user cloud from 91.92.40.48
Jun 23 06:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: input_userauth_request: invalid user cloud [preauth]
Jun 23 06:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: Failed password for invalid user cloud from 91.92.40.48 port 52128 ssh2
Jun 23 06:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: Connection closed by 91.92.40.48 port 52128 [preauth]
Jun 23 06:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: Invalid user intranet from 91.92.40.48
Jun 23 06:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: input_userauth_request: invalid user intranet [preauth]
Jun 23 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7954]: pam_unix(cron:session): session closed for user root
Jun 23 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9168]: Failed password for root from 144.225.187.123 port 43836 ssh2
Jun 23 06:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9168]: Connection closed by 144.225.187.123 port 43836 [preauth]
Jun 23 06:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: Failed password for invalid user intranet from 91.92.40.48 port 52178 ssh2
Jun 23 06:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: Connection closed by 91.92.40.48 port 52178 [preauth]
Jun 23 06:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Invalid user server from 91.92.40.48
Jun 23 06:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: input_userauth_request: invalid user server [preauth]
Jun 23 06:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for invalid user server from 91.92.40.48 port 28730 ssh2
Jun 23 06:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Connection closed by 91.92.40.48 port 28730 [preauth]
Jun 23 06:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Invalid user deploy from 91.92.40.48
Jun 23 06:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Failed password for invalid user deploy from 91.92.40.48 port 60676 ssh2
Jun 23 06:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Connection closed by 91.92.40.48 port 60676 [preauth]
Jun 23 06:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for root from 91.92.40.48 port 55528 ssh2
Jun 23 06:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Connection closed by 91.92.40.48 port 55528 [preauth]
Jun 23 06:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Invalid user rdpuser from 91.92.40.48
Jun 23 06:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 06:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9301]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9367]: Successful su for rubyman by root
Jun 23 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9367]: + ??? root:rubyman
Jun 23 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575547 of user rubyman.
Jun 23 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9367]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575547.
Jun 23 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Failed password for invalid user rdpuser from 91.92.40.48 port 55554 ssh2
Jun 23 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Connection closed by 91.92.40.48 port 55554 [preauth]
Jun 23 06:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6455]: pam_unix(cron:session): session closed for user root
Jun 23 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: Invalid user student from 91.92.40.48
Jun 23 06:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: input_userauth_request: invalid user student [preauth]
Jun 23 06:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Failed password for root from 144.225.187.123 port 36078 ssh2
Jun 23 06:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Connection closed by 144.225.187.123 port 36078 [preauth]
Jun 23 06:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: Failed password for invalid user student from 91.92.40.48 port 12320 ssh2
Jun 23 06:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: Connection closed by 91.92.40.48 port 12320 [preauth]
Jun 23 06:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Invalid user admin1 from 91.92.40.48
Jun 23 06:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 06:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Failed password for invalid user admin1 from 91.92.40.48 port 12486 ssh2
Jun 23 06:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Connection closed by 91.92.40.48 port 12486 [preauth]
Jun 23 06:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: Invalid user admin from 91.92.40.48
Jun 23 06:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: Failed password for invalid user admin from 91.92.40.48 port 12512 ssh2
Jun 23 06:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: Connection closed by 91.92.40.48 port 12512 [preauth]
Jun 23 06:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Invalid user admin from 91.92.40.12
Jun 23 06:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Failed password for invalid user admin from 91.92.40.12 port 43892 ssh2
Jun 23 06:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Connection closed by 91.92.40.12 port 43892 [preauth]
Jun 23 06:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8371]: pam_unix(cron:session): session closed for user root
Jun 23 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Failed password for root from 91.92.40.48 port 37952 ssh2
Jun 23 06:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Connection closed by 91.92.40.48 port 37952 [preauth]
Jun 23 06:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: Invalid user david from 91.92.40.48
Jun 23 06:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: input_userauth_request: invalid user david [preauth]
Jun 23 06:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: Failed password for invalid user david from 91.92.40.48 port 47822 ssh2
Jun 23 06:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: Connection closed by 91.92.40.48 port 47822 [preauth]
Jun 23 06:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Failed password for root from 144.225.187.123 port 47052 ssh2
Jun 23 06:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Connection closed by 144.225.187.123 port 47052 [preauth]
Jun 23 06:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: Invalid user no-reply from 91.92.40.48
Jun 23 06:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: input_userauth_request: invalid user no-reply [preauth]
Jun 23 06:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: Failed password for invalid user no-reply from 91.92.40.48 port 18230 ssh2
Jun 23 06:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9657]: Connection closed by 91.92.40.48 port 18230 [preauth]
Jun 23 06:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Invalid user student from 91.92.40.48
Jun 23 06:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: input_userauth_request: invalid user student [preauth]
Jun 23 06:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Failed password for invalid user student from 91.92.40.48 port 18268 ssh2
Jun 23 06:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Connection closed by 91.92.40.48 port 18268 [preauth]
Jun 23 06:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: Invalid user web from 91.92.40.48
Jun 23 06:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: input_userauth_request: invalid user web [preauth]
Jun 23 06:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: Successful su for rubyman by root
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: + ??? root:rubyman
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575551 of user rubyman.
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575551.
Jun 23 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: Failed password for invalid user web from 91.92.40.48 port 24550 ssh2
Jun 23 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6930]: pam_unix(cron:session): session closed for user root
Jun 23 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: Connection closed by 91.92.40.48 port 24550 [preauth]
Jun 23 06:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9719]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Invalid user andre from 91.92.40.48
Jun 23 06:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: input_userauth_request: invalid user andre [preauth]
Jun 23 06:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Failed password for invalid user andre from 91.92.40.48 port 14138 ssh2
Jun 23 06:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Connection closed by 91.92.40.48 port 14138 [preauth]
Jun 23 06:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Invalid user odoo from 91.92.40.48
Jun 23 06:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: input_userauth_request: invalid user odoo [preauth]
Jun 23 06:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Failed password for root from 144.225.187.123 port 49948 ssh2
Jun 23 06:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Connection closed by 144.225.187.123 port 49948 [preauth]
Jun 23 06:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Failed password for invalid user odoo from 91.92.40.48 port 14170 ssh2
Jun 23 06:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Connection closed by 91.92.40.48 port 14170 [preauth]
Jun 23 06:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Invalid user david from 91.92.40.48
Jun 23 06:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: input_userauth_request: invalid user david [preauth]
Jun 23 06:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Failed password for invalid user david from 91.92.40.48 port 22460 ssh2
Jun 23 06:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Invalid user server from 91.92.40.48
Jun 23 06:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: input_userauth_request: invalid user server [preauth]
Jun 23 06:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Connection closed by 91.92.40.48 port 22460 [preauth]
Jun 23 06:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Failed password for invalid user server from 91.92.40.48 port 54274 ssh2
Jun 23 06:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8793]: pam_unix(cron:session): session closed for user root
Jun 23 06:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 06:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Connection closed by 91.92.40.48 port 54274 [preauth]
Jun 23 06:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: Failed password for root from 109.237.96.109 port 51206 ssh2
Jun 23 06:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: Connection closed by 109.237.96.109 port 51206 [preauth]
Jun 23 06:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Failed password for root from 91.92.40.48 port 54312 ssh2
Jun 23 06:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Connection closed by 91.92.40.48 port 54312 [preauth]
Jun 23 06:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: Invalid user ftptest from 91.92.40.48
Jun 23 06:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: input_userauth_request: invalid user ftptest [preauth]
Jun 23 06:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: Failed password for invalid user ftptest from 91.92.40.48 port 25408 ssh2
Jun 23 06:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: Connection closed by 91.92.40.48 port 25408 [preauth]
Jun 23 06:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: Invalid user botuser from 91.92.40.48
Jun 23 06:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: input_userauth_request: invalid user botuser [preauth]
Jun 23 06:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: Failed password for root from 144.225.187.123 port 35690 ssh2
Jun 23 06:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: Connection closed by 144.225.187.123 port 35690 [preauth]
Jun 23 06:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: Failed password for invalid user botuser from 91.92.40.48 port 41378 ssh2
Jun 23 06:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: Connection closed by 91.92.40.48 port 41378 [preauth]
Jun 23 06:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: Invalid user mh from 91.92.40.48
Jun 23 06:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: input_userauth_request: invalid user mh [preauth]
Jun 23 06:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: Failed password for invalid user mh from 91.92.40.48 port 46412 ssh2
Jun 23 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: Connection closed by 91.92.40.48 port 46412 [preauth]
Jun 23 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10413]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: Successful su for rubyman by root
Jun 23 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: + ??? root:rubyman
Jun 23 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575556 of user rubyman.
Jun 23 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575556.
Jun 23 06:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: Invalid user budda from 91.92.40.48
Jun 23 06:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: input_userauth_request: invalid user budda [preauth]
Jun 23 06:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session closed for user root
Jun 23 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: Invalid user admin from 91.92.40.12
Jun 23 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: Failed password for invalid user budda from 91.92.40.48 port 32554 ssh2
Jun 23 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: Failed password for invalid user admin from 91.92.40.12 port 52556 ssh2
Jun 23 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: Connection closed by 91.92.40.12 port 52556 [preauth]
Jun 23 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: Connection closed by 91.92.40.48 port 32554 [preauth]
Jun 23 06:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Failed password for invalid user ubuntu from 91.92.40.48 port 32622 ssh2
Jun 23 06:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Connection closed by 91.92.40.48 port 32622 [preauth]
Jun 23 06:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: Invalid user readonlyuser from 91.92.40.48
Jun 23 06:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: input_userauth_request: invalid user readonlyuser [preauth]
Jun 23 06:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: Failed password for invalid user readonlyuser from 91.92.40.48 port 38216 ssh2
Jun 23 06:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: Connection closed by 91.92.40.48 port 38216 [preauth]
Jun 23 06:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10704]: Failed password for root from 91.92.40.48 port 64264 ssh2
Jun 23 06:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Failed password for root from 144.225.187.123 port 48400 ssh2
Jun 23 06:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Connection closed by 144.225.187.123 port 48400 [preauth]
Jun 23 06:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10704]: Connection closed by 91.92.40.48 port 64264 [preauth]
Jun 23 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Invalid user frank from 91.92.40.48
Jun 23 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: input_userauth_request: invalid user frank [preauth]
Jun 23 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session closed for user root
Jun 23 06:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Failed password for invalid user frank from 91.92.40.48 port 64314 ssh2
Jun 23 06:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 06:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: Failed password for root from 194.113.233.25 port 38472 ssh2
Jun 23 06:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: Connection closed by 194.113.233.25 port 38472 [preauth]
Jun 23 06:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Invalid user testuser from 91.92.40.48
Jun 23 06:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: input_userauth_request: invalid user testuser [preauth]
Jun 23 06:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Connection closed by 91.92.40.48 port 64314 [preauth]
Jun 23 06:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Failed password for invalid user testuser from 91.92.40.48 port 51272 ssh2
Jun 23 06:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Invalid user wangchen from 91.92.40.48
Jun 23 06:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: input_userauth_request: invalid user wangchen [preauth]
Jun 23 06:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Connection closed by 91.92.40.48 port 51272 [preauth]
Jun 23 06:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Failed password for invalid user wangchen from 91.92.40.48 port 41492 ssh2
Jun 23 06:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Invalid user admin from 91.92.40.48
Jun 23 06:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Connection closed by 91.92.40.48 port 41492 [preauth]
Jun 23 06:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Failed password for invalid user admin from 91.92.40.48 port 41530 ssh2
Jun 23 06:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Connection closed by 91.92.40.48 port 41530 [preauth]
Jun 23 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10853]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10915]: Successful su for rubyman by root
Jun 23 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10915]: + ??? root:rubyman
Jun 23 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575560 of user rubyman.
Jun 23 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10915]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575560.
Jun 23 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Failed password for root from 91.92.40.48 port 50924 ssh2
Jun 23 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7953]: pam_unix(cron:session): session closed for user root
Jun 23 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Invalid user postgres from 144.225.187.123
Jun 23 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: input_userauth_request: invalid user postgres [preauth]
Jun 23 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Connection closed by 91.92.40.48 port 50924 [preauth]
Jun 23 06:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10854]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Failed password for invalid user postgres from 144.225.187.123 port 41518 ssh2
Jun 23 06:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Invalid user farmacia from 91.92.40.48
Jun 23 06:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: input_userauth_request: invalid user farmacia [preauth]
Jun 23 06:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Connection closed by 144.225.187.123 port 41518 [preauth]
Jun 23 06:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Failed password for invalid user farmacia from 91.92.40.48 port 32318 ssh2
Jun 23 06:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Connection closed by 91.92.40.48 port 32318 [preauth]
Jun 23 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Invalid user bot from 91.92.40.48
Jun 23 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: input_userauth_request: invalid user bot [preauth]
Jun 23 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Failed password for invalid user bot from 91.92.40.48 port 45716 ssh2
Jun 23 06:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Connection closed by 91.92.40.48 port 45716 [preauth]
Jun 23 06:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Invalid user myuser from 91.92.40.48
Jun 23 06:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: input_userauth_request: invalid user myuser [preauth]
Jun 23 06:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Failed password for invalid user myuser from 91.92.40.48 port 45746 ssh2
Jun 23 06:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Connection closed by 91.92.40.48 port 45746 [preauth]
Jun 23 06:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Invalid user kafka from 91.92.40.48
Jun 23 06:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: input_userauth_request: invalid user kafka [preauth]
Jun 23 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9721]: pam_unix(cron:session): session closed for user root
Jun 23 06:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Failed password for invalid user kafka from 91.92.40.48 port 23640 ssh2
Jun 23 06:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Invalid user mcserver from 91.92.40.48
Jun 23 06:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: input_userauth_request: invalid user mcserver [preauth]
Jun 23 06:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Connection closed by 91.92.40.48 port 23640 [preauth]
Jun 23 06:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Failed password for invalid user mcserver from 91.92.40.48 port 26978 ssh2
Jun 23 06:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Connection closed by 91.92.40.48 port 26978 [preauth]
Jun 23 06:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Invalid user admin from 91.92.40.12
Jun 23 06:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Invalid user osmc from 144.225.187.123
Jun 23 06:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: input_userauth_request: invalid user osmc [preauth]
Jun 23 06:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: Invalid user bob from 91.92.40.48
Jun 23 06:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: input_userauth_request: invalid user bob [preauth]
Jun 23 06:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Failed password for invalid user admin from 91.92.40.12 port 33268 ssh2
Jun 23 06:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11226]: Connection closed by 91.92.40.12 port 33268 [preauth]
Jun 23 06:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Failed password for invalid user osmc from 144.225.187.123 port 39206 ssh2
Jun 23 06:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Connection closed by 144.225.187.123 port 39206 [preauth]
Jun 23 06:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: Failed password for invalid user bob from 91.92.40.48 port 56692 ssh2
Jun 23 06:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: Connection closed by 91.92.40.48 port 56692 [preauth]
Jun 23 06:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: Invalid user user from 91.92.40.48
Jun 23 06:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: input_userauth_request: invalid user user [preauth]
Jun 23 06:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: Failed password for invalid user user from 91.92.40.48 port 41128 ssh2
Jun 23 06:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: Connection closed by 91.92.40.48 port 41128 [preauth]
Jun 23 06:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Invalid user kafka from 91.92.40.48
Jun 23 06:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: input_userauth_request: invalid user kafka [preauth]
Jun 23 06:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Failed password for invalid user kafka from 91.92.40.48 port 41188 ssh2
Jun 23 06:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Connection closed by 91.92.40.48 port 41188 [preauth]
Jun 23 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session closed for user root
Jun 23 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11284]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11358]: Successful su for rubyman by root
Jun 23 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11358]: + ??? root:rubyman
Jun 23 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575565 of user rubyman.
Jun 23 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11358]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575565.
Jun 23 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8370]: pam_unix(cron:session): session closed for user root
Jun 23 06:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11286]: pam_unix(cron:session): session closed for user root
Jun 23 06:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: Invalid user cloud from 91.92.40.48
Jun 23 06:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: input_userauth_request: invalid user cloud [preauth]
Jun 23 06:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11285]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: Failed password for invalid user cloud from 91.92.40.48 port 63788 ssh2
Jun 23 06:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: Connection closed by 91.92.40.48 port 63788 [preauth]
Jun 23 06:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: Invalid user root1 from 91.92.40.48
Jun 23 06:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: input_userauth_request: invalid user root1 [preauth]
Jun 23 06:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: Failed password for invalid user root1 from 91.92.40.48 port 26130 ssh2
Jun 23 06:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: Connection closed by 91.92.40.48 port 26130 [preauth]
Jun 23 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Invalid user maria from 144.225.187.123
Jun 23 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: input_userauth_request: invalid user maria [preauth]
Jun 23 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Failed password for invalid user maria from 144.225.187.123 port 38506 ssh2
Jun 23 06:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Connection closed by 144.225.187.123 port 38506 [preauth]
Jun 23 06:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Failed password for root from 91.92.40.48 port 26194 ssh2
Jun 23 06:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Connection closed by 91.92.40.48 port 26194 [preauth]
Jun 23 06:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: Invalid user manoj from 91.92.40.48
Jun 23 06:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: input_userauth_request: invalid user manoj [preauth]
Jun 23 06:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: Failed password for invalid user manoj from 91.92.40.48 port 63306 ssh2
Jun 23 06:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: Connection closed by 91.92.40.48 port 63306 [preauth]
Jun 23 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10416]: pam_unix(cron:session): session closed for user root
Jun 23 06:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Failed password for root from 91.92.40.48 port 50028 ssh2
Jun 23 06:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Connection closed by 91.92.40.48 port 50028 [preauth]
Jun 23 06:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Invalid user nora from 141.98.83.240
Jun 23 06:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: input_userauth_request: invalid user nora [preauth]
Jun 23 06:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 06:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: Invalid user ts3 from 91.92.40.48
Jun 23 06:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 06:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Failed password for invalid user nora from 141.98.83.240 port 50224 ssh2
Jun 23 06:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: Failed password for invalid user ts3 from 91.92.40.48 port 13334 ssh2
Jun 23 06:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Failed password for invalid user nora from 141.98.83.240 port 50224 ssh2
Jun 23 06:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: Connection closed by 91.92.40.48 port 13334 [preauth]
Jun 23 06:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Failed password for invalid user nora from 141.98.83.240 port 50224 ssh2
Jun 23 06:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Connection closed by 141.98.83.240 port 50224 [preauth]
Jun 23 06:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 06:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11713]: Failed password for root from 91.92.40.48 port 13390 ssh2
Jun 23 06:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11713]: Connection closed by 91.92.40.48 port 13390 [preauth]
Jun 23 06:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: Invalid user jack from 144.225.187.123
Jun 23 06:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: input_userauth_request: invalid user jack [preauth]
Jun 23 06:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Invalid user oracle from 91.92.40.48
Jun 23 06:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: input_userauth_request: invalid user oracle [preauth]
Jun 23 06:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: Failed password for invalid user jack from 144.225.187.123 port 58182 ssh2
Jun 23 06:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: Connection closed by 144.225.187.123 port 58182 [preauth]
Jun 23 06:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Failed password for invalid user oracle from 91.92.40.48 port 21892 ssh2
Jun 23 06:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Connection closed by 91.92.40.48 port 21892 [preauth]
Jun 23 06:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11767]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11854]: Successful su for rubyman by root
Jun 23 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11854]: + ??? root:rubyman
Jun 23 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575570 of user rubyman.
Jun 23 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11854]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575570.
Jun 23 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Invalid user term2 from 91.92.40.48
Jun 23 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: input_userauth_request: invalid user term2 [preauth]
Jun 23 06:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Failed password for invalid user term2 from 91.92.40.48 port 14808 ssh2
Jun 23 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8792]: pam_unix(cron:session): session closed for user root
Jun 23 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Connection closed by 91.92.40.48 port 14808 [preauth]
Jun 23 06:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11768]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Invalid user kafka from 91.92.40.48
Jun 23 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: input_userauth_request: invalid user kafka [preauth]
Jun 23 06:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Failed password for invalid user kafka from 91.92.40.48 port 14882 ssh2
Jun 23 06:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Connection closed by 91.92.40.48 port 14882 [preauth]
Jun 23 06:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Invalid user wet from 91.92.40.48
Jun 23 06:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: input_userauth_request: invalid user wet [preauth]
Jun 23 06:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Failed password for invalid user wet from 91.92.40.48 port 18962 ssh2
Jun 23 06:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Connection closed by 91.92.40.48 port 18962 [preauth]
Jun 23 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Invalid user admin from 91.92.40.12
Jun 23 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Failed password for invalid user admin from 91.92.40.12 port 45816 ssh2
Jun 23 06:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: Invalid user deployer from 91.92.40.48
Jun 23 06:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: input_userauth_request: invalid user deployer [preauth]
Jun 23 06:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Connection closed by 91.92.40.12 port 45816 [preauth]
Jun 23 06:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: Failed password for invalid user deployer from 91.92.40.48 port 30710 ssh2
Jun 23 06:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12104]: Connection closed by 91.92.40.48 port 30710 [preauth]
Jun 23 06:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Invalid user admin from 144.225.187.123
Jun 23 06:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: Invalid user ana from 91.92.40.48
Jun 23 06:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: input_userauth_request: invalid user ana [preauth]
Jun 23 06:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Failed password for invalid user admin from 144.225.187.123 port 60442 ssh2
Jun 23 06:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Connection closed by 144.225.187.123 port 60442 [preauth]
Jun 23 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10856]: pam_unix(cron:session): session closed for user root
Jun 23 06:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: Failed password for invalid user ana from 91.92.40.48 port 40462 ssh2
Jun 23 06:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12128]: Connection closed by 91.92.40.48 port 40462 [preauth]
Jun 23 06:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: Failed password for root from 202.178.126.219 port 34274 ssh2
Jun 23 06:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: Connection closed by 202.178.126.219 port 34274 [preauth]
Jun 23 06:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: Invalid user webuser from 91.92.40.48
Jun 23 06:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: input_userauth_request: invalid user webuser [preauth]
Jun 23 06:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: Failed password for invalid user webuser from 91.92.40.48 port 40528 ssh2
Jun 23 06:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: Connection closed by 91.92.40.48 port 40528 [preauth]
Jun 23 06:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: Invalid user alec from 91.92.40.48
Jun 23 06:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: input_userauth_request: invalid user alec [preauth]
Jun 23 06:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: Failed password for invalid user alec from 91.92.40.48 port 27104 ssh2
Jun 23 06:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12184]: Connection closed by 91.92.40.48 port 27104 [preauth]
Jun 23 06:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: Invalid user winston from 91.92.40.48
Jun 23 06:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: input_userauth_request: invalid user winston [preauth]
Jun 23 06:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: Failed password for invalid user winston from 91.92.40.48 port 11956 ssh2
Jun 23 06:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: Connection closed by 91.92.40.48 port 11956 [preauth]
Jun 23 06:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Invalid user telegram from 91.92.40.48
Jun 23 06:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: input_userauth_request: invalid user telegram [preauth]
Jun 23 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12258]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: Successful su for rubyman by root
Jun 23 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: + ??? root:rubyman
Jun 23 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575573 of user rubyman.
Jun 23 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575573.
Jun 23 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session closed for user root
Jun 23 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Failed password for invalid user telegram from 91.92.40.48 port 12014 ssh2
Jun 23 06:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Invalid user zabbix from 144.225.187.123
Jun 23 06:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: input_userauth_request: invalid user zabbix [preauth]
Jun 23 06:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Connection closed by 91.92.40.48 port 12014 [preauth]
Jun 23 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12259]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Failed password for invalid user zabbix from 144.225.187.123 port 36334 ssh2
Jun 23 06:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Connection closed by 144.225.187.123 port 36334 [preauth]
Jun 23 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Invalid user gold from 91.92.40.48
Jun 23 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: input_userauth_request: invalid user gold [preauth]
Jun 23 06:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Failed password for invalid user gold from 91.92.40.48 port 56126 ssh2
Jun 23 06:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Connection closed by 91.92.40.48 port 56126 [preauth]
Jun 23 06:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Invalid user qwer from 91.92.40.48
Jun 23 06:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: input_userauth_request: invalid user qwer [preauth]
Jun 23 06:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Failed password for invalid user qwer from 91.92.40.48 port 37336 ssh2
Jun 23 06:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 06:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Connection closed by 91.92.40.48 port 37336 [preauth]
Jun 23 06:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12643]: Failed password for root from 193.24.211.107 port 44432 ssh2
Jun 23 06:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12643]: Received disconnect from 193.24.211.107 port 44432:11: Client disconnecting normally [preauth]
Jun 23 06:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12643]: Disconnected from 193.24.211.107 port 44432 [preauth]
Jun 23 06:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: Failed password for root from 91.92.40.48 port 37380 ssh2
Jun 23 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: Connection closed by 91.92.40.48 port 37380 [preauth]
Jun 23 06:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Failed password for root from 91.92.40.48 port 17774 ssh2
Jun 23 06:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session closed for user root
Jun 23 06:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Connection closed by 91.92.40.48 port 17774 [preauth]
Jun 23 06:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12718]: Failed password for root from 144.225.187.123 port 52132 ssh2
Jun 23 06:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12718]: Connection closed by 144.225.187.123 port 52132 [preauth]
Jun 23 06:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Failed password for root from 91.92.40.48 port 53334 ssh2
Jun 23 06:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Connection closed by 91.92.40.48 port 53334 [preauth]
Jun 23 06:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Invalid user runner from 91.92.40.48
Jun 23 06:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: input_userauth_request: invalid user runner [preauth]
Jun 23 06:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Failed password for invalid user runner from 91.92.40.48 port 53378 ssh2
Jun 23 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Connection closed by 91.92.40.48 port 53378 [preauth]
Jun 23 06:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: Invalid user installer from 91.92.40.48
Jun 23 06:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: input_userauth_request: invalid user installer [preauth]
Jun 23 06:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: Failed password for invalid user installer from 91.92.40.48 port 36966 ssh2
Jun 23 06:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: Connection closed by 91.92.40.48 port 36966 [preauth]
Jun 23 06:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Invalid user test from 91.92.40.48
Jun 23 06:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: input_userauth_request: invalid user test [preauth]
Jun 23 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12861]: Successful su for rubyman by root
Jun 23 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12861]: + ??? root:rubyman
Jun 23 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575578 of user rubyman.
Jun 23 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12861]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575578.
Jun 23 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: Invalid user admin from 91.92.40.12
Jun 23 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9720]: pam_unix(cron:session): session closed for user root
Jun 23 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Failed password for invalid user test from 91.92.40.48 port 28570 ssh2
Jun 23 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: Failed password for invalid user admin from 91.92.40.12 port 57126 ssh2
Jun 23 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: Connection closed by 91.92.40.12 port 57126 [preauth]
Jun 23 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Invalid user testuser from 91.92.40.48
Jun 23 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: input_userauth_request: invalid user testuser [preauth]
Jun 23 06:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Connection closed by 91.92.40.48 port 28570 [preauth]
Jun 23 06:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Failed password for invalid user testuser from 91.92.40.48 port 28636 ssh2
Jun 23 06:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: Invalid user xbot from 91.92.40.48
Jun 23 06:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: input_userauth_request: invalid user xbot [preauth]
Jun 23 06:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Connection closed by 91.92.40.48 port 28636 [preauth]
Jun 23 06:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Failed password for root from 144.225.187.123 port 47928 ssh2
Jun 23 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Connection closed by 144.225.187.123 port 47928 [preauth]
Jun 23 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: Failed password for invalid user xbot from 91.92.40.48 port 45192 ssh2
Jun 23 06:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: Invalid user admin1 from 91.92.40.48
Jun 23 06:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 06:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12947]: Connection closed by 91.92.40.48 port 45192 [preauth]
Jun 23 06:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: Failed password for invalid user admin1 from 91.92.40.48 port 65352 ssh2
Jun 23 06:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: Connection closed by 91.92.40.48 port 65352 [preauth]
Jun 23 06:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: Invalid user gituser from 91.92.40.48
Jun 23 06:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: input_userauth_request: invalid user gituser [preauth]
Jun 23 06:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11770]: pam_unix(cron:session): session closed for user root
Jun 23 06:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: Failed password for invalid user gituser from 91.92.40.48 port 65434 ssh2
Jun 23 06:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: Connection closed by 91.92.40.48 port 65434 [preauth]
Jun 23 06:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Failed password for root from 91.92.40.48 port 31806 ssh2
Jun 23 06:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Connection closed by 91.92.40.48 port 31806 [preauth]
Jun 23 06:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Invalid user admin123 from 91.92.40.48
Jun 23 06:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: input_userauth_request: invalid user admin123 [preauth]
Jun 23 06:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Failed password for invalid user admin123 from 91.92.40.48 port 35242 ssh2
Jun 23 06:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: Invalid user iptv from 91.92.40.48
Jun 23 06:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: input_userauth_request: invalid user iptv [preauth]
Jun 23 06:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Connection closed by 91.92.40.48 port 35242 [preauth]
Jun 23 06:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Failed password for root from 144.225.187.123 port 56512 ssh2
Jun 23 06:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Connection closed by 144.225.187.123 port 56512 [preauth]
Jun 23 06:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: Failed password for invalid user iptv from 91.92.40.48 port 21174 ssh2
Jun 23 06:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13173]: Connection closed by 91.92.40.48 port 21174 [preauth]
Jun 23 06:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Invalid user test from 91.92.40.48
Jun 23 06:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: input_userauth_request: invalid user test [preauth]
Jun 23 06:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13233]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13351]: Successful su for rubyman by root
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13351]: + ??? root:rubyman
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575584 of user rubyman.
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13351]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575584.
Jun 23 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Failed password for invalid user test from 91.92.40.48 port 49532 ssh2
Jun 23 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13229]: pam_unix(cron:session): session closed for user root
Jun 23 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Connection closed by 91.92.40.48 port 49532 [preauth]
Jun 23 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session closed for user root
Jun 23 06:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13234]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: Invalid user fastuser from 91.92.40.48
Jun 23 06:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: input_userauth_request: invalid user fastuser [preauth]
Jun 23 06:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: Failed password for invalid user fastuser from 91.92.40.48 port 40318 ssh2
Jun 23 06:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13227]: Connection closed by 91.92.40.48 port 40318 [preauth]
Jun 23 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: Invalid user admin from 91.92.40.48
Jun 23 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: Failed password for invalid user admin from 91.92.40.48 port 40396 ssh2
Jun 23 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: Connection closed by 91.92.40.48 port 40396 [preauth]
Jun 23 06:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Failed password for root from 144.225.187.123 port 32994 ssh2
Jun 23 06:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Connection closed by 144.225.187.123 port 32994 [preauth]
Jun 23 06:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: Failed password for invalid user ubuntu from 91.92.40.48 port 25502 ssh2
Jun 23 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: Invalid user minecraft from 91.92.40.48
Jun 23 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: Connection closed by 91.92.40.48 port 25502 [preauth]
Jun 23 06:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: Failed password for invalid user minecraft from 91.92.40.48 port 25584 ssh2
Jun 23 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12359]: pam_unix(cron:session): session closed for user root
Jun 23 06:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13603]: Connection closed by 91.92.40.48 port 25584 [preauth]
Jun 23 06:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Invalid user kevin from 91.92.40.48
Jun 23 06:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: input_userauth_request: invalid user kevin [preauth]
Jun 23 06:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Failed password for invalid user kevin from 91.92.40.48 port 14542 ssh2
Jun 23 06:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: Received disconnect from 148.153.121.224 port 43628:11: disconnected by user [preauth]
Jun 23 06:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: Disconnected from 148.153.121.224 port 43628 [preauth]
Jun 23 06:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: Invalid user admin1 from 91.92.40.12
Jun 23 06:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 06:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Connection closed by 91.92.40.48 port 14542 [preauth]
Jun 23 06:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: Failed password for invalid user admin1 from 91.92.40.12 port 50840 ssh2
Jun 23 06:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: Connection closed by 91.92.40.12 port 50840 [preauth]
Jun 23 06:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: Invalid user dneo from 91.92.40.48
Jun 23 06:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: input_userauth_request: invalid user dneo [preauth]
Jun 23 06:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: Failed password for invalid user dneo from 91.92.40.48 port 14566 ssh2
Jun 23 06:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: Connection closed by 91.92.40.48 port 14566 [preauth]
Jun 23 06:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Invalid user debian from 91.92.40.48
Jun 23 06:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Failed password for invalid user debian from 91.92.40.48 port 38928 ssh2
Jun 23 06:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Invalid user bob from 91.92.40.48
Jun 23 06:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: input_userauth_request: invalid user bob [preauth]
Jun 23 06:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: Failed password for root from 144.225.187.123 port 35612 ssh2
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: Connection closed by 144.225.187.123 port 35612 [preauth]
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Connection closed by 91.92.40.48 port 38928 [preauth]
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13764]: pam_unix(cron:session): session closed for user root
Jun 23 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13758]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13827]: Successful su for rubyman by root
Jun 23 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13827]: + ??? root:rubyman
Jun 23 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575591 of user rubyman.
Jun 23 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13827]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575591.
Jun 23 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Failed password for invalid user bob from 91.92.40.48 port 39046 ssh2
Jun 23 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session closed for user root
Jun 23 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10855]: pam_unix(cron:session): session closed for user root
Jun 23 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13725]: Invalid user solana from 91.92.40.48
Jun 23 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13725]: input_userauth_request: invalid user solana [preauth]
Jun 23 06:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Connection closed by 91.92.40.48 port 39046 [preauth]
Jun 23 06:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13759]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13725]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13725]: Failed password for invalid user solana from 91.92.40.48 port 41822 ssh2
Jun 23 06:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Invalid user user1 from 91.92.40.48
Jun 23 06:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: input_userauth_request: invalid user user1 [preauth]
Jun 23 06:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13725]: Connection closed by 91.92.40.48 port 41822 [preauth]
Jun 23 06:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Failed password for invalid user user1 from 91.92.40.48 port 52736 ssh2
Jun 23 06:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Invalid user cloud from 91.92.40.48
Jun 23 06:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: input_userauth_request: invalid user cloud [preauth]
Jun 23 06:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Connection closed by 91.92.40.48 port 52736 [preauth]
Jun 23 06:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for invalid user cloud from 91.92.40.48 port 52764 ssh2
Jun 23 06:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Invalid user pi from 91.92.40.48
Jun 23 06:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: input_userauth_request: invalid user pi [preauth]
Jun 23 06:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Connection closed by 91.92.40.48 port 52764 [preauth]
Jun 23 06:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for invalid user pi from 91.92.40.48 port 40996 ssh2
Jun 23 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session closed for user root
Jun 23 06:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Invalid user user from 91.92.40.48
Jun 23 06:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: input_userauth_request: invalid user user [preauth]
Jun 23 06:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14110]: Failed password for root from 144.225.187.123 port 34594 ssh2
Jun 23 06:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14110]: Connection closed by 144.225.187.123 port 34594 [preauth]
Jun 23 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Connection closed by 91.92.40.48 port 40996 [preauth]
Jun 23 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: Invalid user dany from 91.92.40.48
Jun 23 06:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: input_userauth_request: invalid user dany [preauth]
Jun 23 06:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Failed password for invalid user user from 91.92.40.48 port 41024 ssh2
Jun 23 06:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Connection closed by 91.92.40.48 port 41024 [preauth]
Jun 23 06:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: Failed password for invalid user dany from 91.92.40.48 port 35540 ssh2
Jun 23 06:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Invalid user user3 from 91.92.40.48
Jun 23 06:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: input_userauth_request: invalid user user3 [preauth]
Jun 23 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: Connection closed by 91.92.40.48 port 35540 [preauth]
Jun 23 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Failed password for invalid user user3 from 91.92.40.48 port 36608 ssh2
Jun 23 06:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: Invalid user flow from 91.92.40.48
Jun 23 06:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: input_userauth_request: invalid user flow [preauth]
Jun 23 06:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Connection closed by 91.92.40.48 port 36608 [preauth]
Jun 23 06:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: Failed password for invalid user flow from 91.92.40.48 port 59566 ssh2
Jun 23 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14204]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: Successful su for rubyman by root
Jun 23 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: + ??? root:rubyman
Jun 23 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575593 of user rubyman.
Jun 23 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575593.
Jun 23 06:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Invalid user trade from 91.92.40.48
Jun 23 06:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: input_userauth_request: invalid user trade [preauth]
Jun 23 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session closed for user root
Jun 23 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: Connection closed by 91.92.40.48 port 59566 [preauth]
Jun 23 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14205]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: Invalid user apex from 91.92.40.48
Jun 23 06:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: input_userauth_request: invalid user apex [preauth]
Jun 23 06:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Failed password for invalid user trade from 91.92.40.48 port 59604 ssh2
Jun 23 06:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: Failed password for root from 144.225.187.123 port 40482 ssh2
Jun 23 06:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: Connection closed by 144.225.187.123 port 40482 [preauth]
Jun 23 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Connection closed by 91.92.40.48 port 59604 [preauth]
Jun 23 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: Invalid user odoo from 91.92.40.48
Jun 23 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: input_userauth_request: invalid user odoo [preauth]
Jun 23 06:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: Failed password for invalid user apex from 91.92.40.48 port 10164 ssh2
Jun 23 06:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Invalid user admin1 from 91.92.40.12
Jun 23 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: Connection closed by 91.92.40.48 port 10164 [preauth]
Jun 23 06:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: Failed password for invalid user odoo from 91.92.40.48 port 10202 ssh2
Jun 23 06:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Failed password for invalid user admin1 from 91.92.40.12 port 54336 ssh2
Jun 23 06:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Connection closed by 91.92.40.12 port 54336 [preauth]
Jun 23 06:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14449]: Invalid user test from 91.92.40.48
Jun 23 06:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14449]: input_userauth_request: invalid user test [preauth]
Jun 23 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: Connection closed by 91.92.40.48 port 10202 [preauth]
Jun 23 06:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14449]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14449]: Failed password for invalid user test from 91.92.40.48 port 57568 ssh2
Jun 23 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14449]: Connection closed by 91.92.40.48 port 57568 [preauth]
Jun 23 06:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14487]: Invalid user j from 91.92.40.48
Jun 23 06:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14487]: input_userauth_request: invalid user j [preauth]
Jun 23 06:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14487]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: Invalid user deployer from 91.92.40.48
Jun 23 06:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: input_userauth_request: invalid user deployer [preauth]
Jun 23 06:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13236]: pam_unix(cron:session): session closed for user root
Jun 23 06:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14487]: Failed password for invalid user j from 91.92.40.48 port 57676 ssh2
Jun 23 06:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14487]: Connection closed by 91.92.40.48 port 57676 [preauth]
Jun 23 06:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: Failed password for invalid user deployer from 91.92.40.48 port 32558 ssh2
Jun 23 06:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: Connection closed by 91.92.40.48 port 32558 [preauth]
Jun 23 06:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Failed password for invalid user ubuntu from 91.92.40.48 port 55546 ssh2
Jun 23 06:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Connection closed by 91.92.40.48 port 55546 [preauth]
Jun 23 06:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14559]: Failed password for root from 144.225.187.123 port 33202 ssh2
Jun 23 06:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14559]: Connection closed by 144.225.187.123 port 33202 [preauth]
Jun 23 06:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Invalid user mostafa from 91.92.40.48
Jun 23 06:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: input_userauth_request: invalid user mostafa [preauth]
Jun 23 06:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Failed password for invalid user mostafa from 91.92.40.48 port 51772 ssh2
Jun 23 06:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Connection closed by 91.92.40.48 port 51772 [preauth]
Jun 23 06:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: Invalid user p from 91.92.40.48
Jun 23 06:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: input_userauth_request: invalid user p [preauth]
Jun 23 06:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: Failed password for invalid user p from 91.92.40.48 port 12516 ssh2
Jun 23 06:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: Connection closed by 91.92.40.48 port 12516 [preauth]
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14622]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14620]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14727]: Successful su for rubyman by root
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14727]: + ??? root:rubyman
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575596 of user rubyman.
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14727]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575596.
Jun 23 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11769]: pam_unix(cron:session): session closed for user root
Jun 23 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Failed password for root from 91.92.40.48 port 12586 ssh2
Jun 23 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14622]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Connection closed by 91.92.40.48 port 12586 [preauth]
Jun 23 06:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14911]: Failed password for root from 91.92.40.48 port 38310 ssh2
Jun 23 06:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14911]: Connection closed by 91.92.40.48 port 38310 [preauth]
Jun 23 06:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Invalid user anna from 91.92.40.48
Jun 23 06:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: input_userauth_request: invalid user anna [preauth]
Jun 23 06:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Failed password for invalid user anna from 91.92.40.48 port 35438 ssh2
Jun 23 06:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Connection closed by 91.92.40.48 port 35438 [preauth]
Jun 23 06:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14987]: Failed password for root from 144.225.187.123 port 45642 ssh2
Jun 23 06:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14987]: Connection closed by 144.225.187.123 port 45642 [preauth]
Jun 23 06:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Invalid user vagrant from 91.92.40.48
Jun 23 06:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: input_userauth_request: invalid user vagrant [preauth]
Jun 23 06:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Failed password for invalid user vagrant from 91.92.40.48 port 58372 ssh2
Jun 23 06:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Connection closed by 91.92.40.48 port 58372 [preauth]
Jun 23 06:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15016]: Failed password for root from 91.92.40.48 port 58426 ssh2
Jun 23 06:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15016]: Connection closed by 91.92.40.48 port 58426 [preauth]
Jun 23 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13763]: pam_unix(cron:session): session closed for user root
Jun 23 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Invalid user odoo from 91.92.40.48
Jun 23 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: input_userauth_request: invalid user odoo [preauth]
Jun 23 06:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Failed password for invalid user odoo from 91.92.40.48 port 58286 ssh2
Jun 23 06:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Connection closed by 91.92.40.48 port 58286 [preauth]
Jun 23 06:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Invalid user user from 91.92.40.48
Jun 23 06:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: input_userauth_request: invalid user user [preauth]
Jun 23 06:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Failed password for invalid user user from 91.92.40.48 port 58338 ssh2
Jun 23 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Connection closed by 91.92.40.48 port 58338 [preauth]
Jun 23 06:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: Failed password for root from 91.92.40.48 port 62462 ssh2
Jun 23 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: Connection closed by 91.92.40.48 port 62462 [preauth]
Jun 23 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: Invalid user dany from 91.92.40.48
Jun 23 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: input_userauth_request: invalid user dany [preauth]
Jun 23 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Invalid user admin1 from 91.92.40.12
Jun 23 06:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 06:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: Failed password for invalid user dany from 91.92.40.48 port 62488 ssh2
Jun 23 06:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: Connection closed by 91.92.40.48 port 62488 [preauth]
Jun 23 06:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Failed password for invalid user admin1 from 91.92.40.12 port 41866 ssh2
Jun 23 06:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Connection closed by 91.92.40.12 port 41866 [preauth]
Jun 23 06:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: Failed password for root from 144.225.187.123 port 38166 ssh2
Jun 23 06:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: Connection closed by 144.225.187.123 port 38166 [preauth]
Jun 23 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: Invalid user ian from 91.92.40.48
Jun 23 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: input_userauth_request: invalid user ian [preauth]
Jun 23 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: Failed password for invalid user ian from 91.92.40.48 port 28606 ssh2
Jun 23 06:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: Connection closed by 91.92.40.48 port 28606 [preauth]
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15202]: Successful su for rubyman by root
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15202]: + ??? root:rubyman
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575601 of user rubyman.
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15202]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575601.
Jun 23 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12260]: pam_unix(cron:session): session closed for user root
Jun 23 06:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: Failed password for root from 91.92.40.48 port 10540 ssh2
Jun 23 06:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: Connection closed by 91.92.40.48 port 10540 [preauth]
Jun 23 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: Invalid user RPM from 91.92.40.48
Jun 23 06:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: input_userauth_request: invalid user RPM [preauth]
Jun 23 06:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: Failed password for invalid user RPM from 91.92.40.48 port 10560 ssh2
Jun 23 06:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: Connection closed by 91.92.40.48 port 10560 [preauth]
Jun 23 06:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Invalid user deploy from 91.92.40.48
Jun 23 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Failed password for invalid user deploy from 91.92.40.48 port 26868 ssh2
Jun 23 06:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Connection closed by 91.92.40.48 port 26868 [preauth]
Jun 23 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Invalid user codex from 91.92.40.48
Jun 23 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: input_userauth_request: invalid user codex [preauth]
Jun 23 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Failed password for invalid user codex from 91.92.40.48 port 26894 ssh2
Jun 23 06:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Connection closed by 91.92.40.48 port 26894 [preauth]
Jun 23 06:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: Failed password for root from 91.92.40.48 port 60324 ssh2
Jun 23 06:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: Failed password for root from 144.225.187.123 port 35036 ssh2
Jun 23 06:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: Connection closed by 144.225.187.123 port 35036 [preauth]
Jun 23 06:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: Connection closed by 91.92.40.48 port 60324 [preauth]
Jun 23 06:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14207]: pam_unix(cron:session): session closed for user root
Jun 23 06:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: Failed password for invalid user ubuntu from 91.92.40.48 port 60386 ssh2
Jun 23 06:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: Connection closed by 91.92.40.48 port 60386 [preauth]
Jun 23 06:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Failed password for root from 91.92.40.48 port 20878 ssh2
Jun 23 06:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15482]: Invalid user user from 91.92.40.48
Jun 23 06:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15482]: input_userauth_request: invalid user user [preauth]
Jun 23 06:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Connection closed by 91.92.40.48 port 20878 [preauth]
Jun 23 06:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15482]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15482]: Failed password for invalid user user from 91.92.40.48 port 20918 ssh2
Jun 23 06:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: Invalid user test from 91.92.40.48
Jun 23 06:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: input_userauth_request: invalid user test [preauth]
Jun 23 06:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15482]: Connection closed by 91.92.40.48 port 20918 [preauth]
Jun 23 06:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: Failed password for invalid user test from 91.92.40.48 port 56466 ssh2
Jun 23 06:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: Connection closed by 91.92.40.48 port 56466 [preauth]
Jun 23 06:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Invalid user deploy from 91.92.40.48
Jun 23 06:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Failed password for invalid user deploy from 91.92.40.48 port 16738 ssh2
Jun 23 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Invalid user devops from 91.92.40.48
Jun 23 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: input_userauth_request: invalid user devops [preauth]
Jun 23 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Connection closed by 91.92.40.48 port 16738 [preauth]
Jun 23 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15545]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15607]: Successful su for rubyman by root
Jun 23 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15607]: + ??? root:rubyman
Jun 23 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575604 of user rubyman.
Jun 23 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15607]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575604.
Jun 23 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Failed password for invalid user devops from 91.92.40.48 port 16808 ssh2
Jun 23 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session closed for user root
Jun 23 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Connection closed by 91.92.40.48 port 16808 [preauth]
Jun 23 06:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: Failed password for root from 144.225.187.123 port 52000 ssh2
Jun 23 06:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: Connection closed by 144.225.187.123 port 52000 [preauth]
Jun 23 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Failed password for invalid user ubuntu from 91.92.40.48 port 11654 ssh2
Jun 23 06:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Connection closed by 91.92.40.48 port 11654 [preauth]
Jun 23 06:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Invalid user avax from 91.92.40.48
Jun 23 06:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: input_userauth_request: invalid user avax [preauth]
Jun 23 06:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Failed password for invalid user avax from 91.92.40.48 port 48126 ssh2
Jun 23 06:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Connection closed by 91.92.40.48 port 48126 [preauth]
Jun 23 06:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: Invalid user danny from 91.92.40.48
Jun 23 06:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: input_userauth_request: invalid user danny [preauth]
Jun 23 06:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: Failed password for invalid user danny from 91.92.40.48 port 48204 ssh2
Jun 23 06:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15818]: Connection closed by 91.92.40.48 port 48204 [preauth]
Jun 23 06:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15837]: Invalid user alex from 91.92.40.48
Jun 23 06:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15837]: input_userauth_request: invalid user alex [preauth]
Jun 23 06:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15837]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15837]: Failed password for invalid user alex from 91.92.40.48 port 16348 ssh2
Jun 23 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15837]: Connection closed by 91.92.40.48 port 16348 [preauth]
Jun 23 06:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Invalid user www from 91.92.40.48
Jun 23 06:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: input_userauth_request: invalid user www [preauth]
Jun 23 06:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14624]: pam_unix(cron:session): session closed for user root
Jun 23 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Invalid user admin1 from 91.92.40.12
Jun 23 06:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 06:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Failed password for invalid user www from 91.92.40.48 port 16390 ssh2
Jun 23 06:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Failed password for invalid user admin1 from 91.92.40.12 port 51238 ssh2
Jun 23 06:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Connection closed by 91.92.40.12 port 51238 [preauth]
Jun 23 06:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Connection closed by 91.92.40.48 port 16390 [preauth]
Jun 23 06:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: Invalid user adam from 91.92.40.48
Jun 23 06:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: input_userauth_request: invalid user adam [preauth]
Jun 23 06:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: Failed password for invalid user adam from 91.92.40.48 port 52456 ssh2
Jun 23 06:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15872]: Connection closed by 91.92.40.48 port 52456 [preauth]
Jun 23 06:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Invalid user splunk from 91.92.40.48
Jun 23 06:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: input_userauth_request: invalid user splunk [preauth]
Jun 23 06:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: Failed password for root from 144.225.187.123 port 42814 ssh2
Jun 23 06:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: Connection closed by 144.225.187.123 port 42814 [preauth]
Jun 23 06:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Failed password for invalid user splunk from 91.92.40.48 port 58098 ssh2
Jun 23 06:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Connection closed by 91.92.40.48 port 58098 [preauth]
Jun 23 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Invalid user elina from 91.92.40.48
Jun 23 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: input_userauth_request: invalid user elina [preauth]
Jun 23 06:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 06:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Failed password for invalid user elina from 91.92.40.48 port 58186 ssh2
Jun 23 06:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 06:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: Failed password for root from 103.153.68.219 port 46472 ssh2
Jun 23 06:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: Connection closed by 103.153.68.219 port 46472 [preauth]
Jun 23 06:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Connection closed by 91.92.40.48 port 58186 [preauth]
Jun 23 06:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15949]: Invalid user administrador from 91.92.40.48
Jun 23 06:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15949]: input_userauth_request: invalid user administrador [preauth]
Jun 23 06:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Failed password for root from 176.32.39.21 port 58788 ssh2
Jun 23 06:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15949]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Connection closed by 176.32.39.21 port 58788 [preauth]
Jun 23 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15949]: Failed password for invalid user administrador from 91.92.40.48 port 35604 ssh2
Jun 23 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session closed for user root
Jun 23 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16030]: Successful su for rubyman by root
Jun 23 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16030]: + ??? root:rubyman
Jun 23 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575609 of user rubyman.
Jun 23 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16030]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575609.
Jun 23 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15949]: Connection closed by 91.92.40.48 port 35604 [preauth]
Jun 23 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Invalid user jpg from 91.92.40.48
Jun 23 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: input_userauth_request: invalid user jpg [preauth]
Jun 23 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15966]: pam_unix(cron:session): session closed for user root
Jun 23 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13235]: pam_unix(cron:session): session closed for user root
Jun 23 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Failed password for invalid user jpg from 91.92.40.48 port 47708 ssh2
Jun 23 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Connection closed by 91.92.40.48 port 47708 [preauth]
Jun 23 06:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Invalid user deploy from 91.92.40.48
Jun 23 06:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Failed password for invalid user deploy from 91.92.40.48 port 47762 ssh2
Jun 23 06:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Connection closed by 91.92.40.48 port 47762 [preauth]
Jun 23 06:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: Failed password for root from 144.225.187.123 port 46328 ssh2
Jun 23 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Invalid user ubnt from 45.148.10.121
Jun 23 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: input_userauth_request: invalid user ubnt [preauth]
Jun 23 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 06:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: Connection closed by 144.225.187.123 port 46328 [preauth]
Jun 23 06:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Failed password for invalid user ubnt from 45.148.10.121 port 56422 ssh2
Jun 23 06:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16248]: Failed password for root from 91.92.40.48 port 56272 ssh2
Jun 23 06:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Connection closed by 45.148.10.121 port 56422 [preauth]
Jun 23 06:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16248]: Connection closed by 91.92.40.48 port 56272 [preauth]
Jun 23 06:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: Invalid user elasticsearch from 91.92.40.48
Jun 23 06:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 06:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: Failed password for invalid user elasticsearch from 91.92.40.48 port 56312 ssh2
Jun 23 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: Connection closed by 91.92.40.48 port 56312 [preauth]
Jun 23 06:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: Invalid user odroid from 91.92.40.48
Jun 23 06:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: input_userauth_request: invalid user odroid [preauth]
Jun 23 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: Failed password for invalid user odroid from 91.92.40.48 port 46198 ssh2
Jun 23 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: Connection closed by 91.92.40.48 port 46198 [preauth]
Jun 23 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session closed for user root
Jun 23 06:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: Failed password for root from 91.92.40.48 port 35878 ssh2
Jun 23 06:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: Connection closed by 91.92.40.48 port 35878 [preauth]
Jun 23 06:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Invalid user ftpadmin from 91.92.40.48
Jun 23 06:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: input_userauth_request: invalid user ftpadmin [preauth]
Jun 23 06:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Failed password for invalid user ftpadmin from 91.92.40.48 port 58282 ssh2
Jun 23 06:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Connection closed by 91.92.40.48 port 58282 [preauth]
Jun 23 06:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Invalid user gitlab from 91.92.40.48
Jun 23 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: input_userauth_request: invalid user gitlab [preauth]
Jun 23 06:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Failed password for invalid user gitlab from 91.92.40.48 port 58336 ssh2
Jun 23 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Failed password for root from 144.225.187.123 port 33112 ssh2
Jun 23 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Connection closed by 144.225.187.123 port 33112 [preauth]
Jun 23 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Connection closed by 91.92.40.48 port 58336 [preauth]
Jun 23 06:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Invalid user ts3server from 91.92.40.48
Jun 23 06:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: input_userauth_request: invalid user ts3server [preauth]
Jun 23 06:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16403]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16474]: Successful su for rubyman by root
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16474]: + ??? root:rubyman
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575614 of user rubyman.
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16474]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575614.
Jun 23 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Failed password for invalid user ts3server from 91.92.40.48 port 34184 ssh2
Jun 23 06:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Invalid user d from 91.92.40.48
Jun 23 06:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: input_userauth_request: invalid user d [preauth]
Jun 23 06:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Connection closed by 91.92.40.48 port 34184 [preauth]
Jun 23 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13761]: pam_unix(cron:session): session closed for user root
Jun 23 06:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16404]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Failed password for invalid user d from 91.92.40.48 port 34234 ssh2
Jun 23 06:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: Invalid user administrator from 91.92.40.12
Jun 23 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: input_userauth_request: invalid user administrator [preauth]
Jun 23 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Connection closed by 91.92.40.48 port 34234 [preauth]
Jun 23 06:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: Invalid user share from 91.92.40.48
Jun 23 06:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: input_userauth_request: invalid user share [preauth]
Jun 23 06:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: Failed password for invalid user administrator from 91.92.40.12 port 51970 ssh2
Jun 23 06:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: Connection closed by 91.92.40.12 port 51970 [preauth]
Jun 23 06:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: Failed password for invalid user share from 91.92.40.48 port 22050 ssh2
Jun 23 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Invalid user deploy from 91.92.40.48
Jun 23 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16401]: Connection closed by 91.92.40.48 port 22050 [preauth]
Jun 23 06:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Failed password for invalid user deploy from 91.92.40.48 port 13996 ssh2
Jun 23 06:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Connection closed by 91.92.40.48 port 13996 [preauth]
Jun 23 06:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: Invalid user sdadmin from 91.92.40.48
Jun 23 06:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: input_userauth_request: invalid user sdadmin [preauth]
Jun 23 06:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: Failed password for invalid user sdadmin from 91.92.40.48 port 14058 ssh2
Jun 23 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: Connection closed by 91.92.40.48 port 14058 [preauth]
Jun 23 06:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: Invalid user rancher from 91.92.40.48
Jun 23 06:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: input_userauth_request: invalid user rancher [preauth]
Jun 23 06:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: Failed password for invalid user rancher from 91.92.40.48 port 63312 ssh2
Jun 23 06:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: Connection closed by 91.92.40.48 port 63312 [preauth]
Jun 23 06:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: Failed password for root from 144.225.187.123 port 56198 ssh2
Jun 23 06:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16726]: Connection closed by 144.225.187.123 port 56198 [preauth]
Jun 23 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session closed for user root
Jun 23 06:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Invalid user student from 91.92.40.48
Jun 23 06:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: input_userauth_request: invalid user student [preauth]
Jun 23 06:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Failed password for invalid user student from 91.92.40.48 port 20038 ssh2
Jun 23 06:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Connection closed by 91.92.40.48 port 20038 [preauth]
Jun 23 06:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16769]: Invalid user sam from 91.92.40.48
Jun 23 06:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16769]: input_userauth_request: invalid user sam [preauth]
Jun 23 06:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16769]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16769]: Failed password for invalid user sam from 91.92.40.48 port 20052 ssh2
Jun 23 06:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16769]: Connection closed by 91.92.40.48 port 20052 [preauth]
Jun 23 06:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: Failed password for root from 91.92.40.48 port 56658 ssh2
Jun 23 06:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: Connection closed by 91.92.40.48 port 56658 [preauth]
Jun 23 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Invalid user game from 91.92.40.48
Jun 23 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: input_userauth_request: invalid user game [preauth]
Jun 23 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Failed password for invalid user game from 91.92.40.48 port 35016 ssh2
Jun 23 06:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Connection closed by 91.92.40.48 port 35016 [preauth]
Jun 23 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: Invalid user test from 91.92.40.48
Jun 23 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: input_userauth_request: invalid user test [preauth]
Jun 23 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: Failed password for invalid user test from 91.92.40.48 port 35078 ssh2
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session closed for user root
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16839]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: Connection closed by 91.92.40.48 port 35078 [preauth]
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17000]: Successful su for rubyman by root
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17000]: + ??? root:rubyman
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575620 of user rubyman.
Jun 23 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17000]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575620.
Jun 23 06:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14206]: pam_unix(cron:session): session closed for user root
Jun 23 06:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16840]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Failed password for root from 91.92.40.48 port 39898 ssh2
Jun 23 06:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Failed password for root from 144.225.187.123 port 51430 ssh2
Jun 23 06:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Connection closed by 91.92.40.48 port 39898 [preauth]
Jun 23 06:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Connection closed by 144.225.187.123 port 51430 [preauth]
Jun 23 06:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: Invalid user claude from 91.92.40.48
Jun 23 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: input_userauth_request: invalid user claude [preauth]
Jun 23 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: Failed password for invalid user claude from 91.92.40.48 port 56462 ssh2
Jun 23 06:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17185]: Connection closed by 91.92.40.48 port 56462 [preauth]
Jun 23 06:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for root from 91.92.40.48 port 56504 ssh2
Jun 23 06:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Connection closed by 91.92.40.48 port 56504 [preauth]
Jun 23 06:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Invalid user kafka from 91.92.40.48
Jun 23 06:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: input_userauth_request: invalid user kafka [preauth]
Jun 23 06:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Failed password for invalid user kafka from 91.92.40.48 port 64738 ssh2
Jun 23 06:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Connection closed by 91.92.40.48 port 64738 [preauth]
Jun 23 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Invalid user admin from 91.92.40.48
Jun 23 06:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session closed for user root
Jun 23 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Failed password for invalid user admin from 91.92.40.48 port 44930 ssh2
Jun 23 06:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Connection closed by 91.92.40.48 port 44930 [preauth]
Jun 23 06:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: Failed password for root from 91.92.40.48 port 15918 ssh2
Jun 23 06:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: Connection closed by 91.92.40.48 port 15918 [preauth]
Jun 23 06:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Invalid user administrator from 91.92.40.12
Jun 23 06:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: input_userauth_request: invalid user administrator [preauth]
Jun 23 06:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Failed password for root from 144.225.187.123 port 34254 ssh2
Jun 23 06:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Connection closed by 144.225.187.123 port 34254 [preauth]
Jun 23 06:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Failed password for invalid user administrator from 91.92.40.12 port 50350 ssh2
Jun 23 06:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Invalid user zabbix from 91.92.40.48
Jun 23 06:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: input_userauth_request: invalid user zabbix [preauth]
Jun 23 06:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Connection closed by 91.92.40.12 port 50350 [preauth]
Jun 23 06:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Failed password for invalid user zabbix from 91.92.40.48 port 15950 ssh2
Jun 23 06:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Connection closed by 91.92.40.48 port 15950 [preauth]
Jun 23 06:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Failed password for root from 91.92.40.48 port 62230 ssh2
Jun 23 06:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Connection closed by 91.92.40.48 port 62230 [preauth]
Jun 23 06:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: Failed password for root from 91.92.40.48 port 62244 ssh2
Jun 23 06:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: Connection closed by 91.92.40.48 port 62244 [preauth]
Jun 23 06:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17364]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: Successful su for rubyman by root
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: + ??? root:rubyman
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575624 of user rubyman.
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575624.
Jun 23 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14623]: pam_unix(cron:session): session closed for user root
Jun 23 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Failed password for root from 91.92.40.48 port 44434 ssh2
Jun 23 06:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Connection closed by 91.92.40.48 port 44434 [preauth]
Jun 23 06:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: Failed password for root from 91.92.40.48 port 44508 ssh2
Jun 23 06:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: Connection closed by 91.92.40.48 port 44508 [preauth]
Jun 23 06:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Failed password for root from 91.92.40.48 port 46404 ssh2
Jun 23 06:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Connection closed by 91.92.40.48 port 46404 [preauth]
Jun 23 06:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17637]: Failed password for root from 144.225.187.123 port 45266 ssh2
Jun 23 06:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17637]: Connection closed by 144.225.187.123 port 45266 [preauth]
Jun 23 06:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: Failed password for root from 91.92.40.48 port 14854 ssh2
Jun 23 06:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: Connection closed by 91.92.40.48 port 14854 [preauth]
Jun 23 06:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: Invalid user github from 91.92.40.48
Jun 23 06:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: input_userauth_request: invalid user github [preauth]
Jun 23 06:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: Failed password for invalid user github from 91.92.40.48 port 14904 ssh2
Jun 23 06:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: Connection closed by 91.92.40.48 port 14904 [preauth]
Jun 23 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Invalid user pi from 91.92.40.48
Jun 23 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: input_userauth_request: invalid user pi [preauth]
Jun 23 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16406]: pam_unix(cron:session): session closed for user root
Jun 23 06:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Failed password for invalid user pi from 91.92.40.48 port 47180 ssh2
Jun 23 06:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Connection closed by 91.92.40.48 port 47180 [preauth]
Jun 23 06:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17805]: Failed password for root from 91.92.40.48 port 47210 ssh2
Jun 23 06:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17805]: Connection closed by 91.92.40.48 port 47210 [preauth]
Jun 23 06:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17817]: Invalid user sam from 91.92.40.48
Jun 23 06:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17817]: input_userauth_request: invalid user sam [preauth]
Jun 23 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17817]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17817]: Failed password for invalid user sam from 91.92.40.48 port 53024 ssh2
Jun 23 06:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17817]: Connection closed by 91.92.40.48 port 53024 [preauth]
Jun 23 06:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17846]: Invalid user user from 91.92.40.48
Jun 23 06:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17846]: input_userauth_request: invalid user user [preauth]
Jun 23 06:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17846]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17846]: Failed password for invalid user user from 91.92.40.48 port 53108 ssh2
Jun 23 06:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17860]: Failed password for root from 144.225.187.123 port 37850 ssh2
Jun 23 06:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17846]: Connection closed by 91.92.40.48 port 53108 [preauth]
Jun 23 06:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17860]: Connection closed by 144.225.187.123 port 37850 [preauth]
Jun 23 06:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: Invalid user steam from 91.92.40.48
Jun 23 06:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: input_userauth_request: invalid user steam [preauth]
Jun 23 06:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: Failed password for invalid user steam from 91.92.40.48 port 29186 ssh2
Jun 23 06:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: Connection closed by 91.92.40.48 port 29186 [preauth]
Jun 23 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Invalid user marketing from 91.92.40.48
Jun 23 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: input_userauth_request: invalid user marketing [preauth]
Jun 23 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17952]: Successful su for rubyman by root
Jun 23 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17952]: + ??? root:rubyman
Jun 23 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575628 of user rubyman.
Jun 23 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17952]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575628.
Jun 23 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Failed password for invalid user marketing from 91.92.40.48 port 38302 ssh2
Jun 23 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session closed for user root
Jun 23 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Connection closed by 91.92.40.48 port 38302 [preauth]
Jun 23 06:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17889]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: Invalid user alex from 91.92.40.48
Jun 23 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: input_userauth_request: invalid user alex [preauth]
Jun 23 06:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: Failed password for invalid user alex from 91.92.40.48 port 38334 ssh2
Jun 23 06:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18104]: Connection closed by 91.92.40.48 port 38334 [preauth]
Jun 23 06:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18158]: Invalid user admin from 91.92.40.48
Jun 23 06:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18158]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18158]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18158]: Failed password for invalid user admin from 91.92.40.48 port 18448 ssh2
Jun 23 06:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18158]: Connection closed by 91.92.40.48 port 18448 [preauth]
Jun 23 06:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18182]: Invalid user www from 91.92.40.48
Jun 23 06:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18182]: input_userauth_request: invalid user www [preauth]
Jun 23 06:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: Invalid user administrator from 91.92.40.12
Jun 23 06:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: input_userauth_request: invalid user administrator [preauth]
Jun 23 06:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18182]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18182]: Failed password for invalid user www from 91.92.40.48 port 18488 ssh2
Jun 23 06:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: Failed password for invalid user administrator from 91.92.40.12 port 33684 ssh2
Jun 23 06:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18193]: Connection closed by 91.92.40.12 port 33684 [preauth]
Jun 23 06:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18182]: Connection closed by 91.92.40.48 port 18488 [preauth]
Jun 23 06:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: Invalid user dmdba from 91.92.40.48
Jun 23 06:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: input_userauth_request: invalid user dmdba [preauth]
Jun 23 06:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18227]: Failed password for root from 144.225.187.123 port 55472 ssh2
Jun 23 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: Failed password for invalid user dmdba from 91.92.40.48 port 30644 ssh2
Jun 23 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18227]: Connection closed by 144.225.187.123 port 55472 [preauth]
Jun 23 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16842]: pam_unix(cron:session): session closed for user root
Jun 23 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: Connection closed by 91.92.40.48 port 30644 [preauth]
Jun 23 06:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18226]: Failed password for root from 91.92.40.48 port 30674 ssh2
Jun 23 06:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Invalid user runner from 91.92.40.48
Jun 23 06:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: input_userauth_request: invalid user runner [preauth]
Jun 23 06:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18226]: Connection closed by 91.92.40.48 port 30674 [preauth]
Jun 23 06:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Failed password for invalid user runner from 91.92.40.48 port 57422 ssh2
Jun 23 06:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Connection closed by 91.92.40.48 port 57422 [preauth]
Jun 23 06:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 23 06:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: Failed password for root from 94.159.110.201 port 38020 ssh2
Jun 23 06:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: Connection closed by 94.159.110.201 port 38020 [preauth]
Jun 23 06:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: Failed password for invalid user ubuntu from 91.92.40.48 port 19462 ssh2
Jun 23 06:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: Connection closed by 91.92.40.48 port 19462 [preauth]
Jun 23 06:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Failed password for root from 91.92.40.48 port 40862 ssh2
Jun 23 06:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Connection closed by 91.92.40.48 port 40862 [preauth]
Jun 23 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: Invalid user pz from 91.92.40.48
Jun 23 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: input_userauth_request: invalid user pz [preauth]
Jun 23 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18344]: pam_unix(cron:session): session closed for user root
Jun 23 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18339]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18497]: Successful su for rubyman by root
Jun 23 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18497]: + ??? root:rubyman
Jun 23 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575634 of user rubyman.
Jun 23 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18497]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575634.
Jun 23 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18341]: pam_unix(cron:session): session closed for user root
Jun 23 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: Failed password for invalid user pz from 91.92.40.48 port 40914 ssh2
Jun 23 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session closed for user root
Jun 23 06:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: Connection closed by 91.92.40.48 port 40914 [preauth]
Jun 23 06:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18524]: Failed password for root from 144.225.187.123 port 60578 ssh2
Jun 23 06:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18524]: Connection closed by 144.225.187.123 port 60578 [preauth]
Jun 23 06:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18340]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: Invalid user deployer from 91.92.40.48
Jun 23 06:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: input_userauth_request: invalid user deployer [preauth]
Jun 23 06:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: Failed password for invalid user deployer from 91.92.40.48 port 44192 ssh2
Jun 23 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: Connection closed by 91.92.40.48 port 44192 [preauth]
Jun 23 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for root from 91.92.40.48 port 19374 ssh2
Jun 23 06:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Connection closed by 91.92.40.48 port 19374 [preauth]
Jun 23 06:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Invalid user deploy from 91.92.40.48
Jun 23 06:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Failed password for invalid user deploy from 91.92.40.48 port 35026 ssh2
Jun 23 06:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Connection closed by 91.92.40.48 port 35026 [preauth]
Jun 23 06:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Invalid user calvin from 91.92.40.48
Jun 23 06:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: input_userauth_request: invalid user calvin [preauth]
Jun 23 06:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for invalid user calvin from 91.92.40.48 port 35078 ssh2
Jun 23 06:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Connection closed by 91.92.40.48 port 35078 [preauth]
Jun 23 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17367]: pam_unix(cron:session): session closed for user root
Jun 23 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: Invalid user ly from 91.92.40.48
Jun 23 06:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: input_userauth_request: invalid user ly [preauth]
Jun 23 06:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: Failed password for invalid user ly from 91.92.40.48 port 14870 ssh2
Jun 23 06:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18813]: Connection closed by 91.92.40.48 port 14870 [preauth]
Jun 23 06:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: Failed password for root from 144.225.187.123 port 41382 ssh2
Jun 23 06:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Invalid user jay from 91.92.40.48
Jun 23 06:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: input_userauth_request: invalid user jay [preauth]
Jun 23 06:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: Connection closed by 144.225.187.123 port 41382 [preauth]
Jun 23 06:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Failed password for invalid user jay from 91.92.40.48 port 37116 ssh2
Jun 23 06:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Connection closed by 91.92.40.48 port 37116 [preauth]
Jun 23 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Invalid user professor from 91.92.40.48
Jun 23 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: input_userauth_request: invalid user professor [preauth]
Jun 23 06:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Failed password for invalid user professor from 91.92.40.48 port 37136 ssh2
Jun 23 06:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Connection closed by 91.92.40.48 port 37136 [preauth]
Jun 23 06:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Invalid user botuser from 91.92.40.48
Jun 23 06:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: input_userauth_request: invalid user botuser [preauth]
Jun 23 06:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18911]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Invalid user administrator from 91.92.40.12
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: input_userauth_request: invalid user administrator [preauth]
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18978]: Successful su for rubyman by root
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18978]: + ??? root:rubyman
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575638 of user rubyman.
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18978]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575638.
Jun 23 06:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Failed password for invalid user administrator from 91.92.40.12 port 53904 ssh2
Jun 23 06:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Connection closed by 91.92.40.12 port 53904 [preauth]
Jun 23 06:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Failed password for invalid user botuser from 91.92.40.48 port 32004 ssh2
Jun 23 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Connection closed by 91.92.40.48 port 32004 [preauth]
Jun 23 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session closed for user root
Jun 23 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18912]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 06:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Failed password for root from 91.92.40.48 port 26562 ssh2
Jun 23 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Failed password for root from 103.27.238.120 port 47710 ssh2
Jun 23 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Connection closed by 103.27.238.120 port 47710 [preauth]
Jun 23 06:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Connection closed by 91.92.40.48 port 26562 [preauth]
Jun 23 06:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Invalid user jboss from 91.92.40.48
Jun 23 06:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: input_userauth_request: invalid user jboss [preauth]
Jun 23 06:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Failed password for invalid user jboss from 91.92.40.48 port 26592 ssh2
Jun 23 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: Invalid user dstserver from 91.92.40.48
Jun 23 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: input_userauth_request: invalid user dstserver [preauth]
Jun 23 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: Failed password for root from 144.225.187.123 port 40152 ssh2
Jun 23 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Connection closed by 91.92.40.48 port 26592 [preauth]
Jun 23 06:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: Connection closed by 144.225.187.123 port 40152 [preauth]
Jun 23 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: Failed password for invalid user dstserver from 91.92.40.48 port 17324 ssh2
Jun 23 06:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19284]: Connection closed by 91.92.40.48 port 17324 [preauth]
Jun 23 06:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: Invalid user trader from 91.92.40.48
Jun 23 06:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: input_userauth_request: invalid user trader [preauth]
Jun 23 06:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: Failed password for invalid user trader from 91.92.40.48 port 17300 ssh2
Jun 23 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: Connection closed by 91.92.40.48 port 17300 [preauth]
Jun 23 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17891]: pam_unix(cron:session): session closed for user root
Jun 23 06:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Invalid user hadoop from 91.92.40.48
Jun 23 06:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 06:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Failed password for invalid user hadoop from 91.92.40.48 port 45638 ssh2
Jun 23 06:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Connection closed by 91.92.40.48 port 45638 [preauth]
Jun 23 06:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Invalid user sss from 91.92.40.48
Jun 23 06:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: input_userauth_request: invalid user sss [preauth]
Jun 23 06:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Failed password for invalid user sss from 91.92.40.48 port 45746 ssh2
Jun 23 06:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: Invalid user nexus from 144.225.187.123
Jun 23 06:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: input_userauth_request: invalid user nexus [preauth]
Jun 23 06:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: Invalid user amir from 91.92.40.48
Jun 23 06:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: input_userauth_request: invalid user amir [preauth]
Jun 23 06:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Connection closed by 91.92.40.48 port 45746 [preauth]
Jun 23 06:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: Failed password for invalid user nexus from 144.225.187.123 port 50708 ssh2
Jun 23 06:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: Connection closed by 144.225.187.123 port 50708 [preauth]
Jun 23 06:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: Failed password for invalid user amir from 91.92.40.48 port 20864 ssh2
Jun 23 06:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: Connection closed by 91.92.40.48 port 20864 [preauth]
Jun 23 06:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: Failed password for invalid user ubuntu from 91.92.40.48 port 20912 ssh2
Jun 23 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19398]: Connection closed by 91.92.40.48 port 20912 [preauth]
Jun 23 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19418]: Invalid user admin from 91.92.40.48
Jun 23 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19418]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19599]: Successful su for rubyman by root
Jun 23 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19599]: + ??? root:rubyman
Jun 23 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575641 of user rubyman.
Jun 23 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19599]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575641.
Jun 23 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19418]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19418]: Failed password for invalid user admin from 91.92.40.48 port 59964 ssh2
Jun 23 06:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16405]: pam_unix(cron:session): session closed for user root
Jun 23 06:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19418]: Connection closed by 91.92.40.48 port 59964 [preauth]
Jun 23 06:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19430]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: Invalid user jakob from 91.92.40.48
Jun 23 06:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: input_userauth_request: invalid user jakob [preauth]
Jun 23 06:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: Failed password for invalid user jakob from 91.92.40.48 port 60054 ssh2
Jun 23 06:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19892]: Connection closed by 91.92.40.48 port 60054 [preauth]
Jun 23 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Invalid user oracle from 91.92.40.48
Jun 23 06:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: input_userauth_request: invalid user oracle [preauth]
Jun 23 06:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Failed password for invalid user oracle from 91.92.40.48 port 15164 ssh2
Jun 23 06:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Connection closed by 91.92.40.48 port 15164 [preauth]
Jun 23 06:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: Invalid user cp from 91.92.40.48
Jun 23 06:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: input_userauth_request: invalid user cp [preauth]
Jun 23 06:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: Failed password for invalid user cp from 91.92.40.48 port 38858 ssh2
Jun 23 06:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: Connection closed by 91.92.40.48 port 38858 [preauth]
Jun 23 06:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: Invalid user media from 144.225.187.123
Jun 23 06:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: input_userauth_request: invalid user media [preauth]
Jun 23 06:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: Failed password for invalid user media from 144.225.187.123 port 52680 ssh2
Jun 23 06:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: Connection closed by 144.225.187.123 port 52680 [preauth]
Jun 23 06:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19960]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19960]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19960]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19960]: Failed password for invalid user ubuntu from 91.92.40.48 port 40438 ssh2
Jun 23 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19960]: Connection closed by 91.92.40.48 port 40438 [preauth]
Jun 23 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18343]: pam_unix(cron:session): session closed for user root
Jun 23 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: Invalid user administrator from 91.92.40.12
Jun 23 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: input_userauth_request: invalid user administrator [preauth]
Jun 23 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: Failed password for invalid user administrator from 91.92.40.12 port 48144 ssh2
Jun 23 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: Connection closed by 91.92.40.12 port 48144 [preauth]
Jun 23 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: Invalid user karel from 91.92.40.48
Jun 23 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: input_userauth_request: invalid user karel [preauth]
Jun 23 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: Failed password for invalid user karel from 91.92.40.48 port 40466 ssh2
Jun 23 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: Connection closed by 91.92.40.48 port 40466 [preauth]
Jun 23 06:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: Failed password for invalid user ubuntu from 91.92.40.48 port 45596 ssh2
Jun 23 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: Connection closed by 91.92.40.48 port 45596 [preauth]
Jun 23 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 06:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20036]: Failed password for root from 38.93.206.2 port 57816 ssh2
Jun 23 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20036]: Connection closed by 38.93.206.2 port 57816 [preauth]
Jun 23 06:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Invalid user centreon from 91.92.40.48
Jun 23 06:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: input_userauth_request: invalid user centreon [preauth]
Jun 23 06:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Failed password for invalid user centreon from 91.92.40.48 port 13038 ssh2
Jun 23 06:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Connection closed by 91.92.40.48 port 13038 [preauth]
Jun 23 06:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Failed password for root from 91.92.40.48 port 59362 ssh2
Jun 23 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20062]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20123]: Successful su for rubyman by root
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20123]: + ??? root:rubyman
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575645 of user rubyman.
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20123]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575645.
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: Invalid user mc from 144.225.187.123
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: input_userauth_request: invalid user mc [preauth]
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Connection closed by 91.92.40.48 port 59362 [preauth]
Jun 23 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: Failed password for invalid user mc from 144.225.187.123 port 49204 ssh2
Jun 23 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: Connection closed by 144.225.187.123 port 49204 [preauth]
Jun 23 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16841]: pam_unix(cron:session): session closed for user root
Jun 23 06:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20063]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Invalid user claude from 91.92.40.48
Jun 23 06:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: input_userauth_request: invalid user claude [preauth]
Jun 23 06:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Failed password for invalid user claude from 91.92.40.48 port 59456 ssh2
Jun 23 06:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Connection closed by 91.92.40.48 port 59456 [preauth]
Jun 23 06:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 06:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: Failed password for root from 193.24.211.107 port 10757 ssh2
Jun 23 06:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: Received disconnect from 193.24.211.107 port 10757:11: Client disconnecting normally [preauth]
Jun 23 06:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: Disconnected from 193.24.211.107 port 10757 [preauth]
Jun 23 06:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: Invalid user client from 91.92.40.48
Jun 23 06:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: input_userauth_request: invalid user client [preauth]
Jun 23 06:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: Failed password for invalid user client from 91.92.40.48 port 65324 ssh2
Jun 23 06:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: Connection closed by 91.92.40.48 port 65324 [preauth]
Jun 23 06:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: Invalid user tony from 91.92.40.48
Jun 23 06:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: input_userauth_request: invalid user tony [preauth]
Jun 23 06:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: Failed password for invalid user tony from 91.92.40.48 port 27752 ssh2
Jun 23 06:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: Connection closed by 91.92.40.48 port 27752 [preauth]
Jun 23 06:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: Failed password for root from 80.66.85.226 port 51898 ssh2
Jun 23 06:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: Connection closed by 80.66.85.226 port 51898 [preauth]
Jun 23 06:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: Invalid user ecommerce from 91.92.40.48
Jun 23 06:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: input_userauth_request: invalid user ecommerce [preauth]
Jun 23 06:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: Failed password for invalid user ecommerce from 91.92.40.48 port 27798 ssh2
Jun 23 06:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20487]: Connection closed by 91.92.40.48 port 27798 [preauth]
Jun 23 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18914]: pam_unix(cron:session): session closed for user root
Jun 23 06:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: Invalid user benjamin from 91.92.40.48
Jun 23 06:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: input_userauth_request: invalid user benjamin [preauth]
Jun 23 06:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: Failed password for invalid user benjamin from 91.92.40.48 port 15158 ssh2
Jun 23 06:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: User ftp from 144.225.187.123 not allowed because not listed in AllowUsers
Jun 23 06:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: input_userauth_request: invalid user ftp [preauth]
Jun 23 06:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=ftp
Jun 23 06:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: Connection closed by 91.92.40.48 port 15158 [preauth]
Jun 23 06:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: Failed password for invalid user ftp from 144.225.187.123 port 55636 ssh2
Jun 23 06:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: Connection closed by 144.225.187.123 port 55636 [preauth]
Jun 23 06:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Invalid user amine from 91.92.40.48
Jun 23 06:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: input_userauth_request: invalid user amine [preauth]
Jun 23 06:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Failed password for invalid user amine from 91.92.40.48 port 33112 ssh2
Jun 23 06:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Connection closed by 91.92.40.48 port 33112 [preauth]
Jun 23 06:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20550]: Invalid user osmc from 91.92.40.48
Jun 23 06:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20550]: input_userauth_request: invalid user osmc [preauth]
Jun 23 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20550]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20550]: Failed password for invalid user osmc from 91.92.40.48 port 33178 ssh2
Jun 23 06:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20550]: Connection closed by 91.92.40.48 port 33178 [preauth]
Jun 23 06:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 06:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: Invalid user alex from 91.92.40.48
Jun 23 06:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: input_userauth_request: invalid user alex [preauth]
Jun 23 06:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: Failed password for root from 103.15.222.183 port 52834 ssh2
Jun 23 06:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: Connection closed by 103.15.222.183 port 52834 [preauth]
Jun 23 06:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: Failed password for invalid user alex from 91.92.40.48 port 59988 ssh2
Jun 23 06:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: Connection closed by 91.92.40.48 port 59988 [preauth]
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20682]: Successful su for rubyman by root
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20682]: + ??? root:rubyman
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575649 of user rubyman.
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20682]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575649.
Jun 23 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: Invalid user stef from 91.92.40.48
Jun 23 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: input_userauth_request: invalid user stef [preauth]
Jun 23 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17366]: pam_unix(cron:session): session closed for user root
Jun 23 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: Invalid user administrator from 91.92.40.12
Jun 23 06:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: input_userauth_request: invalid user administrator [preauth]
Jun 23 06:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: Failed password for invalid user stef from 91.92.40.48 port 60026 ssh2
Jun 23 06:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: Failed password for invalid user administrator from 91.92.40.12 port 36168 ssh2
Jun 23 06:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: Connection closed by 91.92.40.12 port 36168 [preauth]
Jun 23 06:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: Connection closed by 91.92.40.48 port 60026 [preauth]
Jun 23 06:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Invalid user azureuser from 91.92.40.48
Jun 23 06:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 06:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: Invalid user elasticsearch from 144.225.187.123
Jun 23 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Failed password for invalid user azureuser from 91.92.40.48 port 48066 ssh2
Jun 23 06:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: Failed password for invalid user elasticsearch from 144.225.187.123 port 38028 ssh2
Jun 23 06:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: Connection closed by 144.225.187.123 port 38028 [preauth]
Jun 23 06:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Connection closed by 91.92.40.48 port 48066 [preauth]
Jun 23 06:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Invalid user www from 91.92.40.48
Jun 23 06:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: input_userauth_request: invalid user www [preauth]
Jun 23 06:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Failed password for invalid user www from 91.92.40.48 port 43694 ssh2
Jun 23 06:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: Invalid user deployer from 91.92.40.48
Jun 23 06:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: input_userauth_request: invalid user deployer [preauth]
Jun 23 06:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Connection closed by 91.92.40.48 port 43694 [preauth]
Jun 23 06:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: Failed password for invalid user deployer from 91.92.40.48 port 43736 ssh2
Jun 23 06:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: Connection closed by 91.92.40.48 port 43736 [preauth]
Jun 23 06:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Invalid user demo from 91.92.40.48
Jun 23 06:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: input_userauth_request: invalid user demo [preauth]
Jun 23 06:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19432]: pam_unix(cron:session): session closed for user root
Jun 23 06:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Failed password for invalid user demo from 91.92.40.48 port 44766 ssh2
Jun 23 06:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Connection closed by 91.92.40.48 port 44766 [preauth]
Jun 23 06:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Invalid user ark from 91.92.40.48
Jun 23 06:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: input_userauth_request: invalid user ark [preauth]
Jun 23 06:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Failed password for invalid user ark from 91.92.40.48 port 56754 ssh2
Jun 23 06:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Connection closed by 91.92.40.48 port 56754 [preauth]
Jun 23 06:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: Failed password for root from 91.92.40.48 port 34500 ssh2
Jun 23 06:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: Connection closed by 91.92.40.48 port 34500 [preauth]
Jun 23 06:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Invalid user deploy from 144.225.187.123
Jun 23 06:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Failed password for invalid user deploy from 144.225.187.123 port 38096 ssh2
Jun 23 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Connection closed by 144.225.187.123 port 38096 [preauth]
Jun 23 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: Failed password for root from 91.92.40.48 port 34532 ssh2
Jun 23 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: Connection closed by 91.92.40.48 port 34532 [preauth]
Jun 23 06:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: Invalid user guest from 91.92.40.48
Jun 23 06:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: input_userauth_request: invalid user guest [preauth]
Jun 23 06:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: Failed password for invalid user guest from 91.92.40.48 port 35464 ssh2
Jun 23 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21123]: pam_unix(cron:session): session closed for user root
Jun 23 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21117]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: Connection closed by 91.92.40.48 port 35464 [preauth]
Jun 23 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21208]: Successful su for rubyman by root
Jun 23 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21208]: + ??? root:rubyman
Jun 23 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575658 of user rubyman.
Jun 23 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21208]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575658.
Jun 23 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21119]: pam_unix(cron:session): session closed for user root
Jun 23 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17890]: pam_unix(cron:session): session closed for user root
Jun 23 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: Invalid user sammy from 91.92.40.48
Jun 23 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: input_userauth_request: invalid user sammy [preauth]
Jun 23 06:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21118]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: Failed password for invalid user sammy from 91.92.40.48 port 38598 ssh2
Jun 23 06:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: Connection closed by 91.92.40.48 port 38598 [preauth]
Jun 23 06:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Failed password for root from 91.92.40.48 port 38640 ssh2
Jun 23 06:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Connection closed by 91.92.40.48 port 38640 [preauth]
Jun 23 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Invalid user nina from 91.92.40.48
Jun 23 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: input_userauth_request: invalid user nina [preauth]
Jun 23 06:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Failed password for invalid user nina from 91.92.40.48 port 34126 ssh2
Jun 23 06:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Invalid user dan from 144.225.187.123
Jun 23 06:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: input_userauth_request: invalid user dan [preauth]
Jun 23 06:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Connection closed by 91.92.40.48 port 34126 [preauth]
Jun 23 06:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Failed password for invalid user dan from 144.225.187.123 port 50670 ssh2
Jun 23 06:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Connection closed by 144.225.187.123 port 50670 [preauth]
Jun 23 06:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: Failed password for root from 91.92.40.48 port 56334 ssh2
Jun 23 06:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20065]: pam_unix(cron:session): session closed for user root
Jun 23 06:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: Connection closed by 91.92.40.48 port 56334 [preauth]
Jun 23 06:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: Invalid user admin from 91.92.40.48
Jun 23 06:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: Invalid user administrator from 91.92.40.12
Jun 23 06:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: input_userauth_request: invalid user administrator [preauth]
Jun 23 06:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: Failed password for invalid user administrator from 91.92.40.12 port 59438 ssh2
Jun 23 06:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: Connection closed by 91.92.40.12 port 59438 [preauth]
Jun 23 06:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: Failed password for invalid user admin from 91.92.40.48 port 11190 ssh2
Jun 23 06:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: Connection closed by 91.92.40.48 port 11190 [preauth]
Jun 23 06:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Failed password for root from 91.92.40.48 port 11240 ssh2
Jun 23 06:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Connection closed by 91.92.40.48 port 11240 [preauth]
Jun 23 06:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: Invalid user anderson from 91.92.40.48
Jun 23 06:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: input_userauth_request: invalid user anderson [preauth]
Jun 23 06:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: Failed password for invalid user anderson from 91.92.40.48 port 59594 ssh2
Jun 23 06:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: Connection closed by 91.92.40.48 port 59594 [preauth]
Jun 23 06:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: Failed password for root from 91.92.40.48 port 30870 ssh2
Jun 23 06:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: Connection closed by 91.92.40.48 port 30870 [preauth]
Jun 23 06:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21693]: Successful su for rubyman by root
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21693]: + ??? root:rubyman
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575662 of user rubyman.
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21693]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575662.
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: Invalid user bot from 144.225.187.123
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: input_userauth_request: invalid user bot [preauth]
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Invalid user user1 from 91.92.40.48
Jun 23 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: input_userauth_request: invalid user user1 [preauth]
Jun 23 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: Failed password for invalid user bot from 144.225.187.123 port 59058 ssh2
Jun 23 06:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: Connection closed by 144.225.187.123 port 59058 [preauth]
Jun 23 06:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Failed password for invalid user user1 from 91.92.40.48 port 40780 ssh2
Jun 23 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Connection closed by 91.92.40.48 port 40780 [preauth]
Jun 23 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18342]: pam_unix(cron:session): session closed for user root
Jun 23 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: Failed password for root from 91.92.40.48 port 40834 ssh2
Jun 23 06:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: Connection closed by 91.92.40.48 port 40834 [preauth]
Jun 23 06:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21901]: Invalid user guest from 91.92.40.48
Jun 23 06:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21901]: input_userauth_request: invalid user guest [preauth]
Jun 23 06:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21901]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21901]: Failed password for invalid user guest from 91.92.40.48 port 13788 ssh2
Jun 23 06:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21901]: Connection closed by 91.92.40.48 port 13788 [preauth]
Jun 23 06:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21115]: pam_unix(cron:session): session closed for user root
Jun 23 06:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: Failed password for invalid user ubuntu from 91.92.40.48 port 47046 ssh2
Jun 23 06:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: Connection closed by 91.92.40.48 port 47046 [preauth]
Jun 23 06:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20593]: pam_unix(cron:session): session closed for user root
Jun 23 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: Failed password for root from 91.92.40.48 port 47074 ssh2
Jun 23 06:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: Connection closed by 91.92.40.48 port 47074 [preauth]
Jun 23 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: Invalid user arkserver from 144.225.187.123
Jun 23 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: input_userauth_request: invalid user arkserver [preauth]
Jun 23 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: Failed password for invalid user arkserver from 144.225.187.123 port 51478 ssh2
Jun 23 06:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22166]: Invalid user elastic from 91.92.40.48
Jun 23 06:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22166]: input_userauth_request: invalid user elastic [preauth]
Jun 23 06:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22177]: Connection closed by 144.225.187.123 port 51478 [preauth]
Jun 23 06:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22166]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22166]: Failed password for invalid user elastic from 91.92.40.48 port 16892 ssh2
Jun 23 06:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22166]: Connection closed by 91.92.40.48 port 16892 [preauth]
Jun 23 06:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Failed password for root from 91.92.40.48 port 58636 ssh2
Jun 23 06:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Connection closed by 91.92.40.48 port 58636 [preauth]
Jun 23 06:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: Failed password for root from 91.92.40.48 port 54422 ssh2
Jun 23 06:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: Connection closed by 91.92.40.48 port 54422 [preauth]
Jun 23 06:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: Invalid user deployer from 91.92.40.48
Jun 23 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: input_userauth_request: invalid user deployer [preauth]
Jun 23 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: Failed password for invalid user deployer from 91.92.40.48 port 54538 ssh2
Jun 23 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: Connection closed by 91.92.40.48 port 54538 [preauth]
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22399]: Successful su for rubyman by root
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22399]: + ??? root:rubyman
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575665 of user rubyman.
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22399]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575665.
Jun 23 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18913]: pam_unix(cron:session): session closed for user root
Jun 23 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Invalid user logs from 91.92.40.48
Jun 23 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: input_userauth_request: invalid user logs [preauth]
Jun 23 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Failed password for invalid user logs from 91.92.40.48 port 46912 ssh2
Jun 23 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Connection closed by 91.92.40.48 port 46912 [preauth]
Jun 23 06:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: Invalid user ubuntu from 144.225.187.123
Jun 23 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Invalid user apache from 91.92.40.12
Jun 23 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: input_userauth_request: invalid user apache [preauth]
Jun 23 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: Failed password for invalid user ubuntu from 144.225.187.123 port 35242 ssh2
Jun 23 06:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Failed password for invalid user apache from 91.92.40.12 port 58680 ssh2
Jun 23 06:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: Connection closed by 144.225.187.123 port 35242 [preauth]
Jun 23 06:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Connection closed by 91.92.40.12 port 58680 [preauth]
Jun 23 06:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Failed password for root from 91.92.40.48 port 57136 ssh2
Jun 23 06:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Connection closed by 91.92.40.48 port 57136 [preauth]
Jun 23 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: Invalid user tuan from 91.92.40.48
Jun 23 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: input_userauth_request: invalid user tuan [preauth]
Jun 23 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: Failed password for invalid user tuan from 91.92.40.48 port 57154 ssh2
Jun 23 06:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: Connection closed by 91.92.40.48 port 57154 [preauth]
Jun 23 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22635]: Failed password for root from 91.92.40.48 port 45500 ssh2
Jun 23 06:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22635]: Connection closed by 91.92.40.48 port 45500 [preauth]
Jun 23 06:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21122]: pam_unix(cron:session): session closed for user root
Jun 23 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Failed password for invalid user ubuntu from 91.92.40.48 port 34480 ssh2
Jun 23 06:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Connection closed by 91.92.40.48 port 34480 [preauth]
Jun 23 06:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22693]: Invalid user zabbix from 91.92.40.48
Jun 23 06:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22693]: input_userauth_request: invalid user zabbix [preauth]
Jun 23 06:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22693]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22693]: Failed password for invalid user zabbix from 91.92.40.48 port 13970 ssh2
Jun 23 06:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22693]: Connection closed by 91.92.40.48 port 13970 [preauth]
Jun 23 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: Invalid user cc from 91.92.40.48
Jun 23 06:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: input_userauth_request: invalid user cc [preauth]
Jun 23 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: Failed password for invalid user cc from 91.92.40.48 port 14028 ssh2
Jun 23 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: Failed password for root from 144.225.187.123 port 51520 ssh2
Jun 23 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: Connection closed by 91.92.40.48 port 14028 [preauth]
Jun 23 06:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: Connection closed by 144.225.187.123 port 51520 [preauth]
Jun 23 06:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: Failed password for root from 91.92.40.48 port 33084 ssh2
Jun 23 06:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: Connection closed by 91.92.40.48 port 33084 [preauth]
Jun 23 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22762]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22831]: Successful su for rubyman by root
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22831]: + ??? root:rubyman
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575668 of user rubyman.
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22831]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575668.
Jun 23 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22750]: Invalid user ethan from 91.92.40.48
Jun 23 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22750]: input_userauth_request: invalid user ethan [preauth]
Jun 23 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22750]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19431]: pam_unix(cron:session): session closed for user root
Jun 23 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Failed password for root from 193.46.255.86 port 19904 ssh2
Jun 23 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22750]: Failed password for invalid user ethan from 91.92.40.48 port 15116 ssh2
Jun 23 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22763]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22750]: Connection closed by 91.92.40.48 port 15116 [preauth]
Jun 23 06:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Failed password for root from 193.46.255.86 port 19904 ssh2
Jun 23 06:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Failed password for root from 193.46.255.86 port 19904 ssh2
Jun 23 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Connection closed by 193.46.255.86 port 19904 [preauth]
Jun 23 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: Failed password for root from 91.92.40.48 port 15178 ssh2
Jun 23 06:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: Connection closed by 91.92.40.48 port 15178 [preauth]
Jun 23 06:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23038]: Received disconnect from 65.181.112.131 port 33108:11: disconnected by user [preauth]
Jun 23 06:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23038]: Disconnected from 65.181.112.131 port 33108 [preauth]
Jun 23 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: Invalid user test from 91.92.40.48
Jun 23 06:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: input_userauth_request: invalid user test [preauth]
Jun 23 06:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: Failed password for invalid user test from 91.92.40.48 port 54008 ssh2
Jun 23 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: Connection closed by 91.92.40.48 port 54008 [preauth]
Jun 23 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: Failed password for invalid user ubuntu from 91.92.40.48 port 42888 ssh2
Jun 23 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: Failed password for root from 144.225.187.123 port 36150 ssh2
Jun 23 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: Connection closed by 91.92.40.48 port 42888 [preauth]
Jun 23 06:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: Connection closed by 144.225.187.123 port 36150 [preauth]
Jun 23 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Invalid user appuser from 91.92.40.48
Jun 23 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: input_userauth_request: invalid user appuser [preauth]
Jun 23 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21619]: pam_unix(cron:session): session closed for user root
Jun 23 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Failed password for invalid user appuser from 91.92.40.48 port 33192 ssh2
Jun 23 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Connection closed by 91.92.40.48 port 33192 [preauth]
Jun 23 06:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: Invalid user test3 from 91.92.40.48
Jun 23 06:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: input_userauth_request: invalid user test3 [preauth]
Jun 23 06:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: Failed password for invalid user test3 from 91.92.40.48 port 33246 ssh2
Jun 23 06:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: Connection closed by 91.92.40.48 port 33246 [preauth]
Jun 23 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Invalid user apache from 91.92.40.12
Jun 23 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: input_userauth_request: invalid user apache [preauth]
Jun 23 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: Invalid user noah from 91.92.40.48
Jun 23 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: input_userauth_request: invalid user noah [preauth]
Jun 23 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Failed password for invalid user apache from 91.92.40.12 port 48946 ssh2
Jun 23 06:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Connection closed by 91.92.40.12 port 48946 [preauth]
Jun 23 06:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: Failed password for invalid user noah from 91.92.40.48 port 24678 ssh2
Jun 23 06:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: Connection closed by 91.92.40.48 port 24678 [preauth]
Jun 23 06:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: Invalid user maud from 91.92.40.48
Jun 23 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: input_userauth_request: invalid user maud [preauth]
Jun 23 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: Failed password for invalid user maud from 91.92.40.48 port 29402 ssh2
Jun 23 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: Connection closed by 91.92.40.48 port 29402 [preauth]
Jun 23 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: Invalid user lin from 91.92.40.48
Jun 23 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: input_userauth_request: invalid user lin [preauth]
Jun 23 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: Failed password for root from 144.225.187.123 port 43100 ssh2
Jun 23 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23185]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: Connection closed by 144.225.187.123 port 43100 [preauth]
Jun 23 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23259]: Successful su for rubyman by root
Jun 23 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23259]: + ??? root:rubyman
Jun 23 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575672 of user rubyman.
Jun 23 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23259]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575672.
Jun 23 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: Failed password for invalid user lin from 91.92.40.48 port 29482 ssh2
Jun 23 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: Connection closed by 91.92.40.48 port 29482 [preauth]
Jun 23 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20064]: pam_unix(cron:session): session closed for user root
Jun 23 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23186]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: Invalid user dst from 91.92.40.48
Jun 23 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: input_userauth_request: invalid user dst [preauth]
Jun 23 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: Failed password for invalid user dst from 91.92.40.48 port 52244 ssh2
Jun 23 06:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: Connection closed by 91.92.40.48 port 52244 [preauth]
Jun 23 06:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: Invalid user sasha from 91.92.40.48
Jun 23 06:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: input_userauth_request: invalid user sasha [preauth]
Jun 23 06:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: Failed password for invalid user sasha from 91.92.40.48 port 62512 ssh2
Jun 23 06:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: Invalid user admin from 34.38.222.164
Jun 23 06:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.38.222.164
Jun 23 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: Connection closed by 91.92.40.48 port 62512 [preauth]
Jun 23 06:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: Failed password for invalid user admin from 34.38.222.164 port 56514 ssh2
Jun 23 06:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: Connection closed by 34.38.222.164 port 56514 [preauth]
Jun 23 06:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23490]: Connection closed by 34.38.222.164 port 56512 [preauth]
Jun 23 06:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: Failed password for root from 91.92.40.48 port 62560 ssh2
Jun 23 06:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: Connection closed by 91.92.40.48 port 62560 [preauth]
Jun 23 06:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23521]: Invalid user matias from 91.92.40.48
Jun 23 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23521]: input_userauth_request: invalid user matias [preauth]
Jun 23 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session closed for user root
Jun 23 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23521]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: Failed password for root from 144.225.187.123 port 37680 ssh2
Jun 23 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: Connection closed by 144.225.187.123 port 37680 [preauth]
Jun 23 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23521]: Failed password for invalid user matias from 91.92.40.48 port 30726 ssh2
Jun 23 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Invalid user oracle from 91.92.40.48
Jun 23 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: input_userauth_request: invalid user oracle [preauth]
Jun 23 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23521]: Connection closed by 91.92.40.48 port 30726 [preauth]
Jun 23 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Failed password for invalid user oracle from 91.92.40.48 port 23572 ssh2
Jun 23 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Connection closed by 91.92.40.48 port 23572 [preauth]
Jun 23 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23575]: Invalid user web from 91.92.40.48
Jun 23 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23575]: input_userauth_request: invalid user web [preauth]
Jun 23 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23575]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23575]: Failed password for invalid user web from 91.92.40.48 port 29068 ssh2
Jun 23 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: Invalid user pi from 91.92.40.48
Jun 23 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: input_userauth_request: invalid user pi [preauth]
Jun 23 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23575]: Connection closed by 91.92.40.48 port 29068 [preauth]
Jun 23 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: Failed password for invalid user pi from 91.92.40.48 port 29084 ssh2
Jun 23 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: Connection closed by 91.92.40.48 port 29084 [preauth]
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23639]: pam_unix(cron:session): session closed for user root
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23710]: Successful su for rubyman by root
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23710]: + ??? root:rubyman
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575681 of user rubyman.
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23710]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575681.
Jun 23 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: Failed password for root from 91.92.40.48 port 33094 ssh2
Jun 23 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session closed for user root
Jun 23 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: Connection closed by 91.92.40.48 port 33094 [preauth]
Jun 23 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session closed for user root
Jun 23 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: Invalid user app from 91.92.40.48
Jun 23 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: input_userauth_request: invalid user app [preauth]
Jun 23 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: Failed password for root from 144.225.187.123 port 42148 ssh2
Jun 23 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: Connection closed by 144.225.187.123 port 42148 [preauth]
Jun 23 06:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: Failed password for invalid user app from 91.92.40.48 port 27734 ssh2
Jun 23 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: Connection closed by 91.92.40.48 port 27734 [preauth]
Jun 23 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: Failed password for invalid user ubuntu from 91.92.40.48 port 29104 ssh2
Jun 23 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: User backup from 91.92.40.12 not allowed because not listed in AllowUsers
Jun 23 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: input_userauth_request: invalid user backup [preauth]
Jun 23 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=backup
Jun 23 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: Connection closed by 91.92.40.48 port 29104 [preauth]
Jun 23 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Failed password for invalid user backup from 91.92.40.12 port 50236 ssh2
Jun 23 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Connection closed by 91.92.40.12 port 50236 [preauth]
Jun 23 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: Invalid user cacti from 91.92.40.48
Jun 23 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: input_userauth_request: invalid user cacti [preauth]
Jun 23 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: Failed password for invalid user cacti from 91.92.40.48 port 29120 ssh2
Jun 23 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: Connection closed by 91.92.40.48 port 29120 [preauth]
Jun 23 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Invalid user sysupdate from 91.92.40.48
Jun 23 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: input_userauth_request: invalid user sysupdate [preauth]
Jun 23 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Failed password for invalid user sysupdate from 91.92.40.48 port 29262 ssh2
Jun 23 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Connection closed by 91.92.40.48 port 29262 [preauth]
Jun 23 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22765]: pam_unix(cron:session): session closed for user root
Jun 23 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: Connection closed by 194.59.206.2 port 22752 [preauth]
Jun 23 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Failed password for root from 91.92.40.48 port 55610 ssh2
Jun 23 06:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Connection closed by 91.92.40.48 port 55610 [preauth]
Jun 23 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Invalid user btc from 91.92.40.48
Jun 23 06:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: input_userauth_request: invalid user btc [preauth]
Jun 23 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: Failed password for root from 144.225.187.123 port 55192 ssh2
Jun 23 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: Received disconnect from 209.90.232.249 port 52760:11: disconnected by user [preauth]
Jun 23 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: Disconnected from 209.90.232.249 port 52760 [preauth]
Jun 23 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: Invalid user steel from 147.45.174.229
Jun 23 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: input_userauth_request: invalid user steel [preauth]
Jun 23 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: Connection closed by 144.225.187.123 port 55192 [preauth]
Jun 23 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Failed password for invalid user btc from 91.92.40.48 port 10706 ssh2
Jun 23 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Invalid user admin from 2.57.121.25
Jun 23 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: Failed password for invalid user steel from 147.45.174.229 port 60516 ssh2
Jun 23 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: Received disconnect from 147.45.174.229 port 60516:11: Bye Bye [preauth]
Jun 23 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: Disconnected from 147.45.174.229 port 60516 [preauth]
Jun 23 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Connection closed by 91.92.40.48 port 10706 [preauth]
Jun 23 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Failed password for invalid user admin from 2.57.121.25 port 64360 ssh2
Jun 23 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24159]: Invalid user fahmi from 91.92.40.48
Jun 23 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24159]: input_userauth_request: invalid user fahmi [preauth]
Jun 23 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24159]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Failed password for invalid user admin from 2.57.121.25 port 64360 ssh2
Jun 23 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24159]: Failed password for invalid user fahmi from 91.92.40.48 port 10738 ssh2
Jun 23 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Failed password for invalid user admin from 2.57.121.25 port 64360 ssh2
Jun 23 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Connection closed by 2.57.121.25 port 64360 [preauth]
Jun 23 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24159]: Connection closed by 91.92.40.48 port 10738 [preauth]
Jun 23 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24194]: Invalid user anna from 91.92.40.48
Jun 23 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24194]: input_userauth_request: invalid user anna [preauth]
Jun 23 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24194]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24194]: Failed password for invalid user anna from 91.92.40.48 port 17242 ssh2
Jun 23 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24194]: Connection closed by 91.92.40.48 port 17242 [preauth]
Jun 23 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24222]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24307]: Successful su for rubyman by root
Jun 23 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24307]: + ??? root:rubyman
Jun 23 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575682 of user rubyman.
Jun 23 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24307]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575682.
Jun 23 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Invalid user sharon from 91.92.40.48
Jun 23 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: input_userauth_request: invalid user sharon [preauth]
Jun 23 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21120]: pam_unix(cron:session): session closed for user root
Jun 23 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24223]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Failed password for invalid user sharon from 91.92.40.48 port 42216 ssh2
Jun 23 06:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Connection closed by 91.92.40.48 port 42216 [preauth]
Jun 23 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: Invalid user jenkins from 91.92.40.48
Jun 23 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: Failed password for invalid user jenkins from 91.92.40.48 port 42308 ssh2
Jun 23 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: Connection closed by 91.92.40.48 port 42308 [preauth]
Jun 23 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24500]: Invalid user aman from 91.92.40.48
Jun 23 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24500]: input_userauth_request: invalid user aman [preauth]
Jun 23 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24500]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24500]: Failed password for invalid user aman from 91.92.40.48 port 41900 ssh2
Jun 23 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24522]: Failed password for root from 144.225.187.123 port 37694 ssh2
Jun 23 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24522]: Connection closed by 144.225.187.123 port 37694 [preauth]
Jun 23 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24500]: Connection closed by 91.92.40.48 port 41900 [preauth]
Jun 23 06:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: Invalid user a from 91.92.40.48
Jun 23 06:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: input_userauth_request: invalid user a [preauth]
Jun 23 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: Failed password for invalid user a from 91.92.40.48 port 57184 ssh2
Jun 23 06:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24532]: Connection closed by 91.92.40.48 port 57184 [preauth]
Jun 23 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24568]: Did not receive identification string from 34.77.144.55
Jun 23 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: Invalid user dev from 91.92.40.48
Jun 23 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: input_userauth_request: invalid user dev [preauth]
Jun 23 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23189]: pam_unix(cron:session): session closed for user root
Jun 23 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: Failed password for invalid user dev from 91.92.40.48 port 57214 ssh2
Jun 23 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: Connection closed by 91.92.40.48 port 57214 [preauth]
Jun 23 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Invalid user deploy from 91.92.40.48
Jun 23 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Failed password for invalid user deploy from 91.92.40.48 port 61696 ssh2
Jun 23 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Connection closed by 91.92.40.48 port 61696 [preauth]
Jun 23 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Failed password for invalid user ubuntu from 91.92.40.48 port 41346 ssh2
Jun 23 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Connection closed by 91.92.40.48 port 41346 [preauth]
Jun 23 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: fatal: Unable to negotiate with 34.77.144.55 port 20168: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Jun 23 06:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: Invalid user pi from 91.92.40.48
Jun 23 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: input_userauth_request: invalid user pi [preauth]
Jun 23 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: User backup from 91.92.40.12 not allowed because not listed in AllowUsers
Jun 23 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: input_userauth_request: invalid user backup [preauth]
Jun 23 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=backup
Jun 23 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: Failed password for invalid user pi from 91.92.40.48 port 42544 ssh2
Jun 23 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24642]: Connection closed by 91.92.40.48 port 42544 [preauth]
Jun 23 06:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: Failed password for root from 144.225.187.123 port 43046 ssh2
Jun 23 06:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: Connection closed by 144.225.187.123 port 43046 [preauth]
Jun 23 06:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: Failed password for invalid user backup from 91.92.40.12 port 50554 ssh2
Jun 23 06:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: Connection closed by 91.92.40.12 port 50554 [preauth]
Jun 23 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Invalid user ftpuser from 91.92.40.48
Jun 23 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Failed password for invalid user ftpuser from 91.92.40.48 port 63540 ssh2
Jun 23 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24694]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Failed password for root from 103.77.175.15 port 48268 ssh2
Jun 23 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24757]: Successful su for rubyman by root
Jun 23 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24757]: + ??? root:rubyman
Jun 23 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575687 of user rubyman.
Jun 23 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24757]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575687.
Jun 23 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Connection closed by 103.77.175.15 port 48268 [preauth]
Jun 23 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Connection closed by 91.92.40.48 port 63540 [preauth]
Jun 23 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21618]: pam_unix(cron:session): session closed for user root
Jun 23 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: Protocol major versions differ for 34.77.144.55: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Nmap-SSH1-Hostkey
Jun 23 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: fatal: Unable to negotiate with 34.77.144.55 port 27548: no matching host key type found. Their offer: ssh-dss [preauth]
Jun 23 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: Invalid user master from 91.92.40.48
Jun 23 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: input_userauth_request: invalid user master [preauth]
Jun 23 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24695]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: Connection closed by 34.77.144.55 port 27556 [preauth]
Jun 23 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: Failed password for invalid user master from 91.92.40.48 port 63608 ssh2
Jun 23 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: Connection closed by 91.92.40.48 port 63608 [preauth]
Jun 23 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Invalid user idempiere from 91.92.40.48
Jun 23 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: input_userauth_request: invalid user idempiere [preauth]
Jun 23 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Failed password for invalid user idempiere from 91.92.40.48 port 31024 ssh2
Jun 23 06:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Connection closed by 91.92.40.48 port 31024 [preauth]
Jun 23 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: Failed password for root from 91.92.40.48 port 54232 ssh2
Jun 23 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: Connection closed by 91.92.40.48 port 54232 [preauth]
Jun 23 06:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Invalid user no from 91.92.40.48
Jun 23 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: input_userauth_request: invalid user no [preauth]
Jun 23 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Failed password for invalid user no from 91.92.40.48 port 54260 ssh2
Jun 23 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Failed password for root from 144.225.187.123 port 38868 ssh2
Jun 23 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Connection closed by 91.92.40.48 port 54260 [preauth]
Jun 23 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Connection closed by 144.225.187.123 port 38868 [preauth]
Jun 23 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session closed for user root
Jun 23 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: Invalid user milad from 91.92.40.48
Jun 23 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: input_userauth_request: invalid user milad [preauth]
Jun 23 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: Failed password for invalid user milad from 91.92.40.48 port 54984 ssh2
Jun 23 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25022]: Connection closed by 91.92.40.48 port 54984 [preauth]
Jun 23 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Failed password for root from 91.92.40.48 port 13568 ssh2
Jun 23 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Connection closed by 91.92.40.48 port 13568 [preauth]
Jun 23 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Invalid user test from 91.92.40.48
Jun 23 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: input_userauth_request: invalid user test [preauth]
Jun 23 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Failed password for invalid user test from 91.92.40.48 port 13588 ssh2
Jun 23 06:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Connection closed by 91.92.40.48 port 13588 [preauth]
Jun 23 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25101]: Invalid user teamspeak from 91.92.40.48
Jun 23 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25101]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25101]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25101]: Failed password for invalid user teamspeak from 91.92.40.48 port 24132 ssh2
Jun 23 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25101]: Connection closed by 91.92.40.48 port 24132 [preauth]
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25114]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25178]: Successful su for rubyman by root
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25178]: + ??? root:rubyman
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575692 of user rubyman.
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25178]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575692.
Jun 23 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22248]: pam_unix(cron:session): session closed for user root
Jun 23 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25115]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Failed password for root from 91.92.40.48 port 41598 ssh2
Jun 23 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Failed password for root from 144.225.187.123 port 52306 ssh2
Jun 23 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Connection closed by 91.92.40.48 port 41598 [preauth]
Jun 23 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Connection closed by 144.225.187.123 port 52306 [preauth]
Jun 23 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25365]: Invalid user ts3 from 91.92.40.48
Jun 23 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25365]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25365]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25365]: Failed password for invalid user ts3 from 91.92.40.48 port 46066 ssh2
Jun 23 06:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25365]: Connection closed by 91.92.40.48 port 46066 [preauth]
Jun 23 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: Invalid user demo from 91.92.40.48
Jun 23 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: input_userauth_request: invalid user demo [preauth]
Jun 23 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: Failed password for invalid user demo from 91.92.40.48 port 46090 ssh2
Jun 23 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25390]: Connection closed by 91.92.40.48 port 46090 [preauth]
Jun 23 06:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Invalid user kevin from 91.92.40.48
Jun 23 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: input_userauth_request: invalid user kevin [preauth]
Jun 23 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Failed password for invalid user kevin from 91.92.40.48 port 55854 ssh2
Jun 23 06:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Connection closed by 91.92.40.48 port 55854 [preauth]
Jun 23 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25432]: Invalid user bot from 91.92.40.48
Jun 23 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25432]: input_userauth_request: invalid user bot [preauth]
Jun 23 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25432]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session closed for user root
Jun 23 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: Failed password for root from 103.172.78.219 port 48252 ssh2
Jun 23 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: Connection closed by 103.172.78.219 port 48252 [preauth]
Jun 23 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: User backup from 91.92.40.12 not allowed because not listed in AllowUsers
Jun 23 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: input_userauth_request: invalid user backup [preauth]
Jun 23 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=backup
Jun 23 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25432]: Failed password for invalid user bot from 91.92.40.48 port 49664 ssh2
Jun 23 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25432]: Connection closed by 91.92.40.48 port 49664 [preauth]
Jun 23 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: Failed password for invalid user backup from 91.92.40.12 port 41538 ssh2
Jun 23 06:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: Connection closed by 91.92.40.12 port 41538 [preauth]
Jun 23 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: Invalid user idempiere from 91.92.40.48
Jun 23 06:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: input_userauth_request: invalid user idempiere [preauth]
Jun 23 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: Failed password for root from 144.225.187.123 port 41876 ssh2
Jun 23 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: Connection closed by 144.225.187.123 port 41876 [preauth]
Jun 23 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: Failed password for invalid user idempiere from 91.92.40.48 port 49700 ssh2
Jun 23 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: Connection closed by 91.92.40.48 port 49700 [preauth]
Jun 23 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Invalid user app from 91.92.40.48
Jun 23 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: input_userauth_request: invalid user app [preauth]
Jun 23 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Failed password for invalid user app from 91.92.40.48 port 46076 ssh2
Jun 23 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Connection closed by 91.92.40.48 port 46076 [preauth]
Jun 23 06:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Invalid user brad from 91.92.40.48
Jun 23 06:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: input_userauth_request: invalid user brad [preauth]
Jun 23 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Failed password for invalid user brad from 91.92.40.48 port 24026 ssh2
Jun 23 06:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Connection closed by 91.92.40.48 port 24026 [preauth]
Jun 23 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: Invalid user odoo18 from 91.92.40.48
Jun 23 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: input_userauth_request: invalid user odoo18 [preauth]
Jun 23 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25540]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25602]: Successful su for rubyman by root
Jun 23 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25602]: + ??? root:rubyman
Jun 23 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575695 of user rubyman.
Jun 23 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25602]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575695.
Jun 23 06:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: Failed password for invalid user odoo18 from 91.92.40.48 port 10514 ssh2
Jun 23 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22764]: pam_unix(cron:session): session closed for user root
Jun 23 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: Connection closed by 91.92.40.48 port 10514 [preauth]
Jun 23 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25542]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Invalid user deploy from 91.92.40.48
Jun 23 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Failed password for invalid user deploy from 91.92.40.48 port 10544 ssh2
Jun 23 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Connection closed by 91.92.40.48 port 10544 [preauth]
Jun 23 06:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25790]: Invalid user admin from 91.92.40.48
Jun 23 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25790]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25790]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25790]: Failed password for invalid user admin from 91.92.40.48 port 45386 ssh2
Jun 23 06:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25790]: Connection closed by 91.92.40.48 port 45386 [preauth]
Jun 23 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: Failed password for root from 144.225.187.123 port 44028 ssh2
Jun 23 06:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: Connection closed by 144.225.187.123 port 44028 [preauth]
Jun 23 06:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Invalid user deploy from 91.92.40.48
Jun 23 06:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Failed password for invalid user deploy from 91.92.40.48 port 36340 ssh2
Jun 23 06:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Connection closed by 91.92.40.48 port 36340 [preauth]
Jun 23 06:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: Invalid user deploy from 91.92.40.48
Jun 23 06:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: Failed password for invalid user deploy from 91.92.40.48 port 36364 ssh2
Jun 23 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: Connection closed by 91.92.40.48 port 36364 [preauth]
Jun 23 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24697]: pam_unix(cron:session): session closed for user root
Jun 23 06:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: Invalid user user from 91.92.40.48
Jun 23 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: input_userauth_request: invalid user user [preauth]
Jun 23 06:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: Failed password for invalid user user from 91.92.40.48 port 31068 ssh2
Jun 23 06:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: Connection closed by 91.92.40.48 port 31068 [preauth]
Jun 23 06:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: Invalid user test from 91.92.40.48
Jun 23 06:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: input_userauth_request: invalid user test [preauth]
Jun 23 06:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: Failed password for invalid user test from 91.92.40.48 port 53898 ssh2
Jun 23 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25889]: Connection closed by 91.92.40.48 port 53898 [preauth]
Jun 23 06:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: Failed password for root from 144.225.187.123 port 46240 ssh2
Jun 23 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: Connection closed by 144.225.187.123 port 46240 [preauth]
Jun 23 06:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: Failed password for root from 91.92.40.48 port 53950 ssh2
Jun 23 06:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: Connection closed by 91.92.40.48 port 53950 [preauth]
Jun 23 06:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: Invalid user osboxes from 91.92.40.48
Jun 23 06:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: input_userauth_request: invalid user osboxes [preauth]
Jun 23 06:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25953]: pam_unix(cron:session): session closed for user root
Jun 23 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25947]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26014]: Successful su for rubyman by root
Jun 23 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26014]: + ??? root:rubyman
Jun 23 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575698 of user rubyman.
Jun 23 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26014]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575698.
Jun 23 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: Failed password for invalid user osboxes from 91.92.40.48 port 47412 ssh2
Jun 23 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25949]: pam_unix(cron:session): session closed for user root
Jun 23 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: Connection closed by 91.92.40.48 port 47412 [preauth]
Jun 23 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23187]: pam_unix(cron:session): session closed for user root
Jun 23 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25948]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25936]: Failed password for root from 91.92.40.48 port 13668 ssh2
Jun 23 06:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25936]: Connection closed by 91.92.40.48 port 13668 [preauth]
Jun 23 06:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Invalid user elasticsearch from 91.92.40.48
Jun 23 06:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 06:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: User backup from 91.92.40.12 not allowed because not listed in AllowUsers
Jun 23 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: input_userauth_request: invalid user backup [preauth]
Jun 23 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=backup
Jun 23 06:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Failed password for invalid user elasticsearch from 91.92.40.48 port 13710 ssh2
Jun 23 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: Failed password for invalid user backup from 91.92.40.12 port 40978 ssh2
Jun 23 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: Connection closed by 91.92.40.12 port 40978 [preauth]
Jun 23 06:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Connection closed by 91.92.40.48 port 13710 [preauth]
Jun 23 06:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: Invalid user bot from 91.92.40.48
Jun 23 06:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: input_userauth_request: invalid user bot [preauth]
Jun 23 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: Failed password for invalid user bot from 91.92.40.48 port 52762 ssh2
Jun 23 06:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: Connection closed by 91.92.40.48 port 52762 [preauth]
Jun 23 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: Failed password for root from 91.92.40.48 port 56360 ssh2
Jun 23 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: Connection closed by 91.92.40.48 port 56360 [preauth]
Jun 23 06:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: Failed password for root from 144.225.187.123 port 34158 ssh2
Jun 23 06:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26311]: Invalid user redhat from 91.92.40.48
Jun 23 06:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26311]: input_userauth_request: invalid user redhat [preauth]
Jun 23 06:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: Connection closed by 144.225.187.123 port 34158 [preauth]
Jun 23 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26311]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25117]: pam_unix(cron:session): session closed for user root
Jun 23 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26311]: Failed password for invalid user redhat from 91.92.40.48 port 26494 ssh2
Jun 23 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26311]: Connection closed by 91.92.40.48 port 26494 [preauth]
Jun 23 06:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: Invalid user myuser from 91.92.40.48
Jun 23 06:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: input_userauth_request: invalid user myuser [preauth]
Jun 23 06:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: Failed password for invalid user myuser from 91.92.40.48 port 26564 ssh2
Jun 23 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: Connection closed by 91.92.40.48 port 26564 [preauth]
Jun 23 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: Failed password for root from 91.92.40.48 port 15164 ssh2
Jun 23 06:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: Connection closed by 91.92.40.48 port 15164 [preauth]
Jun 23 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: User john from 91.92.40.48 not allowed because not listed in AllowUsers
Jun 23 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: input_userauth_request: invalid user john [preauth]
Jun 23 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=john
Jun 23 06:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Failed password for invalid user john from 91.92.40.48 port 52398 ssh2
Jun 23 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Connection closed by 91.92.40.48 port 52398 [preauth]
Jun 23 06:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: Successful su for rubyman by root
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: + ??? root:rubyman
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575704 of user rubyman.
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575704.
Jun 23 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Failed password for root from 91.92.40.48 port 52456 ssh2
Jun 23 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Connection closed by 91.92.40.48 port 52456 [preauth]
Jun 23 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session closed for user root
Jun 23 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: Invalid user main from 91.92.40.48
Jun 23 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: input_userauth_request: invalid user main [preauth]
Jun 23 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26520]: Failed password for root from 144.225.187.123 port 45218 ssh2
Jun 23 06:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26520]: Connection closed by 144.225.187.123 port 45218 [preauth]
Jun 23 06:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: Failed password for invalid user main from 91.92.40.48 port 30208 ssh2
Jun 23 06:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: Connection closed by 91.92.40.48 port 30208 [preauth]
Jun 23 06:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: Failed password for root from 91.92.40.48 port 60230 ssh2
Jun 23 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: Connection closed by 91.92.40.48 port 60230 [preauth]
Jun 23 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 06:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Failed password for root from 141.98.83.240 port 18706 ssh2
Jun 23 06:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: Invalid user odoo from 91.92.40.48
Jun 23 06:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: input_userauth_request: invalid user odoo [preauth]
Jun 23 06:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Failed password for root from 141.98.83.240 port 18706 ssh2
Jun 23 06:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: Failed password for invalid user odoo from 91.92.40.48 port 60298 ssh2
Jun 23 06:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26780]: Connection closed by 91.92.40.48 port 60298 [preauth]
Jun 23 06:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Failed password for root from 141.98.83.240 port 18706 ssh2
Jun 23 06:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Connection closed by 141.98.83.240 port 18706 [preauth]
Jun 23 06:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 06:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: Invalid user localadmin from 91.92.40.48
Jun 23 06:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: input_userauth_request: invalid user localadmin [preauth]
Jun 23 06:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: Failed password for invalid user localadmin from 91.92.40.48 port 17950 ssh2
Jun 23 06:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: Connection closed by 91.92.40.48 port 17950 [preauth]
Jun 23 06:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25544]: pam_unix(cron:session): session closed for user root
Jun 23 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: Failed password for root from 91.92.40.48 port 13166 ssh2
Jun 23 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: Connection closed by 91.92.40.48 port 13166 [preauth]
Jun 23 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26852]: Failed password for root from 91.92.40.48 port 36800 ssh2
Jun 23 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26852]: Connection closed by 91.92.40.48 port 36800 [preauth]
Jun 23 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: Failed password for root from 144.225.187.123 port 57438 ssh2
Jun 23 06:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: Connection closed by 144.225.187.123 port 57438 [preauth]
Jun 23 06:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Invalid user username from 91.92.40.48
Jun 23 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: input_userauth_request: invalid user username [preauth]
Jun 23 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: User backup from 91.92.40.12 not allowed because not listed in AllowUsers
Jun 23 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: input_userauth_request: invalid user backup [preauth]
Jun 23 06:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12  user=backup
Jun 23 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Failed password for invalid user username from 91.92.40.48 port 36846 ssh2
Jun 23 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Connection closed by 91.92.40.48 port 36846 [preauth]
Jun 23 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Failed password for invalid user backup from 91.92.40.12 port 49382 ssh2
Jun 23 06:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Connection closed by 91.92.40.12 port 49382 [preauth]
Jun 23 06:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26897]: Invalid user develop from 91.92.40.48
Jun 23 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26897]: input_userauth_request: invalid user develop [preauth]
Jun 23 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26897]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26897]: Failed password for invalid user develop from 91.92.40.48 port 12474 ssh2
Jun 23 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26897]: Connection closed by 91.92.40.48 port 12474 [preauth]
Jun 23 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26920]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Invalid user fa from 91.92.40.48
Jun 23 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: input_userauth_request: invalid user fa [preauth]
Jun 23 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26983]: Successful su for rubyman by root
Jun 23 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26983]: + ??? root:rubyman
Jun 23 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575708 of user rubyman.
Jun 23 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26983]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575708.
Jun 23 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session closed for user root
Jun 23 06:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Failed password for invalid user fa from 91.92.40.48 port 37482 ssh2
Jun 23 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Connection closed by 91.92.40.48 port 37482 [preauth]
Jun 23 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26921]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: Invalid user cyber from 91.92.40.48
Jun 23 06:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: input_userauth_request: invalid user cyber [preauth]
Jun 23 06:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: Failed password for invalid user cyber from 91.92.40.48 port 37540 ssh2
Jun 23 06:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: Connection closed by 91.92.40.48 port 37540 [preauth]
Jun 23 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: Invalid user claude from 91.92.40.48
Jun 23 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: input_userauth_request: invalid user claude [preauth]
Jun 23 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: Failed password for invalid user claude from 91.92.40.48 port 55402 ssh2
Jun 23 06:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: Connection closed by 91.92.40.48 port 55402 [preauth]
Jun 23 06:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Failed password for root from 144.225.187.123 port 51916 ssh2
Jun 23 06:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Connection closed by 144.225.187.123 port 51916 [preauth]
Jun 23 06:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Invalid user jenkins from 91.92.40.48
Jun 23 06:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 06:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Failed password for invalid user jenkins from 91.92.40.48 port 38242 ssh2
Jun 23 06:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Connection closed by 91.92.40.48 port 38242 [preauth]
Jun 23 06:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: Invalid user botuser from 91.92.40.48
Jun 23 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: input_userauth_request: invalid user botuser [preauth]
Jun 23 06:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: Failed password for invalid user botuser from 91.92.40.48 port 38280 ssh2
Jun 23 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: Connection closed by 91.92.40.48 port 38280 [preauth]
Jun 23 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session closed for user root
Jun 23 06:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: Invalid user admin from 91.92.40.48
Jun 23 06:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: Failed password for invalid user admin from 91.92.40.48 port 54634 ssh2
Jun 23 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: Connection closed by 91.92.40.48 port 54634 [preauth]
Jun 23 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Failed password for root from 91.92.40.48 port 52828 ssh2
Jun 23 06:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Connection closed by 91.92.40.48 port 52828 [preauth]
Jun 23 06:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: Invalid user gmod from 91.92.40.48
Jun 23 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: input_userauth_request: invalid user gmod [preauth]
Jun 23 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: Failed password for invalid user gmod from 91.92.40.48 port 52870 ssh2
Jun 23 06:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: Connection closed by 91.92.40.48 port 52870 [preauth]
Jun 23 06:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: Failed password for root from 144.225.187.123 port 48156 ssh2
Jun 23 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: Connection closed by 144.225.187.123 port 48156 [preauth]
Jun 23 06:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Failed password for root from 91.92.40.48 port 34108 ssh2
Jun 23 06:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Connection closed by 91.92.40.48 port 34108 [preauth]
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27359]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27421]: Successful su for rubyman by root
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27421]: + ??? root:rubyman
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575713 of user rubyman.
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27421]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575713.
Jun 23 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27347]: Invalid user admin from 91.92.40.48
Jun 23 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27347]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24696]: pam_unix(cron:session): session closed for user root
Jun 23 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27347]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27363]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27347]: Failed password for invalid user admin from 91.92.40.48 port 34176 ssh2
Jun 23 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27347]: Connection closed by 91.92.40.48 port 34176 [preauth]
Jun 23 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: Invalid user student from 91.92.40.48
Jun 23 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: input_userauth_request: invalid user student [preauth]
Jun 23 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: Failed password for invalid user student from 91.92.40.48 port 61084 ssh2
Jun 23 06:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: Connection closed by 91.92.40.48 port 61084 [preauth]
Jun 23 06:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27615]: Invalid user ftpuser from 91.92.40.48
Jun 23 06:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27615]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27615]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27615]: Failed password for invalid user ftpuser from 91.92.40.48 port 36658 ssh2
Jun 23 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27615]: Connection closed by 91.92.40.48 port 36658 [preauth]
Jun 23 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: Invalid user centos from 91.92.40.12
Jun 23 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: input_userauth_request: invalid user centos [preauth]
Jun 23 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: Failed password for invalid user centos from 91.92.40.12 port 51352 ssh2
Jun 23 06:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27670]: Connection closed by 91.92.40.12 port 51352 [preauth]
Jun 23 06:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: Failed password for root from 91.92.40.48 port 36730 ssh2
Jun 23 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: Connection closed by 91.92.40.48 port 36730 [preauth]
Jun 23 06:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: Invalid user webadm from 91.92.40.48
Jun 23 06:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: input_userauth_request: invalid user webadm [preauth]
Jun 23 06:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: Failed password for root from 144.225.187.123 port 53374 ssh2
Jun 23 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: Connection closed by 144.225.187.123 port 53374 [preauth]
Jun 23 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26408]: pam_unix(cron:session): session closed for user root
Jun 23 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: Failed password for invalid user webadm from 91.92.40.48 port 65242 ssh2
Jun 23 06:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Invalid user deploy from 91.92.40.48
Jun 23 06:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: Connection closed by 91.92.40.48 port 65242 [preauth]
Jun 23 06:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Failed password for invalid user deploy from 91.92.40.48 port 40062 ssh2
Jun 23 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Connection closed by 91.92.40.48 port 40062 [preauth]
Jun 23 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27716]: Failed password for root from 91.92.40.48 port 40100 ssh2
Jun 23 06:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27716]: Connection closed by 91.92.40.48 port 40100 [preauth]
Jun 23 06:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: Received disconnect from 103.176.90.41 port 20800:11: disconnected by user [preauth]
Jun 23 06:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27774]: Disconnected from 103.176.90.41 port 20800 [preauth]
Jun 23 06:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Failed password for root from 91.92.40.48 port 10058 ssh2
Jun 23 06:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Connection closed by 91.92.40.48 port 10058 [preauth]
Jun 23 06:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: Invalid user alex from 91.92.40.48
Jun 23 06:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: input_userauth_request: invalid user alex [preauth]
Jun 23 06:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27915]: Successful su for rubyman by root
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27915]: + ??? root:rubyman
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575716 of user rubyman.
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27915]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575716.
Jun 23 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27786]: pam_unix(cron:session): session closed for user root
Jun 23 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: Failed password for invalid user alex from 91.92.40.48 port 51928 ssh2
Jun 23 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: Connection closed by 91.92.40.48 port 51928 [preauth]
Jun 23 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25116]: pam_unix(cron:session): session closed for user root
Jun 23 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: Invalid user admin from 91.92.40.48
Jun 23 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28166]: Failed password for root from 144.225.187.123 port 36038 ssh2
Jun 23 06:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28166]: Connection closed by 144.225.187.123 port 36038 [preauth]
Jun 23 06:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: Failed password for invalid user admin from 91.92.40.48 port 32062 ssh2
Jun 23 06:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: Connection closed by 91.92.40.48 port 32062 [preauth]
Jun 23 06:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Invalid user user from 91.92.40.48
Jun 23 06:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: input_userauth_request: invalid user user [preauth]
Jun 23 06:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Failed password for invalid user user from 91.92.40.48 port 32166 ssh2
Jun 23 06:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Connection closed by 91.92.40.48 port 32166 [preauth]
Jun 23 06:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Invalid user dm from 91.92.40.48
Jun 23 06:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: input_userauth_request: invalid user dm [preauth]
Jun 23 06:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Failed password for invalid user dm from 91.92.40.48 port 15902 ssh2
Jun 23 06:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Connection closed by 91.92.40.48 port 15902 [preauth]
Jun 23 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: Invalid user jack from 91.92.40.48
Jun 23 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: input_userauth_request: invalid user jack [preauth]
Jun 23 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: Failed password for invalid user jack from 91.92.40.48 port 30692 ssh2
Jun 23 06:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: Connection closed by 91.92.40.48 port 30692 [preauth]
Jun 23 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session closed for user root
Jun 23 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: Invalid user postgres from 91.92.40.48
Jun 23 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: input_userauth_request: invalid user postgres [preauth]
Jun 23 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: Failed password for invalid user postgres from 91.92.40.48 port 30718 ssh2
Jun 23 06:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: Connection closed by 91.92.40.48 port 30718 [preauth]
Jun 23 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Invalid user hadoop from 91.92.40.48
Jun 23 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: Failed password for root from 144.225.187.123 port 57446 ssh2
Jun 23 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: Connection closed by 144.225.187.123 port 57446 [preauth]
Jun 23 06:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Failed password for invalid user hadoop from 91.92.40.48 port 14400 ssh2
Jun 23 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Connection closed by 91.92.40.48 port 14400 [preauth]
Jun 23 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Invalid user deploy from 91.92.40.48
Jun 23 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: Failed password for root from 147.45.199.80 port 53060 ssh2
Jun 23 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: Connection closed by 147.45.199.80 port 53060 [preauth]
Jun 23 06:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Failed password for invalid user deploy from 91.92.40.48 port 10752 ssh2
Jun 23 06:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Connection closed by 91.92.40.48 port 10752 [preauth]
Jun 23 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Invalid user dummy from 91.92.40.48
Jun 23 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: input_userauth_request: invalid user dummy [preauth]
Jun 23 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Failed password for invalid user dummy from 91.92.40.48 port 44592 ssh2
Jun 23 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Connection closed by 91.92.40.48 port 44592 [preauth]
Jun 23 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: Invalid user centos from 91.92.40.12
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: input_userauth_request: invalid user centos [preauth]
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28371]: pam_unix(cron:session): session closed for user root
Jun 23 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28366]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28432]: Successful su for rubyman by root
Jun 23 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28432]: + ??? root:rubyman
Jun 23 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575724 of user rubyman.
Jun 23 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28432]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575724.
Jun 23 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Invalid user security from 91.92.40.48
Jun 23 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: input_userauth_request: invalid user security [preauth]
Jun 23 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: Failed password for invalid user centos from 91.92.40.12 port 43918 ssh2
Jun 23 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: Connection closed by 91.92.40.12 port 43918 [preauth]
Jun 23 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25543]: pam_unix(cron:session): session closed for user root
Jun 23 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28368]: pam_unix(cron:session): session closed for user root
Jun 23 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Failed password for invalid user security from 91.92.40.48 port 51252 ssh2
Jun 23 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Connection closed by 91.92.40.48 port 51252 [preauth]
Jun 23 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28367]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28716]: Invalid user eduardo from 91.92.40.48
Jun 23 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28716]: input_userauth_request: invalid user eduardo [preauth]
Jun 23 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28716]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28716]: Failed password for invalid user eduardo from 91.92.40.48 port 51294 ssh2
Jun 23 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28716]: Connection closed by 91.92.40.48 port 51294 [preauth]
Jun 23 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Invalid user localhost from 91.92.40.48
Jun 23 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: input_userauth_request: invalid user localhost [preauth]
Jun 23 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Failed password for invalid user localhost from 91.92.40.48 port 21216 ssh2
Jun 23 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Connection closed by 91.92.40.48 port 21216 [preauth]
Jun 23 06:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Failed password for root from 144.225.187.123 port 55012 ssh2
Jun 23 06:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Connection closed by 144.225.187.123 port 55012 [preauth]
Jun 23 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Invalid user test from 91.92.40.48
Jun 23 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: input_userauth_request: invalid user test [preauth]
Jun 23 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Failed password for invalid user test from 91.92.40.48 port 40730 ssh2
Jun 23 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Connection closed by 91.92.40.48 port 40730 [preauth]
Jun 23 06:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27366]: pam_unix(cron:session): session closed for user root
Jun 23 06:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: Failed password for root from 91.92.40.48 port 41290 ssh2
Jun 23 06:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: Connection closed by 91.92.40.48 port 41290 [preauth]
Jun 23 06:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Invalid user ui from 91.92.40.48
Jun 23 06:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: input_userauth_request: invalid user ui [preauth]
Jun 23 06:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Failed password for invalid user ui from 91.92.40.48 port 41364 ssh2
Jun 23 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Connection closed by 91.92.40.48 port 41364 [preauth]
Jun 23 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: Invalid user pi from 91.92.40.48
Jun 23 06:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: input_userauth_request: invalid user pi [preauth]
Jun 23 06:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: Failed password for invalid user pi from 91.92.40.48 port 48848 ssh2
Jun 23 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: Connection closed by 91.92.40.48 port 48848 [preauth]
Jun 23 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Invalid user ftptest from 91.92.40.48
Jun 23 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: input_userauth_request: invalid user ftptest [preauth]
Jun 23 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Failed password for invalid user ftptest from 91.92.40.48 port 40364 ssh2
Jun 23 06:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Connection closed by 91.92.40.48 port 40364 [preauth]
Jun 23 06:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: Failed password for root from 144.225.187.123 port 48864 ssh2
Jun 23 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: Connection closed by 144.225.187.123 port 48864 [preauth]
Jun 23 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Failed password for root from 91.92.40.48 port 40406 ssh2
Jun 23 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Connection closed by 91.92.40.48 port 40406 [preauth]
Jun 23 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28923]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28995]: Successful su for rubyman by root
Jun 23 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28995]: + ??? root:rubyman
Jun 23 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575727 of user rubyman.
Jun 23 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28995]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575727.
Jun 23 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Invalid user cyrus from 91.92.40.48
Jun 23 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: input_userauth_request: invalid user cyrus [preauth]
Jun 23 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session closed for user root
Jun 23 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28924]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Failed password for invalid user cyrus from 91.92.40.48 port 20182 ssh2
Jun 23 06:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Connection closed by 91.92.40.48 port 20182 [preauth]
Jun 23 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: Failed password for root from 91.92.40.48 port 26384 ssh2
Jun 23 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29187]: Connection closed by 91.92.40.48 port 26384 [preauth]
Jun 23 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Invalid user user1 from 91.92.40.48
Jun 23 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: input_userauth_request: invalid user user1 [preauth]
Jun 23 06:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Failed password for invalid user user1 from 91.92.40.48 port 26434 ssh2
Jun 23 06:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Connection closed by 91.92.40.48 port 26434 [preauth]
Jun 23 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: Invalid user linux from 91.92.40.48
Jun 23 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: input_userauth_request: invalid user linux [preauth]
Jun 23 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: Failed password for invalid user linux from 91.92.40.48 port 31006 ssh2
Jun 23 06:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: Connection closed by 91.92.40.48 port 31006 [preauth]
Jun 23 06:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Invalid user try from 91.92.40.48
Jun 23 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: input_userauth_request: invalid user try [preauth]
Jun 23 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: Failed password for root from 144.225.187.123 port 47786 ssh2
Jun 23 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27791]: pam_unix(cron:session): session closed for user root
Jun 23 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: Connection closed by 144.225.187.123 port 47786 [preauth]
Jun 23 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: Invalid user centos from 91.92.40.12
Jun 23 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: input_userauth_request: invalid user centos [preauth]
Jun 23 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Failed password for invalid user try from 91.92.40.48 port 42326 ssh2
Jun 23 06:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Connection closed by 91.92.40.48 port 42326 [preauth]
Jun 23 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: Failed password for invalid user centos from 91.92.40.12 port 50752 ssh2
Jun 23 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: Connection closed by 91.92.40.12 port 50752 [preauth]
Jun 23 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Invalid user frappe from 91.92.40.48
Jun 23 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: input_userauth_request: invalid user frappe [preauth]
Jun 23 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Failed password for invalid user frappe from 91.92.40.48 port 42438 ssh2
Jun 23 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Connection closed by 91.92.40.48 port 42438 [preauth]
Jun 23 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: Failed password for root from 91.92.40.48 port 17912 ssh2
Jun 23 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: Connection closed by 91.92.40.48 port 17912 [preauth]
Jun 23 06:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Invalid user aaa from 91.92.40.48
Jun 23 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: input_userauth_request: invalid user aaa [preauth]
Jun 23 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Failed password for invalid user aaa from 91.92.40.48 port 42266 ssh2
Jun 23 06:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Connection closed by 91.92.40.48 port 42266 [preauth]
Jun 23 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 06:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Invalid user arthur from 91.92.40.48
Jun 23 06:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: input_userauth_request: invalid user arthur [preauth]
Jun 23 06:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Failed password for root from 103.176.20.57 port 57468 ssh2
Jun 23 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Connection closed by 103.176.20.57 port 57468 [preauth]
Jun 23 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: Successful su for rubyman by root
Jun 23 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: + ??? root:rubyman
Jun 23 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575732 of user rubyman.
Jun 23 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575732.
Jun 23 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Failed password for invalid user arthur from 91.92.40.48 port 30572 ssh2
Jun 23 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Connection closed by 91.92.40.48 port 30572 [preauth]
Jun 23 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session closed for user root
Jun 23 06:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: Invalid user steam from 91.92.40.48
Jun 23 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: input_userauth_request: invalid user steam [preauth]
Jun 23 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: Failed password for root from 144.225.187.123 port 49834 ssh2
Jun 23 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: Connection closed by 144.225.187.123 port 49834 [preauth]
Jun 23 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: Failed password for invalid user steam from 91.92.40.48 port 30604 ssh2
Jun 23 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: Connection closed by 91.92.40.48 port 30604 [preauth]
Jun 23 06:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: Invalid user system from 91.92.40.48
Jun 23 06:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: input_userauth_request: invalid user system [preauth]
Jun 23 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: Failed password for invalid user system from 91.92.40.48 port 33396 ssh2
Jun 23 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: Connection closed by 91.92.40.48 port 33396 [preauth]
Jun 23 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29778]: Invalid user openclaw from 91.92.40.48
Jun 23 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29778]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29778]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29778]: Failed password for invalid user openclaw from 91.92.40.48 port 14884 ssh2
Jun 23 06:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29778]: Connection closed by 91.92.40.48 port 14884 [preauth]
Jun 23 06:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: Invalid user bob from 91.92.40.48
Jun 23 06:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: input_userauth_request: invalid user bob [preauth]
Jun 23 06:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: Failed password for invalid user bob from 91.92.40.48 port 14978 ssh2
Jun 23 06:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: Connection closed by 91.92.40.48 port 14978 [preauth]
Jun 23 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session closed for user root
Jun 23 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: Failed password for root from 91.92.40.48 port 31656 ssh2
Jun 23 06:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29831]: Connection closed by 91.92.40.48 port 31656 [preauth]
Jun 23 06:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Failed password for root from 144.225.187.123 port 37362 ssh2
Jun 23 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: Failed password for root from 91.92.40.48 port 55746 ssh2
Jun 23 06:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Connection closed by 144.225.187.123 port 37362 [preauth]
Jun 23 06:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: Connection closed by 91.92.40.48 port 55746 [preauth]
Jun 23 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Failed password for root from 91.92.40.48 port 55792 ssh2
Jun 23 06:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Connection closed by 91.92.40.48 port 55792 [preauth]
Jun 23 06:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: Invalid user monitor from 91.92.40.48
Jun 23 06:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: input_userauth_request: invalid user monitor [preauth]
Jun 23 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: Failed password for invalid user monitor from 91.92.40.48 port 56636 ssh2
Jun 23 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: Connection closed by 91.92.40.48 port 56636 [preauth]
Jun 23 06:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29933]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29930]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29991]: Successful su for rubyman by root
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29991]: + ??? root:rubyman
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575736 of user rubyman.
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29991]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575736.
Jun 23 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Invalid user olga from 91.92.40.48
Jun 23 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: input_userauth_request: invalid user olga [preauth]
Jun 23 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26922]: pam_unix(cron:session): session closed for user root
Jun 23 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29931]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Invalid user centos from 91.92.40.12
Jun 23 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: input_userauth_request: invalid user centos [preauth]
Jun 23 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Failed password for invalid user centos from 91.92.40.12 port 49554 ssh2
Jun 23 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Connection closed by 91.92.40.12 port 49554 [preauth]
Jun 23 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Failed password for invalid user olga from 91.92.40.48 port 11710 ssh2
Jun 23 06:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Connection closed by 91.92.40.48 port 11710 [preauth]
Jun 23 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Invalid user mcserver from 91.92.40.48
Jun 23 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: input_userauth_request: invalid user mcserver [preauth]
Jun 23 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Failed password for invalid user mcserver from 91.92.40.48 port 11722 ssh2
Jun 23 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Connection closed by 91.92.40.48 port 11722 [preauth]
Jun 23 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Invalid user kafka from 91.92.40.48
Jun 23 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: input_userauth_request: invalid user kafka [preauth]
Jun 23 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: Failed password for root from 144.225.187.123 port 34166 ssh2
Jun 23 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: Connection closed by 144.225.187.123 port 34166 [preauth]
Jun 23 06:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Failed password for invalid user kafka from 91.92.40.48 port 14060 ssh2
Jun 23 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Connection closed by 91.92.40.48 port 14060 [preauth]
Jun 23 06:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Failed password for root from 91.92.40.48 port 12300 ssh2
Jun 23 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Connection closed by 91.92.40.48 port 12300 [preauth]
Jun 23 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28926]: pam_unix(cron:session): session closed for user root
Jun 23 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Failed password for root from 91.92.40.48 port 61348 ssh2
Jun 23 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Connection closed by 91.92.40.48 port 61348 [preauth]
Jun 23 06:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30301]: Invalid user ai from 91.92.40.48
Jun 23 06:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30301]: input_userauth_request: invalid user ai [preauth]
Jun 23 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30301]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30301]: Failed password for invalid user ai from 91.92.40.48 port 61400 ssh2
Jun 23 06:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30301]: Connection closed by 91.92.40.48 port 61400 [preauth]
Jun 23 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Invalid user webtest from 91.92.40.48
Jun 23 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: input_userauth_request: invalid user webtest [preauth]
Jun 23 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Failed password for invalid user webtest from 91.92.40.48 port 33072 ssh2
Jun 23 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Connection closed by 91.92.40.48 port 33072 [preauth]
Jun 23 06:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: Invalid user fernando from 91.92.40.48
Jun 23 06:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: input_userauth_request: invalid user fernando [preauth]
Jun 23 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30344]: Failed password for root from 144.225.187.123 port 33378 ssh2
Jun 23 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30344]: Connection closed by 144.225.187.123 port 33378 [preauth]
Jun 23 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: Failed password for invalid user fernando from 91.92.40.48 port 48448 ssh2
Jun 23 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: Connection closed by 91.92.40.48 port 48448 [preauth]
Jun 23 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30375]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30364]: Invalid user tom from 91.92.40.48
Jun 23 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30364]: input_userauth_request: invalid user tom [preauth]
Jun 23 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30433]: Successful su for rubyman by root
Jun 23 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30433]: + ??? root:rubyman
Jun 23 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575739 of user rubyman.
Jun 23 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30433]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575739.
Jun 23 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30364]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27365]: pam_unix(cron:session): session closed for user root
Jun 23 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30364]: Failed password for invalid user tom from 91.92.40.48 port 48530 ssh2
Jun 23 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30376]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30364]: Connection closed by 91.92.40.48 port 48530 [preauth]
Jun 23 06:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: Invalid user user from 91.92.40.48
Jun 23 06:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: input_userauth_request: invalid user user [preauth]
Jun 23 06:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: Failed password for invalid user user from 91.92.40.48 port 57296 ssh2
Jun 23 06:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30485]: Connection closed by 91.92.40.48 port 57296 [preauth]
Jun 23 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Invalid user brenda from 91.92.40.48
Jun 23 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: input_userauth_request: invalid user brenda [preauth]
Jun 23 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30664]: Connection closed by 45.148.10.121 port 49624 [preauth]
Jun 23 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Failed password for invalid user brenda from 91.92.40.48 port 52832 ssh2
Jun 23 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Connection closed by 91.92.40.48 port 52832 [preauth]
Jun 23 06:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: Failed password for root from 91.92.40.48 port 52896 ssh2
Jun 23 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: Connection closed by 91.92.40.48 port 52896 [preauth]
Jun 23 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Failed password for root from 144.225.187.123 port 47302 ssh2
Jun 23 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Connection closed by 144.225.187.123 port 47302 [preauth]
Jun 23 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: Invalid user andreas from 91.92.40.48
Jun 23 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: input_userauth_request: invalid user andreas [preauth]
Jun 23 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29378]: pam_unix(cron:session): session closed for user root
Jun 23 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Invalid user debian from 91.92.40.12
Jun 23 06:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: Failed password for invalid user andreas from 91.92.40.48 port 58178 ssh2
Jun 23 06:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Failed password for invalid user debian from 91.92.40.12 port 49958 ssh2
Jun 23 06:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Connection closed by 91.92.40.12 port 49958 [preauth]
Jun 23 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: Connection closed by 91.92.40.48 port 58178 [preauth]
Jun 23 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: Invalid user kafka from 91.92.40.48
Jun 23 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: input_userauth_request: invalid user kafka [preauth]
Jun 23 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: Failed password for invalid user kafka from 91.92.40.48 port 15706 ssh2
Jun 23 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: Connection closed by 91.92.40.48 port 15706 [preauth]
Jun 23 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: Invalid user user from 91.92.40.48
Jun 23 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: input_userauth_request: invalid user user [preauth]
Jun 23 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: Failed password for invalid user user from 91.92.40.48 port 15776 ssh2
Jun 23 06:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: Connection closed by 91.92.40.48 port 15776 [preauth]
Jun 23 06:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: Invalid user test from 91.92.40.48
Jun 23 06:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: input_userauth_request: invalid user test [preauth]
Jun 23 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: Failed password for invalid user test from 91.92.40.48 port 57400 ssh2
Jun 23 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: Connection closed by 91.92.40.48 port 57400 [preauth]
Jun 23 06:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Invalid user peter from 91.92.40.48
Jun 23 06:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: input_userauth_request: invalid user peter [preauth]
Jun 23 06:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30815]: pam_unix(cron:session): session closed for user root
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30809]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30883]: Successful su for rubyman by root
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30883]: + ??? root:rubyman
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575745 of user rubyman.
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30883]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575745.
Jun 23 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Failed password for invalid user peter from 91.92.40.48 port 24794 ssh2
Jun 23 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30811]: pam_unix(cron:session): session closed for user root
Jun 23 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Failed password for root from 144.225.187.123 port 36676 ssh2
Jun 23 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session closed for user root
Jun 23 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Connection closed by 144.225.187.123 port 36676 [preauth]
Jun 23 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Connection closed by 91.92.40.48 port 24794 [preauth]
Jun 23 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30810]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Failed password for root from 91.92.40.48 port 47002 ssh2
Jun 23 06:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31174]: Invalid user www from 91.92.40.48
Jun 23 06:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31174]: input_userauth_request: invalid user www [preauth]
Jun 23 06:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Connection closed by 91.92.40.48 port 47002 [preauth]
Jun 23 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31174]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31174]: Failed password for invalid user www from 91.92.40.48 port 47068 ssh2
Jun 23 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31174]: Connection closed by 91.92.40.48 port 47068 [preauth]
Jun 23 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: Failed password for root from 91.92.40.48 port 60064 ssh2
Jun 23 06:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: Connection closed by 91.92.40.48 port 60064 [preauth]
Jun 23 06:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Failed password for root from 91.92.40.48 port 43828 ssh2
Jun 23 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29933]: pam_unix(cron:session): session closed for user root
Jun 23 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Connection closed by 91.92.40.48 port 43828 [preauth]
Jun 23 06:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: Failed password for root from 91.92.40.48 port 43874 ssh2
Jun 23 06:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Failed password for root from 144.225.187.123 port 60406 ssh2
Jun 23 06:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Connection closed by 144.225.187.123 port 60406 [preauth]
Jun 23 06:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: Connection closed by 91.92.40.48 port 43874 [preauth]
Jun 23 06:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Invalid user user from 91.92.40.48
Jun 23 06:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: input_userauth_request: invalid user user [preauth]
Jun 23 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Failed password for invalid user user from 91.92.40.48 port 48462 ssh2
Jun 23 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Connection closed by 91.92.40.48 port 48462 [preauth]
Jun 23 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Failed password for invalid user ubuntu from 91.92.40.48 port 35404 ssh2
Jun 23 06:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Connection closed by 91.92.40.48 port 35404 [preauth]
Jun 23 06:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: Failed password for invalid user ubuntu from 91.92.40.48 port 30762 ssh2
Jun 23 06:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: Connection closed by 91.92.40.48 port 30762 [preauth]
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31359]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31430]: Successful su for rubyman by root
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31430]: + ??? root:rubyman
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575749 of user rubyman.
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31430]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575749.
Jun 23 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Invalid user dev from 91.92.40.48
Jun 23 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: input_userauth_request: invalid user dev [preauth]
Jun 23 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Invalid user ua from 147.45.174.229
Jun 23 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: input_userauth_request: invalid user ua [preauth]
Jun 23 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28369]: pam_unix(cron:session): session closed for user root
Jun 23 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Failed password for invalid user ua from 147.45.174.229 port 59510 ssh2
Jun 23 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31360]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Received disconnect from 147.45.174.229 port 59510:11: Bye Bye [preauth]
Jun 23 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Disconnected from 147.45.174.229 port 59510 [preauth]
Jun 23 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Failed password for invalid user dev from 91.92.40.48 port 30808 ssh2
Jun 23 06:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Connection closed by 91.92.40.48 port 30808 [preauth]
Jun 23 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Invalid user debian from 91.92.40.12
Jun 23 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Failed password for invalid user debian from 91.92.40.12 port 53982 ssh2
Jun 23 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Connection closed by 91.92.40.12 port 53982 [preauth]
Jun 23 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31558]: Failed password for root from 91.92.40.48 port 41324 ssh2
Jun 23 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31558]: Connection closed by 91.92.40.48 port 41324 [preauth]
Jun 23 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31728]: Failed password for root from 91.92.40.48 port 45136 ssh2
Jun 23 06:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: Failed password for root from 144.225.187.123 port 41516 ssh2
Jun 23 06:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31728]: Connection closed by 91.92.40.48 port 45136 [preauth]
Jun 23 06:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: Connection closed by 144.225.187.123 port 41516 [preauth]
Jun 23 06:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: Invalid user kiran from 91.92.40.48
Jun 23 06:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: input_userauth_request: invalid user kiran [preauth]
Jun 23 06:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: Failed password for invalid user kiran from 91.92.40.48 port 63098 ssh2
Jun 23 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: Connection closed by 91.92.40.48 port 63098 [preauth]
Jun 23 06:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: Invalid user chris from 91.92.40.48
Jun 23 06:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: input_userauth_request: invalid user chris [preauth]
Jun 23 06:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: Failed password for invalid user chris from 91.92.40.48 port 63142 ssh2
Jun 23 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30378]: pam_unix(cron:session): session closed for user root
Jun 23 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: Connection closed by 91.92.40.48 port 63142 [preauth]
Jun 23 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Invalid user sysupdate from 91.92.40.48
Jun 23 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: input_userauth_request: invalid user sysupdate [preauth]
Jun 23 06:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Failed password for invalid user sysupdate from 91.92.40.48 port 53584 ssh2
Jun 23 06:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Connection closed by 91.92.40.48 port 53584 [preauth]
Jun 23 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Invalid user gg from 91.92.40.48
Jun 23 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: input_userauth_request: invalid user gg [preauth]
Jun 23 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Failed password for invalid user gg from 91.92.40.48 port 59522 ssh2
Jun 23 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Connection closed by 91.92.40.48 port 59522 [preauth]
Jun 23 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31862]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31862]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31862]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31862]: Failed password for invalid user ubuntu from 91.92.40.48 port 36654 ssh2
Jun 23 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31862]: Connection closed by 91.92.40.48 port 36654 [preauth]
Jun 23 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Failed password for root from 144.225.187.123 port 54116 ssh2
Jun 23 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Connection closed by 144.225.187.123 port 54116 [preauth]
Jun 23 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: Invalid user claude from 91.92.40.48
Jun 23 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: input_userauth_request: invalid user claude [preauth]
Jun 23 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: Failed password for invalid user claude from 91.92.40.48 port 36706 ssh2
Jun 23 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31967]: Successful su for rubyman by root
Jun 23 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31967]: + ??? root:rubyman
Jun 23 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575755 of user rubyman.
Jun 23 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31967]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575755.
Jun 23 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: Connection closed by 91.92.40.48 port 36706 [preauth]
Jun 23 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28925]: pam_unix(cron:session): session closed for user root
Jun 23 06:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: Failed password for root from 91.92.40.48 port 10912 ssh2
Jun 23 06:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: Connection closed by 91.92.40.48 port 10912 [preauth]
Jun 23 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: Failed password for root from 103.82.20.28 port 40704 ssh2
Jun 23 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: Connection closed by 103.82.20.28 port 40704 [preauth]
Jun 23 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: Invalid user appuser from 91.92.40.48
Jun 23 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: input_userauth_request: invalid user appuser [preauth]
Jun 23 06:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: Failed password for invalid user appuser from 91.92.40.48 port 26674 ssh2
Jun 23 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: Connection closed by 91.92.40.48 port 26674 [preauth]
Jun 23 06:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: Invalid user openclaw from 91.92.40.48
Jun 23 06:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 06:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: Failed password for invalid user openclaw from 91.92.40.48 port 26768 ssh2
Jun 23 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: Connection closed by 91.92.40.48 port 26768 [preauth]
Jun 23 06:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: Invalid user bot from 91.92.40.48
Jun 23 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: input_userauth_request: invalid user bot [preauth]
Jun 23 06:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: Failed password for invalid user bot from 91.92.40.48 port 27414 ssh2
Jun 23 06:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32211]: Connection closed by 91.92.40.48 port 27414 [preauth]
Jun 23 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: Invalid user plex from 144.225.187.123
Jun 23 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: input_userauth_request: invalid user plex [preauth]
Jun 23 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Invalid user minecraft from 91.92.40.48
Jun 23 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: Failed password for invalid user plex from 144.225.187.123 port 54246 ssh2
Jun 23 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: Connection closed by 144.225.187.123 port 54246 [preauth]
Jun 23 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30814]: pam_unix(cron:session): session closed for user root
Jun 23 06:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Failed password for invalid user minecraft from 91.92.40.48 port 35236 ssh2
Jun 23 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Connection closed by 91.92.40.48 port 35236 [preauth]
Jun 23 06:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Invalid user debian from 91.92.40.12
Jun 23 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: Failed password for invalid user ubuntu from 91.92.40.48 port 35286 ssh2
Jun 23 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Failed password for invalid user debian from 91.92.40.12 port 45552 ssh2
Jun 23 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Connection closed by 91.92.40.12 port 45552 [preauth]
Jun 23 06:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: Connection closed by 91.92.40.48 port 35286 [preauth]
Jun 23 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Invalid user deploy from 91.92.40.48
Jun 23 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Failed password for invalid user deploy from 91.92.40.48 port 35144 ssh2
Jun 23 06:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Connection closed by 91.92.40.48 port 35144 [preauth]
Jun 23 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32306]: Invalid user avalanche from 91.92.40.48
Jun 23 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32306]: input_userauth_request: invalid user avalanche [preauth]
Jun 23 06:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32306]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32306]: Failed password for invalid user avalanche from 91.92.40.48 port 25208 ssh2
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32327]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: Successful su for rubyman by root
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: + ??? root:rubyman
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575757 of user rubyman.
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575757.
Jun 23 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32306]: Connection closed by 91.92.40.48 port 25208 [preauth]
Jun 23 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Invalid user gary from 91.92.40.48
Jun 23 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: input_userauth_request: invalid user gary [preauth]
Jun 23 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session closed for user root
Jun 23 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32328]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Invalid user guest from 144.225.187.123
Jun 23 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: input_userauth_request: invalid user guest [preauth]
Jun 23 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Failed password for invalid user gary from 91.92.40.48 port 51680 ssh2
Jun 23 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Failed password for invalid user guest from 144.225.187.123 port 51662 ssh2
Jun 23 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Connection closed by 91.92.40.48 port 51680 [preauth]
Jun 23 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: Invalid user azureuser from 91.92.40.48
Jun 23 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Connection closed by 144.225.187.123 port 51662 [preauth]
Jun 23 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: Failed password for invalid user azureuser from 91.92.40.48 port 51720 ssh2
Jun 23 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: Connection closed by 91.92.40.48 port 51720 [preauth]
Jun 23 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32603]: Failed password for root from 103.27.238.114 port 44194 ssh2
Jun 23 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32603]: Connection closed by 103.27.238.114 port 44194 [preauth]
Jun 23 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32597]: Invalid user devops from 91.92.40.48
Jun 23 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32597]: input_userauth_request: invalid user devops [preauth]
Jun 23 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32597]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32597]: Failed password for invalid user devops from 91.92.40.48 port 26162 ssh2
Jun 23 06:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32597]: Connection closed by 91.92.40.48 port 26162 [preauth]
Jun 23 06:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Invalid user george from 91.92.40.48
Jun 23 06:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: input_userauth_request: invalid user george [preauth]
Jun 23 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Failed password for invalid user george from 91.92.40.48 port 31308 ssh2
Jun 23 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Invalid user maarch from 91.92.40.48
Jun 23 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: input_userauth_request: invalid user maarch [preauth]
Jun 23 06:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Connection closed by 91.92.40.48 port 31308 [preauth]
Jun 23 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31362]: pam_unix(cron:session): session closed for user root
Jun 23 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Failed password for invalid user maarch from 91.92.40.48 port 31340 ssh2
Jun 23 06:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Connection closed by 91.92.40.48 port 31340 [preauth]
Jun 23 06:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: Invalid user teamspeak from 91.92.40.48
Jun 23 06:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 06:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Invalid user dev from 144.225.187.123
Jun 23 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: input_userauth_request: invalid user dev [preauth]
Jun 23 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: Failed password for invalid user teamspeak from 91.92.40.48 port 43866 ssh2
Jun 23 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: Connection closed by 91.92.40.48 port 43866 [preauth]
Jun 23 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Failed password for invalid user dev from 144.225.187.123 port 50502 ssh2
Jun 23 06:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Connection closed by 144.225.187.123 port 50502 [preauth]
Jun 23 06:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32705]: Invalid user osm from 91.92.40.48
Jun 23 06:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32705]: input_userauth_request: invalid user osm [preauth]
Jun 23 06:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32705]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32705]: Failed password for invalid user osm from 91.92.40.48 port 33824 ssh2
Jun 23 06:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32705]: Connection closed by 91.92.40.48 port 33824 [preauth]
Jun 23 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Invalid user testing from 91.92.40.48
Jun 23 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: input_userauth_request: invalid user testing [preauth]
Jun 23 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Failed password for invalid user testing from 91.92.40.48 port 17052 ssh2
Jun 23 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Connection closed by 91.92.40.48 port 17052 [preauth]
Jun 23 06:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[300]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Invalid user more from 147.45.174.229
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: input_userauth_request: invalid user more [preauth]
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[366]: Successful su for rubyman by root
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[366]: + ??? root:rubyman
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575762 of user rubyman.
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[366]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575762.
Jun 23 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Invalid user centos from 91.92.40.48
Jun 23 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: input_userauth_request: invalid user centos [preauth]
Jun 23 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Failed password for invalid user more from 147.45.174.229 port 39900 ssh2
Jun 23 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Received disconnect from 147.45.174.229 port 39900:11: Bye Bye [preauth]
Jun 23 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Disconnected from 147.45.174.229 port 39900 [preauth]
Jun 23 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29932]: pam_unix(cron:session): session closed for user root
Jun 23 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[301]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Failed password for invalid user centos from 91.92.40.48 port 17098 ssh2
Jun 23 06:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Connection closed by 91.92.40.48 port 17098 [preauth]
Jun 23 06:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[388]: Invalid user soporte from 91.92.40.48
Jun 23 06:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[388]: input_userauth_request: invalid user soporte [preauth]
Jun 23 06:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[388]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[388]: Failed password for invalid user soporte from 91.92.40.48 port 10042 ssh2
Jun 23 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[388]: Connection closed by 91.92.40.48 port 10042 [preauth]
Jun 23 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Invalid user debian from 91.92.40.12
Jun 23 06:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Failed password for invalid user debian from 91.92.40.12 port 58736 ssh2
Jun 23 06:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Connection closed by 91.92.40.12 port 58736 [preauth]
Jun 23 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Invalid user student from 91.92.40.48
Jun 23 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: input_userauth_request: invalid user student [preauth]
Jun 23 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Invalid user ae from 144.225.187.123
Jun 23 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: input_userauth_request: invalid user ae [preauth]
Jun 23 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 06:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Failed password for invalid user student from 91.92.40.48 port 32870 ssh2
Jun 23 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: Failed password for root from 103.77.242.62 port 57016 ssh2
Jun 23 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: Connection closed by 103.77.242.62 port 57016 [preauth]
Jun 23 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Failed password for invalid user ae from 144.225.187.123 port 42030 ssh2
Jun 23 06:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Connection closed by 144.225.187.123 port 42030 [preauth]
Jun 23 06:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Connection closed by 91.92.40.48 port 32870 [preauth]
Jun 23 06:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[736]: Invalid user gd from 91.92.40.48
Jun 23 06:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[736]: input_userauth_request: invalid user gd [preauth]
Jun 23 06:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[736]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Invalid user kain from 2.57.121.112
Jun 23 06:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: input_userauth_request: invalid user kain [preauth]
Jun 23 06:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 06:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[736]: Failed password for invalid user gd from 91.92.40.48 port 32904 ssh2
Jun 23 06:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Failed password for invalid user kain from 2.57.121.112 port 30416 ssh2
Jun 23 06:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: Invalid user ftptest from 91.92.40.48
Jun 23 06:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: input_userauth_request: invalid user ftptest [preauth]
Jun 23 06:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[736]: Connection closed by 91.92.40.48 port 32904 [preauth]
Jun 23 06:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Failed password for invalid user kain from 2.57.121.112 port 30416 ssh2
Jun 23 06:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Failed password for invalid user kain from 2.57.121.112 port 30416 ssh2
Jun 23 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31900]: pam_unix(cron:session): session closed for user root
Jun 23 06:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: Failed password for invalid user ftptest from 91.92.40.48 port 14102 ssh2
Jun 23 06:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Failed password for invalid user kain from 2.57.121.112 port 30416 ssh2
Jun 23 06:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Failed password for invalid user kain from 2.57.121.112 port 30416 ssh2
Jun 23 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Connection closed by 2.57.121.112 port 30416 [preauth]
Jun 23 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: Connection closed by 91.92.40.48 port 14102 [preauth]
Jun 23 06:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Invalid user pi from 91.92.40.48
Jun 23 06:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: input_userauth_request: invalid user pi [preauth]
Jun 23 06:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Failed password for invalid user pi from 91.92.40.48 port 41960 ssh2
Jun 23 06:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Connection closed by 91.92.40.48 port 41960 [preauth]
Jun 23 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: Invalid user rock from 91.92.40.48
Jun 23 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: input_userauth_request: invalid user rock [preauth]
Jun 23 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Received disconnect from 148.153.121.146 port 41330:11: disconnected by user [preauth]
Jun 23 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Disconnected from 148.153.121.146 port 41330 [preauth]
Jun 23 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: Failed password for invalid user rock from 91.92.40.48 port 41982 ssh2
Jun 23 06:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: Connection closed by 91.92.40.48 port 41982 [preauth]
Jun 23 06:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: Failed password for root from 91.92.40.48 port 52774 ssh2
Jun 23 06:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: Connection closed by 91.92.40.48 port 52774 [preauth]
Jun 23 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: Invalid user telecomadmin from 144.225.187.123
Jun 23 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: input_userauth_request: invalid user telecomadmin [preauth]
Jun 23 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: Invalid user jenkins from 91.92.40.48
Jun 23 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: Failed password for invalid user telecomadmin from 144.225.187.123 port 34104 ssh2
Jun 23 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: Connection closed by 144.225.187.123 port 34104 [preauth]
Jun 23 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: Failed password for invalid user jenkins from 91.92.40.48 port 23704 ssh2
Jun 23 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[905]: pam_unix(cron:session): session closed for user root
Jun 23 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: Connection closed by 91.92.40.48 port 23704 [preauth]
Jun 23 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: Successful su for rubyman by root
Jun 23 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: + ??? root:rubyman
Jun 23 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575765 of user rubyman.
Jun 23 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575765.
Jun 23 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session closed for user root
Jun 23 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30377]: pam_unix(cron:session): session closed for user root
Jun 23 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: Invalid user oracle from 91.92.40.48
Jun 23 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: input_userauth_request: invalid user oracle [preauth]
Jun 23 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: Failed password for invalid user oracle from 91.92.40.48 port 57130 ssh2
Jun 23 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: Connection closed by 91.92.40.48 port 57130 [preauth]
Jun 23 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Invalid user abc from 91.92.40.48
Jun 23 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: input_userauth_request: invalid user abc [preauth]
Jun 23 06:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Failed password for invalid user abc from 91.92.40.48 port 49874 ssh2
Jun 23 06:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Connection closed by 91.92.40.48 port 49874 [preauth]
Jun 23 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Invalid user user from 91.92.40.48
Jun 23 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: input_userauth_request: invalid user user [preauth]
Jun 23 06:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Failed password for invalid user user from 91.92.40.48 port 49902 ssh2
Jun 23 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Connection closed by 91.92.40.48 port 49902 [preauth]
Jun 23 06:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: Invalid user debian from 91.92.40.48
Jun 23 06:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: Failed password for invalid user debian from 91.92.40.48 port 14114 ssh2
Jun 23 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: Connection closed by 91.92.40.48 port 14114 [preauth]
Jun 23 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32330]: pam_unix(cron:session): session closed for user root
Jun 23 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: Invalid user carlos from 91.92.40.48
Jun 23 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: input_userauth_request: invalid user carlos [preauth]
Jun 23 06:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Failed password for root from 144.225.187.123 port 52116 ssh2
Jun 23 06:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Connection closed by 144.225.187.123 port 52116 [preauth]
Jun 23 06:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: Failed password for invalid user carlos from 91.92.40.48 port 62174 ssh2
Jun 23 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1297]: Connection closed by 91.92.40.48 port 62174 [preauth]
Jun 23 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Invalid user hades from 91.92.40.48
Jun 23 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: input_userauth_request: invalid user hades [preauth]
Jun 23 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Failed password for invalid user hades from 91.92.40.48 port 42820 ssh2
Jun 23 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Connection closed by 91.92.40.48 port 42820 [preauth]
Jun 23 06:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Invalid user deployer from 91.92.40.48
Jun 23 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: input_userauth_request: invalid user deployer [preauth]
Jun 23 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Invalid user debian from 91.92.40.12
Jun 23 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Failed password for invalid user deployer from 91.92.40.48 port 42856 ssh2
Jun 23 06:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Connection closed by 91.92.40.48 port 42856 [preauth]
Jun 23 06:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for invalid user debian from 91.92.40.12 port 39572 ssh2
Jun 23 06:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Connection closed by 91.92.40.12 port 39572 [preauth]
Jun 23 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Invalid user server from 91.92.40.48
Jun 23 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: input_userauth_request: invalid user server [preauth]
Jun 23 06:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Failed password for invalid user server from 91.92.40.48 port 39440 ssh2
Jun 23 06:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Connection closed by 91.92.40.48 port 39440 [preauth]
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1428]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: Successful su for rubyman by root
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: + ??? root:rubyman
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575771 of user rubyman.
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575771.
Jun 23 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: Invalid user frappe from 91.92.40.48
Jun 23 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: input_userauth_request: invalid user frappe [preauth]
Jun 23 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30813]: pam_unix(cron:session): session closed for user root
Jun 23 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1430]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: Failed password for invalid user frappe from 91.92.40.48 port 54344 ssh2
Jun 23 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1415]: Connection closed by 91.92.40.48 port 54344 [preauth]
Jun 23 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: Invalid user debian from 91.92.40.48
Jun 23 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: Failed password for root from 144.225.187.123 port 49628 ssh2
Jun 23 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: Connection closed by 144.225.187.123 port 49628 [preauth]
Jun 23 06:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: Failed password for invalid user debian from 91.92.40.48 port 54376 ssh2
Jun 23 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1733]: Connection closed by 91.92.40.48 port 54376 [preauth]
Jun 23 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Invalid user app from 91.92.40.48
Jun 23 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: input_userauth_request: invalid user app [preauth]
Jun 23 06:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for invalid user app from 91.92.40.48 port 63686 ssh2
Jun 23 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Connection closed by 91.92.40.48 port 63686 [preauth]
Jun 23 06:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: Failed password for root from 91.92.40.48 port 19432 ssh2
Jun 23 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: Connection closed by 91.92.40.48 port 19432 [preauth]
Jun 23 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: Invalid user claude from 91.92.40.48
Jun 23 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: input_userauth_request: invalid user claude [preauth]
Jun 23 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[303]: pam_unix(cron:session): session closed for user root
Jun 23 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: Failed password for invalid user claude from 91.92.40.48 port 19512 ssh2
Jun 23 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Invalid user web from 91.92.40.48
Jun 23 06:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: input_userauth_request: invalid user web [preauth]
Jun 23 06:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: Connection closed by 91.92.40.48 port 19512 [preauth]
Jun 23 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Failed password for invalid user web from 91.92.40.48 port 56332 ssh2
Jun 23 06:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Connection closed by 91.92.40.48 port 56332 [preauth]
Jun 23 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: Failed password for root from 91.92.40.48 port 43426 ssh2
Jun 23 06:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: Connection closed by 91.92.40.48 port 43426 [preauth]
Jun 23 06:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: Failed password for root from 144.225.187.123 port 55098 ssh2
Jun 23 06:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: Connection closed by 144.225.187.123 port 55098 [preauth]
Jun 23 06:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: Failed password for root from 91.92.40.48 port 24872 ssh2
Jun 23 06:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: Connection closed by 91.92.40.48 port 24872 [preauth]
Jun 23 06:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: Invalid user ldap3 from 147.45.174.229
Jun 23 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: input_userauth_request: invalid user ldap3 [preauth]
Jun 23 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2025]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: Failed password for invalid user ldap3 from 147.45.174.229 port 44842 ssh2
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: Received disconnect from 147.45.174.229 port 44842:11: Bye Bye [preauth]
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: Disconnected from 147.45.174.229 port 44842 [preauth]
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2103]: Successful su for rubyman by root
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2103]: + ??? root:rubyman
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575776 of user rubyman.
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2103]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575776.
Jun 23 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: Failed password for root from 91.92.40.48 port 24924 ssh2
Jun 23 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: Connection closed by 91.92.40.48 port 24924 [preauth]
Jun 23 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session closed for user root
Jun 23 06:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2026]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Failed password for root from 91.92.40.48 port 31196 ssh2
Jun 23 06:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 06:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Connection closed by 91.92.40.48 port 31196 [preauth]
Jun 23 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Failed password for root from 87.251.79.125 port 50130 ssh2
Jun 23 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Connection closed by 87.251.79.125 port 50130 [preauth]
Jun 23 06:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Failed password for root from 103.82.132.16 port 57648 ssh2
Jun 23 06:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Connection closed by 103.82.132.16 port 57648 [preauth]
Jun 23 06:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: Failed password for root from 91.92.40.48 port 31220 ssh2
Jun 23 06:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: Connection closed by 91.92.40.48 port 31220 [preauth]
Jun 23 06:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Invalid user pds from 91.92.40.48
Jun 23 06:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: input_userauth_request: invalid user pds [preauth]
Jun 23 06:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Failed password for invalid user pds from 91.92.40.48 port 36560 ssh2
Jun 23 06:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Invalid user debian from 91.92.40.12
Jun 23 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Connection closed by 91.92.40.48 port 36560 [preauth]
Jun 23 06:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: Invalid user andrew from 91.92.40.48
Jun 23 06:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: input_userauth_request: invalid user andrew [preauth]
Jun 23 06:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Failed password for invalid user debian from 91.92.40.12 port 54074 ssh2
Jun 23 06:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Connection closed by 91.92.40.12 port 54074 [preauth]
Jun 23 06:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: Failed password for invalid user andrew from 91.92.40.48 port 64016 ssh2
Jun 23 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: Connection closed by 91.92.40.48 port 64016 [preauth]
Jun 23 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[904]: pam_unix(cron:session): session closed for user root
Jun 23 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: Invalid user elasticsearch from 91.92.40.48
Jun 23 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: Failed password for root from 144.225.187.123 port 38306 ssh2
Jun 23 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: Failed password for invalid user elasticsearch from 91.92.40.48 port 64050 ssh2
Jun 23 06:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: Connection closed by 144.225.187.123 port 38306 [preauth]
Jun 23 06:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: Connection closed by 91.92.40.48 port 64050 [preauth]
Jun 23 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: Invalid user odoo from 91.92.40.48
Jun 23 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: input_userauth_request: invalid user odoo [preauth]
Jun 23 06:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: Failed password for invalid user odoo from 91.92.40.48 port 14960 ssh2
Jun 23 06:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: Connection closed by 91.92.40.48 port 14960 [preauth]
Jun 23 06:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: Invalid user a from 91.92.40.48
Jun 23 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: input_userauth_request: invalid user a [preauth]
Jun 23 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: Failed password for invalid user a from 91.92.40.48 port 23152 ssh2
Jun 23 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: Connection closed by 91.92.40.48 port 23152 [preauth]
Jun 23 06:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Invalid user user2 from 91.92.40.48
Jun 23 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: input_userauth_request: invalid user user2 [preauth]
Jun 23 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Failed password for invalid user user2 from 91.92.40.48 port 41940 ssh2
Jun 23 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Connection closed by 91.92.40.48 port 41940 [preauth]
Jun 23 06:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2497]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: Bad protocol version identification '\026\003\001' from 65.49.1.94 port 45544
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: Successful su for rubyman by root
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: + ??? root:rubyman
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575780 of user rubyman.
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575780.
Jun 23 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2485]: Failed password for root from 91.92.40.48 port 26490 ssh2
Jun 23 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31899]: pam_unix(cron:session): session closed for user root
Jun 23 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2485]: Connection closed by 91.92.40.48 port 26490 [preauth]
Jun 23 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2499]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for root from 91.92.40.48 port 26540 ssh2
Jun 23 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Connection closed by 91.92.40.48 port 26540 [preauth]
Jun 23 06:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Invalid user user from 91.92.40.48
Jun 23 06:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: input_userauth_request: invalid user user [preauth]
Jun 23 06:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Failed password for invalid user user from 91.92.40.48 port 55514 ssh2
Jun 23 06:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Connection closed by 91.92.40.48 port 55514 [preauth]
Jun 23 06:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2802]: Failed password for root from 91.92.40.48 port 16738 ssh2
Jun 23 06:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2802]: Connection closed by 91.92.40.48 port 16738 [preauth]
Jun 23 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Invalid user postgres from 91.92.40.48
Jun 23 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: input_userauth_request: invalid user postgres [preauth]
Jun 23 06:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1443]: pam_unix(cron:session): session closed for user root
Jun 23 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user postgres from 91.92.40.48 port 16778 ssh2
Jun 23 06:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Connection closed by 91.92.40.48 port 16778 [preauth]
Jun 23 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: Failed password for root from 91.92.40.48 port 48398 ssh2
Jun 23 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: Connection closed by 91.92.40.48 port 48398 [preauth]
Jun 23 06:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Invalid user git from 91.92.40.48
Jun 23 06:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: input_userauth_request: invalid user git [preauth]
Jun 23 06:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Failed password for invalid user git from 91.92.40.48 port 23540 ssh2
Jun 23 06:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Connection closed by 91.92.40.48 port 23540 [preauth]
Jun 23 06:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: Invalid user rogelio from 91.92.40.48
Jun 23 06:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: input_userauth_request: invalid user rogelio [preauth]
Jun 23 06:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: Failed password for invalid user rogelio from 91.92.40.48 port 23584 ssh2
Jun 23 06:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: Connection closed by 91.92.40.48 port 23584 [preauth]
Jun 23 06:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: Invalid user debian from 91.92.40.12
Jun 23 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2936]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Failed password for root from 91.92.40.48 port 20222 ssh2
Jun 23 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2934]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2994]: Successful su for rubyman by root
Jun 23 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2994]: + ??? root:rubyman
Jun 23 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575784 of user rubyman.
Jun 23 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2994]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575784.
Jun 23 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Connection closed by 91.92.40.48 port 20222 [preauth]
Jun 23 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: Failed password for invalid user debian from 91.92.40.12 port 54298 ssh2
Jun 23 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: Connection closed by 91.92.40.12 port 54298 [preauth]
Jun 23 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32329]: pam_unix(cron:session): session closed for user root
Jun 23 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Invalid user minecraft from 91.92.40.48
Jun 23 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2935]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Failed password for invalid user minecraft from 91.92.40.48 port 61958 ssh2
Jun 23 06:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Connection closed by 91.92.40.48 port 61958 [preauth]
Jun 23 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: Invalid user ftpadmin from 91.92.40.48
Jun 23 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: input_userauth_request: invalid user ftpadmin [preauth]
Jun 23 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: Failed password for invalid user ftpadmin from 91.92.40.48 port 41058 ssh2
Jun 23 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: Connection closed by 91.92.40.48 port 41058 [preauth]
Jun 23 06:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Failed password for root from 91.92.40.48 port 41106 ssh2
Jun 23 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Connection closed by 91.92.40.48 port 41106 [preauth]
Jun 23 06:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Failed password for root from 144.225.187.123 port 53074 ssh2
Jun 23 06:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Invalid user ftpuser2 from 91.92.40.48
Jun 23 06:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: input_userauth_request: invalid user ftpuser2 [preauth]
Jun 23 06:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Connection closed by 144.225.187.123 port 53074 [preauth]
Jun 23 06:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Failed password for invalid user ftpuser2 from 91.92.40.48 port 49964 ssh2
Jun 23 06:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Connection closed by 91.92.40.48 port 49964 [preauth]
Jun 23 06:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Invalid user testuser from 91.92.40.48
Jun 23 06:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: input_userauth_request: invalid user testuser [preauth]
Jun 23 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session closed for user root
Jun 23 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Failed password for invalid user testuser from 91.92.40.48 port 25364 ssh2
Jun 23 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Connection closed by 91.92.40.48 port 25364 [preauth]
Jun 23 06:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Failed password for root from 91.92.40.48 port 25398 ssh2
Jun 23 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Connection closed by 91.92.40.48 port 25398 [preauth]
Jun 23 06:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: Invalid user zabbix from 91.92.40.48
Jun 23 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: input_userauth_request: invalid user zabbix [preauth]
Jun 23 06:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: Failed password for invalid user zabbix from 91.92.40.48 port 23972 ssh2
Jun 23 06:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: Connection closed by 91.92.40.48 port 23972 [preauth]
Jun 23 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: Invalid user gz from 147.45.174.229
Jun 23 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: input_userauth_request: invalid user gz [preauth]
Jun 23 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: Failed password for invalid user gz from 147.45.174.229 port 46414 ssh2
Jun 23 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: Received disconnect from 147.45.174.229 port 46414:11: Bye Bye [preauth]
Jun 23 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: Disconnected from 147.45.174.229 port 46414 [preauth]
Jun 23 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Invalid user steam from 91.92.40.48
Jun 23 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: input_userauth_request: invalid user steam [preauth]
Jun 23 06:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Failed password for invalid user steam from 91.92.40.48 port 60686 ssh2
Jun 23 06:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Connection closed by 91.92.40.48 port 60686 [preauth]
Jun 23 06:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: Invalid user myuser from 91.92.40.48
Jun 23 06:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: input_userauth_request: invalid user myuser [preauth]
Jun 23 06:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3355]: pam_unix(cron:session): session closed for user root
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3416]: Successful su for rubyman by root
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3416]: + ??? root:rubyman
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575791 of user rubyman.
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3416]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575791.
Jun 23 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: Failed password for invalid user myuser from 91.92.40.48 port 16594 ssh2
Jun 23 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: Connection closed by 91.92.40.48 port 16594 [preauth]
Jun 23 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session closed for user root
Jun 23 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[302]: pam_unix(cron:session): session closed for user root
Jun 23 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: Failed password for root from 91.92.40.48 port 16650 ssh2
Jun 23 06:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: Connection closed by 91.92.40.48 port 16650 [preauth]
Jun 23 06:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: Failed password for root from 91.92.40.48 port 47824 ssh2
Jun 23 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: Connection closed by 91.92.40.48 port 47824 [preauth]
Jun 23 06:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: Invalid user rdpuser from 91.92.40.48
Jun 23 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 06:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: Failed password for invalid user rdpuser from 91.92.40.48 port 63952 ssh2
Jun 23 06:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3664]: Connection closed by 91.92.40.48 port 63952 [preauth]
Jun 23 06:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Failed password for invalid user ubuntu from 91.92.40.48 port 64002 ssh2
Jun 23 06:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Invalid user debian from 91.92.40.12
Jun 23 06:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: input_userauth_request: invalid user debian [preauth]
Jun 23 06:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Connection closed by 91.92.40.48 port 64002 [preauth]
Jun 23 06:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2501]: pam_unix(cron:session): session closed for user root
Jun 23 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Failed password for invalid user debian from 91.92.40.12 port 57176 ssh2
Jun 23 06:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Connection closed by 91.92.40.12 port 57176 [preauth]
Jun 23 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Invalid user adminuser from 91.92.40.48
Jun 23 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: input_userauth_request: invalid user adminuser [preauth]
Jun 23 06:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Failed password for invalid user adminuser from 91.92.40.48 port 37328 ssh2
Jun 23 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Connection closed by 91.92.40.48 port 37328 [preauth]
Jun 23 06:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: Invalid user ranga from 91.92.40.48
Jun 23 06:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: input_userauth_request: invalid user ranga [preauth]
Jun 23 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: Failed password for invalid user ranga from 91.92.40.48 port 32420 ssh2
Jun 23 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: Connection closed by 91.92.40.48 port 32420 [preauth]
Jun 23 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3920]: Invalid user postgres from 91.92.40.48
Jun 23 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3920]: input_userauth_request: invalid user postgres [preauth]
Jun 23 06:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3920]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3920]: Failed password for invalid user postgres from 91.92.40.48 port 32444 ssh2
Jun 23 06:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3920]: Connection closed by 91.92.40.48 port 32444 [preauth]
Jun 23 06:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Invalid user jarvis from 91.92.40.48
Jun 23 06:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: input_userauth_request: invalid user jarvis [preauth]
Jun 23 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: Successful su for rubyman by root
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: + ??? root:rubyman
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575795 of user rubyman.
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575795.
Jun 23 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Failed password for invalid user jarvis from 91.92.40.48 port 44570 ssh2
Jun 23 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Connection closed by 91.92.40.48 port 44570 [preauth]
Jun 23 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Invalid user remoteuser from 147.182.183.153
Jun 23 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: input_userauth_request: invalid user remoteuser [preauth]
Jun 23 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Invalid user claude from 91.92.40.48
Jun 23 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: input_userauth_request: invalid user claude [preauth]
Jun 23 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Failed password for invalid user remoteuser from 147.182.183.153 port 40786 ssh2
Jun 23 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Received disconnect from 147.182.183.153 port 40786:11: Bye Bye [preauth]
Jun 23 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Disconnected from 147.182.183.153 port 40786 [preauth]
Jun 23 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session closed for user root
Jun 23 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3950]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Failed password for invalid user claude from 91.92.40.48 port 64258 ssh2
Jun 23 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Connection closed by 91.92.40.48 port 64258 [preauth]
Jun 23 06:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: Invalid user azureuser from 91.92.40.48
Jun 23 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 06:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: Failed password for root from 144.225.187.123 port 53846 ssh2
Jun 23 06:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: Failed password for invalid user azureuser from 91.92.40.48 port 31412 ssh2
Jun 23 06:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: Connection closed by 91.92.40.48 port 31412 [preauth]
Jun 23 06:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: Connection closed by 144.225.187.123 port 53846 [preauth]
Jun 23 06:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: Invalid user ai from 91.92.40.48
Jun 23 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: input_userauth_request: invalid user ai [preauth]
Jun 23 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: Failed password for invalid user ai from 91.92.40.48 port 31450 ssh2
Jun 23 06:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: Connection closed by 91.92.40.48 port 31450 [preauth]
Jun 23 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4304]: Invalid user kim from 91.92.40.48
Jun 23 06:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4304]: input_userauth_request: invalid user kim [preauth]
Jun 23 06:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4304]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4304]: Failed password for invalid user kim from 91.92.40.48 port 21728 ssh2
Jun 23 06:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4304]: Connection closed by 91.92.40.48 port 21728 [preauth]
Jun 23 06:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session closed for user root
Jun 23 06:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Failed password for root from 91.92.40.48 port 31366 ssh2
Jun 23 06:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Connection closed by 91.92.40.48 port 31366 [preauth]
Jun 23 06:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: Invalid user aiuser from 91.92.40.48
Jun 23 06:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: input_userauth_request: invalid user aiuser [preauth]
Jun 23 06:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: Failed password for invalid user aiuser from 91.92.40.48 port 31412 ssh2
Jun 23 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: Connection closed by 91.92.40.48 port 31412 [preauth]
Jun 23 06:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4384]: Failed password for root from 91.92.40.48 port 35678 ssh2
Jun 23 06:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4384]: Connection closed by 91.92.40.48 port 35678 [preauth]
Jun 23 06:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Invalid user user from 91.92.40.48
Jun 23 06:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: input_userauth_request: invalid user user [preauth]
Jun 23 06:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Failed password for invalid user user from 91.92.40.48 port 35778 ssh2
Jun 23 06:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Connection closed by 91.92.40.48 port 35778 [preauth]
Jun 23 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: Invalid user matt from 91.92.40.48
Jun 23 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: input_userauth_request: invalid user matt [preauth]
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4437]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4498]: Successful su for rubyman by root
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4498]: + ??? root:rubyman
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575798 of user rubyman.
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4498]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575798.
Jun 23 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Invalid user deploy from 91.92.40.12
Jun 23 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1431]: pam_unix(cron:session): session closed for user root
Jun 23 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: Failed password for invalid user matt from 91.92.40.48 port 13984 ssh2
Jun 23 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Failed password for invalid user deploy from 91.92.40.12 port 57342 ssh2
Jun 23 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4438]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Connection closed by 91.92.40.12 port 57342 [preauth]
Jun 23 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4417]: Connection closed by 91.92.40.48 port 13984 [preauth]
Jun 23 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: Failed password for invalid user ubuntu from 91.92.40.48 port 50428 ssh2
Jun 23 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: Connection closed by 91.92.40.48 port 50428 [preauth]
Jun 23 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: Invalid user root1 from 91.92.40.48
Jun 23 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: input_userauth_request: invalid user root1 [preauth]
Jun 23 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: Failed password for invalid user root1 from 91.92.40.48 port 47482 ssh2
Jun 23 06:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: Connection closed by 91.92.40.48 port 47482 [preauth]
Jun 23 06:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Invalid user spark from 91.92.40.48
Jun 23 06:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: input_userauth_request: invalid user spark [preauth]
Jun 23 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for invalid user spark from 91.92.40.48 port 33202 ssh2
Jun 23 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Connection closed by 91.92.40.48 port 33202 [preauth]
Jun 23 06:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Invalid user deploy from 91.92.40.48
Jun 23 06:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Failed password for invalid user deploy from 91.92.40.48 port 33270 ssh2
Jun 23 06:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Connection closed by 91.92.40.48 port 33270 [preauth]
Jun 23 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3354]: pam_unix(cron:session): session closed for user root
Jun 23 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Invalid user devops from 91.92.40.48
Jun 23 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: input_userauth_request: invalid user devops [preauth]
Jun 23 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Failed password for invalid user devops from 91.92.40.48 port 17910 ssh2
Jun 23 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Connection closed by 91.92.40.48 port 17910 [preauth]
Jun 23 06:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: Invalid user runner from 91.92.40.48
Jun 23 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: input_userauth_request: invalid user runner [preauth]
Jun 23 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4902]: Failed password for root from 62.133.62.83 port 46376 ssh2
Jun 23 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4902]: Connection closed by 62.133.62.83 port 46376 [preauth]
Jun 23 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: Failed password for invalid user runner from 91.92.40.48 port 53682 ssh2
Jun 23 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: Connection closed by 91.92.40.48 port 53682 [preauth]
Jun 23 06:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Failed password for root from 91.92.40.48 port 53744 ssh2
Jun 23 06:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Connection closed by 91.92.40.48 port 53744 [preauth]
Jun 23 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Invalid user asian from 147.45.174.229
Jun 23 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: input_userauth_request: invalid user asian [preauth]
Jun 23 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Failed password for invalid user asian from 147.45.174.229 port 39650 ssh2
Jun 23 06:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Received disconnect from 147.45.174.229 port 39650:11: Bye Bye [preauth]
Jun 23 06:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Disconnected from 147.45.174.229 port 39650 [preauth]
Jun 23 06:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Invalid user redmine from 91.92.40.48
Jun 23 06:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: input_userauth_request: invalid user redmine [preauth]
Jun 23 06:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Failed password for invalid user redmine from 91.92.40.48 port 55684 ssh2
Jun 23 06:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Connection closed by 91.92.40.48 port 55684 [preauth]
Jun 23 06:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4981]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Invalid user anders from 91.92.40.48
Jun 23 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: input_userauth_request: invalid user anders [preauth]
Jun 23 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5039]: Successful su for rubyman by root
Jun 23 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5039]: + ??? root:rubyman
Jun 23 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575801 of user rubyman.
Jun 23 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5039]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575801.
Jun 23 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2027]: pam_unix(cron:session): session closed for user root
Jun 23 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Failed password for invalid user anders from 91.92.40.48 port 10804 ssh2
Jun 23 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Connection closed by 91.92.40.48 port 10804 [preauth]
Jun 23 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4982]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Failed password for root from 144.225.187.123 port 48360 ssh2
Jun 23 06:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Connection closed by 144.225.187.123 port 48360 [preauth]
Jun 23 06:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: Invalid user sam from 91.92.40.48
Jun 23 06:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: input_userauth_request: invalid user sam [preauth]
Jun 23 06:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: Failed password for invalid user sam from 91.92.40.48 port 10880 ssh2
Jun 23 06:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: Connection closed by 91.92.40.48 port 10880 [preauth]
Jun 23 06:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Invalid user test from 91.92.40.48
Jun 23 06:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: input_userauth_request: invalid user test [preauth]
Jun 23 06:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Failed password for invalid user test from 91.92.40.48 port 19902 ssh2
Jun 23 06:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Connection closed by 91.92.40.48 port 19902 [preauth]
Jun 23 06:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: Invalid user alpha from 91.92.40.48
Jun 23 06:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: input_userauth_request: invalid user alpha [preauth]
Jun 23 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: Failed password for invalid user alpha from 91.92.40.48 port 63564 ssh2
Jun 23 06:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: Connection closed by 91.92.40.48 port 63564 [preauth]
Jun 23 06:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3953]: pam_unix(cron:session): session closed for user root
Jun 23 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Failed password for root from 91.92.40.48 port 12100 ssh2
Jun 23 06:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Connection closed by 91.92.40.48 port 12100 [preauth]
Jun 23 06:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Invalid user fox from 91.92.40.48
Jun 23 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: input_userauth_request: invalid user fox [preauth]
Jun 23 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5337]: Invalid user deploy from 91.92.40.12
Jun 23 06:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5337]: input_userauth_request: invalid user deploy [preauth]
Jun 23 06:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for invalid user fox from 91.92.40.48 port 12162 ssh2
Jun 23 06:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5337]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 06:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Connection closed by 91.92.40.48 port 12162 [preauth]
Jun 23 06:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5337]: Failed password for invalid user deploy from 91.92.40.12 port 42224 ssh2
Jun 23 06:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5337]: Connection closed by 91.92.40.12 port 42224 [preauth]
Jun 23 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: Invalid user admin from 91.92.40.48
Jun 23 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: input_userauth_request: invalid user admin [preauth]
Jun 23 06:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: Failed password for invalid user admin from 91.92.40.48 port 36306 ssh2
Jun 23 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: Connection closed by 91.92.40.48 port 36306 [preauth]
Jun 23 06:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: Invalid user moodle from 91.92.40.48
Jun 23 06:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: input_userauth_request: invalid user moodle [preauth]
Jun 23 06:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: Failed password for invalid user moodle from 91.92.40.48 port 65278 ssh2
Jun 23 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: Connection closed by 91.92.40.48 port 65278 [preauth]
Jun 23 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: Failed password for root from 144.225.187.123 port 33922 ssh2
Jun 23 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Invalid user ubuntu from 91.92.40.48
Jun 23 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: Connection closed by 144.225.187.123 port 33922 [preauth]
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5406]: pam_unix(cron:session): session closed for user p13x
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5468]: Successful su for rubyman by root
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5468]: + ??? root:rubyman
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575805 of user rubyman.
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5468]: pam_unix(su:session): session closed for user rubyman
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575805.
Jun 23 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Failed password for invalid user ubuntu from 91.92.40.48 port 65380 ssh2
Jun 23 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Connection closed by 91.92.40.48 port 65380 [preauth]
Jun 23 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2500]: pam_unix(cron:session): session closed for user root
Jun 23 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5407]: pam_unix(cron:session): session closed for user samftp
Jun 23 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Invalid user user from 91.92.40.48
Jun 23 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: input_userauth_request: invalid user user [preauth]
Jun 23 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Failed password for invalid user user from 91.92.40.48 port 47482 ssh2
Jun 23 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Connection closed by 91.92.40.48 port 47482 [preauth]
Jun 23 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Invalid user test from 91.92.40.48
Jun 23 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: input_userauth_request: invalid user test [preauth]
Jun 23 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Failed password for invalid user test from 91.92.40.48 port 12546 ssh2
Jun 23 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Connection closed by 91.92.40.48 port 12546 [preauth]
Jun 23 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: Invalid user user from 91.92.40.48
Jun 23 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: input_userauth_request: invalid user user [preauth]
Jun 23 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: Failed password for invalid user user from 91.92.40.48 port 22150 ssh2
Jun 23 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: Connection closed by 91.92.40.48 port 22150 [preauth]
Jun 23 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Failed password for root from 91.92.40.48 port 22186 ssh2
Jun 23 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4440]: pam_unix(cron:session): session closed for user root
Jun 23 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Connection closed by 91.92.40.48 port 22186 [preauth]
Jun 23 06:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Invalid user jenkins from 91.92.40.48
Jun 23 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: Failed password for root from 144.225.187.123 port 49748 ssh2
Jun 23 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: Connection closed by 144.225.187.123 port 49748 [preauth]
Jun 23 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Failed password for invalid user jenkins from 91.92.40.48 port 37142 ssh2
Jun 23 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Connection closed by 91.92.40.48 port 37142 [preauth]
Jun 23 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: Invalid user odoo from 91.92.40.48
Jun 23 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: input_userauth_request: invalid user odoo [preauth]
Jun 23 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: Failed password for invalid user odoo from 91.92.40.48 port 37176 ssh2
Jun 23 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: Connection closed by 91.92.40.48 port 37176 [preauth]
Jun 23 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Invalid user headscale from 91.92.40.48
Jun 23 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: input_userauth_request: invalid user headscale [preauth]
Jun 23 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Failed password for invalid user headscale from 91.92.40.48 port 18010 ssh2
Jun 23 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Connection closed by 91.92.40.48 port 18010 [preauth]
Jun 23 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5795]: Invalid user ftpuser from 91.92.40.48
Jun 23 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5795]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 06:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5795]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 06:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5795]: Failed password for invalid user ftpuser from 91.92.40.48 port 47090 ssh2
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5825]: pam_unix(cron:session): session closed for user root
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5821]: pam_unix(cron:session): session closed for user root
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5819]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5911]: Successful su for rubyman by root
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5911]: + ??? root:rubyman
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575809 of user rubyman.
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5911]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575809.
Jun 23 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5795]: Connection closed by 91.92.40.48 port 47090 [preauth]
Jun 23 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5822]: pam_unix(cron:session): session closed for user root
Jun 23 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2936]: pam_unix(cron:session): session closed for user root
Jun 23 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: Invalid user chris from 91.92.40.48
Jun 23 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: input_userauth_request: invalid user chris [preauth]
Jun 23 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5820]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: Failed password for invalid user chris from 91.92.40.48 port 40488 ssh2
Jun 23 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5806]: Connection closed by 91.92.40.48 port 40488 [preauth]
Jun 23 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Invalid user minecraft from 91.92.40.48
Jun 23 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Failed password for invalid user minecraft from 91.92.40.48 port 40588 ssh2
Jun 23 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: Failed password for root from 144.225.187.123 port 40316 ssh2
Jun 23 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Connection closed by 91.92.40.48 port 40588 [preauth]
Jun 23 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: Connection closed by 144.225.187.123 port 40316 [preauth]
Jun 23 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: Invalid user deploy from 91.92.40.12
Jun 23 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: input_userauth_request: invalid user deploy [preauth]
Jun 23 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: Failed password for invalid user deploy from 91.92.40.12 port 44628 ssh2
Jun 23 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: Connection closed by 91.92.40.12 port 44628 [preauth]
Jun 23 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: Failed password for root from 91.92.40.48 port 27912 ssh2
Jun 23 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6143]: Connection closed by 91.92.40.48 port 27912 [preauth]
Jun 23 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: Failed password for root from 91.92.40.48 port 22996 ssh2
Jun 23 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: Connection closed by 91.92.40.48 port 22996 [preauth]
Jun 23 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: User mysql from 91.92.40.48 not allowed because not listed in AllowUsers
Jun 23 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: input_userauth_request: invalid user mysql [preauth]
Jun 23 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4984]: pam_unix(cron:session): session closed for user root
Jun 23 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=mysql
Jun 23 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Failed password for invalid user mysql from 91.92.40.48 port 23044 ssh2
Jun 23 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Connection closed by 91.92.40.48 port 23044 [preauth]
Jun 23 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: Invalid user bot from 91.92.40.48
Jun 23 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: input_userauth_request: invalid user bot [preauth]
Jun 23 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: Failed password for invalid user bot from 91.92.40.48 port 42814 ssh2
Jun 23 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: Connection closed by 91.92.40.48 port 42814 [preauth]
Jun 23 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Invalid user bpadmin from 91.92.40.48
Jun 23 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: input_userauth_request: invalid user bpadmin [preauth]
Jun 23 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Invalid user usuarios from 147.45.174.229
Jun 23 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: input_userauth_request: invalid user usuarios [preauth]
Jun 23 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Failed password for root from 144.225.187.123 port 40748 ssh2
Jun 23 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Failed password for invalid user usuarios from 147.45.174.229 port 60150 ssh2
Jun 23 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Received disconnect from 147.45.174.229 port 60150:11: Bye Bye [preauth]
Jun 23 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Disconnected from 147.45.174.229 port 60150 [preauth]
Jun 23 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Connection closed by 144.225.187.123 port 40748 [preauth]
Jun 23 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Failed password for invalid user bpadmin from 91.92.40.48 port 36172 ssh2
Jun 23 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Connection closed by 91.92.40.48 port 36172 [preauth]
Jun 23 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: Failed password for root from 91.92.40.48 port 43180 ssh2
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6329]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6399]: Successful su for rubyman by root
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6399]: + ??? root:rubyman
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575816 of user rubyman.
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6399]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575816.
Jun 23 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6306]: Connection closed by 91.92.40.48 port 43180 [preauth]
Jun 23 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Invalid user pakchoi from 91.92.40.48
Jun 23 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: input_userauth_request: invalid user pakchoi [preauth]
Jun 23 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3353]: pam_unix(cron:session): session closed for user root
Jun 23 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6330]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Failed password for invalid user pakchoi from 91.92.40.48 port 43226 ssh2
Jun 23 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Connection closed by 91.92.40.48 port 43226 [preauth]
Jun 23 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Invalid user test from 91.92.40.48
Jun 23 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: input_userauth_request: invalid user test [preauth]
Jun 23 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Failed password for invalid user test from 91.92.40.48 port 14166 ssh2
Jun 23 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Connection closed by 91.92.40.48 port 14166 [preauth]
Jun 23 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6587]: Invalid user pi from 91.92.40.48
Jun 23 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6587]: input_userauth_request: invalid user pi [preauth]
Jun 23 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6587]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6587]: Failed password for invalid user pi from 91.92.40.48 port 30718 ssh2
Jun 23 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6587]: Connection closed by 91.92.40.48 port 30718 [preauth]
Jun 23 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: Invalid user bob from 91.92.40.48
Jun 23 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: input_userauth_request: invalid user bob [preauth]
Jun 23 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: Failed password for invalid user bob from 91.92.40.48 port 48184 ssh2
Jun 23 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: Connection closed by 91.92.40.48 port 48184 [preauth]
Jun 23 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: Failed password for root from 144.225.187.123 port 49694 ssh2
Jun 23 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: Connection closed by 144.225.187.123 port 49694 [preauth]
Jun 23 07:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: Invalid user deploy from 91.92.40.48
Jun 23 07:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: input_userauth_request: invalid user deploy [preauth]
Jun 23 07:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session closed for user root
Jun 23 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: Failed password for invalid user deploy from 91.92.40.48 port 48274 ssh2
Jun 23 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: Received disconnect from 198.38.85.149 port 57912:11: disconnected by user [preauth]
Jun 23 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6660]: Disconnected from 198.38.85.149 port 57912 [preauth]
Jun 23 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6648]: Connection closed by 91.92.40.48 port 48274 [preauth]
Jun 23 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Invalid user testuser from 91.92.40.48
Jun 23 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: input_userauth_request: invalid user testuser [preauth]
Jun 23 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Failed password for invalid user testuser from 91.92.40.48 port 52028 ssh2
Jun 23 07:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Connection closed by 91.92.40.48 port 52028 [preauth]
Jun 23 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Invalid user openclaw from 91.92.40.48
Jun 23 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Invalid user deploy from 91.92.40.12
Jun 23 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: input_userauth_request: invalid user deploy [preauth]
Jun 23 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Failed password for invalid user deploy from 91.92.40.12 port 44280 ssh2
Jun 23 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Connection closed by 91.92.40.12 port 44280 [preauth]
Jun 23 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Failed password for invalid user openclaw from 91.92.40.48 port 41822 ssh2
Jun 23 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: Failed password for root from 103.149.28.157 port 40322 ssh2
Jun 23 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: Connection closed by 103.149.28.157 port 40322 [preauth]
Jun 23 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Connection closed by 91.92.40.48 port 41822 [preauth]
Jun 23 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Failed password for root from 91.92.40.48 port 54838 ssh2
Jun 23 07:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Connection closed by 91.92.40.48 port 54838 [preauth]
Jun 23 07:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Invalid user user from 91.92.40.48
Jun 23 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: input_userauth_request: invalid user user [preauth]
Jun 23 07:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6761]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Failed password for invalid user user from 91.92.40.48 port 54900 ssh2
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6831]: Successful su for rubyman by root
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6831]: + ??? root:rubyman
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575820 of user rubyman.
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6831]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575820.
Jun 23 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Connection closed by 91.92.40.48 port 54900 [preauth]
Jun 23 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: Failed password for root from 144.225.187.123 port 40272 ssh2
Jun 23 07:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: Connection closed by 144.225.187.123 port 40272 [preauth]
Jun 23 07:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3952]: pam_unix(cron:session): session closed for user root
Jun 23 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: Invalid user git from 91.92.40.48
Jun 23 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: input_userauth_request: invalid user git [preauth]
Jun 23 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6762]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: Failed password for invalid user git from 91.92.40.48 port 52194 ssh2
Jun 23 07:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: Connection closed by 91.92.40.48 port 52194 [preauth]
Jun 23 07:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Failed password for root from 91.92.40.48 port 29118 ssh2
Jun 23 07:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Connection closed by 91.92.40.48 port 29118 [preauth]
Jun 23 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Invalid user aaa from 91.92.40.48
Jun 23 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: input_userauth_request: invalid user aaa [preauth]
Jun 23 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Failed password for invalid user aaa from 91.92.40.48 port 35474 ssh2
Jun 23 07:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Connection closed by 91.92.40.48 port 35474 [preauth]
Jun 23 07:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Invalid user cloud from 91.92.40.48
Jun 23 07:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: input_userauth_request: invalid user cloud [preauth]
Jun 23 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Failed password for invalid user cloud from 91.92.40.48 port 35536 ssh2
Jun 23 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Connection closed by 91.92.40.48 port 35536 [preauth]
Jun 23 07:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5824]: pam_unix(cron:session): session closed for user root
Jun 23 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: Invalid user joe from 91.92.40.48
Jun 23 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: input_userauth_request: invalid user joe [preauth]
Jun 23 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: Failed password for invalid user joe from 91.92.40.48 port 46898 ssh2
Jun 23 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: Connection closed by 91.92.40.48 port 46898 [preauth]
Jun 23 07:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: Failed password for root from 144.225.187.123 port 33904 ssh2
Jun 23 07:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: Connection closed by 144.225.187.123 port 33904 [preauth]
Jun 23 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Invalid user ubuntu from 91.92.40.48
Jun 23 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 07:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Failed password for invalid user ubuntu from 91.92.40.48 port 63254 ssh2
Jun 23 07:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Connection closed by 91.92.40.48 port 63254 [preauth]
Jun 23 07:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Failed password for root from 91.92.40.48 port 63310 ssh2
Jun 23 07:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Connection closed by 91.92.40.48 port 63310 [preauth]
Jun 23 07:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: Invalid user test from 91.92.40.48
Jun 23 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: input_userauth_request: invalid user test [preauth]
Jun 23 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: Failed password for invalid user test from 91.92.40.48 port 10236 ssh2
Jun 23 07:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: Connection closed by 91.92.40.48 port 10236 [preauth]
Jun 23 07:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7280]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7346]: Successful su for rubyman by root
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7346]: + ??? root:rubyman
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575824 of user rubyman.
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7346]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575824.
Jun 23 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: Invalid user martin from 91.92.40.48
Jun 23 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: input_userauth_request: invalid user martin [preauth]
Jun 23 07:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4439]: pam_unix(cron:session): session closed for user root
Jun 23 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: Failed password for invalid user martin from 91.92.40.48 port 41216 ssh2
Jun 23 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7281]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: Connection closed by 91.92.40.48 port 41216 [preauth]
Jun 23 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7523]: Invalid user developer1 from 91.92.40.48
Jun 23 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7523]: input_userauth_request: invalid user developer1 [preauth]
Jun 23 07:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7523]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7523]: Failed password for invalid user developer1 from 91.92.40.48 port 41340 ssh2
Jun 23 07:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: Failed password for root from 144.225.187.123 port 47776 ssh2
Jun 23 07:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: Connection closed by 144.225.187.123 port 47776 [preauth]
Jun 23 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7523]: Connection closed by 91.92.40.48 port 41340 [preauth]
Jun 23 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Invalid user b2 from 91.92.40.48
Jun 23 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: input_userauth_request: invalid user b2 [preauth]
Jun 23 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7567]: Invalid user deploy from 91.92.40.12
Jun 23 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7567]: input_userauth_request: invalid user deploy [preauth]
Jun 23 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7567]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Failed password for invalid user b2 from 91.92.40.48 port 41668 ssh2
Jun 23 07:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7567]: Failed password for invalid user deploy from 91.92.40.12 port 53726 ssh2
Jun 23 07:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7567]: Connection closed by 91.92.40.12 port 53726 [preauth]
Jun 23 07:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Connection closed by 91.92.40.48 port 41668 [preauth]
Jun 23 07:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: Failed password for root from 91.92.40.48 port 10412 ssh2
Jun 23 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Invalid user ops from 91.92.40.48
Jun 23 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: input_userauth_request: invalid user ops [preauth]
Jun 23 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: Connection closed by 91.92.40.48 port 10412 [preauth]
Jun 23 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6334]: pam_unix(cron:session): session closed for user root
Jun 23 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Failed password for invalid user ops from 91.92.40.48 port 10442 ssh2
Jun 23 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Connection closed by 91.92.40.48 port 10442 [preauth]
Jun 23 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Invalid user n8n from 91.92.40.48
Jun 23 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: input_userauth_request: invalid user n8n [preauth]
Jun 23 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Failed password for invalid user n8n from 91.92.40.48 port 56664 ssh2
Jun 23 07:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Connection closed by 91.92.40.48 port 56664 [preauth]
Jun 23 07:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: Invalid user postgres from 91.92.40.48
Jun 23 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: input_userauth_request: invalid user postgres [preauth]
Jun 23 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: Failed password for invalid user postgres from 91.92.40.48 port 19730 ssh2
Jun 23 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: Connection closed by 91.92.40.48 port 19730 [preauth]
Jun 23 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: Failed password for root from 144.225.187.123 port 54056 ssh2
Jun 23 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: Connection closed by 144.225.187.123 port 54056 [preauth]
Jun 23 07:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: Failed password for root from 91.92.40.48 port 19786 ssh2
Jun 23 07:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: Connection closed by 91.92.40.48 port 19786 [preauth]
Jun 23 07:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Invalid user airflow from 91.92.40.48
Jun 23 07:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: input_userauth_request: invalid user airflow [preauth]
Jun 23 07:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Failed password for invalid user airflow from 91.92.40.48 port 17212 ssh2
Jun 23 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Connection closed by 91.92.40.48 port 17212 [preauth]
Jun 23 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Invalid user user from 91.92.40.48
Jun 23 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: input_userauth_request: invalid user user [preauth]
Jun 23 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7808]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7866]: Successful su for rubyman by root
Jun 23 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7866]: + ??? root:rubyman
Jun 23 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575829 of user rubyman.
Jun 23 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7866]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575829.
Jun 23 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Failed password for invalid user user from 91.92.40.48 port 17250 ssh2
Jun 23 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4983]: pam_unix(cron:session): session closed for user root
Jun 23 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Connection closed by 91.92.40.48 port 17250 [preauth]
Jun 23 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7809]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Invalid user azureuser from 91.92.40.48
Jun 23 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Failed password for invalid user azureuser from 91.92.40.48 port 26526 ssh2
Jun 23 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Connection closed by 91.92.40.48 port 26526 [preauth]
Jun 23 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Invalid user celeste from 91.92.40.48
Jun 23 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: input_userauth_request: invalid user celeste [preauth]
Jun 23 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Failed password for invalid user celeste from 91.92.40.48 port 26576 ssh2
Jun 23 07:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Connection closed by 91.92.40.48 port 26576 [preauth]
Jun 23 07:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Invalid user dbs from 91.92.40.48
Jun 23 07:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: input_userauth_request: invalid user dbs [preauth]
Jun 23 07:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Failed password for invalid user dbs from 91.92.40.48 port 13844 ssh2
Jun 23 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Connection closed by 91.92.40.48 port 13844 [preauth]
Jun 23 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: Invalid user appuser from 91.92.40.48
Jun 23 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: input_userauth_request: invalid user appuser [preauth]
Jun 23 07:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for root from 144.225.187.123 port 45662 ssh2
Jun 23 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 144.225.187.123 port 45662 [preauth]
Jun 23 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: Failed password for invalid user appuser from 91.92.40.48 port 41804 ssh2
Jun 23 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: Connection closed by 91.92.40.48 port 41804 [preauth]
Jun 23 07:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6764]: pam_unix(cron:session): session closed for user root
Jun 23 07:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: Failed password for root from 91.92.40.48 port 41854 ssh2
Jun 23 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: Connection closed by 91.92.40.48 port 41854 [preauth]
Jun 23 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Failed password for root from 91.92.40.48 port 29820 ssh2
Jun 23 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Connection closed by 91.92.40.48 port 29820 [preauth]
Jun 23 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: Invalid user web from 91.92.40.48
Jun 23 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: input_userauth_request: invalid user web [preauth]
Jun 23 07:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: Failed password for invalid user web from 91.92.40.48 port 29848 ssh2
Jun 23 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Invalid user leo from 91.92.40.48
Jun 23 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: input_userauth_request: invalid user leo [preauth]
Jun 23 07:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: Connection closed by 91.92.40.48 port 29848 [preauth]
Jun 23 07:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Failed password for invalid user leo from 91.92.40.48 port 30628 ssh2
Jun 23 07:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 07:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: Invalid user deploy from 91.92.40.12
Jun 23 07:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: input_userauth_request: invalid user deploy [preauth]
Jun 23 07:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: Failed password for root from 103.27.238.116 port 54528 ssh2
Jun 23 07:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: Failed password for invalid user deploy from 91.92.40.12 port 33170 ssh2
Jun 23 07:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: Connection closed by 103.27.238.116 port 54528 [preauth]
Jun 23 07:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Connection closed by 91.92.40.48 port 30628 [preauth]
Jun 23 07:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: Connection closed by 91.92.40.12 port 33170 [preauth]
Jun 23 07:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Failed password for root from 91.92.40.48 port 30652 ssh2
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session closed for user root
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8288]: Successful su for rubyman by root
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8288]: + ??? root:rubyman
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575833 of user rubyman.
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8288]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575833.
Jun 23 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: Failed password for root from 144.225.187.123 port 42840 ssh2
Jun 23 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: Connection closed by 144.225.187.123 port 42840 [preauth]
Jun 23 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Invalid user kali from 91.92.40.48
Jun 23 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: input_userauth_request: invalid user kali [preauth]
Jun 23 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8224]: pam_unix(cron:session): session closed for user root
Jun 23 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Connection closed by 91.92.40.48 port 30652 [preauth]
Jun 23 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5408]: pam_unix(cron:session): session closed for user root
Jun 23 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8223]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Invalid user claude from 91.92.40.48
Jun 23 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: input_userauth_request: invalid user claude [preauth]
Jun 23 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Failed password for invalid user kali from 91.92.40.48 port 59120 ssh2
Jun 23 07:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Connection closed by 91.92.40.48 port 59120 [preauth]
Jun 23 07:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Failed password for invalid user claude from 91.92.40.48 port 59144 ssh2
Jun 23 07:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Invalid user newuser from 91.92.40.48
Jun 23 07:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: input_userauth_request: invalid user newuser [preauth]
Jun 23 07:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Connection closed by 91.92.40.48 port 59144 [preauth]
Jun 23 07:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Failed password for invalid user newuser from 91.92.40.48 port 25352 ssh2
Jun 23 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: Invalid user main from 91.92.40.48
Jun 23 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: input_userauth_request: invalid user main [preauth]
Jun 23 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Connection closed by 91.92.40.48 port 25352 [preauth]
Jun 23 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: Failed password for invalid user main from 91.92.40.48 port 25382 ssh2
Jun 23 07:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: Invalid user node from 91.92.40.48
Jun 23 07:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: input_userauth_request: invalid user node [preauth]
Jun 23 07:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8485]: Connection closed by 91.92.40.48 port 25382 [preauth]
Jun 23 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: Invalid user ubuntu from 91.92.40.48
Jun 23 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: Failed password for invalid user node from 91.92.40.48 port 56116 ssh2
Jun 23 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: Connection closed by 91.92.40.48 port 56116 [preauth]
Jun 23 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7283]: pam_unix(cron:session): session closed for user root
Jun 23 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: Invalid user scanner from 91.92.40.48
Jun 23 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: input_userauth_request: invalid user scanner [preauth]
Jun 23 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: Failed password for invalid user ubuntu from 91.92.40.48 port 56150 ssh2
Jun 23 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: Connection closed by 91.92.40.48 port 56150 [preauth]
Jun 23 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8582]: Failed password for root from 144.225.187.123 port 56392 ssh2
Jun 23 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8582]: Connection closed by 144.225.187.123 port 56392 [preauth]
Jun 23 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: Failed password for invalid user scanner from 91.92.40.48 port 38720 ssh2
Jun 23 07:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Invalid user monitor from 91.92.40.48
Jun 23 07:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: input_userauth_request: invalid user monitor [preauth]
Jun 23 07:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: Connection closed by 91.92.40.48 port 38720 [preauth]
Jun 23 07:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Failed password for invalid user monitor from 91.92.40.48 port 31900 ssh2
Jun 23 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Connection closed by 91.92.40.48 port 31900 [preauth]
Jun 23 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8612]: Failed password for root from 91.92.40.48 port 15990 ssh2
Jun 23 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Failed password for root from 103.122.221.179 port 37190 ssh2
Jun 23 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Connection closed by 103.122.221.179 port 37190 [preauth]
Jun 23 07:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8612]: Connection closed by 91.92.40.48 port 15990 [preauth]
Jun 23 07:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8634]: Invalid user bot from 91.92.40.48
Jun 23 07:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8634]: input_userauth_request: invalid user bot [preauth]
Jun 23 07:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8634]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8634]: Failed password for invalid user bot from 91.92.40.48 port 16016 ssh2
Jun 23 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8634]: Connection closed by 91.92.40.48 port 16016 [preauth]
Jun 23 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: Invalid user andrea from 91.92.40.48
Jun 23 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: input_userauth_request: invalid user andrea [preauth]
Jun 23 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: Failed password for invalid user andrea from 91.92.40.48 port 15508 ssh2
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8670]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8737]: Successful su for rubyman by root
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8737]: + ??? root:rubyman
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575839 of user rubyman.
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8737]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575839.
Jun 23 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: Connection closed by 91.92.40.48 port 15508 [preauth]
Jun 23 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5823]: pam_unix(cron:session): session closed for user root
Jun 23 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Failed password for root from 91.92.40.48 port 15518 ssh2
Jun 23 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8671]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Connection closed by 91.92.40.48 port 15518 [preauth]
Jun 23 07:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8815]: Invalid user cloud from 91.92.40.48
Jun 23 07:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8815]: input_userauth_request: invalid user cloud [preauth]
Jun 23 07:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8815]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8815]: Failed password for invalid user cloud from 91.92.40.48 port 52208 ssh2
Jun 23 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Failed password for root from 144.225.187.123 port 42344 ssh2
Jun 23 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Connection closed by 144.225.187.123 port 42344 [preauth]
Jun 23 07:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8815]: Connection closed by 91.92.40.48 port 52208 [preauth]
Jun 23 07:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: Invalid user user from 91.92.40.48
Jun 23 07:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: input_userauth_request: invalid user user [preauth]
Jun 23 07:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: Failed password for invalid user user from 91.92.40.48 port 53112 ssh2
Jun 23 07:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: Connection closed by 91.92.40.48 port 53112 [preauth]
Jun 23 07:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Failed password for root from 91.92.40.48 port 53152 ssh2
Jun 23 07:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: Invalid user ubuntu from 91.92.40.48
Jun 23 07:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 07:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Connection closed by 91.92.40.48 port 53152 [preauth]
Jun 23 07:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Invalid user deploy from 91.92.40.12
Jun 23 07:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: input_userauth_request: invalid user deploy [preauth]
Jun 23 07:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: Failed password for invalid user ubuntu from 91.92.40.48 port 37208 ssh2
Jun 23 07:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Failed password for invalid user deploy from 91.92.40.12 port 39610 ssh2
Jun 23 07:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Connection closed by 91.92.40.12 port 39610 [preauth]
Jun 23 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7811]: pam_unix(cron:session): session closed for user root
Jun 23 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Invalid user amit from 91.92.40.48
Jun 23 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: input_userauth_request: invalid user amit [preauth]
Jun 23 07:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: Connection closed by 91.92.40.48 port 37208 [preauth]
Jun 23 07:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Invalid user user from 141.98.83.240
Jun 23 07:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: input_userauth_request: invalid user user [preauth]
Jun 23 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Failed password for invalid user amit from 91.92.40.48 port 37236 ssh2
Jun 23 07:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Invalid user sahil from 91.92.40.48
Jun 23 07:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: input_userauth_request: invalid user sahil [preauth]
Jun 23 07:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Failed password for invalid user user from 141.98.83.240 port 15506 ssh2
Jun 23 07:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Connection closed by 91.92.40.48 port 37236 [preauth]
Jun 23 07:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Failed password for invalid user user from 141.98.83.240 port 15506 ssh2
Jun 23 07:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Failed password for invalid user sahil from 91.92.40.48 port 24178 ssh2
Jun 23 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Failed password for invalid user user from 141.98.83.240 port 15506 ssh2
Jun 23 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Connection closed by 141.98.83.240 port 15506 [preauth]
Jun 23 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Invalid user lpse from 147.45.174.229
Jun 23 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: input_userauth_request: invalid user lpse [preauth]
Jun 23 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 07:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Connection closed by 91.92.40.48 port 24178 [preauth]
Jun 23 07:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Failed password for invalid user lpse from 147.45.174.229 port 50960 ssh2
Jun 23 07:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Received disconnect from 147.45.174.229 port 50960:11: Bye Bye [preauth]
Jun 23 07:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Disconnected from 147.45.174.229 port 50960 [preauth]
Jun 23 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: Invalid user pruebas from 91.92.40.48
Jun 23 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: input_userauth_request: invalid user pruebas [preauth]
Jun 23 07:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Failed password for root from 144.225.187.123 port 39326 ssh2
Jun 23 07:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Connection closed by 144.225.187.123 port 39326 [preauth]
Jun 23 07:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: Failed password for invalid user pruebas from 91.92.40.48 port 35674 ssh2
Jun 23 07:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: Invalid user erpnext from 91.92.40.48
Jun 23 07:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: input_userauth_request: invalid user erpnext [preauth]
Jun 23 07:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: Connection closed by 91.92.40.48 port 35674 [preauth]
Jun 23 07:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: Failed password for invalid user erpnext from 91.92.40.48 port 35714 ssh2
Jun 23 07:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Invalid user vpn from 91.92.40.48
Jun 23 07:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: input_userauth_request: invalid user vpn [preauth]
Jun 23 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9112]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9171]: Successful su for rubyman by root
Jun 23 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9171]: + ??? root:rubyman
Jun 23 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575844 of user rubyman.
Jun 23 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9171]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575844.
Jun 23 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: Connection closed by 91.92.40.48 port 35714 [preauth]
Jun 23 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6332]: pam_unix(cron:session): session closed for user root
Jun 23 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Failed password for invalid user vpn from 91.92.40.48 port 61426 ssh2
Jun 23 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Invalid user ftpuser from 91.92.40.48
Jun 23 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Connection closed by 91.92.40.48 port 61426 [preauth]
Jun 23 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Failed password for invalid user ftpuser from 91.92.40.48 port 61502 ssh2
Jun 23 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: Invalid user admin2 from 91.92.40.48
Jun 23 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: input_userauth_request: invalid user admin2 [preauth]
Jun 23 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Connection closed by 91.92.40.48 port 61502 [preauth]
Jun 23 07:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: Failed password for invalid user admin2 from 91.92.40.48 port 14712 ssh2
Jun 23 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Invalid user ali from 91.92.40.48
Jun 23 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: input_userauth_request: invalid user ali [preauth]
Jun 23 07:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: Connection closed by 91.92.40.48 port 14712 [preauth]
Jun 23 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9392]: Failed password for root from 144.225.187.123 port 50566 ssh2
Jun 23 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9392]: Connection closed by 144.225.187.123 port 50566 [preauth]
Jun 23 07:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Failed password for invalid user ali from 91.92.40.48 port 14760 ssh2
Jun 23 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Invalid user postgres from 91.92.40.48
Jun 23 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: input_userauth_request: invalid user postgres [preauth]
Jun 23 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Connection closed by 91.92.40.48 port 14760 [preauth]
Jun 23 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Invalid user emo from 152.32.218.244
Jun 23 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: input_userauth_request: invalid user emo [preauth]
Jun 23 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: Invalid user a1 from 91.92.40.48
Jun 23 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: input_userauth_request: invalid user a1 [preauth]
Jun 23 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Failed password for invalid user postgres from 91.92.40.48 port 49072 ssh2
Jun 23 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Failed password for invalid user emo from 152.32.218.244 port 33926 ssh2
Jun 23 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Received disconnect from 152.32.218.244 port 33926:11: Bye Bye [preauth]
Jun 23 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Disconnected from 152.32.218.244 port 33926 [preauth]
Jun 23 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8226]: pam_unix(cron:session): session closed for user root
Jun 23 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Connection closed by 91.92.40.48 port 49072 [preauth]
Jun 23 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: Invalid user ubuntu from 91.92.40.48
Jun 23 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: Failed password for invalid user a1 from 91.92.40.48 port 49132 ssh2
Jun 23 07:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: Connection closed by 91.92.40.48 port 49132 [preauth]
Jun 23 07:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: Failed password for invalid user ubuntu from 91.92.40.48 port 34302 ssh2
Jun 23 07:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Invalid user ahmad from 91.92.40.48
Jun 23 07:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: input_userauth_request: invalid user ahmad [preauth]
Jun 23 07:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: Connection closed by 91.92.40.48 port 34302 [preauth]
Jun 23 07:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Failed password for invalid user ahmad from 91.92.40.48 port 24470 ssh2
Jun 23 07:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: Invalid user mc from 91.92.40.48
Jun 23 07:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: input_userauth_request: invalid user mc [preauth]
Jun 23 07:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Connection closed by 91.92.40.48 port 24470 [preauth]
Jun 23 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Invalid user alfred from 91.92.40.48
Jun 23 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: input_userauth_request: invalid user alfred [preauth]
Jun 23 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: Invalid user deploy from 91.92.40.12
Jun 23 07:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: input_userauth_request: invalid user deploy [preauth]
Jun 23 07:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: Failed password for invalid user mc from 91.92.40.48 port 24530 ssh2
Jun 23 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: Failed password for invalid user deploy from 91.92.40.12 port 48132 ssh2
Jun 23 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: Connection closed by 91.92.40.12 port 48132 [preauth]
Jun 23 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: Failed password for root from 144.225.187.123 port 44590 ssh2
Jun 23 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: Connection closed by 144.225.187.123 port 44590 [preauth]
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9586]: Successful su for rubyman by root
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9586]: + ??? root:rubyman
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575846 of user rubyman.
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9586]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575846.
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Invalid user debian from 91.92.40.48
Jun 23 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: input_userauth_request: invalid user debian [preauth]
Jun 23 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Failed password for invalid user alfred from 91.92.40.48 port 39262 ssh2
Jun 23 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6763]: pam_unix(cron:session): session closed for user root
Jun 23 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: Connection closed by 91.92.40.48 port 24530 [preauth]
Jun 23 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9527]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Invalid user daniel from 91.92.40.48
Jun 23 07:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: input_userauth_request: invalid user daniel [preauth]
Jun 23 07:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Connection closed by 91.92.40.48 port 39262 [preauth]
Jun 23 07:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Failed password for invalid user debian from 91.92.40.48 port 39312 ssh2
Jun 23 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: Invalid user dani from 91.92.40.48
Jun 23 07:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: input_userauth_request: invalid user dani [preauth]
Jun 23 07:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Connection closed by 91.92.40.48 port 39312 [preauth]
Jun 23 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Failed password for invalid user daniel from 91.92.40.48 port 31680 ssh2
Jun 23 07:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Connection closed by 91.92.40.48 port 31680 [preauth]
Jun 23 07:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Invalid user ts3 from 91.92.40.48
Jun 23 07:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 07:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: Failed password for invalid user dani from 91.92.40.48 port 31730 ssh2
Jun 23 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: Connection closed by 91.92.40.48 port 31730 [preauth]
Jun 23 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: Invalid user administrator from 91.92.40.48
Jun 23 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: input_userauth_request: invalid user administrator [preauth]
Jun 23 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Failed password for invalid user ts3 from 91.92.40.48 port 22622 ssh2
Jun 23 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Connection closed by 91.92.40.48 port 22622 [preauth]
Jun 23 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: Failed password for invalid user administrator from 91.92.40.48 port 22656 ssh2
Jun 23 07:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9773]: Connection closed by 91.92.40.48 port 22656 [preauth]
Jun 23 07:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: Failed password for root from 91.92.40.48 port 33598 ssh2
Jun 23 07:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: Connection closed by 91.92.40.48 port 33598 [preauth]
Jun 23 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: Invalid user testuser from 91.92.40.48
Jun 23 07:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: input_userauth_request: invalid user testuser [preauth]
Jun 23 07:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8673]: pam_unix(cron:session): session closed for user root
Jun 23 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: Failed password for invalid user testuser from 91.92.40.48 port 61246 ssh2
Jun 23 07:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: Connection closed by 91.92.40.48 port 61246 [preauth]
Jun 23 07:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Invalid user scanner from 91.92.40.48
Jun 23 07:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: input_userauth_request: invalid user scanner [preauth]
Jun 23 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Failed password for root from 144.225.187.123 port 49814 ssh2
Jun 23 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Connection closed by 144.225.187.123 port 49814 [preauth]
Jun 23 07:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Failed password for invalid user scanner from 91.92.40.48 port 61262 ssh2
Jun 23 07:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Connection closed by 91.92.40.48 port 61262 [preauth]
Jun 23 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: Invalid user alex from 91.92.40.48
Jun 23 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: input_userauth_request: invalid user alex [preauth]
Jun 23 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: Failed password for invalid user alex from 91.92.40.48 port 27522 ssh2
Jun 23 07:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: Connection closed by 91.92.40.48 port 27522 [preauth]
Jun 23 07:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10074]: Invalid user seed from 91.92.40.48
Jun 23 07:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10074]: input_userauth_request: invalid user seed [preauth]
Jun 23 07:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10074]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10074]: Failed password for invalid user seed from 91.92.40.48 port 27548 ssh2
Jun 23 07:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10074]: Connection closed by 91.92.40.48 port 27548 [preauth]
Jun 23 07:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Failed password for root from 91.92.40.48 port 60454 ssh2
Jun 23 07:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Connection closed by 91.92.40.48 port 60454 [preauth]
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: Invalid user ubuntu from 91.92.40.48
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10331]: Successful su for rubyman by root
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10331]: + ??? root:rubyman
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575852 of user rubyman.
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10331]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575852.
Jun 23 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session closed for user root
Jun 23 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7282]: pam_unix(cron:session): session closed for user root
Jun 23 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Invalid user ubuntu from 147.182.183.153
Jun 23 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: Failed password for invalid user ubuntu from 91.92.40.48 port 60480 ssh2
Jun 23 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Failed password for invalid user ubuntu from 147.182.183.153 port 49498 ssh2
Jun 23 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Received disconnect from 147.182.183.153 port 49498:11: Bye Bye [preauth]
Jun 23 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Disconnected from 147.182.183.153 port 49498 [preauth]
Jun 23 07:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: Connection closed by 91.92.40.48 port 60480 [preauth]
Jun 23 07:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: Invalid user openclaw from 91.92.40.48
Jun 23 07:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 07:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: Failed password for invalid user openclaw from 91.92.40.48 port 27300 ssh2
Jun 23 07:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: Connection closed by 91.92.40.48 port 27300 [preauth]
Jun 23 07:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10565]: Failed password for root from 144.225.187.123 port 44684 ssh2
Jun 23 07:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10565]: Connection closed by 144.225.187.123 port 44684 [preauth]
Jun 23 07:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10552]: Failed password for root from 91.92.40.48 port 27350 ssh2
Jun 23 07:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10552]: Connection closed by 91.92.40.48 port 27350 [preauth]
Jun 23 07:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Invalid user steam from 91.92.40.48
Jun 23 07:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: input_userauth_request: invalid user steam [preauth]
Jun 23 07:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Failed password for invalid user steam from 91.92.40.48 port 55010 ssh2
Jun 23 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Connection closed by 91.92.40.48 port 55010 [preauth]
Jun 23 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: Invalid user deploy from 91.92.40.12
Jun 23 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: input_userauth_request: invalid user deploy [preauth]
Jun 23 07:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: Failed password for invalid user deploy from 91.92.40.12 port 51452 ssh2
Jun 23 07:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10624]: Connection closed by 91.92.40.12 port 51452 [preauth]
Jun 23 07:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: Failed password for root from 91.92.40.48 port 15156 ssh2
Jun 23 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9115]: pam_unix(cron:session): session closed for user root
Jun 23 07:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: Connection closed by 91.92.40.48 port 15156 [preauth]
Jun 23 07:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: User john from 91.92.40.48 not allowed because not listed in AllowUsers
Jun 23 07:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: input_userauth_request: invalid user john [preauth]
Jun 23 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=john
Jun 23 07:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Failed password for invalid user john from 91.92.40.48 port 15196 ssh2
Jun 23 07:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Invalid user dev from 91.92.40.48
Jun 23 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: input_userauth_request: invalid user dev [preauth]
Jun 23 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Connection closed by 91.92.40.48 port 15196 [preauth]
Jun 23 07:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Failed password for invalid user dev from 91.92.40.48 port 19678 ssh2
Jun 23 07:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Connection closed by 91.92.40.48 port 19678 [preauth]
Jun 23 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: Failed password for root from 91.92.40.48 port 51158 ssh2
Jun 23 07:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Invalid user dev from 91.92.40.48
Jun 23 07:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: input_userauth_request: invalid user dev [preauth]
Jun 23 07:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: Connection closed by 91.92.40.48 port 51158 [preauth]
Jun 23 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: Failed password for root from 144.225.187.123 port 57124 ssh2
Jun 23 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10709]: Connection closed by 144.225.187.123 port 57124 [preauth]
Jun 23 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Failed password for invalid user dev from 91.92.40.48 port 51194 ssh2
Jun 23 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Connection closed by 91.92.40.48 port 51194 [preauth]
Jun 23 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: Invalid user ubuntu from 91.92.40.48
Jun 23 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: Failed password for invalid user ubuntu from 91.92.40.48 port 58726 ssh2
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session closed for user root
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10738]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: Connection closed by 91.92.40.48 port 58726 [preauth]
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10826]: Successful su for rubyman by root
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10826]: + ??? root:rubyman
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575856 of user rubyman.
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10826]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575856.
Jun 23 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: Invalid user operator from 91.92.40.48
Jun 23 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: input_userauth_request: invalid user operator [preauth]
Jun 23 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10740]: pam_unix(cron:session): session closed for user root
Jun 23 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7810]: pam_unix(cron:session): session closed for user root
Jun 23 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10739]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: Failed password for invalid user operator from 91.92.40.48 port 13540 ssh2
Jun 23 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: Connection closed by 91.92.40.48 port 13540 [preauth]
Jun 23 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Failed password for root from 91.92.40.48 port 13566 ssh2
Jun 23 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Connection closed by 91.92.40.48 port 13566 [preauth]
Jun 23 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Invalid user hadoop from 91.92.40.48
Jun 23 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Failed password for invalid user hadoop from 91.92.40.48 port 27510 ssh2
Jun 23 07:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Connection closed by 91.92.40.48 port 27510 [preauth]
Jun 23 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: Invalid user steam from 91.92.40.48
Jun 23 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: input_userauth_request: invalid user steam [preauth]
Jun 23 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 07:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Failed password for root from 77.94.47.83 port 54898 ssh2
Jun 23 07:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Connection closed by 77.94.47.83 port 54898 [preauth]
Jun 23 07:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: Failed password for invalid user steam from 91.92.40.48 port 27522 ssh2
Jun 23 07:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: Connection closed by 91.92.40.48 port 27522 [preauth]
Jun 23 07:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: Invalid user hs from 91.92.40.48
Jun 23 07:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: input_userauth_request: invalid user hs [preauth]
Jun 23 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: Failed password for root from 144.225.187.123 port 46362 ssh2
Jun 23 07:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: Connection closed by 144.225.187.123 port 46362 [preauth]
Jun 23 07:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: Failed password for invalid user hs from 91.92.40.48 port 38892 ssh2
Jun 23 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: Connection closed by 91.92.40.48 port 38892 [preauth]
Jun 23 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9529]: pam_unix(cron:session): session closed for user root
Jun 23 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Failed password for root from 38.93.206.2 port 2968 ssh2
Jun 23 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Connection closed by 38.93.206.2 port 2968 [preauth]
Jun 23 07:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: Failed password for root from 91.92.40.48 port 38940 ssh2
Jun 23 07:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Invalid user client from 91.92.40.48
Jun 23 07:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: input_userauth_request: invalid user client [preauth]
Jun 23 07:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: Connection closed by 91.92.40.48 port 38940 [preauth]
Jun 23 07:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 07:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Failed password for invalid user client from 91.92.40.48 port 20682 ssh2
Jun 23 07:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11165]: Failed password for root from 193.37.70.224 port 48732 ssh2
Jun 23 07:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11165]: Connection closed by 193.37.70.224 port 48732 [preauth]
Jun 23 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Invalid user student from 91.92.40.48
Jun 23 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: input_userauth_request: invalid user student [preauth]
Jun 23 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Connection closed by 91.92.40.48 port 20682 [preauth]
Jun 23 07:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Failed password for invalid user student from 91.92.40.48 port 12614 ssh2
Jun 23 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153  user=root
Jun 23 07:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Connection closed by 91.92.40.48 port 12614 [preauth]
Jun 23 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: Failed password for root from 147.182.183.153 port 52222 ssh2
Jun 23 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: Received disconnect from 147.182.183.153 port 52222:11: Bye Bye [preauth]
Jun 23 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: Disconnected from 147.182.183.153 port 52222 [preauth]
Jun 23 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: Invalid user deploy from 91.92.40.48
Jun 23 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: input_userauth_request: invalid user deploy [preauth]
Jun 23 07:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: Failed password for invalid user deploy from 91.92.40.48 port 12674 ssh2
Jun 23 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11192]: Connection closed by 91.92.40.48 port 12674 [preauth]
Jun 23 07:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244  user=root
Jun 23 07:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: Invalid user repo from 91.92.40.48
Jun 23 07:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: input_userauth_request: invalid user repo [preauth]
Jun 23 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Failed password for root from 152.32.218.244 port 51242 ssh2
Jun 23 07:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Received disconnect from 152.32.218.244 port 51242:11: Bye Bye [preauth]
Jun 23 07:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Disconnected from 152.32.218.244 port 51242 [preauth]
Jun 23 07:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: Failed password for invalid user repo from 91.92.40.48 port 36568 ssh2
Jun 23 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: Connection closed by 91.92.40.48 port 36568 [preauth]
Jun 23 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11231]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Invalid user developer from 91.92.40.12
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: input_userauth_request: invalid user developer [preauth]
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11307]: Successful su for rubyman by root
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11307]: + ??? root:rubyman
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575861 of user rubyman.
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11307]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575861.
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Invalid user user from 91.92.40.48
Jun 23 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: input_userauth_request: invalid user user [preauth]
Jun 23 07:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Failed password for invalid user developer from 91.92.40.12 port 33860 ssh2
Jun 23 07:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Connection closed by 91.92.40.12 port 33860 [preauth]
Jun 23 07:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session closed for user root
Jun 23 07:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Failed password for invalid user user from 91.92.40.48 port 34668 ssh2
Jun 23 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Connection closed by 91.92.40.48 port 34668 [preauth]
Jun 23 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Failed password for root from 144.225.187.123 port 40070 ssh2
Jun 23 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11232]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Connection closed by 144.225.187.123 port 40070 [preauth]
Jun 23 07:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Invalid user user from 91.92.40.48
Jun 23 07:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: input_userauth_request: invalid user user [preauth]
Jun 23 07:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Failed password for invalid user user from 91.92.40.48 port 34726 ssh2
Jun 23 07:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Connection closed by 91.92.40.48 port 34726 [preauth]
Jun 23 07:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Invalid user local from 91.92.40.48
Jun 23 07:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: input_userauth_request: invalid user local [preauth]
Jun 23 07:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Failed password for invalid user local from 91.92.40.48 port 12720 ssh2
Jun 23 07:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Connection closed by 91.92.40.48 port 12720 [preauth]
Jun 23 07:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11539]: Failed password for root from 91.92.40.48 port 12766 ssh2
Jun 23 07:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11539]: Connection closed by 91.92.40.48 port 12766 [preauth]
Jun 23 07:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: Invalid user python from 91.92.40.48
Jun 23 07:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: input_userauth_request: invalid user python [preauth]
Jun 23 07:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: Failed password for invalid user python from 91.92.40.48 port 17822 ssh2
Jun 23 07:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: Connection closed by 91.92.40.48 port 17822 [preauth]
Jun 23 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session closed for user root
Jun 23 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Failed password for root from 91.92.40.48 port 17842 ssh2
Jun 23 07:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Connection closed by 91.92.40.48 port 17842 [preauth]
Jun 23 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: Invalid user frappe from 91.92.40.48
Jun 23 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: input_userauth_request: invalid user frappe [preauth]
Jun 23 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: Failed password for invalid user frappe from 91.92.40.48 port 52602 ssh2
Jun 23 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: Connection closed by 91.92.40.48 port 52602 [preauth]
Jun 23 07:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: Failed password for root from 144.225.187.123 port 60004 ssh2
Jun 23 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: Invalid user admin from 31.59.95.52
Jun 23 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: input_userauth_request: invalid user admin [preauth]
Jun 23 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Invalid user zookeeper from 91.92.40.48
Jun 23 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: input_userauth_request: invalid user zookeeper [preauth]
Jun 23 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: Connection closed by 144.225.187.123 port 60004 [preauth]
Jun 23 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.95.52
Jun 23 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: Failed password for invalid user admin from 31.59.95.52 port 36026 ssh2
Jun 23 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Failed password for invalid user zookeeper from 91.92.40.48 port 33254 ssh2
Jun 23 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: Connection closed by 31.59.95.52 port 36026 [preauth]
Jun 23 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Connection closed by 91.92.40.48 port 33254 [preauth]
Jun 23 07:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Invalid user ubnt from 31.59.95.52
Jun 23 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: input_userauth_request: invalid user ubnt [preauth]
Jun 23 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.95.52
Jun 23 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: Invalid user linux from 91.92.40.48
Jun 23 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: input_userauth_request: invalid user linux [preauth]
Jun 23 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Received disconnect from 160.238.24.130 port 47510:11: disconnected by user [preauth]
Jun 23 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Disconnected from 160.238.24.130 port 47510 [preauth]
Jun 23 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Failed password for invalid user ubnt from 31.59.95.52 port 36036 ssh2
Jun 23 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Connection closed by 31.59.95.52 port 36036 [preauth]
Jun 23 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: Failed password for invalid user linux from 91.92.40.48 port 62016 ssh2
Jun 23 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Invalid user support from 31.59.95.52
Jun 23 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: input_userauth_request: invalid user support [preauth]
Jun 23 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.95.52
Jun 23 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: Connection closed by 91.92.40.48 port 62016 [preauth]
Jun 23 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Failed password for invalid user support from 31.59.95.52 port 52862 ssh2
Jun 23 07:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Connection closed by 31.59.95.52 port 52862 [preauth]
Jun 23 07:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: Invalid user ubuntu from 91.92.40.48
Jun 23 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: Failed password for invalid user ubuntu from 91.92.40.48 port 62092 ssh2
Jun 23 07:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: Connection closed by 91.92.40.48 port 62092 [preauth]
Jun 23 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11679]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11754]: Successful su for rubyman by root
Jun 23 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11754]: + ??? root:rubyman
Jun 23 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575865 of user rubyman.
Jun 23 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11754]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575865.
Jun 23 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8672]: pam_unix(cron:session): session closed for user root
Jun 23 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Invalid user admin from 91.92.40.48
Jun 23 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: input_userauth_request: invalid user admin [preauth]
Jun 23 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11680]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Failed password for invalid user admin from 91.92.40.48 port 34900 ssh2
Jun 23 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Connection closed by 91.92.40.48 port 34900 [preauth]
Jun 23 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Failed password for root from 91.92.40.48 port 47682 ssh2
Jun 23 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Connection closed by 91.92.40.48 port 47682 [preauth]
Jun 23 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: Failed password for root from 144.225.187.123 port 44418 ssh2
Jun 23 07:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: Connection closed by 144.225.187.123 port 44418 [preauth]
Jun 23 07:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: Invalid user aaa from 91.92.40.48
Jun 23 07:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: input_userauth_request: invalid user aaa [preauth]
Jun 23 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: Failed password for invalid user aaa from 91.92.40.48 port 47702 ssh2
Jun 23 07:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: Connection closed by 91.92.40.48 port 47702 [preauth]
Jun 23 07:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: Invalid user madhuri from 91.92.40.48
Jun 23 07:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: input_userauth_request: invalid user madhuri [preauth]
Jun 23 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: Failed password for invalid user madhuri from 91.92.40.48 port 55044 ssh2
Jun 23 07:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: Connection closed by 91.92.40.48 port 55044 [preauth]
Jun 23 07:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153  user=root
Jun 23 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Failed password for root from 147.182.183.153 port 58628 ssh2
Jun 23 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Received disconnect from 147.182.183.153 port 58628:11: Bye Bye [preauth]
Jun 23 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Disconnected from 147.182.183.153 port 58628 [preauth]
Jun 23 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10742]: pam_unix(cron:session): session closed for user root
Jun 23 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Invalid user root1 from 91.92.40.48
Jun 23 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: input_userauth_request: invalid user root1 [preauth]
Jun 23 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: Invalid user developer from 91.92.40.12
Jun 23 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: input_userauth_request: invalid user developer [preauth]
Jun 23 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: Failed password for invalid user developer from 91.92.40.12 port 46922 ssh2
Jun 23 07:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: Connection closed by 91.92.40.12 port 46922 [preauth]
Jun 23 07:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Failed password for invalid user root1 from 91.92.40.48 port 40172 ssh2
Jun 23 07:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Connection closed by 91.92.40.48 port 40172 [preauth]
Jun 23 07:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Invalid user ivan from 91.92.40.48
Jun 23 07:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: input_userauth_request: invalid user ivan [preauth]
Jun 23 07:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Failed password for invalid user ivan from 91.92.40.48 port 40228 ssh2
Jun 23 07:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Connection closed by 91.92.40.48 port 40228 [preauth]
Jun 23 07:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12126]: Failed password for root from 91.92.40.48 port 63516 ssh2
Jun 23 07:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12126]: Connection closed by 91.92.40.48 port 63516 [preauth]
Jun 23 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: Failed password for root from 144.225.187.123 port 57642 ssh2
Jun 23 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: Connection closed by 144.225.187.123 port 57642 [preauth]
Jun 23 07:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Invalid user user01 from 91.92.40.48
Jun 23 07:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: input_userauth_request: invalid user user01 [preauth]
Jun 23 07:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Failed password for invalid user user01 from 91.92.40.48 port 52324 ssh2
Jun 23 07:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Connection closed by 91.92.40.48 port 52324 [preauth]
Jun 23 07:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12160]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12226]: Successful su for rubyman by root
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12226]: + ??? root:rubyman
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575869 of user rubyman.
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12226]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575869.
Jun 23 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Invalid user test from 91.92.40.48
Jun 23 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: input_userauth_request: invalid user test [preauth]
Jun 23 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9114]: pam_unix(cron:session): session closed for user root
Jun 23 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12161]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Failed password for invalid user test from 91.92.40.48 port 30276 ssh2
Jun 23 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Connection closed by 91.92.40.48 port 30276 [preauth]
Jun 23 07:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Failed password for root from 91.92.40.48 port 61108 ssh2
Jun 23 07:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Connection closed by 91.92.40.48 port 61108 [preauth]
Jun 23 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Invalid user vpn from 152.32.218.244
Jun 23 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: input_userauth_request: invalid user vpn [preauth]
Jun 23 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Failed password for invalid user vpn from 152.32.218.244 port 42402 ssh2
Jun 23 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Received disconnect from 152.32.218.244 port 42402:11: Bye Bye [preauth]
Jun 23 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Disconnected from 152.32.218.244 port 42402 [preauth]
Jun 23 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Invalid user aa from 91.92.40.48
Jun 23 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: input_userauth_request: invalid user aa [preauth]
Jun 23 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Failed password for invalid user aa from 91.92.40.48 port 61174 ssh2
Jun 23 07:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Connection closed by 91.92.40.48 port 61174 [preauth]
Jun 23 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48  user=root
Jun 23 07:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: Failed password for root from 91.92.40.48 port 19186 ssh2
Jun 23 07:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: Connection closed by 91.92.40.48 port 19186 [preauth]
Jun 23 07:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: Failed password for root from 144.225.187.123 port 40696 ssh2
Jun 23 07:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: Connection closed by 144.225.187.123 port 40696 [preauth]
Jun 23 07:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: Invalid user dev from 91.92.40.48
Jun 23 07:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: input_userauth_request: invalid user dev [preauth]
Jun 23 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11234]: pam_unix(cron:session): session closed for user root
Jun 23 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: Failed password for invalid user dev from 91.92.40.48 port 49996 ssh2
Jun 23 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: Connection closed by 91.92.40.48 port 49996 [preauth]
Jun 23 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Invalid user deployer from 91.92.40.48
Jun 23 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: input_userauth_request: invalid user deployer [preauth]
Jun 23 07:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Failed password for invalid user deployer from 91.92.40.48 port 50076 ssh2
Jun 23 07:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Connection closed by 91.92.40.48 port 50076 [preauth]
Jun 23 07:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Invalid user weblogic from 91.92.40.48
Jun 23 07:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: input_userauth_request: invalid user weblogic [preauth]
Jun 23 07:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Failed password for invalid user weblogic from 91.92.40.48 port 47142 ssh2
Jun 23 07:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Connection closed by 91.92.40.48 port 47142 [preauth]
Jun 23 07:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: Invalid user yellow from 91.92.40.48
Jun 23 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: input_userauth_request: invalid user yellow [preauth]
Jun 23 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: Failed password for invalid user yellow from 91.92.40.48 port 50914 ssh2
Jun 23 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: Connection closed by 91.92.40.48 port 50914 [preauth]
Jun 23 07:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Invalid user jenkins from 91.92.40.48
Jun 23 07:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 07:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Failed password for invalid user jenkins from 91.92.40.48 port 50936 ssh2
Jun 23 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Connection closed by 91.92.40.48 port 50936 [preauth]
Jun 23 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12715]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12783]: Successful su for rubyman by root
Jun 23 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12783]: + ??? root:rubyman
Jun 23 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575873 of user rubyman.
Jun 23 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12783]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575873.
Jun 23 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: Failed password for root from 144.225.187.123 port 60914 ssh2
Jun 23 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: Connection closed by 144.225.187.123 port 60914 [preauth]
Jun 23 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9528]: pam_unix(cron:session): session closed for user root
Jun 23 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: Invalid user s from 91.92.40.48
Jun 23 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: input_userauth_request: invalid user s [preauth]
Jun 23 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: Invalid user developer from 91.92.40.12
Jun 23 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: input_userauth_request: invalid user developer [preauth]
Jun 23 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12716]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.48
Jun 23 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153  user=root
Jun 23 07:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: Failed password for invalid user s from 91.92.40.48 port 24400 ssh2
Jun 23 07:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: Failed password for invalid user developer from 91.92.40.12 port 59540 ssh2
Jun 23 07:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: Connection closed by 91.92.40.48 port 24400 [preauth]
Jun 23 07:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: Connection closed by 91.92.40.12 port 59540 [preauth]
Jun 23 07:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: Failed password for root from 147.182.183.153 port 48734 ssh2
Jun 23 07:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: Received disconnect from 147.182.183.153 port 48734:11: Bye Bye [preauth]
Jun 23 07:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: Disconnected from 147.182.183.153 port 48734 [preauth]
Jun 23 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11682]: pam_unix(cron:session): session closed for user root
Jun 23 07:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Failed password for root from 144.225.187.123 port 45188 ssh2
Jun 23 07:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Connection closed by 144.225.187.123 port 45188 [preauth]
Jun 23 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13140]: pam_unix(cron:session): session closed for user root
Jun 23 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13213]: Successful su for rubyman by root
Jun 23 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13213]: + ??? root:rubyman
Jun 23 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575877 of user rubyman.
Jun 23 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13213]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575877.
Jun 23 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13137]: pam_unix(cron:session): session closed for user root
Jun 23 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10121]: pam_unix(cron:session): session closed for user root
Jun 23 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: Failed password for root from 144.225.187.123 port 47188 ssh2
Jun 23 07:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: Connection closed by 144.225.187.123 port 47188 [preauth]
Jun 23 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Invalid user jens from 152.32.218.244
Jun 23 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: input_userauth_request: invalid user jens [preauth]
Jun 23 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Failed password for invalid user jens from 152.32.218.244 port 60136 ssh2
Jun 23 07:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Received disconnect from 152.32.218.244 port 60136:11: Bye Bye [preauth]
Jun 23 07:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Disconnected from 152.32.218.244 port 60136 [preauth]
Jun 23 07:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12163]: pam_unix(cron:session): session closed for user root
Jun 23 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Invalid user emm from 147.45.174.229
Jun 23 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: input_userauth_request: invalid user emm [preauth]
Jun 23 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Invalid user developer from 91.92.40.12
Jun 23 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: input_userauth_request: invalid user developer [preauth]
Jun 23 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Failed password for invalid user emm from 147.45.174.229 port 57488 ssh2
Jun 23 07:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Received disconnect from 147.45.174.229 port 57488:11: Bye Bye [preauth]
Jun 23 07:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Disconnected from 147.45.174.229 port 57488 [preauth]
Jun 23 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Failed password for invalid user developer from 91.92.40.12 port 46428 ssh2
Jun 23 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Connection closed by 91.92.40.12 port 46428 [preauth]
Jun 23 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Invalid user marina from 147.182.183.153
Jun 23 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: input_userauth_request: invalid user marina [preauth]
Jun 23 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Failed password for invalid user marina from 147.182.183.153 port 36584 ssh2
Jun 23 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: Invalid user oracle from 144.225.187.123
Jun 23 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: input_userauth_request: invalid user oracle [preauth]
Jun 23 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Received disconnect from 147.182.183.153 port 36584:11: Bye Bye [preauth]
Jun 23 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Disconnected from 147.182.183.153 port 36584 [preauth]
Jun 23 07:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: Failed password for invalid user oracle from 144.225.187.123 port 56638 ssh2
Jun 23 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: Connection closed by 144.225.187.123 port 56638 [preauth]
Jun 23 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 07:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Failed password for root from 51.250.105.222 port 60742 ssh2
Jun 23 07:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Connection closed by 51.250.105.222 port 60742 [preauth]
Jun 23 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13651]: Successful su for rubyman by root
Jun 23 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13651]: + ??? root:rubyman
Jun 23 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575883 of user rubyman.
Jun 23 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13651]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575883.
Jun 23 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session closed for user root
Jun 23 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Invalid user nick from 144.225.187.123
Jun 23 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: input_userauth_request: invalid user nick [preauth]
Jun 23 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for invalid user nick from 144.225.187.123 port 56854 ssh2
Jun 23 07:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Connection closed by 144.225.187.123 port 56854 [preauth]
Jun 23 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session closed for user root
Jun 23 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 07:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Failed password for root from 109.237.96.109 port 33410 ssh2
Jun 23 07:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Connection closed by 109.237.96.109 port 33410 [preauth]
Jun 23 07:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: Invalid user test from 45.148.10.121
Jun 23 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: input_userauth_request: invalid user test [preauth]
Jun 23 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Invalid user nexus from 144.225.187.123
Jun 23 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: input_userauth_request: invalid user nexus [preauth]
Jun 23 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: Failed password for invalid user test from 45.148.10.121 port 39886 ssh2
Jun 23 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: Connection closed by 45.148.10.121 port 39886 [preauth]
Jun 23 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Failed password for invalid user nexus from 144.225.187.123 port 42086 ssh2
Jun 23 07:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Connection closed by 144.225.187.123 port 42086 [preauth]
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session closed for user root
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14018]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14078]: Successful su for rubyman by root
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14078]: + ??? root:rubyman
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575887 of user rubyman.
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14078]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575887.
Jun 23 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11233]: pam_unix(cron:session): session closed for user root
Jun 23 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14019]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: Invalid user developer from 91.92.40.12
Jun 23 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: input_userauth_request: invalid user developer [preauth]
Jun 23 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: Failed password for invalid user developer from 91.92.40.12 port 46062 ssh2
Jun 23 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: Connection closed by 91.92.40.12 port 46062 [preauth]
Jun 23 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: Invalid user ahmad from 147.182.183.153
Jun 23 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: input_userauth_request: invalid user ahmad [preauth]
Jun 23 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: Failed password for invalid user ahmad from 147.182.183.153 port 39330 ssh2
Jun 23 07:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: Received disconnect from 147.182.183.153 port 39330:11: Bye Bye [preauth]
Jun 23 07:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: Disconnected from 147.182.183.153 port 39330 [preauth]
Jun 23 07:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13139]: pam_unix(cron:session): session closed for user root
Jun 23 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Invalid user git from 144.225.187.123
Jun 23 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: input_userauth_request: invalid user git [preauth]
Jun 23 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Failed password for invalid user git from 144.225.187.123 port 33002 ssh2
Jun 23 07:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Connection closed by 144.225.187.123 port 33002 [preauth]
Jun 23 07:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: Invalid user remoteuser from 152.32.218.244
Jun 23 07:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: input_userauth_request: invalid user remoteuser [preauth]
Jun 23 07:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: Failed password for invalid user remoteuser from 152.32.218.244 port 41370 ssh2
Jun 23 07:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: Received disconnect from 152.32.218.244 port 41370:11: Bye Bye [preauth]
Jun 23 07:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: Disconnected from 152.32.218.244 port 41370 [preauth]
Jun 23 07:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 07:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Failed password for root from 194.113.233.25 port 57376 ssh2
Jun 23 07:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Connection closed by 194.113.233.25 port 57376 [preauth]
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14408]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14472]: Successful su for rubyman by root
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14472]: + ??? root:rubyman
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575892 of user rubyman.
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14472]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575892.
Jun 23 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11681]: pam_unix(cron:session): session closed for user root
Jun 23 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14409]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: Invalid user es from 144.225.187.123
Jun 23 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: input_userauth_request: invalid user es [preauth]
Jun 23 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: Failed password for invalid user es from 144.225.187.123 port 37238 ssh2
Jun 23 07:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: Connection closed by 144.225.187.123 port 37238 [preauth]
Jun 23 07:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session closed for user root
Jun 23 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Invalid user developer from 91.92.40.12
Jun 23 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: input_userauth_request: invalid user developer [preauth]
Jun 23 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.12
Jun 23 07:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Failed password for invalid user developer from 91.92.40.12 port 43532 ssh2
Jun 23 07:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Connection closed by 91.92.40.12 port 43532 [preauth]
Jun 23 07:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: Invalid user dd from 144.225.187.123
Jun 23 07:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: input_userauth_request: invalid user dd [preauth]
Jun 23 07:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: Failed password for invalid user dd from 144.225.187.123 port 56892 ssh2
Jun 23 07:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: Connection closed by 144.225.187.123 port 56892 [preauth]
Jun 23 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Invalid user hamza from 147.182.183.153
Jun 23 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: input_userauth_request: invalid user hamza [preauth]
Jun 23 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14959]: Successful su for rubyman by root
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14959]: + ??? root:rubyman
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575896 of user rubyman.
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14959]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575896.
Jun 23 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user hamza from 147.182.183.153 port 35902 ssh2
Jun 23 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Received disconnect from 147.182.183.153 port 35902:11: Bye Bye [preauth]
Jun 23 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Disconnected from 147.182.183.153 port 35902 [preauth]
Jun 23 07:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12162]: pam_unix(cron:session): session closed for user root
Jun 23 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Invalid user bitrix from 144.225.187.123
Jun 23 07:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: input_userauth_request: invalid user bitrix [preauth]
Jun 23 07:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Failed password for invalid user bitrix from 144.225.187.123 port 54956 ssh2
Jun 23 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Connection closed by 144.225.187.123 port 54956 [preauth]
Jun 23 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14021]: pam_unix(cron:session): session closed for user root
Jun 23 07:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: Invalid user ahmad from 152.32.218.244
Jun 23 07:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: input_userauth_request: invalid user ahmad [preauth]
Jun 23 07:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: Failed password for invalid user ahmad from 152.32.218.244 port 45880 ssh2
Jun 23 07:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: Received disconnect from 152.32.218.244 port 45880:11: Bye Bye [preauth]
Jun 23 07:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: Disconnected from 152.32.218.244 port 45880 [preauth]
Jun 23 07:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session closed for user root
Jun 23 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15311]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15376]: Successful su for rubyman by root
Jun 23 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15376]: + ??? root:rubyman
Jun 23 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575901 of user rubyman.
Jun 23 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15376]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575901.
Jun 23 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: Invalid user api from 144.225.187.123
Jun 23 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: input_userauth_request: invalid user api [preauth]
Jun 23 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15313]: pam_unix(cron:session): session closed for user root
Jun 23 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12717]: pam_unix(cron:session): session closed for user root
Jun 23 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: Failed password for invalid user api from 144.225.187.123 port 35234 ssh2
Jun 23 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: Connection closed by 144.225.187.123 port 35234 [preauth]
Jun 23 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15312]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14411]: pam_unix(cron:session): session closed for user root
Jun 23 07:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153  user=root
Jun 23 07:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: Failed password for root from 147.182.183.153 port 55932 ssh2
Jun 23 07:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: Received disconnect from 147.182.183.153 port 55932:11: Bye Bye [preauth]
Jun 23 07:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: Disconnected from 147.182.183.153 port 55932 [preauth]
Jun 23 07:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: Invalid user admin from 144.225.187.123
Jun 23 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: input_userauth_request: invalid user admin [preauth]
Jun 23 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: Failed password for invalid user admin from 144.225.187.123 port 57768 ssh2
Jun 23 07:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: Connection closed by 144.225.187.123 port 57768 [preauth]
Jun 23 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15728]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15795]: Successful su for rubyman by root
Jun 23 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15795]: + ??? root:rubyman
Jun 23 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575907 of user rubyman.
Jun 23 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15795]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575907.
Jun 23 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13138]: pam_unix(cron:session): session closed for user root
Jun 23 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15729]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Invalid user admin from 144.225.187.123
Jun 23 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: input_userauth_request: invalid user admin [preauth]
Jun 23 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Failed password for invalid user admin from 144.225.187.123 port 59626 ssh2
Jun 23 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Connection closed by 144.225.187.123 port 59626 [preauth]
Jun 23 07:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Invalid user nagios from 147.45.174.229
Jun 23 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: input_userauth_request: invalid user nagios [preauth]
Jun 23 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 07:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Failed password for invalid user nagios from 147.45.174.229 port 50160 ssh2
Jun 23 07:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Received disconnect from 147.45.174.229 port 50160:11: Bye Bye [preauth]
Jun 23 07:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Disconnected from 147.45.174.229 port 50160 [preauth]
Jun 23 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14899]: pam_unix(cron:session): session closed for user root
Jun 23 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Invalid user user from 144.225.187.123
Jun 23 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: input_userauth_request: invalid user user [preauth]
Jun 23 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Failed password for invalid user user from 144.225.187.123 port 40324 ssh2
Jun 23 07:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244  user=root
Jun 23 07:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Connection closed by 144.225.187.123 port 40324 [preauth]
Jun 23 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Failed password for root from 152.32.218.244 port 36072 ssh2
Jun 23 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Received disconnect from 152.32.218.244 port 36072:11: Bye Bye [preauth]
Jun 23 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Disconnected from 152.32.218.244 port 36072 [preauth]
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16186]: Successful su for rubyman by root
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16186]: + ??? root:rubyman
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575911 of user rubyman.
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16186]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575911.
Jun 23 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13589]: pam_unix(cron:session): session closed for user root
Jun 23 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16124]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Invalid user don from 147.182.183.153
Jun 23 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: input_userauth_request: invalid user don [preauth]
Jun 23 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Failed password for invalid user don from 147.182.183.153 port 46082 ssh2
Jun 23 07:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Received disconnect from 147.182.183.153 port 46082:11: Bye Bye [preauth]
Jun 23 07:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Disconnected from 147.182.183.153 port 46082 [preauth]
Jun 23 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: Invalid user ubuntu from 144.225.187.123
Jun 23 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: Failed password for invalid user ubuntu from 144.225.187.123 port 56080 ssh2
Jun 23 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: Connection closed by 144.225.187.123 port 56080 [preauth]
Jun 23 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session closed for user root
Jun 23 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Failed password for root from 202.178.126.219 port 44715 ssh2
Jun 23 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Connection closed by 202.178.126.219 port 44715 [preauth]
Jun 23 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16589]: Successful su for rubyman by root
Jun 23 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16589]: + ??? root:rubyman
Jun 23 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575916 of user rubyman.
Jun 23 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16589]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575916.
Jun 23 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14020]: pam_unix(cron:session): session closed for user root
Jun 23 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16531]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16746]: Failed password for root from 144.225.187.123 port 37740 ssh2
Jun 23 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16746]: Connection closed by 144.225.187.123 port 37740 [preauth]
Jun 23 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15731]: pam_unix(cron:session): session closed for user root
Jun 23 07:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Failed password for root from 144.225.187.123 port 34970 ssh2
Jun 23 07:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Connection closed by 144.225.187.123 port 34970 [preauth]
Jun 23 07:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153  user=root
Jun 23 07:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Failed password for root from 147.182.183.153 port 36380 ssh2
Jun 23 07:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Received disconnect from 147.182.183.153 port 36380:11: Bye Bye [preauth]
Jun 23 07:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Disconnected from 147.182.183.153 port 36380 [preauth]
Jun 23 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17026]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17089]: Successful su for rubyman by root
Jun 23 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17089]: + ??? root:rubyman
Jun 23 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575919 of user rubyman.
Jun 23 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17089]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575919.
Jun 23 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14410]: pam_unix(cron:session): session closed for user root
Jun 23 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Invalid user odoo from 152.32.218.244
Jun 23 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: input_userauth_request: invalid user odoo [preauth]
Jun 23 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Failed password for invalid user odoo from 152.32.218.244 port 40794 ssh2
Jun 23 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Received disconnect from 152.32.218.244 port 40794:11: Bye Bye [preauth]
Jun 23 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Disconnected from 152.32.218.244 port 40794 [preauth]
Jun 23 07:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: Failed password for root from 144.225.187.123 port 57956 ssh2
Jun 23 07:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: Connection closed by 144.225.187.123 port 57956 [preauth]
Jun 23 07:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Invalid user tw from 147.45.174.229
Jun 23 07:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: input_userauth_request: invalid user tw [preauth]
Jun 23 07:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Failed password for invalid user tw from 147.45.174.229 port 57678 ssh2
Jun 23 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Received disconnect from 147.45.174.229 port 57678:11: Bye Bye [preauth]
Jun 23 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Disconnected from 147.45.174.229 port 57678 [preauth]
Jun 23 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session closed for user root
Jun 23 07:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: Failed password for root from 144.225.187.123 port 54156 ssh2
Jun 23 07:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: Connection closed by 144.225.187.123 port 54156 [preauth]
Jun 23 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17437]: Did not receive identification string from 91.92.40.11
Jun 23 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17445]: pam_unix(cron:session): session closed for user root
Jun 23 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17439]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17511]: Successful su for rubyman by root
Jun 23 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17511]: + ??? root:rubyman
Jun 23 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575927 of user rubyman.
Jun 23 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17511]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575927.
Jun 23 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session closed for user root
Jun 23 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session closed for user root
Jun 23 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Invalid user localadmin from 147.182.183.153
Jun 23 07:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: input_userauth_request: invalid user localadmin [preauth]
Jun 23 07:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16533]: pam_unix(cron:session): session closed for user root
Jun 23 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Failed password for invalid user localadmin from 147.182.183.153 port 46280 ssh2
Jun 23 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Received disconnect from 147.182.183.153 port 46280:11: Bye Bye [preauth]
Jun 23 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Disconnected from 147.182.183.153 port 46280 [preauth]
Jun 23 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: Failed password for root from 144.225.187.123 port 38088 ssh2
Jun 23 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: Connection closed by 144.225.187.123 port 38088 [preauth]
Jun 23 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17974]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18052]: Successful su for rubyman by root
Jun 23 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18052]: + ??? root:rubyman
Jun 23 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575928 of user rubyman.
Jun 23 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18052]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575928.
Jun 23 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session closed for user root
Jun 23 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17975]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Failed password for root from 144.225.187.123 port 35616 ssh2
Jun 23 07:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Connection closed by 144.225.187.123 port 35616 [preauth]
Jun 23 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18309]: Invalid user admin from 152.32.218.244
Jun 23 07:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18309]: input_userauth_request: invalid user admin [preauth]
Jun 23 07:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18309]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18309]: Failed password for invalid user admin from 152.32.218.244 port 39936 ssh2
Jun 23 07:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18309]: Received disconnect from 152.32.218.244 port 39936:11: Bye Bye [preauth]
Jun 23 07:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18309]: Disconnected from 152.32.218.244 port 39936 [preauth]
Jun 23 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17030]: pam_unix(cron:session): session closed for user root
Jun 23 07:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: Failed password for root from 144.225.187.123 port 50668 ssh2
Jun 23 07:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18363]: Connection closed by 144.225.187.123 port 50668 [preauth]
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18494]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18560]: Successful su for rubyman by root
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18560]: + ??? root:rubyman
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575933 of user rubyman.
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18560]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575933.
Jun 23 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15730]: pam_unix(cron:session): session closed for user root
Jun 23 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18495]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: Invalid user teszt from 147.182.183.153
Jun 23 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: input_userauth_request: invalid user teszt [preauth]
Jun 23 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: Failed password for invalid user teszt from 147.182.183.153 port 34964 ssh2
Jun 23 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: Received disconnect from 147.182.183.153 port 34964:11: Bye Bye [preauth]
Jun 23 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: Disconnected from 147.182.183.153 port 34964 [preauth]
Jun 23 07:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: Failed password for root from 144.225.187.123 port 44454 ssh2
Jun 23 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: Connection closed by 144.225.187.123 port 44454 [preauth]
Jun 23 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18801]: Invalid user password from 147.45.174.229
Jun 23 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18801]: input_userauth_request: invalid user password [preauth]
Jun 23 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18801]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 07:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18801]: Failed password for invalid user password from 147.45.174.229 port 49224 ssh2
Jun 23 07:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18801]: Received disconnect from 147.45.174.229 port 49224:11: Bye Bye [preauth]
Jun 23 07:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18801]: Disconnected from 147.45.174.229 port 49224 [preauth]
Jun 23 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17444]: pam_unix(cron:session): session closed for user root
Jun 23 07:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: Failed password for root from 91.92.40.11 port 46148 ssh2
Jun 23 07:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: Connection closed by 91.92.40.11 port 46148 [preauth]
Jun 23 07:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18916]: Failed password for root from 144.225.187.123 port 37020 ssh2
Jun 23 07:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18916]: Connection closed by 144.225.187.123 port 37020 [preauth]
Jun 23 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18930]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18928]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18988]: Successful su for rubyman by root
Jun 23 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18988]: + ??? root:rubyman
Jun 23 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575937 of user rubyman.
Jun 23 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18988]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575937.
Jun 23 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session closed for user root
Jun 23 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18929]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17977]: pam_unix(cron:session): session closed for user root
Jun 23 07:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: Failed password for root from 144.225.187.123 port 43012 ssh2
Jun 23 07:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: Connection closed by 144.225.187.123 port 43012 [preauth]
Jun 23 07:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244  user=root
Jun 23 07:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: Failed password for root from 152.32.218.244 port 57486 ssh2
Jun 23 07:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: Received disconnect from 152.32.218.244 port 57486:11: Bye Bye [preauth]
Jun 23 07:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19375]: Disconnected from 152.32.218.244 port 57486 [preauth]
Jun 23 07:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153  user=root
Jun 23 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: Failed password for root from 147.182.183.153 port 52216 ssh2
Jun 23 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: Received disconnect from 147.182.183.153 port 52216:11: Bye Bye [preauth]
Jun 23 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: Disconnected from 147.182.183.153 port 52216 [preauth]
Jun 23 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19599]: Successful su for rubyman by root
Jun 23 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19599]: + ??? root:rubyman
Jun 23 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575940 of user rubyman.
Jun 23 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19599]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575940.
Jun 23 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16532]: pam_unix(cron:session): session closed for user root
Jun 23 07:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19430]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Failed password for root from 144.225.187.123 port 33112 ssh2
Jun 23 07:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Connection closed by 144.225.187.123 port 33112 [preauth]
Jun 23 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: Failed password for root from 91.92.40.11 port 54454 ssh2
Jun 23 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: Connection closed by 91.92.40.11 port 54454 [preauth]
Jun 23 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18497]: pam_unix(cron:session): session closed for user root
Jun 23 07:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for root from 144.225.187.123 port 44594 ssh2
Jun 23 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Connection closed by 144.225.187.123 port 44594 [preauth]
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20049]: pam_unix(cron:session): session closed for user root
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20044]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20113]: Successful su for rubyman by root
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20113]: + ??? root:rubyman
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575944 of user rubyman.
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20113]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575944.
Jun 23 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20046]: pam_unix(cron:session): session closed for user root
Jun 23 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session closed for user root
Jun 23 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20355]: Received disconnect from 195.160.220.149 port 18228:11: disconnected by user [preauth]
Jun 23 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20355]: Disconnected from 195.160.220.149 port 18228 [preauth]
Jun 23 07:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: Invalid user spaces from 147.45.174.229
Jun 23 07:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: input_userauth_request: invalid user spaces [preauth]
Jun 23 07:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 07:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: Failed password for invalid user spaces from 147.45.174.229 port 41654 ssh2
Jun 23 07:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: Received disconnect from 147.45.174.229 port 41654:11: Bye Bye [preauth]
Jun 23 07:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: Disconnected from 147.45.174.229 port 41654 [preauth]
Jun 23 07:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20477]: Failed password for root from 144.225.187.123 port 59084 ssh2
Jun 23 07:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20477]: Connection closed by 144.225.187.123 port 59084 [preauth]
Jun 23 07:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Invalid user zjh from 147.182.183.153
Jun 23 07:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: input_userauth_request: invalid user zjh [preauth]
Jun 23 07:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Failed password for invalid user zjh from 147.182.183.153 port 39310 ssh2
Jun 23 07:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Received disconnect from 147.182.183.153 port 39310:11: Bye Bye [preauth]
Jun 23 07:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Disconnected from 147.182.183.153 port 39310 [preauth]
Jun 23 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18931]: pam_unix(cron:session): session closed for user root
Jun 23 07:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20543]: Connection closed by 194.59.206.2 port 56802 [preauth]
Jun 23 07:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Invalid user zjh from 152.32.218.244
Jun 23 07:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: input_userauth_request: invalid user zjh [preauth]
Jun 23 07:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Failed password for invalid user zjh from 152.32.218.244 port 47466 ssh2
Jun 23 07:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Received disconnect from 152.32.218.244 port 47466:11: Bye Bye [preauth]
Jun 23 07:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Disconnected from 152.32.218.244 port 47466 [preauth]
Jun 23 07:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20701]: Successful su for rubyman by root
Jun 23 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20701]: + ??? root:rubyman
Jun 23 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575950 of user rubyman.
Jun 23 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20701]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575950.
Jun 23 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: Failed password for root from 144.225.187.123 port 48198 ssh2
Jun 23 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17442]: pam_unix(cron:session): session closed for user root
Jun 23 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: Connection closed by 144.225.187.123 port 48198 [preauth]
Jun 23 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Did not receive identification string from 91.92.40.11
Jun 23 07:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Failed password for root from 91.92.40.11 port 49664 ssh2
Jun 23 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Connection closed by 91.92.40.11 port 49664 [preauth]
Jun 23 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19432]: pam_unix(cron:session): session closed for user root
Jun 23 07:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21041]: Failed password for root from 144.225.187.123 port 41346 ssh2
Jun 23 07:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21041]: Connection closed by 144.225.187.123 port 41346 [preauth]
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21102]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21172]: Successful su for rubyman by root
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21172]: + ??? root:rubyman
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575954 of user rubyman.
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21172]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575954.
Jun 23 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17976]: pam_unix(cron:session): session closed for user root
Jun 23 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153  user=root
Jun 23 07:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21103]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: Failed password for root from 147.182.183.153 port 43612 ssh2
Jun 23 07:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: Received disconnect from 147.182.183.153 port 43612:11: Bye Bye [preauth]
Jun 23 07:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: Disconnected from 147.182.183.153 port 43612 [preauth]
Jun 23 07:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21374]: Failed password for root from 144.225.187.123 port 39734 ssh2
Jun 23 07:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21374]: Connection closed by 144.225.187.123 port 39734 [preauth]
Jun 23 07:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20048]: pam_unix(cron:session): session closed for user root
Jun 23 07:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: Failed password for root from 91.92.40.11 port 51124 ssh2
Jun 23 07:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: Connection closed by 91.92.40.11 port 51124 [preauth]
Jun 23 07:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Failed password for root from 144.225.187.123 port 44616 ssh2
Jun 23 07:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Connection closed by 144.225.187.123 port 44616 [preauth]
Jun 23 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21600]: Successful su for rubyman by root
Jun 23 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21600]: + ??? root:rubyman
Jun 23 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575959 of user rubyman.
Jun 23 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21600]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575959.
Jun 23 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18496]: pam_unix(cron:session): session closed for user root
Jun 23 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244  user=root
Jun 23 07:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21528]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: Failed password for root from 152.32.218.244 port 43522 ssh2
Jun 23 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: Received disconnect from 152.32.218.244 port 43522:11: Bye Bye [preauth]
Jun 23 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: Disconnected from 152.32.218.244 port 43522 [preauth]
Jun 23 07:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: Invalid user redir from 147.45.174.229
Jun 23 07:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: input_userauth_request: invalid user redir [preauth]
Jun 23 07:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.174.229
Jun 23 07:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: Failed password for invalid user redir from 147.45.174.229 port 45722 ssh2
Jun 23 07:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: Received disconnect from 147.45.174.229 port 45722:11: Bye Bye [preauth]
Jun 23 07:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21831]: Disconnected from 147.45.174.229 port 45722 [preauth]
Jun 23 07:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21848]: Failed password for root from 144.225.187.123 port 38518 ssh2
Jun 23 07:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21848]: Connection closed by 144.225.187.123 port 38518 [preauth]
Jun 23 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20594]: pam_unix(cron:session): session closed for user root
Jun 23 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: Invalid user vpn from 147.182.183.153
Jun 23 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: input_userauth_request: invalid user vpn [preauth]
Jun 23 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: Failed password for invalid user vpn from 147.182.183.153 port 40204 ssh2
Jun 23 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: Received disconnect from 147.182.183.153 port 40204:11: Bye Bye [preauth]
Jun 23 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: Disconnected from 147.182.183.153 port 40204 [preauth]
Jun 23 07:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21961]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22019]: Successful su for rubyman by root
Jun 23 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22019]: + ??? root:rubyman
Jun 23 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575962 of user rubyman.
Jun 23 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22019]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575962.
Jun 23 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21958]: Failed password for root from 144.225.187.123 port 41148 ssh2
Jun 23 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21958]: Connection closed by 144.225.187.123 port 41148 [preauth]
Jun 23 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18930]: pam_unix(cron:session): session closed for user root
Jun 23 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21962]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22185]: Failed password for root from 91.92.40.11 port 54314 ssh2
Jun 23 07:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22185]: Connection closed by 91.92.40.11 port 54314 [preauth]
Jun 23 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session closed for user root
Jun 23 07:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Failed password for root from 144.225.187.123 port 45812 ssh2
Jun 23 07:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Connection closed by 144.225.187.123 port 45812 [preauth]
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22460]: pam_unix(cron:session): session closed for user root
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22523]: Successful su for rubyman by root
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22523]: + ??? root:rubyman
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575968 of user rubyman.
Jun 23 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22523]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575968.
Jun 23 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22457]: pam_unix(cron:session): session closed for user root
Jun 23 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19431]: pam_unix(cron:session): session closed for user root
Jun 23 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Invalid user admin from 2.57.121.25
Jun 23 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: input_userauth_request: invalid user admin [preauth]
Jun 23 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Failed password for invalid user admin from 2.57.121.25 port 50328 ssh2
Jun 23 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Failed password for invalid user admin from 2.57.121.25 port 50328 ssh2
Jun 23 07:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: Invalid user marina from 152.32.218.244
Jun 23 07:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: input_userauth_request: invalid user marina [preauth]
Jun 23 07:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Failed password for invalid user admin from 2.57.121.25 port 50328 ssh2
Jun 23 07:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Connection closed by 2.57.121.25 port 50328 [preauth]
Jun 23 07:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 07:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: Failed password for invalid user marina from 152.32.218.244 port 41430 ssh2
Jun 23 07:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: Received disconnect from 152.32.218.244 port 41430:11: Bye Bye [preauth]
Jun 23 07:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22745]: Disconnected from 152.32.218.244 port 41430 [preauth]
Jun 23 07:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22743]: Failed password for root from 144.225.187.123 port 46392 ssh2
Jun 23 07:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22743]: Connection closed by 144.225.187.123 port 46392 [preauth]
Jun 23 07:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22778]: Invalid user jorge from 147.182.183.153
Jun 23 07:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22778]: input_userauth_request: invalid user jorge [preauth]
Jun 23 07:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22778]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22778]: Failed password for invalid user jorge from 147.182.183.153 port 55914 ssh2
Jun 23 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22778]: Received disconnect from 147.182.183.153 port 55914:11: Bye Bye [preauth]
Jun 23 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22778]: Disconnected from 147.182.183.153 port 55914 [preauth]
Jun 23 07:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21530]: pam_unix(cron:session): session closed for user root
Jun 23 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22819]: Failed password for root from 91.92.40.11 port 47904 ssh2
Jun 23 07:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22819]: Connection closed by 91.92.40.11 port 47904 [preauth]
Jun 23 07:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: Failed password for root from 144.225.187.123 port 43380 ssh2
Jun 23 07:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: Connection closed by 144.225.187.123 port 43380 [preauth]
Jun 23 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22909]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22979]: Successful su for rubyman by root
Jun 23 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22979]: + ??? root:rubyman
Jun 23 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575972 of user rubyman.
Jun 23 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22979]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575972.
Jun 23 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20047]: pam_unix(cron:session): session closed for user root
Jun 23 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22910]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Failed password for root from 144.225.187.123 port 57532 ssh2
Jun 23 07:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Connection closed by 144.225.187.123 port 57532 [preauth]
Jun 23 07:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session closed for user root
Jun 23 07:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23327]: Invalid user joan from 147.182.183.153
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23327]: input_userauth_request: invalid user joan [preauth]
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23327]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23398]: Successful su for rubyman by root
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23398]: + ??? root:rubyman
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575976 of user rubyman.
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23398]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575976.
Jun 23 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: Failed password for root from 91.92.40.11 port 33986 ssh2
Jun 23 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: Connection closed by 91.92.40.11 port 33986 [preauth]
Jun 23 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23327]: Failed password for invalid user joan from 147.182.183.153 port 48724 ssh2
Jun 23 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23327]: Received disconnect from 147.182.183.153 port 48724:11: Bye Bye [preauth]
Jun 23 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23327]: Disconnected from 147.182.183.153 port 48724 [preauth]
Jun 23 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20593]: pam_unix(cron:session): session closed for user root
Jun 23 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23323]: Failed password for root from 144.225.187.123 port 54530 ssh2
Jun 23 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23323]: Connection closed by 144.225.187.123 port 54530 [preauth]
Jun 23 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: Invalid user pi from 212.100.48.101
Jun 23 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: input_userauth_request: invalid user pi [preauth]
Jun 23 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23599]: Invalid user pi from 212.100.48.101
Jun 23 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23599]: input_userauth_request: invalid user pi [preauth]
Jun 23 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.100.48.101
Jun 23 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23599]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.100.48.101
Jun 23 07:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: Failed password for invalid user pi from 212.100.48.101 port 63627 ssh2
Jun 23 07:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23599]: Failed password for invalid user pi from 212.100.48.101 port 60806 ssh2
Jun 23 07:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: Connection closed by 212.100.48.101 port 63627 [preauth]
Jun 23 07:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23599]: Connection closed by 212.100.48.101 port 60806 [preauth]
Jun 23 07:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23645]: Invalid user joan from 152.32.218.244
Jun 23 07:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23645]: input_userauth_request: invalid user joan [preauth]
Jun 23 07:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23645]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23645]: Failed password for invalid user joan from 152.32.218.244 port 48116 ssh2
Jun 23 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23645]: Received disconnect from 152.32.218.244 port 48116:11: Bye Bye [preauth]
Jun 23 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23645]: Disconnected from 152.32.218.244 port 48116 [preauth]
Jun 23 07:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 07:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23659]: Failed password for root from 80.66.85.226 port 52748 ssh2
Jun 23 07:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23659]: Connection closed by 80.66.85.226 port 52748 [preauth]
Jun 23 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session closed for user root
Jun 23 07:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Failed password for root from 144.225.187.123 port 55576 ssh2
Jun 23 07:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Connection closed by 144.225.187.123 port 55576 [preauth]
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23761]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23919]: Successful su for rubyman by root
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23919]: + ??? root:rubyman
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575980 of user rubyman.
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23919]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575980.
Jun 23 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session closed for user root
Jun 23 07:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23762]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Failed password for root from 144.225.187.123 port 54452 ssh2
Jun 23 07:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Connection closed by 144.225.187.123 port 54452 [preauth]
Jun 23 07:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: Failed password for root from 91.92.40.11 port 47534 ssh2
Jun 23 07:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: Connection closed by 91.92.40.11 port 47534 [preauth]
Jun 23 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22912]: pam_unix(cron:session): session closed for user root
Jun 23 07:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: Invalid user emo from 147.182.183.153
Jun 23 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: input_userauth_request: invalid user emo [preauth]
Jun 23 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: Failed password for invalid user emo from 147.182.183.153 port 35484 ssh2
Jun 23 07:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: Received disconnect from 147.182.183.153 port 35484:11: Bye Bye [preauth]
Jun 23 07:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: Disconnected from 147.182.183.153 port 35484 [preauth]
Jun 23 07:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Failed password for root from 144.225.187.123 port 59164 ssh2
Jun 23 07:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Connection closed by 144.225.187.123 port 59164 [preauth]
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24284]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24405]: Successful su for rubyman by root
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24405]: + ??? root:rubyman
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575985 of user rubyman.
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24405]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575985.
Jun 23 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24282]: pam_unix(cron:session): session closed for user root
Jun 23 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21529]: pam_unix(cron:session): session closed for user root
Jun 23 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24285]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Failed password for root from 144.225.187.123 port 41578 ssh2
Jun 23 07:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Connection closed by 144.225.187.123 port 41578 [preauth]
Jun 23 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23336]: pam_unix(cron:session): session closed for user root
Jun 23 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Failed password for root from 91.92.40.11 port 36562 ssh2
Jun 23 07:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Connection closed by 91.92.40.11 port 36562 [preauth]
Jun 23 07:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: Invalid user localadmin from 152.32.218.244
Jun 23 07:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: input_userauth_request: invalid user localadmin [preauth]
Jun 23 07:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: Failed password for invalid user localadmin from 152.32.218.244 port 50368 ssh2
Jun 23 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: Received disconnect from 152.32.218.244 port 50368:11: Bye Bye [preauth]
Jun 23 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: Disconnected from 152.32.218.244 port 50368 [preauth]
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session closed for user root
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24814]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24879]: Successful su for rubyman by root
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24879]: + ??? root:rubyman
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575991 of user rubyman.
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24879]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575991.
Jun 23 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session closed for user root
Jun 23 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24816]: pam_unix(cron:session): session closed for user root
Jun 23 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24815]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24899]: Failed password for root from 144.225.187.123 port 46172 ssh2
Jun 23 07:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24899]: Connection closed by 144.225.187.123 port 46172 [preauth]
Jun 23 07:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Invalid user nancy from 147.182.183.153
Jun 23 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: input_userauth_request: invalid user nancy [preauth]
Jun 23 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Failed password for invalid user nancy from 147.182.183.153 port 55892 ssh2
Jun 23 07:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Received disconnect from 147.182.183.153 port 55892:11: Bye Bye [preauth]
Jun 23 07:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Disconnected from 147.182.183.153 port 55892 [preauth]
Jun 23 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23765]: pam_unix(cron:session): session closed for user root
Jun 23 07:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 07:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Failed password for root from 103.153.68.219 port 46626 ssh2
Jun 23 07:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Connection closed by 103.153.68.219 port 46626 [preauth]
Jun 23 07:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Failed password for root from 144.225.187.123 port 60962 ssh2
Jun 23 07:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Connection closed by 144.225.187.123 port 60962 [preauth]
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25249]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25313]: Successful su for rubyman by root
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25313]: + ??? root:rubyman
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575995 of user rubyman.
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25313]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575995.
Jun 23 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25247]: Failed password for root from 91.92.40.11 port 46396 ssh2
Jun 23 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25247]: Connection closed by 91.92.40.11 port 46396 [preauth]
Jun 23 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22458]: pam_unix(cron:session): session closed for user root
Jun 23 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25250]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: Failed password for root from 144.225.187.123 port 35582 ssh2
Jun 23 07:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25529]: Connection closed by 144.225.187.123 port 35582 [preauth]
Jun 23 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24287]: pam_unix(cron:session): session closed for user root
Jun 23 07:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: Invalid user jens from 147.182.183.153
Jun 23 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: input_userauth_request: invalid user jens [preauth]
Jun 23 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: Invalid user don from 152.32.218.244
Jun 23 07:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: input_userauth_request: invalid user don [preauth]
Jun 23 07:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: Failed password for invalid user jens from 147.182.183.153 port 45150 ssh2
Jun 23 07:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: Received disconnect from 147.182.183.153 port 45150:11: Bye Bye [preauth]
Jun 23 07:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: Disconnected from 147.182.183.153 port 45150 [preauth]
Jun 23 07:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: Failed password for invalid user don from 152.32.218.244 port 56368 ssh2
Jun 23 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: Received disconnect from 152.32.218.244 port 56368:11: Bye Bye [preauth]
Jun 23 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: Disconnected from 152.32.218.244 port 56368 [preauth]
Jun 23 07:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Failed password for root from 144.225.187.123 port 37188 ssh2
Jun 23 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Connection closed by 144.225.187.123 port 37188 [preauth]
Jun 23 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25650]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: Successful su for rubyman by root
Jun 23 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: + ??? root:rubyman
Jun 23 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 575999 of user rubyman.
Jun 23 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 575999.
Jun 23 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22911]: pam_unix(cron:session): session closed for user root
Jun 23 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25651]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: Failed password for root from 91.92.40.11 port 51722 ssh2
Jun 23 07:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: Connection closed by 91.92.40.11 port 51722 [preauth]
Jun 23 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session closed for user root
Jun 23 07:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Failed password for root from 144.225.187.123 port 59810 ssh2
Jun 23 07:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Connection closed by 144.225.187.123 port 59810 [preauth]
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26038]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26098]: Successful su for rubyman by root
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26098]: + ??? root:rubyman
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576003 of user rubyman.
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26098]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576003.
Jun 23 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session closed for user root
Jun 23 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26039]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26292]: Failed password for root from 144.225.187.123 port 53296 ssh2
Jun 23 07:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26292]: Connection closed by 144.225.187.123 port 53296 [preauth]
Jun 23 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25252]: pam_unix(cron:session): session closed for user root
Jun 23 07:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: Invalid user admin from 147.182.183.153
Jun 23 07:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: input_userauth_request: invalid user admin [preauth]
Jun 23 07:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: Failed password for invalid user admin from 147.182.183.153 port 41272 ssh2
Jun 23 07:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: Received disconnect from 147.182.183.153 port 41272:11: Bye Bye [preauth]
Jun 23 07:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: Disconnected from 147.182.183.153 port 41272 [preauth]
Jun 23 07:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: Failed password for root from 91.92.40.11 port 48982 ssh2
Jun 23 07:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: Connection closed by 91.92.40.11 port 48982 [preauth]
Jun 23 07:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: Failed password for root from 144.225.187.123 port 51390 ssh2
Jun 23 07:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26417]: Connection closed by 144.225.187.123 port 51390 [preauth]
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26445]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26506]: Successful su for rubyman by root
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26506]: + ??? root:rubyman
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576007 of user rubyman.
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26506]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576007.
Jun 23 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23764]: pam_unix(cron:session): session closed for user root
Jun 23 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26446]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: Invalid user hamza from 152.32.218.244
Jun 23 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: input_userauth_request: invalid user hamza [preauth]
Jun 23 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: Failed password for invalid user hamza from 152.32.218.244 port 37838 ssh2
Jun 23 07:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: Received disconnect from 152.32.218.244 port 37838:11: Bye Bye [preauth]
Jun 23 07:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: Disconnected from 152.32.218.244 port 37838 [preauth]
Jun 23 07:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: Failed password for root from 144.225.187.123 port 48094 ssh2
Jun 23 07:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: Connection closed by 144.225.187.123 port 48094 [preauth]
Jun 23 07:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25653]: pam_unix(cron:session): session closed for user root
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26930]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26929]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26930]: pam_unix(cron:session): session closed for user root
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26996]: Successful su for rubyman by root
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26996]: + ??? root:rubyman
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576015 of user rubyman.
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26996]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576015.
Jun 23 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26927]: pam_unix(cron:session): session closed for user root
Jun 23 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24286]: pam_unix(cron:session): session closed for user root
Jun 23 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26984]: Failed password for root from 91.92.40.11 port 56406 ssh2
Jun 23 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26984]: Connection closed by 91.92.40.11 port 56406 [preauth]
Jun 23 07:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Failed password for root from 144.225.187.123 port 53984 ssh2
Jun 23 07:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Connection closed by 144.225.187.123 port 53984 [preauth]
Jun 23 07:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26926]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153  user=root
Jun 23 07:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Failed password for root from 147.182.183.153 port 36330 ssh2
Jun 23 07:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Received disconnect from 147.182.183.153 port 36330:11: Bye Bye [preauth]
Jun 23 07:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Disconnected from 147.182.183.153 port 36330 [preauth]
Jun 23 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26041]: pam_unix(cron:session): session closed for user root
Jun 23 07:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123  user=root
Jun 23 07:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Failed password for root from 144.225.187.123 port 60214 ssh2
Jun 23 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: Connection closed by 45.148.10.121 port 33354 [preauth]
Jun 23 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Connection closed by 144.225.187.123 port 60214 [preauth]
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27384]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27449]: Successful su for rubyman by root
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27449]: + ??? root:rubyman
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576019 of user rubyman.
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27449]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576019.
Jun 23 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24817]: pam_unix(cron:session): session closed for user root
Jun 23 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27385]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Invalid user otsmanager from 144.225.187.123
Jun 23 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: input_userauth_request: invalid user otsmanager [preauth]
Jun 23 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Failed password for invalid user otsmanager from 144.225.187.123 port 36390 ssh2
Jun 23 07:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Connection closed by 144.225.187.123 port 36390 [preauth]
Jun 23 07:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: Failed password for root from 91.92.40.11 port 56608 ssh2
Jun 23 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: Connection closed by 91.92.40.11 port 56608 [preauth]
Jun 23 07:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Invalid user postgres from 152.32.218.244
Jun 23 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: input_userauth_request: invalid user postgres [preauth]
Jun 23 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Failed password for invalid user postgres from 152.32.218.244 port 38854 ssh2
Jun 23 07:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Received disconnect from 152.32.218.244 port 38854:11: Bye Bye [preauth]
Jun 23 07:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Disconnected from 152.32.218.244 port 38854 [preauth]
Jun 23 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26448]: pam_unix(cron:session): session closed for user root
Jun 23 07:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153  user=root
Jun 23 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Invalid user oracle from 144.225.187.123
Jun 23 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: input_userauth_request: invalid user oracle [preauth]
Jun 23 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Failed password for root from 147.182.183.153 port 34510 ssh2
Jun 23 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Received disconnect from 147.182.183.153 port 34510:11: Bye Bye [preauth]
Jun 23 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Disconnected from 147.182.183.153 port 34510 [preauth]
Jun 23 07:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Failed password for invalid user oracle from 144.225.187.123 port 34592 ssh2
Jun 23 07:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Connection closed by 144.225.187.123 port 34592 [preauth]
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27809]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27876]: Successful su for rubyman by root
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27876]: + ??? root:rubyman
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576021 of user rubyman.
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27876]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576021.
Jun 23 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25251]: pam_unix(cron:session): session closed for user root
Jun 23 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27811]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: Invalid user oracle from 144.225.187.123
Jun 23 07:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: input_userauth_request: invalid user oracle [preauth]
Jun 23 07:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: Failed password for invalid user oracle from 144.225.187.123 port 36452 ssh2
Jun 23 07:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: Connection closed by 144.225.187.123 port 36452 [preauth]
Jun 23 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26929]: pam_unix(cron:session): session closed for user root
Jun 23 07:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Failed password for root from 91.92.40.11 port 44514 ssh2
Jun 23 07:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Connection closed by 91.92.40.11 port 44514 [preauth]
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28274]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28331]: Successful su for rubyman by root
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28331]: + ??? root:rubyman
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576025 of user rubyman.
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28331]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576025.
Jun 23 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25652]: pam_unix(cron:session): session closed for user root
Jun 23 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28275]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: Invalid user main from 144.225.187.123
Jun 23 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: input_userauth_request: invalid user main [preauth]
Jun 23 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: Failed password for invalid user main from 144.225.187.123 port 57208 ssh2
Jun 23 07:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: Connection closed by 144.225.187.123 port 57208 [preauth]
Jun 23 07:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 07:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Failed password for root from 103.27.238.120 port 58458 ssh2
Jun 23 07:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Connection closed by 103.27.238.120 port 58458 [preauth]
Jun 23 07:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Invalid user devops from 147.182.183.153
Jun 23 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: input_userauth_request: invalid user devops [preauth]
Jun 23 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Failed password for invalid user devops from 147.182.183.153 port 45666 ssh2
Jun 23 07:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Received disconnect from 147.182.183.153 port 45666:11: Bye Bye [preauth]
Jun 23 07:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Disconnected from 147.182.183.153 port 45666 [preauth]
Jun 23 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session closed for user root
Jun 23 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: Invalid user jorge from 152.32.218.244
Jun 23 07:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: input_userauth_request: invalid user jorge [preauth]
Jun 23 07:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: Invalid user HwHiAiUser from 144.225.187.123
Jun 23 07:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: input_userauth_request: invalid user HwHiAiUser [preauth]
Jun 23 07:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 07:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: Failed password for invalid user jorge from 152.32.218.244 port 36422 ssh2
Jun 23 07:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: Failed password for invalid user HwHiAiUser from 144.225.187.123 port 58654 ssh2
Jun 23 07:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: Received disconnect from 152.32.218.244 port 36422:11: Bye Bye [preauth]
Jun 23 07:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: Disconnected from 152.32.218.244 port 36422 [preauth]
Jun 23 07:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28712]: Connection closed by 144.225.187.123 port 58654 [preauth]
Jun 23 07:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28726]: Failed password for root from 103.15.222.183 port 35044 ssh2
Jun 23 07:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28726]: Connection closed by 103.15.222.183 port 35044 [preauth]
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28774]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28833]: Successful su for rubyman by root
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28833]: + ??? root:rubyman
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576029 of user rubyman.
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28833]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576029.
Jun 23 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26040]: pam_unix(cron:session): session closed for user root
Jun 23 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28775]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: Received disconnect from 62.210.189.225 port 5030:11: disconnected by user [preauth]
Jun 23 07:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: Disconnected from 62.210.189.225 port 5030 [preauth]
Jun 23 07:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Failed password for root from 91.92.40.11 port 38234 ssh2
Jun 23 07:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Connection closed by 91.92.40.11 port 38234 [preauth]
Jun 23 07:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: Invalid user guest from 144.225.187.123
Jun 23 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: input_userauth_request: invalid user guest [preauth]
Jun 23 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: Failed password for invalid user guest from 144.225.187.123 port 58554 ssh2
Jun 23 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: Connection closed by 144.225.187.123 port 58554 [preauth]
Jun 23 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27813]: pam_unix(cron:session): session closed for user root
Jun 23 07:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Invalid user git from 144.225.187.123
Jun 23 07:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: input_userauth_request: invalid user git [preauth]
Jun 23 07:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Failed password for invalid user git from 144.225.187.123 port 43600 ssh2
Jun 23 07:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Connection closed by 144.225.187.123 port 43600 [preauth]
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29212]: pam_unix(cron:session): session closed for user root
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29205]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29293]: Successful su for rubyman by root
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29293]: + ??? root:rubyman
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576033 of user rubyman.
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29293]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576033.
Jun 23 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29209]: pam_unix(cron:session): session closed for user root
Jun 23 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26447]: pam_unix(cron:session): session closed for user root
Jun 23 07:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29207]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153  user=root
Jun 23 07:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: Failed password for root from 147.182.183.153 port 43816 ssh2
Jun 23 07:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: Received disconnect from 147.182.183.153 port 43816:11: Bye Bye [preauth]
Jun 23 07:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: Disconnected from 147.182.183.153 port 43816 [preauth]
Jun 23 07:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: Invalid user git from 144.225.187.123
Jun 23 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: input_userauth_request: invalid user git [preauth]
Jun 23 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28277]: pam_unix(cron:session): session closed for user root
Jun 23 07:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29659]: Failed password for root from 91.92.40.11 port 43120 ssh2
Jun 23 07:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29659]: Connection closed by 91.92.40.11 port 43120 [preauth]
Jun 23 07:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: Failed password for invalid user git from 144.225.187.123 port 41190 ssh2
Jun 23 07:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29657]: Connection closed by 144.225.187.123 port 41190 [preauth]
Jun 23 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: Invalid user nancy from 152.32.218.244
Jun 23 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: input_userauth_request: invalid user nancy [preauth]
Jun 23 07:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: Failed password for invalid user nancy from 152.32.218.244 port 32952 ssh2
Jun 23 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: Received disconnect from 152.32.218.244 port 32952:11: Bye Bye [preauth]
Jun 23 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: Disconnected from 152.32.218.244 port 32952 [preauth]
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29777]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29860]: Successful su for rubyman by root
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29860]: + ??? root:rubyman
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576039 of user rubyman.
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29860]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576039.
Jun 23 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: Invalid user user from 141.98.83.240
Jun 23 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: input_userauth_request: invalid user user [preauth]
Jun 23 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: Failed password for invalid user user from 141.98.83.240 port 26554 ssh2
Jun 23 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session closed for user root
Jun 23 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29778]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: Failed password for invalid user user from 141.98.83.240 port 26554 ssh2
Jun 23 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: Failed password for invalid user user from 141.98.83.240 port 26554 ssh2
Jun 23 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: Connection closed by 141.98.83.240 port 26554 [preauth]
Jun 23 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29871]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 07:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Invalid user ftpuser from 144.225.187.123
Jun 23 07:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 07:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Failed password for invalid user ftpuser from 144.225.187.123 port 49114 ssh2
Jun 23 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Connection closed by 144.225.187.123 port 49114 [preauth]
Jun 23 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28777]: pam_unix(cron:session): session closed for user root
Jun 23 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: Invalid user data from 147.182.183.153
Jun 23 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: input_userauth_request: invalid user data [preauth]
Jun 23 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: Invalid user free from 144.225.187.123
Jun 23 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: input_userauth_request: invalid user free [preauth]
Jun 23 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: Failed password for invalid user data from 147.182.183.153 port 37532 ssh2
Jun 23 07:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: Received disconnect from 147.182.183.153 port 37532:11: Bye Bye [preauth]
Jun 23 07:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: Disconnected from 147.182.183.153 port 37532 [preauth]
Jun 23 07:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: Failed password for invalid user free from 144.225.187.123 port 55212 ssh2
Jun 23 07:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: Connection closed by 144.225.187.123 port 55212 [preauth]
Jun 23 07:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: Failed password for root from 91.92.40.11 port 40900 ssh2
Jun 23 07:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: Connection closed by 91.92.40.11 port 40900 [preauth]
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30221]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30280]: Successful su for rubyman by root
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30280]: + ??? root:rubyman
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576044 of user rubyman.
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30280]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576044.
Jun 23 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session closed for user root
Jun 23 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30222]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: Invalid user daniel from 144.225.187.123
Jun 23 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: input_userauth_request: invalid user daniel [preauth]
Jun 23 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.225.187.123
Jun 23 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29211]: pam_unix(cron:session): session closed for user root
Jun 23 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: Failed password for invalid user daniel from 144.225.187.123 port 36754 ssh2
Jun 23 07:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: Connection closed by 144.225.187.123 port 36754 [preauth]
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30634]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: Successful su for rubyman by root
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: + ??? root:rubyman
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576049 of user rubyman.
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576049.
Jun 23 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27812]: pam_unix(cron:session): session closed for user root
Jun 23 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30635]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244  user=root
Jun 23 07:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: Failed password for root from 152.32.218.244 port 50238 ssh2
Jun 23 07:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: Received disconnect from 152.32.218.244 port 50238:11: Bye Bye [preauth]
Jun 23 07:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: Disconnected from 152.32.218.244 port 50238 [preauth]
Jun 23 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Failed password for root from 91.92.40.11 port 45674 ssh2
Jun 23 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Connection closed by 91.92.40.11 port 45674 [preauth]
Jun 23 07:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Invalid user postgres from 147.182.183.153
Jun 23 07:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: input_userauth_request: invalid user postgres [preauth]
Jun 23 07:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Failed password for invalid user postgres from 147.182.183.153 port 49626 ssh2
Jun 23 07:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Received disconnect from 147.182.183.153 port 49626:11: Bye Bye [preauth]
Jun 23 07:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Disconnected from 147.182.183.153 port 49626 [preauth]
Jun 23 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session closed for user root
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31143]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31200]: Successful su for rubyman by root
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31200]: + ??? root:rubyman
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576052 of user rubyman.
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31200]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576052.
Jun 23 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28276]: pam_unix(cron:session): session closed for user root
Jun 23 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31144]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session closed for user root
Jun 23 07:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31450]: Failed password for root from 91.92.40.11 port 44036 ssh2
Jun 23 07:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31450]: Connection closed by 91.92.40.11 port 44036 [preauth]
Jun 23 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 07:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Failed password for root from 38.93.206.2 port 18566 ssh2
Jun 23 07:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Connection closed by 38.93.206.2 port 18566 [preauth]
Jun 23 07:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 07:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31543]: Failed password for root from 147.45.199.80 port 42782 ssh2
Jun 23 07:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31543]: Connection closed by 147.45.199.80 port 42782 [preauth]
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31561]: pam_unix(cron:session): session closed for user root
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31556]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31712]: Successful su for rubyman by root
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31712]: + ??? root:rubyman
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576055 of user rubyman.
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31712]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576055.
Jun 23 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31558]: pam_unix(cron:session): session closed for user root
Jun 23 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Invalid user odoo from 147.182.183.153
Jun 23 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: input_userauth_request: invalid user odoo [preauth]
Jun 23 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.183.153
Jun 23 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28776]: pam_unix(cron:session): session closed for user root
Jun 23 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Failed password for invalid user odoo from 147.182.183.153 port 41512 ssh2
Jun 23 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Received disconnect from 147.182.183.153 port 41512:11: Bye Bye [preauth]
Jun 23 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Disconnected from 147.182.183.153 port 41512 [preauth]
Jun 23 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31557]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: Invalid user ubuntu from 152.32.218.244
Jun 23 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 07:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: Failed password for invalid user ubuntu from 152.32.218.244 port 56516 ssh2
Jun 23 07:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: Received disconnect from 152.32.218.244 port 56516:11: Bye Bye [preauth]
Jun 23 07:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: Disconnected from 152.32.218.244 port 56516 [preauth]
Jun 23 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30637]: pam_unix(cron:session): session closed for user root
Jun 23 07:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 07:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: Failed password for root from 147.45.211.215 port 40380 ssh2
Jun 23 07:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: Connection closed by 147.45.211.215 port 40380 [preauth]
Jun 23 07:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32087]: Failed password for root from 91.92.40.11 port 34024 ssh2
Jun 23 07:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32087]: Connection closed by 91.92.40.11 port 34024 [preauth]
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32169]: Successful su for rubyman by root
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32169]: + ??? root:rubyman
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32169]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576061 of user rubyman.
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32169]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576061.
Jun 23 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29210]: pam_unix(cron:session): session closed for user root
Jun 23 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session closed for user root
Jun 23 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32574]: Successful su for rubyman by root
Jun 23 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32574]: + ??? root:rubyman
Jun 23 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576065 of user rubyman.
Jun 23 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32574]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576065.
Jun 23 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29782]: pam_unix(cron:session): session closed for user root
Jun 23 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32516]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Failed password for root from 91.92.40.11 port 55240 ssh2
Jun 23 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Connection closed by 91.92.40.11 port 55240 [preauth]
Jun 23 07:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31560]: pam_unix(cron:session): session closed for user root
Jun 23 07:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244  user=root
Jun 23 07:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Failed password for root from 152.32.218.244 port 34126 ssh2
Jun 23 07:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Received disconnect from 152.32.218.244 port 34126:11: Bye Bye [preauth]
Jun 23 07:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Disconnected from 152.32.218.244 port 34126 [preauth]
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[597]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: Successful su for rubyman by root
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: + ??? root:rubyman
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576070 of user rubyman.
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576070.
Jun 23 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session closed for user root
Jun 23 07:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[599]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Failed password for root from 91.92.40.11 port 40298 ssh2
Jun 23 07:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Connection closed by 91.92.40.11 port 40298 [preauth]
Jun 23 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32102]: pam_unix(cron:session): session closed for user root
Jun 23 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session closed for user p13x
Jun 23 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1116]: Successful su for rubyman by root
Jun 23 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1116]: + ??? root:rubyman
Jun 23 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576074 of user rubyman.
Jun 23 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1116]: pam_unix(su:session): session closed for user rubyman
Jun 23 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576074.
Jun 23 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30636]: pam_unix(cron:session): session closed for user root
Jun 23 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session closed for user samftp
Jun 23 07:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: Failed password for root from 103.172.78.219 port 43738 ssh2
Jun 23 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: Connection closed by 103.172.78.219 port 43738 [preauth]
Jun 23 07:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32518]: pam_unix(cron:session): session closed for user root
Jun 23 07:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 07:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: Failed password for root from 91.92.40.11 port 51706 ssh2
Jun 23 07:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: Connection closed by 91.92.40.11 port 51706 [preauth]
Jun 23 07:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 07:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244  user=root
Jun 23 07:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1560]: Failed password for root from 152.32.218.244 port 53832 ssh2
Jun 23 07:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1560]: Received disconnect from 152.32.218.244 port 53832:11: Bye Bye [preauth]
Jun 23 07:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1560]: Disconnected from 152.32.218.244 port 53832 [preauth]
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1593]: pam_unix(cron:session): session closed for user root
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1597]: pam_unix(cron:session): session closed for user root
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1591]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1703]: Successful su for rubyman by root
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1703]: + ??? root:rubyman
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576082 of user rubyman.
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1703]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576082.
Jun 23 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1594]: pam_unix(cron:session): session closed for user root
Jun 23 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31145]: pam_unix(cron:session): session closed for user root
Jun 23 08:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1592]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[601]: pam_unix(cron:session): session closed for user root
Jun 23 08:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2198]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2269]: Successful su for rubyman by root
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2269]: + ??? root:rubyman
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576084 of user rubyman.
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2269]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576084.
Jun 23 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: Failed password for root from 91.92.40.11 port 34570 ssh2
Jun 23 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: Connection closed by 91.92.40.11 port 34570 [preauth]
Jun 23 08:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31559]: pam_unix(cron:session): session closed for user root
Jun 23 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2200]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session closed for user root
Jun 23 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2626]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2686]: Successful su for rubyman by root
Jun 23 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2686]: + ??? root:rubyman
Jun 23 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576090 of user rubyman.
Jun 23 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2686]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576090.
Jun 23 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32101]: pam_unix(cron:session): session closed for user root
Jun 23 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2627]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244  user=root
Jun 23 08:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: Failed password for root from 152.32.218.244 port 38930 ssh2
Jun 23 08:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: Received disconnect from 152.32.218.244 port 38930:11: Bye Bye [preauth]
Jun 23 08:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: Disconnected from 152.32.218.244 port 38930 [preauth]
Jun 23 08:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: Failed password for root from 91.92.40.11 port 57802 ssh2
Jun 23 08:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: Connection closed by 91.92.40.11 port 57802 [preauth]
Jun 23 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1596]: pam_unix(cron:session): session closed for user root
Jun 23 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3026]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3086]: Successful su for rubyman by root
Jun 23 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3086]: + ??? root:rubyman
Jun 23 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576093 of user rubyman.
Jun 23 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3086]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576093.
Jun 23 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32517]: pam_unix(cron:session): session closed for user root
Jun 23 08:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3027]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2202]: pam_unix(cron:session): session closed for user root
Jun 23 08:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Failed password for root from 91.92.40.11 port 54856 ssh2
Jun 23 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Connection closed by 91.92.40.11 port 54856 [preauth]
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3424]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3488]: Successful su for rubyman by root
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3488]: + ??? root:rubyman
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576096 of user rubyman.
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3488]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576096.
Jun 23 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session closed for user root
Jun 23 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3425]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244  user=root
Jun 23 08:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: Failed password for root from 152.32.218.244 port 35998 ssh2
Jun 23 08:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: Received disconnect from 152.32.218.244 port 35998:11: Bye Bye [preauth]
Jun 23 08:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: Disconnected from 152.32.218.244 port 35998 [preauth]
Jun 23 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2629]: pam_unix(cron:session): session closed for user root
Jun 23 08:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: Failed password for root from 91.92.40.11 port 40910 ssh2
Jun 23 08:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: Connection closed by 91.92.40.11 port 40910 [preauth]
Jun 23 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session closed for user root
Jun 23 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: Successful su for rubyman by root
Jun 23 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: + ??? root:rubyman
Jun 23 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576103 of user rubyman.
Jun 23 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576103.
Jun 23 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3997]: pam_unix(cron:session): session closed for user root
Jun 23 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session closed for user root
Jun 23 08:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3029]: pam_unix(cron:session): session closed for user root
Jun 23 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4463]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4534]: Successful su for rubyman by root
Jun 23 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4534]: + ??? root:rubyman
Jun 23 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576106 of user rubyman.
Jun 23 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4534]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576106.
Jun 23 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1595]: pam_unix(cron:session): session closed for user root
Jun 23 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Failed password for root from 91.92.40.11 port 35122 ssh2
Jun 23 08:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Connection closed by 91.92.40.11 port 35122 [preauth]
Jun 23 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3427]: pam_unix(cron:session): session closed for user root
Jun 23 08:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Invalid user teszt from 152.32.218.244
Jun 23 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: input_userauth_request: invalid user teszt [preauth]
Jun 23 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 08:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Failed password for invalid user teszt from 152.32.218.244 port 40680 ssh2
Jun 23 08:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Received disconnect from 152.32.218.244 port 40680:11: Bye Bye [preauth]
Jun 23 08:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Disconnected from 152.32.218.244 port 40680 [preauth]
Jun 23 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4991]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5056]: Successful su for rubyman by root
Jun 23 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5056]: + ??? root:rubyman
Jun 23 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576111 of user rubyman.
Jun 23 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5056]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576111.
Jun 23 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2201]: pam_unix(cron:session): session closed for user root
Jun 23 08:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4992]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 08:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: Failed password for root from 87.251.79.125 port 41968 ssh2
Jun 23 08:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: Connection closed by 87.251.79.125 port 41968 [preauth]
Jun 23 08:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: Failed password for root from 91.92.40.11 port 43044 ssh2
Jun 23 08:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: Connection closed by 91.92.40.11 port 43044 [preauth]
Jun 23 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3999]: pam_unix(cron:session): session closed for user root
Jun 23 08:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 08:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: Failed password for root from 103.176.20.57 port 57628 ssh2
Jun 23 08:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: Connection closed by 103.176.20.57 port 57628 [preauth]
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5471]: Successful su for rubyman by root
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5471]: + ??? root:rubyman
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576114 of user rubyman.
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5471]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576114.
Jun 23 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2628]: pam_unix(cron:session): session closed for user root
Jun 23 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4467]: pam_unix(cron:session): session closed for user root
Jun 23 08:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Failed password for root from 91.92.40.11 port 60812 ssh2
Jun 23 08:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Connection closed by 91.92.40.11 port 60812 [preauth]
Jun 23 08:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Invalid user devops from 152.32.218.244
Jun 23 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: input_userauth_request: invalid user devops [preauth]
Jun 23 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Failed password for invalid user devops from 152.32.218.244 port 40774 ssh2
Jun 23 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Received disconnect from 152.32.218.244 port 40774:11: Bye Bye [preauth]
Jun 23 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Disconnected from 152.32.218.244 port 40774 [preauth]
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5916]: Successful su for rubyman by root
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5916]: + ??? root:rubyman
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576118 of user rubyman.
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5916]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576118.
Jun 23 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session closed for user root
Jun 23 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3028]: pam_unix(cron:session): session closed for user root
Jun 23 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5797]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4994]: pam_unix(cron:session): session closed for user root
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6278]: pam_unix(cron:session): session closed for user root
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: Successful su for rubyman by root
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: + ??? root:rubyman
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576124 of user rubyman.
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576124.
Jun 23 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session closed for user root
Jun 23 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3426]: pam_unix(cron:session): session closed for user root
Jun 23 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: Failed password for root from 91.92.40.11 port 38686 ssh2
Jun 23 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: Connection closed by 91.92.40.11 port 38686 [preauth]
Jun 23 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Received disconnect from 50.6.197.105 port 41368:11: disconnected by user [preauth]
Jun 23 08:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Disconnected from 50.6.197.105 port 41368 [preauth]
Jun 23 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session closed for user root
Jun 23 08:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Invalid user postgres from 193.46.255.86
Jun 23 08:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: input_userauth_request: invalid user postgres [preauth]
Jun 23 08:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 08:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Failed password for invalid user postgres from 193.46.255.86 port 30754 ssh2
Jun 23 08:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Failed password for invalid user postgres from 193.46.255.86 port 30754 ssh2
Jun 23 08:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Failed password for invalid user postgres from 193.46.255.86 port 30754 ssh2
Jun 23 08:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Connection closed by 193.46.255.86 port 30754 [preauth]
Jun 23 08:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6704]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6779]: Successful su for rubyman by root
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6779]: + ??? root:rubyman
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576131 of user rubyman.
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6779]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576131.
Jun 23 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3998]: pam_unix(cron:session): session closed for user root
Jun 23 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6705]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Invalid user data from 152.32.218.244
Jun 23 08:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: input_userauth_request: invalid user data [preauth]
Jun 23 08:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244
Jun 23 08:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Failed password for invalid user data from 152.32.218.244 port 49000 ssh2
Jun 23 08:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Received disconnect from 152.32.218.244 port 49000:11: Bye Bye [preauth]
Jun 23 08:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Disconnected from 152.32.218.244 port 49000 [preauth]
Jun 23 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Failed password for root from 91.92.40.11 port 40750 ssh2
Jun 23 08:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Connection closed by 91.92.40.11 port 40750 [preauth]
Jun 23 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5799]: pam_unix(cron:session): session closed for user root
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7286]: Successful su for rubyman by root
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7286]: + ??? root:rubyman
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576135 of user rubyman.
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7286]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576135.
Jun 23 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4466]: pam_unix(cron:session): session closed for user root
Jun 23 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: Failed password for root from 91.92.40.11 port 54002 ssh2
Jun 23 08:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: Connection closed by 91.92.40.11 port 54002 [preauth]
Jun 23 08:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6277]: pam_unix(cron:session): session closed for user root
Jun 23 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7639]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7783]: Successful su for rubyman by root
Jun 23 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7783]: + ??? root:rubyman
Jun 23 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576139 of user rubyman.
Jun 23 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7783]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576139.
Jun 23 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4993]: pam_unix(cron:session): session closed for user root
Jun 23 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7640]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.218.244  user=root
Jun 23 08:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Failed password for root from 152.32.218.244 port 50742 ssh2
Jun 23 08:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Received disconnect from 152.32.218.244 port 50742:11: Bye Bye [preauth]
Jun 23 08:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Disconnected from 152.32.218.244 port 50742 [preauth]
Jun 23 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6707]: pam_unix(cron:session): session closed for user root
Jun 23 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: Failed password for root from 91.92.40.11 port 48320 ssh2
Jun 23 08:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: Connection closed by 91.92.40.11 port 48320 [preauth]
Jun 23 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 08:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Failed password for root from 103.82.20.28 port 40406 ssh2
Jun 23 08:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Connection closed by 103.82.20.28 port 40406 [preauth]
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8174]: Successful su for rubyman by root
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8174]: + ??? root:rubyman
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576142 of user rubyman.
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8174]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576142.
Jun 23 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session closed for user root
Jun 23 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8111]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7228]: pam_unix(cron:session): session closed for user root
Jun 23 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 08:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Failed password for root from 202.178.126.219 port 26783 ssh2
Jun 23 08:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Connection closed by 202.178.126.219 port 26783 [preauth]
Jun 23 08:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: Failed password for root from 62.133.62.83 port 57702 ssh2
Jun 23 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: Connection closed by 62.133.62.83 port 57702 [preauth]
Jun 23 08:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Failed password for root from 91.92.40.11 port 43160 ssh2
Jun 23 08:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Connection closed by 91.92.40.11 port 43160 [preauth]
Jun 23 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session closed for user root
Jun 23 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8526]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8596]: Successful su for rubyman by root
Jun 23 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8596]: + ??? root:rubyman
Jun 23 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576149 of user rubyman.
Jun 23 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8596]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576149.
Jun 23 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8528]: pam_unix(cron:session): session closed for user root
Jun 23 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5798]: pam_unix(cron:session): session closed for user root
Jun 23 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8527]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 08:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: Failed password for root from 103.77.175.15 port 58778 ssh2
Jun 23 08:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: Connection closed by 103.77.175.15 port 58778 [preauth]
Jun 23 08:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 08:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: Failed password for root from 103.27.238.114 port 54730 ssh2
Jun 23 08:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: Connection closed by 103.27.238.114 port 54730 [preauth]
Jun 23 08:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7664]: pam_unix(cron:session): session closed for user root
Jun 23 08:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 08:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Failed password for root from 103.77.242.62 port 39416 ssh2
Jun 23 08:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Connection closed by 103.77.242.62 port 39416 [preauth]
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8954]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9026]: Successful su for rubyman by root
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9026]: + ??? root:rubyman
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576151 of user rubyman.
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9026]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576151.
Jun 23 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session closed for user root
Jun 23 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8955]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Failed password for root from 91.92.40.11 port 54722 ssh2
Jun 23 08:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Connection closed by 91.92.40.11 port 54722 [preauth]
Jun 23 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8113]: pam_unix(cron:session): session closed for user root
Jun 23 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for root from 176.32.39.21 port 33170 ssh2
Jun 23 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Connection closed by 176.32.39.21 port 33170 [preauth]
Jun 23 08:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 08:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: Failed password for root from 103.82.132.16 port 58000 ssh2
Jun 23 08:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: Connection closed by 103.82.132.16 port 58000 [preauth]
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9358]: pam_unix(cron:session): session closed for user root
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9360]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9421]: Successful su for rubyman by root
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9421]: + ??? root:rubyman
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576156 of user rubyman.
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9421]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576156.
Jun 23 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6706]: pam_unix(cron:session): session closed for user root
Jun 23 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9361]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for root from 91.92.40.11 port 43124 ssh2
Jun 23 08:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Connection closed by 91.92.40.11 port 43124 [preauth]
Jun 23 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8530]: pam_unix(cron:session): session closed for user root
Jun 23 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9749]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: Successful su for rubyman by root
Jun 23 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: + ??? root:rubyman
Jun 23 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576161 of user rubyman.
Jun 23 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576161.
Jun 23 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7227]: pam_unix(cron:session): session closed for user root
Jun 23 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Invalid user presley from 2.57.121.112
Jun 23 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: input_userauth_request: invalid user presley [preauth]
Jun 23 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for invalid user presley from 2.57.121.112 port 55058 ssh2
Jun 23 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for invalid user presley from 2.57.121.112 port 55058 ssh2
Jun 23 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for invalid user presley from 2.57.121.112 port 55058 ssh2
Jun 23 08:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for invalid user presley from 2.57.121.112 port 55058 ssh2
Jun 23 08:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 23 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for invalid user presley from 2.57.121.112 port 55058 ssh2
Jun 23 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Connection closed by 2.57.121.112 port 55058 [preauth]
Jun 23 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 08:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: Failed password for root from 45.148.10.121 port 54970 ssh2
Jun 23 08:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: Connection closed by 45.148.10.121 port 54970 [preauth]
Jun 23 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8958]: pam_unix(cron:session): session closed for user root
Jun 23 08:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Failed password for root from 91.92.40.11 port 39118 ssh2
Jun 23 08:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Connection closed by 91.92.40.11 port 39118 [preauth]
Jun 23 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10427]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: Successful su for rubyman by root
Jun 23 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: + ??? root:rubyman
Jun 23 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576165 of user rubyman.
Jun 23 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576165.
Jun 23 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7663]: pam_unix(cron:session): session closed for user root
Jun 23 08:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10428]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session closed for user root
Jun 23 08:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: Failed password for root from 91.92.40.11 port 59666 ssh2
Jun 23 08:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: Connection closed by 91.92.40.11 port 59666 [preauth]
Jun 23 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10851]: pam_unix(cron:session): session closed for user root
Jun 23 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10916]: Successful su for rubyman by root
Jun 23 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10916]: + ??? root:rubyman
Jun 23 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576171 of user rubyman.
Jun 23 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10916]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576171.
Jun 23 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8112]: pam_unix(cron:session): session closed for user root
Jun 23 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session closed for user root
Jun 23 08:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9753]: pam_unix(cron:session): session closed for user root
Jun 23 08:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Received disconnect from 104.236.66.186 port 57178:11: disconnected by user [preauth]
Jun 23 08:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Disconnected from 104.236.66.186 port 57178 [preauth]
Jun 23 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11360]: Successful su for rubyman by root
Jun 23 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11360]: + ??? root:rubyman
Jun 23 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576175 of user rubyman.
Jun 23 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11360]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576175.
Jun 23 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8529]: pam_unix(cron:session): session closed for user root
Jun 23 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Failed password for root from 91.92.40.11 port 47402 ssh2
Jun 23 08:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Connection closed by 91.92.40.11 port 47402 [preauth]
Jun 23 08:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Invalid user admin from 141.98.83.240
Jun 23 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: input_userauth_request: invalid user admin [preauth]
Jun 23 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Failed password for invalid user admin from 141.98.83.240 port 19362 ssh2
Jun 23 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10430]: pam_unix(cron:session): session closed for user root
Jun 23 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Failed password for invalid user admin from 141.98.83.240 port 19362 ssh2
Jun 23 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Failed password for invalid user admin from 141.98.83.240 port 19362 ssh2
Jun 23 08:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Connection closed by 141.98.83.240 port 19362 [preauth]
Jun 23 08:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11703]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11784]: Successful su for rubyman by root
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11784]: + ??? root:rubyman
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576178 of user rubyman.
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11784]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576178.
Jun 23 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8957]: pam_unix(cron:session): session closed for user root
Jun 23 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11704]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: Failed password for root from 91.92.40.11 port 48058 ssh2
Jun 23 08:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: Connection closed by 91.92.40.11 port 48058 [preauth]
Jun 23 08:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session closed for user root
Jun 23 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12165]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: Successful su for rubyman by root
Jun 23 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: + ??? root:rubyman
Jun 23 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576182 of user rubyman.
Jun 23 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576182.
Jun 23 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9362]: pam_unix(cron:session): session closed for user root
Jun 23 08:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12166]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11291]: pam_unix(cron:session): session closed for user root
Jun 23 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12661]: Failed password for root from 91.92.40.11 port 50694 ssh2
Jun 23 08:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12661]: Connection closed by 91.92.40.11 port 50694 [preauth]
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12690]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12758]: Successful su for rubyman by root
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12758]: + ??? root:rubyman
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576186 of user rubyman.
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12758]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576186.
Jun 23 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9752]: pam_unix(cron:session): session closed for user root
Jun 23 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12692]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Bad protocol version identification '' from 16.58.56.214 port 25606
Jun 23 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11709]: pam_unix(cron:session): session closed for user root
Jun 23 08:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: Failed password for root from 193.24.211.107 port 39556 ssh2
Jun 23 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: Received disconnect from 193.24.211.107 port 39556:11: Client disconnecting normally [preauth]
Jun 23 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: Disconnected from 193.24.211.107 port 39556 [preauth]
Jun 23 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13105]: pam_unix(cron:session): session closed for user root
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13100]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: Successful su for rubyman by root
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: + ??? root:rubyman
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576190 of user rubyman.
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576190.
Jun 23 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: Failed password for root from 91.92.40.11 port 39572 ssh2
Jun 23 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13097]: Connection closed by 91.92.40.11 port 39572 [preauth]
Jun 23 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session closed for user root
Jun 23 08:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10429]: pam_unix(cron:session): session closed for user root
Jun 23 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13101]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 08:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13405]: Failed password for root from 193.37.70.224 port 43432 ssh2
Jun 23 08:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13405]: Connection closed by 193.37.70.224 port 43432 [preauth]
Jun 23 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12168]: pam_unix(cron:session): session closed for user root
Jun 23 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: Successful su for rubyman by root
Jun 23 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: + ??? root:rubyman
Jun 23 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576197 of user rubyman.
Jun 23 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576197.
Jun 23 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10849]: pam_unix(cron:session): session closed for user root
Jun 23 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13553]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Failed password for root from 91.92.40.11 port 51694 ssh2
Jun 23 08:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Connection closed by 91.92.40.11 port 51694 [preauth]
Jun 23 08:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: Connection closed by 16.58.56.214 port 13048 [preauth]
Jun 23 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12694]: pam_unix(cron:session): session closed for user root
Jun 23 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: Successful su for rubyman by root
Jun 23 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: + ??? root:rubyman
Jun 23 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576200 of user rubyman.
Jun 23 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576200.
Jun 23 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session closed for user root
Jun 23 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: Failed password for root from 91.92.40.11 port 41920 ssh2
Jun 23 08:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: Connection closed by 91.92.40.11 port 41920 [preauth]
Jun 23 08:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session closed for user root
Jun 23 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14411]: Successful su for rubyman by root
Jun 23 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14411]: + ??? root:rubyman
Jun 23 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576204 of user rubyman.
Jun 23 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14411]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576204.
Jun 23 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11708]: pam_unix(cron:session): session closed for user root
Jun 23 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14352]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13555]: pam_unix(cron:session): session closed for user root
Jun 23 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Failed password for root from 91.92.40.11 port 59760 ssh2
Jun 23 08:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Connection closed by 91.92.40.11 port 59760 [preauth]
Jun 23 08:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Invalid user ata from 212.154.234.9
Jun 23 08:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: input_userauth_request: invalid user ata [preauth]
Jun 23 08:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Failed password for invalid user ata from 212.154.234.9 port 25943 ssh2
Jun 23 08:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Received disconnect from 212.154.234.9 port 25943:11: Bye Bye [preauth]
Jun 23 08:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Disconnected from 212.154.234.9 port 25943 [preauth]
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14838]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14903]: Successful su for rubyman by root
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14903]: + ??? root:rubyman
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576210 of user rubyman.
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14903]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576210.
Jun 23 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12167]: pam_unix(cron:session): session closed for user root
Jun 23 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14839]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13975]: pam_unix(cron:session): session closed for user root
Jun 23 08:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 08:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15185]: Received disconnect from 191.101.33.115 port 58072:11: disconnected by user [preauth]
Jun 23 08:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15185]: Disconnected from 191.101.33.115 port 58072 [preauth]
Jun 23 08:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15178]: Failed password for root from 77.94.47.83 port 33522 ssh2
Jun 23 08:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15178]: Connection closed by 77.94.47.83 port 33522 [preauth]
Jun 23 08:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Failed password for root from 91.92.40.11 port 36970 ssh2
Jun 23 08:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Connection closed by 91.92.40.11 port 36970 [preauth]
Jun 23 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15258]: pam_unix(cron:session): session closed for user root
Jun 23 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15250]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15318]: Successful su for rubyman by root
Jun 23 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15318]: + ??? root:rubyman
Jun 23 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576213 of user rubyman.
Jun 23 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15318]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576213.
Jun 23 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15253]: pam_unix(cron:session): session closed for user root
Jun 23 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12693]: pam_unix(cron:session): session closed for user root
Jun 23 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15251]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14354]: pam_unix(cron:session): session closed for user root
Jun 23 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15659]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15730]: Successful su for rubyman by root
Jun 23 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15730]: + ??? root:rubyman
Jun 23 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576220 of user rubyman.
Jun 23 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15730]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576220.
Jun 23 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session closed for user root
Jun 23 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15660]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: Failed password for root from 103.149.28.157 port 50866 ssh2
Jun 23 08:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: Connection closed by 103.149.28.157 port 50866 [preauth]
Jun 23 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: Failed password for root from 91.92.40.11 port 44366 ssh2
Jun 23 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: Connection closed by 91.92.40.11 port 44366 [preauth]
Jun 23 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Connection closed by 194.59.206.2 port 33670 [preauth]
Jun 23 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 08:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: Failed password for root from 109.237.96.109 port 40468 ssh2
Jun 23 08:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: Connection closed by 109.237.96.109 port 40468 [preauth]
Jun 23 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14842]: pam_unix(cron:session): session closed for user root
Jun 23 08:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 08:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: Failed password for root from 103.27.238.116 port 38100 ssh2
Jun 23 08:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: Connection closed by 103.27.238.116 port 38100 [preauth]
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16060]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16121]: Successful su for rubyman by root
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16121]: + ??? root:rubyman
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576223 of user rubyman.
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16121]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576223.
Jun 23 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session closed for user root
Jun 23 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16062]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 08:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: Failed password for root from 194.113.233.25 port 45936 ssh2
Jun 23 08:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16329]: Connection closed by 194.113.233.25 port 45936 [preauth]
Jun 23 08:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Failed password for root from 91.92.40.11 port 57438 ssh2
Jun 23 08:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Connection closed by 91.92.40.11 port 57438 [preauth]
Jun 23 08:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session closed for user root
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16461]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16529]: Successful su for rubyman by root
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16529]: + ??? root:rubyman
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576226 of user rubyman.
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16529]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576226.
Jun 23 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session closed for user root
Jun 23 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16462]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: Failed password for root from 103.122.221.179 port 40776 ssh2
Jun 23 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: Connection closed by 103.122.221.179 port 40776 [preauth]
Jun 23 08:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session closed for user root
Jun 23 08:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Failed password for root from 91.92.40.11 port 60376 ssh2
Jun 23 08:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Connection closed by 91.92.40.11 port 60376 [preauth]
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16895]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17022]: Successful su for rubyman by root
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17022]: + ??? root:rubyman
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576230 of user rubyman.
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17022]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576230.
Jun 23 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session closed for user root
Jun 23 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16896]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session closed for user root
Jun 23 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Failed password for root from 91.92.40.11 port 37612 ssh2
Jun 23 08:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Connection closed by 91.92.40.11 port 37612 [preauth]
Jun 23 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17362]: pam_unix(cron:session): session closed for user root
Jun 23 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17356]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: Successful su for rubyman by root
Jun 23 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: + ??? root:rubyman
Jun 23 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576235 of user rubyman.
Jun 23 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576235.
Jun 23 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17359]: pam_unix(cron:session): session closed for user root
Jun 23 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14840]: pam_unix(cron:session): session closed for user root
Jun 23 08:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17358]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16464]: pam_unix(cron:session): session closed for user root
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17958]: Successful su for rubyman by root
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17958]: + ??? root:rubyman
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576240 of user rubyman.
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17958]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576240.
Jun 23 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: Invalid user banners from 212.154.234.9
Jun 23 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: input_userauth_request: invalid user banners [preauth]
Jun 23 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: Failed password for invalid user banners from 212.154.234.9 port 57860 ssh2
Jun 23 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15254]: pam_unix(cron:session): session closed for user root
Jun 23 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: Received disconnect from 212.154.234.9 port 57860:11: Bye Bye [preauth]
Jun 23 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: Disconnected from 212.154.234.9 port 57860 [preauth]
Jun 23 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17889]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18154]: Failed password for root from 91.92.40.11 port 48628 ssh2
Jun 23 08:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18154]: Connection closed by 91.92.40.11 port 48628 [preauth]
Jun 23 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session closed for user root
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18332]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18411]: Successful su for rubyman by root
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18411]: + ??? root:rubyman
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576244 of user rubyman.
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18411]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576244.
Jun 23 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session closed for user root
Jun 23 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18333]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 08:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Failed password for root from 51.250.105.222 port 32944 ssh2
Jun 23 08:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Connection closed by 51.250.105.222 port 32944 [preauth]
Jun 23 08:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 08:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: Failed password for root from 38.93.206.2 port 26660 ssh2
Jun 23 08:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: Connection closed by 38.93.206.2 port 26660 [preauth]
Jun 23 08:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: Failed password for root from 91.92.40.11 port 60740 ssh2
Jun 23 08:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: Connection closed by 91.92.40.11 port 60740 [preauth]
Jun 23 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17361]: pam_unix(cron:session): session closed for user root
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18843]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18910]: Successful su for rubyman by root
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18910]: + ??? root:rubyman
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576248 of user rubyman.
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18910]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576248.
Jun 23 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16063]: pam_unix(cron:session): session closed for user root
Jun 23 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18844]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Invalid user mobil from 212.154.234.9
Jun 23 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: input_userauth_request: invalid user mobil [preauth]
Jun 23 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Failed password for invalid user mobil from 212.154.234.9 port 9804 ssh2
Jun 23 08:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Received disconnect from 212.154.234.9 port 9804:11: Bye Bye [preauth]
Jun 23 08:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Disconnected from 212.154.234.9 port 9804 [preauth]
Jun 23 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17891]: pam_unix(cron:session): session closed for user root
Jun 23 08:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Failed password for root from 91.92.40.11 port 39310 ssh2
Jun 23 08:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Connection closed by 91.92.40.11 port 39310 [preauth]
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19338]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19456]: Successful su for rubyman by root
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19456]: + ??? root:rubyman
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576253 of user rubyman.
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19456]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576253.
Jun 23 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19336]: pam_unix(cron:session): session closed for user root
Jun 23 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16463]: pam_unix(cron:session): session closed for user root
Jun 23 08:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19339]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Invalid user admin from 2.57.121.25
Jun 23 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: input_userauth_request: invalid user admin [preauth]
Jun 23 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 08:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Failed password for invalid user admin from 2.57.121.25 port 4214 ssh2
Jun 23 08:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Failed password for invalid user admin from 2.57.121.25 port 4214 ssh2
Jun 23 08:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Failed password for invalid user admin from 2.57.121.25 port 4214 ssh2
Jun 23 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Connection closed by 2.57.121.25 port 4214 [preauth]
Jun 23 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18335]: pam_unix(cron:session): session closed for user root
Jun 23 08:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: Failed password for root from 91.92.40.11 port 36236 ssh2
Jun 23 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20030]: Connection closed by 91.92.40.11 port 36236 [preauth]
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20055]: pam_unix(cron:session): session closed for user root
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20049]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20118]: Successful su for rubyman by root
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20118]: + ??? root:rubyman
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576259 of user rubyman.
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20118]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576259.
Jun 23 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20051]: pam_unix(cron:session): session closed for user root
Jun 23 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16897]: pam_unix(cron:session): session closed for user root
Jun 23 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20050]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18850]: pam_unix(cron:session): session closed for user root
Jun 23 08:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Invalid user phil from 212.154.234.9
Jun 23 08:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: input_userauth_request: invalid user phil [preauth]
Jun 23 08:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Failed password for invalid user phil from 212.154.234.9 port 63228 ssh2
Jun 23 08:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Received disconnect from 212.154.234.9 port 63228:11: Bye Bye [preauth]
Jun 23 08:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Disconnected from 212.154.234.9 port 63228 [preauth]
Jun 23 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20584]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20680]: Successful su for rubyman by root
Jun 23 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20680]: + ??? root:rubyman
Jun 23 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576263 of user rubyman.
Jun 23 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20680]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576263.
Jun 23 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17360]: pam_unix(cron:session): session closed for user root
Jun 23 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20585]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: Failed password for root from 91.92.40.11 port 50978 ssh2
Jun 23 08:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: Connection closed by 91.92.40.11 port 50978 [preauth]
Jun 23 08:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19341]: pam_unix(cron:session): session closed for user root
Jun 23 08:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21042]: Received disconnect from 168.194.64.3 port 53922:11: disconnected by user [preauth]
Jun 23 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21042]: Disconnected from 168.194.64.3 port 53922 [preauth]
Jun 23 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21154]: Successful su for rubyman by root
Jun 23 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21154]: + ??? root:rubyman
Jun 23 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576268 of user rubyman.
Jun 23 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21154]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576268.
Jun 23 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17890]: pam_unix(cron:session): session closed for user root
Jun 23 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: Failed password for root from 91.92.40.11 port 51864 ssh2
Jun 23 08:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: Connection closed by 91.92.40.11 port 51864 [preauth]
Jun 23 08:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20054]: pam_unix(cron:session): session closed for user root
Jun 23 08:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21462]: Invalid user sitebuilder from 212.154.234.9
Jun 23 08:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21462]: input_userauth_request: invalid user sitebuilder [preauth]
Jun 23 08:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21462]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21462]: Failed password for invalid user sitebuilder from 212.154.234.9 port 33366 ssh2
Jun 23 08:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21462]: Received disconnect from 212.154.234.9 port 33366:11: Bye Bye [preauth]
Jun 23 08:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21462]: Disconnected from 212.154.234.9 port 33366 [preauth]
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21509]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21586]: Successful su for rubyman by root
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21586]: + ??? root:rubyman
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576271 of user rubyman.
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21586]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576271.
Jun 23 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18334]: pam_unix(cron:session): session closed for user root
Jun 23 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21511]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Failed password for root from 91.92.40.11 port 53516 ssh2
Jun 23 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Connection closed by 91.92.40.11 port 53516 [preauth]
Jun 23 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20587]: pam_unix(cron:session): session closed for user root
Jun 23 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21941]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21999]: Successful su for rubyman by root
Jun 23 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21999]: + ??? root:rubyman
Jun 23 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576275 of user rubyman.
Jun 23 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21999]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576275.
Jun 23 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18845]: pam_unix(cron:session): session closed for user root
Jun 23 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21942]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session closed for user root
Jun 23 08:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: Failed password for root from 91.92.40.11 port 44544 ssh2
Jun 23 08:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: Connection closed by 91.92.40.11 port 44544 [preauth]
Jun 23 08:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: Invalid user priv from 212.154.234.9
Jun 23 08:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: input_userauth_request: invalid user priv [preauth]
Jun 23 08:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: Failed password for invalid user priv from 212.154.234.9 port 55034 ssh2
Jun 23 08:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: Received disconnect from 212.154.234.9 port 55034:11: Bye Bye [preauth]
Jun 23 08:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22411]: Disconnected from 212.154.234.9 port 55034 [preauth]
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session closed for user root
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22430]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22500]: Successful su for rubyman by root
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22500]: + ??? root:rubyman
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576279 of user rubyman.
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22500]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576279.
Jun 23 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22432]: pam_unix(cron:session): session closed for user root
Jun 23 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19340]: pam_unix(cron:session): session closed for user root
Jun 23 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22431]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21514]: pam_unix(cron:session): session closed for user root
Jun 23 08:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: Failed password for root from 91.92.40.11 port 35542 ssh2
Jun 23 08:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: Connection closed by 91.92.40.11 port 35542 [preauth]
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22864]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22940]: Successful su for rubyman by root
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22940]: + ??? root:rubyman
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576286 of user rubyman.
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22940]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576286.
Jun 23 08:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20053]: pam_unix(cron:session): session closed for user root
Jun 23 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22867]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21944]: pam_unix(cron:session): session closed for user root
Jun 23 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23280]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23349]: Successful su for rubyman by root
Jun 23 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23349]: + ??? root:rubyman
Jun 23 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576289 of user rubyman.
Jun 23 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23349]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576289.
Jun 23 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session closed for user root
Jun 23 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Invalid user ki from 212.154.234.9
Jun 23 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: input_userauth_request: invalid user ki [preauth]
Jun 23 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23281]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Failed password for invalid user ki from 212.154.234.9 port 30994 ssh2
Jun 23 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Received disconnect from 212.154.234.9 port 30994:11: Bye Bye [preauth]
Jun 23 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Disconnected from 212.154.234.9 port 30994 [preauth]
Jun 23 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: Received disconnect from 198.199.106.159 port 34416:11: disconnected by user [preauth]
Jun 23 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: Disconnected from 198.199.106.159 port 34416 [preauth]
Jun 23 08:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: Failed password for root from 91.92.40.11 port 48754 ssh2
Jun 23 08:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: Connection closed by 91.92.40.11 port 48754 [preauth]
Jun 23 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session closed for user root
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23705]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23779]: Successful su for rubyman by root
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23779]: + ??? root:rubyman
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576293 of user rubyman.
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23779]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576293.
Jun 23 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21090]: pam_unix(cron:session): session closed for user root
Jun 23 08:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23706]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: Failed password for root from 91.92.40.11 port 33354 ssh2
Jun 23 08:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: Connection closed by 91.92.40.11 port 33354 [preauth]
Jun 23 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22869]: pam_unix(cron:session): session closed for user root
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24208]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24290]: Successful su for rubyman by root
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24290]: + ??? root:rubyman
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576297 of user rubyman.
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24290]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576297.
Jun 23 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21512]: pam_unix(cron:session): session closed for user root
Jun 23 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24209]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: Invalid user lpm from 212.154.234.9
Jun 23 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: input_userauth_request: invalid user lpm [preauth]
Jun 23 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: Failed password for invalid user lpm from 212.154.234.9 port 26264 ssh2
Jun 23 08:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: Received disconnect from 212.154.234.9 port 26264:11: Bye Bye [preauth]
Jun 23 08:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: Disconnected from 212.154.234.9 port 26264 [preauth]
Jun 23 08:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: Failed password for root from 91.92.40.11 port 39996 ssh2
Jun 23 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23283]: pam_unix(cron:session): session closed for user root
Jun 23 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: Connection closed by 91.92.40.11 port 39996 [preauth]
Jun 23 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24661]: pam_unix(cron:session): session closed for user root
Jun 23 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24656]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24733]: Successful su for rubyman by root
Jun 23 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24733]: + ??? root:rubyman
Jun 23 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576301 of user rubyman.
Jun 23 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24733]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576301.
Jun 23 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24658]: pam_unix(cron:session): session closed for user root
Jun 23 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21943]: pam_unix(cron:session): session closed for user root
Jun 23 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24657]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: Received disconnect from 51.75.149.221 port 43740:11: disconnected by user [preauth]
Jun 23 08:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: Disconnected from 51.75.149.221 port 43740 [preauth]
Jun 23 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23709]: pam_unix(cron:session): session closed for user root
Jun 23 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: Invalid user admin from 45.148.10.121
Jun 23 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: input_userauth_request: invalid user admin [preauth]
Jun 23 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 08:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: Failed password for invalid user admin from 45.148.10.121 port 39420 ssh2
Jun 23 08:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: Connection closed by 45.148.10.121 port 39420 [preauth]
Jun 23 08:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Failed password for root from 91.92.40.11 port 54666 ssh2
Jun 23 08:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Connection closed by 91.92.40.11 port 54666 [preauth]
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25165]: Successful su for rubyman by root
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25165]: + ??? root:rubyman
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576308 of user rubyman.
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25165]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576308.
Jun 23 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22433]: pam_unix(cron:session): session closed for user root
Jun 23 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25401]: Invalid user arabic from 212.154.234.9
Jun 23 08:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25401]: input_userauth_request: invalid user arabic [preauth]
Jun 23 08:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25401]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25401]: Failed password for invalid user arabic from 212.154.234.9 port 59692 ssh2
Jun 23 08:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25401]: Received disconnect from 212.154.234.9 port 59692:11: Bye Bye [preauth]
Jun 23 08:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25401]: Disconnected from 212.154.234.9 port 59692 [preauth]
Jun 23 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24217]: pam_unix(cron:session): session closed for user root
Jun 23 08:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: Invalid user user from 141.98.83.240
Jun 23 08:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: input_userauth_request: invalid user user [preauth]
Jun 23 08:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: Failed password for invalid user user from 141.98.83.240 port 60248 ssh2
Jun 23 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: Failed password for invalid user user from 141.98.83.240 port 60248 ssh2
Jun 23 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: Failed password for invalid user user from 141.98.83.240 port 60248 ssh2
Jun 23 08:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: Connection closed by 141.98.83.240 port 60248 [preauth]
Jun 23 08:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25439]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 08:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25496]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25558]: Successful su for rubyman by root
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25558]: + ??? root:rubyman
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576311 of user rubyman.
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25558]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576311.
Jun 23 08:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25493]: Failed password for root from 91.92.40.11 port 37490 ssh2
Jun 23 08:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25493]: Connection closed by 91.92.40.11 port 37490 [preauth]
Jun 23 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22868]: pam_unix(cron:session): session closed for user root
Jun 23 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 08:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25497]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25683]: Failed password for root from 80.66.85.226 port 34032 ssh2
Jun 23 08:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25683]: Connection closed by 80.66.85.226 port 34032 [preauth]
Jun 23 08:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24660]: pam_unix(cron:session): session closed for user root
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25884]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25952]: Successful su for rubyman by root
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25952]: + ??? root:rubyman
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576317 of user rubyman.
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25952]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576317.
Jun 23 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23282]: pam_unix(cron:session): session closed for user root
Jun 23 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25885]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Failed password for root from 91.92.40.11 port 43958 ssh2
Jun 23 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Connection closed by 91.92.40.11 port 43958 [preauth]
Jun 23 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25098]: pam_unix(cron:session): session closed for user root
Jun 23 08:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: Invalid user halo from 212.154.234.9
Jun 23 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: input_userauth_request: invalid user halo [preauth]
Jun 23 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: Failed password for invalid user halo from 212.154.234.9 port 62436 ssh2
Jun 23 08:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: Received disconnect from 212.154.234.9 port 62436:11: Bye Bye [preauth]
Jun 23 08:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: Disconnected from 212.154.234.9 port 62436 [preauth]
Jun 23 08:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26352]: Successful su for rubyman by root
Jun 23 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26352]: + ??? root:rubyman
Jun 23 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576319 of user rubyman.
Jun 23 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26352]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576319.
Jun 23 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Failed password for root from 202.178.126.219 port 31111 ssh2
Jun 23 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Connection closed by 202.178.126.219 port 31111 [preauth]
Jun 23 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23707]: pam_unix(cron:session): session closed for user root
Jun 23 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Failed password for root from 91.92.40.11 port 47440 ssh2
Jun 23 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Connection closed by 91.92.40.11 port 47440 [preauth]
Jun 23 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25499]: pam_unix(cron:session): session closed for user root
Jun 23 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26772]: pam_unix(cron:session): session closed for user root
Jun 23 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26767]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26834]: Successful su for rubyman by root
Jun 23 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26834]: + ??? root:rubyman
Jun 23 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576325 of user rubyman.
Jun 23 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26834]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576325.
Jun 23 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26769]: pam_unix(cron:session): session closed for user root
Jun 23 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24214]: pam_unix(cron:session): session closed for user root
Jun 23 08:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26768]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25887]: pam_unix(cron:session): session closed for user root
Jun 23 08:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: Failed password for root from 91.92.40.11 port 50906 ssh2
Jun 23 08:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: Connection closed by 91.92.40.11 port 50906 [preauth]
Jun 23 08:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: Invalid user h from 212.154.234.9
Jun 23 08:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: input_userauth_request: invalid user h [preauth]
Jun 23 08:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: Failed password for invalid user h from 212.154.234.9 port 39430 ssh2
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: Received disconnect from 212.154.234.9 port 39430:11: Bye Bye [preauth]
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: Disconnected from 212.154.234.9 port 39430 [preauth]
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: Successful su for rubyman by root
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: + ??? root:rubyman
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576329 of user rubyman.
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576329.
Jun 23 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24659]: pam_unix(cron:session): session closed for user root
Jun 23 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27196]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26291]: pam_unix(cron:session): session closed for user root
Jun 23 08:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27618]: Failed password for root from 91.92.40.11 port 50340 ssh2
Jun 23 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27618]: Connection closed by 91.92.40.11 port 50340 [preauth]
Jun 23 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27630]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27688]: Successful su for rubyman by root
Jun 23 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27688]: + ??? root:rubyman
Jun 23 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576333 of user rubyman.
Jun 23 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27688]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576333.
Jun 23 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session closed for user root
Jun 23 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27631]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 08:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27921]: Failed password for root from 193.24.211.107 port 18946 ssh2
Jun 23 08:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27921]: Received disconnect from 193.24.211.107 port 18946:11: Client disconnecting normally [preauth]
Jun 23 08:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27921]: Disconnected from 193.24.211.107 port 18946 [preauth]
Jun 23 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26771]: pam_unix(cron:session): session closed for user root
Jun 23 08:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: Invalid user default from 193.46.255.86
Jun 23 08:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: input_userauth_request: invalid user default [preauth]
Jun 23 08:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 08:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: Failed password for invalid user default from 193.46.255.86 port 20404 ssh2
Jun 23 08:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: Failed password for invalid user default from 193.46.255.86 port 20404 ssh2
Jun 23 08:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: Failed password for invalid user default from 193.46.255.86 port 20404 ssh2
Jun 23 08:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: Connection closed by 193.46.255.86 port 20404 [preauth]
Jun 23 08:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28154]: Successful su for rubyman by root
Jun 23 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28154]: + ??? root:rubyman
Jun 23 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576338 of user rubyman.
Jun 23 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28154]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576338.
Jun 23 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25498]: pam_unix(cron:session): session closed for user root
Jun 23 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Invalid user mali from 212.154.234.9
Jun 23 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: input_userauth_request: invalid user mali [preauth]
Jun 23 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 08:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Failed password for invalid user mali from 212.154.234.9 port 13928 ssh2
Jun 23 08:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Received disconnect from 212.154.234.9 port 13928:11: Bye Bye [preauth]
Jun 23 08:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Disconnected from 212.154.234.9 port 13928 [preauth]
Jun 23 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: Failed password for root from 91.92.40.11 port 47016 ssh2
Jun 23 08:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28347]: Connection closed by 91.92.40.11 port 47016 [preauth]
Jun 23 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27198]: pam_unix(cron:session): session closed for user root
Jun 23 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session closed for user p13x
Jun 23 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28553]: Successful su for rubyman by root
Jun 23 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28553]: + ??? root:rubyman
Jun 23 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576341 of user rubyman.
Jun 23 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28553]: pam_unix(su:session): session closed for user rubyman
Jun 23 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576341.
Jun 23 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25886]: pam_unix(cron:session): session closed for user root
Jun 23 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28485]: pam_unix(cron:session): session closed for user samftp
Jun 23 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 08:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 08:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Failed password for root from 91.92.40.11 port 40790 ssh2
Jun 23 08:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Connection closed by 91.92.40.11 port 40790 [preauth]
Jun 23 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27633]: pam_unix(cron:session): session closed for user root
Jun 23 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28995]: pam_unix(cron:session): session closed for user root
Jun 23 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session closed for user root
Jun 23 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28993]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29098]: Successful su for rubyman by root
Jun 23 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29098]: + ??? root:rubyman
Jun 23 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576345 of user rubyman.
Jun 23 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29098]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576345.
Jun 23 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28996]: pam_unix(cron:session): session closed for user root
Jun 23 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26290]: pam_unix(cron:session): session closed for user root
Jun 23 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: Invalid user ham from 212.154.234.9
Jun 23 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: input_userauth_request: invalid user ham [preauth]
Jun 23 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 09:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: Failed password for invalid user ham from 212.154.234.9 port 13323 ssh2
Jun 23 09:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: Received disconnect from 212.154.234.9 port 13323:11: Bye Bye [preauth]
Jun 23 09:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: Disconnected from 212.154.234.9 port 13323 [preauth]
Jun 23 09:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Received disconnect from 172.245.225.106 port 37604:11: disconnected by user [preauth]
Jun 23 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Disconnected from 172.245.225.106 port 37604 [preauth]
Jun 23 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28046]: pam_unix(cron:session): session closed for user root
Jun 23 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Failed password for root from 91.92.40.11 port 41584 ssh2
Jun 23 09:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Connection closed by 91.92.40.11 port 41584 [preauth]
Jun 23 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29715]: Successful su for rubyman by root
Jun 23 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29715]: + ??? root:rubyman
Jun 23 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576352 of user rubyman.
Jun 23 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29715]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576352.
Jun 23 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26770]: pam_unix(cron:session): session closed for user root
Jun 23 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28487]: pam_unix(cron:session): session closed for user root
Jun 23 09:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Invalid user admin from 91.92.40.11
Jun 23 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Failed password for invalid user admin from 91.92.40.11 port 42558 ssh2
Jun 23 09:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Connection closed by 91.92.40.11 port 42558 [preauth]
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30078]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30151]: Successful su for rubyman by root
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30151]: + ??? root:rubyman
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576359 of user rubyman.
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30151]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576359.
Jun 23 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27197]: pam_unix(cron:session): session closed for user root
Jun 23 09:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: Invalid user f1 from 212.154.234.9
Jun 23 09:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: input_userauth_request: invalid user f1 [preauth]
Jun 23 09:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 09:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: Failed password for invalid user f1 from 212.154.234.9 port 42202 ssh2
Jun 23 09:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: Received disconnect from 212.154.234.9 port 42202:11: Bye Bye [preauth]
Jun 23 09:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: Disconnected from 212.154.234.9 port 42202 [preauth]
Jun 23 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28998]: pam_unix(cron:session): session closed for user root
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30489]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30557]: Successful su for rubyman by root
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30557]: + ??? root:rubyman
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576360 of user rubyman.
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30557]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576360.
Jun 23 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27632]: pam_unix(cron:session): session closed for user root
Jun 23 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Invalid user admin from 91.92.40.11
Jun 23 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30490]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Failed password for invalid user admin from 91.92.40.11 port 36270 ssh2
Jun 23 09:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Connection closed by 91.92.40.11 port 36270 [preauth]
Jun 23 09:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29636]: pam_unix(cron:session): session closed for user root
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30912]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31068]: Successful su for rubyman by root
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31068]: + ??? root:rubyman
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576365 of user rubyman.
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31068]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576365.
Jun 23 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session closed for user root
Jun 23 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30913]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: Invalid user admin from 91.92.40.11
Jun 23 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: Failed password for invalid user admin from 91.92.40.11 port 43692 ssh2
Jun 23 09:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: Connection closed by 91.92.40.11 port 43692 [preauth]
Jun 23 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session closed for user root
Jun 23 09:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Connection reset by 45.148.10.152 port 28720 [preauth]
Jun 23 09:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: Invalid user lwj from 212.154.234.9
Jun 23 09:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: input_userauth_request: invalid user lwj [preauth]
Jun 23 09:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 09:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: Failed password for invalid user lwj from 212.154.234.9 port 33417 ssh2
Jun 23 09:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: Received disconnect from 212.154.234.9 port 33417:11: Bye Bye [preauth]
Jun 23 09:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: Disconnected from 212.154.234.9 port 33417 [preauth]
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session closed for user root
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31412]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31485]: Successful su for rubyman by root
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31485]: + ??? root:rubyman
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576369 of user rubyman.
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31485]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576369.
Jun 23 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31414]: pam_unix(cron:session): session closed for user root
Jun 23 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28486]: pam_unix(cron:session): session closed for user root
Jun 23 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: Invalid user admin from 91.92.40.11
Jun 23 09:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30492]: pam_unix(cron:session): session closed for user root
Jun 23 09:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: Failed password for invalid user admin from 91.92.40.11 port 48474 ssh2
Jun 23 09:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: Connection closed by 91.92.40.11 port 48474 [preauth]
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31950]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32028]: Successful su for rubyman by root
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32028]: + ??? root:rubyman
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576374 of user rubyman.
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32028]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576374.
Jun 23 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28997]: pam_unix(cron:session): session closed for user root
Jun 23 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 09:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Failed password for root from 103.153.68.219 port 46772 ssh2
Jun 23 09:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Connection closed by 103.153.68.219 port 46772 [preauth]
Jun 23 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30915]: pam_unix(cron:session): session closed for user root
Jun 23 09:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: Invalid user admin from 91.92.40.11
Jun 23 09:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: Failed password for invalid user admin from 91.92.40.11 port 49822 ssh2
Jun 23 09:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: Connection closed by 91.92.40.11 port 49822 [preauth]
Jun 23 09:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Invalid user animal from 212.154.234.9
Jun 23 09:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: input_userauth_request: invalid user animal [preauth]
Jun 23 09:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 09:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Failed password for invalid user animal from 212.154.234.9 port 62730 ssh2
Jun 23 09:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Received disconnect from 212.154.234.9 port 62730:11: Bye Bye [preauth]
Jun 23 09:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Disconnected from 212.154.234.9 port 62730 [preauth]
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32362]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32430]: Successful su for rubyman by root
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32430]: + ??? root:rubyman
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576379 of user rubyman.
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32430]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576379.
Jun 23 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session closed for user root
Jun 23 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32365]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session closed for user root
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[384]: Successful su for rubyman by root
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[384]: + ??? root:rubyman
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576382 of user rubyman.
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[384]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576382.
Jun 23 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: Invalid user admin from 91.92.40.11
Jun 23 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session closed for user root
Jun 23 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: Failed password for invalid user admin from 91.92.40.11 port 36236 ssh2
Jun 23 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[590]: Connection closed by 91.92.40.11 port 36236 [preauth]
Jun 23 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31954]: pam_unix(cron:session): session closed for user root
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[878]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: Successful su for rubyman by root
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: + ??? root:rubyman
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576387 of user rubyman.
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576387.
Jun 23 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[876]: pam_unix(cron:session): session closed for user root
Jun 23 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30491]: pam_unix(cron:session): session closed for user root
Jun 23 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[879]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: Invalid user ups from 212.154.234.9
Jun 23 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: input_userauth_request: invalid user ups [preauth]
Jun 23 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 09:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: Failed password for invalid user ups from 212.154.234.9 port 60791 ssh2
Jun 23 09:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: Received disconnect from 212.154.234.9 port 60791:11: Bye Bye [preauth]
Jun 23 09:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: Disconnected from 212.154.234.9 port 60791 [preauth]
Jun 23 09:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: Invalid user admin from 91.92.40.11
Jun 23 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: Failed password for invalid user admin from 91.92.40.11 port 43962 ssh2
Jun 23 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: Connection closed by 91.92.40.11 port 43962 [preauth]
Jun 23 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32367]: pam_unix(cron:session): session closed for user root
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1477]: pam_unix(cron:session): session closed for user root
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1472]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1622]: Successful su for rubyman by root
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1622]: + ??? root:rubyman
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576391 of user rubyman.
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1622]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576391.
Jun 23 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1474]: pam_unix(cron:session): session closed for user root
Jun 23 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30914]: pam_unix(cron:session): session closed for user root
Jun 23 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1473]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: Failed password for root from 147.45.199.80 port 41494 ssh2
Jun 23 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: Connection closed by 147.45.199.80 port 41494 [preauth]
Jun 23 09:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: Invalid user admin from 91.92.40.11
Jun 23 09:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[318]: pam_unix(cron:session): session closed for user root
Jun 23 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: Failed password for invalid user admin from 91.92.40.11 port 44004 ssh2
Jun 23 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: Connection closed by 91.92.40.11 port 44004 [preauth]
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2064]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2134]: Successful su for rubyman by root
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2134]: + ??? root:rubyman
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576399 of user rubyman.
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2134]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576399.
Jun 23 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31415]: pam_unix(cron:session): session closed for user root
Jun 23 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2065]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Invalid user wcg from 212.154.234.9
Jun 23 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: input_userauth_request: invalid user wcg [preauth]
Jun 23 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 09:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Failed password for invalid user wcg from 212.154.234.9 port 50684 ssh2
Jun 23 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Received disconnect from 212.154.234.9 port 50684:11: Bye Bye [preauth]
Jun 23 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Disconnected from 212.154.234.9 port 50684 [preauth]
Jun 23 09:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: Invalid user acces from 103.132.243.250
Jun 23 09:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: input_userauth_request: invalid user acces [preauth]
Jun 23 09:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: Failed password for invalid user acces from 103.132.243.250 port 44688 ssh2
Jun 23 09:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: Received disconnect from 103.132.243.250 port 44688:11: Bye Bye [preauth]
Jun 23 09:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: Disconnected from 103.132.243.250 port 44688 [preauth]
Jun 23 09:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[881]: pam_unix(cron:session): session closed for user root
Jun 23 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: Invalid user admin from 91.92.40.11
Jun 23 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: Failed password for invalid user admin from 91.92.40.11 port 34474 ssh2
Jun 23 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: Connection closed by 91.92.40.11 port 34474 [preauth]
Jun 23 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2580]: Successful su for rubyman by root
Jun 23 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2580]: + ??? root:rubyman
Jun 23 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576402 of user rubyman.
Jun 23 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2580]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576402.
Jun 23 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31953]: pam_unix(cron:session): session closed for user root
Jun 23 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Received disconnect from 103.57.224.219 port 40412:11: disconnected by user [preauth]
Jun 23 09:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Disconnected from 103.57.224.219 port 40412 [preauth]
Jun 23 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1476]: pam_unix(cron:session): session closed for user root
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2923]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2982]: Successful su for rubyman by root
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2982]: + ??? root:rubyman
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576405 of user rubyman.
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2982]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576405.
Jun 23 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Invalid user admin from 91.92.40.11
Jun 23 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32366]: pam_unix(cron:session): session closed for user root
Jun 23 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2924]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Failed password for invalid user admin from 91.92.40.11 port 35616 ssh2
Jun 23 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Connection closed by 91.92.40.11 port 35616 [preauth]
Jun 23 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 09:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Failed password for root from 103.15.222.183 port 45474 ssh2
Jun 23 09:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Connection closed by 103.15.222.183 port 45474 [preauth]
Jun 23 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2067]: pam_unix(cron:session): session closed for user root
Jun 23 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Invalid user uo from 212.154.234.9
Jun 23 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: input_userauth_request: invalid user uo [preauth]
Jun 23 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 09:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Failed password for invalid user uo from 212.154.234.9 port 11635 ssh2
Jun 23 09:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Received disconnect from 212.154.234.9 port 11635:11: Bye Bye [preauth]
Jun 23 09:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Disconnected from 212.154.234.9 port 11635 [preauth]
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3387]: Successful su for rubyman by root
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3387]: + ??? root:rubyman
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576411 of user rubyman.
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3387]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576411.
Jun 23 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session closed for user root
Jun 23 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: Invalid user admin from 91.92.40.11
Jun 23 09:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: Failed password for invalid user admin from 91.92.40.11 port 36514 ssh2
Jun 23 09:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: Connection closed by 91.92.40.11 port 36514 [preauth]
Jun 23 09:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 09:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Failed password for root from 103.27.238.120 port 40930 ssh2
Jun 23 09:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Connection closed by 103.27.238.120 port 40930 [preauth]
Jun 23 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session closed for user root
Jun 23 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3839]: pam_unix(cron:session): session closed for user root
Jun 23 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3833]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3956]: Successful su for rubyman by root
Jun 23 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3956]: + ??? root:rubyman
Jun 23 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576415 of user rubyman.
Jun 23 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3956]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576415.
Jun 23 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3836]: pam_unix(cron:session): session closed for user root
Jun 23 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[880]: pam_unix(cron:session): session closed for user root
Jun 23 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3834]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Invalid user admin from 91.92.40.11
Jun 23 09:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Failed password for invalid user admin from 91.92.40.11 port 51970 ssh2
Jun 23 09:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Connection closed by 91.92.40.11 port 51970 [preauth]
Jun 23 09:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2926]: pam_unix(cron:session): session closed for user root
Jun 23 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: Invalid user img from 212.154.234.9
Jun 23 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: input_userauth_request: invalid user img [preauth]
Jun 23 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.154.234.9
Jun 23 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4324]: Invalid user grs from 103.132.243.250
Jun 23 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4324]: input_userauth_request: invalid user grs [preauth]
Jun 23 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4324]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: Failed password for invalid user img from 212.154.234.9 port 8914 ssh2
Jun 23 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: Received disconnect from 212.154.234.9 port 8914:11: Bye Bye [preauth]
Jun 23 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: Disconnected from 212.154.234.9 port 8914 [preauth]
Jun 23 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4324]: Failed password for invalid user grs from 103.132.243.250 port 57674 ssh2
Jun 23 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4324]: Received disconnect from 103.132.243.250 port 57674:11: Bye Bye [preauth]
Jun 23 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4324]: Disconnected from 103.132.243.250 port 57674 [preauth]
Jun 23 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4379]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: Successful su for rubyman by root
Jun 23 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: + ??? root:rubyman
Jun 23 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576420 of user rubyman.
Jun 23 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576420.
Jun 23 09:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1475]: pam_unix(cron:session): session closed for user root
Jun 23 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4380]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224  user=root
Jun 23 09:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4661]: Failed password for root from 46.101.216.224 port 47366 ssh2
Jun 23 09:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4661]: Received disconnect from 46.101.216.224 port 47366:11: Bye Bye [preauth]
Jun 23 09:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4661]: Disconnected from 46.101.216.224 port 47366 [preauth]
Jun 23 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3330]: pam_unix(cron:session): session closed for user root
Jun 23 09:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: Invalid user admin from 91.92.40.11
Jun 23 09:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: Failed password for invalid user admin from 91.92.40.11 port 42616 ssh2
Jun 23 09:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: Connection closed by 91.92.40.11 port 42616 [preauth]
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4854]: pam_unix(cron:session): session closed for user root
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4856]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4968]: Successful su for rubyman by root
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4968]: + ??? root:rubyman
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576424 of user rubyman.
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4968]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576424.
Jun 23 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session closed for user root
Jun 23 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4857]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3838]: pam_unix(cron:session): session closed for user root
Jun 23 09:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Invalid user admin from 91.92.40.11
Jun 23 09:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Failed password for invalid user admin from 91.92.40.11 port 44896 ssh2
Jun 23 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Connection closed by 91.92.40.11 port 44896 [preauth]
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5304]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5382]: Successful su for rubyman by root
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5382]: + ??? root:rubyman
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576429 of user rubyman.
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5382]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576429.
Jun 23 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session closed for user root
Jun 23 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5305]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Invalid user crs from 103.132.243.250
Jun 23 09:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: input_userauth_request: invalid user crs [preauth]
Jun 23 09:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Failed password for invalid user crs from 103.132.243.250 port 49078 ssh2
Jun 23 09:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Received disconnect from 103.132.243.250 port 49078:11: Bye Bye [preauth]
Jun 23 09:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Disconnected from 103.132.243.250 port 49078 [preauth]
Jun 23 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4382]: pam_unix(cron:session): session closed for user root
Jun 23 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5769]: Successful su for rubyman by root
Jun 23 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5769]: + ??? root:rubyman
Jun 23 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576433 of user rubyman.
Jun 23 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5769]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576433.
Jun 23 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: Invalid user admin from 91.92.40.11
Jun 23 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2925]: pam_unix(cron:session): session closed for user root
Jun 23 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: Failed password for invalid user admin from 91.92.40.11 port 55156 ssh2
Jun 23 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: Connection closed by 91.92.40.11 port 55156 [preauth]
Jun 23 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5707]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session closed for user root
Jun 23 09:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 09:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6073]: Failed password for root from 38.93.206.2 port 32950 ssh2
Jun 23 09:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6073]: Connection closed by 38.93.206.2 port 32950 [preauth]
Jun 23 09:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: Received disconnect from 199.127.60.187 port 12914:11: disconnected by user [preauth]
Jun 23 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: Disconnected from 199.127.60.187 port 12914 [preauth]
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6100]: pam_unix(cron:session): session closed for user root
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6094]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6166]: Successful su for rubyman by root
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6166]: + ??? root:rubyman
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576440 of user rubyman.
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6166]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576440.
Jun 23 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6096]: pam_unix(cron:session): session closed for user root
Jun 23 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session closed for user root
Jun 23 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6095]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5311]: pam_unix(cron:session): session closed for user root
Jun 23 09:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: Invalid user personel from 103.132.243.250
Jun 23 09:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: input_userauth_request: invalid user personel [preauth]
Jun 23 09:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: Failed password for invalid user personel from 103.132.243.250 port 37200 ssh2
Jun 23 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: Received disconnect from 103.132.243.250 port 37200:11: Bye Bye [preauth]
Jun 23 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: Disconnected from 103.132.243.250 port 37200 [preauth]
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6520]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6586]: Successful su for rubyman by root
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6586]: + ??? root:rubyman
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576442 of user rubyman.
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6586]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576442.
Jun 23 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3837]: pam_unix(cron:session): session closed for user root
Jun 23 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6521]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5709]: pam_unix(cron:session): session closed for user root
Jun 23 09:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Invalid user joel from 141.98.83.240
Jun 23 09:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: input_userauth_request: invalid user joel [preauth]
Jun 23 09:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Failed password for invalid user joel from 141.98.83.240 port 64958 ssh2
Jun 23 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Failed password for invalid user joel from 141.98.83.240 port 64958 ssh2
Jun 23 09:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Failed password for invalid user joel from 141.98.83.240 port 64958 ssh2
Jun 23 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Connection closed by 141.98.83.240 port 64958 [preauth]
Jun 23 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6954]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7043]: Successful su for rubyman by root
Jun 23 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7043]: + ??? root:rubyman
Jun 23 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576447 of user rubyman.
Jun 23 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7043]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576447.
Jun 23 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4381]: pam_unix(cron:session): session closed for user root
Jun 23 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6958]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6098]: pam_unix(cron:session): session closed for user root
Jun 23 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Invalid user admin from 45.148.10.121
Jun 23 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: Invalid user toy from 103.132.243.250
Jun 23 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: input_userauth_request: invalid user toy [preauth]
Jun 23 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: Failed password for root from 87.251.79.125 port 56562 ssh2
Jun 23 09:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: Connection closed by 87.251.79.125 port 56562 [preauth]
Jun 23 09:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Failed password for invalid user admin from 45.148.10.121 port 55420 ssh2
Jun 23 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Connection closed by 45.148.10.121 port 55420 [preauth]
Jun 23 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: Failed password for invalid user toy from 103.132.243.250 port 38546 ssh2
Jun 23 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: Received disconnect from 103.132.243.250 port 38546:11: Bye Bye [preauth]
Jun 23 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: Disconnected from 103.132.243.250 port 38546 [preauth]
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7444]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7502]: Successful su for rubyman by root
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7502]: + ??? root:rubyman
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576451 of user rubyman.
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7502]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576451.
Jun 23 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4870]: pam_unix(cron:session): session closed for user root
Jun 23 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6523]: pam_unix(cron:session): session closed for user root
Jun 23 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7929]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7926]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7987]: Successful su for rubyman by root
Jun 23 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7987]: + ??? root:rubyman
Jun 23 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576454 of user rubyman.
Jun 23 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7987]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576454.
Jun 23 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5307]: pam_unix(cron:session): session closed for user root
Jun 23 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7927]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: Failed password for root from 193.24.211.107 port 23917 ssh2
Jun 23 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: Received disconnect from 193.24.211.107 port 23917:11: Client disconnecting normally [preauth]
Jun 23 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: Disconnected from 193.24.211.107 port 23917 [preauth]
Jun 23 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6960]: pam_unix(cron:session): session closed for user root
Jun 23 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session closed for user root
Jun 23 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8323]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8392]: Successful su for rubyman by root
Jun 23 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8392]: + ??? root:rubyman
Jun 23 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576458 of user rubyman.
Jun 23 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8392]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576458.
Jun 23 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session closed for user root
Jun 23 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5708]: pam_unix(cron:session): session closed for user root
Jun 23 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8324]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Invalid user johnson from 103.132.243.250
Jun 23 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: input_userauth_request: invalid user johnson [preauth]
Jun 23 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7447]: pam_unix(cron:session): session closed for user root
Jun 23 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Failed password for invalid user johnson from 103.132.243.250 port 42132 ssh2
Jun 23 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Received disconnect from 103.132.243.250 port 42132:11: Bye Bye [preauth]
Jun 23 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Disconnected from 103.132.243.250 port 42132 [preauth]
Jun 23 09:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 09:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Failed password for root from 103.172.78.219 port 49374 ssh2
Jun 23 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Connection closed by 103.172.78.219 port 49374 [preauth]
Jun 23 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8753]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8821]: Successful su for rubyman by root
Jun 23 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8821]: + ??? root:rubyman
Jun 23 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576464 of user rubyman.
Jun 23 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8821]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576464.
Jun 23 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6097]: pam_unix(cron:session): session closed for user root
Jun 23 09:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8754]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: Invalid user admin from 46.101.216.224
Jun 23 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: Failed password for invalid user admin from 46.101.216.224 port 60294 ssh2
Jun 23 09:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: Received disconnect from 46.101.216.224 port 60294:11: Bye Bye [preauth]
Jun 23 09:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: Disconnected from 46.101.216.224 port 60294 [preauth]
Jun 23 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7929]: pam_unix(cron:session): session closed for user root
Jun 23 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9155]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9218]: Successful su for rubyman by root
Jun 23 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9218]: + ??? root:rubyman
Jun 23 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576468 of user rubyman.
Jun 23 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9218]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576468.
Jun 23 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6522]: pam_unix(cron:session): session closed for user root
Jun 23 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9156]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8327]: pam_unix(cron:session): session closed for user root
Jun 23 09:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Invalid user mycp from 103.132.243.250
Jun 23 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: input_userauth_request: invalid user mycp [preauth]
Jun 23 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: Invalid user flavia from 46.101.216.224
Jun 23 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: input_userauth_request: invalid user flavia [preauth]
Jun 23 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Failed password for invalid user mycp from 103.132.243.250 port 52244 ssh2
Jun 23 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: Failed password for invalid user flavia from 46.101.216.224 port 59716 ssh2
Jun 23 09:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Received disconnect from 103.132.243.250 port 52244:11: Bye Bye [preauth]
Jun 23 09:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Disconnected from 103.132.243.250 port 52244 [preauth]
Jun 23 09:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: Received disconnect from 46.101.216.224 port 59716:11: Bye Bye [preauth]
Jun 23 09:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: Disconnected from 46.101.216.224 port 59716 [preauth]
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9541]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9610]: Successful su for rubyman by root
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9610]: + ??? root:rubyman
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576473 of user rubyman.
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9610]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576473.
Jun 23 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6959]: pam_unix(cron:session): session closed for user root
Jun 23 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9542]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8756]: pam_unix(cron:session): session closed for user root
Jun 23 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10183]: Successful su for rubyman by root
Jun 23 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10183]: + ??? root:rubyman
Jun 23 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576477 of user rubyman.
Jun 23 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10183]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576477.
Jun 23 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session closed for user root
Jun 23 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10123]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: Invalid user webuser from 46.101.216.224
Jun 23 09:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: input_userauth_request: invalid user webuser [preauth]
Jun 23 09:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: Failed password for invalid user webuser from 46.101.216.224 port 55984 ssh2
Jun 23 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: Received disconnect from 46.101.216.224 port 55984:11: Bye Bye [preauth]
Jun 23 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: Disconnected from 46.101.216.224 port 55984 [preauth]
Jun 23 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9158]: pam_unix(cron:session): session closed for user root
Jun 23 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10556]: Received disconnect from 194.120.230.72 port 22122:11: disconnected by user [preauth]
Jun 23 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10556]: Disconnected from 194.120.230.72 port 22122 [preauth]
Jun 23 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10622]: pam_unix(cron:session): session closed for user root
Jun 23 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10616]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10693]: Successful su for rubyman by root
Jun 23 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10693]: + ??? root:rubyman
Jun 23 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576480 of user rubyman.
Jun 23 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10693]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576480.
Jun 23 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10618]: pam_unix(cron:session): session closed for user root
Jun 23 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7928]: pam_unix(cron:session): session closed for user root
Jun 23 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10617]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: Invalid user keeper from 103.132.243.250
Jun 23 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: input_userauth_request: invalid user keeper [preauth]
Jun 23 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: Failed password for invalid user keeper from 103.132.243.250 port 54326 ssh2
Jun 23 09:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: Received disconnect from 103.132.243.250 port 54326:11: Bye Bye [preauth]
Jun 23 09:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: Disconnected from 103.132.243.250 port 54326 [preauth]
Jun 23 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session closed for user root
Jun 23 09:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: Connection closed by 194.59.206.2 port 43450 [preauth]
Jun 23 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Invalid user admin from 46.101.216.224
Jun 23 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Failed password for invalid user admin from 46.101.216.224 port 46206 ssh2
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Received disconnect from 46.101.216.224 port 46206:11: Bye Bye [preauth]
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Disconnected from 46.101.216.224 port 46206 [preauth]
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11078]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: Successful su for rubyman by root
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: + ??? root:rubyman
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576487 of user rubyman.
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576487.
Jun 23 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session closed for user root
Jun 23 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11079]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session closed for user root
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: Successful su for rubyman by root
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: + ??? root:rubyman
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576490 of user rubyman.
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576490.
Jun 23 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session closed for user root
Jun 23 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Failed password for root from 62.133.62.83 port 41810 ssh2
Jun 23 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Connection closed by 62.133.62.83 port 41810 [preauth]
Jun 23 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11512]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10621]: pam_unix(cron:session): session closed for user root
Jun 23 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224  user=root
Jun 23 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: Failed password for root from 46.101.216.224 port 41584 ssh2
Jun 23 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: Received disconnect from 46.101.216.224 port 41584:11: Bye Bye [preauth]
Jun 23 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: Disconnected from 46.101.216.224 port 41584 [preauth]
Jun 23 09:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Invalid user cbt from 103.132.243.250
Jun 23 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: input_userauth_request: invalid user cbt [preauth]
Jun 23 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Failed password for invalid user cbt from 103.132.243.250 port 47266 ssh2
Jun 23 09:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Received disconnect from 103.132.243.250 port 47266:11: Bye Bye [preauth]
Jun 23 09:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Disconnected from 103.132.243.250 port 47266 [preauth]
Jun 23 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11968]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12031]: Successful su for rubyman by root
Jun 23 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12031]: + ??? root:rubyman
Jun 23 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576494 of user rubyman.
Jun 23 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12031]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576494.
Jun 23 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9157]: pam_unix(cron:session): session closed for user root
Jun 23 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11969]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: Failed password for root from 103.176.20.57 port 57780 ssh2
Jun 23 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: Connection closed by 103.176.20.57 port 57780 [preauth]
Jun 23 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session closed for user root
Jun 23 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12487]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: Successful su for rubyman by root
Jun 23 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: + ??? root:rubyman
Jun 23 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576500 of user rubyman.
Jun 23 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576500.
Jun 23 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Invalid user sftp_user from 46.101.216.224
Jun 23 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: input_userauth_request: invalid user sftp_user [preauth]
Jun 23 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9543]: pam_unix(cron:session): session closed for user root
Jun 23 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Failed password for invalid user sftp_user from 46.101.216.224 port 40818 ssh2
Jun 23 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Received disconnect from 46.101.216.224 port 40818:11: Bye Bye [preauth]
Jun 23 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Disconnected from 46.101.216.224 port 40818 [preauth]
Jun 23 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12488]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11514]: pam_unix(cron:session): session closed for user root
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12905]: pam_unix(cron:session): session closed for user root
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12899]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: Successful su for rubyman by root
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: + ??? root:rubyman
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576505 of user rubyman.
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576505.
Jun 23 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12902]: pam_unix(cron:session): session closed for user root
Jun 23 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session closed for user root
Jun 23 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12900]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: Invalid user recrutement from 103.132.243.250
Jun 23 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: input_userauth_request: invalid user recrutement [preauth]
Jun 23 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: Failed password for invalid user recrutement from 103.132.243.250 port 60742 ssh2
Jun 23 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: Received disconnect from 103.132.243.250 port 60742:11: Bye Bye [preauth]
Jun 23 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13212]: Disconnected from 103.132.243.250 port 60742 [preauth]
Jun 23 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11971]: pam_unix(cron:session): session closed for user root
Jun 23 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: Invalid user test1 from 46.101.216.224
Jun 23 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: input_userauth_request: invalid user test1 [preauth]
Jun 23 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: Failed password for invalid user test1 from 46.101.216.224 port 59386 ssh2
Jun 23 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: Received disconnect from 46.101.216.224 port 59386:11: Bye Bye [preauth]
Jun 23 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13289]: Disconnected from 46.101.216.224 port 59386 [preauth]
Jun 23 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13349]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13418]: Successful su for rubyman by root
Jun 23 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13418]: + ??? root:rubyman
Jun 23 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576509 of user rubyman.
Jun 23 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13418]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576509.
Jun 23 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10619]: pam_unix(cron:session): session closed for user root
Jun 23 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13350]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session closed for user root
Jun 23 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13816]: Successful su for rubyman by root
Jun 23 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13816]: + ??? root:rubyman
Jun 23 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576513 of user rubyman.
Jun 23 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13816]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576513.
Jun 23 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session closed for user root
Jun 23 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224  user=root
Jun 23 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Failed password for root from 46.101.216.224 port 51280 ssh2
Jun 23 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Received disconnect from 46.101.216.224 port 51280:11: Bye Bye [preauth]
Jun 23 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Disconnected from 46.101.216.224 port 51280 [preauth]
Jun 23 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12904]: pam_unix(cron:session): session closed for user root
Jun 23 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14112]: Invalid user lifestyle from 103.132.243.250
Jun 23 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14112]: input_userauth_request: invalid user lifestyle [preauth]
Jun 23 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14112]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14112]: Failed password for invalid user lifestyle from 103.132.243.250 port 35332 ssh2
Jun 23 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14112]: Received disconnect from 103.132.243.250 port 35332:11: Bye Bye [preauth]
Jun 23 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14112]: Disconnected from 103.132.243.250 port 35332 [preauth]
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14216]: Successful su for rubyman by root
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14216]: + ??? root:rubyman
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576518 of user rubyman.
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14216]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576518.
Jun 23 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session closed for user root
Jun 23 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session closed for user root
Jun 23 09:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224  user=root
Jun 23 09:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Failed password for root from 46.101.216.224 port 36422 ssh2
Jun 23 09:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Received disconnect from 46.101.216.224 port 36422:11: Bye Bye [preauth]
Jun 23 09:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Disconnected from 46.101.216.224 port 36422 [preauth]
Jun 23 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14550]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: Successful su for rubyman by root
Jun 23 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: + ??? root:rubyman
Jun 23 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576522 of user rubyman.
Jun 23 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576522.
Jun 23 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session closed for user root
Jun 23 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11970]: pam_unix(cron:session): session closed for user root
Jun 23 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14551]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13758]: pam_unix(cron:session): session closed for user root
Jun 23 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15104]: Failed password for root from 193.37.70.224 port 46760 ssh2
Jun 23 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15104]: Connection closed by 193.37.70.224 port 46760 [preauth]
Jun 23 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session closed for user root
Jun 23 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15199]: Successful su for rubyman by root
Jun 23 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15199]: + ??? root:rubyman
Jun 23 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576527 of user rubyman.
Jun 23 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15199]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576527.
Jun 23 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session closed for user root
Jun 23 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12489]: pam_unix(cron:session): session closed for user root
Jun 23 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Invalid user warranty from 103.132.243.250
Jun 23 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: input_userauth_request: invalid user warranty [preauth]
Jun 23 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Failed password for invalid user warranty from 103.132.243.250 port 32768 ssh2
Jun 23 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Received disconnect from 103.132.243.250 port 32768:11: Bye Bye [preauth]
Jun 23 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Disconnected from 103.132.243.250 port 32768 [preauth]
Jun 23 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Received disconnect from 148.113.190.153 port 57232:11: disconnected by user [preauth]
Jun 23 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Disconnected from 148.113.190.153 port 57232 [preauth]
Jun 23 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224  user=root
Jun 23 09:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Failed password for root from 46.101.216.224 port 39754 ssh2
Jun 23 09:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Received disconnect from 46.101.216.224 port 39754:11: Bye Bye [preauth]
Jun 23 09:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Disconnected from 46.101.216.224 port 39754 [preauth]
Jun 23 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14158]: pam_unix(cron:session): session closed for user root
Jun 23 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15616]: Successful su for rubyman by root
Jun 23 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15616]: + ??? root:rubyman
Jun 23 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576533 of user rubyman.
Jun 23 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15616]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576533.
Jun 23 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12903]: pam_unix(cron:session): session closed for user root
Jun 23 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: Failed password for root from 103.82.20.28 port 57076 ssh2
Jun 23 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: Connection closed by 103.82.20.28 port 57076 [preauth]
Jun 23 09:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Failed password for root from 103.82.132.16 port 58442 ssh2
Jun 23 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Connection closed by 103.82.132.16 port 58442 [preauth]
Jun 23 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14553]: pam_unix(cron:session): session closed for user root
Jun 23 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Failed password for root from 103.27.238.114 port 37006 ssh2
Jun 23 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Connection closed by 103.27.238.114 port 37006 [preauth]
Jun 23 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Invalid user openerp from 46.101.216.224
Jun 23 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: input_userauth_request: invalid user openerp [preauth]
Jun 23 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Failed password for invalid user openerp from 46.101.216.224 port 32924 ssh2
Jun 23 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Received disconnect from 46.101.216.224 port 32924:11: Bye Bye [preauth]
Jun 23 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Disconnected from 46.101.216.224 port 32924 [preauth]
Jun 23 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15959]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16017]: Successful su for rubyman by root
Jun 23 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16017]: + ??? root:rubyman
Jun 23 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576535 of user rubyman.
Jun 23 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16017]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576535.
Jun 23 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13351]: pam_unix(cron:session): session closed for user root
Jun 23 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15960]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 09:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16210]: Failed password for root from 103.77.242.62 port 50066 ssh2
Jun 23 09:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16210]: Connection closed by 103.77.242.62 port 50066 [preauth]
Jun 23 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16262]: Invalid user csm from 103.132.243.250
Jun 23 09:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16262]: input_userauth_request: invalid user csm [preauth]
Jun 23 09:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16262]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16262]: Failed password for invalid user csm from 103.132.243.250 port 44332 ssh2
Jun 23 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16262]: Received disconnect from 103.132.243.250 port 44332:11: Bye Bye [preauth]
Jun 23 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16262]: Disconnected from 103.132.243.250 port 44332 [preauth]
Jun 23 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session closed for user root
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16344]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16404]: Successful su for rubyman by root
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16404]: + ??? root:rubyman
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576542 of user rubyman.
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16404]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576542.
Jun 23 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13757]: pam_unix(cron:session): session closed for user root
Jun 23 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16345]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Invalid user admin from 2.57.121.25
Jun 23 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 09:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Failed password for invalid user admin from 2.57.121.25 port 25688 ssh2
Jun 23 09:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Failed password for invalid user admin from 2.57.121.25 port 25688 ssh2
Jun 23 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Failed password for invalid user admin from 2.57.121.25 port 25688 ssh2
Jun 23 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Connection closed by 2.57.121.25 port 25688 [preauth]
Jun 23 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 09:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224  user=root
Jun 23 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: Failed password for root from 46.101.216.224 port 41498 ssh2
Jun 23 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: Received disconnect from 46.101.216.224 port 41498:11: Bye Bye [preauth]
Jun 23 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: Disconnected from 46.101.216.224 port 41498 [preauth]
Jun 23 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session closed for user root
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16739]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16802]: Successful su for rubyman by root
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16802]: + ??? root:rubyman
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576543 of user rubyman.
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16802]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576543.
Jun 23 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session closed for user root
Jun 23 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16740]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session closed for user root
Jun 23 09:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Invalid user gms from 103.132.243.250
Jun 23 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: input_userauth_request: invalid user gms [preauth]
Jun 23 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Failed password for invalid user gms from 103.132.243.250 port 56846 ssh2
Jun 23 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Received disconnect from 103.132.243.250 port 56846:11: Bye Bye [preauth]
Jun 23 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Disconnected from 103.132.243.250 port 56846 [preauth]
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session closed for user root
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17237]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17312]: Successful su for rubyman by root
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17312]: + ??? root:rubyman
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576552 of user rubyman.
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17312]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576552.
Jun 23 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17239]: pam_unix(cron:session): session closed for user root
Jun 23 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14552]: pam_unix(cron:session): session closed for user root
Jun 23 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Invalid user ftpuser from 46.101.216.224
Jun 23 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Failed password for invalid user ftpuser from 46.101.216.224 port 56826 ssh2
Jun 23 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Received disconnect from 46.101.216.224 port 56826:11: Bye Bye [preauth]
Jun 23 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Disconnected from 46.101.216.224 port 56826 [preauth]
Jun 23 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session closed for user root
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17764]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17844]: Successful su for rubyman by root
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17844]: + ??? root:rubyman
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576554 of user rubyman.
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17844]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576554.
Jun 23 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Failed password for root from 109.237.96.109 port 44130 ssh2
Jun 23 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Connection closed by 109.237.96.109 port 44130 [preauth]
Jun 23 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session closed for user root
Jun 23 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17765]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: Invalid user stetson from 2.57.121.112
Jun 23 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: input_userauth_request: invalid user stetson [preauth]
Jun 23 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 09:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: Failed password for invalid user stetson from 2.57.121.112 port 58056 ssh2
Jun 23 09:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: Failed password for invalid user stetson from 2.57.121.112 port 58056 ssh2
Jun 23 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: Failed password for invalid user stetson from 2.57.121.112 port 58056 ssh2
Jun 23 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: Failed password for invalid user stetson from 2.57.121.112 port 58056 ssh2
Jun 23 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: Failed password for invalid user stetson from 2.57.121.112 port 58056 ssh2
Jun 23 09:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: Connection closed by 2.57.121.112 port 58056 [preauth]
Jun 23 09:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 09:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 09:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16742]: pam_unix(cron:session): session closed for user root
Jun 23 09:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18137]: Invalid user django from 46.101.216.224
Jun 23 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18137]: input_userauth_request: invalid user django [preauth]
Jun 23 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18137]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18137]: Failed password for invalid user django from 46.101.216.224 port 47946 ssh2
Jun 23 09:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18137]: Received disconnect from 46.101.216.224 port 47946:11: Bye Bye [preauth]
Jun 23 09:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18137]: Disconnected from 46.101.216.224 port 47946 [preauth]
Jun 23 09:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 09:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: Failed password for root from 194.113.233.25 port 47350 ssh2
Jun 23 09:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18191]: Connection closed by 194.113.233.25 port 47350 [preauth]
Jun 23 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18205]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: Successful su for rubyman by root
Jun 23 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: + ??? root:rubyman
Jun 23 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576557 of user rubyman.
Jun 23 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576557.
Jun 23 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15550]: pam_unix(cron:session): session closed for user root
Jun 23 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18206]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Invalid user aws from 103.132.243.250
Jun 23 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: input_userauth_request: invalid user aws [preauth]
Jun 23 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Failed password for invalid user aws from 103.132.243.250 port 58108 ssh2
Jun 23 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Received disconnect from 103.132.243.250 port 58108:11: Bye Bye [preauth]
Jun 23 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Disconnected from 103.132.243.250 port 58108 [preauth]
Jun 23 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17241]: pam_unix(cron:session): session closed for user root
Jun 23 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18783]: Successful su for rubyman by root
Jun 23 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18783]: + ??? root:rubyman
Jun 23 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576562 of user rubyman.
Jun 23 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18783]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576562.
Jun 23 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Invalid user test from 46.101.216.224
Jun 23 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: input_userauth_request: invalid user test [preauth]
Jun 23 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session closed for user root
Jun 23 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18718]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Failed password for invalid user test from 46.101.216.224 port 54724 ssh2
Jun 23 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Received disconnect from 46.101.216.224 port 54724:11: Bye Bye [preauth]
Jun 23 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Disconnected from 46.101.216.224 port 54724 [preauth]
Jun 23 09:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17767]: pam_unix(cron:session): session closed for user root
Jun 23 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Connection closed by 213.177.179.62 port 55760 [preauth]
Jun 23 09:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 09:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: Failed password for root from 77.94.47.83 port 55866 ssh2
Jun 23 09:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: Connection closed by 77.94.47.83 port 55866 [preauth]
Jun 23 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19234]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19298]: Successful su for rubyman by root
Jun 23 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19298]: + ??? root:rubyman
Jun 23 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576566 of user rubyman.
Jun 23 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19298]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576566.
Jun 23 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16346]: pam_unix(cron:session): session closed for user root
Jun 23 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19235]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18208]: pam_unix(cron:session): session closed for user root
Jun 23 09:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224  user=root
Jun 23 09:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: Failed password for root from 46.101.216.224 port 33310 ssh2
Jun 23 09:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: Received disconnect from 46.101.216.224 port 33310:11: Bye Bye [preauth]
Jun 23 09:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: Disconnected from 46.101.216.224 port 33310 [preauth]
Jun 23 09:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Invalid user keywords from 103.132.243.250
Jun 23 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: input_userauth_request: invalid user keywords [preauth]
Jun 23 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Failed password for invalid user keywords from 103.132.243.250 port 39252 ssh2
Jun 23 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Received disconnect from 103.132.243.250 port 39252:11: Bye Bye [preauth]
Jun 23 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Disconnected from 103.132.243.250 port 39252 [preauth]
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session closed for user root
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19846]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19920]: Successful su for rubyman by root
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19920]: + ??? root:rubyman
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576572 of user rubyman.
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19920]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576572.
Jun 23 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session closed for user root
Jun 23 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16741]: pam_unix(cron:session): session closed for user root
Jun 23 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 09:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20253]: Failed password for root from 193.24.211.107 port 39824 ssh2
Jun 23 09:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20253]: Received disconnect from 193.24.211.107 port 39824:11: Client disconnecting normally [preauth]
Jun 23 09:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20253]: Disconnected from 193.24.211.107 port 39824 [preauth]
Jun 23 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18720]: pam_unix(cron:session): session closed for user root
Jun 23 09:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: Received disconnect from 109.236.86.20 port 58464:11: disconnected by user [preauth]
Jun 23 09:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: Disconnected from 109.236.86.20 port 58464 [preauth]
Jun 23 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20379]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20453]: Successful su for rubyman by root
Jun 23 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20453]: + ??? root:rubyman
Jun 23 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576575 of user rubyman.
Jun 23 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20453]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576575.
Jun 23 09:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session closed for user root
Jun 23 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20380]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: Invalid user admin from 193.46.255.86
Jun 23 09:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: input_userauth_request: invalid user admin [preauth]
Jun 23 09:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 09:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Invalid user test from 46.101.216.224
Jun 23 09:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: input_userauth_request: invalid user test [preauth]
Jun 23 09:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: Failed password for invalid user admin from 193.46.255.86 port 24710 ssh2
Jun 23 09:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Failed password for invalid user test from 46.101.216.224 port 49514 ssh2
Jun 23 09:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Received disconnect from 46.101.216.224 port 49514:11: Bye Bye [preauth]
Jun 23 09:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Disconnected from 46.101.216.224 port 49514 [preauth]
Jun 23 09:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: Failed password for invalid user admin from 193.46.255.86 port 24710 ssh2
Jun 23 09:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: Failed password for invalid user admin from 193.46.255.86 port 24710 ssh2
Jun 23 09:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: Connection closed by 193.46.255.86 port 24710 [preauth]
Jun 23 09:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20716]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19238]: pam_unix(cron:session): session closed for user root
Jun 23 09:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 09:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Failed password for root from 141.98.83.240 port 60734 ssh2
Jun 23 09:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Failed password for root from 141.98.83.240 port 60734 ssh2
Jun 23 09:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 23 09:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Failed password for root from 141.98.83.240 port 60734 ssh2
Jun 23 09:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Connection closed by 141.98.83.240 port 60734 [preauth]
Jun 23 09:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 09:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: Failed password for root from 143.20.185.207 port 50986 ssh2
Jun 23 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: Connection closed by 143.20.185.207 port 50986 [preauth]
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20900]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20960]: Successful su for rubyman by root
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20960]: + ??? root:rubyman
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576579 of user rubyman.
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20960]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576579.
Jun 23 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17766]: pam_unix(cron:session): session closed for user root
Jun 23 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20901]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: Invalid user prototype from 103.132.243.250
Jun 23 09:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: input_userauth_request: invalid user prototype [preauth]
Jun 23 09:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: Failed password for invalid user prototype from 103.132.243.250 port 45920 ssh2
Jun 23 09:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: Received disconnect from 103.132.243.250 port 45920:11: Bye Bye [preauth]
Jun 23 09:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: Disconnected from 103.132.243.250 port 45920 [preauth]
Jun 23 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session closed for user root
Jun 23 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: Invalid user platform from 46.101.216.224
Jun 23 09:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: input_userauth_request: invalid user platform [preauth]
Jun 23 09:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: Failed password for invalid user platform from 46.101.216.224 port 33980 ssh2
Jun 23 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: Received disconnect from 46.101.216.224 port 33980:11: Bye Bye [preauth]
Jun 23 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: Disconnected from 46.101.216.224 port 33980 [preauth]
Jun 23 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21304]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: Successful su for rubyman by root
Jun 23 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: + ??? root:rubyman
Jun 23 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576583 of user rubyman.
Jun 23 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576583.
Jun 23 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18207]: pam_unix(cron:session): session closed for user root
Jun 23 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21305]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20382]: pam_unix(cron:session): session closed for user root
Jun 23 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21738]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21735]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21805]: Successful su for rubyman by root
Jun 23 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21805]: + ??? root:rubyman
Jun 23 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576588 of user rubyman.
Jun 23 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21805]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576588.
Jun 23 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session closed for user root
Jun 23 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 09:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21736]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Failed password for root from 103.77.175.15 port 41036 ssh2
Jun 23 09:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Connection closed by 103.77.175.15 port 41036 [preauth]
Jun 23 09:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224  user=root
Jun 23 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: Failed password for root from 46.101.216.224 port 53250 ssh2
Jun 23 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: Received disconnect from 46.101.216.224 port 53250:11: Bye Bye [preauth]
Jun 23 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: Disconnected from 46.101.216.224 port 53250 [preauth]
Jun 23 09:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20903]: pam_unix(cron:session): session closed for user root
Jun 23 09:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Invalid user manual from 103.132.243.250
Jun 23 09:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: input_userauth_request: invalid user manual [preauth]
Jun 23 09:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Failed password for invalid user manual from 103.132.243.250 port 50548 ssh2
Jun 23 09:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Received disconnect from 103.132.243.250 port 50548:11: Bye Bye [preauth]
Jun 23 09:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Disconnected from 103.132.243.250 port 50548 [preauth]
Jun 23 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22156]: pam_unix(cron:session): session closed for user root
Jun 23 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22151]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22225]: Successful su for rubyman by root
Jun 23 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22225]: + ??? root:rubyman
Jun 23 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576593 of user rubyman.
Jun 23 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22225]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576593.
Jun 23 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22153]: pam_unix(cron:session): session closed for user root
Jun 23 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19237]: pam_unix(cron:session): session closed for user root
Jun 23 09:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22152]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21307]: pam_unix(cron:session): session closed for user root
Jun 23 09:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: Invalid user yashar from 46.101.216.224
Jun 23 09:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: input_userauth_request: invalid user yashar [preauth]
Jun 23 09:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: Failed password for invalid user yashar from 46.101.216.224 port 59954 ssh2
Jun 23 09:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: Received disconnect from 46.101.216.224 port 59954:11: Bye Bye [preauth]
Jun 23 09:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: Disconnected from 46.101.216.224 port 59954 [preauth]
Jun 23 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22668]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22738]: Successful su for rubyman by root
Jun 23 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22738]: + ??? root:rubyman
Jun 23 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576597 of user rubyman.
Jun 23 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22738]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576597.
Jun 23 09:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session closed for user root
Jun 23 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22669]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21738]: pam_unix(cron:session): session closed for user root
Jun 23 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23074]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23135]: Successful su for rubyman by root
Jun 23 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23135]: + ??? root:rubyman
Jun 23 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576601 of user rubyman.
Jun 23 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23135]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576601.
Jun 23 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20381]: pam_unix(cron:session): session closed for user root
Jun 23 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: Invalid user foto from 103.132.243.250
Jun 23 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: input_userauth_request: invalid user foto [preauth]
Jun 23 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23075]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: Failed password for invalid user foto from 103.132.243.250 port 47064 ssh2
Jun 23 09:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: Received disconnect from 103.132.243.250 port 47064:11: Bye Bye [preauth]
Jun 23 09:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: Disconnected from 103.132.243.250 port 47064 [preauth]
Jun 23 09:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Invalid user minecraft from 46.101.216.224
Jun 23 09:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 09:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 09:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Failed password for invalid user minecraft from 46.101.216.224 port 51610 ssh2
Jun 23 09:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Received disconnect from 46.101.216.224 port 51610:11: Bye Bye [preauth]
Jun 23 09:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Disconnected from 46.101.216.224 port 51610 [preauth]
Jun 23 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22155]: pam_unix(cron:session): session closed for user root
Jun 23 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23438]: Failed password for root from 51.250.105.222 port 33392 ssh2
Jun 23 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23438]: Connection closed by 51.250.105.222 port 33392 [preauth]
Jun 23 09:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: Failed password for root from 103.27.238.116 port 38850 ssh2
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: Connection closed by 103.27.238.116 port 38850 [preauth]
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23500]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23568]: Successful su for rubyman by root
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23568]: + ??? root:rubyman
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576605 of user rubyman.
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23568]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576605.
Jun 23 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20902]: pam_unix(cron:session): session closed for user root
Jun 23 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23501]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22671]: pam_unix(cron:session): session closed for user root
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24021]: pam_unix(cron:session): session closed for user p13x
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24081]: Successful su for rubyman by root
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24081]: + ??? root:rubyman
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576611 of user rubyman.
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24081]: pam_unix(su:session): session closed for user rubyman
Jun 23 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576611.
Jun 23 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21306]: pam_unix(cron:session): session closed for user root
Jun 23 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224  user=root
Jun 23 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24022]: pam_unix(cron:session): session closed for user samftp
Jun 23 09:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Failed password for root from 46.101.216.224 port 53540 ssh2
Jun 23 09:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Received disconnect from 46.101.216.224 port 53540:11: Bye Bye [preauth]
Jun 23 09:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Disconnected from 46.101.216.224 port 53540 [preauth]
Jun 23 09:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 09:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: Failed password for root from 103.122.221.179 port 53858 ssh2
Jun 23 09:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: Connection closed by 103.122.221.179 port 53858 [preauth]
Jun 23 09:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Invalid user folio from 103.132.243.250
Jun 23 09:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: input_userauth_request: invalid user folio [preauth]
Jun 23 09:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 09:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.132.243.250
Jun 23 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Failed password for invalid user folio from 103.132.243.250 port 47468 ssh2
Jun 23 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Received disconnect from 103.132.243.250 port 47468:11: Bye Bye [preauth]
Jun 23 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Disconnected from 103.132.243.250 port 47468 [preauth]
Jun 23 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23077]: pam_unix(cron:session): session closed for user root
Jun 23 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 09:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: Failed password for root from 103.149.28.157 port 33190 ssh2
Jun 23 09:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: Connection closed by 103.149.28.157 port 33190 [preauth]
Jun 23 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24449]: pam_unix(cron:session): session closed for user root
Jun 23 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24445]: pam_unix(cron:session): session closed for user root
Jun 23 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24443]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24539]: Successful su for rubyman by root
Jun 23 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24539]: + ??? root:rubyman
Jun 23 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576616 of user rubyman.
Jun 23 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24539]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576616.
Jun 23 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24446]: pam_unix(cron:session): session closed for user root
Jun 23 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21737]: pam_unix(cron:session): session closed for user root
Jun 23 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24444]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session closed for user root
Jun 23 10:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Invalid user admin from 46.101.216.224
Jun 23 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: input_userauth_request: invalid user admin [preauth]
Jun 23 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Failed password for invalid user admin from 46.101.216.224 port 45332 ssh2
Jun 23 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Received disconnect from 46.101.216.224 port 45332:11: Bye Bye [preauth]
Jun 23 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Disconnected from 46.101.216.224 port 45332 [preauth]
Jun 23 10:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24948]: Received disconnect from 62.210.209.225 port 64188:11: disconnected by user [preauth]
Jun 23 10:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24948]: Disconnected from 62.210.209.225 port 64188 [preauth]
Jun 23 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24960]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25031]: Successful su for rubyman by root
Jun 23 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25031]: + ??? root:rubyman
Jun 23 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576621 of user rubyman.
Jun 23 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25031]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576621.
Jun 23 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22154]: pam_unix(cron:session): session closed for user root
Jun 23 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24961]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24024]: pam_unix(cron:session): session closed for user root
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25362]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25427]: Successful su for rubyman by root
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25427]: + ??? root:rubyman
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576624 of user rubyman.
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25427]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576624.
Jun 23 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22670]: pam_unix(cron:session): session closed for user root
Jun 23 10:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25363]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Invalid user mc from 46.101.216.224
Jun 23 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: input_userauth_request: invalid user mc [preauth]
Jun 23 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 10:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Failed password for invalid user mc from 46.101.216.224 port 47708 ssh2
Jun 23 10:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Received disconnect from 46.101.216.224 port 47708:11: Bye Bye [preauth]
Jun 23 10:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Disconnected from 46.101.216.224 port 47708 [preauth]
Jun 23 10:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 10:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: Failed password for root from 38.93.206.2 port 6526 ssh2
Jun 23 10:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: Connection closed by 38.93.206.2 port 6526 [preauth]
Jun 23 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session closed for user root
Jun 23 10:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 23 10:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:35.241.238.18
Jun 23 10:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 23 10:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:35.241.238.18
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25789]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25851]: Successful su for rubyman by root
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25851]: + ??? root:rubyman
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576629 of user rubyman.
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25851]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576629.
Jun 23 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23076]: pam_unix(cron:session): session closed for user root
Jun 23 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25790]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Received disconnect from 51.81.85.130 port 53948:11: disconnected by user [preauth]
Jun 23 10:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Disconnected from 51.81.85.130 port 53948 [preauth]
Jun 23 10:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24963]: pam_unix(cron:session): session closed for user root
Jun 23 10:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26151]: Invalid user ftpuser from 46.101.216.224
Jun 23 10:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26151]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 10:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26151]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 10:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26151]: Failed password for invalid user ftpuser from 46.101.216.224 port 41062 ssh2
Jun 23 10:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26151]: Received disconnect from 46.101.216.224 port 41062:11: Bye Bye [preauth]
Jun 23 10:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26151]: Disconnected from 46.101.216.224 port 41062 [preauth]
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26181]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26243]: Successful su for rubyman by root
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26243]: + ??? root:rubyman
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576632 of user rubyman.
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26243]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576632.
Jun 23 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23502]: pam_unix(cron:session): session closed for user root
Jun 23 10:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26182]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25365]: pam_unix(cron:session): session closed for user root
Jun 23 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26572]: pam_unix(cron:session): session closed for user root
Jun 23 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26567]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26640]: Successful su for rubyman by root
Jun 23 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26640]: + ??? root:rubyman
Jun 23 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576640 of user rubyman.
Jun 23 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26640]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576640.
Jun 23 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26569]: pam_unix(cron:session): session closed for user root
Jun 23 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24023]: pam_unix(cron:session): session closed for user root
Jun 23 10:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26568]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: Invalid user kafka from 46.101.216.224
Jun 23 10:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: input_userauth_request: invalid user kafka [preauth]
Jun 23 10:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 10:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: Failed password for invalid user kafka from 46.101.216.224 port 33554 ssh2
Jun 23 10:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: Received disconnect from 46.101.216.224 port 33554:11: Bye Bye [preauth]
Jun 23 10:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: Disconnected from 46.101.216.224 port 33554 [preauth]
Jun 23 10:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25793]: pam_unix(cron:session): session closed for user root
Jun 23 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27086]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27156]: Successful su for rubyman by root
Jun 23 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27156]: + ??? root:rubyman
Jun 23 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576642 of user rubyman.
Jun 23 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27156]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576642.
Jun 23 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24447]: pam_unix(cron:session): session closed for user root
Jun 23 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27087]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26185]: pam_unix(cron:session): session closed for user root
Jun 23 10:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 10:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: Failed password for root from 80.66.85.226 port 59392 ssh2
Jun 23 10:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: Connection closed by 80.66.85.226 port 59392 [preauth]
Jun 23 10:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Invalid user foundry from 46.101.216.224
Jun 23 10:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: input_userauth_request: invalid user foundry [preauth]
Jun 23 10:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 10:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Failed password for invalid user foundry from 46.101.216.224 port 41972 ssh2
Jun 23 10:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Received disconnect from 46.101.216.224 port 41972:11: Bye Bye [preauth]
Jun 23 10:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Disconnected from 46.101.216.224 port 41972 [preauth]
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27519]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27583]: Successful su for rubyman by root
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27583]: + ??? root:rubyman
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576648 of user rubyman.
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27583]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576648.
Jun 23 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24962]: pam_unix(cron:session): session closed for user root
Jun 23 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27520]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26571]: pam_unix(cron:session): session closed for user root
Jun 23 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27920]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: Successful su for rubyman by root
Jun 23 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: + ??? root:rubyman
Jun 23 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576652 of user rubyman.
Jun 23 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576652.
Jun 23 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25364]: pam_unix(cron:session): session closed for user root
Jun 23 10:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27921]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Invalid user support from 46.101.216.224
Jun 23 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: input_userauth_request: invalid user support [preauth]
Jun 23 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 10:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Failed password for invalid user support from 46.101.216.224 port 36986 ssh2
Jun 23 10:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Received disconnect from 46.101.216.224 port 36986:11: Bye Bye [preauth]
Jun 23 10:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Disconnected from 46.101.216.224 port 36986 [preauth]
Jun 23 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27089]: pam_unix(cron:session): session closed for user root
Jun 23 10:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 10:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: Failed password for root from 147.45.211.215 port 49798 ssh2
Jun 23 10:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: Connection closed by 147.45.211.215 port 49798 [preauth]
Jun 23 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28381]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28502]: Successful su for rubyman by root
Jun 23 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28502]: + ??? root:rubyman
Jun 23 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576657 of user rubyman.
Jun 23 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28502]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576657.
Jun 23 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28379]: pam_unix(cron:session): session closed for user root
Jun 23 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25792]: pam_unix(cron:session): session closed for user root
Jun 23 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28382]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27522]: pam_unix(cron:session): session closed for user root
Jun 23 10:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28965]: Invalid user ubuntu from 46.101.216.224
Jun 23 10:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28965]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 10:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28965]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.216.224
Jun 23 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28965]: Failed password for invalid user ubuntu from 46.101.216.224 port 55078 ssh2
Jun 23 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28965]: Received disconnect from 46.101.216.224 port 55078:11: Bye Bye [preauth]
Jun 23 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28965]: Disconnected from 46.101.216.224 port 55078 [preauth]
Jun 23 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28982]: pam_unix(cron:session): session closed for user root
Jun 23 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28977]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29056]: Successful su for rubyman by root
Jun 23 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29056]: + ??? root:rubyman
Jun 23 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576663 of user rubyman.
Jun 23 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29056]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576663.
Jun 23 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26184]: pam_unix(cron:session): session closed for user root
Jun 23 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28979]: pam_unix(cron:session): session closed for user root
Jun 23 10:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28978]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27923]: pam_unix(cron:session): session closed for user root
Jun 23 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29429]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29506]: Successful su for rubyman by root
Jun 23 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29506]: + ??? root:rubyman
Jun 23 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576665 of user rubyman.
Jun 23 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29506]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576665.
Jun 23 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26570]: pam_unix(cron:session): session closed for user root
Jun 23 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29430]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28384]: pam_unix(cron:session): session closed for user root
Jun 23 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29974]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30035]: Successful su for rubyman by root
Jun 23 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30035]: + ??? root:rubyman
Jun 23 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576670 of user rubyman.
Jun 23 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30035]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576670.
Jun 23 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27088]: pam_unix(cron:session): session closed for user root
Jun 23 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29975]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session closed for user root
Jun 23 10:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 23 10:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: Failed password for root from 143.20.185.207 port 34760 ssh2
Jun 23 10:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: Connection closed by 143.20.185.207 port 34760 [preauth]
Jun 23 10:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Received disconnect from 198.38.91.141 port 54232:11: disconnected by user [preauth]
Jun 23 10:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Disconnected from 198.38.91.141 port 54232 [preauth]
Jun 23 10:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30391]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: Successful su for rubyman by root
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: + ??? root:rubyman
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576675 of user rubyman.
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576675.
Jun 23 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27521]: pam_unix(cron:session): session closed for user root
Jun 23 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Failed password for root from 202.178.126.219 port 42150 ssh2
Jun 23 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Connection closed by 202.178.126.219 port 42150 [preauth]
Jun 23 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29432]: pam_unix(cron:session): session closed for user root
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30798]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: Successful su for rubyman by root
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: + ??? root:rubyman
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576678 of user rubyman.
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576678.
Jun 23 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27922]: pam_unix(cron:session): session closed for user root
Jun 23 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30799]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29977]: pam_unix(cron:session): session closed for user root
Jun 23 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31309]: pam_unix(cron:session): session closed for user root
Jun 23 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31304]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31374]: Successful su for rubyman by root
Jun 23 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31374]: + ??? root:rubyman
Jun 23 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576686 of user rubyman.
Jun 23 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31374]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576686.
Jun 23 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31306]: pam_unix(cron:session): session closed for user root
Jun 23 10:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28383]: pam_unix(cron:session): session closed for user root
Jun 23 10:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31305]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session closed for user root
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31903]: Successful su for rubyman by root
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31903]: + ??? root:rubyman
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576688 of user rubyman.
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31903]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576688.
Jun 23 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28980]: pam_unix(cron:session): session closed for user root
Jun 23 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31837]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 10:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32106]: Failed password for root from 193.24.211.107 port 7079 ssh2
Jun 23 10:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32106]: Received disconnect from 193.24.211.107 port 7079:11: Client disconnecting normally [preauth]
Jun 23 10:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32106]: Disconnected from 193.24.211.107 port 7079 [preauth]
Jun 23 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30801]: pam_unix(cron:session): session closed for user root
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32254]: pam_unix(cron:session): session closed for user root
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32256]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32315]: Successful su for rubyman by root
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32315]: + ??? root:rubyman
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576691 of user rubyman.
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32315]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576691.
Jun 23 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session closed for user root
Jun 23 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32257]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Failed password for root from 176.32.39.21 port 39218 ssh2
Jun 23 10:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Connection closed by 176.32.39.21 port 39218 [preauth]
Jun 23 10:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Received disconnect from 185.134.49.116 port 60120:11: disconnected by user [preauth]
Jun 23 10:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Disconnected from 185.134.49.116 port 60120 [preauth]
Jun 23 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session closed for user root
Jun 23 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32674]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32740]: Successful su for rubyman by root
Jun 23 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32740]: + ??? root:rubyman
Jun 23 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576699 of user rubyman.
Jun 23 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32740]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576699.
Jun 23 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29976]: pam_unix(cron:session): session closed for user root
Jun 23 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32675]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31839]: pam_unix(cron:session): session closed for user root
Jun 23 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[759]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[829]: Successful su for rubyman by root
Jun 23 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[829]: + ??? root:rubyman
Jun 23 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576700 of user rubyman.
Jun 23 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[829]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576700.
Jun 23 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session closed for user root
Jun 23 10:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[760]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32259]: pam_unix(cron:session): session closed for user root
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1214]: pam_unix(cron:session): session closed for user root
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1208]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1285]: Successful su for rubyman by root
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1285]: + ??? root:rubyman
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576707 of user rubyman.
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1285]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576707.
Jun 23 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1211]: pam_unix(cron:session): session closed for user root
Jun 23 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30800]: pam_unix(cron:session): session closed for user root
Jun 23 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1209]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32677]: pam_unix(cron:session): session closed for user root
Jun 23 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1796]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1860]: Successful su for rubyman by root
Jun 23 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1860]: + ??? root:rubyman
Jun 23 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576710 of user rubyman.
Jun 23 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1860]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576710.
Jun 23 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session closed for user root
Jun 23 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1797]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[762]: pam_unix(cron:session): session closed for user root
Jun 23 10:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Invalid user user from 141.98.83.240
Jun 23 10:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: input_userauth_request: invalid user user [preauth]
Jun 23 10:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 10:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Failed password for invalid user user from 141.98.83.240 port 55614 ssh2
Jun 23 10:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2276]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2348]: Successful su for rubyman by root
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2348]: + ??? root:rubyman
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576714 of user rubyman.
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2348]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576714.
Jun 23 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Failed password for invalid user user from 141.98.83.240 port 55614 ssh2
Jun 23 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31838]: pam_unix(cron:session): session closed for user root
Jun 23 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Failed password for invalid user user from 141.98.83.240 port 55614 ssh2
Jun 23 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Connection closed by 141.98.83.240 port 55614 [preauth]
Jun 23 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2277]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1213]: pam_unix(cron:session): session closed for user root
Jun 23 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2702]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2771]: Successful su for rubyman by root
Jun 23 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2771]: + ??? root:rubyman
Jun 23 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576718 of user rubyman.
Jun 23 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2771]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576718.
Jun 23 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32258]: pam_unix(cron:session): session closed for user root
Jun 23 10:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2703]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1799]: pam_unix(cron:session): session closed for user root
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3160]: Successful su for rubyman by root
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3160]: + ??? root:rubyman
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576723 of user rubyman.
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3160]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576723.
Jun 23 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32676]: pam_unix(cron:session): session closed for user root
Jun 23 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2279]: pam_unix(cron:session): session closed for user root
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session closed for user root
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3489]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3564]: Successful su for rubyman by root
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3564]: + ??? root:rubyman
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576731 of user rubyman.
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3564]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576731.
Jun 23 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3491]: pam_unix(cron:session): session closed for user root
Jun 23 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[761]: pam_unix(cron:session): session closed for user root
Jun 23 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3490]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2705]: pam_unix(cron:session): session closed for user root
Jun 23 10:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 10:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Failed password for root from 147.45.199.80 port 41258 ssh2
Jun 23 10:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Connection closed by 147.45.199.80 port 41258 [preauth]
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4123]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4198]: Successful su for rubyman by root
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4198]: + ??? root:rubyman
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576732 of user rubyman.
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4198]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576732.
Jun 23 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1212]: pam_unix(cron:session): session closed for user root
Jun 23 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4124]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session closed for user root
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4542]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4539]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4603]: Successful su for rubyman by root
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4603]: + ??? root:rubyman
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576736 of user rubyman.
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4603]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576736.
Jun 23 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1798]: pam_unix(cron:session): session closed for user root
Jun 23 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4540]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3493]: pam_unix(cron:session): session closed for user root
Jun 23 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5049]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5107]: Successful su for rubyman by root
Jun 23 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5107]: + ??? root:rubyman
Jun 23 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576740 of user rubyman.
Jun 23 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5107]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576740.
Jun 23 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2278]: pam_unix(cron:session): session closed for user root
Jun 23 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5050]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: Received disconnect from 69.175.33.170 port 60400:11: disconnected by user [preauth]
Jun 23 10:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5378]: Disconnected from 69.175.33.170 port 60400 [preauth]
Jun 23 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4126]: pam_unix(cron:session): session closed for user root
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5460]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: Successful su for rubyman by root
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: + ??? root:rubyman
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576746 of user rubyman.
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576746.
Jun 23 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2704]: pam_unix(cron:session): session closed for user root
Jun 23 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5461]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4543]: pam_unix(cron:session): session closed for user root
Jun 23 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5859]: pam_unix(cron:session): session closed for user root
Jun 23 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5854]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5920]: Successful su for rubyman by root
Jun 23 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5920]: + ??? root:rubyman
Jun 23 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576748 of user rubyman.
Jun 23 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5920]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576748.
Jun 23 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session closed for user root
Jun 23 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5856]: pam_unix(cron:session): session closed for user root
Jun 23 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5855]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5052]: pam_unix(cron:session): session closed for user root
Jun 23 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Connection closed by 194.59.206.2 port 51874 [preauth]
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6338]: Successful su for rubyman by root
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6338]: + ??? root:rubyman
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576754 of user rubyman.
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6338]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576754.
Jun 23 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3492]: pam_unix(cron:session): session closed for user root
Jun 23 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5463]: pam_unix(cron:session): session closed for user root
Jun 23 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: Received disconnect from 96.8.116.34 port 38348:11: disconnected by user [preauth]
Jun 23 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: Disconnected from 96.8.116.34 port 38348 [preauth]
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6669]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6738]: Successful su for rubyman by root
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6738]: + ??? root:rubyman
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576758 of user rubyman.
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6738]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576758.
Jun 23 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4125]: pam_unix(cron:session): session closed for user root
Jun 23 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6670]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5858]: pam_unix(cron:session): session closed for user root
Jun 23 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: Failed password for root from 103.153.68.219 port 46908 ssh2
Jun 23 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: Connection closed by 103.153.68.219 port 46908 [preauth]
Jun 23 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7181]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7246]: Successful su for rubyman by root
Jun 23 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7246]: + ??? root:rubyman
Jun 23 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576763 of user rubyman.
Jun 23 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7246]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576763.
Jun 23 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4542]: pam_unix(cron:session): session closed for user root
Jun 23 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7182]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session closed for user root
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7577]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7742]: Successful su for rubyman by root
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7742]: + ??? root:rubyman
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576767 of user rubyman.
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7742]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576767.
Jun 23 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5051]: pam_unix(cron:session): session closed for user root
Jun 23 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6672]: pam_unix(cron:session): session closed for user root
Jun 23 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8064]: pam_unix(cron:session): session closed for user root
Jun 23 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8059]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8136]: Successful su for rubyman by root
Jun 23 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8136]: + ??? root:rubyman
Jun 23 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576774 of user rubyman.
Jun 23 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8136]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576774.
Jun 23 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5462]: pam_unix(cron:session): session closed for user root
Jun 23 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8061]: pam_unix(cron:session): session closed for user root
Jun 23 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8060]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7185]: pam_unix(cron:session): session closed for user root
Jun 23 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8491]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8562]: Successful su for rubyman by root
Jun 23 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8562]: + ??? root:rubyman
Jun 23 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576777 of user rubyman.
Jun 23 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8562]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576777.
Jun 23 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5857]: pam_unix(cron:session): session closed for user root
Jun 23 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8492]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7581]: pam_unix(cron:session): session closed for user root
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8888]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8951]: Successful su for rubyman by root
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8951]: + ??? root:rubyman
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576781 of user rubyman.
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8951]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576781.
Jun 23 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session closed for user root
Jun 23 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8889]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 10:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: Failed password for root from 103.15.222.183 port 55924 ssh2
Jun 23 10:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: Connection closed by 103.15.222.183 port 55924 [preauth]
Jun 23 10:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8063]: pam_unix(cron:session): session closed for user root
Jun 23 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: Failed password for root from 202.178.126.219 port 61215 ssh2
Jun 23 10:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: Connection closed by 202.178.126.219 port 61215 [preauth]
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9348]: Successful su for rubyman by root
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9348]: + ??? root:rubyman
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576784 of user rubyman.
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9348]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576784.
Jun 23 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6671]: pam_unix(cron:session): session closed for user root
Jun 23 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9288]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8494]: pam_unix(cron:session): session closed for user root
Jun 23 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Failed password for root from 87.251.79.125 port 39934 ssh2
Jun 23 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Connection closed by 87.251.79.125 port 39934 [preauth]
Jun 23 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9681]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9799]: Successful su for rubyman by root
Jun 23 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9799]: + ??? root:rubyman
Jun 23 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576789 of user rubyman.
Jun 23 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9799]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576789.
Jun 23 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9679]: pam_unix(cron:session): session closed for user root
Jun 23 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7184]: pam_unix(cron:session): session closed for user root
Jun 23 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9682]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8892]: pam_unix(cron:session): session closed for user root
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10439]: pam_unix(cron:session): session closed for user root
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10434]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10504]: Successful su for rubyman by root
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10504]: + ??? root:rubyman
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576796 of user rubyman.
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10504]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576796.
Jun 23 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10436]: pam_unix(cron:session): session closed for user root
Jun 23 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session closed for user root
Jun 23 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10435]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 10:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Failed password for root from 103.27.238.120 port 51528 ssh2
Jun 23 10:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Connection closed by 103.27.238.120 port 51528 [preauth]
Jun 23 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session closed for user root
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10888]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10958]: Successful su for rubyman by root
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10958]: + ??? root:rubyman
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576799 of user rubyman.
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10958]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576799.
Jun 23 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8062]: pam_unix(cron:session): session closed for user root
Jun 23 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10889]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Failed password for root from 193.24.211.107 port 16236 ssh2
Jun 23 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Received disconnect from 193.24.211.107 port 16236:11: Client disconnecting normally [preauth]
Jun 23 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Disconnected from 193.24.211.107 port 16236 [preauth]
Jun 23 10:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9684]: pam_unix(cron:session): session closed for user root
Jun 23 10:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: Bad protocol version identification 'INVALID_PROTOCOL_TEST' from 91.92.40.68 port 34604
Jun 23 10:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11371]: Successful su for rubyman by root
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11371]: + ??? root:rubyman
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576803 of user rubyman.
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11371]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576803.
Jun 23 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8493]: pam_unix(cron:session): session closed for user root
Jun 23 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10438]: pam_unix(cron:session): session closed for user root
Jun 23 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11724]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11817]: Successful su for rubyman by root
Jun 23 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11817]: + ??? root:rubyman
Jun 23 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576807 of user rubyman.
Jun 23 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11817]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576807.
Jun 23 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8891]: pam_unix(cron:session): session closed for user root
Jun 23 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11725]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10891]: pam_unix(cron:session): session closed for user root
Jun 23 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: Successful su for rubyman by root
Jun 23 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: + ??? root:rubyman
Jun 23 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576811 of user rubyman.
Jun 23 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576811.
Jun 23 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session closed for user root
Jun 23 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12172]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11314]: pam_unix(cron:session): session closed for user root
Jun 23 10:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Failed password for root from 38.93.206.2 port 27340 ssh2
Jun 23 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Connection closed by 38.93.206.2 port 27340 [preauth]
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12701]: pam_unix(cron:session): session closed for user root
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12696]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: Successful su for rubyman by root
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: + ??? root:rubyman
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576817 of user rubyman.
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576817.
Jun 23 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12698]: pam_unix(cron:session): session closed for user root
Jun 23 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9683]: pam_unix(cron:session): session closed for user root
Jun 23 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12697]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11727]: pam_unix(cron:session): session closed for user root
Jun 23 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13225]: Successful su for rubyman by root
Jun 23 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13225]: + ??? root:rubyman
Jun 23 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576821 of user rubyman.
Jun 23 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13225]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576821.
Jun 23 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10437]: pam_unix(cron:session): session closed for user root
Jun 23 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: Received disconnect from 199.127.62.250 port 63110:11: disconnected by user [preauth]
Jun 23 10:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: Disconnected from 199.127.62.250 port 63110 [preauth]
Jun 23 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session closed for user root
Jun 23 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13558]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: Successful su for rubyman by root
Jun 23 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: + ??? root:rubyman
Jun 23 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576825 of user rubyman.
Jun 23 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576825.
Jun 23 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10890]: pam_unix(cron:session): session closed for user root
Jun 23 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13559]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Invalid user admin from 2.57.121.25
Jun 23 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: input_userauth_request: invalid user admin [preauth]
Jun 23 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Failed password for invalid user admin from 2.57.121.25 port 27146 ssh2
Jun 23 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Failed password for invalid user admin from 2.57.121.25 port 27146 ssh2
Jun 23 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Failed password for invalid user admin from 2.57.121.25 port 27146 ssh2
Jun 23 10:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Connection closed by 2.57.121.25 port 27146 [preauth]
Jun 23 10:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12700]: pam_unix(cron:session): session closed for user root
Jun 23 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Received disconnect from 69.175.33.170 port 44752:11: disconnected by user [preauth]
Jun 23 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Disconnected from 69.175.33.170 port 44752 [preauth]
Jun 23 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: Successful su for rubyman by root
Jun 23 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: + ??? root:rubyman
Jun 23 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576830 of user rubyman.
Jun 23 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576830.
Jun 23 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session closed for user root
Jun 23 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 10:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14247]: Failed password for root from 193.46.255.86 port 5012 ssh2
Jun 23 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14247]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 5012 ssh2]
Jun 23 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14247]: Connection closed by 193.46.255.86 port 5012 [preauth]
Jun 23 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14247]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13154]: pam_unix(cron:session): session closed for user root
Jun 23 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: Successful su for rubyman by root
Jun 23 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: + ??? root:rubyman
Jun 23 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576835 of user rubyman.
Jun 23 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576835.
Jun 23 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11726]: pam_unix(cron:session): session closed for user root
Jun 23 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Failed password for root from 62.133.62.83 port 58390 ssh2
Jun 23 10:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Connection closed by 62.133.62.83 port 58390 [preauth]
Jun 23 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13561]: pam_unix(cron:session): session closed for user root
Jun 23 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14845]: pam_unix(cron:session): session closed for user root
Jun 23 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14839]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14911]: Successful su for rubyman by root
Jun 23 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14911]: + ??? root:rubyman
Jun 23 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576837 of user rubyman.
Jun 23 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14911]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576837.
Jun 23 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14842]: pam_unix(cron:session): session closed for user root
Jun 23 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session closed for user root
Jun 23 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14840]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: Received disconnect from 172.110.221.82 port 50140:11: disconnected by user [preauth]
Jun 23 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: Disconnected from 172.110.221.82 port 50140 [preauth]
Jun 23 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13975]: pam_unix(cron:session): session closed for user root
Jun 23 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15281]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15279]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15342]: Successful su for rubyman by root
Jun 23 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15342]: + ??? root:rubyman
Jun 23 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576844 of user rubyman.
Jun 23 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15342]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576844.
Jun 23 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12699]: pam_unix(cron:session): session closed for user root
Jun 23 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15280]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14363]: pam_unix(cron:session): session closed for user root
Jun 23 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Invalid user admin from 141.98.83.240
Jun 23 10:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: input_userauth_request: invalid user admin [preauth]
Jun 23 10:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 10:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Failed password for invalid user admin from 141.98.83.240 port 44450 ssh2
Jun 23 10:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Failed password for invalid user admin from 141.98.83.240 port 44450 ssh2
Jun 23 10:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 10:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Failed password for invalid user admin from 141.98.83.240 port 44450 ssh2
Jun 23 10:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Connection closed by 141.98.83.240 port 44450 [preauth]
Jun 23 10:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15667]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15735]: Successful su for rubyman by root
Jun 23 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15735]: + ??? root:rubyman
Jun 23 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576847 of user rubyman.
Jun 23 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15735]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576847.
Jun 23 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13153]: pam_unix(cron:session): session closed for user root
Jun 23 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15668]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 10:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: Failed password for root from 103.172.78.219 port 36382 ssh2
Jun 23 10:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: Connection closed by 103.172.78.219 port 36382 [preauth]
Jun 23 10:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14844]: pam_unix(cron:session): session closed for user root
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16057]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16118]: Successful su for rubyman by root
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16118]: + ??? root:rubyman
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576852 of user rubyman.
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16118]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576852.
Jun 23 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13560]: pam_unix(cron:session): session closed for user root
Jun 23 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16058]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15282]: pam_unix(cron:session): session closed for user root
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16441]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16509]: Successful su for rubyman by root
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16509]: + ??? root:rubyman
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576856 of user rubyman.
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16509]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576856.
Jun 23 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session closed for user root
Jun 23 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16442]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15671]: pam_unix(cron:session): session closed for user root
Jun 23 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Failed password for root from 193.37.70.224 port 37978 ssh2
Jun 23 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Connection closed by 193.37.70.224 port 37978 [preauth]
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session closed for user root
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16841]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17010]: Successful su for rubyman by root
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17010]: + ??? root:rubyman
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576862 of user rubyman.
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17010]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576862.
Jun 23 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16843]: pam_unix(cron:session): session closed for user root
Jun 23 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session closed for user root
Jun 23 10:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16842]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16060]: pam_unix(cron:session): session closed for user root
Jun 23 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17374]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: Successful su for rubyman by root
Jun 23 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: + ??? root:rubyman
Jun 23 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576867 of user rubyman.
Jun 23 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576867.
Jun 23 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14843]: pam_unix(cron:session): session closed for user root
Jun 23 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17375]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session closed for user root
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17877]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17944]: Successful su for rubyman by root
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17944]: + ??? root:rubyman
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576870 of user rubyman.
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17944]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576870.
Jun 23 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15281]: pam_unix(cron:session): session closed for user root
Jun 23 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17878]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session closed for user root
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18300]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18369]: Successful su for rubyman by root
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18369]: + ??? root:rubyman
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576873 of user rubyman.
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18369]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576873.
Jun 23 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15669]: pam_unix(cron:session): session closed for user root
Jun 23 10:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18301]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session closed for user root
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18809]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session closed for user p13x
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18883]: Successful su for rubyman by root
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18883]: + ??? root:rubyman
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576877 of user rubyman.
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18883]: pam_unix(su:session): session closed for user rubyman
Jun 23 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576877.
Jun 23 10:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16059]: pam_unix(cron:session): session closed for user root
Jun 23 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Failed password for root from 103.176.20.57 port 57932 ssh2
Jun 23 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18807]: pam_unix(cron:session): session closed for user samftp
Jun 23 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Connection closed by 103.176.20.57 port 57932 [preauth]
Jun 23 10:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17880]: pam_unix(cron:session): session closed for user root
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19313]: pam_unix(cron:session): session closed for user root
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session closed for user root
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19307]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19401]: Successful su for rubyman by root
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19401]: + ??? root:rubyman
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576887 of user rubyman.
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19401]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576887.
Jun 23 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16443]: pam_unix(cron:session): session closed for user root
Jun 23 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session closed for user root
Jun 23 11:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18303]: pam_unix(cron:session): session closed for user root
Jun 23 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 11:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Failed password for root from 109.237.96.109 port 52820 ssh2
Jun 23 11:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Connection closed by 109.237.96.109 port 52820 [preauth]
Jun 23 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20019]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20084]: Successful su for rubyman by root
Jun 23 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20084]: + ??? root:rubyman
Jun 23 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576889 of user rubyman.
Jun 23 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20084]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576889.
Jun 23 11:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session closed for user root
Jun 23 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20021]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18810]: pam_unix(cron:session): session closed for user root
Jun 23 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 11:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: Failed password for root from 194.113.233.25 port 43756 ssh2
Jun 23 11:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: Connection closed by 194.113.233.25 port 43756 [preauth]
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: Successful su for rubyman by root
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: + ??? root:rubyman
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576892 of user rubyman.
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576892.
Jun 23 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session closed for user root
Jun 23 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20529]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session closed for user root
Jun 23 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21039]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21103]: Successful su for rubyman by root
Jun 23 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21103]: + ??? root:rubyman
Jun 23 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576896 of user rubyman.
Jun 23 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21103]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576896.
Jun 23 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17879]: pam_unix(cron:session): session closed for user root
Jun 23 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Received disconnect from 45.175.123.254 port 33970:11: disconnected by user [preauth]
Jun 23 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Disconnected from 45.175.123.254 port 33970 [preauth]
Jun 23 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21040]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20023]: pam_unix(cron:session): session closed for user root
Jun 23 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21451]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21516]: Successful su for rubyman by root
Jun 23 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21516]: + ??? root:rubyman
Jun 23 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576900 of user rubyman.
Jun 23 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21516]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576900.
Jun 23 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18302]: pam_unix(cron:session): session closed for user root
Jun 23 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20531]: pam_unix(cron:session): session closed for user root
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21886]: pam_unix(cron:session): session closed for user root
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21881]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21951]: Successful su for rubyman by root
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21951]: + ??? root:rubyman
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576906 of user rubyman.
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21951]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576906.
Jun 23 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21883]: pam_unix(cron:session): session closed for user root
Jun 23 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18809]: pam_unix(cron:session): session closed for user root
Jun 23 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21882]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21042]: pam_unix(cron:session): session closed for user root
Jun 23 11:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: Failed password for root from 103.82.132.16 port 58870 ssh2
Jun 23 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: Connection closed by 103.82.132.16 port 58870 [preauth]
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22404]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22469]: Successful su for rubyman by root
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22469]: + ??? root:rubyman
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576910 of user rubyman.
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22469]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576910.
Jun 23 11:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19311]: pam_unix(cron:session): session closed for user root
Jun 23 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22405]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Failed password for root from 193.24.211.107 port 24067 ssh2
Jun 23 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Received disconnect from 193.24.211.107 port 24067:11: Client disconnecting normally [preauth]
Jun 23 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Disconnected from 193.24.211.107 port 24067 [preauth]
Jun 23 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session closed for user root
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22883]: Successful su for rubyman by root
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22883]: + ??? root:rubyman
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576914 of user rubyman.
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22883]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576914.
Jun 23 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20022]: pam_unix(cron:session): session closed for user root
Jun 23 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22821]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21885]: pam_unix(cron:session): session closed for user root
Jun 23 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23130]: Failed password for root from 103.27.238.114 port 47550 ssh2
Jun 23 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23130]: Connection closed by 103.27.238.114 port 47550 [preauth]
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23214]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23285]: Successful su for rubyman by root
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23285]: + ??? root:rubyman
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576919 of user rubyman.
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23285]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576919.
Jun 23 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20530]: pam_unix(cron:session): session closed for user root
Jun 23 11:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23215]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: Failed password for root from 103.82.20.28 port 57992 ssh2
Jun 23 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: Connection closed by 103.82.20.28 port 57992 [preauth]
Jun 23 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22407]: pam_unix(cron:session): session closed for user root
Jun 23 11:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 11:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: Failed password for root from 103.77.242.62 port 60712 ssh2
Jun 23 11:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: Connection closed by 103.77.242.62 port 60712 [preauth]
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23778]: Successful su for rubyman by root
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23778]: + ??? root:rubyman
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576922 of user rubyman.
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23778]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576922.
Jun 23 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session closed for user root
Jun 23 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session closed for user root
Jun 23 11:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23639]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22823]: pam_unix(cron:session): session closed for user root
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24269]: pam_unix(cron:session): session closed for user root
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24259]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24338]: Successful su for rubyman by root
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24338]: + ??? root:rubyman
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576930 of user rubyman.
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24338]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576930.
Jun 23 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session closed for user root
Jun 23 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21453]: pam_unix(cron:session): session closed for user root
Jun 23 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24261]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Failed password for root from 77.94.47.83 port 48288 ssh2
Jun 23 11:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Connection closed by 77.94.47.83 port 48288 [preauth]
Jun 23 11:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23217]: pam_unix(cron:session): session closed for user root
Jun 23 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24722]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24720]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24793]: Successful su for rubyman by root
Jun 23 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24793]: + ??? root:rubyman
Jun 23 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576934 of user rubyman.
Jun 23 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24793]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576934.
Jun 23 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21884]: pam_unix(cron:session): session closed for user root
Jun 23 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24721]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23641]: pam_unix(cron:session): session closed for user root
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25120]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25185]: Successful su for rubyman by root
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25185]: + ??? root:rubyman
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576937 of user rubyman.
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25185]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576937.
Jun 23 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22406]: pam_unix(cron:session): session closed for user root
Jun 23 11:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25121]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session closed for user root
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25515]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25577]: Successful su for rubyman by root
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25577]: + ??? root:rubyman
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576941 of user rubyman.
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25577]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576941.
Jun 23 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22822]: pam_unix(cron:session): session closed for user root
Jun 23 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25516]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: Failed password for root from 202.178.126.219 port 55324 ssh2
Jun 23 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24723]: pam_unix(cron:session): session closed for user root
Jun 23 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: Connection closed by 202.178.126.219 port 55324 [preauth]
Jun 23 11:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: Successful su for rubyman by root
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: + ??? root:rubyman
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576945 of user rubyman.
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576945.
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Invalid user tayler from 2.57.121.112
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: input_userauth_request: invalid user tayler [preauth]
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23216]: pam_unix(cron:session): session closed for user root
Jun 23 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Failed password for invalid user tayler from 2.57.121.112 port 16998 ssh2
Jun 23 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Failed password for invalid user tayler from 2.57.121.112 port 16998 ssh2
Jun 23 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Failed password for invalid user tayler from 2.57.121.112 port 16998 ssh2
Jun 23 11:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Failed password for invalid user tayler from 2.57.121.112 port 16998 ssh2
Jun 23 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Failed password for invalid user tayler from 2.57.121.112 port 16998 ssh2
Jun 23 11:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Connection closed by 2.57.121.112 port 16998 [preauth]
Jun 23 11:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 11:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25123]: pam_unix(cron:session): session closed for user root
Jun 23 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session closed for user root
Jun 23 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26302]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26371]: Successful su for rubyman by root
Jun 23 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26371]: + ??? root:rubyman
Jun 23 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576949 of user rubyman.
Jun 23 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26371]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576949.
Jun 23 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26304]: pam_unix(cron:session): session closed for user root
Jun 23 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23640]: pam_unix(cron:session): session closed for user root
Jun 23 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26303]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25518]: pam_unix(cron:session): session closed for user root
Jun 23 11:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 23 11:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.198.168
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26832]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26897]: Successful su for rubyman by root
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26897]: + ??? root:rubyman
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576957 of user rubyman.
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26897]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576957.
Jun 23 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24263]: pam_unix(cron:session): session closed for user root
Jun 23 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26833]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session closed for user root
Jun 23 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session closed for user root
Jun 23 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27323]: Successful su for rubyman by root
Jun 23 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27323]: + ??? root:rubyman
Jun 23 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576961 of user rubyman.
Jun 23 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27323]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576961.
Jun 23 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24722]: pam_unix(cron:session): session closed for user root
Jun 23 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27246]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: Received disconnect from 188.44.20.30 port 33720:11: disconnected by user [preauth]
Jun 23 11:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27578]: Disconnected from 188.44.20.30 port 33720 [preauth]
Jun 23 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26307]: pam_unix(cron:session): session closed for user root
Jun 23 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27664]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: Successful su for rubyman by root
Jun 23 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: + ??? root:rubyman
Jun 23 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576964 of user rubyman.
Jun 23 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576964.
Jun 23 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25122]: pam_unix(cron:session): session closed for user root
Jun 23 11:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27665]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26835]: pam_unix(cron:session): session closed for user root
Jun 23 11:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Failed password for root from 51.250.105.222 port 33814 ssh2
Jun 23 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Connection closed by 51.250.105.222 port 33814 [preauth]
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28128]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28192]: Successful su for rubyman by root
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28192]: + ??? root:rubyman
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576968 of user rubyman.
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28192]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576968.
Jun 23 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25517]: pam_unix(cron:session): session closed for user root
Jun 23 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28129]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27248]: pam_unix(cron:session): session closed for user root
Jun 23 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28537]: pam_unix(cron:session): session closed for user root
Jun 23 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28532]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28688]: Successful su for rubyman by root
Jun 23 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28688]: + ??? root:rubyman
Jun 23 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576974 of user rubyman.
Jun 23 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28688]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576974.
Jun 23 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session closed for user root
Jun 23 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28534]: pam_unix(cron:session): session closed for user root
Jun 23 11:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28533]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27667]: pam_unix(cron:session): session closed for user root
Jun 23 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29067]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29138]: Successful su for rubyman by root
Jun 23 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29138]: + ??? root:rubyman
Jun 23 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576979 of user rubyman.
Jun 23 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29138]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576979.
Jun 23 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26305]: pam_unix(cron:session): session closed for user root
Jun 23 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29068]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 11:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Failed password for root from 80.66.85.226 port 59802 ssh2
Jun 23 11:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Connection closed by 80.66.85.226 port 59802 [preauth]
Jun 23 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28132]: pam_unix(cron:session): session closed for user root
Jun 23 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Invalid user user from 141.98.83.240
Jun 23 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: input_userauth_request: invalid user user [preauth]
Jun 23 11:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 11:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Failed password for invalid user user from 141.98.83.240 port 63016 ssh2
Jun 23 11:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Failed password for invalid user user from 141.98.83.240 port 63016 ssh2
Jun 23 11:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Failed password for invalid user user from 141.98.83.240 port 63016 ssh2
Jun 23 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Connection closed by 141.98.83.240 port 63016 [preauth]
Jun 23 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29498]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29647]: Successful su for rubyman by root
Jun 23 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29647]: + ??? root:rubyman
Jun 23 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576982 of user rubyman.
Jun 23 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29647]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576982.
Jun 23 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26834]: pam_unix(cron:session): session closed for user root
Jun 23 11:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28536]: pam_unix(cron:session): session closed for user root
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30090]: Successful su for rubyman by root
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30090]: + ??? root:rubyman
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576986 of user rubyman.
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30090]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576986.
Jun 23 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27247]: pam_unix(cron:session): session closed for user root
Jun 23 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29070]: pam_unix(cron:session): session closed for user root
Jun 23 11:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Failed password for root from 103.27.238.116 port 58562 ssh2
Jun 23 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Connection closed by 103.27.238.116 port 58562 [preauth]
Jun 23 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: Successful su for rubyman by root
Jun 23 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: + ??? root:rubyman
Jun 23 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576992 of user rubyman.
Jun 23 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576992.
Jun 23 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27666]: pam_unix(cron:session): session closed for user root
Jun 23 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session closed for user root
Jun 23 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session closed for user root
Jun 23 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30852]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: Successful su for rubyman by root
Jun 23 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: + ??? root:rubyman
Jun 23 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 576998 of user rubyman.
Jun 23 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 576998.
Jun 23 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28131]: pam_unix(cron:session): session closed for user root
Jun 23 11:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session closed for user root
Jun 23 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session closed for user root
Jun 23 11:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 11:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: Failed password for root from 103.122.221.179 port 39650 ssh2
Jun 23 11:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: Connection closed by 103.122.221.179 port 39650 [preauth]
Jun 23 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31379]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31451]: Successful su for rubyman by root
Jun 23 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31451]: + ??? root:rubyman
Jun 23 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577001 of user rubyman.
Jun 23 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31451]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577001.
Jun 23 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28535]: pam_unix(cron:session): session closed for user root
Jun 23 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31382]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30443]: pam_unix(cron:session): session closed for user root
Jun 23 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31889]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31961]: Successful su for rubyman by root
Jun 23 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31961]: + ??? root:rubyman
Jun 23 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577006 of user rubyman.
Jun 23 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31961]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577006.
Jun 23 11:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29069]: pam_unix(cron:session): session closed for user root
Jun 23 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session closed for user root
Jun 23 11:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Received disconnect from 103.57.224.219 port 18656:11: disconnected by user [preauth]
Jun 23 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Disconnected from 103.57.224.219 port 18656 [preauth]
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32301]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: Successful su for rubyman by root
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: + ??? root:rubyman
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577008 of user rubyman.
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577008.
Jun 23 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session closed for user root
Jun 23 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32302]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31384]: pam_unix(cron:session): session closed for user root
Jun 23 11:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Failed password for root from 103.149.28.157 port 43652 ssh2
Jun 23 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Connection closed by 103.149.28.157 port 43652 [preauth]
Jun 23 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32714]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[310]: Successful su for rubyman by root
Jun 23 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[310]: + ??? root:rubyman
Jun 23 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577013 of user rubyman.
Jun 23 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[310]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577013.
Jun 23 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session closed for user root
Jun 23 11:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32715]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session closed for user root
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session closed for user root
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[882]: Successful su for rubyman by root
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[882]: + ??? root:rubyman
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577019 of user rubyman.
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[882]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577019.
Jun 23 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[806]: pam_unix(cron:session): session closed for user root
Jun 23 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session closed for user root
Jun 23 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[805]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32304]: pam_unix(cron:session): session closed for user root
Jun 23 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 11:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1217]: Failed password for root from 38.93.206.2 port 3732 ssh2
Jun 23 11:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1217]: Connection closed by 38.93.206.2 port 3732 [preauth]
Jun 23 11:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Connection closed by 194.59.206.2 port 28878 [preauth]
Jun 23 11:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Failed password for root from 193.24.211.107 port 55157 ssh2
Jun 23 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Received disconnect from 193.24.211.107 port 55157:11: Client disconnecting normally [preauth]
Jun 23 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Disconnected from 193.24.211.107 port 55157 [preauth]
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1302]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1388]: Successful su for rubyman by root
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1388]: + ??? root:rubyman
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577022 of user rubyman.
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1388]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577022.
Jun 23 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1303]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session closed for user root
Jun 23 11:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: Failed password for root from 103.77.175.15 port 51510 ssh2
Jun 23 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: Connection closed by 103.77.175.15 port 51510 [preauth]
Jun 23 11:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32717]: pam_unix(cron:session): session closed for user root
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: Successful su for rubyman by root
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: + ??? root:rubyman
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577027 of user rubyman.
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577027.
Jun 23 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31383]: pam_unix(cron:session): session closed for user root
Jun 23 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[811]: pam_unix(cron:session): session closed for user root
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2339]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2397]: Successful su for rubyman by root
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2397]: + ??? root:rubyman
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577032 of user rubyman.
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2397]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577032.
Jun 23 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session closed for user root
Jun 23 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1310]: pam_unix(cron:session): session closed for user root
Jun 23 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2826]: Successful su for rubyman by root
Jun 23 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2826]: + ??? root:rubyman
Jun 23 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577036 of user rubyman.
Jun 23 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2826]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577036.
Jun 23 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session closed for user root
Jun 23 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session closed for user root
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3157]: pam_unix(cron:session): session closed for user root
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3152]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3219]: Successful su for rubyman by root
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3219]: + ??? root:rubyman
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577038 of user rubyman.
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3219]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577038.
Jun 23 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3154]: pam_unix(cron:session): session closed for user root
Jun 23 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32716]: pam_unix(cron:session): session closed for user root
Jun 23 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3153]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 11:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: Received disconnect from 103.176.90.41 port 40302:11: disconnected by user [preauth]
Jun 23 11:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: Disconnected from 103.176.90.41 port 40302 [preauth]
Jun 23 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2342]: pam_unix(cron:session): session closed for user root
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: Successful su for rubyman by root
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: + ??? root:rubyman
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577044 of user rubyman.
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577044.
Jun 23 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[810]: pam_unix(cron:session): session closed for user root
Jun 23 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3584]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2766]: pam_unix(cron:session): session closed for user root
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4247]: Successful su for rubyman by root
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4247]: + ??? root:rubyman
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577049 of user rubyman.
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4247]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577049.
Jun 23 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1305]: pam_unix(cron:session): session closed for user root
Jun 23 11:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3156]: pam_unix(cron:session): session closed for user root
Jun 23 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4595]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4657]: Successful su for rubyman by root
Jun 23 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4657]: + ??? root:rubyman
Jun 23 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577052 of user rubyman.
Jun 23 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4657]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577052.
Jun 23 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session closed for user root
Jun 23 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4596]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3586]: pam_unix(cron:session): session closed for user root
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5100]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: Successful su for rubyman by root
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: + ??? root:rubyman
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577056 of user rubyman.
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577056.
Jun 23 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5098]: pam_unix(cron:session): session closed for user root
Jun 23 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2341]: pam_unix(cron:session): session closed for user root
Jun 23 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5101]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session closed for user root
Jun 23 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session closed for user root
Jun 23 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5662]: Successful su for rubyman by root
Jun 23 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5662]: + ??? root:rubyman
Jun 23 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577065 of user rubyman.
Jun 23 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5662]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577065.
Jun 23 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session closed for user root
Jun 23 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session closed for user root
Jun 23 11:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4598]: pam_unix(cron:session): session closed for user root
Jun 23 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6013]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: Successful su for rubyman by root
Jun 23 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: + ??? root:rubyman
Jun 23 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577068 of user rubyman.
Jun 23 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577068.
Jun 23 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Received disconnect from 148.113.221.114 port 50684:11: disconnected by user [preauth]
Jun 23 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Disconnected from 148.113.221.114 port 50684 [preauth]
Jun 23 11:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3155]: pam_unix(cron:session): session closed for user root
Jun 23 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6014]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5103]: pam_unix(cron:session): session closed for user root
Jun 23 11:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 11:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Failed password for root from 147.45.199.80 port 35162 ssh2
Jun 23 11:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Connection closed by 147.45.199.80 port 35162 [preauth]
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6421]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: Successful su for rubyman by root
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: + ??? root:rubyman
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577071 of user rubyman.
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6480]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577071.
Jun 23 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3585]: pam_unix(cron:session): session closed for user root
Jun 23 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session closed for user root
Jun 23 11:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: Did not receive identification string from 34.178.21.247
Jun 23 11:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247  user=root
Jun 23 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: Failed password for root from 34.178.21.247 port 50600 ssh2
Jun 23 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: Connection closed by 34.178.21.247 port 50600 [preauth]
Jun 23 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247  user=root
Jun 23 11:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Failed password for root from 34.178.21.247 port 45834 ssh2
Jun 23 11:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Connection closed by 34.178.21.247 port 45834 [preauth]
Jun 23 11:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247  user=root
Jun 23 11:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Failed password for root from 34.178.21.247 port 45838 ssh2
Jun 23 11:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Connection closed by 34.178.21.247 port 45838 [preauth]
Jun 23 11:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247  user=root
Jun 23 11:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: Failed password for root from 34.178.21.247 port 45844 ssh2
Jun 23 11:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: Connection closed by 34.178.21.247 port 45844 [preauth]
Jun 23 11:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Connection closed by 34.178.21.247 port 43160 [preauth]
Jun 23 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Invalid user admin from 34.178.21.247
Jun 23 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: input_userauth_request: invalid user admin [preauth]
Jun 23 11:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247
Jun 23 11:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Failed password for invalid user admin from 34.178.21.247 port 43168 ssh2
Jun 23 11:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Connection closed by 34.178.21.247 port 43168 [preauth]
Jun 23 11:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Invalid user admin from 34.178.21.247
Jun 23 11:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: input_userauth_request: invalid user admin [preauth]
Jun 23 11:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6843]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6905]: Successful su for rubyman by root
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6905]: + ??? root:rubyman
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577075 of user rubyman.
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6905]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577075.
Jun 23 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Failed password for invalid user admin from 34.178.21.247 port 43180 ssh2
Jun 23 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Connection closed by 34.178.21.247 port 43180 [preauth]
Jun 23 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: Invalid user admin from 34.178.21.247
Jun 23 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: input_userauth_request: invalid user admin [preauth]
Jun 23 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247
Jun 23 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session closed for user root
Jun 23 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: Failed password for invalid user admin from 34.178.21.247 port 43182 ssh2
Jun 23 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: Connection closed by 34.178.21.247 port 43182 [preauth]
Jun 23 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6844]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Invalid user admin from 34.178.21.247
Jun 23 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: input_userauth_request: invalid user admin [preauth]
Jun 23 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Failed none for invalid user admin from 34.178.21.247 port 40440 ssh2
Jun 23 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Connection closed by 34.178.21.247 port 40440 [preauth]
Jun 23 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7186]: Invalid user user from 34.178.21.247
Jun 23 11:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7186]: input_userauth_request: invalid user user [preauth]
Jun 23 11:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7186]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247
Jun 23 11:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7186]: Failed password for invalid user user from 34.178.21.247 port 40456 ssh2
Jun 23 11:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7186]: Connection closed by 34.178.21.247 port 40456 [preauth]
Jun 23 11:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: Invalid user user from 34.178.21.247
Jun 23 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: input_userauth_request: invalid user user [preauth]
Jun 23 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247
Jun 23 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: Failed password for invalid user user from 34.178.21.247 port 40458 ssh2
Jun 23 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: Connection closed by 34.178.21.247 port 40458 [preauth]
Jun 23 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: Invalid user user from 34.178.21.247
Jun 23 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: input_userauth_request: invalid user user [preauth]
Jun 23 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: Failed none for invalid user user from 34.178.21.247 port 40474 ssh2
Jun 23 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: Connection closed by 34.178.21.247 port 40474 [preauth]
Jun 23 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7211]: Invalid user support from 34.178.21.247
Jun 23 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7211]: input_userauth_request: invalid user support [preauth]
Jun 23 11:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7211]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247
Jun 23 11:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7211]: Failed password for invalid user support from 34.178.21.247 port 40480 ssh2
Jun 23 11:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7211]: Connection closed by 34.178.21.247 port 40480 [preauth]
Jun 23 11:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: Invalid user guest from 34.178.21.247
Jun 23 11:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: input_userauth_request: invalid user guest [preauth]
Jun 23 11:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247
Jun 23 11:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: Failed password for invalid user guest from 34.178.21.247 port 44004 ssh2
Jun 23 11:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: Connection closed by 34.178.21.247 port 44004 [preauth]
Jun 23 11:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Invalid user test from 34.178.21.247
Jun 23 11:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: input_userauth_request: invalid user test [preauth]
Jun 23 11:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247
Jun 23 11:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Failed password for invalid user test from 34.178.21.247 port 44008 ssh2
Jun 23 11:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Connection closed by 34.178.21.247 port 44008 [preauth]
Jun 23 11:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Invalid user  from 34.178.21.247
Jun 23 11:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: input_userauth_request: invalid user  [preauth]
Jun 23 11:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Failed none for invalid user  from 34.178.21.247 port 44020 ssh2
Jun 23 11:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Connection closed by 34.178.21.247 port 44020 [preauth]
Jun 23 11:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247  user=root
Jun 23 11:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Failed password for root from 34.178.21.247 port 44022 ssh2
Jun 23 11:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Connection closed by 34.178.21.247 port 44022 [preauth]
Jun 23 11:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247  user=root
Jun 23 11:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: Failed password for root from 34.178.21.247 port 40228 ssh2
Jun 23 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: Connection closed by 34.178.21.247 port 40228 [preauth]
Jun 23 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Invalid user admin from 34.178.21.247
Jun 23 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: input_userauth_request: invalid user admin [preauth]
Jun 23 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247
Jun 23 11:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Failed password for invalid user admin from 34.178.21.247 port 40240 ssh2
Jun 23 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Connection closed by 34.178.21.247 port 40240 [preauth]
Jun 23 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.178.21.247  user=root
Jun 23 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session closed for user root
Jun 23 11:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Failed password for root from 34.178.21.247 port 40250 ssh2
Jun 23 11:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Connection closed by 34.178.21.247 port 40250 [preauth]
Jun 23 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: Successful su for rubyman by root
Jun 23 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: + ??? root:rubyman
Jun 23 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577079 of user rubyman.
Jun 23 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577079.
Jun 23 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4597]: pam_unix(cron:session): session closed for user root
Jun 23 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6424]: pam_unix(cron:session): session closed for user root
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7862]: pam_unix(cron:session): session closed for user root
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7857]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7923]: Successful su for rubyman by root
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7923]: + ??? root:rubyman
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577087 of user rubyman.
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7923]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577087.
Jun 23 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7859]: pam_unix(cron:session): session closed for user root
Jun 23 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5102]: pam_unix(cron:session): session closed for user root
Jun 23 11:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7858]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: Invalid user vpn from 193.46.255.86
Jun 23 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: input_userauth_request: invalid user vpn [preauth]
Jun 23 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 11:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: Failed password for invalid user vpn from 193.46.255.86 port 9016 ssh2
Jun 23 11:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: Failed password for invalid user vpn from 193.46.255.86 port 9016 ssh2
Jun 23 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: Failed password for invalid user vpn from 193.46.255.86 port 9016 ssh2
Jun 23 11:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: Connection closed by 193.46.255.86 port 9016 [preauth]
Jun 23 11:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8114]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6846]: pam_unix(cron:session): session closed for user root
Jun 23 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8275]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8340]: Successful su for rubyman by root
Jun 23 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8340]: + ??? root:rubyman
Jun 23 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577090 of user rubyman.
Jun 23 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8340]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577090.
Jun 23 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session closed for user root
Jun 23 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8276]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session closed for user root
Jun 23 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8674]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8735]: Successful su for rubyman by root
Jun 23 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8735]: + ??? root:rubyman
Jun 23 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577093 of user rubyman.
Jun 23 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8735]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577093.
Jun 23 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6015]: pam_unix(cron:session): session closed for user root
Jun 23 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8675]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7861]: pam_unix(cron:session): session closed for user root
Jun 23 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9079]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9138]: Successful su for rubyman by root
Jun 23 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9138]: + ??? root:rubyman
Jun 23 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577098 of user rubyman.
Jun 23 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9138]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577098.
Jun 23 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6423]: pam_unix(cron:session): session closed for user root
Jun 23 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9080]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8278]: pam_unix(cron:session): session closed for user root
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9462]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9520]: Successful su for rubyman by root
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9520]: + ??? root:rubyman
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577102 of user rubyman.
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9520]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577102.
Jun 23 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6845]: pam_unix(cron:session): session closed for user root
Jun 23 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9463]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8677]: pam_unix(cron:session): session closed for user root
Jun 23 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9869]: pam_unix(cron:session): session closed for user root
Jun 23 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9861]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10100]: Successful su for rubyman by root
Jun 23 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10100]: + ??? root:rubyman
Jun 23 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577109 of user rubyman.
Jun 23 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10100]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577109.
Jun 23 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session closed for user root
Jun 23 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session closed for user root
Jun 23 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session closed for user root
Jun 23 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10549]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10629]: Successful su for rubyman by root
Jun 23 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10629]: + ??? root:rubyman
Jun 23 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577112 of user rubyman.
Jun 23 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10629]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577112.
Jun 23 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Invalid user admin from 2.57.121.25
Jun 23 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: input_userauth_request: invalid user admin [preauth]
Jun 23 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session closed for user root
Jun 23 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10550]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Failed password for invalid user admin from 2.57.121.25 port 13222 ssh2
Jun 23 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Failed password for invalid user admin from 2.57.121.25 port 13222 ssh2
Jun 23 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Failed password for invalid user admin from 2.57.121.25 port 13222 ssh2
Jun 23 11:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Connection closed by 2.57.121.25 port 13222 [preauth]
Jun 23 11:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9465]: pam_unix(cron:session): session closed for user root
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10987]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11052]: Successful su for rubyman by root
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11052]: + ??? root:rubyman
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577115 of user rubyman.
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11052]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577115.
Jun 23 11:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: Invalid user admin from 141.98.83.240
Jun 23 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: input_userauth_request: invalid user admin [preauth]
Jun 23 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8277]: pam_unix(cron:session): session closed for user root
Jun 23 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10988]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: Failed password for invalid user admin from 141.98.83.240 port 11000 ssh2
Jun 23 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: Failed password for invalid user admin from 141.98.83.240 port 11000 ssh2
Jun 23 11:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 11:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: Failed password for invalid user admin from 141.98.83.240 port 11000 ssh2
Jun 23 11:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: Connection closed by 141.98.83.240 port 11000 [preauth]
Jun 23 11:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9868]: pam_unix(cron:session): session closed for user root
Jun 23 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11398]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11467]: Successful su for rubyman by root
Jun 23 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11467]: + ??? root:rubyman
Jun 23 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577120 of user rubyman.
Jun 23 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11467]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577120.
Jun 23 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8676]: pam_unix(cron:session): session closed for user root
Jun 23 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11399]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10552]: pam_unix(cron:session): session closed for user root
Jun 23 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: Successful su for rubyman by root
Jun 23 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: + ??? root:rubyman
Jun 23 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577125 of user rubyman.
Jun 23 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11905]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577125.
Jun 23 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9081]: pam_unix(cron:session): session closed for user root
Jun 23 11:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 11:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Failed password for root from 87.251.79.125 port 57394 ssh2
Jun 23 11:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Connection closed by 87.251.79.125 port 57394 [preauth]
Jun 23 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10990]: pam_unix(cron:session): session closed for user root
Jun 23 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12387]: pam_unix(cron:session): session closed for user root
Jun 23 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12459]: Successful su for rubyman by root
Jun 23 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12459]: + ??? root:rubyman
Jun 23 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577127 of user rubyman.
Jun 23 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12459]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577127.
Jun 23 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12383]: pam_unix(cron:session): session closed for user root
Jun 23 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9464]: pam_unix(cron:session): session closed for user root
Jun 23 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12382]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 11:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Failed password for root from 193.24.211.107 port 23729 ssh2
Jun 23 11:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Received disconnect from 193.24.211.107 port 23729:11: Client disconnecting normally [preauth]
Jun 23 11:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Disconnected from 193.24.211.107 port 23729 [preauth]
Jun 23 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11401]: pam_unix(cron:session): session closed for user root
Jun 23 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: Received disconnect from 212.192.240.126 port 2316:11: disconnected by user [preauth]
Jun 23 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: Disconnected from 212.192.240.126 port 2316 [preauth]
Jun 23 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12827]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12905]: Successful su for rubyman by root
Jun 23 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12905]: + ??? root:rubyman
Jun 23 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577134 of user rubyman.
Jun 23 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12905]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577134.
Jun 23 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session closed for user root
Jun 23 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12829]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session closed for user root
Jun 23 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13246]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13311]: Successful su for rubyman by root
Jun 23 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13311]: + ??? root:rubyman
Jun 23 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577137 of user rubyman.
Jun 23 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13311]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577137.
Jun 23 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10551]: pam_unix(cron:session): session closed for user root
Jun 23 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13247]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session closed for user root
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: Successful su for rubyman by root
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: + ??? root:rubyman
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577142 of user rubyman.
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577142.
Jun 23 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10989]: pam_unix(cron:session): session closed for user root
Jun 23 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13642]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: Failed password for root from 103.153.68.219 port 47058 ssh2
Jun 23 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13963]: Connection closed by 103.153.68.219 port 47058 [preauth]
Jun 23 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session closed for user root
Jun 23 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14055]: pam_unix(cron:session): session closed for user p13x
Jun 23 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14114]: Successful su for rubyman by root
Jun 23 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14114]: + ??? root:rubyman
Jun 23 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577146 of user rubyman.
Jun 23 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14114]: pam_unix(su:session): session closed for user rubyman
Jun 23 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577146.
Jun 23 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11400]: pam_unix(cron:session): session closed for user root
Jun 23 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14056]: pam_unix(cron:session): session closed for user samftp
Jun 23 11:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13249]: pam_unix(cron:session): session closed for user root
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14441]: pam_unix(cron:session): session closed for user root
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14436]: pam_unix(cron:session): session closed for user root
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14434]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14526]: Successful su for rubyman by root
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14526]: + ??? root:rubyman
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577152 of user rubyman.
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14526]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577152.
Jun 23 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14438]: pam_unix(cron:session): session closed for user root
Jun 23 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session closed for user root
Jun 23 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14435]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13644]: pam_unix(cron:session): session closed for user root
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: Successful su for rubyman by root
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: + ??? root:rubyman
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577156 of user rubyman.
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577156.
Jun 23 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12384]: pam_unix(cron:session): session closed for user root
Jun 23 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14058]: pam_unix(cron:session): session closed for user root
Jun 23 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Connection closed by 103.203.57.2 port 54628 [preauth]
Jun 23 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Failed password for root from 103.15.222.183 port 38118 ssh2
Jun 23 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15372]: Connection closed by 103.15.222.183 port 38118 [preauth]
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15428]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15486]: Successful su for rubyman by root
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15486]: + ??? root:rubyman
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577160 of user rubyman.
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15486]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577160.
Jun 23 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session closed for user root
Jun 23 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15429]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14440]: pam_unix(cron:session): session closed for user root
Jun 23 12:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 12:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Failed password for root from 202.178.126.219 port 29368 ssh2
Jun 23 12:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Connection closed by 202.178.126.219 port 29368 [preauth]
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15875]: Successful su for rubyman by root
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15875]: + ??? root:rubyman
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577164 of user rubyman.
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15875]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577164.
Jun 23 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13248]: pam_unix(cron:session): session closed for user root
Jun 23 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15817]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session closed for user root
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: Successful su for rubyman by root
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: + ??? root:rubyman
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577169 of user rubyman.
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577169.
Jun 23 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session closed for user root
Jun 23 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16202]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15431]: pam_unix(cron:session): session closed for user root
Jun 23 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16600]: pam_unix(cron:session): session closed for user root
Jun 23 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16595]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16665]: Successful su for rubyman by root
Jun 23 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16665]: + ??? root:rubyman
Jun 23 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577176 of user rubyman.
Jun 23 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16665]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577176.
Jun 23 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16597]: pam_unix(cron:session): session closed for user root
Jun 23 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14057]: pam_unix(cron:session): session closed for user root
Jun 23 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16596]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15819]: pam_unix(cron:session): session closed for user root
Jun 23 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17184]: Successful su for rubyman by root
Jun 23 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17184]: + ??? root:rubyman
Jun 23 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577180 of user rubyman.
Jun 23 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17184]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577180.
Jun 23 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14439]: pam_unix(cron:session): session closed for user root
Jun 23 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17121]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 12:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Failed password for root from 103.27.238.120 port 34002 ssh2
Jun 23 12:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Connection closed by 103.27.238.120 port 34002 [preauth]
Jun 23 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16204]: pam_unix(cron:session): session closed for user root
Jun 23 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17534]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17593]: Successful su for rubyman by root
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17593]: + ??? root:rubyman
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577183 of user rubyman.
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17593]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577183.
Jun 23 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Connection reset by 62.60.130.219 port 30242 [preauth]
Jun 23 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session closed for user root
Jun 23 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17535]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16599]: pam_unix(cron:session): session closed for user root
Jun 23 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18042]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18103]: Successful su for rubyman by root
Jun 23 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18103]: + ??? root:rubyman
Jun 23 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577186 of user rubyman.
Jun 23 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18103]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577186.
Jun 23 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15430]: pam_unix(cron:session): session closed for user root
Jun 23 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18043]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17123]: pam_unix(cron:session): session closed for user root
Jun 23 12:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 12:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18489]: Failed password for root from 62.133.62.83 port 54444 ssh2
Jun 23 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18489]: Connection closed by 62.133.62.83 port 54444 [preauth]
Jun 23 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18546]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: Successful su for rubyman by root
Jun 23 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: + ??? root:rubyman
Jun 23 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577192 of user rubyman.
Jun 23 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577192.
Jun 23 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18544]: pam_unix(cron:session): session closed for user root
Jun 23 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15818]: pam_unix(cron:session): session closed for user root
Jun 23 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18547]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17537]: pam_unix(cron:session): session closed for user root
Jun 23 12:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19061]: pam_unix(cron:session): session closed for user root
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19056]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19220]: Successful su for rubyman by root
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19220]: + ??? root:rubyman
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577199 of user rubyman.
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19220]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577199.
Jun 23 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: Failed password for root from 193.37.70.224 port 52716 ssh2
Jun 23 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: Connection closed by 193.37.70.224 port 52716 [preauth]
Jun 23 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session closed for user root
Jun 23 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session closed for user root
Jun 23 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19057]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18045]: pam_unix(cron:session): session closed for user root
Jun 23 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19872]: Successful su for rubyman by root
Jun 23 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19872]: + ??? root:rubyman
Jun 23 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577204 of user rubyman.
Jun 23 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19872]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577204.
Jun 23 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16598]: pam_unix(cron:session): session closed for user root
Jun 23 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19789]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18549]: pam_unix(cron:session): session closed for user root
Jun 23 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20362]: Successful su for rubyman by root
Jun 23 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20362]: + ??? root:rubyman
Jun 23 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577206 of user rubyman.
Jun 23 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20362]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577206.
Jun 23 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17122]: pam_unix(cron:session): session closed for user root
Jun 23 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19060]: pam_unix(cron:session): session closed for user root
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20795]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20857]: Successful su for rubyman by root
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20857]: + ??? root:rubyman
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577209 of user rubyman.
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20857]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577209.
Jun 23 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17536]: pam_unix(cron:session): session closed for user root
Jun 23 12:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19791]: pam_unix(cron:session): session closed for user root
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21208]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: Successful su for rubyman by root
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: + ??? root:rubyman
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577213 of user rubyman.
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577213.
Jun 23 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18044]: pam_unix(cron:session): session closed for user root
Jun 23 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21209]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session closed for user root
Jun 23 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session closed for user root
Jun 23 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21629]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21709]: Successful su for rubyman by root
Jun 23 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21709]: + ??? root:rubyman
Jun 23 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577217 of user rubyman.
Jun 23 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21709]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577217.
Jun 23 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session closed for user root
Jun 23 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18548]: pam_unix(cron:session): session closed for user root
Jun 23 12:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21630]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session closed for user root
Jun 23 12:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22010]: Received disconnect from 50.7.233.211 port 35510:11: disconnected by user [preauth]
Jun 23 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22010]: Disconnected from 50.7.233.211 port 35510 [preauth]
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22068]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: Successful su for rubyman by root
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: + ??? root:rubyman
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577224 of user rubyman.
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577224.
Jun 23 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19059]: pam_unix(cron:session): session closed for user root
Jun 23 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22069]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21211]: pam_unix(cron:session): session closed for user root
Jun 23 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Failed password for root from 109.237.96.109 port 35600 ssh2
Jun 23 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Connection closed by 109.237.96.109 port 35600 [preauth]
Jun 23 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 12:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: Failed password for root from 38.93.206.2 port 52674 ssh2
Jun 23 12:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: Connection closed by 38.93.206.2 port 52674 [preauth]
Jun 23 12:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 12:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22540]: Failed password for root from 176.32.39.21 port 36074 ssh2
Jun 23 12:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22540]: Connection closed by 176.32.39.21 port 36074 [preauth]
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22573]: pam_unix(cron:session): session closed for user root
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22575]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22642]: Successful su for rubyman by root
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22642]: + ??? root:rubyman
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577227 of user rubyman.
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22642]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577227.
Jun 23 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19790]: pam_unix(cron:session): session closed for user root
Jun 23 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22576]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 12:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: Failed password for root from 194.113.233.25 port 52138 ssh2
Jun 23 12:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: Connection closed by 194.113.233.25 port 52138 [preauth]
Jun 23 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session closed for user root
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22988]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23047]: Successful su for rubyman by root
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23047]: + ??? root:rubyman
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577232 of user rubyman.
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23047]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577232.
Jun 23 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session closed for user root
Jun 23 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22989]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22071]: pam_unix(cron:session): session closed for user root
Jun 23 12:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: Failed password for root from 103.172.78.219 port 35482 ssh2
Jun 23 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: Connection closed by 103.172.78.219 port 35482 [preauth]
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23401]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23463]: Successful su for rubyman by root
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23463]: + ??? root:rubyman
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577236 of user rubyman.
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23463]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577236.
Jun 23 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session closed for user root
Jun 23 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23402]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22578]: pam_unix(cron:session): session closed for user root
Jun 23 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: Failed password for root from 193.24.211.107 port 16716 ssh2
Jun 23 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: Received disconnect from 193.24.211.107 port 16716:11: Client disconnecting normally [preauth]
Jun 23 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: Disconnected from 193.24.211.107 port 16716 [preauth]
Jun 23 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23918]: pam_unix(cron:session): session closed for user root
Jun 23 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23828]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23991]: Successful su for rubyman by root
Jun 23 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23991]: + ??? root:rubyman
Jun 23 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577243 of user rubyman.
Jun 23 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23991]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577243.
Jun 23 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23915]: pam_unix(cron:session): session closed for user root
Jun 23 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21210]: pam_unix(cron:session): session closed for user root
Jun 23 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23914]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22991]: pam_unix(cron:session): session closed for user root
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24440]: Successful su for rubyman by root
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24440]: + ??? root:rubyman
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577246 of user rubyman.
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24440]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577246.
Jun 23 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session closed for user root
Jun 23 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23404]: pam_unix(cron:session): session closed for user root
Jun 23 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Invalid user franco from 141.98.83.240
Jun 23 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: input_userauth_request: invalid user franco [preauth]
Jun 23 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Failed password for invalid user franco from 141.98.83.240 port 24854 ssh2
Jun 23 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: Successful su for rubyman by root
Jun 23 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: + ??? root:rubyman
Jun 23 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577251 of user rubyman.
Jun 23 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577251.
Jun 23 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Failed password for invalid user franco from 141.98.83.240 port 24854 ssh2
Jun 23 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22070]: pam_unix(cron:session): session closed for user root
Jun 23 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Failed password for invalid user franco from 141.98.83.240 port 24854 ssh2
Jun 23 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Connection closed by 141.98.83.240 port 24854 [preauth]
Jun 23 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24806]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 12:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: Failed password for root from 147.45.211.215 port 54360 ssh2
Jun 23 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: Connection closed by 147.45.211.215 port 54360 [preauth]
Jun 23 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23917]: pam_unix(cron:session): session closed for user root
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25260]: Successful su for rubyman by root
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25260]: + ??? root:rubyman
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577254 of user rubyman.
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25260]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577254.
Jun 23 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22577]: pam_unix(cron:session): session closed for user root
Jun 23 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24369]: pam_unix(cron:session): session closed for user root
Jun 23 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25595]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25653]: Successful su for rubyman by root
Jun 23 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25653]: + ??? root:rubyman
Jun 23 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577258 of user rubyman.
Jun 23 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25653]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577258.
Jun 23 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22990]: pam_unix(cron:session): session closed for user root
Jun 23 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25596]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session closed for user root
Jun 23 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: Failed password for root from 103.176.20.57 port 58104 ssh2
Jun 23 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: Connection closed by 103.176.20.57 port 58104 [preauth]
Jun 23 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25986]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25986]: pam_unix(cron:session): session closed for user root
Jun 23 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25981]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26047]: Successful su for rubyman by root
Jun 23 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26047]: + ??? root:rubyman
Jun 23 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577265 of user rubyman.
Jun 23 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26047]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577265.
Jun 23 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23403]: pam_unix(cron:session): session closed for user root
Jun 23 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25983]: pam_unix(cron:session): session closed for user root
Jun 23 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25982]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session closed for user root
Jun 23 12:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: Received disconnect from 23.94.92.98 port 58948:11: disconnected by user [preauth]
Jun 23 12:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: Disconnected from 23.94.92.98 port 58948 [preauth]
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26404]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26468]: Successful su for rubyman by root
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26468]: + ??? root:rubyman
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577271 of user rubyman.
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26468]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577271.
Jun 23 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23916]: pam_unix(cron:session): session closed for user root
Jun 23 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session closed for user root
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26884]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26950]: Successful su for rubyman by root
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26950]: + ??? root:rubyman
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577272 of user rubyman.
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26950]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577272.
Jun 23 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24368]: pam_unix(cron:session): session closed for user root
Jun 23 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26885]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25985]: pam_unix(cron:session): session closed for user root
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27308]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27374]: Successful su for rubyman by root
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27374]: + ??? root:rubyman
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577276 of user rubyman.
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27374]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577276.
Jun 23 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session closed for user root
Jun 23 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27309]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session closed for user root
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27708]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27774]: Successful su for rubyman by root
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27774]: + ??? root:rubyman
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577280 of user rubyman.
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27774]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577280.
Jun 23 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session closed for user root
Jun 23 12:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27709]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26887]: pam_unix(cron:session): session closed for user root
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session closed for user root
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28172]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28241]: Successful su for rubyman by root
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28241]: + ??? root:rubyman
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577286 of user rubyman.
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28241]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577286.
Jun 23 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28174]: pam_unix(cron:session): session closed for user root
Jun 23 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session closed for user root
Jun 23 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28173]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 12:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: Failed password for root from 103.82.132.16 port 59218 ssh2
Jun 23 12:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: Connection closed by 103.82.132.16 port 59218 [preauth]
Jun 23 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27311]: pam_unix(cron:session): session closed for user root
Jun 23 12:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28549]: Connection closed by 194.59.206.2 port 64992 [preauth]
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28696]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28772]: Successful su for rubyman by root
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28772]: + ??? root:rubyman
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577290 of user rubyman.
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28772]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577290.
Jun 23 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25984]: pam_unix(cron:session): session closed for user root
Jun 23 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28697]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27711]: pam_unix(cron:session): session closed for user root
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29124]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29187]: Successful su for rubyman by root
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29187]: + ??? root:rubyman
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577294 of user rubyman.
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29187]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577294.
Jun 23 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session closed for user root
Jun 23 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29127]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29386]: Connection closed by 66.132.172.142 port 19520 [preauth]
Jun 23 12:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session closed for user root
Jun 23 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29703]: Successful su for rubyman by root
Jun 23 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29703]: + ??? root:rubyman
Jun 23 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577299 of user rubyman.
Jun 23 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29703]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577299.
Jun 23 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26886]: pam_unix(cron:session): session closed for user root
Jun 23 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 12:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Failed password for root from 103.27.238.114 port 58110 ssh2
Jun 23 12:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Connection closed by 103.27.238.114 port 58110 [preauth]
Jun 23 12:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28699]: pam_unix(cron:session): session closed for user root
Jun 23 12:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 12:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30046]: Failed password for root from 77.94.47.83 port 34782 ssh2
Jun 23 12:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30046]: Connection closed by 77.94.47.83 port 34782 [preauth]
Jun 23 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Received disconnect from 102.223.47.171 port 51722:11: disconnected by user [preauth]
Jun 23 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Disconnected from 102.223.47.171 port 51722 [preauth]
Jun 23 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30154]: Successful su for rubyman by root
Jun 23 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30154]: + ??? root:rubyman
Jun 23 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577304 of user rubyman.
Jun 23 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30154]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577304.
Jun 23 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27310]: pam_unix(cron:session): session closed for user root
Jun 23 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30084]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29129]: pam_unix(cron:session): session closed for user root
Jun 23 12:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30498]: pam_unix(cron:session): session closed for user root
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30492]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30568]: Successful su for rubyman by root
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30568]: + ??? root:rubyman
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577309 of user rubyman.
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30568]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577309.
Jun 23 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Received disconnect from 78.111.67.238 port 38704:11: disconnected by user [preauth]
Jun 23 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Disconnected from 78.111.67.238 port 38704 [preauth]
Jun 23 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30495]: pam_unix(cron:session): session closed for user root
Jun 23 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27710]: pam_unix(cron:session): session closed for user root
Jun 23 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30493]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 12:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Failed password for root from 103.82.20.28 port 55328 ssh2
Jun 23 12:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Connection closed by 103.82.20.28 port 55328 [preauth]
Jun 23 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user root
Jun 23 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Failed password for root from 103.77.242.62 port 43144 ssh2
Jun 23 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Connection closed by 103.77.242.62 port 43144 [preauth]
Jun 23 12:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31037]: Received disconnect from 209.90.232.251 port 59268:11: disconnected by user [preauth]
Jun 23 12:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31037]: Disconnected from 209.90.232.251 port 59268 [preauth]
Jun 23 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31040]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: Successful su for rubyman by root
Jun 23 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: + ??? root:rubyman
Jun 23 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577312 of user rubyman.
Jun 23 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577312.
Jun 23 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28175]: pam_unix(cron:session): session closed for user root
Jun 23 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31041]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30087]: pam_unix(cron:session): session closed for user root
Jun 23 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31455]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31519]: Successful su for rubyman by root
Jun 23 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31519]: + ??? root:rubyman
Jun 23 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577317 of user rubyman.
Jun 23 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31519]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577317.
Jun 23 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28698]: pam_unix(cron:session): session closed for user root
Jun 23 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Failed password for root from 80.66.85.226 port 45140 ssh2
Jun 23 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Connection closed by 80.66.85.226 port 45140 [preauth]
Jun 23 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31456]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30497]: pam_unix(cron:session): session closed for user root
Jun 23 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31958]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32029]: Successful su for rubyman by root
Jun 23 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32029]: + ??? root:rubyman
Jun 23 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577320 of user rubyman.
Jun 23 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32029]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577320.
Jun 23 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29128]: pam_unix(cron:session): session closed for user root
Jun 23 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31959]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31043]: pam_unix(cron:session): session closed for user root
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32357]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32492]: Successful su for rubyman by root
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32492]: + ??? root:rubyman
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577324 of user rubyman.
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32492]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577324.
Jun 23 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32355]: pam_unix(cron:session): session closed for user root
Jun 23 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user root
Jun 23 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[306]: Failed password for root from 51.250.105.222 port 34238 ssh2
Jun 23 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[306]: Connection closed by 51.250.105.222 port 34238 [preauth]
Jun 23 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31458]: pam_unix(cron:session): session closed for user root
Jun 23 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[428]: pam_unix(cron:session): session closed for user root
Jun 23 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[416]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[620]: Successful su for rubyman by root
Jun 23 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[620]: + ??? root:rubyman
Jun 23 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577330 of user rubyman.
Jun 23 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[620]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577330.
Jun 23 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[424]: pam_unix(cron:session): session closed for user root
Jun 23 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30086]: pam_unix(cron:session): session closed for user root
Jun 23 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[423]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31961]: pam_unix(cron:session): session closed for user root
Jun 23 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1004]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1103]: Successful su for rubyman by root
Jun 23 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1103]: + ??? root:rubyman
Jun 23 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577336 of user rubyman.
Jun 23 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1103]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577336.
Jun 23 12:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30496]: pam_unix(cron:session): session closed for user root
Jun 23 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1005]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Invalid user yehuda from 2.57.121.112
Jun 23 12:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: input_userauth_request: invalid user yehuda [preauth]
Jun 23 12:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Failed password for invalid user yehuda from 2.57.121.112 port 4680 ssh2
Jun 23 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Failed password for invalid user yehuda from 2.57.121.112 port 4680 ssh2
Jun 23 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Failed password for invalid user yehuda from 2.57.121.112 port 4680 ssh2
Jun 23 12:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session closed for user root
Jun 23 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Failed password for invalid user yehuda from 2.57.121.112 port 4680 ssh2
Jun 23 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Failed password for invalid user yehuda from 2.57.121.112 port 4680 ssh2
Jun 23 12:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Connection closed by 2.57.121.112 port 4680 [preauth]
Jun 23 12:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 12:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 12:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Invalid user admin from 193.46.255.86
Jun 23 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: input_userauth_request: invalid user admin [preauth]
Jun 23 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 12:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: Received disconnect from 45.79.167.35 port 44246:11: disconnected by user [preauth]
Jun 23 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: Disconnected from 45.79.167.35 port 44246 [preauth]
Jun 23 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Failed password for invalid user admin from 193.46.255.86 port 53458 ssh2
Jun 23 12:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Failed password for invalid user admin from 193.46.255.86 port 53458 ssh2
Jun 23 12:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Failed password for invalid user admin from 193.46.255.86 port 53458 ssh2
Jun 23 12:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Connection closed by 193.46.255.86 port 53458 [preauth]
Jun 23 12:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1572]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1653]: Successful su for rubyman by root
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1653]: + ??? root:rubyman
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577340 of user rubyman.
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1653]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577340.
Jun 23 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31042]: pam_unix(cron:session): session closed for user root
Jun 23 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1574]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[427]: pam_unix(cron:session): session closed for user root
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2130]: Successful su for rubyman by root
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2130]: + ??? root:rubyman
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577344 of user rubyman.
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2130]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577344.
Jun 23 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31457]: pam_unix(cron:session): session closed for user root
Jun 23 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1007]: pam_unix(cron:session): session closed for user root
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2489]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2557]: Successful su for rubyman by root
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2557]: + ??? root:rubyman
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577348 of user rubyman.
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2557]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577348.
Jun 23 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31960]: pam_unix(cron:session): session closed for user root
Jun 23 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2490]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 12:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2773]: Failed password for root from 193.24.211.107 port 15262 ssh2
Jun 23 12:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2773]: Received disconnect from 193.24.211.107 port 15262:11: Client disconnecting normally [preauth]
Jun 23 12:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2773]: Disconnected from 193.24.211.107 port 15262 [preauth]
Jun 23 12:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session closed for user root
Jun 23 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2912]: pam_unix(cron:session): session closed for user root
Jun 23 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2906]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2973]: Successful su for rubyman by root
Jun 23 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2973]: + ??? root:rubyman
Jun 23 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577351 of user rubyman.
Jun 23 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2973]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577351.
Jun 23 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session closed for user root
Jun 23 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session closed for user root
Jun 23 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2064]: pam_unix(cron:session): session closed for user root
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3394]: Successful su for rubyman by root
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3394]: + ??? root:rubyman
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577359 of user rubyman.
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3394]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577359.
Jun 23 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[426]: pam_unix(cron:session): session closed for user root
Jun 23 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2492]: pam_unix(cron:session): session closed for user root
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3837]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3952]: Successful su for rubyman by root
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3952]: + ??? root:rubyman
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577361 of user rubyman.
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3952]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577361.
Jun 23 12:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1006]: pam_unix(cron:session): session closed for user root
Jun 23 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3838]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 23 12:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: Failed password for root from 46.19.67.181 port 35754 ssh2
Jun 23 12:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: Connection closed by 46.19.67.181 port 35754 [preauth]
Jun 23 12:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2911]: pam_unix(cron:session): session closed for user root
Jun 23 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4348]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4407]: Successful su for rubyman by root
Jun 23 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4407]: + ??? root:rubyman
Jun 23 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577365 of user rubyman.
Jun 23 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4407]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577365.
Jun 23 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1575]: pam_unix(cron:session): session closed for user root
Jun 23 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4349]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3331]: pam_unix(cron:session): session closed for user root
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4909]: Successful su for rubyman by root
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4909]: + ??? root:rubyman
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577370 of user rubyman.
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4909]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577370.
Jun 23 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session closed for user root
Jun 23 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4772]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3840]: pam_unix(cron:session): session closed for user root
Jun 23 12:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 12:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: Failed password for root from 103.27.238.116 port 40826 ssh2
Jun 23 12:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: Connection closed by 103.27.238.116 port 40826 [preauth]
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5265]: pam_unix(cron:session): session closed for user root
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5260]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5333]: Successful su for rubyman by root
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5333]: + ??? root:rubyman
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577375 of user rubyman.
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5333]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577375.
Jun 23 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2491]: pam_unix(cron:session): session closed for user root
Jun 23 12:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5262]: pam_unix(cron:session): session closed for user root
Jun 23 12:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5261]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4352]: pam_unix(cron:session): session closed for user root
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5755]: Successful su for rubyman by root
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5755]: + ??? root:rubyman
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577381 of user rubyman.
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5755]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577381.
Jun 23 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2909]: pam_unix(cron:session): session closed for user root
Jun 23 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session closed for user root
Jun 23 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Invalid user user from 141.98.83.240
Jun 23 12:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: input_userauth_request: invalid user user [preauth]
Jun 23 12:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Failed password for invalid user user from 141.98.83.240 port 34004 ssh2
Jun 23 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Failed password for invalid user user from 141.98.83.240 port 34004 ssh2
Jun 23 12:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Failed password for invalid user user from 141.98.83.240 port 34004 ssh2
Jun 23 12:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Connection closed by 141.98.83.240 port 34004 [preauth]
Jun 23 12:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 12:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6082]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6143]: Successful su for rubyman by root
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6143]: + ??? root:rubyman
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577384 of user rubyman.
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6143]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577384.
Jun 23 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Failed password for root from 103.122.221.179 port 39072 ssh2
Jun 23 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Connection closed by 103.122.221.179 port 39072 [preauth]
Jun 23 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3330]: pam_unix(cron:session): session closed for user root
Jun 23 12:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5264]: pam_unix(cron:session): session closed for user root
Jun 23 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6483]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6544]: Successful su for rubyman by root
Jun 23 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6544]: + ??? root:rubyman
Jun 23 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577389 of user rubyman.
Jun 23 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6544]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577389.
Jun 23 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3839]: pam_unix(cron:session): session closed for user root
Jun 23 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6484]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5691]: pam_unix(cron:session): session closed for user root
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6898]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6972]: Successful su for rubyman by root
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6972]: + ??? root:rubyman
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577391 of user rubyman.
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6972]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577391.
Jun 23 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4350]: pam_unix(cron:session): session closed for user root
Jun 23 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6899]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session closed for user root
Jun 23 12:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Invalid user admin from 2.57.121.25
Jun 23 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: input_userauth_request: invalid user admin [preauth]
Jun 23 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Failed password for invalid user admin from 2.57.121.25 port 61904 ssh2
Jun 23 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Failed password for invalid user admin from 2.57.121.25 port 61904 ssh2
Jun 23 12:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Failed password for invalid user admin from 2.57.121.25 port 61904 ssh2
Jun 23 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Connection closed by 2.57.121.25 port 61904 [preauth]
Jun 23 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7397]: pam_unix(cron:session): session closed for user root
Jun 23 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7458]: Successful su for rubyman by root
Jun 23 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7458]: + ??? root:rubyman
Jun 23 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577396 of user rubyman.
Jun 23 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7458]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577396.
Jun 23 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7394]: pam_unix(cron:session): session closed for user root
Jun 23 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4773]: pam_unix(cron:session): session closed for user root
Jun 23 12:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6486]: pam_unix(cron:session): session closed for user root
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7906]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7969]: Successful su for rubyman by root
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7969]: + ??? root:rubyman
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577402 of user rubyman.
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7969]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577402.
Jun 23 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5263]: pam_unix(cron:session): session closed for user root
Jun 23 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7907]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6901]: pam_unix(cron:session): session closed for user root
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: Successful su for rubyman by root
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: + ??? root:rubyman
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577406 of user rubyman.
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577406.
Jun 23 12:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session closed for user root
Jun 23 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7396]: pam_unix(cron:session): session closed for user root
Jun 23 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8698]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8760]: Successful su for rubyman by root
Jun 23 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8760]: + ??? root:rubyman
Jun 23 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577410 of user rubyman.
Jun 23 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8760]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577410.
Jun 23 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6084]: pam_unix(cron:session): session closed for user root
Jun 23 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8700]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Failed password for root from 103.149.28.157 port 54188 ssh2
Jun 23 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Connection closed by 103.149.28.157 port 54188 [preauth]
Jun 23 12:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 12:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: Failed password for root from 147.45.199.80 port 37394 ssh2
Jun 23 12:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: Connection closed by 147.45.199.80 port 37394 [preauth]
Jun 23 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7909]: pam_unix(cron:session): session closed for user root
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session closed for user p13x
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9157]: Successful su for rubyman by root
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9157]: + ??? root:rubyman
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577413 of user rubyman.
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9157]: pam_unix(su:session): session closed for user rubyman
Jun 23 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577413.
Jun 23 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6485]: pam_unix(cron:session): session closed for user root
Jun 23 12:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session closed for user samftp
Jun 23 12:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session closed for user root
Jun 23 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9496]: pam_unix(cron:session): session closed for user root
Jun 23 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session closed for user root
Jun 23 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: Successful su for rubyman by root
Jun 23 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: + ??? root:rubyman
Jun 23 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577417 of user rubyman.
Jun 23 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577417.
Jun 23 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6900]: pam_unix(cron:session): session closed for user root
Jun 23 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9493]: pam_unix(cron:session): session closed for user root
Jun 23 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9491]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8702]: pam_unix(cron:session): session closed for user root
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10159]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10319]: Successful su for rubyman by root
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10319]: + ??? root:rubyman
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577424 of user rubyman.
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10319]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577424.
Jun 23 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7395]: pam_unix(cron:session): session closed for user root
Jun 23 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10160]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9101]: pam_unix(cron:session): session closed for user root
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: Successful su for rubyman by root
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: + ??? root:rubyman
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577430 of user rubyman.
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577430.
Jun 23 13:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7908]: pam_unix(cron:session): session closed for user root
Jun 23 13:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10662]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9495]: pam_unix(cron:session): session closed for user root
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11079]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: Successful su for rubyman by root
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: + ??? root:rubyman
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577432 of user rubyman.
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577432.
Jun 23 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session closed for user root
Jun 23 13:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session closed for user root
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11564]: Successful su for rubyman by root
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11564]: + ??? root:rubyman
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577436 of user rubyman.
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11564]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577436.
Jun 23 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8701]: pam_unix(cron:session): session closed for user root
Jun 23 13:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10664]: pam_unix(cron:session): session closed for user root
Jun 23 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session closed for user root
Jun 23 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11953]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12027]: Successful su for rubyman by root
Jun 23 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12027]: + ??? root:rubyman
Jun 23 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577444 of user rubyman.
Jun 23 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12027]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577444.
Jun 23 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11959]: pam_unix(cron:session): session closed for user root
Jun 23 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9100]: pam_unix(cron:session): session closed for user root
Jun 23 13:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11954]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session closed for user root
Jun 23 13:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 13:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Failed password for root from 38.93.206.2 port 37446 ssh2
Jun 23 13:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Connection closed by 38.93.206.2 port 37446 [preauth]
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12508]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12572]: Successful su for rubyman by root
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12572]: + ??? root:rubyman
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577446 of user rubyman.
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12572]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577446.
Jun 23 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9494]: pam_unix(cron:session): session closed for user root
Jun 23 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session closed for user root
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12931]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12991]: Successful su for rubyman by root
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12991]: + ??? root:rubyman
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577450 of user rubyman.
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12991]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577450.
Jun 23 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10161]: pam_unix(cron:session): session closed for user root
Jun 23 13:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 13:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Failed password for root from 103.77.175.15 port 33746 ssh2
Jun 23 13:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Connection closed by 103.77.175.15 port 33746 [preauth]
Jun 23 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session closed for user root
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: Successful su for rubyman by root
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: + ??? root:rubyman
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577454 of user rubyman.
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577454.
Jun 23 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10663]: pam_unix(cron:session): session closed for user root
Jun 23 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 13:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for root from 193.24.211.107 port 9099 ssh2
Jun 23 13:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Received disconnect from 193.24.211.107 port 9099:11: Client disconnecting normally [preauth]
Jun 23 13:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Disconnected from 193.24.211.107 port 9099 [preauth]
Jun 23 13:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Received disconnect from 172.245.187.186 port 45058:11: disconnected by user [preauth]
Jun 23 13:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Disconnected from 172.245.187.186 port 45058 [preauth]
Jun 23 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12511]: pam_unix(cron:session): session closed for user root
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13757]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: Successful su for rubyman by root
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: + ??? root:rubyman
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577458 of user rubyman.
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577458.
Jun 23 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session closed for user root
Jun 23 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session closed for user root
Jun 23 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13758]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12934]: pam_unix(cron:session): session closed for user root
Jun 23 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14251]: pam_unix(cron:session): session closed for user root
Jun 23 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14246]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14313]: Successful su for rubyman by root
Jun 23 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14313]: + ??? root:rubyman
Jun 23 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577467 of user rubyman.
Jun 23 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14313]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577467.
Jun 23 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14248]: pam_unix(cron:session): session closed for user root
Jun 23 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session closed for user root
Jun 23 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 13:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Failed password for root from 87.251.79.125 port 43824 ssh2
Jun 23 13:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Connection closed by 87.251.79.125 port 43824 [preauth]
Jun 23 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Received disconnect from 62.210.207.172 port 35358:11: disconnected by user [preauth]
Jun 23 13:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Disconnected from 62.210.207.172 port 35358 [preauth]
Jun 23 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session closed for user root
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14713]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14823]: Successful su for rubyman by root
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14823]: + ??? root:rubyman
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577469 of user rubyman.
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14823]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577469.
Jun 23 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session closed for user root
Jun 23 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14715]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 13:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Failed password for root from 202.178.126.219 port 5214 ssh2
Jun 23 13:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Connection closed by 202.178.126.219 port 5214 [preauth]
Jun 23 13:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session closed for user root
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15226]: Successful su for rubyman by root
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15226]: + ??? root:rubyman
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577474 of user rubyman.
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15226]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577474.
Jun 23 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12510]: pam_unix(cron:session): session closed for user root
Jun 23 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14250]: pam_unix(cron:session): session closed for user root
Jun 23 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15544]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: Successful su for rubyman by root
Jun 23 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: + ??? root:rubyman
Jun 23 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577477 of user rubyman.
Jun 23 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577477.
Jun 23 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session closed for user root
Jun 23 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15545]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session closed for user root
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15940]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15999]: Successful su for rubyman by root
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15999]: + ??? root:rubyman
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577481 of user rubyman.
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15999]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577481.
Jun 23 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session closed for user root
Jun 23 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15941]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session closed for user root
Jun 23 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16327]: pam_unix(cron:session): session closed for user root
Jun 23 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16322]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: Successful su for rubyman by root
Jun 23 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: + ??? root:rubyman
Jun 23 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577487 of user rubyman.
Jun 23 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577487.
Jun 23 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16324]: pam_unix(cron:session): session closed for user root
Jun 23 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13759]: pam_unix(cron:session): session closed for user root
Jun 23 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16323]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session closed for user root
Jun 23 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16748]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16743]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16818]: Successful su for rubyman by root
Jun 23 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16818]: + ??? root:rubyman
Jun 23 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577491 of user rubyman.
Jun 23 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16818]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577491.
Jun 23 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14249]: pam_unix(cron:session): session closed for user root
Jun 23 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16746]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17129]: Did not receive identification string from 34.32.217.126
Jun 23 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session closed for user root
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session closed for user root
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17313]: Successful su for rubyman by root
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17313]: + ??? root:rubyman
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577495 of user rubyman.
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17313]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577495.
Jun 23 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14716]: pam_unix(cron:session): session closed for user root
Jun 23 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17241]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16326]: pam_unix(cron:session): session closed for user root
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17734]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17809]: Successful su for rubyman by root
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17809]: + ??? root:rubyman
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577501 of user rubyman.
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17809]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577501.
Jun 23 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session closed for user root
Jun 23 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17735]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16748]: pam_unix(cron:session): session closed for user root
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18235]: Successful su for rubyman by root
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18235]: + ??? root:rubyman
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577504 of user rubyman.
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18235]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577504.
Jun 23 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session closed for user root
Jun 23 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session closed for user root
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18672]: pam_unix(cron:session): session closed for user root
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18667]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18740]: Successful su for rubyman by root
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18740]: + ??? root:rubyman
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577509 of user rubyman.
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18740]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577509.
Jun 23 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15942]: pam_unix(cron:session): session closed for user root
Jun 23 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18669]: pam_unix(cron:session): session closed for user root
Jun 23 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18668]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session closed for user root
Jun 23 13:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19103]: Received disconnect from 209.90.232.251 port 38568:11: disconnected by user [preauth]
Jun 23 13:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19103]: Disconnected from 209.90.232.251 port 38568 [preauth]
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19290]: Successful su for rubyman by root
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19290]: + ??? root:rubyman
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577514 of user rubyman.
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19290]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577514.
Jun 23 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16325]: pam_unix(cron:session): session closed for user root
Jun 23 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19219]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18170]: pam_unix(cron:session): session closed for user root
Jun 23 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Invalid user marco from 141.98.83.240
Jun 23 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: input_userauth_request: invalid user marco [preauth]
Jun 23 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 13:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Failed password for invalid user marco from 141.98.83.240 port 33360 ssh2
Jun 23 13:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Failed password for invalid user marco from 141.98.83.240 port 33360 ssh2
Jun 23 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Failed password for invalid user marco from 141.98.83.240 port 33360 ssh2
Jun 23 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Connection closed by 141.98.83.240 port 33360 [preauth]
Jun 23 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19831]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19902]: Successful su for rubyman by root
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19902]: + ??? root:rubyman
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577519 of user rubyman.
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19902]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577519.
Jun 23 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16747]: pam_unix(cron:session): session closed for user root
Jun 23 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19832]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session closed for user root
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20395]: Successful su for rubyman by root
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20395]: + ??? root:rubyman
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577524 of user rubyman.
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20395]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577524.
Jun 23 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session closed for user root
Jun 23 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20325]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19221]: pam_unix(cron:session): session closed for user root
Jun 23 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 13:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20823]: Failed password for root from 103.153.68.219 port 47246 ssh2
Jun 23 13:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20823]: Connection closed by 103.153.68.219 port 47246 [preauth]
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20836]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20902]: Successful su for rubyman by root
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20902]: + ??? root:rubyman
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577526 of user rubyman.
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20902]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577526.
Jun 23 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17736]: pam_unix(cron:session): session closed for user root
Jun 23 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20837]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19835]: pam_unix(cron:session): session closed for user root
Jun 23 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21244]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21244]: pam_unix(cron:session): session closed for user root
Jun 23 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21239]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21309]: Successful su for rubyman by root
Jun 23 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21309]: + ??? root:rubyman
Jun 23 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577532 of user rubyman.
Jun 23 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21309]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577532.
Jun 23 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18169]: pam_unix(cron:session): session closed for user root
Jun 23 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21241]: pam_unix(cron:session): session closed for user root
Jun 23 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21240]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 13:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21571]: Failed password for root from 193.37.70.224 port 45714 ssh2
Jun 23 13:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21571]: Connection closed by 193.37.70.224 port 45714 [preauth]
Jun 23 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session closed for user root
Jun 23 13:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Failed password for root from 103.15.222.183 port 48608 ssh2
Jun 23 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Connection closed by 103.15.222.183 port 48608 [preauth]
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21708]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21778]: Successful su for rubyman by root
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21778]: + ??? root:rubyman
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577536 of user rubyman.
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21778]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577536.
Jun 23 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18670]: pam_unix(cron:session): session closed for user root
Jun 23 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21709]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 13:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: Failed password for root from 62.133.62.83 port 39696 ssh2
Jun 23 13:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: Connection closed by 62.133.62.83 port 39696 [preauth]
Jun 23 13:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20839]: pam_unix(cron:session): session closed for user root
Jun 23 13:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 23 13:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Failed password for root from 94.159.110.201 port 44164 ssh2
Jun 23 13:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Connection closed by 94.159.110.201 port 44164 [preauth]
Jun 23 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22122]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22189]: Successful su for rubyman by root
Jun 23 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22189]: + ??? root:rubyman
Jun 23 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577540 of user rubyman.
Jun 23 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22189]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577540.
Jun 23 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19220]: pam_unix(cron:session): session closed for user root
Jun 23 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22123]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21243]: pam_unix(cron:session): session closed for user root
Jun 23 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22612]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22672]: Successful su for rubyman by root
Jun 23 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22672]: + ??? root:rubyman
Jun 23 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577545 of user rubyman.
Jun 23 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22672]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577545.
Jun 23 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19834]: pam_unix(cron:session): session closed for user root
Jun 23 13:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21711]: pam_unix(cron:session): session closed for user root
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23012]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23071]: Successful su for rubyman by root
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23071]: + ??? root:rubyman
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577549 of user rubyman.
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23071]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577549.
Jun 23 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session closed for user root
Jun 23 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23013]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session closed for user root
Jun 23 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23434]: pam_unix(cron:session): session closed for user root
Jun 23 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23429]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23503]: Successful su for rubyman by root
Jun 23 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23503]: + ??? root:rubyman
Jun 23 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577556 of user rubyman.
Jun 23 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23503]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577556.
Jun 23 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20838]: pam_unix(cron:session): session closed for user root
Jun 23 13:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23431]: pam_unix(cron:session): session closed for user root
Jun 23 13:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23430]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22615]: pam_unix(cron:session): session closed for user root
Jun 23 13:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23917]: Connection closed by 194.59.206.2 port 60552 [preauth]
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23979]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24047]: Successful su for rubyman by root
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24047]: + ??? root:rubyman
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577560 of user rubyman.
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24047]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577560.
Jun 23 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21242]: pam_unix(cron:session): session closed for user root
Jun 23 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23981]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23015]: pam_unix(cron:session): session closed for user root
Jun 23 13:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Received disconnect from 198.38.91.141 port 40912:11: disconnected by user [preauth]
Jun 23 13:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Disconnected from 198.38.91.141 port 40912 [preauth]
Jun 23 13:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24398]: Failed password for root from 109.237.96.109 port 42402 ssh2
Jun 23 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24398]: Connection closed by 109.237.96.109 port 42402 [preauth]
Jun 23 13:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24424]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: Successful su for rubyman by root
Jun 23 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: + ??? root:rubyman
Jun 23 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577563 of user rubyman.
Jun 23 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577563.
Jun 23 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24421]: Failed password for root from 103.27.238.120 port 44690 ssh2
Jun 23 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21710]: pam_unix(cron:session): session closed for user root
Jun 23 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24421]: Connection closed by 103.27.238.120 port 44690 [preauth]
Jun 23 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24425]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: Failed password for root from 193.24.211.107 port 49298 ssh2
Jun 23 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: Received disconnect from 193.24.211.107 port 49298:11: Client disconnecting normally [preauth]
Jun 23 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: Disconnected from 193.24.211.107 port 49298 [preauth]
Jun 23 13:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 13:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Failed password for root from 194.113.233.25 port 59336 ssh2
Jun 23 13:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Connection closed by 194.113.233.25 port 59336 [preauth]
Jun 23 13:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23433]: pam_unix(cron:session): session closed for user root
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24852]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: Successful su for rubyman by root
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: + ??? root:rubyman
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577566 of user rubyman.
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577566.
Jun 23 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22124]: pam_unix(cron:session): session closed for user root
Jun 23 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24853]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23983]: pam_unix(cron:session): session closed for user root
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25248]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25308]: Successful su for rubyman by root
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25308]: + ??? root:rubyman
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577570 of user rubyman.
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25308]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577570.
Jun 23 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session closed for user root
Jun 23 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25249]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24428]: pam_unix(cron:session): session closed for user root
Jun 23 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session closed for user root
Jun 23 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25707]: Successful su for rubyman by root
Jun 23 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25707]: + ??? root:rubyman
Jun 23 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577576 of user rubyman.
Jun 23 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25707]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577576.
Jun 23 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session closed for user root
Jun 23 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session closed for user root
Jun 23 13:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25641]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24855]: pam_unix(cron:session): session closed for user root
Jun 23 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26054]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26124]: Successful su for rubyman by root
Jun 23 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26124]: + ??? root:rubyman
Jun 23 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577582 of user rubyman.
Jun 23 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26124]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577582.
Jun 23 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23432]: pam_unix(cron:session): session closed for user root
Jun 23 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26055]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25251]: pam_unix(cron:session): session closed for user root
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26451]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26512]: Successful su for rubyman by root
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26512]: + ??? root:rubyman
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577584 of user rubyman.
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26512]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577584.
Jun 23 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23982]: pam_unix(cron:session): session closed for user root
Jun 23 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26452]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session closed for user root
Jun 23 13:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Invalid user admin from 193.46.255.86
Jun 23 13:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: input_userauth_request: invalid user admin [preauth]
Jun 23 13:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 13:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 13:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Failed password for invalid user admin from 193.46.255.86 port 23928 ssh2
Jun 23 13:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 13:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Failed password for invalid user admin from 193.46.255.86 port 23928 ssh2
Jun 23 13:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26942]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27000]: Successful su for rubyman by root
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27000]: + ??? root:rubyman
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577588 of user rubyman.
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27000]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577588.
Jun 23 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Failed password for invalid user admin from 193.46.255.86 port 23928 ssh2
Jun 23 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Connection closed by 193.46.255.86 port 23928 [preauth]
Jun 23 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24426]: pam_unix(cron:session): session closed for user root
Jun 23 13:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26943]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26057]: pam_unix(cron:session): session closed for user root
Jun 23 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27477]: Successful su for rubyman by root
Jun 23 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27477]: + ??? root:rubyman
Jun 23 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577592 of user rubyman.
Jun 23 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27477]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577592.
Jun 23 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27352]: pam_unix(cron:session): session closed for user root
Jun 23 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24854]: pam_unix(cron:session): session closed for user root
Jun 23 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26454]: pam_unix(cron:session): session closed for user root
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27857]: pam_unix(cron:session): session closed for user root
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27847]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27922]: Successful su for rubyman by root
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27922]: + ??? root:rubyman
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577598 of user rubyman.
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27922]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577598.
Jun 23 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27849]: pam_unix(cron:session): session closed for user root
Jun 23 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25250]: pam_unix(cron:session): session closed for user root
Jun 23 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27848]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26945]: pam_unix(cron:session): session closed for user root
Jun 23 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28344]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28408]: Successful su for rubyman by root
Jun 23 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28408]: + ??? root:rubyman
Jun 23 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577605 of user rubyman.
Jun 23 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28408]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577605.
Jun 23 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session closed for user root
Jun 23 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28345]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27357]: pam_unix(cron:session): session closed for user root
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28838]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28911]: Successful su for rubyman by root
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28911]: + ??? root:rubyman
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577607 of user rubyman.
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28911]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577607.
Jun 23 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26056]: pam_unix(cron:session): session closed for user root
Jun 23 13:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28839]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27856]: pam_unix(cron:session): session closed for user root
Jun 23 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29271]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: Successful su for rubyman by root
Jun 23 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: + ??? root:rubyman
Jun 23 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577612 of user rubyman.
Jun 23 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577612.
Jun 23 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26453]: pam_unix(cron:session): session closed for user root
Jun 23 13:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29272]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28347]: pam_unix(cron:session): session closed for user root
Jun 23 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29869]: Successful su for rubyman by root
Jun 23 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29869]: + ??? root:rubyman
Jun 23 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577615 of user rubyman.
Jun 23 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29869]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577615.
Jun 23 13:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session closed for user root
Jun 23 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28841]: pam_unix(cron:session): session closed for user root
Jun 23 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session closed for user root
Jun 23 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30220]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30286]: Successful su for rubyman by root
Jun 23 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30286]: + ??? root:rubyman
Jun 23 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577619 of user rubyman.
Jun 23 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30286]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577619.
Jun 23 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30222]: pam_unix(cron:session): session closed for user root
Jun 23 13:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27356]: pam_unix(cron:session): session closed for user root
Jun 23 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30221]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 13:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30567]: Failed password for root from 103.172.78.219 port 59480 ssh2
Jun 23 13:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30567]: Connection closed by 103.172.78.219 port 59480 [preauth]
Jun 23 13:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29274]: pam_unix(cron:session): session closed for user root
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30681]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30744]: Successful su for rubyman by root
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30744]: + ??? root:rubyman
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577625 of user rubyman.
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30744]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577625.
Jun 23 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27855]: pam_unix(cron:session): session closed for user root
Jun 23 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30682]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29801]: pam_unix(cron:session): session closed for user root
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31186]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31248]: Successful su for rubyman by root
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31248]: + ??? root:rubyman
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577631 of user rubyman.
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31248]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577631.
Jun 23 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28346]: pam_unix(cron:session): session closed for user root
Jun 23 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session closed for user root
Jun 23 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31684]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31746]: Successful su for rubyman by root
Jun 23 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31746]: + ??? root:rubyman
Jun 23 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577634 of user rubyman.
Jun 23 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31746]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577634.
Jun 23 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28840]: pam_unix(cron:session): session closed for user root
Jun 23 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30684]: pam_unix(cron:session): session closed for user root
Jun 23 13:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: Received disconnect from 78.111.67.238 port 52636:11: disconnected by user [preauth]
Jun 23 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: Disconnected from 78.111.67.238 port 52636 [preauth]
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32101]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32165]: Successful su for rubyman by root
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32165]: + ??? root:rubyman
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577639 of user rubyman.
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32165]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577639.
Jun 23 13:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29273]: pam_unix(cron:session): session closed for user root
Jun 23 13:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32102]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31189]: pam_unix(cron:session): session closed for user root
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session closed for user root
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32576]: Successful su for rubyman by root
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32576]: + ??? root:rubyman
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577644 of user rubyman.
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32576]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577644.
Jun 23 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32510]: pam_unix(cron:session): session closed for user root
Jun 23 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session closed for user root
Jun 23 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32509]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: Failed password for root from 103.176.20.57 port 58262 ssh2
Jun 23 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: Connection closed by 103.176.20.57 port 58262 [preauth]
Jun 23 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session closed for user root
Jun 23 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: Successful su for rubyman by root
Jun 23 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: + ??? root:rubyman
Jun 23 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577648 of user rubyman.
Jun 23 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577648.
Jun 23 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session closed for user root
Jun 23 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 13:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Failed password for root from 141.98.83.240 port 27852 ssh2
Jun 23 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 27852 ssh2]
Jun 23 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Connection closed by 141.98.83.240 port 27852 [preauth]
Jun 23 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 13:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[938]: Received disconnect from 115.124.73.145 port 53906:11: disconnected by user [preauth]
Jun 23 13:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[938]: Disconnected from 115.124.73.145 port 53906 [preauth]
Jun 23 13:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32104]: pam_unix(cron:session): session closed for user root
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1069]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1149]: Successful su for rubyman by root
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1149]: + ??? root:rubyman
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577651 of user rubyman.
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1149]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577651.
Jun 23 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30683]: pam_unix(cron:session): session closed for user root
Jun 23 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1074]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: Failed password for root from 80.66.85.226 port 44010 ssh2
Jun 23 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: Connection closed by 80.66.85.226 port 44010 [preauth]
Jun 23 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32512]: pam_unix(cron:session): session closed for user root
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1624]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1693]: Successful su for rubyman by root
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1693]: + ??? root:rubyman
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577656 of user rubyman.
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1693]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577656.
Jun 23 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session closed for user root
Jun 23 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1625]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session closed for user root
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: Successful su for rubyman by root
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: + ??? root:rubyman
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577661 of user rubyman.
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577661.
Jun 23 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session closed for user root
Jun 23 13:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1076]: pam_unix(cron:session): session closed for user root
Jun 23 13:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 13:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Failed password for root from 103.82.132.16 port 59582 ssh2
Jun 23 13:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Connection closed by 103.82.132.16 port 59582 [preauth]
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2540]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2540]: pam_unix(cron:session): session closed for user root
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2535]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2616]: Successful su for rubyman by root
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2616]: + ??? root:rubyman
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577664 of user rubyman.
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2616]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577664.
Jun 23 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2537]: pam_unix(cron:session): session closed for user root
Jun 23 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32103]: pam_unix(cron:session): session closed for user root
Jun 23 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2536]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1630]: pam_unix(cron:session): session closed for user root
Jun 23 13:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 13:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 13:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: Failed password for root from 77.94.47.83 port 56760 ssh2
Jun 23 13:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: Connection closed by 77.94.47.83 port 56760 [preauth]
Jun 23 13:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Failed password for root from 38.93.206.2 port 24504 ssh2
Jun 23 13:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Connection closed by 38.93.206.2 port 24504 [preauth]
Jun 23 13:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 13:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Failed password for root from 193.24.211.107 port 21610 ssh2
Jun 23 13:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Received disconnect from 193.24.211.107 port 21610:11: Client disconnecting normally [preauth]
Jun 23 13:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Disconnected from 193.24.211.107 port 21610 [preauth]
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2980]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: Successful su for rubyman by root
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: + ??? root:rubyman
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577670 of user rubyman.
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577670.
Jun 23 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32511]: pam_unix(cron:session): session closed for user root
Jun 23 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2981]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2111]: pam_unix(cron:session): session closed for user root
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3386]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3445]: Successful su for rubyman by root
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3445]: + ??? root:rubyman
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577673 of user rubyman.
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3445]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577673.
Jun 23 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session closed for user root
Jun 23 13:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3387]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Invalid user admin from 2.57.121.25
Jun 23 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: input_userauth_request: invalid user admin [preauth]
Jun 23 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session closed for user root
Jun 23 13:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Failed password for invalid user admin from 2.57.121.25 port 55272 ssh2
Jun 23 13:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 13:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Failed password for invalid user admin from 2.57.121.25 port 55272 ssh2
Jun 23 13:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 13:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Failed password for invalid user admin from 2.57.121.25 port 55272 ssh2
Jun 23 13:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Connection closed by 2.57.121.25 port 55272 [preauth]
Jun 23 13:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3934]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4035]: Successful su for rubyman by root
Jun 23 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4035]: + ??? root:rubyman
Jun 23 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577677 of user rubyman.
Jun 23 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4035]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577677.
Jun 23 13:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1075]: pam_unix(cron:session): session closed for user root
Jun 23 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3936]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session closed for user root
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4389]: pam_unix(cron:session): session closed for user p13x
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4448]: Successful su for rubyman by root
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4448]: + ??? root:rubyman
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577681 of user rubyman.
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4448]: pam_unix(su:session): session closed for user rubyman
Jun 23 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577681.
Jun 23 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1629]: pam_unix(cron:session): session closed for user root
Jun 23 13:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4390]: pam_unix(cron:session): session closed for user samftp
Jun 23 13:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 13:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 13:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: Failed password for root from 103.27.238.114 port 40392 ssh2
Jun 23 13:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: Connection closed by 103.27.238.114 port 40392 [preauth]
Jun 23 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3389]: pam_unix(cron:session): session closed for user root
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4908]: pam_unix(cron:session): session closed for user root
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4901]: pam_unix(cron:session): session closed for user root
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4883]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5004]: Successful su for rubyman by root
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5004]: + ??? root:rubyman
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577688 of user rubyman.
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5004]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577688.
Jun 23 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4902]: pam_unix(cron:session): session closed for user root
Jun 23 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2110]: pam_unix(cron:session): session closed for user root
Jun 23 14:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4900]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3938]: pam_unix(cron:session): session closed for user root
Jun 23 14:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: Failed password for root from 51.250.105.222 port 34644 ssh2
Jun 23 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5418]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: Connection closed by 51.250.105.222 port 34644 [preauth]
Jun 23 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5485]: Successful su for rubyman by root
Jun 23 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5485]: + ??? root:rubyman
Jun 23 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577692 of user rubyman.
Jun 23 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5485]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577692.
Jun 23 14:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2538]: pam_unix(cron:session): session closed for user root
Jun 23 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5419]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4392]: pam_unix(cron:session): session closed for user root
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5809]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5806]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5872]: Successful su for rubyman by root
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5872]: + ??? root:rubyman
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577696 of user rubyman.
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5872]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577696.
Jun 23 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2982]: pam_unix(cron:session): session closed for user root
Jun 23 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Failed password for root from 103.77.242.62 port 53806 ssh2
Jun 23 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Connection closed by 103.77.242.62 port 53806 [preauth]
Jun 23 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 14:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Failed password for root from 103.82.20.28 port 46972 ssh2
Jun 23 14:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Connection closed by 103.82.20.28 port 46972 [preauth]
Jun 23 14:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4905]: pam_unix(cron:session): session closed for user root
Jun 23 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6207]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6268]: Successful su for rubyman by root
Jun 23 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6268]: + ??? root:rubyman
Jun 23 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577702 of user rubyman.
Jun 23 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6268]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577702.
Jun 23 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3388]: pam_unix(cron:session): session closed for user root
Jun 23 14:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6208]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5421]: pam_unix(cron:session): session closed for user root
Jun 23 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6596]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6661]: Successful su for rubyman by root
Jun 23 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6661]: + ??? root:rubyman
Jun 23 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577704 of user rubyman.
Jun 23 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6661]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577704.
Jun 23 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3937]: pam_unix(cron:session): session closed for user root
Jun 23 14:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5809]: pam_unix(cron:session): session closed for user root
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7053]: pam_unix(cron:session): session closed for user root
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7043]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7170]: Successful su for rubyman by root
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7170]: + ??? root:rubyman
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577710 of user rubyman.
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7170]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577710.
Jun 23 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4391]: pam_unix(cron:session): session closed for user root
Jun 23 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7050]: pam_unix(cron:session): session closed for user root
Jun 23 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session closed for user root
Jun 23 14:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7488]: Received disconnect from 5.135.167.5 port 60256:11: disconnected by user [preauth]
Jun 23 14:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7488]: Disconnected from 5.135.167.5 port 60256 [preauth]
Jun 23 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7541]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7540]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7538]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: Successful su for rubyman by root
Jun 23 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: + ??? root:rubyman
Jun 23 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577715 of user rubyman.
Jun 23 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577715.
Jun 23 14:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4903]: pam_unix(cron:session): session closed for user root
Jun 23 14:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7539]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6599]: pam_unix(cron:session): session closed for user root
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8028]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8088]: Successful su for rubyman by root
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8088]: + ??? root:rubyman
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577719 of user rubyman.
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8088]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577719.
Jun 23 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5420]: pam_unix(cron:session): session closed for user root
Jun 23 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8029]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7052]: pam_unix(cron:session): session closed for user root
Jun 23 14:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Invalid user analise from 2.57.121.112
Jun 23 14:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: input_userauth_request: invalid user analise [preauth]
Jun 23 14:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 14:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Failed password for invalid user analise from 2.57.121.112 port 22044 ssh2
Jun 23 14:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Failed password for invalid user analise from 2.57.121.112 port 22044 ssh2
Jun 23 14:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Failed password for invalid user analise from 2.57.121.112 port 22044 ssh2
Jun 23 14:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Failed password for invalid user analise from 2.57.121.112 port 22044 ssh2
Jun 23 14:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Failed password for invalid user analise from 2.57.121.112 port 22044 ssh2
Jun 23 14:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Connection closed by 2.57.121.112 port 22044 [preauth]
Jun 23 14:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 14:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8483]: Successful su for rubyman by root
Jun 23 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8483]: + ??? root:rubyman
Jun 23 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577723 of user rubyman.
Jun 23 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8483]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577723.
Jun 23 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5808]: pam_unix(cron:session): session closed for user root
Jun 23 14:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7541]: pam_unix(cron:session): session closed for user root
Jun 23 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8819]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8942]: Successful su for rubyman by root
Jun 23 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8942]: + ??? root:rubyman
Jun 23 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577729 of user rubyman.
Jun 23 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8942]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577729.
Jun 23 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8817]: pam_unix(cron:session): session closed for user root
Jun 23 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6209]: pam_unix(cron:session): session closed for user root
Jun 23 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8820]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Received disconnect from 8.210.18.141 port 53680:11: disconnected by user [preauth]
Jun 23 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Disconnected from 8.210.18.141 port 53680 [preauth]
Jun 23 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8031]: pam_unix(cron:session): session closed for user root
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9315]: pam_unix(cron:session): session closed for user root
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: Successful su for rubyman by root
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: + ??? root:rubyman
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577735 of user rubyman.
Jun 23 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577735.
Jun 23 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session closed for user root
Jun 23 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6598]: pam_unix(cron:session): session closed for user root
Jun 23 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9311]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8421]: pam_unix(cron:session): session closed for user root
Jun 23 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: Bad protocol version identification '\026\003\001' from 152.32.150.215 port 42038
Jun 23 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: Successful su for rubyman by root
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: + ??? root:rubyman
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577737 of user rubyman.
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577737.
Jun 23 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9696]: Did not receive identification string from 152.32.150.215
Jun 23 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: Connection closed by 152.32.150.215 port 42690 [preauth]
Jun 23 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Protocol major versions differ for 152.32.150.215: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
Jun 23 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7051]: pam_unix(cron:session): session closed for user root
Jun 23 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9727]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8822]: pam_unix(cron:session): session closed for user root
Jun 23 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10403]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10467]: Successful su for rubyman by root
Jun 23 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10467]: + ??? root:rubyman
Jun 23 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577741 of user rubyman.
Jun 23 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10467]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577741.
Jun 23 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7540]: pam_unix(cron:session): session closed for user root
Jun 23 14:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9314]: pam_unix(cron:session): session closed for user root
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11040]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11122]: Successful su for rubyman by root
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11122]: + ??? root:rubyman
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577747 of user rubyman.
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11122]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577747.
Jun 23 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8030]: pam_unix(cron:session): session closed for user root
Jun 23 14:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Received disconnect from 212.192.240.126 port 14346:11: disconnected by user [preauth]
Jun 23 14:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Disconnected from 212.192.240.126 port 14346 [preauth]
Jun 23 14:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9729]: pam_unix(cron:session): session closed for user root
Jun 23 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11515]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11512]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: Successful su for rubyman by root
Jun 23 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: + ??? root:rubyman
Jun 23 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577749 of user rubyman.
Jun 23 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577749.
Jun 23 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session closed for user root
Jun 23 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 14:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: Failed password for root from 147.45.199.80 port 49628 ssh2
Jun 23 14:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: Connection closed by 147.45.199.80 port 49628 [preauth]
Jun 23 14:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10406]: pam_unix(cron:session): session closed for user root
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11969]: pam_unix(cron:session): session closed for user root
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11964]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12035]: Successful su for rubyman by root
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12035]: + ??? root:rubyman
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577753 of user rubyman.
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12035]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577753.
Jun 23 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11966]: pam_unix(cron:session): session closed for user root
Jun 23 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8821]: pam_unix(cron:session): session closed for user root
Jun 23 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11965]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session closed for user root
Jun 23 14:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 14:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Failed password for root from 103.27.238.116 port 46806 ssh2
Jun 23 14:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Connection closed by 103.27.238.116 port 46806 [preauth]
Jun 23 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12587]: Successful su for rubyman by root
Jun 23 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12587]: + ??? root:rubyman
Jun 23 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577759 of user rubyman.
Jun 23 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12587]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577759.
Jun 23 14:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9313]: pam_unix(cron:session): session closed for user root
Jun 23 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11515]: pam_unix(cron:session): session closed for user root
Jun 23 14:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 14:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: Failed password for root from 176.32.39.21 port 51802 ssh2
Jun 23 14:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: Connection closed by 176.32.39.21 port 51802 [preauth]
Jun 23 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session closed for user root
Jun 23 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13003]: Successful su for rubyman by root
Jun 23 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13003]: + ??? root:rubyman
Jun 23 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577763 of user rubyman.
Jun 23 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13003]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577763.
Jun 23 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9728]: pam_unix(cron:session): session closed for user root
Jun 23 14:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11968]: pam_unix(cron:session): session closed for user root
Jun 23 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13350]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13413]: Successful su for rubyman by root
Jun 23 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13413]: + ??? root:rubyman
Jun 23 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577768 of user rubyman.
Jun 23 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13413]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577768.
Jun 23 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session closed for user root
Jun 23 14:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13351]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 14:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Failed password for root from 103.122.221.179 port 54492 ssh2
Jun 23 14:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Connection closed by 103.122.221.179 port 54492 [preauth]
Jun 23 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12525]: pam_unix(cron:session): session closed for user root
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13813]: Successful su for rubyman by root
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13813]: + ??? root:rubyman
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577772 of user rubyman.
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13813]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577772.
Jun 23 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11042]: pam_unix(cron:session): session closed for user root
Jun 23 14:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13753]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: Failed password for root from 193.24.211.107 port 3276 ssh2
Jun 23 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: Received disconnect from 193.24.211.107 port 3276:11: Client disconnecting normally [preauth]
Jun 23 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: Disconnected from 193.24.211.107 port 3276 [preauth]
Jun 23 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12946]: pam_unix(cron:session): session closed for user root
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14159]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14160]: pam_unix(cron:session): session closed for user root
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14224]: Successful su for rubyman by root
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14224]: + ??? root:rubyman
Jun 23 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577781 of user rubyman.
Jun 23 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14224]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577781.
Jun 23 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session closed for user root
Jun 23 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11514]: pam_unix(cron:session): session closed for user root
Jun 23 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session closed for user root
Jun 23 14:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: Connection closed by 45.148.10.121 port 45644 [preauth]
Jun 23 14:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Invalid user admin from 141.98.83.240
Jun 23 14:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: input_userauth_request: invalid user admin [preauth]
Jun 23 14:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 14:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Failed password for invalid user admin from 141.98.83.240 port 60342 ssh2
Jun 23 14:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Failed password for invalid user admin from 141.98.83.240 port 60342 ssh2
Jun 23 14:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Failed password for invalid user admin from 141.98.83.240 port 60342 ssh2
Jun 23 14:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Connection closed by 141.98.83.240 port 60342 [preauth]
Jun 23 14:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14574]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14574]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14678]: Successful su for rubyman by root
Jun 23 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14678]: + ??? root:rubyman
Jun 23 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577782 of user rubyman.
Jun 23 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14678]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577782.
Jun 23 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11967]: pam_unix(cron:session): session closed for user root
Jun 23 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14575]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session closed for user root
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15063]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: Successful su for rubyman by root
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: + ??? root:rubyman
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577786 of user rubyman.
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577786.
Jun 23 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session closed for user root
Jun 23 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15064]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14159]: pam_unix(cron:session): session closed for user root
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15457]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15520]: Successful su for rubyman by root
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15520]: + ??? root:rubyman
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577790 of user rubyman.
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15520]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577790.
Jun 23 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session closed for user root
Jun 23 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15458]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14577]: pam_unix(cron:session): session closed for user root
Jun 23 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15848]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15908]: Successful su for rubyman by root
Jun 23 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15908]: + ??? root:rubyman
Jun 23 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577794 of user rubyman.
Jun 23 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15908]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577794.
Jun 23 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session closed for user root
Jun 23 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session closed for user root
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session closed for user root
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16298]: Successful su for rubyman by root
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16298]: + ??? root:rubyman
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577798 of user rubyman.
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16298]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577798.
Jun 23 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16235]: pam_unix(cron:session): session closed for user root
Jun 23 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session closed for user root
Jun 23 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15460]: pam_unix(cron:session): session closed for user root
Jun 23 14:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16656]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16720]: Successful su for rubyman by root
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16720]: + ??? root:rubyman
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577804 of user rubyman.
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16720]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577804.
Jun 23 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Failed password for root from 87.251.79.125 port 43466 ssh2
Jun 23 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Connection closed by 87.251.79.125 port 43466 [preauth]
Jun 23 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14158]: pam_unix(cron:session): session closed for user root
Jun 23 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15852]: pam_unix(cron:session): session closed for user root
Jun 23 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17216]: Successful su for rubyman by root
Jun 23 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17216]: + ??? root:rubyman
Jun 23 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577808 of user rubyman.
Jun 23 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17216]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577808.
Jun 23 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14576]: pam_unix(cron:session): session closed for user root
Jun 23 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 14:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Failed password for root from 103.149.28.157 port 36430 ssh2
Jun 23 14:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Connection closed by 103.149.28.157 port 36430 [preauth]
Jun 23 14:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16237]: pam_unix(cron:session): session closed for user root
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17567]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17624]: Successful su for rubyman by root
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17624]: + ??? root:rubyman
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577814 of user rubyman.
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17624]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577814.
Jun 23 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session closed for user root
Jun 23 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: Received disconnect from 141.95.34.214 port 52826:11: disconnected by user [preauth]
Jun 23 14:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: Disconnected from 141.95.34.214 port 52826 [preauth]
Jun 23 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session closed for user root
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18071]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18131]: Successful su for rubyman by root
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18131]: + ??? root:rubyman
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577817 of user rubyman.
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18131]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577817.
Jun 23 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15459]: pam_unix(cron:session): session closed for user root
Jun 23 14:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18072]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session closed for user root
Jun 23 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18593]: pam_unix(cron:session): session closed for user root
Jun 23 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18584]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18657]: Successful su for rubyman by root
Jun 23 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18657]: + ??? root:rubyman
Jun 23 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577823 of user rubyman.
Jun 23 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18657]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577823.
Jun 23 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18589]: pam_unix(cron:session): session closed for user root
Jun 23 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session closed for user root
Jun 23 14:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18585]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17570]: pam_unix(cron:session): session closed for user root
Jun 23 14:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: Connection closed by 194.59.206.2 port 49416 [preauth]
Jun 23 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19037]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19104]: Successful su for rubyman by root
Jun 23 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19104]: + ??? root:rubyman
Jun 23 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577827 of user rubyman.
Jun 23 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19104]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577827.
Jun 23 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16236]: pam_unix(cron:session): session closed for user root
Jun 23 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19038]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18074]: pam_unix(cron:session): session closed for user root
Jun 23 14:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19734]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19799]: Successful su for rubyman by root
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19799]: + ??? root:rubyman
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577831 of user rubyman.
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19799]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577831.
Jun 23 14:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: Failed password for root from 202.178.126.219 port 31631 ssh2
Jun 23 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session closed for user root
Jun 23 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: Connection closed by 202.178.126.219 port 31631 [preauth]
Jun 23 14:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19735]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18592]: pam_unix(cron:session): session closed for user root
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20240]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20306]: Successful su for rubyman by root
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20306]: + ??? root:rubyman
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577836 of user rubyman.
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20306]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577836.
Jun 23 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session closed for user root
Jun 23 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20241]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session closed for user root
Jun 23 14:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 14:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: Failed password for root from 193.46.255.86 port 48338 ssh2
Jun 23 14:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 48338 ssh2]
Jun 23 14:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: Connection closed by 193.46.255.86 port 48338 [preauth]
Jun 23 14:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20682]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: Successful su for rubyman by root
Jun 23 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: + ??? root:rubyman
Jun 23 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577838 of user rubyman.
Jun 23 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577838.
Jun 23 14:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17569]: pam_unix(cron:session): session closed for user root
Jun 23 14:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20686]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19737]: pam_unix(cron:session): session closed for user root
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21155]: pam_unix(cron:session): session closed for user root
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21222]: Successful su for rubyman by root
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21222]: + ??? root:rubyman
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577842 of user rubyman.
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21222]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577842.
Jun 23 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21152]: pam_unix(cron:session): session closed for user root
Jun 23 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18073]: pam_unix(cron:session): session closed for user root
Jun 23 14:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 14:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Failed password for root from 147.45.211.215 port 59568 ssh2
Jun 23 14:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Connection closed by 147.45.211.215 port 59568 [preauth]
Jun 23 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20243]: pam_unix(cron:session): session closed for user root
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21691]: Successful su for rubyman by root
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21691]: + ??? root:rubyman
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577849 of user rubyman.
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21691]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577849.
Jun 23 14:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18590]: pam_unix(cron:session): session closed for user root
Jun 23 14:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20688]: pam_unix(cron:session): session closed for user root
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22033]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22096]: Successful su for rubyman by root
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22096]: + ??? root:rubyman
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577854 of user rubyman.
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22096]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577854.
Jun 23 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session closed for user root
Jun 23 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22034]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21154]: pam_unix(cron:session): session closed for user root
Jun 23 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22522]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: Successful su for rubyman by root
Jun 23 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: + ??? root:rubyman
Jun 23 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577856 of user rubyman.
Jun 23 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577856.
Jun 23 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19736]: pam_unix(cron:session): session closed for user root
Jun 23 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21610]: pam_unix(cron:session): session closed for user root
Jun 23 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22933]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22930]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23040]: Successful su for rubyman by root
Jun 23 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23040]: + ??? root:rubyman
Jun 23 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577861 of user rubyman.
Jun 23 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23040]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577861.
Jun 23 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22928]: pam_unix(cron:session): session closed for user root
Jun 23 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20242]: pam_unix(cron:session): session closed for user root
Jun 23 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Received disconnect from 86.111.187.169 port 55152:11: disconnected by user [preauth]
Jun 23 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Disconnected from 86.111.187.169 port 55152 [preauth]
Jun 23 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22931]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22036]: pam_unix(cron:session): session closed for user root
Jun 23 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session closed for user root
Jun 23 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23443]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: Successful su for rubyman by root
Jun 23 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: + ??? root:rubyman
Jun 23 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577867 of user rubyman.
Jun 23 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577867.
Jun 23 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session closed for user root
Jun 23 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20687]: pam_unix(cron:session): session closed for user root
Jun 23 14:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23444]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 14:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: Failed password for root from 193.37.70.224 port 48050 ssh2
Jun 23 14:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: Connection closed by 193.37.70.224 port 48050 [preauth]
Jun 23 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22525]: pam_unix(cron:session): session closed for user root
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23989]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24057]: Successful su for rubyman by root
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24057]: + ??? root:rubyman
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577871 of user rubyman.
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24057]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577871.
Jun 23 14:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21153]: pam_unix(cron:session): session closed for user root
Jun 23 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23990]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22933]: pam_unix(cron:session): session closed for user root
Jun 23 14:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 14:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Failed password for root from 103.77.175.15 port 44196 ssh2
Jun 23 14:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Connection closed by 103.77.175.15 port 44196 [preauth]
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24411]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24482]: Successful su for rubyman by root
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24482]: + ??? root:rubyman
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577875 of user rubyman.
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24482]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577875.
Jun 23 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session closed for user root
Jun 23 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24412]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session closed for user root
Jun 23 14:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 14:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24833]: Failed password for root from 38.93.206.2 port 30900 ssh2
Jun 23 14:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24833]: Connection closed by 38.93.206.2 port 30900 [preauth]
Jun 23 14:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24846]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24904]: Successful su for rubyman by root
Jun 23 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24904]: + ??? root:rubyman
Jun 23 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577879 of user rubyman.
Jun 23 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24904]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577879.
Jun 23 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: Failed password for root from 193.24.211.107 port 21291 ssh2
Jun 23 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: Received disconnect from 193.24.211.107 port 21291:11: Client disconnecting normally [preauth]
Jun 23 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: Disconnected from 193.24.211.107 port 21291 [preauth]
Jun 23 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22035]: pam_unix(cron:session): session closed for user root
Jun 23 14:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24847]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23992]: pam_unix(cron:session): session closed for user root
Jun 23 14:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 14:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25216]: Failed password for root from 62.133.62.83 port 51188 ssh2
Jun 23 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25216]: Connection closed by 62.133.62.83 port 51188 [preauth]
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25244]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25301]: Successful su for rubyman by root
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25301]: + ??? root:rubyman
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577883 of user rubyman.
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25301]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577883.
Jun 23 14:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22524]: pam_unix(cron:session): session closed for user root
Jun 23 14:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25245]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24414]: pam_unix(cron:session): session closed for user root
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25633]: pam_unix(cron:session): session closed for user root
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25628]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25695]: Successful su for rubyman by root
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25695]: + ??? root:rubyman
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577887 of user rubyman.
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25695]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577887.
Jun 23 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session closed for user root
Jun 23 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22932]: pam_unix(cron:session): session closed for user root
Jun 23 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25629]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24850]: pam_unix(cron:session): session closed for user root
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26043]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session closed for user root
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26116]: Successful su for rubyman by root
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26116]: + ??? root:rubyman
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577893 of user rubyman.
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26116]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577893.
Jun 23 14:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session closed for user root
Jun 23 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26044]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25247]: pam_unix(cron:session): session closed for user root
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26454]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26515]: Successful su for rubyman by root
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26515]: + ??? root:rubyman
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577898 of user rubyman.
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26515]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577898.
Jun 23 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23991]: pam_unix(cron:session): session closed for user root
Jun 23 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26455]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: Failed password for root from 109.237.96.109 port 57536 ssh2
Jun 23 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: Connection closed by 109.237.96.109 port 57536 [preauth]
Jun 23 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25632]: pam_unix(cron:session): session closed for user root
Jun 23 14:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: Failed password for root from 194.113.233.25 port 51642 ssh2
Jun 23 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: Connection closed by 194.113.233.25 port 51642 [preauth]
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26935]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26995]: Successful su for rubyman by root
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26995]: + ??? root:rubyman
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577902 of user rubyman.
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26995]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577902.
Jun 23 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24413]: pam_unix(cron:session): session closed for user root
Jun 23 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26936]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26047]: pam_unix(cron:session): session closed for user root
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27410]: Successful su for rubyman by root
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27410]: + ??? root:rubyman
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577906 of user rubyman.
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27410]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577906.
Jun 23 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24849]: pam_unix(cron:session): session closed for user root
Jun 23 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Failed password for root from 103.153.68.219 port 47402 ssh2
Jun 23 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Connection closed by 103.153.68.219 port 47402 [preauth]
Jun 23 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26457]: pam_unix(cron:session): session closed for user root
Jun 23 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27768]: pam_unix(cron:session): session closed for user root
Jun 23 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27763]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27830]: Successful su for rubyman by root
Jun 23 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27830]: + ??? root:rubyman
Jun 23 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577910 of user rubyman.
Jun 23 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27830]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577910.
Jun 23 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27765]: pam_unix(cron:session): session closed for user root
Jun 23 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25246]: pam_unix(cron:session): session closed for user root
Jun 23 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27764]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 14:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: Failed password for root from 103.15.222.183 port 59066 ssh2
Jun 23 14:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: Connection closed by 103.15.222.183 port 59066 [preauth]
Jun 23 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Invalid user admin from 141.98.83.240
Jun 23 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: input_userauth_request: invalid user admin [preauth]
Jun 23 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Failed password for invalid user admin from 141.98.83.240 port 60820 ssh2
Jun 23 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Failed password for invalid user admin from 141.98.83.240 port 60820 ssh2
Jun 23 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Failed password for invalid user admin from 141.98.83.240 port 60820 ssh2
Jun 23 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Connection closed by 141.98.83.240 port 60820 [preauth]
Jun 23 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26938]: pam_unix(cron:session): session closed for user root
Jun 23 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: Received disconnect from 160.238.24.130 port 58012:11: disconnected by user [preauth]
Jun 23 14:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: Disconnected from 160.238.24.130 port 58012 [preauth]
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28324]: Successful su for rubyman by root
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28324]: + ??? root:rubyman
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577916 of user rubyman.
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28324]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577916.
Jun 23 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25631]: pam_unix(cron:session): session closed for user root
Jun 23 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28262]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27351]: pam_unix(cron:session): session closed for user root
Jun 23 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28755]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28816]: Successful su for rubyman by root
Jun 23 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28816]: + ??? root:rubyman
Jun 23 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577920 of user rubyman.
Jun 23 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28816]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577920.
Jun 23 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26045]: pam_unix(cron:session): session closed for user root
Jun 23 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28756]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27767]: pam_unix(cron:session): session closed for user root
Jun 23 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29245]: Successful su for rubyman by root
Jun 23 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29245]: + ??? root:rubyman
Jun 23 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577924 of user rubyman.
Jun 23 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29245]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577924.
Jun 23 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26456]: pam_unix(cron:session): session closed for user root
Jun 23 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29174]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28264]: pam_unix(cron:session): session closed for user root
Jun 23 14:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29653]: Invalid user admin from 45.148.10.121
Jun 23 14:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29653]: input_userauth_request: invalid user admin [preauth]
Jun 23 14:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29653]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 14:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 14:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29653]: Failed password for invalid user admin from 45.148.10.121 port 35704 ssh2
Jun 23 14:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29653]: Connection closed by 45.148.10.121 port 35704 [preauth]
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29686]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29772]: Successful su for rubyman by root
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29772]: + ??? root:rubyman
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577928 of user rubyman.
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29772]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577928.
Jun 23 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26937]: pam_unix(cron:session): session closed for user root
Jun 23 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29688]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28758]: pam_unix(cron:session): session closed for user root
Jun 23 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30130]: pam_unix(cron:session): session closed for user root
Jun 23 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30125]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30204]: Successful su for rubyman by root
Jun 23 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30204]: + ??? root:rubyman
Jun 23 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577932 of user rubyman.
Jun 23 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30204]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577932.
Jun 23 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30127]: pam_unix(cron:session): session closed for user root
Jun 23 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27350]: pam_unix(cron:session): session closed for user root
Jun 23 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30126]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session closed for user root
Jun 23 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30653]: Successful su for rubyman by root
Jun 23 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30653]: + ??? root:rubyman
Jun 23 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577938 of user rubyman.
Jun 23 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30653]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577938.
Jun 23 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27766]: pam_unix(cron:session): session closed for user root
Jun 23 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30572]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29690]: pam_unix(cron:session): session closed for user root
Jun 23 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31091]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31154]: Successful su for rubyman by root
Jun 23 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31154]: + ??? root:rubyman
Jun 23 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577944 of user rubyman.
Jun 23 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31154]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577944.
Jun 23 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session closed for user root
Jun 23 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31092]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30129]: pam_unix(cron:session): session closed for user root
Jun 23 14:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 14:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 14:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31477]: Failed password for root from 103.27.238.120 port 55374 ssh2
Jun 23 14:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31477]: Connection closed by 103.27.238.120 port 55374 [preauth]
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31490]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31562]: Successful su for rubyman by root
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31562]: + ??? root:rubyman
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577947 of user rubyman.
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31562]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577947.
Jun 23 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28757]: pam_unix(cron:session): session closed for user root
Jun 23 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30575]: pam_unix(cron:session): session closed for user root
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31994]: pam_unix(cron:session): session closed for user p13x
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32062]: Successful su for rubyman by root
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32062]: + ??? root:rubyman
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577950 of user rubyman.
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32062]: pam_unix(su:session): session closed for user rubyman
Jun 23 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577950.
Jun 23 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29175]: pam_unix(cron:session): session closed for user root
Jun 23 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31995]: pam_unix(cron:session): session closed for user samftp
Jun 23 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31095]: pam_unix(cron:session): session closed for user root
Jun 23 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32409]: pam_unix(cron:session): session closed for user root
Jun 23 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32404]: pam_unix(cron:session): session closed for user root
Jun 23 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32402]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32506]: Successful su for rubyman by root
Jun 23 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32506]: + ??? root:rubyman
Jun 23 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577954 of user rubyman.
Jun 23 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32506]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577954.
Jun 23 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Invalid user admin from 2.57.121.25
Jun 23 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: input_userauth_request: invalid user admin [preauth]
Jun 23 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29689]: pam_unix(cron:session): session closed for user root
Jun 23 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32405]: pam_unix(cron:session): session closed for user root
Jun 23 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Failed password for invalid user admin from 2.57.121.25 port 55848 ssh2
Jun 23 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Failed password for invalid user admin from 2.57.121.25 port 55848 ssh2
Jun 23 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Failed password for invalid user admin from 2.57.121.25 port 55848 ssh2
Jun 23 15:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Connection closed by 2.57.121.25 port 55848 [preauth]
Jun 23 15:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 15:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session closed for user root
Jun 23 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: Successful su for rubyman by root
Jun 23 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: + ??? root:rubyman
Jun 23 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577961 of user rubyman.
Jun 23 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577961.
Jun 23 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30128]: pam_unix(cron:session): session closed for user root
Jun 23 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31997]: pam_unix(cron:session): session closed for user root
Jun 23 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1115]: Successful su for rubyman by root
Jun 23 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1115]: + ??? root:rubyman
Jun 23 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577966 of user rubyman.
Jun 23 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1115]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577966.
Jun 23 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30574]: pam_unix(cron:session): session closed for user root
Jun 23 15:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32407]: pam_unix(cron:session): session closed for user root
Jun 23 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1661]: Successful su for rubyman by root
Jun 23 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1661]: + ??? root:rubyman
Jun 23 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577971 of user rubyman.
Jun 23 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1661]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577971.
Jun 23 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31093]: pam_unix(cron:session): session closed for user root
Jun 23 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1579]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session closed for user root
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2069]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2133]: Successful su for rubyman by root
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2133]: + ??? root:rubyman
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577973 of user rubyman.
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2133]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577973.
Jun 23 15:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session closed for user root
Jun 23 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session closed for user root
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2495]: pam_unix(cron:session): session closed for user root
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2489]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: Successful su for rubyman by root
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: + ??? root:rubyman
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577978 of user rubyman.
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577978.
Jun 23 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31996]: pam_unix(cron:session): session closed for user root
Jun 23 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2491]: pam_unix(cron:session): session closed for user root
Jun 23 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2490]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1581]: pam_unix(cron:session): session closed for user root
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2935]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3007]: Successful su for rubyman by root
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3007]: + ??? root:rubyman
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577983 of user rubyman.
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3007]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577983.
Jun 23 15:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session closed for user root
Jun 23 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2936]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: Failed password for root from 202.178.126.219 port 19011 ssh2
Jun 23 15:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: Connection closed by 202.178.126.219 port 19011 [preauth]
Jun 23 15:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 15:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: Failed password for root from 193.24.211.107 port 42664 ssh2
Jun 23 15:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: Received disconnect from 193.24.211.107 port 42664:11: Client disconnecting normally [preauth]
Jun 23 15:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: Disconnected from 193.24.211.107 port 42664 [preauth]
Jun 23 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2073]: pam_unix(cron:session): session closed for user root
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3403]: Successful su for rubyman by root
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3403]: + ??? root:rubyman
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577988 of user rubyman.
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3403]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577988.
Jun 23 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[592]: pam_unix(cron:session): session closed for user root
Jun 23 15:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 15:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: Failed password for root from 80.66.85.226 port 55708 ssh2
Jun 23 15:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: Connection closed by 80.66.85.226 port 55708 [preauth]
Jun 23 15:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2494]: pam_unix(cron:session): session closed for user root
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3842]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3957]: Successful su for rubyman by root
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3957]: + ??? root:rubyman
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577992 of user rubyman.
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3957]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577992.
Jun 23 15:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session closed for user root
Jun 23 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3843]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session closed for user root
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4351]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4465]: Successful su for rubyman by root
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4465]: + ??? root:rubyman
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 577998 of user rubyman.
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4465]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 577998.
Jun 23 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4349]: pam_unix(cron:session): session closed for user root
Jun 23 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session closed for user root
Jun 23 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4352]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3346]: pam_unix(cron:session): session closed for user root
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4956]: pam_unix(cron:session): session closed for user root
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4947]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5022]: Successful su for rubyman by root
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5022]: + ??? root:rubyman
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578000 of user rubyman.
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5022]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578000.
Jun 23 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4949]: pam_unix(cron:session): session closed for user root
Jun 23 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2071]: pam_unix(cron:session): session closed for user root
Jun 23 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4948]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session closed for user root
Jun 23 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5396]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5464]: Successful su for rubyman by root
Jun 23 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5464]: + ??? root:rubyman
Jun 23 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578007 of user rubyman.
Jun 23 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5464]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578007.
Jun 23 15:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2492]: pam_unix(cron:session): session closed for user root
Jun 23 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.67.249.226  user=root
Jun 23 15:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: Failed password for root from 208.67.249.226 port 31981 ssh2
Jun 23 15:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: message repeated 2 times: [ Failed password for root from 208.67.249.226 port 31981 ssh2]
Jun 23 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4354]: pam_unix(cron:session): session closed for user root
Jun 23 15:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: Failed password for root from 208.67.249.226 port 31981 ssh2
Jun 23 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: message repeated 2 times: [ Failed password for root from 208.67.249.226 port 31981 ssh2]
Jun 23 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: error: maximum authentication attempts exceeded for root from 208.67.249.226 port 31981 ssh2 [preauth]
Jun 23 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: Disconnecting: Too many authentication failures [preauth]
Jun 23 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.67.249.226  user=root
Jun 23 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 23 15:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5854]: Successful su for rubyman by root
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5854]: + ??? root:rubyman
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578012 of user rubyman.
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5854]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578012.
Jun 23 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Failed password for root from 103.172.78.219 port 36114 ssh2
Jun 23 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Connection closed by 103.172.78.219 port 36114 [preauth]
Jun 23 15:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session closed for user root
Jun 23 15:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4955]: pam_unix(cron:session): session closed for user root
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6238]: Successful su for rubyman by root
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6238]: + ??? root:rubyman
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578016 of user rubyman.
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6238]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578016.
Jun 23 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session closed for user root
Jun 23 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session closed for user root
Jun 23 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6637]: Successful su for rubyman by root
Jun 23 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6637]: + ??? root:rubyman
Jun 23 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578018 of user rubyman.
Jun 23 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6637]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578018.
Jun 23 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session closed for user root
Jun 23 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5791]: pam_unix(cron:session): session closed for user root
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7022]: pam_unix(cron:session): session closed for user root
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7012]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7145]: Successful su for rubyman by root
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7145]: + ??? root:rubyman
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578022 of user rubyman.
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7145]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578022.
Jun 23 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session closed for user root
Jun 23 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4353]: pam_unix(cron:session): session closed for user root
Jun 23 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 15:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Failed password for root from 77.94.47.83 port 34038 ssh2
Jun 23 15:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Connection closed by 77.94.47.83 port 34038 [preauth]
Jun 23 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session closed for user root
Jun 23 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 15:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: Failed password for root from 103.176.20.57 port 58428 ssh2
Jun 23 15:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: Connection closed by 103.176.20.57 port 58428 [preauth]
Jun 23 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7507]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7579]: Successful su for rubyman by root
Jun 23 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7579]: + ??? root:rubyman
Jun 23 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578030 of user rubyman.
Jun 23 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7579]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578030.
Jun 23 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4950]: pam_unix(cron:session): session closed for user root
Jun 23 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7508]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6576]: pam_unix(cron:session): session closed for user root
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session closed for user root
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8069]: Successful su for rubyman by root
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8069]: + ??? root:rubyman
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578032 of user rubyman.
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8069]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578032.
Jun 23 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session closed for user root
Jun 23 15:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session closed for user root
Jun 23 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: Failed password for root from 34.32.217.126 port 53482 ssh2
Jun 23 15:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: Connection closed by 34.32.217.126 port 53482 [preauth]
Jun 23 15:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Invalid user oracle from 34.32.217.126
Jun 23 15:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: input_userauth_request: invalid user oracle [preauth]
Jun 23 15:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for invalid user oracle from 34.32.217.126 port 53496 ssh2
Jun 23 15:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Connection closed by 34.32.217.126 port 53496 [preauth]
Jun 23 15:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: Invalid user kali from 34.32.217.126
Jun 23 15:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: input_userauth_request: invalid user kali [preauth]
Jun 23 15:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8403]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8466]: Successful su for rubyman by root
Jun 23 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8466]: + ??? root:rubyman
Jun 23 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578038 of user rubyman.
Jun 23 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8466]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578038.
Jun 23 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: Failed password for invalid user kali from 34.32.217.126 port 34838 ssh2
Jun 23 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: Connection closed by 34.32.217.126 port 34838 [preauth]
Jun 23 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5790]: pam_unix(cron:session): session closed for user root
Jun 23 15:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: Failed password for root from 34.32.217.126 port 34846 ssh2
Jun 23 15:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8518]: Connection closed by 34.32.217.126 port 34846 [preauth]
Jun 23 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8404]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Invalid user ftpuser from 34.32.217.126
Jun 23 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Failed password for invalid user ftpuser from 34.32.217.126 port 34848 ssh2
Jun 23 15:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Connection closed by 34.32.217.126 port 34848 [preauth]
Jun 23 15:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: Invalid user ubuntu from 34.32.217.126
Jun 23 15:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 15:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: Failed password for invalid user ubuntu from 34.32.217.126 port 34852 ssh2
Jun 23 15:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8655]: Connection closed by 34.32.217.126 port 34852 [preauth]
Jun 23 15:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Invalid user test from 34.32.217.126
Jun 23 15:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: input_userauth_request: invalid user test [preauth]
Jun 23 15:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Failed password for invalid user test from 34.32.217.126 port 40882 ssh2
Jun 23 15:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Connection closed by 34.32.217.126 port 40882 [preauth]
Jun 23 15:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Invalid user mike from 34.32.217.126
Jun 23 15:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: input_userauth_request: invalid user mike [preauth]
Jun 23 15:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Failed password for invalid user mike from 34.32.217.126 port 40886 ssh2
Jun 23 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Connection closed by 34.32.217.126 port 40886 [preauth]
Jun 23 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Invalid user linaro from 34.32.217.126
Jun 23 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: input_userauth_request: invalid user linaro [preauth]
Jun 23 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Failed password for invalid user linaro from 34.32.217.126 port 40892 ssh2
Jun 23 15:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Connection closed by 34.32.217.126 port 40892 [preauth]
Jun 23 15:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Invalid user developer from 34.32.217.126
Jun 23 15:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: input_userauth_request: invalid user developer [preauth]
Jun 23 15:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Failed password for invalid user developer from 34.32.217.126 port 43062 ssh2
Jun 23 15:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Connection closed by 34.32.217.126 port 43062 [preauth]
Jun 23 15:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Invalid user hadoop from 34.32.217.126
Jun 23 15:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 15:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Failed password for invalid user hadoop from 34.32.217.126 port 43064 ssh2
Jun 23 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Connection closed by 34.32.217.126 port 43064 [preauth]
Jun 23 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Invalid user hduser from 34.32.217.126
Jun 23 15:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: input_userauth_request: invalid user hduser [preauth]
Jun 23 15:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Failed password for invalid user hduser from 34.32.217.126 port 43072 ssh2
Jun 23 15:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Connection closed by 34.32.217.126 port 43072 [preauth]
Jun 23 15:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Failed password for root from 34.32.217.126 port 43074 ssh2
Jun 23 15:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Connection closed by 34.32.217.126 port 43074 [preauth]
Jun 23 15:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Invalid user admin from 34.32.217.126
Jun 23 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: input_userauth_request: invalid user admin [preauth]
Jun 23 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7511]: pam_unix(cron:session): session closed for user root
Jun 23 15:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Failed password for invalid user admin from 34.32.217.126 port 37348 ssh2
Jun 23 15:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Connection closed by 34.32.217.126 port 37348 [preauth]
Jun 23 15:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: Invalid user deploy from 34.32.217.126
Jun 23 15:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: input_userauth_request: invalid user deploy [preauth]
Jun 23 15:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: Failed password for invalid user deploy from 34.32.217.126 port 37364 ssh2
Jun 23 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: Connection closed by 34.32.217.126 port 37364 [preauth]
Jun 23 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Invalid user deploy from 34.32.217.126
Jun 23 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: input_userauth_request: invalid user deploy [preauth]
Jun 23 15:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Failed password for invalid user deploy from 34.32.217.126 port 37366 ssh2
Jun 23 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Connection closed by 34.32.217.126 port 37366 [preauth]
Jun 23 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: Invalid user devops from 34.32.217.126
Jun 23 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: input_userauth_request: invalid user devops [preauth]
Jun 23 15:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: Failed password for invalid user devops from 34.32.217.126 port 58914 ssh2
Jun 23 15:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: Connection closed by 34.32.217.126 port 58914 [preauth]
Jun 23 15:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Invalid user jenkins from 34.32.217.126
Jun 23 15:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 15:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Failed password for invalid user jenkins from 34.32.217.126 port 58918 ssh2
Jun 23 15:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Connection closed by 34.32.217.126 port 58918 [preauth]
Jun 23 15:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8809]: Invalid user testuser from 34.32.217.126
Jun 23 15:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8809]: input_userauth_request: invalid user testuser [preauth]
Jun 23 15:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8809]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8809]: Failed password for invalid user testuser from 34.32.217.126 port 58924 ssh2
Jun 23 15:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8809]: Connection closed by 34.32.217.126 port 58924 [preauth]
Jun 23 15:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: Failed password for root from 34.32.217.126 port 58938 ssh2
Jun 23 15:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: Connection closed by 34.32.217.126 port 58938 [preauth]
Jun 23 15:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: Invalid user orangepi from 34.32.217.126
Jun 23 15:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: input_userauth_request: invalid user orangepi [preauth]
Jun 23 15:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: Failed password for invalid user orangepi from 34.32.217.126 port 55124 ssh2
Jun 23 15:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8822]: Connection closed by 34.32.217.126 port 55124 [preauth]
Jun 23 15:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Invalid user debian from 34.32.217.126
Jun 23 15:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: input_userauth_request: invalid user debian [preauth]
Jun 23 15:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Failed password for invalid user debian from 34.32.217.126 port 55132 ssh2
Jun 23 15:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Connection closed by 34.32.217.126 port 55132 [preauth]
Jun 23 15:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: Invalid user admin from 34.32.217.126
Jun 23 15:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: input_userauth_request: invalid user admin [preauth]
Jun 23 15:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8841]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: Failed password for invalid user admin from 34.32.217.126 port 55138 ssh2
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8902]: Successful su for rubyman by root
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8902]: + ??? root:rubyman
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578042 of user rubyman.
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8902]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: Connection closed by 34.32.217.126 port 55138 [preauth]
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578042.
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: Invalid user user from 34.32.217.126
Jun 23 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: input_userauth_request: invalid user user [preauth]
Jun 23 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session closed for user root
Jun 23 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: Failed password for invalid user user from 34.32.217.126 port 36186 ssh2
Jun 23 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: Connection closed by 34.32.217.126 port 36186 [preauth]
Jun 23 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8842]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Failed password for root from 34.32.217.126 port 36188 ssh2
Jun 23 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Connection closed by 34.32.217.126 port 36188 [preauth]
Jun 23 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Invalid user postgres from 34.32.217.126
Jun 23 15:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: input_userauth_request: invalid user postgres [preauth]
Jun 23 15:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Failed password for invalid user postgres from 34.32.217.126 port 36196 ssh2
Jun 23 15:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Connection closed by 34.32.217.126 port 36196 [preauth]
Jun 23 15:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Invalid user ubuntu from 34.32.217.126
Jun 23 15:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 15:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Failed password for invalid user ubuntu from 34.32.217.126 port 53436 ssh2
Jun 23 15:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Connection closed by 34.32.217.126 port 53436 [preauth]
Jun 23 15:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9117]: Failed password for root from 34.32.217.126 port 53440 ssh2
Jun 23 15:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9117]: Connection closed by 34.32.217.126 port 53440 [preauth]
Jun 23 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Invalid user ubuntu from 34.32.217.126
Jun 23 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Failed password for invalid user ubuntu from 34.32.217.126 port 53448 ssh2
Jun 23 15:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Connection closed by 34.32.217.126 port 53448 [preauth]
Jun 23 15:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: Failed password for root from 34.32.217.126 port 53830 ssh2
Jun 23 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: Connection closed by 34.32.217.126 port 53830 [preauth]
Jun 23 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: Invalid user admin from 34.32.217.126
Jun 23 15:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: input_userauth_request: invalid user admin [preauth]
Jun 23 15:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: Failed password for root from 103.82.132.16 port 59942 ssh2
Jun 23 15:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: Connection closed by 103.82.132.16 port 59942 [preauth]
Jun 23 15:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: Failed password for invalid user admin from 34.32.217.126 port 53838 ssh2
Jun 23 15:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: Connection closed by 34.32.217.126 port 53838 [preauth]
Jun 23 15:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9165]: Invalid user test from 34.32.217.126
Jun 23 15:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9165]: input_userauth_request: invalid user test [preauth]
Jun 23 15:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9165]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9165]: Failed password for invalid user test from 34.32.217.126 port 53854 ssh2
Jun 23 15:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9165]: Connection closed by 34.32.217.126 port 53854 [preauth]
Jun 23 15:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9167]: Invalid user ansible from 34.32.217.126
Jun 23 15:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9167]: input_userauth_request: invalid user ansible [preauth]
Jun 23 15:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9167]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9167]: Failed password for invalid user ansible from 34.32.217.126 port 53858 ssh2
Jun 23 15:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9167]: Connection closed by 34.32.217.126 port 53858 [preauth]
Jun 23 15:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: Invalid user dev from 34.32.217.126
Jun 23 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: input_userauth_request: invalid user dev [preauth]
Jun 23 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session closed for user root
Jun 23 15:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: Failed password for invalid user dev from 34.32.217.126 port 41406 ssh2
Jun 23 15:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: Connection closed by 34.32.217.126 port 41406 [preauth]
Jun 23 15:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Invalid user cloud from 34.32.217.126
Jun 23 15:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: input_userauth_request: invalid user cloud [preauth]
Jun 23 15:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Failed password for invalid user cloud from 34.32.217.126 port 41422 ssh2
Jun 23 15:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Connection closed by 34.32.217.126 port 41422 [preauth]
Jun 23 15:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Failed password for root from 34.32.217.126 port 41428 ssh2
Jun 23 15:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Connection closed by 34.32.217.126 port 41428 [preauth]
Jun 23 15:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Invalid user test from 34.32.217.126
Jun 23 15:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: input_userauth_request: invalid user test [preauth]
Jun 23 15:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Failed password for invalid user test from 34.32.217.126 port 53336 ssh2
Jun 23 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Connection closed by 34.32.217.126 port 53336 [preauth]
Jun 23 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Failed password for root from 34.32.217.126 port 53352 ssh2
Jun 23 15:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Connection closed by 34.32.217.126 port 53352 [preauth]
Jun 23 15:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: Invalid user user from 141.98.83.240
Jun 23 15:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: input_userauth_request: invalid user user [preauth]
Jun 23 15:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Received disconnect from 74.48.105.66 port 45086:11: disconnected by user [preauth]
Jun 23 15:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Disconnected from 74.48.105.66 port 45086 [preauth]
Jun 23 15:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 15:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Failed password for root from 34.32.217.126 port 53354 ssh2
Jun 23 15:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Connection closed by 34.32.217.126 port 53354 [preauth]
Jun 23 15:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: Failed password for invalid user user from 141.98.83.240 port 22552 ssh2
Jun 23 15:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: Failed password for invalid user user from 141.98.83.240 port 22552 ssh2
Jun 23 15:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Failed password for root from 34.32.217.126 port 41094 ssh2
Jun 23 15:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Connection closed by 34.32.217.126 port 41094 [preauth]
Jun 23 15:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: Invalid user testuser from 34.32.217.126
Jun 23 15:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: input_userauth_request: invalid user testuser [preauth]
Jun 23 15:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: Failed password for invalid user user from 141.98.83.240 port 22552 ssh2
Jun 23 15:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: Connection closed by 141.98.83.240 port 22552 [preauth]
Jun 23 15:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 15:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: Failed password for invalid user testuser from 34.32.217.126 port 41098 ssh2
Jun 23 15:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: Connection closed by 34.32.217.126 port 41098 [preauth]
Jun 23 15:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: Invalid user appuser from 34.32.217.126
Jun 23 15:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: input_userauth_request: invalid user appuser [preauth]
Jun 23 15:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: Failed password for invalid user appuser from 34.32.217.126 port 41106 ssh2
Jun 23 15:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: Connection closed by 34.32.217.126 port 41106 [preauth]
Jun 23 15:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Invalid user postgres from 34.32.217.126
Jun 23 15:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: input_userauth_request: invalid user postgres [preauth]
Jun 23 15:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session closed for user root
Jun 23 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9285]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9359]: Successful su for rubyman by root
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9359]: + ??? root:rubyman
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Failed password for invalid user postgres from 34.32.217.126 port 41114 ssh2
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578048 of user rubyman.
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9359]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578048.
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Connection closed by 34.32.217.126 port 41114 [preauth]
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Invalid user ftpuser from 34.32.217.126
Jun 23 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session closed for user root
Jun 23 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6575]: pam_unix(cron:session): session closed for user root
Jun 23 15:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Failed password for invalid user ftpuser from 34.32.217.126 port 34302 ssh2
Jun 23 15:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Connection closed by 34.32.217.126 port 34302 [preauth]
Jun 23 15:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: Invalid user ubuntu from 34.32.217.126
Jun 23 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9286]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: Failed password for invalid user ubuntu from 34.32.217.126 port 34304 ssh2
Jun 23 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: Connection closed by 34.32.217.126 port 34304 [preauth]
Jun 23 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: Invalid user ubnt from 34.32.217.126
Jun 23 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: input_userauth_request: invalid user ubnt [preauth]
Jun 23 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: Failed password for invalid user ubnt from 34.32.217.126 port 34318 ssh2
Jun 23 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: Connection closed by 34.32.217.126 port 34318 [preauth]
Jun 23 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Invalid user ubuntu from 34.32.217.126
Jun 23 15:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 15:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Failed password for invalid user ubuntu from 34.32.217.126 port 45866 ssh2
Jun 23 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Connection closed by 34.32.217.126 port 45866 [preauth]
Jun 23 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Invalid user vyos from 34.32.217.126
Jun 23 15:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: input_userauth_request: invalid user vyos [preauth]
Jun 23 15:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Failed password for invalid user vyos from 34.32.217.126 port 45876 ssh2
Jun 23 15:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Connection closed by 34.32.217.126 port 45876 [preauth]
Jun 23 15:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Invalid user git from 34.32.217.126
Jun 23 15:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: input_userauth_request: invalid user git [preauth]
Jun 23 15:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Failed password for invalid user git from 34.32.217.126 port 45878 ssh2
Jun 23 15:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Connection closed by 34.32.217.126 port 45878 [preauth]
Jun 23 15:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Failed password for root from 34.32.217.126 port 57768 ssh2
Jun 23 15:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Connection closed by 34.32.217.126 port 57768 [preauth]
Jun 23 15:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Invalid user testuser from 34.32.217.126
Jun 23 15:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: input_userauth_request: invalid user testuser [preauth]
Jun 23 15:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Failed password for invalid user testuser from 34.32.217.126 port 57776 ssh2
Jun 23 15:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Connection closed by 34.32.217.126 port 57776 [preauth]
Jun 23 15:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9632]: Failed password for root from 34.32.217.126 port 57780 ssh2
Jun 23 15:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9632]: Connection closed by 34.32.217.126 port 57780 [preauth]
Jun 23 15:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Invalid user user from 34.32.217.126
Jun 23 15:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: input_userauth_request: invalid user user [preauth]
Jun 23 15:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Failed password for invalid user user from 34.32.217.126 port 57792 ssh2
Jun 23 15:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Connection closed by 34.32.217.126 port 57792 [preauth]
Jun 23 15:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8406]: pam_unix(cron:session): session closed for user root
Jun 23 15:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: Failed password for root from 34.32.217.126 port 56754 ssh2
Jun 23 15:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: Connection closed by 34.32.217.126 port 56754 [preauth]
Jun 23 15:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9675]: Invalid user minecraft from 34.32.217.126
Jun 23 15:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9675]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 15:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9675]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9675]: Failed password for invalid user minecraft from 34.32.217.126 port 56774 ssh2
Jun 23 15:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9675]: Connection closed by 34.32.217.126 port 56774 [preauth]
Jun 23 15:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Invalid user dev from 34.32.217.126
Jun 23 15:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: input_userauth_request: invalid user dev [preauth]
Jun 23 15:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Failed password for invalid user dev from 34.32.217.126 port 56790 ssh2
Jun 23 15:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Connection closed by 34.32.217.126 port 56790 [preauth]
Jun 23 15:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Invalid user deploy from 34.32.217.126
Jun 23 15:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: input_userauth_request: invalid user deploy [preauth]
Jun 23 15:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Failed password for invalid user deploy from 34.32.217.126 port 53208 ssh2
Jun 23 15:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Connection closed by 34.32.217.126 port 53208 [preauth]
Jun 23 15:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9713]: Failed password for root from 34.32.217.126 port 53222 ssh2
Jun 23 15:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9713]: Connection closed by 34.32.217.126 port 53222 [preauth]
Jun 23 15:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Failed password for root from 34.32.217.126 port 53226 ssh2
Jun 23 15:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Connection closed by 34.32.217.126 port 53226 [preauth]
Jun 23 15:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: Invalid user ubuntu from 34.32.217.126
Jun 23 15:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 15:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: Failed password for invalid user ubuntu from 34.32.217.126 port 53456 ssh2
Jun 23 15:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: Connection closed by 34.32.217.126 port 53456 [preauth]
Jun 23 15:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Invalid user vps from 34.32.217.126
Jun 23 15:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: input_userauth_request: invalid user vps [preauth]
Jun 23 15:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Failed password for invalid user vps from 34.32.217.126 port 53462 ssh2
Jun 23 15:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Connection closed by 34.32.217.126 port 53462 [preauth]
Jun 23 15:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: Invalid user ubuntu from 34.32.217.126
Jun 23 15:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 15:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9749]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: Failed password for invalid user ubuntu from 34.32.217.126 port 53476 ssh2
Jun 23 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9820]: Successful su for rubyman by root
Jun 23 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9820]: + ??? root:rubyman
Jun 23 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578052 of user rubyman.
Jun 23 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9820]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578052.
Jun 23 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: Connection closed by 34.32.217.126 port 53476 [preauth]
Jun 23 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session closed for user root
Jun 23 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: Failed password for root from 34.32.217.126 port 43570 ssh2
Jun 23 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: Connection closed by 34.32.217.126 port 43570 [preauth]
Jun 23 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10170]: Invalid user alex from 34.32.217.126
Jun 23 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10170]: input_userauth_request: invalid user alex [preauth]
Jun 23 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10170]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10170]: Failed password for invalid user alex from 34.32.217.126 port 43584 ssh2
Jun 23 15:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10170]: Connection closed by 34.32.217.126 port 43584 [preauth]
Jun 23 15:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Invalid user ubuntu from 34.32.217.126
Jun 23 15:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 15:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for invalid user ubuntu from 34.32.217.126 port 43590 ssh2
Jun 23 15:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Connection closed by 34.32.217.126 port 43590 [preauth]
Jun 23 15:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Invalid user user1 from 34.32.217.126
Jun 23 15:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: input_userauth_request: invalid user user1 [preauth]
Jun 23 15:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Failed password for invalid user user1 from 34.32.217.126 port 51866 ssh2
Jun 23 15:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Connection closed by 34.32.217.126 port 51866 [preauth]
Jun 23 15:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 15:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Failed password for root from 34.32.217.126 port 51874 ssh2
Jun 23 15:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Connection closed by 34.32.217.126 port 51874 [preauth]
Jun 23 15:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Failed password for root from 51.250.105.222 port 35006 ssh2
Jun 23 15:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Failed password for root from 34.32.217.126 port 51886 ssh2
Jun 23 15:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Connection closed by 51.250.105.222 port 35006 [preauth]
Jun 23 15:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Connection closed by 34.32.217.126 port 51886 [preauth]
Jun 23 15:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Invalid user test from 34.32.217.126
Jun 23 15:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: input_userauth_request: invalid user test [preauth]
Jun 23 15:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Failed password for invalid user test from 34.32.217.126 port 47890 ssh2
Jun 23 15:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Connection closed by 34.32.217.126 port 47890 [preauth]
Jun 23 15:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: Failed password for root from 34.32.217.126 port 47900 ssh2
Jun 23 15:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: Connection closed by 34.32.217.126 port 47900 [preauth]
Jun 23 15:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Failed password for root from 34.32.217.126 port 47902 ssh2
Jun 23 15:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Connection closed by 34.32.217.126 port 47902 [preauth]
Jun 23 15:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: Invalid user git from 34.32.217.126
Jun 23 15:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: input_userauth_request: invalid user git [preauth]
Jun 23 15:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: Failed password for invalid user git from 34.32.217.126 port 47906 ssh2
Jun 23 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: Connection closed by 34.32.217.126 port 47906 [preauth]
Jun 23 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Invalid user ubuntu from 34.32.217.126
Jun 23 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8844]: pam_unix(cron:session): session closed for user root
Jun 23 15:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Failed password for invalid user ubuntu from 34.32.217.126 port 39774 ssh2
Jun 23 15:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Connection closed by 34.32.217.126 port 39774 [preauth]
Jun 23 15:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: Invalid user ansadmin from 34.32.217.126
Jun 23 15:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: input_userauth_request: invalid user ansadmin [preauth]
Jun 23 15:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: Failed password for invalid user ansadmin from 34.32.217.126 port 39776 ssh2
Jun 23 15:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: Connection closed by 34.32.217.126 port 39776 [preauth]
Jun 23 15:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: Invalid user ubuntu from 34.32.217.126
Jun 23 15:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 15:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: Failed password for invalid user ubuntu from 34.32.217.126 port 39778 ssh2
Jun 23 15:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: Connection closed by 34.32.217.126 port 39778 [preauth]
Jun 23 15:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: Invalid user ec2-user from 34.32.217.126
Jun 23 15:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: input_userauth_request: invalid user ec2-user [preauth]
Jun 23 15:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: Failed password for invalid user ec2-user from 34.32.217.126 port 41550 ssh2
Jun 23 15:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: Connection closed by 34.32.217.126 port 41550 [preauth]
Jun 23 15:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Invalid user steam from 34.32.217.126
Jun 23 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: input_userauth_request: invalid user steam [preauth]
Jun 23 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Failed password for invalid user steam from 34.32.217.126 port 41558 ssh2
Jun 23 15:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Connection closed by 34.32.217.126 port 41558 [preauth]
Jun 23 15:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: Invalid user docker from 34.32.217.126
Jun 23 15:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: input_userauth_request: invalid user docker [preauth]
Jun 23 15:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: Failed password for invalid user docker from 34.32.217.126 port 41574 ssh2
Jun 23 15:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: Connection closed by 34.32.217.126 port 41574 [preauth]
Jun 23 15:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Invalid user deploy from 34.32.217.126
Jun 23 15:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: input_userauth_request: invalid user deploy [preauth]
Jun 23 15:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Failed password for invalid user deploy from 34.32.217.126 port 57420 ssh2
Jun 23 15:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Connection closed by 34.32.217.126 port 57420 [preauth]
Jun 23 15:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Invalid user minecraft from 34.32.217.126
Jun 23 15:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 15:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Failed password for invalid user minecraft from 34.32.217.126 port 57422 ssh2
Jun 23 15:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Connection closed by 34.32.217.126 port 57422 [preauth]
Jun 23 15:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Invalid user web from 34.32.217.126
Jun 23 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: input_userauth_request: invalid user web [preauth]
Jun 23 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Failed password for invalid user web from 34.32.217.126 port 57438 ssh2
Jun 23 15:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Connection closed by 34.32.217.126 port 57438 [preauth]
Jun 23 15:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Invalid user deploy from 34.32.217.126
Jun 23 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: input_userauth_request: invalid user deploy [preauth]
Jun 23 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10528]: Successful su for rubyman by root
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10528]: + ??? root:rubyman
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578055 of user rubyman.
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10528]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578055.
Jun 23 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Failed password for invalid user deploy from 34.32.217.126 port 57442 ssh2
Jun 23 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Connection closed by 34.32.217.126 port 57442 [preauth]
Jun 23 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7509]: pam_unix(cron:session): session closed for user root
Jun 23 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Failed password for root from 34.32.217.126 port 52986 ssh2
Jun 23 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Connection closed by 34.32.217.126 port 52986 [preauth]
Jun 23 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10465]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Invalid user deploy from 34.32.217.126
Jun 23 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: input_userauth_request: invalid user deploy [preauth]
Jun 23 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Failed password for invalid user deploy from 34.32.217.126 port 52996 ssh2
Jun 23 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Connection closed by 34.32.217.126 port 52996 [preauth]
Jun 23 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Invalid user deploy from 34.32.217.126
Jun 23 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: input_userauth_request: invalid user deploy [preauth]
Jun 23 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Failed password for invalid user deploy from 34.32.217.126 port 53012 ssh2
Jun 23 15:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Connection closed by 34.32.217.126 port 53012 [preauth]
Jun 23 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: Invalid user devuser from 34.32.217.126
Jun 23 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: input_userauth_request: invalid user devuser [preauth]
Jun 23 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: Failed password for invalid user devuser from 34.32.217.126 port 40556 ssh2
Jun 23 15:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: Connection closed by 34.32.217.126 port 40556 [preauth]
Jun 23 15:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: Invalid user odoo from 34.32.217.126
Jun 23 15:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: input_userauth_request: invalid user odoo [preauth]
Jun 23 15:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: Failed password for invalid user odoo from 34.32.217.126 port 40558 ssh2
Jun 23 15:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: Connection closed by 34.32.217.126 port 40558 [preauth]
Jun 23 15:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Failed password for root from 34.32.217.126 port 40562 ssh2
Jun 23 15:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Connection closed by 34.32.217.126 port 40562 [preauth]
Jun 23 15:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Failed password for root from 34.32.217.126 port 59732 ssh2
Jun 23 15:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Connection closed by 34.32.217.126 port 59732 [preauth]
Jun 23 15:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Invalid user dev from 34.32.217.126
Jun 23 15:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: input_userauth_request: invalid user dev [preauth]
Jun 23 15:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Failed password for invalid user dev from 34.32.217.126 port 59738 ssh2
Jun 23 15:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Connection closed by 34.32.217.126 port 59738 [preauth]
Jun 23 15:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: Invalid user testuser from 34.32.217.126
Jun 23 15:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: input_userauth_request: invalid user testuser [preauth]
Jun 23 15:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: Failed password for invalid user testuser from 34.32.217.126 port 59742 ssh2
Jun 23 15:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: Connection closed by 34.32.217.126 port 59742 [preauth]
Jun 23 15:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: Invalid user student from 34.32.217.126
Jun 23 15:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: input_userauth_request: invalid user student [preauth]
Jun 23 15:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: Failed password for invalid user student from 34.32.217.126 port 59756 ssh2
Jun 23 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: Connection closed by 34.32.217.126 port 59756 [preauth]
Jun 23 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: Invalid user user from 34.32.217.126
Jun 23 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: input_userauth_request: invalid user user [preauth]
Jun 23 15:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: Failed password for invalid user user from 34.32.217.126 port 51424 ssh2
Jun 23 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: Connection closed by 34.32.217.126 port 51424 [preauth]
Jun 23 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session closed for user root
Jun 23 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: Invalid user deployer from 34.32.217.126
Jun 23 15:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: input_userauth_request: invalid user deployer [preauth]
Jun 23 15:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: Failed password for invalid user deployer from 34.32.217.126 port 51428 ssh2
Jun 23 15:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: Connection closed by 34.32.217.126 port 51428 [preauth]
Jun 23 15:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: Invalid user deploy from 34.32.217.126
Jun 23 15:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: input_userauth_request: invalid user deploy [preauth]
Jun 23 15:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: Failed password for invalid user deploy from 34.32.217.126 port 51436 ssh2
Jun 23 15:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: Connection closed by 34.32.217.126 port 51436 [preauth]
Jun 23 15:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Invalid user hadoop from 34.32.217.126
Jun 23 15:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 15:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Failed password for invalid user hadoop from 34.32.217.126 port 34304 ssh2
Jun 23 15:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Connection closed by 34.32.217.126 port 34304 [preauth]
Jun 23 15:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Invalid user fa from 34.32.217.126
Jun 23 15:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: input_userauth_request: invalid user fa [preauth]
Jun 23 15:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Failed password for invalid user fa from 34.32.217.126 port 34316 ssh2
Jun 23 15:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Connection closed by 34.32.217.126 port 34316 [preauth]
Jun 23 15:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126  user=root
Jun 23 15:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: Failed password for root from 34.32.217.126 port 34326 ssh2
Jun 23 15:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: Connection closed by 34.32.217.126 port 34326 [preauth]
Jun 23 15:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: Invalid user admin from 34.32.217.126
Jun 23 15:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: input_userauth_request: invalid user admin [preauth]
Jun 23 15:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: Failed password for invalid user admin from 34.32.217.126 port 34336 ssh2
Jun 23 15:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: Connection closed by 34.32.217.126 port 34336 [preauth]
Jun 23 15:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Invalid user deploy from 34.32.217.126
Jun 23 15:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: input_userauth_request: invalid user deploy [preauth]
Jun 23 15:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.32.217.126
Jun 23 15:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Failed password for invalid user deploy from 34.32.217.126 port 45726 ssh2
Jun 23 15:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Connection closed by 34.32.217.126 port 45726 [preauth]
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10924]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10922]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10987]: Successful su for rubyman by root
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10987]: + ??? root:rubyman
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578059 of user rubyman.
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10987]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578059.
Jun 23 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session closed for user root
Jun 23 15:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10923]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9753]: pam_unix(cron:session): session closed for user root
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11409]: Successful su for rubyman by root
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11409]: + ??? root:rubyman
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578064 of user rubyman.
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11409]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578064.
Jun 23 15:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session closed for user root
Jun 23 15:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10467]: pam_unix(cron:session): session closed for user root
Jun 23 15:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 15:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: Failed password for root from 38.93.206.2 port 19728 ssh2
Jun 23 15:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: Connection closed by 38.93.206.2 port 19728 [preauth]
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11769]: pam_unix(cron:session): session closed for user root
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11848]: Successful su for rubyman by root
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11848]: + ??? root:rubyman
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578069 of user rubyman.
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11848]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578069.
Jun 23 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11764]: pam_unix(cron:session): session closed for user root
Jun 23 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session closed for user root
Jun 23 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11763]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 15:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12126]: Failed password for root from 103.27.238.114 port 50940 ssh2
Jun 23 15:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12126]: Connection closed by 103.27.238.114 port 50940 [preauth]
Jun 23 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10925]: pam_unix(cron:session): session closed for user root
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12427]: Successful su for rubyman by root
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12427]: + ??? root:rubyman
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578074 of user rubyman.
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12427]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578074.
Jun 23 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9288]: pam_unix(cron:session): session closed for user root
Jun 23 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12239]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11345]: pam_unix(cron:session): session closed for user root
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12775]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12775]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: Successful su for rubyman by root
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: + ??? root:rubyman
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578078 of user rubyman.
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578078.
Jun 23 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9752]: pam_unix(cron:session): session closed for user root
Jun 23 15:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12776]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11768]: pam_unix(cron:session): session closed for user root
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13190]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13252]: Successful su for rubyman by root
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13252]: + ??? root:rubyman
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578082 of user rubyman.
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13252]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578082.
Jun 23 15:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10466]: pam_unix(cron:session): session closed for user root
Jun 23 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12258]: pam_unix(cron:session): session closed for user root
Jun 23 15:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 15:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: Failed password for root from 103.77.242.62 port 36298 ssh2
Jun 23 15:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: Connection closed by 103.77.242.62 port 36298 [preauth]
Jun 23 15:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Invalid user ali from 193.46.255.86
Jun 23 15:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: input_userauth_request: invalid user ali [preauth]
Jun 23 15:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for invalid user ali from 193.46.255.86 port 14574 ssh2
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13651]: Successful su for rubyman by root
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13651]: + ??? root:rubyman
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578085 of user rubyman.
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13651]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578085.
Jun 23 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for invalid user ali from 193.46.255.86 port 14574 ssh2
Jun 23 15:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10924]: pam_unix(cron:session): session closed for user root
Jun 23 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for invalid user ali from 193.46.255.86 port 14574 ssh2
Jun 23 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Connection closed by 193.46.255.86 port 14574 [preauth]
Jun 23 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 15:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12778]: pam_unix(cron:session): session closed for user root
Jun 23 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: Failed password for root from 193.24.211.107 port 7186 ssh2
Jun 23 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: Received disconnect from 193.24.211.107 port 7186:11: Client disconnecting normally [preauth]
Jun 23 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: Disconnected from 193.24.211.107 port 7186 [preauth]
Jun 23 15:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Failed password for root from 103.82.20.28 port 35392 ssh2
Jun 23 15:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Connection closed by 103.82.20.28 port 35392 [preauth]
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session closed for user root
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14007]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14077]: Successful su for rubyman by root
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14077]: + ??? root:rubyman
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578094 of user rubyman.
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14077]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578094.
Jun 23 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session closed for user root
Jun 23 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11344]: pam_unix(cron:session): session closed for user root
Jun 23 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14008]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: Failed password for root from 147.45.199.80 port 44204 ssh2
Jun 23 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: Connection closed by 147.45.199.80 port 44204 [preauth]
Jun 23 15:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session closed for user root
Jun 23 15:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: Connection closed by 194.59.206.2 port 23114 [preauth]
Jun 23 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14424]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14494]: Successful su for rubyman by root
Jun 23 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14494]: + ??? root:rubyman
Jun 23 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578097 of user rubyman.
Jun 23 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14494]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578097.
Jun 23 15:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11767]: pam_unix(cron:session): session closed for user root
Jun 23 15:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14425]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13596]: pam_unix(cron:session): session closed for user root
Jun 23 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14911]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14976]: Successful su for rubyman by root
Jun 23 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14976]: + ??? root:rubyman
Jun 23 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578100 of user rubyman.
Jun 23 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14976]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578100.
Jun 23 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12240]: pam_unix(cron:session): session closed for user root
Jun 23 15:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14912]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14014]: pam_unix(cron:session): session closed for user root
Jun 23 15:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Invalid user andie from 2.57.121.112
Jun 23 15:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: input_userauth_request: invalid user andie [preauth]
Jun 23 15:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: Successful su for rubyman by root
Jun 23 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: + ??? root:rubyman
Jun 23 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578103 of user rubyman.
Jun 23 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578103.
Jun 23 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Failed password for invalid user andie from 2.57.121.112 port 7406 ssh2
Jun 23 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12777]: pam_unix(cron:session): session closed for user root
Jun 23 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Failed password for invalid user andie from 2.57.121.112 port 7406 ssh2
Jun 23 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Failed password for invalid user andie from 2.57.121.112 port 7406 ssh2
Jun 23 15:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Failed password for invalid user andie from 2.57.121.112 port 7406 ssh2
Jun 23 15:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Failed password for invalid user andie from 2.57.121.112 port 7406 ssh2
Jun 23 15:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Connection closed by 2.57.121.112 port 7406 [preauth]
Jun 23 15:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 15:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14427]: pam_unix(cron:session): session closed for user root
Jun 23 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15708]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15772]: Successful su for rubyman by root
Jun 23 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15772]: + ??? root:rubyman
Jun 23 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578107 of user rubyman.
Jun 23 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15772]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578107.
Jun 23 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session closed for user root
Jun 23 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15710]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14914]: pam_unix(cron:session): session closed for user root
Jun 23 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16096]: pam_unix(cron:session): session closed for user root
Jun 23 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16091]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: Successful su for rubyman by root
Jun 23 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: + ??? root:rubyman
Jun 23 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578113 of user rubyman.
Jun 23 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578113.
Jun 23 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session closed for user root
Jun 23 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session closed for user root
Jun 23 15:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16092]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Invalid user AdminGPON from 45.148.10.121
Jun 23 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: input_userauth_request: invalid user AdminGPON [preauth]
Jun 23 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 15:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Failed password for invalid user AdminGPON from 45.148.10.121 port 40812 ssh2
Jun 23 15:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Connection closed by 45.148.10.121 port 40812 [preauth]
Jun 23 15:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15317]: pam_unix(cron:session): session closed for user root
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: Successful su for rubyman by root
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: + ??? root:rubyman
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578118 of user rubyman.
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578118.
Jun 23 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14011]: pam_unix(cron:session): session closed for user root
Jun 23 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session closed for user root
Jun 23 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17020]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17083]: Successful su for rubyman by root
Jun 23 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17083]: + ??? root:rubyman
Jun 23 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578121 of user rubyman.
Jun 23 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17083]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578121.
Jun 23 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14426]: pam_unix(cron:session): session closed for user root
Jun 23 15:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17021]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session closed for user root
Jun 23 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17489]: Successful su for rubyman by root
Jun 23 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17489]: + ??? root:rubyman
Jun 23 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578127 of user rubyman.
Jun 23 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17489]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578127.
Jun 23 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14913]: pam_unix(cron:session): session closed for user root
Jun 23 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session closed for user root
Jun 23 15:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Received disconnect from 192.95.10.202 port 14662:11: disconnected by user [preauth]
Jun 23 15:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Disconnected from 192.95.10.202 port 14662 [preauth]
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17921]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17920]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17918]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18048]: Successful su for rubyman by root
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18048]: + ??? root:rubyman
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578130 of user rubyman.
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18048]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578130.
Jun 23 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session closed for user root
Jun 23 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session closed for user root
Jun 23 15:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17919]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17023]: pam_unix(cron:session): session closed for user root
Jun 23 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18532]: pam_unix(cron:session): session closed for user root
Jun 23 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18525]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18598]: Successful su for rubyman by root
Jun 23 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18598]: + ??? root:rubyman
Jun 23 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578136 of user rubyman.
Jun 23 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18598]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578136.
Jun 23 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18527]: pam_unix(cron:session): session closed for user root
Jun 23 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session closed for user root
Jun 23 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18526]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17425]: pam_unix(cron:session): session closed for user root
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18976]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19043]: Successful su for rubyman by root
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19043]: + ??? root:rubyman
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578140 of user rubyman.
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19043]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578140.
Jun 23 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16094]: pam_unix(cron:session): session closed for user root
Jun 23 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18977]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17921]: pam_unix(cron:session): session closed for user root
Jun 23 15:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 15:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: Failed password for root from 87.251.79.125 port 39088 ssh2
Jun 23 15:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: Connection closed by 87.251.79.125 port 39088 [preauth]
Jun 23 15:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 15:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19469]: Failed password for root from 103.27.238.116 port 37676 ssh2
Jun 23 15:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19469]: Connection closed by 103.27.238.116 port 37676 [preauth]
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19480]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19735]: Successful su for rubyman by root
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19735]: + ??? root:rubyman
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578144 of user rubyman.
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19735]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578144.
Jun 23 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16519]: pam_unix(cron:session): session closed for user root
Jun 23 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19481]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18531]: pam_unix(cron:session): session closed for user root
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20079]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20230]: Successful su for rubyman by root
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20230]: + ??? root:rubyman
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578148 of user rubyman.
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20230]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578148.
Jun 23 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17022]: pam_unix(cron:session): session closed for user root
Jun 23 15:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20080]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18979]: pam_unix(cron:session): session closed for user root
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20680]: Successful su for rubyman by root
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20680]: + ??? root:rubyman
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578152 of user rubyman.
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20680]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578152.
Jun 23 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17424]: pam_unix(cron:session): session closed for user root
Jun 23 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 15:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Connection reset by 198.235.24.100 port 58970 [preauth]
Jun 23 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19484]: pam_unix(cron:session): session closed for user root
Jun 23 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Failed password for root from 103.122.221.179 port 46358 ssh2
Jun 23 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Connection closed by 103.122.221.179 port 46358 [preauth]
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session closed for user root
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21086]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21159]: Successful su for rubyman by root
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21159]: + ??? root:rubyman
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578158 of user rubyman.
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21159]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578158.
Jun 23 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session closed for user root
Jun 23 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17920]: pam_unix(cron:session): session closed for user root
Jun 23 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20082]: pam_unix(cron:session): session closed for user root
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21531]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21613]: Successful su for rubyman by root
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21613]: + ??? root:rubyman
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578162 of user rubyman.
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21613]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578162.
Jun 23 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18528]: pam_unix(cron:session): session closed for user root
Jun 23 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21532]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20593]: pam_unix(cron:session): session closed for user root
Jun 23 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21969]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22027]: Successful su for rubyman by root
Jun 23 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22027]: + ??? root:rubyman
Jun 23 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578166 of user rubyman.
Jun 23 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22027]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578166.
Jun 23 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18978]: pam_unix(cron:session): session closed for user root
Jun 23 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21970]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21090]: pam_unix(cron:session): session closed for user root
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: Successful su for rubyman by root
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: + ??? root:rubyman
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578172 of user rubyman.
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578172.
Jun 23 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19482]: pam_unix(cron:session): session closed for user root
Jun 23 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session closed for user root
Jun 23 15:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22849]: Received disconnect from 62.182.85.212 port 39844:11: disconnected by user [preauth]
Jun 23 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22849]: Disconnected from 62.182.85.212 port 39844 [preauth]
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22860]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22923]: Successful su for rubyman by root
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22923]: + ??? root:rubyman
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578175 of user rubyman.
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22923]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578175.
Jun 23 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20081]: pam_unix(cron:session): session closed for user root
Jun 23 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22861]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: Invalid user alex from 141.98.83.240
Jun 23 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: input_userauth_request: invalid user alex [preauth]
Jun 23 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 15:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: Failed password for invalid user alex from 141.98.83.240 port 29892 ssh2
Jun 23 15:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: Failed password for invalid user alex from 141.98.83.240 port 29892 ssh2
Jun 23 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: Failed password for invalid user alex from 141.98.83.240 port 29892 ssh2
Jun 23 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: Connection closed by 141.98.83.240 port 29892 [preauth]
Jun 23 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23111]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21972]: pam_unix(cron:session): session closed for user root
Jun 23 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23278]: pam_unix(cron:session): session closed for user root
Jun 23 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23271]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23352]: Successful su for rubyman by root
Jun 23 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23352]: + ??? root:rubyman
Jun 23 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578178 of user rubyman.
Jun 23 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23352]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578178.
Jun 23 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23273]: pam_unix(cron:session): session closed for user root
Jun 23 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session closed for user root
Jun 23 15:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23272]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22458]: pam_unix(cron:session): session closed for user root
Jun 23 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23724]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23801]: Successful su for rubyman by root
Jun 23 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23801]: + ??? root:rubyman
Jun 23 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578184 of user rubyman.
Jun 23 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23801]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578184.
Jun 23 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session closed for user root
Jun 23 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22863]: pam_unix(cron:session): session closed for user root
Jun 23 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24240]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24314]: Successful su for rubyman by root
Jun 23 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24314]: + ??? root:rubyman
Jun 23 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578188 of user rubyman.
Jun 23 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24314]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578188.
Jun 23 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21533]: pam_unix(cron:session): session closed for user root
Jun 23 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24241]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Failed password for root from 193.24.211.107 port 11223 ssh2
Jun 23 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Received disconnect from 193.24.211.107 port 11223:11: Client disconnecting normally [preauth]
Jun 23 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Disconnected from 193.24.211.107 port 11223 [preauth]
Jun 23 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23277]: pam_unix(cron:session): session closed for user root
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24665]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24743]: Successful su for rubyman by root
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24743]: + ??? root:rubyman
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578192 of user rubyman.
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24743]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578192.
Jun 23 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21971]: pam_unix(cron:session): session closed for user root
Jun 23 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Received disconnect from 176.123.2.173 port 47474:11: disconnected by user [preauth]
Jun 23 15:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Disconnected from 176.123.2.173 port 47474 [preauth]
Jun 23 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23727]: pam_unix(cron:session): session closed for user root
Jun 23 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25076]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25136]: Successful su for rubyman by root
Jun 23 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25136]: + ??? root:rubyman
Jun 23 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578198 of user rubyman.
Jun 23 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25136]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578198.
Jun 23 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22457]: pam_unix(cron:session): session closed for user root
Jun 23 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25078]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24243]: pam_unix(cron:session): session closed for user root
Jun 23 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25466]: pam_unix(cron:session): session closed for user root
Jun 23 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25460]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25535]: Successful su for rubyman by root
Jun 23 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25535]: + ??? root:rubyman
Jun 23 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578200 of user rubyman.
Jun 23 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25535]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578200.
Jun 23 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25462]: pam_unix(cron:session): session closed for user root
Jun 23 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22862]: pam_unix(cron:session): session closed for user root
Jun 23 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25461]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session closed for user root
Jun 23 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 15:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Failed password for root from 193.37.70.224 port 41094 ssh2
Jun 23 15:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Connection closed by 193.37.70.224 port 41094 [preauth]
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25886]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25953]: Successful su for rubyman by root
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25953]: + ??? root:rubyman
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578207 of user rubyman.
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25953]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578207.
Jun 23 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23276]: pam_unix(cron:session): session closed for user root
Jun 23 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25887]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 15:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Failed password for root from 103.149.28.157 port 47006 ssh2
Jun 23 15:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Connection closed by 103.149.28.157 port 47006 [preauth]
Jun 23 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25080]: pam_unix(cron:session): session closed for user root
Jun 23 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26292]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26357]: Successful su for rubyman by root
Jun 23 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26357]: + ??? root:rubyman
Jun 23 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578212 of user rubyman.
Jun 23 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26357]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578212.
Jun 23 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23726]: pam_unix(cron:session): session closed for user root
Jun 23 15:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26294]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25464]: pam_unix(cron:session): session closed for user root
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26770]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26829]: Successful su for rubyman by root
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26829]: + ??? root:rubyman
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578214 of user rubyman.
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26829]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578214.
Jun 23 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24242]: pam_unix(cron:session): session closed for user root
Jun 23 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26771]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25889]: pam_unix(cron:session): session closed for user root
Jun 23 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27159]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27157]: pam_unix(cron:session): session closed for user p13x
Jun 23 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27224]: Successful su for rubyman by root
Jun 23 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27224]: + ??? root:rubyman
Jun 23 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578218 of user rubyman.
Jun 23 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27224]: pam_unix(su:session): session closed for user rubyman
Jun 23 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578218.
Jun 23 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session closed for user root
Jun 23 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27158]: pam_unix(cron:session): session closed for user samftp
Jun 23 15:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27494]: Received disconnect from 23.239.96.154 port 42648:11: disconnected by user [preauth]
Jun 23 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27494]: Disconnected from 23.239.96.154 port 42648 [preauth]
Jun 23 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26296]: pam_unix(cron:session): session closed for user root
Jun 23 15:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 15:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 23 15:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: Failed password for root from 89.223.69.22 port 46536 ssh2
Jun 23 15:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: Connection closed by 89.223.69.22 port 46536 [preauth]
Jun 23 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27598]: pam_unix(cron:session): session closed for user root
Jun 23 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27593]: pam_unix(cron:session): session closed for user root
Jun 23 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27591]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: Successful su for rubyman by root
Jun 23 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: + ??? root:rubyman
Jun 23 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578227 of user rubyman.
Jun 23 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578227.
Jun 23 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25079]: pam_unix(cron:session): session closed for user root
Jun 23 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27594]: pam_unix(cron:session): session closed for user root
Jun 23 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27592]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26773]: pam_unix(cron:session): session closed for user root
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28150]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28222]: Successful su for rubyman by root
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28222]: + ??? root:rubyman
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578229 of user rubyman.
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28222]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578229.
Jun 23 16:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25463]: pam_unix(cron:session): session closed for user root
Jun 23 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28151]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28355]: Failed password for root from 62.133.62.83 port 50216 ssh2
Jun 23 16:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28355]: Connection closed by 62.133.62.83 port 50216 [preauth]
Jun 23 16:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27160]: pam_unix(cron:session): session closed for user root
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28554]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28703]: Successful su for rubyman by root
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28703]: + ??? root:rubyman
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578233 of user rubyman.
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28703]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578233.
Jun 23 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25888]: pam_unix(cron:session): session closed for user root
Jun 23 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28555]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: Invalid user admin from 2.57.121.25
Jun 23 16:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: input_userauth_request: invalid user admin [preauth]
Jun 23 16:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 16:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: Failed password for invalid user admin from 2.57.121.25 port 38626 ssh2
Jun 23 16:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: Failed password for invalid user admin from 2.57.121.25 port 38626 ssh2
Jun 23 16:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: Failed password for invalid user admin from 2.57.121.25 port 38626 ssh2
Jun 23 16:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: Connection closed by 2.57.121.25 port 38626 [preauth]
Jun 23 16:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 16:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 16:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Failed password for root from 109.237.96.109 port 55820 ssh2
Jun 23 16:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Connection closed by 109.237.96.109 port 55820 [preauth]
Jun 23 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27597]: pam_unix(cron:session): session closed for user root
Jun 23 16:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 16:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: Failed password for root from 194.113.233.25 port 59908 ssh2
Jun 23 16:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: Connection closed by 194.113.233.25 port 59908 [preauth]
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29066]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29131]: Successful su for rubyman by root
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29131]: + ??? root:rubyman
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578238 of user rubyman.
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29131]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578238.
Jun 23 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26295]: pam_unix(cron:session): session closed for user root
Jun 23 16:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29067]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28153]: pam_unix(cron:session): session closed for user root
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29490]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29643]: Successful su for rubyman by root
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29643]: + ??? root:rubyman
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578241 of user rubyman.
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29643]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578241.
Jun 23 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26772]: pam_unix(cron:session): session closed for user root
Jun 23 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29491]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28557]: pam_unix(cron:session): session closed for user root
Jun 23 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session closed for user root
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30095]: Successful su for rubyman by root
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30095]: + ??? root:rubyman
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578249 of user rubyman.
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30095]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578249.
Jun 23 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user root
Jun 23 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27159]: pam_unix(cron:session): session closed for user root
Jun 23 16:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29069]: pam_unix(cron:session): session closed for user root
Jun 23 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30460]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30533]: Successful su for rubyman by root
Jun 23 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30533]: + ??? root:rubyman
Jun 23 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578252 of user rubyman.
Jun 23 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30533]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578252.
Jun 23 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27596]: pam_unix(cron:session): session closed for user root
Jun 23 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30461]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29497]: pam_unix(cron:session): session closed for user root
Jun 23 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30880]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31048]: Successful su for rubyman by root
Jun 23 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31048]: + ??? root:rubyman
Jun 23 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578255 of user rubyman.
Jun 23 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31048]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578255.
Jun 23 16:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28152]: pam_unix(cron:session): session closed for user root
Jun 23 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: Failed password for root from 38.93.206.2 port 14924 ssh2
Jun 23 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31127]: Connection closed by 38.93.206.2 port 14924 [preauth]
Jun 23 16:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session closed for user root
Jun 23 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31384]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31448]: Successful su for rubyman by root
Jun 23 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31448]: + ??? root:rubyman
Jun 23 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578261 of user rubyman.
Jun 23 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31448]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578261.
Jun 23 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28556]: pam_unix(cron:session): session closed for user root
Jun 23 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31385]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session closed for user root
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31880]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32018]: Successful su for rubyman by root
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32018]: + ??? root:rubyman
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578266 of user rubyman.
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32018]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578266.
Jun 23 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31878]: pam_unix(cron:session): session closed for user root
Jun 23 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29068]: pam_unix(cron:session): session closed for user root
Jun 23 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31881]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30884]: pam_unix(cron:session): session closed for user root
Jun 23 16:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: Received disconnect from 172.96.172.91 port 56274:11: disconnected by user [preauth]
Jun 23 16:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: Disconnected from 172.96.172.91 port 56274 [preauth]
Jun 23 16:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 23 16:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Failed password for root from 45.148.10.121 port 58970 ssh2
Jun 23 16:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Connection closed by 45.148.10.121 port 58970 [preauth]
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session closed for user root
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: Successful su for rubyman by root
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: + ??? root:rubyman
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578269 of user rubyman.
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578269.
Jun 23 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29496]: pam_unix(cron:session): session closed for user root
Jun 23 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session closed for user root
Jun 23 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31387]: pam_unix(cron:session): session closed for user root
Jun 23 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[364]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: Successful su for rubyman by root
Jun 23 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: + ??? root:rubyman
Jun 23 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578275 of user rubyman.
Jun 23 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578275.
Jun 23 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session closed for user root
Jun 23 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[365]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31883]: pam_unix(cron:session): session closed for user root
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[935]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: Successful su for rubyman by root
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: + ??? root:rubyman
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578278 of user rubyman.
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578278.
Jun 23 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30462]: pam_unix(cron:session): session closed for user root
Jun 23 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[937]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session closed for user root
Jun 23 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1553]: Successful su for rubyman by root
Jun 23 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1553]: + ??? root:rubyman
Jun 23 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578282 of user rubyman.
Jun 23 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1553]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578282.
Jun 23 16:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session closed for user root
Jun 23 16:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1398]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[367]: pam_unix(cron:session): session closed for user root
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1944]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: Successful su for rubyman by root
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: + ??? root:rubyman
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578287 of user rubyman.
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578287.
Jun 23 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31386]: pam_unix(cron:session): session closed for user root
Jun 23 16:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1945]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[939]: pam_unix(cron:session): session closed for user root
Jun 23 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Failed password for root from 103.77.175.15 port 54658 ssh2
Jun 23 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Connection closed by 103.77.175.15 port 54658 [preauth]
Jun 23 16:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2420]: pam_unix(cron:session): session closed for user root
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2414]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2487]: Successful su for rubyman by root
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2487]: + ??? root:rubyman
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578292 of user rubyman.
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2487]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578292.
Jun 23 16:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: Failed password for root from 103.153.68.219 port 47574 ssh2
Jun 23 16:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2403]: Connection closed by 103.153.68.219 port 47574 [preauth]
Jun 23 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2417]: pam_unix(cron:session): session closed for user root
Jun 23 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31882]: pam_unix(cron:session): session closed for user root
Jun 23 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2416]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 16:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 16:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Failed password for root from 176.32.39.21 port 38494 ssh2
Jun 23 16:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Connection closed by 176.32.39.21 port 38494 [preauth]
Jun 23 16:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Failed password for root from 193.24.211.107 port 34273 ssh2
Jun 23 16:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Received disconnect from 193.24.211.107 port 34273:11: Client disconnecting normally [preauth]
Jun 23 16:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Disconnected from 193.24.211.107 port 34273 [preauth]
Jun 23 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1400]: pam_unix(cron:session): session closed for user root
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2936]: Successful su for rubyman by root
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2936]: + ??? root:rubyman
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578298 of user rubyman.
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2936]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578298.
Jun 23 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session closed for user root
Jun 23 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: Failed password for root from 103.15.222.183 port 41254 ssh2
Jun 23 16:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3086]: Connection closed by 103.15.222.183 port 41254 [preauth]
Jun 23 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1947]: pam_unix(cron:session): session closed for user root
Jun 23 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3274]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3271]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3271]: pam_unix(cron:session): session closed for user root
Jun 23 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3273]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3332]: Successful su for rubyman by root
Jun 23 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3332]: + ??? root:rubyman
Jun 23 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578301 of user rubyman.
Jun 23 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3332]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578301.
Jun 23 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[366]: pam_unix(cron:session): session closed for user root
Jun 23 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3274]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2419]: pam_unix(cron:session): session closed for user root
Jun 23 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3834]: Successful su for rubyman by root
Jun 23 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3834]: + ??? root:rubyman
Jun 23 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578305 of user rubyman.
Jun 23 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3834]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578305.
Jun 23 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[938]: pam_unix(cron:session): session closed for user root
Jun 23 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: Invalid user pankaj from 141.98.83.240
Jun 23 16:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: input_userauth_request: invalid user pankaj [preauth]
Jun 23 16:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 16:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: Failed password for invalid user pankaj from 141.98.83.240 port 14442 ssh2
Jun 23 16:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2873]: pam_unix(cron:session): session closed for user root
Jun 23 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: Failed password for invalid user pankaj from 141.98.83.240 port 14442 ssh2
Jun 23 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: Failed password for invalid user pankaj from 141.98.83.240 port 14442 ssh2
Jun 23 16:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: Connection closed by 141.98.83.240 port 14442 [preauth]
Jun 23 16:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4344]: Successful su for rubyman by root
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4344]: + ??? root:rubyman
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578310 of user rubyman.
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4344]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578310.
Jun 23 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1399]: pam_unix(cron:session): session closed for user root
Jun 23 16:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3276]: pam_unix(cron:session): session closed for user root
Jun 23 16:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4625]: Received disconnect from 103.161.34.59 port 31402:11: disconnected by user [preauth]
Jun 23 16:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4625]: Disconnected from 103.161.34.59 port 31402 [preauth]
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4687]: pam_unix(cron:session): session closed for user root
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4681]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4779]: Successful su for rubyman by root
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4779]: + ??? root:rubyman
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578313 of user rubyman.
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4779]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578313.
Jun 23 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4684]: pam_unix(cron:session): session closed for user root
Jun 23 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1946]: pam_unix(cron:session): session closed for user root
Jun 23 16:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 16:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: Failed password for root from 202.178.126.219 port 13200 ssh2
Jun 23 16:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5076]: Connection closed by 202.178.126.219 port 13200 [preauth]
Jun 23 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3680]: pam_unix(cron:session): session closed for user root
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5217]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5291]: Successful su for rubyman by root
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5291]: + ??? root:rubyman
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578320 of user rubyman.
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5291]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578320.
Jun 23 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2418]: pam_unix(cron:session): session closed for user root
Jun 23 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5218]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4277]: pam_unix(cron:session): session closed for user root
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5635]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: Successful su for rubyman by root
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: + ??? root:rubyman
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578323 of user rubyman.
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578323.
Jun 23 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session closed for user root
Jun 23 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5636]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4686]: pam_unix(cron:session): session closed for user root
Jun 23 16:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 16:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Failed password for root from 80.66.85.226 port 54768 ssh2
Jun 23 16:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Connection closed by 80.66.85.226 port 54768 [preauth]
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6021]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6079]: Successful su for rubyman by root
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6079]: + ??? root:rubyman
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578327 of user rubyman.
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6079]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578327.
Jun 23 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3275]: pam_unix(cron:session): session closed for user root
Jun 23 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6022]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5221]: pam_unix(cron:session): session closed for user root
Jun 23 16:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 16:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Failed password for root from 103.27.238.120 port 37846 ssh2
Jun 23 16:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Connection closed by 103.27.238.120 port 37846 [preauth]
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6472]: Successful su for rubyman by root
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6472]: + ??? root:rubyman
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578332 of user rubyman.
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6472]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578332.
Jun 23 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session closed for user root
Jun 23 16:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 16:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Failed password for root from 193.46.255.86 port 45602 ssh2
Jun 23 16:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 45602 ssh2]
Jun 23 16:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Connection closed by 193.46.255.86 port 45602 [preauth]
Jun 23 16:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 16:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5638]: pam_unix(cron:session): session closed for user root
Jun 23 16:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: Received disconnect from 172.96.172.91 port 42968:11: disconnected by user [preauth]
Jun 23 16:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: Disconnected from 172.96.172.91 port 42968 [preauth]
Jun 23 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session closed for user root
Jun 23 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6831]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: Successful su for rubyman by root
Jun 23 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: + ??? root:rubyman
Jun 23 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578335 of user rubyman.
Jun 23 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578335.
Jun 23 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session closed for user root
Jun 23 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4276]: pam_unix(cron:session): session closed for user root
Jun 23 16:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session closed for user root
Jun 23 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7355]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7425]: Successful su for rubyman by root
Jun 23 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7425]: + ??? root:rubyman
Jun 23 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578342 of user rubyman.
Jun 23 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7425]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578342.
Jun 23 16:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4685]: pam_unix(cron:session): session closed for user root
Jun 23 16:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7356]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session closed for user root
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7909]: Successful su for rubyman by root
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7909]: + ??? root:rubyman
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578345 of user rubyman.
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7909]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578345.
Jun 23 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5220]: pam_unix(cron:session): session closed for user root
Jun 23 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session closed for user root
Jun 23 16:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 16:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: Failed password for root from 147.45.211.215 port 41564 ssh2
Jun 23 16:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8198]: Connection closed by 147.45.211.215 port 41564 [preauth]
Jun 23 16:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8250]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8308]: Successful su for rubyman by root
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8308]: + ??? root:rubyman
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578349 of user rubyman.
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8308]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578349.
Jun 23 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Connection closed by 66.240.236.116 port 49974 [preauth]
Jun 23 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5637]: pam_unix(cron:session): session closed for user root
Jun 23 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8251]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7358]: pam_unix(cron:session): session closed for user root
Jun 23 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8643]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8702]: Successful su for rubyman by root
Jun 23 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8702]: + ??? root:rubyman
Jun 23 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578354 of user rubyman.
Jun 23 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8702]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578354.
Jun 23 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session closed for user root
Jun 23 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8644]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Received disconnect from 176.65.131.189 port 45028:11: disconnected by user [preauth]
Jun 23 16:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Disconnected from 176.65.131.189 port 45028 [preauth]
Jun 23 16:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7854]: pam_unix(cron:session): session closed for user root
Jun 23 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session closed for user root
Jun 23 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9039]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9106]: Successful su for rubyman by root
Jun 23 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9106]: + ??? root:rubyman
Jun 23 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578360 of user rubyman.
Jun 23 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9106]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578360.
Jun 23 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9041]: pam_unix(cron:session): session closed for user root
Jun 23 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session closed for user root
Jun 23 16:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9040]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8254]: pam_unix(cron:session): session closed for user root
Jun 23 16:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Connection closed by 194.59.206.2 port 53710 [preauth]
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9457]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: Successful su for rubyman by root
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: + ??? root:rubyman
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578363 of user rubyman.
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578363.
Jun 23 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session closed for user root
Jun 23 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9458]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8646]: pam_unix(cron:session): session closed for user root
Jun 23 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10099]: Successful su for rubyman by root
Jun 23 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10099]: + ??? root:rubyman
Jun 23 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578367 of user rubyman.
Jun 23 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10099]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578367.
Jun 23 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7357]: pam_unix(cron:session): session closed for user root
Jun 23 16:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9044]: pam_unix(cron:session): session closed for user root
Jun 23 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10527]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10591]: Successful su for rubyman by root
Jun 23 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10591]: + ??? root:rubyman
Jun 23 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578372 of user rubyman.
Jun 23 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10591]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578372.
Jun 23 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session closed for user root
Jun 23 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session closed for user root
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10944]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11011]: Successful su for rubyman by root
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11011]: + ??? root:rubyman
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578376 of user rubyman.
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11011]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578376.
Jun 23 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8253]: pam_unix(cron:session): session closed for user root
Jun 23 16:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10945]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9880]: pam_unix(cron:session): session closed for user root
Jun 23 16:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 16:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Failed password for root from 77.94.47.83 port 52180 ssh2
Jun 23 16:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Connection closed by 77.94.47.83 port 52180 [preauth]
Jun 23 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session closed for user root
Jun 23 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11366]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11445]: Successful su for rubyman by root
Jun 23 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11445]: + ??? root:rubyman
Jun 23 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578379 of user rubyman.
Jun 23 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11445]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578379.
Jun 23 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session closed for user root
Jun 23 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8645]: pam_unix(cron:session): session closed for user root
Jun 23 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11367]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10530]: pam_unix(cron:session): session closed for user root
Jun 23 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11910]: Successful su for rubyman by root
Jun 23 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11910]: + ??? root:rubyman
Jun 23 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578385 of user rubyman.
Jun 23 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11910]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578385.
Jun 23 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9042]: pam_unix(cron:session): session closed for user root
Jun 23 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10947]: pam_unix(cron:session): session closed for user root
Jun 23 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12377]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: Successful su for rubyman by root
Jun 23 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: + ??? root:rubyman
Jun 23 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578389 of user rubyman.
Jun 23 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578389.
Jun 23 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9459]: pam_unix(cron:session): session closed for user root
Jun 23 16:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12378]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session closed for user root
Jun 23 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: Successful su for rubyman by root
Jun 23 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: + ??? root:rubyman
Jun 23 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578395 of user rubyman.
Jun 23 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578395.
Jun 23 16:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session closed for user root
Jun 23 16:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 16:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13078]: Failed password for root from 193.24.211.107 port 3624 ssh2
Jun 23 16:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13078]: Received disconnect from 193.24.211.107 port 3624:11: Client disconnecting normally [preauth]
Jun 23 16:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13078]: Disconnected from 193.24.211.107 port 3624 [preauth]
Jun 23 16:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11836]: pam_unix(cron:session): session closed for user root
Jun 23 16:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 16:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Failed password for root from 103.172.78.219 port 57528 ssh2
Jun 23 16:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Connection closed by 103.172.78.219 port 57528 [preauth]
Jun 23 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13333]: Successful su for rubyman by root
Jun 23 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13333]: + ??? root:rubyman
Jun 23 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578397 of user rubyman.
Jun 23 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13333]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578397.
Jun 23 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session closed for user root
Jun 23 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session closed for user root
Jun 23 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session closed for user root
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13704]: pam_unix(cron:session): session closed for user root
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13698]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13778]: Successful su for rubyman by root
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13778]: + ??? root:rubyman
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578402 of user rubyman.
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13778]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578402.
Jun 23 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13701]: pam_unix(cron:session): session closed for user root
Jun 23 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10946]: pam_unix(cron:session): session closed for user root
Jun 23 16:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12798]: pam_unix(cron:session): session closed for user root
Jun 23 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14135]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14133]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14200]: Successful su for rubyman by root
Jun 23 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14200]: + ??? root:rubyman
Jun 23 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578409 of user rubyman.
Jun 23 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14200]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578409.
Jun 23 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11369]: pam_unix(cron:session): session closed for user root
Jun 23 16:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session closed for user root
Jun 23 16:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 16:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: Failed password for root from 103.176.20.57 port 58578 ssh2
Jun 23 16:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14476]: Connection closed by 103.176.20.57 port 58578 [preauth]
Jun 23 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14533]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14593]: Successful su for rubyman by root
Jun 23 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14593]: + ??? root:rubyman
Jun 23 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578412 of user rubyman.
Jun 23 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14593]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578412.
Jun 23 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session closed for user root
Jun 23 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14534]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13703]: pam_unix(cron:session): session closed for user root
Jun 23 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15074]: Successful su for rubyman by root
Jun 23 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15074]: + ??? root:rubyman
Jun 23 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578417 of user rubyman.
Jun 23 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15074]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578417.
Jun 23 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session closed for user root
Jun 23 16:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15016]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 16:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: Failed password for root from 51.250.105.222 port 35448 ssh2
Jun 23 16:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: Connection closed by 51.250.105.222 port 35448 [preauth]
Jun 23 16:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 16:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 16:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Received disconnect from 137.59.54.34 port 54284:11: disconnected by user [preauth]
Jun 23 16:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: Disconnected from 137.59.54.34 port 54284 [preauth]
Jun 23 16:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: Invalid user user from 45.148.10.121
Jun 23 16:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: input_userauth_request: invalid user user [preauth]
Jun 23 16:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 16:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: Failed password for invalid user user from 45.148.10.121 port 53386 ssh2
Jun 23 16:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: Connection closed by 45.148.10.121 port 53386 [preauth]
Jun 23 16:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14136]: pam_unix(cron:session): session closed for user root
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15414]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: Successful su for rubyman by root
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: + ??? root:rubyman
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578421 of user rubyman.
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578421.
Jun 23 16:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session closed for user root
Jun 23 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 16:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15415]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: Failed password for root from 103.82.132.16 port 60294 ssh2
Jun 23 16:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: Connection closed by 103.82.132.16 port 60294 [preauth]
Jun 23 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14536]: pam_unix(cron:session): session closed for user root
Jun 23 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session closed for user root
Jun 23 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15810]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15876]: Successful su for rubyman by root
Jun 23 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15876]: + ??? root:rubyman
Jun 23 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578426 of user rubyman.
Jun 23 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15876]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578426.
Jun 23 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15812]: pam_unix(cron:session): session closed for user root
Jun 23 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13216]: pam_unix(cron:session): session closed for user root
Jun 23 16:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15811]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session closed for user root
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16226]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16290]: Successful su for rubyman by root
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16290]: + ??? root:rubyman
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578432 of user rubyman.
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16290]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578432.
Jun 23 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13702]: pam_unix(cron:session): session closed for user root
Jun 23 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15417]: pam_unix(cron:session): session closed for user root
Jun 23 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 16:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Failed password for root from 147.45.199.80 port 33726 ssh2
Jun 23 16:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Connection closed by 147.45.199.80 port 33726 [preauth]
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16619]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16682]: Successful su for rubyman by root
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16682]: + ??? root:rubyman
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578435 of user rubyman.
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16682]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578435.
Jun 23 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14135]: pam_unix(cron:session): session closed for user root
Jun 23 16:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16620]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session closed for user root
Jun 23 16:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: Invalid user administrator from 141.98.83.240
Jun 23 16:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: input_userauth_request: invalid user administrator [preauth]
Jun 23 16:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 16:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: Failed password for invalid user administrator from 141.98.83.240 port 60710 ssh2
Jun 23 16:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: Failed password for invalid user administrator from 141.98.83.240 port 60710 ssh2
Jun 23 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: Failed password for invalid user administrator from 141.98.83.240 port 60710 ssh2
Jun 23 16:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: Connection closed by 141.98.83.240 port 60710 [preauth]
Jun 23 16:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17115]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17178]: Successful su for rubyman by root
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17178]: + ??? root:rubyman
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578439 of user rubyman.
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17178]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578439.
Jun 23 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14535]: pam_unix(cron:session): session closed for user root
Jun 23 16:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17116]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16229]: pam_unix(cron:session): session closed for user root
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17527]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17586]: Successful su for rubyman by root
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17586]: + ??? root:rubyman
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578442 of user rubyman.
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17586]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578442.
Jun 23 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15018]: pam_unix(cron:session): session closed for user root
Jun 23 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17528]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 16:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: Failed password for root from 38.93.206.2 port 35150 ssh2
Jun 23 16:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: Connection closed by 38.93.206.2 port 35150 [preauth]
Jun 23 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session closed for user root
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18032]: pam_unix(cron:session): session closed for user root
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18099]: Successful su for rubyman by root
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18099]: + ??? root:rubyman
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578450 of user rubyman.
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18099]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578450.
Jun 23 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15416]: pam_unix(cron:session): session closed for user root
Jun 23 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18029]: pam_unix(cron:session): session closed for user root
Jun 23 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18027]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session closed for user root
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18563]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18632]: Successful su for rubyman by root
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18632]: + ??? root:rubyman
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578453 of user rubyman.
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18632]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578453.
Jun 23 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15813]: pam_unix(cron:session): session closed for user root
Jun 23 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18564]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 16:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: Failed password for root from 103.27.238.114 port 33274 ssh2
Jun 23 16:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: Connection closed by 103.27.238.114 port 33274 [preauth]
Jun 23 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17530]: pam_unix(cron:session): session closed for user root
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18994]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: Successful su for rubyman by root
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: + ??? root:rubyman
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578457 of user rubyman.
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578457.
Jun 23 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16228]: pam_unix(cron:session): session closed for user root
Jun 23 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18995]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18031]: pam_unix(cron:session): session closed for user root
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19491]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19746]: Successful su for rubyman by root
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19746]: + ??? root:rubyman
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578460 of user rubyman.
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19746]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578460.
Jun 23 16:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session closed for user root
Jun 23 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19493]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18566]: pam_unix(cron:session): session closed for user root
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20089]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: Successful su for rubyman by root
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: + ??? root:rubyman
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578465 of user rubyman.
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578465.
Jun 23 16:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17117]: pam_unix(cron:session): session closed for user root
Jun 23 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20091]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18998]: pam_unix(cron:session): session closed for user root
Jun 23 16:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Did not receive identification string from 91.92.40.11
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20597]: pam_unix(cron:session): session closed for user root
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20725]: Successful su for rubyman by root
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20725]: + ??? root:rubyman
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578470 of user rubyman.
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20725]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578470.
Jun 23 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20594]: pam_unix(cron:session): session closed for user root
Jun 23 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17529]: pam_unix(cron:session): session closed for user root
Jun 23 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20593]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 16:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: Failed password for root from 103.77.242.62 port 47008 ssh2
Jun 23 16:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: Connection closed by 103.77.242.62 port 47008 [preauth]
Jun 23 16:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19552]: pam_unix(cron:session): session closed for user root
Jun 23 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21129]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21204]: Successful su for rubyman by root
Jun 23 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21204]: + ??? root:rubyman
Jun 23 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578474 of user rubyman.
Jun 23 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21204]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578474.
Jun 23 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18030]: pam_unix(cron:session): session closed for user root
Jun 23 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21130]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20094]: pam_unix(cron:session): session closed for user root
Jun 23 16:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 16:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: Failed password for root from 103.82.20.28 port 36886 ssh2
Jun 23 16:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: Connection closed by 103.82.20.28 port 36886 [preauth]
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21554]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21626]: Successful su for rubyman by root
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21626]: + ??? root:rubyman
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578478 of user rubyman.
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21626]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578478.
Jun 23 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18565]: pam_unix(cron:session): session closed for user root
Jun 23 16:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21559]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20596]: pam_unix(cron:session): session closed for user root
Jun 23 16:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 16:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: Failed password for root from 87.251.79.125 port 50022 ssh2
Jun 23 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: Connection closed by 87.251.79.125 port 50022 [preauth]
Jun 23 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: Invalid user arden from 2.57.121.112
Jun 23 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: input_userauth_request: invalid user arden [preauth]
Jun 23 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: Failed password for invalid user arden from 2.57.121.112 port 58660 ssh2
Jun 23 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: Failed password for invalid user arden from 2.57.121.112 port 58660 ssh2
Jun 23 16:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: Failed password for invalid user arden from 2.57.121.112 port 58660 ssh2
Jun 23 16:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: Failed password for invalid user arden from 2.57.121.112 port 58660 ssh2
Jun 23 16:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: Connection closed by 2.57.121.112 port 58660 [preauth]
Jun 23 16:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 16:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 23 16:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: Invalid user arden from 2.57.121.112
Jun 23 16:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: input_userauth_request: invalid user arden [preauth]
Jun 23 16:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 16:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21978]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22036]: Successful su for rubyman by root
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22036]: + ??? root:rubyman
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578482 of user rubyman.
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22036]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578482.
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: Failed password for invalid user arden from 2.57.121.112 port 26498 ssh2
Jun 23 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21975]: Connection closed by 2.57.121.112 port 26498 [preauth]
Jun 23 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18997]: pam_unix(cron:session): session closed for user root
Jun 23 16:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21979]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session closed for user root
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22472]: pam_unix(cron:session): session closed for user p13x
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22533]: Successful su for rubyman by root
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22533]: + ??? root:rubyman
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578486 of user rubyman.
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22533]: pam_unix(su:session): session closed for user rubyman
Jun 23 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578486.
Jun 23 16:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session closed for user root
Jun 23 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session closed for user samftp
Jun 23 16:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 16:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 16:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: Failed password for root from 91.92.40.11 port 37370 ssh2
Jun 23 16:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22718]: Connection closed by 91.92.40.11 port 37370 [preauth]
Jun 23 16:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21561]: pam_unix(cron:session): session closed for user root
Jun 23 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22886]: pam_unix(cron:session): session closed for user root
Jun 23 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22882]: pam_unix(cron:session): session closed for user root
Jun 23 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22880]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22972]: Successful su for rubyman by root
Jun 23 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22972]: + ??? root:rubyman
Jun 23 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578494 of user rubyman.
Jun 23 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22972]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578494.
Jun 23 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20093]: pam_unix(cron:session): session closed for user root
Jun 23 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22883]: pam_unix(cron:session): session closed for user root
Jun 23 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22881]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 17:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: Failed password for root from 202.178.126.219 port 19841 ssh2
Jun 23 17:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: Connection closed by 202.178.126.219 port 19841 [preauth]
Jun 23 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21981]: pam_unix(cron:session): session closed for user root
Jun 23 17:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 23 17:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Failed password for root from 94.159.110.201 port 48024 ssh2
Jun 23 17:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Connection closed by 94.159.110.201 port 48024 [preauth]
Jun 23 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Failed password for root from 91.92.40.11 port 37580 ssh2
Jun 23 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Connection closed by 91.92.40.11 port 37580 [preauth]
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23397]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23465]: Successful su for rubyman by root
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23465]: + ??? root:rubyman
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578497 of user rubyman.
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23465]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578497.
Jun 23 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20595]: pam_unix(cron:session): session closed for user root
Jun 23 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23398]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 17:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: Failed password for root from 193.24.211.107 port 56340 ssh2
Jun 23 17:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: Received disconnect from 193.24.211.107 port 56340:11: Client disconnecting normally [preauth]
Jun 23 17:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: Disconnected from 193.24.211.107 port 56340 [preauth]
Jun 23 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22475]: pam_unix(cron:session): session closed for user root
Jun 23 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23761]: Received disconnect from 96.127.172.215 port 51528:11: disconnected by user [preauth]
Jun 23 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23761]: Disconnected from 96.127.172.215 port 51528 [preauth]
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23930]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23991]: Successful su for rubyman by root
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23991]: + ??? root:rubyman
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578501 of user rubyman.
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23991]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578501.
Jun 23 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21131]: pam_unix(cron:session): session closed for user root
Jun 23 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Failed password for root from 91.92.40.11 port 34550 ssh2
Jun 23 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Connection closed by 91.92.40.11 port 34550 [preauth]
Jun 23 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22885]: pam_unix(cron:session): session closed for user root
Jun 23 17:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24297]: Invalid user  from 192.109.200.78
Jun 23 17:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24297]: input_userauth_request: invalid user  [preauth]
Jun 23 17:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24297]: Connection closed by 192.109.200.78 port 42592 [preauth]
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24409]: Successful su for rubyman by root
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24409]: + ??? root:rubyman
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578506 of user rubyman.
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24409]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578506.
Jun 23 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21560]: pam_unix(cron:session): session closed for user root
Jun 23 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24353]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Invalid user user2 from 192.109.200.78
Jun 23 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: input_userauth_request: invalid user user2 [preauth]
Jun 23 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Failed password for invalid user user2 from 192.109.200.78 port 37510 ssh2
Jun 23 17:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Connection closed by 192.109.200.78 port 37510 [preauth]
Jun 23 17:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: Invalid user csgo from 192.109.200.78
Jun 23 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: input_userauth_request: invalid user csgo [preauth]
Jun 23 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: Failed password for invalid user csgo from 192.109.200.78 port 53272 ssh2
Jun 23 17:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: Connection closed by 192.109.200.78 port 53272 [preauth]
Jun 23 17:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: Failed password for root from 192.109.200.78 port 53288 ssh2
Jun 23 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24685]: Connection closed by 192.109.200.78 port 53288 [preauth]
Jun 23 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24696]: Invalid user fastuser from 192.109.200.78
Jun 23 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24696]: input_userauth_request: invalid user fastuser [preauth]
Jun 23 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24696]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23400]: pam_unix(cron:session): session closed for user root
Jun 23 17:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24696]: Failed password for invalid user fastuser from 192.109.200.78 port 38302 ssh2
Jun 23 17:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24696]: Connection closed by 192.109.200.78 port 38302 [preauth]
Jun 23 17:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Invalid user student from 192.109.200.78
Jun 23 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: input_userauth_request: invalid user student [preauth]
Jun 23 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Failed password for invalid user student from 192.109.200.78 port 38314 ssh2
Jun 23 17:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Connection closed by 192.109.200.78 port 38314 [preauth]
Jun 23 17:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: Invalid user administrator from 192.109.200.78
Jun 23 17:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: input_userauth_request: invalid user administrator [preauth]
Jun 23 17:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: Failed password for invalid user administrator from 192.109.200.78 port 38318 ssh2
Jun 23 17:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: Connection closed by 192.109.200.78 port 38318 [preauth]
Jun 23 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Invalid user teste from 192.109.200.78
Jun 23 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: input_userauth_request: invalid user teste [preauth]
Jun 23 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: Failed password for root from 91.92.40.11 port 59006 ssh2
Jun 23 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Failed password for invalid user teste from 192.109.200.78 port 37318 ssh2
Jun 23 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Connection closed by 192.109.200.78 port 37318 [preauth]
Jun 23 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: Connection closed by 91.92.40.11 port 59006 [preauth]
Jun 23 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: Invalid user developer from 192.109.200.78
Jun 23 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: input_userauth_request: invalid user developer [preauth]
Jun 23 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: Failed password for invalid user developer from 192.109.200.78 port 37324 ssh2
Jun 23 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: Connection closed by 192.109.200.78 port 37324 [preauth]
Jun 23 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Failed password for root from 192.109.200.78 port 37336 ssh2
Jun 23 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Connection closed by 192.109.200.78 port 37336 [preauth]
Jun 23 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Invalid user pi from 192.109.200.78
Jun 23 17:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: input_userauth_request: invalid user pi [preauth]
Jun 23 17:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Failed password for invalid user pi from 192.109.200.78 port 40210 ssh2
Jun 23 17:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Connection closed by 192.109.200.78 port 40210 [preauth]
Jun 23 17:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Invalid user dev from 192.109.200.78
Jun 23 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: input_userauth_request: invalid user dev [preauth]
Jun 23 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Failed password for invalid user dev from 192.109.200.78 port 40214 ssh2
Jun 23 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Connection closed by 192.109.200.78 port 40214 [preauth]
Jun 23 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24859]: Successful su for rubyman by root
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24859]: + ??? root:rubyman
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578511 of user rubyman.
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24859]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578511.
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: Failed password for root from 192.109.200.78 port 40222 ssh2
Jun 23 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: Connection closed by 192.109.200.78 port 40222 [preauth]
Jun 23 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Invalid user runner from 192.109.200.78
Jun 23 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: input_userauth_request: invalid user runner [preauth]
Jun 23 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21980]: pam_unix(cron:session): session closed for user root
Jun 23 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Failed password for invalid user runner from 192.109.200.78 port 48884 ssh2
Jun 23 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Connection closed by 192.109.200.78 port 48884 [preauth]
Jun 23 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: Failed password for root from 192.109.200.78 port 48896 ssh2
Jun 23 17:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: Connection closed by 192.109.200.78 port 48896 [preauth]
Jun 23 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Invalid user runner from 192.109.200.78
Jun 23 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: input_userauth_request: invalid user runner [preauth]
Jun 23 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Failed password for invalid user runner from 192.109.200.78 port 48908 ssh2
Jun 23 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Connection closed by 192.109.200.78 port 48908 [preauth]
Jun 23 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Invalid user sam from 192.109.200.78
Jun 23 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: input_userauth_request: invalid user sam [preauth]
Jun 23 17:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Failed password for invalid user sam from 192.109.200.78 port 34654 ssh2
Jun 23 17:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Connection closed by 192.109.200.78 port 34654 [preauth]
Jun 23 17:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Failed password for root from 192.109.200.78 port 34672 ssh2
Jun 23 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Connection closed by 192.109.200.78 port 34672 [preauth]
Jun 23 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Invalid user admin2 from 192.109.200.78
Jun 23 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: input_userauth_request: invalid user admin2 [preauth]
Jun 23 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Failed password for invalid user admin2 from 192.109.200.78 port 34702 ssh2
Jun 23 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Connection closed by 192.109.200.78 port 34702 [preauth]
Jun 23 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Failed password for root from 192.109.200.78 port 59510 ssh2
Jun 23 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Connection closed by 192.109.200.78 port 59510 [preauth]
Jun 23 17:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Invalid user admin from 2.57.121.25
Jun 23 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: Invalid user deploy from 192.109.200.78
Jun 23 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Failed password for invalid user admin from 2.57.121.25 port 54210 ssh2
Jun 23 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: Failed password for invalid user deploy from 192.109.200.78 port 59522 ssh2
Jun 23 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: Connection closed by 192.109.200.78 port 59522 [preauth]
Jun 23 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Failed password for invalid user admin from 2.57.121.25 port 54210 ssh2
Jun 23 17:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Failed password for root from 192.109.200.78 port 59532 ssh2
Jun 23 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Connection closed by 192.109.200.78 port 59532 [preauth]
Jun 23 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Failed password for invalid user admin from 2.57.121.25 port 54210 ssh2
Jun 23 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Connection closed by 2.57.121.25 port 54210 [preauth]
Jun 23 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23930]: pam_unix(cron:session): session closed for user root
Jun 23 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25132]: Failed password for root from 192.109.200.78 port 33184 ssh2
Jun 23 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25132]: Connection closed by 192.109.200.78 port 33184 [preauth]
Jun 23 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: Invalid user odoo16 from 192.109.200.78
Jun 23 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: input_userauth_request: invalid user odoo16 [preauth]
Jun 23 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: Failed password for invalid user odoo16 from 192.109.200.78 port 33206 ssh2
Jun 23 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: Connection closed by 192.109.200.78 port 33206 [preauth]
Jun 23 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Failed password for root from 192.109.200.78 port 33234 ssh2
Jun 23 17:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25169]: Connection closed by 192.109.200.78 port 33234 [preauth]
Jun 23 17:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Invalid user bob from 192.109.200.78
Jun 23 17:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: input_userauth_request: invalid user bob [preauth]
Jun 23 17:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for invalid user bob from 192.109.200.78 port 37684 ssh2
Jun 23 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Connection closed by 192.109.200.78 port 37684 [preauth]
Jun 23 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Invalid user redhat from 192.109.200.78
Jun 23 17:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: input_userauth_request: invalid user redhat [preauth]
Jun 23 17:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Failed password for invalid user redhat from 192.109.200.78 port 37706 ssh2
Jun 23 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Connection closed by 192.109.200.78 port 37706 [preauth]
Jun 23 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: Invalid user azureuser from 192.109.200.78
Jun 23 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: Failed password for invalid user azureuser from 192.109.200.78 port 37738 ssh2
Jun 23 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: Connection closed by 192.109.200.78 port 37738 [preauth]
Jun 23 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: Invalid user niaoyun from 192.109.200.78
Jun 23 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: input_userauth_request: invalid user niaoyun [preauth]
Jun 23 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: Failed password for invalid user niaoyun from 192.109.200.78 port 38060 ssh2
Jun 23 17:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: Connection closed by 192.109.200.78 port 38060 [preauth]
Jun 23 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: Invalid user crafty from 192.109.200.78
Jun 23 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: input_userauth_request: invalid user crafty [preauth]
Jun 23 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: Failed password for invalid user crafty from 192.109.200.78 port 38062 ssh2
Jun 23 17:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25229]: Connection closed by 192.109.200.78 port 38062 [preauth]
Jun 23 17:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: Invalid user dev from 192.109.200.78
Jun 23 17:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: input_userauth_request: invalid user dev [preauth]
Jun 23 17:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25248]: pam_unix(cron:session): session closed for user root
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25243]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: Failed password for invalid user dev from 192.109.200.78 port 38070 ssh2
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: Connection closed by 192.109.200.78 port 38070 [preauth]
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25308]: Successful su for rubyman by root
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25308]: + ??? root:rubyman
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578514 of user rubyman.
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25308]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578514.
Jun 23 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Invalid user debian from 192.109.200.78
Jun 23 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: input_userauth_request: invalid user debian [preauth]
Jun 23 17:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25245]: pam_unix(cron:session): session closed for user root
Jun 23 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22474]: pam_unix(cron:session): session closed for user root
Jun 23 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Failed password for invalid user debian from 192.109.200.78 port 56628 ssh2
Jun 23 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Connection closed by 192.109.200.78 port 56628 [preauth]
Jun 23 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25244]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: Failed password for root from 192.109.200.78 port 56642 ssh2
Jun 23 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: Connection closed by 192.109.200.78 port 56642 [preauth]
Jun 23 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Invalid user odoo from 192.109.200.78
Jun 23 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: input_userauth_request: invalid user odoo [preauth]
Jun 23 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Failed password for invalid user odoo from 192.109.200.78 port 56654 ssh2
Jun 23 17:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Connection closed by 192.109.200.78 port 56654 [preauth]
Jun 23 17:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Failed password for root from 192.109.200.78 port 36694 ssh2
Jun 23 17:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Connection closed by 192.109.200.78 port 36694 [preauth]
Jun 23 17:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25532]: Failed password for root from 91.92.40.11 port 48862 ssh2
Jun 23 17:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25532]: Connection closed by 91.92.40.11 port 48862 [preauth]
Jun 23 17:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Invalid user minecraft from 192.109.200.78
Jun 23 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Failed password for invalid user minecraft from 192.109.200.78 port 36706 ssh2
Jun 23 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Connection closed by 192.109.200.78 port 36706 [preauth]
Jun 23 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Invalid user media from 192.109.200.78
Jun 23 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: input_userauth_request: invalid user media [preauth]
Jun 23 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Failed password for invalid user media from 192.109.200.78 port 36734 ssh2
Jun 23 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Connection closed by 192.109.200.78 port 36734 [preauth]
Jun 23 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: Invalid user user from 192.109.200.78
Jun 23 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: input_userauth_request: invalid user user [preauth]
Jun 23 17:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: Failed password for invalid user user from 192.109.200.78 port 37686 ssh2
Jun 23 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: Connection closed by 192.109.200.78 port 37686 [preauth]
Jun 23 17:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: Invalid user test from 192.109.200.78
Jun 23 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: input_userauth_request: invalid user test [preauth]
Jun 23 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: Failed password for invalid user test from 192.109.200.78 port 37704 ssh2
Jun 23 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: Connection closed by 192.109.200.78 port 37704 [preauth]
Jun 23 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: Failed password for root from 192.109.200.78 port 37716 ssh2
Jun 23 17:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: Connection closed by 192.109.200.78 port 37716 [preauth]
Jun 23 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Invalid user devuser from 192.109.200.78
Jun 23 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: input_userauth_request: invalid user devuser [preauth]
Jun 23 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24355]: pam_unix(cron:session): session closed for user root
Jun 23 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Failed password for invalid user devuser from 192.109.200.78 port 57158 ssh2
Jun 23 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Connection closed by 192.109.200.78 port 57158 [preauth]
Jun 23 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: Failed password for root from 192.109.200.78 port 57174 ssh2
Jun 23 17:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: Connection closed by 192.109.200.78 port 57174 [preauth]
Jun 23 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: Invalid user hadoop from 192.109.200.78
Jun 23 17:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 17:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: Failed password for invalid user hadoop from 192.109.200.78 port 57192 ssh2
Jun 23 17:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: Connection closed by 192.109.200.78 port 57192 [preauth]
Jun 23 17:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: Invalid user deployer from 192.109.200.78
Jun 23 17:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: input_userauth_request: invalid user deployer [preauth]
Jun 23 17:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: Failed password for invalid user deployer from 192.109.200.78 port 38174 ssh2
Jun 23 17:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: Connection closed by 192.109.200.78 port 38174 [preauth]
Jun 23 17:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Invalid user a from 192.109.200.78
Jun 23 17:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: input_userauth_request: invalid user a [preauth]
Jun 23 17:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Failed password for invalid user a from 192.109.200.78 port 38178 ssh2
Jun 23 17:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Connection closed by 192.109.200.78 port 38178 [preauth]
Jun 23 17:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: Failed password for invalid user ubuntu from 192.109.200.78 port 38182 ssh2
Jun 23 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: Connection closed by 192.109.200.78 port 38182 [preauth]
Jun 23 17:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: Invalid user bot from 192.109.200.78
Jun 23 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: input_userauth_request: invalid user bot [preauth]
Jun 23 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: Failed password for invalid user bot from 192.109.200.78 port 42262 ssh2
Jun 23 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: Connection closed by 192.109.200.78 port 42262 [preauth]
Jun 23 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Invalid user app from 192.109.200.78
Jun 23 17:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: input_userauth_request: invalid user app [preauth]
Jun 23 17:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Failed password for invalid user app from 192.109.200.78 port 42266 ssh2
Jun 23 17:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Connection closed by 192.109.200.78 port 42266 [preauth]
Jun 23 17:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: Invalid user pi from 192.109.200.78
Jun 23 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: input_userauth_request: invalid user pi [preauth]
Jun 23 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: Failed password for invalid user pi from 192.109.200.78 port 42270 ssh2
Jun 23 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: Connection closed by 192.109.200.78 port 42270 [preauth]
Jun 23 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25697]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: Successful su for rubyman by root
Jun 23 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: + ??? root:rubyman
Jun 23 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578519 of user rubyman.
Jun 23 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578519.
Jun 23 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: Invalid user testuser from 192.109.200.78
Jun 23 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: input_userauth_request: invalid user testuser [preauth]
Jun 23 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22884]: pam_unix(cron:session): session closed for user root
Jun 23 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: Failed password for invalid user testuser from 192.109.200.78 port 40152 ssh2
Jun 23 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: Connection closed by 192.109.200.78 port 40152 [preauth]
Jun 23 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25698]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: Invalid user server from 192.109.200.78
Jun 23 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: input_userauth_request: invalid user server [preauth]
Jun 23 17:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: Failed password for invalid user server from 192.109.200.78 port 40162 ssh2
Jun 23 17:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25948]: Connection closed by 192.109.200.78 port 40162 [preauth]
Jun 23 17:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: Invalid user rdpuser from 192.109.200.78
Jun 23 17:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 17:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: Failed password for invalid user rdpuser from 192.109.200.78 port 40166 ssh2
Jun 23 17:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: Connection closed by 192.109.200.78 port 40166 [preauth]
Jun 23 17:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: Invalid user centreon from 192.109.200.78
Jun 23 17:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: input_userauth_request: invalid user centreon [preauth]
Jun 23 17:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: Failed password for invalid user centreon from 192.109.200.78 port 35404 ssh2
Jun 23 17:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: Connection closed by 192.109.200.78 port 35404 [preauth]
Jun 23 17:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: Invalid user guest from 192.109.200.78
Jun 23 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: input_userauth_request: invalid user guest [preauth]
Jun 23 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: Failed password for invalid user guest from 192.109.200.78 port 35428 ssh2
Jun 23 17:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: Connection closed by 192.109.200.78 port 35428 [preauth]
Jun 23 17:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Failed password for root from 192.109.200.78 port 35440 ssh2
Jun 23 17:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Connection closed by 192.109.200.78 port 35440 [preauth]
Jun 23 17:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25997]: Failed password for root from 192.109.200.78 port 36912 ssh2
Jun 23 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25997]: Connection closed by 192.109.200.78 port 36912 [preauth]
Jun 23 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: Invalid user amir from 192.109.200.78
Jun 23 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: input_userauth_request: invalid user amir [preauth]
Jun 23 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: Failed password for invalid user amir from 192.109.200.78 port 36928 ssh2
Jun 23 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: Connection closed by 192.109.200.78 port 36928 [preauth]
Jun 23 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Invalid user frappe from 192.109.200.78
Jun 23 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: input_userauth_request: invalid user frappe [preauth]
Jun 23 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Failed password for invalid user frappe from 192.109.200.78 port 36934 ssh2
Jun 23 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Connection closed by 192.109.200.78 port 36934 [preauth]
Jun 23 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session closed for user root
Jun 23 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Invalid user claude from 192.109.200.78
Jun 23 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: input_userauth_request: invalid user claude [preauth]
Jun 23 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Failed password for invalid user claude from 192.109.200.78 port 56198 ssh2
Jun 23 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Connection closed by 192.109.200.78 port 56198 [preauth]
Jun 23 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26062]: Invalid user user from 192.109.200.78
Jun 23 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26062]: input_userauth_request: invalid user user [preauth]
Jun 23 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26062]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26062]: Failed password for invalid user user from 192.109.200.78 port 56212 ssh2
Jun 23 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26062]: Connection closed by 192.109.200.78 port 56212 [preauth]
Jun 23 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: Invalid user default from 192.109.200.78
Jun 23 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: input_userauth_request: invalid user default [preauth]
Jun 23 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: Failed password for invalid user default from 192.109.200.78 port 56214 ssh2
Jun 23 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: Connection closed by 192.109.200.78 port 56214 [preauth]
Jun 23 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: Failed password for root from 91.92.40.11 port 40686 ssh2
Jun 23 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: Connection closed by 91.92.40.11 port 40686 [preauth]
Jun 23 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Invalid user hamed from 192.109.200.78
Jun 23 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: input_userauth_request: invalid user hamed [preauth]
Jun 23 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Failed password for invalid user hamed from 192.109.200.78 port 38842 ssh2
Jun 23 17:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Connection closed by 192.109.200.78 port 38842 [preauth]
Jun 23 17:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Invalid user openvpn from 192.109.200.78
Jun 23 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: input_userauth_request: invalid user openvpn [preauth]
Jun 23 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Failed password for invalid user openvpn from 192.109.200.78 port 38848 ssh2
Jun 23 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Connection closed by 192.109.200.78 port 38848 [preauth]
Jun 23 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Invalid user username from 192.109.200.78
Jun 23 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: input_userauth_request: invalid user username [preauth]
Jun 23 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for invalid user username from 192.109.200.78 port 38862 ssh2
Jun 23 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Connection closed by 192.109.200.78 port 38862 [preauth]
Jun 23 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Invalid user admin123 from 192.109.200.78
Jun 23 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: input_userauth_request: invalid user admin123 [preauth]
Jun 23 17:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Failed password for invalid user admin123 from 192.109.200.78 port 57680 ssh2
Jun 23 17:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Connection closed by 192.109.200.78 port 57680 [preauth]
Jun 23 17:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: Invalid user testuser from 192.109.200.78
Jun 23 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: input_userauth_request: invalid user testuser [preauth]
Jun 23 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: Failed password for invalid user testuser from 192.109.200.78 port 57682 ssh2
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: Connection closed by 192.109.200.78 port 57682 [preauth]
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26135]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26134]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26195]: Successful su for rubyman by root
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26195]: + ??? root:rubyman
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578523 of user rubyman.
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26195]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578523.
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Invalid user alex from 192.109.200.78
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: input_userauth_request: invalid user alex [preauth]
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Failed password for invalid user alex from 192.109.200.78 port 57696 ssh2
Jun 23 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Connection closed by 192.109.200.78 port 57696 [preauth]
Jun 23 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23399]: pam_unix(cron:session): session closed for user root
Jun 23 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26133]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: Failed password for root from 192.109.200.78 port 33662 ssh2
Jun 23 17:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: Connection closed by 192.109.200.78 port 33662 [preauth]
Jun 23 17:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Invalid user system from 192.109.200.78
Jun 23 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: input_userauth_request: invalid user system [preauth]
Jun 23 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Failed password for invalid user system from 192.109.200.78 port 33666 ssh2
Jun 23 17:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Connection closed by 192.109.200.78 port 33666 [preauth]
Jun 23 17:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Failed password for root from 192.109.200.78 port 33674 ssh2
Jun 23 17:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Connection closed by 192.109.200.78 port 33674 [preauth]
Jun 23 17:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: Invalid user admin2 from 192.109.200.78
Jun 23 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: input_userauth_request: invalid user admin2 [preauth]
Jun 23 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: Failed password for invalid user admin2 from 192.109.200.78 port 55906 ssh2
Jun 23 17:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: Connection closed by 192.109.200.78 port 55906 [preauth]
Jun 23 17:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26416]: Failed password for root from 192.109.200.78 port 55908 ssh2
Jun 23 17:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26416]: Connection closed by 192.109.200.78 port 55908 [preauth]
Jun 23 17:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: Invalid user student from 192.109.200.78
Jun 23 17:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: input_userauth_request: invalid user student [preauth]
Jun 23 17:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: Failed password for invalid user student from 192.109.200.78 port 55914 ssh2
Jun 23 17:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: Connection closed by 192.109.200.78 port 55914 [preauth]
Jun 23 17:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Invalid user webuser from 192.109.200.78
Jun 23 17:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: input_userauth_request: invalid user webuser [preauth]
Jun 23 17:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Failed password for invalid user webuser from 192.109.200.78 port 35864 ssh2
Jun 23 17:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Connection closed by 192.109.200.78 port 35864 [preauth]
Jun 23 17:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26451]: Failed password for root from 192.109.200.78 port 35874 ssh2
Jun 23 17:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26451]: Connection closed by 192.109.200.78 port 35874 [preauth]
Jun 23 17:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25247]: pam_unix(cron:session): session closed for user root
Jun 23 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26461]: Failed password for root from 192.109.200.78 port 35876 ssh2
Jun 23 17:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26461]: Connection closed by 192.109.200.78 port 35876 [preauth]
Jun 23 17:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: Invalid user wizard from 192.109.200.78
Jun 23 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: input_userauth_request: invalid user wizard [preauth]
Jun 23 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: Failed password for invalid user wizard from 192.109.200.78 port 51474 ssh2
Jun 23 17:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: Connection closed by 192.109.200.78 port 51474 [preauth]
Jun 23 17:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26498]: Did not receive identification string from 147.185.132.63
Jun 23 17:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Invalid user martin from 192.109.200.78
Jun 23 17:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: input_userauth_request: invalid user martin [preauth]
Jun 23 17:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Failed password for invalid user martin from 192.109.200.78 port 51496 ssh2
Jun 23 17:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Connection closed by 192.109.200.78 port 51496 [preauth]
Jun 23 17:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Invalid user myuser from 192.109.200.78
Jun 23 17:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: input_userauth_request: invalid user myuser [preauth]
Jun 23 17:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Failed password for invalid user myuser from 192.109.200.78 port 58524 ssh2
Jun 23 17:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Connection closed by 192.109.200.78 port 58524 [preauth]
Jun 23 17:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: Failed password for root from 192.109.200.78 port 58534 ssh2
Jun 23 17:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: Connection closed by 192.109.200.78 port 58534 [preauth]
Jun 23 17:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26533]: Invalid user test from 192.109.200.78
Jun 23 17:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26533]: input_userauth_request: invalid user test [preauth]
Jun 23 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26533]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26533]: Failed password for invalid user test from 192.109.200.78 port 58544 ssh2
Jun 23 17:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26533]: Connection closed by 192.109.200.78 port 58544 [preauth]
Jun 23 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Failed password for root from 192.109.200.78 port 43778 ssh2
Jun 23 17:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Connection closed by 192.109.200.78 port 43778 [preauth]
Jun 23 17:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: Invalid user openclaw from 192.109.200.78
Jun 23 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: Failed password for root from 103.27.238.116 port 54238 ssh2
Jun 23 17:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: Connection closed by 103.27.238.116 port 54238 [preauth]
Jun 23 17:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: Failed password for invalid user openclaw from 192.109.200.78 port 43808 ssh2
Jun 23 17:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: Connection closed by 192.109.200.78 port 43808 [preauth]
Jun 23 17:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: Invalid user osmc from 192.109.200.78
Jun 23 17:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: input_userauth_request: invalid user osmc [preauth]
Jun 23 17:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26569]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26634]: Successful su for rubyman by root
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26634]: + ??? root:rubyman
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578527 of user rubyman.
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26634]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578527.
Jun 23 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: Failed password for invalid user osmc from 192.109.200.78 port 43834 ssh2
Jun 23 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: Connection closed by 192.109.200.78 port 43834 [preauth]
Jun 23 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Invalid user devops from 192.109.200.78
Jun 23 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: input_userauth_request: invalid user devops [preauth]
Jun 23 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23928]: pam_unix(cron:session): session closed for user root
Jun 23 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26570]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Failed password for invalid user devops from 192.109.200.78 port 37532 ssh2
Jun 23 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Connection closed by 192.109.200.78 port 37532 [preauth]
Jun 23 17:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26900]: Invalid user odoo14 from 192.109.200.78
Jun 23 17:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26900]: input_userauth_request: invalid user odoo14 [preauth]
Jun 23 17:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26900]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26900]: Failed password for invalid user odoo14 from 192.109.200.78 port 37536 ssh2
Jun 23 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26900]: Connection closed by 192.109.200.78 port 37536 [preauth]
Jun 23 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Invalid user toto from 192.109.200.78
Jun 23 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: input_userauth_request: invalid user toto [preauth]
Jun 23 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26903]: Failed password for root from 91.92.40.11 port 52228 ssh2
Jun 23 17:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26903]: Connection closed by 91.92.40.11 port 52228 [preauth]
Jun 23 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Failed password for invalid user toto from 192.109.200.78 port 37552 ssh2
Jun 23 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Connection closed by 192.109.200.78 port 37552 [preauth]
Jun 23 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: Invalid user user1 from 192.109.200.78
Jun 23 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: input_userauth_request: invalid user user1 [preauth]
Jun 23 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: Failed password for invalid user user1 from 192.109.200.78 port 41944 ssh2
Jun 23 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26930]: Connection closed by 192.109.200.78 port 41944 [preauth]
Jun 23 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: Invalid user username from 192.109.200.78
Jun 23 17:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: input_userauth_request: invalid user username [preauth]
Jun 23 17:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: Failed password for invalid user username from 192.109.200.78 port 41946 ssh2
Jun 23 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: Connection closed by 192.109.200.78 port 41946 [preauth]
Jun 23 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: Invalid user username from 192.109.200.78
Jun 23 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: input_userauth_request: invalid user username [preauth]
Jun 23 17:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: Failed password for invalid user username from 192.109.200.78 port 41948 ssh2
Jun 23 17:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: Connection closed by 192.109.200.78 port 41948 [preauth]
Jun 23 17:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: Failed password for root from 192.109.200.78 port 46260 ssh2
Jun 23 17:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: Connection closed by 192.109.200.78 port 46260 [preauth]
Jun 23 17:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: Failed password for root from 192.109.200.78 port 46268 ssh2
Jun 23 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26978]: Connection closed by 192.109.200.78 port 46268 [preauth]
Jun 23 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: Invalid user minecraft from 192.109.200.78
Jun 23 17:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 17:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: Failed password for invalid user minecraft from 192.109.200.78 port 46270 ssh2
Jun 23 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: Connection closed by 192.109.200.78 port 46270 [preauth]
Jun 23 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25700]: pam_unix(cron:session): session closed for user root
Jun 23 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Invalid user app from 192.109.200.78
Jun 23 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: input_userauth_request: invalid user app [preauth]
Jun 23 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Failed password for invalid user app from 192.109.200.78 port 44992 ssh2
Jun 23 17:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Connection closed by 192.109.200.78 port 44992 [preauth]
Jun 23 17:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Invalid user username from 192.109.200.78
Jun 23 17:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: input_userauth_request: invalid user username [preauth]
Jun 23 17:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Failed password for invalid user username from 192.109.200.78 port 45000 ssh2
Jun 23 17:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Connection closed by 192.109.200.78 port 45000 [preauth]
Jun 23 17:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: Invalid user test from 192.109.200.78
Jun 23 17:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: input_userauth_request: invalid user test [preauth]
Jun 23 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: Failed password for invalid user test from 192.109.200.78 port 45008 ssh2
Jun 23 17:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: Connection closed by 192.109.200.78 port 45008 [preauth]
Jun 23 17:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: Invalid user deployer from 192.109.200.78
Jun 23 17:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: input_userauth_request: invalid user deployer [preauth]
Jun 23 17:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: Failed password for invalid user deployer from 192.109.200.78 port 47018 ssh2
Jun 23 17:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27047]: Connection closed by 192.109.200.78 port 47018 [preauth]
Jun 23 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Invalid user jenkins from 192.109.200.78
Jun 23 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Failed password for invalid user jenkins from 192.109.200.78 port 47022 ssh2
Jun 23 17:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Connection closed by 192.109.200.78 port 47022 [preauth]
Jun 23 17:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Failed password for root from 192.109.200.78 port 47034 ssh2
Jun 23 17:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Connection closed by 192.109.200.78 port 47034 [preauth]
Jun 23 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Invalid user ec2-user from 192.109.200.78
Jun 23 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: input_userauth_request: invalid user ec2-user [preauth]
Jun 23 17:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Failed password for invalid user ec2-user from 192.109.200.78 port 45968 ssh2
Jun 23 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Connection closed by 192.109.200.78 port 45968 [preauth]
Jun 23 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: Invalid user admin from 192.109.200.78
Jun 23 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: Failed password for invalid user admin from 192.109.200.78 port 45984 ssh2
Jun 23 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: Connection closed by 192.109.200.78 port 45984 [preauth]
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27086]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27214]: Successful su for rubyman by root
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27214]: + ??? root:rubyman
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578533 of user rubyman.
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27214]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578533.
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Invalid user ivan from 192.109.200.78
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: input_userauth_request: invalid user ivan [preauth]
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27084]: pam_unix(cron:session): session closed for user root
Jun 23 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24354]: pam_unix(cron:session): session closed for user root
Jun 23 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Failed password for invalid user ivan from 192.109.200.78 port 35834 ssh2
Jun 23 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Connection closed by 192.109.200.78 port 35834 [preauth]
Jun 23 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27423]: Invalid user trade from 192.109.200.78
Jun 23 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27423]: input_userauth_request: invalid user trade [preauth]
Jun 23 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27423]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27087]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27423]: Failed password for invalid user trade from 192.109.200.78 port 35840 ssh2
Jun 23 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27423]: Connection closed by 192.109.200.78 port 35840 [preauth]
Jun 23 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: Invalid user root1 from 192.109.200.78
Jun 23 17:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: input_userauth_request: invalid user root1 [preauth]
Jun 23 17:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: Failed password for invalid user root1 from 192.109.200.78 port 35848 ssh2
Jun 23 17:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27447]: Connection closed by 192.109.200.78 port 35848 [preauth]
Jun 23 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: Invalid user ansible from 192.109.200.78
Jun 23 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: input_userauth_request: invalid user ansible [preauth]
Jun 23 17:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: Failed password for invalid user ansible from 192.109.200.78 port 52412 ssh2
Jun 23 17:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: Connection closed by 192.109.200.78 port 52412 [preauth]
Jun 23 17:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27483]: Invalid user pi from 192.109.200.78
Jun 23 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27483]: input_userauth_request: invalid user pi [preauth]
Jun 23 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27483]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27483]: Failed password for invalid user pi from 192.109.200.78 port 52422 ssh2
Jun 23 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27483]: Connection closed by 192.109.200.78 port 52422 [preauth]
Jun 23 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: Invalid user cloud from 192.109.200.78
Jun 23 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: input_userauth_request: invalid user cloud [preauth]
Jun 23 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: Failed password for invalid user cloud from 192.109.200.78 port 52440 ssh2
Jun 23 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: Connection closed by 192.109.200.78 port 52440 [preauth]
Jun 23 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27496]: Failed password for root from 192.109.200.78 port 34198 ssh2
Jun 23 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27496]: Connection closed by 192.109.200.78 port 34198 [preauth]
Jun 23 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27524]: Invalid user webuser from 192.109.200.78
Jun 23 17:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27524]: input_userauth_request: invalid user webuser [preauth]
Jun 23 17:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27524]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27524]: Failed password for invalid user webuser from 192.109.200.78 port 34210 ssh2
Jun 23 17:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27524]: Connection closed by 192.109.200.78 port 34210 [preauth]
Jun 23 17:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27527]: Failed password for root from 192.109.200.78 port 34232 ssh2
Jun 23 17:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27527]: Connection closed by 192.109.200.78 port 34232 [preauth]
Jun 23 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27529]: Failed password for root from 91.92.40.11 port 48764 ssh2
Jun 23 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26135]: pam_unix(cron:session): session closed for user root
Jun 23 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27529]: Connection closed by 91.92.40.11 port 48764 [preauth]
Jun 23 17:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Failed password for root from 192.109.200.78 port 46148 ssh2
Jun 23 17:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Connection closed by 192.109.200.78 port 46148 [preauth]
Jun 23 17:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Invalid user adminuser from 192.109.200.78
Jun 23 17:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: input_userauth_request: invalid user adminuser [preauth]
Jun 23 17:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Failed password for invalid user adminuser from 192.109.200.78 port 46156 ssh2
Jun 23 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Connection closed by 192.109.200.78 port 46156 [preauth]
Jun 23 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: Invalid user administrator from 192.109.200.78
Jun 23 17:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: input_userauth_request: invalid user administrator [preauth]
Jun 23 17:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: Failed password for invalid user administrator from 192.109.200.78 port 46158 ssh2
Jun 23 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: Connection closed by 192.109.200.78 port 46158 [preauth]
Jun 23 17:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: Invalid user david from 192.109.200.78
Jun 23 17:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: input_userauth_request: invalid user david [preauth]
Jun 23 17:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: Failed password for invalid user david from 192.109.200.78 port 38148 ssh2
Jun 23 17:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: Connection closed by 192.109.200.78 port 38148 [preauth]
Jun 23 17:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Invalid user user1 from 192.109.200.78
Jun 23 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: input_userauth_request: invalid user user1 [preauth]
Jun 23 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Failed password for invalid user user1 from 192.109.200.78 port 38154 ssh2
Jun 23 17:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Connection closed by 192.109.200.78 port 38154 [preauth]
Jun 23 17:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: User mysql from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: input_userauth_request: invalid user mysql [preauth]
Jun 23 17:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=mysql
Jun 23 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: Failed password for invalid user mysql from 192.109.200.78 port 38170 ssh2
Jun 23 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: Connection closed by 192.109.200.78 port 38170 [preauth]
Jun 23 17:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: Invalid user support from 192.109.200.78
Jun 23 17:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: input_userauth_request: invalid user support [preauth]
Jun 23 17:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: Failed password for invalid user support from 192.109.200.78 port 52504 ssh2
Jun 23 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: Connection closed by 192.109.200.78 port 52504 [preauth]
Jun 23 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27626]: Invalid user debian from 192.109.200.78
Jun 23 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27626]: input_userauth_request: invalid user debian [preauth]
Jun 23 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27626]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27626]: Failed password for invalid user debian from 192.109.200.78 port 52510 ssh2
Jun 23 17:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27626]: Connection closed by 192.109.200.78 port 52510 [preauth]
Jun 23 17:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session closed for user root
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27639]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: Successful su for rubyman by root
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: + ??? root:rubyman
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578537 of user rubyman.
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578537.
Jun 23 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: Failed password for root from 192.109.200.78 port 52522 ssh2
Jun 23 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: Connection closed by 192.109.200.78 port 52522 [preauth]
Jun 23 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27756]: User vncuser from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27756]: input_userauth_request: invalid user vncuser [preauth]
Jun 23 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=vncuser
Jun 23 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session closed for user root
Jun 23 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27641]: pam_unix(cron:session): session closed for user root
Jun 23 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27756]: Failed password for invalid user vncuser from 192.109.200.78 port 51366 ssh2
Jun 23 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27756]: Connection closed by 192.109.200.78 port 51366 [preauth]
Jun 23 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Invalid user ethan from 192.109.200.78
Jun 23 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: input_userauth_request: invalid user ethan [preauth]
Jun 23 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27640]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Failed password for invalid user ethan from 192.109.200.78 port 51372 ssh2
Jun 23 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Connection closed by 192.109.200.78 port 51372 [preauth]
Jun 23 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Failed password for root from 192.109.200.78 port 51380 ssh2
Jun 23 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Connection closed by 192.109.200.78 port 51380 [preauth]
Jun 23 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Failed password for invalid user ubuntu from 192.109.200.78 port 53764 ssh2
Jun 23 17:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Connection closed by 192.109.200.78 port 53764 [preauth]
Jun 23 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27965]: Failed password for root from 192.109.200.78 port 53778 ssh2
Jun 23 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27965]: Connection closed by 192.109.200.78 port 53778 [preauth]
Jun 23 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Failed password for invalid user ubuntu from 192.109.200.78 port 53800 ssh2
Jun 23 17:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Connection closed by 192.109.200.78 port 53800 [preauth]
Jun 23 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: Invalid user www from 192.109.200.78
Jun 23 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: input_userauth_request: invalid user www [preauth]
Jun 23 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: Failed password for invalid user www from 192.109.200.78 port 36964 ssh2
Jun 23 17:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: Connection closed by 192.109.200.78 port 36964 [preauth]
Jun 23 17:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: Invalid user dev from 192.109.200.78
Jun 23 17:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: input_userauth_request: invalid user dev [preauth]
Jun 23 17:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: Failed password for invalid user dev from 192.109.200.78 port 36982 ssh2
Jun 23 17:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: Connection closed by 192.109.200.78 port 36982 [preauth]
Jun 23 17:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Failed password for root from 192.109.200.78 port 37004 ssh2
Jun 23 17:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Connection closed by 192.109.200.78 port 37004 [preauth]
Jun 23 17:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Invalid user pi from 192.109.200.78
Jun 23 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: input_userauth_request: invalid user pi [preauth]
Jun 23 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26572]: pam_unix(cron:session): session closed for user root
Jun 23 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Failed password for invalid user pi from 192.109.200.78 port 55456 ssh2
Jun 23 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Connection closed by 192.109.200.78 port 55456 [preauth]
Jun 23 17:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: Failed password for root from 192.109.200.78 port 55464 ssh2
Jun 23 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: Connection closed by 192.109.200.78 port 55464 [preauth]
Jun 23 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: Failed password for root from 192.109.200.78 port 55472 ssh2
Jun 23 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: Connection closed by 192.109.200.78 port 55472 [preauth]
Jun 23 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: Failed password for invalid user ubuntu from 192.109.200.78 port 43622 ssh2
Jun 23 17:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28113]: Connection closed by 192.109.200.78 port 43622 [preauth]
Jun 23 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: Invalid user user from 192.109.200.78
Jun 23 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: input_userauth_request: invalid user user [preauth]
Jun 23 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: Failed password for invalid user user from 192.109.200.78 port 43638 ssh2
Jun 23 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: Connection closed by 192.109.200.78 port 43638 [preauth]
Jun 23 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Failed password for invalid user ubuntu from 192.109.200.78 port 43642 ssh2
Jun 23 17:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Connection closed by 192.109.200.78 port 43642 [preauth]
Jun 23 17:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Invalid user home from 192.109.200.78
Jun 23 17:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: input_userauth_request: invalid user home [preauth]
Jun 23 17:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Failed password for invalid user home from 192.109.200.78 port 43644 ssh2
Jun 23 17:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Connection closed by 192.109.200.78 port 43644 [preauth]
Jun 23 17:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28162]: Invalid user user from 192.109.200.78
Jun 23 17:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28162]: input_userauth_request: invalid user user [preauth]
Jun 23 17:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Failed password for root from 91.92.40.11 port 47826 ssh2
Jun 23 17:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28162]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Connection closed by 91.92.40.11 port 47826 [preauth]
Jun 23 17:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28162]: Failed password for invalid user user from 192.109.200.78 port 56132 ssh2
Jun 23 17:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28162]: Connection closed by 192.109.200.78 port 56132 [preauth]
Jun 23 17:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Invalid user ark from 192.109.200.78
Jun 23 17:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: input_userauth_request: invalid user ark [preauth]
Jun 23 17:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Failed password for invalid user ark from 192.109.200.78 port 56146 ssh2
Jun 23 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Connection closed by 192.109.200.78 port 56146 [preauth]
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28179]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28176]: Invalid user prem from 192.109.200.78
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28176]: input_userauth_request: invalid user prem [preauth]
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28250]: Successful su for rubyman by root
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28250]: + ??? root:rubyman
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578544 of user rubyman.
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28250]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578544.
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28176]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 17:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28176]: Failed password for invalid user prem from 192.109.200.78 port 56170 ssh2
Jun 23 17:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28174]: Failed password for root from 103.122.221.179 port 43678 ssh2
Jun 23 17:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28176]: Connection closed by 192.109.200.78 port 56170 [preauth]
Jun 23 17:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28174]: Connection closed by 103.122.221.179 port 43678 [preauth]
Jun 23 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25246]: pam_unix(cron:session): session closed for user root
Jun 23 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: Invalid user runner from 192.109.200.78
Jun 23 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: input_userauth_request: invalid user runner [preauth]
Jun 23 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28180]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: Failed password for invalid user runner from 192.109.200.78 port 42158 ssh2
Jun 23 17:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: Connection closed by 192.109.200.78 port 42158 [preauth]
Jun 23 17:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: Failed password for root from 192.109.200.78 port 42180 ssh2
Jun 23 17:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: Connection closed by 192.109.200.78 port 42180 [preauth]
Jun 23 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: Invalid user milad from 192.109.200.78
Jun 23 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: input_userauth_request: invalid user milad [preauth]
Jun 23 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: Failed password for invalid user milad from 192.109.200.78 port 42194 ssh2
Jun 23 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: Connection closed by 192.109.200.78 port 42194 [preauth]
Jun 23 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Invalid user fred from 192.109.200.78
Jun 23 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: input_userauth_request: invalid user fred [preauth]
Jun 23 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Failed password for root from 193.37.70.224 port 47740 ssh2
Jun 23 17:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Connection closed by 193.37.70.224 port 47740 [preauth]
Jun 23 17:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Failed password for invalid user fred from 192.109.200.78 port 35000 ssh2
Jun 23 17:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Connection closed by 192.109.200.78 port 35000 [preauth]
Jun 23 17:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28464]: Failed password for root from 192.109.200.78 port 35008 ssh2
Jun 23 17:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28464]: Connection closed by 192.109.200.78 port 35008 [preauth]
Jun 23 17:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: Invalid user systemd from 192.109.200.78
Jun 23 17:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: input_userauth_request: invalid user systemd [preauth]
Jun 23 17:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: Failed password for invalid user systemd from 192.109.200.78 port 35020 ssh2
Jun 23 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28474]: Connection closed by 192.109.200.78 port 35020 [preauth]
Jun 23 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28501]: Received disconnect from 74.48.105.66 port 42790:11: disconnected by user [preauth]
Jun 23 17:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28501]: Disconnected from 74.48.105.66 port 42790 [preauth]
Jun 23 17:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: Failed password for root from 192.109.200.78 port 41444 ssh2
Jun 23 17:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: Connection closed by 192.109.200.78 port 41444 [preauth]
Jun 23 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28503]: Invalid user drcomadmin from 192.109.200.78
Jun 23 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28503]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 23 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28503]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28503]: Failed password for invalid user drcomadmin from 192.109.200.78 port 41460 ssh2
Jun 23 17:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28503]: Connection closed by 192.109.200.78 port 41460 [preauth]
Jun 23 17:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28519]: Invalid user cw from 192.109.200.78
Jun 23 17:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28519]: input_userauth_request: invalid user cw [preauth]
Jun 23 17:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28519]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28521]: Connection closed by 159.203.189.177 port 59014 [preauth]
Jun 23 17:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28519]: Failed password for invalid user cw from 192.109.200.78 port 41478 ssh2
Jun 23 17:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28519]: Connection closed by 192.109.200.78 port 41478 [preauth]
Jun 23 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28523]: Invalid user support from 192.109.200.78
Jun 23 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28523]: input_userauth_request: invalid user support [preauth]
Jun 23 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28523]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27089]: pam_unix(cron:session): session closed for user root
Jun 23 17:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28523]: Failed password for invalid user support from 192.109.200.78 port 40850 ssh2
Jun 23 17:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28523]: Connection closed by 192.109.200.78 port 40850 [preauth]
Jun 23 17:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: Invalid user tom from 192.109.200.78
Jun 23 17:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: input_userauth_request: invalid user tom [preauth]
Jun 23 17:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: Failed password for invalid user tom from 192.109.200.78 port 40866 ssh2
Jun 23 17:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: Connection closed by 192.109.200.78 port 40866 [preauth]
Jun 23 17:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28558]: Invalid user gateway from 192.109.200.78
Jun 23 17:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28558]: input_userauth_request: invalid user gateway [preauth]
Jun 23 17:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28558]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28558]: Failed password for invalid user gateway from 192.109.200.78 port 40882 ssh2
Jun 23 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28558]: Connection closed by 192.109.200.78 port 40882 [preauth]
Jun 23 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Failed password for root from 192.109.200.78 port 46714 ssh2
Jun 23 17:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Connection closed by 192.109.200.78 port 46714 [preauth]
Jun 23 17:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Failed password for root from 192.109.200.78 port 46718 ssh2
Jun 23 17:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Connection closed by 192.109.200.78 port 46718 [preauth]
Jun 23 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28683]: Invalid user runner from 192.109.200.78
Jun 23 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28683]: input_userauth_request: invalid user runner [preauth]
Jun 23 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28683]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28683]: Failed password for invalid user runner from 192.109.200.78 port 46726 ssh2
Jun 23 17:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28683]: Connection closed by 192.109.200.78 port 46726 [preauth]
Jun 23 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: Invalid user gabriel from 192.109.200.78
Jun 23 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: input_userauth_request: invalid user gabriel [preauth]
Jun 23 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: Failed password for invalid user gabriel from 192.109.200.78 port 46130 ssh2
Jun 23 17:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: Connection closed by 192.109.200.78 port 46130 [preauth]
Jun 23 17:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Invalid user openclaw from 192.109.200.78
Jun 23 17:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 17:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Failed password for invalid user openclaw from 192.109.200.78 port 46142 ssh2
Jun 23 17:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Connection closed by 192.109.200.78 port 46142 [preauth]
Jun 23 17:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: Invalid user odoo17 from 192.109.200.78
Jun 23 17:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: input_userauth_request: invalid user odoo17 [preauth]
Jun 23 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: Failed password for invalid user odoo17 from 192.109.200.78 port 46146 ssh2
Jun 23 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: Connection closed by 192.109.200.78 port 46146 [preauth]
Jun 23 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28789]: Successful su for rubyman by root
Jun 23 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28789]: + ??? root:rubyman
Jun 23 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578546 of user rubyman.
Jun 23 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28789]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578546.
Jun 23 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Invalid user ts3 from 192.109.200.78
Jun 23 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Failed password for invalid user ts3 from 192.109.200.78 port 46152 ssh2
Jun 23 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Connection closed by 192.109.200.78 port 46152 [preauth]
Jun 23 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session closed for user root
Jun 23 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: Invalid user test from 192.109.200.78
Jun 23 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: input_userauth_request: invalid user test [preauth]
Jun 23 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28723]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: Failed password for invalid user test from 192.109.200.78 port 35030 ssh2
Jun 23 17:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: Connection closed by 192.109.200.78 port 35030 [preauth]
Jun 23 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: Invalid user test from 192.109.200.78
Jun 23 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: input_userauth_request: invalid user test [preauth]
Jun 23 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: Failed password for invalid user test from 192.109.200.78 port 35038 ssh2
Jun 23 17:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: Connection closed by 192.109.200.78 port 35038 [preauth]
Jun 23 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28990]: Invalid user prefect from 192.109.200.78
Jun 23 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28990]: input_userauth_request: invalid user prefect [preauth]
Jun 23 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28990]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28990]: Failed password for invalid user prefect from 192.109.200.78 port 35050 ssh2
Jun 23 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28990]: Connection closed by 192.109.200.78 port 35050 [preauth]
Jun 23 17:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: Invalid user bot from 192.109.200.78
Jun 23 17:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: input_userauth_request: invalid user bot [preauth]
Jun 23 17:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: Failed password for root from 91.92.40.11 port 40248 ssh2
Jun 23 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: Connection closed by 91.92.40.11 port 40248 [preauth]
Jun 23 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: Failed password for invalid user bot from 192.109.200.78 port 47692 ssh2
Jun 23 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: Connection closed by 192.109.200.78 port 47692 [preauth]
Jun 23 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: Invalid user gabriel from 192.109.200.78
Jun 23 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: input_userauth_request: invalid user gabriel [preauth]
Jun 23 17:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: Failed password for invalid user gabriel from 192.109.200.78 port 47702 ssh2
Jun 23 17:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: Connection closed by 192.109.200.78 port 47702 [preauth]
Jun 23 17:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: Invalid user claude from 192.109.200.78
Jun 23 17:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: input_userauth_request: invalid user claude [preauth]
Jun 23 17:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: Failed password for invalid user claude from 192.109.200.78 port 47704 ssh2
Jun 23 17:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: Connection closed by 192.109.200.78 port 47704 [preauth]
Jun 23 17:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Invalid user nutanix from 192.109.200.78
Jun 23 17:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: input_userauth_request: invalid user nutanix [preauth]
Jun 23 17:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Failed password for invalid user nutanix from 192.109.200.78 port 42342 ssh2
Jun 23 17:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Connection closed by 192.109.200.78 port 42342 [preauth]
Jun 23 17:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Invalid user devops from 192.109.200.78
Jun 23 17:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: input_userauth_request: invalid user devops [preauth]
Jun 23 17:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Failed password for invalid user devops from 192.109.200.78 port 42352 ssh2
Jun 23 17:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Connection closed by 192.109.200.78 port 42352 [preauth]
Jun 23 17:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29072]: Invalid user home from 192.109.200.78
Jun 23 17:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29072]: input_userauth_request: invalid user home [preauth]
Jun 23 17:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29072]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29072]: Failed password for invalid user home from 192.109.200.78 port 42360 ssh2
Jun 23 17:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29072]: Connection closed by 192.109.200.78 port 42360 [preauth]
Jun 23 17:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: Invalid user user from 192.109.200.78
Jun 23 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: input_userauth_request: invalid user user [preauth]
Jun 23 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27643]: pam_unix(cron:session): session closed for user root
Jun 23 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: Failed password for invalid user user from 192.109.200.78 port 58652 ssh2
Jun 23 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29083]: Connection closed by 192.109.200.78 port 58652 [preauth]
Jun 23 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Invalid user data from 192.109.200.78
Jun 23 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: input_userauth_request: invalid user data [preauth]
Jun 23 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Failed password for invalid user data from 192.109.200.78 port 58672 ssh2
Jun 23 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Connection closed by 192.109.200.78 port 58672 [preauth]
Jun 23 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: Invalid user dmdba from 192.109.200.78
Jun 23 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: input_userauth_request: invalid user dmdba [preauth]
Jun 23 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: Failed password for invalid user dmdba from 192.109.200.78 port 58682 ssh2
Jun 23 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: Connection closed by 192.109.200.78 port 58682 [preauth]
Jun 23 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Invalid user rock from 192.109.200.78
Jun 23 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: input_userauth_request: invalid user rock [preauth]
Jun 23 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Failed password for invalid user rock from 192.109.200.78 port 33978 ssh2
Jun 23 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Connection closed by 192.109.200.78 port 33978 [preauth]
Jun 23 17:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: Invalid user debian from 192.109.200.78
Jun 23 17:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: input_userauth_request: invalid user debian [preauth]
Jun 23 17:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: Failed password for invalid user debian from 192.109.200.78 port 33980 ssh2
Jun 23 17:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: Connection closed by 192.109.200.78 port 33980 [preauth]
Jun 23 17:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: Invalid user guest from 192.109.200.78
Jun 23 17:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: input_userauth_request: invalid user guest [preauth]
Jun 23 17:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: Failed password for invalid user guest from 192.109.200.78 port 33996 ssh2
Jun 23 17:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: Connection closed by 192.109.200.78 port 33996 [preauth]
Jun 23 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: Invalid user claude from 192.109.200.78
Jun 23 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: input_userauth_request: invalid user claude [preauth]
Jun 23 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: Failed password for invalid user claude from 192.109.200.78 port 34004 ssh2
Jun 23 17:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: Connection closed by 192.109.200.78 port 34004 [preauth]
Jun 23 17:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Invalid user steam from 192.109.200.78
Jun 23 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: input_userauth_request: invalid user steam [preauth]
Jun 23 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Failed password for invalid user steam from 192.109.200.78 port 58112 ssh2
Jun 23 17:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Connection closed by 192.109.200.78 port 58112 [preauth]
Jun 23 17:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29173]: Failed password for root from 192.109.200.78 port 58124 ssh2
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29173]: Connection closed by 192.109.200.78 port 58124 [preauth]
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29186]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29262]: Successful su for rubyman by root
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29262]: + ??? root:rubyman
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578550 of user rubyman.
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29262]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578550.
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Invalid user hduser from 192.109.200.78
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: input_userauth_request: invalid user hduser [preauth]
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Failed password for invalid user hduser from 192.109.200.78 port 58136 ssh2
Jun 23 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Connection closed by 192.109.200.78 port 58136 [preauth]
Jun 23 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26134]: pam_unix(cron:session): session closed for user root
Jun 23 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: Invalid user admin from 192.109.200.78
Jun 23 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29187]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: Failed password for invalid user admin from 192.109.200.78 port 44252 ssh2
Jun 23 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: Connection closed by 192.109.200.78 port 44252 [preauth]
Jun 23 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Failed password for invalid user ubuntu from 192.109.200.78 port 44258 ssh2
Jun 23 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Connection closed by 192.109.200.78 port 44258 [preauth]
Jun 23 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: Invalid user master from 192.109.200.78
Jun 23 17:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: input_userauth_request: invalid user master [preauth]
Jun 23 17:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: Failed password for invalid user master from 192.109.200.78 port 44260 ssh2
Jun 23 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: Connection closed by 192.109.200.78 port 44260 [preauth]
Jun 23 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29469]: Invalid user admin from 192.109.200.78
Jun 23 17:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29469]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29469]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29469]: Failed password for invalid user admin from 192.109.200.78 port 50376 ssh2
Jun 23 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29469]: Connection closed by 192.109.200.78 port 50376 [preauth]
Jun 23 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Invalid user dev from 192.109.200.78
Jun 23 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: input_userauth_request: invalid user dev [preauth]
Jun 23 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Failed password for invalid user dev from 192.109.200.78 port 50394 ssh2
Jun 23 17:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Connection closed by 192.109.200.78 port 50394 [preauth]
Jun 23 17:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29503]: Invalid user deploy from 192.109.200.78
Jun 23 17:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29503]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29503]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29503]: Failed password for invalid user deploy from 192.109.200.78 port 50426 ssh2
Jun 23 17:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29503]: Connection closed by 192.109.200.78 port 50426 [preauth]
Jun 23 17:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: Invalid user fivem from 192.109.200.78
Jun 23 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: input_userauth_request: invalid user fivem [preauth]
Jun 23 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: Failed password for invalid user fivem from 192.109.200.78 port 58792 ssh2
Jun 23 17:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29506]: Connection closed by 192.109.200.78 port 58792 [preauth]
Jun 23 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: Invalid user test2 from 192.109.200.78
Jun 23 17:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: input_userauth_request: invalid user test2 [preauth]
Jun 23 17:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: Failed password for invalid user test2 from 192.109.200.78 port 58798 ssh2
Jun 23 17:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: Connection closed by 192.109.200.78 port 58798 [preauth]
Jun 23 17:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: Invalid user admin123 from 192.109.200.78
Jun 23 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: input_userauth_request: invalid user admin123 [preauth]
Jun 23 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: Failed password for invalid user admin123 from 192.109.200.78 port 58816 ssh2
Jun 23 17:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: Connection closed by 192.109.200.78 port 58816 [preauth]
Jun 23 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28182]: pam_unix(cron:session): session closed for user root
Jun 23 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: Invalid user chris from 192.109.200.78
Jun 23 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: input_userauth_request: invalid user chris [preauth]
Jun 23 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: Failed password for invalid user chris from 192.109.200.78 port 45290 ssh2
Jun 23 17:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: Connection closed by 192.109.200.78 port 45290 [preauth]
Jun 23 17:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: Invalid user ftpuser from 192.109.200.78
Jun 23 17:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 17:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: Failed password for invalid user ftpuser from 192.109.200.78 port 45302 ssh2
Jun 23 17:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: Connection closed by 192.109.200.78 port 45302 [preauth]
Jun 23 17:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Failed password for root from 192.109.200.78 port 45314 ssh2
Jun 23 17:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Connection closed by 192.109.200.78 port 45314 [preauth]
Jun 23 17:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: Invalid user testuser from 192.109.200.78
Jun 23 17:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: input_userauth_request: invalid user testuser [preauth]
Jun 23 17:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Failed password for root from 91.92.40.11 port 48044 ssh2
Jun 23 17:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: Failed password for invalid user testuser from 192.109.200.78 port 34588 ssh2
Jun 23 17:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Connection closed by 91.92.40.11 port 48044 [preauth]
Jun 23 17:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: Connection closed by 192.109.200.78 port 34588 [preauth]
Jun 23 17:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: Invalid user odoo18 from 192.109.200.78
Jun 23 17:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: input_userauth_request: invalid user odoo18 [preauth]
Jun 23 17:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: Failed password for invalid user odoo18 from 192.109.200.78 port 34590 ssh2
Jun 23 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29698]: Connection closed by 192.109.200.78 port 34590 [preauth]
Jun 23 17:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Invalid user ecommerce from 192.109.200.78
Jun 23 17:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: input_userauth_request: invalid user ecommerce [preauth]
Jun 23 17:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Failed password for invalid user ecommerce from 192.109.200.78 port 34606 ssh2
Jun 23 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Connection closed by 192.109.200.78 port 34606 [preauth]
Jun 23 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Failed password for invalid user ubuntu from 192.109.200.78 port 45988 ssh2
Jun 23 17:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Connection closed by 192.109.200.78 port 45988 [preauth]
Jun 23 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: Invalid user mohammad from 192.109.200.78
Jun 23 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: input_userauth_request: invalid user mohammad [preauth]
Jun 23 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: Failed password for invalid user mohammad from 192.109.200.78 port 45994 ssh2
Jun 23 17:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: Connection closed by 192.109.200.78 port 45994 [preauth]
Jun 23 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29756]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29825]: Successful su for rubyman by root
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29825]: + ??? root:rubyman
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578555 of user rubyman.
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29825]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578555.
Jun 23 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: Failed password for root from 192.109.200.78 port 46008 ssh2
Jun 23 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: Connection closed by 192.109.200.78 port 46008 [preauth]
Jun 23 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Invalid user runner from 192.109.200.78
Jun 23 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: input_userauth_request: invalid user runner [preauth]
Jun 23 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26571]: pam_unix(cron:session): session closed for user root
Jun 23 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Failed password for invalid user runner from 192.109.200.78 port 55228 ssh2
Jun 23 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Connection closed by 192.109.200.78 port 55228 [preauth]
Jun 23 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30006]: Invalid user main from 192.109.200.78
Jun 23 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30006]: input_userauth_request: invalid user main [preauth]
Jun 23 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30006]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30006]: Failed password for invalid user main from 192.109.200.78 port 55234 ssh2
Jun 23 17:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30006]: Connection closed by 192.109.200.78 port 55234 [preauth]
Jun 23 17:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30029]: Invalid user sysupdate from 192.109.200.78
Jun 23 17:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30029]: input_userauth_request: invalid user sysupdate [preauth]
Jun 23 17:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30029]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30029]: Failed password for invalid user sysupdate from 192.109.200.78 port 55240 ssh2
Jun 23 17:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30029]: Connection closed by 192.109.200.78 port 55240 [preauth]
Jun 23 17:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Invalid user liyang from 192.109.200.78
Jun 23 17:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: input_userauth_request: invalid user liyang [preauth]
Jun 23 17:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Failed password for invalid user liyang from 192.109.200.78 port 43680 ssh2
Jun 23 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Connection closed by 192.109.200.78 port 43680 [preauth]
Jun 23 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Failed password for root from 192.109.200.78 port 43690 ssh2
Jun 23 17:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Connection closed by 192.109.200.78 port 43690 [preauth]
Jun 23 17:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Failed password for root from 192.109.200.78 port 43700 ssh2
Jun 23 17:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Connection closed by 192.109.200.78 port 43700 [preauth]
Jun 23 17:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: Failed password for root from 192.109.200.78 port 43704 ssh2
Jun 23 17:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: Connection closed by 192.109.200.78 port 43704 [preauth]
Jun 23 17:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Invalid user tester from 192.109.200.78
Jun 23 17:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: input_userauth_request: invalid user tester [preauth]
Jun 23 17:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Failed password for invalid user tester from 192.109.200.78 port 48210 ssh2
Jun 23 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Connection closed by 192.109.200.78 port 48210 [preauth]
Jun 23 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Invalid user config from 192.109.200.78
Jun 23 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: input_userauth_request: invalid user config [preauth]
Jun 23 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Failed password for invalid user config from 192.109.200.78 port 48240 ssh2
Jun 23 17:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Connection closed by 192.109.200.78 port 48240 [preauth]
Jun 23 17:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: Invalid user test from 192.109.200.78
Jun 23 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: input_userauth_request: invalid user test [preauth]
Jun 23 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session closed for user root
Jun 23 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: Failed password for invalid user test from 192.109.200.78 port 48262 ssh2
Jun 23 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: Connection closed by 192.109.200.78 port 48262 [preauth]
Jun 23 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: Invalid user devops from 192.109.200.78
Jun 23 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: input_userauth_request: invalid user devops [preauth]
Jun 23 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: Failed password for invalid user devops from 192.109.200.78 port 48194 ssh2
Jun 23 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: Connection closed by 192.109.200.78 port 48194 [preauth]
Jun 23 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30152]: Invalid user runner from 192.109.200.78
Jun 23 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30152]: input_userauth_request: invalid user runner [preauth]
Jun 23 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30152]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30152]: Failed password for invalid user runner from 192.109.200.78 port 48202 ssh2
Jun 23 17:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30152]: Connection closed by 192.109.200.78 port 48202 [preauth]
Jun 23 17:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: Invalid user openclaw from 192.109.200.78
Jun 23 17:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 17:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: Failed password for invalid user openclaw from 192.109.200.78 port 48208 ssh2
Jun 23 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: Connection closed by 192.109.200.78 port 48208 [preauth]
Jun 23 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: Invalid user newuser from 192.109.200.78
Jun 23 17:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: input_userauth_request: invalid user newuser [preauth]
Jun 23 17:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: Failed password for invalid user newuser from 192.109.200.78 port 35706 ssh2
Jun 23 17:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: Connection closed by 192.109.200.78 port 35706 [preauth]
Jun 23 17:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: Invalid user stack from 192.109.200.78
Jun 23 17:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: input_userauth_request: invalid user stack [preauth]
Jun 23 17:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: Failed password for invalid user stack from 192.109.200.78 port 35718 ssh2
Jun 23 17:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: Connection closed by 192.109.200.78 port 35718 [preauth]
Jun 23 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Invalid user webmaster from 192.109.200.78
Jun 23 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: input_userauth_request: invalid user webmaster [preauth]
Jun 23 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Failed password for invalid user webmaster from 192.109.200.78 port 35726 ssh2
Jun 23 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Connection closed by 192.109.200.78 port 35726 [preauth]
Jun 23 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Invalid user system from 192.109.200.78
Jun 23 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: input_userauth_request: invalid user system [preauth]
Jun 23 17:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Failed password for invalid user system from 192.109.200.78 port 59884 ssh2
Jun 23 17:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Connection closed by 192.109.200.78 port 59884 [preauth]
Jun 23 17:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Invalid user openclaw from 192.109.200.78
Jun 23 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Failed password for invalid user openclaw from 192.109.200.78 port 59902 ssh2
Jun 23 17:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Connection closed by 192.109.200.78 port 59902 [preauth]
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Invalid user git from 192.109.200.78
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: input_userauth_request: invalid user git [preauth]
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30239]: pam_unix(cron:session): session closed for user root
Jun 23 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30233]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30305]: Successful su for rubyman by root
Jun 23 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30305]: + ??? root:rubyman
Jun 23 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578560 of user rubyman.
Jun 23 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30305]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578560.
Jun 23 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Failed password for invalid user git from 192.109.200.78 port 59922 ssh2
Jun 23 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Connection closed by 192.109.200.78 port 59922 [preauth]
Jun 23 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30235]: pam_unix(cron:session): session closed for user root
Jun 23 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: Invalid user support from 192.109.200.78
Jun 23 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: input_userauth_request: invalid user support [preauth]
Jun 23 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27088]: pam_unix(cron:session): session closed for user root
Jun 23 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30234]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: Failed password for invalid user support from 192.109.200.78 port 37398 ssh2
Jun 23 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: Connection closed by 192.109.200.78 port 37398 [preauth]
Jun 23 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: Invalid user www from 192.109.200.78
Jun 23 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: input_userauth_request: invalid user www [preauth]
Jun 23 17:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: Failed password for invalid user www from 192.109.200.78 port 37420 ssh2
Jun 23 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: Connection closed by 192.109.200.78 port 37420 [preauth]
Jun 23 17:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: Invalid user user2 from 192.109.200.78
Jun 23 17:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: input_userauth_request: invalid user user2 [preauth]
Jun 23 17:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Failed password for root from 91.92.40.11 port 40734 ssh2
Jun 23 17:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Connection closed by 91.92.40.11 port 40734 [preauth]
Jun 23 17:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: Failed password for invalid user user2 from 192.109.200.78 port 37446 ssh2
Jun 23 17:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: Connection closed by 192.109.200.78 port 37446 [preauth]
Jun 23 17:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: Failed password for root from 192.109.200.78 port 39882 ssh2
Jun 23 17:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: Connection closed by 192.109.200.78 port 39882 [preauth]
Jun 23 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: Invalid user ts3 from 192.109.200.78
Jun 23 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: Failed password for invalid user ts3 from 192.109.200.78 port 39896 ssh2
Jun 23 17:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: Connection closed by 192.109.200.78 port 39896 [preauth]
Jun 23 17:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30560]: Invalid user claude from 192.109.200.78
Jun 23 17:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30560]: input_userauth_request: invalid user claude [preauth]
Jun 23 17:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30560]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30560]: Failed password for invalid user claude from 192.109.200.78 port 39904 ssh2
Jun 23 17:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30560]: Connection closed by 192.109.200.78 port 39904 [preauth]
Jun 23 17:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: User john from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: input_userauth_request: invalid user john [preauth]
Jun 23 17:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=john
Jun 23 17:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Failed password for invalid user john from 192.109.200.78 port 38692 ssh2
Jun 23 17:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Connection closed by 192.109.200.78 port 38692 [preauth]
Jun 23 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Invalid user vbox from 192.109.200.78
Jun 23 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: input_userauth_request: invalid user vbox [preauth]
Jun 23 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Failed password for invalid user vbox from 192.109.200.78 port 38696 ssh2
Jun 23 17:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Connection closed by 192.109.200.78 port 38696 [preauth]
Jun 23 17:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: Invalid user sam from 192.109.200.78
Jun 23 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: input_userauth_request: invalid user sam [preauth]
Jun 23 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29189]: pam_unix(cron:session): session closed for user root
Jun 23 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: Failed password for invalid user sam from 192.109.200.78 port 38704 ssh2
Jun 23 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30605]: Connection closed by 192.109.200.78 port 38704 [preauth]
Jun 23 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30635]: Invalid user app from 192.109.200.78
Jun 23 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30635]: input_userauth_request: invalid user app [preauth]
Jun 23 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30635]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30635]: Failed password for invalid user app from 192.109.200.78 port 41580 ssh2
Jun 23 17:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30635]: Connection closed by 192.109.200.78 port 41580 [preauth]
Jun 23 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Invalid user admin1 from 192.109.200.78
Jun 23 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 17:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Failed password for invalid user admin1 from 192.109.200.78 port 41594 ssh2
Jun 23 17:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Connection closed by 192.109.200.78 port 41594 [preauth]
Jun 23 17:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Invalid user bob from 192.109.200.78
Jun 23 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: input_userauth_request: invalid user bob [preauth]
Jun 23 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Failed password for invalid user bob from 192.109.200.78 port 41598 ssh2
Jun 23 17:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Connection closed by 192.109.200.78 port 41598 [preauth]
Jun 23 17:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30678]: Invalid user odoo18 from 192.109.200.78
Jun 23 17:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30678]: input_userauth_request: invalid user odoo18 [preauth]
Jun 23 17:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30678]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30678]: Failed password for invalid user odoo18 from 192.109.200.78 port 41936 ssh2
Jun 23 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30678]: Connection closed by 192.109.200.78 port 41936 [preauth]
Jun 23 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30681]: Invalid user nginx from 192.109.200.78
Jun 23 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30681]: input_userauth_request: invalid user nginx [preauth]
Jun 23 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30681]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30681]: Failed password for invalid user nginx from 192.109.200.78 port 41940 ssh2
Jun 23 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30681]: Connection closed by 192.109.200.78 port 41940 [preauth]
Jun 23 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Failed password for root from 192.109.200.78 port 41944 ssh2
Jun 23 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Connection closed by 192.109.200.78 port 41944 [preauth]
Jun 23 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Invalid user grid from 192.109.200.78
Jun 23 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: input_userauth_request: invalid user grid [preauth]
Jun 23 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Failed password for invalid user grid from 192.109.200.78 port 47578 ssh2
Jun 23 17:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Connection closed by 192.109.200.78 port 47578 [preauth]
Jun 23 17:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Failed password for root from 192.109.200.78 port 47592 ssh2
Jun 23 17:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Connection closed by 192.109.200.78 port 47592 [preauth]
Jun 23 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30716]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30713]: Invalid user ai from 192.109.200.78
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30713]: input_userauth_request: invalid user ai [preauth]
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: Successful su for rubyman by root
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: + ??? root:rubyman
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578564 of user rubyman.
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578564.
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30713]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30713]: Failed password for invalid user ai from 192.109.200.78 port 47604 ssh2
Jun 23 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30713]: Connection closed by 192.109.200.78 port 47604 [preauth]
Jun 23 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31027]: Invalid user jenkins from 192.109.200.78
Jun 23 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31027]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27642]: pam_unix(cron:session): session closed for user root
Jun 23 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31027]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30717]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31027]: Failed password for invalid user jenkins from 192.109.200.78 port 55126 ssh2
Jun 23 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31027]: Connection closed by 192.109.200.78 port 55126 [preauth]
Jun 23 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: Invalid user xiao from 192.109.200.78
Jun 23 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: input_userauth_request: invalid user xiao [preauth]
Jun 23 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: Failed password for invalid user xiao from 192.109.200.78 port 55132 ssh2
Jun 23 17:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: Connection closed by 192.109.200.78 port 55132 [preauth]
Jun 23 17:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: Invalid user trader from 192.109.200.78
Jun 23 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: input_userauth_request: invalid user trader [preauth]
Jun 23 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: Failed password for invalid user trader from 192.109.200.78 port 55138 ssh2
Jun 23 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: Connection closed by 192.109.200.78 port 55138 [preauth]
Jun 23 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Failed password for invalid user ubuntu from 192.109.200.78 port 42088 ssh2
Jun 23 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Connection closed by 192.109.200.78 port 42088 [preauth]
Jun 23 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for root from 192.109.200.78 port 42116 ssh2
Jun 23 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Connection closed by 192.109.200.78 port 42116 [preauth]
Jun 23 17:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: Failed password for root from 192.109.200.78 port 42138 ssh2
Jun 23 17:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: Connection closed by 192.109.200.78 port 42138 [preauth]
Jun 23 17:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Invalid user postgres from 192.109.200.78
Jun 23 17:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: input_userauth_request: invalid user postgres [preauth]
Jun 23 17:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Failed password for invalid user postgres from 192.109.200.78 port 48418 ssh2
Jun 23 17:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Connection closed by 192.109.200.78 port 48418 [preauth]
Jun 23 17:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: Failed password for root from 192.109.200.78 port 48426 ssh2
Jun 23 17:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: Connection closed by 192.109.200.78 port 48426 [preauth]
Jun 23 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Invalid user guest from 192.109.200.78
Jun 23 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: input_userauth_request: invalid user guest [preauth]
Jun 23 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29761]: pam_unix(cron:session): session closed for user root
Jun 23 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Failed password for invalid user guest from 192.109.200.78 port 48428 ssh2
Jun 23 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Connection closed by 192.109.200.78 port 48428 [preauth]
Jun 23 17:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: Invalid user kali from 192.109.200.78
Jun 23 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: input_userauth_request: invalid user kali [preauth]
Jun 23 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 23 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: Failed password for invalid user kali from 192.109.200.78 port 39036 ssh2
Jun 23 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: Connection closed by 192.109.200.78 port 39036 [preauth]
Jun 23 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Invalid user teamspeak from 192.109.200.78
Jun 23 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: Failed password for root from 91.92.40.11 port 41738 ssh2
Jun 23 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Failed password for root from 45.148.10.121 port 53754 ssh2
Jun 23 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: Connection closed by 91.92.40.11 port 41738 [preauth]
Jun 23 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Connection closed by 45.148.10.121 port 53754 [preauth]
Jun 23 17:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Failed password for invalid user teamspeak from 192.109.200.78 port 39052 ssh2
Jun 23 17:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Connection closed by 192.109.200.78 port 39052 [preauth]
Jun 23 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Invalid user hadoop from 192.109.200.78
Jun 23 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Failed password for invalid user hadoop from 192.109.200.78 port 39066 ssh2
Jun 23 17:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Connection closed by 192.109.200.78 port 39066 [preauth]
Jun 23 17:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31216]: Invalid user bot from 192.109.200.78
Jun 23 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31216]: input_userauth_request: invalid user bot [preauth]
Jun 23 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31216]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31216]: Failed password for invalid user bot from 192.109.200.78 port 56042 ssh2
Jun 23 17:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31216]: Connection closed by 192.109.200.78 port 56042 [preauth]
Jun 23 17:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: Invalid user core from 192.109.200.78
Jun 23 17:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: input_userauth_request: invalid user core [preauth]
Jun 23 17:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: Failed password for invalid user core from 192.109.200.78 port 56062 ssh2
Jun 23 17:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: Connection closed by 192.109.200.78 port 56062 [preauth]
Jun 23 17:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Invalid user rajvir from 192.109.200.78
Jun 23 17:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: input_userauth_request: invalid user rajvir [preauth]
Jun 23 17:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Failed password for invalid user rajvir from 192.109.200.78 port 56078 ssh2
Jun 23 17:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Connection closed by 192.109.200.78 port 56078 [preauth]
Jun 23 17:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: Invalid user deploy from 192.109.200.78
Jun 23 17:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: Failed password for invalid user deploy from 192.109.200.78 port 50124 ssh2
Jun 23 17:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: Connection closed by 192.109.200.78 port 50124 [preauth]
Jun 23 17:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31253]: pam_unix(cron:session): session closed for user root
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31255]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Failed password for root from 192.109.200.78 port 50136 ssh2
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Connection closed by 192.109.200.78 port 50136 [preauth]
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31323]: Successful su for rubyman by root
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31323]: + ??? root:rubyman
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578569 of user rubyman.
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31323]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578569.
Jun 23 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Invalid user oracle from 192.109.200.78
Jun 23 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: input_userauth_request: invalid user oracle [preauth]
Jun 23 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28181]: pam_unix(cron:session): session closed for user root
Jun 23 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Failed password for invalid user oracle from 192.109.200.78 port 50140 ssh2
Jun 23 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Connection closed by 192.109.200.78 port 50140 [preauth]
Jun 23 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31257]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31488]: Failed password for root from 192.109.200.78 port 58940 ssh2
Jun 23 17:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31488]: Connection closed by 192.109.200.78 port 58940 [preauth]
Jun 23 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: Invalid user testuser from 192.109.200.78
Jun 23 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: input_userauth_request: invalid user testuser [preauth]
Jun 23 17:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Failed password for root from 141.98.83.240 port 21460 ssh2
Jun 23 17:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: Failed password for invalid user testuser from 192.109.200.78 port 58946 ssh2
Jun 23 17:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: Connection closed by 192.109.200.78 port 58946 [preauth]
Jun 23 17:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: Invalid user odoo17 from 192.109.200.78
Jun 23 17:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: input_userauth_request: invalid user odoo17 [preauth]
Jun 23 17:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Failed password for root from 141.98.83.240 port 21460 ssh2
Jun 23 17:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: Failed password for invalid user odoo17 from 192.109.200.78 port 58968 ssh2
Jun 23 17:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: Connection closed by 192.109.200.78 port 58968 [preauth]
Jun 23 17:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: Invalid user developer from 192.109.200.78
Jun 23 17:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: input_userauth_request: invalid user developer [preauth]
Jun 23 17:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Failed password for root from 141.98.83.240 port 21460 ssh2
Jun 23 17:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Connection closed by 141.98.83.240 port 21460 [preauth]
Jun 23 17:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 17:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: Failed password for invalid user developer from 192.109.200.78 port 47474 ssh2
Jun 23 17:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: Connection closed by 192.109.200.78 port 47474 [preauth]
Jun 23 17:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31564]: Invalid user openclaw from 192.109.200.78
Jun 23 17:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31564]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 17:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31564]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31564]: Failed password for invalid user openclaw from 192.109.200.78 port 47486 ssh2
Jun 23 17:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31564]: Connection closed by 192.109.200.78 port 47486 [preauth]
Jun 23 17:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: Invalid user claude from 192.109.200.78
Jun 23 17:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: input_userauth_request: invalid user claude [preauth]
Jun 23 17:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: Failed password for invalid user claude from 192.109.200.78 port 47510 ssh2
Jun 23 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: Connection closed by 192.109.200.78 port 47510 [preauth]
Jun 23 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Invalid user www from 192.109.200.78
Jun 23 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: input_userauth_request: invalid user www [preauth]
Jun 23 17:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Failed password for invalid user www from 192.109.200.78 port 54630 ssh2
Jun 23 17:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Connection closed by 192.109.200.78 port 54630 [preauth]
Jun 23 17:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31688]: Invalid user username from 192.109.200.78
Jun 23 17:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31688]: input_userauth_request: invalid user username [preauth]
Jun 23 17:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31688]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31688]: Failed password for invalid user username from 192.109.200.78 port 54644 ssh2
Jun 23 17:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31688]: Connection closed by 192.109.200.78 port 54644 [preauth]
Jun 23 17:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: Invalid user gg from 192.109.200.78
Jun 23 17:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: input_userauth_request: invalid user gg [preauth]
Jun 23 17:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30238]: pam_unix(cron:session): session closed for user root
Jun 23 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: Failed password for invalid user gg from 192.109.200.78 port 60364 ssh2
Jun 23 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: Connection closed by 192.109.200.78 port 60364 [preauth]
Jun 23 17:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: Failed password for root from 192.109.200.78 port 60380 ssh2
Jun 23 17:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: Connection closed by 192.109.200.78 port 60380 [preauth]
Jun 23 17:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Invalid user server from 192.109.200.78
Jun 23 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: input_userauth_request: invalid user server [preauth]
Jun 23 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Failed password for invalid user server from 192.109.200.78 port 60396 ssh2
Jun 23 17:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Connection closed by 192.109.200.78 port 60396 [preauth]
Jun 23 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Invalid user user from 192.109.200.78
Jun 23 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: input_userauth_request: invalid user user [preauth]
Jun 23 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Failed password for invalid user user from 192.109.200.78 port 57070 ssh2
Jun 23 17:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Connection closed by 192.109.200.78 port 57070 [preauth]
Jun 23 17:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: Invalid user ftpuser from 192.109.200.78
Jun 23 17:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 17:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: Failed password for invalid user ftpuser from 192.109.200.78 port 57086 ssh2
Jun 23 17:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: Connection closed by 192.109.200.78 port 57086 [preauth]
Jun 23 17:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Failed password for root from 192.109.200.78 port 57088 ssh2
Jun 23 17:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Connection closed by 192.109.200.78 port 57088 [preauth]
Jun 23 17:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Invalid user debian from 192.109.200.78
Jun 23 17:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: input_userauth_request: invalid user debian [preauth]
Jun 23 17:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Failed password for invalid user debian from 192.109.200.78 port 47704 ssh2
Jun 23 17:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Connection closed by 192.109.200.78 port 47704 [preauth]
Jun 23 17:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: Invalid user ansible from 192.109.200.78
Jun 23 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: input_userauth_request: invalid user ansible [preauth]
Jun 23 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 17:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: Failed password for invalid user ansible from 192.109.200.78 port 47712 ssh2
Jun 23 17:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31788]: Connection closed by 192.109.200.78 port 47712 [preauth]
Jun 23 17:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: Invalid user cursor from 192.109.200.78
Jun 23 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: input_userauth_request: invalid user cursor [preauth]
Jun 23 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: Failed password for root from 109.237.96.109 port 45016 ssh2
Jun 23 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: Connection closed by 109.237.96.109 port 45016 [preauth]
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31810]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31871]: Successful su for rubyman by root
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31871]: + ??? root:rubyman
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578575 of user rubyman.
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31871]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578575.
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: Failed password for invalid user cursor from 192.109.200.78 port 47728 ssh2
Jun 23 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: Connection closed by 192.109.200.78 port 47728 [preauth]
Jun 23 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session closed for user root
Jun 23 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: Failed password for root from 192.109.200.78 port 52106 ssh2
Jun 23 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: Connection closed by 192.109.200.78 port 52106 [preauth]
Jun 23 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31811]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: Invalid user avax from 192.109.200.78
Jun 23 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: input_userauth_request: invalid user avax [preauth]
Jun 23 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: Failed password for root from 91.92.40.11 port 39290 ssh2
Jun 23 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: Connection closed by 91.92.40.11 port 39290 [preauth]
Jun 23 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: Failed password for invalid user avax from 192.109.200.78 port 52128 ssh2
Jun 23 17:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: Connection closed by 192.109.200.78 port 52128 [preauth]
Jun 23 17:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: Failed password for invalid user ubuntu from 192.109.200.78 port 52140 ssh2
Jun 23 17:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: Connection closed by 192.109.200.78 port 52140 [preauth]
Jun 23 17:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Invalid user potok from 192.109.200.78
Jun 23 17:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: input_userauth_request: invalid user potok [preauth]
Jun 23 17:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Failed password for invalid user potok from 192.109.200.78 port 45742 ssh2
Jun 23 17:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Connection closed by 192.109.200.78 port 45742 [preauth]
Jun 23 17:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: Failed password for root from 192.109.200.78 port 45746 ssh2
Jun 23 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: Connection closed by 192.109.200.78 port 45746 [preauth]
Jun 23 17:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: Failed password for root from 192.109.200.78 port 45758 ssh2
Jun 23 17:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: Connection closed by 192.109.200.78 port 45758 [preauth]
Jun 23 17:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 17:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: Invalid user minecraft from 192.109.200.78
Jun 23 17:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 17:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: Failed password for root from 194.113.233.25 port 53388 ssh2
Jun 23 17:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: Connection closed by 194.113.233.25 port 53388 [preauth]
Jun 23 17:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: Failed password for invalid user minecraft from 192.109.200.78 port 48122 ssh2
Jun 23 17:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: Connection closed by 192.109.200.78 port 48122 [preauth]
Jun 23 17:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: Invalid user tester from 192.109.200.78
Jun 23 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: input_userauth_request: invalid user tester [preauth]
Jun 23 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: Failed password for invalid user tester from 192.109.200.78 port 48138 ssh2
Jun 23 17:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: Connection closed by 192.109.200.78 port 48138 [preauth]
Jun 23 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32161]: Invalid user deploy from 192.109.200.78
Jun 23 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32161]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32161]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32161]: Failed password for invalid user deploy from 192.109.200.78 port 48154 ssh2
Jun 23 17:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32161]: Connection closed by 192.109.200.78 port 48154 [preauth]
Jun 23 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30719]: pam_unix(cron:session): session closed for user root
Jun 23 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: Invalid user aaa from 192.109.200.78
Jun 23 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: input_userauth_request: invalid user aaa [preauth]
Jun 23 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: Failed password for invalid user aaa from 192.109.200.78 port 54176 ssh2
Jun 23 17:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32166]: Connection closed by 192.109.200.78 port 54176 [preauth]
Jun 23 17:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: Failed password for root from 192.109.200.78 port 54188 ssh2
Jun 23 17:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: Connection closed by 192.109.200.78 port 54188 [preauth]
Jun 23 17:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: Invalid user coder from 192.109.200.78
Jun 23 17:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: input_userauth_request: invalid user coder [preauth]
Jun 23 17:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: Failed password for invalid user coder from 192.109.200.78 port 54190 ssh2
Jun 23 17:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: Connection closed by 192.109.200.78 port 54190 [preauth]
Jun 23 17:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32207]: Failed password for root from 192.109.200.78 port 51632 ssh2
Jun 23 17:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32207]: Connection closed by 192.109.200.78 port 51632 [preauth]
Jun 23 17:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: Invalid user rdpuser from 192.109.200.78
Jun 23 17:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 17:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: Failed password for invalid user rdpuser from 192.109.200.78 port 51642 ssh2
Jun 23 17:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: Connection closed by 192.109.200.78 port 51642 [preauth]
Jun 23 17:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: Invalid user deployer from 192.109.200.78
Jun 23 17:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: input_userauth_request: invalid user deployer [preauth]
Jun 23 17:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: Failed password for invalid user deployer from 192.109.200.78 port 51644 ssh2
Jun 23 17:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: Connection closed by 192.109.200.78 port 51644 [preauth]
Jun 23 17:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Invalid user cloud from 192.109.200.78
Jun 23 17:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: input_userauth_request: invalid user cloud [preauth]
Jun 23 17:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Failed password for invalid user cloud from 192.109.200.78 port 38956 ssh2
Jun 23 17:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Connection closed by 192.109.200.78 port 38956 [preauth]
Jun 23 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Failed password for root from 192.109.200.78 port 38960 ssh2
Jun 23 17:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Connection closed by 192.109.200.78 port 38960 [preauth]
Jun 23 17:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Invalid user node from 192.109.200.78
Jun 23 17:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: input_userauth_request: invalid user node [preauth]
Jun 23 17:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32264]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32321]: Successful su for rubyman by root
Jun 23 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32321]: + ??? root:rubyman
Jun 23 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Failed password for invalid user node from 192.109.200.78 port 38970 ssh2
Jun 23 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578577 of user rubyman.
Jun 23 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32321]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578577.
Jun 23 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Connection closed by 192.109.200.78 port 38970 [preauth]
Jun 23 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Invalid user ftpuser1 from 192.109.200.78
Jun 23 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 23 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session closed for user root
Jun 23 17:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Failed password for invalid user ftpuser1 from 192.109.200.78 port 57090 ssh2
Jun 23 17:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Connection closed by 192.109.200.78 port 57090 [preauth]
Jun 23 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32265]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: Invalid user gitlab-runner from 192.109.200.78
Jun 23 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 23 17:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: Failed password for invalid user gitlab-runner from 192.109.200.78 port 57120 ssh2
Jun 23 17:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: Connection closed by 192.109.200.78 port 57120 [preauth]
Jun 23 17:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Failed password for root from 192.109.200.78 port 57144 ssh2
Jun 23 17:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Connection closed by 192.109.200.78 port 57144 [preauth]
Jun 23 17:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: Failed password for root from 192.109.200.78 port 46148 ssh2
Jun 23 17:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: Connection closed by 192.109.200.78 port 46148 [preauth]
Jun 23 17:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: Invalid user test from 192.109.200.78
Jun 23 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: input_userauth_request: invalid user test [preauth]
Jun 23 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: User ftp from 193.46.255.86 not allowed because not listed in AllowUsers
Jun 23 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: input_userauth_request: invalid user ftp [preauth]
Jun 23 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=ftp
Jun 23 17:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: Failed password for invalid user test from 192.109.200.78 port 46174 ssh2
Jun 23 17:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Failed password for invalid user ftp from 193.46.255.86 port 45836 ssh2
Jun 23 17:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: Connection closed by 192.109.200.78 port 46174 [preauth]
Jun 23 17:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Failed password for invalid user ftp from 193.46.255.86 port 45836 ssh2
Jun 23 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: Failed password for root from 192.109.200.78 port 46192 ssh2
Jun 23 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: Connection closed by 192.109.200.78 port 46192 [preauth]
Jun 23 17:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Invalid user botuser from 192.109.200.78
Jun 23 17:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: input_userauth_request: invalid user botuser [preauth]
Jun 23 17:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Failed password for invalid user ftp from 193.46.255.86 port 45836 ssh2
Jun 23 17:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Connection closed by 193.46.255.86 port 45836 [preauth]
Jun 23 17:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=ftp
Jun 23 17:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Failed password for invalid user botuser from 192.109.200.78 port 50256 ssh2
Jun 23 17:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Connection closed by 192.109.200.78 port 50256 [preauth]
Jun 23 17:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: Invalid user frappe from 192.109.200.78
Jun 23 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: input_userauth_request: invalid user frappe [preauth]
Jun 23 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: Failed password for invalid user frappe from 192.109.200.78 port 50284 ssh2
Jun 23 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32594]: Connection closed by 192.109.200.78 port 50284 [preauth]
Jun 23 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Failed password for root from 192.109.200.78 port 50312 ssh2
Jun 23 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Connection closed by 192.109.200.78 port 50312 [preauth]
Jun 23 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31259]: pam_unix(cron:session): session closed for user root
Jun 23 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32617]: Invalid user term2 from 192.109.200.78
Jun 23 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32617]: input_userauth_request: invalid user term2 [preauth]
Jun 23 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32617]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32607]: Failed password for root from 91.92.40.11 port 53612 ssh2
Jun 23 17:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32617]: Failed password for invalid user term2 from 192.109.200.78 port 60136 ssh2
Jun 23 17:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32617]: Connection closed by 192.109.200.78 port 60136 [preauth]
Jun 23 17:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32607]: Connection closed by 91.92.40.11 port 53612 [preauth]
Jun 23 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Invalid user student from 192.109.200.78
Jun 23 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: input_userauth_request: invalid user student [preauth]
Jun 23 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Failed password for invalid user student from 192.109.200.78 port 60158 ssh2
Jun 23 17:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Connection closed by 192.109.200.78 port 60158 [preauth]
Jun 23 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: Invalid user node from 192.109.200.78
Jun 23 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: input_userauth_request: invalid user node [preauth]
Jun 23 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: Failed password for invalid user node from 192.109.200.78 port 60170 ssh2
Jun 23 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: Connection closed by 192.109.200.78 port 60170 [preauth]
Jun 23 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32663]: Invalid user appuser from 192.109.200.78
Jun 23 17:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32663]: input_userauth_request: invalid user appuser [preauth]
Jun 23 17:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32663]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32663]: Failed password for invalid user appuser from 192.109.200.78 port 51400 ssh2
Jun 23 17:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32663]: Connection closed by 192.109.200.78 port 51400 [preauth]
Jun 23 17:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: Invalid user sam from 192.109.200.78
Jun 23 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: input_userauth_request: invalid user sam [preauth]
Jun 23 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: Failed password for invalid user sam from 192.109.200.78 port 51414 ssh2
Jun 23 17:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: Connection closed by 192.109.200.78 port 51414 [preauth]
Jun 23 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: Invalid user appuser from 192.109.200.78
Jun 23 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: input_userauth_request: invalid user appuser [preauth]
Jun 23 17:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: Failed password for invalid user appuser from 192.109.200.78 port 51432 ssh2
Jun 23 17:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: Connection closed by 192.109.200.78 port 51432 [preauth]
Jun 23 17:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: Invalid user zabbix from 192.109.200.78
Jun 23 17:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: input_userauth_request: invalid user zabbix [preauth]
Jun 23 17:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: Failed password for invalid user zabbix from 192.109.200.78 port 43604 ssh2
Jun 23 17:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: Connection closed by 192.109.200.78 port 43604 [preauth]
Jun 23 17:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Invalid user admin from 192.109.200.78
Jun 23 17:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Failed password for invalid user admin from 192.109.200.78 port 43616 ssh2
Jun 23 17:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Connection closed by 192.109.200.78 port 43616 [preauth]
Jun 23 17:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Invalid user odoo17 from 192.109.200.78
Jun 23 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: input_userauth_request: invalid user odoo17 [preauth]
Jun 23 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32719]: pam_unix(cron:session): session closed for user root
Jun 23 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32714]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[322]: Successful su for rubyman by root
Jun 23 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[322]: + ??? root:rubyman
Jun 23 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578583 of user rubyman.
Jun 23 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[322]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578583.
Jun 23 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Failed password for invalid user odoo17 from 192.109.200.78 port 43618 ssh2
Jun 23 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Connection closed by 192.109.200.78 port 43618 [preauth]
Jun 23 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: Invalid user milad from 192.109.200.78
Jun 23 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: input_userauth_request: invalid user milad [preauth]
Jun 23 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session closed for user root
Jun 23 17:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32716]: pam_unix(cron:session): session closed for user root
Jun 23 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: Failed password for invalid user milad from 192.109.200.78 port 45738 ssh2
Jun 23 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: Connection closed by 192.109.200.78 port 45738 [preauth]
Jun 23 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32715]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Invalid user docker from 192.109.200.78
Jun 23 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: input_userauth_request: invalid user docker [preauth]
Jun 23 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Failed password for invalid user docker from 192.109.200.78 port 45750 ssh2
Jun 23 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Connection closed by 192.109.200.78 port 45750 [preauth]
Jun 23 17:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: Invalid user nexus from 192.109.200.78
Jun 23 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: input_userauth_request: invalid user nexus [preauth]
Jun 23 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: Failed password for invalid user nexus from 192.109.200.78 port 45762 ssh2
Jun 23 17:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: Connection closed by 192.109.200.78 port 45762 [preauth]
Jun 23 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: Invalid user user1 from 192.109.200.78
Jun 23 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: input_userauth_request: invalid user user1 [preauth]
Jun 23 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: Failed password for invalid user user1 from 192.109.200.78 port 40740 ssh2
Jun 23 17:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: Connection closed by 192.109.200.78 port 40740 [preauth]
Jun 23 17:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: Invalid user usuario from 192.109.200.78
Jun 23 17:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: input_userauth_request: invalid user usuario [preauth]
Jun 23 17:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: Failed password for invalid user usuario from 192.109.200.78 port 40742 ssh2
Jun 23 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: Connection closed by 192.109.200.78 port 40742 [preauth]
Jun 23 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Invalid user fa from 192.109.200.78
Jun 23 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: input_userauth_request: invalid user fa [preauth]
Jun 23 17:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Failed password for invalid user fa from 192.109.200.78 port 40746 ssh2
Jun 23 17:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Connection closed by 192.109.200.78 port 40746 [preauth]
Jun 23 17:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[732]: Invalid user deployer from 192.109.200.78
Jun 23 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[732]: input_userauth_request: invalid user deployer [preauth]
Jun 23 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[732]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[732]: Failed password for invalid user deployer from 192.109.200.78 port 44776 ssh2
Jun 23 17:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[732]: Connection closed by 192.109.200.78 port 44776 [preauth]
Jun 23 17:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Invalid user test from 192.109.200.78
Jun 23 17:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: input_userauth_request: invalid user test [preauth]
Jun 23 17:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Failed password for invalid user test from 192.109.200.78 port 44786 ssh2
Jun 23 17:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Connection closed by 192.109.200.78 port 44786 [preauth]
Jun 23 17:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[766]: Failed password for root from 192.109.200.78 port 44788 ssh2
Jun 23 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[766]: Connection closed by 192.109.200.78 port 44788 [preauth]
Jun 23 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session closed for user root
Jun 23 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Failed password for root from 192.109.200.78 port 35314 ssh2
Jun 23 17:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Connection closed by 192.109.200.78 port 35314 [preauth]
Jun 23 17:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: Invalid user rocky from 192.109.200.78
Jun 23 17:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: input_userauth_request: invalid user rocky [preauth]
Jun 23 17:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: Failed password for invalid user rocky from 192.109.200.78 port 35330 ssh2
Jun 23 17:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: Connection closed by 192.109.200.78 port 35330 [preauth]
Jun 23 17:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: Invalid user pi from 192.109.200.78
Jun 23 17:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: input_userauth_request: invalid user pi [preauth]
Jun 23 17:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: Failed password for invalid user pi from 192.109.200.78 port 35342 ssh2
Jun 23 17:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: Connection closed by 192.109.200.78 port 35342 [preauth]
Jun 23 17:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Failed password for root from 192.109.200.78 port 36756 ssh2
Jun 23 17:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Connection closed by 192.109.200.78 port 36756 [preauth]
Jun 23 17:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: Invalid user kevin from 192.109.200.78
Jun 23 17:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: input_userauth_request: invalid user kevin [preauth]
Jun 23 17:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: Failed password for invalid user kevin from 192.109.200.78 port 36782 ssh2
Jun 23 17:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: Connection closed by 192.109.200.78 port 36782 [preauth]
Jun 23 17:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[848]: Invalid user playground from 192.109.200.78
Jun 23 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[848]: input_userauth_request: invalid user playground [preauth]
Jun 23 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[848]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[848]: Failed password for invalid user playground from 192.109.200.78 port 36796 ssh2
Jun 23 17:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[848]: Connection closed by 192.109.200.78 port 36796 [preauth]
Jun 23 17:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Invalid user cloud-user from 192.109.200.78
Jun 23 17:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: input_userauth_request: invalid user cloud-user [preauth]
Jun 23 17:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[860]: Received disconnect from 128.0.104.39 port 44858:11: disconnected by user [preauth]
Jun 23 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[860]: Disconnected from 128.0.104.39 port 44858 [preauth]
Jun 23 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Failed password for invalid user cloud-user from 192.109.200.78 port 46414 ssh2
Jun 23 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Connection closed by 192.109.200.78 port 46414 [preauth]
Jun 23 17:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: Failed password for root from 192.109.200.78 port 46430 ssh2
Jun 23 17:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: Connection closed by 192.109.200.78 port 46430 [preauth]
Jun 23 17:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[878]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[951]: Successful su for rubyman by root
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[951]: + ??? root:rubyman
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578588 of user rubyman.
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[951]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578588.
Jun 23 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: Failed password for root from 192.109.200.78 port 46434 ssh2
Jun 23 17:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[875]: Connection closed by 192.109.200.78 port 46434 [preauth]
Jun 23 17:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Invalid user appuser from 192.109.200.78
Jun 23 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: input_userauth_request: invalid user appuser [preauth]
Jun 23 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30237]: pam_unix(cron:session): session closed for user root
Jun 23 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[879]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Failed password for invalid user appuser from 192.109.200.78 port 48774 ssh2
Jun 23 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Connection closed by 192.109.200.78 port 48774 [preauth]
Jun 23 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Failed password for root from 91.92.40.11 port 49702 ssh2
Jun 23 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: Invalid user admin from 192.109.200.78
Jun 23 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Connection closed by 91.92.40.11 port 49702 [preauth]
Jun 23 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: Failed password for invalid user admin from 192.109.200.78 port 48776 ssh2
Jun 23 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: Connection closed by 192.109.200.78 port 48776 [preauth]
Jun 23 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Invalid user deployer from 192.109.200.78
Jun 23 17:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: input_userauth_request: invalid user deployer [preauth]
Jun 23 17:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Failed password for invalid user deployer from 192.109.200.78 port 48778 ssh2
Jun 23 17:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Connection closed by 192.109.200.78 port 48778 [preauth]
Jun 23 17:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: Failed password for root from 192.109.200.78 port 38220 ssh2
Jun 23 17:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: Connection closed by 192.109.200.78 port 38220 [preauth]
Jun 23 17:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: Failed password for root from 192.109.200.78 port 38234 ssh2
Jun 23 17:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: Connection closed by 192.109.200.78 port 38234 [preauth]
Jun 23 17:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Invalid user myuser from 192.109.200.78
Jun 23 17:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: input_userauth_request: invalid user myuser [preauth]
Jun 23 17:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Failed password for invalid user myuser from 192.109.200.78 port 38240 ssh2
Jun 23 17:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Connection closed by 192.109.200.78 port 38240 [preauth]
Jun 23 17:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Invalid user admin from 192.109.200.78
Jun 23 17:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Failed password for invalid user admin from 192.109.200.78 port 54680 ssh2
Jun 23 17:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Connection closed by 192.109.200.78 port 54680 [preauth]
Jun 23 17:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: Invalid user sam from 192.109.200.78
Jun 23 17:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: input_userauth_request: invalid user sam [preauth]
Jun 23 17:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: Failed password for invalid user sam from 192.109.200.78 port 54694 ssh2
Jun 23 17:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: Connection closed by 192.109.200.78 port 54694 [preauth]
Jun 23 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Invalid user fivem from 192.109.200.78
Jun 23 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: input_userauth_request: invalid user fivem [preauth]
Jun 23 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Failed password for invalid user fivem from 192.109.200.78 port 54706 ssh2
Jun 23 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Connection closed by 192.109.200.78 port 54706 [preauth]
Jun 23 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: Invalid user opc from 192.109.200.78
Jun 23 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: input_userauth_request: invalid user opc [preauth]
Jun 23 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Failed password for root from 62.133.62.83 port 43974 ssh2
Jun 23 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Connection closed by 62.133.62.83 port 43974 [preauth]
Jun 23 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32267]: pam_unix(cron:session): session closed for user root
Jun 23 17:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: Failed password for invalid user opc from 192.109.200.78 port 37238 ssh2
Jun 23 17:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: Connection closed by 192.109.200.78 port 37238 [preauth]
Jun 23 17:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1314]: Invalid user admin from 192.109.200.78
Jun 23 17:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1314]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1314]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1314]: Failed password for invalid user admin from 192.109.200.78 port 37242 ssh2
Jun 23 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1314]: Connection closed by 192.109.200.78 port 37242 [preauth]
Jun 23 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Invalid user fastuser from 192.109.200.78
Jun 23 17:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: input_userauth_request: invalid user fastuser [preauth]
Jun 23 17:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Failed password for invalid user fastuser from 192.109.200.78 port 37252 ssh2
Jun 23 17:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Connection closed by 192.109.200.78 port 37252 [preauth]
Jun 23 17:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Invalid user onkar from 192.109.200.78
Jun 23 17:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: input_userauth_request: invalid user onkar [preauth]
Jun 23 17:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Failed password for invalid user onkar from 192.109.200.78 port 36172 ssh2
Jun 23 17:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Connection closed by 192.109.200.78 port 36172 [preauth]
Jun 23 17:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Failed password for root from 192.109.200.78 port 36192 ssh2
Jun 23 17:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Connection closed by 192.109.200.78 port 36192 [preauth]
Jun 23 17:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Invalid user user from 192.109.200.78
Jun 23 17:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: input_userauth_request: invalid user user [preauth]
Jun 23 17:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Failed password for invalid user user from 192.109.200.78 port 36232 ssh2
Jun 23 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Connection closed by 192.109.200.78 port 36232 [preauth]
Jun 23 17:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Invalid user ossuser from 192.109.200.78
Jun 23 17:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: input_userauth_request: invalid user ossuser [preauth]
Jun 23 17:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Failed password for invalid user ossuser from 192.109.200.78 port 36268 ssh2
Jun 23 17:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Connection closed by 192.109.200.78 port 36268 [preauth]
Jun 23 17:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Invalid user user from 192.109.200.78
Jun 23 17:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: input_userauth_request: invalid user user [preauth]
Jun 23 17:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Failed password for invalid user user from 192.109.200.78 port 43086 ssh2
Jun 23 17:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Connection closed by 192.109.200.78 port 43086 [preauth]
Jun 23 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: Failed password for root from 192.109.200.78 port 43092 ssh2
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1389]: Connection closed by 192.109.200.78 port 43092 [preauth]
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1405]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: Invalid user sam from 192.109.200.78
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: input_userauth_request: invalid user sam [preauth]
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1563]: Successful su for rubyman by root
Jun 23 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1563]: + ??? root:rubyman
Jun 23 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578592 of user rubyman.
Jun 23 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1563]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578592.
Jun 23 17:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: Failed password for invalid user sam from 192.109.200.78 port 43096 ssh2
Jun 23 17:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: Connection closed by 192.109.200.78 port 43096 [preauth]
Jun 23 17:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30718]: pam_unix(cron:session): session closed for user root
Jun 23 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: Invalid user vyos from 192.109.200.78
Jun 23 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: input_userauth_request: invalid user vyos [preauth]
Jun 23 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1408]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: Failed password for invalid user vyos from 192.109.200.78 port 54690 ssh2
Jun 23 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: Connection closed by 192.109.200.78 port 54690 [preauth]
Jun 23 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: Invalid user ghost from 192.109.200.78
Jun 23 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: input_userauth_request: invalid user ghost [preauth]
Jun 23 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: Failed password for invalid user ghost from 192.109.200.78 port 54696 ssh2
Jun 23 17:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: Connection closed by 192.109.200.78 port 54696 [preauth]
Jun 23 17:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: Invalid user fivem from 192.109.200.78
Jun 23 17:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: input_userauth_request: invalid user fivem [preauth]
Jun 23 17:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: Failed password for invalid user fivem from 192.109.200.78 port 54698 ssh2
Jun 23 17:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: Connection closed by 192.109.200.78 port 54698 [preauth]
Jun 23 17:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for root from 192.109.200.78 port 33172 ssh2
Jun 23 17:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Connection closed by 192.109.200.78 port 33172 [preauth]
Jun 23 17:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Invalid user splunk from 192.109.200.78
Jun 23 17:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: input_userauth_request: invalid user splunk [preauth]
Jun 23 17:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Failed password for invalid user splunk from 192.109.200.78 port 33194 ssh2
Jun 23 17:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Connection closed by 192.109.200.78 port 33194 [preauth]
Jun 23 17:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Failed password for root from 192.109.200.78 port 33222 ssh2
Jun 23 17:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Connection closed by 192.109.200.78 port 33222 [preauth]
Jun 23 17:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Invalid user ansible from 192.109.200.78
Jun 23 17:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: input_userauth_request: invalid user ansible [preauth]
Jun 23 17:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Failed password for invalid user ansible from 192.109.200.78 port 35340 ssh2
Jun 23 17:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Connection closed by 192.109.200.78 port 35340 [preauth]
Jun 23 17:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: Invalid user developer from 192.109.200.78
Jun 23 17:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: input_userauth_request: invalid user developer [preauth]
Jun 23 17:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: Failed password for invalid user developer from 192.109.200.78 port 35352 ssh2
Jun 23 17:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: Connection closed by 192.109.200.78 port 35352 [preauth]
Jun 23 17:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: Invalid user bernard from 192.109.200.78
Jun 23 17:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: input_userauth_request: invalid user bernard [preauth]
Jun 23 17:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: Failed password for invalid user bernard from 192.109.200.78 port 35354 ssh2
Jun 23 17:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: Connection closed by 192.109.200.78 port 35354 [preauth]
Jun 23 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: Invalid user teamspeak from 192.109.200.78
Jun 23 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32718]: pam_unix(cron:session): session closed for user root
Jun 23 17:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: Failed password for invalid user teamspeak from 192.109.200.78 port 33762 ssh2
Jun 23 17:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: Connection closed by 192.109.200.78 port 33762 [preauth]
Jun 23 17:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Failed password for root from 91.92.40.11 port 41696 ssh2
Jun 23 17:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Connection closed by 91.92.40.11 port 41696 [preauth]
Jun 23 17:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: Invalid user user from 192.109.200.78
Jun 23 17:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: input_userauth_request: invalid user user [preauth]
Jun 23 17:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: Failed password for invalid user user from 192.109.200.78 port 33766 ssh2
Jun 23 17:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: Connection closed by 192.109.200.78 port 33766 [preauth]
Jun 23 17:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: Failed password for root from 192.109.200.78 port 33768 ssh2
Jun 23 17:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: Connection closed by 192.109.200.78 port 33768 [preauth]
Jun 23 17:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1932]: Failed password for root from 192.109.200.78 port 37164 ssh2
Jun 23 17:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1932]: Connection closed by 192.109.200.78 port 37164 [preauth]
Jun 23 17:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Invalid user sftpuser from 192.109.200.78
Jun 23 17:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: input_userauth_request: invalid user sftpuser [preauth]
Jun 23 17:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Failed password for invalid user sftpuser from 192.109.200.78 port 37174 ssh2
Jun 23 17:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Connection closed by 192.109.200.78 port 37174 [preauth]
Jun 23 17:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: Invalid user system from 192.109.200.78
Jun 23 17:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: input_userauth_request: invalid user system [preauth]
Jun 23 17:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: Failed password for invalid user system from 192.109.200.78 port 37180 ssh2
Jun 23 17:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: Connection closed by 192.109.200.78 port 37180 [preauth]
Jun 23 17:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: User mysql from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: input_userauth_request: invalid user mysql [preauth]
Jun 23 17:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=mysql
Jun 23 17:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: Failed password for invalid user mysql from 192.109.200.78 port 56760 ssh2
Jun 23 17:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: Connection closed by 192.109.200.78 port 56760 [preauth]
Jun 23 17:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: Failed password for root from 192.109.200.78 port 56768 ssh2
Jun 23 17:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: Connection closed by 192.109.200.78 port 56768 [preauth]
Jun 23 17:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Invalid user user from 192.109.200.78
Jun 23 17:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: input_userauth_request: invalid user user [preauth]
Jun 23 17:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2015]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: Successful su for rubyman by root
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: + ??? root:rubyman
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578596 of user rubyman.
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578596.
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for invalid user user from 192.109.200.78 port 56782 ssh2
Jun 23 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Connection closed by 192.109.200.78 port 56782 [preauth]
Jun 23 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: Invalid user zimbra from 192.109.200.78
Jun 23 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: input_userauth_request: invalid user zimbra [preauth]
Jun 23 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31258]: pam_unix(cron:session): session closed for user root
Jun 23 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: Failed password for invalid user zimbra from 192.109.200.78 port 55486 ssh2
Jun 23 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: Connection closed by 192.109.200.78 port 55486 [preauth]
Jun 23 17:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2016]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: User ftp from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: input_userauth_request: invalid user ftp [preauth]
Jun 23 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=ftp
Jun 23 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: Failed password for invalid user ftp from 192.109.200.78 port 55506 ssh2
Jun 23 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: Connection closed by 192.109.200.78 port 55506 [preauth]
Jun 23 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: Failed password for invalid user ubuntu from 192.109.200.78 port 55524 ssh2
Jun 23 17:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: Connection closed by 192.109.200.78 port 55524 [preauth]
Jun 23 17:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Failed password for root from 192.109.200.78 port 39378 ssh2
Jun 23 17:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Connection closed by 192.109.200.78 port 39378 [preauth]
Jun 23 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: Failed password for root from 192.109.200.78 port 39386 ssh2
Jun 23 17:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: Connection closed by 192.109.200.78 port 39386 [preauth]
Jun 23 17:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Invalid user dspace from 192.109.200.78
Jun 23 17:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: input_userauth_request: invalid user dspace [preauth]
Jun 23 17:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Failed password for invalid user dspace from 192.109.200.78 port 39400 ssh2
Jun 23 17:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Connection closed by 192.109.200.78 port 39400 [preauth]
Jun 23 17:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Invalid user oscar from 192.109.200.78
Jun 23 17:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: input_userauth_request: invalid user oscar [preauth]
Jun 23 17:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Failed password for invalid user oscar from 192.109.200.78 port 46462 ssh2
Jun 23 17:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Connection closed by 192.109.200.78 port 46462 [preauth]
Jun 23 17:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Invalid user minecraft from 192.109.200.78
Jun 23 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Failed password for invalid user minecraft from 192.109.200.78 port 46466 ssh2
Jun 23 17:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Connection closed by 192.109.200.78 port 46466 [preauth]
Jun 23 17:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: Invalid user user1 from 192.109.200.78
Jun 23 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: input_userauth_request: invalid user user1 [preauth]
Jun 23 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 17:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: Failed password for invalid user user1 from 192.109.200.78 port 46478 ssh2
Jun 23 17:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: Connection closed by 192.109.200.78 port 46478 [preauth]
Jun 23 17:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: Invalid user labuser from 192.109.200.78
Jun 23 17:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: input_userauth_request: invalid user labuser [preauth]
Jun 23 17:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: Failed password for root from 202.178.126.219 port 33356 ssh2
Jun 23 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[881]: pam_unix(cron:session): session closed for user root
Jun 23 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: Connection closed by 202.178.126.219 port 33356 [preauth]
Jun 23 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: Failed password for invalid user labuser from 192.109.200.78 port 33820 ssh2
Jun 23 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: Connection closed by 192.109.200.78 port 33820 [preauth]
Jun 23 17:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Invalid user devops from 192.109.200.78
Jun 23 17:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: input_userauth_request: invalid user devops [preauth]
Jun 23 17:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Failed password for invalid user devops from 192.109.200.78 port 33848 ssh2
Jun 23 17:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Connection closed by 192.109.200.78 port 33848 [preauth]
Jun 23 17:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Invalid user user1 from 192.109.200.78
Jun 23 17:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: input_userauth_request: invalid user user1 [preauth]
Jun 23 17:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Failed password for invalid user user1 from 192.109.200.78 port 33870 ssh2
Jun 23 17:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Connection closed by 192.109.200.78 port 33870 [preauth]
Jun 23 17:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Failed password for root from 192.109.200.78 port 47568 ssh2
Jun 23 17:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Connection closed by 192.109.200.78 port 47568 [preauth]
Jun 23 17:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Failed password for root from 192.109.200.78 port 47570 ssh2
Jun 23 17:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Connection closed by 192.109.200.78 port 47570 [preauth]
Jun 23 17:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: Invalid user vagrant from 192.109.200.78
Jun 23 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: input_userauth_request: invalid user vagrant [preauth]
Jun 23 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: Failed password for invalid user vagrant from 192.109.200.78 port 47584 ssh2
Jun 23 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: Connection closed by 192.109.200.78 port 47584 [preauth]
Jun 23 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Failed password for root from 193.24.211.107 port 15553 ssh2
Jun 23 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Received disconnect from 193.24.211.107 port 15553:11: Client disconnecting normally [preauth]
Jun 23 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Disconnected from 193.24.211.107 port 15553 [preauth]
Jun 23 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Invalid user myuser from 192.109.200.78
Jun 23 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: input_userauth_request: invalid user myuser [preauth]
Jun 23 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Failed password for invalid user myuser from 192.109.200.78 port 47218 ssh2
Jun 23 17:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Connection closed by 192.109.200.78 port 47218 [preauth]
Jun 23 17:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: Invalid user master from 192.109.200.78
Jun 23 17:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: input_userauth_request: invalid user master [preauth]
Jun 23 17:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: Failed password for invalid user master from 192.109.200.78 port 47222 ssh2
Jun 23 17:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: Connection closed by 192.109.200.78 port 47222 [preauth]
Jun 23 17:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2494]: Invalid user chemlab from 117.33.242.180
Jun 23 17:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2494]: input_userauth_request: invalid user chemlab [preauth]
Jun 23 17:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2494]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.33.242.180
Jun 23 17:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2502]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2494]: Failed password for invalid user chemlab from 117.33.242.180 port 43356 ssh2
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2494]: Received disconnect from 117.33.242.180 port 43356:11: Bye Bye [preauth]
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2494]: Disconnected from 117.33.242.180 port 43356 [preauth]
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: Successful su for rubyman by root
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: + ??? root:rubyman
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: Failed password for root from 192.109.200.78 port 47234 ssh2
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578601 of user rubyman.
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578601.
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: Connection closed by 192.109.200.78 port 47234 [preauth]
Jun 23 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: Invalid user kipt from 192.109.200.78
Jun 23 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: input_userauth_request: invalid user kipt [preauth]
Jun 23 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session closed for user root
Jun 23 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2499]: Failed password for root from 91.92.40.11 port 55778 ssh2
Jun 23 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: Failed password for invalid user kipt from 192.109.200.78 port 47240 ssh2
Jun 23 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2499]: Connection closed by 91.92.40.11 port 55778 [preauth]
Jun 23 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: Connection closed by 192.109.200.78 port 47240 [preauth]
Jun 23 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Invalid user debian from 192.109.200.78
Jun 23 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: input_userauth_request: invalid user debian [preauth]
Jun 23 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2503]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Failed password for invalid user debian from 192.109.200.78 port 60600 ssh2
Jun 23 17:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Connection closed by 192.109.200.78 port 60600 [preauth]
Jun 23 17:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: Failed password for root from 192.109.200.78 port 60614 ssh2
Jun 23 17:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: Connection closed by 192.109.200.78 port 60614 [preauth]
Jun 23 17:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Invalid user ali from 192.109.200.78
Jun 23 17:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: input_userauth_request: invalid user ali [preauth]
Jun 23 17:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Failed password for invalid user ali from 192.109.200.78 port 60626 ssh2
Jun 23 17:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Connection closed by 192.109.200.78 port 60626 [preauth]
Jun 23 17:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Failed password for root from 192.109.200.78 port 58286 ssh2
Jun 23 17:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Connection closed by 192.109.200.78 port 58286 [preauth]
Jun 23 17:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Invalid user localhost from 192.109.200.78
Jun 23 17:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: input_userauth_request: invalid user localhost [preauth]
Jun 23 17:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Failed password for invalid user localhost from 192.109.200.78 port 58304 ssh2
Jun 23 17:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Connection closed by 192.109.200.78 port 58304 [preauth]
Jun 23 17:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Failed password for root from 192.109.200.78 port 58316 ssh2
Jun 23 17:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Connection closed by 192.109.200.78 port 58316 [preauth]
Jun 23 17:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Failed password for root from 192.109.200.78 port 52482 ssh2
Jun 23 17:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Connection closed by 192.109.200.78 port 52482 [preauth]
Jun 23 17:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: Failed password for root from 192.109.200.78 port 52488 ssh2
Jun 23 17:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: Connection closed by 192.109.200.78 port 52488 [preauth]
Jun 23 17:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Invalid user wso2 from 192.109.200.78
Jun 23 17:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: input_userauth_request: invalid user wso2 [preauth]
Jun 23 17:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Failed password for invalid user wso2 from 192.109.200.78 port 52494 ssh2
Jun 23 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session closed for user root
Jun 23 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Connection closed by 192.109.200.78 port 52494 [preauth]
Jun 23 17:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Failed password for root from 192.109.200.78 port 38422 ssh2
Jun 23 17:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Connection closed by 192.109.200.78 port 38422 [preauth]
Jun 23 17:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Invalid user frappe from 192.109.200.78
Jun 23 17:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: input_userauth_request: invalid user frappe [preauth]
Jun 23 17:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Failed password for invalid user frappe from 192.109.200.78 port 38438 ssh2
Jun 23 17:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Connection closed by 192.109.200.78 port 38438 [preauth]
Jun 23 17:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: Invalid user erpnext from 192.109.200.78
Jun 23 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: input_userauth_request: invalid user erpnext [preauth]
Jun 23 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: Failed password for invalid user erpnext from 192.109.200.78 port 38448 ssh2
Jun 23 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: Connection closed by 192.109.200.78 port 38448 [preauth]
Jun 23 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: Invalid user amit from 192.109.200.78
Jun 23 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: input_userauth_request: invalid user amit [preauth]
Jun 23 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: Failed password for invalid user amit from 192.109.200.78 port 52370 ssh2
Jun 23 17:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: Connection closed by 192.109.200.78 port 52370 [preauth]
Jun 23 17:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2928]: User ftp from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2928]: input_userauth_request: invalid user ftp [preauth]
Jun 23 17:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=ftp
Jun 23 17:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2928]: Failed password for invalid user ftp from 192.109.200.78 port 52398 ssh2
Jun 23 17:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2928]: Connection closed by 192.109.200.78 port 52398 [preauth]
Jun 23 17:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Failed password for root from 192.109.200.78 port 52426 ssh2
Jun 23 17:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Connection closed by 192.109.200.78 port 52426 [preauth]
Jun 23 17:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Failed password for root from 192.109.200.78 port 40886 ssh2
Jun 23 17:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Connection closed by 192.109.200.78 port 40886 [preauth]
Jun 23 17:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: Failed password for root from 192.109.200.78 port 40902 ssh2
Jun 23 17:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: Connection closed by 192.109.200.78 port 40902 [preauth]
Jun 23 17:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: Invalid user student from 192.109.200.78
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: input_userauth_request: invalid user student [preauth]
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2969]: pam_unix(cron:session): session closed for user root
Jun 23 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2964]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3036]: Successful su for rubyman by root
Jun 23 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3036]: + ??? root:rubyman
Jun 23 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578606 of user rubyman.
Jun 23 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3036]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578606.
Jun 23 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: Failed password for invalid user student from 192.109.200.78 port 40908 ssh2
Jun 23 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: Connection closed by 192.109.200.78 port 40908 [preauth]
Jun 23 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2966]: pam_unix(cron:session): session closed for user root
Jun 23 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32266]: pam_unix(cron:session): session closed for user root
Jun 23 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Failed password for root from 192.109.200.78 port 57924 ssh2
Jun 23 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Connection closed by 192.109.200.78 port 57924 [preauth]
Jun 23 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2965]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: Invalid user steam from 192.109.200.78
Jun 23 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: input_userauth_request: invalid user steam [preauth]
Jun 23 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: Failed password for invalid user steam from 192.109.200.78 port 57936 ssh2
Jun 23 17:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: Connection closed by 192.109.200.78 port 57936 [preauth]
Jun 23 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Invalid user sam from 192.109.200.78
Jun 23 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: input_userauth_request: invalid user sam [preauth]
Jun 23 17:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Failed password for invalid user sam from 192.109.200.78 port 57946 ssh2
Jun 23 17:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Connection closed by 192.109.200.78 port 57946 [preauth]
Jun 23 17:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Invalid user ftpuser from 192.109.200.78
Jun 23 17:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 17:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 17:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Failed password for invalid user ftpuser from 192.109.200.78 port 38650 ssh2
Jun 23 17:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Connection closed by 192.109.200.78 port 38650 [preauth]
Jun 23 17:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: Failed password for root from 103.149.28.157 port 57512 ssh2
Jun 23 17:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: Connection closed by 103.149.28.157 port 57512 [preauth]
Jun 23 17:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: Invalid user erp from 192.109.200.78
Jun 23 17:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: input_userauth_request: invalid user erp [preauth]
Jun 23 17:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: Failed password for invalid user erp from 192.109.200.78 port 38666 ssh2
Jun 23 17:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: Connection closed by 192.109.200.78 port 38666 [preauth]
Jun 23 17:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Invalid user minecraft from 192.109.200.78
Jun 23 17:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 17:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Failed password for invalid user minecraft from 192.109.200.78 port 38676 ssh2
Jun 23 17:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Connection closed by 192.109.200.78 port 38676 [preauth]
Jun 23 17:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: Failed password for root from 192.109.200.78 port 45320 ssh2
Jun 23 17:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: Connection closed by 192.109.200.78 port 45320 [preauth]
Jun 23 17:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Invalid user developer from 192.109.200.78
Jun 23 17:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: input_userauth_request: invalid user developer [preauth]
Jun 23 17:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Failed password for root from 91.92.40.11 port 47044 ssh2
Jun 23 17:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Connection closed by 91.92.40.11 port 47044 [preauth]
Jun 23 17:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Failed password for invalid user developer from 192.109.200.78 port 45332 ssh2
Jun 23 17:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Connection closed by 192.109.200.78 port 45332 [preauth]
Jun 23 17:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: Invalid user lucas from 192.109.200.78
Jun 23 17:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: input_userauth_request: invalid user lucas [preauth]
Jun 23 17:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session closed for user root
Jun 23 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: Failed password for invalid user lucas from 192.109.200.78 port 45340 ssh2
Jun 23 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: Connection closed by 192.109.200.78 port 45340 [preauth]
Jun 23 17:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: Invalid user minecraft from 192.109.200.78
Jun 23 17:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 17:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: Failed password for invalid user minecraft from 192.109.200.78 port 54752 ssh2
Jun 23 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: Connection closed by 192.109.200.78 port 54752 [preauth]
Jun 23 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Invalid user gabriel from 192.109.200.78
Jun 23 17:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: input_userauth_request: invalid user gabriel [preauth]
Jun 23 17:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Failed password for invalid user gabriel from 192.109.200.78 port 54766 ssh2
Jun 23 17:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Connection closed by 192.109.200.78 port 54766 [preauth]
Jun 23 17:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Failed password for root from 192.109.200.78 port 54780 ssh2
Jun 23 17:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Connection closed by 192.109.200.78 port 54780 [preauth]
Jun 23 17:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Invalid user user from 192.109.200.78
Jun 23 17:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: input_userauth_request: invalid user user [preauth]
Jun 23 17:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Failed password for invalid user user from 192.109.200.78 port 59672 ssh2
Jun 23 17:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Connection closed by 192.109.200.78 port 59672 [preauth]
Jun 23 17:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: Failed password for root from 192.109.200.78 port 59674 ssh2
Jun 23 17:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: Connection closed by 192.109.200.78 port 59674 [preauth]
Jun 23 17:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: Invalid user martin from 192.109.200.78
Jun 23 17:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: input_userauth_request: invalid user martin [preauth]
Jun 23 17:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: Failed password for invalid user martin from 192.109.200.78 port 59684 ssh2
Jun 23 17:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: Connection closed by 192.109.200.78 port 59684 [preauth]
Jun 23 17:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: Invalid user guest from 192.109.200.78
Jun 23 17:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: input_userauth_request: invalid user guest [preauth]
Jun 23 17:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: Failed password for invalid user guest from 192.109.200.78 port 51106 ssh2
Jun 23 17:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3412]: Connection closed by 192.109.200.78 port 51106 [preauth]
Jun 23 17:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Failed password for root from 192.109.200.78 port 51120 ssh2
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Connection closed by 192.109.200.78 port 51120 [preauth]
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: Invalid user omm from 192.109.200.78
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: input_userauth_request: invalid user omm [preauth]
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3428]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3498]: Successful su for rubyman by root
Jun 23 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3498]: + ??? root:rubyman
Jun 23 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578611 of user rubyman.
Jun 23 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3498]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578611.
Jun 23 17:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: Failed password for invalid user omm from 192.109.200.78 port 51130 ssh2
Jun 23 17:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: Connection closed by 192.109.200.78 port 51130 [preauth]
Jun 23 17:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Invalid user oscar from 192.109.200.78
Jun 23 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: input_userauth_request: invalid user oscar [preauth]
Jun 23 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32717]: pam_unix(cron:session): session closed for user root
Jun 23 17:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3429]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Failed password for invalid user oscar from 192.109.200.78 port 34800 ssh2
Jun 23 17:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Connection closed by 192.109.200.78 port 34800 [preauth]
Jun 23 17:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: Failed password for root from 192.109.200.78 port 34814 ssh2
Jun 23 17:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: Connection closed by 192.109.200.78 port 34814 [preauth]
Jun 23 17:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: Invalid user admin1 from 192.109.200.78
Jun 23 17:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 17:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: Failed password for invalid user admin1 from 192.109.200.78 port 34828 ssh2
Jun 23 17:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: Connection closed by 192.109.200.78 port 34828 [preauth]
Jun 23 17:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Invalid user claude from 192.109.200.78
Jun 23 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: input_userauth_request: invalid user claude [preauth]
Jun 23 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Failed password for invalid user claude from 192.109.200.78 port 44190 ssh2
Jun 23 17:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Connection closed by 192.109.200.78 port 44190 [preauth]
Jun 23 17:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Invalid user deploy from 192.109.200.78
Jun 23 17:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Failed password for invalid user deploy from 192.109.200.78 port 44196 ssh2
Jun 23 17:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Connection closed by 192.109.200.78 port 44196 [preauth]
Jun 23 17:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: Failed password for root from 192.109.200.78 port 44200 ssh2
Jun 23 17:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: Connection closed by 192.109.200.78 port 44200 [preauth]
Jun 23 17:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Invalid user amin from 192.109.200.78
Jun 23 17:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: input_userauth_request: invalid user amin [preauth]
Jun 23 17:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Failed password for invalid user amin from 192.109.200.78 port 46334 ssh2
Jun 23 17:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Connection closed by 192.109.200.78 port 46334 [preauth]
Jun 23 17:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: Failed password for root from 192.109.200.78 port 46364 ssh2
Jun 23 17:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: Connection closed by 192.109.200.78 port 46364 [preauth]
Jun 23 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Invalid user appuser from 192.109.200.78
Jun 23 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: input_userauth_request: invalid user appuser [preauth]
Jun 23 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session closed for user root
Jun 23 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Failed password for invalid user appuser from 192.109.200.78 port 46388 ssh2
Jun 23 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Connection closed by 192.109.200.78 port 46388 [preauth]
Jun 23 17:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: Failed password for root from 192.109.200.78 port 36996 ssh2
Jun 23 17:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: Connection closed by 192.109.200.78 port 36996 [preauth]
Jun 23 17:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Invalid user admin from 192.109.200.78
Jun 23 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Failed password for invalid user admin from 192.109.200.78 port 37022 ssh2
Jun 23 17:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Connection closed by 192.109.200.78 port 37022 [preauth]
Jun 23 17:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: Invalid user guest from 192.109.200.78
Jun 23 17:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: input_userauth_request: invalid user guest [preauth]
Jun 23 17:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: Failed password for invalid user guest from 192.109.200.78 port 37040 ssh2
Jun 23 17:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: Connection closed by 192.109.200.78 port 37040 [preauth]
Jun 23 17:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: Failed password for root from 192.109.200.78 port 38734 ssh2
Jun 23 17:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: Connection closed by 192.109.200.78 port 38734 [preauth]
Jun 23 17:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Invalid user packer from 192.109.200.78
Jun 23 17:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: input_userauth_request: invalid user packer [preauth]
Jun 23 17:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Failed password for invalid user packer from 192.109.200.78 port 38750 ssh2
Jun 23 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Connection closed by 192.109.200.78 port 38750 [preauth]
Jun 23 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: Invalid user cloud from 192.109.200.78
Jun 23 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: input_userauth_request: invalid user cloud [preauth]
Jun 23 17:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: Failed password for invalid user cloud from 192.109.200.78 port 38756 ssh2
Jun 23 17:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: Connection closed by 192.109.200.78 port 38756 [preauth]
Jun 23 17:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Invalid user user from 192.109.200.78
Jun 23 17:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: input_userauth_request: invalid user user [preauth]
Jun 23 17:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Failed password for invalid user user from 192.109.200.78 port 49060 ssh2
Jun 23 17:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Connection closed by 192.109.200.78 port 49060 [preauth]
Jun 23 17:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=root
Jun 23 17:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Failed password for root from 91.92.40.11 port 37906 ssh2
Jun 23 17:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Connection closed by 91.92.40.11 port 37906 [preauth]
Jun 23 17:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: Failed password for root from 192.109.200.78 port 49082 ssh2
Jun 23 17:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: Connection closed by 192.109.200.78 port 49082 [preauth]
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4133]: Successful su for rubyman by root
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4133]: + ??? root:rubyman
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578615 of user rubyman.
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4133]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578615.
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Invalid user deploy from 192.109.200.78
Jun 23 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Failed password for invalid user deploy from 192.109.200.78 port 49118 ssh2
Jun 23 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Connection closed by 192.109.200.78 port 49118 [preauth]
Jun 23 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[880]: pam_unix(cron:session): session closed for user root
Jun 23 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: User nobody from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: input_userauth_request: invalid user nobody [preauth]
Jun 23 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=nobody
Jun 23 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: Failed password for invalid user nobody from 192.109.200.78 port 58186 ssh2
Jun 23 17:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: Connection closed by 192.109.200.78 port 58186 [preauth]
Jun 23 17:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Invalid user deployer from 192.109.200.78
Jun 23 17:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: input_userauth_request: invalid user deployer [preauth]
Jun 23 17:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Failed password for invalid user deployer from 192.109.200.78 port 58198 ssh2
Jun 23 17:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Connection closed by 192.109.200.78 port 58198 [preauth]
Jun 23 17:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: Invalid user user10 from 192.109.200.78
Jun 23 17:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: input_userauth_request: invalid user user10 [preauth]
Jun 23 17:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: Failed password for invalid user user10 from 192.109.200.78 port 58214 ssh2
Jun 23 17:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: Connection closed by 192.109.200.78 port 58214 [preauth]
Jun 23 17:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Failed password for root from 192.109.200.78 port 46466 ssh2
Jun 23 17:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Connection closed by 192.109.200.78 port 46466 [preauth]
Jun 23 17:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Invalid user dmdba from 192.109.200.78
Jun 23 17:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: input_userauth_request: invalid user dmdba [preauth]
Jun 23 17:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Failed password for invalid user dmdba from 192.109.200.78 port 46496 ssh2
Jun 23 17:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Connection closed by 192.109.200.78 port 46496 [preauth]
Jun 23 17:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Failed password for root from 192.109.200.78 port 46520 ssh2
Jun 23 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Connection closed by 192.109.200.78 port 46520 [preauth]
Jun 23 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: Invalid user scorpio from 181.188.148.74
Jun 23 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: input_userauth_request: invalid user scorpio [preauth]
Jun 23 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Invalid user nexus from 192.109.200.78
Jun 23 17:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: input_userauth_request: invalid user nexus [preauth]
Jun 23 17:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: Failed password for invalid user scorpio from 181.188.148.74 port 40720 ssh2
Jun 23 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Failed password for invalid user nexus from 192.109.200.78 port 47472 ssh2
Jun 23 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: Received disconnect from 181.188.148.74 port 40720:11: Bye Bye [preauth]
Jun 23 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: Disconnected from 181.188.148.74 port 40720 [preauth]
Jun 23 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Connection closed by 192.109.200.78 port 47472 [preauth]
Jun 23 17:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Invalid user jellyfin from 192.109.200.78
Jun 23 17:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: input_userauth_request: invalid user jellyfin [preauth]
Jun 23 17:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Failed password for invalid user jellyfin from 192.109.200.78 port 47486 ssh2
Jun 23 17:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Connection closed by 192.109.200.78 port 47486 [preauth]
Jun 23 17:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2968]: pam_unix(cron:session): session closed for user root
Jun 23 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: Failed password for root from 192.109.200.78 port 47508 ssh2
Jun 23 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: Connection closed by 192.109.200.78 port 47508 [preauth]
Jun 23 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4445]: Failed password for root from 192.109.200.78 port 39430 ssh2
Jun 23 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4445]: Connection closed by 192.109.200.78 port 39430 [preauth]
Jun 23 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: Invalid user admin from 192.109.200.78
Jun 23 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: Failed password for invalid user admin from 192.109.200.78 port 39434 ssh2
Jun 23 17:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: Connection closed by 192.109.200.78 port 39434 [preauth]
Jun 23 17:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Failed password for root from 192.109.200.78 port 39438 ssh2
Jun 23 17:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Connection closed by 192.109.200.78 port 39438 [preauth]
Jun 23 17:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Invalid user admin1 from 192.109.200.78
Jun 23 17:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 17:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Failed password for invalid user admin1 from 192.109.200.78 port 36350 ssh2
Jun 23 17:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Connection closed by 192.109.200.78 port 36350 [preauth]
Jun 23 17:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: Invalid user uftp from 192.109.200.78
Jun 23 17:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: input_userauth_request: invalid user uftp [preauth]
Jun 23 17:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: Failed password for invalid user uftp from 192.109.200.78 port 36358 ssh2
Jun 23 17:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: Connection closed by 192.109.200.78 port 36358 [preauth]
Jun 23 17:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: Invalid user tester from 192.109.200.78
Jun 23 17:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: input_userauth_request: invalid user tester [preauth]
Jun 23 17:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: Failed password for invalid user tester from 192.109.200.78 port 36374 ssh2
Jun 23 17:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: Connection closed by 192.109.200.78 port 36374 [preauth]
Jun 23 17:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Invalid user vm from 192.109.200.78
Jun 23 17:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: input_userauth_request: invalid user vm [preauth]
Jun 23 17:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Failed password for invalid user vm from 192.109.200.78 port 40286 ssh2
Jun 23 17:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Connection closed by 192.109.200.78 port 40286 [preauth]
Jun 23 17:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for root from 192.109.200.78 port 40296 ssh2
Jun 23 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Connection closed by 192.109.200.78 port 40296 [preauth]
Jun 23 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4527]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: User vncuser from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: input_userauth_request: invalid user vncuser [preauth]
Jun 23 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=vncuser
Jun 23 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4591]: Successful su for rubyman by root
Jun 23 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4591]: + ??? root:rubyman
Jun 23 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578617 of user rubyman.
Jun 23 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4591]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578617.
Jun 23 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Failed password for invalid user vncuser from 192.109.200.78 port 40314 ssh2
Jun 23 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session closed for user root
Jun 23 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Connection closed by 192.109.200.78 port 40314 [preauth]
Jun 23 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Invalid user labuser from 192.109.200.78
Jun 23 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: input_userauth_request: invalid user labuser [preauth]
Jun 23 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4528]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Failed password for invalid user labuser from 192.109.200.78 port 56388 ssh2
Jun 23 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Connection closed by 192.109.200.78 port 56388 [preauth]
Jun 23 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: Invalid user runner from 192.109.200.78
Jun 23 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: input_userauth_request: invalid user runner [preauth]
Jun 23 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: Failed password for invalid user runner from 192.109.200.78 port 56416 ssh2
Jun 23 17:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: Connection closed by 192.109.200.78 port 56416 [preauth]
Jun 23 17:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Invalid user x from 192.109.200.78
Jun 23 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: input_userauth_request: invalid user x [preauth]
Jun 23 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Failed password for invalid user x from 192.109.200.78 port 56432 ssh2
Jun 23 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Connection closed by 192.109.200.78 port 56432 [preauth]
Jun 23 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4910]: Invalid user master from 192.109.200.78
Jun 23 17:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4910]: input_userauth_request: invalid user master [preauth]
Jun 23 17:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4910]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4910]: Failed password for invalid user master from 192.109.200.78 port 50552 ssh2
Jun 23 17:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4910]: Connection closed by 192.109.200.78 port 50552 [preauth]
Jun 23 17:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4922]: Invalid user asterisk from 192.109.200.78
Jun 23 17:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4922]: input_userauth_request: invalid user asterisk [preauth]
Jun 23 17:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4922]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4922]: Failed password for invalid user asterisk from 192.109.200.78 port 50568 ssh2
Jun 23 17:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4922]: Connection closed by 192.109.200.78 port 50568 [preauth]
Jun 23 17:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: Invalid user admin from 192.109.200.78
Jun 23 17:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: Failed password for invalid user admin from 192.109.200.78 port 50576 ssh2
Jun 23 17:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: Connection closed by 192.109.200.78 port 50576 [preauth]
Jun 23 17:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: Failed password for root from 192.109.200.78 port 51434 ssh2
Jun 23 17:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: Connection closed by 192.109.200.78 port 51434 [preauth]
Jun 23 17:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: Invalid user admin from 91.92.40.11
Jun 23 17:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: Invalid user data from 192.109.200.78
Jun 23 17:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: input_userauth_request: invalid user data [preauth]
Jun 23 17:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: Failed password for invalid user admin from 91.92.40.11 port 55710 ssh2
Jun 23 17:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: Failed password for invalid user data from 192.109.200.78 port 51442 ssh2
Jun 23 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: Connection closed by 192.109.200.78 port 51442 [preauth]
Jun 23 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: Invalid user ftpuser from 192.109.200.78
Jun 23 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: Connection closed by 91.92.40.11 port 55710 [preauth]
Jun 23 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3431]: pam_unix(cron:session): session closed for user root
Jun 23 17:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: Failed password for invalid user ftpuser from 192.109.200.78 port 51454 ssh2
Jun 23 17:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: Connection closed by 192.109.200.78 port 51454 [preauth]
Jun 23 17:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: Invalid user bot from 192.109.200.78
Jun 23 17:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: input_userauth_request: invalid user bot [preauth]
Jun 23 17:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: Failed password for invalid user bot from 192.109.200.78 port 34330 ssh2
Jun 23 17:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: Connection closed by 192.109.200.78 port 34330 [preauth]
Jun 23 17:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Invalid user user3 from 192.109.200.78
Jun 23 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: input_userauth_request: invalid user user3 [preauth]
Jun 23 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Failed password for invalid user user3 from 192.109.200.78 port 34362 ssh2
Jun 23 17:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Connection closed by 192.109.200.78 port 34362 [preauth]
Jun 23 17:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: Invalid user oracle from 192.109.200.78
Jun 23 17:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: input_userauth_request: invalid user oracle [preauth]
Jun 23 17:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: Failed password for invalid user oracle from 192.109.200.78 port 49306 ssh2
Jun 23 17:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: Connection closed by 192.109.200.78 port 49306 [preauth]
Jun 23 17:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: Invalid user debian from 192.109.200.78
Jun 23 17:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: input_userauth_request: invalid user debian [preauth]
Jun 23 17:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: Failed password for invalid user debian from 192.109.200.78 port 49326 ssh2
Jun 23 17:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: Connection closed by 192.109.200.78 port 49326 [preauth]
Jun 23 17:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5047]: Invalid user ai from 192.109.200.78
Jun 23 17:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5047]: input_userauth_request: invalid user ai [preauth]
Jun 23 17:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5047]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5047]: Failed password for invalid user ai from 192.109.200.78 port 49356 ssh2
Jun 23 17:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5047]: Connection closed by 192.109.200.78 port 49356 [preauth]
Jun 23 17:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Invalid user rancher from 192.109.200.78
Jun 23 17:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: input_userauth_request: invalid user rancher [preauth]
Jun 23 17:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Failed password for invalid user rancher from 192.109.200.78 port 44144 ssh2
Jun 23 17:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Connection closed by 192.109.200.78 port 44144 [preauth]
Jun 23 17:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Invalid user student from 192.109.200.78
Jun 23 17:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: input_userauth_request: invalid user student [preauth]
Jun 23 17:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Failed password for invalid user student from 192.109.200.78 port 44160 ssh2
Jun 23 17:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Connection closed by 192.109.200.78 port 44160 [preauth]
Jun 23 17:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Invalid user deploy from 192.109.200.78
Jun 23 17:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Failed password for invalid user deploy from 192.109.200.78 port 44176 ssh2
Jun 23 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5076]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Connection closed by 192.109.200.78 port 44176 [preauth]
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5135]: Successful su for rubyman by root
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5135]: + ??? root:rubyman
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578621 of user rubyman.
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5135]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578621.
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: Invalid user kafka from 192.109.200.78
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: input_userauth_request: invalid user kafka [preauth]
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: Failed password for invalid user kafka from 192.109.200.78 port 39900 ssh2
Jun 23 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: Connection closed by 192.109.200.78 port 39900 [preauth]
Jun 23 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2017]: pam_unix(cron:session): session closed for user root
Jun 23 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: Invalid user customer from 192.109.200.78
Jun 23 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: input_userauth_request: invalid user customer [preauth]
Jun 23 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5077]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: Failed password for invalid user customer from 192.109.200.78 port 39914 ssh2
Jun 23 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: Connection closed by 192.109.200.78 port 39914 [preauth]
Jun 23 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: Invalid user pi from 192.109.200.78
Jun 23 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: input_userauth_request: invalid user pi [preauth]
Jun 23 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: Failed password for invalid user pi from 192.109.200.78 port 39930 ssh2
Jun 23 17:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: Connection closed by 192.109.200.78 port 39930 [preauth]
Jun 23 17:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: Invalid user frappe from 192.109.200.78
Jun 23 17:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: input_userauth_request: invalid user frappe [preauth]
Jun 23 17:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: Failed password for invalid user frappe from 192.109.200.78 port 52106 ssh2
Jun 23 17:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: Connection closed by 192.109.200.78 port 52106 [preauth]
Jun 23 17:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: Invalid user rocky from 192.109.200.78
Jun 23 17:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: input_userauth_request: invalid user rocky [preauth]
Jun 23 17:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: Failed password for invalid user rocky from 192.109.200.78 port 52116 ssh2
Jun 23 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: Connection closed by 192.109.200.78 port 52116 [preauth]
Jun 23 17:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: Invalid user private from 192.109.200.78
Jun 23 17:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: input_userauth_request: invalid user private [preauth]
Jun 23 17:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: Failed password for invalid user private from 192.109.200.78 port 52122 ssh2
Jun 23 17:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: Connection closed by 192.109.200.78 port 52122 [preauth]
Jun 23 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: Invalid user gitlab-runner from 192.109.200.78
Jun 23 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 23 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: Failed password for invalid user gitlab-runner from 192.109.200.78 port 40038 ssh2
Jun 23 17:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5390]: Connection closed by 192.109.200.78 port 40038 [preauth]
Jun 23 17:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: Invalid user tom from 192.109.200.78
Jun 23 17:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: input_userauth_request: invalid user tom [preauth]
Jun 23 17:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: Failed password for invalid user tom from 192.109.200.78 port 40048 ssh2
Jun 23 17:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: Connection closed by 192.109.200.78 port 40048 [preauth]
Jun 23 17:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Failed password for root from 192.109.200.78 port 40054 ssh2
Jun 23 17:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Connection closed by 192.109.200.78 port 40054 [preauth]
Jun 23 17:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Invalid user deploy from 192.109.200.78
Jun 23 17:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session closed for user root
Jun 23 17:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Failed password for invalid user deploy from 192.109.200.78 port 51348 ssh2
Jun 23 17:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Connection closed by 192.109.200.78 port 51348 [preauth]
Jun 23 17:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Invalid user crafty from 192.109.200.78
Jun 23 17:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: input_userauth_request: invalid user crafty [preauth]
Jun 23 17:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Failed password for invalid user crafty from 192.109.200.78 port 51352 ssh2
Jun 23 17:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Connection closed by 192.109.200.78 port 51352 [preauth]
Jun 23 17:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5460]: Invalid user postgres from 192.109.200.78
Jun 23 17:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5460]: input_userauth_request: invalid user postgres [preauth]
Jun 23 17:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5460]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5460]: Failed password for invalid user postgres from 192.109.200.78 port 51356 ssh2
Jun 23 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5460]: Connection closed by 192.109.200.78 port 51356 [preauth]
Jun 23 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Invalid user test3 from 192.109.200.78
Jun 23 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: input_userauth_request: invalid user test3 [preauth]
Jun 23 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Failed password for invalid user test3 from 192.109.200.78 port 40166 ssh2
Jun 23 17:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Connection closed by 192.109.200.78 port 40166 [preauth]
Jun 23 17:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: Invalid user claude from 192.109.200.78
Jun 23 17:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: input_userauth_request: invalid user claude [preauth]
Jun 23 17:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: Failed password for invalid user claude from 192.109.200.78 port 40176 ssh2
Jun 23 17:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: Connection closed by 192.109.200.78 port 40176 [preauth]
Jun 23 17:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Invalid user azureuser from 192.109.200.78
Jun 23 17:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 17:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Failed password for invalid user azureuser from 192.109.200.78 port 40186 ssh2
Jun 23 17:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Connection closed by 192.109.200.78 port 40186 [preauth]
Jun 23 17:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Failed password for invalid user ubuntu from 192.109.200.78 port 42010 ssh2
Jun 23 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Connection closed by 192.109.200.78 port 42010 [preauth]
Jun 23 17:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Invalid user jellyfin from 192.109.200.78
Jun 23 17:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: input_userauth_request: invalid user jellyfin [preauth]
Jun 23 17:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Failed password for invalid user jellyfin from 192.109.200.78 port 42012 ssh2
Jun 23 17:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Connection closed by 192.109.200.78 port 42012 [preauth]
Jun 23 17:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Invalid user user1 from 192.109.200.78
Jun 23 17:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: input_userauth_request: invalid user user1 [preauth]
Jun 23 17:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Invalid user admin from 91.92.40.11
Jun 23 17:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5528]: pam_unix(cron:session): session closed for user root
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5523]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Failed password for invalid user user1 from 192.109.200.78 port 42018 ssh2
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Connection closed by 192.109.200.78 port 42018 [preauth]
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5592]: Successful su for rubyman by root
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5592]: + ??? root:rubyman
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578626 of user rubyman.
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5592]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578626.
Jun 23 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Failed password for invalid user admin from 91.92.40.11 port 52910 ssh2
Jun 23 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Invalid user master from 192.109.200.78
Jun 23 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: input_userauth_request: invalid user master [preauth]
Jun 23 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Connection closed by 91.92.40.11 port 52910 [preauth]
Jun 23 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5525]: pam_unix(cron:session): session closed for user root
Jun 23 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2504]: pam_unix(cron:session): session closed for user root
Jun 23 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Failed password for invalid user master from 192.109.200.78 port 39202 ssh2
Jun 23 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Connection closed by 192.109.200.78 port 39202 [preauth]
Jun 23 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Invalid user jack from 192.109.200.78
Jun 23 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: input_userauth_request: invalid user jack [preauth]
Jun 23 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5524]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Failed password for invalid user jack from 192.109.200.78 port 39224 ssh2
Jun 23 17:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Connection closed by 192.109.200.78 port 39224 [preauth]
Jun 23 17:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: Invalid user testuser from 192.109.200.78
Jun 23 17:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: input_userauth_request: invalid user testuser [preauth]
Jun 23 17:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: Failed password for invalid user testuser from 192.109.200.78 port 39242 ssh2
Jun 23 17:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: Connection closed by 192.109.200.78 port 39242 [preauth]
Jun 23 17:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5807]: Invalid user git from 192.109.200.78
Jun 23 17:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5807]: input_userauth_request: invalid user git [preauth]
Jun 23 17:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5807]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5807]: Failed password for invalid user git from 192.109.200.78 port 52924 ssh2
Jun 23 17:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5807]: Connection closed by 192.109.200.78 port 52924 [preauth]
Jun 23 17:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: Invalid user bot from 192.109.200.78
Jun 23 17:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: input_userauth_request: invalid user bot [preauth]
Jun 23 17:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: Failed password for invalid user bot from 192.109.200.78 port 52928 ssh2
Jun 23 17:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: Connection closed by 192.109.200.78 port 52928 [preauth]
Jun 23 17:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: Failed password for root from 192.109.200.78 port 52938 ssh2
Jun 23 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: Connection closed by 192.109.200.78 port 52938 [preauth]
Jun 23 17:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: Invalid user steam from 192.109.200.78
Jun 23 17:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: input_userauth_request: invalid user steam [preauth]
Jun 23 17:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: Failed password for invalid user steam from 192.109.200.78 port 39782 ssh2
Jun 23 17:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: Connection closed by 192.109.200.78 port 39782 [preauth]
Jun 23 17:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: Invalid user rdpuser from 192.109.200.78
Jun 23 17:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 17:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: Failed password for invalid user rdpuser from 192.109.200.78 port 39798 ssh2
Jun 23 17:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: Connection closed by 192.109.200.78 port 39798 [preauth]
Jun 23 17:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: Invalid user lin from 192.109.200.78
Jun 23 17:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: input_userauth_request: invalid user lin [preauth]
Jun 23 17:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: Failed password for invalid user lin from 192.109.200.78 port 39808 ssh2
Jun 23 17:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: Connection closed by 192.109.200.78 port 39808 [preauth]
Jun 23 17:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Invalid user kingbase from 192.109.200.78
Jun 23 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: input_userauth_request: invalid user kingbase [preauth]
Jun 23 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4530]: pam_unix(cron:session): session closed for user root
Jun 23 17:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Failed password for invalid user kingbase from 192.109.200.78 port 41544 ssh2
Jun 23 17:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Connection closed by 192.109.200.78 port 41544 [preauth]
Jun 23 17:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: Connection closed by 194.59.206.2 port 49520 [preauth]
Jun 23 17:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: Failed password for root from 192.109.200.78 port 41558 ssh2
Jun 23 17:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: Connection closed by 192.109.200.78 port 41558 [preauth]
Jun 23 17:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Invalid user vpn from 192.109.200.78
Jun 23 17:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: input_userauth_request: invalid user vpn [preauth]
Jun 23 17:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Failed password for invalid user vpn from 192.109.200.78 port 41568 ssh2
Jun 23 17:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Connection closed by 192.109.200.78 port 41568 [preauth]
Jun 23 17:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: User mysql from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: input_userauth_request: invalid user mysql [preauth]
Jun 23 17:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=mysql
Jun 23 17:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Failed password for invalid user mysql from 192.109.200.78 port 41072 ssh2
Jun 23 17:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Connection closed by 192.109.200.78 port 41072 [preauth]
Jun 23 17:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Invalid user test from 192.109.200.78
Jun 23 17:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: input_userauth_request: invalid user test [preauth]
Jun 23 17:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Failed password for invalid user test from 192.109.200.78 port 41086 ssh2
Jun 23 17:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Connection closed by 192.109.200.78 port 41086 [preauth]
Jun 23 17:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Invalid user myuser from 192.109.200.78
Jun 23 17:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: input_userauth_request: invalid user myuser [preauth]
Jun 23 17:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Failed password for invalid user myuser from 192.109.200.78 port 41098 ssh2
Jun 23 17:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Connection closed by 192.109.200.78 port 41098 [preauth]
Jun 23 17:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: Failed password for root from 192.109.200.78 port 50104 ssh2
Jun 23 17:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: Connection closed by 192.109.200.78 port 50104 [preauth]
Jun 23 17:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: Invalid user lighthouse from 192.109.200.78
Jun 23 17:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: input_userauth_request: invalid user lighthouse [preauth]
Jun 23 17:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: Failed password for invalid user lighthouse from 192.109.200.78 port 50108 ssh2
Jun 23 17:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: Connection closed by 192.109.200.78 port 50108 [preauth]
Jun 23 17:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Invalid user newuser from 192.109.200.78
Jun 23 17:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: input_userauth_request: invalid user newuser [preauth]
Jun 23 17:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Failed password for invalid user newuser from 192.109.200.78 port 50118 ssh2
Jun 23 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Connection closed by 192.109.200.78 port 50118 [preauth]
Jun 23 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: Successful su for rubyman by root
Jun 23 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: + ??? root:rubyman
Jun 23 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578631 of user rubyman.
Jun 23 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578631.
Jun 23 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: Invalid user es from 192.109.200.78
Jun 23 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: input_userauth_request: invalid user es [preauth]
Jun 23 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2967]: pam_unix(cron:session): session closed for user root
Jun 23 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: Failed password for invalid user es from 192.109.200.78 port 47308 ssh2
Jun 23 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: Connection closed by 192.109.200.78 port 47308 [preauth]
Jun 23 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Invalid user developer from 192.109.200.78
Jun 23 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: input_userauth_request: invalid user developer [preauth]
Jun 23 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Failed password for invalid user developer from 192.109.200.78 port 47320 ssh2
Jun 23 17:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Connection closed by 192.109.200.78 port 47320 [preauth]
Jun 23 17:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Invalid user test1 from 192.109.200.78
Jun 23 17:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: input_userauth_request: invalid user test1 [preauth]
Jun 23 17:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Failed password for invalid user test1 from 192.109.200.78 port 47336 ssh2
Jun 23 17:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Connection closed by 192.109.200.78 port 47336 [preauth]
Jun 23 17:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Failed password for root from 192.109.200.78 port 60274 ssh2
Jun 23 17:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Connection closed by 192.109.200.78 port 60274 [preauth]
Jun 23 17:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Invalid user sysupdate from 192.109.200.78
Jun 23 17:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: input_userauth_request: invalid user sysupdate [preauth]
Jun 23 17:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Failed password for invalid user sysupdate from 192.109.200.78 port 60290 ssh2
Jun 23 17:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Connection closed by 192.109.200.78 port 60290 [preauth]
Jun 23 17:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: Failed password for root from 192.109.200.78 port 60312 ssh2
Jun 23 17:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: Connection closed by 192.109.200.78 port 60312 [preauth]
Jun 23 17:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 17:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Invalid user nagios from 192.109.200.78
Jun 23 17:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: input_userauth_request: invalid user nagios [preauth]
Jun 23 17:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6287]: Failed password for root from 38.93.206.2 port 24506 ssh2
Jun 23 17:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6287]: Connection closed by 38.93.206.2 port 24506 [preauth]
Jun 23 17:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Failed password for invalid user nagios from 192.109.200.78 port 39546 ssh2
Jun 23 17:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Connection closed by 192.109.200.78 port 39546 [preauth]
Jun 23 17:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Invalid user dev from 192.109.200.78
Jun 23 17:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: input_userauth_request: invalid user dev [preauth]
Jun 23 17:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Invalid user admin from 91.92.40.11
Jun 23 17:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Failed password for invalid user dev from 192.109.200.78 port 39564 ssh2
Jun 23 17:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Connection closed by 192.109.200.78 port 39564 [preauth]
Jun 23 17:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Invalid user git from 192.109.200.78
Jun 23 17:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: input_userauth_request: invalid user git [preauth]
Jun 23 17:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Failed password for invalid user admin from 91.92.40.11 port 59580 ssh2
Jun 23 17:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Connection closed by 91.92.40.11 port 59580 [preauth]
Jun 23 17:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Failed password for invalid user git from 192.109.200.78 port 39588 ssh2
Jun 23 17:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Connection closed by 192.109.200.78 port 39588 [preauth]
Jun 23 17:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Invalid user linuxuser from 192.109.200.78
Jun 23 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: input_userauth_request: invalid user linuxuser [preauth]
Jun 23 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5079]: pam_unix(cron:session): session closed for user root
Jun 23 17:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Failed password for invalid user linuxuser from 192.109.200.78 port 55942 ssh2
Jun 23 17:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Connection closed by 192.109.200.78 port 55942 [preauth]
Jun 23 17:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: Failed password for invalid user ubuntu from 192.109.200.78 port 55958 ssh2
Jun 23 17:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: Connection closed by 192.109.200.78 port 55958 [preauth]
Jun 23 17:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for root from 192.109.200.78 port 55974 ssh2
Jun 23 17:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Connection closed by 192.109.200.78 port 55974 [preauth]
Jun 23 17:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Invalid user jellyfin from 192.109.200.78
Jun 23 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: input_userauth_request: invalid user jellyfin [preauth]
Jun 23 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Failed password for invalid user jellyfin from 192.109.200.78 port 39386 ssh2
Jun 23 17:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Connection closed by 192.109.200.78 port 39386 [preauth]
Jun 23 17:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Failed password for root from 192.109.200.78 port 39396 ssh2
Jun 23 17:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Connection closed by 192.109.200.78 port 39396 [preauth]
Jun 23 17:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: Invalid user aiuser from 192.109.200.78
Jun 23 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: input_userauth_request: invalid user aiuser [preauth]
Jun 23 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: Failed password for invalid user aiuser from 192.109.200.78 port 39410 ssh2
Jun 23 17:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: Connection closed by 192.109.200.78 port 39410 [preauth]
Jun 23 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: User vncuser from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: input_userauth_request: invalid user vncuser [preauth]
Jun 23 17:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=vncuser
Jun 23 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: Failed password for invalid user vncuser from 192.109.200.78 port 42136 ssh2
Jun 23 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: Connection closed by 192.109.200.78 port 42136 [preauth]
Jun 23 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: Invalid user chenxi from 192.109.200.78
Jun 23 17:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: input_userauth_request: invalid user chenxi [preauth]
Jun 23 17:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: Failed password for invalid user chenxi from 192.109.200.78 port 42150 ssh2
Jun 23 17:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: Connection closed by 192.109.200.78 port 42150 [preauth]
Jun 23 17:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: Invalid user gns3 from 192.109.200.78
Jun 23 17:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: input_userauth_request: invalid user gns3 [preauth]
Jun 23 17:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6424]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6484]: Successful su for rubyman by root
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6484]: + ??? root:rubyman
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578635 of user rubyman.
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6484]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578635.
Jun 23 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: Failed password for invalid user gns3 from 192.109.200.78 port 42154 ssh2
Jun 23 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6421]: Connection closed by 192.109.200.78 port 42154 [preauth]
Jun 23 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3430]: pam_unix(cron:session): session closed for user root
Jun 23 17:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6425]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for invalid user ubuntu from 192.109.200.78 port 42484 ssh2
Jun 23 17:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Connection closed by 192.109.200.78 port 42484 [preauth]
Jun 23 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: Invalid user ai from 192.109.200.78
Jun 23 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: input_userauth_request: invalid user ai [preauth]
Jun 23 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: Failed password for invalid user ai from 192.109.200.78 port 42510 ssh2
Jun 23 17:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: Connection closed by 192.109.200.78 port 42510 [preauth]
Jun 23 17:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: Invalid user admin1 from 192.109.200.78
Jun 23 17:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 17:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: Failed password for invalid user admin1 from 192.109.200.78 port 42524 ssh2
Jun 23 17:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6672]: Connection closed by 192.109.200.78 port 42524 [preauth]
Jun 23 17:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Failed password for root from 192.109.200.78 port 49024 ssh2
Jun 23 17:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Connection closed by 192.109.200.78 port 49024 [preauth]
Jun 23 17:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Invalid user kingbase from 192.109.200.78
Jun 23 17:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: input_userauth_request: invalid user kingbase [preauth]
Jun 23 17:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Failed password for invalid user kingbase from 192.109.200.78 port 49030 ssh2
Jun 23 17:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Connection closed by 192.109.200.78 port 49030 [preauth]
Jun 23 17:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Invalid user teamspeak from 192.109.200.78
Jun 23 17:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 17:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Failed password for invalid user teamspeak from 192.109.200.78 port 49044 ssh2
Jun 23 17:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Connection closed by 192.109.200.78 port 49044 [preauth]
Jun 23 17:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Invalid user jack from 192.109.200.78
Jun 23 17:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: input_userauth_request: invalid user jack [preauth]
Jun 23 17:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Failed password for invalid user jack from 192.109.200.78 port 41038 ssh2
Jun 23 17:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Connection closed by 192.109.200.78 port 41038 [preauth]
Jun 23 17:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Invalid user daniel from 192.109.200.78
Jun 23 17:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: input_userauth_request: invalid user daniel [preauth]
Jun 23 17:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Failed password for invalid user daniel from 192.109.200.78 port 41052 ssh2
Jun 23 17:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Connection closed by 192.109.200.78 port 41052 [preauth]
Jun 23 17:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Invalid user pi from 192.109.200.78
Jun 23 17:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: input_userauth_request: invalid user pi [preauth]
Jun 23 17:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Failed password for invalid user pi from 192.109.200.78 port 41068 ssh2
Jun 23 17:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Connection closed by 192.109.200.78 port 41068 [preauth]
Jun 23 17:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Invalid user mcserver from 192.109.200.78
Jun 23 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: input_userauth_request: invalid user mcserver [preauth]
Jun 23 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5527]: pam_unix(cron:session): session closed for user root
Jun 23 17:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Failed password for invalid user mcserver from 192.109.200.78 port 58612 ssh2
Jun 23 17:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Connection closed by 192.109.200.78 port 58612 [preauth]
Jun 23 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Invalid user openvpn from 192.109.200.78
Jun 23 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: input_userauth_request: invalid user openvpn [preauth]
Jun 23 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Failed password for invalid user openvpn from 192.109.200.78 port 58622 ssh2
Jun 23 17:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Connection closed by 192.109.200.78 port 58622 [preauth]
Jun 23 17:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Invalid user media from 192.109.200.78
Jun 23 17:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: input_userauth_request: invalid user media [preauth]
Jun 23 17:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Failed password for invalid user media from 192.109.200.78 port 58624 ssh2
Jun 23 17:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Connection closed by 192.109.200.78 port 58624 [preauth]
Jun 23 17:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: Invalid user tomcat from 192.109.200.78
Jun 23 17:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: input_userauth_request: invalid user tomcat [preauth]
Jun 23 17:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: Failed password for invalid user tomcat from 192.109.200.78 port 36988 ssh2
Jun 23 17:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: Connection closed by 192.109.200.78 port 36988 [preauth]
Jun 23 17:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Invalid user user from 192.109.200.78
Jun 23 17:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: input_userauth_request: invalid user user [preauth]
Jun 23 17:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Failed password for invalid user user from 192.109.200.78 port 37000 ssh2
Jun 23 17:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Connection closed by 192.109.200.78 port 37000 [preauth]
Jun 23 17:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Invalid user dev from 192.109.200.78
Jun 23 17:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: input_userauth_request: invalid user dev [preauth]
Jun 23 17:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Failed password for invalid user dev from 192.109.200.78 port 37016 ssh2
Jun 23 17:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Connection closed by 192.109.200.78 port 37016 [preauth]
Jun 23 17:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Invalid user www from 192.109.200.78
Jun 23 17:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: input_userauth_request: invalid user www [preauth]
Jun 23 17:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Failed password for invalid user www from 192.109.200.78 port 36878 ssh2
Jun 23 17:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Connection closed by 192.109.200.78 port 36878 [preauth]
Jun 23 17:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Invalid user calvin from 192.109.200.78
Jun 23 17:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: input_userauth_request: invalid user calvin [preauth]
Jun 23 17:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: Invalid user admin from 91.92.40.11
Jun 23 17:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for invalid user calvin from 192.109.200.78 port 36886 ssh2
Jun 23 17:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Connection closed by 192.109.200.78 port 36886 [preauth]
Jun 23 17:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: Failed password for invalid user admin from 91.92.40.11 port 41032 ssh2
Jun 23 17:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6857]: Connection closed by 91.92.40.11 port 41032 [preauth]
Jun 23 17:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: Invalid user rocky from 192.109.200.78
Jun 23 17:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: input_userauth_request: invalid user rocky [preauth]
Jun 23 17:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6871]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6937]: Successful su for rubyman by root
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6937]: + ??? root:rubyman
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578640 of user rubyman.
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6937]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578640.
Jun 23 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: Failed password for invalid user rocky from 192.109.200.78 port 36898 ssh2
Jun 23 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: Connection closed by 192.109.200.78 port 36898 [preauth]
Jun 23 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4076]: pam_unix(cron:session): session closed for user root
Jun 23 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6872]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Failed password for root from 192.109.200.78 port 36614 ssh2
Jun 23 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Connection closed by 192.109.200.78 port 36614 [preauth]
Jun 23 17:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: Failed password for root from 192.109.200.78 port 36638 ssh2
Jun 23 17:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: Connection closed by 192.109.200.78 port 36638 [preauth]
Jun 23 17:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: Invalid user jakob from 192.109.200.78
Jun 23 17:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: input_userauth_request: invalid user jakob [preauth]
Jun 23 17:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: Failed password for invalid user jakob from 192.109.200.78 port 36662 ssh2
Jun 23 17:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: Connection closed by 192.109.200.78 port 36662 [preauth]
Jun 23 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Invalid user user from 192.109.200.78
Jun 23 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: input_userauth_request: invalid user user [preauth]
Jun 23 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Failed password for invalid user user from 192.109.200.78 port 51602 ssh2
Jun 23 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Connection closed by 192.109.200.78 port 51602 [preauth]
Jun 23 17:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Invalid user blue from 181.188.148.74
Jun 23 17:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: input_userauth_request: invalid user blue [preauth]
Jun 23 17:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: Failed password for root from 192.109.200.78 port 51622 ssh2
Jun 23 17:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: Connection closed by 192.109.200.78 port 51622 [preauth]
Jun 23 17:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Failed password for invalid user blue from 181.188.148.74 port 32834 ssh2
Jun 23 17:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Received disconnect from 181.188.148.74 port 32834:11: Bye Bye [preauth]
Jun 23 17:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Disconnected from 181.188.148.74 port 32834 [preauth]
Jun 23 17:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Failed password for root from 192.109.200.78 port 51644 ssh2
Jun 23 17:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Connection closed by 192.109.200.78 port 51644 [preauth]
Jun 23 17:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7268]: Invalid user rancher from 192.109.200.78
Jun 23 17:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7268]: input_userauth_request: invalid user rancher [preauth]
Jun 23 17:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7268]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7268]: Failed password for invalid user rancher from 192.109.200.78 port 44136 ssh2
Jun 23 17:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7268]: Connection closed by 192.109.200.78 port 44136 [preauth]
Jun 23 17:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: Failed password for root from 192.109.200.78 port 44144 ssh2
Jun 23 17:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: Connection closed by 192.109.200.78 port 44144 [preauth]
Jun 23 17:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: Invalid user david from 192.109.200.78
Jun 23 17:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: input_userauth_request: invalid user david [preauth]
Jun 23 17:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: Failed password for invalid user david from 192.109.200.78 port 44150 ssh2
Jun 23 17:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: Connection closed by 192.109.200.78 port 44150 [preauth]
Jun 23 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Invalid user elasticsearch from 192.109.200.78
Jun 23 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session closed for user root
Jun 23 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Failed password for invalid user elasticsearch from 192.109.200.78 port 33230 ssh2
Jun 23 17:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Connection closed by 192.109.200.78 port 33230 [preauth]
Jun 23 17:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Received disconnect from 5.161.101.51 port 35038:11: disconnected by user [preauth]
Jun 23 17:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Disconnected from 5.161.101.51 port 35038 [preauth]
Jun 23 17:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Failed password for root from 192.109.200.78 port 33244 ssh2
Jun 23 17:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Connection closed by 192.109.200.78 port 33244 [preauth]
Jun 23 17:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: Invalid user steam from 192.109.200.78
Jun 23 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: input_userauth_request: invalid user steam [preauth]
Jun 23 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: Failed password for invalid user steam from 192.109.200.78 port 33260 ssh2
Jun 23 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: Connection closed by 192.109.200.78 port 33260 [preauth]
Jun 23 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Invalid user claude from 192.109.200.78
Jun 23 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: input_userauth_request: invalid user claude [preauth]
Jun 23 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Failed password for invalid user claude from 192.109.200.78 port 34464 ssh2
Jun 23 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Connection closed by 192.109.200.78 port 34464 [preauth]
Jun 23 17:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Invalid user test from 192.109.200.78
Jun 23 17:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: input_userauth_request: invalid user test [preauth]
Jun 23 17:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Failed password for invalid user test from 192.109.200.78 port 34480 ssh2
Jun 23 17:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Connection closed by 192.109.200.78 port 34480 [preauth]
Jun 23 17:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Invalid user admin from 192.109.200.78
Jun 23 17:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Failed password for invalid user admin from 192.109.200.78 port 34494 ssh2
Jun 23 17:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Connection closed by 192.109.200.78 port 34494 [preauth]
Jun 23 17:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Invalid user root1 from 192.109.200.78
Jun 23 17:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: input_userauth_request: invalid user root1 [preauth]
Jun 23 17:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Failed password for invalid user root1 from 192.109.200.78 port 60850 ssh2
Jun 23 17:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Connection closed by 192.109.200.78 port 60850 [preauth]
Jun 23 17:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: Invalid user alex from 192.109.200.78
Jun 23 17:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: input_userauth_request: invalid user alex [preauth]
Jun 23 17:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: Failed password for invalid user alex from 192.109.200.78 port 60890 ssh2
Jun 23 17:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: Connection closed by 192.109.200.78 port 60890 [preauth]
Jun 23 17:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7415]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: Successful su for rubyman by root
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: + ??? root:rubyman
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578645 of user rubyman.
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578645.
Jun 23 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: Failed password for root from 192.109.200.78 port 60906 ssh2
Jun 23 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: Connection closed by 192.109.200.78 port 60906 [preauth]
Jun 23 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: Invalid user alex from 192.109.200.78
Jun 23 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: input_userauth_request: invalid user alex [preauth]
Jun 23 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4529]: pam_unix(cron:session): session closed for user root
Jun 23 17:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7416]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: Failed password for invalid user alex from 192.109.200.78 port 34816 ssh2
Jun 23 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7579]: Connection closed by 192.109.200.78 port 34816 [preauth]
Jun 23 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Invalid user main from 192.109.200.78
Jun 23 17:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: input_userauth_request: invalid user main [preauth]
Jun 23 17:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for invalid user main from 192.109.200.78 port 34820 ssh2
Jun 23 17:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Connection closed by 192.109.200.78 port 34820 [preauth]
Jun 23 17:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Invalid user debian from 192.109.200.78
Jun 23 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: input_userauth_request: invalid user debian [preauth]
Jun 23 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Failed password for invalid user debian from 192.109.200.78 port 34830 ssh2
Jun 23 17:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Connection closed by 192.109.200.78 port 34830 [preauth]
Jun 23 17:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: Invalid user appuser from 192.109.200.78
Jun 23 17:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: input_userauth_request: invalid user appuser [preauth]
Jun 23 17:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: Failed password for invalid user appuser from 192.109.200.78 port 40270 ssh2
Jun 23 17:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: Connection closed by 192.109.200.78 port 40270 [preauth]
Jun 23 17:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Invalid user solana from 192.109.200.78
Jun 23 17:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: input_userauth_request: invalid user solana [preauth]
Jun 23 17:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Failed password for invalid user solana from 192.109.200.78 port 40280 ssh2
Jun 23 17:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Connection closed by 192.109.200.78 port 40280 [preauth]
Jun 23 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: Invalid user sonar from 192.109.200.78
Jun 23 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: input_userauth_request: invalid user sonar [preauth]
Jun 23 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: Failed password for invalid user sonar from 192.109.200.78 port 40290 ssh2
Jun 23 17:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: Connection closed by 192.109.200.78 port 40290 [preauth]
Jun 23 17:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Invalid user oracle from 192.109.200.78
Jun 23 17:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: input_userauth_request: invalid user oracle [preauth]
Jun 23 17:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Failed password for invalid user oracle from 192.109.200.78 port 37458 ssh2
Jun 23 17:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Connection closed by 192.109.200.78 port 37458 [preauth]
Jun 23 17:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Invalid user test from 192.109.200.78
Jun 23 17:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: input_userauth_request: invalid user test [preauth]
Jun 23 17:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7834]: Invalid user admin from 91.92.40.11
Jun 23 17:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7834]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Failed password for invalid user test from 192.109.200.78 port 37466 ssh2
Jun 23 17:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7834]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Connection closed by 192.109.200.78 port 37466 [preauth]
Jun 23 17:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7834]: Failed password for invalid user admin from 91.92.40.11 port 36532 ssh2
Jun 23 17:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7834]: Connection closed by 91.92.40.11 port 36532 [preauth]
Jun 23 17:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6427]: pam_unix(cron:session): session closed for user root
Jun 23 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: Failed password for invalid user ubuntu from 192.109.200.78 port 37492 ssh2
Jun 23 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7836]: Connection closed by 192.109.200.78 port 37492 [preauth]
Jun 23 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Invalid user crafty from 192.109.200.78
Jun 23 17:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: input_userauth_request: invalid user crafty [preauth]
Jun 23 17:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Failed password for invalid user crafty from 192.109.200.78 port 57730 ssh2
Jun 23 17:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Connection closed by 192.109.200.78 port 57730 [preauth]
Jun 23 17:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: Invalid user jay from 192.109.200.78
Jun 23 17:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: input_userauth_request: invalid user jay [preauth]
Jun 23 17:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: Failed password for invalid user jay from 192.109.200.78 port 57746 ssh2
Jun 23 17:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: Connection closed by 192.109.200.78 port 57746 [preauth]
Jun 23 17:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: Failed password for root from 192.109.200.78 port 57774 ssh2
Jun 23 17:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: Connection closed by 192.109.200.78 port 57774 [preauth]
Jun 23 17:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: Invalid user gary from 192.109.200.78
Jun 23 17:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: input_userauth_request: invalid user gary [preauth]
Jun 23 17:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: Failed password for invalid user gary from 192.109.200.78 port 56462 ssh2
Jun 23 17:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: Connection closed by 192.109.200.78 port 56462 [preauth]
Jun 23 17:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: Invalid user alex from 192.109.200.78
Jun 23 17:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: input_userauth_request: invalid user alex [preauth]
Jun 23 17:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: Failed password for invalid user alex from 192.109.200.78 port 56466 ssh2
Jun 23 17:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: Connection closed by 192.109.200.78 port 56466 [preauth]
Jun 23 17:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Invalid user operator from 192.109.200.78
Jun 23 17:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: input_userauth_request: invalid user operator [preauth]
Jun 23 17:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Failed password for invalid user operator from 192.109.200.78 port 56476 ssh2
Jun 23 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Connection closed by 192.109.200.78 port 56476 [preauth]
Jun 23 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Invalid user guest from 192.109.200.78
Jun 23 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: input_userauth_request: invalid user guest [preauth]
Jun 23 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Failed password for invalid user guest from 192.109.200.78 port 43704 ssh2
Jun 23 17:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Connection closed by 192.109.200.78 port 43704 [preauth]
Jun 23 17:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: Invalid user guest from 192.109.200.78
Jun 23 17:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: input_userauth_request: invalid user guest [preauth]
Jun 23 17:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: Failed password for invalid user guest from 192.109.200.78 port 43722 ssh2
Jun 23 17:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: Connection closed by 192.109.200.78 port 43722 [preauth]
Jun 23 17:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7942]: pam_unix(cron:session): session closed for user root
Jun 23 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8005]: Successful su for rubyman by root
Jun 23 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8005]: + ??? root:rubyman
Jun 23 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578647 of user rubyman.
Jun 23 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8005]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578647.
Jun 23 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7934]: Failed password for root from 192.109.200.78 port 43736 ssh2
Jun 23 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7934]: Connection closed by 192.109.200.78 port 43736 [preauth]
Jun 23 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7939]: pam_unix(cron:session): session closed for user root
Jun 23 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: Invalid user git from 192.109.200.78
Jun 23 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: input_userauth_request: invalid user git [preauth]
Jun 23 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5078]: pam_unix(cron:session): session closed for user root
Jun 23 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: Failed password for invalid user git from 192.109.200.78 port 46370 ssh2
Jun 23 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: Connection closed by 192.109.200.78 port 46370 [preauth]
Jun 23 17:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Invalid user odoo from 192.109.200.78
Jun 23 17:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: input_userauth_request: invalid user odoo [preauth]
Jun 23 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Failed password for invalid user odoo from 192.109.200.78 port 46388 ssh2
Jun 23 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Connection closed by 192.109.200.78 port 46388 [preauth]
Jun 23 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Invalid user appuser from 192.109.200.78
Jun 23 17:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: input_userauth_request: invalid user appuser [preauth]
Jun 23 17:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Failed password for invalid user appuser from 192.109.200.78 port 46406 ssh2
Jun 23 17:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Connection closed by 192.109.200.78 port 46406 [preauth]
Jun 23 17:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: Invalid user agent from 192.109.200.78
Jun 23 17:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: input_userauth_request: invalid user agent [preauth]
Jun 23 17:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: Failed password for invalid user agent from 192.109.200.78 port 56400 ssh2
Jun 23 17:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8236]: Connection closed by 192.109.200.78 port 56400 [preauth]
Jun 23 17:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: Invalid user work from 192.109.200.78
Jun 23 17:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: input_userauth_request: invalid user work [preauth]
Jun 23 17:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: Failed password for invalid user work from 192.109.200.78 port 56410 ssh2
Jun 23 17:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: Connection closed by 192.109.200.78 port 56410 [preauth]
Jun 23 17:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: Invalid user claude from 192.109.200.78
Jun 23 17:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: input_userauth_request: invalid user claude [preauth]
Jun 23 17:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: Failed password for invalid user claude from 192.109.200.78 port 56414 ssh2
Jun 23 17:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: Connection closed by 192.109.200.78 port 56414 [preauth]
Jun 23 17:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: Invalid user frappe from 192.109.200.78
Jun 23 17:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: input_userauth_request: invalid user frappe [preauth]
Jun 23 17:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: Failed password for invalid user frappe from 192.109.200.78 port 42042 ssh2
Jun 23 17:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: Connection closed by 192.109.200.78 port 42042 [preauth]
Jun 23 17:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Invalid user claude from 192.109.200.78
Jun 23 17:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: input_userauth_request: invalid user claude [preauth]
Jun 23 17:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Failed password for invalid user claude from 192.109.200.78 port 42048 ssh2
Jun 23 17:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Connection closed by 192.109.200.78 port 42048 [preauth]
Jun 23 17:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: Invalid user node from 192.109.200.78
Jun 23 17:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: input_userauth_request: invalid user node [preauth]
Jun 23 17:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: Failed password for invalid user node from 192.109.200.78 port 42056 ssh2
Jun 23 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6874]: pam_unix(cron:session): session closed for user root
Jun 23 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: Connection closed by 192.109.200.78 port 42056 [preauth]
Jun 23 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Invalid user neptune from 192.109.200.78
Jun 23 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: input_userauth_request: invalid user neptune [preauth]
Jun 23 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Failed password for invalid user neptune from 192.109.200.78 port 46470 ssh2
Jun 23 17:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Connection closed by 192.109.200.78 port 46470 [preauth]
Jun 23 17:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Invalid user ftpuser from 192.109.200.78
Jun 23 17:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 17:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Failed password for invalid user ftpuser from 192.109.200.78 port 46474 ssh2
Jun 23 17:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Connection closed by 192.109.200.78 port 46474 [preauth]
Jun 23 17:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8332]: Failed password for root from 192.109.200.78 port 46476 ssh2
Jun 23 17:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8332]: Connection closed by 192.109.200.78 port 46476 [preauth]
Jun 23 17:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Invalid user gpadmin from 192.109.200.78
Jun 23 17:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: input_userauth_request: invalid user gpadmin [preauth]
Jun 23 17:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Failed password for invalid user gpadmin from 192.109.200.78 port 47856 ssh2
Jun 23 17:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Connection closed by 192.109.200.78 port 47856 [preauth]
Jun 23 17:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: Invalid user cloud from 192.109.200.78
Jun 23 17:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: input_userauth_request: invalid user cloud [preauth]
Jun 23 17:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: Failed password for invalid user cloud from 192.109.200.78 port 47872 ssh2
Jun 23 17:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: Connection closed by 192.109.200.78 port 47872 [preauth]
Jun 23 17:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Invalid user admin from 192.109.200.78
Jun 23 17:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8371]: Invalid user cards from 181.188.148.74
Jun 23 17:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8371]: input_userauth_request: invalid user cards [preauth]
Jun 23 17:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8371]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Failed password for invalid user admin from 192.109.200.78 port 47876 ssh2
Jun 23 17:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Connection closed by 192.109.200.78 port 47876 [preauth]
Jun 23 17:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8371]: Failed password for invalid user cards from 181.188.148.74 port 59988 ssh2
Jun 23 17:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8371]: Received disconnect from 181.188.148.74 port 59988:11: Bye Bye [preauth]
Jun 23 17:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8371]: Disconnected from 181.188.148.74 port 59988 [preauth]
Jun 23 17:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: Invalid user test from 192.109.200.78
Jun 23 17:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: input_userauth_request: invalid user test [preauth]
Jun 23 17:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: Failed password for invalid user test from 192.109.200.78 port 47372 ssh2
Jun 23 17:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: Connection closed by 192.109.200.78 port 47372 [preauth]
Jun 23 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8383]: Invalid user odoo16 from 192.109.200.78
Jun 23 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8383]: input_userauth_request: invalid user odoo16 [preauth]
Jun 23 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8383]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8383]: Failed password for invalid user odoo16 from 192.109.200.78 port 47382 ssh2
Jun 23 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8383]: Connection closed by 192.109.200.78 port 47382 [preauth]
Jun 23 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8402]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: Invalid user admin from 91.92.40.11
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: Invalid user user from 192.109.200.78
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: input_userauth_request: invalid user user [preauth]
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: Successful su for rubyman by root
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: + ??? root:rubyman
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578654 of user rubyman.
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578654.
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: Failed password for invalid user admin from 91.92.40.11 port 60904 ssh2
Jun 23 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: Failed password for invalid user user from 192.109.200.78 port 47386 ssh2
Jun 23 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: Connection closed by 192.109.200.78 port 47386 [preauth]
Jun 23 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: Connection closed by 91.92.40.11 port 60904 [preauth]
Jun 23 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Invalid user odoo14 from 192.109.200.78
Jun 23 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: input_userauth_request: invalid user odoo14 [preauth]
Jun 23 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5526]: pam_unix(cron:session): session closed for user root
Jun 23 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8403]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Failed password for invalid user odoo14 from 192.109.200.78 port 33470 ssh2
Jun 23 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Connection closed by 192.109.200.78 port 33470 [preauth]
Jun 23 17:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Invalid user jenkins from 192.109.200.78
Jun 23 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Failed password for invalid user jenkins from 192.109.200.78 port 33478 ssh2
Jun 23 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Connection closed by 192.109.200.78 port 33478 [preauth]
Jun 23 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: Invalid user admin from 192.109.200.78
Jun 23 17:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: Failed password for invalid user admin from 192.109.200.78 port 33480 ssh2
Jun 23 17:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: Connection closed by 192.109.200.78 port 33480 [preauth]
Jun 23 17:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: Invalid user demo from 192.109.200.78
Jun 23 17:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: input_userauth_request: invalid user demo [preauth]
Jun 23 17:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: Failed password for invalid user demo from 192.109.200.78 port 36420 ssh2
Jun 23 17:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: Connection closed by 192.109.200.78 port 36420 [preauth]
Jun 23 17:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: Invalid user ranga from 192.109.200.78
Jun 23 17:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: input_userauth_request: invalid user ranga [preauth]
Jun 23 17:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: Failed password for invalid user ranga from 192.109.200.78 port 36436 ssh2
Jun 23 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8693]: Connection closed by 192.109.200.78 port 36436 [preauth]
Jun 23 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Invalid user amine from 192.109.200.78
Jun 23 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: input_userauth_request: invalid user amine [preauth]
Jun 23 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Failed password for invalid user amine from 192.109.200.78 port 36458 ssh2
Jun 23 17:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Connection closed by 192.109.200.78 port 36458 [preauth]
Jun 23 17:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Failed password for root from 192.109.200.78 port 56176 ssh2
Jun 23 17:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Connection closed by 192.109.200.78 port 56176 [preauth]
Jun 23 17:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8731]: Failed password for root from 192.109.200.78 port 56200 ssh2
Jun 23 17:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8731]: Connection closed by 192.109.200.78 port 56200 [preauth]
Jun 23 17:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Invalid user angel from 192.109.200.78
Jun 23 17:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: input_userauth_request: invalid user angel [preauth]
Jun 23 17:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7418]: pam_unix(cron:session): session closed for user root
Jun 23 17:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Failed password for invalid user angel from 192.109.200.78 port 56256 ssh2
Jun 23 17:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Connection closed by 192.109.200.78 port 56256 [preauth]
Jun 23 17:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: Invalid user web from 192.109.200.78
Jun 23 17:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: input_userauth_request: invalid user web [preauth]
Jun 23 17:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: Received disconnect from 192.210.194.2 port 37340:11: disconnected by user [preauth]
Jun 23 17:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: Disconnected from 192.210.194.2 port 37340 [preauth]
Jun 23 17:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: Failed password for invalid user web from 192.109.200.78 port 49994 ssh2
Jun 23 17:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: Connection closed by 192.109.200.78 port 49994 [preauth]
Jun 23 17:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8777]: Failed password for root from 192.109.200.78 port 50000 ssh2
Jun 23 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8777]: Connection closed by 192.109.200.78 port 50000 [preauth]
Jun 23 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: Invalid user git from 192.109.200.78
Jun 23 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: input_userauth_request: invalid user git [preauth]
Jun 23 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: Failed password for invalid user git from 192.109.200.78 port 50002 ssh2
Jun 23 17:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: Connection closed by 192.109.200.78 port 50002 [preauth]
Jun 23 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Invalid user pi from 192.109.200.78
Jun 23 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: input_userauth_request: invalid user pi [preauth]
Jun 23 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Failed password for invalid user pi from 192.109.200.78 port 33570 ssh2
Jun 23 17:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Connection closed by 192.109.200.78 port 33570 [preauth]
Jun 23 17:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: Invalid user admin from 192.109.200.78
Jun 23 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: Failed password for invalid user admin from 192.109.200.78 port 33582 ssh2
Jun 23 17:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8813]: Connection closed by 192.109.200.78 port 33582 [preauth]
Jun 23 17:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: Failed password for root from 192.109.200.78 port 33590 ssh2
Jun 23 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8823]: Connection closed by 192.109.200.78 port 33590 [preauth]
Jun 23 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: Invalid user dolphinscheduler from 192.109.200.78
Jun 23 17:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 23 17:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: Failed password for invalid user dolphinscheduler from 192.109.200.78 port 42728 ssh2
Jun 23 17:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: Connection closed by 192.109.200.78 port 42728 [preauth]
Jun 23 17:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: Invalid user splunk from 192.109.200.78
Jun 23 17:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: input_userauth_request: invalid user splunk [preauth]
Jun 23 17:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: Failed password for invalid user splunk from 192.109.200.78 port 42744 ssh2
Jun 23 17:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: Connection closed by 192.109.200.78 port 42744 [preauth]
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8842]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8912]: Successful su for rubyman by root
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8912]: + ??? root:rubyman
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578657 of user rubyman.
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8912]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578657.
Jun 23 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: Failed password for invalid user ubuntu from 192.109.200.78 port 42762 ssh2
Jun 23 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8848]: Connection closed by 192.109.200.78 port 42762 [preauth]
Jun 23 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session closed for user root
Jun 23 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: Failed password for root from 192.109.200.78 port 37568 ssh2
Jun 23 17:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: Connection closed by 192.109.200.78 port 37568 [preauth]
Jun 23 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Invalid user server from 192.109.200.78
Jun 23 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: input_userauth_request: invalid user server [preauth]
Jun 23 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for invalid user server from 192.109.200.78 port 37580 ssh2
Jun 23 17:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Connection closed by 192.109.200.78 port 37580 [preauth]
Jun 23 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Invalid user postgres from 192.109.200.78
Jun 23 17:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: input_userauth_request: invalid user postgres [preauth]
Jun 23 17:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Failed password for invalid user postgres from 192.109.200.78 port 37584 ssh2
Jun 23 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Connection closed by 192.109.200.78 port 37584 [preauth]
Jun 23 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: Invalid user minecraft from 192.109.200.78
Jun 23 17:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 17:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: Failed password for invalid user minecraft from 192.109.200.78 port 46678 ssh2
Jun 23 17:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: Connection closed by 192.109.200.78 port 46678 [preauth]
Jun 23 17:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Failed password for root from 192.109.200.78 port 46684 ssh2
Jun 23 17:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Connection closed by 192.109.200.78 port 46684 [preauth]
Jun 23 17:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: Invalid user chris from 192.109.200.78
Jun 23 17:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: input_userauth_request: invalid user chris [preauth]
Jun 23 17:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: Failed password for invalid user chris from 192.109.200.78 port 46688 ssh2
Jun 23 17:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: Connection closed by 192.109.200.78 port 46688 [preauth]
Jun 23 17:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Invalid user test1 from 192.109.200.78
Jun 23 17:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: input_userauth_request: invalid user test1 [preauth]
Jun 23 17:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Failed password for invalid user test1 from 192.109.200.78 port 55236 ssh2
Jun 23 17:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Connection closed by 192.109.200.78 port 55236 [preauth]
Jun 23 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: Invalid user minecraft from 192.109.200.78
Jun 23 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: Failed password for invalid user minecraft from 192.109.200.78 port 55248 ssh2
Jun 23 17:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9163]: Connection closed by 192.109.200.78 port 55248 [preauth]
Jun 23 17:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9175]: Invalid user admin from 91.92.40.11
Jun 23 17:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9175]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9175]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9173]: Failed password for root from 192.109.200.78 port 55250 ssh2
Jun 23 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9173]: Connection closed by 192.109.200.78 port 55250 [preauth]
Jun 23 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7941]: pam_unix(cron:session): session closed for user root
Jun 23 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9175]: Failed password for invalid user admin from 91.92.40.11 port 46978 ssh2
Jun 23 17:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9209]: Invalid user postgres from 192.109.200.78
Jun 23 17:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9209]: input_userauth_request: invalid user postgres [preauth]
Jun 23 17:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9209]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9175]: Connection closed by 91.92.40.11 port 46978 [preauth]
Jun 23 17:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9209]: Failed password for invalid user postgres from 192.109.200.78 port 39432 ssh2
Jun 23 17:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9209]: Connection closed by 192.109.200.78 port 39432 [preauth]
Jun 23 17:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Invalid user gitlab from 192.109.200.78
Jun 23 17:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: input_userauth_request: invalid user gitlab [preauth]
Jun 23 17:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Failed password for invalid user gitlab from 192.109.200.78 port 39444 ssh2
Jun 23 17:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9211]: Connection closed by 192.109.200.78 port 39444 [preauth]
Jun 23 17:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: Invalid user user from 192.109.200.78
Jun 23 17:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: input_userauth_request: invalid user user [preauth]
Jun 23 17:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: Failed password for invalid user user from 192.109.200.78 port 39458 ssh2
Jun 23 17:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9222]: Connection closed by 192.109.200.78 port 39458 [preauth]
Jun 23 17:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: User john from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: input_userauth_request: invalid user john [preauth]
Jun 23 17:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=john
Jun 23 17:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Failed password for invalid user john from 192.109.200.78 port 36562 ssh2
Jun 23 17:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Connection closed by 192.109.200.78 port 36562 [preauth]
Jun 23 17:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Invalid user parsa from 192.109.200.78
Jun 23 17:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: input_userauth_request: invalid user parsa [preauth]
Jun 23 17:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Failed password for invalid user parsa from 192.109.200.78 port 36584 ssh2
Jun 23 17:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Connection closed by 192.109.200.78 port 36584 [preauth]
Jun 23 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: Invalid user deploy from 192.109.200.78
Jun 23 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: Failed password for invalid user deploy from 192.109.200.78 port 36596 ssh2
Jun 23 17:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: Connection closed by 192.109.200.78 port 36596 [preauth]
Jun 23 17:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9261]: Failed password for root from 192.109.200.78 port 56486 ssh2
Jun 23 17:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9261]: Connection closed by 192.109.200.78 port 56486 [preauth]
Jun 23 17:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: Invalid user grok from 192.109.200.78
Jun 23 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: input_userauth_request: invalid user grok [preauth]
Jun 23 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: Failed password for invalid user grok from 192.109.200.78 port 56492 ssh2
Jun 23 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: Connection closed by 192.109.200.78 port 56492 [preauth]
Jun 23 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9350]: Successful su for rubyman by root
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9350]: + ??? root:rubyman
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578661 of user rubyman.
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9350]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578661.
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: Failed password for root from 80.66.85.226 port 52786 ssh2
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Invalid user dev from 192.109.200.78
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: input_userauth_request: invalid user dev [preauth]
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: Connection closed by 80.66.85.226 port 52786 [preauth]
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6426]: pam_unix(cron:session): session closed for user root
Jun 23 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Failed password for invalid user dev from 192.109.200.78 port 56502 ssh2
Jun 23 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Connection closed by 192.109.200.78 port 56502 [preauth]
Jun 23 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: Invalid user admin2 from 192.109.200.78
Jun 23 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: input_userauth_request: invalid user admin2 [preauth]
Jun 23 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9288]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: Failed password for invalid user admin2 from 192.109.200.78 port 58484 ssh2
Jun 23 17:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: Connection closed by 192.109.200.78 port 58484 [preauth]
Jun 23 17:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: Invalid user user2 from 192.109.200.78
Jun 23 17:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: input_userauth_request: invalid user user2 [preauth]
Jun 23 17:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: Failed password for invalid user user2 from 192.109.200.78 port 58494 ssh2
Jun 23 17:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: Connection closed by 192.109.200.78 port 58494 [preauth]
Jun 23 17:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Invalid user admin from 192.109.200.78
Jun 23 17:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Failed password for invalid user admin from 192.109.200.78 port 58506 ssh2
Jun 23 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Connection closed by 192.109.200.78 port 58506 [preauth]
Jun 23 17:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Invalid user frappe from 192.109.200.78
Jun 23 17:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: input_userauth_request: invalid user frappe [preauth]
Jun 23 17:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Failed password for invalid user frappe from 192.109.200.78 port 54188 ssh2
Jun 23 17:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Connection closed by 192.109.200.78 port 54188 [preauth]
Jun 23 17:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: Invalid user server from 192.109.200.78
Jun 23 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: input_userauth_request: invalid user server [preauth]
Jun 23 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: Failed password for invalid user server from 192.109.200.78 port 54204 ssh2
Jun 23 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: Connection closed by 192.109.200.78 port 54204 [preauth]
Jun 23 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9571]: Failed password for root from 192.109.200.78 port 59548 ssh2
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9571]: Connection closed by 192.109.200.78 port 59548 [preauth]
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Invalid user sftpuser from 192.109.200.78
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: input_userauth_request: invalid user sftpuser [preauth]
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Invalid user prospect from 181.188.148.74
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: input_userauth_request: invalid user prospect [preauth]
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Failed password for invalid user prospect from 181.188.148.74 port 45400 ssh2
Jun 23 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Failed password for invalid user sftpuser from 192.109.200.78 port 59560 ssh2
Jun 23 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Connection closed by 192.109.200.78 port 59560 [preauth]
Jun 23 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Received disconnect from 181.188.148.74 port 45400:11: Bye Bye [preauth]
Jun 23 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Disconnected from 181.188.148.74 port 45400 [preauth]
Jun 23 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Invalid user user3 from 192.109.200.78
Jun 23 17:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: input_userauth_request: invalid user user3 [preauth]
Jun 23 17:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Failed password for invalid user user3 from 192.109.200.78 port 59572 ssh2
Jun 23 17:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Connection closed by 192.109.200.78 port 59572 [preauth]
Jun 23 17:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Invalid user teamspeak from 192.109.200.78
Jun 23 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session closed for user root
Jun 23 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Failed password for invalid user teamspeak from 192.109.200.78 port 36358 ssh2
Jun 23 17:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Connection closed by 192.109.200.78 port 36358 [preauth]
Jun 23 17:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: Invalid user user2 from 192.109.200.78
Jun 23 17:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: input_userauth_request: invalid user user2 [preauth]
Jun 23 17:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: Failed password for invalid user user2 from 192.109.200.78 port 36372 ssh2
Jun 23 17:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: Connection closed by 192.109.200.78 port 36372 [preauth]
Jun 23 17:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: Invalid user dev from 192.109.200.78
Jun 23 17:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: input_userauth_request: invalid user dev [preauth]
Jun 23 17:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: Failed password for invalid user dev from 192.109.200.78 port 36384 ssh2
Jun 23 17:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: Connection closed by 192.109.200.78 port 36384 [preauth]
Jun 23 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: Invalid user deployer from 192.109.200.78
Jun 23 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: input_userauth_request: invalid user deployer [preauth]
Jun 23 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: Failed password for invalid user deployer from 192.109.200.78 port 56812 ssh2
Jun 23 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9649]: Connection closed by 192.109.200.78 port 56812 [preauth]
Jun 23 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Invalid user test from 192.109.200.78
Jun 23 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: input_userauth_request: invalid user test [preauth]
Jun 23 17:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Failed password for invalid user test from 192.109.200.78 port 56830 ssh2
Jun 23 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Connection closed by 192.109.200.78 port 56830 [preauth]
Jun 23 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Invalid user dmdba from 192.109.200.78
Jun 23 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: input_userauth_request: invalid user dmdba [preauth]
Jun 23 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Failed password for invalid user dmdba from 192.109.200.78 port 56846 ssh2
Jun 23 17:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Connection closed by 192.109.200.78 port 56846 [preauth]
Jun 23 17:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: Invalid user mc from 192.109.200.78
Jun 23 17:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: input_userauth_request: invalid user mc [preauth]
Jun 23 17:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: Failed password for invalid user mc from 192.109.200.78 port 36350 ssh2
Jun 23 17:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: Connection closed by 192.109.200.78 port 36350 [preauth]
Jun 23 17:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: Invalid user tester from 192.109.200.78
Jun 23 17:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: input_userauth_request: invalid user tester [preauth]
Jun 23 17:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: Failed password for invalid user tester from 192.109.200.78 port 36360 ssh2
Jun 23 17:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: Connection closed by 192.109.200.78 port 36360 [preauth]
Jun 23 17:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: Invalid user admin from 91.92.40.11
Jun 23 17:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9713]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Failed password for root from 192.109.200.78 port 36372 ssh2
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Connection closed by 192.109.200.78 port 36372 [preauth]
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9836]: Successful su for rubyman by root
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9836]: + ??? root:rubyman
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578665 of user rubyman.
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9836]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578665.
Jun 23 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9713]: pam_unix(cron:session): session closed for user root
Jun 23 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: Failed password for invalid user admin from 91.92.40.11 port 45780 ssh2
Jun 23 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: Connection closed by 91.92.40.11 port 45780 [preauth]
Jun 23 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6873]: pam_unix(cron:session): session closed for user root
Jun 23 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: Failed password for root from 192.109.200.78 port 34412 ssh2
Jun 23 17:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: Connection closed by 192.109.200.78 port 34412 [preauth]
Jun 23 17:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9716]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Failed password for invalid user ubuntu from 192.109.200.78 port 34418 ssh2
Jun 23 17:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Connection closed by 192.109.200.78 port 34418 [preauth]
Jun 23 17:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Invalid user zahra from 192.109.200.78
Jun 23 17:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: input_userauth_request: invalid user zahra [preauth]
Jun 23 17:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Failed password for invalid user zahra from 192.109.200.78 port 34424 ssh2
Jun 23 17:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Connection closed by 192.109.200.78 port 34424 [preauth]
Jun 23 17:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: Failed password for root from 192.109.200.78 port 45244 ssh2
Jun 23 17:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: Connection closed by 192.109.200.78 port 45244 [preauth]
Jun 23 17:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Invalid user fahmi from 192.109.200.78
Jun 23 17:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: input_userauth_request: invalid user fahmi [preauth]
Jun 23 17:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Failed password for invalid user fahmi from 192.109.200.78 port 45248 ssh2
Jun 23 17:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Connection closed by 192.109.200.78 port 45248 [preauth]
Jun 23 17:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Invalid user admin from 192.109.200.78
Jun 23 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Failed password for invalid user admin from 192.109.200.78 port 45260 ssh2
Jun 23 17:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Connection closed by 192.109.200.78 port 45260 [preauth]
Jun 23 17:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Invalid user linux from 192.109.200.78
Jun 23 17:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: input_userauth_request: invalid user linux [preauth]
Jun 23 17:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Failed password for invalid user linux from 192.109.200.78 port 42812 ssh2
Jun 23 17:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Connection closed by 192.109.200.78 port 42812 [preauth]
Jun 23 17:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10395]: Invalid user deploy from 192.109.200.78
Jun 23 17:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10395]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10395]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10395]: Failed password for invalid user deploy from 192.109.200.78 port 42822 ssh2
Jun 23 17:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10395]: Connection closed by 192.109.200.78 port 42822 [preauth]
Jun 23 17:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: Invalid user ftpuser from 192.109.200.78
Jun 23 17:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 17:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: Failed password for invalid user ftpuser from 192.109.200.78 port 42836 ssh2
Jun 23 17:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: Connection closed by 192.109.200.78 port 42836 [preauth]
Jun 23 17:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: Invalid user rdpuser from 192.109.200.78
Jun 23 17:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 17:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8845]: pam_unix(cron:session): session closed for user root
Jun 23 17:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: Failed password for invalid user rdpuser from 192.109.200.78 port 36514 ssh2
Jun 23 17:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: Connection closed by 192.109.200.78 port 36514 [preauth]
Jun 23 17:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Invalid user openclaw from 192.109.200.78
Jun 23 17:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 17:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Failed password for invalid user openclaw from 192.109.200.78 port 36534 ssh2
Jun 23 17:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Connection closed by 192.109.200.78 port 36534 [preauth]
Jun 23 17:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: User nobody from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: input_userauth_request: invalid user nobody [preauth]
Jun 23 17:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=nobody
Jun 23 17:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Failed password for invalid user nobody from 192.109.200.78 port 36556 ssh2
Jun 23 17:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Connection closed by 192.109.200.78 port 36556 [preauth]
Jun 23 17:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Invalid user clawdbot from 192.109.200.78
Jun 23 17:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: input_userauth_request: invalid user clawdbot [preauth]
Jun 23 17:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Failed password for invalid user clawdbot from 192.109.200.78 port 56168 ssh2
Jun 23 17:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Connection closed by 192.109.200.78 port 56168 [preauth]
Jun 23 17:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: Failed password for invalid user ubuntu from 192.109.200.78 port 56172 ssh2
Jun 23 17:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: Connection closed by 192.109.200.78 port 56172 [preauth]
Jun 23 17:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: Invalid user alex from 192.109.200.78
Jun 23 17:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: input_userauth_request: invalid user alex [preauth]
Jun 23 17:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: Failed password for invalid user alex from 192.109.200.78 port 56182 ssh2
Jun 23 17:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10479]: Connection closed by 192.109.200.78 port 56182 [preauth]
Jun 23 17:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Failed password for root from 192.109.200.78 port 46246 ssh2
Jun 23 17:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Connection closed by 192.109.200.78 port 46246 [preauth]
Jun 23 17:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: Invalid user deploy from 192.109.200.78
Jun 23 17:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: Failed password for invalid user deploy from 192.109.200.78 port 46260 ssh2
Jun 23 17:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: Connection closed by 192.109.200.78 port 46260 [preauth]
Jun 23 17:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: User mysql from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: input_userauth_request: invalid user mysql [preauth]
Jun 23 17:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=mysql
Jun 23 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: Failed password for invalid user mysql from 192.109.200.78 port 46272 ssh2
Jun 23 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: Connection closed by 192.109.200.78 port 46272 [preauth]
Jun 23 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10512]: pam_unix(cron:session): session closed for user root
Jun 23 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10506]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10581]: Successful su for rubyman by root
Jun 23 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10581]: + ??? root:rubyman
Jun 23 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578672 of user rubyman.
Jun 23 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10581]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578672.
Jun 23 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10595]: Invalid user deploy from 192.109.200.78
Jun 23 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10595]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10595]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10509]: pam_unix(cron:session): session closed for user root
Jun 23 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7417]: pam_unix(cron:session): session closed for user root
Jun 23 17:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10595]: Failed password for invalid user deploy from 192.109.200.78 port 48938 ssh2
Jun 23 17:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10595]: Connection closed by 192.109.200.78 port 48938 [preauth]
Jun 23 17:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: Invalid user test1 from 192.109.200.78
Jun 23 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: input_userauth_request: invalid user test1 [preauth]
Jun 23 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10507]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: Failed password for invalid user test1 from 192.109.200.78 port 48942 ssh2
Jun 23 17:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: Connection closed by 192.109.200.78 port 48942 [preauth]
Jun 23 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Invalid user admin from 192.109.200.78
Jun 23 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Failed password for invalid user admin from 192.109.200.78 port 48950 ssh2
Jun 23 17:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Connection closed by 192.109.200.78 port 48950 [preauth]
Jun 23 17:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Invalid user user3 from 192.109.200.78
Jun 23 17:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: input_userauth_request: invalid user user3 [preauth]
Jun 23 17:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Failed password for invalid user user3 from 192.109.200.78 port 53276 ssh2
Jun 23 17:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Connection closed by 192.109.200.78 port 53276 [preauth]
Jun 23 17:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Invalid user user from 192.109.200.78
Jun 23 17:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: input_userauth_request: invalid user user [preauth]
Jun 23 17:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Failed password for invalid user user from 192.109.200.78 port 53292 ssh2
Jun 23 17:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Connection closed by 192.109.200.78 port 53292 [preauth]
Jun 23 17:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: User ftp from 192.109.200.78 not allowed because not listed in AllowUsers
Jun 23 17:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: input_userauth_request: invalid user ftp [preauth]
Jun 23 17:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=ftp
Jun 23 17:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: Failed password for invalid user ftp from 192.109.200.78 port 53294 ssh2
Jun 23 17:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: Connection closed by 192.109.200.78 port 53294 [preauth]
Jun 23 17:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Invalid user security from 192.109.200.78
Jun 23 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: input_userauth_request: invalid user security [preauth]
Jun 23 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Failed password for invalid user security from 192.109.200.78 port 57268 ssh2
Jun 23 17:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Connection closed by 192.109.200.78 port 57268 [preauth]
Jun 23 17:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: Invalid user aaa from 192.109.200.78
Jun 23 17:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: input_userauth_request: invalid user aaa [preauth]
Jun 23 17:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: Invalid user admin from 91.92.40.11
Jun 23 17:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: Failed password for invalid user aaa from 192.109.200.78 port 57282 ssh2
Jun 23 17:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: Connection closed by 192.109.200.78 port 57282 [preauth]
Jun 23 17:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10890]: Invalid user sdadmin from 192.109.200.78
Jun 23 17:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10890]: input_userauth_request: invalid user sdadmin [preauth]
Jun 23 17:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10890]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: Failed password for invalid user admin from 91.92.40.11 port 39506 ssh2
Jun 23 17:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10888]: Connection closed by 91.92.40.11 port 39506 [preauth]
Jun 23 17:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10890]: Failed password for invalid user sdadmin from 192.109.200.78 port 57284 ssh2
Jun 23 17:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10890]: Connection closed by 192.109.200.78 port 57284 [preauth]
Jun 23 17:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: Invalid user uploader from 192.109.200.78
Jun 23 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: input_userauth_request: invalid user uploader [preauth]
Jun 23 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session closed for user root
Jun 23 17:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: Failed password for invalid user uploader from 192.109.200.78 port 33848 ssh2
Jun 23 17:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: Connection closed by 192.109.200.78 port 33848 [preauth]
Jun 23 17:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Invalid user nvidia from 192.109.200.78
Jun 23 17:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: input_userauth_request: invalid user nvidia [preauth]
Jun 23 17:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 17:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Failed password for invalid user nvidia from 192.109.200.78 port 33856 ssh2
Jun 23 17:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Failed password for root from 103.15.222.183 port 51702 ssh2
Jun 23 17:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Connection closed by 192.109.200.78 port 33856 [preauth]
Jun 23 17:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Connection closed by 103.15.222.183 port 51702 [preauth]
Jun 23 17:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 17:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Received disconnect from 154.16.119.22 port 38434:11: disconnected by user [preauth]
Jun 23 17:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Disconnected from 154.16.119.22 port 38434 [preauth]
Jun 23 17:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Failed password for root from 192.109.200.78 port 33860 ssh2
Jun 23 17:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Failed password for root from 103.153.68.219 port 47724 ssh2
Jun 23 17:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Connection closed by 192.109.200.78 port 33860 [preauth]
Jun 23 17:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Connection closed by 103.153.68.219 port 47724 [preauth]
Jun 23 17:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: Invalid user hadoop from 192.109.200.78
Jun 23 17:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 17:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: Failed password for invalid user hadoop from 192.109.200.78 port 57852 ssh2
Jun 23 17:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10952]: Connection closed by 192.109.200.78 port 57852 [preauth]
Jun 23 17:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Invalid user ts3 from 192.109.200.78
Jun 23 17:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 17:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Failed password for invalid user ts3 from 192.109.200.78 port 57868 ssh2
Jun 23 17:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Connection closed by 192.109.200.78 port 57868 [preauth]
Jun 23 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Invalid user admin from 192.109.200.78
Jun 23 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: Invalid user webstore from 181.188.148.74
Jun 23 17:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: input_userauth_request: invalid user webstore [preauth]
Jun 23 17:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Failed password for invalid user admin from 192.109.200.78 port 57880 ssh2
Jun 23 17:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Connection closed by 192.109.200.78 port 57880 [preauth]
Jun 23 17:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: Failed password for invalid user webstore from 181.188.148.74 port 44954 ssh2
Jun 23 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: Received disconnect from 181.188.148.74 port 44954:11: Bye Bye [preauth]
Jun 23 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: Disconnected from 181.188.148.74 port 44954 [preauth]
Jun 23 17:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Failed password for invalid user ubuntu from 192.109.200.78 port 53196 ssh2
Jun 23 17:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Connection closed by 192.109.200.78 port 53196 [preauth]
Jun 23 17:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Invalid user server from 192.109.200.78
Jun 23 17:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: input_userauth_request: invalid user server [preauth]
Jun 23 17:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Failed password for invalid user server from 192.109.200.78 port 53222 ssh2
Jun 23 17:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Connection closed by 192.109.200.78 port 53222 [preauth]
Jun 23 17:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11020]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11092]: Successful su for rubyman by root
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11092]: + ??? root:rubyman
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578677 of user rubyman.
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11092]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578677.
Jun 23 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: Failed password for invalid user ubuntu from 192.109.200.78 port 53246 ssh2
Jun 23 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: Connection closed by 192.109.200.78 port 53246 [preauth]
Jun 23 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: Invalid user ec2-user from 192.109.200.78
Jun 23 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: input_userauth_request: invalid user ec2-user [preauth]
Jun 23 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7940]: pam_unix(cron:session): session closed for user root
Jun 23 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11021]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: Failed password for invalid user ec2-user from 192.109.200.78 port 42616 ssh2
Jun 23 17:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: Connection closed by 192.109.200.78 port 42616 [preauth]
Jun 23 17:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Invalid user postgres from 192.109.200.78
Jun 23 17:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: input_userauth_request: invalid user postgres [preauth]
Jun 23 17:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Failed password for invalid user postgres from 192.109.200.78 port 42620 ssh2
Jun 23 17:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Connection closed by 192.109.200.78 port 42620 [preauth]
Jun 23 17:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: Invalid user admin from 192.109.200.78
Jun 23 17:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: Failed password for invalid user admin from 192.109.200.78 port 42630 ssh2
Jun 23 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: Connection closed by 192.109.200.78 port 42630 [preauth]
Jun 23 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11303]: Invalid user ts from 192.109.200.78
Jun 23 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11303]: input_userauth_request: invalid user ts [preauth]
Jun 23 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11303]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11303]: Failed password for invalid user ts from 192.109.200.78 port 57126 ssh2
Jun 23 17:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11303]: Connection closed by 192.109.200.78 port 57126 [preauth]
Jun 23 17:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: Failed password for root from 192.109.200.78 port 57158 ssh2
Jun 23 17:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: Connection closed by 192.109.200.78 port 57158 [preauth]
Jun 23 17:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Failed password for root from 192.109.200.78 port 57170 ssh2
Jun 23 17:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Connection closed by 192.109.200.78 port 57170 [preauth]
Jun 23 17:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: Failed password for root from 192.109.200.78 port 52118 ssh2
Jun 23 17:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: Connection closed by 192.109.200.78 port 52118 [preauth]
Jun 23 17:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: Failed password for root from 192.109.200.78 port 52134 ssh2
Jun 23 17:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: Connection closed by 192.109.200.78 port 52134 [preauth]
Jun 23 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: Invalid user deploy from 192.109.200.78
Jun 23 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: Failed password for invalid user deploy from 192.109.200.78 port 52142 ssh2
Jun 23 17:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: Connection closed by 192.109.200.78 port 52142 [preauth]
Jun 23 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session closed for user root
Jun 23 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: Invalid user admin from 192.109.200.78
Jun 23 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: Failed password for invalid user admin from 192.109.200.78 port 40316 ssh2
Jun 23 17:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: Connection closed by 192.109.200.78 port 40316 [preauth]
Jun 23 17:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Invalid user operator from 192.109.200.78
Jun 23 17:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: input_userauth_request: invalid user operator [preauth]
Jun 23 17:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Failed password for invalid user operator from 192.109.200.78 port 40326 ssh2
Jun 23 17:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Connection closed by 192.109.200.78 port 40326 [preauth]
Jun 23 17:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Invalid user ai from 192.109.200.78
Jun 23 17:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: input_userauth_request: invalid user ai [preauth]
Jun 23 17:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Failed password for invalid user ai from 192.109.200.78 port 40334 ssh2
Jun 23 17:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Connection closed by 192.109.200.78 port 40334 [preauth]
Jun 23 17:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: Invalid user newuser from 192.109.200.78
Jun 23 17:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: input_userauth_request: invalid user newuser [preauth]
Jun 23 17:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: Failed password for invalid user newuser from 192.109.200.78 port 49918 ssh2
Jun 23 17:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: Connection closed by 192.109.200.78 port 49918 [preauth]
Jun 23 17:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Invalid user deploy from 192.109.200.78
Jun 23 17:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Failed password for invalid user deploy from 192.109.200.78 port 49930 ssh2
Jun 23 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: Invalid user admin from 91.92.40.11
Jun 23 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Connection closed by 192.109.200.78 port 49930 [preauth]
Jun 23 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Invalid user cloud from 192.109.200.78
Jun 23 17:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: input_userauth_request: invalid user cloud [preauth]
Jun 23 17:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: Failed password for invalid user admin from 91.92.40.11 port 53162 ssh2
Jun 23 17:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: Connection closed by 91.92.40.11 port 53162 [preauth]
Jun 23 17:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Failed password for invalid user cloud from 192.109.200.78 port 49934 ssh2
Jun 23 17:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Connection closed by 192.109.200.78 port 49934 [preauth]
Jun 23 17:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: Invalid user trinity from 192.109.200.78
Jun 23 17:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: input_userauth_request: invalid user trinity [preauth]
Jun 23 17:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: Failed password for invalid user trinity from 192.109.200.78 port 40538 ssh2
Jun 23 17:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: Connection closed by 192.109.200.78 port 40538 [preauth]
Jun 23 17:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Invalid user elastic from 192.109.200.78
Jun 23 17:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: input_userauth_request: invalid user elastic [preauth]
Jun 23 17:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Failed password for invalid user elastic from 192.109.200.78 port 40558 ssh2
Jun 23 17:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Connection closed by 192.109.200.78 port 40558 [preauth]
Jun 23 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11493]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11550]: Successful su for rubyman by root
Jun 23 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11550]: + ??? root:rubyman
Jun 23 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578680 of user rubyman.
Jun 23 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11550]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578680.
Jun 23 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: Failed password for root from 192.109.200.78 port 40578 ssh2
Jun 23 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: Connection closed by 192.109.200.78 port 40578 [preauth]
Jun 23 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8404]: pam_unix(cron:session): session closed for user root
Jun 23 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: Invalid user gitlab from 192.109.200.78
Jun 23 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: input_userauth_request: invalid user gitlab [preauth]
Jun 23 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11494]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: Failed password for invalid user gitlab from 192.109.200.78 port 53070 ssh2
Jun 23 17:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: Connection closed by 192.109.200.78 port 53070 [preauth]
Jun 23 17:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Invalid user openclaw from 192.109.200.78
Jun 23 17:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 17:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Failed password for invalid user openclaw from 192.109.200.78 port 53074 ssh2
Jun 23 17:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Connection closed by 192.109.200.78 port 53074 [preauth]
Jun 23 17:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: Invalid user fastuser from 192.109.200.78
Jun 23 17:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: input_userauth_request: invalid user fastuser [preauth]
Jun 23 17:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: Failed password for invalid user fastuser from 192.109.200.78 port 53082 ssh2
Jun 23 17:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: Connection closed by 192.109.200.78 port 53082 [preauth]
Jun 23 17:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: Invalid user airflow from 192.109.200.78
Jun 23 17:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: input_userauth_request: invalid user airflow [preauth]
Jun 23 17:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: Failed password for invalid user airflow from 192.109.200.78 port 47832 ssh2
Jun 23 17:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: Connection closed by 192.109.200.78 port 47832 [preauth]
Jun 23 17:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Failed password for root from 192.109.200.78 port 47844 ssh2
Jun 23 17:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Connection closed by 192.109.200.78 port 47844 [preauth]
Jun 23 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Invalid user lineage2 from 117.33.242.180
Jun 23 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: input_userauth_request: invalid user lineage2 [preauth]
Jun 23 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.33.242.180
Jun 23 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Failed password for invalid user lineage2 from 117.33.242.180 port 38312 ssh2
Jun 23 17:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Received disconnect from 117.33.242.180 port 38312:11: Bye Bye [preauth]
Jun 23 17:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Disconnected from 117.33.242.180 port 38312 [preauth]
Jun 23 17:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Failed password for root from 192.109.200.78 port 47850 ssh2
Jun 23 17:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Connection closed by 192.109.200.78 port 47850 [preauth]
Jun 23 17:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: Failed password for root from 192.109.200.78 port 52654 ssh2
Jun 23 17:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: Connection closed by 192.109.200.78 port 52654 [preauth]
Jun 23 17:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: Invalid user user from 192.109.200.78
Jun 23 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: input_userauth_request: invalid user user [preauth]
Jun 23 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: Failed password for invalid user user from 192.109.200.78 port 52660 ssh2
Jun 23 17:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: Connection closed by 192.109.200.78 port 52660 [preauth]
Jun 23 17:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Failed password for root from 192.109.200.78 port 52674 ssh2
Jun 23 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Connection closed by 192.109.200.78 port 52674 [preauth]
Jun 23 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10511]: pam_unix(cron:session): session closed for user root
Jun 23 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Invalid user monitor from 192.109.200.78
Jun 23 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: input_userauth_request: invalid user monitor [preauth]
Jun 23 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Failed password for invalid user monitor from 192.109.200.78 port 59908 ssh2
Jun 23 17:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Connection closed by 192.109.200.78 port 59908 [preauth]
Jun 23 17:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: Invalid user portal from 192.109.200.78
Jun 23 17:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: input_userauth_request: invalid user portal [preauth]
Jun 23 17:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: Failed password for invalid user portal from 192.109.200.78 port 59922 ssh2
Jun 23 17:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: Connection closed by 192.109.200.78 port 59922 [preauth]
Jun 23 17:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: Invalid user postgres from 192.109.200.78
Jun 23 17:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: input_userauth_request: invalid user postgres [preauth]
Jun 23 17:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: Failed password for invalid user postgres from 192.109.200.78 port 59938 ssh2
Jun 23 17:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: Connection closed by 192.109.200.78 port 59938 [preauth]
Jun 23 17:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: Invalid user administrator from 192.109.200.78
Jun 23 17:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: input_userauth_request: invalid user administrator [preauth]
Jun 23 17:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: Failed password for invalid user administrator from 192.109.200.78 port 41956 ssh2
Jun 23 17:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: Connection closed by 192.109.200.78 port 41956 [preauth]
Jun 23 17:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Invalid user user4 from 192.109.200.78
Jun 23 17:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: input_userauth_request: invalid user user4 [preauth]
Jun 23 17:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Failed password for invalid user user4 from 192.109.200.78 port 41958 ssh2
Jun 23 17:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Connection closed by 192.109.200.78 port 41958 [preauth]
Jun 23 17:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Invalid user bitrix from 192.109.200.78
Jun 23 17:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: input_userauth_request: invalid user bitrix [preauth]
Jun 23 17:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Failed password for invalid user bitrix from 192.109.200.78 port 41972 ssh2
Jun 23 17:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Connection closed by 192.109.200.78 port 41972 [preauth]
Jun 23 17:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: Invalid user adminuser from 192.109.200.78
Jun 23 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: input_userauth_request: invalid user adminuser [preauth]
Jun 23 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: Failed password for invalid user adminuser from 192.109.200.78 port 47900 ssh2
Jun 23 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: Connection closed by 192.109.200.78 port 47900 [preauth]
Jun 23 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Invalid user user1 from 192.109.200.78
Jun 23 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: input_userauth_request: invalid user user1 [preauth]
Jun 23 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Failed password for invalid user user1 from 192.109.200.78 port 47902 ssh2
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Connection closed by 192.109.200.78 port 47902 [preauth]
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11986]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11984]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12045]: Successful su for rubyman by root
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12045]: + ??? root:rubyman
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578685 of user rubyman.
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12045]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578685.
Jun 23 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Failed password for root from 192.109.200.78 port 47906 ssh2
Jun 23 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Connection closed by 192.109.200.78 port 47906 [preauth]
Jun 23 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8844]: pam_unix(cron:session): session closed for user root
Jun 23 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: Invalid user admin1 from 192.109.200.78
Jun 23 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11985]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: Failed password for invalid user admin1 from 192.109.200.78 port 36684 ssh2
Jun 23 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12208]: Connection closed by 192.109.200.78 port 36684 [preauth]
Jun 23 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: Invalid user installer from 192.109.200.78
Jun 23 17:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: input_userauth_request: invalid user installer [preauth]
Jun 23 17:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: Failed password for invalid user installer from 192.109.200.78 port 36696 ssh2
Jun 23 17:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: Connection closed by 192.109.200.78 port 36696 [preauth]
Jun 23 17:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Invalid user admin from 91.92.40.11
Jun 23 17:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: Invalid user gitlab-runner from 192.109.200.78
Jun 23 17:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 23 17:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Failed password for invalid user admin from 91.92.40.11 port 33388 ssh2
Jun 23 17:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: Failed password for invalid user gitlab-runner from 192.109.200.78 port 36710 ssh2
Jun 23 17:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Connection closed by 91.92.40.11 port 33388 [preauth]
Jun 23 17:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: Connection closed by 192.109.200.78 port 36710 [preauth]
Jun 23 17:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: Invalid user root1 from 192.109.200.78
Jun 23 17:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: input_userauth_request: invalid user root1 [preauth]
Jun 23 17:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: Failed password for invalid user root1 from 192.109.200.78 port 42996 ssh2
Jun 23 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: Connection closed by 192.109.200.78 port 42996 [preauth]
Jun 23 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Invalid user frank from 192.109.200.78
Jun 23 17:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: input_userauth_request: invalid user frank [preauth]
Jun 23 17:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: Invalid user six from 181.188.148.74
Jun 23 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: input_userauth_request: invalid user six [preauth]
Jun 23 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Failed password for invalid user frank from 192.109.200.78 port 43002 ssh2
Jun 23 17:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Connection closed by 192.109.200.78 port 43002 [preauth]
Jun 23 17:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: Failed password for invalid user six from 181.188.148.74 port 50876 ssh2
Jun 23 17:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: Received disconnect from 181.188.148.74 port 50876:11: Bye Bye [preauth]
Jun 23 17:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: Disconnected from 181.188.148.74 port 50876 [preauth]
Jun 23 17:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: Invalid user manoj from 192.109.200.78
Jun 23 17:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: input_userauth_request: invalid user manoj [preauth]
Jun 23 17:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: Failed password for invalid user manoj from 192.109.200.78 port 43008 ssh2
Jun 23 17:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: Connection closed by 192.109.200.78 port 43008 [preauth]
Jun 23 17:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Invalid user app from 192.109.200.78
Jun 23 17:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: input_userauth_request: invalid user app [preauth]
Jun 23 17:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Failed password for invalid user app from 192.109.200.78 port 42374 ssh2
Jun 23 17:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Connection closed by 192.109.200.78 port 42374 [preauth]
Jun 23 17:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: Failed password for root from 192.109.200.78 port 42384 ssh2
Jun 23 17:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: Connection closed by 192.109.200.78 port 42384 [preauth]
Jun 23 17:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Invalid user worker from 192.109.200.78
Jun 23 17:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: input_userauth_request: invalid user worker [preauth]
Jun 23 17:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session closed for user root
Jun 23 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Failed password for invalid user worker from 192.109.200.78 port 42392 ssh2
Jun 23 17:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Connection closed by 192.109.200.78 port 42392 [preauth]
Jun 23 17:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: Failed password for root from 192.109.200.78 port 39256 ssh2
Jun 23 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: Connection closed by 192.109.200.78 port 39256 [preauth]
Jun 23 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Invalid user pi from 192.109.200.78
Jun 23 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: input_userauth_request: invalid user pi [preauth]
Jun 23 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Failed password for invalid user pi from 192.109.200.78 port 39268 ssh2
Jun 23 17:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Connection closed by 192.109.200.78 port 39268 [preauth]
Jun 23 17:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: Invalid user teamspeak from 192.109.200.78
Jun 23 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: Failed password for invalid user teamspeak from 192.109.200.78 port 39276 ssh2
Jun 23 17:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: Connection closed by 192.109.200.78 port 39276 [preauth]
Jun 23 17:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Invalid user devops from 192.109.200.78
Jun 23 17:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: input_userauth_request: invalid user devops [preauth]
Jun 23 17:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Failed password for invalid user devops from 192.109.200.78 port 56218 ssh2
Jun 23 17:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Connection closed by 192.109.200.78 port 56218 [preauth]
Jun 23 17:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: Failed password for root from 192.109.200.78 port 56242 ssh2
Jun 23 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: Connection closed by 192.109.200.78 port 56242 [preauth]
Jun 23 17:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: Failed password for root from 192.109.200.78 port 56258 ssh2
Jun 23 17:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: Connection closed by 192.109.200.78 port 56258 [preauth]
Jun 23 17:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Invalid user user from 192.109.200.78
Jun 23 17:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: input_userauth_request: invalid user user [preauth]
Jun 23 17:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Failed password for invalid user user from 192.109.200.78 port 39110 ssh2
Jun 23 17:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Connection closed by 192.109.200.78 port 39110 [preauth]
Jun 23 17:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Invalid user admin from 192.109.200.78
Jun 23 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Failed password for invalid user admin from 192.109.200.78 port 39122 ssh2
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Connection closed by 192.109.200.78 port 39122 [preauth]
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12608]: Successful su for rubyman by root
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12608]: + ??? root:rubyman
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578688 of user rubyman.
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12608]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578688.
Jun 23 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: Invalid user bob from 192.109.200.78
Jun 23 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: input_userauth_request: invalid user bob [preauth]
Jun 23 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: Failed password for invalid user bob from 192.109.200.78 port 39132 ssh2
Jun 23 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: Connection closed by 192.109.200.78 port 39132 [preauth]
Jun 23 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session closed for user root
Jun 23 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: Invalid user deploy from 192.109.200.78
Jun 23 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: Failed password for invalid user deploy from 192.109.200.78 port 47064 ssh2
Jun 23 17:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: Connection closed by 192.109.200.78 port 47064 [preauth]
Jun 23 17:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Invalid user karel from 192.109.200.78
Jun 23 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: input_userauth_request: invalid user karel [preauth]
Jun 23 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Failed password for invalid user karel from 192.109.200.78 port 47086 ssh2
Jun 23 17:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Connection closed by 192.109.200.78 port 47086 [preauth]
Jun 23 17:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Failed password for root from 192.109.200.78 port 47104 ssh2
Jun 23 17:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Connection closed by 192.109.200.78 port 47104 [preauth]
Jun 23 17:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Invalid user root1 from 192.109.200.78
Jun 23 17:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: input_userauth_request: invalid user root1 [preauth]
Jun 23 17:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Failed password for invalid user root1 from 192.109.200.78 port 46116 ssh2
Jun 23 17:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Connection closed by 192.109.200.78 port 46116 [preauth]
Jun 23 17:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Invalid user plex from 192.109.200.78
Jun 23 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: input_userauth_request: invalid user plex [preauth]
Jun 23 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Failed password for invalid user plex from 192.109.200.78 port 46128 ssh2
Jun 23 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Connection closed by 192.109.200.78 port 46128 [preauth]
Jun 23 17:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: Failed password for root from 192.109.200.78 port 39778 ssh2
Jun 23 17:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: Connection closed by 192.109.200.78 port 39778 [preauth]
Jun 23 17:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: Invalid user tactical from 192.109.200.78
Jun 23 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: input_userauth_request: invalid user tactical [preauth]
Jun 23 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: Failed password for invalid user tactical from 192.109.200.78 port 39784 ssh2
Jun 23 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: Connection closed by 192.109.200.78 port 39784 [preauth]
Jun 23 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Invalid user core from 192.109.200.78
Jun 23 17:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: input_userauth_request: invalid user core [preauth]
Jun 23 17:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Failed password for invalid user core from 192.109.200.78 port 39786 ssh2
Jun 23 17:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Connection closed by 192.109.200.78 port 39786 [preauth]
Jun 23 17:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: Invalid user admin from 91.92.40.11
Jun 23 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Invalid user reza from 192.109.200.78
Jun 23 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: input_userauth_request: invalid user reza [preauth]
Jun 23 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session closed for user root
Jun 23 17:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: Failed password for invalid user admin from 91.92.40.11 port 46000 ssh2
Jun 23 17:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Failed password for invalid user reza from 192.109.200.78 port 41174 ssh2
Jun 23 17:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12891]: Connection closed by 91.92.40.11 port 46000 [preauth]
Jun 23 17:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Connection closed by 192.109.200.78 port 41174 [preauth]
Jun 23 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: Failed password for root from 192.109.200.78 port 41194 ssh2
Jun 23 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: Connection closed by 192.109.200.78 port 41194 [preauth]
Jun 23 17:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: Failed password for root from 192.109.200.78 port 41210 ssh2
Jun 23 17:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: Connection closed by 192.109.200.78 port 41210 [preauth]
Jun 23 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Invalid user deploy from 192.109.200.78
Jun 23 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Failed password for invalid user deploy from 192.109.200.78 port 51858 ssh2
Jun 23 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Connection closed by 192.109.200.78 port 51858 [preauth]
Jun 23 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: Invalid user dani from 192.109.200.78
Jun 23 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: input_userauth_request: invalid user dani [preauth]
Jun 23 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: Failed password for invalid user dani from 192.109.200.78 port 51874 ssh2
Jun 23 17:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: Connection closed by 192.109.200.78 port 51874 [preauth]
Jun 23 17:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Invalid user btc from 192.109.200.78
Jun 23 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: input_userauth_request: invalid user btc [preauth]
Jun 23 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Failed password for invalid user btc from 192.109.200.78 port 51882 ssh2
Jun 23 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Connection closed by 192.109.200.78 port 51882 [preauth]
Jun 23 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Invalid user kim from 192.109.200.78
Jun 23 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: input_userauth_request: invalid user kim [preauth]
Jun 23 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Failed password for invalid user kim from 192.109.200.78 port 48150 ssh2
Jun 23 17:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Connection closed by 192.109.200.78 port 48150 [preauth]
Jun 23 17:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: Failed password for root from 192.109.200.78 port 48166 ssh2
Jun 23 17:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: Connection closed by 192.109.200.78 port 48166 [preauth]
Jun 23 17:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: Invalid user arthur from 192.109.200.78
Jun 23 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: input_userauth_request: invalid user arthur [preauth]
Jun 23 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: Failed password for invalid user arthur from 192.109.200.78 port 48178 ssh2
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13000]: pam_unix(cron:session): session closed for user root
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: Connection closed by 192.109.200.78 port 48178 [preauth]
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12995]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13066]: Successful su for rubyman by root
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13066]: + ??? root:rubyman
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578694 of user rubyman.
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13066]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578694.
Jun 23 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78  user=root
Jun 23 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session closed for user root
Jun 23 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9717]: pam_unix(cron:session): session closed for user root
Jun 23 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13102]: Failed password for root from 192.109.200.78 port 55852 ssh2
Jun 23 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13102]: Connection closed by 192.109.200.78 port 55852 [preauth]
Jun 23 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: Invalid user fastuser from 192.109.200.78
Jun 23 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: input_userauth_request: invalid user fastuser [preauth]
Jun 23 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: Failed password for invalid user fastuser from 192.109.200.78 port 55856 ssh2
Jun 23 17:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: Connection closed by 192.109.200.78 port 55856 [preauth]
Jun 23 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Invalid user ubuntu from 192.109.200.78
Jun 23 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Failed password for invalid user ubuntu from 192.109.200.78 port 55872 ssh2
Jun 23 17:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Connection closed by 192.109.200.78 port 55872 [preauth]
Jun 23 17:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: Invalid user deploy from 192.109.200.78
Jun 23 17:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: Failed password for invalid user deploy from 192.109.200.78 port 37784 ssh2
Jun 23 17:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: Connection closed by 192.109.200.78 port 37784 [preauth]
Jun 23 17:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Invalid user deploy from 192.109.200.78
Jun 23 17:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: input_userauth_request: invalid user deploy [preauth]
Jun 23 17:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Failed password for invalid user deploy from 192.109.200.78 port 37806 ssh2
Jun 23 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Connection closed by 192.109.200.78 port 37806 [preauth]
Jun 23 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Invalid user ec2-user from 192.109.200.78
Jun 23 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: input_userauth_request: invalid user ec2-user [preauth]
Jun 23 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Failed password for invalid user ec2-user from 192.109.200.78 port 37828 ssh2
Jun 23 17:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Connection closed by 192.109.200.78 port 37828 [preauth]
Jun 23 17:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Invalid user newuser from 192.109.200.78
Jun 23 17:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: input_userauth_request: invalid user newuser [preauth]
Jun 23 17:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Failed password for invalid user newuser from 192.109.200.78 port 34512 ssh2
Jun 23 17:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Connection closed by 192.109.200.78 port 34512 [preauth]
Jun 23 17:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13362]: Invalid user gd from 192.109.200.78
Jun 23 17:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13362]: input_userauth_request: invalid user gd [preauth]
Jun 23 17:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13362]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13362]: Failed password for invalid user gd from 192.109.200.78 port 34514 ssh2
Jun 23 17:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13362]: Connection closed by 192.109.200.78 port 34514 [preauth]
Jun 23 17:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Invalid user user from 192.109.200.78
Jun 23 17:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: input_userauth_request: invalid user user [preauth]
Jun 23 17:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Failed password for invalid user user from 192.109.200.78 port 34516 ssh2
Jun 23 17:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Connection closed by 192.109.200.78 port 34516 [preauth]
Jun 23 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Invalid user ducc0x from 192.109.200.78
Jun 23 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: input_userauth_request: invalid user ducc0x [preauth]
Jun 23 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11987]: pam_unix(cron:session): session closed for user root
Jun 23 17:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Failed password for invalid user ducc0x from 192.109.200.78 port 37174 ssh2
Jun 23 17:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Connection closed by 192.109.200.78 port 37174 [preauth]
Jun 23 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: Invalid user hu from 192.109.200.78
Jun 23 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: input_userauth_request: invalid user hu [preauth]
Jun 23 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.109.200.78
Jun 23 17:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: Failed password for invalid user hu from 192.109.200.78 port 37180 ssh2
Jun 23 17:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: Connection closed by 192.109.200.78 port 37180 [preauth]
Jun 23 17:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: Invalid user bilet from 181.188.148.74
Jun 23 17:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: input_userauth_request: invalid user bilet [preauth]
Jun 23 17:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: Failed password for invalid user bilet from 181.188.148.74 port 54110 ssh2
Jun 23 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: Received disconnect from 181.188.148.74 port 54110:11: Bye Bye [preauth]
Jun 23 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: Disconnected from 181.188.148.74 port 54110 [preauth]
Jun 23 17:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Invalid user admin from 91.92.40.11
Jun 23 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 17:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Failed password for invalid user admin from 91.92.40.11 port 58614 ssh2
Jun 23 17:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Connection closed by 91.92.40.11 port 58614 [preauth]
Jun 23 17:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: Failed password for root from 103.77.175.15 port 36928 ssh2
Jun 23 17:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: Connection closed by 103.77.175.15 port 36928 [preauth]
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13466]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13536]: Successful su for rubyman by root
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13536]: + ??? root:rubyman
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578699 of user rubyman.
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13536]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578699.
Jun 23 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10510]: pam_unix(cron:session): session closed for user root
Jun 23 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13467]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: Invalid user admin from 141.98.83.240
Jun 23 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: Failed password for invalid user admin from 141.98.83.240 port 65298 ssh2
Jun 23 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 17:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: Failed password for invalid user admin from 141.98.83.240 port 65298 ssh2
Jun 23 17:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Failed password for root from 193.24.211.107 port 43269 ssh2
Jun 23 17:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Received disconnect from 193.24.211.107 port 43269:11: Client disconnecting normally [preauth]
Jun 23 17:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Disconnected from 193.24.211.107 port 43269 [preauth]
Jun 23 17:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: Failed password for invalid user admin from 141.98.83.240 port 65298 ssh2
Jun 23 17:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: Connection closed by 141.98.83.240 port 65298 [preauth]
Jun 23 17:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session closed for user root
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13881]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13952]: Successful su for rubyman by root
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13952]: + ??? root:rubyman
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578702 of user rubyman.
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13952]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578702.
Jun 23 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11023]: pam_unix(cron:session): session closed for user root
Jun 23 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13882]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Invalid user admin from 91.92.40.11
Jun 23 17:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Failed password for invalid user admin from 91.92.40.11 port 47216 ssh2
Jun 23 17:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Connection closed by 91.92.40.11 port 47216 [preauth]
Jun 23 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12999]: pam_unix(cron:session): session closed for user root
Jun 23 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14279]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14338]: Successful su for rubyman by root
Jun 23 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14338]: + ??? root:rubyman
Jun 23 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578707 of user rubyman.
Jun 23 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14338]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578707.
Jun 23 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11495]: pam_unix(cron:session): session closed for user root
Jun 23 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14280]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Invalid user kemahasiswaan from 181.188.148.74
Jun 23 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: input_userauth_request: invalid user kemahasiswaan [preauth]
Jun 23 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Failed password for invalid user kemahasiswaan from 181.188.148.74 port 37646 ssh2
Jun 23 17:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Received disconnect from 181.188.148.74 port 37646:11: Bye Bye [preauth]
Jun 23 17:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Disconnected from 181.188.148.74 port 37646 [preauth]
Jun 23 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13469]: pam_unix(cron:session): session closed for user root
Jun 23 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: Invalid user admin from 91.92.40.11
Jun 23 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: Failed password for invalid user admin from 91.92.40.11 port 59340 ssh2
Jun 23 17:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: Connection closed by 91.92.40.11 port 59340 [preauth]
Jun 23 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14716]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14819]: Successful su for rubyman by root
Jun 23 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14819]: + ??? root:rubyman
Jun 23 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578710 of user rubyman.
Jun 23 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14819]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578710.
Jun 23 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11986]: pam_unix(cron:session): session closed for user root
Jun 23 17:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15036]: Invalid user ubnt from 45.148.10.121
Jun 23 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15036]: input_userauth_request: invalid user ubnt [preauth]
Jun 23 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15036]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15036]: Failed password for invalid user ubnt from 45.148.10.121 port 56264 ssh2
Jun 23 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15036]: Connection closed by 45.148.10.121 port 56264 [preauth]
Jun 23 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13884]: pam_unix(cron:session): session closed for user root
Jun 23 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 17:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: Failed password for root from 103.27.238.120 port 48532 ssh2
Jun 23 17:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: Connection closed by 103.27.238.120 port 48532 [preauth]
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session closed for user root
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15160]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15237]: Successful su for rubyman by root
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15237]: + ??? root:rubyman
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578715 of user rubyman.
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15237]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578715.
Jun 23 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session closed for user root
Jun 23 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Invalid user admin from 91.92.40.11
Jun 23 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session closed for user root
Jun 23 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Failed password for invalid user admin from 91.92.40.11 port 49530 ssh2
Jun 23 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Connection closed by 91.92.40.11 port 49530 [preauth]
Jun 23 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session closed for user root
Jun 23 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: Invalid user adimg from 181.188.148.74
Jun 23 17:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: input_userauth_request: invalid user adimg [preauth]
Jun 23 17:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: Failed password for invalid user adimg from 181.188.148.74 port 39166 ssh2
Jun 23 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: Received disconnect from 181.188.148.74 port 39166:11: Bye Bye [preauth]
Jun 23 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15556]: Disconnected from 181.188.148.74 port 39166 [preauth]
Jun 23 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: Successful su for rubyman by root
Jun 23 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: + ??? root:rubyman
Jun 23 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578722 of user rubyman.
Jun 23 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578722.
Jun 23 17:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session closed for user root
Jun 23 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session closed for user root
Jun 23 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Invalid user admin from 91.92.40.11
Jun 23 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Failed password for invalid user admin from 91.92.40.11 port 46504 ssh2
Jun 23 17:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Connection closed by 91.92.40.11 port 46504 [preauth]
Jun 23 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15980]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16039]: Successful su for rubyman by root
Jun 23 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16039]: + ??? root:rubyman
Jun 23 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578725 of user rubyman.
Jun 23 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16039]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578725.
Jun 23 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13468]: pam_unix(cron:session): session closed for user root
Jun 23 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15981]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session closed for user root
Jun 23 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16370]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16430]: Successful su for rubyman by root
Jun 23 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16430]: + ??? root:rubyman
Jun 23 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578728 of user rubyman.
Jun 23 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16430]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578728.
Jun 23 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session closed for user root
Jun 23 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: Invalid user admin from 91.92.40.11
Jun 23 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: input_userauth_request: invalid user admin [preauth]
Jun 23 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16371]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: Failed password for invalid user admin from 91.92.40.11 port 39684 ssh2
Jun 23 17:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: Connection closed by 91.92.40.11 port 39684 [preauth]
Jun 23 17:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Invalid user data1 from 181.188.148.74
Jun 23 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: input_userauth_request: invalid user data1 [preauth]
Jun 23 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Failed password for invalid user data1 from 181.188.148.74 port 36624 ssh2
Jun 23 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Received disconnect from 181.188.148.74 port 36624:11: Bye Bye [preauth]
Jun 23 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Disconnected from 181.188.148.74 port 36624 [preauth]
Jun 23 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session closed for user root
Jun 23 17:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16770]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16836]: Successful su for rubyman by root
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16836]: + ??? root:rubyman
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578732 of user rubyman.
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16836]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578732.
Jun 23 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Failed password for root from 77.94.47.83 port 42886 ssh2
Jun 23 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Connection closed by 77.94.47.83 port 42886 [preauth]
Jun 23 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session closed for user root
Jun 23 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16771]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Invalid user admin1 from 91.92.40.11
Jun 23 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15983]: pam_unix(cron:session): session closed for user root
Jun 23 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Failed password for invalid user admin1 from 91.92.40.11 port 48002 ssh2
Jun 23 17:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Connection closed by 91.92.40.11 port 48002 [preauth]
Jun 23 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 23 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:93.174.95.106
Jun 23 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17271]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session closed for user root
Jun 23 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17342]: Successful su for rubyman by root
Jun 23 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17342]: + ??? root:rubyman
Jun 23 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578736 of user rubyman.
Jun 23 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17342]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578736.
Jun 23 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17270]: pam_unix(cron:session): session closed for user root
Jun 23 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14718]: pam_unix(cron:session): session closed for user root
Jun 23 17:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17269]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session closed for user root
Jun 23 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Invalid user quebec from 181.188.148.74
Jun 23 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: input_userauth_request: invalid user quebec [preauth]
Jun 23 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Failed password for invalid user quebec from 181.188.148.74 port 35464 ssh2
Jun 23 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Received disconnect from 181.188.148.74 port 35464:11: Bye Bye [preauth]
Jun 23 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Disconnected from 181.188.148.74 port 35464 [preauth]
Jun 23 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: Invalid user admin1 from 91.92.40.11
Jun 23 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17798]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: Failed password for invalid user admin1 from 91.92.40.11 port 53214 ssh2
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17876]: Successful su for rubyman by root
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17876]: + ??? root:rubyman
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578743 of user rubyman.
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17876]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578743.
Jun 23 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17793]: Connection closed by 91.92.40.11 port 53214 [preauth]
Jun 23 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session closed for user root
Jun 23 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17799]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16773]: pam_unix(cron:session): session closed for user root
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18309]: Successful su for rubyman by root
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18309]: + ??? root:rubyman
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578748 of user rubyman.
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18309]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578748.
Jun 23 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session closed for user root
Jun 23 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Invalid user admin1 from 91.92.40.11
Jun 23 17:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 17:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Failed password for invalid user admin1 from 91.92.40.11 port 57172 ssh2
Jun 23 17:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Connection closed by 91.92.40.11 port 57172 [preauth]
Jun 23 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session closed for user root
Jun 23 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18738]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18807]: Successful su for rubyman by root
Jun 23 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18807]: + ??? root:rubyman
Jun 23 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578751 of user rubyman.
Jun 23 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18807]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578751.
Jun 23 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15982]: pam_unix(cron:session): session closed for user root
Jun 23 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19023]: Invalid user vsp from 181.188.148.74
Jun 23 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19023]: input_userauth_request: invalid user vsp [preauth]
Jun 23 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19023]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19023]: Failed password for invalid user vsp from 181.188.148.74 port 48678 ssh2
Jun 23 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19023]: Received disconnect from 181.188.148.74 port 48678:11: Bye Bye [preauth]
Jun 23 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19023]: Disconnected from 181.188.148.74 port 48678 [preauth]
Jun 23 17:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17801]: pam_unix(cron:session): session closed for user root
Jun 23 17:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 17:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Invalid user admin1 from 91.92.40.11
Jun 23 17:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 17:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 17:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 17:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Failed password for invalid user admin1 from 91.92.40.11 port 47372 ssh2
Jun 23 17:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Connection closed by 91.92.40.11 port 47372 [preauth]
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19247]: pam_unix(cron:session): session closed for user p13x
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: Successful su for rubyman by root
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: + ??? root:rubyman
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578755 of user rubyman.
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19309]: pam_unix(su:session): session closed for user rubyman
Jun 23 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578755.
Jun 23 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session closed for user root
Jun 23 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19248]: pam_unix(cron:session): session closed for user samftp
Jun 23 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session closed for user root
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session closed for user root
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19869]: pam_unix(cron:session): session closed for user root
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19867]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19958]: Successful su for rubyman by root
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19958]: + ??? root:rubyman
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578762 of user rubyman.
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19958]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578762.
Jun 23 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19870]: pam_unix(cron:session): session closed for user root
Jun 23 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16772]: pam_unix(cron:session): session closed for user root
Jun 23 18:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19868]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Invalid user admin1 from 91.92.40.11
Jun 23 18:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 18:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Failed password for invalid user admin1 from 91.92.40.11 port 46186 ssh2
Jun 23 18:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Connection closed by 91.92.40.11 port 46186 [preauth]
Jun 23 18:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18741]: pam_unix(cron:session): session closed for user root
Jun 23 18:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: Invalid user hc from 181.188.148.74
Jun 23 18:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: input_userauth_request: invalid user hc [preauth]
Jun 23 18:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 18:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: Failed password for invalid user hc from 181.188.148.74 port 60264 ssh2
Jun 23 18:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: Received disconnect from 181.188.148.74 port 60264:11: Bye Bye [preauth]
Jun 23 18:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20415]: Disconnected from 181.188.148.74 port 60264 [preauth]
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20473]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20538]: Successful su for rubyman by root
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20538]: + ??? root:rubyman
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578765 of user rubyman.
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20538]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578765.
Jun 23 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17271]: pam_unix(cron:session): session closed for user root
Jun 23 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19251]: pam_unix(cron:session): session closed for user root
Jun 23 18:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: Invalid user administrator from 91.92.40.11
Jun 23 18:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: input_userauth_request: invalid user administrator [preauth]
Jun 23 18:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: Received disconnect from 45.11.57.172 port 53558:11: disconnected by user [preauth]
Jun 23 18:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: Disconnected from 45.11.57.172 port 53558 [preauth]
Jun 23 18:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: Failed password for invalid user administrator from 91.92.40.11 port 55860 ssh2
Jun 23 18:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: Connection closed by 91.92.40.11 port 55860 [preauth]
Jun 23 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21035]: Successful su for rubyman by root
Jun 23 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21035]: + ??? root:rubyman
Jun 23 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578769 of user rubyman.
Jun 23 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21035]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578769.
Jun 23 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17800]: pam_unix(cron:session): session closed for user root
Jun 23 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Received disconnect from 121.78.125.123 port 46556:11: disconnected by user [preauth]
Jun 23 18:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Disconnected from 121.78.125.123 port 46556 [preauth]
Jun 23 18:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19872]: pam_unix(cron:session): session closed for user root
Jun 23 18:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 18:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21337]: Failed password for root from 147.45.199.80 port 42144 ssh2
Jun 23 18:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21337]: Connection closed by 147.45.199.80 port 42144 [preauth]
Jun 23 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: Successful su for rubyman by root
Jun 23 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: + ??? root:rubyman
Jun 23 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578774 of user rubyman.
Jun 23 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578774.
Jun 23 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session closed for user root
Jun 23 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21658]: Invalid user administrator from 91.92.40.11
Jun 23 18:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21658]: input_userauth_request: invalid user administrator [preauth]
Jun 23 18:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21658]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Invalid user a from 181.188.148.74
Jun 23 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: input_userauth_request: invalid user a [preauth]
Jun 23 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 18:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21658]: Failed password for invalid user administrator from 91.92.40.11 port 39500 ssh2
Jun 23 18:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21658]: Connection closed by 91.92.40.11 port 39500 [preauth]
Jun 23 18:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Failed password for invalid user a from 181.188.148.74 port 37960 ssh2
Jun 23 18:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Received disconnect from 181.188.148.74 port 37960:11: Bye Bye [preauth]
Jun 23 18:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Disconnected from 181.188.148.74 port 37960 [preauth]
Jun 23 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session closed for user root
Jun 23 18:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21823]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21888]: Successful su for rubyman by root
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21888]: + ??? root:rubyman
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578778 of user rubyman.
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21888]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578778.
Jun 23 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: Failed password for root from 51.250.105.222 port 35842 ssh2
Jun 23 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: Connection closed by 51.250.105.222 port 35842 [preauth]
Jun 23 18:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18740]: pam_unix(cron:session): session closed for user root
Jun 23 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20972]: pam_unix(cron:session): session closed for user root
Jun 23 18:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22171]: Invalid user administrator from 91.92.40.11
Jun 23 18:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22171]: input_userauth_request: invalid user administrator [preauth]
Jun 23 18:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22171]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22171]: Failed password for invalid user administrator from 91.92.40.11 port 55042 ssh2
Jun 23 18:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22171]: Connection closed by 91.92.40.11 port 55042 [preauth]
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session closed for user root
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22226]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22302]: Successful su for rubyman by root
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22302]: + ??? root:rubyman
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578783 of user rubyman.
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22302]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578783.
Jun 23 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19250]: pam_unix(cron:session): session closed for user root
Jun 23 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22228]: pam_unix(cron:session): session closed for user root
Jun 23 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session closed for user root
Jun 23 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Invalid user webcalendar from 181.188.148.74
Jun 23 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: input_userauth_request: invalid user webcalendar [preauth]
Jun 23 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Failed password for invalid user webcalendar from 181.188.148.74 port 59580 ssh2
Jun 23 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Received disconnect from 181.188.148.74 port 59580:11: Bye Bye [preauth]
Jun 23 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Disconnected from 181.188.148.74 port 59580 [preauth]
Jun 23 18:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 18:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22724]: Failed password for root from 103.172.78.219 port 51144 ssh2
Jun 23 18:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22724]: Connection closed by 103.172.78.219 port 51144 [preauth]
Jun 23 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22753]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22829]: Successful su for rubyman by root
Jun 23 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22829]: + ??? root:rubyman
Jun 23 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578787 of user rubyman.
Jun 23 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22829]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578787.
Jun 23 18:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19871]: pam_unix(cron:session): session closed for user root
Jun 23 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22754]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: Invalid user administrator from 91.92.40.11
Jun 23 18:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: input_userauth_request: invalid user administrator [preauth]
Jun 23 18:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: Failed password for invalid user administrator from 91.92.40.11 port 58820 ssh2
Jun 23 18:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23014]: Connection closed by 91.92.40.11 port 58820 [preauth]
Jun 23 18:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Invalid user admin from 2.57.121.25
Jun 23 18:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: input_userauth_request: invalid user admin [preauth]
Jun 23 18:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 18:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Failed password for invalid user admin from 2.57.121.25 port 39228 ssh2
Jun 23 18:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Failed password for invalid user admin from 2.57.121.25 port 39228 ssh2
Jun 23 18:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Failed password for invalid user admin from 2.57.121.25 port 39228 ssh2
Jun 23 18:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Connection closed by 2.57.121.25 port 39228 [preauth]
Jun 23 18:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 18:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Connection reset by 45.148.10.151 port 49284 [preauth]
Jun 23 18:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21826]: pam_unix(cron:session): session closed for user root
Jun 23 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23163]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23234]: Successful su for rubyman by root
Jun 23 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23234]: + ??? root:rubyman
Jun 23 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578792 of user rubyman.
Jun 23 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23234]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578792.
Jun 23 18:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20475]: pam_unix(cron:session): session closed for user root
Jun 23 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23164]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 18:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: Failed password for root from 103.176.20.57 port 58706 ssh2
Jun 23 18:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: Connection closed by 103.176.20.57 port 58706 [preauth]
Jun 23 18:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session closed for user root
Jun 23 18:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: Invalid user administrator from 91.92.40.11
Jun 23 18:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: input_userauth_request: invalid user administrator [preauth]
Jun 23 18:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: Failed password for invalid user administrator from 91.92.40.11 port 37910 ssh2
Jun 23 18:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: Connection closed by 91.92.40.11 port 37910 [preauth]
Jun 23 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23588]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23656]: Successful su for rubyman by root
Jun 23 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23656]: + ??? root:rubyman
Jun 23 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578797 of user rubyman.
Jun 23 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23656]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578797.
Jun 23 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session closed for user root
Jun 23 18:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23589]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: Invalid user marge from 181.188.148.74
Jun 23 18:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: input_userauth_request: invalid user marge [preauth]
Jun 23 18:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 18:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: Failed password for invalid user marge from 181.188.148.74 port 37562 ssh2
Jun 23 18:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: Received disconnect from 181.188.148.74 port 37562:11: Bye Bye [preauth]
Jun 23 18:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: Disconnected from 181.188.148.74 port 37562 [preauth]
Jun 23 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session closed for user root
Jun 23 18:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 18:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: Failed password for root from 103.82.132.16 port 60706 ssh2
Jun 23 18:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: Connection closed by 103.82.132.16 port 60706 [preauth]
Jun 23 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24110]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24246]: Successful su for rubyman by root
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24246]: + ??? root:rubyman
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578800 of user rubyman.
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24246]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578800.
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24107]: pam_unix(cron:session): session closed for user root
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: Invalid user coyote from 117.33.242.180
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: input_userauth_request: invalid user coyote [preauth]
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.33.242.180
Jun 23 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session closed for user root
Jun 23 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: Failed password for invalid user coyote from 117.33.242.180 port 33646 ssh2
Jun 23 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: Received disconnect from 117.33.242.180 port 33646:11: Bye Bye [preauth]
Jun 23 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24222]: Disconnected from 117.33.242.180 port 33646 [preauth]
Jun 23 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Invalid user administrator from 91.92.40.11
Jun 23 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: input_userauth_request: invalid user administrator [preauth]
Jun 23 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24111]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Failed password for invalid user administrator from 91.92.40.11 port 42784 ssh2
Jun 23 18:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Connection closed by 91.92.40.11 port 42784 [preauth]
Jun 23 18:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.24.211.107  user=root
Jun 23 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Failed password for root from 193.24.211.107 port 28572 ssh2
Jun 23 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Received disconnect from 193.24.211.107 port 28572:11: Client disconnecting normally [preauth]
Jun 23 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Disconnected from 193.24.211.107 port 28572 [preauth]
Jun 23 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23167]: pam_unix(cron:session): session closed for user root
Jun 23 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24648]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24649]: pam_unix(cron:session): session closed for user root
Jun 23 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24722]: Successful su for rubyman by root
Jun 23 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24722]: + ??? root:rubyman
Jun 23 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578805 of user rubyman.
Jun 23 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24722]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578805.
Jun 23 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session closed for user root
Jun 23 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session closed for user root
Jun 23 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Invalid user apache from 91.92.40.11
Jun 23 18:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: input_userauth_request: invalid user apache [preauth]
Jun 23 18:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Failed password for invalid user apache from 91.92.40.11 port 58778 ssh2
Jun 23 18:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Connection closed by 91.92.40.11 port 58778 [preauth]
Jun 23 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23591]: pam_unix(cron:session): session closed for user root
Jun 23 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Invalid user gz from 181.188.148.74
Jun 23 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: input_userauth_request: invalid user gz [preauth]
Jun 23 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 18:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Failed password for invalid user gz from 181.188.148.74 port 50836 ssh2
Jun 23 18:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Received disconnect from 181.188.148.74 port 50836:11: Bye Bye [preauth]
Jun 23 18:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Disconnected from 181.188.148.74 port 50836 [preauth]
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25083]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25148]: Successful su for rubyman by root
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25148]: + ??? root:rubyman
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578810 of user rubyman.
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25148]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578810.
Jun 23 18:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22229]: pam_unix(cron:session): session closed for user root
Jun 23 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25084]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24113]: pam_unix(cron:session): session closed for user root
Jun 23 18:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25425]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 18:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25425]: Received disconnect from 141.95.34.214 port 54282:11: disconnected by user [preauth]
Jun 23 18:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25425]: Disconnected from 141.95.34.214 port 54282 [preauth]
Jun 23 18:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: User backup from 91.92.40.11 not allowed because not listed in AllowUsers
Jun 23 18:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: input_userauth_request: invalid user backup [preauth]
Jun 23 18:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=backup
Jun 23 18:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: Failed password for invalid user backup from 91.92.40.11 port 50990 ssh2
Jun 23 18:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: Connection closed by 91.92.40.11 port 50990 [preauth]
Jun 23 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25490]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25552]: Successful su for rubyman by root
Jun 23 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25552]: + ??? root:rubyman
Jun 23 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578816 of user rubyman.
Jun 23 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25552]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578816.
Jun 23 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session closed for user root
Jun 23 18:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25491]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24648]: pam_unix(cron:session): session closed for user root
Jun 23 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.65.194.164 port 32786
Jun 23 18:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Connection closed by 20.65.194.164 port 32782 [preauth]
Jun 23 18:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25881]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25941]: Successful su for rubyman by root
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25941]: + ??? root:rubyman
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578818 of user rubyman.
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25941]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578818.
Jun 23 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Invalid user conference from 181.188.148.74
Jun 23 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: input_userauth_request: invalid user conference [preauth]
Jun 23 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Failed password for invalid user conference from 181.188.148.74 port 39690 ssh2
Jun 23 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Received disconnect from 181.188.148.74 port 39690:11: Bye Bye [preauth]
Jun 23 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Disconnected from 181.188.148.74 port 39690 [preauth]
Jun 23 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23166]: pam_unix(cron:session): session closed for user root
Jun 23 18:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25882]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: User backup from 91.92.40.11 not allowed because not listed in AllowUsers
Jun 23 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: input_userauth_request: invalid user backup [preauth]
Jun 23 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=backup
Jun 23 18:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Failed password for invalid user backup from 91.92.40.11 port 40556 ssh2
Jun 23 18:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Connection closed by 91.92.40.11 port 40556 [preauth]
Jun 23 18:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25086]: pam_unix(cron:session): session closed for user root
Jun 23 18:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 18:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: Failed password for root from 38.93.206.2 port 65158 ssh2
Jun 23 18:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: Connection closed by 38.93.206.2 port 65158 [preauth]
Jun 23 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26274]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26340]: Successful su for rubyman by root
Jun 23 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26340]: + ??? root:rubyman
Jun 23 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578822 of user rubyman.
Jun 23 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26340]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578822.
Jun 23 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23590]: pam_unix(cron:session): session closed for user root
Jun 23 18:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26275]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: Invalid user admin from 193.46.255.86
Jun 23 18:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: input_userauth_request: invalid user admin [preauth]
Jun 23 18:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 18:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: Failed password for invalid user admin from 193.46.255.86 port 5334 ssh2
Jun 23 18:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: Failed password for invalid user admin from 193.46.255.86 port 5334 ssh2
Jun 23 18:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: Failed password for invalid user admin from 193.46.255.86 port 5334 ssh2
Jun 23 18:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: Connection closed by 193.46.255.86 port 5334 [preauth]
Jun 23 18:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26523]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 18:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 18:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: Failed password for root from 87.251.79.125 port 50006 ssh2
Jun 23 18:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: Connection closed by 87.251.79.125 port 50006 [preauth]
Jun 23 18:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25493]: pam_unix(cron:session): session closed for user root
Jun 23 18:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 18:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: User backup from 91.92.40.11 not allowed because not listed in AllowUsers
Jun 23 18:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: input_userauth_request: invalid user backup [preauth]
Jun 23 18:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=backup
Jun 23 18:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Failed password for root from 176.32.39.21 port 42924 ssh2
Jun 23 18:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Connection closed by 176.32.39.21 port 42924 [preauth]
Jun 23 18:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: Failed password for invalid user backup from 91.92.40.11 port 47486 ssh2
Jun 23 18:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: Connection closed by 91.92.40.11 port 47486 [preauth]
Jun 23 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26774]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26774]: pam_unix(cron:session): session closed for user root
Jun 23 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26769]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26836]: Successful su for rubyman by root
Jun 23 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26836]: + ??? root:rubyman
Jun 23 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578827 of user rubyman.
Jun 23 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26836]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578827.
Jun 23 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26771]: pam_unix(cron:session): session closed for user root
Jun 23 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session closed for user root
Jun 23 18:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26770]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: Invalid user dba from 181.188.148.74
Jun 23 18:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: input_userauth_request: invalid user dba [preauth]
Jun 23 18:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 18:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: Failed password for invalid user dba from 181.188.148.74 port 50940 ssh2
Jun 23 18:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: Received disconnect from 181.188.148.74 port 50940:11: Bye Bye [preauth]
Jun 23 18:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: Disconnected from 181.188.148.74 port 50940 [preauth]
Jun 23 18:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25884]: pam_unix(cron:session): session closed for user root
Jun 23 18:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Invalid user user from 141.98.83.240
Jun 23 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: input_userauth_request: invalid user user [preauth]
Jun 23 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 18:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Failed password for invalid user user from 141.98.83.240 port 53444 ssh2
Jun 23 18:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Failed password for invalid user user from 141.98.83.240 port 53444 ssh2
Jun 23 18:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Failed password for invalid user user from 141.98.83.240 port 53444 ssh2
Jun 23 18:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Connection closed by 141.98.83.240 port 53444 [preauth]
Jun 23 18:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27198]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27280]: Successful su for rubyman by root
Jun 23 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27280]: + ??? root:rubyman
Jun 23 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578833 of user rubyman.
Jun 23 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27280]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578833.
Jun 23 18:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24642]: pam_unix(cron:session): session closed for user root
Jun 23 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27199]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: User daemon from 91.92.40.11 not allowed because not listed in AllowUsers
Jun 23 18:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: input_userauth_request: invalid user daemon [preauth]
Jun 23 18:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=daemon
Jun 23 18:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: Failed password for invalid user daemon from 91.92.40.11 port 49198 ssh2
Jun 23 18:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: Connection closed by 91.92.40.11 port 49198 [preauth]
Jun 23 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26278]: pam_unix(cron:session): session closed for user root
Jun 23 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27623]: pam_unix(cron:session): session closed for user root
Jun 23 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27626]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27686]: Successful su for rubyman by root
Jun 23 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27686]: + ??? root:rubyman
Jun 23 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578837 of user rubyman.
Jun 23 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27686]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578837.
Jun 23 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25085]: pam_unix(cron:session): session closed for user root
Jun 23 18:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27627]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 18:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Failed password for root from 103.27.238.114 port 43802 ssh2
Jun 23 18:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Connection closed by 103.27.238.114 port 43802 [preauth]
Jun 23 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26773]: pam_unix(cron:session): session closed for user root
Jun 23 18:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: User daemon from 91.92.40.11 not allowed because not listed in AllowUsers
Jun 23 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: input_userauth_request: invalid user daemon [preauth]
Jun 23 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11  user=daemon
Jun 23 18:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: Failed password for invalid user daemon from 91.92.40.11 port 46412 ssh2
Jun 23 18:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: Connection closed by 91.92.40.11 port 46412 [preauth]
Jun 23 18:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Invalid user xian from 181.188.148.74
Jun 23 18:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: input_userauth_request: invalid user xian [preauth]
Jun 23 18:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.148.74
Jun 23 18:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Failed password for invalid user xian from 181.188.148.74 port 43148 ssh2
Jun 23 18:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Received disconnect from 181.188.148.74 port 43148:11: Bye Bye [preauth]
Jun 23 18:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Disconnected from 181.188.148.74 port 43148 [preauth]
Jun 23 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: Successful su for rubyman by root
Jun 23 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: + ??? root:rubyman
Jun 23 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578841 of user rubyman.
Jun 23 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578841.
Jun 23 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25492]: pam_unix(cron:session): session closed for user root
Jun 23 18:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27201]: pam_unix(cron:session): session closed for user root
Jun 23 18:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28479]: Connection closed by 45.148.10.121 port 32892 [preauth]
Jun 23 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28490]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28559]: Successful su for rubyman by root
Jun 23 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28559]: + ??? root:rubyman
Jun 23 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578846 of user rubyman.
Jun 23 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28559]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578846.
Jun 23 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25883]: pam_unix(cron:session): session closed for user root
Jun 23 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28493]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Invalid user debian from 91.92.40.11
Jun 23 18:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Failed password for invalid user debian from 91.92.40.11 port 38514 ssh2
Jun 23 18:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Connection closed by 91.92.40.11 port 38514 [preauth]
Jun 23 18:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27629]: pam_unix(cron:session): session closed for user root
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29008]: pam_unix(cron:session): session closed for user root
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: Successful su for rubyman by root
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: + ??? root:rubyman
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578849 of user rubyman.
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578849.
Jun 23 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29002]: pam_unix(cron:session): session closed for user root
Jun 23 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26277]: pam_unix(cron:session): session closed for user root
Jun 23 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28046]: pam_unix(cron:session): session closed for user root
Jun 23 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Invalid user debian from 91.92.40.11
Jun 23 18:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Failed password for invalid user debian from 91.92.40.11 port 43072 ssh2
Jun 23 18:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Connection closed by 91.92.40.11 port 43072 [preauth]
Jun 23 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29457]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29621]: Successful su for rubyman by root
Jun 23 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29621]: + ??? root:rubyman
Jun 23 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578855 of user rubyman.
Jun 23 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29621]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578855.
Jun 23 18:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26772]: pam_unix(cron:session): session closed for user root
Jun 23 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29458]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Received disconnect from 50.7.127.99 port 5708:11: disconnected by user [preauth]
Jun 23 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Disconnected from 50.7.127.99 port 5708 [preauth]
Jun 23 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28495]: pam_unix(cron:session): session closed for user root
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29997]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30062]: Successful su for rubyman by root
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30062]: + ??? root:rubyman
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578859 of user rubyman.
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30062]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578859.
Jun 23 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27200]: pam_unix(cron:session): session closed for user root
Jun 23 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29998]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 23 18:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: Invalid user debian from 91.92.40.11
Jun 23 18:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: Failed password for root from 103.77.242.62 port 57682 ssh2
Jun 23 18:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: Connection closed by 103.77.242.62 port 57682 [preauth]
Jun 23 18:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: Failed password for invalid user debian from 91.92.40.11 port 57902 ssh2
Jun 23 18:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: Connection closed by 91.92.40.11 port 57902 [preauth]
Jun 23 18:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Invalid user averie from 2.57.121.112
Jun 23 18:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: input_userauth_request: invalid user averie [preauth]
Jun 23 18:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 18:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for invalid user averie from 2.57.121.112 port 24542 ssh2
Jun 23 18:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for invalid user averie from 2.57.121.112 port 24542 ssh2
Jun 23 18:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for invalid user averie from 2.57.121.112 port 24542 ssh2
Jun 23 18:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for invalid user averie from 2.57.121.112 port 24542 ssh2
Jun 23 18:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for invalid user averie from 2.57.121.112 port 24542 ssh2
Jun 23 18:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Connection closed by 2.57.121.112 port 24542 [preauth]
Jun 23 18:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 18:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 18:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29005]: pam_unix(cron:session): session closed for user root
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30478]: Successful su for rubyman by root
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30478]: + ??? root:rubyman
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578863 of user rubyman.
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30478]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578863.
Jun 23 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27628]: pam_unix(cron:session): session closed for user root
Jun 23 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29460]: pam_unix(cron:session): session closed for user root
Jun 23 18:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30771]: Invalid user debian from 91.92.40.11
Jun 23 18:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30771]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30771]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30771]: Failed password for invalid user debian from 91.92.40.11 port 35606 ssh2
Jun 23 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30771]: Connection closed by 91.92.40.11 port 35606 [preauth]
Jun 23 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30838]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30911]: Successful su for rubyman by root
Jun 23 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30911]: + ??? root:rubyman
Jun 23 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578867 of user rubyman.
Jun 23 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30911]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578867.
Jun 23 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session closed for user root
Jun 23 18:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30839]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 18:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: Failed password for root from 103.82.20.28 port 44128 ssh2
Jun 23 18:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: Connection closed by 103.82.20.28 port 44128 [preauth]
Jun 23 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30000]: pam_unix(cron:session): session closed for user root
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session closed for user root
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31403]: Successful su for rubyman by root
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31403]: + ??? root:rubyman
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578871 of user rubyman.
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31403]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578871.
Jun 23 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session closed for user root
Jun 23 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28494]: pam_unix(cron:session): session closed for user root
Jun 23 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: Invalid user debian from 91.92.40.11
Jun 23 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: Failed password for invalid user debian from 91.92.40.11 port 56040 ssh2
Jun 23 18:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: Connection closed by 91.92.40.11 port 56040 [preauth]
Jun 23 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session closed for user root
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31863]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31939]: Successful su for rubyman by root
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31939]: + ??? root:rubyman
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578877 of user rubyman.
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31939]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578877.
Jun 23 18:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29003]: pam_unix(cron:session): session closed for user root
Jun 23 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31864]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32144]: Received disconnect from 195.26.87.217 port 24910:11: disconnected by user [preauth]
Jun 23 18:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32144]: Disconnected from 195.26.87.217 port 24910 [preauth]
Jun 23 18:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: Invalid user debian from 91.92.40.11
Jun 23 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: Failed password for invalid user debian from 91.92.40.11 port 48286 ssh2
Jun 23 18:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: Connection closed by 91.92.40.11 port 48286 [preauth]
Jun 23 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30842]: pam_unix(cron:session): session closed for user root
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32291]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32349]: Successful su for rubyman by root
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32349]: + ??? root:rubyman
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578883 of user rubyman.
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32349]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578883.
Jun 23 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29459]: pam_unix(cron:session): session closed for user root
Jun 23 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32292]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31335]: pam_unix(cron:session): session closed for user root
Jun 23 18:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Invalid user debian from 91.92.40.11
Jun 23 18:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Failed password for invalid user debian from 91.92.40.11 port 39710 ssh2
Jun 23 18:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Connection closed by 91.92.40.11 port 39710 [preauth]
Jun 23 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32703]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[300]: Successful su for rubyman by root
Jun 23 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[300]: + ??? root:rubyman
Jun 23 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578886 of user rubyman.
Jun 23 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[300]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578886.
Jun 23 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29999]: pam_unix(cron:session): session closed for user root
Jun 23 18:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32704]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31866]: pam_unix(cron:session): session closed for user root
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[855]: Successful su for rubyman by root
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[855]: + ??? root:rubyman
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578889 of user rubyman.
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[855]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578889.
Jun 23 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30415]: pam_unix(cron:session): session closed for user root
Jun 23 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[787]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Invalid user debian from 91.92.40.11
Jun 23 18:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Failed password for invalid user debian from 91.92.40.11 port 49144 ssh2
Jun 23 18:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Connection closed by 91.92.40.11 port 49144 [preauth]
Jun 23 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32294]: pam_unix(cron:session): session closed for user root
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1255]: pam_unix(cron:session): session closed for user root
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1249]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: Successful su for rubyman by root
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: + ??? root:rubyman
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578895 of user rubyman.
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578895.
Jun 23 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1251]: pam_unix(cron:session): session closed for user root
Jun 23 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session closed for user root
Jun 23 18:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1250]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32706]: pam_unix(cron:session): session closed for user root
Jun 23 18:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Connection closed by 194.59.206.2 port 29168 [preauth]
Jun 23 18:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: Invalid user debian from 91.92.40.11
Jun 23 18:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: Failed password for invalid user debian from 91.92.40.11 port 53366 ssh2
Jun 23 18:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: Connection closed by 91.92.40.11 port 53366 [preauth]
Jun 23 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1831]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1913]: Successful su for rubyman by root
Jun 23 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1913]: + ??? root:rubyman
Jun 23 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578901 of user rubyman.
Jun 23 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1913]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578901.
Jun 23 18:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session closed for user root
Jun 23 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session closed for user root
Jun 23 18:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2319]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2386]: Successful su for rubyman by root
Jun 23 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2386]: + ??? root:rubyman
Jun 23 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578904 of user rubyman.
Jun 23 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2386]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578904.
Jun 23 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31865]: pam_unix(cron:session): session closed for user root
Jun 23 18:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2326]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Invalid user debian from 91.92.40.11
Jun 23 18:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Failed password for invalid user debian from 91.92.40.11 port 42316 ssh2
Jun 23 18:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Connection closed by 91.92.40.11 port 42316 [preauth]
Jun 23 18:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1254]: pam_unix(cron:session): session closed for user root
Jun 23 18:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Connection closed by 193.24.211.107 port 12440 [preauth]
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: Successful su for rubyman by root
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: + ??? root:rubyman
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578907 of user rubyman.
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2814]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578907.
Jun 23 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32293]: pam_unix(cron:session): session closed for user root
Jun 23 18:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2751]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1834]: pam_unix(cron:session): session closed for user root
Jun 23 18:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: Connection closed by 193.37.70.224 port 42044 [preauth]
Jun 23 18:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Invalid user debian from 91.92.40.11
Jun 23 18:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Failed password for invalid user debian from 91.92.40.11 port 41354 ssh2
Jun 23 18:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Connection closed by 91.92.40.11 port 41354 [preauth]
Jun 23 18:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 18:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: Failed password for root from 103.27.238.116 port 53670 ssh2
Jun 23 18:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: Connection closed by 103.27.238.116 port 53670 [preauth]
Jun 23 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3147]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3205]: Successful su for rubyman by root
Jun 23 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3205]: + ??? root:rubyman
Jun 23 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578911 of user rubyman.
Jun 23 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3205]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578911.
Jun 23 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32705]: pam_unix(cron:session): session closed for user root
Jun 23 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3148]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2328]: pam_unix(cron:session): session closed for user root
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3545]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3549]: pam_unix(cron:session): session closed for user root
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3539]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3610]: Successful su for rubyman by root
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3610]: + ??? root:rubyman
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578918 of user rubyman.
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3610]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578918.
Jun 23 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3545]: pam_unix(cron:session): session closed for user root
Jun 23 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session closed for user root
Jun 23 18:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3540]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Invalid user debian from 91.92.40.11
Jun 23 18:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Failed password for invalid user debian from 91.92.40.11 port 32838 ssh2
Jun 23 18:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Connection closed by 91.92.40.11 port 32838 [preauth]
Jun 23 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2753]: pam_unix(cron:session): session closed for user root
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4169]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: Successful su for rubyman by root
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: + ??? root:rubyman
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578924 of user rubyman.
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578924.
Jun 23 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1252]: pam_unix(cron:session): session closed for user root
Jun 23 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4172]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3150]: pam_unix(cron:session): session closed for user root
Jun 23 18:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: Invalid user debian from 91.92.40.11
Jun 23 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: Failed password for invalid user debian from 91.92.40.11 port 34372 ssh2
Jun 23 18:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: Connection closed by 91.92.40.11 port 34372 [preauth]
Jun 23 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4590]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4652]: Successful su for rubyman by root
Jun 23 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4652]: + ??? root:rubyman
Jun 23 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578926 of user rubyman.
Jun 23 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4652]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578926.
Jun 23 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1833]: pam_unix(cron:session): session closed for user root
Jun 23 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4591]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3547]: pam_unix(cron:session): session closed for user root
Jun 23 18:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: Failed password for root from 103.122.221.179 port 60914 ssh2
Jun 23 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: Connection closed by 103.122.221.179 port 60914 [preauth]
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5096]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: Successful su for rubyman by root
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: + ??? root:rubyman
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578930 of user rubyman.
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578930.
Jun 23 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2327]: pam_unix(cron:session): session closed for user root
Jun 23 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Invalid user debian from 91.92.40.11
Jun 23 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: input_userauth_request: invalid user debian [preauth]
Jun 23 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5097]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Failed password for invalid user debian from 91.92.40.11 port 34906 ssh2
Jun 23 18:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5316]: Connection closed by 91.92.40.11 port 34906 [preauth]
Jun 23 18:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: Received disconnect from 96.127.172.215 port 53626:11: disconnected by user [preauth]
Jun 23 18:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: Disconnected from 96.127.172.215 port 53626 [preauth]
Jun 23 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4174]: pam_unix(cron:session): session closed for user root
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5510]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: Successful su for rubyman by root
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: + ??? root:rubyman
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578935 of user rubyman.
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578935.
Jun 23 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5508]: pam_unix(cron:session): session closed for user root
Jun 23 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2752]: pam_unix(cron:session): session closed for user root
Jun 23 18:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5512]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Invalid user deploy from 91.92.40.11
Jun 23 18:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: input_userauth_request: invalid user deploy [preauth]
Jun 23 18:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Failed password for invalid user deploy from 91.92.40.11 port 41282 ssh2
Jun 23 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4593]: pam_unix(cron:session): session closed for user root
Jun 23 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Connection closed by 91.92.40.11 port 41282 [preauth]
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session closed for user root
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5993]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6059]: Successful su for rubyman by root
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6059]: + ??? root:rubyman
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578941 of user rubyman.
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6059]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578941.
Jun 23 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5995]: pam_unix(cron:session): session closed for user root
Jun 23 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3149]: pam_unix(cron:session): session closed for user root
Jun 23 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5994]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5099]: pam_unix(cron:session): session closed for user root
Jun 23 18:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Invalid user deploy from 91.92.40.11
Jun 23 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: input_userauth_request: invalid user deploy [preauth]
Jun 23 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6419]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Failed password for root from 147.45.211.215 port 41158 ssh2
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Connection closed by 147.45.211.215 port 41158 [preauth]
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: Successful su for rubyman by root
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: + ??? root:rubyman
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578944 of user rubyman.
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578944.
Jun 23 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Failed password for invalid user deploy from 91.92.40.11 port 49578 ssh2
Jun 23 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Connection closed by 91.92.40.11 port 49578 [preauth]
Jun 23 18:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session closed for user root
Jun 23 18:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5514]: pam_unix(cron:session): session closed for user root
Jun 23 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6831]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6900]: Successful su for rubyman by root
Jun 23 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6900]: + ??? root:rubyman
Jun 23 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578950 of user rubyman.
Jun 23 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6900]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578950.
Jun 23 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session closed for user root
Jun 23 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: Invalid user deploy from 91.92.40.11
Jun 23 18:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: input_userauth_request: invalid user deploy [preauth]
Jun 23 18:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: Failed password for invalid user deploy from 91.92.40.11 port 59938 ssh2
Jun 23 18:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7213]: Connection closed by 91.92.40.11 port 59938 [preauth]
Jun 23 18:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session closed for user root
Jun 23 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7332]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7397]: Successful su for rubyman by root
Jun 23 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7397]: + ??? root:rubyman
Jun 23 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578953 of user rubyman.
Jun 23 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7397]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578953.
Jun 23 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4592]: pam_unix(cron:session): session closed for user root
Jun 23 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7333]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session closed for user root
Jun 23 18:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: Invalid user deploy from 91.92.40.11
Jun 23 18:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: input_userauth_request: invalid user deploy [preauth]
Jun 23 18:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: Failed password for invalid user deploy from 91.92.40.11 port 45092 ssh2
Jun 23 18:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: Connection closed by 91.92.40.11 port 45092 [preauth]
Jun 23 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7825]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7882]: Successful su for rubyman by root
Jun 23 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7882]: + ??? root:rubyman
Jun 23 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578956 of user rubyman.
Jun 23 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7882]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578956.
Jun 23 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5098]: pam_unix(cron:session): session closed for user root
Jun 23 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7826]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: Connection closed by 194.113.233.25 port 53016 [preauth]
Jun 23 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session closed for user root
Jun 23 18:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: Invalid user admin from 141.98.83.240
Jun 23 18:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: input_userauth_request: invalid user admin [preauth]
Jun 23 18:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 18:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: Failed password for invalid user admin from 141.98.83.240 port 37366 ssh2
Jun 23 18:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: Failed password for invalid user admin from 141.98.83.240 port 37366 ssh2
Jun 23 18:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: Failed password for invalid user admin from 141.98.83.240 port 37366 ssh2
Jun 23 18:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: Connection closed by 141.98.83.240 port 37366 [preauth]
Jun 23 18:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8195]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8224]: pam_unix(cron:session): session closed for user root
Jun 23 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8219]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: Successful su for rubyman by root
Jun 23 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: + ??? root:rubyman
Jun 23 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578960 of user rubyman.
Jun 23 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8290]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578960.
Jun 23 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5513]: pam_unix(cron:session): session closed for user root
Jun 23 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8221]: pam_unix(cron:session): session closed for user root
Jun 23 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8220]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Invalid user deploy from 91.92.40.11
Jun 23 18:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: input_userauth_request: invalid user deploy [preauth]
Jun 23 18:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Failed password for invalid user deploy from 91.92.40.11 port 40894 ssh2
Jun 23 18:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Connection closed by 91.92.40.11 port 40894 [preauth]
Jun 23 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7335]: pam_unix(cron:session): session closed for user root
Jun 23 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8725]: Successful su for rubyman by root
Jun 23 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8725]: + ??? root:rubyman
Jun 23 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578967 of user rubyman.
Jun 23 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8725]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578967.
Jun 23 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session closed for user root
Jun 23 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8659]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7828]: pam_unix(cron:session): session closed for user root
Jun 23 18:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: Invalid user deploy from 91.92.40.11
Jun 23 18:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: input_userauth_request: invalid user deploy [preauth]
Jun 23 18:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: Failed password for invalid user deploy from 91.92.40.11 port 60510 ssh2
Jun 23 18:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9040]: Connection closed by 91.92.40.11 port 60510 [preauth]
Jun 23 18:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9063]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9122]: Successful su for rubyman by root
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9122]: + ??? root:rubyman
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578972 of user rubyman.
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9122]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578972.
Jun 23 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6421]: pam_unix(cron:session): session closed for user root
Jun 23 18:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8223]: pam_unix(cron:session): session closed for user root
Jun 23 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9447]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: Successful su for rubyman by root
Jun 23 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: + ??? root:rubyman
Jun 23 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578974 of user rubyman.
Jun 23 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9507]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578974.
Jun 23 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session closed for user root
Jun 23 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9448]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Invalid user deploy from 91.92.40.11
Jun 23 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: input_userauth_request: invalid user deploy [preauth]
Jun 23 18:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Failed password for invalid user deploy from 91.92.40.11 port 36024 ssh2
Jun 23 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Connection closed by 91.92.40.11 port 36024 [preauth]
Jun 23 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8661]: pam_unix(cron:session): session closed for user root
Jun 23 18:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: Connection closed by 14.241.183.210 port 55559 [preauth]
Jun 23 18:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9799]: Connection closed by 144.202.92.17 port 56026 [preauth]
Jun 23 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Invalid user test from 45.148.10.121
Jun 23 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: input_userauth_request: invalid user test [preauth]
Jun 23 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 18:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Failed password for invalid user test from 45.148.10.121 port 38648 ssh2
Jun 23 18:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Connection closed by 45.148.10.121 port 38648 [preauth]
Jun 23 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9859]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10085]: Successful su for rubyman by root
Jun 23 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10085]: + ??? root:rubyman
Jun 23 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578978 of user rubyman.
Jun 23 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10085]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578978.
Jun 23 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7334]: pam_unix(cron:session): session closed for user root
Jun 23 18:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9861]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9066]: pam_unix(cron:session): session closed for user root
Jun 23 18:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Invalid user deploy from 91.92.40.11
Jun 23 18:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: input_userauth_request: invalid user deploy [preauth]
Jun 23 18:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Failed password for invalid user deploy from 91.92.40.11 port 56214 ssh2
Jun 23 18:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Connection closed by 91.92.40.11 port 56214 [preauth]
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10522]: pam_unix(cron:session): session closed for user root
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10517]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10589]: Successful su for rubyman by root
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10589]: + ??? root:rubyman
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578983 of user rubyman.
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10589]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578983.
Jun 23 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10519]: pam_unix(cron:session): session closed for user root
Jun 23 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7827]: pam_unix(cron:session): session closed for user root
Jun 23 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10518]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9450]: pam_unix(cron:session): session closed for user root
Jun 23 18:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10909]: Received disconnect from 102.223.47.171 port 54624:11: disconnected by user [preauth]
Jun 23 18:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10909]: Disconnected from 102.223.47.171 port 54624 [preauth]
Jun 23 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: Successful su for rubyman by root
Jun 23 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: + ??? root:rubyman
Jun 23 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578988 of user rubyman.
Jun 23 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578988.
Jun 23 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session closed for user root
Jun 23 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Invalid user dev from 91.92.40.11
Jun 23 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: input_userauth_request: invalid user dev [preauth]
Jun 23 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Failed password for invalid user dev from 91.92.40.11 port 58060 ssh2
Jun 23 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Connection closed by 91.92.40.11 port 58060 [preauth]
Jun 23 18:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 18:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: Failed password for root from 62.133.62.83 port 58708 ssh2
Jun 23 18:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: Connection closed by 62.133.62.83 port 58708 [preauth]
Jun 23 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session closed for user root
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11403]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11473]: Successful su for rubyman by root
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11473]: + ??? root:rubyman
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578993 of user rubyman.
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11473]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578993.
Jun 23 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8660]: pam_unix(cron:session): session closed for user root
Jun 23 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11404]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10521]: pam_unix(cron:session): session closed for user root
Jun 23 18:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: Invalid user dev from 91.92.40.11
Jun 23 18:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: input_userauth_request: invalid user dev [preauth]
Jun 23 18:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: Failed password for invalid user dev from 91.92.40.11 port 44070 ssh2
Jun 23 18:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: Connection closed by 91.92.40.11 port 44070 [preauth]
Jun 23 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11837]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11907]: Successful su for rubyman by root
Jun 23 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11907]: + ??? root:rubyman
Jun 23 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 578996 of user rubyman.
Jun 23 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11907]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 578996.
Jun 23 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9065]: pam_unix(cron:session): session closed for user root
Jun 23 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11838]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session closed for user root
Jun 23 18:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: Invalid user  from 176.65.139.218
Jun 23 18:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: input_userauth_request: invalid user  [preauth]
Jun 23 18:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12258]: Connection closed by 176.65.139.218 port 49202 [preauth]
Jun 23 18:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12456]: Successful su for rubyman by root
Jun 23 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12456]: + ??? root:rubyman
Jun 23 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579003 of user rubyman.
Jun 23 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12456]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: Failed password for root from 103.149.28.157 port 39862 ssh2
Jun 23 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579003.
Jun 23 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: Connection closed by 103.149.28.157 port 39862 [preauth]
Jun 23 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Invalid user dev from 91.92.40.11
Jun 23 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: input_userauth_request: invalid user dev [preauth]
Jun 23 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9449]: pam_unix(cron:session): session closed for user root
Jun 23 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Failed password for invalid user dev from 91.92.40.11 port 34234 ssh2
Jun 23 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Connection closed by 91.92.40.11 port 34234 [preauth]
Jun 23 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Failed password for root from 176.65.139.218 port 59666 ssh2
Jun 23 18:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Connection closed by 176.65.139.218 port 59666 [preauth]
Jun 23 18:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Invalid user admin from 176.65.139.218
Jun 23 18:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: input_userauth_request: invalid user admin [preauth]
Jun 23 18:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Failed password for invalid user admin from 176.65.139.218 port 57950 ssh2
Jun 23 18:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Connection closed by 176.65.139.218 port 57950 [preauth]
Jun 23 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11409]: pam_unix(cron:session): session closed for user root
Jun 23 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Invalid user odoo from 176.65.139.218
Jun 23 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: input_userauth_request: invalid user odoo [preauth]
Jun 23 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Failed password for invalid user odoo from 176.65.139.218 port 58052 ssh2
Jun 23 18:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Connection closed by 176.65.139.218 port 58052 [preauth]
Jun 23 18:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Failed password for root from 176.65.139.218 port 34716 ssh2
Jun 23 18:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Connection closed by 176.65.139.218 port 34716 [preauth]
Jun 23 18:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Invalid user main from 176.65.139.218
Jun 23 18:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: input_userauth_request: invalid user main [preauth]
Jun 23 18:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Failed password for invalid user main from 176.65.139.218 port 34780 ssh2
Jun 23 18:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Connection closed by 176.65.139.218 port 34780 [preauth]
Jun 23 18:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 18:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: Invalid user bob from 176.65.139.218
Jun 23 18:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: input_userauth_request: invalid user bob [preauth]
Jun 23 18:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: Failed password for root from 202.178.126.219 port 26470 ssh2
Jun 23 18:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: Connection closed by 202.178.126.219 port 26470 [preauth]
Jun 23 18:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: Failed password for invalid user bob from 176.65.139.218 port 55044 ssh2
Jun 23 18:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: Connection closed by 176.65.139.218 port 55044 [preauth]
Jun 23 18:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Invalid user zahra from 176.65.139.218
Jun 23 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: input_userauth_request: invalid user zahra [preauth]
Jun 23 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Failed password for invalid user zahra from 176.65.139.218 port 55098 ssh2
Jun 23 18:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Connection closed by 176.65.139.218 port 55098 [preauth]
Jun 23 18:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Invalid user guest from 176.65.139.218
Jun 23 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: input_userauth_request: invalid user guest [preauth]
Jun 23 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12824]: pam_unix(cron:session): session closed for user root
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12817]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12898]: Successful su for rubyman by root
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12898]: + ??? root:rubyman
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579008 of user rubyman.
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12898]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579008.
Jun 23 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Failed password for invalid user guest from 176.65.139.218 port 47024 ssh2
Jun 23 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Connection closed by 176.65.139.218 port 47024 [preauth]
Jun 23 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12819]: pam_unix(cron:session): session closed for user root
Jun 23 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session closed for user root
Jun 23 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13081]: Invalid user admin1 from 176.65.139.218
Jun 23 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13081]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12818]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13081]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13081]: Failed password for invalid user admin1 from 176.65.139.218 port 47070 ssh2
Jun 23 18:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13081]: Connection closed by 176.65.139.218 port 47070 [preauth]
Jun 23 18:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: Invalid user hadoop from 176.65.139.218
Jun 23 18:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 18:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: Failed password for invalid user hadoop from 176.65.139.218 port 54546 ssh2
Jun 23 18:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: Connection closed by 176.65.139.218 port 54546 [preauth]
Jun 23 18:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13134]: Failed password for root from 176.65.139.218 port 54584 ssh2
Jun 23 18:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13134]: Connection closed by 176.65.139.218 port 54584 [preauth]
Jun 23 18:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13147]: Failed password for root from 176.65.139.218 port 53326 ssh2
Jun 23 18:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13147]: Connection closed by 176.65.139.218 port 53326 [preauth]
Jun 23 18:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Invalid user playground from 176.65.139.218
Jun 23 18:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: input_userauth_request: invalid user playground [preauth]
Jun 23 18:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: Invalid user dev from 91.92.40.11
Jun 23 18:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: input_userauth_request: invalid user dev [preauth]
Jun 23 18:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Failed password for invalid user playground from 176.65.139.218 port 57792 ssh2
Jun 23 18:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Connection closed by 176.65.139.218 port 57792 [preauth]
Jun 23 18:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: Failed password for invalid user dev from 91.92.40.11 port 34096 ssh2
Jun 23 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13188]: Connection closed by 91.92.40.11 port 34096 [preauth]
Jun 23 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Invalid user rock from 176.65.139.218
Jun 23 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: input_userauth_request: invalid user rock [preauth]
Jun 23 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11840]: pam_unix(cron:session): session closed for user root
Jun 23 18:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for invalid user rock from 176.65.139.218 port 57854 ssh2
Jun 23 18:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Connection closed by 176.65.139.218 port 57854 [preauth]
Jun 23 18:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13229]: Failed password for root from 176.65.139.218 port 51132 ssh2
Jun 23 18:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13229]: Connection closed by 176.65.139.218 port 51132 [preauth]
Jun 23 18:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: Invalid user coder from 176.65.139.218
Jun 23 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: input_userauth_request: invalid user coder [preauth]
Jun 23 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: Failed password for invalid user coder from 176.65.139.218 port 51236 ssh2
Jun 23 18:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13247]: Connection closed by 176.65.139.218 port 51236 [preauth]
Jun 23 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: Invalid user tactical from 176.65.139.218
Jun 23 18:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: input_userauth_request: invalid user tactical [preauth]
Jun 23 18:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: Failed password for invalid user tactical from 176.65.139.218 port 40852 ssh2
Jun 23 18:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13265]: Connection closed by 176.65.139.218 port 40852 [preauth]
Jun 23 18:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: Failed password for root from 176.65.139.218 port 40874 ssh2
Jun 23 18:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: Connection closed by 176.65.139.218 port 40874 [preauth]
Jun 23 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: Invalid user cloud from 176.65.139.218
Jun 23 18:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: input_userauth_request: invalid user cloud [preauth]
Jun 23 18:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: Failed password for invalid user cloud from 176.65.139.218 port 54796 ssh2
Jun 23 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13279]: Connection closed by 176.65.139.218 port 54796 [preauth]
Jun 23 18:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: Invalid user gg from 176.65.139.218
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: input_userauth_request: invalid user gg [preauth]
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13294]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13361]: Successful su for rubyman by root
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13361]: + ??? root:rubyman
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579012 of user rubyman.
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13361]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579012.
Jun 23 18:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: Failed password for invalid user gg from 176.65.139.218 port 54822 ssh2
Jun 23 18:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: Connection closed by 176.65.139.218 port 54822 [preauth]
Jun 23 18:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10520]: pam_unix(cron:session): session closed for user root
Jun 23 18:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: Invalid user minecraft from 176.65.139.218
Jun 23 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13296]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: Failed password for invalid user minecraft from 176.65.139.218 port 54830 ssh2
Jun 23 18:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: Connection closed by 176.65.139.218 port 54830 [preauth]
Jun 23 18:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Invalid user oracle from 176.65.139.218
Jun 23 18:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: input_userauth_request: invalid user oracle [preauth]
Jun 23 18:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Failed password for invalid user oracle from 176.65.139.218 port 44900 ssh2
Jun 23 18:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Connection closed by 176.65.139.218 port 44900 [preauth]
Jun 23 18:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: Invalid user kim from 176.65.139.218
Jun 23 18:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: input_userauth_request: invalid user kim [preauth]
Jun 23 18:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: Failed password for invalid user kim from 176.65.139.218 port 44956 ssh2
Jun 23 18:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: Connection closed by 176.65.139.218 port 44956 [preauth]
Jun 23 18:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: Invalid user bot from 176.65.139.218
Jun 23 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: input_userauth_request: invalid user bot [preauth]
Jun 23 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: Failed password for invalid user bot from 176.65.139.218 port 43274 ssh2
Jun 23 18:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: Connection closed by 176.65.139.218 port 43274 [preauth]
Jun 23 18:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: Invalid user ai from 176.65.139.218
Jun 23 18:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: input_userauth_request: invalid user ai [preauth]
Jun 23 18:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: Failed password for invalid user ai from 176.65.139.218 port 43358 ssh2
Jun 23 18:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: Connection closed by 176.65.139.218 port 43358 [preauth]
Jun 23 18:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Invalid user webuser from 176.65.139.218
Jun 23 18:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: input_userauth_request: invalid user webuser [preauth]
Jun 23 18:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Failed password for invalid user webuser from 176.65.139.218 port 43394 ssh2
Jun 23 18:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Connection closed by 176.65.139.218 port 43394 [preauth]
Jun 23 18:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Failed password for root from 176.65.139.218 port 47672 ssh2
Jun 23 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Connection closed by 176.65.139.218 port 47672 [preauth]
Jun 23 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Invalid user developer from 176.65.139.218
Jun 23 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: input_userauth_request: invalid user developer [preauth]
Jun 23 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12383]: pam_unix(cron:session): session closed for user root
Jun 23 18:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Failed password for invalid user developer from 176.65.139.218 port 47724 ssh2
Jun 23 18:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Connection closed by 176.65.139.218 port 47724 [preauth]
Jun 23 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: Failed password for root from 176.65.139.218 port 34432 ssh2
Jun 23 18:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: Connection closed by 176.65.139.218 port 34432 [preauth]
Jun 23 18:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: Invalid user sdadmin from 176.65.139.218
Jun 23 18:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: input_userauth_request: invalid user sdadmin [preauth]
Jun 23 18:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: Failed password for invalid user sdadmin from 176.65.139.218 port 34512 ssh2
Jun 23 18:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: Connection closed by 176.65.139.218 port 34512 [preauth]
Jun 23 18:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: Received disconnect from 179.61.232.245 port 50028:11: disconnected by user [preauth]
Jun 23 18:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: Disconnected from 179.61.232.245 port 50028 [preauth]
Jun 23 18:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: Invalid user ansible from 176.65.139.218
Jun 23 18:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: input_userauth_request: invalid user ansible [preauth]
Jun 23 18:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: Failed password for invalid user ansible from 176.65.139.218 port 44206 ssh2
Jun 23 18:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: Connection closed by 176.65.139.218 port 44206 [preauth]
Jun 23 18:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Invalid user odoo16 from 176.65.139.218
Jun 23 18:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: input_userauth_request: invalid user odoo16 [preauth]
Jun 23 18:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Invalid user dev from 91.92.40.11
Jun 23 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: input_userauth_request: invalid user dev [preauth]
Jun 23 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Failed password for invalid user odoo16 from 176.65.139.218 port 44248 ssh2
Jun 23 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Connection closed by 176.65.139.218 port 44248 [preauth]
Jun 23 18:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Failed password for invalid user dev from 91.92.40.11 port 47316 ssh2
Jun 23 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Connection closed by 91.92.40.11 port 47316 [preauth]
Jun 23 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Invalid user ubuntu from 176.65.139.218
Jun 23 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13731]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13802]: Successful su for rubyman by root
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13802]: + ??? root:rubyman
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579014 of user rubyman.
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13802]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579014.
Jun 23 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Failed password for invalid user ubuntu from 176.65.139.218 port 35498 ssh2
Jun 23 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Connection closed by 176.65.139.218 port 35498 [preauth]
Jun 23 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session closed for user root
Jun 23 18:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13732]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Invalid user minecraft from 176.65.139.218
Jun 23 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Failed password for invalid user minecraft from 176.65.139.218 port 35560 ssh2
Jun 23 18:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Connection closed by 176.65.139.218 port 35560 [preauth]
Jun 23 18:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Invalid user ec2-user from 176.65.139.218
Jun 23 18:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: input_userauth_request: invalid user ec2-user [preauth]
Jun 23 18:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Failed password for invalid user ec2-user from 176.65.139.218 port 57598 ssh2
Jun 23 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Connection closed by 176.65.139.218 port 57598 [preauth]
Jun 23 18:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Failed password for root from 176.65.139.218 port 53008 ssh2
Jun 23 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Connection closed by 176.65.139.218 port 53008 [preauth]
Jun 23 18:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14038]: Invalid user deploy from 176.65.139.218
Jun 23 18:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14038]: input_userauth_request: invalid user deploy [preauth]
Jun 23 18:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14038]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14038]: Failed password for invalid user deploy from 176.65.139.218 port 53060 ssh2
Jun 23 18:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14038]: Connection closed by 176.65.139.218 port 53060 [preauth]
Jun 23 18:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: Invalid user app from 176.65.139.218
Jun 23 18:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: input_userauth_request: invalid user app [preauth]
Jun 23 18:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: Failed password for invalid user app from 176.65.139.218 port 52416 ssh2
Jun 23 18:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14066]: Connection closed by 176.65.139.218 port 52416 [preauth]
Jun 23 18:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12823]: pam_unix(cron:session): session closed for user root
Jun 23 18:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Invalid user admin from 176.65.139.218
Jun 23 18:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: input_userauth_request: invalid user admin [preauth]
Jun 23 18:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Failed password for invalid user admin from 176.65.139.218 port 52516 ssh2
Jun 23 18:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Connection closed by 176.65.139.218 port 52516 [preauth]
Jun 23 18:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Invalid user postgres from 176.65.139.218
Jun 23 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: input_userauth_request: invalid user postgres [preauth]
Jun 23 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Failed password for invalid user postgres from 176.65.139.218 port 40048 ssh2
Jun 23 18:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Connection closed by 176.65.139.218 port 40048 [preauth]
Jun 23 18:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: Invalid user test from 176.65.139.218
Jun 23 18:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: input_userauth_request: invalid user test [preauth]
Jun 23 18:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: Failed password for invalid user test from 176.65.139.218 port 43820 ssh2
Jun 23 18:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: Connection closed by 176.65.139.218 port 43820 [preauth]
Jun 23 18:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: Invalid user gateway from 176.65.139.218
Jun 23 18:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: input_userauth_request: invalid user gateway [preauth]
Jun 23 18:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: Failed password for invalid user gateway from 176.65.139.218 port 43904 ssh2
Jun 23 18:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: Connection closed by 176.65.139.218 port 43904 [preauth]
Jun 23 18:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Invalid user www from 176.65.139.218
Jun 23 18:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: input_userauth_request: invalid user www [preauth]
Jun 23 18:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14163]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14225]: Successful su for rubyman by root
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14225]: + ??? root:rubyman
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579020 of user rubyman.
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14225]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579020.
Jun 23 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Failed password for invalid user www from 176.65.139.218 port 35206 ssh2
Jun 23 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Connection closed by 176.65.139.218 port 35206 [preauth]
Jun 23 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11405]: pam_unix(cron:session): session closed for user root
Jun 23 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: Invalid user home from 176.65.139.218
Jun 23 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: input_userauth_request: invalid user home [preauth]
Jun 23 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14164]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: Failed password for invalid user home from 176.65.139.218 port 35288 ssh2
Jun 23 18:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: Connection closed by 176.65.139.218 port 35288 [preauth]
Jun 23 18:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14403]: Invalid user odoo17 from 176.65.139.218
Jun 23 18:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14403]: input_userauth_request: invalid user odoo17 [preauth]
Jun 23 18:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14403]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14403]: Failed password for invalid user odoo17 from 176.65.139.218 port 59460 ssh2
Jun 23 18:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14403]: Connection closed by 176.65.139.218 port 59460 [preauth]
Jun 23 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Invalid user openclaw from 176.65.139.218
Jun 23 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Failed password for invalid user openclaw from 176.65.139.218 port 56796 ssh2
Jun 23 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Connection closed by 176.65.139.218 port 56796 [preauth]
Jun 23 18:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Invalid user jakob from 176.65.139.218
Jun 23 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: input_userauth_request: invalid user jakob [preauth]
Jun 23 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Invalid user dev from 91.92.40.11
Jun 23 18:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: input_userauth_request: invalid user dev [preauth]
Jun 23 18:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Failed password for invalid user jakob from 176.65.139.218 port 56860 ssh2
Jun 23 18:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Connection closed by 176.65.139.218 port 56860 [preauth]
Jun 23 18:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Failed password for invalid user dev from 91.92.40.11 port 51812 ssh2
Jun 23 18:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Connection closed by 91.92.40.11 port 51812 [preauth]
Jun 23 18:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Invalid user vyos from 176.65.139.218
Jun 23 18:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: input_userauth_request: invalid user vyos [preauth]
Jun 23 18:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Failed password for invalid user vyos from 176.65.139.218 port 60388 ssh2
Jun 23 18:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Connection closed by 176.65.139.218 port 60388 [preauth]
Jun 23 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13299]: pam_unix(cron:session): session closed for user root
Jun 23 18:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Invalid user nexus from 176.65.139.218
Jun 23 18:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: input_userauth_request: invalid user nexus [preauth]
Jun 23 18:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Failed password for invalid user nexus from 176.65.139.218 port 60432 ssh2
Jun 23 18:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Connection closed by 176.65.139.218 port 60432 [preauth]
Jun 23 18:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Invalid user oscar from 176.65.139.218
Jun 23 18:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: input_userauth_request: invalid user oscar [preauth]
Jun 23 18:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Failed password for invalid user oscar from 176.65.139.218 port 44384 ssh2
Jun 23 18:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Connection closed by 176.65.139.218 port 44384 [preauth]
Jun 23 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: Invalid user admin1 from 176.65.139.218
Jun 23 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: Failed password for invalid user admin1 from 176.65.139.218 port 40388 ssh2
Jun 23 18:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: Connection closed by 176.65.139.218 port 40388 [preauth]
Jun 23 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: Invalid user postgres from 176.65.139.218
Jun 23 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: input_userauth_request: invalid user postgres [preauth]
Jun 23 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: Failed password for invalid user postgres from 176.65.139.218 port 40438 ssh2
Jun 23 18:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: Connection closed by 176.65.139.218 port 40438 [preauth]
Jun 23 18:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Invalid user user1 from 176.65.139.218
Jun 23 18:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: input_userauth_request: invalid user user1 [preauth]
Jun 23 18:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session closed for user p13x
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: Successful su for rubyman by root
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: + ??? root:rubyman
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579023 of user rubyman.
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: pam_unix(su:session): session closed for user rubyman
Jun 23 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579023.
Jun 23 18:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Failed password for invalid user user1 from 176.65.139.218 port 52914 ssh2
Jun 23 18:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Connection closed by 176.65.139.218 port 52914 [preauth]
Jun 23 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11839]: pam_unix(cron:session): session closed for user root
Jun 23 18:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session closed for user samftp
Jun 23 18:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14903]: Failed password for root from 176.65.139.218 port 52968 ssh2
Jun 23 18:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14903]: Connection closed by 176.65.139.218 port 52968 [preauth]
Jun 23 18:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: Invalid user devops from 176.65.139.218
Jun 23 18:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: input_userauth_request: invalid user devops [preauth]
Jun 23 18:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: Failed password for invalid user devops from 176.65.139.218 port 35662 ssh2
Jun 23 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: Connection closed by 176.65.139.218 port 35662 [preauth]
Jun 23 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Invalid user esadmin from 65.21.150.20
Jun 23 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: input_userauth_request: invalid user esadmin [preauth]
Jun 23 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 18:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Failed password for invalid user esadmin from 65.21.150.20 port 51766 ssh2
Jun 23 18:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Received disconnect from 65.21.150.20 port 51766:11: Bye Bye [preauth]
Jun 23 18:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Disconnected from 65.21.150.20 port 51766 [preauth]
Jun 23 18:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14940]: Invalid user student from 176.65.139.218
Jun 23 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14940]: input_userauth_request: invalid user student [preauth]
Jun 23 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14940]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14940]: Failed password for invalid user student from 176.65.139.218 port 43466 ssh2
Jun 23 18:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14940]: Connection closed by 176.65.139.218 port 43466 [preauth]
Jun 23 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: Failed password for root from 176.65.139.218 port 43564 ssh2
Jun 23 18:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: Connection closed by 176.65.139.218 port 43564 [preauth]
Jun 23 18:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: Invalid user oracle from 176.65.139.218
Jun 23 18:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: input_userauth_request: invalid user oracle [preauth]
Jun 23 18:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session closed for user root
Jun 23 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: Failed password for invalid user oracle from 176.65.139.218 port 51546 ssh2
Jun 23 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: Connection closed by 176.65.139.218 port 51546 [preauth]
Jun 23 18:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: Invalid user mc from 176.65.139.218
Jun 23 18:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: input_userauth_request: invalid user mc [preauth]
Jun 23 18:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: Failed password for invalid user mc from 176.65.139.218 port 35426 ssh2
Jun 23 18:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: Connection closed by 176.65.139.218 port 35426 [preauth]
Jun 23 18:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: Invalid user deploy from 176.65.139.218
Jun 23 18:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: input_userauth_request: invalid user deploy [preauth]
Jun 23 18:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: Failed password for invalid user deploy from 176.65.139.218 port 35518 ssh2
Jun 23 18:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: Connection closed by 176.65.139.218 port 35518 [preauth]
Jun 23 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 18:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Failed password for root from 176.65.139.218 port 37860 ssh2
Jun 23 18:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Connection closed by 176.65.139.218 port 37860 [preauth]
Jun 23 18:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Invalid user dev from 91.92.40.11
Jun 23 18:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: input_userauth_request: invalid user dev [preauth]
Jun 23 18:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 18:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 18:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: Invalid user jellyfin from 176.65.139.218
Jun 23 18:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: input_userauth_request: invalid user jellyfin [preauth]
Jun 23 18:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 18:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 18:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Failed password for invalid user dev from 91.92.40.11 port 38606 ssh2
Jun 23 18:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Connection closed by 91.92.40.11 port 38606 [preauth]
Jun 23 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: Failed password for invalid user jellyfin from 176.65.139.218 port 37898 ssh2
Jun 23 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: Connection closed by 176.65.139.218 port 37898 [preauth]
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15082]: pam_unix(cron:session): session closed for user root
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session closed for user root
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Invalid user student from 176.65.139.218
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: input_userauth_request: invalid user student [preauth]
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15179]: Successful su for rubyman by root
Jun 23 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15179]: + ??? root:rubyman
Jun 23 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579029 of user rubyman.
Jun 23 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15179]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579029.
Jun 23 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Failed password for invalid user student from 176.65.139.218 port 56270 ssh2
Jun 23 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15079]: pam_unix(cron:session): session closed for user root
Jun 23 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Connection closed by 176.65.139.218 port 56270 [preauth]
Jun 23 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12382]: pam_unix(cron:session): session closed for user root
Jun 23 19:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: Invalid user gns3 from 176.65.139.218
Jun 23 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: input_userauth_request: invalid user gns3 [preauth]
Jun 23 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: Failed password for invalid user gns3 from 176.65.139.218 port 33080 ssh2
Jun 23 19:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: Connection closed by 176.65.139.218 port 33080 [preauth]
Jun 23 19:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: Failed password for root from 176.65.139.218 port 33126 ssh2
Jun 23 19:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: Connection closed by 176.65.139.218 port 33126 [preauth]
Jun 23 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: Invalid user martin from 176.65.139.218
Jun 23 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: input_userauth_request: invalid user martin [preauth]
Jun 23 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: Failed password for invalid user martin from 176.65.139.218 port 45968 ssh2
Jun 23 19:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: Connection closed by 176.65.139.218 port 45968 [preauth]
Jun 23 19:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: Failed password for root from 176.65.139.218 port 46014 ssh2
Jun 23 19:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: Connection closed by 176.65.139.218 port 46014 [preauth]
Jun 23 19:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14167]: pam_unix(cron:session): session closed for user root
Jun 23 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Failed password for root from 176.65.139.218 port 60760 ssh2
Jun 23 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Connection closed by 176.65.139.218 port 60760 [preauth]
Jun 23 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Invalid user deploy from 176.65.139.218
Jun 23 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Failed password for invalid user deploy from 176.65.139.218 port 44482 ssh2
Jun 23 19:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Connection closed by 176.65.139.218 port 44482 [preauth]
Jun 23 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15536]: Invalid user bot from 176.65.139.218
Jun 23 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15536]: input_userauth_request: invalid user bot [preauth]
Jun 23 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15536]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15536]: Failed password for invalid user bot from 176.65.139.218 port 44542 ssh2
Jun 23 19:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15536]: Connection closed by 176.65.139.218 port 44542 [preauth]
Jun 23 19:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: Invalid user home from 176.65.139.218
Jun 23 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: input_userauth_request: invalid user home [preauth]
Jun 23 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: Failed password for invalid user home from 176.65.139.218 port 44576 ssh2
Jun 23 19:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: Connection closed by 176.65.139.218 port 44576 [preauth]
Jun 23 19:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15560]: Invalid user test from 176.65.139.218
Jun 23 19:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15560]: input_userauth_request: invalid user test [preauth]
Jun 23 19:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15560]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15560]: Failed password for invalid user test from 176.65.139.218 port 52012 ssh2
Jun 23 19:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15560]: Connection closed by 176.65.139.218 port 52012 [preauth]
Jun 23 19:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Invalid user support from 176.65.139.218
Jun 23 19:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: input_userauth_request: invalid user support [preauth]
Jun 23 19:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Failed password for invalid user support from 176.65.139.218 port 52136 ssh2
Jun 23 19:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Connection closed by 176.65.139.218 port 52136 [preauth]
Jun 23 19:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Invalid user kali from 176.65.139.218
Jun 23 19:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: input_userauth_request: invalid user kali [preauth]
Jun 23 19:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15591]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Failed password for invalid user kali from 176.65.139.218 port 44222 ssh2
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: Successful su for rubyman by root
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: + ??? root:rubyman
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Connection closed by 176.65.139.218 port 44222 [preauth]
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579033 of user rubyman.
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579033.
Jun 23 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Invalid user www from 176.65.139.218
Jun 23 19:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: input_userauth_request: invalid user www [preauth]
Jun 23 19:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12820]: pam_unix(cron:session): session closed for user root
Jun 23 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15592]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Failed password for invalid user www from 176.65.139.218 port 44278 ssh2
Jun 23 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Connection closed by 176.65.139.218 port 44278 [preauth]
Jun 23 19:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Invalid user appuser from 176.65.139.218
Jun 23 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: input_userauth_request: invalid user appuser [preauth]
Jun 23 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for invalid user appuser from 176.65.139.218 port 49300 ssh2
Jun 23 19:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Connection closed by 176.65.139.218 port 49300 [preauth]
Jun 23 19:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 19:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: Invalid user teste from 176.65.139.218
Jun 23 19:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: input_userauth_request: invalid user teste [preauth]
Jun 23 19:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: Failed password for root from 38.93.206.2 port 1080 ssh2
Jun 23 19:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: Connection closed by 38.93.206.2 port 1080 [preauth]
Jun 23 19:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: Failed password for invalid user teste from 176.65.139.218 port 49372 ssh2
Jun 23 19:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: Connection closed by 176.65.139.218 port 49372 [preauth]
Jun 23 19:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: Invalid user debian from 104.208.108.166
Jun 23 19:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: Failed password for root from 176.65.139.218 port 40532 ssh2
Jun 23 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: Connection closed by 176.65.139.218 port 40532 [preauth]
Jun 23 19:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: Failed password for invalid user debian from 104.208.108.166 port 55692 ssh2
Jun 23 19:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: Received disconnect from 104.208.108.166 port 55692:11: Bye Bye [preauth]
Jun 23 19:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: Disconnected from 104.208.108.166 port 55692 [preauth]
Jun 23 19:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: Invalid user amin from 176.65.139.218
Jun 23 19:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: input_userauth_request: invalid user amin [preauth]
Jun 23 19:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Invalid user dev from 91.92.40.11
Jun 23 19:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: input_userauth_request: invalid user dev [preauth]
Jun 23 19:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: Failed password for invalid user amin from 176.65.139.218 port 40584 ssh2
Jun 23 19:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: Connection closed by 176.65.139.218 port 40584 [preauth]
Jun 23 19:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Failed password for invalid user dev from 91.92.40.11 port 37956 ssh2
Jun 23 19:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Connection closed by 91.92.40.11 port 37956 [preauth]
Jun 23 19:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Invalid user zimbra from 176.65.139.218
Jun 23 19:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: input_userauth_request: invalid user zimbra [preauth]
Jun 23 19:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Failed password for invalid user zimbra from 176.65.139.218 port 53552 ssh2
Jun 23 19:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Connection closed by 176.65.139.218 port 53552 [preauth]
Jun 23 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session closed for user root
Jun 23 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: Failed password for root from 176.65.139.218 port 53618 ssh2
Jun 23 19:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: Connection closed by 176.65.139.218 port 53618 [preauth]
Jun 23 19:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: Invalid user deploy from 176.65.139.218
Jun 23 19:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: Failed password for invalid user deploy from 176.65.139.218 port 46908 ssh2
Jun 23 19:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: Connection closed by 176.65.139.218 port 46908 [preauth]
Jun 23 19:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: Invalid user server from 176.65.139.218
Jun 23 19:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: input_userauth_request: invalid user server [preauth]
Jun 23 19:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: Failed password for invalid user server from 176.65.139.218 port 46942 ssh2
Jun 23 19:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: Connection closed by 176.65.139.218 port 46942 [preauth]
Jun 23 19:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: Invalid user dmdba from 176.65.139.218
Jun 23 19:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: input_userauth_request: invalid user dmdba [preauth]
Jun 23 19:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: Failed password for invalid user dmdba from 176.65.139.218 port 41708 ssh2
Jun 23 19:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: Connection closed by 176.65.139.218 port 41708 [preauth]
Jun 23 19:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Failed password for root from 176.65.139.218 port 59572 ssh2
Jun 23 19:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Connection closed by 176.65.139.218 port 59572 [preauth]
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16015]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: Successful su for rubyman by root
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: + ??? root:rubyman
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579037 of user rubyman.
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16077]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579037.
Jun 23 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13297]: pam_unix(cron:session): session closed for user root
Jun 23 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Failed password for root from 176.65.139.218 port 59652 ssh2
Jun 23 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Connection closed by 176.65.139.218 port 59652 [preauth]
Jun 23 19:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16016]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Invalid user user from 176.65.139.218
Jun 23 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: input_userauth_request: invalid user user [preauth]
Jun 23 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Failed password for invalid user user from 176.65.139.218 port 53900 ssh2
Jun 23 19:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Connection closed by 176.65.139.218 port 53900 [preauth]
Jun 23 19:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: Invalid user fastuser from 176.65.139.218
Jun 23 19:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: input_userauth_request: invalid user fastuser [preauth]
Jun 23 19:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: Failed password for invalid user fastuser from 176.65.139.218 port 53948 ssh2
Jun 23 19:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16283]: Connection closed by 176.65.139.218 port 53948 [preauth]
Jun 23 19:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Invalid user admin from 176.65.139.218
Jun 23 19:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Failed password for invalid user admin from 176.65.139.218 port 60254 ssh2
Jun 23 19:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Connection closed by 176.65.139.218 port 60254 [preauth]
Jun 23 19:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Failed password for root from 176.65.139.218 port 43104 ssh2
Jun 23 19:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Connection closed by 176.65.139.218 port 43104 [preauth]
Jun 23 19:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16333]: Invalid user crafty from 176.65.139.218
Jun 23 19:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16333]: input_userauth_request: invalid user crafty [preauth]
Jun 23 19:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16333]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session closed for user root
Jun 23 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16333]: Failed password for invalid user crafty from 176.65.139.218 port 43136 ssh2
Jun 23 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16333]: Connection closed by 176.65.139.218 port 43136 [preauth]
Jun 23 19:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: Invalid user webmaster from 176.65.139.218
Jun 23 19:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: input_userauth_request: invalid user webmaster [preauth]
Jun 23 19:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: Failed password for invalid user webmaster from 176.65.139.218 port 45708 ssh2
Jun 23 19:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: Connection closed by 176.65.139.218 port 45708 [preauth]
Jun 23 19:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16381]: Failed password for root from 176.65.139.218 port 45774 ssh2
Jun 23 19:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16381]: Connection closed by 176.65.139.218 port 45774 [preauth]
Jun 23 19:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Invalid user developer from 91.92.40.11
Jun 23 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Invalid user deploy from 176.65.139.218
Jun 23 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Failed password for invalid user developer from 91.92.40.11 port 42162 ssh2
Jun 23 19:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Connection closed by 91.92.40.11 port 42162 [preauth]
Jun 23 19:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Failed password for invalid user deploy from 176.65.139.218 port 37312 ssh2
Jun 23 19:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Connection closed by 176.65.139.218 port 37312 [preauth]
Jun 23 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: Invalid user admin1 from 176.65.139.218
Jun 23 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: Failed password for invalid user admin1 from 176.65.139.218 port 54674 ssh2
Jun 23 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16409]: Connection closed by 176.65.139.218 port 54674 [preauth]
Jun 23 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16422]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16488]: Successful su for rubyman by root
Jun 23 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16488]: + ??? root:rubyman
Jun 23 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579042 of user rubyman.
Jun 23 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16488]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579042.
Jun 23 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13741]: pam_unix(cron:session): session closed for user root
Jun 23 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Failed password for root from 176.65.139.218 port 54734 ssh2
Jun 23 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Connection closed by 176.65.139.218 port 54734 [preauth]
Jun 23 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16423]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Invalid user solana from 176.65.139.218
Jun 23 19:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: input_userauth_request: invalid user solana [preauth]
Jun 23 19:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Failed password for invalid user solana from 176.65.139.218 port 42392 ssh2
Jun 23 19:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Connection closed by 176.65.139.218 port 42392 [preauth]
Jun 23 19:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: Invalid user jenkins from 176.65.139.218
Jun 23 19:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 19:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: Failed password for invalid user jenkins from 176.65.139.218 port 42404 ssh2
Jun 23 19:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: Connection closed by 176.65.139.218 port 42404 [preauth]
Jun 23 19:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Invalid user grok from 176.65.139.218
Jun 23 19:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: input_userauth_request: invalid user grok [preauth]
Jun 23 19:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Failed password for invalid user grok from 176.65.139.218 port 47590 ssh2
Jun 23 19:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Connection closed by 176.65.139.218 port 47590 [preauth]
Jun 23 19:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Failed password for root from 176.65.139.218 port 47686 ssh2
Jun 23 19:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Connection closed by 176.65.139.218 port 47686 [preauth]
Jun 23 19:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: Invalid user amit from 176.65.139.218
Jun 23 19:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: input_userauth_request: invalid user amit [preauth]
Jun 23 19:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session closed for user root
Jun 23 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: Failed password for invalid user amit from 176.65.139.218 port 52032 ssh2
Jun 23 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: Connection closed by 176.65.139.218 port 52032 [preauth]
Jun 23 19:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: Invalid user teamspeak from 176.65.139.218
Jun 23 19:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 19:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243  user=root
Jun 23 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: Failed password for invalid user teamspeak from 176.65.139.218 port 47220 ssh2
Jun 23 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16780]: Connection closed by 176.65.139.218 port 47220 [preauth]
Jun 23 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: Failed password for root from 115.178.75.243 port 42224 ssh2
Jun 23 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: Received disconnect from 115.178.75.243 port 42224:11: Bye Bye [preauth]
Jun 23 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: Disconnected from 115.178.75.243 port 42224 [preauth]
Jun 23 19:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Invalid user user from 176.65.139.218
Jun 23 19:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: input_userauth_request: invalid user user [preauth]
Jun 23 19:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Failed password for invalid user user from 176.65.139.218 port 47274 ssh2
Jun 23 19:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Connection closed by 176.65.139.218 port 47274 [preauth]
Jun 23 19:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Invalid user installer from 176.65.139.218
Jun 23 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: input_userauth_request: invalid user installer [preauth]
Jun 23 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Failed password for invalid user installer from 176.65.139.218 port 52474 ssh2
Jun 23 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Connection closed by 176.65.139.218 port 52474 [preauth]
Jun 23 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Invalid user david from 176.65.139.218
Jun 23 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: input_userauth_request: invalid user david [preauth]
Jun 23 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: Invalid user lilei from 104.208.108.166
Jun 23 19:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: input_userauth_request: invalid user lilei [preauth]
Jun 23 19:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Failed password for invalid user david from 176.65.139.218 port 48624 ssh2
Jun 23 19:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Connection closed by 176.65.139.218 port 48624 [preauth]
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17007]: Successful su for rubyman by root
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17007]: + ??? root:rubyman
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579045 of user rubyman.
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17007]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579045.
Jun 23 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: Failed password for invalid user lilei from 104.208.108.166 port 35004 ssh2
Jun 23 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: Received disconnect from 104.208.108.166 port 35004:11: Bye Bye [preauth]
Jun 23 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: Disconnected from 104.208.108.166 port 35004 [preauth]
Jun 23 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17111]: Invalid user teamspeak from 176.65.139.218
Jun 23 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17111]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17111]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14165]: pam_unix(cron:session): session closed for user root
Jun 23 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16849]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17111]: Failed password for invalid user teamspeak from 176.65.139.218 port 48676 ssh2
Jun 23 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17111]: Connection closed by 176.65.139.218 port 48676 [preauth]
Jun 23 19:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: Invalid user user from 176.65.139.218
Jun 23 19:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: input_userauth_request: invalid user user [preauth]
Jun 23 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: Failed password for invalid user user from 176.65.139.218 port 51328 ssh2
Jun 23 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: Connection closed by 176.65.139.218 port 51328 [preauth]
Jun 23 19:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17212]: Invalid user developer from 91.92.40.11
Jun 23 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17212]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17212]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: Invalid user bot from 176.65.139.218
Jun 23 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: input_userauth_request: invalid user bot [preauth]
Jun 23 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17212]: Failed password for invalid user developer from 91.92.40.11 port 54654 ssh2
Jun 23 19:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17212]: Connection closed by 91.92.40.11 port 54654 [preauth]
Jun 23 19:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: Failed password for invalid user bot from 176.65.139.218 port 51402 ssh2
Jun 23 19:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: Connection closed by 176.65.139.218 port 51402 [preauth]
Jun 23 19:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Invalid user user from 176.65.139.218
Jun 23 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: input_userauth_request: invalid user user [preauth]
Jun 23 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Failed password for invalid user user from 176.65.139.218 port 47970 ssh2
Jun 23 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Connection closed by 176.65.139.218 port 47970 [preauth]
Jun 23 19:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Failed password for invalid user ubuntu from 176.65.139.218 port 58104 ssh2
Jun 23 19:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Connection closed by 176.65.139.218 port 58104 [preauth]
Jun 23 19:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16018]: pam_unix(cron:session): session closed for user root
Jun 23 19:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Failed password for invalid user ubuntu from 176.65.139.218 port 58138 ssh2
Jun 23 19:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Connection closed by 176.65.139.218 port 58138 [preauth]
Jun 23 19:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: Invalid user security from 176.65.139.218
Jun 23 19:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: input_userauth_request: invalid user security [preauth]
Jun 23 19:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: Failed password for invalid user security from 176.65.139.218 port 42576 ssh2
Jun 23 19:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: Connection closed by 176.65.139.218 port 42576 [preauth]
Jun 23 19:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Invalid user deploy from 176.65.139.218
Jun 23 19:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Failed password for invalid user deploy from 176.65.139.218 port 42668 ssh2
Jun 23 19:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Connection closed by 176.65.139.218 port 42668 [preauth]
Jun 23 19:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: Invalid user labuser from 176.65.139.218
Jun 23 19:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: input_userauth_request: invalid user labuser [preauth]
Jun 23 19:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: Failed password for invalid user labuser from 176.65.139.218 port 35658 ssh2
Jun 23 19:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: Connection closed by 176.65.139.218 port 35658 [preauth]
Jun 23 19:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Invalid user wg from 95.58.255.251
Jun 23 19:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: input_userauth_request: invalid user wg [preauth]
Jun 23 19:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for root from 176.65.139.218 port 53164 ssh2
Jun 23 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Connection closed by 176.65.139.218 port 53164 [preauth]
Jun 23 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 19:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Failed password for root from 103.15.222.183 port 34018 ssh2
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Failed password for invalid user wg from 95.58.255.251 port 57414 ssh2
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Connection closed by 103.15.222.183 port 34018 [preauth]
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Received disconnect from 95.58.255.251 port 57414:11: Bye Bye [preauth]
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Disconnected from 95.58.255.251 port 57414 [preauth]
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17380]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session closed for user root
Jun 23 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17456]: Successful su for rubyman by root
Jun 23 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17456]: + ??? root:rubyman
Jun 23 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579051 of user rubyman.
Jun 23 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17456]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579051.
Jun 23 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Invalid user rdpuser from 176.65.139.218
Jun 23 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session closed for user root
Jun 23 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17379]: pam_unix(cron:session): session closed for user root
Jun 23 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Failed password for invalid user rdpuser from 176.65.139.218 port 53272 ssh2
Jun 23 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17537]: Connection closed by 176.65.139.218 port 53272 [preauth]
Jun 23 19:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17735]: Invalid user dmdba from 176.65.139.218
Jun 23 19:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17735]: input_userauth_request: invalid user dmdba [preauth]
Jun 23 19:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17735]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17735]: Failed password for invalid user dmdba from 176.65.139.218 port 44076 ssh2
Jun 23 19:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17735]: Connection closed by 176.65.139.218 port 44076 [preauth]
Jun 23 19:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Invalid user arthur from 176.65.139.218
Jun 23 19:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: input_userauth_request: invalid user arthur [preauth]
Jun 23 19:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Failed password for invalid user arthur from 176.65.139.218 port 44148 ssh2
Jun 23 19:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Connection closed by 176.65.139.218 port 44148 [preauth]
Jun 23 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Invalid user trinity from 176.65.139.218
Jun 23 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: input_userauth_request: invalid user trinity [preauth]
Jun 23 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Failed password for invalid user trinity from 176.65.139.218 port 47888 ssh2
Jun 23 19:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Connection closed by 176.65.139.218 port 47888 [preauth]
Jun 23 19:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: Invalid user tester from 176.65.139.218
Jun 23 19:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: input_userauth_request: invalid user tester [preauth]
Jun 23 19:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: Failed password for invalid user tester from 176.65.139.218 port 34570 ssh2
Jun 23 19:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: Connection closed by 176.65.139.218 port 34570 [preauth]
Jun 23 19:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: Invalid user claude from 176.65.139.218
Jun 23 19:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: input_userauth_request: invalid user claude [preauth]
Jun 23 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16425]: pam_unix(cron:session): session closed for user root
Jun 23 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: Failed password for invalid user claude from 176.65.139.218 port 34654 ssh2
Jun 23 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: Connection closed by 176.65.139.218 port 34654 [preauth]
Jun 23 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17869]: Invalid user root1 from 176.65.139.218
Jun 23 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17869]: input_userauth_request: invalid user root1 [preauth]
Jun 23 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17869]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: Invalid user developer from 91.92.40.11
Jun 23 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17869]: Failed password for invalid user root1 from 176.65.139.218 port 51734 ssh2
Jun 23 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: Failed password for invalid user developer from 91.92.40.11 port 54416 ssh2
Jun 23 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17869]: Connection closed by 176.65.139.218 port 51734 [preauth]
Jun 23 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: Connection closed by 91.92.40.11 port 54416 [preauth]
Jun 23 19:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: Invalid user teamspeak from 176.65.139.218
Jun 23 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: Failed password for invalid user teamspeak from 176.65.139.218 port 51788 ssh2
Jun 23 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: Connection closed by 176.65.139.218 port 51788 [preauth]
Jun 23 19:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166  user=root
Jun 23 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Invalid user potok from 176.65.139.218
Jun 23 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: input_userauth_request: invalid user potok [preauth]
Jun 23 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Failed password for root from 104.208.108.166 port 28824 ssh2
Jun 23 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Received disconnect from 104.208.108.166 port 28824:11: Bye Bye [preauth]
Jun 23 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Disconnected from 104.208.108.166 port 28824 [preauth]
Jun 23 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Failed password for invalid user potok from 176.65.139.218 port 46580 ssh2
Jun 23 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Connection closed by 176.65.139.218 port 46580 [preauth]
Jun 23 19:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17922]: Failed password for root from 176.65.139.218 port 46978 ssh2
Jun 23 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17922]: Connection closed by 176.65.139.218 port 46978 [preauth]
Jun 23 19:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17937]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18007]: Successful su for rubyman by root
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18007]: + ??? root:rubyman
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579056 of user rubyman.
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18007]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579056.
Jun 23 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Failed password for root from 80.66.85.226 port 41320 ssh2
Jun 23 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Connection closed by 80.66.85.226 port 41320 [preauth]
Jun 23 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Failed password for invalid user ubuntu from 176.65.139.218 port 47018 ssh2
Jun 23 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Connection closed by 176.65.139.218 port 47018 [preauth]
Jun 23 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15080]: pam_unix(cron:session): session closed for user root
Jun 23 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17938]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: Invalid user admin from 176.65.139.218
Jun 23 19:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 19:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: Failed password for invalid user admin from 176.65.139.218 port 57306 ssh2
Jun 23 19:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: Connection closed by 176.65.139.218 port 57306 [preauth]
Jun 23 19:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18215]: Failed password for root from 103.153.68.219 port 47900 ssh2
Jun 23 19:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18215]: Connection closed by 103.153.68.219 port 47900 [preauth]
Jun 23 19:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Invalid user frappe from 176.65.139.218
Jun 23 19:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: input_userauth_request: invalid user frappe [preauth]
Jun 23 19:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Failed password for invalid user frappe from 176.65.139.218 port 57360 ssh2
Jun 23 19:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Connection closed by 176.65.139.218 port 57360 [preauth]
Jun 23 19:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: Invalid user minecraft from 176.65.139.218
Jun 23 19:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: Failed password for invalid user minecraft from 176.65.139.218 port 39256 ssh2
Jun 23 19:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: Connection closed by 176.65.139.218 port 39256 [preauth]
Jun 23 19:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: Invalid user gabriel from 176.65.139.218
Jun 23 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: input_userauth_request: invalid user gabriel [preauth]
Jun 23 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: Failed password for invalid user gabriel from 176.65.139.218 port 39420 ssh2
Jun 23 19:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: Connection closed by 176.65.139.218 port 39420 [preauth]
Jun 23 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16858]: pam_unix(cron:session): session closed for user root
Jun 23 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Failed password for root from 176.65.139.218 port 39472 ssh2
Jun 23 19:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Connection closed by 176.65.139.218 port 39472 [preauth]
Jun 23 19:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Invalid user nikola from 115.178.75.243
Jun 23 19:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: input_userauth_request: invalid user nikola [preauth]
Jun 23 19:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Failed password for invalid user nikola from 115.178.75.243 port 34130 ssh2
Jun 23 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Received disconnect from 115.178.75.243 port 34130:11: Bye Bye [preauth]
Jun 23 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Disconnected from 115.178.75.243 port 34130 [preauth]
Jun 23 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: Invalid user student from 176.65.139.218
Jun 23 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: input_userauth_request: invalid user student [preauth]
Jun 23 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: Failed password for invalid user student from 176.65.139.218 port 50762 ssh2
Jun 23 19:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18339]: Connection closed by 176.65.139.218 port 50762 [preauth]
Jun 23 19:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: Invalid user lighthouse from 176.65.139.218
Jun 23 19:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: input_userauth_request: invalid user lighthouse [preauth]
Jun 23 19:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: Failed password for invalid user lighthouse from 176.65.139.218 port 37162 ssh2
Jun 23 19:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: Connection closed by 176.65.139.218 port 37162 [preauth]
Jun 23 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Invalid user user from 176.65.139.218
Jun 23 19:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: input_userauth_request: invalid user user [preauth]
Jun 23 19:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Failed password for invalid user user from 176.65.139.218 port 37216 ssh2
Jun 23 19:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Connection closed by 176.65.139.218 port 37216 [preauth]
Jun 23 19:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: Invalid user splunk from 176.65.139.218
Jun 23 19:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: input_userauth_request: invalid user splunk [preauth]
Jun 23 19:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: Failed password for invalid user splunk from 176.65.139.218 port 41282 ssh2
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18409]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18404]: Connection closed by 176.65.139.218 port 41282 [preauth]
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18540]: Successful su for rubyman by root
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18540]: + ??? root:rubyman
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579059 of user rubyman.
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18540]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579059.
Jun 23 19:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session closed for user root
Jun 23 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Invalid user developer from 91.92.40.11
Jun 23 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18410]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Failed password for invalid user developer from 91.92.40.11 port 39844 ssh2
Jun 23 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Connection closed by 91.92.40.11 port 39844 [preauth]
Jun 23 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: Failed password for root from 176.65.139.218 port 41318 ssh2
Jun 23 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: Connection closed by 176.65.139.218 port 41318 [preauth]
Jun 23 19:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18743]: Invalid user runner from 176.65.139.218
Jun 23 19:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18743]: input_userauth_request: invalid user runner [preauth]
Jun 23 19:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18743]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18743]: Failed password for invalid user runner from 176.65.139.218 port 56316 ssh2
Jun 23 19:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18743]: Connection closed by 176.65.139.218 port 56316 [preauth]
Jun 23 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: Invalid user user from 176.65.139.218
Jun 23 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: input_userauth_request: invalid user user [preauth]
Jun 23 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: Failed password for invalid user user from 176.65.139.218 port 56390 ssh2
Jun 23 19:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: Connection closed by 176.65.139.218 port 56390 [preauth]
Jun 23 19:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Failed password for root from 176.65.139.218 port 43794 ssh2
Jun 23 19:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Connection closed by 176.65.139.218 port 43794 [preauth]
Jun 23 19:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: Failed password for root from 176.65.139.218 port 43808 ssh2
Jun 23 19:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: Connection closed by 176.65.139.218 port 43808 [preauth]
Jun 23 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Failed password for root from 176.65.139.218 port 39974 ssh2
Jun 23 19:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Connection closed by 176.65.139.218 port 39974 [preauth]
Jun 23 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: Invalid user user from 176.65.139.218
Jun 23 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: input_userauth_request: invalid user user [preauth]
Jun 23 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session closed for user root
Jun 23 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: Failed password for invalid user user from 176.65.139.218 port 39982 ssh2
Jun 23 19:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: Connection closed by 176.65.139.218 port 39982 [preauth]
Jun 23 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: Failed password for root from 176.65.139.218 port 52480 ssh2
Jun 23 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: Connection closed by 176.65.139.218 port 52480 [preauth]
Jun 23 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166  user=root
Jun 23 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Invalid user sftpuser from 176.65.139.218
Jun 23 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: input_userauth_request: invalid user sftpuser [preauth]
Jun 23 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Failed password for root from 104.208.108.166 port 57342 ssh2
Jun 23 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Received disconnect from 104.208.108.166 port 57342:11: Bye Bye [preauth]
Jun 23 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Disconnected from 104.208.108.166 port 57342 [preauth]
Jun 23 19:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Failed password for invalid user sftpuser from 176.65.139.218 port 52528 ssh2
Jun 23 19:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Connection closed by 176.65.139.218 port 52528 [preauth]
Jun 23 19:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Invalid user plex from 176.65.139.218
Jun 23 19:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: input_userauth_request: invalid user plex [preauth]
Jun 23 19:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Failed password for invalid user plex from 176.65.139.218 port 38752 ssh2
Jun 23 19:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Connection closed by 176.65.139.218 port 38752 [preauth]
Jun 23 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: Invalid user minecraft from 176.65.139.218
Jun 23 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 19:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: Failed password for invalid user minecraft from 176.65.139.218 port 38788 ssh2
Jun 23 19:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: Connection closed by 176.65.139.218 port 38788 [preauth]
Jun 23 19:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18925]: Invalid user nagios from 176.65.139.218
Jun 23 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18925]: input_userauth_request: invalid user nagios [preauth]
Jun 23 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18925]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18925]: Failed password for invalid user nagios from 176.65.139.218 port 38826 ssh2
Jun 23 19:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18925]: Connection closed by 176.65.139.218 port 38826 [preauth]
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18938]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18999]: Successful su for rubyman by root
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18999]: + ??? root:rubyman
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: Invalid user ftpuser from 176.65.139.218
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18999]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579065 of user rubyman.
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579065.
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Invalid user admin from 2.57.121.25
Jun 23 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: Failed password for invalid user ftpuser from 176.65.139.218 port 33644 ssh2
Jun 23 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: Connection closed by 176.65.139.218 port 33644 [preauth]
Jun 23 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16017]: pam_unix(cron:session): session closed for user root
Jun 23 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Failed password for invalid user admin from 2.57.121.25 port 25336 ssh2
Jun 23 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18939]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Invalid user mohammad from 176.65.139.218
Jun 23 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: input_userauth_request: invalid user mohammad [preauth]
Jun 23 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Failed password for invalid user admin from 2.57.121.25 port 25336 ssh2
Jun 23 19:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Failed password for invalid user mohammad from 176.65.139.218 port 33196 ssh2
Jun 23 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Connection closed by 176.65.139.218 port 33196 [preauth]
Jun 23 19:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Failed password for invalid user admin from 2.57.121.25 port 25336 ssh2
Jun 23 19:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Connection closed by 2.57.121.25 port 25336 [preauth]
Jun 23 19:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 19:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: Invalid user odoo18 from 176.65.139.218
Jun 23 19:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: input_userauth_request: invalid user odoo18 [preauth]
Jun 23 19:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: Failed password for invalid user odoo18 from 176.65.139.218 port 33242 ssh2
Jun 23 19:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: Connection closed by 176.65.139.218 port 33242 [preauth]
Jun 23 19:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19312]: Invalid user core from 176.65.139.218
Jun 23 19:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19312]: input_userauth_request: invalid user core [preauth]
Jun 23 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19312]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19312]: Failed password for invalid user core from 176.65.139.218 port 55484 ssh2
Jun 23 19:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19312]: Connection closed by 176.65.139.218 port 55484 [preauth]
Jun 23 19:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: Invalid user kipt from 176.65.139.218
Jun 23 19:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: input_userauth_request: invalid user kipt [preauth]
Jun 23 19:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: Failed password for invalid user kipt from 176.65.139.218 port 55596 ssh2
Jun 23 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: Connection closed by 176.65.139.218 port 55596 [preauth]
Jun 23 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19346]: Invalid user developer from 91.92.40.11
Jun 23 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19346]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19346]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19346]: Failed password for invalid user developer from 91.92.40.11 port 35082 ssh2
Jun 23 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19346]: Connection closed by 91.92.40.11 port 35082 [preauth]
Jun 23 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session closed for user root
Jun 23 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: Failed password for root from 176.65.139.218 port 56186 ssh2
Jun 23 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: Connection closed by 176.65.139.218 port 56186 [preauth]
Jun 23 19:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19391]: Invalid user drone from 115.178.75.243
Jun 23 19:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19391]: input_userauth_request: invalid user drone [preauth]
Jun 23 19:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19391]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: Failed password for root from 176.65.139.218 port 46098 ssh2
Jun 23 19:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: Connection closed by 176.65.139.218 port 46098 [preauth]
Jun 23 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19391]: Failed password for invalid user drone from 115.178.75.243 port 45386 ssh2
Jun 23 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19391]: Received disconnect from 115.178.75.243 port 45386:11: Bye Bye [preauth]
Jun 23 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19391]: Disconnected from 115.178.75.243 port 45386 [preauth]
Jun 23 19:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: Invalid user ubnt from 193.46.255.86
Jun 23 19:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: input_userauth_request: invalid user ubnt [preauth]
Jun 23 19:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 19:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: Failed password for invalid user ubnt from 193.46.255.86 port 20334 ssh2
Jun 23 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19419]: Failed password for root from 176.65.139.218 port 46146 ssh2
Jun 23 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19419]: Connection closed by 176.65.139.218 port 46146 [preauth]
Jun 23 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: Failed password for invalid user ubnt from 193.46.255.86 port 20334 ssh2
Jun 23 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: Failed password for invalid user ubnt from 193.46.255.86 port 20334 ssh2
Jun 23 19:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: Connection closed by 193.46.255.86 port 20334 [preauth]
Jun 23 19:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: Invalid user sam from 176.65.139.218
Jun 23 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: input_userauth_request: invalid user sam [preauth]
Jun 23 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: Failed password for invalid user sam from 176.65.139.218 port 53090 ssh2
Jun 23 19:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: Connection closed by 176.65.139.218 port 53090 [preauth]
Jun 23 19:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: Invalid user ansible from 176.65.139.218
Jun 23 19:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: input_userauth_request: invalid user ansible [preauth]
Jun 23 19:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: Failed password for invalid user ansible from 176.65.139.218 port 45438 ssh2
Jun 23 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19445]: Connection closed by 176.65.139.218 port 45438 [preauth]
Jun 23 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19772]: Successful su for rubyman by root
Jun 23 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19772]: + ??? root:rubyman
Jun 23 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579067 of user rubyman.
Jun 23 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19772]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579067.
Jun 23 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19453]: pam_unix(cron:session): session closed for user root
Jun 23 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16424]: pam_unix(cron:session): session closed for user root
Jun 23 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: User mysql from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: input_userauth_request: invalid user mysql [preauth]
Jun 23 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=mysql
Jun 23 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: Failed password for invalid user mysql from 176.65.139.218 port 45464 ssh2
Jun 23 19:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: Connection closed by 176.65.139.218 port 45464 [preauth]
Jun 23 19:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: Invalid user andre from 65.21.150.20
Jun 23 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: input_userauth_request: invalid user andre [preauth]
Jun 23 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Invalid user user from 176.65.139.218
Jun 23 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: input_userauth_request: invalid user user [preauth]
Jun 23 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: Failed password for invalid user andre from 65.21.150.20 port 42586 ssh2
Jun 23 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: Received disconnect from 65.21.150.20 port 42586:11: Bye Bye [preauth]
Jun 23 19:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: Disconnected from 65.21.150.20 port 42586 [preauth]
Jun 23 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Failed password for invalid user user from 176.65.139.218 port 52066 ssh2
Jun 23 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Connection closed by 176.65.139.218 port 52066 [preauth]
Jun 23 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Invalid user alex from 176.65.139.218
Jun 23 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: input_userauth_request: invalid user alex [preauth]
Jun 23 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Received disconnect from 74.48.105.66 port 40842:11: disconnected by user [preauth]
Jun 23 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Disconnected from 74.48.105.66 port 40842 [preauth]
Jun 23 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Failed password for invalid user alex from 176.65.139.218 port 53402 ssh2
Jun 23 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Connection closed by 176.65.139.218 port 53402 [preauth]
Jun 23 19:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20054]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20054]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20054]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20054]: Failed password for invalid user ubuntu from 176.65.139.218 port 53460 ssh2
Jun 23 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20054]: Connection closed by 176.65.139.218 port 53460 [preauth]
Jun 23 19:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: Failed password for root from 176.65.139.218 port 55576 ssh2
Jun 23 19:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: Connection closed by 176.65.139.218 port 55576 [preauth]
Jun 23 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18476]: pam_unix(cron:session): session closed for user root
Jun 23 19:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Invalid user administrator from 104.208.108.166
Jun 23 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: input_userauth_request: invalid user administrator [preauth]
Jun 23 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Invalid user admin from 176.65.139.218
Jun 23 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Failed password for invalid user administrator from 104.208.108.166 port 15950 ssh2
Jun 23 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Received disconnect from 104.208.108.166 port 15950:11: Bye Bye [preauth]
Jun 23 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Disconnected from 104.208.108.166 port 15950 [preauth]
Jun 23 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Failed password for invalid user admin from 176.65.139.218 port 55658 ssh2
Jun 23 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Connection closed by 176.65.139.218 port 55658 [preauth]
Jun 23 19:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: Failed password for invalid user ubuntu from 176.65.139.218 port 55240 ssh2
Jun 23 19:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: Connection closed by 176.65.139.218 port 55240 [preauth]
Jun 23 19:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20244]: Failed password for root from 176.65.139.218 port 42924 ssh2
Jun 23 19:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20244]: Connection closed by 176.65.139.218 port 42924 [preauth]
Jun 23 19:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Failed password for root from 176.65.139.218 port 43020 ssh2
Jun 23 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Connection closed by 176.65.139.218 port 43020 [preauth]
Jun 23 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: Invalid user developer from 91.92.40.11
Jun 23 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: Failed password for invalid user developer from 91.92.40.11 port 40256 ssh2
Jun 23 19:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: Invalid user appuser from 176.65.139.218
Jun 23 19:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: input_userauth_request: invalid user appuser [preauth]
Jun 23 19:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: Connection closed by 91.92.40.11 port 40256 [preauth]
Jun 23 19:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20274]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20278]: pam_unix(cron:session): session closed for user root
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20273]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: Successful su for rubyman by root
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: + ??? root:rubyman
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579075 of user rubyman.
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579075.
Jun 23 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: Failed password for invalid user appuser from 176.65.139.218 port 41538 ssh2
Jun 23 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: Connection closed by 176.65.139.218 port 41538 [preauth]
Jun 23 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20275]: pam_unix(cron:session): session closed for user root
Jun 23 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16857]: pam_unix(cron:session): session closed for user root
Jun 23 19:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Invalid user system from 176.65.139.218
Jun 23 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: input_userauth_request: invalid user system [preauth]
Jun 23 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20274]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Failed password for invalid user system from 176.65.139.218 port 41574 ssh2
Jun 23 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Connection closed by 176.65.139.218 port 41574 [preauth]
Jun 23 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Failed password for root from 176.65.139.218 port 51454 ssh2
Jun 23 19:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Connection closed by 176.65.139.218 port 51454 [preauth]
Jun 23 19:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Invalid user master from 176.65.139.218
Jun 23 19:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: input_userauth_request: invalid user master [preauth]
Jun 23 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Failed password for invalid user master from 176.65.139.218 port 52928 ssh2
Jun 23 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Connection closed by 176.65.139.218 port 52928 [preauth]
Jun 23 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: Invalid user master from 176.65.139.218
Jun 23 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: input_userauth_request: invalid user master [preauth]
Jun 23 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: Failed password for invalid user master from 176.65.139.218 port 53014 ssh2
Jun 23 19:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: Connection closed by 176.65.139.218 port 53014 [preauth]
Jun 23 19:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Failed password for root from 176.65.139.218 port 58686 ssh2
Jun 23 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Connection closed by 176.65.139.218 port 58686 [preauth]
Jun 23 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18942]: pam_unix(cron:session): session closed for user root
Jun 23 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: Invalid user frappe from 176.65.139.218
Jun 23 19:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: input_userauth_request: invalid user frappe [preauth]
Jun 23 19:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: Failed password for invalid user frappe from 176.65.139.218 port 58730 ssh2
Jun 23 19:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20751]: Connection closed by 176.65.139.218 port 58730 [preauth]
Jun 23 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: Invalid user deploy from 176.65.139.218
Jun 23 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: Failed password for invalid user deploy from 176.65.139.218 port 52800 ssh2
Jun 23 19:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: Connection closed by 176.65.139.218 port 52800 [preauth]
Jun 23 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Failed password for root from 176.65.139.218 port 54578 ssh2
Jun 23 19:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Connection closed by 176.65.139.218 port 54578 [preauth]
Jun 23 19:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: Invalid user webserver from 115.178.75.243
Jun 23 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: input_userauth_request: invalid user webserver [preauth]
Jun 23 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20817]: Invalid user developer from 176.65.139.218
Jun 23 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20817]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20817]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: Failed password for invalid user webserver from 115.178.75.243 port 56668 ssh2
Jun 23 19:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: Received disconnect from 115.178.75.243 port 56668:11: Bye Bye [preauth]
Jun 23 19:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: Disconnected from 115.178.75.243 port 56668 [preauth]
Jun 23 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20817]: Failed password for invalid user developer from 176.65.139.218 port 54632 ssh2
Jun 23 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20817]: Connection closed by 176.65.139.218 port 54632 [preauth]
Jun 23 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20841]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Failed password for root from 176.65.139.218 port 60476 ssh2
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20914]: Successful su for rubyman by root
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20914]: + ??? root:rubyman
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579080 of user rubyman.
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20914]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579080.
Jun 23 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Connection closed by 176.65.139.218 port 60476 [preauth]
Jun 23 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17380]: pam_unix(cron:session): session closed for user root
Jun 23 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20842]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Failed password for root from 176.65.139.218 port 60518 ssh2
Jun 23 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Connection closed by 176.65.139.218 port 60518 [preauth]
Jun 23 19:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: Invalid user esadmin from 95.58.255.251
Jun 23 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: input_userauth_request: invalid user esadmin [preauth]
Jun 23 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: Invalid user frappe from 176.65.139.218
Jun 23 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: input_userauth_request: invalid user frappe [preauth]
Jun 23 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: Failed password for invalid user esadmin from 95.58.255.251 port 35126 ssh2
Jun 23 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: Failed password for invalid user frappe from 176.65.139.218 port 59670 ssh2
Jun 23 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: Received disconnect from 95.58.255.251 port 35126:11: Bye Bye [preauth]
Jun 23 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: Disconnected from 95.58.255.251 port 35126 [preauth]
Jun 23 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: Connection closed by 176.65.139.218 port 59670 [preauth]
Jun 23 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: Invalid user debian from 176.65.139.218
Jun 23 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: Failed password for invalid user debian from 176.65.139.218 port 51544 ssh2
Jun 23 19:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: Connection closed by 176.65.139.218 port 51544 [preauth]
Jun 23 19:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20  user=root
Jun 23 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: Invalid user minecraft from 176.65.139.218
Jun 23 19:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 19:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: Failed password for root from 65.21.150.20 port 45112 ssh2
Jun 23 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: Received disconnect from 65.21.150.20 port 45112:11: Bye Bye [preauth]
Jun 23 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: Disconnected from 65.21.150.20 port 45112 [preauth]
Jun 23 19:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: Failed password for invalid user minecraft from 176.65.139.218 port 51602 ssh2
Jun 23 19:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: Connection closed by 176.65.139.218 port 51602 [preauth]
Jun 23 19:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: Invalid user developer from 91.92.40.11
Jun 23 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: Invalid user sam from 176.65.139.218
Jun 23 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: input_userauth_request: invalid user sam [preauth]
Jun 23 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: Failed password for invalid user developer from 91.92.40.11 port 54184 ssh2
Jun 23 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: Connection closed by 91.92.40.11 port 54184 [preauth]
Jun 23 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: Invalid user ftpuser2 from 104.208.108.166
Jun 23 19:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: input_userauth_request: invalid user ftpuser2 [preauth]
Jun 23 19:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: Failed password for invalid user sam from 176.65.139.218 port 57476 ssh2
Jun 23 19:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: Connection closed by 176.65.139.218 port 57476 [preauth]
Jun 23 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: Failed password for invalid user ftpuser2 from 104.208.108.166 port 50456 ssh2
Jun 23 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: Received disconnect from 104.208.108.166 port 50456:11: Bye Bye [preauth]
Jun 23 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21182]: Disconnected from 104.208.108.166 port 50456 [preauth]
Jun 23 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19458]: pam_unix(cron:session): session closed for user root
Jun 23 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Failed password for root from 176.65.139.218 port 57540 ssh2
Jun 23 19:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Connection closed by 176.65.139.218 port 57540 [preauth]
Jun 23 19:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Invalid user user from 176.65.139.218
Jun 23 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: input_userauth_request: invalid user user [preauth]
Jun 23 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Failed password for invalid user user from 176.65.139.218 port 38972 ssh2
Jun 23 19:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Connection closed by 176.65.139.218 port 38972 [preauth]
Jun 23 19:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: Failed password for root from 176.65.139.218 port 38180 ssh2
Jun 23 19:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: Connection closed by 176.65.139.218 port 38180 [preauth]
Jun 23 19:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Invalid user admin from 176.65.139.218
Jun 23 19:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Failed password for invalid user admin from 176.65.139.218 port 38252 ssh2
Jun 23 19:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Connection closed by 176.65.139.218 port 38252 [preauth]
Jun 23 19:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21281]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: Successful su for rubyman by root
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: + ??? root:rubyman
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579085 of user rubyman.
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579085.
Jun 23 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21278]: Failed password for root from 176.65.139.218 port 34442 ssh2
Jun 23 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21278]: Connection closed by 176.65.139.218 port 34442 [preauth]
Jun 23 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session closed for user root
Jun 23 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21282]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: Failed password for root from 176.65.139.218 port 34516 ssh2
Jun 23 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: Connection closed by 176.65.139.218 port 34516 [preauth]
Jun 23 19:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Invalid user user from 176.65.139.218
Jun 23 19:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: input_userauth_request: invalid user user [preauth]
Jun 23 19:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Failed password for invalid user user from 176.65.139.218 port 35110 ssh2
Jun 23 19:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Connection closed by 176.65.139.218 port 35110 [preauth]
Jun 23 19:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Failed password for root from 176.65.139.218 port 52146 ssh2
Jun 23 19:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Connection closed by 176.65.139.218 port 52146 [preauth]
Jun 23 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: Invalid user hduser from 176.65.139.218
Jun 23 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: input_userauth_request: invalid user hduser [preauth]
Jun 23 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: Failed password for invalid user hduser from 176.65.139.218 port 52216 ssh2
Jun 23 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: Connection closed by 176.65.139.218 port 52216 [preauth]
Jun 23 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: Invalid user ai from 176.65.139.218
Jun 23 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: input_userauth_request: invalid user ai [preauth]
Jun 23 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: Failed password for invalid user ai from 176.65.139.218 port 34302 ssh2
Jun 23 19:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: Connection closed by 176.65.139.218 port 34302 [preauth]
Jun 23 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session closed for user root
Jun 23 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Invalid user tester from 176.65.139.218
Jun 23 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: input_userauth_request: invalid user tester [preauth]
Jun 23 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Failed password for invalid user tester from 176.65.139.218 port 34384 ssh2
Jun 23 19:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Connection closed by 176.65.139.218 port 34384 [preauth]
Jun 23 19:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: Invalid user gabriel from 176.65.139.218
Jun 23 19:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: input_userauth_request: invalid user gabriel [preauth]
Jun 23 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: Failed password for invalid user gabriel from 176.65.139.218 port 38466 ssh2
Jun 23 19:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: Connection closed by 176.65.139.218 port 38466 [preauth]
Jun 23 19:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Invalid user pi from 176.65.139.218
Jun 23 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: input_userauth_request: invalid user pi [preauth]
Jun 23 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Failed password for invalid user pi from 176.65.139.218 port 38514 ssh2
Jun 23 19:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Connection closed by 176.65.139.218 port 38514 [preauth]
Jun 23 19:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21711]: Invalid user tom from 176.65.139.218
Jun 23 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21711]: input_userauth_request: invalid user tom [preauth]
Jun 23 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21711]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21711]: Failed password for invalid user tom from 176.65.139.218 port 33304 ssh2
Jun 23 19:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21711]: Connection closed by 176.65.139.218 port 33304 [preauth]
Jun 23 19:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: Invalid user developer from 176.65.139.218
Jun 23 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: Failed password for invalid user developer from 176.65.139.218 port 33356 ssh2
Jun 23 19:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: Connection closed by 176.65.139.218 port 33356 [preauth]
Jun 23 19:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Invalid user developer from 91.92.40.11
Jun 23 19:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251  user=root
Jun 23 19:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21736]: Invalid user adminuser from 176.65.139.218
Jun 23 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21736]: input_userauth_request: invalid user adminuser [preauth]
Jun 23 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21736]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Failed password for invalid user developer from 91.92.40.11 port 43964 ssh2
Jun 23 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Failed password for root from 95.58.255.251 port 44372 ssh2
Jun 23 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Connection closed by 91.92.40.11 port 43964 [preauth]
Jun 23 19:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Received disconnect from 95.58.255.251 port 44372:11: Bye Bye [preauth]
Jun 23 19:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Disconnected from 95.58.255.251 port 44372 [preauth]
Jun 23 19:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Invalid user ftpuser2 from 115.178.75.243
Jun 23 19:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: input_userauth_request: invalid user ftpuser2 [preauth]
Jun 23 19:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21736]: Failed password for invalid user adminuser from 176.65.139.218 port 52012 ssh2
Jun 23 19:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21736]: Connection closed by 176.65.139.218 port 52012 [preauth]
Jun 23 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Failed password for invalid user ftpuser2 from 115.178.75.243 port 39706 ssh2
Jun 23 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21745]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Received disconnect from 115.178.75.243 port 39706:11: Bye Bye [preauth]
Jun 23 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Disconnected from 115.178.75.243 port 39706 [preauth]
Jun 23 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21815]: Successful su for rubyman by root
Jun 23 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21815]: + ??? root:rubyman
Jun 23 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579086 of user rubyman.
Jun 23 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21815]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579086.
Jun 23 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18411]: pam_unix(cron:session): session closed for user root
Jun 23 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21835]: Failed password for root from 176.65.139.218 port 52048 ssh2
Jun 23 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21835]: Connection closed by 176.65.139.218 port 52048 [preauth]
Jun 23 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21746]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: Invalid user karel from 176.65.139.218
Jun 23 19:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: input_userauth_request: invalid user karel [preauth]
Jun 23 19:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: Failed password for invalid user karel from 176.65.139.218 port 39080 ssh2
Jun 23 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: Connection closed by 176.65.139.218 port 39080 [preauth]
Jun 23 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: Invalid user dev from 176.65.139.218
Jun 23 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: input_userauth_request: invalid user dev [preauth]
Jun 23 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: Failed password for invalid user dev from 176.65.139.218 port 39160 ssh2
Jun 23 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: Connection closed by 176.65.139.218 port 39160 [preauth]
Jun 23 19:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Failed password for root from 176.65.139.218 port 38572 ssh2
Jun 23 19:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Connection closed by 176.65.139.218 port 38572 [preauth]
Jun 23 19:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22036]: Invalid user yuriy from 104.208.108.166
Jun 23 19:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22036]: input_userauth_request: invalid user yuriy [preauth]
Jun 23 19:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22036]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22036]: Failed password for invalid user yuriy from 104.208.108.166 port 37810 ssh2
Jun 23 19:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22036]: Received disconnect from 104.208.108.166 port 37810:11: Bye Bye [preauth]
Jun 23 19:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22036]: Disconnected from 104.208.108.166 port 37810 [preauth]
Jun 23 19:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: Failed password for root from 176.65.139.218 port 38042 ssh2
Jun 23 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: Connection closed by 176.65.139.218 port 38042 [preauth]
Jun 23 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20  user=root
Jun 23 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: Failed password for root from 65.21.150.20 port 49306 ssh2
Jun 23 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: Received disconnect from 65.21.150.20 port 49306:11: Bye Bye [preauth]
Jun 23 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: Disconnected from 65.21.150.20 port 49306 [preauth]
Jun 23 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20845]: pam_unix(cron:session): session closed for user root
Jun 23 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: Invalid user gary from 176.65.139.218
Jun 23 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: input_userauth_request: invalid user gary [preauth]
Jun 23 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: Failed password for invalid user gary from 176.65.139.218 port 38086 ssh2
Jun 23 19:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: Connection closed by 176.65.139.218 port 38086 [preauth]
Jun 23 19:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Invalid user webuser from 176.65.139.218
Jun 23 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: input_userauth_request: invalid user webuser [preauth]
Jun 23 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Failed password for invalid user webuser from 176.65.139.218 port 47548 ssh2
Jun 23 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Connection closed by 176.65.139.218 port 47548 [preauth]
Jun 23 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Invalid user guest from 176.65.139.218
Jun 23 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: input_userauth_request: invalid user guest [preauth]
Jun 23 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Failed password for invalid user guest from 176.65.139.218 port 47604 ssh2
Jun 23 19:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Connection closed by 176.65.139.218 port 47604 [preauth]
Jun 23 19:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: Invalid user username from 176.65.139.218
Jun 23 19:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: input_userauth_request: invalid user username [preauth]
Jun 23 19:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: Failed password for invalid user username from 176.65.139.218 port 51636 ssh2
Jun 23 19:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: Connection closed by 176.65.139.218 port 51636 [preauth]
Jun 23 19:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: Invalid user postgres from 176.65.139.218
Jun 23 19:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: input_userauth_request: invalid user postgres [preauth]
Jun 23 19:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: Failed password for invalid user postgres from 176.65.139.218 port 51724 ssh2
Jun 23 19:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: Connection closed by 176.65.139.218 port 51724 [preauth]
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22177]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22240]: Successful su for rubyman by root
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22240]: + ??? root:rubyman
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579090 of user rubyman.
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22240]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579090.
Jun 23 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18941]: pam_unix(cron:session): session closed for user root
Jun 23 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Failed password for root from 176.65.139.218 port 41582 ssh2
Jun 23 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Connection closed by 176.65.139.218 port 41582 [preauth]
Jun 23 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22178]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 19:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Failed password for root from 141.98.83.240 port 3402 ssh2
Jun 23 19:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: Invalid user devuser from 176.65.139.218
Jun 23 19:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: input_userauth_request: invalid user devuser [preauth]
Jun 23 19:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Failed password for root from 141.98.83.240 port 3402 ssh2
Jun 23 19:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: Failed password for invalid user devuser from 176.65.139.218 port 32998 ssh2
Jun 23 19:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: Connection closed by 176.65.139.218 port 32998 [preauth]
Jun 23 19:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Failed password for root from 141.98.83.240 port 3402 ssh2
Jun 23 19:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Connection closed by 141.98.83.240 port 3402 [preauth]
Jun 23 19:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 19:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: Failed password for root from 176.65.139.218 port 33038 ssh2
Jun 23 19:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22539]: Connection closed by 176.65.139.218 port 33038 [preauth]
Jun 23 19:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: Invalid user nutanix from 176.65.139.218
Jun 23 19:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: input_userauth_request: invalid user nutanix [preauth]
Jun 23 19:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: Failed password for invalid user nutanix from 176.65.139.218 port 43368 ssh2
Jun 23 19:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: Connection closed by 176.65.139.218 port 43368 [preauth]
Jun 23 19:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Invalid user developer from 91.92.40.11
Jun 23 19:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user developer from 91.92.40.11 port 50580 ssh2
Jun 23 19:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Connection closed by 91.92.40.11 port 50580 [preauth]
Jun 23 19:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22586]: Failed password for root from 176.65.139.218 port 42480 ssh2
Jun 23 19:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22586]: Connection closed by 176.65.139.218 port 42480 [preauth]
Jun 23 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21284]: pam_unix(cron:session): session closed for user root
Jun 23 19:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: Failed password for root from 176.65.139.218 port 42538 ssh2
Jun 23 19:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: Connection closed by 176.65.139.218 port 42538 [preauth]
Jun 23 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Invalid user yan from 95.58.255.251
Jun 23 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: input_userauth_request: invalid user yan [preauth]
Jun 23 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Invalid user server from 176.65.139.218
Jun 23 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: input_userauth_request: invalid user server [preauth]
Jun 23 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Failed password for invalid user yan from 95.58.255.251 port 43072 ssh2
Jun 23 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Received disconnect from 95.58.255.251 port 43072:11: Bye Bye [preauth]
Jun 23 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Disconnected from 95.58.255.251 port 43072 [preauth]
Jun 23 19:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Failed password for invalid user server from 176.65.139.218 port 43578 ssh2
Jun 23 19:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Connection closed by 176.65.139.218 port 43578 [preauth]
Jun 23 19:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Failed password for root from 176.65.139.218 port 43816 ssh2
Jun 23 19:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Connection closed by 176.65.139.218 port 43816 [preauth]
Jun 23 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: Failed password for root from 176.65.139.218 port 43924 ssh2
Jun 23 19:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: Connection closed by 176.65.139.218 port 43924 [preauth]
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Invalid user app from 176.65.139.218
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: input_userauth_request: invalid user app [preauth]
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22694]: pam_unix(cron:session): session closed for user root
Jun 23 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22688]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: Successful su for rubyman by root
Jun 23 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: + ??? root:rubyman
Jun 23 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579096 of user rubyman.
Jun 23 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579096.
Jun 23 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Failed password for invalid user app from 176.65.139.218 port 43826 ssh2
Jun 23 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Connection closed by 176.65.139.218 port 43826 [preauth]
Jun 23 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22691]: pam_unix(cron:session): session closed for user root
Jun 23 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19457]: pam_unix(cron:session): session closed for user root
Jun 23 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22689]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: Invalid user steam from 176.65.139.218
Jun 23 19:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: input_userauth_request: invalid user steam [preauth]
Jun 23 19:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: Failed password for invalid user steam from 176.65.139.218 port 40864 ssh2
Jun 23 19:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: Connection closed by 176.65.139.218 port 40864 [preauth]
Jun 23 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22994]: Invalid user ftpuser from 176.65.139.218
Jun 23 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22994]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22994]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: Invalid user user1 from 104.208.108.166
Jun 23 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: input_userauth_request: invalid user user1 [preauth]
Jun 23 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243  user=root
Jun 23 19:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22994]: Failed password for invalid user ftpuser from 176.65.139.218 port 40908 ssh2
Jun 23 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22994]: Connection closed by 176.65.139.218 port 40908 [preauth]
Jun 23 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: Failed password for invalid user user1 from 104.208.108.166 port 16100 ssh2
Jun 23 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: Received disconnect from 104.208.108.166 port 16100:11: Bye Bye [preauth]
Jun 23 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: Disconnected from 104.208.108.166 port 16100 [preauth]
Jun 23 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Failed password for root from 115.178.75.243 port 50990 ssh2
Jun 23 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Received disconnect from 115.178.75.243 port 50990:11: Bye Bye [preauth]
Jun 23 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Disconnected from 115.178.75.243 port 50990 [preauth]
Jun 23 19:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Invalid user guest from 176.65.139.218
Jun 23 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: input_userauth_request: invalid user guest [preauth]
Jun 23 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Failed password for invalid user guest from 176.65.139.218 port 36964 ssh2
Jun 23 19:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Connection closed by 176.65.139.218 port 36964 [preauth]
Jun 23 19:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 19:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Invalid user sam from 176.65.139.218
Jun 23 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: input_userauth_request: invalid user sam [preauth]
Jun 23 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: Failed password for root from 103.27.238.120 port 59170 ssh2
Jun 23 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23026]: Connection closed by 103.27.238.120 port 59170 [preauth]
Jun 23 19:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Failed password for invalid user sam from 176.65.139.218 port 54328 ssh2
Jun 23 19:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Connection closed by 176.65.139.218 port 54328 [preauth]
Jun 23 19:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: Invalid user splunk from 176.65.139.218
Jun 23 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: input_userauth_request: invalid user splunk [preauth]
Jun 23 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session closed for user root
Jun 23 19:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: Failed password for invalid user splunk from 176.65.139.218 port 54370 ssh2
Jun 23 19:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: Connection closed by 176.65.139.218 port 54370 [preauth]
Jun 23 19:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: Invalid user admin from 65.21.150.20
Jun 23 19:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: Failed password for invalid user admin from 65.21.150.20 port 50034 ssh2
Jun 23 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: Received disconnect from 65.21.150.20 port 50034:11: Bye Bye [preauth]
Jun 23 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23090]: Disconnected from 65.21.150.20 port 50034 [preauth]
Jun 23 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: Invalid user wso2 from 176.65.139.218
Jun 23 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: input_userauth_request: invalid user wso2 [preauth]
Jun 23 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: Failed password for invalid user wso2 from 176.65.139.218 port 58066 ssh2
Jun 23 19:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: Connection closed by 176.65.139.218 port 58066 [preauth]
Jun 23 19:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: User vncuser from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: input_userauth_request: invalid user vncuser [preauth]
Jun 23 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=vncuser
Jun 23 19:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: Failed password for invalid user vncuser from 176.65.139.218 port 58134 ssh2
Jun 23 19:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: Connection closed by 176.65.139.218 port 58134 [preauth]
Jun 23 19:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: Invalid user debian from 176.65.139.218
Jun 23 19:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: Failed password for invalid user debian from 176.65.139.218 port 54054 ssh2
Jun 23 19:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: Invalid user developer from 91.92.40.11
Jun 23 19:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: Connection closed by 176.65.139.218 port 54054 [preauth]
Jun 23 19:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: Failed password for invalid user developer from 91.92.40.11 port 49804 ssh2
Jun 23 19:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: Connection closed by 91.92.40.11 port 49804 [preauth]
Jun 23 19:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Invalid user fahmi from 176.65.139.218
Jun 23 19:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: input_userauth_request: invalid user fahmi [preauth]
Jun 23 19:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Failed password for invalid user fahmi from 176.65.139.218 port 40876 ssh2
Jun 23 19:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Connection closed by 176.65.139.218 port 40876 [preauth]
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23225]: Successful su for rubyman by root
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23225]: + ??? root:rubyman
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579100 of user rubyman.
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23225]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579100.
Jun 23 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: Invalid user sam from 176.65.139.218
Jun 23 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: input_userauth_request: invalid user sam [preauth]
Jun 23 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20276]: pam_unix(cron:session): session closed for user root
Jun 23 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: Failed password for invalid user sam from 176.65.139.218 port 40948 ssh2
Jun 23 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23333]: Connection closed by 176.65.139.218 port 40948 [preauth]
Jun 23 19:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23440]: Invalid user aiuser from 176.65.139.218
Jun 23 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23440]: input_userauth_request: invalid user aiuser [preauth]
Jun 23 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23440]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23440]: Failed password for invalid user aiuser from 176.65.139.218 port 47374 ssh2
Jun 23 19:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23440]: Connection closed by 176.65.139.218 port 47374 [preauth]
Jun 23 19:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Invalid user x from 176.65.139.218
Jun 23 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: input_userauth_request: invalid user x [preauth]
Jun 23 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Failed password for invalid user x from 176.65.139.218 port 47438 ssh2
Jun 23 19:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Connection closed by 176.65.139.218 port 47438 [preauth]
Jun 23 19:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: Invalid user test from 176.65.139.218
Jun 23 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: input_userauth_request: invalid user test [preauth]
Jun 23 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Invalid user nikhil from 95.58.255.251
Jun 23 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: input_userauth_request: invalid user nikhil [preauth]
Jun 23 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: Failed password for invalid user test from 176.65.139.218 port 46198 ssh2
Jun 23 19:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: Connection closed by 176.65.139.218 port 46198 [preauth]
Jun 23 19:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Failed password for invalid user nikhil from 95.58.255.251 port 53144 ssh2
Jun 23 19:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Received disconnect from 95.58.255.251 port 53144:11: Bye Bye [preauth]
Jun 23 19:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Disconnected from 95.58.255.251 port 53144 [preauth]
Jun 23 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Invalid user git from 176.65.139.218
Jun 23 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: input_userauth_request: invalid user git [preauth]
Jun 23 19:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Failed password for invalid user git from 176.65.139.218 port 46250 ssh2
Jun 23 19:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Connection closed by 176.65.139.218 port 46250 [preauth]
Jun 23 19:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: Invalid user bot from 176.65.139.218
Jun 23 19:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: input_userauth_request: invalid user bot [preauth]
Jun 23 19:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22180]: pam_unix(cron:session): session closed for user root
Jun 23 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: Failed password for invalid user bot from 176.65.139.218 port 42064 ssh2
Jun 23 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: Connection closed by 176.65.139.218 port 42064 [preauth]
Jun 23 19:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: Invalid user newuser from 176.65.139.218
Jun 23 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: input_userauth_request: invalid user newuser [preauth]
Jun 23 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: Failed password for invalid user newuser from 176.65.139.218 port 43438 ssh2
Jun 23 19:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: Connection closed by 176.65.139.218 port 43438 [preauth]
Jun 23 19:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: Invalid user deployer from 176.65.139.218
Jun 23 19:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: input_userauth_request: invalid user deployer [preauth]
Jun 23 19:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: Failed password for invalid user deployer from 176.65.139.218 port 43462 ssh2
Jun 23 19:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: Connection closed by 176.65.139.218 port 43462 [preauth]
Jun 23 19:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Invalid user user from 176.65.139.218
Jun 23 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: input_userauth_request: invalid user user [preauth]
Jun 23 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Failed password for invalid user user from 176.65.139.218 port 39648 ssh2
Jun 23 19:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Connection closed by 176.65.139.218 port 39648 [preauth]
Jun 23 19:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Invalid user admin123 from 176.65.139.218
Jun 23 19:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: input_userauth_request: invalid user admin123 [preauth]
Jun 23 19:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Failed password for invalid user admin123 from 176.65.139.218 port 39766 ssh2
Jun 23 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Connection closed by 176.65.139.218 port 39766 [preauth]
Jun 23 19:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Invalid user gitlab from 176.65.139.218
Jun 23 19:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: input_userauth_request: invalid user gitlab [preauth]
Jun 23 19:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23615]: pam_unix(cron:session): session closed for user root
Jun 23 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23617]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23688]: Successful su for rubyman by root
Jun 23 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23688]: + ??? root:rubyman
Jun 23 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579104 of user rubyman.
Jun 23 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23688]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579104.
Jun 23 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Failed password for invalid user gitlab from 176.65.139.218 port 34178 ssh2
Jun 23 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Connection closed by 176.65.139.218 port 34178 [preauth]
Jun 23 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20843]: pam_unix(cron:session): session closed for user root
Jun 23 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23618]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: Failed password for root from 176.65.139.218 port 56624 ssh2
Jun 23 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: Connection closed by 176.65.139.218 port 56624 [preauth]
Jun 23 19:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166  user=root
Jun 23 19:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: Failed password for root from 176.65.139.218 port 56674 ssh2
Jun 23 19:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: Connection closed by 176.65.139.218 port 56674 [preauth]
Jun 23 19:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: Failed password for root from 104.208.108.166 port 27436 ssh2
Jun 23 19:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: Received disconnect from 104.208.108.166 port 27436:11: Bye Bye [preauth]
Jun 23 19:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: Disconnected from 104.208.108.166 port 27436 [preauth]
Jun 23 19:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Invalid user fastuser from 176.65.139.218
Jun 23 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: input_userauth_request: invalid user fastuser [preauth]
Jun 23 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Invalid user developer from 91.92.40.11
Jun 23 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Failed password for invalid user fastuser from 176.65.139.218 port 60690 ssh2
Jun 23 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Connection closed by 176.65.139.218 port 60690 [preauth]
Jun 23 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Failed password for invalid user developer from 91.92.40.11 port 41398 ssh2
Jun 23 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Connection closed by 91.92.40.11 port 41398 [preauth]
Jun 23 19:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: Failed password for root from 176.65.139.218 port 60760 ssh2
Jun 23 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: Connection closed by 176.65.139.218 port 60760 [preauth]
Jun 23 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Failed password for root from 103.77.175.15 port 47412 ssh2
Jun 23 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Connection closed by 103.77.175.15 port 47412 [preauth]
Jun 23 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Invalid user admin from 176.65.139.218
Jun 23 19:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Failed password for invalid user admin from 176.65.139.218 port 59924 ssh2
Jun 23 19:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Connection closed by 176.65.139.218 port 59924 [preauth]
Jun 23 19:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: Invalid user blog from 115.178.75.243
Jun 23 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: input_userauth_request: invalid user blog [preauth]
Jun 23 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22693]: pam_unix(cron:session): session closed for user root
Jun 23 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: Invalid user ossuser from 176.65.139.218
Jun 23 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: input_userauth_request: invalid user ossuser [preauth]
Jun 23 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: Failed password for invalid user blog from 115.178.75.243 port 34044 ssh2
Jun 23 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: Received disconnect from 115.178.75.243 port 34044:11: Bye Bye [preauth]
Jun 23 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: Disconnected from 115.178.75.243 port 34044 [preauth]
Jun 23 19:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: Failed password for invalid user ossuser from 176.65.139.218 port 59982 ssh2
Jun 23 19:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24079]: Connection closed by 176.65.139.218 port 59982 [preauth]
Jun 23 19:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: Invalid user debian from 176.65.139.218
Jun 23 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: Failed password for invalid user debian from 176.65.139.218 port 60948 ssh2
Jun 23 19:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24097]: Connection closed by 176.65.139.218 port 60948 [preauth]
Jun 23 19:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: Invalid user foundry from 65.21.150.20
Jun 23 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: input_userauth_request: invalid user foundry [preauth]
Jun 23 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: Invalid user cursor from 176.65.139.218
Jun 23 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: input_userauth_request: invalid user cursor [preauth]
Jun 23 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: Failed password for invalid user foundry from 65.21.150.20 port 56272 ssh2
Jun 23 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: Received disconnect from 65.21.150.20 port 56272:11: Bye Bye [preauth]
Jun 23 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: Disconnected from 65.21.150.20 port 56272 [preauth]
Jun 23 19:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: Failed password for invalid user cursor from 176.65.139.218 port 60978 ssh2
Jun 23 19:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: Connection closed by 176.65.139.218 port 60978 [preauth]
Jun 23 19:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: Invalid user pi from 176.65.139.218
Jun 23 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: input_userauth_request: invalid user pi [preauth]
Jun 23 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: Failed password for invalid user pi from 176.65.139.218 port 50128 ssh2
Jun 23 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: Connection closed by 176.65.139.218 port 50128 [preauth]
Jun 23 19:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: Invalid user teamspeak from 176.65.139.218
Jun 23 19:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 19:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: Failed password for invalid user teamspeak from 176.65.139.218 port 41580 ssh2
Jun 23 19:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: Connection closed by 176.65.139.218 port 41580 [preauth]
Jun 23 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24158]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: Successful su for rubyman by root
Jun 23 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: + ??? root:rubyman
Jun 23 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579110 of user rubyman.
Jun 23 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579110.
Jun 23 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: Invalid user kingbase from 176.65.139.218
Jun 23 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: input_userauth_request: invalid user kingbase [preauth]
Jun 23 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21283]: pam_unix(cron:session): session closed for user root
Jun 23 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: Invalid user ruben from 95.58.255.251
Jun 23 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: input_userauth_request: invalid user ruben [preauth]
Jun 23 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: Failed password for invalid user kingbase from 176.65.139.218 port 41624 ssh2
Jun 23 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: Connection closed by 176.65.139.218 port 41624 [preauth]
Jun 23 19:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: Failed password for invalid user ruben from 95.58.255.251 port 53710 ssh2
Jun 23 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: Received disconnect from 95.58.255.251 port 53710:11: Bye Bye [preauth]
Jun 23 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: Disconnected from 95.58.255.251 port 53710 [preauth]
Jun 23 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24428]: Connection closed by 45.148.10.121 port 47662 [preauth]
Jun 23 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Invalid user admin from 176.65.139.218
Jun 23 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Failed password for invalid user admin from 176.65.139.218 port 56298 ssh2
Jun 23 19:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Connection closed by 176.65.139.218 port 56298 [preauth]
Jun 23 19:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: Failed password for root from 176.65.139.218 port 56418 ssh2
Jun 23 19:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: Connection closed by 176.65.139.218 port 56418 [preauth]
Jun 23 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24475]: Failed password for root from 176.65.139.218 port 44420 ssh2
Jun 23 19:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24475]: Connection closed by 176.65.139.218 port 44420 [preauth]
Jun 23 19:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Invalid user jack from 176.65.139.218
Jun 23 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: input_userauth_request: invalid user jack [preauth]
Jun 23 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Failed password for invalid user jack from 176.65.139.218 port 44484 ssh2
Jun 23 19:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Connection closed by 176.65.139.218 port 44484 [preauth]
Jun 23 19:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: Invalid user gpadmin from 176.65.139.218
Jun 23 19:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: input_userauth_request: invalid user gpadmin [preauth]
Jun 23 19:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23154]: pam_unix(cron:session): session closed for user root
Jun 23 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: Failed password for invalid user gpadmin from 176.65.139.218 port 49194 ssh2
Jun 23 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: Connection closed by 176.65.139.218 port 49194 [preauth]
Jun 23 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: Failed password for root from 176.65.139.218 port 32870 ssh2
Jun 23 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: Connection closed by 176.65.139.218 port 32870 [preauth]
Jun 23 19:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Invalid user ts3 from 176.65.139.218
Jun 23 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: Invalid user developer from 91.92.40.11
Jun 23 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Failed password for invalid user ts3 from 176.65.139.218 port 32902 ssh2
Jun 23 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Connection closed by 176.65.139.218 port 32902 [preauth]
Jun 23 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: Failed password for invalid user developer from 91.92.40.11 port 41214 ssh2
Jun 23 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: Connection closed by 91.92.40.11 port 41214 [preauth]
Jun 23 19:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: Invalid user postgres from 176.65.139.218
Jun 23 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: input_userauth_request: invalid user postgres [preauth]
Jun 23 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: Failed password for invalid user postgres from 176.65.139.218 port 37926 ssh2
Jun 23 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24586]: Connection closed by 176.65.139.218 port 37926 [preauth]
Jun 23 19:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Invalid user media from 176.65.139.218
Jun 23 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: input_userauth_request: invalid user media [preauth]
Jun 23 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Failed password for invalid user media from 176.65.139.218 port 37956 ssh2
Jun 23 19:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Connection closed by 176.65.139.218 port 37956 [preauth]
Jun 23 19:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: Successful su for rubyman by root
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: + ??? root:rubyman
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579113 of user rubyman.
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579113.
Jun 23 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Failed password for root from 176.65.139.218 port 42418 ssh2
Jun 23 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Connection closed by 176.65.139.218 port 42418 [preauth]
Jun 23 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21747]: pam_unix(cron:session): session closed for user root
Jun 23 19:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24875]: Invalid user ai from 176.65.139.218
Jun 23 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24875]: input_userauth_request: invalid user ai [preauth]
Jun 23 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24875]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24875]: Failed password for invalid user ai from 176.65.139.218 port 42478 ssh2
Jun 23 19:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24875]: Connection closed by 176.65.139.218 port 42478 [preauth]
Jun 23 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: Invalid user deploy from 176.65.139.218
Jun 23 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Invalid user pymes from 104.208.108.166
Jun 23 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: input_userauth_request: invalid user pymes [preauth]
Jun 23 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: Failed password for invalid user deploy from 176.65.139.218 port 40742 ssh2
Jun 23 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: Connection closed by 176.65.139.218 port 40742 [preauth]
Jun 23 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Failed password for invalid user pymes from 104.208.108.166 port 40860 ssh2
Jun 23 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Received disconnect from 104.208.108.166 port 40860:11: Bye Bye [preauth]
Jun 23 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Disconnected from 104.208.108.166 port 40860 [preauth]
Jun 23 19:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Invalid user admin123 from 176.65.139.218
Jun 23 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: input_userauth_request: invalid user admin123 [preauth]
Jun 23 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Failed password for invalid user admin123 from 176.65.139.218 port 40778 ssh2
Jun 23 19:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Connection closed by 176.65.139.218 port 40778 [preauth]
Jun 23 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Invalid user redhat from 176.65.139.218
Jun 23 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: input_userauth_request: invalid user redhat [preauth]
Jun 23 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Failed password for invalid user redhat from 176.65.139.218 port 32776 ssh2
Jun 23 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Connection closed by 176.65.139.218 port 32776 [preauth]
Jun 23 19:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: Invalid user testuser from 176.65.139.218
Jun 23 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: input_userauth_request: invalid user testuser [preauth]
Jun 23 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: Failed password for invalid user testuser from 176.65.139.218 port 32848 ssh2
Jun 23 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: Connection closed by 176.65.139.218 port 32848 [preauth]
Jun 23 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24951]: Invalid user myuser from 176.65.139.218
Jun 23 19:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24951]: input_userauth_request: invalid user myuser [preauth]
Jun 23 19:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24951]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24951]: Failed password for invalid user myuser from 176.65.139.218 port 39114 ssh2
Jun 23 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24951]: Connection closed by 176.65.139.218 port 39114 [preauth]
Jun 23 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23620]: pam_unix(cron:session): session closed for user root
Jun 23 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Invalid user claude from 176.65.139.218
Jun 23 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: input_userauth_request: invalid user claude [preauth]
Jun 23 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Failed password for invalid user claude from 176.65.139.218 port 39156 ssh2
Jun 23 19:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Connection closed by 176.65.139.218 port 39156 [preauth]
Jun 23 19:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Failed password for root from 176.65.139.218 port 53356 ssh2
Jun 23 19:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Connection closed by 176.65.139.218 port 53356 [preauth]
Jun 23 19:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: Invalid user tpaterni from 95.58.255.251
Jun 23 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: input_userauth_request: invalid user tpaterni [preauth]
Jun 23 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: Invalid user openvpn from 176.65.139.218
Jun 23 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: input_userauth_request: invalid user openvpn [preauth]
Jun 23 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Invalid user user1 from 115.178.75.243
Jun 23 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: input_userauth_request: invalid user user1 [preauth]
Jun 23 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: Failed password for invalid user tpaterni from 95.58.255.251 port 51452 ssh2
Jun 23 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: Received disconnect from 95.58.255.251 port 51452:11: Bye Bye [preauth]
Jun 23 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: Disconnected from 95.58.255.251 port 51452 [preauth]
Jun 23 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: Failed password for invalid user openvpn from 176.65.139.218 port 53418 ssh2
Jun 23 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: Connection closed by 176.65.139.218 port 53418 [preauth]
Jun 23 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: Invalid user valheim from 65.21.150.20
Jun 23 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: input_userauth_request: invalid user valheim [preauth]
Jun 23 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Failed password for invalid user user1 from 115.178.75.243 port 45318 ssh2
Jun 23 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Received disconnect from 115.178.75.243 port 45318:11: Bye Bye [preauth]
Jun 23 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Disconnected from 115.178.75.243 port 45318 [preauth]
Jun 23 19:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: Failed password for invalid user valheim from 65.21.150.20 port 33768 ssh2
Jun 23 19:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: Received disconnect from 65.21.150.20 port 33768:11: Bye Bye [preauth]
Jun 23 19:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25027]: Disconnected from 65.21.150.20 port 33768 [preauth]
Jun 23 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Failed password for root from 176.65.139.218 port 60180 ssh2
Jun 23 19:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Connection closed by 176.65.139.218 port 60180 [preauth]
Jun 23 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: Failed password for root from 176.65.139.218 port 60200 ssh2
Jun 23 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: Connection closed by 176.65.139.218 port 60200 [preauth]
Jun 23 19:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Invalid user centreon from 176.65.139.218
Jun 23 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: input_userauth_request: invalid user centreon [preauth]
Jun 23 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Failed password for invalid user centreon from 176.65.139.218 port 41636 ssh2
Jun 23 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Connection closed by 176.65.139.218 port 41636 [preauth]
Jun 23 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25073]: pam_unix(cron:session): session closed for user root
Jun 23 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25066]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25135]: Successful su for rubyman by root
Jun 23 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25135]: + ??? root:rubyman
Jun 23 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579119 of user rubyman.
Jun 23 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25135]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579119.
Jun 23 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Invalid user admin2 from 176.65.139.218
Jun 23 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: input_userauth_request: invalid user admin2 [preauth]
Jun 23 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22179]: pam_unix(cron:session): session closed for user root
Jun 23 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25069]: pam_unix(cron:session): session closed for user root
Jun 23 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Failed password for invalid user admin2 from 176.65.139.218 port 41660 ssh2
Jun 23 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Connection closed by 176.65.139.218 port 41660 [preauth]
Jun 23 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25067]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: Invalid user frank from 176.65.139.218
Jun 23 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: input_userauth_request: invalid user frank [preauth]
Jun 23 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: Failed password for invalid user frank from 176.65.139.218 port 39852 ssh2
Jun 23 19:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: Connection closed by 176.65.139.218 port 39852 [preauth]
Jun 23 19:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Invalid user developer from 91.92.40.11
Jun 23 19:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Failed password for invalid user developer from 91.92.40.11 port 52364 ssh2
Jun 23 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Connection closed by 91.92.40.11 port 52364 [preauth]
Jun 23 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: Failed password for root from 176.65.139.218 port 39942 ssh2
Jun 23 19:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: Connection closed by 176.65.139.218 port 39942 [preauth]
Jun 23 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Invalid user openclaw from 176.65.139.218
Jun 23 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 19:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Failed password for invalid user openclaw from 176.65.139.218 port 55422 ssh2
Jun 23 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Connection closed by 176.65.139.218 port 55422 [preauth]
Jun 23 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: Invalid user dev from 176.65.139.218
Jun 23 19:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: input_userauth_request: invalid user dev [preauth]
Jun 23 19:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: Failed password for invalid user dev from 176.65.139.218 port 56292 ssh2
Jun 23 19:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: Connection closed by 176.65.139.218 port 56292 [preauth]
Jun 23 19:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: Invalid user user1 from 176.65.139.218
Jun 23 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: input_userauth_request: invalid user user1 [preauth]
Jun 23 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session closed for user root
Jun 23 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: Failed password for invalid user user1 from 176.65.139.218 port 56302 ssh2
Jun 23 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: Connection closed by 176.65.139.218 port 56302 [preauth]
Jun 23 19:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: Failed password for root from 176.65.139.218 port 58532 ssh2
Jun 23 19:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: Connection closed by 176.65.139.218 port 58532 [preauth]
Jun 23 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25477]: Invalid user odoo17 from 176.65.139.218
Jun 23 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25477]: input_userauth_request: invalid user odoo17 [preauth]
Jun 23 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25477]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25477]: Failed password for invalid user odoo17 from 176.65.139.218 port 58582 ssh2
Jun 23 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25477]: Connection closed by 176.65.139.218 port 58582 [preauth]
Jun 23 19:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25490]: Invalid user test from 176.65.139.218
Jun 23 19:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25490]: input_userauth_request: invalid user test [preauth]
Jun 23 19:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25490]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25490]: Failed password for invalid user test from 176.65.139.218 port 37310 ssh2
Jun 23 19:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25490]: Connection closed by 176.65.139.218 port 37310 [preauth]
Jun 23 19:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Failed password for root from 176.65.139.218 port 49096 ssh2
Jun 23 19:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Connection closed by 176.65.139.218 port 49096 [preauth]
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25516]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25513]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25582]: Successful su for rubyman by root
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25582]: + ??? root:rubyman
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579123 of user rubyman.
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25582]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579123.
Jun 23 19:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Invalid user ai from 176.65.139.218
Jun 23 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: input_userauth_request: invalid user ai [preauth]
Jun 23 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22692]: pam_unix(cron:session): session closed for user root
Jun 23 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25515]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Failed password for invalid user ai from 176.65.139.218 port 49154 ssh2
Jun 23 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Connection closed by 176.65.139.218 port 49154 [preauth]
Jun 23 19:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166  user=root
Jun 23 19:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: Failed password for root from 176.65.139.218 port 47310 ssh2
Jun 23 19:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: Connection closed by 176.65.139.218 port 47310 [preauth]
Jun 23 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Failed password for root from 104.208.108.166 port 36378 ssh2
Jun 23 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Received disconnect from 104.208.108.166 port 36378:11: Bye Bye [preauth]
Jun 23 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Disconnected from 104.208.108.166 port 36378 [preauth]
Jun 23 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: Failed password for root from 176.65.139.218 port 47352 ssh2
Jun 23 19:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: Connection closed by 176.65.139.218 port 47352 [preauth]
Jun 23 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Invalid user support from 176.65.139.218
Jun 23 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: input_userauth_request: invalid user support [preauth]
Jun 23 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Failed password for invalid user support from 176.65.139.218 port 51112 ssh2
Jun 23 19:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Connection closed by 176.65.139.218 port 51112 [preauth]
Jun 23 19:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251  user=root
Jun 23 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: Failed password for root from 95.58.255.251 port 40270 ssh2
Jun 23 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: Received disconnect from 95.58.255.251 port 40270:11: Bye Bye [preauth]
Jun 23 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: Disconnected from 95.58.255.251 port 40270 [preauth]
Jun 23 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: Failed password for root from 176.65.139.218 port 36554 ssh2
Jun 23 19:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: Connection closed by 176.65.139.218 port 36554 [preauth]
Jun 23 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24615]: pam_unix(cron:session): session closed for user root
Jun 23 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Invalid user fastuser from 176.65.139.218
Jun 23 19:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: input_userauth_request: invalid user fastuser [preauth]
Jun 23 19:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Failed password for invalid user fastuser from 176.65.139.218 port 36624 ssh2
Jun 23 19:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Connection closed by 176.65.139.218 port 36624 [preauth]
Jun 23 19:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: Invalid user developer from 91.92.40.11
Jun 23 19:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: Failed password for invalid user developer from 91.92.40.11 port 55008 ssh2
Jun 23 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: Connection closed by 91.92.40.11 port 55008 [preauth]
Jun 23 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: Invalid user gitlab from 176.65.139.218
Jun 23 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: input_userauth_request: invalid user gitlab [preauth]
Jun 23 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: Failed password for invalid user gitlab from 176.65.139.218 port 46440 ssh2
Jun 23 19:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25876]: Connection closed by 176.65.139.218 port 46440 [preauth]
Jun 23 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25902]: Invalid user test from 176.65.139.218
Jun 23 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25902]: input_userauth_request: invalid user test [preauth]
Jun 23 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25902]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25902]: Failed password for invalid user test from 176.65.139.218 port 58298 ssh2
Jun 23 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25902]: Connection closed by 176.65.139.218 port 58298 [preauth]
Jun 23 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: Invalid user sysadmin from 65.21.150.20
Jun 23 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: input_userauth_request: invalid user sysadmin [preauth]
Jun 23 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: Failed password for invalid user sysadmin from 65.21.150.20 port 59644 ssh2
Jun 23 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: Received disconnect from 65.21.150.20 port 59644:11: Bye Bye [preauth]
Jun 23 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: Disconnected from 65.21.150.20 port 59644 [preauth]
Jun 23 19:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: Failed password for root from 176.65.139.218 port 58364 ssh2
Jun 23 19:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: Connection closed by 176.65.139.218 port 58364 [preauth]
Jun 23 19:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: Invalid user user1 from 176.65.139.218
Jun 23 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: input_userauth_request: invalid user user1 [preauth]
Jun 23 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: Failed password for invalid user user1 from 176.65.139.218 port 40560 ssh2
Jun 23 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: Connection closed by 176.65.139.218 port 40560 [preauth]
Jun 23 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243  user=root
Jun 23 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26000]: Successful su for rubyman by root
Jun 23 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26000]: + ??? root:rubyman
Jun 23 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579128 of user rubyman.
Jun 23 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26000]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579128.
Jun 23 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: Failed password for root from 115.178.75.243 port 56588 ssh2
Jun 23 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: Received disconnect from 115.178.75.243 port 56588:11: Bye Bye [preauth]
Jun 23 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: Disconnected from 115.178.75.243 port 56588 [preauth]
Jun 23 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session closed for user root
Jun 23 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26149]: Invalid user student from 176.65.139.218
Jun 23 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26149]: input_userauth_request: invalid user student [preauth]
Jun 23 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26149]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25938]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26149]: Failed password for invalid user student from 176.65.139.218 port 40598 ssh2
Jun 23 19:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26149]: Connection closed by 176.65.139.218 port 40598 [preauth]
Jun 23 19:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Invalid user kafka from 176.65.139.218
Jun 23 19:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: input_userauth_request: invalid user kafka [preauth]
Jun 23 19:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Failed password for invalid user kafka from 176.65.139.218 port 48662 ssh2
Jun 23 19:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Connection closed by 176.65.139.218 port 48662 [preauth]
Jun 23 19:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Invalid user dani from 176.65.139.218
Jun 23 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: input_userauth_request: invalid user dani [preauth]
Jun 23 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Failed password for invalid user dani from 176.65.139.218 port 34634 ssh2
Jun 23 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Connection closed by 176.65.139.218 port 34634 [preauth]
Jun 23 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: Invalid user a from 176.65.139.218
Jun 23 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: input_userauth_request: invalid user a [preauth]
Jun 23 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: Failed password for invalid user a from 176.65.139.218 port 34726 ssh2
Jun 23 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26225]: Connection closed by 176.65.139.218 port 34726 [preauth]
Jun 23 19:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: Invalid user fred from 176.65.139.218
Jun 23 19:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: input_userauth_request: invalid user fred [preauth]
Jun 23 19:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: Failed password for invalid user fred from 176.65.139.218 port 55040 ssh2
Jun 23 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26256]: Connection closed by 176.65.139.218 port 55040 [preauth]
Jun 23 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25072]: pam_unix(cron:session): session closed for user root
Jun 23 19:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Failed password for root from 176.65.139.218 port 36966 ssh2
Jun 23 19:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Connection closed by 176.65.139.218 port 36966 [preauth]
Jun 23 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26309]: Failed password for root from 176.65.139.218 port 36978 ssh2
Jun 23 19:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26309]: Connection closed by 176.65.139.218 port 36978 [preauth]
Jun 23 19:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: Invalid user pi from 176.65.139.218
Jun 23 19:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: input_userauth_request: invalid user pi [preauth]
Jun 23 19:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: Failed password for invalid user pi from 176.65.139.218 port 48556 ssh2
Jun 23 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26326]: Connection closed by 176.65.139.218 port 48556 [preauth]
Jun 23 19:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: Failed password for root from 176.65.139.218 port 48460 ssh2
Jun 23 19:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: Connection closed by 176.65.139.218 port 48460 [preauth]
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26414]: Successful su for rubyman by root
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26414]: + ??? root:rubyman
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579133 of user rubyman.
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26414]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579133.
Jun 23 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26424]: Invalid user crafty from 176.65.139.218
Jun 23 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26424]: input_userauth_request: invalid user crafty [preauth]
Jun 23 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26424]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23619]: pam_unix(cron:session): session closed for user root
Jun 23 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26424]: Failed password for invalid user crafty from 176.65.139.218 port 48522 ssh2
Jun 23 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26424]: Connection closed by 176.65.139.218 port 48522 [preauth]
Jun 23 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Invalid user developer from 91.92.40.11
Jun 23 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Invalid user user1 from 176.65.139.218
Jun 23 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: input_userauth_request: invalid user user1 [preauth]
Jun 23 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Failed password for invalid user developer from 91.92.40.11 port 49612 ssh2
Jun 23 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Connection closed by 91.92.40.11 port 49612 [preauth]
Jun 23 19:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Failed password for invalid user user1 from 176.65.139.218 port 43826 ssh2
Jun 23 19:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Connection closed by 176.65.139.218 port 43826 [preauth]
Jun 23 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26605]: Invalid user sysadmin from 95.58.255.251
Jun 23 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26605]: input_userauth_request: invalid user sysadmin [preauth]
Jun 23 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26605]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26605]: Failed password for invalid user sysadmin from 95.58.255.251 port 41990 ssh2
Jun 23 19:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166  user=root
Jun 23 19:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26605]: Received disconnect from 95.58.255.251 port 41990:11: Bye Bye [preauth]
Jun 23 19:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26605]: Disconnected from 95.58.255.251 port 41990 [preauth]
Jun 23 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Invalid user ftpuser1 from 176.65.139.218
Jun 23 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 23 19:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Failed password for root from 104.208.108.166 port 30180 ssh2
Jun 23 19:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Received disconnect from 104.208.108.166 port 30180:11: Bye Bye [preauth]
Jun 23 19:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Disconnected from 104.208.108.166 port 30180 [preauth]
Jun 23 19:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Failed password for invalid user ftpuser1 from 176.65.139.218 port 43900 ssh2
Jun 23 19:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Connection closed by 176.65.139.218 port 43900 [preauth]
Jun 23 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: Failed password for root from 176.65.139.218 port 59634 ssh2
Jun 23 19:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: Connection closed by 176.65.139.218 port 59634 [preauth]
Jun 23 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: Failed password for root from 176.65.139.218 port 44626 ssh2
Jun 23 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: Connection closed by 176.65.139.218 port 44626 [preauth]
Jun 23 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25517]: pam_unix(cron:session): session closed for user root
Jun 23 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26784]: Failed password for root from 176.65.139.218 port 44684 ssh2
Jun 23 19:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26784]: Connection closed by 176.65.139.218 port 44684 [preauth]
Jun 23 19:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26800]: Invalid user ark from 176.65.139.218
Jun 23 19:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26800]: input_userauth_request: invalid user ark [preauth]
Jun 23 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26800]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26800]: Failed password for invalid user ark from 176.65.139.218 port 39874 ssh2
Jun 23 19:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26800]: Connection closed by 176.65.139.218 port 39874 [preauth]
Jun 23 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Failed password for root from 176.65.139.218 port 34572 ssh2
Jun 23 19:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Connection closed by 176.65.139.218 port 34572 [preauth]
Jun 23 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: Invalid user testuser from 176.65.139.218
Jun 23 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: input_userauth_request: invalid user testuser [preauth]
Jun 23 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: Failed password for invalid user testuser from 176.65.139.218 port 34634 ssh2
Jun 23 19:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: Connection closed by 176.65.139.218 port 34634 [preauth]
Jun 23 19:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Invalid user xiao from 176.65.139.218
Jun 23 19:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: input_userauth_request: invalid user xiao [preauth]
Jun 23 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Failed password for invalid user xiao from 176.65.139.218 port 52768 ssh2
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Connection closed by 176.65.139.218 port 52768 [preauth]
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26854]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26914]: Successful su for rubyman by root
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26914]: + ??? root:rubyman
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579136 of user rubyman.
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26914]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579136.
Jun 23 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session closed for user root
Jun 23 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: Invalid user monitoring from 65.21.150.20
Jun 23 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: input_userauth_request: invalid user monitoring [preauth]
Jun 23 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: Invalid user admin from 176.65.139.218
Jun 23 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26855]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: Failed password for invalid user monitoring from 65.21.150.20 port 40188 ssh2
Jun 23 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: Received disconnect from 65.21.150.20 port 40188:11: Bye Bye [preauth]
Jun 23 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: Disconnected from 65.21.150.20 port 40188 [preauth]
Jun 23 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: Failed password for invalid user admin from 176.65.139.218 port 52832 ssh2
Jun 23 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: Connection closed by 176.65.139.218 port 52832 [preauth]
Jun 23 19:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: Failed password for root from 176.65.139.218 port 52260 ssh2
Jun 23 19:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: Connection closed by 176.65.139.218 port 52260 [preauth]
Jun 23 19:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: Invalid user cloud from 176.65.139.218
Jun 23 19:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: input_userauth_request: invalid user cloud [preauth]
Jun 23 19:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: Failed password for invalid user cloud from 176.65.139.218 port 52294 ssh2
Jun 23 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: Connection closed by 176.65.139.218 port 52294 [preauth]
Jun 23 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Invalid user deploy from 115.178.75.243
Jun 23 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: Invalid user calvin from 176.65.139.218
Jun 23 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: input_userauth_request: invalid user calvin [preauth]
Jun 23 19:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Failed password for invalid user deploy from 115.178.75.243 port 39648 ssh2
Jun 23 19:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Received disconnect from 115.178.75.243 port 39648:11: Bye Bye [preauth]
Jun 23 19:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Disconnected from 115.178.75.243 port 39648 [preauth]
Jun 23 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: Failed password for invalid user calvin from 176.65.139.218 port 38760 ssh2
Jun 23 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27148]: Connection closed by 176.65.139.218 port 38760 [preauth]
Jun 23 19:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Invalid user runner from 176.65.139.218
Jun 23 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: input_userauth_request: invalid user runner [preauth]
Jun 23 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Failed password for invalid user runner from 176.65.139.218 port 38862 ssh2
Jun 23 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Connection closed by 176.65.139.218 port 38862 [preauth]
Jun 23 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: Invalid user cw from 176.65.139.218
Jun 23 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: input_userauth_request: invalid user cw [preauth]
Jun 23 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: Failed password for invalid user cw from 176.65.139.218 port 37048 ssh2
Jun 23 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27184]: Connection closed by 176.65.139.218 port 37048 [preauth]
Jun 23 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Invalid user developer from 91.92.40.11
Jun 23 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25940]: pam_unix(cron:session): session closed for user root
Jun 23 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Invalid user sysupdate from 176.65.139.218
Jun 23 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: input_userauth_request: invalid user sysupdate [preauth]
Jun 23 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Failed password for invalid user developer from 91.92.40.11 port 46266 ssh2
Jun 23 19:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Connection closed by 91.92.40.11 port 46266 [preauth]
Jun 23 19:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Failed password for invalid user sysupdate from 176.65.139.218 port 37090 ssh2
Jun 23 19:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Connection closed by 176.65.139.218 port 37090 [preauth]
Jun 23 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Invalid user rancher from 176.65.139.218
Jun 23 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: input_userauth_request: invalid user rancher [preauth]
Jun 23 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Failed password for invalid user rancher from 176.65.139.218 port 50006 ssh2
Jun 23 19:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Connection closed by 176.65.139.218 port 50006 [preauth]
Jun 23 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: Failed password for root from 176.65.139.218 port 50050 ssh2
Jun 23 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: Connection closed by 176.65.139.218 port 50050 [preauth]
Jun 23 19:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: Invalid user user from 176.65.139.218
Jun 23 19:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: input_userauth_request: invalid user user [preauth]
Jun 23 19:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: Failed password for invalid user user from 176.65.139.218 port 37146 ssh2
Jun 23 19:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27260]: Connection closed by 176.65.139.218 port 37146 [preauth]
Jun 23 19:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251  user=root
Jun 23 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: Invalid user git from 176.65.139.218
Jun 23 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: input_userauth_request: invalid user git [preauth]
Jun 23 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Failed password for root from 95.58.255.251 port 37968 ssh2
Jun 23 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Received disconnect from 95.58.255.251 port 37968:11: Bye Bye [preauth]
Jun 23 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Disconnected from 95.58.255.251 port 37968 [preauth]
Jun 23 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: Failed password for invalid user git from 176.65.139.218 port 36772 ssh2
Jun 23 19:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: Connection closed by 176.65.139.218 port 36772 [preauth]
Jun 23 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27304]: pam_unix(cron:session): session closed for user root
Jun 23 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27298]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27373]: Successful su for rubyman by root
Jun 23 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27373]: + ??? root:rubyman
Jun 23 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579140 of user rubyman.
Jun 23 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27373]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579140.
Jun 23 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24614]: pam_unix(cron:session): session closed for user root
Jun 23 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27301]: pam_unix(cron:session): session closed for user root
Jun 23 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: Failed password for root from 176.65.139.218 port 36820 ssh2
Jun 23 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: Connection closed by 176.65.139.218 port 36820 [preauth]
Jun 23 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27300]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: Invalid user devops from 176.65.139.218
Jun 23 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: input_userauth_request: invalid user devops [preauth]
Jun 23 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: Invalid user admin from 104.208.108.166
Jun 23 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: Failed password for invalid user devops from 176.65.139.218 port 55034 ssh2
Jun 23 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27597]: Connection closed by 176.65.139.218 port 55034 [preauth]
Jun 23 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: Failed password for invalid user admin from 104.208.108.166 port 37296 ssh2
Jun 23 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: Received disconnect from 104.208.108.166 port 37296:11: Bye Bye [preauth]
Jun 23 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: Disconnected from 104.208.108.166 port 37296 [preauth]
Jun 23 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27601]: Received disconnect from 192.227.155.98 port 52680:11: disconnected by user [preauth]
Jun 23 19:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27601]: Disconnected from 192.227.155.98 port 52680 [preauth]
Jun 23 19:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Invalid user trader from 176.65.139.218
Jun 23 19:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: input_userauth_request: invalid user trader [preauth]
Jun 23 19:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Failed password for invalid user trader from 176.65.139.218 port 55100 ssh2
Jun 23 19:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Connection closed by 176.65.139.218 port 55100 [preauth]
Jun 23 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Invalid user user from 176.65.139.218
Jun 23 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: input_userauth_request: invalid user user [preauth]
Jun 23 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Failed password for invalid user user from 176.65.139.218 port 39678 ssh2
Jun 23 19:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Connection closed by 176.65.139.218 port 39678 [preauth]
Jun 23 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: Invalid user david from 176.65.139.218
Jun 23 19:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: input_userauth_request: invalid user david [preauth]
Jun 23 19:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: Failed password for invalid user david from 176.65.139.218 port 39720 ssh2
Jun 23 19:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27658]: Connection closed by 176.65.139.218 port 39720 [preauth]
Jun 23 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Invalid user guest from 176.65.139.218
Jun 23 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: input_userauth_request: invalid user guest [preauth]
Jun 23 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Failed password for invalid user guest from 176.65.139.218 port 33260 ssh2
Jun 23 19:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Connection closed by 176.65.139.218 port 33260 [preauth]
Jun 23 19:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26360]: pam_unix(cron:session): session closed for user root
Jun 23 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: Failed password for root from 176.65.139.218 port 33264 ssh2
Jun 23 19:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: Connection closed by 176.65.139.218 port 33264 [preauth]
Jun 23 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Invalid user rancher from 176.65.139.218
Jun 23 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: input_userauth_request: invalid user rancher [preauth]
Jun 23 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Failed password for invalid user rancher from 176.65.139.218 port 45272 ssh2
Jun 23 19:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Connection closed by 176.65.139.218 port 45272 [preauth]
Jun 23 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: Failed password for root from 51.250.105.222 port 36300 ssh2
Jun 23 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: Connection closed by 51.250.105.222 port 36300 [preauth]
Jun 23 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Failed password for root from 77.94.47.83 port 55864 ssh2
Jun 23 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Connection closed by 77.94.47.83 port 55864 [preauth]
Jun 23 19:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: Invalid user mcserver from 176.65.139.218
Jun 23 19:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: input_userauth_request: invalid user mcserver [preauth]
Jun 23 19:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: Failed password for invalid user mcserver from 176.65.139.218 port 45328 ssh2
Jun 23 19:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: Connection closed by 176.65.139.218 port 45328 [preauth]
Jun 23 19:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27745]: Invalid user claude from 176.65.139.218
Jun 23 19:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27745]: input_userauth_request: invalid user claude [preauth]
Jun 23 19:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27745]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27745]: Failed password for invalid user claude from 176.65.139.218 port 51680 ssh2
Jun 23 19:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27745]: Connection closed by 176.65.139.218 port 51680 [preauth]
Jun 23 19:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: Invalid user parsa from 176.65.139.218
Jun 23 19:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: input_userauth_request: invalid user parsa [preauth]
Jun 23 19:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: Failed password for invalid user parsa from 176.65.139.218 port 51718 ssh2
Jun 23 19:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: Connection closed by 176.65.139.218 port 51718 [preauth]
Jun 23 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: Failed password for invalid user ubuntu from 176.65.139.218 port 50766 ssh2
Jun 23 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: Connection closed by 176.65.139.218 port 50766 [preauth]
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27778]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27846]: Successful su for rubyman by root
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27846]: + ??? root:rubyman
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579145 of user rubyman.
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27846]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579145.
Jun 23 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Invalid user claude from 176.65.139.218
Jun 23 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: input_userauth_request: invalid user claude [preauth]
Jun 23 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Failed password for invalid user claude from 176.65.139.218 port 50868 ssh2
Jun 23 19:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Connection closed by 176.65.139.218 port 50868 [preauth]
Jun 23 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: Invalid user docker from 91.92.40.11
Jun 23 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: input_userauth_request: invalid user docker [preauth]
Jun 23 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25071]: pam_unix(cron:session): session closed for user root
Jun 23 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27779]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: Failed password for invalid user docker from 91.92.40.11 port 47462 ssh2
Jun 23 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: Connection closed by 91.92.40.11 port 47462 [preauth]
Jun 23 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: Invalid user node from 176.65.139.218
Jun 23 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: input_userauth_request: invalid user node [preauth]
Jun 23 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: Failed password for invalid user node from 176.65.139.218 port 52800 ssh2
Jun 23 19:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: Connection closed by 176.65.139.218 port 52800 [preauth]
Jun 23 19:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Invalid user user3 from 176.65.139.218
Jun 23 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: input_userauth_request: invalid user user3 [preauth]
Jun 23 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: Invalid user tomcat from 65.21.150.20
Jun 23 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: input_userauth_request: invalid user tomcat [preauth]
Jun 23 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Failed password for invalid user user3 from 176.65.139.218 port 52830 ssh2
Jun 23 19:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: Failed password for invalid user tomcat from 65.21.150.20 port 42194 ssh2
Jun 23 19:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Connection closed by 176.65.139.218 port 52830 [preauth]
Jun 23 19:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: Received disconnect from 65.21.150.20 port 42194:11: Bye Bye [preauth]
Jun 23 19:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: Disconnected from 65.21.150.20 port 42194 [preauth]
Jun 23 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: Invalid user sonar from 176.65.139.218
Jun 23 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: input_userauth_request: invalid user sonar [preauth]
Jun 23 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: Failed password for invalid user sonar from 176.65.139.218 port 49764 ssh2
Jun 23 19:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: Connection closed by 176.65.139.218 port 49764 [preauth]
Jun 23 19:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: Invalid user tester from 176.65.139.218
Jun 23 19:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: input_userauth_request: invalid user tester [preauth]
Jun 23 19:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: Failed password for invalid user tester from 176.65.139.218 port 49798 ssh2
Jun 23 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: Connection closed by 176.65.139.218 port 49798 [preauth]
Jun 23 19:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: Failed password for root from 176.65.139.218 port 49832 ssh2
Jun 23 19:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: Connection closed by 176.65.139.218 port 49832 [preauth]
Jun 23 19:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243  user=root
Jun 23 19:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Invalid user operator from 176.65.139.218
Jun 23 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: input_userauth_request: invalid user operator [preauth]
Jun 23 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28175]: Failed password for root from 115.178.75.243 port 50912 ssh2
Jun 23 19:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28175]: Received disconnect from 115.178.75.243 port 50912:11: Bye Bye [preauth]
Jun 23 19:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28175]: Disconnected from 115.178.75.243 port 50912 [preauth]
Jun 23 19:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Failed password for invalid user operator from 176.65.139.218 port 40458 ssh2
Jun 23 19:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Connection closed by 176.65.139.218 port 40458 [preauth]
Jun 23 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26857]: pam_unix(cron:session): session closed for user root
Jun 23 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Invalid user angel from 176.65.139.218
Jun 23 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: input_userauth_request: invalid user angel [preauth]
Jun 23 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Failed password for invalid user angel from 176.65.139.218 port 40514 ssh2
Jun 23 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Connection closed by 176.65.139.218 port 40514 [preauth]
Jun 23 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Invalid user valheim from 95.58.255.251
Jun 23 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: input_userauth_request: invalid user valheim [preauth]
Jun 23 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: Invalid user vbox from 176.65.139.218
Jun 23 19:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: input_userauth_request: invalid user vbox [preauth]
Jun 23 19:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Failed password for invalid user valheim from 95.58.255.251 port 60354 ssh2
Jun 23 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Received disconnect from 95.58.255.251 port 60354:11: Bye Bye [preauth]
Jun 23 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Disconnected from 95.58.255.251 port 60354 [preauth]
Jun 23 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: Failed password for invalid user vbox from 176.65.139.218 port 56108 ssh2
Jun 23 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: Connection closed by 176.65.139.218 port 56108 [preauth]
Jun 23 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: Failed password for root from 176.65.139.218 port 56166 ssh2
Jun 23 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: Connection closed by 176.65.139.218 port 56166 [preauth]
Jun 23 19:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: Invalid user git from 176.65.139.218
Jun 23 19:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: input_userauth_request: invalid user git [preauth]
Jun 23 19:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: Failed password for invalid user git from 176.65.139.218 port 43968 ssh2
Jun 23 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28247]: Connection closed by 176.65.139.218 port 43968 [preauth]
Jun 23 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Invalid user steam from 176.65.139.218
Jun 23 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: input_userauth_request: invalid user steam [preauth]
Jun 23 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Failed password for invalid user steam from 176.65.139.218 port 44028 ssh2
Jun 23 19:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Connection closed by 176.65.139.218 port 44028 [preauth]
Jun 23 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Invalid user osmc from 176.65.139.218
Jun 23 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: input_userauth_request: invalid user osmc [preauth]
Jun 23 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Failed password for invalid user osmc from 176.65.139.218 port 33334 ssh2
Jun 23 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Connection closed by 176.65.139.218 port 33334 [preauth]
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28280]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: Successful su for rubyman by root
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: + ??? root:rubyman
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579149 of user rubyman.
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579149.
Jun 23 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28370]: Invalid user deploy from 176.65.139.218
Jun 23 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28370]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28370]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25516]: pam_unix(cron:session): session closed for user root
Jun 23 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28370]: Failed password for invalid user deploy from 176.65.139.218 port 33370 ssh2
Jun 23 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166  user=root
Jun 23 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28370]: Connection closed by 176.65.139.218 port 33370 [preauth]
Jun 23 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28281]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Failed password for root from 104.208.108.166 port 23302 ssh2
Jun 23 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Received disconnect from 104.208.108.166 port 23302:11: Bye Bye [preauth]
Jun 23 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Disconnected from 104.208.108.166 port 23302 [preauth]
Jun 23 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: Invalid user lucas from 176.65.139.218
Jun 23 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: input_userauth_request: invalid user lucas [preauth]
Jun 23 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: Failed password for invalid user lucas from 176.65.139.218 port 46366 ssh2
Jun 23 19:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: Connection closed by 176.65.139.218 port 46366 [preauth]
Jun 23 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28542]: User mysql from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28542]: input_userauth_request: invalid user mysql [preauth]
Jun 23 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=mysql
Jun 23 19:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28542]: Failed password for invalid user mysql from 176.65.139.218 port 46414 ssh2
Jun 23 19:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28542]: Connection closed by 176.65.139.218 port 46414 [preauth]
Jun 23 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: Failed password for root from 176.65.139.218 port 46458 ssh2
Jun 23 19:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: Connection closed by 176.65.139.218 port 46458 [preauth]
Jun 23 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: Invalid user claude from 176.65.139.218
Jun 23 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: input_userauth_request: invalid user claude [preauth]
Jun 23 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: Failed password for invalid user claude from 176.65.139.218 port 37048 ssh2
Jun 23 19:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: Connection closed by 176.65.139.218 port 37048 [preauth]
Jun 23 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: Invalid user steam from 176.65.139.218
Jun 23 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: input_userauth_request: invalid user steam [preauth]
Jun 23 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: Failed password for invalid user steam from 176.65.139.218 port 37088 ssh2
Jun 23 19:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: Connection closed by 176.65.139.218 port 37088 [preauth]
Jun 23 19:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: Failed password for root from 176.65.139.218 port 60338 ssh2
Jun 23 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: Connection closed by 176.65.139.218 port 60338 [preauth]
Jun 23 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: Invalid user docker from 91.92.40.11
Jun 23 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: input_userauth_request: invalid user docker [preauth]
Jun 23 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27303]: pam_unix(cron:session): session closed for user root
Jun 23 19:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: Failed password for invalid user docker from 91.92.40.11 port 55216 ssh2
Jun 23 19:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: Connection closed by 91.92.40.11 port 55216 [preauth]
Jun 23 19:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: Invalid user ethan from 176.65.139.218
Jun 23 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: input_userauth_request: invalid user ethan [preauth]
Jun 23 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: Failed password for invalid user ethan from 176.65.139.218 port 45274 ssh2
Jun 23 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: Connection closed by 176.65.139.218 port 45274 [preauth]
Jun 23 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Failed password for root from 176.65.139.218 port 45316 ssh2
Jun 23 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Connection closed by 176.65.139.218 port 45316 [preauth]
Jun 23 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Invalid user claude from 176.65.139.218
Jun 23 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: input_userauth_request: invalid user claude [preauth]
Jun 23 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Failed password for invalid user claude from 176.65.139.218 port 39872 ssh2
Jun 23 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Connection closed by 176.65.139.218 port 39872 [preauth]
Jun 23 19:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Failed password for root from 176.65.139.218 port 39944 ssh2
Jun 23 19:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Connection closed by 176.65.139.218 port 39944 [preauth]
Jun 23 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28786]: Received disconnect from 50.7.233.211 port 53394:11: disconnected by user [preauth]
Jun 23 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28786]: Disconnected from 50.7.233.211 port 53394 [preauth]
Jun 23 19:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: Invalid user system from 176.65.139.218
Jun 23 19:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: input_userauth_request: invalid user system [preauth]
Jun 23 19:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: Failed password for invalid user system from 176.65.139.218 port 60748 ssh2
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: Connection closed by 176.65.139.218 port 60748 [preauth]
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28860]: Successful su for rubyman by root
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28860]: + ??? root:rubyman
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579155 of user rubyman.
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28860]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579155.
Jun 23 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25939]: pam_unix(cron:session): session closed for user root
Jun 23 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: Failed password for root from 176.65.139.218 port 60786 ssh2
Jun 23 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: Connection closed by 176.65.139.218 port 60786 [preauth]
Jun 23 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: Invalid user gitlab-runner from 176.65.139.218
Jun 23 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 23 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: Failed password for invalid user gitlab-runner from 176.65.139.218 port 37276 ssh2
Jun 23 19:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: Connection closed by 176.65.139.218 port 37276 [preauth]
Jun 23 19:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: Invalid user jay from 176.65.139.218
Jun 23 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: input_userauth_request: invalid user jay [preauth]
Jun 23 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: Failed password for invalid user jay from 176.65.139.218 port 37328 ssh2
Jun 23 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: Connection closed by 176.65.139.218 port 37328 [preauth]
Jun 23 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Invalid user postgres from 176.65.139.218
Jun 23 19:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: input_userauth_request: invalid user postgres [preauth]
Jun 23 19:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251  user=root
Jun 23 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed password for invalid user postgres from 176.65.139.218 port 36706 ssh2
Jun 23 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Connection closed by 176.65.139.218 port 36706 [preauth]
Jun 23 19:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29110]: Failed password for root from 95.58.255.251 port 33790 ssh2
Jun 23 19:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29110]: Received disconnect from 95.58.255.251 port 33790:11: Bye Bye [preauth]
Jun 23 19:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29110]: Disconnected from 95.58.255.251 port 33790 [preauth]
Jun 23 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: Invalid user dev from 176.65.139.218
Jun 23 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: input_userauth_request: invalid user dev [preauth]
Jun 23 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: Failed password for invalid user dev from 176.65.139.218 port 36738 ssh2
Jun 23 19:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: Connection closed by 176.65.139.218 port 36738 [preauth]
Jun 23 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: Invalid user season from 65.21.150.20
Jun 23 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: input_userauth_request: invalid user season [preauth]
Jun 23 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: Failed password for invalid user season from 65.21.150.20 port 36426 ssh2
Jun 23 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: Received disconnect from 65.21.150.20 port 36426:11: Bye Bye [preauth]
Jun 23 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29140]: Disconnected from 65.21.150.20 port 36426 [preauth]
Jun 23 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Failed password for invalid user ubuntu from 176.65.139.218 port 56200 ssh2
Jun 23 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Connection closed by 176.65.139.218 port 56200 [preauth]
Jun 23 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27781]: pam_unix(cron:session): session closed for user root
Jun 23 19:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Invalid user localhost from 176.65.139.218
Jun 23 19:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: input_userauth_request: invalid user localhost [preauth]
Jun 23 19:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Failed password for invalid user localhost from 176.65.139.218 port 56234 ssh2
Jun 23 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Connection closed by 176.65.139.218 port 56234 [preauth]
Jun 23 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: Invalid user core from 115.178.75.243
Jun 23 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: input_userauth_request: invalid user core [preauth]
Jun 23 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: Invalid user server from 176.65.139.218
Jun 23 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: input_userauth_request: invalid user server [preauth]
Jun 23 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: Failed password for invalid user core from 115.178.75.243 port 33942 ssh2
Jun 23 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: Received disconnect from 115.178.75.243 port 33942:11: Bye Bye [preauth]
Jun 23 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29185]: Disconnected from 115.178.75.243 port 33942 [preauth]
Jun 23 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: Failed password for invalid user server from 176.65.139.218 port 47672 ssh2
Jun 23 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: Connection closed by 176.65.139.218 port 47672 [preauth]
Jun 23 19:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Invalid user admin from 176.65.139.218
Jun 23 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Failed password for invalid user admin from 176.65.139.218 port 47694 ssh2
Jun 23 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Connection closed by 176.65.139.218 port 47694 [preauth]
Jun 23 19:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: Invalid user botuser from 176.65.139.218
Jun 23 19:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: input_userauth_request: invalid user botuser [preauth]
Jun 23 19:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: Failed password for invalid user botuser from 176.65.139.218 port 33060 ssh2
Jun 23 19:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: Connection closed by 176.65.139.218 port 33060 [preauth]
Jun 23 19:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Invalid user user from 176.65.139.218
Jun 23 19:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: input_userauth_request: invalid user user [preauth]
Jun 23 19:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Failed password for invalid user user from 176.65.139.218 port 33112 ssh2
Jun 23 19:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Connection closed by 176.65.139.218 port 33112 [preauth]
Jun 23 19:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Invalid user lenovo from 104.208.108.166
Jun 23 19:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: input_userauth_request: invalid user lenovo [preauth]
Jun 23 19:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: Successful su for rubyman by root
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: + ??? root:rubyman
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579157 of user rubyman.
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579157.
Jun 23 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for invalid user lenovo from 104.208.108.166 port 52476 ssh2
Jun 23 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Received disconnect from 104.208.108.166 port 52476:11: Bye Bye [preauth]
Jun 23 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Disconnected from 104.208.108.166 port 52476 [preauth]
Jun 23 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: Invalid user admin2 from 176.65.139.218
Jun 23 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: input_userauth_request: invalid user admin2 [preauth]
Jun 23 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: Invalid user docker from 91.92.40.11
Jun 23 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: input_userauth_request: invalid user docker [preauth]
Jun 23 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session closed for user root
Jun 23 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: Failed password for invalid user docker from 91.92.40.11 port 49364 ssh2
Jun 23 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: Failed password for invalid user admin2 from 176.65.139.218 port 40194 ssh2
Jun 23 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: Connection closed by 176.65.139.218 port 40194 [preauth]
Jun 23 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: Connection closed by 91.92.40.11 port 49364 [preauth]
Jun 23 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29262]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Invalid user test1 from 176.65.139.218
Jun 23 19:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: input_userauth_request: invalid user test1 [preauth]
Jun 23 19:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Failed password for invalid user test1 from 176.65.139.218 port 43932 ssh2
Jun 23 19:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Connection closed by 176.65.139.218 port 43932 [preauth]
Jun 23 19:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Invalid user worker from 176.65.139.218
Jun 23 19:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: input_userauth_request: invalid user worker [preauth]
Jun 23 19:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Failed password for invalid user worker from 176.65.139.218 port 43998 ssh2
Jun 23 19:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Connection closed by 176.65.139.218 port 43998 [preauth]
Jun 23 19:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: Invalid user daniel from 176.65.139.218
Jun 23 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: input_userauth_request: invalid user daniel [preauth]
Jun 23 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: Failed password for invalid user daniel from 176.65.139.218 port 43158 ssh2
Jun 23 19:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: Connection closed by 176.65.139.218 port 43158 [preauth]
Jun 23 19:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Failed password for root from 176.65.139.218 port 55210 ssh2
Jun 23 19:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Connection closed by 176.65.139.218 port 55210 [preauth]
Jun 23 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session closed for user root
Jun 23 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: User nobody from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: input_userauth_request: invalid user nobody [preauth]
Jun 23 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=nobody
Jun 23 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Failed password for invalid user nobody from 176.65.139.218 port 55246 ssh2
Jun 23 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Connection closed by 176.65.139.218 port 55246 [preauth]
Jun 23 19:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29751]: Failed password for root from 176.65.139.218 port 34718 ssh2
Jun 23 19:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29751]: Connection closed by 176.65.139.218 port 34718 [preauth]
Jun 23 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: Invalid user deployer from 176.65.139.218
Jun 23 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: input_userauth_request: invalid user deployer [preauth]
Jun 23 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: Failed password for invalid user deployer from 176.65.139.218 port 44504 ssh2
Jun 23 19:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: Connection closed by 176.65.139.218 port 44504 [preauth]
Jun 23 19:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Invalid user user1 from 176.65.139.218
Jun 23 19:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: input_userauth_request: invalid user user1 [preauth]
Jun 23 19:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Failed password for invalid user user1 from 176.65.139.218 port 44554 ssh2
Jun 23 19:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Connection closed by 176.65.139.218 port 44554 [preauth]
Jun 23 19:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Invalid user es from 176.65.139.218
Jun 23 19:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: input_userauth_request: invalid user es [preauth]
Jun 23 19:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29821]: pam_unix(cron:session): session closed for user root
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29813]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29892]: Successful su for rubyman by root
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29892]: + ??? root:rubyman
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579161 of user rubyman.
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29892]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579161.
Jun 23 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Failed password for invalid user es from 176.65.139.218 port 54534 ssh2
Jun 23 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Connection closed by 176.65.139.218 port 54534 [preauth]
Jun 23 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Invalid user andres from 95.58.255.251
Jun 23 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: input_userauth_request: invalid user andres [preauth]
Jun 23 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29818]: pam_unix(cron:session): session closed for user root
Jun 23 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26856]: pam_unix(cron:session): session closed for user root
Jun 23 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Failed password for invalid user andres from 95.58.255.251 port 46932 ssh2
Jun 23 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Received disconnect from 95.58.255.251 port 46932:11: Bye Bye [preauth]
Jun 23 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Disconnected from 95.58.255.251 port 46932 [preauth]
Jun 23 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29817]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Failed password for root from 176.65.139.218 port 36270 ssh2
Jun 23 19:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Connection closed by 176.65.139.218 port 36270 [preauth]
Jun 23 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Invalid user liyang from 176.65.139.218
Jun 23 19:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: input_userauth_request: invalid user liyang [preauth]
Jun 23 19:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Failed password for invalid user liyang from 176.65.139.218 port 36320 ssh2
Jun 23 19:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Connection closed by 176.65.139.218 port 36320 [preauth]
Jun 23 19:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: Invalid user runner from 176.65.139.218
Jun 23 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: input_userauth_request: invalid user runner [preauth]
Jun 23 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: Failed password for invalid user runner from 176.65.139.218 port 44072 ssh2
Jun 23 19:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: Connection closed by 176.65.139.218 port 44072 [preauth]
Jun 23 19:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Invalid user ts from 59.12.160.91
Jun 23 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: input_userauth_request: invalid user ts [preauth]
Jun 23 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Failed password for invalid user ts from 59.12.160.91 port 42356 ssh2
Jun 23 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Received disconnect from 59.12.160.91 port 42356:11: Bye Bye [preauth]
Jun 23 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Disconnected from 59.12.160.91 port 42356 [preauth]
Jun 23 19:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: Invalid user user2 from 176.65.139.218
Jun 23 19:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: input_userauth_request: invalid user user2 [preauth]
Jun 23 19:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Invalid user docker from 91.92.40.11
Jun 23 19:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: input_userauth_request: invalid user docker [preauth]
Jun 23 19:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: Failed password for invalid user user2 from 176.65.139.218 port 52318 ssh2
Jun 23 19:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Failed password for invalid user docker from 91.92.40.11 port 55322 ssh2
Jun 23 19:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30188]: Connection closed by 176.65.139.218 port 52318 [preauth]
Jun 23 19:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Connection closed by 91.92.40.11 port 55322 [preauth]
Jun 23 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30196]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30196]: Received disconnect from 123.30.240.7 port 46328:11: disconnected by user [preauth]
Jun 23 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30196]: Disconnected from 123.30.240.7 port 46328 [preauth]
Jun 23 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session closed for user root
Jun 23 19:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: Failed password for root from 176.65.139.218 port 52358 ssh2
Jun 23 19:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: Connection closed by 176.65.139.218 port 52358 [preauth]
Jun 23 19:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Connection closed by 194.59.206.2 port 62544 [preauth]
Jun 23 19:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20  user=root
Jun 23 19:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: Failed password for root from 65.21.150.20 port 46918 ssh2
Jun 23 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: Received disconnect from 65.21.150.20 port 46918:11: Bye Bye [preauth]
Jun 23 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: Disconnected from 65.21.150.20 port 46918 [preauth]
Jun 23 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Failed password for root from 176.65.139.218 port 57918 ssh2
Jun 23 19:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Connection closed by 176.65.139.218 port 57918 [preauth]
Jun 23 19:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Invalid user cloud-user from 176.65.139.218
Jun 23 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: input_userauth_request: invalid user cloud-user [preauth]
Jun 23 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Failed password for invalid user cloud-user from 176.65.139.218 port 57976 ssh2
Jun 23 19:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Connection closed by 176.65.139.218 port 57976 [preauth]
Jun 23 19:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243  user=root
Jun 23 19:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Failed password for root from 115.178.75.243 port 45204 ssh2
Jun 23 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Received disconnect from 115.178.75.243 port 45204:11: Bye Bye [preauth]
Jun 23 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Disconnected from 115.178.75.243 port 45204 [preauth]
Jun 23 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Failed password for root from 176.65.139.218 port 33856 ssh2
Jun 23 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Connection closed by 176.65.139.218 port 33856 [preauth]
Jun 23 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Invalid user aziz from 104.208.108.166
Jun 23 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: input_userauth_request: invalid user aziz [preauth]
Jun 23 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Failed password for invalid user aziz from 104.208.108.166 port 55006 ssh2
Jun 23 19:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Received disconnect from 104.208.108.166 port 55006:11: Bye Bye [preauth]
Jun 23 19:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Disconnected from 104.208.108.166 port 55006 [preauth]
Jun 23 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30306]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30302]: Failed password for root from 176.65.139.218 port 40634 ssh2
Jun 23 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30302]: Connection closed by 176.65.139.218 port 40634 [preauth]
Jun 23 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30373]: Successful su for rubyman by root
Jun 23 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30373]: + ??? root:rubyman
Jun 23 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579168 of user rubyman.
Jun 23 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30373]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579168.
Jun 23 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27302]: pam_unix(cron:session): session closed for user root
Jun 23 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: Invalid user asterisk from 176.65.139.218
Jun 23 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: input_userauth_request: invalid user asterisk [preauth]
Jun 23 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30307]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: Failed password for invalid user asterisk from 176.65.139.218 port 40684 ssh2
Jun 23 19:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: Connection closed by 176.65.139.218 port 40684 [preauth]
Jun 23 19:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Invalid user user2 from 176.65.139.218
Jun 23 19:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: input_userauth_request: invalid user user2 [preauth]
Jun 23 19:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Failed password for invalid user user2 from 176.65.139.218 port 52798 ssh2
Jun 23 19:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 19:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Connection closed by 176.65.139.218 port 52798 [preauth]
Jun 23 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: Failed password for root from 87.251.79.125 port 34734 ssh2
Jun 23 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: Connection closed by 87.251.79.125 port 34734 [preauth]
Jun 23 19:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Failed password for root from 176.65.139.218 port 55056 ssh2
Jun 23 19:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Connection closed by 176.65.139.218 port 55056 [preauth]
Jun 23 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: Invalid user app from 176.65.139.218
Jun 23 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: input_userauth_request: invalid user app [preauth]
Jun 23 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: Failed password for invalid user app from 176.65.139.218 port 55142 ssh2
Jun 23 19:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: Connection closed by 176.65.139.218 port 55142 [preauth]
Jun 23 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: Invalid user fivem from 176.65.139.218
Jun 23 19:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: input_userauth_request: invalid user fivem [preauth]
Jun 23 19:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session closed for user root
Jun 23 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: Failed password for invalid user fivem from 176.65.139.218 port 47462 ssh2
Jun 23 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: Connection closed by 176.65.139.218 port 47462 [preauth]
Jun 23 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Invalid user dev from 176.65.139.218
Jun 23 19:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: input_userauth_request: invalid user dev [preauth]
Jun 23 19:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Failed password for invalid user dev from 176.65.139.218 port 43942 ssh2
Jun 23 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Connection closed by 176.65.139.218 port 43942 [preauth]
Jun 23 19:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: Invalid user newuser from 176.65.139.218
Jun 23 19:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: input_userauth_request: invalid user newuser [preauth]
Jun 23 19:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: Invalid user 24online from 95.58.255.251
Jun 23 19:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: input_userauth_request: invalid user 24online [preauth]
Jun 23 19:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: Failed password for invalid user newuser from 176.65.139.218 port 44030 ssh2
Jun 23 19:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: Failed password for invalid user 24online from 95.58.255.251 port 52306 ssh2
Jun 23 19:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: Connection closed by 176.65.139.218 port 44030 [preauth]
Jun 23 19:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: Received disconnect from 95.58.255.251 port 52306:11: Bye Bye [preauth]
Jun 23 19:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: Disconnected from 95.58.255.251 port 52306 [preauth]
Jun 23 19:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 19:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Invalid user docker from 91.92.40.11
Jun 23 19:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: input_userauth_request: invalid user docker [preauth]
Jun 23 19:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30721]: Failed password for root from 147.45.199.80 port 41676 ssh2
Jun 23 19:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30721]: Connection closed by 147.45.199.80 port 41676 [preauth]
Jun 23 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: Failed password for root from 176.65.139.218 port 37732 ssh2
Jun 23 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: Connection closed by 176.65.139.218 port 37732 [preauth]
Jun 23 19:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Failed password for invalid user docker from 91.92.40.11 port 35618 ssh2
Jun 23 19:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Connection closed by 91.92.40.11 port 35618 [preauth]
Jun 23 19:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Invalid user appuser from 176.65.139.218
Jun 23 19:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: input_userauth_request: invalid user appuser [preauth]
Jun 23 19:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Failed password for invalid user appuser from 176.65.139.218 port 37804 ssh2
Jun 23 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Connection closed by 176.65.139.218 port 37804 [preauth]
Jun 23 19:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Invalid user test from 176.65.139.218
Jun 23 19:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: input_userauth_request: invalid user test [preauth]
Jun 23 19:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30748]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30818]: Successful su for rubyman by root
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30818]: + ??? root:rubyman
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579171 of user rubyman.
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30818]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579171.
Jun 23 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Failed password for invalid user test from 176.65.139.218 port 58840 ssh2
Jun 23 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Connection closed by 176.65.139.218 port 58840 [preauth]
Jun 23 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: User mysql from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: input_userauth_request: invalid user mysql [preauth]
Jun 23 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27780]: pam_unix(cron:session): session closed for user root
Jun 23 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=mysql
Jun 23 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: Failed password for invalid user mysql from 176.65.139.218 port 58972 ssh2
Jun 23 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: Connection closed by 176.65.139.218 port 58972 [preauth]
Jun 23 19:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Invalid user wizard from 176.65.139.218
Jun 23 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: input_userauth_request: invalid user wizard [preauth]
Jun 23 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for invalid user wizard from 176.65.139.218 port 58974 ssh2
Jun 23 19:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Connection closed by 176.65.139.218 port 58974 [preauth]
Jun 23 19:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: Invalid user alex from 176.65.139.218
Jun 23 19:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: input_userauth_request: invalid user alex [preauth]
Jun 23 19:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: Failed password for invalid user alex from 176.65.139.218 port 59080 ssh2
Jun 23 19:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: Connection closed by 176.65.139.218 port 59080 [preauth]
Jun 23 19:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Invalid user test from 59.12.160.91
Jun 23 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: input_userauth_request: invalid user test [preauth]
Jun 23 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: Invalid user git from 176.65.139.218
Jun 23 19:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: input_userauth_request: invalid user git [preauth]
Jun 23 19:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Failed password for invalid user test from 59.12.160.91 port 41898 ssh2
Jun 23 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Received disconnect from 59.12.160.91 port 41898:11: Bye Bye [preauth]
Jun 23 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Disconnected from 59.12.160.91 port 41898 [preauth]
Jun 23 19:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: Failed password for invalid user git from 176.65.139.218 port 45926 ssh2
Jun 23 19:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: Connection closed by 176.65.139.218 port 45926 [preauth]
Jun 23 19:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: User ftp from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: input_userauth_request: invalid user ftp [preauth]
Jun 23 19:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=ftp
Jun 23 19:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: Failed password for invalid user ftp from 176.65.139.218 port 45974 ssh2
Jun 23 19:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: Connection closed by 176.65.139.218 port 45974 [preauth]
Jun 23 19:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Invalid user fastuser from 176.65.139.218
Jun 23 19:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: input_userauth_request: invalid user fastuser [preauth]
Jun 23 19:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Failed password for invalid user fastuser from 176.65.139.218 port 46026 ssh2
Jun 23 19:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Connection closed by 176.65.139.218 port 46026 [preauth]
Jun 23 19:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 19:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: Invalid user term2 from 176.65.139.218
Jun 23 19:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: input_userauth_request: invalid user term2 [preauth]
Jun 23 19:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: Failed password for root from 103.172.78.219 port 52090 ssh2
Jun 23 19:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: Connection closed by 103.172.78.219 port 52090 [preauth]
Jun 23 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: Failed password for invalid user term2 from 176.65.139.218 port 46702 ssh2
Jun 23 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: Connection closed by 176.65.139.218 port 46702 [preauth]
Jun 23 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29820]: pam_unix(cron:session): session closed for user root
Jun 23 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Invalid user admin2 from 176.65.139.218
Jun 23 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: input_userauth_request: invalid user admin2 [preauth]
Jun 23 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Failed password for invalid user admin2 from 176.65.139.218 port 46740 ssh2
Jun 23 19:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Connection closed by 176.65.139.218 port 46740 [preauth]
Jun 23 19:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: Invalid user rdpuser from 176.65.139.218
Jun 23 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Invalid user wg from 65.21.150.20
Jun 23 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: input_userauth_request: invalid user wg [preauth]
Jun 23 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: Failed password for invalid user rdpuser from 176.65.139.218 port 39920 ssh2
Jun 23 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31224]: Connection closed by 176.65.139.218 port 39920 [preauth]
Jun 23 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Failed password for invalid user wg from 65.21.150.20 port 54700 ssh2
Jun 23 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Received disconnect from 65.21.150.20 port 54700:11: Bye Bye [preauth]
Jun 23 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Disconnected from 65.21.150.20 port 54700 [preauth]
Jun 23 19:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: User john from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: input_userauth_request: invalid user john [preauth]
Jun 23 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=john
Jun 23 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: Failed password for invalid user john from 176.65.139.218 port 39940 ssh2
Jun 23 19:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: Connection closed by 176.65.139.218 port 39940 [preauth]
Jun 23 19:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Invalid user blog from 104.208.108.166
Jun 23 19:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: input_userauth_request: invalid user blog [preauth]
Jun 23 19:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Failed password for invalid user blog from 104.208.108.166 port 63956 ssh2
Jun 23 19:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Received disconnect from 104.208.108.166 port 63956:11: Bye Bye [preauth]
Jun 23 19:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Disconnected from 104.208.108.166 port 63956 [preauth]
Jun 23 19:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Failed password for root from 176.65.139.218 port 40022 ssh2
Jun 23 19:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Connection closed by 176.65.139.218 port 40022 [preauth]
Jun 23 19:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: Invalid user guest from 176.65.139.218
Jun 23 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: input_userauth_request: invalid user guest [preauth]
Jun 23 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: Failed password for root from 103.176.20.57 port 58842 ssh2
Jun 23 19:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: Connection closed by 103.176.20.57 port 58842 [preauth]
Jun 23 19:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: Failed password for invalid user guest from 176.65.139.218 port 40104 ssh2
Jun 23 19:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: Connection closed by 176.65.139.218 port 40104 [preauth]
Jun 23 19:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243  user=root
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: Failed password for root from 115.178.75.243 port 56452 ssh2
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31291]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: Received disconnect from 115.178.75.243 port 56452:11: Bye Bye [preauth]
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31279]: Disconnected from 115.178.75.243 port 56452 [preauth]
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31354]: Successful su for rubyman by root
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31354]: + ??? root:rubyman
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579175 of user rubyman.
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31354]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579175.
Jun 23 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Invalid user pi from 176.65.139.218
Jun 23 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: input_userauth_request: invalid user pi [preauth]
Jun 23 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28282]: pam_unix(cron:session): session closed for user root
Jun 23 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Failed password for invalid user pi from 176.65.139.218 port 34048 ssh2
Jun 23 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Connection closed by 176.65.139.218 port 34048 [preauth]
Jun 23 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31292]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31556]: Invalid user odoo14 from 176.65.139.218
Jun 23 19:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31556]: input_userauth_request: invalid user odoo14 [preauth]
Jun 23 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31556]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31556]: Failed password for invalid user odoo14 from 176.65.139.218 port 41760 ssh2
Jun 23 19:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31556]: Connection closed by 176.65.139.218 port 41760 [preauth]
Jun 23 19:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: User normaluser from 59.12.160.91 not allowed because not listed in AllowUsers
Jun 23 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: input_userauth_request: invalid user normaluser [preauth]
Jun 23 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 19:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Failed password for invalid user normaluser from 59.12.160.91 port 60918 ssh2
Jun 23 19:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Received disconnect from 59.12.160.91 port 60918:11: Bye Bye [preauth]
Jun 23 19:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Disconnected from 59.12.160.91 port 60918 [preauth]
Jun 23 19:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: Failed password for root from 103.82.132.16 port 32860 ssh2
Jun 23 19:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: Connection closed by 103.82.132.16 port 32860 [preauth]
Jun 23 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Invalid user dspace from 91.92.40.11
Jun 23 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: input_userauth_request: invalid user dspace [preauth]
Jun 23 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Failed password for root from 176.65.139.218 port 41810 ssh2
Jun 23 19:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Connection closed by 176.65.139.218 port 41810 [preauth]
Jun 23 19:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Failed password for invalid user dspace from 91.92.40.11 port 33160 ssh2
Jun 23 19:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Connection closed by 91.92.40.11 port 33160 [preauth]
Jun 23 19:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Invalid user chris from 176.65.139.218
Jun 23 19:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: input_userauth_request: invalid user chris [preauth]
Jun 23 19:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Invalid user str from 95.58.255.251
Jun 23 19:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: input_userauth_request: invalid user str [preauth]
Jun 23 19:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for invalid user chris from 176.65.139.218 port 53880 ssh2
Jun 23 19:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Connection closed by 176.65.139.218 port 53880 [preauth]
Jun 23 19:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Failed password for invalid user str from 95.58.255.251 port 33380 ssh2
Jun 23 19:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Received disconnect from 95.58.255.251 port 33380:11: Bye Bye [preauth]
Jun 23 19:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Disconnected from 95.58.255.251 port 33380 [preauth]
Jun 23 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Failed password for root from 176.65.139.218 port 51888 ssh2
Jun 23 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Connection closed by 176.65.139.218 port 51888 [preauth]
Jun 23 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: Invalid user media from 176.65.139.218
Jun 23 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: input_userauth_request: invalid user media [preauth]
Jun 23 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30309]: pam_unix(cron:session): session closed for user root
Jun 23 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: Failed password for invalid user media from 176.65.139.218 port 51922 ssh2
Jun 23 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: Connection closed by 176.65.139.218 port 51922 [preauth]
Jun 23 19:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: Invalid user user from 176.65.139.218
Jun 23 19:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: input_userauth_request: invalid user user [preauth]
Jun 23 19:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: Failed password for invalid user user from 176.65.139.218 port 59350 ssh2
Jun 23 19:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: Connection closed by 176.65.139.218 port 59350 [preauth]
Jun 23 19:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: Invalid user root1 from 176.65.139.218
Jun 23 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: input_userauth_request: invalid user root1 [preauth]
Jun 23 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: Failed password for invalid user root1 from 176.65.139.218 port 42730 ssh2
Jun 23 19:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: Connection closed by 176.65.139.218 port 42730 [preauth]
Jun 23 19:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: Failed password for root from 176.65.139.218 port 42784 ssh2
Jun 23 19:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: Connection closed by 176.65.139.218 port 42784 [preauth]
Jun 23 19:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: User ftp from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: input_userauth_request: invalid user ftp [preauth]
Jun 23 19:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=ftp
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31822]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31881]: Successful su for rubyman by root
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31881]: + ??? root:rubyman
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579180 of user rubyman.
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31881]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579180.
Jun 23 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: Failed password for invalid user ftp from 176.65.139.218 port 58610 ssh2
Jun 23 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: Connection closed by 176.65.139.218 port 58610 [preauth]
Jun 23 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28801]: pam_unix(cron:session): session closed for user root
Jun 23 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: Invalid user root1 from 176.65.139.218
Jun 23 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: input_userauth_request: invalid user root1 [preauth]
Jun 23 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31823]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: Failed password for invalid user root1 from 176.65.139.218 port 58736 ssh2
Jun 23 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: Connection closed by 176.65.139.218 port 58736 [preauth]
Jun 23 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: Invalid user dspace from 59.12.160.91
Jun 23 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: input_userauth_request: invalid user dspace [preauth]
Jun 23 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: Failed password for invalid user dspace from 59.12.160.91 port 51722 ssh2
Jun 23 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: Received disconnect from 59.12.160.91 port 51722:11: Bye Bye [preauth]
Jun 23 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: Disconnected from 59.12.160.91 port 51722 [preauth]
Jun 23 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32099]: Invalid user user from 176.65.139.218
Jun 23 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32099]: input_userauth_request: invalid user user [preauth]
Jun 23 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32099]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32099]: Failed password for invalid user user from 176.65.139.218 port 56240 ssh2
Jun 23 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32099]: Connection closed by 176.65.139.218 port 56240 [preauth]
Jun 23 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Failed password for invalid user ubuntu from 176.65.139.218 port 34974 ssh2
Jun 23 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Connection closed by 176.65.139.218 port 34974 [preauth]
Jun 23 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: Invalid user rocky from 176.65.139.218
Jun 23 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: input_userauth_request: invalid user rocky [preauth]
Jun 23 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: Failed password for invalid user rocky from 176.65.139.218 port 34998 ssh2
Jun 23 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: Connection closed by 176.65.139.218 port 34998 [preauth]
Jun 23 19:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: Invalid user frappe from 176.65.139.218
Jun 23 19:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: input_userauth_request: invalid user frappe [preauth]
Jun 23 19:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session closed for user root
Jun 23 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: Failed password for invalid user frappe from 176.65.139.218 port 37244 ssh2
Jun 23 19:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: Connection closed by 176.65.139.218 port 37244 [preauth]
Jun 23 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: Invalid user deploy from 176.65.139.218
Jun 23 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: Failed password for invalid user deploy from 176.65.139.218 port 34082 ssh2
Jun 23 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: Connection closed by 176.65.139.218 port 34082 [preauth]
Jun 23 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32210]: Invalid user dspace from 91.92.40.11
Jun 23 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32210]: input_userauth_request: invalid user dspace [preauth]
Jun 23 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32210]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20  user=root
Jun 23 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32210]: Failed password for invalid user dspace from 91.92.40.11 port 46592 ssh2
Jun 23 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32210]: Connection closed by 91.92.40.11 port 46592 [preauth]
Jun 23 19:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32226]: Failed password for root from 65.21.150.20 port 50508 ssh2
Jun 23 19:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32212]: Failed password for root from 176.65.139.218 port 34162 ssh2
Jun 23 19:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32226]: Received disconnect from 65.21.150.20 port 50508:11: Bye Bye [preauth]
Jun 23 19:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32226]: Disconnected from 65.21.150.20 port 50508 [preauth]
Jun 23 19:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32212]: Connection closed by 176.65.139.218 port 34162 [preauth]
Jun 23 19:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: Did not receive identification string from 45.79.207.181
Jun 23 19:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: Invalid user webserver from 104.208.108.166
Jun 23 19:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: input_userauth_request: invalid user webserver [preauth]
Jun 23 19:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: Failed password for invalid user webserver from 104.208.108.166 port 27740 ssh2
Jun 23 19:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: Received disconnect from 104.208.108.166 port 27740:11: Bye Bye [preauth]
Jun 23 19:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: Disconnected from 104.208.108.166 port 27740 [preauth]
Jun 23 19:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: Failed password for root from 176.65.139.218 port 60002 ssh2
Jun 23 19:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: Connection closed by 176.65.139.218 port 60002 [preauth]
Jun 23 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Invalid user web from 176.65.139.218
Jun 23 19:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: input_userauth_request: invalid user web [preauth]
Jun 23 19:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Failed password for invalid user web from 176.65.139.218 port 60106 ssh2
Jun 23 19:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Connection closed by 176.65.139.218 port 60106 [preauth]
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32265]: pam_unix(cron:session): session closed for user root
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32260]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: Successful su for rubyman by root
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: + ??? root:rubyman
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579186 of user rubyman.
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579186.
Jun 23 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Invalid user opc from 176.65.139.218
Jun 23 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: input_userauth_request: invalid user opc [preauth]
Jun 23 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Invalid user foundry from 95.58.255.251
Jun 23 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: input_userauth_request: invalid user foundry [preauth]
Jun 23 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29263]: pam_unix(cron:session): session closed for user root
Jun 23 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32262]: pam_unix(cron:session): session closed for user root
Jun 23 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Failed password for invalid user opc from 176.65.139.218 port 57436 ssh2
Jun 23 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Connection closed by 176.65.139.218 port 57436 [preauth]
Jun 23 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32526]: Invalid user steam from 59.12.160.91
Jun 23 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32526]: input_userauth_request: invalid user steam [preauth]
Jun 23 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32526]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Failed password for invalid user foundry from 95.58.255.251 port 33424 ssh2
Jun 23 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Received disconnect from 95.58.255.251 port 33424:11: Bye Bye [preauth]
Jun 23 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Disconnected from 95.58.255.251 port 33424 [preauth]
Jun 23 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32261]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32526]: Failed password for invalid user steam from 59.12.160.91 port 42668 ssh2
Jun 23 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32526]: Received disconnect from 59.12.160.91 port 42668:11: Bye Bye [preauth]
Jun 23 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32526]: Disconnected from 59.12.160.91 port 42668 [preauth]
Jun 23 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: Invalid user test1 from 176.65.139.218
Jun 23 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: input_userauth_request: invalid user test1 [preauth]
Jun 23 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: Failed password for invalid user test1 from 176.65.139.218 port 54920 ssh2
Jun 23 19:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32561]: Connection closed by 176.65.139.218 port 54920 [preauth]
Jun 23 19:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: Invalid user star from 115.178.75.243
Jun 23 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: input_userauth_request: invalid user star [preauth]
Jun 23 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: Failed password for invalid user star from 115.178.75.243 port 39498 ssh2
Jun 23 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: Received disconnect from 115.178.75.243 port 39498:11: Bye Bye [preauth]
Jun 23 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: Disconnected from 115.178.75.243 port 39498 [preauth]
Jun 23 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: Failed password for root from 176.65.139.218 port 54992 ssh2
Jun 23 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: Connection closed by 176.65.139.218 port 54992 [preauth]
Jun 23 19:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Invalid user milad from 176.65.139.218
Jun 23 19:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: input_userauth_request: invalid user milad [preauth]
Jun 23 19:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Failed password for invalid user milad from 176.65.139.218 port 33672 ssh2
Jun 23 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Connection closed by 176.65.139.218 port 33672 [preauth]
Jun 23 19:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: Invalid user deploy from 176.65.139.218
Jun 23 19:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: Failed password for invalid user deploy from 176.65.139.218 port 37986 ssh2
Jun 23 19:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: Connection closed by 176.65.139.218 port 37986 [preauth]
Jun 23 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31294]: pam_unix(cron:session): session closed for user root
Jun 23 19:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: Invalid user crafty from 176.65.139.218
Jun 23 19:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: input_userauth_request: invalid user crafty [preauth]
Jun 23 19:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: Failed password for invalid user crafty from 176.65.139.218 port 38074 ssh2
Jun 23 19:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: Connection closed by 176.65.139.218 port 38074 [preauth]
Jun 23 19:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: Invalid user deploy from 176.65.139.218
Jun 23 19:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: Failed password for invalid user deploy from 176.65.139.218 port 46882 ssh2
Jun 23 19:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: Connection closed by 176.65.139.218 port 46882 [preauth]
Jun 23 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: Invalid user monitor from 176.65.139.218
Jun 23 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: input_userauth_request: invalid user monitor [preauth]
Jun 23 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: Failed password for invalid user monitor from 176.65.139.218 port 40556 ssh2
Jun 23 19:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: Connection closed by 176.65.139.218 port 40556 [preauth]
Jun 23 19:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: Invalid user vpn from 176.65.139.218
Jun 23 19:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: input_userauth_request: invalid user vpn [preauth]
Jun 23 19:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: Failed password for invalid user vpn from 176.65.139.218 port 40590 ssh2
Jun 23 19:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: Connection closed by 176.65.139.218 port 40590 [preauth]
Jun 23 19:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Invalid user newuser from 176.65.139.218
Jun 23 19:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: input_userauth_request: invalid user newuser [preauth]
Jun 23 19:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[342]: Successful su for rubyman by root
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[342]: + ??? root:rubyman
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579189 of user rubyman.
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[342]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579189.
Jun 23 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Failed password for invalid user newuser from 176.65.139.218 port 50374 ssh2
Jun 23 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Connection closed by 176.65.139.218 port 50374 [preauth]
Jun 23 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29819]: pam_unix(cron:session): session closed for user root
Jun 23 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: Invalid user dspace from 91.92.40.11
Jun 23 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: input_userauth_request: invalid user dspace [preauth]
Jun 23 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: Failed password for root from 176.65.139.218 port 50432 ssh2
Jun 23 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[651]: Connection closed by 176.65.139.218 port 50432 [preauth]
Jun 23 19:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: Failed password for invalid user dspace from 91.92.40.11 port 43272 ssh2
Jun 23 19:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: Connection closed by 91.92.40.11 port 43272 [preauth]
Jun 23 19:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Jun 23 19:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Invalid user minecraft from 176.65.139.218
Jun 23 19:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 19:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: Failed password for root from 59.12.160.91 port 33786 ssh2
Jun 23 19:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: Received disconnect from 59.12.160.91 port 33786:11: Bye Bye [preauth]
Jun 23 19:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: Disconnected from 59.12.160.91 port 33786 [preauth]
Jun 23 19:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Failed password for invalid user minecraft from 176.65.139.218 port 60344 ssh2
Jun 23 19:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Connection closed by 176.65.139.218 port 60344 [preauth]
Jun 23 19:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Invalid user amir from 176.65.139.218
Jun 23 19:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: input_userauth_request: invalid user amir [preauth]
Jun 23 19:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Failed password for invalid user amir from 176.65.139.218 port 39544 ssh2
Jun 23 19:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Connection closed by 176.65.139.218 port 39544 [preauth]
Jun 23 19:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Failed password for root from 176.65.139.218 port 39640 ssh2
Jun 23 19:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Connection closed by 176.65.139.218 port 39640 [preauth]
Jun 23 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: Invalid user claude from 176.65.139.218
Jun 23 19:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: input_userauth_request: invalid user claude [preauth]
Jun 23 19:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31825]: pam_unix(cron:session): session closed for user root
Jun 23 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: Failed password for invalid user claude from 176.65.139.218 port 35968 ssh2
Jun 23 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: Connection closed by 176.65.139.218 port 35968 [preauth]
Jun 23 19:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: Failed password for invalid user ubuntu from 176.65.139.218 port 42748 ssh2
Jun 23 19:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: Connection closed by 176.65.139.218 port 42748 [preauth]
Jun 23 19:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: Invalid user user10 from 176.65.139.218
Jun 23 19:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: input_userauth_request: invalid user user10 [preauth]
Jun 23 19:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: Failed password for invalid user user10 from 176.65.139.218 port 42834 ssh2
Jun 23 19:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[806]: Connection closed by 176.65.139.218 port 42834 [preauth]
Jun 23 19:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: Invalid user ubuntu from 95.58.255.251
Jun 23 19:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: Failed password for invalid user ubuntu from 95.58.255.251 port 60034 ssh2
Jun 23 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: Received disconnect from 95.58.255.251 port 60034:11: Bye Bye [preauth]
Jun 23 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: Disconnected from 95.58.255.251 port 60034 [preauth]
Jun 23 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166  user=root
Jun 23 19:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: Failed password for root from 176.65.139.218 port 38008 ssh2
Jun 23 19:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: Connection closed by 176.65.139.218 port 38008 [preauth]
Jun 23 19:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Failed password for root from 104.208.108.166 port 37576 ssh2
Jun 23 19:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Received disconnect from 104.208.108.166 port 37576:11: Bye Bye [preauth]
Jun 23 19:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Disconnected from 104.208.108.166 port 37576 [preauth]
Jun 23 19:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Invalid user test from 65.21.150.20
Jun 23 19:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: input_userauth_request: invalid user test [preauth]
Jun 23 19:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Failed password for invalid user test from 65.21.150.20 port 57162 ssh2
Jun 23 19:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Received disconnect from 65.21.150.20 port 57162:11: Bye Bye [preauth]
Jun 23 19:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Disconnected from 65.21.150.20 port 57162 [preauth]
Jun 23 19:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: Invalid user onkar from 176.65.139.218
Jun 23 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: input_userauth_request: invalid user onkar [preauth]
Jun 23 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: Failed password for invalid user onkar from 176.65.139.218 port 38092 ssh2
Jun 23 19:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: Connection closed by 176.65.139.218 port 38092 [preauth]
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[863]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[929]: Successful su for rubyman by root
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[929]: + ??? root:rubyman
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579193 of user rubyman.
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[929]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579193.
Jun 23 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Invalid user rocky from 176.65.139.218
Jun 23 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: input_userauth_request: invalid user rocky [preauth]
Jun 23 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30308]: pam_unix(cron:session): session closed for user root
Jun 23 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Failed password for invalid user rocky from 176.65.139.218 port 37634 ssh2
Jun 23 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Connection closed by 176.65.139.218 port 37634 [preauth]
Jun 23 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[864]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: Invalid user frappe from 59.12.160.91
Jun 23 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: input_userauth_request: invalid user frappe [preauth]
Jun 23 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: Failed password for invalid user frappe from 59.12.160.91 port 52744 ssh2
Jun 23 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: Received disconnect from 59.12.160.91 port 52744:11: Bye Bye [preauth]
Jun 23 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: Disconnected from 59.12.160.91 port 52744 [preauth]
Jun 23 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Invalid user test from 176.65.139.218
Jun 23 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: input_userauth_request: invalid user test [preauth]
Jun 23 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Failed password for invalid user test from 176.65.139.218 port 49850 ssh2
Jun 23 19:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Connection closed by 176.65.139.218 port 49850 [preauth]
Jun 23 19:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Invalid user ftpuser from 176.65.139.218
Jun 23 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Invalid user parth from 104.243.42.167
Jun 23 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: input_userauth_request: invalid user parth [preauth]
Jun 23 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Failed password for invalid user ftpuser from 176.65.139.218 port 49902 ssh2
Jun 23 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Connection closed by 176.65.139.218 port 49902 [preauth]
Jun 23 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Failed password for invalid user parth from 104.243.42.167 port 35434 ssh2
Jun 23 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Received disconnect from 104.243.42.167 port 35434:11: Bye Bye [preauth]
Jun 23 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Disconnected from 104.243.42.167 port 35434 [preauth]
Jun 23 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: Invalid user test from 176.65.139.218
Jun 23 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: input_userauth_request: invalid user test [preauth]
Jun 23 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: Failed password for invalid user test from 176.65.139.218 port 35194 ssh2
Jun 23 19:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: Connection closed by 176.65.139.218 port 35194 [preauth]
Jun 23 19:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Invalid user openclaw from 176.65.139.218
Jun 23 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Failed password for invalid user openclaw from 176.65.139.218 port 35260 ssh2
Jun 23 19:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Connection closed by 176.65.139.218 port 35260 [preauth]
Jun 23 19:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Invalid user user4 from 176.65.139.218
Jun 23 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: input_userauth_request: invalid user user4 [preauth]
Jun 23 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Failed password for invalid user user4 from 176.65.139.218 port 35308 ssh2
Jun 23 19:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Connection closed by 176.65.139.218 port 35308 [preauth]
Jun 23 19:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Invalid user username from 176.65.139.218
Jun 23 19:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: input_userauth_request: invalid user username [preauth]
Jun 23 19:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1249]: Invalid user ec2-user from 91.92.40.11
Jun 23 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1249]: input_userauth_request: invalid user ec2-user [preauth]
Jun 23 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1249]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Failed password for invalid user username from 176.65.139.218 port 52488 ssh2
Jun 23 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Connection closed by 176.65.139.218 port 52488 [preauth]
Jun 23 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32264]: pam_unix(cron:session): session closed for user root
Jun 23 19:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1249]: Failed password for invalid user ec2-user from 91.92.40.11 port 44998 ssh2
Jun 23 19:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1249]: Connection closed by 91.92.40.11 port 44998 [preauth]
Jun 23 19:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Invalid user ts3 from 176.65.139.218
Jun 23 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Failed password for invalid user ts3 from 176.65.139.218 port 52564 ssh2
Jun 23 19:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Connection closed by 176.65.139.218 port 52564 [preauth]
Jun 23 19:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Invalid user lenovo from 115.178.75.243
Jun 23 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: input_userauth_request: invalid user lenovo [preauth]
Jun 23 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: Invalid user aaa from 176.65.139.218
Jun 23 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: input_userauth_request: invalid user aaa [preauth]
Jun 23 19:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Failed password for invalid user lenovo from 115.178.75.243 port 50800 ssh2
Jun 23 19:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Received disconnect from 115.178.75.243 port 50800:11: Bye Bye [preauth]
Jun 23 19:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Disconnected from 115.178.75.243 port 50800 [preauth]
Jun 23 19:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: Failed password for invalid user aaa from 176.65.139.218 port 46948 ssh2
Jun 23 19:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: Connection closed by 176.65.139.218 port 46948 [preauth]
Jun 23 19:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Invalid user claude from 176.65.139.218
Jun 23 19:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: input_userauth_request: invalid user claude [preauth]
Jun 23 19:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Failed password for invalid user claude from 176.65.139.218 port 46992 ssh2
Jun 23 19:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Connection closed by 176.65.139.218 port 46992 [preauth]
Jun 23 19:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Invalid user admin from 176.65.139.218
Jun 23 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Failed password for invalid user admin from 176.65.139.218 port 38604 ssh2
Jun 23 19:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Connection closed by 176.65.139.218 port 38604 [preauth]
Jun 23 19:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Invalid user frappe from 176.65.139.218
Jun 23 19:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: input_userauth_request: invalid user frappe [preauth]
Jun 23 19:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Failed password for invalid user frappe from 176.65.139.218 port 38642 ssh2
Jun 23 19:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Connection closed by 176.65.139.218 port 38642 [preauth]
Jun 23 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Jun 23 19:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Invalid user runner from 176.65.139.218
Jun 23 19:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: input_userauth_request: invalid user runner [preauth]
Jun 23 19:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Failed password for root from 59.12.160.91 port 43504 ssh2
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1361]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Received disconnect from 59.12.160.91 port 43504:11: Bye Bye [preauth]
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Disconnected from 59.12.160.91 port 43504 [preauth]
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: Successful su for rubyman by root
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: + ??? root:rubyman
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579197 of user rubyman.
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579197.
Jun 23 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Failed password for invalid user runner from 176.65.139.218 port 39062 ssh2
Jun 23 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Connection closed by 176.65.139.218 port 39062 [preauth]
Jun 23 19:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session closed for user root
Jun 23 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Invalid user master from 176.65.139.218
Jun 23 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: input_userauth_request: invalid user master [preauth]
Jun 23 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1362]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Failed password for invalid user master from 176.65.139.218 port 39082 ssh2
Jun 23 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Connection closed by 176.65.139.218 port 39082 [preauth]
Jun 23 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: Invalid user erp from 176.65.139.218
Jun 23 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: input_userauth_request: invalid user erp [preauth]
Jun 23 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: Failed password for invalid user erp from 176.65.139.218 port 53472 ssh2
Jun 23 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: Connection closed by 176.65.139.218 port 53472 [preauth]
Jun 23 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: Failed password for root from 176.65.139.218 port 58580 ssh2
Jun 23 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: Connection closed by 176.65.139.218 port 58580 [preauth]
Jun 23 19:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Invalid user odoo16 from 176.65.139.218
Jun 23 19:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: input_userauth_request: invalid user odoo16 [preauth]
Jun 23 19:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Failed password for invalid user odoo16 from 176.65.139.218 port 58622 ssh2
Jun 23 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Connection closed by 176.65.139.218 port 58622 [preauth]
Jun 23 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Invalid user monitoring from 95.58.255.251
Jun 23 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: input_userauth_request: invalid user monitoring [preauth]
Jun 23 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Invalid user chenxi from 176.65.139.218
Jun 23 19:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: input_userauth_request: invalid user chenxi [preauth]
Jun 23 19:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Failed password for invalid user monitoring from 95.58.255.251 port 45356 ssh2
Jun 23 19:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Received disconnect from 95.58.255.251 port 45356:11: Bye Bye [preauth]
Jun 23 19:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Disconnected from 95.58.255.251 port 45356 [preauth]
Jun 23 19:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Failed password for invalid user chenxi from 176.65.139.218 port 44890 ssh2
Jun 23 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Connection closed by 176.65.139.218 port 44890 [preauth]
Jun 23 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: Received disconnect from 179.61.232.245 port 35922:11: disconnected by user [preauth]
Jun 23 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: Disconnected from 179.61.232.245 port 35922 [preauth]
Jun 23 19:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32740]: pam_unix(cron:session): session closed for user root
Jun 23 19:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Invalid user server from 176.65.139.218
Jun 23 19:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: input_userauth_request: invalid user server [preauth]
Jun 23 19:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Failed password for invalid user server from 176.65.139.218 port 52040 ssh2
Jun 23 19:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Connection closed by 176.65.139.218 port 52040 [preauth]
Jun 23 19:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Invalid user hu from 176.65.139.218
Jun 23 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: input_userauth_request: invalid user hu [preauth]
Jun 23 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Failed password for invalid user hu from 176.65.139.218 port 52068 ssh2
Jun 23 19:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Connection closed by 176.65.139.218 port 52068 [preauth]
Jun 23 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1903]: Invalid user nikola from 104.208.108.166
Jun 23 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1903]: input_userauth_request: invalid user nikola [preauth]
Jun 23 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1903]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: Invalid user admin from 176.65.139.218
Jun 23 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1903]: Failed password for invalid user nikola from 104.208.108.166 port 5054 ssh2
Jun 23 19:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1903]: Received disconnect from 104.208.108.166 port 5054:11: Bye Bye [preauth]
Jun 23 19:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1903]: Disconnected from 104.208.108.166 port 5054 [preauth]
Jun 23 19:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: Failed password for invalid user admin from 176.65.139.218 port 58934 ssh2
Jun 23 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1905]: Connection closed by 176.65.139.218 port 58934 [preauth]
Jun 23 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: Invalid user rmsadm from 59.12.160.91
Jun 23 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: input_userauth_request: invalid user rmsadm [preauth]
Jun 23 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: Failed password for invalid user rmsadm from 59.12.160.91 port 34178 ssh2
Jun 23 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: Received disconnect from 59.12.160.91 port 34178:11: Bye Bye [preauth]
Jun 23 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1922]: Disconnected from 59.12.160.91 port 34178 [preauth]
Jun 23 19:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: Invalid user myuser from 176.65.139.218
Jun 23 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: input_userauth_request: invalid user myuser [preauth]
Jun 23 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: Invalid user elastic from 91.92.40.11
Jun 23 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: input_userauth_request: invalid user elastic [preauth]
Jun 23 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: Failed password for invalid user myuser from 176.65.139.218 port 58984 ssh2
Jun 23 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: Connection closed by 176.65.139.218 port 58984 [preauth]
Jun 23 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: Failed password for invalid user elastic from 91.92.40.11 port 41650 ssh2
Jun 23 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: Connection closed by 91.92.40.11 port 41650 [preauth]
Jun 23 19:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20  user=root
Jun 23 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Invalid user www from 176.65.139.218
Jun 23 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: input_userauth_request: invalid user www [preauth]
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1963]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: Successful su for rubyman by root
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: + ??? root:rubyman
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579201 of user rubyman.
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579201.
Jun 23 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1960]: pam_unix(cron:session): session closed for user root
Jun 23 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: Failed password for root from 65.21.150.20 port 45520 ssh2
Jun 23 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: Received disconnect from 65.21.150.20 port 45520:11: Bye Bye [preauth]
Jun 23 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: Disconnected from 65.21.150.20 port 45520 [preauth]
Jun 23 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Failed password for invalid user www from 176.65.139.218 port 54412 ssh2
Jun 23 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Connection closed by 176.65.139.218 port 54412 [preauth]
Jun 23 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31293]: pam_unix(cron:session): session closed for user root
Jun 23 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1964]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: Invalid user nginx from 176.65.139.218
Jun 23 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: input_userauth_request: invalid user nginx [preauth]
Jun 23 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: Failed password for invalid user nginx from 176.65.139.218 port 57446 ssh2
Jun 23 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: Connection closed by 176.65.139.218 port 57446 [preauth]
Jun 23 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: User mysql from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: input_userauth_request: invalid user mysql [preauth]
Jun 23 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=mysql
Jun 23 19:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: Failed password for invalid user mysql from 176.65.139.218 port 57482 ssh2
Jun 23 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: Connection closed by 176.65.139.218 port 57482 [preauth]
Jun 23 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Invalid user azureuser from 176.65.139.218
Jun 23 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 19:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Failed password for invalid user azureuser from 176.65.139.218 port 37954 ssh2
Jun 23 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Connection closed by 176.65.139.218 port 37954 [preauth]
Jun 23 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Failed password for root from 176.65.139.218 port 38018 ssh2
Jun 23 19:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Connection closed by 176.65.139.218 port 38018 [preauth]
Jun 23 19:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Invalid user ansible from 176.65.139.218
Jun 23 19:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: input_userauth_request: invalid user ansible [preauth]
Jun 23 19:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Failed password for invalid user ansible from 176.65.139.218 port 37554 ssh2
Jun 23 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Connection closed by 176.65.139.218 port 37554 [preauth]
Jun 23 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[866]: pam_unix(cron:session): session closed for user root
Jun 23 19:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Invalid user student from 176.65.139.218
Jun 23 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: input_userauth_request: invalid user student [preauth]
Jun 23 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Failed password for invalid user student from 176.65.139.218 port 37620 ssh2
Jun 23 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Connection closed by 176.65.139.218 port 37620 [preauth]
Jun 23 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Invalid user manoj from 176.65.139.218
Jun 23 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: input_userauth_request: invalid user manoj [preauth]
Jun 23 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Failed password for invalid user manoj from 176.65.139.218 port 51436 ssh2
Jun 23 19:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Connection closed by 176.65.139.218 port 51436 [preauth]
Jun 23 19:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Invalid user oracle from 59.12.160.91
Jun 23 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: input_userauth_request: invalid user oracle [preauth]
Jun 23 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Failed password for invalid user oracle from 59.12.160.91 port 53222 ssh2
Jun 23 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Received disconnect from 59.12.160.91 port 53222:11: Bye Bye [preauth]
Jun 23 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Disconnected from 59.12.160.91 port 53222 [preauth]
Jun 23 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: Invalid user admin from 176.65.139.218
Jun 23 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: Failed password for invalid user admin from 176.65.139.218 port 39444 ssh2
Jun 23 19:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: Connection closed by 176.65.139.218 port 39444 [preauth]
Jun 23 19:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Invalid user packer from 115.178.75.243
Jun 23 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: input_userauth_request: invalid user packer [preauth]
Jun 23 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: Failed password for root from 176.65.139.218 port 39518 ssh2
Jun 23 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: Connection closed by 176.65.139.218 port 39518 [preauth]
Jun 23 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Failed password for invalid user packer from 115.178.75.243 port 33850 ssh2
Jun 23 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Received disconnect from 115.178.75.243 port 33850:11: Bye Bye [preauth]
Jun 23 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Disconnected from 115.178.75.243 port 33850 [preauth]
Jun 23 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: Invalid user pi from 176.65.139.218
Jun 23 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: input_userauth_request: invalid user pi [preauth]
Jun 23 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: Failed password for invalid user pi from 176.65.139.218 port 40280 ssh2
Jun 23 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: Connection closed by 176.65.139.218 port 40280 [preauth]
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2545]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2548]: pam_unix(cron:session): session closed for user root
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: Successful su for rubyman by root
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: + ??? root:rubyman
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579208 of user rubyman.
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579208.
Jun 23 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2545]: pam_unix(cron:session): session closed for user root
Jun 23 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2766]: Invalid user devops from 176.65.139.218
Jun 23 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2766]: input_userauth_request: invalid user devops [preauth]
Jun 23 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31824]: pam_unix(cron:session): session closed for user root
Jun 23 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2766]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2766]: Failed password for invalid user devops from 176.65.139.218 port 40320 ssh2
Jun 23 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2766]: Connection closed by 176.65.139.218 port 40320 [preauth]
Jun 23 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2841]: Invalid user customer from 176.65.139.218
Jun 23 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2841]: input_userauth_request: invalid user customer [preauth]
Jun 23 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2841]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2852]: Invalid user ernesto from 95.58.255.251
Jun 23 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2852]: input_userauth_request: invalid user ernesto [preauth]
Jun 23 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2852]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2841]: Failed password for invalid user customer from 176.65.139.218 port 41050 ssh2
Jun 23 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2841]: Connection closed by 176.65.139.218 port 41050 [preauth]
Jun 23 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2852]: Failed password for invalid user ernesto from 95.58.255.251 port 42252 ssh2
Jun 23 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2852]: Received disconnect from 95.58.255.251 port 42252:11: Bye Bye [preauth]
Jun 23 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2852]: Disconnected from 95.58.255.251 port 42252 [preauth]
Jun 23 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Invalid user btc from 176.65.139.218
Jun 23 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: input_userauth_request: invalid user btc [preauth]
Jun 23 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Failed password for invalid user btc from 176.65.139.218 port 41074 ssh2
Jun 23 19:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Connection closed by 176.65.139.218 port 41074 [preauth]
Jun 23 19:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Invalid user linux from 176.65.139.218
Jun 23 19:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: input_userauth_request: invalid user linux [preauth]
Jun 23 19:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Failed password for invalid user linux from 176.65.139.218 port 33294 ssh2
Jun 23 19:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Connection closed by 176.65.139.218 port 33294 [preauth]
Jun 23 19:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: Invalid user elastic from 91.92.40.11
Jun 23 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: input_userauth_request: invalid user elastic [preauth]
Jun 23 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2911]: Invalid user packer from 176.65.139.218
Jun 23 19:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2911]: input_userauth_request: invalid user packer [preauth]
Jun 23 19:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2911]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: Failed password for invalid user elastic from 91.92.40.11 port 48068 ssh2
Jun 23 19:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: Connection closed by 91.92.40.11 port 48068 [preauth]
Jun 23 19:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2911]: Failed password for invalid user packer from 176.65.139.218 port 33346 ssh2
Jun 23 19:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2911]: Connection closed by 176.65.139.218 port 33346 [preauth]
Jun 23 19:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: Invalid user teamspeak from 176.65.139.218
Jun 23 19:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: input_userauth_request: invalid user teamspeak [preauth]
Jun 23 19:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session closed for user root
Jun 23 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: Failed password for invalid user teamspeak from 176.65.139.218 port 39756 ssh2
Jun 23 19:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: Connection closed by 176.65.139.218 port 39756 [preauth]
Jun 23 19:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: Invalid user bob from 176.65.139.218
Jun 23 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: input_userauth_request: invalid user bob [preauth]
Jun 23 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: Failed password for invalid user bob from 176.65.139.218 port 38918 ssh2
Jun 23 19:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2951]: Connection closed by 176.65.139.218 port 38918 [preauth]
Jun 23 19:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: Invalid user yzh from 104.208.108.166
Jun 23 19:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: input_userauth_request: invalid user yzh [preauth]
Jun 23 19:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: Failed password for invalid user yzh from 104.208.108.166 port 32800 ssh2
Jun 23 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: Received disconnect from 104.208.108.166 port 32800:11: Bye Bye [preauth]
Jun 23 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: Disconnected from 104.208.108.166 port 32800 [preauth]
Jun 23 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: Invalid user ec2-user from 176.65.139.218
Jun 23 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: input_userauth_request: invalid user ec2-user [preauth]
Jun 23 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: Invalid user sftpuser from 59.12.160.91
Jun 23 19:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: input_userauth_request: invalid user sftpuser [preauth]
Jun 23 19:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: Failed password for invalid user ec2-user from 176.65.139.218 port 38962 ssh2
Jun 23 19:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: Connection closed by 176.65.139.218 port 38962 [preauth]
Jun 23 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: Failed password for invalid user sftpuser from 59.12.160.91 port 44056 ssh2
Jun 23 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: Received disconnect from 59.12.160.91 port 44056:11: Bye Bye [preauth]
Jun 23 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2978]: Disconnected from 59.12.160.91 port 44056 [preauth]
Jun 23 19:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Invalid user myuser from 176.65.139.218
Jun 23 19:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: input_userauth_request: invalid user myuser [preauth]
Jun 23 19:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Failed password for invalid user myuser from 176.65.139.218 port 34396 ssh2
Jun 23 19:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Connection closed by 176.65.139.218 port 34396 [preauth]
Jun 23 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: Invalid user deploy from 176.65.139.218
Jun 23 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: Failed password for invalid user deploy from 176.65.139.218 port 34442 ssh2
Jun 23 19:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: Connection closed by 176.65.139.218 port 34442 [preauth]
Jun 23 19:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: Invalid user odoo from 176.65.139.218
Jun 23 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: input_userauth_request: invalid user odoo [preauth]
Jun 23 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: Failed password for invalid user odoo from 176.65.139.218 port 37198 ssh2
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3082]: Successful su for rubyman by root
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3082]: + ??? root:rubyman
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: Connection closed by 176.65.139.218 port 37198 [preauth]
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579212 of user rubyman.
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3082]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579212.
Jun 23 19:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session closed for user root
Jun 23 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3015]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: Failed password for root from 176.65.139.218 port 37252 ssh2
Jun 23 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: Connection closed by 176.65.139.218 port 37252 [preauth]
Jun 23 19:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: Invalid user ruben from 65.21.150.20
Jun 23 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: input_userauth_request: invalid user ruben [preauth]
Jun 23 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: Invalid user fa from 176.65.139.218
Jun 23 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: input_userauth_request: invalid user fa [preauth]
Jun 23 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: Failed password for invalid user ruben from 65.21.150.20 port 43648 ssh2
Jun 23 19:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: Received disconnect from 65.21.150.20 port 43648:11: Bye Bye [preauth]
Jun 23 19:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3280]: Disconnected from 65.21.150.20 port 43648 [preauth]
Jun 23 19:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: Failed password for invalid user fa from 176.65.139.218 port 44408 ssh2
Jun 23 19:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: Connection closed by 176.65.139.218 port 44408 [preauth]
Jun 23 19:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: Failed password for root from 176.65.139.218 port 44474 ssh2
Jun 23 19:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: Connection closed by 176.65.139.218 port 44474 [preauth]
Jun 23 19:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: Failed password for root from 176.65.139.218 port 50914 ssh2
Jun 23 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: Connection closed by 176.65.139.218 port 50914 [preauth]
Jun 23 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167  user=root
Jun 23 19:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Failed password for root from 104.243.42.167 port 51692 ssh2
Jun 23 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Received disconnect from 104.243.42.167 port 51692:11: Bye Bye [preauth]
Jun 23 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Disconnected from 104.243.42.167 port 51692 [preauth]
Jun 23 19:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Failed password for root from 176.65.139.218 port 50978 ssh2
Jun 23 19:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Connection closed by 176.65.139.218 port 50978 [preauth]
Jun 23 19:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Invalid user uftp from 176.65.139.218
Jun 23 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: input_userauth_request: invalid user uftp [preauth]
Jun 23 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1967]: pam_unix(cron:session): session closed for user root
Jun 23 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Failed password for invalid user uftp from 176.65.139.218 port 53914 ssh2
Jun 23 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Connection closed by 176.65.139.218 port 53914 [preauth]
Jun 23 19:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: Invalid user usuario from 176.65.139.218
Jun 23 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: input_userauth_request: invalid user usuario [preauth]
Jun 23 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: Failed password for invalid user usuario from 176.65.139.218 port 58464 ssh2
Jun 23 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: Connection closed by 176.65.139.218 port 58464 [preauth]
Jun 23 19:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Jun 23 19:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Failed password for root from 59.12.160.91 port 35036 ssh2
Jun 23 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: Invalid user jenkins from 176.65.139.218
Jun 23 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Received disconnect from 59.12.160.91 port 35036:11: Bye Bye [preauth]
Jun 23 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Disconnected from 59.12.160.91 port 35036 [preauth]
Jun 23 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: Failed password for invalid user jenkins from 176.65.139.218 port 58506 ssh2
Jun 23 19:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: Connection closed by 176.65.139.218 port 58506 [preauth]
Jun 23 19:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Failed password for root from 176.65.139.218 port 57398 ssh2
Jun 23 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Connection closed by 176.65.139.218 port 57398 [preauth]
Jun 23 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: Invalid user elastic from 91.92.40.11
Jun 23 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: input_userauth_request: invalid user elastic [preauth]
Jun 23 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: Failed password for invalid user elastic from 91.92.40.11 port 49944 ssh2
Jun 23 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3425]: Connection closed by 91.92.40.11 port 49944 [preauth]
Jun 23 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251  user=root
Jun 23 19:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Invalid user admin from 176.65.139.218
Jun 23 19:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3427]: Failed password for root from 95.58.255.251 port 59734 ssh2
Jun 23 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3427]: Received disconnect from 95.58.255.251 port 59734:11: Bye Bye [preauth]
Jun 23 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3427]: Disconnected from 95.58.255.251 port 59734 [preauth]
Jun 23 19:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Failed password for invalid user admin from 176.65.139.218 port 57476 ssh2
Jun 23 19:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Connection closed by 176.65.139.218 port 57476 [preauth]
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3517]: Successful su for rubyman by root
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3517]: + ??? root:rubyman
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579216 of user rubyman.
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3517]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579216.
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Invalid user dev from 176.65.139.218
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: input_userauth_request: invalid user dev [preauth]
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session closed for user root
Jun 23 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Failed password for invalid user dev from 176.65.139.218 port 51870 ssh2
Jun 23 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Connection closed by 176.65.139.218 port 51870 [preauth]
Jun 23 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: Invalid user admin from 115.178.75.243
Jun 23 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Invalid user vagrant from 176.65.139.218
Jun 23 19:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: input_userauth_request: invalid user vagrant [preauth]
Jun 23 19:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: Failed password for invalid user admin from 115.178.75.243 port 45136 ssh2
Jun 23 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: Received disconnect from 115.178.75.243 port 45136:11: Bye Bye [preauth]
Jun 23 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: Disconnected from 115.178.75.243 port 45136 [preauth]
Jun 23 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Failed password for invalid user vagrant from 176.65.139.218 port 51470 ssh2
Jun 23 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Connection closed by 176.65.139.218 port 51470 [preauth]
Jun 23 19:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: Invalid user jellyfin from 176.65.139.218
Jun 23 19:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: input_userauth_request: invalid user jellyfin [preauth]
Jun 23 19:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: Failed password for invalid user jellyfin from 176.65.139.218 port 51518 ssh2
Jun 23 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: Connection closed by 176.65.139.218 port 51518 [preauth]
Jun 23 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Invalid user ranga from 176.65.139.218
Jun 23 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: input_userauth_request: invalid user ranga [preauth]
Jun 23 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Failed password for invalid user ranga from 176.65.139.218 port 39696 ssh2
Jun 23 19:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Connection closed by 176.65.139.218 port 39696 [preauth]
Jun 23 19:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Failed password for root from 103.5.210.47 port 51668 ssh2
Jun 23 19:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Connection closed by 103.5.210.47 port 51668 [preauth]
Jun 23 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3871]: Failed password for root from 103.5.210.47 port 51672 ssh2
Jun 23 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3871]: Connection closed by 103.5.210.47 port 51672 [preauth]
Jun 23 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Failed password for root from 176.65.139.218 port 39740 ssh2
Jun 23 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Connection closed by 176.65.139.218 port 39740 [preauth]
Jun 23 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Failed password for root from 103.5.210.47 port 51682 ssh2
Jun 23 19:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Connection closed by 103.5.210.47 port 51682 [preauth]
Jun 23 19:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: User vncuser from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: input_userauth_request: invalid user vncuser [preauth]
Jun 23 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=vncuser
Jun 23 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2547]: pam_unix(cron:session): session closed for user root
Jun 23 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: Failed password for invalid user vncuser from 176.65.139.218 port 45292 ssh2
Jun 23 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3930]: Failed password for root from 103.5.210.47 port 51684 ssh2
Jun 23 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3930]: Connection closed by 103.5.210.47 port 51684 [preauth]
Jun 23 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: Connection closed by 176.65.139.218 port 45292 [preauth]
Jun 23 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: Failed password for root from 103.5.210.47 port 51686 ssh2
Jun 23 19:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: Invalid user node from 176.65.139.218
Jun 23 19:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: input_userauth_request: invalid user node [preauth]
Jun 23 19:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: Connection closed by 103.5.210.47 port 51686 [preauth]
Jun 23 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Invalid user deploy from 104.208.108.166
Jun 23 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: Failed password for invalid user node from 176.65.139.218 port 37464 ssh2
Jun 23 19:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: Connection closed by 176.65.139.218 port 37464 [preauth]
Jun 23 19:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Failed password for invalid user deploy from 104.208.108.166 port 54934 ssh2
Jun 23 19:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Received disconnect from 104.208.108.166 port 54934:11: Bye Bye [preauth]
Jun 23 19:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Disconnected from 104.208.108.166 port 54934 [preauth]
Jun 23 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Failed password for root from 103.5.210.47 port 51690 ssh2
Jun 23 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Connection closed by 103.5.210.47 port 51690 [preauth]
Jun 23 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: Invalid user ethan from 59.12.160.91
Jun 23 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: input_userauth_request: invalid user ethan [preauth]
Jun 23 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: Invalid user user from 176.65.139.218
Jun 23 19:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: input_userauth_request: invalid user user [preauth]
Jun 23 19:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: Failed password for invalid user ethan from 59.12.160.91 port 54240 ssh2
Jun 23 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: Received disconnect from 59.12.160.91 port 54240:11: Bye Bye [preauth]
Jun 23 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: Disconnected from 59.12.160.91 port 54240 [preauth]
Jun 23 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: Failed password for root from 103.5.210.47 port 51692 ssh2
Jun 23 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: Connection closed by 103.5.210.47 port 51692 [preauth]
Jun 23 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: Failed password for invalid user user from 176.65.139.218 port 37536 ssh2
Jun 23 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4032]: Connection closed by 176.65.139.218 port 37536 [preauth]
Jun 23 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Failed password for root from 103.5.210.47 port 51696 ssh2
Jun 23 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Connection closed by 103.5.210.47 port 51696 [preauth]
Jun 23 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: User ftp from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: input_userauth_request: invalid user ftp [preauth]
Jun 23 19:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=ftp
Jun 23 19:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: Failed password for invalid user ftp from 176.65.139.218 port 41232 ssh2
Jun 23 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Failed password for root from 103.5.210.47 port 51700 ssh2
Jun 23 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Connection closed by 103.5.210.47 port 51700 [preauth]
Jun 23 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: Connection closed by 176.65.139.218 port 41232 [preauth]
Jun 23 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Failed password for root from 103.5.210.47 port 51710 ssh2
Jun 23 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Invalid user myuser from 176.65.139.218
Jun 23 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: input_userauth_request: invalid user myuser [preauth]
Jun 23 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Connection closed by 103.5.210.47 port 51710 [preauth]
Jun 23 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Failed password for invalid user myuser from 176.65.139.218 port 41296 ssh2
Jun 23 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Connection closed by 176.65.139.218 port 41296 [preauth]
Jun 23 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Failed password for root from 103.5.210.47 port 51716 ssh2
Jun 23 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Connection closed by 103.5.210.47 port 51716 [preauth]
Jun 23 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Failed password for root from 103.5.210.47 port 51720 ssh2
Jun 23 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4102]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Connection closed by 103.5.210.47 port 51720 [preauth]
Jun 23 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4165]: Successful su for rubyman by root
Jun 23 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4165]: + ??? root:rubyman
Jun 23 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579220 of user rubyman.
Jun 23 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4165]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579220.
Jun 23 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Failed password for root from 176.65.139.218 port 49376 ssh2
Jun 23 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session closed for user root
Jun 23 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Connection closed by 176.65.139.218 port 49376 [preauth]
Jun 23 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: Failed password for root from 103.5.210.47 port 51722 ssh2
Jun 23 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: Connection closed by 103.5.210.47 port 51722 [preauth]
Jun 23 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4103]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: Invalid user frappe from 176.65.139.218
Jun 23 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: input_userauth_request: invalid user frappe [preauth]
Jun 23 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4350]: Failed password for root from 103.5.210.47 port 51724 ssh2
Jun 23 19:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4350]: Connection closed by 103.5.210.47 port 51724 [preauth]
Jun 23 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: Failed password for invalid user frappe from 176.65.139.218 port 35046 ssh2
Jun 23 19:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: Connection closed by 176.65.139.218 port 35046 [preauth]
Jun 23 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Failed password for root from 103.5.210.47 port 51728 ssh2
Jun 23 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Connection closed by 103.5.210.47 port 51728 [preauth]
Jun 23 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4379]: Failed password for root from 103.5.210.47 port 51732 ssh2
Jun 23 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4379]: Connection closed by 103.5.210.47 port 51732 [preauth]
Jun 23 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4393]: Failed password for root from 176.65.139.218 port 35144 ssh2
Jun 23 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4393]: Connection closed by 176.65.139.218 port 35144 [preauth]
Jun 23 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Invalid user elasticsearch from 91.92.40.11
Jun 23 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: Invalid user ubnt from 141.98.83.240
Jun 23 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: input_userauth_request: invalid user ubnt [preauth]
Jun 23 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: Failed password for root from 103.5.210.47 port 51738 ssh2
Jun 23 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: Connection closed by 103.5.210.47 port 51738 [preauth]
Jun 23 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Failed password for root from 103.27.238.114 port 54360 ssh2
Jun 23 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Connection closed by 103.27.238.114 port 54360 [preauth]
Jun 23 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: Invalid user ftpuser from 176.65.139.218
Jun 23 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: Failed password for invalid user ubnt from 141.98.83.240 port 35714 ssh2
Jun 23 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Failed password for invalid user elasticsearch from 91.92.40.11 port 47360 ssh2
Jun 23 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Connection closed by 91.92.40.11 port 47360 [preauth]
Jun 23 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: Failed password for invalid user ftpuser from 176.65.139.218 port 52670 ssh2
Jun 23 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: Connection closed by 176.65.139.218 port 52670 [preauth]
Jun 23 19:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: Failed password for invalid user ubnt from 141.98.83.240 port 35714 ssh2
Jun 23 19:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: Failed password for root from 103.5.210.47 port 51746 ssh2
Jun 23 19:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: Connection closed by 103.5.210.47 port 51746 [preauth]
Jun 23 19:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Invalid user andres from 65.21.150.20
Jun 23 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: input_userauth_request: invalid user andres [preauth]
Jun 23 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: Failed password for invalid user ubnt from 141.98.83.240 port 35714 ssh2
Jun 23 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: Connection closed by 141.98.83.240 port 35714 [preauth]
Jun 23 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4410]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 19:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Failed password for invalid user andres from 65.21.150.20 port 57398 ssh2
Jun 23 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: Invalid user user2 from 176.65.139.218
Jun 23 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: input_userauth_request: invalid user user2 [preauth]
Jun 23 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Received disconnect from 65.21.150.20 port 57398:11: Bye Bye [preauth]
Jun 23 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Disconnected from 65.21.150.20 port 57398 [preauth]
Jun 23 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: Failed password for root from 103.5.210.47 port 51748 ssh2
Jun 23 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: Connection closed by 103.5.210.47 port 51748 [preauth]
Jun 23 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: Failed password for invalid user user2 from 176.65.139.218 port 52724 ssh2
Jun 23 19:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: Connection closed by 176.65.139.218 port 52724 [preauth]
Jun 23 19:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: Failed password for root from 103.5.210.47 port 51754 ssh2
Jun 23 19:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4451]: Connection closed by 103.5.210.47 port 51754 [preauth]
Jun 23 19:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3017]: pam_unix(cron:session): session closed for user root
Jun 23 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: Failed password for root from 103.5.210.47 port 51758 ssh2
Jun 23 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: Connection closed by 103.5.210.47 port 51758 [preauth]
Jun 23 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: Failed password for root from 176.65.139.218 port 59288 ssh2
Jun 23 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: Connection closed by 176.65.139.218 port 59288 [preauth]
Jun 23 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: Failed password for root from 103.5.210.47 port 51762 ssh2
Jun 23 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: Connection closed by 103.5.210.47 port 51762 [preauth]
Jun 23 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Invalid user deploy from 176.65.139.218
Jun 23 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: Failed password for root from 103.5.210.47 port 51768 ssh2
Jun 23 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: Connection closed by 103.5.210.47 port 51768 [preauth]
Jun 23 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Failed password for invalid user deploy from 176.65.139.218 port 55798 ssh2
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Connection closed by 176.65.139.218 port 55798 [preauth]
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: Invalid user ftpuser from 59.12.160.91
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Invalid user scan from 95.58.255.251
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: input_userauth_request: invalid user scan [preauth]
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: Failed password for root from 103.5.210.47 port 51772 ssh2
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: Connection closed by 103.5.210.47 port 51772 [preauth]
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: Failed password for invalid user ftpuser from 59.12.160.91 port 45134 ssh2
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Failed password for invalid user scan from 95.58.255.251 port 47422 ssh2
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: Received disconnect from 59.12.160.91 port 45134:11: Bye Bye [preauth]
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4512]: Disconnected from 59.12.160.91 port 45134 [preauth]
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Invalid user coder from 104.243.42.167
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: input_userauth_request: invalid user coder [preauth]
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Received disconnect from 95.58.255.251 port 47422:11: Bye Bye [preauth]
Jun 23 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Disconnected from 95.58.255.251 port 47422 [preauth]
Jun 23 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Invalid user appuser from 176.65.139.218
Jun 23 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: input_userauth_request: invalid user appuser [preauth]
Jun 23 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Failed password for invalid user coder from 104.243.42.167 port 56658 ssh2
Jun 23 19:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Received disconnect from 104.243.42.167 port 56658:11: Bye Bye [preauth]
Jun 23 19:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Disconnected from 104.243.42.167 port 56658 [preauth]
Jun 23 19:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Failed password for root from 103.5.210.47 port 51778 ssh2
Jun 23 19:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Connection closed by 103.5.210.47 port 51778 [preauth]
Jun 23 19:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Failed password for invalid user appuser from 176.65.139.218 port 55860 ssh2
Jun 23 19:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Connection closed by 176.65.139.218 port 55860 [preauth]
Jun 23 19:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Failed password for root from 103.5.210.47 port 51788 ssh2
Jun 23 19:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Connection closed by 103.5.210.47 port 51788 [preauth]
Jun 23 19:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Failed password for root from 103.5.210.47 port 51790 ssh2
Jun 23 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Connection closed by 103.5.210.47 port 51790 [preauth]
Jun 23 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4553]: Failed password for root from 176.65.139.218 port 47766 ssh2
Jun 23 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4553]: Connection closed by 176.65.139.218 port 47766 [preauth]
Jun 23 19:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: Failed password for root from 103.5.210.47 port 51794 ssh2
Jun 23 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: Connection closed by 103.5.210.47 port 51794 [preauth]
Jun 23 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4577]: Invalid user minecraft from 176.65.139.218
Jun 23 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4577]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4577]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: Failed password for root from 103.5.210.47 port 51798 ssh2
Jun 23 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: Connection closed by 103.5.210.47 port 51798 [preauth]
Jun 23 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4577]: Failed password for invalid user minecraft from 176.65.139.218 port 34370 ssh2
Jun 23 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4577]: Connection closed by 176.65.139.218 port 34370 [preauth]
Jun 23 19:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: Successful su for rubyman by root
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: + ??? root:rubyman
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579226 of user rubyman.
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579226.
Jun 23 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Failed password for root from 103.5.210.47 port 51800 ssh2
Jun 23 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Connection closed by 103.5.210.47 port 51800 [preauth]
Jun 23 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session closed for user root
Jun 23 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: Invalid user rocky from 176.65.139.218
Jun 23 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: input_userauth_request: invalid user rocky [preauth]
Jun 23 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4585]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4834]: Failed password for root from 103.5.210.47 port 51802 ssh2
Jun 23 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: Failed password for invalid user rocky from 176.65.139.218 port 34440 ssh2
Jun 23 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4834]: Connection closed by 103.5.210.47 port 51802 [preauth]
Jun 23 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4875]: Connection closed by 176.65.139.218 port 34440 [preauth]
Jun 23 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: Failed password for root from 103.5.210.47 port 51806 ssh2
Jun 23 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: Connection closed by 103.5.210.47 port 51806 [preauth]
Jun 23 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: Invalid user bitrix from 176.65.139.218
Jun 23 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: input_userauth_request: invalid user bitrix [preauth]
Jun 23 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: Failed password for invalid user bitrix from 176.65.139.218 port 44420 ssh2
Jun 23 19:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: Connection closed by 176.65.139.218 port 44420 [preauth]
Jun 23 19:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Failed password for root from 103.5.210.47 port 51808 ssh2
Jun 23 19:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Connection closed by 103.5.210.47 port 51808 [preauth]
Jun 23 19:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Failed password for root from 103.5.210.47 port 51814 ssh2
Jun 23 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Connection closed by 103.5.210.47 port 51814 [preauth]
Jun 23 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Invalid user aziz from 115.178.75.243
Jun 23 19:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: input_userauth_request: invalid user aziz [preauth]
Jun 23 19:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Failed password for root from 176.65.139.218 port 44454 ssh2
Jun 23 19:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Connection closed by 176.65.139.218 port 44454 [preauth]
Jun 23 19:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4993]: Failed password for root from 103.5.210.47 port 51816 ssh2
Jun 23 19:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4993]: Connection closed by 103.5.210.47 port 51816 [preauth]
Jun 23 19:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Failed password for invalid user aziz from 115.178.75.243 port 56410 ssh2
Jun 23 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Received disconnect from 115.178.75.243 port 56410:11: Bye Bye [preauth]
Jun 23 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Disconnected from 115.178.75.243 port 56410 [preauth]
Jun 23 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: Invalid user username from 176.65.139.218
Jun 23 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: input_userauth_request: invalid user username [preauth]
Jun 23 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Failed password for root from 103.5.210.47 port 51820 ssh2
Jun 23 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Connection closed by 103.5.210.47 port 51820 [preauth]
Jun 23 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: Failed password for invalid user username from 176.65.139.218 port 44780 ssh2
Jun 23 19:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: Connection closed by 176.65.139.218 port 44780 [preauth]
Jun 23 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5009]: Failed password for root from 103.5.210.47 port 51824 ssh2
Jun 23 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5009]: Connection closed by 103.5.210.47 port 51824 [preauth]
Jun 23 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Failed password for root from 103.5.210.47 port 51828 ssh2
Jun 23 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Connection closed by 103.5.210.47 port 51828 [preauth]
Jun 23 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: Invalid user private from 176.65.139.218
Jun 23 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: input_userauth_request: invalid user private [preauth]
Jun 23 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: Failed password for invalid user private from 176.65.139.218 port 39902 ssh2
Jun 23 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: Connection closed by 176.65.139.218 port 39902 [preauth]
Jun 23 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: Failed password for root from 103.5.210.47 port 51832 ssh2
Jun 23 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: Connection closed by 103.5.210.47 port 51832 [preauth]
Jun 23 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session closed for user root
Jun 23 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: User nobody from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: input_userauth_request: invalid user nobody [preauth]
Jun 23 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5045]: Failed password for root from 103.5.210.47 port 51836 ssh2
Jun 23 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: Invalid user guilherme from 104.208.108.166
Jun 23 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: input_userauth_request: invalid user guilherme [preauth]
Jun 23 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5045]: Connection closed by 103.5.210.47 port 51836 [preauth]
Jun 23 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=nobody
Jun 23 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: Failed password for invalid user guilherme from 104.208.108.166 port 43048 ssh2
Jun 23 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: Received disconnect from 104.208.108.166 port 43048:11: Bye Bye [preauth]
Jun 23 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: Disconnected from 104.208.108.166 port 43048 [preauth]
Jun 23 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: Failed password for invalid user nobody from 176.65.139.218 port 39920 ssh2
Jun 23 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: Connection closed by 176.65.139.218 port 39920 [preauth]
Jun 23 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5079]: Failed password for root from 103.5.210.47 port 51840 ssh2
Jun 23 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5079]: Connection closed by 103.5.210.47 port 51840 [preauth]
Jun 23 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: Invalid user mega from 59.12.160.91
Jun 23 19:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: input_userauth_request: invalid user mega [preauth]
Jun 23 19:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: Invalid user ghost from 176.65.139.218
Jun 23 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: input_userauth_request: invalid user ghost [preauth]
Jun 23 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: Failed password for root from 103.5.210.47 port 51846 ssh2
Jun 23 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: Connection closed by 103.5.210.47 port 51846 [preauth]
Jun 23 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: Failed password for invalid user mega from 59.12.160.91 port 36170 ssh2
Jun 23 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: Received disconnect from 59.12.160.91 port 36170:11: Bye Bye [preauth]
Jun 23 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: Disconnected from 59.12.160.91 port 36170 [preauth]
Jun 23 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Invalid user elasticsearch from 91.92.40.11
Jun 23 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: Failed password for invalid user ghost from 176.65.139.218 port 50580 ssh2
Jun 23 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: Connection closed by 176.65.139.218 port 50580 [preauth]
Jun 23 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Failed password for invalid user elasticsearch from 91.92.40.11 port 42940 ssh2
Jun 23 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Failed password for root from 103.5.210.47 port 51852 ssh2
Jun 23 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Connection closed by 91.92.40.11 port 42940 [preauth]
Jun 23 19:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Connection closed by 103.5.210.47 port 51852 [preauth]
Jun 23 19:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: Failed password for root from 103.5.210.47 port 51856 ssh2
Jun 23 19:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: Connection closed by 103.5.210.47 port 51856 [preauth]
Jun 23 19:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: Failed password for root from 176.65.139.218 port 51052 ssh2
Jun 23 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: Connection closed by 176.65.139.218 port 51052 [preauth]
Jun 23 19:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 19:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5125]: Failed password for root from 103.5.210.47 port 51862 ssh2
Jun 23 19:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5125]: Connection closed by 103.5.210.47 port 51862 [preauth]
Jun 23 19:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Failed password for root from 38.93.206.2 port 51834 ssh2
Jun 23 19:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Connection closed by 38.93.206.2 port 51834 [preauth]
Jun 23 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5139]: Invalid user ts3 from 176.65.139.218
Jun 23 19:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5139]: input_userauth_request: invalid user ts3 [preauth]
Jun 23 19:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5139]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: Failed password for root from 103.5.210.47 port 51866 ssh2
Jun 23 19:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: Connection closed by 103.5.210.47 port 51866 [preauth]
Jun 23 19:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5139]: Failed password for invalid user ts3 from 176.65.139.218 port 51110 ssh2
Jun 23 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5139]: Connection closed by 176.65.139.218 port 51110 [preauth]
Jun 23 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: Failed password for root from 103.5.210.47 port 51872 ssh2
Jun 23 19:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: Connection closed by 103.5.210.47 port 51872 [preauth]
Jun 23 19:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Invalid user gd from 176.65.139.218
Jun 23 19:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: input_userauth_request: invalid user gd [preauth]
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: Failed password for root from 103.5.210.47 port 51874 ssh2
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: Connection closed by 103.5.210.47 port 51874 [preauth]
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5178]: pam_unix(cron:session): session closed for user root
Jun 23 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5173]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5242]: Successful su for rubyman by root
Jun 23 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5242]: + ??? root:rubyman
Jun 23 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579229 of user rubyman.
Jun 23 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5242]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579229.
Jun 23 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Failed password for invalid user gd from 176.65.139.218 port 50180 ssh2
Jun 23 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Connection closed by 176.65.139.218 port 50180 [preauth]
Jun 23 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5170]: Failed password for root from 103.5.210.47 port 51882 ssh2
Jun 23 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5170]: Connection closed by 103.5.210.47 port 51882 [preauth]
Jun 23 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1965]: pam_unix(cron:session): session closed for user root
Jun 23 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5175]: pam_unix(cron:session): session closed for user root
Jun 23 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: Failed password for root from 103.5.210.47 port 51884 ssh2
Jun 23 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: Connection closed by 103.5.210.47 port 51884 [preauth]
Jun 23 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Failed password for root from 176.65.139.218 port 59408 ssh2
Jun 23 19:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Connection closed by 176.65.139.218 port 59408 [preauth]
Jun 23 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Failed password for root from 103.5.210.47 port 51888 ssh2
Jun 23 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Connection closed by 103.5.210.47 port 51888 [preauth]
Jun 23 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5482]: Invalid user stack from 176.65.139.218
Jun 23 19:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5482]: input_userauth_request: invalid user stack [preauth]
Jun 23 19:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: Failed password for root from 103.5.210.47 port 51890 ssh2
Jun 23 19:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5482]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: Connection closed by 103.5.210.47 port 51890 [preauth]
Jun 23 19:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5482]: Failed password for invalid user stack from 176.65.139.218 port 59480 ssh2
Jun 23 19:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5482]: Connection closed by 176.65.139.218 port 59480 [preauth]
Jun 23 19:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: Failed password for root from 103.5.210.47 port 51898 ssh2
Jun 23 19:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: Connection closed by 103.5.210.47 port 51898 [preauth]
Jun 23 19:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5499]: Invalid user test from 95.58.255.251
Jun 23 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5499]: input_userauth_request: invalid user test [preauth]
Jun 23 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5499]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: Invalid user toto from 176.65.139.218
Jun 23 19:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: input_userauth_request: invalid user toto [preauth]
Jun 23 19:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5508]: Failed password for root from 103.5.210.47 port 51904 ssh2
Jun 23 19:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5508]: Connection closed by 103.5.210.47 port 51904 [preauth]
Jun 23 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5499]: Failed password for invalid user test from 95.58.255.251 port 42990 ssh2
Jun 23 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5499]: Received disconnect from 95.58.255.251 port 42990:11: Bye Bye [preauth]
Jun 23 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5499]: Disconnected from 95.58.255.251 port 42990 [preauth]
Jun 23 19:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: Failed password for invalid user toto from 176.65.139.218 port 42106 ssh2
Jun 23 19:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5512]: Connection closed by 176.65.139.218 port 42106 [preauth]
Jun 23 19:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Failed password for root from 103.5.210.47 port 51906 ssh2
Jun 23 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Connection closed by 103.5.210.47 port 51906 [preauth]
Jun 23 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: Invalid user deployer from 176.65.139.218
Jun 23 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: input_userauth_request: invalid user deployer [preauth]
Jun 23 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: Failed password for root from 103.5.210.47 port 51912 ssh2
Jun 23 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: Connection closed by 103.5.210.47 port 51912 [preauth]
Jun 23 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: Failed password for invalid user deployer from 176.65.139.218 port 42194 ssh2
Jun 23 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: Connection closed by 176.65.139.218 port 42194 [preauth]
Jun 23 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Invalid user frontend from 65.21.150.20
Jun 23 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: input_userauth_request: invalid user frontend [preauth]
Jun 23 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: Failed password for root from 103.5.210.47 port 51920 ssh2
Jun 23 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: Connection closed by 103.5.210.47 port 51920 [preauth]
Jun 23 19:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Failed password for invalid user frontend from 65.21.150.20 port 48352 ssh2
Jun 23 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Received disconnect from 65.21.150.20 port 48352:11: Bye Bye [preauth]
Jun 23 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Disconnected from 65.21.150.20 port 48352 [preauth]
Jun 23 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Invalid user martin from 176.65.139.218
Jun 23 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: input_userauth_request: invalid user martin [preauth]
Jun 23 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Failed password for root from 103.5.210.47 port 51928 ssh2
Jun 23 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Connection closed by 103.5.210.47 port 51928 [preauth]
Jun 23 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4105]: pam_unix(cron:session): session closed for user root
Jun 23 19:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Failed password for invalid user martin from 176.65.139.218 port 55902 ssh2
Jun 23 19:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Connection closed by 176.65.139.218 port 55902 [preauth]
Jun 23 19:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: Failed password for root from 103.5.210.47 port 51936 ssh2
Jun 23 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: Connection closed by 103.5.210.47 port 51936 [preauth]
Jun 23 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Jun 23 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: Invalid user work from 176.65.139.218
Jun 23 19:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: input_userauth_request: invalid user work [preauth]
Jun 23 19:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Failed password for root from 103.5.210.47 port 51940 ssh2
Jun 23 19:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Connection closed by 103.5.210.47 port 51940 [preauth]
Jun 23 19:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: Failed password for root from 59.12.160.91 port 55400 ssh2
Jun 23 19:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: Received disconnect from 59.12.160.91 port 55400:11: Bye Bye [preauth]
Jun 23 19:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: Disconnected from 59.12.160.91 port 55400 [preauth]
Jun 23 19:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: Failed password for invalid user work from 176.65.139.218 port 37204 ssh2
Jun 23 19:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Invalid user master from 104.243.42.167
Jun 23 19:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: input_userauth_request: invalid user master [preauth]
Jun 23 19:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 19:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: Connection closed by 176.65.139.218 port 37204 [preauth]
Jun 23 19:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Failed password for invalid user master from 104.243.42.167 port 52028 ssh2
Jun 23 19:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Received disconnect from 104.243.42.167 port 52028:11: Bye Bye [preauth]
Jun 23 19:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Disconnected from 104.243.42.167 port 52028 [preauth]
Jun 23 19:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5604]: Failed password for root from 103.5.210.47 port 51944 ssh2
Jun 23 19:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5604]: Connection closed by 103.5.210.47 port 51944 [preauth]
Jun 23 19:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: Invalid user developer from 176.65.139.218
Jun 23 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5613]: Failed password for root from 103.5.210.47 port 51950 ssh2
Jun 23 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5613]: Connection closed by 103.5.210.47 port 51950 [preauth]
Jun 23 19:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: Failed password for invalid user developer from 176.65.139.218 port 37222 ssh2
Jun 23 19:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: Connection closed by 176.65.139.218 port 37222 [preauth]
Jun 23 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Failed password for root from 103.5.210.47 port 51956 ssh2
Jun 23 19:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Connection closed by 103.5.210.47 port 51956 [preauth]
Jun 23 19:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Invalid user appuser from 176.65.139.218
Jun 23 19:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: input_userauth_request: invalid user appuser [preauth]
Jun 23 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: Failed password for root from 103.5.210.47 port 51962 ssh2
Jun 23 19:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: Connection closed by 103.5.210.47 port 51962 [preauth]
Jun 23 19:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Failed password for invalid user appuser from 176.65.139.218 port 60466 ssh2
Jun 23 19:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Connection closed by 176.65.139.218 port 60466 [preauth]
Jun 23 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: Failed password for root from 103.5.210.47 port 51968 ssh2
Jun 23 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: Connection closed by 103.5.210.47 port 51968 [preauth]
Jun 23 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for root from 103.5.210.47 port 51978 ssh2
Jun 23 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Connection closed by 103.5.210.47 port 51978 [preauth]
Jun 23 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Failed password for root from 176.65.139.218 port 47140 ssh2
Jun 23 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Connection closed by 176.65.139.218 port 47140 [preauth]
Jun 23 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Failed password for root from 103.5.210.47 port 51984 ssh2
Jun 23 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Connection closed by 103.5.210.47 port 51984 [preauth]
Jun 23 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5673]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5741]: Successful su for rubyman by root
Jun 23 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5741]: + ??? root:rubyman
Jun 23 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579236 of user rubyman.
Jun 23 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5741]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579236.
Jun 23 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Invalid user bob from 176.65.139.218
Jun 23 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: input_userauth_request: invalid user bob [preauth]
Jun 23 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: Failed password for root from 103.5.210.47 port 51988 ssh2
Jun 23 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: Connection closed by 103.5.210.47 port 51988 [preauth]
Jun 23 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Failed password for invalid user bob from 176.65.139.218 port 47194 ssh2
Jun 23 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Connection closed by 176.65.139.218 port 47194 [preauth]
Jun 23 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2546]: pam_unix(cron:session): session closed for user root
Jun 23 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: Invalid user elasticsearch from 91.92.40.11
Jun 23 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5673]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Invalid user aysia from 2.57.121.112
Jun 23 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: input_userauth_request: invalid user aysia [preauth]
Jun 23 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: Failed password for root from 103.5.210.47 port 51996 ssh2
Jun 23 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: Connection closed by 103.5.210.47 port 51996 [preauth]
Jun 23 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: Failed password for invalid user elasticsearch from 91.92.40.11 port 35742 ssh2
Jun 23 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: Connection closed by 91.92.40.11 port 35742 [preauth]
Jun 23 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Failed password for invalid user aysia from 2.57.121.112 port 6040 ssh2
Jun 23 19:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5932]: Failed password for root from 103.5.210.47 port 52000 ssh2
Jun 23 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5932]: Connection closed by 103.5.210.47 port 52000 [preauth]
Jun 23 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: Failed password for root from 176.65.139.218 port 51604 ssh2
Jun 23 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: Connection closed by 176.65.139.218 port 51604 [preauth]
Jun 23 19:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Failed password for invalid user aysia from 2.57.121.112 port 6040 ssh2
Jun 23 19:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Failed password for invalid user aysia from 2.57.121.112 port 6040 ssh2
Jun 23 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5944]: Failed password for root from 103.5.210.47 port 52008 ssh2
Jun 23 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5944]: Connection closed by 103.5.210.47 port 52008 [preauth]
Jun 23 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Invalid user fivem from 176.65.139.218
Jun 23 19:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: input_userauth_request: invalid user fivem [preauth]
Jun 23 19:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Failed password for invalid user aysia from 2.57.121.112 port 6040 ssh2
Jun 23 19:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: Failed password for root from 103.5.210.47 port 52010 ssh2
Jun 23 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Failed password for invalid user fivem from 176.65.139.218 port 51650 ssh2
Jun 23 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5965]: Connection closed by 103.5.210.47 port 52010 [preauth]
Jun 23 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Connection closed by 176.65.139.218 port 51650 [preauth]
Jun 23 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Failed password for invalid user aysia from 2.57.121.112 port 6040 ssh2
Jun 23 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Connection closed by 2.57.121.112 port 6040 [preauth]
Jun 23 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: Failed password for root from 103.5.210.47 port 52014 ssh2
Jun 23 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: Connection closed by 103.5.210.47 port 52014 [preauth]
Jun 23 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: Invalid user app from 176.65.139.218
Jun 23 19:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: input_userauth_request: invalid user app [preauth]
Jun 23 19:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Failed password for root from 103.5.210.47 port 52018 ssh2
Jun 23 19:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: Failed password for invalid user app from 176.65.139.218 port 60922 ssh2
Jun 23 19:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: Connection closed by 176.65.139.218 port 60922 [preauth]
Jun 23 19:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Connection closed by 103.5.210.47 port 52018 [preauth]
Jun 23 19:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Failed password for root from 103.5.210.47 port 52024 ssh2
Jun 23 19:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Connection closed by 103.5.210.47 port 52024 [preauth]
Jun 23 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: Invalid user bernard from 176.65.139.218
Jun 23 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: input_userauth_request: invalid user bernard [preauth]
Jun 23 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: Invalid user core from 104.208.108.166
Jun 23 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: input_userauth_request: invalid user core [preauth]
Jun 23 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243  user=root
Jun 23 19:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: Failed password for invalid user bernard from 176.65.139.218 port 60014 ssh2
Jun 23 19:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: Connection closed by 176.65.139.218 port 60014 [preauth]
Jun 23 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: Failed password for invalid user core from 104.208.108.166 port 40304 ssh2
Jun 23 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Failed password for root from 103.5.210.47 port 52030 ssh2
Jun 23 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: Received disconnect from 104.208.108.166 port 40304:11: Bye Bye [preauth]
Jun 23 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: Disconnected from 104.208.108.166 port 40304 [preauth]
Jun 23 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Connection closed by 103.5.210.47 port 52030 [preauth]
Jun 23 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Failed password for root from 115.178.75.243 port 39442 ssh2
Jun 23 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Received disconnect from 115.178.75.243 port 39442:11: Bye Bye [preauth]
Jun 23 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Disconnected from 115.178.75.243 port 39442 [preauth]
Jun 23 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4587]: pam_unix(cron:session): session closed for user root
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: Invalid user guest from 176.65.139.218
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: input_userauth_request: invalid user guest [preauth]
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Failed password for root from 103.5.210.47 port 52038 ssh2
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Connection closed by 103.5.210.47 port 52038 [preauth]
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6048]: Invalid user ict from 59.12.160.91
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6048]: input_userauth_request: invalid user ict [preauth]
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6048]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: Failed password for invalid user guest from 176.65.139.218 port 60058 ssh2
Jun 23 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: Connection closed by 176.65.139.218 port 60058 [preauth]
Jun 23 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6048]: Failed password for invalid user ict from 59.12.160.91 port 46322 ssh2
Jun 23 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6048]: Received disconnect from 59.12.160.91 port 46322:11: Bye Bye [preauth]
Jun 23 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6048]: Disconnected from 59.12.160.91 port 46322 [preauth]
Jun 23 19:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6050]: Failed password for root from 103.5.210.47 port 52046 ssh2
Jun 23 19:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6050]: Connection closed by 103.5.210.47 port 52046 [preauth]
Jun 23 19:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: Failed password for root from 103.5.210.47 port 52056 ssh2
Jun 23 19:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: Connection closed by 103.5.210.47 port 52056 [preauth]
Jun 23 19:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: Failed password for invalid user ubuntu from 176.65.139.218 port 37170 ssh2
Jun 23 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: Connection closed by 176.65.139.218 port 37170 [preauth]
Jun 23 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: Invalid user newuser from 176.65.139.218
Jun 23 19:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: input_userauth_request: invalid user newuser [preauth]
Jun 23 19:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: Failed password for root from 103.5.210.47 port 52064 ssh2
Jun 23 19:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: Connection closed by 103.5.210.47 port 52064 [preauth]
Jun 23 19:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: Failed password for invalid user newuser from 176.65.139.218 port 37200 ssh2
Jun 23 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: Connection closed by 176.65.139.218 port 37200 [preauth]
Jun 23 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: Failed password for root from 103.5.210.47 port 52070 ssh2
Jun 23 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: Connection closed by 103.5.210.47 port 52070 [preauth]
Jun 23 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: Invalid user test from 176.65.139.218
Jun 23 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: input_userauth_request: invalid user test [preauth]
Jun 23 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=root
Jun 23 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: Failed password for invalid user test from 176.65.139.218 port 43484 ssh2
Jun 23 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: Connection closed by 176.65.139.218 port 43484 [preauth]
Jun 23 19:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6102]: Failed password for root from 103.5.210.47 port 52074 ssh2
Jun 23 19:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6102]: Connection closed by 103.5.210.47 port 52074 [preauth]
Jun 23 19:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: Invalid user tom from 176.65.139.218
Jun 23 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: input_userauth_request: invalid user tom [preauth]
Jun 23 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Invalid user andre from 95.58.255.251
Jun 23 19:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: input_userauth_request: invalid user andre [preauth]
Jun 23 19:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: Failed password for invalid user tom from 176.65.139.218 port 43508 ssh2
Jun 23 19:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: Connection closed by 176.65.139.218 port 43508 [preauth]
Jun 23 19:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Failed password for invalid user andre from 95.58.255.251 port 35490 ssh2
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Received disconnect from 95.58.255.251 port 35490:11: Bye Bye [preauth]
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Disconnected from 95.58.255.251 port 35490 [preauth]
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: Invalid user user from 103.5.210.47
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: input_userauth_request: invalid user user [preauth]
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6118]: Invalid user portal from 176.65.139.218
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6118]: input_userauth_request: invalid user portal [preauth]
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6118]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: Failed password for invalid user user from 103.5.210.47 port 52094 ssh2
Jun 23 19:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6118]: Failed password for invalid user portal from 176.65.139.218 port 60080 ssh2
Jun 23 19:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6118]: Connection closed by 176.65.139.218 port 60080 [preauth]
Jun 23 19:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: Connection closed by 103.5.210.47 port 52094 [preauth]
Jun 23 19:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Invalid user user from 103.5.210.47
Jun 23 19:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6131]: Invalid user sftpuser from 176.65.139.218
Jun 23 19:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6131]: input_userauth_request: invalid user sftpuser [preauth]
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6131]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: Successful su for rubyman by root
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: + ??? root:rubyman
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579238 of user rubyman.
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579238.
Jun 23 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Failed password for invalid user user from 103.5.210.47 port 52102 ssh2
Jun 23 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Connection closed by 103.5.210.47 port 52102 [preauth]
Jun 23 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6131]: Failed password for invalid user sftpuser from 176.65.139.218 port 60100 ssh2
Jun 23 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Invalid user user from 103.5.210.47
Jun 23 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6131]: Connection closed by 176.65.139.218 port 60100 [preauth]
Jun 23 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session closed for user root
Jun 23 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Failed password for invalid user user from 103.5.210.47 port 52114 ssh2
Jun 23 19:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Connection closed by 103.5.210.47 port 52114 [preauth]
Jun 23 19:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Invalid user user from 103.5.210.47
Jun 23 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Failed password for root from 176.65.139.218 port 60150 ssh2
Jun 23 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Connection closed by 176.65.139.218 port 60150 [preauth]
Jun 23 19:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Failed password for invalid user user from 103.5.210.47 port 52122 ssh2
Jun 23 19:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Connection closed by 103.5.210.47 port 52122 [preauth]
Jun 23 19:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: Invalid user demo from 176.65.139.218
Jun 23 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: input_userauth_request: invalid user demo [preauth]
Jun 23 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: Invalid user user from 103.5.210.47
Jun 23 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: Failed password for invalid user demo from 176.65.139.218 port 42762 ssh2
Jun 23 19:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: Connection closed by 176.65.139.218 port 42762 [preauth]
Jun 23 19:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: Failed password for invalid user user from 103.5.210.47 port 52124 ssh2
Jun 23 19:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6400]: Connection closed by 103.5.210.47 port 52124 [preauth]
Jun 23 19:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Invalid user user from 103.5.210.47
Jun 23 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Invalid user openvpn from 176.65.139.218
Jun 23 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: input_userauth_request: invalid user openvpn [preauth]
Jun 23 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Failed password for invalid user user from 103.5.210.47 port 52136 ssh2
Jun 23 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Connection closed by 103.5.210.47 port 52136 [preauth]
Jun 23 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Failed password for invalid user openvpn from 176.65.139.218 port 42776 ssh2
Jun 23 19:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Connection closed by 176.65.139.218 port 42776 [preauth]
Jun 23 19:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Invalid user user from 103.5.210.47
Jun 23 19:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Failed password for invalid user user from 103.5.210.47 port 52142 ssh2
Jun 23 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: Invalid user deployer from 176.65.139.218
Jun 23 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: input_userauth_request: invalid user deployer [preauth]
Jun 23 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Connection closed by 103.5.210.47 port 52142 [preauth]
Jun 23 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Invalid user user from 103.5.210.47
Jun 23 19:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: Failed password for invalid user deployer from 176.65.139.218 port 55326 ssh2
Jun 23 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: Connection closed by 176.65.139.218 port 55326 [preauth]
Jun 23 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Failed password for invalid user user from 103.5.210.47 port 52148 ssh2
Jun 23 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Connection closed by 103.5.210.47 port 52148 [preauth]
Jun 23 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Invalid user user from 103.5.210.47
Jun 23 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Failed password for invalid user user from 103.5.210.47 port 52158 ssh2
Jun 23 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Connection closed by 103.5.210.47 port 52158 [preauth]
Jun 23 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Failed password for root from 176.65.139.218 port 55382 ssh2
Jun 23 19:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Connection closed by 176.65.139.218 port 55382 [preauth]
Jun 23 19:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Invalid user user from 103.5.210.47
Jun 23 19:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: Invalid user claude from 176.65.139.218
Jun 23 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: input_userauth_request: invalid user claude [preauth]
Jun 23 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Failed password for invalid user user from 103.5.210.47 port 52166 ssh2
Jun 23 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Invalid user es from 91.92.40.11
Jun 23 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: input_userauth_request: invalid user es [preauth]
Jun 23 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Connection closed by 103.5.210.47 port 52166 [preauth]
Jun 23 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Invalid user user from 103.5.210.47
Jun 23 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: Failed password for invalid user claude from 176.65.139.218 port 58654 ssh2
Jun 23 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: Connection closed by 176.65.139.218 port 58654 [preauth]
Jun 23 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Failed password for invalid user es from 91.92.40.11 port 53778 ssh2
Jun 23 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Connection closed by 91.92.40.11 port 53778 [preauth]
Jun 23 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Invalid user admin from 59.12.160.91
Jun 23 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Failed password for invalid user user from 103.5.210.47 port 52170 ssh2
Jun 23 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Connection closed by 103.5.210.47 port 52170 [preauth]
Jun 23 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: Invalid user user from 103.5.210.47
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5177]: pam_unix(cron:session): session closed for user root
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6512]: Invalid user testuser from 104.243.42.167
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6512]: input_userauth_request: invalid user testuser [preauth]
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6512]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: Invalid user ubuntu from 65.21.150.20
Jun 23 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Failed password for invalid user admin from 59.12.160.91 port 37236 ssh2
Jun 23 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Received disconnect from 59.12.160.91 port 37236:11: Bye Bye [preauth]
Jun 23 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Disconnected from 59.12.160.91 port 37236 [preauth]
Jun 23 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Invalid user deploy from 176.65.139.218
Jun 23 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: Failed password for invalid user ubuntu from 65.21.150.20 port 41738 ssh2
Jun 23 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: Failed password for invalid user user from 103.5.210.47 port 52174 ssh2
Jun 23 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6512]: Failed password for invalid user testuser from 104.243.42.167 port 49894 ssh2
Jun 23 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: Received disconnect from 65.21.150.20 port 41738:11: Bye Bye [preauth]
Jun 23 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: Disconnected from 65.21.150.20 port 41738 [preauth]
Jun 23 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6512]: Received disconnect from 104.243.42.167 port 49894:11: Bye Bye [preauth]
Jun 23 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6512]: Disconnected from 104.243.42.167 port 49894 [preauth]
Jun 23 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: Connection closed by 103.5.210.47 port 52174 [preauth]
Jun 23 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Failed password for invalid user deploy from 176.65.139.218 port 58696 ssh2
Jun 23 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: Invalid user user from 103.5.210.47
Jun 23 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Connection closed by 176.65.139.218 port 58696 [preauth]
Jun 23 19:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 23 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: Failed password for invalid user user from 103.5.210.47 port 52178 ssh2
Jun 23 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: Connection closed by 103.5.210.47 port 52178 [preauth]
Jun 23 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: Invalid user user from 103.5.210.47
Jun 23 19:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: Failed password for root from 45.148.10.121 port 51742 ssh2
Jun 23 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: Connection closed by 45.148.10.121 port 51742 [preauth]
Jun 23 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: Failed password for invalid user user from 103.5.210.47 port 52186 ssh2
Jun 23 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6537]: Connection closed by 103.5.210.47 port 52186 [preauth]
Jun 23 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: Failed password for root from 176.65.139.218 port 51086 ssh2
Jun 23 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: Connection closed by 176.65.139.218 port 51086 [preauth]
Jun 23 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: Invalid user user from 103.5.210.47
Jun 23 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: Failed password for invalid user user from 103.5.210.47 port 52192 ssh2
Jun 23 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: Connection closed by 103.5.210.47 port 52192 [preauth]
Jun 23 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: Invalid user labuser from 176.65.139.218
Jun 23 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: input_userauth_request: invalid user labuser [preauth]
Jun 23 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Invalid user user from 103.5.210.47
Jun 23 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: Failed password for invalid user labuser from 176.65.139.218 port 40662 ssh2
Jun 23 19:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: Connection closed by 176.65.139.218 port 40662 [preauth]
Jun 23 19:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Failed password for invalid user user from 103.5.210.47 port 52196 ssh2
Jun 23 19:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Connection closed by 103.5.210.47 port 52196 [preauth]
Jun 23 19:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Invalid user user from 103.5.210.47
Jun 23 19:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: Invalid user erpnext from 176.65.139.218
Jun 23 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: input_userauth_request: invalid user erpnext [preauth]
Jun 23 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Failed password for invalid user user from 103.5.210.47 port 52198 ssh2
Jun 23 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Connection closed by 103.5.210.47 port 52198 [preauth]
Jun 23 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Invalid user user from 103.5.210.47
Jun 23 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: input_userauth_request: invalid user user [preauth]
Jun 23 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: Failed password for invalid user erpnext from 176.65.139.218 port 40716 ssh2
Jun 23 19:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: Connection closed by 176.65.139.218 port 40716 [preauth]
Jun 23 19:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Failed password for invalid user user from 103.5.210.47 port 52206 ssh2
Jun 23 19:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Connection closed by 103.5.210.47 port 52206 [preauth]
Jun 23 19:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: Invalid user user from 103.5.210.47
Jun 23 19:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: Invalid user amine from 176.65.139.218
Jun 23 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: input_userauth_request: invalid user amine [preauth]
Jun 23 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6670]: Successful su for rubyman by root
Jun 23 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6670]: + ??? root:rubyman
Jun 23 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579242 of user rubyman.
Jun 23 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6670]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579242.
Jun 23 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: Failed password for invalid user user from 103.5.210.47 port 52214 ssh2
Jun 23 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: Connection closed by 103.5.210.47 port 52214 [preauth]
Jun 23 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session closed for user root
Jun 23 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Invalid user user from 103.5.210.47
Jun 23 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: Failed password for invalid user amine from 176.65.139.218 port 50598 ssh2
Jun 23 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: Connection closed by 176.65.139.218 port 50598 [preauth]
Jun 23 19:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6608]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Failed password for invalid user user from 103.5.210.47 port 52218 ssh2
Jun 23 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Connection closed by 103.5.210.47 port 52218 [preauth]
Jun 23 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: Invalid user user from 103.5.210.47
Jun 23 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6872]: Invalid user oracle from 176.65.139.218
Jun 23 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6872]: input_userauth_request: invalid user oracle [preauth]
Jun 23 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6872]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: Failed password for invalid user user from 103.5.210.47 port 52224 ssh2
Jun 23 19:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: Connection closed by 103.5.210.47 port 52224 [preauth]
Jun 23 19:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Invalid user user from 103.5.210.47
Jun 23 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6872]: Failed password for invalid user oracle from 176.65.139.218 port 57226 ssh2
Jun 23 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6872]: Connection closed by 176.65.139.218 port 57226 [preauth]
Jun 23 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Failed password for invalid user user from 103.5.210.47 port 52230 ssh2
Jun 23 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Connection closed by 103.5.210.47 port 52230 [preauth]
Jun 23 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Invalid user user from 103.5.210.47
Jun 23 19:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: Invalid user user1 from 176.65.139.218
Jun 23 19:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: input_userauth_request: invalid user user1 [preauth]
Jun 23 19:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: Failed password for invalid user user1 from 176.65.139.218 port 57290 ssh2
Jun 23 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Failed password for invalid user user from 103.5.210.47 port 52232 ssh2
Jun 23 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: Connection closed by 176.65.139.218 port 57290 [preauth]
Jun 23 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Connection closed by 103.5.210.47 port 52232 [preauth]
Jun 23 19:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6912]: Invalid user user from 103.5.210.47
Jun 23 19:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6912]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6912]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6912]: Failed password for invalid user user from 103.5.210.47 port 52236 ssh2
Jun 23 19:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: Invalid user user from 176.65.139.218
Jun 23 19:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6912]: Connection closed by 103.5.210.47 port 52236 [preauth]
Jun 23 19:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Invalid user user from 103.5.210.47
Jun 23 19:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: Failed password for invalid user user from 176.65.139.218 port 47654 ssh2
Jun 23 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: Connection closed by 176.65.139.218 port 47654 [preauth]
Jun 23 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Failed password for invalid user user from 103.5.210.47 port 52240 ssh2
Jun 23 19:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Invalid user packer from 104.208.108.166
Jun 23 19:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: input_userauth_request: invalid user packer [preauth]
Jun 23 19:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Connection closed by 103.5.210.47 port 52240 [preauth]
Jun 23 19:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: Invalid user user from 103.5.210.47
Jun 23 19:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Failed password for invalid user packer from 104.208.108.166 port 41480 ssh2
Jun 23 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Invalid user bot from 176.65.139.218
Jun 23 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: input_userauth_request: invalid user bot [preauth]
Jun 23 19:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Received disconnect from 104.208.108.166 port 41480:11: Bye Bye [preauth]
Jun 23 19:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Disconnected from 104.208.108.166 port 41480 [preauth]
Jun 23 19:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: Failed password for invalid user user from 103.5.210.47 port 52246 ssh2
Jun 23 19:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: Connection closed by 103.5.210.47 port 52246 [preauth]
Jun 23 19:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6967]: Invalid user user from 103.5.210.47
Jun 23 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6967]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Failed password for invalid user bot from 176.65.139.218 port 53096 ssh2
Jun 23 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Connection closed by 176.65.139.218 port 53096 [preauth]
Jun 23 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6967]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Invalid user user from 59.12.160.91
Jun 23 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6967]: Failed password for invalid user user from 103.5.210.47 port 52250 ssh2
Jun 23 19:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6967]: Connection closed by 103.5.210.47 port 52250 [preauth]
Jun 23 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Invalid user alex from 176.65.139.218
Jun 23 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: input_userauth_request: invalid user alex [preauth]
Jun 23 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Failed password for invalid user user from 59.12.160.91 port 56288 ssh2
Jun 23 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Received disconnect from 59.12.160.91 port 56288:11: Bye Bye [preauth]
Jun 23 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Disconnected from 59.12.160.91 port 56288 [preauth]
Jun 23 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: Invalid user user from 103.5.210.47
Jun 23 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session closed for user root
Jun 23 19:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Failed password for invalid user alex from 176.65.139.218 port 53152 ssh2
Jun 23 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Connection closed by 176.65.139.218 port 53152 [preauth]
Jun 23 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: Failed password for invalid user user from 103.5.210.47 port 52254 ssh2
Jun 23 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: Connection closed by 103.5.210.47 port 52254 [preauth]
Jun 23 19:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7026]: Invalid user user from 103.5.210.47
Jun 23 19:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7026]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7026]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7026]: Failed password for invalid user user from 103.5.210.47 port 52260 ssh2
Jun 23 19:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7026]: Connection closed by 103.5.210.47 port 52260 [preauth]
Jun 23 19:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Failed password for invalid user ubuntu from 176.65.139.218 port 51032 ssh2
Jun 23 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Connection closed by 176.65.139.218 port 51032 [preauth]
Jun 23 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: Invalid user user from 103.5.210.47
Jun 23 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: Failed password for invalid user user from 103.5.210.47 port 52270 ssh2
Jun 23 19:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: Connection closed by 103.5.210.47 port 52270 [preauth]
Jun 23 19:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243  user=root
Jun 23 19:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: Invalid user user from 103.5.210.47
Jun 23 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: Failed password for root from 115.178.75.243 port 50704 ssh2
Jun 23 19:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: Received disconnect from 115.178.75.243 port 50704:11: Bye Bye [preauth]
Jun 23 19:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: Disconnected from 115.178.75.243 port 50704 [preauth]
Jun 23 19:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: Failed password for invalid user user from 103.5.210.47 port 52280 ssh2
Jun 23 19:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: Connection closed by 103.5.210.47 port 52280 [preauth]
Jun 23 19:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7127]: Invalid user user from 103.5.210.47
Jun 23 19:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7127]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7127]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: Failed password for root from 176.65.139.218 port 51132 ssh2
Jun 23 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: Connection closed by 176.65.139.218 port 51132 [preauth]
Jun 23 19:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7127]: Failed password for invalid user user from 103.5.210.47 port 52284 ssh2
Jun 23 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7127]: Connection closed by 103.5.210.47 port 52284 [preauth]
Jun 23 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Invalid user user from 103.5.210.47
Jun 23 19:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Invalid user ec2-user from 176.65.139.218
Jun 23 19:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: input_userauth_request: invalid user ec2-user [preauth]
Jun 23 19:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Failed password for invalid user user from 103.5.210.47 port 52290 ssh2
Jun 23 19:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Connection closed by 103.5.210.47 port 52290 [preauth]
Jun 23 19:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Failed password for invalid user ec2-user from 176.65.139.218 port 50160 ssh2
Jun 23 19:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Connection closed by 176.65.139.218 port 50160 [preauth]
Jun 23 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: Invalid user user from 103.5.210.47
Jun 23 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: Invalid user es from 91.92.40.11
Jun 23 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: input_userauth_request: invalid user es [preauth]
Jun 23 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.11
Jun 23 19:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: Failed password for invalid user user from 103.5.210.47 port 52292 ssh2
Jun 23 19:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7152]: Connection closed by 103.5.210.47 port 52292 [preauth]
Jun 23 19:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7157]: Invalid user azureuser from 176.65.139.218
Jun 23 19:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7157]: input_userauth_request: invalid user azureuser [preauth]
Jun 23 19:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7157]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: Failed password for invalid user es from 91.92.40.11 port 49168 ssh2
Jun 23 19:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: Connection closed by 91.92.40.11 port 49168 [preauth]
Jun 23 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Invalid user user from 103.5.210.47
Jun 23 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: input_userauth_request: invalid user user [preauth]
Jun 23 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7157]: Failed password for invalid user azureuser from 176.65.139.218 port 60768 ssh2
Jun 23 19:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7157]: Connection closed by 176.65.139.218 port 60768 [preauth]
Jun 23 19:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Failed password for invalid user user from 103.5.210.47 port 52298 ssh2
Jun 23 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Connection closed by 103.5.210.47 port 52298 [preauth]
Jun 23 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7174]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: Successful su for rubyman by root
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: + ??? root:rubyman
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579246 of user rubyman.
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579246.
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: Invalid user user from 103.5.210.47
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Invalid user csgo from 176.65.139.218
Jun 23 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: input_userauth_request: invalid user csgo [preauth]
Jun 23 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: Failed password for invalid user user from 103.5.210.47 port 52302 ssh2
Jun 23 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7171]: Connection closed by 103.5.210.47 port 52302 [preauth]
Jun 23 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4104]: pam_unix(cron:session): session closed for user root
Jun 23 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Invalid user user from 103.5.210.47
Jun 23 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Failed password for invalid user csgo from 176.65.139.218 port 60810 ssh2
Jun 23 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Connection closed by 176.65.139.218 port 60810 [preauth]
Jun 23 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7176]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Invalid user season from 95.58.255.251
Jun 23 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: input_userauth_request: invalid user season [preauth]
Jun 23 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for invalid user user from 103.5.210.47 port 52304 ssh2
Jun 23 19:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Connection closed by 103.5.210.47 port 52304 [preauth]
Jun 23 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Failed password for invalid user season from 95.58.255.251 port 54296 ssh2
Jun 23 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Received disconnect from 95.58.255.251 port 54296:11: Bye Bye [preauth]
Jun 23 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Disconnected from 95.58.255.251 port 54296 [preauth]
Jun 23 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Invalid user user from 103.5.210.47
Jun 23 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Invalid user test2 from 176.65.139.218
Jun 23 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: input_userauth_request: invalid user test2 [preauth]
Jun 23 19:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Failed password for invalid user user from 103.5.210.47 port 52308 ssh2
Jun 23 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Connection closed by 103.5.210.47 port 52308 [preauth]
Jun 23 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Invalid user user from 103.5.210.47
Jun 23 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Failed password for invalid user test2 from 176.65.139.218 port 42346 ssh2
Jun 23 19:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Connection closed by 176.65.139.218 port 42346 [preauth]
Jun 23 19:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Failed password for invalid user user from 103.5.210.47 port 52316 ssh2
Jun 23 19:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Connection closed by 103.5.210.47 port 52316 [preauth]
Jun 23 19:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Invalid user user from 103.5.210.47
Jun 23 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Invalid user tomcat from 176.65.139.218
Jun 23 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: input_userauth_request: invalid user tomcat [preauth]
Jun 23 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Failed password for invalid user user from 103.5.210.47 port 52318 ssh2
Jun 23 19:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Connection closed by 103.5.210.47 port 52318 [preauth]
Jun 23 19:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Failed password for root from 202.178.126.219 port 21664 ssh2
Jun 23 19:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Invalid user user from 103.5.210.47
Jun 23 19:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Connection closed by 202.178.126.219 port 21664 [preauth]
Jun 23 19:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Failed password for invalid user tomcat from 176.65.139.218 port 42382 ssh2
Jun 23 19:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Connection closed by 176.65.139.218 port 42382 [preauth]
Jun 23 19:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Failed password for invalid user user from 103.5.210.47 port 52324 ssh2
Jun 23 19:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Connection closed by 103.5.210.47 port 52324 [preauth]
Jun 23 19:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Invalid user user from 103.5.210.47
Jun 23 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Failed password for invalid user user from 103.5.210.47 port 52330 ssh2
Jun 23 19:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Failed password for invalid user ubuntu from 176.65.139.218 port 38846 ssh2
Jun 23 19:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Connection closed by 103.5.210.47 port 52330 [preauth]
Jun 23 19:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Connection closed by 176.65.139.218 port 38846 [preauth]
Jun 23 19:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7506]: Invalid user user from 103.5.210.47
Jun 23 19:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7506]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7506]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7506]: Failed password for invalid user user from 103.5.210.47 port 52336 ssh2
Jun 23 19:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7506]: Connection closed by 103.5.210.47 port 52336 [preauth]
Jun 23 19:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Invalid user user from 103.5.210.47
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Invalid user admin1 from 176.65.139.218
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7516]: Received disconnect from 86.111.187.169 port 44786:11: disconnected by user [preauth]
Jun 23 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7516]: Disconnected from 86.111.187.169 port 44786 [preauth]
Jun 23 19:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Failed password for root from 59.12.160.91 port 47226 ssh2
Jun 23 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Received disconnect from 59.12.160.91 port 47226:11: Bye Bye [preauth]
Jun 23 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Disconnected from 59.12.160.91 port 47226 [preauth]
Jun 23 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Failed password for invalid user user from 103.5.210.47 port 52342 ssh2
Jun 23 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Connection closed by 103.5.210.47 port 52342 [preauth]
Jun 23 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Failed password for invalid user admin1 from 176.65.139.218 port 49406 ssh2
Jun 23 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Connection closed by 176.65.139.218 port 49406 [preauth]
Jun 23 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: Invalid user user from 103.5.210.47
Jun 23 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session closed for user root
Jun 23 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: Invalid user root2 from 104.243.42.167
Jun 23 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: input_userauth_request: invalid user root2 [preauth]
Jun 23 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: Invalid user admin from 176.65.139.218
Jun 23 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: Failed password for invalid user user from 103.5.210.47 port 52346 ssh2
Jun 23 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: Connection closed by 103.5.210.47 port 52346 [preauth]
Jun 23 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: Failed password for invalid user root2 from 104.243.42.167 port 33420 ssh2
Jun 23 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: Received disconnect from 104.243.42.167 port 33420:11: Bye Bye [preauth]
Jun 23 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: Disconnected from 104.243.42.167 port 33420 [preauth]
Jun 23 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: Invalid user user from 103.5.210.47
Jun 23 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: Failed password for invalid user admin from 176.65.139.218 port 49488 ssh2
Jun 23 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: Connection closed by 176.65.139.218 port 49488 [preauth]
Jun 23 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: Failed password for invalid user user from 103.5.210.47 port 52354 ssh2
Jun 23 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: Connection closed by 103.5.210.47 port 52354 [preauth]
Jun 23 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Invalid user user from 103.5.210.47
Jun 23 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: Invalid user debian from 176.65.139.218
Jun 23 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Failed password for invalid user user from 103.5.210.47 port 52368 ssh2
Jun 23 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Connection closed by 103.5.210.47 port 52368 [preauth]
Jun 23 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20  user=root
Jun 23 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Invalid user user from 103.5.210.47
Jun 23 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: Failed password for invalid user debian from 176.65.139.218 port 45902 ssh2
Jun 23 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: Connection closed by 176.65.139.218 port 45902 [preauth]
Jun 23 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Failed password for root from 65.21.150.20 port 37372 ssh2
Jun 23 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Received disconnect from 65.21.150.20 port 37372:11: Bye Bye [preauth]
Jun 23 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Disconnected from 65.21.150.20 port 37372 [preauth]
Jun 23 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Failed password for invalid user user from 103.5.210.47 port 52372 ssh2
Jun 23 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Connection closed by 103.5.210.47 port 52372 [preauth]
Jun 23 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: Invalid user user from 103.5.210.47
Jun 23 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Invalid user trade from 176.65.139.218
Jun 23 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: input_userauth_request: invalid user trade [preauth]
Jun 23 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: Failed password for invalid user user from 103.5.210.47 port 52378 ssh2
Jun 23 19:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: Connection closed by 103.5.210.47 port 52378 [preauth]
Jun 23 19:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for invalid user trade from 176.65.139.218 port 45164 ssh2
Jun 23 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Connection closed by 176.65.139.218 port 45164 [preauth]
Jun 23 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: Invalid user user from 103.5.210.47
Jun 23 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: Failed password for invalid user user from 103.5.210.47 port 52380 ssh2
Jun 23 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7631]: Connection closed by 103.5.210.47 port 52380 [preauth]
Jun 23 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Invalid user user from 103.5.210.47
Jun 23 19:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Failed password for root from 176.65.139.218 port 45242 ssh2
Jun 23 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Failed password for invalid user user from 103.5.210.47 port 52386 ssh2
Jun 23 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Connection closed by 176.65.139.218 port 45242 [preauth]
Jun 23 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Connection closed by 103.5.210.47 port 52386 [preauth]
Jun 23 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Invalid user user from 103.5.210.47
Jun 23 19:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Invalid user user from 176.65.139.218
Jun 23 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: input_userauth_request: invalid user user [preauth]
Jun 23 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Failed password for invalid user user from 103.5.210.47 port 52390 ssh2
Jun 23 19:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Connection closed by 103.5.210.47 port 52390 [preauth]
Jun 23 19:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7570]: Connection closed by 103.77.242.62 port 40146 [preauth]
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: Invalid user user from 103.5.210.47
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7750]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7752]: pam_unix(cron:session): session closed for user root
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7747]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Failed password for invalid user user from 176.65.139.218 port 45206 ssh2
Jun 23 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Connection closed by 176.65.139.218 port 45206 [preauth]
Jun 23 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7816]: Successful su for rubyman by root
Jun 23 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7816]: + ??? root:rubyman
Jun 23 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579250 of user rubyman.
Jun 23 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7816]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579250.
Jun 23 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: Failed password for invalid user user from 103.5.210.47 port 52402 ssh2
Jun 23 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: Connection closed by 103.5.210.47 port 52402 [preauth]
Jun 23 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: Invalid user user from 103.5.210.47
Jun 23 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7749]: pam_unix(cron:session): session closed for user root
Jun 23 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4586]: pam_unix(cron:session): session closed for user root
Jun 23 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7748]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: Failed password for invalid user user from 103.5.210.47 port 52412 ssh2
Jun 23 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: Connection closed by 103.5.210.47 port 52412 [preauth]
Jun 23 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8015]: Invalid user user from 103.5.210.47
Jun 23 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8015]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: Failed password for root from 176.65.139.218 port 45228 ssh2
Jun 23 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8015]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: Connection closed by 176.65.139.218 port 45228 [preauth]
Jun 23 19:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8015]: Failed password for invalid user user from 103.5.210.47 port 52418 ssh2
Jun 23 19:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8015]: Connection closed by 103.5.210.47 port 52418 [preauth]
Jun 23 19:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Invalid user user from 103.5.210.47
Jun 23 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Failed password for invalid user user from 103.5.210.47 port 52420 ssh2
Jun 23 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Connection closed by 103.5.210.47 port 52420 [preauth]
Jun 23 19:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: Failed password for root from 176.65.139.218 port 57896 ssh2
Jun 23 19:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: Connection closed by 176.65.139.218 port 57896 [preauth]
Jun 23 19:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Invalid user user from 103.5.210.47
Jun 23 19:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Failed password for invalid user user from 103.5.210.47 port 52426 ssh2
Jun 23 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Connection closed by 103.5.210.47 port 52426 [preauth]
Jun 23 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Invalid user alex from 176.65.139.218
Jun 23 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: input_userauth_request: invalid user alex [preauth]
Jun 23 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Invalid user user from 103.5.210.47
Jun 23 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Failed password for invalid user alex from 176.65.139.218 port 33254 ssh2
Jun 23 19:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Connection closed by 176.65.139.218 port 33254 [preauth]
Jun 23 19:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Failed password for invalid user user from 103.5.210.47 port 52430 ssh2
Jun 23 19:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Connection closed by 103.5.210.47 port 52430 [preauth]
Jun 23 19:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Invalid user user from 103.5.210.47
Jun 23 19:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Failed password for invalid user user from 103.5.210.47 port 52436 ssh2
Jun 23 19:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Connection closed by 103.5.210.47 port 52436 [preauth]
Jun 23 19:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: Invalid user admin from 176.65.139.218
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: Invalid user user from 103.5.210.47
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: Invalid user star from 104.208.108.166
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: input_userauth_request: invalid user star [preauth]
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: Failed password for invalid user admin from 176.65.139.218 port 33322 ssh2
Jun 23 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: Failed password for invalid user star from 104.208.108.166 port 10878 ssh2
Jun 23 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: Connection closed by 176.65.139.218 port 33322 [preauth]
Jun 23 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: Failed password for invalid user user from 103.5.210.47 port 52442 ssh2
Jun 23 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: Received disconnect from 104.208.108.166 port 10878:11: Bye Bye [preauth]
Jun 23 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: Disconnected from 104.208.108.166 port 10878 [preauth]
Jun 23 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: Connection closed by 103.5.210.47 port 52442 [preauth]
Jun 23 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Invalid user user from 103.5.210.47
Jun 23 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Invalid user arkserver from 59.12.160.91
Jun 23 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: input_userauth_request: invalid user arkserver [preauth]
Jun 23 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: Invalid user sam from 176.65.139.218
Jun 23 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: input_userauth_request: invalid user sam [preauth]
Jun 23 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Failed password for invalid user user from 103.5.210.47 port 52444 ssh2
Jun 23 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Connection closed by 103.5.210.47 port 52444 [preauth]
Jun 23 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Failed password for invalid user arkserver from 59.12.160.91 port 38114 ssh2
Jun 23 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Received disconnect from 59.12.160.91 port 38114:11: Bye Bye [preauth]
Jun 23 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Disconnected from 59.12.160.91 port 38114 [preauth]
Jun 23 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Invalid user user from 103.5.210.47
Jun 23 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: Failed password for invalid user sam from 176.65.139.218 port 45944 ssh2
Jun 23 19:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: Connection closed by 176.65.139.218 port 45944 [preauth]
Jun 23 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6610]: pam_unix(cron:session): session closed for user root
Jun 23 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Failed password for invalid user user from 103.5.210.47 port 52452 ssh2
Jun 23 19:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8113]: Connection closed by 103.5.210.47 port 52452 [preauth]
Jun 23 19:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: Invalid user user from 103.5.210.47
Jun 23 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: Invalid user cloud from 176.65.139.218
Jun 23 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: input_userauth_request: invalid user cloud [preauth]
Jun 23 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: Failed password for invalid user user from 103.5.210.47 port 52458 ssh2
Jun 23 19:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: Connection closed by 103.5.210.47 port 52458 [preauth]
Jun 23 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: Failed password for invalid user cloud from 176.65.139.218 port 45978 ssh2
Jun 23 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: Connection closed by 176.65.139.218 port 45978 [preauth]
Jun 23 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Invalid user user from 103.5.210.47
Jun 23 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Failed password for invalid user user from 103.5.210.47 port 52468 ssh2
Jun 23 19:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Connection closed by 103.5.210.47 port 52468 [preauth]
Jun 23 19:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8163]: Invalid user user from 103.5.210.47
Jun 23 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8163]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: Invalid user admin from 176.65.139.218
Jun 23 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8163]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8163]: Failed password for invalid user user from 103.5.210.47 port 52474 ssh2
Jun 23 19:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: Failed password for invalid user admin from 176.65.139.218 port 41612 ssh2
Jun 23 19:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8163]: Connection closed by 103.5.210.47 port 52474 [preauth]
Jun 23 19:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: Connection closed by 176.65.139.218 port 41612 [preauth]
Jun 23 19:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: Invalid user user from 103.5.210.47
Jun 23 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: Failed password for invalid user user from 103.5.210.47 port 52476 ssh2
Jun 23 19:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8179]: Connection closed by 103.5.210.47 port 52476 [preauth]
Jun 23 19:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Invalid user data from 176.65.139.218
Jun 23 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: input_userauth_request: invalid user data [preauth]
Jun 23 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Invalid user user from 103.5.210.47
Jun 23 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: Invalid user frontend from 95.58.255.251
Jun 23 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: input_userauth_request: invalid user frontend [preauth]
Jun 23 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Failed password for invalid user data from 176.65.139.218 port 36400 ssh2
Jun 23 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Connection closed by 176.65.139.218 port 36400 [preauth]
Jun 23 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Failed password for invalid user user from 103.5.210.47 port 52482 ssh2
Jun 23 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Connection closed by 103.5.210.47 port 52482 [preauth]
Jun 23 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: Invalid user user from 103.5.210.47
Jun 23 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: Failed password for invalid user frontend from 95.58.255.251 port 50092 ssh2
Jun 23 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: Received disconnect from 95.58.255.251 port 50092:11: Bye Bye [preauth]
Jun 23 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: Disconnected from 95.58.255.251 port 50092 [preauth]
Jun 23 19:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: Failed password for invalid user user from 103.5.210.47 port 52486 ssh2
Jun 23 19:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: Connection closed by 103.5.210.47 port 52486 [preauth]
Jun 23 19:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Invalid user niaoyun from 176.65.139.218
Jun 23 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: input_userauth_request: invalid user niaoyun [preauth]
Jun 23 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: Invalid user user from 103.5.210.47
Jun 23 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Failed password for invalid user niaoyun from 176.65.139.218 port 36434 ssh2
Jun 23 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Connection closed by 176.65.139.218 port 36434 [preauth]
Jun 23 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: Failed password for invalid user user from 103.5.210.47 port 52492 ssh2
Jun 23 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8209]: Connection closed by 103.5.210.47 port 52492 [preauth]
Jun 23 19:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Invalid user user from 103.5.210.47
Jun 23 19:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: input_userauth_request: invalid user user [preauth]
Jun 23 19:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: Invalid user yuriy from 115.178.75.243
Jun 23 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: input_userauth_request: invalid user yuriy [preauth]
Jun 23 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Failed password for invalid user user from 103.5.210.47 port 52498 ssh2
Jun 23 19:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Connection closed by 103.5.210.47 port 52498 [preauth]
Jun 23 19:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: Invalid user user from 103.5.210.47
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: Failed password for invalid user yuriy from 115.178.75.243 port 33746 ssh2
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8238]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: Received disconnect from 115.178.75.243 port 33746:11: Bye Bye [preauth]
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8222]: Disconnected from 115.178.75.243 port 33746 [preauth]
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8302]: Successful su for rubyman by root
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8302]: + ??? root:rubyman
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579257 of user rubyman.
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8302]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579257.
Jun 23 19:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Failed password for root from 176.65.139.218 port 39516 ssh2
Jun 23 19:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: Failed password for invalid user user from 103.5.210.47 port 52506 ssh2
Jun 23 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Connection closed by 176.65.139.218 port 39516 [preauth]
Jun 23 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: Connection closed by 103.5.210.47 port 52506 [preauth]
Jun 23 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: Invalid user user from 103.5.210.47
Jun 23 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5176]: pam_unix(cron:session): session closed for user root
Jun 23 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8239]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Invalid user node from 176.65.139.218
Jun 23 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: input_userauth_request: invalid user node [preauth]
Jun 23 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: Failed password for invalid user user from 103.5.210.47 port 52512 ssh2
Jun 23 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: Connection closed by 103.5.210.47 port 52512 [preauth]
Jun 23 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Failed password for invalid user node from 176.65.139.218 port 32804 ssh2
Jun 23 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Invalid user user from 103.5.210.47
Jun 23 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Connection closed by 176.65.139.218 port 32804 [preauth]
Jun 23 19:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Failed password for invalid user user from 103.5.210.47 port 52520 ssh2
Jun 23 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Connection closed by 103.5.210.47 port 52520 [preauth]
Jun 23 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Invalid user user from 103.5.210.47
Jun 23 19:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Failed password for invalid user user from 103.5.210.47 port 52524 ssh2
Jun 23 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Connection closed by 103.5.210.47 port 52524 [preauth]
Jun 23 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Invalid user admin from 176.65.139.218
Jun 23 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: Invalid user user from 103.5.210.47
Jun 23 19:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Failed password for invalid user admin from 176.65.139.218 port 32832 ssh2
Jun 23 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Connection closed by 176.65.139.218 port 32832 [preauth]
Jun 23 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: Failed password for invalid user user from 103.5.210.47 port 52528 ssh2
Jun 23 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: Connection closed by 103.5.210.47 port 52528 [preauth]
Jun 23 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Invalid user user from 103.5.210.47
Jun 23 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: Invalid user neptune from 176.65.139.218
Jun 23 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: input_userauth_request: invalid user neptune [preauth]
Jun 23 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Failed password for invalid user user from 103.5.210.47 port 52536 ssh2
Jun 23 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Connection closed by 103.5.210.47 port 52536 [preauth]
Jun 23 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: Invalid user user from 103.5.210.47
Jun 23 19:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: Failed password for invalid user neptune from 176.65.139.218 port 45736 ssh2
Jun 23 19:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: Connection closed by 176.65.139.218 port 45736 [preauth]
Jun 23 19:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: Failed password for invalid user user from 103.5.210.47 port 52544 ssh2
Jun 23 19:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: Connection closed by 103.5.210.47 port 52544 [preauth]
Jun 23 19:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Invalid user user from 103.5.210.47
Jun 23 19:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: Invalid user hadoop from 176.65.139.218
Jun 23 19:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 19:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Failed password for invalid user user from 103.5.210.47 port 52548 ssh2
Jun 23 19:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Connection closed by 103.5.210.47 port 52548 [preauth]
Jun 23 19:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: Invalid user user from 103.5.210.47
Jun 23 19:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Jun 23 19:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: Failed password for invalid user hadoop from 176.65.139.218 port 45786 ssh2
Jun 23 19:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: Connection closed by 176.65.139.218 port 45786 [preauth]
Jun 23 19:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Failed password for root from 59.12.160.91 port 57268 ssh2
Jun 23 19:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: Failed password for invalid user user from 103.5.210.47 port 52552 ssh2
Jun 23 19:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Received disconnect from 59.12.160.91 port 57268:11: Bye Bye [preauth]
Jun 23 19:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Disconnected from 59.12.160.91 port 57268 [preauth]
Jun 23 19:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: Connection closed by 103.5.210.47 port 52552 [preauth]
Jun 23 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Invalid user user from 103.5.210.47
Jun 23 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Invalid user gitlab-runner from 176.65.139.218
Jun 23 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 23 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167  user=root
Jun 23 19:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Failed password for invalid user user from 103.5.210.47 port 52556 ssh2
Jun 23 19:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Connection closed by 103.5.210.47 port 52556 [preauth]
Jun 23 19:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Failed password for invalid user gitlab-runner from 176.65.139.218 port 54022 ssh2
Jun 23 19:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Connection closed by 176.65.139.218 port 54022 [preauth]
Jun 23 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7178]: pam_unix(cron:session): session closed for user root
Jun 23 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Invalid user user from 103.5.210.47
Jun 23 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Failed password for root from 104.243.42.167 port 53984 ssh2
Jun 23 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Received disconnect from 104.243.42.167 port 53984:11: Bye Bye [preauth]
Jun 23 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Disconnected from 104.243.42.167 port 53984 [preauth]
Jun 23 19:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Failed password for invalid user user from 103.5.210.47 port 52560 ssh2
Jun 23 19:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Connection closed by 103.5.210.47 port 52560 [preauth]
Jun 23 19:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: Invalid user support from 176.65.139.218
Jun 23 19:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: input_userauth_request: invalid user support [preauth]
Jun 23 19:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8618]: Invalid user user from 103.5.210.47
Jun 23 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8618]: input_userauth_request: invalid user user [preauth]
Jun 23 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8618]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 19:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: Failed password for invalid user support from 176.65.139.218 port 54060 ssh2
Jun 23 19:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: Connection closed by 176.65.139.218 port 54060 [preauth]
Jun 23 19:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8618]: Failed password for invalid user user from 103.5.210.47 port 52568 ssh2
Jun 23 19:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8618]: Connection closed by 103.5.210.47 port 52568 [preauth]
Jun 23 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: Failed password for root from 103.82.20.28 port 55732 ssh2
Jun 23 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: Connection closed by 103.82.20.28 port 55732 [preauth]
Jun 23 19:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8630]: Failed password for root from 176.65.139.218 port 43538 ssh2
Jun 23 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8630]: Connection closed by 176.65.139.218 port 43538 [preauth]
Jun 23 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: Failed password for invalid user ubuntu from 103.5.210.47 port 52580 ssh2
Jun 23 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: Connection closed by 103.5.210.47 port 52580 [preauth]
Jun 23 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Invalid user str from 65.21.150.20
Jun 23 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: input_userauth_request: invalid user str [preauth]
Jun 23 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: Invalid user runner from 176.65.139.218
Jun 23 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: input_userauth_request: invalid user runner [preauth]
Jun 23 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: Failed password for invalid user ubuntu from 103.5.210.47 port 52584 ssh2
Jun 23 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Failed password for invalid user str from 65.21.150.20 port 43190 ssh2
Jun 23 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Received disconnect from 65.21.150.20 port 43190:11: Bye Bye [preauth]
Jun 23 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Disconnected from 65.21.150.20 port 43190 [preauth]
Jun 23 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: Connection closed by 103.5.210.47 port 52584 [preauth]
Jun 23 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: Failed password for invalid user runner from 176.65.139.218 port 45398 ssh2
Jun 23 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8669]: Connection closed by 176.65.139.218 port 45398 [preauth]
Jun 23 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Failed password for invalid user ubuntu from 103.5.210.47 port 52588 ssh2
Jun 23 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Connection closed by 103.5.210.47 port 52588 [preauth]
Jun 23 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: Invalid user rdpuser from 176.65.139.218
Jun 23 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: Failed password for invalid user rdpuser from 176.65.139.218 port 45438 ssh2
Jun 23 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Failed password for invalid user ubuntu from 103.5.210.47 port 52594 ssh2
Jun 23 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: Connection closed by 176.65.139.218 port 45438 [preauth]
Jun 23 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Connection closed by 103.5.210.47 port 52594 [preauth]
Jun 23 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Failed password for invalid user ubuntu from 103.5.210.47 port 52598 ssh2
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Connection closed by 103.5.210.47 port 52598 [preauth]
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8701]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8763]: Successful su for rubyman by root
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8763]: + ??? root:rubyman
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579260 of user rubyman.
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8763]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579260.
Jun 23 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: Failed password for root from 176.65.139.218 port 54380 ssh2
Jun 23 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: Connection closed by 176.65.139.218 port 54380 [preauth]
Jun 23 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Failed password for invalid user ubuntu from 103.5.210.47 port 52602 ssh2
Jun 23 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session closed for user root
Jun 23 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Connection closed by 103.5.210.47 port 52602 [preauth]
Jun 23 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8702]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: Failed password for invalid user ubuntu from 103.5.210.47 port 52610 ssh2
Jun 23 19:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: Connection closed by 103.5.210.47 port 52610 [preauth]
Jun 23 19:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Failed password for root from 176.65.139.218 port 33766 ssh2
Jun 23 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Connection closed by 176.65.139.218 port 33766 [preauth]
Jun 23 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Failed password for invalid user ubuntu from 103.5.210.47 port 52614 ssh2
Jun 23 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Connection closed by 103.5.210.47 port 52614 [preauth]
Jun 23 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Invalid user operator from 176.65.139.218
Jun 23 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: input_userauth_request: invalid user operator [preauth]
Jun 23 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Failed password for invalid user operator from 176.65.139.218 port 33818 ssh2
Jun 23 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: Failed password for invalid user ubuntu from 103.5.210.47 port 52624 ssh2
Jun 23 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Connection closed by 176.65.139.218 port 33818 [preauth]
Jun 23 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: Connection closed by 103.5.210.47 port 52624 [preauth]
Jun 23 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Invalid user openclaw from 176.65.139.218
Jun 23 19:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 19:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Failed password for invalid user ubuntu from 103.5.210.47 port 52628 ssh2
Jun 23 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Connection closed by 103.5.210.47 port 52628 [preauth]
Jun 23 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Failed password for invalid user openclaw from 176.65.139.218 port 33882 ssh2
Jun 23 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Connection closed by 176.65.139.218 port 33882 [preauth]
Jun 23 19:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Invalid user drone from 104.208.108.166
Jun 23 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: input_userauth_request: invalid user drone [preauth]
Jun 23 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166
Jun 23 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Invalid user agent from 176.65.139.218
Jun 23 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: input_userauth_request: invalid user agent [preauth]
Jun 23 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: Failed password for invalid user ubuntu from 103.5.210.47 port 52634 ssh2
Jun 23 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: Connection closed by 103.5.210.47 port 52634 [preauth]
Jun 23 19:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Failed password for invalid user drone from 104.208.108.166 port 60430 ssh2
Jun 23 19:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Received disconnect from 104.208.108.166 port 60430:11: Bye Bye [preauth]
Jun 23 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Disconnected from 104.208.108.166 port 60430 [preauth]
Jun 23 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Failed password for invalid user agent from 176.65.139.218 port 60232 ssh2
Jun 23 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9007]: Connection closed by 176.65.139.218 port 60232 [preauth]
Jun 23 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Invalid user eric from 59.12.160.91
Jun 23 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: input_userauth_request: invalid user eric [preauth]
Jun 23 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Failed password for invalid user ubuntu from 103.5.210.47 port 52640 ssh2
Jun 23 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Connection closed by 103.5.210.47 port 52640 [preauth]
Jun 23 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: Invalid user username from 176.65.139.218
Jun 23 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: input_userauth_request: invalid user username [preauth]
Jun 23 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Failed password for invalid user eric from 59.12.160.91 port 48236 ssh2
Jun 23 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Received disconnect from 59.12.160.91 port 48236:11: Bye Bye [preauth]
Jun 23 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Disconnected from 59.12.160.91 port 48236 [preauth]
Jun 23 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: Failed password for invalid user username from 176.65.139.218 port 60294 ssh2
Jun 23 19:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: Connection closed by 176.65.139.218 port 60294 [preauth]
Jun 23 19:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: Failed password for invalid user ubuntu from 103.5.210.47 port 52644 ssh2
Jun 23 19:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: Connection closed by 103.5.210.47 port 52644 [preauth]
Jun 23 19:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: Invalid user testuser from 176.65.139.218
Jun 23 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: input_userauth_request: invalid user testuser [preauth]
Jun 23 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Invalid user tomcat from 95.58.255.251
Jun 23 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: input_userauth_request: invalid user tomcat [preauth]
Jun 23 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: Failed password for invalid user ubuntu from 103.5.210.47 port 52650 ssh2
Jun 23 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: Connection closed by 103.5.210.47 port 52650 [preauth]
Jun 23 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: Failed password for invalid user testuser from 176.65.139.218 port 55730 ssh2
Jun 23 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: Connection closed by 176.65.139.218 port 55730 [preauth]
Jun 23 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Failed password for invalid user tomcat from 95.58.255.251 port 33764 ssh2
Jun 23 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Received disconnect from 95.58.255.251 port 33764:11: Bye Bye [preauth]
Jun 23 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Disconnected from 95.58.255.251 port 33764 [preauth]
Jun 23 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7751]: pam_unix(cron:session): session closed for user root
Jun 23 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Invalid user devops from 176.65.139.218
Jun 23 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: input_userauth_request: invalid user devops [preauth]
Jun 23 19:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Failed password for invalid user ubuntu from 103.5.210.47 port 52658 ssh2
Jun 23 19:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: Connection closed by 103.5.210.47 port 52658 [preauth]
Jun 23 19:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Failed password for invalid user devops from 176.65.139.218 port 55752 ssh2
Jun 23 19:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Connection closed by 176.65.139.218 port 55752 [preauth]
Jun 23 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: Failed password for invalid user ubuntu from 103.5.210.47 port 52662 ssh2
Jun 23 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: Connection closed by 103.5.210.47 port 52662 [preauth]
Jun 23 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: Invalid user sysupdate from 176.65.139.218
Jun 23 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: input_userauth_request: invalid user sysupdate [preauth]
Jun 23 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Failed password for invalid user ubuntu from 103.5.210.47 port 52668 ssh2
Jun 23 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: Failed password for invalid user sysupdate from 176.65.139.218 port 42930 ssh2
Jun 23 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Connection closed by 103.5.210.47 port 52668 [preauth]
Jun 23 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: Connection closed by 176.65.139.218 port 42930 [preauth]
Jun 23 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: Invalid user ivan from 176.65.139.218
Jun 23 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: input_userauth_request: invalid user ivan [preauth]
Jun 23 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: Failed password for invalid user ubuntu from 103.5.210.47 port 52674 ssh2
Jun 23 19:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: Connection closed by 103.5.210.47 port 52674 [preauth]
Jun 23 19:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: Failed password for invalid user ivan from 176.65.139.218 port 43022 ssh2
Jun 23 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: Connection closed by 176.65.139.218 port 43022 [preauth]
Jun 23 19:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: Failed password for invalid user ubuntu from 103.5.210.47 port 52686 ssh2
Jun 23 19:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Invalid user core from 176.65.139.218
Jun 23 19:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: input_userauth_request: invalid user core [preauth]
Jun 23 19:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: Connection closed by 103.5.210.47 port 52686 [preauth]
Jun 23 19:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Failed password for invalid user core from 176.65.139.218 port 34122 ssh2
Jun 23 19:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Connection closed by 176.65.139.218 port 34122 [preauth]
Jun 23 19:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: Failed password for invalid user ubuntu from 103.5.210.47 port 52690 ssh2
Jun 23 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: Connection closed by 103.5.210.47 port 52690 [preauth]
Jun 23 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9147]: Invalid user deployer from 176.65.139.218
Jun 23 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9147]: input_userauth_request: invalid user deployer [preauth]
Jun 23 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9147]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: Failed password for invalid user ubuntu from 103.5.210.47 port 52692 ssh2
Jun 23 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: Connection closed by 103.5.210.47 port 52692 [preauth]
Jun 23 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9147]: Failed password for invalid user deployer from 176.65.139.218 port 34178 ssh2
Jun 23 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9147]: Connection closed by 176.65.139.218 port 34178 [preauth]
Jun 23 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: Invalid user airflow from 176.65.139.218
Jun 23 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: input_userauth_request: invalid user airflow [preauth]
Jun 23 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: Failed password for invalid user ubuntu from 103.5.210.47 port 52698 ssh2
Jun 23 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: Connection closed by 103.5.210.47 port 52698 [preauth]
Jun 23 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: Failed password for invalid user airflow from 176.65.139.218 port 57228 ssh2
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: Connection closed by 176.65.139.218 port 57228 [preauth]
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9164]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9227]: Successful su for rubyman by root
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9227]: + ??? root:rubyman
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Failed password for invalid user ubuntu from 103.5.210.47 port 52704 ssh2
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579264 of user rubyman.
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9227]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579264.
Jun 23 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Connection closed by 103.5.210.47 port 52704 [preauth]
Jun 23 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session closed for user root
Jun 23 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: Failed password for invalid user ubuntu from 103.5.210.47 port 52710 ssh2
Jun 23 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: Connection closed by 103.5.210.47 port 52710 [preauth]
Jun 23 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9165]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: Failed password for root from 176.65.139.218 port 57288 ssh2
Jun 23 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: Connection closed by 176.65.139.218 port 57288 [preauth]
Jun 23 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Failed password for invalid user ubuntu from 103.5.210.47 port 52718 ssh2
Jun 23 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Connection closed by 103.5.210.47 port 52718 [preauth]
Jun 23 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Failed password for invalid user ubuntu from 103.5.210.47 port 52726 ssh2
Jun 23 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Connection closed by 103.5.210.47 port 52726 [preauth]
Jun 23 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Invalid user cloud from 176.65.139.218
Jun 23 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: input_userauth_request: invalid user cloud [preauth]
Jun 23 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Failed password for invalid user cloud from 176.65.139.218 port 60108 ssh2
Jun 23 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Invalid user lilei from 115.178.75.243
Jun 23 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: input_userauth_request: invalid user lilei [preauth]
Jun 23 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Connection closed by 176.65.139.218 port 60108 [preauth]
Jun 23 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Failed password for invalid user ubuntu from 103.5.210.47 port 52732 ssh2
Jun 23 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Connection closed by 103.5.210.47 port 52732 [preauth]
Jun 23 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Failed password for invalid user lilei from 115.178.75.243 port 45028 ssh2
Jun 23 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Received disconnect from 115.178.75.243 port 45028:11: Bye Bye [preauth]
Jun 23 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Disconnected from 115.178.75.243 port 45028 [preauth]
Jun 23 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9451]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9451]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9451]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9451]: Failed password for invalid user ubuntu from 103.5.210.47 port 52738 ssh2
Jun 23 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9451]: Connection closed by 103.5.210.47 port 52738 [preauth]
Jun 23 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: Invalid user erpnext from 59.12.160.91
Jun 23 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: input_userauth_request: invalid user erpnext [preauth]
Jun 23 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: Failed password for root from 176.65.139.218 port 34940 ssh2
Jun 23 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: Connection closed by 176.65.139.218 port 34940 [preauth]
Jun 23 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: Failed password for invalid user erpnext from 59.12.160.91 port 39084 ssh2
Jun 23 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: Received disconnect from 59.12.160.91 port 39084:11: Bye Bye [preauth]
Jun 23 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: Disconnected from 59.12.160.91 port 39084 [preauth]
Jun 23 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Failed password for invalid user ubuntu from 103.5.210.47 port 52742 ssh2
Jun 23 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Connection closed by 103.5.210.47 port 52742 [preauth]
Jun 23 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Failed password for invalid user ubuntu from 103.5.210.47 port 52748 ssh2
Jun 23 19:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Connection closed by 103.5.210.47 port 52748 [preauth]
Jun 23 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Failed password for root from 176.65.139.218 port 35022 ssh2
Jun 23 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Connection closed by 176.65.139.218 port 35022 [preauth]
Jun 23 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Invalid user lima from 104.243.42.167
Jun 23 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: input_userauth_request: invalid user lima [preauth]
Jun 23 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 19:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Failed password for invalid user ubuntu from 103.5.210.47 port 52752 ssh2
Jun 23 19:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Connection closed by 103.5.210.47 port 52752 [preauth]
Jun 23 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Invalid user pi from 176.65.139.218
Jun 23 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: input_userauth_request: invalid user pi [preauth]
Jun 23 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9503]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9503]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9503]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Failed password for invalid user lima from 104.243.42.167 port 51804 ssh2
Jun 23 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Received disconnect from 104.243.42.167 port 51804:11: Bye Bye [preauth]
Jun 23 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Disconnected from 104.243.42.167 port 51804 [preauth]
Jun 23 19:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Failed password for invalid user pi from 176.65.139.218 port 35106 ssh2
Jun 23 19:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Connection closed by 176.65.139.218 port 35106 [preauth]
Jun 23 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9503]: Failed password for invalid user ubuntu from 103.5.210.47 port 52760 ssh2
Jun 23 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9503]: Connection closed by 103.5.210.47 port 52760 [preauth]
Jun 23 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8241]: pam_unix(cron:session): session closed for user root
Jun 23 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: Invalid user administrator from 176.65.139.218
Jun 23 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: input_userauth_request: invalid user administrator [preauth]
Jun 23 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: Failed password for invalid user ubuntu from 103.5.210.47 port 52770 ssh2
Jun 23 19:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: Connection closed by 103.5.210.47 port 52770 [preauth]
Jun 23 19:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: Failed password for invalid user administrator from 176.65.139.218 port 35118 ssh2
Jun 23 19:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: Connection closed by 176.65.139.218 port 35118 [preauth]
Jun 23 19:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Failed password for invalid user ubuntu from 103.5.210.47 port 52782 ssh2
Jun 23 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Connection closed by 103.5.210.47 port 52782 [preauth]
Jun 23 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9551]: Failed password for root from 176.65.139.218 port 55700 ssh2
Jun 23 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Failed password for invalid user ubuntu from 103.5.210.47 port 52790 ssh2
Jun 23 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9551]: Connection closed by 176.65.139.218 port 55700 [preauth]
Jun 23 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Connection closed by 103.5.210.47 port 52790 [preauth]
Jun 23 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: Invalid user dev from 176.65.139.218
Jun 23 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: input_userauth_request: invalid user dev [preauth]
Jun 23 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Failed password for invalid user ubuntu from 103.5.210.47 port 52800 ssh2
Jun 23 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Connection closed by 103.5.210.47 port 52800 [preauth]
Jun 23 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: Failed password for invalid user dev from 176.65.139.218 port 33280 ssh2
Jun 23 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: Connection closed by 176.65.139.218 port 33280 [preauth]
Jun 23 19:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: Failed password for invalid user ubuntu from 103.5.210.47 port 52810 ssh2
Jun 23 19:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: Connection closed by 103.5.210.47 port 52810 [preauth]
Jun 23 19:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9592]: Invalid user debian from 176.65.139.218
Jun 23 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9592]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9592]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Failed password for invalid user ubuntu from 103.5.210.47 port 52822 ssh2
Jun 23 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Connection closed by 103.5.210.47 port 52822 [preauth]
Jun 23 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9592]: Failed password for invalid user debian from 176.65.139.218 port 33316 ssh2
Jun 23 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9592]: Connection closed by 176.65.139.218 port 33316 [preauth]
Jun 23 19:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Invalid user ernesto from 65.21.150.20
Jun 23 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: input_userauth_request: invalid user ernesto [preauth]
Jun 23 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: Invalid user git from 176.65.139.218
Jun 23 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: input_userauth_request: invalid user git [preauth]
Jun 23 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Failed password for invalid user ubuntu from 103.5.210.47 port 52826 ssh2
Jun 23 19:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Connection closed by 103.5.210.47 port 52826 [preauth]
Jun 23 19:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Failed password for invalid user ernesto from 65.21.150.20 port 38104 ssh2
Jun 23 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Received disconnect from 65.21.150.20 port 38104:11: Bye Bye [preauth]
Jun 23 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Disconnected from 65.21.150.20 port 38104 [preauth]
Jun 23 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: Failed password for invalid user git from 176.65.139.218 port 45648 ssh2
Jun 23 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: Connection closed by 176.65.139.218 port 45648 [preauth]
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9627]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9686]: Successful su for rubyman by root
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9686]: + ??? root:rubyman
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579269 of user rubyman.
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9686]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579269.
Jun 23 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: Failed password for invalid user ubuntu from 103.5.210.47 port 52838 ssh2
Jun 23 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: Connection closed by 103.5.210.47 port 52838 [preauth]
Jun 23 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9753]: Invalid user jellyfin from 176.65.139.218
Jun 23 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9753]: input_userauth_request: invalid user jellyfin [preauth]
Jun 23 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9753]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6609]: pam_unix(cron:session): session closed for user root
Jun 23 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9628]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Failed password for invalid user ubuntu from 103.5.210.47 port 52844 ssh2
Jun 23 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Connection closed by 103.5.210.47 port 52844 [preauth]
Jun 23 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9753]: Failed password for invalid user jellyfin from 176.65.139.218 port 45666 ssh2
Jun 23 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9753]: Connection closed by 176.65.139.218 port 45666 [preauth]
Jun 23 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: Failed password for invalid user ubuntu from 103.5.210.47 port 52852 ssh2
Jun 23 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: Connection closed by 103.5.210.47 port 52852 [preauth]
Jun 23 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Invalid user nvidia from 176.65.139.218
Jun 23 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: input_userauth_request: invalid user nvidia [preauth]
Jun 23 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Failed password for invalid user nvidia from 176.65.139.218 port 48224 ssh2
Jun 23 19:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Connection closed by 176.65.139.218 port 48224 [preauth]
Jun 23 19:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Failed password for invalid user ubuntu from 103.5.210.47 port 52864 ssh2
Jun 23 19:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Connection closed by 103.5.210.47 port 52864 [preauth]
Jun 23 19:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Invalid user testuser from 176.65.139.218
Jun 23 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: input_userauth_request: invalid user testuser [preauth]
Jun 23 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251  user=root
Jun 23 19:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Failed password for invalid user ubuntu from 103.5.210.47 port 52870 ssh2
Jun 23 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Connection closed by 103.5.210.47 port 52870 [preauth]
Jun 23 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Failed password for invalid user testuser from 176.65.139.218 port 48296 ssh2
Jun 23 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Connection closed by 176.65.139.218 port 48296 [preauth]
Jun 23 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Failed password for root from 95.58.255.251 port 55626 ssh2
Jun 23 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Invalid user dw from 59.12.160.91
Jun 23 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: input_userauth_request: invalid user dw [preauth]
Jun 23 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Received disconnect from 95.58.255.251 port 55626:11: Bye Bye [preauth]
Jun 23 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Disconnected from 95.58.255.251 port 55626 [preauth]
Jun 23 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Failed password for invalid user dw from 59.12.160.91 port 58384 ssh2
Jun 23 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Received disconnect from 59.12.160.91 port 58384:11: Bye Bye [preauth]
Jun 23 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Disconnected from 59.12.160.91 port 58384 [preauth]
Jun 23 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: Failed password for invalid user ubuntu from 103.5.210.47 port 52878 ssh2
Jun 23 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: Connection closed by 103.5.210.47 port 52878 [preauth]
Jun 23 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Invalid user omm from 176.65.139.218
Jun 23 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: input_userauth_request: invalid user omm [preauth]
Jun 23 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10099]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10099]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10099]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166  user=root
Jun 23 19:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Failed password for invalid user omm from 176.65.139.218 port 41514 ssh2
Jun 23 19:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Connection closed by 176.65.139.218 port 41514 [preauth]
Jun 23 19:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10099]: Failed password for invalid user ubuntu from 103.5.210.47 port 52886 ssh2
Jun 23 19:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10099]: Connection closed by 103.5.210.47 port 52886 [preauth]
Jun 23 19:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Failed password for root from 104.208.108.166 port 54348 ssh2
Jun 23 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Received disconnect from 104.208.108.166 port 54348:11: Bye Bye [preauth]
Jun 23 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Disconnected from 104.208.108.166 port 54348 [preauth]
Jun 23 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10129]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10129]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10129]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10129]: Failed password for invalid user ubuntu from 103.5.210.47 port 52894 ssh2
Jun 23 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10129]: Connection closed by 103.5.210.47 port 52894 [preauth]
Jun 23 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10131]: Failed password for root from 176.65.139.218 port 41548 ssh2
Jun 23 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10131]: Connection closed by 176.65.139.218 port 41548 [preauth]
Jun 23 19:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: Failed password for invalid user ubuntu from 103.5.210.47 port 52902 ssh2
Jun 23 19:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: Connection closed by 103.5.210.47 port 52902 [preauth]
Jun 23 19:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: Invalid user developer from 176.65.139.218
Jun 23 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: input_userauth_request: invalid user developer [preauth]
Jun 23 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8704]: pam_unix(cron:session): session closed for user root
Jun 23 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: Failed password for invalid user developer from 176.65.139.218 port 56290 ssh2
Jun 23 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: Connection closed by 176.65.139.218 port 56290 [preauth]
Jun 23 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Failed password for invalid user ubuntu from 103.5.210.47 port 52904 ssh2
Jun 23 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Connection closed by 103.5.210.47 port 52904 [preauth]
Jun 23 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Failed password for invalid user ubuntu from 103.5.210.47 port 52910 ssh2
Jun 23 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Invalid user devops from 176.65.139.218
Jun 23 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: input_userauth_request: invalid user devops [preauth]
Jun 23 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Connection closed by 103.5.210.47 port 52910 [preauth]
Jun 23 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Failed password for invalid user devops from 176.65.139.218 port 35952 ssh2
Jun 23 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Connection closed by 176.65.139.218 port 35952 [preauth]
Jun 23 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Failed password for invalid user ubuntu from 103.5.210.47 port 52916 ssh2
Jun 23 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Connection closed by 103.5.210.47 port 52916 [preauth]
Jun 23 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: Invalid user gitlab-runner from 176.65.139.218
Jun 23 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 23 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10203]: Failed password for root from 193.37.70.224 port 38894 ssh2
Jun 23 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: Failed password for invalid user ubuntu from 103.5.210.47 port 52930 ssh2
Jun 23 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10203]: Connection closed by 193.37.70.224 port 38894 [preauth]
Jun 23 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: Connection closed by 103.5.210.47 port 52930 [preauth]
Jun 23 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: Failed password for invalid user gitlab-runner from 176.65.139.218 port 35998 ssh2
Jun 23 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: Connection closed by 176.65.139.218 port 35998 [preauth]
Jun 23 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: Failed password for invalid user ubuntu from 103.5.210.47 port 52940 ssh2
Jun 23 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Invalid user administrator from 176.65.139.218
Jun 23 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: input_userauth_request: invalid user administrator [preauth]
Jun 23 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: Connection closed by 103.5.210.47 port 52940 [preauth]
Jun 23 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Failed password for invalid user administrator from 176.65.139.218 port 58200 ssh2
Jun 23 19:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Connection closed by 176.65.139.218 port 58200 [preauth]
Jun 23 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Failed password for invalid user ubuntu from 103.5.210.47 port 52946 ssh2
Jun 23 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Connection closed by 103.5.210.47 port 52946 [preauth]
Jun 23 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Invalid user vm from 176.65.139.218
Jun 23 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: input_userauth_request: invalid user vm [preauth]
Jun 23 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Failed password for invalid user ubuntu from 103.5.210.47 port 52962 ssh2
Jun 23 19:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Connection closed by 103.5.210.47 port 52962 [preauth]
Jun 23 19:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Failed password for invalid user vm from 176.65.139.218 port 58246 ssh2
Jun 23 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Connection closed by 176.65.139.218 port 58246 [preauth]
Jun 23 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Invalid user zabbix from 176.65.139.218
Jun 23 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: input_userauth_request: invalid user zabbix [preauth]
Jun 23 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: Failed password for invalid user ubuntu from 103.5.210.47 port 52964 ssh2
Jun 23 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10344]: Connection closed by 103.5.210.47 port 52964 [preauth]
Jun 23 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10365]: pam_unix(cron:session): session closed for user root
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10360]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10429]: Successful su for rubyman by root
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10429]: + ??? root:rubyman
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579272 of user rubyman.
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10429]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579272.
Jun 23 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Failed password for invalid user zabbix from 176.65.139.218 port 57162 ssh2
Jun 23 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Failed password for invalid user ubuntu from 103.5.210.47 port 52974 ssh2
Jun 23 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Connection closed by 176.65.139.218 port 57162 [preauth]
Jun 23 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Connection closed by 103.5.210.47 port 52974 [preauth]
Jun 23 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10362]: pam_unix(cron:session): session closed for user root
Jun 23 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7177]: pam_unix(cron:session): session closed for user root
Jun 23 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Invalid user pi from 176.65.139.218
Jun 23 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: input_userauth_request: invalid user pi [preauth]
Jun 23 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Failed password for invalid user ubuntu from 103.5.210.47 port 52980 ssh2
Jun 23 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Connection closed by 103.5.210.47 port 52980 [preauth]
Jun 23 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10361]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Failed password for invalid user pi from 176.65.139.218 port 57218 ssh2
Jun 23 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Connection closed by 176.65.139.218 port 57218 [preauth]
Jun 23 19:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: Failed password for invalid user ubuntu from 103.5.210.47 port 52994 ssh2
Jun 23 19:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: Connection closed by 103.5.210.47 port 52994 [preauth]
Jun 23 19:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Invalid user admin from 176.65.139.218
Jun 23 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: Failed password for invalid user ubuntu from 103.5.210.47 port 53002 ssh2
Jun 23 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Failed password for invalid user admin from 176.65.139.218 port 47500 ssh2
Jun 23 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: Connection closed by 103.5.210.47 port 53002 [preauth]
Jun 23 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Connection closed by 176.65.139.218 port 47500 [preauth]
Jun 23 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Invalid user user3 from 176.65.139.218
Jun 23 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: input_userauth_request: invalid user user3 [preauth]
Jun 23 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: Failed password for invalid user ubuntu from 103.5.210.47 port 53020 ssh2
Jun 23 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: Connection closed by 103.5.210.47 port 53020 [preauth]
Jun 23 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Failed password for invalid user user3 from 176.65.139.218 port 47546 ssh2
Jun 23 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Connection closed by 176.65.139.218 port 47546 [preauth]
Jun 23 19:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Failed password for invalid user ubuntu from 103.5.210.47 port 53030 ssh2
Jun 23 19:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Connection closed by 103.5.210.47 port 53030 [preauth]
Jun 23 19:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10708]: Invalid user ducc0x from 176.65.139.218
Jun 23 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10708]: input_userauth_request: invalid user ducc0x [preauth]
Jun 23 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Invalid user user1 from 59.12.160.91
Jun 23 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: input_userauth_request: invalid user user1 [preauth]
Jun 23 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10708]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Failed password for invalid user ubuntu from 103.5.210.47 port 53040 ssh2
Jun 23 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Connection closed by 103.5.210.47 port 53040 [preauth]
Jun 23 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Failed password for invalid user user1 from 59.12.160.91 port 49630 ssh2
Jun 23 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10708]: Failed password for invalid user ducc0x from 176.65.139.218 port 48238 ssh2
Jun 23 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Received disconnect from 59.12.160.91 port 49630:11: Bye Bye [preauth]
Jun 23 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Disconnected from 59.12.160.91 port 49630 [preauth]
Jun 23 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10708]: Connection closed by 176.65.139.218 port 48238 [preauth]
Jun 23 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Failed password for invalid user ubuntu from 103.5.210.47 port 53046 ssh2
Jun 23 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Connection closed by 103.5.210.47 port 53046 [preauth]
Jun 23 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: Failed password for root from 176.65.139.218 port 48344 ssh2
Jun 23 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: Connection closed by 176.65.139.218 port 48344 [preauth]
Jun 23 19:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: Failed password for invalid user ubuntu from 103.5.210.47 port 53052 ssh2
Jun 23 19:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: Connection closed by 103.5.210.47 port 53052 [preauth]
Jun 23 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10747]: Invalid user fox from 104.243.42.167
Jun 23 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10747]: input_userauth_request: invalid user fox [preauth]
Jun 23 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10747]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 19:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Failed password for invalid user ubuntu from 103.5.210.47 port 53056 ssh2
Jun 23 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10747]: Failed password for invalid user fox from 104.243.42.167 port 50272 ssh2
Jun 23 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9167]: pam_unix(cron:session): session closed for user root
Jun 23 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Connection closed by 103.5.210.47 port 53056 [preauth]
Jun 23 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10747]: Received disconnect from 104.243.42.167 port 50272:11: Bye Bye [preauth]
Jun 23 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10747]: Disconnected from 104.243.42.167 port 50272 [preauth]
Jun 23 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Failed password for invalid user ubuntu from 176.65.139.218 port 40894 ssh2
Jun 23 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Connection closed by 176.65.139.218 port 40894 [preauth]
Jun 23 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Failed password for invalid user ubuntu from 103.5.210.47 port 53064 ssh2
Jun 23 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Connection closed by 103.5.210.47 port 53064 [preauth]
Jun 23 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Invalid user appuser from 176.65.139.218
Jun 23 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: input_userauth_request: invalid user appuser [preauth]
Jun 23 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243  user=root
Jun 23 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Failed password for invalid user appuser from 176.65.139.218 port 51504 ssh2
Jun 23 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Connection closed by 176.65.139.218 port 51504 [preauth]
Jun 23 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: Failed password for invalid user ubuntu from 103.5.210.47 port 53074 ssh2
Jun 23 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: Connection closed by 103.5.210.47 port 53074 [preauth]
Jun 23 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Failed password for root from 115.178.75.243 port 56312 ssh2
Jun 23 19:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Received disconnect from 115.178.75.243 port 56312:11: Bye Bye [preauth]
Jun 23 19:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Disconnected from 115.178.75.243 port 56312 [preauth]
Jun 23 19:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Failed password for invalid user ubuntu from 103.5.210.47 port 53076 ssh2
Jun 23 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Connection closed by 103.5.210.47 port 53076 [preauth]
Jun 23 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Invalid user tester from 176.65.139.218
Jun 23 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: input_userauth_request: invalid user tester [preauth]
Jun 23 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Failed password for invalid user tester from 176.65.139.218 port 51540 ssh2
Jun 23 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Connection closed by 176.65.139.218 port 51540 [preauth]
Jun 23 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: Failed password for invalid user ubuntu from 103.5.210.47 port 53088 ssh2
Jun 23 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: Connection closed by 103.5.210.47 port 53088 [preauth]
Jun 23 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Failed password for invalid user ubuntu from 103.5.210.47 port 53098 ssh2
Jun 23 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10845]: Invalid user linuxuser from 176.65.139.218
Jun 23 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10845]: input_userauth_request: invalid user linuxuser [preauth]
Jun 23 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Connection closed by 103.5.210.47 port 53098 [preauth]
Jun 23 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10845]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10845]: Failed password for invalid user linuxuser from 176.65.139.218 port 50344 ssh2
Jun 23 19:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10845]: Connection closed by 176.65.139.218 port 50344 [preauth]
Jun 23 19:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: Failed password for invalid user ubuntu from 103.5.210.47 port 53104 ssh2
Jun 23 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: Connection closed by 103.5.210.47 port 53104 [preauth]
Jun 23 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Invalid user config from 176.65.139.218
Jun 23 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: input_userauth_request: invalid user config [preauth]
Jun 23 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: Failed password for invalid user ubuntu from 103.5.210.47 port 53120 ssh2
Jun 23 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: Connection closed by 103.5.210.47 port 53120 [preauth]
Jun 23 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Failed password for invalid user config from 176.65.139.218 port 50372 ssh2
Jun 23 19:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Connection closed by 176.65.139.218 port 50372 [preauth]
Jun 23 19:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Failed password for invalid user ubuntu from 103.5.210.47 port 53128 ssh2
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10875]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Connection closed by 103.5.210.47 port 53128 [preauth]
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10947]: Successful su for rubyman by root
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10947]: + ??? root:rubyman
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579278 of user rubyman.
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10947]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579278.
Jun 23 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: Invalid user root1 from 176.65.139.218
Jun 23 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: input_userauth_request: invalid user root1 [preauth]
Jun 23 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: Failed password for invalid user root1 from 176.65.139.218 port 54276 ssh2
Jun 23 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: Connection closed by 176.65.139.218 port 54276 [preauth]
Jun 23 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Failed password for invalid user ubuntu from 103.5.210.47 port 53136 ssh2
Jun 23 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Connection closed by 103.5.210.47 port 53136 [preauth]
Jun 23 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7750]: pam_unix(cron:session): session closed for user root
Jun 23 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10876]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251  user=root
Jun 23 19:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: Invalid user runner from 176.65.139.218
Jun 23 19:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: input_userauth_request: invalid user runner [preauth]
Jun 23 19:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: Failed password for invalid user ubuntu from 103.5.210.47 port 53146 ssh2
Jun 23 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: Connection closed by 103.5.210.47 port 53146 [preauth]
Jun 23 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Invalid user scan from 65.21.150.20
Jun 23 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: input_userauth_request: invalid user scan [preauth]
Jun 23 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Failed password for root from 95.58.255.251 port 60322 ssh2
Jun 23 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Received disconnect from 95.58.255.251 port 60322:11: Bye Bye [preauth]
Jun 23 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Disconnected from 95.58.255.251 port 60322 [preauth]
Jun 23 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: Failed password for invalid user runner from 176.65.139.218 port 48560 ssh2
Jun 23 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: Connection closed by 176.65.139.218 port 48560 [preauth]
Jun 23 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Failed password for invalid user scan from 65.21.150.20 port 43266 ssh2
Jun 23 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Received disconnect from 65.21.150.20 port 43266:11: Bye Bye [preauth]
Jun 23 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Disconnected from 65.21.150.20 port 43266 [preauth]
Jun 23 19:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Failed password for invalid user ubuntu from 103.5.210.47 port 53156 ssh2
Jun 23 19:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Connection closed by 103.5.210.47 port 53156 [preauth]
Jun 23 19:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11166]: Invalid user prefect from 176.65.139.218
Jun 23 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11166]: input_userauth_request: invalid user prefect [preauth]
Jun 23 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11166]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Failed password for invalid user ubuntu from 103.5.210.47 port 53166 ssh2
Jun 23 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Connection closed by 103.5.210.47 port 53166 [preauth]
Jun 23 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11166]: Failed password for invalid user prefect from 176.65.139.218 port 48612 ssh2
Jun 23 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11166]: Connection closed by 176.65.139.218 port 48612 [preauth]
Jun 23 19:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Failed password for invalid user ubuntu from 103.5.210.47 port 53172 ssh2
Jun 23 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Connection closed by 103.5.210.47 port 53172 [preauth]
Jun 23 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Jun 23 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: Failed password for invalid user ubuntu from 103.5.210.47 port 53204 ssh2
Jun 23 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: Connection closed by 103.5.210.47 port 53204 [preauth]
Jun 23 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Failed password for root from 176.65.139.218 port 53268 ssh2
Jun 23 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Connection closed by 176.65.139.218 port 53268 [preauth]
Jun 23 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: Failed password for root from 59.12.160.91 port 40654 ssh2
Jun 23 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: Received disconnect from 59.12.160.91 port 40654:11: Bye Bye [preauth]
Jun 23 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: Disconnected from 59.12.160.91 port 40654 [preauth]
Jun 23 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: Failed password for invalid user ubuntu from 103.5.210.47 port 53256 ssh2
Jun 23 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: Connection closed by 103.5.210.47 port 53256 [preauth]
Jun 23 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: Invalid user ubuntu from 103.5.210.47
Jun 23 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Invalid user kevin from 176.65.139.218
Jun 23 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: input_userauth_request: invalid user kevin [preauth]
Jun 23 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: Failed password for invalid user ubuntu from 103.5.210.47 port 53302 ssh2
Jun 23 19:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: Connection closed by 103.5.210.47 port 53302 [preauth]
Jun 23 19:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Failed password for invalid user kevin from 176.65.139.218 port 53286 ssh2
Jun 23 19:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Connection closed by 176.65.139.218 port 53286 [preauth]
Jun 23 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166  user=root
Jun 23 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: Failed password for root from 176.65.139.218 port 45578 ssh2
Jun 23 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: Connection closed by 176.65.139.218 port 45578 [preauth]
Jun 23 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9630]: pam_unix(cron:session): session closed for user root
Jun 23 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Invalid user debian from 103.5.210.47
Jun 23 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: Failed password for root from 104.208.108.166 port 34888 ssh2
Jun 23 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: Received disconnect from 104.208.108.166 port 34888:11: Bye Bye [preauth]
Jun 23 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: Disconnected from 104.208.108.166 port 34888 [preauth]
Jun 23 19:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Failed password for invalid user debian from 103.5.210.47 port 53396 ssh2
Jun 23 19:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Connection closed by 103.5.210.47 port 53396 [preauth]
Jun 23 19:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Invalid user data from 176.65.139.218
Jun 23 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: input_userauth_request: invalid user data [preauth]
Jun 23 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Invalid user debian from 103.5.210.47
Jun 23 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Failed password for invalid user data from 176.65.139.218 port 45634 ssh2
Jun 23 19:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Failed password for invalid user debian from 103.5.210.47 port 53406 ssh2
Jun 23 19:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Connection closed by 176.65.139.218 port 45634 [preauth]
Jun 23 19:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Connection closed by 103.5.210.47 port 53406 [preauth]
Jun 23 19:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Invalid user debian from 103.5.210.47
Jun 23 19:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Failed password for invalid user debian from 103.5.210.47 port 53422 ssh2
Jun 23 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: Invalid user cloud from 176.65.139.218
Jun 23 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: input_userauth_request: invalid user cloud [preauth]
Jun 23 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Connection closed by 103.5.210.47 port 53422 [preauth]
Jun 23 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Invalid user debian from 103.5.210.47
Jun 23 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: Failed password for invalid user cloud from 176.65.139.218 port 49638 ssh2
Jun 23 19:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: Connection closed by 176.65.139.218 port 49638 [preauth]
Jun 23 19:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Failed password for invalid user debian from 103.5.210.47 port 53440 ssh2
Jun 23 19:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Connection closed by 103.5.210.47 port 53440 [preauth]
Jun 23 19:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Invalid user debian from 103.5.210.47
Jun 23 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: Invalid user dspace from 176.65.139.218
Jun 23 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: input_userauth_request: invalid user dspace [preauth]
Jun 23 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Failed password for invalid user debian from 103.5.210.47 port 53454 ssh2
Jun 23 19:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Connection closed by 103.5.210.47 port 53454 [preauth]
Jun 23 19:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Invalid user debian from 103.5.210.47
Jun 23 19:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: Failed password for invalid user dspace from 176.65.139.218 port 40906 ssh2
Jun 23 19:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: Connection closed by 176.65.139.218 port 40906 [preauth]
Jun 23 19:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Failed password for invalid user debian from 103.5.210.47 port 53468 ssh2
Jun 23 19:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Connection closed by 103.5.210.47 port 53468 [preauth]
Jun 23 19:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Invalid user debian from 103.5.210.47
Jun 23 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: Invalid user hamed from 176.65.139.218
Jun 23 19:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: input_userauth_request: invalid user hamed [preauth]
Jun 23 19:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Failed password for invalid user debian from 103.5.210.47 port 53480 ssh2
Jun 23 19:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Connection closed by 103.5.210.47 port 53480 [preauth]
Jun 23 19:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: Failed password for invalid user hamed from 176.65.139.218 port 40968 ssh2
Jun 23 19:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11346]: Connection closed by 176.65.139.218 port 40968 [preauth]
Jun 23 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Invalid user debian from 103.5.210.47
Jun 23 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: Invalid user milad from 176.65.139.218
Jun 23 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: input_userauth_request: invalid user milad [preauth]
Jun 23 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Failed password for invalid user debian from 103.5.210.47 port 53490 ssh2
Jun 23 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Connection closed by 103.5.210.47 port 53490 [preauth]
Jun 23 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Invalid user debian from 103.5.210.47
Jun 23 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: Failed password for invalid user milad from 176.65.139.218 port 48608 ssh2
Jun 23 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: Connection closed by 176.65.139.218 port 48608 [preauth]
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11365]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: Successful su for rubyman by root
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: + ??? root:rubyman
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579283 of user rubyman.
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579283.
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Failed password for invalid user debian from 103.5.210.47 port 53506 ssh2
Jun 23 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Connection closed by 103.5.210.47 port 53506 [preauth]
Jun 23 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Invalid user debian from 103.5.210.47
Jun 23 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8240]: pam_unix(cron:session): session closed for user root
Jun 23 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Invalid user claude from 176.65.139.218
Jun 23 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: input_userauth_request: invalid user claude [preauth]
Jun 23 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Failed password for invalid user debian from 103.5.210.47 port 53528 ssh2
Jun 23 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Connection closed by 103.5.210.47 port 53528 [preauth]
Jun 23 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11366]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: Invalid user debian from 103.5.210.47
Jun 23 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Failed password for invalid user claude from 176.65.139.218 port 48666 ssh2
Jun 23 19:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Connection closed by 176.65.139.218 port 48666 [preauth]
Jun 23 19:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: Failed password for invalid user debian from 103.5.210.47 port 53542 ssh2
Jun 23 19:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11618]: Connection closed by 103.5.210.47 port 53542 [preauth]
Jun 23 19:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Invalid user debian from 103.5.210.47
Jun 23 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Invalid user main from 176.65.139.218
Jun 23 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: input_userauth_request: invalid user main [preauth]
Jun 23 19:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Failed password for invalid user debian from 103.5.210.47 port 53554 ssh2
Jun 23 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Connection closed by 103.5.210.47 port 53554 [preauth]
Jun 23 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Failed password for invalid user main from 176.65.139.218 port 41740 ssh2
Jun 23 19:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Connection closed by 176.65.139.218 port 41740 [preauth]
Jun 23 19:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Invalid user debian from 103.5.210.47
Jun 23 19:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Failed password for invalid user debian from 103.5.210.47 port 53566 ssh2
Jun 23 19:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Connection closed by 103.5.210.47 port 53566 [preauth]
Jun 23 19:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: Invalid user debian from 103.5.210.47
Jun 23 19:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11665]: Invalid user minecraft from 176.65.139.218
Jun 23 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11665]: input_userauth_request: invalid user minecraft [preauth]
Jun 23 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11665]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: Failed password for invalid user debian from 103.5.210.47 port 53580 ssh2
Jun 23 19:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: Connection closed by 103.5.210.47 port 53580 [preauth]
Jun 23 19:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: Invalid user webadmin from 59.12.160.91
Jun 23 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: input_userauth_request: invalid user webadmin [preauth]
Jun 23 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Invalid user debian from 103.5.210.47
Jun 23 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11665]: Failed password for invalid user minecraft from 176.65.139.218 port 41798 ssh2
Jun 23 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11665]: Connection closed by 176.65.139.218 port 41798 [preauth]
Jun 23 19:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: Failed password for invalid user webadmin from 59.12.160.91 port 60158 ssh2
Jun 23 19:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: Received disconnect from 59.12.160.91 port 60158:11: Bye Bye [preauth]
Jun 23 19:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11667]: Disconnected from 59.12.160.91 port 60158 [preauth]
Jun 23 19:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Failed password for invalid user debian from 103.5.210.47 port 53594 ssh2
Jun 23 19:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Connection closed by 103.5.210.47 port 53594 [preauth]
Jun 23 19:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Invalid user debian from 103.5.210.47
Jun 23 19:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Failed password for invalid user debian from 103.5.210.47 port 53600 ssh2
Jun 23 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Connection closed by 103.5.210.47 port 53600 [preauth]
Jun 23 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11708]: Invalid user debian from 103.5.210.47
Jun 23 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11708]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11708]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Failed password for root from 176.65.139.218 port 37368 ssh2
Jun 23 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Connection closed by 176.65.139.218 port 37368 [preauth]
Jun 23 19:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11708]: Failed password for invalid user debian from 103.5.210.47 port 53612 ssh2
Jun 23 19:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11708]: Connection closed by 103.5.210.47 port 53612 [preauth]
Jun 23 19:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Invalid user debian from 103.5.210.47
Jun 23 19:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: Invalid user alex from 176.65.139.218
Jun 23 19:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: input_userauth_request: invalid user alex [preauth]
Jun 23 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Failed password for invalid user debian from 103.5.210.47 port 53620 ssh2
Jun 23 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Connection closed by 103.5.210.47 port 53620 [preauth]
Jun 23 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: Failed password for invalid user alex from 176.65.139.218 port 44694 ssh2
Jun 23 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: Invalid user debian from 103.5.210.47
Jun 23 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: Connection closed by 176.65.139.218 port 44694 [preauth]
Jun 23 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: Failed password for invalid user debian from 103.5.210.47 port 53642 ssh2
Jun 23 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: Connection closed by 103.5.210.47 port 53642 [preauth]
Jun 23 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10364]: pam_unix(cron:session): session closed for user root
Jun 23 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167  user=root
Jun 23 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11752]: Invalid user debian from 103.5.210.47
Jun 23 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11752]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Invalid user test from 176.65.139.218
Jun 23 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: input_userauth_request: invalid user test [preauth]
Jun 23 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11752]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11750]: Failed password for root from 104.243.42.167 port 34266 ssh2
Jun 23 19:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11750]: Received disconnect from 104.243.42.167 port 34266:11: Bye Bye [preauth]
Jun 23 19:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11750]: Disconnected from 104.243.42.167 port 34266 [preauth]
Jun 23 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Failed password for invalid user test from 176.65.139.218 port 44758 ssh2
Jun 23 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11752]: Failed password for invalid user debian from 103.5.210.47 port 53658 ssh2
Jun 23 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Connection closed by 176.65.139.218 port 44758 [preauth]
Jun 23 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11752]: Connection closed by 103.5.210.47 port 53658 [preauth]
Jun 23 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Invalid user debian from 103.5.210.47
Jun 23 19:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Failed password for invalid user debian from 103.5.210.47 port 53670 ssh2
Jun 23 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Connection closed by 103.5.210.47 port 53670 [preauth]
Jun 23 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: Invalid user debian from 103.5.210.47
Jun 23 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Failed password for invalid user ubuntu from 176.65.139.218 port 58966 ssh2
Jun 23 19:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Connection closed by 176.65.139.218 port 58966 [preauth]
Jun 23 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: Failed password for invalid user debian from 103.5.210.47 port 53676 ssh2
Jun 23 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: Connection closed by 103.5.210.47 port 53676 [preauth]
Jun 23 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Invalid user debian from 103.5.210.47
Jun 23 19:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Failed password for invalid user debian from 103.5.210.47 port 53692 ssh2
Jun 23 19:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Connection closed by 103.5.210.47 port 53692 [preauth]
Jun 23 19:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Invalid user debian from 103.5.210.47
Jun 23 19:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11831]: Failed password for root from 176.65.139.218 port 59012 ssh2
Jun 23 19:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11831]: Connection closed by 176.65.139.218 port 59012 [preauth]
Jun 23 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Failed password for invalid user debian from 103.5.210.47 port 53704 ssh2
Jun 23 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Connection closed by 103.5.210.47 port 53704 [preauth]
Jun 23 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: Invalid user debian from 115.178.75.243
Jun 23 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: Invalid user debian from 103.5.210.47
Jun 23 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: Invalid user admin from 95.58.255.251
Jun 23 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: input_userauth_request: invalid user admin [preauth]
Jun 23 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251
Jun 23 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: Failed password for invalid user debian from 115.178.75.243 port 39356 ssh2
Jun 23 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: Received disconnect from 115.178.75.243 port 39356:11: Bye Bye [preauth]
Jun 23 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: Disconnected from 115.178.75.243 port 39356 [preauth]
Jun 23 19:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Invalid user user from 176.65.139.218
Jun 23 19:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: input_userauth_request: invalid user user [preauth]
Jun 23 19:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: Failed password for invalid user debian from 103.5.210.47 port 53712 ssh2
Jun 23 19:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: Failed password for invalid user admin from 95.58.255.251 port 38424 ssh2
Jun 23 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11847]: Connection closed by 103.5.210.47 port 53712 [preauth]
Jun 23 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: Received disconnect from 95.58.255.251 port 38424:11: Bye Bye [preauth]
Jun 23 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: Disconnected from 95.58.255.251 port 38424 [preauth]
Jun 23 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: Invalid user debian from 103.5.210.47
Jun 23 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Failed password for invalid user user from 176.65.139.218 port 50580 ssh2
Jun 23 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Connection closed by 176.65.139.218 port 50580 [preauth]
Jun 23 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: Failed password for invalid user debian from 103.5.210.47 port 53720 ssh2
Jun 23 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: Connection closed by 103.5.210.47 port 53720 [preauth]
Jun 23 19:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: Invalid user debian from 103.5.210.47
Jun 23 19:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: Invalid user gabriel from 176.65.139.218
Jun 23 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: input_userauth_request: invalid user gabriel [preauth]
Jun 23 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: Failed password for invalid user debian from 103.5.210.47 port 53732 ssh2
Jun 23 19:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11861]: Connection closed by 103.5.210.47 port 53732 [preauth]
Jun 23 19:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Invalid user debian from 103.5.210.47
Jun 23 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: Failed password for invalid user gabriel from 176.65.139.218 port 57714 ssh2
Jun 23 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: Connection closed by 176.65.139.218 port 57714 [preauth]
Jun 23 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11887]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Failed password for invalid user debian from 103.5.210.47 port 53748 ssh2
Jun 23 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11972]: Successful su for rubyman by root
Jun 23 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11972]: + ??? root:rubyman
Jun 23 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579286 of user rubyman.
Jun 23 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11972]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579286.
Jun 23 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Connection closed by 103.5.210.47 port 53748 [preauth]
Jun 23 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: Invalid user debian from 103.5.210.47
Jun 23 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: Invalid user admin1 from 176.65.139.218
Jun 23 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: input_userauth_request: invalid user admin1 [preauth]
Jun 23 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8703]: pam_unix(cron:session): session closed for user root
Jun 23 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: Failed password for invalid user debian from 103.5.210.47 port 53752 ssh2
Jun 23 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: Connection closed by 103.5.210.47 port 53752 [preauth]
Jun 23 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: Failed password for invalid user admin1 from 176.65.139.218 port 57810 ssh2
Jun 23 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11888]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: Connection closed by 176.65.139.218 port 57810 [preauth]
Jun 23 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Invalid user debian from 103.5.210.47
Jun 23 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Failed password for invalid user debian from 103.5.210.47 port 53768 ssh2
Jun 23 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Connection closed by 103.5.210.47 port 53768 [preauth]
Jun 23 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Invalid user debian from 103.5.210.47
Jun 23 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Invalid user testuser from 176.65.139.218
Jun 23 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: input_userauth_request: invalid user testuser [preauth]
Jun 23 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Failed password for invalid user debian from 103.5.210.47 port 53774 ssh2
Jun 23 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Connection closed by 103.5.210.47 port 53774 [preauth]
Jun 23 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Failed password for invalid user testuser from 176.65.139.218 port 46450 ssh2
Jun 23 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Connection closed by 176.65.139.218 port 46450 [preauth]
Jun 23 19:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: Invalid user debian from 103.5.210.47
Jun 23 19:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: Failed password for invalid user debian from 103.5.210.47 port 53786 ssh2
Jun 23 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: Connection closed by 103.5.210.47 port 53786 [preauth]
Jun 23 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: Invalid user superuser from 59.12.160.91
Jun 23 19:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: input_userauth_request: invalid user superuser [preauth]
Jun 23 19:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Jun 23 19:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20  user=root
Jun 23 19:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Invalid user debian from 103.5.210.47
Jun 23 19:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: Failed password for invalid user superuser from 59.12.160.91 port 51136 ssh2
Jun 23 19:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Failed password for root from 65.21.150.20 port 54646 ssh2
Jun 23 19:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: Received disconnect from 59.12.160.91 port 51136:11: Bye Bye [preauth]
Jun 23 19:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: Disconnected from 59.12.160.91 port 51136 [preauth]
Jun 23 19:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Received disconnect from 65.21.150.20 port 54646:11: Bye Bye [preauth]
Jun 23 19:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Disconnected from 65.21.150.20 port 54646 [preauth]
Jun 23 19:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Failed password for invalid user debian from 103.5.210.47 port 53800 ssh2
Jun 23 19:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Connection closed by 103.5.210.47 port 53800 [preauth]
Jun 23 19:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Failed password for root from 176.65.139.218 port 46516 ssh2
Jun 23 19:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: Invalid user debian from 103.5.210.47
Jun 23 19:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Connection closed by 176.65.139.218 port 46516 [preauth]
Jun 23 19:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: Failed password for invalid user debian from 103.5.210.47 port 53810 ssh2
Jun 23 19:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: Connection closed by 103.5.210.47 port 53810 [preauth]
Jun 23 19:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: Invalid user debian from 103.5.210.47
Jun 23 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: Failed password for invalid user debian from 103.5.210.47 port 53830 ssh2
Jun 23 19:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: Connection closed by 103.5.210.47 port 53830 [preauth]
Jun 23 19:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Invalid user debian from 103.5.210.47
Jun 23 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Failed password for root from 176.65.139.218 port 48234 ssh2
Jun 23 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Connection closed by 176.65.139.218 port 48234 [preauth]
Jun 23 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.208.108.166  user=root
Jun 23 19:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Failed password for invalid user debian from 103.5.210.47 port 53842 ssh2
Jun 23 19:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Connection closed by 103.5.210.47 port 53842 [preauth]
Jun 23 19:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Invalid user debian from 103.5.210.47
Jun 23 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Failed password for root from 104.208.108.166 port 31848 ssh2
Jun 23 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Received disconnect from 104.208.108.166 port 31848:11: Bye Bye [preauth]
Jun 23 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Disconnected from 104.208.108.166 port 31848 [preauth]
Jun 23 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Invalid user runner from 176.65.139.218
Jun 23 19:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: input_userauth_request: invalid user runner [preauth]
Jun 23 19:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Failed password for invalid user debian from 103.5.210.47 port 53852 ssh2
Jun 23 19:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Connection closed by 103.5.210.47 port 53852 [preauth]
Jun 23 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Failed password for invalid user runner from 176.65.139.218 port 52572 ssh2
Jun 23 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Invalid user debian from 103.5.210.47
Jun 23 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Connection closed by 176.65.139.218 port 52572 [preauth]
Jun 23 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10878]: pam_unix(cron:session): session closed for user root
Jun 23 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Failed password for invalid user debian from 103.5.210.47 port 53870 ssh2
Jun 23 19:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Connection closed by 103.5.210.47 port 53870 [preauth]
Jun 23 19:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: Invalid user debian from 103.5.210.47
Jun 23 19:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: Invalid user ftpuser from 176.65.139.218
Jun 23 19:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 19:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: Failed password for invalid user debian from 103.5.210.47 port 53882 ssh2
Jun 23 19:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: Connection closed by 103.5.210.47 port 53882 [preauth]
Jun 23 19:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: Failed password for invalid user ftpuser from 176.65.139.218 port 52638 ssh2
Jun 23 19:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: Connection closed by 176.65.139.218 port 52638 [preauth]
Jun 23 19:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Invalid user debian from 103.5.210.47
Jun 23 19:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Failed password for invalid user debian from 103.5.210.47 port 53902 ssh2
Jun 23 19:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Connection closed by 103.5.210.47 port 53902 [preauth]
Jun 23 19:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: User john from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 19:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: input_userauth_request: invalid user john [preauth]
Jun 23 19:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Invalid user debian from 103.5.210.47
Jun 23 19:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=john
Jun 23 19:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: Failed password for invalid user john from 176.65.139.218 port 38462 ssh2
Jun 23 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Failed password for invalid user debian from 103.5.210.47 port 53914 ssh2
Jun 23 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: Connection closed by 176.65.139.218 port 38462 [preauth]
Jun 23 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Connection closed by 103.5.210.47 port 53914 [preauth]
Jun 23 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Invalid user debian from 103.5.210.47
Jun 23 19:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Failed password for invalid user debian from 103.5.210.47 port 53922 ssh2
Jun 23 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Connection closed by 103.5.210.47 port 53922 [preauth]
Jun 23 19:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: Invalid user test from 176.65.139.218
Jun 23 19:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: input_userauth_request: invalid user test [preauth]
Jun 23 19:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: Invalid user debian from 103.5.210.47
Jun 23 19:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: Failed password for invalid user debian from 103.5.210.47 port 53940 ssh2
Jun 23 19:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: Connection closed by 103.5.210.47 port 53940 [preauth]
Jun 23 19:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: Failed password for invalid user test from 176.65.139.218 port 53802 ssh2
Jun 23 19:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: Connection closed by 176.65.139.218 port 53802 [preauth]
Jun 23 19:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: Invalid user debian from 103.5.210.47
Jun 23 19:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: Failed password for invalid user debian from 103.5.210.47 port 53946 ssh2
Jun 23 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: Connection closed by 103.5.210.47 port 53946 [preauth]
Jun 23 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Invalid user avax from 176.65.139.218
Jun 23 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: input_userauth_request: invalid user avax [preauth]
Jun 23 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: Invalid user debian from 103.5.210.47
Jun 23 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Failed password for invalid user avax from 176.65.139.218 port 53858 ssh2
Jun 23 19:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Connection closed by 176.65.139.218 port 53858 [preauth]
Jun 23 19:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: Failed password for invalid user debian from 103.5.210.47 port 53976 ssh2
Jun 23 19:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: Connection closed by 103.5.210.47 port 53976 [preauth]
Jun 23 19:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: Invalid user debian from 103.5.210.47
Jun 23 19:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: Failed password for invalid user debian from 103.5.210.47 port 53994 ssh2
Jun 23 19:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: Connection closed by 103.5.210.47 port 53994 [preauth]
Jun 23 19:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Invalid user debian from 103.5.210.47
Jun 23 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Invalid user ubuntu from 176.65.139.218
Jun 23 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session closed for user p13x
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12555]: Successful su for rubyman by root
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12555]: + ??? root:rubyman
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579291 of user rubyman.
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12555]: pam_unix(su:session): session closed for user rubyman
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579291.
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Failed password for invalid user ubuntu from 176.65.139.218 port 44186 ssh2
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Failed password for invalid user debian from 103.5.210.47 port 54008 ssh2
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Connection closed by 176.65.139.218 port 44186 [preauth]
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Connection closed by 103.5.210.47 port 54008 [preauth]
Jun 23 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: Invalid user debian from 103.5.210.47
Jun 23 19:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9166]: pam_unix(cron:session): session closed for user root
Jun 23 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: Failed password for invalid user debian from 103.5.210.47 port 54014 ssh2
Jun 23 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: Connection closed by 103.5.210.47 port 54014 [preauth]
Jun 23 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session closed for user samftp
Jun 23 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Invalid user debian from 103.5.210.47
Jun 23 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Invalid user deploy from 176.65.139.218
Jun 23 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Failed password for invalid user debian from 103.5.210.47 port 54034 ssh2
Jun 23 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Failed password for invalid user deploy from 176.65.139.218 port 55616 ssh2
Jun 23 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Connection closed by 103.5.210.47 port 54034 [preauth]
Jun 23 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Connection closed by 176.65.139.218 port 55616 [preauth]
Jun 23 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: Invalid user debian from 103.5.210.47
Jun 23 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Jun 23 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: Failed password for invalid user debian from 103.5.210.47 port 54054 ssh2
Jun 23 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: Connection closed by 103.5.210.47 port 54054 [preauth]
Jun 23 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: Invalid user debian from 103.5.210.47
Jun 23 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: Failed password for root from 59.12.160.91 port 42006 ssh2
Jun 23 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Invalid user kingbase from 176.65.139.218
Jun 23 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: input_userauth_request: invalid user kingbase [preauth]
Jun 23 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: Received disconnect from 59.12.160.91 port 42006:11: Bye Bye [preauth]
Jun 23 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: Disconnected from 59.12.160.91 port 42006 [preauth]
Jun 23 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: Failed password for invalid user debian from 103.5.210.47 port 54066 ssh2
Jun 23 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12767]: Connection closed by 103.5.210.47 port 54066 [preauth]
Jun 23 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Failed password for invalid user kingbase from 176.65.139.218 port 55694 ssh2
Jun 23 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Connection closed by 176.65.139.218 port 55694 [preauth]
Jun 23 19:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: Invalid user debian from 103.5.210.47
Jun 23 19:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: Failed password for invalid user debian from 103.5.210.47 port 54084 ssh2
Jun 23 19:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: Connection closed by 103.5.210.47 port 54084 [preauth]
Jun 23 19:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Invalid user debian from 103.5.210.47
Jun 23 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Invalid user prem from 176.65.139.218
Jun 23 19:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: input_userauth_request: invalid user prem [preauth]
Jun 23 19:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Failed password for invalid user debian from 103.5.210.47 port 54108 ssh2
Jun 23 19:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Connection closed by 103.5.210.47 port 54108 [preauth]
Jun 23 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Failed password for invalid user prem from 176.65.139.218 port 60740 ssh2
Jun 23 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Connection closed by 176.65.139.218 port 60740 [preauth]
Jun 23 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Invalid user debian from 103.5.210.47
Jun 23 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Failed password for invalid user debian from 103.5.210.47 port 54124 ssh2
Jun 23 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Connection closed by 103.5.210.47 port 54124 [preauth]
Jun 23 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Invalid user debian from 103.5.210.47
Jun 23 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Invalid user system from 176.65.139.218
Jun 23 19:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: input_userauth_request: invalid user system [preauth]
Jun 23 19:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Failed password for invalid user debian from 103.5.210.47 port 54134 ssh2
Jun 23 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Connection closed by 103.5.210.47 port 54134 [preauth]
Jun 23 19:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Failed password for invalid user system from 176.65.139.218 port 56460 ssh2
Jun 23 19:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Connection closed by 176.65.139.218 port 56460 [preauth]
Jun 23 19:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: Invalid user debian from 103.5.210.47
Jun 23 19:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Invalid user cmsadmin from 104.243.42.167
Jun 23 19:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: input_userauth_request: invalid user cmsadmin [preauth]
Jun 23 19:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 19:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: Failed password for invalid user debian from 103.5.210.47 port 54152 ssh2
Jun 23 19:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: Connection closed by 103.5.210.47 port 54152 [preauth]
Jun 23 19:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Failed password for invalid user cmsadmin from 104.243.42.167 port 42104 ssh2
Jun 23 19:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Received disconnect from 104.243.42.167 port 42104:11: Bye Bye [preauth]
Jun 23 19:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Disconnected from 104.243.42.167 port 42104 [preauth]
Jun 23 19:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: Invalid user debian from 103.5.210.47
Jun 23 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session closed for user root
Jun 23 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Invalid user user1 from 176.65.139.218
Jun 23 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: input_userauth_request: invalid user user1 [preauth]
Jun 23 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.255.251  user=root
Jun 23 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Received disconnect from 86.111.176.100 port 35138:11: disconnected by user [preauth]
Jun 23 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Disconnected from 86.111.176.100 port 35138 [preauth]
Jun 23 19:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: Failed password for invalid user debian from 103.5.210.47 port 54164 ssh2
Jun 23 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: Connection closed by 103.5.210.47 port 54164 [preauth]
Jun 23 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Failed password for invalid user user1 from 176.65.139.218 port 56542 ssh2
Jun 23 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Failed password for root from 95.58.255.251 port 57640 ssh2
Jun 23 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Connection closed by 176.65.139.218 port 56542 [preauth]
Jun 23 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Received disconnect from 95.58.255.251 port 57640:11: Bye Bye [preauth]
Jun 23 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Disconnected from 95.58.255.251 port 57640 [preauth]
Jun 23 19:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Invalid user debian from 103.5.210.47
Jun 23 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Invalid user deploy from 176.65.139.218
Jun 23 19:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: input_userauth_request: invalid user deploy [preauth]
Jun 23 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Failed password for invalid user debian from 103.5.210.47 port 54174 ssh2
Jun 23 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Connection closed by 103.5.210.47 port 54174 [preauth]
Jun 23 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: Invalid user debian from 103.5.210.47
Jun 23 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Failed password for invalid user deploy from 176.65.139.218 port 54840 ssh2
Jun 23 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Connection closed by 176.65.139.218 port 54840 [preauth]
Jun 23 19:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: Failed password for invalid user debian from 103.5.210.47 port 54186 ssh2
Jun 23 19:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: Connection closed by 103.5.210.47 port 54186 [preauth]
Jun 23 19:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Invalid user debian from 103.5.210.47
Jun 23 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: Invalid user chris from 176.65.139.218
Jun 23 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: input_userauth_request: invalid user chris [preauth]
Jun 23 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Failed password for invalid user debian from 103.5.210.47 port 54198 ssh2
Jun 23 19:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Connection closed by 103.5.210.47 port 54198 [preauth]
Jun 23 19:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: Failed password for invalid user chris from 176.65.139.218 port 54892 ssh2
Jun 23 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Invalid user debian from 103.5.210.47
Jun 23 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: Connection closed by 176.65.139.218 port 54892 [preauth]
Jun 23 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: Failed password for root from 103.27.238.116 port 45204 ssh2
Jun 23 19:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: Connection closed by 103.27.238.116 port 45204 [preauth]
Jun 23 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Failed password for invalid user debian from 103.5.210.47 port 54210 ssh2
Jun 23 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Connection closed by 103.5.210.47 port 54210 [preauth]
Jun 23 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Invalid user debian from 103.5.210.47
Jun 23 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: Invalid user systemd from 176.65.139.218
Jun 23 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: input_userauth_request: invalid user systemd [preauth]
Jun 23 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 19:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Failed password for invalid user debian from 103.5.210.47 port 54224 ssh2
Jun 23 19:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Connection closed by 103.5.210.47 port 54224 [preauth]
Jun 23 19:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Invalid user debian from 103.5.210.47
Jun 23 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: Failed password for invalid user systemd from 176.65.139.218 port 51566 ssh2
Jun 23 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: Connection closed by 176.65.139.218 port 51566 [preauth]
Jun 23 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Failed password for invalid user debian from 103.5.210.47 port 54238 ssh2
Jun 23 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Connection closed by 103.5.210.47 port 54238 [preauth]
Jun 23 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Invalid user administrator from 115.178.75.243
Jun 23 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: input_userauth_request: invalid user administrator [preauth]
Jun 23 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Invalid user debian from 103.5.210.47
Jun 23 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: input_userauth_request: invalid user debian [preauth]
Jun 23 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 19:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 19:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Failed password for invalid user administrator from 115.178.75.243 port 50628 ssh2
Jun 23 20:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Received disconnect from 115.178.75.243 port 50628:11: Bye Bye [preauth]
Jun 23 20:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Disconnected from 115.178.75.243 port 50628 [preauth]
Jun 23 20:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Failed password for invalid user debian from 103.5.210.47 port 54250 ssh2
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Connection closed by 103.5.210.47 port 54250 [preauth]
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12980]: pam_unix(cron:session): session closed for user root
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12976]: pam_unix(cron:session): session closed for user root
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12974]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Failed password for root from 176.65.139.218 port 41352 ssh2
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Connection closed by 176.65.139.218 port 41352 [preauth]
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13069]: Successful su for rubyman by root
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13069]: + ??? root:rubyman
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579294 of user rubyman.
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13069]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579294.
Jun 23 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Invalid user debian from 103.5.210.47
Jun 23 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Failed password for invalid user debian from 103.5.210.47 port 54270 ssh2
Jun 23 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Connection closed by 103.5.210.47 port 54270 [preauth]
Jun 23 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12977]: pam_unix(cron:session): session closed for user root
Jun 23 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9629]: pam_unix(cron:session): session closed for user root
Jun 23 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: Invalid user debian from 103.5.210.47
Jun 23 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: Invalid user server from 176.65.139.218
Jun 23 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: input_userauth_request: invalid user server [preauth]
Jun 23 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: Failed password for invalid user debian from 103.5.210.47 port 54284 ssh2
Jun 23 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: Connection closed by 103.5.210.47 port 54284 [preauth]
Jun 23 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: Failed password for invalid user server from 176.65.139.218 port 41410 ssh2
Jun 23 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: Connection closed by 176.65.139.218 port 41410 [preauth]
Jun 23 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Invalid user debian from 103.5.210.47
Jun 23 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Failed password for invalid user debian from 103.5.210.47 port 54298 ssh2
Jun 23 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Connection closed by 103.5.210.47 port 54298 [preauth]
Jun 23 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13319]: Invalid user deployer from 176.65.139.218
Jun 23 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13319]: input_userauth_request: invalid user deployer [preauth]
Jun 23 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13319]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: Invalid user debian from 103.5.210.47
Jun 23 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13319]: Failed password for invalid user deployer from 176.65.139.218 port 44268 ssh2
Jun 23 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13319]: Connection closed by 176.65.139.218 port 44268 [preauth]
Jun 23 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: Failed password for invalid user debian from 103.5.210.47 port 54320 ssh2
Jun 23 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: Connection closed by 103.5.210.47 port 54320 [preauth]
Jun 23 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Invalid user debian from 103.5.210.47
Jun 23 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Invalid user jenkins from 176.65.139.218
Jun 23 20:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 20:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Failed password for invalid user debian from 103.5.210.47 port 54328 ssh2
Jun 23 20:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Connection closed by 103.5.210.47 port 54328 [preauth]
Jun 23 20:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Invalid user debian from 103.5.210.47
Jun 23 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Failed password for invalid user jenkins from 176.65.139.218 port 35382 ssh2
Jun 23 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Connection closed by 176.65.139.218 port 35382 [preauth]
Jun 23 20:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Failed password for invalid user debian from 103.5.210.47 port 54336 ssh2
Jun 23 20:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Connection closed by 103.5.210.47 port 54336 [preauth]
Jun 23 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Invalid user debian from 103.5.210.47
Jun 23 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Invalid user yan from 65.21.150.20
Jun 23 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: input_userauth_request: invalid user yan [preauth]
Jun 23 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: User vncuser from 176.65.139.218 not allowed because not listed in AllowUsers
Jun 23 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: input_userauth_request: invalid user vncuser [preauth]
Jun 23 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=vncuser
Jun 23 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Failed password for invalid user debian from 103.5.210.47 port 54346 ssh2
Jun 23 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Connection closed by 103.5.210.47 port 54346 [preauth]
Jun 23 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: Failed password for invalid user vncuser from 176.65.139.218 port 35420 ssh2
Jun 23 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: Connection closed by 176.65.139.218 port 35420 [preauth]
Jun 23 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Failed password for invalid user yan from 65.21.150.20 port 47170 ssh2
Jun 23 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Received disconnect from 65.21.150.20 port 47170:11: Bye Bye [preauth]
Jun 23 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Disconnected from 65.21.150.20 port 47170 [preauth]
Jun 23 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Invalid user debian from 103.5.210.47
Jun 23 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Failed password for invalid user debian from 103.5.210.47 port 54362 ssh2
Jun 23 20:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Connection closed by 103.5.210.47 port 54362 [preauth]
Jun 23 20:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: Invalid user dev from 176.65.139.218
Jun 23 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: input_userauth_request: invalid user dev [preauth]
Jun 23 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Invalid user debian from 103.5.210.47
Jun 23 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: Failed password for invalid user dev from 176.65.139.218 port 54542 ssh2
Jun 23 20:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: Connection closed by 176.65.139.218 port 54542 [preauth]
Jun 23 20:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Failed password for invalid user debian from 103.5.210.47 port 54376 ssh2
Jun 23 20:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Connection closed by 103.5.210.47 port 54376 [preauth]
Jun 23 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11890]: pam_unix(cron:session): session closed for user root
Jun 23 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Invalid user debian from 103.5.210.47
Jun 23 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Failed password for invalid user debian from 103.5.210.47 port 54388 ssh2
Jun 23 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Connection closed by 103.5.210.47 port 54388 [preauth]
Jun 23 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: Invalid user oscar from 176.65.139.218
Jun 23 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: input_userauth_request: invalid user oscar [preauth]
Jun 23 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13466]: Invalid user debian from 103.5.210.47
Jun 23 20:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13466]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13466]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: Failed password for invalid user oscar from 176.65.139.218 port 54596 ssh2
Jun 23 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: Connection closed by 176.65.139.218 port 54596 [preauth]
Jun 23 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13466]: Failed password for invalid user debian from 103.5.210.47 port 54394 ssh2
Jun 23 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13466]: Connection closed by 103.5.210.47 port 54394 [preauth]
Jun 23 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: Invalid user debian from 103.5.210.47
Jun 23 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Invalid user postgres from 176.65.139.218
Jun 23 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: input_userauth_request: invalid user postgres [preauth]
Jun 23 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: Failed password for invalid user debian from 103.5.210.47 port 54406 ssh2
Jun 23 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: Connection closed by 103.5.210.47 port 54406 [preauth]
Jun 23 20:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Invalid user debian from 103.5.210.47
Jun 23 20:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Failed password for invalid user postgres from 176.65.139.218 port 57776 ssh2
Jun 23 20:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Connection closed by 176.65.139.218 port 57776 [preauth]
Jun 23 20:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Failed password for invalid user debian from 103.5.210.47 port 54422 ssh2
Jun 23 20:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Connection closed by 103.5.210.47 port 54422 [preauth]
Jun 23 20:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13504]: Invalid user debian from 103.5.210.47
Jun 23 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13504]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13504]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Invalid user administrator from 176.65.139.218
Jun 23 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: input_userauth_request: invalid user administrator [preauth]
Jun 23 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13504]: Failed password for invalid user debian from 103.5.210.47 port 54434 ssh2
Jun 23 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13504]: Connection closed by 103.5.210.47 port 54434 [preauth]
Jun 23 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Invalid user debian from 103.5.210.47
Jun 23 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Failed password for invalid user administrator from 176.65.139.218 port 55314 ssh2
Jun 23 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Connection closed by 176.65.139.218 port 55314 [preauth]
Jun 23 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Failed password for invalid user debian from 103.5.210.47 port 54448 ssh2
Jun 23 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Connection closed by 103.5.210.47 port 54448 [preauth]
Jun 23 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: Invalid user debian from 103.5.210.47
Jun 23 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: Failed password for root from 176.65.139.218 port 55366 ssh2
Jun 23 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: Connection closed by 176.65.139.218 port 55366 [preauth]
Jun 23 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: Failed password for invalid user debian from 103.5.210.47 port 54456 ssh2
Jun 23 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: Connection closed by 103.5.210.47 port 54456 [preauth]
Jun 23 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Invalid user debian from 103.5.210.47
Jun 23 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Failed password for invalid user debian from 103.5.210.47 port 54478 ssh2
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Connection closed by 103.5.210.47 port 54478 [preauth]
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13537]: Invalid user guest from 176.65.139.218
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13537]: input_userauth_request: invalid user guest [preauth]
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13537]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13619]: Successful su for rubyman by root
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13619]: + ??? root:rubyman
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579301 of user rubyman.
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13619]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579301.
Jun 23 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Invalid user debian from 103.5.210.47
Jun 23 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13537]: Failed password for invalid user guest from 176.65.139.218 port 56574 ssh2
Jun 23 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13537]: Connection closed by 176.65.139.218 port 56574 [preauth]
Jun 23 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Failed password for invalid user debian from 103.5.210.47 port 54490 ssh2
Jun 23 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Connection closed by 103.5.210.47 port 54490 [preauth]
Jun 23 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10363]: pam_unix(cron:session): session closed for user root
Jun 23 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: Invalid user nexus from 176.65.139.218
Jun 23 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: input_userauth_request: invalid user nexus [preauth]
Jun 23 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: Failed password for invalid user nexus from 176.65.139.218 port 51426 ssh2
Jun 23 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: Connection closed by 176.65.139.218 port 51426 [preauth]
Jun 23 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13812]: Invalid user admin from 103.5.210.47
Jun 23 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13812]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13812]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13812]: Failed password for invalid user admin from 103.5.210.47 port 54518 ssh2
Jun 23 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13812]: Connection closed by 103.5.210.47 port 54518 [preauth]
Jun 23 20:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: Invalid user admin from 103.5.210.47
Jun 23 20:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: Failed password for root from 176.65.139.218 port 51466 ssh2
Jun 23 20:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: Connection closed by 176.65.139.218 port 51466 [preauth]
Jun 23 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: Failed password for invalid user admin from 103.5.210.47 port 54532 ssh2
Jun 23 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: Connection closed by 103.5.210.47 port 54532 [preauth]
Jun 23 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Invalid user admin from 103.5.210.47
Jun 23 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Invalid user odoo18 from 176.65.139.218
Jun 23 20:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: input_userauth_request: invalid user odoo18 [preauth]
Jun 23 20:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Failed password for invalid user admin from 103.5.210.47 port 54546 ssh2
Jun 23 20:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Connection closed by 103.5.210.47 port 54546 [preauth]
Jun 23 20:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Failed password for invalid user odoo18 from 176.65.139.218 port 56332 ssh2
Jun 23 20:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Connection closed by 176.65.139.218 port 56332 [preauth]
Jun 23 20:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: Invalid user admin from 103.5.210.47
Jun 23 20:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: Failed password for invalid user admin from 103.5.210.47 port 54566 ssh2
Jun 23 20:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: Connection closed by 103.5.210.47 port 54566 [preauth]
Jun 23 20:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Invalid user www from 176.65.139.218
Jun 23 20:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: input_userauth_request: invalid user www [preauth]
Jun 23 20:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: Invalid user admin from 103.5.210.47
Jun 23 20:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Failed password for invalid user www from 176.65.139.218 port 56404 ssh2
Jun 23 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: Failed password for invalid user admin from 103.5.210.47 port 54576 ssh2
Jun 23 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Connection closed by 176.65.139.218 port 56404 [preauth]
Jun 23 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: Connection closed by 103.5.210.47 port 54576 [preauth]
Jun 23 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13891]: Invalid user admin from 103.5.210.47
Jun 23 20:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13891]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13891]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: Failed password for root from 109.237.96.109 port 59504 ssh2
Jun 23 20:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: Connection closed by 109.237.96.109 port 59504 [preauth]
Jun 23 20:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Invalid user at from 104.243.42.167
Jun 23 20:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: input_userauth_request: invalid user at [preauth]
Jun 23 20:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13891]: Failed password for invalid user admin from 103.5.210.47 port 54592 ssh2
Jun 23 20:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13891]: Connection closed by 103.5.210.47 port 54592 [preauth]
Jun 23 20:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Invalid user hadoop from 176.65.139.218
Jun 23 20:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 20:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Invalid user admin from 103.5.210.47
Jun 23 20:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Failed password for invalid user at from 104.243.42.167 port 41740 ssh2
Jun 23 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Received disconnect from 104.243.42.167 port 41740:11: Bye Bye [preauth]
Jun 23 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13893]: Disconnected from 104.243.42.167 port 41740 [preauth]
Jun 23 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session closed for user root
Jun 23 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Failed password for invalid user hadoop from 176.65.139.218 port 43642 ssh2
Jun 23 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Connection closed by 176.65.139.218 port 43642 [preauth]
Jun 23 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Failed password for invalid user admin from 103.5.210.47 port 54610 ssh2
Jun 23 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Connection closed by 103.5.210.47 port 54610 [preauth]
Jun 23 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Invalid user admin from 103.5.210.47
Jun 23 20:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13943]: Invalid user user2 from 176.65.139.218
Jun 23 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13943]: input_userauth_request: invalid user user2 [preauth]
Jun 23 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13943]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Failed password for invalid user admin from 103.5.210.47 port 54624 ssh2
Jun 23 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Connection closed by 103.5.210.47 port 54624 [preauth]
Jun 23 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Invalid user admin from 103.5.210.47
Jun 23 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13943]: Failed password for invalid user user2 from 176.65.139.218 port 45628 ssh2
Jun 23 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: Failed password for root from 194.113.233.25 port 48720 ssh2
Jun 23 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13943]: Connection closed by 176.65.139.218 port 45628 [preauth]
Jun 23 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: Connection closed by 194.113.233.25 port 48720 [preauth]
Jun 23 20:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Failed password for invalid user admin from 103.5.210.47 port 54638 ssh2
Jun 23 20:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Connection closed by 103.5.210.47 port 54638 [preauth]
Jun 23 20:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Invalid user admin from 103.5.210.47
Jun 23 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: Invalid user ubuntu from 176.65.139.218
Jun 23 20:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 20:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Failed password for invalid user admin from 103.5.210.47 port 54660 ssh2
Jun 23 20:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Connection closed by 103.5.210.47 port 54660 [preauth]
Jun 23 20:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: Failed password for invalid user ubuntu from 176.65.139.218 port 45698 ssh2
Jun 23 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13975]: Connection closed by 176.65.139.218 port 45698 [preauth]
Jun 23 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Invalid user admin from 103.5.210.47
Jun 23 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Failed password for invalid user admin from 103.5.210.47 port 54674 ssh2
Jun 23 20:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Connection closed by 103.5.210.47 port 54674 [preauth]
Jun 23 20:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: Invalid user user3 from 176.65.139.218
Jun 23 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: input_userauth_request: invalid user user3 [preauth]
Jun 23 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Invalid user admin from 103.5.210.47
Jun 23 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: Failed password for invalid user user3 from 176.65.139.218 port 45718 ssh2
Jun 23 20:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for invalid user admin from 103.5.210.47 port 54686 ssh2
Jun 23 20:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: Connection closed by 176.65.139.218 port 45718 [preauth]
Jun 23 20:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Connection closed by 103.5.210.47 port 54686 [preauth]
Jun 23 20:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Invalid user admin from 103.5.210.47
Jun 23 20:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Failed password for invalid user admin from 103.5.210.47 port 54698 ssh2
Jun 23 20:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Connection closed by 103.5.210.47 port 54698 [preauth]
Jun 23 20:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: Invalid user ubuntu from 176.65.139.218
Jun 23 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Invalid user admin from 103.5.210.47
Jun 23 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: Failed password for invalid user ubuntu from 176.65.139.218 port 44348 ssh2
Jun 23 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Failed password for invalid user admin from 103.5.210.47 port 54716 ssh2
Jun 23 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: Connection closed by 176.65.139.218 port 44348 [preauth]
Jun 23 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Connection closed by 103.5.210.47 port 54716 [preauth]
Jun 23 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14082]: Successful su for rubyman by root
Jun 23 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14082]: + ??? root:rubyman
Jun 23 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579307 of user rubyman.
Jun 23 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14082]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579307.
Jun 23 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: Invalid user admin from 103.5.210.47
Jun 23 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: Invalid user deploy from 176.65.139.218
Jun 23 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: input_userauth_request: invalid user deploy [preauth]
Jun 23 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: Failed password for invalid user admin from 103.5.210.47 port 54732 ssh2
Jun 23 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10877]: pam_unix(cron:session): session closed for user root
Jun 23 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: Connection closed by 103.5.210.47 port 54732 [preauth]
Jun 23 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14236]: Invalid user admin from 103.5.210.47
Jun 23 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14236]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14236]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: Failed password for invalid user deploy from 176.65.139.218 port 44388 ssh2
Jun 23 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: Connection closed by 176.65.139.218 port 44388 [preauth]
Jun 23 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14025]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14236]: Failed password for invalid user admin from 103.5.210.47 port 54742 ssh2
Jun 23 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14236]: Connection closed by 103.5.210.47 port 54742 [preauth]
Jun 23 20:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Invalid user admin from 103.5.210.47
Jun 23 20:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Invalid user clawdbot from 176.65.139.218
Jun 23 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: input_userauth_request: invalid user clawdbot [preauth]
Jun 23 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: Invalid user pymes from 115.178.75.243
Jun 23 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: input_userauth_request: invalid user pymes [preauth]
Jun 23 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Failed password for invalid user admin from 103.5.210.47 port 54750 ssh2
Jun 23 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Connection closed by 103.5.210.47 port 54750 [preauth]
Jun 23 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Invalid user admin from 103.5.210.47
Jun 23 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Failed password for invalid user clawdbot from 176.65.139.218 port 33308 ssh2
Jun 23 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Connection closed by 176.65.139.218 port 33308 [preauth]
Jun 23 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: Failed password for invalid user pymes from 115.178.75.243 port 33676 ssh2
Jun 23 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: Received disconnect from 115.178.75.243 port 33676:11: Bye Bye [preauth]
Jun 23 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: Disconnected from 115.178.75.243 port 33676 [preauth]
Jun 23 20:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Failed password for invalid user admin from 103.5.210.47 port 54766 ssh2
Jun 23 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Invalid user elastic from 176.65.139.218
Jun 23 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: input_userauth_request: invalid user elastic [preauth]
Jun 23 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Connection closed by 103.5.210.47 port 54766 [preauth]
Jun 23 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: Invalid user admin from 103.5.210.47
Jun 23 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Failed password for invalid user elastic from 176.65.139.218 port 33382 ssh2
Jun 23 20:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Connection closed by 176.65.139.218 port 33382 [preauth]
Jun 23 20:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: Failed password for invalid user admin from 103.5.210.47 port 54784 ssh2
Jun 23 20:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: Connection closed by 103.5.210.47 port 54784 [preauth]
Jun 23 20:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: Invalid user admin from 103.5.210.47
Jun 23 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: Invalid user drcomadmin from 176.65.139.218
Jun 23 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 23 20:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: Failed password for invalid user admin from 103.5.210.47 port 54800 ssh2
Jun 23 20:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: Connection closed by 103.5.210.47 port 54800 [preauth]
Jun 23 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: Failed password for invalid user drcomadmin from 176.65.139.218 port 37234 ssh2
Jun 23 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: Connection closed by 176.65.139.218 port 37234 [preauth]
Jun 23 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Invalid user admin from 103.5.210.47
Jun 23 20:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Invalid user dev from 176.65.139.218
Jun 23 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: input_userauth_request: invalid user dev [preauth]
Jun 23 20:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Failed password for invalid user admin from 103.5.210.47 port 54810 ssh2
Jun 23 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Connection closed by 103.5.210.47 port 54810 [preauth]
Jun 23 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Failed password for invalid user dev from 176.65.139.218 port 37284 ssh2
Jun 23 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Connection closed by 176.65.139.218 port 37284 [preauth]
Jun 23 20:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: Invalid user admin from 103.5.210.47
Jun 23 20:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: Failed password for invalid user admin from 103.5.210.47 port 54830 ssh2
Jun 23 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Invalid user debian from 176.65.139.218
Jun 23 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: Connection closed by 103.5.210.47 port 54830 [preauth]
Jun 23 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Invalid user admin from 103.5.210.47
Jun 23 20:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Failed password for invalid user debian from 176.65.139.218 port 53166 ssh2
Jun 23 20:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Connection closed by 176.65.139.218 port 53166 [preauth]
Jun 23 20:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Failed password for invalid user admin from 103.5.210.47 port 54846 ssh2
Jun 23 20:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Connection closed by 103.5.210.47 port 54846 [preauth]
Jun 23 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Invalid user admin from 103.5.210.47
Jun 23 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Invalid user tpaterni from 65.21.150.20
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: input_userauth_request: invalid user tpaterni [preauth]
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: Invalid user elasticsearch from 176.65.139.218
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12979]: pam_unix(cron:session): session closed for user root
Jun 23 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Failed password for invalid user admin from 103.5.210.47 port 54856 ssh2
Jun 23 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Connection closed by 103.5.210.47 port 54856 [preauth]
Jun 23 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Failed password for invalid user tpaterni from 65.21.150.20 port 44276 ssh2
Jun 23 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: Failed password for invalid user elasticsearch from 176.65.139.218 port 53198 ssh2
Jun 23 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Received disconnect from 65.21.150.20 port 44276:11: Bye Bye [preauth]
Jun 23 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Disconnected from 65.21.150.20 port 44276 [preauth]
Jun 23 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: Connection closed by 176.65.139.218 port 53198 [preauth]
Jun 23 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Invalid user admin from 103.5.210.47
Jun 23 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Invalid user fivem from 176.65.139.218
Jun 23 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: input_userauth_request: invalid user fivem [preauth]
Jun 23 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Failed password for invalid user admin from 103.5.210.47 port 54872 ssh2
Jun 23 20:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Connection closed by 103.5.210.47 port 54872 [preauth]
Jun 23 20:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: Invalid user admin from 103.5.210.47
Jun 23 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Failed password for invalid user fivem from 176.65.139.218 port 49938 ssh2
Jun 23 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Connection closed by 176.65.139.218 port 49938 [preauth]
Jun 23 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: Failed password for invalid user admin from 103.5.210.47 port 54888 ssh2
Jun 23 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14396]: Connection closed by 103.5.210.47 port 54888 [preauth]
Jun 23 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: Invalid user lin from 176.65.139.218
Jun 23 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: input_userauth_request: invalid user lin [preauth]
Jun 23 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: Invalid user admin from 103.5.210.47
Jun 23 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: Failed password for invalid user lin from 176.65.139.218 port 50030 ssh2
Jun 23 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: Connection closed by 176.65.139.218 port 50030 [preauth]
Jun 23 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: Failed password for invalid user admin from 103.5.210.47 port 54898 ssh2
Jun 23 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: Connection closed by 103.5.210.47 port 54898 [preauth]
Jun 23 20:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Invalid user admin from 103.5.210.47
Jun 23 20:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Invalid user openclaw from 176.65.139.218
Jun 23 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 20:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Failed password for invalid user admin from 103.5.210.47 port 54908 ssh2
Jun 23 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Connection closed by 103.5.210.47 port 54908 [preauth]
Jun 23 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Failed password for invalid user openclaw from 176.65.139.218 port 41854 ssh2
Jun 23 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Connection closed by 176.65.139.218 port 41854 [preauth]
Jun 23 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: Invalid user admin from 103.5.210.47
Jun 23 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: Failed password for invalid user admin from 103.5.210.47 port 54916 ssh2
Jun 23 20:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: Connection closed by 103.5.210.47 port 54916 [preauth]
Jun 23 20:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Invalid user rajvir from 176.65.139.218
Jun 23 20:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: input_userauth_request: invalid user rajvir [preauth]
Jun 23 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Invalid user admin from 103.5.210.47
Jun 23 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Failed password for invalid user rajvir from 176.65.139.218 port 41924 ssh2
Jun 23 20:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Connection closed by 176.65.139.218 port 41924 [preauth]
Jun 23 20:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Failed password for invalid user admin from 103.5.210.47 port 54924 ssh2
Jun 23 20:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Connection closed by 103.5.210.47 port 54924 [preauth]
Jun 23 20:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Invalid user admin from 103.5.210.47
Jun 23 20:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Invalid user aaa from 176.65.139.218
Jun 23 20:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: input_userauth_request: invalid user aaa [preauth]
Jun 23 20:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Failed password for invalid user admin from 103.5.210.47 port 54938 ssh2
Jun 23 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Connection closed by 103.5.210.47 port 54938 [preauth]
Jun 23 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Failed password for invalid user aaa from 176.65.139.218 port 44296 ssh2
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Connection closed by 176.65.139.218 port 44296 [preauth]
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: Invalid user admin from 103.5.210.47
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14471]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14529]: Successful su for rubyman by root
Jun 23 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14529]: + ??? root:rubyman
Jun 23 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579309 of user rubyman.
Jun 23 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14529]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579309.
Jun 23 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: Failed password for invalid user admin from 103.5.210.47 port 54946 ssh2
Jun 23 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: Connection closed by 103.5.210.47 port 54946 [preauth]
Jun 23 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11367]: pam_unix(cron:session): session closed for user root
Jun 23 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Invalid user admin from 103.5.210.47
Jun 23 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Invalid user sam from 176.65.139.218
Jun 23 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: input_userauth_request: invalid user sam [preauth]
Jun 23 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14472]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Failed password for invalid user admin from 103.5.210.47 port 54954 ssh2
Jun 23 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Connection closed by 103.5.210.47 port 54954 [preauth]
Jun 23 20:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: Invalid user admin from 103.5.210.47
Jun 23 20:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Failed password for invalid user sam from 176.65.139.218 port 44380 ssh2
Jun 23 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Connection closed by 176.65.139.218 port 44380 [preauth]
Jun 23 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: Failed password for invalid user admin from 103.5.210.47 port 54968 ssh2
Jun 23 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: Connection closed by 103.5.210.47 port 54968 [preauth]
Jun 23 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Invalid user admin from 103.5.210.47
Jun 23 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Failed password for invalid user admin from 103.5.210.47 port 54988 ssh2
Jun 23 20:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Connection closed by 103.5.210.47 port 54988 [preauth]
Jun 23 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: Failed password for root from 176.65.139.218 port 56418 ssh2
Jun 23 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: Connection closed by 176.65.139.218 port 56418 [preauth]
Jun 23 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14839]: Invalid user admin from 103.5.210.47
Jun 23 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14839]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14839]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14839]: Failed password for invalid user admin from 103.5.210.47 port 55002 ssh2
Jun 23 20:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14839]: Connection closed by 103.5.210.47 port 55002 [preauth]
Jun 23 20:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Invalid user docker from 176.65.139.218
Jun 23 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: input_userauth_request: invalid user docker [preauth]
Jun 23 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14844]: Invalid user admin from 103.5.210.47
Jun 23 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14844]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14844]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Failed password for invalid user docker from 176.65.139.218 port 52174 ssh2
Jun 23 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Connection closed by 176.65.139.218 port 52174 [preauth]
Jun 23 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14844]: Failed password for invalid user admin from 103.5.210.47 port 55018 ssh2
Jun 23 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14844]: Connection closed by 103.5.210.47 port 55018 [preauth]
Jun 23 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: Invalid user demo from 193.46.255.86
Jun 23 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: input_userauth_request: invalid user demo [preauth]
Jun 23 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14858]: Invalid user admin from 103.5.210.47
Jun 23 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14858]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14858]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: Failed password for invalid user demo from 193.46.255.86 port 40050 ssh2
Jun 23 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14858]: Failed password for invalid user admin from 103.5.210.47 port 55034 ssh2
Jun 23 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14858]: Connection closed by 103.5.210.47 port 55034 [preauth]
Jun 23 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: Invalid user ecommerce from 176.65.139.218
Jun 23 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: input_userauth_request: invalid user ecommerce [preauth]
Jun 23 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Invalid user admin from 103.5.210.47
Jun 23 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: Failed password for invalid user demo from 193.46.255.86 port 40050 ssh2
Jun 23 20:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: Invalid user ander from 104.243.42.167
Jun 23 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: input_userauth_request: invalid user ander [preauth]
Jun 23 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: Failed password for invalid user ecommerce from 176.65.139.218 port 52198 ssh2
Jun 23 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Failed password for invalid user admin from 103.5.210.47 port 55044 ssh2
Jun 23 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: Connection closed by 176.65.139.218 port 52198 [preauth]
Jun 23 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Connection closed by 103.5.210.47 port 55044 [preauth]
Jun 23 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: Failed password for invalid user demo from 193.46.255.86 port 40050 ssh2
Jun 23 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: Connection closed by 193.46.255.86 port 40050 [preauth]
Jun 23 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Invalid user admin from 103.5.210.47
Jun 23 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: Failed password for invalid user ander from 104.243.42.167 port 37596 ssh2
Jun 23 20:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: Received disconnect from 104.243.42.167 port 37596:11: Bye Bye [preauth]
Jun 23 20:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: Disconnected from 104.243.42.167 port 37596 [preauth]
Jun 23 20:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Failed password for invalid user admin from 103.5.210.47 port 55064 ssh2
Jun 23 20:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Connection closed by 103.5.210.47 port 55064 [preauth]
Jun 23 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: Invalid user odoo17 from 176.65.139.218
Jun 23 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: input_userauth_request: invalid user odoo17 [preauth]
Jun 23 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Invalid user admin from 103.5.210.47
Jun 23 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session closed for user root
Jun 23 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: Failed password for invalid user odoo17 from 176.65.139.218 port 53322 ssh2
Jun 23 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: Connection closed by 176.65.139.218 port 53322 [preauth]
Jun 23 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Failed password for invalid user admin from 103.5.210.47 port 55070 ssh2
Jun 23 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Connection closed by 103.5.210.47 port 55070 [preauth]
Jun 23 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: Invalid user admin from 103.5.210.47
Jun 23 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Invalid user deployer from 176.65.139.218
Jun 23 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: input_userauth_request: invalid user deployer [preauth]
Jun 23 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: Failed password for invalid user admin from 103.5.210.47 port 55090 ssh2
Jun 23 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: Connection closed by 103.5.210.47 port 55090 [preauth]
Jun 23 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Failed password for invalid user deployer from 176.65.139.218 port 37694 ssh2
Jun 23 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Invalid user admin from 103.5.210.47
Jun 23 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Connection closed by 176.65.139.218 port 37694 [preauth]
Jun 23 20:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Failed password for invalid user admin from 103.5.210.47 port 55100 ssh2
Jun 23 20:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Connection closed by 103.5.210.47 port 55100 [preauth]
Jun 23 20:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Invalid user admin from 103.5.210.47
Jun 23 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: Invalid user admin from 176.65.139.218
Jun 23 20:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: Failed password for invalid user admin from 176.65.139.218 port 37748 ssh2
Jun 23 20:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Failed password for invalid user admin from 103.5.210.47 port 55112 ssh2
Jun 23 20:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: Connection closed by 176.65.139.218 port 37748 [preauth]
Jun 23 20:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Connection closed by 103.5.210.47 port 55112 [preauth]
Jun 23 20:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: Invalid user admin from 103.5.210.47
Jun 23 20:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: Failed password for invalid user admin from 103.5.210.47 port 55126 ssh2
Jun 23 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: Connection closed by 103.5.210.47 port 55126 [preauth]
Jun 23 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: Invalid user master from 176.65.139.218
Jun 23 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: input_userauth_request: invalid user master [preauth]
Jun 23 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Invalid user admin from 103.5.210.47
Jun 23 20:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: Failed password for invalid user master from 176.65.139.218 port 55622 ssh2
Jun 23 20:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: Connection closed by 176.65.139.218 port 55622 [preauth]
Jun 23 20:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Failed password for invalid user admin from 103.5.210.47 port 55134 ssh2
Jun 23 20:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Connection closed by 103.5.210.47 port 55134 [preauth]
Jun 23 20:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Invalid user admin from 103.5.210.47
Jun 23 20:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Failed password for invalid user admin from 103.5.210.47 port 55142 ssh2
Jun 23 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Connection closed by 103.5.210.47 port 55142 [preauth]
Jun 23 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: Invalid user test from 176.65.139.218
Jun 23 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: input_userauth_request: invalid user test [preauth]
Jun 23 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: Invalid user admin from 103.5.210.47
Jun 23 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: Failed password for invalid user test from 176.65.139.218 port 55750 ssh2
Jun 23 20:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: Connection closed by 176.65.139.218 port 55750 [preauth]
Jun 23 20:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: Failed password for invalid user admin from 103.5.210.47 port 55158 ssh2
Jun 23 20:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: Connection closed by 103.5.210.47 port 55158 [preauth]
Jun 23 20:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Invalid user admin from 103.5.210.47
Jun 23 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Failed password for invalid user admin from 103.5.210.47 port 55170 ssh2
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15082]: Successful su for rubyman by root
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15082]: + ??? root:rubyman
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579314 of user rubyman.
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15082]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579314.
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Connection closed by 103.5.210.47 port 55170 [preauth]
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: Invalid user openclaw from 176.65.139.218
Jun 23 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: Invalid user admin from 103.5.210.47
Jun 23 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: Failed password for invalid user openclaw from 176.65.139.218 port 37852 ssh2
Jun 23 20:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: Connection closed by 176.65.139.218 port 37852 [preauth]
Jun 23 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: Connection closed by 118.69.69.189 port 57216 [preauth]
Jun 23 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11889]: pam_unix(cron:session): session closed for user root
Jun 23 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: Failed password for invalid user admin from 103.5.210.47 port 55186 ssh2
Jun 23 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: Connection closed by 103.5.210.47 port 55186 [preauth]
Jun 23 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: Invalid user admin from 103.5.210.47
Jun 23 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: Failed password for invalid user admin from 103.5.210.47 port 55192 ssh2
Jun 23 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: Connection closed by 103.5.210.47 port 55192 [preauth]
Jun 23 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: Invalid user admin from 103.5.210.47
Jun 23 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: Failed password for root from 176.65.139.218 port 53144 ssh2
Jun 23 20:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: Connection closed by 176.65.139.218 port 53144 [preauth]
Jun 23 20:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: Failed password for invalid user admin from 103.5.210.47 port 55208 ssh2
Jun 23 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: Connection closed by 103.5.210.47 port 55208 [preauth]
Jun 23 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Invalid user admin from 103.5.210.47
Jun 23 20:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: Received disconnect from 128.0.104.39 port 33040:11: disconnected by user [preauth]
Jun 23 20:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: Disconnected from 128.0.104.39 port 33040 [preauth]
Jun 23 20:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Failed password for invalid user admin from 103.5.210.47 port 55216 ssh2
Jun 23 20:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Connection closed by 103.5.210.47 port 55216 [preauth]
Jun 23 20:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Invalid user admin from 103.5.210.47
Jun 23 20:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Failed password for root from 176.65.139.218 port 53202 ssh2
Jun 23 20:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Connection closed by 176.65.139.218 port 53202 [preauth]
Jun 23 20:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Failed password for invalid user admin from 103.5.210.47 port 55236 ssh2
Jun 23 20:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Connection closed by 103.5.210.47 port 55236 [preauth]
Jun 23 20:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Invalid user admin from 103.5.210.47
Jun 23 20:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15323]: Invalid user yzh from 115.178.75.243
Jun 23 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15323]: input_userauth_request: invalid user yzh [preauth]
Jun 23 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15323]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Failed password for invalid user admin from 103.5.210.47 port 55244 ssh2
Jun 23 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Connection closed by 103.5.210.47 port 55244 [preauth]
Jun 23 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15323]: Failed password for invalid user yzh from 115.178.75.243 port 44954 ssh2
Jun 23 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Invalid user username from 176.65.139.218
Jun 23 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: input_userauth_request: invalid user username [preauth]
Jun 23 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15323]: Received disconnect from 115.178.75.243 port 44954:11: Bye Bye [preauth]
Jun 23 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15323]: Disconnected from 115.178.75.243 port 44954 [preauth]
Jun 23 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Invalid user admin from 103.5.210.47
Jun 23 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Failed password for invalid user username from 176.65.139.218 port 46454 ssh2
Jun 23 20:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Connection closed by 176.65.139.218 port 46454 [preauth]
Jun 23 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Failed password for invalid user admin from 103.5.210.47 port 55256 ssh2
Jun 23 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Connection closed by 103.5.210.47 port 55256 [preauth]
Jun 23 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: Invalid user admin from 103.5.210.47
Jun 23 20:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: Invalid user reza from 176.65.139.218
Jun 23 20:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: input_userauth_request: invalid user reza [preauth]
Jun 23 20:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: Failed password for invalid user admin from 103.5.210.47 port 55272 ssh2
Jun 23 20:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15349]: Connection closed by 103.5.210.47 port 55272 [preauth]
Jun 23 20:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Invalid user admin from 103.5.210.47
Jun 23 20:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: Failed password for invalid user reza from 176.65.139.218 port 41090 ssh2
Jun 23 20:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15351]: Connection closed by 176.65.139.218 port 41090 [preauth]
Jun 23 20:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Failed password for invalid user admin from 103.5.210.47 port 55284 ssh2
Jun 23 20:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Connection closed by 103.5.210.47 port 55284 [preauth]
Jun 23 20:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Invalid user admin from 103.5.210.47
Jun 23 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: Invalid user test3 from 176.65.139.218
Jun 23 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: input_userauth_request: invalid user test3 [preauth]
Jun 23 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14027]: pam_unix(cron:session): session closed for user root
Jun 23 20:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Failed password for invalid user admin from 103.5.210.47 port 55296 ssh2
Jun 23 20:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Connection closed by 103.5.210.47 port 55296 [preauth]
Jun 23 20:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: Failed password for invalid user test3 from 176.65.139.218 port 41154 ssh2
Jun 23 20:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Invalid user admin from 103.5.210.47
Jun 23 20:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15375]: Connection closed by 176.65.139.218 port 41154 [preauth]
Jun 23 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Failed password for invalid user admin from 103.5.210.47 port 55304 ssh2
Jun 23 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Connection closed by 103.5.210.47 port 55304 [preauth]
Jun 23 20:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Invalid user admin from 103.5.210.47
Jun 23 20:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Invalid user jack from 176.65.139.218
Jun 23 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: input_userauth_request: invalid user jack [preauth]
Jun 23 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Invalid user 24online from 65.21.150.20
Jun 23 20:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: input_userauth_request: invalid user 24online [preauth]
Jun 23 20:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 20:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Failed password for invalid user admin from 103.5.210.47 port 55316 ssh2
Jun 23 20:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Connection closed by 103.5.210.47 port 55316 [preauth]
Jun 23 20:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 20:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Failed password for invalid user jack from 176.65.139.218 port 39564 ssh2
Jun 23 20:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Connection closed by 176.65.139.218 port 39564 [preauth]
Jun 23 20:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: Invalid user admin from 103.5.210.47
Jun 23 20:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Failed password for invalid user 24online from 65.21.150.20 port 59120 ssh2
Jun 23 20:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Received disconnect from 65.21.150.20 port 59120:11: Bye Bye [preauth]
Jun 23 20:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Disconnected from 65.21.150.20 port 59120 [preauth]
Jun 23 20:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: Failed password for root from 103.122.221.179 port 37216 ssh2
Jun 23 20:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: Connection closed by 103.122.221.179 port 37216 [preauth]
Jun 23 20:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: Failed password for invalid user admin from 103.5.210.47 port 55328 ssh2
Jun 23 20:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: Connection closed by 103.5.210.47 port 55328 [preauth]
Jun 23 20:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: Invalid user admin from 103.5.210.47
Jun 23 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Invalid user admin from 176.65.139.218
Jun 23 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: Failed password for invalid user admin from 103.5.210.47 port 55338 ssh2
Jun 23 20:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Failed password for invalid user admin from 176.65.139.218 port 39620 ssh2
Jun 23 20:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15436]: Connection closed by 103.5.210.47 port 55338 [preauth]
Jun 23 20:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Connection closed by 176.65.139.218 port 39620 [preauth]
Jun 23 20:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: Invalid user admin from 103.5.210.47
Jun 23 20:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: Failed password for invalid user admin from 103.5.210.47 port 55348 ssh2
Jun 23 20:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: Connection closed by 103.5.210.47 port 55348 [preauth]
Jun 23 20:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Invalid user rdpuser from 176.65.139.218
Jun 23 20:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: input_userauth_request: invalid user rdpuser [preauth]
Jun 23 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: Invalid user admin from 103.5.210.47
Jun 23 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Failed password for invalid user rdpuser from 176.65.139.218 port 56602 ssh2
Jun 23 20:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: Failed password for invalid user admin from 103.5.210.47 port 55354 ssh2
Jun 23 20:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Connection closed by 176.65.139.218 port 56602 [preauth]
Jun 23 20:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: Connection closed by 103.5.210.47 port 55354 [preauth]
Jun 23 20:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: Invalid user admin from 103.5.210.47
Jun 23 20:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: Failed password for invalid user admin from 103.5.210.47 port 55370 ssh2
Jun 23 20:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: Connection closed by 103.5.210.47 port 55370 [preauth]
Jun 23 20:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Invalid user openclaw from 176.65.139.218
Jun 23 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: input_userauth_request: invalid user openclaw [preauth]
Jun 23 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: Invalid user admin from 103.5.210.47
Jun 23 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session closed for user root
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15478]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Failed password for invalid user openclaw from 176.65.139.218 port 55588 ssh2
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: Successful su for rubyman by root
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: + ??? root:rubyman
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579320 of user rubyman.
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579320.
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Connection closed by 176.65.139.218 port 55588 [preauth]
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: Failed password for invalid user admin from 103.5.210.47 port 55382 ssh2
Jun 23 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: Connection closed by 103.5.210.47 port 55382 [preauth]
Jun 23 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Invalid user admin from 103.5.210.47
Jun 23 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session closed for user root
Jun 23 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Failed password for invalid user admin from 103.5.210.47 port 55394 ssh2
Jun 23 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session closed for user root
Jun 23 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Invalid user pi from 176.65.139.218
Jun 23 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: input_userauth_request: invalid user pi [preauth]
Jun 23 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Connection closed by 103.5.210.47 port 55394 [preauth]
Jun 23 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: Invalid user admin from 103.5.210.47
Jun 23 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Failed password for invalid user pi from 176.65.139.218 port 55620 ssh2
Jun 23 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Connection closed by 176.65.139.218 port 55620 [preauth]
Jun 23 20:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: Failed password for invalid user admin from 103.5.210.47 port 55408 ssh2
Jun 23 20:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: Connection closed by 103.5.210.47 port 55408 [preauth]
Jun 23 20:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: Invalid user admin from 103.5.210.47
Jun 23 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: Failed password for invalid user admin from 103.5.210.47 port 55426 ssh2
Jun 23 20:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: Connection closed by 103.5.210.47 port 55426 [preauth]
Jun 23 20:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15774]: Invalid user admin from 103.5.210.47
Jun 23 20:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15774]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15774]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15772]: Failed password for root from 176.65.139.218 port 37298 ssh2
Jun 23 20:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15772]: Connection closed by 176.65.139.218 port 37298 [preauth]
Jun 23 20:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15774]: Failed password for invalid user admin from 103.5.210.47 port 55436 ssh2
Jun 23 20:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15774]: Connection closed by 103.5.210.47 port 55436 [preauth]
Jun 23 20:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Invalid user admin from 103.5.210.47
Jun 23 20:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Failed password for invalid user admin from 103.5.210.47 port 55446 ssh2
Jun 23 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Connection closed by 103.5.210.47 port 55446 [preauth]
Jun 23 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Invalid user admin from 103.5.210.47
Jun 23 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Invalid user master from 104.243.42.167
Jun 23 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: input_userauth_request: invalid user master [preauth]
Jun 23 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: Failed password for root from 176.65.139.218 port 36784 ssh2
Jun 23 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: Connection closed by 176.65.139.218 port 36784 [preauth]
Jun 23 20:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Failed password for invalid user admin from 103.5.210.47 port 55458 ssh2
Jun 23 20:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Failed password for invalid user master from 104.243.42.167 port 35700 ssh2
Jun 23 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Received disconnect from 104.243.42.167 port 35700:11: Bye Bye [preauth]
Jun 23 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Disconnected from 104.243.42.167 port 35700 [preauth]
Jun 23 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Connection closed by 103.5.210.47 port 55458 [preauth]
Jun 23 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: Invalid user admin from 103.5.210.47
Jun 23 20:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Invalid user odoo14 from 176.65.139.218
Jun 23 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: input_userauth_request: invalid user odoo14 [preauth]
Jun 23 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: Failed password for invalid user admin from 103.5.210.47 port 55466 ssh2
Jun 23 20:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: Connection closed by 103.5.210.47 port 55466 [preauth]
Jun 23 20:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Invalid user admin from 103.5.210.47
Jun 23 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Failed password for invalid user odoo14 from 176.65.139.218 port 36834 ssh2
Jun 23 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Connection closed by 176.65.139.218 port 36834 [preauth]
Jun 23 20:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Failed password for invalid user admin from 103.5.210.47 port 55484 ssh2
Jun 23 20:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Connection closed by 103.5.210.47 port 55484 [preauth]
Jun 23 20:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: Invalid user admin from 103.5.210.47
Jun 23 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Invalid user ftpuser from 176.65.139.218
Jun 23 20:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: input_userauth_request: invalid user ftpuser [preauth]
Jun 23 20:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: Failed password for invalid user admin from 103.5.210.47 port 55498 ssh2
Jun 23 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15840]: Connection closed by 103.5.210.47 port 55498 [preauth]
Jun 23 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Failed password for invalid user ftpuser from 176.65.139.218 port 46818 ssh2
Jun 23 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Connection closed by 176.65.139.218 port 46818 [preauth]
Jun 23 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14474]: pam_unix(cron:session): session closed for user root
Jun 23 20:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: Invalid user admin from 103.5.210.47
Jun 23 20:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: Failed password for invalid user admin from 103.5.210.47 port 55504 ssh2
Jun 23 20:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15853]: Connection closed by 103.5.210.47 port 55504 [preauth]
Jun 23 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Invalid user ts from 176.65.139.218
Jun 23 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: input_userauth_request: invalid user ts [preauth]
Jun 23 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: Invalid user admin from 103.5.210.47
Jun 23 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Failed password for invalid user ts from 176.65.139.218 port 59786 ssh2
Jun 23 20:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Connection closed by 176.65.139.218 port 59786 [preauth]
Jun 23 20:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: Failed password for invalid user admin from 103.5.210.47 port 55518 ssh2
Jun 23 20:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15886]: Connection closed by 103.5.210.47 port 55518 [preauth]
Jun 23 20:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Invalid user admin from 103.5.210.47
Jun 23 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Failed password for invalid user admin from 103.5.210.47 port 55528 ssh2
Jun 23 20:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Invalid user uploader from 176.65.139.218
Jun 23 20:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: input_userauth_request: invalid user uploader [preauth]
Jun 23 20:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Connection closed by 103.5.210.47 port 55528 [preauth]
Jun 23 20:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Invalid user admin from 103.5.210.47
Jun 23 20:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Failed password for invalid user uploader from 176.65.139.218 port 59814 ssh2
Jun 23 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Connection closed by 176.65.139.218 port 59814 [preauth]
Jun 23 20:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Failed password for invalid user admin from 103.5.210.47 port 55538 ssh2
Jun 23 20:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Connection closed by 103.5.210.47 port 55538 [preauth]
Jun 23 20:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Invalid user admin from 103.5.210.47
Jun 23 20:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: Invalid user adminuser from 176.65.139.218
Jun 23 20:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: input_userauth_request: invalid user adminuser [preauth]
Jun 23 20:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Failed password for invalid user admin from 103.5.210.47 port 55562 ssh2
Jun 23 20:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Connection closed by 103.5.210.47 port 55562 [preauth]
Jun 23 20:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: Failed password for invalid user adminuser from 176.65.139.218 port 34092 ssh2
Jun 23 20:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Invalid user admin from 103.5.210.47
Jun 23 20:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: Connection closed by 176.65.139.218 port 34092 [preauth]
Jun 23 20:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Failed password for invalid user admin from 103.5.210.47 port 55570 ssh2
Jun 23 20:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Connection closed by 103.5.210.47 port 55570 [preauth]
Jun 23 20:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: Invalid user ali from 176.65.139.218
Jun 23 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: input_userauth_request: invalid user ali [preauth]
Jun 23 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: Failed password for invalid user ali from 176.65.139.218 port 34138 ssh2
Jun 23 20:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: Connection closed by 176.65.139.218 port 34138 [preauth]
Jun 23 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Invalid user pi from 103.5.210.47
Jun 23 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: input_userauth_request: invalid user pi [preauth]
Jun 23 20:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47
Jun 23 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: Invalid user test1 from 176.65.139.218
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: input_userauth_request: invalid user test1 [preauth]
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16019]: Successful su for rubyman by root
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16019]: + ??? root:rubyman
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579323 of user rubyman.
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16019]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579323.
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Failed password for invalid user pi from 103.5.210.47 port 55600 ssh2
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Connection closed by 103.5.210.47 port 55600 [preauth]
Jun 23 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: User ftp from 103.5.210.47 not allowed because not listed in AllowUsers
Jun 23 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: input_userauth_request: invalid user ftp [preauth]
Jun 23 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.210.47  user=ftp
Jun 23 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: Failed password for invalid user test1 from 176.65.139.218 port 47990 ssh2
Jun 23 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: Connection closed by 176.65.139.218 port 47990 [preauth]
Jun 23 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12978]: pam_unix(cron:session): session closed for user root
Jun 23 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Failed password for invalid user ftp from 103.5.210.47 port 55608 ssh2
Jun 23 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Connection closed by 103.5.210.47 port 55608 [preauth]
Jun 23 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Invalid user steam from 176.65.139.218
Jun 23 20:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: input_userauth_request: invalid user steam [preauth]
Jun 23 20:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Failed password for invalid user steam from 176.65.139.218 port 36526 ssh2
Jun 23 20:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Connection closed by 176.65.139.218 port 36526 [preauth]
Jun 23 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16237]: Failed password for root from 176.65.139.218 port 36596 ssh2
Jun 23 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16237]: Connection closed by 176.65.139.218 port 36596 [preauth]
Jun 23 20:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16247]: Invalid user dmdba from 176.65.139.218
Jun 23 20:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16247]: input_userauth_request: invalid user dmdba [preauth]
Jun 23 20:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16247]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16247]: Failed password for invalid user dmdba from 176.65.139.218 port 52416 ssh2
Jun 23 20:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16247]: Connection closed by 176.65.139.218 port 52416 [preauth]
Jun 23 20:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Failed password for root from 176.65.139.218 port 56682 ssh2
Jun 23 20:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Connection closed by 176.65.139.218 port 56682 [preauth]
Jun 23 20:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15024]: pam_unix(cron:session): session closed for user root
Jun 23 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Invalid user dolphinscheduler from 176.65.139.218
Jun 23 20:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 23 20:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Failed password for invalid user dolphinscheduler from 176.65.139.218 port 56712 ssh2
Jun 23 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Connection closed by 176.65.139.218 port 56712 [preauth]
Jun 23 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Invalid user guilherme from 115.178.75.243
Jun 23 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: input_userauth_request: invalid user guilherme [preauth]
Jun 23 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243
Jun 23 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Failed password for invalid user guilherme from 115.178.75.243 port 56248 ssh2
Jun 23 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Received disconnect from 115.178.75.243 port 56248:11: Bye Bye [preauth]
Jun 23 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Disconnected from 115.178.75.243 port 56248 [preauth]
Jun 23 20:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Invalid user default from 176.65.139.218
Jun 23 20:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: input_userauth_request: invalid user default [preauth]
Jun 23 20:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Failed password for invalid user default from 176.65.139.218 port 34980 ssh2
Jun 23 20:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Connection closed by 176.65.139.218 port 34980 [preauth]
Jun 23 20:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Invalid user nikhil from 65.21.150.20
Jun 23 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: input_userauth_request: invalid user nikhil [preauth]
Jun 23 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20
Jun 23 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Failed password for root from 176.65.139.218 port 35010 ssh2
Jun 23 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Connection closed by 176.65.139.218 port 35010 [preauth]
Jun 23 20:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Failed password for invalid user nikhil from 65.21.150.20 port 37604 ssh2
Jun 23 20:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Received disconnect from 65.21.150.20 port 37604:11: Bye Bye [preauth]
Jun 23 20:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Disconnected from 65.21.150.20 port 37604 [preauth]
Jun 23 20:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16370]: Failed password for root from 176.65.139.218 port 52164 ssh2
Jun 23 20:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16370]: Connection closed by 176.65.139.218 port 52164 [preauth]
Jun 23 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Invalid user ubuntu from 176.65.139.218
Jun 23 20:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 20:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Failed password for invalid user ubuntu from 176.65.139.218 port 44732 ssh2
Jun 23 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Connection closed by 176.65.139.218 port 44732 [preauth]
Jun 23 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16392]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: Successful su for rubyman by root
Jun 23 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: + ??? root:rubyman
Jun 23 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579327 of user rubyman.
Jun 23 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579327.
Jun 23 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13553]: pam_unix(cron:session): session closed for user root
Jun 23 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218  user=root
Jun 23 20:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16393]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: Failed password for root from 176.65.139.218 port 44816 ssh2
Jun 23 20:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: Connection closed by 176.65.139.218 port 44816 [preauth]
Jun 23 20:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Invalid user debian from 176.65.139.218
Jun 23 20:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Failed password for invalid user debian from 176.65.139.218 port 52802 ssh2
Jun 23 20:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Connection closed by 176.65.139.218 port 52802 [preauth]
Jun 23 20:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: Invalid user test from 176.65.139.218
Jun 23 20:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: input_userauth_request: invalid user test [preauth]
Jun 23 20:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167  user=root
Jun 23 20:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: Failed password for invalid user test from 176.65.139.218 port 52840 ssh2
Jun 23 20:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: Connection closed by 176.65.139.218 port 52840 [preauth]
Jun 23 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: Invalid user ubuntu from 176.65.139.218
Jun 23 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16677]: Failed password for root from 104.243.42.167 port 40312 ssh2
Jun 23 20:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16677]: Received disconnect from 104.243.42.167 port 40312:11: Bye Bye [preauth]
Jun 23 20:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16677]: Disconnected from 104.243.42.167 port 40312 [preauth]
Jun 23 20:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: Failed password for invalid user ubuntu from 176.65.139.218 port 38994 ssh2
Jun 23 20:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: Connection closed by 176.65.139.218 port 38994 [preauth]
Jun 23 20:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Invalid user pi from 176.65.139.218
Jun 23 20:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: input_userauth_request: invalid user pi [preauth]
Jun 23 20:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Failed password for invalid user pi from 176.65.139.218 port 39086 ssh2
Jun 23 20:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Connection closed by 176.65.139.218 port 39086 [preauth]
Jun 23 20:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: Invalid user grid from 176.65.139.218
Jun 23 20:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: input_userauth_request: invalid user grid [preauth]
Jun 23 20:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.139.218
Jun 23 20:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: Failed password for invalid user grid from 176.65.139.218 port 58536 ssh2
Jun 23 20:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: Connection closed by 176.65.139.218 port 58536 [preauth]
Jun 23 20:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session closed for user root
Jun 23 20:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Invalid user abc from 210.245.36.176
Jun 23 20:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: input_userauth_request: invalid user abc [preauth]
Jun 23 20:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.245.36.176
Jun 23 20:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Failed password for invalid user abc from 210.245.36.176 port 53329 ssh2
Jun 23 20:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Connection closed by 210.245.36.176 port 53329 [preauth]
Jun 23 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16902]: Successful su for rubyman by root
Jun 23 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16902]: + ??? root:rubyman
Jun 23 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579333 of user rubyman.
Jun 23 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16902]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579333.
Jun 23 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session closed for user root
Jun 23 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15958]: pam_unix(cron:session): session closed for user root
Jun 23 20:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.21.150.20  user=root
Jun 23 20:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Failed password for root from 65.21.150.20 port 36548 ssh2
Jun 23 20:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Received disconnect from 65.21.150.20 port 36548:11: Bye Bye [preauth]
Jun 23 20:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Disconnected from 65.21.150.20 port 36548 [preauth]
Jun 23 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17432]: Successful su for rubyman by root
Jun 23 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17432]: + ??? root:rubyman
Jun 23 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579336 of user rubyman.
Jun 23 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17432]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579336.
Jun 23 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user root
Jun 23 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.75.243  user=root
Jun 23 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14473]: pam_unix(cron:session): session closed for user root
Jun 23 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Failed password for root from 115.178.75.243 port 39302 ssh2
Jun 23 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Received disconnect from 115.178.75.243 port 39302:11: Bye Bye [preauth]
Jun 23 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Disconnected from 115.178.75.243 port 39302 [preauth]
Jun 23 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167  user=root
Jun 23 20:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: Failed password for root from 104.243.42.167 port 36188 ssh2
Jun 23 20:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: Received disconnect from 104.243.42.167 port 36188:11: Bye Bye [preauth]
Jun 23 20:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: Disconnected from 104.243.42.167 port 36188 [preauth]
Jun 23 20:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17794]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 20:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17794]: Received disconnect from 195.160.220.149 port 46360:11: disconnected by user [preauth]
Jun 23 20:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17794]: Disconnected from 195.160.220.149 port 46360 [preauth]
Jun 23 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16395]: pam_unix(cron:session): session closed for user root
Jun 23 20:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Invalid user admin from 2.57.121.25
Jun 23 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Failed password for invalid user admin from 2.57.121.25 port 27510 ssh2
Jun 23 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Failed password for invalid user admin from 2.57.121.25 port 27510 ssh2
Jun 23 20:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Failed password for invalid user admin from 2.57.121.25 port 27510 ssh2
Jun 23 20:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Connection closed by 2.57.121.25 port 27510 [preauth]
Jun 23 20:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17906]: pam_unix(cron:session): session closed for user root
Jun 23 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17900]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: Successful su for rubyman by root
Jun 23 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: + ??? root:rubyman
Jun 23 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579342 of user rubyman.
Jun 23 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579342.
Jun 23 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session closed for user root
Jun 23 20:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17902]: pam_unix(cron:session): session closed for user root
Jun 23 20:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17901]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session closed for user root
Jun 23 20:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 20:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18337]: Failed password for root from 62.133.62.83 port 41136 ssh2
Jun 23 20:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18337]: Connection closed by 62.133.62.83 port 41136 [preauth]
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18370]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18521]: Successful su for rubyman by root
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18521]: + ??? root:rubyman
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579346 of user rubyman.
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18521]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579346.
Jun 23 20:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session closed for user root
Jun 23 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18371]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Invalid user admin from 104.243.42.167
Jun 23 20:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Failed password for invalid user admin from 104.243.42.167 port 43688 ssh2
Jun 23 20:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Received disconnect from 104.243.42.167 port 43688:11: Bye Bye [preauth]
Jun 23 20:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Disconnected from 104.243.42.167 port 43688 [preauth]
Jun 23 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17300]: pam_unix(cron:session): session closed for user root
Jun 23 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18884]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18943]: Successful su for rubyman by root
Jun 23 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18943]: + ??? root:rubyman
Jun 23 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579350 of user rubyman.
Jun 23 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18943]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579350.
Jun 23 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15957]: pam_unix(cron:session): session closed for user root
Jun 23 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18885]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Failed password for root from 141.98.83.240 port 56484 ssh2
Jun 23 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17905]: pam_unix(cron:session): session closed for user root
Jun 23 20:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Failed password for root from 141.98.83.240 port 56484 ssh2
Jun 23 20:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Failed password for root from 141.98.83.240 port 56484 ssh2
Jun 23 20:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Connection closed by 141.98.83.240 port 56484 [preauth]
Jun 23 20:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19370]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19432]: Successful su for rubyman by root
Jun 23 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19432]: + ??? root:rubyman
Jun 23 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579357 of user rubyman.
Jun 23 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19432]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579357.
Jun 23 20:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16394]: pam_unix(cron:session): session closed for user root
Jun 23 20:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19371]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Invalid user mohammad from 104.243.42.167
Jun 23 20:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: input_userauth_request: invalid user mohammad [preauth]
Jun 23 20:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Failed password for invalid user mohammad from 104.243.42.167 port 52684 ssh2
Jun 23 20:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Received disconnect from 104.243.42.167 port 52684:11: Bye Bye [preauth]
Jun 23 20:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Disconnected from 104.243.42.167 port 52684 [preauth]
Jun 23 20:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18376]: pam_unix(cron:session): session closed for user root
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19993]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20053]: Successful su for rubyman by root
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20053]: + ??? root:rubyman
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579358 of user rubyman.
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20053]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579358.
Jun 23 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session closed for user root
Jun 23 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19994]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Connection closed by 118.69.69.189 port 63337 [preauth]
Jun 23 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18887]: pam_unix(cron:session): session closed for user root
Jun 23 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20500]: pam_unix(cron:session): session closed for user root
Jun 23 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20563]: Successful su for rubyman by root
Jun 23 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20563]: + ??? root:rubyman
Jun 23 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579365 of user rubyman.
Jun 23 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20563]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579365.
Jun 23 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session closed for user root
Jun 23 20:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session closed for user root
Jun 23 20:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20496]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: Invalid user api from 104.243.42.167
Jun 23 20:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: input_userauth_request: invalid user api [preauth]
Jun 23 20:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: Failed password for invalid user api from 104.243.42.167 port 49816 ssh2
Jun 23 20:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: Received disconnect from 104.243.42.167 port 49816:11: Bye Bye [preauth]
Jun 23 20:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: Disconnected from 104.243.42.167 port 49816 [preauth]
Jun 23 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19373]: pam_unix(cron:session): session closed for user root
Jun 23 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21013]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21086]: Successful su for rubyman by root
Jun 23 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21086]: + ??? root:rubyman
Jun 23 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579368 of user rubyman.
Jun 23 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21086]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579368.
Jun 23 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17903]: pam_unix(cron:session): session closed for user root
Jun 23 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21014]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19996]: pam_unix(cron:session): session closed for user root
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21437]: pam_unix(cron:session): session closed for user root
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21439]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21507]: Successful su for rubyman by root
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21507]: + ??? root:rubyman
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579374 of user rubyman.
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21507]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579374.
Jun 23 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18375]: pam_unix(cron:session): session closed for user root
Jun 23 20:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21440]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Invalid user admin from 104.243.42.167
Jun 23 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Failed password for invalid user admin from 104.243.42.167 port 49890 ssh2
Jun 23 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Received disconnect from 104.243.42.167 port 49890:11: Bye Bye [preauth]
Jun 23 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Disconnected from 104.243.42.167 port 49890 [preauth]
Jun 23 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20499]: pam_unix(cron:session): session closed for user root
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21877]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: Successful su for rubyman by root
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: + ??? root:rubyman
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579378 of user rubyman.
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579378.
Jun 23 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18886]: pam_unix(cron:session): session closed for user root
Jun 23 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21878]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 20:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: Failed password for root from 176.32.39.21 port 38322 ssh2
Jun 23 20:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: Connection closed by 176.32.39.21 port 38322 [preauth]
Jun 23 20:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21016]: pam_unix(cron:session): session closed for user root
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22274]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: Successful su for rubyman by root
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: + ??? root:rubyman
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579381 of user rubyman.
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579381.
Jun 23 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19372]: pam_unix(cron:session): session closed for user root
Jun 23 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Invalid user don from 104.243.42.167
Jun 23 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: input_userauth_request: invalid user don [preauth]
Jun 23 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22275]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Failed password for invalid user don from 104.243.42.167 port 47712 ssh2
Jun 23 20:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Received disconnect from 104.243.42.167 port 47712:11: Bye Bye [preauth]
Jun 23 20:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Disconnected from 104.243.42.167 port 47712 [preauth]
Jun 23 20:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Received disconnect from 193.70.122.120 port 48636:11: disconnected by user [preauth]
Jun 23 20:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Disconnected from 193.70.122.120 port 48636 [preauth]
Jun 23 20:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: Invalid user admin from 45.148.10.121
Jun 23 20:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21442]: pam_unix(cron:session): session closed for user root
Jun 23 20:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: Failed password for invalid user admin from 45.148.10.121 port 60642 ssh2
Jun 23 20:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: Connection closed by 45.148.10.121 port 60642 [preauth]
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22774]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22776]: pam_unix(cron:session): session closed for user root
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22771]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: Successful su for rubyman by root
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: + ??? root:rubyman
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579389 of user rubyman.
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579389.
Jun 23 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22773]: pam_unix(cron:session): session closed for user root
Jun 23 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19995]: pam_unix(cron:session): session closed for user root
Jun 23 20:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22772]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21880]: pam_unix(cron:session): session closed for user root
Jun 23 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23205]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: Successful su for rubyman by root
Jun 23 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: + ??? root:rubyman
Jun 23 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579391 of user rubyman.
Jun 23 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579391.
Jun 23 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Invalid user debian from 104.243.42.167
Jun 23 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: input_userauth_request: invalid user debian [preauth]
Jun 23 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session closed for user root
Jun 23 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23206]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Failed password for invalid user debian from 104.243.42.167 port 36050 ssh2
Jun 23 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Received disconnect from 104.243.42.167 port 36050:11: Bye Bye [preauth]
Jun 23 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Disconnected from 104.243.42.167 port 36050 [preauth]
Jun 23 20:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: Connection closed by 118.69.69.189 port 58973 [preauth]
Jun 23 20:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 20:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: Failed password for root from 80.66.85.226 port 53258 ssh2
Jun 23 20:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23539]: Connection closed by 80.66.85.226 port 53258 [preauth]
Jun 23 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22278]: pam_unix(cron:session): session closed for user root
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23706]: Successful su for rubyman by root
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23706]: + ??? root:rubyman
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579395 of user rubyman.
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23706]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579395.
Jun 23 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21015]: pam_unix(cron:session): session closed for user root
Jun 23 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23639]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: Connection closed by 118.69.69.189 port 65285 [preauth]
Jun 23 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22775]: pam_unix(cron:session): session closed for user root
Jun 23 20:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 20:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24105]: Failed password for root from 103.149.28.157 port 50384 ssh2
Jun 23 20:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24105]: Connection closed by 103.149.28.157 port 50384 [preauth]
Jun 23 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: Invalid user ts3server from 104.243.42.167
Jun 23 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: input_userauth_request: invalid user ts3server [preauth]
Jun 23 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: Failed password for invalid user ts3server from 104.243.42.167 port 48646 ssh2
Jun 23 20:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: Received disconnect from 104.243.42.167 port 48646:11: Bye Bye [preauth]
Jun 23 20:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: Disconnected from 104.243.42.167 port 48646 [preauth]
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24158]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: Successful su for rubyman by root
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: + ??? root:rubyman
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579399 of user rubyman.
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579399.
Jun 23 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21441]: pam_unix(cron:session): session closed for user root
Jun 23 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23208]: pam_unix(cron:session): session closed for user root
Jun 23 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24659]: Successful su for rubyman by root
Jun 23 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24659]: + ??? root:rubyman
Jun 23 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579405 of user rubyman.
Jun 23 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24659]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579405.
Jun 23 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21879]: pam_unix(cron:session): session closed for user root
Jun 23 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23641]: pam_unix(cron:session): session closed for user root
Jun 23 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: Invalid user paul from 104.243.42.167
Jun 23 20:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: input_userauth_request: invalid user paul [preauth]
Jun 23 20:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: Failed password for invalid user paul from 104.243.42.167 port 33734 ssh2
Jun 23 20:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: Received disconnect from 104.243.42.167 port 33734:11: Bye Bye [preauth]
Jun 23 20:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: Disconnected from 104.243.42.167 port 33734 [preauth]
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24997]: pam_unix(cron:session): session closed for user root
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25067]: Successful su for rubyman by root
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25067]: + ??? root:rubyman
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579407 of user rubyman.
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25067]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579407.
Jun 23 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24994]: pam_unix(cron:session): session closed for user root
Jun 23 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22277]: pam_unix(cron:session): session closed for user root
Jun 23 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24993]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session closed for user root
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25419]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25490]: Successful su for rubyman by root
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25490]: + ??? root:rubyman
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579415 of user rubyman.
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25490]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579415.
Jun 23 20:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22774]: pam_unix(cron:session): session closed for user root
Jun 23 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25420]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session closed for user root
Jun 23 20:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: Invalid user under from 104.243.42.167
Jun 23 20:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: input_userauth_request: invalid user under [preauth]
Jun 23 20:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: Failed password for invalid user under from 104.243.42.167 port 43818 ssh2
Jun 23 20:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: Received disconnect from 104.243.42.167 port 43818:11: Bye Bye [preauth]
Jun 23 20:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: Disconnected from 104.243.42.167 port 43818 [preauth]
Jun 23 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25887]: Successful su for rubyman by root
Jun 23 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25887]: + ??? root:rubyman
Jun 23 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579417 of user rubyman.
Jun 23 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25887]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579417.
Jun 23 20:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23207]: pam_unix(cron:session): session closed for user root
Jun 23 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 20:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24996]: pam_unix(cron:session): session closed for user root
Jun 23 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Failed password for root from 201.149.53.243 port 6111 ssh2
Jun 23 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Received disconnect from 201.149.53.243 port 6111:11: Bye Bye [preauth]
Jun 23 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Disconnected from 201.149.53.243 port 6111 [preauth]
Jun 23 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26216]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26277]: Successful su for rubyman by root
Jun 23 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26277]: + ??? root:rubyman
Jun 23 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579422 of user rubyman.
Jun 23 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26277]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579422.
Jun 23 20:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23640]: pam_unix(cron:session): session closed for user root
Jun 23 20:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26217]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 20:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: Failed password for root from 38.93.206.2 port 47564 ssh2
Jun 23 20:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26487]: Connection closed by 38.93.206.2 port 47564 [preauth]
Jun 23 20:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.40.156.247  user=root
Jun 23 20:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: Failed password for root from 110.40.156.247 port 48526 ssh2
Jun 23 20:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: Received disconnect from 110.40.156.247 port 48526:11: Bye Bye [preauth]
Jun 23 20:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: Disconnected from 110.40.156.247 port 48526 [preauth]
Jun 23 20:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25422]: pam_unix(cron:session): session closed for user root
Jun 23 20:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: Invalid user ubuntu from 104.243.42.167
Jun 23 20:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 20:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: Failed password for invalid user ubuntu from 104.243.42.167 port 54166 ssh2
Jun 23 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: Received disconnect from 104.243.42.167 port 54166:11: Bye Bye [preauth]
Jun 23 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: Disconnected from 104.243.42.167 port 54166 [preauth]
Jun 23 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26613]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: Successful su for rubyman by root
Jun 23 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: + ??? root:rubyman
Jun 23 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579426 of user rubyman.
Jun 23 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579426.
Jun 23 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session closed for user root
Jun 23 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26614]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26949]: Received disconnect from 193.142.43.122 port 55724:11: disconnected by user [preauth]
Jun 23 20:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26949]: Disconnected from 193.142.43.122 port 55724 [preauth]
Jun 23 20:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 20:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: Failed password for root from 103.15.222.183 port 44520 ssh2
Jun 23 20:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: Connection closed by 103.15.222.183 port 44520 [preauth]
Jun 23 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25831]: pam_unix(cron:session): session closed for user root
Jun 23 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27104]: pam_unix(cron:session): session closed for user root
Jun 23 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27097]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27168]: Successful su for rubyman by root
Jun 23 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27168]: + ??? root:rubyman
Jun 23 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579430 of user rubyman.
Jun 23 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27168]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579430.
Jun 23 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27099]: pam_unix(cron:session): session closed for user root
Jun 23 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session closed for user root
Jun 23 20:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26219]: pam_unix(cron:session): session closed for user root
Jun 23 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Connection closed by 194.59.206.2 port 35610 [preauth]
Jun 23 20:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: Invalid user won from 104.243.42.167
Jun 23 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: input_userauth_request: invalid user won [preauth]
Jun 23 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: Failed password for invalid user won from 104.243.42.167 port 42844 ssh2
Jun 23 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: Received disconnect from 104.243.42.167 port 42844:11: Bye Bye [preauth]
Jun 23 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: Disconnected from 104.243.42.167 port 42844 [preauth]
Jun 23 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27556]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27626]: Successful su for rubyman by root
Jun 23 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27626]: + ??? root:rubyman
Jun 23 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579436 of user rubyman.
Jun 23 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27626]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579436.
Jun 23 20:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24995]: pam_unix(cron:session): session closed for user root
Jun 23 20:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27557]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26616]: pam_unix(cron:session): session closed for user root
Jun 23 20:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 20:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Failed password for root from 103.153.68.219 port 48066 ssh2
Jun 23 20:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Connection closed by 103.153.68.219 port 48066 [preauth]
Jun 23 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27972]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28041]: Successful su for rubyman by root
Jun 23 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28041]: + ??? root:rubyman
Jun 23 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579441 of user rubyman.
Jun 23 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28041]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579441.
Jun 23 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25421]: pam_unix(cron:session): session closed for user root
Jun 23 20:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27974]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27101]: pam_unix(cron:session): session closed for user root
Jun 23 20:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Invalid user cmm from 104.243.42.167
Jun 23 20:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: input_userauth_request: invalid user cmm [preauth]
Jun 23 20:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167
Jun 23 20:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Failed password for invalid user cmm from 104.243.42.167 port 46854 ssh2
Jun 23 20:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Received disconnect from 104.243.42.167 port 46854:11: Bye Bye [preauth]
Jun 23 20:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Disconnected from 104.243.42.167 port 46854 [preauth]
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28426]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28488]: Successful su for rubyman by root
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28488]: + ??? root:rubyman
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579443 of user rubyman.
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28488]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579443.
Jun 23 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25830]: pam_unix(cron:session): session closed for user root
Jun 23 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28427]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Connection closed by 218.208.8.92 port 53945 [preauth]
Jun 23 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27560]: pam_unix(cron:session): session closed for user root
Jun 23 20:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28936]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28933]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28998]: Successful su for rubyman by root
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28998]: + ??? root:rubyman
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579447 of user rubyman.
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28998]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579447.
Jun 23 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26218]: pam_unix(cron:session): session closed for user root
Jun 23 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 23 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28934]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29164]: Failed password for root from 94.159.110.201 port 49548 ssh2
Jun 23 20:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29164]: Connection closed by 94.159.110.201 port 49548 [preauth]
Jun 23 20:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27976]: pam_unix(cron:session): session closed for user root
Jun 23 20:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167  user=root
Jun 23 20:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29342]: Failed password for root from 104.243.42.167 port 41770 ssh2
Jun 23 20:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29342]: Received disconnect from 104.243.42.167 port 41770:11: Bye Bye [preauth]
Jun 23 20:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29342]: Disconnected from 104.243.42.167 port 41770 [preauth]
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session closed for user root
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: Successful su for rubyman by root
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: + ??? root:rubyman
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579452 of user rubyman.
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579452.
Jun 23 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session closed for user root
Jun 23 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26615]: pam_unix(cron:session): session closed for user root
Jun 23 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28429]: pam_unix(cron:session): session closed for user root
Jun 23 20:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29893]: Failed password for root from 211.228.218.47 port 54152 ssh2
Jun 23 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29893]: Received disconnect from 211.228.218.47 port 54152:11: Bye Bye [preauth]
Jun 23 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29893]: Disconnected from 211.228.218.47 port 54152 [preauth]
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29925]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29991]: Successful su for rubyman by root
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29991]: + ??? root:rubyman
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579458 of user rubyman.
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29991]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579458.
Jun 23 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27100]: pam_unix(cron:session): session closed for user root
Jun 23 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29926]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28936]: pam_unix(cron:session): session closed for user root
Jun 23 20:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: Connection closed by 211.25.195.253 port 53181 [preauth]
Jun 23 20:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.243.42.167  user=root
Jun 23 20:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Failed password for root from 104.243.42.167 port 37412 ssh2
Jun 23 20:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Received disconnect from 104.243.42.167 port 37412:11: Bye Bye [preauth]
Jun 23 20:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Disconnected from 104.243.42.167 port 37412 [preauth]
Jun 23 20:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30358]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30415]: Successful su for rubyman by root
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30415]: + ??? root:rubyman
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579463 of user rubyman.
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30415]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579463.
Jun 23 20:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27559]: pam_unix(cron:session): session closed for user root
Jun 23 20:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30359]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30304]: Connection closed by 210.245.36.176 port 58358 [preauth]
Jun 23 20:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Connection closed by 211.25.195.253 port 50805 [preauth]
Jun 23 20:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session closed for user root
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30764]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30829]: Successful su for rubyman by root
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30829]: + ??? root:rubyman
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579466 of user rubyman.
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30829]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579466.
Jun 23 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27975]: pam_unix(cron:session): session closed for user root
Jun 23 20:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30765]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29928]: pam_unix(cron:session): session closed for user root
Jun 23 20:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31264]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31392]: Successful su for rubyman by root
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31392]: + ??? root:rubyman
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579469 of user rubyman.
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31392]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579469.
Jun 23 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31259]: pam_unix(cron:session): session closed for user root
Jun 23 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session closed for user root
Jun 23 20:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31265]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30361]: pam_unix(cron:session): session closed for user root
Jun 23 20:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Invalid user  from 210.245.36.176
Jun 23 20:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: input_userauth_request: invalid user  [preauth]
Jun 23 20:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Failed none for invalid user  from 210.245.36.176 port 51517 ssh2
Jun 23 20:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Connection closed by 210.245.36.176 port 51517 [preauth]
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31864]: pam_unix(cron:session): session closed for user root
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31859]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: Successful su for rubyman by root
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: + ??? root:rubyman
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579476 of user rubyman.
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579476.
Jun 23 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31861]: pam_unix(cron:session): session closed for user root
Jun 23 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28935]: pam_unix(cron:session): session closed for user root
Jun 23 20:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31860]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32160]: Connection closed by 210.245.36.176 port 65421 [preauth]
Jun 23 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30769]: pam_unix(cron:session): session closed for user root
Jun 23 20:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Invalid user user1 from 201.149.53.243
Jun 23 20:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: input_userauth_request: invalid user user1 [preauth]
Jun 23 20:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 20:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Failed password for invalid user user1 from 201.149.53.243 port 2941 ssh2
Jun 23 20:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Received disconnect from 201.149.53.243 port 2941:11: Bye Bye [preauth]
Jun 23 20:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Disconnected from 201.149.53.243 port 2941 [preauth]
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32305]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: Successful su for rubyman by root
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: + ??? root:rubyman
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579480 of user rubyman.
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579480.
Jun 23 20:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session closed for user root
Jun 23 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32306]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31267]: pam_unix(cron:session): session closed for user root
Jun 23 20:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Connection closed by 218.208.8.92 port 55454 [preauth]
Jun 23 20:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 20:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32714]: Failed password for root from 141.98.83.240 port 25194 ssh2
Jun 23 20:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 20:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32714]: Failed password for root from 141.98.83.240 port 25194 ssh2
Jun 23 20:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: Failed password for root from 202.178.126.219 port 9716 ssh2
Jun 23 20:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: Connection closed by 202.178.126.219 port 9716 [preauth]
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32714]: Failed password for root from 141.98.83.240 port 25194 ssh2
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32714]: Connection closed by 141.98.83.240 port 25194 [preauth]
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32714]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: Successful su for rubyman by root
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: + ??? root:rubyman
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579485 of user rubyman.
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579485.
Jun 23 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29927]: pam_unix(cron:session): session closed for user root
Jun 23 20:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32728]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Invalid user informix from 211.228.218.47
Jun 23 20:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: input_userauth_request: invalid user informix [preauth]
Jun 23 20:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 20:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Failed password for invalid user informix from 211.228.218.47 port 37434 ssh2
Jun 23 20:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Received disconnect from 211.228.218.47 port 37434:11: Bye Bye [preauth]
Jun 23 20:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Disconnected from 211.228.218.47 port 37434 [preauth]
Jun 23 20:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31863]: pam_unix(cron:session): session closed for user root
Jun 23 20:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: Invalid user linuxbrew from 201.149.53.243
Jun 23 20:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: input_userauth_request: invalid user linuxbrew [preauth]
Jun 23 20:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 20:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: Failed password for invalid user linuxbrew from 201.149.53.243 port 1648 ssh2
Jun 23 20:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: Received disconnect from 201.149.53.243 port 1648:11: Bye Bye [preauth]
Jun 23 20:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: Disconnected from 201.149.53.243 port 1648 [preauth]
Jun 23 20:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[832]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: Successful su for rubyman by root
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: + ??? root:rubyman
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579489 of user rubyman.
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579489.
Jun 23 20:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Failed password for root from 46.19.67.181 port 40424 ssh2
Jun 23 20:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Connection closed by 46.19.67.181 port 40424 [preauth]
Jun 23 20:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30360]: pam_unix(cron:session): session closed for user root
Jun 23 20:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[833]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Failed password for root from 103.27.238.120 port 41588 ssh2
Jun 23 20:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Connection closed by 103.27.238.120 port 41588 [preauth]
Jun 23 20:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32308]: pam_unix(cron:session): session closed for user root
Jun 23 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1297]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1375]: Successful su for rubyman by root
Jun 23 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1375]: + ??? root:rubyman
Jun 23 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579492 of user rubyman.
Jun 23 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1375]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579492.
Jun 23 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30768]: pam_unix(cron:session): session closed for user root
Jun 23 20:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1299]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Invalid user kevin from 201.149.53.243
Jun 23 20:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: input_userauth_request: invalid user kevin [preauth]
Jun 23 20:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 20:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Failed password for invalid user kevin from 201.149.53.243 port 7526 ssh2
Jun 23 20:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Received disconnect from 201.149.53.243 port 7526:11: Bye Bye [preauth]
Jun 23 20:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Disconnected from 201.149.53.243 port 7526 [preauth]
Jun 23 20:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: Invalid user delphi from 211.228.218.47
Jun 23 20:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: input_userauth_request: invalid user delphi [preauth]
Jun 23 20:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 20:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: Failed password for invalid user delphi from 211.228.218.47 port 34642 ssh2
Jun 23 20:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: Received disconnect from 211.228.218.47 port 34642:11: Bye Bye [preauth]
Jun 23 20:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: Disconnected from 211.228.218.47 port 34642 [preauth]
Jun 23 20:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32731]: pam_unix(cron:session): session closed for user root
Jun 23 20:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 20:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Failed password for root from 77.94.47.83 port 34220 ssh2
Jun 23 20:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Connection closed by 77.94.47.83 port 34220 [preauth]
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1853]: pam_unix(cron:session): session closed for user root
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1848]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1935]: Successful su for rubyman by root
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1935]: + ??? root:rubyman
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579498 of user rubyman.
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1935]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579498.
Jun 23 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1850]: pam_unix(cron:session): session closed for user root
Jun 23 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31266]: pam_unix(cron:session): session closed for user root
Jun 23 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1849]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[835]: pam_unix(cron:session): session closed for user root
Jun 23 20:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Invalid user nvidia from 201.149.53.243
Jun 23 20:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: input_userauth_request: invalid user nvidia [preauth]
Jun 23 20:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 20:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Failed password for invalid user nvidia from 201.149.53.243 port 6215 ssh2
Jun 23 20:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Received disconnect from 201.149.53.243 port 6215:11: Bye Bye [preauth]
Jun 23 20:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Disconnected from 201.149.53.243 port 6215 [preauth]
Jun 23 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2374]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: Successful su for rubyman by root
Jun 23 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: + ??? root:rubyman
Jun 23 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579502 of user rubyman.
Jun 23 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579502.
Jun 23 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 20:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31862]: pam_unix(cron:session): session closed for user root
Jun 23 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Failed password for root from 51.250.105.222 port 36708 ssh2
Jun 23 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Connection closed by 51.250.105.222 port 36708 [preauth]
Jun 23 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1301]: pam_unix(cron:session): session closed for user root
Jun 23 20:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 20:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Failed password for root from 211.228.218.47 port 38596 ssh2
Jun 23 20:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Received disconnect from 211.228.218.47 port 38596:11: Bye Bye [preauth]
Jun 23 20:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Disconnected from 211.228.218.47 port 38596 [preauth]
Jun 23 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2802]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: Successful su for rubyman by root
Jun 23 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: + ??? root:rubyman
Jun 23 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579506 of user rubyman.
Jun 23 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579506.
Jun 23 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32307]: pam_unix(cron:session): session closed for user root
Jun 23 20:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 20:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Failed password for root from 87.251.79.125 port 33366 ssh2
Jun 23 20:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Connection closed by 87.251.79.125 port 33366 [preauth]
Jun 23 20:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Invalid user informix from 201.149.53.243
Jun 23 20:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: input_userauth_request: invalid user informix [preauth]
Jun 23 20:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Failed password for invalid user informix from 201.149.53.243 port 4908 ssh2
Jun 23 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Received disconnect from 201.149.53.243 port 4908:11: Bye Bye [preauth]
Jun 23 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Disconnected from 201.149.53.243 port 4908 [preauth]
Jun 23 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1852]: pam_unix(cron:session): session closed for user root
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3262]: Successful su for rubyman by root
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3262]: + ??? root:rubyman
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579511 of user rubyman.
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3262]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579511.
Jun 23 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session closed for user root
Jun 23 20:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 20:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3437]: Failed password for root from 147.45.199.80 port 46574 ssh2
Jun 23 20:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3437]: Connection closed by 147.45.199.80 port 46574 [preauth]
Jun 23 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session closed for user root
Jun 23 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3605]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3666]: Successful su for rubyman by root
Jun 23 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3666]: + ??? root:rubyman
Jun 23 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579514 of user rubyman.
Jun 23 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3666]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579514.
Jun 23 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 20:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Failed password for root from 211.228.218.47 port 43550 ssh2
Jun 23 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Received disconnect from 211.228.218.47 port 43550:11: Bye Bye [preauth]
Jun 23 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Disconnected from 211.228.218.47 port 43550 [preauth]
Jun 23 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3680]: Failed password for root from 201.149.53.243 port 3609 ssh2
Jun 23 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3680]: Received disconnect from 201.149.53.243 port 3609:11: Bye Bye [preauth]
Jun 23 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3680]: Disconnected from 201.149.53.243 port 3609 [preauth]
Jun 23 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session closed for user root
Jun 23 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3606]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2805]: pam_unix(cron:session): session closed for user root
Jun 23 20:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 20:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: Failed password for root from 103.77.175.15 port 57894 ssh2
Jun 23 20:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: Connection closed by 103.77.175.15 port 57894 [preauth]
Jun 23 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session closed for user root
Jun 23 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4278]: Successful su for rubyman by root
Jun 23 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4278]: + ??? root:rubyman
Jun 23 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579521 of user rubyman.
Jun 23 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4278]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579521.
Jun 23 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session closed for user root
Jun 23 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1300]: pam_unix(cron:session): session closed for user root
Jun 23 20:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session closed for user root
Jun 23 20:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Invalid user test from 201.149.53.243
Jun 23 20:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: input_userauth_request: invalid user test [preauth]
Jun 23 20:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 20:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Failed password for invalid user test from 201.149.53.243 port 2300 ssh2
Jun 23 20:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Received disconnect from 201.149.53.243 port 2300:11: Bye Bye [preauth]
Jun 23 20:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Disconnected from 201.149.53.243 port 2300 [preauth]
Jun 23 20:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: Received disconnect from 172.245.225.106 port 35712:11: disconnected by user [preauth]
Jun 23 20:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: Disconnected from 172.245.225.106 port 35712 [preauth]
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4653]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4724]: Successful su for rubyman by root
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4724]: + ??? root:rubyman
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579525 of user rubyman.
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4724]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579525.
Jun 23 20:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1851]: pam_unix(cron:session): session closed for user root
Jun 23 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4654]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: Invalid user admin from 45.148.10.121
Jun 23 20:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: input_userauth_request: invalid user admin [preauth]
Jun 23 20:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 23 20:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: Failed password for invalid user admin from 45.148.10.121 port 37060 ssh2
Jun 23 20:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: Connection closed by 45.148.10.121 port 37060 [preauth]
Jun 23 20:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5051]: Invalid user nvidia from 211.228.218.47
Jun 23 20:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5051]: input_userauth_request: invalid user nvidia [preauth]
Jun 23 20:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5051]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 20:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5051]: Failed password for invalid user nvidia from 211.228.218.47 port 60318 ssh2
Jun 23 20:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5051]: Received disconnect from 211.228.218.47 port 60318:11: Bye Bye [preauth]
Jun 23 20:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5051]: Disconnected from 211.228.218.47 port 60318 [preauth]
Jun 23 20:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3608]: pam_unix(cron:session): session closed for user root
Jun 23 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5179]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5239]: Successful su for rubyman by root
Jun 23 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5239]: + ??? root:rubyman
Jun 23 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579528 of user rubyman.
Jun 23 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5239]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579528.
Jun 23 20:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session closed for user root
Jun 23 20:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5180]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 20:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: Failed password for root from 201.149.53.243 port 8136 ssh2
Jun 23 20:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: Received disconnect from 201.149.53.243 port 8136:11: Bye Bye [preauth]
Jun 23 20:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: Disconnected from 201.149.53.243 port 8136 [preauth]
Jun 23 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session closed for user root
Jun 23 20:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Failed password for root from 91.224.92.17 port 39558 ssh2
Jun 23 20:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Connection closed by 91.224.92.17 port 39558 [preauth]
Jun 23 20:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Invalid user DAT from 210.245.36.176
Jun 23 20:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: input_userauth_request: invalid user DAT [preauth]
Jun 23 20:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: Failed password for root from 91.224.92.17 port 49608 ssh2
Jun 23 20:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: Connection closed by 91.224.92.17 port 49608 [preauth]
Jun 23 20:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.245.36.176
Jun 23 20:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Failed password for invalid user DAT from 210.245.36.176 port 57230 ssh2
Jun 23 20:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Failed password for root from 91.224.92.17 port 49622 ssh2
Jun 23 20:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Connection closed by 91.224.92.17 port 49622 [preauth]
Jun 23 20:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Connection closed by 210.245.36.176 port 57230 [preauth]
Jun 23 20:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: Failed password for root from 91.224.92.17 port 24148 ssh2
Jun 23 20:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: Connection closed by 91.224.92.17 port 24148 [preauth]
Jun 23 20:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5656]: Successful su for rubyman by root
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5656]: + ??? root:rubyman
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579533 of user rubyman.
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5656]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579533.
Jun 23 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session closed for user root
Jun 23 20:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Failed password for root from 91.224.92.17 port 24160 ssh2
Jun 23 20:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Connection closed by 91.224.92.17 port 24160 [preauth]
Jun 23 20:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: Failed password for root from 91.224.92.17 port 12140 ssh2
Jun 23 20:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: Connection closed by 91.224.92.17 port 12140 [preauth]
Jun 23 20:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: Failed password for root from 91.224.92.17 port 12152 ssh2
Jun 23 20:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: Connection closed by 91.224.92.17 port 12152 [preauth]
Jun 23 20:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5687]: Connection closed by 118.69.69.189 port 53019 [preauth]
Jun 23 20:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: Failed password for root from 91.224.92.17 port 61248 ssh2
Jun 23 20:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: Connection closed by 91.224.92.17 port 61248 [preauth]
Jun 23 20:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: Failed password for root from 91.224.92.17 port 61260 ssh2
Jun 23 20:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: Connection closed by 91.224.92.17 port 61260 [preauth]
Jun 23 20:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Failed password for root from 91.224.92.17 port 25792 ssh2
Jun 23 20:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Invalid user habib from 211.228.218.47
Jun 23 20:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: input_userauth_request: invalid user habib [preauth]
Jun 23 20:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 20:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Connection closed by 91.224.92.17 port 25792 [preauth]
Jun 23 20:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Failed password for invalid user habib from 211.228.218.47 port 46812 ssh2
Jun 23 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4656]: pam_unix(cron:session): session closed for user root
Jun 23 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Received disconnect from 211.228.218.47 port 46812:11: Bye Bye [preauth]
Jun 23 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Disconnected from 211.228.218.47 port 46812 [preauth]
Jun 23 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: Failed password for root from 91.224.92.17 port 25800 ssh2
Jun 23 20:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: Connection closed by 91.224.92.17 port 25800 [preauth]
Jun 23 20:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: Failed password for root from 91.224.92.17 port 57970 ssh2
Jun 23 20:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: Connection closed by 91.224.92.17 port 57970 [preauth]
Jun 23 20:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Invalid user cc from 201.149.53.243
Jun 23 20:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: input_userauth_request: invalid user cc [preauth]
Jun 23 20:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 20:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: Failed password for root from 91.224.92.17 port 57976 ssh2
Jun 23 20:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: Connection closed by 91.224.92.17 port 57976 [preauth]
Jun 23 20:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Failed password for invalid user cc from 201.149.53.243 port 6825 ssh2
Jun 23 20:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Received disconnect from 201.149.53.243 port 6825:11: Bye Bye [preauth]
Jun 23 20:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Disconnected from 201.149.53.243 port 6825 [preauth]
Jun 23 20:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Failed password for root from 91.224.92.17 port 8852 ssh2
Jun 23 20:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Connection closed by 91.224.92.17 port 8852 [preauth]
Jun 23 20:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: Failed password for root from 91.224.92.17 port 8866 ssh2
Jun 23 20:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: Connection closed by 91.224.92.17 port 8866 [preauth]
Jun 23 20:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 20:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: Failed password for root from 147.45.211.215 port 40028 ssh2
Jun 23 20:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: Connection closed by 147.45.211.215 port 40028 [preauth]
Jun 23 20:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: Failed password for root from 91.224.92.17 port 23796 ssh2
Jun 23 20:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: Connection closed by 91.224.92.17 port 23796 [preauth]
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6014]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: Successful su for rubyman by root
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: + ??? root:rubyman
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579536 of user rubyman.
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579536.
Jun 23 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3196]: pam_unix(cron:session): session closed for user root
Jun 23 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Failed password for root from 91.224.92.17 port 23806 ssh2
Jun 23 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Connection closed by 91.224.92.17 port 23806 [preauth]
Jun 23 20:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6015]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Failed password for root from 91.224.92.17 port 45620 ssh2
Jun 23 20:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Connection closed by 91.224.92.17 port 45620 [preauth]
Jun 23 20:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Failed password for root from 91.224.92.17 port 45628 ssh2
Jun 23 20:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Connection closed by 91.224.92.17 port 45628 [preauth]
Jun 23 20:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6291]: Failed password for root from 91.224.92.17 port 32668 ssh2
Jun 23 20:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6291]: Connection closed by 91.224.92.17 port 32668 [preauth]
Jun 23 20:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Failed password for root from 91.224.92.17 port 32680 ssh2
Jun 23 20:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Connection closed by 91.224.92.17 port 32680 [preauth]
Jun 23 20:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Failed password for root from 91.224.92.17 port 59336 ssh2
Jun 23 20:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Connection closed by 91.224.92.17 port 59336 [preauth]
Jun 23 20:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5182]: pam_unix(cron:session): session closed for user root
Jun 23 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: Failed password for root from 91.224.92.17 port 59344 ssh2
Jun 23 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: Connection closed by 91.224.92.17 port 59344 [preauth]
Jun 23 20:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Failed password for root from 91.224.92.17 port 59806 ssh2
Jun 23 20:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Connection closed by 91.224.92.17 port 59806 [preauth]
Jun 23 20:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Failed password for root from 91.224.92.17 port 59808 ssh2
Jun 23 20:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Connection closed by 91.224.92.17 port 59808 [preauth]
Jun 23 20:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: Failed password for root from 91.224.92.17 port 10474 ssh2
Jun 23 20:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: Connection closed by 91.224.92.17 port 10474 [preauth]
Jun 23 20:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Failed password for root from 91.224.92.17 port 10486 ssh2
Jun 23 20:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Connection closed by 91.224.92.17 port 10486 [preauth]
Jun 23 20:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Failed password for root from 91.224.92.17 port 58154 ssh2
Jun 23 20:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Connection closed by 91.224.92.17 port 58154 [preauth]
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6442]: pam_unix(cron:session): session closed for user root
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6437]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6508]: Successful su for rubyman by root
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6508]: + ??? root:rubyman
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579540 of user rubyman.
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6508]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579540.
Jun 23 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6439]: pam_unix(cron:session): session closed for user root
Jun 23 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3607]: pam_unix(cron:session): session closed for user root
Jun 23 20:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: Failed password for root from 91.224.92.17 port 58156 ssh2
Jun 23 20:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: Connection closed by 91.224.92.17 port 58156 [preauth]
Jun 23 20:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: Failed password for root from 91.224.92.17 port 42310 ssh2
Jun 23 20:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: Connection closed by 91.224.92.17 port 42310 [preauth]
Jun 23 20:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Failed password for root from 91.224.92.17 port 42318 ssh2
Jun 23 20:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Connection closed by 91.224.92.17 port 42318 [preauth]
Jun 23 20:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: Failed password for root from 91.224.92.17 port 49364 ssh2
Jun 23 20:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6756]: Connection closed by 91.224.92.17 port 49364 [preauth]
Jun 23 20:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Failed password for root from 91.224.92.17 port 49368 ssh2
Jun 23 20:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Connection closed by 91.224.92.17 port 49368 [preauth]
Jun 23 20:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 20:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Failed password for root from 201.149.53.243 port 5520 ssh2
Jun 23 20:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Received disconnect from 201.149.53.243 port 5520:11: Bye Bye [preauth]
Jun 23 20:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Disconnected from 201.149.53.243 port 5520 [preauth]
Jun 23 20:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Failed password for root from 91.224.92.17 port 46578 ssh2
Jun 23 20:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Connection closed by 91.224.92.17 port 46578 [preauth]
Jun 23 20:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session closed for user root
Jun 23 20:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: Failed password for root from 91.224.92.17 port 46588 ssh2
Jun 23 20:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: Connection closed by 91.224.92.17 port 46588 [preauth]
Jun 23 20:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Failed password for root from 91.224.92.17 port 19528 ssh2
Jun 23 20:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Connection closed by 91.224.92.17 port 19528 [preauth]
Jun 23 20:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Failed password for root from 91.224.92.17 port 19556 ssh2
Jun 23 20:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Connection closed by 91.224.92.17 port 19556 [preauth]
Jun 23 20:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: Failed password for root from 211.228.218.47 port 59352 ssh2
Jun 23 20:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: Received disconnect from 211.228.218.47 port 59352:11: Bye Bye [preauth]
Jun 23 20:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: Disconnected from 211.228.218.47 port 59352 [preauth]
Jun 23 20:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: Failed password for root from 91.224.92.17 port 60110 ssh2
Jun 23 20:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: Connection closed by 91.224.92.17 port 60110 [preauth]
Jun 23 20:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: Failed password for root from 91.224.92.17 port 60122 ssh2
Jun 23 20:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: Connection closed by 91.224.92.17 port 60122 [preauth]
Jun 23 20:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: Failed password for root from 91.224.92.17 port 30748 ssh2
Jun 23 20:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 23 20:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.156.20.136
Jun 23 20:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: Connection closed by 91.224.92.17 port 30748 [preauth]
Jun 23 20:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6937]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7037]: Successful su for rubyman by root
Jun 23 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7037]: + ??? root:rubyman
Jun 23 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579546 of user rubyman.
Jun 23 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7037]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579546.
Jun 23 20:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session closed for user root
Jun 23 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: Failed password for root from 91.224.92.17 port 30762 ssh2
Jun 23 20:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: Connection closed by 91.224.92.17 port 30762 [preauth]
Jun 23 20:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6938]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: Failed password for root from 91.224.92.17 port 15702 ssh2
Jun 23 20:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: Connection closed by 91.224.92.17 port 15702 [preauth]
Jun 23 20:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Failed password for root from 91.224.92.17 port 15708 ssh2
Jun 23 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Connection closed by 91.224.92.17 port 15708 [preauth]
Jun 23 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Failed password for root from 91.224.92.17 port 50044 ssh2
Jun 23 20:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Connection closed by 91.224.92.17 port 50044 [preauth]
Jun 23 20:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Failed password for root from 91.224.92.17 port 50054 ssh2
Jun 23 20:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Connection closed by 91.224.92.17 port 50054 [preauth]
Jun 23 20:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Failed password for root from 91.224.92.17 port 2414 ssh2
Jun 23 20:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Connection closed by 91.224.92.17 port 2414 [preauth]
Jun 23 20:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6017]: pam_unix(cron:session): session closed for user root
Jun 23 20:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: Failed password for root from 91.224.92.17 port 2422 ssh2
Jun 23 20:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: Connection closed by 91.224.92.17 port 2422 [preauth]
Jun 23 20:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Failed password for root from 91.224.92.17 port 45638 ssh2
Jun 23 20:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Connection closed by 91.224.92.17 port 45638 [preauth]
Jun 23 20:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: Failed password for root from 91.224.92.17 port 45654 ssh2
Jun 23 20:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: Connection closed by 91.224.92.17 port 45654 [preauth]
Jun 23 20:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Failed password for root from 91.224.92.17 port 39316 ssh2
Jun 23 20:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Connection closed by 91.224.92.17 port 39316 [preauth]
Jun 23 20:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Failed password for root from 91.224.92.17 port 39322 ssh2
Jun 23 20:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Connection closed by 91.224.92.17 port 39322 [preauth]
Jun 23 20:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Failed password for root from 91.224.92.17 port 55866 ssh2
Jun 23 20:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Connection closed by 91.224.92.17 port 55866 [preauth]
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7459]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7518]: Successful su for rubyman by root
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7518]: + ??? root:rubyman
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579552 of user rubyman.
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7518]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579552.
Jun 23 20:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4655]: pam_unix(cron:session): session closed for user root
Jun 23 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Failed password for root from 91.224.92.17 port 55880 ssh2
Jun 23 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Connection closed by 91.224.92.17 port 55880 [preauth]
Jun 23 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7460]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: Invalid user jenkins from 201.149.53.243
Jun 23 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 20:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: Failed password for invalid user jenkins from 201.149.53.243 port 4221 ssh2
Jun 23 20:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: Received disconnect from 201.149.53.243 port 4221:11: Bye Bye [preauth]
Jun 23 20:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: Disconnected from 201.149.53.243 port 4221 [preauth]
Jun 23 20:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Failed password for root from 91.224.92.17 port 63868 ssh2
Jun 23 20:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Connection closed by 91.224.92.17 port 63868 [preauth]
Jun 23 20:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Failed password for root from 91.224.92.17 port 63890 ssh2
Jun 23 20:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Connection closed by 91.224.92.17 port 63890 [preauth]
Jun 23 20:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: Failed password for root from 91.224.92.17 port 62394 ssh2
Jun 23 20:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: Connection closed by 91.224.92.17 port 62394 [preauth]
Jun 23 20:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Failed password for root from 91.224.92.17 port 62402 ssh2
Jun 23 20:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Connection closed by 91.224.92.17 port 62402 [preauth]
Jun 23 20:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Failed password for root from 91.224.92.17 port 12900 ssh2
Jun 23 20:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Connection closed by 91.224.92.17 port 12900 [preauth]
Jun 23 20:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session closed for user root
Jun 23 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: Failed password for root from 91.224.92.17 port 12914 ssh2
Jun 23 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.40.156.247  user=root
Jun 23 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: Connection closed by 91.224.92.17 port 12914 [preauth]
Jun 23 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Failed password for root from 110.40.156.247 port 38158 ssh2
Jun 23 20:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Failed password for root from 91.224.92.17 port 43316 ssh2
Jun 23 20:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Connection closed by 91.224.92.17 port 43316 [preauth]
Jun 23 20:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Failed password for root from 91.224.92.17 port 43320 ssh2
Jun 23 20:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Connection closed by 91.224.92.17 port 43320 [preauth]
Jun 23 20:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7944]: Failed password for root from 91.224.92.17 port 33764 ssh2
Jun 23 20:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7944]: Connection closed by 91.224.92.17 port 33764 [preauth]
Jun 23 20:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 20:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Failed password for root from 103.82.132.16 port 33260 ssh2
Jun 23 20:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Connection closed by 103.82.132.16 port 33260 [preauth]
Jun 23 20:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Failed password for root from 91.224.92.17 port 33772 ssh2
Jun 23 20:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Connection closed by 91.224.92.17 port 33772 [preauth]
Jun 23 20:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7978]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Failed password for root from 91.224.92.17 port 31856 ssh2
Jun 23 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8039]: Successful su for rubyman by root
Jun 23 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8039]: + ??? root:rubyman
Jun 23 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579554 of user rubyman.
Jun 23 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8039]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579554.
Jun 23 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Connection closed by 91.224.92.17 port 31856 [preauth]
Jun 23 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5181]: pam_unix(cron:session): session closed for user root
Jun 23 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7979]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: Failed password for root from 91.224.92.17 port 31862 ssh2
Jun 23 20:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: Connection closed by 91.224.92.17 port 31862 [preauth]
Jun 23 20:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 20:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8225]: Failed password for root from 211.228.218.47 port 45744 ssh2
Jun 23 20:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8225]: Received disconnect from 211.228.218.47 port 45744:11: Bye Bye [preauth]
Jun 23 20:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8225]: Disconnected from 211.228.218.47 port 45744 [preauth]
Jun 23 20:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8227]: Failed password for root from 91.224.92.17 port 40690 ssh2
Jun 23 20:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8227]: Connection closed by 91.224.92.17 port 40690 [preauth]
Jun 23 20:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Failed password for root from 91.224.92.17 port 40694 ssh2
Jun 23 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Connection closed by 91.224.92.17 port 40694 [preauth]
Jun 23 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: Failed password for root from 91.224.92.17 port 38718 ssh2
Jun 23 20:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: Connection closed by 91.224.92.17 port 38718 [preauth]
Jun 23 20:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Failed password for root from 91.224.92.17 port 38724 ssh2
Jun 23 20:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Connection closed by 91.224.92.17 port 38724 [preauth]
Jun 23 20:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: Failed password for root from 91.224.92.17 port 7134 ssh2
Jun 23 20:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: Connection closed by 91.224.92.17 port 7134 [preauth]
Jun 23 20:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 20:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6945]: pam_unix(cron:session): session closed for user root
Jun 23 20:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: Failed password for root from 193.46.255.86 port 25992 ssh2
Jun 23 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: Failed password for root from 91.224.92.17 port 7136 ssh2
Jun 23 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: Connection closed by 91.224.92.17 port 7136 [preauth]
Jun 23 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: Failed password for root from 193.46.255.86 port 25992 ssh2
Jun 23 20:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: Failed password for root from 193.46.255.86 port 25992 ssh2
Jun 23 20:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: Connection closed by 193.46.255.86 port 25992 [preauth]
Jun 23 20:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8295]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 20:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Failed password for root from 91.224.92.17 port 9164 ssh2
Jun 23 20:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Connection closed by 91.224.92.17 port 9164 [preauth]
Jun 23 20:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Failed password for root from 91.224.92.17 port 9174 ssh2
Jun 23 20:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Connection closed by 91.224.92.17 port 9174 [preauth]
Jun 23 20:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Invalid user odoo from 201.149.53.243
Jun 23 20:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: input_userauth_request: invalid user odoo [preauth]
Jun 23 20:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 20:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 20:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Failed password for invalid user odoo from 201.149.53.243 port 2930 ssh2
Jun 23 20:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Received disconnect from 201.149.53.243 port 2930:11: Bye Bye [preauth]
Jun 23 20:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Disconnected from 201.149.53.243 port 2930 [preauth]
Jun 23 20:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8362]: Failed password for root from 91.224.92.17 port 21528 ssh2
Jun 23 20:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8362]: Connection closed by 91.224.92.17 port 21528 [preauth]
Jun 23 20:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.92.17  user=root
Jun 23 20:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: Failed password for root from 91.224.92.17 port 21542 ssh2
Jun 23 20:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: Connection closed by 91.224.92.17 port 21542 [preauth]
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8396]: pam_unix(cron:session): session closed for user p13x
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8459]: Successful su for rubyman by root
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8459]: + ??? root:rubyman
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579559 of user rubyman.
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8459]: pam_unix(su:session): session closed for user rubyman
Jun 23 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579559.
Jun 23 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session closed for user root
Jun 23 20:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8397]: pam_unix(cron:session): session closed for user samftp
Jun 23 20:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 20:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8676]: Failed password for root from 103.172.78.219 port 37208 ssh2
Jun 23 20:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8676]: Connection closed by 103.172.78.219 port 37208 [preauth]
Jun 23 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session closed for user root
Jun 23 20:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 20:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 20:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8785]: Failed password for root from 103.176.20.57 port 59280 ssh2
Jun 23 20:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8785]: Connection closed by 103.176.20.57 port 59280 [preauth]
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session closed for user root
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8798]: pam_unix(cron:session): session closed for user root
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8796]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8888]: Successful su for rubyman by root
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8888]: + ??? root:rubyman
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579566 of user rubyman.
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8888]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579566.
Jun 23 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8799]: pam_unix(cron:session): session closed for user root
Jun 23 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session closed for user root
Jun 23 21:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8797]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: Failed password for root from 201.149.53.243 port 1619 ssh2
Jun 23 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: Received disconnect from 201.149.53.243 port 1619:11: Bye Bye [preauth]
Jun 23 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: Disconnected from 201.149.53.243 port 1619 [preauth]
Jun 23 21:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 21:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9170]: Failed password for root from 211.228.218.47 port 51174 ssh2
Jun 23 21:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9170]: Received disconnect from 211.228.218.47 port 51174:11: Bye Bye [preauth]
Jun 23 21:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9170]: Disconnected from 211.228.218.47 port 51174 [preauth]
Jun 23 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7981]: pam_unix(cron:session): session closed for user root
Jun 23 21:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9296]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9370]: Successful su for rubyman by root
Jun 23 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9370]: + ??? root:rubyman
Jun 23 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579571 of user rubyman.
Jun 23 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9370]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579571.
Jun 23 21:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session closed for user root
Jun 23 21:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9574]: Received disconnect from 82.64.200.144 port 36394:11: disconnected by user [preauth]
Jun 23 21:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9574]: Disconnected from 82.64.200.144 port 36394 [preauth]
Jun 23 21:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Connection closed by 118.69.233.167 port 56207 [preauth]
Jun 23 21:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8400]: pam_unix(cron:session): session closed for user root
Jun 23 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Invalid user jenkins from 201.149.53.243
Jun 23 21:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 21:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 21:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Failed password for invalid user jenkins from 201.149.53.243 port 7463 ssh2
Jun 23 21:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Received disconnect from 201.149.53.243 port 7463:11: Bye Bye [preauth]
Jun 23 21:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Disconnected from 201.149.53.243 port 7463 [preauth]
Jun 23 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9705]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9764]: Successful su for rubyman by root
Jun 23 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9764]: + ??? root:rubyman
Jun 23 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579573 of user rubyman.
Jun 23 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9764]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579573.
Jun 23 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6940]: pam_unix(cron:session): session closed for user root
Jun 23 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9706]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8802]: pam_unix(cron:session): session closed for user root
Jun 23 21:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: Invalid user test from 211.228.218.47
Jun 23 21:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: input_userauth_request: invalid user test [preauth]
Jun 23 21:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: Failed password for invalid user test from 211.228.218.47 port 40796 ssh2
Jun 23 21:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: Received disconnect from 211.228.218.47 port 40796:11: Bye Bye [preauth]
Jun 23 21:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: Disconnected from 211.228.218.47 port 40796 [preauth]
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10370]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10431]: Successful su for rubyman by root
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10431]: + ??? root:rubyman
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579577 of user rubyman.
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10431]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579577.
Jun 23 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7461]: pam_unix(cron:session): session closed for user root
Jun 23 21:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10371]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 21:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Failed password for root from 201.149.53.243 port 6142 ssh2
Jun 23 21:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Received disconnect from 201.149.53.243 port 6142:11: Bye Bye [preauth]
Jun 23 21:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Disconnected from 201.149.53.243 port 6142 [preauth]
Jun 23 21:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9300]: pam_unix(cron:session): session closed for user root
Jun 23 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10851]: Successful su for rubyman by root
Jun 23 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10851]: + ??? root:rubyman
Jun 23 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579582 of user rubyman.
Jun 23 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10851]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579582.
Jun 23 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7980]: pam_unix(cron:session): session closed for user root
Jun 23 21:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9708]: pam_unix(cron:session): session closed for user root
Jun 23 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11210]: pam_unix(cron:session): session closed for user root
Jun 23 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11277]: Successful su for rubyman by root
Jun 23 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11277]: + ??? root:rubyman
Jun 23 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579588 of user rubyman.
Jun 23 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11277]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579588.
Jun 23 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session closed for user root
Jun 23 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8399]: pam_unix(cron:session): session closed for user root
Jun 23 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: Invalid user user1 from 211.228.218.47
Jun 23 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: input_userauth_request: invalid user user1 [preauth]
Jun 23 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 21:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: Failed password for invalid user user1 from 211.228.218.47 port 49768 ssh2
Jun 23 21:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: Received disconnect from 211.228.218.47 port 49768:11: Bye Bye [preauth]
Jun 23 21:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: Disconnected from 211.228.218.47 port 49768 [preauth]
Jun 23 21:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: Failed password for root from 201.149.53.243 port 4815 ssh2
Jun 23 21:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: Received disconnect from 201.149.53.243 port 4815:11: Bye Bye [preauth]
Jun 23 21:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11473]: Disconnected from 201.149.53.243 port 4815 [preauth]
Jun 23 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10373]: pam_unix(cron:session): session closed for user root
Jun 23 21:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11652]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11722]: Successful su for rubyman by root
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11722]: + ??? root:rubyman
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579591 of user rubyman.
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11722]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579591.
Jun 23 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8801]: pam_unix(cron:session): session closed for user root
Jun 23 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session closed for user root
Jun 23 21:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Connection reset by 45.148.10.157 port 49586 [preauth]
Jun 23 21:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 21:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Failed password for root from 201.149.53.243 port 3512 ssh2
Jun 23 21:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Received disconnect from 201.149.53.243 port 3512:11: Bye Bye [preauth]
Jun 23 21:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Disconnected from 201.149.53.243 port 3512 [preauth]
Jun 23 21:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: Connection reset by 198.235.24.233 port 65438 [preauth]
Jun 23 21:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 21:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Failed password for root from 202.178.126.219 port 31565 ssh2
Jun 23 21:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Connection closed by 202.178.126.219 port 31565 [preauth]
Jun 23 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12118]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: Successful su for rubyman by root
Jun 23 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: + ??? root:rubyman
Jun 23 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579595 of user rubyman.
Jun 23 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579595.
Jun 23 21:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9299]: pam_unix(cron:session): session closed for user root
Jun 23 21:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Received disconnect from 198.199.106.159 port 56828:11: disconnected by user [preauth]
Jun 23 21:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Disconnected from 198.199.106.159 port 56828 [preauth]
Jun 23 21:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12119]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Invalid user habib from 110.40.156.247
Jun 23 21:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: input_userauth_request: invalid user habib [preauth]
Jun 23 21:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.40.156.247
Jun 23 21:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Failed password for invalid user habib from 110.40.156.247 port 57218 ssh2
Jun 23 21:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Received disconnect from 110.40.156.247 port 57218:11: Bye Bye [preauth]
Jun 23 21:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Disconnected from 110.40.156.247 port 57218 [preauth]
Jun 23 21:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Invalid user linuxbrew from 211.228.218.47
Jun 23 21:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: input_userauth_request: invalid user linuxbrew [preauth]
Jun 23 21:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Failed password for invalid user linuxbrew from 211.228.218.47 port 38734 ssh2
Jun 23 21:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Received disconnect from 211.228.218.47 port 38734:11: Bye Bye [preauth]
Jun 23 21:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Disconnected from 211.228.218.47 port 38734 [preauth]
Jun 23 21:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session closed for user root
Jun 23 21:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12655]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12717]: Successful su for rubyman by root
Jun 23 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12717]: + ??? root:rubyman
Jun 23 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579599 of user rubyman.
Jun 23 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12717]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579599.
Jun 23 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9707]: pam_unix(cron:session): session closed for user root
Jun 23 21:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12656]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 21:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Failed password for root from 201.149.53.243 port 2211 ssh2
Jun 23 21:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Received disconnect from 201.149.53.243 port 2211:11: Bye Bye [preauth]
Jun 23 21:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Disconnected from 201.149.53.243 port 2211 [preauth]
Jun 23 21:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session closed for user root
Jun 23 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13067]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13196]: Successful su for rubyman by root
Jun 23 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13196]: + ??? root:rubyman
Jun 23 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579604 of user rubyman.
Jun 23 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13196]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579604.
Jun 23 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session closed for user root
Jun 23 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10372]: pam_unix(cron:session): session closed for user root
Jun 23 21:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13068]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13477]: Invalid user jenkins from 211.228.218.47
Jun 23 21:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13477]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 21:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13477]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13477]: Failed password for invalid user jenkins from 211.228.218.47 port 44704 ssh2
Jun 23 21:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13477]: Received disconnect from 211.228.218.47 port 44704:11: Bye Bye [preauth]
Jun 23 21:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13477]: Disconnected from 211.228.218.47 port 44704 [preauth]
Jun 23 21:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12121]: pam_unix(cron:session): session closed for user root
Jun 23 21:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Invalid user delphi from 201.149.53.243
Jun 23 21:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: input_userauth_request: invalid user delphi [preauth]
Jun 23 21:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 21:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Failed password for invalid user delphi from 201.149.53.243 port 8053 ssh2
Jun 23 21:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Received disconnect from 201.149.53.243 port 8053:11: Bye Bye [preauth]
Jun 23 21:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Disconnected from 201.149.53.243 port 8053 [preauth]
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13573]: pam_unix(cron:session): session closed for user root
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13567]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13637]: Successful su for rubyman by root
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13637]: + ??? root:rubyman
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579613 of user rubyman.
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13637]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579613.
Jun 23 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13569]: pam_unix(cron:session): session closed for user root
Jun 23 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10789]: pam_unix(cron:session): session closed for user root
Jun 23 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13568]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 21:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Failed password for root from 193.37.70.224 port 40210 ssh2
Jun 23 21:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Connection closed by 193.37.70.224 port 40210 [preauth]
Jun 23 21:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 21:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13869]: Failed password for root from 103.27.238.114 port 36636 ssh2
Jun 23 21:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13869]: Connection closed by 103.27.238.114 port 36636 [preauth]
Jun 23 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Invalid user brylee from 2.57.121.112
Jun 23 21:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: input_userauth_request: invalid user brylee [preauth]
Jun 23 21:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 21:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user brylee from 2.57.121.112 port 17028 ssh2
Jun 23 21:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user brylee from 2.57.121.112 port 17028 ssh2
Jun 23 21:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user brylee from 2.57.121.112 port 17028 ssh2
Jun 23 21:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user brylee from 2.57.121.112 port 17028 ssh2
Jun 23 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user brylee from 2.57.121.112 port 17028 ssh2
Jun 23 21:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Connection closed by 2.57.121.112 port 17028 [preauth]
Jun 23 21:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 21:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 21:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12658]: pam_unix(cron:session): session closed for user root
Jun 23 21:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13930]: Received disconnect from 176.65.131.188 port 59692:11: disconnected by user [preauth]
Jun 23 21:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13930]: Disconnected from 176.65.131.188 port 59692 [preauth]
Jun 23 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14023]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14089]: Successful su for rubyman by root
Jun 23 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14089]: + ??? root:rubyman
Jun 23 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579614 of user rubyman.
Jun 23 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14089]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579614.
Jun 23 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session closed for user root
Jun 23 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Invalid user andrey from 141.98.83.240
Jun 23 21:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: input_userauth_request: invalid user andrey [preauth]
Jun 23 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 21:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Failed password for invalid user andrey from 141.98.83.240 port 34736 ssh2
Jun 23 21:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Failed password for invalid user andrey from 141.98.83.240 port 34736 ssh2
Jun 23 21:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Failed password for invalid user andrey from 141.98.83.240 port 34736 ssh2
Jun 23 21:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Connection closed by 141.98.83.240 port 34736 [preauth]
Jun 23 21:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 21:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 21:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14319]: Failed password for root from 38.93.206.2 port 46988 ssh2
Jun 23 21:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14319]: Connection closed by 38.93.206.2 port 46988 [preauth]
Jun 23 21:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13070]: pam_unix(cron:session): session closed for user root
Jun 23 21:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Invalid user visitor from 201.149.53.243
Jun 23 21:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: input_userauth_request: invalid user visitor [preauth]
Jun 23 21:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 21:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Did not receive identification string from 87.236.176.74
Jun 23 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Failed password for invalid user visitor from 201.149.53.243 port 6742 ssh2
Jun 23 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Received disconnect from 201.149.53.243 port 6742:11: Bye Bye [preauth]
Jun 23 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Disconnected from 201.149.53.243 port 6742 [preauth]
Jun 23 21:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: Connection closed by 87.236.176.74 port 59085 [preauth]
Jun 23 21:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: Invalid user admin from 2.57.121.25
Jun 23 21:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: input_userauth_request: invalid user admin [preauth]
Jun 23 21:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 21:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: Failed password for invalid user admin from 2.57.121.25 port 45656 ssh2
Jun 23 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 21:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: Failed password for invalid user admin from 2.57.121.25 port 45656 ssh2
Jun 23 21:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Failed password for root from 211.228.218.47 port 51706 ssh2
Jun 23 21:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Received disconnect from 211.228.218.47 port 51706:11: Bye Bye [preauth]
Jun 23 21:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Disconnected from 211.228.218.47 port 51706 [preauth]
Jun 23 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: Failed password for invalid user admin from 2.57.121.25 port 45656 ssh2
Jun 23 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: Connection closed by 2.57.121.25 port 45656 [preauth]
Jun 23 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14422]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14486]: Successful su for rubyman by root
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14486]: + ??? root:rubyman
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579618 of user rubyman.
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14486]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579618.
Jun 23 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session closed for user root
Jun 23 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14423]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session closed for user root
Jun 23 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14902]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14965]: Successful su for rubyman by root
Jun 23 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14965]: + ??? root:rubyman
Jun 23 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579622 of user rubyman.
Jun 23 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14965]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579622.
Jun 23 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12120]: pam_unix(cron:session): session closed for user root
Jun 23 21:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14903]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: Invalid user mminchenok from 201.149.53.243
Jun 23 21:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: input_userauth_request: invalid user mminchenok [preauth]
Jun 23 21:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 21:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: Failed password for invalid user mminchenok from 201.149.53.243 port 5449 ssh2
Jun 23 21:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: Received disconnect from 201.149.53.243 port 5449:11: Bye Bye [preauth]
Jun 23 21:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: Disconnected from 201.149.53.243 port 5449 [preauth]
Jun 23 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session closed for user root
Jun 23 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Invalid user idempiere from 211.228.218.47
Jun 23 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: input_userauth_request: invalid user idempiere [preauth]
Jun 23 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15372]: Successful su for rubyman by root
Jun 23 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15372]: + ??? root:rubyman
Jun 23 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579626 of user rubyman.
Jun 23 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15372]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579626.
Jun 23 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Failed password for invalid user idempiere from 211.228.218.47 port 43526 ssh2
Jun 23 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Received disconnect from 211.228.218.47 port 43526:11: Bye Bye [preauth]
Jun 23 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Disconnected from 211.228.218.47 port 43526 [preauth]
Jun 23 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12657]: pam_unix(cron:session): session closed for user root
Jun 23 21:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14425]: pam_unix(cron:session): session closed for user root
Jun 23 21:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Invalid user habib from 201.149.53.243
Jun 23 21:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: input_userauth_request: invalid user habib [preauth]
Jun 23 21:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 21:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Failed password for invalid user habib from 201.149.53.243 port 4138 ssh2
Jun 23 21:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Received disconnect from 201.149.53.243 port 4138:11: Bye Bye [preauth]
Jun 23 21:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Disconnected from 201.149.53.243 port 4138 [preauth]
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15703]: pam_unix(cron:session): session closed for user root
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15770]: Successful su for rubyman by root
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15770]: + ??? root:rubyman
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579634 of user rubyman.
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15770]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579634.
Jun 23 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session closed for user root
Jun 23 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13069]: pam_unix(cron:session): session closed for user root
Jun 23 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15699]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14905]: pam_unix(cron:session): session closed for user root
Jun 23 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 21:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Received disconnect from 104.194.9.81 port 33888:11: disconnected by user [preauth]
Jun 23 21:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Disconnected from 104.194.9.81 port 33888 [preauth]
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16113]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16180]: Successful su for rubyman by root
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16180]: + ??? root:rubyman
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579638 of user rubyman.
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16180]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579638.
Jun 23 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13570]: pam_unix(cron:session): session closed for user root
Jun 23 21:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16114]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 21:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Failed password for root from 211.228.218.47 port 58112 ssh2
Jun 23 21:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Received disconnect from 211.228.218.47 port 58112:11: Bye Bye [preauth]
Jun 23 21:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Disconnected from 211.228.218.47 port 58112 [preauth]
Jun 23 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 21:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Failed password for root from 201.149.53.243 port 2813 ssh2
Jun 23 21:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Received disconnect from 201.149.53.243 port 2813:11: Bye Bye [preauth]
Jun 23 21:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Disconnected from 201.149.53.243 port 2813 [preauth]
Jun 23 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15317]: pam_unix(cron:session): session closed for user root
Jun 23 21:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Connection closed by 210.245.36.176 port 30784 [preauth]
Jun 23 21:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16528]: pam_unix(cron:session): session closed for user root
Jun 23 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16592]: Successful su for rubyman by root
Jun 23 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16592]: + ??? root:rubyman
Jun 23 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579640 of user rubyman.
Jun 23 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16592]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579640.
Jun 23 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16519]: Failed password for root from 109.237.96.109 port 51740 ssh2
Jun 23 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16519]: Connection closed by 109.237.96.109 port 51740 [preauth]
Jun 23 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14025]: pam_unix(cron:session): session closed for user root
Jun 23 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16531]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Failed password for root from 194.113.233.25 port 39938 ssh2
Jun 23 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Connection closed by 194.113.233.25 port 39938 [preauth]
Jun 23 21:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session closed for user root
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17090]: Successful su for rubyman by root
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17090]: + ??? root:rubyman
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579647 of user rubyman.
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17090]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579647.
Jun 23 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Failed password for root from 201.149.53.243 port 1486 ssh2
Jun 23 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Received disconnect from 201.149.53.243 port 1486:11: Bye Bye [preauth]
Jun 23 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Disconnected from 201.149.53.243 port 1486 [preauth]
Jun 23 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14424]: pam_unix(cron:session): session closed for user root
Jun 23 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16116]: pam_unix(cron:session): session closed for user root
Jun 23 21:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Invalid user visitor from 211.228.218.47
Jun 23 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: input_userauth_request: invalid user visitor [preauth]
Jun 23 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Failed password for invalid user visitor from 211.228.218.47 port 59394 ssh2
Jun 23 21:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Received disconnect from 211.228.218.47 port 59394:11: Bye Bye [preauth]
Jun 23 21:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Disconnected from 211.228.218.47 port 59394 [preauth]
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17432]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17497]: Successful su for rubyman by root
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17497]: + ??? root:rubyman
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579650 of user rubyman.
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17497]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579650.
Jun 23 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14904]: pam_unix(cron:session): session closed for user root
Jun 23 21:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17433]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: Failed password for root from 103.82.20.28 port 48410 ssh2
Jun 23 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: Connection closed by 103.82.20.28 port 48410 [preauth]
Jun 23 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16533]: pam_unix(cron:session): session closed for user root
Jun 23 21:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 21:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: Failed password for root from 201.149.53.243 port 7344 ssh2
Jun 23 21:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: Received disconnect from 201.149.53.243 port 7344:11: Bye Bye [preauth]
Jun 23 21:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: Disconnected from 201.149.53.243 port 7344 [preauth]
Jun 23 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session closed for user root
Jun 23 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17936]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18009]: Successful su for rubyman by root
Jun 23 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18009]: + ??? root:rubyman
Jun 23 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579658 of user rubyman.
Jun 23 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18009]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579658.
Jun 23 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17938]: pam_unix(cron:session): session closed for user root
Jun 23 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session closed for user root
Jun 23 21:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17937]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: Received disconnect from 31.42.176.142 port 39004:11: disconnected by user [preauth]
Jun 23 21:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: Disconnected from 31.42.176.142 port 39004 [preauth]
Jun 23 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17031]: pam_unix(cron:session): session closed for user root
Jun 23 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 23 21:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: Failed password for root from 89.223.69.22 port 59936 ssh2
Jun 23 21:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: Connection closed by 89.223.69.22 port 59936 [preauth]
Jun 23 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Invalid user cc from 211.228.218.47
Jun 23 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: input_userauth_request: invalid user cc [preauth]
Jun 23 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Failed password for invalid user cc from 211.228.218.47 port 36570 ssh2
Jun 23 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Received disconnect from 211.228.218.47 port 36570:11: Bye Bye [preauth]
Jun 23 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Disconnected from 211.228.218.47 port 36570 [preauth]
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18480]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18553]: Successful su for rubyman by root
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18553]: + ??? root:rubyman
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579660 of user rubyman.
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18553]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579660.
Jun 23 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15701]: pam_unix(cron:session): session closed for user root
Jun 23 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18481]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18744]: Invalid user vlad from 201.149.53.243
Jun 23 21:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18744]: input_userauth_request: invalid user vlad [preauth]
Jun 23 21:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18744]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 21:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18744]: Failed password for invalid user vlad from 201.149.53.243 port 6029 ssh2
Jun 23 21:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18744]: Received disconnect from 201.149.53.243 port 6029:11: Bye Bye [preauth]
Jun 23 21:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18744]: Disconnected from 201.149.53.243 port 6029 [preauth]
Jun 23 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17436]: pam_unix(cron:session): session closed for user root
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18914]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18974]: Successful su for rubyman by root
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18974]: + ??? root:rubyman
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579663 of user rubyman.
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18974]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579663.
Jun 23 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16115]: pam_unix(cron:session): session closed for user root
Jun 23 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18915]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session closed for user root
Jun 23 21:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19365]: Invalid user anderson from 201.149.53.243
Jun 23 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19365]: input_userauth_request: invalid user anderson [preauth]
Jun 23 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19365]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 21:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19365]: Failed password for invalid user anderson from 201.149.53.243 port 4722 ssh2
Jun 23 21:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19365]: Received disconnect from 201.149.53.243 port 4722:11: Bye Bye [preauth]
Jun 23 21:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19365]: Disconnected from 201.149.53.243 port 4722 [preauth]
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19411]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19478]: Successful su for rubyman by root
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19478]: + ??? root:rubyman
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579667 of user rubyman.
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19478]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579667.
Jun 23 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16532]: pam_unix(cron:session): session closed for user root
Jun 23 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: Invalid user jenkins from 211.228.218.47
Jun 23 21:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: input_userauth_request: invalid user jenkins [preauth]
Jun 23 21:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: Failed password for invalid user jenkins from 211.228.218.47 port 36912 ssh2
Jun 23 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: Received disconnect from 211.228.218.47 port 36912:11: Bye Bye [preauth]
Jun 23 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: Disconnected from 211.228.218.47 port 36912 [preauth]
Jun 23 21:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18483]: pam_unix(cron:session): session closed for user root
Jun 23 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20021]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20079]: Successful su for rubyman by root
Jun 23 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20079]: + ??? root:rubyman
Jun 23 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579671 of user rubyman.
Jun 23 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20079]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579671.
Jun 23 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17030]: pam_unix(cron:session): session closed for user root
Jun 23 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20022]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: Invalid user idempiere from 201.149.53.243
Jun 23 21:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: input_userauth_request: invalid user idempiere [preauth]
Jun 23 21:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243
Jun 23 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: Failed password for invalid user idempiere from 201.149.53.243 port 3421 ssh2
Jun 23 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: Received disconnect from 201.149.53.243 port 3421:11: Bye Bye [preauth]
Jun 23 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: Disconnected from 201.149.53.243 port 3421 [preauth]
Jun 23 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18917]: pam_unix(cron:session): session closed for user root
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session closed for user root
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20591]: Successful su for rubyman by root
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20591]: + ??? root:rubyman
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579677 of user rubyman.
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20591]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579677.
Jun 23 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20524]: pam_unix(cron:session): session closed for user root
Jun 23 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17435]: pam_unix(cron:session): session closed for user root
Jun 23 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20523]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: Invalid user anderson from 211.228.218.47
Jun 23 21:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: input_userauth_request: invalid user anderson [preauth]
Jun 23 21:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: Failed password for invalid user anderson from 211.228.218.47 port 44988 ssh2
Jun 23 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: Received disconnect from 211.228.218.47 port 44988:11: Bye Bye [preauth]
Jun 23 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: Disconnected from 211.228.218.47 port 44988 [preauth]
Jun 23 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19414]: pam_unix(cron:session): session closed for user root
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: Successful su for rubyman by root
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: + ??? root:rubyman
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579682 of user rubyman.
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579682.
Jun 23 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.53.243  user=root
Jun 23 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session closed for user root
Jun 23 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Failed password for root from 201.149.53.243 port 2120 ssh2
Jun 23 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Received disconnect from 201.149.53.243 port 2120:11: Bye Bye [preauth]
Jun 23 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Disconnected from 201.149.53.243 port 2120 [preauth]
Jun 23 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21307]: Received disconnect from 199.127.62.250 port 63764:11: disconnected by user [preauth]
Jun 23 21:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21307]: Disconnected from 199.127.62.250 port 63764 [preauth]
Jun 23 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20024]: pam_unix(cron:session): session closed for user root
Jun 23 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21475]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21547]: Successful su for rubyman by root
Jun 23 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21547]: + ??? root:rubyman
Jun 23 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579686 of user rubyman.
Jun 23 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21547]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579686.
Jun 23 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18482]: pam_unix(cron:session): session closed for user root
Jun 23 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21476]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 21:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: Failed password for root from 103.27.238.116 port 43160 ssh2
Jun 23 21:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20527]: pam_unix(cron:session): session closed for user root
Jun 23 21:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: Connection closed by 103.27.238.116 port 43160 [preauth]
Jun 23 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21858]: Invalid user odoo from 211.228.218.47
Jun 23 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21858]: input_userauth_request: invalid user odoo [preauth]
Jun 23 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21858]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21858]: Failed password for invalid user odoo from 211.228.218.47 port 52758 ssh2
Jun 23 21:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21858]: Received disconnect from 211.228.218.47 port 52758:11: Bye Bye [preauth]
Jun 23 21:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21858]: Disconnected from 211.228.218.47 port 52758 [preauth]
Jun 23 21:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 21:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: Failed password for root from 62.133.62.83 port 48848 ssh2
Jun 23 21:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21891]: Connection closed by 62.133.62.83 port 48848 [preauth]
Jun 23 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21910]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: Successful su for rubyman by root
Jun 23 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: + ??? root:rubyman
Jun 23 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579689 of user rubyman.
Jun 23 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579689.
Jun 23 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18916]: pam_unix(cron:session): session closed for user root
Jun 23 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21911]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session closed for user root
Jun 23 21:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22402]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22461]: Successful su for rubyman by root
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22461]: + ??? root:rubyman
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579693 of user rubyman.
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22461]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579693.
Jun 23 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session closed for user root
Jun 23 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22403]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 23 21:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.156.237.98
Jun 23 21:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21478]: pam_unix(cron:session): session closed for user root
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22827]: pam_unix(cron:session): session closed for user root
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22822]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22893]: Successful su for rubyman by root
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22893]: + ??? root:rubyman
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579701 of user rubyman.
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22893]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579701.
Jun 23 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22824]: pam_unix(cron:session): session closed for user root
Jun 23 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Failed password for root from 211.228.218.47 port 59032 ssh2
Jun 23 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Received disconnect from 211.228.218.47 port 59032:11: Bye Bye [preauth]
Jun 23 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Disconnected from 211.228.218.47 port 59032 [preauth]
Jun 23 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20023]: pam_unix(cron:session): session closed for user root
Jun 23 21:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22823]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21913]: pam_unix(cron:session): session closed for user root
Jun 23 21:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23197]: Connection closed by 194.59.206.2 port 52934 [preauth]
Jun 23 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23336]: Successful su for rubyman by root
Jun 23 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23336]: + ??? root:rubyman
Jun 23 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579704 of user rubyman.
Jun 23 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23336]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579704.
Jun 23 21:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20525]: pam_unix(cron:session): session closed for user root
Jun 23 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23260]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Received disconnect from 179.61.232.245 port 60228:11: disconnected by user [preauth]
Jun 23 21:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Disconnected from 179.61.232.245 port 60228 [preauth]
Jun 23 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22405]: pam_unix(cron:session): session closed for user root
Jun 23 21:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23691]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23760]: Successful su for rubyman by root
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23760]: + ??? root:rubyman
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579707 of user rubyman.
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23760]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579707.
Jun 23 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: Connection reset by 210.245.36.176 port 63436 [preauth]
Jun 23 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21047]: pam_unix(cron:session): session closed for user root
Jun 23 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23692]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 21:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Failed password for root from 211.228.218.47 port 57010 ssh2
Jun 23 21:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Received disconnect from 211.228.218.47 port 57010:11: Bye Bye [preauth]
Jun 23 21:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Disconnected from 211.228.218.47 port 57010 [preauth]
Jun 23 21:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22826]: pam_unix(cron:session): session closed for user root
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24202]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24284]: Successful su for rubyman by root
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24284]: + ??? root:rubyman
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579712 of user rubyman.
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24284]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579712.
Jun 23 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21477]: pam_unix(cron:session): session closed for user root
Jun 23 21:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24203]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23262]: pam_unix(cron:session): session closed for user root
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24706]: Successful su for rubyman by root
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24706]: + ??? root:rubyman
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579717 of user rubyman.
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24706]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579717.
Jun 23 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21912]: pam_unix(cron:session): session closed for user root
Jun 23 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23694]: pam_unix(cron:session): session closed for user root
Jun 23 21:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Invalid user kevin from 211.228.218.47
Jun 23 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: input_userauth_request: invalid user kevin [preauth]
Jun 23 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Failed password for invalid user kevin from 211.228.218.47 port 36416 ssh2
Jun 23 21:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Received disconnect from 211.228.218.47 port 36416:11: Bye Bye [preauth]
Jun 23 21:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Disconnected from 211.228.218.47 port 36416 [preauth]
Jun 23 21:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Failed password for root from 103.122.221.179 port 50770 ssh2
Jun 23 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Connection closed by 103.122.221.179 port 50770 [preauth]
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25042]: pam_unix(cron:session): session closed for user root
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25036]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: Successful su for rubyman by root
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: + ??? root:rubyman
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579721 of user rubyman.
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579721.
Jun 23 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22404]: pam_unix(cron:session): session closed for user root
Jun 23 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session closed for user root
Jun 23 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25037]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session closed for user root
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25466]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25540]: Successful su for rubyman by root
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25540]: + ??? root:rubyman
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579726 of user rubyman.
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25540]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579726.
Jun 23 21:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22825]: pam_unix(cron:session): session closed for user root
Jun 23 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25467]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25776]: Received disconnect from 209.90.232.26 port 56182:11: disconnected by user [preauth]
Jun 23 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25776]: Disconnected from 209.90.232.26 port 56182 [preauth]
Jun 23 21:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24632]: pam_unix(cron:session): session closed for user root
Jun 23 21:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 21:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Failed password for root from 80.66.85.226 port 34120 ssh2
Jun 23 21:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Connection closed by 80.66.85.226 port 34120 [preauth]
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25868]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25929]: Successful su for rubyman by root
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25929]: + ??? root:rubyman
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579731 of user rubyman.
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25929]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579731.
Jun 23 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23261]: pam_unix(cron:session): session closed for user root
Jun 23 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25993]: Failed password for root from 211.228.218.47 port 44182 ssh2
Jun 23 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25993]: Received disconnect from 211.228.218.47 port 44182:11: Bye Bye [preauth]
Jun 23 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25993]: Disconnected from 211.228.218.47 port 44182 [preauth]
Jun 23 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25869]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25041]: pam_unix(cron:session): session closed for user root
Jun 23 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26258]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26322]: Successful su for rubyman by root
Jun 23 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26322]: + ??? root:rubyman
Jun 23 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579734 of user rubyman.
Jun 23 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26322]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579734.
Jun 23 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23693]: pam_unix(cron:session): session closed for user root
Jun 23 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26259]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25470]: pam_unix(cron:session): session closed for user root
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26650]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26856]: Successful su for rubyman by root
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26856]: + ??? root:rubyman
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579737 of user rubyman.
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26856]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579737.
Jun 23 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session closed for user root
Jun 23 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session closed for user root
Jun 23 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26649]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Invalid user vlad from 211.228.218.47
Jun 23 21:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: input_userauth_request: invalid user vlad [preauth]
Jun 23 21:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Failed password for invalid user vlad from 211.228.218.47 port 41852 ssh2
Jun 23 21:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Received disconnect from 211.228.218.47 port 41852:11: Bye Bye [preauth]
Jun 23 21:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Disconnected from 211.228.218.47 port 41852 [preauth]
Jun 23 21:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25871]: pam_unix(cron:session): session closed for user root
Jun 23 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session closed for user root
Jun 23 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27315]: Successful su for rubyman by root
Jun 23 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27315]: + ??? root:rubyman
Jun 23 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579743 of user rubyman.
Jun 23 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27315]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579743.
Jun 23 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session closed for user root
Jun 23 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session closed for user root
Jun 23 21:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: Invalid user admin from 141.98.83.240
Jun 23 21:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: input_userauth_request: invalid user admin [preauth]
Jun 23 21:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: Failed password for invalid user admin from 141.98.83.240 port 51434 ssh2
Jun 23 21:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: Failed password for invalid user admin from 141.98.83.240 port 51434 ssh2
Jun 23 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: Failed password for invalid user admin from 141.98.83.240 port 51434 ssh2
Jun 23 21:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: Connection closed by 141.98.83.240 port 51434 [preauth]
Jun 23 21:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27539]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26261]: pam_unix(cron:session): session closed for user root
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27678]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27752]: Successful su for rubyman by root
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27752]: + ??? root:rubyman
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579749 of user rubyman.
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27752]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579749.
Jun 23 21:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25040]: pam_unix(cron:session): session closed for user root
Jun 23 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27679]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: Failed password for root from 211.228.218.47 port 47852 ssh2
Jun 23 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: Received disconnect from 211.228.218.47 port 47852:11: Bye Bye [preauth]
Jun 23 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: Disconnected from 211.228.218.47 port 47852 [preauth]
Jun 23 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26651]: pam_unix(cron:session): session closed for user root
Jun 23 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: Successful su for rubyman by root
Jun 23 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: + ??? root:rubyman
Jun 23 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579754 of user rubyman.
Jun 23 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579754.
Jun 23 21:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25468]: pam_unix(cron:session): session closed for user root
Jun 23 21:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28149]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: Bad protocol version identification '\026\003\001\005\312\001' from 104.152.52.203 port 52285
Jun 23 21:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Connection closed by 104.152.52.213 port 59171 [preauth]
Jun 23 21:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147  user=root
Jun 23 21:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Failed password for root from 43.173.69.147 port 53180 ssh2
Jun 23 21:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Received disconnect from 43.173.69.147 port 53180:11: Bye Bye [preauth]
Jun 23 21:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Disconnected from 43.173.69.147 port 53180 [preauth]
Jun 23 21:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session closed for user root
Jun 23 21:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: Received disconnect from 192.210.194.2 port 36714:11: disconnected by user [preauth]
Jun 23 21:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: Disconnected from 192.210.194.2 port 36714 [preauth]
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28559]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28709]: Successful su for rubyman by root
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28709]: + ??? root:rubyman
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579756 of user rubyman.
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28709]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579756.
Jun 23 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25870]: pam_unix(cron:session): session closed for user root
Jun 23 21:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28560]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27681]: pam_unix(cron:session): session closed for user root
Jun 23 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: Invalid user mminchenok from 211.228.218.47
Jun 23 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: input_userauth_request: invalid user mminchenok [preauth]
Jun 23 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47
Jun 23 21:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: Failed password for invalid user mminchenok from 211.228.218.47 port 60796 ssh2
Jun 23 21:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: Received disconnect from 211.228.218.47 port 60796:11: Bye Bye [preauth]
Jun 23 21:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: Disconnected from 211.228.218.47 port 60796 [preauth]
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29069]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29134]: Successful su for rubyman by root
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29134]: + ??? root:rubyman
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579760 of user rubyman.
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29134]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579760.
Jun 23 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26260]: pam_unix(cron:session): session closed for user root
Jun 23 21:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29070]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28151]: pam_unix(cron:session): session closed for user root
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session closed for user root
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29496]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29652]: Successful su for rubyman by root
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29652]: + ??? root:rubyman
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579769 of user rubyman.
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29652]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579769.
Jun 23 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26650]: pam_unix(cron:session): session closed for user root
Jun 23 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29498]: pam_unix(cron:session): session closed for user root
Jun 23 21:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29497]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28562]: pam_unix(cron:session): session closed for user root
Jun 23 21:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.218.47  user=root
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30053]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30129]: Successful su for rubyman by root
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30129]: + ??? root:rubyman
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579771 of user rubyman.
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30129]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579771.
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: Failed password for root from 211.228.218.47 port 58168 ssh2
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: Received disconnect from 211.228.218.47 port 58168:11: Bye Bye [preauth]
Jun 23 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: Disconnected from 211.228.218.47 port 58168 [preauth]
Jun 23 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session closed for user root
Jun 23 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30054]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29072]: pam_unix(cron:session): session closed for user root
Jun 23 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30470]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30536]: Successful su for rubyman by root
Jun 23 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30536]: + ??? root:rubyman
Jun 23 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579775 of user rubyman.
Jun 23 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30536]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579775.
Jun 23 21:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27680]: pam_unix(cron:session): session closed for user root
Jun 23 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30471]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session closed for user root
Jun 23 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31045]: Successful su for rubyman by root
Jun 23 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31045]: + ??? root:rubyman
Jun 23 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579779 of user rubyman.
Jun 23 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31045]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579779.
Jun 23 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28150]: pam_unix(cron:session): session closed for user root
Jun 23 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30884]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30056]: pam_unix(cron:session): session closed for user root
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31385]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31449]: Successful su for rubyman by root
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31449]: + ??? root:rubyman
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579784 of user rubyman.
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31449]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579784.
Jun 23 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28561]: pam_unix(cron:session): session closed for user root
Jun 23 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31386]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30474]: pam_unix(cron:session): session closed for user root
Jun 23 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31886]: pam_unix(cron:session): session closed for user root
Jun 23 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31881]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31959]: Successful su for rubyman by root
Jun 23 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31959]: + ??? root:rubyman
Jun 23 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579790 of user rubyman.
Jun 23 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31959]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579790.
Jun 23 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29071]: pam_unix(cron:session): session closed for user root
Jun 23 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31883]: pam_unix(cron:session): session closed for user root
Jun 23 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238  user=root
Jun 23 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31882]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32162]: Failed password for root from 189.147.19.238 port 4578 ssh2
Jun 23 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32162]: Received disconnect from 189.147.19.238 port 4578:11: Bye Bye [preauth]
Jun 23 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32162]: Disconnected from 189.147.19.238 port 4578 [preauth]
Jun 23 21:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30886]: pam_unix(cron:session): session closed for user root
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32322]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32393]: Successful su for rubyman by root
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32393]: + ??? root:rubyman
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579794 of user rubyman.
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32393]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579794.
Jun 23 21:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session closed for user root
Jun 23 21:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32323]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31388]: pam_unix(cron:session): session closed for user root
Jun 23 21:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 21:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: Failed password for root from 103.149.28.157 port 60940 ssh2
Jun 23 21:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: Connection closed by 103.149.28.157 port 60940 [preauth]
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32755]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[350]: Successful su for rubyman by root
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[350]: + ??? root:rubyman
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579798 of user rubyman.
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[350]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579798.
Jun 23 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30055]: pam_unix(cron:session): session closed for user root
Jun 23 21:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32756]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Received disconnect from 62.182.85.212 port 34308:11: disconnected by user [preauth]
Jun 23 21:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Disconnected from 62.182.85.212 port 34308 [preauth]
Jun 23 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31885]: pam_unix(cron:session): session closed for user root
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[842]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: Successful su for rubyman by root
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: + ??? root:rubyman
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579801 of user rubyman.
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579801.
Jun 23 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30473]: pam_unix(cron:session): session closed for user root
Jun 23 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[843]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Invalid user guest from 43.173.69.147
Jun 23 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: input_userauth_request: invalid user guest [preauth]
Jun 23 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32325]: pam_unix(cron:session): session closed for user root
Jun 23 21:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Failed password for invalid user guest from 43.173.69.147 port 45208 ssh2
Jun 23 21:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Received disconnect from 43.173.69.147 port 45208:11: Bye Bye [preauth]
Jun 23 21:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Disconnected from 43.173.69.147 port 45208 [preauth]
Jun 23 21:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 21:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: Failed password for root from 193.46.255.86 port 45050 ssh2
Jun 23 21:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 45050 ssh2]
Jun 23 21:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: Connection closed by 193.46.255.86 port 45050 [preauth]
Jun 23 21:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 23 21:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 21:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: Failed password for root from 38.93.206.2 port 12662 ssh2
Jun 23 21:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: Connection closed by 38.93.206.2 port 12662 [preauth]
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1296]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1374]: Successful su for rubyman by root
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1374]: + ??? root:rubyman
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579804 of user rubyman.
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1374]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579804.
Jun 23 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30885]: pam_unix(cron:session): session closed for user root
Jun 23 21:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1297]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 21:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Failed password for root from 103.15.222.183 port 55022 ssh2
Jun 23 21:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Connection closed by 103.15.222.183 port 55022 [preauth]
Jun 23 21:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session closed for user root
Jun 23 21:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Invalid user sbh from 189.147.19.238
Jun 23 21:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: input_userauth_request: invalid user sbh [preauth]
Jun 23 21:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for invalid user sbh from 189.147.19.238 port 19109 ssh2
Jun 23 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Received disconnect from 189.147.19.238 port 19109:11: Bye Bye [preauth]
Jun 23 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Disconnected from 189.147.19.238 port 19109 [preauth]
Jun 23 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1861]: pam_unix(cron:session): session closed for user root
Jun 23 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1949]: Successful su for rubyman by root
Jun 23 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1949]: + ??? root:rubyman
Jun 23 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579811 of user rubyman.
Jun 23 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1949]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579811.
Jun 23 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1858]: pam_unix(cron:session): session closed for user root
Jun 23 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31387]: pam_unix(cron:session): session closed for user root
Jun 23 21:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147  user=root
Jun 23 21:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: Failed password for root from 43.173.69.147 port 32892 ssh2
Jun 23 21:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: Received disconnect from 43.173.69.147 port 32892:11: Bye Bye [preauth]
Jun 23 21:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: Disconnected from 43.173.69.147 port 32892 [preauth]
Jun 23 21:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[845]: pam_unix(cron:session): session closed for user root
Jun 23 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2374]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: Successful su for rubyman by root
Jun 23 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: + ??? root:rubyman
Jun 23 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579814 of user rubyman.
Jun 23 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2440]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579814.
Jun 23 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31884]: pam_unix(cron:session): session closed for user root
Jun 23 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1300]: pam_unix(cron:session): session closed for user root
Jun 23 21:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Invalid user fr from 189.147.19.238
Jun 23 21:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: input_userauth_request: invalid user fr [preauth]
Jun 23 21:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 21:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Failed password for invalid user fr from 189.147.19.238 port 46197 ssh2
Jun 23 21:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Received disconnect from 189.147.19.238 port 46197:11: Bye Bye [preauth]
Jun 23 21:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Disconnected from 189.147.19.238 port 46197 [preauth]
Jun 23 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: Successful su for rubyman by root
Jun 23 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: + ??? root:rubyman
Jun 23 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579818 of user rubyman.
Jun 23 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579818.
Jun 23 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session closed for user root
Jun 23 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147  user=root
Jun 23 21:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3080]: Failed password for root from 43.173.69.147 port 49804 ssh2
Jun 23 21:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3080]: Received disconnect from 43.173.69.147 port 49804:11: Bye Bye [preauth]
Jun 23 21:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3080]: Disconnected from 43.173.69.147 port 49804 [preauth]
Jun 23 21:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1860]: pam_unix(cron:session): session closed for user root
Jun 23 21:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 21:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Failed password for root from 103.153.68.219 port 48228 ssh2
Jun 23 21:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Connection closed by 103.153.68.219 port 48228 [preauth]
Jun 23 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3199]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: Successful su for rubyman by root
Jun 23 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: + ??? root:rubyman
Jun 23 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579824 of user rubyman.
Jun 23 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579824.
Jun 23 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session closed for user root
Jun 23 21:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3200]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Invalid user cisco from 189.147.19.238
Jun 23 21:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: input_userauth_request: invalid user cisco [preauth]
Jun 23 21:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 21:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Failed password for invalid user cisco from 189.147.19.238 port 52863 ssh2
Jun 23 21:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Received disconnect from 189.147.19.238 port 52863:11: Bye Bye [preauth]
Jun 23 21:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Disconnected from 189.147.19.238 port 52863 [preauth]
Jun 23 21:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session closed for user root
Jun 23 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3598]: pam_unix(cron:session): session closed for user p13x
Jun 23 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3658]: Successful su for rubyman by root
Jun 23 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3658]: + ??? root:rubyman
Jun 23 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579826 of user rubyman.
Jun 23 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3658]: pam_unix(su:session): session closed for user rubyman
Jun 23 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579826.
Jun 23 21:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[844]: pam_unix(cron:session): session closed for user root
Jun 23 21:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3599]: pam_unix(cron:session): session closed for user samftp
Jun 23 21:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 21:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Invalid user fabien from 43.173.69.147
Jun 23 21:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: input_userauth_request: invalid user fabien [preauth]
Jun 23 21:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 21:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 21:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Failed password for invalid user fabien from 43.173.69.147 port 38358 ssh2
Jun 23 21:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Received disconnect from 43.173.69.147 port 38358:11: Bye Bye [preauth]
Jun 23 21:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Disconnected from 43.173.69.147 port 38358 [preauth]
Jun 23 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session closed for user root
Jun 23 21:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Invalid user administrator from 189.147.19.238
Jun 23 22:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: input_userauth_request: invalid user administrator [preauth]
Jun 23 22:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session closed for user root
Jun 23 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4198]: pam_unix(cron:session): session closed for user root
Jun 23 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4196]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Failed password for invalid user administrator from 189.147.19.238 port 5009 ssh2
Jun 23 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Received disconnect from 189.147.19.238 port 5009:11: Bye Bye [preauth]
Jun 23 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Disconnected from 189.147.19.238 port 5009 [preauth]
Jun 23 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4297]: Successful su for rubyman by root
Jun 23 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4297]: + ??? root:rubyman
Jun 23 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579832 of user rubyman.
Jun 23 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4297]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579832.
Jun 23 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1299]: pam_unix(cron:session): session closed for user root
Jun 23 22:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4199]: pam_unix(cron:session): session closed for user root
Jun 23 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4197]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3202]: pam_unix(cron:session): session closed for user root
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4706]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: Successful su for rubyman by root
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: + ??? root:rubyman
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579839 of user rubyman.
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579839.
Jun 23 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1859]: pam_unix(cron:session): session closed for user root
Jun 23 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4707]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Invalid user farid from 43.173.69.147
Jun 23 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: input_userauth_request: invalid user farid [preauth]
Jun 23 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Failed password for invalid user farid from 43.173.69.147 port 37270 ssh2
Jun 23 22:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Received disconnect from 43.173.69.147 port 37270:11: Bye Bye [preauth]
Jun 23 22:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Disconnected from 43.173.69.147 port 37270 [preauth]
Jun 23 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3602]: pam_unix(cron:session): session closed for user root
Jun 23 22:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Invalid user khalid from 189.147.19.238
Jun 23 22:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: input_userauth_request: invalid user khalid [preauth]
Jun 23 22:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Failed password for invalid user khalid from 189.147.19.238 port 34012 ssh2
Jun 23 22:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Received disconnect from 189.147.19.238 port 34012:11: Bye Bye [preauth]
Jun 23 22:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Disconnected from 189.147.19.238 port 34012 [preauth]
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5228]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5292]: Successful su for rubyman by root
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5292]: + ??? root:rubyman
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579843 of user rubyman.
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5292]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579843.
Jun 23 22:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session closed for user root
Jun 23 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5229]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Received disconnect from 144.217.74.127 port 47894:11: disconnected by user [preauth]
Jun 23 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Disconnected from 144.217.74.127 port 47894 [preauth]
Jun 23 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4201]: pam_unix(cron:session): session closed for user root
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5633]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5691]: Successful su for rubyman by root
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5691]: + ??? root:rubyman
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579845 of user rubyman.
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5691]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579845.
Jun 23 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2802]: pam_unix(cron:session): session closed for user root
Jun 23 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5634]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Invalid user vpn from 43.173.69.147
Jun 23 22:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: input_userauth_request: invalid user vpn [preauth]
Jun 23 22:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Failed password for invalid user vpn from 43.173.69.147 port 55682 ssh2
Jun 23 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Received disconnect from 43.173.69.147 port 55682:11: Bye Bye [preauth]
Jun 23 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Disconnected from 43.173.69.147 port 55682 [preauth]
Jun 23 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 22:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Failed password for root from 87.251.79.125 port 45754 ssh2
Jun 23 22:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Connection closed by 87.251.79.125 port 45754 [preauth]
Jun 23 22:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: Invalid user test_user from 189.147.19.238
Jun 23 22:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: input_userauth_request: invalid user test_user [preauth]
Jun 23 22:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4709]: pam_unix(cron:session): session closed for user root
Jun 23 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: Failed password for invalid user test_user from 189.147.19.238 port 1440 ssh2
Jun 23 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: Received disconnect from 189.147.19.238 port 1440:11: Bye Bye [preauth]
Jun 23 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: Disconnected from 189.147.19.238 port 1440 [preauth]
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6084]: Successful su for rubyman by root
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6084]: + ??? root:rubyman
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579850 of user rubyman.
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6084]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579850.
Jun 23 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3201]: pam_unix(cron:session): session closed for user root
Jun 23 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 22:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: Failed password for root from 77.94.47.83 port 44644 ssh2
Jun 23 22:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: Connection closed by 77.94.47.83 port 44644 [preauth]
Jun 23 22:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5231]: pam_unix(cron:session): session closed for user root
Jun 23 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: Failed password for root from 147.45.199.80 port 41822 ssh2
Jun 23 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6337]: Connection closed by 147.45.199.80 port 41822 [preauth]
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6431]: pam_unix(cron:session): session closed for user root
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6425]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6492]: Successful su for rubyman by root
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6492]: + ??? root:rubyman
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579855 of user rubyman.
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6492]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579855.
Jun 23 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: Invalid user test_user from 43.173.69.147
Jun 23 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: input_userauth_request: invalid user test_user [preauth]
Jun 23 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6427]: pam_unix(cron:session): session closed for user root
Jun 23 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3601]: pam_unix(cron:session): session closed for user root
Jun 23 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: Failed password for invalid user test_user from 43.173.69.147 port 50514 ssh2
Jun 23 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: Received disconnect from 43.173.69.147 port 50514:11: Bye Bye [preauth]
Jun 23 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: Disconnected from 43.173.69.147 port 50514 [preauth]
Jun 23 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6426]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6707]: Invalid user hadoop from 189.147.19.238
Jun 23 22:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6707]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 22:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6707]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6707]: Failed password for invalid user hadoop from 189.147.19.238 port 6182 ssh2
Jun 23 22:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6707]: Received disconnect from 189.147.19.238 port 6182:11: Bye Bye [preauth]
Jun 23 22:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6707]: Disconnected from 189.147.19.238 port 6182 [preauth]
Jun 23 22:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5636]: pam_unix(cron:session): session closed for user root
Jun 23 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6868]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: Successful su for rubyman by root
Jun 23 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: + ??? root:rubyman
Jun 23 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579860 of user rubyman.
Jun 23 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579860.
Jun 23 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4200]: pam_unix(cron:session): session closed for user root
Jun 23 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6869]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6026]: pam_unix(cron:session): session closed for user root
Jun 23 22:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Invalid user builder from 43.173.69.147
Jun 23 22:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: input_userauth_request: invalid user builder [preauth]
Jun 23 22:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238  user=root
Jun 23 22:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Failed password for invalid user builder from 43.173.69.147 port 58832 ssh2
Jun 23 22:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Received disconnect from 43.173.69.147 port 58832:11: Bye Bye [preauth]
Jun 23 22:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7355]: Disconnected from 43.173.69.147 port 58832 [preauth]
Jun 23 22:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: Failed password for root from 189.147.19.238 port 40597 ssh2
Jun 23 22:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: Received disconnect from 189.147.19.238 port 40597:11: Bye Bye [preauth]
Jun 23 22:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: Disconnected from 189.147.19.238 port 40597 [preauth]
Jun 23 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7369]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7434]: Successful su for rubyman by root
Jun 23 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7434]: + ??? root:rubyman
Jun 23 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579864 of user rubyman.
Jun 23 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7434]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579864.
Jun 23 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4708]: pam_unix(cron:session): session closed for user root
Jun 23 22:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7370]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6429]: pam_unix(cron:session): session closed for user root
Jun 23 22:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 22:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Failed password for root from 51.250.105.222 port 37156 ssh2
Jun 23 22:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Connection closed by 51.250.105.222 port 37156 [preauth]
Jun 23 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7868]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: Successful su for rubyman by root
Jun 23 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: + ??? root:rubyman
Jun 23 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579867 of user rubyman.
Jun 23 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579867.
Jun 23 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5230]: pam_unix(cron:session): session closed for user root
Jun 23 22:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7869]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6871]: pam_unix(cron:session): session closed for user root
Jun 23 22:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238  user=root
Jun 23 22:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Failed password for root from 189.147.19.238 port 27202 ssh2
Jun 23 22:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Received disconnect from 189.147.19.238 port 27202:11: Bye Bye [preauth]
Jun 23 22:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Disconnected from 189.147.19.238 port 27202 [preauth]
Jun 23 22:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147  user=root
Jun 23 22:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Failed password for root from 43.173.69.147 port 60660 ssh2
Jun 23 22:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Received disconnect from 43.173.69.147 port 60660:11: Bye Bye [preauth]
Jun 23 22:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8228]: Disconnected from 43.173.69.147 port 60660 [preauth]
Jun 23 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8256]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8258]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: Successful su for rubyman by root
Jun 23 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: + ??? root:rubyman
Jun 23 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579872 of user rubyman.
Jun 23 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579872.
Jun 23 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8256]: pam_unix(cron:session): session closed for user root
Jun 23 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5635]: pam_unix(cron:session): session closed for user root
Jun 23 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: Invalid user user from 141.98.83.240
Jun 23 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: input_userauth_request: invalid user user [preauth]
Jun 23 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 22:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: Failed password for invalid user user from 141.98.83.240 port 12172 ssh2
Jun 23 22:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: Failed password for invalid user user from 141.98.83.240 port 12172 ssh2
Jun 23 22:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: Failed password for invalid user user from 141.98.83.240 port 12172 ssh2
Jun 23 22:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: Connection closed by 141.98.83.240 port 12172 [preauth]
Jun 23 22:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7372]: pam_unix(cron:session): session closed for user root
Jun 23 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8745]: pam_unix(cron:session): session closed for user root
Jun 23 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8740]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: Successful su for rubyman by root
Jun 23 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: + ??? root:rubyman
Jun 23 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579878 of user rubyman.
Jun 23 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579878.
Jun 23 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8742]: pam_unix(cron:session): session closed for user root
Jun 23 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6025]: pam_unix(cron:session): session closed for user root
Jun 23 22:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8741]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238  user=root
Jun 23 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7871]: pam_unix(cron:session): session closed for user root
Jun 23 22:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: Failed password for root from 189.147.19.238 port 48547 ssh2
Jun 23 22:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: Received disconnect from 189.147.19.238 port 48547:11: Bye Bye [preauth]
Jun 23 22:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: Disconnected from 189.147.19.238 port 48547 [preauth]
Jun 23 22:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Invalid user khalid from 43.173.69.147
Jun 23 22:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: input_userauth_request: invalid user khalid [preauth]
Jun 23 22:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Failed password for invalid user khalid from 43.173.69.147 port 49348 ssh2
Jun 23 22:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Received disconnect from 43.173.69.147 port 49348:11: Bye Bye [preauth]
Jun 23 22:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Disconnected from 43.173.69.147 port 49348 [preauth]
Jun 23 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9171]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9245]: Successful su for rubyman by root
Jun 23 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9245]: + ??? root:rubyman
Jun 23 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579883 of user rubyman.
Jun 23 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9245]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579883.
Jun 23 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6428]: pam_unix(cron:session): session closed for user root
Jun 23 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9172]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session closed for user root
Jun 23 22:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: Connection closed by 50.169.142.154 port 19092 [preauth]
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9568]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9634]: Successful su for rubyman by root
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9634]: + ??? root:rubyman
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579887 of user rubyman.
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9634]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579887.
Jun 23 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6870]: pam_unix(cron:session): session closed for user root
Jun 23 22:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9569]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: Failed password for root from 103.27.238.120 port 52276 ssh2
Jun 23 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: Connection closed by 103.27.238.120 port 52276 [preauth]
Jun 23 22:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Invalid user guest from 189.147.19.238
Jun 23 22:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: input_userauth_request: invalid user guest [preauth]
Jun 23 22:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 23 22:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Received disconnect from 185.165.242.225 port 58778:11: disconnected by user [preauth]
Jun 23 22:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Disconnected from 185.165.242.225 port 58778 [preauth]
Jun 23 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Failed password for invalid user guest from 189.147.19.238 port 15494 ssh2
Jun 23 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Received disconnect from 189.147.19.238 port 15494:11: Bye Bye [preauth]
Jun 23 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Disconnected from 189.147.19.238 port 15494 [preauth]
Jun 23 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8744]: pam_unix(cron:session): session closed for user root
Jun 23 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Invalid user devops from 43.173.69.147
Jun 23 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: input_userauth_request: invalid user devops [preauth]
Jun 23 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Failed password for invalid user devops from 43.173.69.147 port 33152 ssh2
Jun 23 22:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Received disconnect from 43.173.69.147 port 33152:11: Bye Bye [preauth]
Jun 23 22:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Disconnected from 43.173.69.147 port 33152 [preauth]
Jun 23 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10150]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10219]: Successful su for rubyman by root
Jun 23 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10219]: + ??? root:rubyman
Jun 23 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579892 of user rubyman.
Jun 23 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10219]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579892.
Jun 23 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7371]: pam_unix(cron:session): session closed for user root
Jun 23 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10151]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: Invalid user admin from 2.57.121.25
Jun 23 22:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: input_userauth_request: invalid user admin [preauth]
Jun 23 22:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: Failed password for invalid user admin from 2.57.121.25 port 26898 ssh2
Jun 23 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: Failed password for invalid user admin from 2.57.121.25 port 26898 ssh2
Jun 23 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: Failed password for invalid user admin from 2.57.121.25 port 26898 ssh2
Jun 23 22:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: Connection closed by 2.57.121.25 port 26898 [preauth]
Jun 23 22:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9174]: pam_unix(cron:session): session closed for user root
Jun 23 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: Successful su for rubyman by root
Jun 23 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: + ??? root:rubyman
Jun 23 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579894 of user rubyman.
Jun 23 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10711]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579894.
Jun 23 22:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: Invalid user farid from 189.147.19.238
Jun 23 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: input_userauth_request: invalid user farid [preauth]
Jun 23 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7870]: pam_unix(cron:session): session closed for user root
Jun 23 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: Failed password for invalid user farid from 189.147.19.238 port 12676 ssh2
Jun 23 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: Received disconnect from 189.147.19.238 port 12676:11: Bye Bye [preauth]
Jun 23 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: Disconnected from 189.147.19.238 port 12676 [preauth]
Jun 23 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9571]: pam_unix(cron:session): session closed for user root
Jun 23 22:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147  user=root
Jun 23 22:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Failed password for root from 43.173.69.147 port 43972 ssh2
Jun 23 22:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Received disconnect from 43.173.69.147 port 43972:11: Bye Bye [preauth]
Jun 23 22:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Disconnected from 43.173.69.147 port 43972 [preauth]
Jun 23 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11077]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session closed for user root
Jun 23 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11077]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11151]: Successful su for rubyman by root
Jun 23 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11151]: + ??? root:rubyman
Jun 23 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579901 of user rubyman.
Jun 23 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11151]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579901.
Jun 23 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11079]: pam_unix(cron:session): session closed for user root
Jun 23 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session closed for user root
Jun 23 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11078]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10153]: pam_unix(cron:session): session closed for user root
Jun 23 22:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238  user=root
Jun 23 22:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Failed password for root from 189.147.19.238 port 35256 ssh2
Jun 23 22:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Received disconnect from 189.147.19.238 port 35256:11: Bye Bye [preauth]
Jun 23 22:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Disconnected from 189.147.19.238 port 35256 [preauth]
Jun 23 22:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: Did not receive identification string from 69.5.169.134
Jun 23 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11599]: Successful su for rubyman by root
Jun 23 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11599]: + ??? root:rubyman
Jun 23 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579905 of user rubyman.
Jun 23 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11599]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579905.
Jun 23 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8743]: pam_unix(cron:session): session closed for user root
Jun 23 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 22:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Failed password for root from 202.178.126.219 port 32650 ssh2
Jun 23 22:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Connection closed by 202.178.126.219 port 32650 [preauth]
Jun 23 22:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11825]: Connection reset by 69.5.169.80 port 13740 [preauth]
Jun 23 22:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session closed for user root
Jun 23 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Invalid user frappe from 43.173.69.147
Jun 23 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: input_userauth_request: invalid user frappe [preauth]
Jun 23 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Failed password for invalid user frappe from 43.173.69.147 port 50454 ssh2
Jun 23 22:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Received disconnect from 43.173.69.147 port 50454:11: Bye Bye [preauth]
Jun 23 22:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Disconnected from 43.173.69.147 port 50454 [preauth]
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session closed for user root
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12001]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12063]: Successful su for rubyman by root
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12063]: + ??? root:rubyman
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579908 of user rubyman.
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12063]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579908.
Jun 23 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9173]: pam_unix(cron:session): session closed for user root
Jun 23 22:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12002]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 23 22:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Failed password for root from 176.32.39.21 port 58374 ssh2
Jun 23 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Invalid user devops from 189.147.19.238
Jun 23 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: input_userauth_request: invalid user devops [preauth]
Jun 23 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Connection closed by 176.32.39.21 port 58374 [preauth]
Jun 23 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session closed for user root
Jun 23 22:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Failed password for invalid user devops from 189.147.19.238 port 31278 ssh2
Jun 23 22:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Received disconnect from 189.147.19.238 port 31278:11: Bye Bye [preauth]
Jun 23 22:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Disconnected from 189.147.19.238 port 31278 [preauth]
Jun 23 22:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12496]: Invalid user  from 64.62.197.93
Jun 23 22:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12496]: input_userauth_request: invalid user  [preauth]
Jun 23 22:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12496]: Connection closed by 64.62.197.93 port 25745 [preauth]
Jun 23 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12531]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12592]: Successful su for rubyman by root
Jun 23 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12592]: + ??? root:rubyman
Jun 23 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579913 of user rubyman.
Jun 23 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12592]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579913.
Jun 23 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9570]: pam_unix(cron:session): session closed for user root
Jun 23 22:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12532]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12840]: Invalid user ghostadmin from 43.173.69.147
Jun 23 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12840]: input_userauth_request: invalid user ghostadmin [preauth]
Jun 23 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12840]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12840]: Failed password for invalid user ghostadmin from 43.173.69.147 port 32770 ssh2
Jun 23 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12840]: Received disconnect from 43.173.69.147 port 32770:11: Bye Bye [preauth]
Jun 23 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12840]: Disconnected from 43.173.69.147 port 32770 [preauth]
Jun 23 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11537]: pam_unix(cron:session): session closed for user root
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13003]: Successful su for rubyman by root
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13003]: + ??? root:rubyman
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579917 of user rubyman.
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13003]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579917.
Jun 23 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10152]: pam_unix(cron:session): session closed for user root
Jun 23 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12946]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238  user=root
Jun 23 22:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Failed password for root from 189.147.19.238 port 23032 ssh2
Jun 23 22:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Received disconnect from 189.147.19.238 port 23032:11: Bye Bye [preauth]
Jun 23 22:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Disconnected from 189.147.19.238 port 23032 [preauth]
Jun 23 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12004]: pam_unix(cron:session): session closed for user root
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13357]: pam_unix(cron:session): session closed for user root
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13422]: Successful su for rubyman by root
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13422]: + ??? root:rubyman
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579922 of user rubyman.
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13422]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579922.
Jun 23 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session closed for user root
Jun 23 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session closed for user root
Jun 23 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Invalid user cisco from 43.173.69.147
Jun 23 22:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: input_userauth_request: invalid user cisco [preauth]
Jun 23 22:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Failed password for invalid user cisco from 43.173.69.147 port 37300 ssh2
Jun 23 22:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Received disconnect from 43.173.69.147 port 37300:11: Bye Bye [preauth]
Jun 23 22:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Disconnected from 43.173.69.147 port 37300 [preauth]
Jun 23 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12534]: pam_unix(cron:session): session closed for user root
Jun 23 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: Invalid user theo from 189.147.19.238
Jun 23 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: input_userauth_request: invalid user theo [preauth]
Jun 23 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13864]: Successful su for rubyman by root
Jun 23 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13864]: + ??? root:rubyman
Jun 23 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579928 of user rubyman.
Jun 23 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13864]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579928.
Jun 23 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: Failed password for invalid user theo from 189.147.19.238 port 6310 ssh2
Jun 23 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: Received disconnect from 189.147.19.238 port 6310:11: Bye Bye [preauth]
Jun 23 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: Disconnected from 189.147.19.238 port 6310 [preauth]
Jun 23 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session closed for user root
Jun 23 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14092]: Connection closed by 188.166.21.227 port 41118 [preauth]
Jun 23 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12948]: pam_unix(cron:session): session closed for user root
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14258]: Successful su for rubyman by root
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14258]: + ??? root:rubyman
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579932 of user rubyman.
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14258]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579932.
Jun 23 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session closed for user root
Jun 23 22:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: Invalid user mike from 43.173.69.147
Jun 23 22:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: input_userauth_request: invalid user mike [preauth]
Jun 23 22:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: Failed password for invalid user mike from 43.173.69.147 port 50156 ssh2
Jun 23 22:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: Received disconnect from 43.173.69.147 port 50156:11: Bye Bye [preauth]
Jun 23 22:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: Disconnected from 43.173.69.147 port 50156 [preauth]
Jun 23 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13356]: pam_unix(cron:session): session closed for user root
Jun 23 22:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 22:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: Failed password for root from 103.82.132.16 port 33666 ssh2
Jun 23 22:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: Connection closed by 103.82.132.16 port 33666 [preauth]
Jun 23 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Invalid user tester from 189.147.19.238
Jun 23 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: input_userauth_request: invalid user tester [preauth]
Jun 23 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Failed password for invalid user tester from 189.147.19.238 port 2339 ssh2
Jun 23 22:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Received disconnect from 189.147.19.238 port 2339:11: Bye Bye [preauth]
Jun 23 22:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Disconnected from 189.147.19.238 port 2339 [preauth]
Jun 23 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14588]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: Successful su for rubyman by root
Jun 23 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: + ??? root:rubyman
Jun 23 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579936 of user rubyman.
Jun 23 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579936.
Jun 23 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12003]: pam_unix(cron:session): session closed for user root
Jun 23 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13802]: pam_unix(cron:session): session closed for user root
Jun 23 22:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: Received disconnect from 96.8.116.34 port 47048:11: disconnected by user [preauth]
Jun 23 22:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: Disconnected from 96.8.116.34 port 47048 [preauth]
Jun 23 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15079]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: Successful su for rubyman by root
Jun 23 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: + ??? root:rubyman
Jun 23 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579939 of user rubyman.
Jun 23 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579939.
Jun 23 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12533]: pam_unix(cron:session): session closed for user root
Jun 23 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15080]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147  user=root
Jun 23 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Failed password for root from 43.173.69.147 port 43200 ssh2
Jun 23 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Received disconnect from 43.173.69.147 port 43200:11: Bye Bye [preauth]
Jun 23 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Disconnected from 43.173.69.147 port 43200 [preauth]
Jun 23 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14202]: pam_unix(cron:session): session closed for user root
Jun 23 22:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238  user=root
Jun 23 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: Failed password for root from 189.147.19.238 port 51425 ssh2
Jun 23 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: Received disconnect from 189.147.19.238 port 51425:11: Bye Bye [preauth]
Jun 23 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: Disconnected from 189.147.19.238 port 51425 [preauth]
Jun 23 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 23 22:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Failed password for root from 103.77.175.15 port 40156 ssh2
Jun 23 22:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Connection closed by 103.77.175.15 port 40156 [preauth]
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session closed for user root
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15477]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15543]: Successful su for rubyman by root
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15543]: + ??? root:rubyman
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579943 of user rubyman.
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15543]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579943.
Jun 23 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session closed for user root
Jun 23 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12947]: pam_unix(cron:session): session closed for user root
Jun 23 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15478]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14591]: pam_unix(cron:session): session closed for user root
Jun 23 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 22:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Failed password for root from 193.37.70.224 port 47216 ssh2
Jun 23 22:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Connection closed by 193.37.70.224 port 47216 [preauth]
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15898]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15962]: Successful su for rubyman by root
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15962]: + ??? root:rubyman
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579950 of user rubyman.
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15962]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579950.
Jun 23 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Invalid user hadoop from 43.173.69.147
Jun 23 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: input_userauth_request: invalid user hadoop [preauth]
Jun 23 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session closed for user root
Jun 23 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Failed password for invalid user hadoop from 43.173.69.147 port 49542 ssh2
Jun 23 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Received disconnect from 43.173.69.147 port 49542:11: Bye Bye [preauth]
Jun 23 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Disconnected from 43.173.69.147 port 49542 [preauth]
Jun 23 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: Failed password for root from 103.176.20.57 port 59724 ssh2
Jun 23 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: Connection closed by 103.176.20.57 port 59724 [preauth]
Jun 23 22:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Failed password for root from 103.172.78.219 port 37060 ssh2
Jun 23 22:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Connection closed by 103.172.78.219 port 37060 [preauth]
Jun 23 22:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: Invalid user ubuntu from 189.147.19.238
Jun 23 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15082]: pam_unix(cron:session): session closed for user root
Jun 23 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: Failed password for invalid user ubuntu from 189.147.19.238 port 59457 ssh2
Jun 23 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: Received disconnect from 189.147.19.238 port 59457:11: Bye Bye [preauth]
Jun 23 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: Disconnected from 189.147.19.238 port 59457 [preauth]
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16360]: Successful su for rubyman by root
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16360]: + ??? root:rubyman
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579954 of user rubyman.
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16360]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579954.
Jun 23 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session closed for user root
Jun 23 22:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session closed for user root
Jun 23 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16692]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16752]: Successful su for rubyman by root
Jun 23 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16752]: + ??? root:rubyman
Jun 23 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579957 of user rubyman.
Jun 23 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16752]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579957.
Jun 23 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14201]: pam_unix(cron:session): session closed for user root
Jun 23 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: Invalid user debian from 43.173.69.147
Jun 23 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: input_userauth_request: invalid user debian [preauth]
Jun 23 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16693]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: Failed password for invalid user debian from 43.173.69.147 port 37612 ssh2
Jun 23 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: Received disconnect from 43.173.69.147 port 37612:11: Bye Bye [preauth]
Jun 23 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: Disconnected from 43.173.69.147 port 37612 [preauth]
Jun 23 22:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238  user=root
Jun 23 22:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Failed password for root from 189.147.19.238 port 45510 ssh2
Jun 23 22:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Received disconnect from 189.147.19.238 port 45510:11: Bye Bye [preauth]
Jun 23 22:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Disconnected from 189.147.19.238 port 45510 [preauth]
Jun 23 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session closed for user root
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17185]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17242]: Successful su for rubyman by root
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17242]: + ??? root:rubyman
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579961 of user rubyman.
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17242]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579961.
Jun 23 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14590]: pam_unix(cron:session): session closed for user root
Jun 23 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17186]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session closed for user root
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17602]: pam_unix(cron:session): session closed for user root
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17597]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: Successful su for rubyman by root
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: + ??? root:rubyman
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579965 of user rubyman.
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579965.
Jun 23 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147  user=root
Jun 23 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17599]: pam_unix(cron:session): session closed for user root
Jun 23 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session closed for user root
Jun 23 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: Failed password for root from 43.173.69.147 port 38222 ssh2
Jun 23 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: Received disconnect from 43.173.69.147 port 38222:11: Bye Bye [preauth]
Jun 23 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17804]: Disconnected from 43.173.69.147 port 38222 [preauth]
Jun 23 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Invalid user ghostadmin from 189.147.19.238
Jun 23 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: input_userauth_request: invalid user ghostadmin [preauth]
Jun 23 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17598]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Failed password for invalid user ghostadmin from 189.147.19.238 port 19426 ssh2
Jun 23 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Received disconnect from 189.147.19.238 port 19426:11: Bye Bye [preauth]
Jun 23 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Disconnected from 189.147.19.238 port 19426 [preauth]
Jun 23 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16696]: pam_unix(cron:session): session closed for user root
Jun 23 22:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Connection closed by 194.59.206.2 port 57324 [preauth]
Jun 23 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18140]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18215]: Successful su for rubyman by root
Jun 23 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18215]: + ??? root:rubyman
Jun 23 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579972 of user rubyman.
Jun 23 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18215]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579972.
Jun 23 22:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session closed for user root
Jun 23 22:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18141]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17188]: pam_unix(cron:session): session closed for user root
Jun 23 22:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238  user=root
Jun 23 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Failed password for root from 189.147.19.238 port 10519 ssh2
Jun 23 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Received disconnect from 189.147.19.238 port 10519:11: Bye Bye [preauth]
Jun 23 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Disconnected from 189.147.19.238 port 10519 [preauth]
Jun 23 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147  user=root
Jun 23 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18654]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: Successful su for rubyman by root
Jun 23 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: + ??? root:rubyman
Jun 23 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579977 of user rubyman.
Jun 23 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579977.
Jun 23 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18651]: Failed password for root from 43.173.69.147 port 42100 ssh2
Jun 23 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18651]: Received disconnect from 43.173.69.147 port 42100:11: Bye Bye [preauth]
Jun 23 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18651]: Disconnected from 43.173.69.147 port 42100 [preauth]
Jun 23 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session closed for user root
Jun 23 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18655]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17601]: pam_unix(cron:session): session closed for user root
Jun 23 22:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 22:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: Failed password for root from 109.237.96.109 port 59280 ssh2
Jun 23 22:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19021]: Connection closed by 109.237.96.109 port 59280 [preauth]
Jun 23 22:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 22:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: Failed password for root from 194.113.233.25 port 52582 ssh2
Jun 23 22:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19031]: Connection closed by 194.113.233.25 port 52582 [preauth]
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19071]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: Successful su for rubyman by root
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: + ??? root:rubyman
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579980 of user rubyman.
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579980.
Jun 23 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session closed for user root
Jun 23 22:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19490]: Invalid user vpn from 189.147.19.238
Jun 23 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19490]: input_userauth_request: invalid user vpn [preauth]
Jun 23 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19490]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18143]: pam_unix(cron:session): session closed for user root
Jun 23 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19490]: Failed password for invalid user vpn from 189.147.19.238 port 16581 ssh2
Jun 23 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19490]: Received disconnect from 189.147.19.238 port 16581:11: Bye Bye [preauth]
Jun 23 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19490]: Disconnected from 189.147.19.238 port 16581 [preauth]
Jun 23 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Invalid user tester from 43.173.69.147
Jun 23 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: input_userauth_request: invalid user tester [preauth]
Jun 23 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Failed password for invalid user tester from 43.173.69.147 port 32836 ssh2
Jun 23 22:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Received disconnect from 43.173.69.147 port 32836:11: Bye Bye [preauth]
Jun 23 22:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Disconnected from 43.173.69.147 port 32836 [preauth]
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19775]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19775]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19849]: Successful su for rubyman by root
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19849]: + ??? root:rubyman
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579984 of user rubyman.
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19849]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579984.
Jun 23 22:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16695]: pam_unix(cron:session): session closed for user root
Jun 23 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19776]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Invalid user doris from 2.57.121.112
Jun 23 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: input_userauth_request: invalid user doris [preauth]
Jun 23 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 22:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Failed password for invalid user doris from 2.57.121.112 port 49720 ssh2
Jun 23 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Failed password for invalid user doris from 2.57.121.112 port 49720 ssh2
Jun 23 22:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Failed password for invalid user doris from 2.57.121.112 port 49720 ssh2
Jun 23 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Failed password for invalid user doris from 2.57.121.112 port 49720 ssh2
Jun 23 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Connection closed by 2.57.121.112 port 49720 [preauth]
Jun 23 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 23 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: Invalid user doris from 2.57.121.112
Jun 23 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: input_userauth_request: invalid user doris [preauth]
Jun 23 22:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: Failed password for invalid user doris from 2.57.121.112 port 41568 ssh2
Jun 23 22:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: Connection closed by 2.57.121.112 port 41568 [preauth]
Jun 23 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18658]: pam_unix(cron:session): session closed for user root
Jun 23 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20281]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20282]: pam_unix(cron:session): session closed for user root
Jun 23 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20352]: Successful su for rubyman by root
Jun 23 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20352]: + ??? root:rubyman
Jun 23 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579987 of user rubyman.
Jun 23 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20352]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579987.
Jun 23 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20279]: pam_unix(cron:session): session closed for user root
Jun 23 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17187]: pam_unix(cron:session): session closed for user root
Jun 23 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20278]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Invalid user builder from 189.147.19.238
Jun 23 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: input_userauth_request: invalid user builder [preauth]
Jun 23 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Failed password for invalid user builder from 189.147.19.238 port 1456 ssh2
Jun 23 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Received disconnect from 189.147.19.238 port 1456:11: Bye Bye [preauth]
Jun 23 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Disconnected from 189.147.19.238 port 1456 [preauth]
Jun 23 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19074]: pam_unix(cron:session): session closed for user root
Jun 23 22:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Invalid user sbh from 43.173.69.147
Jun 23 22:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: input_userauth_request: invalid user sbh [preauth]
Jun 23 22:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Failed password for invalid user sbh from 43.173.69.147 port 59306 ssh2
Jun 23 22:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Received disconnect from 43.173.69.147 port 59306:11: Bye Bye [preauth]
Jun 23 22:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Disconnected from 43.173.69.147 port 59306 [preauth]
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20816]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20891]: Successful su for rubyman by root
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20891]: + ??? root:rubyman
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579993 of user rubyman.
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20891]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579993.
Jun 23 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17600]: pam_unix(cron:session): session closed for user root
Jun 23 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20817]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19780]: pam_unix(cron:session): session closed for user root
Jun 23 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21209]: Failed password for root from 38.93.206.2 port 15652 ssh2
Jun 23 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21209]: Connection closed by 38.93.206.2 port 15652 [preauth]
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21238]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21302]: Successful su for rubyman by root
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21302]: + ??? root:rubyman
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 579999 of user rubyman.
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21302]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 579999.
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: Invalid user fabien from 189.147.19.238
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: input_userauth_request: invalid user fabien [preauth]
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: Failed password for invalid user fabien from 189.147.19.238 port 4081 ssh2
Jun 23 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: Received disconnect from 189.147.19.238 port 4081:11: Bye Bye [preauth]
Jun 23 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21290]: Disconnected from 189.147.19.238 port 4081 [preauth]
Jun 23 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18142]: pam_unix(cron:session): session closed for user root
Jun 23 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21239]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20281]: pam_unix(cron:session): session closed for user root
Jun 23 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Invalid user theo from 43.173.69.147
Jun 23 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: input_userauth_request: invalid user theo [preauth]
Jun 23 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Failed password for invalid user theo from 43.173.69.147 port 38082 ssh2
Jun 23 22:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Received disconnect from 43.173.69.147 port 38082:11: Bye Bye [preauth]
Jun 23 22:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Disconnected from 43.173.69.147 port 38082 [preauth]
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21668]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21738]: Successful su for rubyman by root
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21738]: + ??? root:rubyman
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580001 of user rubyman.
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21738]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580001.
Jun 23 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18657]: pam_unix(cron:session): session closed for user root
Jun 23 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21669]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: Invalid user cannon from 141.98.83.240
Jun 23 22:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: input_userauth_request: invalid user cannon [preauth]
Jun 23 22:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 22:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: Failed password for invalid user cannon from 141.98.83.240 port 28740 ssh2
Jun 23 22:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: Failed password for invalid user cannon from 141.98.83.240 port 28740 ssh2
Jun 23 22:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: Failed password for invalid user cannon from 141.98.83.240 port 28740 ssh2
Jun 23 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: Connection closed by 141.98.83.240 port 28740 [preauth]
Jun 23 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20820]: pam_unix(cron:session): session closed for user root
Jun 23 22:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: Invalid user mike from 189.147.19.238
Jun 23 22:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: input_userauth_request: invalid user mike [preauth]
Jun 23 22:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: Failed password for invalid user mike from 189.147.19.238 port 34252 ssh2
Jun 23 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: Received disconnect from 189.147.19.238 port 34252:11: Bye Bye [preauth]
Jun 23 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: Disconnected from 189.147.19.238 port 34252 [preauth]
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22205]: Successful su for rubyman by root
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22205]: + ??? root:rubyman
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580006 of user rubyman.
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22205]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580006.
Jun 23 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22073]: pam_unix(cron:session): session closed for user root
Jun 23 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19073]: pam_unix(cron:session): session closed for user root
Jun 23 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 23 22:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: Failed password for root from 103.27.238.114 port 47188 ssh2
Jun 23 22:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22517]: Connection closed by 103.27.238.114 port 47188 [preauth]
Jun 23 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21241]: pam_unix(cron:session): session closed for user root
Jun 23 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147  user=root
Jun 23 22:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Failed password for root from 43.173.69.147 port 48934 ssh2
Jun 23 22:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Received disconnect from 43.173.69.147 port 48934:11: Bye Bye [preauth]
Jun 23 22:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Disconnected from 43.173.69.147 port 48934 [preauth]
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22673]: pam_unix(cron:session): session closed for user root
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22668]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22739]: Successful su for rubyman by root
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22739]: + ??? root:rubyman
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580013 of user rubyman.
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22739]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580013.
Jun 23 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22670]: pam_unix(cron:session): session closed for user root
Jun 23 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19779]: pam_unix(cron:session): session closed for user root
Jun 23 22:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22669]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21672]: pam_unix(cron:session): session closed for user root
Jun 23 22:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: Invalid user frappe from 189.147.19.238
Jun 23 22:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: input_userauth_request: invalid user frappe [preauth]
Jun 23 22:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: Failed password for invalid user frappe from 189.147.19.238 port 33564 ssh2
Jun 23 22:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: Received disconnect from 189.147.19.238 port 33564:11: Bye Bye [preauth]
Jun 23 22:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23052]: Disconnected from 189.147.19.238 port 33564 [preauth]
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23102]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23169]: Successful su for rubyman by root
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23169]: + ??? root:rubyman
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23169]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580018 of user rubyman.
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23169]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580018.
Jun 23 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20280]: pam_unix(cron:session): session closed for user root
Jun 23 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23104]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22078]: pam_unix(cron:session): session closed for user root
Jun 23 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: Invalid user ubuntu from 43.173.69.147
Jun 23 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: input_userauth_request: invalid user ubuntu [preauth]
Jun 23 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: Failed password for invalid user ubuntu from 43.173.69.147 port 38232 ssh2
Jun 23 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: Received disconnect from 43.173.69.147 port 38232:11: Bye Bye [preauth]
Jun 23 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23474]: Disconnected from 43.173.69.147 port 38232 [preauth]
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23530]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23591]: Successful su for rubyman by root
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23591]: + ??? root:rubyman
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580022 of user rubyman.
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23591]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580022.
Jun 23 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20819]: pam_unix(cron:session): session closed for user root
Jun 23 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23532]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Invalid user debian from 189.147.19.238
Jun 23 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: input_userauth_request: invalid user debian [preauth]
Jun 23 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238
Jun 23 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Failed password for invalid user debian from 189.147.19.238 port 32173 ssh2
Jun 23 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Received disconnect from 189.147.19.238 port 32173:11: Bye Bye [preauth]
Jun 23 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Disconnected from 189.147.19.238 port 32173 [preauth]
Jun 23 22:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22672]: pam_unix(cron:session): session closed for user root
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24049]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24112]: Successful su for rubyman by root
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24112]: + ??? root:rubyman
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580024 of user rubyman.
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24112]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580024.
Jun 23 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21240]: pam_unix(cron:session): session closed for user root
Jun 23 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24050]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23106]: pam_unix(cron:session): session closed for user root
Jun 23 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147  user=root
Jun 23 22:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24407]: Failed password for root from 43.173.69.147 port 34586 ssh2
Jun 23 22:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24407]: Received disconnect from 43.173.69.147 port 34586:11: Bye Bye [preauth]
Jun 23 22:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24407]: Disconnected from 43.173.69.147 port 34586 [preauth]
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24476]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24534]: Successful su for rubyman by root
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24534]: + ??? root:rubyman
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580028 of user rubyman.
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24534]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580028.
Jun 23 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21671]: pam_unix(cron:session): session closed for user root
Jun 23 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24477]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.147.19.238  user=root
Jun 23 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Failed password for root from 189.147.19.238 port 48444 ssh2
Jun 23 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Received disconnect from 189.147.19.238 port 48444:11: Bye Bye [preauth]
Jun 23 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Disconnected from 189.147.19.238 port 48444 [preauth]
Jun 23 22:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24799]: Received disconnect from 50.6.197.105 port 56900:11: disconnected by user [preauth]
Jun 23 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24799]: Disconnected from 50.6.197.105 port 56900 [preauth]
Jun 23 22:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23534]: pam_unix(cron:session): session closed for user root
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24895]: pam_unix(cron:session): session closed for user root
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24890]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24955]: Successful su for rubyman by root
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24955]: + ??? root:rubyman
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580036 of user rubyman.
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24955]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580036.
Jun 23 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session closed for user root
Jun 23 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24892]: pam_unix(cron:session): session closed for user root
Jun 23 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24891]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 23 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Failed password for root from 62.133.62.83 port 49186 ssh2
Jun 23 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Connection closed by 62.133.62.83 port 49186 [preauth]
Jun 23 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24052]: pam_unix(cron:session): session closed for user root
Jun 23 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: Invalid user fr from 43.173.69.147
Jun 23 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: input_userauth_request: invalid user fr [preauth]
Jun 23 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: Failed password for invalid user fr from 43.173.69.147 port 35964 ssh2
Jun 23 22:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: Received disconnect from 43.173.69.147 port 35964:11: Bye Bye [preauth]
Jun 23 22:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: Disconnected from 43.173.69.147 port 35964 [preauth]
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25321]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25319]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25386]: Successful su for rubyman by root
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25386]: + ??? root:rubyman
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580039 of user rubyman.
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25386]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580039.
Jun 23 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22671]: pam_unix(cron:session): session closed for user root
Jun 23 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25320]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24479]: pam_unix(cron:session): session closed for user root
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25780]: Successful su for rubyman by root
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25780]: + ??? root:rubyman
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580044 of user rubyman.
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25780]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580044.
Jun 23 22:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23105]: pam_unix(cron:session): session closed for user root
Jun 23 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 23 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25890]: Failed password for root from 103.82.20.28 port 50174 ssh2
Jun 23 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25890]: Connection closed by 103.82.20.28 port 50174 [preauth]
Jun 23 22:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24894]: pam_unix(cron:session): session closed for user root
Jun 23 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Invalid user administrator from 43.173.69.147
Jun 23 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: input_userauth_request: invalid user administrator [preauth]
Jun 23 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.173.69.147
Jun 23 22:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Failed password for invalid user administrator from 43.173.69.147 port 35998 ssh2
Jun 23 22:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Received disconnect from 43.173.69.147 port 35998:11: Bye Bye [preauth]
Jun 23 22:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Disconnected from 43.173.69.147 port 35998 [preauth]
Jun 23 22:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: Connection closed by 103.77.242.62 port 50858 [preauth]
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26175]: Successful su for rubyman by root
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26175]: + ??? root:rubyman
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580046 of user rubyman.
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26175]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580046.
Jun 23 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23533]: pam_unix(cron:session): session closed for user root
Jun 23 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: Invalid user admin from 193.46.255.86
Jun 23 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: input_userauth_request: invalid user admin [preauth]
Jun 23 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25322]: pam_unix(cron:session): session closed for user root
Jun 23 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: Failed password for invalid user admin from 193.46.255.86 port 30818 ssh2
Jun 23 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: Failed password for invalid user admin from 193.46.255.86 port 30818 ssh2
Jun 23 22:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 22:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: Failed password for invalid user admin from 193.46.255.86 port 30818 ssh2
Jun 23 22:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: Connection closed by 193.46.255.86 port 30818 [preauth]
Jun 23 22:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26418]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26505]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26565]: Successful su for rubyman by root
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26565]: + ??? root:rubyman
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580050 of user rubyman.
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26565]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580050.
Jun 23 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24051]: pam_unix(cron:session): session closed for user root
Jun 23 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26506]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session closed for user root
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26993]: pam_unix(cron:session): session closed for user root
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26988]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27058]: Successful su for rubyman by root
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27058]: + ??? root:rubyman
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580058 of user rubyman.
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27058]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580058.
Jun 23 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session closed for user root
Jun 23 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24478]: pam_unix(cron:session): session closed for user root
Jun 23 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26989]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session closed for user root
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27436]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27508]: Successful su for rubyman by root
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27508]: + ??? root:rubyman
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580062 of user rubyman.
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27508]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580062.
Jun 23 22:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session closed for user root
Jun 23 22:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27437]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session closed for user root
Jun 23 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27844]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27911]: Successful su for rubyman by root
Jun 23 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27911]: + ??? root:rubyman
Jun 23 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580065 of user rubyman.
Jun 23 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27911]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580065.
Jun 23 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25321]: pam_unix(cron:session): session closed for user root
Jun 23 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27845]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26992]: pam_unix(cron:session): session closed for user root
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28304]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28367]: Successful su for rubyman by root
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28367]: + ??? root:rubyman
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580068 of user rubyman.
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28367]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580068.
Jun 23 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session closed for user root
Jun 23 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27439]: pam_unix(cron:session): session closed for user root
Jun 23 22:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 23 22:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Failed password for root from 80.66.85.226 port 41254 ssh2
Jun 23 22:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Connection closed by 80.66.85.226 port 41254 [preauth]
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28860]: Successful su for rubyman by root
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28860]: + ??? root:rubyman
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580072 of user rubyman.
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28860]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580072.
Jun 23 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session closed for user root
Jun 23 22:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27847]: pam_unix(cron:session): session closed for user root
Jun 23 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29225]: pam_unix(cron:session): session closed for user root
Jun 23 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29304]: Successful su for rubyman by root
Jun 23 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29304]: + ??? root:rubyman
Jun 23 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580079 of user rubyman.
Jun 23 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29304]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580079.
Jun 23 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29221]: pam_unix(cron:session): session closed for user root
Jun 23 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26507]: pam_unix(cron:session): session closed for user root
Jun 23 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29220]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session closed for user root
Jun 23 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29782]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29862]: Successful su for rubyman by root
Jun 23 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29862]: + ??? root:rubyman
Jun 23 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580083 of user rubyman.
Jun 23 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29862]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580083.
Jun 23 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 23 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: Failed password for root from 103.27.238.116 port 53422 ssh2
Jun 23 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: Connection closed by 103.27.238.116 port 53422 [preauth]
Jun 23 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26991]: pam_unix(cron:session): session closed for user root
Jun 23 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session closed for user root
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30217]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30279]: Successful su for rubyman by root
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30279]: + ??? root:rubyman
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580086 of user rubyman.
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30279]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580086.
Jun 23 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27438]: pam_unix(cron:session): session closed for user root
Jun 23 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30218]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29224]: pam_unix(cron:session): session closed for user root
Jun 23 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30633]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: Successful su for rubyman by root
Jun 23 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: + ??? root:rubyman
Jun 23 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580090 of user rubyman.
Jun 23 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580090.
Jun 23 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27846]: pam_unix(cron:session): session closed for user root
Jun 23 22:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30634]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session closed for user root
Jun 23 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31123]: pam_unix(cron:session): session closed for user p13x
Jun 23 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31184]: Successful su for rubyman by root
Jun 23 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31184]: + ??? root:rubyman
Jun 23 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580094 of user rubyman.
Jun 23 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31184]: pam_unix(su:session): session closed for user rubyman
Jun 23 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580094.
Jun 23 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session closed for user root
Jun 23 22:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31125]: pam_unix(cron:session): session closed for user samftp
Jun 23 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30221]: pam_unix(cron:session): session closed for user root
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31524]: pam_unix(cron:session): session closed for user root
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31532]: pam_unix(cron:session): session closed for user root
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31522]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31710]: Successful su for rubyman by root
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31710]: + ??? root:rubyman
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580100 of user rubyman.
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31710]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580100.
Jun 23 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31525]: pam_unix(cron:session): session closed for user root
Jun 23 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28801]: pam_unix(cron:session): session closed for user root
Jun 23 23:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31523]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30636]: pam_unix(cron:session): session closed for user root
Jun 23 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32142]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32213]: Successful su for rubyman by root
Jun 23 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32213]: + ??? root:rubyman
Jun 23 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580106 of user rubyman.
Jun 23 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32213]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580106.
Jun 23 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29222]: pam_unix(cron:session): session closed for user root
Jun 23 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32143]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31127]: pam_unix(cron:session): session closed for user root
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32548]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32609]: Successful su for rubyman by root
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32609]: + ??? root:rubyman
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580109 of user rubyman.
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32609]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580109.
Jun 23 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session closed for user root
Jun 23 23:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32549]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31531]: pam_unix(cron:session): session closed for user root
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[695]: Successful su for rubyman by root
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[695]: + ??? root:rubyman
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580115 of user rubyman.
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[695]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580115.
Jun 23 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30220]: pam_unix(cron:session): session closed for user root
Jun 23 23:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[628]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32145]: pam_unix(cron:session): session closed for user root
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1068]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1150]: Successful su for rubyman by root
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1150]: + ??? root:rubyman
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580118 of user rubyman.
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1150]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580118.
Jun 23 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30635]: pam_unix(cron:session): session closed for user root
Jun 23 23:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1069]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32551]: pam_unix(cron:session): session closed for user root
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1633]: pam_unix(cron:session): session closed for user root
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1624]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1700]: Successful su for rubyman by root
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1700]: + ??? root:rubyman
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580124 of user rubyman.
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1700]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580124.
Jun 23 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1629]: pam_unix(cron:session): session closed for user root
Jun 23 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31126]: pam_unix(cron:session): session closed for user root
Jun 23 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1625]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[631]: pam_unix(cron:session): session closed for user root
Jun 23 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 23 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Failed password for root from 103.122.221.179 port 44602 ssh2
Jun 23 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Connection closed by 103.122.221.179 port 44602 [preauth]
Jun 23 23:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Received disconnect from 86.111.187.163 port 37700:11: disconnected by user [preauth]
Jun 23 23:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Disconnected from 86.111.187.163 port 37700 [preauth]
Jun 23 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2141]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2225]: Successful su for rubyman by root
Jun 23 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2225]: + ??? root:rubyman
Jun 23 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580128 of user rubyman.
Jun 23 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2225]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580128.
Jun 23 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31526]: pam_unix(cron:session): session closed for user root
Jun 23 23:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2142]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1075]: pam_unix(cron:session): session closed for user root
Jun 23 23:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 23 23:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Failed password for root from 147.45.211.215 port 41264 ssh2
Jun 23 23:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Connection closed by 147.45.211.215 port 41264 [preauth]
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2578]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2649]: Successful su for rubyman by root
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2649]: + ??? root:rubyman
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580132 of user rubyman.
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2649]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580132.
Jun 23 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32144]: pam_unix(cron:session): session closed for user root
Jun 23 23:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2579]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Invalid user harry from 141.98.83.240
Jun 23 23:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: input_userauth_request: invalid user harry [preauth]
Jun 23 23:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 23:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Failed password for invalid user harry from 141.98.83.240 port 43140 ssh2
Jun 23 23:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Failed password for invalid user harry from 141.98.83.240 port 43140 ssh2
Jun 23 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Failed password for invalid user harry from 141.98.83.240 port 43140 ssh2
Jun 23 23:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Connection closed by 141.98.83.240 port 43140 [preauth]
Jun 23 23:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 23:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1632]: pam_unix(cron:session): session closed for user root
Jun 23 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3053]: Successful su for rubyman by root
Jun 23 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3053]: + ??? root:rubyman
Jun 23 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580136 of user rubyman.
Jun 23 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3053]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580136.
Jun 23 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32550]: pam_unix(cron:session): session closed for user root
Jun 23 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2145]: pam_unix(cron:session): session closed for user root
Jun 23 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3381]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: Successful su for rubyman by root
Jun 23 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: + ??? root:rubyman
Jun 23 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580139 of user rubyman.
Jun 23 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580139.
Jun 23 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3379]: pam_unix(cron:session): session closed for user root
Jun 23 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[630]: pam_unix(cron:session): session closed for user root
Jun 23 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3382]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2581]: pam_unix(cron:session): session closed for user root
Jun 23 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session closed for user root
Jun 23 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4067]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4133]: Successful su for rubyman by root
Jun 23 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4133]: + ??? root:rubyman
Jun 23 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580144 of user rubyman.
Jun 23 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4133]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580144.
Jun 23 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4069]: pam_unix(cron:session): session closed for user root
Jun 23 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1074]: pam_unix(cron:session): session closed for user root
Jun 23 23:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4068]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session closed for user root
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4509]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4584]: Successful su for rubyman by root
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4584]: + ??? root:rubyman
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580150 of user rubyman.
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4584]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580150.
Jun 23 23:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1630]: pam_unix(cron:session): session closed for user root
Jun 23 23:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4510]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3384]: pam_unix(cron:session): session closed for user root
Jun 23 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5031]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5089]: Successful su for rubyman by root
Jun 23 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5089]: + ??? root:rubyman
Jun 23 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580155 of user rubyman.
Jun 23 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5089]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580155.
Jun 23 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2143]: pam_unix(cron:session): session closed for user root
Jun 23 23:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5032]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4071]: pam_unix(cron:session): session closed for user root
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5436]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5498]: Successful su for rubyman by root
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5498]: + ??? root:rubyman
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580158 of user rubyman.
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5498]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580158.
Jun 23 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2580]: pam_unix(cron:session): session closed for user root
Jun 23 23:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4512]: pam_unix(cron:session): session closed for user root
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5830]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5892]: Successful su for rubyman by root
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5892]: + ??? root:rubyman
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580162 of user rubyman.
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5892]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580162.
Jun 23 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user root
Jun 23 23:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5831]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5034]: pam_unix(cron:session): session closed for user root
Jun 23 23:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Invalid user admin from 2.57.121.25
Jun 23 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: input_userauth_request: invalid user admin [preauth]
Jun 23 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 23:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Failed password for invalid user admin from 2.57.121.25 port 58622 ssh2
Jun 23 23:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Failed password for invalid user admin from 2.57.121.25 port 58622 ssh2
Jun 23 23:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6223]: pam_unix(cron:session): session closed for user root
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6218]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Failed password for invalid user admin from 2.57.121.25 port 58622 ssh2
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Connection closed by 2.57.121.25 port 58622 [preauth]
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6286]: Successful su for rubyman by root
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6286]: + ??? root:rubyman
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580170 of user rubyman.
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6286]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580170.
Jun 23 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6220]: pam_unix(cron:session): session closed for user root
Jun 23 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3383]: pam_unix(cron:session): session closed for user root
Jun 23 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5439]: pam_unix(cron:session): session closed for user root
Jun 23 23:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: Received disconnect from 144.217.74.127 port 38312:11: disconnected by user [preauth]
Jun 23 23:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: Disconnected from 144.217.74.127 port 38312 [preauth]
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6641]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: Successful su for rubyman by root
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: + ??? root:rubyman
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580174 of user rubyman.
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580174.
Jun 23 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4070]: pam_unix(cron:session): session closed for user root
Jun 23 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6642]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5833]: pam_unix(cron:session): session closed for user root
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session closed for user root
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7148]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7217]: Successful su for rubyman by root
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7217]: + ??? root:rubyman
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580178 of user rubyman.
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7217]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580178.
Jun 23 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4511]: pam_unix(cron:session): session closed for user root
Jun 23 23:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7149]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session closed for user root
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7556]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7638]: Successful su for rubyman by root
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7638]: + ??? root:rubyman
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580181 of user rubyman.
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7638]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580181.
Jun 23 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5033]: pam_unix(cron:session): session closed for user root
Jun 23 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7557]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6644]: pam_unix(cron:session): session closed for user root
Jun 23 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8099]: Successful su for rubyman by root
Jun 23 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8099]: + ??? root:rubyman
Jun 23 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580186 of user rubyman.
Jun 23 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8099]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580186.
Jun 23 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5438]: pam_unix(cron:session): session closed for user root
Jun 23 23:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8038]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 23 23:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: Failed password for root from 103.15.222.183 port 37312 ssh2
Jun 23 23:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: Connection closed by 103.15.222.183 port 37312 [preauth]
Jun 23 23:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 23 23:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: Failed password for root from 87.251.79.125 port 47918 ssh2
Jun 23 23:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: Connection closed by 87.251.79.125 port 47918 [preauth]
Jun 23 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 23 23:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7152]: pam_unix(cron:session): session closed for user root
Jun 23 23:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Failed password for root from 38.93.206.2 port 31370 ssh2
Jun 23 23:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Connection closed by 38.93.206.2 port 31370 [preauth]
Jun 23 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8439]: pam_unix(cron:session): session closed for user root
Jun 23 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8505]: Successful su for rubyman by root
Jun 23 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8505]: + ??? root:rubyman
Jun 23 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580189 of user rubyman.
Jun 23 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8505]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580189.
Jun 23 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session closed for user root
Jun 23 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5832]: pam_unix(cron:session): session closed for user root
Jun 23 23:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8433]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: Failed password for root from 202.178.126.219 port 61069 ssh2
Jun 23 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: Connection closed by 202.178.126.219 port 61069 [preauth]
Jun 23 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7561]: pam_unix(cron:session): session closed for user root
Jun 23 23:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 23 23:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: Failed password for root from 103.149.28.157 port 43254 ssh2
Jun 23 23:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: Connection closed by 103.149.28.157 port 43254 [preauth]
Jun 23 23:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 23 23:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: Failed password for root from 147.45.199.80 port 53466 ssh2
Jun 23 23:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: Connection closed by 147.45.199.80 port 53466 [preauth]
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8865]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8941]: Successful su for rubyman by root
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8941]: + ??? root:rubyman
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580195 of user rubyman.
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8941]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580195.
Jun 23 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session closed for user root
Jun 23 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8866]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8040]: pam_unix(cron:session): session closed for user root
Jun 23 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9274]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9337]: Successful su for rubyman by root
Jun 23 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9337]: + ??? root:rubyman
Jun 23 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580200 of user rubyman.
Jun 23 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9337]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580200.
Jun 23 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6643]: pam_unix(cron:session): session closed for user root
Jun 23 23:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9275]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session closed for user root
Jun 23 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9657]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9720]: Successful su for rubyman by root
Jun 23 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9720]: + ??? root:rubyman
Jun 23 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580203 of user rubyman.
Jun 23 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9720]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580203.
Jun 23 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7150]: pam_unix(cron:session): session closed for user root
Jun 23 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9658]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 23 23:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Failed password for root from 103.153.68.219 port 48394 ssh2
Jun 23 23:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Connection closed by 103.153.68.219 port 48394 [preauth]
Jun 23 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session closed for user root
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10322]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10392]: Successful su for rubyman by root
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10392]: + ??? root:rubyman
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580207 of user rubyman.
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10392]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580207.
Jun 23 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7559]: pam_unix(cron:session): session closed for user root
Jun 23 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10325]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 23 23:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: Failed password for root from 77.94.47.83 port 59122 ssh2
Jun 23 23:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: Connection closed by 77.94.47.83 port 59122 [preauth]
Jun 23 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session closed for user root
Jun 23 23:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10750]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10748]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10750]: pam_unix(cron:session): session closed for user root
Jun 23 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: Successful su for rubyman by root
Jun 23 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: + ??? root:rubyman
Jun 23 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580216 of user rubyman.
Jun 23 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580216.
Jun 23 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10747]: pam_unix(cron:session): session closed for user root
Jun 23 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session closed for user root
Jun 23 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: Connection closed by 211.25.195.201 port 58407 [preauth]
Jun 23 23:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10744]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9660]: pam_unix(cron:session): session closed for user root
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11193]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11264]: Successful su for rubyman by root
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11264]: + ??? root:rubyman
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580217 of user rubyman.
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11264]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580217.
Jun 23 23:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8436]: pam_unix(cron:session): session closed for user root
Jun 23 23:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11194]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: Received disconnect from 213.152.185.117 port 18840:11: disconnected by user [preauth]
Jun 23 23:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: Disconnected from 213.152.185.117 port 18840 [preauth]
Jun 23 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10327]: pam_unix(cron:session): session closed for user root
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11611]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11673]: Successful su for rubyman by root
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11673]: + ??? root:rubyman
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580223 of user rubyman.
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11673]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580223.
Jun 23 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8868]: pam_unix(cron:session): session closed for user root
Jun 23 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11616]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10749]: pam_unix(cron:session): session closed for user root
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12076]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12135]: Successful su for rubyman by root
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12135]: + ??? root:rubyman
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580226 of user rubyman.
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12135]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580226.
Jun 23 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9277]: pam_unix(cron:session): session closed for user root
Jun 23 23:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12077]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session closed for user root
Jun 23 23:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 23 23:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Failed password for root from 51.250.105.222 port 37550 ssh2
Jun 23 23:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Connection closed by 51.250.105.222 port 37550 [preauth]
Jun 23 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12593]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12657]: Successful su for rubyman by root
Jun 23 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12657]: + ??? root:rubyman
Jun 23 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580230 of user rubyman.
Jun 23 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12657]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580230.
Jun 23 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9659]: pam_unix(cron:session): session closed for user root
Jun 23 23:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12594]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11618]: pam_unix(cron:session): session closed for user root
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13008]: pam_unix(cron:session): session closed for user root
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13002]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13074]: Successful su for rubyman by root
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13074]: + ??? root:rubyman
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580237 of user rubyman.
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13074]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580237.
Jun 23 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13004]: pam_unix(cron:session): session closed for user root
Jun 23 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10326]: pam_unix(cron:session): session closed for user root
Jun 23 23:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13003]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12079]: pam_unix(cron:session): session closed for user root
Jun 23 23:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13396]: Connection closed by 194.59.206.2 port 13512 [preauth]
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13445]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13522]: Successful su for rubyman by root
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13522]: + ??? root:rubyman
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580239 of user rubyman.
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13522]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580239.
Jun 23 23:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10748]: pam_unix(cron:session): session closed for user root
Jun 23 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13446]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12596]: pam_unix(cron:session): session closed for user root
Jun 23 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13859]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13924]: Successful su for rubyman by root
Jun 23 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13924]: + ??? root:rubyman
Jun 23 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580244 of user rubyman.
Jun 23 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13924]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580244.
Jun 23 23:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11195]: pam_unix(cron:session): session closed for user root
Jun 23 23:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13860]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13007]: pam_unix(cron:session): session closed for user root
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14251]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14311]: Successful su for rubyman by root
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14311]: + ??? root:rubyman
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580248 of user rubyman.
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14311]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580248.
Jun 23 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11617]: pam_unix(cron:session): session closed for user root
Jun 23 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14252]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13448]: pam_unix(cron:session): session closed for user root
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14649]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14791]: Successful su for rubyman by root
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14791]: + ??? root:rubyman
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580253 of user rubyman.
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14791]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580253.
Jun 23 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12078]: pam_unix(cron:session): session closed for user root
Jun 23 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14650]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session closed for user root
Jun 23 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15134]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15137]: pam_unix(cron:session): session closed for user root
Jun 23 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15202]: Successful su for rubyman by root
Jun 23 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15202]: + ??? root:rubyman
Jun 23 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580256 of user rubyman.
Jun 23 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15202]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580256.
Jun 23 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session closed for user root
Jun 23 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session closed for user root
Jun 23 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14254]: pam_unix(cron:session): session closed for user root
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15545]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15613]: Successful su for rubyman by root
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15613]: + ??? root:rubyman
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580262 of user rubyman.
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15613]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580262.
Jun 23 23:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13005]: pam_unix(cron:session): session closed for user root
Jun 23 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Invalid user admin from 141.98.83.240
Jun 23 23:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: input_userauth_request: invalid user admin [preauth]
Jun 23 23:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 23:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Failed password for invalid user admin from 141.98.83.240 port 15984 ssh2
Jun 23 23:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Failed password for invalid user admin from 141.98.83.240 port 15984 ssh2
Jun 23 23:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Failed password for invalid user admin from 141.98.83.240 port 15984 ssh2
Jun 23 23:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Connection closed by 141.98.83.240 port 15984 [preauth]
Jun 23 23:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 23 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14673]: pam_unix(cron:session): session closed for user root
Jun 23 23:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: Received disconnect from 102.129.200.117 port 52896:11: disconnected by user [preauth]
Jun 23 23:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: Disconnected from 102.129.200.117 port 52896 [preauth]
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16001]: Successful su for rubyman by root
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16001]: + ??? root:rubyman
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580265 of user rubyman.
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16001]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580265.
Jun 23 23:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13447]: pam_unix(cron:session): session closed for user root
Jun 23 23:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15944]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15136]: pam_unix(cron:session): session closed for user root
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16332]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: Successful su for rubyman by root
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: + ??? root:rubyman
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580270 of user rubyman.
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580270.
Jun 23 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session closed for user root
Jun 23 23:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16333]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session closed for user root
Jun 23 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16724]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16858]: Successful su for rubyman by root
Jun 23 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16858]: + ??? root:rubyman
Jun 23 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580274 of user rubyman.
Jun 23 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16858]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580274.
Jun 23 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session closed for user root
Jun 23 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session closed for user root
Jun 23 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16725]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17167]: Invalid user baike from 186.251.71.202
Jun 23 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17167]: input_userauth_request: invalid user baike [preauth]
Jun 23 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17167]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 23 23:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17167]: Failed password for invalid user baike from 186.251.71.202 port 55413 ssh2
Jun 23 23:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17167]: Received disconnect from 186.251.71.202 port 55413:11: Bye Bye [preauth]
Jun 23 23:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17167]: Disconnected from 186.251.71.202 port 55413 [preauth]
Jun 23 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session closed for user root
Jun 23 23:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 23 23:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: Failed password for root from 103.27.238.120 port 34732 ssh2
Jun 23 23:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: Connection closed by 103.27.238.120 port 34732 [preauth]
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session closed for user root
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17309]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: Successful su for rubyman by root
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: + ??? root:rubyman
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580280 of user rubyman.
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580280.
Jun 23 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session closed for user root
Jun 23 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14660]: pam_unix(cron:session): session closed for user root
Jun 23 23:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16335]: pam_unix(cron:session): session closed for user root
Jun 23 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17844]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17923]: Successful su for rubyman by root
Jun 23 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17923]: + ??? root:rubyman
Jun 23 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580285 of user rubyman.
Jun 23 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17923]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580285.
Jun 23 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15134]: pam_unix(cron:session): session closed for user root
Jun 23 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17846]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 23 23:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Failed password for root from 193.37.70.224 port 60792 ssh2
Jun 23 23:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Connection closed by 193.37.70.224 port 60792 [preauth]
Jun 23 23:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session closed for user root
Jun 23 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18283]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18349]: Successful su for rubyman by root
Jun 23 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18349]: + ??? root:rubyman
Jun 23 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580288 of user rubyman.
Jun 23 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18349]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580288.
Jun 23 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session closed for user root
Jun 23 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18284]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session closed for user root
Jun 23 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: Invalid user daniel from 193.46.255.86
Jun 23 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: input_userauth_request: invalid user daniel [preauth]
Jun 23 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: Failed password for invalid user daniel from 193.46.255.86 port 29410 ssh2
Jun 23 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: Failed password for invalid user daniel from 193.46.255.86 port 29410 ssh2
Jun 23 23:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: Failed password for invalid user daniel from 193.46.255.86 port 29410 ssh2
Jun 23 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: Connection closed by 193.46.255.86 port 29410 [preauth]
Jun 23 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18779]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: Successful su for rubyman by root
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: + ??? root:rubyman
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580293 of user rubyman.
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580293.
Jun 23 23:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15945]: pam_unix(cron:session): session closed for user root
Jun 23 23:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18780]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: Received disconnect from 45.175.123.254 port 52262:11: disconnected by user [preauth]
Jun 23 23:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: Disconnected from 45.175.123.254 port 52262 [preauth]
Jun 23 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17848]: pam_unix(cron:session): session closed for user root
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19284]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19344]: Successful su for rubyman by root
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19344]: + ??? root:rubyman
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580296 of user rubyman.
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19344]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580296.
Jun 23 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16334]: pam_unix(cron:session): session closed for user root
Jun 23 23:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19285]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18286]: pam_unix(cron:session): session closed for user root
Jun 23 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19875]: Invalid user postman from 186.251.71.202
Jun 23 23:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19875]: input_userauth_request: invalid user postman [preauth]
Jun 23 23:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19875]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 23 23:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19875]: Failed password for invalid user postman from 186.251.71.202 port 48636 ssh2
Jun 23 23:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19875]: Received disconnect from 186.251.71.202 port 48636:11: Bye Bye [preauth]
Jun 23 23:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19875]: Disconnected from 186.251.71.202 port 48636 [preauth]
Jun 23 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19910]: pam_unix(cron:session): session closed for user root
Jun 23 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19905]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19974]: Successful su for rubyman by root
Jun 23 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19974]: + ??? root:rubyman
Jun 23 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580300 of user rubyman.
Jun 23 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19974]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580300.
Jun 23 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19907]: pam_unix(cron:session): session closed for user root
Jun 23 23:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16726]: pam_unix(cron:session): session closed for user root
Jun 23 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18782]: pam_unix(cron:session): session closed for user root
Jun 23 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20431]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20505]: Successful su for rubyman by root
Jun 23 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20505]: + ??? root:rubyman
Jun 23 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580306 of user rubyman.
Jun 23 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20505]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580306.
Jun 23 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session closed for user root
Jun 23 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20432]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session closed for user root
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20931]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: Successful su for rubyman by root
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: + ??? root:rubyman
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580312 of user rubyman.
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580312.
Jun 23 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17847]: pam_unix(cron:session): session closed for user root
Jun 23 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20932]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19909]: pam_unix(cron:session): session closed for user root
Jun 23 23:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 23 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21275]: Failed password for root from 103.82.132.16 port 34038 ssh2
Jun 23 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21275]: Connection closed by 103.82.132.16 port 34038 [preauth]
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21354]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21423]: Successful su for rubyman by root
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21423]: + ??? root:rubyman
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580315 of user rubyman.
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21423]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580315.
Jun 23 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18285]: pam_unix(cron:session): session closed for user root
Jun 23 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21355]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 23 23:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21656]: Failed password for root from 109.237.96.109 port 36190 ssh2
Jun 23 23:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21656]: Connection closed by 109.237.96.109 port 36190 [preauth]
Jun 23 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 23 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: Failed password for root from 194.113.233.25 port 33740 ssh2
Jun 23 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: Connection closed by 194.113.233.25 port 33740 [preauth]
Jun 23 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: Invalid user wwwold from 186.251.71.202
Jun 23 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: input_userauth_request: invalid user wwwold [preauth]
Jun 23 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 23 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: Failed password for invalid user wwwold from 186.251.71.202 port 38749 ssh2
Jun 23 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: Received disconnect from 186.251.71.202 port 38749:11: Bye Bye [preauth]
Jun 23 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: Disconnected from 186.251.71.202 port 38749 [preauth]
Jun 23 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20435]: pam_unix(cron:session): session closed for user root
Jun 23 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21800]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21864]: Successful su for rubyman by root
Jun 23 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21864]: + ??? root:rubyman
Jun 23 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580318 of user rubyman.
Jun 23 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21864]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580318.
Jun 23 23:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18781]: pam_unix(cron:session): session closed for user root
Jun 23 23:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21802]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session closed for user root
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session closed for user root
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22199]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22268]: Successful su for rubyman by root
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22268]: + ??? root:rubyman
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580322 of user rubyman.
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22268]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580322.
Jun 23 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22201]: pam_unix(cron:session): session closed for user root
Jun 23 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19286]: pam_unix(cron:session): session closed for user root
Jun 23 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22200]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21357]: pam_unix(cron:session): session closed for user root
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22712]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22782]: Successful su for rubyman by root
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22782]: + ??? root:rubyman
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580328 of user rubyman.
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22782]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580328.
Jun 23 23:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session closed for user root
Jun 23 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22713]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21804]: pam_unix(cron:session): session closed for user root
Jun 23 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: Invalid user nsrhost from 186.251.71.202
Jun 23 23:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: input_userauth_request: invalid user nsrhost [preauth]
Jun 23 23:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23128]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23189]: Successful su for rubyman by root
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23189]: + ??? root:rubyman
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580334 of user rubyman.
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23189]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580334.
Jun 23 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: Failed password for invalid user nsrhost from 186.251.71.202 port 57089 ssh2
Jun 23 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: Received disconnect from 186.251.71.202 port 57089:11: Bye Bye [preauth]
Jun 23 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23117]: Disconnected from 186.251.71.202 port 57089 [preauth]
Jun 23 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20433]: pam_unix(cron:session): session closed for user root
Jun 23 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23129]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 23 23:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Failed password for root from 103.176.20.57 port 59896 ssh2
Jun 23 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Connection closed by 103.176.20.57 port 59896 [preauth]
Jun 23 23:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22205]: pam_unix(cron:session): session closed for user root
Jun 23 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23552]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: Successful su for rubyman by root
Jun 23 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: + ??? root:rubyman
Jun 23 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580336 of user rubyman.
Jun 23 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580336.
Jun 23 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session closed for user root
Jun 23 23:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23553]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 23 23:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23824]: Failed password for root from 103.172.78.219 port 44758 ssh2
Jun 23 23:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23824]: Connection closed by 103.172.78.219 port 44758 [preauth]
Jun 23 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22716]: pam_unix(cron:session): session closed for user root
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24061]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24123]: Successful su for rubyman by root
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24123]: + ??? root:rubyman
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580340 of user rubyman.
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24123]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580340.
Jun 23 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21356]: pam_unix(cron:session): session closed for user root
Jun 23 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24062]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23131]: pam_unix(cron:session): session closed for user root
Jun 23 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24498]: pam_unix(cron:session): session closed for user root
Jun 23 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24493]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24562]: Successful su for rubyman by root
Jun 23 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24562]: + ??? root:rubyman
Jun 23 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580345 of user rubyman.
Jun 23 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24562]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580345.
Jun 23 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24495]: pam_unix(cron:session): session closed for user root
Jun 23 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21803]: pam_unix(cron:session): session closed for user root
Jun 23 23:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24494]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24815]: Invalid user bond from 186.251.71.202
Jun 23 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24815]: input_userauth_request: invalid user bond [preauth]
Jun 23 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24815]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 23 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24815]: Failed password for invalid user bond from 186.251.71.202 port 47179 ssh2
Jun 23 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24815]: Received disconnect from 186.251.71.202 port 47179:11: Bye Bye [preauth]
Jun 23 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24815]: Disconnected from 186.251.71.202 port 47179 [preauth]
Jun 23 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23555]: pam_unix(cron:session): session closed for user root
Jun 23 23:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24935]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: Successful su for rubyman by root
Jun 23 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: + ??? root:rubyman
Jun 23 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580352 of user rubyman.
Jun 23 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580352.
Jun 23 23:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22202]: pam_unix(cron:session): session closed for user root
Jun 23 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24936]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 23 23:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: Failed password for root from 202.178.126.219 port 53381 ssh2
Jun 23 23:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: Connection closed by 202.178.126.219 port 53381 [preauth]
Jun 23 23:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24064]: pam_unix(cron:session): session closed for user root
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25337]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25398]: Successful su for rubyman by root
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25398]: + ??? root:rubyman
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580355 of user rubyman.
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25398]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580355.
Jun 23 23:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22715]: pam_unix(cron:session): session closed for user root
Jun 23 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25338]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Invalid user wsp from 183.83.197.226
Jun 23 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: input_userauth_request: invalid user wsp [preauth]
Jun 23 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 23 23:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Failed password for invalid user wsp from 183.83.197.226 port 42272 ssh2
Jun 23 23:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Received disconnect from 183.83.197.226 port 42272:11: Bye Bye [preauth]
Jun 23 23:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Disconnected from 183.83.197.226 port 42272 [preauth]
Jun 23 23:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24497]: pam_unix(cron:session): session closed for user root
Jun 23 23:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Invalid user janine from 2.57.121.112
Jun 23 23:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: input_userauth_request: invalid user janine [preauth]
Jun 23 23:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 23:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Failed password for invalid user janine from 2.57.121.112 port 5348 ssh2
Jun 23 23:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Failed password for invalid user janine from 2.57.121.112 port 5348 ssh2
Jun 23 23:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Failed password for invalid user janine from 2.57.121.112 port 5348 ssh2
Jun 23 23:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Failed password for invalid user janine from 2.57.121.112 port 5348 ssh2
Jun 23 23:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Failed password for invalid user janine from 2.57.121.112 port 5348 ssh2
Jun 23 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Connection closed by 2.57.121.112 port 5348 [preauth]
Jun 23 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 23 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 23 23:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Received disconnect from 212.192.240.126 port 19906:11: disconnected by user [preauth]
Jun 23 23:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Disconnected from 212.192.240.126 port 19906 [preauth]
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25739]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25803]: Successful su for rubyman by root
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25803]: + ??? root:rubyman
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580361 of user rubyman.
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25803]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580361.
Jun 23 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23130]: pam_unix(cron:session): session closed for user root
Jun 23 23:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25740]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24938]: pam_unix(cron:session): session closed for user root
Jun 23 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Invalid user zags from 186.251.71.202
Jun 23 23:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: input_userauth_request: invalid user zags [preauth]
Jun 23 23:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 23:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 23 23:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Failed password for invalid user zags from 186.251.71.202 port 37266 ssh2
Jun 23 23:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Received disconnect from 186.251.71.202 port 37266:11: Bye Bye [preauth]
Jun 23 23:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Disconnected from 186.251.71.202 port 37266 [preauth]
Jun 23 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 23 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 23 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 23 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session closed for user p13x
Jun 23 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26191]: Successful su for rubyman by root
Jun 23 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26191]: + ??? root:rubyman
Jun 23 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 23 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580362 of user rubyman.
Jun 23 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26191]: pam_unix(su:session): session closed for user rubyman
Jun 23 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580362.
Jun 23 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23554]: pam_unix(cron:session): session closed for user root
Jun 23 23:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session closed for user samftp
Jun 23 23:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 23 23:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 23 23:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Failed password for root from 89.223.69.22 port 33866 ssh2
Jun 23 23:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Connection closed by 89.223.69.22 port 33866 [preauth]
Jun 23 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25340]: pam_unix(cron:session): session closed for user root
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26525]: pam_unix(cron:session): session closed for user root
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26521]: pam_unix(cron:session): session closed for user root
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26519]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26618]: Successful su for rubyman by root
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26618]: + ??? root:rubyman
Jun 24 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580367 of user rubyman.
Jun 24 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26618]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580367.
Jun 24 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session closed for user root
Jun 24 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26522]: pam_unix(cron:session): session closed for user root
Jun 24 00:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26520]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Invalid user rtx from 183.83.197.226
Jun 24 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: input_userauth_request: invalid user rtx [preauth]
Jun 24 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Failed password for invalid user rtx from 183.83.197.226 port 33590 ssh2
Jun 24 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Received disconnect from 183.83.197.226 port 33590:11: Bye Bye [preauth]
Jun 24 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Disconnected from 183.83.197.226 port 33590 [preauth]
Jun 24 00:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25742]: pam_unix(cron:session): session closed for user root
Jun 24 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27104]: pam_unix(cron:session): session closed for user root
Jun 24 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27106]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27181]: Successful su for rubyman by root
Jun 24 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27181]: + ??? root:rubyman
Jun 24 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580377 of user rubyman.
Jun 24 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27181]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580377.
Jun 24 00:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24496]: pam_unix(cron:session): session closed for user root
Jun 24 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27107]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26131]: pam_unix(cron:session): session closed for user root
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27540]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27537]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27600]: Successful su for rubyman by root
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27600]: + ??? root:rubyman
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580378 of user rubyman.
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27600]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580378.
Jun 24 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session closed for user root
Jun 24 00:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27538]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: Invalid user imageserver from 186.251.71.202
Jun 24 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: input_userauth_request: invalid user imageserver [preauth]
Jun 24 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: Failed password for invalid user imageserver from 186.251.71.202 port 55598 ssh2
Jun 24 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: Received disconnect from 186.251.71.202 port 55598:11: Bye Bye [preauth]
Jun 24 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: Disconnected from 186.251.71.202 port 55598 [preauth]
Jun 24 00:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26524]: pam_unix(cron:session): session closed for user root
Jun 24 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27941]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: Successful su for rubyman by root
Jun 24 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: + ??? root:rubyman
Jun 24 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580382 of user rubyman.
Jun 24 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580382.
Jun 24 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25339]: pam_unix(cron:session): session closed for user root
Jun 24 00:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27942]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28268]: Invalid user bamboo from 183.83.197.226
Jun 24 00:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28268]: input_userauth_request: invalid user bamboo [preauth]
Jun 24 00:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28268]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28268]: Failed password for invalid user bamboo from 183.83.197.226 port 32978 ssh2
Jun 24 00:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28268]: Received disconnect from 183.83.197.226 port 32978:11: Bye Bye [preauth]
Jun 24 00:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28268]: Disconnected from 183.83.197.226 port 32978 [preauth]
Jun 24 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27109]: pam_unix(cron:session): session closed for user root
Jun 24 00:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 00:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: Failed password for root from 62.133.62.83 port 56568 ssh2
Jun 24 00:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: Connection closed by 62.133.62.83 port 56568 [preauth]
Jun 24 00:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 00:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Failed password for root from 38.93.206.2 port 2052 ssh2
Jun 24 00:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Connection closed by 38.93.206.2 port 2052 [preauth]
Jun 24 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28396]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28462]: Successful su for rubyman by root
Jun 24 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28462]: + ??? root:rubyman
Jun 24 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580386 of user rubyman.
Jun 24 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28462]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580386.
Jun 24 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25741]: pam_unix(cron:session): session closed for user root
Jun 24 00:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28397]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27540]: pam_unix(cron:session): session closed for user root
Jun 24 00:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28876]: Did not receive identification string from 77.90.185.16
Jun 24 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28910]: pam_unix(cron:session): session closed for user root
Jun 24 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28903]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28974]: Successful su for rubyman by root
Jun 24 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28974]: + ??? root:rubyman
Jun 24 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580390 of user rubyman.
Jun 24 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28974]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580390.
Jun 24 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28905]: pam_unix(cron:session): session closed for user root
Jun 24 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session closed for user root
Jun 24 00:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28904]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Invalid user ivan from 141.98.83.240
Jun 24 00:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: input_userauth_request: invalid user ivan [preauth]
Jun 24 00:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 00:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Failed password for invalid user ivan from 141.98.83.240 port 8132 ssh2
Jun 24 00:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Failed password for invalid user ivan from 141.98.83.240 port 8132 ssh2
Jun 24 00:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Failed password for invalid user ivan from 141.98.83.240 port 8132 ssh2
Jun 24 00:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: Connection closed by 141.98.83.240 port 8132 [preauth]
Jun 24 00:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29207]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27944]: pam_unix(cron:session): session closed for user root
Jun 24 00:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: Invalid user turismo from 186.251.71.202
Jun 24 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: input_userauth_request: invalid user turismo [preauth]
Jun 24 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: Failed password for invalid user turismo from 186.251.71.202 port 45701 ssh2
Jun 24 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: Received disconnect from 186.251.71.202 port 45701:11: Bye Bye [preauth]
Jun 24 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: Disconnected from 186.251.71.202 port 45701 [preauth]
Jun 24 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Invalid user listen from 183.83.197.226
Jun 24 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: input_userauth_request: invalid user listen [preauth]
Jun 24 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Failed password for invalid user listen from 183.83.197.226 port 40182 ssh2
Jun 24 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Received disconnect from 183.83.197.226 port 40182:11: Bye Bye [preauth]
Jun 24 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Disconnected from 183.83.197.226 port 40182 [preauth]
Jun 24 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: Successful su for rubyman by root
Jun 24 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: + ??? root:rubyman
Jun 24 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580396 of user rubyman.
Jun 24 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580396.
Jun 24 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26523]: pam_unix(cron:session): session closed for user root
Jun 24 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Failed password for root from 103.27.238.114 port 57764 ssh2
Jun 24 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Connection closed by 103.27.238.114 port 57764 [preauth]
Jun 24 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28399]: pam_unix(cron:session): session closed for user root
Jun 24 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29904]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29967]: Successful su for rubyman by root
Jun 24 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29967]: + ??? root:rubyman
Jun 24 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580400 of user rubyman.
Jun 24 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29967]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580400.
Jun 24 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27108]: pam_unix(cron:session): session closed for user root
Jun 24 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29905]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28909]: pam_unix(cron:session): session closed for user root
Jun 24 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 24 00:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Failed password for root from 94.159.110.201 port 53258 ssh2
Jun 24 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Connection closed by 94.159.110.201 port 53258 [preauth]
Jun 24 00:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for root from 103.77.175.15 port 50616 ssh2
Jun 24 00:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Connection closed by 103.77.175.15 port 50616 [preauth]
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30325]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: Successful su for rubyman by root
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: + ??? root:rubyman
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580404 of user rubyman.
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580404.
Jun 24 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27539]: pam_unix(cron:session): session closed for user root
Jun 24 00:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30326]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Received disconnect from 213.152.185.117 port 57830:11: disconnected by user [preauth]
Jun 24 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Disconnected from 213.152.185.117 port 57830 [preauth]
Jun 24 00:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Invalid user finanzas from 183.83.197.226
Jun 24 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: input_userauth_request: invalid user finanzas [preauth]
Jun 24 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29369]: pam_unix(cron:session): session closed for user root
Jun 24 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Failed password for invalid user finanzas from 183.83.197.226 port 39540 ssh2
Jun 24 00:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Received disconnect from 183.83.197.226 port 39540:11: Bye Bye [preauth]
Jun 24 00:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Disconnected from 183.83.197.226 port 39540 [preauth]
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: Successful su for rubyman by root
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: + ??? root:rubyman
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580410 of user rubyman.
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580410.
Jun 24 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30737]: pam_unix(cron:session): session closed for user root
Jun 24 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27943]: pam_unix(cron:session): session closed for user root
Jun 24 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Invalid user router1 from 186.251.71.202
Jun 24 00:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: input_userauth_request: invalid user router1 [preauth]
Jun 24 00:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Failed password for invalid user router1 from 186.251.71.202 port 35796 ssh2
Jun 24 00:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Received disconnect from 186.251.71.202 port 35796:11: Bye Bye [preauth]
Jun 24 00:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Disconnected from 186.251.71.202 port 35796 [preauth]
Jun 24 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29907]: pam_unix(cron:session): session closed for user root
Jun 24 00:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 00:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Failed password for root from 80.66.85.226 port 54548 ssh2
Jun 24 00:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Connection closed by 80.66.85.226 port 54548 [preauth]
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session closed for user root
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31399]: Successful su for rubyman by root
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31399]: + ??? root:rubyman
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580415 of user rubyman.
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31399]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580415.
Jun 24 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session closed for user root
Jun 24 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28398]: pam_unix(cron:session): session closed for user root
Jun 24 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30328]: pam_unix(cron:session): session closed for user root
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31866]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31943]: Successful su for rubyman by root
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31943]: + ??? root:rubyman
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580420 of user rubyman.
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31943]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580420.
Jun 24 00:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28906]: pam_unix(cron:session): session closed for user root
Jun 24 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31867]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32160]: Invalid user wizard from 183.83.197.226
Jun 24 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32160]: input_userauth_request: invalid user wizard [preauth]
Jun 24 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32160]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32160]: Failed password for invalid user wizard from 183.83.197.226 port 59464 ssh2
Jun 24 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32160]: Received disconnect from 183.83.197.226 port 59464:11: Bye Bye [preauth]
Jun 24 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32160]: Disconnected from 183.83.197.226 port 59464 [preauth]
Jun 24 00:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30742]: pam_unix(cron:session): session closed for user root
Jun 24 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32286]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32344]: Successful su for rubyman by root
Jun 24 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32344]: + ??? root:rubyman
Jun 24 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580423 of user rubyman.
Jun 24 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32344]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580423.
Jun 24 00:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29368]: pam_unix(cron:session): session closed for user root
Jun 24 00:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32287]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session closed for user root
Jun 24 00:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: Invalid user inform from 186.251.71.202
Jun 24 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: input_userauth_request: invalid user inform [preauth]
Jun 24 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: Failed password for invalid user inform from 186.251.71.202 port 54127 ssh2
Jun 24 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: Received disconnect from 186.251.71.202 port 54127:11: Bye Bye [preauth]
Jun 24 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32662]: Disconnected from 186.251.71.202 port 54127 [preauth]
Jun 24 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32693]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32762]: Successful su for rubyman by root
Jun 24 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32762]: + ??? root:rubyman
Jun 24 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580427 of user rubyman.
Jun 24 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32762]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580427.
Jun 24 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29906]: pam_unix(cron:session): session closed for user root
Jun 24 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32695]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session closed for user root
Jun 24 00:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Invalid user dresden from 183.83.197.226
Jun 24 00:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: input_userauth_request: invalid user dresden [preauth]
Jun 24 00:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Failed password for invalid user dresden from 183.83.197.226 port 58556 ssh2
Jun 24 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Received disconnect from 183.83.197.226 port 58556:11: Bye Bye [preauth]
Jun 24 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Disconnected from 183.83.197.226 port 58556 [preauth]
Jun 24 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[858]: Successful su for rubyman by root
Jun 24 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[858]: + ??? root:rubyman
Jun 24 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580432 of user rubyman.
Jun 24 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[858]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580432.
Jun 24 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30327]: pam_unix(cron:session): session closed for user root
Jun 24 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[791]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32289]: pam_unix(cron:session): session closed for user root
Jun 24 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1244]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1248]: pam_unix(cron:session): session closed for user root
Jun 24 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1242]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1322]: Successful su for rubyman by root
Jun 24 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1322]: + ??? root:rubyman
Jun 24 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580435 of user rubyman.
Jun 24 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1322]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580435.
Jun 24 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1244]: pam_unix(cron:session): session closed for user root
Jun 24 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30741]: pam_unix(cron:session): session closed for user root
Jun 24 00:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1243]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32697]: pam_unix(cron:session): session closed for user root
Jun 24 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1822]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1891]: Successful su for rubyman by root
Jun 24 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1891]: + ??? root:rubyman
Jun 24 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580443 of user rubyman.
Jun 24 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1891]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580443.
Jun 24 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session closed for user root
Jun 24 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Invalid user admin from 2.57.121.25
Jun 24 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: input_userauth_request: invalid user admin [preauth]
Jun 24 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1823]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Failed password for invalid user admin from 2.57.121.25 port 42212 ssh2
Jun 24 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Failed password for invalid user admin from 2.57.121.25 port 42212 ssh2
Jun 24 00:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Failed password for invalid user admin from 2.57.121.25 port 42212 ssh2
Jun 24 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Connection closed by 2.57.121.25 port 42212 [preauth]
Jun 24 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 00:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Invalid user activesync from 186.251.71.202
Jun 24 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: input_userauth_request: invalid user activesync [preauth]
Jun 24 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Failed password for invalid user activesync from 186.251.71.202 port 44229 ssh2
Jun 24 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Received disconnect from 186.251.71.202 port 44229:11: Bye Bye [preauth]
Jun 24 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Disconnected from 186.251.71.202 port 44229 [preauth]
Jun 24 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[793]: pam_unix(cron:session): session closed for user root
Jun 24 00:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: Invalid user groupware from 183.83.197.226
Jun 24 00:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: input_userauth_request: invalid user groupware [preauth]
Jun 24 00:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: Failed password for invalid user groupware from 183.83.197.226 port 51346 ssh2
Jun 24 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: Received disconnect from 183.83.197.226 port 51346:11: Bye Bye [preauth]
Jun 24 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2290]: Disconnected from 183.83.197.226 port 51346 [preauth]
Jun 24 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session closed for user root
Jun 24 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2314]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2381]: Successful su for rubyman by root
Jun 24 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2381]: + ??? root:rubyman
Jun 24 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580445 of user rubyman.
Jun 24 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2381]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580445.
Jun 24 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session closed for user root
Jun 24 00:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2316]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 00:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Failed password for root from 176.32.39.21 port 54142 ssh2
Jun 24 00:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Connection closed by 176.32.39.21 port 54142 [preauth]
Jun 24 00:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1247]: pam_unix(cron:session): session closed for user root
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2742]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2812]: Successful su for rubyman by root
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2812]: + ??? root:rubyman
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580450 of user rubyman.
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2812]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580450.
Jun 24 00:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32288]: pam_unix(cron:session): session closed for user root
Jun 24 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2743]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 00:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Failed password for root from 103.82.20.28 port 49968 ssh2
Jun 24 00:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Connection closed by 103.82.20.28 port 49968 [preauth]
Jun 24 00:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1825]: pam_unix(cron:session): session closed for user root
Jun 24 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3199]: Successful su for rubyman by root
Jun 24 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3199]: + ??? root:rubyman
Jun 24 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580456 of user rubyman.
Jun 24 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3199]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580456.
Jun 24 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32696]: pam_unix(cron:session): session closed for user root
Jun 24 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3141]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Invalid user snap from 183.83.197.226
Jun 24 00:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: input_userauth_request: invalid user snap [preauth]
Jun 24 00:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Failed password for invalid user snap from 183.83.197.226 port 46736 ssh2
Jun 24 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Received disconnect from 183.83.197.226 port 46736:11: Bye Bye [preauth]
Jun 24 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Disconnected from 183.83.197.226 port 46736 [preauth]
Jun 24 00:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2318]: pam_unix(cron:session): session closed for user root
Jun 24 00:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Invalid user demosite from 186.251.71.202
Jun 24 00:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: input_userauth_request: invalid user demosite [preauth]
Jun 24 00:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Failed password for invalid user demosite from 186.251.71.202 port 34330 ssh2
Jun 24 00:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Received disconnect from 186.251.71.202 port 34330:11: Bye Bye [preauth]
Jun 24 00:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Disconnected from 186.251.71.202 port 34330 [preauth]
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3540]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3545]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session closed for user root
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3537]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3608]: Successful su for rubyman by root
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3608]: + ??? root:rubyman
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580461 of user rubyman.
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3608]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580461.
Jun 24 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3539]: pam_unix(cron:session): session closed for user root
Jun 24 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[792]: pam_unix(cron:session): session closed for user root
Jun 24 00:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3538]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session closed for user root
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4162]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4236]: Successful su for rubyman by root
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4236]: + ??? root:rubyman
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580465 of user rubyman.
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4236]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580465.
Jun 24 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: Invalid user manager from 115.190.181.18
Jun 24 00:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: input_userauth_request: invalid user manager [preauth]
Jun 24 00:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.181.18
Jun 24 00:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1245]: pam_unix(cron:session): session closed for user root
Jun 24 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4163]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: Failed password for invalid user manager from 115.190.181.18 port 59748 ssh2
Jun 24 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: Received disconnect from 115.190.181.18 port 59748:11: Bye Bye [preauth]
Jun 24 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: Disconnected from 115.190.181.18 port 59748 [preauth]
Jun 24 00:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3143]: pam_unix(cron:session): session closed for user root
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4588]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4650]: Successful su for rubyman by root
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4650]: + ??? root:rubyman
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580468 of user rubyman.
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4650]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580468.
Jun 24 00:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1824]: pam_unix(cron:session): session closed for user root
Jun 24 00:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4589]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Invalid user mcu from 183.83.197.226
Jun 24 00:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: input_userauth_request: invalid user mcu [preauth]
Jun 24 00:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Failed password for invalid user mcu from 183.83.197.226 port 40290 ssh2
Jun 24 00:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Received disconnect from 183.83.197.226 port 40290:11: Bye Bye [preauth]
Jun 24 00:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Disconnected from 183.83.197.226 port 40290 [preauth]
Jun 24 00:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3545]: pam_unix(cron:session): session closed for user root
Jun 24 00:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 00:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: Failed password for root from 69.74.29.21 port 54775 ssh2
Jun 24 00:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: Received disconnect from 69.74.29.21 port 54775:11: Bye Bye [preauth]
Jun 24 00:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: Disconnected from 69.74.29.21 port 54775 [preauth]
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5096]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: Successful su for rubyman by root
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: + ??? root:rubyman
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580472 of user rubyman.
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580472.
Jun 24 00:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2317]: pam_unix(cron:session): session closed for user root
Jun 24 00:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5097]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5365]: Invalid user mailinglist from 186.251.71.202
Jun 24 00:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5365]: input_userauth_request: invalid user mailinglist [preauth]
Jun 24 00:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5365]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5365]: Failed password for invalid user mailinglist from 186.251.71.202 port 52667 ssh2
Jun 24 00:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5365]: Received disconnect from 186.251.71.202 port 52667:11: Bye Bye [preauth]
Jun 24 00:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5365]: Disconnected from 186.251.71.202 port 52667 [preauth]
Jun 24 00:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 00:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5394]: Failed password for root from 103.27.238.116 port 60572 ssh2
Jun 24 00:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5394]: Connection closed by 103.27.238.116 port 60572 [preauth]
Jun 24 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4165]: pam_unix(cron:session): session closed for user root
Jun 24 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5510]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5570]: Successful su for rubyman by root
Jun 24 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5570]: + ??? root:rubyman
Jun 24 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580477 of user rubyman.
Jun 24 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5570]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580477.
Jun 24 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session closed for user root
Jun 24 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5512]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4591]: pam_unix(cron:session): session closed for user root
Jun 24 00:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: Invalid user tci from 183.83.197.226
Jun 24 00:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: input_userauth_request: invalid user tci [preauth]
Jun 24 00:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: Failed password for invalid user tci from 183.83.197.226 port 50434 ssh2
Jun 24 00:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: Received disconnect from 183.83.197.226 port 50434:11: Bye Bye [preauth]
Jun 24 00:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5887]: Disconnected from 183.83.197.226 port 50434 [preauth]
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session closed for user root
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5907]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5973]: Successful su for rubyman by root
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5973]: + ??? root:rubyman
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580481 of user rubyman.
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5973]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580481.
Jun 24 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5909]: pam_unix(cron:session): session closed for user root
Jun 24 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3142]: pam_unix(cron:session): session closed for user root
Jun 24 00:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5908]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5099]: pam_unix(cron:session): session closed for user root
Jun 24 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6322]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6391]: Successful su for rubyman by root
Jun 24 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6391]: + ??? root:rubyman
Jun 24 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580486 of user rubyman.
Jun 24 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6391]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580486.
Jun 24 00:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3540]: pam_unix(cron:session): session closed for user root
Jun 24 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6323]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5514]: pam_unix(cron:session): session closed for user root
Jun 24 00:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: Invalid user lims from 186.251.71.202
Jun 24 00:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: input_userauth_request: invalid user lims [preauth]
Jun 24 00:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: Failed password for invalid user lims from 186.251.71.202 port 42753 ssh2
Jun 24 00:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: Received disconnect from 186.251.71.202 port 42753:11: Bye Bye [preauth]
Jun 24 00:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: Disconnected from 186.251.71.202 port 42753 [preauth]
Jun 24 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6733]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6730]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6800]: Successful su for rubyman by root
Jun 24 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6800]: + ??? root:rubyman
Jun 24 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580490 of user rubyman.
Jun 24 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6800]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580490.
Jun 24 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session closed for user root
Jun 24 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6731]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5911]: pam_unix(cron:session): session closed for user root
Jun 24 00:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: Invalid user icq from 183.83.197.226
Jun 24 00:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: input_userauth_request: invalid user icq [preauth]
Jun 24 00:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: Failed password for invalid user icq from 183.83.197.226 port 45326 ssh2
Jun 24 00:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: Received disconnect from 183.83.197.226 port 45326:11: Bye Bye [preauth]
Jun 24 00:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: Disconnected from 183.83.197.226 port 45326 [preauth]
Jun 24 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7306]: Successful su for rubyman by root
Jun 24 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7306]: + ??? root:rubyman
Jun 24 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580494 of user rubyman.
Jun 24 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7306]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580494.
Jun 24 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4590]: pam_unix(cron:session): session closed for user root
Jun 24 00:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6325]: pam_unix(cron:session): session closed for user root
Jun 24 00:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7594]: Invalid user adminuser from 182.13.96.107
Jun 24 00:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7594]: input_userauth_request: invalid user adminuser [preauth]
Jun 24 00:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7594]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 00:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7594]: Failed password for invalid user adminuser from 182.13.96.107 port 60192 ssh2
Jun 24 00:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7594]: Received disconnect from 182.13.96.107 port 60192:11: Bye Bye [preauth]
Jun 24 00:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7594]: Disconnected from 182.13.96.107 port 60192 [preauth]
Jun 24 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7744]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7803]: Successful su for rubyman by root
Jun 24 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7803]: + ??? root:rubyman
Jun 24 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580499 of user rubyman.
Jun 24 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7803]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580499.
Jun 24 00:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5098]: pam_unix(cron:session): session closed for user root
Jun 24 00:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7745]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6733]: pam_unix(cron:session): session closed for user root
Jun 24 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session closed for user root
Jun 24 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8121]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8195]: Successful su for rubyman by root
Jun 24 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8195]: + ??? root:rubyman
Jun 24 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580503 of user rubyman.
Jun 24 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8195]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580503.
Jun 24 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session closed for user root
Jun 24 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5513]: pam_unix(cron:session): session closed for user root
Jun 24 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: User sync from 186.251.71.202 not allowed because not listed in AllowUsers
Jun 24 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: input_userauth_request: invalid user sync [preauth]
Jun 24 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202  user=sync
Jun 24 00:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: Failed password for invalid user sync from 186.251.71.202 port 32835 ssh2
Jun 24 00:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: Received disconnect from 186.251.71.202 port 32835:11: Bye Bye [preauth]
Jun 24 00:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: Disconnected from 186.251.71.202 port 32835 [preauth]
Jun 24 00:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Invalid user pochta from 183.83.197.226
Jun 24 00:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: input_userauth_request: invalid user pochta [preauth]
Jun 24 00:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Failed password for invalid user pochta from 183.83.197.226 port 37198 ssh2
Jun 24 00:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Received disconnect from 183.83.197.226 port 37198:11: Bye Bye [preauth]
Jun 24 00:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Disconnected from 183.83.197.226 port 37198 [preauth]
Jun 24 00:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7249]: pam_unix(cron:session): session closed for user root
Jun 24 00:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8500]: Connection closed by 194.59.206.2 port 27218 [preauth]
Jun 24 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8628]: Successful su for rubyman by root
Jun 24 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8628]: + ??? root:rubyman
Jun 24 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580508 of user rubyman.
Jun 24 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8628]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580508.
Jun 24 00:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5910]: pam_unix(cron:session): session closed for user root
Jun 24 00:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7747]: pam_unix(cron:session): session closed for user root
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8958]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9023]: Successful su for rubyman by root
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9023]: + ??? root:rubyman
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580513 of user rubyman.
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9023]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580513.
Jun 24 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6324]: pam_unix(cron:session): session closed for user root
Jun 24 00:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8959]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8125]: pam_unix(cron:session): session closed for user root
Jun 24 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9350]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9408]: Successful su for rubyman by root
Jun 24 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9408]: + ??? root:rubyman
Jun 24 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580517 of user rubyman.
Jun 24 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9408]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580517.
Jun 24 00:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6732]: pam_unix(cron:session): session closed for user root
Jun 24 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9476]: Failed password for root from 69.74.29.21 port 28453 ssh2
Jun 24 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9476]: Received disconnect from 69.74.29.21 port 28453:11: Bye Bye [preauth]
Jun 24 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9476]: Disconnected from 69.74.29.21 port 28453 [preauth]
Jun 24 00:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Invalid user covers from 183.83.197.226
Jun 24 00:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: input_userauth_request: invalid user covers [preauth]
Jun 24 00:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Failed password for invalid user covers from 183.83.197.226 port 59762 ssh2
Jun 24 00:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Received disconnect from 183.83.197.226 port 59762:11: Bye Bye [preauth]
Jun 24 00:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Disconnected from 183.83.197.226 port 59762 [preauth]
Jun 24 00:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Invalid user vb from 186.251.71.202
Jun 24 00:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: input_userauth_request: invalid user vb [preauth]
Jun 24 00:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Failed password for invalid user vb from 186.251.71.202 port 51166 ssh2
Jun 24 00:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Received disconnect from 186.251.71.202 port 51166:11: Bye Bye [preauth]
Jun 24 00:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Disconnected from 186.251.71.202 port 51166 [preauth]
Jun 24 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8566]: pam_unix(cron:session): session closed for user root
Jun 24 00:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: Invalid user monitor from 141.98.83.240
Jun 24 00:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: input_userauth_request: invalid user monitor [preauth]
Jun 24 00:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9815]: Successful su for rubyman by root
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9815]: + ??? root:rubyman
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580520 of user rubyman.
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9815]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580520.
Jun 24 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: Failed password for invalid user monitor from 141.98.83.240 port 64100 ssh2
Jun 24 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: Failed password for invalid user monitor from 141.98.83.240 port 64100 ssh2
Jun 24 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7248]: pam_unix(cron:session): session closed for user root
Jun 24 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9752]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Failed password for root from 103.122.221.179 port 54744 ssh2
Jun 24 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Connection closed by 103.122.221.179 port 54744 [preauth]
Jun 24 00:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: Failed password for invalid user monitor from 141.98.83.240 port 64100 ssh2
Jun 24 00:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: Connection closed by 141.98.83.240 port 64100 [preauth]
Jun 24 00:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9738]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8961]: pam_unix(cron:session): session closed for user root
Jun 24 00:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10399]: Invalid user deploy from 69.74.29.21
Jun 24 00:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10399]: input_userauth_request: invalid user deploy [preauth]
Jun 24 00:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10399]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 00:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107  user=root
Jun 24 00:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10399]: Failed password for invalid user deploy from 69.74.29.21 port 34726 ssh2
Jun 24 00:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10399]: Received disconnect from 69.74.29.21 port 34726:11: Bye Bye [preauth]
Jun 24 00:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10399]: Disconnected from 69.74.29.21 port 34726 [preauth]
Jun 24 00:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: Failed password for root from 182.13.96.107 port 48404 ssh2
Jun 24 00:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: Received disconnect from 182.13.96.107 port 48404:11: Bye Bye [preauth]
Jun 24 00:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: Disconnected from 182.13.96.107 port 48404 [preauth]
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10427]: pam_unix(cron:session): session closed for user root
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10494]: Successful su for rubyman by root
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10494]: + ??? root:rubyman
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580526 of user rubyman.
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10494]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580526.
Jun 24 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10424]: pam_unix(cron:session): session closed for user root
Jun 24 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7746]: pam_unix(cron:session): session closed for user root
Jun 24 00:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9353]: pam_unix(cron:session): session closed for user root
Jun 24 00:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 00:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Failed password for root from 87.251.79.125 port 48588 ssh2
Jun 24 00:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Connection closed by 87.251.79.125 port 48588 [preauth]
Jun 24 00:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10875]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10945]: Successful su for rubyman by root
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10945]: + ??? root:rubyman
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580530 of user rubyman.
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10945]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580530.
Jun 24 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Invalid user philadelphia from 183.83.197.226
Jun 24 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: input_userauth_request: invalid user philadelphia [preauth]
Jun 24 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Failed password for invalid user philadelphia from 183.83.197.226 port 60696 ssh2
Jun 24 00:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Received disconnect from 183.83.197.226 port 60696:11: Bye Bye [preauth]
Jun 24 00:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Disconnected from 183.83.197.226 port 60696 [preauth]
Jun 24 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8124]: pam_unix(cron:session): session closed for user root
Jun 24 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10876]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9754]: pam_unix(cron:session): session closed for user root
Jun 24 00:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: Invalid user staging from 69.74.29.21
Jun 24 00:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: input_userauth_request: invalid user staging [preauth]
Jun 24 00:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 00:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: Failed password for invalid user staging from 69.74.29.21 port 56409 ssh2
Jun 24 00:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: Received disconnect from 69.74.29.21 port 56409:11: Bye Bye [preauth]
Jun 24 00:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: Disconnected from 69.74.29.21 port 56409 [preauth]
Jun 24 00:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: Did not receive identification string from 91.92.40.46
Jun 24 00:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11308]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Invalid user cam3 from 186.251.71.202
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: input_userauth_request: invalid user cam3 [preauth]
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11369]: Successful su for rubyman by root
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11369]: + ??? root:rubyman
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580534 of user rubyman.
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11369]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580534.
Jun 24 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Failed password for invalid user cam3 from 186.251.71.202 port 41265 ssh2
Jun 24 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Received disconnect from 186.251.71.202 port 41265:11: Bye Bye [preauth]
Jun 24 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Disconnected from 186.251.71.202 port 41265 [preauth]
Jun 24 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8565]: pam_unix(cron:session): session closed for user root
Jun 24 00:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107  user=root
Jun 24 00:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11576]: Failed password for root from 182.13.96.107 port 49908 ssh2
Jun 24 00:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11576]: Received disconnect from 182.13.96.107 port 49908:11: Bye Bye [preauth]
Jun 24 00:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11576]: Disconnected from 182.13.96.107 port 49908 [preauth]
Jun 24 00:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11590]: Failed password for root from 91.92.40.46 port 13730 ssh2
Jun 24 00:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11590]: Connection closed by 91.92.40.46 port 13730 [preauth]
Jun 24 00:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 00:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Failed password for root from 147.45.199.80 port 41782 ssh2
Jun 24 00:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Connection closed by 147.45.199.80 port 41782 [preauth]
Jun 24 00:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session closed for user root
Jun 24 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11721]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: Successful su for rubyman by root
Jun 24 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: + ??? root:rubyman
Jun 24 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580538 of user rubyman.
Jun 24 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580538.
Jun 24 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8960]: pam_unix(cron:session): session closed for user root
Jun 24 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11722]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Invalid user newuser1 from 69.74.29.21
Jun 24 00:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: input_userauth_request: invalid user newuser1 [preauth]
Jun 24 00:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 00:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Failed password for invalid user newuser1 from 69.74.29.21 port 4913 ssh2
Jun 24 00:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Received disconnect from 69.74.29.21 port 4913:11: Bye Bye [preauth]
Jun 24 00:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Disconnected from 69.74.29.21 port 4913 [preauth]
Jun 24 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10878]: pam_unix(cron:session): session closed for user root
Jun 24 00:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Invalid user mpr from 183.83.197.226
Jun 24 00:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: input_userauth_request: invalid user mpr [preauth]
Jun 24 00:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Failed password for invalid user mpr from 183.83.197.226 port 44684 ssh2
Jun 24 00:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Received disconnect from 183.83.197.226 port 44684:11: Bye Bye [preauth]
Jun 24 00:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Disconnected from 183.83.197.226 port 44684 [preauth]
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12420]: Successful su for rubyman by root
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12420]: + ??? root:rubyman
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580543 of user rubyman.
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12420]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580543.
Jun 24 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session closed for user root
Jun 24 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session closed for user root
Jun 24 00:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Failed password for root from 91.92.40.46 port 14430 ssh2
Jun 24 00:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Connection closed by 91.92.40.46 port 14430 [preauth]
Jun 24 00:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107  user=root
Jun 24 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session closed for user root
Jun 24 00:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: Failed password for root from 182.13.96.107 port 36642 ssh2
Jun 24 00:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: Received disconnect from 182.13.96.107 port 36642:11: Bye Bye [preauth]
Jun 24 00:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: Disconnected from 182.13.96.107 port 36642 [preauth]
Jun 24 00:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Failed password for root from 91.92.40.46 port 14432 ssh2
Jun 24 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Invalid user admin from 91.92.40.46
Jun 24 00:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: input_userauth_request: invalid user admin [preauth]
Jun 24 00:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Connection closed by 91.92.40.46 port 14432 [preauth]
Jun 24 00:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Failed password for invalid user admin from 91.92.40.46 port 51074 ssh2
Jun 24 00:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Invalid user user from 91.92.40.46
Jun 24 00:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: input_userauth_request: invalid user user [preauth]
Jun 24 00:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Connection closed by 91.92.40.46 port 51074 [preauth]
Jun 24 00:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Failed password for invalid user user from 91.92.40.46 port 51112 ssh2
Jun 24 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Invalid user myuser from 91.92.40.46
Jun 24 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: input_userauth_request: invalid user myuser [preauth]
Jun 24 00:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12819]: pam_unix(cron:session): session closed for user root
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Connection closed by 91.92.40.46 port 51112 [preauth]
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12814]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12898]: Successful su for rubyman by root
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12898]: + ??? root:rubyman
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580550 of user rubyman.
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12898]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580550.
Jun 24 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12816]: pam_unix(cron:session): session closed for user root
Jun 24 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9753]: pam_unix(cron:session): session closed for user root
Jun 24 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Failed password for invalid user myuser from 91.92.40.46 port 57934 ssh2
Jun 24 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12815]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Invalid user centreon from 91.92.40.46
Jun 24 00:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: input_userauth_request: invalid user centreon [preauth]
Jun 24 00:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Connection closed by 91.92.40.46 port 57934 [preauth]
Jun 24 00:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Failed password for invalid user centreon from 91.92.40.46 port 40710 ssh2
Jun 24 00:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Connection closed by 91.92.40.46 port 40710 [preauth]
Jun 24 00:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Invalid user trade from 91.92.40.46
Jun 24 00:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: input_userauth_request: invalid user trade [preauth]
Jun 24 00:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Failed password for root from 91.92.40.46 port 40738 ssh2
Jun 24 00:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Connection closed by 91.92.40.46 port 40738 [preauth]
Jun 24 00:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Failed password for invalid user trade from 91.92.40.46 port 28398 ssh2
Jun 24 00:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: Invalid user arm from 91.92.40.46
Jun 24 00:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: input_userauth_request: invalid user arm [preauth]
Jun 24 00:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Connection closed by 91.92.40.46 port 28398 [preauth]
Jun 24 00:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 00:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Invalid user testuser from 91.92.40.46
Jun 24 00:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: input_userauth_request: invalid user testuser [preauth]
Jun 24 00:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: Failed password for invalid user arm from 91.92.40.46 port 28432 ssh2
Jun 24 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Invalid user longisland from 186.251.71.202
Jun 24 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: input_userauth_request: invalid user longisland [preauth]
Jun 24 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11724]: pam_unix(cron:session): session closed for user root
Jun 24 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for root from 69.74.29.21 port 53182 ssh2
Jun 24 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Received disconnect from 69.74.29.21 port 53182:11: Bye Bye [preauth]
Jun 24 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Disconnected from 69.74.29.21 port 53182 [preauth]
Jun 24 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Failed password for invalid user longisland from 186.251.71.202 port 59591 ssh2
Jun 24 00:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Received disconnect from 186.251.71.202 port 59591:11: Bye Bye [preauth]
Jun 24 00:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Disconnected from 186.251.71.202 port 59591 [preauth]
Jun 24 00:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: Connection closed by 91.92.40.46 port 28432 [preauth]
Jun 24 00:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Failed password for invalid user testuser from 91.92.40.46 port 53608 ssh2
Jun 24 00:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Failed password for root from 91.92.40.46 port 53640 ssh2
Jun 24 00:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Connection closed by 91.92.40.46 port 53608 [preauth]
Jun 24 00:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: Invalid user postgres from 91.92.40.46
Jun 24 00:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: input_userauth_request: invalid user postgres [preauth]
Jun 24 00:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Connection closed by 91.92.40.46 port 53640 [preauth]
Jun 24 00:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Failed password for root from 91.92.40.46 port 29490 ssh2
Jun 24 00:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13224]: Invalid user adminuser from 91.92.40.46
Jun 24 00:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13224]: input_userauth_request: invalid user adminuser [preauth]
Jun 24 00:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Connection closed by 91.92.40.46 port 29490 [preauth]
Jun 24 00:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: Failed password for invalid user postgres from 91.92.40.46 port 50574 ssh2
Jun 24 00:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Invalid user main from 91.92.40.46
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: input_userauth_request: invalid user main [preauth]
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13224]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13294]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13361]: Successful su for rubyman by root
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13361]: + ??? root:rubyman
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580553 of user rubyman.
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13361]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580553.
Jun 24 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: Connection closed by 91.92.40.46 port 50574 [preauth]
Jun 24 00:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13224]: Failed password for invalid user adminuser from 91.92.40.46 port 50604 ssh2
Jun 24 00:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session closed for user root
Jun 24 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13296]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13261]: Invalid user qwer from 91.92.40.46
Jun 24 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13261]: input_userauth_request: invalid user qwer [preauth]
Jun 24 00:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Failed password for invalid user main from 91.92.40.46 port 31062 ssh2
Jun 24 00:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13224]: Connection closed by 91.92.40.46 port 50604 [preauth]
Jun 24 00:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13261]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: Invalid user aiuser from 91.92.40.46
Jun 24 00:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: input_userauth_request: invalid user aiuser [preauth]
Jun 24 00:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Connection closed by 91.92.40.46 port 31062 [preauth]
Jun 24 00:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13261]: Failed password for invalid user qwer from 91.92.40.46 port 31102 ssh2
Jun 24 00:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13283]: Invalid user node from 91.92.40.46
Jun 24 00:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13283]: input_userauth_request: invalid user node [preauth]
Jun 24 00:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13261]: Connection closed by 91.92.40.46 port 31102 [preauth]
Jun 24 00:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: Failed password for invalid user aiuser from 91.92.40.46 port 55326 ssh2
Jun 24 00:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Invalid user mechatronics from 183.83.197.226
Jun 24 00:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: input_userauth_request: invalid user mechatronics [preauth]
Jun 24 00:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13283]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: Connection closed by 91.92.40.46 port 55326 [preauth]
Jun 24 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Failed password for invalid user mechatronics from 183.83.197.226 port 37320 ssh2
Jun 24 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13283]: Failed password for invalid user node from 91.92.40.46 port 46488 ssh2
Jun 24 00:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Received disconnect from 183.83.197.226 port 37320:11: Bye Bye [preauth]
Jun 24 00:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Disconnected from 183.83.197.226 port 37320 [preauth]
Jun 24 00:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12180]: pam_unix(cron:session): session closed for user root
Jun 24 00:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13283]: Connection closed by 91.92.40.46 port 46488 [preauth]
Jun 24 00:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: Failed password for root from 91.92.40.46 port 46502 ssh2
Jun 24 00:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: Invalid user test from 91.92.40.46
Jun 24 00:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: input_userauth_request: invalid user test [preauth]
Jun 24 00:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Failed password for root from 91.92.40.46 port 37716 ssh2
Jun 24 00:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13469]: Connection closed by 91.92.40.46 port 46502 [preauth]
Jun 24 00:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Invalid user nominatim from 91.92.40.46
Jun 24 00:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: input_userauth_request: invalid user nominatim [preauth]
Jun 24 00:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: Failed password for invalid user test from 91.92.40.46 port 37726 ssh2
Jun 24 00:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Connection closed by 91.92.40.46 port 37716 [preauth]
Jun 24 00:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Invalid user demo from 91.92.40.46
Jun 24 00:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: input_userauth_request: invalid user demo [preauth]
Jun 24 00:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13571]: Connection closed by 91.92.40.46 port 37726 [preauth]
Jun 24 00:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Failed password for invalid user nominatim from 91.92.40.46 port 45734 ssh2
Jun 24 00:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: Invalid user k8s from 182.13.96.107
Jun 24 00:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: input_userauth_request: invalid user k8s [preauth]
Jun 24 00:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 00:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: Failed password for invalid user k8s from 182.13.96.107 port 60518 ssh2
Jun 24 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: Received disconnect from 182.13.96.107 port 60518:11: Bye Bye [preauth]
Jun 24 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: Disconnected from 182.13.96.107 port 60518 [preauth]
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Failed password for invalid user demo from 91.92.40.46 port 45764 ssh2
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13718]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13789]: Successful su for rubyman by root
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13789]: + ??? root:rubyman
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580558 of user rubyman.
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13789]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580558.
Jun 24 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Connection closed by 91.92.40.46 port 45734 [preauth]
Jun 24 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Invalid user user from 91.92.40.46
Jun 24 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: input_userauth_request: invalid user user [preauth]
Jun 24 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10877]: pam_unix(cron:session): session closed for user root
Jun 24 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13719]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: Failed password for root from 91.92.40.46 port 10930 ssh2
Jun 24 00:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Connection closed by 91.92.40.46 port 45764 [preauth]
Jun 24 00:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13991]: Received disconnect from 121.78.125.123 port 33354:11: disconnected by user [preauth]
Jun 24 00:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13991]: Disconnected from 121.78.125.123 port 33354 [preauth]
Jun 24 00:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Failed password for invalid user user from 91.92.40.46 port 12014 ssh2
Jun 24 00:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: Connection closed by 91.92.40.46 port 10930 [preauth]
Jun 24 00:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: Invalid user bot from 91.92.40.46
Jun 24 00:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: input_userauth_request: invalid user bot [preauth]
Jun 24 00:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Connection closed by 91.92.40.46 port 12014 [preauth]
Jun 24 00:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: Failed password for root from 91.92.40.46 port 12056 ssh2
Jun 24 00:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Invalid user rock from 91.92.40.46
Jun 24 00:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: input_userauth_request: invalid user rock [preauth]
Jun 24 00:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: Failed password for invalid user bot from 91.92.40.46 port 35050 ssh2
Jun 24 00:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: Connection closed by 91.92.40.46 port 12056 [preauth]
Jun 24 00:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Invalid user fa from 91.92.40.46
Jun 24 00:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: input_userauth_request: invalid user fa [preauth]
Jun 24 00:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Failed password for invalid user rock from 91.92.40.46 port 35078 ssh2
Jun 24 00:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: Connection closed by 91.92.40.46 port 35050 [preauth]
Jun 24 00:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12818]: pam_unix(cron:session): session closed for user root
Jun 24 00:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Invalid user scanner from 91.92.40.46
Jun 24 00:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: input_userauth_request: invalid user scanner [preauth]
Jun 24 00:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Connection closed by 91.92.40.46 port 35078 [preauth]
Jun 24 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: Invalid user autologin from 69.74.29.21
Jun 24 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: input_userauth_request: invalid user autologin [preauth]
Jun 24 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 00:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Failed password for invalid user fa from 91.92.40.46 port 42664 ssh2
Jun 24 00:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: Invalid user app from 91.92.40.46
Jun 24 00:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: input_userauth_request: invalid user app [preauth]
Jun 24 00:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: Failed password for invalid user autologin from 69.74.29.21 port 41489 ssh2
Jun 24 00:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: Received disconnect from 69.74.29.21 port 41489:11: Bye Bye [preauth]
Jun 24 00:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: Disconnected from 69.74.29.21 port 41489 [preauth]
Jun 24 00:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Failed password for invalid user scanner from 91.92.40.46 port 39860 ssh2
Jun 24 00:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Connection closed by 91.92.40.46 port 42664 [preauth]
Jun 24 00:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Invalid user bot from 91.92.40.46
Jun 24 00:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: input_userauth_request: invalid user bot [preauth]
Jun 24 00:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: Failed password for invalid user app from 91.92.40.46 port 39890 ssh2
Jun 24 00:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Connection closed by 91.92.40.46 port 39860 [preauth]
Jun 24 00:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: Connection closed by 91.92.40.46 port 39890 [preauth]
Jun 24 00:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14050]: Invalid user headscale from 91.92.40.46
Jun 24 00:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14050]: input_userauth_request: invalid user headscale [preauth]
Jun 24 00:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Failed password for invalid user bot from 91.92.40.46 port 34192 ssh2
Jun 24 00:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14050]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Connection closed by 91.92.40.46 port 34192 [preauth]
Jun 24 00:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14050]: Failed password for invalid user headscale from 91.92.40.46 port 52004 ssh2
Jun 24 00:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: Invalid user rosa from 91.92.40.46
Jun 24 00:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: input_userauth_request: invalid user rosa [preauth]
Jun 24 00:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14050]: Connection closed by 91.92.40.46 port 52004 [preauth]
Jun 24 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14145]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14214]: Successful su for rubyman by root
Jun 24 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14214]: + ??? root:rubyman
Jun 24 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580562 of user rubyman.
Jun 24 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14214]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580562.
Jun 24 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14113]: Invalid user repo from 91.92.40.46
Jun 24 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14113]: input_userauth_request: invalid user repo [preauth]
Jun 24 00:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session closed for user root
Jun 24 00:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: Failed password for invalid user rosa from 91.92.40.46 port 22764 ssh2
Jun 24 00:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14146]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14113]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: Connection closed by 91.92.40.46 port 22764 [preauth]
Jun 24 00:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14113]: Failed password for invalid user repo from 91.92.40.46 port 22782 ssh2
Jun 24 00:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Invalid user kafka from 91.92.40.46
Jun 24 00:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: input_userauth_request: invalid user kafka [preauth]
Jun 24 00:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14113]: Connection closed by 91.92.40.46 port 22782 [preauth]
Jun 24 00:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: Failed password for root from 91.92.40.46 port 43334 ssh2
Jun 24 00:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Invalid user a from 91.92.40.46
Jun 24 00:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: input_userauth_request: invalid user a [preauth]
Jun 24 00:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: Connection closed by 91.92.40.46 port 43334 [preauth]
Jun 24 00:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Failed password for invalid user kafka from 91.92.40.46 port 43364 ssh2
Jun 24 00:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Failed password for invalid user a from 91.92.40.46 port 49204 ssh2
Jun 24 00:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Connection closed by 91.92.40.46 port 43364 [preauth]
Jun 24 00:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Invalid user openclaw from 91.92.40.46
Jun 24 00:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 00:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Connection closed by 91.92.40.46 port 49204 [preauth]
Jun 24 00:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Failed password for invalid user openclaw from 91.92.40.46 port 37428 ssh2
Jun 24 00:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Invalid user erpnext from 91.92.40.46
Jun 24 00:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: input_userauth_request: invalid user erpnext [preauth]
Jun 24 00:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14392]: Connection closed by 91.92.40.46 port 37428 [preauth]
Jun 24 00:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Failed password for invalid user erpnext from 91.92.40.46 port 21422 ssh2
Jun 24 00:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Invalid user sasha from 91.92.40.46
Jun 24 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: input_userauth_request: invalid user sasha [preauth]
Jun 24 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13299]: pam_unix(cron:session): session closed for user root
Jun 24 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Connection closed by 91.92.40.46 port 21422 [preauth]
Jun 24 00:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Failed password for invalid user sasha from 91.92.40.46 port 21458 ssh2
Jun 24 00:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Connection closed by 91.92.40.46 port 21458 [preauth]
Jun 24 00:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: Invalid user admin from 91.92.40.46
Jun 24 00:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: input_userauth_request: invalid user admin [preauth]
Jun 24 00:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: Failed password for invalid user admin from 91.92.40.46 port 42242 ssh2
Jun 24 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: Connection closed by 91.92.40.46 port 42242 [preauth]
Jun 24 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: Invalid user amit from 91.92.40.46
Jun 24 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: input_userauth_request: invalid user amit [preauth]
Jun 24 00:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: Failed password for invalid user amit from 91.92.40.46 port 42294 ssh2
Jun 24 00:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: Connection closed by 91.92.40.46 port 42294 [preauth]
Jun 24 00:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: Invalid user sahil from 91.92.40.46
Jun 24 00:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: input_userauth_request: invalid user sahil [preauth]
Jun 24 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: Failed password for invalid user sahil from 91.92.40.46 port 46064 ssh2
Jun 24 00:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: Connection closed by 91.92.40.46 port 46064 [preauth]
Jun 24 00:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: Invalid user david from 91.92.40.46
Jun 24 00:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: input_userauth_request: invalid user david [preauth]
Jun 24 00:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14555]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14623]: Successful su for rubyman by root
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14623]: + ??? root:rubyman
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580565 of user rubyman.
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14623]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580565.
Jun 24 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: Failed password for invalid user david from 91.92.40.46 port 49678 ssh2
Jun 24 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Invalid user globe from 186.251.71.202
Jun 24 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: input_userauth_request: invalid user globe [preauth]
Jun 24 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: Invalid user user3 from 91.92.40.46
Jun 24 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: input_userauth_request: invalid user user3 [preauth]
Jun 24 00:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 00:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: Connection closed by 91.92.40.46 port 49678 [preauth]
Jun 24 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Failed password for invalid user globe from 186.251.71.202 port 49689 ssh2
Jun 24 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Received disconnect from 186.251.71.202 port 49689:11: Bye Bye [preauth]
Jun 24 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Disconnected from 186.251.71.202 port 49689 [preauth]
Jun 24 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11723]: pam_unix(cron:session): session closed for user root
Jun 24 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: Failed password for root from 103.15.222.183 port 47792 ssh2
Jun 24 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: Connection closed by 103.15.222.183 port 47792 [preauth]
Jun 24 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14556]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: Failed password for invalid user user3 from 91.92.40.46 port 49714 ssh2
Jun 24 00:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14895]: Invalid user pregnant from 183.83.197.226
Jun 24 00:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14895]: input_userauth_request: invalid user pregnant [preauth]
Jun 24 00:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14895]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: Connection closed by 91.92.40.46 port 49714 [preauth]
Jun 24 00:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14895]: Failed password for invalid user pregnant from 183.83.197.226 port 52304 ssh2
Jun 24 00:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14895]: Received disconnect from 183.83.197.226 port 52304:11: Bye Bye [preauth]
Jun 24 00:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14895]: Disconnected from 183.83.197.226 port 52304 [preauth]
Jun 24 00:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107  user=root
Jun 24 00:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Failed password for root from 91.92.40.46 port 64454 ssh2
Jun 24 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: Failed password for root from 182.13.96.107 port 54440 ssh2
Jun 24 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: Received disconnect from 182.13.96.107 port 54440:11: Bye Bye [preauth]
Jun 24 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: Disconnected from 182.13.96.107 port 54440 [preauth]
Jun 24 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 00:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Connection closed by 91.92.40.46 port 64454 [preauth]
Jun 24 00:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: Failed password for root from 77.94.47.83 port 46924 ssh2
Jun 24 00:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: Connection closed by 77.94.47.83 port 46924 [preauth]
Jun 24 00:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Failed password for root from 91.92.40.46 port 43500 ssh2
Jun 24 00:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: Invalid user security from 91.92.40.46
Jun 24 00:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: input_userauth_request: invalid user security [preauth]
Jun 24 00:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Connection closed by 91.92.40.46 port 43500 [preauth]
Jun 24 00:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: Failed password for invalid user security from 91.92.40.46 port 43508 ssh2
Jun 24 00:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: Connection closed by 91.92.40.46 port 43508 [preauth]
Jun 24 00:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: Failed password for root from 91.92.40.46 port 53166 ssh2
Jun 24 00:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: Connection closed by 91.92.40.46 port 53166 [preauth]
Jun 24 00:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: Invalid user share from 91.92.40.46
Jun 24 00:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: input_userauth_request: invalid user share [preauth]
Jun 24 00:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session closed for user root
Jun 24 00:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: Failed password for invalid user share from 91.92.40.46 port 53206 ssh2
Jun 24 00:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: Connection closed by 91.92.40.46 port 53206 [preauth]
Jun 24 00:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: Invalid user jessica from 69.74.29.21
Jun 24 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: input_userauth_request: invalid user jessica [preauth]
Jun 24 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: Failed password for invalid user jessica from 69.74.29.21 port 47017 ssh2
Jun 24 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: Received disconnect from 69.74.29.21 port 47017:11: Bye Bye [preauth]
Jun 24 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15005]: Disconnected from 69.74.29.21 port 47017 [preauth]
Jun 24 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: Failed password for root from 91.92.40.46 port 59970 ssh2
Jun 24 00:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: Connection closed by 91.92.40.46 port 59970 [preauth]
Jun 24 00:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Failed password for root from 91.92.40.46 port 39808 ssh2
Jun 24 00:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Connection closed by 91.92.40.46 port 39808 [preauth]
Jun 24 00:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: Invalid user user from 91.92.40.46
Jun 24 00:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: input_userauth_request: invalid user user [preauth]
Jun 24 00:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: Failed password for invalid user user from 91.92.40.46 port 39826 ssh2
Jun 24 00:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: Connection closed by 91.92.40.46 port 39826 [preauth]
Jun 24 00:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: Invalid user admin from 91.92.40.46
Jun 24 00:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: input_userauth_request: invalid user admin [preauth]
Jun 24 00:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: Failed password for invalid user admin from 91.92.40.46 port 30894 ssh2
Jun 24 00:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: Connection closed by 91.92.40.46 port 30894 [preauth]
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session closed for user root
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: Invalid user test from 91.92.40.46
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: input_userauth_request: invalid user test [preauth]
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15146]: Successful su for rubyman by root
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15146]: + ??? root:rubyman
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580573 of user rubyman.
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15146]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580573.
Jun 24 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session closed for user root
Jun 24 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12175]: pam_unix(cron:session): session closed for user root
Jun 24 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: Failed password for invalid user test from 91.92.40.46 port 30954 ssh2
Jun 24 00:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: Connection closed by 91.92.40.46 port 30954 [preauth]
Jun 24 00:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Invalid user osm from 91.92.40.46
Jun 24 00:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: input_userauth_request: invalid user osm [preauth]
Jun 24 00:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Failed password for invalid user osm from 91.92.40.46 port 14668 ssh2
Jun 24 00:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Connection closed by 91.92.40.46 port 14668 [preauth]
Jun 24 00:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: Failed password for root from 91.92.40.46 port 13308 ssh2
Jun 24 00:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: Connection closed by 91.92.40.46 port 13308 [preauth]
Jun 24 00:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Invalid user dany from 91.92.40.46
Jun 24 00:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: input_userauth_request: invalid user dany [preauth]
Jun 24 00:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Failed password for invalid user dany from 91.92.40.46 port 13376 ssh2
Jun 24 00:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Connection closed by 91.92.40.46 port 13376 [preauth]
Jun 24 00:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Invalid user bot from 91.92.40.46
Jun 24 00:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: input_userauth_request: invalid user bot [preauth]
Jun 24 00:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Failed password for invalid user bot from 91.92.40.46 port 22578 ssh2
Jun 24 00:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Connection closed by 91.92.40.46 port 22578 [preauth]
Jun 24 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session closed for user root
Jun 24 00:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Failed password for root from 91.92.40.46 port 22612 ssh2
Jun 24 00:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Connection closed by 91.92.40.46 port 22612 [preauth]
Jun 24 00:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Failed password for root from 91.92.40.46 port 57242 ssh2
Jun 24 00:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Connection closed by 91.92.40.46 port 57242 [preauth]
Jun 24 00:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Failed password for root from 91.92.40.46 port 57284 ssh2
Jun 24 00:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Connection closed by 91.92.40.46 port 57284 [preauth]
Jun 24 00:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: Invalid user d from 91.92.40.46
Jun 24 00:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: input_userauth_request: invalid user d [preauth]
Jun 24 00:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: Failed password for invalid user d from 91.92.40.46 port 24866 ssh2
Jun 24 00:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: Connection closed by 91.92.40.46 port 24866 [preauth]
Jun 24 00:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Failed password for root from 91.92.40.46 port 19198 ssh2
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15515]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15580]: Successful su for rubyman by root
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15580]: + ??? root:rubyman
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580576 of user rubyman.
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15580]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580576.
Jun 24 00:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Invalid user azureuser from 91.92.40.46
Jun 24 00:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: input_userauth_request: invalid user azureuser [preauth]
Jun 24 00:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Connection closed by 91.92.40.46 port 19198 [preauth]
Jun 24 00:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12817]: pam_unix(cron:session): session closed for user root
Jun 24 00:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15516]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Failed password for invalid user azureuser from 91.92.40.46 port 19214 ssh2
Jun 24 00:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Invalid user dev from 91.92.40.46
Jun 24 00:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: input_userauth_request: invalid user dev [preauth]
Jun 24 00:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Connection closed by 91.92.40.46 port 19214 [preauth]
Jun 24 00:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Failed password for invalid user dev from 91.92.40.46 port 35650 ssh2
Jun 24 00:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Connection closed by 91.92.40.46 port 35650 [preauth]
Jun 24 00:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15719]: Failed password for root from 91.92.40.46 port 35690 ssh2
Jun 24 00:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15719]: Connection closed by 91.92.40.46 port 35690 [preauth]
Jun 24 00:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Invalid user user123 from 182.13.96.107
Jun 24 00:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: input_userauth_request: invalid user user123 [preauth]
Jun 24 00:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 00:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: Failed password for root from 91.92.40.46 port 48142 ssh2
Jun 24 00:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Invalid user admin123 from 91.92.40.46
Jun 24 00:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: input_userauth_request: invalid user admin123 [preauth]
Jun 24 00:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Failed password for invalid user user123 from 182.13.96.107 port 37340 ssh2
Jun 24 00:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Received disconnect from 182.13.96.107 port 37340:11: Bye Bye [preauth]
Jun 24 00:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Disconnected from 182.13.96.107 port 37340 [preauth]
Jun 24 00:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: Connection closed by 91.92.40.46 port 48142 [preauth]
Jun 24 00:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14559]: pam_unix(cron:session): session closed for user root
Jun 24 00:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: Invalid user ubuntu from 91.92.40.46
Jun 24 00:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 00:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Failed password for invalid user admin123 from 91.92.40.46 port 48166 ssh2
Jun 24 00:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Connection closed by 91.92.40.46 port 48166 [preauth]
Jun 24 00:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Invalid user pruebas from 91.92.40.46
Jun 24 00:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: input_userauth_request: invalid user pruebas [preauth]
Jun 24 00:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: Failed password for invalid user ubuntu from 91.92.40.46 port 26474 ssh2
Jun 24 00:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: Connection closed by 91.92.40.46 port 26474 [preauth]
Jun 24 00:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: Invalid user pvx from 69.74.29.21
Jun 24 00:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: input_userauth_request: invalid user pvx [preauth]
Jun 24 00:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 00:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: Invalid user pi from 91.92.40.46
Jun 24 00:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: input_userauth_request: invalid user pi [preauth]
Jun 24 00:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Failed password for invalid user pruebas from 91.92.40.46 port 26526 ssh2
Jun 24 00:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: Failed password for invalid user pvx from 69.74.29.21 port 50971 ssh2
Jun 24 00:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: Received disconnect from 69.74.29.21 port 50971:11: Bye Bye [preauth]
Jun 24 00:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15901]: Disconnected from 69.74.29.21 port 50971 [preauth]
Jun 24 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Connection closed by 91.92.40.46 port 26526 [preauth]
Jun 24 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Invalid user concorde from 183.83.197.226
Jun 24 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: input_userauth_request: invalid user concorde [preauth]
Jun 24 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Invalid user test from 91.92.40.46
Jun 24 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: input_userauth_request: invalid user test [preauth]
Jun 24 00:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: Failed password for invalid user pi from 91.92.40.46 port 54670 ssh2
Jun 24 00:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Failed password for invalid user concorde from 183.83.197.226 port 40654 ssh2
Jun 24 00:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Received disconnect from 183.83.197.226 port 40654:11: Bye Bye [preauth]
Jun 24 00:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Disconnected from 183.83.197.226 port 40654 [preauth]
Jun 24 00:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: Connection closed by 91.92.40.46 port 54670 [preauth]
Jun 24 00:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Invalid user testuser from 91.92.40.46
Jun 24 00:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: input_userauth_request: invalid user testuser [preauth]
Jun 24 00:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Failed password for invalid user test from 91.92.40.46 port 54684 ssh2
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15945]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: Successful su for rubyman by root
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: + ??? root:rubyman
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580579 of user rubyman.
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580579.
Jun 24 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13297]: pam_unix(cron:session): session closed for user root
Jun 24 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Connection closed by 91.92.40.46 port 54684 [preauth]
Jun 24 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: Invalid user dimdim from 186.251.71.202
Jun 24 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: input_userauth_request: invalid user dimdim [preauth]
Jun 24 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.71.202
Jun 24 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Failed password for invalid user testuser from 91.92.40.46 port 15076 ssh2
Jun 24 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Invalid user tom from 91.92.40.46
Jun 24 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: input_userauth_request: invalid user tom [preauth]
Jun 24 00:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: Failed password for invalid user dimdim from 186.251.71.202 port 39765 ssh2
Jun 24 00:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: Received disconnect from 186.251.71.202 port 39765:11: Bye Bye [preauth]
Jun 24 00:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: Disconnected from 186.251.71.202 port 39765 [preauth]
Jun 24 00:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Connection closed by 91.92.40.46 port 15076 [preauth]
Jun 24 00:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Failed password for invalid user tom from 91.92.40.46 port 15128 ssh2
Jun 24 00:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Invalid user gd from 91.92.40.46
Jun 24 00:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: input_userauth_request: invalid user gd [preauth]
Jun 24 00:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Connection closed by 91.92.40.46 port 15128 [preauth]
Jun 24 00:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: Failed password for root from 91.92.40.46 port 29884 ssh2
Jun 24 00:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Failed password for invalid user gd from 91.92.40.46 port 29908 ssh2
Jun 24 00:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Invalid user botuser from 91.92.40.46
Jun 24 00:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: input_userauth_request: invalid user botuser [preauth]
Jun 24 00:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: Connection closed by 91.92.40.46 port 29884 [preauth]
Jun 24 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Invalid user flow from 91.92.40.46
Jun 24 00:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: input_userauth_request: invalid user flow [preauth]
Jun 24 00:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Connection closed by 91.92.40.46 port 29908 [preauth]
Jun 24 00:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Failed password for invalid user botuser from 91.92.40.46 port 11468 ssh2
Jun 24 00:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: Invalid user ubuntu from 91.92.40.46
Jun 24 00:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 00:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15074]: pam_unix(cron:session): session closed for user root
Jun 24 00:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Failed password for invalid user flow from 91.92.40.46 port 11502 ssh2
Jun 24 00:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Connection closed by 91.92.40.46 port 11468 [preauth]
Jun 24 00:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Invalid user ubuntu from 91.92.40.46
Jun 24 00:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 00:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: Failed password for invalid user ubuntu from 91.92.40.46 port 13206 ssh2
Jun 24 00:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Connection closed by 91.92.40.46 port 11502 [preauth]
Jun 24 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: Connection closed by 91.92.40.46 port 13206 [preauth]
Jun 24 00:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: Invalid user green from 91.92.40.46
Jun 24 00:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: input_userauth_request: invalid user green [preauth]
Jun 24 00:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Failed password for invalid user ubuntu from 91.92.40.46 port 24286 ssh2
Jun 24 00:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: Failed password for invalid user green from 91.92.40.46 port 24332 ssh2
Jun 24 00:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Connection closed by 91.92.40.46 port 24286 [preauth]
Jun 24 00:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Invalid user deploy from 91.92.40.46
Jun 24 00:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: input_userauth_request: invalid user deploy [preauth]
Jun 24 00:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: Connection closed by 91.92.40.46 port 24332 [preauth]
Jun 24 00:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Failed password for invalid user deploy from 91.92.40.46 port 29676 ssh2
Jun 24 00:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Invalid user public from 91.92.40.46
Jun 24 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: input_userauth_request: invalid user public [preauth]
Jun 24 00:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16285]: Connection closed by 91.92.40.46 port 29676 [preauth]
Jun 24 00:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Failed password for invalid user public from 91.92.40.46 port 48062 ssh2
Jun 24 00:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Connection closed by 91.92.40.46 port 48062 [preauth]
Jun 24 00:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Invalid user admin from 91.92.40.46
Jun 24 00:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: input_userauth_request: invalid user admin [preauth]
Jun 24 00:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Failed password for invalid user admin from 91.92.40.46 port 55026 ssh2
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16407]: Successful su for rubyman by root
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16407]: + ??? root:rubyman
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580583 of user rubyman.
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16407]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580583.
Jun 24 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Connection closed by 91.92.40.46 port 55026 [preauth]
Jun 24 00:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13720]: pam_unix(cron:session): session closed for user root
Jun 24 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16348]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: Failed password for root from 91.92.40.46 port 53002 ssh2
Jun 24 00:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: Connection closed by 91.92.40.46 port 53002 [preauth]
Jun 24 00:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: Invalid user tony from 91.92.40.46
Jun 24 00:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: input_userauth_request: invalid user tony [preauth]
Jun 24 00:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: Failed password for invalid user tony from 91.92.40.46 port 53038 ssh2
Jun 24 00:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: Connection closed by 91.92.40.46 port 53038 [preauth]
Jun 24 00:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16597]: Failed password for root from 91.92.40.46 port 54620 ssh2
Jun 24 00:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: Invalid user yellow from 91.92.40.46
Jun 24 00:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: input_userauth_request: invalid user yellow [preauth]
Jun 24 00:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16597]: Connection closed by 91.92.40.46 port 54620 [preauth]
Jun 24 00:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: Failed password for invalid user yellow from 91.92.40.46 port 54648 ssh2
Jun 24 00:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Invalid user ftpuser from 91.92.40.46
Jun 24 00:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 00:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: Connection closed by 91.92.40.46 port 54648 [preauth]
Jun 24 00:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15518]: pam_unix(cron:session): session closed for user root
Jun 24 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Failed password for invalid user ftpuser from 91.92.40.46 port 59494 ssh2
Jun 24 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: Invalid user alex from 91.92.40.46
Jun 24 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: input_userauth_request: invalid user alex [preauth]
Jun 24 00:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Connection closed by 91.92.40.46 port 59494 [preauth]
Jun 24 00:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: Failed password for invalid user alex from 91.92.40.46 port 59512 ssh2
Jun 24 00:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Invalid user audi from 91.92.40.46
Jun 24 00:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: input_userauth_request: invalid user audi [preauth]
Jun 24 00:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: Connection closed by 91.92.40.46 port 59512 [preauth]
Jun 24 00:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107  user=root
Jun 24 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Failed password for invalid user audi from 91.92.40.46 port 10890 ssh2
Jun 24 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: Invalid user redmine from 91.92.40.46
Jun 24 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: input_userauth_request: invalid user redmine [preauth]
Jun 24 00:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Failed password for root from 182.13.96.107 port 44076 ssh2
Jun 24 00:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Connection closed by 91.92.40.46 port 10890 [preauth]
Jun 24 00:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Received disconnect from 182.13.96.107 port 44076:11: Bye Bye [preauth]
Jun 24 00:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Disconnected from 182.13.96.107 port 44076 [preauth]
Jun 24 00:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: Failed password for invalid user redmine from 91.92.40.46 port 10912 ssh2
Jun 24 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Invalid user kelvin from 91.92.40.46
Jun 24 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: input_userauth_request: invalid user kelvin [preauth]
Jun 24 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: Connection closed by 91.92.40.46 port 10912 [preauth]
Jun 24 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: Invalid user rami from 69.74.29.21
Jun 24 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: input_userauth_request: invalid user rami [preauth]
Jun 24 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 00:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: Failed password for invalid user rami from 69.74.29.21 port 48423 ssh2
Jun 24 00:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: Received disconnect from 69.74.29.21 port 48423:11: Bye Bye [preauth]
Jun 24 00:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: Disconnected from 69.74.29.21 port 48423 [preauth]
Jun 24 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Failed password for invalid user kelvin from 91.92.40.46 port 29200 ssh2
Jun 24 00:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: Invalid user ubuntu from 91.92.40.46
Jun 24 00:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 00:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Connection closed by 91.92.40.46 port 29200 [preauth]
Jun 24 00:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16769]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16835]: Successful su for rubyman by root
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16835]: + ??? root:rubyman
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580587 of user rubyman.
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16835]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580587.
Jun 24 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: Failed password for invalid user ubuntu from 91.92.40.46 port 21924 ssh2
Jun 24 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Failed password for root from 38.93.206.2 port 36942 ssh2
Jun 24 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Connection closed by 38.93.206.2 port 36942 [preauth]
Jun 24 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14147]: pam_unix(cron:session): session closed for user root
Jun 24 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Invalid user deployer from 91.92.40.46
Jun 24 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: input_userauth_request: invalid user deployer [preauth]
Jun 24 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: Connection closed by 91.92.40.46 port 21924 [preauth]
Jun 24 00:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16770]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 00:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Failed password for invalid user deployer from 91.92.40.46 port 21954 ssh2
Jun 24 00:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Failed password for root from 103.153.68.219 port 48568 ssh2
Jun 24 00:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Invalid user milad from 91.92.40.46
Jun 24 00:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: input_userauth_request: invalid user milad [preauth]
Jun 24 00:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Connection closed by 103.153.68.219 port 48568 [preauth]
Jun 24 00:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Connection closed by 91.92.40.46 port 21954 [preauth]
Jun 24 00:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Failed password for invalid user milad from 91.92.40.46 port 17780 ssh2
Jun 24 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Failed password for root from 91.92.40.46 port 17828 ssh2
Jun 24 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Connection closed by 91.92.40.46 port 17780 [preauth]
Jun 24 00:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Connection closed by 91.92.40.46 port 17828 [preauth]
Jun 24 00:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Invalid user webuser from 91.92.40.46
Jun 24 00:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: input_userauth_request: invalid user webuser [preauth]
Jun 24 00:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Failed password for invalid user webuser from 91.92.40.46 port 32028 ssh2
Jun 24 00:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Connection closed by 91.92.40.46 port 32028 [preauth]
Jun 24 00:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Invalid user elastic from 91.92.40.46
Jun 24 00:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: input_userauth_request: invalid user elastic [preauth]
Jun 24 00:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for invalid user elastic from 91.92.40.46 port 41012 ssh2
Jun 24 00:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Connection closed by 91.92.40.46 port 41012 [preauth]
Jun 24 00:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Invalid user web from 91.92.40.46
Jun 24 00:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: input_userauth_request: invalid user web [preauth]
Jun 24 00:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session closed for user root
Jun 24 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Failed password for invalid user web from 91.92.40.46 port 35316 ssh2
Jun 24 00:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Connection closed by 91.92.40.46 port 35316 [preauth]
Jun 24 00:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Invalid user olga from 91.92.40.46
Jun 24 00:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: input_userauth_request: invalid user olga [preauth]
Jun 24 00:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Invalid user mozart from 183.83.197.226
Jun 24 00:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: input_userauth_request: invalid user mozart [preauth]
Jun 24 00:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.197.226
Jun 24 00:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for invalid user olga from 91.92.40.46 port 35350 ssh2
Jun 24 00:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Connection closed by 91.92.40.46 port 35350 [preauth]
Jun 24 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: Invalid user ethan from 91.92.40.46
Jun 24 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: input_userauth_request: invalid user ethan [preauth]
Jun 24 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Failed password for invalid user mozart from 183.83.197.226 port 60970 ssh2
Jun 24 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Received disconnect from 183.83.197.226 port 60970:11: Bye Bye [preauth]
Jun 24 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Disconnected from 183.83.197.226 port 60970 [preauth]
Jun 24 00:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: Failed password for invalid user ethan from 91.92.40.46 port 36670 ssh2
Jun 24 00:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: Connection closed by 91.92.40.46 port 36670 [preauth]
Jun 24 00:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Invalid user steam from 91.92.40.46
Jun 24 00:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: input_userauth_request: invalid user steam [preauth]
Jun 24 00:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Failed password for invalid user steam from 91.92.40.46 port 36688 ssh2
Jun 24 00:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Connection closed by 91.92.40.46 port 36688 [preauth]
Jun 24 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17269]: Failed password for root from 91.92.40.46 port 31990 ssh2
Jun 24 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17269]: Connection closed by 91.92.40.46 port 31990 [preauth]
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user root
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17370]: Successful su for rubyman by root
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17370]: + ??? root:rubyman
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580593 of user rubyman.
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17370]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580593.
Jun 24 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Invalid user test from 91.92.40.46
Jun 24 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: input_userauth_request: invalid user test [preauth]
Jun 24 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user root
Jun 24 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14558]: pam_unix(cron:session): session closed for user root
Jun 24 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Failed password for invalid user test from 91.92.40.46 port 19994 ssh2
Jun 24 00:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Connection closed by 91.92.40.46 port 19994 [preauth]
Jun 24 00:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: Failed password for root from 103.149.28.157 port 53802 ssh2
Jun 24 00:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: Connection closed by 103.149.28.157 port 53802 [preauth]
Jun 24 00:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17528]: Invalid user rocky from 91.92.40.46
Jun 24 00:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17528]: input_userauth_request: invalid user rocky [preauth]
Jun 24 00:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17528]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17528]: Failed password for invalid user rocky from 91.92.40.46 port 20016 ssh2
Jun 24 00:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17528]: Connection closed by 91.92.40.46 port 20016 [preauth]
Jun 24 00:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Invalid user www from 91.92.40.46
Jun 24 00:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: input_userauth_request: invalid user www [preauth]
Jun 24 00:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Failed password for invalid user www from 91.92.40.46 port 16500 ssh2
Jun 24 00:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Connection closed by 91.92.40.46 port 16500 [preauth]
Jun 24 00:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Invalid user server from 91.92.40.46
Jun 24 00:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: input_userauth_request: invalid user server [preauth]
Jun 24 00:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Failed password for invalid user server from 91.92.40.46 port 16544 ssh2
Jun 24 00:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Connection closed by 91.92.40.46 port 16544 [preauth]
Jun 24 00:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17619]: Invalid user deploy from 91.92.40.46
Jun 24 00:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17619]: input_userauth_request: invalid user deploy [preauth]
Jun 24 00:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17619]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17619]: Failed password for invalid user deploy from 91.92.40.46 port 20114 ssh2
Jun 24 00:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16351]: pam_unix(cron:session): session closed for user root
Jun 24 00:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17619]: Connection closed by 91.92.40.46 port 20114 [preauth]
Jun 24 00:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: Invalid user ftptest from 91.92.40.46
Jun 24 00:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: input_userauth_request: invalid user ftptest [preauth]
Jun 24 00:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: Failed password for invalid user ftptest from 91.92.40.46 port 20140 ssh2
Jun 24 00:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: Connection closed by 91.92.40.46 port 20140 [preauth]
Jun 24 00:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17693]: Failed password for root from 91.92.40.46 port 42286 ssh2
Jun 24 00:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Invalid user ubuntu from 91.92.40.46
Jun 24 00:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 00:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17693]: Connection closed by 91.92.40.46 port 42286 [preauth]
Jun 24 00:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Failed password for invalid user ubuntu from 91.92.40.46 port 24368 ssh2
Jun 24 00:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Connection closed by 91.92.40.46 port 24368 [preauth]
Jun 24 00:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: Invalid user kim from 91.92.40.46
Jun 24 00:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: input_userauth_request: invalid user kim [preauth]
Jun 24 00:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: Failed password for invalid user kim from 91.92.40.46 port 24406 ssh2
Jun 24 00:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 00:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17807]: Connection closed by 91.92.40.46 port 24406 [preauth]
Jun 24 00:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17834]: Failed password for root from 69.74.29.21 port 57867 ssh2
Jun 24 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17834]: Received disconnect from 69.74.29.21 port 57867:11: Bye Bye [preauth]
Jun 24 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17834]: Disconnected from 69.74.29.21 port 57867 [preauth]
Jun 24 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: Invalid user git from 91.92.40.46
Jun 24 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: input_userauth_request: invalid user git [preauth]
Jun 24 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107  user=root
Jun 24 00:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Failed password for root from 182.13.96.107 port 44376 ssh2
Jun 24 00:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Received disconnect from 182.13.96.107 port 44376:11: Bye Bye [preauth]
Jun 24 00:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Disconnected from 182.13.96.107 port 44376 [preauth]
Jun 24 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17853]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: Failed password for invalid user git from 91.92.40.46 port 33188 ssh2
Jun 24 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: Successful su for rubyman by root
Jun 24 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: + ??? root:rubyman
Jun 24 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580598 of user rubyman.
Jun 24 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580598.
Jun 24 00:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: Connection closed by 91.92.40.46 port 33188 [preauth]
Jun 24 00:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15073]: pam_unix(cron:session): session closed for user root
Jun 24 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: Failed password for root from 91.92.40.46 port 33270 ssh2
Jun 24 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17856]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: Connection closed by 91.92.40.46 port 33270 [preauth]
Jun 24 00:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Invalid user gary from 91.92.40.46
Jun 24 00:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: input_userauth_request: invalid user gary [preauth]
Jun 24 00:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Failed password for invalid user gary from 91.92.40.46 port 35182 ssh2
Jun 24 00:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Connection closed by 91.92.40.46 port 35182 [preauth]
Jun 24 00:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: Invalid user monitor from 91.92.40.46
Jun 24 00:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: input_userauth_request: invalid user monitor [preauth]
Jun 24 00:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: Failed password for invalid user monitor from 91.92.40.46 port 63040 ssh2
Jun 24 00:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: Connection closed by 91.92.40.46 port 63040 [preauth]
Jun 24 00:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: Invalid user runner from 91.92.40.46
Jun 24 00:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: input_userauth_request: invalid user runner [preauth]
Jun 24 00:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: Failed password for invalid user runner from 91.92.40.46 port 63106 ssh2
Jun 24 00:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: Connection closed by 91.92.40.46 port 63106 [preauth]
Jun 24 00:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18169]: Failed password for root from 91.92.40.46 port 44696 ssh2
Jun 24 00:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18169]: Connection closed by 91.92.40.46 port 44696 [preauth]
Jun 24 00:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: Invalid user adam from 91.92.40.46
Jun 24 00:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: input_userauth_request: invalid user adam [preauth]
Jun 24 00:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16772]: pam_unix(cron:session): session closed for user root
Jun 24 00:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: Failed password for invalid user adam from 91.92.40.46 port 21670 ssh2
Jun 24 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: Connection closed by 91.92.40.46 port 21670 [preauth]
Jun 24 00:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Invalid user sss from 91.92.40.46
Jun 24 00:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: input_userauth_request: invalid user sss [preauth]
Jun 24 00:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 00:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Failed password for invalid user sss from 91.92.40.46 port 21688 ssh2
Jun 24 00:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Connection closed by 91.92.40.46 port 21688 [preauth]
Jun 24 00:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Failed password for root from 51.250.105.222 port 37978 ssh2
Jun 24 00:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Connection closed by 51.250.105.222 port 37978 [preauth]
Jun 24 00:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Invalid user sammy from 91.92.40.46
Jun 24 00:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: input_userauth_request: invalid user sammy [preauth]
Jun 24 00:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Failed password for invalid user sammy from 91.92.40.46 port 51810 ssh2
Jun 24 00:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Connection closed by 91.92.40.46 port 51810 [preauth]
Jun 24 00:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: Failed password for root from 91.92.40.46 port 51832 ssh2
Jun 24 00:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: Connection closed by 91.92.40.46 port 51832 [preauth]
Jun 24 00:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Invalid user ui from 91.92.40.46
Jun 24 00:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: input_userauth_request: invalid user ui [preauth]
Jun 24 00:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Failed password for invalid user ui from 91.92.40.46 port 22588 ssh2
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Connection closed by 91.92.40.46 port 22588 [preauth]
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18310]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: Successful su for rubyman by root
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: + ??? root:rubyman
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580602 of user rubyman.
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580602.
Jun 24 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Invalid user sysupdate from 91.92.40.46
Jun 24 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: input_userauth_request: invalid user sysupdate [preauth]
Jun 24 00:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18549]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 00:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18549]: Received disconnect from 107.181.228.82 port 37260:11: disconnected by user [preauth]
Jun 24 00:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18549]: Disconnected from 107.181.228.82 port 37260 [preauth]
Jun 24 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15517]: pam_unix(cron:session): session closed for user root
Jun 24 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Failed password for invalid user sysupdate from 91.92.40.46 port 16014 ssh2
Jun 24 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Connection closed by 91.92.40.46 port 16014 [preauth]
Jun 24 00:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: Invalid user cloudera from 91.92.40.46
Jun 24 00:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: input_userauth_request: invalid user cloudera [preauth]
Jun 24 00:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: Failed password for invalid user cloudera from 91.92.40.46 port 16038 ssh2
Jun 24 00:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: Connection closed by 91.92.40.46 port 16038 [preauth]
Jun 24 00:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: Invalid user admin from 91.92.40.46
Jun 24 00:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: input_userauth_request: invalid user admin [preauth]
Jun 24 00:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: Failed password for invalid user admin from 91.92.40.46 port 35588 ssh2
Jun 24 00:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18660]: Connection closed by 91.92.40.46 port 35588 [preauth]
Jun 24 00:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18686]: Invalid user user from 91.92.40.46
Jun 24 00:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18686]: input_userauth_request: invalid user user [preauth]
Jun 24 00:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18686]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18686]: Failed password for invalid user user from 91.92.40.46 port 44988 ssh2
Jun 24 00:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18686]: Connection closed by 91.92.40.46 port 44988 [preauth]
Jun 24 00:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Invalid user alex from 91.92.40.46
Jun 24 00:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: input_userauth_request: invalid user alex [preauth]
Jun 24 00:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Failed password for invalid user alex from 91.92.40.46 port 45038 ssh2
Jun 24 00:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Connection closed by 91.92.40.46 port 45038 [preauth]
Jun 24 00:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user root
Jun 24 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Invalid user xbot from 91.92.40.46
Jun 24 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: input_userauth_request: invalid user xbot [preauth]
Jun 24 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for invalid user xbot from 91.92.40.46 port 45780 ssh2
Jun 24 00:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Connection closed by 91.92.40.46 port 45780 [preauth]
Jun 24 00:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: Failed password for root from 91.92.40.46 port 45814 ssh2
Jun 24 00:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: Connection closed by 91.92.40.46 port 45814 [preauth]
Jun 24 00:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: Failed password for root from 91.92.40.46 port 25614 ssh2
Jun 24 00:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: Connection closed by 91.92.40.46 port 25614 [preauth]
Jun 24 00:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Invalid user a1 from 91.92.40.46
Jun 24 00:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: input_userauth_request: invalid user a1 [preauth]
Jun 24 00:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Failed password for invalid user a1 from 91.92.40.46 port 25666 ssh2
Jun 24 00:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Invalid user oracle from 91.92.40.46
Jun 24 00:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: input_userauth_request: invalid user oracle [preauth]
Jun 24 00:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Connection closed by 91.92.40.46 port 25666 [preauth]
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18852]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: Successful su for rubyman by root
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: + ??? root:rubyman
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580606 of user rubyman.
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580606.
Jun 24 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18962]: Invalid user camera from 69.74.29.21
Jun 24 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18962]: input_userauth_request: invalid user camera [preauth]
Jun 24 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18962]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 00:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session closed for user root
Jun 24 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Failed password for invalid user oracle from 91.92.40.46 port 14272 ssh2
Jun 24 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18962]: Failed password for invalid user camera from 69.74.29.21 port 36293 ssh2
Jun 24 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18962]: Received disconnect from 69.74.29.21 port 36293:11: Bye Bye [preauth]
Jun 24 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18962]: Disconnected from 69.74.29.21 port 36293 [preauth]
Jun 24 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18853]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Invalid user RPM from 91.92.40.46
Jun 24 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: input_userauth_request: invalid user RPM [preauth]
Jun 24 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Connection closed by 91.92.40.46 port 14272 [preauth]
Jun 24 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Failed password for invalid user RPM from 91.92.40.46 port 14312 ssh2
Jun 24 00:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: Invalid user pi from 91.92.40.46
Jun 24 00:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: input_userauth_request: invalid user pi [preauth]
Jun 24 00:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Connection closed by 91.92.40.46 port 14312 [preauth]
Jun 24 00:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: Failed password for invalid user pi from 91.92.40.46 port 22832 ssh2
Jun 24 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: Invalid user ubuntu from 91.92.40.46
Jun 24 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Invalid user newuser1 from 182.13.96.107
Jun 24 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: input_userauth_request: invalid user newuser1 [preauth]
Jun 24 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 00:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: Connection closed by 91.92.40.46 port 22832 [preauth]
Jun 24 00:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Failed password for invalid user newuser1 from 182.13.96.107 port 36440 ssh2
Jun 24 00:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Received disconnect from 182.13.96.107 port 36440:11: Bye Bye [preauth]
Jun 24 00:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Disconnected from 182.13.96.107 port 36440 [preauth]
Jun 24 00:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: Failed password for invalid user ubuntu from 91.92.40.46 port 22842 ssh2
Jun 24 00:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: Connection closed by 91.92.40.46 port 22842 [preauth]
Jun 24 00:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for root from 91.92.40.46 port 41930 ssh2
Jun 24 00:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Connection closed by 91.92.40.46 port 41930 [preauth]
Jun 24 00:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: Failed password for root from 91.92.40.46 port 60834 ssh2
Jun 24 00:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: Connection closed by 91.92.40.46 port 60834 [preauth]
Jun 24 00:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: Invalid user jeff from 91.92.40.46
Jun 24 00:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: input_userauth_request: invalid user jeff [preauth]
Jun 24 00:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: Failed password for invalid user jeff from 91.92.40.46 port 42082 ssh2
Jun 24 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17858]: pam_unix(cron:session): session closed for user root
Jun 24 00:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: Connection closed by 91.92.40.46 port 42082 [preauth]
Jun 24 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: Invalid user bob from 91.92.40.46
Jun 24 00:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: input_userauth_request: invalid user bob [preauth]
Jun 24 00:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: Failed password for invalid user bob from 91.92.40.46 port 42142 ssh2
Jun 24 00:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19295]: Connection closed by 91.92.40.46 port 42142 [preauth]
Jun 24 00:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: Invalid user user from 91.92.40.46
Jun 24 00:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: input_userauth_request: invalid user user [preauth]
Jun 24 00:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: Failed password for invalid user user from 91.92.40.46 port 41282 ssh2
Jun 24 00:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: Connection closed by 91.92.40.46 port 41282 [preauth]
Jun 24 00:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Invalid user hadoop from 91.92.40.46
Jun 24 00:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: input_userauth_request: invalid user hadoop [preauth]
Jun 24 00:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Failed password for invalid user hadoop from 91.92.40.46 port 41324 ssh2
Jun 24 00:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Connection closed by 91.92.40.46 port 41324 [preauth]
Jun 24 00:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: Failed password for root from 91.92.40.46 port 30696 ssh2
Jun 24 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: Connection closed by 91.92.40.46 port 30696 [preauth]
Jun 24 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19362]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: Successful su for rubyman by root
Jun 24 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: + ??? root:rubyman
Jun 24 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580611 of user rubyman.
Jun 24 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580611.
Jun 24 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: Invalid user alex from 91.92.40.46
Jun 24 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: input_userauth_request: invalid user alex [preauth]
Jun 24 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16349]: pam_unix(cron:session): session closed for user root
Jun 24 00:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: Failed password for invalid user alex from 91.92.40.46 port 36792 ssh2
Jun 24 00:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: Connection closed by 91.92.40.46 port 36792 [preauth]
Jun 24 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19363]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: Invalid user ftptest from 91.92.40.46
Jun 24 00:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: input_userauth_request: invalid user ftptest [preauth]
Jun 24 00:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: Failed password for invalid user ftptest from 91.92.40.46 port 36814 ssh2
Jun 24 00:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: Connection closed by 91.92.40.46 port 36814 [preauth]
Jun 24 00:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: Invalid user postgres from 91.92.40.46
Jun 24 00:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: input_userauth_request: invalid user postgres [preauth]
Jun 24 00:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: Failed password for invalid user postgres from 91.92.40.46 port 24680 ssh2
Jun 24 00:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: Connection closed by 91.92.40.46 port 24680 [preauth]
Jun 24 00:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: Invalid user ubuntu from 91.92.40.46
Jun 24 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: Failed password for invalid user ubuntu from 91.92.40.46 port 24722 ssh2
Jun 24 00:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19860]: Connection closed by 91.92.40.46 port 24722 [preauth]
Jun 24 00:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: Failed password for root from 91.92.40.46 port 51792 ssh2
Jun 24 00:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19862]: Connection closed by 91.92.40.46 port 51792 [preauth]
Jun 24 00:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19895]: Invalid user web from 91.92.40.46
Jun 24 00:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19895]: input_userauth_request: invalid user web [preauth]
Jun 24 00:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session closed for user root
Jun 24 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19895]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19895]: Failed password for invalid user web from 91.92.40.46 port 51838 ssh2
Jun 24 00:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19895]: Connection closed by 91.92.40.46 port 51838 [preauth]
Jun 24 00:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: Invalid user client from 91.92.40.46
Jun 24 00:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: input_userauth_request: invalid user client [preauth]
Jun 24 00:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: Failed password for invalid user client from 91.92.40.46 port 36466 ssh2
Jun 24 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: Connection closed by 91.92.40.46 port 36466 [preauth]
Jun 24 00:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: Invalid user karel from 91.92.40.46
Jun 24 00:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: input_userauth_request: invalid user karel [preauth]
Jun 24 00:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: Failed password for invalid user karel from 91.92.40.46 port 48428 ssh2
Jun 24 00:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: Connection closed by 91.92.40.46 port 48428 [preauth]
Jun 24 00:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Invalid user gmod from 91.92.40.46
Jun 24 00:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: input_userauth_request: invalid user gmod [preauth]
Jun 24 00:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Failed password for invalid user gmod from 91.92.40.46 port 48466 ssh2
Jun 24 00:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Connection closed by 91.92.40.46 port 48466 [preauth]
Jun 24 00:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Invalid user soporte from 91.92.40.46
Jun 24 00:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: input_userauth_request: invalid user soporte [preauth]
Jun 24 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Failed password for invalid user soporte from 91.92.40.46 port 13294 ssh2
Jun 24 00:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Connection closed by 91.92.40.46 port 13294 [preauth]
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20001]: pam_unix(cron:session): session closed for user root
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19995]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Invalid user newuser from 91.92.40.46
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: input_userauth_request: invalid user newuser [preauth]
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20063]: Successful su for rubyman by root
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20063]: + ??? root:rubyman
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580615 of user rubyman.
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20063]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580615.
Jun 24 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16771]: pam_unix(cron:session): session closed for user root
Jun 24 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19997]: pam_unix(cron:session): session closed for user root
Jun 24 00:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Failed password for invalid user newuser from 91.92.40.46 port 13296 ssh2
Jun 24 00:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19996]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Connection closed by 91.92.40.46 port 13296 [preauth]
Jun 24 00:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: Failed password for root from 91.92.40.46 port 20888 ssh2
Jun 24 00:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Invalid user testuser from 91.92.40.46
Jun 24 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: input_userauth_request: invalid user testuser [preauth]
Jun 24 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: Connection closed by 91.92.40.46 port 20888 [preauth]
Jun 24 00:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Failed password for root from 69.74.29.21 port 29872 ssh2
Jun 24 00:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Received disconnect from 69.74.29.21 port 29872:11: Bye Bye [preauth]
Jun 24 00:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Disconnected from 69.74.29.21 port 29872 [preauth]
Jun 24 00:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Failed password for invalid user testuser from 91.92.40.46 port 20936 ssh2
Jun 24 00:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Connection closed by 91.92.40.46 port 20936 [preauth]
Jun 24 00:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Failed password for root from 91.92.40.46 port 18852 ssh2
Jun 24 00:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: Invalid user test from 91.92.40.46
Jun 24 00:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: input_userauth_request: invalid user test [preauth]
Jun 24 00:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Connection closed by 91.92.40.46 port 18852 [preauth]
Jun 24 00:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: Failed password for invalid user test from 91.92.40.46 port 18916 ssh2
Jun 24 00:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: Invalid user jpg from 91.92.40.46
Jun 24 00:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: input_userauth_request: invalid user jpg [preauth]
Jun 24 00:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: Connection closed by 91.92.40.46 port 18916 [preauth]
Jun 24 00:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: Failed password for invalid user jpg from 91.92.40.46 port 18060 ssh2
Jun 24 00:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session closed for user root
Jun 24 00:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: Connection closed by 91.92.40.46 port 18060 [preauth]
Jun 24 00:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: Invalid user server from 182.13.96.107
Jun 24 00:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: input_userauth_request: invalid user server [preauth]
Jun 24 00:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 00:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: Failed password for root from 91.92.40.46 port 62322 ssh2
Jun 24 00:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: Connection closed by 91.92.40.46 port 62322 [preauth]
Jun 24 00:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: Failed password for invalid user server from 182.13.96.107 port 58256 ssh2
Jun 24 00:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: Received disconnect from 182.13.96.107 port 58256:11: Bye Bye [preauth]
Jun 24 00:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: Disconnected from 182.13.96.107 port 58256 [preauth]
Jun 24 00:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20496]: Invalid user game from 91.92.40.46
Jun 24 00:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20496]: input_userauth_request: invalid user game [preauth]
Jun 24 00:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20496]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20496]: Failed password for invalid user game from 91.92.40.46 port 12778 ssh2
Jun 24 00:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20496]: Connection closed by 91.92.40.46 port 12778 [preauth]
Jun 24 00:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Invalid user deploy from 91.92.40.46
Jun 24 00:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: input_userauth_request: invalid user deploy [preauth]
Jun 24 00:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Failed password for invalid user deploy from 91.92.40.46 port 12836 ssh2
Jun 24 00:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Connection closed by 91.92.40.46 port 12836 [preauth]
Jun 24 00:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Invalid user root1 from 91.92.40.46
Jun 24 00:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: input_userauth_request: invalid user root1 [preauth]
Jun 24 00:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Failed password for invalid user root1 from 91.92.40.46 port 44678 ssh2
Jun 24 00:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Connection closed by 91.92.40.46 port 44678 [preauth]
Jun 24 00:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Invalid user jenkins from 91.92.40.46
Jun 24 00:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: input_userauth_request: invalid user jenkins [preauth]
Jun 24 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20554]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20629]: Successful su for rubyman by root
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20629]: + ??? root:rubyman
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580620 of user rubyman.
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20629]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580620.
Jun 24 00:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Failed password for invalid user jenkins from 91.92.40.46 port 44742 ssh2
Jun 24 00:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session closed for user root
Jun 24 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Connection closed by 91.92.40.46 port 44742 [preauth]
Jun 24 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: Invalid user cloud from 91.92.40.46
Jun 24 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: input_userauth_request: invalid user cloud [preauth]
Jun 24 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20555]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: Failed password for invalid user cloud from 91.92.40.46 port 22142 ssh2
Jun 24 00:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: Connection closed by 91.92.40.46 port 22142 [preauth]
Jun 24 00:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for root from 91.92.40.46 port 22154 ssh2
Jun 24 00:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Connection closed by 91.92.40.46 port 22154 [preauth]
Jun 24 00:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Invalid user appuser from 91.92.40.46
Jun 24 00:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: input_userauth_request: invalid user appuser [preauth]
Jun 24 00:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Failed password for invalid user appuser from 91.92.40.46 port 39684 ssh2
Jun 24 00:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Connection closed by 91.92.40.46 port 39684 [preauth]
Jun 24 00:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20937]: Invalid user maarch from 91.92.40.46
Jun 24 00:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20937]: input_userauth_request: invalid user maarch [preauth]
Jun 24 00:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20937]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20937]: Failed password for invalid user maarch from 91.92.40.46 port 43460 ssh2
Jun 24 00:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20937]: Connection closed by 91.92.40.46 port 43460 [preauth]
Jun 24 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Invalid user openclaw from 91.92.40.46
Jun 24 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for invalid user openclaw from 91.92.40.46 port 43478 ssh2
Jun 24 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Connection closed by 91.92.40.46 port 43478 [preauth]
Jun 24 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session closed for user root
Jun 24 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Invalid user system from 91.92.40.46
Jun 24 00:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: input_userauth_request: invalid user system [preauth]
Jun 24 00:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Failed password for invalid user system from 91.92.40.46 port 28396 ssh2
Jun 24 00:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Invalid user devops from 91.92.40.46
Jun 24 00:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: input_userauth_request: invalid user devops [preauth]
Jun 24 00:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Connection closed by 91.92.40.46 port 28396 [preauth]
Jun 24 00:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Failed password for invalid user devops from 91.92.40.46 port 28432 ssh2
Jun 24 00:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Connection closed by 91.92.40.46 port 28432 [preauth]
Jun 24 00:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: Invalid user pds from 91.92.40.46
Jun 24 00:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: input_userauth_request: invalid user pds [preauth]
Jun 24 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: Failed password for invalid user pds from 91.92.40.46 port 38480 ssh2
Jun 24 00:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: Connection closed by 91.92.40.46 port 38480 [preauth]
Jun 24 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Invalid user deploy from 91.92.40.46
Jun 24 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: input_userauth_request: invalid user deploy [preauth]
Jun 24 00:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Failed password for invalid user deploy from 91.92.40.46 port 38546 ssh2
Jun 24 00:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Connection closed by 91.92.40.46 port 38546 [preauth]
Jun 24 00:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21056]: Failed password for root from 91.92.40.46 port 34230 ssh2
Jun 24 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21080]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21145]: Successful su for rubyman by root
Jun 24 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21145]: + ??? root:rubyman
Jun 24 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580623 of user rubyman.
Jun 24 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21145]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580623.
Jun 24 00:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21056]: Connection closed by 91.92.40.46 port 34230 [preauth]
Jun 24 00:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: Invalid user gituser from 91.92.40.46
Jun 24 00:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: input_userauth_request: invalid user gituser [preauth]
Jun 24 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17857]: pam_unix(cron:session): session closed for user root
Jun 24 00:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21081]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: Failed password for invalid user gituser from 91.92.40.46 port 39964 ssh2
Jun 24 00:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: Connection closed by 91.92.40.46 port 39964 [preauth]
Jun 24 00:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 00:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Failed password for root from 91.92.40.46 port 40036 ssh2
Jun 24 00:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Connection closed by 91.92.40.46 port 40036 [preauth]
Jun 24 00:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: Failed password for root from 193.37.70.224 port 47986 ssh2
Jun 24 00:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: Connection closed by 193.37.70.224 port 47986 [preauth]
Jun 24 00:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: Invalid user btc from 91.92.40.46
Jun 24 00:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: input_userauth_request: invalid user btc [preauth]
Jun 24 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 00:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: Failed password for invalid user btc from 91.92.40.46 port 43280 ssh2
Jun 24 00:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21374]: Failed password for root from 69.74.29.21 port 60361 ssh2
Jun 24 00:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21374]: Received disconnect from 69.74.29.21 port 60361:11: Bye Bye [preauth]
Jun 24 00:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21374]: Disconnected from 69.74.29.21 port 60361 [preauth]
Jun 24 00:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: Connection closed by 91.92.40.46 port 43280 [preauth]
Jun 24 00:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: Invalid user amine from 91.92.40.46
Jun 24 00:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: input_userauth_request: invalid user amine [preauth]
Jun 24 00:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: Failed password for invalid user amine from 91.92.40.46 port 43296 ssh2
Jun 24 00:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: Connection closed by 91.92.40.46 port 43296 [preauth]
Jun 24 00:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: Invalid user hadoop from 91.92.40.46
Jun 24 00:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: input_userauth_request: invalid user hadoop [preauth]
Jun 24 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: Failed password for invalid user hadoop from 91.92.40.46 port 60048 ssh2
Jun 24 00:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: Invalid user user from 91.92.40.46
Jun 24 00:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: input_userauth_request: invalid user user [preauth]
Jun 24 00:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: Connection closed by 91.92.40.46 port 60048 [preauth]
Jun 24 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19999]: pam_unix(cron:session): session closed for user root
Jun 24 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: Failed password for invalid user user from 91.92.40.46 port 60102 ssh2
Jun 24 00:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 00:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21404]: Connection closed by 91.92.40.46 port 60102 [preauth]
Jun 24 00:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21449]: Failed password for root from 202.178.126.219 port 4804 ssh2
Jun 24 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: Invalid user ubuntu from 91.92.40.46
Jun 24 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21449]: Connection closed by 202.178.126.219 port 4804 [preauth]
Jun 24 00:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: Failed password for invalid user ubuntu from 91.92.40.46 port 54718 ssh2
Jun 24 00:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: Connection closed by 91.92.40.46 port 54718 [preauth]
Jun 24 00:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: Invalid user odoo17 from 91.92.40.46
Jun 24 00:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: input_userauth_request: invalid user odoo17 [preauth]
Jun 24 00:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: Failed password for invalid user odoo17 from 91.92.40.46 port 56440 ssh2
Jun 24 00:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: Connection closed by 91.92.40.46 port 56440 [preauth]
Jun 24 00:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: Invalid user kevin from 91.92.40.46
Jun 24 00:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: input_userauth_request: invalid user kevin [preauth]
Jun 24 00:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107  user=root
Jun 24 00:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: Failed password for invalid user kevin from 91.92.40.46 port 56498 ssh2
Jun 24 00:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Failed password for root from 182.13.96.107 port 46344 ssh2
Jun 24 00:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Received disconnect from 182.13.96.107 port 46344:11: Bye Bye [preauth]
Jun 24 00:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Disconnected from 182.13.96.107 port 46344 [preauth]
Jun 24 00:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: Connection closed by 91.92.40.46 port 56498 [preauth]
Jun 24 00:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21498]: Invalid user manoj from 91.92.40.46
Jun 24 00:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21498]: input_userauth_request: invalid user manoj [preauth]
Jun 24 00:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21498]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21498]: Failed password for invalid user manoj from 91.92.40.46 port 28794 ssh2
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21600]: Successful su for rubyman by root
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21600]: + ??? root:rubyman
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580629 of user rubyman.
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21600]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580629.
Jun 24 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21498]: Connection closed by 91.92.40.46 port 28794 [preauth]
Jun 24 00:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: Invalid user anna from 91.92.40.46
Jun 24 00:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: input_userauth_request: invalid user anna [preauth]
Jun 24 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18312]: pam_unix(cron:session): session closed for user root
Jun 24 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21528]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: Failed password for invalid user anna from 91.92.40.46 port 40594 ssh2
Jun 24 00:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: Connection closed by 91.92.40.46 port 40594 [preauth]
Jun 24 00:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21779]: Invalid user openclaw from 91.92.40.46
Jun 24 00:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21779]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 00:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21779]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21779]: Failed password for invalid user openclaw from 91.92.40.46 port 40606 ssh2
Jun 24 00:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21779]: Connection closed by 91.92.40.46 port 40606 [preauth]
Jun 24 00:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: Invalid user tfj from 91.92.40.46
Jun 24 00:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: input_userauth_request: invalid user tfj [preauth]
Jun 24 00:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: Failed password for invalid user tfj from 91.92.40.46 port 56406 ssh2
Jun 24 00:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21812]: Connection closed by 91.92.40.46 port 56406 [preauth]
Jun 24 00:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21835]: Failed password for root from 91.92.40.46 port 53448 ssh2
Jun 24 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21835]: Connection closed by 91.92.40.46 port 53448 [preauth]
Jun 24 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: Invalid user ivan from 91.92.40.46
Jun 24 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: input_userauth_request: invalid user ivan [preauth]
Jun 24 00:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: Failed password for invalid user ivan from 91.92.40.46 port 53522 ssh2
Jun 24 00:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: Connection closed by 91.92.40.46 port 53522 [preauth]
Jun 24 00:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: Invalid user ubuntu from 91.92.40.46
Jun 24 00:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20557]: pam_unix(cron:session): session closed for user root
Jun 24 00:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: Failed password for invalid user ubuntu from 91.92.40.46 port 11888 ssh2
Jun 24 00:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: Connection closed by 91.92.40.46 port 11888 [preauth]
Jun 24 00:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Invalid user rancher from 91.92.40.46
Jun 24 00:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: input_userauth_request: invalid user rancher [preauth]
Jun 24 00:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Failed password for invalid user rancher from 91.92.40.46 port 11952 ssh2
Jun 24 00:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Connection closed by 91.92.40.46 port 11952 [preauth]
Jun 24 00:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Invalid user user1 from 91.92.40.46
Jun 24 00:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: input_userauth_request: invalid user user1 [preauth]
Jun 24 00:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Failed password for invalid user user1 from 91.92.40.46 port 38730 ssh2
Jun 24 00:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Connection closed by 91.92.40.46 port 38730 [preauth]
Jun 24 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Invalid user eva from 91.92.40.46
Jun 24 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: input_userauth_request: invalid user eva [preauth]
Jun 24 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21951]: Invalid user pi from 125.227.156.55
Jun 24 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21951]: input_userauth_request: invalid user pi [preauth]
Jun 24 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: Invalid user pi from 125.227.156.55
Jun 24 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: input_userauth_request: invalid user pi [preauth]
Jun 24 00:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21951]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.227.156.55
Jun 24 00:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.227.156.55
Jun 24 00:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21951]: Failed password for invalid user pi from 125.227.156.55 port 51766 ssh2
Jun 24 00:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: Failed password for invalid user pi from 125.227.156.55 port 51768 ssh2
Jun 24 00:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21951]: Connection closed by 125.227.156.55 port 51766 [preauth]
Jun 24 00:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: Connection closed by 125.227.156.55 port 51768 [preauth]
Jun 24 00:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Failed password for invalid user eva from 91.92.40.46 port 38750 ssh2
Jun 24 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Connection closed by 91.92.40.46 port 38750 [preauth]
Jun 24 00:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Invalid user hades from 91.92.40.46
Jun 24 00:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: input_userauth_request: invalid user hades [preauth]
Jun 24 00:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Failed password for invalid user hades from 91.92.40.46 port 19298 ssh2
Jun 24 00:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Connection closed by 91.92.40.46 port 19298 [preauth]
Jun 24 00:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: Invalid user client from 91.92.40.46
Jun 24 00:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: input_userauth_request: invalid user client [preauth]
Jun 24 00:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21976]: pam_unix(cron:session): session closed for user p13x
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22034]: Successful su for rubyman by root
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22034]: + ??? root:rubyman
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580633 of user rubyman.
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22034]: pam_unix(su:session): session closed for user rubyman
Jun 24 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580633.
Jun 24 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: Failed password for invalid user client from 91.92.40.46 port 14138 ssh2
Jun 24 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21973]: Connection closed by 91.92.40.46 port 14138 [preauth]
Jun 24 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18854]: pam_unix(cron:session): session closed for user root
Jun 24 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21977]: pam_unix(cron:session): session closed for user samftp
Jun 24 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Invalid user kafka from 91.92.40.46
Jun 24 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: input_userauth_request: invalid user kafka [preauth]
Jun 24 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Failed password for invalid user kafka from 91.92.40.46 port 14188 ssh2
Jun 24 00:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Connection closed by 91.92.40.46 port 14188 [preauth]
Jun 24 00:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Invalid user try from 91.92.40.46
Jun 24 00:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: input_userauth_request: invalid user try [preauth]
Jun 24 00:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Failed password for invalid user try from 91.92.40.46 port 59784 ssh2
Jun 24 00:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Connection closed by 91.92.40.46 port 59784 [preauth]
Jun 24 00:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: Invalid user user from 91.92.40.46
Jun 24 00:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: input_userauth_request: invalid user user [preauth]
Jun 24 00:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: Failed password for invalid user user from 91.92.40.46 port 53776 ssh2
Jun 24 00:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: Connection closed by 91.92.40.46 port 53776 [preauth]
Jun 24 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 00:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for root from 69.74.29.21 port 61079 ssh2
Jun 24 00:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: Invalid user debian from 91.92.40.46
Jun 24 00:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: input_userauth_request: invalid user debian [preauth]
Jun 24 00:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Received disconnect from 69.74.29.21 port 61079:11: Bye Bye [preauth]
Jun 24 00:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Disconnected from 69.74.29.21 port 61079 [preauth]
Jun 24 00:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: Failed password for invalid user debian from 91.92.40.46 port 53790 ssh2
Jun 24 00:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: Connection closed by 91.92.40.46 port 53790 [preauth]
Jun 24 00:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session closed for user root
Jun 24 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: Invalid user bot from 91.92.40.46
Jun 24 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: input_userauth_request: invalid user bot [preauth]
Jun 24 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: Failed password for invalid user bot from 91.92.40.46 port 49246 ssh2
Jun 24 00:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: Connection closed by 91.92.40.46 port 49246 [preauth]
Jun 24 00:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22427]: Failed password for root from 91.92.40.46 port 49280 ssh2
Jun 24 00:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22427]: Connection closed by 91.92.40.46 port 49280 [preauth]
Jun 24 00:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 00:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: Failed password for root from 91.92.40.46 port 56766 ssh2
Jun 24 00:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: Connection closed by 91.92.40.46 port 56766 [preauth]
Jun 24 00:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: Invalid user joe from 91.92.40.46
Jun 24 00:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: input_userauth_request: invalid user joe [preauth]
Jun 24 00:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: Failed password for invalid user joe from 91.92.40.46 port 52102 ssh2
Jun 24 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: Connection closed by 91.92.40.46 port 52102 [preauth]
Jun 24 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 00:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: Invalid user dbs from 91.92.40.46
Jun 24 00:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: input_userauth_request: invalid user dbs [preauth]
Jun 24 00:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 00:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: Failed password for invalid user dbs from 91.92.40.46 port 52114 ssh2
Jun 24 01:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: Connection closed by 91.92.40.46 port 52114 [preauth]
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22500]: pam_unix(cron:session): session closed for user root
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22496]: pam_unix(cron:session): session closed for user root
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22494]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: Successful su for rubyman by root
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: + ??? root:rubyman
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580638 of user rubyman.
Jun 24 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580638.
Jun 24 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22582]: Invalid user admin2 from 91.92.40.46
Jun 24 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22582]: input_userauth_request: invalid user admin2 [preauth]
Jun 24 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22497]: pam_unix(cron:session): session closed for user root
Jun 24 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session closed for user root
Jun 24 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22582]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22582]: Failed password for invalid user admin2 from 91.92.40.46 port 40220 ssh2
Jun 24 01:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22582]: Connection closed by 91.92.40.46 port 40220 [preauth]
Jun 24 01:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22495]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Invalid user vanessa from 182.13.96.107
Jun 24 01:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: input_userauth_request: invalid user vanessa [preauth]
Jun 24 01:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Failed password for invalid user vanessa from 182.13.96.107 port 45222 ssh2
Jun 24 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Received disconnect from 182.13.96.107 port 45222:11: Bye Bye [preauth]
Jun 24 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Disconnected from 182.13.96.107 port 45222 [preauth]
Jun 24 01:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: Failed password for root from 91.92.40.46 port 59548 ssh2
Jun 24 01:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22818]: Connection closed by 91.92.40.46 port 59548 [preauth]
Jun 24 01:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: Invalid user guest from 91.92.40.46
Jun 24 01:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: input_userauth_request: invalid user guest [preauth]
Jun 24 01:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: Failed password for invalid user guest from 91.92.40.46 port 59604 ssh2
Jun 24 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: Connection closed by 91.92.40.46 port 59604 [preauth]
Jun 24 01:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22854]: Invalid user develop from 91.92.40.46
Jun 24 01:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22854]: input_userauth_request: invalid user develop [preauth]
Jun 24 01:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22854]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22854]: Failed password for invalid user develop from 91.92.40.46 port 18670 ssh2
Jun 24 01:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22854]: Connection closed by 91.92.40.46 port 18670 [preauth]
Jun 24 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: Invalid user sysupdate from 91.92.40.46
Jun 24 01:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: input_userauth_request: invalid user sysupdate [preauth]
Jun 24 01:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: Failed password for invalid user sysupdate from 91.92.40.46 port 18720 ssh2
Jun 24 01:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22882]: Connection closed by 91.92.40.46 port 18720 [preauth]
Jun 24 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21530]: pam_unix(cron:session): session closed for user root
Jun 24 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22939]: Invalid user vpn from 91.92.40.46
Jun 24 01:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22939]: input_userauth_request: invalid user vpn [preauth]
Jun 24 01:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22939]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22939]: Failed password for invalid user vpn from 91.92.40.46 port 19890 ssh2
Jun 24 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22939]: Connection closed by 91.92.40.46 port 19890 [preauth]
Jun 24 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: Invalid user steam from 91.92.40.46
Jun 24 01:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: input_userauth_request: invalid user steam [preauth]
Jun 24 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: Failed password for invalid user steam from 91.92.40.46 port 25022 ssh2
Jun 24 01:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22963]: Connection closed by 91.92.40.46 port 25022 [preauth]
Jun 24 01:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Failed password for root from 91.92.40.46 port 25028 ssh2
Jun 24 01:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Connection closed by 91.92.40.46 port 25028 [preauth]
Jun 24 01:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: Invalid user gg from 91.92.40.46
Jun 24 01:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: input_userauth_request: invalid user gg [preauth]
Jun 24 01:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: Failed password for invalid user gg from 91.92.40.46 port 30016 ssh2
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23019]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23085]: Successful su for rubyman by root
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23085]: + ??? root:rubyman
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580642 of user rubyman.
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23085]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580642.
Jun 24 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: Connection closed by 91.92.40.46 port 30016 [preauth]
Jun 24 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19998]: pam_unix(cron:session): session closed for user root
Jun 24 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: Failed password for root from 91.92.40.46 port 30066 ssh2
Jun 24 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23020]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: Invalid user aaa from 91.92.40.46
Jun 24 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: input_userauth_request: invalid user aaa [preauth]
Jun 24 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: Connection closed by 91.92.40.46 port 30066 [preauth]
Jun 24 01:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: Failed password for invalid user aaa from 91.92.40.46 port 17570 ssh2
Jun 24 01:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: Connection closed by 91.92.40.46 port 17570 [preauth]
Jun 24 01:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: Invalid user stef from 91.92.40.46
Jun 24 01:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: input_userauth_request: invalid user stef [preauth]
Jun 24 01:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: Failed password for invalid user stef from 91.92.40.46 port 17616 ssh2
Jun 24 01:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: Connection closed by 91.92.40.46 port 17616 [preauth]
Jun 24 01:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23291]: Failed password for root from 91.92.40.46 port 14260 ssh2
Jun 24 01:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 01:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23291]: Connection closed by 91.92.40.46 port 14260 [preauth]
Jun 24 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23358]: Failed password for root from 69.74.29.21 port 54311 ssh2
Jun 24 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23358]: Received disconnect from 69.74.29.21 port 54311:11: Bye Bye [preauth]
Jun 24 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23358]: Disconnected from 69.74.29.21 port 54311 [preauth]
Jun 24 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: Failed password for invalid user ubuntu from 91.92.40.46 port 14272 ssh2
Jun 24 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21979]: pam_unix(cron:session): session closed for user root
Jun 24 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23319]: Connection closed by 91.92.40.46 port 14272 [preauth]
Jun 24 01:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: Failed password for root from 91.92.40.46 port 14824 ssh2
Jun 24 01:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: Connection closed by 91.92.40.46 port 14824 [preauth]
Jun 24 01:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: Invalid user test from 91.92.40.46
Jun 24 01:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: input_userauth_request: invalid user test [preauth]
Jun 24 01:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: Failed password for invalid user test from 91.92.40.46 port 54466 ssh2
Jun 24 01:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: Invalid user claude from 91.92.40.46
Jun 24 01:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: input_userauth_request: invalid user claude [preauth]
Jun 24 01:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: Connection closed by 91.92.40.46 port 54466 [preauth]
Jun 24 01:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: Failed password for invalid user claude from 91.92.40.46 port 54486 ssh2
Jun 24 01:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23394]: Connection closed by 91.92.40.46 port 54486 [preauth]
Jun 24 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: Failed password for root from 91.92.40.46 port 59278 ssh2
Jun 24 01:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Invalid user noah from 91.92.40.46
Jun 24 01:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: input_userauth_request: invalid user noah [preauth]
Jun 24 01:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: Connection closed by 91.92.40.46 port 59278 [preauth]
Jun 24 01:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23460]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23526]: Successful su for rubyman by root
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23526]: + ??? root:rubyman
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580646 of user rubyman.
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23526]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580646.
Jun 24 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Failed password for invalid user noah from 91.92.40.46 port 30608 ssh2
Jun 24 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20556]: pam_unix(cron:session): session closed for user root
Jun 24 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Connection closed by 91.92.40.46 port 30608 [preauth]
Jun 24 01:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23461]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Failed password for root from 91.92.40.46 port 30636 ssh2
Jun 24 01:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: Invalid user daniel from 91.92.40.46
Jun 24 01:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: input_userauth_request: invalid user daniel [preauth]
Jun 24 01:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Connection closed by 91.92.40.46 port 30636 [preauth]
Jun 24 01:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: Failed password for invalid user daniel from 91.92.40.46 port 64994 ssh2
Jun 24 01:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Invalid user admin from 91.92.40.46
Jun 24 01:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: input_userauth_request: invalid user admin [preauth]
Jun 24 01:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23761]: Received disconnect from 217.156.65.251 port 46086:11: disconnected by user [preauth]
Jun 24 01:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23761]: Disconnected from 217.156.65.251 port 46086 [preauth]
Jun 24 01:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: Connection closed by 91.92.40.46 port 64994 [preauth]
Jun 24 01:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23733]: Invalid user user1 from 91.92.40.46
Jun 24 01:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23733]: input_userauth_request: invalid user user1 [preauth]
Jun 24 01:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Failed password for invalid user admin from 91.92.40.46 port 37824 ssh2
Jun 24 01:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23733]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Connection closed by 91.92.40.46 port 37824 [preauth]
Jun 24 01:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: Invalid user jessica from 182.13.96.107
Jun 24 01:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: input_userauth_request: invalid user jessica [preauth]
Jun 24 01:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23733]: Failed password for invalid user user1 from 91.92.40.46 port 37868 ssh2
Jun 24 01:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: Failed password for invalid user jessica from 182.13.96.107 port 43066 ssh2
Jun 24 01:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: Received disconnect from 182.13.96.107 port 43066:11: Bye Bye [preauth]
Jun 24 01:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: Disconnected from 182.13.96.107 port 43066 [preauth]
Jun 24 01:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23733]: Connection closed by 91.92.40.46 port 37868 [preauth]
Jun 24 01:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: Failed password for root from 91.92.40.46 port 32506 ssh2
Jun 24 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22499]: pam_unix(cron:session): session closed for user root
Jun 24 01:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: Connection closed by 91.92.40.46 port 32506 [preauth]
Jun 24 01:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: Failed password for root from 91.92.40.46 port 32560 ssh2
Jun 24 01:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23809]: Invalid user cloud from 91.92.40.46
Jun 24 01:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23809]: input_userauth_request: invalid user cloud [preauth]
Jun 24 01:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: Connection closed by 91.92.40.46 port 32560 [preauth]
Jun 24 01:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23809]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23809]: Failed password for invalid user cloud from 91.92.40.46 port 64632 ssh2
Jun 24 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: Invalid user deploy from 91.92.40.46
Jun 24 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: input_userauth_request: invalid user deploy [preauth]
Jun 24 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23809]: Connection closed by 91.92.40.46 port 64632 [preauth]
Jun 24 01:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: Failed password for invalid user deploy from 91.92.40.46 port 64668 ssh2
Jun 24 01:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: Connection closed by 91.92.40.46 port 64668 [preauth]
Jun 24 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: Invalid user osboxes from 141.98.83.240
Jun 24 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: input_userauth_request: invalid user osboxes [preauth]
Jun 24 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 01:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: Failed password for invalid user ubuntu from 91.92.40.46 port 31730 ssh2
Jun 24 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: Failed password for invalid user osboxes from 141.98.83.240 port 63842 ssh2
Jun 24 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24013]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: Failed password for invalid user osboxes from 141.98.83.240 port 63842 ssh2
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24073]: Successful su for rubyman by root
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24073]: + ??? root:rubyman
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580651 of user rubyman.
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24073]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580651.
Jun 24 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: Connection closed by 91.92.40.46 port 31730 [preauth]
Jun 24 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: Failed password for invalid user osboxes from 141.98.83.240 port 63842 ssh2
Jun 24 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: Connection closed by 141.98.83.240 port 63842 [preauth]
Jun 24 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session closed for user root
Jun 24 01:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Failed password for invalid user ubuntu from 91.92.40.46 port 31802 ssh2
Jun 24 01:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24014]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Connection closed by 91.92.40.46 port 31802 [preauth]
Jun 24 01:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23978]: Failed password for root from 91.92.40.46 port 34856 ssh2
Jun 24 01:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: Invalid user alfred from 91.92.40.46
Jun 24 01:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: input_userauth_request: invalid user alfred [preauth]
Jun 24 01:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23978]: Connection closed by 91.92.40.46 port 34856 [preauth]
Jun 24 01:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: Failed password for invalid user alfred from 91.92.40.46 port 34876 ssh2
Jun 24 01:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: Connection closed by 91.92.40.46 port 34876 [preauth]
Jun 24 01:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: Failed password for root from 91.92.40.46 port 14524 ssh2
Jun 24 01:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: Connection closed by 91.92.40.46 port 14524 [preauth]
Jun 24 01:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Invalid user admin from 91.92.40.46
Jun 24 01:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: input_userauth_request: invalid user admin [preauth]
Jun 24 01:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 01:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: Failed password for root from 91.92.40.46 port 14554 ssh2
Jun 24 01:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Failed password for root from 69.74.29.21 port 23255 ssh2
Jun 24 01:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Received disconnect from 69.74.29.21 port 23255:11: Bye Bye [preauth]
Jun 24 01:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Disconnected from 69.74.29.21 port 23255 [preauth]
Jun 24 01:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session closed for user root
Jun 24 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24278]: Connection closed by 91.92.40.46 port 14554 [preauth]
Jun 24 01:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Invalid user aaa from 91.92.40.46
Jun 24 01:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: input_userauth_request: invalid user aaa [preauth]
Jun 24 01:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Failed password for invalid user admin from 91.92.40.46 port 40862 ssh2
Jun 24 01:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: Invalid user deploy from 91.92.40.46
Jun 24 01:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: input_userauth_request: invalid user deploy [preauth]
Jun 24 01:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Connection closed by 91.92.40.46 port 40862 [preauth]
Jun 24 01:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Failed password for invalid user aaa from 91.92.40.46 port 18920 ssh2
Jun 24 01:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Connection closed by 91.92.40.46 port 18920 [preauth]
Jun 24 01:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Invalid user madhuri from 91.92.40.46
Jun 24 01:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: input_userauth_request: invalid user madhuri [preauth]
Jun 24 01:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: Failed password for invalid user deploy from 91.92.40.46 port 18976 ssh2
Jun 24 01:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24331]: Connection closed by 91.92.40.46 port 18976 [preauth]
Jun 24 01:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Failed password for invalid user madhuri from 91.92.40.46 port 40884 ssh2
Jun 24 01:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Connection closed by 91.92.40.46 port 40884 [preauth]
Jun 24 01:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: Failed password for root from 91.92.40.46 port 38074 ssh2
Jun 24 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24519]: Successful su for rubyman by root
Jun 24 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24519]: + ??? root:rubyman
Jun 24 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580656 of user rubyman.
Jun 24 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24519]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580656.
Jun 24 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21529]: pam_unix(cron:session): session closed for user root
Jun 24 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: Connection closed by 91.92.40.46 port 38074 [preauth]
Jun 24 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Invalid user localadmin from 91.92.40.46
Jun 24 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: input_userauth_request: invalid user localadmin [preauth]
Jun 24 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 01:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: Failed password for root from 91.92.40.46 port 38140 ssh2
Jun 24 01:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 01:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: Failed password for root from 194.113.233.25 port 57438 ssh2
Jun 24 01:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: Connection closed by 194.113.233.25 port 57438 [preauth]
Jun 24 01:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: Failed password for root from 109.237.96.109 port 48810 ssh2
Jun 24 01:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: Connection closed by 109.237.96.109 port 48810 [preauth]
Jun 24 01:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: Connection closed by 91.92.40.46 port 38140 [preauth]
Jun 24 01:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Failed password for invalid user localadmin from 91.92.40.46 port 62000 ssh2
Jun 24 01:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Invalid user cyrus from 91.92.40.46
Jun 24 01:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: input_userauth_request: invalid user cyrus [preauth]
Jun 24 01:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Connection closed by 91.92.40.46 port 62000 [preauth]
Jun 24 01:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Failed password for invalid user cyrus from 91.92.40.46 port 62020 ssh2
Jun 24 01:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Connection closed by 91.92.40.46 port 62020 [preauth]
Jun 24 01:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24714]: Failed password for root from 91.92.40.46 port 58454 ssh2
Jun 24 01:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24714]: Connection closed by 91.92.40.46 port 58454 [preauth]
Jun 24 01:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: Invalid user fernando from 91.92.40.46
Jun 24 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: input_userauth_request: invalid user fernando [preauth]
Jun 24 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: Failed password for invalid user fernando from 91.92.40.46 port 31966 ssh2
Jun 24 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: Connection closed by 91.92.40.46 port 31966 [preauth]
Jun 24 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: Invalid user maud from 91.92.40.46
Jun 24 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: input_userauth_request: invalid user maud [preauth]
Jun 24 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23463]: pam_unix(cron:session): session closed for user root
Jun 24 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: Failed password for invalid user maud from 91.92.40.46 port 32032 ssh2
Jun 24 01:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: Connection closed by 91.92.40.46 port 32032 [preauth]
Jun 24 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107  user=root
Jun 24 01:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Invalid user intranet from 91.92.40.46
Jun 24 01:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: input_userauth_request: invalid user intranet [preauth]
Jun 24 01:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Failed password for root from 182.13.96.107 port 48180 ssh2
Jun 24 01:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Received disconnect from 182.13.96.107 port 48180:11: Bye Bye [preauth]
Jun 24 01:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Disconnected from 182.13.96.107 port 48180 [preauth]
Jun 24 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Failed password for invalid user intranet from 91.92.40.46 port 17864 ssh2
Jun 24 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Connection closed by 91.92.40.46 port 17864 [preauth]
Jun 24 01:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: Failed password for root from 91.92.40.46 port 63624 ssh2
Jun 24 01:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: Connection closed by 91.92.40.46 port 63624 [preauth]
Jun 24 01:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Invalid user deployer from 91.92.40.46
Jun 24 01:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: input_userauth_request: invalid user deployer [preauth]
Jun 24 01:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Failed password for invalid user deployer from 91.92.40.46 port 51754 ssh2
Jun 24 01:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Connection closed by 91.92.40.46 port 51754 [preauth]
Jun 24 01:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Invalid user budda from 91.92.40.46
Jun 24 01:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: input_userauth_request: invalid user budda [preauth]
Jun 24 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24896]: pam_unix(cron:session): session closed for user root
Jun 24 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24891]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24955]: Successful su for rubyman by root
Jun 24 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24955]: + ??? root:rubyman
Jun 24 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580658 of user rubyman.
Jun 24 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24955]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580658.
Jun 24 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Failed password for invalid user budda from 91.92.40.46 port 24842 ssh2
Jun 24 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Connection closed by 91.92.40.46 port 24842 [preauth]
Jun 24 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session closed for user root
Jun 24 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21978]: pam_unix(cron:session): session closed for user root
Jun 24 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24892]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25141]: Failed password for root from 91.92.40.46 port 24864 ssh2
Jun 24 01:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25141]: Connection closed by 91.92.40.46 port 24864 [preauth]
Jun 24 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: User john from 91.92.40.46 not allowed because not listed in AllowUsers
Jun 24 01:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: input_userauth_request: invalid user john [preauth]
Jun 24 01:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=john
Jun 24 01:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: Failed password for invalid user john from 91.92.40.46 port 42888 ssh2
Jun 24 01:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: Connection closed by 91.92.40.46 port 42888 [preauth]
Jun 24 01:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: Invalid user sales from 91.92.40.46
Jun 24 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: input_userauth_request: invalid user sales [preauth]
Jun 24 01:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: Failed password for invalid user sales from 91.92.40.46 port 36298 ssh2
Jun 24 01:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25220]: Connection closed by 91.92.40.46 port 36298 [preauth]
Jun 24 01:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Invalid user runner from 91.92.40.46
Jun 24 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: input_userauth_request: invalid user runner [preauth]
Jun 24 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25244]: Invalid user wtl from 69.74.29.21
Jun 24 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25244]: input_userauth_request: invalid user wtl [preauth]
Jun 24 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25244]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25244]: Failed password for invalid user wtl from 69.74.29.21 port 7752 ssh2
Jun 24 01:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25244]: Received disconnect from 69.74.29.21 port 7752:11: Bye Bye [preauth]
Jun 24 01:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25244]: Disconnected from 69.74.29.21 port 7752 [preauth]
Jun 24 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Failed password for invalid user runner from 91.92.40.46 port 36320 ssh2
Jun 24 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24016]: pam_unix(cron:session): session closed for user root
Jun 24 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Connection closed by 91.92.40.46 port 36320 [preauth]
Jun 24 01:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: Invalid user main from 91.92.40.46
Jun 24 01:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: input_userauth_request: invalid user main [preauth]
Jun 24 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: Failed password for invalid user main from 91.92.40.46 port 38904 ssh2
Jun 24 01:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: Connection closed by 91.92.40.46 port 38904 [preauth]
Jun 24 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: Invalid user tuan from 91.92.40.46
Jun 24 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: input_userauth_request: invalid user tuan [preauth]
Jun 24 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: Failed password for invalid user tuan from 91.92.40.46 port 33402 ssh2
Jun 24 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: Connection closed by 91.92.40.46 port 33402 [preauth]
Jun 24 01:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Invalid user frank from 91.92.40.46
Jun 24 01:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: input_userauth_request: invalid user frank [preauth]
Jun 24 01:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Failed password for invalid user frank from 91.92.40.46 port 33424 ssh2
Jun 24 01:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Connection closed by 91.92.40.46 port 33424 [preauth]
Jun 24 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Invalid user operator from 91.92.40.46
Jun 24 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: input_userauth_request: invalid user operator [preauth]
Jun 24 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25333]: Did not receive identification string from 136.124.33.5
Jun 24 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Failed password for invalid user operator from 91.92.40.46 port 59814 ssh2
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Connection closed by 91.92.40.46 port 59814 [preauth]
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25411]: Successful su for rubyman by root
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25411]: + ??? root:rubyman
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580664 of user rubyman.
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25411]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580664.
Jun 24 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Invalid user openhabian from 91.92.40.46
Jun 24 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: input_userauth_request: invalid user openhabian [preauth]
Jun 24 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22498]: pam_unix(cron:session): session closed for user root
Jun 24 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25342]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Failed password for invalid user openhabian from 91.92.40.46 port 63848 ssh2
Jun 24 01:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Connection closed by 91.92.40.46 port 63848 [preauth]
Jun 24 01:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Invalid user tactical from 91.92.40.46
Jun 24 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: input_userauth_request: invalid user tactical [preauth]
Jun 24 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Failed password for invalid user tactical from 91.92.40.46 port 59000 ssh2
Jun 24 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Connection closed by 91.92.40.46 port 59000 [preauth]
Jun 24 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Invalid user benjamin from 91.92.40.46
Jun 24 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: input_userauth_request: invalid user benjamin [preauth]
Jun 24 01:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Failed password for invalid user benjamin from 91.92.40.46 port 62082 ssh2
Jun 24 01:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Connection closed by 91.92.40.46 port 62082 [preauth]
Jun 24 01:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: Invalid user deploy from 91.92.40.46
Jun 24 01:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: input_userauth_request: invalid user deploy [preauth]
Jun 24 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: Failed password for invalid user deploy from 91.92.40.46 port 62102 ssh2
Jun 24 01:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: Connection closed by 91.92.40.46 port 62102 [preauth]
Jun 24 01:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24453]: pam_unix(cron:session): session closed for user root
Jun 24 01:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: Invalid user frappe from 91.92.40.46
Jun 24 01:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: input_userauth_request: invalid user frappe [preauth]
Jun 24 01:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: Failed password for invalid user frappe from 91.92.40.46 port 32978 ssh2
Jun 24 01:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: Connection closed by 91.92.40.46 port 32978 [preauth]
Jun 24 01:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25708]: Failed password for root from 91.92.40.46 port 42586 ssh2
Jun 24 01:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25708]: Connection closed by 91.92.40.46 port 42586 [preauth]
Jun 24 01:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: Invalid user demo from 91.92.40.46
Jun 24 01:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: input_userauth_request: invalid user demo [preauth]
Jun 24 01:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: Failed password for invalid user demo from 91.92.40.46 port 42646 ssh2
Jun 24 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25731]: Connection closed by 91.92.40.46 port 42646 [preauth]
Jun 24 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25752]: Invalid user wtl from 182.13.96.107
Jun 24 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25752]: input_userauth_request: invalid user wtl [preauth]
Jun 24 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25752]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25742]: Failed password for root from 91.92.40.46 port 27268 ssh2
Jun 24 01:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25742]: Connection closed by 91.92.40.46 port 27268 [preauth]
Jun 24 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25752]: Failed password for invalid user wtl from 182.13.96.107 port 58120 ssh2
Jun 24 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25752]: Received disconnect from 182.13.96.107 port 58120:11: Bye Bye [preauth]
Jun 24 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25752]: Disconnected from 182.13.96.107 port 58120 [preauth]
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25828]: Successful su for rubyman by root
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25828]: + ??? root:rubyman
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580669 of user rubyman.
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25828]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580669.
Jun 24 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25848]: Invalid user admin from 91.92.40.46
Jun 24 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25848]: input_userauth_request: invalid user admin [preauth]
Jun 24 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25848]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23021]: pam_unix(cron:session): session closed for user root
Jun 24 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25848]: Failed password for invalid user admin from 91.92.40.46 port 19726 ssh2
Jun 24 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25848]: Connection closed by 91.92.40.46 port 19726 [preauth]
Jun 24 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26009]: Failed password for root from 103.27.238.120 port 45394 ssh2
Jun 24 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26009]: Connection closed by 103.27.238.120 port 45394 [preauth]
Jun 24 01:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: Failed password for root from 91.92.40.46 port 43460 ssh2
Jun 24 01:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: Connection closed by 91.92.40.46 port 43460 [preauth]
Jun 24 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: Invalid user frappe from 91.92.40.46
Jun 24 01:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: input_userauth_request: invalid user frappe [preauth]
Jun 24 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: Failed password for invalid user frappe from 91.92.40.46 port 43516 ssh2
Jun 24 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: Connection closed by 91.92.40.46 port 43516 [preauth]
Jun 24 01:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: Failed password for root from 91.92.40.46 port 40518 ssh2
Jun 24 01:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: Invalid user mikrotik from 69.74.29.21
Jun 24 01:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: input_userauth_request: invalid user mikrotik [preauth]
Jun 24 01:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: Connection closed by 91.92.40.46 port 40518 [preauth]
Jun 24 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Invalid user test from 91.92.40.46
Jun 24 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: input_userauth_request: invalid user test [preauth]
Jun 24 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: Failed password for invalid user mikrotik from 69.74.29.21 port 12079 ssh2
Jun 24 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: Received disconnect from 69.74.29.21 port 12079:11: Bye Bye [preauth]
Jun 24 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: Disconnected from 69.74.29.21 port 12079 [preauth]
Jun 24 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24895]: pam_unix(cron:session): session closed for user root
Jun 24 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Failed password for invalid user test from 91.92.40.46 port 58002 ssh2
Jun 24 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Connection closed by 91.92.40.46 port 58002 [preauth]
Jun 24 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Invalid user teamspeak from 91.92.40.46
Jun 24 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: input_userauth_request: invalid user teamspeak [preauth]
Jun 24 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Failed password for invalid user teamspeak from 91.92.40.46 port 58086 ssh2
Jun 24 01:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Connection closed by 91.92.40.46 port 58086 [preauth]
Jun 24 01:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: Invalid user testuser from 91.92.40.46
Jun 24 01:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: input_userauth_request: invalid user testuser [preauth]
Jun 24 01:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: Failed password for invalid user testuser from 91.92.40.46 port 15080 ssh2
Jun 24 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: Connection closed by 91.92.40.46 port 15080 [preauth]
Jun 24 01:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Received disconnect from 149.56.241.206 port 39338:11: disconnected by user [preauth]
Jun 24 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Disconnected from 149.56.241.206 port 39338 [preauth]
Jun 24 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26152]: Failed password for root from 91.92.40.46 port 57840 ssh2
Jun 24 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26152]: Connection closed by 91.92.40.46 port 57840 [preauth]
Jun 24 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26240]: Successful su for rubyman by root
Jun 24 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26240]: + ??? root:rubyman
Jun 24 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580672 of user rubyman.
Jun 24 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26240]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580672.
Jun 24 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23462]: pam_unix(cron:session): session closed for user root
Jun 24 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26179]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: Failed password for root from 91.92.40.46 port 57882 ssh2
Jun 24 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: Connection closed by 91.92.40.46 port 57882 [preauth]
Jun 24 01:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26259]: Invalid user nvidia from 91.92.40.46
Jun 24 01:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26259]: input_userauth_request: invalid user nvidia [preauth]
Jun 24 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26259]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26259]: Failed password for invalid user nvidia from 91.92.40.46 port 55868 ssh2
Jun 24 01:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26259]: Connection closed by 91.92.40.46 port 55868 [preauth]
Jun 24 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26430]: Invalid user user from 91.92.40.46
Jun 24 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26430]: input_userauth_request: invalid user user [preauth]
Jun 24 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26430]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26430]: Failed password for invalid user user from 91.92.40.46 port 49868 ssh2
Jun 24 01:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26430]: Connection closed by 91.92.40.46 port 49868 [preauth]
Jun 24 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26453]: Failed password for root from 91.92.40.46 port 40048 ssh2
Jun 24 01:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26453]: Connection closed by 91.92.40.46 port 40048 [preauth]
Jun 24 01:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25345]: pam_unix(cron:session): session closed for user root
Jun 24 01:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26486]: Failed password for root from 91.92.40.46 port 40090 ssh2
Jun 24 01:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26486]: Connection closed by 91.92.40.46 port 40090 [preauth]
Jun 24 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Invalid user ftpuser from 91.92.40.46
Jun 24 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Failed password for invalid user ftpuser from 91.92.40.46 port 56340 ssh2
Jun 24 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Connection closed by 91.92.40.46 port 56340 [preauth]
Jun 24 01:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Invalid user student from 91.92.40.46
Jun 24 01:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: input_userauth_request: invalid user student [preauth]
Jun 24 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Failed password for invalid user student from 91.92.40.46 port 33062 ssh2
Jun 24 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Connection closed by 91.92.40.46 port 33062 [preauth]
Jun 24 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: Invalid user osmc from 91.92.40.46
Jun 24 01:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: input_userauth_request: invalid user osmc [preauth]
Jun 24 01:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: Failed password for invalid user osmc from 91.92.40.46 port 10366 ssh2
Jun 24 01:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: Connection closed by 91.92.40.46 port 10366 [preauth]
Jun 24 01:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Invalid user matias from 91.92.40.46
Jun 24 01:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: input_userauth_request: invalid user matias [preauth]
Jun 24 01:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26585]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26800]: Successful su for rubyman by root
Jun 24 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26800]: + ??? root:rubyman
Jun 24 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580676 of user rubyman.
Jun 24 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26800]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580676.
Jun 24 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Failed password for invalid user matias from 91.92.40.46 port 10404 ssh2
Jun 24 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26583]: pam_unix(cron:session): session closed for user root
Jun 24 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Connection closed by 91.92.40.46 port 10404 [preauth]
Jun 24 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24015]: pam_unix(cron:session): session closed for user root
Jun 24 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26586]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26824]: Failed password for root from 91.92.40.46 port 36604 ssh2
Jun 24 01:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26824]: Connection closed by 91.92.40.46 port 36604 [preauth]
Jun 24 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: Invalid user noreply from 182.13.96.107
Jun 24 01:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: input_userauth_request: invalid user noreply [preauth]
Jun 24 01:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: Bad protocol version identification 'GET / HTTP/1.1' from 65.49.1.24 port 60400
Jun 24 01:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: Failed password for invalid user noreply from 182.13.96.107 port 59750 ssh2
Jun 24 01:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: Received disconnect from 182.13.96.107 port 59750:11: Bye Bye [preauth]
Jun 24 01:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: Disconnected from 182.13.96.107 port 59750 [preauth]
Jun 24 01:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27015]: Failed password for root from 91.92.40.46 port 20412 ssh2
Jun 24 01:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27015]: Connection closed by 91.92.40.46 port 20412 [preauth]
Jun 24 01:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Invalid user user1 from 91.92.40.46
Jun 24 01:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: input_userauth_request: invalid user user1 [preauth]
Jun 24 01:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Failed password for invalid user user1 from 91.92.40.46 port 20446 ssh2
Jun 24 01:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Connection closed by 91.92.40.46 port 20446 [preauth]
Jun 24 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: Invalid user abuse from 91.92.40.46
Jun 24 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: input_userauth_request: invalid user abuse [preauth]
Jun 24 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Invalid user k8s from 69.74.29.21
Jun 24 01:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: input_userauth_request: invalid user k8s [preauth]
Jun 24 01:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: Failed password for invalid user abuse from 91.92.40.46 port 14396 ssh2
Jun 24 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Failed password for invalid user k8s from 69.74.29.21 port 40360 ssh2
Jun 24 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Received disconnect from 69.74.29.21 port 40360:11: Bye Bye [preauth]
Jun 24 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Disconnected from 69.74.29.21 port 40360 [preauth]
Jun 24 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25767]: pam_unix(cron:session): session closed for user root
Jun 24 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: Connection closed by 91.92.40.46 port 14396 [preauth]
Jun 24 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Invalid user amir from 91.92.40.46
Jun 24 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: input_userauth_request: invalid user amir [preauth]
Jun 24 01:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Failed password for invalid user amir from 91.92.40.46 port 40888 ssh2
Jun 24 01:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Connection closed by 91.92.40.46 port 40888 [preauth]
Jun 24 01:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Invalid user aaa from 91.92.40.46
Jun 24 01:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: input_userauth_request: invalid user aaa [preauth]
Jun 24 01:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Failed password for invalid user aaa from 91.92.40.46 port 40976 ssh2
Jun 24 01:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Connection closed by 91.92.40.46 port 40976 [preauth]
Jun 24 01:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Invalid user zabbix from 91.92.40.46
Jun 24 01:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: input_userauth_request: invalid user zabbix [preauth]
Jun 24 01:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Failed password for invalid user zabbix from 91.92.40.46 port 14808 ssh2
Jun 24 01:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Connection closed by 91.92.40.46 port 14808 [preauth]
Jun 24 01:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: Failed password for root from 91.92.40.46 port 43294 ssh2
Jun 24 01:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: Connection closed by 91.92.40.46 port 43294 [preauth]
Jun 24 01:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27193]: pam_unix(cron:session): session closed for user root
Jun 24 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27260]: Successful su for rubyman by root
Jun 24 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27260]: + ??? root:rubyman
Jun 24 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580684 of user rubyman.
Jun 24 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27260]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580684.
Jun 24 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Invalid user arthur from 91.92.40.46
Jun 24 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: input_userauth_request: invalid user arthur [preauth]
Jun 24 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session closed for user root
Jun 24 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session closed for user root
Jun 24 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Failed password for invalid user arthur from 91.92.40.46 port 53458 ssh2
Jun 24 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Connection closed by 91.92.40.46 port 53458 [preauth]
Jun 24 01:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: Invalid user deployer from 91.92.40.46
Jun 24 01:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: input_userauth_request: invalid user deployer [preauth]
Jun 24 01:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: Failed password for invalid user deployer from 91.92.40.46 port 53488 ssh2
Jun 24 01:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: Connection closed by 91.92.40.46 port 53488 [preauth]
Jun 24 01:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: Invalid user odroid from 91.92.40.46
Jun 24 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: input_userauth_request: invalid user odroid [preauth]
Jun 24 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: Failed password for invalid user odroid from 91.92.40.46 port 54252 ssh2
Jun 24 01:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: Connection closed by 91.92.40.46 port 54252 [preauth]
Jun 24 01:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: Failed password for root from 91.92.40.46 port 34768 ssh2
Jun 24 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: Connection closed by 91.92.40.46 port 34768 [preauth]
Jun 24 01:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Invalid user developer from 91.92.40.46
Jun 24 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: input_userauth_request: invalid user developer [preauth]
Jun 24 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26181]: pam_unix(cron:session): session closed for user root
Jun 24 01:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Failed password for invalid user developer from 91.92.40.46 port 41614 ssh2
Jun 24 01:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Connection closed by 91.92.40.46 port 41614 [preauth]
Jun 24 01:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: Invalid user kafka from 91.92.40.46
Jun 24 01:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: input_userauth_request: invalid user kafka [preauth]
Jun 24 01:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: Failed password for invalid user kafka from 91.92.40.46 port 41654 ssh2
Jun 24 01:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: Connection closed by 91.92.40.46 port 41654 [preauth]
Jun 24 01:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Invalid user anton from 91.92.40.46
Jun 24 01:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: input_userauth_request: invalid user anton [preauth]
Jun 24 01:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Failed password for invalid user anton from 91.92.40.46 port 59886 ssh2
Jun 24 01:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Connection closed by 91.92.40.46 port 59886 [preauth]
Jun 24 01:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27633]: Invalid user peter from 91.92.40.46
Jun 24 01:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27633]: input_userauth_request: invalid user peter [preauth]
Jun 24 01:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27633]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27633]: Failed password for invalid user peter from 91.92.40.46 port 32272 ssh2
Jun 24 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27633]: Connection closed by 91.92.40.46 port 32272 [preauth]
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27724]: Successful su for rubyman by root
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27724]: + ??? root:rubyman
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580688 of user rubyman.
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27724]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580688.
Jun 24 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: Invalid user user from 91.92.40.46
Jun 24 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: input_userauth_request: invalid user user [preauth]
Jun 24 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: Failed password for invalid user user from 91.92.40.46 port 13604 ssh2
Jun 24 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24894]: pam_unix(cron:session): session closed for user root
Jun 24 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: Connection closed by 91.92.40.46 port 13604 [preauth]
Jun 24 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: Invalid user abc from 91.92.40.46
Jun 24 01:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: input_userauth_request: invalid user abc [preauth]
Jun 24 01:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: Failed password for invalid user abc from 91.92.40.46 port 13634 ssh2
Jun 24 01:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: Connection closed by 91.92.40.46 port 13634 [preauth]
Jun 24 01:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Invalid user pi from 91.92.40.46
Jun 24 01:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: input_userauth_request: invalid user pi [preauth]
Jun 24 01:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Failed password for invalid user pi from 91.92.40.46 port 32390 ssh2
Jun 24 01:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Connection closed by 91.92.40.46 port 32390 [preauth]
Jun 24 01:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: Invalid user debian from 91.92.40.46
Jun 24 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: input_userauth_request: invalid user debian [preauth]
Jun 24 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: Failed password for invalid user debian from 91.92.40.46 port 55838 ssh2
Jun 24 01:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27951]: Connection closed by 91.92.40.46 port 55838 [preauth]
Jun 24 01:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: Invalid user autologin from 182.13.96.107
Jun 24 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: input_userauth_request: invalid user autologin [preauth]
Jun 24 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Invalid user ahmad from 91.92.40.46
Jun 24 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: input_userauth_request: invalid user ahmad [preauth]
Jun 24 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: Failed password for invalid user autologin from 182.13.96.107 port 39492 ssh2
Jun 24 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: Received disconnect from 182.13.96.107 port 39492:11: Bye Bye [preauth]
Jun 24 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: Disconnected from 182.13.96.107 port 39492 [preauth]
Jun 24 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27998]: Invalid user student5 from 69.74.29.21
Jun 24 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27998]: input_userauth_request: invalid user student5 [preauth]
Jun 24 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27998]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Failed password for invalid user ahmad from 91.92.40.46 port 55890 ssh2
Jun 24 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27998]: Failed password for invalid user student5 from 69.74.29.21 port 24076 ssh2
Jun 24 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Connection closed by 91.92.40.46 port 55890 [preauth]
Jun 24 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27998]: Received disconnect from 69.74.29.21 port 24076:11: Bye Bye [preauth]
Jun 24 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27998]: Disconnected from 69.74.29.21 port 24076 [preauth]
Jun 24 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26588]: pam_unix(cron:session): session closed for user root
Jun 24 01:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Invalid user tmp from 91.92.40.46
Jun 24 01:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: input_userauth_request: invalid user tmp [preauth]
Jun 24 01:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Failed password for invalid user tmp from 91.92.40.46 port 24492 ssh2
Jun 24 01:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Connection closed by 91.92.40.46 port 24492 [preauth]
Jun 24 01:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: Invalid user kiran from 91.92.40.46
Jun 24 01:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: input_userauth_request: invalid user kiran [preauth]
Jun 24 01:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: Failed password for invalid user kiran from 91.92.40.46 port 13858 ssh2
Jun 24 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: Connection closed by 91.92.40.46 port 13858 [preauth]
Jun 24 01:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28116]: Invalid user ftpuser from 91.92.40.46
Jun 24 01:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28116]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28116]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28116]: Failed password for invalid user ftpuser from 91.92.40.46 port 51558 ssh2
Jun 24 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28116]: Connection closed by 91.92.40.46 port 51558 [preauth]
Jun 24 01:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Invalid user bot from 91.92.40.46
Jun 24 01:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: input_userauth_request: invalid user bot [preauth]
Jun 24 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28143]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28207]: Successful su for rubyman by root
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28207]: + ??? root:rubyman
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580693 of user rubyman.
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28207]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580693.
Jun 24 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Failed password for invalid user bot from 91.92.40.46 port 51584 ssh2
Jun 24 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Connection closed by 91.92.40.46 port 51584 [preauth]
Jun 24 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25343]: pam_unix(cron:session): session closed for user root
Jun 24 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Invalid user gitlab from 91.92.40.46
Jun 24 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: input_userauth_request: invalid user gitlab [preauth]
Jun 24 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28144]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Failed password for invalid user gitlab from 91.92.40.46 port 45330 ssh2
Jun 24 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Connection closed by 91.92.40.46 port 45330 [preauth]
Jun 24 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: Invalid user bob from 91.92.40.46
Jun 24 01:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: input_userauth_request: invalid user bob [preauth]
Jun 24 01:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: Failed password for invalid user bob from 91.92.40.46 port 15408 ssh2
Jun 24 01:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: Connection closed by 91.92.40.46 port 15408 [preauth]
Jun 24 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28416]: Failed password for root from 91.92.40.46 port 15466 ssh2
Jun 24 01:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: Failed password for root from 103.82.132.16 port 34486 ssh2
Jun 24 01:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: Connection closed by 103.82.132.16 port 34486 [preauth]
Jun 24 01:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28416]: Connection closed by 91.92.40.46 port 15466 [preauth]
Jun 24 01:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: Invalid user p from 91.92.40.46
Jun 24 01:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: input_userauth_request: invalid user p [preauth]
Jun 24 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: Failed password for invalid user p from 91.92.40.46 port 40806 ssh2
Jun 24 01:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: Connection closed by 91.92.40.46 port 40806 [preauth]
Jun 24 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session closed for user root
Jun 24 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Invalid user minecraft from 91.92.40.46
Jun 24 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 01:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Failed password for invalid user minecraft from 91.92.40.46 port 62368 ssh2
Jun 24 01:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Connection closed by 91.92.40.46 port 62368 [preauth]
Jun 24 01:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: Invalid user sam from 91.92.40.46
Jun 24 01:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: input_userauth_request: invalid user sam [preauth]
Jun 24 01:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: Failed password for invalid user sam from 91.92.40.46 port 62382 ssh2
Jun 24 01:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28495]: Connection closed by 91.92.40.46 port 62382 [preauth]
Jun 24 01:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28505]: Invalid user user1 from 91.92.40.46
Jun 24 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28505]: input_userauth_request: invalid user user1 [preauth]
Jun 24 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28505]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28505]: Failed password for invalid user user1 from 91.92.40.46 port 31464 ssh2
Jun 24 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28505]: Connection closed by 91.92.40.46 port 31464 [preauth]
Jun 24 01:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: Invalid user master from 91.92.40.46
Jun 24 01:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: input_userauth_request: invalid user master [preauth]
Jun 24 01:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: Failed password for invalid user master from 91.92.40.46 port 37112 ssh2
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28653]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: Successful su for rubyman by root
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: + ??? root:rubyman
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580696 of user rubyman.
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580696.
Jun 24 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: Connection closed by 91.92.40.46 port 37112 [preauth]
Jun 24 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Invalid user alpha from 91.92.40.46
Jun 24 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: input_userauth_request: invalid user alpha [preauth]
Jun 24 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session closed for user root
Jun 24 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Failed password for invalid user alpha from 91.92.40.46 port 37120 ssh2
Jun 24 01:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Connection closed by 91.92.40.46 port 37120 [preauth]
Jun 24 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: Invalid user ftptest from 91.92.40.46
Jun 24 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: input_userauth_request: invalid user ftptest [preauth]
Jun 24 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Invalid user admin from 34.62.114.233
Jun 24 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: input_userauth_request: invalid user admin [preauth]
Jun 24 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.62.114.233
Jun 24 01:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Failed password for invalid user admin from 34.62.114.233 port 7848 ssh2
Jun 24 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Connection closed by 34.62.114.233 port 7848 [preauth]
Jun 24 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: Failed password for invalid user ftptest from 91.92.40.46 port 43536 ssh2
Jun 24 01:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28918]: Connection closed by 34.62.114.233 port 7834 [preauth]
Jun 24 01:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Invalid user python from 91.92.40.46
Jun 24 01:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: input_userauth_request: invalid user python [preauth]
Jun 24 01:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: Connection closed by 91.92.40.46 port 43536 [preauth]
Jun 24 01:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: Did not receive identification string from 35.205.119.205
Jun 24 01:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Failed password for invalid user python from 91.92.40.46 port 10788 ssh2
Jun 24 01:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Connection closed by 91.92.40.46 port 10788 [preauth]
Jun 24 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: Failed password for root from 91.92.40.46 port 10840 ssh2
Jun 24 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: Connection closed by 91.92.40.46 port 10840 [preauth]
Jun 24 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Invalid user j from 91.92.40.46
Jun 24 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: input_userauth_request: invalid user j [preauth]
Jun 24 01:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Failed password for invalid user j from 91.92.40.46 port 33436 ssh2
Jun 24 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27658]: pam_unix(cron:session): session closed for user root
Jun 24 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Connection closed by 91.92.40.46 port 33436 [preauth]
Jun 24 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29027]: Protocol major versions differ for 35.205.119.205: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Nmap-SSH1-Hostkey
Jun 24 01:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: fatal: Unable to negotiate with 35.205.119.205 port 55760: no matching host key type found. Their offer: ssh-dss [preauth]
Jun 24 01:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29038]: Connection closed by 35.205.119.205 port 55768 [preauth]
Jun 24 01:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: Failed password for root from 91.92.40.46 port 52370 ssh2
Jun 24 01:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: Connection closed by 35.205.119.205 port 55772 [preauth]
Jun 24 01:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29044]: fatal: Unable to negotiate with 35.205.119.205 port 55774: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
Jun 24 01:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: Connection closed by 91.92.40.46 port 52370 [preauth]
Jun 24 01:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29048]: fatal: Unable to negotiate with 35.205.119.205 port 55788: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
Jun 24 01:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29050]: fatal: Unable to negotiate with 35.205.119.205 port 55794: no matching host key type found. Their offer: ssh-ed25519 [preauth]
Jun 24 01:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: Invalid user ali from 91.92.40.46
Jun 24 01:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: input_userauth_request: invalid user ali [preauth]
Jun 24 01:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 01:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: Failed password for invalid user ali from 91.92.40.46 port 10472 ssh2
Jun 24 01:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: Connection closed by 91.92.40.46 port 10472 [preauth]
Jun 24 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Failed password for root from 69.74.29.21 port 31655 ssh2
Jun 24 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Received disconnect from 69.74.29.21 port 31655:11: Bye Bye [preauth]
Jun 24 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Disconnected from 69.74.29.21 port 31655 [preauth]
Jun 24 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: Invalid user develop from 182.13.96.107
Jun 24 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: input_userauth_request: invalid user develop [preauth]
Jun 24 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: Failed password for invalid user develop from 182.13.96.107 port 49552 ssh2
Jun 24 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: Received disconnect from 182.13.96.107 port 49552:11: Bye Bye [preauth]
Jun 24 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29090]: Disconnected from 182.13.96.107 port 49552 [preauth]
Jun 24 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29076]: Invalid user cp from 91.92.40.46
Jun 24 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29076]: input_userauth_request: invalid user cp [preauth]
Jun 24 01:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29076]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29076]: Failed password for invalid user cp from 91.92.40.46 port 10510 ssh2
Jun 24 01:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29076]: Connection closed by 91.92.40.46 port 10510 [preauth]
Jun 24 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: Invalid user user from 91.92.40.46
Jun 24 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: input_userauth_request: invalid user user [preauth]
Jun 24 01:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29114]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29179]: Successful su for rubyman by root
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29179]: + ??? root:rubyman
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580700 of user rubyman.
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29179]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580700.
Jun 24 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: Failed password for invalid user user from 91.92.40.46 port 37462 ssh2
Jun 24 01:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: Connection closed by 91.92.40.46 port 37462 [preauth]
Jun 24 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26180]: pam_unix(cron:session): session closed for user root
Jun 24 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Invalid user frappe from 91.92.40.46
Jun 24 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: input_userauth_request: invalid user frappe [preauth]
Jun 24 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29115]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed password for invalid user frappe from 91.92.40.46 port 23792 ssh2
Jun 24 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Connection closed by 91.92.40.46 port 23792 [preauth]
Jun 24 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: Invalid user kali from 91.92.40.46
Jun 24 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: input_userauth_request: invalid user kali [preauth]
Jun 24 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: Failed password for invalid user kali from 91.92.40.46 port 55286 ssh2
Jun 24 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: Connection closed by 91.92.40.46 port 55286 [preauth]
Jun 24 01:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Invalid user sam from 91.92.40.46
Jun 24 01:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: input_userauth_request: invalid user sam [preauth]
Jun 24 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Failed password for invalid user sam from 91.92.40.46 port 55304 ssh2
Jun 24 01:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Connection closed by 91.92.40.46 port 55304 [preauth]
Jun 24 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: Invalid user jarvis from 91.92.40.46
Jun 24 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: input_userauth_request: invalid user jarvis [preauth]
Jun 24 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: Failed password for invalid user jarvis from 91.92.40.46 port 17720 ssh2
Jun 24 01:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: Connection closed by 91.92.40.46 port 17720 [preauth]
Jun 24 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: Invalid user scanner from 91.92.40.46
Jun 24 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: input_userauth_request: invalid user scanner [preauth]
Jun 24 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session closed for user root
Jun 24 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: Failed password for invalid user scanner from 91.92.40.46 port 29542 ssh2
Jun 24 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: Connection closed by 91.92.40.46 port 29542 [preauth]
Jun 24 01:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Invalid user mostafa from 91.92.40.46
Jun 24 01:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: input_userauth_request: invalid user mostafa [preauth]
Jun 24 01:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Failed password for invalid user mostafa from 91.92.40.46 port 29592 ssh2
Jun 24 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Connection closed by 91.92.40.46 port 29592 [preauth]
Jun 24 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Invalid user solana from 91.92.40.46
Jun 24 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: input_userauth_request: invalid user solana [preauth]
Jun 24 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Failed password for invalid user solana from 91.92.40.46 port 58132 ssh2
Jun 24 01:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Connection closed by 91.92.40.46 port 58132 [preauth]
Jun 24 01:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Invalid user rdpuser from 91.92.40.46
Jun 24 01:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: input_userauth_request: invalid user rdpuser [preauth]
Jun 24 01:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Failed password for invalid user rdpuser from 91.92.40.46 port 58682 ssh2
Jun 24 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Connection closed by 91.92.40.46 port 58682 [preauth]
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29644]: pam_unix(cron:session): session closed for user root
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29638]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29723]: Successful su for rubyman by root
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29723]: + ??? root:rubyman
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580704 of user rubyman.
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29723]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580704.
Jun 24 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: Failed password for root from 91.92.40.46 port 58752 ssh2
Jun 24 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29641]: pam_unix(cron:session): session closed for user root
Jun 24 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26587]: pam_unix(cron:session): session closed for user root
Jun 24 01:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: Connection closed by 91.92.40.46 port 58752 [preauth]
Jun 24 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29639]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Invalid user min from 91.92.40.46
Jun 24 01:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: input_userauth_request: invalid user min [preauth]
Jun 24 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Failed password for invalid user min from 91.92.40.46 port 42752 ssh2
Jun 24 01:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Connection closed by 91.92.40.46 port 42752 [preauth]
Jun 24 01:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: Invalid user jack from 91.92.40.46
Jun 24 01:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: input_userauth_request: invalid user jack [preauth]
Jun 24 01:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: Failed password for invalid user jack from 91.92.40.46 port 31828 ssh2
Jun 24 01:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: Connection closed by 91.92.40.46 port 31828 [preauth]
Jun 24 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: Failed password for root from 91.92.40.46 port 31896 ssh2
Jun 24 01:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: Connection closed by 91.92.40.46 port 31896 [preauth]
Jun 24 01:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: Invalid user brad from 91.92.40.46
Jun 24 01:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: input_userauth_request: invalid user brad [preauth]
Jun 24 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session closed for user root
Jun 24 01:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: Failed password for invalid user brad from 91.92.40.46 port 56642 ssh2
Jun 24 01:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: Connection closed by 91.92.40.46 port 56642 [preauth]
Jun 24 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30035]: Failed password for root from 91.92.40.46 port 48422 ssh2
Jun 24 01:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30035]: Connection closed by 91.92.40.46 port 48422 [preauth]
Jun 24 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: Invalid user myuser from 91.92.40.46
Jun 24 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: input_userauth_request: invalid user myuser [preauth]
Jun 24 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: Failed password for invalid user myuser from 91.92.40.46 port 31718 ssh2
Jun 24 01:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: Connection closed by 91.92.40.46 port 31718 [preauth]
Jun 24 01:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: Failed password for root from 91.92.40.46 port 31764 ssh2
Jun 24 01:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: Connection closed by 91.92.40.46 port 31764 [preauth]
Jun 24 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Invalid user mike from 69.74.29.21
Jun 24 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: input_userauth_request: invalid user mike [preauth]
Jun 24 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Failed password for invalid user mike from 69.74.29.21 port 20631 ssh2
Jun 24 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Received disconnect from 69.74.29.21 port 20631:11: Bye Bye [preauth]
Jun 24 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Disconnected from 69.74.29.21 port 20631 [preauth]
Jun 24 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Invalid user brenda from 91.92.40.46
Jun 24 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: input_userauth_request: invalid user brenda [preauth]
Jun 24 01:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30138]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30215]: Successful su for rubyman by root
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30215]: + ??? root:rubyman
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580709 of user rubyman.
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30215]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580709.
Jun 24 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Failed password for invalid user brenda from 91.92.40.46 port 27066 ssh2
Jun 24 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Connection closed by 91.92.40.46 port 27066 [preauth]
Jun 24 01:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: Invalid user camera from 182.13.96.107
Jun 24 01:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: input_userauth_request: invalid user camera [preauth]
Jun 24 01:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session closed for user root
Jun 24 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: Invalid user splunk from 91.92.40.46
Jun 24 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: input_userauth_request: invalid user splunk [preauth]
Jun 24 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: Failed password for invalid user camera from 182.13.96.107 port 33648 ssh2
Jun 24 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30139]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: Received disconnect from 182.13.96.107 port 33648:11: Bye Bye [preauth]
Jun 24 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: Disconnected from 182.13.96.107 port 33648 [preauth]
Jun 24 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: Failed password for invalid user splunk from 91.92.40.46 port 18988 ssh2
Jun 24 01:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: Connection closed by 91.92.40.46 port 18988 [preauth]
Jun 24 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30398]: Invalid user localhost from 91.92.40.46
Jun 24 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30398]: input_userauth_request: invalid user localhost [preauth]
Jun 24 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30398]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30398]: Failed password for invalid user localhost from 91.92.40.46 port 19072 ssh2
Jun 24 01:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30398]: Connection closed by 91.92.40.46 port 19072 [preauth]
Jun 24 01:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: Invalid user ali from 91.92.40.46
Jun 24 01:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: input_userauth_request: invalid user ali [preauth]
Jun 24 01:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: Failed password for invalid user ali from 91.92.40.46 port 16944 ssh2
Jun 24 01:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30428]: Connection closed by 91.92.40.46 port 16944 [preauth]
Jun 24 01:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Invalid user testing from 91.92.40.46
Jun 24 01:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: input_userauth_request: invalid user testing [preauth]
Jun 24 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Failed password for invalid user testing from 91.92.40.46 port 55640 ssh2
Jun 24 01:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Connection closed by 91.92.40.46 port 55640 [preauth]
Jun 24 01:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29118]: pam_unix(cron:session): session closed for user root
Jun 24 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Invalid user aaa from 91.92.40.46
Jun 24 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: input_userauth_request: invalid user aaa [preauth]
Jun 24 01:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Failed password for invalid user aaa from 91.92.40.46 port 19028 ssh2
Jun 24 01:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Connection closed by 91.92.40.46 port 19028 [preauth]
Jun 24 01:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: Invalid user avax from 91.92.40.46
Jun 24 01:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: input_userauth_request: invalid user avax [preauth]
Jun 24 01:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: Failed password for invalid user avax from 91.92.40.46 port 19078 ssh2
Jun 24 01:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30508]: Connection closed by 91.92.40.46 port 19078 [preauth]
Jun 24 01:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: Invalid user zookeeper from 91.92.40.46
Jun 24 01:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: input_userauth_request: invalid user zookeeper [preauth]
Jun 24 01:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: Failed password for invalid user zookeeper from 91.92.40.46 port 43992 ssh2
Jun 24 01:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30520]: Connection closed by 91.92.40.46 port 43992 [preauth]
Jun 24 01:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Invalid user user from 91.92.40.46
Jun 24 01:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: input_userauth_request: invalid user user [preauth]
Jun 24 01:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Failed password for invalid user user from 91.92.40.46 port 55492 ssh2
Jun 24 01:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Connection closed by 91.92.40.46 port 55492 [preauth]
Jun 24 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30581]: pam_unix(cron:session): session closed for user root
Jun 24 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30583]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30658]: Successful su for rubyman by root
Jun 24 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30658]: + ??? root:rubyman
Jun 24 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580713 of user rubyman.
Jun 24 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30658]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580713.
Jun 24 01:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27657]: pam_unix(cron:session): session closed for user root
Jun 24 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30567]: Failed password for root from 91.92.40.46 port 55562 ssh2
Jun 24 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Invalid user admin from 2.57.121.25
Jun 24 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: input_userauth_request: invalid user admin [preauth]
Jun 24 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30585]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30567]: Connection closed by 91.92.40.46 port 55562 [preauth]
Jun 24 01:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Failed password for invalid user admin from 2.57.121.25 port 61388 ssh2
Jun 24 01:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Invalid user cacti from 91.92.40.46
Jun 24 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: input_userauth_request: invalid user cacti [preauth]
Jun 24 01:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Failed password for invalid user admin from 2.57.121.25 port 61388 ssh2
Jun 24 01:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Failed password for invalid user cacti from 91.92.40.46 port 55956 ssh2
Jun 24 01:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Failed password for invalid user admin from 2.57.121.25 port 61388 ssh2
Jun 24 01:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Connection closed by 2.57.121.25 port 61388 [preauth]
Jun 24 01:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 01:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Connection closed by 91.92.40.46 port 55956 [preauth]
Jun 24 01:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: Failed password for root from 91.92.40.46 port 60740 ssh2
Jun 24 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: Connection closed by 91.92.40.46 port 60740 [preauth]
Jun 24 01:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: Failed password for root from 91.92.40.46 port 60772 ssh2
Jun 24 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: Connection closed by 91.92.40.46 port 60772 [preauth]
Jun 24 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Invalid user odoo from 91.92.40.46
Jun 24 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: input_userauth_request: invalid user odoo [preauth]
Jun 24 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29643]: pam_unix(cron:session): session closed for user root
Jun 24 01:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Failed password for invalid user odoo from 91.92.40.46 port 47306 ssh2
Jun 24 01:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Connection closed by 91.92.40.46 port 47306 [preauth]
Jun 24 01:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Invalid user hadoop from 91.92.40.46
Jun 24 01:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: input_userauth_request: invalid user hadoop [preauth]
Jun 24 01:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Failed password for invalid user hadoop from 91.92.40.46 port 37918 ssh2
Jun 24 01:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Connection closed by 91.92.40.46 port 37918 [preauth]
Jun 24 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31052]: Invalid user user from 91.92.40.46
Jun 24 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31052]: input_userauth_request: invalid user user [preauth]
Jun 24 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31052]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31052]: Failed password for invalid user user from 91.92.40.46 port 22828 ssh2
Jun 24 01:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31052]: Connection closed by 91.92.40.46 port 22828 [preauth]
Jun 24 01:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Invalid user admin1 from 91.92.40.46
Jun 24 01:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: input_userauth_request: invalid user admin1 [preauth]
Jun 24 01:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Failed password for invalid user admin1 from 91.92.40.46 port 37792 ssh2
Jun 24 01:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Connection closed by 91.92.40.46 port 37792 [preauth]
Jun 24 01:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: Invalid user server from 69.74.29.21
Jun 24 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: input_userauth_request: invalid user server [preauth]
Jun 24 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31110]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: Successful su for rubyman by root
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: + ??? root:rubyman
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580718 of user rubyman.
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580718.
Jun 24 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Failed password for invalid user ubuntu from 91.92.40.46 port 37842 ssh2
Jun 24 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Connection closed by 91.92.40.46 port 37842 [preauth]
Jun 24 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: Failed password for invalid user server from 69.74.29.21 port 21328 ssh2
Jun 24 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: Received disconnect from 69.74.29.21 port 21328:11: Bye Bye [preauth]
Jun 24 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: Disconnected from 69.74.29.21 port 21328 [preauth]
Jun 24 01:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28145]: pam_unix(cron:session): session closed for user root
Jun 24 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31281]: Invalid user deploy from 91.92.40.46
Jun 24 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31281]: input_userauth_request: invalid user deploy [preauth]
Jun 24 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31111]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31281]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 01:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31281]: Failed password for invalid user deploy from 91.92.40.46 port 36114 ssh2
Jun 24 01:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31281]: Connection closed by 91.92.40.46 port 36114 [preauth]
Jun 24 01:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Failed password for root from 103.176.20.57 port 60038 ssh2
Jun 24 01:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Connection closed by 103.176.20.57 port 60038 [preauth]
Jun 24 01:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Invalid user admin from 91.92.40.46
Jun 24 01:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: input_userauth_request: invalid user admin [preauth]
Jun 24 01:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Failed password for invalid user admin from 91.92.40.46 port 54262 ssh2
Jun 24 01:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Connection closed by 91.92.40.46 port 54262 [preauth]
Jun 24 01:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107  user=root
Jun 24 01:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Failed password for root from 182.13.96.107 port 53970 ssh2
Jun 24 01:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Received disconnect from 182.13.96.107 port 53970:11: Bye Bye [preauth]
Jun 24 01:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Disconnected from 182.13.96.107 port 53970 [preauth]
Jun 24 01:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: Failed password for root from 91.92.40.46 port 54274 ssh2
Jun 24 01:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: Connection closed by 91.92.40.46 port 54274 [preauth]
Jun 24 01:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: Invalid user farmacia from 91.92.40.46
Jun 24 01:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: input_userauth_request: invalid user farmacia [preauth]
Jun 24 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: Failed password for invalid user farmacia from 91.92.40.46 port 47590 ssh2
Jun 24 01:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: Connection closed by 91.92.40.46 port 47590 [preauth]
Jun 24 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30143]: pam_unix(cron:session): session closed for user root
Jun 24 01:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Invalid user config from 91.92.40.46
Jun 24 01:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: input_userauth_request: invalid user config [preauth]
Jun 24 01:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Failed password for invalid user config from 91.92.40.46 port 60514 ssh2
Jun 24 01:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Connection closed by 91.92.40.46 port 60514 [preauth]
Jun 24 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: Invalid user testuser from 91.92.40.46
Jun 24 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: input_userauth_request: invalid user testuser [preauth]
Jun 24 01:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: Failed password for invalid user testuser from 91.92.40.46 port 60548 ssh2
Jun 24 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: Connection closed by 91.92.40.46 port 60548 [preauth]
Jun 24 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Invalid user www from 91.92.40.46
Jun 24 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: input_userauth_request: invalid user www [preauth]
Jun 24 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Failed password for invalid user www from 91.92.40.46 port 51650 ssh2
Jun 24 01:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Connection closed by 91.92.40.46 port 51650 [preauth]
Jun 24 01:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31541]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31535]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31689]: Successful su for rubyman by root
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31689]: + ??? root:rubyman
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580722 of user rubyman.
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31689]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580722.
Jun 24 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: Failed password for root from 91.92.40.46 port 35240 ssh2
Jun 24 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28655]: pam_unix(cron:session): session closed for user root
Jun 24 01:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: Connection closed by 91.92.40.46 port 35240 [preauth]
Jun 24 01:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31540]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31519]: Invalid user dstserver from 91.92.40.46
Jun 24 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31519]: input_userauth_request: invalid user dstserver [preauth]
Jun 24 01:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31519]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31519]: Failed password for invalid user dstserver from 91.92.40.46 port 35286 ssh2
Jun 24 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Invalid user ftpadmin from 91.92.40.46
Jun 24 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: input_userauth_request: invalid user ftpadmin [preauth]
Jun 24 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31519]: Connection closed by 91.92.40.46 port 35286 [preauth]
Jun 24 01:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Failed password for invalid user ftpadmin from 91.92.40.46 port 59592 ssh2
Jun 24 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: Invalid user no from 91.92.40.46
Jun 24 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: input_userauth_request: invalid user no [preauth]
Jun 24 01:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Connection closed by 91.92.40.46 port 59592 [preauth]
Jun 24 01:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: Failed password for invalid user no from 91.92.40.46 port 51944 ssh2
Jun 24 01:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: Connection closed by 91.92.40.46 port 51944 [preauth]
Jun 24 01:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: Failed password for root from 91.92.40.46 port 29918 ssh2
Jun 24 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30587]: pam_unix(cron:session): session closed for user root
Jun 24 01:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: Invalid user app from 91.92.40.46
Jun 24 01:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: input_userauth_request: invalid user app [preauth]
Jun 24 01:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: Connection closed by 91.92.40.46 port 29918 [preauth]
Jun 24 01:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: Failed password for invalid user app from 91.92.40.46 port 29954 ssh2
Jun 24 01:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: Invalid user aman from 91.92.40.46
Jun 24 01:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: input_userauth_request: invalid user aman [preauth]
Jun 24 01:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: Connection closed by 91.92.40.46 port 29954 [preauth]
Jun 24 01:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: Failed password for invalid user aman from 91.92.40.46 port 27418 ssh2
Jun 24 01:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: Connection closed by 91.92.40.46 port 27418 [preauth]
Jun 24 01:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: Invalid user armin from 91.92.40.46
Jun 24 01:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: input_userauth_request: invalid user armin [preauth]
Jun 24 01:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: Failed password for invalid user armin from 91.92.40.46 port 51752 ssh2
Jun 24 01:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: Connection closed by 91.92.40.46 port 51752 [preauth]
Jun 24 01:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: Invalid user www from 91.92.40.46
Jun 24 01:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: input_userauth_request: invalid user www [preauth]
Jun 24 01:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: Failed password for invalid user www from 91.92.40.46 port 51814 ssh2
Jun 24 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32075]: pam_unix(cron:session): session closed for user root
Jun 24 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32069]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32141]: Successful su for rubyman by root
Jun 24 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32141]: + ??? root:rubyman
Jun 24 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580731 of user rubyman.
Jun 24 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32141]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580731.
Jun 24 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: Connection closed by 91.92.40.46 port 51814 [preauth]
Jun 24 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32072]: pam_unix(cron:session): session closed for user root
Jun 24 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session closed for user root
Jun 24 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Failed password for root from 91.92.40.46 port 59570 ssh2
Jun 24 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32070]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: Failed password for root from 103.172.78.219 port 48762 ssh2
Jun 24 01:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: Connection closed by 103.172.78.219 port 48762 [preauth]
Jun 24 01:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Connection closed by 91.92.40.46 port 59570 [preauth]
Jun 24 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Invalid user noreply from 69.74.29.21
Jun 24 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: input_userauth_request: invalid user noreply [preauth]
Jun 24 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Invalid user n8n from 91.92.40.46
Jun 24 01:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: input_userauth_request: invalid user n8n [preauth]
Jun 24 01:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Failed password for invalid user noreply from 69.74.29.21 port 37165 ssh2
Jun 24 01:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Received disconnect from 69.74.29.21 port 37165:11: Bye Bye [preauth]
Jun 24 01:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Disconnected from 69.74.29.21 port 37165 [preauth]
Jun 24 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Failed password for invalid user n8n from 91.92.40.46 port 48956 ssh2
Jun 24 01:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Invalid user test from 91.92.40.46
Jun 24 01:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: input_userauth_request: invalid user test [preauth]
Jun 24 01:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Connection closed by 91.92.40.46 port 48956 [preauth]
Jun 24 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Failed password for invalid user test from 91.92.40.46 port 48982 ssh2
Jun 24 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Invalid user ts3 from 91.92.40.46
Jun 24 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: input_userauth_request: invalid user ts3 [preauth]
Jun 24 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Connection closed by 91.92.40.46 port 48982 [preauth]
Jun 24 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32394]: Received disconnect from 185.219.133.156 port 53076:11: disconnected by user [preauth]
Jun 24 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32394]: Disconnected from 185.219.133.156 port 53076 [preauth]
Jun 24 01:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 24 01:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Failed password for invalid user ts3 from 91.92.40.46 port 18848 ssh2
Jun 24 01:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32403]: Failed password for root from 147.45.211.215 port 34996 ssh2
Jun 24 01:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32403]: Connection closed by 147.45.211.215 port 34996 [preauth]
Jun 24 01:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Connection closed by 91.92.40.46 port 18848 [preauth]
Jun 24 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31113]: pam_unix(cron:session): session closed for user root
Jun 24 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Invalid user jennah from 2.57.121.112
Jun 24 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: input_userauth_request: invalid user jennah [preauth]
Jun 24 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 01:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Failed password for invalid user jennah from 2.57.121.112 port 53386 ssh2
Jun 24 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: Invalid user pvx from 182.13.96.107
Jun 24 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: input_userauth_request: invalid user pvx [preauth]
Jun 24 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: Failed password for root from 91.92.40.46 port 56312 ssh2
Jun 24 01:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Failed password for invalid user jennah from 2.57.121.112 port 53386 ssh2
Jun 24 01:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: Failed password for invalid user pvx from 182.13.96.107 port 42324 ssh2
Jun 24 01:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: Received disconnect from 182.13.96.107 port 42324:11: Bye Bye [preauth]
Jun 24 01:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: Disconnected from 182.13.96.107 port 42324 [preauth]
Jun 24 01:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Invalid user dev from 91.92.40.46
Jun 24 01:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: input_userauth_request: invalid user dev [preauth]
Jun 24 01:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: Connection closed by 91.92.40.46 port 56312 [preauth]
Jun 24 01:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Failed password for invalid user jennah from 2.57.121.112 port 53386 ssh2
Jun 24 01:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Failed password for invalid user jennah from 2.57.121.112 port 53386 ssh2
Jun 24 01:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Failed password for invalid user dev from 91.92.40.46 port 13908 ssh2
Jun 24 01:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Failed password for invalid user jennah from 2.57.121.112 port 53386 ssh2
Jun 24 01:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Connection closed by 2.57.121.112 port 53386 [preauth]
Jun 24 01:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 01:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 24 01:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: Invalid user student from 91.92.40.46
Jun 24 01:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: input_userauth_request: invalid user student [preauth]
Jun 24 01:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Connection closed by 91.92.40.46 port 13908 [preauth]
Jun 24 01:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: Failed password for invalid user student from 91.92.40.46 port 13962 ssh2
Jun 24 01:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Invalid user postgres from 91.92.40.46
Jun 24 01:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: input_userauth_request: invalid user postgres [preauth]
Jun 24 01:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: Connection closed by 91.92.40.46 port 13962 [preauth]
Jun 24 01:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Failed password for invalid user postgres from 91.92.40.46 port 18864 ssh2
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32534]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32600]: Successful su for rubyman by root
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32600]: + ??? root:rubyman
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580732 of user rubyman.
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32600]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580732.
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: Invalid user odoo from 91.92.40.46
Jun 24 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: input_userauth_request: invalid user odoo [preauth]
Jun 24 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Connection closed by 91.92.40.46 port 18864 [preauth]
Jun 24 01:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29642]: pam_unix(cron:session): session closed for user root
Jun 24 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: Failed password for invalid user odoo from 91.92.40.46 port 60100 ssh2
Jun 24 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: Connection closed by 91.92.40.46 port 60100 [preauth]
Jun 24 01:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Failed password for root from 91.92.40.46 port 12600 ssh2
Jun 24 01:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Connection closed by 91.92.40.46 port 12600 [preauth]
Jun 24 01:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: Invalid user devuser from 91.92.40.46
Jun 24 01:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: input_userauth_request: invalid user devuser [preauth]
Jun 24 01:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: Failed password for invalid user devuser from 91.92.40.46 port 43296 ssh2
Jun 24 01:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: Connection closed by 91.92.40.46 port 43296 [preauth]
Jun 24 01:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: Failed password for root from 91.92.40.46 port 43338 ssh2
Jun 24 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31543]: pam_unix(cron:session): session closed for user root
Jun 24 01:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: Connection closed by 91.92.40.46 port 43338 [preauth]
Jun 24 01:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 01:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Invalid user runner from 91.92.40.46
Jun 24 01:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: input_userauth_request: invalid user runner [preauth]
Jun 24 01:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: Failed password for root from 62.133.62.83 port 47088 ssh2
Jun 24 01:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: Connection closed by 62.133.62.83 port 47088 [preauth]
Jun 24 01:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: Invalid user openclaw from 91.92.40.46
Jun 24 01:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 01:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Failed password for invalid user runner from 91.92.40.46 port 33454 ssh2
Jun 24 01:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Connection closed by 91.92.40.46 port 33454 [preauth]
Jun 24 01:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: Failed password for invalid user openclaw from 91.92.40.46 port 33502 ssh2
Jun 24 01:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: Connection closed by 91.92.40.46 port 33502 [preauth]
Jun 24 01:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[450]: Failed password for root from 91.92.40.46 port 24700 ssh2
Jun 24 01:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: Invalid user wangchen from 91.92.40.46
Jun 24 01:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: input_userauth_request: invalid user wangchen [preauth]
Jun 24 01:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[450]: Connection closed by 91.92.40.46 port 24700 [preauth]
Jun 24 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: Failed password for invalid user wangchen from 91.92.40.46 port 17004 ssh2
Jun 24 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Invalid user zabbix from 91.92.40.46
Jun 24 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: input_userauth_request: invalid user zabbix [preauth]
Jun 24 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[708]: Successful su for rubyman by root
Jun 24 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[708]: + ??? root:rubyman
Jun 24 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580737 of user rubyman.
Jun 24 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[708]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580737.
Jun 24 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: Connection closed by 91.92.40.46 port 17004 [preauth]
Jun 24 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session closed for user root
Jun 24 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Failed password for invalid user zabbix from 91.92.40.46 port 23586 ssh2
Jun 24 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Invalid user codex from 91.92.40.46
Jun 24 01:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: input_userauth_request: invalid user codex [preauth]
Jun 24 01:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Connection closed by 91.92.40.46 port 23586 [preauth]
Jun 24 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Invalid user adminuser from 69.74.29.21
Jun 24 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: input_userauth_request: invalid user adminuser [preauth]
Jun 24 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Failed password for invalid user codex from 91.92.40.46 port 28450 ssh2
Jun 24 01:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Connection closed by 91.92.40.46 port 28450 [preauth]
Jun 24 01:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Failed password for invalid user adminuser from 69.74.29.21 port 16863 ssh2
Jun 24 01:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Received disconnect from 69.74.29.21 port 16863:11: Bye Bye [preauth]
Jun 24 01:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Disconnected from 69.74.29.21 port 16863 [preauth]
Jun 24 01:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[903]: Failed password for root from 91.92.40.46 port 45558 ssh2
Jun 24 01:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[903]: Connection closed by 91.92.40.46 port 45558 [preauth]
Jun 24 01:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: Invalid user test from 91.92.40.46
Jun 24 01:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: input_userauth_request: invalid user test [preauth]
Jun 24 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: Failed password for invalid user test from 91.92.40.46 port 45680 ssh2
Jun 24 01:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[941]: Connection closed by 91.92.40.46 port 45680 [preauth]
Jun 24 01:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: Invalid user bitnami from 91.92.40.46
Jun 24 01:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: input_userauth_request: invalid user bitnami [preauth]
Jun 24 01:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: Failed password for invalid user bitnami from 91.92.40.46 port 38688 ssh2
Jun 24 01:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: Connection closed by 91.92.40.46 port 38688 [preauth]
Jun 24 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session closed for user root
Jun 24 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[987]: Invalid user botuser from 91.92.40.46
Jun 24 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[987]: input_userauth_request: invalid user botuser [preauth]
Jun 24 01:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[987]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[987]: Failed password for invalid user botuser from 91.92.40.46 port 51742 ssh2
Jun 24 01:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[987]: Connection closed by 91.92.40.46 port 51742 [preauth]
Jun 24 01:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: Invalid user gold from 91.92.40.46
Jun 24 01:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: input_userauth_request: invalid user gold [preauth]
Jun 24 01:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: Failed password for invalid user gold from 91.92.40.46 port 51804 ssh2
Jun 24 01:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Invalid user student5 from 182.13.96.107
Jun 24 01:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: input_userauth_request: invalid user student5 [preauth]
Jun 24 01:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: Connection closed by 91.92.40.46 port 51804 [preauth]
Jun 24 01:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Failed password for invalid user student5 from 182.13.96.107 port 42046 ssh2
Jun 24 01:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Received disconnect from 182.13.96.107 port 42046:11: Bye Bye [preauth]
Jun 24 01:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Disconnected from 182.13.96.107 port 42046 [preauth]
Jun 24 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Invalid user term2 from 91.92.40.46
Jun 24 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: input_userauth_request: invalid user term2 [preauth]
Jun 24 01:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Failed password for invalid user term2 from 91.92.40.46 port 58720 ssh2
Jun 24 01:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Connection closed by 91.92.40.46 port 58720 [preauth]
Jun 24 01:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Failed password for invalid user ubuntu from 91.92.40.46 port 34566 ssh2
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1124]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: Successful su for rubyman by root
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: + ??? root:rubyman
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580740 of user rubyman.
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580740.
Jun 24 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Connection closed by 91.92.40.46 port 34566 [preauth]
Jun 24 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: Invalid user danny from 91.92.40.46
Jun 24 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: input_userauth_request: invalid user danny [preauth]
Jun 24 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30586]: pam_unix(cron:session): session closed for user root
Jun 24 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1125]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: Failed password for invalid user danny from 91.92.40.46 port 56192 ssh2
Jun 24 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: Connection closed by 91.92.40.46 port 56192 [preauth]
Jun 24 01:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Invalid user administrador from 91.92.40.46
Jun 24 01:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: input_userauth_request: invalid user administrador [preauth]
Jun 24 01:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Failed password for invalid user administrador from 91.92.40.46 port 56258 ssh2
Jun 24 01:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Connection closed by 91.92.40.46 port 56258 [preauth]
Jun 24 01:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: Invalid user avalanche from 91.92.40.46
Jun 24 01:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: input_userauth_request: invalid user avalanche [preauth]
Jun 24 01:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: Failed password for invalid user avalanche from 91.92.40.46 port 29862 ssh2
Jun 24 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: Connection closed by 91.92.40.46 port 29862 [preauth]
Jun 24 01:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: Invalid user afk from 91.92.40.46
Jun 24 01:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: input_userauth_request: invalid user afk [preauth]
Jun 24 01:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: Failed password for invalid user afk from 91.92.40.46 port 35178 ssh2
Jun 24 01:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: Connection closed by 91.92.40.46 port 35178 [preauth]
Jun 24 01:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: Invalid user user from 91.92.40.46
Jun 24 01:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: input_userauth_request: invalid user user [preauth]
Jun 24 01:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session closed for user root
Jun 24 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: Failed password for invalid user user from 91.92.40.46 port 29272 ssh2
Jun 24 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: Connection closed by 91.92.40.46 port 29272 [preauth]
Jun 24 01:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: Invalid user fox from 91.92.40.46
Jun 24 01:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: input_userauth_request: invalid user fox [preauth]
Jun 24 01:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: Failed password for invalid user fox from 91.92.40.46 port 29322 ssh2
Jun 24 01:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: Connection closed by 91.92.40.46 port 29322 [preauth]
Jun 24 01:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: Invalid user andre from 91.92.40.46
Jun 24 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: input_userauth_request: invalid user andre [preauth]
Jun 24 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: Failed password for invalid user andre from 91.92.40.46 port 12492 ssh2
Jun 24 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: Connection closed by 91.92.40.46 port 12492 [preauth]
Jun 24 01:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Failed password for root from 91.92.40.46 port 19750 ssh2
Jun 24 01:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Connection closed by 91.92.40.46 port 19750 [preauth]
Jun 24 01:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Invalid user david from 91.92.40.46
Jun 24 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: input_userauth_request: invalid user david [preauth]
Jun 24 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1682]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1762]: Successful su for rubyman by root
Jun 24 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1762]: + ??? root:rubyman
Jun 24 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580744 of user rubyman.
Jun 24 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1762]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580744.
Jun 24 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Failed password for invalid user david from 91.92.40.46 port 58022 ssh2
Jun 24 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Connection closed by 91.92.40.46 port 58022 [preauth]
Jun 24 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31112]: pam_unix(cron:session): session closed for user root
Jun 24 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1683]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: Invalid user devuser from 91.92.40.46
Jun 24 01:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: input_userauth_request: invalid user devuser [preauth]
Jun 24 01:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: Failed password for invalid user devuser from 91.92.40.46 port 58034 ssh2
Jun 24 01:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: Connection closed by 91.92.40.46 port 58034 [preauth]
Jun 24 01:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: Invalid user angga from 69.74.29.21
Jun 24 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: input_userauth_request: invalid user angga [preauth]
Jun 24 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: Failed password for invalid user angga from 69.74.29.21 port 48190 ssh2
Jun 24 01:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: Received disconnect from 69.74.29.21 port 48190:11: Bye Bye [preauth]
Jun 24 01:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: Disconnected from 69.74.29.21 port 48190 [preauth]
Jun 24 01:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1980]: Failed password for root from 91.92.40.46 port 63324 ssh2
Jun 24 01:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1980]: Connection closed by 91.92.40.46 port 63324 [preauth]
Jun 24 01:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Invalid user test from 91.92.40.46
Jun 24 01:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: input_userauth_request: invalid user test [preauth]
Jun 24 01:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Failed password for invalid user test from 91.92.40.46 port 40350 ssh2
Jun 24 01:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Connection closed by 91.92.40.46 port 40350 [preauth]
Jun 24 01:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2073]: Invalid user debian from 91.92.40.46
Jun 24 01:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2073]: input_userauth_request: invalid user debian [preauth]
Jun 24 01:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2073]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2073]: Failed password for invalid user debian from 91.92.40.46 port 17926 ssh2
Jun 24 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2073]: Connection closed by 91.92.40.46 port 17926 [preauth]
Jun 24 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[644]: pam_unix(cron:session): session closed for user root
Jun 24 01:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Invalid user admin from 91.92.40.46
Jun 24 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: input_userauth_request: invalid user admin [preauth]
Jun 24 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Failed password for invalid user admin from 91.92.40.46 port 17956 ssh2
Jun 24 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Connection closed by 91.92.40.46 port 17956 [preauth]
Jun 24 01:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2124]: Failed password for root from 91.92.40.46 port 26706 ssh2
Jun 24 01:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2124]: Connection closed by 91.92.40.46 port 26706 [preauth]
Jun 24 01:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Invalid user test from 91.92.40.46
Jun 24 01:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: input_userauth_request: invalid user test [preauth]
Jun 24 01:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Failed password for invalid user test from 91.92.40.46 port 18616 ssh2
Jun 24 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Connection closed by 91.92.40.46 port 18616 [preauth]
Jun 24 01:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Invalid user jenkins from 91.92.40.46
Jun 24 01:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: input_userauth_request: invalid user jenkins [preauth]
Jun 24 01:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2190]: pam_unix(cron:session): session closed for user root
Jun 24 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2184]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Invalid user staging from 182.13.96.107
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: input_userauth_request: invalid user staging [preauth]
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2267]: Successful su for rubyman by root
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2267]: + ??? root:rubyman
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580748 of user rubyman.
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2267]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580748.
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Failed password for invalid user jenkins from 91.92.40.46 port 18660 ssh2
Jun 24 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Connection closed by 91.92.40.46 port 18660 [preauth]
Jun 24 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Failed password for invalid user staging from 182.13.96.107 port 56144 ssh2
Jun 24 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Received disconnect from 182.13.96.107 port 56144:11: Bye Bye [preauth]
Jun 24 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Disconnected from 182.13.96.107 port 56144 [preauth]
Jun 24 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31541]: pam_unix(cron:session): session closed for user root
Jun 24 01:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2186]: pam_unix(cron:session): session closed for user root
Jun 24 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Invalid user aa from 91.92.40.46
Jun 24 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: input_userauth_request: invalid user aa [preauth]
Jun 24 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2185]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Failed password for invalid user aa from 91.92.40.46 port 14912 ssh2
Jun 24 01:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Connection closed by 91.92.40.46 port 14912 [preauth]
Jun 24 01:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2488]: User john from 91.92.40.46 not allowed because not listed in AllowUsers
Jun 24 01:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2488]: input_userauth_request: invalid user john [preauth]
Jun 24 01:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=john
Jun 24 01:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2488]: Failed password for invalid user john from 91.92.40.46 port 50396 ssh2
Jun 24 01:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2488]: Connection closed by 91.92.40.46 port 50396 [preauth]
Jun 24 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: Invalid user odoo from 91.92.40.46
Jun 24 01:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: input_userauth_request: invalid user odoo [preauth]
Jun 24 01:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: Failed password for invalid user odoo from 91.92.40.46 port 47024 ssh2
Jun 24 01:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2513]: Connection closed by 91.92.40.46 port 47024 [preauth]
Jun 24 01:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: Invalid user guest from 91.92.40.46
Jun 24 01:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: input_userauth_request: invalid user guest [preauth]
Jun 24 01:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: Failed password for invalid user guest from 91.92.40.46 port 47066 ssh2
Jun 24 01:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: Connection closed by 91.92.40.46 port 47066 [preauth]
Jun 24 01:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1127]: pam_unix(cron:session): session closed for user root
Jun 24 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: Invalid user dmdba from 91.92.40.46
Jun 24 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: input_userauth_request: invalid user dmdba [preauth]
Jun 24 01:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: Failed password for invalid user dmdba from 91.92.40.46 port 34484 ssh2
Jun 24 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: Connection closed by 91.92.40.46 port 34484 [preauth]
Jun 24 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Failed password for root from 80.66.85.226 port 37882 ssh2
Jun 24 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Connection closed by 80.66.85.226 port 37882 [preauth]
Jun 24 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Failed password for root from 91.92.40.46 port 27452 ssh2
Jun 24 01:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Connection closed by 91.92.40.46 port 27452 [preauth]
Jun 24 01:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Failed password for root from 91.92.40.46 port 27470 ssh2
Jun 24 01:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Connection closed by 91.92.40.46 port 27470 [preauth]
Jun 24 01:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: Invalid user odoo from 91.92.40.46
Jun 24 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: input_userauth_request: invalid user odoo [preauth]
Jun 24 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: Failed password for invalid user odoo from 91.92.40.46 port 31872 ssh2
Jun 24 01:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: Connection closed by 91.92.40.46 port 31872 [preauth]
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2740]: Successful su for rubyman by root
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2740]: + ??? root:rubyman
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580754 of user rubyman.
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2740]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580754.
Jun 24 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: Invalid user jakob from 91.92.40.46
Jun 24 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: input_userauth_request: invalid user jakob [preauth]
Jun 24 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32073]: pam_unix(cron:session): session closed for user root
Jun 24 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2668]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: Failed password for invalid user jakob from 91.92.40.46 port 54480 ssh2
Jun 24 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: Connection closed by 91.92.40.46 port 54480 [preauth]
Jun 24 01:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Invalid user celeste from 91.92.40.46
Jun 24 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: input_userauth_request: invalid user celeste [preauth]
Jun 24 01:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Failed password for invalid user celeste from 91.92.40.46 port 29192 ssh2
Jun 24 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Connection closed by 91.92.40.46 port 29192 [preauth]
Jun 24 01:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Invalid user student from 91.92.40.46
Jun 24 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: input_userauth_request: invalid user student [preauth]
Jun 24 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user student from 91.92.40.46 port 29234 ssh2
Jun 24 01:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Connection closed by 91.92.40.46 port 29234 [preauth]
Jun 24 01:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Invalid user kevin from 91.92.40.46
Jun 24 01:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: input_userauth_request: invalid user kevin [preauth]
Jun 24 01:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: Invalid user develop from 69.74.29.21
Jun 24 01:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: input_userauth_request: invalid user develop [preauth]
Jun 24 01:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: Failed password for invalid user develop from 69.74.29.21 port 46888 ssh2
Jun 24 01:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: Received disconnect from 69.74.29.21 port 46888:11: Bye Bye [preauth]
Jun 24 01:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: Disconnected from 69.74.29.21 port 46888 [preauth]
Jun 24 01:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Failed password for invalid user kevin from 91.92.40.46 port 56280 ssh2
Jun 24 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Connection closed by 91.92.40.46 port 56280 [preauth]
Jun 24 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Invalid user vagrant from 91.92.40.46
Jun 24 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: input_userauth_request: invalid user vagrant [preauth]
Jun 24 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1686]: pam_unix(cron:session): session closed for user root
Jun 24 01:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Failed password for invalid user vagrant from 91.92.40.46 port 38690 ssh2
Jun 24 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Connection closed by 91.92.40.46 port 38690 [preauth]
Jun 24 01:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: Invalid user deploy from 91.92.40.46
Jun 24 01:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: input_userauth_request: invalid user deploy [preauth]
Jun 24 01:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: Failed password for invalid user deploy from 91.92.40.46 port 38760 ssh2
Jun 24 01:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: Connection closed by 91.92.40.46 port 38760 [preauth]
Jun 24 01:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: Invalid user seed from 91.92.40.46
Jun 24 01:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: input_userauth_request: invalid user seed [preauth]
Jun 24 01:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: Failed password for invalid user seed from 91.92.40.46 port 22048 ssh2
Jun 24 01:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: Connection closed by 91.92.40.46 port 22048 [preauth]
Jun 24 01:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: Invalid user git from 91.92.40.46
Jun 24 01:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: input_userauth_request: invalid user git [preauth]
Jun 24 01:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: Failed password for invalid user git from 91.92.40.46 port 10520 ssh2
Jun 24 01:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: Connection closed by 91.92.40.46 port 10520 [preauth]
Jun 24 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3156]: Successful su for rubyman by root
Jun 24 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3156]: + ??? root:rubyman
Jun 24 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580759 of user rubyman.
Jun 24 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3156]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580759.
Jun 24 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Invalid user dm from 91.92.40.46
Jun 24 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: input_userauth_request: invalid user dm [preauth]
Jun 24 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32536]: pam_unix(cron:session): session closed for user root
Jun 24 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Failed password for invalid user dm from 91.92.40.46 port 10540 ssh2
Jun 24 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Connection closed by 91.92.40.46 port 10540 [preauth]
Jun 24 01:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3203]: Invalid user web from 91.92.40.46
Jun 24 01:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3203]: input_userauth_request: invalid user web [preauth]
Jun 24 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3203]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3203]: Failed password for invalid user web from 91.92.40.46 port 50254 ssh2
Jun 24 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3203]: Connection closed by 91.92.40.46 port 50254 [preauth]
Jun 24 01:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Invalid user cc from 91.92.40.46
Jun 24 01:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: input_userauth_request: invalid user cc [preauth]
Jun 24 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Failed password for invalid user cc from 91.92.40.46 port 57636 ssh2
Jun 24 01:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Connection closed by 91.92.40.46 port 57636 [preauth]
Jun 24 01:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: Invalid user apex from 91.92.40.46
Jun 24 01:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: input_userauth_request: invalid user apex [preauth]
Jun 24 01:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Invalid user rami from 182.13.96.107
Jun 24 01:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: input_userauth_request: invalid user rami [preauth]
Jun 24 01:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: Failed password for invalid user apex from 91.92.40.46 port 57660 ssh2
Jun 24 01:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Failed password for invalid user rami from 182.13.96.107 port 49502 ssh2
Jun 24 01:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Received disconnect from 182.13.96.107 port 49502:11: Bye Bye [preauth]
Jun 24 01:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Disconnected from 182.13.96.107 port 49502 [preauth]
Jun 24 01:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: Connection closed by 91.92.40.46 port 57660 [preauth]
Jun 24 01:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Invalid user martin from 91.92.40.46
Jun 24 01:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: input_userauth_request: invalid user martin [preauth]
Jun 24 01:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Failed password for invalid user martin from 91.92.40.46 port 20942 ssh2
Jun 24 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2189]: pam_unix(cron:session): session closed for user root
Jun 24 01:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Connection closed by 91.92.40.46 port 20942 [preauth]
Jun 24 01:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: Invalid user deployer from 91.92.40.46
Jun 24 01:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: input_userauth_request: invalid user deployer [preauth]
Jun 24 01:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: Failed password for invalid user deployer from 91.92.40.46 port 24234 ssh2
Jun 24 01:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: Connection closed by 91.92.40.46 port 24234 [preauth]
Jun 24 01:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: Failed password for invalid user ubuntu from 91.92.40.46 port 24252 ssh2
Jun 24 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: Connection closed by 91.92.40.46 port 24252 [preauth]
Jun 24 01:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: Failed password for root from 91.92.40.46 port 20386 ssh2
Jun 24 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: Connection closed by 91.92.40.46 port 20386 [preauth]
Jun 24 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Invalid user ops from 91.92.40.46
Jun 24 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: input_userauth_request: invalid user ops [preauth]
Jun 24 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3508]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: Successful su for rubyman by root
Jun 24 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: + ??? root:rubyman
Jun 24 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580764 of user rubyman.
Jun 24 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580764.
Jun 24 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Failed password for invalid user ops from 91.92.40.46 port 52012 ssh2
Jun 24 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session closed for user root
Jun 24 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Connection closed by 91.92.40.46 port 52012 [preauth]
Jun 24 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: Invalid user professor from 91.92.40.46
Jun 24 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: input_userauth_request: invalid user professor [preauth]
Jun 24 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: Failed password for invalid user professor from 91.92.40.46 port 52092 ssh2
Jun 24 01:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: Connection closed by 91.92.40.46 port 52092 [preauth]
Jun 24 01:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Invalid user sam from 91.92.40.46
Jun 24 01:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: input_userauth_request: invalid user sam [preauth]
Jun 24 01:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Failed password for invalid user sam from 91.92.40.46 port 52180 ssh2
Jun 24 01:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Connection closed by 91.92.40.46 port 52180 [preauth]
Jun 24 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Failed password for root from 91.92.40.46 port 33558 ssh2
Jun 24 01:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Connection closed by 91.92.40.46 port 33558 [preauth]
Jun 24 01:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: Failed password for root from 91.92.40.46 port 10488 ssh2
Jun 24 01:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: Connection closed by 91.92.40.46 port 10488 [preauth]
Jun 24 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Invalid user vanessa from 69.74.29.21
Jun 24 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: input_userauth_request: invalid user vanessa [preauth]
Jun 24 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2670]: pam_unix(cron:session): session closed for user root
Jun 24 01:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Failed password for invalid user vanessa from 69.74.29.21 port 25596 ssh2
Jun 24 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Received disconnect from 69.74.29.21 port 25596:11: Bye Bye [preauth]
Jun 24 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Disconnected from 69.74.29.21 port 25596 [preauth]
Jun 24 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: Failed password for root from 91.92.40.46 port 34014 ssh2
Jun 24 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: Connection closed by 91.92.40.46 port 34014 [preauth]
Jun 24 01:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Failed password for root from 91.92.40.46 port 34054 ssh2
Jun 24 01:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Connection closed by 91.92.40.46 port 34054 [preauth]
Jun 24 01:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Failed password for root from 91.92.40.46 port 47876 ssh2
Jun 24 01:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Connection closed by 91.92.40.46 port 47876 [preauth]
Jun 24 01:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Invalid user rogelio from 91.92.40.46
Jun 24 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: input_userauth_request: invalid user rogelio [preauth]
Jun 24 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Failed password for invalid user rogelio from 91.92.40.46 port 54356 ssh2
Jun 24 01:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Connection closed by 91.92.40.46 port 54356 [preauth]
Jun 24 01:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: Invalid user azureuser from 91.92.40.46
Jun 24 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: input_userauth_request: invalid user azureuser [preauth]
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4118]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: Successful su for rubyman by root
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: + ??? root:rubyman
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580766 of user rubyman.
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580766.
Jun 24 01:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: Failed password for invalid user azureuser from 91.92.40.46 port 54382 ssh2
Jun 24 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1126]: pam_unix(cron:session): session closed for user root
Jun 24 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: Connection closed by 91.92.40.46 port 54382 [preauth]
Jun 24 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4119]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: Invalid user leo from 91.92.40.46
Jun 24 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: input_userauth_request: invalid user leo [preauth]
Jun 24 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: Failed password for invalid user leo from 91.92.40.46 port 44246 ssh2
Jun 24 01:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: Connection closed by 91.92.40.46 port 44246 [preauth]
Jun 24 01:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Failed password for invalid user ubuntu from 91.92.40.46 port 33642 ssh2
Jun 24 01:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Connection closed by 91.92.40.46 port 33642 [preauth]
Jun 24 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: Invalid user dummy from 91.92.40.46
Jun 24 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: input_userauth_request: invalid user dummy [preauth]
Jun 24 01:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: Failed password for invalid user dummy from 91.92.40.46 port 49088 ssh2
Jun 24 01:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: Connection closed by 91.92.40.46 port 49088 [preauth]
Jun 24 01:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: Invalid user test3 from 91.92.40.46
Jun 24 01:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: input_userauth_request: invalid user test3 [preauth]
Jun 24 01:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: Failed password for invalid user test3 from 91.92.40.46 port 49124 ssh2
Jun 24 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session closed for user root
Jun 24 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: Connection closed by 91.92.40.46 port 49124 [preauth]
Jun 24 01:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: Failed password for invalid user ubuntu from 91.92.40.46 port 31304 ssh2
Jun 24 01:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: Connection closed by 91.92.40.46 port 31304 [preauth]
Jun 24 01:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: Invalid user ly from 91.92.40.46
Jun 24 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: input_userauth_request: invalid user ly [preauth]
Jun 24 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: Invalid user mike from 182.13.96.107
Jun 24 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: input_userauth_request: invalid user mike [preauth]
Jun 24 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: Failed password for invalid user mike from 182.13.96.107 port 33218 ssh2
Jun 24 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: Received disconnect from 182.13.96.107 port 33218:11: Bye Bye [preauth]
Jun 24 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4497]: Disconnected from 182.13.96.107 port 33218 [preauth]
Jun 24 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: Failed password for invalid user ly from 91.92.40.46 port 28696 ssh2
Jun 24 01:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4487]: Connection closed by 91.92.40.46 port 28696 [preauth]
Jun 24 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: Invalid user kafka from 91.92.40.46
Jun 24 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: input_userauth_request: invalid user kafka [preauth]
Jun 24 01:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: Failed password for invalid user kafka from 91.92.40.46 port 28764 ssh2
Jun 24 01:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: Connection closed by 91.92.40.46 port 28764 [preauth]
Jun 24 01:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: Failed password for root from 91.92.40.46 port 56412 ssh2
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: Connection closed by 91.92.40.46 port 56412 [preauth]
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4565]: pam_unix(cron:session): session closed for user root
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4559]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4628]: Successful su for rubyman by root
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4628]: + ??? root:rubyman
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580773 of user rubyman.
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4628]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580773.
Jun 24 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session closed for user root
Jun 24 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Invalid user deploy from 91.92.40.46
Jun 24 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: input_userauth_request: invalid user deploy [preauth]
Jun 24 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1684]: pam_unix(cron:session): session closed for user root
Jun 24 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Failed password for invalid user deploy from 91.92.40.46 port 25778 ssh2
Jun 24 01:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Connection closed by 91.92.40.46 port 25778 [preauth]
Jun 24 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: Invalid user minecraft from 91.92.40.46
Jun 24 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 01:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: Failed password for invalid user minecraft from 91.92.40.46 port 25788 ssh2
Jun 24 01:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: Connection closed by 91.92.40.46 port 25788 [preauth]
Jun 24 01:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: Failed password for invalid user ubuntu from 91.92.40.46 port 63394 ssh2
Jun 24 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: Connection closed by 91.92.40.46 port 63394 [preauth]
Jun 24 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: Invalid user admin from 91.92.40.46
Jun 24 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: input_userauth_request: invalid user admin [preauth]
Jun 24 01:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: Failed password for invalid user admin from 91.92.40.46 port 36290 ssh2
Jun 24 01:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: Connection closed by 91.92.40.46 port 36290 [preauth]
Jun 24 01:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: Invalid user jay from 91.92.40.46
Jun 24 01:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: input_userauth_request: invalid user jay [preauth]
Jun 24 01:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session closed for user root
Jun 24 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: Failed password for invalid user jay from 91.92.40.46 port 36354 ssh2
Jun 24 01:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: Connection closed by 91.92.40.46 port 36354 [preauth]
Jun 24 01:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Invalid user student from 91.92.40.46
Jun 24 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: input_userauth_request: invalid user student [preauth]
Jun 24 01:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Connection closed by 194.59.206.2 port 16968 [preauth]
Jun 24 01:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Failed password for invalid user student from 91.92.40.46 port 23592 ssh2
Jun 24 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Connection closed by 91.92.40.46 port 23592 [preauth]
Jun 24 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5085]: Invalid user user123 from 69.74.29.21
Jun 24 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5085]: input_userauth_request: invalid user user123 [preauth]
Jun 24 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5085]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 01:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5085]: Failed password for invalid user user123 from 69.74.29.21 port 54365 ssh2
Jun 24 01:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5085]: Received disconnect from 69.74.29.21 port 54365:11: Bye Bye [preauth]
Jun 24 01:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5085]: Disconnected from 69.74.29.21 port 54365 [preauth]
Jun 24 01:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Invalid user user from 91.92.40.46
Jun 24 01:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: input_userauth_request: invalid user user [preauth]
Jun 24 01:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Failed password for invalid user user from 91.92.40.46 port 61120 ssh2
Jun 24 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Connection closed by 91.92.40.46 port 61120 [preauth]
Jun 24 01:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Invalid user ts3 from 91.92.40.46
Jun 24 01:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: input_userauth_request: invalid user ts3 [preauth]
Jun 24 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Failed password for invalid user ts3 from 91.92.40.46 port 16458 ssh2
Jun 24 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5118]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Connection closed by 91.92.40.46 port 16458 [preauth]
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5189]: Successful su for rubyman by root
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5189]: + ??? root:rubyman
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580776 of user rubyman.
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5189]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580776.
Jun 24 01:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: Invalid user claude from 91.92.40.46
Jun 24 01:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: input_userauth_request: invalid user claude [preauth]
Jun 24 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2188]: pam_unix(cron:session): session closed for user root
Jun 24 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5119]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: Failed password for invalid user claude from 91.92.40.46 port 16542 ssh2
Jun 24 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: Invalid user ftpuser from 91.92.40.46
Jun 24 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: Connection closed by 91.92.40.46 port 16542 [preauth]
Jun 24 01:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: Failed password for invalid user ftpuser from 91.92.40.46 port 16266 ssh2
Jun 24 01:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5116]: Connection closed by 91.92.40.46 port 16266 [preauth]
Jun 24 01:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: Invalid user vyos from 91.92.40.46
Jun 24 01:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: input_userauth_request: invalid user vyos [preauth]
Jun 24 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: Failed password for invalid user vyos from 91.92.40.46 port 43270 ssh2
Jun 24 01:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5391]: Connection closed by 91.92.40.46 port 43270 [preauth]
Jun 24 01:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: Invalid user username from 91.92.40.46
Jun 24 01:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: input_userauth_request: invalid user username [preauth]
Jun 24 01:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: Failed password for invalid user username from 91.92.40.46 port 43304 ssh2
Jun 24 01:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5432]: Invalid user elina from 91.92.40.46
Jun 24 01:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5432]: input_userauth_request: invalid user elina [preauth]
Jun 24 01:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: Connection closed by 91.92.40.46 port 43304 [preauth]
Jun 24 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4122]: pam_unix(cron:session): session closed for user root
Jun 24 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5432]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5432]: Failed password for invalid user elina from 91.92.40.46 port 25388 ssh2
Jun 24 01:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Invalid user rohan from 141.98.83.240
Jun 24 01:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: input_userauth_request: invalid user rohan [preauth]
Jun 24 01:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Failed password for invalid user rohan from 141.98.83.240 port 16190 ssh2
Jun 24 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Failed password for invalid user rohan from 141.98.83.240 port 16190 ssh2
Jun 24 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Failed password for invalid user rohan from 141.98.83.240 port 16190 ssh2
Jun 24 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Connection closed by 141.98.83.240 port 16190 [preauth]
Jun 24 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: Invalid user angga from 182.13.96.107
Jun 24 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: input_userauth_request: invalid user angga [preauth]
Jun 24 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5546]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: Failed password for invalid user angga from 182.13.96.107 port 56850 ssh2
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: Received disconnect from 182.13.96.107 port 56850:11: Bye Bye [preauth]
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: Disconnected from 182.13.96.107 port 56850 [preauth]
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5608]: Successful su for rubyman by root
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5608]: + ??? root:rubyman
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580781 of user rubyman.
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5608]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580781.
Jun 24 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2669]: pam_unix(cron:session): session closed for user root
Jun 24 01:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5547]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4563]: pam_unix(cron:session): session closed for user root
Jun 24 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5943]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6002]: Successful su for rubyman by root
Jun 24 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6002]: + ??? root:rubyman
Jun 24 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580785 of user rubyman.
Jun 24 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6002]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580785.
Jun 24 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session closed for user root
Jun 24 01:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5944]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5122]: pam_unix(cron:session): session closed for user root
Jun 24 01:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 01:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 01:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: Failed password for root from 103.27.238.114 port 40116 ssh2
Jun 24 01:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: Connection closed by 103.27.238.114 port 40116 [preauth]
Jun 24 01:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Failed password for root from 103.77.242.62 port 33226 ssh2
Jun 24 01:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Connection closed by 103.77.242.62 port 33226 [preauth]
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6336]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6398]: Successful su for rubyman by root
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6398]: + ??? root:rubyman
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580788 of user rubyman.
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6398]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580788.
Jun 24 01:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3510]: pam_unix(cron:session): session closed for user root
Jun 24 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6337]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6607]: Invalid user deploy from 182.13.96.107
Jun 24 01:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6607]: input_userauth_request: invalid user deploy [preauth]
Jun 24 01:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6607]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6607]: Failed password for invalid user deploy from 182.13.96.107 port 35682 ssh2
Jun 24 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6607]: Received disconnect from 182.13.96.107 port 35682:11: Bye Bye [preauth]
Jun 24 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6607]: Disconnected from 182.13.96.107 port 35682 [preauth]
Jun 24 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: Received disconnect from 194.120.230.72 port 45882:11: disconnected by user [preauth]
Jun 24 01:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: Disconnected from 194.120.230.72 port 45882 [preauth]
Jun 24 01:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: Invalid user claude from 91.92.40.46
Jun 24 01:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: input_userauth_request: invalid user claude [preauth]
Jun 24 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5549]: pam_unix(cron:session): session closed for user root
Jun 24 01:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: Failed password for invalid user claude from 91.92.40.46 port 36842 ssh2
Jun 24 01:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: Connection closed by 91.92.40.46 port 36842 [preauth]
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6748]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6748]: pam_unix(cron:session): session closed for user root
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6743]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6821]: Successful su for rubyman by root
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6821]: + ??? root:rubyman
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580792 of user rubyman.
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6821]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580792.
Jun 24 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6745]: pam_unix(cron:session): session closed for user root
Jun 24 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4121]: pam_unix(cron:session): session closed for user root
Jun 24 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6744]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session closed for user root
Jun 24 01:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 01:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: Failed password for root from 38.93.206.2 port 44388 ssh2
Jun 24 01:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: Connection closed by 38.93.206.2 port 44388 [preauth]
Jun 24 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7360]: Successful su for rubyman by root
Jun 24 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7360]: + ??? root:rubyman
Jun 24 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580799 of user rubyman.
Jun 24 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7360]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580799.
Jun 24 01:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4562]: pam_unix(cron:session): session closed for user root
Jun 24 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7291]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107  user=root
Jun 24 01:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6339]: pam_unix(cron:session): session closed for user root
Jun 24 01:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Failed password for root from 182.13.96.107 port 53210 ssh2
Jun 24 01:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Received disconnect from 182.13.96.107 port 53210:11: Bye Bye [preauth]
Jun 24 01:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Disconnected from 182.13.96.107 port 53210 [preauth]
Jun 24 01:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7549]: Invalid user pz from 91.92.40.46
Jun 24 01:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7549]: input_userauth_request: invalid user pz [preauth]
Jun 24 01:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7802]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7859]: Successful su for rubyman by root
Jun 24 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7859]: + ??? root:rubyman
Jun 24 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580803 of user rubyman.
Jun 24 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7859]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580803.
Jun 24 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5120]: pam_unix(cron:session): session closed for user root
Jun 24 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7803]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6747]: pam_unix(cron:session): session closed for user root
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8188]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8248]: Successful su for rubyman by root
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8248]: + ??? root:rubyman
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580807 of user rubyman.
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8248]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580807.
Jun 24 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5548]: pam_unix(cron:session): session closed for user root
Jun 24 01:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Failed password for invalid user ubuntu from 91.92.40.46 port 18984 ssh2
Jun 24 01:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8189]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7294]: pam_unix(cron:session): session closed for user root
Jun 24 01:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: Invalid user mikrotik from 182.13.96.107
Jun 24 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: input_userauth_request: invalid user mikrotik [preauth]
Jun 24 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.107
Jun 24 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: Failed password for invalid user mikrotik from 182.13.96.107 port 60486 ssh2
Jun 24 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: Received disconnect from 182.13.96.107 port 60486:11: Bye Bye [preauth]
Jun 24 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: Disconnected from 182.13.96.107 port 60486 [preauth]
Jun 24 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8597]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8714]: Successful su for rubyman by root
Jun 24 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8714]: + ??? root:rubyman
Jun 24 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580811 of user rubyman.
Jun 24 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8714]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580811.
Jun 24 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session closed for user root
Jun 24 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5945]: pam_unix(cron:session): session closed for user root
Jun 24 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8598]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7805]: pam_unix(cron:session): session closed for user root
Jun 24 01:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9094]: pam_unix(cron:session): session closed for user root
Jun 24 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9089]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9155]: Successful su for rubyman by root
Jun 24 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9155]: + ??? root:rubyman
Jun 24 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580818 of user rubyman.
Jun 24 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9155]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580818.
Jun 24 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9091]: pam_unix(cron:session): session closed for user root
Jun 24 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6338]: pam_unix(cron:session): session closed for user root
Jun 24 01:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9090]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Invalid user george from 91.92.40.46
Jun 24 01:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: input_userauth_request: invalid user george [preauth]
Jun 24 01:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8191]: pam_unix(cron:session): session closed for user root
Jun 24 01:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Failed password for invalid user george from 91.92.40.46 port 13808 ssh2
Jun 24 01:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Did not receive identification string from 91.92.40.46
Jun 24 01:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Connection closed by 91.92.40.46 port 13808 [preauth]
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: Successful su for rubyman by root
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: + ??? root:rubyman
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580821 of user rubyman.
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580821.
Jun 24 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6746]: pam_unix(cron:session): session closed for user root
Jun 24 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8600]: pam_unix(cron:session): session closed for user root
Jun 24 01:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Invalid user developer1 from 91.92.40.46
Jun 24 01:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: input_userauth_request: invalid user developer1 [preauth]
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10085]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10151]: Successful su for rubyman by root
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10151]: + ??? root:rubyman
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580826 of user rubyman.
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10151]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580826.
Jun 24 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7292]: pam_unix(cron:session): session closed for user root
Jun 24 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10087]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9093]: pam_unix(cron:session): session closed for user root
Jun 24 01:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10551]: Invalid user deploy from 91.92.40.46
Jun 24 01:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10551]: input_userauth_request: invalid user deploy [preauth]
Jun 24 01:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10551]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10551]: Failed password for invalid user deploy from 91.92.40.46 port 12668 ssh2
Jun 24 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10551]: Connection closed by 91.92.40.46 port 12668 [preauth]
Jun 24 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10581]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10649]: Successful su for rubyman by root
Jun 24 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10649]: + ??? root:rubyman
Jun 24 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580829 of user rubyman.
Jun 24 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10649]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580829.
Jun 24 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7804]: pam_unix(cron:session): session closed for user root
Jun 24 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: Invalid user app from 91.92.40.46
Jun 24 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: input_userauth_request: invalid user app [preauth]
Jun 24 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10583]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: Failed password for invalid user app from 91.92.40.46 port 11464 ssh2
Jun 24 01:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: Connection closed by 91.92.40.46 port 11464 [preauth]
Jun 24 01:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Failed password for invalid user ubuntu from 91.92.40.46 port 17260 ssh2
Jun 24 01:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Connection closed by 91.92.40.46 port 17260 [preauth]
Jun 24 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session closed for user root
Jun 24 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Invalid user azureuser from 91.92.40.46
Jun 24 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: input_userauth_request: invalid user azureuser [preauth]
Jun 24 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Failed password for invalid user azureuser from 91.92.40.46 port 52592 ssh2
Jun 24 01:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Connection closed by 91.92.40.46 port 52592 [preauth]
Jun 24 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: Invalid user dany from 91.92.40.46
Jun 24 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: input_userauth_request: invalid user dany [preauth]
Jun 24 01:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: Failed password for invalid user dany from 91.92.40.46 port 17782 ssh2
Jun 24 01:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10958]: Connection closed by 91.92.40.46 port 17782 [preauth]
Jun 24 01:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: Invalid user andrea from 91.92.40.46
Jun 24 01:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: input_userauth_request: invalid user andrea [preauth]
Jun 24 01:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: Failed password for invalid user andrea from 91.92.40.46 port 17818 ssh2
Jun 24 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: Connection closed by 91.92.40.46 port 17818 [preauth]
Jun 24 01:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Invalid user postgres from 91.92.40.46
Jun 24 01:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: input_userauth_request: invalid user postgres [preauth]
Jun 24 01:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Failed password for invalid user postgres from 91.92.40.46 port 21672 ssh2
Jun 24 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Connection closed by 91.92.40.46 port 21672 [preauth]
Jun 24 01:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: Invalid user sam from 91.92.40.46
Jun 24 01:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: input_userauth_request: invalid user sam [preauth]
Jun 24 01:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11017]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: Failed password for invalid user sam from 91.92.40.46 port 21740 ssh2
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11082]: Successful su for rubyman by root
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11082]: + ??? root:rubyman
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580833 of user rubyman.
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11082]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580833.
Jun 24 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11006]: Connection closed by 91.92.40.46 port 21740 [preauth]
Jun 24 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8190]: pam_unix(cron:session): session closed for user root
Jun 24 01:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Invalid user ana from 91.92.40.46
Jun 24 01:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: input_userauth_request: invalid user ana [preauth]
Jun 24 01:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11018]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Failed password for invalid user ana from 91.92.40.46 port 53182 ssh2
Jun 24 01:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Connection closed by 91.92.40.46 port 53182 [preauth]
Jun 24 01:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Invalid user g from 91.92.40.46
Jun 24 01:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: input_userauth_request: invalid user g [preauth]
Jun 24 01:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Failed password for invalid user g from 91.92.40.46 port 53432 ssh2
Jun 24 01:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Connection closed by 91.92.40.46 port 53432 [preauth]
Jun 24 01:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: Invalid user myuser from 91.92.40.46
Jun 24 01:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: input_userauth_request: invalid user myuser [preauth]
Jun 24 01:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: Failed password for invalid user myuser from 91.92.40.46 port 53464 ssh2
Jun 24 01:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: Connection closed by 91.92.40.46 port 53464 [preauth]
Jun 24 01:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: Invalid user ftpuser2 from 91.92.40.46
Jun 24 01:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: input_userauth_request: invalid user ftpuser2 [preauth]
Jun 24 01:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: Failed password for invalid user ftpuser2 from 91.92.40.46 port 62590 ssh2
Jun 24 01:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: Connection closed by 91.92.40.46 port 62590 [preauth]
Jun 24 01:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: Invalid user oracle from 91.92.40.46
Jun 24 01:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: input_userauth_request: invalid user oracle [preauth]
Jun 24 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10089]: pam_unix(cron:session): session closed for user root
Jun 24 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: Failed password for invalid user oracle from 91.92.40.46 port 62638 ssh2
Jun 24 01:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: Connection closed by 91.92.40.46 port 62638 [preauth]
Jun 24 01:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Invalid user postgres from 91.92.40.46
Jun 24 01:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: input_userauth_request: invalid user postgres [preauth]
Jun 24 01:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Failed password for invalid user postgres from 91.92.40.46 port 52626 ssh2
Jun 24 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Connection closed by 91.92.40.46 port 52626 [preauth]
Jun 24 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Invalid user azureuser from 91.92.40.46
Jun 24 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: input_userauth_request: invalid user azureuser [preauth]
Jun 24 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Failed password for invalid user azureuser from 91.92.40.46 port 58332 ssh2
Jun 24 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Connection closed by 91.92.40.46 port 58332 [preauth]
Jun 24 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: Failed password for root from 91.92.40.46 port 58368 ssh2
Jun 24 01:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: Connection closed by 91.92.40.46 port 58368 [preauth]
Jun 24 01:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: Invalid user user from 91.92.40.46
Jun 24 01:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: input_userauth_request: invalid user user [preauth]
Jun 24 01:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: Failed password for invalid user user from 91.92.40.46 port 61678 ssh2
Jun 24 01:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: Connection closed by 91.92.40.46 port 61678 [preauth]
Jun 24 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session closed for user root
Jun 24 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11462]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: Successful su for rubyman by root
Jun 24 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: + ??? root:rubyman
Jun 24 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580842 of user rubyman.
Jun 24 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580842.
Jun 24 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Invalid user chris from 91.92.40.46
Jun 24 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: input_userauth_request: invalid user chris [preauth]
Jun 24 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11464]: pam_unix(cron:session): session closed for user root
Jun 24 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8599]: pam_unix(cron:session): session closed for user root
Jun 24 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Failed password for invalid user chris from 91.92.40.46 port 17348 ssh2
Jun 24 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11463]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Connection closed by 91.92.40.46 port 17348 [preauth]
Jun 24 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Invalid user odoo from 91.92.40.46
Jun 24 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: input_userauth_request: invalid user odoo [preauth]
Jun 24 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Failed password for invalid user odoo from 91.92.40.46 port 17364 ssh2
Jun 24 01:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Invalid user fastuser from 91.92.40.46
Jun 24 01:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: input_userauth_request: invalid user fastuser [preauth]
Jun 24 01:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Connection closed by 91.92.40.46 port 17364 [preauth]
Jun 24 01:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Failed password for invalid user fastuser from 91.92.40.46 port 17416 ssh2
Jun 24 01:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Invalid user lucas from 91.92.40.46
Jun 24 01:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: input_userauth_request: invalid user lucas [preauth]
Jun 24 01:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Connection closed by 91.92.40.46 port 17416 [preauth]
Jun 24 01:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Failed password for invalid user lucas from 91.92.40.46 port 65154 ssh2
Jun 24 01:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Invalid user jenkins from 91.92.40.46
Jun 24 01:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: input_userauth_request: invalid user jenkins [preauth]
Jun 24 01:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Connection closed by 91.92.40.46 port 65154 [preauth]
Jun 24 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session closed for user root
Jun 24 01:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Failed password for invalid user jenkins from 91.92.40.46 port 65196 ssh2
Jun 24 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Invalid user ai from 91.92.40.46
Jun 24 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: input_userauth_request: invalid user ai [preauth]
Jun 24 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11789]: Connection closed by 91.92.40.46 port 65196 [preauth]
Jun 24 01:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11838]: Invalid user pi from 91.92.40.46
Jun 24 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11838]: input_userauth_request: invalid user pi [preauth]
Jun 24 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Failed password for invalid user ai from 91.92.40.46 port 62790 ssh2
Jun 24 01:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11838]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Connection closed by 91.92.40.46 port 62790 [preauth]
Jun 24 01:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11838]: Failed password for invalid user pi from 91.92.40.46 port 34754 ssh2
Jun 24 01:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: Invalid user vss from 91.92.40.46
Jun 24 01:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: input_userauth_request: invalid user vss [preauth]
Jun 24 01:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11838]: Connection closed by 91.92.40.46 port 34754 [preauth]
Jun 24 01:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: Failed password for invalid user vss from 91.92.40.46 port 34786 ssh2
Jun 24 01:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Invalid user uftp from 91.92.40.46
Jun 24 01:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: input_userauth_request: invalid user uftp [preauth]
Jun 24 01:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: Connection closed by 91.92.40.46 port 34786 [preauth]
Jun 24 01:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 01:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Failed password for invalid user uftp from 91.92.40.46 port 65234 ssh2
Jun 24 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Failed password for root from 103.82.20.28 port 58202 ssh2
Jun 24 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Connection closed by 103.82.20.28 port 58202 [preauth]
Jun 24 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11981]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12049]: Successful su for rubyman by root
Jun 24 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12049]: + ??? root:rubyman
Jun 24 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580843 of user rubyman.
Jun 24 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12049]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580843.
Jun 24 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Invalid user rdpuser from 91.92.40.46
Jun 24 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: input_userauth_request: invalid user rdpuser [preauth]
Jun 24 01:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Connection closed by 91.92.40.46 port 65234 [preauth]
Jun 24 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9092]: pam_unix(cron:session): session closed for user root
Jun 24 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11982]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Failed password for invalid user rdpuser from 91.92.40.46 port 65280 ssh2
Jun 24 01:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Connection closed by 91.92.40.46 port 65280 [preauth]
Jun 24 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: Invalid user bot from 91.92.40.46
Jun 24 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: input_userauth_request: invalid user bot [preauth]
Jun 24 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Failed password for root from 91.92.40.46 port 52418 ssh2
Jun 24 01:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Connection closed by 91.92.40.46 port 52418 [preauth]
Jun 24 01:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: Failed password for invalid user bot from 91.92.40.46 port 52458 ssh2
Jun 24 01:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: Invalid user claude from 91.92.40.46
Jun 24 01:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: input_userauth_request: invalid user claude [preauth]
Jun 24 01:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: Connection closed by 91.92.40.46 port 52458 [preauth]
Jun 24 01:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: Failed password for invalid user claude from 91.92.40.46 port 25712 ssh2
Jun 24 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: Invalid user mh from 91.92.40.46
Jun 24 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: input_userauth_request: invalid user mh [preauth]
Jun 24 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12211]: Connection closed by 91.92.40.46 port 25712 [preauth]
Jun 24 01:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: Failed password for invalid user mh from 91.92.40.46 port 30556 ssh2
Jun 24 01:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Invalid user alex from 91.92.40.46
Jun 24 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: input_userauth_request: invalid user alex [preauth]
Jun 24 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11020]: pam_unix(cron:session): session closed for user root
Jun 24 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: Connection closed by 91.92.40.46 port 30556 [preauth]
Jun 24 01:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Failed password for invalid user alex from 91.92.40.46 port 44002 ssh2
Jun 24 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: Invalid user teamspeak from 91.92.40.46
Jun 24 01:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: input_userauth_request: invalid user teamspeak [preauth]
Jun 24 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Connection closed by 91.92.40.46 port 44002 [preauth]
Jun 24 01:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: Failed password for invalid user teamspeak from 91.92.40.46 port 44046 ssh2
Jun 24 01:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Invalid user user from 91.92.40.46
Jun 24 01:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: input_userauth_request: invalid user user [preauth]
Jun 24 01:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: Connection closed by 91.92.40.46 port 44046 [preauth]
Jun 24 01:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Failed password for invalid user user from 91.92.40.46 port 38706 ssh2
Jun 24 01:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: Invalid user server from 91.92.40.46
Jun 24 01:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: input_userauth_request: invalid user server [preauth]
Jun 24 01:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Connection closed by 91.92.40.46 port 38706 [preauth]
Jun 24 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: Failed password for invalid user server from 91.92.40.46 port 38716 ssh2
Jun 24 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: Connection closed by 91.92.40.46 port 38716 [preauth]
Jun 24 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12581]: Successful su for rubyman by root
Jun 24 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12581]: + ??? root:rubyman
Jun 24 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580847 of user rubyman.
Jun 24 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12581]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580847.
Jun 24 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: Failed password for root from 91.92.40.46 port 61158 ssh2
Jun 24 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Invalid user elasticsearch from 91.92.40.46
Jun 24 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 24 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session closed for user root
Jun 24 01:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: Connection closed by 91.92.40.46 port 61158 [preauth]
Jun 24 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Failed password for invalid user elasticsearch from 91.92.40.46 port 43180 ssh2
Jun 24 01:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Invalid user www from 91.92.40.46
Jun 24 01:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: input_userauth_request: invalid user www [preauth]
Jun 24 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Connection closed by 91.92.40.46 port 43180 [preauth]
Jun 24 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Failed password for invalid user www from 91.92.40.46 port 43200 ssh2
Jun 24 01:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Connection closed by 91.92.40.46 port 43200 [preauth]
Jun 24 01:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Failed password for root from 91.92.40.46 port 26386 ssh2
Jun 24 01:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: Invalid user admin1 from 91.92.40.46
Jun 24 01:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: input_userauth_request: invalid user admin1 [preauth]
Jun 24 01:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Connection closed by 91.92.40.46 port 26386 [preauth]
Jun 24 01:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: Failed password for invalid user admin1 from 91.92.40.46 port 39066 ssh2
Jun 24 01:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: Invalid user ts3 from 91.92.40.46
Jun 24 01:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: input_userauth_request: invalid user ts3 [preauth]
Jun 24 01:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: Connection closed by 91.92.40.46 port 39066 [preauth]
Jun 24 01:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: Failed password for invalid user ts3 from 91.92.40.46 port 39098 ssh2
Jun 24 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session closed for user root
Jun 24 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: Invalid user odoo from 91.92.40.46
Jun 24 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: input_userauth_request: invalid user odoo [preauth]
Jun 24 01:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: Connection closed by 91.92.40.46 port 39098 [preauth]
Jun 24 01:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: Failed password for invalid user odoo from 91.92.40.46 port 52740 ssh2
Jun 24 01:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Invalid user idempiere from 91.92.40.46
Jun 24 01:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: input_userauth_request: invalid user idempiere [preauth]
Jun 24 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: Connection closed by 91.92.40.46 port 52740 [preauth]
Jun 24 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Failed password for invalid user idempiere from 91.92.40.46 port 20722 ssh2
Jun 24 01:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Invalid user pi from 91.92.40.46
Jun 24 01:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: input_userauth_request: invalid user pi [preauth]
Jun 24 01:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Connection closed by 91.92.40.46 port 20722 [preauth]
Jun 24 01:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Failed password for invalid user pi from 91.92.40.46 port 20740 ssh2
Jun 24 01:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: Invalid user dst from 91.92.40.46
Jun 24 01:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: input_userauth_request: invalid user dst [preauth]
Jun 24 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Connection closed by 91.92.40.46 port 20740 [preauth]
Jun 24 01:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12952]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: Successful su for rubyman by root
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: + ??? root:rubyman
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580852 of user rubyman.
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580852.
Jun 24 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: Failed password for invalid user dst from 91.92.40.46 port 24562 ssh2
Jun 24 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10088]: pam_unix(cron:session): session closed for user root
Jun 24 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Invalid user oracle from 91.92.40.46
Jun 24 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: input_userauth_request: invalid user oracle [preauth]
Jun 24 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12953]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: Connection closed by 91.92.40.46 port 24562 [preauth]
Jun 24 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Failed password for invalid user oracle from 91.92.40.46 port 34394 ssh2
Jun 24 01:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Invalid user ian from 91.92.40.46
Jun 24 01:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: input_userauth_request: invalid user ian [preauth]
Jun 24 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Connection closed by 91.92.40.46 port 34394 [preauth]
Jun 24 01:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12950]: Invalid user user3 from 91.92.40.46
Jun 24 01:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12950]: input_userauth_request: invalid user user3 [preauth]
Jun 24 01:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Failed password for invalid user ian from 91.92.40.46 port 34402 ssh2
Jun 24 01:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12950]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Connection closed by 91.92.40.46 port 34402 [preauth]
Jun 24 01:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12950]: Failed password for invalid user user3 from 91.92.40.46 port 11082 ssh2
Jun 24 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12950]: Connection closed by 91.92.40.46 port 11082 [preauth]
Jun 24 01:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: Failed password for invalid user ubuntu from 91.92.40.46 port 11086 ssh2
Jun 24 01:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: Invalid user chenxi from 91.92.40.46
Jun 24 01:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: input_userauth_request: invalid user chenxi [preauth]
Jun 24 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11984]: pam_unix(cron:session): session closed for user root
Jun 24 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: Connection closed by 91.92.40.46 port 11086 [preauth]
Jun 24 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: Failed password for invalid user chenxi from 91.92.40.46 port 26306 ssh2
Jun 24 01:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Invalid user jenkins from 91.92.40.46
Jun 24 01:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: input_userauth_request: invalid user jenkins [preauth]
Jun 24 01:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: Connection closed by 91.92.40.46 port 26306 [preauth]
Jun 24 01:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Failed password for invalid user jenkins from 91.92.40.46 port 36682 ssh2
Jun 24 01:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: Invalid user user from 91.92.40.46
Jun 24 01:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: input_userauth_request: invalid user user [preauth]
Jun 24 01:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Connection closed by 91.92.40.46 port 36682 [preauth]
Jun 24 01:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: Failed password for invalid user user from 91.92.40.46 port 36736 ssh2
Jun 24 01:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Invalid user local from 91.92.40.46
Jun 24 01:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: input_userauth_request: invalid user local [preauth]
Jun 24 01:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: Connection closed by 91.92.40.46 port 36736 [preauth]
Jun 24 01:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: Invalid user deploy from 91.92.40.46
Jun 24 01:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: input_userauth_request: invalid user deploy [preauth]
Jun 24 01:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Failed password for invalid user local from 91.92.40.46 port 65272 ssh2
Jun 24 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13389]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13449]: Successful su for rubyman by root
Jun 24 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13449]: + ??? root:rubyman
Jun 24 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580857 of user rubyman.
Jun 24 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13449]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580857.
Jun 24 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Connection closed by 91.92.40.46 port 65272 [preauth]
Jun 24 01:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13352]: Invalid user root1 from 91.92.40.46
Jun 24 01:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13352]: input_userauth_request: invalid user root1 [preauth]
Jun 24 01:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10584]: pam_unix(cron:session): session closed for user root
Jun 24 01:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: Failed password for invalid user deploy from 91.92.40.46 port 15268 ssh2
Jun 24 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13390]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13352]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: Connection closed by 91.92.40.46 port 15268 [preauth]
Jun 24 01:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13352]: Failed password for invalid user root1 from 91.92.40.46 port 15312 ssh2
Jun 24 01:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13352]: Connection closed by 91.92.40.46 port 15312 [preauth]
Jun 24 01:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: Invalid user mc from 91.92.40.46
Jun 24 01:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: input_userauth_request: invalid user mc [preauth]
Jun 24 01:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Failed password for invalid user ubuntu from 91.92.40.46 port 50238 ssh2
Jun 24 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Invalid user minecraft from 91.92.40.46
Jun 24 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Connection closed by 91.92.40.46 port 50238 [preauth]
Jun 24 01:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: Failed password for invalid user mc from 91.92.40.46 port 50272 ssh2
Jun 24 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: Invalid user dev from 91.92.40.46
Jun 24 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: input_userauth_request: invalid user dev [preauth]
Jun 24 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: Connection closed by 91.92.40.46 port 50272 [preauth]
Jun 24 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Failed password for invalid user minecraft from 91.92.40.46 port 11230 ssh2
Jun 24 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12525]: pam_unix(cron:session): session closed for user root
Jun 24 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Invalid user lin from 91.92.40.46
Jun 24 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: input_userauth_request: invalid user lin [preauth]
Jun 24 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Connection closed by 91.92.40.46 port 11230 [preauth]
Jun 24 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: Failed password for invalid user dev from 91.92.40.46 port 47078 ssh2
Jun 24 01:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Invalid user deployer from 91.92.40.46
Jun 24 01:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: input_userauth_request: invalid user deployer [preauth]
Jun 24 01:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: Connection closed by 91.92.40.46 port 47078 [preauth]
Jun 24 01:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Failed password for invalid user lin from 91.92.40.46 port 47100 ssh2
Jun 24 01:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Failed password for invalid user deployer from 91.92.40.46 port 17462 ssh2
Jun 24 01:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Connection closed by 91.92.40.46 port 47100 [preauth]
Jun 24 01:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: Invalid user bpadmin from 91.92.40.46
Jun 24 01:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: input_userauth_request: invalid user bpadmin [preauth]
Jun 24 01:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Connection closed by 91.92.40.46 port 17462 [preauth]
Jun 24 01:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: Failed password for invalid user bpadmin from 91.92.40.46 port 42216 ssh2
Jun 24 01:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Invalid user webtest from 91.92.40.46
Jun 24 01:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: input_userauth_request: invalid user webtest [preauth]
Jun 24 01:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: Connection closed by 91.92.40.46 port 42216 [preauth]
Jun 24 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Failed password for invalid user webtest from 91.92.40.46 port 64278 ssh2
Jun 24 01:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Connection closed by 91.92.40.46 port 64278 [preauth]
Jun 24 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13775]: Invalid user openclaw from 91.92.40.46
Jun 24 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13775]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13775]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13813]: pam_unix(cron:session): session closed for user root
Jun 24 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13808]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: Successful su for rubyman by root
Jun 24 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: + ??? root:rubyman
Jun 24 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580861 of user rubyman.
Jun 24 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580861.
Jun 24 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13775]: Failed password for invalid user openclaw from 91.92.40.46 port 64294 ssh2
Jun 24 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Invalid user dneo from 91.92.40.46
Jun 24 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: input_userauth_request: invalid user dneo [preauth]
Jun 24 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session closed for user root
Jun 24 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11019]: pam_unix(cron:session): session closed for user root
Jun 24 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13775]: Connection closed by 91.92.40.46 port 64294 [preauth]
Jun 24 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: Invalid user dani from 91.92.40.46
Jun 24 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: input_userauth_request: invalid user dani [preauth]
Jun 24 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13809]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Failed password for invalid user dneo from 91.92.40.46 port 44182 ssh2
Jun 24 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Connection closed by 91.92.40.46 port 44182 [preauth]
Jun 24 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: Failed password for invalid user dani from 91.92.40.46 port 44232 ssh2
Jun 24 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: Connection closed by 91.92.40.46 port 44232 [preauth]
Jun 24 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: Invalid user airflow from 91.92.40.46
Jun 24 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: input_userauth_request: invalid user airflow [preauth]
Jun 24 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: Failed password for invalid user airflow from 91.92.40.46 port 20458 ssh2
Jun 24 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: Connection closed by 91.92.40.46 port 20458 [preauth]
Jun 24 01:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: Invalid user alec from 91.92.40.46
Jun 24 01:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: input_userauth_request: invalid user alec [preauth]
Jun 24 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: Failed password for invalid user alec from 91.92.40.46 port 20548 ssh2
Jun 24 01:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: Connection closed by 91.92.40.46 port 20548 [preauth]
Jun 24 01:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Failed password for root from 91.92.40.46 port 47430 ssh2
Jun 24 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Connection closed by 91.92.40.46 port 47430 [preauth]
Jun 24 01:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 01:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: Failed password for root from 103.27.238.116 port 48736 ssh2
Jun 24 01:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14153]: Connection closed by 103.27.238.116 port 48736 [preauth]
Jun 24 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: Invalid user appuser from 91.92.40.46
Jun 24 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: input_userauth_request: invalid user appuser [preauth]
Jun 24 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12955]: pam_unix(cron:session): session closed for user root
Jun 24 01:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: Failed password for invalid user appuser from 91.92.40.46 port 47044 ssh2
Jun 24 01:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: Connection closed by 91.92.40.46 port 47044 [preauth]
Jun 24 01:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Invalid user master from 91.92.40.46
Jun 24 01:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: input_userauth_request: invalid user master [preauth]
Jun 24 01:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Failed password for invalid user master from 91.92.40.46 port 47062 ssh2
Jun 24 01:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Connection closed by 91.92.40.46 port 47062 [preauth]
Jun 24 01:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: Invalid user deployer from 91.92.40.46
Jun 24 01:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: input_userauth_request: invalid user deployer [preauth]
Jun 24 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: Failed password for invalid user deployer from 91.92.40.46 port 39844 ssh2
Jun 24 01:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Invalid user deployer from 91.92.40.46
Jun 24 01:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: input_userauth_request: invalid user deployer [preauth]
Jun 24 01:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: Connection closed by 91.92.40.46 port 39844 [preauth]
Jun 24 01:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Failed password for invalid user deployer from 91.92.40.46 port 39864 ssh2
Jun 24 01:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: Invalid user andreas from 91.92.40.46
Jun 24 01:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: input_userauth_request: invalid user andreas [preauth]
Jun 24 01:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Connection closed by 91.92.40.46 port 39864 [preauth]
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14252]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: Successful su for rubyman by root
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: + ??? root:rubyman
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580865 of user rubyman.
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580865.
Jun 24 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11466]: pam_unix(cron:session): session closed for user root
Jun 24 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: Failed password for invalid user andreas from 91.92.40.46 port 36462 ssh2
Jun 24 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: Connection closed by 91.92.40.46 port 36462 [preauth]
Jun 24 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: Failed password for root from 91.92.40.46 port 36516 ssh2
Jun 24 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Invalid user marketing from 91.92.40.46
Jun 24 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: input_userauth_request: invalid user marketing [preauth]
Jun 24 01:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: Connection closed by 91.92.40.46 port 36516 [preauth]
Jun 24 01:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Failed password for invalid user marketing from 91.92.40.46 port 37552 ssh2
Jun 24 01:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Connection closed by 91.92.40.46 port 37552 [preauth]
Jun 24 01:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Invalid user user01 from 91.92.40.46
Jun 24 01:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: input_userauth_request: invalid user user01 [preauth]
Jun 24 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Failed password for invalid user user01 from 91.92.40.46 port 61742 ssh2
Jun 24 01:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Invalid user trader from 91.92.40.46
Jun 24 01:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: input_userauth_request: invalid user trader [preauth]
Jun 24 01:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Connection closed by 91.92.40.46 port 61742 [preauth]
Jun 24 01:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Failed password for invalid user trader from 91.92.40.46 port 61798 ssh2
Jun 24 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Connection closed by 91.92.40.46 port 61798 [preauth]
Jun 24 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: Invalid user a from 91.92.40.46
Jun 24 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: input_userauth_request: invalid user a [preauth]
Jun 24 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13392]: pam_unix(cron:session): session closed for user root
Jun 24 01:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: Failed password for invalid user a from 91.92.40.46 port 63464 ssh2
Jun 24 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: Invalid user piyush from 91.92.40.46
Jun 24 01:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: input_userauth_request: invalid user piyush [preauth]
Jun 24 01:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: Connection closed by 91.92.40.46 port 63464 [preauth]
Jun 24 01:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: Failed password for invalid user piyush from 91.92.40.46 port 63502 ssh2
Jun 24 01:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 01:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: Failed password for root from 87.251.79.125 port 48298 ssh2
Jun 24 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: Connection closed by 87.251.79.125 port 48298 [preauth]
Jun 24 01:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: Connection closed by 91.92.40.46 port 63502 [preauth]
Jun 24 01:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: Failed password for root from 91.92.40.46 port 48430 ssh2
Jun 24 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 01:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Failed password for root from 202.178.126.219 port 60087 ssh2
Jun 24 01:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: Connection closed by 91.92.40.46 port 48430 [preauth]
Jun 24 01:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14679]: Connection closed by 202.178.126.219 port 60087 [preauth]
Jun 24 01:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: Failed password for root from 91.92.40.46 port 34518 ssh2
Jun 24 01:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: Invalid user andrew from 91.92.40.46
Jun 24 01:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: input_userauth_request: invalid user andrew [preauth]
Jun 24 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: Connection closed by 91.92.40.46 port 34518 [preauth]
Jun 24 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14733]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14727]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14828]: Successful su for rubyman by root
Jun 24 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14828]: + ??? root:rubyman
Jun 24 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580869 of user rubyman.
Jun 24 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14828]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580869.
Jun 24 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11983]: pam_unix(cron:session): session closed for user root
Jun 24 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: Failed password for invalid user andrew from 91.92.40.46 port 34558 ssh2
Jun 24 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14730]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: Invalid user student from 91.92.40.46
Jun 24 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: input_userauth_request: invalid user student [preauth]
Jun 24 01:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: Connection closed by 91.92.40.46 port 34558 [preauth]
Jun 24 01:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: Failed password for invalid user student from 91.92.40.46 port 44606 ssh2
Jun 24 01:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: Connection closed by 91.92.40.46 port 44606 [preauth]
Jun 24 01:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Invalid user mcserver from 91.92.40.46
Jun 24 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: input_userauth_request: invalid user mcserver [preauth]
Jun 24 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Failed password for root from 91.92.40.46 port 44626 ssh2
Jun 24 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Connection closed by 91.92.40.46 port 44626 [preauth]
Jun 24 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Failed password for invalid user mcserver from 91.92.40.46 port 37744 ssh2
Jun 24 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Connection closed by 91.92.40.46 port 37744 [preauth]
Jun 24 01:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Failed password for root from 91.92.40.46 port 41576 ssh2
Jun 24 01:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Connection closed by 91.92.40.46 port 41576 [preauth]
Jun 24 01:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Failed password for root from 91.92.40.46 port 13128 ssh2
Jun 24 01:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: Invalid user dev from 91.92.40.46
Jun 24 01:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: input_userauth_request: invalid user dev [preauth]
Jun 24 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13812]: pam_unix(cron:session): session closed for user root
Jun 24 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Connection closed by 91.92.40.46 port 13128 [preauth]
Jun 24 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: Failed password for invalid user dev from 91.92.40.46 port 13148 ssh2
Jun 24 01:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15080]: Invalid user root1 from 91.92.40.46
Jun 24 01:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15080]: input_userauth_request: invalid user root1 [preauth]
Jun 24 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: Connection closed by 91.92.40.46 port 13148 [preauth]
Jun 24 01:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15080]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15080]: Failed password for invalid user root1 from 91.92.40.46 port 36682 ssh2
Jun 24 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15080]: Connection closed by 91.92.40.46 port 36682 [preauth]
Jun 24 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: Invalid user ranga from 91.92.40.46
Jun 24 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: input_userauth_request: invalid user ranga [preauth]
Jun 24 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15153]: Connection closed by 45.148.10.121 port 33484 [preauth]
Jun 24 01:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: Failed password for invalid user ranga from 91.92.40.46 port 36738 ssh2
Jun 24 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15127]: Invalid user admin from 91.92.40.46
Jun 24 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15127]: input_userauth_request: invalid user admin [preauth]
Jun 24 01:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: Connection closed by 91.92.40.46 port 36738 [preauth]
Jun 24 01:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15127]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15127]: Failed password for invalid user admin from 91.92.40.46 port 10810 ssh2
Jun 24 01:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15127]: Connection closed by 91.92.40.46 port 10810 [preauth]
Jun 24 01:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15186]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15163]: Failed password for root from 91.92.40.46 port 38644 ssh2
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15251]: Successful su for rubyman by root
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15251]: + ??? root:rubyman
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580876 of user rubyman.
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15251]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580876.
Jun 24 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15163]: Connection closed by 91.92.40.46 port 38644 [preauth]
Jun 24 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session closed for user root
Jun 24 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15187]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Failed password for root from 91.92.40.46 port 38686 ssh2
Jun 24 01:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: Invalid user ecommerce from 91.92.40.46
Jun 24 01:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: input_userauth_request: invalid user ecommerce [preauth]
Jun 24 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Connection closed by 91.92.40.46 port 38686 [preauth]
Jun 24 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: Failed password for invalid user ecommerce from 91.92.40.46 port 20980 ssh2
Jun 24 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Invalid user postgres from 91.92.40.46
Jun 24 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: input_userauth_request: invalid user postgres [preauth]
Jun 24 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: Connection closed by 91.92.40.46 port 20980 [preauth]
Jun 24 01:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Failed password for invalid user postgres from 91.92.40.46 port 17824 ssh2
Jun 24 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: Invalid user webadm from 91.92.40.46
Jun 24 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: input_userauth_request: invalid user webadm [preauth]
Jun 24 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Connection closed by 91.92.40.46 port 17824 [preauth]
Jun 24 01:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: Failed password for invalid user webadm from 91.92.40.46 port 17862 ssh2
Jun 24 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: Invalid user oracle from 91.92.40.46
Jun 24 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: input_userauth_request: invalid user oracle [preauth]
Jun 24 01:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: Connection closed by 91.92.40.46 port 17862 [preauth]
Jun 24 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14255]: pam_unix(cron:session): session closed for user root
Jun 24 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: Failed password for invalid user oracle from 91.92.40.46 port 37732 ssh2
Jun 24 01:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Invalid user github from 91.92.40.46
Jun 24 01:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: input_userauth_request: invalid user github [preauth]
Jun 24 01:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: Connection closed by 91.92.40.46 port 37732 [preauth]
Jun 24 01:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 01:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: Failed password for root from 103.77.175.15 port 32844 ssh2
Jun 24 01:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Failed password for invalid user github from 91.92.40.46 port 37756 ssh2
Jun 24 01:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: Connection closed by 103.77.175.15 port 32844 [preauth]
Jun 24 01:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: Invalid user zabbix from 91.92.40.46
Jun 24 01:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: input_userauth_request: invalid user zabbix [preauth]
Jun 24 01:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Connection closed by 91.92.40.46 port 37756 [preauth]
Jun 24 01:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: Failed password for invalid user zabbix from 91.92.40.46 port 10386 ssh2
Jun 24 01:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: Connection closed by 91.92.40.46 port 10386 [preauth]
Jun 24 01:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Failed password for root from 91.92.40.46 port 21796 ssh2
Jun 24 01:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Invalid user test from 91.92.40.46
Jun 24 01:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: input_userauth_request: invalid user test [preauth]
Jun 24 01:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Connection closed by 91.92.40.46 port 21796 [preauth]
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15652]: Successful su for rubyman by root
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15652]: + ??? root:rubyman
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580877 of user rubyman.
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15652]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580877.
Jun 24 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12954]: pam_unix(cron:session): session closed for user root
Jun 24 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: Invalid user winston from 91.92.40.46
Jun 24 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: input_userauth_request: invalid user winston [preauth]
Jun 24 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Failed password for invalid user test from 91.92.40.46 port 21848 ssh2
Jun 24 01:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Failed password for root from 147.45.199.80 port 39290 ssh2
Jun 24 01:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Connection closed by 147.45.199.80 port 39290 [preauth]
Jun 24 01:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15591]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Connection closed by 91.92.40.46 port 21848 [preauth]
Jun 24 01:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: Failed password for invalid user winston from 91.92.40.46 port 16204 ssh2
Jun 24 01:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: Connection closed by 91.92.40.46 port 16204 [preauth]
Jun 24 01:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Failed password for root from 91.92.40.46 port 16226 ssh2
Jun 24 01:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Invalid user csserver from 91.92.40.46
Jun 24 01:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: input_userauth_request: invalid user csserver [preauth]
Jun 24 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Connection closed by 91.92.40.46 port 16226 [preauth]
Jun 24 01:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Failed password for invalid user csserver from 91.92.40.46 port 23436 ssh2
Jun 24 01:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Connection closed by 91.92.40.46 port 23436 [preauth]
Jun 24 01:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for invalid user ubuntu from 91.92.40.46 port 41578 ssh2
Jun 24 01:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Connection closed by 91.92.40.46 port 41578 [preauth]
Jun 24 01:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: Failed password for root from 91.92.40.46 port 47652 ssh2
Jun 24 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14733]: pam_unix(cron:session): session closed for user root
Jun 24 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: Connection closed by 91.92.40.46 port 47652 [preauth]
Jun 24 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Failed password for root from 91.92.40.46 port 47668 ssh2
Jun 24 01:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Connection closed by 91.92.40.46 port 47668 [preauth]
Jun 24 01:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: Failed password for root from 91.92.40.46 port 17274 ssh2
Jun 24 01:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Invalid user deployer from 91.92.40.46
Jun 24 01:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: input_userauth_request: invalid user deployer [preauth]
Jun 24 01:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: Connection closed by 91.92.40.46 port 17274 [preauth]
Jun 24 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: Invalid user marketing from 91.92.40.46
Jun 24 01:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: input_userauth_request: invalid user marketing [preauth]
Jun 24 01:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Failed password for invalid user deployer from 91.92.40.46 port 17320 ssh2
Jun 24 01:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Connection closed by 91.92.40.46 port 17320 [preauth]
Jun 24 01:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15966]: Invalid user admin1 from 91.92.40.46
Jun 24 01:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15966]: input_userauth_request: invalid user admin1 [preauth]
Jun 24 01:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: Failed password for invalid user marketing from 91.92.40.46 port 27248 ssh2
Jun 24 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16011]: pam_unix(cron:session): session closed for user root
Jun 24 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: Successful su for rubyman by root
Jun 24 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: + ??? root:rubyman
Jun 24 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580884 of user rubyman.
Jun 24 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580884.
Jun 24 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15966]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16008]: pam_unix(cron:session): session closed for user root
Jun 24 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: Connection closed by 91.92.40.46 port 27248 [preauth]
Jun 24 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13391]: pam_unix(cron:session): session closed for user root
Jun 24 01:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Invalid user student from 91.92.40.46
Jun 24 01:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: input_userauth_request: invalid user student [preauth]
Jun 24 01:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15966]: Failed password for invalid user admin1 from 91.92.40.46 port 27258 ssh2
Jun 24 01:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16007]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15966]: Connection closed by 91.92.40.46 port 27258 [preauth]
Jun 24 01:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: Invalid user user1 from 91.92.40.46
Jun 24 01:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: input_userauth_request: invalid user user1 [preauth]
Jun 24 01:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Failed password for invalid user student from 91.92.40.46 port 49562 ssh2
Jun 24 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Connection closed by 91.92.40.46 port 49562 [preauth]
Jun 24 01:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Invalid user appuser from 91.92.40.46
Jun 24 01:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: input_userauth_request: invalid user appuser [preauth]
Jun 24 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: Failed password for invalid user user1 from 91.92.40.46 port 49576 ssh2
Jun 24 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Invalid user anna from 91.92.40.46
Jun 24 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: input_userauth_request: invalid user anna [preauth]
Jun 24 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15995]: Connection closed by 91.92.40.46 port 49576 [preauth]
Jun 24 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Failed password for invalid user appuser from 91.92.40.46 port 28860 ssh2
Jun 24 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Connection closed by 91.92.40.46 port 28860 [preauth]
Jun 24 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Failed password for invalid user anna from 91.92.40.46 port 16430 ssh2
Jun 24 01:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Connection closed by 91.92.40.46 port 16430 [preauth]
Jun 24 01:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Invalid user debian from 91.92.40.46
Jun 24 01:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: input_userauth_request: invalid user debian [preauth]
Jun 24 01:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Failed password for invalid user debian from 91.92.40.46 port 45120 ssh2
Jun 24 01:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: Received disconnect from 176.65.131.188 port 37182:11: disconnected by user [preauth]
Jun 24 01:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: Disconnected from 176.65.131.188 port 37182 [preauth]
Jun 24 01:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Connection closed by 91.92.40.46 port 45120 [preauth]
Jun 24 01:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Invalid user steam from 91.92.40.46
Jun 24 01:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: input_userauth_request: invalid user steam [preauth]
Jun 24 01:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15189]: pam_unix(cron:session): session closed for user root
Jun 24 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Failed password for invalid user steam from 91.92.40.46 port 45170 ssh2
Jun 24 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Connection closed by 91.92.40.46 port 45170 [preauth]
Jun 24 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: Invalid user logs from 91.92.40.46
Jun 24 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: input_userauth_request: invalid user logs [preauth]
Jun 24 01:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: Failed password for invalid user logs from 91.92.40.46 port 33252 ssh2
Jun 24 01:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: Connection closed by 91.92.40.46 port 33252 [preauth]
Jun 24 01:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Invalid user jenkins from 91.92.40.46
Jun 24 01:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: input_userauth_request: invalid user jenkins [preauth]
Jun 24 01:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Failed password for invalid user jenkins from 91.92.40.46 port 16934 ssh2
Jun 24 01:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Connection closed by 91.92.40.46 port 16934 [preauth]
Jun 24 01:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Failed password for root from 91.92.40.46 port 17032 ssh2
Jun 24 01:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Connection closed by 91.92.40.46 port 17032 [preauth]
Jun 24 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: Invalid user dev from 91.92.40.46
Jun 24 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: input_userauth_request: invalid user dev [preauth]
Jun 24 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: Failed password for invalid user dev from 91.92.40.46 port 12694 ssh2
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16521]: Successful su for rubyman by root
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16521]: + ??? root:rubyman
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580887 of user rubyman.
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16521]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580887.
Jun 24 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: Connection closed by 91.92.40.46 port 12694 [preauth]
Jun 24 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Invalid user weblogic from 91.92.40.46
Jun 24 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: input_userauth_request: invalid user weblogic [preauth]
Jun 24 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session closed for user root
Jun 24 01:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16445]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Failed password for invalid user weblogic from 91.92.40.46 port 12728 ssh2
Jun 24 01:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Connection closed by 91.92.40.46 port 12728 [preauth]
Jun 24 01:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: Invalid user moodle from 91.92.40.46
Jun 24 01:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: input_userauth_request: invalid user moodle [preauth]
Jun 24 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: Failed password for invalid user moodle from 91.92.40.46 port 16282 ssh2
Jun 24 01:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: Connection closed by 91.92.40.46 port 16282 [preauth]
Jun 24 01:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Invalid user azureuser from 91.92.40.46
Jun 24 01:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: input_userauth_request: invalid user azureuser [preauth]
Jun 24 01:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for invalid user azureuser from 91.92.40.46 port 35002 ssh2
Jun 24 01:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: Invalid user elasticsearch from 91.92.40.46
Jun 24 01:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 24 01:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Connection closed by 91.92.40.46 port 35002 [preauth]
Jun 24 01:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: Failed password for invalid user elasticsearch from 91.92.40.46 port 35052 ssh2
Jun 24 01:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16732]: Invalid user elasticsearch from 91.92.40.46
Jun 24 01:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16732]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 24 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session closed for user root
Jun 24 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: Connection closed by 91.92.40.46 port 35052 [preauth]
Jun 24 01:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16732]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Invalid user web from 91.92.40.46
Jun 24 01:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: input_userauth_request: invalid user web [preauth]
Jun 24 01:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16732]: Failed password for invalid user elasticsearch from 91.92.40.46 port 35078 ssh2
Jun 24 01:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16732]: Connection closed by 91.92.40.46 port 35078 [preauth]
Jun 24 01:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Invalid user nina from 91.92.40.46
Jun 24 01:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: input_userauth_request: invalid user nina [preauth]
Jun 24 01:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Failed password for invalid user web from 91.92.40.46 port 36782 ssh2
Jun 24 01:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Connection closed by 91.92.40.46 port 36782 [preauth]
Jun 24 01:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Failed password for invalid user nina from 91.92.40.46 port 60944 ssh2
Jun 24 01:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Connection closed by 91.92.40.46 port 60944 [preauth]
Jun 24 01:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Invalid user admin from 91.92.40.46
Jun 24 01:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: input_userauth_request: invalid user admin [preauth]
Jun 24 01:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Failed password for invalid user admin from 91.92.40.46 port 59086 ssh2
Jun 24 01:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Connection closed by 91.92.40.46 port 59086 [preauth]
Jun 24 01:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Invalid user pi from 91.92.40.46
Jun 24 01:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: input_userauth_request: invalid user pi [preauth]
Jun 24 01:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Failed password for invalid user pi from 91.92.40.46 port 59122 ssh2
Jun 24 01:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Connection closed by 91.92.40.46 port 59122 [preauth]
Jun 24 01:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Invalid user cloud from 91.92.40.46
Jun 24 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: input_userauth_request: invalid user cloud [preauth]
Jun 24 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16904]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17030]: Successful su for rubyman by root
Jun 24 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17030]: + ??? root:rubyman
Jun 24 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580892 of user rubyman.
Jun 24 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17030]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580892.
Jun 24 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14254]: pam_unix(cron:session): session closed for user root
Jun 24 01:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Failed password for invalid user cloud from 91.92.40.46 port 52026 ssh2
Jun 24 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16905]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: Invalid user centos from 91.92.40.46
Jun 24 01:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: input_userauth_request: invalid user centos [preauth]
Jun 24 01:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Connection closed by 91.92.40.46 port 52026 [preauth]
Jun 24 01:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: Failed password for invalid user centos from 91.92.40.46 port 52062 ssh2
Jun 24 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Invalid user deploy from 91.92.40.46
Jun 24 01:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: input_userauth_request: invalid user deploy [preauth]
Jun 24 01:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: Connection closed by 91.92.40.46 port 52062 [preauth]
Jun 24 01:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Failed password for invalid user deploy from 91.92.40.46 port 33590 ssh2
Jun 24 01:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17208]: Invalid user calvin from 91.92.40.46
Jun 24 01:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17208]: input_userauth_request: invalid user calvin [preauth]
Jun 24 01:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Connection closed by 91.92.40.46 port 33590 [preauth]
Jun 24 01:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17208]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17208]: Failed password for invalid user calvin from 91.92.40.46 port 12578 ssh2
Jun 24 01:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Invalid user eduardo from 91.92.40.46
Jun 24 01:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: input_userauth_request: invalid user eduardo [preauth]
Jun 24 01:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17208]: Connection closed by 91.92.40.46 port 12578 [preauth]
Jun 24 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Failed password for invalid user eduardo from 91.92.40.46 port 12586 ssh2
Jun 24 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16010]: pam_unix(cron:session): session closed for user root
Jun 24 01:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Connection closed by 91.92.40.46 port 12586 [preauth]
Jun 24 01:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Failed password for invalid user ubuntu from 91.92.40.46 port 12834 ssh2
Jun 24 01:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Invalid user bot from 91.92.40.46
Jun 24 01:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: input_userauth_request: invalid user bot [preauth]
Jun 24 01:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Connection closed by 91.92.40.46 port 12834 [preauth]
Jun 24 01:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Failed password for invalid user bot from 91.92.40.46 port 12858 ssh2
Jun 24 01:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Connection closed by 91.92.40.46 port 12858 [preauth]
Jun 24 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: Invalid user testuser from 91.92.40.46
Jun 24 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: input_userauth_request: invalid user testuser [preauth]
Jun 24 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: Failed password for root from 91.92.40.46 port 26550 ssh2
Jun 24 01:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: Connection closed by 91.92.40.46 port 26550 [preauth]
Jun 24 01:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: Failed password for invalid user testuser from 91.92.40.46 port 26568 ssh2
Jun 24 01:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17457]: Successful su for rubyman by root
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17457]: + ??? root:rubyman
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580895 of user rubyman.
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17457]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580895.
Jun 24 01:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: Connection closed by 91.92.40.46 port 26568 [preauth]
Jun 24 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14732]: pam_unix(cron:session): session closed for user root
Jun 24 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17386]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: Failed password for root from 91.92.40.46 port 44198 ssh2
Jun 24 01:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Invalid user ubuntu from 91.92.40.46
Jun 24 01:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 01:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: Connection closed by 91.92.40.46 port 44198 [preauth]
Jun 24 01:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: Invalid user odoo18 from 91.92.40.46
Jun 24 01:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: input_userauth_request: invalid user odoo18 [preauth]
Jun 24 01:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Failed password for invalid user ubuntu from 91.92.40.46 port 45448 ssh2
Jun 24 01:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Connection closed by 91.92.40.46 port 45448 [preauth]
Jun 24 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Invalid user test from 91.92.40.46
Jun 24 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: input_userauth_request: invalid user test [preauth]
Jun 24 01:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: Failed password for invalid user odoo18 from 91.92.40.46 port 45494 ssh2
Jun 24 01:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: Invalid user deployer from 91.92.40.46
Jun 24 01:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: input_userauth_request: invalid user deployer [preauth]
Jun 24 01:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: Connection closed by 91.92.40.46 port 45494 [preauth]
Jun 24 01:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Failed password for invalid user test from 91.92.40.46 port 54002 ssh2
Jun 24 01:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: Invalid user ts3server from 91.92.40.46
Jun 24 01:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: input_userauth_request: invalid user ts3server [preauth]
Jun 24 01:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Connection closed by 91.92.40.46 port 54002 [preauth]
Jun 24 01:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: Failed password for invalid user deployer from 91.92.40.46 port 54040 ssh2
Jun 24 01:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: Failed password for invalid user ts3server from 91.92.40.46 port 32220 ssh2
Jun 24 01:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17622]: Connection closed by 91.92.40.46 port 54040 [preauth]
Jun 24 01:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Invalid user dev from 91.92.40.46
Jun 24 01:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: input_userauth_request: invalid user dev [preauth]
Jun 24 01:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: Connection closed by 91.92.40.46 port 32220 [preauth]
Jun 24 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16447]: pam_unix(cron:session): session closed for user root
Jun 24 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Failed password for invalid user dev from 91.92.40.46 port 50962 ssh2
Jun 24 01:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Invalid user anders from 91.92.40.46
Jun 24 01:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: input_userauth_request: invalid user anders [preauth]
Jun 24 01:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Connection closed by 91.92.40.46 port 50962 [preauth]
Jun 24 01:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Failed password for invalid user anders from 91.92.40.46 port 60806 ssh2
Jun 24 01:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Connection closed by 91.92.40.46 port 60806 [preauth]
Jun 24 01:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17818]: Failed password for root from 91.92.40.46 port 60836 ssh2
Jun 24 01:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17818]: Connection closed by 91.92.40.46 port 60836 [preauth]
Jun 24 01:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: Failed password for root from 91.92.40.46 port 39370 ssh2
Jun 24 01:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: Invalid user user from 91.92.40.46
Jun 24 01:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: input_userauth_request: invalid user user [preauth]
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session closed for user p13x
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17975]: Successful su for rubyman by root
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17975]: + ??? root:rubyman
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580901 of user rubyman.
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17975]: pam_unix(su:session): session closed for user rubyman
Jun 24 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580901.
Jun 24 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: Connection closed by 91.92.40.46 port 39370 [preauth]
Jun 24 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15188]: pam_unix(cron:session): session closed for user root
Jun 24 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session closed for user samftp
Jun 24 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: Failed password for invalid user user from 91.92.40.46 port 39384 ssh2
Jun 24 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: Invalid user cyber from 91.92.40.46
Jun 24 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: input_userauth_request: invalid user cyber [preauth]
Jun 24 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: Connection closed by 91.92.40.46 port 39384 [preauth]
Jun 24 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: Invalid user xiao from 91.92.40.46
Jun 24 01:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: input_userauth_request: invalid user xiao [preauth]
Jun 24 01:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: Failed password for invalid user cyber from 91.92.40.46 port 51172 ssh2
Jun 24 01:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: Connection closed by 91.92.40.46 port 51172 [preauth]
Jun 24 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: Failed password for invalid user xiao from 91.92.40.46 port 51204 ssh2
Jun 24 01:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Invalid user linux from 91.92.40.46
Jun 24 01:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: input_userauth_request: invalid user linux [preauth]
Jun 24 01:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: Connection closed by 91.92.40.46 port 51204 [preauth]
Jun 24 01:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Failed password for invalid user linux from 91.92.40.46 port 65464 ssh2
Jun 24 01:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: Invalid user test from 91.92.40.46
Jun 24 01:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: input_userauth_request: invalid user test [preauth]
Jun 24 01:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Connection closed by 91.92.40.46 port 65464 [preauth]
Jun 24 01:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: Invalid user anmol from 91.92.40.46
Jun 24 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: input_userauth_request: invalid user anmol [preauth]
Jun 24 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: Failed password for invalid user test from 91.92.40.46 port 24182 ssh2
Jun 24 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16907]: pam_unix(cron:session): session closed for user root
Jun 24 01:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: Connection closed by 91.92.40.46 port 24182 [preauth]
Jun 24 01:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: Invalid user cloud from 91.92.40.46
Jun 24 01:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: input_userauth_request: invalid user cloud [preauth]
Jun 24 01:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: Failed password for invalid user anmol from 91.92.40.46 port 24196 ssh2
Jun 24 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: Connection closed by 91.92.40.46 port 24196 [preauth]
Jun 24 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: Failed password for invalid user cloud from 91.92.40.46 port 44682 ssh2
Jun 24 01:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 01:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: Connection closed by 91.92.40.46 port 44682 [preauth]
Jun 24 01:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: Invalid user composer from 91.92.40.46
Jun 24 01:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: input_userauth_request: invalid user composer [preauth]
Jun 24 01:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Failed password for root from 91.92.40.46 port 44736 ssh2
Jun 24 01:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 01:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 01:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 01:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Connection closed by 91.92.40.46 port 44736 [preauth]
Jun 24 01:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: Failed password for invalid user composer from 91.92.40.46 port 33092 ssh2
Jun 24 01:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: Invalid user cloud from 91.92.40.46
Jun 24 01:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: input_userauth_request: invalid user cloud [preauth]
Jun 24 01:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18370]: pam_unix(cron:session): session closed for user root
Jun 24 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18366]: pam_unix(cron:session): session closed for user root
Jun 24 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18363]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18543]: Successful su for rubyman by root
Jun 24 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18543]: + ??? root:rubyman
Jun 24 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580909 of user rubyman.
Jun 24 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18543]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580909.
Jun 24 02:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: Connection closed by 91.92.40.46 port 33092 [preauth]
Jun 24 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18367]: pam_unix(cron:session): session closed for user root
Jun 24 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15592]: pam_unix(cron:session): session closed for user root
Jun 24 02:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: Failed password for invalid user cloud from 91.92.40.46 port 37614 ssh2
Jun 24 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18365]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: Connection closed by 91.92.40.46 port 37614 [preauth]
Jun 24 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: Invalid user steam from 91.92.40.46
Jun 24 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: input_userauth_request: invalid user steam [preauth]
Jun 24 02:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: Failed password for root from 91.92.40.46 port 37678 ssh2
Jun 24 02:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18346]: Invalid user server from 91.92.40.46
Jun 24 02:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18346]: input_userauth_request: invalid user server [preauth]
Jun 24 02:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: Connection closed by 91.92.40.46 port 37678 [preauth]
Jun 24 02:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: Failed password for invalid user steam from 91.92.40.46 port 31978 ssh2
Jun 24 02:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: User mysql from 91.92.40.46 not allowed because not listed in AllowUsers
Jun 24 02:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: input_userauth_request: invalid user mysql [preauth]
Jun 24 02:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18346]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18346]: Failed password for invalid user server from 91.92.40.46 port 32008 ssh2
Jun 24 02:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18336]: Connection closed by 91.92.40.46 port 31978 [preauth]
Jun 24 02:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=mysql
Jun 24 02:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: Invalid user ftpuser from 91.92.40.46
Jun 24 02:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 02:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18346]: Connection closed by 91.92.40.46 port 32008 [preauth]
Jun 24 02:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: Failed password for invalid user mysql from 91.92.40.46 port 47760 ssh2
Jun 24 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Invalid user ubnt from 141.98.83.240
Jun 24 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: input_userauth_request: invalid user ubnt [preauth]
Jun 24 02:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: Connection closed by 91.92.40.46 port 47760 [preauth]
Jun 24 02:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 02:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Failed password for invalid user ubnt from 141.98.83.240 port 40794 ssh2
Jun 24 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: Failed password for invalid user ftpuser from 91.92.40.46 port 35014 ssh2
Jun 24 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: Failed password for root from 91.92.40.46 port 26828 ssh2
Jun 24 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: Connection closed by 91.92.40.46 port 35014 [preauth]
Jun 24 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: Connection closed by 91.92.40.46 port 26828 [preauth]
Jun 24 02:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Failed password for invalid user ubnt from 141.98.83.240 port 40794 ssh2
Jun 24 02:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Failed password for invalid user ubnt from 141.98.83.240 port 40794 ssh2
Jun 24 02:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Connection closed by 141.98.83.240 port 40794 [preauth]
Jun 24 02:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17389]: pam_unix(cron:session): session closed for user root
Jun 24 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: Invalid user spark from 91.92.40.46
Jun 24 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: input_userauth_request: invalid user spark [preauth]
Jun 24 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: Failed password for invalid user spark from 91.92.40.46 port 42002 ssh2
Jun 24 02:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18897]: Connection closed by 91.92.40.46 port 42002 [preauth]
Jun 24 02:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: Invalid user jboss from 91.92.40.46
Jun 24 02:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: input_userauth_request: invalid user jboss [preauth]
Jun 24 02:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: Failed password for invalid user jboss from 91.92.40.46 port 10594 ssh2
Jun 24 02:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18927]: Connection closed by 91.92.40.46 port 10594 [preauth]
Jun 24 02:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Invalid user guest from 91.92.40.46
Jun 24 02:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: input_userauth_request: invalid user guest [preauth]
Jun 24 02:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Failed password for invalid user guest from 91.92.40.46 port 10620 ssh2
Jun 24 02:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Connection closed by 91.92.40.46 port 10620 [preauth]
Jun 24 02:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18960]: Invalid user redhat from 91.92.40.46
Jun 24 02:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18960]: input_userauth_request: invalid user redhat [preauth]
Jun 24 02:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18960]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18960]: Failed password for invalid user redhat from 91.92.40.46 port 34900 ssh2
Jun 24 02:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18960]: Connection closed by 91.92.40.46 port 34900 [preauth]
Jun 24 02:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: Successful su for rubyman by root
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: + ??? root:rubyman
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580910 of user rubyman.
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580910.
Jun 24 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18970]: Failed password for root from 91.92.40.46 port 34946 ssh2
Jun 24 02:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18970]: Connection closed by 91.92.40.46 port 34946 [preauth]
Jun 24 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16009]: pam_unix(cron:session): session closed for user root
Jun 24 02:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18985]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Failed password for root from 91.92.40.46 port 10210 ssh2
Jun 24 02:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Connection closed by 91.92.40.46 port 10210 [preauth]
Jun 24 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: Failed password for root from 91.92.40.46 port 46604 ssh2
Jun 24 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: Connection closed by 91.92.40.46 port 46604 [preauth]
Jun 24 02:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Invalid user claude from 91.92.40.46
Jun 24 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: input_userauth_request: invalid user claude [preauth]
Jun 24 02:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Failed password for invalid user claude from 91.92.40.46 port 46618 ssh2
Jun 24 02:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Connection closed by 91.92.40.46 port 46618 [preauth]
Jun 24 02:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: Invalid user user from 91.92.40.46
Jun 24 02:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: input_userauth_request: invalid user user [preauth]
Jun 24 02:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: Failed password for invalid user user from 91.92.40.46 port 23904 ssh2
Jun 24 02:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: Connection closed by 91.92.40.46 port 23904 [preauth]
Jun 24 02:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: Invalid user test from 91.92.40.46
Jun 24 02:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: input_userauth_request: invalid user test [preauth]
Jun 24 02:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: Failed password for invalid user test from 91.92.40.46 port 33526 ssh2
Jun 24 02:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: Connection closed by 91.92.40.46 port 33526 [preauth]
Jun 24 02:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17918]: pam_unix(cron:session): session closed for user root
Jun 24 02:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: Invalid user telegram from 91.92.40.46
Jun 24 02:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: input_userauth_request: invalid user telegram [preauth]
Jun 24 02:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: Failed password for invalid user telegram from 91.92.40.46 port 33554 ssh2
Jun 24 02:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: Connection closed by 91.92.40.46 port 33554 [preauth]
Jun 24 02:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: Invalid user user from 91.92.40.46
Jun 24 02:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: input_userauth_request: invalid user user [preauth]
Jun 24 02:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: Failed password for invalid user user from 91.92.40.46 port 49428 ssh2
Jun 24 02:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: Connection closed by 91.92.40.46 port 49428 [preauth]
Jun 24 02:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19480]: Invalid user admin from 91.92.40.46
Jun 24 02:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19480]: input_userauth_request: invalid user admin [preauth]
Jun 24 02:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19480]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19480]: Failed password for invalid user admin from 91.92.40.46 port 49452 ssh2
Jun 24 02:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19480]: Connection closed by 91.92.40.46 port 49452 [preauth]
Jun 24 02:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: Invalid user botuser from 91.92.40.46
Jun 24 02:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: input_userauth_request: invalid user botuser [preauth]
Jun 24 02:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 02:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: Failed password for invalid user botuser from 91.92.40.46 port 47092 ssh2
Jun 24 02:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: Connection closed by 91.92.40.46 port 47092 [preauth]
Jun 24 02:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: Failed password for root from 103.122.221.179 port 39628 ssh2
Jun 24 02:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: Connection closed by 103.122.221.179 port 39628 [preauth]
Jun 24 02:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Invalid user ftpadmin from 91.92.40.46
Jun 24 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: input_userauth_request: invalid user ftpadmin [preauth]
Jun 24 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19707]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19772]: Successful su for rubyman by root
Jun 24 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19772]: + ??? root:rubyman
Jun 24 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580916 of user rubyman.
Jun 24 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19772]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580916.
Jun 24 02:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16446]: pam_unix(cron:session): session closed for user root
Jun 24 02:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Failed password for invalid user ftpadmin from 91.92.40.46 port 44412 ssh2
Jun 24 02:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19708]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Connection closed by 91.92.40.46 port 44412 [preauth]
Jun 24 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: Failed password for root from 91.92.40.46 port 44424 ssh2
Jun 24 02:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: Connection closed by 91.92.40.46 port 44424 [preauth]
Jun 24 02:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: Invalid user wet from 91.92.40.46
Jun 24 02:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: input_userauth_request: invalid user wet [preauth]
Jun 24 02:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: Failed password for invalid user wet from 91.92.40.46 port 56804 ssh2
Jun 24 02:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: Invalid user deployer from 91.92.40.46
Jun 24 02:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: input_userauth_request: invalid user deployer [preauth]
Jun 24 02:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: Connection closed by 91.92.40.46 port 56804 [preauth]
Jun 24 02:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: Failed password for invalid user deployer from 91.92.40.46 port 56814 ssh2
Jun 24 02:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19992]: Connection closed by 91.92.40.46 port 56814 [preauth]
Jun 24 02:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: Failed password for root from 91.92.40.46 port 36824 ssh2
Jun 24 02:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18369]: pam_unix(cron:session): session closed for user root
Jun 24 02:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20031]: Invalid user no-reply from 91.92.40.46
Jun 24 02:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20031]: input_userauth_request: invalid user no-reply [preauth]
Jun 24 02:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20008]: Connection closed by 91.92.40.46 port 36824 [preauth]
Jun 24 02:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20031]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20031]: Failed password for invalid user no-reply from 91.92.40.46 port 36862 ssh2
Jun 24 02:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20031]: Connection closed by 91.92.40.46 port 36862 [preauth]
Jun 24 02:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Failed password for root from 91.92.40.46 port 37558 ssh2
Jun 24 02:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Invalid user anderson from 91.92.40.46
Jun 24 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: input_userauth_request: invalid user anderson [preauth]
Jun 24 02:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Connection closed by 91.92.40.46 port 37558 [preauth]
Jun 24 02:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Failed password for invalid user anderson from 91.92.40.46 port 37596 ssh2
Jun 24 02:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Invalid user deploy from 91.92.40.46
Jun 24 02:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: input_userauth_request: invalid user deploy [preauth]
Jun 24 02:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Connection closed by 91.92.40.46 port 37596 [preauth]
Jun 24 02:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Failed password for invalid user deploy from 91.92.40.46 port 27222 ssh2
Jun 24 02:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: Invalid user readonlyuser from 91.92.40.46
Jun 24 02:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: input_userauth_request: invalid user readonlyuser [preauth]
Jun 24 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: Successful su for rubyman by root
Jun 24 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: + ??? root:rubyman
Jun 24 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580918 of user rubyman.
Jun 24 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580918.
Jun 24 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Connection closed by 91.92.40.46 port 27222 [preauth]
Jun 24 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16906]: pam_unix(cron:session): session closed for user root
Jun 24 02:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: Failed password for invalid user readonlyuser from 91.92.40.46 port 27258 ssh2
Jun 24 02:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: Invalid user toto from 91.92.40.46
Jun 24 02:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: input_userauth_request: invalid user toto [preauth]
Jun 24 02:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: Connection closed by 91.92.40.46 port 27258 [preauth]
Jun 24 02:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: Failed password for invalid user toto from 91.92.40.46 port 21612 ssh2
Jun 24 02:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: Connection closed by 91.92.40.46 port 21612 [preauth]
Jun 24 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: Invalid user kafka from 91.92.40.46
Jun 24 02:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: input_userauth_request: invalid user kafka [preauth]
Jun 24 02:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Failed password for root from 91.92.40.46 port 65192 ssh2
Jun 24 02:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Connection closed by 91.92.40.46 port 65192 [preauth]
Jun 24 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Invalid user ubuntu from 91.92.40.46
Jun 24 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 02:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: Failed password for invalid user kafka from 91.92.40.46 port 65204 ssh2
Jun 24 02:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session closed for user root
Jun 24 02:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: Connection closed by 91.92.40.46 port 65204 [preauth]
Jun 24 02:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Failed password for invalid user ubuntu from 91.92.40.46 port 59392 ssh2
Jun 24 02:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: Invalid user ubuntu from 91.92.40.46
Jun 24 02:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 02:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Connection closed by 91.92.40.46 port 59392 [preauth]
Jun 24 02:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Invalid user claude from 91.92.40.46
Jun 24 02:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: input_userauth_request: invalid user claude [preauth]
Jun 24 02:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: Failed password for invalid user ubuntu from 91.92.40.46 port 59436 ssh2
Jun 24 02:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20555]: Invalid user ubuntu from 91.92.40.46
Jun 24 02:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20555]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 02:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Failed password for invalid user claude from 91.92.40.46 port 18712 ssh2
Jun 24 02:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: Connection closed by 91.92.40.46 port 59436 [preauth]
Jun 24 02:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20555]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Invalid user backend from 91.92.40.46
Jun 24 02:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: input_userauth_request: invalid user backend [preauth]
Jun 24 02:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Connection closed by 91.92.40.46 port 18712 [preauth]
Jun 24 02:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20555]: Failed password for invalid user ubuntu from 91.92.40.46 port 18738 ssh2
Jun 24 02:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20555]: Connection closed by 91.92.40.46 port 18738 [preauth]
Jun 24 02:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Failed password for invalid user backend from 91.92.40.46 port 63028 ssh2
Jun 24 02:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Invalid user devops from 91.92.40.46
Jun 24 02:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: input_userauth_request: invalid user devops [preauth]
Jun 24 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20702]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20816]: Successful su for rubyman by root
Jun 24 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20816]: + ??? root:rubyman
Jun 24 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580922 of user rubyman.
Jun 24 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20816]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580922.
Jun 24 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Connection closed by 91.92.40.46 port 63028 [preauth]
Jun 24 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17388]: pam_unix(cron:session): session closed for user root
Jun 24 02:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Invalid user mcserver from 91.92.40.46
Jun 24 02:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: input_userauth_request: invalid user mcserver [preauth]
Jun 24 02:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Failed password for invalid user devops from 91.92.40.46 port 10018 ssh2
Jun 24 02:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Connection closed by 91.92.40.46 port 10018 [preauth]
Jun 24 02:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Invalid user installer from 91.92.40.46
Jun 24 02:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: input_userauth_request: invalid user installer [preauth]
Jun 24 02:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Failed password for invalid user mcserver from 91.92.40.46 port 10032 ssh2
Jun 24 02:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 02:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Connection closed by 91.92.40.46 port 10032 [preauth]
Jun 24 02:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Failed password for root from 77.94.47.83 port 58642 ssh2
Jun 24 02:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Connection closed by 77.94.47.83 port 58642 [preauth]
Jun 24 02:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Failed password for invalid user installer from 91.92.40.46 port 35934 ssh2
Jun 24 02:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Connection closed by 91.92.40.46 port 35934 [preauth]
Jun 24 02:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20978]: Invalid user carlos from 91.92.40.46
Jun 24 02:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20978]: input_userauth_request: invalid user carlos [preauth]
Jun 24 02:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20700]: Failed password for root from 91.92.40.46 port 37576 ssh2
Jun 24 02:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Invalid user pi from 91.92.40.46
Jun 24 02:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: input_userauth_request: invalid user pi [preauth]
Jun 24 02:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20700]: Connection closed by 91.92.40.46 port 37576 [preauth]
Jun 24 02:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20978]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20978]: Failed password for invalid user carlos from 91.92.40.46 port 37592 ssh2
Jun 24 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19710]: pam_unix(cron:session): session closed for user root
Jun 24 02:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20978]: Connection closed by 91.92.40.46 port 37592 [preauth]
Jun 24 02:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Failed password for invalid user pi from 91.92.40.46 port 51708 ssh2
Jun 24 02:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: Failed password for root from 91.92.40.46 port 51738 ssh2
Jun 24 02:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Connection closed by 91.92.40.46 port 51708 [preauth]
Jun 24 02:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: Connection closed by 91.92.40.46 port 51738 [preauth]
Jun 24 02:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Invalid user administrator from 91.92.40.46
Jun 24 02:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: input_userauth_request: invalid user administrator [preauth]
Jun 24 02:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Failed password for root from 91.92.40.46 port 32572 ssh2
Jun 24 02:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Connection closed by 91.92.40.46 port 32572 [preauth]
Jun 24 02:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Invalid user user from 91.92.40.46
Jun 24 02:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: input_userauth_request: invalid user user [preauth]
Jun 24 02:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Failed password for invalid user administrator from 91.92.40.46 port 21200 ssh2
Jun 24 02:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21190]: pam_unix(cron:session): session closed for user root
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Connection closed by 91.92.40.46 port 21200 [preauth]
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21256]: Successful su for rubyman by root
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21256]: + ??? root:rubyman
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580926 of user rubyman.
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21256]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580926.
Jun 24 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Failed password for invalid user user from 91.92.40.46 port 21250 ssh2
Jun 24 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21187]: pam_unix(cron:session): session closed for user root
Jun 24 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session closed for user root
Jun 24 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Invalid user gns3 from 91.92.40.46
Jun 24 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: input_userauth_request: invalid user gns3 [preauth]
Jun 24 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21186]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Failed password for root from 91.92.40.46 port 31694 ssh2
Jun 24 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Connection closed by 91.92.40.46 port 21250 [preauth]
Jun 24 02:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Connection closed by 91.92.40.46 port 31694 [preauth]
Jun 24 02:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Invalid user user from 91.92.40.46
Jun 24 02:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: input_userauth_request: invalid user user [preauth]
Jun 24 02:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Failed password for invalid user gns3 from 91.92.40.46 port 31728 ssh2
Jun 24 02:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Connection closed by 91.92.40.46 port 31728 [preauth]
Jun 24 02:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: Invalid user user2 from 91.92.40.46
Jun 24 02:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: input_userauth_request: invalid user user2 [preauth]
Jun 24 02:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Failed password for invalid user user from 91.92.40.46 port 45758 ssh2
Jun 24 02:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Connection closed by 91.92.40.46 port 45758 [preauth]
Jun 24 02:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Invalid user pakchoi from 91.92.40.46
Jun 24 02:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: input_userauth_request: invalid user pakchoi [preauth]
Jun 24 02:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: Failed password for invalid user user2 from 91.92.40.46 port 15310 ssh2
Jun 24 02:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: Connection closed by 91.92.40.46 port 15310 [preauth]
Jun 24 02:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Failed password for invalid user pakchoi from 91.92.40.46 port 27538 ssh2
Jun 24 02:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Invalid user s from 91.92.40.46
Jun 24 02:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: input_userauth_request: invalid user s [preauth]
Jun 24 02:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Connection closed by 91.92.40.46 port 27538 [preauth]
Jun 24 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20230]: pam_unix(cron:session): session closed for user root
Jun 24 02:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Invalid user claude from 91.92.40.46
Jun 24 02:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: input_userauth_request: invalid user claude [preauth]
Jun 24 02:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Failed password for invalid user s from 91.92.40.46 port 27618 ssh2
Jun 24 02:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Connection closed by 91.92.40.46 port 27618 [preauth]
Jun 24 02:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Invalid user ubuntu from 91.92.40.46
Jun 24 02:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 02:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Failed password for invalid user claude from 91.92.40.46 port 61982 ssh2
Jun 24 02:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Connection closed by 91.92.40.46 port 61982 [preauth]
Jun 24 02:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Failed password for invalid user ubuntu from 91.92.40.46 port 62020 ssh2
Jun 24 02:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Connection closed by 91.92.40.46 port 62020 [preauth]
Jun 24 02:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: Invalid user oracle from 91.92.40.46
Jun 24 02:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: input_userauth_request: invalid user oracle [preauth]
Jun 24 02:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: Failed password for invalid user oracle from 91.92.40.46 port 19082 ssh2
Jun 24 02:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: Connection closed by 91.92.40.46 port 19082 [preauth]
Jun 24 02:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Invalid user linux from 91.92.40.46
Jun 24 02:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: input_userauth_request: invalid user linux [preauth]
Jun 24 02:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46
Jun 24 02:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Failed password for invalid user linux from 91.92.40.46 port 39008 ssh2
Jun 24 02:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Connection closed by 91.92.40.46 port 39008 [preauth]
Jun 24 02:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.46  user=root
Jun 24 02:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: Received disconnect from 103.161.34.59 port 38538:11: disconnected by user [preauth]
Jun 24 02:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21650]: Disconnected from 103.161.34.59 port 38538 [preauth]
Jun 24 02:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: Failed password for root from 91.92.40.46 port 39040 ssh2
Jun 24 02:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: Connection closed by 91.92.40.46 port 39040 [preauth]
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21667]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21744]: Successful su for rubyman by root
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21744]: + ??? root:rubyman
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580932 of user rubyman.
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21744]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580932.
Jun 24 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18368]: pam_unix(cron:session): session closed for user root
Jun 24 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21668]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20709]: pam_unix(cron:session): session closed for user root
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22143]: Successful su for rubyman by root
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22143]: + ??? root:rubyman
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580936 of user rubyman.
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22143]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580936.
Jun 24 02:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session closed for user root
Jun 24 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21189]: pam_unix(cron:session): session closed for user root
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22566]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: Successful su for rubyman by root
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: + ??? root:rubyman
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580941 of user rubyman.
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580941.
Jun 24 02:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19709]: pam_unix(cron:session): session closed for user root
Jun 24 02:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22567]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21671]: pam_unix(cron:session): session closed for user root
Jun 24 02:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 02:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Failed password for root from 103.15.222.183 port 58312 ssh2
Jun 24 02:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Connection closed by 103.15.222.183 port 58312 [preauth]
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22982]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23093]: Successful su for rubyman by root
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23093]: + ??? root:rubyman
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580944 of user rubyman.
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23093]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580944.
Jun 24 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22980]: pam_unix(cron:session): session closed for user root
Jun 24 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session closed for user root
Jun 24 02:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22983]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: Invalid user admin from 45.148.10.121
Jun 24 02:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: input_userauth_request: invalid user admin [preauth]
Jun 24 02:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 02:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: Failed password for invalid user admin from 45.148.10.121 port 33002 ssh2
Jun 24 02:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: Connection closed by 45.148.10.121 port 33002 [preauth]
Jun 24 02:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22078]: pam_unix(cron:session): session closed for user root
Jun 24 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23490]: pam_unix(cron:session): session closed for user root
Jun 24 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23484]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23560]: Successful su for rubyman by root
Jun 24 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23560]: + ??? root:rubyman
Jun 24 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580954 of user rubyman.
Jun 24 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23560]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580954.
Jun 24 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23486]: pam_unix(cron:session): session closed for user root
Jun 24 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session closed for user root
Jun 24 02:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23485]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session closed for user root
Jun 24 02:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: Invalid user admin from 171.231.181.52
Jun 24 02:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: input_userauth_request: invalid user admin [preauth]
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24033]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.231.181.52
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24099]: Successful su for rubyman by root
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24099]: + ??? root:rubyman
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580957 of user rubyman.
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24099]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580957.
Jun 24 02:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: Failed password for invalid user admin from 171.231.181.52 port 45764 ssh2
Jun 24 02:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: Connection closed by 171.231.181.52 port 45764 [preauth]
Jun 24 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21188]: pam_unix(cron:session): session closed for user root
Jun 24 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24034]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22985]: pam_unix(cron:session): session closed for user root
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24461]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: Successful su for rubyman by root
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: + ??? root:rubyman
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580959 of user rubyman.
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580959.
Jun 24 02:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21669]: pam_unix(cron:session): session closed for user root
Jun 24 02:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24462]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23488]: pam_unix(cron:session): session closed for user root
Jun 24 02:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 02:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: Failed password for root from 193.37.70.224 port 58190 ssh2
Jun 24 02:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: Connection closed by 193.37.70.224 port 58190 [preauth]
Jun 24 02:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24885]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24942]: Successful su for rubyman by root
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24942]: + ??? root:rubyman
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580963 of user rubyman.
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24942]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580963.
Jun 24 02:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Failed password for root from 51.250.105.222 port 38370 ssh2
Jun 24 02:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Connection closed by 51.250.105.222 port 38370 [preauth]
Jun 24 02:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session closed for user root
Jun 24 02:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24036]: pam_unix(cron:session): session closed for user root
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25281]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25338]: Successful su for rubyman by root
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25338]: + ??? root:rubyman
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580967 of user rubyman.
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25338]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580967.
Jun 24 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22569]: pam_unix(cron:session): session closed for user root
Jun 24 02:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25282]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24464]: pam_unix(cron:session): session closed for user root
Jun 24 02:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25682]: pam_unix(cron:session): session closed for user root
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25677]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25746]: Successful su for rubyman by root
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25746]: + ??? root:rubyman
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580973 of user rubyman.
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25746]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580973.
Jun 24 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25679]: pam_unix(cron:session): session closed for user root
Jun 24 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22984]: pam_unix(cron:session): session closed for user root
Jun 24 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25678]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 02:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25982]: Failed password for root from 103.153.68.219 port 48748 ssh2
Jun 24 02:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25982]: Connection closed by 103.153.68.219 port 48748 [preauth]
Jun 24 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24888]: pam_unix(cron:session): session closed for user root
Jun 24 02:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.231.181.52  user=root
Jun 24 02:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: Failed password for root from 171.231.181.52 port 55564 ssh2
Jun 24 02:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: Connection closed by 171.231.181.52 port 55564 [preauth]
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26095]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26165]: Successful su for rubyman by root
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26165]: + ??? root:rubyman
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580977 of user rubyman.
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26165]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580977.
Jun 24 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23487]: pam_unix(cron:session): session closed for user root
Jun 24 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26096]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25284]: pam_unix(cron:session): session closed for user root
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26492]: pam_unix(cron:session): session closed for user root
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26495]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26557]: Successful su for rubyman by root
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26557]: + ??? root:rubyman
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580981 of user rubyman.
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26557]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580981.
Jun 24 02:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24035]: pam_unix(cron:session): session closed for user root
Jun 24 02:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26496]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25681]: pam_unix(cron:session): session closed for user root
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26981]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27042]: Successful su for rubyman by root
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27042]: + ??? root:rubyman
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580986 of user rubyman.
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27042]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580986.
Jun 24 02:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session closed for user root
Jun 24 02:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26982]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: Invalid user admin from 2.57.121.25
Jun 24 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: input_userauth_request: invalid user admin [preauth]
Jun 24 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 02:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: Failed password for invalid user admin from 2.57.121.25 port 16510 ssh2
Jun 24 02:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: Failed password for invalid user admin from 2.57.121.25 port 16510 ssh2
Jun 24 02:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: Failed password for invalid user admin from 2.57.121.25 port 16510 ssh2
Jun 24 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: Connection closed by 2.57.121.25 port 16510 [preauth]
Jun 24 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 02:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 02:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: Failed password for root from 176.32.39.21 port 49198 ssh2
Jun 24 02:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: Connection closed by 176.32.39.21 port 49198 [preauth]
Jun 24 02:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26100]: pam_unix(cron:session): session closed for user root
Jun 24 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27401]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27461]: Successful su for rubyman by root
Jun 24 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27461]: + ??? root:rubyman
Jun 24 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580990 of user rubyman.
Jun 24 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27461]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580990.
Jun 24 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24887]: pam_unix(cron:session): session closed for user root
Jun 24 02:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27402]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: Invalid user installer from 171.231.181.52
Jun 24 02:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: input_userauth_request: invalid user installer [preauth]
Jun 24 02:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.231.181.52
Jun 24 02:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: Failed password for invalid user installer from 171.231.181.52 port 43616 ssh2
Jun 24 02:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: Connection closed by 171.231.181.52 port 43616 [preauth]
Jun 24 02:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26498]: pam_unix(cron:session): session closed for user root
Jun 24 02:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 02:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: Failed password for root from 103.149.28.157 port 36180 ssh2
Jun 24 02:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: Connection closed by 103.149.28.157 port 36180 [preauth]
Jun 24 02:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 02:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: Failed password for root from 194.113.233.25 port 49810 ssh2
Jun 24 02:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: Connection closed by 194.113.233.25 port 49810 [preauth]
Jun 24 02:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27829]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27831]: pam_unix(cron:session): session closed for user root
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27826]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27900]: Successful su for rubyman by root
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27900]: + ??? root:rubyman
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 580997 of user rubyman.
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27900]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 580997.
Jun 24 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: Failed password for root from 109.237.96.109 port 42542 ssh2
Jun 24 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: Connection closed by 109.237.96.109 port 42542 [preauth]
Jun 24 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25283]: pam_unix(cron:session): session closed for user root
Jun 24 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27828]: pam_unix(cron:session): session closed for user root
Jun 24 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27827]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session closed for user root
Jun 24 02:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.179.190.68  user=root
Jun 24 02:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Failed password for root from 185.179.190.68 port 59888 ssh2
Jun 24 02:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Connection closed by 185.179.190.68 port 59888 [preauth]
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28389]: Successful su for rubyman by root
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28389]: + ??? root:rubyman
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581002 of user rubyman.
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28389]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581002.
Jun 24 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25680]: pam_unix(cron:session): session closed for user root
Jun 24 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28325]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Invalid user perl from 192.169.180.166
Jun 24 02:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: input_userauth_request: invalid user perl [preauth]
Jun 24 02:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.169.180.166
Jun 24 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Invalid user sophy from 192.169.249.148
Jun 24 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: input_userauth_request: invalid user sophy [preauth]
Jun 24 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.169.249.148
Jun 24 02:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Failed password for invalid user perl from 192.169.180.166 port 58168 ssh2
Jun 24 02:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Connection closed by 192.169.180.166 port 58168 [preauth]
Jun 24 02:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Failed password for invalid user sophy from 192.169.249.148 port 59092 ssh2
Jun 24 02:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Connection closed by 192.169.249.148 port 59092 [preauth]
Jun 24 02:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: Received disconnect from 195.160.220.149 port 23774:11: disconnected by user [preauth]
Jun 24 02:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: Disconnected from 195.160.220.149 port 23774 [preauth]
Jun 24 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27404]: pam_unix(cron:session): session closed for user root
Jun 24 02:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Invalid user alarm from 147.182.136.151
Jun 24 02:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: input_userauth_request: invalid user alarm [preauth]
Jun 24 02:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.136.151
Jun 24 02:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for invalid user alarm from 147.182.136.151 port 39722 ssh2
Jun 24 02:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Connection closed by 147.182.136.151 port 39722 [preauth]
Jun 24 02:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Invalid user perl from 166.62.35.226
Jun 24 02:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: input_userauth_request: invalid user perl [preauth]
Jun 24 02:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.62.35.226
Jun 24 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Failed password for invalid user perl from 166.62.35.226 port 42804 ssh2
Jun 24 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Connection closed by 166.62.35.226 port 42804 [preauth]
Jun 24 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28830]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: Successful su for rubyman by root
Jun 24 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: + ??? root:rubyman
Jun 24 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581006 of user rubyman.
Jun 24 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581006.
Jun 24 02:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26098]: pam_unix(cron:session): session closed for user root
Jun 24 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Invalid user perl from 166.62.89.133
Jun 24 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: input_userauth_request: invalid user perl [preauth]
Jun 24 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.62.89.133
Jun 24 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28831]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Failed password for invalid user perl from 166.62.89.133 port 55794 ssh2
Jun 24 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Connection closed by 166.62.89.133 port 55794 [preauth]
Jun 24 02:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Invalid user students from 62.84.187.80
Jun 24 02:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: input_userauth_request: invalid user students [preauth]
Jun 24 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.84.187.80
Jun 24 02:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27830]: pam_unix(cron:session): session closed for user root
Jun 24 02:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Failed password for invalid user students from 62.84.187.80 port 52534 ssh2
Jun 24 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Connection closed by 62.84.187.80 port 52534 [preauth]
Jun 24 02:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: Received disconnect from 51.68.126.146 port 53236:11: disconnected by user [preauth]
Jun 24 02:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29227]: Disconnected from 51.68.126.146 port 53236 [preauth]
Jun 24 02:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Invalid user anja from 37.60.237.75
Jun 24 02:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: input_userauth_request: invalid user anja [preauth]
Jun 24 02:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.60.237.75
Jun 24 02:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Failed password for invalid user anja from 37.60.237.75 port 56544 ssh2
Jun 24 02:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Connection closed by 37.60.237.75 port 56544 [preauth]
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29272]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29270]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29334]: Successful su for rubyman by root
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29334]: + ??? root:rubyman
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581010 of user rubyman.
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29334]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581010.
Jun 24 02:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26497]: pam_unix(cron:session): session closed for user root
Jun 24 02:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29271]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29521]: Invalid user user from 171.231.181.52
Jun 24 02:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29521]: input_userauth_request: invalid user user [preauth]
Jun 24 02:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29521]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.231.181.52
Jun 24 02:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29521]: Failed password for invalid user user from 171.231.181.52 port 49078 ssh2
Jun 24 02:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29521]: Connection closed by 171.231.181.52 port 49078 [preauth]
Jun 24 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session closed for user root
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: Successful su for rubyman by root
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: + ??? root:rubyman
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581013 of user rubyman.
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581013.
Jun 24 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26983]: pam_unix(cron:session): session closed for user root
Jun 24 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 02:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30055]: Failed password for root from 38.93.206.2 port 35458 ssh2
Jun 24 02:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30055]: Connection closed by 38.93.206.2 port 35458 [preauth]
Jun 24 02:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session closed for user root
Jun 24 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session closed for user root
Jun 24 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: Successful su for rubyman by root
Jun 24 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: + ??? root:rubyman
Jun 24 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581021 of user rubyman.
Jun 24 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581021.
Jun 24 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30226]: pam_unix(cron:session): session closed for user root
Jun 24 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27403]: pam_unix(cron:session): session closed for user root
Jun 24 02:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29273]: pam_unix(cron:session): session closed for user root
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30668]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30732]: Successful su for rubyman by root
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30732]: + ??? root:rubyman
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581023 of user rubyman.
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30732]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581023.
Jun 24 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27829]: pam_unix(cron:session): session closed for user root
Jun 24 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30669]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29802]: pam_unix(cron:session): session closed for user root
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31174]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31231]: Successful su for rubyman by root
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31231]: + ??? root:rubyman
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581027 of user rubyman.
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31231]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581027.
Jun 24 02:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28326]: pam_unix(cron:session): session closed for user root
Jun 24 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session closed for user root
Jun 24 02:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Invalid user adm from 205.196.216.48
Jun 24 02:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: input_userauth_request: invalid user adm [preauth]
Jun 24 02:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.196.216.48
Jun 24 02:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Failed password for invalid user adm from 205.196.216.48 port 60952 ssh2
Jun 24 02:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Connection closed by 205.196.216.48 port 60952 [preauth]
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31734]: Successful su for rubyman by root
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31734]: + ??? root:rubyman
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581031 of user rubyman.
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31734]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581031.
Jun 24 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session closed for user root
Jun 24 02:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Invalid user web from 80.65.211.49
Jun 24 02:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: input_userauth_request: invalid user web [preauth]
Jun 24 02:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.65.211.49
Jun 24 02:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Failed password for invalid user web from 80.65.211.49 port 41806 ssh2
Jun 24 02:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Connection closed by 80.65.211.49 port 41806 [preauth]
Jun 24 02:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session closed for user root
Jun 24 02:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32091]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32154]: Successful su for rubyman by root
Jun 24 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32154]: + ??? root:rubyman
Jun 24 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581035 of user rubyman.
Jun 24 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32154]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581035.
Jun 24 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29272]: pam_unix(cron:session): session closed for user root
Jun 24 02:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32092]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: Invalid user ubnt from 171.231.181.52
Jun 24 02:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: input_userauth_request: invalid user ubnt [preauth]
Jun 24 02:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.231.181.52
Jun 24 02:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: Failed password for invalid user ubnt from 171.231.181.52 port 55434 ssh2
Jun 24 02:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: Invalid user admin from 141.98.83.240
Jun 24 02:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: input_userauth_request: invalid user admin [preauth]
Jun 24 02:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: Failed password for invalid user admin from 141.98.83.240 port 47668 ssh2
Jun 24 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: Connection closed by 171.231.181.52 port 55434 [preauth]
Jun 24 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: Failed password for invalid user admin from 141.98.83.240 port 47668 ssh2
Jun 24 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: Failed password for invalid user admin from 141.98.83.240 port 47668 ssh2
Jun 24 02:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: Connection closed by 141.98.83.240 port 47668 [preauth]
Jun 24 02:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32370]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31177]: pam_unix(cron:session): session closed for user root
Jun 24 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.86.84.19  user=root
Jun 24 02:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32450]: Received disconnect from 188.44.20.24 port 44824:11: disconnected by user [preauth]
Jun 24 02:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32450]: Disconnected from 188.44.20.24 port 44824 [preauth]
Jun 24 02:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Failed password for root from 167.86.84.19 port 59418 ssh2
Jun 24 02:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Connection closed by 167.86.84.19 port 59418 [preauth]
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32510]: pam_unix(cron:session): session closed for user root
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32505]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32573]: Successful su for rubyman by root
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32573]: + ??? root:rubyman
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581042 of user rubyman.
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32573]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581042.
Jun 24 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32507]: pam_unix(cron:session): session closed for user root
Jun 24 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29801]: pam_unix(cron:session): session closed for user root
Jun 24 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32506]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session closed for user root
Jun 24 02:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: Connection closed by 194.59.206.2 port 54080 [preauth]
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[620]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[694]: Successful su for rubyman by root
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[694]: + ??? root:rubyman
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581044 of user rubyman.
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[694]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581044.
Jun 24 02:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30227]: pam_unix(cron:session): session closed for user root
Jun 24 02:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[621]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: Invalid user wallet from 94.130.130.141
Jun 24 02:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: input_userauth_request: invalid user wallet [preauth]
Jun 24 02:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.130.130.141
Jun 24 02:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: Failed password for invalid user wallet from 94.130.130.141 port 44368 ssh2
Jun 24 02:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: Connection closed by 94.130.130.141 port 44368 [preauth]
Jun 24 02:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32095]: pam_unix(cron:session): session closed for user root
Jun 24 02:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.9.16.158  user=root
Jun 24 02:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: Failed password for root from 176.9.16.158 port 51490 ssh2
Jun 24 02:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1023]: Connection closed by 176.9.16.158 port 51490 [preauth]
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1066]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1146]: Successful su for rubyman by root
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1146]: + ??? root:rubyman
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581048 of user rubyman.
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1146]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581048.
Jun 24 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30670]: pam_unix(cron:session): session closed for user root
Jun 24 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1067]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32509]: pam_unix(cron:session): session closed for user root
Jun 24 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1630]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1696]: Successful su for rubyman by root
Jun 24 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1696]: + ??? root:rubyman
Jun 24 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581052 of user rubyman.
Jun 24 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1696]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581052.
Jun 24 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31176]: pam_unix(cron:session): session closed for user root
Jun 24 02:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1632]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1863]: Failed password for root from 202.178.126.219 port 7492 ssh2
Jun 24 02:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1863]: Connection closed by 202.178.126.219 port 7492 [preauth]
Jun 24 02:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Invalid user amit from 217.76.154.242
Jun 24 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: input_userauth_request: invalid user amit [preauth]
Jun 24 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 24 02:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Failed password for invalid user amit from 217.76.154.242 port 51692 ssh2
Jun 24 02:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Connection closed by 217.76.154.242 port 51692 [preauth]
Jun 24 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session closed for user root
Jun 24 02:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Invalid user squid from 116.110.148.164
Jun 24 02:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: input_userauth_request: invalid user squid [preauth]
Jun 24 02:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.148.164
Jun 24 02:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Failed password for invalid user squid from 116.110.148.164 port 40704 ssh2
Jun 24 02:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Connection closed by 116.110.148.164 port 40704 [preauth]
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2182]: Successful su for rubyman by root
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2182]: + ??? root:rubyman
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581056 of user rubyman.
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2182]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581056.
Jun 24 02:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session closed for user root
Jun 24 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2110]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1069]: pam_unix(cron:session): session closed for user root
Jun 24 02:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 02:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Failed password for root from 103.27.238.120 port 56064 ssh2
Jun 24 02:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Connection closed by 103.27.238.120 port 56064 [preauth]
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2540]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session closed for user root
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2536]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: Successful su for rubyman by root
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: + ??? root:rubyman
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581060 of user rubyman.
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581060.
Jun 24 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2538]: pam_unix(cron:session): session closed for user root
Jun 24 02:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32093]: pam_unix(cron:session): session closed for user root
Jun 24 02:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2537]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.180.197.112  user=root
Jun 24 02:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Failed password for root from 207.180.197.112 port 34094 ssh2
Jun 24 02:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Connection closed by 207.180.197.112 port 34094 [preauth]
Jun 24 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1634]: pam_unix(cron:session): session closed for user root
Jun 24 02:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Invalid user crypto from 37.46.140.11
Jun 24 02:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: input_userauth_request: invalid user crypto [preauth]
Jun 24 02:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.46.140.11
Jun 24 02:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Failed password for invalid user crypto from 37.46.140.11 port 36112 ssh2
Jun 24 02:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Connection closed by 37.46.140.11 port 36112 [preauth]
Jun 24 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3059]: Successful su for rubyman by root
Jun 24 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3059]: + ??? root:rubyman
Jun 24 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581067 of user rubyman.
Jun 24 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3059]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581067.
Jun 24 02:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session closed for user root
Jun 24 02:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2112]: pam_unix(cron:session): session closed for user root
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3385]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3443]: Successful su for rubyman by root
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3443]: + ??? root:rubyman
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581072 of user rubyman.
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3443]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581072.
Jun 24 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session closed for user root
Jun 24 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3386]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2540]: pam_unix(cron:session): session closed for user root
Jun 24 02:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Received disconnect from 144.217.74.127 port 45538:11: disconnected by user [preauth]
Jun 24 02:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Disconnected from 144.217.74.127 port 45538 [preauth]
Jun 24 02:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.222.205.156  user=root
Jun 24 02:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: Failed password for root from 162.222.205.156 port 45530 ssh2
Jun 24 02:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: Connection closed by 162.222.205.156 port 45530 [preauth]
Jun 24 02:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 02:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Failed password for root from 103.82.132.16 port 34908 ssh2
Jun 24 02:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Connection closed by 103.82.132.16 port 34908 [preauth]
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3938]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4038]: Successful su for rubyman by root
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4038]: + ??? root:rubyman
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581074 of user rubyman.
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4038]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581074.
Jun 24 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1068]: pam_unix(cron:session): session closed for user root
Jun 24 02:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session closed for user root
Jun 24 02:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: Invalid user moss from 217.144.132.157
Jun 24 02:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: input_userauth_request: invalid user moss [preauth]
Jun 24 02:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.144.132.157
Jun 24 02:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: Failed password for invalid user moss from 217.144.132.157 port 52932 ssh2
Jun 24 02:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: Connection closed by 217.144.132.157 port 52932 [preauth]
Jun 24 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4405]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4527]: Successful su for rubyman by root
Jun 24 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4527]: + ??? root:rubyman
Jun 24 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581080 of user rubyman.
Jun 24 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4527]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581080.
Jun 24 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4402]: pam_unix(cron:session): session closed for user root
Jun 24 02:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1633]: pam_unix(cron:session): session closed for user root
Jun 24 02:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4406]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 02:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Failed password for root from 62.133.62.83 port 52410 ssh2
Jun 24 02:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Connection closed by 62.133.62.83 port 52410 [preauth]
Jun 24 02:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3388]: pam_unix(cron:session): session closed for user root
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5015]: pam_unix(cron:session): session closed for user root
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5010]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5076]: Successful su for rubyman by root
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5076]: + ??? root:rubyman
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581086 of user rubyman.
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5076]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581086.
Jun 24 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5012]: pam_unix(cron:session): session closed for user root
Jun 24 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2111]: pam_unix(cron:session): session closed for user root
Jun 24 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5011]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Invalid user ec2-user from 138.197.130.251
Jun 24 02:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: input_userauth_request: invalid user ec2-user [preauth]
Jun 24 02:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.130.251
Jun 24 02:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Failed password for invalid user ec2-user from 138.197.130.251 port 57676 ssh2
Jun 24 02:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Connection closed by 138.197.130.251 port 57676 [preauth]
Jun 24 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session closed for user root
Jun 24 02:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Invalid user config from 116.110.148.164
Jun 24 02:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: input_userauth_request: invalid user config [preauth]
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5452]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: Successful su for rubyman by root
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: + ??? root:rubyman
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581089 of user rubyman.
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581089.
Jun 24 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session closed for user root
Jun 24 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5453]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 02:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: Failed password for root from 80.66.85.226 port 55396 ssh2
Jun 24 02:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: Connection closed by 80.66.85.226 port 55396 [preauth]
Jun 24 02:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Invalid user temp from 91.203.213.47
Jun 24 02:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: input_userauth_request: invalid user temp [preauth]
Jun 24 02:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.203.213.47
Jun 24 02:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4408]: pam_unix(cron:session): session closed for user root
Jun 24 02:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Failed password for invalid user temp from 91.203.213.47 port 59166 ssh2
Jun 24 02:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Connection closed by 91.203.213.47 port 59166 [preauth]
Jun 24 02:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.148.164
Jun 24 02:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Failed password for invalid user config from 116.110.148.164 port 42300 ssh2
Jun 24 02:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Connection closed by 116.110.148.164 port 42300 [preauth]
Jun 24 02:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: Invalid user quality from 62.171.168.140
Jun 24 02:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: input_userauth_request: invalid user quality [preauth]
Jun 24 02:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.171.168.140
Jun 24 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: Failed password for invalid user quality from 62.171.168.140 port 37862 ssh2
Jun 24 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: Connection closed by 62.171.168.140 port 37862 [preauth]
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5860]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: Successful su for rubyman by root
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: + ??? root:rubyman
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581094 of user rubyman.
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581094.
Jun 24 02:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user root
Jun 24 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5861]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5014]: pam_unix(cron:session): session closed for user root
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6244]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6302]: Successful su for rubyman by root
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6302]: + ??? root:rubyman
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581098 of user rubyman.
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6302]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581098.
Jun 24 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3387]: pam_unix(cron:session): session closed for user root
Jun 24 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6245]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Invalid user keona from 2.57.121.112
Jun 24 02:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: input_userauth_request: invalid user keona [preauth]
Jun 24 02:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 02:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Failed password for invalid user keona from 2.57.121.112 port 53284 ssh2
Jun 24 02:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Failed password for invalid user keona from 2.57.121.112 port 53284 ssh2
Jun 24 02:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Failed password for invalid user keona from 2.57.121.112 port 53284 ssh2
Jun 24 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Failed password for invalid user keona from 2.57.121.112 port 53284 ssh2
Jun 24 02:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Failed password for invalid user keona from 2.57.121.112 port 53284 ssh2
Jun 24 02:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Connection closed by 2.57.121.112 port 53284 [preauth]
Jun 24 02:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 02:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 24 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5456]: pam_unix(cron:session): session closed for user root
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6635]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6699]: Successful su for rubyman by root
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6699]: + ??? root:rubyman
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581103 of user rubyman.
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6699]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581103.
Jun 24 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3940]: pam_unix(cron:session): session closed for user root
Jun 24 02:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6636]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Invalid user ok from 152.89.64.17
Jun 24 02:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: input_userauth_request: invalid user ok [preauth]
Jun 24 02:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.89.64.17
Jun 24 02:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Failed password for invalid user ok from 152.89.64.17 port 52826 ssh2
Jun 24 02:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Connection closed by 152.89.64.17 port 52826 [preauth]
Jun 24 02:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 02:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5864]: pam_unix(cron:session): session closed for user root
Jun 24 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: Failed password for root from 103.176.20.57 port 60208 ssh2
Jun 24 02:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: Connection closed by 103.176.20.57 port 60208 [preauth]
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7155]: pam_unix(cron:session): session closed for user root
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7149]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7223]: Successful su for rubyman by root
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7223]: + ??? root:rubyman
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581106 of user rubyman.
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7223]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581106.
Jun 24 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7152]: pam_unix(cron:session): session closed for user root
Jun 24 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4407]: pam_unix(cron:session): session closed for user root
Jun 24 02:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7150]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Invalid user job from 162.240.20.232
Jun 24 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: input_userauth_request: invalid user job [preauth]
Jun 24 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.240.20.232
Jun 24 02:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Failed password for invalid user job from 162.240.20.232 port 51828 ssh2
Jun 24 02:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Connection closed by 162.240.20.232 port 51828 [preauth]
Jun 24 02:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Invalid user support from 116.110.148.164
Jun 24 02:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: input_userauth_request: invalid user support [preauth]
Jun 24 02:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.148.164
Jun 24 02:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Failed password for invalid user support from 116.110.148.164 port 53694 ssh2
Jun 24 02:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6247]: pam_unix(cron:session): session closed for user root
Jun 24 02:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Connection closed by 116.110.148.164 port 53694 [preauth]
Jun 24 02:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.158.155  user=root
Jun 24 02:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7521]: Failed password for root from 85.214.158.155 port 59832 ssh2
Jun 24 02:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7521]: Connection closed by 85.214.158.155 port 59832 [preauth]
Jun 24 02:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7533]: Invalid user crypto from 62.169.25.35
Jun 24 02:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7533]: input_userauth_request: invalid user crypto [preauth]
Jun 24 02:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7533]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.169.25.35
Jun 24 02:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7533]: Failed password for invalid user crypto from 62.169.25.35 port 38928 ssh2
Jun 24 02:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7533]: Connection closed by 62.169.25.35 port 38928 [preauth]
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7590]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7756]: Successful su for rubyman by root
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7756]: + ??? root:rubyman
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581111 of user rubyman.
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7756]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581111.
Jun 24 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5013]: pam_unix(cron:session): session closed for user root
Jun 24 02:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7591]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6638]: pam_unix(cron:session): session closed for user root
Jun 24 02:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 02:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Failed password for root from 103.172.78.219 port 33400 ssh2
Jun 24 02:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Connection closed by 103.172.78.219 port 33400 [preauth]
Jun 24 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8074]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8141]: Successful su for rubyman by root
Jun 24 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8141]: + ??? root:rubyman
Jun 24 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581116 of user rubyman.
Jun 24 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8141]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581116.
Jun 24 02:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5455]: pam_unix(cron:session): session closed for user root
Jun 24 02:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8075]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Invalid user park from 198.244.229.127
Jun 24 02:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: input_userauth_request: invalid user park [preauth]
Jun 24 02:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.244.229.127
Jun 24 02:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Failed password for invalid user park from 198.244.229.127 port 49676 ssh2
Jun 24 02:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Connection closed by 198.244.229.127 port 49676 [preauth]
Jun 24 02:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7154]: pam_unix(cron:session): session closed for user root
Jun 24 02:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: Invalid user ubuntu from 85.215.155.231
Jun 24 02:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 02:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.215.155.231
Jun 24 02:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: Failed password for invalid user ubuntu from 85.215.155.231 port 57568 ssh2
Jun 24 02:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: Connection closed by 85.215.155.231 port 57568 [preauth]
Jun 24 02:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: Received disconnect from 102.129.200.117 port 5926:11: disconnected by user [preauth]
Jun 24 02:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: Disconnected from 102.129.200.117 port 5926 [preauth]
Jun 24 02:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.119.208.70  user=root
Jun 24 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: Failed password for root from 75.119.208.70 port 48080 ssh2
Jun 24 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8461]: Connection closed by 75.119.208.70 port 48080 [preauth]
Jun 24 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8547]: Successful su for rubyman by root
Jun 24 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8547]: + ??? root:rubyman
Jun 24 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581120 of user rubyman.
Jun 24 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8547]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581120.
Jun 24 02:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5862]: pam_unix(cron:session): session closed for user root
Jun 24 02:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: Invalid user students from 207.180.251.138
Jun 24 02:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: input_userauth_request: invalid user students [preauth]
Jun 24 02:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.180.251.138
Jun 24 02:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: Failed password for invalid user students from 207.180.251.138 port 59256 ssh2
Jun 24 02:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8780]: Connection closed by 207.180.251.138 port 59256 [preauth]
Jun 24 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7593]: pam_unix(cron:session): session closed for user root
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8939]: Successful su for rubyman by root
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8939]: + ??? root:rubyman
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581126 of user rubyman.
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8939]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581126.
Jun 24 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6246]: pam_unix(cron:session): session closed for user root
Jun 24 02:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.148.164  user=root
Jun 24 02:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: Failed password for root from 116.110.148.164 port 60812 ssh2
Jun 24 02:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: Connection closed by 116.110.148.164 port 60812 [preauth]
Jun 24 02:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100  user=root
Jun 24 02:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: Failed password for root from 20.49.0.100 port 55930 ssh2
Jun 24 02:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: Received disconnect from 20.49.0.100 port 55930:11: Bye Bye [preauth]
Jun 24 02:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: Disconnected from 20.49.0.100 port 55930 [preauth]
Jun 24 02:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8077]: pam_unix(cron:session): session closed for user root
Jun 24 02:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: Invalid user milana from 69.163.185.233
Jun 24 02:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: input_userauth_request: invalid user milana [preauth]
Jun 24 02:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.163.185.233
Jun 24 02:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: Failed password for invalid user milana from 69.163.185.233 port 57156 ssh2
Jun 24 02:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: Connection closed by 69.163.185.233 port 57156 [preauth]
Jun 24 02:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: Invalid user master from 87.106.118.179
Jun 24 02:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: input_userauth_request: invalid user master [preauth]
Jun 24 02:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.106.118.179
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9285]: pam_unix(cron:session): session closed for user root
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9280]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: Failed password for invalid user master from 87.106.118.179 port 57262 ssh2
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: Connection closed by 87.106.118.179 port 57262 [preauth]
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9348]: Successful su for rubyman by root
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9348]: + ??? root:rubyman
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581131 of user rubyman.
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9348]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581131.
Jun 24 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6637]: pam_unix(cron:session): session closed for user root
Jun 24 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session closed for user root
Jun 24 02:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9281]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: Invalid user portal from 191.101.33.225
Jun 24 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: input_userauth_request: invalid user portal [preauth]
Jun 24 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.101.33.225
Jun 24 02:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: Failed password for invalid user portal from 191.101.33.225 port 52218 ssh2
Jun 24 02:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: Connection closed by 191.101.33.225 port 52218 [preauth]
Jun 24 02:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session closed for user root
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9707]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9773]: Successful su for rubyman by root
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9773]: + ??? root:rubyman
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581133 of user rubyman.
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9773]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581133.
Jun 24 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7153]: pam_unix(cron:session): session closed for user root
Jun 24 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9708]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10164]: Invalid user instalador from 45.94.209.13
Jun 24 02:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10164]: input_userauth_request: invalid user instalador [preauth]
Jun 24 02:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10164]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.94.209.13
Jun 24 02:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10164]: Failed password for invalid user instalador from 45.94.209.13 port 58056 ssh2
Jun 24 02:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10164]: Connection closed by 45.94.209.13 port 58056 [preauth]
Jun 24 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8880]: pam_unix(cron:session): session closed for user root
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10380]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10378]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10439]: Successful su for rubyman by root
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10439]: + ??? root:rubyman
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581138 of user rubyman.
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10439]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581138.
Jun 24 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7592]: pam_unix(cron:session): session closed for user root
Jun 24 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: Invalid user wallet from 192.169.196.142
Jun 24 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: input_userauth_request: invalid user wallet [preauth]
Jun 24 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.169.196.142
Jun 24 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: Failed password for invalid user wallet from 192.169.196.142 port 44542 ssh2
Jun 24 02:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: Connection closed by 192.169.196.142 port 44542 [preauth]
Jun 24 02:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9284]: pam_unix(cron:session): session closed for user root
Jun 24 02:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Invalid user perl from 132.148.155.138
Jun 24 02:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: input_userauth_request: invalid user perl [preauth]
Jun 24 02:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.148.155.138
Jun 24 02:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Failed password for invalid user perl from 132.148.155.138 port 57986 ssh2
Jun 24 02:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Connection closed by 132.148.155.138 port 57986 [preauth]
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: Successful su for rubyman by root
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: + ??? root:rubyman
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581142 of user rubyman.
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581142.
Jun 24 02:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8076]: pam_unix(cron:session): session closed for user root
Jun 24 02:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10796]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9710]: pam_unix(cron:session): session closed for user root
Jun 24 02:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: Invalid user ups from 86.90.71.95
Jun 24 02:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: input_userauth_request: invalid user ups [preauth]
Jun 24 02:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.90.71.95
Jun 24 02:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: Failed password for invalid user ups from 86.90.71.95 port 64212 ssh2
Jun 24 02:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: Connection closed by 86.90.71.95 port 64212 [preauth]
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11216]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11281]: Successful su for rubyman by root
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11281]: + ??? root:rubyman
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581147 of user rubyman.
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11281]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581147.
Jun 24 02:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8487]: pam_unix(cron:session): session closed for user root
Jun 24 02:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11217]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: Invalid user crypto from 72.167.43.57
Jun 24 02:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: input_userauth_request: invalid user crypto [preauth]
Jun 24 02:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.43.57
Jun 24 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session closed for user root
Jun 24 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: Failed password for invalid user crypto from 72.167.43.57 port 44540 ssh2
Jun 24 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: Connection closed by 72.167.43.57 port 44540 [preauth]
Jun 24 02:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.83.60.140  user=root
Jun 24 02:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Failed password for root from 38.83.60.140 port 57214 ssh2
Jun 24 02:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Connection closed by 38.83.60.140 port 57214 [preauth]
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session closed for user root
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11632]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11698]: Successful su for rubyman by root
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11698]: + ??? root:rubyman
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581149 of user rubyman.
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11698]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581149.
Jun 24 02:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11634]: pam_unix(cron:session): session closed for user root
Jun 24 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session closed for user root
Jun 24 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11633]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Invalid user AdminGPON from 45.148.10.121
Jun 24 02:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: input_userauth_request: invalid user AdminGPON [preauth]
Jun 24 02:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 02:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Failed password for invalid user AdminGPON from 45.148.10.121 port 33114 ssh2
Jun 24 02:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Connection closed by 45.148.10.121 port 33114 [preauth]
Jun 24 02:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10798]: pam_unix(cron:session): session closed for user root
Jun 24 02:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.148.164  user=root
Jun 24 02:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Failed password for root from 116.110.148.164 port 34136 ssh2
Jun 24 02:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Connection closed by 116.110.148.164 port 34136 [preauth]
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12120]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12189]: Successful su for rubyman by root
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12189]: + ??? root:rubyman
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581155 of user rubyman.
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12189]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581155.
Jun 24 02:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9283]: pam_unix(cron:session): session closed for user root
Jun 24 02:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12121]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Invalid user wallet from 208.109.189.255
Jun 24 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: input_userauth_request: invalid user wallet [preauth]
Jun 24 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.109.189.255
Jun 24 02:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Failed password for invalid user wallet from 208.109.189.255 port 52642 ssh2
Jun 24 02:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Connection closed by 208.109.189.255 port 52642 [preauth]
Jun 24 02:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11219]: pam_unix(cron:session): session closed for user root
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12657]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12719]: Successful su for rubyman by root
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12719]: + ??? root:rubyman
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581160 of user rubyman.
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12719]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581160.
Jun 24 02:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9709]: pam_unix(cron:session): session closed for user root
Jun 24 02:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12658]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11636]: pam_unix(cron:session): session closed for user root
Jun 24 02:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Invalid user user from 141.98.83.240
Jun 24 02:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: input_userauth_request: invalid user user [preauth]
Jun 24 02:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13067]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13133]: Successful su for rubyman by root
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13133]: + ??? root:rubyman
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581163 of user rubyman.
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13133]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581163.
Jun 24 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Failed password for invalid user user from 141.98.83.240 port 22424 ssh2
Jun 24 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10380]: pam_unix(cron:session): session closed for user root
Jun 24 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Failed password for invalid user user from 141.98.83.240 port 22424 ssh2
Jun 24 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13068]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Failed password for invalid user user from 141.98.83.240 port 22424 ssh2
Jun 24 02:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Connection closed by 141.98.83.240 port 22424 [preauth]
Jun 24 02:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 02:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13336]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13336]: Received disconnect from 103.176.90.41 port 10862:11: disconnected by user [preauth]
Jun 24 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13336]: Disconnected from 103.176.90.41 port 10862 [preauth]
Jun 24 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12123]: pam_unix(cron:session): session closed for user root
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session closed for user p13x
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13538]: Successful su for rubyman by root
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13538]: + ??? root:rubyman
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581167 of user rubyman.
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13538]: pam_unix(su:session): session closed for user rubyman
Jun 24 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581167.
Jun 24 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10797]: pam_unix(cron:session): session closed for user root
Jun 24 02:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13477]: pam_unix(cron:session): session closed for user samftp
Jun 24 02:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Invalid user admin from 116.110.148.164
Jun 24 02:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: input_userauth_request: invalid user admin [preauth]
Jun 24 02:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Invalid user admin from 116.110.148.164
Jun 24 02:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: input_userauth_request: invalid user admin [preauth]
Jun 24 02:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12661]: pam_unix(cron:session): session closed for user root
Jun 24 02:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.148.164
Jun 24 02:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Failed password for invalid user admin from 116.110.148.164 port 58920 ssh2
Jun 24 02:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Connection closed by 116.110.148.164 port 58920 [preauth]
Jun 24 02:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.148.164
Jun 24 02:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Failed password for invalid user admin from 116.110.148.164 port 58912 ssh2
Jun 24 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: Invalid user perl from 97.74.6.204
Jun 24 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: input_userauth_request: invalid user perl [preauth]
Jun 24 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.6.204
Jun 24 02:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: Failed password for invalid user perl from 97.74.6.204 port 54158 ssh2
Jun 24 02:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: Connection closed by 97.74.6.204 port 54158 [preauth]
Jun 24 02:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Connection closed by 116.110.148.164 port 58912 [preauth]
Jun 24 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13893]: pam_unix(cron:session): session closed for user root
Jun 24 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13897]: pam_unix(cron:session): session closed for user root
Jun 24 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13891]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: Successful su for rubyman by root
Jun 24 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: + ??? root:rubyman
Jun 24 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581175 of user rubyman.
Jun 24 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581175.
Jun 24 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11218]: pam_unix(cron:session): session closed for user root
Jun 24 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13894]: pam_unix(cron:session): session closed for user root
Jun 24 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13892]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: Invalid user ec2-user from 194.36.147.215
Jun 24 03:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: input_userauth_request: invalid user ec2-user [preauth]
Jun 24 03:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.36.147.215
Jun 24 03:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: Failed password for invalid user ec2-user from 194.36.147.215 port 46926 ssh2
Jun 24 03:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: Connection closed by 194.36.147.215 port 46926 [preauth]
Jun 24 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13070]: pam_unix(cron:session): session closed for user root
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14445]: Successful su for rubyman by root
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14445]: + ??? root:rubyman
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581179 of user rubyman.
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14445]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581179.
Jun 24 03:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session closed for user root
Jun 24 03:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14381]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13479]: pam_unix(cron:session): session closed for user root
Jun 24 03:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Invalid user prueba from 213.136.80.187
Jun 24 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: input_userauth_request: invalid user prueba [preauth]
Jun 24 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.136.80.187
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14867]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14928]: Successful su for rubyman by root
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14928]: + ??? root:rubyman
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581182 of user rubyman.
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14928]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581182.
Jun 24 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Failed password for invalid user prueba from 213.136.80.187 port 43416 ssh2
Jun 24 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Connection closed by 213.136.80.187 port 43416 [preauth]
Jun 24 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12122]: pam_unix(cron:session): session closed for user root
Jun 24 03:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13896]: pam_unix(cron:session): session closed for user root
Jun 24 03:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: Invalid user records from 157.230.186.59
Jun 24 03:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: input_userauth_request: invalid user records [preauth]
Jun 24 03:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.186.59
Jun 24 03:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: Failed password for invalid user records from 157.230.186.59 port 54444 ssh2
Jun 24 03:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: Connection closed by 157.230.186.59 port 54444 [preauth]
Jun 24 03:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15274]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: Failed password for root from 103.27.238.114 port 50568 ssh2
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15338]: Successful su for rubyman by root
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15338]: + ??? root:rubyman
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581187 of user rubyman.
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15338]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581187.
Jun 24 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: Connection closed by 103.27.238.114 port 50568 [preauth]
Jun 24 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12659]: pam_unix(cron:session): session closed for user root
Jun 24 03:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15275]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15571]: Invalid user marketing from 193.110.157.47
Jun 24 03:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15571]: input_userauth_request: invalid user marketing [preauth]
Jun 24 03:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15571]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.110.157.47
Jun 24 03:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14383]: pam_unix(cron:session): session closed for user root
Jun 24 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15571]: Failed password for invalid user marketing from 193.110.157.47 port 48612 ssh2
Jun 24 03:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15571]: Connection closed by 193.110.157.47 port 48612 [preauth]
Jun 24 03:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: Invalid user act from 178.18.253.157
Jun 24 03:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: input_userauth_request: invalid user act [preauth]
Jun 24 03:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.18.253.157
Jun 24 03:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: Failed password for invalid user act from 178.18.253.157 port 42654 ssh2
Jun 24 03:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: Connection closed by 178.18.253.157 port 42654 [preauth]
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15726]: Successful su for rubyman by root
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15726]: + ??? root:rubyman
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581192 of user rubyman.
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15726]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581192.
Jun 24 03:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13069]: pam_unix(cron:session): session closed for user root
Jun 24 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Invalid user ldap from 45.94.209.235
Jun 24 03:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: input_userauth_request: invalid user ldap [preauth]
Jun 24 03:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.94.209.235
Jun 24 03:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Failed password for invalid user ldap from 45.94.209.235 port 49410 ssh2
Jun 24 03:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Connection closed by 45.94.209.235 port 49410 [preauth]
Jun 24 03:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session closed for user root
Jun 24 03:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: Invalid user perl from 132.148.26.66
Jun 24 03:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: input_userauth_request: invalid user perl [preauth]
Jun 24 03:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.148.26.66
Jun 24 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16054]: pam_unix(cron:session): session closed for user root
Jun 24 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16047]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16117]: Successful su for rubyman by root
Jun 24 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16117]: + ??? root:rubyman
Jun 24 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581198 of user rubyman.
Jun 24 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16117]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581198.
Jun 24 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: Failed password for invalid user perl from 132.148.26.66 port 46358 ssh2
Jun 24 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: Connection closed by 132.148.26.66 port 46358 [preauth]
Jun 24 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16050]: pam_unix(cron:session): session closed for user root
Jun 24 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13478]: pam_unix(cron:session): session closed for user root
Jun 24 03:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16048]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Invalid user saqib from 91.239.232.40
Jun 24 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: input_userauth_request: invalid user saqib [preauth]
Jun 24 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.239.232.40
Jun 24 03:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Failed password for invalid user saqib from 91.239.232.40 port 49478 ssh2
Jun 24 03:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Connection closed by 91.239.232.40 port 49478 [preauth]
Jun 24 03:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15277]: pam_unix(cron:session): session closed for user root
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16472]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16468]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16542]: Successful su for rubyman by root
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16542]: + ??? root:rubyman
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581200 of user rubyman.
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16542]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581200.
Jun 24 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13895]: pam_unix(cron:session): session closed for user root
Jun 24 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16471]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16740]: Connection reset by 45.148.10.152 port 49514 [preauth]
Jun 24 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session closed for user root
Jun 24 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16948]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: Successful su for rubyman by root
Jun 24 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: + ??? root:rubyman
Jun 24 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581205 of user rubyman.
Jun 24 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581205.
Jun 24 03:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14382]: pam_unix(cron:session): session closed for user root
Jun 24 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16949]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16052]: pam_unix(cron:session): session closed for user root
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17375]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: Successful su for rubyman by root
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: + ??? root:rubyman
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581208 of user rubyman.
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581208.
Jun 24 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session closed for user root
Jun 24 03:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16473]: pam_unix(cron:session): session closed for user root
Jun 24 03:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17851]: Received disconnect from 103.161.34.59 port 58370:11: disconnected by user [preauth]
Jun 24 03:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17851]: Disconnected from 103.161.34.59 port 58370 [preauth]
Jun 24 03:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 03:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17867]: Failed password for root from 87.251.79.125 port 59524 ssh2
Jun 24 03:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17867]: Connection closed by 87.251.79.125 port 59524 [preauth]
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17879]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18007]: Successful su for rubyman by root
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18007]: + ??? root:rubyman
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581213 of user rubyman.
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18007]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581213.
Jun 24 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17877]: pam_unix(cron:session): session closed for user root
Jun 24 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15276]: pam_unix(cron:session): session closed for user root
Jun 24 03:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17880]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16951]: pam_unix(cron:session): session closed for user root
Jun 24 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18491]: pam_unix(cron:session): session closed for user root
Jun 24 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18561]: Successful su for rubyman by root
Jun 24 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18561]: + ??? root:rubyman
Jun 24 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581218 of user rubyman.
Jun 24 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18561]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581218.
Jun 24 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session closed for user root
Jun 24 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session closed for user root
Jun 24 03:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18486]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17379]: pam_unix(cron:session): session closed for user root
Jun 24 03:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: Failed password for root from 147.45.199.80 port 39100 ssh2
Jun 24 03:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: Connection closed by 147.45.199.80 port 39100 [preauth]
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18945]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19012]: Successful su for rubyman by root
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19012]: + ??? root:rubyman
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581223 of user rubyman.
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19012]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581223.
Jun 24 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16051]: pam_unix(cron:session): session closed for user root
Jun 24 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18946]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17882]: pam_unix(cron:session): session closed for user root
Jun 24 03:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Invalid user lab from 83.169.1.209
Jun 24 03:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: input_userauth_request: invalid user lab [preauth]
Jun 24 03:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.169.1.209
Jun 24 03:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Failed password for invalid user lab from 83.169.1.209 port 59684 ssh2
Jun 24 03:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Connection closed by 83.169.1.209 port 59684 [preauth]
Jun 24 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19616]: Successful su for rubyman by root
Jun 24 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19616]: + ??? root:rubyman
Jun 24 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581228 of user rubyman.
Jun 24 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19616]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581228.
Jun 24 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16472]: pam_unix(cron:session): session closed for user root
Jun 24 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Invalid user windows from 62.171.185.52
Jun 24 03:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: input_userauth_request: invalid user windows [preauth]
Jun 24 03:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.171.185.52
Jun 24 03:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Failed password for invalid user windows from 62.171.185.52 port 32924 ssh2
Jun 24 03:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Connection closed by 62.171.185.52 port 32924 [preauth]
Jun 24 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18490]: pam_unix(cron:session): session closed for user root
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20057]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20119]: Successful su for rubyman by root
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20119]: + ??? root:rubyman
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581231 of user rubyman.
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20119]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581231.
Jun 24 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16950]: pam_unix(cron:session): session closed for user root
Jun 24 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Invalid user gold from 213.202.230.81
Jun 24 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: input_userauth_request: invalid user gold [preauth]
Jun 24 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.202.230.81
Jun 24 03:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Failed password for invalid user gold from 213.202.230.81 port 51456 ssh2
Jun 24 03:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Connection closed by 213.202.230.81 port 51456 [preauth]
Jun 24 03:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 03:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: Failed password for root from 103.82.20.28 port 50894 ssh2
Jun 24 03:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: Connection closed by 103.82.20.28 port 50894 [preauth]
Jun 24 03:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18948]: pam_unix(cron:session): session closed for user root
Jun 24 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20528]: Invalid user wendi from 93.147.164.60
Jun 24 03:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20528]: input_userauth_request: invalid user wendi [preauth]
Jun 24 03:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20528]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.147.164.60
Jun 24 03:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20528]: Failed password for invalid user wendi from 93.147.164.60 port 54028 ssh2
Jun 24 03:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20528]: Connection closed by 93.147.164.60 port 54028 [preauth]
Jun 24 03:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 03:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Failed password for root from 38.93.206.2 port 58048 ssh2
Jun 24 03:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Connection closed by 38.93.206.2 port 58048 [preauth]
Jun 24 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20568]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20638]: Successful su for rubyman by root
Jun 24 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20638]: + ??? root:rubyman
Jun 24 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581235 of user rubyman.
Jun 24 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20638]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581235.
Jun 24 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session closed for user root
Jun 24 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20569]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19445]: pam_unix(cron:session): session closed for user root
Jun 24 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21062]: pam_unix(cron:session): session closed for user root
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21127]: Successful su for rubyman by root
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21127]: + ??? root:rubyman
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581240 of user rubyman.
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21127]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581240.
Jun 24 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17881]: pam_unix(cron:session): session closed for user root
Jun 24 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session closed for user root
Jun 24 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20060]: pam_unix(cron:session): session closed for user root
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21583]: Successful su for rubyman by root
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21583]: + ??? root:rubyman
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581246 of user rubyman.
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21583]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581246.
Jun 24 03:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18489]: pam_unix(cron:session): session closed for user root
Jun 24 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20571]: pam_unix(cron:session): session closed for user root
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21943]: pam_unix(cron:session): session closed for user root
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21945]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22005]: Successful su for rubyman by root
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22005]: + ??? root:rubyman
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581251 of user rubyman.
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22005]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581251.
Jun 24 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18947]: pam_unix(cron:session): session closed for user root
Jun 24 03:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21946]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Invalid user probe from 141.98.83.240
Jun 24 03:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: input_userauth_request: invalid user probe [preauth]
Jun 24 03:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Failed none for invalid user probe from 141.98.83.240 port 30152 ssh2
Jun 24 03:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Connection closed by 141.98.83.240 port 30152 [preauth]
Jun 24 03:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21061]: pam_unix(cron:session): session closed for user root
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22497]: Successful su for rubyman by root
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22497]: + ??? root:rubyman
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581254 of user rubyman.
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22497]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581254.
Jun 24 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19441]: pam_unix(cron:session): session closed for user root
Jun 24 03:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21503]: pam_unix(cron:session): session closed for user root
Jun 24 03:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Invalid user admin from 2.57.121.25
Jun 24 03:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: input_userauth_request: invalid user admin [preauth]
Jun 24 03:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Failed password for invalid user admin from 2.57.121.25 port 12408 ssh2
Jun 24 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22839]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Failed password for invalid user admin from 2.57.121.25 port 12408 ssh2
Jun 24 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22904]: Successful su for rubyman by root
Jun 24 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22904]: + ??? root:rubyman
Jun 24 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581258 of user rubyman.
Jun 24 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22904]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581258.
Jun 24 03:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Failed password for invalid user admin from 2.57.121.25 port 12408 ssh2
Jun 24 03:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session closed for user root
Jun 24 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Connection closed by 2.57.121.25 port 12408 [preauth]
Jun 24 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22841]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21948]: pam_unix(cron:session): session closed for user root
Jun 24 03:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 03:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: Failed password for root from 103.27.238.116 port 39754 ssh2
Jun 24 03:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: Connection closed by 103.27.238.116 port 39754 [preauth]
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23254]: pam_unix(cron:session): session closed for user root
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23247]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23325]: Successful su for rubyman by root
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23325]: + ??? root:rubyman
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581264 of user rubyman.
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23325]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581264.
Jun 24 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23249]: pam_unix(cron:session): session closed for user root
Jun 24 03:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20570]: pam_unix(cron:session): session closed for user root
Jun 24 03:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23248]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22438]: pam_unix(cron:session): session closed for user root
Jun 24 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23698]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23779]: Successful su for rubyman by root
Jun 24 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23779]: + ??? root:rubyman
Jun 24 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581268 of user rubyman.
Jun 24 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23779]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581268.
Jun 24 03:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21060]: pam_unix(cron:session): session closed for user root
Jun 24 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23699]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22843]: pam_unix(cron:session): session closed for user root
Jun 24 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24287]: Successful su for rubyman by root
Jun 24 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24287]: + ??? root:rubyman
Jun 24 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581272 of user rubyman.
Jun 24 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24287]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581272.
Jun 24 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session closed for user root
Jun 24 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24207]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23253]: pam_unix(cron:session): session closed for user root
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24649]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24719]: Successful su for rubyman by root
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24719]: + ??? root:rubyman
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581276 of user rubyman.
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24719]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581276.
Jun 24 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21947]: pam_unix(cron:session): session closed for user root
Jun 24 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24650]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Invalid user probe from 193.46.255.86
Jun 24 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: input_userauth_request: invalid user probe [preauth]
Jun 24 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Failed none for invalid user probe from 193.46.255.86 port 45902 ssh2
Jun 24 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Connection closed by 193.46.255.86 port 45902 [preauth]
Jun 24 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23701]: pam_unix(cron:session): session closed for user root
Jun 24 03:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 03:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: Failed password for root from 77.94.47.83 port 35374 ssh2
Jun 24 03:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: Connection closed by 77.94.47.83 port 35374 [preauth]
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25052]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25116]: Successful su for rubyman by root
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25116]: + ??? root:rubyman
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581280 of user rubyman.
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25116]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581280.
Jun 24 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22437]: pam_unix(cron:session): session closed for user root
Jun 24 03:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25053]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24209]: pam_unix(cron:session): session closed for user root
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25446]: pam_unix(cron:session): session closed for user root
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25440]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: Successful su for rubyman by root
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: + ??? root:rubyman
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581288 of user rubyman.
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581288.
Jun 24 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session closed for user root
Jun 24 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22842]: pam_unix(cron:session): session closed for user root
Jun 24 03:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session closed for user root
Jun 24 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25872]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25939]: Successful su for rubyman by root
Jun 24 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25939]: + ??? root:rubyman
Jun 24 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581292 of user rubyman.
Jun 24 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25939]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581292.
Jun 24 03:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23250]: pam_unix(cron:session): session closed for user root
Jun 24 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25873]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25055]: pam_unix(cron:session): session closed for user root
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26266]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26332]: Successful su for rubyman by root
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26332]: + ??? root:rubyman
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581294 of user rubyman.
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26332]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581294.
Jun 24 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23700]: pam_unix(cron:session): session closed for user root
Jun 24 03:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26267]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session closed for user root
Jun 24 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26658]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: Successful su for rubyman by root
Jun 24 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: + ??? root:rubyman
Jun 24 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581299 of user rubyman.
Jun 24 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581299.
Jun 24 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24208]: pam_unix(cron:session): session closed for user root
Jun 24 03:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25875]: pam_unix(cron:session): session closed for user root
Jun 24 03:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 03:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: Failed password for root from 193.37.70.224 port 35780 ssh2
Jun 24 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: Connection closed by 193.37.70.224 port 35780 [preauth]
Jun 24 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Failed password for root from 103.122.221.179 port 57306 ssh2
Jun 24 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Connection closed by 103.122.221.179 port 57306 [preauth]
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27145]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27210]: Successful su for rubyman by root
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27210]: + ??? root:rubyman
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581303 of user rubyman.
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27210]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581303.
Jun 24 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24652]: pam_unix(cron:session): session closed for user root
Jun 24 03:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27146]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Received disconnect from 185.165.242.225 port 59262:11: disconnected by user [preauth]
Jun 24 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Disconnected from 185.165.242.225 port 59262 [preauth]
Jun 24 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26269]: pam_unix(cron:session): session closed for user root
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27575]: pam_unix(cron:session): session closed for user root
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27568]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27637]: Successful su for rubyman by root
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27637]: + ??? root:rubyman
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581309 of user rubyman.
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27637]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581309.
Jun 24 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session closed for user root
Jun 24 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25054]: pam_unix(cron:session): session closed for user root
Jun 24 03:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27849]: Did not receive identification string from 91.92.40.240
Jun 24 03:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26661]: pam_unix(cron:session): session closed for user root
Jun 24 03:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Connection reset by 147.185.132.19 port 59014 [preauth]
Jun 24 03:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: Connection closed by 194.59.206.2 port 35894 [preauth]
Jun 24 03:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 03:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: Failed password for root from 202.178.126.219 port 10507 ssh2
Jun 24 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: Connection closed by 202.178.126.219 port 10507 [preauth]
Jun 24 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28016]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28138]: Successful su for rubyman by root
Jun 24 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28138]: + ??? root:rubyman
Jun 24 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581312 of user rubyman.
Jun 24 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28138]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581312.
Jun 24 03:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session closed for user root
Jun 24 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 24 03:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: Failed password for root from 45.148.10.121 port 55144 ssh2
Jun 24 03:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: Connection closed by 45.148.10.121 port 55144 [preauth]
Jun 24 03:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28387]: Failed password for root from 103.77.175.15 port 43314 ssh2
Jun 24 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27148]: pam_unix(cron:session): session closed for user root
Jun 24 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28387]: Connection closed by 103.77.175.15 port 43314 [preauth]
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28472]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28544]: Successful su for rubyman by root
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28544]: + ??? root:rubyman
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581319 of user rubyman.
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28544]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581319.
Jun 24 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25874]: pam_unix(cron:session): session closed for user root
Jun 24 03:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28473]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27574]: pam_unix(cron:session): session closed for user root
Jun 24 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28978]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29045]: Successful su for rubyman by root
Jun 24 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29045]: + ??? root:rubyman
Jun 24 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581321 of user rubyman.
Jun 24 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29045]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581321.
Jun 24 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26268]: pam_unix(cron:session): session closed for user root
Jun 24 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28979]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session closed for user root
Jun 24 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Did not receive identification string from 161.82.146.86
Jun 24 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86  user=root
Jun 24 03:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: Failed password for root from 161.82.146.86 port 34969 ssh2
Jun 24 03:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: Connection closed by 161.82.146.86 port 34969 [preauth]
Jun 24 03:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86  user=root
Jun 24 03:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: Failed password for root from 161.82.146.86 port 51647 ssh2
Jun 24 03:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: Connection closed by 161.82.146.86 port 51647 [preauth]
Jun 24 03:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86  user=root
Jun 24 03:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Failed password for root from 161.82.146.86 port 38025 ssh2
Jun 24 03:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Connection closed by 161.82.146.86 port 38025 [preauth]
Jun 24 03:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86  user=root
Jun 24 03:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: Failed password for root from 161.82.146.86 port 45542 ssh2
Jun 24 03:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: Connection closed by 161.82.146.86 port 45542 [preauth]
Jun 24 03:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86  user=root
Jun 24 03:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Failed password for root from 161.82.146.86 port 39900 ssh2
Jun 24 03:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Connection closed by 161.82.146.86 port 39900 [preauth]
Jun 24 03:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Invalid user admin from 161.82.146.86
Jun 24 03:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: input_userauth_request: invalid user admin [preauth]
Jun 24 03:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86
Jun 24 03:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Failed password for invalid user admin from 161.82.146.86 port 40768 ssh2
Jun 24 03:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Connection closed by 161.82.146.86 port 40768 [preauth]
Jun 24 03:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: Invalid user admin from 161.82.146.86
Jun 24 03:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: input_userauth_request: invalid user admin [preauth]
Jun 24 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29413]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29481]: Successful su for rubyman by root
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29481]: + ??? root:rubyman
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581326 of user rubyman.
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29481]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581326.
Jun 24 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: Failed password for invalid user admin from 161.82.146.86 port 41450 ssh2
Jun 24 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: Connection closed by 161.82.146.86 port 41450 [preauth]
Jun 24 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 24 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Invalid user admin from 161.82.146.86
Jun 24 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: input_userauth_request: invalid user admin [preauth]
Jun 24 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86
Jun 24 03:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session closed for user root
Jun 24 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29517]: Failed password for root from 147.45.211.215 port 59964 ssh2
Jun 24 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29517]: Connection closed by 147.45.211.215 port 59964 [preauth]
Jun 24 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29414]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Failed password for invalid user admin from 161.82.146.86 port 42814 ssh2
Jun 24 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Connection closed by 161.82.146.86 port 42814 [preauth]
Jun 24 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Invalid user admin from 161.82.146.86
Jun 24 03:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: input_userauth_request: invalid user admin [preauth]
Jun 24 03:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86
Jun 24 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Failed password for invalid user admin from 161.82.146.86 port 60024 ssh2
Jun 24 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Connection closed by 161.82.146.86 port 60024 [preauth]
Jun 24 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: Invalid user user from 161.82.146.86
Jun 24 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: input_userauth_request: invalid user user [preauth]
Jun 24 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86
Jun 24 03:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: Failed password for invalid user user from 161.82.146.86 port 42132 ssh2
Jun 24 03:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: Connection closed by 161.82.146.86 port 42132 [preauth]
Jun 24 03:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: Invalid user user from 161.82.146.86
Jun 24 03:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: input_userauth_request: invalid user user [preauth]
Jun 24 03:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86
Jun 24 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: Failed password for invalid user user from 161.82.146.86 port 53184 ssh2
Jun 24 03:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: Connection closed by 161.82.146.86 port 53184 [preauth]
Jun 24 03:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Invalid user user from 161.82.146.86
Jun 24 03:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: input_userauth_request: invalid user user [preauth]
Jun 24 03:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86
Jun 24 03:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Failed password for invalid user user from 161.82.146.86 port 58392 ssh2
Jun 24 03:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Connection closed by 161.82.146.86 port 58392 [preauth]
Jun 24 03:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: Invalid user support from 161.82.146.86
Jun 24 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: input_userauth_request: invalid user support [preauth]
Jun 24 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86
Jun 24 03:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: Failed password for invalid user support from 161.82.146.86 port 54464 ssh2
Jun 24 03:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: Connection closed by 161.82.146.86 port 54464 [preauth]
Jun 24 03:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Invalid user guest from 161.82.146.86
Jun 24 03:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: input_userauth_request: invalid user guest [preauth]
Jun 24 03:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86
Jun 24 03:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Failed password for invalid user guest from 161.82.146.86 port 43496 ssh2
Jun 24 03:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Connection closed by 161.82.146.86 port 43496 [preauth]
Jun 24 03:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Invalid user test from 161.82.146.86
Jun 24 03:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: input_userauth_request: invalid user test [preauth]
Jun 24 03:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 03:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86
Jun 24 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Failed password for invalid user test from 161.82.146.86 port 57712 ssh2
Jun 24 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Connection closed by 161.82.146.86 port 57712 [preauth]
Jun 24 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: User john from 161.82.146.86 not allowed because not listed in AllowUsers
Jun 24 03:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: input_userauth_request: invalid user john [preauth]
Jun 24 03:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86  user=john
Jun 24 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session closed for user root
Jun 24 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Failed password for invalid user john from 161.82.146.86 port 44178 ssh2
Jun 24 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Connection closed by 161.82.146.86 port 44178 [preauth]
Jun 24 03:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.146.86  user=root
Jun 24 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: Failed password for root from 161.82.146.86 port 38057 ssh2
Jun 24 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: Connection closed by 161.82.146.86 port 38057 [preauth]
Jun 24 03:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 03:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29958]: Failed password for root from 103.15.222.183 port 40610 ssh2
Jun 24 03:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29958]: Connection closed by 103.15.222.183 port 40610 [preauth]
Jun 24 03:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: Failed password for root from 91.92.40.240 port 35264 ssh2
Jun 24 03:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: Connection closed by 91.92.40.240 port 35264 [preauth]
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29977]: pam_unix(cron:session): session closed for user root
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30047]: Successful su for rubyman by root
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30047]: + ??? root:rubyman
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581328 of user rubyman.
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30047]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581328.
Jun 24 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29974]: pam_unix(cron:session): session closed for user root
Jun 24 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27147]: pam_unix(cron:session): session closed for user root
Jun 24 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29973]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session closed for user root
Jun 24 03:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: Failed password for root from 194.113.233.25 port 51314 ssh2
Jun 24 03:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30340]: Connection closed by 194.113.233.25 port 51314 [preauth]
Jun 24 03:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Received disconnect from 148.153.245.161 port 52014:11: disconnected by user [preauth]
Jun 24 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Disconnected from 148.153.245.161 port 52014 [preauth]
Jun 24 03:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: Failed password for root from 109.237.96.109 port 36988 ssh2
Jun 24 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: Connection closed by 109.237.96.109 port 36988 [preauth]
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30500]: Successful su for rubyman by root
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30500]: + ??? root:rubyman
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581334 of user rubyman.
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30500]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581334.
Jun 24 03:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session closed for user root
Jun 24 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30428]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 03:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Failed password for root from 51.250.105.222 port 38814 ssh2
Jun 24 03:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Connection closed by 51.250.105.222 port 38814 [preauth]
Jun 24 03:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29416]: pam_unix(cron:session): session closed for user root
Jun 24 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30852]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: Successful su for rubyman by root
Jun 24 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: + ??? root:rubyman
Jun 24 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581339 of user rubyman.
Jun 24 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581339.
Jun 24 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session closed for user root
Jun 24 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31207]: Failed password for root from 91.92.40.240 port 47406 ssh2
Jun 24 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31207]: Connection closed by 91.92.40.240 port 47406 [preauth]
Jun 24 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29976]: pam_unix(cron:session): session closed for user root
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31408]: Successful su for rubyman by root
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31408]: + ??? root:rubyman
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581342 of user rubyman.
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31408]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581342.
Jun 24 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28474]: pam_unix(cron:session): session closed for user root
Jun 24 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30430]: pam_unix(cron:session): session closed for user root
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31981]: Successful su for rubyman by root
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31981]: + ??? root:rubyman
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581347 of user rubyman.
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31981]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581347.
Jun 24 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31851]: pam_unix(cron:session): session closed for user root
Jun 24 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28980]: pam_unix(cron:session): session closed for user root
Jun 24 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31854]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session closed for user root
Jun 24 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32301]: Failed password for root from 91.92.40.240 port 34094 ssh2
Jun 24 03:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32301]: Connection closed by 91.92.40.240 port 34094 [preauth]
Jun 24 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32356]: pam_unix(cron:session): session closed for user root
Jun 24 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: Successful su for rubyman by root
Jun 24 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: + ??? root:rubyman
Jun 24 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581352 of user rubyman.
Jun 24 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581352.
Jun 24 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session closed for user root
Jun 24 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29415]: pam_unix(cron:session): session closed for user root
Jun 24 03:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session closed for user root
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: Successful su for rubyman by root
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: + ??? root:rubyman
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581358 of user rubyman.
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581358.
Jun 24 03:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29975]: pam_unix(cron:session): session closed for user root
Jun 24 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 03:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[765]: Failed password for root from 103.153.68.219 port 48914 ssh2
Jun 24 03:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[765]: Connection closed by 103.153.68.219 port 48914 [preauth]
Jun 24 03:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31856]: pam_unix(cron:session): session closed for user root
Jun 24 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 24 03:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: Failed password for root from 94.159.110.201 port 36540 ssh2
Jun 24 03:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: Connection closed by 94.159.110.201 port 36540 [preauth]
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[898]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[973]: Successful su for rubyman by root
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[973]: + ??? root:rubyman
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581363 of user rubyman.
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[973]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581363.
Jun 24 03:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30429]: pam_unix(cron:session): session closed for user root
Jun 24 03:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1057]: Failed password for root from 91.92.40.240 port 60074 ssh2
Jun 24 03:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1057]: Connection closed by 91.92.40.240 port 60074 [preauth]
Jun 24 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32355]: pam_unix(cron:session): session closed for user root
Jun 24 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1466]: Successful su for rubyman by root
Jun 24 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1466]: + ??? root:rubyman
Jun 24 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581365 of user rubyman.
Jun 24 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1466]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581365.
Jun 24 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session closed for user root
Jun 24 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[336]: pam_unix(cron:session): session closed for user root
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: Successful su for rubyman by root
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: + ??? root:rubyman
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581370 of user rubyman.
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581370.
Jun 24 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session closed for user root
Jun 24 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Failed password for root from 91.92.40.240 port 44170 ssh2
Jun 24 03:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Connection closed by 91.92.40.240 port 44170 [preauth]
Jun 24 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session closed for user root
Jun 24 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2386]: pam_unix(cron:session): session closed for user root
Jun 24 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2381]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2453]: Successful su for rubyman by root
Jun 24 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2453]: + ??? root:rubyman
Jun 24 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581374 of user rubyman.
Jun 24 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2453]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581374.
Jun 24 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2383]: pam_unix(cron:session): session closed for user root
Jun 24 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31855]: pam_unix(cron:session): session closed for user root
Jun 24 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session closed for user root
Jun 24 03:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 03:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: Failed password for root from 103.77.242.62 port 43908 ssh2
Jun 24 03:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: Connection closed by 103.77.242.62 port 43908 [preauth]
Jun 24 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2909]: Successful su for rubyman by root
Jun 24 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2909]: + ??? root:rubyman
Jun 24 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581379 of user rubyman.
Jun 24 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2909]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581379.
Jun 24 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session closed for user root
Jun 24 03:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1915]: pam_unix(cron:session): session closed for user root
Jun 24 03:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Failed password for root from 91.92.40.240 port 60998 ssh2
Jun 24 03:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Connection closed by 91.92.40.240 port 60998 [preauth]
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3237]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3303]: Successful su for rubyman by root
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3303]: + ??? root:rubyman
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581383 of user rubyman.
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3303]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581383.
Jun 24 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[335]: pam_unix(cron:session): session closed for user root
Jun 24 03:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3238]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2385]: pam_unix(cron:session): session closed for user root
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3789]: Successful su for rubyman by root
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3789]: + ??? root:rubyman
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581388 of user rubyman.
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3789]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581388.
Jun 24 03:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session closed for user root
Jun 24 03:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 03:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Failed password for root from 141.98.83.240 port 8180 ssh2
Jun 24 03:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 8180 ssh2]
Jun 24 03:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Connection closed by 141.98.83.240 port 8180 [preauth]
Jun 24 03:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2846]: pam_unix(cron:session): session closed for user root
Jun 24 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Failed password for root from 91.92.40.240 port 56400 ssh2
Jun 24 03:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Connection closed by 91.92.40.240 port 56400 [preauth]
Jun 24 03:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4234]: Failed password for root from 103.149.28.157 port 46688 ssh2
Jun 24 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4234]: Connection closed by 103.149.28.157 port 46688 [preauth]
Jun 24 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4247]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4313]: Successful su for rubyman by root
Jun 24 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4313]: + ??? root:rubyman
Jun 24 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581393 of user rubyman.
Jun 24 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4313]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581393.
Jun 24 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session closed for user root
Jun 24 03:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4248]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3240]: pam_unix(cron:session): session closed for user root
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4654]: pam_unix(cron:session): session closed for user root
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4649]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4722]: Successful su for rubyman by root
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4722]: + ??? root:rubyman
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581397 of user rubyman.
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4722]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581397.
Jun 24 03:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4651]: pam_unix(cron:session): session closed for user root
Jun 24 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1913]: pam_unix(cron:session): session closed for user root
Jun 24 03:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4650]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session closed for user root
Jun 24 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5189]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5261]: Successful su for rubyman by root
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5261]: + ??? root:rubyman
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581403 of user rubyman.
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5261]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581403.
Jun 24 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2384]: pam_unix(cron:session): session closed for user root
Jun 24 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: Failed password for root from 91.92.40.240 port 38240 ssh2
Jun 24 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: Connection closed by 91.92.40.240 port 38240 [preauth]
Jun 24 03:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5190]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4250]: pam_unix(cron:session): session closed for user root
Jun 24 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5609]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5666]: Successful su for rubyman by root
Jun 24 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5666]: + ??? root:rubyman
Jun 24 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581405 of user rubyman.
Jun 24 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5666]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581405.
Jun 24 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session closed for user root
Jun 24 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4653]: pam_unix(cron:session): session closed for user root
Jun 24 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5993]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: Successful su for rubyman by root
Jun 24 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: + ??? root:rubyman
Jun 24 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581410 of user rubyman.
Jun 24 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581410.
Jun 24 03:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3239]: pam_unix(cron:session): session closed for user root
Jun 24 03:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5994]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6237]: Failed password for root from 91.92.40.240 port 52460 ssh2
Jun 24 03:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6237]: Connection closed by 91.92.40.240 port 52460 [preauth]
Jun 24 03:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5192]: pam_unix(cron:session): session closed for user root
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6384]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6444]: Successful su for rubyman by root
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6444]: + ??? root:rubyman
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581413 of user rubyman.
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6444]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581413.
Jun 24 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session closed for user root
Jun 24 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6385]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session closed for user root
Jun 24 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6803]: pam_unix(cron:session): session closed for user root
Jun 24 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6797]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6868]: Successful su for rubyman by root
Jun 24 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6868]: + ??? root:rubyman
Jun 24 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581418 of user rubyman.
Jun 24 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6868]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581418.
Jun 24 03:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4249]: pam_unix(cron:session): session closed for user root
Jun 24 03:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6800]: pam_unix(cron:session): session closed for user root
Jun 24 03:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6798]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7203]: Failed password for root from 91.92.40.240 port 46728 ssh2
Jun 24 03:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7203]: Connection closed by 91.92.40.240 port 46728 [preauth]
Jun 24 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session closed for user root
Jun 24 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7394]: Successful su for rubyman by root
Jun 24 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7394]: + ??? root:rubyman
Jun 24 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581423 of user rubyman.
Jun 24 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7394]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581423.
Jun 24 03:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4652]: pam_unix(cron:session): session closed for user root
Jun 24 03:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6387]: pam_unix(cron:session): session closed for user root
Jun 24 03:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7787]: Failed password for root from 62.133.62.83 port 46334 ssh2
Jun 24 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7787]: Connection closed by 62.133.62.83 port 46334 [preauth]
Jun 24 03:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Failed password for root from 80.66.85.226 port 38868 ssh2
Jun 24 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Connection closed by 80.66.85.226 port 38868 [preauth]
Jun 24 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7824]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7881]: Successful su for rubyman by root
Jun 24 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7881]: + ??? root:rubyman
Jun 24 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581428 of user rubyman.
Jun 24 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7881]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581428.
Jun 24 03:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5191]: pam_unix(cron:session): session closed for user root
Jun 24 03:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7825]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6802]: pam_unix(cron:session): session closed for user root
Jun 24 03:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Failed password for root from 91.92.40.240 port 43058 ssh2
Jun 24 03:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Connection closed by 91.92.40.240 port 43058 [preauth]
Jun 24 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8219]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8278]: Successful su for rubyman by root
Jun 24 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8278]: + ??? root:rubyman
Jun 24 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581431 of user rubyman.
Jun 24 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8278]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581431.
Jun 24 03:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: Failed password for root from 38.93.206.2 port 1528 ssh2
Jun 24 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: Connection closed by 38.93.206.2 port 1528 [preauth]
Jun 24 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session closed for user root
Jun 24 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8220]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user root
Jun 24 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8612]: pam_unix(cron:session): session closed for user p13x
Jun 24 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8672]: Successful su for rubyman by root
Jun 24 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8672]: + ??? root:rubyman
Jun 24 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581436 of user rubyman.
Jun 24 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8672]: pam_unix(su:session): session closed for user rubyman
Jun 24 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581436.
Jun 24 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5995]: pam_unix(cron:session): session closed for user root
Jun 24 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8613]: pam_unix(cron:session): session closed for user samftp
Jun 24 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7827]: pam_unix(cron:session): session closed for user root
Jun 24 03:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 03:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8987]: Failed password for root from 91.92.40.240 port 59604 ssh2
Jun 24 03:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8987]: Connection closed by 91.92.40.240 port 59604 [preauth]
Jun 24 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session closed for user root
Jun 24 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9013]: pam_unix(cron:session): session closed for user root
Jun 24 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9007]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9098]: Successful su for rubyman by root
Jun 24 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9098]: + ??? root:rubyman
Jun 24 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581439 of user rubyman.
Jun 24 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9098]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581439.
Jun 24 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9010]: pam_unix(cron:session): session closed for user root
Jun 24 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6386]: pam_unix(cron:session): session closed for user root
Jun 24 04:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9008]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session closed for user root
Jun 24 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 24 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:89.248.167.131
Jun 24 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9494]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9560]: Successful su for rubyman by root
Jun 24 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9560]: + ??? root:rubyman
Jun 24 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581447 of user rubyman.
Jun 24 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9560]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581447.
Jun 24 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6801]: pam_unix(cron:session): session closed for user root
Jun 24 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9495]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8615]: pam_unix(cron:session): session closed for user root
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10074]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10141]: Successful su for rubyman by root
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10141]: + ??? root:rubyman
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581451 of user rubyman.
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10141]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581451.
Jun 24 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user root
Jun 24 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10075]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Failed password for root from 91.92.40.240 port 42440 ssh2
Jun 24 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Connection closed by 91.92.40.240 port 42440 [preauth]
Jun 24 04:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9012]: pam_unix(cron:session): session closed for user root
Jun 24 04:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 04:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: Failed password for root from 103.82.132.16 port 35286 ssh2
Jun 24 04:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: Connection closed by 103.82.132.16 port 35286 [preauth]
Jun 24 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10572]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10637]: Successful su for rubyman by root
Jun 24 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10637]: + ??? root:rubyman
Jun 24 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581455 of user rubyman.
Jun 24 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10637]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581455.
Jun 24 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7826]: pam_unix(cron:session): session closed for user root
Jun 24 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10573]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 04:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Failed password for root from 103.27.238.120 port 38506 ssh2
Jun 24 04:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Connection closed by 103.27.238.120 port 38506 [preauth]
Jun 24 04:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9497]: pam_unix(cron:session): session closed for user root
Jun 24 04:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Failed password for root from 82.39.86.153 port 52146 ssh2
Jun 24 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Received disconnect from 82.39.86.153 port 52146:11: Bye Bye [preauth]
Jun 24 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Disconnected from 82.39.86.153 port 52146 [preauth]
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11059]: Successful su for rubyman by root
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11059]: + ??? root:rubyman
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581458 of user rubyman.
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11059]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581458.
Jun 24 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8221]: pam_unix(cron:session): session closed for user root
Jun 24 04:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10997]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Received disconnect from 103.57.224.219 port 58616:11: disconnected by user [preauth]
Jun 24 04:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Disconnected from 103.57.224.219 port 58616 [preauth]
Jun 24 04:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Failed password for root from 91.92.40.240 port 60604 ssh2
Jun 24 04:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Connection closed by 91.92.40.240 port 60604 [preauth]
Jun 24 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10078]: pam_unix(cron:session): session closed for user root
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11426]: pam_unix(cron:session): session closed for user root
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11503]: Successful su for rubyman by root
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11503]: + ??? root:rubyman
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581464 of user rubyman.
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11503]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581464.
Jun 24 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11423]: pam_unix(cron:session): session closed for user root
Jun 24 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8614]: pam_unix(cron:session): session closed for user root
Jun 24 04:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10575]: pam_unix(cron:session): session closed for user root
Jun 24 04:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: Invalid user user from 45.148.10.121
Jun 24 04:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: input_userauth_request: invalid user user [preauth]
Jun 24 04:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 04:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: Failed password for invalid user user from 45.148.10.121 port 39476 ssh2
Jun 24 04:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: Connection closed by 45.148.10.121 port 39476 [preauth]
Jun 24 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11893]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: Successful su for rubyman by root
Jun 24 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: + ??? root:rubyman
Jun 24 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581468 of user rubyman.
Jun 24 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581468.
Jun 24 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9011]: pam_unix(cron:session): session closed for user root
Jun 24 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11894]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10999]: pam_unix(cron:session): session closed for user root
Jun 24 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 04:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12240]: Failed password for root from 91.92.40.240 port 35388 ssh2
Jun 24 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12240]: Connection closed by 91.92.40.240 port 35388 [preauth]
Jun 24 04:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Invalid user sharp from 217.76.154.242
Jun 24 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: input_userauth_request: invalid user sharp [preauth]
Jun 24 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 24 04:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Failed password for invalid user sharp from 217.76.154.242 port 47330 ssh2
Jun 24 04:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Connection closed by 217.76.154.242 port 47330 [preauth]
Jun 24 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12445]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12508]: Successful su for rubyman by root
Jun 24 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12508]: + ??? root:rubyman
Jun 24 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581473 of user rubyman.
Jun 24 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12508]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581473.
Jun 24 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9496]: pam_unix(cron:session): session closed for user root
Jun 24 04:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12446]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11425]: pam_unix(cron:session): session closed for user root
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12917]: Successful su for rubyman by root
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12917]: + ??? root:rubyman
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581478 of user rubyman.
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12917]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581478.
Jun 24 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10076]: pam_unix(cron:session): session closed for user root
Jun 24 04:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12849]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11896]: pam_unix(cron:session): session closed for user root
Jun 24 04:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 04:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: Failed password for root from 91.92.40.240 port 34026 ssh2
Jun 24 04:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: Connection closed by 91.92.40.240 port 34026 [preauth]
Jun 24 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13272]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13395]: Successful su for rubyman by root
Jun 24 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13395]: + ??? root:rubyman
Jun 24 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581480 of user rubyman.
Jun 24 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13395]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581480.
Jun 24 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13270]: pam_unix(cron:session): session closed for user root
Jun 24 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10574]: pam_unix(cron:session): session closed for user root
Jun 24 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13273]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: Failed password for root from 82.39.86.153 port 37822 ssh2
Jun 24 04:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: Received disconnect from 82.39.86.153 port 37822:11: Bye Bye [preauth]
Jun 24 04:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: Disconnected from 82.39.86.153 port 37822 [preauth]
Jun 24 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session closed for user root
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13771]: pam_unix(cron:session): session closed for user root
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13766]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13835]: Successful su for rubyman by root
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13835]: + ??? root:rubyman
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581485 of user rubyman.
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13835]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581485.
Jun 24 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13768]: pam_unix(cron:session): session closed for user root
Jun 24 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10998]: pam_unix(cron:session): session closed for user root
Jun 24 04:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13767]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12851]: pam_unix(cron:session): session closed for user root
Jun 24 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: Failed password for root from 103.176.20.57 port 60386 ssh2
Jun 24 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: Connection closed by 103.176.20.57 port 60386 [preauth]
Jun 24 04:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: Failed password for root from 91.92.40.240 port 39056 ssh2
Jun 24 04:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14184]: Connection closed by 91.92.40.240 port 39056 [preauth]
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14260]: Successful su for rubyman by root
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14260]: + ??? root:rubyman
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581493 of user rubyman.
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14260]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581493.
Jun 24 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11424]: pam_unix(cron:session): session closed for user root
Jun 24 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session closed for user root
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14591]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14696]: Successful su for rubyman by root
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14696]: + ??? root:rubyman
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581495 of user rubyman.
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14696]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581495.
Jun 24 04:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11895]: pam_unix(cron:session): session closed for user root
Jun 24 04:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Failed password for root from 82.39.86.153 port 51080 ssh2
Jun 24 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Received disconnect from 82.39.86.153 port 51080:11: Bye Bye [preauth]
Jun 24 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Disconnected from 82.39.86.153 port 51080 [preauth]
Jun 24 04:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13770]: pam_unix(cron:session): session closed for user root
Jun 24 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: Successful su for rubyman by root
Jun 24 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: + ??? root:rubyman
Jun 24 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581499 of user rubyman.
Jun 24 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581499.
Jun 24 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session closed for user root
Jun 24 04:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=root
Jun 24 04:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15288]: Failed password for root from 91.92.40.240 port 59296 ssh2
Jun 24 04:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15288]: Connection closed by 91.92.40.240 port 59296 [preauth]
Jun 24 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session closed for user root
Jun 24 04:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 04:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Failed password for root from 103.172.78.219 port 49574 ssh2
Jun 24 04:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Connection closed by 103.172.78.219 port 49574 [preauth]
Jun 24 04:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15472]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: Successful su for rubyman by root
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: + ??? root:rubyman
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581504 of user rubyman.
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581504.
Jun 24 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session closed for user root
Jun 24 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Failed password for root from 202.178.126.219 port 29055 ssh2
Jun 24 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Connection closed by 202.178.126.219 port 29055 [preauth]
Jun 24 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15473]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: Received disconnect from 62.210.207.172 port 36090:11: disconnected by user [preauth]
Jun 24 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: Disconnected from 62.210.207.172 port 36090 [preauth]
Jun 24 04:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session closed for user root
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15873]: pam_unix(cron:session): session closed for user root
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15935]: Successful su for rubyman by root
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15935]: + ??? root:rubyman
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581508 of user rubyman.
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15935]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581508.
Jun 24 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session closed for user root
Jun 24 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13274]: pam_unix(cron:session): session closed for user root
Jun 24 04:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15869]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Invalid user peer from 82.39.86.153
Jun 24 04:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: input_userauth_request: invalid user peer [preauth]
Jun 24 04:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153
Jun 24 04:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: Invalid user admin from 91.92.40.240
Jun 24 04:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Failed password for invalid user peer from 82.39.86.153 port 51412 ssh2
Jun 24 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Received disconnect from 82.39.86.153 port 51412:11: Bye Bye [preauth]
Jun 24 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Disconnected from 82.39.86.153 port 51412 [preauth]
Jun 24 04:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: Failed password for invalid user admin from 91.92.40.240 port 59606 ssh2
Jun 24 04:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: Connection closed by 91.92.40.240 port 59606 [preauth]
Jun 24 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session closed for user root
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16287]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16352]: Successful su for rubyman by root
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16352]: + ??? root:rubyman
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581513 of user rubyman.
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16352]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581513.
Jun 24 04:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13769]: pam_unix(cron:session): session closed for user root
Jun 24 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16288]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15475]: pam_unix(cron:session): session closed for user root
Jun 24 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Invalid user user4 from 20.49.0.100
Jun 24 04:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: input_userauth_request: invalid user user4 [preauth]
Jun 24 04:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Failed password for invalid user user4 from 20.49.0.100 port 33386 ssh2
Jun 24 04:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Received disconnect from 20.49.0.100 port 33386:11: Bye Bye [preauth]
Jun 24 04:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Disconnected from 20.49.0.100 port 33386 [preauth]
Jun 24 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16685]: pam_unix(cron:session): session closed for user root
Jun 24 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16687]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16749]: Successful su for rubyman by root
Jun 24 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16749]: + ??? root:rubyman
Jun 24 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581517 of user rubyman.
Jun 24 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16749]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581517.
Jun 24 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session closed for user root
Jun 24 04:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16688]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Invalid user admin from 91.92.40.240
Jun 24 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Failed password for invalid user admin from 91.92.40.240 port 42472 ssh2
Jun 24 04:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Connection closed by 91.92.40.240 port 42472 [preauth]
Jun 24 04:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15872]: pam_unix(cron:session): session closed for user root
Jun 24 04:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100  user=root
Jun 24 04:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: Failed password for root from 20.49.0.100 port 36666 ssh2
Jun 24 04:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: Received disconnect from 20.49.0.100 port 36666:11: Bye Bye [preauth]
Jun 24 04:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: Disconnected from 20.49.0.100 port 36666 [preauth]
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17188]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17250]: Successful su for rubyman by root
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17250]: + ??? root:rubyman
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581522 of user rubyman.
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17250]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581522.
Jun 24 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session closed for user root
Jun 24 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17189]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Invalid user ubuntu from 82.39.86.153
Jun 24 04:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 04:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153
Jun 24 04:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Failed password for invalid user ubuntu from 82.39.86.153 port 54254 ssh2
Jun 24 04:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Received disconnect from 82.39.86.153 port 54254:11: Bye Bye [preauth]
Jun 24 04:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Disconnected from 82.39.86.153 port 54254 [preauth]
Jun 24 04:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16290]: pam_unix(cron:session): session closed for user root
Jun 24 04:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Invalid user myappuser from 20.49.0.100
Jun 24 04:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: input_userauth_request: invalid user myappuser [preauth]
Jun 24 04:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Failed password for invalid user myappuser from 20.49.0.100 port 60812 ssh2
Jun 24 04:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Received disconnect from 20.49.0.100 port 60812:11: Bye Bye [preauth]
Jun 24 04:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Disconnected from 20.49.0.100 port 60812 [preauth]
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17749]: Successful su for rubyman by root
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17749]: + ??? root:rubyman
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581527 of user rubyman.
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17749]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581527.
Jun 24 04:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session closed for user root
Jun 24 04:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17606]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17953]: Connection closed by 192.248.150.180 port 59336 [preauth]
Jun 24 04:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16690]: pam_unix(cron:session): session closed for user root
Jun 24 04:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Invalid user admin from 91.92.40.240
Jun 24 04:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Failed password for invalid user admin from 91.92.40.240 port 54082 ssh2
Jun 24 04:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Connection closed by 91.92.40.240 port 54082 [preauth]
Jun 24 04:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 04:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Failed password for root from 176.32.39.21 port 58856 ssh2
Jun 24 04:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Connection closed by 176.32.39.21 port 58856 [preauth]
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18119]: pam_unix(cron:session): session closed for user root
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18113]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18188]: Successful su for rubyman by root
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18188]: + ??? root:rubyman
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581531 of user rubyman.
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18188]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581531.
Jun 24 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session closed for user root
Jun 24 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15474]: pam_unix(cron:session): session closed for user root
Jun 24 04:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: Invalid user jupyter from 20.49.0.100
Jun 24 04:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: input_userauth_request: invalid user jupyter [preauth]
Jun 24 04:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: Failed password for invalid user jupyter from 20.49.0.100 port 51512 ssh2
Jun 24 04:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: Received disconnect from 20.49.0.100 port 51512:11: Bye Bye [preauth]
Jun 24 04:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: Disconnected from 20.49.0.100 port 51512 [preauth]
Jun 24 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17191]: pam_unix(cron:session): session closed for user root
Jun 24 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18652]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18726]: Successful su for rubyman by root
Jun 24 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18726]: + ??? root:rubyman
Jun 24 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581537 of user rubyman.
Jun 24 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18726]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581537.
Jun 24 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15871]: pam_unix(cron:session): session closed for user root
Jun 24 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18653]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100  user=root
Jun 24 04:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: Failed password for root from 20.49.0.100 port 52402 ssh2
Jun 24 04:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: Received disconnect from 20.49.0.100 port 52402:11: Bye Bye [preauth]
Jun 24 04:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: Disconnected from 20.49.0.100 port 52402 [preauth]
Jun 24 04:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Failed password for root from 82.39.86.153 port 55750 ssh2
Jun 24 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Received disconnect from 82.39.86.153 port 55750:11: Bye Bye [preauth]
Jun 24 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Disconnected from 82.39.86.153 port 55750 [preauth]
Jun 24 04:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: Invalid user admin from 193.46.255.86
Jun 24 04:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 04:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: Failed password for invalid user admin from 193.46.255.86 port 5992 ssh2
Jun 24 04:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: Failed password for invalid user admin from 193.46.255.86 port 5992 ssh2
Jun 24 04:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: Failed password for invalid user admin from 193.46.255.86 port 5992 ssh2
Jun 24 04:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: Connection closed by 193.46.255.86 port 5992 [preauth]
Jun 24 04:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17608]: pam_unix(cron:session): session closed for user root
Jun 24 04:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19061]: Invalid user admin from 91.92.40.240
Jun 24 04:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19061]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19061]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19061]: Failed password for invalid user admin from 91.92.40.240 port 60076 ssh2
Jun 24 04:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19061]: Connection closed by 91.92.40.240 port 60076 [preauth]
Jun 24 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19089]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: Successful su for rubyman by root
Jun 24 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: + ??? root:rubyman
Jun 24 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581541 of user rubyman.
Jun 24 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581541.
Jun 24 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16289]: pam_unix(cron:session): session closed for user root
Jun 24 04:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19090]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Invalid user redhat from 20.49.0.100
Jun 24 04:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: input_userauth_request: invalid user redhat [preauth]
Jun 24 04:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Failed password for invalid user redhat from 20.49.0.100 port 38642 ssh2
Jun 24 04:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Received disconnect from 20.49.0.100 port 38642:11: Bye Bye [preauth]
Jun 24 04:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Disconnected from 20.49.0.100 port 38642 [preauth]
Jun 24 04:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18118]: pam_unix(cron:session): session closed for user root
Jun 24 04:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19773]: Received disconnect from 212.192.240.10 port 31746:11: disconnected by user [preauth]
Jun 24 04:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19773]: Disconnected from 212.192.240.10 port 31746 [preauth]
Jun 24 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19863]: Successful su for rubyman by root
Jun 24 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19863]: + ??? root:rubyman
Jun 24 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581545 of user rubyman.
Jun 24 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19863]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581545.
Jun 24 04:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16689]: pam_unix(cron:session): session closed for user root
Jun 24 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Invalid user sonar from 20.49.0.100
Jun 24 04:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: input_userauth_request: invalid user sonar [preauth]
Jun 24 04:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Failed password for invalid user sonar from 20.49.0.100 port 52892 ssh2
Jun 24 04:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Received disconnect from 20.49.0.100 port 52892:11: Bye Bye [preauth]
Jun 24 04:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Disconnected from 20.49.0.100 port 52892 [preauth]
Jun 24 04:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Invalid user leyla from 2.57.121.112
Jun 24 04:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: input_userauth_request: invalid user leyla [preauth]
Jun 24 04:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18655]: pam_unix(cron:session): session closed for user root
Jun 24 04:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Failed password for invalid user leyla from 2.57.121.112 port 48762 ssh2
Jun 24 04:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Failed password for invalid user leyla from 2.57.121.112 port 48762 ssh2
Jun 24 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Failed password for invalid user leyla from 2.57.121.112 port 48762 ssh2
Jun 24 04:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Failed password for invalid user leyla from 2.57.121.112 port 48762 ssh2
Jun 24 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Connection closed by 2.57.121.112 port 48762 [preauth]
Jun 24 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 24 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: Invalid user leyla from 2.57.121.112
Jun 24 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: input_userauth_request: invalid user leyla [preauth]
Jun 24 04:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 04:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: Failed password for invalid user leyla from 2.57.121.112 port 46440 ssh2
Jun 24 04:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: Connection closed by 2.57.121.112 port 46440 [preauth]
Jun 24 04:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: Invalid user admin from 91.92.40.240
Jun 24 04:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: Failed password for invalid user admin from 91.92.40.240 port 56884 ssh2
Jun 24 04:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: Connection closed by 91.92.40.240 port 56884 [preauth]
Jun 24 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20293]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20361]: Successful su for rubyman by root
Jun 24 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20361]: + ??? root:rubyman
Jun 24 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581549 of user rubyman.
Jun 24 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20361]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581549.
Jun 24 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17190]: pam_unix(cron:session): session closed for user root
Jun 24 04:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Invalid user postgres from 82.39.86.153
Jun 24 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: input_userauth_request: invalid user postgres [preauth]
Jun 24 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153
Jun 24 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Failed password for invalid user postgres from 82.39.86.153 port 57066 ssh2
Jun 24 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Received disconnect from 82.39.86.153 port 57066:11: Bye Bye [preauth]
Jun 24 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Disconnected from 82.39.86.153 port 57066 [preauth]
Jun 24 04:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: Invalid user tin from 20.49.0.100
Jun 24 04:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: input_userauth_request: invalid user tin [preauth]
Jun 24 04:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: Failed password for invalid user tin from 20.49.0.100 port 44244 ssh2
Jun 24 04:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: Received disconnect from 20.49.0.100 port 44244:11: Bye Bye [preauth]
Jun 24 04:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20597]: Disconnected from 20.49.0.100 port 44244 [preauth]
Jun 24 04:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19092]: pam_unix(cron:session): session closed for user root
Jun 24 04:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: Invalid user roberto from 141.98.83.240
Jun 24 04:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: input_userauth_request: invalid user roberto [preauth]
Jun 24 04:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 04:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: Failed password for invalid user roberto from 141.98.83.240 port 60006 ssh2
Jun 24 04:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: Failed password for invalid user roberto from 141.98.83.240 port 60006 ssh2
Jun 24 04:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: Failed password for invalid user roberto from 141.98.83.240 port 60006 ssh2
Jun 24 04:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: Connection closed by 141.98.83.240 port 60006 [preauth]
Jun 24 04:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20809]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20810]: pam_unix(cron:session): session closed for user root
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20805]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20889]: Successful su for rubyman by root
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20889]: + ??? root:rubyman
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581555 of user rubyman.
Jun 24 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20889]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581555.
Jun 24 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20807]: pam_unix(cron:session): session closed for user root
Jun 24 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session closed for user root
Jun 24 04:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20806]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: Invalid user leon from 20.49.0.100
Jun 24 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: input_userauth_request: invalid user leon [preauth]
Jun 24 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: Failed password for invalid user leon from 20.49.0.100 port 48336 ssh2
Jun 24 04:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: Received disconnect from 20.49.0.100 port 48336:11: Bye Bye [preauth]
Jun 24 04:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: Disconnected from 20.49.0.100 port 48336 [preauth]
Jun 24 04:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19790]: pam_unix(cron:session): session closed for user root
Jun 24 04:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 04:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: Failed password for root from 87.251.79.125 port 43108 ssh2
Jun 24 04:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: Connection closed by 87.251.79.125 port 43108 [preauth]
Jun 24 04:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21243]: Invalid user admin from 91.92.40.240
Jun 24 04:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21243]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21243]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21256]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21257]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21254]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21327]: Successful su for rubyman by root
Jun 24 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21327]: + ??? root:rubyman
Jun 24 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581558 of user rubyman.
Jun 24 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21327]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581558.
Jun 24 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21243]: Failed password for invalid user admin from 91.92.40.240 port 39948 ssh2
Jun 24 04:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21243]: Connection closed by 91.92.40.240 port 39948 [preauth]
Jun 24 04:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18117]: pam_unix(cron:session): session closed for user root
Jun 24 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21255]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session closed for user root
Jun 24 04:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Invalid user teamspeak from 20.49.0.100
Jun 24 04:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: input_userauth_request: invalid user teamspeak [preauth]
Jun 24 04:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Failed password for invalid user teamspeak from 20.49.0.100 port 41748 ssh2
Jun 24 04:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Received disconnect from 20.49.0.100 port 41748:11: Bye Bye [preauth]
Jun 24 04:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Disconnected from 20.49.0.100 port 41748 [preauth]
Jun 24 04:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21759]: Successful su for rubyman by root
Jun 24 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21759]: + ??? root:rubyman
Jun 24 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581562 of user rubyman.
Jun 24 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21759]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581562.
Jun 24 04:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: Failed password for root from 147.45.199.80 port 37664 ssh2
Jun 24 04:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: Connection closed by 147.45.199.80 port 37664 [preauth]
Jun 24 04:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18654]: pam_unix(cron:session): session closed for user root
Jun 24 04:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: Failed password for root from 82.39.86.153 port 50296 ssh2
Jun 24 04:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: Received disconnect from 82.39.86.153 port 50296:11: Bye Bye [preauth]
Jun 24 04:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21959]: Disconnected from 82.39.86.153 port 50296 [preauth]
Jun 24 04:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20809]: pam_unix(cron:session): session closed for user root
Jun 24 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Invalid user gbasedbt from 20.49.0.100
Jun 24 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: input_userauth_request: invalid user gbasedbt [preauth]
Jun 24 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Failed password for invalid user gbasedbt from 20.49.0.100 port 56798 ssh2
Jun 24 04:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Received disconnect from 20.49.0.100 port 56798:11: Bye Bye [preauth]
Jun 24 04:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Disconnected from 20.49.0.100 port 56798 [preauth]
Jun 24 04:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Invalid user admin from 91.92.40.240
Jun 24 04:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Failed password for invalid user admin from 91.92.40.240 port 41296 ssh2
Jun 24 04:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Connection closed by 91.92.40.240 port 41296 [preauth]
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22102]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22167]: Successful su for rubyman by root
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22167]: + ??? root:rubyman
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581566 of user rubyman.
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22167]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581566.
Jun 24 04:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19091]: pam_unix(cron:session): session closed for user root
Jun 24 04:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22103]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21257]: pam_unix(cron:session): session closed for user root
Jun 24 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100  user=root
Jun 24 04:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: Failed password for root from 20.49.0.100 port 32790 ssh2
Jun 24 04:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: Received disconnect from 20.49.0.100 port 32790:11: Bye Bye [preauth]
Jun 24 04:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: Disconnected from 20.49.0.100 port 32790 [preauth]
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22604]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22602]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22662]: Successful su for rubyman by root
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22662]: + ??? root:rubyman
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581571 of user rubyman.
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22662]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581571.
Jun 24 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19789]: pam_unix(cron:session): session closed for user root
Jun 24 04:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22603]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21703]: pam_unix(cron:session): session closed for user root
Jun 24 04:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: Invalid user ubuntu from 20.49.0.100
Jun 24 04:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 04:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: Failed password for invalid user ubuntu from 20.49.0.100 port 37994 ssh2
Jun 24 04:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: Received disconnect from 20.49.0.100 port 37994:11: Bye Bye [preauth]
Jun 24 04:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: Disconnected from 20.49.0.100 port 37994 [preauth]
Jun 24 04:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: Invalid user admin from 91.92.40.240
Jun 24 04:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: Failed password for invalid user admin from 91.92.40.240 port 56318 ssh2
Jun 24 04:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: Connection closed by 91.92.40.240 port 56318 [preauth]
Jun 24 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23011]: pam_unix(cron:session): session closed for user root
Jun 24 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: Successful su for rubyman by root
Jun 24 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: + ??? root:rubyman
Jun 24 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581574 of user rubyman.
Jun 24 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581574.
Jun 24 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session closed for user root
Jun 24 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session closed for user root
Jun 24 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 04:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Failed password for root from 82.39.86.153 port 46316 ssh2
Jun 24 04:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Failed password for root from 103.27.238.114 port 32876 ssh2
Jun 24 04:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Received disconnect from 82.39.86.153 port 46316:11: Bye Bye [preauth]
Jun 24 04:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Disconnected from 82.39.86.153 port 46316 [preauth]
Jun 24 04:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Connection closed by 103.27.238.114 port 32876 [preauth]
Jun 24 04:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22105]: pam_unix(cron:session): session closed for user root
Jun 24 04:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: Connection closed by 194.59.206.2 port 62740 [preauth]
Jun 24 04:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100  user=root
Jun 24 04:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: Failed password for root from 20.49.0.100 port 55242 ssh2
Jun 24 04:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: Received disconnect from 20.49.0.100 port 55242:11: Bye Bye [preauth]
Jun 24 04:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: Disconnected from 20.49.0.100 port 55242 [preauth]
Jun 24 04:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Invalid user admin from 2.57.121.25
Jun 24 04:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23461]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23534]: Successful su for rubyman by root
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23534]: + ??? root:rubyman
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581581 of user rubyman.
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23534]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581581.
Jun 24 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Failed password for invalid user admin from 2.57.121.25 port 20730 ssh2
Jun 24 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Failed password for invalid user admin from 2.57.121.25 port 20730 ssh2
Jun 24 04:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20808]: pam_unix(cron:session): session closed for user root
Jun 24 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23462]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Failed password for invalid user admin from 2.57.121.25 port 20730 ssh2
Jun 24 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Connection closed by 2.57.121.25 port 20730 [preauth]
Jun 24 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 04:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22605]: pam_unix(cron:session): session closed for user root
Jun 24 04:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Invalid user admin from 91.92.40.240
Jun 24 04:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Failed password for invalid user admin from 91.92.40.240 port 51040 ssh2
Jun 24 04:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Connection closed by 91.92.40.240 port 51040 [preauth]
Jun 24 04:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: Invalid user appuser from 20.49.0.100
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: input_userauth_request: invalid user appuser [preauth]
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23992]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24053]: Successful su for rubyman by root
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24053]: + ??? root:rubyman
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581584 of user rubyman.
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24053]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581584.
Jun 24 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: Failed password for invalid user appuser from 20.49.0.100 port 48038 ssh2
Jun 24 04:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: Received disconnect from 20.49.0.100 port 48038:11: Bye Bye [preauth]
Jun 24 04:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: Disconnected from 20.49.0.100 port 48038 [preauth]
Jun 24 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21256]: pam_unix(cron:session): session closed for user root
Jun 24 04:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23993]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session closed for user root
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24407]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24478]: Successful su for rubyman by root
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24478]: + ??? root:rubyman
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581588 of user rubyman.
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24478]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581588.
Jun 24 04:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session closed for user root
Jun 24 04:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100  user=root
Jun 24 04:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24408]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24628]: Failed password for root from 20.49.0.100 port 47838 ssh2
Jun 24 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24628]: Received disconnect from 20.49.0.100 port 47838:11: Bye Bye [preauth]
Jun 24 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24628]: Disconnected from 20.49.0.100 port 47838 [preauth]
Jun 24 04:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Invalid user ubuntu from 82.39.86.153
Jun 24 04:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 04:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153
Jun 24 04:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Failed password for invalid user ubuntu from 82.39.86.153 port 34584 ssh2
Jun 24 04:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Received disconnect from 82.39.86.153 port 34584:11: Bye Bye [preauth]
Jun 24 04:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Disconnected from 82.39.86.153 port 34584 [preauth]
Jun 24 04:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23464]: pam_unix(cron:session): session closed for user root
Jun 24 04:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Invalid user admin from 91.92.40.240
Jun 24 04:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Failed password for invalid user admin from 91.92.40.240 port 51570 ssh2
Jun 24 04:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Connection closed by 91.92.40.240 port 51570 [preauth]
Jun 24 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24837]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24895]: Successful su for rubyman by root
Jun 24 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24895]: + ??? root:rubyman
Jun 24 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581593 of user rubyman.
Jun 24 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24895]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581593.
Jun 24 04:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22104]: pam_unix(cron:session): session closed for user root
Jun 24 04:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100  user=root
Jun 24 04:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25091]: Failed password for root from 20.49.0.100 port 60584 ssh2
Jun 24 04:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25091]: Received disconnect from 20.49.0.100 port 60584:11: Bye Bye [preauth]
Jun 24 04:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25091]: Disconnected from 20.49.0.100 port 60584 [preauth]
Jun 24 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23995]: pam_unix(cron:session): session closed for user root
Jun 24 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25240]: pam_unix(cron:session): session closed for user root
Jun 24 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25235]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: Successful su for rubyman by root
Jun 24 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: + ??? root:rubyman
Jun 24 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581600 of user rubyman.
Jun 24 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581600.
Jun 24 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25237]: pam_unix(cron:session): session closed for user root
Jun 24 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22604]: pam_unix(cron:session): session closed for user root
Jun 24 04:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25236]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: Invalid user myuser from 20.49.0.100
Jun 24 04:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: input_userauth_request: invalid user myuser [preauth]
Jun 24 04:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: Failed password for invalid user myuser from 20.49.0.100 port 40704 ssh2
Jun 24 04:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: Received disconnect from 20.49.0.100 port 40704:11: Bye Bye [preauth]
Jun 24 04:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: Disconnected from 20.49.0.100 port 40704 [preauth]
Jun 24 04:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: Received disconnect from 96.127.172.215 port 55538:11: disconnected by user [preauth]
Jun 24 04:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: Disconnected from 96.127.172.215 port 55538 [preauth]
Jun 24 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24410]: pam_unix(cron:session): session closed for user root
Jun 24 04:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: Invalid user admin from 91.92.40.240
Jun 24 04:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: Failed password for invalid user admin from 91.92.40.240 port 59042 ssh2
Jun 24 04:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: Connection closed by 91.92.40.240 port 59042 [preauth]
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25660]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25731]: Successful su for rubyman by root
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25731]: + ??? root:rubyman
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581603 of user rubyman.
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25731]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581603.
Jun 24 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session closed for user root
Jun 24 04:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25661]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Failed password for root from 82.39.86.153 port 51404 ssh2
Jun 24 04:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Received disconnect from 82.39.86.153 port 51404:11: Bye Bye [preauth]
Jun 24 04:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Disconnected from 82.39.86.153 port 51404 [preauth]
Jun 24 04:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100  user=root
Jun 24 04:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25945]: Failed password for root from 20.49.0.100 port 33476 ssh2
Jun 24 04:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25945]: Received disconnect from 20.49.0.100 port 33476:11: Bye Bye [preauth]
Jun 24 04:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25945]: Disconnected from 20.49.0.100 port 33476 [preauth]
Jun 24 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24840]: pam_unix(cron:session): session closed for user root
Jun 24 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26059]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: Successful su for rubyman by root
Jun 24 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: + ??? root:rubyman
Jun 24 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581606 of user rubyman.
Jun 24 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581606.
Jun 24 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23463]: pam_unix(cron:session): session closed for user root
Jun 24 04:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26060]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: Invalid user jinhan from 20.49.0.100
Jun 24 04:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: input_userauth_request: invalid user jinhan [preauth]
Jun 24 04:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: Failed password for invalid user jinhan from 20.49.0.100 port 41022 ssh2
Jun 24 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: Received disconnect from 20.49.0.100 port 41022:11: Bye Bye [preauth]
Jun 24 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: Disconnected from 20.49.0.100 port 41022 [preauth]
Jun 24 04:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25239]: pam_unix(cron:session): session closed for user root
Jun 24 04:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: Invalid user admin from 91.92.40.240
Jun 24 04:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: Failed password for invalid user admin from 91.92.40.240 port 47594 ssh2
Jun 24 04:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26414]: Connection closed by 91.92.40.240 port 47594 [preauth]
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26454]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26515]: Successful su for rubyman by root
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26515]: + ??? root:rubyman
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581611 of user rubyman.
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26515]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581611.
Jun 24 04:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23994]: pam_unix(cron:session): session closed for user root
Jun 24 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26455]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Invalid user testuser from 20.49.0.100
Jun 24 04:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: input_userauth_request: invalid user testuser [preauth]
Jun 24 04:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Failed password for invalid user testuser from 20.49.0.100 port 49806 ssh2
Jun 24 04:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Received disconnect from 20.49.0.100 port 49806:11: Bye Bye [preauth]
Jun 24 04:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Disconnected from 20.49.0.100 port 49806 [preauth]
Jun 24 04:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25663]: pam_unix(cron:session): session closed for user root
Jun 24 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26943]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27062]: Successful su for rubyman by root
Jun 24 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27062]: + ??? root:rubyman
Jun 24 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581614 of user rubyman.
Jun 24 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27062]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581614.
Jun 24 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26939]: pam_unix(cron:session): session closed for user root
Jun 24 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24409]: pam_unix(cron:session): session closed for user root
Jun 24 04:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Failed password for root from 82.39.86.153 port 59386 ssh2
Jun 24 04:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Received disconnect from 82.39.86.153 port 59386:11: Bye Bye [preauth]
Jun 24 04:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Disconnected from 82.39.86.153 port 59386 [preauth]
Jun 24 04:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 24 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: Invalid user newuser from 20.49.0.100
Jun 24 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: input_userauth_request: invalid user newuser [preauth]
Jun 24 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26062]: pam_unix(cron:session): session closed for user root
Jun 24 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27365]: Failed password for root from 45.148.10.121 port 53330 ssh2
Jun 24 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27365]: Connection closed by 45.148.10.121 port 53330 [preauth]
Jun 24 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: Failed password for invalid user newuser from 20.49.0.100 port 46286 ssh2
Jun 24 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: Received disconnect from 20.49.0.100 port 46286:11: Bye Bye [preauth]
Jun 24 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: Disconnected from 20.49.0.100 port 46286 [preauth]
Jun 24 04:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: Invalid user admin from 91.92.40.240
Jun 24 04:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: Failed password for invalid user admin from 91.92.40.240 port 56506 ssh2
Jun 24 04:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27425]: Connection closed by 91.92.40.240 port 56506 [preauth]
Jun 24 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27460]: pam_unix(cron:session): session closed for user root
Jun 24 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27530]: Successful su for rubyman by root
Jun 24 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27530]: + ??? root:rubyman
Jun 24 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581623 of user rubyman.
Jun 24 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27530]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581623.
Jun 24 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27457]: pam_unix(cron:session): session closed for user root
Jun 24 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24839]: pam_unix(cron:session): session closed for user root
Jun 24 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26457]: pam_unix(cron:session): session closed for user root
Jun 24 04:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: Invalid user test from 20.49.0.100
Jun 24 04:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: input_userauth_request: invalid user test [preauth]
Jun 24 04:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 24 04:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: Failed password for invalid user test from 20.49.0.100 port 51708 ssh2
Jun 24 04:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: Received disconnect from 20.49.0.100 port 51708:11: Bye Bye [preauth]
Jun 24 04:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: Disconnected from 20.49.0.100 port 51708 [preauth]
Jun 24 04:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27844]: Failed password for root from 46.19.67.181 port 60686 ssh2
Jun 24 04:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27844]: Connection closed by 46.19.67.181 port 60686 [preauth]
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27901]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27972]: Successful su for rubyman by root
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27972]: + ??? root:rubyman
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581626 of user rubyman.
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27972]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581626.
Jun 24 04:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25238]: pam_unix(cron:session): session closed for user root
Jun 24 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27902]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26946]: pam_unix(cron:session): session closed for user root
Jun 24 04:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Invalid user zbx from 20.49.0.100
Jun 24 04:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: input_userauth_request: invalid user zbx [preauth]
Jun 24 04:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Failed password for invalid user zbx from 20.49.0.100 port 44270 ssh2
Jun 24 04:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Received disconnect from 20.49.0.100 port 44270:11: Bye Bye [preauth]
Jun 24 04:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Disconnected from 20.49.0.100 port 44270 [preauth]
Jun 24 04:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: Invalid user admin from 91.92.40.240
Jun 24 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: Failed password for invalid user admin from 91.92.40.240 port 57712 ssh2
Jun 24 04:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: Connection closed by 91.92.40.240 port 57712 [preauth]
Jun 24 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28369]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: Successful su for rubyman by root
Jun 24 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: + ??? root:rubyman
Jun 24 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581630 of user rubyman.
Jun 24 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581630.
Jun 24 04:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25662]: pam_unix(cron:session): session closed for user root
Jun 24 04:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27459]: pam_unix(cron:session): session closed for user root
Jun 24 04:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Invalid user naman from 20.49.0.100
Jun 24 04:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: input_userauth_request: invalid user naman [preauth]
Jun 24 04:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Failed password for invalid user naman from 20.49.0.100 port 48534 ssh2
Jun 24 04:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Received disconnect from 20.49.0.100 port 48534:11: Bye Bye [preauth]
Jun 24 04:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Disconnected from 20.49.0.100 port 48534 [preauth]
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28864]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28937]: Successful su for rubyman by root
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28937]: + ??? root:rubyman
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581634 of user rubyman.
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28937]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581634.
Jun 24 04:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26061]: pam_unix(cron:session): session closed for user root
Jun 24 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28865]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 04:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: Failed password for root from 38.93.206.2 port 18462 ssh2
Jun 24 04:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: Connection closed by 38.93.206.2 port 18462 [preauth]
Jun 24 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27904]: pam_unix(cron:session): session closed for user root
Jun 24 04:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: Invalid user admin from 91.92.40.240
Jun 24 04:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: Failed password for invalid user admin from 91.92.40.240 port 37246 ssh2
Jun 24 04:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: Connection closed by 91.92.40.240 port 37246 [preauth]
Jun 24 04:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Invalid user teste from 20.49.0.100
Jun 24 04:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: input_userauth_request: invalid user teste [preauth]
Jun 24 04:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Failed password for invalid user teste from 20.49.0.100 port 60066 ssh2
Jun 24 04:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Received disconnect from 20.49.0.100 port 60066:11: Bye Bye [preauth]
Jun 24 04:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Disconnected from 20.49.0.100 port 60066 [preauth]
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29306]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29365]: Successful su for rubyman by root
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29365]: + ??? root:rubyman
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581639 of user rubyman.
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29365]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581639.
Jun 24 04:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26456]: pam_unix(cron:session): session closed for user root
Jun 24 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 04:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29307]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: Failed password for root from 103.82.20.28 port 56826 ssh2
Jun 24 04:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: Connection closed by 103.82.20.28 port 56826 [preauth]
Jun 24 04:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 04:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Failed password for root from 193.37.70.224 port 34136 ssh2
Jun 24 04:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Connection closed by 193.37.70.224 port 34136 [preauth]
Jun 24 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28372]: pam_unix(cron:session): session closed for user root
Jun 24 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Invalid user admin from 20.49.0.100
Jun 24 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29848]: pam_unix(cron:session): session closed for user root
Jun 24 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Failed password for invalid user admin from 20.49.0.100 port 37164 ssh2
Jun 24 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Received disconnect from 20.49.0.100 port 37164:11: Bye Bye [preauth]
Jun 24 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Disconnected from 20.49.0.100 port 37164 [preauth]
Jun 24 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29918]: Successful su for rubyman by root
Jun 24 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29918]: + ??? root:rubyman
Jun 24 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581641 of user rubyman.
Jun 24 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29918]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581641.
Jun 24 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: Received disconnect from 148.113.221.114 port 58284:11: disconnected by user [preauth]
Jun 24 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: Disconnected from 148.113.221.114 port 58284 [preauth]
Jun 24 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session closed for user root
Jun 24 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26945]: pam_unix(cron:session): session closed for user root
Jun 24 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29844]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: Failed password for root from 82.39.86.153 port 47434 ssh2
Jun 24 04:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: Received disconnect from 82.39.86.153 port 47434:11: Bye Bye [preauth]
Jun 24 04:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: Disconnected from 82.39.86.153 port 47434 [preauth]
Jun 24 04:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28867]: pam_unix(cron:session): session closed for user root
Jun 24 04:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: Invalid user admin from 91.92.40.240
Jun 24 04:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: Failed password for invalid user admin from 91.92.40.240 port 38056 ssh2
Jun 24 04:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30266]: Connection closed by 91.92.40.240 port 38056 [preauth]
Jun 24 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30298]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30366]: Successful su for rubyman by root
Jun 24 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30366]: + ??? root:rubyman
Jun 24 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581648 of user rubyman.
Jun 24 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30366]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581648.
Jun 24 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Invalid user solar from 20.49.0.100
Jun 24 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: input_userauth_request: invalid user solar [preauth]
Jun 24 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27458]: pam_unix(cron:session): session closed for user root
Jun 24 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Failed password for invalid user solar from 20.49.0.100 port 54536 ssh2
Jun 24 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Received disconnect from 20.49.0.100 port 54536:11: Bye Bye [preauth]
Jun 24 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Disconnected from 20.49.0.100 port 54536 [preauth]
Jun 24 04:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30299]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 04:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: Failed password for root from 77.94.47.83 port 54954 ssh2
Jun 24 04:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: Connection closed by 77.94.47.83 port 54954 [preauth]
Jun 24 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session closed for user root
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30717]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30778]: Successful su for rubyman by root
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30778]: + ??? root:rubyman
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581652 of user rubyman.
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30778]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581652.
Jun 24 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27903]: pam_unix(cron:session): session closed for user root
Jun 24 04:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30718]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: Invalid user shree from 20.49.0.100
Jun 24 04:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: input_userauth_request: invalid user shree [preauth]
Jun 24 04:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.49.0.100
Jun 24 04:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: Failed password for invalid user shree from 20.49.0.100 port 46998 ssh2
Jun 24 04:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: Received disconnect from 20.49.0.100 port 46998:11: Bye Bye [preauth]
Jun 24 04:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: Disconnected from 20.49.0.100 port 46998 [preauth]
Jun 24 04:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 04:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: Failed password for root from 103.27.238.116 port 39710 ssh2
Jun 24 04:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: Connection closed by 103.27.238.116 port 39710 [preauth]
Jun 24 04:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: Bad protocol version identification '' from 3.143.162.210 port 51590
Jun 24 04:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29847]: pam_unix(cron:session): session closed for user root
Jun 24 04:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31168]: Invalid user admin from 91.92.40.240
Jun 24 04:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31168]: input_userauth_request: invalid user admin [preauth]
Jun 24 04:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31168]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31168]: Failed password for invalid user admin from 91.92.40.240 port 47822 ssh2
Jun 24 04:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31168]: Connection closed by 91.92.40.240 port 47822 [preauth]
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31215]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31287]: Successful su for rubyman by root
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31287]: + ??? root:rubyman
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581655 of user rubyman.
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31287]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581655.
Jun 24 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28371]: pam_unix(cron:session): session closed for user root
Jun 24 04:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: Connection closed by 3.143.162.210 port 17968 [preauth]
Jun 24 04:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: Failed password for root from 82.39.86.153 port 53268 ssh2
Jun 24 04:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: Received disconnect from 82.39.86.153 port 53268:11: Bye Bye [preauth]
Jun 24 04:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31478]: Disconnected from 82.39.86.153 port 53268 [preauth]
Jun 24 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30301]: pam_unix(cron:session): session closed for user root
Jun 24 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31727]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31793]: Successful su for rubyman by root
Jun 24 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31793]: + ??? root:rubyman
Jun 24 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581659 of user rubyman.
Jun 24 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31793]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581659.
Jun 24 04:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28866]: pam_unix(cron:session): session closed for user root
Jun 24 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31728]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30720]: pam_unix(cron:session): session closed for user root
Jun 24 04:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: Invalid user apache from 91.92.40.240
Jun 24 04:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: input_userauth_request: invalid user apache [preauth]
Jun 24 04:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: Failed password for invalid user apache from 91.92.40.240 port 46530 ssh2
Jun 24 04:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: Connection closed by 91.92.40.240 port 46530 [preauth]
Jun 24 04:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 04:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32124]: Failed password for root from 202.178.126.219 port 22942 ssh2
Jun 24 04:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32124]: Connection closed by 202.178.126.219 port 22942 [preauth]
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32152]: pam_unix(cron:session): session closed for user root
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32146]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32217]: Successful su for rubyman by root
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32217]: + ??? root:rubyman
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581666 of user rubyman.
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32217]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581666.
Jun 24 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32148]: pam_unix(cron:session): session closed for user root
Jun 24 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29309]: pam_unix(cron:session): session closed for user root
Jun 24 04:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32147]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: Received disconnect from 74.48.105.66 port 58970:11: disconnected by user [preauth]
Jun 24 04:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: Disconnected from 74.48.105.66 port 58970 [preauth]
Jun 24 04:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31218]: pam_unix(cron:session): session closed for user root
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32578]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32646]: Successful su for rubyman by root
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32646]: + ??? root:rubyman
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581670 of user rubyman.
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32646]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581670.
Jun 24 04:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session closed for user root
Jun 24 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32579]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 04:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 04:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Failed password for root from 194.113.233.25 port 45150 ssh2
Jun 24 04:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Connection closed by 194.113.233.25 port 45150 [preauth]
Jun 24 04:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: Failed password for root from 82.39.86.153 port 34560 ssh2
Jun 24 04:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: Received disconnect from 82.39.86.153 port 34560:11: Bye Bye [preauth]
Jun 24 04:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: Disconnected from 82.39.86.153 port 34560 [preauth]
Jun 24 04:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: Invalid user apache from 91.92.40.240
Jun 24 04:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: input_userauth_request: invalid user apache [preauth]
Jun 24 04:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: Failed password for invalid user apache from 91.92.40.240 port 54398 ssh2
Jun 24 04:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: Connection closed by 91.92.40.240 port 54398 [preauth]
Jun 24 04:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31730]: pam_unix(cron:session): session closed for user root
Jun 24 04:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 04:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: Failed password for root from 109.237.96.109 port 34214 ssh2
Jun 24 04:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: Connection closed by 109.237.96.109 port 34214 [preauth]
Jun 24 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[690]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[752]: Successful su for rubyman by root
Jun 24 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[752]: + ??? root:rubyman
Jun 24 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581673 of user rubyman.
Jun 24 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[752]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581673.
Jun 24 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30300]: pam_unix(cron:session): session closed for user root
Jun 24 04:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[691]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32151]: pam_unix(cron:session): session closed for user root
Jun 24 04:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: Invalid user apache from 91.92.40.240
Jun 24 04:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: input_userauth_request: invalid user apache [preauth]
Jun 24 04:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: Failed password for invalid user apache from 91.92.40.240 port 57202 ssh2
Jun 24 04:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: Connection closed by 91.92.40.240 port 57202 [preauth]
Jun 24 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1139]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1203]: Successful su for rubyman by root
Jun 24 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1203]: + ??? root:rubyman
Jun 24 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581677 of user rubyman.
Jun 24 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1203]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581677.
Jun 24 04:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30719]: pam_unix(cron:session): session closed for user root
Jun 24 04:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1140]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32581]: pam_unix(cron:session): session closed for user root
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1679]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1760]: Successful su for rubyman by root
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1760]: + ??? root:rubyman
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581682 of user rubyman.
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1760]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581682.
Jun 24 04:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31217]: pam_unix(cron:session): session closed for user root
Jun 24 04:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1682]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Invalid user apache from 91.92.40.240
Jun 24 04:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: input_userauth_request: invalid user apache [preauth]
Jun 24 04:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Failed password for invalid user apache from 91.92.40.240 port 60434 ssh2
Jun 24 04:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Connection closed by 91.92.40.240 port 60434 [preauth]
Jun 24 04:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[693]: pam_unix(cron:session): session closed for user root
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2177]: pam_unix(cron:session): session closed for user root
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2170]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: Successful su for rubyman by root
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: + ??? root:rubyman
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581685 of user rubyman.
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581685.
Jun 24 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2174]: pam_unix(cron:session): session closed for user root
Jun 24 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31729]: pam_unix(cron:session): session closed for user root
Jun 24 04:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Received disconnect from 149.56.241.206 port 45660:11: disconnected by user [preauth]
Jun 24 04:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Disconnected from 149.56.241.206 port 45660 [preauth]
Jun 24 04:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2171]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 04:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: Failed password for root from 103.122.221.179 port 43302 ssh2
Jun 24 04:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: Connection closed by 103.122.221.179 port 43302 [preauth]
Jun 24 04:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1143]: pam_unix(cron:session): session closed for user root
Jun 24 04:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Invalid user apache from 91.92.40.240
Jun 24 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: input_userauth_request: invalid user apache [preauth]
Jun 24 04:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2635]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2702]: Successful su for rubyman by root
Jun 24 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2702]: + ??? root:rubyman
Jun 24 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581691 of user rubyman.
Jun 24 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2702]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581691.
Jun 24 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Failed password for invalid user apache from 91.92.40.240 port 54480 ssh2
Jun 24 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Connection closed by 91.92.40.240 port 54480 [preauth]
Jun 24 04:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32150]: pam_unix(cron:session): session closed for user root
Jun 24 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2636]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1684]: pam_unix(cron:session): session closed for user root
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3039]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3098]: Successful su for rubyman by root
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3098]: + ??? root:rubyman
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581696 of user rubyman.
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3098]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581696.
Jun 24 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32580]: pam_unix(cron:session): session closed for user root
Jun 24 04:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3040]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Invalid user admin123 from 82.39.86.153
Jun 24 04:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: input_userauth_request: invalid user admin123 [preauth]
Jun 24 04:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153
Jun 24 04:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Failed password for invalid user admin123 from 82.39.86.153 port 37198 ssh2
Jun 24 04:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Received disconnect from 82.39.86.153 port 37198:11: Bye Bye [preauth]
Jun 24 04:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Disconnected from 82.39.86.153 port 37198 [preauth]
Jun 24 04:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2176]: pam_unix(cron:session): session closed for user root
Jun 24 04:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: User backup from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 04:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: input_userauth_request: invalid user backup [preauth]
Jun 24 04:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=backup
Jun 24 04:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Failed password for invalid user backup from 91.92.40.240 port 60470 ssh2
Jun 24 04:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Connection closed by 91.92.40.240 port 60470 [preauth]
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3437]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: Successful su for rubyman by root
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: + ??? root:rubyman
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581700 of user rubyman.
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581700.
Jun 24 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[692]: pam_unix(cron:session): session closed for user root
Jun 24 04:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session closed for user root
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4007]: pam_unix(cron:session): session closed for user p13x
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: Successful su for rubyman by root
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: + ??? root:rubyman
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581703 of user rubyman.
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: pam_unix(su:session): session closed for user rubyman
Jun 24 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581703.
Jun 24 04:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1142]: pam_unix(cron:session): session closed for user root
Jun 24 04:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4009]: pam_unix(cron:session): session closed for user samftp
Jun 24 04:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: User backup from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 04:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: input_userauth_request: invalid user backup [preauth]
Jun 24 04:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=backup
Jun 24 04:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: Failed password for invalid user backup from 91.92.40.240 port 59028 ssh2
Jun 24 04:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4322]: Connection closed by 91.92.40.240 port 59028 [preauth]
Jun 24 04:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: Invalid user user from 141.98.83.240
Jun 24 04:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: input_userauth_request: invalid user user [preauth]
Jun 24 04:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 04:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session closed for user root
Jun 24 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: Failed password for invalid user user from 141.98.83.240 port 17596 ssh2
Jun 24 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 04:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: Failed password for invalid user user from 141.98.83.240 port 17596 ssh2
Jun 24 04:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 04:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Failed password for root from 51.250.105.222 port 39226 ssh2
Jun 24 04:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Connection closed by 51.250.105.222 port 39226 [preauth]
Jun 24 04:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: Failed password for invalid user user from 141.98.83.240 port 17596 ssh2
Jun 24 04:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: Connection closed by 141.98.83.240 port 17596 [preauth]
Jun 24 04:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4367]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4451]: pam_unix(cron:session): session closed for user root
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4447]: pam_unix(cron:session): session closed for user root
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4445]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4538]: Successful su for rubyman by root
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4538]: + ??? root:rubyman
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581713 of user rubyman.
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4538]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581713.
Jun 24 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1683]: pam_unix(cron:session): session closed for user root
Jun 24 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session closed for user root
Jun 24 05:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4446]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 05:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Failed password for root from 103.15.222.183 port 51104 ssh2
Jun 24 05:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Connection closed by 103.15.222.183 port 51104 [preauth]
Jun 24 05:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3440]: pam_unix(cron:session): session closed for user root
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5067]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5132]: Successful su for rubyman by root
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5132]: + ??? root:rubyman
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581714 of user rubyman.
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5132]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581714.
Jun 24 05:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session closed for user root
Jun 24 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5068]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: User backup from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 05:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: input_userauth_request: invalid user backup [preauth]
Jun 24 05:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=backup
Jun 24 05:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Failed password for invalid user backup from 91.92.40.240 port 38130 ssh2
Jun 24 05:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Connection closed by 91.92.40.240 port 38130 [preauth]
Jun 24 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4015]: pam_unix(cron:session): session closed for user root
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5483]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5542]: Successful su for rubyman by root
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5542]: + ??? root:rubyman
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581720 of user rubyman.
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5542]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581720.
Jun 24 05:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2637]: pam_unix(cron:session): session closed for user root
Jun 24 05:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5484]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session closed for user root
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5871]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: Successful su for rubyman by root
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: + ??? root:rubyman
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581723 of user rubyman.
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581723.
Jun 24 05:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3041]: pam_unix(cron:session): session closed for user root
Jun 24 05:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5872]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: Invalid user developer from 91.92.40.240
Jun 24 05:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: Failed password for invalid user developer from 91.92.40.240 port 57936 ssh2
Jun 24 05:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: Connection closed by 91.92.40.240 port 57936 [preauth]
Jun 24 05:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 05:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: Failed password for root from 82.39.86.153 port 55066 ssh2
Jun 24 05:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: Received disconnect from 82.39.86.153 port 55066:11: Bye Bye [preauth]
Jun 24 05:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: Disconnected from 82.39.86.153 port 55066 [preauth]
Jun 24 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5070]: pam_unix(cron:session): session closed for user root
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6265]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6326]: Successful su for rubyman by root
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6326]: + ??? root:rubyman
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581726 of user rubyman.
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6326]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581726.
Jun 24 05:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session closed for user root
Jun 24 05:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6267]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5486]: pam_unix(cron:session): session closed for user root
Jun 24 05:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6664]: pam_unix(cron:session): session closed for user root
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6659]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6656]: Invalid user developer from 91.92.40.240
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6656]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6735]: Successful su for rubyman by root
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6735]: + ??? root:rubyman
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581730 of user rubyman.
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6735]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581730.
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6656]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6656]: Failed password for invalid user developer from 91.92.40.240 port 49194 ssh2
Jun 24 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6656]: Connection closed by 91.92.40.240 port 49194 [preauth]
Jun 24 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6661]: pam_unix(cron:session): session closed for user root
Jun 24 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4010]: pam_unix(cron:session): session closed for user root
Jun 24 05:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6660]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5874]: pam_unix(cron:session): session closed for user root
Jun 24 05:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Received disconnect from 194.120.230.72 port 38680:11: disconnected by user [preauth]
Jun 24 05:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Disconnected from 194.120.230.72 port 38680 [preauth]
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7195]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: Successful su for rubyman by root
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: + ??? root:rubyman
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581738 of user rubyman.
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581738.
Jun 24 05:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session closed for user root
Jun 24 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7199]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session closed for user root
Jun 24 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Invalid user developer from 91.92.40.240
Jun 24 05:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Failed password for invalid user developer from 91.92.40.240 port 55114 ssh2
Jun 24 05:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Connection closed by 91.92.40.240 port 55114 [preauth]
Jun 24 05:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Jun 24 05:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:152.59.41.160  user=root
Jun 24 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7628]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7775]: Successful su for rubyman by root
Jun 24 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7775]: + ??? root:rubyman
Jun 24 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581740 of user rubyman.
Jun 24 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7775]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581740.
Jun 24 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5069]: pam_unix(cron:session): session closed for user root
Jun 24 05:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7631]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 05:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Failed password for root from 103.153.68.219 port 49052 ssh2
Jun 24 05:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Connection closed by 103.153.68.219 port 49052 [preauth]
Jun 24 05:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6663]: pam_unix(cron:session): session closed for user root
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8096]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8161]: Successful su for rubyman by root
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8161]: + ??? root:rubyman
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581745 of user rubyman.
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8161]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581745.
Jun 24 05:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5485]: pam_unix(cron:session): session closed for user root
Jun 24 05:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8097]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7201]: pam_unix(cron:session): session closed for user root
Jun 24 05:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Invalid user developer from 91.92.40.240
Jun 24 05:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 05:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Failed password for invalid user developer from 91.92.40.240 port 50500 ssh2
Jun 24 05:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Connection closed by 91.92.40.240 port 50500 [preauth]
Jun 24 05:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: Failed password for root from 103.77.175.15 port 53836 ssh2
Jun 24 05:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: Connection closed by 103.77.175.15 port 53836 [preauth]
Jun 24 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8495]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8614]: Successful su for rubyman by root
Jun 24 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8614]: + ??? root:rubyman
Jun 24 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581750 of user rubyman.
Jun 24 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8614]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581750.
Jun 24 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8493]: pam_unix(cron:session): session closed for user root
Jun 24 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5873]: pam_unix(cron:session): session closed for user root
Jun 24 05:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8496]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7633]: pam_unix(cron:session): session closed for user root
Jun 24 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session closed for user root
Jun 24 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8988]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: Successful su for rubyman by root
Jun 24 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: + ??? root:rubyman
Jun 24 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581753 of user rubyman.
Jun 24 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581753.
Jun 24 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session closed for user root
Jun 24 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6268]: pam_unix(cron:session): session closed for user root
Jun 24 05:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8100]: pam_unix(cron:session): session closed for user root
Jun 24 05:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Invalid user developer from 91.92.40.240
Jun 24 05:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Failed password for invalid user developer from 91.92.40.240 port 53518 ssh2
Jun 24 05:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Connection closed by 91.92.40.240 port 53518 [preauth]
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9473]: Successful su for rubyman by root
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9473]: + ??? root:rubyman
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581759 of user rubyman.
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9473]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581759.
Jun 24 05:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6662]: pam_unix(cron:session): session closed for user root
Jun 24 05:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session closed for user root
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9877]: Successful su for rubyman by root
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9877]: + ??? root:rubyman
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581764 of user rubyman.
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9877]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581764.
Jun 24 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7200]: pam_unix(cron:session): session closed for user root
Jun 24 05:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: Invalid user developer from 91.92.40.240
Jun 24 05:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 05:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: Failed password for invalid user developer from 91.92.40.240 port 56824 ssh2
Jun 24 05:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: Connection closed by 91.92.40.240 port 56824 [preauth]
Jun 24 05:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: Failed password for root from 80.66.85.226 port 43844 ssh2
Jun 24 05:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: Connection closed by 80.66.85.226 port 43844 [preauth]
Jun 24 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8992]: pam_unix(cron:session): session closed for user root
Jun 24 05:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 05:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Failed password for root from 103.77.242.62 port 54576 ssh2
Jun 24 05:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Connection closed by 103.77.242.62 port 54576 [preauth]
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: Successful su for rubyman by root
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: + ??? root:rubyman
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581767 of user rubyman.
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581767.
Jun 24 05:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7632]: pam_unix(cron:session): session closed for user root
Jun 24 05:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10482]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Invalid user ubnt from 45.148.10.121
Jun 24 05:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: input_userauth_request: invalid user ubnt [preauth]
Jun 24 05:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 05:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Failed password for invalid user ubnt from 45.148.10.121 port 34210 ssh2
Jun 24 05:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Connection closed by 45.148.10.121 port 34210 [preauth]
Jun 24 05:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9411]: pam_unix(cron:session): session closed for user root
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10901]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: Successful su for rubyman by root
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: + ??? root:rubyman
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581771 of user rubyman.
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581771.
Jun 24 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8099]: pam_unix(cron:session): session closed for user root
Jun 24 05:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10902]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: Invalid user developer from 91.92.40.240
Jun 24 05:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: Failed password for invalid user developer from 91.92.40.240 port 37522 ssh2
Jun 24 05:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: Connection closed by 91.92.40.240 port 37522 [preauth]
Jun 24 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9806]: pam_unix(cron:session): session closed for user root
Jun 24 05:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 05:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Failed password for root from 62.133.62.83 port 41450 ssh2
Jun 24 05:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Connection closed by 62.133.62.83 port 41450 [preauth]
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11321]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11323]: pam_unix(cron:session): session closed for user root
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11318]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11387]: Successful su for rubyman by root
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11387]: + ??? root:rubyman
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581779 of user rubyman.
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11387]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581779.
Jun 24 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11497]: Invalid user ubuntu from 82.39.86.153
Jun 24 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11497]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11497]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153
Jun 24 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11320]: pam_unix(cron:session): session closed for user root
Jun 24 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8497]: pam_unix(cron:session): session closed for user root
Jun 24 05:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11319]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11497]: Failed password for invalid user ubuntu from 82.39.86.153 port 46326 ssh2
Jun 24 05:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11497]: Received disconnect from 82.39.86.153 port 46326:11: Bye Bye [preauth]
Jun 24 05:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11497]: Disconnected from 82.39.86.153 port 46326 [preauth]
Jun 24 05:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session closed for user root
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11773]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11855]: Successful su for rubyman by root
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11855]: + ??? root:rubyman
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581781 of user rubyman.
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11855]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581781.
Jun 24 05:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8991]: pam_unix(cron:session): session closed for user root
Jun 24 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11775]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Invalid user developer from 91.92.40.240
Jun 24 05:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Failed password for invalid user developer from 91.92.40.240 port 45512 ssh2
Jun 24 05:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Connection closed by 91.92.40.240 port 45512 [preauth]
Jun 24 05:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10904]: pam_unix(cron:session): session closed for user root
Jun 24 05:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Received disconnect from 104.194.9.81 port 55096:11: disconnected by user [preauth]
Jun 24 05:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Disconnected from 104.194.9.81 port 55096 [preauth]
Jun 24 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session closed for user root
Jun 24 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12234]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12418]: Successful su for rubyman by root
Jun 24 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12418]: + ??? root:rubyman
Jun 24 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581785 of user rubyman.
Jun 24 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12418]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581785.
Jun 24 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9410]: pam_unix(cron:session): session closed for user root
Jun 24 05:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11322]: pam_unix(cron:session): session closed for user root
Jun 24 05:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Invalid user sit from 82.39.86.153
Jun 24 05:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: input_userauth_request: invalid user sit [preauth]
Jun 24 05:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153
Jun 24 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12761]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12825]: Successful su for rubyman by root
Jun 24 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12825]: + ??? root:rubyman
Jun 24 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581790 of user rubyman.
Jun 24 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12825]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581790.
Jun 24 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Failed password for invalid user sit from 82.39.86.153 port 60764 ssh2
Jun 24 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Received disconnect from 82.39.86.153 port 60764:11: Bye Bye [preauth]
Jun 24 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Disconnected from 82.39.86.153 port 60764 [preauth]
Jun 24 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9805]: pam_unix(cron:session): session closed for user root
Jun 24 05:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12762]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Invalid user developer from 91.92.40.240
Jun 24 05:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Failed password for invalid user developer from 91.92.40.240 port 50504 ssh2
Jun 24 05:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 05:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Connection closed by 91.92.40.240 port 50504 [preauth]
Jun 24 05:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Failed password for root from 103.149.28.157 port 57208 ssh2
Jun 24 05:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Connection closed by 103.149.28.157 port 57208 [preauth]
Jun 24 05:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11777]: pam_unix(cron:session): session closed for user root
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13180]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13242]: Successful su for rubyman by root
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13242]: + ??? root:rubyman
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581794 of user rubyman.
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13242]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581794.
Jun 24 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10483]: pam_unix(cron:session): session closed for user root
Jun 24 05:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13181]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session closed for user root
Jun 24 05:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 24 05:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Failed password for root from 89.223.69.22 port 34684 ssh2
Jun 24 05:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Connection closed by 89.223.69.22 port 34684 [preauth]
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13584]: pam_unix(cron:session): session closed for user root
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13579]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13649]: Successful su for rubyman by root
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13649]: + ??? root:rubyman
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581802 of user rubyman.
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13649]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581802.
Jun 24 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Invalid user developer from 91.92.40.240
Jun 24 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13581]: pam_unix(cron:session): session closed for user root
Jun 24 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10903]: pam_unix(cron:session): session closed for user root
Jun 24 05:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Failed password for invalid user developer from 91.92.40.240 port 34250 ssh2
Jun 24 05:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13660]: Connection closed by 91.92.40.240 port 34250 [preauth]
Jun 24 05:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13580]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12764]: pam_unix(cron:session): session closed for user root
Jun 24 05:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: Invalid user george from 82.39.86.153
Jun 24 05:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: input_userauth_request: invalid user george [preauth]
Jun 24 05:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153
Jun 24 05:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: Failed password for invalid user george from 82.39.86.153 port 52526 ssh2
Jun 24 05:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: Received disconnect from 82.39.86.153 port 52526:11: Bye Bye [preauth]
Jun 24 05:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: Disconnected from 82.39.86.153 port 52526 [preauth]
Jun 24 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14030]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14094]: Successful su for rubyman by root
Jun 24 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14094]: + ??? root:rubyman
Jun 24 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581805 of user rubyman.
Jun 24 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14094]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581805.
Jun 24 05:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11321]: pam_unix(cron:session): session closed for user root
Jun 24 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14031]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session closed for user root
Jun 24 05:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Invalid user developer from 91.92.40.240
Jun 24 05:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Failed password for invalid user developer from 91.92.40.240 port 41140 ssh2
Jun 24 05:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Connection closed by 91.92.40.240 port 41140 [preauth]
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14415]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14479]: Successful su for rubyman by root
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14479]: + ??? root:rubyman
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581808 of user rubyman.
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14479]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581808.
Jun 24 05:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11776]: pam_unix(cron:session): session closed for user root
Jun 24 05:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13583]: pam_unix(cron:session): session closed for user root
Jun 24 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14895]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14963]: Successful su for rubyman by root
Jun 24 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14963]: + ??? root:rubyman
Jun 24 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581812 of user rubyman.
Jun 24 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14963]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581812.
Jun 24 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session closed for user root
Jun 24 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 05:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: Failed password for root from 82.39.86.153 port 47720 ssh2
Jun 24 05:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: Received disconnect from 82.39.86.153 port 47720:11: Bye Bye [preauth]
Jun 24 05:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: Disconnected from 82.39.86.153 port 47720 [preauth]
Jun 24 05:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session closed for user root
Jun 24 05:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: Invalid user developer from 91.92.40.240
Jun 24 05:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: input_userauth_request: invalid user developer [preauth]
Jun 24 05:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: Failed password for invalid user developer from 91.92.40.240 port 56734 ssh2
Jun 24 05:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15281]: Connection closed by 91.92.40.240 port 56734 [preauth]
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15366]: Successful su for rubyman by root
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15366]: + ??? root:rubyman
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581817 of user rubyman.
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15366]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581817.
Jun 24 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12763]: pam_unix(cron:session): session closed for user root
Jun 24 05:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15309]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14418]: pam_unix(cron:session): session closed for user root
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session closed for user root
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15685]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15759]: Successful su for rubyman by root
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15759]: + ??? root:rubyman
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581824 of user rubyman.
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15759]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581824.
Jun 24 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15687]: pam_unix(cron:session): session closed for user root
Jun 24 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13182]: pam_unix(cron:session): session closed for user root
Jun 24 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15686]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session closed for user root
Jun 24 05:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Invalid user docker from 91.92.40.240
Jun 24 05:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: input_userauth_request: invalid user docker [preauth]
Jun 24 05:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Failed password for invalid user docker from 91.92.40.240 port 51332 ssh2
Jun 24 05:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Connection closed by 91.92.40.240 port 51332 [preauth]
Jun 24 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16174]: Successful su for rubyman by root
Jun 24 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16174]: + ??? root:rubyman
Jun 24 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581826 of user rubyman.
Jun 24 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16174]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581826.
Jun 24 05:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13582]: pam_unix(cron:session): session closed for user root
Jun 24 05:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16103]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153  user=root
Jun 24 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: Failed password for root from 82.39.86.153 port 36620 ssh2
Jun 24 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: Received disconnect from 82.39.86.153 port 36620:11: Bye Bye [preauth]
Jun 24 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: Disconnected from 82.39.86.153 port 36620 [preauth]
Jun 24 05:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15311]: pam_unix(cron:session): session closed for user root
Jun 24 05:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 05:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: Failed password for root from 38.93.206.2 port 50656 ssh2
Jun 24 05:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: Connection closed by 38.93.206.2 port 50656 [preauth]
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: Successful su for rubyman by root
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: + ??? root:rubyman
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581830 of user rubyman.
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16571]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581830.
Jun 24 05:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session closed for user root
Jun 24 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: Invalid user user from 193.46.255.86
Jun 24 05:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: input_userauth_request: invalid user user [preauth]
Jun 24 05:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 05:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: Failed password for invalid user user from 193.46.255.86 port 4386 ssh2
Jun 24 05:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: Failed password for invalid user user from 193.46.255.86 port 4386 ssh2
Jun 24 05:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Invalid user docker from 91.92.40.240
Jun 24 05:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: input_userauth_request: invalid user docker [preauth]
Jun 24 05:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: Failed password for invalid user user from 193.46.255.86 port 4386 ssh2
Jun 24 05:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: Connection closed by 193.46.255.86 port 4386 [preauth]
Jun 24 05:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 05:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Failed password for invalid user docker from 91.92.40.240 port 38184 ssh2
Jun 24 05:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Connection closed by 91.92.40.240 port 38184 [preauth]
Jun 24 05:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15689]: pam_unix(cron:session): session closed for user root
Jun 24 05:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 05:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16954]: Failed password for root from 103.82.132.16 port 35630 ssh2
Jun 24 05:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16954]: Connection closed by 103.82.132.16 port 35630 [preauth]
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17008]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17072]: Successful su for rubyman by root
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17072]: + ??? root:rubyman
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581835 of user rubyman.
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17072]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581835.
Jun 24 05:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session closed for user root
Jun 24 05:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17010]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16105]: pam_unix(cron:session): session closed for user root
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17408]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: Successful su for rubyman by root
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: + ??? root:rubyman
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581838 of user rubyman.
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581838.
Jun 24 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session closed for user root
Jun 24 05:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17409]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: Invalid user docker from 91.92.40.240
Jun 24 05:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: input_userauth_request: invalid user docker [preauth]
Jun 24 05:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: Failed password for invalid user docker from 91.92.40.240 port 41624 ssh2
Jun 24 05:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17777]: Connection closed by 91.92.40.240 port 41624 [preauth]
Jun 24 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user root
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17918]: pam_unix(cron:session): session closed for user root
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17981]: Successful su for rubyman by root
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17981]: + ??? root:rubyman
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581842 of user rubyman.
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17981]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581842.
Jun 24 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session closed for user root
Jun 24 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15310]: pam_unix(cron:session): session closed for user root
Jun 24 05:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17914]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17012]: pam_unix(cron:session): session closed for user root
Jun 24 05:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18319]: Connection closed by 194.59.206.2 port 48068 [preauth]
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18377]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18525]: Successful su for rubyman by root
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18525]: + ??? root:rubyman
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581848 of user rubyman.
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18525]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581848.
Jun 24 05:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15688]: pam_unix(cron:session): session closed for user root
Jun 24 05:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18378]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: Invalid user docker from 91.92.40.240
Jun 24 05:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: input_userauth_request: invalid user docker [preauth]
Jun 24 05:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: Failed password for invalid user docker from 91.92.40.240 port 52194 ssh2
Jun 24 05:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: Connection closed by 91.92.40.240 port 52194 [preauth]
Jun 24 05:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17411]: pam_unix(cron:session): session closed for user root
Jun 24 05:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 05:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: Failed password for root from 103.27.238.120 port 49212 ssh2
Jun 24 05:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: Connection closed by 103.27.238.120 port 49212 [preauth]
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18890]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: Successful su for rubyman by root
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: + ??? root:rubyman
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581855 of user rubyman.
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581855.
Jun 24 05:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16104]: pam_unix(cron:session): session closed for user root
Jun 24 05:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18891]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Invalid user weblogic from 82.39.86.153
Jun 24 05:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: input_userauth_request: invalid user weblogic [preauth]
Jun 24 05:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.39.86.153
Jun 24 05:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Failed password for invalid user weblogic from 82.39.86.153 port 34252 ssh2
Jun 24 05:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Received disconnect from 82.39.86.153 port 34252:11: Bye Bye [preauth]
Jun 24 05:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Disconnected from 82.39.86.153 port 34252 [preauth]
Jun 24 05:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session closed for user root
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19383]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19448]: Successful su for rubyman by root
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19448]: + ??? root:rubyman
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581856 of user rubyman.
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19448]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581856.
Jun 24 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session closed for user root
Jun 24 05:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19384]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Invalid user docker from 91.92.40.240
Jun 24 05:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: input_userauth_request: invalid user docker [preauth]
Jun 24 05:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Failed password for invalid user docker from 91.92.40.240 port 35264 ssh2
Jun 24 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Connection closed by 91.92.40.240 port 35264 [preauth]
Jun 24 05:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18386]: pam_unix(cron:session): session closed for user root
Jun 24 05:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 05:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Failed password for root from 141.98.83.240 port 12680 ssh2
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19998]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20058]: Successful su for rubyman by root
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20058]: + ??? root:rubyman
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581860 of user rubyman.
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20058]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581860.
Jun 24 05:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Failed password for root from 141.98.83.240 port 12680 ssh2
Jun 24 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17011]: pam_unix(cron:session): session closed for user root
Jun 24 05:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19999]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Failed password for root from 141.98.83.240 port 12680 ssh2
Jun 24 05:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Connection closed by 141.98.83.240 port 12680 [preauth]
Jun 24 05:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18893]: pam_unix(cron:session): session closed for user root
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20504]: pam_unix(cron:session): session closed for user root
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20499]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: Successful su for rubyman by root
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: + ??? root:rubyman
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581865 of user rubyman.
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581865.
Jun 24 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17410]: pam_unix(cron:session): session closed for user root
Jun 24 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session closed for user root
Jun 24 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: Invalid user ec2-user from 91.92.40.240
Jun 24 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: input_userauth_request: invalid user ec2-user [preauth]
Jun 24 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20500]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: Failed password for invalid user ec2-user from 91.92.40.240 port 36306 ssh2
Jun 24 05:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: Connection closed by 91.92.40.240 port 36306 [preauth]
Jun 24 05:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19386]: pam_unix(cron:session): session closed for user root
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21027]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21099]: Successful su for rubyman by root
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21099]: + ??? root:rubyman
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581870 of user rubyman.
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21099]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581870.
Jun 24 05:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session closed for user root
Jun 24 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21028]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20002]: pam_unix(cron:session): session closed for user root
Jun 24 05:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 05:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Failed password for root from 103.176.20.57 port 60528 ssh2
Jun 24 05:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Connection closed by 103.176.20.57 port 60528 [preauth]
Jun 24 05:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Invalid user ec2-user from 91.92.40.240
Jun 24 05:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: input_userauth_request: invalid user ec2-user [preauth]
Jun 24 05:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Failed password for invalid user ec2-user from 91.92.40.240 port 60974 ssh2
Jun 24 05:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Connection closed by 91.92.40.240 port 60974 [preauth]
Jun 24 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21450]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21515]: Successful su for rubyman by root
Jun 24 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21515]: + ??? root:rubyman
Jun 24 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581874 of user rubyman.
Jun 24 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21515]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581874.
Jun 24 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18379]: pam_unix(cron:session): session closed for user root
Jun 24 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21451]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20503]: pam_unix(cron:session): session closed for user root
Jun 24 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21882]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21945]: Successful su for rubyman by root
Jun 24 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21945]: + ??? root:rubyman
Jun 24 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581879 of user rubyman.
Jun 24 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21945]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581879.
Jun 24 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242  user=root
Jun 24 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: Failed password for root from 217.76.154.242 port 36538 ssh2
Jun 24 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18892]: pam_unix(cron:session): session closed for user root
Jun 24 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: Connection closed by 217.76.154.242 port 36538 [preauth]
Jun 24 05:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21883]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 05:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: Received disconnect from 51.75.149.221 port 42536:11: disconnected by user [preauth]
Jun 24 05:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: Disconnected from 51.75.149.221 port 42536 [preauth]
Jun 24 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21031]: pam_unix(cron:session): session closed for user root
Jun 24 05:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: Invalid user ec2-user from 91.92.40.240
Jun 24 05:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: input_userauth_request: invalid user ec2-user [preauth]
Jun 24 05:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: Failed password for invalid user ec2-user from 91.92.40.240 port 52236 ssh2
Jun 24 05:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: Connection closed by 91.92.40.240 port 52236 [preauth]
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22496]: Successful su for rubyman by root
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22496]: + ??? root:rubyman
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581882 of user rubyman.
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22496]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581882.
Jun 24 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22282]: pam_unix(cron:session): session closed for user root
Jun 24 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19385]: pam_unix(cron:session): session closed for user root
Jun 24 05:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21453]: pam_unix(cron:session): session closed for user root
Jun 24 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22880]: pam_unix(cron:session): session closed for user root
Jun 24 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22874]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22945]: Successful su for rubyman by root
Jun 24 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22945]: + ??? root:rubyman
Jun 24 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581887 of user rubyman.
Jun 24 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22945]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581887.
Jun 24 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22877]: pam_unix(cron:session): session closed for user root
Jun 24 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20001]: pam_unix(cron:session): session closed for user root
Jun 24 05:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22876]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21885]: pam_unix(cron:session): session closed for user root
Jun 24 05:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23246]: User ftp from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 05:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23246]: input_userauth_request: invalid user ftp [preauth]
Jun 24 05:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=ftp
Jun 24 05:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23246]: Failed password for invalid user ftp from 91.92.40.240 port 35852 ssh2
Jun 24 05:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23246]: Connection closed by 91.92.40.240 port 35852 [preauth]
Jun 24 05:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: Failed password for root from 103.172.78.219 port 49420 ssh2
Jun 24 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: Connection closed by 103.172.78.219 port 49420 [preauth]
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23312]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23390]: Successful su for rubyman by root
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23390]: + ??? root:rubyman
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581893 of user rubyman.
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23390]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581893.
Jun 24 05:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20502]: pam_unix(cron:session): session closed for user root
Jun 24 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23313]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22288]: pam_unix(cron:session): session closed for user root
Jun 24 05:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 05:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23726]: Failed password for root from 87.251.79.125 port 57368 ssh2
Jun 24 05:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23726]: Connection closed by 87.251.79.125 port 57368 [preauth]
Jun 24 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23822]: Successful su for rubyman by root
Jun 24 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23822]: + ??? root:rubyman
Jun 24 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581898 of user rubyman.
Jun 24 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23822]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581898.
Jun 24 05:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21029]: pam_unix(cron:session): session closed for user root
Jun 24 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23742]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: User ftp from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 05:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: input_userauth_request: invalid user ftp [preauth]
Jun 24 05:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=ftp
Jun 24 05:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Failed password for invalid user ftp from 91.92.40.240 port 58138 ssh2
Jun 24 05:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Connection closed by 91.92.40.240 port 58138 [preauth]
Jun 24 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22879]: pam_unix(cron:session): session closed for user root
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24263]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24334]: Successful su for rubyman by root
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24334]: + ??? root:rubyman
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581901 of user rubyman.
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24334]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581901.
Jun 24 05:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session closed for user root
Jun 24 05:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 05:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24579]: Failed password for root from 147.45.199.80 port 46786 ssh2
Jun 24 05:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24579]: Connection closed by 147.45.199.80 port 46786 [preauth]
Jun 24 05:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23318]: pam_unix(cron:session): session closed for user root
Jun 24 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24689]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24753]: Successful su for rubyman by root
Jun 24 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24753]: + ??? root:rubyman
Jun 24 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581906 of user rubyman.
Jun 24 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24753]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581906.
Jun 24 05:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21884]: pam_unix(cron:session): session closed for user root
Jun 24 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24691]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Invalid user git from 91.92.40.240
Jun 24 05:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: input_userauth_request: invalid user git [preauth]
Jun 24 05:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Failed password for invalid user git from 91.92.40.240 port 57824 ssh2
Jun 24 05:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Connection closed by 91.92.40.240 port 57824 [preauth]
Jun 24 05:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23745]: pam_unix(cron:session): session closed for user root
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25093]: pam_unix(cron:session): session closed for user root
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25088]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25159]: Successful su for rubyman by root
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25159]: + ??? root:rubyman
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581911 of user rubyman.
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25159]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581911.
Jun 24 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25090]: pam_unix(cron:session): session closed for user root
Jun 24 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22287]: pam_unix(cron:session): session closed for user root
Jun 24 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25089]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24270]: pam_unix(cron:session): session closed for user root
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25519]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25587]: Successful su for rubyman by root
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25587]: + ??? root:rubyman
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581917 of user rubyman.
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25587]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581917.
Jun 24 05:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22878]: pam_unix(cron:session): session closed for user root
Jun 24 05:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25520]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: Invalid user git from 91.92.40.240
Jun 24 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: input_userauth_request: invalid user git [preauth]
Jun 24 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25766]: Connection closed by 45.148.10.121 port 36486 [preauth]
Jun 24 05:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: Failed password for invalid user git from 91.92.40.240 port 33908 ssh2
Jun 24 05:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: Connection closed by 91.92.40.240 port 33908 [preauth]
Jun 24 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24693]: pam_unix(cron:session): session closed for user root
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25976]: Successful su for rubyman by root
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25976]: + ??? root:rubyman
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581919 of user rubyman.
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25976]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581919.
Jun 24 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23314]: pam_unix(cron:session): session closed for user root
Jun 24 05:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25917]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25092]: pam_unix(cron:session): session closed for user root
Jun 24 05:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: Invalid user git from 91.92.40.240
Jun 24 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: input_userauth_request: invalid user git [preauth]
Jun 24 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26370]: Successful su for rubyman by root
Jun 24 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26370]: + ??? root:rubyman
Jun 24 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581924 of user rubyman.
Jun 24 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26370]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581924.
Jun 24 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: Failed password for invalid user git from 91.92.40.240 port 37942 ssh2
Jun 24 05:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: Connection closed by 91.92.40.240 port 37942 [preauth]
Jun 24 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23743]: pam_unix(cron:session): session closed for user root
Jun 24 05:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session closed for user root
Jun 24 05:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Invalid user admin from 2.57.121.25
Jun 24 05:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: input_userauth_request: invalid user admin [preauth]
Jun 24 05:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 05:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Failed password for invalid user admin from 2.57.121.25 port 17092 ssh2
Jun 24 05:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Failed password for invalid user admin from 2.57.121.25 port 17092 ssh2
Jun 24 05:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Failed password for invalid user admin from 2.57.121.25 port 17092 ssh2
Jun 24 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Connection closed by 2.57.121.25 port 17092 [preauth]
Jun 24 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26792]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26851]: Successful su for rubyman by root
Jun 24 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26851]: + ??? root:rubyman
Jun 24 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581927 of user rubyman.
Jun 24 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26851]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581927.
Jun 24 05:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24269]: pam_unix(cron:session): session closed for user root
Jun 24 05:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26793]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25919]: pam_unix(cron:session): session closed for user root
Jun 24 05:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Invalid user git from 91.92.40.240
Jun 24 05:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: input_userauth_request: invalid user git [preauth]
Jun 24 05:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Failed password for invalid user git from 91.92.40.240 port 42284 ssh2
Jun 24 05:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Connection closed by 91.92.40.240 port 42284 [preauth]
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session closed for user root
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27187]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27259]: Successful su for rubyman by root
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27259]: + ??? root:rubyman
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581933 of user rubyman.
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27259]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581933.
Jun 24 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session closed for user root
Jun 24 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24692]: pam_unix(cron:session): session closed for user root
Jun 24 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session closed for user root
Jun 24 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27638]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27706]: Successful su for rubyman by root
Jun 24 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27706]: + ??? root:rubyman
Jun 24 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581939 of user rubyman.
Jun 24 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27706]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581939.
Jun 24 05:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25091]: pam_unix(cron:session): session closed for user root
Jun 24 05:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27639]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26795]: pam_unix(cron:session): session closed for user root
Jun 24 05:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Invalid user git from 91.92.40.240
Jun 24 05:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: input_userauth_request: invalid user git [preauth]
Jun 24 05:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Failed password for invalid user git from 91.92.40.240 port 34714 ssh2
Jun 24 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Connection closed by 91.92.40.240 port 34714 [preauth]
Jun 24 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: Successful su for rubyman by root
Jun 24 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: + ??? root:rubyman
Jun 24 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581941 of user rubyman.
Jun 24 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581941.
Jun 24 05:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25521]: pam_unix(cron:session): session closed for user root
Jun 24 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28114]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session closed for user root
Jun 24 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: Successful su for rubyman by root
Jun 24 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: + ??? root:rubyman
Jun 24 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581945 of user rubyman.
Jun 24 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581945.
Jun 24 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25918]: pam_unix(cron:session): session closed for user root
Jun 24 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28505]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27641]: pam_unix(cron:session): session closed for user root
Jun 24 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: Invalid user git from 91.92.40.240
Jun 24 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: input_userauth_request: invalid user git [preauth]
Jun 24 05:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: Failed password for invalid user git from 91.92.40.240 port 47878 ssh2
Jun 24 05:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: Connection closed by 91.92.40.240 port 47878 [preauth]
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29017]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29082]: Successful su for rubyman by root
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29082]: + ??? root:rubyman
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581949 of user rubyman.
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29082]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581949.
Jun 24 05:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session closed for user root
Jun 24 05:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session closed for user root
Jun 24 05:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29391]: Received disconnect from 176.65.131.189 port 44784:11: disconnected by user [preauth]
Jun 24 05:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29391]: Disconnected from 176.65.131.189 port 44784 [preauth]
Jun 24 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session closed for user root
Jun 24 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29444]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29522]: Successful su for rubyman by root
Jun 24 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29522]: + ??? root:rubyman
Jun 24 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581956 of user rubyman.
Jun 24 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29522]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581956.
Jun 24 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29446]: pam_unix(cron:session): session closed for user root
Jun 24 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26794]: pam_unix(cron:session): session closed for user root
Jun 24 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29445]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: Invalid user git from 91.92.40.240
Jun 24 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: input_userauth_request: invalid user git [preauth]
Jun 24 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: Failed password for invalid user git from 91.92.40.240 port 37794 ssh2
Jun 24 05:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: Connection closed by 91.92.40.240 port 37794 [preauth]
Jun 24 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28507]: pam_unix(cron:session): session closed for user root
Jun 24 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30008]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30079]: Successful su for rubyman by root
Jun 24 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30079]: + ??? root:rubyman
Jun 24 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581960 of user rubyman.
Jun 24 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30079]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581960.
Jun 24 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session closed for user root
Jun 24 05:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session closed for user root
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30490]: Successful su for rubyman by root
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30490]: + ??? root:rubyman
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581963 of user rubyman.
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30490]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581963.
Jun 24 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27640]: pam_unix(cron:session): session closed for user root
Jun 24 05:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Invalid user git from 91.92.40.240
Jun 24 05:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: input_userauth_request: invalid user git [preauth]
Jun 24 05:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Failed password for invalid user git from 91.92.40.240 port 50462 ssh2
Jun 24 05:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Connection closed by 91.92.40.240 port 50462 [preauth]
Jun 24 05:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Invalid user if from 139.59.36.109
Jun 24 05:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: input_userauth_request: invalid user if [preauth]
Jun 24 05:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 05:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Failed password for invalid user if from 139.59.36.109 port 38106 ssh2
Jun 24 05:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Received disconnect from 139.59.36.109 port 38106:11: Bye Bye [preauth]
Jun 24 05:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Disconnected from 139.59.36.109 port 38106 [preauth]
Jun 24 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29448]: pam_unix(cron:session): session closed for user root
Jun 24 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31010]: Successful su for rubyman by root
Jun 24 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31010]: + ??? root:rubyman
Jun 24 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581967 of user rubyman.
Jun 24 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31010]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581967.
Jun 24 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28115]: pam_unix(cron:session): session closed for user root
Jun 24 05:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session closed for user root
Jun 24 05:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: Invalid user git from 91.92.40.240
Jun 24 05:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: input_userauth_request: invalid user git [preauth]
Jun 24 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session closed for user p13x
Jun 24 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31409]: Successful su for rubyman by root
Jun 24 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31409]: + ??? root:rubyman
Jun 24 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581971 of user rubyman.
Jun 24 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31409]: pam_unix(su:session): session closed for user rubyman
Jun 24 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581971.
Jun 24 05:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: Failed password for invalid user git from 91.92.40.240 port 45128 ssh2
Jun 24 05:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: Connection closed by 91.92.40.240 port 45128 [preauth]
Jun 24 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28506]: pam_unix(cron:session): session closed for user root
Jun 24 05:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session closed for user samftp
Jun 24 05:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 05:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Failed password for root from 103.27.238.114 port 43410 ssh2
Jun 24 05:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Connection closed by 103.27.238.114 port 43410 [preauth]
Jun 24 05:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session closed for user root
Jun 24 05:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 05:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Failed password for root from 193.37.70.224 port 39374 ssh2
Jun 24 05:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Connection closed by 193.37.70.224 port 39374 [preauth]
Jun 24 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31851]: pam_unix(cron:session): session closed for user root
Jun 24 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31855]: pam_unix(cron:session): session closed for user root
Jun 24 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31849]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31947]: Successful su for rubyman by root
Jun 24 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31947]: + ??? root:rubyman
Jun 24 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581975 of user rubyman.
Jun 24 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31947]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581975.
Jun 24 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session closed for user root
Jun 24 06:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session closed for user root
Jun 24 06:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31850]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session closed for user root
Jun 24 06:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: Received disconnect from 148.153.245.161 port 38808:11: disconnected by user [preauth]
Jun 24 06:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: Disconnected from 148.153.245.161 port 38808 [preauth]
Jun 24 06:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: Invalid user git from 91.92.40.240
Jun 24 06:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: input_userauth_request: invalid user git [preauth]
Jun 24 06:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: Failed password for invalid user git from 91.92.40.240 port 43422 ssh2
Jun 24 06:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32328]: Connection closed by 91.92.40.240 port 43422 [preauth]
Jun 24 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32432]: Successful su for rubyman by root
Jun 24 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32432]: + ??? root:rubyman
Jun 24 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581982 of user rubyman.
Jun 24 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32432]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581982.
Jun 24 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29447]: pam_unix(cron:session): session closed for user root
Jun 24 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session closed for user root
Jun 24 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[321]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[318]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: Successful su for rubyman by root
Jun 24 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: + ??? root:rubyman
Jun 24 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581987 of user rubyman.
Jun 24 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581987.
Jun 24 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session closed for user root
Jun 24 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[320]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31854]: pam_unix(cron:session): session closed for user root
Jun 24 06:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: Invalid user git from 91.92.40.240
Jun 24 06:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: input_userauth_request: invalid user git [preauth]
Jun 24 06:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: Failed password for invalid user git from 91.92.40.240 port 53920 ssh2
Jun 24 06:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: Connection closed by 91.92.40.240 port 53920 [preauth]
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[878]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[945]: Successful su for rubyman by root
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[945]: + ??? root:rubyman
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581990 of user rubyman.
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[945]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581990.
Jun 24 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session closed for user root
Jun 24 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[879]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session closed for user root
Jun 24 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1337]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1333]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: Successful su for rubyman by root
Jun 24 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: + ??? root:rubyman
Jun 24 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 581995 of user rubyman.
Jun 24 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 581995.
Jun 24 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session closed for user root
Jun 24 06:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1336]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: Invalid user git from 91.92.40.240
Jun 24 06:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: input_userauth_request: invalid user git [preauth]
Jun 24 06:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: Failed password for invalid user git from 91.92.40.240 port 47852 ssh2
Jun 24 06:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: Connection closed by 91.92.40.240 port 47852 [preauth]
Jun 24 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[322]: pam_unix(cron:session): session closed for user root
Jun 24 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1883]: pam_unix(cron:session): session closed for user root
Jun 24 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1878]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1978]: Successful su for rubyman by root
Jun 24 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1978]: + ??? root:rubyman
Jun 24 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582003 of user rubyman.
Jun 24 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1978]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582003.
Jun 24 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1880]: pam_unix(cron:session): session closed for user root
Jun 24 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session closed for user root
Jun 24 06:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[881]: pam_unix(cron:session): session closed for user root
Jun 24 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2392]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: Successful su for rubyman by root
Jun 24 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: + ??? root:rubyman
Jun 24 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582004 of user rubyman.
Jun 24 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2460]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582004.
Jun 24 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session closed for user root
Jun 24 06:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2393]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 06:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Invalid user git from 91.92.40.240
Jun 24 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: input_userauth_request: invalid user git [preauth]
Jun 24 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: Failed password for root from 77.94.47.83 port 40578 ssh2
Jun 24 06:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: Connection closed by 77.94.47.83 port 40578 [preauth]
Jun 24 06:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Failed password for invalid user git from 91.92.40.240 port 54460 ssh2
Jun 24 06:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Connection closed by 91.92.40.240 port 54460 [preauth]
Jun 24 06:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Connection reset by 45.148.10.147 port 10454 [preauth]
Jun 24 06:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session closed for user root
Jun 24 06:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 06:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Failed password for root from 194.113.233.25 port 49530 ssh2
Jun 24 06:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2808]: Received disconnect from 74.48.105.66 port 55854:11: disconnected by user [preauth]
Jun 24 06:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2808]: Disconnected from 74.48.105.66 port 55854 [preauth]
Jun 24 06:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Connection closed by 194.113.233.25 port 49530 [preauth]
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2829]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2889]: Successful su for rubyman by root
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2889]: + ??? root:rubyman
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582010 of user rubyman.
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2889]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582010.
Jun 24 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session closed for user root
Jun 24 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2830]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 06:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Failed password for root from 109.237.96.109 port 40022 ssh2
Jun 24 06:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Connection closed by 109.237.96.109 port 40022 [preauth]
Jun 24 06:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1882]: pam_unix(cron:session): session closed for user root
Jun 24 06:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Invalid user opsview from 13.90.206.6
Jun 24 06:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: input_userauth_request: invalid user opsview [preauth]
Jun 24 06:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Failed password for invalid user opsview from 13.90.206.6 port 1664 ssh2
Jun 24 06:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3290]: Successful su for rubyman by root
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3290]: + ??? root:rubyman
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582012 of user rubyman.
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3290]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582012.
Jun 24 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Failed password for root from 141.98.83.240 port 64994 ssh2
Jun 24 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Failed password for root from 141.98.83.240 port 64994 ssh2
Jun 24 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[321]: pam_unix(cron:session): session closed for user root
Jun 24 06:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3221]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Failed password for root from 141.98.83.240 port 64994 ssh2
Jun 24 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Connection closed by 141.98.83.240 port 64994 [preauth]
Jun 24 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 06:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Invalid user git from 91.92.40.240
Jun 24 06:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: input_userauth_request: invalid user git [preauth]
Jun 24 06:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Failed password for invalid user git from 91.92.40.240 port 41816 ssh2
Jun 24 06:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Connection closed by 91.92.40.240 port 41816 [preauth]
Jun 24 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2395]: pam_unix(cron:session): session closed for user root
Jun 24 06:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 06:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Failed password for root from 202.178.126.219 port 50982 ssh2
Jun 24 06:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Connection closed by 202.178.126.219 port 50982 [preauth]
Jun 24 06:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: Invalid user lts from 139.59.36.109
Jun 24 06:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: input_userauth_request: invalid user lts [preauth]
Jun 24 06:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3845]: Successful su for rubyman by root
Jun 24 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3845]: + ??? root:rubyman
Jun 24 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582017 of user rubyman.
Jun 24 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3845]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582017.
Jun 24 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session closed for user root
Jun 24 06:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: Failed password for invalid user lts from 139.59.36.109 port 41532 ssh2
Jun 24 06:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: Received disconnect from 139.59.36.109 port 41532:11: Bye Bye [preauth]
Jun 24 06:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3620]: Disconnected from 139.59.36.109 port 41532 [preauth]
Jun 24 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[880]: pam_unix(cron:session): session closed for user root
Jun 24 06:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2832]: pam_unix(cron:session): session closed for user root
Jun 24 06:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: Invalid user bb from 13.90.206.6
Jun 24 06:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: input_userauth_request: invalid user bb [preauth]
Jun 24 06:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: Failed password for invalid user bb from 13.90.206.6 port 1665 ssh2
Jun 24 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: Received disconnect from 13.90.206.6 port 1665:11: Bye Bye [preauth]
Jun 24 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: Disconnected from 13.90.206.6 port 1665 [preauth]
Jun 24 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4337]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4339]: pam_unix(cron:session): session closed for user root
Jun 24 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4329]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4401]: Successful su for rubyman by root
Jun 24 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4401]: + ??? root:rubyman
Jun 24 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582024 of user rubyman.
Jun 24 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4401]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582024.
Jun 24 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: Invalid user guest from 91.92.40.240
Jun 24 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: input_userauth_request: invalid user guest [preauth]
Jun 24 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4336]: pam_unix(cron:session): session closed for user root
Jun 24 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1337]: pam_unix(cron:session): session closed for user root
Jun 24 06:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: Failed password for invalid user guest from 91.92.40.240 port 37734 ssh2
Jun 24 06:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: Connection closed by 91.92.40.240 port 37734 [preauth]
Jun 24 06:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4330]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3223]: pam_unix(cron:session): session closed for user root
Jun 24 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Invalid user vital from 139.59.36.109
Jun 24 06:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: input_userauth_request: invalid user vital [preauth]
Jun 24 06:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Failed password for invalid user vital from 139.59.36.109 port 52656 ssh2
Jun 24 06:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Received disconnect from 139.59.36.109 port 52656:11: Bye Bye [preauth]
Jun 24 06:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Disconnected from 139.59.36.109 port 52656 [preauth]
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: Successful su for rubyman by root
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: + ??? root:rubyman
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582028 of user rubyman.
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582028.
Jun 24 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1881]: pam_unix(cron:session): session closed for user root
Jun 24 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 06:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Failed password for root from 103.82.20.28 port 38248 ssh2
Jun 24 06:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Connection closed by 103.82.20.28 port 38248 [preauth]
Jun 24 06:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session closed for user root
Jun 24 06:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: Invalid user guest from 91.92.40.240
Jun 24 06:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: input_userauth_request: invalid user guest [preauth]
Jun 24 06:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: Failed password for invalid user guest from 91.92.40.240 port 35328 ssh2
Jun 24 06:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: Connection closed by 91.92.40.240 port 35328 [preauth]
Jun 24 06:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Invalid user podarki from 13.90.206.6
Jun 24 06:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: input_userauth_request: invalid user podarki [preauth]
Jun 24 06:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Failed password for invalid user podarki from 13.90.206.6 port 1666 ssh2
Jun 24 06:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Received disconnect from 13.90.206.6 port 1666:11: Bye Bye [preauth]
Jun 24 06:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Disconnected from 13.90.206.6 port 1666 [preauth]
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5363]: Successful su for rubyman by root
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5363]: + ??? root:rubyman
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582031 of user rubyman.
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5363]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582031.
Jun 24 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2394]: pam_unix(cron:session): session closed for user root
Jun 24 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4338]: pam_unix(cron:session): session closed for user root
Jun 24 06:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Invalid user shakayla from 2.57.121.112
Jun 24 06:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: input_userauth_request: invalid user shakayla [preauth]
Jun 24 06:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 06:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Failed password for invalid user shakayla from 2.57.121.112 port 55512 ssh2
Jun 24 06:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Failed password for invalid user shakayla from 2.57.121.112 port 55512 ssh2
Jun 24 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Invalid user arcgis from 139.59.36.109
Jun 24 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: input_userauth_request: invalid user arcgis [preauth]
Jun 24 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Failed password for invalid user shakayla from 2.57.121.112 port 55512 ssh2
Jun 24 06:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Failed password for invalid user arcgis from 139.59.36.109 port 40430 ssh2
Jun 24 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Received disconnect from 139.59.36.109 port 40430:11: Bye Bye [preauth]
Jun 24 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5660]: Disconnected from 139.59.36.109 port 40430 [preauth]
Jun 24 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Failed password for invalid user shakayla from 2.57.121.112 port 55512 ssh2
Jun 24 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Connection closed by 2.57.121.112 port 55512 [preauth]
Jun 24 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 24 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Invalid user shakayla from 2.57.121.112
Jun 24 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: input_userauth_request: invalid user shakayla [preauth]
Jun 24 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 06:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Failed password for invalid user shakayla from 2.57.121.112 port 16790 ssh2
Jun 24 06:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Connection closed by 2.57.121.112 port 16790 [preauth]
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5695]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: Successful su for rubyman by root
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: + ??? root:rubyman
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582035 of user rubyman.
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582035.
Jun 24 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2831]: pam_unix(cron:session): session closed for user root
Jun 24 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5696]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4838]: pam_unix(cron:session): session closed for user root
Jun 24 06:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Invalid user guest from 91.92.40.240
Jun 24 06:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: input_userauth_request: invalid user guest [preauth]
Jun 24 06:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Failed password for invalid user guest from 91.92.40.240 port 57434 ssh2
Jun 24 06:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Connection closed by 91.92.40.240 port 57434 [preauth]
Jun 24 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6084]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: Invalid user tester from 13.90.206.6
Jun 24 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: input_userauth_request: invalid user tester [preauth]
Jun 24 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6155]: Successful su for rubyman by root
Jun 24 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6155]: + ??? root:rubyman
Jun 24 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582039 of user rubyman.
Jun 24 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6155]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582039.
Jun 24 06:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: Failed password for invalid user tester from 13.90.206.6 port 1664 ssh2
Jun 24 06:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3222]: pam_unix(cron:session): session closed for user root
Jun 24 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Received disconnect from 102.223.47.171 port 56068:11: disconnected by user [preauth]
Jun 24 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Disconnected from 102.223.47.171 port 56068 [preauth]
Jun 24 06:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Invalid user test from 45.148.10.121
Jun 24 06:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: input_userauth_request: invalid user test [preauth]
Jun 24 06:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 06:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Failed password for invalid user test from 45.148.10.121 port 43190 ssh2
Jun 24 06:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Connection closed by 45.148.10.121 port 43190 [preauth]
Jun 24 06:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Invalid user flora from 139.59.36.109
Jun 24 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: input_userauth_request: invalid user flora [preauth]
Jun 24 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Failed password for invalid user flora from 139.59.36.109 port 60014 ssh2
Jun 24 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Received disconnect from 139.59.36.109 port 60014:11: Bye Bye [preauth]
Jun 24 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Disconnected from 139.59.36.109 port 60014 [preauth]
Jun 24 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session closed for user root
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session closed for user root
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: Successful su for rubyman by root
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: + ??? root:rubyman
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582043 of user rubyman.
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582043.
Jun 24 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session closed for user root
Jun 24 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session closed for user root
Jun 24 06:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: Invalid user guest from 91.92.40.240
Jun 24 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: input_userauth_request: invalid user guest [preauth]
Jun 24 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: Failed password for invalid user guest from 91.92.40.240 port 43236 ssh2
Jun 24 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: Connection closed by 91.92.40.240 port 43236 [preauth]
Jun 24 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5698]: pam_unix(cron:session): session closed for user root
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6938]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7038]: Successful su for rubyman by root
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7038]: + ??? root:rubyman
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582049 of user rubyman.
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7038]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582049.
Jun 24 06:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4337]: pam_unix(cron:session): session closed for user root
Jun 24 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6940]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: Failed password for root from 38.93.206.2 port 61922 ssh2
Jun 24 06:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: Connection closed by 38.93.206.2 port 61922 [preauth]
Jun 24 06:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: Invalid user stp from 139.59.36.109
Jun 24 06:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: input_userauth_request: invalid user stp [preauth]
Jun 24 06:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: Failed password for invalid user stp from 139.59.36.109 port 51332 ssh2
Jun 24 06:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: Received disconnect from 139.59.36.109 port 51332:11: Bye Bye [preauth]
Jun 24 06:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7284]: Disconnected from 139.59.36.109 port 51332 [preauth]
Jun 24 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Invalid user enlace from 13.90.206.6
Jun 24 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: input_userauth_request: invalid user enlace [preauth]
Jun 24 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Failed password for invalid user enlace from 13.90.206.6 port 1665 ssh2
Jun 24 06:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Received disconnect from 13.90.206.6 port 1665:11: Bye Bye [preauth]
Jun 24 06:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Disconnected from 13.90.206.6 port 1665 [preauth]
Jun 24 06:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session closed for user root
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7438]: pam_unix(cron:session): session closed for user root
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7440]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7500]: Successful su for rubyman by root
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7500]: + ??? root:rubyman
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582054 of user rubyman.
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7500]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582054.
Jun 24 06:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4837]: pam_unix(cron:session): session closed for user root
Jun 24 06:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7441]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 06:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Failed password for root from 103.27.238.116 port 40732 ssh2
Jun 24 06:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Connection closed by 103.27.238.116 port 40732 [preauth]
Jun 24 06:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Invalid user guest from 91.92.40.240
Jun 24 06:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: input_userauth_request: invalid user guest [preauth]
Jun 24 06:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Failed password for invalid user guest from 91.92.40.240 port 38302 ssh2
Jun 24 06:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Connection closed by 91.92.40.240 port 38302 [preauth]
Jun 24 06:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session closed for user root
Jun 24 06:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Invalid user karate from 139.59.36.109
Jun 24 06:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: input_userauth_request: invalid user karate [preauth]
Jun 24 06:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Failed password for invalid user karate from 139.59.36.109 port 54788 ssh2
Jun 24 06:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Received disconnect from 139.59.36.109 port 54788:11: Bye Bye [preauth]
Jun 24 06:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Disconnected from 139.59.36.109 port 54788 [preauth]
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7998]: Successful su for rubyman by root
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7998]: + ??? root:rubyman
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582058 of user rubyman.
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7998]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582058.
Jun 24 06:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5294]: pam_unix(cron:session): session closed for user root
Jun 24 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7939]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Invalid user xenapp from 13.90.206.6
Jun 24 06:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: input_userauth_request: invalid user xenapp [preauth]
Jun 24 06:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Failed password for invalid user xenapp from 13.90.206.6 port 1665 ssh2
Jun 24 06:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Received disconnect from 13.90.206.6 port 1665:11: Bye Bye [preauth]
Jun 24 06:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Disconnected from 13.90.206.6 port 1665 [preauth]
Jun 24 06:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6946]: pam_unix(cron:session): session closed for user root
Jun 24 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: Successful su for rubyman by root
Jun 24 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: + ??? root:rubyman
Jun 24 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582062 of user rubyman.
Jun 24 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582062.
Jun 24 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5697]: pam_unix(cron:session): session closed for user root
Jun 24 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Invalid user guest from 91.92.40.240
Jun 24 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: input_userauth_request: invalid user guest [preauth]
Jun 24 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Failed password for invalid user guest from 91.92.40.240 port 59144 ssh2
Jun 24 06:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Connection closed by 91.92.40.240 port 59144 [preauth]
Jun 24 06:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7443]: pam_unix(cron:session): session closed for user root
Jun 24 06:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Invalid user fleet from 139.59.36.109
Jun 24 06:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: input_userauth_request: invalid user fleet [preauth]
Jun 24 06:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Failed password for invalid user fleet from 139.59.36.109 port 37750 ssh2
Jun 24 06:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Received disconnect from 139.59.36.109 port 37750:11: Bye Bye [preauth]
Jun 24 06:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Disconnected from 139.59.36.109 port 37750 [preauth]
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8730]: pam_unix(cron:session): session closed for user root
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8793]: Successful su for rubyman by root
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8793]: + ??? root:rubyman
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582068 of user rubyman.
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8793]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582068.
Jun 24 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8727]: pam_unix(cron:session): session closed for user root
Jun 24 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6086]: pam_unix(cron:session): session closed for user root
Jun 24 06:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8726]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7941]: pam_unix(cron:session): session closed for user root
Jun 24 06:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Invalid user smtpout from 13.90.206.6
Jun 24 06:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: input_userauth_request: invalid user smtpout [preauth]
Jun 24 06:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Failed password for invalid user smtpout from 13.90.206.6 port 1664 ssh2
Jun 24 06:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 06:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: Failed password for root from 176.32.39.21 port 50616 ssh2
Jun 24 06:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9143]: Connection closed by 176.32.39.21 port 50616 [preauth]
Jun 24 06:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: Invalid user guest from 91.92.40.240
Jun 24 06:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: input_userauth_request: invalid user guest [preauth]
Jun 24 06:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: Failed password for invalid user guest from 91.92.40.240 port 52750 ssh2
Jun 24 06:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9145]: Connection closed by 91.92.40.240 port 52750 [preauth]
Jun 24 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9164]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9161]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9232]: Successful su for rubyman by root
Jun 24 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9232]: + ??? root:rubyman
Jun 24 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582072 of user rubyman.
Jun 24 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9232]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582072.
Jun 24 06:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session closed for user root
Jun 24 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9162]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Invalid user oid from 139.59.36.109
Jun 24 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: input_userauth_request: invalid user oid [preauth]
Jun 24 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Failed password for invalid user oid from 139.59.36.109 port 36920 ssh2
Jun 24 06:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Received disconnect from 139.59.36.109 port 36920:11: Bye Bye [preauth]
Jun 24 06:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Disconnected from 139.59.36.109 port 36920 [preauth]
Jun 24 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session closed for user root
Jun 24 06:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 06:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: Failed password for root from 51.250.105.222 port 39626 ssh2
Jun 24 06:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: Connection closed by 51.250.105.222 port 39626 [preauth]
Jun 24 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9557]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9620]: Successful su for rubyman by root
Jun 24 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9620]: + ??? root:rubyman
Jun 24 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582078 of user rubyman.
Jun 24 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9620]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582078.
Jun 24 06:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6945]: pam_unix(cron:session): session closed for user root
Jun 24 06:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9558]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8729]: pam_unix(cron:session): session closed for user root
Jun 24 06:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Invalid user guest from 91.92.40.240
Jun 24 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: input_userauth_request: invalid user guest [preauth]
Jun 24 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Failed password for invalid user guest from 91.92.40.240 port 41382 ssh2
Jun 24 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Connection closed by 91.92.40.240 port 41382 [preauth]
Jun 24 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: Invalid user sem from 13.90.206.6
Jun 24 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: input_userauth_request: invalid user sem [preauth]
Jun 24 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: Failed password for invalid user sem from 13.90.206.6 port 1664 ssh2
Jun 24 06:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10140]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10208]: Successful su for rubyman by root
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10208]: + ??? root:rubyman
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582080 of user rubyman.
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10208]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582080.
Jun 24 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7442]: pam_unix(cron:session): session closed for user root
Jun 24 06:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10141]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Invalid user ced from 139.59.36.109
Jun 24 06:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: input_userauth_request: invalid user ced [preauth]
Jun 24 06:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Failed password for invalid user ced from 139.59.36.109 port 36276 ssh2
Jun 24 06:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Received disconnect from 139.59.36.109 port 36276:11: Bye Bye [preauth]
Jun 24 06:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Disconnected from 139.59.36.109 port 36276 [preauth]
Jun 24 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9164]: pam_unix(cron:session): session closed for user root
Jun 24 06:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 06:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Failed password for root from 103.122.221.179 port 35534 ssh2
Jun 24 06:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Connection closed by 103.122.221.179 port 35534 [preauth]
Jun 24 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10607]: Received disconnect from 103.57.224.219 port 48244:11: disconnected by user [preauth]
Jun 24 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10607]: Disconnected from 103.57.224.219 port 48244 [preauth]
Jun 24 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10638]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10707]: Successful su for rubyman by root
Jun 24 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10707]: + ??? root:rubyman
Jun 24 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582084 of user rubyman.
Jun 24 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10707]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582084.
Jun 24 06:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165  user=root
Jun 24 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7940]: pam_unix(cron:session): session closed for user root
Jun 24 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Failed password for root from 20.228.193.165 port 35970 ssh2
Jun 24 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Received disconnect from 20.228.193.165 port 35970:11: Bye Bye [preauth]
Jun 24 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Disconnected from 20.228.193.165 port 35970 [preauth]
Jun 24 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10639]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9561]: pam_unix(cron:session): session closed for user root
Jun 24 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10996]: Invalid user guest from 91.92.40.240
Jun 24 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10996]: input_userauth_request: invalid user guest [preauth]
Jun 24 06:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10996]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10996]: Failed password for invalid user guest from 91.92.40.240 port 37584 ssh2
Jun 24 06:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10996]: Connection closed by 91.92.40.240 port 37584 [preauth]
Jun 24 06:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Invalid user szkolenia from 13.90.206.6
Jun 24 06:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: input_userauth_request: invalid user szkolenia [preauth]
Jun 24 06:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session closed for user root
Jun 24 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11091]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: Successful su for rubyman by root
Jun 24 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: + ??? root:rubyman
Jun 24 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582088 of user rubyman.
Jun 24 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582088.
Jun 24 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Failed password for invalid user szkolenia from 13.90.206.6 port 1664 ssh2
Jun 24 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11093]: pam_unix(cron:session): session closed for user root
Jun 24 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Invalid user secureweb from 139.59.36.109
Jun 24 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: input_userauth_request: invalid user secureweb [preauth]
Jun 24 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8327]: pam_unix(cron:session): session closed for user root
Jun 24 06:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Failed password for invalid user secureweb from 139.59.36.109 port 40374 ssh2
Jun 24 06:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Received disconnect from 139.59.36.109 port 40374:11: Bye Bye [preauth]
Jun 24 06:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Disconnected from 139.59.36.109 port 40374 [preauth]
Jun 24 06:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11092]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Invalid user ubuntu from 45.232.73.84
Jun 24 06:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 06:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 06:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Failed password for invalid user ubuntu from 45.232.73.84 port 40034 ssh2
Jun 24 06:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Received disconnect from 45.232.73.84 port 40034:11: Bye Bye [preauth]
Jun 24 06:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Disconnected from 45.232.73.84 port 40034 [preauth]
Jun 24 06:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session closed for user root
Jun 24 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11560]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11629]: Successful su for rubyman by root
Jun 24 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11629]: + ??? root:rubyman
Jun 24 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582096 of user rubyman.
Jun 24 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11629]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582096.
Jun 24 06:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8728]: pam_unix(cron:session): session closed for user root
Jun 24 06:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Invalid user manager from 91.92.40.240
Jun 24 06:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: input_userauth_request: invalid user manager [preauth]
Jun 24 06:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Failed password for invalid user manager from 91.92.40.240 port 52898 ssh2
Jun 24 06:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Connection closed by 91.92.40.240 port 52898 [preauth]
Jun 24 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session closed for user root
Jun 24 06:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Invalid user graphite from 139.59.36.109
Jun 24 06:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: input_userauth_request: invalid user graphite [preauth]
Jun 24 06:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Failed password for invalid user graphite from 139.59.36.109 port 44792 ssh2
Jun 24 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Received disconnect from 139.59.36.109 port 44792:11: Bye Bye [preauth]
Jun 24 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Disconnected from 139.59.36.109 port 44792 [preauth]
Jun 24 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12086]: Successful su for rubyman by root
Jun 24 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12086]: + ??? root:rubyman
Jun 24 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582099 of user rubyman.
Jun 24 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12086]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582099.
Jun 24 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9163]: pam_unix(cron:session): session closed for user root
Jun 24 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Invalid user cookie from 13.90.206.6
Jun 24 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: input_userauth_request: invalid user cookie [preauth]
Jun 24 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Failed password for invalid user cookie from 13.90.206.6 port 1664 ssh2
Jun 24 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session closed for user root
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12550]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12613]: Successful su for rubyman by root
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12613]: + ??? root:rubyman
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582103 of user rubyman.
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12613]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582103.
Jun 24 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9560]: pam_unix(cron:session): session closed for user root
Jun 24 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Failed password for root from 80.66.85.226 port 49092 ssh2
Jun 24 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Connection closed by 80.66.85.226 port 49092 [preauth]
Jun 24 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12551]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: Failed password for root from 103.15.222.183 port 33334 ssh2
Jun 24 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: Connection closed by 103.15.222.183 port 33334 [preauth]
Jun 24 06:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: Invalid user manager from 91.92.40.240
Jun 24 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: input_userauth_request: invalid user manager [preauth]
Jun 24 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: Failed password for invalid user manager from 91.92.40.240 port 36410 ssh2
Jun 24 06:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: Connection closed by 91.92.40.240 port 36410 [preauth]
Jun 24 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11563]: pam_unix(cron:session): session closed for user root
Jun 24 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Invalid user madrid from 139.59.36.109
Jun 24 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: input_userauth_request: invalid user madrid [preauth]
Jun 24 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Failed password for invalid user madrid from 139.59.36.109 port 40300 ssh2
Jun 24 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Received disconnect from 139.59.36.109 port 40300:11: Bye Bye [preauth]
Jun 24 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Disconnected from 139.59.36.109 port 40300 [preauth]
Jun 24 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13031]: Successful su for rubyman by root
Jun 24 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13031]: + ??? root:rubyman
Jun 24 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582107 of user rubyman.
Jun 24 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13031]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582107.
Jun 24 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10142]: pam_unix(cron:session): session closed for user root
Jun 24 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Invalid user da from 13.90.206.6
Jun 24 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: input_userauth_request: invalid user da [preauth]
Jun 24 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Failed password for invalid user da from 13.90.206.6 port 1664 ssh2
Jun 24 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session closed for user root
Jun 24 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: Invalid user radius from 14.103.112.35
Jun 24 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: input_userauth_request: invalid user radius [preauth]
Jun 24 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35
Jun 24 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: Failed password for invalid user radius from 14.103.112.35 port 50254 ssh2
Jun 24 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: Received disconnect from 14.103.112.35 port 50254:11: Bye Bye [preauth]
Jun 24 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: Disconnected from 14.103.112.35 port 50254 [preauth]
Jun 24 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: User mysql from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: input_userauth_request: invalid user mysql [preauth]
Jun 24 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=mysql
Jun 24 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Failed password for invalid user mysql from 91.92.40.240 port 36860 ssh2
Jun 24 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Connection closed by 91.92.40.240 port 36860 [preauth]
Jun 24 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13390]: pam_unix(cron:session): session closed for user root
Jun 24 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13451]: Successful su for rubyman by root
Jun 24 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13451]: + ??? root:rubyman
Jun 24 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582113 of user rubyman.
Jun 24 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13451]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582113.
Jun 24 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session closed for user root
Jun 24 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10640]: pam_unix(cron:session): session closed for user root
Jun 24 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Invalid user wapmail from 139.59.36.109
Jun 24 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: input_userauth_request: invalid user wapmail [preauth]
Jun 24 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Failed password for invalid user wapmail from 139.59.36.109 port 60394 ssh2
Jun 24 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Received disconnect from 139.59.36.109 port 60394:11: Bye Bye [preauth]
Jun 24 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Disconnected from 139.59.36.109 port 60394 [preauth]
Jun 24 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12553]: pam_unix(cron:session): session closed for user root
Jun 24 06:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: Connection closed by 194.59.206.2 port 25600 [preauth]
Jun 24 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Invalid user ubnt from 193.46.255.86
Jun 24 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: input_userauth_request: invalid user ubnt [preauth]
Jun 24 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Failed password for invalid user ubnt from 193.46.255.86 port 37318 ssh2
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13889]: Successful su for rubyman by root
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13889]: + ??? root:rubyman
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582117 of user rubyman.
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13889]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582117.
Jun 24 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Failed password for invalid user ubnt from 193.46.255.86 port 37318 ssh2
Jun 24 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Failed password for invalid user ubnt from 193.46.255.86 port 37318 ssh2
Jun 24 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Connection closed by 193.46.255.86 port 37318 [preauth]
Jun 24 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session closed for user root
Jun 24 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13822]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12972]: pam_unix(cron:session): session closed for user root
Jun 24 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: Invalid user smi from 13.90.206.6
Jun 24 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: input_userauth_request: invalid user smi [preauth]
Jun 24 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: Failed password for invalid user smi from 13.90.206.6 port 1664 ssh2
Jun 24 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: User mysql from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: input_userauth_request: invalid user mysql [preauth]
Jun 24 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=mysql
Jun 24 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: Failed password for invalid user mysql from 91.92.40.240 port 58818 ssh2
Jun 24 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: Connection closed by 91.92.40.240 port 58818 [preauth]
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14234]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14293]: Successful su for rubyman by root
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14293]: + ??? root:rubyman
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582121 of user rubyman.
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14293]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582121.
Jun 24 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11562]: pam_unix(cron:session): session closed for user root
Jun 24 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14235]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: Invalid user im2 from 139.59.36.109
Jun 24 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: input_userauth_request: invalid user im2 [preauth]
Jun 24 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: Failed password for invalid user im2 from 139.59.36.109 port 58794 ssh2
Jun 24 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: Received disconnect from 139.59.36.109 port 58794:11: Bye Bye [preauth]
Jun 24 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: Disconnected from 139.59.36.109 port 58794 [preauth]
Jun 24 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: Invalid user user from 103.78.0.229
Jun 24 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: input_userauth_request: invalid user user [preauth]
Jun 24 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: Failed password for invalid user user from 103.78.0.229 port 58170 ssh2
Jun 24 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: Received disconnect from 103.78.0.229 port 58170:11: Bye Bye [preauth]
Jun 24 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: Disconnected from 103.78.0.229 port 58170 [preauth]
Jun 24 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Failed password for root from 62.133.62.83 port 60048 ssh2
Jun 24 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Connection closed by 62.133.62.83 port 60048 [preauth]
Jun 24 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13389]: pam_unix(cron:session): session closed for user root
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14631]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14741]: Successful su for rubyman by root
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14741]: + ??? root:rubyman
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582125 of user rubyman.
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14741]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582125.
Jun 24 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session closed for user root
Jun 24 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14632]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Failed password for root from 103.153.68.219 port 49210 ssh2
Jun 24 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Connection closed by 103.153.68.219 port 49210 [preauth]
Jun 24 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: User mysql from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: input_userauth_request: invalid user mysql [preauth]
Jun 24 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=mysql
Jun 24 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: Failed password for invalid user mysql from 91.92.40.240 port 49634 ssh2
Jun 24 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: Connection closed by 91.92.40.240 port 49634 [preauth]
Jun 24 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session closed for user root
Jun 24 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: Invalid user ajuda from 13.90.206.6
Jun 24 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: input_userauth_request: invalid user ajuda [preauth]
Jun 24 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: Failed password for invalid user ajuda from 13.90.206.6 port 1664 ssh2
Jun 24 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15115]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15182]: Successful su for rubyman by root
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15182]: + ??? root:rubyman
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582131 of user rubyman.
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15182]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582131.
Jun 24 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Invalid user esf from 139.59.36.109
Jun 24 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: input_userauth_request: invalid user esf [preauth]
Jun 24 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12552]: pam_unix(cron:session): session closed for user root
Jun 24 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Failed password for invalid user esf from 139.59.36.109 port 33610 ssh2
Jun 24 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Received disconnect from 139.59.36.109 port 33610:11: Bye Bye [preauth]
Jun 24 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Disconnected from 139.59.36.109 port 33610 [preauth]
Jun 24 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15116]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session closed for user root
Jun 24 06:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session closed for user root
Jun 24 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226  user=root
Jun 24 06:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Failed password for root from 152.32.212.226 port 36250 ssh2
Jun 24 06:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Received disconnect from 152.32.212.226 port 36250:11: Bye Bye [preauth]
Jun 24 06:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Disconnected from 152.32.212.226 port 36250 [preauth]
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session closed for user root
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15697]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15775]: Successful su for rubyman by root
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15775]: + ??? root:rubyman
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582135 of user rubyman.
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15775]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582135.
Jun 24 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15699]: pam_unix(cron:session): session closed for user root
Jun 24 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session closed for user root
Jun 24 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16003]: User mysql from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 06:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16003]: input_userauth_request: invalid user mysql [preauth]
Jun 24 06:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=mysql
Jun 24 06:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16003]: Failed password for invalid user mysql from 91.92.40.240 port 35590 ssh2
Jun 24 06:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16003]: Connection closed by 91.92.40.240 port 35590 [preauth]
Jun 24 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session closed for user root
Jun 24 06:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: Invalid user uma from 139.59.36.109
Jun 24 06:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: input_userauth_request: invalid user uma [preauth]
Jun 24 06:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: Failed password for invalid user uma from 139.59.36.109 port 33050 ssh2
Jun 24 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: Received disconnect from 139.59.36.109 port 33050:11: Bye Bye [preauth]
Jun 24 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: Disconnected from 139.59.36.109 port 33050 [preauth]
Jun 24 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: Invalid user soa from 13.90.206.6
Jun 24 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: input_userauth_request: invalid user soa [preauth]
Jun 24 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: Failed password for invalid user soa from 13.90.206.6 port 1664 ssh2
Jun 24 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16195]: Successful su for rubyman by root
Jun 24 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16195]: + ??? root:rubyman
Jun 24 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582139 of user rubyman.
Jun 24 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16195]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582139.
Jun 24 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13388]: pam_unix(cron:session): session closed for user root
Jun 24 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Invalid user sysadmin from 20.228.193.165
Jun 24 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 06:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Failed password for invalid user sysadmin from 20.228.193.165 port 38782 ssh2
Jun 24 06:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Received disconnect from 20.228.193.165 port 38782:11: Bye Bye [preauth]
Jun 24 06:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Disconnected from 20.228.193.165 port 38782 [preauth]
Jun 24 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15118]: pam_unix(cron:session): session closed for user root
Jun 24 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84  user=root
Jun 24 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: Failed password for root from 45.232.73.84 port 42332 ssh2
Jun 24 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: Received disconnect from 45.232.73.84 port 42332:11: Bye Bye [preauth]
Jun 24 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: Disconnected from 45.232.73.84 port 42332 [preauth]
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16528]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16587]: Successful su for rubyman by root
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16587]: + ??? root:rubyman
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582144 of user rubyman.
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16587]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582144.
Jun 24 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session closed for user root
Jun 24 06:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16529]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: User mysql from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 06:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: input_userauth_request: invalid user mysql [preauth]
Jun 24 06:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=mysql
Jun 24 06:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: Failed password for invalid user mysql from 91.92.40.240 port 51996 ssh2
Jun 24 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: Connection closed by 91.92.40.240 port 51996 [preauth]
Jun 24 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15701]: pam_unix(cron:session): session closed for user root
Jun 24 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229  user=root
Jun 24 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Invalid user essen from 139.59.36.109
Jun 24 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: input_userauth_request: invalid user essen [preauth]
Jun 24 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: Failed password for root from 103.78.0.229 port 55936 ssh2
Jun 24 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: Received disconnect from 103.78.0.229 port 55936:11: Bye Bye [preauth]
Jun 24 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: Disconnected from 103.78.0.229 port 55936 [preauth]
Jun 24 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Failed password for invalid user essen from 139.59.36.109 port 54054 ssh2
Jun 24 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Received disconnect from 139.59.36.109 port 54054:11: Bye Bye [preauth]
Jun 24 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Disconnected from 139.59.36.109 port 54054 [preauth]
Jun 24 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17024]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17096]: Successful su for rubyman by root
Jun 24 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17096]: + ??? root:rubyman
Jun 24 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582147 of user rubyman.
Jun 24 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17096]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582147.
Jun 24 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14236]: pam_unix(cron:session): session closed for user root
Jun 24 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Invalid user oyun from 13.90.206.6
Jun 24 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: input_userauth_request: invalid user oyun [preauth]
Jun 24 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17025]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Failed password for invalid user oyun from 13.90.206.6 port 1664 ssh2
Jun 24 06:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Invalid user deployer from 20.228.193.165
Jun 24 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: input_userauth_request: invalid user deployer [preauth]
Jun 24 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Failed password for invalid user deployer from 20.228.193.165 port 32954 ssh2
Jun 24 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Received disconnect from 20.228.193.165 port 32954:11: Bye Bye [preauth]
Jun 24 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Disconnected from 20.228.193.165 port 32954 [preauth]
Jun 24 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226  user=root
Jun 24 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: Failed password for root from 152.32.212.226 port 30264 ssh2
Jun 24 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: Received disconnect from 152.32.212.226 port 30264:11: Bye Bye [preauth]
Jun 24 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: Disconnected from 152.32.212.226 port 30264 [preauth]
Jun 24 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16128]: pam_unix(cron:session): session closed for user root
Jun 24 06:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: User mysql from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 06:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: input_userauth_request: invalid user mysql [preauth]
Jun 24 06:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=mysql
Jun 24 06:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: Failed password for invalid user mysql from 91.92.40.240 port 40512 ssh2
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17447]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17561]: Successful su for rubyman by root
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17561]: + ??? root:rubyman
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582151 of user rubyman.
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17561]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: Connection closed by 91.92.40.240 port 40512 [preauth]
Jun 24 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582151.
Jun 24 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17445]: pam_unix(cron:session): session closed for user root
Jun 24 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14633]: pam_unix(cron:session): session closed for user root
Jun 24 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17448]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: Invalid user git from 45.232.73.84
Jun 24 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: input_userauth_request: invalid user git [preauth]
Jun 24 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: Failed password for invalid user git from 45.232.73.84 port 51884 ssh2
Jun 24 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: Received disconnect from 45.232.73.84 port 51884:11: Bye Bye [preauth]
Jun 24 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: Disconnected from 45.232.73.84 port 51884 [preauth]
Jun 24 06:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Invalid user gtc from 139.59.36.109
Jun 24 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: input_userauth_request: invalid user gtc [preauth]
Jun 24 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Failed password for invalid user gtc from 139.59.36.109 port 47396 ssh2
Jun 24 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Received disconnect from 139.59.36.109 port 47396:11: Bye Bye [preauth]
Jun 24 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Disconnected from 139.59.36.109 port 47396 [preauth]
Jun 24 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16531]: pam_unix(cron:session): session closed for user root
Jun 24 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Invalid user admin from 103.78.0.229
Jun 24 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: input_userauth_request: invalid user admin [preauth]
Jun 24 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Failed password for invalid user admin from 103.78.0.229 port 36424 ssh2
Jun 24 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Received disconnect from 103.78.0.229 port 36424:11: Bye Bye [preauth]
Jun 24 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Disconnected from 103.78.0.229 port 36424 [preauth]
Jun 24 06:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: Failed password for root from 103.77.242.62 port 36998 ssh2
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: Connection closed by 103.77.242.62 port 36998 [preauth]
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18052]: pam_unix(cron:session): session closed for user root
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18047]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18114]: Successful su for rubyman by root
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18114]: + ??? root:rubyman
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582159 of user rubyman.
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18114]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582159.
Jun 24 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18049]: pam_unix(cron:session): session closed for user root
Jun 24 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15117]: pam_unix(cron:session): session closed for user root
Jun 24 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18048]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165  user=root
Jun 24 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: Invalid user uf from 13.90.206.6
Jun 24 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: input_userauth_request: invalid user uf [preauth]
Jun 24 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Failed password for root from 20.228.193.165 port 44086 ssh2
Jun 24 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Received disconnect from 20.228.193.165 port 44086:11: Bye Bye [preauth]
Jun 24 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Disconnected from 20.228.193.165 port 44086 [preauth]
Jun 24 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: Failed password for invalid user uf from 13.90.206.6 port 1664 ssh2
Jun 24 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18355]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226  user=root
Jun 24 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: Failed password for root from 152.32.212.226 port 51608 ssh2
Jun 24 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: Received disconnect from 152.32.212.226 port 51608:11: Bye Bye [preauth]
Jun 24 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: Disconnected from 152.32.212.226 port 51608 [preauth]
Jun 24 06:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session closed for user root
Jun 24 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: Failed password for root from 202.178.126.219 port 29722 ssh2
Jun 24 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: Connection closed by 202.178.126.219 port 29722 [preauth]
Jun 24 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: User mysql from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: input_userauth_request: invalid user mysql [preauth]
Jun 24 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=mysql
Jun 24 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: Failed password for invalid user mysql from 91.92.40.240 port 32854 ssh2
Jun 24 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18565]: Connection closed by 91.92.40.240 port 32854 [preauth]
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18593]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18661]: Successful su for rubyman by root
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18661]: + ??? root:rubyman
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582162 of user rubyman.
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18661]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582162.
Jun 24 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session closed for user root
Jun 24 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18594]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Invalid user vw from 139.59.36.109
Jun 24 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: input_userauth_request: invalid user vw [preauth]
Jun 24 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.36.109
Jun 24 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Failed password for invalid user vw from 139.59.36.109 port 60992 ssh2
Jun 24 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Received disconnect from 139.59.36.109 port 60992:11: Bye Bye [preauth]
Jun 24 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18901]: Disconnected from 139.59.36.109 port 60992 [preauth]
Jun 24 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session closed for user root
Jun 24 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Invalid user user from 141.98.83.240
Jun 24 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: input_userauth_request: invalid user user [preauth]
Jun 24 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84  user=root
Jun 24 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Failed password for root from 45.232.73.84 port 33248 ssh2
Jun 24 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Failed password for invalid user user from 141.98.83.240 port 38012 ssh2
Jun 24 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Received disconnect from 45.232.73.84 port 33248:11: Bye Bye [preauth]
Jun 24 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Disconnected from 45.232.73.84 port 33248 [preauth]
Jun 24 06:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Failed password for invalid user user from 141.98.83.240 port 38012 ssh2
Jun 24 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Failed password for invalid user user from 141.98.83.240 port 38012 ssh2
Jun 24 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Connection closed by 141.98.83.240 port 38012 [preauth]
Jun 24 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 06:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: Invalid user l4d2 from 103.78.0.229
Jun 24 06:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: input_userauth_request: invalid user l4d2 [preauth]
Jun 24 06:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: Failed password for invalid user l4d2 from 103.78.0.229 port 45146 ssh2
Jun 24 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: Received disconnect from 103.78.0.229 port 45146:11: Bye Bye [preauth]
Jun 24 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19012]: Disconnected from 103.78.0.229 port 45146 [preauth]
Jun 24 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19031]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19090]: Successful su for rubyman by root
Jun 24 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19090]: + ??? root:rubyman
Jun 24 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582166 of user rubyman.
Jun 24 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19090]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582166.
Jun 24 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16127]: pam_unix(cron:session): session closed for user root
Jun 24 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19032]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19404]: Invalid user alireza from 20.228.193.165
Jun 24 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19404]: input_userauth_request: invalid user alireza [preauth]
Jun 24 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19404]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: User backup from 13.90.206.6 not allowed because not listed in AllowUsers
Jun 24 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: input_userauth_request: invalid user backup [preauth]
Jun 24 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6  user=backup
Jun 24 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19404]: Failed password for invalid user alireza from 20.228.193.165 port 50960 ssh2
Jun 24 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19404]: Received disconnect from 20.228.193.165 port 50960:11: Bye Bye [preauth]
Jun 24 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19404]: Disconnected from 20.228.193.165 port 50960 [preauth]
Jun 24 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: Failed password for invalid user backup from 13.90.206.6 port 1664 ssh2
Jun 24 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19409]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19409]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19409]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session closed for user root
Jun 24 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: Invalid user terraform from 152.32.212.226
Jun 24 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: input_userauth_request: invalid user terraform [preauth]
Jun 24 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 06:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: Failed password for invalid user terraform from 152.32.212.226 port 61228 ssh2
Jun 24 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: Received disconnect from 152.32.212.226 port 61228:11: Bye Bye [preauth]
Jun 24 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19476]: Disconnected from 152.32.212.226 port 61228 [preauth]
Jun 24 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: User mysql from 91.92.40.240 not allowed because not listed in AllowUsers
Jun 24 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: input_userauth_request: invalid user mysql [preauth]
Jun 24 06:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240  user=mysql
Jun 24 06:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Failed password for invalid user mysql from 91.92.40.240 port 38892 ssh2
Jun 24 06:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Connection closed by 91.92.40.240 port 38892 [preauth]
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19730]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19796]: Successful su for rubyman by root
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19796]: + ??? root:rubyman
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582170 of user rubyman.
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19796]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582170.
Jun 24 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session closed for user root
Jun 24 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19731]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18596]: pam_unix(cron:session): session closed for user root
Jun 24 06:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84  user=root
Jun 24 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Invalid user admin from 103.78.0.229
Jun 24 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: input_userauth_request: invalid user admin [preauth]
Jun 24 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: Failed password for root from 45.232.73.84 port 42810 ssh2
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: Received disconnect from 45.232.73.84 port 42810:11: Bye Bye [preauth]
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: Disconnected from 45.232.73.84 port 42810 [preauth]
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Failed password for invalid user admin from 103.78.0.229 port 53882 ssh2
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Received disconnect from 103.78.0.229 port 53882:11: Bye Bye [preauth]
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Disconnected from 103.78.0.229 port 53882 [preauth]
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20230]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20301]: Successful su for rubyman by root
Jun 24 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20301]: + ??? root:rubyman
Jun 24 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582174 of user rubyman.
Jun 24 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20301]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582174.
Jun 24 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17026]: pam_unix(cron:session): session closed for user root
Jun 24 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155  user=root
Jun 24 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20231]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: Failed password for root from 118.193.47.155 port 49616 ssh2
Jun 24 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: Received disconnect from 118.193.47.155 port 49616:11: Bye Bye [preauth]
Jun 24 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: Disconnected from 118.193.47.155 port 49616 [preauth]
Jun 24 06:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165  user=root
Jun 24 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: Invalid user nginx from 91.92.40.240
Jun 24 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: input_userauth_request: invalid user nginx [preauth]
Jun 24 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Failed password for root from 20.228.193.165 port 48882 ssh2
Jun 24 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Received disconnect from 20.228.193.165 port 48882:11: Bye Bye [preauth]
Jun 24 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Disconnected from 20.228.193.165 port 48882 [preauth]
Jun 24 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: Failed password for invalid user nginx from 91.92.40.240 port 48178 ssh2
Jun 24 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: Connection closed by 91.92.40.240 port 48178 [preauth]
Jun 24 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Invalid user pizza from 13.90.206.6
Jun 24 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: input_userauth_request: invalid user pizza [preauth]
Jun 24 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19034]: pam_unix(cron:session): session closed for user root
Jun 24 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Failed password for invalid user pizza from 13.90.206.6 port 1664 ssh2
Jun 24 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: Invalid user deploy from 152.32.212.226
Jun 24 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: input_userauth_request: invalid user deploy [preauth]
Jun 24 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: Failed password for invalid user deploy from 152.32.212.226 port 51630 ssh2
Jun 24 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: Received disconnect from 152.32.212.226 port 51630:11: Bye Bye [preauth]
Jun 24 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: Disconnected from 152.32.212.226 port 51630 [preauth]
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20724]: pam_unix(cron:session): session closed for user root
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: Successful su for rubyman by root
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: + ??? root:rubyman
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582178 of user rubyman.
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582178.
Jun 24 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20710]: pam_unix(cron:session): session closed for user root
Jun 24 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session closed for user root
Jun 24 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20709]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21100]: Received disconnect from 192.3.127.40 port 51418:11: disconnected by user [preauth]
Jun 24 06:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21100]: Disconnected from 192.3.127.40 port 51418 [preauth]
Jun 24 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19734]: pam_unix(cron:session): session closed for user root
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21197]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21262]: Successful su for rubyman by root
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21262]: + ??? root:rubyman
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582185 of user rubyman.
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21262]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582185.
Jun 24 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session closed for user root
Jun 24 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229  user=root
Jun 24 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21198]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Failed password for root from 103.78.0.229 port 34372 ssh2
Jun 24 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Received disconnect from 103.78.0.229 port 34372:11: Bye Bye [preauth]
Jun 24 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Disconnected from 103.78.0.229 port 34372 [preauth]
Jun 24 06:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Invalid user nginx from 91.92.40.240
Jun 24 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: input_userauth_request: invalid user nginx [preauth]
Jun 24 06:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: Invalid user ubuntu from 45.232.73.84
Jun 24 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Failed password for invalid user nginx from 91.92.40.240 port 53724 ssh2
Jun 24 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Connection closed by 91.92.40.240 port 53724 [preauth]
Jun 24 06:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: Failed password for invalid user ubuntu from 45.232.73.84 port 52368 ssh2
Jun 24 06:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: Received disconnect from 45.232.73.84 port 52368:11: Bye Bye [preauth]
Jun 24 06:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: Disconnected from 45.232.73.84 port 52368 [preauth]
Jun 24 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20235]: pam_unix(cron:session): session closed for user root
Jun 24 06:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Invalid user sshuser from 20.228.193.165
Jun 24 06:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: input_userauth_request: invalid user sshuser [preauth]
Jun 24 06:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 06:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Failed password for invalid user sshuser from 20.228.193.165 port 60386 ssh2
Jun 24 06:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Received disconnect from 20.228.193.165 port 60386:11: Bye Bye [preauth]
Jun 24 06:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Disconnected from 20.228.193.165 port 60386 [preauth]
Jun 24 06:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: Invalid user cheboksary from 13.90.206.6
Jun 24 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: input_userauth_request: invalid user cheboksary [preauth]
Jun 24 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 06:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226  user=root
Jun 24 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: Failed password for invalid user cheboksary from 13.90.206.6 port 1664 ssh2
Jun 24 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21622]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21625]: Failed password for root from 152.32.212.226 port 10198 ssh2
Jun 24 06:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21625]: Received disconnect from 152.32.212.226 port 10198:11: Bye Bye [preauth]
Jun 24 06:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21625]: Disconnected from 152.32.212.226 port 10198 [preauth]
Jun 24 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Connection closed by 45.148.10.121 port 47950 [preauth]
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21658]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21728]: Successful su for rubyman by root
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21728]: + ??? root:rubyman
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582188 of user rubyman.
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21728]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582188.
Jun 24 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18595]: pam_unix(cron:session): session closed for user root
Jun 24 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21659]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: Invalid user said from 14.103.112.35
Jun 24 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: input_userauth_request: invalid user said [preauth]
Jun 24 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35
Jun 24 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: Failed password for invalid user said from 14.103.112.35 port 52462 ssh2
Jun 24 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: Received disconnect from 14.103.112.35 port 52462:11: Bye Bye [preauth]
Jun 24 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: Disconnected from 14.103.112.35 port 52462 [preauth]
Jun 24 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20716]: pam_unix(cron:session): session closed for user root
Jun 24 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21996]: Failed password for root from 103.149.28.157 port 39560 ssh2
Jun 24 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21996]: Connection closed by 103.149.28.157 port 39560 [preauth]
Jun 24 06:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35  user=root
Jun 24 06:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22053]: Failed password for root from 14.103.112.35 port 50932 ssh2
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22074]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: Successful su for rubyman by root
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: + ??? root:rubyman
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582192 of user rubyman.
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582192.
Jun 24 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19033]: pam_unix(cron:session): session closed for user root
Jun 24 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: Invalid user git from 103.78.0.229
Jun 24 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: input_userauth_request: invalid user git [preauth]
Jun 24 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: Failed password for invalid user git from 103.78.0.229 port 43070 ssh2
Jun 24 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: Received disconnect from 103.78.0.229 port 43070:11: Bye Bye [preauth]
Jun 24 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: Disconnected from 103.78.0.229 port 43070 [preauth]
Jun 24 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: Invalid user nginx from 91.92.40.240
Jun 24 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: input_userauth_request: invalid user nginx [preauth]
Jun 24 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: Failed password for invalid user nginx from 91.92.40.240 port 41106 ssh2
Jun 24 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: Connection closed by 91.92.40.240 port 41106 [preauth]
Jun 24 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21200]: pam_unix(cron:session): session closed for user root
Jun 24 06:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: Invalid user terraform from 45.232.73.84
Jun 24 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: input_userauth_request: invalid user terraform [preauth]
Jun 24 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Failed password for root from 103.77.175.15 port 36064 ssh2
Jun 24 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Connection closed by 103.77.175.15 port 36064 [preauth]
Jun 24 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: Failed password for invalid user terraform from 45.232.73.84 port 33688 ssh2
Jun 24 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: Received disconnect from 45.232.73.84 port 33688:11: Bye Bye [preauth]
Jun 24 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: Disconnected from 45.232.73.84 port 33688 [preauth]
Jun 24 06:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: Invalid user git from 20.228.193.165
Jun 24 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: input_userauth_request: invalid user git [preauth]
Jun 24 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: Invalid user ubuntu from 152.32.212.226
Jun 24 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: Failed password for invalid user git from 20.228.193.165 port 59384 ssh2
Jun 24 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: Failed password for invalid user ubuntu from 152.32.212.226 port 30684 ssh2
Jun 24 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: Received disconnect from 20.228.193.165 port 59384:11: Bye Bye [preauth]
Jun 24 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22548]: Disconnected from 20.228.193.165 port 59384 [preauth]
Jun 24 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: Received disconnect from 152.32.212.226 port 30684:11: Bye Bye [preauth]
Jun 24 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: Disconnected from 152.32.212.226 port 30684 [preauth]
Jun 24 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: Invalid user camille from 128.251.36.118
Jun 24 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: input_userauth_request: invalid user camille [preauth]
Jun 24 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: Failed password for invalid user camille from 128.251.36.118 port 7104 ssh2
Jun 24 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22559]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Invalid user lucky from 13.90.206.6
Jun 24 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: input_userauth_request: invalid user lucky [preauth]
Jun 24 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.90.206.6
Jun 24 06:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Failed password for invalid user lucky from 13.90.206.6 port 1664 ssh2
Jun 24 06:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Received disconnect from 13.90.206.6 port 1664:11: Bye Bye [preauth]
Jun 24 06:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Disconnected from 13.90.206.6 port 1664 [preauth]
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22582]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22643]: Successful su for rubyman by root
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22643]: + ??? root:rubyman
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582196 of user rubyman.
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22643]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582196.
Jun 24 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19732]: pam_unix(cron:session): session closed for user root
Jun 24 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22583]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21661]: pam_unix(cron:session): session closed for user root
Jun 24 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22992]: pam_unix(cron:session): session closed for user root
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22987]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23053]: Successful su for rubyman by root
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23053]: + ??? root:rubyman
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582204 of user rubyman.
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23053]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582204.
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: Invalid user nginx from 91.92.40.240
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: input_userauth_request: invalid user nginx [preauth]
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22989]: pam_unix(cron:session): session closed for user root
Jun 24 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: Failed password for invalid user nginx from 91.92.40.240 port 36178 ssh2
Jun 24 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: Connection closed by 91.92.40.240 port 36178 [preauth]
Jun 24 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20232]: pam_unix(cron:session): session closed for user root
Jun 24 06:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22988]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Invalid user devops from 103.78.0.229
Jun 24 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: input_userauth_request: invalid user devops [preauth]
Jun 24 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 06:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Failed password for invalid user devops from 103.78.0.229 port 51772 ssh2
Jun 24 06:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Received disconnect from 103.78.0.229 port 51772:11: Bye Bye [preauth]
Jun 24 06:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Disconnected from 103.78.0.229 port 51772 [preauth]
Jun 24 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session closed for user root
Jun 24 06:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: Invalid user ubuntu from 152.32.212.226
Jun 24 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: Failed password for invalid user ubuntu from 152.32.212.226 port 10264 ssh2
Jun 24 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: Received disconnect from 152.32.212.226 port 10264:11: Bye Bye [preauth]
Jun 24 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23423]: Disconnected from 152.32.212.226 port 10264 [preauth]
Jun 24 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: Invalid user git from 20.228.193.165
Jun 24 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: input_userauth_request: invalid user git [preauth]
Jun 24 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: Failed password for invalid user git from 20.228.193.165 port 59922 ssh2
Jun 24 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: Received disconnect from 20.228.193.165 port 59922:11: Bye Bye [preauth]
Jun 24 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: Disconnected from 20.228.193.165 port 59922 [preauth]
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23517]: Successful su for rubyman by root
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23517]: + ??? root:rubyman
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582207 of user rubyman.
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23517]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582207.
Jun 24 06:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20712]: pam_unix(cron:session): session closed for user root
Jun 24 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23711]: Invalid user user from 45.232.73.84
Jun 24 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23711]: input_userauth_request: invalid user user [preauth]
Jun 24 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23711]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 06:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Invalid user nx from 128.251.36.118
Jun 24 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: input_userauth_request: invalid user nx [preauth]
Jun 24 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23711]: Failed password for invalid user user from 45.232.73.84 port 43252 ssh2
Jun 24 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23711]: Received disconnect from 45.232.73.84 port 43252:11: Bye Bye [preauth]
Jun 24 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23711]: Disconnected from 45.232.73.84 port 43252 [preauth]
Jun 24 06:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Failed password for invalid user nx from 128.251.36.118 port 7104 ssh2
Jun 24 06:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 06:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 06:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22586]: pam_unix(cron:session): session closed for user root
Jun 24 06:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Invalid user operator from 91.92.40.240
Jun 24 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: input_userauth_request: invalid user operator [preauth]
Jun 24 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Failed password for invalid user operator from 91.92.40.240 port 35698 ssh2
Jun 24 06:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Connection closed by 91.92.40.240 port 35698 [preauth]
Jun 24 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23971]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24034]: Successful su for rubyman by root
Jun 24 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24034]: + ??? root:rubyman
Jun 24 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582211 of user rubyman.
Jun 24 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24034]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582211.
Jun 24 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21199]: pam_unix(cron:session): session closed for user root
Jun 24 06:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23972]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: Invalid user deploy from 103.78.0.229
Jun 24 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: input_userauth_request: invalid user deploy [preauth]
Jun 24 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22991]: pam_unix(cron:session): session closed for user root
Jun 24 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: Failed password for invalid user deploy from 103.78.0.229 port 60492 ssh2
Jun 24 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: Received disconnect from 103.78.0.229 port 60492:11: Bye Bye [preauth]
Jun 24 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: Disconnected from 103.78.0.229 port 60492 [preauth]
Jun 24 06:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Invalid user devops from 152.32.212.226
Jun 24 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: input_userauth_request: invalid user devops [preauth]
Jun 24 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Failed password for invalid user devops from 152.32.212.226 port 15104 ssh2
Jun 24 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Received disconnect from 152.32.212.226 port 15104:11: Bye Bye [preauth]
Jun 24 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Disconnected from 152.32.212.226 port 15104 [preauth]
Jun 24 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Failed password for root from 103.82.132.16 port 35996 ssh2
Jun 24 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: Invalid user ubuntu from 20.228.193.165
Jun 24 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Connection closed by 103.82.132.16 port 35996 [preauth]
Jun 24 06:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: Failed password for invalid user ubuntu from 20.228.193.165 port 36670 ssh2
Jun 24 06:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: Received disconnect from 20.228.193.165 port 36670:11: Bye Bye [preauth]
Jun 24 06:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: Disconnected from 20.228.193.165 port 36670 [preauth]
Jun 24 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24396]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24457]: Successful su for rubyman by root
Jun 24 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24457]: + ??? root:rubyman
Jun 24 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582215 of user rubyman.
Jun 24 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24457]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582215.
Jun 24 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21660]: pam_unix(cron:session): session closed for user root
Jun 24 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24397]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: Invalid user zxg from 128.251.36.118
Jun 24 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: input_userauth_request: invalid user zxg [preauth]
Jun 24 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 06:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: Failed password for invalid user zxg from 128.251.36.118 port 7104 ssh2
Jun 24 06:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 06:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24730]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 06:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23449]: pam_unix(cron:session): session closed for user root
Jun 24 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84  user=root
Jun 24 06:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: Failed password for root from 45.232.73.84 port 52814 ssh2
Jun 24 06:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: Received disconnect from 45.232.73.84 port 52814:11: Bye Bye [preauth]
Jun 24 06:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: Disconnected from 45.232.73.84 port 52814 [preauth]
Jun 24 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: Invalid user operator from 91.92.40.240
Jun 24 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: input_userauth_request: invalid user operator [preauth]
Jun 24 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: Failed password for invalid user operator from 91.92.40.240 port 59412 ssh2
Jun 24 06:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: Connection closed by 91.92.40.240 port 59412 [preauth]
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24825]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24883]: Successful su for rubyman by root
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24883]: + ??? root:rubyman
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582219 of user rubyman.
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24883]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582219.
Jun 24 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session closed for user root
Jun 24 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24826]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session closed for user root
Jun 24 06:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: Received disconnect from 149.56.241.206 port 37048:11: disconnected by user [preauth]
Jun 24 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: Disconnected from 149.56.241.206 port 37048 [preauth]
Jun 24 06:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229  user=root
Jun 24 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Failed password for root from 103.78.0.229 port 40980 ssh2
Jun 24 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Received disconnect from 103.78.0.229 port 40980:11: Bye Bye [preauth]
Jun 24 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Disconnected from 103.78.0.229 port 40980 [preauth]
Jun 24 06:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: Invalid user lily from 152.32.212.226
Jun 24 06:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: input_userauth_request: invalid user lily [preauth]
Jun 24 06:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Invalid user lily from 20.228.193.165
Jun 24 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: input_userauth_request: invalid user lily [preauth]
Jun 24 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: Failed password for invalid user lily from 152.32.212.226 port 60150 ssh2
Jun 24 06:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: Received disconnect from 152.32.212.226 port 60150:11: Bye Bye [preauth]
Jun 24 06:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: Disconnected from 152.32.212.226 port 60150 [preauth]
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25243]: pam_unix(cron:session): session closed for user root
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25238]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25302]: Successful su for rubyman by root
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25302]: + ??? root:rubyman
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582222 of user rubyman.
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25302]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582222.
Jun 24 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Failed password for invalid user lily from 20.228.193.165 port 36894 ssh2
Jun 24 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Received disconnect from 20.228.193.165 port 36894:11: Bye Bye [preauth]
Jun 24 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Disconnected from 20.228.193.165 port 36894 [preauth]
Jun 24 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22585]: pam_unix(cron:session): session closed for user root
Jun 24 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25240]: pam_unix(cron:session): session closed for user root
Jun 24 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25239]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25561]: Invalid user operator from 91.92.40.240
Jun 24 06:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25561]: input_userauth_request: invalid user operator [preauth]
Jun 24 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25561]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25561]: Failed password for invalid user operator from 91.92.40.240 port 37940 ssh2
Jun 24 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25561]: Connection closed by 91.92.40.240 port 37940 [preauth]
Jun 24 06:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24399]: pam_unix(cron:session): session closed for user root
Jun 24 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Invalid user satis from 128.251.36.118
Jun 24 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: input_userauth_request: invalid user satis [preauth]
Jun 24 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Failed password for invalid user satis from 128.251.36.118 port 7104 ssh2
Jun 24 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 06:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155  user=root
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: Failed password for root from 118.193.47.155 port 58216 ssh2
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25658]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: Received disconnect from 118.193.47.155 port 58216:11: Bye Bye [preauth]
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: Disconnected from 118.193.47.155 port 58216 [preauth]
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25725]: Successful su for rubyman by root
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25725]: + ??? root:rubyman
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582228 of user rubyman.
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25725]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582228.
Jun 24 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22990]: pam_unix(cron:session): session closed for user root
Jun 24 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25659]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Invalid user admin from 45.232.73.84
Jun 24 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: input_userauth_request: invalid user admin [preauth]
Jun 24 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Failed password for invalid user admin from 45.232.73.84 port 34158 ssh2
Jun 24 06:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Received disconnect from 45.232.73.84 port 34158:11: Bye Bye [preauth]
Jun 24 06:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Disconnected from 45.232.73.84 port 34158 [preauth]
Jun 24 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24828]: pam_unix(cron:session): session closed for user root
Jun 24 06:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229  user=root
Jun 24 06:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Failed password for root from 103.78.0.229 port 49690 ssh2
Jun 24 06:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Received disconnect from 103.78.0.229 port 49690:11: Bye Bye [preauth]
Jun 24 06:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Disconnected from 103.78.0.229 port 49690 [preauth]
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26052]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26115]: Successful su for rubyman by root
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26115]: + ??? root:rubyman
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582233 of user rubyman.
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26115]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582233.
Jun 24 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session closed for user root
Jun 24 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26053]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: Invalid user sysadmin from 152.32.212.226
Jun 24 06:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 06:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: Failed password for invalid user sysadmin from 152.32.212.226 port 57538 ssh2
Jun 24 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: Received disconnect from 152.32.212.226 port 57538:11: Bye Bye [preauth]
Jun 24 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: Disconnected from 152.32.212.226 port 57538 [preauth]
Jun 24 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: Invalid user operator from 91.92.40.240
Jun 24 06:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: input_userauth_request: invalid user operator [preauth]
Jun 24 06:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Invalid user devops from 20.228.193.165
Jun 24 06:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: input_userauth_request: invalid user devops [preauth]
Jun 24 06:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: Failed password for invalid user operator from 91.92.40.240 port 37334 ssh2
Jun 24 06:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: Connection closed by 91.92.40.240 port 37334 [preauth]
Jun 24 06:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Failed password for invalid user devops from 20.228.193.165 port 48744 ssh2
Jun 24 06:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Received disconnect from 20.228.193.165 port 48744:11: Bye Bye [preauth]
Jun 24 06:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Disconnected from 20.228.193.165 port 48744 [preauth]
Jun 24 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25242]: pam_unix(cron:session): session closed for user root
Jun 24 06:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: Failed password for root from 87.251.79.125 port 38258 ssh2
Jun 24 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: Connection closed by 87.251.79.125 port 38258 [preauth]
Jun 24 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26459]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26520]: Successful su for rubyman by root
Jun 24 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26520]: + ??? root:rubyman
Jun 24 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582238 of user rubyman.
Jun 24 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26520]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582238.
Jun 24 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session closed for user root
Jun 24 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26460]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 06:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 06:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 06:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25661]: pam_unix(cron:session): session closed for user root
Jun 24 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26860]: Invalid user sysadmin from 45.232.73.84
Jun 24 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26860]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26860]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 06:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26860]: Failed password for invalid user sysadmin from 45.232.73.84 port 43734 ssh2
Jun 24 06:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26860]: Received disconnect from 45.232.73.84 port 43734:11: Bye Bye [preauth]
Jun 24 06:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26860]: Disconnected from 45.232.73.84 port 43734 [preauth]
Jun 24 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26932]: Invalid user operator from 91.92.40.240
Jun 24 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26932]: input_userauth_request: invalid user operator [preauth]
Jun 24 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26932]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26934]: Invalid user git from 103.78.0.229
Jun 24 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26934]: input_userauth_request: invalid user git [preauth]
Jun 24 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26934]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26932]: Failed password for invalid user operator from 91.92.40.240 port 47492 ssh2
Jun 24 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26932]: Connection closed by 91.92.40.240 port 47492 [preauth]
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26934]: Failed password for invalid user git from 103.78.0.229 port 58406 ssh2
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26947]: pam_unix(cron:session): session closed for user p13x
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26934]: Received disconnect from 103.78.0.229 port 58406:11: Bye Bye [preauth]
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26934]: Disconnected from 103.78.0.229 port 58406 [preauth]
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27006]: Successful su for rubyman by root
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27006]: + ??? root:rubyman
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582241 of user rubyman.
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27006]: pam_unix(su:session): session closed for user rubyman
Jun 24 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582241.
Jun 24 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24398]: pam_unix(cron:session): session closed for user root
Jun 24 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26948]: pam_unix(cron:session): session closed for user samftp
Jun 24 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Invalid user deployer from 152.32.212.226
Jun 24 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: input_userauth_request: invalid user deployer [preauth]
Jun 24 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Failed password for invalid user deployer from 152.32.212.226 port 42796 ssh2
Jun 24 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Received disconnect from 152.32.212.226 port 42796:11: Bye Bye [preauth]
Jun 24 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Disconnected from 152.32.212.226 port 42796 [preauth]
Jun 24 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Invalid user server from 118.193.47.155
Jun 24 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: input_userauth_request: invalid user server [preauth]
Jun 24 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Invalid user deploy from 20.228.193.165
Jun 24 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: input_userauth_request: invalid user deploy [preauth]
Jun 24 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Failed password for invalid user server from 118.193.47.155 port 37876 ssh2
Jun 24 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Received disconnect from 118.193.47.155 port 37876:11: Bye Bye [preauth]
Jun 24 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Disconnected from 118.193.47.155 port 37876 [preauth]
Jun 24 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Failed password for invalid user deploy from 20.228.193.165 port 41774 ssh2
Jun 24 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Received disconnect from 20.228.193.165 port 41774:11: Bye Bye [preauth]
Jun 24 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Disconnected from 20.228.193.165 port 41774 [preauth]
Jun 24 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26055]: pam_unix(cron:session): session closed for user root
Jun 24 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27355]: Failed password for root from 147.45.199.80 port 33022 ssh2
Jun 24 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27355]: Connection closed by 147.45.199.80 port 33022 [preauth]
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27377]: pam_unix(cron:session): session closed for user root
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27373]: pam_unix(cron:session): session closed for user root
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27370]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27457]: Successful su for rubyman by root
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27457]: + ??? root:rubyman
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582244 of user rubyman.
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27457]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582244.
Jun 24 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27374]: pam_unix(cron:session): session closed for user root
Jun 24 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24827]: pam_unix(cron:session): session closed for user root
Jun 24 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27372]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26462]: pam_unix(cron:session): session closed for user root
Jun 24 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: Invalid user operator from 91.92.40.240
Jun 24 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: input_userauth_request: invalid user operator [preauth]
Jun 24 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: Failed password for invalid user operator from 91.92.40.240 port 42312 ssh2
Jun 24 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: Connection closed by 91.92.40.240 port 42312 [preauth]
Jun 24 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84  user=root
Jun 24 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Invalid user admin from 2.57.121.25
Jun 24 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27870]: Failed password for root from 45.232.73.84 port 53302 ssh2
Jun 24 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27870]: Received disconnect from 45.232.73.84 port 53302:11: Bye Bye [preauth]
Jun 24 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27870]: Disconnected from 45.232.73.84 port 53302 [preauth]
Jun 24 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Failed password for invalid user admin from 2.57.121.25 port 13878 ssh2
Jun 24 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Failed password for invalid user admin from 2.57.121.25 port 13878 ssh2
Jun 24 07:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: Invalid user terraform from 103.78.0.229
Jun 24 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: input_userauth_request: invalid user terraform [preauth]
Jun 24 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Failed password for invalid user admin from 2.57.121.25 port 13878 ssh2
Jun 24 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Connection closed by 2.57.121.25 port 13878 [preauth]
Jun 24 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27895]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27965]: Successful su for rubyman by root
Jun 24 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27965]: + ??? root:rubyman
Jun 24 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582253 of user rubyman.
Jun 24 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27965]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582253.
Jun 24 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: Failed password for invalid user terraform from 103.78.0.229 port 38880 ssh2
Jun 24 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: Received disconnect from 103.78.0.229 port 38880:11: Bye Bye [preauth]
Jun 24 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27884]: Disconnected from 103.78.0.229 port 38880 [preauth]
Jun 24 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25241]: pam_unix(cron:session): session closed for user root
Jun 24 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27896]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Invalid user admin from 152.32.212.226
Jun 24 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Failed password for invalid user admin from 152.32.212.226 port 26898 ssh2
Jun 24 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Received disconnect from 152.32.212.226 port 26898:11: Bye Bye [preauth]
Jun 24 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Disconnected from 152.32.212.226 port 26898 [preauth]
Jun 24 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26950]: pam_unix(cron:session): session closed for user root
Jun 24 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Invalid user l4d2 from 20.228.193.165
Jun 24 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: input_userauth_request: invalid user l4d2 [preauth]
Jun 24 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Failed password for invalid user l4d2 from 20.228.193.165 port 35174 ssh2
Jun 24 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Received disconnect from 20.228.193.165 port 35174:11: Bye Bye [preauth]
Jun 24 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Disconnected from 20.228.193.165 port 35174 [preauth]
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28355]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28413]: Successful su for rubyman by root
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28413]: + ??? root:rubyman
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582255 of user rubyman.
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28413]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582255.
Jun 24 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25660]: pam_unix(cron:session): session closed for user root
Jun 24 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28356]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: Invalid user oracle from 91.92.40.240
Jun 24 07:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: input_userauth_request: invalid user oracle [preauth]
Jun 24 07:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27376]: pam_unix(cron:session): session closed for user root
Jun 24 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: Failed password for invalid user oracle from 91.92.40.240 port 52136 ssh2
Jun 24 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: Connection closed by 91.92.40.240 port 52136 [preauth]
Jun 24 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 07:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: Failed password for root from 103.176.20.57 port 60680 ssh2
Jun 24 07:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: Connection closed by 103.176.20.57 port 60680 [preauth]
Jun 24 07:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155  user=root
Jun 24 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Failed password for root from 118.193.47.155 port 45162 ssh2
Jun 24 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Received disconnect from 118.193.47.155 port 45162:11: Bye Bye [preauth]
Jun 24 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Disconnected from 118.193.47.155 port 45162 [preauth]
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28849]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28923]: Successful su for rubyman by root
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28923]: + ??? root:rubyman
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582260 of user rubyman.
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28923]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582260.
Jun 24 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: User john from 128.251.36.118 not allowed because not listed in AllowUsers
Jun 24 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: input_userauth_request: invalid user john [preauth]
Jun 24 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=john
Jun 24 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26054]: pam_unix(cron:session): session closed for user root
Jun 24 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: Failed password for invalid user john from 128.251.36.118 port 7104 ssh2
Jun 24 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28850]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: Invalid user alireza from 103.78.0.229
Jun 24 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: input_userauth_request: invalid user alireza [preauth]
Jun 24 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: Failed password for invalid user alireza from 103.78.0.229 port 47572 ssh2
Jun 24 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: Received disconnect from 103.78.0.229 port 47572:11: Bye Bye [preauth]
Jun 24 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29118]: Disconnected from 103.78.0.229 port 47572 [preauth]
Jun 24 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226  user=root
Jun 24 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: Invalid user admin from 45.232.73.84
Jun 24 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Failed password for root from 152.32.212.226 port 48128 ssh2
Jun 24 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Received disconnect from 152.32.212.226 port 48128:11: Bye Bye [preauth]
Jun 24 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Disconnected from 152.32.212.226 port 48128 [preauth]
Jun 24 07:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: Failed password for invalid user admin from 45.232.73.84 port 34628 ssh2
Jun 24 07:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: Received disconnect from 45.232.73.84 port 34628:11: Bye Bye [preauth]
Jun 24 07:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: Disconnected from 45.232.73.84 port 34628 [preauth]
Jun 24 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27898]: pam_unix(cron:session): session closed for user root
Jun 24 07:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: Invalid user terraform from 20.228.193.165
Jun 24 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: input_userauth_request: invalid user terraform [preauth]
Jun 24 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 07:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: Failed password for invalid user terraform from 20.228.193.165 port 56238 ssh2
Jun 24 07:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: Received disconnect from 20.228.193.165 port 56238:11: Bye Bye [preauth]
Jun 24 07:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: Disconnected from 20.228.193.165 port 56238 [preauth]
Jun 24 07:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 07:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29288]: Failed password for root from 103.27.238.120 port 59906 ssh2
Jun 24 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29288]: Connection closed by 103.27.238.120 port 59906 [preauth]
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29306]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29366]: Successful su for rubyman by root
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29366]: + ??? root:rubyman
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582264 of user rubyman.
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29366]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582264.
Jun 24 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26461]: pam_unix(cron:session): session closed for user root
Jun 24 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29307]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: Invalid user oracle from 91.92.40.240
Jun 24 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: input_userauth_request: invalid user oracle [preauth]
Jun 24 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: Failed password for invalid user oracle from 91.92.40.240 port 39900 ssh2
Jun 24 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: Connection closed by 91.92.40.240 port 39900 [preauth]
Jun 24 07:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28358]: pam_unix(cron:session): session closed for user root
Jun 24 07:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Did not receive identification string from 3.19.14.223
Jun 24 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29844]: pam_unix(cron:session): session closed for user root
Jun 24 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29836]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29913]: Successful su for rubyman by root
Jun 24 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29913]: + ??? root:rubyman
Jun 24 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582272 of user rubyman.
Jun 24 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29913]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582272.
Jun 24 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29841]: pam_unix(cron:session): session closed for user root
Jun 24 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26949]: pam_unix(cron:session): session closed for user root
Jun 24 07:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29837]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229  user=root
Jun 24 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226  user=root
Jun 24 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Failed password for root from 103.78.0.229 port 56290 ssh2
Jun 24 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Failed password for root from 152.32.212.226 port 55020 ssh2
Jun 24 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Received disconnect from 103.78.0.229 port 56290:11: Bye Bye [preauth]
Jun 24 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Disconnected from 103.78.0.229 port 56290 [preauth]
Jun 24 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Received disconnect from 152.32.212.226 port 55020:11: Bye Bye [preauth]
Jun 24 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Disconnected from 152.32.212.226 port 55020 [preauth]
Jun 24 07:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 07:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28853]: pam_unix(cron:session): session closed for user root
Jun 24 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84  user=root
Jun 24 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: Failed password for root from 38.93.206.2 port 31276 ssh2
Jun 24 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: Connection closed by 38.93.206.2 port 31276 [preauth]
Jun 24 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: Failed password for root from 45.232.73.84 port 44186 ssh2
Jun 24 07:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: Received disconnect from 45.232.73.84 port 44186:11: Bye Bye [preauth]
Jun 24 07:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: Disconnected from 45.232.73.84 port 44186 [preauth]
Jun 24 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Invalid user git from 20.228.193.165
Jun 24 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: input_userauth_request: invalid user git [preauth]
Jun 24 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 07:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Failed password for invalid user git from 20.228.193.165 port 39984 ssh2
Jun 24 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Received disconnect from 20.228.193.165 port 39984:11: Bye Bye [preauth]
Jun 24 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Disconnected from 20.228.193.165 port 39984 [preauth]
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30299]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30367]: Successful su for rubyman by root
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30367]: + ??? root:rubyman
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582273 of user rubyman.
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30367]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582273.
Jun 24 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27375]: pam_unix(cron:session): session closed for user root
Jun 24 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30300]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: Invalid user oracle from 91.92.40.240
Jun 24 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: input_userauth_request: invalid user oracle [preauth]
Jun 24 07:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: Failed password for invalid user oracle from 91.92.40.240 port 36574 ssh2
Jun 24 07:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: Connection closed by 91.92.40.240 port 36574 [preauth]
Jun 24 07:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Invalid user ubuntu from 118.193.47.155
Jun 24 07:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 07:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 07:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Failed password for invalid user ubuntu from 118.193.47.155 port 39912 ssh2
Jun 24 07:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Received disconnect from 118.193.47.155 port 39912:11: Bye Bye [preauth]
Jun 24 07:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Disconnected from 118.193.47.155 port 39912 [preauth]
Jun 24 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session closed for user root
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30722]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30719]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30787]: Successful su for rubyman by root
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30787]: + ??? root:rubyman
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582277 of user rubyman.
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30787]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582277.
Jun 24 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session closed for user root
Jun 24 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30720]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226  user=root
Jun 24 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Failed password for root from 152.32.212.226 port 31648 ssh2
Jun 24 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Received disconnect from 152.32.212.226 port 31648:11: Bye Bye [preauth]
Jun 24 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Disconnected from 152.32.212.226 port 31648 [preauth]
Jun 24 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: Invalid user sshuser from 103.78.0.229
Jun 24 07:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: input_userauth_request: invalid user sshuser [preauth]
Jun 24 07:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: Failed password for invalid user sshuser from 103.78.0.229 port 36790 ssh2
Jun 24 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: Received disconnect from 103.78.0.229 port 36790:11: Bye Bye [preauth]
Jun 24 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: Disconnected from 103.78.0.229 port 36790 [preauth]
Jun 24 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session closed for user root
Jun 24 07:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 07:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 07:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Failed password for root from 103.172.78.219 port 50428 ssh2
Jun 24 07:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Connection closed by 103.172.78.219 port 50428 [preauth]
Jun 24 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84  user=root
Jun 24 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Failed password for root from 45.232.73.84 port 53746 ssh2
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Received disconnect from 45.232.73.84 port 53746:11: Bye Bye [preauth]
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Disconnected from 45.232.73.84 port 53746 [preauth]
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: Invalid user oracle from 91.92.40.240
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: input_userauth_request: invalid user oracle [preauth]
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31230]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31298]: Successful su for rubyman by root
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31298]: + ??? root:rubyman
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582283 of user rubyman.
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31298]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582283.
Jun 24 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: Invalid user harry from 20.228.193.165
Jun 24 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: input_userauth_request: invalid user harry [preauth]
Jun 24 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: Failed password for invalid user oracle from 91.92.40.240 port 60014 ssh2
Jun 24 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: Connection closed by 91.92.40.240 port 60014 [preauth]
Jun 24 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28357]: pam_unix(cron:session): session closed for user root
Jun 24 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: Failed password for invalid user harry from 20.228.193.165 port 51620 ssh2
Jun 24 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: Received disconnect from 20.228.193.165 port 51620:11: Bye Bye [preauth]
Jun 24 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: Disconnected from 20.228.193.165 port 51620 [preauth]
Jun 24 07:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31231]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Bad protocol version identification '\026\003\001' from 184.105.247.196 port 56386
Jun 24 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30302]: pam_unix(cron:session): session closed for user root
Jun 24 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31738]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31851]: Successful su for rubyman by root
Jun 24 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31851]: + ??? root:rubyman
Jun 24 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582285 of user rubyman.
Jun 24 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31851]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582285.
Jun 24 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31732]: pam_unix(cron:session): session closed for user root
Jun 24 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28852]: pam_unix(cron:session): session closed for user root
Jun 24 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31736]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30722]: pam_unix(cron:session): session closed for user root
Jun 24 07:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: Invalid user l4d2 from 152.32.212.226
Jun 24 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: input_userauth_request: invalid user l4d2 [preauth]
Jun 24 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: Failed password for invalid user l4d2 from 152.32.212.226 port 51950 ssh2
Jun 24 07:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: Received disconnect from 152.32.212.226 port 51950:11: Bye Bye [preauth]
Jun 24 07:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: Disconnected from 152.32.212.226 port 51950 [preauth]
Jun 24 07:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: Invalid user harry from 103.78.0.229
Jun 24 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: input_userauth_request: invalid user harry [preauth]
Jun 24 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: Failed password for invalid user harry from 103.78.0.229 port 45528 ssh2
Jun 24 07:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: Received disconnect from 103.78.0.229 port 45528:11: Bye Bye [preauth]
Jun 24 07:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: Disconnected from 103.78.0.229 port 45528 [preauth]
Jun 24 07:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: Invalid user oracle from 91.92.40.240
Jun 24 07:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: input_userauth_request: invalid user oracle [preauth]
Jun 24 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: Failed password for invalid user oracle from 91.92.40.240 port 49772 ssh2
Jun 24 07:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: Connection closed by 91.92.40.240 port 49772 [preauth]
Jun 24 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32251]: pam_unix(cron:session): session closed for user root
Jun 24 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32246]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: Successful su for rubyman by root
Jun 24 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: + ??? root:rubyman
Jun 24 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582290 of user rubyman.
Jun 24 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582290.
Jun 24 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session closed for user root
Jun 24 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29309]: pam_unix(cron:session): session closed for user root
Jun 24 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32247]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Invalid user didi from 20.228.193.165
Jun 24 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: input_userauth_request: invalid user didi [preauth]
Jun 24 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Failed password for invalid user didi from 20.228.193.165 port 44232 ssh2
Jun 24 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Received disconnect from 20.228.193.165 port 44232:11: Bye Bye [preauth]
Jun 24 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Disconnected from 20.228.193.165 port 44232 [preauth]
Jun 24 07:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Invalid user devops from 45.232.73.84
Jun 24 07:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: input_userauth_request: invalid user devops [preauth]
Jun 24 07:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Failed password for invalid user devops from 45.232.73.84 port 35068 ssh2
Jun 24 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Received disconnect from 45.232.73.84 port 35068:11: Bye Bye [preauth]
Jun 24 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Disconnected from 45.232.73.84 port 35068 [preauth]
Jun 24 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31233]: pam_unix(cron:session): session closed for user root
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32693]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[300]: Successful su for rubyman by root
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[300]: + ??? root:rubyman
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582298 of user rubyman.
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[300]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582298.
Jun 24 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29842]: pam_unix(cron:session): session closed for user root
Jun 24 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32695]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31738]: pam_unix(cron:session): session closed for user root
Jun 24 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Invalid user oracle from 91.92.40.240
Jun 24 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: input_userauth_request: invalid user oracle [preauth]
Jun 24 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Failed password for invalid user oracle from 91.92.40.240 port 54184 ssh2
Jun 24 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Connection closed by 91.92.40.240 port 54184 [preauth]
Jun 24 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Invalid user payment from 152.32.212.226
Jun 24 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: input_userauth_request: invalid user payment [preauth]
Jun 24 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Failed password for invalid user payment from 152.32.212.226 port 58566 ssh2
Jun 24 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Received disconnect from 152.32.212.226 port 58566:11: Bye Bye [preauth]
Jun 24 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Disconnected from 152.32.212.226 port 58566 [preauth]
Jun 24 07:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229  user=root
Jun 24 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Failed password for root from 103.78.0.229 port 54278 ssh2
Jun 24 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Received disconnect from 103.78.0.229 port 54278:11: Bye Bye [preauth]
Jun 24 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Disconnected from 103.78.0.229 port 54278 [preauth]
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[793]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[862]: Successful su for rubyman by root
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[862]: + ??? root:rubyman
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582300 of user rubyman.
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[862]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582300.
Jun 24 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30301]: pam_unix(cron:session): session closed for user root
Jun 24 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[794]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Invalid user ubuntu from 20.228.193.165
Jun 24 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 07:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Failed password for invalid user ubuntu from 20.228.193.165 port 45038 ssh2
Jun 24 07:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Received disconnect from 20.228.193.165 port 45038:11: Bye Bye [preauth]
Jun 24 07:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Disconnected from 20.228.193.165 port 45038 [preauth]
Jun 24 07:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Invalid user ik from 128.251.36.118
Jun 24 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: input_userauth_request: invalid user ik [preauth]
Jun 24 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Failed password for invalid user ik from 128.251.36.118 port 7104 ssh2
Jun 24 07:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Invalid user temp from 217.76.154.242
Jun 24 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: input_userauth_request: invalid user temp [preauth]
Jun 24 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 24 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Failed password for invalid user temp from 217.76.154.242 port 36378 ssh2
Jun 24 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Connection closed by 217.76.154.242 port 36378 [preauth]
Jun 24 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32250]: pam_unix(cron:session): session closed for user root
Jun 24 07:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: Invalid user l4d2 from 45.232.73.84
Jun 24 07:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: input_userauth_request: invalid user l4d2 [preauth]
Jun 24 07:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: Failed password for invalid user l4d2 from 45.232.73.84 port 44636 ssh2
Jun 24 07:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: Received disconnect from 45.232.73.84 port 44636:11: Bye Bye [preauth]
Jun 24 07:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: Disconnected from 45.232.73.84 port 44636 [preauth]
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1257]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1255]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1325]: Successful su for rubyman by root
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1325]: + ??? root:rubyman
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582304 of user rubyman.
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1325]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582304.
Jun 24 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30721]: pam_unix(cron:session): session closed for user root
Jun 24 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1256]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Invalid user ubuntu from 118.193.47.155
Jun 24 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 07:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Failed password for invalid user ubuntu from 118.193.47.155 port 43262 ssh2
Jun 24 07:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Received disconnect from 118.193.47.155 port 43262:11: Bye Bye [preauth]
Jun 24 07:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Disconnected from 118.193.47.155 port 43262 [preauth]
Jun 24 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: Invalid user oracle from 91.92.40.240
Jun 24 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: input_userauth_request: invalid user oracle [preauth]
Jun 24 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: Failed password for invalid user oracle from 91.92.40.240 port 40890 ssh2
Jun 24 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: Connection closed by 91.92.40.240 port 40890 [preauth]
Jun 24 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32697]: pam_unix(cron:session): session closed for user root
Jun 24 07:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: Invalid user harry from 152.32.212.226
Jun 24 07:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: input_userauth_request: invalid user harry [preauth]
Jun 24 07:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: Failed password for invalid user harry from 152.32.212.226 port 13774 ssh2
Jun 24 07:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: Received disconnect from 152.32.212.226 port 13774:11: Bye Bye [preauth]
Jun 24 07:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: Disconnected from 152.32.212.226 port 13774 [preauth]
Jun 24 07:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Invalid user sysadmin from 103.78.0.229
Jun 24 07:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 07:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Failed password for invalid user sysadmin from 103.78.0.229 port 34758 ssh2
Jun 24 07:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Received disconnect from 103.78.0.229 port 34758:11: Bye Bye [preauth]
Jun 24 07:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Disconnected from 103.78.0.229 port 34758 [preauth]
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1817]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1877]: Successful su for rubyman by root
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1877]: + ??? root:rubyman
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582308 of user rubyman.
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1877]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582308.
Jun 24 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31232]: pam_unix(cron:session): session closed for user root
Jun 24 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1818]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165  user=root
Jun 24 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Failed password for root from 20.228.193.165 port 44610 ssh2
Jun 24 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Received disconnect from 20.228.193.165 port 44610:11: Bye Bye [preauth]
Jun 24 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Disconnected from 20.228.193.165 port 44610 [preauth]
Jun 24 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session closed for user root
Jun 24 07:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Invalid user moodle from 128.251.36.118
Jun 24 07:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: input_userauth_request: invalid user moodle [preauth]
Jun 24 07:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Failed password for invalid user moodle from 128.251.36.118 port 7104 ssh2
Jun 24 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 24 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: Failed password for root from 45.148.10.121 port 46136 ssh2
Jun 24 07:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: Connection closed by 45.148.10.121 port 46136 [preauth]
Jun 24 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session closed for user root
Jun 24 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2300]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2376]: Successful su for rubyman by root
Jun 24 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2376]: + ??? root:rubyman
Jun 24 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582312 of user rubyman.
Jun 24 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2376]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582312.
Jun 24 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session closed for user root
Jun 24 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Invalid user admin from 141.98.83.240
Jun 24 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31737]: pam_unix(cron:session): session closed for user root
Jun 24 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Failed password for invalid user admin from 141.98.83.240 port 9324 ssh2
Jun 24 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2301]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: Invalid user oracle from 91.92.40.240
Jun 24 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: input_userauth_request: invalid user oracle [preauth]
Jun 24 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Invalid user lily from 45.232.73.84
Jun 24 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: input_userauth_request: invalid user lily [preauth]
Jun 24 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Failed password for invalid user admin from 141.98.83.240 port 9324 ssh2
Jun 24 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: Failed password for invalid user oracle from 91.92.40.240 port 51116 ssh2
Jun 24 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Failed password for invalid user lily from 45.232.73.84 port 54220 ssh2
Jun 24 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: Connection closed by 91.92.40.240 port 51116 [preauth]
Jun 24 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Received disconnect from 45.232.73.84 port 54220:11: Bye Bye [preauth]
Jun 24 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Disconnected from 45.232.73.84 port 54220 [preauth]
Jun 24 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Failed password for invalid user admin from 141.98.83.240 port 9324 ssh2
Jun 24 07:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Connection closed by 141.98.83.240 port 9324 [preauth]
Jun 24 07:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 24 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Failed password for root from 94.159.110.201 port 48916 ssh2
Jun 24 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Connection closed by 94.159.110.201 port 48916 [preauth]
Jun 24 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: Failed password for root from 193.37.70.224 port 58134 ssh2
Jun 24 07:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: Connection closed by 193.37.70.224 port 58134 [preauth]
Jun 24 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1258]: pam_unix(cron:session): session closed for user root
Jun 24 07:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: Invalid user alireza from 152.32.212.226
Jun 24 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: input_userauth_request: invalid user alireza [preauth]
Jun 24 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: Failed password for invalid user alireza from 152.32.212.226 port 12330 ssh2
Jun 24 07:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: Received disconnect from 152.32.212.226 port 12330:11: Bye Bye [preauth]
Jun 24 07:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: Disconnected from 152.32.212.226 port 12330 [preauth]
Jun 24 07:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Invalid user ubuntu from 103.78.0.229
Jun 24 07:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 07:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Failed password for invalid user ubuntu from 103.78.0.229 port 43486 ssh2
Jun 24 07:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Received disconnect from 103.78.0.229 port 43486:11: Bye Bye [preauth]
Jun 24 07:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Disconnected from 103.78.0.229 port 43486 [preauth]
Jun 24 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2840]: Successful su for rubyman by root
Jun 24 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2840]: + ??? root:rubyman
Jun 24 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582318 of user rubyman.
Jun 24 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2840]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582318.
Jun 24 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32249]: pam_unix(cron:session): session closed for user root
Jun 24 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1820]: pam_unix(cron:session): session closed for user root
Jun 24 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Invalid user fauzi from 118.193.47.155
Jun 24 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: input_userauth_request: invalid user fauzi [preauth]
Jun 24 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Failed password for invalid user fauzi from 118.193.47.155 port 45850 ssh2
Jun 24 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Received disconnect from 118.193.47.155 port 45850:11: Bye Bye [preauth]
Jun 24 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Disconnected from 118.193.47.155 port 45850 [preauth]
Jun 24 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165  user=root
Jun 24 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for root from 20.228.193.165 port 54504 ssh2
Jun 24 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Received disconnect from 20.228.193.165 port 54504:11: Bye Bye [preauth]
Jun 24 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Disconnected from 20.228.193.165 port 54504 [preauth]
Jun 24 07:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Invalid user owner from 91.92.40.240
Jun 24 07:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: input_userauth_request: invalid user owner [preauth]
Jun 24 07:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Failed password for invalid user owner from 91.92.40.240 port 41440 ssh2
Jun 24 07:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Connection closed by 91.92.40.240 port 41440 [preauth]
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session closed for user root
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3171]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3234]: Successful su for rubyman by root
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3234]: + ??? root:rubyman
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582322 of user rubyman.
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3234]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582322.
Jun 24 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32696]: pam_unix(cron:session): session closed for user root
Jun 24 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3172]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Invalid user user1 from 128.251.36.118
Jun 24 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: input_userauth_request: invalid user user1 [preauth]
Jun 24 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Failed password for invalid user user1 from 128.251.36.118 port 7104 ssh2
Jun 24 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84  user=root
Jun 24 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session closed for user root
Jun 24 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: Failed password for root from 45.232.73.84 port 35574 ssh2
Jun 24 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: Received disconnect from 45.232.73.84 port 35574:11: Bye Bye [preauth]
Jun 24 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: Disconnected from 45.232.73.84 port 35574 [preauth]
Jun 24 07:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3557]: Invalid user git from 152.32.212.226
Jun 24 07:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3557]: input_userauth_request: invalid user git [preauth]
Jun 24 07:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3557]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3557]: Failed password for invalid user git from 152.32.212.226 port 20158 ssh2
Jun 24 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3557]: Received disconnect from 152.32.212.226 port 20158:11: Bye Bye [preauth]
Jun 24 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3557]: Disconnected from 152.32.212.226 port 20158 [preauth]
Jun 24 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3587]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: Invalid user lily from 103.78.0.229
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: input_userauth_request: invalid user lily [preauth]
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3646]: Successful su for rubyman by root
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3646]: + ??? root:rubyman
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582329 of user rubyman.
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3646]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582329.
Jun 24 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: Failed password for invalid user lily from 103.78.0.229 port 52188 ssh2
Jun 24 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: Received disconnect from 103.78.0.229 port 52188:11: Bye Bye [preauth]
Jun 24 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: Disconnected from 103.78.0.229 port 52188 [preauth]
Jun 24 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session closed for user root
Jun 24 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3588]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 24 07:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: Failed password for root from 46.19.67.181 port 52492 ssh2
Jun 24 07:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: Connection closed by 46.19.67.181 port 52492 [preauth]
Jun 24 07:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session closed for user root
Jun 24 07:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Invalid user owner from 91.92.40.240
Jun 24 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: input_userauth_request: invalid user owner [preauth]
Jun 24 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Failed password for invalid user owner from 91.92.40.240 port 54370 ssh2
Jun 24 07:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Connection closed by 91.92.40.240 port 54370 [preauth]
Jun 24 07:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165  user=root
Jun 24 07:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Failed password for root from 20.228.193.165 port 34084 ssh2
Jun 24 07:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Received disconnect from 20.228.193.165 port 34084:11: Bye Bye [preauth]
Jun 24 07:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Disconnected from 20.228.193.165 port 34084 [preauth]
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: Successful su for rubyman by root
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: + ??? root:rubyman
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582331 of user rubyman.
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582331.
Jun 24 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1257]: pam_unix(cron:session): session closed for user root
Jun 24 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Invalid user admin from 128.251.36.118
Jun 24 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Failed password for invalid user admin from 128.251.36.118 port 7104 ssh2
Jun 24 07:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3174]: pam_unix(cron:session): session closed for user root
Jun 24 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: Invalid user git from 45.232.73.84
Jun 24 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: input_userauth_request: invalid user git [preauth]
Jun 24 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Invalid user user from 152.32.212.226
Jun 24 07:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: input_userauth_request: invalid user user [preauth]
Jun 24 07:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: Failed password for invalid user git from 45.232.73.84 port 45116 ssh2
Jun 24 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: Received disconnect from 45.232.73.84 port 45116:11: Bye Bye [preauth]
Jun 24 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: Disconnected from 45.232.73.84 port 45116 [preauth]
Jun 24 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Failed password for invalid user user from 152.32.212.226 port 16252 ssh2
Jun 24 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Received disconnect from 152.32.212.226 port 16252:11: Bye Bye [preauth]
Jun 24 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Disconnected from 152.32.212.226 port 16252 [preauth]
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4603]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session closed for user root
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4599]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4671]: Successful su for rubyman by root
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4671]: + ??? root:rubyman
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582337 of user rubyman.
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4671]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582337.
Jun 24 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155  user=root
Jun 24 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1819]: pam_unix(cron:session): session closed for user root
Jun 24 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4601]: pam_unix(cron:session): session closed for user root
Jun 24 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229  user=root
Jun 24 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Failed password for root from 118.193.47.155 port 47172 ssh2
Jun 24 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Received disconnect from 118.193.47.155 port 47172:11: Bye Bye [preauth]
Jun 24 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Disconnected from 118.193.47.155 port 47172 [preauth]
Jun 24 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4600]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4920]: Failed password for root from 103.78.0.229 port 60904 ssh2
Jun 24 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4920]: Received disconnect from 103.78.0.229 port 60904:11: Bye Bye [preauth]
Jun 24 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4920]: Disconnected from 103.78.0.229 port 60904 [preauth]
Jun 24 07:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: Invalid user owner from 91.92.40.240
Jun 24 07:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: input_userauth_request: invalid user owner [preauth]
Jun 24 07:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: Failed password for invalid user owner from 91.92.40.240 port 57630 ssh2
Jun 24 07:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5057]: Connection closed by 91.92.40.240 port 57630 [preauth]
Jun 24 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3590]: pam_unix(cron:session): session closed for user root
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5151]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: Successful su for rubyman by root
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: + ??? root:rubyman
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582341 of user rubyman.
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5224]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582341.
Jun 24 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165  user=root
Jun 24 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5204]: Failed password for root from 20.228.193.165 port 36360 ssh2
Jun 24 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5204]: Received disconnect from 20.228.193.165 port 36360:11: Bye Bye [preauth]
Jun 24 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5204]: Disconnected from 20.228.193.165 port 36360 [preauth]
Jun 24 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session closed for user root
Jun 24 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5152]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4190]: pam_unix(cron:session): session closed for user root
Jun 24 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Invalid user owner from 91.92.40.240
Jun 24 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: input_userauth_request: invalid user owner [preauth]
Jun 24 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5571]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5631]: Successful su for rubyman by root
Jun 24 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5631]: + ??? root:rubyman
Jun 24 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582348 of user rubyman.
Jun 24 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5631]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582348.
Jun 24 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Failed password for invalid user owner from 91.92.40.240 port 36124 ssh2
Jun 24 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Connection closed by 91.92.40.240 port 36124 [preauth]
Jun 24 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226  user=root
Jun 24 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session closed for user root
Jun 24 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5575]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: Failed password for root from 152.32.212.226 port 10498 ssh2
Jun 24 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: Received disconnect from 152.32.212.226 port 10498:11: Bye Bye [preauth]
Jun 24 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: Disconnected from 152.32.212.226 port 10498 [preauth]
Jun 24 07:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: Invalid user sshuser from 45.232.73.84
Jun 24 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: input_userauth_request: invalid user sshuser [preauth]
Jun 24 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: Failed password for invalid user sshuser from 45.232.73.84 port 54674 ssh2
Jun 24 07:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: Received disconnect from 45.232.73.84 port 54674:11: Bye Bye [preauth]
Jun 24 07:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5837]: Disconnected from 45.232.73.84 port 54674 [preauth]
Jun 24 07:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229  user=root
Jun 24 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: Failed password for root from 103.78.0.229 port 41374 ssh2
Jun 24 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: Received disconnect from 103.78.0.229 port 41374:11: Bye Bye [preauth]
Jun 24 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5848]: Disconnected from 103.78.0.229 port 41374 [preauth]
Jun 24 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4603]: pam_unix(cron:session): session closed for user root
Jun 24 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 07:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Failed password for root from 109.237.96.109 port 46644 ssh2
Jun 24 07:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Connection closed by 109.237.96.109 port 46644 [preauth]
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6023]: Successful su for rubyman by root
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6023]: + ??? root:rubyman
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582350 of user rubyman.
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6023]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582350.
Jun 24 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3173]: pam_unix(cron:session): session closed for user root
Jun 24 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165  user=root
Jun 24 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Failed password for root from 20.228.193.165 port 47450 ssh2
Jun 24 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Received disconnect from 20.228.193.165 port 47450:11: Bye Bye [preauth]
Jun 24 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Disconnected from 20.228.193.165 port 47450 [preauth]
Jun 24 07:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: Invalid user k8s from 118.193.47.155
Jun 24 07:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: input_userauth_request: invalid user k8s [preauth]
Jun 24 07:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: Failed password for invalid user k8s from 118.193.47.155 port 47298 ssh2
Jun 24 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: Received disconnect from 118.193.47.155 port 47298:11: Bye Bye [preauth]
Jun 24 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: Disconnected from 118.193.47.155 port 47298 [preauth]
Jun 24 07:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5154]: pam_unix(cron:session): session closed for user root
Jun 24 07:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Invalid user pi from 91.92.40.240
Jun 24 07:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Failed password for invalid user pi from 91.92.40.240 port 56816 ssh2
Jun 24 07:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Connection closed by 91.92.40.240 port 56816 [preauth]
Jun 24 07:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 07:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Failed password for root from 194.113.233.25 port 39302 ssh2
Jun 24 07:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Connection closed by 194.113.233.25 port 39302 [preauth]
Jun 24 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6370]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6429]: Successful su for rubyman by root
Jun 24 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6429]: + ??? root:rubyman
Jun 24 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582354 of user rubyman.
Jun 24 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6429]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582354.
Jun 24 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3589]: pam_unix(cron:session): session closed for user root
Jun 24 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6371]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 07:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 07:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6644]: Invalid user didi from 152.32.212.226
Jun 24 07:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6644]: input_userauth_request: invalid user didi [preauth]
Jun 24 07:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6644]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6644]: Failed password for invalid user didi from 152.32.212.226 port 55318 ssh2
Jun 24 07:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6644]: Received disconnect from 152.32.212.226 port 55318:11: Bye Bye [preauth]
Jun 24 07:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6644]: Disconnected from 152.32.212.226 port 55318 [preauth]
Jun 24 07:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229  user=root
Jun 24 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Failed password for root from 103.78.0.229 port 50096 ssh2
Jun 24 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Received disconnect from 103.78.0.229 port 50096:11: Bye Bye [preauth]
Jun 24 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6676]: Disconnected from 103.78.0.229 port 50096 [preauth]
Jun 24 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5577]: pam_unix(cron:session): session closed for user root
Jun 24 07:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Invalid user alireza from 45.232.73.84
Jun 24 07:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: input_userauth_request: invalid user alireza [preauth]
Jun 24 07:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Failed password for invalid user alireza from 45.232.73.84 port 36038 ssh2
Jun 24 07:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Received disconnect from 45.232.73.84 port 36038:11: Bye Bye [preauth]
Jun 24 07:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Disconnected from 45.232.73.84 port 36038 [preauth]
Jun 24 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6789]: pam_unix(cron:session): session closed for user root
Jun 24 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6776]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: Successful su for rubyman by root
Jun 24 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: + ??? root:rubyman
Jun 24 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582359 of user rubyman.
Jun 24 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582359.
Jun 24 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6782]: pam_unix(cron:session): session closed for user root
Jun 24 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4189]: pam_unix(cron:session): session closed for user root
Jun 24 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6779]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Invalid user pi from 91.92.40.240
Jun 24 07:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Failed password for invalid user pi from 91.92.40.240 port 57326 ssh2
Jun 24 07:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Connection closed by 91.92.40.240 port 57326 [preauth]
Jun 24 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165  user=root
Jun 24 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: Failed password for root from 20.228.193.165 port 56288 ssh2
Jun 24 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: Received disconnect from 20.228.193.165 port 56288:11: Bye Bye [preauth]
Jun 24 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: Disconnected from 20.228.193.165 port 56288 [preauth]
Jun 24 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session closed for user root
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7308]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: Successful su for rubyman by root
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: + ??? root:rubyman
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582365 of user rubyman.
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582365.
Jun 24 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4602]: pam_unix(cron:session): session closed for user root
Jun 24 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: Failed password for root from 77.94.47.83 port 60918 ssh2
Jun 24 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7309]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: Connection closed by 77.94.47.83 port 60918 [preauth]
Jun 24 07:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Invalid user git from 152.32.212.226
Jun 24 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: input_userauth_request: invalid user git [preauth]
Jun 24 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Failed password for invalid user git from 152.32.212.226 port 44640 ssh2
Jun 24 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Received disconnect from 152.32.212.226 port 44640:11: Bye Bye [preauth]
Jun 24 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Disconnected from 152.32.212.226 port 44640 [preauth]
Jun 24 07:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6373]: pam_unix(cron:session): session closed for user root
Jun 24 07:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Invalid user git from 103.78.0.229
Jun 24 07:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: input_userauth_request: invalid user git [preauth]
Jun 24 07:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Failed password for invalid user git from 103.78.0.229 port 58814 ssh2
Jun 24 07:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Received disconnect from 103.78.0.229 port 58814:11: Bye Bye [preauth]
Jun 24 07:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Disconnected from 103.78.0.229 port 58814 [preauth]
Jun 24 07:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Invalid user pi from 91.92.40.240
Jun 24 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Failed password for invalid user pi from 91.92.40.240 port 59160 ssh2
Jun 24 07:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Connection closed by 91.92.40.240 port 59160 [preauth]
Jun 24 07:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155  user=root
Jun 24 07:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: Failed password for root from 118.193.47.155 port 46366 ssh2
Jun 24 07:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: Received disconnect from 118.193.47.155 port 46366:11: Bye Bye [preauth]
Jun 24 07:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: Disconnected from 118.193.47.155 port 46366 [preauth]
Jun 24 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7828]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7886]: Successful su for rubyman by root
Jun 24 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7886]: + ??? root:rubyman
Jun 24 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582368 of user rubyman.
Jun 24 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7886]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582368.
Jun 24 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5153]: pam_unix(cron:session): session closed for user root
Jun 24 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7829]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Invalid user harry from 45.232.73.84
Jun 24 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: input_userauth_request: invalid user harry [preauth]
Jun 24 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Failed password for invalid user harry from 45.232.73.84 port 45602 ssh2
Jun 24 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Received disconnect from 45.232.73.84 port 45602:11: Bye Bye [preauth]
Jun 24 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Disconnected from 45.232.73.84 port 45602 [preauth]
Jun 24 07:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: Invalid user admin from 20.228.193.165
Jun 24 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 07:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: Failed password for invalid user admin from 20.228.193.165 port 35458 ssh2
Jun 24 07:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: Received disconnect from 20.228.193.165 port 35458:11: Bye Bye [preauth]
Jun 24 07:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8094]: Disconnected from 20.228.193.165 port 35458 [preauth]
Jun 24 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6787]: pam_unix(cron:session): session closed for user root
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8215]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8274]: Successful su for rubyman by root
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8274]: + ??? root:rubyman
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582373 of user rubyman.
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8274]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582373.
Jun 24 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5576]: pam_unix(cron:session): session closed for user root
Jun 24 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8216]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8497]: Invalid user pi from 91.92.40.240
Jun 24 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8497]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8497]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8497]: Failed password for invalid user pi from 91.92.40.240 port 47458 ssh2
Jun 24 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8497]: Connection closed by 91.92.40.240 port 47458 [preauth]
Jun 24 07:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226  user=root
Jun 24 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7311]: pam_unix(cron:session): session closed for user root
Jun 24 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: Failed password for root from 152.32.212.226 port 33914 ssh2
Jun 24 07:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: Received disconnect from 152.32.212.226 port 33914:11: Bye Bye [preauth]
Jun 24 07:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: Disconnected from 152.32.212.226 port 33914 [preauth]
Jun 24 07:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Invalid user payment from 103.78.0.229
Jun 24 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: input_userauth_request: invalid user payment [preauth]
Jun 24 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Failed password for invalid user payment from 103.78.0.229 port 39312 ssh2
Jun 24 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Received disconnect from 103.78.0.229 port 39312:11: Bye Bye [preauth]
Jun 24 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Disconnected from 103.78.0.229 port 39312 [preauth]
Jun 24 07:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: Invalid user vpsuser from 128.251.36.118
Jun 24 07:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: input_userauth_request: invalid user vpsuser [preauth]
Jun 24 07:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: Failed password for invalid user vpsuser from 128.251.36.118 port 7104 ssh2
Jun 24 07:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: Received disconnect from 45.252.188.23 port 57288:11: disconnected by user [preauth]
Jun 24 07:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: Disconnected from 45.252.188.23 port 57288 [preauth]
Jun 24 07:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8618]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8678]: Successful su for rubyman by root
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8678]: + ??? root:rubyman
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582375 of user rubyman.
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8678]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582375.
Jun 24 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5965]: pam_unix(cron:session): session closed for user root
Jun 24 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8619]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Invalid user payment from 20.228.193.165
Jun 24 07:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: input_userauth_request: invalid user payment [preauth]
Jun 24 07:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Failed password for invalid user payment from 20.228.193.165 port 49102 ssh2
Jun 24 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Received disconnect from 20.228.193.165 port 49102:11: Bye Bye [preauth]
Jun 24 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Disconnected from 20.228.193.165 port 49102 [preauth]
Jun 24 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7831]: pam_unix(cron:session): session closed for user root
Jun 24 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: Invalid user didi from 45.232.73.84
Jun 24 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: input_userauth_request: invalid user didi [preauth]
Jun 24 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: Failed password for invalid user didi from 45.232.73.84 port 55162 ssh2
Jun 24 07:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: Received disconnect from 45.232.73.84 port 55162:11: Bye Bye [preauth]
Jun 24 07:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: Disconnected from 45.232.73.84 port 55162 [preauth]
Jun 24 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9030]: pam_unix(cron:session): session closed for user root
Jun 24 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9093]: Successful su for rubyman by root
Jun 24 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9093]: + ??? root:rubyman
Jun 24 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582384 of user rubyman.
Jun 24 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9093]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582384.
Jun 24 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9027]: pam_unix(cron:session): session closed for user root
Jun 24 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6372]: pam_unix(cron:session): session closed for user root
Jun 24 07:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Invalid user pi from 91.92.40.240
Jun 24 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for invalid user pi from 91.92.40.240 port 35480 ssh2
Jun 24 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Connection closed by 91.92.40.240 port 35480 [preauth]
Jun 24 07:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Invalid user master from 118.193.47.155
Jun 24 07:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: input_userauth_request: invalid user master [preauth]
Jun 24 07:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 07:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Failed password for invalid user master from 118.193.47.155 port 40262 ssh2
Jun 24 07:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Received disconnect from 118.193.47.155 port 40262:11: Bye Bye [preauth]
Jun 24 07:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Disconnected from 118.193.47.155 port 40262 [preauth]
Jun 24 07:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8218]: pam_unix(cron:session): session closed for user root
Jun 24 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9364]: Invalid user admin from 152.32.212.226
Jun 24 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9364]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9364]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9364]: Failed password for invalid user admin from 152.32.212.226 port 64024 ssh2
Jun 24 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9364]: Received disconnect from 152.32.212.226 port 64024:11: Bye Bye [preauth]
Jun 24 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9364]: Disconnected from 152.32.212.226 port 64024 [preauth]
Jun 24 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: Connection closed by 194.59.206.2 port 23900 [preauth]
Jun 24 07:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Invalid user deployer from 103.78.0.229
Jun 24 07:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: input_userauth_request: invalid user deployer [preauth]
Jun 24 07:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Failed password for invalid user deployer from 103.78.0.229 port 48038 ssh2
Jun 24 07:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Received disconnect from 103.78.0.229 port 48038:11: Bye Bye [preauth]
Jun 24 07:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Disconnected from 103.78.0.229 port 48038 [preauth]
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9453]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9516]: Successful su for rubyman by root
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9516]: + ??? root:rubyman
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582385 of user rubyman.
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9516]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582385.
Jun 24 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6784]: pam_unix(cron:session): session closed for user root
Jun 24 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9454]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: Invalid user ali from 128.251.36.118
Jun 24 07:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: input_userauth_request: invalid user ali [preauth]
Jun 24 07:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: Failed password for invalid user ali from 128.251.36.118 port 7106 ssh2
Jun 24 07:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: Received disconnect from 128.251.36.118 port 7106:11: Bye Bye [preauth]
Jun 24 07:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9731]: Disconnected from 128.251.36.118 port 7106 [preauth]
Jun 24 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8621]: pam_unix(cron:session): session closed for user root
Jun 24 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165  user=root
Jun 24 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: Failed password for root from 20.228.193.165 port 51244 ssh2
Jun 24 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: Received disconnect from 20.228.193.165 port 51244:11: Bye Bye [preauth]
Jun 24 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: Disconnected from 20.228.193.165 port 51244 [preauth]
Jun 24 07:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: Invalid user admin from 69.74.29.21
Jun 24 07:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 07:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: Failed password for invalid user admin from 69.74.29.21 port 25325 ssh2
Jun 24 07:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: Received disconnect from 69.74.29.21 port 25325:11: Bye Bye [preauth]
Jun 24 07:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: Disconnected from 69.74.29.21 port 25325 [preauth]
Jun 24 07:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: Invalid user pi from 91.92.40.240
Jun 24 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: Failed password for invalid user pi from 91.92.40.240 port 42032 ssh2
Jun 24 07:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84  user=root
Jun 24 07:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9852]: Connection closed by 91.92.40.240 port 42032 [preauth]
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9873]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: Failed password for root from 45.232.73.84 port 36488 ssh2
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10094]: Successful su for rubyman by root
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10094]: + ??? root:rubyman
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582389 of user rubyman.
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10094]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582389.
Jun 24 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: Received disconnect from 45.232.73.84 port 36488:11: Bye Bye [preauth]
Jun 24 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: Disconnected from 45.232.73.84 port 36488 [preauth]
Jun 24 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7310]: pam_unix(cron:session): session closed for user root
Jun 24 07:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9874]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9029]: pam_unix(cron:session): session closed for user root
Jun 24 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: Invalid user sshuser from 152.32.212.226
Jun 24 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: input_userauth_request: invalid user sshuser [preauth]
Jun 24 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: Failed password for invalid user sshuser from 152.32.212.226 port 40508 ssh2
Jun 24 07:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: Received disconnect from 152.32.212.226 port 40508:11: Bye Bye [preauth]
Jun 24 07:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: Disconnected from 152.32.212.226 port 40508 [preauth]
Jun 24 07:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: Invalid user didi from 103.78.0.229
Jun 24 07:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: input_userauth_request: invalid user didi [preauth]
Jun 24 07:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: Failed password for invalid user didi from 103.78.0.229 port 56756 ssh2
Jun 24 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: Received disconnect from 103.78.0.229 port 56756:11: Bye Bye [preauth]
Jun 24 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: Disconnected from 103.78.0.229 port 56756 [preauth]
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10527]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10598]: Successful su for rubyman by root
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10598]: + ??? root:rubyman
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582393 of user rubyman.
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10598]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582393.
Jun 24 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7830]: pam_unix(cron:session): session closed for user root
Jun 24 07:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 07:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10805]: Failed password for root from 103.27.238.114 port 53962 ssh2
Jun 24 07:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10805]: Connection closed by 103.27.238.114 port 53962 [preauth]
Jun 24 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9456]: pam_unix(cron:session): session closed for user root
Jun 24 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: Invalid user user from 128.251.36.118
Jun 24 07:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: input_userauth_request: invalid user user [preauth]
Jun 24 07:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Invalid user pi from 91.92.40.240
Jun 24 07:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Invalid user user from 20.228.193.165
Jun 24 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: input_userauth_request: invalid user user [preauth]
Jun 24 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 07:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: Failed password for invalid user user from 128.251.36.118 port 7104 ssh2
Jun 24 07:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Failed password for invalid user pi from 91.92.40.240 port 34280 ssh2
Jun 24 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Failed password for invalid user user from 20.228.193.165 port 33164 ssh2
Jun 24 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Received disconnect from 20.228.193.165 port 33164:11: Bye Bye [preauth]
Jun 24 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Disconnected from 20.228.193.165 port 33164 [preauth]
Jun 24 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Connection closed by 91.92.40.240 port 34280 [preauth]
Jun 24 07:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155  user=root
Jun 24 07:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 24 07:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Failed password for root from 118.193.47.155 port 56054 ssh2
Jun 24 07:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Received disconnect from 118.193.47.155 port 56054:11: Bye Bye [preauth]
Jun 24 07:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Disconnected from 118.193.47.155 port 56054 [preauth]
Jun 24 07:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Failed password for root from 193.46.255.86 port 18598 ssh2
Jun 24 07:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 18598 ssh2]
Jun 24 07:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Connection closed by 193.46.255.86 port 18598 [preauth]
Jun 24 07:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11035]: Successful su for rubyman by root
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11035]: + ??? root:rubyman
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582398 of user rubyman.
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11035]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582398.
Jun 24 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8217]: pam_unix(cron:session): session closed for user root
Jun 24 07:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Invalid user payment from 45.232.73.84
Jun 24 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: input_userauth_request: invalid user payment [preauth]
Jun 24 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Failed password for invalid user payment from 45.232.73.84 port 46068 ssh2
Jun 24 07:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Received disconnect from 45.232.73.84 port 46068:11: Bye Bye [preauth]
Jun 24 07:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Disconnected from 45.232.73.84 port 46068 [preauth]
Jun 24 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session closed for user root
Jun 24 07:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226  user=root
Jun 24 07:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Failed password for root from 152.32.212.226 port 17970 ssh2
Jun 24 07:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Received disconnect from 152.32.212.226 port 17970:11: Bye Bye [preauth]
Jun 24 07:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Disconnected from 152.32.212.226 port 17970 [preauth]
Jun 24 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11394]: pam_unix(cron:session): session closed for user root
Jun 24 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11387]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.63.123  user=root
Jun 24 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11465]: Successful su for rubyman by root
Jun 24 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11465]: + ??? root:rubyman
Jun 24 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582402 of user rubyman.
Jun 24 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11465]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582402.
Jun 24 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11389]: pam_unix(cron:session): session closed for user root
Jun 24 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: Failed password for root from 218.78.63.123 port 35606 ssh2
Jun 24 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Invalid user ubuntu from 103.78.0.229
Jun 24 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229
Jun 24 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: Received disconnect from 218.78.63.123 port 35606:11: Bye Bye [preauth]
Jun 24 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11384]: Disconnected from 218.78.63.123 port 35606 [preauth]
Jun 24 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8620]: pam_unix(cron:session): session closed for user root
Jun 24 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Failed password for invalid user ubuntu from 103.78.0.229 port 37214 ssh2
Jun 24 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11388]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Received disconnect from 103.78.0.229 port 37214:11: Bye Bye [preauth]
Jun 24 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Disconnected from 103.78.0.229 port 37214 [preauth]
Jun 24 07:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: Invalid user pi from 91.92.40.240
Jun 24 07:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10530]: pam_unix(cron:session): session closed for user root
Jun 24 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: Failed password for invalid user pi from 91.92.40.240 port 40396 ssh2
Jun 24 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: Connection closed by 91.92.40.240 port 40396 [preauth]
Jun 24 07:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Invalid user admin from 20.228.193.165
Jun 24 07:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.228.193.165
Jun 24 07:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Failed password for invalid user admin from 20.228.193.165 port 53316 ssh2
Jun 24 07:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Received disconnect from 20.228.193.165 port 53316:11: Bye Bye [preauth]
Jun 24 07:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Disconnected from 20.228.193.165 port 53316 [preauth]
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11859]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11961]: Successful su for rubyman by root
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11961]: + ??? root:rubyman
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582407 of user rubyman.
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11961]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582407.
Jun 24 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9028]: pam_unix(cron:session): session closed for user root
Jun 24 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11860]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 07:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 07:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10976]: pam_unix(cron:session): session closed for user root
Jun 24 07:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 07:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: Failed password for root from 137.184.228.138 port 43260 ssh2
Jun 24 07:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: Received disconnect from 137.184.228.138 port 43260:11: Bye Bye [preauth]
Jun 24 07:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12371]: Disconnected from 137.184.228.138 port 43260 [preauth]
Jun 24 07:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Invalid user git from 152.32.212.226
Jun 24 07:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: input_userauth_request: invalid user git [preauth]
Jun 24 07:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.212.226
Jun 24 07:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Failed password for invalid user git from 152.32.212.226 port 12006 ssh2
Jun 24 07:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Received disconnect from 152.32.212.226 port 12006:11: Bye Bye [preauth]
Jun 24 07:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Disconnected from 152.32.212.226 port 12006 [preauth]
Jun 24 07:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Invalid user git from 45.232.73.84
Jun 24 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: input_userauth_request: invalid user git [preauth]
Jun 24 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Failed password for invalid user git from 45.232.73.84 port 55628 ssh2
Jun 24 07:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Received disconnect from 45.232.73.84 port 55628:11: Bye Bye [preauth]
Jun 24 07:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Disconnected from 45.232.73.84 port 55628 [preauth]
Jun 24 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12431]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12498]: Successful su for rubyman by root
Jun 24 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12498]: + ??? root:rubyman
Jun 24 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582411 of user rubyman.
Jun 24 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12498]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582411.
Jun 24 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9455]: pam_unix(cron:session): session closed for user root
Jun 24 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12432]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Did not receive identification string from 45.79.115.134
Jun 24 07:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: Invalid user nk from 118.193.47.155
Jun 24 07:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: input_userauth_request: invalid user nk [preauth]
Jun 24 07:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: Failed password for invalid user nk from 118.193.47.155 port 41624 ssh2
Jun 24 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: Received disconnect from 118.193.47.155 port 41624:11: Bye Bye [preauth]
Jun 24 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: Disconnected from 118.193.47.155 port 41624 [preauth]
Jun 24 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.0.229  user=root
Jun 24 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: Failed password for root from 103.78.0.229 port 45946 ssh2
Jun 24 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: Received disconnect from 103.78.0.229 port 45946:11: Bye Bye [preauth]
Jun 24 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: Disconnected from 103.78.0.229 port 45946 [preauth]
Jun 24 07:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Invalid user pi from 91.92.40.240
Jun 24 07:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Failed password for invalid user pi from 91.92.40.240 port 36832 ssh2
Jun 24 07:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Connection closed by 91.92.40.240 port 36832 [preauth]
Jun 24 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11392]: pam_unix(cron:session): session closed for user root
Jun 24 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12845]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12914]: Successful su for rubyman by root
Jun 24 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12914]: + ??? root:rubyman
Jun 24 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582415 of user rubyman.
Jun 24 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12914]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582415.
Jun 24 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session closed for user root
Jun 24 07:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12846]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: Received disconnect from 23.94.23.226 port 53244:11: disconnected by user [preauth]
Jun 24 07:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: Disconnected from 23.94.23.226 port 53244 [preauth]
Jun 24 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11862]: pam_unix(cron:session): session closed for user root
Jun 24 07:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Invalid user admin from 128.251.36.118
Jun 24 07:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Failed password for invalid user admin from 128.251.36.118 port 7104 ssh2
Jun 24 07:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 07:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13225]: Failed password for root from 103.82.20.28 port 42702 ssh2
Jun 24 07:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13225]: Connection closed by 103.82.20.28 port 42702 [preauth]
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13264]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13380]: Successful su for rubyman by root
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13380]: + ??? root:rubyman
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582419 of user rubyman.
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13380]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582419.
Jun 24 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session closed for user root
Jun 24 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session closed for user root
Jun 24 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13265]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Invalid user pi from 91.92.40.240
Jun 24 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: Invalid user deployer from 45.232.73.84
Jun 24 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: input_userauth_request: invalid user deployer [preauth]
Jun 24 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: Failed password for invalid user deployer from 45.232.73.84 port 36936 ssh2
Jun 24 07:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Failed password for invalid user pi from 91.92.40.240 port 59450 ssh2
Jun 24 07:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: Received disconnect from 45.232.73.84 port 36936:11: Bye Bye [preauth]
Jun 24 07:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: Disconnected from 45.232.73.84 port 36936 [preauth]
Jun 24 07:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Connection closed by 91.92.40.240 port 59450 [preauth]
Jun 24 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session closed for user root
Jun 24 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session closed for user root
Jun 24 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13767]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13837]: Successful su for rubyman by root
Jun 24 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13837]: + ??? root:rubyman
Jun 24 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582428 of user rubyman.
Jun 24 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13837]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582428.
Jun 24 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session closed for user root
Jun 24 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13769]: pam_unix(cron:session): session closed for user root
Jun 24 07:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13768]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: Invalid user ubuntu from 118.193.47.155
Jun 24 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session closed for user root
Jun 24 07:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: Failed password for invalid user ubuntu from 118.193.47.155 port 53092 ssh2
Jun 24 07:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: Received disconnect from 118.193.47.155 port 53092:11: Bye Bye [preauth]
Jun 24 07:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14108]: Disconnected from 118.193.47.155 port 53092 [preauth]
Jun 24 07:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: Invalid user pi from 91.92.40.240
Jun 24 07:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: Failed password for invalid user pi from 91.92.40.240 port 55672 ssh2
Jun 24 07:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: Connection closed by 91.92.40.240 port 55672 [preauth]
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14261]: Successful su for rubyman by root
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14261]: + ??? root:rubyman
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582430 of user rubyman.
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14261]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582430.
Jun 24 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Invalid user admin from 128.251.36.118
Jun 24 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11391]: pam_unix(cron:session): session closed for user root
Jun 24 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Failed password for invalid user admin from 128.251.36.118 port 7104 ssh2
Jun 24 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13267]: pam_unix(cron:session): session closed for user root
Jun 24 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84  user=root
Jun 24 07:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: Failed password for root from 45.232.73.84 port 46512 ssh2
Jun 24 07:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: Received disconnect from 45.232.73.84 port 46512:11: Bye Bye [preauth]
Jun 24 07:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: Disconnected from 45.232.73.84 port 46512 [preauth]
Jun 24 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: Successful su for rubyman by root
Jun 24 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: + ??? root:rubyman
Jun 24 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582436 of user rubyman.
Jun 24 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582436.
Jun 24 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11861]: pam_unix(cron:session): session closed for user root
Jun 24 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14590]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13771]: pam_unix(cron:session): session closed for user root
Jun 24 07:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: Invalid user pi from 91.92.40.240
Jun 24 07:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: Failed password for invalid user pi from 91.92.40.240 port 38450 ssh2
Jun 24 07:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: Connection closed by 91.92.40.240 port 38450 [preauth]
Jun 24 07:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Invalid user sysuser from 102.88.137.80
Jun 24 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: input_userauth_request: invalid user sysuser [preauth]
Jun 24 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 07:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Failed password for invalid user sysuser from 102.88.137.80 port 1239 ssh2
Jun 24 07:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Received disconnect from 102.88.137.80 port 1239:11: Bye Bye [preauth]
Jun 24 07:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Disconnected from 102.88.137.80 port 1239 [preauth]
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: Successful su for rubyman by root
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: + ??? root:rubyman
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582438 of user rubyman.
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582438.
Jun 24 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12435]: pam_unix(cron:session): session closed for user root
Jun 24 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Invalid user ss from 128.251.36.118
Jun 24 07:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: input_userauth_request: invalid user ss [preauth]
Jun 24 07:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Failed password for invalid user ss from 128.251.36.118 port 7104 ssh2
Jun 24 07:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session closed for user root
Jun 24 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Failed password for root from 69.74.29.21 port 6679 ssh2
Jun 24 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Received disconnect from 69.74.29.21 port 6679:11: Bye Bye [preauth]
Jun 24 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Disconnected from 69.74.29.21 port 6679 [preauth]
Jun 24 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 07:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: Failed password for root from 51.250.105.222 port 40024 ssh2
Jun 24 07:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: Connection closed by 51.250.105.222 port 40024 [preauth]
Jun 24 07:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 07:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Failed password for root from 80.66.85.226 port 50200 ssh2
Jun 24 07:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Connection closed by 80.66.85.226 port 50200 [preauth]
Jun 24 07:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Invalid user deploy from 45.232.73.84
Jun 24 07:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: input_userauth_request: invalid user deploy [preauth]
Jun 24 07:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.84
Jun 24 07:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: Invalid user vinicius from 118.193.47.155
Jun 24 07:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: input_userauth_request: invalid user vinicius [preauth]
Jun 24 07:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 07:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Failed password for invalid user deploy from 45.232.73.84 port 56078 ssh2
Jun 24 07:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Received disconnect from 45.232.73.84 port 56078:11: Bye Bye [preauth]
Jun 24 07:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15465]: Disconnected from 45.232.73.84 port 56078 [preauth]
Jun 24 07:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: Failed password for invalid user vinicius from 118.193.47.155 port 38578 ssh2
Jun 24 07:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: Received disconnect from 118.193.47.155 port 38578:11: Bye Bye [preauth]
Jun 24 07:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: Disconnected from 118.193.47.155 port 38578 [preauth]
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: Successful su for rubyman by root
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: + ??? root:rubyman
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582443 of user rubyman.
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582443.
Jun 24 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Invalid user admin from 137.184.228.138
Jun 24 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Failed password for invalid user admin from 137.184.228.138 port 43556 ssh2
Jun 24 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Received disconnect from 137.184.228.138 port 43556:11: Bye Bye [preauth]
Jun 24 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Disconnected from 137.184.228.138 port 43556 [preauth]
Jun 24 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12847]: pam_unix(cron:session): session closed for user root
Jun 24 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15487]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: Invalid user pi from 91.92.40.240
Jun 24 07:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: input_userauth_request: invalid user pi [preauth]
Jun 24 07:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: Failed password for invalid user pi from 91.92.40.240 port 51466 ssh2
Jun 24 07:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: Connection closed by 91.92.40.240 port 51466 [preauth]
Jun 24 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session closed for user root
Jun 24 07:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Invalid user hxtest from 102.88.137.80
Jun 24 07:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: input_userauth_request: invalid user hxtest [preauth]
Jun 24 07:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Failed password for invalid user hxtest from 102.88.137.80 port 49546 ssh2
Jun 24 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Received disconnect from 102.88.137.80 port 49546:11: Bye Bye [preauth]
Jun 24 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Disconnected from 102.88.137.80 port 49546 [preauth]
Jun 24 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15891]: pam_unix(cron:session): session closed for user root
Jun 24 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15886]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15951]: Successful su for rubyman by root
Jun 24 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15951]: + ??? root:rubyman
Jun 24 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582447 of user rubyman.
Jun 24 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15951]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582447.
Jun 24 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15888]: pam_unix(cron:session): session closed for user root
Jun 24 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13266]: pam_unix(cron:session): session closed for user root
Jun 24 07:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15887]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: Failed password for root from 69.74.29.21 port 39422 ssh2
Jun 24 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: Received disconnect from 69.74.29.21 port 39422:11: Bye Bye [preauth]
Jun 24 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: Disconnected from 69.74.29.21 port 39422 [preauth]
Jun 24 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session closed for user root
Jun 24 07:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Invalid user hans from 102.88.137.80
Jun 24 07:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: input_userauth_request: invalid user hans [preauth]
Jun 24 07:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 07:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118  user=root
Jun 24 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Failed password for invalid user hans from 102.88.137.80 port 1447 ssh2
Jun 24 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: Failed password for root from 128.251.36.118 port 7104 ssh2
Jun 24 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Received disconnect from 102.88.137.80 port 1447:11: Bye Bye [preauth]
Jun 24 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Disconnected from 102.88.137.80 port 1447 [preauth]
Jun 24 07:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16308]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: Invalid user postgres from 91.92.40.240
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: input_userauth_request: invalid user postgres [preauth]
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16373]: Successful su for rubyman by root
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16373]: + ??? root:rubyman
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582453 of user rubyman.
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16373]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582453.
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: Failed password for invalid user postgres from 91.92.40.240 port 39868 ssh2
Jun 24 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16305]: Connection closed by 91.92.40.240 port 39868 [preauth]
Jun 24 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16309]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13770]: pam_unix(cron:session): session closed for user root
Jun 24 07:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Invalid user admin from 137.184.228.138
Jun 24 07:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 07:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Failed password for invalid user admin from 137.184.228.138 port 43756 ssh2
Jun 24 07:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Received disconnect from 137.184.228.138 port 43756:11: Bye Bye [preauth]
Jun 24 07:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Disconnected from 137.184.228.138 port 43756 [preauth]
Jun 24 07:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15489]: pam_unix(cron:session): session closed for user root
Jun 24 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: Failed password for root from 102.88.137.80 port 49702 ssh2
Jun 24 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: Received disconnect from 102.88.137.80 port 49702:11: Bye Bye [preauth]
Jun 24 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: Disconnected from 102.88.137.80 port 49702 [preauth]
Jun 24 07:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Invalid user sara from 69.74.29.21
Jun 24 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: input_userauth_request: invalid user sara [preauth]
Jun 24 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for invalid user sara from 69.74.29.21 port 10964 ssh2
Jun 24 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Received disconnect from 69.74.29.21 port 10964:11: Bye Bye [preauth]
Jun 24 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Disconnected from 69.74.29.21 port 10964 [preauth]
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16719]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16780]: Successful su for rubyman by root
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16780]: + ??? root:rubyman
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582456 of user rubyman.
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16780]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582456.
Jun 24 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session closed for user root
Jun 24 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16720]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: Invalid user admin from 45.148.10.121
Jun 24 07:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 07:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: Failed password for invalid user admin from 45.148.10.121 port 60102 ssh2
Jun 24 07:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: Connection closed by 45.148.10.121 port 60102 [preauth]
Jun 24 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15890]: pam_unix(cron:session): session closed for user root
Jun 24 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: Invalid user postgres from 91.92.40.240
Jun 24 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: input_userauth_request: invalid user postgres [preauth]
Jun 24 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Invalid user faisal from 102.88.137.80
Jun 24 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: input_userauth_request: invalid user faisal [preauth]
Jun 24 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: Connection closed by 218.208.8.113 port 40599 [preauth]
Jun 24 07:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Failed password for invalid user faisal from 102.88.137.80 port 17254 ssh2
Jun 24 07:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: Failed password for invalid user postgres from 91.92.40.240 port 36038 ssh2
Jun 24 07:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Received disconnect from 102.88.137.80 port 17254:11: Bye Bye [preauth]
Jun 24 07:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Disconnected from 102.88.137.80 port 17254 [preauth]
Jun 24 07:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: Connection closed by 91.92.40.240 port 36038 [preauth]
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17216]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17280]: Successful su for rubyman by root
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17280]: + ??? root:rubyman
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582461 of user rubyman.
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17280]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582461.
Jun 24 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14591]: pam_unix(cron:session): session closed for user root
Jun 24 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17217]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17473]: Invalid user logviewer from 128.251.36.118
Jun 24 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17473]: input_userauth_request: invalid user logviewer [preauth]
Jun 24 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17473]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.36.118
Jun 24 07:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17473]: Failed password for invalid user logviewer from 128.251.36.118 port 7104 ssh2
Jun 24 07:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17473]: Received disconnect from 128.251.36.118 port 7104:11: Bye Bye [preauth]
Jun 24 07:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17473]: Disconnected from 128.251.36.118 port 7104 [preauth]
Jun 24 07:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 07:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Invalid user luka from 137.184.228.138
Jun 24 07:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: input_userauth_request: invalid user luka [preauth]
Jun 24 07:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 07:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Failed password for root from 141.98.83.240 port 19666 ssh2
Jun 24 07:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Failed password for invalid user luka from 137.184.228.138 port 43944 ssh2
Jun 24 07:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Received disconnect from 137.184.228.138 port 43944:11: Bye Bye [preauth]
Jun 24 07:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Disconnected from 137.184.228.138 port 43944 [preauth]
Jun 24 07:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Failed password for root from 141.98.83.240 port 19666 ssh2
Jun 24 07:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Failed password for root from 141.98.83.240 port 19666 ssh2
Jun 24 07:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Connection closed by 141.98.83.240 port 19666 [preauth]
Jun 24 07:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 07:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Failed password for root from 102.88.137.80 port 33663 ssh2
Jun 24 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Received disconnect from 102.88.137.80 port 33663:11: Bye Bye [preauth]
Jun 24 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Disconnected from 102.88.137.80 port 33663 [preauth]
Jun 24 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16311]: pam_unix(cron:session): session closed for user root
Jun 24 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Invalid user admin from 69.74.29.21
Jun 24 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 07:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Failed password for invalid user admin from 69.74.29.21 port 11135 ssh2
Jun 24 07:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Received disconnect from 69.74.29.21 port 11135:11: Bye Bye [preauth]
Jun 24 07:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Disconnected from 69.74.29.21 port 11135 [preauth]
Jun 24 07:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17642]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17794]: Successful su for rubyman by root
Jun 24 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17794]: + ??? root:rubyman
Jun 24 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582464 of user rubyman.
Jun 24 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17794]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582464.
Jun 24 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session closed for user root
Jun 24 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17671]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17991]: Invalid user postgres from 91.92.40.240
Jun 24 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17991]: input_userauth_request: invalid user postgres [preauth]
Jun 24 07:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17991]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17991]: Failed password for invalid user postgres from 91.92.40.240 port 57960 ssh2
Jun 24 07:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17991]: Connection closed by 91.92.40.240 port 57960 [preauth]
Jun 24 07:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Invalid user office from 102.88.137.80
Jun 24 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: input_userauth_request: invalid user office [preauth]
Jun 24 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 07:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Failed password for invalid user office from 102.88.137.80 port 33565 ssh2
Jun 24 07:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Received disconnect from 102.88.137.80 port 33565:11: Bye Bye [preauth]
Jun 24 07:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Disconnected from 102.88.137.80 port 33565 [preauth]
Jun 24 07:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Received disconnect from 185.134.49.116 port 50014:11: disconnected by user [preauth]
Jun 24 07:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Disconnected from 185.134.49.116 port 50014 [preauth]
Jun 24 07:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session closed for user root
Jun 24 07:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 07:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18107]: Failed password for root from 38.93.206.2 port 42216 ssh2
Jun 24 07:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18107]: Connection closed by 38.93.206.2 port 42216 [preauth]
Jun 24 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18169]: pam_unix(cron:session): session closed for user root
Jun 24 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18163]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18239]: Successful su for rubyman by root
Jun 24 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18239]: + ??? root:rubyman
Jun 24 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582469 of user rubyman.
Jun 24 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18239]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582469.
Jun 24 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18166]: pam_unix(cron:session): session closed for user root
Jun 24 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15488]: pam_unix(cron:session): session closed for user root
Jun 24 07:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18164]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 07:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18553]: Failed password for root from 102.88.137.80 port 49546 ssh2
Jun 24 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18553]: Received disconnect from 102.88.137.80 port 49546:11: Bye Bye [preauth]
Jun 24 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18553]: Disconnected from 102.88.137.80 port 49546 [preauth]
Jun 24 07:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18579]: Invalid user elias from 69.74.29.21
Jun 24 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18579]: input_userauth_request: invalid user elias [preauth]
Jun 24 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18579]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 07:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Failed password for root from 62.133.62.83 port 36646 ssh2
Jun 24 07:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Connection closed by 62.133.62.83 port 36646 [preauth]
Jun 24 07:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18579]: Failed password for invalid user elias from 69.74.29.21 port 54576 ssh2
Jun 24 07:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18579]: Received disconnect from 69.74.29.21 port 54576:11: Bye Bye [preauth]
Jun 24 07:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18579]: Disconnected from 69.74.29.21 port 54576 [preauth]
Jun 24 07:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: Invalid user admin from 137.184.228.138
Jun 24 07:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 07:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: Failed password for invalid user admin from 137.184.228.138 port 44126 ssh2
Jun 24 07:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: Received disconnect from 137.184.228.138 port 44126:11: Bye Bye [preauth]
Jun 24 07:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: Disconnected from 137.184.228.138 port 44126 [preauth]
Jun 24 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17219]: pam_unix(cron:session): session closed for user root
Jun 24 07:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Invalid user postgres from 91.92.40.240
Jun 24 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: input_userauth_request: invalid user postgres [preauth]
Jun 24 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Invalid user lee from 118.193.47.155
Jun 24 07:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: input_userauth_request: invalid user lee [preauth]
Jun 24 07:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 07:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Failed password for invalid user postgres from 91.92.40.240 port 44762 ssh2
Jun 24 07:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Failed password for invalid user lee from 118.193.47.155 port 34870 ssh2
Jun 24 07:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Received disconnect from 118.193.47.155 port 34870:11: Bye Bye [preauth]
Jun 24 07:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Disconnected from 118.193.47.155 port 34870 [preauth]
Jun 24 07:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Connection closed by 91.92.40.240 port 44762 [preauth]
Jun 24 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18783]: Successful su for rubyman by root
Jun 24 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18783]: + ??? root:rubyman
Jun 24 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582474 of user rubyman.
Jun 24 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18783]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582474.
Jun 24 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15889]: pam_unix(cron:session): session closed for user root
Jun 24 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18712]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 07:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: Invalid user gakusei from 102.88.137.80
Jun 24 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: input_userauth_request: invalid user gakusei [preauth]
Jun 24 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: Failed password for root from 103.27.238.116 port 41440 ssh2
Jun 24 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: Connection closed by 103.27.238.116 port 41440 [preauth]
Jun 24 07:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: Failed password for invalid user gakusei from 102.88.137.80 port 1215 ssh2
Jun 24 07:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: Received disconnect from 102.88.137.80 port 1215:11: Bye Bye [preauth]
Jun 24 07:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: Disconnected from 102.88.137.80 port 1215 [preauth]
Jun 24 07:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17673]: pam_unix(cron:session): session closed for user root
Jun 24 07:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: Successful su for rubyman by root
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: + ??? root:rubyman
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582478 of user rubyman.
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582478.
Jun 24 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Invalid user mahesh from 102.88.137.80
Jun 24 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: input_userauth_request: invalid user mahesh [preauth]
Jun 24 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Failed password for invalid user mahesh from 102.88.137.80 port 17492 ssh2
Jun 24 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16310]: pam_unix(cron:session): session closed for user root
Jun 24 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Received disconnect from 102.88.137.80 port 17492:11: Bye Bye [preauth]
Jun 24 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Disconnected from 102.88.137.80 port 17492 [preauth]
Jun 24 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19230]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: Failed password for root from 69.74.29.21 port 30335 ssh2
Jun 24 07:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: Received disconnect from 69.74.29.21 port 30335:11: Bye Bye [preauth]
Jun 24 07:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19491]: Disconnected from 69.74.29.21 port 30335 [preauth]
Jun 24 07:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: Invalid user postgres from 91.92.40.240
Jun 24 07:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: input_userauth_request: invalid user postgres [preauth]
Jun 24 07:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: Failed password for invalid user postgres from 91.92.40.240 port 47554 ssh2
Jun 24 07:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: Connection closed by 91.92.40.240 port 47554 [preauth]
Jun 24 07:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19750]: Invalid user owncloud from 137.184.228.138
Jun 24 07:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19750]: input_userauth_request: invalid user owncloud [preauth]
Jun 24 07:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19750]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 07:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19750]: Failed password for invalid user owncloud from 137.184.228.138 port 44316 ssh2
Jun 24 07:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19750]: Received disconnect from 137.184.228.138 port 44316:11: Bye Bye [preauth]
Jun 24 07:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19750]: Disconnected from 137.184.228.138 port 44316 [preauth]
Jun 24 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session closed for user root
Jun 24 07:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Invalid user ubuntu from 102.88.137.80
Jun 24 07:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 07:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 07:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Failed password for invalid user ubuntu from 102.88.137.80 port 49492 ssh2
Jun 24 07:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Received disconnect from 102.88.137.80 port 49492:11: Bye Bye [preauth]
Jun 24 07:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Disconnected from 102.88.137.80 port 49492 [preauth]
Jun 24 07:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Invalid user taylar from 2.57.121.112
Jun 24 07:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: input_userauth_request: invalid user taylar [preauth]
Jun 24 07:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19860]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19921]: Successful su for rubyman by root
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19921]: + ??? root:rubyman
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582482 of user rubyman.
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19921]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582482.
Jun 24 07:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Failed password for invalid user taylar from 2.57.121.112 port 54490 ssh2
Jun 24 07:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16721]: pam_unix(cron:session): session closed for user root
Jun 24 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19861]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Failed password for invalid user taylar from 2.57.121.112 port 54490 ssh2
Jun 24 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Failed password for invalid user taylar from 2.57.121.112 port 54490 ssh2
Jun 24 07:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Failed password for invalid user taylar from 2.57.121.112 port 54490 ssh2
Jun 24 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Connection closed by 2.57.121.112 port 54490 [preauth]
Jun 24 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 24 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: Invalid user taylar from 2.57.121.112
Jun 24 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: input_userauth_request: invalid user taylar [preauth]
Jun 24 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: Failed password for invalid user taylar from 2.57.121.112 port 50172 ssh2
Jun 24 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: Connection closed by 2.57.121.112 port 50172 [preauth]
Jun 24 07:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session closed for user root
Jun 24 07:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: Invalid user abc from 102.88.137.80
Jun 24 07:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: input_userauth_request: invalid user abc [preauth]
Jun 24 07:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 07:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: Failed password for invalid user abc from 102.88.137.80 port 1279 ssh2
Jun 24 07:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: Received disconnect from 102.88.137.80 port 1279:11: Bye Bye [preauth]
Jun 24 07:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: Disconnected from 102.88.137.80 port 1279 [preauth]
Jun 24 07:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Invalid user postgres from 91.92.40.240
Jun 24 07:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: input_userauth_request: invalid user postgres [preauth]
Jun 24 07:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Failed password for invalid user postgres from 91.92.40.240 port 42258 ssh2
Jun 24 07:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Connection closed by 91.92.40.240 port 42258 [preauth]
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20354]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20423]: Successful su for rubyman by root
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20423]: + ??? root:rubyman
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582487 of user rubyman.
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20423]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582487.
Jun 24 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17218]: pam_unix(cron:session): session closed for user root
Jun 24 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: Did not receive identification string from 47.250.80.158
Jun 24 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20355]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155  user=root
Jun 24 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: Invalid user  from 47.250.80.158
Jun 24 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: input_userauth_request: invalid user  [preauth]
Jun 24 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: Connection closed by 47.250.80.158 port 45390 [preauth]
Jun 24 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Invalid user sneha from 69.74.29.21
Jun 24 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: input_userauth_request: invalid user sneha [preauth]
Jun 24 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: Failed password for root from 118.193.47.155 port 37730 ssh2
Jun 24 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: Received disconnect from 118.193.47.155 port 37730:11: Bye Bye [preauth]
Jun 24 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: Disconnected from 118.193.47.155 port 37730 [preauth]
Jun 24 07:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Failed password for invalid user sneha from 69.74.29.21 port 38302 ssh2
Jun 24 07:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Received disconnect from 69.74.29.21 port 38302:11: Bye Bye [preauth]
Jun 24 07:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Disconnected from 69.74.29.21 port 38302 [preauth]
Jun 24 07:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 07:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20688]: Failed password for root from 103.122.221.179 port 47016 ssh2
Jun 24 07:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20688]: Connection closed by 103.122.221.179 port 47016 [preauth]
Jun 24 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19232]: pam_unix(cron:session): session closed for user root
Jun 24 07:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 07:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Failed password for root from 137.184.228.138 port 44504 ssh2
Jun 24 07:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Received disconnect from 137.184.228.138 port 44504:11: Bye Bye [preauth]
Jun 24 07:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Disconnected from 137.184.228.138 port 44504 [preauth]
Jun 24 07:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 07:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: Failed password for root from 103.15.222.183 port 43850 ssh2
Jun 24 07:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: Connection closed by 103.15.222.183 port 43850 [preauth]
Jun 24 07:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: Failed password for root from 102.88.137.80 port 1503 ssh2
Jun 24 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: Received disconnect from 102.88.137.80 port 1503:11: Bye Bye [preauth]
Jun 24 07:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: Disconnected from 102.88.137.80 port 1503 [preauth]
Jun 24 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20875]: pam_unix(cron:session): session closed for user root
Jun 24 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20870]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: Successful su for rubyman by root
Jun 24 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: + ??? root:rubyman
Jun 24 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582491 of user rubyman.
Jun 24 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582491.
Jun 24 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20872]: pam_unix(cron:session): session closed for user root
Jun 24 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17672]: pam_unix(cron:session): session closed for user root
Jun 24 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20871]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Invalid user postgres from 91.92.40.240
Jun 24 07:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: input_userauth_request: invalid user postgres [preauth]
Jun 24 07:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19863]: pam_unix(cron:session): session closed for user root
Jun 24 07:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Failed password for invalid user postgres from 91.92.40.240 port 47404 ssh2
Jun 24 07:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Connection closed by 91.92.40.240 port 47404 [preauth]
Jun 24 07:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 07:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Failed password for root from 102.88.137.80 port 1071 ssh2
Jun 24 07:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Received disconnect from 102.88.137.80 port 1071:11: Bye Bye [preauth]
Jun 24 07:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Disconnected from 102.88.137.80 port 1071 [preauth]
Jun 24 07:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: Successful su for rubyman by root
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: + ??? root:rubyman
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582496 of user rubyman.
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582496.
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21306]: Failed password for root from 69.74.29.21 port 3576 ssh2
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21306]: Received disconnect from 69.74.29.21 port 3576:11: Bye Bye [preauth]
Jun 24 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21306]: Disconnected from 69.74.29.21 port 3576 [preauth]
Jun 24 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session closed for user root
Jun 24 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21322]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20358]: pam_unix(cron:session): session closed for user root
Jun 24 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 07:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: Failed password for root from 102.88.137.80 port 1513 ssh2
Jun 24 07:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: Received disconnect from 102.88.137.80 port 1513:11: Bye Bye [preauth]
Jun 24 07:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: Disconnected from 102.88.137.80 port 1513 [preauth]
Jun 24 07:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: Invalid user admin from 34.140.87.116
Jun 24 07:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: input_userauth_request: invalid user admin [preauth]
Jun 24 07:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.140.87.116
Jun 24 07:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: Invalid user test from 137.184.228.138
Jun 24 07:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: input_userauth_request: invalid user test [preauth]
Jun 24 07:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 07:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: Failed password for invalid user admin from 34.140.87.116 port 35024 ssh2
Jun 24 07:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: Connection closed by 34.140.87.116 port 35024 [preauth]
Jun 24 07:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: Failed password for invalid user test from 137.184.228.138 port 44688 ssh2
Jun 24 07:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: Received disconnect from 137.184.228.138 port 44688:11: Bye Bye [preauth]
Jun 24 07:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: Disconnected from 137.184.228.138 port 44688 [preauth]
Jun 24 07:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21737]: Did not receive identification string from 35.205.229.199
Jun 24 07:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21710]: Connection closed by 34.140.87.116 port 35008 [preauth]
Jun 24 07:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: fatal: Unable to negotiate with 35.205.229.199 port 51656: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Jun 24 07:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: Invalid user merul from 35.205.229.199
Jun 24 07:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: input_userauth_request: invalid user merul [preauth]
Jun 24 07:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: Connection closed by 35.205.229.199 port 51672 [preauth]
Jun 24 07:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: Protocol major versions differ for 35.205.229.199: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Nmap-SSH1-Hostkey
Jun 24 07:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: fatal: Unable to negotiate with 35.205.229.199 port 51702: no matching host key type found. Their offer: ssh-dss [preauth]
Jun 24 07:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21772]: Connection closed by 35.205.229.199 port 51708 [preauth]
Jun 24 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21780]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21845]: Successful su for rubyman by root
Jun 24 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21845]: + ??? root:rubyman
Jun 24 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582502 of user rubyman.
Jun 24 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21845]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582502.
Jun 24 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21777]: Connection closed by 35.205.229.199 port 51714 [preauth]
Jun 24 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: fatal: Unable to negotiate with 35.205.229.199 port 27262: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
Jun 24 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: fatal: Unable to negotiate with 35.205.229.199 port 27268: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
Jun 24 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: fatal: Unable to negotiate with 35.205.229.199 port 27270: no matching host key type found. Their offer: ssh-ed25519 [preauth]
Jun 24 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session closed for user root
Jun 24 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21781]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Invalid user postgres from 91.92.40.240
Jun 24 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: input_userauth_request: invalid user postgres [preauth]
Jun 24 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Failed password for invalid user postgres from 91.92.40.240 port 51862 ssh2
Jun 24 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Connection closed by 91.92.40.240 port 51862 [preauth]
Jun 24 07:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20874]: pam_unix(cron:session): session closed for user root
Jun 24 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22104]: Invalid user qihang from 102.88.137.80
Jun 24 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22104]: input_userauth_request: invalid user qihang [preauth]
Jun 24 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22104]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 07:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22104]: Failed password for invalid user qihang from 102.88.137.80 port 17532 ssh2
Jun 24 07:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22104]: Received disconnect from 102.88.137.80 port 17532:11: Bye Bye [preauth]
Jun 24 07:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22104]: Disconnected from 102.88.137.80 port 17532 [preauth]
Jun 24 07:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 07:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22169]: Failed password for root from 69.74.29.21 port 28490 ssh2
Jun 24 07:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22169]: Received disconnect from 69.74.29.21 port 28490:11: Bye Bye [preauth]
Jun 24 07:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22169]: Disconnected from 69.74.29.21 port 28490 [preauth]
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22191]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22254]: Successful su for rubyman by root
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22254]: + ??? root:rubyman
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582505 of user rubyman.
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22254]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582505.
Jun 24 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19231]: pam_unix(cron:session): session closed for user root
Jun 24 07:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22194]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22588]: Failed password for root from 102.88.137.80 port 17356 ssh2
Jun 24 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22588]: Received disconnect from 102.88.137.80 port 17356:11: Bye Bye [preauth]
Jun 24 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22588]: Disconnected from 102.88.137.80 port 17356 [preauth]
Jun 24 07:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session closed for user root
Jun 24 07:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 24 07:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 07:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: Failed password for root from 89.223.69.22 port 34954 ssh2
Jun 24 07:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: Connection closed by 89.223.69.22 port 34954 [preauth]
Jun 24 07:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22668]: Failed password for root from 137.184.228.138 port 44870 ssh2
Jun 24 07:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22668]: Received disconnect from 137.184.228.138 port 44870:11: Bye Bye [preauth]
Jun 24 07:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22668]: Disconnected from 137.184.228.138 port 44870 [preauth]
Jun 24 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: Received disconnect from 185.165.242.225 port 32898:11: disconnected by user [preauth]
Jun 24 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: Disconnected from 185.165.242.225 port 32898 [preauth]
Jun 24 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22693]: pam_unix(cron:session): session closed for user p13x
Jun 24 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22756]: Successful su for rubyman by root
Jun 24 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22756]: + ??? root:rubyman
Jun 24 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582510 of user rubyman.
Jun 24 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22756]: pam_unix(su:session): session closed for user rubyman
Jun 24 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582510.
Jun 24 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Invalid user postgres from 91.92.40.240
Jun 24 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: input_userauth_request: invalid user postgres [preauth]
Jun 24 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19862]: pam_unix(cron:session): session closed for user root
Jun 24 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Failed password for invalid user postgres from 91.92.40.240 port 58232 ssh2
Jun 24 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22694]: pam_unix(cron:session): session closed for user samftp
Jun 24 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Connection closed by 91.92.40.240 port 58232 [preauth]
Jun 24 07:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 07:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22958]: Failed password for root from 103.153.68.219 port 49336 ssh2
Jun 24 07:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22958]: Connection closed by 103.153.68.219 port 49336 [preauth]
Jun 24 07:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 07:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: Failed password for root from 102.88.137.80 port 33511 ssh2
Jun 24 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: Received disconnect from 102.88.137.80 port 33511:11: Bye Bye [preauth]
Jun 24 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: Disconnected from 102.88.137.80 port 33511 [preauth]
Jun 24 07:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21783]: pam_unix(cron:session): session closed for user root
Jun 24 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: Invalid user hieu from 69.74.29.21
Jun 24 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: input_userauth_request: invalid user hieu [preauth]
Jun 24 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 07:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: Failed password for invalid user hieu from 69.74.29.21 port 15084 ssh2
Jun 24 07:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: Received disconnect from 69.74.29.21 port 15084:11: Bye Bye [preauth]
Jun 24 07:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23048]: Disconnected from 69.74.29.21 port 15084 [preauth]
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23105]: pam_unix(cron:session): session closed for user root
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23100]: pam_unix(cron:session): session closed for user root
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23098]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23189]: Successful su for rubyman by root
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23189]: + ??? root:rubyman
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582512 of user rubyman.
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23189]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582512.
Jun 24 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23101]: pam_unix(cron:session): session closed for user root
Jun 24 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20357]: pam_unix(cron:session): session closed for user root
Jun 24 08:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23099]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 08:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: Failed password for root from 102.88.137.80 port 49408 ssh2
Jun 24 08:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: Received disconnect from 102.88.137.80 port 49408:11: Bye Bye [preauth]
Jun 24 08:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: Disconnected from 102.88.137.80 port 49408 [preauth]
Jun 24 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22196]: pam_unix(cron:session): session closed for user root
Jun 24 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 24 08:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: Failed password for root from 147.45.211.215 port 44012 ssh2
Jun 24 08:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23552]: Connection closed by 147.45.211.215 port 44012 [preauth]
Jun 24 08:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Invalid user admin from 118.193.47.155
Jun 24 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: input_userauth_request: invalid user admin [preauth]
Jun 24 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 08:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23606]: Invalid user postgres from 91.92.40.240
Jun 24 08:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23606]: input_userauth_request: invalid user postgres [preauth]
Jun 24 08:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23606]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Failed password for invalid user admin from 118.193.47.155 port 60180 ssh2
Jun 24 08:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Received disconnect from 118.193.47.155 port 60180:11: Bye Bye [preauth]
Jun 24 08:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Disconnected from 118.193.47.155 port 60180 [preauth]
Jun 24 08:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23606]: Failed password for invalid user postgres from 91.92.40.240 port 49874 ssh2
Jun 24 08:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23606]: Connection closed by 91.92.40.240 port 49874 [preauth]
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: Successful su for rubyman by root
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: + ??? root:rubyman
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582520 of user rubyman.
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582520.
Jun 24 08:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20873]: pam_unix(cron:session): session closed for user root
Jun 24 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Invalid user pepe from 137.184.228.138
Jun 24 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: input_userauth_request: invalid user pepe [preauth]
Jun 24 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Failed password for invalid user pepe from 137.184.228.138 port 45050 ssh2
Jun 24 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Received disconnect from 137.184.228.138 port 45050:11: Bye Bye [preauth]
Jun 24 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Disconnected from 137.184.228.138 port 45050 [preauth]
Jun 24 08:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Invalid user cronuser from 102.88.137.80
Jun 24 08:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: input_userauth_request: invalid user cronuser [preauth]
Jun 24 08:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 08:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Failed password for invalid user cronuser from 102.88.137.80 port 49546 ssh2
Jun 24 08:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Received disconnect from 102.88.137.80 port 49546:11: Bye Bye [preauth]
Jun 24 08:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Disconnected from 102.88.137.80 port 49546 [preauth]
Jun 24 08:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Invalid user student5 from 69.74.29.21
Jun 24 08:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: input_userauth_request: invalid user student5 [preauth]
Jun 24 08:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22696]: pam_unix(cron:session): session closed for user root
Jun 24 08:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Failed password for invalid user student5 from 69.74.29.21 port 62872 ssh2
Jun 24 08:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Received disconnect from 69.74.29.21 port 62872:11: Bye Bye [preauth]
Jun 24 08:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Disconnected from 69.74.29.21 port 62872 [preauth]
Jun 24 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24157]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24225]: Successful su for rubyman by root
Jun 24 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24225]: + ??? root:rubyman
Jun 24 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582523 of user rubyman.
Jun 24 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24225]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582523.
Jun 24 08:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21323]: pam_unix(cron:session): session closed for user root
Jun 24 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24158]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Invalid user deniz from 102.88.137.80
Jun 24 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: input_userauth_request: invalid user deniz [preauth]
Jun 24 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 08:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Failed password for invalid user deniz from 102.88.137.80 port 1367 ssh2
Jun 24 08:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Received disconnect from 102.88.137.80 port 1367:11: Bye Bye [preauth]
Jun 24 08:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Disconnected from 102.88.137.80 port 1367 [preauth]
Jun 24 08:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23104]: pam_unix(cron:session): session closed for user root
Jun 24 08:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Invalid user postgres from 91.92.40.240
Jun 24 08:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: input_userauth_request: invalid user postgres [preauth]
Jun 24 08:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Failed password for invalid user postgres from 91.92.40.240 port 51332 ssh2
Jun 24 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Connection closed by 91.92.40.240 port 51332 [preauth]
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24659]: Successful su for rubyman by root
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24659]: + ??? root:rubyman
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582527 of user rubyman.
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24659]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582527.
Jun 24 08:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21782]: pam_unix(cron:session): session closed for user root
Jun 24 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24806]: Failed password for root from 102.88.137.80 port 17450 ssh2
Jun 24 08:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24806]: Received disconnect from 102.88.137.80 port 17450:11: Bye Bye [preauth]
Jun 24 08:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24806]: Disconnected from 102.88.137.80 port 17450 [preauth]
Jun 24 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Invalid user oracle from 137.184.228.138
Jun 24 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: input_userauth_request: invalid user oracle [preauth]
Jun 24 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Failed password for invalid user oracle from 137.184.228.138 port 45236 ssh2
Jun 24 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Received disconnect from 137.184.228.138 port 45236:11: Bye Bye [preauth]
Jun 24 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Disconnected from 137.184.228.138 port 45236 [preauth]
Jun 24 08:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Invalid user asad from 69.74.29.21
Jun 24 08:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: input_userauth_request: invalid user asad [preauth]
Jun 24 08:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Failed password for invalid user asad from 69.74.29.21 port 5117 ssh2
Jun 24 08:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Received disconnect from 69.74.29.21 port 5117:11: Bye Bye [preauth]
Jun 24 08:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Disconnected from 69.74.29.21 port 5117 [preauth]
Jun 24 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session closed for user root
Jun 24 08:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Invalid user admin from 102.88.137.80
Jun 24 08:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: input_userauth_request: invalid user admin [preauth]
Jun 24 08:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 08:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Failed password for invalid user admin from 102.88.137.80 port 1437 ssh2
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Received disconnect from 102.88.137.80 port 1437:11: Bye Bye [preauth]
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Disconnected from 102.88.137.80 port 1437 [preauth]
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: Successful su for rubyman by root
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: + ??? root:rubyman
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582531 of user rubyman.
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582531.
Jun 24 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22195]: pam_unix(cron:session): session closed for user root
Jun 24 08:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155  user=root
Jun 24 08:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: Failed password for root from 118.193.47.155 port 53082 ssh2
Jun 24 08:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: Received disconnect from 118.193.47.155 port 53082:11: Bye Bye [preauth]
Jun 24 08:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25281]: Disconnected from 118.193.47.155 port 53082 [preauth]
Jun 24 08:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: Invalid user postgres from 91.92.40.240
Jun 24 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: input_userauth_request: invalid user postgres [preauth]
Jun 24 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session closed for user root
Jun 24 08:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: Failed password for invalid user postgres from 91.92.40.240 port 48378 ssh2
Jun 24 08:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: Connection closed by 91.92.40.240 port 48378 [preauth]
Jun 24 08:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 08:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Failed password for root from 102.88.137.80 port 1485 ssh2
Jun 24 08:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Received disconnect from 102.88.137.80 port 1485:11: Bye Bye [preauth]
Jun 24 08:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25379]: Disconnected from 102.88.137.80 port 1485 [preauth]
Jun 24 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25412]: pam_unix(cron:session): session closed for user root
Jun 24 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25407]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25477]: Successful su for rubyman by root
Jun 24 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25477]: + ??? root:rubyman
Jun 24 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582535 of user rubyman.
Jun 24 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25477]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582535.
Jun 24 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25409]: pam_unix(cron:session): session closed for user root
Jun 24 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22695]: pam_unix(cron:session): session closed for user root
Jun 24 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25408]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25697]: Invalid user bb from 69.74.29.21
Jun 24 08:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25697]: input_userauth_request: invalid user bb [preauth]
Jun 24 08:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25697]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: Invalid user sneha from 137.184.228.138
Jun 24 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: input_userauth_request: invalid user sneha [preauth]
Jun 24 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25697]: Failed password for invalid user bb from 69.74.29.21 port 35376 ssh2
Jun 24 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25697]: Received disconnect from 69.74.29.21 port 35376:11: Bye Bye [preauth]
Jun 24 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25697]: Disconnected from 69.74.29.21 port 35376 [preauth]
Jun 24 08:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: Failed password for invalid user sneha from 137.184.228.138 port 45410 ssh2
Jun 24 08:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: Received disconnect from 137.184.228.138 port 45410:11: Bye Bye [preauth]
Jun 24 08:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: Disconnected from 137.184.228.138 port 45410 [preauth]
Jun 24 08:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session closed for user root
Jun 24 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 08:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: Failed password for root from 202.178.126.219 port 46012 ssh2
Jun 24 08:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: Connection closed by 202.178.126.219 port 46012 [preauth]
Jun 24 08:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 08:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25810]: Failed password for root from 102.88.137.80 port 1439 ssh2
Jun 24 08:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25810]: Received disconnect from 102.88.137.80 port 1439:11: Bye Bye [preauth]
Jun 24 08:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25810]: Disconnected from 102.88.137.80 port 1439 [preauth]
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25839]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25907]: Successful su for rubyman by root
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25907]: + ??? root:rubyman
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582541 of user rubyman.
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25907]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582541.
Jun 24 08:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23102]: pam_unix(cron:session): session closed for user root
Jun 24 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25840]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: Invalid user postgres from 91.92.40.240
Jun 24 08:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: input_userauth_request: invalid user postgres [preauth]
Jun 24 08:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: Failed password for invalid user postgres from 91.92.40.240 port 55040 ssh2
Jun 24 08:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: Connection closed by 91.92.40.240 port 55040 [preauth]
Jun 24 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session closed for user root
Jun 24 08:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Invalid user deployer from 102.88.137.80
Jun 24 08:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: input_userauth_request: invalid user deployer [preauth]
Jun 24 08:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 08:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Failed password for invalid user deployer from 102.88.137.80 port 17422 ssh2
Jun 24 08:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Received disconnect from 102.88.137.80 port 17422:11: Bye Bye [preauth]
Jun 24 08:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26210]: Disconnected from 102.88.137.80 port 17422 [preauth]
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26302]: Successful su for rubyman by root
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26302]: + ??? root:rubyman
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582545 of user rubyman.
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26302]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582545.
Jun 24 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session closed for user root
Jun 24 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26240]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 08:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Failed password for root from 69.74.29.21 port 32370 ssh2
Jun 24 08:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Received disconnect from 69.74.29.21 port 32370:11: Bye Bye [preauth]
Jun 24 08:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Disconnected from 69.74.29.21 port 32370 [preauth]
Jun 24 08:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Invalid user student5 from 137.184.228.138
Jun 24 08:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: input_userauth_request: invalid user student5 [preauth]
Jun 24 08:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Failed password for invalid user student5 from 137.184.228.138 port 45596 ssh2
Jun 24 08:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Received disconnect from 137.184.228.138 port 45596:11: Bye Bye [preauth]
Jun 24 08:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Disconnected from 137.184.228.138 port 45596 [preauth]
Jun 24 08:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 08:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Failed password for root from 103.77.242.62 port 47734 ssh2
Jun 24 08:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Connection closed by 103.77.242.62 port 47734 [preauth]
Jun 24 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25411]: pam_unix(cron:session): session closed for user root
Jun 24 08:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26596]: Failed password for root from 102.88.137.80 port 49746 ssh2
Jun 24 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26596]: Received disconnect from 102.88.137.80 port 49746:11: Bye Bye [preauth]
Jun 24 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26596]: Disconnected from 102.88.137.80 port 49746 [preauth]
Jun 24 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: Invalid user urban from 118.193.47.155
Jun 24 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: input_userauth_request: invalid user urban [preauth]
Jun 24 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 08:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: Failed password for invalid user urban from 118.193.47.155 port 37990 ssh2
Jun 24 08:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: Received disconnect from 118.193.47.155 port 37990:11: Bye Bye [preauth]
Jun 24 08:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: Disconnected from 118.193.47.155 port 37990 [preauth]
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26795]: Successful su for rubyman by root
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26795]: + ??? root:rubyman
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582549 of user rubyman.
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26795]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582549.
Jun 24 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session closed for user root
Jun 24 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: Invalid user postgres from 91.92.40.240
Jun 24 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: input_userauth_request: invalid user postgres [preauth]
Jun 24 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: Failed password for invalid user postgres from 91.92.40.240 port 60172 ssh2
Jun 24 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: Connection closed by 91.92.40.240 port 60172 [preauth]
Jun 24 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25843]: pam_unix(cron:session): session closed for user root
Jun 24 08:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: Invalid user anaconda from 102.88.137.80
Jun 24 08:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: input_userauth_request: invalid user anaconda [preauth]
Jun 24 08:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80
Jun 24 08:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: Failed password for invalid user anaconda from 102.88.137.80 port 1131 ssh2
Jun 24 08:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: Received disconnect from 102.88.137.80 port 1131:11: Bye Bye [preauth]
Jun 24 08:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27075]: Disconnected from 102.88.137.80 port 1131 [preauth]
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: Successful su for rubyman by root
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: + ??? root:rubyman
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582555 of user rubyman.
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582555.
Jun 24 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27126]: pam_unix(cron:session): session closed for user root
Jun 24 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session closed for user root
Jun 24 08:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 08:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: Failed password for root from 69.74.29.21 port 45330 ssh2
Jun 24 08:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: Received disconnect from 69.74.29.21 port 45330:11: Bye Bye [preauth]
Jun 24 08:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27480]: Disconnected from 69.74.29.21 port 45330 [preauth]
Jun 24 08:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: Invalid user elias from 137.184.228.138
Jun 24 08:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: input_userauth_request: invalid user elias [preauth]
Jun 24 08:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: Failed password for invalid user elias from 137.184.228.138 port 45778 ssh2
Jun 24 08:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: Received disconnect from 137.184.228.138 port 45778:11: Bye Bye [preauth]
Jun 24 08:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: Disconnected from 137.184.228.138 port 45778 [preauth]
Jun 24 08:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: Failed password for root from 102.88.137.80 port 17594 ssh2
Jun 24 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: Received disconnect from 102.88.137.80 port 17594:11: Bye Bye [preauth]
Jun 24 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: Disconnected from 102.88.137.80 port 17594 [preauth]
Jun 24 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27568]: Received disconnect from 192.3.206.66 port 51370:11: disconnected by user [preauth]
Jun 24 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27568]: Disconnected from 192.3.206.66 port 51370 [preauth]
Jun 24 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session closed for user root
Jun 24 08:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: Invalid user support from 91.92.40.240
Jun 24 08:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: input_userauth_request: invalid user support [preauth]
Jun 24 08:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: Failed password for invalid user support from 91.92.40.240 port 40092 ssh2
Jun 24 08:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: Connection closed by 91.92.40.240 port 40092 [preauth]
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session closed for user root
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27649]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27719]: Successful su for rubyman by root
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27719]: + ??? root:rubyman
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582558 of user rubyman.
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27719]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582558.
Jun 24 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27651]: pam_unix(cron:session): session closed for user root
Jun 24 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session closed for user root
Jun 24 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27650]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.88.137.80  user=root
Jun 24 08:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: Failed password for root from 102.88.137.80 port 17598 ssh2
Jun 24 08:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: Received disconnect from 102.88.137.80 port 17598:11: Bye Bye [preauth]
Jun 24 08:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: Disconnected from 102.88.137.80 port 17598 [preauth]
Jun 24 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26649]: pam_unix(cron:session): session closed for user root
Jun 24 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Invalid user pepe from 69.74.29.21
Jun 24 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: input_userauth_request: invalid user pepe [preauth]
Jun 24 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: Invalid user admin from 2.57.121.25
Jun 24 08:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: input_userauth_request: invalid user admin [preauth]
Jun 24 08:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 08:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Failed password for invalid user pepe from 69.74.29.21 port 52032 ssh2
Jun 24 08:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Received disconnect from 69.74.29.21 port 52032:11: Bye Bye [preauth]
Jun 24 08:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Disconnected from 69.74.29.21 port 52032 [preauth]
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28227]: Successful su for rubyman by root
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28227]: + ??? root:rubyman
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582565 of user rubyman.
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28227]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582565.
Jun 24 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: Failed password for invalid user admin from 2.57.121.25 port 55958 ssh2
Jun 24 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: Invalid user bitrix from 118.193.47.155
Jun 24 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: input_userauth_request: invalid user bitrix [preauth]
Jun 24 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: Failed password for invalid user admin from 2.57.121.25 port 55958 ssh2
Jun 24 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25410]: pam_unix(cron:session): session closed for user root
Jun 24 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: Failed password for invalid user bitrix from 118.193.47.155 port 33796 ssh2
Jun 24 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: Received disconnect from 118.193.47.155 port 33796:11: Bye Bye [preauth]
Jun 24 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28248]: Disconnected from 118.193.47.155 port 33796 [preauth]
Jun 24 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28149]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: Failed password for invalid user admin from 2.57.121.25 port 55958 ssh2
Jun 24 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: Connection closed by 2.57.121.25 port 55958 [preauth]
Jun 24 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 08:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 08:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: Failed password for root from 137.184.228.138 port 45958 ssh2
Jun 24 08:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: Received disconnect from 137.184.228.138 port 45958:11: Bye Bye [preauth]
Jun 24 08:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: Disconnected from 137.184.228.138 port 45958 [preauth]
Jun 24 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27131]: pam_unix(cron:session): session closed for user root
Jun 24 08:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28501]: Invalid user support from 91.92.40.240
Jun 24 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28501]: input_userauth_request: invalid user support [preauth]
Jun 24 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28501]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28501]: Failed password for invalid user support from 91.92.40.240 port 34702 ssh2
Jun 24 08:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28501]: Connection closed by 91.92.40.240 port 34702 [preauth]
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28653]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: Successful su for rubyman by root
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: + ??? root:rubyman
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582568 of user rubyman.
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582568.
Jun 24 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25842]: pam_unix(cron:session): session closed for user root
Jun 24 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27654]: pam_unix(cron:session): session closed for user root
Jun 24 08:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Invalid user syh from 69.74.29.21
Jun 24 08:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: input_userauth_request: invalid user syh [preauth]
Jun 24 08:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Failed password for invalid user syh from 69.74.29.21 port 2036 ssh2
Jun 24 08:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Received disconnect from 69.74.29.21 port 2036:11: Bye Bye [preauth]
Jun 24 08:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Disconnected from 69.74.29.21 port 2036 [preauth]
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29073]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29138]: Successful su for rubyman by root
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29138]: + ??? root:rubyman
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582572 of user rubyman.
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29138]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582572.
Jun 24 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session closed for user root
Jun 24 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29074]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.63.123  user=root
Jun 24 08:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: Failed password for root from 218.78.63.123 port 34378 ssh2
Jun 24 08:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: Received disconnect from 218.78.63.123 port 34378:11: Bye Bye [preauth]
Jun 24 08:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: Disconnected from 218.78.63.123 port 34378 [preauth]
Jun 24 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Invalid user support from 91.92.40.240
Jun 24 08:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: input_userauth_request: invalid user support [preauth]
Jun 24 08:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Failed password for invalid user support from 91.92.40.240 port 59910 ssh2
Jun 24 08:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Connection closed by 91.92.40.240 port 59910 [preauth]
Jun 24 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28151]: pam_unix(cron:session): session closed for user root
Jun 24 08:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 08:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Failed password for root from 137.184.228.138 port 46144 ssh2
Jun 24 08:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Received disconnect from 137.184.228.138 port 46144:11: Bye Bye [preauth]
Jun 24 08:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Disconnected from 137.184.228.138 port 46144 [preauth]
Jun 24 08:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: Failed password for root from 87.251.79.125 port 45920 ssh2
Jun 24 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: Connection closed by 87.251.79.125 port 45920 [preauth]
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29655]: Successful su for rubyman by root
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29655]: + ??? root:rubyman
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582578 of user rubyman.
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29655]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582578.
Jun 24 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session closed for user root
Jun 24 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155  user=root
Jun 24 08:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Failed password for root from 118.193.47.155 port 54500 ssh2
Jun 24 08:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Received disconnect from 118.193.47.155 port 54500:11: Bye Bye [preauth]
Jun 24 08:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Disconnected from 118.193.47.155 port 54500 [preauth]
Jun 24 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session closed for user root
Jun 24 08:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: Invalid user main from 69.74.29.21
Jun 24 08:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: input_userauth_request: invalid user main [preauth]
Jun 24 08:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: Failed password for invalid user main from 69.74.29.21 port 38078 ssh2
Jun 24 08:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: Received disconnect from 69.74.29.21 port 38078:11: Bye Bye [preauth]
Jun 24 08:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: Disconnected from 69.74.29.21 port 38078 [preauth]
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30039]: pam_unix(cron:session): session closed for user root
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30034]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: Successful su for rubyman by root
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: + ??? root:rubyman
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582583 of user rubyman.
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582583.
Jun 24 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30036]: pam_unix(cron:session): session closed for user root
Jun 24 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session closed for user root
Jun 24 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30035]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30342]: Invalid user support from 91.92.40.240
Jun 24 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30342]: input_userauth_request: invalid user support [preauth]
Jun 24 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30342]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30342]: Failed password for invalid user support from 91.92.40.240 port 35126 ssh2
Jun 24 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30342]: Connection closed by 91.92.40.240 port 35126 [preauth]
Jun 24 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29076]: pam_unix(cron:session): session closed for user root
Jun 24 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: Invalid user syh from 137.184.228.138
Jun 24 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: input_userauth_request: invalid user syh [preauth]
Jun 24 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: Failed password for invalid user syh from 137.184.228.138 port 46326 ssh2
Jun 24 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: Received disconnect from 137.184.228.138 port 46326:11: Bye Bye [preauth]
Jun 24 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: Disconnected from 137.184.228.138 port 46326 [preauth]
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30483]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30558]: Successful su for rubyman by root
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30558]: + ??? root:rubyman
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582588 of user rubyman.
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30558]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582588.
Jun 24 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27652]: pam_unix(cron:session): session closed for user root
Jun 24 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30484]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 08:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: Failed password for root from 147.45.199.80 port 48958 ssh2
Jun 24 08:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: Connection closed by 147.45.199.80 port 48958 [preauth]
Jun 24 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29504]: pam_unix(cron:session): session closed for user root
Jun 24 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Failed password for root from 69.74.29.21 port 61069 ssh2
Jun 24 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Received disconnect from 69.74.29.21 port 61069:11: Bye Bye [preauth]
Jun 24 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Disconnected from 69.74.29.21 port 61069 [preauth]
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30916]: pam_unix(cron:session): session closed for user root
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31004]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31072]: Successful su for rubyman by root
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31072]: + ??? root:rubyman
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582590 of user rubyman.
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31072]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582590.
Jun 24 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Invalid user support from 91.92.40.240
Jun 24 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: input_userauth_request: invalid user support [preauth]
Jun 24 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28150]: pam_unix(cron:session): session closed for user root
Jun 24 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31005]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Failed password for invalid user support from 91.92.40.240 port 60654 ssh2
Jun 24 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Connection closed by 91.92.40.240 port 60654 [preauth]
Jun 24 08:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 08:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: Failed password for root from 103.149.28.157 port 50064 ssh2
Jun 24 08:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31285]: Connection closed by 103.149.28.157 port 50064 [preauth]
Jun 24 08:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30038]: pam_unix(cron:session): session closed for user root
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31480]: Successful su for rubyman by root
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31480]: + ??? root:rubyman
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582595 of user rubyman.
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31480]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582595.
Jun 24 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28655]: pam_unix(cron:session): session closed for user root
Jun 24 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: Failed password for root from 137.184.228.138 port 46514 ssh2
Jun 24 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: Received disconnect from 137.184.228.138 port 46514:11: Bye Bye [preauth]
Jun 24 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: Disconnected from 137.184.228.138 port 46514 [preauth]
Jun 24 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 08:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: Failed password for root from 103.82.132.16 port 36350 ssh2
Jun 24 08:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: Connection closed by 103.82.132.16 port 36350 [preauth]
Jun 24 08:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 08:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Failed password for root from 69.74.29.21 port 26119 ssh2
Jun 24 08:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Received disconnect from 69.74.29.21 port 26119:11: Bye Bye [preauth]
Jun 24 08:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Disconnected from 69.74.29.21 port 26119 [preauth]
Jun 24 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30486]: pam_unix(cron:session): session closed for user root
Jun 24 08:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Invalid user support from 91.92.40.240
Jun 24 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: input_userauth_request: invalid user support [preauth]
Jun 24 08:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Failed password for invalid user support from 91.92.40.240 port 58170 ssh2
Jun 24 08:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Connection closed by 91.92.40.240 port 58170 [preauth]
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31924]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31994]: Successful su for rubyman by root
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31994]: + ??? root:rubyman
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582600 of user rubyman.
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31994]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582600.
Jun 24 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29075]: pam_unix(cron:session): session closed for user root
Jun 24 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31925]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Invalid user admin from 45.148.10.121
Jun 24 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: input_userauth_request: invalid user admin [preauth]
Jun 24 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Failed password for invalid user admin from 45.148.10.121 port 60834 ssh2
Jun 24 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Connection closed by 45.148.10.121 port 60834 [preauth]
Jun 24 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31007]: pam_unix(cron:session): session closed for user root
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session closed for user root
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32327]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32403]: Successful su for rubyman by root
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32403]: + ??? root:rubyman
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582606 of user rubyman.
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32403]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582606.
Jun 24 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session closed for user root
Jun 24 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32329]: pam_unix(cron:session): session closed for user root
Jun 24 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32328]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 08:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: Failed password for root from 137.184.228.138 port 46698 ssh2
Jun 24 08:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: Received disconnect from 137.184.228.138 port 46698:11: Bye Bye [preauth]
Jun 24 08:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: Disconnected from 137.184.228.138 port 46698 [preauth]
Jun 24 08:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Failed password for root from 69.74.29.21 port 50413 ssh2
Jun 24 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Received disconnect from 69.74.29.21 port 50413:11: Bye Bye [preauth]
Jun 24 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Disconnected from 69.74.29.21 port 50413 [preauth]
Jun 24 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31420]: pam_unix(cron:session): session closed for user root
Jun 24 08:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Invalid user support from 91.92.40.240
Jun 24 08:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: input_userauth_request: invalid user support [preauth]
Jun 24 08:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Failed password for invalid user support from 91.92.40.240 port 37772 ssh2
Jun 24 08:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Connection closed by 91.92.40.240 port 37772 [preauth]
Jun 24 08:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: Failed password for root from 176.32.39.21 port 55604 ssh2
Jun 24 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[314]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[311]: Connection closed by 176.32.39.21 port 55604 [preauth]
Jun 24 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[398]: Successful su for rubyman by root
Jun 24 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[398]: + ??? root:rubyman
Jun 24 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582609 of user rubyman.
Jun 24 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[398]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582609.
Jun 24 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30037]: pam_unix(cron:session): session closed for user root
Jun 24 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: Invalid user adminpldt from 141.98.83.240
Jun 24 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: input_userauth_request: invalid user adminpldt [preauth]
Jun 24 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: Failed password for invalid user adminpldt from 141.98.83.240 port 40774 ssh2
Jun 24 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Invalid user movie from 118.193.47.155
Jun 24 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: input_userauth_request: invalid user movie [preauth]
Jun 24 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: Failed password for invalid user adminpldt from 141.98.83.240 port 40774 ssh2
Jun 24 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Failed password for invalid user movie from 118.193.47.155 port 55598 ssh2
Jun 24 08:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Received disconnect from 118.193.47.155 port 55598:11: Bye Bye [preauth]
Jun 24 08:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Disconnected from 118.193.47.155 port 55598 [preauth]
Jun 24 08:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: Failed password for invalid user adminpldt from 141.98.83.240 port 40774 ssh2
Jun 24 08:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: Connection closed by 141.98.83.240 port 40774 [preauth]
Jun 24 08:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31927]: pam_unix(cron:session): session closed for user root
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[959]: Successful su for rubyman by root
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[959]: + ??? root:rubyman
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582614 of user rubyman.
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[959]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582614.
Jun 24 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30485]: pam_unix(cron:session): session closed for user root
Jun 24 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[892]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Invalid user admin from 69.74.29.21
Jun 24 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: input_userauth_request: invalid user admin [preauth]
Jun 24 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Failed password for invalid user admin from 69.74.29.21 port 60086 ssh2
Jun 24 08:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Received disconnect from 69.74.29.21 port 60086:11: Bye Bye [preauth]
Jun 24 08:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Disconnected from 69.74.29.21 port 60086 [preauth]
Jun 24 08:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Invalid user akash from 137.184.228.138
Jun 24 08:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: input_userauth_request: invalid user akash [preauth]
Jun 24 08:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Failed password for invalid user akash from 137.184.228.138 port 46886 ssh2
Jun 24 08:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Received disconnect from 137.184.228.138 port 46886:11: Bye Bye [preauth]
Jun 24 08:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Disconnected from 137.184.228.138 port 46886 [preauth]
Jun 24 08:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Invalid user support from 91.92.40.240
Jun 24 08:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: input_userauth_request: invalid user support [preauth]
Jun 24 08:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Failed password for invalid user support from 91.92.40.240 port 58142 ssh2
Jun 24 08:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Connection closed by 91.92.40.240 port 58142 [preauth]
Jun 24 08:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32331]: pam_unix(cron:session): session closed for user root
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1357]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1431]: Successful su for rubyman by root
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1431]: + ??? root:rubyman
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582617 of user rubyman.
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1431]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582617.
Jun 24 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31006]: pam_unix(cron:session): session closed for user root
Jun 24 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session closed for user root
Jun 24 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Invalid user owncloud from 69.74.29.21
Jun 24 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: input_userauth_request: invalid user owncloud [preauth]
Jun 24 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Failed password for invalid user owncloud from 69.74.29.21 port 1980 ssh2
Jun 24 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Received disconnect from 69.74.29.21 port 1980:11: Bye Bye [preauth]
Jun 24 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Disconnected from 69.74.29.21 port 1980 [preauth]
Jun 24 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: Successful su for rubyman by root
Jun 24 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: + ??? root:rubyman
Jun 24 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582623 of user rubyman.
Jun 24 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582623.
Jun 24 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31419]: pam_unix(cron:session): session closed for user root
Jun 24 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: Invalid user support from 91.92.40.240
Jun 24 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: input_userauth_request: invalid user support [preauth]
Jun 24 08:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: Failed password for invalid user support from 91.92.40.240 port 37142 ssh2
Jun 24 08:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: Connection closed by 91.92.40.240 port 37142 [preauth]
Jun 24 08:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: Failed password for root from 137.184.228.138 port 47072 ssh2
Jun 24 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: Received disconnect from 137.184.228.138 port 47072:11: Bye Bye [preauth]
Jun 24 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: Disconnected from 137.184.228.138 port 47072 [preauth]
Jun 24 08:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[894]: pam_unix(cron:session): session closed for user root
Jun 24 08:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Invalid user laser from 118.193.47.155
Jun 24 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: input_userauth_request: invalid user laser [preauth]
Jun 24 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Failed password for invalid user laser from 118.193.47.155 port 56694 ssh2
Jun 24 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Received disconnect from 118.193.47.155 port 56694:11: Bye Bye [preauth]
Jun 24 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Disconnected from 118.193.47.155 port 56694 [preauth]
Jun 24 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2391]: pam_unix(cron:session): session closed for user root
Jun 24 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2386]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2456]: Successful su for rubyman by root
Jun 24 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2456]: + ??? root:rubyman
Jun 24 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582628 of user rubyman.
Jun 24 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2456]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582628.
Jun 24 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2388]: pam_unix(cron:session): session closed for user root
Jun 24 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31926]: pam_unix(cron:session): session closed for user root
Jun 24 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2387]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session closed for user root
Jun 24 08:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 08:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Failed password for root from 202.178.126.219 port 50840 ssh2
Jun 24 08:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Connection closed by 202.178.126.219 port 50840 [preauth]
Jun 24 08:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: Invalid user test from 69.74.29.21
Jun 24 08:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: input_userauth_request: invalid user test [preauth]
Jun 24 08:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: Failed password for invalid user test from 69.74.29.21 port 22225 ssh2
Jun 24 08:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: Received disconnect from 69.74.29.21 port 22225:11: Bye Bye [preauth]
Jun 24 08:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: Disconnected from 69.74.29.21 port 22225 [preauth]
Jun 24 08:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Invalid user support from 91.92.40.240
Jun 24 08:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: input_userauth_request: invalid user support [preauth]
Jun 24 08:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Failed password for invalid user support from 91.92.40.240 port 47144 ssh2
Jun 24 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Connection closed by 91.92.40.240 port 47144 [preauth]
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2911]: Successful su for rubyman by root
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2911]: + ??? root:rubyman
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582631 of user rubyman.
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2911]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582631.
Jun 24 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32330]: pam_unix(cron:session): session closed for user root
Jun 24 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Invalid user main from 137.184.228.138
Jun 24 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: input_userauth_request: invalid user main [preauth]
Jun 24 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1915]: pam_unix(cron:session): session closed for user root
Jun 24 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Failed password for invalid user main from 137.184.228.138 port 47258 ssh2
Jun 24 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Received disconnect from 137.184.228.138 port 47258:11: Bye Bye [preauth]
Jun 24 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Disconnected from 137.184.228.138 port 47258 [preauth]
Jun 24 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3248]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3311]: Successful su for rubyman by root
Jun 24 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3311]: + ??? root:rubyman
Jun 24 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582637 of user rubyman.
Jun 24 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3311]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582637.
Jun 24 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session closed for user root
Jun 24 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2390]: pam_unix(cron:session): session closed for user root
Jun 24 08:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: Invalid user sysadmin from 91.92.40.240
Jun 24 08:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 08:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: Failed password for invalid user sysadmin from 91.92.40.240 port 55660 ssh2
Jun 24 08:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: Connection closed by 91.92.40.240 port 55660 [preauth]
Jun 24 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Invalid user luka from 69.74.29.21
Jun 24 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: input_userauth_request: invalid user luka [preauth]
Jun 24 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: Failed password for root from 103.77.175.15 port 46516 ssh2
Jun 24 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: Connection closed by 103.77.175.15 port 46516 [preauth]
Jun 24 08:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Failed password for invalid user luka from 69.74.29.21 port 49047 ssh2
Jun 24 08:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Received disconnect from 69.74.29.21 port 49047:11: Bye Bye [preauth]
Jun 24 08:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Disconnected from 69.74.29.21 port 49047 [preauth]
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3648]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: Successful su for rubyman by root
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: + ??? root:rubyman
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582639 of user rubyman.
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582639.
Jun 24 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[893]: pam_unix(cron:session): session closed for user root
Jun 24 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3649]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2848]: pam_unix(cron:session): session closed for user root
Jun 24 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Invalid user asad from 137.184.228.138
Jun 24 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: input_userauth_request: invalid user asad [preauth]
Jun 24 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Failed password for invalid user asad from 137.184.228.138 port 47444 ssh2
Jun 24 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Received disconnect from 137.184.228.138 port 47444:11: Bye Bye [preauth]
Jun 24 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Disconnected from 137.184.228.138 port 47444 [preauth]
Jun 24 08:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 08:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: Failed password for root from 103.176.20.57 port 60820 ssh2
Jun 24 08:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: Connection closed by 103.176.20.57 port 60820 [preauth]
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4256]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4252]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4319]: Successful su for rubyman by root
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4319]: + ??? root:rubyman
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582645 of user rubyman.
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4319]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582645.
Jun 24 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session closed for user root
Jun 24 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4253]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Invalid user sysadmin from 91.92.40.240
Jun 24 08:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 08:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Failed password for invalid user sysadmin from 91.92.40.240 port 46308 ssh2
Jun 24 08:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Connection closed by 91.92.40.240 port 46308 [preauth]
Jun 24 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3252]: pam_unix(cron:session): session closed for user root
Jun 24 08:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: Invalid user akash from 69.74.29.21
Jun 24 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: input_userauth_request: invalid user akash [preauth]
Jun 24 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: Failed password for invalid user akash from 69.74.29.21 port 3848 ssh2
Jun 24 08:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: Received disconnect from 69.74.29.21 port 3848:11: Bye Bye [preauth]
Jun 24 08:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: Disconnected from 69.74.29.21 port 3848 [preauth]
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4665]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4666]: pam_unix(cron:session): session closed for user root
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4660]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4769]: Successful su for rubyman by root
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4769]: + ??? root:rubyman
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582647 of user rubyman.
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4769]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582647.
Jun 24 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4663]: pam_unix(cron:session): session closed for user root
Jun 24 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1913]: pam_unix(cron:session): session closed for user root
Jun 24 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4661]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3651]: pam_unix(cron:session): session closed for user root
Jun 24 08:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Invalid user hieu from 137.184.228.138
Jun 24 08:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: input_userauth_request: invalid user hieu [preauth]
Jun 24 08:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Failed password for invalid user hieu from 137.184.228.138 port 47622 ssh2
Jun 24 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Received disconnect from 137.184.228.138 port 47622:11: Bye Bye [preauth]
Jun 24 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Disconnected from 137.184.228.138 port 47622 [preauth]
Jun 24 08:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: Connection closed by 194.59.206.2 port 62032 [preauth]
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5215]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5286]: Successful su for rubyman by root
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5286]: + ??? root:rubyman
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582653 of user rubyman.
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5286]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582653.
Jun 24 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2389]: pam_unix(cron:session): session closed for user root
Jun 24 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5216]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: Invalid user sysadmin from 91.92.40.240
Jun 24 08:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 08:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: Failed password for invalid user sysadmin from 91.92.40.240 port 43064 ssh2
Jun 24 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Failed password for root from 193.37.70.224 port 53590 ssh2
Jun 24 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Connection closed by 193.37.70.224 port 53590 [preauth]
Jun 24 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5503]: Connection closed by 91.92.40.240 port 43064 [preauth]
Jun 24 08:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: Invalid user certbot from 118.193.47.155
Jun 24 08:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: input_userauth_request: invalid user certbot [preauth]
Jun 24 08:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.47.155
Jun 24 08:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Invalid user oracle from 69.74.29.21
Jun 24 08:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: input_userauth_request: invalid user oracle [preauth]
Jun 24 08:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21
Jun 24 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: Failed password for invalid user certbot from 118.193.47.155 port 47962 ssh2
Jun 24 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: Received disconnect from 118.193.47.155 port 47962:11: Bye Bye [preauth]
Jun 24 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: Disconnected from 118.193.47.155 port 47962 [preauth]
Jun 24 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4256]: pam_unix(cron:session): session closed for user root
Jun 24 08:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Failed password for invalid user oracle from 69.74.29.21 port 4552 ssh2
Jun 24 08:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Received disconnect from 69.74.29.21 port 4552:11: Bye Bye [preauth]
Jun 24 08:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Disconnected from 69.74.29.21 port 4552 [preauth]
Jun 24 08:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 08:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: Failed password for root from 38.93.206.2 port 43364 ssh2
Jun 24 08:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: Connection closed by 38.93.206.2 port 43364 [preauth]
Jun 24 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5635]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: Successful su for rubyman by root
Jun 24 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: + ??? root:rubyman
Jun 24 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582659 of user rubyman.
Jun 24 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582659.
Jun 24 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2846]: pam_unix(cron:session): session closed for user root
Jun 24 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5636]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4665]: pam_unix(cron:session): session closed for user root
Jun 24 08:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 08:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Failed password for root from 137.184.228.138 port 47798 ssh2
Jun 24 08:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Received disconnect from 137.184.228.138 port 47798:11: Bye Bye [preauth]
Jun 24 08:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Disconnected from 137.184.228.138 port 47798 [preauth]
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: Successful su for rubyman by root
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: + ??? root:rubyman
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582663 of user rubyman.
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582663.
Jun 24 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6154]: Invalid user sysadmin from 91.92.40.240
Jun 24 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6154]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6154]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session closed for user root
Jun 24 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6154]: Failed password for invalid user sysadmin from 91.92.40.240 port 52758 ssh2
Jun 24 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6154]: Connection closed by 91.92.40.240 port 52758 [preauth]
Jun 24 08:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 08:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Failed password for root from 69.74.29.21 port 56893 ssh2
Jun 24 08:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Received disconnect from 69.74.29.21 port 56893:11: Bye Bye [preauth]
Jun 24 08:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Disconnected from 69.74.29.21 port 56893 [preauth]
Jun 24 08:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5218]: pam_unix(cron:session): session closed for user root
Jun 24 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6426]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: Successful su for rubyman by root
Jun 24 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: + ??? root:rubyman
Jun 24 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582666 of user rubyman.
Jun 24 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582666.
Jun 24 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session closed for user root
Jun 24 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6427]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5638]: pam_unix(cron:session): session closed for user root
Jun 24 08:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 08:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: Failed password for root from 103.172.78.219 port 38950 ssh2
Jun 24 08:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: Connection closed by 103.172.78.219 port 38950 [preauth]
Jun 24 08:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: Invalid user sysadmin from 91.92.40.240
Jun 24 08:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 08:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: Failed password for invalid user sysadmin from 91.92.40.240 port 40232 ssh2
Jun 24 08:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6816]: Connection closed by 91.92.40.240 port 40232 [preauth]
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6842]: pam_unix(cron:session): session closed for user root
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6906]: Successful su for rubyman by root
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6906]: + ??? root:rubyman
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582669 of user rubyman.
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6906]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582669.
Jun 24 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session closed for user root
Jun 24 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6976]: Failed password for root from 137.184.228.138 port 47980 ssh2
Jun 24 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6976]: Received disconnect from 137.184.228.138 port 47980:11: Bye Bye [preauth]
Jun 24 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6976]: Disconnected from 137.184.228.138 port 47980 [preauth]
Jun 24 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4255]: pam_unix(cron:session): session closed for user root
Jun 24 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.74.29.21  user=root
Jun 24 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Failed password for root from 69.74.29.21 port 45834 ssh2
Jun 24 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Received disconnect from 69.74.29.21 port 45834:11: Bye Bye [preauth]
Jun 24 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Disconnected from 69.74.29.21 port 45834 [preauth]
Jun 24 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6026]: pam_unix(cron:session): session closed for user root
Jun 24 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Invalid user admin from 193.46.255.86
Jun 24 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: input_userauth_request: invalid user admin [preauth]
Jun 24 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for invalid user admin from 193.46.255.86 port 47972 ssh2
Jun 24 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for invalid user admin from 193.46.255.86 port 47972 ssh2
Jun 24 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for invalid user admin from 193.46.255.86 port 47972 ssh2
Jun 24 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Connection closed by 193.46.255.86 port 47972 [preauth]
Jun 24 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7435]: Successful su for rubyman by root
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7435]: + ??? root:rubyman
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582676 of user rubyman.
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7435]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582676.
Jun 24 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4664]: pam_unix(cron:session): session closed for user root
Jun 24 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Failed password for root from 103.27.238.120 port 42412 ssh2
Jun 24 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Connection closed by 103.27.238.120 port 42412 [preauth]
Jun 24 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6429]: pam_unix(cron:session): session closed for user root
Jun 24 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Invalid user sysadmin from 91.92.40.240
Jun 24 08:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 08:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Failed password for invalid user sysadmin from 91.92.40.240 port 56526 ssh2
Jun 24 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Connection closed by 91.92.40.240 port 56526 [preauth]
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7871]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7929]: Successful su for rubyman by root
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7929]: + ??? root:rubyman
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582680 of user rubyman.
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7929]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582680.
Jun 24 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5217]: pam_unix(cron:session): session closed for user root
Jun 24 08:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7872]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8108]: Failed password for root from 137.184.228.138 port 48166 ssh2
Jun 24 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8108]: Received disconnect from 137.184.228.138 port 48166:11: Bye Bye [preauth]
Jun 24 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8108]: Disconnected from 137.184.228.138 port 48166 [preauth]
Jun 24 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6839]: pam_unix(cron:session): session closed for user root
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8258]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8315]: Successful su for rubyman by root
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8315]: + ??? root:rubyman
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582683 of user rubyman.
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8315]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582683.
Jun 24 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5637]: pam_unix(cron:session): session closed for user root
Jun 24 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: Invalid user sysadmin from 91.92.40.240
Jun 24 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 08:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: Failed password for invalid user sysadmin from 91.92.40.240 port 48580 ssh2
Jun 24 08:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: Connection closed by 91.92.40.240 port 48580 [preauth]
Jun 24 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session closed for user root
Jun 24 08:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 08:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: Failed password for root from 109.237.96.109 port 36774 ssh2
Jun 24 08:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8633]: Connection closed by 109.237.96.109 port 36774 [preauth]
Jun 24 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8655]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8775]: Successful su for rubyman by root
Jun 24 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8775]: + ??? root:rubyman
Jun 24 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582690 of user rubyman.
Jun 24 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8775]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582690.
Jun 24 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8653]: pam_unix(cron:session): session closed for user root
Jun 24 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6025]: pam_unix(cron:session): session closed for user root
Jun 24 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8657]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: Invalid user bb from 137.184.228.138
Jun 24 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: input_userauth_request: invalid user bb [preauth]
Jun 24 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: Failed password for invalid user bb from 137.184.228.138 port 48350 ssh2
Jun 24 08:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: Received disconnect from 137.184.228.138 port 48350:11: Bye Bye [preauth]
Jun 24 08:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9033]: Disconnected from 137.184.228.138 port 48350 [preauth]
Jun 24 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session closed for user root
Jun 24 08:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 08:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for root from 194.113.233.25 port 35786 ssh2
Jun 24 08:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Connection closed by 194.113.233.25 port 35786 [preauth]
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9154]: pam_unix(cron:session): session closed for user root
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9149]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9220]: Successful su for rubyman by root
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9220]: + ??? root:rubyman
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582693 of user rubyman.
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9220]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582693.
Jun 24 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9151]: pam_unix(cron:session): session closed for user root
Jun 24 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6428]: pam_unix(cron:session): session closed for user root
Jun 24 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9150]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Invalid user sysadmin from 91.92.40.240
Jun 24 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: input_userauth_request: invalid user sysadmin [preauth]
Jun 24 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.240
Jun 24 08:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Failed password for invalid user sysadmin from 91.92.40.240 port 60112 ssh2
Jun 24 08:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Connection closed by 91.92.40.240 port 60112 [preauth]
Jun 24 08:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session closed for user root
Jun 24 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9568]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9566]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: Successful su for rubyman by root
Jun 24 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: + ??? root:rubyman
Jun 24 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582700 of user rubyman.
Jun 24 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582700.
Jun 24 08:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6838]: pam_unix(cron:session): session closed for user root
Jun 24 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9567]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Invalid user sara from 137.184.228.138
Jun 24 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: input_userauth_request: invalid user sara [preauth]
Jun 24 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138
Jun 24 08:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Failed password for invalid user sara from 137.184.228.138 port 48538 ssh2
Jun 24 08:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Received disconnect from 137.184.228.138 port 48538:11: Bye Bye [preauth]
Jun 24 08:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Disconnected from 137.184.228.138 port 48538 [preauth]
Jun 24 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8659]: pam_unix(cron:session): session closed for user root
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10146]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: Successful su for rubyman by root
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: + ??? root:rubyman
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582703 of user rubyman.
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582703.
Jun 24 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session closed for user root
Jun 24 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10147]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9153]: pam_unix(cron:session): session closed for user root
Jun 24 08:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10715]: Successful su for rubyman by root
Jun 24 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10715]: + ??? root:rubyman
Jun 24 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582707 of user rubyman.
Jun 24 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10715]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582707.
Jun 24 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7873]: pam_unix(cron:session): session closed for user root
Jun 24 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.228.138  user=root
Jun 24 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9569]: pam_unix(cron:session): session closed for user root
Jun 24 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: Failed password for root from 137.184.228.138 port 48716 ssh2
Jun 24 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: Received disconnect from 137.184.228.138 port 48716:11: Bye Bye [preauth]
Jun 24 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: Disconnected from 137.184.228.138 port 48716 [preauth]
Jun 24 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11069]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11133]: Successful su for rubyman by root
Jun 24 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11133]: + ??? root:rubyman
Jun 24 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582711 of user rubyman.
Jun 24 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11133]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582711.
Jun 24 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session closed for user root
Jun 24 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11070]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10637]: Connection closed by 211.25.195.229 port 52729 [preauth]
Jun 24 08:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10149]: pam_unix(cron:session): session closed for user root
Jun 24 08:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session closed for user root
Jun 24 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11493]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11562]: Successful su for rubyman by root
Jun 24 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11562]: + ??? root:rubyman
Jun 24 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582716 of user rubyman.
Jun 24 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11562]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582716.
Jun 24 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session closed for user root
Jun 24 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11495]: pam_unix(cron:session): session closed for user root
Jun 24 08:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11494]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session closed for user root
Jun 24 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11986]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: Successful su for rubyman by root
Jun 24 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: + ??? root:rubyman
Jun 24 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582720 of user rubyman.
Jun 24 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582720.
Jun 24 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9152]: pam_unix(cron:session): session closed for user root
Jun 24 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11988]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11072]: pam_unix(cron:session): session closed for user root
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12567]: Successful su for rubyman by root
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12567]: + ??? root:rubyman
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582725 of user rubyman.
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12567]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582725.
Jun 24 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9568]: pam_unix(cron:session): session closed for user root
Jun 24 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12510]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 08:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Failed password for root from 77.94.47.83 port 37516 ssh2
Jun 24 08:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Connection closed by 77.94.47.83 port 37516 [preauth]
Jun 24 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session closed for user root
Jun 24 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12953]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13012]: Successful su for rubyman by root
Jun 24 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13012]: + ??? root:rubyman
Jun 24 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582729 of user rubyman.
Jun 24 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13012]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582729.
Jun 24 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10148]: pam_unix(cron:session): session closed for user root
Jun 24 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12954]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11991]: pam_unix(cron:session): session closed for user root
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13367]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: Successful su for rubyman by root
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: + ??? root:rubyman
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582732 of user rubyman.
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582732.
Jun 24 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10653]: pam_unix(cron:session): session closed for user root
Jun 24 08:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13368]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12512]: pam_unix(cron:session): session closed for user root
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session closed for user root
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13767]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13836]: Successful su for rubyman by root
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13836]: + ??? root:rubyman
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582736 of user rubyman.
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13836]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582736.
Jun 24 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13769]: pam_unix(cron:session): session closed for user root
Jun 24 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11071]: pam_unix(cron:session): session closed for user root
Jun 24 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13768]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242  user=root
Jun 24 08:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: Failed password for root from 217.76.154.242 port 32868 ssh2
Jun 24 08:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14087]: Connection closed by 217.76.154.242 port 32868 [preauth]
Jun 24 08:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14110]: Received disconnect from 5.161.101.51 port 54848:11: disconnected by user [preauth]
Jun 24 08:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14110]: Disconnected from 5.161.101.51 port 54848 [preauth]
Jun 24 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12956]: pam_unix(cron:session): session closed for user root
Jun 24 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14264]: Successful su for rubyman by root
Jun 24 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14264]: + ??? root:rubyman
Jun 24 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582743 of user rubyman.
Jun 24 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14264]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582743.
Jun 24 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session closed for user root
Jun 24 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13370]: pam_unix(cron:session): session closed for user root
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: Successful su for rubyman by root
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: + ??? root:rubyman
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582748 of user rubyman.
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582748.
Jun 24 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11990]: pam_unix(cron:session): session closed for user root
Jun 24 08:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13771]: pam_unix(cron:session): session closed for user root
Jun 24 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: Successful su for rubyman by root
Jun 24 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: + ??? root:rubyman
Jun 24 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582750 of user rubyman.
Jun 24 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582750.
Jun 24 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12511]: pam_unix(cron:session): session closed for user root
Jun 24 08:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session closed for user root
Jun 24 08:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: Received disconnect from 194.42.205.100 port 52344:11: disconnected by user [preauth]
Jun 24 08:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: Disconnected from 194.42.205.100 port 52344 [preauth]
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15529]: Successful su for rubyman by root
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15529]: + ??? root:rubyman
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582754 of user rubyman.
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15529]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582754.
Jun 24 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: Invalid user admin from 141.98.83.240
Jun 24 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: input_userauth_request: invalid user admin [preauth]
Jun 24 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: Failed password for invalid user admin from 141.98.83.240 port 38216 ssh2
Jun 24 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12955]: pam_unix(cron:session): session closed for user root
Jun 24 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15469]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: Failed password for invalid user admin from 141.98.83.240 port 38216 ssh2
Jun 24 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: Failed password for invalid user admin from 141.98.83.240 port 38216 ssh2
Jun 24 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: Connection closed by 141.98.83.240 port 38216 [preauth]
Jun 24 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session closed for user root
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15871]: pam_unix(cron:session): session closed for user root
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15866]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15932]: Successful su for rubyman by root
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15932]: + ??? root:rubyman
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582760 of user rubyman.
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15932]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582760.
Jun 24 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session closed for user root
Jun 24 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13369]: pam_unix(cron:session): session closed for user root
Jun 24 08:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15867]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session closed for user root
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16281]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16345]: Successful su for rubyman by root
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16345]: + ??? root:rubyman
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582766 of user rubyman.
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16345]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582766.
Jun 24 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13770]: pam_unix(cron:session): session closed for user root
Jun 24 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15471]: pam_unix(cron:session): session closed for user root
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: Successful su for rubyman by root
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: + ??? root:rubyman
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582769 of user rubyman.
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582769.
Jun 24 08:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session closed for user root
Jun 24 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session closed for user root
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17234]: Successful su for rubyman by root
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17234]: + ??? root:rubyman
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582772 of user rubyman.
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17234]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582772.
Jun 24 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session closed for user root
Jun 24 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17178]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session closed for user root
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17582]: pam_unix(cron:session): session closed for user p13x
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: Successful su for rubyman by root
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: + ??? root:rubyman
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582777 of user rubyman.
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: pam_unix(su:session): session closed for user rubyman
Jun 24 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582777.
Jun 24 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session closed for user root
Jun 24 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17583]: pam_unix(cron:session): session closed for user samftp
Jun 24 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session closed for user root
Jun 24 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 08:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Failed password for root from 80.66.85.226 port 41172 ssh2
Jun 24 08:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Connection closed by 80.66.85.226 port 41172 [preauth]
Jun 24 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18092]: pam_unix(cron:session): session closed for user root
Jun 24 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session closed for user root
Jun 24 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18086]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18185]: Successful su for rubyman by root
Jun 24 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18185]: + ??? root:rubyman
Jun 24 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582786 of user rubyman.
Jun 24 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18185]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582786.
Jun 24 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15470]: pam_unix(cron:session): session closed for user root
Jun 24 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18089]: pam_unix(cron:session): session closed for user root
Jun 24 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18087]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17180]: pam_unix(cron:session): session closed for user root
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18696]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18770]: Successful su for rubyman by root
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18770]: + ??? root:rubyman
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582787 of user rubyman.
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18770]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582787.
Jun 24 09:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15869]: pam_unix(cron:session): session closed for user root
Jun 24 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18697]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17585]: pam_unix(cron:session): session closed for user root
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19274]: Successful su for rubyman by root
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19274]: + ??? root:rubyman
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582791 of user rubyman.
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19274]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582791.
Jun 24 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session closed for user root
Jun 24 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19117]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18091]: pam_unix(cron:session): session closed for user root
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19810]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: Successful su for rubyman by root
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: + ??? root:rubyman
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582795 of user rubyman.
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582795.
Jun 24 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session closed for user root
Jun 24 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19811]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18699]: pam_unix(cron:session): session closed for user root
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20308]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20383]: Successful su for rubyman by root
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20383]: + ??? root:rubyman
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582801 of user rubyman.
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20383]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582801.
Jun 24 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17179]: pam_unix(cron:session): session closed for user root
Jun 24 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20309]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 09:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20576]: Failed password for root from 103.27.238.114 port 36268 ssh2
Jun 24 09:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20576]: Connection closed by 103.27.238.114 port 36268 [preauth]
Jun 24 09:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19119]: pam_unix(cron:session): session closed for user root
Jun 24 09:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20792]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20792]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20792]: Received disconnect from 167.114.156.169 port 54470:11: disconnected by user [preauth]
Jun 24 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20792]: Disconnected from 167.114.156.169 port 54470 [preauth]
Jun 24 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session closed for user root
Jun 24 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20897]: Successful su for rubyman by root
Jun 24 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20897]: + ??? root:rubyman
Jun 24 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582806 of user rubyman.
Jun 24 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20897]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582806.
Jun 24 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17584]: pam_unix(cron:session): session closed for user root
Jun 24 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user root
Jun 24 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19813]: pam_unix(cron:session): session closed for user root
Jun 24 09:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 09:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21209]: Failed password for root from 51.250.105.222 port 40438 ssh2
Jun 24 09:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21209]: Connection closed by 51.250.105.222 port 40438 [preauth]
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21258]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21257]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21332]: Successful su for rubyman by root
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21332]: + ??? root:rubyman
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582809 of user rubyman.
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21332]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582809.
Jun 24 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18090]: pam_unix(cron:session): session closed for user root
Jun 24 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21258]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 09:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Failed password for root from 103.82.20.28 port 47642 ssh2
Jun 24 09:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Connection closed by 103.82.20.28 port 47642 [preauth]
Jun 24 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20311]: pam_unix(cron:session): session closed for user root
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21759]: Successful su for rubyman by root
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21759]: + ??? root:rubyman
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582814 of user rubyman.
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21759]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582814.
Jun 24 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18698]: pam_unix(cron:session): session closed for user root
Jun 24 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session closed for user root
Jun 24 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 09:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Failed password for root from 62.133.62.83 port 37684 ssh2
Jun 24 09:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Connection closed by 62.133.62.83 port 37684 [preauth]
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22105]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22170]: Successful su for rubyman by root
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22170]: + ??? root:rubyman
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582818 of user rubyman.
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22170]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582818.
Jun 24 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session closed for user root
Jun 24 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21260]: pam_unix(cron:session): session closed for user root
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22708]: Successful su for rubyman by root
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22708]: + ??? root:rubyman
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582822 of user rubyman.
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22708]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582822.
Jun 24 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session closed for user root
Jun 24 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19812]: pam_unix(cron:session): session closed for user root
Jun 24 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21703]: pam_unix(cron:session): session closed for user root
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23088]: pam_unix(cron:session): session closed for user root
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23083]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: Successful su for rubyman by root
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: + ??? root:rubyman
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582826 of user rubyman.
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582826.
Jun 24 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23085]: pam_unix(cron:session): session closed for user root
Jun 24 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20310]: pam_unix(cron:session): session closed for user root
Jun 24 09:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23084]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session closed for user root
Jun 24 09:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23547]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23616]: Successful su for rubyman by root
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23616]: + ??? root:rubyman
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582834 of user rubyman.
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23616]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582834.
Jun 24 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session closed for user root
Jun 24 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23548]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22599]: pam_unix(cron:session): session closed for user root
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24060]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24122]: Successful su for rubyman by root
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24122]: + ??? root:rubyman
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582838 of user rubyman.
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24122]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582838.
Jun 24 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21259]: pam_unix(cron:session): session closed for user root
Jun 24 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24061]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23087]: pam_unix(cron:session): session closed for user root
Jun 24 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24483]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24551]: Successful su for rubyman by root
Jun 24 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24551]: + ??? root:rubyman
Jun 24 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582842 of user rubyman.
Jun 24 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24551]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582842.
Jun 24 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session closed for user root
Jun 24 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24484]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23551]: pam_unix(cron:session): session closed for user root
Jun 24 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24901]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24958]: Successful su for rubyman by root
Jun 24 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24958]: + ??? root:rubyman
Jun 24 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582845 of user rubyman.
Jun 24 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24958]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582845.
Jun 24 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session closed for user root
Jun 24 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24902]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Failed password for root from 38.93.206.2 port 64438 ssh2
Jun 24 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Connection closed by 38.93.206.2 port 64438 [preauth]
Jun 24 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session closed for user root
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session closed for user root
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25366]: Successful su for rubyman by root
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25366]: + ??? root:rubyman
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582853 of user rubyman.
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25366]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582853.
Jun 24 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25301]: pam_unix(cron:session): session closed for user root
Jun 24 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22598]: pam_unix(cron:session): session closed for user root
Jun 24 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25300]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24486]: pam_unix(cron:session): session closed for user root
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25717]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25782]: Successful su for rubyman by root
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25782]: + ??? root:rubyman
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582854 of user rubyman.
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25782]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582854.
Jun 24 09:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23086]: pam_unix(cron:session): session closed for user root
Jun 24 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25718]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24904]: pam_unix(cron:session): session closed for user root
Jun 24 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session closed for user root
Jun 24 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26184]: Successful su for rubyman by root
Jun 24 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26184]: + ??? root:rubyman
Jun 24 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582858 of user rubyman.
Jun 24 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26184]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582858.
Jun 24 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23550]: pam_unix(cron:session): session closed for user root
Jun 24 09:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session closed for user root
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26569]: Successful su for rubyman by root
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26569]: + ??? root:rubyman
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582864 of user rubyman.
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26569]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582864.
Jun 24 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24062]: pam_unix(cron:session): session closed for user root
Jun 24 09:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26510]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25720]: pam_unix(cron:session): session closed for user root
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26988]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26986]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27047]: Successful su for rubyman by root
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27047]: + ??? root:rubyman
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582868 of user rubyman.
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27047]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582868.
Jun 24 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24485]: pam_unix(cron:session): session closed for user root
Jun 24 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26987]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session closed for user root
Jun 24 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: Invalid user admin from 2.57.121.25
Jun 24 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: input_userauth_request: invalid user admin [preauth]
Jun 24 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 09:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: Failed password for invalid user admin from 2.57.121.25 port 54746 ssh2
Jun 24 09:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: Failed password for invalid user admin from 2.57.121.25 port 54746 ssh2
Jun 24 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: Failed password for invalid user admin from 2.57.121.25 port 54746 ssh2
Jun 24 09:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: Connection closed by 2.57.121.25 port 54746 [preauth]
Jun 24 09:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27384]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27416]: pam_unix(cron:session): session closed for user root
Jun 24 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27411]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27482]: Successful su for rubyman by root
Jun 24 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27482]: + ??? root:rubyman
Jun 24 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582875 of user rubyman.
Jun 24 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27482]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582875.
Jun 24 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session closed for user root
Jun 24 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24903]: pam_unix(cron:session): session closed for user root
Jun 24 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27412]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26512]: pam_unix(cron:session): session closed for user root
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27846]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27922]: Successful su for rubyman by root
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27922]: + ??? root:rubyman
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582877 of user rubyman.
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27922]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582877.
Jun 24 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: Failed password for root from 103.27.238.116 port 33462 ssh2
Jun 24 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: Connection closed by 103.27.238.116 port 33462 [preauth]
Jun 24 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session closed for user root
Jun 24 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27847]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 09:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Failed password for root from 103.15.222.183 port 54388 ssh2
Jun 24 09:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Connection closed by 103.15.222.183 port 54388 [preauth]
Jun 24 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26989]: pam_unix(cron:session): session closed for user root
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28313]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28372]: Successful su for rubyman by root
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28372]: + ??? root:rubyman
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582882 of user rubyman.
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28372]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582882.
Jun 24 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25719]: pam_unix(cron:session): session closed for user root
Jun 24 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28314]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: Failed password for root from 103.122.221.179 port 49230 ssh2
Jun 24 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: Connection closed by 103.122.221.179 port 49230 [preauth]
Jun 24 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session closed for user root
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28812]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28875]: Successful su for rubyman by root
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28875]: + ??? root:rubyman
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582887 of user rubyman.
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28875]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582887.
Jun 24 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session closed for user root
Jun 24 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28813]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27849]: pam_unix(cron:session): session closed for user root
Jun 24 09:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: Received disconnect from 107.173.122.15 port 38222:11: disconnected by user [preauth]
Jun 24 09:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: Disconnected from 107.173.122.15 port 38222 [preauth]
Jun 24 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29233]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29311]: Successful su for rubyman by root
Jun 24 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29311]: + ??? root:rubyman
Jun 24 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582889 of user rubyman.
Jun 24 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29311]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582889.
Jun 24 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26511]: pam_unix(cron:session): session closed for user root
Jun 24 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29234]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28316]: pam_unix(cron:session): session closed for user root
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session closed for user root
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29841]: Successful su for rubyman by root
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29841]: + ??? root:rubyman
Jun 24 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582897 of user rubyman.
Jun 24 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29841]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582897.
Jun 24 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29761]: pam_unix(cron:session): session closed for user root
Jun 24 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26988]: pam_unix(cron:session): session closed for user root
Jun 24 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28815]: pam_unix(cron:session): session closed for user root
Jun 24 09:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 09:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30198]: Failed password for root from 103.153.68.219 port 49486 ssh2
Jun 24 09:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30198]: Connection closed by 103.153.68.219 port 49486 [preauth]
Jun 24 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30296]: Successful su for rubyman by root
Jun 24 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30296]: + ??? root:rubyman
Jun 24 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582901 of user rubyman.
Jun 24 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30296]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582901.
Jun 24 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27414]: pam_unix(cron:session): session closed for user root
Jun 24 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29237]: pam_unix(cron:session): session closed for user root
Jun 24 09:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Invalid user admin from 141.98.83.240
Jun 24 09:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: input_userauth_request: invalid user admin [preauth]
Jun 24 09:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 09:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Failed password for invalid user admin from 141.98.83.240 port 54454 ssh2
Jun 24 09:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Failed password for invalid user admin from 141.98.83.240 port 54454 ssh2
Jun 24 09:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Failed password for invalid user admin from 141.98.83.240 port 54454 ssh2
Jun 24 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Connection closed by 141.98.83.240 port 54454 [preauth]
Jun 24 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30650]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30709]: Successful su for rubyman by root
Jun 24 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30709]: + ??? root:rubyman
Jun 24 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582905 of user rubyman.
Jun 24 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30709]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582905.
Jun 24 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27848]: pam_unix(cron:session): session closed for user root
Jun 24 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30651]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session closed for user root
Jun 24 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Received disconnect from 209.90.232.251 port 41230:11: disconnected by user [preauth]
Jun 24 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Disconnected from 209.90.232.251 port 41230 [preauth]
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31145]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31202]: Successful su for rubyman by root
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31202]: + ??? root:rubyman
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582908 of user rubyman.
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31202]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582908.
Jun 24 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28315]: pam_unix(cron:session): session closed for user root
Jun 24 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session closed for user root
Jun 24 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31561]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31710]: Successful su for rubyman by root
Jun 24 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31710]: + ??? root:rubyman
Jun 24 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582912 of user rubyman.
Jun 24 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31710]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582912.
Jun 24 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Connection reset by 205.210.31.235 port 59826 [preauth]
Jun 24 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28814]: pam_unix(cron:session): session closed for user root
Jun 24 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31562]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30653]: pam_unix(cron:session): session closed for user root
Jun 24 09:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32069]: pam_unix(cron:session): session closed for user root
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32063]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Failed password for root from 87.251.79.125 port 50440 ssh2
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Connection closed by 87.251.79.125 port 50440 [preauth]
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32134]: Successful su for rubyman by root
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32134]: + ??? root:rubyman
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582917 of user rubyman.
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32134]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582917.
Jun 24 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session closed for user root
Jun 24 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29235]: pam_unix(cron:session): session closed for user root
Jun 24 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32064]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Invalid user tea from 2.57.121.112
Jun 24 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: input_userauth_request: invalid user tea [preauth]
Jun 24 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Failed password for invalid user tea from 2.57.121.112 port 53740 ssh2
Jun 24 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Failed password for invalid user tea from 2.57.121.112 port 53740 ssh2
Jun 24 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Failed password for invalid user tea from 2.57.121.112 port 53740 ssh2
Jun 24 09:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Failed password for invalid user tea from 2.57.121.112 port 53740 ssh2
Jun 24 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Connection closed by 2.57.121.112 port 53740 [preauth]
Jun 24 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 24 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Invalid user tea from 2.57.121.112
Jun 24 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: input_userauth_request: invalid user tea [preauth]
Jun 24 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 09:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Failed password for invalid user tea from 2.57.121.112 port 14650 ssh2
Jun 24 09:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Connection closed by 2.57.121.112 port 14650 [preauth]
Jun 24 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31148]: pam_unix(cron:session): session closed for user root
Jun 24 09:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Connection closed by 194.59.206.2 port 49622 [preauth]
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32570]: Successful su for rubyman by root
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32570]: + ??? root:rubyman
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582921 of user rubyman.
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32570]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582921.
Jun 24 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29762]: pam_unix(cron:session): session closed for user root
Jun 24 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32504]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31564]: pam_unix(cron:session): session closed for user root
Jun 24 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[597]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: Successful su for rubyman by root
Jun 24 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: + ??? root:rubyman
Jun 24 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582926 of user rubyman.
Jun 24 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[661]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582926.
Jun 24 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30230]: pam_unix(cron:session): session closed for user root
Jun 24 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[599]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32068]: pam_unix(cron:session): session closed for user root
Jun 24 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1115]: Successful su for rubyman by root
Jun 24 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1115]: + ??? root:rubyman
Jun 24 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582929 of user rubyman.
Jun 24 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1115]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582929.
Jun 24 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30652]: pam_unix(cron:session): session closed for user root
Jun 24 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: Failed password for root from 147.45.199.80 port 54702 ssh2
Jun 24 09:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: Connection closed by 147.45.199.80 port 54702 [preauth]
Jun 24 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32506]: pam_unix(cron:session): session closed for user root
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1575]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1656]: Successful su for rubyman by root
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1656]: + ??? root:rubyman
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582934 of user rubyman.
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1656]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582934.
Jun 24 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31147]: pam_unix(cron:session): session closed for user root
Jun 24 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[601]: pam_unix(cron:session): session closed for user root
Jun 24 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 09:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2027]: Failed password for root from 103.77.242.62 port 58418 ssh2
Jun 24 09:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2027]: Connection closed by 103.77.242.62 port 58418 [preauth]
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2079]: pam_unix(cron:session): session closed for user root
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2074]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: Successful su for rubyman by root
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: + ??? root:rubyman
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582937 of user rubyman.
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582937.
Jun 24 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2076]: pam_unix(cron:session): session closed for user root
Jun 24 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31563]: pam_unix(cron:session): session closed for user root
Jun 24 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2075]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session closed for user root
Jun 24 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2532]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2612]: Successful su for rubyman by root
Jun 24 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2612]: + ??? root:rubyman
Jun 24 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582945 of user rubyman.
Jun 24 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2612]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582945.
Jun 24 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session closed for user root
Jun 24 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2533]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session closed for user root
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2946]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3006]: Successful su for rubyman by root
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3006]: + ??? root:rubyman
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582947 of user rubyman.
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3006]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582947.
Jun 24 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32505]: pam_unix(cron:session): session closed for user root
Jun 24 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2947]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 24 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Failed password for root from 193.46.255.86 port 42160 ssh2
Jun 24 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 42160 ssh2]
Jun 24 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Connection closed by 193.46.255.86 port 42160 [preauth]
Jun 24 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 24 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2078]: pam_unix(cron:session): session closed for user root
Jun 24 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: Received disconnect from 148.113.221.241 port 51902:11: disconnected by user [preauth]
Jun 24 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: Disconnected from 148.113.221.241 port 51902 [preauth]
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3402]: Successful su for rubyman by root
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3402]: + ??? root:rubyman
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582953 of user rubyman.
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3402]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582953.
Jun 24 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session closed for user root
Jun 24 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3341]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2535]: pam_unix(cron:session): session closed for user root
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4058]: Successful su for rubyman by root
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4058]: + ??? root:rubyman
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582957 of user rubyman.
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4058]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582957.
Jun 24 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3842]: pam_unix(cron:session): session closed for user root
Jun 24 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session closed for user root
Jun 24 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2949]: pam_unix(cron:session): session closed for user root
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4443]: pam_unix(cron:session): session closed for user root
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4438]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: Successful su for rubyman by root
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: + ??? root:rubyman
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582960 of user rubyman.
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582960.
Jun 24 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4440]: pam_unix(cron:session): session closed for user root
Jun 24 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1579]: pam_unix(cron:session): session closed for user root
Jun 24 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4439]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session closed for user root
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4987]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5050]: Successful su for rubyman by root
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5050]: + ??? root:rubyman
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582967 of user rubyman.
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5050]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582967.
Jun 24 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2077]: pam_unix(cron:session): session closed for user root
Jun 24 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4988]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session closed for user root
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5466]: Successful su for rubyman by root
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5466]: + ??? root:rubyman
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582970 of user rubyman.
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5466]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582970.
Jun 24 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2534]: pam_unix(cron:session): session closed for user root
Jun 24 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4442]: pam_unix(cron:session): session closed for user root
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5787]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5853]: Successful su for rubyman by root
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5853]: + ??? root:rubyman
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582974 of user rubyman.
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5853]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582974.
Jun 24 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2948]: pam_unix(cron:session): session closed for user root
Jun 24 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 09:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: Failed password for root from 103.82.132.16 port 36712 ssh2
Jun 24 09:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: Connection closed by 103.82.132.16 port 36712 [preauth]
Jun 24 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4990]: pam_unix(cron:session): session closed for user root
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6239]: Successful su for rubyman by root
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6239]: + ??? root:rubyman
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582979 of user rubyman.
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6239]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582979.
Jun 24 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session closed for user root
Jun 24 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session closed for user root
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6576]: pam_unix(cron:session): session closed for user root
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6642]: Successful su for rubyman by root
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6642]: + ??? root:rubyman
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582986 of user rubyman.
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6642]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582986.
Jun 24 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session closed for user root
Jun 24 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3847]: pam_unix(cron:session): session closed for user root
Jun 24 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5790]: pam_unix(cron:session): session closed for user root
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7054]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7176]: Successful su for rubyman by root
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7176]: + ??? root:rubyman
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582989 of user rubyman.
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7176]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582989.
Jun 24 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4441]: pam_unix(cron:session): session closed for user root
Jun 24 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7058]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6179]: pam_unix(cron:session): session closed for user root
Jun 24 09:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 09:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: Failed password for root from 103.149.28.157 port 60688 ssh2
Jun 24 09:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7461]: Connection closed by 103.149.28.157 port 60688 [preauth]
Jun 24 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7509]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7574]: Successful su for rubyman by root
Jun 24 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7574]: + ??? root:rubyman
Jun 24 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582992 of user rubyman.
Jun 24 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7574]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582992.
Jun 24 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4989]: pam_unix(cron:session): session closed for user root
Jun 24 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7511]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Failed password for root from 193.37.70.224 port 43328 ssh2
Jun 24 09:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Connection closed by 193.37.70.224 port 43328 [preauth]
Jun 24 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6575]: pam_unix(cron:session): session closed for user root
Jun 24 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8065]: Successful su for rubyman by root
Jun 24 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8065]: + ??? root:rubyman
Jun 24 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 582996 of user rubyman.
Jun 24 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8065]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 582996.
Jun 24 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session closed for user root
Jun 24 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8004]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7060]: pam_unix(cron:session): session closed for user root
Jun 24 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8390]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8454]: Successful su for rubyman by root
Jun 24 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8454]: + ??? root:rubyman
Jun 24 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583000 of user rubyman.
Jun 24 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8454]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583000.
Jun 24 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session closed for user root
Jun 24 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8391]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7513]: pam_unix(cron:session): session closed for user root
Jun 24 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session closed for user root
Jun 24 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8786]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: Successful su for rubyman by root
Jun 24 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: + ??? root:rubyman
Jun 24 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583005 of user rubyman.
Jun 24 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583005.
Jun 24 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session closed for user root
Jun 24 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session closed for user root
Jun 24 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session closed for user root
Jun 24 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9211]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9288]: Successful su for rubyman by root
Jun 24 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9288]: + ??? root:rubyman
Jun 24 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583010 of user rubyman.
Jun 24 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9288]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583010.
Jun 24 09:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session closed for user root
Jun 24 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9212]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: Failed password for root from 202.178.126.219 port 23245 ssh2
Jun 24 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8393]: pam_unix(cron:session): session closed for user root
Jun 24 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: Connection closed by 202.178.126.219 port 23245 [preauth]
Jun 24 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9611]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9674]: Successful su for rubyman by root
Jun 24 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9674]: + ??? root:rubyman
Jun 24 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583015 of user rubyman.
Jun 24 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9674]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583015.
Jun 24 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7059]: pam_unix(cron:session): session closed for user root
Jun 24 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9612]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session closed for user root
Jun 24 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10337]: Successful su for rubyman by root
Jun 24 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10337]: + ??? root:rubyman
Jun 24 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583018 of user rubyman.
Jun 24 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10337]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583018.
Jun 24 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7512]: pam_unix(cron:session): session closed for user root
Jun 24 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10182]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9214]: pam_unix(cron:session): session closed for user root
Jun 24 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10753]: Successful su for rubyman by root
Jun 24 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10753]: + ??? root:rubyman
Jun 24 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583022 of user rubyman.
Jun 24 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10753]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583022.
Jun 24 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session closed for user root
Jun 24 09:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10678]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9614]: pam_unix(cron:session): session closed for user root
Jun 24 09:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 09:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Failed password for root from 109.237.96.109 port 51768 ssh2
Jun 24 09:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Connection closed by 109.237.96.109 port 51768 [preauth]
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11109]: pam_unix(cron:session): session closed for user root
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11176]: Successful su for rubyman by root
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11176]: + ??? root:rubyman
Jun 24 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583029 of user rubyman.
Jun 24 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11176]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583029.
Jun 24 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session closed for user root
Jun 24 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8392]: pam_unix(cron:session): session closed for user root
Jun 24 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Failed password for root from 103.176.20.57 port 60950 ssh2
Jun 24 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Connection closed by 103.176.20.57 port 60950 [preauth]
Jun 24 09:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10188]: pam_unix(cron:session): session closed for user root
Jun 24 09:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 09:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Failed password for root from 194.113.233.25 port 47954 ssh2
Jun 24 09:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Connection closed by 194.113.233.25 port 47954 [preauth]
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11558]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11627]: Successful su for rubyman by root
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11627]: + ??? root:rubyman
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583032 of user rubyman.
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11627]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583032.
Jun 24 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session closed for user root
Jun 24 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11559]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 09:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: Failed password for root from 38.93.206.2 port 34626 ssh2
Jun 24 09:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: Connection closed by 38.93.206.2 port 34626 [preauth]
Jun 24 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10681]: pam_unix(cron:session): session closed for user root
Jun 24 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 24 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Failed password for root from 46.19.67.181 port 40056 ssh2
Jun 24 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Connection closed by 46.19.67.181 port 40056 [preauth]
Jun 24 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12089]: Successful su for rubyman by root
Jun 24 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12089]: + ??? root:rubyman
Jun 24 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583038 of user rubyman.
Jun 24 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12089]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583038.
Jun 24 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9213]: pam_unix(cron:session): session closed for user root
Jun 24 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session closed for user root
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: Successful su for rubyman by root
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: + ??? root:rubyman
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583040 of user rubyman.
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583040.
Jun 24 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9613]: pam_unix(cron:session): session closed for user root
Jun 24 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session closed for user root
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12964]: pam_unix(cron:session): session closed for user p13x
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13026]: Successful su for rubyman by root
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13026]: + ??? root:rubyman
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583045 of user rubyman.
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13026]: pam_unix(su:session): session closed for user rubyman
Jun 24 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583045.
Jun 24 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10183]: pam_unix(cron:session): session closed for user root
Jun 24 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12965]: pam_unix(cron:session): session closed for user samftp
Jun 24 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 09:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: Failed password for root from 141.98.83.240 port 7170 ssh2
Jun 24 09:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 7170 ssh2]
Jun 24 09:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: Connection closed by 141.98.83.240 port 7170 [preauth]
Jun 24 09:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session closed for user root
Jun 24 09:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 09:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: Received disconnect from 74.48.105.66 port 53640:11: disconnected by user [preauth]
Jun 24 09:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: Disconnected from 74.48.105.66 port 53640 [preauth]
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session closed for user root
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13378]: pam_unix(cron:session): session closed for user root
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13376]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13467]: Successful su for rubyman by root
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13467]: + ??? root:rubyman
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583050 of user rubyman.
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13467]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583050.
Jun 24 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13379]: pam_unix(cron:session): session closed for user root
Jun 24 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10679]: pam_unix(cron:session): session closed for user root
Jun 24 10:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13377]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12550]: pam_unix(cron:session): session closed for user root
Jun 24 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13882]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13955]: Successful su for rubyman by root
Jun 24 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13955]: + ??? root:rubyman
Jun 24 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583056 of user rubyman.
Jun 24 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13955]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583056.
Jun 24 10:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session closed for user root
Jun 24 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12967]: pam_unix(cron:session): session closed for user root
Jun 24 10:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 10:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14233]: Failed password for root from 103.172.78.219 port 53548 ssh2
Jun 24 10:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14233]: Connection closed by 103.172.78.219 port 53548 [preauth]
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14340]: Successful su for rubyman by root
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14340]: + ??? root:rubyman
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583060 of user rubyman.
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14340]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583060.
Jun 24 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11560]: pam_unix(cron:session): session closed for user root
Jun 24 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session closed for user root
Jun 24 10:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14716]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14819]: Successful su for rubyman by root
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14819]: + ??? root:rubyman
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583064 of user rubyman.
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14819]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583064.
Jun 24 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session closed for user root
Jun 24 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13885]: pam_unix(cron:session): session closed for user root
Jun 24 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: Failed password for root from 103.27.238.120 port 53088 ssh2
Jun 24 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: Connection closed by 103.27.238.120 port 53088 [preauth]
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15229]: Successful su for rubyman by root
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15229]: + ??? root:rubyman
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583067 of user rubyman.
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15229]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583067.
Jun 24 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session closed for user root
Jun 24 10:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session closed for user root
Jun 24 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 10:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Failed password for root from 103.77.175.15 port 57006 ssh2
Jun 24 10:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Connection closed by 103.77.175.15 port 57006 [preauth]
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session closed for user root
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15619]: Successful su for rubyman by root
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15619]: + ??? root:rubyman
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583071 of user rubyman.
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15619]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583071.
Jun 24 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session closed for user root
Jun 24 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12966]: pam_unix(cron:session): session closed for user root
Jun 24 10:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15550]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session closed for user root
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16033]: Successful su for rubyman by root
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16033]: + ??? root:rubyman
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583078 of user rubyman.
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16033]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583078.
Jun 24 10:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session closed for user root
Jun 24 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15170]: pam_unix(cron:session): session closed for user root
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16425]: Successful su for rubyman by root
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16425]: + ??? root:rubyman
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583081 of user rubyman.
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16425]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583081.
Jun 24 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13884]: pam_unix(cron:session): session closed for user root
Jun 24 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15553]: pam_unix(cron:session): session closed for user root
Jun 24 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16757]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16825]: Successful su for rubyman by root
Jun 24 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16825]: + ??? root:rubyman
Jun 24 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583085 of user rubyman.
Jun 24 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16825]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583085.
Jun 24 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14284]: pam_unix(cron:session): session closed for user root
Jun 24 10:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16758]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15971]: pam_unix(cron:session): session closed for user root
Jun 24 10:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Failed password for root from 77.94.47.83 port 51298 ssh2
Jun 24 10:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Connection closed by 77.94.47.83 port 51298 [preauth]
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17248]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: Successful su for rubyman by root
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: + ??? root:rubyman
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583089 of user rubyman.
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583089.
Jun 24 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17245]: pam_unix(cron:session): session closed for user root
Jun 24 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14718]: pam_unix(cron:session): session closed for user root
Jun 24 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17250]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Connection closed by 185.107.80.93 port 48834 [preauth]
Jun 24 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session closed for user root
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17857]: pam_unix(cron:session): session closed for user root
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17848]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: Successful su for rubyman by root
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: + ??? root:rubyman
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583097 of user rubyman.
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583097.
Jun 24 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17851]: pam_unix(cron:session): session closed for user root
Jun 24 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15169]: pam_unix(cron:session): session closed for user root
Jun 24 10:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17850]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: Received disconnect from 200.26.188.219 port 27048:11: disconnected by user [preauth]
Jun 24 10:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18145]: Disconnected from 200.26.188.219 port 27048 [preauth]
Jun 24 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16760]: pam_unix(cron:session): session closed for user root
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18314]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18401]: Successful su for rubyman by root
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18401]: + ??? root:rubyman
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583102 of user rubyman.
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18401]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583102.
Jun 24 10:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15552]: pam_unix(cron:session): session closed for user root
Jun 24 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18316]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17253]: pam_unix(cron:session): session closed for user root
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18821]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18893]: Successful su for rubyman by root
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18893]: + ??? root:rubyman
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583104 of user rubyman.
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18893]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583104.
Jun 24 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session closed for user root
Jun 24 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17856]: pam_unix(cron:session): session closed for user root
Jun 24 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19317]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19382]: Successful su for rubyman by root
Jun 24 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19382]: + ??? root:rubyman
Jun 24 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583108 of user rubyman.
Jun 24 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19382]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583108.
Jun 24 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session closed for user root
Jun 24 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19318]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18319]: pam_unix(cron:session): session closed for user root
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19936]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19995]: Successful su for rubyman by root
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19995]: + ??? root:rubyman
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583112 of user rubyman.
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19995]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583112.
Jun 24 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16759]: pam_unix(cron:session): session closed for user root
Jun 24 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session closed for user root
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20435]: pam_unix(cron:session): session closed for user root
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20505]: Successful su for rubyman by root
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20505]: + ??? root:rubyman
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583120 of user rubyman.
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20505]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583120.
Jun 24 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20431]: pam_unix(cron:session): session closed for user root
Jun 24 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17252]: pam_unix(cron:session): session closed for user root
Jun 24 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20430]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 10:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: Failed password for root from 80.66.85.226 port 38522 ssh2
Jun 24 10:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: Connection closed by 80.66.85.226 port 38522 [preauth]
Jun 24 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19320]: pam_unix(cron:session): session closed for user root
Jun 24 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20956]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21029]: Successful su for rubyman by root
Jun 24 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21029]: + ??? root:rubyman
Jun 24 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583124 of user rubyman.
Jun 24 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21029]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583124.
Jun 24 10:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17853]: pam_unix(cron:session): session closed for user root
Jun 24 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19937]: pam_unix(cron:session): session closed for user root
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session closed for user root
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21379]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21443]: Successful su for rubyman by root
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21443]: + ??? root:rubyman
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583127 of user rubyman.
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21443]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583127.
Jun 24 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18317]: pam_unix(cron:session): session closed for user root
Jun 24 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21380]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20433]: pam_unix(cron:session): session closed for user root
Jun 24 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21875]: Successful su for rubyman by root
Jun 24 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21875]: + ??? root:rubyman
Jun 24 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583132 of user rubyman.
Jun 24 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21875]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583132.
Jun 24 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session closed for user root
Jun 24 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21811]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20959]: pam_unix(cron:session): session closed for user root
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22210]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22269]: Successful su for rubyman by root
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22269]: + ??? root:rubyman
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583136 of user rubyman.
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22269]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583136.
Jun 24 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19319]: pam_unix(cron:session): session closed for user root
Jun 24 10:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22211]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session closed for user root
Jun 24 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Did not receive identification string from 200.126.105.149
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22711]: pam_unix(cron:session): session closed for user root
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22777]: Successful su for rubyman by root
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22777]: + ??? root:rubyman
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583141 of user rubyman.
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22777]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583141.
Jun 24 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session closed for user root
Jun 24 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19936]: pam_unix(cron:session): session closed for user root
Jun 24 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21813]: pam_unix(cron:session): session closed for user root
Jun 24 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23139]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23210]: Successful su for rubyman by root
Jun 24 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23210]: + ??? root:rubyman
Jun 24 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583145 of user rubyman.
Jun 24 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23210]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583145.
Jun 24 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20432]: pam_unix(cron:session): session closed for user root
Jun 24 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23140]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22213]: pam_unix(cron:session): session closed for user root
Jun 24 10:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 10:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for root from 176.32.39.21 port 56848 ssh2
Jun 24 10:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Connection closed by 176.32.39.21 port 56848 [preauth]
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23568]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: Successful su for rubyman by root
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: + ??? root:rubyman
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583149 of user rubyman.
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583149.
Jun 24 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20958]: pam_unix(cron:session): session closed for user root
Jun 24 10:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23569]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session closed for user root
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24083]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24146]: Successful su for rubyman by root
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24146]: + ??? root:rubyman
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583153 of user rubyman.
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24146]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583153.
Jun 24 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21381]: pam_unix(cron:session): session closed for user root
Jun 24 10:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24084]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23142]: pam_unix(cron:session): session closed for user root
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24506]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24567]: Successful su for rubyman by root
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24567]: + ??? root:rubyman
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583158 of user rubyman.
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24567]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583158.
Jun 24 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21812]: pam_unix(cron:session): session closed for user root
Jun 24 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24507]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23571]: pam_unix(cron:session): session closed for user root
Jun 24 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session closed for user root
Jun 24 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: Successful su for rubyman by root
Jun 24 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: + ??? root:rubyman
Jun 24 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583165 of user rubyman.
Jun 24 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583165.
Jun 24 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24917]: pam_unix(cron:session): session closed for user root
Jun 24 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session closed for user root
Jun 24 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24916]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 10:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 10:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Failed password for root from 51.250.105.222 port 40838 ssh2
Jun 24 10:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25235]: Failed password for root from 62.133.62.83 port 48952 ssh2
Jun 24 10:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Connection closed by 51.250.105.222 port 40838 [preauth]
Jun 24 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25235]: Connection closed by 62.133.62.83 port 48952 [preauth]
Jun 24 10:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24086]: pam_unix(cron:session): session closed for user root
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25346]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25412]: Successful su for rubyman by root
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25412]: + ??? root:rubyman
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583168 of user rubyman.
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25412]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583168.
Jun 24 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session closed for user root
Jun 24 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25347]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24509]: pam_unix(cron:session): session closed for user root
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25750]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25812]: Successful su for rubyman by root
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25812]: + ??? root:rubyman
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583171 of user rubyman.
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25812]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583171.
Jun 24 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session closed for user root
Jun 24 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25749]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24919]: pam_unix(cron:session): session closed for user root
Jun 24 10:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: Invalid user admin from 2.57.121.25
Jun 24 10:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: input_userauth_request: invalid user admin [preauth]
Jun 24 10:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 10:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: Failed password for invalid user admin from 2.57.121.25 port 30000 ssh2
Jun 24 10:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: Failed password for invalid user admin from 2.57.121.25 port 30000 ssh2
Jun 24 10:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: Failed password for invalid user admin from 2.57.121.25 port 30000 ssh2
Jun 24 10:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: Connection closed by 2.57.121.25 port 30000 [preauth]
Jun 24 10:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26136]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26200]: Successful su for rubyman by root
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26200]: + ??? root:rubyman
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583176 of user rubyman.
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26200]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583176.
Jun 24 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23570]: pam_unix(cron:session): session closed for user root
Jun 24 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26137]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25349]: pam_unix(cron:session): session closed for user root
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26532]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26598]: Successful su for rubyman by root
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26598]: + ??? root:rubyman
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583179 of user rubyman.
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26598]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583179.
Jun 24 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24085]: pam_unix(cron:session): session closed for user root
Jun 24 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26533]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25751]: pam_unix(cron:session): session closed for user root
Jun 24 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27015]: pam_unix(cron:session): session closed for user root
Jun 24 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27008]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27085]: Successful su for rubyman by root
Jun 24 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27085]: + ??? root:rubyman
Jun 24 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583186 of user rubyman.
Jun 24 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27085]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583186.
Jun 24 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27011]: pam_unix(cron:session): session closed for user root
Jun 24 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24508]: pam_unix(cron:session): session closed for user root
Jun 24 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27009]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26139]: pam_unix(cron:session): session closed for user root
Jun 24 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27445]: Connection closed by 194.59.206.2 port 36686 [preauth]
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27465]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27542]: Successful su for rubyman by root
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27542]: + ??? root:rubyman
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583191 of user rubyman.
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27542]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583191.
Jun 24 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24918]: pam_unix(cron:session): session closed for user root
Jun 24 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27467]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: Failed password for root from 103.27.238.114 port 46854 ssh2
Jun 24 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: Connection closed by 103.27.238.114 port 46854 [preauth]
Jun 24 10:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Invalid user customer from 141.98.83.240
Jun 24 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: input_userauth_request: invalid user customer [preauth]
Jun 24 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Failed password for invalid user customer from 141.98.83.240 port 52606 ssh2
Jun 24 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Failed password for invalid user customer from 141.98.83.240 port 52606 ssh2
Jun 24 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Failed password for invalid user customer from 141.98.83.240 port 52606 ssh2
Jun 24 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Connection closed by 141.98.83.240 port 52606 [preauth]
Jun 24 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26535]: pam_unix(cron:session): session closed for user root
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27949]: Successful su for rubyman by root
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27949]: + ??? root:rubyman
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583193 of user rubyman.
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27949]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583193.
Jun 24 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25348]: pam_unix(cron:session): session closed for user root
Jun 24 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27887]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Invalid user reception from 217.76.154.242
Jun 24 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: input_userauth_request: invalid user reception [preauth]
Jun 24 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 24 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Failed password for invalid user reception from 217.76.154.242 port 38198 ssh2
Jun 24 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Connection closed by 217.76.154.242 port 38198 [preauth]
Jun 24 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27013]: pam_unix(cron:session): session closed for user root
Jun 24 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: Successful su for rubyman by root
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: + ??? root:rubyman
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583198 of user rubyman.
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28398]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583198.
Jun 24 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25750]: pam_unix(cron:session): session closed for user root
Jun 24 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28341]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27470]: pam_unix(cron:session): session closed for user root
Jun 24 10:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Received disconnect from 123.30.240.7 port 47116:11: disconnected by user [preauth]
Jun 24 10:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Disconnected from 123.30.240.7 port 47116 [preauth]
Jun 24 10:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Failed password for root from 103.82.20.28 port 55864 ssh2
Jun 24 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Connection closed by 103.82.20.28 port 55864 [preauth]
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28840]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28913]: Successful su for rubyman by root
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28913]: + ??? root:rubyman
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583201 of user rubyman.
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28913]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583201.
Jun 24 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26138]: pam_unix(cron:session): session closed for user root
Jun 24 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28841]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27889]: pam_unix(cron:session): session closed for user root
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29277]: pam_unix(cron:session): session closed for user root
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29272]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29343]: Successful su for rubyman by root
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29343]: + ??? root:rubyman
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583207 of user rubyman.
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29343]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583207.
Jun 24 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29274]: pam_unix(cron:session): session closed for user root
Jun 24 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26534]: pam_unix(cron:session): session closed for user root
Jun 24 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29273]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28343]: pam_unix(cron:session): session closed for user root
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29824]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29903]: Successful su for rubyman by root
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29903]: + ??? root:rubyman
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583213 of user rubyman.
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29903]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583213.
Jun 24 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27012]: pam_unix(cron:session): session closed for user root
Jun 24 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 24 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session closed for user root
Jun 24 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: Failed password for root from 89.223.69.22 port 35482 ssh2
Jun 24 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: Connection closed by 89.223.69.22 port 35482 [preauth]
Jun 24 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30266]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30331]: Successful su for rubyman by root
Jun 24 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30331]: + ??? root:rubyman
Jun 24 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583217 of user rubyman.
Jun 24 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30331]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583217.
Jun 24 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27469]: pam_unix(cron:session): session closed for user root
Jun 24 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30267]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29276]: pam_unix(cron:session): session closed for user root
Jun 24 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: Invalid user test from 193.46.255.86
Jun 24 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: input_userauth_request: invalid user test [preauth]
Jun 24 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: Failed password for invalid user test from 193.46.255.86 port 34088 ssh2
Jun 24 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: Failed password for invalid user test from 193.46.255.86 port 34088 ssh2
Jun 24 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: Failed password for invalid user test from 193.46.255.86 port 34088 ssh2
Jun 24 10:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: Connection closed by 193.46.255.86 port 34088 [preauth]
Jun 24 10:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30683]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: Successful su for rubyman by root
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: + ??? root:rubyman
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583220 of user rubyman.
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583220.
Jun 24 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27888]: pam_unix(cron:session): session closed for user root
Jun 24 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30684]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: Failed password for root from 38.93.206.2 port 29250 ssh2
Jun 24 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31088]: Connection closed by 38.93.206.2 port 29250 [preauth]
Jun 24 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29831]: pam_unix(cron:session): session closed for user root
Jun 24 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31177]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31292]: Successful su for rubyman by root
Jun 24 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31292]: + ??? root:rubyman
Jun 24 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583223 of user rubyman.
Jun 24 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31292]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583223.
Jun 24 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session closed for user root
Jun 24 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28342]: pam_unix(cron:session): session closed for user root
Jun 24 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31178]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30270]: pam_unix(cron:session): session closed for user root
Jun 24 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31781]: pam_unix(cron:session): session closed for user root
Jun 24 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31843]: Successful su for rubyman by root
Jun 24 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31843]: + ??? root:rubyman
Jun 24 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583228 of user rubyman.
Jun 24 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31843]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583228.
Jun 24 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31778]: pam_unix(cron:session): session closed for user root
Jun 24 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28842]: pam_unix(cron:session): session closed for user root
Jun 24 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31777]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30686]: pam_unix(cron:session): session closed for user root
Jun 24 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32202]: Failed password for root from 202.178.126.219 port 63293 ssh2
Jun 24 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32202]: Connection closed by 202.178.126.219 port 63293 [preauth]
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32221]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32284]: Successful su for rubyman by root
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32284]: + ??? root:rubyman
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583234 of user rubyman.
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32284]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583234.
Jun 24 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29275]: pam_unix(cron:session): session closed for user root
Jun 24 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32222]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session closed for user root
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32623]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32689]: Successful su for rubyman by root
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32689]: + ??? root:rubyman
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583238 of user rubyman.
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32689]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583238.
Jun 24 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29830]: pam_unix(cron:session): session closed for user root
Jun 24 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32624]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: Received disconnect from 103.176.90.41 port 35478:11: disconnected by user [preauth]
Jun 24 10:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: Disconnected from 103.176.90.41 port 35478 [preauth]
Jun 24 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31780]: pam_unix(cron:session): session closed for user root
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[721]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[786]: Successful su for rubyman by root
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[786]: + ??? root:rubyman
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583243 of user rubyman.
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[786]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583243.
Jun 24 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30268]: pam_unix(cron:session): session closed for user root
Jun 24 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[722]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32224]: pam_unix(cron:session): session closed for user root
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1172]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1238]: Successful su for rubyman by root
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1238]: + ??? root:rubyman
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583246 of user rubyman.
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1238]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583246.
Jun 24 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30685]: pam_unix(cron:session): session closed for user root
Jun 24 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1173]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183  user=root
Jun 24 10:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Failed password for root from 104.207.76.183 port 46348 ssh2
Jun 24 10:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Received disconnect from 104.207.76.183 port 46348:11: Bye Bye [preauth]
Jun 24 10:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Disconnected from 104.207.76.183 port 46348 [preauth]
Jun 24 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session closed for user root
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1727]: pam_unix(cron:session): session closed for user root
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1715]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1798]: Successful su for rubyman by root
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1798]: + ??? root:rubyman
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583251 of user rubyman.
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1798]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583251.
Jun 24 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1720]: pam_unix(cron:session): session closed for user root
Jun 24 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31179]: pam_unix(cron:session): session closed for user root
Jun 24 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1719]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[724]: pam_unix(cron:session): session closed for user root
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2240]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2313]: Successful su for rubyman by root
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2313]: + ??? root:rubyman
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583256 of user rubyman.
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2313]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583256.
Jun 24 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31779]: pam_unix(cron:session): session closed for user root
Jun 24 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2241]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1175]: pam_unix(cron:session): session closed for user root
Jun 24 10:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Failed password for root from 103.15.222.183 port 36668 ssh2
Jun 24 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Connection closed by 103.15.222.183 port 36668 [preauth]
Jun 24 10:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 10:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2657]: Failed password for root from 87.251.79.125 port 34304 ssh2
Jun 24 10:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2657]: Connection closed by 87.251.79.125 port 34304 [preauth]
Jun 24 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2668]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2734]: Successful su for rubyman by root
Jun 24 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2734]: + ??? root:rubyman
Jun 24 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583260 of user rubyman.
Jun 24 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2734]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583260.
Jun 24 10:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32223]: pam_unix(cron:session): session closed for user root
Jun 24 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2669]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1726]: pam_unix(cron:session): session closed for user root
Jun 24 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3066]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3125]: Successful su for rubyman by root
Jun 24 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3125]: + ??? root:rubyman
Jun 24 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583264 of user rubyman.
Jun 24 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3125]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583264.
Jun 24 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3183]: Bad protocol version identification '' from 78.39.56.124 port 40460
Jun 24 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session closed for user root
Jun 24 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3067]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 10:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: Failed password for root from 103.27.238.116 port 36702 ssh2
Jun 24 10:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: Connection closed by 103.27.238.116 port 36702 [preauth]
Jun 24 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2243]: pam_unix(cron:session): session closed for user root
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3466]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: Successful su for rubyman by root
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: + ??? root:rubyman
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583268 of user rubyman.
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583268.
Jun 24 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[723]: pam_unix(cron:session): session closed for user root
Jun 24 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3844]: Failed password for root from 103.122.221.179 port 42126 ssh2
Jun 24 10:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3844]: Connection closed by 103.122.221.179 port 42126 [preauth]
Jun 24 10:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47  user=root
Jun 24 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Failed password for root from 50.62.22.47 port 33664 ssh2
Jun 24 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Received disconnect from 50.62.22.47 port 33664:11: Bye Bye [preauth]
Jun 24 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Disconnected from 50.62.22.47 port 33664 [preauth]
Jun 24 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2672]: pam_unix(cron:session): session closed for user root
Jun 24 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 10:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Failed password for root from 147.45.199.80 port 34790 ssh2
Jun 24 10:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Connection closed by 147.45.199.80 port 34790 [preauth]
Jun 24 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session closed for user root
Jun 24 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4070]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4136]: Successful su for rubyman by root
Jun 24 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4136]: + ??? root:rubyman
Jun 24 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583272 of user rubyman.
Jun 24 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4136]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583272.
Jun 24 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1174]: pam_unix(cron:session): session closed for user root
Jun 24 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session closed for user root
Jun 24 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4071]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3069]: pam_unix(cron:session): session closed for user root
Jun 24 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4504]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4578]: Successful su for rubyman by root
Jun 24 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4578]: + ??? root:rubyman
Jun 24 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583278 of user rubyman.
Jun 24 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4578]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583278.
Jun 24 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1721]: pam_unix(cron:session): session closed for user root
Jun 24 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4505]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3469]: pam_unix(cron:session): session closed for user root
Jun 24 10:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5022]: Invalid user admin from 104.207.76.183
Jun 24 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5022]: input_userauth_request: invalid user admin [preauth]
Jun 24 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5022]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 10:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5022]: Failed password for invalid user admin from 104.207.76.183 port 44354 ssh2
Jun 24 10:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5022]: Received disconnect from 104.207.76.183 port 44354:11: Bye Bye [preauth]
Jun 24 10:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5022]: Disconnected from 104.207.76.183 port 44354 [preauth]
Jun 24 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5041]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5099]: Successful su for rubyman by root
Jun 24 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5099]: + ??? root:rubyman
Jun 24 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583282 of user rubyman.
Jun 24 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5099]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583282.
Jun 24 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2242]: pam_unix(cron:session): session closed for user root
Jun 24 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5042]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session closed for user root
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5452]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5449]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5508]: Successful su for rubyman by root
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5508]: + ??? root:rubyman
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583288 of user rubyman.
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5508]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583288.
Jun 24 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2670]: pam_unix(cron:session): session closed for user root
Jun 24 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5450]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: Received disconnect from 191.101.33.114 port 34332:11: disconnected by user [preauth]
Jun 24 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: Disconnected from 191.101.33.114 port 34332 [preauth]
Jun 24 10:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session closed for user root
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5843]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5902]: Successful su for rubyman by root
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5902]: + ??? root:rubyman
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583290 of user rubyman.
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5902]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583290.
Jun 24 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3068]: pam_unix(cron:session): session closed for user root
Jun 24 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5844]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Invalid user luke from 104.207.76.183
Jun 24 10:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: input_userauth_request: invalid user luke [preauth]
Jun 24 10:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 10:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user luke from 104.207.76.183 port 35420 ssh2
Jun 24 10:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Received disconnect from 104.207.76.183 port 35420:11: Bye Bye [preauth]
Jun 24 10:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Disconnected from 104.207.76.183 port 35420 [preauth]
Jun 24 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5044]: pam_unix(cron:session): session closed for user root
Jun 24 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6243]: pam_unix(cron:session): session closed for user root
Jun 24 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6238]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6303]: Successful su for rubyman by root
Jun 24 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6303]: + ??? root:rubyman
Jun 24 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583295 of user rubyman.
Jun 24 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6303]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583295.
Jun 24 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session closed for user root
Jun 24 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6240]: pam_unix(cron:session): session closed for user root
Jun 24 10:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6239]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47  user=root
Jun 24 10:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5452]: pam_unix(cron:session): session closed for user root
Jun 24 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Failed password for root from 50.62.22.47 port 37222 ssh2
Jun 24 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Received disconnect from 50.62.22.47 port 37222:11: Bye Bye [preauth]
Jun 24 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Disconnected from 50.62.22.47 port 37222 [preauth]
Jun 24 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6661]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6736]: Successful su for rubyman by root
Jun 24 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6736]: + ??? root:rubyman
Jun 24 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583300 of user rubyman.
Jun 24 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6736]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583300.
Jun 24 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4073]: pam_unix(cron:session): session closed for user root
Jun 24 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6662]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5846]: pam_unix(cron:session): session closed for user root
Jun 24 10:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183  user=root
Jun 24 10:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Failed password for root from 104.207.76.183 port 54904 ssh2
Jun 24 10:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Received disconnect from 104.207.76.183 port 54904:11: Bye Bye [preauth]
Jun 24 10:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Disconnected from 104.207.76.183 port 54904 [preauth]
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7172]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7170]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7234]: Successful su for rubyman by root
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7234]: + ??? root:rubyman
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583304 of user rubyman.
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7234]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583304.
Jun 24 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4506]: pam_unix(cron:session): session closed for user root
Jun 24 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7171]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6242]: pam_unix(cron:session): session closed for user root
Jun 24 10:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 10:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7515]: Failed password for root from 103.153.68.219 port 49652 ssh2
Jun 24 10:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7515]: Connection closed by 103.153.68.219 port 49652 [preauth]
Jun 24 10:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7548]: Invalid user toto from 50.62.22.47
Jun 24 10:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7548]: input_userauth_request: invalid user toto [preauth]
Jun 24 10:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7548]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 10:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 10:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7548]: Failed password for invalid user toto from 50.62.22.47 port 47628 ssh2
Jun 24 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7548]: Received disconnect from 50.62.22.47 port 47628:11: Bye Bye [preauth]
Jun 24 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7548]: Disconnected from 50.62.22.47 port 47628 [preauth]
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7744]: Successful su for rubyman by root
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7744]: + ??? root:rubyman
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583308 of user rubyman.
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7744]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583308.
Jun 24 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5043]: pam_unix(cron:session): session closed for user root
Jun 24 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7581]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6664]: pam_unix(cron:session): session closed for user root
Jun 24 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8060]: pam_unix(cron:session): session closed for user p13x
Jun 24 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8121]: Successful su for rubyman by root
Jun 24 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8121]: + ??? root:rubyman
Jun 24 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583312 of user rubyman.
Jun 24 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8121]: pam_unix(su:session): session closed for user rubyman
Jun 24 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583312.
Jun 24 10:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5451]: pam_unix(cron:session): session closed for user root
Jun 24 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8061]: pam_unix(cron:session): session closed for user samftp
Jun 24 10:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 10:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183  user=root
Jun 24 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Failed password for root from 104.207.76.183 port 53206 ssh2
Jun 24 10:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Received disconnect from 104.207.76.183 port 53206:11: Bye Bye [preauth]
Jun 24 10:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Disconnected from 104.207.76.183 port 53206 [preauth]
Jun 24 10:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7173]: pam_unix(cron:session): session closed for user root
Jun 24 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Invalid user proxyuser from 50.62.22.47
Jun 24 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: input_userauth_request: invalid user proxyuser [preauth]
Jun 24 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8459]: pam_unix(cron:session): session closed for user root
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8455]: pam_unix(cron:session): session closed for user root
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8453]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: Successful su for rubyman by root
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: + ??? root:rubyman
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583318 of user rubyman.
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583318.
Jun 24 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Failed password for invalid user proxyuser from 50.62.22.47 port 58036 ssh2
Jun 24 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Received disconnect from 50.62.22.47 port 58036:11: Bye Bye [preauth]
Jun 24 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Disconnected from 50.62.22.47 port 58036 [preauth]
Jun 24 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8456]: pam_unix(cron:session): session closed for user root
Jun 24 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5845]: pam_unix(cron:session): session closed for user root
Jun 24 11:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8454]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7583]: pam_unix(cron:session): session closed for user root
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8946]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9017]: Successful su for rubyman by root
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9017]: + ??? root:rubyman
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583323 of user rubyman.
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9017]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583323.
Jun 24 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6241]: pam_unix(cron:session): session closed for user root
Jun 24 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8948]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8063]: pam_unix(cron:session): session closed for user root
Jun 24 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9355]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9414]: Successful su for rubyman by root
Jun 24 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9414]: + ??? root:rubyman
Jun 24 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583329 of user rubyman.
Jun 24 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9414]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583329.
Jun 24 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Invalid user deployer from 50.62.22.47
Jun 24 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: input_userauth_request: invalid user deployer [preauth]
Jun 24 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6663]: pam_unix(cron:session): session closed for user root
Jun 24 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9356]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Failed password for invalid user deployer from 50.62.22.47 port 40198 ssh2
Jun 24 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Received disconnect from 50.62.22.47 port 40198:11: Bye Bye [preauth]
Jun 24 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Disconnected from 50.62.22.47 port 40198 [preauth]
Jun 24 11:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Invalid user dev from 104.207.76.183
Jun 24 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: input_userauth_request: invalid user dev [preauth]
Jun 24 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Failed password for invalid user dev from 104.207.76.183 port 39202 ssh2
Jun 24 11:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Received disconnect from 104.207.76.183 port 39202:11: Bye Bye [preauth]
Jun 24 11:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Disconnected from 104.207.76.183 port 39202 [preauth]
Jun 24 11:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Failed password for root from 103.77.242.62 port 40828 ssh2
Jun 24 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Connection closed by 103.77.242.62 port 40828 [preauth]
Jun 24 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session closed for user root
Jun 24 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 11:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Failed password for root from 193.37.70.224 port 37172 ssh2
Jun 24 11:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Connection closed by 193.37.70.224 port 37172 [preauth]
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9747]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9812]: Successful su for rubyman by root
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9812]: + ??? root:rubyman
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583332 of user rubyman.
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9812]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583332.
Jun 24 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7172]: pam_unix(cron:session): session closed for user root
Jun 24 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9748]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Invalid user dev from 141.98.83.240
Jun 24 11:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: input_userauth_request: invalid user dev [preauth]
Jun 24 11:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 11:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Failed password for invalid user dev from 141.98.83.240 port 44860 ssh2
Jun 24 11:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Failed password for invalid user dev from 141.98.83.240 port 44860 ssh2
Jun 24 11:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Failed password for invalid user dev from 141.98.83.240 port 44860 ssh2
Jun 24 11:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Connection closed by 141.98.83.240 port 44860 [preauth]
Jun 24 11:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8950]: pam_unix(cron:session): session closed for user root
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10413]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: Successful su for rubyman by root
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: + ??? root:rubyman
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583336 of user rubyman.
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583336.
Jun 24 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session closed for user root
Jun 24 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Invalid user grafana from 50.62.22.47
Jun 24 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: input_userauth_request: invalid user grafana [preauth]
Jun 24 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Failed password for invalid user grafana from 50.62.22.47 port 50588 ssh2
Jun 24 11:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Received disconnect from 50.62.22.47 port 50588:11: Bye Bye [preauth]
Jun 24 11:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Disconnected from 50.62.22.47 port 50588 [preauth]
Jun 24 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9358]: pam_unix(cron:session): session closed for user root
Jun 24 11:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Invalid user real from 104.207.76.183
Jun 24 11:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: input_userauth_request: invalid user real [preauth]
Jun 24 11:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Failed password for invalid user real from 104.207.76.183 port 55500 ssh2
Jun 24 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Received disconnect from 104.207.76.183 port 55500:11: Bye Bye [preauth]
Jun 24 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Disconnected from 104.207.76.183 port 55500 [preauth]
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session closed for user root
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10912]: Successful su for rubyman by root
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10912]: + ??? root:rubyman
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583339 of user rubyman.
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10912]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583339.
Jun 24 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10843]: pam_unix(cron:session): session closed for user root
Jun 24 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8062]: pam_unix(cron:session): session closed for user root
Jun 24 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session closed for user root
Jun 24 11:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Invalid user verania from 2.57.121.112
Jun 24 11:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: input_userauth_request: invalid user verania [preauth]
Jun 24 11:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Failed password for invalid user verania from 2.57.121.112 port 15196 ssh2
Jun 24 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Failed password for invalid user verania from 2.57.121.112 port 15196 ssh2
Jun 24 11:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Failed password for invalid user verania from 2.57.121.112 port 15196 ssh2
Jun 24 11:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Failed password for invalid user verania from 2.57.121.112 port 15196 ssh2
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11284]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11356]: Successful su for rubyman by root
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11356]: + ??? root:rubyman
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583346 of user rubyman.
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11356]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583346.
Jun 24 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Failed password for invalid user verania from 2.57.121.112 port 15196 ssh2
Jun 24 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Connection closed by 2.57.121.112 port 15196 [preauth]
Jun 24 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 24 11:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8457]: pam_unix(cron:session): session closed for user root
Jun 24 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11285]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 11:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: Failed password for root from 202.178.126.219 port 21091 ssh2
Jun 24 11:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: Connection closed by 202.178.126.219 port 21091 [preauth]
Jun 24 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: Invalid user ll from 50.62.22.47
Jun 24 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: input_userauth_request: invalid user ll [preauth]
Jun 24 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: Failed password for invalid user ll from 50.62.22.47 port 60978 ssh2
Jun 24 11:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: Received disconnect from 50.62.22.47 port 60978:11: Bye Bye [preauth]
Jun 24 11:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: Disconnected from 50.62.22.47 port 60978 [preauth]
Jun 24 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10416]: pam_unix(cron:session): session closed for user root
Jun 24 11:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: Invalid user user2 from 104.207.76.183
Jun 24 11:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: input_userauth_request: invalid user user2 [preauth]
Jun 24 11:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: Failed password for invalid user user2 from 104.207.76.183 port 49846 ssh2
Jun 24 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: Received disconnect from 104.207.76.183 port 49846:11: Bye Bye [preauth]
Jun 24 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11700]: Disconnected from 104.207.76.183 port 49846 [preauth]
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11703]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11784]: Successful su for rubyman by root
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11784]: + ??? root:rubyman
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583349 of user rubyman.
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11784]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583349.
Jun 24 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8949]: pam_unix(cron:session): session closed for user root
Jun 24 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11704]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session closed for user root
Jun 24 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12166]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12233]: Successful su for rubyman by root
Jun 24 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12233]: + ??? root:rubyman
Jun 24 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583353 of user rubyman.
Jun 24 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12233]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583353.
Jun 24 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9357]: pam_unix(cron:session): session closed for user root
Jun 24 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12167]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47  user=root
Jun 24 11:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: Failed password for root from 50.62.22.47 port 43118 ssh2
Jun 24 11:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: Received disconnect from 50.62.22.47 port 43118:11: Bye Bye [preauth]
Jun 24 11:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: Disconnected from 50.62.22.47 port 43118 [preauth]
Jun 24 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session closed for user root
Jun 24 11:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 11:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Failed password for root from 103.82.132.16 port 37090 ssh2
Jun 24 11:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Connection closed by 103.82.132.16 port 37090 [preauth]
Jun 24 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12694]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12820]: Successful su for rubyman by root
Jun 24 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12820]: + ??? root:rubyman
Jun 24 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583358 of user rubyman.
Jun 24 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12820]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583358.
Jun 24 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12692]: pam_unix(cron:session): session closed for user root
Jun 24 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9749]: pam_unix(cron:session): session closed for user root
Jun 24 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12695]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183  user=root
Jun 24 11:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Failed password for root from 104.207.76.183 port 41506 ssh2
Jun 24 11:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Received disconnect from 104.207.76.183 port 41506:11: Bye Bye [preauth]
Jun 24 11:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Disconnected from 104.207.76.183 port 41506 [preauth]
Jun 24 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11709]: pam_unix(cron:session): session closed for user root
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13218]: pam_unix(cron:session): session closed for user root
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: Successful su for rubyman by root
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: + ??? root:rubyman
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583363 of user rubyman.
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583363.
Jun 24 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session closed for user root
Jun 24 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session closed for user root
Jun 24 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Invalid user wangbo from 50.62.22.47
Jun 24 11:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: input_userauth_request: invalid user wangbo [preauth]
Jun 24 11:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Failed password for invalid user wangbo from 50.62.22.47 port 53522 ssh2
Jun 24 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Received disconnect from 50.62.22.47 port 53522:11: Bye Bye [preauth]
Jun 24 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Disconnected from 50.62.22.47 port 53522 [preauth]
Jun 24 11:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12169]: pam_unix(cron:session): session closed for user root
Jun 24 11:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: Failed password for root from 109.237.96.109 port 54602 ssh2
Jun 24 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13586]: Connection closed by 109.237.96.109 port 54602 [preauth]
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13642]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13712]: Successful su for rubyman by root
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13712]: + ??? root:rubyman
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583369 of user rubyman.
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13712]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583369.
Jun 24 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10844]: pam_unix(cron:session): session closed for user root
Jun 24 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12697]: pam_unix(cron:session): session closed for user root
Jun 24 11:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 11:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14020]: Invalid user david from 104.207.76.183
Jun 24 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14020]: input_userauth_request: invalid user david [preauth]
Jun 24 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14020]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Failed password for root from 194.113.233.25 port 38228 ssh2
Jun 24 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Connection closed by 194.113.233.25 port 38228 [preauth]
Jun 24 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14020]: Failed password for invalid user david from 104.207.76.183 port 40752 ssh2
Jun 24 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14020]: Received disconnect from 104.207.76.183 port 40752:11: Bye Bye [preauth]
Jun 24 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14020]: Disconnected from 104.207.76.183 port 40752 [preauth]
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14126]: Successful su for rubyman by root
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14126]: + ??? root:rubyman
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583374 of user rubyman.
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14126]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583374.
Jun 24 11:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11286]: pam_unix(cron:session): session closed for user root
Jun 24 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14069]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session closed for user root
Jun 24 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Invalid user fivem from 50.62.22.47
Jun 24 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: input_userauth_request: invalid user fivem [preauth]
Jun 24 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Failed password for invalid user fivem from 50.62.22.47 port 35692 ssh2
Jun 24 11:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Received disconnect from 50.62.22.47 port 35692:11: Bye Bye [preauth]
Jun 24 11:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Disconnected from 50.62.22.47 port 35692 [preauth]
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14447]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14511]: Successful su for rubyman by root
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14511]: + ??? root:rubyman
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583378 of user rubyman.
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14511]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583378.
Jun 24 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11708]: pam_unix(cron:session): session closed for user root
Jun 24 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13645]: pam_unix(cron:session): session closed for user root
Jun 24 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Invalid user vishnu from 104.207.76.183
Jun 24 11:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: input_userauth_request: invalid user vishnu [preauth]
Jun 24 11:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14931]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14999]: Successful su for rubyman by root
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14999]: + ??? root:rubyman
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583380 of user rubyman.
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14999]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583380.
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Failed password for invalid user vishnu from 104.207.76.183 port 35140 ssh2
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Received disconnect from 104.207.76.183 port 35140:11: Bye Bye [preauth]
Jun 24 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Disconnected from 104.207.76.183 port 35140 [preauth]
Jun 24 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12168]: pam_unix(cron:session): session closed for user root
Jun 24 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14932]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14071]: pam_unix(cron:session): session closed for user root
Jun 24 11:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Invalid user ankit from 50.62.22.47
Jun 24 11:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: input_userauth_request: invalid user ankit [preauth]
Jun 24 11:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Failed password for invalid user ankit from 50.62.22.47 port 46096 ssh2
Jun 24 11:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Received disconnect from 50.62.22.47 port 46096:11: Bye Bye [preauth]
Jun 24 11:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Disconnected from 50.62.22.47 port 46096 [preauth]
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15345]: pam_unix(cron:session): session closed for user root
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15340]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15407]: Successful su for rubyman by root
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15407]: + ??? root:rubyman
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583386 of user rubyman.
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15407]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583386.
Jun 24 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15342]: pam_unix(cron:session): session closed for user root
Jun 24 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12696]: pam_unix(cron:session): session closed for user root
Jun 24 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15341]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session closed for user root
Jun 24 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15758]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15823]: Successful su for rubyman by root
Jun 24 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15823]: + ??? root:rubyman
Jun 24 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583391 of user rubyman.
Jun 24 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15823]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583391.
Jun 24 11:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13216]: pam_unix(cron:session): session closed for user root
Jun 24 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15759]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16036]: Invalid user karim from 104.207.76.183
Jun 24 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16036]: input_userauth_request: invalid user karim [preauth]
Jun 24 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16036]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16036]: Failed password for invalid user karim from 104.207.76.183 port 39244 ssh2
Jun 24 11:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16036]: Received disconnect from 104.207.76.183 port 39244:11: Bye Bye [preauth]
Jun 24 11:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16036]: Disconnected from 104.207.76.183 port 39244 [preauth]
Jun 24 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 11:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 24 11:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:123.58.207.127
Jun 24 11:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: Failed password for root from 103.149.28.157 port 42990 ssh2
Jun 24 11:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: Connection closed by 103.149.28.157 port 42990 [preauth]
Jun 24 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14935]: pam_unix(cron:session): session closed for user root
Jun 24 11:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47  user=root
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16172]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16172]: pam_unix(cron:session): session closed for user root
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16175]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16240]: Successful su for rubyman by root
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16240]: + ??? root:rubyman
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583394 of user rubyman.
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16240]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583394.
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Failed password for root from 50.62.22.47 port 56472 ssh2
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Received disconnect from 50.62.22.47 port 56472:11: Bye Bye [preauth]
Jun 24 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Disconnected from 50.62.22.47 port 56472 [preauth]
Jun 24 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13644]: pam_unix(cron:session): session closed for user root
Jun 24 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16176]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16445]: Received disconnect from 160.238.24.130 port 44314:11: disconnected by user [preauth]
Jun 24 11:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16445]: Disconnected from 160.238.24.130 port 44314 [preauth]
Jun 24 11:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15344]: pam_unix(cron:session): session closed for user root
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16577]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16638]: Successful su for rubyman by root
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16638]: + ??? root:rubyman
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583400 of user rubyman.
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16638]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583400.
Jun 24 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14070]: pam_unix(cron:session): session closed for user root
Jun 24 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16578]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15761]: pam_unix(cron:session): session closed for user root
Jun 24 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Invalid user user from 104.207.76.183
Jun 24 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: input_userauth_request: invalid user user [preauth]
Jun 24 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Failed password for invalid user user from 104.207.76.183 port 53334 ssh2
Jun 24 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Received disconnect from 104.207.76.183 port 53334:11: Bye Bye [preauth]
Jun 24 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Disconnected from 104.207.76.183 port 53334 [preauth]
Jun 24 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17073]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17132]: Successful su for rubyman by root
Jun 24 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17132]: + ??? root:rubyman
Jun 24 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583405 of user rubyman.
Jun 24 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17132]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583405.
Jun 24 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14449]: pam_unix(cron:session): session closed for user root
Jun 24 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Invalid user anna from 50.62.22.47
Jun 24 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: input_userauth_request: invalid user anna [preauth]
Jun 24 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17074]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Failed password for invalid user anna from 50.62.22.47 port 38620 ssh2
Jun 24 11:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Received disconnect from 50.62.22.47 port 38620:11: Bye Bye [preauth]
Jun 24 11:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Disconnected from 50.62.22.47 port 38620 [preauth]
Jun 24 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16179]: pam_unix(cron:session): session closed for user root
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17487]: pam_unix(cron:session): session closed for user root
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17546]: Successful su for rubyman by root
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17546]: + ??? root:rubyman
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583407 of user rubyman.
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17546]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583407.
Jun 24 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session closed for user root
Jun 24 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14934]: pam_unix(cron:session): session closed for user root
Jun 24 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16580]: pam_unix(cron:session): session closed for user root
Jun 24 11:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183  user=root
Jun 24 11:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Failed password for root from 104.207.76.183 port 48950 ssh2
Jun 24 11:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Received disconnect from 104.207.76.183 port 48950:11: Bye Bye [preauth]
Jun 24 11:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Disconnected from 104.207.76.183 port 48950 [preauth]
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18088]: Successful su for rubyman by root
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18088]: + ??? root:rubyman
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583414 of user rubyman.
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18088]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583414.
Jun 24 11:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15343]: pam_unix(cron:session): session closed for user root
Jun 24 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18012]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Invalid user ftpuser1 from 50.62.22.47
Jun 24 11:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 24 11:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Failed password for invalid user ftpuser1 from 50.62.22.47 port 48998 ssh2
Jun 24 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Received disconnect from 50.62.22.47 port 48998:11: Bye Bye [preauth]
Jun 24 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Disconnected from 50.62.22.47 port 48998 [preauth]
Jun 24 11:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17076]: pam_unix(cron:session): session closed for user root
Jun 24 11:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 11:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: Failed password for root from 103.176.20.57 port 32858 ssh2
Jun 24 11:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: Connection closed by 103.176.20.57 port 32858 [preauth]
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18536]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18599]: Successful su for rubyman by root
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18599]: + ??? root:rubyman
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583419 of user rubyman.
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18599]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583419.
Jun 24 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15760]: pam_unix(cron:session): session closed for user root
Jun 24 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18537]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17486]: pam_unix(cron:session): session closed for user root
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18954]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19015]: Successful su for rubyman by root
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19015]: + ??? root:rubyman
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583421 of user rubyman.
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19015]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583421.
Jun 24 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16177]: pam_unix(cron:session): session closed for user root
Jun 24 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18955]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: Invalid user jla from 50.62.22.47
Jun 24 11:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: input_userauth_request: invalid user jla [preauth]
Jun 24 11:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: Failed password for invalid user jla from 50.62.22.47 port 59384 ssh2
Jun 24 11:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: Received disconnect from 50.62.22.47 port 59384:11: Bye Bye [preauth]
Jun 24 11:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: Disconnected from 50.62.22.47 port 59384 [preauth]
Jun 24 11:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 11:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19324]: Failed password for root from 38.93.206.2 port 48344 ssh2
Jun 24 11:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19324]: Connection closed by 38.93.206.2 port 48344 [preauth]
Jun 24 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: Invalid user ubuntu from 104.207.76.183
Jun 24 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: Failed password for invalid user ubuntu from 104.207.76.183 port 51686 ssh2
Jun 24 11:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: Received disconnect from 104.207.76.183 port 51686:11: Bye Bye [preauth]
Jun 24 11:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: Disconnected from 104.207.76.183 port 51686 [preauth]
Jun 24 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18014]: pam_unix(cron:session): session closed for user root
Jun 24 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19713]: Successful su for rubyman by root
Jun 24 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19713]: + ??? root:rubyman
Jun 24 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583425 of user rubyman.
Jun 24 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19713]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583425.
Jun 24 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16579]: pam_unix(cron:session): session closed for user root
Jun 24 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19457]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18539]: pam_unix(cron:session): session closed for user root
Jun 24 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20067]: pam_unix(cron:session): session closed for user root
Jun 24 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20062]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20132]: Successful su for rubyman by root
Jun 24 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20132]: + ??? root:rubyman
Jun 24 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583433 of user rubyman.
Jun 24 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20132]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583433.
Jun 24 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20064]: pam_unix(cron:session): session closed for user root
Jun 24 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17075]: pam_unix(cron:session): session closed for user root
Jun 24 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20063]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Invalid user testtest from 50.62.22.47
Jun 24 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: input_userauth_request: invalid user testtest [preauth]
Jun 24 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Failed password for invalid user testtest from 50.62.22.47 port 41568 ssh2
Jun 24 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Received disconnect from 50.62.22.47 port 41568:11: Bye Bye [preauth]
Jun 24 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Disconnected from 50.62.22.47 port 41568 [preauth]
Jun 24 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18957]: pam_unix(cron:session): session closed for user root
Jun 24 11:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: Invalid user mark from 104.207.76.183
Jun 24 11:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: input_userauth_request: invalid user mark [preauth]
Jun 24 11:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: Failed password for invalid user mark from 104.207.76.183 port 58832 ssh2
Jun 24 11:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: Received disconnect from 104.207.76.183 port 58832:11: Bye Bye [preauth]
Jun 24 11:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20572]: Disconnected from 104.207.76.183 port 58832 [preauth]
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20599]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: Successful su for rubyman by root
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: + ??? root:rubyman
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583435 of user rubyman.
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583435.
Jun 24 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17485]: pam_unix(cron:session): session closed for user root
Jun 24 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20600]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19459]: pam_unix(cron:session): session closed for user root
Jun 24 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: Successful su for rubyman by root
Jun 24 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: + ??? root:rubyman
Jun 24 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583439 of user rubyman.
Jun 24 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583439.
Jun 24 11:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18013]: pam_unix(cron:session): session closed for user root
Jun 24 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Invalid user ubuntu from 50.62.22.47
Jun 24 11:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 11:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Failed password for invalid user ubuntu from 50.62.22.47 port 51968 ssh2
Jun 24 11:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Received disconnect from 50.62.22.47 port 51968:11: Bye Bye [preauth]
Jun 24 11:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Disconnected from 50.62.22.47 port 51968 [preauth]
Jun 24 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20066]: pam_unix(cron:session): session closed for user root
Jun 24 11:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Received disconnect from 170.238.136.42 port 49082:11: disconnected by user [preauth]
Jun 24 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Disconnected from 170.238.136.42 port 49082 [preauth]
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21523]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21595]: Successful su for rubyman by root
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21595]: + ??? root:rubyman
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583443 of user rubyman.
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21595]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583443.
Jun 24 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18538]: pam_unix(cron:session): session closed for user root
Jun 24 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21524]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Invalid user netlogon from 104.207.76.183
Jun 24 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: input_userauth_request: invalid user netlogon [preauth]
Jun 24 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Failed password for invalid user netlogon from 104.207.76.183 port 51196 ssh2
Jun 24 11:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Received disconnect from 104.207.76.183 port 51196:11: Bye Bye [preauth]
Jun 24 11:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Disconnected from 104.207.76.183 port 51196 [preauth]
Jun 24 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20602]: pam_unix(cron:session): session closed for user root
Jun 24 11:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 11:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21899]: Failed password for root from 103.172.78.219 port 45600 ssh2
Jun 24 11:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21899]: Connection closed by 103.172.78.219 port 45600 [preauth]
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21952]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22010]: Successful su for rubyman by root
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22010]: + ??? root:rubyman
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583449 of user rubyman.
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22010]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583449.
Jun 24 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session closed for user root
Jun 24 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21953]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session closed for user root
Jun 24 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: Invalid user ubuntu from 50.62.22.47
Jun 24 11:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 11:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: Failed password for invalid user ubuntu from 50.62.22.47 port 34126 ssh2
Jun 24 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: Received disconnect from 50.62.22.47 port 34126:11: Bye Bye [preauth]
Jun 24 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: Disconnected from 50.62.22.47 port 34126 [preauth]
Jun 24 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user root
Jun 24 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22447]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: Successful su for rubyman by root
Jun 24 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: + ??? root:rubyman
Jun 24 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583455 of user rubyman.
Jun 24 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583455.
Jun 24 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22449]: pam_unix(cron:session): session closed for user root
Jun 24 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19458]: pam_unix(cron:session): session closed for user root
Jun 24 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22448]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22755]: Failed password for root from 77.94.47.83 port 39322 ssh2
Jun 24 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22755]: Connection closed by 77.94.47.83 port 39322 [preauth]
Jun 24 11:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: Invalid user student from 104.207.76.183
Jun 24 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: input_userauth_request: invalid user student [preauth]
Jun 24 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: Failed password for invalid user student from 104.207.76.183 port 55840 ssh2
Jun 24 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: Received disconnect from 104.207.76.183 port 55840:11: Bye Bye [preauth]
Jun 24 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: Disconnected from 104.207.76.183 port 55840 [preauth]
Jun 24 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session closed for user root
Jun 24 11:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 11:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22879]: Connection closed by 194.59.206.2 port 24630 [preauth]
Jun 24 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22877]: Failed password for root from 103.27.238.120 port 35554 ssh2
Jun 24 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22877]: Connection closed by 103.27.238.120 port 35554 [preauth]
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22890]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22960]: Successful su for rubyman by root
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22960]: + ??? root:rubyman
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583457 of user rubyman.
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22960]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583457.
Jun 24 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20065]: pam_unix(cron:session): session closed for user root
Jun 24 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22891]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 11:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: Failed password for root from 80.66.85.226 port 53160 ssh2
Jun 24 11:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: Connection closed by 80.66.85.226 port 53160 [preauth]
Jun 24 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21955]: pam_unix(cron:session): session closed for user root
Jun 24 11:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Invalid user apache from 50.62.22.47
Jun 24 11:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: input_userauth_request: invalid user apache [preauth]
Jun 24 11:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Failed password for invalid user apache from 50.62.22.47 port 44498 ssh2
Jun 24 11:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Received disconnect from 50.62.22.47 port 44498:11: Bye Bye [preauth]
Jun 24 11:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Disconnected from 50.62.22.47 port 44498 [preauth]
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23301]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23375]: Successful su for rubyman by root
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23375]: + ??? root:rubyman
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583462 of user rubyman.
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23375]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583462.
Jun 24 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20601]: pam_unix(cron:session): session closed for user root
Jun 24 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23302]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session closed for user root
Jun 24 11:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: Invalid user oracle from 104.207.76.183
Jun 24 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: input_userauth_request: invalid user oracle [preauth]
Jun 24 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: Failed password for invalid user oracle from 104.207.76.183 port 35730 ssh2
Jun 24 11:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: Received disconnect from 104.207.76.183 port 35730:11: Bye Bye [preauth]
Jun 24 11:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: Disconnected from 104.207.76.183 port 35730 [preauth]
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23722]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23801]: Successful su for rubyman by root
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23801]: + ??? root:rubyman
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583465 of user rubyman.
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23801]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583465.
Jun 24 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user root
Jun 24 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23724]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session closed for user root
Jun 24 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47  user=root
Jun 24 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: Failed password for root from 50.62.22.47 port 54896 ssh2
Jun 24 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: Received disconnect from 50.62.22.47 port 54896:11: Bye Bye [preauth]
Jun 24 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: Disconnected from 50.62.22.47 port 54896 [preauth]
Jun 24 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24243]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24317]: Successful su for rubyman by root
Jun 24 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24317]: + ??? root:rubyman
Jun 24 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583469 of user rubyman.
Jun 24 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24317]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583469.
Jun 24 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21526]: pam_unix(cron:session): session closed for user root
Jun 24 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24244]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23306]: pam_unix(cron:session): session closed for user root
Jun 24 11:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: Invalid user admin from 2.57.121.25
Jun 24 11:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: input_userauth_request: invalid user admin [preauth]
Jun 24 11:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 11:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: Failed password for invalid user admin from 2.57.121.25 port 34622 ssh2
Jun 24 11:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: Failed password for invalid user admin from 2.57.121.25 port 34622 ssh2
Jun 24 11:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: Failed password for invalid user admin from 2.57.121.25 port 34622 ssh2
Jun 24 11:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: Connection closed by 2.57.121.25 port 34622 [preauth]
Jun 24 11:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24619]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24674]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24677]: pam_unix(cron:session): session closed for user root
Jun 24 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24746]: Successful su for rubyman by root
Jun 24 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24746]: + ??? root:rubyman
Jun 24 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583475 of user rubyman.
Jun 24 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24746]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583475.
Jun 24 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183  user=root
Jun 24 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24673]: pam_unix(cron:session): session closed for user root
Jun 24 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21954]: pam_unix(cron:session): session closed for user root
Jun 24 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Failed password for root from 104.207.76.183 port 34578 ssh2
Jun 24 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Received disconnect from 104.207.76.183 port 34578:11: Bye Bye [preauth]
Jun 24 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Disconnected from 104.207.76.183 port 34578 [preauth]
Jun 24 11:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24672]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: Invalid user hossein from 141.98.83.240
Jun 24 11:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: input_userauth_request: invalid user hossein [preauth]
Jun 24 11:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: Failed password for invalid user hossein from 141.98.83.240 port 8570 ssh2
Jun 24 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: Failed password for invalid user hossein from 141.98.83.240 port 8570 ssh2
Jun 24 11:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: Failed password for invalid user hossein from 141.98.83.240 port 8570 ssh2
Jun 24 11:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: Connection closed by 141.98.83.240 port 8570 [preauth]
Jun 24 11:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24979]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23726]: pam_unix(cron:session): session closed for user root
Jun 24 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47  user=root
Jun 24 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: Failed password for root from 50.62.22.47 port 37050 ssh2
Jun 24 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: Received disconnect from 50.62.22.47 port 37050:11: Bye Bye [preauth]
Jun 24 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: Disconnected from 50.62.22.47 port 37050 [preauth]
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25108]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: Successful su for rubyman by root
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: + ??? root:rubyman
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583481 of user rubyman.
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583481.
Jun 24 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22450]: pam_unix(cron:session): session closed for user root
Jun 24 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24246]: pam_unix(cron:session): session closed for user root
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25502]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25574]: Successful su for rubyman by root
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25574]: + ??? root:rubyman
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583483 of user rubyman.
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25574]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583483.
Jun 24 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22892]: pam_unix(cron:session): session closed for user root
Jun 24 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25503]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Invalid user adc from 104.207.76.183
Jun 24 11:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: input_userauth_request: invalid user adc [preauth]
Jun 24 11:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Failed password for invalid user adc from 104.207.76.183 port 36412 ssh2
Jun 24 11:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Received disconnect from 104.207.76.183 port 36412:11: Bye Bye [preauth]
Jun 24 11:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Disconnected from 104.207.76.183 port 36412 [preauth]
Jun 24 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24676]: pam_unix(cron:session): session closed for user root
Jun 24 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: Invalid user admin from 193.46.255.86
Jun 24 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: input_userauth_request: invalid user admin [preauth]
Jun 24 11:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 11:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: Failed password for invalid user admin from 193.46.255.86 port 41066 ssh2
Jun 24 11:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: Failed password for invalid user admin from 193.46.255.86 port 41066 ssh2
Jun 24 11:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: Failed password for invalid user admin from 193.46.255.86 port 41066 ssh2
Jun 24 11:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: Connection closed by 193.46.255.86 port 41066 [preauth]
Jun 24 11:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25904]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25963]: Successful su for rubyman by root
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25963]: + ??? root:rubyman
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583488 of user rubyman.
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25963]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583488.
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: Invalid user denis from 50.62.22.47
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: input_userauth_request: invalid user denis [preauth]
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23303]: pam_unix(cron:session): session closed for user root
Jun 24 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: Failed password for invalid user denis from 50.62.22.47 port 47438 ssh2
Jun 24 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: Received disconnect from 50.62.22.47 port 47438:11: Bye Bye [preauth]
Jun 24 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: Disconnected from 50.62.22.47 port 47438 [preauth]
Jun 24 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25905]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25111]: pam_unix(cron:session): session closed for user root
Jun 24 11:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Received disconnect from 170.238.136.42 port 49806:11: disconnected by user [preauth]
Jun 24 11:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Disconnected from 170.238.136.42 port 49806 [preauth]
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26296]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26409]: Successful su for rubyman by root
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26409]: + ??? root:rubyman
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583493 of user rubyman.
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26409]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583493.
Jun 24 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26294]: pam_unix(cron:session): session closed for user root
Jun 24 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session closed for user root
Jun 24 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26299]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25506]: pam_unix(cron:session): session closed for user root
Jun 24 11:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183  user=root
Jun 24 11:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Failed password for root from 104.207.76.183 port 58182 ssh2
Jun 24 11:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Received disconnect from 104.207.76.183 port 58182:11: Bye Bye [preauth]
Jun 24 11:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Disconnected from 104.207.76.183 port 58182 [preauth]
Jun 24 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26865]: pam_unix(cron:session): session closed for user root
Jun 24 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26860]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26939]: Successful su for rubyman by root
Jun 24 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26939]: + ??? root:rubyman
Jun 24 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583496 of user rubyman.
Jun 24 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26939]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583496.
Jun 24 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26862]: pam_unix(cron:session): session closed for user root
Jun 24 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24245]: pam_unix(cron:session): session closed for user root
Jun 24 11:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26861]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27147]: Invalid user ins from 50.62.22.47
Jun 24 11:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27147]: input_userauth_request: invalid user ins [preauth]
Jun 24 11:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27147]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27147]: Failed password for invalid user ins from 50.62.22.47 port 57818 ssh2
Jun 24 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27147]: Received disconnect from 50.62.22.47 port 57818:11: Bye Bye [preauth]
Jun 24 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27147]: Disconnected from 50.62.22.47 port 57818 [preauth]
Jun 24 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25907]: pam_unix(cron:session): session closed for user root
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27317]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27388]: Successful su for rubyman by root
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27388]: + ??? root:rubyman
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583502 of user rubyman.
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27388]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583502.
Jun 24 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24674]: pam_unix(cron:session): session closed for user root
Jun 24 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27318]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26301]: pam_unix(cron:session): session closed for user root
Jun 24 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: Failed password for root from 103.77.175.15 port 39264 ssh2
Jun 24 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: Connection closed by 103.77.175.15 port 39264 [preauth]
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27728]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: Successful su for rubyman by root
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: + ??? root:rubyman
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583507 of user rubyman.
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583507.
Jun 24 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session closed for user root
Jun 24 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Invalid user yy from 104.207.76.183
Jun 24 11:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: input_userauth_request: invalid user yy [preauth]
Jun 24 11:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for invalid user yy from 104.207.76.183 port 33884 ssh2
Jun 24 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Received disconnect from 104.207.76.183 port 33884:11: Bye Bye [preauth]
Jun 24 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Disconnected from 104.207.76.183 port 33884 [preauth]
Jun 24 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: Invalid user deployer from 50.62.22.47
Jun 24 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: input_userauth_request: invalid user deployer [preauth]
Jun 24 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: Failed password for invalid user deployer from 50.62.22.47 port 39984 ssh2
Jun 24 11:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: Received disconnect from 50.62.22.47 port 39984:11: Bye Bye [preauth]
Jun 24 11:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: Disconnected from 50.62.22.47 port 39984 [preauth]
Jun 24 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26864]: pam_unix(cron:session): session closed for user root
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28192]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28253]: Successful su for rubyman by root
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28253]: + ??? root:rubyman
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583511 of user rubyman.
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28253]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583511.
Jun 24 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25505]: pam_unix(cron:session): session closed for user root
Jun 24 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28490]: Did not receive identification string from 64.89.160.135
Jun 24 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27320]: pam_unix(cron:session): session closed for user root
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28682]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28749]: Successful su for rubyman by root
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28749]: + ??? root:rubyman
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583514 of user rubyman.
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28749]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583514.
Jun 24 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25906]: pam_unix(cron:session): session closed for user root
Jun 24 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28683]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: Invalid user postgres from 50.62.22.47
Jun 24 11:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: input_userauth_request: invalid user postgres [preauth]
Jun 24 11:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27731]: pam_unix(cron:session): session closed for user root
Jun 24 11:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: Failed password for invalid user postgres from 50.62.22.47 port 50374 ssh2
Jun 24 11:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: Received disconnect from 50.62.22.47 port 50374:11: Bye Bye [preauth]
Jun 24 11:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: Disconnected from 50.62.22.47 port 50374 [preauth]
Jun 24 11:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29049]: Invalid user db2inst1 from 104.207.76.183
Jun 24 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29049]: input_userauth_request: invalid user db2inst1 [preauth]
Jun 24 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29049]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29049]: Failed password for invalid user db2inst1 from 104.207.76.183 port 32894 ssh2
Jun 24 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29049]: Received disconnect from 104.207.76.183 port 32894:11: Bye Bye [preauth]
Jun 24 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29049]: Disconnected from 104.207.76.183 port 32894 [preauth]
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29109]: pam_unix(cron:session): session closed for user root
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29104]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29176]: Successful su for rubyman by root
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29176]: + ??? root:rubyman
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583518 of user rubyman.
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29176]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583518.
Jun 24 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29106]: pam_unix(cron:session): session closed for user root
Jun 24 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26300]: pam_unix(cron:session): session closed for user root
Jun 24 11:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29105]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28196]: pam_unix(cron:session): session closed for user root
Jun 24 11:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 11:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Failed password for root from 51.250.105.222 port 41290 ssh2
Jun 24 11:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Connection closed by 51.250.105.222 port 41290 [preauth]
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29644]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29728]: Successful su for rubyman by root
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29728]: + ??? root:rubyman
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583524 of user rubyman.
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29728]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583524.
Jun 24 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26863]: pam_unix(cron:session): session closed for user root
Jun 24 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29645]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28685]: pam_unix(cron:session): session closed for user root
Jun 24 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Invalid user neko from 50.62.22.47
Jun 24 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: input_userauth_request: invalid user neko [preauth]
Jun 24 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Failed password for invalid user neko from 50.62.22.47 port 60764 ssh2
Jun 24 11:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Received disconnect from 50.62.22.47 port 60764:11: Bye Bye [preauth]
Jun 24 11:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Disconnected from 50.62.22.47 port 60764 [preauth]
Jun 24 11:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: Invalid user den from 104.207.76.183
Jun 24 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: input_userauth_request: invalid user den [preauth]
Jun 24 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: Failed password for invalid user den from 104.207.76.183 port 39976 ssh2
Jun 24 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: Received disconnect from 104.207.76.183 port 39976:11: Bye Bye [preauth]
Jun 24 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: Disconnected from 104.207.76.183 port 39976 [preauth]
Jun 24 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30103]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30177]: Successful su for rubyman by root
Jun 24 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30177]: + ??? root:rubyman
Jun 24 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583529 of user rubyman.
Jun 24 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30177]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583529.
Jun 24 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27319]: pam_unix(cron:session): session closed for user root
Jun 24 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30104]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 11:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Failed password for root from 62.133.62.83 port 55420 ssh2
Jun 24 11:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Connection closed by 62.133.62.83 port 55420 [preauth]
Jun 24 11:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Received disconnect from 193.70.122.120 port 48730:11: disconnected by user [preauth]
Jun 24 11:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Disconnected from 193.70.122.120 port 48730 [preauth]
Jun 24 11:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29108]: pam_unix(cron:session): session closed for user root
Jun 24 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30516]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30515]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30513]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30583]: Successful su for rubyman by root
Jun 24 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30583]: + ??? root:rubyman
Jun 24 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583532 of user rubyman.
Jun 24 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30583]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583532.
Jun 24 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session closed for user root
Jun 24 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30514]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29647]: pam_unix(cron:session): session closed for user root
Jun 24 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: Invalid user malik from 50.62.22.47
Jun 24 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: input_userauth_request: invalid user malik [preauth]
Jun 24 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: Failed password for invalid user malik from 50.62.22.47 port 42920 ssh2
Jun 24 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: Received disconnect from 50.62.22.47 port 42920:11: Bye Bye [preauth]
Jun 24 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: Disconnected from 50.62.22.47 port 42920 [preauth]
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31024]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31088]: Successful su for rubyman by root
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31088]: + ??? root:rubyman
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583536 of user rubyman.
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31088]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583536.
Jun 24 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session closed for user root
Jun 24 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31025]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Invalid user oo from 104.207.76.183
Jun 24 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: input_userauth_request: invalid user oo [preauth]
Jun 24 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Failed password for invalid user oo from 104.207.76.183 port 33540 ssh2
Jun 24 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Received disconnect from 104.207.76.183 port 33540:11: Bye Bye [preauth]
Jun 24 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Disconnected from 104.207.76.183 port 33540 [preauth]
Jun 24 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session closed for user root
Jun 24 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31438]: pam_unix(cron:session): session closed for user root
Jun 24 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31433]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: Successful su for rubyman by root
Jun 24 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: + ??? root:rubyman
Jun 24 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583542 of user rubyman.
Jun 24 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583542.
Jun 24 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session closed for user root
Jun 24 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28684]: pam_unix(cron:session): session closed for user root
Jun 24 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31434]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30516]: pam_unix(cron:session): session closed for user root
Jun 24 11:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: Invalid user user02 from 50.62.22.47
Jun 24 11:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: input_userauth_request: invalid user user02 [preauth]
Jun 24 11:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: Failed password for invalid user user02 from 50.62.22.47 port 53302 ssh2
Jun 24 11:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: Received disconnect from 50.62.22.47 port 53302:11: Bye Bye [preauth]
Jun 24 11:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: Disconnected from 50.62.22.47 port 53302 [preauth]
Jun 24 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31977]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32055]: Successful su for rubyman by root
Jun 24 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32055]: + ??? root:rubyman
Jun 24 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583546 of user rubyman.
Jun 24 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32055]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583546.
Jun 24 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29107]: pam_unix(cron:session): session closed for user root
Jun 24 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31979]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31027]: pam_unix(cron:session): session closed for user root
Jun 24 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Invalid user ubuntu from 104.207.76.183
Jun 24 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Failed password for invalid user ubuntu from 104.207.76.183 port 37296 ssh2
Jun 24 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Received disconnect from 104.207.76.183 port 37296:11: Bye Bye [preauth]
Jun 24 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Disconnected from 104.207.76.183 port 37296 [preauth]
Jun 24 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32451]: Successful su for rubyman by root
Jun 24 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32451]: + ??? root:rubyman
Jun 24 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583551 of user rubyman.
Jun 24 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32451]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583551.
Jun 24 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29646]: pam_unix(cron:session): session closed for user root
Jun 24 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session closed for user root
Jun 24 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: Invalid user debian from 50.62.22.47
Jun 24 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: input_userauth_request: invalid user debian [preauth]
Jun 24 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47
Jun 24 11:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: Failed password for invalid user debian from 50.62.22.47 port 35456 ssh2
Jun 24 11:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: Received disconnect from 50.62.22.47 port 35456:11: Bye Bye [preauth]
Jun 24 11:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: Disconnected from 50.62.22.47 port 35456 [preauth]
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[342]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[412]: Successful su for rubyman by root
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[412]: + ??? root:rubyman
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583554 of user rubyman.
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[412]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583554.
Jun 24 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session closed for user root
Jun 24 11:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[343]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31981]: pam_unix(cron:session): session closed for user root
Jun 24 11:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: Invalid user asus from 104.207.76.183
Jun 24 11:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: input_userauth_request: invalid user asus [preauth]
Jun 24 11:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: Failed password for invalid user asus from 104.207.76.183 port 56812 ssh2
Jun 24 11:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: Received disconnect from 104.207.76.183 port 56812:11: Bye Bye [preauth]
Jun 24 11:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: Disconnected from 104.207.76.183 port 56812 [preauth]
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[898]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[966]: Successful su for rubyman by root
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[966]: + ??? root:rubyman
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583558 of user rubyman.
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[966]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583558.
Jun 24 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30515]: pam_unix(cron:session): session closed for user root
Jun 24 11:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session closed for user root
Jun 24 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.62.22.47  user=root
Jun 24 11:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Failed password for root from 50.62.22.47 port 45832 ssh2
Jun 24 11:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Received disconnect from 50.62.22.47 port 45832:11: Bye Bye [preauth]
Jun 24 11:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Disconnected from 50.62.22.47 port 45832 [preauth]
Jun 24 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session closed for user root
Jun 24 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1465]: Successful su for rubyman by root
Jun 24 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1465]: + ??? root:rubyman
Jun 24 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583563 of user rubyman.
Jun 24 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1465]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583563.
Jun 24 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session closed for user root
Jun 24 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31026]: pam_unix(cron:session): session closed for user root
Jun 24 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[345]: pam_unix(cron:session): session closed for user root
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1945]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2047]: Successful su for rubyman by root
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2047]: + ??? root:rubyman
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583569 of user rubyman.
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2047]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583569.
Jun 24 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session closed for user root
Jun 24 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1946]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183  user=root
Jun 24 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Failed password for root from 104.207.76.183 port 37402 ssh2
Jun 24 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Received disconnect from 104.207.76.183 port 37402:11: Bye Bye [preauth]
Jun 24 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Disconnected from 104.207.76.183 port 37402 [preauth]
Jun 24 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session closed for user root
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2420]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2484]: Successful su for rubyman by root
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2484]: + ??? root:rubyman
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583574 of user rubyman.
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2484]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583574.
Jun 24 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31980]: pam_unix(cron:session): session closed for user root
Jun 24 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2421]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1362]: pam_unix(cron:session): session closed for user root
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2899]: Successful su for rubyman by root
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2899]: + ??? root:rubyman
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583577 of user rubyman.
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2899]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583577.
Jun 24 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session closed for user root
Jun 24 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 11:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for root from 103.27.238.114 port 57390 ssh2
Jun 24 11:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Connection closed by 103.27.238.114 port 57390 [preauth]
Jun 24 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1948]: pam_unix(cron:session): session closed for user root
Jun 24 11:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Invalid user biolab from 104.207.76.183
Jun 24 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: input_userauth_request: invalid user biolab [preauth]
Jun 24 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.76.183
Jun 24 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Failed password for invalid user biolab from 104.207.76.183 port 39978 ssh2
Jun 24 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Received disconnect from 104.207.76.183 port 39978:11: Bye Bye [preauth]
Jun 24 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Disconnected from 104.207.76.183 port 39978 [preauth]
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session closed for user p13x
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3295]: Successful su for rubyman by root
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3295]: + ??? root:rubyman
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583580 of user rubyman.
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3295]: pam_unix(su:session): session closed for user rubyman
Jun 24 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583580.
Jun 24 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[344]: pam_unix(cron:session): session closed for user root
Jun 24 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session closed for user samftp
Jun 24 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2423]: pam_unix(cron:session): session closed for user root
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3639]: pam_unix(cron:session): session closed for user root
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session closed for user root
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3819]: Successful su for rubyman by root
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3819]: + ??? root:rubyman
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583586 of user rubyman.
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3819]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583586.
Jun 24 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session closed for user root
Jun 24 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session closed for user root
Jun 24 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session closed for user root
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4341]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4406]: Successful su for rubyman by root
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4406]: + ??? root:rubyman
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583593 of user rubyman.
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4406]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583593.
Jun 24 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1361]: pam_unix(cron:session): session closed for user root
Jun 24 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4342]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 12:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: Failed password for root from 103.82.20.28 port 58400 ssh2
Jun 24 12:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4623]: Connection closed by 103.82.20.28 port 58400 [preauth]
Jun 24 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3232]: pam_unix(cron:session): session closed for user root
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: Successful su for rubyman by root
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: + ??? root:rubyman
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583595 of user rubyman.
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4912]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583595.
Jun 24 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1947]: pam_unix(cron:session): session closed for user root
Jun 24 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4775]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3638]: pam_unix(cron:session): session closed for user root
Jun 24 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 12:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: Failed password for root from 87.251.79.125 port 45772 ssh2
Jun 24 12:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: Connection closed by 87.251.79.125 port 45772 [preauth]
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5263]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5329]: Successful su for rubyman by root
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5329]: + ??? root:rubyman
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583600 of user rubyman.
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5329]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583600.
Jun 24 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2422]: pam_unix(cron:session): session closed for user root
Jun 24 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5264]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: Did not receive identification string from 147.185.132.234
Jun 24 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4344]: pam_unix(cron:session): session closed for user root
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5661]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5721]: Successful su for rubyman by root
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5721]: + ??? root:rubyman
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583604 of user rubyman.
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5721]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583604.
Jun 24 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2842]: pam_unix(cron:session): session closed for user root
Jun 24 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5662]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session closed for user root
Jun 24 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6050]: pam_unix(cron:session): session closed for user root
Jun 24 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6045]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: Successful su for rubyman by root
Jun 24 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: + ??? root:rubyman
Jun 24 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583607 of user rubyman.
Jun 24 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583607.
Jun 24 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session closed for user root
Jun 24 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6047]: pam_unix(cron:session): session closed for user root
Jun 24 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6046]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5266]: pam_unix(cron:session): session closed for user root
Jun 24 12:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Connection reset by 45.148.10.157 port 41252 [preauth]
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6468]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6541]: Successful su for rubyman by root
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6541]: + ??? root:rubyman
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583615 of user rubyman.
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6541]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583615.
Jun 24 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3637]: pam_unix(cron:session): session closed for user root
Jun 24 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6469]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 12:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Failed password for root from 147.45.199.80 port 56822 ssh2
Jun 24 12:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Connection closed by 147.45.199.80 port 56822 [preauth]
Jun 24 12:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5664]: pam_unix(cron:session): session closed for user root
Jun 24 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: Successful su for rubyman by root
Jun 24 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: + ??? root:rubyman
Jun 24 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583618 of user rubyman.
Jun 24 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583618.
Jun 24 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4343]: pam_unix(cron:session): session closed for user root
Jun 24 12:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6896]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: Invalid user admin from 141.98.83.240
Jun 24 12:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: input_userauth_request: invalid user admin [preauth]
Jun 24 12:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 12:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: Failed password for invalid user admin from 141.98.83.240 port 60520 ssh2
Jun 24 12:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: Failed password for invalid user admin from 141.98.83.240 port 60520 ssh2
Jun 24 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: Failed password for invalid user admin from 141.98.83.240 port 60520 ssh2
Jun 24 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: Connection closed by 141.98.83.240 port 60520 [preauth]
Jun 24 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 12:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6049]: pam_unix(cron:session): session closed for user root
Jun 24 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7449]: Successful su for rubyman by root
Jun 24 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7449]: + ??? root:rubyman
Jun 24 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583621 of user rubyman.
Jun 24 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7449]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583621.
Jun 24 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session closed for user root
Jun 24 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 12:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Failed password for root from 38.93.206.2 port 51386 ssh2
Jun 24 12:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Connection closed by 38.93.206.2 port 51386 [preauth]
Jun 24 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6471]: pam_unix(cron:session): session closed for user root
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7876]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7988]: Successful su for rubyman by root
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7988]: + ??? root:rubyman
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583627 of user rubyman.
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7988]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583627.
Jun 24 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session closed for user root
Jun 24 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5265]: pam_unix(cron:session): session closed for user root
Jun 24 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6898]: pam_unix(cron:session): session closed for user root
Jun 24 12:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: Received disconnect from 148.153.121.223 port 34882:11: disconnected by user [preauth]
Jun 24 12:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: Disconnected from 148.153.121.223 port 34882 [preauth]
Jun 24 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8363]: pam_unix(cron:session): session closed for user root
Jun 24 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8357]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8427]: Successful su for rubyman by root
Jun 24 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8427]: + ??? root:rubyman
Jun 24 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583630 of user rubyman.
Jun 24 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8427]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583630.
Jun 24 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8359]: pam_unix(cron:session): session closed for user root
Jun 24 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5663]: pam_unix(cron:session): session closed for user root
Jun 24 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8358]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session closed for user root
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: Successful su for rubyman by root
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: + ??? root:rubyman
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583637 of user rubyman.
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583637.
Jun 24 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6048]: pam_unix(cron:session): session closed for user root
Jun 24 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7879]: pam_unix(cron:session): session closed for user root
Jun 24 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: Failed password for root from 103.15.222.183 port 47154 ssh2
Jun 24 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9158]: Connection closed by 103.15.222.183 port 47154 [preauth]
Jun 24 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9189]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9249]: Successful su for rubyman by root
Jun 24 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9249]: + ??? root:rubyman
Jun 24 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583640 of user rubyman.
Jun 24 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9249]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583640.
Jun 24 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6470]: pam_unix(cron:session): session closed for user root
Jun 24 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9190]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8362]: pam_unix(cron:session): session closed for user root
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9577]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9643]: Successful su for rubyman by root
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9643]: + ??? root:rubyman
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583644 of user rubyman.
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9643]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583644.
Jun 24 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6897]: pam_unix(cron:session): session closed for user root
Jun 24 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session closed for user root
Jun 24 12:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: Did not receive identification string from 45.79.207.252
Jun 24 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10151]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10304]: Successful su for rubyman by root
Jun 24 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10304]: + ??? root:rubyman
Jun 24 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583650 of user rubyman.
Jun 24 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10304]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583650.
Jun 24 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session closed for user root
Jun 24 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10152]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Received disconnect from 192.95.10.202 port 44782:11: disconnected by user [preauth]
Jun 24 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Disconnected from 192.95.10.202 port 44782 [preauth]
Jun 24 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9192]: pam_unix(cron:session): session closed for user root
Jun 24 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session closed for user root
Jun 24 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10721]: Successful su for rubyman by root
Jun 24 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10721]: + ??? root:rubyman
Jun 24 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583652 of user rubyman.
Jun 24 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10721]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583652.
Jun 24 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session closed for user root
Jun 24 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session closed for user root
Jun 24 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10963]: Failed password for root from 103.27.238.116 port 56258 ssh2
Jun 24 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10963]: Connection closed by 103.27.238.116 port 56258 [preauth]
Jun 24 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9581]: pam_unix(cron:session): session closed for user root
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11180]: Successful su for rubyman by root
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11180]: + ??? root:rubyman
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583658 of user rubyman.
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11180]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583658.
Jun 24 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8361]: pam_unix(cron:session): session closed for user root
Jun 24 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11109]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: Failed password for root from 103.122.221.179 port 54630 ssh2
Jun 24 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: Connection closed by 103.122.221.179 port 54630 [preauth]
Jun 24 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10154]: pam_unix(cron:session): session closed for user root
Jun 24 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session closed for user root
Jun 24 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11598]: Successful su for rubyman by root
Jun 24 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11598]: + ??? root:rubyman
Jun 24 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583664 of user rubyman.
Jun 24 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11598]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583664.
Jun 24 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session closed for user root
Jun 24 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11537]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10653]: pam_unix(cron:session): session closed for user root
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: Successful su for rubyman by root
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: + ??? root:rubyman
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583668 of user rubyman.
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583668.
Jun 24 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9191]: pam_unix(cron:session): session closed for user root
Jun 24 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Invalid user sale from 217.76.154.242
Jun 24 12:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: input_userauth_request: invalid user sale [preauth]
Jun 24 12:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 24 12:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Failed password for invalid user sale from 217.76.154.242 port 40030 ssh2
Jun 24 12:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Connection closed by 217.76.154.242 port 40030 [preauth]
Jun 24 12:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 12:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Failed password for root from 193.37.70.224 port 46908 ssh2
Jun 24 12:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Connection closed by 193.37.70.224 port 46908 [preauth]
Jun 24 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11111]: pam_unix(cron:session): session closed for user root
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12521]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12580]: Successful su for rubyman by root
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12580]: + ??? root:rubyman
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583672 of user rubyman.
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12580]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583672.
Jun 24 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session closed for user root
Jun 24 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session closed for user root
Jun 24 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session closed for user root
Jun 24 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12937]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13005]: Successful su for rubyman by root
Jun 24 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13005]: + ??? root:rubyman
Jun 24 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583677 of user rubyman.
Jun 24 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13005]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583677.
Jun 24 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session closed for user root
Jun 24 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10153]: pam_unix(cron:session): session closed for user root
Jun 24 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12938]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session closed for user root
Jun 24 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: Received disconnect from 50.6.197.105 port 45570:11: disconnected by user [preauth]
Jun 24 12:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: Disconnected from 50.6.197.105 port 45570 [preauth]
Jun 24 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13379]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13446]: Successful su for rubyman by root
Jun 24 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13446]: + ??? root:rubyman
Jun 24 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583682 of user rubyman.
Jun 24 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13446]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583682.
Jun 24 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session closed for user root
Jun 24 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session closed for user root
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13790]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: Successful su for rubyman by root
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: + ??? root:rubyman
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583686 of user rubyman.
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583686.
Jun 24 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11110]: pam_unix(cron:session): session closed for user root
Jun 24 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13791]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session closed for user root
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14186]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14245]: Successful su for rubyman by root
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14245]: + ??? root:rubyman
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583689 of user rubyman.
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14245]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583689.
Jun 24 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session closed for user root
Jun 24 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14187]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session closed for user root
Jun 24 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Failed password for root from 176.32.39.21 port 56874 ssh2
Jun 24 12:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Connection closed by 176.32.39.21 port 56874 [preauth]
Jun 24 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: Successful su for rubyman by root
Jun 24 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: + ??? root:rubyman
Jun 24 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583693 of user rubyman.
Jun 24 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583693.
Jun 24 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session closed for user root
Jun 24 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13793]: pam_unix(cron:session): session closed for user root
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15058]: pam_unix(cron:session): session closed for user root
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: Successful su for rubyman by root
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: + ??? root:rubyman
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583701 of user rubyman.
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583701.
Jun 24 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15055]: pam_unix(cron:session): session closed for user root
Jun 24 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session closed for user root
Jun 24 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 12:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Failed password for root from 103.153.68.219 port 49790 ssh2
Jun 24 12:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Connection closed by 103.153.68.219 port 49790 [preauth]
Jun 24 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14189]: pam_unix(cron:session): session closed for user root
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15549]: Successful su for rubyman by root
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15549]: + ??? root:rubyman
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583704 of user rubyman.
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15549]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583704.
Jun 24 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session closed for user root
Jun 24 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session closed for user root
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15879]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15937]: Successful su for rubyman by root
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15937]: + ??? root:rubyman
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583709 of user rubyman.
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15937]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583709.
Jun 24 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session closed for user root
Jun 24 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15880]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 12:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: Failed password for root from 194.113.233.25 port 58352 ssh2
Jun 24 12:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: Connection closed by 194.113.233.25 port 58352 [preauth]
Jun 24 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 12:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: Failed password for root from 109.237.96.109 port 34524 ssh2
Jun 24 12:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: Connection closed by 109.237.96.109 port 34524 [preauth]
Jun 24 12:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15057]: pam_unix(cron:session): session closed for user root
Jun 24 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16274]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16273]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16331]: Successful su for rubyman by root
Jun 24 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16331]: + ??? root:rubyman
Jun 24 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583713 of user rubyman.
Jun 24 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16331]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583713.
Jun 24 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13792]: pam_unix(cron:session): session closed for user root
Jun 24 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16274]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15487]: pam_unix(cron:session): session closed for user root
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16664]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16722]: Successful su for rubyman by root
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16722]: + ??? root:rubyman
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583716 of user rubyman.
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16722]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583716.
Jun 24 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14188]: pam_unix(cron:session): session closed for user root
Jun 24 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16665]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15882]: pam_unix(cron:session): session closed for user root
Jun 24 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 24 12:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17108]: Failed password for root from 147.45.211.215 port 46170 ssh2
Jun 24 12:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17108]: Connection closed by 147.45.211.215 port 46170 [preauth]
Jun 24 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session closed for user root
Jun 24 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17158]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17223]: Successful su for rubyman by root
Jun 24 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17223]: + ??? root:rubyman
Jun 24 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583720 of user rubyman.
Jun 24 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17223]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583720.
Jun 24 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Failed password for root from 103.77.242.62 port 51484 ssh2
Jun 24 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Connection closed by 103.77.242.62 port 51484 [preauth]
Jun 24 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session closed for user root
Jun 24 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session closed for user root
Jun 24 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16276]: pam_unix(cron:session): session closed for user root
Jun 24 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17585]: Connection closed by 194.59.206.2 port 52942 [preauth]
Jun 24 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17596]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17749]: Successful su for rubyman by root
Jun 24 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17749]: + ??? root:rubyman
Jun 24 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583726 of user rubyman.
Jun 24 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17749]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583726.
Jun 24 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15056]: pam_unix(cron:session): session closed for user root
Jun 24 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17597]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 12:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Received disconnect from 209.90.232.251 port 41868:11: disconnected by user [preauth]
Jun 24 12:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Disconnected from 209.90.232.251 port 41868 [preauth]
Jun 24 12:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session closed for user root
Jun 24 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18181]: Successful su for rubyman by root
Jun 24 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18181]: + ??? root:rubyman
Jun 24 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583729 of user rubyman.
Jun 24 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18181]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583729.
Jun 24 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session closed for user root
Jun 24 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session closed for user root
Jun 24 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18618]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18684]: Successful su for rubyman by root
Jun 24 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18684]: + ??? root:rubyman
Jun 24 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583733 of user rubyman.
Jun 24 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18684]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583733.
Jun 24 12:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15881]: pam_unix(cron:session): session closed for user root
Jun 24 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18619]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17599]: pam_unix(cron:session): session closed for user root
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19034]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19093]: Successful su for rubyman by root
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19093]: + ??? root:rubyman
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583738 of user rubyman.
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19093]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583738.
Jun 24 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16275]: pam_unix(cron:session): session closed for user root
Jun 24 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19035]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: Failed password for root from 103.82.132.16 port 37444 ssh2
Jun 24 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: Connection closed by 103.82.132.16 port 37444 [preauth]
Jun 24 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18118]: pam_unix(cron:session): session closed for user root
Jun 24 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19738]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19738]: pam_unix(cron:session): session closed for user root
Jun 24 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19732]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19806]: Successful su for rubyman by root
Jun 24 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19806]: + ??? root:rubyman
Jun 24 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583741 of user rubyman.
Jun 24 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19806]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583741.
Jun 24 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16666]: pam_unix(cron:session): session closed for user root
Jun 24 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19735]: pam_unix(cron:session): session closed for user root
Jun 24 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19734]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18621]: pam_unix(cron:session): session closed for user root
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20266]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20340]: Successful su for rubyman by root
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20340]: + ??? root:rubyman
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583748 of user rubyman.
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20340]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583748.
Jun 24 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 24 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: Failed password for root from 46.19.67.181 port 33358 ssh2
Jun 24 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: Connection closed by 46.19.67.181 port 33358 [preauth]
Jun 24 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session closed for user root
Jun 24 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20268]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19037]: pam_unix(cron:session): session closed for user root
Jun 24 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20635]: Received disconnect from 149.56.241.206 port 54684:11: disconnected by user [preauth]
Jun 24 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20635]: Disconnected from 149.56.241.206 port 54684 [preauth]
Jun 24 12:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20666]: Failed password for root from 202.178.126.219 port 9142 ssh2
Jun 24 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20666]: Connection closed by 202.178.126.219 port 9142 [preauth]
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20779]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20843]: Successful su for rubyman by root
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20843]: + ??? root:rubyman
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583752 of user rubyman.
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20843]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583752.
Jun 24 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17598]: pam_unix(cron:session): session closed for user root
Jun 24 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20780]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19737]: pam_unix(cron:session): session closed for user root
Jun 24 12:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 24 12:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: Failed password for root from 193.46.255.86 port 20498 ssh2
Jun 24 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 20498 ssh2]
Jun 24 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: Connection closed by 193.46.255.86 port 20498 [preauth]
Jun 24 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21196]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21255]: Successful su for rubyman by root
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21255]: + ??? root:rubyman
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583756 of user rubyman.
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21255]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583756.
Jun 24 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18117]: pam_unix(cron:session): session closed for user root
Jun 24 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21197]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20270]: pam_unix(cron:session): session closed for user root
Jun 24 12:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Invalid user lela from 141.98.83.240
Jun 24 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: input_userauth_request: invalid user lela [preauth]
Jun 24 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Failed password for invalid user lela from 141.98.83.240 port 57082 ssh2
Jun 24 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Failed password for invalid user lela from 141.98.83.240 port 57082 ssh2
Jun 24 12:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21619]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21747]: Successful su for rubyman by root
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21747]: + ??? root:rubyman
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583759 of user rubyman.
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21747]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583759.
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Failed password for invalid user lela from 141.98.83.240 port 57082 ssh2
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Connection closed by 141.98.83.240 port 57082 [preauth]
Jun 24 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session closed for user root
Jun 24 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18620]: pam_unix(cron:session): session closed for user root
Jun 24 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21620]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20782]: pam_unix(cron:session): session closed for user root
Jun 24 12:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Did not receive identification string from 14.18.114.170
Jun 24 12:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Invalid user aman from 2.57.121.112
Jun 24 12:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: input_userauth_request: invalid user aman [preauth]
Jun 24 12:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Failed password for invalid user aman from 2.57.121.112 port 53540 ssh2
Jun 24 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session closed for user root
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22120]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Failed password for invalid user aman from 2.57.121.112 port 53540 ssh2
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: Successful su for rubyman by root
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: + ??? root:rubyman
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583766 of user rubyman.
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583766.
Jun 24 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22122]: pam_unix(cron:session): session closed for user root
Jun 24 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19036]: pam_unix(cron:session): session closed for user root
Jun 24 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Failed password for invalid user aman from 2.57.121.112 port 53540 ssh2
Jun 24 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22121]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.18.114.170  user=root
Jun 24 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Failed password for invalid user aman from 2.57.121.112 port 53540 ssh2
Jun 24 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Connection closed by 2.57.121.112 port 53540 [preauth]
Jun 24 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 24 12:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22495]: Invalid user aman from 2.57.121.112
Jun 24 12:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22495]: input_userauth_request: invalid user aman [preauth]
Jun 24 12:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22495]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: Failed password for root from 14.18.114.170 port 52836 ssh2
Jun 24 12:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22495]: Failed password for invalid user aman from 2.57.121.112 port 14580 ssh2
Jun 24 12:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22495]: Connection closed by 2.57.121.112 port 14580 [preauth]
Jun 24 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21199]: pam_unix(cron:session): session closed for user root
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22650]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22721]: Successful su for rubyman by root
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22721]: + ??? root:rubyman
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583770 of user rubyman.
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22721]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583770.
Jun 24 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19736]: pam_unix(cron:session): session closed for user root
Jun 24 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22651]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: Invalid user admin from 2.57.121.25
Jun 24 12:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: input_userauth_request: invalid user admin [preauth]
Jun 24 12:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: Failed password for invalid user admin from 2.57.121.25 port 43838 ssh2
Jun 24 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: Failed password for invalid user admin from 2.57.121.25 port 43838 ssh2
Jun 24 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: Failed password for invalid user admin from 2.57.121.25 port 43838 ssh2
Jun 24 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: Connection closed by 2.57.121.25 port 43838 [preauth]
Jun 24 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21622]: pam_unix(cron:session): session closed for user root
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23059]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23121]: Successful su for rubyman by root
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23121]: + ??? root:rubyman
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583774 of user rubyman.
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23121]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583774.
Jun 24 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20269]: pam_unix(cron:session): session closed for user root
Jun 24 12:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23060]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22124]: pam_unix(cron:session): session closed for user root
Jun 24 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23542]: Successful su for rubyman by root
Jun 24 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23542]: + ??? root:rubyman
Jun 24 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583778 of user rubyman.
Jun 24 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23542]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583778.
Jun 24 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20781]: pam_unix(cron:session): session closed for user root
Jun 24 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22653]: pam_unix(cron:session): session closed for user root
Jun 24 12:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23978]: Received disconnect from 45.175.123.254 port 4064:11: disconnected by user [preauth]
Jun 24 12:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23978]: Disconnected from 45.175.123.254 port 4064 [preauth]
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23990]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24051]: Successful su for rubyman by root
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24051]: + ??? root:rubyman
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583782 of user rubyman.
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24051]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583782.
Jun 24 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21198]: pam_unix(cron:session): session closed for user root
Jun 24 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23991]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23062]: pam_unix(cron:session): session closed for user root
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24417]: pam_unix(cron:session): session closed for user root
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24412]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24491]: Successful su for rubyman by root
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24491]: + ??? root:rubyman
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583788 of user rubyman.
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24491]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583788.
Jun 24 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24414]: pam_unix(cron:session): session closed for user root
Jun 24 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21621]: pam_unix(cron:session): session closed for user root
Jun 24 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24413]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session closed for user root
Jun 24 12:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24868]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24931]: Successful su for rubyman by root
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24931]: + ??? root:rubyman
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583793 of user rubyman.
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24931]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583793.
Jun 24 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Failed password for root from 103.149.28.157 port 53518 ssh2
Jun 24 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Connection closed by 103.149.28.157 port 53518 [preauth]
Jun 24 12:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22123]: pam_unix(cron:session): session closed for user root
Jun 24 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24869]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23993]: pam_unix(cron:session): session closed for user root
Jun 24 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: Failed password for root from 80.66.85.226 port 45468 ssh2
Jun 24 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25194]: Connection closed by 80.66.85.226 port 45468 [preauth]
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25271]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25328]: Successful su for rubyman by root
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25328]: + ??? root:rubyman
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583796 of user rubyman.
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25328]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583796.
Jun 24 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22652]: pam_unix(cron:session): session closed for user root
Jun 24 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25272]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24416]: pam_unix(cron:session): session closed for user root
Jun 24 12:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 12:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Failed password for root from 103.176.20.57 port 33000 ssh2
Jun 24 12:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Connection closed by 103.176.20.57 port 33000 [preauth]
Jun 24 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25726]: Successful su for rubyman by root
Jun 24 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25726]: + ??? root:rubyman
Jun 24 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583802 of user rubyman.
Jun 24 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25726]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583802.
Jun 24 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23061]: pam_unix(cron:session): session closed for user root
Jun 24 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24871]: pam_unix(cron:session): session closed for user root
Jun 24 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26050]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26113]: Successful su for rubyman by root
Jun 24 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26113]: + ??? root:rubyman
Jun 24 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583805 of user rubyman.
Jun 24 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26113]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583805.
Jun 24 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23476]: pam_unix(cron:session): session closed for user root
Jun 24 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26051]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25274]: pam_unix(cron:session): session closed for user root
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26446]: pam_unix(cron:session): session closed for user root
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26441]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26512]: Successful su for rubyman by root
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26512]: + ??? root:rubyman
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583811 of user rubyman.
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26512]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583811.
Jun 24 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26443]: pam_unix(cron:session): session closed for user root
Jun 24 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23992]: pam_unix(cron:session): session closed for user root
Jun 24 12:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26442]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25668]: pam_unix(cron:session): session closed for user root
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26965]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27032]: Successful su for rubyman by root
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27032]: + ??? root:rubyman
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583814 of user rubyman.
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27032]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583814.
Jun 24 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24415]: pam_unix(cron:session): session closed for user root
Jun 24 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26966]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26053]: pam_unix(cron:session): session closed for user root
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27446]: Successful su for rubyman by root
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27446]: + ??? root:rubyman
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583819 of user rubyman.
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27446]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583819.
Jun 24 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24870]: pam_unix(cron:session): session closed for user root
Jun 24 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27388]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26445]: pam_unix(cron:session): session closed for user root
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27848]: Successful su for rubyman by root
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27848]: + ??? root:rubyman
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583822 of user rubyman.
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27848]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583822.
Jun 24 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25273]: pam_unix(cron:session): session closed for user root
Jun 24 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session closed for user root
Jun 24 12:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Received disconnect from 74.48.105.66 port 46536:11: disconnected by user [preauth]
Jun 24 12:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Disconnected from 74.48.105.66 port 46536 [preauth]
Jun 24 12:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 12:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Failed password for root from 77.94.47.83 port 59508 ssh2
Jun 24 12:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Connection closed by 77.94.47.83 port 59508 [preauth]
Jun 24 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: Successful su for rubyman by root
Jun 24 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: + ??? root:rubyman
Jun 24 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583826 of user rubyman.
Jun 24 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583826.
Jun 24 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session closed for user root
Jun 24 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27390]: pam_unix(cron:session): session closed for user root
Jun 24 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28750]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28750]: pam_unix(cron:session): session closed for user root
Jun 24 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28815]: Successful su for rubyman by root
Jun 24 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28815]: + ??? root:rubyman
Jun 24 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583832 of user rubyman.
Jun 24 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28815]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583832.
Jun 24 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28746]: pam_unix(cron:session): session closed for user root
Jun 24 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26052]: pam_unix(cron:session): session closed for user root
Jun 24 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28745]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 12:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: Failed password for root from 103.172.78.219 port 47298 ssh2
Jun 24 12:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: Connection closed by 103.172.78.219 port 47298 [preauth]
Jun 24 12:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session closed for user root
Jun 24 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29195]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29278]: Successful su for rubyman by root
Jun 24 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29278]: + ??? root:rubyman
Jun 24 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583836 of user rubyman.
Jun 24 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29278]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583836.
Jun 24 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26444]: pam_unix(cron:session): session closed for user root
Jun 24 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29198]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session closed for user root
Jun 24 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: Failed password for root from 38.93.206.2 port 45930 ssh2
Jun 24 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: Connection closed by 38.93.206.2 port 45930 [preauth]
Jun 24 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: Successful su for rubyman by root
Jun 24 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: + ??? root:rubyman
Jun 24 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583842 of user rubyman.
Jun 24 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583842.
Jun 24 12:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26967]: pam_unix(cron:session): session closed for user root
Jun 24 12:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28749]: pam_unix(cron:session): session closed for user root
Jun 24 12:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 12:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 12:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30105]: Failed password for root from 103.27.238.120 port 46328 ssh2
Jun 24 12:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30105]: Connection closed by 103.27.238.120 port 46328 [preauth]
Jun 24 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30231]: Successful su for rubyman by root
Jun 24 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30231]: + ??? root:rubyman
Jun 24 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583844 of user rubyman.
Jun 24 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30231]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583844.
Jun 24 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27389]: pam_unix(cron:session): session closed for user root
Jun 24 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30166]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29200]: pam_unix(cron:session): session closed for user root
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session closed for user p13x
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30644]: Successful su for rubyman by root
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30644]: + ??? root:rubyman
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583850 of user rubyman.
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30644]: pam_unix(su:session): session closed for user rubyman
Jun 24 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583850.
Jun 24 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session closed for user root
Jun 24 12:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session closed for user samftp
Jun 24 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session closed for user root
Jun 24 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session closed for user root
Jun 24 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31084]: pam_unix(cron:session): session closed for user root
Jun 24 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31082]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31173]: Successful su for rubyman by root
Jun 24 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31173]: + ??? root:rubyman
Jun 24 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583852 of user rubyman.
Jun 24 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31173]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583852.
Jun 24 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31085]: pam_unix(cron:session): session closed for user root
Jun 24 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28262]: pam_unix(cron:session): session closed for user root
Jun 24 13:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31083]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30170]: pam_unix(cron:session): session closed for user root
Jun 24 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31676]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31745]: Successful su for rubyman by root
Jun 24 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31745]: + ??? root:rubyman
Jun 24 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583861 of user rubyman.
Jun 24 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31745]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583861.
Jun 24 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28747]: pam_unix(cron:session): session closed for user root
Jun 24 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31678]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30574]: pam_unix(cron:session): session closed for user root
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32162]: Successful su for rubyman by root
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32162]: + ??? root:rubyman
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583864 of user rubyman.
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32162]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583864.
Jun 24 13:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29199]: pam_unix(cron:session): session closed for user root
Jun 24 13:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session closed for user root
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32505]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32566]: Successful su for rubyman by root
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32566]: + ??? root:rubyman
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583867 of user rubyman.
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32566]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583867.
Jun 24 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session closed for user root
Jun 24 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32506]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31680]: pam_unix(cron:session): session closed for user root
Jun 24 13:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 13:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: Received disconnect from 148.113.190.153 port 52842:11: disconnected by user [preauth]
Jun 24 13:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: Disconnected from 148.113.190.153 port 52842 [preauth]
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[585]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[649]: Successful su for rubyman by root
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[649]: + ??? root:rubyman
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583871 of user rubyman.
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[649]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583871.
Jun 24 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30169]: pam_unix(cron:session): session closed for user root
Jun 24 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[586]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32101]: pam_unix(cron:session): session closed for user root
Jun 24 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 13:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[995]: Failed password for root from 51.250.105.222 port 41680 ssh2
Jun 24 13:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[995]: Connection closed by 51.250.105.222 port 41680 [preauth]
Jun 24 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1015]: pam_unix(cron:session): session closed for user root
Jun 24 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1116]: Successful su for rubyman by root
Jun 24 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1116]: + ??? root:rubyman
Jun 24 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583877 of user rubyman.
Jun 24 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1116]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583877.
Jun 24 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30572]: pam_unix(cron:session): session closed for user root
Jun 24 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1011]: pam_unix(cron:session): session closed for user root
Jun 24 13:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1010]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session closed for user root
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1603]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1684]: Successful su for rubyman by root
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1684]: + ??? root:rubyman
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583881 of user rubyman.
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1684]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583881.
Jun 24 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session closed for user root
Jun 24 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[588]: pam_unix(cron:session): session closed for user root
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2099]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2174]: Successful su for rubyman by root
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2174]: + ??? root:rubyman
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583886 of user rubyman.
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2174]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583886.
Jun 24 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31679]: pam_unix(cron:session): session closed for user root
Jun 24 13:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2100]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1014]: pam_unix(cron:session): session closed for user root
Jun 24 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2527]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: Successful su for rubyman by root
Jun 24 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: + ??? root:rubyman
Jun 24 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583890 of user rubyman.
Jun 24 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583890.
Jun 24 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session closed for user root
Jun 24 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2530]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session closed for user root
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3056]: Successful su for rubyman by root
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3056]: + ??? root:rubyman
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583893 of user rubyman.
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3056]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583893.
Jun 24 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2935]: pam_unix(cron:session): session closed for user root
Jun 24 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32507]: pam_unix(cron:session): session closed for user root
Jun 24 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2102]: pam_unix(cron:session): session closed for user root
Jun 24 13:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3396]: Failed password for root from 62.133.62.83 port 58836 ssh2
Jun 24 13:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3396]: Connection closed by 62.133.62.83 port 58836 [preauth]
Jun 24 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3429]: pam_unix(cron:session): session closed for user root
Jun 24 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3424]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3496]: Successful su for rubyman by root
Jun 24 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3496]: + ??? root:rubyman
Jun 24 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583898 of user rubyman.
Jun 24 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3496]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583898.
Jun 24 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3426]: pam_unix(cron:session): session closed for user root
Jun 24 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[587]: pam_unix(cron:session): session closed for user root
Jun 24 13:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3425]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Invalid user lucas from 141.98.83.240
Jun 24 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: input_userauth_request: invalid user lucas [preauth]
Jun 24 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 13:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Failed password for invalid user lucas from 141.98.83.240 port 27142 ssh2
Jun 24 13:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Failed password for invalid user lucas from 141.98.83.240 port 27142 ssh2
Jun 24 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2532]: pam_unix(cron:session): session closed for user root
Jun 24 13:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Failed password for invalid user lucas from 141.98.83.240 port 27142 ssh2
Jun 24 13:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Connection closed by 141.98.83.240 port 27142 [preauth]
Jun 24 13:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4055]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: Successful su for rubyman by root
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: + ??? root:rubyman
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583905 of user rubyman.
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583905.
Jun 24 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1012]: pam_unix(cron:session): session closed for user root
Jun 24 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4056]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session closed for user root
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4530]: Successful su for rubyman by root
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4530]: + ??? root:rubyman
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583909 of user rubyman.
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4530]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583909.
Jun 24 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session closed for user root
Jun 24 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4466]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3428]: pam_unix(cron:session): session closed for user root
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4991]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: Successful su for rubyman by root
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: + ??? root:rubyman
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583914 of user rubyman.
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583914.
Jun 24 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2101]: pam_unix(cron:session): session closed for user root
Jun 24 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4992]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4058]: pam_unix(cron:session): session closed for user root
Jun 24 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5396]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5458]: Successful su for rubyman by root
Jun 24 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5458]: + ??? root:rubyman
Jun 24 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583916 of user rubyman.
Jun 24 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5458]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583916.
Jun 24 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2531]: pam_unix(cron:session): session closed for user root
Jun 24 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Received disconnect from 62.210.189.225 port 8160:11: disconnected by user [preauth]
Jun 24 13:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Disconnected from 62.210.189.225 port 8160 [preauth]
Jun 24 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4468]: pam_unix(cron:session): session closed for user root
Jun 24 13:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: Did not receive identification string from 45.79.207.252
Jun 24 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5786]: pam_unix(cron:session): session closed for user root
Jun 24 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5781]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5854]: Successful su for rubyman by root
Jun 24 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5854]: + ??? root:rubyman
Jun 24 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583921 of user rubyman.
Jun 24 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5854]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583921.
Jun 24 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5783]: pam_unix(cron:session): session closed for user root
Jun 24 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2939]: pam_unix(cron:session): session closed for user root
Jun 24 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5782]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4994]: pam_unix(cron:session): session closed for user root
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6199]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6268]: Successful su for rubyman by root
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6268]: + ??? root:rubyman
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583926 of user rubyman.
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6268]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583926.
Jun 24 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3427]: pam_unix(cron:session): session closed for user root
Jun 24 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6200]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 24 13:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Failed password for root from 89.223.69.22 port 35658 ssh2
Jun 24 13:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Connection closed by 89.223.69.22 port 35658 [preauth]
Jun 24 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session closed for user root
Jun 24 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6601]: pam_unix(cron:session): session closed for user root
Jun 24 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6605]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6670]: Successful su for rubyman by root
Jun 24 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6670]: + ??? root:rubyman
Jun 24 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583931 of user rubyman.
Jun 24 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6670]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583931.
Jun 24 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4057]: pam_unix(cron:session): session closed for user root
Jun 24 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6606]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 13:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: Failed password for root from 103.77.175.15 port 49718 ssh2
Jun 24 13:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: Connection closed by 103.77.175.15 port 49718 [preauth]
Jun 24 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5785]: pam_unix(cron:session): session closed for user root
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7173]: Successful su for rubyman by root
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7173]: + ??? root:rubyman
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583935 of user rubyman.
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7173]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583935.
Jun 24 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4467]: pam_unix(cron:session): session closed for user root
Jun 24 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7062]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session closed for user root
Jun 24 13:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 13:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Failed password for root from 87.251.79.125 port 33764 ssh2
Jun 24 13:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Connection closed by 87.251.79.125 port 33764 [preauth]
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7508]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7573]: Successful su for rubyman by root
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7573]: + ??? root:rubyman
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583939 of user rubyman.
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7573]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583939.
Jun 24 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4993]: pam_unix(cron:session): session closed for user root
Jun 24 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7509]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6608]: pam_unix(cron:session): session closed for user root
Jun 24 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session closed for user root
Jun 24 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8000]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8070]: Successful su for rubyman by root
Jun 24 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8070]: + ??? root:rubyman
Jun 24 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583945 of user rubyman.
Jun 24 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8070]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583945.
Jun 24 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8002]: pam_unix(cron:session): session closed for user root
Jun 24 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session closed for user root
Jun 24 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7067]: pam_unix(cron:session): session closed for user root
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8492]: Successful su for rubyman by root
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8492]: + ??? root:rubyman
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583950 of user rubyman.
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8492]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583950.
Jun 24 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5784]: pam_unix(cron:session): session closed for user root
Jun 24 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8421]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: Received disconnect from 45.79.167.35 port 38172:11: disconnected by user [preauth]
Jun 24 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8663]: Disconnected from 45.79.167.35 port 38172 [preauth]
Jun 24 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7512]: pam_unix(cron:session): session closed for user root
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8821]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8884]: Successful su for rubyman by root
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8884]: + ??? root:rubyman
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583954 of user rubyman.
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8884]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583954.
Jun 24 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session closed for user root
Jun 24 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8822]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8004]: pam_unix(cron:session): session closed for user root
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9223]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: Successful su for rubyman by root
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: + ??? root:rubyman
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583958 of user rubyman.
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583958.
Jun 24 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session closed for user root
Jun 24 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9224]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 13:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: Failed password for root from 147.45.199.80 port 38618 ssh2
Jun 24 13:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: Connection closed by 147.45.199.80 port 38618 [preauth]
Jun 24 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8423]: pam_unix(cron:session): session closed for user root
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9609]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9672]: Successful su for rubyman by root
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9672]: + ??? root:rubyman
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583961 of user rubyman.
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9672]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583961.
Jun 24 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7066]: pam_unix(cron:session): session closed for user root
Jun 24 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9610]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8824]: pam_unix(cron:session): session closed for user root
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10189]: pam_unix(cron:session): session closed for user root
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10180]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10346]: Successful su for rubyman by root
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10346]: + ??? root:rubyman
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583968 of user rubyman.
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10346]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583968.
Jun 24 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10182]: pam_unix(cron:session): session closed for user root
Jun 24 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7511]: pam_unix(cron:session): session closed for user root
Jun 24 13:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Failed password for root from 103.27.238.114 port 39772 ssh2
Jun 24 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Connection closed by 103.27.238.114 port 39772 [preauth]
Jun 24 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9226]: pam_unix(cron:session): session closed for user root
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10713]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10795]: Successful su for rubyman by root
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10795]: + ??? root:rubyman
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583973 of user rubyman.
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10795]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583973.
Jun 24 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session closed for user root
Jun 24 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10714]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 13:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Failed password for root from 202.178.126.219 port 49987 ssh2
Jun 24 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Connection closed by 202.178.126.219 port 49987 [preauth]
Jun 24 13:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9612]: pam_unix(cron:session): session closed for user root
Jun 24 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11146]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11211]: Successful su for rubyman by root
Jun 24 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11211]: + ??? root:rubyman
Jun 24 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583975 of user rubyman.
Jun 24 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11211]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583975.
Jun 24 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8422]: pam_unix(cron:session): session closed for user root
Jun 24 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11147]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10188]: pam_unix(cron:session): session closed for user root
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11624]: Successful su for rubyman by root
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11624]: + ??? root:rubyman
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583979 of user rubyman.
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11624]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583979.
Jun 24 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11673]: Did not receive identification string from 77.90.185.16
Jun 24 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8823]: pam_unix(cron:session): session closed for user root
Jun 24 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11562]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10716]: pam_unix(cron:session): session closed for user root
Jun 24 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 13:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Failed password for root from 103.82.20.28 port 48084 ssh2
Jun 24 13:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Connection closed by 103.82.20.28 port 48084 [preauth]
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12080]: Successful su for rubyman by root
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12080]: + ??? root:rubyman
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583984 of user rubyman.
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12080]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583984.
Jun 24 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9225]: pam_unix(cron:session): session closed for user root
Jun 24 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11151]: pam_unix(cron:session): session closed for user root
Jun 24 13:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: Invalid user ftpuser from 136.232.11.10
Jun 24 13:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 13:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 13:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: Failed password for invalid user ftpuser from 136.232.11.10 port 36350 ssh2
Jun 24 13:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: Received disconnect from 136.232.11.10 port 36350:11: Bye Bye [preauth]
Jun 24 13:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: Disconnected from 136.232.11.10 port 36350 [preauth]
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12550]: pam_unix(cron:session): session closed for user root
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12545]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12617]: Successful su for rubyman by root
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12617]: + ??? root:rubyman
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583987 of user rubyman.
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12617]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583987.
Jun 24 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9611]: pam_unix(cron:session): session closed for user root
Jun 24 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session closed for user root
Jun 24 13:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11564]: pam_unix(cron:session): session closed for user root
Jun 24 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: Connection closed by 194.59.206.2 port 49412 [preauth]
Jun 24 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12993]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13063]: Successful su for rubyman by root
Jun 24 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13063]: + ??? root:rubyman
Jun 24 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583994 of user rubyman.
Jun 24 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13063]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583994.
Jun 24 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10183]: pam_unix(cron:session): session closed for user root
Jun 24 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session closed for user root
Jun 24 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13469]: Successful su for rubyman by root
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13469]: + ??? root:rubyman
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 583997 of user rubyman.
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13469]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 583997.
Jun 24 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10715]: pam_unix(cron:session): session closed for user root
Jun 24 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: Connection closed by 66.132.195.40 port 62738 [preauth]
Jun 24 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13412]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session closed for user root
Jun 24 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13817]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13879]: Successful su for rubyman by root
Jun 24 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13879]: + ??? root:rubyman
Jun 24 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584002 of user rubyman.
Jun 24 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13879]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584002.
Jun 24 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11149]: pam_unix(cron:session): session closed for user root
Jun 24 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 13:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Received disconnect from 107.173.122.15 port 43770:11: disconnected by user [preauth]
Jun 24 13:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Disconnected from 107.173.122.15 port 43770 [preauth]
Jun 24 13:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session closed for user root
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14218]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14276]: Successful su for rubyman by root
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14276]: + ??? root:rubyman
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584005 of user rubyman.
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14276]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584005.
Jun 24 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11563]: pam_unix(cron:session): session closed for user root
Jun 24 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14219]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13414]: pam_unix(cron:session): session closed for user root
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session closed for user root
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14600]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: Successful su for rubyman by root
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: + ??? root:rubyman
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584011 of user rubyman.
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584011.
Jun 24 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12021]: pam_unix(cron:session): session closed for user root
Jun 24 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14602]: pam_unix(cron:session): session closed for user root
Jun 24 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14601]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session closed for user root
Jun 24 13:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 13:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: Failed password for root from 193.37.70.224 port 34116 ssh2
Jun 24 13:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: Connection closed by 193.37.70.224 port 34116 [preauth]
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15119]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15198]: Successful su for rubyman by root
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15198]: + ??? root:rubyman
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584015 of user rubyman.
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15198]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584015.
Jun 24 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session closed for user root
Jun 24 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15120]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 13:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15401]: Failed password for root from 103.15.222.183 port 57666 ssh2
Jun 24 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15401]: Connection closed by 103.15.222.183 port 57666 [preauth]
Jun 24 13:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14221]: pam_unix(cron:session): session closed for user root
Jun 24 13:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: Invalid user admin from 193.46.255.86
Jun 24 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: input_userauth_request: invalid user admin [preauth]
Jun 24 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 13:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: Failed password for invalid user admin from 193.46.255.86 port 45960 ssh2
Jun 24 13:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: Failed password for invalid user admin from 193.46.255.86 port 45960 ssh2
Jun 24 13:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: Failed password for invalid user admin from 193.46.255.86 port 45960 ssh2
Jun 24 13:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: Connection closed by 193.46.255.86 port 45960 [preauth]
Jun 24 13:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15585]: Successful su for rubyman by root
Jun 24 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15585]: + ??? root:rubyman
Jun 24 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584019 of user rubyman.
Jun 24 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15585]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584019.
Jun 24 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12995]: pam_unix(cron:session): session closed for user root
Jun 24 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15525]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session closed for user root
Jun 24 13:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: Received disconnect from 104.248.177.83 port 55632:11: disconnected by user [preauth]
Jun 24 13:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: Disconnected from 104.248.177.83 port 55632 [preauth]
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15914]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15972]: Successful su for rubyman by root
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15972]: + ??? root:rubyman
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584023 of user rubyman.
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15972]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584023.
Jun 24 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13413]: pam_unix(cron:session): session closed for user root
Jun 24 13:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15915]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15122]: pam_unix(cron:session): session closed for user root
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16297]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16416]: Successful su for rubyman by root
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16416]: + ??? root:rubyman
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584029 of user rubyman.
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16416]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584029.
Jun 24 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16295]: pam_unix(cron:session): session closed for user root
Jun 24 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session closed for user root
Jun 24 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16298]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15527]: pam_unix(cron:session): session closed for user root
Jun 24 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session closed for user root
Jun 24 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16783]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16891]: Successful su for rubyman by root
Jun 24 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16891]: + ??? root:rubyman
Jun 24 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584035 of user rubyman.
Jun 24 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16891]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584035.
Jun 24 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16785]: pam_unix(cron:session): session closed for user root
Jun 24 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14220]: pam_unix(cron:session): session closed for user root
Jun 24 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16784]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15917]: pam_unix(cron:session): session closed for user root
Jun 24 13:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: Connection closed by 45.148.10.121 port 53674 [preauth]
Jun 24 13:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: Did not receive identification string from 195.178.110.232
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: Successful su for rubyman by root
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: + ??? root:rubyman
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584038 of user rubyman.
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584038.
Jun 24 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session closed for user root
Jun 24 13:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16300]: pam_unix(cron:session): session closed for user root
Jun 24 13:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 13:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Failed password for root from 103.27.238.116 port 58310 ssh2
Jun 24 13:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Connection closed by 103.27.238.116 port 58310 [preauth]
Jun 24 13:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Invalid user user from 141.98.83.240
Jun 24 13:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: input_userauth_request: invalid user user [preauth]
Jun 24 13:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17815]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17897]: Successful su for rubyman by root
Jun 24 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17897]: + ??? root:rubyman
Jun 24 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584043 of user rubyman.
Jun 24 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17897]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584043.
Jun 24 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Failed password for invalid user user from 141.98.83.240 port 58528 ssh2
Jun 24 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15121]: pam_unix(cron:session): session closed for user root
Jun 24 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Failed password for invalid user user from 141.98.83.240 port 58528 ssh2
Jun 24 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Failed password for invalid user user from 141.98.83.240 port 58528 ssh2
Jun 24 13:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17816]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Connection closed by 141.98.83.240 port 58528 [preauth]
Jun 24 13:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session closed for user root
Jun 24 13:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 13:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Failed password for root from 103.122.221.179 port 45910 ssh2
Jun 24 13:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Connection closed by 103.122.221.179 port 45910 [preauth]
Jun 24 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18327]: Successful su for rubyman by root
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18327]: + ??? root:rubyman
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584047 of user rubyman.
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18327]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584047.
Jun 24 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: Failed password for root from 195.178.110.232 port 41318 ssh2
Jun 24 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: Connection closed by 195.178.110.232 port 41318 [preauth]
Jun 24 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15526]: pam_unix(cron:session): session closed for user root
Jun 24 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 13:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: Failed password for root from 194.113.233.25 port 36740 ssh2
Jun 24 13:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: Connection closed by 194.113.233.25 port 36740 [preauth]
Jun 24 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session closed for user root
Jun 24 13:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 13:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: Failed password for root from 109.237.96.109 port 33198 ssh2
Jun 24 13:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: Connection closed by 109.237.96.109 port 33198 [preauth]
Jun 24 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18756]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18832]: Successful su for rubyman by root
Jun 24 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18832]: + ??? root:rubyman
Jun 24 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584050 of user rubyman.
Jun 24 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18832]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584050.
Jun 24 13:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15916]: pam_unix(cron:session): session closed for user root
Jun 24 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18757]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Failed password for root from 195.178.110.232 port 44488 ssh2
Jun 24 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Connection closed by 195.178.110.232 port 44488 [preauth]
Jun 24 13:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17818]: pam_unix(cron:session): session closed for user root
Jun 24 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19267]: pam_unix(cron:session): session closed for user root
Jun 24 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19262]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19331]: Successful su for rubyman by root
Jun 24 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19331]: + ??? root:rubyman
Jun 24 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584055 of user rubyman.
Jun 24 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19331]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584055.
Jun 24 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19264]: pam_unix(cron:session): session closed for user root
Jun 24 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16299]: pam_unix(cron:session): session closed for user root
Jun 24 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19263]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: Invalid user lyt from 136.232.11.10
Jun 24 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: input_userauth_request: invalid user lyt [preauth]
Jun 24 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 13:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: Failed password for invalid user lyt from 136.232.11.10 port 40769 ssh2
Jun 24 13:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: Received disconnect from 136.232.11.10 port 40769:11: Bye Bye [preauth]
Jun 24 13:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19734]: Disconnected from 136.232.11.10 port 40769 [preauth]
Jun 24 13:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18260]: pam_unix(cron:session): session closed for user root
Jun 24 13:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 13:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19889]: Failed password for root from 38.93.206.2 port 10798 ssh2
Jun 24 13:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19889]: Connection closed by 38.93.206.2 port 10798 [preauth]
Jun 24 13:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: Failed password for root from 195.178.110.232 port 47622 ssh2
Jun 24 13:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: Connection closed by 195.178.110.232 port 47622 [preauth]
Jun 24 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19921]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19919]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19988]: Successful su for rubyman by root
Jun 24 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19988]: + ??? root:rubyman
Jun 24 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584061 of user rubyman.
Jun 24 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19988]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584061.
Jun 24 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session closed for user root
Jun 24 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19920]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session closed for user root
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20421]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20489]: Successful su for rubyman by root
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20489]: + ??? root:rubyman
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584065 of user rubyman.
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20489]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584065.
Jun 24 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session closed for user root
Jun 24 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20422]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: Invalid user admin from 2.57.121.25
Jun 24 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: input_userauth_request: invalid user admin [preauth]
Jun 24 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: Failed password for invalid user admin from 2.57.121.25 port 39306 ssh2
Jun 24 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: Failed password for invalid user admin from 2.57.121.25 port 39306 ssh2
Jun 24 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20795]: Failed password for root from 195.178.110.232 port 50758 ssh2
Jun 24 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20795]: Connection closed by 195.178.110.232 port 50758 [preauth]
Jun 24 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: Failed password for invalid user admin from 2.57.121.25 port 39306 ssh2
Jun 24 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: Connection closed by 2.57.121.25 port 39306 [preauth]
Jun 24 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20793]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19266]: pam_unix(cron:session): session closed for user root
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20921]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20919]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20979]: Successful su for rubyman by root
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20979]: + ??? root:rubyman
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584071 of user rubyman.
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20979]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584071.
Jun 24 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17817]: pam_unix(cron:session): session closed for user root
Jun 24 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Received disconnect from 62.210.207.172 port 36882:11: disconnected by user [preauth]
Jun 24 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Disconnected from 62.210.207.172 port 36882 [preauth]
Jun 24 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20920]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Invalid user tsserver from 136.232.11.10
Jun 24 13:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: input_userauth_request: invalid user tsserver [preauth]
Jun 24 13:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 13:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Failed password for invalid user tsserver from 136.232.11.10 port 10834 ssh2
Jun 24 13:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Received disconnect from 136.232.11.10 port 10834:11: Bye Bye [preauth]
Jun 24 13:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Disconnected from 136.232.11.10 port 10834 [preauth]
Jun 24 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19922]: pam_unix(cron:session): session closed for user root
Jun 24 13:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21339]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: Successful su for rubyman by root
Jun 24 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: + ??? root:rubyman
Jun 24 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584073 of user rubyman.
Jun 24 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584073.
Jun 24 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Failed password for root from 195.178.110.232 port 53874 ssh2
Jun 24 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Connection closed by 195.178.110.232 port 53874 [preauth]
Jun 24 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session closed for user root
Jun 24 13:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21340]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Received disconnect from 91.208.184.128 port 44008:11: disconnected by user [preauth]
Jun 24 13:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Disconnected from 91.208.184.128 port 44008 [preauth]
Jun 24 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session closed for user root
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21772]: pam_unix(cron:session): session closed for user root
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21766]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: Successful su for rubyman by root
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: + ??? root:rubyman
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584079 of user rubyman.
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584079.
Jun 24 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21769]: pam_unix(cron:session): session closed for user root
Jun 24 13:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session closed for user root
Jun 24 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21768]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20922]: pam_unix(cron:session): session closed for user root
Jun 24 13:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: Failed password for root from 195.178.110.232 port 56958 ssh2
Jun 24 13:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: Connection closed by 195.178.110.232 port 56958 [preauth]
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22272]: Successful su for rubyman by root
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22272]: + ??? root:rubyman
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584083 of user rubyman.
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22272]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584083.
Jun 24 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19265]: pam_unix(cron:session): session closed for user root
Jun 24 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: Failed password for root from 103.153.68.219 port 49944 ssh2
Jun 24 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: Connection closed by 103.153.68.219 port 49944 [preauth]
Jun 24 13:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21342]: pam_unix(cron:session): session closed for user root
Jun 24 13:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10  user=root
Jun 24 13:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Failed password for root from 136.232.11.10 port 18913 ssh2
Jun 24 13:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Received disconnect from 136.232.11.10 port 18913:11: Bye Bye [preauth]
Jun 24 13:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Disconnected from 136.232.11.10 port 18913 [preauth]
Jun 24 13:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22771]: Successful su for rubyman by root
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22771]: + ??? root:rubyman
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584086 of user rubyman.
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22771]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584086.
Jun 24 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for root from 195.178.110.232 port 60062 ssh2
Jun 24 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Connection closed by 195.178.110.232 port 60062 [preauth]
Jun 24 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19921]: pam_unix(cron:session): session closed for user root
Jun 24 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21771]: pam_unix(cron:session): session closed for user root
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23106]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23166]: Successful su for rubyman by root
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23166]: + ??? root:rubyman
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584090 of user rubyman.
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23166]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584090.
Jun 24 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20423]: pam_unix(cron:session): session closed for user root
Jun 24 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23107]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23435]: Failed password for root from 195.178.110.232 port 34948 ssh2
Jun 24 13:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23435]: Connection closed by 195.178.110.232 port 34948 [preauth]
Jun 24 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22209]: pam_unix(cron:session): session closed for user root
Jun 24 13:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Invalid user debian from 136.232.11.10
Jun 24 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: input_userauth_request: invalid user debian [preauth]
Jun 24 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 13:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Failed password for invalid user debian from 136.232.11.10 port 1427 ssh2
Jun 24 13:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Received disconnect from 136.232.11.10 port 1427:11: Bye Bye [preauth]
Jun 24 13:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Disconnected from 136.232.11.10 port 1427 [preauth]
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23529]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23590]: Successful su for rubyman by root
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23590]: + ??? root:rubyman
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584094 of user rubyman.
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23590]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584094.
Jun 24 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20921]: pam_unix(cron:session): session closed for user root
Jun 24 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23530]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22711]: pam_unix(cron:session): session closed for user root
Jun 24 13:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: Failed password for root from 195.178.110.232 port 38050 ssh2
Jun 24 13:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: Connection closed by 195.178.110.232 port 38050 [preauth]
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24054]: pam_unix(cron:session): session closed for user root
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24049]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24118]: Successful su for rubyman by root
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24118]: + ??? root:rubyman
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584102 of user rubyman.
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24118]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584102.
Jun 24 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24051]: pam_unix(cron:session): session closed for user root
Jun 24 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21341]: pam_unix(cron:session): session closed for user root
Jun 24 13:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24050]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23109]: pam_unix(cron:session): session closed for user root
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24504]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24571]: Successful su for rubyman by root
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24571]: + ??? root:rubyman
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584105 of user rubyman.
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24571]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584105.
Jun 24 13:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21770]: pam_unix(cron:session): session closed for user root
Jun 24 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24505]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23533]: pam_unix(cron:session): session closed for user root
Jun 24 13:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24873]: Failed password for root from 195.178.110.232 port 41130 ssh2
Jun 24 13:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24873]: Connection closed by 195.178.110.232 port 41130 [preauth]
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24981]: Successful su for rubyman by root
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24981]: + ??? root:rubyman
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584108 of user rubyman.
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24981]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584108.
Jun 24 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session closed for user root
Jun 24 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10  user=root
Jun 24 13:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24922]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Failed password for root from 103.77.242.62 port 33916 ssh2
Jun 24 13:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Connection closed by 103.77.242.62 port 33916 [preauth]
Jun 24 13:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: Failed password for root from 136.232.11.10 port 19661 ssh2
Jun 24 13:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: Received disconnect from 136.232.11.10 port 19661:11: Bye Bye [preauth]
Jun 24 13:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: Disconnected from 136.232.11.10 port 19661 [preauth]
Jun 24 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24053]: pam_unix(cron:session): session closed for user root
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25328]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25389]: Successful su for rubyman by root
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25389]: + ??? root:rubyman
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584114 of user rubyman.
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25389]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584114.
Jun 24 13:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session closed for user root
Jun 24 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25329]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Received disconnect from 62.182.85.212 port 38358:11: disconnected by user [preauth]
Jun 24 13:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Disconnected from 62.182.85.212 port 38358 [preauth]
Jun 24 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24507]: pam_unix(cron:session): session closed for user root
Jun 24 13:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 13:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Failed password for root from 195.178.110.232 port 44186 ssh2
Jun 24 13:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Connection closed by 195.178.110.232 port 44186 [preauth]
Jun 24 13:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Invalid user postgres from 136.232.11.10
Jun 24 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: input_userauth_request: invalid user postgres [preauth]
Jun 24 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Failed password for invalid user postgres from 136.232.11.10 port 34188 ssh2
Jun 24 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Received disconnect from 136.232.11.10 port 34188:11: Bye Bye [preauth]
Jun 24 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Disconnected from 136.232.11.10 port 34188 [preauth]
Jun 24 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session closed for user p13x
Jun 24 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25781]: Successful su for rubyman by root
Jun 24 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25781]: + ??? root:rubyman
Jun 24 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584117 of user rubyman.
Jun 24 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25781]: pam_unix(su:session): session closed for user rubyman
Jun 24 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584117.
Jun 24 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23108]: pam_unix(cron:session): session closed for user root
Jun 24 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session closed for user samftp
Jun 24 13:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 13:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 13:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Failed password for root from 103.82.132.16 port 37812 ssh2
Jun 24 13:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Connection closed by 103.82.132.16 port 37812 [preauth]
Jun 24 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session closed for user root
Jun 24 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session closed for user root
Jun 24 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26112]: pam_unix(cron:session): session closed for user root
Jun 24 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26110]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26207]: Successful su for rubyman by root
Jun 24 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26207]: + ??? root:rubyman
Jun 24 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584124 of user rubyman.
Jun 24 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26207]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584124.
Jun 24 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session closed for user root
Jun 24 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23532]: pam_unix(cron:session): session closed for user root
Jun 24 14:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26111]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26480]: Failed password for root from 195.178.110.232 port 47286 ssh2
Jun 24 14:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26480]: Connection closed by 195.178.110.232 port 47286 [preauth]
Jun 24 14:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25331]: pam_unix(cron:session): session closed for user root
Jun 24 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26616]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26770]: Successful su for rubyman by root
Jun 24 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26770]: + ??? root:rubyman
Jun 24 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584127 of user rubyman.
Jun 24 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26770]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584127.
Jun 24 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24052]: pam_unix(cron:session): session closed for user root
Jun 24 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26617]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25725]: pam_unix(cron:session): session closed for user root
Jun 24 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27095]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27158]: Successful su for rubyman by root
Jun 24 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27158]: + ??? root:rubyman
Jun 24 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584131 of user rubyman.
Jun 24 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27158]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584131.
Jun 24 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24506]: pam_unix(cron:session): session closed for user root
Jun 24 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session closed for user root
Jun 24 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: Failed password for root from 195.178.110.232 port 50366 ssh2
Jun 24 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: Connection closed by 195.178.110.232 port 50366 [preauth]
Jun 24 14:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 14:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Failed password for root from 80.66.85.226 port 55992 ssh2
Jun 24 14:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Connection closed by 80.66.85.226 port 55992 [preauth]
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27783]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27844]: Successful su for rubyman by root
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27844]: + ??? root:rubyman
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584136 of user rubyman.
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27844]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584136.
Jun 24 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session closed for user root
Jun 24 14:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27784]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26619]: pam_unix(cron:session): session closed for user root
Jun 24 14:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Invalid user adi from 136.232.11.10
Jun 24 14:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: input_userauth_request: invalid user adi [preauth]
Jun 24 14:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 14:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Failed password for invalid user adi from 136.232.11.10 port 59275 ssh2
Jun 24 14:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Received disconnect from 136.232.11.10 port 59275:11: Bye Bye [preauth]
Jun 24 14:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Disconnected from 136.232.11.10 port 59275 [preauth]
Jun 24 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28256]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28252]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28311]: Successful su for rubyman by root
Jun 24 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28311]: + ??? root:rubyman
Jun 24 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584139 of user rubyman.
Jun 24 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28311]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584139.
Jun 24 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25330]: pam_unix(cron:session): session closed for user root
Jun 24 14:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28253]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28557]: Failed password for root from 195.178.110.232 port 53456 ssh2
Jun 24 14:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28557]: Connection closed by 195.178.110.232 port 53456 [preauth]
Jun 24 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session closed for user root
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session closed for user root
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28739]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28810]: Successful su for rubyman by root
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28810]: + ??? root:rubyman
Jun 24 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584143 of user rubyman.
Jun 24 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28810]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584143.
Jun 24 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28741]: pam_unix(cron:session): session closed for user root
Jun 24 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session closed for user root
Jun 24 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: Received disconnect from 104.248.177.83 port 48198:11: disconnected by user [preauth]
Jun 24 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: Disconnected from 104.248.177.83 port 48198 [preauth]
Jun 24 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28740]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27786]: pam_unix(cron:session): session closed for user root
Jun 24 14:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Invalid user admin from 45.148.10.121
Jun 24 14:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 14:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Failed password for invalid user admin from 45.148.10.121 port 55934 ssh2
Jun 24 14:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Connection closed by 45.148.10.121 port 55934 [preauth]
Jun 24 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29192]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29278]: Successful su for rubyman by root
Jun 24 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29278]: + ??? root:rubyman
Jun 24 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584149 of user rubyman.
Jun 24 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29278]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584149.
Jun 24 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session closed for user root
Jun 24 14:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29193]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Failed password for root from 195.178.110.232 port 56532 ssh2
Jun 24 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Connection closed by 195.178.110.232 port 56532 [preauth]
Jun 24 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28256]: pam_unix(cron:session): session closed for user root
Jun 24 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 24 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:35.241.130.26
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29751]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29820]: Successful su for rubyman by root
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29820]: + ??? root:rubyman
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584153 of user rubyman.
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29820]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584153.
Jun 24 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26618]: pam_unix(cron:session): session closed for user root
Jun 24 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29752]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: Invalid user sirius from 136.232.11.10
Jun 24 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: input_userauth_request: invalid user sirius [preauth]
Jun 24 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 14:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: Failed password for invalid user sirius from 136.232.11.10 port 40553 ssh2
Jun 24 14:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: Received disconnect from 136.232.11.10 port 40553:11: Bye Bye [preauth]
Jun 24 14:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30040]: Disconnected from 136.232.11.10 port 40553 [preauth]
Jun 24 14:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28743]: pam_unix(cron:session): session closed for user root
Jun 24 14:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Invalid user andi from 217.76.154.242
Jun 24 14:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: input_userauth_request: invalid user andi [preauth]
Jun 24 14:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 24 14:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Failed password for invalid user andi from 217.76.154.242 port 43146 ssh2
Jun 24 14:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Connection closed by 217.76.154.242 port 43146 [preauth]
Jun 24 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30182]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30244]: Successful su for rubyman by root
Jun 24 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30244]: + ??? root:rubyman
Jun 24 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584160 of user rubyman.
Jun 24 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30244]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584160.
Jun 24 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27097]: pam_unix(cron:session): session closed for user root
Jun 24 14:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30183]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: Failed password for root from 195.178.110.232 port 59656 ssh2
Jun 24 14:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30487]: Connection closed by 195.178.110.232 port 59656 [preauth]
Jun 24 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29195]: pam_unix(cron:session): session closed for user root
Jun 24 14:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Received disconnect from 199.127.62.250 port 39548:11: disconnected by user [preauth]
Jun 24 14:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Disconnected from 199.127.62.250 port 39548 [preauth]
Jun 24 14:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30591]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30715]: Successful su for rubyman by root
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30715]: + ??? root:rubyman
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584163 of user rubyman.
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30715]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584163.
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Invalid user ubuntu from 136.232.11.10
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30589]: pam_unix(cron:session): session closed for user root
Jun 24 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Failed password for invalid user ubuntu from 136.232.11.10 port 64986 ssh2
Jun 24 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Received disconnect from 136.232.11.10 port 64986:11: Bye Bye [preauth]
Jun 24 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Disconnected from 136.232.11.10 port 64986 [preauth]
Jun 24 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27785]: pam_unix(cron:session): session closed for user root
Jun 24 14:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30592]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29754]: pam_unix(cron:session): session closed for user root
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31195]: pam_unix(cron:session): session closed for user root
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31190]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31259]: Successful su for rubyman by root
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31259]: + ??? root:rubyman
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584168 of user rubyman.
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31259]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584168.
Jun 24 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31192]: pam_unix(cron:session): session closed for user root
Jun 24 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28254]: pam_unix(cron:session): session closed for user root
Jun 24 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31191]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Failed password for root from 195.178.110.232 port 34540 ssh2
Jun 24 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Connection closed by 195.178.110.232 port 34540 [preauth]
Jun 24 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30185]: pam_unix(cron:session): session closed for user root
Jun 24 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31720]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31794]: Successful su for rubyman by root
Jun 24 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31794]: + ??? root:rubyman
Jun 24 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584172 of user rubyman.
Jun 24 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31794]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584172.
Jun 24 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28742]: pam_unix(cron:session): session closed for user root
Jun 24 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31723]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30594]: pam_unix(cron:session): session closed for user root
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32142]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32206]: Successful su for rubyman by root
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32206]: + ??? root:rubyman
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584177 of user rubyman.
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32206]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584177.
Jun 24 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29194]: pam_unix(cron:session): session closed for user root
Jun 24 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32143]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: Failed password for root from 195.178.110.232 port 37648 ssh2
Jun 24 14:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: Connection closed by 195.178.110.232 port 37648 [preauth]
Jun 24 14:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31194]: pam_unix(cron:session): session closed for user root
Jun 24 14:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Invalid user desean from 2.57.121.112
Jun 24 14:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: input_userauth_request: invalid user desean [preauth]
Jun 24 14:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 14:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Failed password for invalid user desean from 2.57.121.112 port 47266 ssh2
Jun 24 14:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Failed password for invalid user desean from 2.57.121.112 port 47266 ssh2
Jun 24 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Failed password for invalid user desean from 2.57.121.112 port 47266 ssh2
Jun 24 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Failed password for invalid user desean from 2.57.121.112 port 47266 ssh2
Jun 24 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Failed password for invalid user desean from 2.57.121.112 port 47266 ssh2
Jun 24 14:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Connection closed by 2.57.121.112 port 47266 [preauth]
Jun 24 14:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 14:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 24 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32615]: Successful su for rubyman by root
Jun 24 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32615]: + ??? root:rubyman
Jun 24 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584180 of user rubyman.
Jun 24 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32615]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584180.
Jun 24 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29753]: pam_unix(cron:session): session closed for user root
Jun 24 14:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32555]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 14:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: Failed password for root from 141.98.83.240 port 47334 ssh2
Jun 24 14:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 47334 ssh2]
Jun 24 14:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: Connection closed by 141.98.83.240 port 47334 [preauth]
Jun 24 14:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session closed for user root
Jun 24 14:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[610]: Bad protocol version identification 'GET / HTTP/1.1' from 45.33.14.197 port 54346
Jun 24 14:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 14:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Failed password for root from 103.176.20.57 port 33146 ssh2
Jun 24 14:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Connection closed by 103.176.20.57 port 33146 [preauth]
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[708]: Successful su for rubyman by root
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[708]: + ??? root:rubyman
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584186 of user rubyman.
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[708]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584186.
Jun 24 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30184]: pam_unix(cron:session): session closed for user root
Jun 24 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: Failed password for root from 195.178.110.232 port 40714 ssh2
Jun 24 14:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: Connection closed by 195.178.110.232 port 40714 [preauth]
Jun 24 14:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32145]: pam_unix(cron:session): session closed for user root
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1095]: pam_unix(cron:session): session closed for user root
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1090]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1168]: Successful su for rubyman by root
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1168]: + ??? root:rubyman
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584188 of user rubyman.
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1168]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584188.
Jun 24 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1092]: pam_unix(cron:session): session closed for user root
Jun 24 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30593]: pam_unix(cron:session): session closed for user root
Jun 24 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1091]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: Connection closed by 202.178.126.219 port 20446 [preauth]
Jun 24 14:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: Did not receive identification string from 202.178.126.219
Jun 24 14:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 14:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1475]: Failed password for root from 77.94.47.83 port 52994 ssh2
Jun 24 14:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1475]: Connection closed by 77.94.47.83 port 52994 [preauth]
Jun 24 14:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 14:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Failed password for root from 103.149.28.157 port 35804 ssh2
Jun 24 14:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Connection closed by 103.149.28.157 port 35804 [preauth]
Jun 24 14:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session closed for user root
Jun 24 14:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Invalid user test from 136.232.11.10
Jun 24 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: input_userauth_request: invalid user test [preauth]
Jun 24 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 14:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Failed password for invalid user test from 136.232.11.10 port 62086 ssh2
Jun 24 14:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Received disconnect from 136.232.11.10 port 62086:11: Bye Bye [preauth]
Jun 24 14:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Disconnected from 136.232.11.10 port 62086 [preauth]
Jun 24 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1771]: Successful su for rubyman by root
Jun 24 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1771]: + ??? root:rubyman
Jun 24 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584195 of user rubyman.
Jun 24 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1771]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584195.
Jun 24 14:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31193]: pam_unix(cron:session): session closed for user root
Jun 24 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1688]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Failed password for root from 195.178.110.232 port 43808 ssh2
Jun 24 14:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Connection closed by 195.178.110.232 port 43808 [preauth]
Jun 24 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[644]: pam_unix(cron:session): session closed for user root
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session closed for user root
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2177]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: Successful su for rubyman by root
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: + ??? root:rubyman
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584200 of user rubyman.
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2247]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584200.
Jun 24 14:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31724]: pam_unix(cron:session): session closed for user root
Jun 24 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2178]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1094]: pam_unix(cron:session): session closed for user root
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2607]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2667]: Successful su for rubyman by root
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2667]: + ??? root:rubyman
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584204 of user rubyman.
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2667]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584204.
Jun 24 14:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32144]: pam_unix(cron:session): session closed for user root
Jun 24 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Failed password for root from 195.178.110.232 port 46890 ssh2
Jun 24 14:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Connection closed by 195.178.110.232 port 46890 [preauth]
Jun 24 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1690]: pam_unix(cron:session): session closed for user root
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3075]: Successful su for rubyman by root
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3075]: + ??? root:rubyman
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584207 of user rubyman.
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3075]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584207.
Jun 24 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session closed for user root
Jun 24 14:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2180]: pam_unix(cron:session): session closed for user root
Jun 24 14:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: Failed password for root from 195.178.110.232 port 49972 ssh2
Jun 24 14:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: Connection closed by 195.178.110.232 port 49972 [preauth]
Jun 24 14:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3394]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 14:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3394]: Received disconnect from 209.90.232.251 port 53056:11: disconnected by user [preauth]
Jun 24 14:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3394]: Disconnected from 209.90.232.251 port 53056 [preauth]
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3410]: pam_unix(cron:session): session closed for user root
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3405]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3478]: Successful su for rubyman by root
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3478]: + ??? root:rubyman
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584215 of user rubyman.
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3478]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584215.
Jun 24 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3407]: pam_unix(cron:session): session closed for user root
Jun 24 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session closed for user root
Jun 24 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3406]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session closed for user root
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4006]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4101]: Successful su for rubyman by root
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4101]: + ??? root:rubyman
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584219 of user rubyman.
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4101]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584219.
Jun 24 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1093]: pam_unix(cron:session): session closed for user root
Jun 24 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4007]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session closed for user root
Jun 24 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: Failed password for root from 195.178.110.232 port 53024 ssh2
Jun 24 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4370]: Connection closed by 195.178.110.232 port 53024 [preauth]
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4516]: Successful su for rubyman by root
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4516]: + ??? root:rubyman
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584223 of user rubyman.
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4516]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584223.
Jun 24 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1689]: pam_unix(cron:session): session closed for user root
Jun 24 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 14:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Failed password for root from 103.172.78.219 port 53630 ssh2
Jun 24 14:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Connection closed by 103.172.78.219 port 53630 [preauth]
Jun 24 14:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3409]: pam_unix(cron:session): session closed for user root
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4975]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5032]: Successful su for rubyman by root
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5032]: + ??? root:rubyman
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584225 of user rubyman.
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5032]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584225.
Jun 24 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2179]: pam_unix(cron:session): session closed for user root
Jun 24 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4976]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: Failed password for root from 195.178.110.232 port 56148 ssh2
Jun 24 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: Connection closed by 195.178.110.232 port 56148 [preauth]
Jun 24 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4010]: pam_unix(cron:session): session closed for user root
Jun 24 14:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 24 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: Failed password for root from 94.159.110.201 port 39232 ssh2
Jun 24 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: Connection closed by 94.159.110.201 port 39232 [preauth]
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5382]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5441]: Successful su for rubyman by root
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5441]: + ??? root:rubyman
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584229 of user rubyman.
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5441]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584229.
Jun 24 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2609]: pam_unix(cron:session): session closed for user root
Jun 24 14:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5383]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: Failed password for root from 103.27.238.120 port 57018 ssh2
Jun 24 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: Connection closed by 103.27.238.120 port 57018 [preauth]
Jun 24 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4457]: pam_unix(cron:session): session closed for user root
Jun 24 14:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: Failed password for root from 195.178.110.232 port 59244 ssh2
Jun 24 14:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5748]: Connection closed by 195.178.110.232 port 59244 [preauth]
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5783]: pam_unix(cron:session): session closed for user root
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5778]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5850]: Successful su for rubyman by root
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5850]: + ??? root:rubyman
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584236 of user rubyman.
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5850]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584236.
Jun 24 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5780]: pam_unix(cron:session): session closed for user root
Jun 24 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3015]: pam_unix(cron:session): session closed for user root
Jun 24 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5779]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 14:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Failed password for root from 51.250.105.222 port 42140 ssh2
Jun 24 14:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Connection closed by 51.250.105.222 port 42140 [preauth]
Jun 24 14:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 14:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Failed password for root from 176.32.39.21 port 40278 ssh2
Jun 24 14:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Connection closed by 176.32.39.21 port 40278 [preauth]
Jun 24 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4978]: pam_unix(cron:session): session closed for user root
Jun 24 14:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Bad protocol version identification '\026\003\001' from 118.193.68.150 port 33624
Jun 24 14:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 24 14:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.141.40
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Did not receive identification string from 118.193.68.150
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6225]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6291]: Successful su for rubyman by root
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6291]: + ??? root:rubyman
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584241 of user rubyman.
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6291]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584241.
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Connection closed by 118.193.68.150 port 44276 [preauth]
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Protocol major versions differ for 118.193.68.150: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
Jun 24 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3408]: pam_unix(cron:session): session closed for user root
Jun 24 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6226]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Invalid user peter from 136.232.11.10
Jun 24 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: input_userauth_request: invalid user peter [preauth]
Jun 24 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 14:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Failed password for invalid user peter from 136.232.11.10 port 35910 ssh2
Jun 24 14:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Received disconnect from 136.232.11.10 port 35910:11: Bye Bye [preauth]
Jun 24 14:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Disconnected from 136.232.11.10 port 35910 [preauth]
Jun 24 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5385]: pam_unix(cron:session): session closed for user root
Jun 24 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: Failed password for root from 195.178.110.232 port 34082 ssh2
Jun 24 14:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: Connection closed by 195.178.110.232 port 34082 [preauth]
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6625]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6686]: Successful su for rubyman by root
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6686]: + ??? root:rubyman
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584245 of user rubyman.
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6686]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584245.
Jun 24 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4009]: pam_unix(cron:session): session closed for user root
Jun 24 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6626]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5782]: pam_unix(cron:session): session closed for user root
Jun 24 14:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Invalid user leon from 136.232.11.10
Jun 24 14:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: input_userauth_request: invalid user leon [preauth]
Jun 24 14:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
Jun 24 14:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Failed password for invalid user leon from 136.232.11.10 port 34391 ssh2
Jun 24 14:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Received disconnect from 136.232.11.10 port 34391:11: Bye Bye [preauth]
Jun 24 14:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Disconnected from 136.232.11.10 port 34391 [preauth]
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7134]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7202]: Successful su for rubyman by root
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7202]: + ??? root:rubyman
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584247 of user rubyman.
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7202]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584247.
Jun 24 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4456]: pam_unix(cron:session): session closed for user root
Jun 24 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7135]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 14:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Failed password for root from 62.133.62.83 port 53864 ssh2
Jun 24 14:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Connection closed by 62.133.62.83 port 53864 [preauth]
Jun 24 14:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Failed password for root from 195.178.110.232 port 37164 ssh2
Jun 24 14:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Connection closed by 195.178.110.232 port 37164 [preauth]
Jun 24 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6230]: pam_unix(cron:session): session closed for user root
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7535]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7604]: Successful su for rubyman by root
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7604]: + ??? root:rubyman
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584251 of user rubyman.
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7604]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584251.
Jun 24 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4977]: pam_unix(cron:session): session closed for user root
Jun 24 14:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7536]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6628]: pam_unix(cron:session): session closed for user root
Jun 24 14:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: Failed password for root from 195.178.110.232 port 40234 ssh2
Jun 24 14:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: Connection closed by 195.178.110.232 port 40234 [preauth]
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session closed for user root
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8019]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8087]: Successful su for rubyman by root
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8087]: + ??? root:rubyman
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584257 of user rubyman.
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8087]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584257.
Jun 24 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8022]: pam_unix(cron:session): session closed for user root
Jun 24 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5384]: pam_unix(cron:session): session closed for user root
Jun 24 14:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Did not receive identification string from 123.231.14.147
Jun 24 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session closed for user root
Jun 24 14:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8423]: Connection closed by 194.59.206.2 port 58406 [preauth]
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8454]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8526]: Successful su for rubyman by root
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8526]: + ??? root:rubyman
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584261 of user rubyman.
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8526]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584261.
Jun 24 14:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5781]: pam_unix(cron:session): session closed for user root
Jun 24 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8455]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 14:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Failed password for root from 38.93.206.2 port 8958 ssh2
Jun 24 14:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Connection closed by 38.93.206.2 port 8958 [preauth]
Jun 24 14:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Failed password for root from 195.178.110.232 port 43336 ssh2
Jun 24 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Connection closed by 195.178.110.232 port 43336 [preauth]
Jun 24 14:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7538]: pam_unix(cron:session): session closed for user root
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8920]: Successful su for rubyman by root
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8920]: + ??? root:rubyman
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584265 of user rubyman.
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8920]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584265.
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: Received disconnect from 198.199.106.159 port 56850:11: disconnected by user [preauth]
Jun 24 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: Disconnected from 198.199.106.159 port 56850 [preauth]
Jun 24 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session closed for user root
Jun 24 14:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8859]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8024]: pam_unix(cron:session): session closed for user root
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9251]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9316]: Successful su for rubyman by root
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9316]: + ??? root:rubyman
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584269 of user rubyman.
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9316]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584269.
Jun 24 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6627]: pam_unix(cron:session): session closed for user root
Jun 24 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9252]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9517]: Failed password for root from 195.178.110.232 port 46432 ssh2
Jun 24 14:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9517]: Connection closed by 195.178.110.232 port 46432 [preauth]
Jun 24 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8457]: pam_unix(cron:session): session closed for user root
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9650]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9647]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9710]: Successful su for rubyman by root
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9710]: + ??? root:rubyman
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584273 of user rubyman.
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9710]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584273.
Jun 24 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session closed for user root
Jun 24 14:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9648]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8861]: pam_unix(cron:session): session closed for user root
Jun 24 14:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 14:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Failed password for root from 87.251.79.125 port 41106 ssh2
Jun 24 14:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Connection closed by 87.251.79.125 port 41106 [preauth]
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session closed for user root
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10383]: Successful su for rubyman by root
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10383]: + ??? root:rubyman
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584277 of user rubyman.
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10383]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584277.
Jun 24 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session closed for user root
Jun 24 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7537]: pam_unix(cron:session): session closed for user root
Jun 24 14:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10604]: Failed password for root from 195.178.110.232 port 49494 ssh2
Jun 24 14:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10604]: Connection closed by 195.178.110.232 port 49494 [preauth]
Jun 24 14:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: Invalid user user from 193.46.255.86
Jun 24 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: input_userauth_request: invalid user user [preauth]
Jun 24 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 14:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: Failed password for invalid user user from 193.46.255.86 port 65248 ssh2
Jun 24 14:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: Failed password for invalid user user from 193.46.255.86 port 65248 ssh2
Jun 24 14:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: Failed password for invalid user user from 193.46.255.86 port 65248 ssh2
Jun 24 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: Connection closed by 193.46.255.86 port 65248 [preauth]
Jun 24 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 14:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: Received disconnect from 62.210.189.225 port 5112:11: disconnected by user [preauth]
Jun 24 14:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: Disconnected from 62.210.189.225 port 5112 [preauth]
Jun 24 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9254]: pam_unix(cron:session): session closed for user root
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: Successful su for rubyman by root
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: + ??? root:rubyman
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584283 of user rubyman.
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584283.
Jun 24 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8023]: pam_unix(cron:session): session closed for user root
Jun 24 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10764]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9650]: pam_unix(cron:session): session closed for user root
Jun 24 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11193]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11257]: Successful su for rubyman by root
Jun 24 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11257]: + ??? root:rubyman
Jun 24 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584288 of user rubyman.
Jun 24 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11257]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584288.
Jun 24 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8456]: pam_unix(cron:session): session closed for user root
Jun 24 14:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: Failed password for root from 195.178.110.232 port 52532 ssh2
Jun 24 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: Connection closed by 195.178.110.232 port 52532 [preauth]
Jun 24 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11194]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session closed for user root
Jun 24 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11603]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11664]: Successful su for rubyman by root
Jun 24 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11664]: + ??? root:rubyman
Jun 24 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584291 of user rubyman.
Jun 24 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11664]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584291.
Jun 24 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8860]: pam_unix(cron:session): session closed for user root
Jun 24 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11604]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10766]: pam_unix(cron:session): session closed for user root
Jun 24 14:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Failed password for root from 195.178.110.232 port 55576 ssh2
Jun 24 14:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Connection closed by 195.178.110.232 port 55576 [preauth]
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12063]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12182]: Successful su for rubyman by root
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12182]: + ??? root:rubyman
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584295 of user rubyman.
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12182]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584295.
Jun 24 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session closed for user root
Jun 24 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9253]: pam_unix(cron:session): session closed for user root
Jun 24 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12064]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session closed for user root
Jun 24 14:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 14:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Failed password for root from 147.45.199.80 port 44864 ssh2
Jun 24 14:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Connection closed by 147.45.199.80 port 44864 [preauth]
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12680]: pam_unix(cron:session): session closed for user root
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12675]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12754]: Successful su for rubyman by root
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12754]: + ??? root:rubyman
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584302 of user rubyman.
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12754]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584302.
Jun 24 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12677]: pam_unix(cron:session): session closed for user root
Jun 24 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9649]: pam_unix(cron:session): session closed for user root
Jun 24 14:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12676]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11606]: pam_unix(cron:session): session closed for user root
Jun 24 14:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: Failed password for root from 195.178.110.232 port 58668 ssh2
Jun 24 14:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: Connection closed by 195.178.110.232 port 58668 [preauth]
Jun 24 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13128]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13207]: Successful su for rubyman by root
Jun 24 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13207]: + ??? root:rubyman
Jun 24 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584306 of user rubyman.
Jun 24 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13207]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584306.
Jun 24 14:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session closed for user root
Jun 24 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13129]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session closed for user root
Jun 24 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13540]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13541]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13538]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13601]: Successful su for rubyman by root
Jun 24 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13601]: + ??? root:rubyman
Jun 24 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584310 of user rubyman.
Jun 24 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13601]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584310.
Jun 24 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10765]: pam_unix(cron:session): session closed for user root
Jun 24 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13539]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12679]: pam_unix(cron:session): session closed for user root
Jun 24 14:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: Failed password for root from 195.178.110.232 port 33534 ssh2
Jun 24 14:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: Connection closed by 195.178.110.232 port 33534 [preauth]
Jun 24 14:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 24 14:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Failed password for root from 147.45.211.215 port 53924 ssh2
Jun 24 14:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Connection closed by 147.45.211.215 port 53924 [preauth]
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: Successful su for rubyman by root
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: + ??? root:rubyman
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584316 of user rubyman.
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584316.
Jun 24 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11195]: pam_unix(cron:session): session closed for user root
Jun 24 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13133]: pam_unix(cron:session): session closed for user root
Jun 24 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14398]: Successful su for rubyman by root
Jun 24 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14398]: + ??? root:rubyman
Jun 24 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584318 of user rubyman.
Jun 24 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14398]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584318.
Jun 24 14:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11605]: pam_unix(cron:session): session closed for user root
Jun 24 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14339]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=root
Jun 24 14:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: Failed password for root from 195.178.110.232 port 36564 ssh2
Jun 24 14:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: Connection closed by 195.178.110.232 port 36564 [preauth]
Jun 24 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13541]: pam_unix(cron:session): session closed for user root
Jun 24 14:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: Invalid user admin from 141.98.83.240
Jun 24 14:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 14:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: Failed password for invalid user admin from 141.98.83.240 port 12324 ssh2
Jun 24 14:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: Failed password for invalid user admin from 141.98.83.240 port 12324 ssh2
Jun 24 14:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: Failed password for invalid user admin from 141.98.83.240 port 12324 ssh2
Jun 24 14:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: Connection closed by 141.98.83.240 port 12324 [preauth]
Jun 24 14:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14745]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14824]: pam_unix(cron:session): session closed for user root
Jun 24 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14819]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14890]: Successful su for rubyman by root
Jun 24 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14890]: + ??? root:rubyman
Jun 24 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584323 of user rubyman.
Jun 24 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14890]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584323.
Jun 24 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14821]: pam_unix(cron:session): session closed for user root
Jun 24 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session closed for user root
Jun 24 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14820]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session closed for user root
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15254]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session closed for user root
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: Successful su for rubyman by root
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: + ??? root:rubyman
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584328 of user rubyman.
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584328.
Jun 24 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12678]: pam_unix(cron:session): session closed for user root
Jun 24 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: Invalid user admin from 195.178.110.232
Jun 24 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: Failed password for invalid user admin from 195.178.110.232 port 39630 ssh2
Jun 24 14:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15508]: Connection closed by 195.178.110.232 port 39630 [preauth]
Jun 24 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session closed for user root
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15655]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15719]: Successful su for rubyman by root
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15719]: + ??? root:rubyman
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584334 of user rubyman.
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15719]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584334.
Jun 24 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13130]: pam_unix(cron:session): session closed for user root
Jun 24 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15656]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14823]: pam_unix(cron:session): session closed for user root
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16037]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16099]: Successful su for rubyman by root
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16099]: + ??? root:rubyman
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584337 of user rubyman.
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16099]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584337.
Jun 24 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Invalid user admin from 195.178.110.232
Jun 24 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13540]: pam_unix(cron:session): session closed for user root
Jun 24 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16038]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Failed password for invalid user admin from 195.178.110.232 port 42670 ssh2
Jun 24 14:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Connection closed by 195.178.110.232 port 42670 [preauth]
Jun 24 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15260]: pam_unix(cron:session): session closed for user root
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16424]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16488]: Successful su for rubyman by root
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16488]: + ??? root:rubyman
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584343 of user rubyman.
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16488]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584343.
Jun 24 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session closed for user root
Jun 24 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16425]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16673]: Received disconnect from 51.79.67.63 port 37486:11: disconnected by user [preauth]
Jun 24 14:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16673]: Disconnected from 51.79.67.63 port 37486 [preauth]
Jun 24 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15658]: pam_unix(cron:session): session closed for user root
Jun 24 14:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Invalid user admin from 195.178.110.232
Jun 24 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Failed password for invalid user admin from 195.178.110.232 port 45732 ssh2
Jun 24 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Connection closed by 195.178.110.232 port 45732 [preauth]
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16840]: pam_unix(cron:session): session closed for user root
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16835]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17000]: Successful su for rubyman by root
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17000]: + ??? root:rubyman
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584348 of user rubyman.
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17000]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584348.
Jun 24 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session closed for user root
Jun 24 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session closed for user root
Jun 24 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16836]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16040]: pam_unix(cron:session): session closed for user root
Jun 24 14:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Invalid user AdminGPON from 45.148.10.121
Jun 24 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: input_userauth_request: invalid user AdminGPON [preauth]
Jun 24 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Failed password for invalid user AdminGPON from 45.148.10.121 port 50564 ssh2
Jun 24 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Connection closed by 45.148.10.121 port 50564 [preauth]
Jun 24 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17363]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17440]: Successful su for rubyman by root
Jun 24 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17440]: + ??? root:rubyman
Jun 24 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584353 of user rubyman.
Jun 24 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17440]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584353.
Jun 24 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14822]: pam_unix(cron:session): session closed for user root
Jun 24 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17364]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17764]: Received disconnect from 31.42.176.142 port 21364:11: disconnected by user [preauth]
Jun 24 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17764]: Disconnected from 31.42.176.142 port 21364 [preauth]
Jun 24 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17766]: Failed password for root from 103.77.175.15 port 60198 ssh2
Jun 24 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17766]: Connection closed by 103.77.175.15 port 60198 [preauth]
Jun 24 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16427]: pam_unix(cron:session): session closed for user root
Jun 24 14:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Failed password for root from 103.27.238.114 port 50274 ssh2
Jun 24 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Connection closed by 103.27.238.114 port 50274 [preauth]
Jun 24 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17814]: Invalid user admin from 195.178.110.232
Jun 24 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17814]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17814]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 14:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: Failed password for root from 193.37.70.224 port 50596 ssh2
Jun 24 14:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17816]: Connection closed by 193.37.70.224 port 50596 [preauth]
Jun 24 14:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17814]: Failed password for invalid user admin from 195.178.110.232 port 48774 ssh2
Jun 24 14:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17814]: Connection closed by 195.178.110.232 port 48774 [preauth]
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17876]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: Successful su for rubyman by root
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: + ??? root:rubyman
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584355 of user rubyman.
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584355.
Jun 24 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15258]: pam_unix(cron:session): session closed for user root
Jun 24 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17877]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16839]: pam_unix(cron:session): session closed for user root
Jun 24 14:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: Invalid user admin from 2.57.121.25
Jun 24 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 14:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: Failed password for invalid user admin from 2.57.121.25 port 57642 ssh2
Jun 24 14:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: Failed password for invalid user admin from 2.57.121.25 port 57642 ssh2
Jun 24 14:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: Failed password for invalid user admin from 2.57.121.25 port 57642 ssh2
Jun 24 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: Connection closed by 2.57.121.25 port 57642 [preauth]
Jun 24 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18387]: Successful su for rubyman by root
Jun 24 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18387]: + ??? root:rubyman
Jun 24 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584359 of user rubyman.
Jun 24 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18387]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584359.
Jun 24 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15657]: pam_unix(cron:session): session closed for user root
Jun 24 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18312]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Invalid user admin from 195.178.110.232
Jun 24 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 14:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Failed password for invalid user admin from 195.178.110.232 port 51806 ssh2
Jun 24 14:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Connection closed by 195.178.110.232 port 51806 [preauth]
Jun 24 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17366]: pam_unix(cron:session): session closed for user root
Jun 24 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18811]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18887]: Successful su for rubyman by root
Jun 24 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18887]: + ??? root:rubyman
Jun 24 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584363 of user rubyman.
Jun 24 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18887]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584363.
Jun 24 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16039]: pam_unix(cron:session): session closed for user root
Jun 24 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18813]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17879]: pam_unix(cron:session): session closed for user root
Jun 24 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session closed for user root
Jun 24 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19307]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19380]: Successful su for rubyman by root
Jun 24 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19380]: + ??? root:rubyman
Jun 24 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584367 of user rubyman.
Jun 24 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19380]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584367.
Jun 24 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16426]: pam_unix(cron:session): session closed for user root
Jun 24 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session closed for user root
Jun 24 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Invalid user admin from 195.178.110.232
Jun 24 14:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 14:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Failed password for invalid user admin from 195.178.110.232 port 54846 ssh2
Jun 24 14:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Connection closed by 195.178.110.232 port 54846 [preauth]
Jun 24 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18314]: pam_unix(cron:session): session closed for user root
Jun 24 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19957]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20027]: Successful su for rubyman by root
Jun 24 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20027]: + ??? root:rubyman
Jun 24 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584373 of user rubyman.
Jun 24 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20027]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584373.
Jun 24 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16838]: pam_unix(cron:session): session closed for user root
Jun 24 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 14:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: Failed password for root from 103.82.20.28 port 45992 ssh2
Jun 24 14:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: Connection closed by 103.82.20.28 port 45992 [preauth]
Jun 24 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18816]: pam_unix(cron:session): session closed for user root
Jun 24 14:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Invalid user user from 103.180.212.135
Jun 24 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: input_userauth_request: invalid user user [preauth]
Jun 24 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 14:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: Invalid user admin from 195.178.110.232
Jun 24 14:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Failed password for invalid user user from 103.180.212.135 port 57498 ssh2
Jun 24 14:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Received disconnect from 103.180.212.135 port 57498:11: Bye Bye [preauth]
Jun 24 14:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Disconnected from 103.180.212.135 port 57498 [preauth]
Jun 24 14:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 14:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: Failed password for invalid user admin from 195.178.110.232 port 57844 ssh2
Jun 24 14:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: Connection closed by 195.178.110.232 port 57844 [preauth]
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20535]: Successful su for rubyman by root
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20535]: + ??? root:rubyman
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584377 of user rubyman.
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20535]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584377.
Jun 24 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session closed for user root
Jun 24 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20477]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19311]: pam_unix(cron:session): session closed for user root
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20960]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: Successful su for rubyman by root
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: + ??? root:rubyman
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584382 of user rubyman.
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584382.
Jun 24 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17878]: pam_unix(cron:session): session closed for user root
Jun 24 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20961]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: Invalid user admin from 195.178.110.232
Jun 24 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: input_userauth_request: invalid user admin [preauth]
Jun 24 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19960]: pam_unix(cron:session): session closed for user root
Jun 24 14:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: Failed password for invalid user admin from 195.178.110.232 port 60888 ssh2
Jun 24 14:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: Connection closed by 195.178.110.232 port 60888 [preauth]
Jun 24 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 14:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 14:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Failed password for root from 185.79.139.16 port 37054 ssh2
Jun 24 14:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Received disconnect from 185.79.139.16 port 37054:11: Bye Bye [preauth]
Jun 24 14:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Disconnected from 185.79.139.16 port 37054 [preauth]
Jun 24 14:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: Failed password for root from 194.113.233.25 port 47912 ssh2
Jun 24 14:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21352]: Connection closed by 194.113.233.25 port 47912 [preauth]
Jun 24 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session closed for user p13x
Jun 24 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21436]: Successful su for rubyman by root
Jun 24 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21436]: + ??? root:rubyman
Jun 24 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584386 of user rubyman.
Jun 24 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21436]: pam_unix(su:session): session closed for user rubyman
Jun 24 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584386.
Jun 24 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session closed for user root
Jun 24 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session closed for user samftp
Jun 24 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20479]: pam_unix(cron:session): session closed for user root
Jun 24 14:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: Failed password for root from 109.237.96.109 port 32832 ssh2
Jun 24 14:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21750]: Connection closed by 109.237.96.109 port 32832 [preauth]
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21819]: pam_unix(cron:session): session closed for user root
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21815]: pam_unix(cron:session): session closed for user root
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21813]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21906]: Successful su for rubyman by root
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21906]: + ??? root:rubyman
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584391 of user rubyman.
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21906]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584391.
Jun 24 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21816]: pam_unix(cron:session): session closed for user root
Jun 24 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18814]: pam_unix(cron:session): session closed for user root
Jun 24 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21814]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: Invalid user admin from 195.178.110.232
Jun 24 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: Failed password for invalid user admin from 195.178.110.232 port 35710 ssh2
Jun 24 15:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22151]: Connection closed by 195.178.110.232 port 35710 [preauth]
Jun 24 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20963]: pam_unix(cron:session): session closed for user root
Jun 24 15:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22408]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22473]: Successful su for rubyman by root
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22473]: + ??? root:rubyman
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584396 of user rubyman.
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22473]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584396.
Jun 24 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22396]: Failed password for root from 103.15.222.183 port 39884 ssh2
Jun 24 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22396]: Connection closed by 103.15.222.183 port 39884 [preauth]
Jun 24 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22409]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session closed for user root
Jun 24 15:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session closed for user root
Jun 24 15:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22814]: Invalid user admin from 195.178.110.232
Jun 24 15:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22814]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22814]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22817]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22880]: Successful su for rubyman by root
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22880]: + ??? root:rubyman
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584401 of user rubyman.
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22880]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584401.
Jun 24 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22814]: Failed password for invalid user admin from 195.178.110.232 port 38764 ssh2
Jun 24 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22814]: Connection closed by 195.178.110.232 port 38764 [preauth]
Jun 24 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19959]: pam_unix(cron:session): session closed for user root
Jun 24 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22818]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21818]: pam_unix(cron:session): session closed for user root
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23217]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23288]: Successful su for rubyman by root
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23288]: + ??? root:rubyman
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584406 of user rubyman.
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23288]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584406.
Jun 24 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20478]: pam_unix(cron:session): session closed for user root
Jun 24 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23219]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22411]: pam_unix(cron:session): session closed for user root
Jun 24 15:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23584]: Invalid user admin from 195.178.110.232
Jun 24 15:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23584]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23584]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23584]: Failed password for invalid user admin from 195.178.110.232 port 41826 ssh2
Jun 24 15:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23584]: Connection closed by 195.178.110.232 port 41826 [preauth]
Jun 24 15:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23627]: Received disconnect from 45.79.167.35 port 38740:11: disconnected by user [preauth]
Jun 24 15:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23627]: Disconnected from 45.79.167.35 port 38740 [preauth]
Jun 24 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23640]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23709]: Successful su for rubyman by root
Jun 24 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23709]: + ??? root:rubyman
Jun 24 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584409 of user rubyman.
Jun 24 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23709]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584409.
Jun 24 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20962]: pam_unix(cron:session): session closed for user root
Jun 24 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23641]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session closed for user root
Jun 24 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user root
Jun 24 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24146]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: Successful su for rubyman by root
Jun 24 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: + ??? root:rubyman
Jun 24 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584412 of user rubyman.
Jun 24 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584412.
Jun 24 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session closed for user root
Jun 24 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21376]: pam_unix(cron:session): session closed for user root
Jun 24 15:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24147]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Invalid user admin from 195.178.110.232
Jun 24 15:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Failed password for invalid user admin from 195.178.110.232 port 44862 ssh2
Jun 24 15:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Connection closed by 195.178.110.232 port 44862 [preauth]
Jun 24 15:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23221]: pam_unix(cron:session): session closed for user root
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24605]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24695]: Successful su for rubyman by root
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24695]: + ??? root:rubyman
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584420 of user rubyman.
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24695]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584420.
Jun 24 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21817]: pam_unix(cron:session): session closed for user root
Jun 24 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24606]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: Connection reset by 45.148.10.151 port 61902 [preauth]
Jun 24 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23643]: pam_unix(cron:session): session closed for user root
Jun 24 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25030]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25097]: Successful su for rubyman by root
Jun 24 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25097]: + ??? root:rubyman
Jun 24 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584422 of user rubyman.
Jun 24 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25097]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584422.
Jun 24 15:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22410]: pam_unix(cron:session): session closed for user root
Jun 24 15:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25031]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: Invalid user admin from 195.178.110.232
Jun 24 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: Failed password for invalid user admin from 195.178.110.232 port 47916 ssh2
Jun 24 15:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: Connection closed by 195.178.110.232 port 47916 [preauth]
Jun 24 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session closed for user root
Jun 24 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25423]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25488]: Successful su for rubyman by root
Jun 24 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25488]: + ??? root:rubyman
Jun 24 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584426 of user rubyman.
Jun 24 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25488]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584426.
Jun 24 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22819]: pam_unix(cron:session): session closed for user root
Jun 24 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25424]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Failed password for root from 103.27.238.116 port 35956 ssh2
Jun 24 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Connection closed by 103.27.238.116 port 35956 [preauth]
Jun 24 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24608]: pam_unix(cron:session): session closed for user root
Jun 24 15:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: Invalid user adv from 185.79.139.16
Jun 24 15:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: input_userauth_request: invalid user adv [preauth]
Jun 24 15:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: Failed password for invalid user adv from 185.79.139.16 port 34934 ssh2
Jun 24 15:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: Received disconnect from 185.79.139.16 port 34934:11: Bye Bye [preauth]
Jun 24 15:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25797]: Disconnected from 185.79.139.16 port 34934 [preauth]
Jun 24 15:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Invalid user admin from 195.178.110.232
Jun 24 15:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Failed password for invalid user admin from 195.178.110.232 port 50936 ssh2
Jun 24 15:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Connection closed by 195.178.110.232 port 50936 [preauth]
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25822]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25939]: Successful su for rubyman by root
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25939]: + ??? root:rubyman
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584430 of user rubyman.
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25939]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584430.
Jun 24 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25820]: pam_unix(cron:session): session closed for user root
Jun 24 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23220]: pam_unix(cron:session): session closed for user root
Jun 24 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25823]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25033]: pam_unix(cron:session): session closed for user root
Jun 24 15:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 15:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Failed password for root from 103.122.221.179 port 60806 ssh2
Jun 24 15:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Connection closed by 103.122.221.179 port 60806 [preauth]
Jun 24 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session closed for user root
Jun 24 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26378]: Successful su for rubyman by root
Jun 24 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26378]: + ??? root:rubyman
Jun 24 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584435 of user rubyman.
Jun 24 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26378]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584435.
Jun 24 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session closed for user root
Jun 24 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23642]: pam_unix(cron:session): session closed for user root
Jun 24 15:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25426]: pam_unix(cron:session): session closed for user root
Jun 24 15:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: Invalid user admin from 195.178.110.232
Jun 24 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: Failed password for invalid user admin from 195.178.110.232 port 53954 ssh2
Jun 24 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: Connection closed by 195.178.110.232 port 53954 [preauth]
Jun 24 15:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: Invalid user serv from 185.79.139.16
Jun 24 15:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: input_userauth_request: invalid user serv [preauth]
Jun 24 15:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: Failed password for invalid user serv from 185.79.139.16 port 40392 ssh2
Jun 24 15:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: Received disconnect from 185.79.139.16 port 40392:11: Bye Bye [preauth]
Jun 24 15:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: Disconnected from 185.79.139.16 port 40392 [preauth]
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26820]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26883]: Successful su for rubyman by root
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26883]: + ??? root:rubyman
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584441 of user rubyman.
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26883]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584441.
Jun 24 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user root
Jun 24 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25825]: pam_unix(cron:session): session closed for user root
Jun 24 15:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: Invalid user hb from 103.180.212.135
Jun 24 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: input_userauth_request: invalid user hb [preauth]
Jun 24 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: Failed password for invalid user hb from 103.180.212.135 port 59902 ssh2
Jun 24 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: Received disconnect from 103.180.212.135 port 59902:11: Bye Bye [preauth]
Jun 24 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: Disconnected from 103.180.212.135 port 59902 [preauth]
Jun 24 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27301]: Successful su for rubyman by root
Jun 24 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27301]: + ??? root:rubyman
Jun 24 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584446 of user rubyman.
Jun 24 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27301]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584446.
Jun 24 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24607]: pam_unix(cron:session): session closed for user root
Jun 24 15:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: Invalid user admin from 195.178.110.232
Jun 24 15:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: Failed password for invalid user admin from 195.178.110.232 port 56956 ssh2
Jun 24 15:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27553]: Connection closed by 195.178.110.232 port 56956 [preauth]
Jun 24 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26314]: pam_unix(cron:session): session closed for user root
Jun 24 15:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: Connection reset by 198.235.24.42 port 60410 [preauth]
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27654]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27716]: Successful su for rubyman by root
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27716]: + ??? root:rubyman
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584451 of user rubyman.
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27716]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584451.
Jun 24 15:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Invalid user webuser from 185.79.139.16
Jun 24 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: input_userauth_request: invalid user webuser [preauth]
Jun 24 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25032]: pam_unix(cron:session): session closed for user root
Jun 24 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Failed password for invalid user webuser from 185.79.139.16 port 56810 ssh2
Jun 24 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Received disconnect from 185.79.139.16 port 56810:11: Bye Bye [preauth]
Jun 24 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Disconnected from 185.79.139.16 port 56810 [preauth]
Jun 24 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26823]: pam_unix(cron:session): session closed for user root
Jun 24 15:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 15:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: Failed password for root from 38.93.206.2 port 41066 ssh2
Jun 24 15:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: Connection closed by 38.93.206.2 port 41066 [preauth]
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28115]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28183]: Successful su for rubyman by root
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28183]: + ??? root:rubyman
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584454 of user rubyman.
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28183]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584454.
Jun 24 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session closed for user root
Jun 24 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28345]: Received disconnect from 74.48.105.66 port 60484:11: disconnected by user [preauth]
Jun 24 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28345]: Disconnected from 74.48.105.66 port 60484 [preauth]
Jun 24 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28363]: Invalid user admin from 195.178.110.232
Jun 24 15:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28363]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28363]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28363]: Failed password for invalid user admin from 195.178.110.232 port 59970 ssh2
Jun 24 15:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28363]: Connection closed by 195.178.110.232 port 59970 [preauth]
Jun 24 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session closed for user root
Jun 24 15:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Invalid user user from 103.180.212.135
Jun 24 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: input_userauth_request: invalid user user [preauth]
Jun 24 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Failed password for invalid user user from 103.180.212.135 port 39466 ssh2
Jun 24 15:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Received disconnect from 103.180.212.135 port 39466:11: Bye Bye [preauth]
Jun 24 15:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Disconnected from 103.180.212.135 port 39466 [preauth]
Jun 24 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session closed for user root
Jun 24 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: Successful su for rubyman by root
Jun 24 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: + ??? root:rubyman
Jun 24 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584462 of user rubyman.
Jun 24 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584462.
Jun 24 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session closed for user root
Jun 24 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25824]: pam_unix(cron:session): session closed for user root
Jun 24 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Failed password for root from 185.79.139.16 port 41528 ssh2
Jun 24 15:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Received disconnect from 185.79.139.16 port 41528:11: Bye Bye [preauth]
Jun 24 15:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Disconnected from 185.79.139.16 port 41528 [preauth]
Jun 24 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27657]: pam_unix(cron:session): session closed for user root
Jun 24 15:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: Invalid user user from 141.98.83.240
Jun 24 15:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: input_userauth_request: invalid user user [preauth]
Jun 24 15:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: Failed password for invalid user user from 141.98.83.240 port 8578 ssh2
Jun 24 15:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29038]: Invalid user admin from 195.178.110.232
Jun 24 15:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29038]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29038]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: Failed password for invalid user user from 141.98.83.240 port 8578 ssh2
Jun 24 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29038]: Failed password for invalid user admin from 195.178.110.232 port 34750 ssh2
Jun 24 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: Failed password for invalid user user from 141.98.83.240 port 8578 ssh2
Jun 24 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29038]: Connection closed by 195.178.110.232 port 34750 [preauth]
Jun 24 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: Connection closed by 141.98.83.240 port 8578 [preauth]
Jun 24 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29036]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 15:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 15:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29050]: Failed password for root from 202.178.126.219 port 48669 ssh2
Jun 24 15:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29050]: Connection closed by 202.178.126.219 port 48669 [preauth]
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29065]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29136]: Successful su for rubyman by root
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29136]: + ??? root:rubyman
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584463 of user rubyman.
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29136]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584463.
Jun 24 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26313]: pam_unix(cron:session): session closed for user root
Jun 24 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29066]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session closed for user root
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29498]: pam_unix(cron:session): session closed for user root
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29651]: Successful su for rubyman by root
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29651]: + ??? root:rubyman
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584467 of user rubyman.
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29651]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584467.
Jun 24 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session closed for user root
Jun 24 15:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: Invalid user root1 from 185.79.139.16
Jun 24 15:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: input_userauth_request: invalid user root1 [preauth]
Jun 24 15:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: Failed password for invalid user root1 from 185.79.139.16 port 37026 ssh2
Jun 24 15:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: Received disconnect from 185.79.139.16 port 37026:11: Bye Bye [preauth]
Jun 24 15:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: Disconnected from 185.79.139.16 port 37026 [preauth]
Jun 24 15:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 15:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Failed password for root from 103.153.68.219 port 50122 ssh2
Jun 24 15:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Connection closed by 103.153.68.219 port 50122 [preauth]
Jun 24 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session closed for user root
Jun 24 15:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Invalid user admin from 195.178.110.232
Jun 24 15:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Failed password for invalid user admin from 195.178.110.232 port 37794 ssh2
Jun 24 15:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Connection closed by 195.178.110.232 port 37794 [preauth]
Jun 24 15:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Invalid user manager from 103.180.212.135
Jun 24 15:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: input_userauth_request: invalid user manager [preauth]
Jun 24 15:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Failed password for invalid user manager from 103.180.212.135 port 44450 ssh2
Jun 24 15:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Received disconnect from 103.180.212.135 port 44450:11: Bye Bye [preauth]
Jun 24 15:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Disconnected from 103.180.212.135 port 44450 [preauth]
Jun 24 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30032]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30101]: Successful su for rubyman by root
Jun 24 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30101]: + ??? root:rubyman
Jun 24 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584472 of user rubyman.
Jun 24 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30101]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584472.
Jun 24 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27227]: pam_unix(cron:session): session closed for user root
Jun 24 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30033]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29068]: pam_unix(cron:session): session closed for user root
Jun 24 15:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Failed password for root from 80.66.85.226 port 46222 ssh2
Jun 24 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Connection closed by 80.66.85.226 port 46222 [preauth]
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: Successful su for rubyman by root
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: + ??? root:rubyman
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584476 of user rubyman.
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584476.
Jun 24 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session closed for user root
Jun 24 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30446]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: Failed password for root from 185.79.139.16 port 43490 ssh2
Jun 24 15:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: Received disconnect from 185.79.139.16 port 43490:11: Bye Bye [preauth]
Jun 24 15:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: Disconnected from 185.79.139.16 port 43490 [preauth]
Jun 24 15:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30734]: Invalid user admin from 195.178.110.232
Jun 24 15:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30734]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30734]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30734]: Failed password for invalid user admin from 195.178.110.232 port 40808 ssh2
Jun 24 15:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30734]: Connection closed by 195.178.110.232 port 40808 [preauth]
Jun 24 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session closed for user root
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30877]: pam_unix(cron:session): session closed for user root
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30871]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31038]: Successful su for rubyman by root
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31038]: + ??? root:rubyman
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584480 of user rubyman.
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31038]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584480.
Jun 24 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30874]: pam_unix(cron:session): session closed for user root
Jun 24 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28117]: pam_unix(cron:session): session closed for user root
Jun 24 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30873]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30035]: pam_unix(cron:session): session closed for user root
Jun 24 15:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135  user=root
Jun 24 15:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: Failed password for root from 103.180.212.135 port 56052 ssh2
Jun 24 15:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: Received disconnect from 103.180.212.135 port 56052:11: Bye Bye [preauth]
Jun 24 15:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: Disconnected from 103.180.212.135 port 56052 [preauth]
Jun 24 15:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31388]: Invalid user admin from 195.178.110.232
Jun 24 15:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31388]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31388]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31400]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31470]: Successful su for rubyman by root
Jun 24 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31470]: + ??? root:rubyman
Jun 24 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584487 of user rubyman.
Jun 24 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31470]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584487.
Jun 24 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31388]: Failed password for invalid user admin from 195.178.110.232 port 43816 ssh2
Jun 24 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31388]: Connection closed by 195.178.110.232 port 43816 [preauth]
Jun 24 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session closed for user root
Jun 24 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31401]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: Failed password for root from 185.79.139.16 port 33422 ssh2
Jun 24 15:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: Received disconnect from 185.79.139.16 port 33422:11: Bye Bye [preauth]
Jun 24 15:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: Disconnected from 185.79.139.16 port 33422 [preauth]
Jun 24 15:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30448]: pam_unix(cron:session): session closed for user root
Jun 24 15:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31910]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31977]: Successful su for rubyman by root
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31977]: + ??? root:rubyman
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584490 of user rubyman.
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31977]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584490.
Jun 24 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29067]: pam_unix(cron:session): session closed for user root
Jun 24 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31911]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30876]: pam_unix(cron:session): session closed for user root
Jun 24 15:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32267]: Invalid user admin from 195.178.110.232
Jun 24 15:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32267]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32267]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32267]: Failed password for invalid user admin from 195.178.110.232 port 46828 ssh2
Jun 24 15:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32267]: Connection closed by 195.178.110.232 port 46828 [preauth]
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32322]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32387]: Successful su for rubyman by root
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32387]: + ??? root:rubyman
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584494 of user rubyman.
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32387]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584494.
Jun 24 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session closed for user root
Jun 24 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32323]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: Failed password for root from 185.79.139.16 port 51368 ssh2
Jun 24 15:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: Received disconnect from 185.79.139.16 port 51368:11: Bye Bye [preauth]
Jun 24 15:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32619]: Disconnected from 185.79.139.16 port 51368 [preauth]
Jun 24 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31403]: pam_unix(cron:session): session closed for user root
Jun 24 15:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Invalid user marlon from 103.180.212.135
Jun 24 15:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: input_userauth_request: invalid user marlon [preauth]
Jun 24 15:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Failed password for invalid user marlon from 103.180.212.135 port 43112 ssh2
Jun 24 15:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Received disconnect from 103.180.212.135 port 43112:11: Bye Bye [preauth]
Jun 24 15:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Disconnected from 103.180.212.135 port 43112 [preauth]
Jun 24 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32740]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: Successful su for rubyman by root
Jun 24 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: + ??? root:rubyman
Jun 24 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584498 of user rubyman.
Jun 24 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584498.
Jun 24 15:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30034]: pam_unix(cron:session): session closed for user root
Jun 24 15:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32741]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: Failed password for root from 103.77.242.62 port 44606 ssh2
Jun 24 15:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: Connection closed by 103.77.242.62 port 44606 [preauth]
Jun 24 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 15:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: Failed password for root from 103.82.132.16 port 38284 ssh2
Jun 24 15:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: Connection closed by 103.82.132.16 port 38284 [preauth]
Jun 24 15:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Invalid user admin from 195.178.110.232
Jun 24 15:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Failed password for invalid user admin from 195.178.110.232 port 49810 ssh2
Jun 24 15:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[737]: Connection closed by 195.178.110.232 port 49810 [preauth]
Jun 24 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31913]: pam_unix(cron:session): session closed for user root
Jun 24 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[840]: pam_unix(cron:session): session closed for user root
Jun 24 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[913]: Successful su for rubyman by root
Jun 24 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[913]: + ??? root:rubyman
Jun 24 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584502 of user rubyman.
Jun 24 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[913]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584502.
Jun 24 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session closed for user root
Jun 24 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30447]: pam_unix(cron:session): session closed for user root
Jun 24 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[835]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32325]: pam_unix(cron:session): session closed for user root
Jun 24 15:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Failed password for root from 185.79.139.16 port 60876 ssh2
Jun 24 15:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Received disconnect from 185.79.139.16 port 60876:11: Bye Bye [preauth]
Jun 24 15:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Disconnected from 185.79.139.16 port 60876 [preauth]
Jun 24 15:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 24 15:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: Failed password for root from 45.148.10.121 port 43852 ssh2
Jun 24 15:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: Connection closed by 45.148.10.121 port 43852 [preauth]
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1421]: Successful su for rubyman by root
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1421]: + ??? root:rubyman
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584508 of user rubyman.
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1421]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584508.
Jun 24 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30875]: pam_unix(cron:session): session closed for user root
Jun 24 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1339]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Invalid user admin from 195.178.110.232
Jun 24 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Failed password for invalid user admin from 195.178.110.232 port 52832 ssh2
Jun 24 15:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Connection closed by 195.178.110.232 port 52832 [preauth]
Jun 24 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32743]: pam_unix(cron:session): session closed for user root
Jun 24 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135  user=root
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1881]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1972]: Successful su for rubyman by root
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1972]: + ??? root:rubyman
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584513 of user rubyman.
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1972]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584513.
Jun 24 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Failed password for root from 103.180.212.135 port 41152 ssh2
Jun 24 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Received disconnect from 103.180.212.135 port 41152:11: Bye Bye [preauth]
Jun 24 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Disconnected from 103.180.212.135 port 41152 [preauth]
Jun 24 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31402]: pam_unix(cron:session): session closed for user root
Jun 24 15:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1882]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[839]: pam_unix(cron:session): session closed for user root
Jun 24 15:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: Failed password for root from 185.79.139.16 port 56346 ssh2
Jun 24 15:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: Received disconnect from 185.79.139.16 port 56346:11: Bye Bye [preauth]
Jun 24 15:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: Disconnected from 185.79.139.16 port 56346 [preauth]
Jun 24 15:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: User backup from 195.178.110.232 not allowed because not listed in AllowUsers
Jun 24 15:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: input_userauth_request: invalid user backup [preauth]
Jun 24 15:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=backup
Jun 24 15:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: Failed password for invalid user backup from 195.178.110.232 port 55862 ssh2
Jun 24 15:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: Connection closed by 195.178.110.232 port 55862 [preauth]
Jun 24 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2369]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2430]: Successful su for rubyman by root
Jun 24 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2430]: + ??? root:rubyman
Jun 24 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584517 of user rubyman.
Jun 24 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2430]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584517.
Jun 24 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31912]: pam_unix(cron:session): session closed for user root
Jun 24 15:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2370]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1341]: pam_unix(cron:session): session closed for user root
Jun 24 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Failed password for root from 202.178.126.219 port 27745 ssh2
Jun 24 15:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Connection closed by 202.178.126.219 port 27745 [preauth]
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2860]: Successful su for rubyman by root
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2860]: + ??? root:rubyman
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584521 of user rubyman.
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2860]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584521.
Jun 24 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session closed for user root
Jun 24 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2798]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1885]: pam_unix(cron:session): session closed for user root
Jun 24 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: User backup from 195.178.110.232 not allowed because not listed in AllowUsers
Jun 24 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: input_userauth_request: invalid user backup [preauth]
Jun 24 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=backup
Jun 24 15:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Failed password for invalid user backup from 195.178.110.232 port 58888 ssh2
Jun 24 15:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Connection closed by 195.178.110.232 port 58888 [preauth]
Jun 24 15:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Invalid user git from 185.79.139.16
Jun 24 15:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: input_userauth_request: invalid user git [preauth]
Jun 24 15:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Failed password for invalid user git from 185.79.139.16 port 33790 ssh2
Jun 24 15:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Received disconnect from 185.79.139.16 port 33790:11: Bye Bye [preauth]
Jun 24 15:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Disconnected from 185.79.139.16 port 33790 [preauth]
Jun 24 15:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3196]: pam_unix(cron:session): session closed for user root
Jun 24 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3191]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: Successful su for rubyman by root
Jun 24 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: + ??? root:rubyman
Jun 24 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584526 of user rubyman.
Jun 24 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584526.
Jun 24 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Invalid user elozano from 103.180.212.135
Jun 24 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: input_userauth_request: invalid user elozano [preauth]
Jun 24 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3193]: pam_unix(cron:session): session closed for user root
Jun 24 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32742]: pam_unix(cron:session): session closed for user root
Jun 24 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Failed password for invalid user elozano from 103.180.212.135 port 40672 ssh2
Jun 24 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Received disconnect from 103.180.212.135 port 40672:11: Bye Bye [preauth]
Jun 24 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Disconnected from 103.180.212.135 port 40672 [preauth]
Jun 24 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session closed for user root
Jun 24 15:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3577]: Connection closed by 194.59.206.2 port 31272 [preauth]
Jun 24 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3626]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3788]: Successful su for rubyman by root
Jun 24 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3788]: + ??? root:rubyman
Jun 24 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584530 of user rubyman.
Jun 24 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3788]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584530.
Jun 24 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[838]: pam_unix(cron:session): session closed for user root
Jun 24 15:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3627]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: User backup from 195.178.110.232 not allowed because not listed in AllowUsers
Jun 24 15:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: input_userauth_request: invalid user backup [preauth]
Jun 24 15:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=backup
Jun 24 15:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Failed password for invalid user backup from 195.178.110.232 port 33680 ssh2
Jun 24 15:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Connection closed by 195.178.110.232 port 33680 [preauth]
Jun 24 15:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session closed for user root
Jun 24 15:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: Invalid user mexal from 185.79.139.16
Jun 24 15:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: input_userauth_request: invalid user mexal [preauth]
Jun 24 15:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: Failed password for invalid user mexal from 185.79.139.16 port 46274 ssh2
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: Received disconnect from 185.79.139.16 port 46274:11: Bye Bye [preauth]
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: Disconnected from 185.79.139.16 port 46274 [preauth]
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4234]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4298]: Successful su for rubyman by root
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4298]: + ??? root:rubyman
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584535 of user rubyman.
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4298]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584535.
Jun 24 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1340]: pam_unix(cron:session): session closed for user root
Jun 24 15:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4235]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session closed for user root
Jun 24 15:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: User backup from 195.178.110.232 not allowed because not listed in AllowUsers
Jun 24 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: input_userauth_request: invalid user backup [preauth]
Jun 24 15:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=backup
Jun 24 15:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: Failed password for invalid user backup from 195.178.110.232 port 36720 ssh2
Jun 24 15:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: Connection closed by 195.178.110.232 port 36720 [preauth]
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4650]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4647]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4712]: Successful su for rubyman by root
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4712]: + ??? root:rubyman
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584539 of user rubyman.
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4712]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584539.
Jun 24 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1883]: pam_unix(cron:session): session closed for user root
Jun 24 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4648]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: Invalid user support from 193.46.255.86
Jun 24 15:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: input_userauth_request: invalid user support [preauth]
Jun 24 15:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 15:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Invalid user developer from 103.180.212.135
Jun 24 15:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: input_userauth_request: invalid user developer [preauth]
Jun 24 15:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Failed password for invalid user developer from 103.180.212.135 port 53892 ssh2
Jun 24 15:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: Failed password for invalid user support from 193.46.255.86 port 38048 ssh2
Jun 24 15:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Received disconnect from 103.180.212.135 port 53892:11: Bye Bye [preauth]
Jun 24 15:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Disconnected from 103.180.212.135 port 53892 [preauth]
Jun 24 15:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: Failed password for invalid user support from 193.46.255.86 port 38048 ssh2
Jun 24 15:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: Failed password for invalid user support from 193.46.255.86 port 38048 ssh2
Jun 24 15:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: Connection closed by 193.46.255.86 port 38048 [preauth]
Jun 24 15:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5012]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3629]: pam_unix(cron:session): session closed for user root
Jun 24 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5155]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5222]: Successful su for rubyman by root
Jun 24 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5222]: + ??? root:rubyman
Jun 24 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584543 of user rubyman.
Jun 24 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5222]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584543.
Jun 24 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: Invalid user boyd from 185.79.139.16
Jun 24 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: input_userauth_request: invalid user boyd [preauth]
Jun 24 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session closed for user root
Jun 24 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: Failed password for invalid user boyd from 185.79.139.16 port 50762 ssh2
Jun 24 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: Received disconnect from 185.79.139.16 port 50762:11: Bye Bye [preauth]
Jun 24 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: Disconnected from 185.79.139.16 port 50762 [preauth]
Jun 24 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5156]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4238]: pam_unix(cron:session): session closed for user root
Jun 24 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: User backup from 195.178.110.232 not allowed because not listed in AllowUsers
Jun 24 15:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: input_userauth_request: invalid user backup [preauth]
Jun 24 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=backup
Jun 24 15:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: Failed password for invalid user backup from 195.178.110.232 port 39722 ssh2
Jun 24 15:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: Connection closed by 195.178.110.232 port 39722 [preauth]
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5576]: pam_unix(cron:session): session closed for user root
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5568]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: Successful su for rubyman by root
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: + ??? root:rubyman
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584548 of user rubyman.
Jun 24 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5635]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584548.
Jun 24 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5570]: pam_unix(cron:session): session closed for user root
Jun 24 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session closed for user root
Jun 24 15:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5569]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 15:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: Received disconnect from 206.212.244.18 port 35646:11: disconnected by user [preauth]
Jun 24 15:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: Disconnected from 206.212.244.18 port 35646 [preauth]
Jun 24 15:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5859]: Failed password for root from 77.94.47.83 port 55166 ssh2
Jun 24 15:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5859]: Connection closed by 77.94.47.83 port 55166 [preauth]
Jun 24 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4650]: pam_unix(cron:session): session closed for user root
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6053]: Successful su for rubyman by root
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6053]: + ??? root:rubyman
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584554 of user rubyman.
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6053]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584554.
Jun 24 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: Invalid user vivek from 185.79.139.16
Jun 24 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: input_userauth_request: invalid user vivek [preauth]
Jun 24 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session closed for user root
Jun 24 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: Failed password for invalid user vivek from 185.79.139.16 port 35826 ssh2
Jun 24 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: Received disconnect from 185.79.139.16 port 35826:11: Bye Bye [preauth]
Jun 24 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: Disconnected from 185.79.139.16 port 35826 [preauth]
Jun 24 15:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Invalid user rob from 103.180.212.135
Jun 24 15:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: input_userauth_request: invalid user rob [preauth]
Jun 24 15:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Failed password for invalid user rob from 103.180.212.135 port 46670 ssh2
Jun 24 15:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Received disconnect from 103.180.212.135 port 46670:11: Bye Bye [preauth]
Jun 24 15:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Disconnected from 103.180.212.135 port 46670 [preauth]
Jun 24 15:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: User backup from 195.178.110.232 not allowed because not listed in AllowUsers
Jun 24 15:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: input_userauth_request: invalid user backup [preauth]
Jun 24 15:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=backup
Jun 24 15:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Failed password for invalid user backup from 195.178.110.232 port 42724 ssh2
Jun 24 15:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Connection closed by 195.178.110.232 port 42724 [preauth]
Jun 24 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5163]: pam_unix(cron:session): session closed for user root
Jun 24 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6398]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6457]: Successful su for rubyman by root
Jun 24 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6457]: + ??? root:rubyman
Jun 24 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584556 of user rubyman.
Jun 24 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6457]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584556.
Jun 24 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3628]: pam_unix(cron:session): session closed for user root
Jun 24 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6399]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5575]: pam_unix(cron:session): session closed for user root
Jun 24 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: User backup from 195.178.110.232 not allowed because not listed in AllowUsers
Jun 24 15:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: input_userauth_request: invalid user backup [preauth]
Jun 24 15:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232  user=backup
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Failed password for invalid user backup from 195.178.110.232 port 45758 ssh2
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Connection closed by 195.178.110.232 port 45758 [preauth]
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6805]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6865]: Successful su for rubyman by root
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6865]: + ??? root:rubyman
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584561 of user rubyman.
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6865]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584561.
Jun 24 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4236]: pam_unix(cron:session): session closed for user root
Jun 24 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Invalid user webuser from 185.79.139.16
Jun 24 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: input_userauth_request: invalid user webuser [preauth]
Jun 24 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Failed password for invalid user webuser from 185.79.139.16 port 58070 ssh2
Jun 24 15:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Received disconnect from 185.79.139.16 port 58070:11: Bye Bye [preauth]
Jun 24 15:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7141]: Disconnected from 185.79.139.16 port 58070 [preauth]
Jun 24 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session closed for user root
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7297]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: Successful su for rubyman by root
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: + ??? root:rubyman
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584565 of user rubyman.
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584565.
Jun 24 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7294]: pam_unix(cron:session): session closed for user root
Jun 24 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4649]: pam_unix(cron:session): session closed for user root
Jun 24 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7298]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Invalid user ubuntu from 103.180.212.135
Jun 24 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Failed password for invalid user ubuntu from 103.180.212.135 port 43370 ssh2
Jun 24 15:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Received disconnect from 103.180.212.135 port 43370:11: Bye Bye [preauth]
Jun 24 15:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Disconnected from 103.180.212.135 port 43370 [preauth]
Jun 24 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session closed for user root
Jun 24 15:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Invalid user debian from 195.178.110.232
Jun 24 15:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: input_userauth_request: invalid user debian [preauth]
Jun 24 15:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Failed password for invalid user debian from 195.178.110.232 port 48814 ssh2
Jun 24 15:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Connection closed by 195.178.110.232 port 48814 [preauth]
Jun 24 15:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 15:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Failed password for root from 103.176.20.57 port 33318 ssh2
Jun 24 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Connection closed by 103.176.20.57 port 33318 [preauth]
Jun 24 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7893]: pam_unix(cron:session): session closed for user root
Jun 24 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7888]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: Successful su for rubyman by root
Jun 24 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: + ??? root:rubyman
Jun 24 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584573 of user rubyman.
Jun 24 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584573.
Jun 24 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7890]: pam_unix(cron:session): session closed for user root
Jun 24 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5162]: pam_unix(cron:session): session closed for user root
Jun 24 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7889]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Failed password for root from 185.79.139.16 port 34460 ssh2
Jun 24 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Received disconnect from 185.79.139.16 port 34460:11: Bye Bye [preauth]
Jun 24 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Disconnected from 185.79.139.16 port 34460 [preauth]
Jun 24 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session closed for user root
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: Successful su for rubyman by root
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: + ??? root:rubyman
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584576 of user rubyman.
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584576.
Jun 24 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5571]: pam_unix(cron:session): session closed for user root
Jun 24 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: Invalid user debian from 195.178.110.232
Jun 24 15:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: input_userauth_request: invalid user debian [preauth]
Jun 24 15:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: Failed password for invalid user debian from 195.178.110.232 port 51850 ssh2
Jun 24 15:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: Connection closed by 195.178.110.232 port 51850 [preauth]
Jun 24 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7300]: pam_unix(cron:session): session closed for user root
Jun 24 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8708]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8771]: Successful su for rubyman by root
Jun 24 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8771]: + ??? root:rubyman
Jun 24 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584579 of user rubyman.
Jun 24 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8771]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584579.
Jun 24 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session closed for user root
Jun 24 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8709]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Failed password for root from 185.79.139.16 port 52984 ssh2
Jun 24 15:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Received disconnect from 185.79.139.16 port 52984:11: Bye Bye [preauth]
Jun 24 15:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Disconnected from 185.79.139.16 port 52984 [preauth]
Jun 24 15:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Invalid user jeus from 103.180.212.135
Jun 24 15:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: input_userauth_request: invalid user jeus [preauth]
Jun 24 15:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Failed password for invalid user jeus from 103.180.212.135 port 50510 ssh2
Jun 24 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Received disconnect from 103.180.212.135 port 50510:11: Bye Bye [preauth]
Jun 24 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Disconnected from 103.180.212.135 port 50510 [preauth]
Jun 24 15:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7892]: pam_unix(cron:session): session closed for user root
Jun 24 15:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9032]: Received disconnect from 103.57.224.219 port 36916:11: disconnected by user [preauth]
Jun 24 15:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9032]: Disconnected from 103.57.224.219 port 36916 [preauth]
Jun 24 15:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Invalid user debian from 195.178.110.232
Jun 24 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: input_userauth_request: invalid user debian [preauth]
Jun 24 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9111]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9170]: Successful su for rubyman by root
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9170]: + ??? root:rubyman
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584583 of user rubyman.
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9170]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584583.
Jun 24 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Failed password for invalid user debian from 195.178.110.232 port 54872 ssh2
Jun 24 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Connection closed by 195.178.110.232 port 54872 [preauth]
Jun 24 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6400]: pam_unix(cron:session): session closed for user root
Jun 24 15:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9112]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session closed for user root
Jun 24 15:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9504]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9564]: Successful su for rubyman by root
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9564]: + ??? root:rubyman
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584588 of user rubyman.
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9564]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584588.
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Invalid user dezmond from 2.57.121.112
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: input_userauth_request: invalid user dezmond [preauth]
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Failed password for invalid user dezmond from 2.57.121.112 port 48588 ssh2
Jun 24 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session closed for user root
Jun 24 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Failed password for invalid user dezmond from 2.57.121.112 port 48588 ssh2
Jun 24 15:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Failed password for invalid user dezmond from 2.57.121.112 port 48588 ssh2
Jun 24 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Failed password for invalid user dezmond from 2.57.121.112 port 48588 ssh2
Jun 24 15:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Connection closed by 2.57.121.112 port 48588 [preauth]
Jun 24 15:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 15:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 24 15:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Invalid user dezmond from 2.57.121.112
Jun 24 15:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: input_userauth_request: invalid user dezmond [preauth]
Jun 24 15:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 15:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Failed password for invalid user dezmond from 2.57.121.112 port 55430 ssh2
Jun 24 15:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Connection closed by 2.57.121.112 port 55430 [preauth]
Jun 24 15:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: Invalid user cloud from 185.79.139.16
Jun 24 15:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: input_userauth_request: invalid user cloud [preauth]
Jun 24 15:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: Failed password for invalid user cloud from 185.79.139.16 port 49450 ssh2
Jun 24 15:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: Received disconnect from 185.79.139.16 port 49450:11: Bye Bye [preauth]
Jun 24 15:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9815]: Disconnected from 185.79.139.16 port 49450 [preauth]
Jun 24 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8712]: pam_unix(cron:session): session closed for user root
Jun 24 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 15:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: Failed password for root from 51.250.105.222 port 42524 ssh2
Jun 24 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: Connection closed by 51.250.105.222 port 42524 [preauth]
Jun 24 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9853]: Invalid user debian from 195.178.110.232
Jun 24 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9853]: input_userauth_request: invalid user debian [preauth]
Jun 24 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9853]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9853]: Failed password for invalid user debian from 195.178.110.232 port 57908 ssh2
Jun 24 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9853]: Connection closed by 195.178.110.232 port 57908 [preauth]
Jun 24 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: Failed password for root from 103.149.28.157 port 46350 ssh2
Jun 24 15:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: Connection closed by 103.149.28.157 port 46350 [preauth]
Jun 24 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10087]: pam_unix(cron:session): session closed for user root
Jun 24 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10081]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10153]: Successful su for rubyman by root
Jun 24 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10153]: + ??? root:rubyman
Jun 24 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584591 of user rubyman.
Jun 24 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10153]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584591.
Jun 24 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10083]: pam_unix(cron:session): session closed for user root
Jun 24 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7299]: pam_unix(cron:session): session closed for user root
Jun 24 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10082]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Invalid user tidb from 103.180.212.135
Jun 24 15:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: input_userauth_request: invalid user tidb [preauth]
Jun 24 15:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9114]: pam_unix(cron:session): session closed for user root
Jun 24 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Failed password for invalid user tidb from 103.180.212.135 port 39182 ssh2
Jun 24 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Received disconnect from 103.180.212.135 port 39182:11: Bye Bye [preauth]
Jun 24 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Disconnected from 103.180.212.135 port 39182 [preauth]
Jun 24 15:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 15:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: Failed password for root from 62.133.62.83 port 42370 ssh2
Jun 24 15:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: Connection closed by 62.133.62.83 port 42370 [preauth]
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10685]: Successful su for rubyman by root
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10685]: + ??? root:rubyman
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584597 of user rubyman.
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10685]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584597.
Jun 24 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7891]: pam_unix(cron:session): session closed for user root
Jun 24 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10612]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Received disconnect from 86.111.176.100 port 36226:11: disconnected by user [preauth]
Jun 24 15:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Disconnected from 86.111.176.100 port 36226 [preauth]
Jun 24 15:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Invalid user debian from 195.178.110.232
Jun 24 15:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: input_userauth_request: invalid user debian [preauth]
Jun 24 15:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Failed password for invalid user debian from 195.178.110.232 port 60884 ssh2
Jun 24 15:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Connection closed by 195.178.110.232 port 60884 [preauth]
Jun 24 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session closed for user root
Jun 24 15:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Failed password for root from 185.79.139.16 port 58224 ssh2
Jun 24 15:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Received disconnect from 185.79.139.16 port 58224:11: Bye Bye [preauth]
Jun 24 15:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Disconnected from 185.79.139.16 port 58224 [preauth]
Jun 24 15:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 15:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Failed password for root from 141.98.83.240 port 46554 ssh2
Jun 24 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Failed password for root from 141.98.83.240 port 46554 ssh2
Jun 24 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11055]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11118]: Successful su for rubyman by root
Jun 24 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11118]: + ??? root:rubyman
Jun 24 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584601 of user rubyman.
Jun 24 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11118]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584601.
Jun 24 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Failed password for root from 141.98.83.240 port 46554 ssh2
Jun 24 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Connection closed by 141.98.83.240 port 46554 [preauth]
Jun 24 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session closed for user root
Jun 24 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11056]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10085]: pam_unix(cron:session): session closed for user root
Jun 24 15:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: Invalid user debian from 195.178.110.232
Jun 24 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: input_userauth_request: invalid user debian [preauth]
Jun 24 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11473]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: Successful su for rubyman by root
Jun 24 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: + ??? root:rubyman
Jun 24 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584607 of user rubyman.
Jun 24 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584607.
Jun 24 15:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: Failed password for invalid user debian from 195.178.110.232 port 35658 ssh2
Jun 24 15:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: Connection closed by 195.178.110.232 port 35658 [preauth]
Jun 24 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8711]: pam_unix(cron:session): session closed for user root
Jun 24 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11474]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10614]: pam_unix(cron:session): session closed for user root
Jun 24 15:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: Invalid user admin from 103.180.212.135
Jun 24 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: Failed password for invalid user admin from 103.180.212.135 port 58428 ssh2
Jun 24 15:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: Received disconnect from 103.180.212.135 port 58428:11: Bye Bye [preauth]
Jun 24 15:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: Disconnected from 103.180.212.135 port 58428 [preauth]
Jun 24 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: Invalid user admin from 185.79.139.16
Jun 24 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: Failed password for invalid user admin from 185.79.139.16 port 44834 ssh2
Jun 24 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: Received disconnect from 185.79.139.16 port 44834:11: Bye Bye [preauth]
Jun 24 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11858]: Disconnected from 185.79.139.16 port 44834 [preauth]
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11911]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11998]: Successful su for rubyman by root
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11998]: + ??? root:rubyman
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584611 of user rubyman.
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11998]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584611.
Jun 24 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session closed for user root
Jun 24 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11912]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: Failed password for root from 103.172.78.219 port 60074 ssh2
Jun 24 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: Connection closed by 103.172.78.219 port 60074 [preauth]
Jun 24 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11058]: pam_unix(cron:session): session closed for user root
Jun 24 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Invalid user debian from 195.178.110.232
Jun 24 15:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: input_userauth_request: invalid user debian [preauth]
Jun 24 15:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Failed password for invalid user debian from 195.178.110.232 port 38664 ssh2
Jun 24 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Connection closed by 195.178.110.232 port 38664 [preauth]
Jun 24 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session closed for user root
Jun 24 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12465]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12533]: Successful su for rubyman by root
Jun 24 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12533]: + ??? root:rubyman
Jun 24 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584613 of user rubyman.
Jun 24 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12533]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584613.
Jun 24 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session closed for user root
Jun 24 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12467]: pam_unix(cron:session): session closed for user root
Jun 24 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12466]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: Failed password for root from 103.27.238.120 port 39514 ssh2
Jun 24 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12810]: Connection closed by 103.27.238.120 port 39514 [preauth]
Jun 24 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11476]: pam_unix(cron:session): session closed for user root
Jun 24 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: Failed password for root from 87.251.79.125 port 46590 ssh2
Jun 24 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: Connection closed by 87.251.79.125 port 46590 [preauth]
Jun 24 15:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: Failed password for root from 185.79.139.16 port 57424 ssh2
Jun 24 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: Received disconnect from 185.79.139.16 port 57424:11: Bye Bye [preauth]
Jun 24 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12896]: Disconnected from 185.79.139.16 port 57424 [preauth]
Jun 24 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: Successful su for rubyman by root
Jun 24 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: + ??? root:rubyman
Jun 24 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584619 of user rubyman.
Jun 24 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584619.
Jun 24 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10084]: pam_unix(cron:session): session closed for user root
Jun 24 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Invalid user debian from 195.178.110.232
Jun 24 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: input_userauth_request: invalid user debian [preauth]
Jun 24 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session closed for user root
Jun 24 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Failed password for invalid user debian from 195.178.110.232 port 41634 ssh2
Jun 24 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Connection closed by 195.178.110.232 port 41634 [preauth]
Jun 24 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135  user=root
Jun 24 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13282]: Failed password for root from 103.180.212.135 port 56612 ssh2
Jun 24 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13282]: Received disconnect from 103.180.212.135 port 56612:11: Bye Bye [preauth]
Jun 24 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13282]: Disconnected from 103.180.212.135 port 56612 [preauth]
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13337]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13334]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13396]: Successful su for rubyman by root
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13396]: + ??? root:rubyman
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584624 of user rubyman.
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13396]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584624.
Jun 24 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10613]: pam_unix(cron:session): session closed for user root
Jun 24 15:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13335]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12469]: pam_unix(cron:session): session closed for user root
Jun 24 15:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: Invalid user josh from 185.79.139.16
Jun 24 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: input_userauth_request: invalid user josh [preauth]
Jun 24 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: Successful su for rubyman by root
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: + ??? root:rubyman
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584628 of user rubyman.
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584628.
Jun 24 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: Failed password for invalid user josh from 185.79.139.16 port 51750 ssh2
Jun 24 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: Received disconnect from 185.79.139.16 port 51750:11: Bye Bye [preauth]
Jun 24 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13722]: Disconnected from 185.79.139.16 port 51750 [preauth]
Jun 24 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11057]: pam_unix(cron:session): session closed for user root
Jun 24 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13743]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: Invalid user deploy from 195.178.110.232
Jun 24 15:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: input_userauth_request: invalid user deploy [preauth]
Jun 24 15:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: Failed password for invalid user deploy from 195.178.110.232 port 44632 ssh2
Jun 24 15:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: Connection closed by 195.178.110.232 port 44632 [preauth]
Jun 24 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session closed for user root
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14141]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14138]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14199]: Successful su for rubyman by root
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14199]: + ??? root:rubyman
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584632 of user rubyman.
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14199]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584632.
Jun 24 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11475]: pam_unix(cron:session): session closed for user root
Jun 24 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14139]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13337]: pam_unix(cron:session): session closed for user root
Jun 24 15:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Invalid user support from 103.180.212.135
Jun 24 15:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: input_userauth_request: invalid user support [preauth]
Jun 24 15:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Failed password for invalid user support from 103.180.212.135 port 50842 ssh2
Jun 24 15:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Received disconnect from 103.180.212.135 port 50842:11: Bye Bye [preauth]
Jun 24 15:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Disconnected from 103.180.212.135 port 50842 [preauth]
Jun 24 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14537]: pam_unix(cron:session): session closed for user root
Jun 24 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14531]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14602]: Successful su for rubyman by root
Jun 24 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14602]: + ??? root:rubyman
Jun 24 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584637 of user rubyman.
Jun 24 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14602]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584637.
Jun 24 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14534]: pam_unix(cron:session): session closed for user root
Jun 24 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11913]: pam_unix(cron:session): session closed for user root
Jun 24 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14573]: Failed password for root from 185.79.139.16 port 60762 ssh2
Jun 24 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14573]: Received disconnect from 185.79.139.16 port 60762:11: Bye Bye [preauth]
Jun 24 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14573]: Disconnected from 185.79.139.16 port 60762 [preauth]
Jun 24 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14533]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Invalid user deploy from 195.178.110.232
Jun 24 15:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: input_userauth_request: invalid user deploy [preauth]
Jun 24 15:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Failed password for invalid user deploy from 195.178.110.232 port 47616 ssh2
Jun 24 15:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Connection closed by 195.178.110.232 port 47616 [preauth]
Jun 24 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session closed for user root
Jun 24 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: Failed password for root from 38.93.206.2 port 52512 ssh2
Jun 24 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: Connection closed by 38.93.206.2 port 52512 [preauth]
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15122]: Successful su for rubyman by root
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15122]: + ??? root:rubyman
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584641 of user rubyman.
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15122]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584641.
Jun 24 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12468]: pam_unix(cron:session): session closed for user root
Jun 24 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14141]: pam_unix(cron:session): session closed for user root
Jun 24 15:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 15:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: Failed password for root from 147.45.199.80 port 54246 ssh2
Jun 24 15:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15433]: Connection closed by 147.45.199.80 port 54246 [preauth]
Jun 24 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Invalid user deploy from 195.178.110.232
Jun 24 15:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: input_userauth_request: invalid user deploy [preauth]
Jun 24 15:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Failed password for invalid user deploy from 195.178.110.232 port 50616 ssh2
Jun 24 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Connection closed by 195.178.110.232 port 50616 [preauth]
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15455]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: Successful su for rubyman by root
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: + ??? root:rubyman
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584646 of user rubyman.
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584646.
Jun 24 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session closed for user root
Jun 24 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15456]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Failed password for root from 185.79.139.16 port 46912 ssh2
Jun 24 15:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Received disconnect from 185.79.139.16 port 46912:11: Bye Bye [preauth]
Jun 24 15:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Disconnected from 185.79.139.16 port 46912 [preauth]
Jun 24 15:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: Invalid user mitch from 217.76.154.242
Jun 24 15:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: input_userauth_request: invalid user mitch [preauth]
Jun 24 15:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 24 15:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: Failed password for invalid user mitch from 217.76.154.242 port 33178 ssh2
Jun 24 15:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: Connection closed by 217.76.154.242 port 33178 [preauth]
Jun 24 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14536]: pam_unix(cron:session): session closed for user root
Jun 24 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Invalid user admin from 2.57.121.25
Jun 24 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: input_userauth_request: invalid user admin [preauth]
Jun 24 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Failed password for invalid user admin from 2.57.121.25 port 60908 ssh2
Jun 24 15:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Failed password for invalid user admin from 2.57.121.25 port 60908 ssh2
Jun 24 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Failed password for invalid user admin from 2.57.121.25 port 60908 ssh2
Jun 24 15:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Connection closed by 2.57.121.25 port 60908 [preauth]
Jun 24 15:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 15:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: Invalid user sp from 103.180.212.135
Jun 24 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: input_userauth_request: invalid user sp [preauth]
Jun 24 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.180.212.135
Jun 24 15:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: Failed password for invalid user sp from 103.180.212.135 port 42426 ssh2
Jun 24 15:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: Received disconnect from 103.180.212.135 port 42426:11: Bye Bye [preauth]
Jun 24 15:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: Disconnected from 103.180.212.135 port 42426 [preauth]
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: Successful su for rubyman by root
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: + ??? root:rubyman
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584650 of user rubyman.
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584650.
Jun 24 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13336]: pam_unix(cron:session): session closed for user root
Jun 24 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15855]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15055]: pam_unix(cron:session): session closed for user root
Jun 24 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Invalid user deploy from 195.178.110.232
Jun 24 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: input_userauth_request: invalid user deploy [preauth]
Jun 24 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Failed password for invalid user deploy from 195.178.110.232 port 53610 ssh2
Jun 24 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Connection closed by 195.178.110.232 port 53610 [preauth]
Jun 24 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16258]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16256]: pam_unix(cron:session): session closed for user p13x
Jun 24 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16314]: Successful su for rubyman by root
Jun 24 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16314]: + ??? root:rubyman
Jun 24 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584653 of user rubyman.
Jun 24 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16314]: pam_unix(su:session): session closed for user rubyman
Jun 24 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584653.
Jun 24 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session closed for user root
Jun 24 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16258]: pam_unix(cron:session): session closed for user samftp
Jun 24 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 15:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: Failed password for root from 185.79.139.16 port 37274 ssh2
Jun 24 15:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: Received disconnect from 185.79.139.16 port 37274:11: Bye Bye [preauth]
Jun 24 15:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: Disconnected from 185.79.139.16 port 37274 [preauth]
Jun 24 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 15:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Invalid user user from 45.148.10.121
Jun 24 15:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: input_userauth_request: invalid user user [preauth]
Jun 24 15:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 15:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Failed password for invalid user user from 45.148.10.121 port 39912 ssh2
Jun 24 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Connection closed by 45.148.10.121 port 39912 [preauth]
Jun 24 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15458]: pam_unix(cron:session): session closed for user root
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session closed for user root
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16653]: pam_unix(cron:session): session closed for user root
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16651]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: Successful su for rubyman by root
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: + ??? root:rubyman
Jun 24 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584657 of user rubyman.
Jun 24 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584657.
Jun 24 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16654]: pam_unix(cron:session): session closed for user root
Jun 24 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14140]: pam_unix(cron:session): session closed for user root
Jun 24 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16652]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 24 16:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: Failed password for root from 89.223.69.22 port 35864 ssh2
Jun 24 16:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: Connection closed by 89.223.69.22 port 35864 [preauth]
Jun 24 16:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session closed for user root
Jun 24 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Invalid user deploy from 195.178.110.232
Jun 24 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: input_userauth_request: invalid user deploy [preauth]
Jun 24 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 16:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Failed password for invalid user deploy from 195.178.110.232 port 56574 ssh2
Jun 24 16:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Connection closed by 195.178.110.232 port 56574 [preauth]
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17237]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17311]: Successful su for rubyman by root
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17311]: + ??? root:rubyman
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584666 of user rubyman.
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17311]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584666.
Jun 24 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14535]: pam_unix(cron:session): session closed for user root
Jun 24 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Invalid user testuser from 185.79.139.16
Jun 24 16:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: input_userauth_request: invalid user testuser [preauth]
Jun 24 16:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Failed password for invalid user testuser from 185.79.139.16 port 34752 ssh2
Jun 24 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Received disconnect from 185.79.139.16 port 34752:11: Bye Bye [preauth]
Jun 24 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Disconnected from 185.79.139.16 port 34752 [preauth]
Jun 24 16:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16260]: pam_unix(cron:session): session closed for user root
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17748]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17814]: Successful su for rubyman by root
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17814]: + ??? root:rubyman
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584669 of user rubyman.
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17814]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584669.
Jun 24 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session closed for user root
Jun 24 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17738]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: Invalid user deploy from 195.178.110.232
Jun 24 16:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: input_userauth_request: invalid user deploy [preauth]
Jun 24 16:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 16:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: Failed password for invalid user deploy from 195.178.110.232 port 59578 ssh2
Jun 24 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: Connection closed by 195.178.110.232 port 59578 [preauth]
Jun 24 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16656]: pam_unix(cron:session): session closed for user root
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18172]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18242]: Successful su for rubyman by root
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18242]: + ??? root:rubyman
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584674 of user rubyman.
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18242]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584674.
Jun 24 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15457]: pam_unix(cron:session): session closed for user root
Jun 24 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18173]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session closed for user root
Jun 24 16:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 16:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: Failed password for root from 185.79.139.16 port 47250 ssh2
Jun 24 16:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: Received disconnect from 185.79.139.16 port 47250:11: Bye Bye [preauth]
Jun 24 16:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18601]: Disconnected from 185.79.139.16 port 47250 [preauth]
Jun 24 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18750]: Successful su for rubyman by root
Jun 24 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18750]: + ??? root:rubyman
Jun 24 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584677 of user rubyman.
Jun 24 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18750]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584677.
Jun 24 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session closed for user root
Jun 24 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18685]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Invalid user deploy from 195.178.110.232
Jun 24 16:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: input_userauth_request: invalid user deploy [preauth]
Jun 24 16:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Failed password for invalid user deploy from 195.178.110.232 port 34364 ssh2
Jun 24 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Connection closed by 195.178.110.232 port 34364 [preauth]
Jun 24 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17748]: pam_unix(cron:session): session closed for user root
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19103]: pam_unix(cron:session): session closed for user root
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19098]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19264]: Successful su for rubyman by root
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19264]: + ??? root:rubyman
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584681 of user rubyman.
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19264]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584681.
Jun 24 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19100]: pam_unix(cron:session): session closed for user root
Jun 24 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16259]: pam_unix(cron:session): session closed for user root
Jun 24 16:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19099]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18175]: pam_unix(cron:session): session closed for user root
Jun 24 16:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16  user=root
Jun 24 16:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Failed password for root from 185.79.139.16 port 35322 ssh2
Jun 24 16:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Received disconnect from 185.79.139.16 port 35322:11: Bye Bye [preauth]
Jun 24 16:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Disconnected from 185.79.139.16 port 35322 [preauth]
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19922]: Successful su for rubyman by root
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19922]: + ??? root:rubyman
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584688 of user rubyman.
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19922]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584688.
Jun 24 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16655]: pam_unix(cron:session): session closed for user root
Jun 24 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: Invalid user deploy from 195.178.110.232
Jun 24 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: input_userauth_request: invalid user deploy [preauth]
Jun 24 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.232
Jun 24 16:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: Failed password for invalid user deploy from 195.178.110.232 port 37352 ssh2
Jun 24 16:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: Connection closed by 195.178.110.232 port 37352 [preauth]
Jun 24 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18687]: pam_unix(cron:session): session closed for user root
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20361]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20428]: Successful su for rubyman by root
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20428]: + ??? root:rubyman
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584690 of user rubyman.
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20428]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584690.
Jun 24 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17239]: pam_unix(cron:session): session closed for user root
Jun 24 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20362]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19102]: pam_unix(cron:session): session closed for user root
Jun 24 16:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Invalid user admin from 185.79.139.16
Jun 24 16:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: input_userauth_request: invalid user admin [preauth]
Jun 24 16:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.79.139.16
Jun 24 16:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Failed password for invalid user admin from 185.79.139.16 port 50562 ssh2
Jun 24 16:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Received disconnect from 185.79.139.16 port 50562:11: Bye Bye [preauth]
Jun 24 16:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Disconnected from 185.79.139.16 port 50562 [preauth]
Jun 24 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20924]: Successful su for rubyman by root
Jun 24 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20924]: + ??? root:rubyman
Jun 24 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584694 of user rubyman.
Jun 24 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20924]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584694.
Jun 24 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17740]: pam_unix(cron:session): session closed for user root
Jun 24 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: Failed password for root from 193.37.70.224 port 35404 ssh2
Jun 24 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20945]: Connection closed by 193.37.70.224 port 35404 [preauth]
Jun 24 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20861]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session closed for user root
Jun 24 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21263]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: Successful su for rubyman by root
Jun 24 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: + ??? root:rubyman
Jun 24 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584698 of user rubyman.
Jun 24 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584698.
Jun 24 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21261]: pam_unix(cron:session): session closed for user root
Jun 24 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18174]: pam_unix(cron:session): session closed for user root
Jun 24 16:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 24 16:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Received disconnect from 209.90.232.26 port 33144:11: disconnected by user [preauth]
Jun 24 16:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Disconnected from 209.90.232.26 port 33144 [preauth]
Jun 24 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20366]: pam_unix(cron:session): session closed for user root
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21798]: pam_unix(cron:session): session closed for user root
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21793]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21873]: Successful su for rubyman by root
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21873]: + ??? root:rubyman
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584703 of user rubyman.
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21873]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584703.
Jun 24 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21795]: pam_unix(cron:session): session closed for user root
Jun 24 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18686]: pam_unix(cron:session): session closed for user root
Jun 24 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21794]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20863]: pam_unix(cron:session): session closed for user root
Jun 24 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22232]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22392]: Successful su for rubyman by root
Jun 24 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22392]: + ??? root:rubyman
Jun 24 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584711 of user rubyman.
Jun 24 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22392]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584711.
Jun 24 16:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19101]: pam_unix(cron:session): session closed for user root
Jun 24 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22233]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session closed for user root
Jun 24 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22721]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: Successful su for rubyman by root
Jun 24 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: + ??? root:rubyman
Jun 24 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584714 of user rubyman.
Jun 24 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584714.
Jun 24 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session closed for user root
Jun 24 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22722]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21797]: pam_unix(cron:session): session closed for user root
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23119]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23179]: Successful su for rubyman by root
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23179]: + ??? root:rubyman
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584718 of user rubyman.
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23179]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584718.
Jun 24 16:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20363]: pam_unix(cron:session): session closed for user root
Jun 24 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23120]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22235]: pam_unix(cron:session): session closed for user root
Jun 24 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23548]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23610]: Successful su for rubyman by root
Jun 24 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23610]: + ??? root:rubyman
Jun 24 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584722 of user rubyman.
Jun 24 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23610]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584722.
Jun 24 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20862]: pam_unix(cron:session): session closed for user root
Jun 24 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23550]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22725]: pam_unix(cron:session): session closed for user root
Jun 24 16:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 16:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Failed password for root from 194.113.233.25 port 58846 ssh2
Jun 24 16:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Connection closed by 194.113.233.25 port 58846 [preauth]
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session closed for user root
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24058]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: Successful su for rubyman by root
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: + ??? root:rubyman
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584727 of user rubyman.
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584727.
Jun 24 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24060]: pam_unix(cron:session): session closed for user root
Jun 24 16:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session closed for user root
Jun 24 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24059]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23122]: pam_unix(cron:session): session closed for user root
Jun 24 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Did not receive identification string from 2.57.122.150
Jun 24 16:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 16:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: Failed password for root from 109.237.96.109 port 50782 ssh2
Jun 24 16:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24496]: Connection closed by 109.237.96.109 port 50782 [preauth]
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24585]: Successful su for rubyman by root
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24585]: + ??? root:rubyman
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584732 of user rubyman.
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24585]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584732.
Jun 24 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21796]: pam_unix(cron:session): session closed for user root
Jun 24 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24516]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23552]: pam_unix(cron:session): session closed for user root
Jun 24 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session closed for user root
Jun 24 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24939]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: Successful su for rubyman by root
Jun 24 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: + ??? root:rubyman
Jun 24 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584735 of user rubyman.
Jun 24 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584735.
Jun 24 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22234]: pam_unix(cron:session): session closed for user root
Jun 24 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24940]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24062]: pam_unix(cron:session): session closed for user root
Jun 24 16:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: Invalid user ubnt from 141.98.83.240
Jun 24 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: input_userauth_request: invalid user ubnt [preauth]
Jun 24 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: Failed password for invalid user ubnt from 141.98.83.240 port 53538 ssh2
Jun 24 16:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: Failed password for invalid user ubnt from 141.98.83.240 port 53538 ssh2
Jun 24 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: Failed password for invalid user ubnt from 141.98.83.240 port 53538 ssh2
Jun 24 16:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: Connection closed by 141.98.83.240 port 53538 [preauth]
Jun 24 16:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25338]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25399]: Successful su for rubyman by root
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25399]: + ??? root:rubyman
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584740 of user rubyman.
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25399]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584740.
Jun 24 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22724]: pam_unix(cron:session): session closed for user root
Jun 24 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25339]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: Failed password for root from 103.27.238.114 port 60858 ssh2
Jun 24 16:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: Connection closed by 103.27.238.114 port 60858 [preauth]
Jun 24 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session closed for user root
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25728]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: Successful su for rubyman by root
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: + ??? root:rubyman
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584744 of user rubyman.
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584744.
Jun 24 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23121]: pam_unix(cron:session): session closed for user root
Jun 24 16:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25729]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24942]: pam_unix(cron:session): session closed for user root
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session closed for user root
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26194]: Successful su for rubyman by root
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26194]: + ??? root:rubyman
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584751 of user rubyman.
Jun 24 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26194]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584751.
Jun 24 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session closed for user root
Jun 24 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23551]: pam_unix(cron:session): session closed for user root
Jun 24 16:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26124]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: Failed password for root from 2.57.122.150 port 54520 ssh2
Jun 24 16:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26421]: Connection closed by 2.57.122.150 port 54520 [preauth]
Jun 24 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session closed for user root
Jun 24 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: Received disconnect from 185.134.49.116 port 47324:11: disconnected by user [preauth]
Jun 24 16:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: Disconnected from 185.134.49.116 port 47324 [preauth]
Jun 24 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26549]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26621]: Successful su for rubyman by root
Jun 24 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26621]: + ??? root:rubyman
Jun 24 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584754 of user rubyman.
Jun 24 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26621]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584754.
Jun 24 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24061]: pam_unix(cron:session): session closed for user root
Jun 24 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26550]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25731]: pam_unix(cron:session): session closed for user root
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27032]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: Successful su for rubyman by root
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: + ??? root:rubyman
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584758 of user rubyman.
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584758.
Jun 24 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24517]: pam_unix(cron:session): session closed for user root
Jun 24 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27033]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Failed password for root from 2.57.122.150 port 57374 ssh2
Jun 24 16:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Connection closed by 2.57.122.150 port 57374 [preauth]
Jun 24 16:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26127]: pam_unix(cron:session): session closed for user root
Jun 24 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27457]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27525]: Successful su for rubyman by root
Jun 24 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27525]: + ??? root:rubyman
Jun 24 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584763 of user rubyman.
Jun 24 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27525]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584763.
Jun 24 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24941]: pam_unix(cron:session): session closed for user root
Jun 24 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27458]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26552]: pam_unix(cron:session): session closed for user root
Jun 24 16:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 16:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: Failed password for root from 103.82.20.28 port 55760 ssh2
Jun 24 16:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: Connection closed by 103.82.20.28 port 55760 [preauth]
Jun 24 16:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Failed password for root from 2.57.122.150 port 60208 ssh2
Jun 24 16:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Connection closed by 2.57.122.150 port 60208 [preauth]
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27878]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27941]: Successful su for rubyman by root
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27941]: + ??? root:rubyman
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584766 of user rubyman.
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27941]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584766.
Jun 24 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25340]: pam_unix(cron:session): session closed for user root
Jun 24 16:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27879]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 16:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Failed password for root from 103.77.175.15 port 42456 ssh2
Jun 24 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Connection closed by 103.77.175.15 port 42456 [preauth]
Jun 24 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27035]: pam_unix(cron:session): session closed for user root
Jun 24 16:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Received disconnect from 107.172.80.207 port 54874:11: disconnected by user [preauth]
Jun 24 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Disconnected from 107.172.80.207 port 54874 [preauth]
Jun 24 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 16:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Failed password for root from 202.178.126.219 port 28744 ssh2
Jun 24 16:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Connection closed by 202.178.126.219 port 28744 [preauth]
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28337]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session closed for user root
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28333]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28400]: Successful su for rubyman by root
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28400]: + ??? root:rubyman
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584773 of user rubyman.
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28400]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584773.
Jun 24 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28335]: pam_unix(cron:session): session closed for user root
Jun 24 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25730]: pam_unix(cron:session): session closed for user root
Jun 24 16:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27460]: pam_unix(cron:session): session closed for user root
Jun 24 16:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: Failed password for root from 176.32.39.21 port 45018 ssh2
Jun 24 16:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: Connection closed by 176.32.39.21 port 45018 [preauth]
Jun 24 16:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28818]: Failed password for root from 2.57.122.150 port 34752 ssh2
Jun 24 16:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28818]: Connection closed by 2.57.122.150 port 34752 [preauth]
Jun 24 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28867]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28947]: Successful su for rubyman by root
Jun 24 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28947]: + ??? root:rubyman
Jun 24 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584776 of user rubyman.
Jun 24 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28947]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584776.
Jun 24 16:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session closed for user root
Jun 24 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28868]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 16:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Failed password for root from 103.15.222.183 port 50384 ssh2
Jun 24 16:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Connection closed by 103.15.222.183 port 50384 [preauth]
Jun 24 16:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27881]: pam_unix(cron:session): session closed for user root
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29313]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29371]: Successful su for rubyman by root
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29371]: + ??? root:rubyman
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584782 of user rubyman.
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29371]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584782.
Jun 24 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26551]: pam_unix(cron:session): session closed for user root
Jun 24 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Failed password for root from 2.57.122.150 port 37542 ssh2
Jun 24 16:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Connection closed by 2.57.122.150 port 37542 [preauth]
Jun 24 16:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28337]: pam_unix(cron:session): session closed for user root
Jun 24 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29844]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29911]: Successful su for rubyman by root
Jun 24 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29911]: + ??? root:rubyman
Jun 24 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584787 of user rubyman.
Jun 24 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29911]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584787.
Jun 24 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27034]: pam_unix(cron:session): session closed for user root
Jun 24 16:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28870]: pam_unix(cron:session): session closed for user root
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30258]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30323]: Successful su for rubyman by root
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30323]: + ??? root:rubyman
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584789 of user rubyman.
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30323]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584789.
Jun 24 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27459]: pam_unix(cron:session): session closed for user root
Jun 24 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30259]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Failed password for root from 2.57.122.150 port 40316 ssh2
Jun 24 16:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Connection closed by 2.57.122.150 port 40316 [preauth]
Jun 24 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session closed for user root
Jun 24 16:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: Received disconnect from 148.113.190.153 port 59198:11: disconnected by user [preauth]
Jun 24 16:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: Disconnected from 148.113.190.153 port 59198 [preauth]
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30681]: pam_unix(cron:session): session closed for user root
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30675]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: Successful su for rubyman by root
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: + ??? root:rubyman
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584792 of user rubyman.
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584792.
Jun 24 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30677]: pam_unix(cron:session): session closed for user root
Jun 24 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27880]: pam_unix(cron:session): session closed for user root
Jun 24 16:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30676]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29847]: pam_unix(cron:session): session closed for user root
Jun 24 16:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31152]: Connection closed by 194.59.206.2 port 58876 [preauth]
Jun 24 16:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: Invalid user administrator from 193.46.255.86
Jun 24 16:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: input_userauth_request: invalid user administrator [preauth]
Jun 24 16:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 16:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: Failed password for invalid user administrator from 193.46.255.86 port 54728 ssh2
Jun 24 16:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: Failed password for invalid user administrator from 193.46.255.86 port 54728 ssh2
Jun 24 16:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: Failed password for invalid user administrator from 193.46.255.86 port 54728 ssh2
Jun 24 16:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: Connection closed by 193.46.255.86 port 54728 [preauth]
Jun 24 16:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 16:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: Failed password for root from 2.57.122.150 port 43090 ssh2
Jun 24 16:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: Connection closed by 2.57.122.150 port 43090 [preauth]
Jun 24 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31208]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31280]: Successful su for rubyman by root
Jun 24 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31280]: + ??? root:rubyman
Jun 24 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584799 of user rubyman.
Jun 24 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31280]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584799.
Jun 24 16:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28336]: pam_unix(cron:session): session closed for user root
Jun 24 16:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31209]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30261]: pam_unix(cron:session): session closed for user root
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31716]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31783]: Successful su for rubyman by root
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31783]: + ??? root:rubyman
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584803 of user rubyman.
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31783]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584803.
Jun 24 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28869]: pam_unix(cron:session): session closed for user root
Jun 24 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31717]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30680]: pam_unix(cron:session): session closed for user root
Jun 24 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 24 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Failed password for root from 2.57.122.150 port 45798 ssh2
Jun 24 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: Failed password for root from 45.148.10.121 port 50568 ssh2
Jun 24 16:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: Connection closed by 45.148.10.121 port 50568 [preauth]
Jun 24 16:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Connection closed by 2.57.122.150 port 45798 [preauth]
Jun 24 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32135]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32200]: Successful su for rubyman by root
Jun 24 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32200]: + ??? root:rubyman
Jun 24 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584807 of user rubyman.
Jun 24 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32200]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584807.
Jun 24 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session closed for user root
Jun 24 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32137]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31211]: pam_unix(cron:session): session closed for user root
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: Successful su for rubyman by root
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: + ??? root:rubyman
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584810 of user rubyman.
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584810.
Jun 24 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session closed for user root
Jun 24 16:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32536]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 16:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: Failed password for root from 80.66.85.226 port 36708 ssh2
Jun 24 16:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[327]: Failed password for root from 2.57.122.150 port 48530 ssh2
Jun 24 16:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: Connection closed by 80.66.85.226 port 36708 [preauth]
Jun 24 16:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[327]: Connection closed by 2.57.122.150 port 48530 [preauth]
Jun 24 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31719]: pam_unix(cron:session): session closed for user root
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session closed for user root
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[626]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[703]: Successful su for rubyman by root
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[703]: + ??? root:rubyman
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584816 of user rubyman.
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[703]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584816.
Jun 24 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[628]: pam_unix(cron:session): session closed for user root
Jun 24 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30260]: pam_unix(cron:session): session closed for user root
Jun 24 16:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 16:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Failed password for root from 103.27.238.116 port 57956 ssh2
Jun 24 16:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Connection closed by 103.27.238.116 port 57956 [preauth]
Jun 24 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32139]: pam_unix(cron:session): session closed for user root
Jun 24 16:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: Failed password for root from 2.57.122.150 port 51240 ssh2
Jun 24 16:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: Connection closed by 2.57.122.150 port 51240 [preauth]
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1118]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: Successful su for rubyman by root
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: + ??? root:rubyman
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584820 of user rubyman.
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584820.
Jun 24 16:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30678]: pam_unix(cron:session): session closed for user root
Jun 24 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 16:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: Failed password for root from 103.122.221.179 port 38870 ssh2
Jun 24 16:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: Connection closed by 103.122.221.179 port 38870 [preauth]
Jun 24 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32538]: pam_unix(cron:session): session closed for user root
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1666]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1739]: Successful su for rubyman by root
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1739]: + ??? root:rubyman
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584824 of user rubyman.
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1739]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584824.
Jun 24 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31210]: pam_unix(cron:session): session closed for user root
Jun 24 16:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1667]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[631]: pam_unix(cron:session): session closed for user root
Jun 24 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Failed password for root from 2.57.122.150 port 53966 ssh2
Jun 24 16:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Connection closed by 2.57.122.150 port 53966 [preauth]
Jun 24 16:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 16:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2096]: Failed password for root from 38.93.206.2 port 6236 ssh2
Jun 24 16:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2096]: Connection closed by 38.93.206.2 port 6236 [preauth]
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2159]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2154]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2229]: Successful su for rubyman by root
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2229]: + ??? root:rubyman
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584829 of user rubyman.
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2229]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584829.
Jun 24 16:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31718]: pam_unix(cron:session): session closed for user root
Jun 24 16:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2155]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1121]: pam_unix(cron:session): session closed for user root
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2582]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2704]: Successful su for rubyman by root
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2704]: + ??? root:rubyman
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584833 of user rubyman.
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2704]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584833.
Jun 24 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2580]: pam_unix(cron:session): session closed for user root
Jun 24 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32138]: pam_unix(cron:session): session closed for user root
Jun 24 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2584]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2956]: Failed password for root from 2.57.122.150 port 56660 ssh2
Jun 24 16:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2956]: Connection closed by 2.57.122.150 port 56660 [preauth]
Jun 24 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1669]: pam_unix(cron:session): session closed for user root
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session closed for user root
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3075]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3145]: Successful su for rubyman by root
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3145]: + ??? root:rubyman
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584837 of user rubyman.
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3145]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584837.
Jun 24 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session closed for user root
Jun 24 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session closed for user root
Jun 24 16:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2159]: pam_unix(cron:session): session closed for user root
Jun 24 16:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Failed password for root from 2.57.122.150 port 59366 ssh2
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Connection closed by 2.57.122.150 port 59366 [preauth]
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3583]: Successful su for rubyman by root
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3583]: + ??? root:rubyman
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584843 of user rubyman.
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3583]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584843.
Jun 24 16:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[630]: pam_unix(cron:session): session closed for user root
Jun 24 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3512]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2587]: pam_unix(cron:session): session closed for user root
Jun 24 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4109]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4174]: Successful su for rubyman by root
Jun 24 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4174]: + ??? root:rubyman
Jun 24 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584848 of user rubyman.
Jun 24 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4174]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584848.
Jun 24 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session closed for user root
Jun 24 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4110]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3079]: pam_unix(cron:session): session closed for user root
Jun 24 16:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Failed password for root from 2.57.122.150 port 33854 ssh2
Jun 24 16:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Connection closed by 2.57.122.150 port 33854 [preauth]
Jun 24 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4528]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: Successful su for rubyman by root
Jun 24 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: + ??? root:rubyman
Jun 24 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584851 of user rubyman.
Jun 24 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584851.
Jun 24 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1668]: pam_unix(cron:session): session closed for user root
Jun 24 16:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4529]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 16:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: Failed password for root from 103.153.68.219 port 50272 ssh2
Jun 24 16:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: Connection closed by 103.153.68.219 port 50272 [preauth]
Jun 24 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3514]: pam_unix(cron:session): session closed for user root
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5041]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5099]: Successful su for rubyman by root
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5099]: + ??? root:rubyman
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584855 of user rubyman.
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5099]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584855.
Jun 24 16:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2158]: pam_unix(cron:session): session closed for user root
Jun 24 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5042]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: Failed password for root from 2.57.122.150 port 36540 ssh2
Jun 24 16:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: Connection closed by 2.57.122.150 port 36540 [preauth]
Jun 24 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4112]: pam_unix(cron:session): session closed for user root
Jun 24 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5457]: pam_unix(cron:session): session closed for user root
Jun 24 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5451]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: Successful su for rubyman by root
Jun 24 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: + ??? root:rubyman
Jun 24 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584860 of user rubyman.
Jun 24 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584860.
Jun 24 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5453]: pam_unix(cron:session): session closed for user root
Jun 24 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2585]: pam_unix(cron:session): session closed for user root
Jun 24 16:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5452]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4531]: pam_unix(cron:session): session closed for user root
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5869]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5933]: Successful su for rubyman by root
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5933]: + ??? root:rubyman
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584865 of user rubyman.
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5933]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584865.
Jun 24 16:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3078]: pam_unix(cron:session): session closed for user root
Jun 24 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5870]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Failed password for root from 2.57.122.150 port 39242 ssh2
Jun 24 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Connection closed by 2.57.122.150 port 39242 [preauth]
Jun 24 16:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5044]: pam_unix(cron:session): session closed for user root
Jun 24 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6328]: Successful su for rubyman by root
Jun 24 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6328]: + ??? root:rubyman
Jun 24 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584870 of user rubyman.
Jun 24 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6328]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584870.
Jun 24 16:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3513]: pam_unix(cron:session): session closed for user root
Jun 24 16:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5456]: pam_unix(cron:session): session closed for user root
Jun 24 16:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6619]: Failed password for root from 2.57.122.150 port 41978 ssh2
Jun 24 16:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6619]: Connection closed by 2.57.122.150 port 41978 [preauth]
Jun 24 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6660]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: Successful su for rubyman by root
Jun 24 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: + ??? root:rubyman
Jun 24 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584873 of user rubyman.
Jun 24 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584873.
Jun 24 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4111]: pam_unix(cron:session): session closed for user root
Jun 24 16:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6661]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Invalid user user1 from 141.98.83.240
Jun 24 16:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: input_userauth_request: invalid user user1 [preauth]
Jun 24 16:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 16:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Failed password for invalid user user1 from 141.98.83.240 port 39020 ssh2
Jun 24 16:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Failed password for invalid user user1 from 141.98.83.240 port 39020 ssh2
Jun 24 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Failed password for invalid user user1 from 141.98.83.240 port 39020 ssh2
Jun 24 16:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Connection closed by 141.98.83.240 port 39020 [preauth]
Jun 24 16:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5872]: pam_unix(cron:session): session closed for user root
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7162]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7235]: Successful su for rubyman by root
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7235]: + ??? root:rubyman
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584879 of user rubyman.
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7235]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584879.
Jun 24 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4530]: pam_unix(cron:session): session closed for user root
Jun 24 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7164]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: Failed password for root from 103.82.132.16 port 38746 ssh2
Jun 24 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: Connection closed by 103.82.132.16 port 38746 [preauth]
Jun 24 16:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150  user=root
Jun 24 16:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: Failed password for root from 2.57.122.150 port 44678 ssh2
Jun 24 16:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: Connection closed by 2.57.122.150 port 44678 [preauth]
Jun 24 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session closed for user root
Jun 24 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session closed for user root
Jun 24 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7573]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7745]: Successful su for rubyman by root
Jun 24 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7745]: + ??? root:rubyman
Jun 24 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584883 of user rubyman.
Jun 24 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7745]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584883.
Jun 24 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7575]: pam_unix(cron:session): session closed for user root
Jun 24 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5043]: pam_unix(cron:session): session closed for user root
Jun 24 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7574]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6663]: pam_unix(cron:session): session closed for user root
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8084]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8155]: Successful su for rubyman by root
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8155]: + ??? root:rubyman
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584887 of user rubyman.
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8155]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584887.
Jun 24 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Invalid user admin from 2.57.122.150
Jun 24 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: input_userauth_request: invalid user admin [preauth]
Jun 24 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.150
Jun 24 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5455]: pam_unix(cron:session): session closed for user root
Jun 24 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8085]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Failed password for invalid user admin from 2.57.122.150 port 47346 ssh2
Jun 24 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Connection closed by 2.57.122.150 port 47346 [preauth]
Jun 24 16:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 16:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: Failed password for root from 103.77.242.62 port 55290 ssh2
Jun 24 16:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: Connection closed by 103.77.242.62 port 55290 [preauth]
Jun 24 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7167]: pam_unix(cron:session): session closed for user root
Jun 24 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8558]: Successful su for rubyman by root
Jun 24 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8558]: + ??? root:rubyman
Jun 24 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584891 of user rubyman.
Jun 24 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8558]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584891.
Jun 24 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5871]: pam_unix(cron:session): session closed for user root
Jun 24 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8489]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7577]: pam_unix(cron:session): session closed for user root
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8886]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: Successful su for rubyman by root
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: + ??? root:rubyman
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584896 of user rubyman.
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584896.
Jun 24 16:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session closed for user root
Jun 24 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8887]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session closed for user root
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9281]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9342]: Successful su for rubyman by root
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9342]: + ??? root:rubyman
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584900 of user rubyman.
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9342]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584900.
Jun 24 16:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6662]: pam_unix(cron:session): session closed for user root
Jun 24 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8491]: pam_unix(cron:session): session closed for user root
Jun 24 16:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Received disconnect from 50.7.233.211 port 18868:11: disconnected by user [preauth]
Jun 24 16:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Disconnected from 50.7.233.211 port 18868 [preauth]
Jun 24 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9679]: pam_unix(cron:session): session closed for user root
Jun 24 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9674]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9743]: Successful su for rubyman by root
Jun 24 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9743]: + ??? root:rubyman
Jun 24 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584903 of user rubyman.
Jun 24 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9743]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584903.
Jun 24 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9676]: pam_unix(cron:session): session closed for user root
Jun 24 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7165]: pam_unix(cron:session): session closed for user root
Jun 24 16:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9675]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Failed password for root from 77.94.47.83 port 57598 ssh2
Jun 24 16:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Connection closed by 77.94.47.83 port 57598 [preauth]
Jun 24 16:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8889]: pam_unix(cron:session): session closed for user root
Jun 24 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10372]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10441]: Successful su for rubyman by root
Jun 24 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10441]: + ??? root:rubyman
Jun 24 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584909 of user rubyman.
Jun 24 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10441]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584909.
Jun 24 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7576]: pam_unix(cron:session): session closed for user root
Jun 24 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: Received disconnect from 107.175.141.21 port 55564:11: disconnected by user [preauth]
Jun 24 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: Disconnected from 107.175.141.21 port 55564 [preauth]
Jun 24 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10373]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9284]: pam_unix(cron:session): session closed for user root
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: Successful su for rubyman by root
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: + ??? root:rubyman
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584913 of user rubyman.
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584913.
Jun 24 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8086]: pam_unix(cron:session): session closed for user root
Jun 24 16:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10796]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9678]: pam_unix(cron:session): session closed for user root
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11268]: Successful su for rubyman by root
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11268]: + ??? root:rubyman
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584918 of user rubyman.
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11268]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584918.
Jun 24 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8490]: pam_unix(cron:session): session closed for user root
Jun 24 16:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10376]: pam_unix(cron:session): session closed for user root
Jun 24 16:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 24 16:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:64.227.90.185
Jun 24 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11631]: pam_unix(cron:session): session closed for user p13x
Jun 24 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11689]: Successful su for rubyman by root
Jun 24 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11689]: + ??? root:rubyman
Jun 24 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584921 of user rubyman.
Jun 24 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11689]: pam_unix(su:session): session closed for user rubyman
Jun 24 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584921.
Jun 24 16:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8888]: pam_unix(cron:session): session closed for user root
Jun 24 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11632]: pam_unix(cron:session): session closed for user samftp
Jun 24 16:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10798]: pam_unix(cron:session): session closed for user root
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session closed for user root
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session closed for user root
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12084]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12171]: Successful su for rubyman by root
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12171]: + ??? root:rubyman
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584925 of user rubyman.
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12171]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584925.
Jun 24 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12087]: pam_unix(cron:session): session closed for user root
Jun 24 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9283]: pam_unix(cron:session): session closed for user root
Jun 24 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12085]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session closed for user root
Jun 24 17:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Received disconnect from 192.3.206.66 port 37144:11: disconnected by user [preauth]
Jun 24 17:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Disconnected from 192.3.206.66 port 37144 [preauth]
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12705]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12779]: Successful su for rubyman by root
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12779]: + ??? root:rubyman
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584932 of user rubyman.
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12779]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584932.
Jun 24 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9677]: pam_unix(cron:session): session closed for user root
Jun 24 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12706]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11634]: pam_unix(cron:session): session closed for user root
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13206]: Successful su for rubyman by root
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13206]: + ??? root:rubyman
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584936 of user rubyman.
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13206]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584936.
Jun 24 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10374]: pam_unix(cron:session): session closed for user root
Jun 24 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Invalid user admin from 2.57.121.25
Jun 24 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: input_userauth_request: invalid user admin [preauth]
Jun 24 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 17:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Failed password for invalid user admin from 2.57.121.25 port 54332 ssh2
Jun 24 17:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Failed password for invalid user admin from 2.57.121.25 port 54332 ssh2
Jun 24 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Failed password for invalid user admin from 2.57.121.25 port 54332 ssh2
Jun 24 17:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Connection closed by 2.57.121.25 port 54332 [preauth]
Jun 24 17:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session closed for user root
Jun 24 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13541]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13542]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13539]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13602]: Successful su for rubyman by root
Jun 24 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13602]: + ??? root:rubyman
Jun 24 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584942 of user rubyman.
Jun 24 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13602]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584942.
Jun 24 17:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10797]: pam_unix(cron:session): session closed for user root
Jun 24 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13540]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12709]: pam_unix(cron:session): session closed for user root
Jun 24 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Invalid user  from 64.62.197.143
Jun 24 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: input_userauth_request: invalid user  [preauth]
Jun 24 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Connection closed by 64.62.197.143 port 3339 [preauth]
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: Successful su for rubyman by root
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: + ??? root:rubyman
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584945 of user rubyman.
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584945.
Jun 24 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session closed for user root
Jun 24 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 17:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14195]: Failed password for root from 62.133.62.83 port 54866 ssh2
Jun 24 17:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14195]: Connection closed by 62.133.62.83 port 54866 [preauth]
Jun 24 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13138]: pam_unix(cron:session): session closed for user root
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14343]: pam_unix(cron:session): session closed for user root
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: Successful su for rubyman by root
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: + ??? root:rubyman
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584950 of user rubyman.
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584950.
Jun 24 17:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session closed for user root
Jun 24 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11633]: pam_unix(cron:session): session closed for user root
Jun 24 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14339]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14613]: Invalid user ubnt from 45.148.10.121
Jun 24 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14613]: input_userauth_request: invalid user ubnt [preauth]
Jun 24 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14613]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14613]: Failed password for invalid user ubnt from 45.148.10.121 port 38840 ssh2
Jun 24 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14613]: Connection closed by 45.148.10.121 port 38840 [preauth]
Jun 24 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13542]: pam_unix(cron:session): session closed for user root
Jun 24 17:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14852]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14921]: Successful su for rubyman by root
Jun 24 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14921]: + ??? root:rubyman
Jun 24 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584954 of user rubyman.
Jun 24 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14921]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584954.
Jun 24 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Failed password for root from 103.176.20.57 port 33452 ssh2
Jun 24 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Connection closed by 103.176.20.57 port 33452 [preauth]
Jun 24 17:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session closed for user root
Jun 24 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14853]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session closed for user root
Jun 24 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: Failed password for root from 87.251.79.125 port 39826 ssh2
Jun 24 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: Connection closed by 87.251.79.125 port 39826 [preauth]
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15266]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15323]: Successful su for rubyman by root
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15323]: + ??? root:rubyman
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584959 of user rubyman.
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15323]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584959.
Jun 24 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12708]: pam_unix(cron:session): session closed for user root
Jun 24 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Failed password for root from 51.250.105.222 port 42928 ssh2
Jun 24 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Connection closed by 51.250.105.222 port 42928 [preauth]
Jun 24 17:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session closed for user root
Jun 24 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15651]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: Successful su for rubyman by root
Jun 24 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: + ??? root:rubyman
Jun 24 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584962 of user rubyman.
Jun 24 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584962.
Jun 24 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13137]: pam_unix(cron:session): session closed for user root
Jun 24 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15652]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14855]: pam_unix(cron:session): session closed for user root
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16034]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16154]: Successful su for rubyman by root
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16154]: + ??? root:rubyman
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584968 of user rubyman.
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16154]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584968.
Jun 24 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session closed for user root
Jun 24 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13541]: pam_unix(cron:session): session closed for user root
Jun 24 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16035]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session closed for user root
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session closed for user root
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: Successful su for rubyman by root
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: + ??? root:rubyman
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584971 of user rubyman.
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584971.
Jun 24 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session closed for user root
Jun 24 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session closed for user root
Jun 24 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15654]: pam_unix(cron:session): session closed for user root
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17045]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17114]: Successful su for rubyman by root
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17114]: + ??? root:rubyman
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584977 of user rubyman.
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17114]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584977.
Jun 24 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session closed for user root
Jun 24 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17046]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16037]: pam_unix(cron:session): session closed for user root
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17457]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17518]: Successful su for rubyman by root
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17518]: + ??? root:rubyman
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584982 of user rubyman.
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17518]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584982.
Jun 24 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14854]: pam_unix(cron:session): session closed for user root
Jun 24 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17458]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session closed for user root
Jun 24 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17956]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18023]: Successful su for rubyman by root
Jun 24 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18023]: + ??? root:rubyman
Jun 24 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584986 of user rubyman.
Jun 24 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18023]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584986.
Jun 24 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session closed for user root
Jun 24 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17957]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session closed for user root
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18390]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18526]: Successful su for rubyman by root
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18526]: + ??? root:rubyman
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584989 of user rubyman.
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18526]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584989.
Jun 24 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15653]: pam_unix(cron:session): session closed for user root
Jun 24 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18395]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17460]: pam_unix(cron:session): session closed for user root
Jun 24 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: Invalid user kentrell from 2.57.121.112
Jun 24 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: input_userauth_request: invalid user kentrell [preauth]
Jun 24 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: Failed password for invalid user kentrell from 2.57.121.112 port 16860 ssh2
Jun 24 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: Failed password for invalid user kentrell from 2.57.121.112 port 16860 ssh2
Jun 24 17:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: Failed password for invalid user kentrell from 2.57.121.112 port 16860 ssh2
Jun 24 17:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 17:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: Failed password for invalid user kentrell from 2.57.121.112 port 16860 ssh2
Jun 24 17:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18833]: Failed password for root from 147.45.199.80 port 48304 ssh2
Jun 24 17:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18833]: Connection closed by 147.45.199.80 port 48304 [preauth]
Jun 24 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: Failed password for invalid user kentrell from 2.57.121.112 port 16860 ssh2
Jun 24 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: Connection closed by 2.57.121.112 port 16860 [preauth]
Jun 24 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18794]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session closed for user root
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18891]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18957]: Successful su for rubyman by root
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18957]: + ??? root:rubyman
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584996 of user rubyman.
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18957]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584996.
Jun 24 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16036]: pam_unix(cron:session): session closed for user root
Jun 24 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18893]: pam_unix(cron:session): session closed for user root
Jun 24 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18892]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 17:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Failed password for root from 103.149.28.157 port 56844 ssh2
Jun 24 17:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Connection closed by 103.149.28.157 port 56844 [preauth]
Jun 24 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17959]: pam_unix(cron:session): session closed for user root
Jun 24 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19418]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19493]: Successful su for rubyman by root
Jun 24 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19493]: + ??? root:rubyman
Jun 24 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 584999 of user rubyman.
Jun 24 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19493]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 584999.
Jun 24 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16519]: pam_unix(cron:session): session closed for user root
Jun 24 17:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19419]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18397]: pam_unix(cron:session): session closed for user root
Jun 24 17:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Failed password for root from 103.172.78.219 port 34632 ssh2
Jun 24 17:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Connection closed by 103.172.78.219 port 34632 [preauth]
Jun 24 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 17:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Failed password for root from 202.178.126.219 port 17682 ssh2
Jun 24 17:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Connection closed by 202.178.126.219 port 17682 [preauth]
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20037]: pam_unix(cron:session): session closed for user root
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20039]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20102]: Successful su for rubyman by root
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20102]: + ??? root:rubyman
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585004 of user rubyman.
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20102]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585004.
Jun 24 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17047]: pam_unix(cron:session): session closed for user root
Jun 24 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20040]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 17:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: Failed password for root from 103.27.238.120 port 50216 ssh2
Jun 24 17:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: Connection closed by 103.27.238.120 port 50216 [preauth]
Jun 24 17:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18895]: pam_unix(cron:session): session closed for user root
Jun 24 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20545]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20603]: Successful su for rubyman by root
Jun 24 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20603]: + ??? root:rubyman
Jun 24 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585009 of user rubyman.
Jun 24 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20603]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585009.
Jun 24 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17459]: pam_unix(cron:session): session closed for user root
Jun 24 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20546]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19421]: pam_unix(cron:session): session closed for user root
Jun 24 17:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Invalid user webuser from 141.98.83.240
Jun 24 17:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: input_userauth_request: invalid user webuser [preauth]
Jun 24 17:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 17:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Failed password for invalid user webuser from 141.98.83.240 port 43486 ssh2
Jun 24 17:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Failed password for invalid user webuser from 141.98.83.240 port 43486 ssh2
Jun 24 17:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Failed password for invalid user webuser from 141.98.83.240 port 43486 ssh2
Jun 24 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Connection closed by 141.98.83.240 port 43486 [preauth]
Jun 24 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21106]: Successful su for rubyman by root
Jun 24 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21106]: + ??? root:rubyman
Jun 24 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585012 of user rubyman.
Jun 24 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21106]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585012.
Jun 24 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17958]: pam_unix(cron:session): session closed for user root
Jun 24 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Failed password for root from 38.93.206.2 port 58220 ssh2
Jun 24 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Connection closed by 38.93.206.2 port 58220 [preauth]
Jun 24 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20042]: pam_unix(cron:session): session closed for user root
Jun 24 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session closed for user root
Jun 24 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21530]: Successful su for rubyman by root
Jun 24 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21530]: + ??? root:rubyman
Jun 24 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585019 of user rubyman.
Jun 24 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21530]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585019.
Jun 24 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21457]: pam_unix(cron:session): session closed for user root
Jun 24 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18396]: pam_unix(cron:session): session closed for user root
Jun 24 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20549]: pam_unix(cron:session): session closed for user root
Jun 24 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21914]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21983]: Successful su for rubyman by root
Jun 24 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21983]: + ??? root:rubyman
Jun 24 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585023 of user rubyman.
Jun 24 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21983]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585023.
Jun 24 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18894]: pam_unix(cron:session): session closed for user root
Jun 24 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21915]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21047]: pam_unix(cron:session): session closed for user root
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22413]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22476]: Successful su for rubyman by root
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22476]: + ??? root:rubyman
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585026 of user rubyman.
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22476]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585026.
Jun 24 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19420]: pam_unix(cron:session): session closed for user root
Jun 24 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21459]: pam_unix(cron:session): session closed for user root
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22819]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22882]: Successful su for rubyman by root
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22882]: + ??? root:rubyman
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585030 of user rubyman.
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22882]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585030.
Jun 24 17:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20041]: pam_unix(cron:session): session closed for user root
Jun 24 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21919]: pam_unix(cron:session): session closed for user root
Jun 24 17:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 17:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: Failed password for root from 193.37.70.224 port 46478 ssh2
Jun 24 17:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: Connection closed by 193.37.70.224 port 46478 [preauth]
Jun 24 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23213]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: Successful su for rubyman by root
Jun 24 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: + ??? root:rubyman
Jun 24 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585035 of user rubyman.
Jun 24 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23283]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585035.
Jun 24 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20547]: pam_unix(cron:session): session closed for user root
Jun 24 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23214]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session closed for user root
Jun 24 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23646]: pam_unix(cron:session): session closed for user root
Jun 24 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23641]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23719]: Successful su for rubyman by root
Jun 24 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23719]: + ??? root:rubyman
Jun 24 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585038 of user rubyman.
Jun 24 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23719]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585038.
Jun 24 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23643]: pam_unix(cron:session): session closed for user root
Jun 24 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session closed for user root
Jun 24 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23642]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22822]: pam_unix(cron:session): session closed for user root
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24179]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24269]: Successful su for rubyman by root
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24269]: + ??? root:rubyman
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585044 of user rubyman.
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24269]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585044.
Jun 24 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21458]: pam_unix(cron:session): session closed for user root
Jun 24 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24180]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23216]: pam_unix(cron:session): session closed for user root
Jun 24 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: Successful su for rubyman by root
Jun 24 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: + ??? root:rubyman
Jun 24 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585049 of user rubyman.
Jun 24 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585049.
Jun 24 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21916]: pam_unix(cron:session): session closed for user root
Jun 24 17:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24611]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23645]: pam_unix(cron:session): session closed for user root
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25029]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25026]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25093]: Successful su for rubyman by root
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25093]: + ??? root:rubyman
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585053 of user rubyman.
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25093]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585053.
Jun 24 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22415]: pam_unix(cron:session): session closed for user root
Jun 24 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25027]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Invalid user admin from 193.46.255.86
Jun 24 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: input_userauth_request: invalid user admin [preauth]
Jun 24 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Failed password for invalid user admin from 193.46.255.86 port 50382 ssh2
Jun 24 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Failed password for invalid user admin from 193.46.255.86 port 50382 ssh2
Jun 24 17:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Failed password for invalid user admin from 193.46.255.86 port 50382 ssh2
Jun 24 17:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Connection closed by 193.46.255.86 port 50382 [preauth]
Jun 24 17:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24185]: pam_unix(cron:session): session closed for user root
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25419]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25481]: Successful su for rubyman by root
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25481]: + ??? root:rubyman
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585058 of user rubyman.
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25481]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585058.
Jun 24 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22821]: pam_unix(cron:session): session closed for user root
Jun 24 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25420]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session closed for user root
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25816]: pam_unix(cron:session): session closed for user root
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25809]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25877]: Successful su for rubyman by root
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25877]: + ??? root:rubyman
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585062 of user rubyman.
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25877]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585062.
Jun 24 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25812]: pam_unix(cron:session): session closed for user root
Jun 24 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23215]: pam_unix(cron:session): session closed for user root
Jun 24 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25810]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25029]: pam_unix(cron:session): session closed for user root
Jun 24 17:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 17:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26182]: Connection closed by 194.59.206.2 port 33982 [preauth]
Jun 24 17:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: Failed password for root from 194.113.233.25 port 38374 ssh2
Jun 24 17:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: Connection closed by 194.113.233.25 port 38374 [preauth]
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26243]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: Successful su for rubyman by root
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: + ??? root:rubyman
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585066 of user rubyman.
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585066.
Jun 24 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23644]: pam_unix(cron:session): session closed for user root
Jun 24 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25422]: pam_unix(cron:session): session closed for user root
Jun 24 17:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 17:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: Failed password for root from 109.237.96.109 port 41192 ssh2
Jun 24 17:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26583]: Connection closed by 109.237.96.109 port 41192 [preauth]
Jun 24 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26790]: Successful su for rubyman by root
Jun 24 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26790]: + ??? root:rubyman
Jun 24 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585072 of user rubyman.
Jun 24 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26790]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585072.
Jun 24 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24181]: pam_unix(cron:session): session closed for user root
Jun 24 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25815]: pam_unix(cron:session): session closed for user root
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27117]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27183]: Successful su for rubyman by root
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27183]: + ??? root:rubyman
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585076 of user rubyman.
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27183]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585076.
Jun 24 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session closed for user root
Jun 24 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27118]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session closed for user root
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27545]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27611]: Successful su for rubyman by root
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27611]: + ??? root:rubyman
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585081 of user rubyman.
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27611]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585081.
Jun 24 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25028]: pam_unix(cron:session): session closed for user root
Jun 24 17:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27546]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session closed for user root
Jun 24 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27958]: pam_unix(cron:session): session closed for user root
Jun 24 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27953]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28031]: Successful su for rubyman by root
Jun 24 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28031]: + ??? root:rubyman
Jun 24 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585083 of user rubyman.
Jun 24 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28031]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585083.
Jun 24 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25421]: pam_unix(cron:session): session closed for user root
Jun 24 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27955]: pam_unix(cron:session): session closed for user root
Jun 24 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27954]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27120]: pam_unix(cron:session): session closed for user root
Jun 24 17:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: Connection closed by 45.148.10.121 port 57212 [preauth]
Jun 24 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28431]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: Successful su for rubyman by root
Jun 24 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: + ??? root:rubyman
Jun 24 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585088 of user rubyman.
Jun 24 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585088.
Jun 24 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25813]: pam_unix(cron:session): session closed for user root
Jun 24 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28432]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27548]: pam_unix(cron:session): session closed for user root
Jun 24 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28951]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29018]: Successful su for rubyman by root
Jun 24 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29018]: + ??? root:rubyman
Jun 24 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585092 of user rubyman.
Jun 24 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29018]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585092.
Jun 24 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session closed for user root
Jun 24 17:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28952]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27957]: pam_unix(cron:session): session closed for user root
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29372]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: Successful su for rubyman by root
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: + ??? root:rubyman
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585096 of user rubyman.
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585096.
Jun 24 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session closed for user root
Jun 24 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session closed for user root
Jun 24 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29903]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30020]: Successful su for rubyman by root
Jun 24 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30020]: + ??? root:rubyman
Jun 24 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585100 of user rubyman.
Jun 24 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30020]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585100.
Jun 24 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29901]: pam_unix(cron:session): session closed for user root
Jun 24 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27119]: pam_unix(cron:session): session closed for user root
Jun 24 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29904]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28954]: pam_unix(cron:session): session closed for user root
Jun 24 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session closed for user root
Jun 24 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30408]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30480]: Successful su for rubyman by root
Jun 24 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30480]: + ??? root:rubyman
Jun 24 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585108 of user rubyman.
Jun 24 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30480]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585108.
Jun 24 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30410]: pam_unix(cron:session): session closed for user root
Jun 24 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27547]: pam_unix(cron:session): session closed for user root
Jun 24 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30409]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session closed for user root
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: Successful su for rubyman by root
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: + ??? root:rubyman
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585112 of user rubyman.
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585112.
Jun 24 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27956]: pam_unix(cron:session): session closed for user root
Jun 24 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29906]: pam_unix(cron:session): session closed for user root
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31352]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31417]: Successful su for rubyman by root
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31417]: + ??? root:rubyman
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585117 of user rubyman.
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31417]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585117.
Jun 24 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28434]: pam_unix(cron:session): session closed for user root
Jun 24 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30412]: pam_unix(cron:session): session closed for user root
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31854]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31924]: Successful su for rubyman by root
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31924]: + ??? root:rubyman
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585119 of user rubyman.
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31924]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585119.
Jun 24 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28953]: pam_unix(cron:session): session closed for user root
Jun 24 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31855]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session closed for user root
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32271]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32272]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32269]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32326]: Successful su for rubyman by root
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32326]: + ??? root:rubyman
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585125 of user rubyman.
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32326]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585125.
Jun 24 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session closed for user root
Jun 24 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32270]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31356]: pam_unix(cron:session): session closed for user root
Jun 24 17:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32681]: pam_unix(cron:session): session closed for user root
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32676]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32752]: Successful su for rubyman by root
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32752]: + ??? root:rubyman
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585127 of user rubyman.
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32752]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585127.
Jun 24 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: Failed password for root from 103.27.238.114 port 43158 ssh2
Jun 24 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: Connection closed by 103.27.238.114 port 43158 [preauth]
Jun 24 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32678]: pam_unix(cron:session): session closed for user root
Jun 24 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29905]: pam_unix(cron:session): session closed for user root
Jun 24 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32677]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31857]: pam_unix(cron:session): session closed for user root
Jun 24 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[806]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[878]: Successful su for rubyman by root
Jun 24 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[878]: + ??? root:rubyman
Jun 24 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585133 of user rubyman.
Jun 24 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[878]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585133.
Jun 24 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30411]: pam_unix(cron:session): session closed for user root
Jun 24 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[810]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32272]: pam_unix(cron:session): session closed for user root
Jun 24 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Invalid user seguridad from 217.76.154.242
Jun 24 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: input_userauth_request: invalid user seguridad [preauth]
Jun 24 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 24 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Failed password for invalid user seguridad from 217.76.154.242 port 37464 ssh2
Jun 24 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Connection closed by 217.76.154.242 port 37464 [preauth]
Jun 24 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1264]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1337]: Successful su for rubyman by root
Jun 24 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1337]: + ??? root:rubyman
Jun 24 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585137 of user rubyman.
Jun 24 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1337]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585137.
Jun 24 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session closed for user root
Jun 24 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1265]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32680]: pam_unix(cron:session): session closed for user root
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1811]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1870]: Successful su for rubyman by root
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1870]: + ??? root:rubyman
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585141 of user rubyman.
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1870]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585141.
Jun 24 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31355]: pam_unix(cron:session): session closed for user root
Jun 24 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1812]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session closed for user root
Jun 24 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2363]: Successful su for rubyman by root
Jun 24 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2363]: + ??? root:rubyman
Jun 24 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585148 of user rubyman.
Jun 24 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2363]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585148.
Jun 24 17:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31856]: pam_unix(cron:session): session closed for user root
Jun 24 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2296]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: Failed password for root from 141.98.83.240 port 38958 ssh2
Jun 24 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session closed for user root
Jun 24 17:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: Failed password for root from 141.98.83.240 port 38958 ssh2
Jun 24 17:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: Failed password for root from 141.98.83.240 port 38958 ssh2
Jun 24 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: Connection closed by 141.98.83.240 port 38958 [preauth]
Jun 24 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 17:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 17:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Failed password for root from 80.66.85.226 port 59190 ssh2
Jun 24 17:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Connection closed by 80.66.85.226 port 59190 [preauth]
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2722]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2722]: pam_unix(cron:session): session closed for user root
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2715]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: Successful su for rubyman by root
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: + ??? root:rubyman
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585151 of user rubyman.
Jun 24 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585151.
Jun 24 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2719]: pam_unix(cron:session): session closed for user root
Jun 24 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32271]: pam_unix(cron:session): session closed for user root
Jun 24 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2716]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1814]: pam_unix(cron:session): session closed for user root
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3143]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3208]: Successful su for rubyman by root
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3208]: + ??? root:rubyman
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585155 of user rubyman.
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3208]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585155.
Jun 24 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32679]: pam_unix(cron:session): session closed for user root
Jun 24 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3145]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 17:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: Failed password for root from 103.15.222.183 port 60896 ssh2
Jun 24 17:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: Connection closed by 103.15.222.183 port 60896 [preauth]
Jun 24 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2298]: pam_unix(cron:session): session closed for user root
Jun 24 17:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: Failed password for root from 103.82.20.28 port 49876 ssh2
Jun 24 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: Connection closed by 103.82.20.28 port 49876 [preauth]
Jun 24 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3561]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3620]: Successful su for rubyman by root
Jun 24 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3620]: + ??? root:rubyman
Jun 24 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585161 of user rubyman.
Jun 24 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3620]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585161.
Jun 24 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[811]: pam_unix(cron:session): session closed for user root
Jun 24 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3562]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2721]: pam_unix(cron:session): session closed for user root
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4147]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4214]: Successful su for rubyman by root
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4214]: + ??? root:rubyman
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585163 of user rubyman.
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4214]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585163.
Jun 24 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1266]: pam_unix(cron:session): session closed for user root
Jun 24 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4148]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3147]: pam_unix(cron:session): session closed for user root
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4559]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4621]: Successful su for rubyman by root
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4621]: + ??? root:rubyman
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585168 of user rubyman.
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4621]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585168.
Jun 24 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1813]: pam_unix(cron:session): session closed for user root
Jun 24 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3564]: pam_unix(cron:session): session closed for user root
Jun 24 17:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5056]: Failed password for root from 202.178.126.219 port 22400 ssh2
Jun 24 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5056]: Connection closed by 202.178.126.219 port 22400 [preauth]
Jun 24 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5081]: pam_unix(cron:session): session closed for user root
Jun 24 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5076]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5144]: Successful su for rubyman by root
Jun 24 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5144]: + ??? root:rubyman
Jun 24 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585171 of user rubyman.
Jun 24 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5144]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585171.
Jun 24 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5078]: pam_unix(cron:session): session closed for user root
Jun 24 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2297]: pam_unix(cron:session): session closed for user root
Jun 24 17:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5077]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4151]: pam_unix(cron:session): session closed for user root
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5516]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5584]: Successful su for rubyman by root
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5584]: + ??? root:rubyman
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585178 of user rubyman.
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5584]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585178.
Jun 24 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2720]: pam_unix(cron:session): session closed for user root
Jun 24 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5517]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4562]: pam_unix(cron:session): session closed for user root
Jun 24 17:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 17:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5861]: Failed password for root from 103.77.175.15 port 52932 ssh2
Jun 24 17:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5861]: Connection closed by 103.77.175.15 port 52932 [preauth]
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5910]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5968]: Successful su for rubyman by root
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5968]: + ??? root:rubyman
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585181 of user rubyman.
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5968]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585181.
Jun 24 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3146]: pam_unix(cron:session): session closed for user root
Jun 24 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5911]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5080]: pam_unix(cron:session): session closed for user root
Jun 24 17:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 24 17:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Failed password for root from 94.159.110.201 port 36674 ssh2
Jun 24 17:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Connection closed by 94.159.110.201 port 36674 [preauth]
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6303]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6368]: Successful su for rubyman by root
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6368]: + ??? root:rubyman
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585186 of user rubyman.
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6368]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585186.
Jun 24 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3563]: pam_unix(cron:session): session closed for user root
Jun 24 17:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6304]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5519]: pam_unix(cron:session): session closed for user root
Jun 24 17:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6699]: pam_unix(cron:session): session closed for user p13x
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6764]: Successful su for rubyman by root
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6764]: + ??? root:rubyman
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585189 of user rubyman.
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6764]: pam_unix(su:session): session closed for user rubyman
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585189.
Jun 24 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 24 17:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Failed password for root from 46.19.67.181 port 33000 ssh2
Jun 24 17:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Connection closed by 46.19.67.181 port 33000 [preauth]
Jun 24 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4149]: pam_unix(cron:session): session closed for user root
Jun 24 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6700]: pam_unix(cron:session): session closed for user samftp
Jun 24 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5913]: pam_unix(cron:session): session closed for user root
Jun 24 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7214]: pam_unix(cron:session): session closed for user root
Jun 24 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7209]: pam_unix(cron:session): session closed for user root
Jun 24 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7207]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7301]: Successful su for rubyman by root
Jun 24 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7301]: + ??? root:rubyman
Jun 24 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585193 of user rubyman.
Jun 24 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7301]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585193.
Jun 24 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7210]: pam_unix(cron:session): session closed for user root
Jun 24 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session closed for user root
Jun 24 18:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7208]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6306]: pam_unix(cron:session): session closed for user root
Jun 24 18:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7777]: Received disconnect from 188.44.20.33 port 53424:11: disconnected by user [preauth]
Jun 24 18:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7777]: Disconnected from 188.44.20.33 port 53424 [preauth]
Jun 24 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7805]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7868]: Successful su for rubyman by root
Jun 24 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7868]: + ??? root:rubyman
Jun 24 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585200 of user rubyman.
Jun 24 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7868]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585200.
Jun 24 18:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5079]: pam_unix(cron:session): session closed for user root
Jun 24 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7806]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6702]: pam_unix(cron:session): session closed for user root
Jun 24 18:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 18:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Failed password for root from 38.93.206.2 port 21026 ssh2
Jun 24 18:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Connection closed by 38.93.206.2 port 21026 [preauth]
Jun 24 18:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 18:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Failed password for root from 103.27.238.116 port 52100 ssh2
Jun 24 18:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Connection closed by 103.27.238.116 port 52100 [preauth]
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8196]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8257]: Successful su for rubyman by root
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8257]: + ??? root:rubyman
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585205 of user rubyman.
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8257]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585205.
Jun 24 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5518]: pam_unix(cron:session): session closed for user root
Jun 24 18:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8197]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7213]: pam_unix(cron:session): session closed for user root
Jun 24 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8652]: Successful su for rubyman by root
Jun 24 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8652]: + ??? root:rubyman
Jun 24 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585208 of user rubyman.
Jun 24 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8652]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585208.
Jun 24 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session closed for user root
Jun 24 18:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 18:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: Failed password for root from 103.122.221.179 port 54324 ssh2
Jun 24 18:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: Connection closed by 103.122.221.179 port 54324 [preauth]
Jun 24 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7808]: pam_unix(cron:session): session closed for user root
Jun 24 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8992]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9055]: Successful su for rubyman by root
Jun 24 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9055]: + ??? root:rubyman
Jun 24 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585212 of user rubyman.
Jun 24 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9055]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585212.
Jun 24 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6305]: pam_unix(cron:session): session closed for user root
Jun 24 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: Invalid user test from 45.148.10.121
Jun 24 18:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: input_userauth_request: invalid user test [preauth]
Jun 24 18:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 18:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: Failed password for invalid user test from 45.148.10.121 port 39026 ssh2
Jun 24 18:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9258]: Connection closed by 45.148.10.121 port 39026 [preauth]
Jun 24 18:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8199]: pam_unix(cron:session): session closed for user root
Jun 24 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9387]: pam_unix(cron:session): session closed for user root
Jun 24 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9448]: Successful su for rubyman by root
Jun 24 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9448]: + ??? root:rubyman
Jun 24 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585217 of user rubyman.
Jun 24 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9448]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585217.
Jun 24 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9383]: pam_unix(cron:session): session closed for user root
Jun 24 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6701]: pam_unix(cron:session): session closed for user root
Jun 24 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session closed for user root
Jun 24 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9889]: Successful su for rubyman by root
Jun 24 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9889]: + ??? root:rubyman
Jun 24 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585222 of user rubyman.
Jun 24 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9889]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585222.
Jun 24 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7211]: pam_unix(cron:session): session closed for user root
Jun 24 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Invalid user admin from 2.57.121.25
Jun 24 18:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: input_userauth_request: invalid user admin [preauth]
Jun 24 18:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 18:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Failed password for invalid user admin from 2.57.121.25 port 49028 ssh2
Jun 24 18:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Failed password for invalid user admin from 2.57.121.25 port 49028 ssh2
Jun 24 18:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Failed password for invalid user admin from 2.57.121.25 port 49028 ssh2
Jun 24 18:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Connection closed by 2.57.121.25 port 49028 [preauth]
Jun 24 18:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8995]: pam_unix(cron:session): session closed for user root
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: Successful su for rubyman by root
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: + ??? root:rubyman
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585226 of user rubyman.
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585226.
Jun 24 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7807]: pam_unix(cron:session): session closed for user root
Jun 24 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10482]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9386]: pam_unix(cron:session): session closed for user root
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10899]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10962]: Successful su for rubyman by root
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10962]: + ??? root:rubyman
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585230 of user rubyman.
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10962]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585230.
Jun 24 18:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8198]: pam_unix(cron:session): session closed for user root
Jun 24 18:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10900]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9805]: pam_unix(cron:session): session closed for user root
Jun 24 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: Successful su for rubyman by root
Jun 24 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: + ??? root:rubyman
Jun 24 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585236 of user rubyman.
Jun 24 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585236.
Jun 24 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11308]: pam_unix(cron:session): session closed for user root
Jun 24 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session closed for user root
Jun 24 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 18:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Failed password for root from 103.153.68.219 port 50442 ssh2
Jun 24 18:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Connection closed by 103.153.68.219 port 50442 [preauth]
Jun 24 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session closed for user root
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session closed for user root
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11845]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11942]: Successful su for rubyman by root
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11942]: + ??? root:rubyman
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585239 of user rubyman.
Jun 24 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11942]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585239.
Jun 24 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11847]: pam_unix(cron:session): session closed for user root
Jun 24 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session closed for user root
Jun 24 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11846]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10902]: pam_unix(cron:session): session closed for user root
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12497]: Successful su for rubyman by root
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12497]: + ??? root:rubyman
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585245 of user rubyman.
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12497]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585245.
Jun 24 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9385]: pam_unix(cron:session): session closed for user root
Jun 24 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11314]: pam_unix(cron:session): session closed for user root
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12837]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12910]: Successful su for rubyman by root
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12910]: + ??? root:rubyman
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585250 of user rubyman.
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12910]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585250.
Jun 24 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session closed for user root
Jun 24 18:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12838]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session closed for user root
Jun 24 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13261]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13325]: Successful su for rubyman by root
Jun 24 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13325]: + ??? root:rubyman
Jun 24 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585253 of user rubyman.
Jun 24 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13325]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585253.
Jun 24 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10483]: pam_unix(cron:session): session closed for user root
Jun 24 18:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session closed for user root
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13651]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: Successful su for rubyman by root
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: + ??? root:rubyman
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585260 of user rubyman.
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585260.
Jun 24 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10901]: pam_unix(cron:session): session closed for user root
Jun 24 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 18:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13938]: Failed password for root from 103.82.132.16 port 39128 ssh2
Jun 24 18:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13938]: Connection closed by 103.82.132.16 port 39128 [preauth]
Jun 24 18:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12842]: pam_unix(cron:session): session closed for user root
Jun 24 18:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Invalid user vijay from 108.174.156.122
Jun 24 18:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: input_userauth_request: invalid user vijay [preauth]
Jun 24 18:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Failed password for invalid user vijay from 108.174.156.122 port 35110 ssh2
Jun 24 18:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Received disconnect from 108.174.156.122 port 35110:11: Bye Bye [preauth]
Jun 24 18:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Disconnected from 108.174.156.122 port 35110 [preauth]
Jun 24 18:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 18:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for root from 77.94.47.83 port 42836 ssh2
Jun 24 18:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Connection closed by 77.94.47.83 port 42836 [preauth]
Jun 24 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14070]: pam_unix(cron:session): session closed for user root
Jun 24 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14064]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: Successful su for rubyman by root
Jun 24 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: + ??? root:rubyman
Jun 24 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585265 of user rubyman.
Jun 24 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585265.
Jun 24 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14067]: pam_unix(cron:session): session closed for user root
Jun 24 18:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session closed for user root
Jun 24 18:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14066]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13264]: pam_unix(cron:session): session closed for user root
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14486]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14552]: Successful su for rubyman by root
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14552]: + ??? root:rubyman
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585267 of user rubyman.
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14552]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585267.
Jun 24 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session closed for user root
Jun 24 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14487]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session closed for user root
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session closed for user root
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14977]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15041]: Successful su for rubyman by root
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15041]: + ??? root:rubyman
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585272 of user rubyman.
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15041]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585272.
Jun 24 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session closed for user root
Jun 24 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14069]: pam_unix(cron:session): session closed for user root
Jun 24 18:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15376]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: Successful su for rubyman by root
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: + ??? root:rubyman
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585276 of user rubyman.
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585276.
Jun 24 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12840]: pam_unix(cron:session): session closed for user root
Jun 24 18:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 18:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: Failed password for root from 103.77.242.62 port 37724 ssh2
Jun 24 18:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: Connection closed by 103.77.242.62 port 37724 [preauth]
Jun 24 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14489]: pam_unix(cron:session): session closed for user root
Jun 24 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Invalid user devuser from 118.193.61.170
Jun 24 18:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: input_userauth_request: invalid user devuser [preauth]
Jun 24 18:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Failed password for invalid user devuser from 118.193.61.170 port 45914 ssh2
Jun 24 18:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Received disconnect from 118.193.61.170 port 45914:11: Bye Bye [preauth]
Jun 24 18:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Disconnected from 118.193.61.170 port 45914 [preauth]
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15774]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15833]: Successful su for rubyman by root
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15833]: + ??? root:rubyman
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585281 of user rubyman.
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15833]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585281.
Jun 24 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13263]: pam_unix(cron:session): session closed for user root
Jun 24 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15775]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14980]: pam_unix(cron:session): session closed for user root
Jun 24 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16157]: pam_unix(cron:session): session closed for user root
Jun 24 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16151]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16224]: Successful su for rubyman by root
Jun 24 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16224]: + ??? root:rubyman
Jun 24 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585287 of user rubyman.
Jun 24 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16224]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585287.
Jun 24 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16154]: pam_unix(cron:session): session closed for user root
Jun 24 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session closed for user root
Jun 24 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Failed password for root from 108.174.156.122 port 56454 ssh2
Jun 24 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Received disconnect from 108.174.156.122 port 56454:11: Bye Bye [preauth]
Jun 24 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Disconnected from 108.174.156.122 port 56454 [preauth]
Jun 24 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Invalid user admin from 141.98.83.240
Jun 24 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: input_userauth_request: invalid user admin [preauth]
Jun 24 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16153]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 18:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Failed password for invalid user admin from 141.98.83.240 port 53658 ssh2
Jun 24 18:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Failed password for invalid user admin from 141.98.83.240 port 53658 ssh2
Jun 24 18:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Failed password for invalid user admin from 141.98.83.240 port 53658 ssh2
Jun 24 18:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Connection closed by 141.98.83.240 port 53658 [preauth]
Jun 24 18:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15379]: pam_unix(cron:session): session closed for user root
Jun 24 18:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16580]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16650]: Successful su for rubyman by root
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16650]: + ??? root:rubyman
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585290 of user rubyman.
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16650]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585290.
Jun 24 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: Failed password for root from 118.193.61.170 port 45472 ssh2
Jun 24 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: Received disconnect from 118.193.61.170 port 45472:11: Bye Bye [preauth]
Jun 24 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: Disconnected from 118.193.61.170 port 45472 [preauth]
Jun 24 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session closed for user root
Jun 24 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16581]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15777]: pam_unix(cron:session): session closed for user root
Jun 24 18:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 18:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Failed password for root from 62.133.62.83 port 36990 ssh2
Jun 24 18:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Connection closed by 62.133.62.83 port 36990 [preauth]
Jun 24 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 18:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Failed password for root from 108.174.156.122 port 34376 ssh2
Jun 24 18:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Received disconnect from 108.174.156.122 port 34376:11: Bye Bye [preauth]
Jun 24 18:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Disconnected from 108.174.156.122 port 34376 [preauth]
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17151]: Successful su for rubyman by root
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17151]: + ??? root:rubyman
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585295 of user rubyman.
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17151]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585295.
Jun 24 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14488]: pam_unix(cron:session): session closed for user root
Jun 24 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17086]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16156]: pam_unix(cron:session): session closed for user root
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17557]: Successful su for rubyman by root
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17557]: + ??? root:rubyman
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585298 of user rubyman.
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17557]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585298.
Jun 24 18:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session closed for user root
Jun 24 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17499]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: Failed password for root from 87.251.79.125 port 51626 ssh2
Jun 24 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: Connection closed by 87.251.79.125 port 51626 [preauth]
Jun 24 18:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17859]: Invalid user postgres from 118.193.61.170
Jun 24 18:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17859]: input_userauth_request: invalid user postgres [preauth]
Jun 24 18:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17859]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17859]: Failed password for invalid user postgres from 118.193.61.170 port 34798 ssh2
Jun 24 18:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17859]: Received disconnect from 118.193.61.170 port 34798:11: Bye Bye [preauth]
Jun 24 18:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17859]: Disconnected from 118.193.61.170 port 34798 [preauth]
Jun 24 18:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 18:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: Failed password for root from 176.32.39.21 port 52082 ssh2
Jun 24 18:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17871]: Connection closed by 176.32.39.21 port 52082 [preauth]
Jun 24 18:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16583]: pam_unix(cron:session): session closed for user root
Jun 24 18:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Invalid user egor from 108.174.156.122
Jun 24 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: input_userauth_request: invalid user egor [preauth]
Jun 24 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Failed password for invalid user egor from 108.174.156.122 port 57392 ssh2
Jun 24 18:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Received disconnect from 108.174.156.122 port 57392:11: Bye Bye [preauth]
Jun 24 18:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Disconnected from 108.174.156.122 port 57392 [preauth]
Jun 24 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17997]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18068]: Successful su for rubyman by root
Jun 24 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18068]: + ??? root:rubyman
Jun 24 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585302 of user rubyman.
Jun 24 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18068]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585302.
Jun 24 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session closed for user root
Jun 24 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17998]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17088]: pam_unix(cron:session): session closed for user root
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18507]: pam_unix(cron:session): session closed for user root
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18502]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18579]: Successful su for rubyman by root
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18579]: + ??? root:rubyman
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585309 of user rubyman.
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18579]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585309.
Jun 24 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18504]: pam_unix(cron:session): session closed for user root
Jun 24 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15776]: pam_unix(cron:session): session closed for user root
Jun 24 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18503]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Invalid user ftpuser from 193.46.255.86
Jun 24 18:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 18:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 18:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Failed password for invalid user ftpuser from 193.46.255.86 port 7538 ssh2
Jun 24 18:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Failed password for invalid user ftpuser from 193.46.255.86 port 7538 ssh2
Jun 24 18:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: Invalid user diego from 108.174.156.122
Jun 24 18:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: input_userauth_request: invalid user diego [preauth]
Jun 24 18:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Failed password for invalid user ftpuser from 193.46.255.86 port 7538 ssh2
Jun 24 18:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Connection closed by 193.46.255.86 port 7538 [preauth]
Jun 24 18:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 18:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: Failed password for invalid user diego from 108.174.156.122 port 40012 ssh2
Jun 24 18:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: Received disconnect from 108.174.156.122 port 40012:11: Bye Bye [preauth]
Jun 24 18:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: Disconnected from 108.174.156.122 port 40012 [preauth]
Jun 24 18:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Invalid user shiv from 118.193.61.170
Jun 24 18:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: input_userauth_request: invalid user shiv [preauth]
Jun 24 18:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Failed password for invalid user shiv from 118.193.61.170 port 38988 ssh2
Jun 24 18:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Received disconnect from 118.193.61.170 port 38988:11: Bye Bye [preauth]
Jun 24 18:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Disconnected from 118.193.61.170 port 38988 [preauth]
Jun 24 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17501]: pam_unix(cron:session): session closed for user root
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18970]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19037]: Successful su for rubyman by root
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19037]: + ??? root:rubyman
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585314 of user rubyman.
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19037]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585314.
Jun 24 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16155]: pam_unix(cron:session): session closed for user root
Jun 24 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18971]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18000]: pam_unix(cron:session): session closed for user root
Jun 24 18:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 18:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Failed password for root from 51.250.105.222 port 43314 ssh2
Jun 24 18:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Connection closed by 51.250.105.222 port 43314 [preauth]
Jun 24 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19473]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19726]: Successful su for rubyman by root
Jun 24 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19726]: + ??? root:rubyman
Jun 24 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585316 of user rubyman.
Jun 24 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19726]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585316.
Jun 24 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16582]: pam_unix(cron:session): session closed for user root
Jun 24 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Invalid user pic from 108.174.156.122
Jun 24 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: input_userauth_request: invalid user pic [preauth]
Jun 24 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19474]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Failed password for invalid user pic from 108.174.156.122 port 43046 ssh2
Jun 24 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Received disconnect from 108.174.156.122 port 43046:11: Bye Bye [preauth]
Jun 24 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Disconnected from 108.174.156.122 port 43046 [preauth]
Jun 24 18:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18506]: pam_unix(cron:session): session closed for user root
Jun 24 18:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Failed password for root from 118.193.61.170 port 52822 ssh2
Jun 24 18:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Received disconnect from 118.193.61.170 port 52822:11: Bye Bye [preauth]
Jun 24 18:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Disconnected from 118.193.61.170 port 52822 [preauth]
Jun 24 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20083]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: Successful su for rubyman by root
Jun 24 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: + ??? root:rubyman
Jun 24 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585320 of user rubyman.
Jun 24 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585320.
Jun 24 18:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17087]: pam_unix(cron:session): session closed for user root
Jun 24 18:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18974]: pam_unix(cron:session): session closed for user root
Jun 24 18:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: Invalid user oguz from 108.174.156.122
Jun 24 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: input_userauth_request: invalid user oguz [preauth]
Jun 24 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: Failed password for invalid user oguz from 108.174.156.122 port 50062 ssh2
Jun 24 18:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: Received disconnect from 108.174.156.122 port 50062:11: Bye Bye [preauth]
Jun 24 18:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: Disconnected from 108.174.156.122 port 50062 [preauth]
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20588]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20674]: Successful su for rubyman by root
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20674]: + ??? root:rubyman
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585325 of user rubyman.
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20674]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585325.
Jun 24 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17500]: pam_unix(cron:session): session closed for user root
Jun 24 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20589]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19476]: pam_unix(cron:session): session closed for user root
Jun 24 18:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21027]: Invalid user ll from 118.193.61.170
Jun 24 18:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21027]: input_userauth_request: invalid user ll [preauth]
Jun 24 18:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21027]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21027]: Failed password for invalid user ll from 118.193.61.170 port 40464 ssh2
Jun 24 18:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21027]: Received disconnect from 118.193.61.170 port 40464:11: Bye Bye [preauth]
Jun 24 18:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21027]: Disconnected from 118.193.61.170 port 40464 [preauth]
Jun 24 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session closed for user root
Jun 24 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21156]: Successful su for rubyman by root
Jun 24 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21156]: + ??? root:rubyman
Jun 24 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585331 of user rubyman.
Jun 24 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21156]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585331.
Jun 24 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17999]: pam_unix(cron:session): session closed for user root
Jun 24 18:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session closed for user root
Jun 24 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: Invalid user ubuntu from 108.174.156.122
Jun 24 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20086]: pam_unix(cron:session): session closed for user root
Jun 24 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: Failed password for invalid user ubuntu from 108.174.156.122 port 51718 ssh2
Jun 24 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: Received disconnect from 108.174.156.122 port 51718:11: Bye Bye [preauth]
Jun 24 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21442]: Disconnected from 108.174.156.122 port 51718 [preauth]
Jun 24 18:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21466]: Connection closed by 194.59.206.2 port 35052 [preauth]
Jun 24 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21532]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21620]: Successful su for rubyman by root
Jun 24 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21620]: + ??? root:rubyman
Jun 24 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585336 of user rubyman.
Jun 24 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21620]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585336.
Jun 24 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18505]: pam_unix(cron:session): session closed for user root
Jun 24 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21533]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 18:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21853]: Failed password for root from 147.45.199.80 port 41282 ssh2
Jun 24 18:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21853]: Connection closed by 147.45.199.80 port 41282 [preauth]
Jun 24 18:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session closed for user root
Jun 24 18:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21947]: Invalid user manuel from 118.193.61.170
Jun 24 18:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21947]: input_userauth_request: invalid user manuel [preauth]
Jun 24 18:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21947]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21947]: Failed password for invalid user manuel from 118.193.61.170 port 35412 ssh2
Jun 24 18:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21947]: Received disconnect from 118.193.61.170 port 35412:11: Bye Bye [preauth]
Jun 24 18:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21947]: Disconnected from 118.193.61.170 port 35412 [preauth]
Jun 24 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21974]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22032]: Successful su for rubyman by root
Jun 24 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22032]: + ??? root:rubyman
Jun 24 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585338 of user rubyman.
Jun 24 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22032]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585338.
Jun 24 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18972]: pam_unix(cron:session): session closed for user root
Jun 24 18:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21975]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 18:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: Failed password for root from 103.176.20.57 port 33590 ssh2
Jun 24 18:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: Connection closed by 103.176.20.57 port 33590 [preauth]
Jun 24 18:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: Invalid user toor from 108.174.156.122
Jun 24 18:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: input_userauth_request: invalid user toor [preauth]
Jun 24 18:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: Failed password for invalid user toor from 108.174.156.122 port 38272 ssh2
Jun 24 18:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: Received disconnect from 108.174.156.122 port 38272:11: Bye Bye [preauth]
Jun 24 18:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: Disconnected from 108.174.156.122 port 38272 [preauth]
Jun 24 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session closed for user root
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22464]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22525]: Successful su for rubyman by root
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22525]: + ??? root:rubyman
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585342 of user rubyman.
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22525]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585342.
Jun 24 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19475]: pam_unix(cron:session): session closed for user root
Jun 24 18:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22465]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21537]: pam_unix(cron:session): session closed for user root
Jun 24 18:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 18:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22849]: Failed password for root from 118.193.61.170 port 53340 ssh2
Jun 24 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Invalid user leandro from 108.174.156.122
Jun 24 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: input_userauth_request: invalid user leandro [preauth]
Jun 24 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22849]: Received disconnect from 118.193.61.170 port 53340:11: Bye Bye [preauth]
Jun 24 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22849]: Disconnected from 118.193.61.170 port 53340 [preauth]
Jun 24 18:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Failed password for invalid user leandro from 108.174.156.122 port 33184 ssh2
Jun 24 18:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Received disconnect from 108.174.156.122 port 33184:11: Bye Bye [preauth]
Jun 24 18:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Disconnected from 108.174.156.122 port 33184 [preauth]
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22872]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22934]: Successful su for rubyman by root
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22934]: + ??? root:rubyman
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585346 of user rubyman.
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22934]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585346.
Jun 24 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session closed for user root
Jun 24 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22873]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23180]: Connection closed by 45.148.10.121 port 55752 [preauth]
Jun 24 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21977]: pam_unix(cron:session): session closed for user root
Jun 24 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23288]: pam_unix(cron:session): session closed for user root
Jun 24 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23282]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23362]: Successful su for rubyman by root
Jun 24 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23362]: + ??? root:rubyman
Jun 24 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585354 of user rubyman.
Jun 24 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23362]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585354.
Jun 24 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session closed for user root
Jun 24 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session closed for user root
Jun 24 18:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23283]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22467]: pam_unix(cron:session): session closed for user root
Jun 24 18:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: Invalid user jb from 108.174.156.122
Jun 24 18:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: input_userauth_request: invalid user jb [preauth]
Jun 24 18:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: Failed password for invalid user jb from 108.174.156.122 port 39710 ssh2
Jun 24 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: Received disconnect from 108.174.156.122 port 39710:11: Bye Bye [preauth]
Jun 24 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: Disconnected from 108.174.156.122 port 39710 [preauth]
Jun 24 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23736]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23824]: Successful su for rubyman by root
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23824]: + ??? root:rubyman
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585356 of user rubyman.
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23824]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585356.
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: Invalid user server from 118.193.61.170
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: input_userauth_request: invalid user server [preauth]
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: Failed password for invalid user server from 118.193.61.170 port 41092 ssh2
Jun 24 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: Received disconnect from 118.193.61.170 port 41092:11: Bye Bye [preauth]
Jun 24 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: Disconnected from 118.193.61.170 port 41092 [preauth]
Jun 24 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21086]: pam_unix(cron:session): session closed for user root
Jun 24 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22876]: pam_unix(cron:session): session closed for user root
Jun 24 18:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24261]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24331]: Successful su for rubyman by root
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24331]: + ??? root:rubyman
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585360 of user rubyman.
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24331]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585360.
Jun 24 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session closed for user root
Jun 24 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Failed password for root from 108.174.156.122 port 37840 ssh2
Jun 24 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Received disconnect from 108.174.156.122 port 37840:11: Bye Bye [preauth]
Jun 24 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Disconnected from 108.174.156.122 port 37840 [preauth]
Jun 24 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23287]: pam_unix(cron:session): session closed for user root
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24696]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24759]: Successful su for rubyman by root
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24759]: + ??? root:rubyman
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585364 of user rubyman.
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24759]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585364.
Jun 24 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21976]: pam_unix(cron:session): session closed for user root
Jun 24 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24697]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Invalid user sal from 118.193.61.170
Jun 24 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: input_userauth_request: invalid user sal [preauth]
Jun 24 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Failed password for invalid user sal from 118.193.61.170 port 36944 ssh2
Jun 24 18:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Received disconnect from 118.193.61.170 port 36944:11: Bye Bye [preauth]
Jun 24 18:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Disconnected from 118.193.61.170 port 36944 [preauth]
Jun 24 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23743]: pam_unix(cron:session): session closed for user root
Jun 24 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25094]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25220]: Successful su for rubyman by root
Jun 24 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25220]: + ??? root:rubyman
Jun 24 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585371 of user rubyman.
Jun 24 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25220]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585371.
Jun 24 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25092]: pam_unix(cron:session): session closed for user root
Jun 24 18:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22466]: pam_unix(cron:session): session closed for user root
Jun 24 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 18:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: Failed password for root from 108.174.156.122 port 53286 ssh2
Jun 24 18:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: Received disconnect from 108.174.156.122 port 53286:11: Bye Bye [preauth]
Jun 24 18:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: Disconnected from 108.174.156.122 port 53286 [preauth]
Jun 24 18:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 18:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Failed password for root from 193.37.70.224 port 46542 ssh2
Jun 24 18:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Connection closed by 193.37.70.224 port 46542 [preauth]
Jun 24 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session closed for user root
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25583]: pam_unix(cron:session): session closed for user root
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25578]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25643]: Successful su for rubyman by root
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25643]: + ??? root:rubyman
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585373 of user rubyman.
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25643]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585373.
Jun 24 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25580]: pam_unix(cron:session): session closed for user root
Jun 24 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22874]: pam_unix(cron:session): session closed for user root
Jun 24 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25579]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 18:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Failed password for root from 118.193.61.170 port 50186 ssh2
Jun 24 18:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Received disconnect from 118.193.61.170 port 50186:11: Bye Bye [preauth]
Jun 24 18:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Disconnected from 118.193.61.170 port 50186 [preauth]
Jun 24 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24699]: pam_unix(cron:session): session closed for user root
Jun 24 18:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 18:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: Failed password for root from 108.174.156.122 port 40484 ssh2
Jun 24 18:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: Received disconnect from 108.174.156.122 port 40484:11: Bye Bye [preauth]
Jun 24 18:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: Disconnected from 108.174.156.122 port 40484 [preauth]
Jun 24 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26004]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26068]: Successful su for rubyman by root
Jun 24 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26068]: + ??? root:rubyman
Jun 24 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585379 of user rubyman.
Jun 24 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26068]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585379.
Jun 24 18:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23286]: pam_unix(cron:session): session closed for user root
Jun 24 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26005]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session closed for user root
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26404]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26462]: Successful su for rubyman by root
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26462]: + ??? root:rubyman
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585384 of user rubyman.
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26462]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585384.
Jun 24 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23742]: pam_unix(cron:session): session closed for user root
Jun 24 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26774]: Invalid user mssql from 118.193.61.170
Jun 24 18:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26774]: input_userauth_request: invalid user mssql [preauth]
Jun 24 18:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26774]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26774]: Failed password for invalid user mssql from 118.193.61.170 port 57374 ssh2
Jun 24 18:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26774]: Received disconnect from 118.193.61.170 port 57374:11: Bye Bye [preauth]
Jun 24 18:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26774]: Disconnected from 118.193.61.170 port 57374 [preauth]
Jun 24 18:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25582]: pam_unix(cron:session): session closed for user root
Jun 24 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Invalid user git from 108.174.156.122
Jun 24 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: input_userauth_request: invalid user git [preauth]
Jun 24 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Failed password for invalid user git from 108.174.156.122 port 57378 ssh2
Jun 24 18:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Received disconnect from 108.174.156.122 port 57378:11: Bye Bye [preauth]
Jun 24 18:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Disconnected from 108.174.156.122 port 57378 [preauth]
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26880]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26946]: Successful su for rubyman by root
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26946]: + ??? root:rubyman
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585387 of user rubyman.
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26946]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585387.
Jun 24 18:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24263]: pam_unix(cron:session): session closed for user root
Jun 24 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26881]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26007]: pam_unix(cron:session): session closed for user root
Jun 24 18:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 18:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 18:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27215]: Failed password for root from 103.172.78.219 port 59518 ssh2
Jun 24 18:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27215]: Connection closed by 103.172.78.219 port 59518 [preauth]
Jun 24 18:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: Failed password for root from 103.27.238.120 port 60908 ssh2
Jun 24 18:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: Connection closed by 103.27.238.120 port 60908 [preauth]
Jun 24 18:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Invalid user nevin from 2.57.121.112
Jun 24 18:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: input_userauth_request: invalid user nevin [preauth]
Jun 24 18:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Failed password for invalid user nevin from 2.57.121.112 port 44188 ssh2
Jun 24 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27309]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27376]: Successful su for rubyman by root
Jun 24 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27376]: + ??? root:rubyman
Jun 24 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585393 of user rubyman.
Jun 24 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27376]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585393.
Jun 24 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Failed password for invalid user nevin from 2.57.121.112 port 44188 ssh2
Jun 24 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24698]: pam_unix(cron:session): session closed for user root
Jun 24 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Failed password for invalid user nevin from 2.57.121.112 port 44188 ssh2
Jun 24 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27310]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Failed password for invalid user nevin from 2.57.121.112 port 44188 ssh2
Jun 24 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 18:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Failed password for invalid user nevin from 2.57.121.112 port 44188 ssh2
Jun 24 18:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Connection closed by 2.57.121.112 port 44188 [preauth]
Jun 24 18:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 18:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 24 18:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Failed password for root from 38.93.206.2 port 2124 ssh2
Jun 24 18:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Connection closed by 38.93.206.2 port 2124 [preauth]
Jun 24 18:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: Invalid user ftpguest from 108.174.156.122
Jun 24 18:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: input_userauth_request: invalid user ftpguest [preauth]
Jun 24 18:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: Failed password for invalid user ftpguest from 108.174.156.122 port 35132 ssh2
Jun 24 18:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: Received disconnect from 108.174.156.122 port 35132:11: Bye Bye [preauth]
Jun 24 18:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27590]: Disconnected from 108.174.156.122 port 35132 [preauth]
Jun 24 18:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Invalid user vendas from 118.193.61.170
Jun 24 18:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: input_userauth_request: invalid user vendas [preauth]
Jun 24 18:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Failed password for invalid user vendas from 118.193.61.170 port 51526 ssh2
Jun 24 18:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Received disconnect from 118.193.61.170 port 51526:11: Bye Bye [preauth]
Jun 24 18:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Disconnected from 118.193.61.170 port 51526 [preauth]
Jun 24 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session closed for user root
Jun 24 18:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 18:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27691]: Failed password for root from 103.149.28.157 port 39150 ssh2
Jun 24 18:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27691]: Connection closed by 103.149.28.157 port 39150 [preauth]
Jun 24 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27731]: pam_unix(cron:session): session closed for user root
Jun 24 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27724]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27796]: Successful su for rubyman by root
Jun 24 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27796]: + ??? root:rubyman
Jun 24 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585395 of user rubyman.
Jun 24 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27796]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585395.
Jun 24 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27728]: pam_unix(cron:session): session closed for user root
Jun 24 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session closed for user root
Jun 24 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27725]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26883]: pam_unix(cron:session): session closed for user root
Jun 24 18:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28221]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28287]: Successful su for rubyman by root
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28287]: + ??? root:rubyman
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585401 of user rubyman.
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28287]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585401.
Jun 24 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28217]: Failed password for root from 108.174.156.122 port 59896 ssh2
Jun 24 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28217]: Received disconnect from 108.174.156.122 port 59896:11: Bye Bye [preauth]
Jun 24 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28217]: Disconnected from 108.174.156.122 port 59896 [preauth]
Jun 24 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25581]: pam_unix(cron:session): session closed for user root
Jun 24 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28222]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 18:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28464]: Failed password for root from 194.113.233.25 port 59522 ssh2
Jun 24 18:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28464]: Connection closed by 194.113.233.25 port 59522 [preauth]
Jun 24 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27312]: pam_unix(cron:session): session closed for user root
Jun 24 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: Invalid user msf from 118.193.61.170
Jun 24 18:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: input_userauth_request: invalid user msf [preauth]
Jun 24 18:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: Failed password for invalid user msf from 118.193.61.170 port 39880 ssh2
Jun 24 18:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: Received disconnect from 118.193.61.170 port 39880:11: Bye Bye [preauth]
Jun 24 18:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: Disconnected from 118.193.61.170 port 39880 [preauth]
Jun 24 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28720]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28787]: Successful su for rubyman by root
Jun 24 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28787]: + ??? root:rubyman
Jun 24 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585406 of user rubyman.
Jun 24 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28787]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585406.
Jun 24 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26006]: pam_unix(cron:session): session closed for user root
Jun 24 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 18:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28721]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28953]: Failed password for root from 109.237.96.109 port 38086 ssh2
Jun 24 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28953]: Connection closed by 109.237.96.109 port 38086 [preauth]
Jun 24 18:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session closed for user root
Jun 24 18:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 18:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed password for root from 108.174.156.122 port 34934 ssh2
Jun 24 18:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Received disconnect from 108.174.156.122 port 34934:11: Bye Bye [preauth]
Jun 24 18:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Disconnected from 108.174.156.122 port 34934 [preauth]
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29143]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29210]: Successful su for rubyman by root
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29210]: + ??? root:rubyman
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585410 of user rubyman.
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29210]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585410.
Jun 24 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session closed for user root
Jun 24 18:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29144]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session closed for user root
Jun 24 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: Invalid user user1 from 118.193.61.170
Jun 24 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: input_userauth_request: invalid user user1 [preauth]
Jun 24 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: Failed password for invalid user user1 from 118.193.61.170 port 44704 ssh2
Jun 24 18:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: Received disconnect from 118.193.61.170 port 44704:11: Bye Bye [preauth]
Jun 24 18:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: Disconnected from 118.193.61.170 port 44704 [preauth]
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29649]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: Successful su for rubyman by root
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: + ??? root:rubyman
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585413 of user rubyman.
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585413.
Jun 24 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26882]: pam_unix(cron:session): session closed for user root
Jun 24 18:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29650]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28723]: pam_unix(cron:session): session closed for user root
Jun 24 18:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: Invalid user bolt from 108.174.156.122
Jun 24 18:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: input_userauth_request: invalid user bolt [preauth]
Jun 24 18:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: Failed password for invalid user bolt from 108.174.156.122 port 50232 ssh2
Jun 24 18:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: Received disconnect from 108.174.156.122 port 50232:11: Bye Bye [preauth]
Jun 24 18:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: Disconnected from 108.174.156.122 port 50232 [preauth]
Jun 24 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session closed for user root
Jun 24 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30100]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30182]: Successful su for rubyman by root
Jun 24 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30182]: + ??? root:rubyman
Jun 24 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585419 of user rubyman.
Jun 24 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30182]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585419.
Jun 24 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30102]: pam_unix(cron:session): session closed for user root
Jun 24 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27311]: pam_unix(cron:session): session closed for user root
Jun 24 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 18:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29148]: pam_unix(cron:session): session closed for user root
Jun 24 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: Failed password for root from 141.98.83.240 port 24776 ssh2
Jun 24 18:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 24776 ssh2]
Jun 24 18:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: Connection closed by 141.98.83.240 port 24776 [preauth]
Jun 24 18:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30449]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 18:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: Invalid user brian from 118.193.61.170
Jun 24 18:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: input_userauth_request: invalid user brian [preauth]
Jun 24 18:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: Failed password for invalid user brian from 118.193.61.170 port 55440 ssh2
Jun 24 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: Received disconnect from 118.193.61.170 port 55440:11: Bye Bye [preauth]
Jun 24 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: Disconnected from 118.193.61.170 port 55440 [preauth]
Jun 24 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30549]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30631]: Successful su for rubyman by root
Jun 24 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30631]: + ??? root:rubyman
Jun 24 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585425 of user rubyman.
Jun 24 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30631]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585425.
Jun 24 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session closed for user root
Jun 24 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30550]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: Failed password for root from 108.174.156.122 port 45520 ssh2
Jun 24 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: Received disconnect from 108.174.156.122 port 45520:11: Bye Bye [preauth]
Jun 24 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: Disconnected from 108.174.156.122 port 45520 [preauth]
Jun 24 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29652]: pam_unix(cron:session): session closed for user root
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31062]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31123]: Successful su for rubyman by root
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31123]: + ??? root:rubyman
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585427 of user rubyman.
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31123]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585427.
Jun 24 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28223]: pam_unix(cron:session): session closed for user root
Jun 24 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31063]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30104]: pam_unix(cron:session): session closed for user root
Jun 24 18:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 18:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: Failed password for root from 118.193.61.170 port 60266 ssh2
Jun 24 18:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: Received disconnect from 118.193.61.170 port 60266:11: Bye Bye [preauth]
Jun 24 18:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: Disconnected from 118.193.61.170 port 60266 [preauth]
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31467]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31540]: Successful su for rubyman by root
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31540]: + ??? root:rubyman
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585431 of user rubyman.
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31540]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585431.
Jun 24 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session closed for user root
Jun 24 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31468]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Failed password for root from 108.174.156.122 port 36774 ssh2
Jun 24 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Received disconnect from 108.174.156.122 port 36774:11: Bye Bye [preauth]
Jun 24 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Disconnected from 108.174.156.122 port 36774 [preauth]
Jun 24 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session closed for user root
Jun 24 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: Successful su for rubyman by root
Jun 24 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: + ??? root:rubyman
Jun 24 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585435 of user rubyman.
Jun 24 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585435.
Jun 24 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29146]: pam_unix(cron:session): session closed for user root
Jun 24 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31975]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31066]: pam_unix(cron:session): session closed for user root
Jun 24 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Invalid user app from 108.174.156.122
Jun 24 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: input_userauth_request: invalid user app [preauth]
Jun 24 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Failed password for invalid user app from 108.174.156.122 port 58312 ssh2
Jun 24 18:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Received disconnect from 108.174.156.122 port 58312:11: Bye Bye [preauth]
Jun 24 18:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Disconnected from 108.174.156.122 port 58312 [preauth]
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32381]: pam_unix(cron:session): session closed for user root
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32374]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32450]: Successful su for rubyman by root
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32450]: + ??? root:rubyman
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585441 of user rubyman.
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32450]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585441.
Jun 24 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32376]: pam_unix(cron:session): session closed for user root
Jun 24 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29651]: pam_unix(cron:session): session closed for user root
Jun 24 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32375]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Failed password for root from 118.193.61.170 port 47706 ssh2
Jun 24 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Received disconnect from 118.193.61.170 port 47706:11: Bye Bye [preauth]
Jun 24 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Disconnected from 118.193.61.170 port 47706 [preauth]
Jun 24 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31470]: pam_unix(cron:session): session closed for user root
Jun 24 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[304]: Failed password for root from 202.178.126.219 port 40395 ssh2
Jun 24 18:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[304]: Connection closed by 202.178.126.219 port 40395 [preauth]
Jun 24 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: Invalid user  from 18.97.5.35
Jun 24 18:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: input_userauth_request: invalid user  [preauth]
Jun 24 18:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: Connection closed by 18.97.5.35 port 57216 [preauth]
Jun 24 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[370]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[579]: Successful su for rubyman by root
Jun 24 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[579]: + ??? root:rubyman
Jun 24 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585445 of user rubyman.
Jun 24 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[579]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585445.
Jun 24 18:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30103]: pam_unix(cron:session): session closed for user root
Jun 24 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[371]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31977]: pam_unix(cron:session): session closed for user root
Jun 24 18:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 18:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: Failed password for root from 108.174.156.122 port 51876 ssh2
Jun 24 18:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: Received disconnect from 108.174.156.122 port 51876:11: Bye Bye [preauth]
Jun 24 18:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: Disconnected from 108.174.156.122 port 51876 [preauth]
Jun 24 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Did not receive identification string from 120.76.158.232
Jun 24 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[937]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: Successful su for rubyman by root
Jun 24 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: + ??? root:rubyman
Jun 24 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585451 of user rubyman.
Jun 24 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585451.
Jun 24 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30551]: pam_unix(cron:session): session closed for user root
Jun 24 18:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[938]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: Invalid user ospite from 118.193.61.170
Jun 24 18:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: input_userauth_request: invalid user ospite [preauth]
Jun 24 18:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 18:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: Failed password for invalid user ospite from 118.193.61.170 port 45176 ssh2
Jun 24 18:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: Received disconnect from 118.193.61.170 port 45176:11: Bye Bye [preauth]
Jun 24 18:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: Disconnected from 118.193.61.170 port 45176 [preauth]
Jun 24 18:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32378]: pam_unix(cron:session): session closed for user root
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1400]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1565]: Successful su for rubyman by root
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1565]: + ??? root:rubyman
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585454 of user rubyman.
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1565]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585454.
Jun 24 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31064]: pam_unix(cron:session): session closed for user root
Jun 24 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1401]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Invalid user pilot from 108.174.156.122
Jun 24 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: input_userauth_request: invalid user pilot [preauth]
Jun 24 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Failed password for invalid user pilot from 108.174.156.122 port 59738 ssh2
Jun 24 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Received disconnect from 108.174.156.122 port 59738:11: Bye Bye [preauth]
Jun 24 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Disconnected from 108.174.156.122 port 59738 [preauth]
Jun 24 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[373]: pam_unix(cron:session): session closed for user root
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1960]: pam_unix(cron:session): session closed for user p13x
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2053]: Successful su for rubyman by root
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2053]: + ??? root:rubyman
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585457 of user rubyman.
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2053]: pam_unix(su:session): session closed for user rubyman
Jun 24 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585457.
Jun 24 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31469]: pam_unix(cron:session): session closed for user root
Jun 24 18:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1962]: pam_unix(cron:session): session closed for user samftp
Jun 24 18:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 18:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 18:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Failed password for root from 118.193.61.170 port 36632 ssh2
Jun 24 18:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Received disconnect from 118.193.61.170 port 36632:11: Bye Bye [preauth]
Jun 24 18:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Disconnected from 118.193.61.170 port 36632 [preauth]
Jun 24 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[940]: pam_unix(cron:session): session closed for user root
Jun 24 19:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: Invalid user 7days from 108.174.156.122
Jun 24 19:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: input_userauth_request: invalid user 7days [preauth]
Jun 24 19:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2423]: pam_unix(cron:session): session closed for user root
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2427]: pam_unix(cron:session): session closed for user root
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2421]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2516]: Successful su for rubyman by root
Jun 24 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2516]: + ??? root:rubyman
Jun 24 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585467 of user rubyman.
Jun 24 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2516]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585467.
Jun 24 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: Failed password for invalid user 7days from 108.174.156.122 port 53644 ssh2
Jun 24 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: Received disconnect from 108.174.156.122 port 53644:11: Bye Bye [preauth]
Jun 24 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: Disconnected from 108.174.156.122 port 53644 [preauth]
Jun 24 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2424]: pam_unix(cron:session): session closed for user root
Jun 24 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session closed for user root
Jun 24 19:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2422]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1403]: pam_unix(cron:session): session closed for user root
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3004]: Successful su for rubyman by root
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3004]: + ??? root:rubyman
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585469 of user rubyman.
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3004]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585469.
Jun 24 19:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32377]: pam_unix(cron:session): session closed for user root
Jun 24 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: Invalid user frappe from 118.193.61.170
Jun 24 19:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: input_userauth_request: invalid user frappe [preauth]
Jun 24 19:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 19:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: Failed password for invalid user frappe from 118.193.61.170 port 52576 ssh2
Jun 24 19:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: Received disconnect from 118.193.61.170 port 52576:11: Bye Bye [preauth]
Jun 24 19:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3247]: Disconnected from 118.193.61.170 port 52576 [preauth]
Jun 24 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1964]: pam_unix(cron:session): session closed for user root
Jun 24 19:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 19:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Failed password for root from 108.174.156.122 port 55530 ssh2
Jun 24 19:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Received disconnect from 108.174.156.122 port 55530:11: Bye Bye [preauth]
Jun 24 19:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Disconnected from 108.174.156.122 port 55530 [preauth]
Jun 24 19:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 24 19:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Failed password for root from 147.45.211.215 port 34018 ssh2
Jun 24 19:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Connection closed by 147.45.211.215 port 34018 [preauth]
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: Successful su for rubyman by root
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: + ??? root:rubyman
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585472 of user rubyman.
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585472.
Jun 24 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[372]: pam_unix(cron:session): session closed for user root
Jun 24 19:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2426]: pam_unix(cron:session): session closed for user root
Jun 24 19:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 24 19:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Failed password for root from 45.148.10.121 port 51466 ssh2
Jun 24 19:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Connection closed by 45.148.10.121 port 51466 [preauth]
Jun 24 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3847]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3964]: Successful su for rubyman by root
Jun 24 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3964]: + ??? root:rubyman
Jun 24 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585479 of user rubyman.
Jun 24 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3964]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585479.
Jun 24 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[939]: pam_unix(cron:session): session closed for user root
Jun 24 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: Invalid user dss from 108.174.156.122
Jun 24 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: input_userauth_request: invalid user dss [preauth]
Jun 24 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 19:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: Failed password for invalid user dss from 108.174.156.122 port 38194 ssh2
Jun 24 19:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: Received disconnect from 108.174.156.122 port 38194:11: Bye Bye [preauth]
Jun 24 19:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: Disconnected from 108.174.156.122 port 38194 [preauth]
Jun 24 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session closed for user root
Jun 24 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: Failed password for root from 118.193.61.170 port 60286 ssh2
Jun 24 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: Received disconnect from 118.193.61.170 port 60286:11: Bye Bye [preauth]
Jun 24 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: Disconnected from 118.193.61.170 port 60286 [preauth]
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4359]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4417]: Successful su for rubyman by root
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4417]: + ??? root:rubyman
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585480 of user rubyman.
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4417]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585480.
Jun 24 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1402]: pam_unix(cron:session): session closed for user root
Jun 24 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4360]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session closed for user root
Jun 24 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4838]: pam_unix(cron:session): session closed for user root
Jun 24 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: Successful su for rubyman by root
Jun 24 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: + ??? root:rubyman
Jun 24 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585487 of user rubyman.
Jun 24 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585487.
Jun 24 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user root
Jun 24 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1963]: pam_unix(cron:session): session closed for user root
Jun 24 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122  user=root
Jun 24 19:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 19:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: Failed password for root from 108.174.156.122 port 50594 ssh2
Jun 24 19:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: Received disconnect from 108.174.156.122 port 50594:11: Bye Bye [preauth]
Jun 24 19:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: Disconnected from 108.174.156.122 port 50594 [preauth]
Jun 24 19:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5170]: Failed password for root from 80.66.85.226 port 40548 ssh2
Jun 24 19:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5170]: Connection closed by 80.66.85.226 port 40548 [preauth]
Jun 24 19:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.80.70  user=root
Jun 24 19:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: Failed password for root from 120.48.80.70 port 60408 ssh2
Jun 24 19:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: Received disconnect from 120.48.80.70 port 60408:11: Bye Bye [preauth]
Jun 24 19:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: Disconnected from 120.48.80.70 port 60408 [preauth]
Jun 24 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session closed for user root
Jun 24 19:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Invalid user pc from 118.193.61.170
Jun 24 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: input_userauth_request: invalid user pc [preauth]
Jun 24 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Failed password for invalid user pc from 118.193.61.170 port 56470 ssh2
Jun 24 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Received disconnect from 118.193.61.170 port 56470:11: Bye Bye [preauth]
Jun 24 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Disconnected from 118.193.61.170 port 56470 [preauth]
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5313]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5394]: Successful su for rubyman by root
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5394]: + ??? root:rubyman
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585490 of user rubyman.
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5394]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585490.
Jun 24 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2425]: pam_unix(cron:session): session closed for user root
Jun 24 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5314]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session closed for user root
Jun 24 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Connection closed by 165.245.240.205 port 57810 [preauth]
Jun 24 19:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: Invalid user slinfo from 108.174.156.122
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: input_userauth_request: invalid user slinfo [preauth]
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5718]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5780]: Successful su for rubyman by root
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5780]: + ??? root:rubyman
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585495 of user rubyman.
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5780]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585495.
Jun 24 19:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: Failed password for invalid user slinfo from 108.174.156.122 port 34398 ssh2
Jun 24 19:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: Received disconnect from 108.174.156.122 port 34398:11: Bye Bye [preauth]
Jun 24 19:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: Disconnected from 108.174.156.122 port 34398 [preauth]
Jun 24 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2939]: pam_unix(cron:session): session closed for user root
Jun 24 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5719]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4837]: pam_unix(cron:session): session closed for user root
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6106]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6173]: Successful su for rubyman by root
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6173]: + ??? root:rubyman
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585499 of user rubyman.
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6173]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585499.
Jun 24 19:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session closed for user root
Jun 24 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6107]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Failed password for root from 118.193.61.170 port 39554 ssh2
Jun 24 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Received disconnect from 118.193.61.170 port 39554:11: Bye Bye [preauth]
Jun 24 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Disconnected from 118.193.61.170 port 39554 [preauth]
Jun 24 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5316]: pam_unix(cron:session): session closed for user root
Jun 24 19:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Invalid user kamera from 108.174.156.122
Jun 24 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: input_userauth_request: invalid user kamera [preauth]
Jun 24 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.174.156.122
Jun 24 19:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Failed password for invalid user kamera from 108.174.156.122 port 50916 ssh2
Jun 24 19:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Received disconnect from 108.174.156.122 port 50916:11: Bye Bye [preauth]
Jun 24 19:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Disconnected from 108.174.156.122 port 50916 [preauth]
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6506]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6628]: Successful su for rubyman by root
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6628]: + ??? root:rubyman
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585502 of user rubyman.
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6628]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585502.
Jun 24 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6504]: pam_unix(cron:session): session closed for user root
Jun 24 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3849]: pam_unix(cron:session): session closed for user root
Jun 24 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6507]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5721]: pam_unix(cron:session): session closed for user root
Jun 24 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7050]: pam_unix(cron:session): session closed for user root
Jun 24 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7039]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7167]: Successful su for rubyman by root
Jun 24 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7167]: + ??? root:rubyman
Jun 24 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585509 of user rubyman.
Jun 24 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7167]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585509.
Jun 24 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7042]: pam_unix(cron:session): session closed for user root
Jun 24 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4361]: pam_unix(cron:session): session closed for user root
Jun 24 19:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7041]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Invalid user admin from 2.57.121.25
Jun 24 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: input_userauth_request: invalid user admin [preauth]
Jun 24 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 19:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for invalid user admin from 2.57.121.25 port 53580 ssh2
Jun 24 19:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for invalid user admin from 2.57.121.25 port 53580 ssh2
Jun 24 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Invalid user ivana from 118.193.61.170
Jun 24 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: input_userauth_request: invalid user ivana [preauth]
Jun 24 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 19:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for invalid user admin from 2.57.121.25 port 53580 ssh2
Jun 24 19:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Connection closed by 2.57.121.25 port 53580 [preauth]
Jun 24 19:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Failed password for invalid user ivana from 118.193.61.170 port 39436 ssh2
Jun 24 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Received disconnect from 118.193.61.170 port 39436:11: Bye Bye [preauth]
Jun 24 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Disconnected from 118.193.61.170 port 39436 [preauth]
Jun 24 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6109]: pam_unix(cron:session): session closed for user root
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7529]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7604]: Successful su for rubyman by root
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7604]: + ??? root:rubyman
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585513 of user rubyman.
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7604]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585513.
Jun 24 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session closed for user root
Jun 24 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7530]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 19:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Failed password for root from 103.27.238.114 port 53726 ssh2
Jun 24 19:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Connection closed by 103.27.238.114 port 53726 [preauth]
Jun 24 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6510]: pam_unix(cron:session): session closed for user root
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8029]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8090]: Successful su for rubyman by root
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8090]: + ??? root:rubyman
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585517 of user rubyman.
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8090]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585517.
Jun 24 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5315]: pam_unix(cron:session): session closed for user root
Jun 24 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8030]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: Failed password for root from 118.193.61.170 port 34318 ssh2
Jun 24 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: Received disconnect from 118.193.61.170 port 34318:11: Bye Bye [preauth]
Jun 24 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: Disconnected from 118.193.61.170 port 34318 [preauth]
Jun 24 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session closed for user root
Jun 24 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8484]: Successful su for rubyman by root
Jun 24 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8484]: + ??? root:rubyman
Jun 24 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585522 of user rubyman.
Jun 24 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8484]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585522.
Jun 24 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5720]: pam_unix(cron:session): session closed for user root
Jun 24 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7532]: pam_unix(cron:session): session closed for user root
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8812]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8875]: Successful su for rubyman by root
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8875]: + ??? root:rubyman
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585525 of user rubyman.
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8875]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585525.
Jun 24 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6108]: pam_unix(cron:session): session closed for user root
Jun 24 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8813]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session closed for user root
Jun 24 19:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: Failed password for root from 118.193.61.170 port 46726 ssh2
Jun 24 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: Received disconnect from 118.193.61.170 port 46726:11: Bye Bye [preauth]
Jun 24 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: Disconnected from 118.193.61.170 port 46726 [preauth]
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9222]: pam_unix(cron:session): session closed for user root
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9217]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: Successful su for rubyman by root
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: + ??? root:rubyman
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585531 of user rubyman.
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585531.
Jun 24 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9219]: pam_unix(cron:session): session closed for user root
Jun 24 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6508]: pam_unix(cron:session): session closed for user root
Jun 24 19:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9218]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8422]: pam_unix(cron:session): session closed for user root
Jun 24 19:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 19:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Failed password for root from 103.15.222.183 port 43156 ssh2
Jun 24 19:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Connection closed by 103.15.222.183 port 43156 [preauth]
Jun 24 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9636]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9705]: Successful su for rubyman by root
Jun 24 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9705]: + ??? root:rubyman
Jun 24 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585535 of user rubyman.
Jun 24 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9705]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585535.
Jun 24 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7043]: pam_unix(cron:session): session closed for user root
Jun 24 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9637]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8815]: pam_unix(cron:session): session closed for user root
Jun 24 19:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 19:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: Failed password for root from 118.193.61.170 port 41014 ssh2
Jun 24 19:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: Received disconnect from 118.193.61.170 port 41014:11: Bye Bye [preauth]
Jun 24 19:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: Disconnected from 118.193.61.170 port 41014 [preauth]
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10218]: pam_unix(cron:session): session closed for user root
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10304]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10371]: Successful su for rubyman by root
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10371]: + ??? root:rubyman
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585540 of user rubyman.
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10371]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585540.
Jun 24 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7531]: pam_unix(cron:session): session closed for user root
Jun 24 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10305]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9221]: pam_unix(cron:session): session closed for user root
Jun 24 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10722]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: Successful su for rubyman by root
Jun 24 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: + ??? root:rubyman
Jun 24 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585547 of user rubyman.
Jun 24 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585547.
Jun 24 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8031]: pam_unix(cron:session): session closed for user root
Jun 24 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10723]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session closed for user root
Jun 24 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Invalid user discord from 118.193.61.170
Jun 24 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: input_userauth_request: invalid user discord [preauth]
Jun 24 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170
Jun 24 19:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Failed password for invalid user discord from 118.193.61.170 port 51608 ssh2
Jun 24 19:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Received disconnect from 118.193.61.170 port 51608:11: Bye Bye [preauth]
Jun 24 19:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Disconnected from 118.193.61.170 port 51608 [preauth]
Jun 24 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11205]: Successful su for rubyman by root
Jun 24 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11205]: + ??? root:rubyman
Jun 24 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585549 of user rubyman.
Jun 24 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11205]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585549.
Jun 24 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8421]: pam_unix(cron:session): session closed for user root
Jun 24 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11140]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Failed password for root from 103.82.20.28 port 52046 ssh2
Jun 24 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Connection closed by 103.82.20.28 port 52046 [preauth]
Jun 24 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10307]: pam_unix(cron:session): session closed for user root
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11562]: pam_unix(cron:session): session closed for user root
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11557]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11630]: Successful su for rubyman by root
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11630]: + ??? root:rubyman
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585552 of user rubyman.
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11630]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585552.
Jun 24 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11559]: pam_unix(cron:session): session closed for user root
Jun 24 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8814]: pam_unix(cron:session): session closed for user root
Jun 24 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11558]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10725]: pam_unix(cron:session): session closed for user root
Jun 24 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Invalid user frappe from 141.98.83.240
Jun 24 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: input_userauth_request: invalid user frappe [preauth]
Jun 24 19:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Failed password for invalid user frappe from 141.98.83.240 port 22432 ssh2
Jun 24 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Failed password for invalid user frappe from 141.98.83.240 port 22432 ssh2
Jun 24 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Failed password for invalid user frappe from 141.98.83.240 port 22432 ssh2
Jun 24 19:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Connection closed by 141.98.83.240 port 22432 [preauth]
Jun 24 19:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12055]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12120]: Successful su for rubyman by root
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12120]: + ??? root:rubyman
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585559 of user rubyman.
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12120]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585559.
Jun 24 19:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.61.170  user=root
Jun 24 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9220]: pam_unix(cron:session): session closed for user root
Jun 24 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12056]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Failed password for root from 118.193.61.170 port 53074 ssh2
Jun 24 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Received disconnect from 118.193.61.170 port 53074:11: Bye Bye [preauth]
Jun 24 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Disconnected from 118.193.61.170 port 53074 [preauth]
Jun 24 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11143]: pam_unix(cron:session): session closed for user root
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12576]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12641]: Successful su for rubyman by root
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12641]: + ??? root:rubyman
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12641]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585562 of user rubyman.
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12641]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585562.
Jun 24 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session closed for user root
Jun 24 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12578]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: Invalid user admin from 193.46.255.86
Jun 24 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: input_userauth_request: invalid user admin [preauth]
Jun 24 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: Failed password for invalid user admin from 193.46.255.86 port 50466 ssh2
Jun 24 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: Failed password for invalid user admin from 193.46.255.86 port 50466 ssh2
Jun 24 19:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: Failed password for invalid user admin from 193.46.255.86 port 50466 ssh2
Jun 24 19:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: Connection closed by 193.46.255.86 port 50466 [preauth]
Jun 24 19:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12878]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session closed for user root
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12993]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13057]: Successful su for rubyman by root
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13057]: + ??? root:rubyman
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585567 of user rubyman.
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13057]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585567.
Jun 24 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session closed for user root
Jun 24 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Invalid user leon from 93.77.187.140
Jun 24 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: input_userauth_request: invalid user leon [preauth]
Jun 24 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for invalid user leon from 93.77.187.140 port 58236 ssh2
Jun 24 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Received disconnect from 93.77.187.140 port 58236:11: Bye Bye [preauth]
Jun 24 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Disconnected from 93.77.187.140 port 58236 [preauth]
Jun 24 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12059]: pam_unix(cron:session): session closed for user root
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13413]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13471]: Successful su for rubyman by root
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13471]: + ??? root:rubyman
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585572 of user rubyman.
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13471]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585572.
Jun 24 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10724]: pam_unix(cron:session): session closed for user root
Jun 24 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13414]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12580]: pam_unix(cron:session): session closed for user root
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13816]: pam_unix(cron:session): session closed for user root
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13880]: Successful su for rubyman by root
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13880]: + ??? root:rubyman
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585577 of user rubyman.
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13880]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585577.
Jun 24 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13813]: pam_unix(cron:session): session closed for user root
Jun 24 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11142]: pam_unix(cron:session): session closed for user root
Jun 24 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13812]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session closed for user root
Jun 24 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14243]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14309]: Successful su for rubyman by root
Jun 24 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14309]: + ??? root:rubyman
Jun 24 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585582 of user rubyman.
Jun 24 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14309]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585582.
Jun 24 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11560]: pam_unix(cron:session): session closed for user root
Jun 24 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14244]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13416]: pam_unix(cron:session): session closed for user root
Jun 24 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14650]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14647]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14784]: Successful su for rubyman by root
Jun 24 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14784]: + ??? root:rubyman
Jun 24 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585584 of user rubyman.
Jun 24 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14784]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585584.
Jun 24 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12057]: pam_unix(cron:session): session closed for user root
Jun 24 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14648]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Failed password for root from 38.93.206.2 port 54204 ssh2
Jun 24 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Connection closed by 38.93.206.2 port 54204 [preauth]
Jun 24 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13815]: pam_unix(cron:session): session closed for user root
Jun 24 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15124]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15187]: Successful su for rubyman by root
Jun 24 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15187]: + ??? root:rubyman
Jun 24 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585590 of user rubyman.
Jun 24 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15187]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585590.
Jun 24 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12579]: pam_unix(cron:session): session closed for user root
Jun 24 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15125]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Failed password for root from 103.27.238.116 port 41950 ssh2
Jun 24 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Connection closed by 103.27.238.116 port 41950 [preauth]
Jun 24 19:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 19:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Failed password for root from 103.77.175.15 port 35132 ssh2
Jun 24 19:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Connection closed by 103.77.175.15 port 35132 [preauth]
Jun 24 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14246]: pam_unix(cron:session): session closed for user root
Jun 24 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15522]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15581]: Successful su for rubyman by root
Jun 24 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15581]: + ??? root:rubyman
Jun 24 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585593 of user rubyman.
Jun 24 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15581]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585593.
Jun 24 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12995]: pam_unix(cron:session): session closed for user root
Jun 24 19:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14650]: pam_unix(cron:session): session closed for user root
Jun 24 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15916]: pam_unix(cron:session): session closed for user root
Jun 24 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15911]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15976]: Successful su for rubyman by root
Jun 24 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15976]: + ??? root:rubyman
Jun 24 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585598 of user rubyman.
Jun 24 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15976]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585598.
Jun 24 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15913]: pam_unix(cron:session): session closed for user root
Jun 24 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13415]: pam_unix(cron:session): session closed for user root
Jun 24 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15912]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 19:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: Failed password for root from 103.122.221.179 port 32816 ssh2
Jun 24 19:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: Connection closed by 103.122.221.179 port 32816 [preauth]
Jun 24 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session closed for user root
Jun 24 19:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Connection closed by 194.59.206.2 port 53952 [preauth]
Jun 24 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16327]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16393]: Successful su for rubyman by root
Jun 24 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16393]: + ??? root:rubyman
Jun 24 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585602 of user rubyman.
Jun 24 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16393]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585602.
Jun 24 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13814]: pam_unix(cron:session): session closed for user root
Jun 24 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16328]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15525]: pam_unix(cron:session): session closed for user root
Jun 24 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16732]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16794]: Successful su for rubyman by root
Jun 24 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16794]: + ??? root:rubyman
Jun 24 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585606 of user rubyman.
Jun 24 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16794]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585606.
Jun 24 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14245]: pam_unix(cron:session): session closed for user root
Jun 24 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15915]: pam_unix(cron:session): session closed for user root
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17221]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17285]: Successful su for rubyman by root
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17285]: + ??? root:rubyman
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585610 of user rubyman.
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17285]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585610.
Jun 24 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14649]: pam_unix(cron:session): session closed for user root
Jun 24 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17222]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16330]: pam_unix(cron:session): session closed for user root
Jun 24 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17783]: Successful su for rubyman by root
Jun 24 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17783]: + ??? root:rubyman
Jun 24 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585614 of user rubyman.
Jun 24 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17783]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585614.
Jun 24 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session closed for user root
Jun 24 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18013]: Invalid user admin from 45.148.10.121
Jun 24 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18013]: input_userauth_request: invalid user admin [preauth]
Jun 24 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18013]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 19:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Failed password for root from 77.94.47.83 port 37838 ssh2
Jun 24 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Connection closed by 77.94.47.83 port 37838 [preauth]
Jun 24 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18013]: Failed password for invalid user admin from 45.148.10.121 port 43280 ssh2
Jun 24 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18013]: Connection closed by 45.148.10.121 port 43280 [preauth]
Jun 24 19:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Invalid user ociistst from 93.77.187.140
Jun 24 19:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: input_userauth_request: invalid user ociistst [preauth]
Jun 24 19:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Failed password for invalid user ociistst from 93.77.187.140 port 56426 ssh2
Jun 24 19:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Received disconnect from 93.77.187.140 port 56426:11: Bye Bye [preauth]
Jun 24 19:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Disconnected from 93.77.187.140 port 56426 [preauth]
Jun 24 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16735]: pam_unix(cron:session): session closed for user root
Jun 24 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18156]: pam_unix(cron:session): session closed for user root
Jun 24 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18147]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18229]: Successful su for rubyman by root
Jun 24 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18229]: + ??? root:rubyman
Jun 24 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585619 of user rubyman.
Jun 24 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18229]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585619.
Jun 24 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18149]: pam_unix(cron:session): session closed for user root
Jun 24 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session closed for user root
Jun 24 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18148]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 19:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18564]: Failed password for root from 103.153.68.219 port 50612 ssh2
Jun 24 19:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18564]: Connection closed by 103.153.68.219 port 50612 [preauth]
Jun 24 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17224]: pam_unix(cron:session): session closed for user root
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18687]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18759]: Successful su for rubyman by root
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18759]: + ??? root:rubyman
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585625 of user rubyman.
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18759]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585625.
Jun 24 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: Invalid user test from 93.77.187.140
Jun 24 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: input_userauth_request: invalid user test [preauth]
Jun 24 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15914]: pam_unix(cron:session): session closed for user root
Jun 24 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: Failed password for invalid user test from 93.77.187.140 port 49390 ssh2
Jun 24 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: Received disconnect from 93.77.187.140 port 49390:11: Bye Bye [preauth]
Jun 24 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: Disconnected from 93.77.187.140 port 49390 [preauth]
Jun 24 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18688]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session closed for user root
Jun 24 19:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: Received disconnect from 206.212.244.18 port 41988:11: disconnected by user [preauth]
Jun 24 19:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: Disconnected from 206.212.244.18 port 41988 [preauth]
Jun 24 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: Successful su for rubyman by root
Jun 24 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: + ??? root:rubyman
Jun 24 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585630 of user rubyman.
Jun 24 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585630.
Jun 24 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16329]: pam_unix(cron:session): session closed for user root
Jun 24 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18154]: pam_unix(cron:session): session closed for user root
Jun 24 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Invalid user transfer from 93.77.187.140
Jun 24 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: input_userauth_request: invalid user transfer [preauth]
Jun 24 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Failed password for invalid user transfer from 93.77.187.140 port 54638 ssh2
Jun 24 19:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Received disconnect from 93.77.187.140 port 54638:11: Bye Bye [preauth]
Jun 24 19:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Disconnected from 93.77.187.140 port 54638 [preauth]
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19823]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19895]: Successful su for rubyman by root
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19895]: + ??? root:rubyman
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585633 of user rubyman.
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19895]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585633.
Jun 24 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session closed for user root
Jun 24 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19824]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18690]: pam_unix(cron:session): session closed for user root
Jun 24 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: Failed password for root from 87.251.79.125 port 33470 ssh2
Jun 24 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: Connection closed by 87.251.79.125 port 33470 [preauth]
Jun 24 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20322]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20448]: Successful su for rubyman by root
Jun 24 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20448]: + ??? root:rubyman
Jun 24 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585636 of user rubyman.
Jun 24 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20448]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585636.
Jun 24 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20320]: pam_unix(cron:session): session closed for user root
Jun 24 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17223]: pam_unix(cron:session): session closed for user root
Jun 24 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20323]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140  user=root
Jun 24 19:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: Failed password for root from 103.82.132.16 port 39490 ssh2
Jun 24 19:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: Connection closed by 103.82.132.16 port 39490 [preauth]
Jun 24 19:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20700]: Failed password for root from 93.77.187.140 port 54042 ssh2
Jun 24 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20700]: Received disconnect from 93.77.187.140 port 54042:11: Bye Bye [preauth]
Jun 24 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20700]: Disconnected from 93.77.187.140 port 54042 [preauth]
Jun 24 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Failed password for root from 62.133.62.83 port 36618 ssh2
Jun 24 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Connection closed by 62.133.62.83 port 36618 [preauth]
Jun 24 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session closed for user root
Jun 24 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20926]: pam_unix(cron:session): session closed for user root
Jun 24 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20921]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20996]: Successful su for rubyman by root
Jun 24 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20996]: + ??? root:rubyman
Jun 24 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585642 of user rubyman.
Jun 24 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20996]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585642.
Jun 24 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20923]: pam_unix(cron:session): session closed for user root
Jun 24 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session closed for user root
Jun 24 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20922]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242  user=root
Jun 24 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Failed password for root from 217.76.154.242 port 55574 ssh2
Jun 24 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Connection closed by 217.76.154.242 port 55574 [preauth]
Jun 24 19:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session closed for user root
Jun 24 19:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140  user=root
Jun 24 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Failed password for root from 93.77.187.140 port 40106 ssh2
Jun 24 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Received disconnect from 93.77.187.140 port 40106:11: Bye Bye [preauth]
Jun 24 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Disconnected from 93.77.187.140 port 40106 [preauth]
Jun 24 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21373]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21441]: Successful su for rubyman by root
Jun 24 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21441]: + ??? root:rubyman
Jun 24 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585649 of user rubyman.
Jun 24 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21441]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585649.
Jun 24 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18153]: pam_unix(cron:session): session closed for user root
Jun 24 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20325]: pam_unix(cron:session): session closed for user root
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21873]: Successful su for rubyman by root
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21873]: + ??? root:rubyman
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585653 of user rubyman.
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21873]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585653.
Jun 24 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18689]: pam_unix(cron:session): session closed for user root
Jun 24 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Invalid user ymoreno from 93.77.187.140
Jun 24 19:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: input_userauth_request: invalid user ymoreno [preauth]
Jun 24 19:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Failed password for invalid user ymoreno from 93.77.187.140 port 44356 ssh2
Jun 24 19:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Received disconnect from 93.77.187.140 port 44356:11: Bye Bye [preauth]
Jun 24 19:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Disconnected from 93.77.187.140 port 44356 [preauth]
Jun 24 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20925]: pam_unix(cron:session): session closed for user root
Jun 24 19:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: Invalid user nasrin from 41.216.178.119
Jun 24 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: input_userauth_request: invalid user nasrin [preauth]
Jun 24 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: Failed password for invalid user nasrin from 41.216.178.119 port 53464 ssh2
Jun 24 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: Received disconnect from 41.216.178.119 port 53464:11: Bye Bye [preauth]
Jun 24 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: Disconnected from 41.216.178.119 port 53464 [preauth]
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22272]: Successful su for rubyman by root
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22272]: + ??? root:rubyman
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585655 of user rubyman.
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22272]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585655.
Jun 24 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19117]: pam_unix(cron:session): session closed for user root
Jun 24 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22213]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21376]: pam_unix(cron:session): session closed for user root
Jun 24 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: Invalid user bruno from 93.77.187.140
Jun 24 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: input_userauth_request: invalid user bruno [preauth]
Jun 24 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: Failed password for invalid user bruno from 93.77.187.140 port 38626 ssh2
Jun 24 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: Received disconnect from 93.77.187.140 port 38626:11: Bye Bye [preauth]
Jun 24 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: Disconnected from 93.77.187.140 port 38626 [preauth]
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22703]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22767]: Successful su for rubyman by root
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22767]: + ??? root:rubyman
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585660 of user rubyman.
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22767]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585660.
Jun 24 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session closed for user root
Jun 24 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22704]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21811]: pam_unix(cron:session): session closed for user root
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23107]: pam_unix(cron:session): session closed for user root
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23101]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23169]: Successful su for rubyman by root
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23169]: + ??? root:rubyman
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23169]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585665 of user rubyman.
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23169]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585665.
Jun 24 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23104]: pam_unix(cron:session): session closed for user root
Jun 24 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session closed for user root
Jun 24 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23102]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140  user=root
Jun 24 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Failed password for root from 93.77.187.140 port 48432 ssh2
Jun 24 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Received disconnect from 93.77.187.140 port 48432:11: Bye Bye [preauth]
Jun 24 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Disconnected from 93.77.187.140 port 48432 [preauth]
Jun 24 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22215]: pam_unix(cron:session): session closed for user root
Jun 24 19:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Failed password for root from 103.77.242.62 port 48356 ssh2
Jun 24 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Connection closed by 103.77.242.62 port 48356 [preauth]
Jun 24 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: Successful su for rubyman by root
Jun 24 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: + ??? root:rubyman
Jun 24 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585671 of user rubyman.
Jun 24 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585671.
Jun 24 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session closed for user root
Jun 24 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session closed for user root
Jun 24 19:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: User mysql from 93.77.187.140 not allowed because not listed in AllowUsers
Jun 24 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: input_userauth_request: invalid user mysql [preauth]
Jun 24 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140  user=mysql
Jun 24 19:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 19:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: Failed password for invalid user mysql from 93.77.187.140 port 45182 ssh2
Jun 24 19:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24057]: Failed password for root from 51.250.105.222 port 43776 ssh2
Jun 24 19:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: Received disconnect from 93.77.187.140 port 45182:11: Bye Bye [preauth]
Jun 24 19:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: Disconnected from 93.77.187.140 port 45182 [preauth]
Jun 24 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24057]: Connection closed by 51.250.105.222 port 43776 [preauth]
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24086]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24148]: Successful su for rubyman by root
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24148]: + ??? root:rubyman
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585673 of user rubyman.
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24148]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585673.
Jun 24 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session closed for user root
Jun 24 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24087]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23106]: pam_unix(cron:session): session closed for user root
Jun 24 19:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: Failed password for root from 147.45.199.80 port 49428 ssh2
Jun 24 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: Connection closed by 147.45.199.80 port 49428 [preauth]
Jun 24 19:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Failed password for root from 41.216.178.119 port 41288 ssh2
Jun 24 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Received disconnect from 41.216.178.119 port 41288:11: Bye Bye [preauth]
Jun 24 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Disconnected from 41.216.178.119 port 41288 [preauth]
Jun 24 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24512]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24573]: Successful su for rubyman by root
Jun 24 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24573]: + ??? root:rubyman
Jun 24 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585680 of user rubyman.
Jun 24 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24573]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585680.
Jun 24 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session closed for user root
Jun 24 19:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24513]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140  user=root
Jun 24 19:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Failed password for root from 93.77.187.140 port 37520 ssh2
Jun 24 19:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Received disconnect from 93.77.187.140 port 37520:11: Bye Bye [preauth]
Jun 24 19:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Disconnected from 93.77.187.140 port 37520 [preauth]
Jun 24 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23562]: pam_unix(cron:session): session closed for user root
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24984]: Successful su for rubyman by root
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24984]: + ??? root:rubyman
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585681 of user rubyman.
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24984]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585681.
Jun 24 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22214]: pam_unix(cron:session): session closed for user root
Jun 24 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24089]: pam_unix(cron:session): session closed for user root
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25343]: pam_unix(cron:session): session closed for user root
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25338]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25408]: Successful su for rubyman by root
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25408]: + ??? root:rubyman
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585688 of user rubyman.
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25408]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585688.
Jun 24 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Invalid user steam from 93.77.187.140
Jun 24 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: input_userauth_request: invalid user steam [preauth]
Jun 24 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25340]: pam_unix(cron:session): session closed for user root
Jun 24 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Failed password for invalid user steam from 93.77.187.140 port 36928 ssh2
Jun 24 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Received disconnect from 93.77.187.140 port 36928:11: Bye Bye [preauth]
Jun 24 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Disconnected from 93.77.187.140 port 36928 [preauth]
Jun 24 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session closed for user root
Jun 24 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25339]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Invalid user qingyu from 41.216.178.119
Jun 24 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: input_userauth_request: invalid user qingyu [preauth]
Jun 24 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 19:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Failed password for invalid user qingyu from 41.216.178.119 port 51840 ssh2
Jun 24 19:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Received disconnect from 41.216.178.119 port 51840:11: Bye Bye [preauth]
Jun 24 19:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Disconnected from 41.216.178.119 port 51840 [preauth]
Jun 24 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session closed for user root
Jun 24 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Invalid user ahmad from 141.98.83.240
Jun 24 19:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: input_userauth_request: invalid user ahmad [preauth]
Jun 24 19:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Failed password for invalid user ahmad from 141.98.83.240 port 14878 ssh2
Jun 24 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Failed password for invalid user ahmad from 141.98.83.240 port 14878 ssh2
Jun 24 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Failed password for invalid user ahmad from 141.98.83.240 port 14878 ssh2
Jun 24 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Connection closed by 141.98.83.240 port 14878 [preauth]
Jun 24 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25834]: Successful su for rubyman by root
Jun 24 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25834]: + ??? root:rubyman
Jun 24 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585691 of user rubyman.
Jun 24 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25834]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585691.
Jun 24 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23105]: pam_unix(cron:session): session closed for user root
Jun 24 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session closed for user root
Jun 24 19:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: Invalid user daniel from 93.77.187.140
Jun 24 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: input_userauth_request: invalid user daniel [preauth]
Jun 24 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: Failed password for invalid user daniel from 93.77.187.140 port 49024 ssh2
Jun 24 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: Received disconnect from 93.77.187.140 port 49024:11: Bye Bye [preauth]
Jun 24 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: Disconnected from 93.77.187.140 port 49024 [preauth]
Jun 24 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26159]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26230]: Successful su for rubyman by root
Jun 24 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26230]: + ??? root:rubyman
Jun 24 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585696 of user rubyman.
Jun 24 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26230]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585696.
Jun 24 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23561]: pam_unix(cron:session): session closed for user root
Jun 24 19:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25342]: pam_unix(cron:session): session closed for user root
Jun 24 19:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Failed password for root from 41.216.178.119 port 42722 ssh2
Jun 24 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Received disconnect from 41.216.178.119 port 42722:11: Bye Bye [preauth]
Jun 24 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Disconnected from 41.216.178.119 port 42722 [preauth]
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26564]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26629]: Successful su for rubyman by root
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26629]: + ??? root:rubyman
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585699 of user rubyman.
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26629]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585699.
Jun 24 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24088]: pam_unix(cron:session): session closed for user root
Jun 24 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26565]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Invalid user vlad from 93.77.187.140
Jun 24 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: input_userauth_request: invalid user vlad [preauth]
Jun 24 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Failed password for invalid user vlad from 93.77.187.140 port 42420 ssh2
Jun 24 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Received disconnect from 93.77.187.140 port 42420:11: Bye Bye [preauth]
Jun 24 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Disconnected from 93.77.187.140 port 42420 [preauth]
Jun 24 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25767]: pam_unix(cron:session): session closed for user root
Jun 24 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27043]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27105]: Successful su for rubyman by root
Jun 24 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27105]: + ??? root:rubyman
Jun 24 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585705 of user rubyman.
Jun 24 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27105]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585705.
Jun 24 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session closed for user root
Jun 24 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27044]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26162]: pam_unix(cron:session): session closed for user root
Jun 24 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: Failed password for root from 193.37.70.224 port 58006 ssh2
Jun 24 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: Connection closed by 193.37.70.224 port 58006 [preauth]
Jun 24 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Invalid user git from 93.77.187.140
Jun 24 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: input_userauth_request: invalid user git [preauth]
Jun 24 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Failed password for invalid user git from 93.77.187.140 port 46402 ssh2
Jun 24 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Received disconnect from 93.77.187.140 port 46402:11: Bye Bye [preauth]
Jun 24 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Disconnected from 93.77.187.140 port 46402 [preauth]
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27469]: pam_unix(cron:session): session closed for user root
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27462]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27540]: Successful su for rubyman by root
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27540]: + ??? root:rubyman
Jun 24 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585709 of user rubyman.
Jun 24 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27540]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585709.
Jun 24 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27464]: pam_unix(cron:session): session closed for user root
Jun 24 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session closed for user root
Jun 24 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27463]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: Invalid user andrew from 41.216.178.119
Jun 24 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: input_userauth_request: invalid user andrew [preauth]
Jun 24 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: Failed password for invalid user andrew from 41.216.178.119 port 40436 ssh2
Jun 24 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: Received disconnect from 41.216.178.119 port 40436:11: Bye Bye [preauth]
Jun 24 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: Disconnected from 41.216.178.119 port 40436 [preauth]
Jun 24 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26567]: pam_unix(cron:session): session closed for user root
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27910]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27989]: Successful su for rubyman by root
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27989]: + ??? root:rubyman
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585713 of user rubyman.
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27989]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585713.
Jun 24 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session closed for user root
Jun 24 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27911]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Invalid user admin from 93.77.187.140
Jun 24 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: input_userauth_request: invalid user admin [preauth]
Jun 24 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Failed password for invalid user admin from 93.77.187.140 port 60598 ssh2
Jun 24 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Received disconnect from 93.77.187.140 port 60598:11: Bye Bye [preauth]
Jun 24 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Disconnected from 93.77.187.140 port 60598 [preauth]
Jun 24 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27046]: pam_unix(cron:session): session closed for user root
Jun 24 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28375]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28436]: Successful su for rubyman by root
Jun 24 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28436]: + ??? root:rubyman
Jun 24 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585719 of user rubyman.
Jun 24 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28436]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585719.
Jun 24 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session closed for user root
Jun 24 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28376]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27467]: pam_unix(cron:session): session closed for user root
Jun 24 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Invalid user kamran from 93.77.187.140
Jun 24 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: input_userauth_request: invalid user kamran [preauth]
Jun 24 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Failed password for invalid user kamran from 93.77.187.140 port 35834 ssh2
Jun 24 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Received disconnect from 93.77.187.140 port 35834:11: Bye Bye [preauth]
Jun 24 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Disconnected from 93.77.187.140 port 35834 [preauth]
Jun 24 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Invalid user ankit from 41.216.178.119
Jun 24 19:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: input_userauth_request: invalid user ankit [preauth]
Jun 24 19:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Failed password for invalid user ankit from 41.216.178.119 port 53348 ssh2
Jun 24 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Received disconnect from 41.216.178.119 port 53348:11: Bye Bye [preauth]
Jun 24 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Disconnected from 41.216.178.119 port 53348 [preauth]
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: Failed password for root from 103.176.20.57 port 33736 ssh2
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: Connection closed by 103.176.20.57 port 33736 [preauth]
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28871]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28945]: Successful su for rubyman by root
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28945]: + ??? root:rubyman
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585721 of user rubyman.
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28945]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585721.
Jun 24 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26161]: pam_unix(cron:session): session closed for user root
Jun 24 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28875]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27913]: pam_unix(cron:session): session closed for user root
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29309]: pam_unix(cron:session): session closed for user p13x
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29374]: Successful su for rubyman by root
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29374]: + ??? root:rubyman
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585725 of user rubyman.
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29374]: pam_unix(su:session): session closed for user rubyman
Jun 24 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585725.
Jun 24 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26566]: pam_unix(cron:session): session closed for user root
Jun 24 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session closed for user samftp
Jun 24 19:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: Invalid user ict from 93.77.187.140
Jun 24 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: input_userauth_request: invalid user ict [preauth]
Jun 24 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: Failed password for invalid user ict from 93.77.187.140 port 45058 ssh2
Jun 24 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: Received disconnect from 93.77.187.140 port 45058:11: Bye Bye [preauth]
Jun 24 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: Disconnected from 93.77.187.140 port 45058 [preauth]
Jun 24 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28378]: pam_unix(cron:session): session closed for user root
Jun 24 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29847]: pam_unix(cron:session): session closed for user root
Jun 24 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session closed for user root
Jun 24 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29841]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29935]: Successful su for rubyman by root
Jun 24 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29935]: + ??? root:rubyman
Jun 24 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585729 of user rubyman.
Jun 24 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29935]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585729.
Jun 24 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29844]: pam_unix(cron:session): session closed for user root
Jun 24 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27045]: pam_unix(cron:session): session closed for user root
Jun 24 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29842]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Invalid user ftp_user from 41.216.178.119
Jun 24 20:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: input_userauth_request: invalid user ftp_user [preauth]
Jun 24 20:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Failed password for invalid user ftp_user from 41.216.178.119 port 34538 ssh2
Jun 24 20:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Received disconnect from 41.216.178.119 port 34538:11: Bye Bye [preauth]
Jun 24 20:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Disconnected from 41.216.178.119 port 34538 [preauth]
Jun 24 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28877]: pam_unix(cron:session): session closed for user root
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30358]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30421]: Successful su for rubyman by root
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30421]: + ??? root:rubyman
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585736 of user rubyman.
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30421]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585736.
Jun 24 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30555]: Invalid user bilal from 93.77.187.140
Jun 24 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30555]: input_userauth_request: invalid user bilal [preauth]
Jun 24 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30555]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27465]: pam_unix(cron:session): session closed for user root
Jun 24 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30359]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30555]: Failed password for invalid user bilal from 93.77.187.140 port 46840 ssh2
Jun 24 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30555]: Received disconnect from 93.77.187.140 port 46840:11: Bye Bye [preauth]
Jun 24 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30555]: Disconnected from 93.77.187.140 port 46840 [preauth]
Jun 24 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29312]: pam_unix(cron:session): session closed for user root
Jun 24 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 20:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30698]: Failed password for root from 194.113.233.25 port 46022 ssh2
Jun 24 20:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30698]: Connection closed by 194.113.233.25 port 46022 [preauth]
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30776]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30844]: Successful su for rubyman by root
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30844]: + ??? root:rubyman
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585741 of user rubyman.
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30844]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585741.
Jun 24 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27912]: pam_unix(cron:session): session closed for user root
Jun 24 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30777]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: Failed password for root from 109.237.96.109 port 58756 ssh2
Jun 24 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31191]: Connection closed by 109.237.96.109 port 58756 [preauth]
Jun 24 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session closed for user root
Jun 24 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Invalid user jhcho from 93.77.187.140
Jun 24 20:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: input_userauth_request: invalid user jhcho [preauth]
Jun 24 20:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Failed password for invalid user jhcho from 93.77.187.140 port 58586 ssh2
Jun 24 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Received disconnect from 93.77.187.140 port 58586:11: Bye Bye [preauth]
Jun 24 20:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Disconnected from 93.77.187.140 port 58586 [preauth]
Jun 24 20:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: Invalid user compta from 41.216.178.119
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: input_userauth_request: invalid user compta [preauth]
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31284]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31346]: Successful su for rubyman by root
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31346]: + ??? root:rubyman
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585744 of user rubyman.
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31346]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585744.
Jun 24 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: Failed password for invalid user compta from 41.216.178.119 port 55542 ssh2
Jun 24 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: Received disconnect from 41.216.178.119 port 55542:11: Bye Bye [preauth]
Jun 24 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: Disconnected from 41.216.178.119 port 55542 [preauth]
Jun 24 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28377]: pam_unix(cron:session): session closed for user root
Jun 24 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31285]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30361]: pam_unix(cron:session): session closed for user root
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31786]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: Successful su for rubyman by root
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: + ??? root:rubyman
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585749 of user rubyman.
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585749.
Jun 24 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28876]: pam_unix(cron:session): session closed for user root
Jun 24 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31787]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Invalid user stefano from 93.77.187.140
Jun 24 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: input_userauth_request: invalid user stefano [preauth]
Jun 24 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Failed password for invalid user stefano from 93.77.187.140 port 55304 ssh2
Jun 24 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Received disconnect from 93.77.187.140 port 55304:11: Bye Bye [preauth]
Jun 24 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Disconnected from 93.77.187.140 port 55304 [preauth]
Jun 24 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30779]: pam_unix(cron:session): session closed for user root
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32213]: pam_unix(cron:session): session closed for user root
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32208]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32272]: Successful su for rubyman by root
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32272]: + ??? root:rubyman
Jun 24 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585756 of user rubyman.
Jun 24 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32272]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585756.
Jun 24 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32210]: pam_unix(cron:session): session closed for user root
Jun 24 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29311]: pam_unix(cron:session): session closed for user root
Jun 24 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32209]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Invalid user admin from 45.148.10.121
Jun 24 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: input_userauth_request: invalid user admin [preauth]
Jun 24 20:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 24 20:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31288]: pam_unix(cron:session): session closed for user root
Jun 24 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Failed password for invalid user admin from 45.148.10.121 port 38930 ssh2
Jun 24 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Connection closed by 45.148.10.121 port 38930 [preauth]
Jun 24 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Failed password for root from 202.178.126.219 port 25195 ssh2
Jun 24 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Connection closed by 202.178.126.219 port 25195 [preauth]
Jun 24 20:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Failed password for root from 41.216.178.119 port 51376 ssh2
Jun 24 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Received disconnect from 41.216.178.119 port 51376:11: Bye Bye [preauth]
Jun 24 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Disconnected from 41.216.178.119 port 51376 [preauth]
Jun 24 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140  user=root
Jun 24 20:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32616]: Failed password for root from 93.77.187.140 port 58806 ssh2
Jun 24 20:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32616]: Received disconnect from 93.77.187.140 port 58806:11: Bye Bye [preauth]
Jun 24 20:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32616]: Disconnected from 93.77.187.140 port 58806 [preauth]
Jun 24 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32645]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32720]: Successful su for rubyman by root
Jun 24 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32720]: + ??? root:rubyman
Jun 24 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585759 of user rubyman.
Jun 24 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32720]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585759.
Jun 24 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session closed for user root
Jun 24 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32646]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session closed for user root
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[739]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[810]: Successful su for rubyman by root
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[810]: + ??? root:rubyman
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585762 of user rubyman.
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[810]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585762.
Jun 24 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30360]: pam_unix(cron:session): session closed for user root
Jun 24 20:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[740]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Invalid user xxx from 93.77.187.140
Jun 24 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: input_userauth_request: invalid user xxx [preauth]
Jun 24 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 20:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Failed password for invalid user xxx from 93.77.187.140 port 47174 ssh2
Jun 24 20:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Received disconnect from 93.77.187.140 port 47174:11: Bye Bye [preauth]
Jun 24 20:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Disconnected from 93.77.187.140 port 47174 [preauth]
Jun 24 20:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32212]: pam_unix(cron:session): session closed for user root
Jun 24 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1197]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1267]: Successful su for rubyman by root
Jun 24 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1267]: + ??? root:rubyman
Jun 24 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585767 of user rubyman.
Jun 24 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1267]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585767.
Jun 24 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30778]: pam_unix(cron:session): session closed for user root
Jun 24 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 20:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Failed password for root from 41.216.178.119 port 51642 ssh2
Jun 24 20:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Received disconnect from 41.216.178.119 port 51642:11: Bye Bye [preauth]
Jun 24 20:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Disconnected from 41.216.178.119 port 51642 [preauth]
Jun 24 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32651]: pam_unix(cron:session): session closed for user root
Jun 24 20:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: Invalid user test from 93.77.187.140
Jun 24 20:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: input_userauth_request: invalid user test [preauth]
Jun 24 20:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 20:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: Failed password for invalid user test from 93.77.187.140 port 35748 ssh2
Jun 24 20:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: Received disconnect from 93.77.187.140 port 35748:11: Bye Bye [preauth]
Jun 24 20:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: Disconnected from 93.77.187.140 port 35748 [preauth]
Jun 24 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1761]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1870]: Successful su for rubyman by root
Jun 24 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1870]: + ??? root:rubyman
Jun 24 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585770 of user rubyman.
Jun 24 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1870]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585770.
Jun 24 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1759]: pam_unix(cron:session): session closed for user root
Jun 24 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31287]: pam_unix(cron:session): session closed for user root
Jun 24 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1762]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[743]: pam_unix(cron:session): session closed for user root
Jun 24 20:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 20:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for root from 103.27.238.120 port 43360 ssh2
Jun 24 20:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Connection closed by 103.27.238.120 port 43360 [preauth]
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2337]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session closed for user root
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2333]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2398]: Successful su for rubyman by root
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2398]: + ??? root:rubyman
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585776 of user rubyman.
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2398]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585776.
Jun 24 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2335]: pam_unix(cron:session): session closed for user root
Jun 24 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session closed for user root
Jun 24 20:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2334]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 20:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: Invalid user samba from 93.77.187.140
Jun 24 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: input_userauth_request: invalid user samba [preauth]
Jun 24 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 20:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2665]: Failed password for root from 103.172.78.219 port 45510 ssh2
Jun 24 20:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2665]: Connection closed by 103.172.78.219 port 45510 [preauth]
Jun 24 20:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: Failed password for invalid user samba from 93.77.187.140 port 60204 ssh2
Jun 24 20:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: Received disconnect from 93.77.187.140 port 60204:11: Bye Bye [preauth]
Jun 24 20:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: Disconnected from 93.77.187.140 port 60204 [preauth]
Jun 24 20:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session closed for user root
Jun 24 20:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Invalid user mailuser from 41.216.178.119
Jun 24 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: input_userauth_request: invalid user mailuser [preauth]
Jun 24 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Failed password for invalid user mailuser from 41.216.178.119 port 58070 ssh2
Jun 24 20:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Received disconnect from 41.216.178.119 port 58070:11: Bye Bye [preauth]
Jun 24 20:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Disconnected from 41.216.178.119 port 58070 [preauth]
Jun 24 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2796]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2865]: Successful su for rubyman by root
Jun 24 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2865]: + ??? root:rubyman
Jun 24 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585781 of user rubyman.
Jun 24 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2865]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585781.
Jun 24 20:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32211]: pam_unix(cron:session): session closed for user root
Jun 24 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 20:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: Failed password for root from 38.93.206.2 port 42344 ssh2
Jun 24 20:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: Connection closed by 38.93.206.2 port 42344 [preauth]
Jun 24 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1764]: pam_unix(cron:session): session closed for user root
Jun 24 20:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140  user=root
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: Successful su for rubyman by root
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: + ??? root:rubyman
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585786 of user rubyman.
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585786.
Jun 24 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Failed password for root from 93.77.187.140 port 52476 ssh2
Jun 24 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Received disconnect from 93.77.187.140 port 52476:11: Bye Bye [preauth]
Jun 24 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Disconnected from 93.77.187.140 port 52476 [preauth]
Jun 24 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32647]: pam_unix(cron:session): session closed for user root
Jun 24 20:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3193]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Invalid user ryland from 2.57.121.112
Jun 24 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: input_userauth_request: invalid user ryland [preauth]
Jun 24 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2337]: pam_unix(cron:session): session closed for user root
Jun 24 20:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Failed password for invalid user ryland from 2.57.121.112 port 44388 ssh2
Jun 24 20:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Failed password for invalid user ryland from 2.57.121.112 port 44388 ssh2
Jun 24 20:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Failed password for invalid user ryland from 2.57.121.112 port 44388 ssh2
Jun 24 20:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Failed password for invalid user ryland from 2.57.121.112 port 44388 ssh2
Jun 24 20:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Failed password for invalid user ryland from 2.57.121.112 port 44388 ssh2
Jun 24 20:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Connection closed by 2.57.121.112 port 44388 [preauth]
Jun 24 20:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 20:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 24 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3594]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3653]: Successful su for rubyman by root
Jun 24 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3653]: + ??? root:rubyman
Jun 24 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585790 of user rubyman.
Jun 24 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3653]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585790.
Jun 24 20:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[741]: pam_unix(cron:session): session closed for user root
Jun 24 20:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3595]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: Invalid user adam from 41.216.178.119
Jun 24 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: input_userauth_request: invalid user adam [preauth]
Jun 24 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: Failed password for invalid user adam from 41.216.178.119 port 59196 ssh2
Jun 24 20:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: Received disconnect from 41.216.178.119 port 59196:11: Bye Bye [preauth]
Jun 24 20:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: Disconnected from 41.216.178.119 port 59196 [preauth]
Jun 24 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session closed for user root
Jun 24 20:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140  user=root
Jun 24 20:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: Failed password for root from 93.77.187.140 port 40548 ssh2
Jun 24 20:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: Received disconnect from 93.77.187.140 port 40548:11: Bye Bye [preauth]
Jun 24 20:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: Disconnected from 93.77.187.140 port 40548 [preauth]
Jun 24 20:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Invalid user admin from 2.57.121.25
Jun 24 20:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: input_userauth_request: invalid user admin [preauth]
Jun 24 20:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 20:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Failed password for invalid user admin from 2.57.121.25 port 46442 ssh2
Jun 24 20:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Failed password for invalid user admin from 2.57.121.25 port 46442 ssh2
Jun 24 20:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Failed password for invalid user admin from 2.57.121.25 port 46442 ssh2
Jun 24 20:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Connection closed by 2.57.121.25 port 46442 [preauth]
Jun 24 20:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4214]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4283]: Successful su for rubyman by root
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4283]: + ??? root:rubyman
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585794 of user rubyman.
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4283]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585794.
Jun 24 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1199]: pam_unix(cron:session): session closed for user root
Jun 24 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4216]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 20:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Failed password for root from 103.149.28.157 port 49666 ssh2
Jun 24 20:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Connection closed by 103.149.28.157 port 49666 [preauth]
Jun 24 20:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session closed for user root
Jun 24 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4630]: pam_unix(cron:session): session closed for user root
Jun 24 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4625]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: Successful su for rubyman by root
Jun 24 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: + ??? root:rubyman
Jun 24 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585799 of user rubyman.
Jun 24 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585799.
Jun 24 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4627]: pam_unix(cron:session): session closed for user root
Jun 24 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1763]: pam_unix(cron:session): session closed for user root
Jun 24 20:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4626]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140  user=root
Jun 24 20:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: Failed password for root from 93.77.187.140 port 57392 ssh2
Jun 24 20:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: Received disconnect from 93.77.187.140 port 57392:11: Bye Bye [preauth]
Jun 24 20:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5021]: Disconnected from 93.77.187.140 port 57392 [preauth]
Jun 24 20:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Invalid user sbl from 179.57.170.71
Jun 24 20:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: input_userauth_request: invalid user sbl [preauth]
Jun 24 20:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Failed password for invalid user sbl from 179.57.170.71 port 56712 ssh2
Jun 24 20:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Received disconnect from 179.57.170.71 port 56712:11: Bye Bye [preauth]
Jun 24 20:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Disconnected from 179.57.170.71 port 56712 [preauth]
Jun 24 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3597]: pam_unix(cron:session): session closed for user root
Jun 24 20:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 20:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Failed password for root from 41.216.178.119 port 54632 ssh2
Jun 24 20:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Received disconnect from 41.216.178.119 port 54632:11: Bye Bye [preauth]
Jun 24 20:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Disconnected from 41.216.178.119 port 54632 [preauth]
Jun 24 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5173]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5239]: Successful su for rubyman by root
Jun 24 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5239]: + ??? root:rubyman
Jun 24 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585804 of user rubyman.
Jun 24 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5239]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585804.
Jun 24 20:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2336]: pam_unix(cron:session): session closed for user root
Jun 24 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session closed for user root
Jun 24 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: Invalid user webhost from 93.77.187.140
Jun 24 20:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: input_userauth_request: invalid user webhost [preauth]
Jun 24 20:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: Failed password for invalid user webhost from 93.77.187.140 port 43056 ssh2
Jun 24 20:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: Received disconnect from 93.77.187.140 port 43056:11: Bye Bye [preauth]
Jun 24 20:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5535]: Disconnected from 93.77.187.140 port 43056 [preauth]
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5586]: pam_unix(cron:session): session closed for user root
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5588]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: Successful su for rubyman by root
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: + ??? root:rubyman
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585809 of user rubyman.
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585809.
Jun 24 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2798]: pam_unix(cron:session): session closed for user root
Jun 24 20:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5589]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4629]: pam_unix(cron:session): session closed for user root
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: Successful su for rubyman by root
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: + ??? root:rubyman
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585812 of user rubyman.
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585812.
Jun 24 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session closed for user root
Jun 24 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5981]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: Invalid user sdc from 93.77.187.140
Jun 24 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: input_userauth_request: invalid user sdc [preauth]
Jun 24 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.77.187.140
Jun 24 20:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: Failed password for invalid user sdc from 93.77.187.140 port 54594 ssh2
Jun 24 20:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: Received disconnect from 93.77.187.140 port 54594:11: Bye Bye [preauth]
Jun 24 20:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6253]: Disconnected from 93.77.187.140 port 54594 [preauth]
Jun 24 20:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 20:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: Failed password for root from 41.216.178.119 port 38750 ssh2
Jun 24 20:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: Received disconnect from 41.216.178.119 port 38750:11: Bye Bye [preauth]
Jun 24 20:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: Disconnected from 41.216.178.119 port 38750 [preauth]
Jun 24 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5176]: pam_unix(cron:session): session closed for user root
Jun 24 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6374]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6434]: Successful su for rubyman by root
Jun 24 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6434]: + ??? root:rubyman
Jun 24 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585816 of user rubyman.
Jun 24 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6434]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585816.
Jun 24 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3596]: pam_unix(cron:session): session closed for user root
Jun 24 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6375]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 24 20:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6608]: Failed password for root from 193.46.255.86 port 33954 ssh2
Jun 24 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6608]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 33954 ssh2]
Jun 24 20:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6608]: Connection closed by 193.46.255.86 port 33954 [preauth]
Jun 24 20:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6608]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 24 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5591]: pam_unix(cron:session): session closed for user root
Jun 24 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6782]: pam_unix(cron:session): session closed for user root
Jun 24 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6772]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6854]: Successful su for rubyman by root
Jun 24 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6854]: + ??? root:rubyman
Jun 24 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585823 of user rubyman.
Jun 24 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6854]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585823.
Jun 24 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6775]: pam_unix(cron:session): session closed for user root
Jun 24 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4217]: pam_unix(cron:session): session closed for user root
Jun 24 20:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6773]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5983]: pam_unix(cron:session): session closed for user root
Jun 24 20:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 20:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Invalid user amir from 141.98.83.240
Jun 24 20:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: input_userauth_request: invalid user amir [preauth]
Jun 24 20:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 20:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: Failed password for root from 80.66.85.226 port 50498 ssh2
Jun 24 20:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: Connection closed by 80.66.85.226 port 50498 [preauth]
Jun 24 20:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 20:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Failed password for invalid user amir from 141.98.83.240 port 8360 ssh2
Jun 24 20:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Failed password for root from 176.32.39.21 port 37130 ssh2
Jun 24 20:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Failed password for invalid user amir from 141.98.83.240 port 8360 ssh2
Jun 24 20:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Connection closed by 176.32.39.21 port 37130 [preauth]
Jun 24 20:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Failed password for invalid user amir from 141.98.83.240 port 8360 ssh2
Jun 24 20:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Connection closed by 141.98.83.240 port 8360 [preauth]
Jun 24 20:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 20:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: Invalid user ubuntu from 41.216.178.119
Jun 24 20:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 20:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: Failed password for invalid user ubuntu from 41.216.178.119 port 48382 ssh2
Jun 24 20:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: Received disconnect from 41.216.178.119 port 48382:11: Bye Bye [preauth]
Jun 24 20:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: Disconnected from 41.216.178.119 port 48382 [preauth]
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7390]: Successful su for rubyman by root
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7390]: + ??? root:rubyman
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585826 of user rubyman.
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7390]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585826.
Jun 24 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4628]: pam_unix(cron:session): session closed for user root
Jun 24 20:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7319]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6377]: pam_unix(cron:session): session closed for user root
Jun 24 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7818]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7875]: Successful su for rubyman by root
Jun 24 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7875]: + ??? root:rubyman
Jun 24 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585831 of user rubyman.
Jun 24 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7875]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585831.
Jun 24 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5175]: pam_unix(cron:session): session closed for user root
Jun 24 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7819]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6779]: pam_unix(cron:session): session closed for user root
Jun 24 20:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Invalid user moda from 179.57.170.71
Jun 24 20:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: input_userauth_request: invalid user moda [preauth]
Jun 24 20:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Failed password for invalid user moda from 179.57.170.71 port 15336 ssh2
Jun 24 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Received disconnect from 179.57.170.71 port 15336:11: Bye Bye [preauth]
Jun 24 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Disconnected from 179.57.170.71 port 15336 [preauth]
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8202]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8262]: Successful su for rubyman by root
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8262]: + ??? root:rubyman
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585835 of user rubyman.
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8262]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585835.
Jun 24 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5590]: pam_unix(cron:session): session closed for user root
Jun 24 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8203]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session closed for user root
Jun 24 20:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: Failed password for root from 41.216.178.119 port 40986 ssh2
Jun 24 20:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: Received disconnect from 41.216.178.119 port 40986:11: Bye Bye [preauth]
Jun 24 20:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: Disconnected from 41.216.178.119 port 40986 [preauth]
Jun 24 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8605]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8665]: Successful su for rubyman by root
Jun 24 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8665]: + ??? root:rubyman
Jun 24 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585838 of user rubyman.
Jun 24 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8665]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585838.
Jun 24 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5982]: pam_unix(cron:session): session closed for user root
Jun 24 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8606]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7821]: pam_unix(cron:session): session closed for user root
Jun 24 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9003]: pam_unix(cron:session): session closed for user root
Jun 24 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8997]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9067]: Successful su for rubyman by root
Jun 24 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9067]: + ??? root:rubyman
Jun 24 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585847 of user rubyman.
Jun 24 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9067]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585847.
Jun 24 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: Invalid user jjxy from 179.57.170.71
Jun 24 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: input_userauth_request: invalid user jjxy [preauth]
Jun 24 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8999]: pam_unix(cron:session): session closed for user root
Jun 24 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6376]: pam_unix(cron:session): session closed for user root
Jun 24 20:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: Failed password for invalid user jjxy from 179.57.170.71 port 41954 ssh2
Jun 24 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: Received disconnect from 179.57.170.71 port 41954:11: Bye Bye [preauth]
Jun 24 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: Disconnected from 179.57.170.71 port 41954 [preauth]
Jun 24 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8998]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8205]: pam_unix(cron:session): session closed for user root
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9418]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: Successful su for rubyman by root
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: + ??? root:rubyman
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585849 of user rubyman.
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585849.
Jun 24 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6776]: pam_unix(cron:session): session closed for user root
Jun 24 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9419]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 20:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: Failed password for root from 41.216.178.119 port 57510 ssh2
Jun 24 20:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: Received disconnect from 41.216.178.119 port 57510:11: Bye Bye [preauth]
Jun 24 20:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: Disconnected from 41.216.178.119 port 57510 [preauth]
Jun 24 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session closed for user root
Jun 24 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9912]: Successful su for rubyman by root
Jun 24 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9912]: + ??? root:rubyman
Jun 24 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585853 of user rubyman.
Jun 24 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9912]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585853.
Jun 24 20:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session closed for user root
Jun 24 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9825]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Invalid user voicemail from 179.57.170.71
Jun 24 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: input_userauth_request: invalid user voicemail [preauth]
Jun 24 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Failed password for invalid user voicemail from 179.57.170.71 port 24140 ssh2
Jun 24 20:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Received disconnect from 179.57.170.71 port 24140:11: Bye Bye [preauth]
Jun 24 20:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Disconnected from 179.57.170.71 port 24140 [preauth]
Jun 24 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9002]: pam_unix(cron:session): session closed for user root
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10489]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10551]: Successful su for rubyman by root
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10551]: + ??? root:rubyman
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585856 of user rubyman.
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10551]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585856.
Jun 24 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7820]: pam_unix(cron:session): session closed for user root
Jun 24 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session closed for user root
Jun 24 20:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Invalid user email from 41.216.178.119
Jun 24 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: input_userauth_request: invalid user email [preauth]
Jun 24 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Failed password for invalid user email from 41.216.178.119 port 53536 ssh2
Jun 24 20:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Received disconnect from 41.216.178.119 port 53536:11: Bye Bye [preauth]
Jun 24 20:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Disconnected from 41.216.178.119 port 53536 [preauth]
Jun 24 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: Invalid user switch from 179.57.170.71
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: input_userauth_request: invalid user switch [preauth]
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10975]: Successful su for rubyman by root
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10975]: + ??? root:rubyman
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585860 of user rubyman.
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10975]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585860.
Jun 24 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: Failed password for invalid user switch from 179.57.170.71 port 53874 ssh2
Jun 24 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: Received disconnect from 179.57.170.71 port 53874:11: Bye Bye [preauth]
Jun 24 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: Disconnected from 179.57.170.71 port 53874 [preauth]
Jun 24 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8204]: pam_unix(cron:session): session closed for user root
Jun 24 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9827]: pam_unix(cron:session): session closed for user root
Jun 24 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session closed for user root
Jun 24 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11329]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11400]: Successful su for rubyman by root
Jun 24 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11400]: + ??? root:rubyman
Jun 24 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585867 of user rubyman.
Jun 24 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11400]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585867.
Jun 24 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11331]: pam_unix(cron:session): session closed for user root
Jun 24 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8607]: pam_unix(cron:session): session closed for user root
Jun 24 20:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11330]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10493]: pam_unix(cron:session): session closed for user root
Jun 24 20:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11709]: Connection closed by 194.59.206.2 port 30190 [preauth]
Jun 24 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11775]: Invalid user backoffice from 179.57.170.71
Jun 24 20:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11775]: input_userauth_request: invalid user backoffice [preauth]
Jun 24 20:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11775]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11775]: Failed password for invalid user backoffice from 179.57.170.71 port 26616 ssh2
Jun 24 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11775]: Received disconnect from 179.57.170.71 port 26616:11: Bye Bye [preauth]
Jun 24 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11775]: Disconnected from 179.57.170.71 port 26616 [preauth]
Jun 24 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11787]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: Successful su for rubyman by root
Jun 24 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: + ??? root:rubyman
Jun 24 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585870 of user rubyman.
Jun 24 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11877]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585870.
Jun 24 20:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9000]: pam_unix(cron:session): session closed for user root
Jun 24 20:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11788]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Invalid user roke from 41.216.178.119
Jun 24 20:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: input_userauth_request: invalid user roke [preauth]
Jun 24 20:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Failed password for invalid user roke from 41.216.178.119 port 41824 ssh2
Jun 24 20:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Received disconnect from 41.216.178.119 port 41824:11: Bye Bye [preauth]
Jun 24 20:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Disconnected from 41.216.178.119 port 41824 [preauth]
Jun 24 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10913]: pam_unix(cron:session): session closed for user root
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: Successful su for rubyman by root
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: + ??? root:rubyman
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585874 of user rubyman.
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585874.
Jun 24 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session closed for user root
Jun 24 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11333]: pam_unix(cron:session): session closed for user root
Jun 24 20:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: Invalid user desk from 179.57.170.71
Jun 24 20:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: input_userauth_request: invalid user desk [preauth]
Jun 24 20:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: Failed password for invalid user desk from 179.57.170.71 port 59684 ssh2
Jun 24 20:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: Received disconnect from 179.57.170.71 port 59684:11: Bye Bye [preauth]
Jun 24 20:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: Disconnected from 179.57.170.71 port 59684 [preauth]
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12760]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12832]: Successful su for rubyman by root
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12832]: + ??? root:rubyman
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585880 of user rubyman.
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12832]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585880.
Jun 24 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9826]: pam_unix(cron:session): session closed for user root
Jun 24 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12761]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session closed for user root
Jun 24 20:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Invalid user tony from 41.216.178.119
Jun 24 20:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: input_userauth_request: invalid user tony [preauth]
Jun 24 20:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Failed password for invalid user tony from 41.216.178.119 port 42208 ssh2
Jun 24 20:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Received disconnect from 41.216.178.119 port 42208:11: Bye Bye [preauth]
Jun 24 20:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Disconnected from 41.216.178.119 port 42208 [preauth]
Jun 24 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13188]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13250]: Successful su for rubyman by root
Jun 24 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13250]: + ??? root:rubyman
Jun 24 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585883 of user rubyman.
Jun 24 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13250]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585883.
Jun 24 20:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10492]: pam_unix(cron:session): session closed for user root
Jun 24 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13189]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session closed for user root
Jun 24 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Invalid user cam4 from 179.57.170.71
Jun 24 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: input_userauth_request: invalid user cam4 [preauth]
Jun 24 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Failed password for invalid user cam4 from 179.57.170.71 port 52908 ssh2
Jun 24 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Received disconnect from 179.57.170.71 port 52908:11: Bye Bye [preauth]
Jun 24 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Disconnected from 179.57.170.71 port 52908 [preauth]
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session closed for user root
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13586]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: Successful su for rubyman by root
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: + ??? root:rubyman
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585891 of user rubyman.
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585891.
Jun 24 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session closed for user root
Jun 24 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10912]: pam_unix(cron:session): session closed for user root
Jun 24 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12763]: pam_unix(cron:session): session closed for user root
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14088]: Successful su for rubyman by root
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14088]: + ??? root:rubyman
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585892 of user rubyman.
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14088]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585892.
Jun 24 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session closed for user root
Jun 24 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14025]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Invalid user ubuntu from 41.216.178.119
Jun 24 20:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 20:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Failed password for invalid user ubuntu from 41.216.178.119 port 54438 ssh2
Jun 24 20:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Received disconnect from 41.216.178.119 port 54438:11: Bye Bye [preauth]
Jun 24 20:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Disconnected from 41.216.178.119 port 54438 [preauth]
Jun 24 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session closed for user root
Jun 24 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Invalid user optimum from 179.57.170.71
Jun 24 20:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: input_userauth_request: invalid user optimum [preauth]
Jun 24 20:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for invalid user optimum from 179.57.170.71 port 37358 ssh2
Jun 24 20:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Received disconnect from 179.57.170.71 port 37358:11: Bye Bye [preauth]
Jun 24 20:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Disconnected from 179.57.170.71 port 37358 [preauth]
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14419]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14483]: Successful su for rubyman by root
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14483]: + ??? root:rubyman
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585897 of user rubyman.
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14483]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585897.
Jun 24 20:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11789]: pam_unix(cron:session): session closed for user root
Jun 24 20:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14420]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 24 20:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Failed password for root from 46.19.67.181 port 54950 ssh2
Jun 24 20:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Connection closed by 46.19.67.181 port 54950 [preauth]
Jun 24 20:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session closed for user root
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14904]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14970]: Successful su for rubyman by root
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14970]: + ??? root:rubyman
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585901 of user rubyman.
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14970]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585901.
Jun 24 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session closed for user root
Jun 24 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Failed password for root from 103.27.238.114 port 36048 ssh2
Jun 24 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Connection closed by 103.27.238.114 port 36048 [preauth]
Jun 24 20:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14905]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14027]: pam_unix(cron:session): session closed for user root
Jun 24 20:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: Invalid user nfl from 179.57.170.71
Jun 24 20:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: input_userauth_request: invalid user nfl [preauth]
Jun 24 20:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: Failed password for invalid user nfl from 179.57.170.71 port 60344 ssh2
Jun 24 20:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: Received disconnect from 179.57.170.71 port 60344:11: Bye Bye [preauth]
Jun 24 20:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: Disconnected from 179.57.170.71 port 60344 [preauth]
Jun 24 20:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15313]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15422]: Successful su for rubyman by root
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15422]: + ??? root:rubyman
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585904 of user rubyman.
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15422]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585904.
Jun 24 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15311]: pam_unix(cron:session): session closed for user root
Jun 24 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: Failed password for root from 41.216.178.119 port 55260 ssh2
Jun 24 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: Received disconnect from 41.216.178.119 port 55260:11: Bye Bye [preauth]
Jun 24 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: Disconnected from 41.216.178.119 port 55260 [preauth]
Jun 24 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12762]: pam_unix(cron:session): session closed for user root
Jun 24 20:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15314]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14422]: pam_unix(cron:session): session closed for user root
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15797]: pam_unix(cron:session): session closed for user root
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15792]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15859]: Successful su for rubyman by root
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15859]: + ??? root:rubyman
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585911 of user rubyman.
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15859]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585911.
Jun 24 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15794]: pam_unix(cron:session): session closed for user root
Jun 24 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13190]: pam_unix(cron:session): session closed for user root
Jun 24 20:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15793]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14907]: pam_unix(cron:session): session closed for user root
Jun 24 20:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 20:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: Failed password for root from 103.15.222.183 port 53634 ssh2
Jun 24 20:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: Connection closed by 103.15.222.183 port 53634 [preauth]
Jun 24 20:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: Invalid user wallpapers from 179.57.170.71
Jun 24 20:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: input_userauth_request: invalid user wallpapers [preauth]
Jun 24 20:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: Failed password for invalid user wallpapers from 179.57.170.71 port 7780 ssh2
Jun 24 20:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: Received disconnect from 179.57.170.71 port 7780:11: Bye Bye [preauth]
Jun 24 20:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: Disconnected from 179.57.170.71 port 7780 [preauth]
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16275]: Successful su for rubyman by root
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16275]: + ??? root:rubyman
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585917 of user rubyman.
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16275]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585917.
Jun 24 20:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13589]: pam_unix(cron:session): session closed for user root
Jun 24 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session closed for user root
Jun 24 20:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 20:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16547]: Failed password for root from 41.216.178.119 port 48806 ssh2
Jun 24 20:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16547]: Received disconnect from 41.216.178.119 port 48806:11: Bye Bye [preauth]
Jun 24 20:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16547]: Disconnected from 41.216.178.119 port 48806 [preauth]
Jun 24 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16604]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: Successful su for rubyman by root
Jun 24 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: + ??? root:rubyman
Jun 24 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585920 of user rubyman.
Jun 24 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585920.
Jun 24 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session closed for user root
Jun 24 20:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16605]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15796]: pam_unix(cron:session): session closed for user root
Jun 24 20:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: Invalid user titus from 179.57.170.71
Jun 24 20:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: input_userauth_request: invalid user titus [preauth]
Jun 24 20:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: Failed password for invalid user titus from 179.57.170.71 port 42048 ssh2
Jun 24 20:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: Received disconnect from 179.57.170.71 port 42048:11: Bye Bye [preauth]
Jun 24 20:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: Disconnected from 179.57.170.71 port 42048 [preauth]
Jun 24 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17109]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: Successful su for rubyman by root
Jun 24 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: + ??? root:rubyman
Jun 24 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585923 of user rubyman.
Jun 24 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585923.
Jun 24 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14421]: pam_unix(cron:session): session closed for user root
Jun 24 20:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17110]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Connection closed by 216.226.76.20 port 34308 [preauth]
Jun 24 20:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16213]: pam_unix(cron:session): session closed for user root
Jun 24 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17515]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: Successful su for rubyman by root
Jun 24 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: + ??? root:rubyman
Jun 24 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585927 of user rubyman.
Jun 24 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585927.
Jun 24 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14906]: pam_unix(cron:session): session closed for user root
Jun 24 20:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17516]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: Invalid user shivam from 41.216.178.119
Jun 24 20:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: input_userauth_request: invalid user shivam [preauth]
Jun 24 20:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: Failed password for invalid user shivam from 41.216.178.119 port 39708 ssh2
Jun 24 20:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: Received disconnect from 41.216.178.119 port 39708:11: Bye Bye [preauth]
Jun 24 20:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17864]: Disconnected from 41.216.178.119 port 39708 [preauth]
Jun 24 20:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16607]: pam_unix(cron:session): session closed for user root
Jun 24 20:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: Invalid user kairos from 179.57.170.71
Jun 24 20:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: input_userauth_request: invalid user kairos [preauth]
Jun 24 20:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: Failed password for invalid user kairos from 179.57.170.71 port 41976 ssh2
Jun 24 20:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: Received disconnect from 179.57.170.71 port 41976:11: Bye Bye [preauth]
Jun 24 20:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: Disconnected from 179.57.170.71 port 41976 [preauth]
Jun 24 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18021]: pam_unix(cron:session): session closed for user root
Jun 24 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18014]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18089]: Successful su for rubyman by root
Jun 24 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18089]: + ??? root:rubyman
Jun 24 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585934 of user rubyman.
Jun 24 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18089]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585934.
Jun 24 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18018]: pam_unix(cron:session): session closed for user root
Jun 24 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15315]: pam_unix(cron:session): session closed for user root
Jun 24 20:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18015]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17112]: pam_unix(cron:session): session closed for user root
Jun 24 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18561]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18628]: Successful su for rubyman by root
Jun 24 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18628]: + ??? root:rubyman
Jun 24 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585937 of user rubyman.
Jun 24 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18628]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585937.
Jun 24 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15795]: pam_unix(cron:session): session closed for user root
Jun 24 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18562]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: Invalid user web-dev from 179.57.170.71
Jun 24 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: input_userauth_request: invalid user web-dev [preauth]
Jun 24 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: Failed password for invalid user web-dev from 179.57.170.71 port 45844 ssh2
Jun 24 20:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: Received disconnect from 179.57.170.71 port 45844:11: Bye Bye [preauth]
Jun 24 20:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: Disconnected from 179.57.170.71 port 45844 [preauth]
Jun 24 20:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17518]: pam_unix(cron:session): session closed for user root
Jun 24 20:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 20:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: Failed password for root from 41.216.178.119 port 49932 ssh2
Jun 24 20:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 20:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: Received disconnect from 41.216.178.119 port 49932:11: Bye Bye [preauth]
Jun 24 20:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: Disconnected from 41.216.178.119 port 49932 [preauth]
Jun 24 20:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: Failed password for root from 103.82.20.28 port 50658 ssh2
Jun 24 20:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: Connection closed by 103.82.20.28 port 50658 [preauth]
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18991]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19051]: Successful su for rubyman by root
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19051]: + ??? root:rubyman
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585942 of user rubyman.
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19051]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585942.
Jun 24 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16212]: pam_unix(cron:session): session closed for user root
Jun 24 20:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18992]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18020]: pam_unix(cron:session): session closed for user root
Jun 24 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19485]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19739]: Successful su for rubyman by root
Jun 24 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19739]: + ??? root:rubyman
Jun 24 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585945 of user rubyman.
Jun 24 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19739]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585945.
Jun 24 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16606]: pam_unix(cron:session): session closed for user root
Jun 24 20:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19486]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Invalid user ctd from 179.57.170.71
Jun 24 20:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: input_userauth_request: invalid user ctd [preauth]
Jun 24 20:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Failed password for invalid user ctd from 179.57.170.71 port 20524 ssh2
Jun 24 20:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Received disconnect from 179.57.170.71 port 20524:11: Bye Bye [preauth]
Jun 24 20:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Disconnected from 179.57.170.71 port 20524 [preauth]
Jun 24 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18564]: pam_unix(cron:session): session closed for user root
Jun 24 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20095]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20247]: Successful su for rubyman by root
Jun 24 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20247]: + ??? root:rubyman
Jun 24 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585949 of user rubyman.
Jun 24 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20247]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585949.
Jun 24 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17111]: pam_unix(cron:session): session closed for user root
Jun 24 20:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20096]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119  user=root
Jun 24 20:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20470]: Failed password for root from 41.216.178.119 port 42290 ssh2
Jun 24 20:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20470]: Received disconnect from 41.216.178.119 port 42290:11: Bye Bye [preauth]
Jun 24 20:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20470]: Disconnected from 41.216.178.119 port 42290 [preauth]
Jun 24 20:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18994]: pam_unix(cron:session): session closed for user root
Jun 24 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20602]: pam_unix(cron:session): session closed for user root
Jun 24 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20597]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20716]: Successful su for rubyman by root
Jun 24 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20716]: + ??? root:rubyman
Jun 24 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585954 of user rubyman.
Jun 24 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20716]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585954.
Jun 24 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20599]: pam_unix(cron:session): session closed for user root
Jun 24 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17517]: pam_unix(cron:session): session closed for user root
Jun 24 20:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20598]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Invalid user femdom from 179.57.170.71
Jun 24 20:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: input_userauth_request: invalid user femdom [preauth]
Jun 24 20:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Failed password for invalid user femdom from 179.57.170.71 port 33166 ssh2
Jun 24 20:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Received disconnect from 179.57.170.71 port 33166:11: Bye Bye [preauth]
Jun 24 20:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Disconnected from 179.57.170.71 port 33166 [preauth]
Jun 24 20:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19488]: pam_unix(cron:session): session closed for user root
Jun 24 20:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: Invalid user ana from 141.98.83.240
Jun 24 20:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: input_userauth_request: invalid user ana [preauth]
Jun 24 20:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 20:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: Failed password for invalid user ana from 141.98.83.240 port 62782 ssh2
Jun 24 20:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: Failed password for invalid user ana from 141.98.83.240 port 62782 ssh2
Jun 24 20:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: Failed password for invalid user ana from 141.98.83.240 port 62782 ssh2
Jun 24 20:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: Connection closed by 141.98.83.240 port 62782 [preauth]
Jun 24 20:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21075]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21127]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21203]: Successful su for rubyman by root
Jun 24 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21203]: + ??? root:rubyman
Jun 24 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585960 of user rubyman.
Jun 24 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21203]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585960.
Jun 24 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18019]: pam_unix(cron:session): session closed for user root
Jun 24 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21129]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20098]: pam_unix(cron:session): session closed for user root
Jun 24 20:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Invalid user default from 41.216.178.119
Jun 24 20:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: input_userauth_request: invalid user default [preauth]
Jun 24 20:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Failed password for invalid user default from 41.216.178.119 port 54008 ssh2
Jun 24 20:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Received disconnect from 41.216.178.119 port 54008:11: Bye Bye [preauth]
Jun 24 20:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Disconnected from 41.216.178.119 port 54008 [preauth]
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21567]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: Successful su for rubyman by root
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: + ??? root:rubyman
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585964 of user rubyman.
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585964.
Jun 24 20:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18563]: pam_unix(cron:session): session closed for user root
Jun 24 20:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Invalid user skoda from 179.57.170.71
Jun 24 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: input_userauth_request: invalid user skoda [preauth]
Jun 24 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Failed password for invalid user skoda from 179.57.170.71 port 61260 ssh2
Jun 24 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Received disconnect from 179.57.170.71 port 61260:11: Bye Bye [preauth]
Jun 24 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Disconnected from 179.57.170.71 port 61260 [preauth]
Jun 24 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20601]: pam_unix(cron:session): session closed for user root
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21982]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: Successful su for rubyman by root
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: + ??? root:rubyman
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585967 of user rubyman.
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585967.
Jun 24 20:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18993]: pam_unix(cron:session): session closed for user root
Jun 24 20:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21983]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21131]: pam_unix(cron:session): session closed for user root
Jun 24 20:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 20:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: Failed password for root from 77.94.47.83 port 49570 ssh2
Jun 24 20:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: Connection closed by 77.94.47.83 port 49570 [preauth]
Jun 24 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22472]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22470]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22534]: Successful su for rubyman by root
Jun 24 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22534]: + ??? root:rubyman
Jun 24 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585971 of user rubyman.
Jun 24 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22534]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585971.
Jun 24 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19487]: pam_unix(cron:session): session closed for user root
Jun 24 20:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22471]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 20:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Failed password for root from 38.93.206.2 port 14898 ssh2
Jun 24 20:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Connection closed by 38.93.206.2 port 14898 [preauth]
Jun 24 20:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Invalid user jz from 179.57.170.71
Jun 24 20:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: input_userauth_request: invalid user jz [preauth]
Jun 24 20:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Failed password for invalid user jz from 179.57.170.71 port 52332 ssh2
Jun 24 20:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Received disconnect from 179.57.170.71 port 52332:11: Bye Bye [preauth]
Jun 24 20:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Disconnected from 179.57.170.71 port 52332 [preauth]
Jun 24 20:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: Invalid user ammar from 41.216.178.119
Jun 24 20:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: input_userauth_request: invalid user ammar [preauth]
Jun 24 20:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: Failed password for invalid user ammar from 41.216.178.119 port 33558 ssh2
Jun 24 20:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: Received disconnect from 41.216.178.119 port 33558:11: Bye Bye [preauth]
Jun 24 20:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: Disconnected from 41.216.178.119 port 33558 [preauth]
Jun 24 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21570]: pam_unix(cron:session): session closed for user root
Jun 24 20:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 20:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22879]: Failed password for root from 103.27.238.116 port 41678 ssh2
Jun 24 20:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22879]: Connection closed by 103.27.238.116 port 41678 [preauth]
Jun 24 20:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session closed for user root
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22965]: Successful su for rubyman by root
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22965]: + ??? root:rubyman
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585975 of user rubyman.
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22965]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585975.
Jun 24 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22890]: Failed password for root from 87.251.79.125 port 45228 ssh2
Jun 24 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22890]: Connection closed by 87.251.79.125 port 45228 [preauth]
Jun 24 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session closed for user root
Jun 24 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20097]: pam_unix(cron:session): session closed for user root
Jun 24 20:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21985]: pam_unix(cron:session): session closed for user root
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23404]: Successful su for rubyman by root
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23404]: + ??? root:rubyman
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585981 of user rubyman.
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23404]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585981.
Jun 24 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20600]: pam_unix(cron:session): session closed for user root
Jun 24 20:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Invalid user nashville from 179.57.170.71
Jun 24 20:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: input_userauth_request: invalid user nashville [preauth]
Jun 24 20:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Failed password for invalid user nashville from 179.57.170.71 port 17520 ssh2
Jun 24 20:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Received disconnect from 179.57.170.71 port 17520:11: Bye Bye [preauth]
Jun 24 20:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Disconnected from 179.57.170.71 port 17520 [preauth]
Jun 24 20:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session closed for user root
Jun 24 20:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 20:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Failed password for root from 62.133.62.83 port 54284 ssh2
Jun 24 20:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Connection closed by 62.133.62.83 port 54284 [preauth]
Jun 24 20:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Invalid user dev from 41.216.178.119
Jun 24 20:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: input_userauth_request: invalid user dev [preauth]
Jun 24 20:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Failed password for invalid user dev from 41.216.178.119 port 51454 ssh2
Jun 24 20:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Received disconnect from 41.216.178.119 port 51454:11: Bye Bye [preauth]
Jun 24 20:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Disconnected from 41.216.178.119 port 51454 [preauth]
Jun 24 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23764]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: Successful su for rubyman by root
Jun 24 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: + ??? root:rubyman
Jun 24 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585986 of user rubyman.
Jun 24 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585986.
Jun 24 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21130]: pam_unix(cron:session): session closed for user root
Jun 24 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23765]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Failed password for root from 103.122.221.179 port 55738 ssh2
Jun 24 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Connection closed by 103.122.221.179 port 55738 [preauth]
Jun 24 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session closed for user root
Jun 24 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24287]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24354]: Successful su for rubyman by root
Jun 24 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24354]: + ??? root:rubyman
Jun 24 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585989 of user rubyman.
Jun 24 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24354]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585989.
Jun 24 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21569]: pam_unix(cron:session): session closed for user root
Jun 24 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24288]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: Invalid user prospect from 179.57.170.71
Jun 24 20:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: input_userauth_request: invalid user prospect [preauth]
Jun 24 20:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.170.71
Jun 24 20:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: Failed password for invalid user prospect from 179.57.170.71 port 53598 ssh2
Jun 24 20:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: Received disconnect from 179.57.170.71 port 53598:11: Bye Bye [preauth]
Jun 24 20:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: Disconnected from 179.57.170.71 port 53598 [preauth]
Jun 24 20:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23336]: pam_unix(cron:session): session closed for user root
Jun 24 20:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: Received disconnect from 69.175.33.170 port 60428:11: disconnected by user [preauth]
Jun 24 20:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: Disconnected from 69.175.33.170 port 60428 [preauth]
Jun 24 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24713]: pam_unix(cron:session): session closed for user p13x
Jun 24 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: Successful su for rubyman by root
Jun 24 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: + ??? root:rubyman
Jun 24 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 585995 of user rubyman.
Jun 24 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: pam_unix(su:session): session closed for user rubyman
Jun 24 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 585995.
Jun 24 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21984]: pam_unix(cron:session): session closed for user root
Jun 24 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24714]: pam_unix(cron:session): session closed for user samftp
Jun 24 20:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 20:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: Invalid user ali from 41.216.178.119
Jun 24 20:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: input_userauth_request: invalid user ali [preauth]
Jun 24 20:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 20:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.216.178.119
Jun 24 20:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: Failed password for invalid user ali from 41.216.178.119 port 34080 ssh2
Jun 24 20:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: Received disconnect from 41.216.178.119 port 34080:11: Bye Bye [preauth]
Jun 24 20:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: Disconnected from 41.216.178.119 port 34080 [preauth]
Jun 24 20:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23767]: pam_unix(cron:session): session closed for user root
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25115]: pam_unix(cron:session): session closed for user root
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25111]: pam_unix(cron:session): session closed for user root
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25210]: Successful su for rubyman by root
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25210]: + ??? root:rubyman
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586000 of user rubyman.
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25210]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586000.
Jun 24 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25112]: pam_unix(cron:session): session closed for user root
Jun 24 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22472]: pam_unix(cron:session): session closed for user root
Jun 24 21:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24291]: pam_unix(cron:session): session closed for user root
Jun 24 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25605]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: Successful su for rubyman by root
Jun 24 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: + ??? root:rubyman
Jun 24 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586004 of user rubyman.
Jun 24 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586004.
Jun 24 21:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session closed for user root
Jun 24 21:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25606]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24717]: pam_unix(cron:session): session closed for user root
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26054]: Successful su for rubyman by root
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26054]: + ??? root:rubyman
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586009 of user rubyman.
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26054]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586009.
Jun 24 21:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session closed for user root
Jun 24 21:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25997]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25114]: pam_unix(cron:session): session closed for user root
Jun 24 21:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Received disconnect from 38.96.178.220 port 46638:11: disconnected by user [preauth]
Jun 24 21:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Disconnected from 38.96.178.220 port 46638 [preauth]
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26449]: Successful su for rubyman by root
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26449]: + ??? root:rubyman
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586013 of user rubyman.
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26449]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586013.
Jun 24 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23766]: pam_unix(cron:session): session closed for user root
Jun 24 21:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25608]: pam_unix(cron:session): session closed for user root
Jun 24 21:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 21:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Failed password for root from 103.77.175.15 port 45626 ssh2
Jun 24 21:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Connection closed by 103.77.175.15 port 45626 [preauth]
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26937]: Successful su for rubyman by root
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26937]: + ??? root:rubyman
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586017 of user rubyman.
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26937]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586017.
Jun 24 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24290]: pam_unix(cron:session): session closed for user root
Jun 24 21:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26874]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 21:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27110]: Failed password for root from 147.45.199.80 port 56972 ssh2
Jun 24 21:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27110]: Connection closed by 147.45.199.80 port 56972 [preauth]
Jun 24 21:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 21:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Failed password for root from 103.82.132.16 port 39858 ssh2
Jun 24 21:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Connection closed by 103.82.132.16 port 39858 [preauth]
Jun 24 21:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25999]: pam_unix(cron:session): session closed for user root
Jun 24 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 21:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for root from 103.153.68.219 port 50780 ssh2
Jun 24 21:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Connection closed by 103.153.68.219 port 50780 [preauth]
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27298]: pam_unix(cron:session): session closed for user root
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27292]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27367]: Successful su for rubyman by root
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27367]: + ??? root:rubyman
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586022 of user rubyman.
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27367]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586022.
Jun 24 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27295]: pam_unix(cron:session): session closed for user root
Jun 24 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24716]: pam_unix(cron:session): session closed for user root
Jun 24 21:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27294]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session closed for user root
Jun 24 21:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27701]: Connection reset by 62.60.130.219 port 31244 [preauth]
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27733]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27804]: Successful su for rubyman by root
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27804]: + ??? root:rubyman
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586027 of user rubyman.
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27804]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586027.
Jun 24 21:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25113]: pam_unix(cron:session): session closed for user root
Jun 24 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27734]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: Failed password for root from 51.250.105.222 port 44162 ssh2
Jun 24 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: Connection closed by 51.250.105.222 port 44162 [preauth]
Jun 24 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26876]: pam_unix(cron:session): session closed for user root
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28213]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28274]: Successful su for rubyman by root
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28274]: + ??? root:rubyman
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586031 of user rubyman.
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28274]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586031.
Jun 24 21:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25607]: pam_unix(cron:session): session closed for user root
Jun 24 21:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28214]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27297]: pam_unix(cron:session): session closed for user root
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28693]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28762]: Successful su for rubyman by root
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28762]: + ??? root:rubyman
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586034 of user rubyman.
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28762]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586034.
Jun 24 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25998]: pam_unix(cron:session): session closed for user root
Jun 24 21:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28694]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session closed for user root
Jun 24 21:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29060]: Invalid user  from 45.153.34.71
Jun 24 21:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29060]: input_userauth_request: invalid user  [preauth]
Jun 24 21:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29060]: Connection closed by 45.153.34.71 port 59210 [preauth]
Jun 24 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29113]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29252]: Successful su for rubyman by root
Jun 24 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29252]: + ??? root:rubyman
Jun 24 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586038 of user rubyman.
Jun 24 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29252]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586038.
Jun 24 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29111]: pam_unix(cron:session): session closed for user root
Jun 24 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26393]: pam_unix(cron:session): session closed for user root
Jun 24 21:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29114]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: Invalid user minecraft from 45.153.34.71
Jun 24 21:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 21:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: Failed password for invalid user minecraft from 45.153.34.71 port 49602 ssh2
Jun 24 21:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: Connection closed by 45.153.34.71 port 49602 [preauth]
Jun 24 21:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: Invalid user data from 45.153.34.71
Jun 24 21:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: input_userauth_request: invalid user data [preauth]
Jun 24 21:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: Failed password for invalid user data from 45.153.34.71 port 49620 ssh2
Jun 24 21:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: Connection closed by 45.153.34.71 port 49620 [preauth]
Jun 24 21:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28216]: pam_unix(cron:session): session closed for user root
Jun 24 21:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Invalid user debian from 45.153.34.71
Jun 24 21:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: input_userauth_request: invalid user debian [preauth]
Jun 24 21:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Failed password for invalid user debian from 45.153.34.71 port 33786 ssh2
Jun 24 21:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Connection closed by 45.153.34.71 port 33786 [preauth]
Jun 24 21:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Invalid user ts3 from 45.153.34.71
Jun 24 21:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: input_userauth_request: invalid user ts3 [preauth]
Jun 24 21:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Failed password for invalid user ts3 from 45.153.34.71 port 33808 ssh2
Jun 24 21:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Connection closed by 45.153.34.71 port 33808 [preauth]
Jun 24 21:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: Invalid user monitor from 45.153.34.71
Jun 24 21:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: input_userauth_request: invalid user monitor [preauth]
Jun 24 21:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: Failed password for invalid user monitor from 45.153.34.71 port 33824 ssh2
Jun 24 21:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: Connection closed by 45.153.34.71 port 33824 [preauth]
Jun 24 21:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Invalid user pi from 45.153.34.71
Jun 24 21:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: input_userauth_request: invalid user pi [preauth]
Jun 24 21:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Failed password for invalid user pi from 45.153.34.71 port 53324 ssh2
Jun 24 21:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Connection closed by 45.153.34.71 port 53324 [preauth]
Jun 24 21:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Invalid user myuser from 45.153.34.71
Jun 24 21:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: input_userauth_request: invalid user myuser [preauth]
Jun 24 21:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Failed password for invalid user myuser from 45.153.34.71 port 53338 ssh2
Jun 24 21:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Connection closed by 45.153.34.71 port 53338 [preauth]
Jun 24 21:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29719]: Failed password for root from 45.153.34.71 port 53350 ssh2
Jun 24 21:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29719]: Connection closed by 45.153.34.71 port 53350 [preauth]
Jun 24 21:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: Invalid user plex from 45.153.34.71
Jun 24 21:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: input_userauth_request: invalid user plex [preauth]
Jun 24 21:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: Failed password for invalid user plex from 45.153.34.71 port 55180 ssh2
Jun 24 21:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29740]: Connection closed by 45.153.34.71 port 55180 [preauth]
Jun 24 21:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Failed password for invalid user ubuntu from 45.153.34.71 port 55202 ssh2
Jun 24 21:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Connection closed by 45.153.34.71 port 55202 [preauth]
Jun 24 21:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: Failed password for root from 45.153.34.71 port 55218 ssh2
Jun 24 21:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29755]: Connection closed by 45.153.34.71 port 55218 [preauth]
Jun 24 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29774]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29776]: pam_unix(cron:session): session closed for user root
Jun 24 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29771]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29768]: Invalid user bob from 45.153.34.71
Jun 24 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29768]: input_userauth_request: invalid user bob [preauth]
Jun 24 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29768]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: Successful su for rubyman by root
Jun 24 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: + ??? root:rubyman
Jun 24 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586043 of user rubyman.
Jun 24 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586043.
Jun 24 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29773]: pam_unix(cron:session): session closed for user root
Jun 24 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29768]: Failed password for invalid user bob from 45.153.34.71 port 57404 ssh2
Jun 24 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26875]: pam_unix(cron:session): session closed for user root
Jun 24 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29768]: Connection closed by 45.153.34.71 port 57404 [preauth]
Jun 24 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Invalid user ftpuser from 45.153.34.71
Jun 24 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Failed password for invalid user ftpuser from 45.153.34.71 port 57412 ssh2
Jun 24 21:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Connection closed by 45.153.34.71 port 57412 [preauth]
Jun 24 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: Invalid user nginx from 45.153.34.71
Jun 24 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: input_userauth_request: invalid user nginx [preauth]
Jun 24 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: Failed password for invalid user nginx from 45.153.34.71 port 57416 ssh2
Jun 24 21:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: Connection closed by 45.153.34.71 port 57416 [preauth]
Jun 24 21:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: Failed password for root from 193.37.70.224 port 38450 ssh2
Jun 24 21:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: Connection closed by 193.37.70.224 port 38450 [preauth]
Jun 24 21:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Failed password for root from 45.153.34.71 port 45172 ssh2
Jun 24 21:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Connection closed by 45.153.34.71 port 45172 [preauth]
Jun 24 21:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30099]: Failed password for root from 45.153.34.71 port 45186 ssh2
Jun 24 21:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30099]: Connection closed by 45.153.34.71 port 45186 [preauth]
Jun 24 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Invalid user main from 45.153.34.71
Jun 24 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: input_userauth_request: invalid user main [preauth]
Jun 24 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Failed password for invalid user main from 45.153.34.71 port 45194 ssh2
Jun 24 21:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Connection closed by 45.153.34.71 port 45194 [preauth]
Jun 24 21:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: Invalid user steam from 45.153.34.71
Jun 24 21:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: input_userauth_request: invalid user steam [preauth]
Jun 24 21:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: Failed password for invalid user steam from 45.153.34.71 port 48876 ssh2
Jun 24 21:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: Connection closed by 45.153.34.71 port 48876 [preauth]
Jun 24 21:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: Failed password for root from 45.153.34.71 port 48890 ssh2
Jun 24 21:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: Connection closed by 45.153.34.71 port 48890 [preauth]
Jun 24 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Invalid user runner from 45.153.34.71
Jun 24 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: input_userauth_request: invalid user runner [preauth]
Jun 24 21:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Failed password for invalid user runner from 45.153.34.71 port 48896 ssh2
Jun 24 21:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Connection closed by 45.153.34.71 port 48896 [preauth]
Jun 24 21:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: Invalid user guest from 45.153.34.71
Jun 24 21:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: input_userauth_request: invalid user guest [preauth]
Jun 24 21:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28696]: pam_unix(cron:session): session closed for user root
Jun 24 21:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: Failed password for invalid user guest from 45.153.34.71 port 51694 ssh2
Jun 24 21:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: Connection closed by 45.153.34.71 port 51694 [preauth]
Jun 24 21:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Failed password for root from 45.153.34.71 port 51704 ssh2
Jun 24 21:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Connection closed by 45.153.34.71 port 51704 [preauth]
Jun 24 21:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Invalid user postgres from 45.153.34.71
Jun 24 21:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: input_userauth_request: invalid user postgres [preauth]
Jun 24 21:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Failed password for invalid user postgres from 45.153.34.71 port 51708 ssh2
Jun 24 21:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Connection closed by 45.153.34.71 port 51708 [preauth]
Jun 24 21:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Invalid user ducc0x from 45.153.34.71
Jun 24 21:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: input_userauth_request: invalid user ducc0x [preauth]
Jun 24 21:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Failed password for invalid user ducc0x from 45.153.34.71 port 42590 ssh2
Jun 24 21:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Connection closed by 45.153.34.71 port 42590 [preauth]
Jun 24 21:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Invalid user private from 45.153.34.71
Jun 24 21:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: input_userauth_request: invalid user private [preauth]
Jun 24 21:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Failed password for invalid user private from 45.153.34.71 port 42596 ssh2
Jun 24 21:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Connection closed by 45.153.34.71 port 42596 [preauth]
Jun 24 21:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: Invalid user user1 from 45.153.34.71
Jun 24 21:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: input_userauth_request: invalid user user1 [preauth]
Jun 24 21:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: Failed password for invalid user user1 from 45.153.34.71 port 42608 ssh2
Jun 24 21:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: Connection closed by 45.153.34.71 port 42608 [preauth]
Jun 24 21:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Invalid user admin from 45.153.34.71
Jun 24 21:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Failed password for invalid user admin from 45.153.34.71 port 45408 ssh2
Jun 24 21:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Connection closed by 45.153.34.71 port 45408 [preauth]
Jun 24 21:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Invalid user user from 45.153.34.71
Jun 24 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: input_userauth_request: invalid user user [preauth]
Jun 24 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Failed password for invalid user user from 45.153.34.71 port 45412 ssh2
Jun 24 21:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Connection closed by 45.153.34.71 port 45412 [preauth]
Jun 24 21:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: Invalid user deployer from 45.153.34.71
Jun 24 21:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: input_userauth_request: invalid user deployer [preauth]
Jun 24 21:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: Failed password for invalid user deployer from 45.153.34.71 port 45418 ssh2
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30266]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30262]: Connection closed by 45.153.34.71 port 45418 [preauth]
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: Successful su for rubyman by root
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: + ??? root:rubyman
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586049 of user rubyman.
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586049.
Jun 24 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Invalid user crafty from 45.153.34.71
Jun 24 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: input_userauth_request: invalid user crafty [preauth]
Jun 24 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Failed password for invalid user crafty from 45.153.34.71 port 45268 ssh2
Jun 24 21:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Connection closed by 45.153.34.71 port 45268 [preauth]
Jun 24 21:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27296]: pam_unix(cron:session): session closed for user root
Jun 24 21:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30267]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: Invalid user bot from 45.153.34.71
Jun 24 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: input_userauth_request: invalid user bot [preauth]
Jun 24 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: Failed password for invalid user bot from 45.153.34.71 port 45282 ssh2
Jun 24 21:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: Connection closed by 45.153.34.71 port 45282 [preauth]
Jun 24 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30525]: Invalid user demo from 45.153.34.71
Jun 24 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30525]: input_userauth_request: invalid user demo [preauth]
Jun 24 21:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30525]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30525]: Failed password for invalid user demo from 45.153.34.71 port 45286 ssh2
Jun 24 21:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30525]: Connection closed by 45.153.34.71 port 45286 [preauth]
Jun 24 21:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: Invalid user potok from 45.153.34.71
Jun 24 21:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: input_userauth_request: invalid user potok [preauth]
Jun 24 21:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: Failed password for invalid user potok from 45.153.34.71 port 46286 ssh2
Jun 24 21:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: Connection closed by 45.153.34.71 port 46286 [preauth]
Jun 24 21:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: Invalid user trinity from 45.153.34.71
Jun 24 21:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: input_userauth_request: invalid user trinity [preauth]
Jun 24 21:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: Failed password for invalid user trinity from 45.153.34.71 port 46288 ssh2
Jun 24 21:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: Connection closed by 45.153.34.71 port 46288 [preauth]
Jun 24 21:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30566]: Invalid user root1 from 45.153.34.71
Jun 24 21:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30566]: input_userauth_request: invalid user root1 [preauth]
Jun 24 21:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30566]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30566]: Failed password for invalid user root1 from 45.153.34.71 port 46300 ssh2
Jun 24 21:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30566]: Connection closed by 45.153.34.71 port 46300 [preauth]
Jun 24 21:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Invalid user master from 45.153.34.71
Jun 24 21:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: input_userauth_request: invalid user master [preauth]
Jun 24 21:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Failed password for invalid user master from 45.153.34.71 port 35670 ssh2
Jun 24 21:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Connection closed by 45.153.34.71 port 35670 [preauth]
Jun 24 21:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: Invalid user rock from 45.153.34.71
Jun 24 21:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: input_userauth_request: invalid user rock [preauth]
Jun 24 21:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: Failed password for invalid user rock from 45.153.34.71 port 35676 ssh2
Jun 24 21:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: Connection closed by 45.153.34.71 port 35676 [preauth]
Jun 24 21:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: Failed password for root from 45.153.34.71 port 35680 ssh2
Jun 24 21:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: Connection closed by 45.153.34.71 port 35680 [preauth]
Jun 24 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Invalid user vm from 45.153.34.71
Jun 24 21:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: input_userauth_request: invalid user vm [preauth]
Jun 24 21:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session closed for user root
Jun 24 21:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Failed password for invalid user vm from 45.153.34.71 port 57908 ssh2
Jun 24 21:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Connection closed by 45.153.34.71 port 57908 [preauth]
Jun 24 21:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30651]: Failed password for root from 45.153.34.71 port 57912 ssh2
Jun 24 21:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30651]: Connection closed by 45.153.34.71 port 57912 [preauth]
Jun 24 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: Failed password for invalid user ubuntu from 45.153.34.71 port 57928 ssh2
Jun 24 21:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: Connection closed by 45.153.34.71 port 57928 [preauth]
Jun 24 21:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: User vncuser from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: input_userauth_request: invalid user vncuser [preauth]
Jun 24 21:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=vncuser
Jun 24 21:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: Failed password for invalid user vncuser from 45.153.34.71 port 52300 ssh2
Jun 24 21:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: Connection closed by 45.153.34.71 port 52300 [preauth]
Jun 24 21:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Invalid user odoo17 from 45.153.34.71
Jun 24 21:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: input_userauth_request: invalid user odoo17 [preauth]
Jun 24 21:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Failed password for invalid user odoo17 from 45.153.34.71 port 52318 ssh2
Jun 24 21:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Connection closed by 45.153.34.71 port 52318 [preauth]
Jun 24 21:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Failed password for root from 45.153.34.71 port 52334 ssh2
Jun 24 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Connection closed by 45.153.34.71 port 52334 [preauth]
Jun 24 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: Invalid user admin from 45.153.34.71
Jun 24 21:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: Failed password for invalid user admin from 45.153.34.71 port 45642 ssh2
Jun 24 21:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: Connection closed by 45.153.34.71 port 45642 [preauth]
Jun 24 21:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: Invalid user devuser from 45.153.34.71
Jun 24 21:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: input_userauth_request: invalid user devuser [preauth]
Jun 24 21:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: Failed password for invalid user devuser from 45.153.34.71 port 45652 ssh2
Jun 24 21:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30709]: Connection closed by 45.153.34.71 port 45652 [preauth]
Jun 24 21:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Invalid user deployer from 45.153.34.71
Jun 24 21:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: input_userauth_request: invalid user deployer [preauth]
Jun 24 21:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for invalid user deployer from 45.153.34.71 port 45660 ssh2
Jun 24 21:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Connection closed by 45.153.34.71 port 45660 [preauth]
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30722]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: Successful su for rubyman by root
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: + ??? root:rubyman
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586055 of user rubyman.
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586055.
Jun 24 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Invalid user vbox from 45.153.34.71
Jun 24 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: input_userauth_request: invalid user vbox [preauth]
Jun 24 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Failed password for invalid user vbox from 45.153.34.71 port 38810 ssh2
Jun 24 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Connection closed by 45.153.34.71 port 38810 [preauth]
Jun 24 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session closed for user root
Jun 24 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31059]: Failed password for root from 45.153.34.71 port 38828 ssh2
Jun 24 21:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31059]: Connection closed by 45.153.34.71 port 38828 [preauth]
Jun 24 21:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: Failed password for root from 45.153.34.71 port 38858 ssh2
Jun 24 21:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: Connection closed by 45.153.34.71 port 38858 [preauth]
Jun 24 21:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Failed password for root from 45.153.34.71 port 46406 ssh2
Jun 24 21:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Connection closed by 45.153.34.71 port 46406 [preauth]
Jun 24 21:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for root from 45.153.34.71 port 46420 ssh2
Jun 24 21:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Connection closed by 45.153.34.71 port 46420 [preauth]
Jun 24 21:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: Failed password for root from 45.153.34.71 port 46428 ssh2
Jun 24 21:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: Connection closed by 45.153.34.71 port 46428 [preauth]
Jun 24 21:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: Failed password for root from 45.153.34.71 port 54810 ssh2
Jun 24 21:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: Connection closed by 45.153.34.71 port 54810 [preauth]
Jun 24 21:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: Failed password for root from 45.153.34.71 port 54818 ssh2
Jun 24 21:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: Connection closed by 45.153.34.71 port 54818 [preauth]
Jun 24 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: Invalid user username from 45.153.34.71
Jun 24 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: input_userauth_request: invalid user username [preauth]
Jun 24 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: Failed password for invalid user username from 45.153.34.71 port 54832 ssh2
Jun 24 21:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31149]: Connection closed by 45.153.34.71 port 54832 [preauth]
Jun 24 21:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Invalid user neptune from 45.153.34.71
Jun 24 21:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: input_userauth_request: invalid user neptune [preauth]
Jun 24 21:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Failed password for invalid user neptune from 45.153.34.71 port 59518 ssh2
Jun 24 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Connection closed by 45.153.34.71 port 59518 [preauth]
Jun 24 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29775]: pam_unix(cron:session): session closed for user root
Jun 24 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Invalid user ansible from 45.153.34.71
Jun 24 21:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: input_userauth_request: invalid user ansible [preauth]
Jun 24 21:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: Failed password for root from 202.178.126.219 port 62152 ssh2
Jun 24 21:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: Connection closed by 202.178.126.219 port 62152 [preauth]
Jun 24 21:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Failed password for invalid user ansible from 45.153.34.71 port 59534 ssh2
Jun 24 21:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Connection closed by 45.153.34.71 port 59534 [preauth]
Jun 24 21:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Invalid user testuser from 45.153.34.71
Jun 24 21:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: input_userauth_request: invalid user testuser [preauth]
Jun 24 21:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Failed password for invalid user testuser from 45.153.34.71 port 59550 ssh2
Jun 24 21:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Connection closed by 45.153.34.71 port 59550 [preauth]
Jun 24 21:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Invalid user claude from 45.153.34.71
Jun 24 21:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: input_userauth_request: invalid user claude [preauth]
Jun 24 21:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 21:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Failed password for invalid user claude from 45.153.34.71 port 56672 ssh2
Jun 24 21:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Connection closed by 45.153.34.71 port 56672 [preauth]
Jun 24 21:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: Invalid user www from 45.153.34.71
Jun 24 21:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: input_userauth_request: invalid user www [preauth]
Jun 24 21:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31204]: Failed password for root from 103.77.242.62 port 59024 ssh2
Jun 24 21:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31204]: Connection closed by 103.77.242.62 port 59024 [preauth]
Jun 24 21:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: Failed password for invalid user www from 45.153.34.71 port 56680 ssh2
Jun 24 21:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: Connection closed by 45.153.34.71 port 56680 [preauth]
Jun 24 21:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Failed password for root from 45.153.34.71 port 56688 ssh2
Jun 24 21:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Connection closed by 45.153.34.71 port 56688 [preauth]
Jun 24 21:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: Invalid user portal from 45.153.34.71
Jun 24 21:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: input_userauth_request: invalid user portal [preauth]
Jun 24 21:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: Failed password for invalid user portal from 45.153.34.71 port 39064 ssh2
Jun 24 21:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31240]: Connection closed by 45.153.34.71 port 39064 [preauth]
Jun 24 21:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: Invalid user node from 45.153.34.71
Jun 24 21:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: input_userauth_request: invalid user node [preauth]
Jun 24 21:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: Failed password for invalid user node from 45.153.34.71 port 39080 ssh2
Jun 24 21:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: Connection closed by 45.153.34.71 port 39080 [preauth]
Jun 24 21:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Failed password for root from 45.153.34.71 port 39088 ssh2
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31268]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Connection closed by 45.153.34.71 port 39088 [preauth]
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: Successful su for rubyman by root
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: + ??? root:rubyman
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586059 of user rubyman.
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586059.
Jun 24 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28215]: pam_unix(cron:session): session closed for user root
Jun 24 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: Failed password for root from 45.153.34.71 port 46464 ssh2
Jun 24 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: Connection closed by 45.153.34.71 port 46464 [preauth]
Jun 24 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: Invalid user zahra from 45.153.34.71
Jun 24 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: input_userauth_request: invalid user zahra [preauth]
Jun 24 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: Failed password for invalid user zahra from 45.153.34.71 port 46474 ssh2
Jun 24 21:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: Connection closed by 45.153.34.71 port 46474 [preauth]
Jun 24 21:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Failed password for root from 45.153.34.71 port 46482 ssh2
Jun 24 21:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Connection closed by 45.153.34.71 port 46482 [preauth]
Jun 24 21:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Invalid user ecommerce from 45.153.34.71
Jun 24 21:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: input_userauth_request: invalid user ecommerce [preauth]
Jun 24 21:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for invalid user ecommerce from 45.153.34.71 port 46222 ssh2
Jun 24 21:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Connection closed by 45.153.34.71 port 46222 [preauth]
Jun 24 21:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Invalid user dev from 45.153.34.71
Jun 24 21:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: input_userauth_request: invalid user dev [preauth]
Jun 24 21:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Failed password for invalid user dev from 45.153.34.71 port 46226 ssh2
Jun 24 21:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Connection closed by 45.153.34.71 port 46226 [preauth]
Jun 24 21:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Failed password for root from 45.153.34.71 port 46228 ssh2
Jun 24 21:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Connection closed by 45.153.34.71 port 46228 [preauth]
Jun 24 21:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Failed password for root from 45.153.34.71 port 42126 ssh2
Jun 24 21:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Connection closed by 45.153.34.71 port 42126 [preauth]
Jun 24 21:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Invalid user appuser from 45.153.34.71
Jun 24 21:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: input_userauth_request: invalid user appuser [preauth]
Jun 24 21:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for invalid user appuser from 45.153.34.71 port 42130 ssh2
Jun 24 21:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Connection closed by 45.153.34.71 port 42130 [preauth]
Jun 24 21:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Invalid user admin from 45.153.34.71
Jun 24 21:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Failed password for invalid user admin from 45.153.34.71 port 42144 ssh2
Jun 24 21:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Connection closed by 45.153.34.71 port 42144 [preauth]
Jun 24 21:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31696]: Invalid user toto from 45.153.34.71
Jun 24 21:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31696]: input_userauth_request: invalid user toto [preauth]
Jun 24 21:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31696]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30270]: pam_unix(cron:session): session closed for user root
Jun 24 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31696]: Failed password for invalid user toto from 45.153.34.71 port 38892 ssh2
Jun 24 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31696]: Connection closed by 45.153.34.71 port 38892 [preauth]
Jun 24 21:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Invalid user node from 45.153.34.71
Jun 24 21:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: input_userauth_request: invalid user node [preauth]
Jun 24 21:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Failed password for invalid user node from 45.153.34.71 port 38906 ssh2
Jun 24 21:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Connection closed by 45.153.34.71 port 38906 [preauth]
Jun 24 21:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31740]: Invalid user guest from 45.153.34.71
Jun 24 21:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31740]: input_userauth_request: invalid user guest [preauth]
Jun 24 21:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31740]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31740]: Failed password for invalid user guest from 45.153.34.71 port 38908 ssh2
Jun 24 21:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31740]: Connection closed by 45.153.34.71 port 38908 [preauth]
Jun 24 21:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Invalid user chris from 45.153.34.71
Jun 24 21:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: input_userauth_request: invalid user chris [preauth]
Jun 24 21:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 24 21:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: Failed password for root from 89.223.69.22 port 36232 ssh2
Jun 24 21:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Failed password for invalid user chris from 45.153.34.71 port 43608 ssh2
Jun 24 21:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Connection closed by 45.153.34.71 port 43608 [preauth]
Jun 24 21:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: Connection closed by 89.223.69.22 port 36232 [preauth]
Jun 24 21:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31767]: Failed password for root from 45.153.34.71 port 43612 ssh2
Jun 24 21:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31767]: Connection closed by 45.153.34.71 port 43612 [preauth]
Jun 24 21:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: Invalid user chris from 45.153.34.71
Jun 24 21:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: input_userauth_request: invalid user chris [preauth]
Jun 24 21:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: Failed password for invalid user chris from 45.153.34.71 port 43624 ssh2
Jun 24 21:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: Connection closed by 45.153.34.71 port 43624 [preauth]
Jun 24 21:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Invalid user teamspeak from 45.153.34.71
Jun 24 21:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: input_userauth_request: invalid user teamspeak [preauth]
Jun 24 21:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Failed password for invalid user teamspeak from 45.153.34.71 port 50536 ssh2
Jun 24 21:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Connection closed by 45.153.34.71 port 50536 [preauth]
Jun 24 21:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: Invalid user deploy from 45.153.34.71
Jun 24 21:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: Failed password for invalid user deploy from 45.153.34.71 port 50546 ssh2
Jun 24 21:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: Connection closed by 45.153.34.71 port 50546 [preauth]
Jun 24 21:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Invalid user server from 45.153.34.71
Jun 24 21:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: input_userauth_request: invalid user server [preauth]
Jun 24 21:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Failed password for invalid user server from 45.153.34.71 port 50558 ssh2
Jun 24 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Connection closed by 45.153.34.71 port 50558 [preauth]
Jun 24 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31811]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31871]: Successful su for rubyman by root
Jun 24 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31871]: + ??? root:rubyman
Jun 24 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586061 of user rubyman.
Jun 24 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31871]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586061.
Jun 24 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Failed password for root from 45.153.34.71 port 42990 ssh2
Jun 24 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Connection closed by 45.153.34.71 port 42990 [preauth]
Jun 24 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28695]: pam_unix(cron:session): session closed for user root
Jun 24 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Failed password for root from 45.153.34.71 port 43000 ssh2
Jun 24 21:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Connection closed by 45.153.34.71 port 43000 [preauth]
Jun 24 21:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: Invalid user drcomadmin from 45.153.34.71
Jun 24 21:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 24 21:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: Failed password for invalid user drcomadmin from 45.153.34.71 port 43018 ssh2
Jun 24 21:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: Connection closed by 45.153.34.71 port 43018 [preauth]
Jun 24 21:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: Failed password for root from 45.153.34.71 port 50360 ssh2
Jun 24 21:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32088]: Connection closed by 45.153.34.71 port 50360 [preauth]
Jun 24 21:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: Invalid user rocky from 45.153.34.71
Jun 24 21:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: input_userauth_request: invalid user rocky [preauth]
Jun 24 21:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: Failed password for invalid user rocky from 45.153.34.71 port 50362 ssh2
Jun 24 21:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: Connection closed by 45.153.34.71 port 50362 [preauth]
Jun 24 21:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: Invalid user default from 45.153.34.71
Jun 24 21:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: input_userauth_request: invalid user default [preauth]
Jun 24 21:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: Failed password for invalid user default from 45.153.34.71 port 50372 ssh2
Jun 24 21:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32113]: Connection closed by 45.153.34.71 port 50372 [preauth]
Jun 24 21:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Invalid user openclaw from 45.153.34.71
Jun 24 21:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 21:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Failed password for invalid user openclaw from 45.153.34.71 port 38344 ssh2
Jun 24 21:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Connection closed by 45.153.34.71 port 38344 [preauth]
Jun 24 21:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32128]: Failed password for root from 45.153.34.71 port 38356 ssh2
Jun 24 21:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32128]: Connection closed by 45.153.34.71 port 38356 [preauth]
Jun 24 21:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: Invalid user ranga from 45.153.34.71
Jun 24 21:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: input_userauth_request: invalid user ranga [preauth]
Jun 24 21:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: Failed password for invalid user ranga from 45.153.34.71 port 38362 ssh2
Jun 24 21:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: Connection closed by 45.153.34.71 port 38362 [preauth]
Jun 24 21:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session closed for user root
Jun 24 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: Failed password for root from 45.153.34.71 port 34338 ssh2
Jun 24 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: Connection closed by 45.153.34.71 port 34338 [preauth]
Jun 24 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: Invalid user sftpuser from 45.153.34.71
Jun 24 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: input_userauth_request: invalid user sftpuser [preauth]
Jun 24 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: Failed password for invalid user sftpuser from 45.153.34.71 port 34354 ssh2
Jun 24 21:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: Connection closed by 45.153.34.71 port 34354 [preauth]
Jun 24 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: Failed password for root from 45.153.34.71 port 34362 ssh2
Jun 24 21:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32198]: Connection closed by 45.153.34.71 port 34362 [preauth]
Jun 24 21:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: Invalid user lucas from 45.153.34.71
Jun 24 21:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: input_userauth_request: invalid user lucas [preauth]
Jun 24 21:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: Failed password for invalid user lucas from 45.153.34.71 port 45996 ssh2
Jun 24 21:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: Connection closed by 45.153.34.71 port 45996 [preauth]
Jun 24 21:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: Invalid user deployer from 45.153.34.71
Jun 24 21:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: input_userauth_request: invalid user deployer [preauth]
Jun 24 21:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: Failed password for invalid user deployer from 45.153.34.71 port 46000 ssh2
Jun 24 21:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: Connection closed by 45.153.34.71 port 46000 [preauth]
Jun 24 21:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: Failed password for root from 45.153.34.71 port 46012 ssh2
Jun 24 21:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: Connection closed by 45.153.34.71 port 46012 [preauth]
Jun 24 21:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: Invalid user alex from 45.153.34.71
Jun 24 21:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: input_userauth_request: invalid user alex [preauth]
Jun 24 21:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: Failed password for invalid user alex from 45.153.34.71 port 57250 ssh2
Jun 24 21:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: Connection closed by 45.153.34.71 port 57250 [preauth]
Jun 24 21:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 24 21:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: Invalid user user from 45.153.34.71
Jun 24 21:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: input_userauth_request: invalid user user [preauth]
Jun 24 21:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: Failed password for root from 147.45.211.215 port 47996 ssh2
Jun 24 21:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32244]: Connection closed by 147.45.211.215 port 47996 [preauth]
Jun 24 21:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: Failed password for invalid user user from 45.153.34.71 port 57276 ssh2
Jun 24 21:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: Connection closed by 45.153.34.71 port 57276 [preauth]
Jun 24 21:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32256]: Invalid user xiao from 45.153.34.71
Jun 24 21:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32256]: input_userauth_request: invalid user xiao [preauth]
Jun 24 21:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32256]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32256]: Failed password for invalid user xiao from 45.153.34.71 port 57306 ssh2
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32256]: Connection closed by 45.153.34.71 port 57306 [preauth]
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32266]: pam_unix(cron:session): session closed for user root
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32261]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32258]: User ftp from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32258]: input_userauth_request: invalid user ftp [preauth]
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: Successful su for rubyman by root
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: + ??? root:rubyman
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586065 of user rubyman.
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586065.
Jun 24 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=ftp
Jun 24 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32258]: Failed password for invalid user ftp from 45.153.34.71 port 35968 ssh2
Jun 24 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32258]: Connection closed by 45.153.34.71 port 35968 [preauth]
Jun 24 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session closed for user root
Jun 24 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29115]: pam_unix(cron:session): session closed for user root
Jun 24 21:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Invalid user ftpuser from 45.153.34.71
Jun 24 21:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 21:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32262]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Failed password for invalid user ftpuser from 45.153.34.71 port 35998 ssh2
Jun 24 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Connection closed by 45.153.34.71 port 35998 [preauth]
Jun 24 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: Invalid user usuario from 45.153.34.71
Jun 24 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: input_userauth_request: invalid user usuario [preauth]
Jun 24 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: Failed password for invalid user usuario from 45.153.34.71 port 36006 ssh2
Jun 24 21:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: Connection closed by 45.153.34.71 port 36006 [preauth]
Jun 24 21:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Invalid user erpnext from 45.153.34.71
Jun 24 21:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: input_userauth_request: invalid user erpnext [preauth]
Jun 24 21:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Failed password for invalid user erpnext from 45.153.34.71 port 50134 ssh2
Jun 24 21:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Connection closed by 45.153.34.71 port 50134 [preauth]
Jun 24 21:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Invalid user test from 45.153.34.71
Jun 24 21:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: input_userauth_request: invalid user test [preauth]
Jun 24 21:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Failed password for invalid user test from 45.153.34.71 port 50152 ssh2
Jun 24 21:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Connection closed by 45.153.34.71 port 50152 [preauth]
Jun 24 21:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32584]: Invalid user coder from 45.153.34.71
Jun 24 21:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32584]: input_userauth_request: invalid user coder [preauth]
Jun 24 21:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32584]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32584]: Failed password for invalid user coder from 45.153.34.71 port 50168 ssh2
Jun 24 21:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32584]: Connection closed by 45.153.34.71 port 50168 [preauth]
Jun 24 21:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: Invalid user ftpuser from 45.153.34.71
Jun 24 21:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 21:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: Failed password for invalid user ftpuser from 45.153.34.71 port 36766 ssh2
Jun 24 21:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: Connection closed by 45.153.34.71 port 36766 [preauth]
Jun 24 21:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: Invalid user appuser from 45.153.34.71
Jun 24 21:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: input_userauth_request: invalid user appuser [preauth]
Jun 24 21:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: Failed password for invalid user appuser from 45.153.34.71 port 36770 ssh2
Jun 24 21:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: Connection closed by 45.153.34.71 port 36770 [preauth]
Jun 24 21:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: Invalid user zabbix from 45.153.34.71
Jun 24 21:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: input_userauth_request: invalid user zabbix [preauth]
Jun 24 21:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: Failed password for invalid user zabbix from 45.153.34.71 port 36780 ssh2
Jun 24 21:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: Connection closed by 45.153.34.71 port 36780 [preauth]
Jun 24 21:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Invalid user elasticsearch from 45.153.34.71
Jun 24 21:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 24 21:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session closed for user root
Jun 24 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Failed password for invalid user elasticsearch from 45.153.34.71 port 41872 ssh2
Jun 24 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Connection closed by 45.153.34.71 port 41872 [preauth]
Jun 24 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Invalid user admin from 193.46.255.86
Jun 24 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: Invalid user wizard from 45.153.34.71
Jun 24 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: input_userauth_request: invalid user wizard [preauth]
Jun 24 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Failed password for invalid user admin from 193.46.255.86 port 11168 ssh2
Jun 24 21:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: Failed password for invalid user wizard from 45.153.34.71 port 41882 ssh2
Jun 24 21:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32665]: Connection closed by 45.153.34.71 port 41882 [preauth]
Jun 24 21:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: Invalid user system from 45.153.34.71
Jun 24 21:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: input_userauth_request: invalid user system [preauth]
Jun 24 21:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Failed password for invalid user admin from 193.46.255.86 port 11168 ssh2
Jun 24 21:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: Failed password for invalid user system from 45.153.34.71 port 41886 ssh2
Jun 24 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32673]: Connection closed by 45.153.34.71 port 41886 [preauth]
Jun 24 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Failed password for invalid user admin from 193.46.255.86 port 11168 ssh2
Jun 24 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Connection closed by 193.46.255.86 port 11168 [preauth]
Jun 24 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: Failed password for root from 45.153.34.71 port 34118 ssh2
Jun 24 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: Connection closed by 45.153.34.71 port 34118 [preauth]
Jun 24 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: Invalid user aaa from 45.153.34.71
Jun 24 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: input_userauth_request: invalid user aaa [preauth]
Jun 24 21:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: Failed password for invalid user aaa from 45.153.34.71 port 34132 ssh2
Jun 24 21:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: Connection closed by 45.153.34.71 port 34132 [preauth]
Jun 24 21:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: Invalid user prefect from 45.153.34.71
Jun 24 21:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: input_userauth_request: invalid user prefect [preauth]
Jun 24 21:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: Failed password for invalid user prefect from 45.153.34.71 port 34148 ssh2
Jun 24 21:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: Connection closed by 45.153.34.71 port 34148 [preauth]
Jun 24 21:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: Invalid user dev from 45.153.34.71
Jun 24 21:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: input_userauth_request: invalid user dev [preauth]
Jun 24 21:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: Failed password for invalid user dev from 45.153.34.71 port 38012 ssh2
Jun 24 21:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: Connection closed by 45.153.34.71 port 38012 [preauth]
Jun 24 21:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: Invalid user azureuser from 45.153.34.71
Jun 24 21:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: input_userauth_request: invalid user azureuser [preauth]
Jun 24 21:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: Failed password for invalid user azureuser from 45.153.34.71 port 38018 ssh2
Jun 24 21:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: Connection closed by 45.153.34.71 port 38018 [preauth]
Jun 24 21:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Invalid user user10 from 45.153.34.71
Jun 24 21:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: input_userauth_request: invalid user user10 [preauth]
Jun 24 21:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Failed password for invalid user user10 from 45.153.34.71 port 38022 ssh2
Jun 24 21:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Connection closed by 45.153.34.71 port 38022 [preauth]
Jun 24 21:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32754]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: Invalid user rdpuser from 45.153.34.71
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: input_userauth_request: invalid user rdpuser [preauth]
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[358]: Successful su for rubyman by root
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[358]: + ??? root:rubyman
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586071 of user rubyman.
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[358]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586071.
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: Failed password for invalid user rdpuser from 45.153.34.71 port 55808 ssh2
Jun 24 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: Connection closed by 45.153.34.71 port 55808 [preauth]
Jun 24 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: Invalid user openclaw from 45.153.34.71
Jun 24 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29774]: pam_unix(cron:session): session closed for user root
Jun 24 21:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32755]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: Failed password for invalid user openclaw from 45.153.34.71 port 55822 ssh2
Jun 24 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: Connection closed by 45.153.34.71 port 55822 [preauth]
Jun 24 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Invalid user rdpuser from 45.153.34.71
Jun 24 21:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: input_userauth_request: invalid user rdpuser [preauth]
Jun 24 21:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Failed password for invalid user rdpuser from 45.153.34.71 port 55832 ssh2
Jun 24 21:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Connection closed by 45.153.34.71 port 55832 [preauth]
Jun 24 21:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Invalid user gabriel from 45.153.34.71
Jun 24 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: input_userauth_request: invalid user gabriel [preauth]
Jun 24 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Failed password for invalid user gabriel from 45.153.34.71 port 59504 ssh2
Jun 24 21:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Connection closed by 45.153.34.71 port 59504 [preauth]
Jun 24 21:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Failed password for root from 45.153.34.71 port 59508 ssh2
Jun 24 21:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Connection closed by 45.153.34.71 port 59508 [preauth]
Jun 24 21:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Invalid user administrator from 45.153.34.71
Jun 24 21:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: input_userauth_request: invalid user administrator [preauth]
Jun 24 21:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Failed password for invalid user administrator from 45.153.34.71 port 59510 ssh2
Jun 24 21:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Connection closed by 45.153.34.71 port 59510 [preauth]
Jun 24 21:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Invalid user git from 45.153.34.71
Jun 24 21:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: input_userauth_request: invalid user git [preauth]
Jun 24 21:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Failed password for invalid user git from 45.153.34.71 port 54550 ssh2
Jun 24 21:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Connection closed by 45.153.34.71 port 54550 [preauth]
Jun 24 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Invalid user user1 from 45.153.34.71
Jun 24 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: input_userauth_request: invalid user user1 [preauth]
Jun 24 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Failed password for invalid user user1 from 45.153.34.71 port 54566 ssh2
Jun 24 21:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Connection closed by 45.153.34.71 port 54566 [preauth]
Jun 24 21:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[765]: Failed password for root from 45.153.34.71 port 54572 ssh2
Jun 24 21:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[765]: Connection closed by 45.153.34.71 port 54572 [preauth]
Jun 24 21:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Invalid user postgres from 45.153.34.71
Jun 24 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: input_userauth_request: invalid user postgres [preauth]
Jun 24 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Failed password for invalid user postgres from 45.153.34.71 port 33238 ssh2
Jun 24 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Connection closed by 45.153.34.71 port 33238 [preauth]
Jun 24 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31814]: pam_unix(cron:session): session closed for user root
Jun 24 21:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: Failed password for root from 45.153.34.71 port 33252 ssh2
Jun 24 21:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: Connection closed by 45.153.34.71 port 33252 [preauth]
Jun 24 21:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[819]: Invalid user splunk from 45.153.34.71
Jun 24 21:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[819]: input_userauth_request: invalid user splunk [preauth]
Jun 24 21:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[819]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[819]: Failed password for invalid user splunk from 45.153.34.71 port 33256 ssh2
Jun 24 21:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[819]: Connection closed by 45.153.34.71 port 33256 [preauth]
Jun 24 21:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: Invalid user gateway from 45.153.34.71
Jun 24 21:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: input_userauth_request: invalid user gateway [preauth]
Jun 24 21:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: Failed password for invalid user gateway from 45.153.34.71 port 45090 ssh2
Jun 24 21:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: Connection closed by 45.153.34.71 port 45090 [preauth]
Jun 24 21:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: Failed password for root from 45.153.34.71 port 45092 ssh2
Jun 24 21:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: Connection closed by 45.153.34.71 port 45092 [preauth]
Jun 24 21:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Invalid user admin from 2.57.121.25
Jun 24 21:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 21:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Failed password for root from 45.153.34.71 port 45102 ssh2
Jun 24 21:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Connection closed by 45.153.34.71 port 45102 [preauth]
Jun 24 21:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: Invalid user deployer from 45.153.34.71
Jun 24 21:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: input_userauth_request: invalid user deployer [preauth]
Jun 24 21:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Failed password for invalid user admin from 2.57.121.25 port 33482 ssh2
Jun 24 21:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: Failed password for invalid user deployer from 45.153.34.71 port 41348 ssh2
Jun 24 21:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: Connection closed by 45.153.34.71 port 41348 [preauth]
Jun 24 21:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Failed password for invalid user admin from 2.57.121.25 port 33482 ssh2
Jun 24 21:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Failed password for root from 45.153.34.71 port 41360 ssh2
Jun 24 21:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Connection closed by 45.153.34.71 port 41360 [preauth]
Jun 24 21:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Failed password for invalid user admin from 2.57.121.25 port 33482 ssh2
Jun 24 21:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Connection closed by 2.57.121.25 port 33482 [preauth]
Jun 24 21:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 21:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: Failed password for invalid user ubuntu from 45.153.34.71 port 41368 ssh2
Jun 24 21:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: Connection closed by 45.153.34.71 port 41368 [preauth]
Jun 24 21:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: Invalid user sam from 45.153.34.71
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: input_userauth_request: invalid user sam [preauth]
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[888]: pam_unix(cron:session): session closed for user root
Jun 24 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[890]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[960]: Successful su for rubyman by root
Jun 24 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[960]: + ??? root:rubyman
Jun 24 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586078 of user rubyman.
Jun 24 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[960]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586078.
Jun 24 21:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: Failed password for invalid user sam from 45.153.34.71 port 60392 ssh2
Jun 24 21:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: Connection closed by 45.153.34.71 port 60392 [preauth]
Jun 24 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30268]: pam_unix(cron:session): session closed for user root
Jun 24 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: Invalid user bot from 45.153.34.71
Jun 24 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: input_userauth_request: invalid user bot [preauth]
Jun 24 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: Failed password for invalid user bot from 45.153.34.71 port 60406 ssh2
Jun 24 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1119]: Connection closed by 45.153.34.71 port 60406 [preauth]
Jun 24 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1158]: Failed password for root from 194.113.233.25 port 43642 ssh2
Jun 24 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1158]: Connection closed by 194.113.233.25 port 43642 [preauth]
Jun 24 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: Failed password for root from 45.153.34.71 port 60412 ssh2
Jun 24 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: Connection closed by 45.153.34.71 port 60412 [preauth]
Jun 24 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Invalid user tom from 45.153.34.71
Jun 24 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: input_userauth_request: invalid user tom [preauth]
Jun 24 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Failed password for invalid user tom from 45.153.34.71 port 46100 ssh2
Jun 24 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Connection closed by 45.153.34.71 port 46100 [preauth]
Jun 24 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Invalid user odoo14 from 45.153.34.71
Jun 24 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: input_userauth_request: invalid user odoo14 [preauth]
Jun 24 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Failed password for invalid user odoo14 from 45.153.34.71 port 46112 ssh2
Jun 24 21:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Connection closed by 45.153.34.71 port 46112 [preauth]
Jun 24 21:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: Failed password for root from 45.153.34.71 port 46136 ssh2
Jun 24 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: Connection closed by 45.153.34.71 port 46136 [preauth]
Jun 24 21:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1239]: Invalid user fivem from 45.153.34.71
Jun 24 21:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1239]: input_userauth_request: invalid user fivem [preauth]
Jun 24 21:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1239]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1239]: Failed password for invalid user fivem from 45.153.34.71 port 60622 ssh2
Jun 24 21:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1239]: Connection closed by 45.153.34.71 port 60622 [preauth]
Jun 24 21:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: Invalid user pi from 45.153.34.71
Jun 24 21:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: input_userauth_request: invalid user pi [preauth]
Jun 24 21:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: Failed password for invalid user pi from 45.153.34.71 port 60628 ssh2
Jun 24 21:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: Connection closed by 45.153.34.71 port 60628 [preauth]
Jun 24 21:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: User nobody from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: input_userauth_request: invalid user nobody [preauth]
Jun 24 21:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=nobody
Jun 24 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: Failed password for invalid user nobody from 45.153.34.71 port 60640 ssh2
Jun 24 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: Connection closed by 45.153.34.71 port 60640 [preauth]
Jun 24 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1279]: Failed password for root from 45.153.34.71 port 53294 ssh2
Jun 24 21:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1279]: Connection closed by 45.153.34.71 port 53294 [preauth]
Jun 24 21:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32265]: pam_unix(cron:session): session closed for user root
Jun 24 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Invalid user tomcat from 45.153.34.71
Jun 24 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: input_userauth_request: invalid user tomcat [preauth]
Jun 24 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Failed password for invalid user tomcat from 45.153.34.71 port 53308 ssh2
Jun 24 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Connection closed by 45.153.34.71 port 53308 [preauth]
Jun 24 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Failed password for root from 45.153.34.71 port 53316 ssh2
Jun 24 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Connection closed by 45.153.34.71 port 53316 [preauth]
Jun 24 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: Invalid user worker from 45.153.34.71
Jun 24 21:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: input_userauth_request: invalid user worker [preauth]
Jun 24 21:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: Failed password for invalid user worker from 45.153.34.71 port 48116 ssh2
Jun 24 21:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: Connection closed by 45.153.34.71 port 48116 [preauth]
Jun 24 21:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Invalid user oscar from 45.153.34.71
Jun 24 21:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: input_userauth_request: invalid user oscar [preauth]
Jun 24 21:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Failed password for invalid user oscar from 45.153.34.71 port 48122 ssh2
Jun 24 21:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Connection closed by 45.153.34.71 port 48122 [preauth]
Jun 24 21:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: Invalid user elastic from 45.153.34.71
Jun 24 21:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: input_userauth_request: invalid user elastic [preauth]
Jun 24 21:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: Failed password for invalid user elastic from 45.153.34.71 port 48138 ssh2
Jun 24 21:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: Connection closed by 45.153.34.71 port 48138 [preauth]
Jun 24 21:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Invalid user stack from 45.153.34.71
Jun 24 21:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: input_userauth_request: invalid user stack [preauth]
Jun 24 21:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Failed password for invalid user stack from 45.153.34.71 port 53466 ssh2
Jun 24 21:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Connection closed by 45.153.34.71 port 53466 [preauth]
Jun 24 21:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Invalid user parsa from 45.153.34.71
Jun 24 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: input_userauth_request: invalid user parsa [preauth]
Jun 24 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Failed password for invalid user parsa from 45.153.34.71 port 53494 ssh2
Jun 24 21:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Connection closed by 45.153.34.71 port 53494 [preauth]
Jun 24 21:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: User ftp from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: input_userauth_request: invalid user ftp [preauth]
Jun 24 21:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=ftp
Jun 24 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for invalid user ftp from 45.153.34.71 port 53506 ssh2
Jun 24 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Connection closed by 45.153.34.71 port 53506 [preauth]
Jun 24 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Invalid user openclaw from 45.153.34.71
Jun 24 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1399]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1564]: Successful su for rubyman by root
Jun 24 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1564]: + ??? root:rubyman
Jun 24 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586081 of user rubyman.
Jun 24 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1564]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586081.
Jun 24 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Failed password for invalid user openclaw from 45.153.34.71 port 37202 ssh2
Jun 24 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Connection closed by 45.153.34.71 port 37202 [preauth]
Jun 24 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30724]: pam_unix(cron:session): session closed for user root
Jun 24 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1400]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: Failed password for root from 45.153.34.71 port 37214 ssh2
Jun 24 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: Connection closed by 45.153.34.71 port 37214 [preauth]
Jun 24 21:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Failed password for root from 109.237.96.109 port 54534 ssh2
Jun 24 21:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Connection closed by 109.237.96.109 port 54534 [preauth]
Jun 24 21:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: Failed password for root from 45.153.34.71 port 37228 ssh2
Jun 24 21:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1783]: Connection closed by 45.153.34.71 port 37228 [preauth]
Jun 24 21:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Invalid user manoj from 45.153.34.71
Jun 24 21:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: input_userauth_request: invalid user manoj [preauth]
Jun 24 21:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Failed password for invalid user manoj from 45.153.34.71 port 47238 ssh2
Jun 24 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Connection closed by 45.153.34.71 port 47238 [preauth]
Jun 24 21:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Failed password for root from 45.153.34.71 port 47264 ssh2
Jun 24 21:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Connection closed by 45.153.34.71 port 47264 [preauth]
Jun 24 21:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Invalid user user3 from 45.153.34.71
Jun 24 21:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: input_userauth_request: invalid user user3 [preauth]
Jun 24 21:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Failed password for invalid user user3 from 45.153.34.71 port 47290 ssh2
Jun 24 21:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Connection closed by 45.153.34.71 port 47290 [preauth]
Jun 24 21:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: Invalid user user1 from 45.153.34.71
Jun 24 21:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: input_userauth_request: invalid user user1 [preauth]
Jun 24 21:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: Failed password for invalid user user1 from 45.153.34.71 port 33600 ssh2
Jun 24 21:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: Connection closed by 45.153.34.71 port 33600 [preauth]
Jun 24 21:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Invalid user postgres from 45.153.34.71
Jun 24 21:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: input_userauth_request: invalid user postgres [preauth]
Jun 24 21:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Failed password for invalid user postgres from 45.153.34.71 port 33610 ssh2
Jun 24 21:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Connection closed by 45.153.34.71 port 33610 [preauth]
Jun 24 21:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Invalid user user4 from 45.153.34.71
Jun 24 21:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: input_userauth_request: invalid user user4 [preauth]
Jun 24 21:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Failed password for invalid user user4 from 45.153.34.71 port 33614 ssh2
Jun 24 21:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Connection closed by 45.153.34.71 port 33614 [preauth]
Jun 24 21:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session closed for user root
Jun 24 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: Failed password for root from 45.153.34.71 port 58616 ssh2
Jun 24 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: Connection closed by 45.153.34.71 port 58616 [preauth]
Jun 24 21:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: Failed password for root from 45.153.34.71 port 58624 ssh2
Jun 24 21:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1904]: Connection closed by 45.153.34.71 port 58624 [preauth]
Jun 24 21:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: Failed password for root from 45.153.34.71 port 58640 ssh2
Jun 24 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: Connection closed by 45.153.34.71 port 58640 [preauth]
Jun 24 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: Invalid user ec2-user from 45.153.34.71
Jun 24 21:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: input_userauth_request: invalid user ec2-user [preauth]
Jun 24 21:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: Failed password for invalid user ec2-user from 45.153.34.71 port 42670 ssh2
Jun 24 21:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: Connection closed by 45.153.34.71 port 42670 [preauth]
Jun 24 21:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Invalid user fastuser from 45.153.34.71
Jun 24 21:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: input_userauth_request: invalid user fastuser [preauth]
Jun 24 21:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Failed password for invalid user fastuser from 45.153.34.71 port 42684 ssh2
Jun 24 21:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Connection closed by 45.153.34.71 port 42684 [preauth]
Jun 24 21:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: Failed password for root from 45.153.34.71 port 42714 ssh2
Jun 24 21:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1960]: Connection closed by 45.153.34.71 port 42714 [preauth]
Jun 24 21:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: Invalid user liyang from 45.153.34.71
Jun 24 21:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: input_userauth_request: invalid user liyang [preauth]
Jun 24 21:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: Failed password for invalid user liyang from 45.153.34.71 port 33540 ssh2
Jun 24 21:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1973]: Connection closed by 45.153.34.71 port 33540 [preauth]
Jun 24 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: Invalid user dev from 45.153.34.71
Jun 24 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: input_userauth_request: invalid user dev [preauth]
Jun 24 21:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: Failed password for invalid user dev from 45.153.34.71 port 33566 ssh2
Jun 24 21:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: Connection closed by 45.153.34.71 port 33566 [preauth]
Jun 24 21:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1995]: Invalid user deploy from 45.153.34.71
Jun 24 21:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1995]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1995]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1995]: Failed password for invalid user deploy from 45.153.34.71 port 33586 ssh2
Jun 24 21:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1995]: Connection closed by 45.153.34.71 port 33586 [preauth]
Jun 24 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Invalid user hamed from 45.153.34.71
Jun 24 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: input_userauth_request: invalid user hamed [preauth]
Jun 24 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2017]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2097]: Successful su for rubyman by root
Jun 24 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2097]: + ??? root:rubyman
Jun 24 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586085 of user rubyman.
Jun 24 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2097]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586085.
Jun 24 21:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Failed password for invalid user hamed from 45.153.34.71 port 49292 ssh2
Jun 24 21:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Connection closed by 45.153.34.71 port 49292 [preauth]
Jun 24 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31270]: pam_unix(cron:session): session closed for user root
Jun 24 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Invalid user admin123 from 45.153.34.71
Jun 24 21:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: input_userauth_request: invalid user admin123 [preauth]
Jun 24 21:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Failed password for invalid user admin123 from 45.153.34.71 port 49294 ssh2
Jun 24 21:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Connection closed by 45.153.34.71 port 49294 [preauth]
Jun 24 21:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Invalid user test2 from 45.153.34.71
Jun 24 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: input_userauth_request: invalid user test2 [preauth]
Jun 24 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for invalid user test2 from 45.153.34.71 port 49300 ssh2
Jun 24 21:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Connection closed by 45.153.34.71 port 49300 [preauth]
Jun 24 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Invalid user deploy from 45.153.34.71
Jun 24 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Failed password for invalid user deploy from 45.153.34.71 port 50662 ssh2
Jun 24 21:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Connection closed by 45.153.34.71 port 50662 [preauth]
Jun 24 21:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Invalid user es from 45.153.34.71
Jun 24 21:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: input_userauth_request: invalid user es [preauth]
Jun 24 21:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Failed password for invalid user es from 45.153.34.71 port 50674 ssh2
Jun 24 21:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Connection closed by 45.153.34.71 port 50674 [preauth]
Jun 24 21:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Invalid user jenkins from 45.153.34.71
Jun 24 21:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: input_userauth_request: invalid user jenkins [preauth]
Jun 24 21:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Failed password for invalid user jenkins from 45.153.34.71 port 50682 ssh2
Jun 24 21:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Connection closed by 45.153.34.71 port 50682 [preauth]
Jun 24 21:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Invalid user admin from 45.153.34.71
Jun 24 21:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Failed password for invalid user admin from 45.153.34.71 port 57414 ssh2
Jun 24 21:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Connection closed by 45.153.34.71 port 57414 [preauth]
Jun 24 21:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: Invalid user dmdba from 45.153.34.71
Jun 24 21:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: input_userauth_request: invalid user dmdba [preauth]
Jun 24 21:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: Failed password for invalid user dmdba from 45.153.34.71 port 57426 ssh2
Jun 24 21:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: Connection closed by 45.153.34.71 port 57426 [preauth]
Jun 24 21:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Invalid user user from 45.153.34.71
Jun 24 21:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: input_userauth_request: invalid user user [preauth]
Jun 24 21:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Failed password for invalid user user from 45.153.34.71 port 57434 ssh2
Jun 24 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Connection closed by 45.153.34.71 port 57434 [preauth]
Jun 24 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Failed password for invalid user ubuntu from 45.153.34.71 port 35740 ssh2
Jun 24 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Connection closed by 45.153.34.71 port 35740 [preauth]
Jun 24 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[893]: pam_unix(cron:session): session closed for user root
Jun 24 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Failed password for root from 45.153.34.71 port 35748 ssh2
Jun 24 21:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Connection closed by 45.153.34.71 port 35748 [preauth]
Jun 24 21:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Invalid user bot from 45.153.34.71
Jun 24 21:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: input_userauth_request: invalid user bot [preauth]
Jun 24 21:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Failed password for invalid user bot from 45.153.34.71 port 35752 ssh2
Jun 24 21:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Connection closed by 45.153.34.71 port 35752 [preauth]
Jun 24 21:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Invalid user git from 45.153.34.71
Jun 24 21:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: input_userauth_request: invalid user git [preauth]
Jun 24 21:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Failed password for invalid user git from 45.153.34.71 port 45368 ssh2
Jun 24 21:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Connection closed by 45.153.34.71 port 45368 [preauth]
Jun 24 21:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Invalid user jack from 45.153.34.71
Jun 24 21:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: input_userauth_request: invalid user jack [preauth]
Jun 24 21:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Failed password for invalid user jack from 45.153.34.71 port 45370 ssh2
Jun 24 21:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Connection closed by 45.153.34.71 port 45370 [preauth]
Jun 24 21:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: Invalid user oracle from 45.153.34.71
Jun 24 21:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: input_userauth_request: invalid user oracle [preauth]
Jun 24 21:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: Failed password for invalid user oracle from 45.153.34.71 port 45372 ssh2
Jun 24 21:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2465]: Connection closed by 45.153.34.71 port 45372 [preauth]
Jun 24 21:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Invalid user bob from 45.153.34.71
Jun 24 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: input_userauth_request: invalid user bob [preauth]
Jun 24 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Failed password for invalid user bob from 45.153.34.71 port 45670 ssh2
Jun 24 21:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Connection closed by 45.153.34.71 port 45670 [preauth]
Jun 24 21:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Invalid user mohammad from 45.153.34.71
Jun 24 21:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: input_userauth_request: invalid user mohammad [preauth]
Jun 24 21:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Failed password for invalid user mohammad from 45.153.34.71 port 45672 ssh2
Jun 24 21:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Connection closed by 45.153.34.71 port 45672 [preauth]
Jun 24 21:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: Invalid user fa from 45.153.34.71
Jun 24 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: input_userauth_request: invalid user fa [preauth]
Jun 24 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: Failed password for invalid user fa from 45.153.34.71 port 45686 ssh2
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: Connection closed by 45.153.34.71 port 45686 [preauth]
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2501]: pam_unix(cron:session): session closed for user root
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2495]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2576]: Successful su for rubyman by root
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2576]: + ??? root:rubyman
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586092 of user rubyman.
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2576]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586092.
Jun 24 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2497]: pam_unix(cron:session): session closed for user root
Jun 24 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Failed password for root from 45.153.34.71 port 46828 ssh2
Jun 24 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session closed for user root
Jun 24 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Connection closed by 45.153.34.71 port 46828 [preauth]
Jun 24 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2496]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Failed password for root from 45.153.34.71 port 46838 ssh2
Jun 24 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Connection closed by 45.153.34.71 port 46838 [preauth]
Jun 24 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Invalid user dev from 45.153.34.71
Jun 24 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: input_userauth_request: invalid user dev [preauth]
Jun 24 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Failed password for invalid user dev from 45.153.34.71 port 46842 ssh2
Jun 24 21:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Connection closed by 45.153.34.71 port 46842 [preauth]
Jun 24 21:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: Invalid user app from 45.153.34.71
Jun 24 21:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: input_userauth_request: invalid user app [preauth]
Jun 24 21:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: Failed password for invalid user app from 45.153.34.71 port 38978 ssh2
Jun 24 21:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: Connection closed by 45.153.34.71 port 38978 [preauth]
Jun 24 21:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Failed password for root from 45.153.34.71 port 38982 ssh2
Jun 24 21:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Connection closed by 45.153.34.71 port 38982 [preauth]
Jun 24 21:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: User vncuser from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: input_userauth_request: invalid user vncuser [preauth]
Jun 24 21:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=vncuser
Jun 24 21:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: Failed password for invalid user vncuser from 45.153.34.71 port 38992 ssh2
Jun 24 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: Connection closed by 45.153.34.71 port 38992 [preauth]
Jun 24 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: Invalid user armon from 141.98.83.240
Jun 24 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: input_userauth_request: invalid user armon [preauth]
Jun 24 21:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 21:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: Invalid user ftpuser from 45.153.34.71
Jun 24 21:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 21:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: Failed password for invalid user armon from 141.98.83.240 port 17264 ssh2
Jun 24 21:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: Failed password for invalid user ftpuser from 45.153.34.71 port 39374 ssh2
Jun 24 21:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: Connection closed by 45.153.34.71 port 39374 [preauth]
Jun 24 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Invalid user student from 45.153.34.71
Jun 24 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: input_userauth_request: invalid user student [preauth]
Jun 24 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: Failed password for invalid user armon from 141.98.83.240 port 17264 ssh2
Jun 24 21:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Failed password for invalid user student from 45.153.34.71 port 39376 ssh2
Jun 24 21:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: Failed password for invalid user armon from 141.98.83.240 port 17264 ssh2
Jun 24 21:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Connection closed by 45.153.34.71 port 39376 [preauth]
Jun 24 21:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: Connection closed by 141.98.83.240 port 17264 [preauth]
Jun 24 21:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 21:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: Invalid user appuser from 45.153.34.71
Jun 24 21:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: input_userauth_request: invalid user appuser [preauth]
Jun 24 21:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: Failed password for invalid user appuser from 45.153.34.71 port 39386 ssh2
Jun 24 21:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2876]: Connection closed by 45.153.34.71 port 39386 [preauth]
Jun 24 21:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: Invalid user user1 from 45.153.34.71
Jun 24 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: input_userauth_request: invalid user user1 [preauth]
Jun 24 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1402]: pam_unix(cron:session): session closed for user root
Jun 24 21:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: Failed password for invalid user user1 from 45.153.34.71 port 43206 ssh2
Jun 24 21:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2886]: Connection closed by 45.153.34.71 port 43206 [preauth]
Jun 24 21:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: Failed password for root from 45.153.34.71 port 43222 ssh2
Jun 24 21:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: Connection closed by 45.153.34.71 port 43222 [preauth]
Jun 24 21:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Invalid user prem from 45.153.34.71
Jun 24 21:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: input_userauth_request: invalid user prem [preauth]
Jun 24 21:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Failed password for invalid user prem from 45.153.34.71 port 43224 ssh2
Jun 24 21:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Connection closed by 45.153.34.71 port 43224 [preauth]
Jun 24 21:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Invalid user postgres from 45.153.34.71
Jun 24 21:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: input_userauth_request: invalid user postgres [preauth]
Jun 24 21:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Failed password for invalid user postgres from 45.153.34.71 port 52780 ssh2
Jun 24 21:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Connection closed by 45.153.34.71 port 52780 [preauth]
Jun 24 21:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Invalid user minecraft from 45.153.34.71
Jun 24 21:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 21:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Failed password for invalid user minecraft from 45.153.34.71 port 52804 ssh2
Jun 24 21:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Connection closed by 45.153.34.71 port 52804 [preauth]
Jun 24 21:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Invalid user odoo16 from 45.153.34.71
Jun 24 21:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: input_userauth_request: invalid user odoo16 [preauth]
Jun 24 21:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Failed password for invalid user odoo16 from 45.153.34.71 port 52824 ssh2
Jun 24 21:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Connection closed by 45.153.34.71 port 52824 [preauth]
Jun 24 21:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: User mysql from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: input_userauth_request: invalid user mysql [preauth]
Jun 24 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=mysql
Jun 24 21:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: Failed password for invalid user mysql from 45.153.34.71 port 34586 ssh2
Jun 24 21:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2963]: Connection closed by 45.153.34.71 port 34586 [preauth]
Jun 24 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2966]: Failed password for root from 45.153.34.71 port 34590 ssh2
Jun 24 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2966]: Connection closed by 45.153.34.71 port 34590 [preauth]
Jun 24 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Failed password for invalid user ubuntu from 45.153.34.71 port 34600 ssh2
Jun 24 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Connection closed by 45.153.34.71 port 34600 [preauth]
Jun 24 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2982]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Invalid user server from 45.153.34.71
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: input_userauth_request: invalid user server [preauth]
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3060]: Successful su for rubyman by root
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3060]: + ??? root:rubyman
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586095 of user rubyman.
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3060]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586095.
Jun 24 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Failed password for invalid user server from 45.153.34.71 port 44384 ssh2
Jun 24 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Connection closed by 45.153.34.71 port 44384 [preauth]
Jun 24 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32264]: pam_unix(cron:session): session closed for user root
Jun 24 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: Invalid user user from 45.153.34.71
Jun 24 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: input_userauth_request: invalid user user [preauth]
Jun 24 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: Failed password for invalid user user from 45.153.34.71 port 44390 ssh2
Jun 24 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: Connection closed by 45.153.34.71 port 44390 [preauth]
Jun 24 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3233]: Invalid user test1 from 45.153.34.71
Jun 24 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3233]: input_userauth_request: invalid user test1 [preauth]
Jun 24 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3233]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3233]: Failed password for invalid user test1 from 45.153.34.71 port 44404 ssh2
Jun 24 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3233]: Connection closed by 45.153.34.71 port 44404 [preauth]
Jun 24 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Invalid user rocky from 45.153.34.71
Jun 24 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: input_userauth_request: invalid user rocky [preauth]
Jun 24 21:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Failed password for invalid user rocky from 45.153.34.71 port 35980 ssh2
Jun 24 21:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Connection closed by 45.153.34.71 port 35980 [preauth]
Jun 24 21:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: Failed password for root from 45.153.34.71 port 35992 ssh2
Jun 24 21:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: Connection closed by 45.153.34.71 port 35992 [preauth]
Jun 24 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Invalid user admin from 45.153.34.71
Jun 24 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Failed password for invalid user admin from 45.153.34.71 port 36002 ssh2
Jun 24 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Connection closed by 45.153.34.71 port 36002 [preauth]
Jun 24 21:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: Invalid user dspace from 45.153.34.71
Jun 24 21:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: input_userauth_request: invalid user dspace [preauth]
Jun 24 21:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: Failed password for invalid user dspace from 45.153.34.71 port 49254 ssh2
Jun 24 21:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3286]: Connection closed by 45.153.34.71 port 49254 [preauth]
Jun 24 21:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: Invalid user app from 45.153.34.71
Jun 24 21:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: input_userauth_request: invalid user app [preauth]
Jun 24 21:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: Failed password for invalid user app from 45.153.34.71 port 49278 ssh2
Jun 24 21:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3308]: Connection closed by 45.153.34.71 port 49278 [preauth]
Jun 24 21:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for root from 45.153.34.71 port 49290 ssh2
Jun 24 21:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Connection closed by 45.153.34.71 port 49290 [preauth]
Jun 24 21:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2021]: pam_unix(cron:session): session closed for user root
Jun 24 21:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: Failed password for root from 45.153.34.71 port 45194 ssh2
Jun 24 21:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: Connection closed by 45.153.34.71 port 45194 [preauth]
Jun 24 21:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: Invalid user administrator from 45.153.34.71
Jun 24 21:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: input_userauth_request: invalid user administrator [preauth]
Jun 24 21:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: Failed password for invalid user administrator from 45.153.34.71 port 45202 ssh2
Jun 24 21:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: Connection closed by 45.153.34.71 port 45202 [preauth]
Jun 24 21:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Invalid user nvidia from 45.153.34.71
Jun 24 21:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: input_userauth_request: invalid user nvidia [preauth]
Jun 24 21:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Failed password for invalid user nvidia from 45.153.34.71 port 45208 ssh2
Jun 24 21:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Connection closed by 45.153.34.71 port 45208 [preauth]
Jun 24 21:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: Invalid user nutanix from 45.153.34.71
Jun 24 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: input_userauth_request: invalid user nutanix [preauth]
Jun 24 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: Failed password for invalid user nutanix from 45.153.34.71 port 41632 ssh2
Jun 24 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3364]: Connection closed by 45.153.34.71 port 41632 [preauth]
Jun 24 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3378]: Failed password for root from 45.153.34.71 port 41648 ssh2
Jun 24 21:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3378]: Connection closed by 45.153.34.71 port 41648 [preauth]
Jun 24 21:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Invalid user openclaw from 45.153.34.71
Jun 24 21:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 21:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Failed password for invalid user openclaw from 45.153.34.71 port 41652 ssh2
Jun 24 21:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Connection closed by 45.153.34.71 port 41652 [preauth]
Jun 24 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3398]: Failed password for root from 45.153.34.71 port 34436 ssh2
Jun 24 21:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3398]: Connection closed by 45.153.34.71 port 34436 [preauth]
Jun 24 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: Invalid user labuser from 45.153.34.71
Jun 24 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: input_userauth_request: invalid user labuser [preauth]
Jun 24 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: Failed password for invalid user labuser from 45.153.34.71 port 34448 ssh2
Jun 24 21:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: Connection closed by 45.153.34.71 port 34448 [preauth]
Jun 24 21:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Invalid user user from 45.153.34.71
Jun 24 21:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: input_userauth_request: invalid user user [preauth]
Jun 24 21:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Failed password for invalid user user from 45.153.34.71 port 34450 ssh2
Jun 24 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Connection closed by 45.153.34.71 port 34450 [preauth]
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3424]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: Invalid user testuser from 45.153.34.71
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: input_userauth_request: invalid user testuser [preauth]
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3490]: Successful su for rubyman by root
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3490]: + ??? root:rubyman
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586098 of user rubyman.
Jun 24 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3490]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586098.
Jun 24 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: Failed password for invalid user testuser from 45.153.34.71 port 35942 ssh2
Jun 24 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: Connection closed by 45.153.34.71 port 35942 [preauth]
Jun 24 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32756]: pam_unix(cron:session): session closed for user root
Jun 24 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: Invalid user test from 45.153.34.71
Jun 24 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: input_userauth_request: invalid user test [preauth]
Jun 24 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3425]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: Failed password for invalid user test from 45.153.34.71 port 35950 ssh2
Jun 24 21:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: Connection closed by 45.153.34.71 port 35950 [preauth]
Jun 24 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3683]: Invalid user minecraft from 45.153.34.71
Jun 24 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3683]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3683]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3683]: Failed password for invalid user minecraft from 45.153.34.71 port 35964 ssh2
Jun 24 21:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3683]: Connection closed by 45.153.34.71 port 35964 [preauth]
Jun 24 21:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: Failed password for root from 45.153.34.71 port 52818 ssh2
Jun 24 21:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: Connection closed by 45.153.34.71 port 52818 [preauth]
Jun 24 21:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Failed password for root from 45.153.34.71 port 52832 ssh2
Jun 24 21:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Connection closed by 45.153.34.71 port 52832 [preauth]
Jun 24 21:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: Invalid user kipt from 45.153.34.71
Jun 24 21:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: input_userauth_request: invalid user kipt [preauth]
Jun 24 21:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: Failed password for invalid user kipt from 45.153.34.71 port 52840 ssh2
Jun 24 21:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: Connection closed by 45.153.34.71 port 52840 [preauth]
Jun 24 21:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: Invalid user erp from 45.153.34.71
Jun 24 21:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: input_userauth_request: invalid user erp [preauth]
Jun 24 21:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: Failed password for invalid user erp from 45.153.34.71 port 52158 ssh2
Jun 24 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: Connection closed by 45.153.34.71 port 52158 [preauth]
Jun 24 21:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Invalid user admin from 45.153.34.71
Jun 24 21:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Failed password for invalid user admin from 45.153.34.71 port 52172 ssh2
Jun 24 21:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Connection closed by 45.153.34.71 port 52172 [preauth]
Jun 24 21:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Invalid user test from 45.153.34.71
Jun 24 21:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: input_userauth_request: invalid user test [preauth]
Jun 24 21:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Failed password for invalid user test from 45.153.34.71 port 52174 ssh2
Jun 24 21:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Connection closed by 45.153.34.71 port 52174 [preauth]
Jun 24 21:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Invalid user gitlab from 45.153.34.71
Jun 24 21:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: input_userauth_request: invalid user gitlab [preauth]
Jun 24 21:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Failed password for invalid user gitlab from 45.153.34.71 port 37608 ssh2
Jun 24 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2500]: pam_unix(cron:session): session closed for user root
Jun 24 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Connection closed by 45.153.34.71 port 37608 [preauth]
Jun 24 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: Invalid user ark from 45.153.34.71
Jun 24 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: input_userauth_request: invalid user ark [preauth]
Jun 24 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: Failed password for invalid user ark from 45.153.34.71 port 37612 ssh2
Jun 24 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3936]: Connection closed by 45.153.34.71 port 37612 [preauth]
Jun 24 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: Failed password for root from 45.153.34.71 port 37626 ssh2
Jun 24 21:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: Connection closed by 45.153.34.71 port 37626 [preauth]
Jun 24 21:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: Invalid user cloud-user from 45.153.34.71
Jun 24 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: input_userauth_request: invalid user cloud-user [preauth]
Jun 24 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: Failed password for invalid user cloud-user from 45.153.34.71 port 59468 ssh2
Jun 24 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: Connection closed by 45.153.34.71 port 59468 [preauth]
Jun 24 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: Invalid user sam from 45.153.34.71
Jun 24 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: input_userauth_request: invalid user sam [preauth]
Jun 24 21:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: Failed password for invalid user sam from 45.153.34.71 port 59482 ssh2
Jun 24 21:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: Connection closed by 45.153.34.71 port 59482 [preauth]
Jun 24 21:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: Failed password for root from 45.153.34.71 port 59486 ssh2
Jun 24 21:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: Connection closed by 45.153.34.71 port 59486 [preauth]
Jun 24 21:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: Failed password for invalid user ubuntu from 45.153.34.71 port 33838 ssh2
Jun 24 21:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: Connection closed by 45.153.34.71 port 33838 [preauth]
Jun 24 21:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: Failed password for root from 45.153.34.71 port 33848 ssh2
Jun 24 21:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: Connection closed by 45.153.34.71 port 33848 [preauth]
Jun 24 21:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: Invalid user pi from 45.153.34.71
Jun 24 21:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: input_userauth_request: invalid user pi [preauth]
Jun 24 21:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: Failed password for invalid user pi from 45.153.34.71 port 33850 ssh2
Jun 24 21:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: Connection closed by 45.153.34.71 port 33850 [preauth]
Jun 24 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4064]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Invalid user milad from 45.153.34.71
Jun 24 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: input_userauth_request: invalid user milad [preauth]
Jun 24 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: Successful su for rubyman by root
Jun 24 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: + ??? root:rubyman
Jun 24 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586102 of user rubyman.
Jun 24 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4122]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586102.
Jun 24 21:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Failed password for invalid user milad from 45.153.34.71 port 34078 ssh2
Jun 24 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Connection closed by 45.153.34.71 port 34078 [preauth]
Jun 24 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[892]: pam_unix(cron:session): session closed for user root
Jun 24 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Invalid user jenkins from 45.153.34.71
Jun 24 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: input_userauth_request: invalid user jenkins [preauth]
Jun 24 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4065]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Failed password for invalid user jenkins from 45.153.34.71 port 34092 ssh2
Jun 24 21:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Connection closed by 45.153.34.71 port 34092 [preauth]
Jun 24 21:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: Invalid user system from 45.153.34.71
Jun 24 21:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: input_userauth_request: invalid user system [preauth]
Jun 24 21:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: Failed password for invalid user system from 45.153.34.71 port 34104 ssh2
Jun 24 21:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: Connection closed by 45.153.34.71 port 34104 [preauth]
Jun 24 21:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4337]: Failed password for root from 45.153.34.71 port 36526 ssh2
Jun 24 21:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4337]: Connection closed by 45.153.34.71 port 36526 [preauth]
Jun 24 21:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Failed password for root from 45.153.34.71 port 36534 ssh2
Jun 24 21:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Connection closed by 45.153.34.71 port 36534 [preauth]
Jun 24 21:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Failed password for root from 45.153.34.71 port 36536 ssh2
Jun 24 21:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Connection closed by 45.153.34.71 port 36536 [preauth]
Jun 24 21:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Invalid user amine from 45.153.34.71
Jun 24 21:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: input_userauth_request: invalid user amine [preauth]
Jun 24 21:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Failed password for invalid user amine from 45.153.34.71 port 40354 ssh2
Jun 24 21:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Connection closed by 45.153.34.71 port 40354 [preauth]
Jun 24 21:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: Failed password for root from 45.153.34.71 port 40362 ssh2
Jun 24 21:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: Connection closed by 45.153.34.71 port 40362 [preauth]
Jun 24 21:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Failed password for root from 45.153.34.71 port 40376 ssh2
Jun 24 21:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Connection closed by 45.153.34.71 port 40376 [preauth]
Jun 24 21:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Failed password for root from 45.153.34.71 port 60778 ssh2
Jun 24 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Connection closed by 45.153.34.71 port 60778 [preauth]
Jun 24 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session closed for user root
Jun 24 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: Invalid user admin from 45.153.34.71
Jun 24 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: Failed password for invalid user admin from 45.153.34.71 port 60784 ssh2
Jun 24 21:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: Connection closed by 45.153.34.71 port 60784 [preauth]
Jun 24 21:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4439]: User mysql from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4439]: input_userauth_request: invalid user mysql [preauth]
Jun 24 21:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=mysql
Jun 24 21:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4439]: Failed password for invalid user mysql from 45.153.34.71 port 60796 ssh2
Jun 24 21:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4439]: Connection closed by 45.153.34.71 port 60796 [preauth]
Jun 24 21:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Failed password for root from 45.153.34.71 port 43622 ssh2
Jun 24 21:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Connection closed by 45.153.34.71 port 43622 [preauth]
Jun 24 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: Invalid user dev from 45.153.34.71
Jun 24 21:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: input_userauth_request: invalid user dev [preauth]
Jun 24 21:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: Failed password for invalid user dev from 45.153.34.71 port 43624 ssh2
Jun 24 21:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: Connection closed by 45.153.34.71 port 43624 [preauth]
Jun 24 21:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Invalid user deploy from 45.153.34.71
Jun 24 21:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Failed password for invalid user deploy from 45.153.34.71 port 43634 ssh2
Jun 24 21:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Connection closed by 45.153.34.71 port 43634 [preauth]
Jun 24 21:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Invalid user sam from 45.153.34.71
Jun 24 21:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: input_userauth_request: invalid user sam [preauth]
Jun 24 21:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Failed password for invalid user sam from 45.153.34.71 port 51948 ssh2
Jun 24 21:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Connection closed by 45.153.34.71 port 51948 [preauth]
Jun 24 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4489]: Invalid user tom from 45.153.34.71
Jun 24 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4489]: input_userauth_request: invalid user tom [preauth]
Jun 24 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4489]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4489]: Failed password for invalid user tom from 45.153.34.71 port 51952 ssh2
Jun 24 21:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4489]: Connection closed by 45.153.34.71 port 51952 [preauth]
Jun 24 21:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Invalid user jay from 45.153.34.71
Jun 24 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: input_userauth_request: invalid user jay [preauth]
Jun 24 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Failed password for invalid user jay from 45.153.34.71 port 51958 ssh2
Jun 24 21:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Connection closed by 45.153.34.71 port 51958 [preauth]
Jun 24 21:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Invalid user oscar from 45.153.34.71
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: input_userauth_request: invalid user oscar [preauth]
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4504]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4571]: Successful su for rubyman by root
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4571]: + ??? root:rubyman
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586107 of user rubyman.
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4571]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586107.
Jun 24 21:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Failed password for invalid user oscar from 45.153.34.71 port 35666 ssh2
Jun 24 21:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Connection closed by 45.153.34.71 port 35666 [preauth]
Jun 24 21:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: Invalid user username from 45.153.34.71
Jun 24 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: input_userauth_request: invalid user username [preauth]
Jun 24 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1401]: pam_unix(cron:session): session closed for user root
Jun 24 21:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4505]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: Failed password for invalid user username from 45.153.34.71 port 35694 ssh2
Jun 24 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: Connection closed by 45.153.34.71 port 35694 [preauth]
Jun 24 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: Invalid user admin1 from 45.153.34.71
Jun 24 21:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: input_userauth_request: invalid user admin1 [preauth]
Jun 24 21:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: Failed password for root from 103.176.20.57 port 33876 ssh2
Jun 24 21:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4746]: Connection closed by 103.176.20.57 port 33876 [preauth]
Jun 24 21:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: Failed password for invalid user admin1 from 45.153.34.71 port 35716 ssh2
Jun 24 21:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: Connection closed by 45.153.34.71 port 35716 [preauth]
Jun 24 21:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4842]: Invalid user user1 from 45.153.34.71
Jun 24 21:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4842]: input_userauth_request: invalid user user1 [preauth]
Jun 24 21:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4842]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4842]: Failed password for invalid user user1 from 45.153.34.71 port 35734 ssh2
Jun 24 21:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4842]: Connection closed by 45.153.34.71 port 35734 [preauth]
Jun 24 21:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Invalid user dmdba from 45.153.34.71
Jun 24 21:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: input_userauth_request: invalid user dmdba [preauth]
Jun 24 21:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Failed password for invalid user dmdba from 45.153.34.71 port 46440 ssh2
Jun 24 21:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Connection closed by 45.153.34.71 port 46440 [preauth]
Jun 24 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Failed password for root from 45.153.34.71 port 46450 ssh2
Jun 24 21:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Connection closed by 45.153.34.71 port 46450 [preauth]
Jun 24 21:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Invalid user deploy from 45.153.34.71
Jun 24 21:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Failed password for invalid user deploy from 45.153.34.71 port 46462 ssh2
Jun 24 21:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Connection closed by 45.153.34.71 port 46462 [preauth]
Jun 24 21:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: Failed password for root from 45.153.34.71 port 41090 ssh2
Jun 24 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: Connection closed by 45.153.34.71 port 41090 [preauth]
Jun 24 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: Invalid user work from 45.153.34.71
Jun 24 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: input_userauth_request: invalid user work [preauth]
Jun 24 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: Failed password for invalid user work from 45.153.34.71 port 41094 ssh2
Jun 24 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: Connection closed by 45.153.34.71 port 41094 [preauth]
Jun 24 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: Invalid user user2 from 45.153.34.71
Jun 24 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: input_userauth_request: invalid user user2 [preauth]
Jun 24 21:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: Failed password for invalid user user2 from 45.153.34.71 port 41110 ssh2
Jun 24 21:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: Connection closed by 45.153.34.71 port 41110 [preauth]
Jun 24 21:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Invalid user tactical from 45.153.34.71
Jun 24 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: input_userauth_request: invalid user tactical [preauth]
Jun 24 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3427]: pam_unix(cron:session): session closed for user root
Jun 24 21:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Failed password for invalid user tactical from 45.153.34.71 port 54922 ssh2
Jun 24 21:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Connection closed by 45.153.34.71 port 54922 [preauth]
Jun 24 21:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: Invalid user admin from 45.153.34.71
Jun 24 21:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: Failed password for invalid user admin from 45.153.34.71 port 54940 ssh2
Jun 24 21:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4996]: Connection closed by 45.153.34.71 port 54940 [preauth]
Jun 24 21:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: Invalid user testuser from 45.153.34.71
Jun 24 21:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: input_userauth_request: invalid user testuser [preauth]
Jun 24 21:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: Failed password for invalid user testuser from 45.153.34.71 port 54950 ssh2
Jun 24 21:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: Connection closed by 45.153.34.71 port 54950 [preauth]
Jun 24 21:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: Invalid user guest from 45.153.34.71
Jun 24 21:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: input_userauth_request: invalid user guest [preauth]
Jun 24 21:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: Failed password for invalid user guest from 45.153.34.71 port 52552 ssh2
Jun 24 21:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: Connection closed by 45.153.34.71 port 52552 [preauth]
Jun 24 21:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: Invalid user app from 45.153.34.71
Jun 24 21:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: input_userauth_request: invalid user app [preauth]
Jun 24 21:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: Failed password for invalid user app from 45.153.34.71 port 52568 ssh2
Jun 24 21:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: Connection closed by 45.153.34.71 port 52568 [preauth]
Jun 24 21:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5032]: Failed password for root from 45.153.34.71 port 52584 ssh2
Jun 24 21:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5032]: Connection closed by 45.153.34.71 port 52584 [preauth]
Jun 24 21:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: Invalid user runner from 45.153.34.71
Jun 24 21:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: input_userauth_request: invalid user runner [preauth]
Jun 24 21:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: Failed password for invalid user runner from 45.153.34.71 port 56974 ssh2
Jun 24 21:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: Connection closed by 45.153.34.71 port 56974 [preauth]
Jun 24 21:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: Invalid user www from 45.153.34.71
Jun 24 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: input_userauth_request: invalid user www [preauth]
Jun 24 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: Failed password for invalid user www from 45.153.34.71 port 56986 ssh2
Jun 24 21:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: Connection closed by 45.153.34.71 port 56986 [preauth]
Jun 24 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: Invalid user test from 45.153.34.71
Jun 24 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: input_userauth_request: invalid user test [preauth]
Jun 24 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: Failed password for invalid user test from 45.153.34.71 port 56996 ssh2
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: Connection closed by 45.153.34.71 port 56996 [preauth]
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5065]: Invalid user sdadmin from 45.153.34.71
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5065]: input_userauth_request: invalid user sdadmin [preauth]
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5073]: pam_unix(cron:session): session closed for user root
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5068]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5065]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5134]: Successful su for rubyman by root
Jun 24 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5134]: + ??? root:rubyman
Jun 24 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586113 of user rubyman.
Jun 24 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5134]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586113.
Jun 24 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5065]: Failed password for invalid user sdadmin from 45.153.34.71 port 37484 ssh2
Jun 24 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5065]: Connection closed by 45.153.34.71 port 37484 [preauth]
Jun 24 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5070]: pam_unix(cron:session): session closed for user root
Jun 24 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2020]: pam_unix(cron:session): session closed for user root
Jun 24 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: Invalid user operator from 45.153.34.71
Jun 24 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: input_userauth_request: invalid user operator [preauth]
Jun 24 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5069]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: Failed password for invalid user operator from 45.153.34.71 port 37500 ssh2
Jun 24 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: Connection closed by 45.153.34.71 port 37500 [preauth]
Jun 24 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: Invalid user admin from 45.153.34.71
Jun 24 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: Failed password for invalid user admin from 45.153.34.71 port 37506 ssh2
Jun 24 21:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: Connection closed by 45.153.34.71 port 37506 [preauth]
Jun 24 21:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Failed password for root from 45.153.34.71 port 53742 ssh2
Jun 24 21:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Connection closed by 45.153.34.71 port 53742 [preauth]
Jun 24 21:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: Invalid user user from 45.153.34.71
Jun 24 21:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: input_userauth_request: invalid user user [preauth]
Jun 24 21:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: Failed password for invalid user user from 45.153.34.71 port 53756 ssh2
Jun 24 21:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5377]: Connection closed by 45.153.34.71 port 53756 [preauth]
Jun 24 21:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: Failed password for root from 45.153.34.71 port 53764 ssh2
Jun 24 21:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: Connection closed by 45.153.34.71 port 53764 [preauth]
Jun 24 21:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: Failed password for root from 45.153.34.71 port 57870 ssh2
Jun 24 21:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: Connection closed by 45.153.34.71 port 57870 [preauth]
Jun 24 21:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Invalid user student from 45.153.34.71
Jun 24 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: input_userauth_request: invalid user student [preauth]
Jun 24 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Failed password for invalid user student from 45.153.34.71 port 57876 ssh2
Jun 24 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Connection closed by 45.153.34.71 port 57876 [preauth]
Jun 24 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: Invalid user teste from 45.153.34.71
Jun 24 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: input_userauth_request: invalid user teste [preauth]
Jun 24 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: Failed password for invalid user teste from 45.153.34.71 port 57892 ssh2
Jun 24 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: Connection closed by 45.153.34.71 port 57892 [preauth]
Jun 24 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: Invalid user student from 45.153.34.71
Jun 24 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: input_userauth_request: invalid user student [preauth]
Jun 24 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: Failed password for invalid user student from 45.153.34.71 port 57908 ssh2
Jun 24 21:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: Connection closed by 45.153.34.71 port 57908 [preauth]
Jun 24 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4067]: pam_unix(cron:session): session closed for user root
Jun 24 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: Invalid user nexus from 45.153.34.71
Jun 24 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: input_userauth_request: invalid user nexus [preauth]
Jun 24 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: Failed password for invalid user nexus from 45.153.34.71 port 43024 ssh2
Jun 24 21:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: Connection closed by 45.153.34.71 port 43024 [preauth]
Jun 24 21:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: Invalid user guest from 45.153.34.71
Jun 24 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: input_userauth_request: invalid user guest [preauth]
Jun 24 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: Failed password for invalid user guest from 45.153.34.71 port 43038 ssh2
Jun 24 21:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: Connection closed by 45.153.34.71 port 43038 [preauth]
Jun 24 21:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: Failed password for root from 45.153.34.71 port 43052 ssh2
Jun 24 21:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: Connection closed by 45.153.34.71 port 43052 [preauth]
Jun 24 21:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: Invalid user user from 45.153.34.71
Jun 24 21:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: input_userauth_request: invalid user user [preauth]
Jun 24 21:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: Failed password for invalid user user from 45.153.34.71 port 48052 ssh2
Jun 24 21:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: Connection closed by 45.153.34.71 port 48052 [preauth]
Jun 24 21:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Invalid user lighthouse from 45.153.34.71
Jun 24 21:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: input_userauth_request: invalid user lighthouse [preauth]
Jun 24 21:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Failed password for invalid user lighthouse from 45.153.34.71 port 48064 ssh2
Jun 24 21:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Connection closed by 45.153.34.71 port 48064 [preauth]
Jun 24 21:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Invalid user customer from 45.153.34.71
Jun 24 21:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: input_userauth_request: invalid user customer [preauth]
Jun 24 21:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Failed password for invalid user customer from 45.153.34.71 port 48094 ssh2
Jun 24 21:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Connection closed by 45.153.34.71 port 48094 [preauth]
Jun 24 21:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: Invalid user nexus from 45.153.34.71
Jun 24 21:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: input_userauth_request: invalid user nexus [preauth]
Jun 24 21:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: Failed password for invalid user nexus from 45.153.34.71 port 45382 ssh2
Jun 24 21:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5522]: Connection closed by 45.153.34.71 port 45382 [preauth]
Jun 24 21:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: Failed password for root from 45.153.34.71 port 45390 ssh2
Jun 24 21:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: Connection closed by 45.153.34.71 port 45390 [preauth]
Jun 24 21:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Invalid user administrator from 45.153.34.71
Jun 24 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: input_userauth_request: invalid user administrator [preauth]
Jun 24 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5545]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5613]: Successful su for rubyman by root
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5613]: + ??? root:rubyman
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586116 of user rubyman.
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5613]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586116.
Jun 24 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Failed password for invalid user administrator from 45.153.34.71 port 45392 ssh2
Jun 24 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Connection closed by 45.153.34.71 port 45392 [preauth]
Jun 24 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5652]: Failed password for root from 45.153.34.71 port 52960 ssh2
Jun 24 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2499]: pam_unix(cron:session): session closed for user root
Jun 24 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5652]: Connection closed by 45.153.34.71 port 52960 [preauth]
Jun 24 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5546]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Invalid user sam from 45.153.34.71
Jun 24 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: input_userauth_request: invalid user sam [preauth]
Jun 24 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Failed password for invalid user sam from 45.153.34.71 port 52970 ssh2
Jun 24 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Connection closed by 45.153.34.71 port 52970 [preauth]
Jun 24 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Invalid user test1 from 45.153.34.71
Jun 24 21:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: input_userauth_request: invalid user test1 [preauth]
Jun 24 21:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Failed password for invalid user test1 from 45.153.34.71 port 52978 ssh2
Jun 24 21:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Connection closed by 45.153.34.71 port 52978 [preauth]
Jun 24 21:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: Failed password for root from 45.153.34.71 port 54262 ssh2
Jun 24 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: Connection closed by 45.153.34.71 port 54262 [preauth]
Jun 24 21:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5825]: Failed password for root from 45.153.34.71 port 54270 ssh2
Jun 24 21:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5825]: Connection closed by 45.153.34.71 port 54270 [preauth]
Jun 24 21:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: Failed password for root from 45.153.34.71 port 54286 ssh2
Jun 24 21:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: Connection closed by 45.153.34.71 port 54286 [preauth]
Jun 24 21:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: Invalid user server from 45.153.34.71
Jun 24 21:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: input_userauth_request: invalid user server [preauth]
Jun 24 21:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: Failed password for invalid user server from 45.153.34.71 port 57402 ssh2
Jun 24 21:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5846]: Connection closed by 45.153.34.71 port 57402 [preauth]
Jun 24 21:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Invalid user claude from 45.153.34.71
Jun 24 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: input_userauth_request: invalid user claude [preauth]
Jun 24 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Failed password for invalid user claude from 45.153.34.71 port 57412 ssh2
Jun 24 21:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Connection closed by 45.153.34.71 port 57412 [preauth]
Jun 24 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: Failed password for root from 45.153.34.71 port 57416 ssh2
Jun 24 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: Connection closed by 45.153.34.71 port 57416 [preauth]
Jun 24 21:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Invalid user developer from 45.153.34.71
Jun 24 21:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: input_userauth_request: invalid user developer [preauth]
Jun 24 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session closed for user root
Jun 24 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Failed password for invalid user developer from 45.153.34.71 port 58306 ssh2
Jun 24 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Connection closed by 45.153.34.71 port 58306 [preauth]
Jun 24 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Invalid user fivem from 45.153.34.71
Jun 24 21:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: input_userauth_request: invalid user fivem [preauth]
Jun 24 21:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Failed password for invalid user fivem from 45.153.34.71 port 58338 ssh2
Jun 24 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Connection closed by 45.153.34.71 port 58338 [preauth]
Jun 24 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: Invalid user deploy from 45.153.34.71
Jun 24 21:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: Failed password for invalid user deploy from 45.153.34.71 port 58352 ssh2
Jun 24 21:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: Connection closed by 45.153.34.71 port 58352 [preauth]
Jun 24 21:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Invalid user sonar from 45.153.34.71
Jun 24 21:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: input_userauth_request: invalid user sonar [preauth]
Jun 24 21:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Failed password for invalid user sonar from 45.153.34.71 port 54758 ssh2
Jun 24 21:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Connection closed by 45.153.34.71 port 54758 [preauth]
Jun 24 21:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: Invalid user postgres from 45.153.34.71
Jun 24 21:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: input_userauth_request: invalid user postgres [preauth]
Jun 24 21:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: Failed password for invalid user postgres from 45.153.34.71 port 54768 ssh2
Jun 24 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: Connection closed by 45.153.34.71 port 54768 [preauth]
Jun 24 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Invalid user main from 45.153.34.71
Jun 24 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: input_userauth_request: invalid user main [preauth]
Jun 24 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Failed password for invalid user main from 45.153.34.71 port 54774 ssh2
Jun 24 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Connection closed by 45.153.34.71 port 54774 [preauth]
Jun 24 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Failed password for root from 45.153.34.71 port 42190 ssh2
Jun 24 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Connection closed by 45.153.34.71 port 42190 [preauth]
Jun 24 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: Invalid user alex from 45.153.34.71
Jun 24 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: input_userauth_request: invalid user alex [preauth]
Jun 24 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: Failed password for invalid user alex from 45.153.34.71 port 42206 ssh2
Jun 24 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: Connection closed by 45.153.34.71 port 42206 [preauth]
Jun 24 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: Failed password for root from 45.153.34.71 port 42212 ssh2
Jun 24 21:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: Connection closed by 45.153.34.71 port 42212 [preauth]
Jun 24 21:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5978]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6037]: Successful su for rubyman by root
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6037]: + ??? root:rubyman
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586120 of user rubyman.
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6037]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586120.
Jun 24 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Failed password for root from 45.153.34.71 port 49130 ssh2
Jun 24 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Connection closed by 45.153.34.71 port 49130 [preauth]
Jun 24 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Invalid user test from 45.153.34.71
Jun 24 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: input_userauth_request: invalid user test [preauth]
Jun 24 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session closed for user root
Jun 24 21:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5979]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Failed password for invalid user test from 45.153.34.71 port 49146 ssh2
Jun 24 21:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Connection closed by 45.153.34.71 port 49146 [preauth]
Jun 24 21:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Invalid user pi from 45.153.34.71
Jun 24 21:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: input_userauth_request: invalid user pi [preauth]
Jun 24 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Failed password for invalid user pi from 45.153.34.71 port 49156 ssh2
Jun 24 21:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Connection closed by 45.153.34.71 port 49156 [preauth]
Jun 24 21:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Invalid user kingbase from 45.153.34.71
Jun 24 21:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: input_userauth_request: invalid user kingbase [preauth]
Jun 24 21:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Failed password for invalid user kingbase from 45.153.34.71 port 39394 ssh2
Jun 24 21:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Connection closed by 45.153.34.71 port 39394 [preauth]
Jun 24 21:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Invalid user david from 45.153.34.71
Jun 24 21:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: input_userauth_request: invalid user david [preauth]
Jun 24 21:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Failed password for invalid user david from 45.153.34.71 port 39418 ssh2
Jun 24 21:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Connection closed by 45.153.34.71 port 39418 [preauth]
Jun 24 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: Invalid user airflow from 45.153.34.71
Jun 24 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: input_userauth_request: invalid user airflow [preauth]
Jun 24 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: Failed password for invalid user airflow from 45.153.34.71 port 39452 ssh2
Jun 24 21:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: Connection closed by 45.153.34.71 port 39452 [preauth]
Jun 24 21:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: Invalid user ec2-user from 45.153.34.71
Jun 24 21:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: input_userauth_request: invalid user ec2-user [preauth]
Jun 24 21:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: Failed password for invalid user ec2-user from 45.153.34.71 port 39474 ssh2
Jun 24 21:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: Connection closed by 45.153.34.71 port 39474 [preauth]
Jun 24 21:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: Invalid user aaa from 45.153.34.71
Jun 24 21:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: input_userauth_request: invalid user aaa [preauth]
Jun 24 21:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: Failed password for invalid user aaa from 45.153.34.71 port 39568 ssh2
Jun 24 21:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: Connection closed by 45.153.34.71 port 39568 [preauth]
Jun 24 21:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Invalid user devops from 45.153.34.71
Jun 24 21:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: input_userauth_request: invalid user devops [preauth]
Jun 24 21:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Failed password for invalid user devops from 45.153.34.71 port 39582 ssh2
Jun 24 21:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Connection closed by 45.153.34.71 port 39582 [preauth]
Jun 24 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: User john from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: input_userauth_request: invalid user john [preauth]
Jun 24 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=john
Jun 24 21:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Failed password for invalid user john from 45.153.34.71 port 39596 ssh2
Jun 24 21:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Connection closed by 45.153.34.71 port 39596 [preauth]
Jun 24 21:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5072]: pam_unix(cron:session): session closed for user root
Jun 24 21:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6308]: Failed password for root from 45.153.34.71 port 59308 ssh2
Jun 24 21:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6308]: Connection closed by 45.153.34.71 port 59308 [preauth]
Jun 24 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Failed password for invalid user ubuntu from 45.153.34.71 port 59322 ssh2
Jun 24 21:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Connection closed by 45.153.34.71 port 59322 [preauth]
Jun 24 21:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Invalid user avax from 45.153.34.71
Jun 24 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: input_userauth_request: invalid user avax [preauth]
Jun 24 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Failed password for invalid user avax from 45.153.34.71 port 59326 ssh2
Jun 24 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Connection closed by 45.153.34.71 port 59326 [preauth]
Jun 24 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: Failed password for root from 45.153.34.71 port 44884 ssh2
Jun 24 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: Connection closed by 45.153.34.71 port 44884 [preauth]
Jun 24 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: Invalid user ali from 45.153.34.71
Jun 24 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: input_userauth_request: invalid user ali [preauth]
Jun 24 21:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: Failed password for invalid user ali from 45.153.34.71 port 44892 ssh2
Jun 24 21:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: Connection closed by 45.153.34.71 port 44892 [preauth]
Jun 24 21:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Invalid user sftpuser from 45.153.34.71
Jun 24 21:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: input_userauth_request: invalid user sftpuser [preauth]
Jun 24 21:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Failed password for invalid user sftpuser from 45.153.34.71 port 44904 ssh2
Jun 24 21:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Connection closed by 45.153.34.71 port 44904 [preauth]
Jun 24 21:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Invalid user claude from 45.153.34.71
Jun 24 21:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: input_userauth_request: invalid user claude [preauth]
Jun 24 21:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Failed password for invalid user claude from 45.153.34.71 port 39194 ssh2
Jun 24 21:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Connection closed by 45.153.34.71 port 39194 [preauth]
Jun 24 21:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Invalid user runner from 45.153.34.71
Jun 24 21:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: input_userauth_request: invalid user runner [preauth]
Jun 24 21:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Failed password for invalid user runner from 45.153.34.71 port 39198 ssh2
Jun 24 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Connection closed by 45.153.34.71 port 39198 [preauth]
Jun 24 21:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Invalid user student from 45.153.34.71
Jun 24 21:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: input_userauth_request: invalid user student [preauth]
Jun 24 21:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6472]: Successful su for rubyman by root
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6472]: + ??? root:rubyman
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586124 of user rubyman.
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6472]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586124.
Jun 24 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Failed password for invalid user student from 45.153.34.71 port 39206 ssh2
Jun 24 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Connection closed by 45.153.34.71 port 39206 [preauth]
Jun 24 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: Invalid user user from 45.153.34.71
Jun 24 21:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: input_userauth_request: invalid user user [preauth]
Jun 24 21:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3426]: pam_unix(cron:session): session closed for user root
Jun 24 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: Failed password for invalid user user from 45.153.34.71 port 59138 ssh2
Jun 24 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6521]: Connection closed by 45.153.34.71 port 59138 [preauth]
Jun 24 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: Invalid user teamspeak from 45.153.34.71
Jun 24 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: input_userauth_request: invalid user teamspeak [preauth]
Jun 24 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: Failed password for invalid user teamspeak from 45.153.34.71 port 59146 ssh2
Jun 24 21:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: Connection closed by 45.153.34.71 port 59146 [preauth]
Jun 24 21:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: Failed password for root from 45.153.34.71 port 59150 ssh2
Jun 24 21:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: Connection closed by 45.153.34.71 port 59150 [preauth]
Jun 24 21:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: Invalid user test from 45.153.34.71
Jun 24 21:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: input_userauth_request: invalid user test [preauth]
Jun 24 21:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: Failed password for invalid user test from 45.153.34.71 port 51304 ssh2
Jun 24 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6671]: Connection closed by 45.153.34.71 port 51304 [preauth]
Jun 24 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Invalid user user from 45.153.34.71
Jun 24 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: input_userauth_request: invalid user user [preauth]
Jun 24 21:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Failed password for invalid user user from 45.153.34.71 port 51314 ssh2
Jun 24 21:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6686]: Connection closed by 45.153.34.71 port 51314 [preauth]
Jun 24 21:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Invalid user ts from 45.153.34.71
Jun 24 21:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: input_userauth_request: invalid user ts [preauth]
Jun 24 21:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Failed password for invalid user ts from 45.153.34.71 port 51316 ssh2
Jun 24 21:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Connection closed by 45.153.34.71 port 51316 [preauth]
Jun 24 21:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6702]: Invalid user media from 45.153.34.71
Jun 24 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6702]: input_userauth_request: invalid user media [preauth]
Jun 24 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6702]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6702]: Failed password for invalid user media from 45.153.34.71 port 33476 ssh2
Jun 24 21:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6702]: Connection closed by 45.153.34.71 port 33476 [preauth]
Jun 24 21:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: Failed password for root from 45.153.34.71 port 33488 ssh2
Jun 24 21:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: Connection closed by 45.153.34.71 port 33488 [preauth]
Jun 24 21:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: Invalid user openclaw from 45.153.34.71
Jun 24 21:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 21:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6733]: Connection reset by 147.185.132.36 port 62904 [preauth]
Jun 24 21:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: Failed password for invalid user openclaw from 45.153.34.71 port 33498 ssh2
Jun 24 21:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: Connection closed by 45.153.34.71 port 33498 [preauth]
Jun 24 21:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Invalid user a from 45.153.34.71
Jun 24 21:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: input_userauth_request: invalid user a [preauth]
Jun 24 21:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5548]: pam_unix(cron:session): session closed for user root
Jun 24 21:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Failed password for invalid user a from 45.153.34.71 port 45458 ssh2
Jun 24 21:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Connection closed by 45.153.34.71 port 45458 [preauth]
Jun 24 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Invalid user test from 45.153.34.71
Jun 24 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: input_userauth_request: invalid user test [preauth]
Jun 24 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Failed password for invalid user test from 45.153.34.71 port 45480 ssh2
Jun 24 21:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Connection closed by 45.153.34.71 port 45480 [preauth]
Jun 24 21:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: Invalid user frappe from 45.153.34.71
Jun 24 21:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: input_userauth_request: invalid user frappe [preauth]
Jun 24 21:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: Failed password for invalid user frappe from 45.153.34.71 port 45492 ssh2
Jun 24 21:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6796]: Connection closed by 45.153.34.71 port 45492 [preauth]
Jun 24 21:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Invalid user claude from 45.153.34.71
Jun 24 21:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: input_userauth_request: invalid user claude [preauth]
Jun 24 21:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Failed password for invalid user claude from 45.153.34.71 port 58696 ssh2
Jun 24 21:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Connection closed by 45.153.34.71 port 58696 [preauth]
Jun 24 21:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: Failed password for root from 45.153.34.71 port 58704 ssh2
Jun 24 21:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: Connection closed by 45.153.34.71 port 58704 [preauth]
Jun 24 21:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Invalid user webuser from 45.153.34.71
Jun 24 21:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: input_userauth_request: invalid user webuser [preauth]
Jun 24 21:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Failed password for invalid user webuser from 45.153.34.71 port 58706 ssh2
Jun 24 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Connection closed by 45.153.34.71 port 58706 [preauth]
Jun 24 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Invalid user odoo14 from 45.153.34.71
Jun 24 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: input_userauth_request: invalid user odoo14 [preauth]
Jun 24 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Failed password for invalid user odoo14 from 45.153.34.71 port 51896 ssh2
Jun 24 21:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Connection closed by 45.153.34.71 port 51896 [preauth]
Jun 24 21:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Failed password for root from 45.153.34.71 port 51906 ssh2
Jun 24 21:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Connection closed by 45.153.34.71 port 51906 [preauth]
Jun 24 21:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Invalid user home from 45.153.34.71
Jun 24 21:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: input_userauth_request: invalid user home [preauth]
Jun 24 21:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Failed password for invalid user home from 45.153.34.71 port 51912 ssh2
Jun 24 21:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Connection closed by 45.153.34.71 port 51912 [preauth]
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6861]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6925]: Successful su for rubyman by root
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6925]: + ??? root:rubyman
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586129 of user rubyman.
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6925]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586129.
Jun 24 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6858]: Failed password for root from 45.153.34.71 port 36970 ssh2
Jun 24 21:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6858]: Connection closed by 45.153.34.71 port 36970 [preauth]
Jun 24 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4066]: pam_unix(cron:session): session closed for user root
Jun 24 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Invalid user steam from 45.153.34.71
Jun 24 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: input_userauth_request: invalid user steam [preauth]
Jun 24 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Failed password for invalid user steam from 45.153.34.71 port 36972 ssh2
Jun 24 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Connection closed by 45.153.34.71 port 36972 [preauth]
Jun 24 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: Invalid user ossuser from 45.153.34.71
Jun 24 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: input_userauth_request: invalid user ossuser [preauth]
Jun 24 21:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: Failed password for invalid user ossuser from 45.153.34.71 port 36984 ssh2
Jun 24 21:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: Connection closed by 45.153.34.71 port 36984 [preauth]
Jun 24 21:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: Failed password for invalid user ubuntu from 45.153.34.71 port 56018 ssh2
Jun 24 21:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: Connection closed by 45.153.34.71 port 56018 [preauth]
Jun 24 21:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: Invalid user ec2-user from 45.153.34.71
Jun 24 21:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: input_userauth_request: invalid user ec2-user [preauth]
Jun 24 21:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: Failed password for invalid user ec2-user from 45.153.34.71 port 56024 ssh2
Jun 24 21:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7226]: Connection closed by 45.153.34.71 port 56024 [preauth]
Jun 24 21:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Invalid user dev from 45.153.34.71
Jun 24 21:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: input_userauth_request: invalid user dev [preauth]
Jun 24 21:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Failed password for invalid user dev from 45.153.34.71 port 56034 ssh2
Jun 24 21:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Connection closed by 45.153.34.71 port 56034 [preauth]
Jun 24 21:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: Invalid user cw from 45.153.34.71
Jun 24 21:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: input_userauth_request: invalid user cw [preauth]
Jun 24 21:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: Failed password for invalid user cw from 45.153.34.71 port 51908 ssh2
Jun 24 21:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: Connection closed by 45.153.34.71 port 51908 [preauth]
Jun 24 21:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Invalid user debian from 45.153.34.71
Jun 24 21:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: input_userauth_request: invalid user debian [preauth]
Jun 24 21:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Failed password for invalid user debian from 45.153.34.71 port 51910 ssh2
Jun 24 21:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Connection closed by 45.153.34.71 port 51910 [preauth]
Jun 24 21:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Invalid user root1 from 45.153.34.71
Jun 24 21:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: input_userauth_request: invalid user root1 [preauth]
Jun 24 21:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Failed password for invalid user root1 from 45.153.34.71 port 51912 ssh2
Jun 24 21:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Connection closed by 45.153.34.71 port 51912 [preauth]
Jun 24 21:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Invalid user user from 45.153.34.71
Jun 24 21:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: input_userauth_request: invalid user user [preauth]
Jun 24 21:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Failed password for invalid user user from 45.153.34.71 port 51920 ssh2
Jun 24 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Connection closed by 45.153.34.71 port 51920 [preauth]
Jun 24 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5981]: pam_unix(cron:session): session closed for user root
Jun 24 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: Invalid user calvin from 45.153.34.71
Jun 24 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: input_userauth_request: invalid user calvin [preauth]
Jun 24 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: Failed password for invalid user calvin from 45.153.34.71 port 56806 ssh2
Jun 24 21:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: Connection closed by 45.153.34.71 port 56806 [preauth]
Jun 24 21:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Failed password for root from 45.153.34.71 port 56812 ssh2
Jun 24 21:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Connection closed by 45.153.34.71 port 56812 [preauth]
Jun 24 21:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Invalid user admin2 from 45.153.34.71
Jun 24 21:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: input_userauth_request: invalid user admin2 [preauth]
Jun 24 21:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Failed password for invalid user admin2 from 45.153.34.71 port 56814 ssh2
Jun 24 21:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Connection closed by 45.153.34.71 port 56814 [preauth]
Jun 24 21:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: Failed password for root from 45.153.34.71 port 60246 ssh2
Jun 24 21:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: Connection closed by 45.153.34.71 port 60246 [preauth]
Jun 24 21:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for root from 45.153.34.71 port 60252 ssh2
Jun 24 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Connection closed by 45.153.34.71 port 60252 [preauth]
Jun 24 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Failed password for root from 45.153.34.71 port 60254 ssh2
Jun 24 21:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Connection closed by 45.153.34.71 port 60254 [preauth]
Jun 24 21:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: Failed password for root from 45.153.34.71 port 33802 ssh2
Jun 24 21:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: Connection closed by 45.153.34.71 port 33802 [preauth]
Jun 24 21:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: Invalid user csgo from 45.153.34.71
Jun 24 21:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: input_userauth_request: invalid user csgo [preauth]
Jun 24 21:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: Failed password for invalid user csgo from 45.153.34.71 port 33810 ssh2
Jun 24 21:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7379]: Connection closed by 45.153.34.71 port 33810 [preauth]
Jun 24 21:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Invalid user test1 from 45.153.34.71
Jun 24 21:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: input_userauth_request: invalid user test1 [preauth]
Jun 24 21:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7399]: pam_unix(cron:session): session closed for user root
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for invalid user test1 from 45.153.34.71 port 33828 ssh2
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7394]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Connection closed by 45.153.34.71 port 33828 [preauth]
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7460]: Successful su for rubyman by root
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7460]: + ??? root:rubyman
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586137 of user rubyman.
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7460]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586137.
Jun 24 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Invalid user admin123 from 45.153.34.71
Jun 24 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: input_userauth_request: invalid user admin123 [preauth]
Jun 24 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7396]: pam_unix(cron:session): session closed for user root
Jun 24 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4506]: pam_unix(cron:session): session closed for user root
Jun 24 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Failed password for invalid user admin123 from 45.153.34.71 port 53186 ssh2
Jun 24 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Connection closed by 45.153.34.71 port 53186 [preauth]
Jun 24 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: Invalid user openclaw from 45.153.34.71
Jun 24 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7395]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: Failed password for invalid user openclaw from 45.153.34.71 port 53188 ssh2
Jun 24 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: Connection closed by 45.153.34.71 port 53188 [preauth]
Jun 24 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: Invalid user debian from 45.153.34.71
Jun 24 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: input_userauth_request: invalid user debian [preauth]
Jun 24 21:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: Failed password for invalid user debian from 45.153.34.71 port 53190 ssh2
Jun 24 21:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: Connection closed by 45.153.34.71 port 53190 [preauth]
Jun 24 21:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: Invalid user user from 45.153.34.71
Jun 24 21:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: input_userauth_request: invalid user user [preauth]
Jun 24 21:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: Failed password for invalid user user from 45.153.34.71 port 41986 ssh2
Jun 24 21:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: Connection closed by 45.153.34.71 port 41986 [preauth]
Jun 24 21:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Invalid user ftpuser from 45.153.34.71
Jun 24 21:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 21:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Failed password for invalid user ftpuser from 45.153.34.71 port 42010 ssh2
Jun 24 21:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Connection closed by 45.153.34.71 port 42010 [preauth]
Jun 24 21:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7821]: Failed password for root from 45.153.34.71 port 42022 ssh2
Jun 24 21:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7821]: Connection closed by 45.153.34.71 port 42022 [preauth]
Jun 24 21:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Invalid user teamspeak from 45.153.34.71
Jun 24 21:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: input_userauth_request: invalid user teamspeak [preauth]
Jun 24 21:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Failed password for invalid user teamspeak from 45.153.34.71 port 58694 ssh2
Jun 24 21:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Connection closed by 45.153.34.71 port 58694 [preauth]
Jun 24 21:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7833]: Failed password for root from 45.153.34.71 port 58714 ssh2
Jun 24 21:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7833]: Connection closed by 45.153.34.71 port 58714 [preauth]
Jun 24 21:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Failed password for root from 45.153.34.71 port 58740 ssh2
Jun 24 21:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Connection closed by 45.153.34.71 port 58740 [preauth]
Jun 24 21:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Invalid user grid from 45.153.34.71
Jun 24 21:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: input_userauth_request: invalid user grid [preauth]
Jun 24 21:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session closed for user root
Jun 24 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Failed password for invalid user grid from 45.153.34.71 port 47322 ssh2
Jun 24 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7865]: Connection closed by 45.153.34.71 port 47322 [preauth]
Jun 24 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7879]: Invalid user admin1 from 45.153.34.71
Jun 24 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7879]: input_userauth_request: invalid user admin1 [preauth]
Jun 24 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7879]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7879]: Failed password for invalid user admin1 from 45.153.34.71 port 47336 ssh2
Jun 24 21:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7879]: Connection closed by 45.153.34.71 port 47336 [preauth]
Jun 24 21:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: Connection closed by 194.59.206.2 port 52832 [preauth]
Jun 24 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: Invalid user kingbase from 45.153.34.71
Jun 24 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: input_userauth_request: invalid user kingbase [preauth]
Jun 24 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: Failed password for invalid user kingbase from 45.153.34.71 port 47346 ssh2
Jun 24 21:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: Connection closed by 45.153.34.71 port 47346 [preauth]
Jun 24 21:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Invalid user alex from 45.153.34.71
Jun 24 21:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: input_userauth_request: invalid user alex [preauth]
Jun 24 21:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Failed password for invalid user alex from 45.153.34.71 port 52070 ssh2
Jun 24 21:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Connection closed by 45.153.34.71 port 52070 [preauth]
Jun 24 21:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: Invalid user security from 45.153.34.71
Jun 24 21:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: input_userauth_request: invalid user security [preauth]
Jun 24 21:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: Failed password for invalid user security from 45.153.34.71 port 52072 ssh2
Jun 24 21:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: Connection closed by 45.153.34.71 port 52072 [preauth]
Jun 24 21:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: Invalid user amit from 45.153.34.71
Jun 24 21:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: input_userauth_request: invalid user amit [preauth]
Jun 24 21:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 24 21:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.79.55.0
Jun 24 21:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 24 21:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.79.55.0
Jun 24 21:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: Failed password for invalid user amit from 45.153.34.71 port 52084 ssh2
Jun 24 21:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: Connection closed by 45.153.34.71 port 52084 [preauth]
Jun 24 21:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Invalid user azureuser from 45.153.34.71
Jun 24 21:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: input_userauth_request: invalid user azureuser [preauth]
Jun 24 21:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Failed password for invalid user azureuser from 45.153.34.71 port 52090 ssh2
Jun 24 21:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Connection closed by 45.153.34.71 port 52090 [preauth]
Jun 24 21:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Invalid user gabriel from 45.153.34.71
Jun 24 21:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: input_userauth_request: invalid user gabriel [preauth]
Jun 24 21:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Failed password for invalid user gabriel from 45.153.34.71 port 40074 ssh2
Jun 24 21:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Connection closed by 45.153.34.71 port 40074 [preauth]
Jun 24 21:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Invalid user runner from 45.153.34.71
Jun 24 21:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: input_userauth_request: invalid user runner [preauth]
Jun 24 21:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Failed password for invalid user runner from 45.153.34.71 port 40098 ssh2
Jun 24 21:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Connection closed by 45.153.34.71 port 40098 [preauth]
Jun 24 21:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Invalid user rdpuser from 45.153.34.71
Jun 24 21:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: input_userauth_request: invalid user rdpuser [preauth]
Jun 24 21:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7981]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8050]: Successful su for rubyman by root
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8050]: + ??? root:rubyman
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586138 of user rubyman.
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8050]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586138.
Jun 24 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Failed password for invalid user rdpuser from 45.153.34.71 port 40118 ssh2
Jun 24 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Connection closed by 45.153.34.71 port 40118 [preauth]
Jun 24 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: User nobody from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: input_userauth_request: invalid user nobody [preauth]
Jun 24 21:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=nobody
Jun 24 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7983]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5071]: pam_unix(cron:session): session closed for user root
Jun 24 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: Failed password for invalid user nobody from 45.153.34.71 port 57818 ssh2
Jun 24 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8148]: Connection closed by 45.153.34.71 port 57818 [preauth]
Jun 24 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Invalid user ghost from 45.153.34.71
Jun 24 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: input_userauth_request: invalid user ghost [preauth]
Jun 24 21:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Failed password for invalid user ghost from 45.153.34.71 port 57830 ssh2
Jun 24 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Connection closed by 45.153.34.71 port 57830 [preauth]
Jun 24 21:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Invalid user odoo17 from 45.153.34.71
Jun 24 21:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: input_userauth_request: invalid user odoo17 [preauth]
Jun 24 21:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Failed password for invalid user odoo17 from 45.153.34.71 port 57856 ssh2
Jun 24 21:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Connection closed by 45.153.34.71 port 57856 [preauth]
Jun 24 21:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Invalid user onkar from 45.153.34.71
Jun 24 21:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: input_userauth_request: invalid user onkar [preauth]
Jun 24 21:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Failed password for invalid user onkar from 45.153.34.71 port 49692 ssh2
Jun 24 21:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Connection closed by 45.153.34.71 port 49692 [preauth]
Jun 24 21:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Invalid user test from 45.153.34.71
Jun 24 21:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: input_userauth_request: invalid user test [preauth]
Jun 24 21:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Failed password for invalid user test from 45.153.34.71 port 49702 ssh2
Jun 24 21:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Connection closed by 45.153.34.71 port 49702 [preauth]
Jun 24 21:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for root from 45.153.34.71 port 49718 ssh2
Jun 24 21:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Connection closed by 45.153.34.71 port 49718 [preauth]
Jun 24 21:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: Invalid user openclaw from 45.153.34.71
Jun 24 21:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: input_userauth_request: invalid user openclaw [preauth]
Jun 24 21:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 24 21:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: Failed password for invalid user openclaw from 45.153.34.71 port 40770 ssh2
Jun 24 21:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: Connection closed by 45.153.34.71 port 40770 [preauth]
Jun 24 21:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: Invalid user linuxuser from 45.153.34.71
Jun 24 21:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: input_userauth_request: invalid user linuxuser [preauth]
Jun 24 21:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: Failed password for root from 94.159.110.201 port 36250 ssh2
Jun 24 21:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: Connection closed by 94.159.110.201 port 36250 [preauth]
Jun 24 21:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: Failed password for invalid user linuxuser from 45.153.34.71 port 40776 ssh2
Jun 24 21:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: Connection closed by 45.153.34.71 port 40776 [preauth]
Jun 24 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: Failed password for root from 45.153.34.71 port 40780 ssh2
Jun 24 21:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: Connection closed by 45.153.34.71 port 40780 [preauth]
Jun 24 21:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6864]: pam_unix(cron:session): session closed for user root
Jun 24 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: Invalid user deploy from 45.153.34.71
Jun 24 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: Failed password for invalid user deploy from 45.153.34.71 port 54870 ssh2
Jun 24 21:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: Connection closed by 45.153.34.71 port 54870 [preauth]
Jun 24 21:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: Invalid user deploy from 45.153.34.71
Jun 24 21:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: Failed password for invalid user deploy from 45.153.34.71 port 54880 ssh2
Jun 24 21:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: Connection closed by 45.153.34.71 port 54880 [preauth]
Jun 24 21:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Invalid user ansible from 45.153.34.71
Jun 24 21:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: input_userauth_request: invalid user ansible [preauth]
Jun 24 21:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Failed password for invalid user ansible from 45.153.34.71 port 54888 ssh2
Jun 24 21:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Connection closed by 45.153.34.71 port 54888 [preauth]
Jun 24 21:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: Invalid user server from 45.153.34.71
Jun 24 21:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: input_userauth_request: invalid user server [preauth]
Jun 24 21:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: Failed password for invalid user server from 45.153.34.71 port 38874 ssh2
Jun 24 21:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8355]: Connection closed by 45.153.34.71 port 38874 [preauth]
Jun 24 21:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Invalid user odoo16 from 45.153.34.71
Jun 24 21:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: input_userauth_request: invalid user odoo16 [preauth]
Jun 24 21:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Failed password for invalid user odoo16 from 45.153.34.71 port 38894 ssh2
Jun 24 21:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Connection closed by 45.153.34.71 port 38894 [preauth]
Jun 24 21:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Invalid user openvpn from 45.153.34.71
Jun 24 21:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: input_userauth_request: invalid user openvpn [preauth]
Jun 24 21:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Failed password for invalid user openvpn from 45.153.34.71 port 38906 ssh2
Jun 24 21:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Connection closed by 45.153.34.71 port 38906 [preauth]
Jun 24 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Invalid user chenxi from 45.153.34.71
Jun 24 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: input_userauth_request: invalid user chenxi [preauth]
Jun 24 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Failed password for invalid user chenxi from 45.153.34.71 port 44392 ssh2
Jun 24 21:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Connection closed by 45.153.34.71 port 44392 [preauth]
Jun 24 21:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: Invalid user admin2 from 45.153.34.71
Jun 24 21:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: input_userauth_request: invalid user admin2 [preauth]
Jun 24 21:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: Failed password for invalid user admin2 from 45.153.34.71 port 44400 ssh2
Jun 24 21:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: Connection closed by 45.153.34.71 port 44400 [preauth]
Jun 24 21:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: Invalid user deployer from 45.153.34.71
Jun 24 21:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: input_userauth_request: invalid user deployer [preauth]
Jun 24 21:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: Failed password for invalid user deployer from 45.153.34.71 port 44418 ssh2
Jun 24 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8406]: Connection closed by 45.153.34.71 port 44418 [preauth]
Jun 24 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8485]: Successful su for rubyman by root
Jun 24 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8485]: + ??? root:rubyman
Jun 24 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586142 of user rubyman.
Jun 24 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8485]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586142.
Jun 24 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Invalid user amin from 45.153.34.71
Jun 24 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: input_userauth_request: invalid user amin [preauth]
Jun 24 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5547]: pam_unix(cron:session): session closed for user root
Jun 24 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Failed password for invalid user amin from 45.153.34.71 port 32958 ssh2
Jun 24 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Connection closed by 45.153.34.71 port 32958 [preauth]
Jun 24 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Invalid user mailfilter from 209.99.191.19
Jun 24 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: input_userauth_request: invalid user mailfilter [preauth]
Jun 24 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: Invalid user odoo18 from 45.153.34.71
Jun 24 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: input_userauth_request: invalid user odoo18 [preauth]
Jun 24 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8421]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Failed password for invalid user mailfilter from 209.99.191.19 port 45726 ssh2
Jun 24 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Received disconnect from 209.99.191.19 port 45726:11: Bye Bye [preauth]
Jun 24 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Disconnected from 209.99.191.19 port 45726 [preauth]
Jun 24 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: Failed password for invalid user odoo18 from 45.153.34.71 port 32964 ssh2
Jun 24 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: Connection closed by 45.153.34.71 port 32964 [preauth]
Jun 24 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Invalid user reza from 45.153.34.71
Jun 24 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: input_userauth_request: invalid user reza [preauth]
Jun 24 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Failed password for invalid user reza from 45.153.34.71 port 32974 ssh2
Jun 24 21:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Connection closed by 45.153.34.71 port 32974 [preauth]
Jun 24 21:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Invalid user frappe from 45.153.34.71
Jun 24 21:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: input_userauth_request: invalid user frappe [preauth]
Jun 24 21:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Failed password for invalid user frappe from 45.153.34.71 port 43166 ssh2
Jun 24 21:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Connection closed by 45.153.34.71 port 43166 [preauth]
Jun 24 21:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Invalid user www from 45.153.34.71
Jun 24 21:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: input_userauth_request: invalid user www [preauth]
Jun 24 21:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Failed password for invalid user www from 45.153.34.71 port 43188 ssh2
Jun 24 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Connection closed by 45.153.34.71 port 43188 [preauth]
Jun 24 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8707]: Invalid user playground from 45.153.34.71
Jun 24 21:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8707]: input_userauth_request: invalid user playground [preauth]
Jun 24 21:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8707]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8707]: Failed password for invalid user playground from 45.153.34.71 port 43210 ssh2
Jun 24 21:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8707]: Connection closed by 45.153.34.71 port 43210 [preauth]
Jun 24 21:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Invalid user alex from 45.153.34.71
Jun 24 21:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: input_userauth_request: invalid user alex [preauth]
Jun 24 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Failed password for invalid user alex from 45.153.34.71 port 48538 ssh2
Jun 24 21:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Connection closed by 45.153.34.71 port 48538 [preauth]
Jun 24 21:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Failed password for root from 45.153.34.71 port 48558 ssh2
Jun 24 21:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Connection closed by 45.153.34.71 port 48558 [preauth]
Jun 24 21:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: Invalid user systemd from 45.153.34.71
Jun 24 21:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: input_userauth_request: invalid user systemd [preauth]
Jun 24 21:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: Failed password for invalid user systemd from 45.153.34.71 port 48582 ssh2
Jun 24 21:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: Connection closed by 45.153.34.71 port 48582 [preauth]
Jun 24 21:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Invalid user minecraft from 45.153.34.71
Jun 24 21:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 21:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Failed password for invalid user minecraft from 45.153.34.71 port 47746 ssh2
Jun 24 21:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Connection closed by 45.153.34.71 port 47746 [preauth]
Jun 24 21:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7398]: pam_unix(cron:session): session closed for user root
Jun 24 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: Invalid user user2 from 45.153.34.71
Jun 24 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: input_userauth_request: invalid user user2 [preauth]
Jun 24 21:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: Failed password for invalid user user2 from 45.153.34.71 port 47750 ssh2
Jun 24 21:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: Connection closed by 45.153.34.71 port 47750 [preauth]
Jun 24 21:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: Invalid user minecraft from 45.153.34.71
Jun 24 21:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 21:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: Failed password for invalid user minecraft from 45.153.34.71 port 47766 ssh2
Jun 24 21:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: Connection closed by 45.153.34.71 port 47766 [preauth]
Jun 24 21:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: Invalid user adminuser from 45.153.34.71
Jun 24 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: input_userauth_request: invalid user adminuser [preauth]
Jun 24 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: Failed password for invalid user adminuser from 45.153.34.71 port 52196 ssh2
Jun 24 21:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: Connection closed by 45.153.34.71 port 52196 [preauth]
Jun 24 21:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: Failed password for root from 45.153.34.71 port 52200 ssh2
Jun 24 21:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: Connection closed by 45.153.34.71 port 52200 [preauth]
Jun 24 21:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Invalid user deploy from 45.153.34.71
Jun 24 21:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Failed password for invalid user deploy from 45.153.34.71 port 52204 ssh2
Jun 24 21:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Connection closed by 45.153.34.71 port 52204 [preauth]
Jun 24 21:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: Invalid user testuser from 45.153.34.71
Jun 24 21:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: input_userauth_request: invalid user testuser [preauth]
Jun 24 21:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: Failed password for invalid user testuser from 45.153.34.71 port 35620 ssh2
Jun 24 21:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: Connection closed by 45.153.34.71 port 35620 [preauth]
Jun 24 21:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8840]: Invalid user user from 45.153.34.71
Jun 24 21:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8840]: input_userauth_request: invalid user user [preauth]
Jun 24 21:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8840]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8840]: Failed password for invalid user user from 45.153.34.71 port 35634 ssh2
Jun 24 21:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8840]: Connection closed by 45.153.34.71 port 35634 [preauth]
Jun 24 21:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8850]: Invalid user git from 45.153.34.71
Jun 24 21:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8850]: input_userauth_request: invalid user git [preauth]
Jun 24 21:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8850]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8850]: Failed password for invalid user git from 45.153.34.71 port 35648 ssh2
Jun 24 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8850]: Connection closed by 45.153.34.71 port 35648 [preauth]
Jun 24 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: Invalid user docker from 45.153.34.71
Jun 24 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: input_userauth_request: invalid user docker [preauth]
Jun 24 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8863]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8925]: Successful su for rubyman by root
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8925]: + ??? root:rubyman
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586146 of user rubyman.
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8925]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586146.
Jun 24 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: Failed password for invalid user docker from 45.153.34.71 port 60702 ssh2
Jun 24 21:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: Connection closed by 45.153.34.71 port 60702 [preauth]
Jun 24 21:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: Invalid user deploy from 45.153.34.71
Jun 24 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session closed for user root
Jun 24 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8864]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: Failed password for invalid user deploy from 45.153.34.71 port 60716 ssh2
Jun 24 21:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: Connection closed by 45.153.34.71 port 60716 [preauth]
Jun 24 21:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: Invalid user term2 from 45.153.34.71
Jun 24 21:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: input_userauth_request: invalid user term2 [preauth]
Jun 24 21:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Invalid user support from 217.76.154.242
Jun 24 21:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: input_userauth_request: invalid user support [preauth]
Jun 24 21:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 24 21:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: Failed password for invalid user term2 from 45.153.34.71 port 60718 ssh2
Jun 24 21:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9104]: Connection closed by 45.153.34.71 port 60718 [preauth]
Jun 24 21:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Failed password for invalid user support from 217.76.154.242 port 48910 ssh2
Jun 24 21:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Connection closed by 217.76.154.242 port 48910 [preauth]
Jun 24 21:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: Failed password for root from 45.153.34.71 port 60734 ssh2
Jun 24 21:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: Connection closed by 45.153.34.71 port 60734 [preauth]
Jun 24 21:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Failed password for root from 45.153.34.71 port 45126 ssh2
Jun 24 21:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Connection closed by 45.153.34.71 port 45126 [preauth]
Jun 24 21:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9142]: Invalid user dev from 45.153.34.71
Jun 24 21:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9142]: input_userauth_request: invalid user dev [preauth]
Jun 24 21:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9142]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9142]: Failed password for invalid user dev from 45.153.34.71 port 45140 ssh2
Jun 24 21:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9142]: Connection closed by 45.153.34.71 port 45140 [preauth]
Jun 24 21:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: Invalid user uploader from 45.153.34.71
Jun 24 21:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: input_userauth_request: invalid user uploader [preauth]
Jun 24 21:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: Failed password for invalid user uploader from 45.153.34.71 port 45142 ssh2
Jun 24 21:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9152]: Connection closed by 45.153.34.71 port 45142 [preauth]
Jun 24 21:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9154]: Invalid user user from 45.153.34.71
Jun 24 21:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9154]: input_userauth_request: invalid user user [preauth]
Jun 24 21:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9154]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9154]: Failed password for invalid user user from 45.153.34.71 port 33430 ssh2
Jun 24 21:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9154]: Connection closed by 45.153.34.71 port 33430 [preauth]
Jun 24 21:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9176]: Invalid user arthur from 45.153.34.71
Jun 24 21:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9176]: input_userauth_request: invalid user arthur [preauth]
Jun 24 21:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9176]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9176]: Failed password for invalid user arthur from 45.153.34.71 port 33446 ssh2
Jun 24 21:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9176]: Connection closed by 45.153.34.71 port 33446 [preauth]
Jun 24 21:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9190]: Failed password for root from 45.153.34.71 port 33458 ssh2
Jun 24 21:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7985]: pam_unix(cron:session): session closed for user root
Jun 24 21:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9190]: Connection closed by 45.153.34.71 port 33458 [preauth]
Jun 24 21:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: Invalid user minecraft from 45.153.34.71
Jun 24 21:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 21:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: Failed password for invalid user minecraft from 45.153.34.71 port 57856 ssh2
Jun 24 21:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: Connection closed by 45.153.34.71 port 57856 [preauth]
Jun 24 21:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: Invalid user admin1 from 45.153.34.71
Jun 24 21:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: input_userauth_request: invalid user admin1 [preauth]
Jun 24 21:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: Failed password for invalid user admin1 from 45.153.34.71 port 57870 ssh2
Jun 24 21:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: Connection closed by 45.153.34.71 port 57870 [preauth]
Jun 24 21:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9233]: Failed password for root from 45.153.34.71 port 57872 ssh2
Jun 24 21:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9233]: Connection closed by 45.153.34.71 port 57872 [preauth]
Jun 24 21:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: Invalid user devops from 45.153.34.71
Jun 24 21:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: input_userauth_request: invalid user devops [preauth]
Jun 24 21:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: Failed password for invalid user devops from 45.153.34.71 port 59580 ssh2
Jun 24 21:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: Connection closed by 45.153.34.71 port 59580 [preauth]
Jun 24 21:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: Invalid user minecraft from 45.153.34.71
Jun 24 21:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 21:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: Failed password for invalid user minecraft from 45.153.34.71 port 59590 ssh2
Jun 24 21:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9259]: Connection closed by 45.153.34.71 port 59590 [preauth]
Jun 24 21:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: Invalid user packer from 45.153.34.71
Jun 24 21:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: input_userauth_request: invalid user packer [preauth]
Jun 24 21:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: Failed password for invalid user packer from 45.153.34.71 port 59606 ssh2
Jun 24 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: Connection closed by 45.153.34.71 port 59606 [preauth]
Jun 24 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: Invalid user pi from 45.153.34.71
Jun 24 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: input_userauth_request: invalid user pi [preauth]
Jun 24 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: Failed password for invalid user pi from 45.153.34.71 port 46440 ssh2
Jun 24 21:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: Connection closed by 45.153.34.71 port 46440 [preauth]
Jun 24 21:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.12.108.55  user=root
Jun 24 21:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: Invalid user ai from 45.153.34.71
Jun 24 21:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: input_userauth_request: invalid user ai [preauth]
Jun 24 21:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Failed password for root from 175.12.108.55 port 56756 ssh2
Jun 24 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Received disconnect from 175.12.108.55 port 56756:11: Bye Bye [preauth]
Jun 24 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Disconnected from 175.12.108.55 port 56756 [preauth]
Jun 24 21:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: Failed password for invalid user ai from 45.153.34.71 port 46442 ssh2
Jun 24 21:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: Connection closed by 45.153.34.71 port 46442 [preauth]
Jun 24 21:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9301]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: Successful su for rubyman by root
Jun 24 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: + ??? root:rubyman
Jun 24 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586150 of user rubyman.
Jun 24 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586150.
Jun 24 21:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Failed password for root from 45.153.34.71 port 46452 ssh2
Jun 24 21:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Connection closed by 45.153.34.71 port 46452 [preauth]
Jun 24 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: Invalid user adminuser from 45.153.34.71
Jun 24 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: input_userauth_request: invalid user adminuser [preauth]
Jun 24 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session closed for user root
Jun 24 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: Failed password for invalid user adminuser from 45.153.34.71 port 43300 ssh2
Jun 24 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: Connection closed by 45.153.34.71 port 43300 [preauth]
Jun 24 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: Invalid user gpadmin from 45.153.34.71
Jun 24 21:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: input_userauth_request: invalid user gpadmin [preauth]
Jun 24 21:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: Failed password for invalid user gpadmin from 45.153.34.71 port 43322 ssh2
Jun 24 21:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9536]: Connection closed by 45.153.34.71 port 43322 [preauth]
Jun 24 21:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Failed password for root from 45.153.34.71 port 43336 ssh2
Jun 24 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Connection closed by 45.153.34.71 port 43336 [preauth]
Jun 24 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Invalid user gitlab-runner from 45.153.34.71
Jun 24 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 24 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Failed password for invalid user gitlab-runner from 45.153.34.71 port 60796 ssh2
Jun 24 21:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Connection closed by 45.153.34.71 port 60796 [preauth]
Jun 24 21:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: Invalid user username from 45.153.34.71
Jun 24 21:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: input_userauth_request: invalid user username [preauth]
Jun 24 21:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: Failed password for invalid user username from 45.153.34.71 port 60808 ssh2
Jun 24 21:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: Connection closed by 45.153.34.71 port 60808 [preauth]
Jun 24 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9574]: Invalid user web from 45.153.34.71
Jun 24 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9574]: input_userauth_request: invalid user web [preauth]
Jun 24 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9574]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9574]: Failed password for invalid user web from 45.153.34.71 port 60824 ssh2
Jun 24 21:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9574]: Connection closed by 45.153.34.71 port 60824 [preauth]
Jun 24 21:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: Failed password for root from 45.153.34.71 port 37292 ssh2
Jun 24 21:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: Connection closed by 45.153.34.71 port 37292 [preauth]
Jun 24 21:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: Failed password for root from 45.153.34.71 port 37294 ssh2
Jun 24 21:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: Connection closed by 45.153.34.71 port 37294 [preauth]
Jun 24 21:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Invalid user claude from 45.153.34.71
Jun 24 21:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: input_userauth_request: invalid user claude [preauth]
Jun 24 21:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Failed password for invalid user claude from 45.153.34.71 port 37300 ssh2
Jun 24 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Connection closed by 45.153.34.71 port 37300 [preauth]
Jun 24 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8423]: pam_unix(cron:session): session closed for user root
Jun 24 21:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9632]: Failed password for root from 45.153.34.71 port 39864 ssh2
Jun 24 21:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9632]: Connection closed by 45.153.34.71 port 39864 [preauth]
Jun 24 21:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: Invalid user webuser from 45.153.34.71
Jun 24 21:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: input_userauth_request: invalid user webuser [preauth]
Jun 24 21:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: Failed password for invalid user webuser from 45.153.34.71 port 39878 ssh2
Jun 24 21:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: Connection closed by 45.153.34.71 port 39878 [preauth]
Jun 24 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Invalid user user3 from 45.153.34.71
Jun 24 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: input_userauth_request: invalid user user3 [preauth]
Jun 24 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Failed password for invalid user user3 from 45.153.34.71 port 39898 ssh2
Jun 24 21:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: Connection closed by 45.153.34.71 port 39898 [preauth]
Jun 24 21:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Failed password for root from 45.153.34.71 port 34050 ssh2
Jun 24 21:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Connection closed by 45.153.34.71 port 34050 [preauth]
Jun 24 21:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9684]: Invalid user developer from 45.153.34.71
Jun 24 21:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9684]: input_userauth_request: invalid user developer [preauth]
Jun 24 21:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9684]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9684]: Failed password for invalid user developer from 45.153.34.71 port 34064 ssh2
Jun 24 21:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9684]: Connection closed by 45.153.34.71 port 34064 [preauth]
Jun 24 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9694]: Invalid user admin from 45.153.34.71
Jun 24 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9694]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9694]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9694]: Failed password for invalid user admin from 45.153.34.71 port 34074 ssh2
Jun 24 21:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9694]: Connection closed by 45.153.34.71 port 34074 [preauth]
Jun 24 21:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Failed password for root from 45.153.34.71 port 48614 ssh2
Jun 24 21:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Connection closed by 45.153.34.71 port 48614 [preauth]
Jun 24 21:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: Invalid user linux from 45.153.34.71
Jun 24 21:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: input_userauth_request: invalid user linux [preauth]
Jun 24 21:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: Failed password for invalid user linux from 45.153.34.71 port 48620 ssh2
Jun 24 21:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: Connection closed by 45.153.34.71 port 48620 [preauth]
Jun 24 21:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Invalid user alex from 45.153.34.71
Jun 24 21:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: input_userauth_request: invalid user alex [preauth]
Jun 24 21:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9728]: pam_unix(cron:session): session closed for user root
Jun 24 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9723]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9794]: Successful su for rubyman by root
Jun 24 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9794]: + ??? root:rubyman
Jun 24 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586159 of user rubyman.
Jun 24 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9794]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586159.
Jun 24 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Failed password for invalid user alex from 45.153.34.71 port 48634 ssh2
Jun 24 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Connection closed by 45.153.34.71 port 48634 [preauth]
Jun 24 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Invalid user ai from 45.153.34.71
Jun 24 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: input_userauth_request: invalid user ai [preauth]
Jun 24 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session closed for user root
Jun 24 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6863]: pam_unix(cron:session): session closed for user root
Jun 24 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Failed password for invalid user ai from 45.153.34.71 port 44276 ssh2
Jun 24 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Connection closed by 45.153.34.71 port 44276 [preauth]
Jun 24 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: Failed password for root from 45.153.34.71 port 44282 ssh2
Jun 24 21:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: Connection closed by 45.153.34.71 port 44282 [preauth]
Jun 24 21:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: Invalid user openvpn from 45.153.34.71
Jun 24 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: input_userauth_request: invalid user openvpn [preauth]
Jun 24 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: Failed password for invalid user openvpn from 45.153.34.71 port 44290 ssh2
Jun 24 21:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: Connection closed by 45.153.34.71 port 44290 [preauth]
Jun 24 21:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Invalid user fahmi from 45.153.34.71
Jun 24 21:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: input_userauth_request: invalid user fahmi [preauth]
Jun 24 21:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Failed password for invalid user fahmi from 45.153.34.71 port 33020 ssh2
Jun 24 21:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Connection closed by 45.153.34.71 port 33020 [preauth]
Jun 24 21:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Invalid user devops from 45.153.34.71
Jun 24 21:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: input_userauth_request: invalid user devops [preauth]
Jun 24 21:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Failed password for invalid user devops from 45.153.34.71 port 33034 ssh2
Jun 24 21:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Connection closed by 45.153.34.71 port 33034 [preauth]
Jun 24 21:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Failed password for invalid user ubuntu from 45.153.34.71 port 33040 ssh2
Jun 24 21:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Connection closed by 45.153.34.71 port 33040 [preauth]
Jun 24 21:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Invalid user test from 45.153.34.71
Jun 24 21:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: input_userauth_request: invalid user test [preauth]
Jun 24 21:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Failed password for invalid user test from 45.153.34.71 port 53502 ssh2
Jun 24 21:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Connection closed by 45.153.34.71 port 53502 [preauth]
Jun 24 21:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Invalid user crafty from 45.153.34.71
Jun 24 21:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: input_userauth_request: invalid user crafty [preauth]
Jun 24 21:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Failed password for invalid user crafty from 45.153.34.71 port 53522 ssh2
Jun 24 21:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Connection closed by 45.153.34.71 port 53522 [preauth]
Jun 24 21:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: User mysql from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: input_userauth_request: invalid user mysql [preauth]
Jun 24 21:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=mysql
Jun 24 21:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: Failed password for invalid user mysql from 45.153.34.71 port 53544 ssh2
Jun 24 21:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: Connection closed by 45.153.34.71 port 53544 [preauth]
Jun 24 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: Invalid user niaoyun from 45.153.34.71
Jun 24 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: input_userauth_request: invalid user niaoyun [preauth]
Jun 24 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8866]: pam_unix(cron:session): session closed for user root
Jun 24 21:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: Failed password for invalid user niaoyun from 45.153.34.71 port 59502 ssh2
Jun 24 21:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: Connection closed by 45.153.34.71 port 59502 [preauth]
Jun 24 21:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10391]: Failed password for root from 45.153.34.71 port 59514 ssh2
Jun 24 21:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10391]: Connection closed by 45.153.34.71 port 59514 [preauth]
Jun 24 21:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10393]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10393]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10393]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10393]: Failed password for invalid user ubuntu from 45.153.34.71 port 59530 ssh2
Jun 24 21:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10393]: Connection closed by 45.153.34.71 port 59530 [preauth]
Jun 24 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Invalid user steam from 45.153.34.71
Jun 24 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: input_userauth_request: invalid user steam [preauth]
Jun 24 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Failed password for invalid user steam from 45.153.34.71 port 40024 ssh2
Jun 24 21:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Connection closed by 45.153.34.71 port 40024 [preauth]
Jun 24 21:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Invalid user odoo from 45.153.34.71
Jun 24 21:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: input_userauth_request: invalid user odoo [preauth]
Jun 24 21:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Failed password for invalid user odoo from 45.153.34.71 port 40036 ssh2
Jun 24 21:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Connection closed by 45.153.34.71 port 40036 [preauth]
Jun 24 21:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: Invalid user deploy from 45.153.34.71
Jun 24 21:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: Failed password for invalid user deploy from 45.153.34.71 port 40042 ssh2
Jun 24 21:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: Connection closed by 45.153.34.71 port 40042 [preauth]
Jun 24 21:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: Invalid user rdpuser from 45.153.34.71
Jun 24 21:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: input_userauth_request: invalid user rdpuser [preauth]
Jun 24 21:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: Failed password for invalid user rdpuser from 45.153.34.71 port 54640 ssh2
Jun 24 21:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: Connection closed by 45.153.34.71 port 54640 [preauth]
Jun 24 21:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Invalid user test3 from 45.153.34.71
Jun 24 21:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: input_userauth_request: invalid user test3 [preauth]
Jun 24 21:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Failed password for invalid user test3 from 45.153.34.71 port 54652 ssh2
Jun 24 21:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Connection closed by 45.153.34.71 port 54652 [preauth]
Jun 24 21:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: Invalid user fastuser from 45.153.34.71
Jun 24 21:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: input_userauth_request: invalid user fastuser [preauth]
Jun 24 21:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10457]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10525]: Successful su for rubyman by root
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10525]: + ??? root:rubyman
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586160 of user rubyman.
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10525]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586160.
Jun 24 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: Failed password for invalid user fastuser from 45.153.34.71 port 54654 ssh2
Jun 24 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: Connection closed by 45.153.34.71 port 54654 [preauth]
Jun 24 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Invalid user master from 45.153.34.71
Jun 24 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: input_userauth_request: invalid user master [preauth]
Jun 24 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7397]: pam_unix(cron:session): session closed for user root
Jun 24 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Failed password for invalid user master from 45.153.34.71 port 41318 ssh2
Jun 24 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Connection closed by 45.153.34.71 port 41318 [preauth]
Jun 24 21:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: Invalid user admin1 from 45.153.34.71
Jun 24 21:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: input_userauth_request: invalid user admin1 [preauth]
Jun 24 21:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: Failed password for invalid user admin1 from 45.153.34.71 port 41320 ssh2
Jun 24 21:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10721]: Connection closed by 45.153.34.71 port 41320 [preauth]
Jun 24 21:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: Invalid user user1 from 45.153.34.71
Jun 24 21:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: input_userauth_request: invalid user user1 [preauth]
Jun 24 21:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: Failed password for invalid user user1 from 45.153.34.71 port 41334 ssh2
Jun 24 21:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: Connection closed by 45.153.34.71 port 41334 [preauth]
Jun 24 21:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Invalid user dolphinscheduler from 45.153.34.71
Jun 24 21:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 24 21:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Failed password for invalid user dolphinscheduler from 45.153.34.71 port 57054 ssh2
Jun 24 21:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 21:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Connection closed by 45.153.34.71 port 57054 [preauth]
Jun 24 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Invalid user vyos from 45.153.34.71
Jun 24 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: input_userauth_request: invalid user vyos [preauth]
Jun 24 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: Failed password for root from 80.66.85.226 port 45916 ssh2
Jun 24 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: Connection closed by 80.66.85.226 port 45916 [preauth]
Jun 24 21:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Failed password for invalid user vyos from 45.153.34.71 port 57068 ssh2
Jun 24 21:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Connection closed by 45.153.34.71 port 57068 [preauth]
Jun 24 21:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: Invalid user rajvir from 45.153.34.71
Jun 24 21:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: input_userauth_request: invalid user rajvir [preauth]
Jun 24 21:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: Failed password for invalid user rajvir from 45.153.34.71 port 57080 ssh2
Jun 24 21:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: Connection closed by 45.153.34.71 port 57080 [preauth]
Jun 24 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Invalid user ai from 45.153.34.71
Jun 24 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: input_userauth_request: invalid user ai [preauth]
Jun 24 21:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Failed password for invalid user ai from 45.153.34.71 port 54926 ssh2
Jun 24 21:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Connection closed by 45.153.34.71 port 54926 [preauth]
Jun 24 21:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Invalid user user from 45.153.34.71
Jun 24 21:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: input_userauth_request: invalid user user [preauth]
Jun 24 21:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Failed password for invalid user user from 45.153.34.71 port 54938 ssh2
Jun 24 21:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Connection closed by 45.153.34.71 port 54938 [preauth]
Jun 24 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Invalid user tester from 45.153.34.71
Jun 24 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: input_userauth_request: invalid user tester [preauth]
Jun 24 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Failed password for invalid user tester from 45.153.34.71 port 54946 ssh2
Jun 24 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Connection closed by 45.153.34.71 port 54946 [preauth]
Jun 24 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session closed for user root
Jun 24 21:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Invalid user test from 45.153.34.71
Jun 24 21:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: input_userauth_request: invalid user test [preauth]
Jun 24 21:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Failed password for invalid user test from 45.153.34.71 port 51618 ssh2
Jun 24 21:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Connection closed by 45.153.34.71 port 51618 [preauth]
Jun 24 21:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: Invalid user master from 45.153.34.71
Jun 24 21:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: input_userauth_request: invalid user master [preauth]
Jun 24 21:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: Failed password for invalid user master from 45.153.34.71 port 51636 ssh2
Jun 24 21:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: Connection closed by 45.153.34.71 port 51636 [preauth]
Jun 24 21:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: Invalid user clawdbot from 45.153.34.71
Jun 24 21:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: input_userauth_request: invalid user clawdbot [preauth]
Jun 24 21:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: Failed password for invalid user clawdbot from 45.153.34.71 port 51660 ssh2
Jun 24 21:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10866]: Connection closed by 45.153.34.71 port 51660 [preauth]
Jun 24 21:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 21:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: Invalid user tester from 45.153.34.71
Jun 24 21:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: input_userauth_request: invalid user tester [preauth]
Jun 24 21:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: Failed password for root from 38.93.206.2 port 11356 ssh2
Jun 24 21:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: Connection closed by 38.93.206.2 port 11356 [preauth]
Jun 24 21:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: Failed password for invalid user tester from 45.153.34.71 port 48912 ssh2
Jun 24 21:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: Connection closed by 45.153.34.71 port 48912 [preauth]
Jun 24 21:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Invalid user trader from 45.153.34.71
Jun 24 21:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: input_userauth_request: invalid user trader [preauth]
Jun 24 21:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Failed password for invalid user trader from 45.153.34.71 port 48928 ssh2
Jun 24 21:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 21:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Connection closed by 45.153.34.71 port 48928 [preauth]
Jun 24 21:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: Invalid user minecraft from 45.153.34.71
Jun 24 21:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: input_userauth_request: invalid user minecraft [preauth]
Jun 24 21:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: Failed password for root from 103.27.238.120 port 53994 ssh2
Jun 24 21:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: Connection closed by 103.27.238.120 port 53994 [preauth]
Jun 24 21:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: Failed password for invalid user minecraft from 45.153.34.71 port 54696 ssh2
Jun 24 21:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: Connection closed by 45.153.34.71 port 54696 [preauth]
Jun 24 21:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Failed password for root from 45.153.34.71 port 54704 ssh2
Jun 24 21:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Connection closed by 45.153.34.71 port 54704 [preauth]
Jun 24 21:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Invalid user jack from 45.153.34.71
Jun 24 21:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: input_userauth_request: invalid user jack [preauth]
Jun 24 21:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Failed password for invalid user jack from 45.153.34.71 port 54708 ssh2
Jun 24 21:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Connection closed by 45.153.34.71 port 54708 [preauth]
Jun 24 21:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Invalid user teamspeak from 45.153.34.71
Jun 24 21:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: input_userauth_request: invalid user teamspeak [preauth]
Jun 24 21:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10935]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11000]: Successful su for rubyman by root
Jun 24 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11000]: + ??? root:rubyman
Jun 24 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586164 of user rubyman.
Jun 24 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11000]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586164.
Jun 24 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Failed password for invalid user teamspeak from 45.153.34.71 port 49168 ssh2
Jun 24 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Connection closed by 45.153.34.71 port 49168 [preauth]
Jun 24 21:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7984]: pam_unix(cron:session): session closed for user root
Jun 24 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11077]: Invalid user frappe from 45.153.34.71
Jun 24 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11077]: input_userauth_request: invalid user frappe [preauth]
Jun 24 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11077]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11077]: Failed password for invalid user frappe from 45.153.34.71 port 49182 ssh2
Jun 24 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11077]: Connection closed by 45.153.34.71 port 49182 [preauth]
Jun 24 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: Failed password for root from 45.153.34.71 port 49186 ssh2
Jun 24 21:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: Connection closed by 45.153.34.71 port 49186 [preauth]
Jun 24 21:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Invalid user tester from 45.153.34.71
Jun 24 21:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: input_userauth_request: invalid user tester [preauth]
Jun 24 21:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Failed password for invalid user tester from 45.153.34.71 port 59236 ssh2
Jun 24 21:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Connection closed by 45.153.34.71 port 59236 [preauth]
Jun 24 21:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Failed password for root from 45.153.34.71 port 59246 ssh2
Jun 24 21:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Connection closed by 45.153.34.71 port 59246 [preauth]
Jun 24 21:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Invalid user deploy from 45.153.34.71
Jun 24 21:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Failed password for invalid user deploy from 45.153.34.71 port 59252 ssh2
Jun 24 21:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Connection closed by 45.153.34.71 port 59252 [preauth]
Jun 24 21:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Invalid user oracle from 45.153.34.71
Jun 24 21:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: input_userauth_request: invalid user oracle [preauth]
Jun 24 21:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Failed password for invalid user oracle from 45.153.34.71 port 59268 ssh2
Jun 24 21:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Connection closed by 45.153.34.71 port 59268 [preauth]
Jun 24 21:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: Invalid user redhat from 45.153.34.71
Jun 24 21:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: input_userauth_request: invalid user redhat [preauth]
Jun 24 21:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: Failed password for invalid user redhat from 45.153.34.71 port 54664 ssh2
Jun 24 21:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11245]: Connection closed by 45.153.34.71 port 54664 [preauth]
Jun 24 21:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: Invalid user nagios from 45.153.34.71
Jun 24 21:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: input_userauth_request: invalid user nagios [preauth]
Jun 24 21:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: Failed password for invalid user nagios from 45.153.34.71 port 54688 ssh2
Jun 24 21:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: Connection closed by 45.153.34.71 port 54688 [preauth]
Jun 24 21:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: Invalid user frappe from 45.153.34.71
Jun 24 21:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: input_userauth_request: invalid user frappe [preauth]
Jun 24 21:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: Failed password for invalid user frappe from 45.153.34.71 port 36688 ssh2
Jun 24 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11274]: Connection closed by 45.153.34.71 port 36688 [preauth]
Jun 24 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Invalid user test from 45.153.34.71
Jun 24 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: input_userauth_request: invalid user test [preauth]
Jun 24 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9727]: pam_unix(cron:session): session closed for user root
Jun 24 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Failed password for invalid user test from 45.153.34.71 port 36696 ssh2
Jun 24 21:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Connection closed by 45.153.34.71 port 36696 [preauth]
Jun 24 21:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 21:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Failed password for root from 45.153.34.71 port 36706 ssh2
Jun 24 21:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Connection closed by 45.153.34.71 port 36706 [preauth]
Jun 24 21:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: Failed password for root from 103.172.78.219 port 35416 ssh2
Jun 24 21:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: Connection closed by 103.172.78.219 port 35416 [preauth]
Jun 24 21:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11324]: Invalid user rocky from 45.153.34.71
Jun 24 21:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11324]: input_userauth_request: invalid user rocky [preauth]
Jun 24 21:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11324]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11324]: Failed password for invalid user rocky from 45.153.34.71 port 42064 ssh2
Jun 24 21:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11324]: Connection closed by 45.153.34.71 port 42064 [preauth]
Jun 24 21:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Invalid user sam from 45.153.34.71
Jun 24 21:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: input_userauth_request: invalid user sam [preauth]
Jun 24 21:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Failed password for invalid user sam from 45.153.34.71 port 42066 ssh2
Jun 24 21:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Connection closed by 45.153.34.71 port 42066 [preauth]
Jun 24 21:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: Failed password for invalid user ubuntu from 45.153.34.71 port 42080 ssh2
Jun 24 21:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: Connection closed by 45.153.34.71 port 42080 [preauth]
Jun 24 21:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Invalid user ai from 45.153.34.71
Jun 24 21:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: input_userauth_request: invalid user ai [preauth]
Jun 24 21:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Failed password for invalid user ai from 45.153.34.71 port 56204 ssh2
Jun 24 21:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Connection closed by 45.153.34.71 port 56204 [preauth]
Jun 24 21:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Invalid user solana from 45.153.34.71
Jun 24 21:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: input_userauth_request: invalid user solana [preauth]
Jun 24 21:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Failed password for invalid user solana from 45.153.34.71 port 56210 ssh2
Jun 24 21:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Connection closed by 45.153.34.71 port 56210 [preauth]
Jun 24 21:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: Invalid user cursor from 45.153.34.71
Jun 24 21:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: input_userauth_request: invalid user cursor [preauth]
Jun 24 21:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: Failed password for invalid user cursor from 45.153.34.71 port 56212 ssh2
Jun 24 21:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11373]: Connection closed by 45.153.34.71 port 56212 [preauth]
Jun 24 21:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11388]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11459]: Successful su for rubyman by root
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11459]: + ??? root:rubyman
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586169 of user rubyman.
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11459]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586169.
Jun 24 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11385]: Failed password for root from 45.153.34.71 port 56854 ssh2
Jun 24 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11385]: Connection closed by 45.153.34.71 port 56854 [preauth]
Jun 24 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Invalid user sysupdate from 45.153.34.71
Jun 24 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: input_userauth_request: invalid user sysupdate [preauth]
Jun 24 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8422]: pam_unix(cron:session): session closed for user root
Jun 24 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11389]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Failed password for invalid user sysupdate from 45.153.34.71 port 56870 ssh2
Jun 24 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Connection closed by 45.153.34.71 port 56870 [preauth]
Jun 24 21:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Failed password for root from 45.153.34.71 port 56882 ssh2
Jun 24 21:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Connection closed by 45.153.34.71 port 56882 [preauth]
Jun 24 21:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Invalid user admin2 from 45.153.34.71
Jun 24 21:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: input_userauth_request: invalid user admin2 [preauth]
Jun 24 21:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Failed password for invalid user admin2 from 45.153.34.71 port 56180 ssh2
Jun 24 21:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Connection closed by 45.153.34.71 port 56180 [preauth]
Jun 24 21:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: Invalid user martin from 45.153.34.71
Jun 24 21:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: input_userauth_request: invalid user martin [preauth]
Jun 24 21:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: Failed password for invalid user martin from 45.153.34.71 port 56194 ssh2
Jun 24 21:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11666]: Connection closed by 45.153.34.71 port 56194 [preauth]
Jun 24 21:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Failed password for root from 45.153.34.71 port 56208 ssh2
Jun 24 21:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Connection closed by 45.153.34.71 port 56208 [preauth]
Jun 24 21:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Failed password for root from 45.153.34.71 port 56808 ssh2
Jun 24 21:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Connection closed by 45.153.34.71 port 56808 [preauth]
Jun 24 21:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: Invalid user git from 45.153.34.71
Jun 24 21:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: input_userauth_request: invalid user git [preauth]
Jun 24 21:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: Failed password for invalid user git from 45.153.34.71 port 56822 ssh2
Jun 24 21:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11695]: Connection closed by 45.153.34.71 port 56822 [preauth]
Jun 24 21:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11722]: Invalid user rancher from 45.153.34.71
Jun 24 21:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11722]: input_userauth_request: invalid user rancher [preauth]
Jun 24 21:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11722]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11722]: Failed password for invalid user rancher from 45.153.34.71 port 56824 ssh2
Jun 24 21:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11722]: Connection closed by 45.153.34.71 port 56824 [preauth]
Jun 24 21:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Invalid user pi from 45.153.34.71
Jun 24 21:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: input_userauth_request: invalid user pi [preauth]
Jun 24 21:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Invalid user test from 187.192.86.153
Jun 24 21:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: input_userauth_request: invalid user test [preauth]
Jun 24 21:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 21:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Invalid user zend from 209.99.191.19
Jun 24 21:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: input_userauth_request: invalid user zend [preauth]
Jun 24 21:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session closed for user root
Jun 24 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Failed password for invalid user pi from 45.153.34.71 port 57884 ssh2
Jun 24 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Connection closed by 45.153.34.71 port 57884 [preauth]
Jun 24 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Failed password for invalid user test from 187.192.86.153 port 35174 ssh2
Jun 24 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Received disconnect from 187.192.86.153 port 35174:11: Bye Bye [preauth]
Jun 24 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Disconnected from 187.192.86.153 port 35174 [preauth]
Jun 24 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Failed password for invalid user zend from 209.99.191.19 port 60662 ssh2
Jun 24 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Received disconnect from 209.99.191.19 port 60662:11: Bye Bye [preauth]
Jun 24 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Disconnected from 209.99.191.19 port 60662 [preauth]
Jun 24 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11768]: Invalid user developer from 45.153.34.71
Jun 24 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11768]: input_userauth_request: invalid user developer [preauth]
Jun 24 21:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11768]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11768]: Failed password for invalid user developer from 45.153.34.71 port 57900 ssh2
Jun 24 21:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11768]: Connection closed by 45.153.34.71 port 57900 [preauth]
Jun 24 21:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: Invalid user admin1 from 45.153.34.71
Jun 24 21:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: input_userauth_request: invalid user admin1 [preauth]
Jun 24 21:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: Failed password for invalid user admin1 from 45.153.34.71 port 57912 ssh2
Jun 24 21:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11786]: Connection closed by 45.153.34.71 port 57912 [preauth]
Jun 24 21:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11812]: Failed password for root from 45.153.34.71 port 32784 ssh2
Jun 24 21:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11812]: Connection closed by 45.153.34.71 port 32784 [preauth]
Jun 24 21:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11827]: Failed password for root from 45.153.34.71 port 32798 ssh2
Jun 24 21:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11827]: Connection closed by 45.153.34.71 port 32798 [preauth]
Jun 24 21:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: Invalid user zimbra from 45.153.34.71
Jun 24 21:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: input_userauth_request: invalid user zimbra [preauth]
Jun 24 21:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: Failed password for invalid user zimbra from 45.153.34.71 port 32812 ssh2
Jun 24 21:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11837]: Connection closed by 45.153.34.71 port 32812 [preauth]
Jun 24 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: Invalid user user from 45.153.34.71
Jun 24 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: input_userauth_request: invalid user user [preauth]
Jun 24 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: Failed password for invalid user user from 45.153.34.71 port 42546 ssh2
Jun 24 21:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11839]: Connection closed by 45.153.34.71 port 42546 [preauth]
Jun 24 21:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Invalid user deploy from 45.153.34.71
Jun 24 21:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Failed password for invalid user deploy from 45.153.34.71 port 42568 ssh2
Jun 24 21:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Connection closed by 45.153.34.71 port 42568 [preauth]
Jun 24 21:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: Invalid user milad from 45.153.34.71
Jun 24 21:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: input_userauth_request: invalid user milad [preauth]
Jun 24 21:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: Failed password for invalid user milad from 45.153.34.71 port 42600 ssh2
Jun 24 21:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11859]: Connection closed by 45.153.34.71 port 42600 [preauth]
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11863]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12016]: Successful su for rubyman by root
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12016]: + ??? root:rubyman
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586174 of user rubyman.
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12016]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586174.
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11861]: pam_unix(cron:session): session closed for user root
Jun 24 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Failed password for invalid user ubuntu from 45.153.34.71 port 35352 ssh2
Jun 24 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Connection closed by 45.153.34.71 port 35352 [preauth]
Jun 24 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8865]: pam_unix(cron:session): session closed for user root
Jun 24 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11874]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Failed password for root from 45.153.34.71 port 35354 ssh2
Jun 24 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Connection closed by 45.153.34.71 port 35354 [preauth]
Jun 24 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 21:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Invalid user jellyfin from 45.153.34.71
Jun 24 21:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: input_userauth_request: invalid user jellyfin [preauth]
Jun 24 21:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: Failed password for root from 202.178.126.219 port 24201 ssh2
Jun 24 21:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: Connection closed by 202.178.126.219 port 24201 [preauth]
Jun 24 21:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Failed password for invalid user jellyfin from 45.153.34.71 port 35370 ssh2
Jun 24 21:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Connection closed by 45.153.34.71 port 35370 [preauth]
Jun 24 21:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Invalid user cloud from 45.153.34.71
Jun 24 21:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: input_userauth_request: invalid user cloud [preauth]
Jun 24 21:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Failed password for invalid user cloud from 45.153.34.71 port 60910 ssh2
Jun 24 21:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Connection closed by 45.153.34.71 port 60910 [preauth]
Jun 24 21:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: Invalid user support from 45.153.34.71
Jun 24 21:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: input_userauth_request: invalid user support [preauth]
Jun 24 21:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: Failed password for invalid user support from 45.153.34.71 port 60938 ssh2
Jun 24 21:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12391]: Connection closed by 45.153.34.71 port 60938 [preauth]
Jun 24 21:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Failed password for root from 45.153.34.71 port 60950 ssh2
Jun 24 21:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Connection closed by 45.153.34.71 port 60950 [preauth]
Jun 24 21:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Invalid user gg from 45.153.34.71
Jun 24 21:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: input_userauth_request: invalid user gg [preauth]
Jun 24 21:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Failed password for invalid user gg from 45.153.34.71 port 55868 ssh2
Jun 24 21:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Connection closed by 45.153.34.71 port 55868 [preauth]
Jun 24 21:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Invalid user deploy from 45.153.34.71
Jun 24 21:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Failed password for invalid user deploy from 45.153.34.71 port 55870 ssh2
Jun 24 21:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Connection closed by 45.153.34.71 port 55870 [preauth]
Jun 24 21:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: Invalid user user from 45.153.34.71
Jun 24 21:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: input_userauth_request: invalid user user [preauth]
Jun 24 21:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: Failed password for invalid user user from 45.153.34.71 port 55876 ssh2
Jun 24 21:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: Connection closed by 45.153.34.71 port 55876 [preauth]
Jun 24 21:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: Invalid user root1 from 45.153.34.71
Jun 24 21:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: input_userauth_request: invalid user root1 [preauth]
Jun 24 21:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session closed for user root
Jun 24 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: Failed password for invalid user root1 from 45.153.34.71 port 33912 ssh2
Jun 24 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: Connection closed by 45.153.34.71 port 33912 [preauth]
Jun 24 21:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Invalid user hadoop from 45.153.34.71
Jun 24 21:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: input_userauth_request: invalid user hadoop [preauth]
Jun 24 21:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Failed password for invalid user hadoop from 45.153.34.71 port 33932 ssh2
Jun 24 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Connection closed by 45.153.34.71 port 33932 [preauth]
Jun 24 21:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: Invalid user username from 45.153.34.71
Jun 24 21:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: input_userauth_request: invalid user username [preauth]
Jun 24 21:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: Failed password for invalid user username from 45.153.34.71 port 33950 ssh2
Jun 24 21:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: Connection closed by 45.153.34.71 port 33950 [preauth]
Jun 24 21:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Failed password for root from 45.153.34.71 port 52782 ssh2
Jun 24 21:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12493]: Connection closed by 45.153.34.71 port 52782 [preauth]
Jun 24 21:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Invalid user frappe from 45.153.34.71
Jun 24 21:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: input_userauth_request: invalid user frappe [preauth]
Jun 24 21:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Failed password for invalid user frappe from 45.153.34.71 port 52792 ssh2
Jun 24 21:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Connection closed by 45.153.34.71 port 52792 [preauth]
Jun 24 21:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: Invalid user localhost from 45.153.34.71
Jun 24 21:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: input_userauth_request: invalid user localhost [preauth]
Jun 24 21:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: Failed password for invalid user localhost from 45.153.34.71 port 52808 ssh2
Jun 24 21:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: Connection closed by 45.153.34.71 port 52808 [preauth]
Jun 24 21:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: Invalid user lin from 45.153.34.71
Jun 24 21:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: input_userauth_request: invalid user lin [preauth]
Jun 24 21:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: Failed password for invalid user lin from 45.153.34.71 port 58224 ssh2
Jun 24 21:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: Connection closed by 45.153.34.71 port 58224 [preauth]
Jun 24 21:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: User john from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: input_userauth_request: invalid user john [preauth]
Jun 24 21:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=john
Jun 24 21:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Failed password for invalid user john from 45.153.34.71 port 58236 ssh2
Jun 24 21:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Connection closed by 45.153.34.71 port 58236 [preauth]
Jun 24 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Invalid user bob from 45.153.34.71
Jun 24 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: input_userauth_request: invalid user bob [preauth]
Jun 24 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Failed password for invalid user bob from 45.153.34.71 port 58252 ssh2
Jun 24 21:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Connection closed by 45.153.34.71 port 58252 [preauth]
Jun 24 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session closed for user root
Jun 24 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12554]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Invalid user user1 from 45.153.34.71
Jun 24 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: input_userauth_request: invalid user user1 [preauth]
Jun 24 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12626]: Successful su for rubyman by root
Jun 24 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12626]: + ??? root:rubyman
Jun 24 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586177 of user rubyman.
Jun 24 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12626]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586177.
Jun 24 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session closed for user root
Jun 24 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Failed password for invalid user user1 from 45.153.34.71 port 58424 ssh2
Jun 24 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Connection closed by 45.153.34.71 port 58424 [preauth]
Jun 24 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session closed for user root
Jun 24 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: Invalid user runner from 45.153.34.71
Jun 24 21:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: input_userauth_request: invalid user runner [preauth]
Jun 24 21:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: Failed password for invalid user runner from 45.153.34.71 port 58436 ssh2
Jun 24 21:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: Connection closed by 45.153.34.71 port 58436 [preauth]
Jun 24 21:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: Invalid user newuser from 45.153.34.71
Jun 24 21:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: input_userauth_request: invalid user newuser [preauth]
Jun 24 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: Failed password for invalid user newuser from 45.153.34.71 port 58440 ssh2
Jun 24 21:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: Connection closed by 45.153.34.71 port 58440 [preauth]
Jun 24 21:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12862]: Invalid user user3 from 45.153.34.71
Jun 24 21:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12862]: input_userauth_request: invalid user user3 [preauth]
Jun 24 21:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12862]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12862]: Failed password for invalid user user3 from 45.153.34.71 port 53024 ssh2
Jun 24 21:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12862]: Connection closed by 45.153.34.71 port 53024 [preauth]
Jun 24 21:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: Invalid user deploy from 45.153.34.71
Jun 24 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Invalid user timmy from 2.57.121.112
Jun 24 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: input_userauth_request: invalid user timmy [preauth]
Jun 24 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: Failed password for invalid user deploy from 45.153.34.71 port 53042 ssh2
Jun 24 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: Connection closed by 45.153.34.71 port 53042 [preauth]
Jun 24 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Failed password for invalid user timmy from 2.57.121.112 port 36392 ssh2
Jun 24 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Invalid user postgres from 45.153.34.71
Jun 24 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: input_userauth_request: invalid user postgres [preauth]
Jun 24 21:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Failed password for invalid user timmy from 2.57.121.112 port 36392 ssh2
Jun 24 21:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Failed password for invalid user postgres from 45.153.34.71 port 53058 ssh2
Jun 24 21:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Connection closed by 45.153.34.71 port 53058 [preauth]
Jun 24 21:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Invalid user claude from 45.153.34.71
Jun 24 21:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: input_userauth_request: invalid user claude [preauth]
Jun 24 21:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Failed password for invalid user timmy from 2.57.121.112 port 36392 ssh2
Jun 24 21:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Invalid user void from 209.99.191.19
Jun 24 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: input_userauth_request: invalid user void [preauth]
Jun 24 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Failed password for invalid user claude from 45.153.34.71 port 43362 ssh2
Jun 24 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Connection closed by 45.153.34.71 port 43362 [preauth]
Jun 24 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Failed password for invalid user timmy from 2.57.121.112 port 36392 ssh2
Jun 24 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Connection closed by 2.57.121.112 port 36392 [preauth]
Jun 24 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 24 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Invalid user omm from 45.153.34.71
Jun 24 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: input_userauth_request: invalid user omm [preauth]
Jun 24 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12924]: Invalid user timmy from 2.57.121.112
Jun 24 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12924]: input_userauth_request: invalid user timmy [preauth]
Jun 24 21:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12924]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 21:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Failed password for invalid user void from 209.99.191.19 port 38216 ssh2
Jun 24 21:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Received disconnect from 209.99.191.19 port 38216:11: Bye Bye [preauth]
Jun 24 21:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Disconnected from 209.99.191.19 port 38216 [preauth]
Jun 24 21:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Failed password for invalid user omm from 45.153.34.71 port 43374 ssh2
Jun 24 21:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Connection closed by 45.153.34.71 port 43374 [preauth]
Jun 24 21:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12924]: Failed password for invalid user timmy from 2.57.121.112 port 11826 ssh2
Jun 24 21:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: Invalid user installer from 45.153.34.71
Jun 24 21:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: input_userauth_request: invalid user installer [preauth]
Jun 24 21:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12924]: Connection closed by 2.57.121.112 port 11826 [preauth]
Jun 24 21:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: Failed password for invalid user installer from 45.153.34.71 port 43378 ssh2
Jun 24 21:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: Connection closed by 45.153.34.71 port 43378 [preauth]
Jun 24 21:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11392]: pam_unix(cron:session): session closed for user root
Jun 24 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12936]: Failed password for root from 45.153.34.71 port 36768 ssh2
Jun 24 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12936]: Connection closed by 45.153.34.71 port 36768 [preauth]
Jun 24 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Invalid user odoo18 from 45.153.34.71
Jun 24 21:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: input_userauth_request: invalid user odoo18 [preauth]
Jun 24 21:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Failed password for invalid user odoo18 from 45.153.34.71 port 36774 ssh2
Jun 24 21:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Connection closed by 45.153.34.71 port 36774 [preauth]
Jun 24 21:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Failed password for root from 45.153.34.71 port 36790 ssh2
Jun 24 21:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Connection closed by 45.153.34.71 port 36790 [preauth]
Jun 24 21:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Invalid user claude from 45.153.34.71
Jun 24 21:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: input_userauth_request: invalid user claude [preauth]
Jun 24 21:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Failed password for invalid user claude from 45.153.34.71 port 50540 ssh2
Jun 24 21:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Connection closed by 45.153.34.71 port 50540 [preauth]
Jun 24 21:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Invalid user rancher from 45.153.34.71
Jun 24 21:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: input_userauth_request: invalid user rancher [preauth]
Jun 24 21:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Failed password for invalid user rancher from 45.153.34.71 port 50556 ssh2
Jun 24 21:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Connection closed by 45.153.34.71 port 50556 [preauth]
Jun 24 21:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Invalid user root1 from 45.153.34.71
Jun 24 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: input_userauth_request: invalid user root1 [preauth]
Jun 24 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Failed password for invalid user root1 from 45.153.34.71 port 50576 ssh2
Jun 24 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Connection closed by 45.153.34.71 port 50576 [preauth]
Jun 24 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: Invalid user claude from 45.153.34.71
Jun 24 21:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: input_userauth_request: invalid user claude [preauth]
Jun 24 21:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: Failed password for invalid user claude from 45.153.34.71 port 55832 ssh2
Jun 24 21:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: Connection closed by 45.153.34.71 port 55832 [preauth]
Jun 24 21:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: Invalid user gitlab-runner from 45.153.34.71
Jun 24 21:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 24 21:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: Failed password for invalid user gitlab-runner from 45.153.34.71 port 55842 ssh2
Jun 24 21:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: Connection closed by 45.153.34.71 port 55842 [preauth]
Jun 24 21:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13037]: Invalid user botuser from 45.153.34.71
Jun 24 21:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13037]: input_userauth_request: invalid user botuser [preauth]
Jun 24 21:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13037]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13041]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13037]: Failed password for invalid user botuser from 45.153.34.71 port 55858 ssh2
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13107]: Successful su for rubyman by root
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13107]: + ??? root:rubyman
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586185 of user rubyman.
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13107]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586185.
Jun 24 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13037]: Connection closed by 45.153.34.71 port 55858 [preauth]
Jun 24 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Invalid user bernard from 45.153.34.71
Jun 24 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: input_userauth_request: invalid user bernard [preauth]
Jun 24 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session closed for user root
Jun 24 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Failed password for invalid user bernard from 45.153.34.71 port 42710 ssh2
Jun 24 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Connection closed by 45.153.34.71 port 42710 [preauth]
Jun 24 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13300]: Invalid user deployer from 45.153.34.71
Jun 24 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13300]: input_userauth_request: invalid user deployer [preauth]
Jun 24 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13300]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13300]: Failed password for invalid user deployer from 45.153.34.71 port 42716 ssh2
Jun 24 21:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13300]: Connection closed by 45.153.34.71 port 42716 [preauth]
Jun 24 21:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: Invalid user karel from 45.153.34.71
Jun 24 21:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: input_userauth_request: invalid user karel [preauth]
Jun 24 21:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: Failed password for invalid user karel from 45.153.34.71 port 42718 ssh2
Jun 24 21:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13325]: Did not receive identification string from 111.26.6.111
Jun 24 21:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: Connection closed by 45.153.34.71 port 42718 [preauth]
Jun 24 21:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: Invalid user user from 45.153.34.71
Jun 24 21:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: input_userauth_request: invalid user user [preauth]
Jun 24 21:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: Failed password for invalid user user from 45.153.34.71 port 37952 ssh2
Jun 24 21:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: Connection closed by 45.153.34.71 port 37952 [preauth]
Jun 24 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Invalid user admin from 45.153.34.71
Jun 24 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for invalid user admin from 45.153.34.71 port 37956 ssh2
Jun 24 21:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Connection closed by 45.153.34.71 port 37956 [preauth]
Jun 24 21:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: Invalid user sam from 45.153.34.71
Jun 24 21:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: input_userauth_request: invalid user sam [preauth]
Jun 24 21:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: Failed password for invalid user sam from 45.153.34.71 port 37962 ssh2
Jun 24 21:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: Connection closed by 45.153.34.71 port 37962 [preauth]
Jun 24 21:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: Invalid user debian from 45.153.34.71
Jun 24 21:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: input_userauth_request: invalid user debian [preauth]
Jun 24 21:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: Failed password for invalid user debian from 45.153.34.71 port 47970 ssh2
Jun 24 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: Connection closed by 45.153.34.71 port 47970 [preauth]
Jun 24 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: Invalid user admin from 45.153.34.71
Jun 24 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: Failed password for invalid user admin from 45.153.34.71 port 47976 ssh2
Jun 24 21:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: Connection closed by 45.153.34.71 port 47976 [preauth]
Jun 24 21:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: Failed password for root from 45.153.34.71 port 47988 ssh2
Jun 24 21:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: Connection closed by 45.153.34.71 port 47988 [preauth]
Jun 24 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: Invalid user deploy from 45.153.34.71
Jun 24 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11876]: pam_unix(cron:session): session closed for user root
Jun 24 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: Failed password for invalid user deploy from 45.153.34.71 port 58778 ssh2
Jun 24 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: Connection closed by 45.153.34.71 port 58778 [preauth]
Jun 24 21:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: User ftp from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: input_userauth_request: invalid user ftp [preauth]
Jun 24 21:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=ftp
Jun 24 21:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Failed password for invalid user ftp from 45.153.34.71 port 58798 ssh2
Jun 24 21:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Connection closed by 45.153.34.71 port 58798 [preauth]
Jun 24 21:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Invalid user amir from 45.153.34.71
Jun 24 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: input_userauth_request: invalid user amir [preauth]
Jun 24 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Failed password for invalid user amir from 45.153.34.71 port 58826 ssh2
Jun 24 21:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Connection closed by 45.153.34.71 port 58826 [preauth]
Jun 24 21:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Failed password for root from 45.153.34.71 port 59138 ssh2
Jun 24 21:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Connection closed by 45.153.34.71 port 59138 [preauth]
Jun 24 21:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: Invalid user devops from 45.153.34.71
Jun 24 21:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: input_userauth_request: invalid user devops [preauth]
Jun 24 21:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: Failed password for invalid user devops from 45.153.34.71 port 59140 ssh2
Jun 24 21:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: Connection closed by 45.153.34.71 port 59140 [preauth]
Jun 24 21:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: Invalid user centreon from 45.153.34.71
Jun 24 21:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: input_userauth_request: invalid user centreon [preauth]
Jun 24 21:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: Failed password for invalid user centreon from 45.153.34.71 port 59154 ssh2
Jun 24 21:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: Connection closed by 45.153.34.71 port 59154 [preauth]
Jun 24 21:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13479]: Invalid user mc from 45.153.34.71
Jun 24 21:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13479]: input_userauth_request: invalid user mc [preauth]
Jun 24 21:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13479]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13479]: Failed password for invalid user mc from 45.153.34.71 port 60268 ssh2
Jun 24 21:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13479]: Connection closed by 45.153.34.71 port 60268 [preauth]
Jun 24 21:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: Invalid user guest from 45.153.34.71
Jun 24 21:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: input_userauth_request: invalid user guest [preauth]
Jun 24 21:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: Failed password for invalid user guest from 45.153.34.71 port 60308 ssh2
Jun 24 21:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: Connection closed by 45.153.34.71 port 60308 [preauth]
Jun 24 21:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: Invalid user fastuser from 45.153.34.71
Jun 24 21:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: input_userauth_request: invalid user fastuser [preauth]
Jun 24 21:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13494]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13557]: Successful su for rubyman by root
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13557]: + ??? root:rubyman
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586187 of user rubyman.
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13557]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586187.
Jun 24 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: Failed password for invalid user fastuser from 45.153.34.71 port 60332 ssh2
Jun 24 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: Connection closed by 45.153.34.71 port 60332 [preauth]
Jun 24 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10459]: pam_unix(cron:session): session closed for user root
Jun 24 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Failed password for root from 45.153.34.71 port 34690 ssh2
Jun 24 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Connection closed by 45.153.34.71 port 34690 [preauth]
Jun 24 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13495]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Invalid user wso2 from 45.153.34.71
Jun 24 21:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: input_userauth_request: invalid user wso2 [preauth]
Jun 24 21:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Failed password for invalid user wso2 from 45.153.34.71 port 34694 ssh2
Jun 24 21:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Connection closed by 45.153.34.71 port 34694 [preauth]
Jun 24 21:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Invalid user testuser from 45.153.34.71
Jun 24 21:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: input_userauth_request: invalid user testuser [preauth]
Jun 24 21:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Failed password for invalid user testuser from 45.153.34.71 port 34708 ssh2
Jun 24 21:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Connection closed by 45.153.34.71 port 34708 [preauth]
Jun 24 21:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13764]: Failed password for root from 45.153.34.71 port 47936 ssh2
Jun 24 21:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13764]: Connection closed by 45.153.34.71 port 47936 [preauth]
Jun 24 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Invalid user admin from 45.153.34.71
Jun 24 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13787]: Invalid user homepage from 209.99.191.19
Jun 24 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13787]: input_userauth_request: invalid user homepage [preauth]
Jun 24 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13787]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13787]: Failed password for invalid user homepage from 209.99.191.19 port 43542 ssh2
Jun 24 21:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Failed password for invalid user admin from 45.153.34.71 port 47966 ssh2
Jun 24 21:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13787]: Received disconnect from 209.99.191.19 port 43542:11: Bye Bye [preauth]
Jun 24 21:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13787]: Disconnected from 209.99.191.19 port 43542 [preauth]
Jun 24 21:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Connection closed by 45.153.34.71 port 47966 [preauth]
Jun 24 21:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: Invalid user app from 45.153.34.71
Jun 24 21:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: input_userauth_request: invalid user app [preauth]
Jun 24 21:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: Failed password for invalid user app from 45.153.34.71 port 47998 ssh2
Jun 24 21:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: Connection closed by 45.153.34.71 port 47998 [preauth]
Jun 24 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: Invalid user admin from 45.153.34.71
Jun 24 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: Failed password for invalid user admin from 45.153.34.71 port 50802 ssh2
Jun 24 21:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: Connection closed by 45.153.34.71 port 50802 [preauth]
Jun 24 21:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: Invalid user vpn from 45.153.34.71
Jun 24 21:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: input_userauth_request: invalid user vpn [preauth]
Jun 24 21:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: Failed password for invalid user vpn from 45.153.34.71 port 50818 ssh2
Jun 24 21:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: Connection closed by 45.153.34.71 port 50818 [preauth]
Jun 24 21:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: Invalid user newuser from 45.153.34.71
Jun 24 21:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: input_userauth_request: invalid user newuser [preauth]
Jun 24 21:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: Failed password for invalid user newuser from 45.153.34.71 port 50824 ssh2
Jun 24 21:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13837]: Connection closed by 45.153.34.71 port 50824 [preauth]
Jun 24 21:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session closed for user root
Jun 24 21:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for root from 45.153.34.71 port 40348 ssh2
Jun 24 21:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Connection closed by 45.153.34.71 port 40348 [preauth]
Jun 24 21:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: Invalid user system from 45.153.34.71
Jun 24 21:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: input_userauth_request: invalid user system [preauth]
Jun 24 21:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: Failed password for invalid user system from 45.153.34.71 port 40358 ssh2
Jun 24 21:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: Connection closed by 45.153.34.71 port 40358 [preauth]
Jun 24 21:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Invalid user hu from 45.153.34.71
Jun 24 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: input_userauth_request: invalid user hu [preauth]
Jun 24 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Failed password for invalid user hu from 45.153.34.71 port 40366 ssh2
Jun 24 21:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Connection closed by 45.153.34.71 port 40366 [preauth]
Jun 24 21:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: User mysql from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: input_userauth_request: invalid user mysql [preauth]
Jun 24 21:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=mysql
Jun 24 21:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Failed password for invalid user mysql from 45.153.34.71 port 60312 ssh2
Jun 24 21:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Connection closed by 45.153.34.71 port 60312 [preauth]
Jun 24 21:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: Invalid user x from 45.153.34.71
Jun 24 21:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: input_userauth_request: invalid user x [preauth]
Jun 24 21:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: Failed password for invalid user x from 45.153.34.71 port 60320 ssh2
Jun 24 21:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: Connection closed by 45.153.34.71 port 60320 [preauth]
Jun 24 21:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Invalid user deploy from 45.153.34.71
Jun 24 21:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Failed password for invalid user deploy from 45.153.34.71 port 60336 ssh2
Jun 24 21:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Connection closed by 45.153.34.71 port 60336 [preauth]
Jun 24 21:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Failed password for root from 45.153.34.71 port 51444 ssh2
Jun 24 21:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Connection closed by 45.153.34.71 port 51444 [preauth]
Jun 24 21:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Invalid user fivem from 45.153.34.71
Jun 24 21:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: input_userauth_request: invalid user fivem [preauth]
Jun 24 21:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for invalid user fivem from 45.153.34.71 port 51452 ssh2
Jun 24 21:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Connection closed by 45.153.34.71 port 51452 [preauth]
Jun 24 21:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Invalid user ivan from 45.153.34.71
Jun 24 21:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: input_userauth_request: invalid user ivan [preauth]
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14016]: Successful su for rubyman by root
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14016]: + ??? root:rubyman
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586192 of user rubyman.
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14016]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586192.
Jun 24 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Failed password for invalid user ivan from 45.153.34.71 port 36238 ssh2
Jun 24 21:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Connection closed by 45.153.34.71 port 36238 [preauth]
Jun 24 21:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Invalid user angel from 45.153.34.71
Jun 24 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: input_userauth_request: invalid user angel [preauth]
Jun 24 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10937]: pam_unix(cron:session): session closed for user root
Jun 24 21:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Failed password for invalid user angel from 45.153.34.71 port 36240 ssh2
Jun 24 21:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Connection closed by 45.153.34.71 port 36240 [preauth]
Jun 24 21:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: Invalid user aiuser from 45.153.34.71
Jun 24 21:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: input_userauth_request: invalid user aiuser [preauth]
Jun 24 21:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: Failed password for invalid user aiuser from 45.153.34.71 port 36254 ssh2
Jun 24 21:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: Connection closed by 45.153.34.71 port 36254 [preauth]
Jun 24 21:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Invalid user cloud from 45.153.34.71
Jun 24 21:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: input_userauth_request: invalid user cloud [preauth]
Jun 24 21:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Failed password for invalid user cloud from 45.153.34.71 port 41176 ssh2
Jun 24 21:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Connection closed by 45.153.34.71 port 41176 [preauth]
Jun 24 21:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Failed password for root from 45.153.34.71 port 41182 ssh2
Jun 24 21:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Connection closed by 45.153.34.71 port 41182 [preauth]
Jun 24 21:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14230]: Invalid user jellyfin from 45.153.34.71
Jun 24 21:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14230]: input_userauth_request: invalid user jellyfin [preauth]
Jun 24 21:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14230]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14230]: Failed password for invalid user jellyfin from 45.153.34.71 port 41192 ssh2
Jun 24 21:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14230]: Connection closed by 45.153.34.71 port 41192 [preauth]
Jun 24 21:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Invalid user kali from 45.153.34.71
Jun 24 21:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: input_userauth_request: invalid user kali [preauth]
Jun 24 21:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Failed password for invalid user kali from 45.153.34.71 port 33932 ssh2
Jun 24 21:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Connection closed by 45.153.34.71 port 33932 [preauth]
Jun 24 21:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: Failed password for root from 45.153.34.71 port 33938 ssh2
Jun 24 21:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: Connection closed by 45.153.34.71 port 33938 [preauth]
Jun 24 21:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: Invalid user developer from 45.153.34.71
Jun 24 21:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: input_userauth_request: invalid user developer [preauth]
Jun 24 21:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 21:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: Failed password for invalid user developer from 45.153.34.71 port 33948 ssh2
Jun 24 21:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: Connection closed by 45.153.34.71 port 33948 [preauth]
Jun 24 21:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Failed password for root from 103.149.28.157 port 60256 ssh2
Jun 24 21:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Connection closed by 103.149.28.157 port 60256 [preauth]
Jun 24 21:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Invalid user myuser from 45.153.34.71
Jun 24 21:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: input_userauth_request: invalid user myuser [preauth]
Jun 24 21:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13044]: pam_unix(cron:session): session closed for user root
Jun 24 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Failed password for invalid user myuser from 45.153.34.71 port 46708 ssh2
Jun 24 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Connection closed by 45.153.34.71 port 46708 [preauth]
Jun 24 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Invalid user cloud from 45.153.34.71
Jun 24 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: input_userauth_request: invalid user cloud [preauth]
Jun 24 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Failed password for invalid user cloud from 45.153.34.71 port 46712 ssh2
Jun 24 21:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Connection closed by 45.153.34.71 port 46712 [preauth]
Jun 24 21:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Invalid user ftpuser from 45.153.34.71
Jun 24 21:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: input_userauth_request: invalid user ftpuser [preauth]
Jun 24 21:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Failed password for invalid user ftpuser from 45.153.34.71 port 46718 ssh2
Jun 24 21:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Connection closed by 45.153.34.71 port 46718 [preauth]
Jun 24 21:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Invalid user devops from 45.153.34.71
Jun 24 21:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: input_userauth_request: invalid user devops [preauth]
Jun 24 21:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Failed password for invalid user devops from 45.153.34.71 port 56058 ssh2
Jun 24 21:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Connection closed by 45.153.34.71 port 56058 [preauth]
Jun 24 21:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Failed password for root from 45.153.34.71 port 56070 ssh2
Jun 24 21:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Connection closed by 45.153.34.71 port 56070 [preauth]
Jun 24 21:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: Invalid user uftp from 45.153.34.71
Jun 24 21:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: input_userauth_request: invalid user uftp [preauth]
Jun 24 21:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: Failed password for invalid user uftp from 45.153.34.71 port 56084 ssh2
Jun 24 21:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: Connection closed by 45.153.34.71 port 56084 [preauth]
Jun 24 21:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Invalid user user from 45.153.34.71
Jun 24 21:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: input_userauth_request: invalid user user [preauth]
Jun 24 21:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Failed password for invalid user user from 45.153.34.71 port 56900 ssh2
Jun 24 21:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Connection closed by 45.153.34.71 port 56900 [preauth]
Jun 24 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Failed password for invalid user ubuntu from 45.153.34.71 port 56914 ssh2
Jun 24 21:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Connection closed by 45.153.34.71 port 56914 [preauth]
Jun 24 21:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Failed password for root from 45.153.34.71 port 56928 ssh2
Jun 24 21:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Connection closed by 45.153.34.71 port 56928 [preauth]
Jun 24 21:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14376]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14434]: Successful su for rubyman by root
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14434]: + ??? root:rubyman
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586196 of user rubyman.
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14434]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586196.
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Invalid user dwgk from 209.99.191.19
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: input_userauth_request: invalid user dwgk [preauth]
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for root from 45.153.34.71 port 49008 ssh2
Jun 24 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Connection closed by 45.153.34.71 port 49008 [preauth]
Jun 24 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Failed password for invalid user dwgk from 209.99.191.19 port 49980 ssh2
Jun 24 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Received disconnect from 209.99.191.19 port 49980:11: Bye Bye [preauth]
Jun 24 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Disconnected from 209.99.191.19 port 49980 [preauth]
Jun 24 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11391]: pam_unix(cron:session): session closed for user root
Jun 24 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14584]: Invalid user dev from 45.153.34.71
Jun 24 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14584]: input_userauth_request: invalid user dev [preauth]
Jun 24 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14584]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14377]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14584]: Failed password for invalid user dev from 45.153.34.71 port 49010 ssh2
Jun 24 21:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14584]: Connection closed by 45.153.34.71 port 49010 [preauth]
Jun 24 21:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Invalid user appuser from 45.153.34.71
Jun 24 21:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: input_userauth_request: invalid user appuser [preauth]
Jun 24 21:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Failed password for invalid user appuser from 45.153.34.71 port 49026 ssh2
Jun 24 21:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Connection closed by 45.153.34.71 port 49026 [preauth]
Jun 24 21:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Invalid user admin from 45.153.34.71
Jun 24 21:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Failed password for invalid user admin from 45.153.34.71 port 40072 ssh2
Jun 24 21:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Connection closed by 45.153.34.71 port 40072 [preauth]
Jun 24 21:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Invalid user jellyfin from 45.153.34.71
Jun 24 21:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: input_userauth_request: invalid user jellyfin [preauth]
Jun 24 21:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Failed password for invalid user jellyfin from 45.153.34.71 port 40084 ssh2
Jun 24 21:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Connection closed by 45.153.34.71 port 40084 [preauth]
Jun 24 21:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: Invalid user gd from 45.153.34.71
Jun 24 21:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: input_userauth_request: invalid user gd [preauth]
Jun 24 21:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: Failed password for invalid user gd from 45.153.34.71 port 40092 ssh2
Jun 24 21:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: Connection closed by 45.153.34.71 port 40092 [preauth]
Jun 24 21:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: Invalid user support from 45.153.34.71
Jun 24 21:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: input_userauth_request: invalid user support [preauth]
Jun 24 21:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: Failed password for invalid user support from 45.153.34.71 port 34780 ssh2
Jun 24 21:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: Connection closed by 45.153.34.71 port 34780 [preauth]
Jun 24 21:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: Invalid user www from 45.153.34.71
Jun 24 21:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: input_userauth_request: invalid user www [preauth]
Jun 24 21:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: Failed password for invalid user www from 45.153.34.71 port 34790 ssh2
Jun 24 21:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: Connection closed by 45.153.34.71 port 34790 [preauth]
Jun 24 21:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Invalid user core from 45.153.34.71
Jun 24 21:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: input_userauth_request: invalid user core [preauth]
Jun 24 21:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Failed password for invalid user core from 45.153.34.71 port 34794 ssh2
Jun 24 21:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Connection closed by 45.153.34.71 port 34794 [preauth]
Jun 24 21:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Invalid user test from 45.153.34.71
Jun 24 21:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: input_userauth_request: invalid user test [preauth]
Jun 24 21:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Failed password for invalid user test from 45.153.34.71 port 46660 ssh2
Jun 24 21:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13497]: pam_unix(cron:session): session closed for user root
Jun 24 21:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Connection closed by 45.153.34.71 port 46660 [preauth]
Jun 24 21:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Invalid user user2 from 45.153.34.71
Jun 24 21:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: input_userauth_request: invalid user user2 [preauth]
Jun 24 21:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Failed password for invalid user user2 from 45.153.34.71 port 46662 ssh2
Jun 24 21:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Connection closed by 45.153.34.71 port 46662 [preauth]
Jun 24 21:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Invalid user splunk from 45.153.34.71
Jun 24 21:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: input_userauth_request: invalid user splunk [preauth]
Jun 24 21:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Failed password for invalid user splunk from 45.153.34.71 port 46672 ssh2
Jun 24 21:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Connection closed by 45.153.34.71 port 46672 [preauth]
Jun 24 21:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Failed password for root from 45.153.34.71 port 34616 ssh2
Jun 24 21:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Connection closed by 45.153.34.71 port 34616 [preauth]
Jun 24 21:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: Invalid user newuser from 45.153.34.71
Jun 24 21:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: input_userauth_request: invalid user newuser [preauth]
Jun 24 21:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: Failed password for invalid user newuser from 45.153.34.71 port 34636 ssh2
Jun 24 21:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: Connection closed by 45.153.34.71 port 34636 [preauth]
Jun 24 21:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: Invalid user claude from 45.153.34.71
Jun 24 21:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: input_userauth_request: invalid user claude [preauth]
Jun 24 21:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: Failed password for invalid user claude from 45.153.34.71 port 34644 ssh2
Jun 24 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: Connection closed by 45.153.34.71 port 34644 [preauth]
Jun 24 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Invalid user server from 45.153.34.71
Jun 24 21:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: input_userauth_request: invalid user server [preauth]
Jun 24 21:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Failed password for invalid user server from 45.153.34.71 port 57078 ssh2
Jun 24 21:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Connection closed by 45.153.34.71 port 57078 [preauth]
Jun 24 21:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14878]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14878]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14878]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14878]: Failed password for invalid user ubuntu from 45.153.34.71 port 57092 ssh2
Jun 24 21:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14878]: Connection closed by 45.153.34.71 port 57092 [preauth]
Jun 24 21:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Failed password for root from 45.153.34.71 port 57106 ssh2
Jun 24 21:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Connection closed by 45.153.34.71 port 57106 [preauth]
Jun 24 21:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14900]: pam_unix(cron:session): session closed for user root
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14895]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: Invalid user guest from 45.153.34.71
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: input_userauth_request: invalid user guest [preauth]
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14967]: Successful su for rubyman by root
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14967]: + ??? root:rubyman
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586201 of user rubyman.
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14967]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586201.
Jun 24 21:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: Failed password for invalid user guest from 45.153.34.71 port 38732 ssh2
Jun 24 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: Connection closed by 45.153.34.71 port 38732 [preauth]
Jun 24 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session closed for user root
Jun 24 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11875]: pam_unix(cron:session): session closed for user root
Jun 24 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Failed password for root from 45.153.34.71 port 38742 ssh2
Jun 24 21:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Connection closed by 45.153.34.71 port 38742 [preauth]
Jun 24 21:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: Failed password for root from 45.153.34.71 port 38748 ssh2
Jun 24 21:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: Connection closed by 45.153.34.71 port 38748 [preauth]
Jun 24 21:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Failed password for root from 45.153.34.71 port 48254 ssh2
Jun 24 21:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Connection closed by 45.153.34.71 port 48254 [preauth]
Jun 24 21:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.12.108.55  user=root
Jun 24 21:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Invalid user config from 45.153.34.71
Jun 24 21:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: input_userauth_request: invalid user config [preauth]
Jun 24 21:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: Failed password for root from 175.12.108.55 port 46416 ssh2
Jun 24 21:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Failed password for invalid user config from 45.153.34.71 port 48264 ssh2
Jun 24 21:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Connection closed by 45.153.34.71 port 48264 [preauth]
Jun 24 21:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15221]: Failed password for root from 45.153.34.71 port 48278 ssh2
Jun 24 21:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15221]: Connection closed by 45.153.34.71 port 48278 [preauth]
Jun 24 21:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: Invalid user student from 45.153.34.71
Jun 24 21:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: input_userauth_request: invalid user student [preauth]
Jun 24 21:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: Failed password for invalid user student from 45.153.34.71 port 57102 ssh2
Jun 24 21:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: Connection closed by 45.153.34.71 port 57102 [preauth]
Jun 24 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Invalid user core from 45.153.34.71
Jun 24 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: input_userauth_request: invalid user core [preauth]
Jun 24 21:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Failed password for invalid user core from 45.153.34.71 port 57114 ssh2
Jun 24 21:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Connection closed by 45.153.34.71 port 57114 [preauth]
Jun 24 21:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: Invalid user trade from 45.153.34.71
Jun 24 21:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: input_userauth_request: invalid user trade [preauth]
Jun 24 21:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: Failed password for invalid user trade from 45.153.34.71 port 57128 ssh2
Jun 24 21:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: Connection closed by 45.153.34.71 port 57128 [preauth]
Jun 24 21:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13953]: pam_unix(cron:session): session closed for user root
Jun 24 21:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: Failed password for root from 45.153.34.71 port 53470 ssh2
Jun 24 21:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: Connection closed by 45.153.34.71 port 53470 [preauth]
Jun 24 21:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Invalid user pi from 45.153.34.71
Jun 24 21:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: input_userauth_request: invalid user pi [preauth]
Jun 24 21:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Failed password for invalid user pi from 45.153.34.71 port 53480 ssh2
Jun 24 21:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Connection closed by 45.153.34.71 port 53480 [preauth]
Jun 24 21:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Invalid user ts3 from 45.153.34.71
Jun 24 21:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: input_userauth_request: invalid user ts3 [preauth]
Jun 24 21:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Failed password for invalid user ts3 from 45.153.34.71 port 53484 ssh2
Jun 24 21:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Connection closed by 45.153.34.71 port 53484 [preauth]
Jun 24 21:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Invalid user labuser from 45.153.34.71
Jun 24 21:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: input_userauth_request: invalid user labuser [preauth]
Jun 24 21:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Failed password for invalid user labuser from 45.153.34.71 port 35378 ssh2
Jun 24 21:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Connection closed by 45.153.34.71 port 35378 [preauth]
Jun 24 21:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Invalid user bot from 45.153.34.71
Jun 24 21:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: input_userauth_request: invalid user bot [preauth]
Jun 24 21:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: Invalid user memo from 209.99.191.19
Jun 24 21:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: input_userauth_request: invalid user memo [preauth]
Jun 24 21:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Failed password for invalid user bot from 45.153.34.71 port 35408 ssh2
Jun 24 21:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Connection closed by 45.153.34.71 port 35408 [preauth]
Jun 24 21:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: Failed password for invalid user memo from 209.99.191.19 port 38986 ssh2
Jun 24 21:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: Received disconnect from 209.99.191.19 port 38986:11: Bye Bye [preauth]
Jun 24 21:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: Disconnected from 209.99.191.19 port 38986 [preauth]
Jun 24 21:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Invalid user fastuser from 45.153.34.71
Jun 24 21:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: input_userauth_request: invalid user fastuser [preauth]
Jun 24 21:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Failed password for invalid user fastuser from 45.153.34.71 port 35428 ssh2
Jun 24 21:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Connection closed by 45.153.34.71 port 35428 [preauth]
Jun 24 21:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Invalid user frank from 45.153.34.71
Jun 24 21:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: input_userauth_request: invalid user frank [preauth]
Jun 24 21:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Failed password for invalid user frank from 45.153.34.71 port 51010 ssh2
Jun 24 21:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Connection closed by 45.153.34.71 port 51010 [preauth]
Jun 24 21:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: Invalid user webmaster from 45.153.34.71
Jun 24 21:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: input_userauth_request: invalid user webmaster [preauth]
Jun 24 21:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: Failed password for invalid user webmaster from 45.153.34.71 port 51020 ssh2
Jun 24 21:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: Connection closed by 45.153.34.71 port 51020 [preauth]
Jun 24 21:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Invalid user master from 45.153.34.71
Jun 24 21:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: input_userauth_request: invalid user master [preauth]
Jun 24 21:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Failed password for invalid user master from 45.153.34.71 port 51036 ssh2
Jun 24 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Connection closed by 45.153.34.71 port 51036 [preauth]
Jun 24 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15376]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: Invalid user grok from 45.153.34.71
Jun 24 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: input_userauth_request: invalid user grok [preauth]
Jun 24 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15441]: Successful su for rubyman by root
Jun 24 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15441]: + ??? root:rubyman
Jun 24 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586207 of user rubyman.
Jun 24 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15441]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586207.
Jun 24 21:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: Failed password for invalid user grok from 45.153.34.71 port 50748 ssh2
Jun 24 21:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: Connection closed by 45.153.34.71 port 50748 [preauth]
Jun 24 21:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session closed for user root
Jun 24 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15576]: Invalid user osmc from 45.153.34.71
Jun 24 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15576]: input_userauth_request: invalid user osmc [preauth]
Jun 24 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15576]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 21:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15576]: Failed password for invalid user osmc from 45.153.34.71 port 50754 ssh2
Jun 24 21:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15576]: Connection closed by 45.153.34.71 port 50754 [preauth]
Jun 24 21:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: Failed password for root from 187.192.86.153 port 52814 ssh2
Jun 24 21:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: Received disconnect from 187.192.86.153 port 52814:11: Bye Bye [preauth]
Jun 24 21:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: Disconnected from 187.192.86.153 port 52814 [preauth]
Jun 24 21:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15621]: Failed password for root from 45.153.34.71 port 50760 ssh2
Jun 24 21:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15621]: Connection closed by 45.153.34.71 port 50760 [preauth]
Jun 24 21:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: Invalid user asterisk from 45.153.34.71
Jun 24 21:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: input_userauth_request: invalid user asterisk [preauth]
Jun 24 21:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: Failed password for invalid user asterisk from 45.153.34.71 port 35128 ssh2
Jun 24 21:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: Connection closed by 45.153.34.71 port 35128 [preauth]
Jun 24 21:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: Failed password for root from 45.153.34.71 port 35132 ssh2
Jun 24 21:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: Connection closed by 45.153.34.71 port 35132 [preauth]
Jun 24 21:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: Invalid user sysupdate from 45.153.34.71
Jun 24 21:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: input_userauth_request: invalid user sysupdate [preauth]
Jun 24 21:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: Failed password for invalid user sysupdate from 45.153.34.71 port 35142 ssh2
Jun 24 21:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: Connection closed by 45.153.34.71 port 35142 [preauth]
Jun 24 21:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Failed password for root from 45.153.34.71 port 39844 ssh2
Jun 24 21:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Connection closed by 45.153.34.71 port 39844 [preauth]
Jun 24 21:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: Invalid user newuser from 45.153.34.71
Jun 24 21:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: input_userauth_request: invalid user newuser [preauth]
Jun 24 21:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: Failed password for invalid user newuser from 45.153.34.71 port 39848 ssh2
Jun 24 21:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15684]: Connection closed by 45.153.34.71 port 39848 [preauth]
Jun 24 21:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Invalid user pi from 45.153.34.71
Jun 24 21:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: input_userauth_request: invalid user pi [preauth]
Jun 24 21:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Failed password for invalid user pi from 45.153.34.71 port 39854 ssh2
Jun 24 21:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Connection closed by 45.153.34.71 port 39854 [preauth]
Jun 24 21:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14379]: pam_unix(cron:session): session closed for user root
Jun 24 21:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Failed password for root from 45.153.34.71 port 52766 ssh2
Jun 24 21:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Connection closed by 45.153.34.71 port 52766 [preauth]
Jun 24 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: Invalid user crafty from 45.153.34.71
Jun 24 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: input_userauth_request: invalid user crafty [preauth]
Jun 24 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: Failed password for invalid user crafty from 45.153.34.71 port 52792 ssh2
Jun 24 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: Connection closed by 45.153.34.71 port 52792 [preauth]
Jun 24 21:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Invalid user bot from 45.153.34.71
Jun 24 21:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: input_userauth_request: invalid user bot [preauth]
Jun 24 21:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Failed password for invalid user bot from 45.153.34.71 port 52810 ssh2
Jun 24 21:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Connection closed by 45.153.34.71 port 52810 [preauth]
Jun 24 21:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Invalid user appuser from 45.153.34.71
Jun 24 21:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: input_userauth_request: invalid user appuser [preauth]
Jun 24 21:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Failed password for invalid user appuser from 45.153.34.71 port 56908 ssh2
Jun 24 21:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Connection closed by 45.153.34.71 port 56908 [preauth]
Jun 24 21:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: Failed password for invalid user ubuntu from 45.153.34.71 port 56916 ssh2
Jun 24 21:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: Connection closed by 45.153.34.71 port 56916 [preauth]
Jun 24 21:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: Invalid user runner from 45.153.34.71
Jun 24 21:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: input_userauth_request: invalid user runner [preauth]
Jun 24 21:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: Failed password for invalid user runner from 45.153.34.71 port 56920 ssh2
Jun 24 21:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: Connection closed by 45.153.34.71 port 56920 [preauth]
Jun 24 21:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Invalid user user from 45.153.34.71
Jun 24 21:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: input_userauth_request: invalid user user [preauth]
Jun 24 21:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Failed password for invalid user user from 45.153.34.71 port 43550 ssh2
Jun 24 21:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Connection closed by 45.153.34.71 port 43550 [preauth]
Jun 24 21:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Invalid user daniel from 45.153.34.71
Jun 24 21:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: input_userauth_request: invalid user daniel [preauth]
Jun 24 21:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Failed password for invalid user daniel from 45.153.34.71 port 43578 ssh2
Jun 24 21:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Connection closed by 45.153.34.71 port 43578 [preauth]
Jun 24 21:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Invalid user mcserver from 45.153.34.71
Jun 24 21:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: input_userauth_request: invalid user mcserver [preauth]
Jun 24 21:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Failed password for invalid user mcserver from 45.153.34.71 port 43590 ssh2
Jun 24 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Connection closed by 45.153.34.71 port 43590 [preauth]
Jun 24 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: Successful su for rubyman by root
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: + ??? root:rubyman
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586209 of user rubyman.
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586209.
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Invalid user git from 45.153.34.71
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: input_userauth_request: invalid user git [preauth]
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session closed for user root
Jun 24 21:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Failed password for invalid user git from 45.153.34.71 port 51866 ssh2
Jun 24 21:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Connection closed by 45.153.34.71 port 51866 [preauth]
Jun 24 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: Invalid user gitlab from 45.153.34.71
Jun 24 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: input_userauth_request: invalid user gitlab [preauth]
Jun 24 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: Failed password for invalid user gitlab from 45.153.34.71 port 51876 ssh2
Jun 24 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: Connection closed by 45.153.34.71 port 51876 [preauth]
Jun 24 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Invalid user node from 45.153.34.71
Jun 24 21:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: input_userauth_request: invalid user node [preauth]
Jun 24 21:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Failed password for invalid user node from 45.153.34.71 port 51888 ssh2
Jun 24 21:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Connection closed by 45.153.34.71 port 51888 [preauth]
Jun 24 21:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: Failed password for root from 45.153.34.71 port 45578 ssh2
Jun 24 21:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: Connection closed by 45.153.34.71 port 45578 [preauth]
Jun 24 21:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Invalid user kim from 45.153.34.71
Jun 24 21:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: input_userauth_request: invalid user kim [preauth]
Jun 24 21:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Failed password for invalid user kim from 45.153.34.71 port 45580 ssh2
Jun 24 21:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Connection closed by 45.153.34.71 port 45580 [preauth]
Jun 24 21:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Failed password for invalid user ubuntu from 45.153.34.71 port 45590 ssh2
Jun 24 21:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Connection closed by 45.153.34.71 port 45590 [preauth]
Jun 24 21:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: Invalid user jenkins from 45.153.34.71
Jun 24 21:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: input_userauth_request: invalid user jenkins [preauth]
Jun 24 21:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: Failed password for invalid user jenkins from 45.153.34.71 port 60410 ssh2
Jun 24 21:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: Connection closed by 45.153.34.71 port 60410 [preauth]
Jun 24 21:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: Invalid user gns3 from 45.153.34.71
Jun 24 21:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: input_userauth_request: invalid user gns3 [preauth]
Jun 24 21:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: Failed password for invalid user gns3 from 45.153.34.71 port 60418 ssh2
Jun 24 21:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: Connection closed by 45.153.34.71 port 60418 [preauth]
Jun 24 21:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: Invalid user jakob from 45.153.34.71
Jun 24 21:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: input_userauth_request: invalid user jakob [preauth]
Jun 24 21:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: Failed password for invalid user jakob from 45.153.34.71 port 60420 ssh2
Jun 24 21:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: Connection closed by 45.153.34.71 port 60420 [preauth]
Jun 24 21:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Invalid user admin from 45.153.34.71
Jun 24 21:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14899]: pam_unix(cron:session): session closed for user root
Jun 24 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: Invalid user sakura from 209.99.191.19
Jun 24 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: input_userauth_request: invalid user sakura [preauth]
Jun 24 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Failed password for invalid user admin from 45.153.34.71 port 58728 ssh2
Jun 24 21:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Connection closed by 45.153.34.71 port 58728 [preauth]
Jun 24 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: Invalid user username from 45.153.34.71
Jun 24 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: input_userauth_request: invalid user username [preauth]
Jun 24 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: Failed password for invalid user sakura from 209.99.191.19 port 33306 ssh2
Jun 24 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: Received disconnect from 209.99.191.19 port 33306:11: Bye Bye [preauth]
Jun 24 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: Disconnected from 209.99.191.19 port 33306 [preauth]
Jun 24 21:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: Failed password for invalid user username from 45.153.34.71 port 58734 ssh2
Jun 24 21:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: Connection closed by 45.153.34.71 port 58734 [preauth]
Jun 24 21:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Invalid user kafka from 45.153.34.71
Jun 24 21:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: input_userauth_request: invalid user kafka [preauth]
Jun 24 21:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Failed password for invalid user kafka from 45.153.34.71 port 58744 ssh2
Jun 24 21:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Connection closed by 45.153.34.71 port 58744 [preauth]
Jun 24 21:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Invalid user ts3 from 45.153.34.71
Jun 24 21:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: input_userauth_request: invalid user ts3 [preauth]
Jun 24 21:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Failed password for invalid user ts3 from 45.153.34.71 port 34908 ssh2
Jun 24 21:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16171]: Connection closed by 45.153.34.71 port 34908 [preauth]
Jun 24 21:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Invalid user data from 45.153.34.71
Jun 24 21:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: input_userauth_request: invalid user data [preauth]
Jun 24 21:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Failed password for invalid user data from 45.153.34.71 port 34914 ssh2
Jun 24 21:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Connection closed by 45.153.34.71 port 34914 [preauth]
Jun 24 21:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Invalid user support from 45.153.34.71
Jun 24 21:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: input_userauth_request: invalid user support [preauth]
Jun 24 21:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Failed password for invalid user support from 45.153.34.71 port 34924 ssh2
Jun 24 21:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Connection closed by 45.153.34.71 port 34924 [preauth]
Jun 24 21:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Invalid user agent from 45.153.34.71
Jun 24 21:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: input_userauth_request: invalid user agent [preauth]
Jun 24 21:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Failed password for invalid user agent from 45.153.34.71 port 60304 ssh2
Jun 24 21:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Connection closed by 45.153.34.71 port 60304 [preauth]
Jun 24 21:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Invalid user debian from 45.153.34.71
Jun 24 21:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: input_userauth_request: invalid user debian [preauth]
Jun 24 21:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Failed password for invalid user debian from 45.153.34.71 port 60332 ssh2
Jun 24 21:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Connection closed by 45.153.34.71 port 60332 [preauth]
Jun 24 21:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Invalid user operator from 45.153.34.71
Jun 24 21:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: input_userauth_request: invalid user operator [preauth]
Jun 24 21:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Failed password for invalid user operator from 45.153.34.71 port 60354 ssh2
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16285]: Successful su for rubyman by root
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16285]: + ??? root:rubyman
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586215 of user rubyman.
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16285]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586215.
Jun 24 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Connection closed by 45.153.34.71 port 60354 [preauth]
Jun 24 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Invalid user admin from 45.153.34.71
Jun 24 21:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13496]: pam_unix(cron:session): session closed for user root
Jun 24 21:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Failed password for invalid user admin from 45.153.34.71 port 51332 ssh2
Jun 24 21:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Connection closed by 45.153.34.71 port 51332 [preauth]
Jun 24 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16228]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: Invalid user kevin from 45.153.34.71
Jun 24 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: input_userauth_request: invalid user kevin [preauth]
Jun 24 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: Failed password for invalid user kevin from 45.153.34.71 port 51344 ssh2
Jun 24 21:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: Connection closed by 45.153.34.71 port 51344 [preauth]
Jun 24 21:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16477]: Invalid user guest from 45.153.34.71
Jun 24 21:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16477]: input_userauth_request: invalid user guest [preauth]
Jun 24 21:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16477]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16477]: Failed password for invalid user guest from 45.153.34.71 port 51356 ssh2
Jun 24 21:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16477]: Connection closed by 45.153.34.71 port 51356 [preauth]
Jun 24 21:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Invalid user vagrant from 45.153.34.71
Jun 24 21:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: input_userauth_request: invalid user vagrant [preauth]
Jun 24 21:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Failed password for invalid user vagrant from 45.153.34.71 port 37086 ssh2
Jun 24 21:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Connection closed by 45.153.34.71 port 37086 [preauth]
Jun 24 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: Invalid user ethan from 45.153.34.71
Jun 24 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: input_userauth_request: invalid user ethan [preauth]
Jun 24 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: Failed password for invalid user ethan from 45.153.34.71 port 37094 ssh2
Jun 24 21:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: Connection closed by 45.153.34.71 port 37094 [preauth]
Jun 24 21:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: Failed password for root from 45.153.34.71 port 37096 ssh2
Jun 24 21:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: Connection closed by 45.153.34.71 port 37096 [preauth]
Jun 24 21:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16524]: Invalid user home from 45.153.34.71
Jun 24 21:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16524]: input_userauth_request: invalid user home [preauth]
Jun 24 21:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16524]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16524]: Failed password for invalid user home from 45.153.34.71 port 34068 ssh2
Jun 24 21:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16524]: Connection closed by 45.153.34.71 port 34068 [preauth]
Jun 24 21:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Invalid user runner from 45.153.34.71
Jun 24 21:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: input_userauth_request: invalid user runner [preauth]
Jun 24 21:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Failed password for invalid user runner from 45.153.34.71 port 34076 ssh2
Jun 24 21:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Connection closed by 45.153.34.71 port 34076 [preauth]
Jun 24 21:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: Invalid user odoo17 from 45.153.34.71
Jun 24 21:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: input_userauth_request: invalid user odoo17 [preauth]
Jun 24 21:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: Failed password for invalid user odoo17 from 45.153.34.71 port 34080 ssh2
Jun 24 21:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: Connection closed by 45.153.34.71 port 34080 [preauth]
Jun 24 21:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Invalid user teamspeak from 45.153.34.71
Jun 24 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: input_userauth_request: invalid user teamspeak [preauth]
Jun 24 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15379]: pam_unix(cron:session): session closed for user root
Jun 24 21:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Failed password for invalid user teamspeak from 45.153.34.71 port 34564 ssh2
Jun 24 21:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Connection closed by 45.153.34.71 port 34564 [preauth]
Jun 24 21:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Invalid user cloud from 45.153.34.71
Jun 24 21:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: input_userauth_request: invalid user cloud [preauth]
Jun 24 21:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Failed password for invalid user cloud from 45.153.34.71 port 34582 ssh2
Jun 24 21:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Connection closed by 45.153.34.71 port 34582 [preauth]
Jun 24 21:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: Invalid user dmdba from 45.153.34.71
Jun 24 21:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: input_userauth_request: invalid user dmdba [preauth]
Jun 24 21:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: Failed password for invalid user dmdba from 45.153.34.71 port 34606 ssh2
Jun 24 21:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: Connection closed by 45.153.34.71 port 34606 [preauth]
Jun 24 21:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: Invalid user gitlab-runner from 45.153.34.71
Jun 24 21:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 24 21:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: Failed password for invalid user gitlab-runner from 45.153.34.71 port 56538 ssh2
Jun 24 21:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: Connection closed by 45.153.34.71 port 56538 [preauth]
Jun 24 21:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: Invalid user opc from 45.153.34.71
Jun 24 21:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: input_userauth_request: invalid user opc [preauth]
Jun 24 21:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: Failed password for invalid user opc from 45.153.34.71 port 56548 ssh2
Jun 24 21:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: Connection closed by 45.153.34.71 port 56548 [preauth]
Jun 24 21:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: Invalid user odoo from 45.153.34.71
Jun 24 21:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: input_userauth_request: invalid user odoo [preauth]
Jun 24 21:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: Failed password for invalid user odoo from 45.153.34.71 port 56552 ssh2
Jun 24 21:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: Connection closed by 45.153.34.71 port 56552 [preauth]
Jun 24 21:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Failed password for invalid user ubuntu from 45.153.34.71 port 53268 ssh2
Jun 24 21:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Connection closed by 45.153.34.71 port 53268 [preauth]
Jun 24 21:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Invalid user test from 45.153.34.71
Jun 24 21:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: input_userauth_request: invalid user test [preauth]
Jun 24 21:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Failed password for invalid user test from 45.153.34.71 port 53274 ssh2
Jun 24 21:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Connection closed by 45.153.34.71 port 53274 [preauth]
Jun 24 21:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Invalid user admin from 45.153.34.71
Jun 24 21:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16664]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Failed password for invalid user admin from 45.153.34.71 port 53284 ssh2
Jun 24 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16722]: Successful su for rubyman by root
Jun 24 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16722]: + ??? root:rubyman
Jun 24 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586218 of user rubyman.
Jun 24 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16722]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586218.
Jun 24 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Connection closed by 45.153.34.71 port 53284 [preauth]
Jun 24 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: Invalid user gabriel from 45.153.34.71
Jun 24 21:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: input_userauth_request: invalid user gabriel [preauth]
Jun 24 21:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13952]: pam_unix(cron:session): session closed for user root
Jun 24 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: Failed password for invalid user gabriel from 45.153.34.71 port 47464 ssh2
Jun 24 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: Connection closed by 45.153.34.71 port 47464 [preauth]
Jun 24 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Invalid user progres from 187.192.86.153
Jun 24 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: input_userauth_request: invalid user progres [preauth]
Jun 24 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16665]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Invalid user hadoop from 45.153.34.71
Jun 24 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: input_userauth_request: invalid user hadoop [preauth]
Jun 24 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Failed password for invalid user progres from 187.192.86.153 port 54022 ssh2
Jun 24 21:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Received disconnect from 187.192.86.153 port 54022:11: Bye Bye [preauth]
Jun 24 21:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Disconnected from 187.192.86.153 port 54022 [preauth]
Jun 24 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Failed password for invalid user hadoop from 45.153.34.71 port 47478 ssh2
Jun 24 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Connection closed by 45.153.34.71 port 47478 [preauth]
Jun 24 21:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: Invalid user debian from 45.153.34.71
Jun 24 21:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: input_userauth_request: invalid user debian [preauth]
Jun 24 21:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: Failed password for invalid user debian from 45.153.34.71 port 47482 ssh2
Jun 24 21:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: Connection closed by 45.153.34.71 port 47482 [preauth]
Jun 24 21:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: Invalid user cloud from 45.153.34.71
Jun 24 21:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: input_userauth_request: invalid user cloud [preauth]
Jun 24 21:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: Failed password for invalid user cloud from 45.153.34.71 port 41354 ssh2
Jun 24 21:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: Connection closed by 45.153.34.71 port 41354 [preauth]
Jun 24 21:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Invalid user oracle from 45.153.34.71
Jun 24 21:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: input_userauth_request: invalid user oracle [preauth]
Jun 24 21:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Failed password for invalid user oracle from 45.153.34.71 port 41364 ssh2
Jun 24 21:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Connection closed by 45.153.34.71 port 41364 [preauth]
Jun 24 21:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Invalid user debian from 45.153.34.71
Jun 24 21:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: input_userauth_request: invalid user debian [preauth]
Jun 24 21:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Failed password for invalid user debian from 45.153.34.71 port 41374 ssh2
Jun 24 21:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Connection closed by 45.153.34.71 port 41374 [preauth]
Jun 24 21:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Invalid user testcrm from 209.99.191.19
Jun 24 21:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: input_userauth_request: invalid user testcrm [preauth]
Jun 24 21:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Invalid user gary from 45.153.34.71
Jun 24 21:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: input_userauth_request: invalid user gary [preauth]
Jun 24 21:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Failed password for invalid user testcrm from 209.99.191.19 port 32886 ssh2
Jun 24 21:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Received disconnect from 209.99.191.19 port 32886:11: Bye Bye [preauth]
Jun 24 21:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Disconnected from 209.99.191.19 port 32886 [preauth]
Jun 24 21:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Failed password for invalid user gary from 45.153.34.71 port 39374 ssh2
Jun 24 21:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Connection closed by 45.153.34.71 port 39374 [preauth]
Jun 24 21:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: Failed password for invalid user ubuntu from 45.153.34.71 port 39388 ssh2
Jun 24 21:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: Connection closed by 45.153.34.71 port 39388 [preauth]
Jun 24 21:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Invalid user deployer from 45.153.34.71
Jun 24 21:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: input_userauth_request: invalid user deployer [preauth]
Jun 24 21:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Failed password for invalid user deployer from 45.153.34.71 port 39394 ssh2
Jun 24 21:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Connection closed by 45.153.34.71 port 39394 [preauth]
Jun 24 21:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: Invalid user developer from 45.153.34.71
Jun 24 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: input_userauth_request: invalid user developer [preauth]
Jun 24 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15808]: pam_unix(cron:session): session closed for user root
Jun 24 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: Failed password for invalid user developer from 45.153.34.71 port 51336 ssh2
Jun 24 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: Connection closed by 45.153.34.71 port 51336 [preauth]
Jun 24 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Invalid user ansible from 45.153.34.71
Jun 24 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: input_userauth_request: invalid user ansible [preauth]
Jun 24 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Failed password for invalid user ansible from 45.153.34.71 port 51352 ssh2
Jun 24 21:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Connection closed by 45.153.34.71 port 51352 [preauth]
Jun 24 21:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Invalid user myuser from 45.153.34.71
Jun 24 21:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: input_userauth_request: invalid user myuser [preauth]
Jun 24 21:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Failed password for invalid user myuser from 45.153.34.71 port 51360 ssh2
Jun 24 21:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Connection closed by 45.153.34.71 port 51360 [preauth]
Jun 24 21:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Invalid user admin from 45.153.34.71
Jun 24 21:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Failed password for invalid user admin from 45.153.34.71 port 58950 ssh2
Jun 24 21:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Connection closed by 45.153.34.71 port 58950 [preauth]
Jun 24 21:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Invalid user admin from 45.153.34.71
Jun 24 21:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16489]: Connection closed by 61.6.124.127 port 51310 [preauth]
Jun 24 21:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for invalid user admin from 45.153.34.71 port 58970 ssh2
Jun 24 21:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Connection closed by 45.153.34.71 port 58970 [preauth]
Jun 24 21:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: Invalid user btc from 45.153.34.71
Jun 24 21:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: input_userauth_request: invalid user btc [preauth]
Jun 24 21:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: Failed password for invalid user btc from 45.153.34.71 port 59004 ssh2
Jun 24 21:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: Connection closed by 45.153.34.71 port 59004 [preauth]
Jun 24 21:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Invalid user user2 from 45.153.34.71
Jun 24 21:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: input_userauth_request: invalid user user2 [preauth]
Jun 24 21:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Failed password for invalid user user2 from 45.153.34.71 port 56108 ssh2
Jun 24 21:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Connection closed by 45.153.34.71 port 56108 [preauth]
Jun 24 21:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Invalid user media from 45.153.34.71
Jun 24 21:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: input_userauth_request: invalid user media [preauth]
Jun 24 21:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Failed password for invalid user media from 45.153.34.71 port 56116 ssh2
Jun 24 21:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Connection closed by 45.153.34.71 port 56116 [preauth]
Jun 24 21:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Invalid user pi from 45.153.34.71
Jun 24 21:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: input_userauth_request: invalid user pi [preauth]
Jun 24 21:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session closed for user root
Jun 24 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for invalid user pi from 45.153.34.71 port 56118 ssh2
Jun 24 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17265]: Successful su for rubyman by root
Jun 24 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17265]: + ??? root:rubyman
Jun 24 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586224 of user rubyman.
Jun 24 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17265]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586224.
Jun 24 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Connection closed by 45.153.34.71 port 56118 [preauth]
Jun 24 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17340]: Invalid user hadoop from 45.153.34.71
Jun 24 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17340]: input_userauth_request: invalid user hadoop [preauth]
Jun 24 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17340]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17197]: pam_unix(cron:session): session closed for user root
Jun 24 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14378]: pam_unix(cron:session): session closed for user root
Jun 24 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17340]: Failed password for invalid user hadoop from 45.153.34.71 port 44154 ssh2
Jun 24 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17340]: Connection closed by 45.153.34.71 port 44154 [preauth]
Jun 24 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Invalid user hduser from 45.153.34.71
Jun 24 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: input_userauth_request: invalid user hduser [preauth]
Jun 24 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Failed password for invalid user hduser from 45.153.34.71 port 44166 ssh2
Jun 24 21:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Connection closed by 45.153.34.71 port 44166 [preauth]
Jun 24 21:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Invalid user tester from 45.153.34.71
Jun 24 21:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: input_userauth_request: invalid user tester [preauth]
Jun 24 21:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Failed password for invalid user tester from 45.153.34.71 port 44190 ssh2
Jun 24 21:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Connection closed by 45.153.34.71 port 44190 [preauth]
Jun 24 21:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Invalid user dani from 45.153.34.71
Jun 24 21:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: input_userauth_request: invalid user dani [preauth]
Jun 24 21:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Invalid user admin from 141.98.83.240
Jun 24 21:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 21:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Failed password for invalid user dani from 45.153.34.71 port 60880 ssh2
Jun 24 21:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Connection closed by 45.153.34.71 port 60880 [preauth]
Jun 24 21:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Invalid user frappe from 45.153.34.71
Jun 24 21:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: input_userauth_request: invalid user frappe [preauth]
Jun 24 21:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Failed password for invalid user admin from 141.98.83.240 port 38708 ssh2
Jun 24 21:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Failed password for invalid user frappe from 45.153.34.71 port 60906 ssh2
Jun 24 21:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Connection closed by 45.153.34.71 port 60906 [preauth]
Jun 24 21:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Failed password for invalid user admin from 141.98.83.240 port 38708 ssh2
Jun 24 21:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Failed password for invalid user admin from 141.98.83.240 port 38708 ssh2
Jun 24 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Connection closed by 141.98.83.240 port 38708 [preauth]
Jun 24 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: User vncuser from 45.153.34.71 not allowed because not listed in AllowUsers
Jun 24 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: input_userauth_request: invalid user vncuser [preauth]
Jun 24 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=vncuser
Jun 24 21:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: Failed password for invalid user vncuser from 45.153.34.71 port 60938 ssh2
Jun 24 21:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: Connection closed by 45.153.34.71 port 60938 [preauth]
Jun 24 21:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17542]: Failed password for root from 45.153.34.71 port 57442 ssh2
Jun 24 21:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17542]: Connection closed by 45.153.34.71 port 57442 [preauth]
Jun 24 21:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Invalid user steam from 45.153.34.71
Jun 24 21:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: input_userauth_request: invalid user steam [preauth]
Jun 24 21:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Failed password for invalid user steam from 45.153.34.71 port 57456 ssh2
Jun 24 21:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Connection closed by 45.153.34.71 port 57456 [preauth]
Jun 24 21:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Failed password for root from 45.153.34.71 port 57458 ssh2
Jun 24 21:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Connection closed by 45.153.34.71 port 57458 [preauth]
Jun 24 21:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16230]: pam_unix(cron:session): session closed for user root
Jun 24 21:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: Failed password for root from 45.153.34.71 port 39480 ssh2
Jun 24 21:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: Connection closed by 45.153.34.71 port 39480 [preauth]
Jun 24 21:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: Invalid user claude from 45.153.34.71
Jun 24 21:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: input_userauth_request: invalid user claude [preauth]
Jun 24 21:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: Failed password for invalid user claude from 45.153.34.71 port 39502 ssh2
Jun 24 21:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: Connection closed by 45.153.34.71 port 39502 [preauth]
Jun 24 21:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Invalid user martin from 45.153.34.71
Jun 24 21:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: input_userauth_request: invalid user martin [preauth]
Jun 24 21:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Failed password for invalid user martin from 45.153.34.71 port 39526 ssh2
Jun 24 21:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Connection closed by 45.153.34.71 port 39526 [preauth]
Jun 24 21:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Failed password for invalid user ubuntu from 45.153.34.71 port 48976 ssh2
Jun 24 21:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Connection closed by 45.153.34.71 port 48976 [preauth]
Jun 24 21:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: Failed password for root from 45.153.34.71 port 48984 ssh2
Jun 24 21:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: Connection closed by 45.153.34.71 port 48984 [preauth]
Jun 24 21:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: Invalid user myuser from 45.153.34.71
Jun 24 21:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: input_userauth_request: invalid user myuser [preauth]
Jun 24 21:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: Failed password for invalid user myuser from 45.153.34.71 port 53276 ssh2
Jun 24 21:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17671]: Connection closed by 45.153.34.71 port 53276 [preauth]
Jun 24 21:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17732]: Invalid user admin from 45.153.34.71
Jun 24 21:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17732]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17732]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17732]: Failed password for invalid user admin from 45.153.34.71 port 53282 ssh2
Jun 24 21:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17732]: Connection closed by 45.153.34.71 port 53282 [preauth]
Jun 24 21:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Invalid user deploy from 45.153.34.71
Jun 24 21:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: input_userauth_request: invalid user deploy [preauth]
Jun 24 21:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Failed password for invalid user deploy from 45.153.34.71 port 53290 ssh2
Jun 24 21:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Connection closed by 45.153.34.71 port 53290 [preauth]
Jun 24 21:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: Invalid user ubuntu from 45.153.34.71
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17755]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17835]: Successful su for rubyman by root
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17835]: + ??? root:rubyman
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586228 of user rubyman.
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17835]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586228.
Jun 24 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: Failed password for invalid user ubuntu from 45.153.34.71 port 37536 ssh2
Jun 24 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17752]: Connection closed by 45.153.34.71 port 37536 [preauth]
Jun 24 21:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: Invalid user fred from 45.153.34.71
Jun 24 21:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: input_userauth_request: invalid user fred [preauth]
Jun 24 21:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session closed for user root
Jun 24 21:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17756]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: Failed password for invalid user fred from 45.153.34.71 port 37550 ssh2
Jun 24 21:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: Connection closed by 45.153.34.71 port 37550 [preauth]
Jun 24 21:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18035]: Failed password for root from 45.153.34.71 port 37554 ssh2
Jun 24 21:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18035]: Connection closed by 45.153.34.71 port 37554 [preauth]
Jun 24 21:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18049]: Invalid user bitrix from 45.153.34.71
Jun 24 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18049]: input_userauth_request: invalid user bitrix [preauth]
Jun 24 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18049]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: Invalid user mpacc from 209.99.191.19
Jun 24 21:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: input_userauth_request: invalid user mpacc [preauth]
Jun 24 21:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18049]: Failed password for invalid user bitrix from 45.153.34.71 port 53776 ssh2
Jun 24 21:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18049]: Connection closed by 45.153.34.71 port 53776 [preauth]
Jun 24 21:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: Failed password for invalid user mpacc from 209.99.191.19 port 38614 ssh2
Jun 24 21:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: Received disconnect from 209.99.191.19 port 38614:11: Bye Bye [preauth]
Jun 24 21:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18051]: Disconnected from 209.99.191.19 port 38614 [preauth]
Jun 24 21:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Invalid user appuser from 45.153.34.71
Jun 24 21:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: input_userauth_request: invalid user appuser [preauth]
Jun 24 21:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Failed password for invalid user appuser from 45.153.34.71 port 53792 ssh2
Jun 24 21:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Connection closed by 45.153.34.71 port 53792 [preauth]
Jun 24 21:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: Invalid user david from 45.153.34.71
Jun 24 21:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: input_userauth_request: invalid user david [preauth]
Jun 24 21:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: Failed password for invalid user david from 45.153.34.71 port 53812 ssh2
Jun 24 21:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: Connection closed by 45.153.34.71 port 53812 [preauth]
Jun 24 21:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: Invalid user admin from 175.12.108.55
Jun 24 21:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: input_userauth_request: invalid user admin [preauth]
Jun 24 21:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.12.108.55
Jun 24 21:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Invalid user user from 45.153.34.71
Jun 24 21:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: input_userauth_request: invalid user user [preauth]
Jun 24 21:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: Failed password for invalid user admin from 175.12.108.55 port 50176 ssh2
Jun 24 21:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Failed password for invalid user user from 45.153.34.71 port 38516 ssh2
Jun 24 21:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Connection closed by 45.153.34.71 port 38516 [preauth]
Jun 24 21:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Invalid user ftpuser1 from 45.153.34.71
Jun 24 21:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 24 21:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71
Jun 24 21:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Failed password for invalid user ftpuser1 from 45.153.34.71 port 38544 ssh2
Jun 24 21:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Connection closed by 45.153.34.71 port 38544 [preauth]
Jun 24 21:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.71  user=root
Jun 24 21:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18114]: Failed password for root from 45.153.34.71 port 38548 ssh2
Jun 24 21:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18114]: Connection closed by 45.153.34.71 port 38548 [preauth]
Jun 24 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session closed for user root
Jun 24 21:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18226]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18296]: Successful su for rubyman by root
Jun 24 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18296]: + ??? root:rubyman
Jun 24 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586231 of user rubyman.
Jun 24 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18296]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586231.
Jun 24 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18209]: Failed password for root from 187.192.86.153 port 52376 ssh2
Jun 24 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18209]: Received disconnect from 187.192.86.153 port 52376:11: Bye Bye [preauth]
Jun 24 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18209]: Disconnected from 187.192.86.153 port 52376 [preauth]
Jun 24 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session closed for user root
Jun 24 21:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18227]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17199]: pam_unix(cron:session): session closed for user root
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18722]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18793]: Successful su for rubyman by root
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18793]: + ??? root:rubyman
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586236 of user rubyman.
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18793]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586236.
Jun 24 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Invalid user whs from 209.99.191.19
Jun 24 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: input_userauth_request: invalid user whs [preauth]
Jun 24 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15807]: pam_unix(cron:session): session closed for user root
Jun 24 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Failed password for invalid user whs from 209.99.191.19 port 51626 ssh2
Jun 24 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Received disconnect from 209.99.191.19 port 51626:11: Bye Bye [preauth]
Jun 24 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Disconnected from 209.99.191.19 port 51626 [preauth]
Jun 24 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17758]: pam_unix(cron:session): session closed for user root
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: Successful su for rubyman by root
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: + ??? root:rubyman
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586239 of user rubyman.
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19293]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586239.
Jun 24 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16229]: pam_unix(cron:session): session closed for user root
Jun 24 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19230]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18230]: pam_unix(cron:session): session closed for user root
Jun 24 21:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: Invalid user proradis from 187.192.86.153
Jun 24 21:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: input_userauth_request: invalid user proradis [preauth]
Jun 24 21:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 21:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: Failed password for invalid user proradis from 187.192.86.153 port 46566 ssh2
Jun 24 21:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: Received disconnect from 187.192.86.153 port 46566:11: Bye Bye [preauth]
Jun 24 21:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: Disconnected from 187.192.86.153 port 46566 [preauth]
Jun 24 21:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Invalid user ski from 209.99.191.19
Jun 24 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: input_userauth_request: invalid user ski [preauth]
Jun 24 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19859]: pam_unix(cron:session): session closed for user root
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19923]: Successful su for rubyman by root
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19923]: + ??? root:rubyman
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586245 of user rubyman.
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19923]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586245.
Jun 24 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Failed password for invalid user ski from 209.99.191.19 port 46482 ssh2
Jun 24 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Received disconnect from 209.99.191.19 port 46482:11: Bye Bye [preauth]
Jun 24 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Disconnected from 209.99.191.19 port 46482 [preauth]
Jun 24 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session closed for user root
Jun 24 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16666]: pam_unix(cron:session): session closed for user root
Jun 24 21:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18727]: pam_unix(cron:session): session closed for user root
Jun 24 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20379]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20450]: Successful su for rubyman by root
Jun 24 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20450]: + ??? root:rubyman
Jun 24 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586250 of user rubyman.
Jun 24 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20450]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586250.
Jun 24 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session closed for user root
Jun 24 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20380]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19232]: pam_unix(cron:session): session closed for user root
Jun 24 21:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20861]: Invalid user szczecin from 209.99.191.19
Jun 24 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20861]: input_userauth_request: invalid user szczecin [preauth]
Jun 24 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20861]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20861]: Failed password for invalid user szczecin from 209.99.191.19 port 42368 ssh2
Jun 24 21:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20861]: Received disconnect from 209.99.191.19 port 42368:11: Bye Bye [preauth]
Jun 24 21:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20861]: Disconnected from 209.99.191.19 port 42368 [preauth]
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20882]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20945]: Successful su for rubyman by root
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20945]: + ??? root:rubyman
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586254 of user rubyman.
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20945]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586254.
Jun 24 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17757]: pam_unix(cron:session): session closed for user root
Jun 24 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20883]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session closed for user root
Jun 24 21:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: Invalid user userftp from 187.192.86.153
Jun 24 21:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: input_userauth_request: invalid user userftp [preauth]
Jun 24 21:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 21:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: Failed password for invalid user userftp from 187.192.86.153 port 38360 ssh2
Jun 24 21:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: Received disconnect from 187.192.86.153 port 38360:11: Bye Bye [preauth]
Jun 24 21:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: Disconnected from 187.192.86.153 port 38360 [preauth]
Jun 24 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21293]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21361]: Successful su for rubyman by root
Jun 24 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21361]: + ??? root:rubyman
Jun 24 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586257 of user rubyman.
Jun 24 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21361]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586257.
Jun 24 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18229]: pam_unix(cron:session): session closed for user root
Jun 24 21:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21294]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20382]: pam_unix(cron:session): session closed for user root
Jun 24 21:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Invalid user sand from 209.99.191.19
Jun 24 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: input_userauth_request: invalid user sand [preauth]
Jun 24 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 21:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Failed password for invalid user sand from 209.99.191.19 port 55464 ssh2
Jun 24 21:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Received disconnect from 209.99.191.19 port 55464:11: Bye Bye [preauth]
Jun 24 21:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Disconnected from 209.99.191.19 port 55464 [preauth]
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session closed for user p13x
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21795]: Successful su for rubyman by root
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21795]: + ??? root:rubyman
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586262 of user rubyman.
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21795]: pam_unix(su:session): session closed for user rubyman
Jun 24 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586262.
Jun 24 21:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session closed for user root
Jun 24 21:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session closed for user samftp
Jun 24 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20889]: pam_unix(cron:session): session closed for user root
Jun 24 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22126]: pam_unix(cron:session): session closed for user root
Jun 24 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22130]: pam_unix(cron:session): session closed for user root
Jun 24 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22124]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22228]: Successful su for rubyman by root
Jun 24 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22228]: + ??? root:rubyman
Jun 24 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586265 of user rubyman.
Jun 24 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22228]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586265.
Jun 24 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22127]: pam_unix(cron:session): session closed for user root
Jun 24 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19231]: pam_unix(cron:session): session closed for user root
Jun 24 22:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Invalid user manu from 175.12.108.55
Jun 24 22:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: input_userauth_request: invalid user manu [preauth]
Jun 24 22:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.12.108.55
Jun 24 22:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Failed password for invalid user manu from 175.12.108.55 port 55816 ssh2
Jun 24 22:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Invalid user monitoring from 187.192.86.153
Jun 24 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: input_userauth_request: invalid user monitoring [preauth]
Jun 24 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Failed password for invalid user monitoring from 187.192.86.153 port 56776 ssh2
Jun 24 22:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Received disconnect from 187.192.86.153 port 56776:11: Bye Bye [preauth]
Jun 24 22:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Disconnected from 187.192.86.153 port 56776 [preauth]
Jun 24 22:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Invalid user synergy from 209.99.191.19
Jun 24 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: input_userauth_request: invalid user synergy [preauth]
Jun 24 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21296]: pam_unix(cron:session): session closed for user root
Jun 24 22:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Failed password for invalid user synergy from 209.99.191.19 port 47928 ssh2
Jun 24 22:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Received disconnect from 209.99.191.19 port 47928:11: Bye Bye [preauth]
Jun 24 22:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Disconnected from 209.99.191.19 port 47928 [preauth]
Jun 24 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22733]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22731]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22807]: Successful su for rubyman by root
Jun 24 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22807]: + ??? root:rubyman
Jun 24 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586273 of user rubyman.
Jun 24 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22807]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586273.
Jun 24 22:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session closed for user root
Jun 24 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22732]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21732]: pam_unix(cron:session): session closed for user root
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23134]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23195]: Successful su for rubyman by root
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23195]: + ??? root:rubyman
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586276 of user rubyman.
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23195]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586276.
Jun 24 22:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20381]: pam_unix(cron:session): session closed for user root
Jun 24 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23135]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Invalid user mailstore from 209.99.191.19
Jun 24 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: input_userauth_request: invalid user mailstore [preauth]
Jun 24 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Failed password for invalid user mailstore from 209.99.191.19 port 47854 ssh2
Jun 24 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Received disconnect from 209.99.191.19 port 47854:11: Bye Bye [preauth]
Jun 24 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Disconnected from 209.99.191.19 port 47854 [preauth]
Jun 24 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session closed for user root
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23557]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23619]: Successful su for rubyman by root
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23619]: + ??? root:rubyman
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586281 of user rubyman.
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23619]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586281.
Jun 24 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session closed for user root
Jun 24 22:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23558]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Invalid user pzserver from 187.192.86.153
Jun 24 22:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: input_userauth_request: invalid user pzserver [preauth]
Jun 24 22:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Failed password for invalid user pzserver from 187.192.86.153 port 50470 ssh2
Jun 24 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Received disconnect from 187.192.86.153 port 50470:11: Bye Bye [preauth]
Jun 24 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Disconnected from 187.192.86.153 port 50470 [preauth]
Jun 24 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22734]: pam_unix(cron:session): session closed for user root
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24073]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: Successful su for rubyman by root
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: + ??? root:rubyman
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586284 of user rubyman.
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586284.
Jun 24 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21295]: pam_unix(cron:session): session closed for user root
Jun 24 22:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24074]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: Invalid user papers from 209.99.191.19
Jun 24 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: input_userauth_request: invalid user papers [preauth]
Jun 24 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 22:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: Failed password for invalid user papers from 209.99.191.19 port 56330 ssh2
Jun 24 22:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: Received disconnect from 209.99.191.19 port 56330:11: Bye Bye [preauth]
Jun 24 22:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: Disconnected from 209.99.191.19 port 56330 [preauth]
Jun 24 22:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23137]: pam_unix(cron:session): session closed for user root
Jun 24 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24504]: pam_unix(cron:session): session closed for user root
Jun 24 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24499]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24568]: Successful su for rubyman by root
Jun 24 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24568]: + ??? root:rubyman
Jun 24 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586288 of user rubyman.
Jun 24 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24568]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586288.
Jun 24 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24501]: pam_unix(cron:session): session closed for user root
Jun 24 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session closed for user root
Jun 24 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 22:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24500]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Failed password for root from 103.27.238.114 port 46600 ssh2
Jun 24 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Connection closed by 103.27.238.114 port 46600 [preauth]
Jun 24 22:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Invalid user postgres from 103.227.210.171
Jun 24 22:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: input_userauth_request: invalid user postgres [preauth]
Jun 24 22:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.227.210.171
Jun 24 22:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Failed password for invalid user postgres from 103.227.210.171 port 53734 ssh2
Jun 24 22:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Connection closed by 103.227.210.171 port 53734 [preauth]
Jun 24 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session closed for user root
Jun 24 22:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 22:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: Failed password for root from 103.15.222.183 port 35898 ssh2
Jun 24 22:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: Connection closed by 103.15.222.183 port 35898 [preauth]
Jun 24 22:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Invalid user vr from 209.99.191.19
Jun 24 22:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: input_userauth_request: invalid user vr [preauth]
Jun 24 22:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Failed password for invalid user vr from 209.99.191.19 port 54468 ssh2
Jun 24 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Received disconnect from 209.99.191.19 port 54468:11: Bye Bye [preauth]
Jun 24 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Disconnected from 209.99.191.19 port 54468 [preauth]
Jun 24 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24946]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25017]: Successful su for rubyman by root
Jun 24 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25017]: + ??? root:rubyman
Jun 24 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586294 of user rubyman.
Jun 24 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25017]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586294.
Jun 24 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session closed for user root
Jun 24 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24947]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25201]: Failed password for root from 187.192.86.153 port 47386 ssh2
Jun 24 22:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25201]: Received disconnect from 187.192.86.153 port 47386:11: Bye Bye [preauth]
Jun 24 22:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25201]: Disconnected from 187.192.86.153 port 47386 [preauth]
Jun 24 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24077]: pam_unix(cron:session): session closed for user root
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25360]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25420]: Successful su for rubyman by root
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25420]: + ??? root:rubyman
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586298 of user rubyman.
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25420]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586298.
Jun 24 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22733]: pam_unix(cron:session): session closed for user root
Jun 24 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25361]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24503]: pam_unix(cron:session): session closed for user root
Jun 24 22:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Invalid user atlant from 209.99.191.19
Jun 24 22:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: input_userauth_request: invalid user atlant [preauth]
Jun 24 22:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 22:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Failed password for invalid user atlant from 209.99.191.19 port 55246 ssh2
Jun 24 22:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Received disconnect from 209.99.191.19 port 55246:11: Bye Bye [preauth]
Jun 24 22:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Disconnected from 209.99.191.19 port 55246 [preauth]
Jun 24 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25749]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: Successful su for rubyman by root
Jun 24 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: + ??? root:rubyman
Jun 24 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586303 of user rubyman.
Jun 24 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586303.
Jun 24 22:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23136]: pam_unix(cron:session): session closed for user root
Jun 24 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25750]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24949]: pam_unix(cron:session): session closed for user root
Jun 24 22:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26141]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26138]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Failed password for root from 187.192.86.153 port 40166 ssh2
Jun 24 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Received disconnect from 187.192.86.153 port 40166:11: Bye Bye [preauth]
Jun 24 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Disconnected from 187.192.86.153 port 40166 [preauth]
Jun 24 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26268]: Successful su for rubyman by root
Jun 24 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26268]: + ??? root:rubyman
Jun 24 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586306 of user rubyman.
Jun 24 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26268]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586306.
Jun 24 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26136]: pam_unix(cron:session): session closed for user root
Jun 24 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session closed for user root
Jun 24 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26139]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25363]: pam_unix(cron:session): session closed for user root
Jun 24 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Invalid user kielce from 209.99.191.19
Jun 24 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: input_userauth_request: invalid user kielce [preauth]
Jun 24 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Failed password for invalid user kielce from 209.99.191.19 port 35750 ssh2
Jun 24 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Received disconnect from 209.99.191.19 port 35750:11: Bye Bye [preauth]
Jun 24 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Disconnected from 209.99.191.19 port 35750 [preauth]
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26634]: pam_unix(cron:session): session closed for user root
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26629]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26787]: Successful su for rubyman by root
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26787]: + ??? root:rubyman
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586315 of user rubyman.
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26787]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586315.
Jun 24 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26631]: pam_unix(cron:session): session closed for user root
Jun 24 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24076]: pam_unix(cron:session): session closed for user root
Jun 24 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26630]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25752]: pam_unix(cron:session): session closed for user root
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27140]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27211]: Successful su for rubyman by root
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27211]: + ??? root:rubyman
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586318 of user rubyman.
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27211]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586318.
Jun 24 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24502]: pam_unix(cron:session): session closed for user root
Jun 24 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 22:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27412]: Failed password for root from 87.251.79.125 port 55482 ssh2
Jun 24 22:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27412]: Connection closed by 87.251.79.125 port 55482 [preauth]
Jun 24 22:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: Invalid user guard from 209.99.191.19
Jun 24 22:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: input_userauth_request: invalid user guard [preauth]
Jun 24 22:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.99.191.19
Jun 24 22:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: Failed password for invalid user guard from 209.99.191.19 port 60406 ssh2
Jun 24 22:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: Received disconnect from 209.99.191.19 port 60406:11: Bye Bye [preauth]
Jun 24 22:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: Disconnected from 209.99.191.19 port 60406 [preauth]
Jun 24 22:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26141]: pam_unix(cron:session): session closed for user root
Jun 24 22:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: Invalid user guest from 193.46.255.86
Jun 24 22:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: input_userauth_request: invalid user guest [preauth]
Jun 24 22:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 22:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: Failed password for invalid user guest from 193.46.255.86 port 13932 ssh2
Jun 24 22:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: Failed password for invalid user guest from 193.46.255.86 port 13932 ssh2
Jun 24 22:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: Failed password for invalid user guest from 193.46.255.86 port 13932 ssh2
Jun 24 22:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: Connection closed by 193.46.255.86 port 13932 [preauth]
Jun 24 22:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27554]: Invalid user cockpit from 187.192.86.153
Jun 24 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27554]: input_userauth_request: invalid user cockpit [preauth]
Jun 24 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27554]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27554]: Failed password for invalid user cockpit from 187.192.86.153 port 39464 ssh2
Jun 24 22:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27554]: Received disconnect from 187.192.86.153 port 39464:11: Bye Bye [preauth]
Jun 24 22:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27554]: Disconnected from 187.192.86.153 port 39464 [preauth]
Jun 24 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27577]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27639]: Successful su for rubyman by root
Jun 24 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27639]: + ??? root:rubyman
Jun 24 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586321 of user rubyman.
Jun 24 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27639]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586321.
Jun 24 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24948]: pam_unix(cron:session): session closed for user root
Jun 24 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27578]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session closed for user root
Jun 24 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27986]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28058]: Successful su for rubyman by root
Jun 24 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28058]: + ??? root:rubyman
Jun 24 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586327 of user rubyman.
Jun 24 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28058]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586327.
Jun 24 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25362]: pam_unix(cron:session): session closed for user root
Jun 24 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27987]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 22:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: Failed password for root from 77.94.47.83 port 43164 ssh2
Jun 24 22:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: Connection closed by 77.94.47.83 port 43164 [preauth]
Jun 24 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27143]: pam_unix(cron:session): session closed for user root
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: Successful su for rubyman by root
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: + ??? root:rubyman
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586329 of user rubyman.
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28499]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586329.
Jun 24 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25751]: pam_unix(cron:session): session closed for user root
Jun 24 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28438]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: Failed password for root from 62.133.62.83 port 33374 ssh2
Jun 24 22:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: Connection closed by 62.133.62.83 port 33374 [preauth]
Jun 24 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27580]: pam_unix(cron:session): session closed for user root
Jun 24 22:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 22:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: Failed password for root from 103.82.20.28 port 38038 ssh2
Jun 24 22:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: Connection closed by 103.82.20.28 port 38038 [preauth]
Jun 24 22:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Invalid user a from 187.192.86.153
Jun 24 22:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: input_userauth_request: invalid user a [preauth]
Jun 24 22:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Failed password for invalid user a from 187.192.86.153 port 34262 ssh2
Jun 24 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Received disconnect from 187.192.86.153 port 34262:11: Bye Bye [preauth]
Jun 24 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Disconnected from 187.192.86.153 port 34262 [preauth]
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28951]: pam_unix(cron:session): session closed for user root
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28946]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29020]: Successful su for rubyman by root
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29020]: + ??? root:rubyman
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586337 of user rubyman.
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29020]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586337.
Jun 24 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28948]: pam_unix(cron:session): session closed for user root
Jun 24 22:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26140]: pam_unix(cron:session): session closed for user root
Jun 24 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28947]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 22:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29286]: Failed password for root from 202.178.126.219 port 19829 ssh2
Jun 24 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29286]: Connection closed by 202.178.126.219 port 19829 [preauth]
Jun 24 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session closed for user root
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29399]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29468]: Successful su for rubyman by root
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29468]: + ??? root:rubyman
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586339 of user rubyman.
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29468]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586339.
Jun 24 22:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26632]: pam_unix(cron:session): session closed for user root
Jun 24 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29400]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28440]: pam_unix(cron:session): session closed for user root
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29942]: pam_unix(cron:session): session closed for user root
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29944]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30008]: Successful su for rubyman by root
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30008]: + ??? root:rubyman
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586345 of user rubyman.
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30008]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586345.
Jun 24 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session closed for user root
Jun 24 22:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29945]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30235]: Connection closed by 61.6.124.127 port 30901 [preauth]
Jun 24 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Invalid user appuser from 187.192.86.153
Jun 24 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: input_userauth_request: invalid user appuser [preauth]
Jun 24 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28950]: pam_unix(cron:session): session closed for user root
Jun 24 22:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Failed password for invalid user appuser from 187.192.86.153 port 56762 ssh2
Jun 24 22:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Received disconnect from 187.192.86.153 port 56762:11: Bye Bye [preauth]
Jun 24 22:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Disconnected from 187.192.86.153 port 56762 [preauth]
Jun 24 22:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Connection closed by 61.6.124.127 port 1808 [preauth]
Jun 24 22:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30202]: Connection closed by 61.6.124.127 port 30900 [preauth]
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30368]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30425]: Successful su for rubyman by root
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30425]: + ??? root:rubyman
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586348 of user rubyman.
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30425]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586348.
Jun 24 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27579]: pam_unix(cron:session): session closed for user root
Jun 24 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30369]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29402]: pam_unix(cron:session): session closed for user root
Jun 24 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30779]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30844]: Successful su for rubyman by root
Jun 24 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30844]: + ??? root:rubyman
Jun 24 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586352 of user rubyman.
Jun 24 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30844]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586352.
Jun 24 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session closed for user root
Jun 24 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30780]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: Connection closed by 61.6.124.127 port 21370 [preauth]
Jun 24 22:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 22:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: Failed password for root from 38.93.206.2 port 36756 ssh2
Jun 24 22:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: Connection closed by 38.93.206.2 port 36756 [preauth]
Jun 24 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29947]: pam_unix(cron:session): session closed for user root
Jun 24 22:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: Invalid user admin from 2.57.121.25
Jun 24 22:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: input_userauth_request: invalid user admin [preauth]
Jun 24 22:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 22:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: Failed password for invalid user admin from 2.57.121.25 port 63626 ssh2
Jun 24 22:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 24 22:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: Failed password for invalid user admin from 2.57.121.25 port 63626 ssh2
Jun 24 22:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31268]: Failed password for root from 176.32.39.21 port 37996 ssh2
Jun 24 22:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31268]: Connection closed by 176.32.39.21 port 37996 [preauth]
Jun 24 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: Failed password for invalid user admin from 2.57.121.25 port 63626 ssh2
Jun 24 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: Connection closed by 2.57.121.25 port 63626 [preauth]
Jun 24 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31293]: pam_unix(cron:session): session closed for user root
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31288]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31359]: Successful su for rubyman by root
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31359]: + ??? root:rubyman
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586358 of user rubyman.
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31359]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586358.
Jun 24 22:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31290]: pam_unix(cron:session): session closed for user root
Jun 24 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28439]: pam_unix(cron:session): session closed for user root
Jun 24 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31289]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 22:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Failed password for root from 141.98.83.240 port 9916 ssh2
Jun 24 22:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 9916 ssh2]
Jun 24 22:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Connection closed by 141.98.83.240 port 9916 [preauth]
Jun 24 22:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 24 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 22:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31724]: Failed password for root from 187.192.86.153 port 52836 ssh2
Jun 24 22:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31724]: Received disconnect from 187.192.86.153 port 52836:11: Bye Bye [preauth]
Jun 24 22:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31724]: Disconnected from 187.192.86.153 port 52836 [preauth]
Jun 24 22:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Failed password for root from 147.45.199.80 port 48678 ssh2
Jun 24 22:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Connection closed by 147.45.199.80 port 48678 [preauth]
Jun 24 22:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30371]: pam_unix(cron:session): session closed for user root
Jun 24 22:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31828]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31893]: Successful su for rubyman by root
Jun 24 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31893]: + ??? root:rubyman
Jun 24 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586362 of user rubyman.
Jun 24 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31893]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586362.
Jun 24 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28949]: pam_unix(cron:session): session closed for user root
Jun 24 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31830]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Connection closed by 61.6.124.127 port 64246 [preauth]
Jun 24 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session closed for user root
Jun 24 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32245]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32302]: Successful su for rubyman by root
Jun 24 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32302]: + ??? root:rubyman
Jun 24 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586367 of user rubyman.
Jun 24 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32302]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586367.
Jun 24 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29401]: pam_unix(cron:session): session closed for user root
Jun 24 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32246]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 22:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32506]: Failed password for root from 103.27.238.116 port 60334 ssh2
Jun 24 22:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32506]: Connection closed by 103.27.238.116 port 60334 [preauth]
Jun 24 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31292]: pam_unix(cron:session): session closed for user root
Jun 24 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32656]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32722]: Successful su for rubyman by root
Jun 24 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32722]: + ??? root:rubyman
Jun 24 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586371 of user rubyman.
Jun 24 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32722]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586371.
Jun 24 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29946]: pam_unix(cron:session): session closed for user root
Jun 24 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Failed password for root from 187.192.86.153 port 54782 ssh2
Jun 24 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Received disconnect from 187.192.86.153 port 54782:11: Bye Bye [preauth]
Jun 24 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Disconnected from 187.192.86.153 port 54782 [preauth]
Jun 24 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32657]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31832]: pam_unix(cron:session): session closed for user root
Jun 24 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[815]: Successful su for rubyman by root
Jun 24 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[815]: + ??? root:rubyman
Jun 24 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586375 of user rubyman.
Jun 24 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[815]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586375.
Jun 24 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30370]: pam_unix(cron:session): session closed for user root
Jun 24 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[745]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session closed for user root
Jun 24 22:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session closed for user root
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1195]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: Successful su for rubyman by root
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: + ??? root:rubyman
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586383 of user rubyman.
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586383.
Jun 24 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1197]: pam_unix(cron:session): session closed for user root
Jun 24 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30781]: pam_unix(cron:session): session closed for user root
Jun 24 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1196]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32659]: pam_unix(cron:session): session closed for user root
Jun 24 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 22:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: Failed password for root from 103.122.221.179 port 56912 ssh2
Jun 24 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: Connection closed by 103.122.221.179 port 56912 [preauth]
Jun 24 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: Failed password for root from 193.37.70.224 port 46346 ssh2
Jun 24 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1764]: Invalid user ins from 187.192.86.153
Jun 24 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1764]: input_userauth_request: invalid user ins [preauth]
Jun 24 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1764]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: Connection closed by 193.37.70.224 port 46346 [preauth]
Jun 24 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1764]: Failed password for invalid user ins from 187.192.86.153 port 56868 ssh2
Jun 24 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1764]: Received disconnect from 187.192.86.153 port 56868:11: Bye Bye [preauth]
Jun 24 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1764]: Disconnected from 187.192.86.153 port 56868 [preauth]
Jun 24 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1798]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1863]: Successful su for rubyman by root
Jun 24 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1863]: + ??? root:rubyman
Jun 24 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586385 of user rubyman.
Jun 24 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1863]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586385.
Jun 24 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31291]: pam_unix(cron:session): session closed for user root
Jun 24 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1799]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[747]: pam_unix(cron:session): session closed for user root
Jun 24 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Failed password for root from 51.250.105.222 port 44574 ssh2
Jun 24 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Connection closed by 51.250.105.222 port 44574 [preauth]
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2279]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2351]: Successful su for rubyman by root
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2351]: + ??? root:rubyman
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586388 of user rubyman.
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2351]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586388.
Jun 24 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31831]: pam_unix(cron:session): session closed for user root
Jun 24 22:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2282]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1199]: pam_unix(cron:session): session closed for user root
Jun 24 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2698]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2767]: Successful su for rubyman by root
Jun 24 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2767]: + ??? root:rubyman
Jun 24 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586394 of user rubyman.
Jun 24 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2767]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586394.
Jun 24 22:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32247]: pam_unix(cron:session): session closed for user root
Jun 24 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2699]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Invalid user ubuntu from 187.192.86.153
Jun 24 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Failed password for invalid user ubuntu from 187.192.86.153 port 55396 ssh2
Jun 24 22:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Received disconnect from 187.192.86.153 port 55396:11: Bye Bye [preauth]
Jun 24 22:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Disconnected from 187.192.86.153 port 55396 [preauth]
Jun 24 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1801]: pam_unix(cron:session): session closed for user root
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3102]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3165]: Successful su for rubyman by root
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3165]: + ??? root:rubyman
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586397 of user rubyman.
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3165]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586397.
Jun 24 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32658]: pam_unix(cron:session): session closed for user root
Jun 24 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3103]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 22:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: Failed password for root from 103.82.132.16 port 40304 ssh2
Jun 24 22:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: Connection closed by 103.82.132.16 port 40304 [preauth]
Jun 24 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2284]: pam_unix(cron:session): session closed for user root
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session closed for user root
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3498]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: Successful su for rubyman by root
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: + ??? root:rubyman
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586401 of user rubyman.
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586401.
Jun 24 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3502]: pam_unix(cron:session): session closed for user root
Jun 24 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session closed for user root
Jun 24 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3501]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2701]: pam_unix(cron:session): session closed for user root
Jun 24 22:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Connection closed by 194.59.206.2 port 21980 [preauth]
Jun 24 22:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Failed password for root from 187.192.86.153 port 54576 ssh2
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Received disconnect from 187.192.86.153 port 54576:11: Bye Bye [preauth]
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Disconnected from 187.192.86.153 port 54576 [preauth]
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4130]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4202]: Successful su for rubyman by root
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4202]: + ??? root:rubyman
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586406 of user rubyman.
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4202]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586406.
Jun 24 22:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session closed for user root
Jun 24 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4131]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3105]: pam_unix(cron:session): session closed for user root
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4555]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4617]: Successful su for rubyman by root
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4617]: + ??? root:rubyman
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586411 of user rubyman.
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4617]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586411.
Jun 24 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1800]: pam_unix(cron:session): session closed for user root
Jun 24 22:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4556]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3504]: pam_unix(cron:session): session closed for user root
Jun 24 22:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 22:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: Failed password for root from 194.113.233.25 port 53980 ssh2
Jun 24 22:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: Connection closed by 194.113.233.25 port 53980 [preauth]
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5064]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5123]: Successful su for rubyman by root
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5123]: + ??? root:rubyman
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586415 of user rubyman.
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5123]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586415.
Jun 24 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2283]: pam_unix(cron:session): session closed for user root
Jun 24 22:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5065]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4133]: pam_unix(cron:session): session closed for user root
Jun 24 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5409]: Failed password for root from 187.192.86.153 port 50548 ssh2
Jun 24 22:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5409]: Received disconnect from 187.192.86.153 port 50548:11: Bye Bye [preauth]
Jun 24 22:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5409]: Disconnected from 187.192.86.153 port 50548 [preauth]
Jun 24 22:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 22:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Failed password for root from 109.237.96.109 port 50562 ssh2
Jun 24 22:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Connection closed by 109.237.96.109 port 50562 [preauth]
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5476]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5535]: Successful su for rubyman by root
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5535]: + ??? root:rubyman
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586418 of user rubyman.
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5535]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586418.
Jun 24 22:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2700]: pam_unix(cron:session): session closed for user root
Jun 24 22:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5477]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4558]: pam_unix(cron:session): session closed for user root
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5878]: pam_unix(cron:session): session closed for user root
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5872]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5939]: Successful su for rubyman by root
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5939]: + ??? root:rubyman
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586425 of user rubyman.
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5939]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586425.
Jun 24 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5875]: pam_unix(cron:session): session closed for user root
Jun 24 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3104]: pam_unix(cron:session): session closed for user root
Jun 24 22:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5874]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5067]: pam_unix(cron:session): session closed for user root
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6287]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6357]: Successful su for rubyman by root
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6357]: + ??? root:rubyman
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586429 of user rubyman.
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6357]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586429.
Jun 24 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: Invalid user axel from 187.192.86.153
Jun 24 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: input_userauth_request: invalid user axel [preauth]
Jun 24 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session closed for user root
Jun 24 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: Failed password for invalid user axel from 187.192.86.153 port 46400 ssh2
Jun 24 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: Received disconnect from 187.192.86.153 port 46400:11: Bye Bye [preauth]
Jun 24 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: Disconnected from 187.192.86.153 port 46400 [preauth]
Jun 24 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6288]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session closed for user root
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6686]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6755]: Successful su for rubyman by root
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6755]: + ??? root:rubyman
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586434 of user rubyman.
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6755]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586434.
Jun 24 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4132]: pam_unix(cron:session): session closed for user root
Jun 24 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6689]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5877]: pam_unix(cron:session): session closed for user root
Jun 24 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7200]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: Successful su for rubyman by root
Jun 24 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: + ??? root:rubyman
Jun 24 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586437 of user rubyman.
Jun 24 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586437.
Jun 24 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4557]: pam_unix(cron:session): session closed for user root
Jun 24 22:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7201]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: Received disconnect from 185.219.133.156 port 51720:11: disconnected by user [preauth]
Jun 24 22:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7503]: Disconnected from 185.219.133.156 port 51720 [preauth]
Jun 24 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6290]: pam_unix(cron:session): session closed for user root
Jun 24 22:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: Failed password for root from 187.192.86.153 port 40932 ssh2
Jun 24 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: Received disconnect from 187.192.86.153 port 40932:11: Bye Bye [preauth]
Jun 24 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: Disconnected from 187.192.86.153 port 40932 [preauth]
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7812]: Successful su for rubyman by root
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7812]: + ??? root:rubyman
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586440 of user rubyman.
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7812]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586440.
Jun 24 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session closed for user root
Jun 24 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 24 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5066]: pam_unix(cron:session): session closed for user root
Jun 24 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: Failed password for root from 103.153.68.219 port 50940 ssh2
Jun 24 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: Connection closed by 103.153.68.219 port 50940 [preauth]
Jun 24 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7604]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6691]: pam_unix(cron:session): session closed for user root
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8176]: pam_unix(cron:session): session closed for user root
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8171]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8240]: Successful su for rubyman by root
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8240]: + ??? root:rubyman
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586448 of user rubyman.
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8240]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586448.
Jun 24 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session closed for user root
Jun 24 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8173]: pam_unix(cron:session): session closed for user root
Jun 24 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 24 22:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8172]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: Failed password for root from 103.77.242.62 port 41416 ssh2
Jun 24 22:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: Connection closed by 103.77.242.62 port 41416 [preauth]
Jun 24 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7203]: pam_unix(cron:session): session closed for user root
Jun 24 22:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 24 22:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Failed password for root from 103.77.175.15 port 56048 ssh2
Jun 24 22:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Connection closed by 103.77.175.15 port 56048 [preauth]
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8674]: Successful su for rubyman by root
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8674]: + ??? root:rubyman
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586451 of user rubyman.
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8674]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586451.
Jun 24 22:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5876]: pam_unix(cron:session): session closed for user root
Jun 24 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8609]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: Failed password for root from 187.192.86.153 port 40582 ssh2
Jun 24 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: Received disconnect from 187.192.86.153 port 40582:11: Bye Bye [preauth]
Jun 24 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: Disconnected from 187.192.86.153 port 40582 [preauth]
Jun 24 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7606]: pam_unix(cron:session): session closed for user root
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: Successful su for rubyman by root
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: + ??? root:rubyman
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586456 of user rubyman.
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586456.
Jun 24 22:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6289]: pam_unix(cron:session): session closed for user root
Jun 24 22:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9010]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8175]: pam_unix(cron:session): session closed for user root
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9397]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9456]: Successful su for rubyman by root
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9456]: + ??? root:rubyman
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586460 of user rubyman.
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9456]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586460.
Jun 24 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session closed for user root
Jun 24 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9398]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8611]: pam_unix(cron:session): session closed for user root
Jun 24 22:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Failed password for root from 187.192.86.153 port 46744 ssh2
Jun 24 22:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Received disconnect from 187.192.86.153 port 46744:11: Bye Bye [preauth]
Jun 24 22:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Disconnected from 187.192.86.153 port 46744 [preauth]
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9796]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9868]: Successful su for rubyman by root
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9868]: + ??? root:rubyman
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586463 of user rubyman.
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9868]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586463.
Jun 24 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7202]: pam_unix(cron:session): session closed for user root
Jun 24 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9797]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9012]: pam_unix(cron:session): session closed for user root
Jun 24 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session closed for user root
Jun 24 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10457]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10527]: Successful su for rubyman by root
Jun 24 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10527]: + ??? root:rubyman
Jun 24 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586468 of user rubyman.
Jun 24 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10527]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586468.
Jun 24 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10459]: pam_unix(cron:session): session closed for user root
Jun 24 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7605]: pam_unix(cron:session): session closed for user root
Jun 24 22:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9400]: pam_unix(cron:session): session closed for user root
Jun 24 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10978]: Successful su for rubyman by root
Jun 24 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10978]: + ??? root:rubyman
Jun 24 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586474 of user rubyman.
Jun 24 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10978]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586474.
Jun 24 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8174]: pam_unix(cron:session): session closed for user root
Jun 24 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9799]: pam_unix(cron:session): session closed for user root
Jun 24 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Invalid user akash from 187.192.86.153
Jun 24 22:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: input_userauth_request: invalid user akash [preauth]
Jun 24 22:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Failed password for invalid user akash from 187.192.86.153 port 60668 ssh2
Jun 24 22:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Received disconnect from 187.192.86.153 port 60668:11: Bye Bye [preauth]
Jun 24 22:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Disconnected from 187.192.86.153 port 60668 [preauth]
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11326]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11388]: Successful su for rubyman by root
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11388]: + ??? root:rubyman
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586478 of user rubyman.
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11388]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586478.
Jun 24 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8610]: pam_unix(cron:session): session closed for user root
Jun 24 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11327]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session closed for user root
Jun 24 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11832]: Successful su for rubyman by root
Jun 24 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11832]: + ??? root:rubyman
Jun 24 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586483 of user rubyman.
Jun 24 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11832]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586483.
Jun 24 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9011]: pam_unix(cron:session): session closed for user root
Jun 24 22:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session closed for user root
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12373]: Successful su for rubyman by root
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12373]: + ??? root:rubyman
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586486 of user rubyman.
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12373]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586486.
Jun 24 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9399]: pam_unix(cron:session): session closed for user root
Jun 24 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12194]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Invalid user mikrotik from 187.192.86.153
Jun 24 22:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: input_userauth_request: invalid user mikrotik [preauth]
Jun 24 22:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Failed password for invalid user mikrotik from 187.192.86.153 port 58694 ssh2
Jun 24 22:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Received disconnect from 187.192.86.153 port 58694:11: Bye Bye [preauth]
Jun 24 22:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Disconnected from 187.192.86.153 port 58694 [preauth]
Jun 24 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11329]: pam_unix(cron:session): session closed for user root
Jun 24 22:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Invalid user user from 141.98.83.240
Jun 24 22:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: input_userauth_request: invalid user user [preauth]
Jun 24 22:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 22:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Failed password for invalid user user from 141.98.83.240 port 63304 ssh2
Jun 24 22:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Failed password for invalid user user from 141.98.83.240 port 63304 ssh2
Jun 24 22:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12724]: pam_unix(cron:session): session closed for user root
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12717]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Failed password for invalid user user from 141.98.83.240 port 63304 ssh2
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12793]: Successful su for rubyman by root
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12793]: + ??? root:rubyman
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586494 of user rubyman.
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12793]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586494.
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Connection closed by 141.98.83.240 port 63304 [preauth]
Jun 24 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12719]: pam_unix(cron:session): session closed for user root
Jun 24 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9798]: pam_unix(cron:session): session closed for user root
Jun 24 22:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 24 22:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Failed password for root from 103.176.20.57 port 34006 ssh2
Jun 24 22:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Connection closed by 103.176.20.57 port 34006 [preauth]
Jun 24 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11754]: pam_unix(cron:session): session closed for user root
Jun 24 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13251]: Successful su for rubyman by root
Jun 24 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13251]: + ??? root:rubyman
Jun 24 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586497 of user rubyman.
Jun 24 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13251]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586497.
Jun 24 22:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session closed for user root
Jun 24 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13184]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session closed for user root
Jun 24 22:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 24 22:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Failed password for root from 80.66.85.226 port 40578 ssh2
Jun 24 22:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Connection closed by 80.66.85.226 port 40578 [preauth]
Jun 24 22:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: Failed password for root from 187.192.86.153 port 47066 ssh2
Jun 24 22:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: Received disconnect from 187.192.86.153 port 47066:11: Bye Bye [preauth]
Jun 24 22:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: Disconnected from 187.192.86.153 port 47066 [preauth]
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13589]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13647]: Successful su for rubyman by root
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13647]: + ??? root:rubyman
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586500 of user rubyman.
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13647]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586500.
Jun 24 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session closed for user root
Jun 24 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session closed for user root
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13994]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14054]: Successful su for rubyman by root
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14054]: + ??? root:rubyman
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586504 of user rubyman.
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14054]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586504.
Jun 24 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11328]: pam_unix(cron:session): session closed for user root
Jun 24 22:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13995]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13186]: pam_unix(cron:session): session closed for user root
Jun 24 22:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14340]: Received disconnect from 176.65.131.189 port 9892:11: disconnected by user [preauth]
Jun 24 22:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14340]: Disconnected from 176.65.131.189 port 9892 [preauth]
Jun 24 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14383]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14442]: Successful su for rubyman by root
Jun 24 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14442]: + ??? root:rubyman
Jun 24 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586507 of user rubyman.
Jun 24 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14442]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586507.
Jun 24 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session closed for user root
Jun 24 22:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14384]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: Invalid user git from 187.192.86.153
Jun 24 22:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: input_userauth_request: invalid user git [preauth]
Jun 24 22:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 22:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 24 22:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: Failed password for invalid user git from 187.192.86.153 port 33332 ssh2
Jun 24 22:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: Received disconnect from 187.192.86.153 port 33332:11: Bye Bye [preauth]
Jun 24 22:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: Disconnected from 187.192.86.153 port 33332 [preauth]
Jun 24 22:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session closed for user root
Jun 24 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session closed for user root
Jun 24 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14867]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14937]: Successful su for rubyman by root
Jun 24 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14937]: + ??? root:rubyman
Jun 24 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586513 of user rubyman.
Jun 24 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14937]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586513.
Jun 24 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session closed for user root
Jun 24 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12195]: pam_unix(cron:session): session closed for user root
Jun 24 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13997]: pam_unix(cron:session): session closed for user root
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15301]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15365]: Successful su for rubyman by root
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15365]: + ??? root:rubyman
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586517 of user rubyman.
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15365]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586517.
Jun 24 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session closed for user root
Jun 24 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15302]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14386]: pam_unix(cron:session): session closed for user root
Jun 24 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: Failed password for root from 187.192.86.153 port 48838 ssh2
Jun 24 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: Received disconnect from 187.192.86.153 port 48838:11: Bye Bye [preauth]
Jun 24 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: Disconnected from 187.192.86.153 port 48838 [preauth]
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15697]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15761]: Successful su for rubyman by root
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15761]: + ??? root:rubyman
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586521 of user rubyman.
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15761]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586521.
Jun 24 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13185]: pam_unix(cron:session): session closed for user root
Jun 24 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14871]: pam_unix(cron:session): session closed for user root
Jun 24 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: Did not receive identification string from 89.21.67.156
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16079]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16138]: Successful su for rubyman by root
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16138]: + ??? root:rubyman
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586526 of user rubyman.
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16138]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586526.
Jun 24 22:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session closed for user root
Jun 24 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: Connection reset by 69.5.169.32 port 13534 [preauth]
Jun 24 22:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16080]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15304]: pam_unix(cron:session): session closed for user root
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16464]: pam_unix(cron:session): session closed for user p13x
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16532]: Successful su for rubyman by root
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16532]: + ??? root:rubyman
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586529 of user rubyman.
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16532]: pam_unix(su:session): session closed for user rubyman
Jun 24 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586529.
Jun 24 22:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13996]: pam_unix(cron:session): session closed for user root
Jun 24 22:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16465]: pam_unix(cron:session): session closed for user samftp
Jun 24 22:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 22:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Failed password for root from 187.192.86.153 port 36276 ssh2
Jun 24 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Received disconnect from 187.192.86.153 port 36276:11: Bye Bye [preauth]
Jun 24 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Disconnected from 187.192.86.153 port 36276 [preauth]
Jun 24 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session closed for user root
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16913]: pam_unix(cron:session): session closed for user root
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16908]: pam_unix(cron:session): session closed for user root
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16906]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: Successful su for rubyman by root
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: + ??? root:rubyman
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586534 of user rubyman.
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586534.
Jun 24 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16909]: pam_unix(cron:session): session closed for user root
Jun 24 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14385]: pam_unix(cron:session): session closed for user root
Jun 24 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16907]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16082]: pam_unix(cron:session): session closed for user root
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17479]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17542]: Successful su for rubyman by root
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17542]: + ??? root:rubyman
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586540 of user rubyman.
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17542]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586540.
Jun 24 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session closed for user root
Jun 24 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16467]: pam_unix(cron:session): session closed for user root
Jun 24 23:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 24 23:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Failed password for root from 187.192.86.153 port 59762 ssh2
Jun 24 23:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Received disconnect from 187.192.86.153 port 59762:11: Bye Bye [preauth]
Jun 24 23:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Disconnected from 187.192.86.153 port 59762 [preauth]
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17973]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18044]: Successful su for rubyman by root
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18044]: + ??? root:rubyman
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586545 of user rubyman.
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18044]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586545.
Jun 24 23:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session closed for user root
Jun 24 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17974]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 23:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Failed password for root from 38.93.206.2 port 25310 ssh2
Jun 24 23:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Connection closed by 38.93.206.2 port 25310 [preauth]
Jun 24 23:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16911]: pam_unix(cron:session): session closed for user root
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18554]: Successful su for rubyman by root
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18554]: + ??? root:rubyman
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586548 of user rubyman.
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18554]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586548.
Jun 24 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15699]: pam_unix(cron:session): session closed for user root
Jun 24 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18489]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session closed for user root
Jun 24 23:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 24 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Failed password for root from 103.27.238.120 port 36492 ssh2
Jun 24 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Connection closed by 103.27.238.120 port 36492 [preauth]
Jun 24 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18916]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18976]: Successful su for rubyman by root
Jun 24 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18976]: + ??? root:rubyman
Jun 24 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586552 of user rubyman.
Jun 24 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18976]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586552.
Jun 24 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16081]: pam_unix(cron:session): session closed for user root
Jun 24 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18917]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17976]: pam_unix(cron:session): session closed for user root
Jun 24 23:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 24 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Failed password for root from 103.172.78.219 port 33436 ssh2
Jun 24 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Connection closed by 103.172.78.219 port 33436 [preauth]
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19410]: pam_unix(cron:session): session closed for user root
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19405]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19479]: Successful su for rubyman by root
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19479]: + ??? root:rubyman
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586556 of user rubyman.
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19479]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586556.
Jun 24 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19407]: pam_unix(cron:session): session closed for user root
Jun 24 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16466]: pam_unix(cron:session): session closed for user root
Jun 24 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19406]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18491]: pam_unix(cron:session): session closed for user root
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20043]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20110]: Successful su for rubyman by root
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20110]: + ??? root:rubyman
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586562 of user rubyman.
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20110]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586562.
Jun 24 23:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16910]: pam_unix(cron:session): session closed for user root
Jun 24 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20044]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18919]: pam_unix(cron:session): session closed for user root
Jun 24 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20561]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20629]: Successful su for rubyman by root
Jun 24 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20629]: + ??? root:rubyman
Jun 24 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586567 of user rubyman.
Jun 24 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20629]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586567.
Jun 24 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17481]: pam_unix(cron:session): session closed for user root
Jun 24 23:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20562]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Invalid user allissa from 2.57.121.112
Jun 24 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: input_userauth_request: invalid user allissa [preauth]
Jun 24 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Failed password for invalid user allissa from 2.57.121.112 port 44740 ssh2
Jun 24 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19409]: pam_unix(cron:session): session closed for user root
Jun 24 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Failed password for invalid user allissa from 2.57.121.112 port 44740 ssh2
Jun 24 23:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Failed password for invalid user allissa from 2.57.121.112 port 44740 ssh2
Jun 24 23:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Failed password for invalid user allissa from 2.57.121.112 port 44740 ssh2
Jun 24 23:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Invalid user admin from 193.46.255.86
Jun 24 23:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: input_userauth_request: invalid user admin [preauth]
Jun 24 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Failed password for invalid user allissa from 2.57.121.112 port 44740 ssh2
Jun 24 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Connection closed by 2.57.121.112 port 44740 [preauth]
Jun 24 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 24 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 24 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Failed password for invalid user admin from 193.46.255.86 port 6142 ssh2
Jun 24 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Failed password for invalid user admin from 193.46.255.86 port 6142 ssh2
Jun 24 23:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Failed password for invalid user admin from 193.46.255.86 port 6142 ssh2
Jun 24 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Connection closed by 193.46.255.86 port 6142 [preauth]
Jun 24 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21052]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: Successful su for rubyman by root
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: + ??? root:rubyman
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586571 of user rubyman.
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586571.
Jun 24 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17975]: pam_unix(cron:session): session closed for user root
Jun 24 23:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20046]: pam_unix(cron:session): session closed for user root
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21462]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21599]: Successful su for rubyman by root
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21599]: + ??? root:rubyman
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586574 of user rubyman.
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21599]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586574.
Jun 24 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session closed for user root
Jun 24 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18490]: pam_unix(cron:session): session closed for user root
Jun 24 23:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21463]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20564]: pam_unix(cron:session): session closed for user root
Jun 24 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21996]: pam_unix(cron:session): session closed for user root
Jun 24 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21991]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22055]: Successful su for rubyman by root
Jun 24 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22055]: + ??? root:rubyman
Jun 24 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586582 of user rubyman.
Jun 24 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22055]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586582.
Jun 24 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21993]: pam_unix(cron:session): session closed for user root
Jun 24 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18918]: pam_unix(cron:session): session closed for user root
Jun 24 23:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21992]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session closed for user root
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22510]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22577]: Successful su for rubyman by root
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22577]: + ??? root:rubyman
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586586 of user rubyman.
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22577]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586586.
Jun 24 23:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19408]: pam_unix(cron:session): session closed for user root
Jun 24 23:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22511]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21465]: pam_unix(cron:session): session closed for user root
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22981]: Successful su for rubyman by root
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22981]: + ??? root:rubyman
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586590 of user rubyman.
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22981]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586590.
Jun 24 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session closed for user root
Jun 24 23:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22921]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21995]: pam_unix(cron:session): session closed for user root
Jun 24 23:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 24 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: Failed password for root from 103.149.28.157 port 42524 ssh2
Jun 24 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: Connection closed by 103.149.28.157 port 42524 [preauth]
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23341]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23405]: Successful su for rubyman by root
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23405]: + ??? root:rubyman
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586593 of user rubyman.
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23405]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586593.
Jun 24 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20563]: pam_unix(cron:session): session closed for user root
Jun 24 23:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23342]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session closed for user root
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23757]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23915]: Successful su for rubyman by root
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23915]: + ??? root:rubyman
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586597 of user rubyman.
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23915]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586597.
Jun 24 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session closed for user root
Jun 24 23:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23758]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22923]: pam_unix(cron:session): session closed for user root
Jun 24 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24272]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24275]: pam_unix(cron:session): session closed for user root
Jun 24 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24270]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24347]: Successful su for rubyman by root
Jun 24 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24347]: + ??? root:rubyman
Jun 24 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586603 of user rubyman.
Jun 24 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24347]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586603.
Jun 24 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24272]: pam_unix(cron:session): session closed for user root
Jun 24 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21464]: pam_unix(cron:session): session closed for user root
Jun 24 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24271]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 24 23:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: Failed password for root from 46.19.67.181 port 42934 ssh2
Jun 24 23:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: Connection closed by 46.19.67.181 port 42934 [preauth]
Jun 24 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23344]: pam_unix(cron:session): session closed for user root
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24727]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24799]: Successful su for rubyman by root
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24799]: + ??? root:rubyman
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586607 of user rubyman.
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24799]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586607.
Jun 24 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21994]: pam_unix(cron:session): session closed for user root
Jun 24 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23760]: pam_unix(cron:session): session closed for user root
Jun 24 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session closed for user root
Jun 24 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25134]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25205]: Successful su for rubyman by root
Jun 24 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25205]: + ??? root:rubyman
Jun 24 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586611 of user rubyman.
Jun 24 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25205]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586611.
Jun 24 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22512]: pam_unix(cron:session): session closed for user root
Jun 24 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25135]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24274]: pam_unix(cron:session): session closed for user root
Jun 24 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25590]: Successful su for rubyman by root
Jun 24 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25590]: + ??? root:rubyman
Jun 24 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586616 of user rubyman.
Jun 24 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25590]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586616.
Jun 24 23:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22922]: pam_unix(cron:session): session closed for user root
Jun 24 23:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25530]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24730]: pam_unix(cron:session): session closed for user root
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25974]: Successful su for rubyman by root
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25974]: + ??? root:rubyman
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586621 of user rubyman.
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25974]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586621.
Jun 24 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23343]: pam_unix(cron:session): session closed for user root
Jun 24 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25137]: pam_unix(cron:session): session closed for user root
Jun 24 23:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Invalid user gabriel from 141.98.83.240
Jun 24 23:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: input_userauth_request: invalid user gabriel [preauth]
Jun 24 23:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 23:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Failed password for invalid user gabriel from 141.98.83.240 port 33748 ssh2
Jun 24 23:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Failed password for invalid user gabriel from 141.98.83.240 port 33748 ssh2
Jun 24 23:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Failed password for invalid user gabriel from 141.98.83.240 port 33748 ssh2
Jun 24 23:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Connection closed by 141.98.83.240 port 33748 [preauth]
Jun 24 23:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26321]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26321]: pam_unix(cron:session): session closed for user root
Jun 24 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26316]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26385]: Successful su for rubyman by root
Jun 24 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26385]: + ??? root:rubyman
Jun 24 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586624 of user rubyman.
Jun 24 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26385]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586624.
Jun 24 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26318]: pam_unix(cron:session): session closed for user root
Jun 24 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23759]: pam_unix(cron:session): session closed for user root
Jun 24 23:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26317]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25532]: pam_unix(cron:session): session closed for user root
Jun 24 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26884]: Successful su for rubyman by root
Jun 24 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26884]: + ??? root:rubyman
Jun 24 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586631 of user rubyman.
Jun 24 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26884]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586631.
Jun 24 23:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24273]: pam_unix(cron:session): session closed for user root
Jun 24 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25917]: pam_unix(cron:session): session closed for user root
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27222]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27298]: Successful su for rubyman by root
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27298]: + ??? root:rubyman
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586635 of user rubyman.
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27298]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586635.
Jun 24 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24729]: pam_unix(cron:session): session closed for user root
Jun 24 23:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27223]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26320]: pam_unix(cron:session): session closed for user root
Jun 24 23:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: Invalid user admin from 2.57.121.25
Jun 24 23:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: input_userauth_request: invalid user admin [preauth]
Jun 24 23:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 23:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: Failed password for invalid user admin from 2.57.121.25 port 62606 ssh2
Jun 24 23:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: Failed password for invalid user admin from 2.57.121.25 port 62606 ssh2
Jun 24 23:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: Failed password for invalid user admin from 2.57.121.25 port 62606 ssh2
Jun 24 23:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: Connection closed by 2.57.121.25 port 62606 [preauth]
Jun 24 23:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27594]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27652]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27715]: Successful su for rubyman by root
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27715]: + ??? root:rubyman
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586638 of user rubyman.
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27715]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586638.
Jun 24 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25136]: pam_unix(cron:session): session closed for user root
Jun 24 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27654]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26824]: pam_unix(cron:session): session closed for user root
Jun 24 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28179]: Successful su for rubyman by root
Jun 24 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28179]: + ??? root:rubyman
Jun 24 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586642 of user rubyman.
Jun 24 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28179]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586642.
Jun 24 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25531]: pam_unix(cron:session): session closed for user root
Jun 24 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session closed for user root
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28511]: pam_unix(cron:session): session closed for user root
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28665]: Successful su for rubyman by root
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28665]: + ??? root:rubyman
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586649 of user rubyman.
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28665]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586649.
Jun 24 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28506]: pam_unix(cron:session): session closed for user root
Jun 24 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session closed for user root
Jun 24 23:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28505]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28901]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.65.193.159 port 45202
Jun 24 23:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28898]: Connection closed by 20.65.193.159 port 45196 [preauth]
Jun 24 23:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session closed for user root
Jun 24 23:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242  user=root
Jun 24 23:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: Failed password for root from 217.76.154.242 port 54364 ssh2
Jun 24 23:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: Connection closed by 217.76.154.242 port 54364 [preauth]
Jun 24 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29061]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29133]: Successful su for rubyman by root
Jun 24 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29133]: + ??? root:rubyman
Jun 24 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586654 of user rubyman.
Jun 24 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29133]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586654.
Jun 24 23:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26319]: pam_unix(cron:session): session closed for user root
Jun 24 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29062]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28114]: pam_unix(cron:session): session closed for user root
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29484]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29635]: Successful su for rubyman by root
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29635]: + ??? root:rubyman
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586657 of user rubyman.
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29635]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586657.
Jun 24 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26823]: pam_unix(cron:session): session closed for user root
Jun 24 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29485]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 24 23:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29890]: Failed password for root from 87.251.79.125 port 59192 ssh2
Jun 24 23:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29890]: Connection closed by 87.251.79.125 port 59192 [preauth]
Jun 24 23:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28508]: pam_unix(cron:session): session closed for user root
Jun 24 23:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 24 23:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: Failed password for root from 202.178.126.219 port 3637 ssh2
Jun 24 23:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: Connection closed by 202.178.126.219 port 3637 [preauth]
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: Successful su for rubyman by root
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: + ??? root:rubyman
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586662 of user rubyman.
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586662.
Jun 24 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session closed for user root
Jun 24 23:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30012]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 24 23:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Failed password for root from 147.45.211.215 port 51162 ssh2
Jun 24 23:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Connection closed by 147.45.211.215 port 51162 [preauth]
Jun 24 23:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29065]: pam_unix(cron:session): session closed for user root
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30423]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30497]: Successful su for rubyman by root
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30497]: + ??? root:rubyman
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586666 of user rubyman.
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30497]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586666.
Jun 24 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session closed for user root
Jun 24 23:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29487]: pam_unix(cron:session): session closed for user root
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session closed for user root
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: Successful su for rubyman by root
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: + ??? root:rubyman
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586668 of user rubyman.
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586668.
Jun 24 23:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session closed for user root
Jun 24 23:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session closed for user root
Jun 24 23:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 24 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30014]: pam_unix(cron:session): session closed for user root
Jun 24 23:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: Failed password for root from 103.15.222.183 port 46392 ssh2
Jun 24 23:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: Connection closed by 103.15.222.183 port 46392 [preauth]
Jun 24 23:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Connection closed by 194.59.206.2 port 29510 [preauth]
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31389]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: Successful su for rubyman by root
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: + ??? root:rubyman
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586674 of user rubyman.
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586674.
Jun 24 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28507]: pam_unix(cron:session): session closed for user root
Jun 24 23:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31390]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session closed for user root
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31961]: Successful su for rubyman by root
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31961]: + ??? root:rubyman
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586679 of user rubyman.
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31961]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586679.
Jun 24 23:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29064]: pam_unix(cron:session): session closed for user root
Jun 24 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 24 23:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: Failed password for root from 62.133.62.83 port 53490 ssh2
Jun 24 23:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: Connection closed by 62.133.62.83 port 53490 [preauth]
Jun 24 23:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 24 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: Failed password for root from 103.27.238.114 port 57236 ssh2
Jun 24 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: Connection closed by 103.27.238.114 port 57236 [preauth]
Jun 24 23:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session closed for user root
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32311]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: Successful su for rubyman by root
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: + ??? root:rubyman
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586682 of user rubyman.
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586682.
Jun 24 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29486]: pam_unix(cron:session): session closed for user root
Jun 24 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 24 23:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: Failed password for root from 77.94.47.83 port 34830 ssh2
Jun 24 23:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: Connection closed by 77.94.47.83 port 34830 [preauth]
Jun 24 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31392]: pam_unix(cron:session): session closed for user root
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32723]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[320]: Successful su for rubyman by root
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[320]: + ??? root:rubyman
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586688 of user rubyman.
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[320]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586688.
Jun 24 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30013]: pam_unix(cron:session): session closed for user root
Jun 24 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32724]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31893]: pam_unix(cron:session): session closed for user root
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[820]: pam_unix(cron:session): session closed for user root
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[815]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[892]: Successful su for rubyman by root
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[892]: + ??? root:rubyman
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586693 of user rubyman.
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[892]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586693.
Jun 24 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[817]: pam_unix(cron:session): session closed for user root
Jun 24 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session closed for user root
Jun 24 23:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[816]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32314]: pam_unix(cron:session): session closed for user root
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1303]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: Successful su for rubyman by root
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: + ??? root:rubyman
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586697 of user rubyman.
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586697.
Jun 24 23:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session closed for user root
Jun 24 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1305]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session closed for user root
Jun 24 23:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1806]: Did not receive identification string from 195.178.110.217
Jun 24 23:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 24 23:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Failed password for root from 147.45.199.80 port 41192 ssh2
Jun 24 23:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Connection closed by 147.45.199.80 port 41192 [preauth]
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1935]: Successful su for rubyman by root
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1935]: + ??? root:rubyman
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586702 of user rubyman.
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1935]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586702.
Jun 24 23:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31391]: pam_unix(cron:session): session closed for user root
Jun 24 23:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[819]: pam_unix(cron:session): session closed for user root
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2402]: Successful su for rubyman by root
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2402]: + ??? root:rubyman
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586705 of user rubyman.
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2402]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586705.
Jun 24 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session closed for user root
Jun 24 23:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2341]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1312]: pam_unix(cron:session): session closed for user root
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2766]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2887]: Successful su for rubyman by root
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2887]: + ??? root:rubyman
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586711 of user rubyman.
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2887]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586711.
Jun 24 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session closed for user root
Jun 24 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session closed for user root
Jun 24 23:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Invalid user tv from 107.150.105.153
Jun 24 23:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: input_userauth_request: invalid user tv [preauth]
Jun 24 23:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1858]: pam_unix(cron:session): session closed for user root
Jun 24 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Failed password for invalid user tv from 107.150.105.153 port 17322 ssh2
Jun 24 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Received disconnect from 107.150.105.153 port 17322:11: Bye Bye [preauth]
Jun 24 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Disconnected from 107.150.105.153 port 17322 [preauth]
Jun 24 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3252]: pam_unix(cron:session): session closed for user root
Jun 24 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3246]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3316]: Successful su for rubyman by root
Jun 24 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3316]: + ??? root:rubyman
Jun 24 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586714 of user rubyman.
Jun 24 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3316]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586714.
Jun 24 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3248]: pam_unix(cron:session): session closed for user root
Jun 24 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32725]: pam_unix(cron:session): session closed for user root
Jun 24 23:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3247]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2343]: pam_unix(cron:session): session closed for user root
Jun 24 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3680]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3843]: Successful su for rubyman by root
Jun 24 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3843]: + ??? root:rubyman
Jun 24 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586719 of user rubyman.
Jun 24 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3843]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586719.
Jun 24 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[818]: pam_unix(cron:session): session closed for user root
Jun 24 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3681]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 24 23:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Failed password for root from 193.37.70.224 port 55794 ssh2
Jun 24 23:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Connection closed by 193.37.70.224 port 55794 [preauth]
Jun 24 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127  user=root
Jun 24 23:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4192]: Failed password for root from 101.36.124.127 port 56950 ssh2
Jun 24 23:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4192]: Received disconnect from 101.36.124.127 port 56950:11: Bye Bye [preauth]
Jun 24 23:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4192]: Disconnected from 101.36.124.127 port 56950 [preauth]
Jun 24 23:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session closed for user root
Jun 24 23:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Invalid user sco from 107.150.105.153
Jun 24 23:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: input_userauth_request: invalid user sco [preauth]
Jun 24 23:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Failed password for invalid user sco from 107.150.105.153 port 15708 ssh2
Jun 24 23:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Received disconnect from 107.150.105.153 port 15708:11: Bye Bye [preauth]
Jun 24 23:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Disconnected from 107.150.105.153 port 15708 [preauth]
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4296]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4365]: Successful su for rubyman by root
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4365]: + ??? root:rubyman
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586723 of user rubyman.
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4365]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586723.
Jun 24 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1310]: pam_unix(cron:session): session closed for user root
Jun 24 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4297]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session closed for user root
Jun 24 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 24 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: Failed password for root from 103.82.20.28 port 44306 ssh2
Jun 24 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: Connection closed by 103.82.20.28 port 44306 [preauth]
Jun 24 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Failed password for root from 195.178.110.217 port 52608 ssh2
Jun 24 23:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Connection closed by 195.178.110.217 port 52608 [preauth]
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4705]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4836]: Successful su for rubyman by root
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4836]: + ??? root:rubyman
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586728 of user rubyman.
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4836]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586728.
Jun 24 23:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session closed for user root
Jun 24 23:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4706]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session closed for user root
Jun 24 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: Invalid user fiona from 107.150.105.153
Jun 24 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: input_userauth_request: invalid user fiona [preauth]
Jun 24 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: Failed password for invalid user fiona from 107.150.105.153 port 33436 ssh2
Jun 24 23:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: Received disconnect from 107.150.105.153 port 33436:11: Bye Bye [preauth]
Jun 24 23:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5142]: Disconnected from 107.150.105.153 port 33436 [preauth]
Jun 24 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5274]: Successful su for rubyman by root
Jun 24 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5274]: + ??? root:rubyman
Jun 24 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586731 of user rubyman.
Jun 24 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5274]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586731.
Jun 24 23:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2342]: pam_unix(cron:session): session closed for user root
Jun 24 23:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5211]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Did not receive identification string from 195.178.110.217
Jun 24 23:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Failed password for root from 195.178.110.217 port 55980 ssh2
Jun 24 23:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Connection closed by 195.178.110.217 port 55980 [preauth]
Jun 24 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4299]: pam_unix(cron:session): session closed for user root
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5622]: pam_unix(cron:session): session closed for user root
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: Successful su for rubyman by root
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: + ??? root:rubyman
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586737 of user rubyman.
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586737.
Jun 24 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session closed for user root
Jun 24 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2768]: pam_unix(cron:session): session closed for user root
Jun 24 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 24 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: Invalid user mailsrv from 107.150.105.153
Jun 24 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: input_userauth_request: invalid user mailsrv [preauth]
Jun 24 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: Failed password for root from 38.93.206.2 port 41086 ssh2
Jun 24 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5901]: Connection closed by 38.93.206.2 port 41086 [preauth]
Jun 24 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: Failed password for invalid user mailsrv from 107.150.105.153 port 20658 ssh2
Jun 24 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: Received disconnect from 107.150.105.153 port 20658:11: Bye Bye [preauth]
Jun 24 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: Disconnected from 107.150.105.153 port 20658 [preauth]
Jun 24 23:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191  user=root
Jun 24 23:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Failed password for root from 20.243.208.191 port 45462 ssh2
Jun 24 23:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Received disconnect from 20.243.208.191 port 45462:11: Bye Bye [preauth]
Jun 24 23:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Disconnected from 20.243.208.191 port 45462 [preauth]
Jun 24 23:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4708]: pam_unix(cron:session): session closed for user root
Jun 24 23:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 24 23:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: Failed password for root from 51.250.105.222 port 45002 ssh2
Jun 24 23:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: Connection closed by 51.250.105.222 port 45002 [preauth]
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6051]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: Successful su for rubyman by root
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: + ??? root:rubyman
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586743 of user rubyman.
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586743.
Jun 24 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session closed for user root
Jun 24 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6053]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: Did not receive identification string from 195.178.110.217
Jun 24 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6375]: Invalid user igor from 220.119.37.141
Jun 24 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6375]: input_userauth_request: invalid user igor [preauth]
Jun 24 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6375]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 24 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session closed for user root
Jun 24 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6375]: Failed password for invalid user igor from 220.119.37.141 port 52946 ssh2
Jun 24 23:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6375]: Received disconnect from 220.119.37.141 port 52946:11: Bye Bye [preauth]
Jun 24 23:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6375]: Disconnected from 220.119.37.141 port 52946 [preauth]
Jun 24 23:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Failed password for root from 195.178.110.217 port 59838 ssh2
Jun 24 23:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Connection closed by 195.178.110.217 port 59838 [preauth]
Jun 24 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Invalid user wwwstg from 107.150.105.153
Jun 24 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: input_userauth_request: invalid user wwwstg [preauth]
Jun 24 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Failed password for invalid user wwwstg from 107.150.105.153 port 46666 ssh2
Jun 24 23:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Received disconnect from 107.150.105.153 port 46666:11: Bye Bye [preauth]
Jun 24 23:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Disconnected from 107.150.105.153 port 46666 [preauth]
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6456]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6517]: Successful su for rubyman by root
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6517]: + ??? root:rubyman
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586746 of user rubyman.
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6517]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586746.
Jun 24 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session closed for user root
Jun 24 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6457]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session closed for user root
Jun 24 23:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: Failed password for root from 195.178.110.217 port 34070 ssh2
Jun 24 23:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: Connection closed by 195.178.110.217 port 34070 [preauth]
Jun 24 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6864]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6938]: Successful su for rubyman by root
Jun 24 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6938]: + ??? root:rubyman
Jun 24 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586749 of user rubyman.
Jun 24 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6938]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586749.
Jun 24 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4298]: pam_unix(cron:session): session closed for user root
Jun 24 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 24 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: Failed password for root from 194.113.233.25 port 58838 ssh2
Jun 24 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7216]: Connection closed by 194.113.233.25 port 58838 [preauth]
Jun 24 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Invalid user royal from 107.150.105.153
Jun 24 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: input_userauth_request: invalid user royal [preauth]
Jun 24 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Failed password for invalid user royal from 107.150.105.153 port 24474 ssh2
Jun 24 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Received disconnect from 107.150.105.153 port 24474:11: Bye Bye [preauth]
Jun 24 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Disconnected from 107.150.105.153 port 24474 [preauth]
Jun 24 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6055]: pam_unix(cron:session): session closed for user root
Jun 24 23:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7369]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7434]: Successful su for rubyman by root
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7434]: + ??? root:rubyman
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586753 of user rubyman.
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7434]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586753.
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: Failed password for root from 195.178.110.217 port 36138 ssh2
Jun 24 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: Connection closed by 195.178.110.217 port 36138 [preauth]
Jun 24 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4707]: pam_unix(cron:session): session closed for user root
Jun 24 23:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7370]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Invalid user git from 141.98.83.240
Jun 24 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: input_userauth_request: invalid user git [preauth]
Jun 24 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 23:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Failed password for invalid user git from 141.98.83.240 port 63112 ssh2
Jun 24 23:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Failed password for invalid user git from 141.98.83.240 port 63112 ssh2
Jun 24 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Failed password for invalid user git from 141.98.83.240 port 63112 ssh2
Jun 24 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: Connection closed by 141.98.83.240 port 63112 [preauth]
Jun 24 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7664]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 24 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 24 23:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: Failed password for root from 109.237.96.109 port 42626 ssh2
Jun 24 23:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: Connection closed by 109.237.96.109 port 42626 [preauth]
Jun 24 23:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6459]: pam_unix(cron:session): session closed for user root
Jun 24 23:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 24 23:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: Failed password for root from 103.27.238.116 port 56968 ssh2
Jun 24 23:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: Connection closed by 103.27.238.116 port 56968 [preauth]
Jun 24 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Invalid user xxzx from 107.150.105.153
Jun 24 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: input_userauth_request: invalid user xxzx [preauth]
Jun 24 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Failed password for invalid user xxzx from 107.150.105.153 port 28892 ssh2
Jun 24 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Received disconnect from 107.150.105.153 port 28892:11: Bye Bye [preauth]
Jun 24 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Disconnected from 107.150.105.153 port 28892 [preauth]
Jun 24 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7872]: pam_unix(cron:session): session closed for user root
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7867]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7932]: Successful su for rubyman by root
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7932]: + ??? root:rubyman
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586759 of user rubyman.
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7932]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586759.
Jun 24 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session closed for user root
Jun 24 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7869]: pam_unix(cron:session): session closed for user root
Jun 24 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7868]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: Failed password for root from 195.178.110.217 port 38154 ssh2
Jun 24 23:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8111]: Connection closed by 195.178.110.217 port 38154 [preauth]
Jun 24 23:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6868]: pam_unix(cron:session): session closed for user root
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8284]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8350]: Successful su for rubyman by root
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8350]: + ??? root:rubyman
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586763 of user rubyman.
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8350]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586763.
Jun 24 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5620]: pam_unix(cron:session): session closed for user root
Jun 24 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8285]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Failed password for root from 195.178.110.217 port 40136 ssh2
Jun 24 23:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Connection closed by 195.178.110.217 port 40136 [preauth]
Jun 24 23:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Invalid user tomer from 107.150.105.153
Jun 24 23:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: input_userauth_request: invalid user tomer [preauth]
Jun 24 23:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7372]: pam_unix(cron:session): session closed for user root
Jun 24 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Failed password for invalid user tomer from 107.150.105.153 port 29994 ssh2
Jun 24 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Received disconnect from 107.150.105.153 port 29994:11: Bye Bye [preauth]
Jun 24 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Disconnected from 107.150.105.153 port 29994 [preauth]
Jun 24 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8695]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8756]: Successful su for rubyman by root
Jun 24 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8756]: + ??? root:rubyman
Jun 24 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586769 of user rubyman.
Jun 24 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8756]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586769.
Jun 24 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6054]: pam_unix(cron:session): session closed for user root
Jun 24 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Invalid user userm from 101.36.124.127
Jun 24 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: input_userauth_request: invalid user userm [preauth]
Jun 24 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 24 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8696]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Failed password for invalid user userm from 101.36.124.127 port 34874 ssh2
Jun 24 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Received disconnect from 101.36.124.127 port 34874:11: Bye Bye [preauth]
Jun 24 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Disconnected from 101.36.124.127 port 34874 [preauth]
Jun 24 23:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: Failed password for root from 195.178.110.217 port 42134 ssh2
Jun 24 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: Connection closed by 195.178.110.217 port 42134 [preauth]
Jun 24 23:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7871]: pam_unix(cron:session): session closed for user root
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9096]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9155]: Successful su for rubyman by root
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9155]: + ??? root:rubyman
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586771 of user rubyman.
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9155]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586771.
Jun 24 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6458]: pam_unix(cron:session): session closed for user root
Jun 24 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Invalid user chip from 107.150.105.153
Jun 24 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: input_userauth_request: invalid user chip [preauth]
Jun 24 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9097]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Failed password for invalid user chip from 107.150.105.153 port 49056 ssh2
Jun 24 23:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Received disconnect from 107.150.105.153 port 49056:11: Bye Bye [preauth]
Jun 24 23:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Disconnected from 107.150.105.153 port 49056 [preauth]
Jun 24 23:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: Failed password for root from 195.178.110.217 port 44102 ssh2
Jun 24 23:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: Connection closed by 195.178.110.217 port 44102 [preauth]
Jun 24 23:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: Invalid user abdullah from 220.119.37.141
Jun 24 23:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: input_userauth_request: invalid user abdullah [preauth]
Jun 24 23:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 24 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8287]: pam_unix(cron:session): session closed for user root
Jun 24 23:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: Failed password for invalid user abdullah from 220.119.37.141 port 59680 ssh2
Jun 24 23:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: Received disconnect from 220.119.37.141 port 59680:11: Bye Bye [preauth]
Jun 24 23:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: Disconnected from 220.119.37.141 port 59680 [preauth]
Jun 24 23:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 24 23:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: Failed password for root from 103.122.221.179 port 53180 ssh2
Jun 24 23:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: Connection closed by 103.122.221.179 port 53180 [preauth]
Jun 24 23:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Invalid user ubuntu from 20.243.208.191
Jun 24 23:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: input_userauth_request: invalid user ubuntu [preauth]
Jun 24 23:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 24 23:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Failed password for invalid user ubuntu from 20.243.208.191 port 50246 ssh2
Jun 24 23:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Received disconnect from 20.243.208.191 port 50246:11: Bye Bye [preauth]
Jun 24 23:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Disconnected from 20.243.208.191 port 50246 [preauth]
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9489]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9547]: Successful su for rubyman by root
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9547]: + ??? root:rubyman
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586775 of user rubyman.
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9547]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586775.
Jun 24 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session closed for user root
Jun 24 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9772]: Failed password for root from 195.178.110.217 port 46110 ssh2
Jun 24 23:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9772]: Connection closed by 195.178.110.217 port 46110 [preauth]
Jun 24 23:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9798]: Invalid user m1 from 101.36.124.127
Jun 24 23:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9798]: input_userauth_request: invalid user m1 [preauth]
Jun 24 23:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9798]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 24 23:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9798]: Failed password for invalid user m1 from 101.36.124.127 port 50670 ssh2
Jun 24 23:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9798]: Received disconnect from 101.36.124.127 port 50670:11: Bye Bye [preauth]
Jun 24 23:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9798]: Disconnected from 101.36.124.127 port 50670 [preauth]
Jun 24 23:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8698]: pam_unix(cron:session): session closed for user root
Jun 24 23:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 24 23:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9829]: Failed password for root from 103.82.132.16 port 40756 ssh2
Jun 24 23:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9829]: Connection closed by 103.82.132.16 port 40756 [preauth]
Jun 24 23:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Invalid user mu from 107.150.105.153
Jun 24 23:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: input_userauth_request: invalid user mu [preauth]
Jun 24 23:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Failed password for invalid user mu from 107.150.105.153 port 61260 ssh2
Jun 24 23:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Received disconnect from 107.150.105.153 port 61260:11: Bye Bye [preauth]
Jun 24 23:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Disconnected from 107.150.105.153 port 61260 [preauth]
Jun 24 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10076]: pam_unix(cron:session): session closed for user root
Jun 24 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10071]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10144]: Successful su for rubyman by root
Jun 24 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10144]: + ??? root:rubyman
Jun 24 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586783 of user rubyman.
Jun 24 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10144]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586783.
Jun 24 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10073]: pam_unix(cron:session): session closed for user root
Jun 24 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7371]: pam_unix(cron:session): session closed for user root
Jun 24 23:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10072]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Failed password for root from 195.178.110.217 port 48116 ssh2
Jun 24 23:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Connection closed by 195.178.110.217 port 48116 [preauth]
Jun 24 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session closed for user root
Jun 24 23:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Invalid user testftp from 220.119.37.141
Jun 24 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: input_userauth_request: invalid user testftp [preauth]
Jun 24 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 24 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Invalid user test from 20.243.208.191
Jun 24 23:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: input_userauth_request: invalid user test [preauth]
Jun 24 23:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 24 23:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Failed password for invalid user testftp from 220.119.37.141 port 41368 ssh2
Jun 24 23:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Received disconnect from 220.119.37.141 port 41368:11: Bye Bye [preauth]
Jun 24 23:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Disconnected from 220.119.37.141 port 41368 [preauth]
Jun 24 23:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Failed password for invalid user test from 20.243.208.191 port 33416 ssh2
Jun 24 23:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Received disconnect from 20.243.208.191 port 33416:11: Bye Bye [preauth]
Jun 24 23:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Disconnected from 20.243.208.191 port 33416 [preauth]
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10604]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10677]: Successful su for rubyman by root
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10677]: + ??? root:rubyman
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586786 of user rubyman.
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10677]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586786.
Jun 24 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7870]: pam_unix(cron:session): session closed for user root
Jun 24 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10605]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Failed password for root from 195.178.110.217 port 50138 ssh2
Jun 24 23:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Connection closed by 195.178.110.217 port 50138 [preauth]
Jun 24 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: Invalid user coupon from 107.150.105.153
Jun 24 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: input_userauth_request: invalid user coupon [preauth]
Jun 24 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session closed for user root
Jun 24 23:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: Failed password for invalid user coupon from 107.150.105.153 port 16762 ssh2
Jun 24 23:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: Received disconnect from 107.150.105.153 port 16762:11: Bye Bye [preauth]
Jun 24 23:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: Disconnected from 107.150.105.153 port 16762 [preauth]
Jun 24 23:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: Invalid user teamspeak from 101.36.124.127
Jun 24 23:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: input_userauth_request: invalid user teamspeak [preauth]
Jun 24 23:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 24 23:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: Failed password for invalid user teamspeak from 101.36.124.127 port 57038 ssh2
Jun 24 23:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: Received disconnect from 101.36.124.127 port 57038:11: Bye Bye [preauth]
Jun 24 23:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: Disconnected from 101.36.124.127 port 57038 [preauth]
Jun 24 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11036]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Invalid user tom from 118.196.51.94
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: input_userauth_request: invalid user tom [preauth]
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.196.51.94
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11102]: Successful su for rubyman by root
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11102]: + ??? root:rubyman
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586790 of user rubyman.
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11102]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586790.
Jun 24 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Failed password for invalid user tom from 118.196.51.94 port 58162 ssh2
Jun 24 23:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Received disconnect from 118.196.51.94 port 58162:11: Bye Bye [preauth]
Jun 24 23:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Disconnected from 118.196.51.94 port 58162 [preauth]
Jun 24 23:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8286]: pam_unix(cron:session): session closed for user root
Jun 24 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11037]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Failed password for root from 195.178.110.217 port 52138 ssh2
Jun 24 23:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Connection closed by 195.178.110.217 port 52138 [preauth]
Jun 24 23:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10075]: pam_unix(cron:session): session closed for user root
Jun 24 23:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Invalid user userm from 20.243.208.191
Jun 24 23:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: input_userauth_request: invalid user userm [preauth]
Jun 24 23:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 24 23:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Failed password for invalid user userm from 20.243.208.191 port 34638 ssh2
Jun 24 23:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Received disconnect from 20.243.208.191 port 34638:11: Bye Bye [preauth]
Jun 24 23:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Disconnected from 20.243.208.191 port 34638 [preauth]
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11465]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11532]: Successful su for rubyman by root
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11532]: + ??? root:rubyman
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586793 of user rubyman.
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11532]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586793.
Jun 24 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8697]: pam_unix(cron:session): session closed for user root
Jun 24 23:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11466]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: Invalid user nse from 107.150.105.153
Jun 24 23:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: input_userauth_request: invalid user nse [preauth]
Jun 24 23:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: Failed password for invalid user nse from 107.150.105.153 port 26232 ssh2
Jun 24 23:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: Received disconnect from 107.150.105.153 port 26232:11: Bye Bye [preauth]
Jun 24 23:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: Disconnected from 107.150.105.153 port 26232 [preauth]
Jun 24 23:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141  user=root
Jun 24 23:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: Failed password for root from 220.119.37.141 port 51258 ssh2
Jun 24 23:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: Received disconnect from 220.119.37.141 port 51258:11: Bye Bye [preauth]
Jun 24 23:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: Disconnected from 220.119.37.141 port 51258 [preauth]
Jun 24 23:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10607]: pam_unix(cron:session): session closed for user root
Jun 24 23:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11812]: Failed password for root from 195.178.110.217 port 54156 ssh2
Jun 24 23:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11812]: Connection closed by 195.178.110.217 port 54156 [preauth]
Jun 24 23:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Invalid user nmr from 118.196.51.94
Jun 24 23:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: input_userauth_request: invalid user nmr [preauth]
Jun 24 23:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.196.51.94
Jun 24 23:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Failed password for invalid user nmr from 118.196.51.94 port 38372 ssh2
Jun 24 23:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Received disconnect from 118.196.51.94 port 38372:11: Bye Bye [preauth]
Jun 24 23:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Disconnected from 118.196.51.94 port 38372 [preauth]
Jun 24 23:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127  user=root
Jun 24 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 24 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 24 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 24 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11912]: pam_unix(cron:session): session closed for user p13x
Jun 24 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11999]: Successful su for rubyman by root
Jun 24 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11999]: + ??? root:rubyman
Jun 24 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 24 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586797 of user rubyman.
Jun 24 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11999]: pam_unix(su:session): session closed for user rubyman
Jun 24 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586797.
Jun 24 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11908]: Failed password for root from 101.36.124.127 port 35736 ssh2
Jun 24 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11908]: Received disconnect from 101.36.124.127 port 35736:11: Bye Bye [preauth]
Jun 24 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11908]: Disconnected from 101.36.124.127 port 35736 [preauth]
Jun 24 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session closed for user root
Jun 24 23:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11913]: pam_unix(cron:session): session closed for user samftp
Jun 24 23:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 24 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11039]: pam_unix(cron:session): session closed for user root
Jun 24 23:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Failed password for root from 195.178.110.217 port 56168 ssh2
Jun 24 23:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Connection closed by 195.178.110.217 port 56168 [preauth]
Jun 24 23:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: Invalid user e4 from 107.150.105.153
Jun 24 23:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: input_userauth_request: invalid user e4 [preauth]
Jun 24 23:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.105.153
Jun 24 23:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: Failed password for invalid user e4 from 107.150.105.153 port 48054 ssh2
Jun 24 23:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: Received disconnect from 107.150.105.153 port 48054:11: Bye Bye [preauth]
Jun 24 23:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: Disconnected from 107.150.105.153 port 48054 [preauth]
Jun 24 23:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 24 23:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Invalid user anil from 20.243.208.191
Jun 24 23:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: input_userauth_request: invalid user anil [preauth]
Jun 24 23:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: pam_unix(sshd:auth): check pass; user unknown
Jun 24 23:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 24 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Failed password for invalid user anil from 20.243.208.191 port 47046 ssh2
Jun 24 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Received disconnect from 20.243.208.191 port 47046:11: Bye Bye [preauth]
Jun 24 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Disconnected from 20.243.208.191 port 47046 [preauth]
Jun 25 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12466]: pam_unix(cron:session): session closed for user root
Jun 25 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12461]: pam_unix(cron:session): session closed for user root
Jun 25 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12459]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12549]: Successful su for rubyman by root
Jun 25 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12549]: + ??? root:rubyman
Jun 25 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586801 of user rubyman.
Jun 25 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12549]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586801.
Jun 25 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12463]: pam_unix(cron:session): session closed for user root
Jun 25 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9491]: pam_unix(cron:session): session closed for user root
Jun 25 00:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12460]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session closed for user root
Jun 25 00:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Failed password for root from 195.178.110.217 port 58194 ssh2
Jun 25 00:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Connection closed by 195.178.110.217 port 58194 [preauth]
Jun 25 00:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141  user=root
Jun 25 00:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: Failed password for root from 220.119.37.141 port 32968 ssh2
Jun 25 00:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: Received disconnect from 220.119.37.141 port 32968:11: Bye Bye [preauth]
Jun 25 00:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: Disconnected from 220.119.37.141 port 32968 [preauth]
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session closed for user root
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12973]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13053]: Successful su for rubyman by root
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13053]: + ??? root:rubyman
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586808 of user rubyman.
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13053]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586808.
Jun 25 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10074]: pam_unix(cron:session): session closed for user root
Jun 25 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12974]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Invalid user jenkins from 101.36.124.127
Jun 25 00:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 00:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Failed password for invalid user jenkins from 101.36.124.127 port 33474 ssh2
Jun 25 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Received disconnect from 101.36.124.127 port 33474:11: Bye Bye [preauth]
Jun 25 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Disconnected from 101.36.124.127 port 33474 [preauth]
Jun 25 00:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session closed for user root
Jun 25 00:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Failed password for root from 195.178.110.217 port 60214 ssh2
Jun 25 00:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Connection closed by 195.178.110.217 port 60214 [preauth]
Jun 25 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13462]: Successful su for rubyman by root
Jun 25 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13462]: + ??? root:rubyman
Jun 25 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586816 of user rubyman.
Jun 25 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13462]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586816.
Jun 25 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191  user=root
Jun 25 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10606]: pam_unix(cron:session): session closed for user root
Jun 25 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Failed password for root from 20.243.208.191 port 58760 ssh2
Jun 25 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Received disconnect from 20.243.208.191 port 58760:11: Bye Bye [preauth]
Jun 25 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Disconnected from 20.243.208.191 port 58760 [preauth]
Jun 25 00:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13405]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12465]: pam_unix(cron:session): session closed for user root
Jun 25 00:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: Failed password for root from 195.178.110.217 port 33956 ssh2
Jun 25 00:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: Connection closed by 195.178.110.217 port 33956 [preauth]
Jun 25 00:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141  user=root
Jun 25 00:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: Failed password for root from 220.119.37.141 port 42880 ssh2
Jun 25 00:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: Received disconnect from 220.119.37.141 port 42880:11: Bye Bye [preauth]
Jun 25 00:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: Disconnected from 220.119.37.141 port 42880 [preauth]
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13808]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13869]: Successful su for rubyman by root
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13869]: + ??? root:rubyman
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586817 of user rubyman.
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13869]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586817.
Jun 25 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11038]: pam_unix(cron:session): session closed for user root
Jun 25 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13809]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Invalid user allen from 101.36.124.127
Jun 25 00:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: input_userauth_request: invalid user allen [preauth]
Jun 25 00:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Failed password for invalid user allen from 101.36.124.127 port 48254 ssh2
Jun 25 00:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Received disconnect from 101.36.124.127 port 48254:11: Bye Bye [preauth]
Jun 25 00:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Disconnected from 101.36.124.127 port 48254 [preauth]
Jun 25 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12976]: pam_unix(cron:session): session closed for user root
Jun 25 00:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Invalid user service from 193.46.255.86
Jun 25 00:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: input_userauth_request: invalid user service [preauth]
Jun 25 00:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 00:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Failed password for invalid user service from 193.46.255.86 port 33678 ssh2
Jun 25 00:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Failed password for invalid user service from 193.46.255.86 port 33678 ssh2
Jun 25 00:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Failed password for invalid user service from 193.46.255.86 port 33678 ssh2
Jun 25 00:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Connection closed by 193.46.255.86 port 33678 [preauth]
Jun 25 00:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 00:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14187]: Failed password for root from 195.178.110.217 port 35910 ssh2
Jun 25 00:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14187]: Connection closed by 195.178.110.217 port 35910 [preauth]
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14206]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14270]: Successful su for rubyman by root
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14270]: + ??? root:rubyman
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586821 of user rubyman.
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14270]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586821.
Jun 25 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session closed for user root
Jun 25 00:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14207]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: Invalid user cw from 20.243.208.191
Jun 25 00:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: input_userauth_request: invalid user cw [preauth]
Jun 25 00:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: Failed password for invalid user cw from 20.243.208.191 port 58738 ssh2
Jun 25 00:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: Received disconnect from 20.243.208.191 port 58738:11: Bye Bye [preauth]
Jun 25 00:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: Disconnected from 20.243.208.191 port 58738 [preauth]
Jun 25 00:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session closed for user root
Jun 25 00:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: Failed password for root from 195.178.110.217 port 37878 ssh2
Jun 25 00:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: Connection closed by 195.178.110.217 port 37878 [preauth]
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14610]: pam_unix(cron:session): session closed for user root
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14723]: Successful su for rubyman by root
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14723]: + ??? root:rubyman
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586829 of user rubyman.
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14723]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586829.
Jun 25 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session closed for user root
Jun 25 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session closed for user root
Jun 25 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: Invalid user admin2 from 220.119.37.141
Jun 25 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: Failed password for invalid user admin2 from 220.119.37.141 port 52804 ssh2
Jun 25 00:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: Received disconnect from 220.119.37.141 port 52804:11: Bye Bye [preauth]
Jun 25 00:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: Disconnected from 220.119.37.141 port 52804 [preauth]
Jun 25 00:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 00:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Failed password for root from 103.153.68.219 port 51114 ssh2
Jun 25 00:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Connection closed by 103.153.68.219 port 51114 [preauth]
Jun 25 00:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session closed for user root
Jun 25 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Invalid user zn from 101.36.124.127
Jun 25 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: input_userauth_request: invalid user zn [preauth]
Jun 25 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Failed password for invalid user zn from 101.36.124.127 port 33318 ssh2
Jun 25 00:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Received disconnect from 101.36.124.127 port 33318:11: Bye Bye [preauth]
Jun 25 00:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Disconnected from 101.36.124.127 port 33318 [preauth]
Jun 25 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 25 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:35.233.19.108
Jun 25 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15131]: Failed password for root from 195.178.110.217 port 39820 ssh2
Jun 25 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15131]: Connection closed by 195.178.110.217 port 39820 [preauth]
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15148]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15217]: Successful su for rubyman by root
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15217]: + ??? root:rubyman
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586832 of user rubyman.
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15217]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586832.
Jun 25 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12464]: pam_unix(cron:session): session closed for user root
Jun 25 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15404]: Connection reset by 45.148.10.141 port 48500 [preauth]
Jun 25 00:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: Invalid user jenkins from 20.243.208.191
Jun 25 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: Failed password for invalid user jenkins from 20.243.208.191 port 46568 ssh2
Jun 25 00:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: Received disconnect from 20.243.208.191 port 46568:11: Bye Bye [preauth]
Jun 25 00:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: Disconnected from 20.243.208.191 port 46568 [preauth]
Jun 25 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14209]: pam_unix(cron:session): session closed for user root
Jun 25 00:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Failed password for root from 195.178.110.217 port 41754 ssh2
Jun 25 00:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Connection closed by 195.178.110.217 port 41754 [preauth]
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15541]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: Successful su for rubyman by root
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: + ??? root:rubyman
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586835 of user rubyman.
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586835.
Jun 25 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session closed for user root
Jun 25 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15542]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 00:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Failed password for root from 103.77.242.62 port 52096 ssh2
Jun 25 00:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Connection closed by 103.77.242.62 port 52096 [preauth]
Jun 25 00:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141  user=root
Jun 25 00:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Failed password for root from 220.119.37.141 port 34468 ssh2
Jun 25 00:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Received disconnect from 220.119.37.141 port 34468:11: Bye Bye [preauth]
Jun 25 00:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Disconnected from 220.119.37.141 port 34468 [preauth]
Jun 25 00:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 00:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: Failed password for root from 80.66.85.226 port 54254 ssh2
Jun 25 00:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: Connection closed by 80.66.85.226 port 54254 [preauth]
Jun 25 00:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session closed for user root
Jun 25 00:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: Invalid user anil from 101.36.124.127
Jun 25 00:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: input_userauth_request: invalid user anil [preauth]
Jun 25 00:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: Failed password for invalid user anil from 101.36.124.127 port 44186 ssh2
Jun 25 00:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: Received disconnect from 101.36.124.127 port 44186:11: Bye Bye [preauth]
Jun 25 00:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: Disconnected from 101.36.124.127 port 44186 [preauth]
Jun 25 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Failed password for root from 195.178.110.217 port 43680 ssh2
Jun 25 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Connection closed by 195.178.110.217 port 43680 [preauth]
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16005]: Successful su for rubyman by root
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16005]: + ??? root:rubyman
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586841 of user rubyman.
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16005]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586841.
Jun 25 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13406]: pam_unix(cron:session): session closed for user root
Jun 25 00:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191  user=root
Jun 25 00:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Failed password for root from 20.243.208.191 port 48412 ssh2
Jun 25 00:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Received disconnect from 20.243.208.191 port 48412:11: Bye Bye [preauth]
Jun 25 00:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Disconnected from 20.243.208.191 port 48412 [preauth]
Jun 25 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15151]: pam_unix(cron:session): session closed for user root
Jun 25 00:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: Failed password for root from 195.178.110.217 port 45602 ssh2
Jun 25 00:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: Connection closed by 195.178.110.217 port 45602 [preauth]
Jun 25 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16332]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16451]: Successful su for rubyman by root
Jun 25 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16451]: + ??? root:rubyman
Jun 25 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586845 of user rubyman.
Jun 25 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16451]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586845.
Jun 25 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16330]: pam_unix(cron:session): session closed for user root
Jun 25 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session closed for user root
Jun 25 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16333]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15544]: pam_unix(cron:session): session closed for user root
Jun 25 00:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Invalid user mas from 220.119.37.141
Jun 25 00:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: input_userauth_request: invalid user mas [preauth]
Jun 25 00:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Failed password for invalid user mas from 220.119.37.141 port 44396 ssh2
Jun 25 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Received disconnect from 220.119.37.141 port 44396:11: Bye Bye [preauth]
Jun 25 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16765]: Disconnected from 220.119.37.141 port 44396 [preauth]
Jun 25 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Failed password for root from 195.178.110.217 port 47530 ssh2
Jun 25 00:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Connection closed by 195.178.110.217 port 47530 [preauth]
Jun 25 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16829]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16829]: pam_unix(cron:session): session closed for user root
Jun 25 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16824]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16958]: Successful su for rubyman by root
Jun 25 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16958]: + ??? root:rubyman
Jun 25 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586849 of user rubyman.
Jun 25 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16958]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586849.
Jun 25 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16826]: pam_unix(cron:session): session closed for user root
Jun 25 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14208]: pam_unix(cron:session): session closed for user root
Jun 25 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16825]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127  user=root
Jun 25 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Failed password for root from 101.36.124.127 port 60774 ssh2
Jun 25 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Received disconnect from 101.36.124.127 port 60774:11: Bye Bye [preauth]
Jun 25 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Disconnected from 101.36.124.127 port 60774 [preauth]
Jun 25 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191  user=root
Jun 25 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Failed password for root from 20.243.208.191 port 33550 ssh2
Jun 25 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Received disconnect from 20.243.208.191 port 33550:11: Bye Bye [preauth]
Jun 25 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Disconnected from 20.243.208.191 port 33550 [preauth]
Jun 25 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15950]: pam_unix(cron:session): session closed for user root
Jun 25 00:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Failed password for root from 195.178.110.217 port 49484 ssh2
Jun 25 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Connection closed by 195.178.110.217 port 49484 [preauth]
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17355]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17432]: Successful su for rubyman by root
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17432]: + ??? root:rubyman
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586855 of user rubyman.
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17432]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586855.
Jun 25 00:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14606]: pam_unix(cron:session): session closed for user root
Jun 25 00:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17356]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16335]: pam_unix(cron:session): session closed for user root
Jun 25 00:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 25 00:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:35.233.19.108
Jun 25 00:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17834]: Failed password for root from 195.178.110.217 port 51410 ssh2
Jun 25 00:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17834]: Connection closed by 195.178.110.217 port 51410 [preauth]
Jun 25 00:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141  user=root
Jun 25 00:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17872]: Failed password for root from 220.119.37.141 port 54308 ssh2
Jun 25 00:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17872]: Received disconnect from 220.119.37.141 port 54308:11: Bye Bye [preauth]
Jun 25 00:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17872]: Disconnected from 220.119.37.141 port 54308 [preauth]
Jun 25 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17883]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17950]: Successful su for rubyman by root
Jun 25 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17950]: + ??? root:rubyman
Jun 25 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586858 of user rubyman.
Jun 25 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17950]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586858.
Jun 25 00:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15150]: pam_unix(cron:session): session closed for user root
Jun 25 00:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17887]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16828]: pam_unix(cron:session): session closed for user root
Jun 25 00:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Invalid user sss from 20.243.208.191
Jun 25 00:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: input_userauth_request: invalid user sss [preauth]
Jun 25 00:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Failed password for invalid user sss from 20.243.208.191 port 46338 ssh2
Jun 25 00:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Received disconnect from 20.243.208.191 port 46338:11: Bye Bye [preauth]
Jun 25 00:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Disconnected from 20.243.208.191 port 46338 [preauth]
Jun 25 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Invalid user deployer from 101.36.124.127
Jun 25 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: input_userauth_request: invalid user deployer [preauth]
Jun 25 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Failed password for invalid user deployer from 101.36.124.127 port 43760 ssh2
Jun 25 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Received disconnect from 101.36.124.127 port 43760:11: Bye Bye [preauth]
Jun 25 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Disconnected from 101.36.124.127 port 43760 [preauth]
Jun 25 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: Failed password for root from 195.178.110.217 port 53364 ssh2
Jun 25 00:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: Connection closed by 195.178.110.217 port 53364 [preauth]
Jun 25 00:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 00:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Failed password for root from 202.178.126.219 port 28507 ssh2
Jun 25 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Connection closed by 202.178.126.219 port 28507 [preauth]
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18317]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18396]: Successful su for rubyman by root
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18396]: + ??? root:rubyman
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586862 of user rubyman.
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18396]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586862.
Jun 25 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15543]: pam_unix(cron:session): session closed for user root
Jun 25 00:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18319]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17359]: pam_unix(cron:session): session closed for user root
Jun 25 00:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: Failed password for root from 195.178.110.217 port 55294 ssh2
Jun 25 00:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: Connection closed by 195.178.110.217 port 55294 [preauth]
Jun 25 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18818]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18896]: Successful su for rubyman by root
Jun 25 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18896]: + ??? root:rubyman
Jun 25 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586868 of user rubyman.
Jun 25 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18896]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586868.
Jun 25 00:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15949]: pam_unix(cron:session): session closed for user root
Jun 25 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18820]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19098]: Invalid user media from 220.119.37.141
Jun 25 00:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19098]: input_userauth_request: invalid user media [preauth]
Jun 25 00:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19098]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19098]: Failed password for invalid user media from 220.119.37.141 port 35992 ssh2
Jun 25 00:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19098]: Received disconnect from 220.119.37.141 port 35992:11: Bye Bye [preauth]
Jun 25 00:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19098]: Disconnected from 220.119.37.141 port 35992 [preauth]
Jun 25 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17889]: pam_unix(cron:session): session closed for user root
Jun 25 00:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19296]: Failed password for root from 195.178.110.217 port 57194 ssh2
Jun 25 00:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19296]: Connection closed by 195.178.110.217 port 57194 [preauth]
Jun 25 00:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Invalid user milad from 20.243.208.191
Jun 25 00:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: input_userauth_request: invalid user milad [preauth]
Jun 25 00:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Failed password for invalid user milad from 20.243.208.191 port 43694 ssh2
Jun 25 00:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Received disconnect from 20.243.208.191 port 43694:11: Bye Bye [preauth]
Jun 25 00:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Disconnected from 20.243.208.191 port 43694 [preauth]
Jun 25 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19332]: pam_unix(cron:session): session closed for user root
Jun 25 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19327]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19399]: Successful su for rubyman by root
Jun 25 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19399]: + ??? root:rubyman
Jun 25 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586875 of user rubyman.
Jun 25 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19399]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586875.
Jun 25 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19329]: pam_unix(cron:session): session closed for user root
Jun 25 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16334]: pam_unix(cron:session): session closed for user root
Jun 25 00:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19328]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127  user=root
Jun 25 00:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: Failed password for root from 101.36.124.127 port 52996 ssh2
Jun 25 00:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: Received disconnect from 101.36.124.127 port 52996:11: Bye Bye [preauth]
Jun 25 00:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: Disconnected from 101.36.124.127 port 52996 [preauth]
Jun 25 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session closed for user root
Jun 25 00:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Failed password for root from 195.178.110.217 port 59098 ssh2
Jun 25 00:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Connection closed by 195.178.110.217 port 59098 [preauth]
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19975]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20041]: Successful su for rubyman by root
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20041]: + ??? root:rubyman
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586877 of user rubyman.
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20041]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586877.
Jun 25 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session closed for user root
Jun 25 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19977]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141  user=root
Jun 25 00:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Failed password for root from 220.119.37.141 port 45904 ssh2
Jun 25 00:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Received disconnect from 220.119.37.141 port 45904:11: Bye Bye [preauth]
Jun 25 00:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Disconnected from 220.119.37.141 port 45904 [preauth]
Jun 25 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session closed for user root
Jun 25 00:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 00:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: Failed password for root from 103.176.20.57 port 34158 ssh2
Jun 25 00:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: Connection closed by 103.176.20.57 port 34158 [preauth]
Jun 25 00:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20470]: Failed password for root from 195.178.110.217 port 32796 ssh2
Jun 25 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20470]: Connection closed by 195.178.110.217 port 32796 [preauth]
Jun 25 00:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Invalid user username from 20.243.208.191
Jun 25 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: input_userauth_request: invalid user username [preauth]
Jun 25 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Failed password for invalid user username from 20.243.208.191 port 47204 ssh2
Jun 25 00:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Received disconnect from 20.243.208.191 port 47204:11: Bye Bye [preauth]
Jun 25 00:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Disconnected from 20.243.208.191 port 47204 [preauth]
Jun 25 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20490]: pam_unix(cron:session): session closed for user root
Jun 25 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20492]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20560]: Successful su for rubyman by root
Jun 25 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20560]: + ??? root:rubyman
Jun 25 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586881 of user rubyman.
Jun 25 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20560]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586881.
Jun 25 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17358]: pam_unix(cron:session): session closed for user root
Jun 25 00:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20493]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20904]: Invalid user administrator from 101.36.124.127
Jun 25 00:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20904]: input_userauth_request: invalid user administrator [preauth]
Jun 25 00:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20904]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20904]: Failed password for invalid user administrator from 101.36.124.127 port 40760 ssh2
Jun 25 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20904]: Received disconnect from 101.36.124.127 port 40760:11: Bye Bye [preauth]
Jun 25 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20904]: Disconnected from 101.36.124.127 port 40760 [preauth]
Jun 25 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19331]: pam_unix(cron:session): session closed for user root
Jun 25 00:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Failed password for root from 195.178.110.217 port 34730 ssh2
Jun 25 00:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Connection closed by 195.178.110.217 port 34730 [preauth]
Jun 25 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20992]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21055]: Successful su for rubyman by root
Jun 25 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21055]: + ??? root:rubyman
Jun 25 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586885 of user rubyman.
Jun 25 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21055]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586885.
Jun 25 00:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session closed for user root
Jun 25 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20993]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19979]: pam_unix(cron:session): session closed for user root
Jun 25 00:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Invalid user lc from 220.119.37.141
Jun 25 00:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: input_userauth_request: invalid user lc [preauth]
Jun 25 00:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Failed password for invalid user lc from 220.119.37.141 port 55820 ssh2
Jun 25 00:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Received disconnect from 220.119.37.141 port 55820:11: Bye Bye [preauth]
Jun 25 00:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Disconnected from 220.119.37.141 port 55820 [preauth]
Jun 25 00:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21375]: Failed password for root from 195.178.110.217 port 36636 ssh2
Jun 25 00:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21375]: Connection closed by 195.178.110.217 port 36636 [preauth]
Jun 25 00:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 00:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: Failed password for root from 141.98.83.240 port 45078 ssh2
Jun 25 00:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 45078 ssh2]
Jun 25 00:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: Connection closed by 141.98.83.240 port 45078 [preauth]
Jun 25 00:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21405]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21470]: Successful su for rubyman by root
Jun 25 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21470]: + ??? root:rubyman
Jun 25 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586890 of user rubyman.
Jun 25 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21470]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586890.
Jun 25 00:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191  user=root
Jun 25 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18322]: pam_unix(cron:session): session closed for user root
Jun 25 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21406]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Failed password for root from 20.243.208.191 port 43226 ssh2
Jun 25 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Received disconnect from 20.243.208.191 port 43226:11: Bye Bye [preauth]
Jun 25 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Disconnected from 20.243.208.191 port 43226 [preauth]
Jun 25 00:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 00:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: Failed password for root from 176.32.39.21 port 36702 ssh2
Jun 25 00:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21666]: Connection closed by 176.32.39.21 port 36702 [preauth]
Jun 25 00:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 00:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21697]: Failed password for root from 103.77.175.15 port 38298 ssh2
Jun 25 00:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21697]: Connection closed by 103.77.175.15 port 38298 [preauth]
Jun 25 00:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session closed for user root
Jun 25 00:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: Failed password for root from 195.178.110.217 port 38596 ssh2
Jun 25 00:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21824]: Connection closed by 195.178.110.217 port 38596 [preauth]
Jun 25 00:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127  user=root
Jun 25 00:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Failed password for root from 101.36.124.127 port 44562 ssh2
Jun 25 00:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Received disconnect from 101.36.124.127 port 44562:11: Bye Bye [preauth]
Jun 25 00:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Disconnected from 101.36.124.127 port 44562 [preauth]
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21855]: pam_unix(cron:session): session closed for user root
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21850]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21919]: Successful su for rubyman by root
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21919]: + ??? root:rubyman
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586896 of user rubyman.
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21919]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586896.
Jun 25 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21852]: pam_unix(cron:session): session closed for user root
Jun 25 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18821]: pam_unix(cron:session): session closed for user root
Jun 25 00:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21851]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session closed for user root
Jun 25 00:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 00:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: Failed password for root from 195.178.110.217 port 40518 ssh2
Jun 25 00:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: Connection closed by 195.178.110.217 port 40518 [preauth]
Jun 25 00:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Invalid user designer from 220.119.37.141
Jun 25 00:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: input_userauth_request: invalid user designer [preauth]
Jun 25 00:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for invalid user designer from 220.119.37.141 port 37514 ssh2
Jun 25 00:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Received disconnect from 220.119.37.141 port 37514:11: Bye Bye [preauth]
Jun 25 00:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Disconnected from 220.119.37.141 port 37514 [preauth]
Jun 25 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22449]: Successful su for rubyman by root
Jun 25 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22449]: + ??? root:rubyman
Jun 25 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586901 of user rubyman.
Jun 25 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22449]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586901.
Jun 25 00:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19330]: pam_unix(cron:session): session closed for user root
Jun 25 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Invalid user teamspeak from 20.243.208.191
Jun 25 00:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 00:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Failed password for invalid user teamspeak from 20.243.208.191 port 60614 ssh2
Jun 25 00:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Received disconnect from 20.243.208.191 port 60614:11: Bye Bye [preauth]
Jun 25 00:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Disconnected from 20.243.208.191 port 60614 [preauth]
Jun 25 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21408]: pam_unix(cron:session): session closed for user root
Jun 25 00:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: Invalid user admin from 195.178.110.217
Jun 25 00:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: Failed password for invalid user admin from 195.178.110.217 port 42436 ssh2
Jun 25 00:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22758]: Connection closed by 195.178.110.217 port 42436 [preauth]
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22787]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22857]: Successful su for rubyman by root
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22857]: + ??? root:rubyman
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586903 of user rubyman.
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22857]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586903.
Jun 25 00:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19978]: pam_unix(cron:session): session closed for user root
Jun 25 00:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22792]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127  user=root
Jun 25 00:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Failed password for root from 101.36.124.127 port 59304 ssh2
Jun 25 00:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Received disconnect from 101.36.124.127 port 59304:11: Bye Bye [preauth]
Jun 25 00:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Disconnected from 101.36.124.127 port 59304 [preauth]
Jun 25 00:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21854]: pam_unix(cron:session): session closed for user root
Jun 25 00:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Invalid user admin from 195.178.110.217
Jun 25 00:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Failed password for invalid user admin from 195.178.110.217 port 44360 ssh2
Jun 25 00:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Connection closed by 195.178.110.217 port 44360 [preauth]
Jun 25 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23186]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23260]: Successful su for rubyman by root
Jun 25 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23260]: + ??? root:rubyman
Jun 25 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586908 of user rubyman.
Jun 25 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23260]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586908.
Jun 25 00:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session closed for user root
Jun 25 00:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23187]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Invalid user postgres from 220.119.37.141
Jun 25 00:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: input_userauth_request: invalid user postgres [preauth]
Jun 25 00:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Failed password for invalid user postgres from 220.119.37.141 port 47418 ssh2
Jun 25 00:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Received disconnect from 220.119.37.141 port 47418:11: Bye Bye [preauth]
Jun 25 00:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Disconnected from 220.119.37.141 port 47418 [preauth]
Jun 25 00:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: Invalid user p from 118.196.51.94
Jun 25 00:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: input_userauth_request: invalid user p [preauth]
Jun 25 00:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.196.51.94
Jun 25 00:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: Failed password for invalid user p from 118.196.51.94 port 58964 ssh2
Jun 25 00:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: Received disconnect from 118.196.51.94 port 58964:11: Bye Bye [preauth]
Jun 25 00:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: Disconnected from 118.196.51.94 port 58964 [preauth]
Jun 25 00:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Invalid user deployer from 20.243.208.191
Jun 25 00:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: input_userauth_request: invalid user deployer [preauth]
Jun 25 00:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Failed password for invalid user deployer from 20.243.208.191 port 56234 ssh2
Jun 25 00:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Received disconnect from 20.243.208.191 port 56234:11: Bye Bye [preauth]
Jun 25 00:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Disconnected from 20.243.208.191 port 56234 [preauth]
Jun 25 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22301]: pam_unix(cron:session): session closed for user root
Jun 25 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: Invalid user admin from 195.178.110.217
Jun 25 00:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: Failed password for invalid user admin from 195.178.110.217 port 46278 ssh2
Jun 25 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23593]: Connection closed by 195.178.110.217 port 46278 [preauth]
Jun 25 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23695]: Successful su for rubyman by root
Jun 25 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23695]: + ??? root:rubyman
Jun 25 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586912 of user rubyman.
Jun 25 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23695]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586912.
Jun 25 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session closed for user root
Jun 25 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23627]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22794]: pam_unix(cron:session): session closed for user root
Jun 25 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Invalid user sss from 101.36.124.127
Jun 25 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: input_userauth_request: invalid user sss [preauth]
Jun 25 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Failed password for invalid user sss from 101.36.124.127 port 59354 ssh2
Jun 25 00:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Received disconnect from 101.36.124.127 port 59354:11: Bye Bye [preauth]
Jun 25 00:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Disconnected from 101.36.124.127 port 59354 [preauth]
Jun 25 00:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: Invalid user admin from 195.178.110.217
Jun 25 00:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: Failed password for invalid user admin from 195.178.110.217 port 48164 ssh2
Jun 25 00:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24087]: Connection closed by 195.178.110.217 port 48164 [preauth]
Jun 25 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24141]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session closed for user root
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24139]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: Successful su for rubyman by root
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: + ??? root:rubyman
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586920 of user rubyman.
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586920.
Jun 25 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24141]: pam_unix(cron:session): session closed for user root
Jun 25 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21407]: pam_unix(cron:session): session closed for user root
Jun 25 00:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24140]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: Invalid user anthony from 220.119.37.141
Jun 25 00:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: input_userauth_request: invalid user anthony [preauth]
Jun 25 00:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Invalid user admin from 2.57.121.25
Jun 25 00:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 00:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: Failed password for invalid user anthony from 220.119.37.141 port 57318 ssh2
Jun 25 00:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: Received disconnect from 220.119.37.141 port 57318:11: Bye Bye [preauth]
Jun 25 00:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24477]: Disconnected from 220.119.37.141 port 57318 [preauth]
Jun 25 00:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Failed password for invalid user admin from 2.57.121.25 port 59620 ssh2
Jun 25 00:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Failed password for invalid user admin from 2.57.121.25 port 59620 ssh2
Jun 25 00:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Failed password for invalid user admin from 2.57.121.25 port 59620 ssh2
Jun 25 00:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Connection closed by 2.57.121.25 port 59620 [preauth]
Jun 25 00:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 00:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: Invalid user administrator from 20.243.208.191
Jun 25 00:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: input_userauth_request: invalid user administrator [preauth]
Jun 25 00:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: Failed password for invalid user administrator from 20.243.208.191 port 57062 ssh2
Jun 25 00:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: Received disconnect from 20.243.208.191 port 57062:11: Bye Bye [preauth]
Jun 25 00:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: Disconnected from 20.243.208.191 port 57062 [preauth]
Jun 25 00:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23190]: pam_unix(cron:session): session closed for user root
Jun 25 00:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: Invalid user admin from 195.178.110.217
Jun 25 00:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: Failed password for invalid user admin from 195.178.110.217 port 50078 ssh2
Jun 25 00:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: Connection closed by 195.178.110.217 port 50078 [preauth]
Jun 25 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24602]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: Successful su for rubyman by root
Jun 25 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: + ??? root:rubyman
Jun 25 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586921 of user rubyman.
Jun 25 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586921.
Jun 25 00:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21853]: pam_unix(cron:session): session closed for user root
Jun 25 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24604]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session closed for user root
Jun 25 00:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: Invalid user admin from 195.178.110.217
Jun 25 00:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: Failed password for invalid user admin from 195.178.110.217 port 51960 ssh2
Jun 25 00:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: Connection closed by 195.178.110.217 port 51960 [preauth]
Jun 25 00:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: Invalid user supermaint from 101.36.124.127
Jun 25 00:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: input_userauth_request: invalid user supermaint [preauth]
Jun 25 00:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: Failed password for invalid user supermaint from 101.36.124.127 port 37228 ssh2
Jun 25 00:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: Received disconnect from 101.36.124.127 port 37228:11: Bye Bye [preauth]
Jun 25 00:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: Disconnected from 101.36.124.127 port 37228 [preauth]
Jun 25 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25030]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25097]: Successful su for rubyman by root
Jun 25 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25097]: + ??? root:rubyman
Jun 25 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586925 of user rubyman.
Jun 25 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25097]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586925.
Jun 25 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session closed for user root
Jun 25 00:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25031]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25337]: Invalid user admin from 195.178.110.217
Jun 25 00:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25337]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25337]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191  user=root
Jun 25 00:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25337]: Failed password for invalid user admin from 195.178.110.217 port 53854 ssh2
Jun 25 00:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25337]: Connection closed by 195.178.110.217 port 53854 [preauth]
Jun 25 00:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24143]: pam_unix(cron:session): session closed for user root
Jun 25 00:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25347]: Failed password for root from 20.243.208.191 port 47362 ssh2
Jun 25 00:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25347]: Received disconnect from 20.243.208.191 port 47362:11: Bye Bye [preauth]
Jun 25 00:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25347]: Disconnected from 20.243.208.191 port 47362 [preauth]
Jun 25 00:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141  user=root
Jun 25 00:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: Failed password for root from 220.119.37.141 port 38986 ssh2
Jun 25 00:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: Received disconnect from 220.119.37.141 port 38986:11: Bye Bye [preauth]
Jun 25 00:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: Disconnected from 220.119.37.141 port 38986 [preauth]
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: Successful su for rubyman by root
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: + ??? root:rubyman
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586929 of user rubyman.
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586929.
Jun 25 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22793]: pam_unix(cron:session): session closed for user root
Jun 25 00:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25429]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Invalid user admin from 195.178.110.217
Jun 25 00:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Failed password for invalid user admin from 195.178.110.217 port 55744 ssh2
Jun 25 00:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Connection closed by 195.178.110.217 port 55744 [preauth]
Jun 25 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24606]: pam_unix(cron:session): session closed for user root
Jun 25 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25823]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25882]: Successful su for rubyman by root
Jun 25 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25882]: + ??? root:rubyman
Jun 25 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586934 of user rubyman.
Jun 25 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25882]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586934.
Jun 25 00:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23189]: pam_unix(cron:session): session closed for user root
Jun 25 00:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25824]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: Invalid user ubuntu from 101.36.124.127
Jun 25 00:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 00:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: Failed password for invalid user ubuntu from 101.36.124.127 port 52802 ssh2
Jun 25 00:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: Received disconnect from 101.36.124.127 port 52802:11: Bye Bye [preauth]
Jun 25 00:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: Disconnected from 101.36.124.127 port 52802 [preauth]
Jun 25 00:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Invalid user admin from 195.178.110.217
Jun 25 00:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Failed password for invalid user admin from 195.178.110.217 port 57636 ssh2
Jun 25 00:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Connection closed by 195.178.110.217 port 57636 [preauth]
Jun 25 00:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25033]: pam_unix(cron:session): session closed for user root
Jun 25 00:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191  user=root
Jun 25 00:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Failed password for root from 20.243.208.191 port 52908 ssh2
Jun 25 00:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Received disconnect from 20.243.208.191 port 52908:11: Bye Bye [preauth]
Jun 25 00:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Disconnected from 20.243.208.191 port 52908 [preauth]
Jun 25 00:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: Invalid user ftpuser from 220.119.37.141
Jun 25 00:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 00:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: Failed password for invalid user ftpuser from 220.119.37.141 port 48908 ssh2
Jun 25 00:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: Received disconnect from 220.119.37.141 port 48908:11: Bye Bye [preauth]
Jun 25 00:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: Disconnected from 220.119.37.141 port 48908 [preauth]
Jun 25 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session closed for user root
Jun 25 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26226]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: Successful su for rubyman by root
Jun 25 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: + ??? root:rubyman
Jun 25 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586939 of user rubyman.
Jun 25 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586939.
Jun 25 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session closed for user root
Jun 25 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session closed for user root
Jun 25 00:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26227]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: Invalid user admin from 195.178.110.217
Jun 25 00:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: Failed password for invalid user admin from 195.178.110.217 port 59508 ssh2
Jun 25 00:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: Connection closed by 195.178.110.217 port 59508 [preauth]
Jun 25 00:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25431]: pam_unix(cron:session): session closed for user root
Jun 25 00:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26605]: Connection closed by 194.59.206.2 port 48376 [preauth]
Jun 25 00:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26635]: Connection closed by 85.217.149.67 port 41618 [preauth]
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26658]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26809]: Successful su for rubyman by root
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26809]: + ??? root:rubyman
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586943 of user rubyman.
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26809]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586943.
Jun 25 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24142]: pam_unix(cron:session): session closed for user root
Jun 25 00:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Invalid user admin from 195.178.110.217
Jun 25 00:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Failed password for invalid user admin from 195.178.110.217 port 33134 ssh2
Jun 25 00:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Connection closed by 195.178.110.217 port 33134 [preauth]
Jun 25 00:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127  user=root
Jun 25 00:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Failed password for root from 101.36.124.127 port 54396 ssh2
Jun 25 00:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Received disconnect from 101.36.124.127 port 54396:11: Bye Bye [preauth]
Jun 25 00:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27022]: Disconnected from 101.36.124.127 port 54396 [preauth]
Jun 25 00:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 00:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Failed password for root from 103.27.238.120 port 47072 ssh2
Jun 25 00:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Connection closed by 103.27.238.120 port 47072 [preauth]
Jun 25 00:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25826]: pam_unix(cron:session): session closed for user root
Jun 25 00:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: Invalid user ubuntu from 20.243.208.191
Jun 25 00:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 00:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: Failed password for invalid user ubuntu from 20.243.208.191 port 38998 ssh2
Jun 25 00:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: Received disconnect from 20.243.208.191 port 38998:11: Bye Bye [preauth]
Jun 25 00:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: Disconnected from 20.243.208.191 port 38998 [preauth]
Jun 25 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27148]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27213]: Successful su for rubyman by root
Jun 25 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27213]: + ??? root:rubyman
Jun 25 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586947 of user rubyman.
Jun 25 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27213]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586947.
Jun 25 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24605]: pam_unix(cron:session): session closed for user root
Jun 25 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27145]: Failed password for root from 103.172.78.219 port 36568 ssh2
Jun 25 00:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27145]: Connection closed by 103.172.78.219 port 36568 [preauth]
Jun 25 00:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27149]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141  user=root
Jun 25 00:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: Invalid user admin from 195.178.110.217
Jun 25 00:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27445]: Failed password for root from 220.119.37.141 port 58844 ssh2
Jun 25 00:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27445]: Received disconnect from 220.119.37.141 port 58844:11: Bye Bye [preauth]
Jun 25 00:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27445]: Disconnected from 220.119.37.141 port 58844 [preauth]
Jun 25 00:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: Failed password for invalid user admin from 195.178.110.217 port 34994 ssh2
Jun 25 00:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: Connection closed by 195.178.110.217 port 34994 [preauth]
Jun 25 00:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session closed for user root
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27584]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27645]: Successful su for rubyman by root
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27645]: + ??? root:rubyman
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586952 of user rubyman.
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27645]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586952.
Jun 25 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25032]: pam_unix(cron:session): session closed for user root
Jun 25 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27585]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: Invalid user admin from 195.178.110.217
Jun 25 00:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: Failed password for invalid user admin from 195.178.110.217 port 36838 ssh2
Jun 25 00:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: Connection closed by 195.178.110.217 port 36838 [preauth]
Jun 25 00:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 00:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Failed password for root from 38.93.206.2 port 2450 ssh2
Jun 25 00:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Connection closed by 38.93.206.2 port 2450 [preauth]
Jun 25 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26661]: pam_unix(cron:session): session closed for user root
Jun 25 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Invalid user fh from 101.36.124.127
Jun 25 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: input_userauth_request: invalid user fh [preauth]
Jun 25 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: Invalid user fastuser from 64.225.17.153
Jun 25 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 00:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Failed password for invalid user fh from 101.36.124.127 port 49342 ssh2
Jun 25 00:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Received disconnect from 101.36.124.127 port 49342:11: Bye Bye [preauth]
Jun 25 00:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Disconnected from 101.36.124.127 port 49342 [preauth]
Jun 25 00:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: Failed password for invalid user fastuser from 64.225.17.153 port 57750 ssh2
Jun 25 00:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: Received disconnect from 64.225.17.153 port 57750:11: Bye Bye [preauth]
Jun 25 00:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: Disconnected from 64.225.17.153 port 57750 [preauth]
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27998]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28112]: Successful su for rubyman by root
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28112]: + ??? root:rubyman
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586957 of user rubyman.
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28112]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586957.
Jun 25 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191  user=root
Jun 25 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25430]: pam_unix(cron:session): session closed for user root
Jun 25 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: Failed password for root from 20.243.208.191 port 37916 ssh2
Jun 25 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: Received disconnect from 20.243.208.191 port 37916:11: Bye Bye [preauth]
Jun 25 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: Disconnected from 20.243.208.191 port 37916 [preauth]
Jun 25 00:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27999]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Invalid user admin from 195.178.110.217
Jun 25 00:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Failed password for invalid user admin from 195.178.110.217 port 38748 ssh2
Jun 25 00:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Connection closed by 195.178.110.217 port 38748 [preauth]
Jun 25 00:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Invalid user arleth from 2.57.121.112
Jun 25 00:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: input_userauth_request: invalid user arleth [preauth]
Jun 25 00:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 00:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Failed password for invalid user arleth from 2.57.121.112 port 46184 ssh2
Jun 25 00:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Failed password for invalid user arleth from 2.57.121.112 port 46184 ssh2
Jun 25 00:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Failed password for invalid user arleth from 2.57.121.112 port 46184 ssh2
Jun 25 00:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Invalid user test from 220.119.37.141
Jun 25 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: input_userauth_request: invalid user test [preauth]
Jun 25 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27151]: pam_unix(cron:session): session closed for user root
Jun 25 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Failed password for invalid user arleth from 2.57.121.112 port 46184 ssh2
Jun 25 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Invalid user steam from 139.59.208.49
Jun 25 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: input_userauth_request: invalid user steam [preauth]
Jun 25 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 00:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Failed password for invalid user test from 220.119.37.141 port 40548 ssh2
Jun 25 00:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Received disconnect from 220.119.37.141 port 40548:11: Bye Bye [preauth]
Jun 25 00:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Disconnected from 220.119.37.141 port 40548 [preauth]
Jun 25 00:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Failed password for invalid user arleth from 2.57.121.112 port 46184 ssh2
Jun 25 00:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Connection closed by 2.57.121.112 port 46184 [preauth]
Jun 25 00:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 00:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 00:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Failed password for invalid user steam from 139.59.208.49 port 51082 ssh2
Jun 25 00:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Received disconnect from 139.59.208.49 port 51082:11: Bye Bye [preauth]
Jun 25 00:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28396]: Disconnected from 139.59.208.49 port 51082 [preauth]
Jun 25 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28461]: pam_unix(cron:session): session closed for user root
Jun 25 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28455]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: Successful su for rubyman by root
Jun 25 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: + ??? root:rubyman
Jun 25 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586960 of user rubyman.
Jun 25 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586960.
Jun 25 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28458]: pam_unix(cron:session): session closed for user root
Jun 25 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25825]: pam_unix(cron:session): session closed for user root
Jun 25 00:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28456]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: Invalid user admin from 195.178.110.217
Jun 25 00:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: Failed password for invalid user admin from 195.178.110.217 port 40626 ssh2
Jun 25 00:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: Connection closed by 195.178.110.217 port 40626 [preauth]
Jun 25 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27587]: pam_unix(cron:session): session closed for user root
Jun 25 00:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: Invalid user ftpuser from 101.36.124.127
Jun 25 00:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 00:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: Failed password for invalid user ftpuser from 101.36.124.127 port 53786 ssh2
Jun 25 00:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: Received disconnect from 101.36.124.127 port 53786:11: Bye Bye [preauth]
Jun 25 00:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: Disconnected from 101.36.124.127 port 53786 [preauth]
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28997]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29071]: Successful su for rubyman by root
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29071]: + ??? root:rubyman
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586965 of user rubyman.
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29071]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586965.
Jun 25 00:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session closed for user root
Jun 25 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: Invalid user admin from 195.178.110.217
Jun 25 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28998]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: Failed password for invalid user admin from 195.178.110.217 port 42526 ssh2
Jun 25 00:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: Connection closed by 195.178.110.217 port 42526 [preauth]
Jun 25 00:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Invalid user m1 from 20.243.208.191
Jun 25 00:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: input_userauth_request: invalid user m1 [preauth]
Jun 25 00:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Failed password for invalid user m1 from 20.243.208.191 port 38930 ssh2
Jun 25 00:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Received disconnect from 20.243.208.191 port 38930:11: Bye Bye [preauth]
Jun 25 00:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Disconnected from 20.243.208.191 port 38930 [preauth]
Jun 25 00:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28001]: pam_unix(cron:session): session closed for user root
Jun 25 00:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: Invalid user user from 220.119.37.141
Jun 25 00:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: input_userauth_request: invalid user user [preauth]
Jun 25 00:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: Failed password for invalid user user from 220.119.37.141 port 50444 ssh2
Jun 25 00:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: Received disconnect from 220.119.37.141 port 50444:11: Bye Bye [preauth]
Jun 25 00:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: Disconnected from 220.119.37.141 port 50444 [preauth]
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29505]: Successful su for rubyman by root
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29505]: + ??? root:rubyman
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586971 of user rubyman.
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29505]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586971.
Jun 25 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: Invalid user admin from 195.178.110.217
Jun 25 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session closed for user root
Jun 25 00:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: Failed password for invalid user admin from 195.178.110.217 port 44402 ssh2
Jun 25 00:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29436]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: Connection closed by 195.178.110.217 port 44402 [preauth]
Jun 25 00:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28460]: pam_unix(cron:session): session closed for user root
Jun 25 00:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Invalid user cw from 101.36.124.127
Jun 25 00:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: input_userauth_request: invalid user cw [preauth]
Jun 25 00:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Failed password for invalid user cw from 101.36.124.127 port 52902 ssh2
Jun 25 00:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Received disconnect from 101.36.124.127 port 52902:11: Bye Bye [preauth]
Jun 25 00:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29949]: Disconnected from 101.36.124.127 port 52902 [preauth]
Jun 25 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Invalid user admin from 195.178.110.217
Jun 25 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29971]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30032]: Successful su for rubyman by root
Jun 25 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30032]: + ??? root:rubyman
Jun 25 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586974 of user rubyman.
Jun 25 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30032]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586974.
Jun 25 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Failed password for invalid user admin from 195.178.110.217 port 46312 ssh2
Jun 25 00:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Connection closed by 195.178.110.217 port 46312 [preauth]
Jun 25 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27150]: pam_unix(cron:session): session closed for user root
Jun 25 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Invalid user ftpuser from 20.243.208.191
Jun 25 00:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 00:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for invalid user ftpuser from 20.243.208.191 port 41968 ssh2
Jun 25 00:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Received disconnect from 20.243.208.191 port 41968:11: Bye Bye [preauth]
Jun 25 00:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Disconnected from 20.243.208.191 port 41968 [preauth]
Jun 25 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session closed for user root
Jun 25 00:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: Invalid user oracle from 220.119.37.141
Jun 25 00:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: input_userauth_request: invalid user oracle [preauth]
Jun 25 00:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: Failed password for invalid user oracle from 220.119.37.141 port 60374 ssh2
Jun 25 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: Received disconnect from 220.119.37.141 port 60374:11: Bye Bye [preauth]
Jun 25 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: Disconnected from 220.119.37.141 port 60374 [preauth]
Jun 25 00:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Invalid user admin from 195.178.110.217
Jun 25 00:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Failed password for invalid user admin from 195.178.110.217 port 48160 ssh2
Jun 25 00:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Connection closed by 195.178.110.217 port 48160 [preauth]
Jun 25 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30390]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30522]: Successful su for rubyman by root
Jun 25 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30522]: + ??? root:rubyman
Jun 25 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586978 of user rubyman.
Jun 25 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30522]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586978.
Jun 25 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session closed for user root
Jun 25 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27586]: pam_unix(cron:session): session closed for user root
Jun 25 00:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30391]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29438]: pam_unix(cron:session): session closed for user root
Jun 25 00:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Invalid user lorenzo from 64.225.17.153
Jun 25 00:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: input_userauth_request: invalid user lorenzo [preauth]
Jun 25 00:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 00:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Failed password for invalid user lorenzo from 64.225.17.153 port 58050 ssh2
Jun 25 00:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Received disconnect from 64.225.17.153 port 58050:11: Bye Bye [preauth]
Jun 25 00:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Disconnected from 64.225.17.153 port 58050 [preauth]
Jun 25 00:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Invalid user admin from 195.178.110.217
Jun 25 00:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Failed password for invalid user admin from 195.178.110.217 port 50020 ssh2
Jun 25 00:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Connection closed by 195.178.110.217 port 50020 [preauth]
Jun 25 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Failed password for root from 139.59.208.49 port 33680 ssh2
Jun 25 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Received disconnect from 139.59.208.49 port 33680:11: Bye Bye [preauth]
Jun 25 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Disconnected from 139.59.208.49 port 33680 [preauth]
Jun 25 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31009]: pam_unix(cron:session): session closed for user root
Jun 25 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31004]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31078]: Successful su for rubyman by root
Jun 25 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31078]: + ??? root:rubyman
Jun 25 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586984 of user rubyman.
Jun 25 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31078]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586984.
Jun 25 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31006]: pam_unix(cron:session): session closed for user root
Jun 25 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28000]: pam_unix(cron:session): session closed for user root
Jun 25 00:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31005]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127  user=root
Jun 25 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: Failed password for root from 101.36.124.127 port 57444 ssh2
Jun 25 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: Received disconnect from 101.36.124.127 port 57444:11: Bye Bye [preauth]
Jun 25 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: Disconnected from 101.36.124.127 port 57444 [preauth]
Jun 25 00:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Invalid user zn from 20.243.208.191
Jun 25 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: input_userauth_request: invalid user zn [preauth]
Jun 25 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29974]: pam_unix(cron:session): session closed for user root
Jun 25 00:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Failed password for invalid user zn from 20.243.208.191 port 57310 ssh2
Jun 25 00:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Received disconnect from 20.243.208.191 port 57310:11: Bye Bye [preauth]
Jun 25 00:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Disconnected from 20.243.208.191 port 57310 [preauth]
Jun 25 00:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31420]: Invalid user admin from 195.178.110.217
Jun 25 00:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31420]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31420]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31420]: Failed password for invalid user admin from 195.178.110.217 port 51910 ssh2
Jun 25 00:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31420]: Connection closed by 195.178.110.217 port 51910 [preauth]
Jun 25 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31441]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31512]: Successful su for rubyman by root
Jun 25 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31512]: + ??? root:rubyman
Jun 25 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586990 of user rubyman.
Jun 25 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31512]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586990.
Jun 25 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28459]: pam_unix(cron:session): session closed for user root
Jun 25 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31442]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Invalid user justin from 220.119.37.141
Jun 25 00:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: input_userauth_request: invalid user justin [preauth]
Jun 25 00:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Failed password for invalid user justin from 220.119.37.141 port 42080 ssh2
Jun 25 00:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Received disconnect from 220.119.37.141 port 42080:11: Bye Bye [preauth]
Jun 25 00:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Disconnected from 220.119.37.141 port 42080 [preauth]
Jun 25 00:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 00:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31859]: Invalid user harsha from 139.59.208.49
Jun 25 00:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31859]: input_userauth_request: invalid user harsha [preauth]
Jun 25 00:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31859]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 00:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: Failed password for root from 64.225.17.153 port 40690 ssh2
Jun 25 00:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: Received disconnect from 64.225.17.153 port 40690:11: Bye Bye [preauth]
Jun 25 00:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: Disconnected from 64.225.17.153 port 40690 [preauth]
Jun 25 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31859]: Failed password for invalid user harsha from 139.59.208.49 port 58260 ssh2
Jun 25 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31859]: Received disconnect from 139.59.208.49 port 58260:11: Bye Bye [preauth]
Jun 25 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31859]: Disconnected from 139.59.208.49 port 58260 [preauth]
Jun 25 00:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session closed for user root
Jun 25 00:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: Invalid user admin from 195.178.110.217
Jun 25 00:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: Failed password for invalid user admin from 195.178.110.217 port 53824 ssh2
Jun 25 00:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31925]: Connection closed by 195.178.110.217 port 53824 [preauth]
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31958]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32029]: Successful su for rubyman by root
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32029]: + ??? root:rubyman
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586992 of user rubyman.
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32029]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586992.
Jun 25 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session closed for user root
Jun 25 00:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31959]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 00:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Failed password for root from 103.149.28.157 port 53054 ssh2
Jun 25 00:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Connection closed by 103.149.28.157 port 53054 [preauth]
Jun 25 00:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: Invalid user test from 101.36.124.127
Jun 25 00:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: input_userauth_request: invalid user test [preauth]
Jun 25 00:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: Failed password for invalid user test from 101.36.124.127 port 58972 ssh2
Jun 25 00:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: Received disconnect from 101.36.124.127 port 58972:11: Bye Bye [preauth]
Jun 25 00:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32275]: Disconnected from 101.36.124.127 port 58972 [preauth]
Jun 25 00:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31008]: pam_unix(cron:session): session closed for user root
Jun 25 00:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191  user=root
Jun 25 00:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Failed password for root from 20.243.208.191 port 44048 ssh2
Jun 25 00:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Received disconnect from 20.243.208.191 port 44048:11: Bye Bye [preauth]
Jun 25 00:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Disconnected from 20.243.208.191 port 44048 [preauth]
Jun 25 00:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: Invalid user admin from 195.178.110.217
Jun 25 00:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: Failed password for invalid user admin from 195.178.110.217 port 55728 ssh2
Jun 25 00:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: Connection closed by 195.178.110.217 port 55728 [preauth]
Jun 25 00:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Invalid user jose from 139.59.208.49
Jun 25 00:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: input_userauth_request: invalid user jose [preauth]
Jun 25 00:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 00:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Failed password for invalid user jose from 139.59.208.49 port 38804 ssh2
Jun 25 00:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Received disconnect from 139.59.208.49 port 38804:11: Bye Bye [preauth]
Jun 25 00:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Disconnected from 139.59.208.49 port 38804 [preauth]
Jun 25 00:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 00:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Failed password for root from 64.225.17.153 port 39716 ssh2
Jun 25 00:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Received disconnect from 64.225.17.153 port 39716:11: Bye Bye [preauth]
Jun 25 00:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Disconnected from 64.225.17.153 port 39716 [preauth]
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32381]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32446]: Successful su for rubyman by root
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32446]: + ??? root:rubyman
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 586996 of user rubyman.
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32446]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 586996.
Jun 25 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29437]: pam_unix(cron:session): session closed for user root
Jun 25 00:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32382]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Invalid user steam from 220.119.37.141
Jun 25 00:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: input_userauth_request: invalid user steam [preauth]
Jun 25 00:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user steam from 220.119.37.141 port 52010 ssh2
Jun 25 00:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Received disconnect from 220.119.37.141 port 52010:11: Bye Bye [preauth]
Jun 25 00:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Disconnected from 220.119.37.141 port 52010 [preauth]
Jun 25 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31445]: pam_unix(cron:session): session closed for user root
Jun 25 00:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 00:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Failed password for root from 87.251.79.125 port 46814 ssh2
Jun 25 00:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Connection closed by 87.251.79.125 port 46814 [preauth]
Jun 25 00:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: Invalid user admin from 195.178.110.217
Jun 25 00:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: Failed password for invalid user admin from 195.178.110.217 port 57618 ssh2
Jun 25 00:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: Connection closed by 195.178.110.217 port 57618 [preauth]
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[399]: Successful su for rubyman by root
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[399]: + ??? root:rubyman
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587002 of user rubyman.
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[399]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587002.
Jun 25 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29973]: pam_unix(cron:session): session closed for user root
Jun 25 00:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Invalid user oracle from 139.59.208.49
Jun 25 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: input_userauth_request: invalid user oracle [preauth]
Jun 25 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 00:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Failed password for invalid user oracle from 139.59.208.49 port 34200 ssh2
Jun 25 00:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Received disconnect from 139.59.208.49 port 34200:11: Bye Bye [preauth]
Jun 25 00:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Disconnected from 139.59.208.49 port 34200 [preauth]
Jun 25 00:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31961]: pam_unix(cron:session): session closed for user root
Jun 25 00:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[830]: User backup from 195.178.110.217 not allowed because not listed in AllowUsers
Jun 25 00:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[830]: input_userauth_request: invalid user backup [preauth]
Jun 25 00:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=backup
Jun 25 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[830]: Failed password for invalid user backup from 195.178.110.217 port 59480 ssh2
Jun 25 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[830]: Connection closed by 195.178.110.217 port 59480 [preauth]
Jun 25 00:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: Invalid user fh from 20.243.208.191
Jun 25 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: input_userauth_request: invalid user fh [preauth]
Jun 25 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Failed password for root from 64.225.17.153 port 60256 ssh2
Jun 25 00:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Received disconnect from 64.225.17.153 port 60256:11: Bye Bye [preauth]
Jun 25 00:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Disconnected from 64.225.17.153 port 60256 [preauth]
Jun 25 00:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: Failed password for invalid user fh from 20.243.208.191 port 49954 ssh2
Jun 25 00:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: Received disconnect from 20.243.208.191 port 49954:11: Bye Bye [preauth]
Jun 25 00:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[843]: Disconnected from 20.243.208.191 port 49954 [preauth]
Jun 25 00:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Connection closed by 85.217.149.66 port 44022 [preauth]
Jun 25 00:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127  user=root
Jun 25 00:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Failed password for root from 101.36.124.127 port 52408 ssh2
Jun 25 00:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Received disconnect from 101.36.124.127 port 52408:11: Bye Bye [preauth]
Jun 25 00:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Disconnected from 101.36.124.127 port 52408 [preauth]
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[907]: pam_unix(cron:session): session closed for user root
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[977]: Successful su for rubyman by root
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[977]: + ??? root:rubyman
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587006 of user rubyman.
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[977]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587006.
Jun 25 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[904]: pam_unix(cron:session): session closed for user root
Jun 25 00:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session closed for user root
Jun 25 00:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: User backup from 195.178.110.217 not allowed because not listed in AllowUsers
Jun 25 00:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: input_userauth_request: invalid user backup [preauth]
Jun 25 00:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=backup
Jun 25 00:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session closed for user root
Jun 25 00:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: Failed password for invalid user backup from 195.178.110.217 port 33094 ssh2
Jun 25 00:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: Connection closed by 195.178.110.217 port 33094 [preauth]
Jun 25 00:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1337]: Received disconnect from 104.243.46.222 port 47596:11: disconnected by user [preauth]
Jun 25 00:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1337]: Disconnected from 104.243.46.222 port 47596 [preauth]
Jun 25 00:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Invalid user user1 from 139.59.208.49
Jun 25 00:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: input_userauth_request: invalid user user1 [preauth]
Jun 25 00:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 00:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Failed password for invalid user user1 from 139.59.208.49 port 48920 ssh2
Jun 25 00:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Received disconnect from 139.59.208.49 port 48920:11: Bye Bye [preauth]
Jun 25 00:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Disconnected from 139.59.208.49 port 48920 [preauth]
Jun 25 00:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141  user=root
Jun 25 00:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Failed password for root from 220.119.37.141 port 33730 ssh2
Jun 25 00:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Received disconnect from 220.119.37.141 port 33730:11: Bye Bye [preauth]
Jun 25 00:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Disconnected from 220.119.37.141 port 33730 [preauth]
Jun 25 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1591]: Successful su for rubyman by root
Jun 25 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1591]: + ??? root:rubyman
Jun 25 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587011 of user rubyman.
Jun 25 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1591]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587011.
Jun 25 00:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31007]: pam_unix(cron:session): session closed for user root
Jun 25 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Invalid user steam from 64.225.17.153
Jun 25 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: input_userauth_request: invalid user steam [preauth]
Jun 25 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 00:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Failed password for invalid user steam from 64.225.17.153 port 32858 ssh2
Jun 25 00:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Received disconnect from 64.225.17.153 port 32858:11: Bye Bye [preauth]
Jun 25 00:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Disconnected from 64.225.17.153 port 32858 [preauth]
Jun 25 00:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: User backup from 195.178.110.217 not allowed because not listed in AllowUsers
Jun 25 00:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: input_userauth_request: invalid user backup [preauth]
Jun 25 00:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=backup
Jun 25 00:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Failed password for invalid user backup from 195.178.110.217 port 34980 ssh2
Jun 25 00:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Connection closed by 195.178.110.217 port 34980 [preauth]
Jun 25 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[336]: pam_unix(cron:session): session closed for user root
Jun 25 00:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Invalid user allen from 20.243.208.191
Jun 25 00:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: input_userauth_request: invalid user allen [preauth]
Jun 25 00:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Failed password for invalid user allen from 20.243.208.191 port 43300 ssh2
Jun 25 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Received disconnect from 20.243.208.191 port 43300:11: Bye Bye [preauth]
Jun 25 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1946]: Disconnected from 20.243.208.191 port 43300 [preauth]
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1988]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1983]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2078]: Successful su for rubyman by root
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2078]: + ??? root:rubyman
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587015 of user rubyman.
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2078]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587015.
Jun 25 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: Invalid user vanessa from 101.36.124.127
Jun 25 00:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: input_userauth_request: invalid user vanessa [preauth]
Jun 25 00:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31444]: pam_unix(cron:session): session closed for user root
Jun 25 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: Failed password for invalid user vanessa from 101.36.124.127 port 51508 ssh2
Jun 25 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: Received disconnect from 101.36.124.127 port 51508:11: Bye Bye [preauth]
Jun 25 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: Disconnected from 101.36.124.127 port 51508 [preauth]
Jun 25 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1984]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: Invalid user ubuntu from 139.59.208.49
Jun 25 00:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 00:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 00:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: Failed password for invalid user ubuntu from 139.59.208.49 port 41970 ssh2
Jun 25 00:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: Received disconnect from 139.59.208.49 port 41970:11: Bye Bye [preauth]
Jun 25 00:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: Disconnected from 139.59.208.49 port 41970 [preauth]
Jun 25 00:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: User backup from 195.178.110.217 not allowed because not listed in AllowUsers
Jun 25 00:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: input_userauth_request: invalid user backup [preauth]
Jun 25 00:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=backup
Jun 25 00:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Failed password for invalid user backup from 195.178.110.217 port 36836 ssh2
Jun 25 00:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Connection closed by 195.178.110.217 port 36836 [preauth]
Jun 25 00:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session closed for user root
Jun 25 00:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Invalid user client from 64.225.17.153
Jun 25 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: input_userauth_request: invalid user client [preauth]
Jun 25 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 00:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Failed password for invalid user client from 64.225.17.153 port 34900 ssh2
Jun 25 00:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Received disconnect from 64.225.17.153 port 34900:11: Bye Bye [preauth]
Jun 25 00:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Disconnected from 64.225.17.153 port 34900 [preauth]
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2442]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2509]: Successful su for rubyman by root
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2509]: + ??? root:rubyman
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587018 of user rubyman.
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2509]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587018.
Jun 25 00:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31960]: pam_unix(cron:session): session closed for user root
Jun 25 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2661]: Invalid user ahmad from 220.119.37.141
Jun 25 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2661]: input_userauth_request: invalid user ahmad [preauth]
Jun 25 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2661]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2444]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2661]: Failed password for invalid user ahmad from 220.119.37.141 port 43676 ssh2
Jun 25 00:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2661]: Received disconnect from 220.119.37.141 port 43676:11: Bye Bye [preauth]
Jun 25 00:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2661]: Disconnected from 220.119.37.141 port 43676 [preauth]
Jun 25 00:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: User backup from 195.178.110.217 not allowed because not listed in AllowUsers
Jun 25 00:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: input_userauth_request: invalid user backup [preauth]
Jun 25 00:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=backup
Jun 25 00:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: Failed password for invalid user backup from 195.178.110.217 port 38726 ssh2
Jun 25 00:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: Connection closed by 195.178.110.217 port 38726 [preauth]
Jun 25 00:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Invalid user iman from 141.98.83.240
Jun 25 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: input_userauth_request: invalid user iman [preauth]
Jun 25 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 00:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Failed password for invalid user iman from 141.98.83.240 port 45150 ssh2
Jun 25 00:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Failed password for invalid user iman from 141.98.83.240 port 45150 ssh2
Jun 25 00:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Failed password for invalid user iman from 141.98.83.240 port 45150 ssh2
Jun 25 00:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Connection closed by 141.98.83.240 port 45150 [preauth]
Jun 25 00:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1424]: pam_unix(cron:session): session closed for user root
Jun 25 00:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 00:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: Failed password for root from 139.59.208.49 port 35796 ssh2
Jun 25 00:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: Received disconnect from 139.59.208.49 port 35796:11: Bye Bye [preauth]
Jun 25 00:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: Disconnected from 139.59.208.49 port 35796 [preauth]
Jun 25 00:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Invalid user supermaint from 20.243.208.191
Jun 25 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: input_userauth_request: invalid user supermaint [preauth]
Jun 25 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Failed password for invalid user supermaint from 20.243.208.191 port 34260 ssh2
Jun 25 00:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Received disconnect from 20.243.208.191 port 34260:11: Bye Bye [preauth]
Jun 25 00:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Disconnected from 20.243.208.191 port 34260 [preauth]
Jun 25 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2881]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2940]: Successful su for rubyman by root
Jun 25 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2940]: + ??? root:rubyman
Jun 25 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587023 of user rubyman.
Jun 25 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2940]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587023.
Jun 25 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32383]: pam_unix(cron:session): session closed for user root
Jun 25 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 00:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2882]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Failed password for root from 64.225.17.153 port 44994 ssh2
Jun 25 00:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Received disconnect from 64.225.17.153 port 44994:11: Bye Bye [preauth]
Jun 25 00:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Disconnected from 64.225.17.153 port 44994 [preauth]
Jun 25 00:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: User backup from 195.178.110.217 not allowed because not listed in AllowUsers
Jun 25 00:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: input_userauth_request: invalid user backup [preauth]
Jun 25 00:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=backup
Jun 25 00:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Invalid user milad from 101.36.124.127
Jun 25 00:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: input_userauth_request: invalid user milad [preauth]
Jun 25 00:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: Failed password for invalid user backup from 195.178.110.217 port 40612 ssh2
Jun 25 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: Connection closed by 195.178.110.217 port 40612 [preauth]
Jun 25 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Failed password for invalid user milad from 101.36.124.127 port 34704 ssh2
Jun 25 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Received disconnect from 101.36.124.127 port 34704:11: Bye Bye [preauth]
Jun 25 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Disconnected from 101.36.124.127 port 34704 [preauth]
Jun 25 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1988]: pam_unix(cron:session): session closed for user root
Jun 25 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 00:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for root from 139.59.208.49 port 39974 ssh2
Jun 25 00:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Received disconnect from 139.59.208.49 port 39974:11: Bye Bye [preauth]
Jun 25 00:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Disconnected from 139.59.208.49 port 39974 [preauth]
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session closed for user root
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3281]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3347]: Successful su for rubyman by root
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3347]: + ??? root:rubyman
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587028 of user rubyman.
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3347]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587028.
Jun 25 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3283]: pam_unix(cron:session): session closed for user root
Jun 25 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[335]: pam_unix(cron:session): session closed for user root
Jun 25 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3282]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: User backup from 195.178.110.217 not allowed because not listed in AllowUsers
Jun 25 00:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: input_userauth_request: invalid user backup [preauth]
Jun 25 00:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=backup
Jun 25 00:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: Failed password for invalid user backup from 195.178.110.217 port 42506 ssh2
Jun 25 00:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: Connection closed by 195.178.110.217 port 42506 [preauth]
Jun 25 00:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141  user=root
Jun 25 00:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3593]: Failed password for root from 220.119.37.141 port 53620 ssh2
Jun 25 00:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3593]: Received disconnect from 220.119.37.141 port 53620:11: Bye Bye [preauth]
Jun 25 00:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3593]: Disconnected from 220.119.37.141 port 53620 [preauth]
Jun 25 00:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2446]: pam_unix(cron:session): session closed for user root
Jun 25 00:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3652]: Failed password for root from 64.225.17.153 port 55280 ssh2
Jun 25 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3652]: Received disconnect from 64.225.17.153 port 55280:11: Bye Bye [preauth]
Jun 25 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3652]: Disconnected from 64.225.17.153 port 55280 [preauth]
Jun 25 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 00:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: Failed password for root from 62.133.62.83 port 41734 ssh2
Jun 25 00:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: Connection closed by 62.133.62.83 port 41734 [preauth]
Jun 25 00:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 00:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: Failed password for root from 202.178.126.219 port 29547 ssh2
Jun 25 00:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: Connection closed by 202.178.126.219 port 29547 [preauth]
Jun 25 00:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Invalid user admin from 34.78.110.174
Jun 25 00:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: input_userauth_request: invalid user admin [preauth]
Jun 25 00:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.78.110.174
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3817]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Failed password for invalid user admin from 34.78.110.174 port 60826 ssh2
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3940]: Successful su for rubyman by root
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3940]: + ??? root:rubyman
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587032 of user rubyman.
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3940]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587032.
Jun 25 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Connection closed by 34.78.110.174 port 60826 [preauth]
Jun 25 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[905]: pam_unix(cron:session): session closed for user root
Jun 25 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3818]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4174]: Invalid user debian from 195.178.110.217
Jun 25 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4174]: input_userauth_request: invalid user debian [preauth]
Jun 25 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: Connection closed by 34.78.110.174 port 60810 [preauth]
Jun 25 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4174]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: Invalid user vanessa from 20.243.208.191
Jun 25 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: input_userauth_request: invalid user vanessa [preauth]
Jun 25 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191
Jun 25 00:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4174]: Failed password for invalid user debian from 195.178.110.217 port 44396 ssh2
Jun 25 00:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4174]: Connection closed by 195.178.110.217 port 44396 [preauth]
Jun 25 00:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: Failed password for invalid user vanessa from 20.243.208.191 port 57210 ssh2
Jun 25 00:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: Received disconnect from 20.243.208.191 port 57210:11: Bye Bye [preauth]
Jun 25 00:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4176]: Disconnected from 20.243.208.191 port 57210 [preauth]
Jun 25 00:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: Invalid user client from 139.59.208.49
Jun 25 00:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: input_userauth_request: invalid user client [preauth]
Jun 25 00:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 00:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: Failed password for invalid user client from 139.59.208.49 port 42326 ssh2
Jun 25 00:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: Received disconnect from 139.59.208.49 port 42326:11: Bye Bye [preauth]
Jun 25 00:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: Disconnected from 139.59.208.49 port 42326 [preauth]
Jun 25 00:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127  user=root
Jun 25 00:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: Failed password for root from 101.36.124.127 port 54678 ssh2
Jun 25 00:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: Received disconnect from 101.36.124.127 port 54678:11: Bye Bye [preauth]
Jun 25 00:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: Disconnected from 101.36.124.127 port 54678 [preauth]
Jun 25 00:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2884]: pam_unix(cron:session): session closed for user root
Jun 25 00:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: Did not receive identification string from 34.22.133.178
Jun 25 00:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4337]: fatal: Unable to negotiate with 34.22.133.178 port 39302: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Jun 25 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4357]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4415]: Successful su for rubyman by root
Jun 25 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4415]: + ??? root:rubyman
Jun 25 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587036 of user rubyman.
Jun 25 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4415]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587036.
Jun 25 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1423]: pam_unix(cron:session): session closed for user root
Jun 25 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Invalid user debian from 195.178.110.217
Jun 25 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: input_userauth_request: invalid user debian [preauth]
Jun 25 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4358]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Failed password for invalid user debian from 195.178.110.217 port 46298 ssh2
Jun 25 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Connection closed by 195.178.110.217 port 46298 [preauth]
Jun 25 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 00:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: Failed password for root from 64.225.17.153 port 59658 ssh2
Jun 25 00:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: Received disconnect from 64.225.17.153 port 59658:11: Bye Bye [preauth]
Jun 25 00:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: Disconnected from 64.225.17.153 port 59658 [preauth]
Jun 25 00:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: Invalid user gitlab-runner from 220.119.37.141
Jun 25 00:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 00:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: Failed password for invalid user gitlab-runner from 220.119.37.141 port 35308 ssh2
Jun 25 00:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: Received disconnect from 220.119.37.141 port 35308:11: Bye Bye [preauth]
Jun 25 00:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: Disconnected from 220.119.37.141 port 35308 [preauth]
Jun 25 00:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session closed for user root
Jun 25 00:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 00:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: Failed password for root from 139.59.208.49 port 36092 ssh2
Jun 25 00:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: Received disconnect from 139.59.208.49 port 36092:11: Bye Bye [preauth]
Jun 25 00:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4769]: Disconnected from 139.59.208.49 port 36092 [preauth]
Jun 25 00:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Invalid user debian from 195.178.110.217
Jun 25 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: input_userauth_request: invalid user debian [preauth]
Jun 25 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: Successful su for rubyman by root
Jun 25 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: + ??? root:rubyman
Jun 25 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587040 of user rubyman.
Jun 25 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587040.
Jun 25 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Failed password for invalid user debian from 195.178.110.217 port 48192 ssh2
Jun 25 00:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Connection closed by 195.178.110.217 port 48192 [preauth]
Jun 25 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1985]: pam_unix(cron:session): session closed for user root
Jun 25 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 00:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Failed password for root from 77.94.47.83 port 40236 ssh2
Jun 25 00:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Connection closed by 77.94.47.83 port 40236 [preauth]
Jun 25 00:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.243.208.191  user=root
Jun 25 00:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Failed password for root from 20.243.208.191 port 43960 ssh2
Jun 25 00:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Received disconnect from 20.243.208.191 port 43960:11: Bye Bye [preauth]
Jun 25 00:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Disconnected from 20.243.208.191 port 43960 [preauth]
Jun 25 00:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 00:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Failed password for root from 147.45.199.80 port 57976 ssh2
Jun 25 00:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5176]: Connection closed by 147.45.199.80 port 57976 [preauth]
Jun 25 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3820]: pam_unix(cron:session): session closed for user root
Jun 25 00:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Invalid user ubuntu from 101.36.124.127
Jun 25 00:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 00:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Failed password for invalid user ubuntu from 101.36.124.127 port 52786 ssh2
Jun 25 00:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Received disconnect from 101.36.124.127 port 52786:11: Bye Bye [preauth]
Jun 25 00:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Disconnected from 101.36.124.127 port 52786 [preauth]
Jun 25 00:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: Invalid user debian1 from 64.225.17.153
Jun 25 00:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: input_userauth_request: invalid user debian1 [preauth]
Jun 25 00:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 00:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: Failed password for invalid user debian1 from 64.225.17.153 port 33074 ssh2
Jun 25 00:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: Received disconnect from 64.225.17.153 port 33074:11: Bye Bye [preauth]
Jun 25 00:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: Disconnected from 64.225.17.153 port 33074 [preauth]
Jun 25 00:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: Invalid user debian from 195.178.110.217
Jun 25 00:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: input_userauth_request: invalid user debian [preauth]
Jun 25 00:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: Failed password for invalid user debian from 195.178.110.217 port 50056 ssh2
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5270]: Connection closed by 195.178.110.217 port 50056 [preauth]
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5282]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5348]: Successful su for rubyman by root
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5348]: + ??? root:rubyman
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587044 of user rubyman.
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5348]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587044.
Jun 25 00:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2445]: pam_unix(cron:session): session closed for user root
Jun 25 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5283]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Invalid user administrator from 139.59.208.49
Jun 25 00:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: input_userauth_request: invalid user administrator [preauth]
Jun 25 00:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 00:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Failed password for invalid user administrator from 139.59.208.49 port 48246 ssh2
Jun 25 00:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Received disconnect from 139.59.208.49 port 48246:11: Bye Bye [preauth]
Jun 25 00:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Disconnected from 139.59.208.49 port 48246 [preauth]
Jun 25 00:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4360]: pam_unix(cron:session): session closed for user root
Jun 25 00:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: Invalid user test from 220.119.37.141
Jun 25 00:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: input_userauth_request: invalid user test [preauth]
Jun 25 00:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: Failed password for invalid user test from 220.119.37.141 port 45236 ssh2
Jun 25 00:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: Received disconnect from 220.119.37.141 port 45236:11: Bye Bye [preauth]
Jun 25 00:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: Disconnected from 220.119.37.141 port 45236 [preauth]
Jun 25 00:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: Invalid user debian from 195.178.110.217
Jun 25 00:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: input_userauth_request: invalid user debian [preauth]
Jun 25 00:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: Failed password for invalid user debian from 195.178.110.217 port 51934 ssh2
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session closed for user root
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5685]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: Connection closed by 195.178.110.217 port 51934 [preauth]
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5760]: Successful su for rubyman by root
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5760]: + ??? root:rubyman
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587050 of user rubyman.
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5760]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587050.
Jun 25 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5687]: pam_unix(cron:session): session closed for user root
Jun 25 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2883]: pam_unix(cron:session): session closed for user root
Jun 25 00:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5686]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Invalid user jose from 64.225.17.153
Jun 25 00:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: input_userauth_request: invalid user jose [preauth]
Jun 25 00:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Failed password for invalid user jose from 64.225.17.153 port 37880 ssh2
Jun 25 00:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Received disconnect from 64.225.17.153 port 37880:11: Bye Bye [preauth]
Jun 25 00:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Disconnected from 64.225.17.153 port 37880 [preauth]
Jun 25 00:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session closed for user root
Jun 25 00:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 00:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Failed password for root from 139.59.208.49 port 37662 ssh2
Jun 25 00:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Received disconnect from 139.59.208.49 port 37662:11: Bye Bye [preauth]
Jun 25 00:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Disconnected from 139.59.208.49 port 37662 [preauth]
Jun 25 00:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Invalid user username from 101.36.124.127
Jun 25 00:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: input_userauth_request: invalid user username [preauth]
Jun 25 00:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.124.127
Jun 25 00:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Failed password for invalid user username from 101.36.124.127 port 42166 ssh2
Jun 25 00:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Received disconnect from 101.36.124.127 port 42166:11: Bye Bye [preauth]
Jun 25 00:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Disconnected from 101.36.124.127 port 42166 [preauth]
Jun 25 00:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Invalid user mysites from 136.36.189.65
Jun 25 00:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: input_userauth_request: invalid user mysites [preauth]
Jun 25 00:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Failed password for invalid user mysites from 136.36.189.65 port 55008 ssh2
Jun 25 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Received disconnect from 136.36.189.65 port 55008:11: Bye Bye [preauth]
Jun 25 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Disconnected from 136.36.189.65 port 55008 [preauth]
Jun 25 00:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: Invalid user debian from 195.178.110.217
Jun 25 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: input_userauth_request: invalid user debian [preauth]
Jun 25 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: Failed password for invalid user debian from 195.178.110.217 port 53806 ssh2
Jun 25 00:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: Connection closed by 195.178.110.217 port 53806 [preauth]
Jun 25 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6192]: Successful su for rubyman by root
Jun 25 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6192]: + ??? root:rubyman
Jun 25 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587056 of user rubyman.
Jun 25 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6192]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587056.
Jun 25 00:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3284]: pam_unix(cron:session): session closed for user root
Jun 25 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6120]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5285]: pam_unix(cron:session): session closed for user root
Jun 25 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 00:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: Failed password for root from 103.15.222.183 port 56898 ssh2
Jun 25 00:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6461]: Connection closed by 103.15.222.183 port 56898 [preauth]
Jun 25 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: Invalid user oracle from 64.225.17.153
Jun 25 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: input_userauth_request: invalid user oracle [preauth]
Jun 25 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: Failed password for invalid user oracle from 64.225.17.153 port 53606 ssh2
Jun 25 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: Received disconnect from 64.225.17.153 port 53606:11: Bye Bye [preauth]
Jun 25 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: Disconnected from 64.225.17.153 port 53606 [preauth]
Jun 25 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Invalid user debian from 195.178.110.217
Jun 25 00:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: input_userauth_request: invalid user debian [preauth]
Jun 25 00:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6516]: Invalid user ubuntu from 220.119.37.141
Jun 25 00:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6516]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 00:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6516]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.37.141
Jun 25 00:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Failed password for invalid user debian from 195.178.110.217 port 55682 ssh2
Jun 25 00:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Connection closed by 195.178.110.217 port 55682 [preauth]
Jun 25 00:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6516]: Failed password for invalid user ubuntu from 220.119.37.141 port 55160 ssh2
Jun 25 00:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6516]: Received disconnect from 220.119.37.141 port 55160:11: Bye Bye [preauth]
Jun 25 00:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6516]: Disconnected from 220.119.37.141 port 55160 [preauth]
Jun 25 00:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6530]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6589]: Successful su for rubyman by root
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6589]: + ??? root:rubyman
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587058 of user rubyman.
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6589]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587058.
Jun 25 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Failed password for root from 193.37.70.224 port 44264 ssh2
Jun 25 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Connection closed by 193.37.70.224 port 44264 [preauth]
Jun 25 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3819]: pam_unix(cron:session): session closed for user root
Jun 25 00:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6813]: Failed password for root from 139.59.208.49 port 45534 ssh2
Jun 25 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6813]: Received disconnect from 139.59.208.49 port 45534:11: Bye Bye [preauth]
Jun 25 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6813]: Disconnected from 139.59.208.49 port 45534 [preauth]
Jun 25 00:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session closed for user root
Jun 25 00:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Invalid user debian from 195.178.110.217
Jun 25 00:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: input_userauth_request: invalid user debian [preauth]
Jun 25 00:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Failed password for invalid user debian from 195.178.110.217 port 57554 ssh2
Jun 25 00:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Connection closed by 195.178.110.217 port 57554 [preauth]
Jun 25 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6951]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7052]: Successful su for rubyman by root
Jun 25 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7052]: + ??? root:rubyman
Jun 25 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587062 of user rubyman.
Jun 25 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7052]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587062.
Jun 25 00:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4359]: pam_unix(cron:session): session closed for user root
Jun 25 00:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6952]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 00:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Failed password for root from 64.225.17.153 port 50794 ssh2
Jun 25 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Received disconnect from 64.225.17.153 port 50794:11: Bye Bye [preauth]
Jun 25 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Disconnected from 64.225.17.153 port 50794 [preauth]
Jun 25 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Invalid user innov from 20.204.136.58
Jun 25 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: input_userauth_request: invalid user innov [preauth]
Jun 25 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Failed password for invalid user innov from 20.204.136.58 port 57092 ssh2
Jun 25 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Received disconnect from 20.204.136.58 port 57092:11: Bye Bye [preauth]
Jun 25 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Disconnected from 20.204.136.58 port 57092 [preauth]
Jun 25 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session closed for user root
Jun 25 00:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: Invalid user peertube from 139.59.208.49
Jun 25 00:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: input_userauth_request: invalid user peertube [preauth]
Jun 25 00:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 00:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Invalid user deploy from 195.178.110.217
Jun 25 00:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: input_userauth_request: invalid user deploy [preauth]
Jun 25 00:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: Failed password for invalid user peertube from 139.59.208.49 port 48556 ssh2
Jun 25 00:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: Received disconnect from 139.59.208.49 port 48556:11: Bye Bye [preauth]
Jun 25 00:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: Disconnected from 139.59.208.49 port 48556 [preauth]
Jun 25 00:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Failed password for invalid user deploy from 195.178.110.217 port 59408 ssh2
Jun 25 00:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Connection closed by 195.178.110.217 port 59408 [preauth]
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session closed for user p13x
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7509]: Successful su for rubyman by root
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7509]: + ??? root:rubyman
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587066 of user rubyman.
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7509]: pam_unix(su:session): session closed for user rubyman
Jun 25 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587066.
Jun 25 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user root
Jun 25 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Invalid user ubnt from 193.46.255.86
Jun 25 00:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: input_userauth_request: invalid user ubnt [preauth]
Jun 25 00:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 00:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session closed for user samftp
Jun 25 00:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Failed password for invalid user ubnt from 193.46.255.86 port 13946 ssh2
Jun 25 00:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Failed password for invalid user ubnt from 193.46.255.86 port 13946 ssh2
Jun 25 00:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Failed password for invalid user ubnt from 193.46.255.86 port 13946 ssh2
Jun 25 00:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Connection closed by 193.46.255.86 port 13946 [preauth]
Jun 25 00:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6533]: pam_unix(cron:session): session closed for user root
Jun 25 00:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 00:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: Invalid user deploy from 195.178.110.217
Jun 25 00:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: input_userauth_request: invalid user deploy [preauth]
Jun 25 00:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 00:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 00:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: Failed password for invalid user deploy from 195.178.110.217 port 33044 ssh2
Jun 25 00:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: Connection closed by 195.178.110.217 port 33044 [preauth]
Jun 25 01:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7945]: pam_unix(cron:session): session closed for user root
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7941]: pam_unix(cron:session): session closed for user root
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7939]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8032]: Successful su for rubyman by root
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8032]: + ??? root:rubyman
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587070 of user rubyman.
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8032]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587070.
Jun 25 01:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: Failed password for root from 64.225.17.153 port 45200 ssh2
Jun 25 01:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: Received disconnect from 64.225.17.153 port 45200:11: Bye Bye [preauth]
Jun 25 01:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: Disconnected from 64.225.17.153 port 45200 [preauth]
Jun 25 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7942]: pam_unix(cron:session): session closed for user root
Jun 25 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5284]: pam_unix(cron:session): session closed for user root
Jun 25 01:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7940]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Failed password for root from 103.27.238.114 port 39604 ssh2
Jun 25 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Connection closed by 103.27.238.114 port 39604 [preauth]
Jun 25 01:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 01:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: Failed password for root from 139.59.208.49 port 34368 ssh2
Jun 25 01:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: Received disconnect from 139.59.208.49 port 34368:11: Bye Bye [preauth]
Jun 25 01:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8259]: Disconnected from 139.59.208.49 port 34368 [preauth]
Jun 25 01:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6954]: pam_unix(cron:session): session closed for user root
Jun 25 01:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Invalid user deploy from 195.178.110.217
Jun 25 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Failed password for invalid user deploy from 195.178.110.217 port 34912 ssh2
Jun 25 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Connection closed by 195.178.110.217 port 34912 [preauth]
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8431]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: Successful su for rubyman by root
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: + ??? root:rubyman
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587077 of user rubyman.
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587077.
Jun 25 01:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session closed for user root
Jun 25 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Invalid user debian from 64.225.17.153
Jun 25 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: input_userauth_request: invalid user debian [preauth]
Jun 25 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 01:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Failed password for invalid user debian from 64.225.17.153 port 34762 ssh2
Jun 25 01:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Received disconnect from 64.225.17.153 port 34762:11: Bye Bye [preauth]
Jun 25 01:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Disconnected from 64.225.17.153 port 34762 [preauth]
Jun 25 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7454]: pam_unix(cron:session): session closed for user root
Jun 25 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Invalid user deploy from 195.178.110.217
Jun 25 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 01:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Failed password for invalid user deploy from 195.178.110.217 port 36790 ssh2
Jun 25 01:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Connection closed by 195.178.110.217 port 36790 [preauth]
Jun 25 01:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Failed password for root from 139.59.208.49 port 58818 ssh2
Jun 25 01:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Received disconnect from 139.59.208.49 port 58818:11: Bye Bye [preauth]
Jun 25 01:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Disconnected from 139.59.208.49 port 58818 [preauth]
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8846]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: Successful su for rubyman by root
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: + ??? root:rubyman
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587081 of user rubyman.
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587081.
Jun 25 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6121]: pam_unix(cron:session): session closed for user root
Jun 25 01:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8847]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9153]: Invalid user deploy from 195.178.110.217
Jun 25 01:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9153]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9153]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9153]: Failed password for invalid user deploy from 195.178.110.217 port 38668 ssh2
Jun 25 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9153]: Connection closed by 195.178.110.217 port 38668 [preauth]
Jun 25 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7944]: pam_unix(cron:session): session closed for user root
Jun 25 01:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: Invalid user william from 139.59.208.49
Jun 25 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: input_userauth_request: invalid user william [preauth]
Jun 25 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Failed password for root from 64.225.17.153 port 52664 ssh2
Jun 25 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Received disconnect from 64.225.17.153 port 52664:11: Bye Bye [preauth]
Jun 25 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Disconnected from 64.225.17.153 port 52664 [preauth]
Jun 25 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: Failed password for invalid user william from 139.59.208.49 port 40972 ssh2
Jun 25 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: Received disconnect from 139.59.208.49 port 40972:11: Bye Bye [preauth]
Jun 25 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9232]: Disconnected from 139.59.208.49 port 40972 [preauth]
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9246]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9311]: Successful su for rubyman by root
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9311]: + ??? root:rubyman
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587086 of user rubyman.
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9311]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587086.
Jun 25 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session closed for user root
Jun 25 01:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9247]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: Invalid user deploy from 195.178.110.217
Jun 25 01:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: Failed password for invalid user deploy from 195.178.110.217 port 40564 ssh2
Jun 25 01:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: Connection closed by 195.178.110.217 port 40564 [preauth]
Jun 25 01:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Invalid user webservice from 136.36.189.65
Jun 25 01:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: input_userauth_request: invalid user webservice [preauth]
Jun 25 01:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Failed password for invalid user webservice from 136.36.189.65 port 40306 ssh2
Jun 25 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Received disconnect from 136.36.189.65 port 40306:11: Bye Bye [preauth]
Jun 25 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Disconnected from 136.36.189.65 port 40306 [preauth]
Jun 25 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session closed for user root
Jun 25 01:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 01:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9627]: Failed password for root from 194.113.233.25 port 38576 ssh2
Jun 25 01:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9627]: Connection closed by 194.113.233.25 port 38576 [preauth]
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9697]: Successful su for rubyman by root
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9697]: + ??? root:rubyman
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587089 of user rubyman.
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9697]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587089.
Jun 25 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6953]: pam_unix(cron:session): session closed for user root
Jun 25 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: Invalid user deploy from 195.178.110.217
Jun 25 01:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: Failed password for invalid user deploy from 195.178.110.217 port 42426 ssh2
Jun 25 01:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10085]: Connection closed by 195.178.110.217 port 42426 [preauth]
Jun 25 01:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: Invalid user debian from 139.59.208.49
Jun 25 01:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: input_userauth_request: invalid user debian [preauth]
Jun 25 01:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: Failed password for invalid user debian from 139.59.208.49 port 47812 ssh2
Jun 25 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: Received disconnect from 139.59.208.49 port 47812:11: Bye Bye [preauth]
Jun 25 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: Disconnected from 139.59.208.49 port 47812 [preauth]
Jun 25 01:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Failed password for root from 64.225.17.153 port 34786 ssh2
Jun 25 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Received disconnect from 64.225.17.153 port 34786:11: Bye Bye [preauth]
Jun 25 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Disconnected from 64.225.17.153 port 34786 [preauth]
Jun 25 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8849]: pam_unix(cron:session): session closed for user root
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session closed for user root
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10384]: Successful su for rubyman by root
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10384]: + ??? root:rubyman
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587094 of user rubyman.
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10384]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587094.
Jun 25 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session closed for user root
Jun 25 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session closed for user root
Jun 25 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 25 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 01:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Failed password for root from 94.159.110.201 port 53968 ssh2
Jun 25 01:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Connection closed by 94.159.110.201 port 53968 [preauth]
Jun 25 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: Failed password for root from 109.237.96.109 port 35390 ssh2
Jun 25 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: Connection closed by 109.237.96.109 port 35390 [preauth]
Jun 25 01:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Invalid user biblio from 136.36.189.65
Jun 25 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: input_userauth_request: invalid user biblio [preauth]
Jun 25 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Invalid user deploy from 195.178.110.217
Jun 25 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Failed password for invalid user biblio from 136.36.189.65 port 42184 ssh2
Jun 25 01:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Received disconnect from 136.36.189.65 port 42184:11: Bye Bye [preauth]
Jun 25 01:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Disconnected from 136.36.189.65 port 42184 [preauth]
Jun 25 01:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Failed password for invalid user deploy from 195.178.110.217 port 44306 ssh2
Jun 25 01:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Connection closed by 195.178.110.217 port 44306 [preauth]
Jun 25 01:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Invalid user lis from 20.204.136.58
Jun 25 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: input_userauth_request: invalid user lis [preauth]
Jun 25 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Failed password for invalid user lis from 20.204.136.58 port 39826 ssh2
Jun 25 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Received disconnect from 20.204.136.58 port 39826:11: Bye Bye [preauth]
Jun 25 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Disconnected from 20.204.136.58 port 39826 [preauth]
Jun 25 01:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9249]: pam_unix(cron:session): session closed for user root
Jun 25 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 01:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Failed password for root from 139.59.208.49 port 57184 ssh2
Jun 25 01:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Received disconnect from 139.59.208.49 port 57184:11: Bye Bye [preauth]
Jun 25 01:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Disconnected from 139.59.208.49 port 57184 [preauth]
Jun 25 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10770]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: Successful su for rubyman by root
Jun 25 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: + ??? root:rubyman
Jun 25 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587099 of user rubyman.
Jun 25 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587099.
Jun 25 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7943]: pam_unix(cron:session): session closed for user root
Jun 25 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Failed password for root from 64.225.17.153 port 44958 ssh2
Jun 25 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Received disconnect from 64.225.17.153 port 44958:11: Bye Bye [preauth]
Jun 25 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Disconnected from 64.225.17.153 port 44958 [preauth]
Jun 25 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10772]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: Invalid user deploy from 195.178.110.217
Jun 25 01:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: Failed password for invalid user deploy from 195.178.110.217 port 46180 ssh2
Jun 25 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: Connection closed by 195.178.110.217 port 46180 [preauth]
Jun 25 01:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: Failed password for root from 51.250.105.222 port 45418 ssh2
Jun 25 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: Connection closed by 51.250.105.222 port 45418 [preauth]
Jun 25 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9641]: pam_unix(cron:session): session closed for user root
Jun 25 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Invalid user pbs from 136.36.189.65
Jun 25 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: input_userauth_request: invalid user pbs [preauth]
Jun 25 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Failed password for invalid user pbs from 136.36.189.65 port 39930 ssh2
Jun 25 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Received disconnect from 136.36.189.65 port 39930:11: Bye Bye [preauth]
Jun 25 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Disconnected from 136.36.189.65 port 39930 [preauth]
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11262]: Successful su for rubyman by root
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11262]: + ??? root:rubyman
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587104 of user rubyman.
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11262]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587104.
Jun 25 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8433]: pam_unix(cron:session): session closed for user root
Jun 25 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11198]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61  user=root
Jun 25 01:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Failed password for root from 115.140.161.61 port 45744 ssh2
Jun 25 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: Invalid user deploy from 195.178.110.217
Jun 25 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Invalid user nishant from 139.59.208.49
Jun 25 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: input_userauth_request: invalid user nishant [preauth]
Jun 25 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Failed password for root from 115.140.161.61 port 45744 ssh2
Jun 25 01:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: Failed password for invalid user deploy from 195.178.110.217 port 48088 ssh2
Jun 25 01:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: Connection closed by 195.178.110.217 port 48088 [preauth]
Jun 25 01:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Failed password for invalid user nishant from 139.59.208.49 port 47168 ssh2
Jun 25 01:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Received disconnect from 139.59.208.49 port 47168:11: Bye Bye [preauth]
Jun 25 01:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Disconnected from 139.59.208.49 port 47168 [preauth]
Jun 25 01:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Failed password for root from 115.140.161.61 port 45744 ssh2
Jun 25 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: message repeated 3 times: [ Failed password for root from 115.140.161.61 port 45744 ssh2]
Jun 25 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: error: maximum authentication attempts exceeded for root from 115.140.161.61 port 45744 ssh2 [preauth]
Jun 25 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61  user=root
Jun 25 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61  user=root
Jun 25 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Failed password for root from 115.140.161.61 port 48274 ssh2
Jun 25 01:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: message repeated 4 times: [ Failed password for root from 115.140.161.61 port 48274 ssh2]
Jun 25 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session closed for user root
Jun 25 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Failed password for root from 115.140.161.61 port 48274 ssh2
Jun 25 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: error: maximum authentication attempts exceeded for root from 115.140.161.61 port 48274 ssh2 [preauth]
Jun 25 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61  user=root
Jun 25 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 01:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61  user=root
Jun 25 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Failed password for root from 64.225.17.153 port 59288 ssh2
Jun 25 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Received disconnect from 64.225.17.153 port 59288:11: Bye Bye [preauth]
Jun 25 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Disconnected from 64.225.17.153 port 59288 [preauth]
Jun 25 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11560]: Failed password for root from 115.140.161.61 port 51072 ssh2
Jun 25 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11560]: message repeated 5 times: [ Failed password for root from 115.140.161.61 port 51072 ssh2]
Jun 25 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11560]: error: maximum authentication attempts exceeded for root from 115.140.161.61 port 51072 ssh2 [preauth]
Jun 25 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11560]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11560]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61  user=root
Jun 25 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11560]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61  user=root
Jun 25 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11602]: Failed password for root from 115.140.161.61 port 54026 ssh2
Jun 25 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11602]: Received disconnect from 115.140.161.61 port 54026:11: disconnected by user [preauth]
Jun 25 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11602]: Disconnected from 115.140.161.61 port 54026 [preauth]
Jun 25 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: Invalid user admin from 115.140.161.61
Jun 25 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: input_userauth_request: invalid user admin [preauth]
Jun 25 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: Failed password for invalid user admin from 115.140.161.61 port 54706 ssh2
Jun 25 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: Failed password for invalid user admin from 115.140.161.61 port 54706 ssh2
Jun 25 01:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: Failed password for invalid user admin from 115.140.161.61 port 54706 ssh2
Jun 25 01:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: Failed password for invalid user admin from 115.140.161.61 port 54706 ssh2
Jun 25 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: Failed password for invalid user admin from 115.140.161.61 port 54706 ssh2
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11694]: Successful su for rubyman by root
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11694]: + ??? root:rubyman
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587107 of user rubyman.
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11694]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587107.
Jun 25 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: Failed password for invalid user admin from 115.140.161.61 port 54706 ssh2
Jun 25 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: error: maximum authentication attempts exceeded for invalid user admin from 115.140.161.61 port 54706 ssh2 [preauth]
Jun 25 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11616]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8848]: pam_unix(cron:session): session closed for user root
Jun 25 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Invalid user admin from 115.140.161.61
Jun 25 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: input_userauth_request: invalid user admin [preauth]
Jun 25 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11636]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for invalid user admin from 115.140.161.61 port 57508 ssh2
Jun 25 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for invalid user admin from 115.140.161.61 port 57508 ssh2
Jun 25 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Invalid user deploy from 195.178.110.217
Jun 25 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for invalid user admin from 115.140.161.61 port 57508 ssh2
Jun 25 01:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Failed password for invalid user deploy from 195.178.110.217 port 49998 ssh2
Jun 25 01:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Connection closed by 195.178.110.217 port 49998 [preauth]
Jun 25 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for invalid user admin from 115.140.161.61 port 57508 ssh2
Jun 25 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for invalid user admin from 115.140.161.61 port 57508 ssh2
Jun 25 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for invalid user admin from 115.140.161.61 port 57508 ssh2
Jun 25 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: error: maximum authentication attempts exceeded for invalid user admin from 115.140.161.61 port 57508 ssh2 [preauth]
Jun 25 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Invalid user admin from 115.140.161.61
Jun 25 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: input_userauth_request: invalid user admin [preauth]
Jun 25 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Failed password for invalid user admin from 115.140.161.61 port 60094 ssh2
Jun 25 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Invalid user testnet from 136.36.189.65
Jun 25 01:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: input_userauth_request: invalid user testnet [preauth]
Jun 25 01:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Failed password for invalid user admin from 115.140.161.61 port 60094 ssh2
Jun 25 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Failed password for invalid user testnet from 136.36.189.65 port 40882 ssh2
Jun 25 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Received disconnect from 136.36.189.65 port 40882:11: Bye Bye [preauth]
Jun 25 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Disconnected from 136.36.189.65 port 40882 [preauth]
Jun 25 01:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Failed password for invalid user admin from 115.140.161.61 port 60094 ssh2
Jun 25 01:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Failed password for invalid user admin from 115.140.161.61 port 60094 ssh2
Jun 25 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Received disconnect from 115.140.161.61 port 60094:11: disconnected by user [preauth]
Jun 25 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Disconnected from 115.140.161.61 port 60094 [preauth]
Jun 25 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Invalid user oracle from 115.140.161.61
Jun 25 01:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: input_userauth_request: invalid user oracle [preauth]
Jun 25 01:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for invalid user oracle from 115.140.161.61 port 33842 ssh2
Jun 25 01:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for invalid user oracle from 115.140.161.61 port 33842 ssh2
Jun 25 01:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for invalid user oracle from 115.140.161.61 port 33842 ssh2
Jun 25 01:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10776]: pam_unix(cron:session): session closed for user root
Jun 25 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for invalid user oracle from 115.140.161.61 port 33842 ssh2
Jun 25 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 01:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for invalid user oracle from 115.140.161.61 port 33842 ssh2
Jun 25 01:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12043]: Failed password for root from 139.59.208.49 port 52730 ssh2
Jun 25 01:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12043]: Received disconnect from 139.59.208.49 port 52730:11: Bye Bye [preauth]
Jun 25 01:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12043]: Disconnected from 139.59.208.49 port 52730 [preauth]
Jun 25 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for invalid user oracle from 115.140.161.61 port 33842 ssh2
Jun 25 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: error: maximum authentication attempts exceeded for invalid user oracle from 115.140.161.61 port 33842 ssh2 [preauth]
Jun 25 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Invalid user oracle from 115.140.161.61
Jun 25 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: input_userauth_request: invalid user oracle [preauth]
Jun 25 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Failed password for invalid user oracle from 115.140.161.61 port 36514 ssh2
Jun 25 01:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Failed password for invalid user oracle from 115.140.161.61 port 36514 ssh2
Jun 25 01:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Failed password for invalid user oracle from 115.140.161.61 port 36514 ssh2
Jun 25 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Failed password for invalid user oracle from 115.140.161.61 port 36514 ssh2
Jun 25 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Failed password for invalid user oracle from 115.140.161.61 port 36514 ssh2
Jun 25 01:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Failed password for invalid user oracle from 115.140.161.61 port 36514 ssh2
Jun 25 01:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: error: maximum authentication attempts exceeded for invalid user oracle from 115.140.161.61 port 36514 ssh2 [preauth]
Jun 25 01:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Invalid user oracle from 115.140.161.61
Jun 25 01:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: input_userauth_request: invalid user oracle [preauth]
Jun 25 01:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for invalid user oracle from 115.140.161.61 port 39386 ssh2
Jun 25 01:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for invalid user oracle from 115.140.161.61 port 39386 ssh2
Jun 25 01:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Received disconnect from 115.140.161.61 port 39386:11: disconnected by user [preauth]
Jun 25 01:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Disconnected from 115.140.161.61 port 39386 [preauth]
Jun 25 01:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Invalid user usuario from 115.140.161.61
Jun 25 01:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: input_userauth_request: invalid user usuario [preauth]
Jun 25 01:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12106]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Failed password for invalid user usuario from 115.140.161.61 port 40514 ssh2
Jun 25 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12231]: Successful su for rubyman by root
Jun 25 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12231]: + ??? root:rubyman
Jun 25 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587111 of user rubyman.
Jun 25 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12231]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587111.
Jun 25 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12104]: pam_unix(cron:session): session closed for user root
Jun 25 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9248]: pam_unix(cron:session): session closed for user root
Jun 25 01:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Failed password for invalid user usuario from 115.140.161.61 port 40514 ssh2
Jun 25 01:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: Invalid user deploy from 195.178.110.217
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Invalid user william from 64.225.17.153
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: input_userauth_request: invalid user william [preauth]
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Failed password for invalid user usuario from 115.140.161.61 port 40514 ssh2
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12108]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Failed password for invalid user william from 64.225.17.153 port 54074 ssh2
Jun 25 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Received disconnect from 64.225.17.153 port 54074:11: Bye Bye [preauth]
Jun 25 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Disconnected from 64.225.17.153 port 54074 [preauth]
Jun 25 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: Failed password for invalid user deploy from 195.178.110.217 port 51894 ssh2
Jun 25 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Failed password for invalid user usuario from 115.140.161.61 port 40514 ssh2
Jun 25 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: Connection closed by 195.178.110.217 port 51894 [preauth]
Jun 25 01:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Failed password for invalid user usuario from 115.140.161.61 port 40514 ssh2
Jun 25 01:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Failed password for invalid user usuario from 115.140.161.61 port 40514 ssh2
Jun 25 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: error: maximum authentication attempts exceeded for invalid user usuario from 115.140.161.61 port 40514 ssh2 [preauth]
Jun 25 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12102]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Invalid user usuario from 115.140.161.61
Jun 25 01:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: input_userauth_request: invalid user usuario [preauth]
Jun 25 01:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for invalid user usuario from 115.140.161.61 port 43350 ssh2
Jun 25 01:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for invalid user usuario from 115.140.161.61 port 43350 ssh2
Jun 25 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for invalid user usuario from 115.140.161.61 port 43350 ssh2
Jun 25 01:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for invalid user usuario from 115.140.161.61 port 43350 ssh2
Jun 25 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for invalid user usuario from 115.140.161.61 port 43350 ssh2
Jun 25 01:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for invalid user usuario from 115.140.161.61 port 43350 ssh2
Jun 25 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: error: maximum authentication attempts exceeded for invalid user usuario from 115.140.161.61 port 43350 ssh2 [preauth]
Jun 25 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Invalid user usuario from 115.140.161.61
Jun 25 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: input_userauth_request: invalid user usuario [preauth]
Jun 25 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Failed password for invalid user usuario from 115.140.161.61 port 46180 ssh2
Jun 25 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11201]: pam_unix(cron:session): session closed for user root
Jun 25 01:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Failed password for invalid user usuario from 115.140.161.61 port 46180 ssh2
Jun 25 01:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Received disconnect from 115.140.161.61 port 46180:11: disconnected by user [preauth]
Jun 25 01:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Disconnected from 115.140.161.61 port 46180 [preauth]
Jun 25 01:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Invalid user test from 115.140.161.61
Jun 25 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: input_userauth_request: invalid user test [preauth]
Jun 25 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Failed password for invalid user test from 115.140.161.61 port 47280 ssh2
Jun 25 01:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Failed password for invalid user test from 115.140.161.61 port 47280 ssh2
Jun 25 01:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Failed password for invalid user test from 115.140.161.61 port 47280 ssh2
Jun 25 01:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Failed password for invalid user test from 115.140.161.61 port 47280 ssh2
Jun 25 01:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Failed password for invalid user test from 115.140.161.61 port 47280 ssh2
Jun 25 01:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Failed password for invalid user test from 115.140.161.61 port 47280 ssh2
Jun 25 01:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: error: maximum authentication attempts exceeded for invalid user test from 115.140.161.61 port 47280 ssh2 [preauth]
Jun 25 01:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: Invalid user test from 115.140.161.61
Jun 25 01:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: input_userauth_request: invalid user test [preauth]
Jun 25 01:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Invalid user proxy2 from 136.36.189.65
Jun 25 01:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: input_userauth_request: invalid user proxy2 [preauth]
Jun 25 01:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Failed password for invalid user proxy2 from 136.36.189.65 port 42014 ssh2
Jun 25 01:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Received disconnect from 136.36.189.65 port 42014:11: Bye Bye [preauth]
Jun 25 01:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Disconnected from 136.36.189.65 port 42014 [preauth]
Jun 25 01:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: Failed password for invalid user test from 115.140.161.61 port 49974 ssh2
Jun 25 01:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: Failed password for invalid user test from 115.140.161.61 port 49974 ssh2
Jun 25 01:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: Failed password for invalid user test from 115.140.161.61 port 49974 ssh2
Jun 25 01:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: Failed password for invalid user test from 115.140.161.61 port 49974 ssh2
Jun 25 01:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12739]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12739]: pam_unix(cron:session): session closed for user root
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12733]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12809]: Successful su for rubyman by root
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12809]: + ??? root:rubyman
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587118 of user rubyman.
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12809]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587118.
Jun 25 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: Failed password for invalid user test from 115.140.161.61 port 49974 ssh2
Jun 25 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: Invalid user deploy from 195.178.110.217
Jun 25 01:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: input_userauth_request: invalid user deploy [preauth]
Jun 25 01:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12735]: pam_unix(cron:session): session closed for user root
Jun 25 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: Failed password for invalid user test from 115.140.161.61 port 49974 ssh2
Jun 25 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: error: maximum authentication attempts exceeded for invalid user test from 115.140.161.61 port 49974 ssh2 [preauth]
Jun 25 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12709]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session closed for user root
Jun 25 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: Failed password for invalid user deploy from 195.178.110.217 port 53780 ssh2
Jun 25 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: Connection closed by 195.178.110.217 port 53780 [preauth]
Jun 25 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: Invalid user test from 115.140.161.61
Jun 25 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: input_userauth_request: invalid user test [preauth]
Jun 25 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12734]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: Failed password for invalid user test from 115.140.161.61 port 52746 ssh2
Jun 25 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13008]: Failed password for root from 139.59.208.49 port 53050 ssh2
Jun 25 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13008]: Received disconnect from 139.59.208.49 port 53050:11: Bye Bye [preauth]
Jun 25 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13008]: Disconnected from 139.59.208.49 port 53050 [preauth]
Jun 25 01:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: Failed password for invalid user test from 115.140.161.61 port 52746 ssh2
Jun 25 01:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: Received disconnect from 115.140.161.61 port 52746:11: disconnected by user [preauth]
Jun 25 01:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: Disconnected from 115.140.161.61 port 52746 [preauth]
Jun 25 01:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Invalid user user from 115.140.161.61
Jun 25 01:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: input_userauth_request: invalid user user [preauth]
Jun 25 01:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Failed password for invalid user user from 115.140.161.61 port 53900 ssh2
Jun 25 01:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Failed password for invalid user user from 115.140.161.61 port 53900 ssh2
Jun 25 01:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Failed password for invalid user user from 115.140.161.61 port 53900 ssh2
Jun 25 01:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Failed password for invalid user user from 115.140.161.61 port 53900 ssh2
Jun 25 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Failed password for invalid user user from 115.140.161.61 port 53900 ssh2
Jun 25 01:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Failed password for invalid user user from 115.140.161.61 port 53900 ssh2
Jun 25 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: error: maximum authentication attempts exceeded for invalid user user from 115.140.161.61 port 53900 ssh2 [preauth]
Jun 25 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Invalid user user from 115.140.161.61
Jun 25 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: input_userauth_request: invalid user user [preauth]
Jun 25 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Failed password for invalid user user from 115.140.161.61 port 56668 ssh2
Jun 25 01:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Failed password for invalid user user from 115.140.161.61 port 56668 ssh2
Jun 25 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Failed password for invalid user user from 115.140.161.61 port 56668 ssh2
Jun 25 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session closed for user root
Jun 25 01:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Failed password for invalid user user from 115.140.161.61 port 56668 ssh2
Jun 25 01:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Failed password for invalid user user from 115.140.161.61 port 56668 ssh2
Jun 25 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Failed password for invalid user user from 115.140.161.61 port 56668 ssh2
Jun 25 01:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: error: maximum authentication attempts exceeded for invalid user user from 115.140.161.61 port 56668 ssh2 [preauth]
Jun 25 01:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Invalid user user from 115.140.161.61
Jun 25 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: input_userauth_request: invalid user user [preauth]
Jun 25 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Failed password for invalid user user from 115.140.161.61 port 59480 ssh2
Jun 25 01:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 01:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Failed password for invalid user user from 115.140.161.61 port 59480 ssh2
Jun 25 01:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13158]: Failed password for root from 64.225.17.153 port 53728 ssh2
Jun 25 01:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13158]: Received disconnect from 64.225.17.153 port 53728:11: Bye Bye [preauth]
Jun 25 01:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13158]: Disconnected from 64.225.17.153 port 53728 [preauth]
Jun 25 01:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Failed password for invalid user user from 115.140.161.61 port 59480 ssh2
Jun 25 01:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Failed password for invalid user user from 115.140.161.61 port 59480 ssh2
Jun 25 01:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Received disconnect from 115.140.161.61 port 59480:11: disconnected by user [preauth]
Jun 25 01:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Disconnected from 115.140.161.61 port 59480 [preauth]
Jun 25 01:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 01:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Invalid user ftpuser from 115.140.161.61
Jun 25 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for invalid user ftpuser from 115.140.161.61 port 33190 ssh2
Jun 25 01:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for invalid user ftpuser from 115.140.161.61 port 33190 ssh2
Jun 25 01:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 01:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for invalid user ftpuser from 115.140.161.61 port 33190 ssh2
Jun 25 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: Invalid user dev from 195.178.110.217
Jun 25 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: input_userauth_request: invalid user dev [preauth]
Jun 25 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: Failed password for root from 103.82.20.28 port 38216 ssh2
Jun 25 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: Connection closed by 103.82.20.28 port 38216 [preauth]
Jun 25 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13208]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for invalid user ftpuser from 115.140.161.61 port 33190 ssh2
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13283]: Successful su for rubyman by root
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13283]: + ??? root:rubyman
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587124 of user rubyman.
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13283]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587124.
Jun 25 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: Failed password for invalid user dev from 195.178.110.217 port 55634 ssh2
Jun 25 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: Connection closed by 195.178.110.217 port 55634 [preauth]
Jun 25 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for invalid user ftpuser from 115.140.161.61 port 33190 ssh2
Jun 25 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session closed for user root
Jun 25 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for invalid user ftpuser from 115.140.161.61 port 33190 ssh2
Jun 25 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: error: maximum authentication attempts exceeded for invalid user ftpuser from 115.140.161.61 port 33190 ssh2 [preauth]
Jun 25 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Invalid user ftpuser from 115.140.161.61
Jun 25 01:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 01:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Failed password for invalid user ftpuser from 115.140.161.61 port 36008 ssh2
Jun 25 01:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Failed password for invalid user ftpuser from 115.140.161.61 port 36008 ssh2
Jun 25 01:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Failed password for invalid user ftpuser from 115.140.161.61 port 36008 ssh2
Jun 25 01:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Failed password for invalid user ftpuser from 115.140.161.61 port 36008 ssh2
Jun 25 01:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Failed password for invalid user ftpuser from 115.140.161.61 port 36008 ssh2
Jun 25 01:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Failed password for invalid user ftpuser from 115.140.161.61 port 36008 ssh2
Jun 25 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: error: maximum authentication attempts exceeded for invalid user ftpuser from 115.140.161.61 port 36008 ssh2 [preauth]
Jun 25 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Invalid user ftpuser from 115.140.161.61
Jun 25 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Failed password for invalid user ftpuser from 115.140.161.61 port 38852 ssh2
Jun 25 01:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Failed password for invalid user ftpuser from 115.140.161.61 port 38852 ssh2
Jun 25 01:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Invalid user contenidos from 136.36.189.65
Jun 25 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: input_userauth_request: invalid user contenidos [preauth]
Jun 25 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Failed password for invalid user ftpuser from 115.140.161.61 port 38852 ssh2
Jun 25 01:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Failed password for invalid user contenidos from 136.36.189.65 port 51580 ssh2
Jun 25 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Received disconnect from 136.36.189.65 port 51580:11: Bye Bye [preauth]
Jun 25 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Disconnected from 136.36.189.65 port 51580 [preauth]
Jun 25 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Failed password for invalid user ftpuser from 115.140.161.61 port 38852 ssh2
Jun 25 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Received disconnect from 115.140.161.61 port 38852:11: disconnected by user [preauth]
Jun 25 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Disconnected from 115.140.161.61 port 38852 [preauth]
Jun 25 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Invalid user test1 from 115.140.161.61
Jun 25 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: input_userauth_request: invalid user test1 [preauth]
Jun 25 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12110]: pam_unix(cron:session): session closed for user root
Jun 25 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Failed password for invalid user test1 from 115.140.161.61 port 40772 ssh2
Jun 25 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Failed password for invalid user test1 from 115.140.161.61 port 40772 ssh2
Jun 25 01:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 01:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Failed password for invalid user test1 from 115.140.161.61 port 40772 ssh2
Jun 25 01:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: Failed password for root from 139.59.208.49 port 54110 ssh2
Jun 25 01:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: Received disconnect from 139.59.208.49 port 54110:11: Bye Bye [preauth]
Jun 25 01:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: Disconnected from 139.59.208.49 port 54110 [preauth]
Jun 25 01:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Failed password for invalid user test1 from 115.140.161.61 port 40772 ssh2
Jun 25 01:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Failed password for invalid user test1 from 115.140.161.61 port 40772 ssh2
Jun 25 01:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Failed password for invalid user test1 from 115.140.161.61 port 40772 ssh2
Jun 25 01:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: error: maximum authentication attempts exceeded for invalid user test1 from 115.140.161.61 port 40772 ssh2 [preauth]
Jun 25 01:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Invalid user test1 from 115.140.161.61
Jun 25 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: input_userauth_request: invalid user test1 [preauth]
Jun 25 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Failed password for invalid user test1 from 115.140.161.61 port 43570 ssh2
Jun 25 01:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Failed password for invalid user test1 from 115.140.161.61 port 43570 ssh2
Jun 25 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Invalid user dev from 195.178.110.217
Jun 25 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: input_userauth_request: invalid user dev [preauth]
Jun 25 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Failed password for invalid user test1 from 115.140.161.61 port 43570 ssh2
Jun 25 01:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Failed password for invalid user dev from 195.178.110.217 port 57502 ssh2
Jun 25 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Connection closed by 195.178.110.217 port 57502 [preauth]
Jun 25 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Failed password for invalid user test1 from 115.140.161.61 port 43570 ssh2
Jun 25 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Failed password for invalid user test1 from 115.140.161.61 port 43570 ssh2
Jun 25 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13630]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13691]: Successful su for rubyman by root
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13691]: + ??? root:rubyman
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587126 of user rubyman.
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13691]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587126.
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Failed password for invalid user test1 from 115.140.161.61 port 43570 ssh2
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: error: maximum authentication attempts exceeded for invalid user test1 from 115.140.161.61 port 43570 ssh2 [preauth]
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: Invalid user test1 from 115.140.161.61
Jun 25 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: input_userauth_request: invalid user test1 [preauth]
Jun 25 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10775]: pam_unix(cron:session): session closed for user root
Jun 25 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: Failed password for invalid user test1 from 115.140.161.61 port 46366 ssh2
Jun 25 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: Failed password for invalid user test1 from 115.140.161.61 port 46366 ssh2
Jun 25 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: Received disconnect from 115.140.161.61 port 46366:11: disconnected by user [preauth]
Jun 25 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: Disconnected from 115.140.161.61 port 46366 [preauth]
Jun 25 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Invalid user test2 from 115.140.161.61
Jun 25 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: input_userauth_request: invalid user test2 [preauth]
Jun 25 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Invalid user pbs from 20.204.136.58
Jun 25 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: input_userauth_request: invalid user pbs [preauth]
Jun 25 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for invalid user test2 from 115.140.161.61 port 47478 ssh2
Jun 25 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user pbs from 20.204.136.58 port 59282 ssh2
Jun 25 01:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for invalid user test2 from 115.140.161.61 port 47478 ssh2
Jun 25 01:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Received disconnect from 20.204.136.58 port 59282:11: Bye Bye [preauth]
Jun 25 01:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Disconnected from 20.204.136.58 port 59282 [preauth]
Jun 25 01:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for invalid user test2 from 115.140.161.61 port 47478 ssh2
Jun 25 01:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for invalid user test2 from 115.140.161.61 port 47478 ssh2
Jun 25 01:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for invalid user test2 from 115.140.161.61 port 47478 ssh2
Jun 25 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Invalid user nishant from 64.225.17.153
Jun 25 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: input_userauth_request: invalid user nishant [preauth]
Jun 25 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for invalid user test2 from 115.140.161.61 port 47478 ssh2
Jun 25 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: error: maximum authentication attempts exceeded for invalid user test2 from 115.140.161.61 port 47478 ssh2 [preauth]
Jun 25 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Failed password for invalid user nishant from 64.225.17.153 port 38126 ssh2
Jun 25 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Received disconnect from 64.225.17.153 port 38126:11: Bye Bye [preauth]
Jun 25 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Disconnected from 64.225.17.153 port 38126 [preauth]
Jun 25 01:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Invalid user test2 from 115.140.161.61
Jun 25 01:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: input_userauth_request: invalid user test2 [preauth]
Jun 25 01:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for invalid user test2 from 115.140.161.61 port 50122 ssh2
Jun 25 01:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for invalid user test2 from 115.140.161.61 port 50122 ssh2
Jun 25 01:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for invalid user test2 from 115.140.161.61 port 50122 ssh2
Jun 25 01:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for invalid user test2 from 115.140.161.61 port 50122 ssh2
Jun 25 01:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for invalid user test2 from 115.140.161.61 port 50122 ssh2
Jun 25 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12737]: pam_unix(cron:session): session closed for user root
Jun 25 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for invalid user test2 from 115.140.161.61 port 50122 ssh2
Jun 25 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: error: maximum authentication attempts exceeded for invalid user test2 from 115.140.161.61 port 50122 ssh2 [preauth]
Jun 25 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Invalid user test2 from 115.140.161.61
Jun 25 01:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: input_userauth_request: invalid user test2 [preauth]
Jun 25 01:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for invalid user test2 from 115.140.161.61 port 52910 ssh2
Jun 25 01:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for invalid user test2 from 115.140.161.61 port 52910 ssh2
Jun 25 01:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Received disconnect from 115.140.161.61 port 52910:11: disconnected by user [preauth]
Jun 25 01:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Disconnected from 115.140.161.61 port 52910 [preauth]
Jun 25 01:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Invalid user ubuntu from 115.140.161.61
Jun 25 01:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 01:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user ubuntu from 115.140.161.61 port 53922 ssh2
Jun 25 01:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user ubuntu from 115.140.161.61 port 53922 ssh2
Jun 25 01:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: Invalid user dev from 195.178.110.217
Jun 25 01:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: input_userauth_request: invalid user dev [preauth]
Jun 25 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user ubuntu from 115.140.161.61 port 53922 ssh2
Jun 25 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: Failed password for invalid user dev from 195.178.110.217 port 59344 ssh2
Jun 25 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: Connection closed by 195.178.110.217 port 59344 [preauth]
Jun 25 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user ubuntu from 115.140.161.61 port 53922 ssh2
Jun 25 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user ubuntu from 115.140.161.61 port 53922 ssh2
Jun 25 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user ubuntu from 115.140.161.61 port 53922 ssh2
Jun 25 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: error: maximum authentication attempts exceeded for invalid user ubuntu from 115.140.161.61 port 53922 ssh2 [preauth]
Jun 25 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Invalid user ubuntu from 115.140.161.61
Jun 25 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for invalid user ubuntu from 115.140.161.61 port 56614 ssh2
Jun 25 01:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Invalid user cea from 136.36.189.65
Jun 25 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: input_userauth_request: invalid user cea [preauth]
Jun 25 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14058]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for invalid user ubuntu from 115.140.161.61 port 56614 ssh2
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14117]: Successful su for rubyman by root
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14117]: + ??? root:rubyman
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587131 of user rubyman.
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14117]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587131.
Jun 25 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Failed password for invalid user cea from 136.36.189.65 port 58474 ssh2
Jun 25 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Received disconnect from 136.36.189.65 port 58474:11: Bye Bye [preauth]
Jun 25 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Disconnected from 136.36.189.65 port 58474 [preauth]
Jun 25 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for invalid user ubuntu from 115.140.161.61 port 56614 ssh2
Jun 25 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11200]: pam_unix(cron:session): session closed for user root
Jun 25 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for invalid user ubuntu from 115.140.161.61 port 56614 ssh2
Jun 25 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14059]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for invalid user ubuntu from 115.140.161.61 port 56614 ssh2
Jun 25 01:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for invalid user ubuntu from 115.140.161.61 port 56614 ssh2
Jun 25 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: error: maximum authentication attempts exceeded for invalid user ubuntu from 115.140.161.61 port 56614 ssh2 [preauth]
Jun 25 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Disconnecting: Too many authentication failures [preauth]
Jun 25 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Invalid user ubuntu from 115.140.161.61
Jun 25 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Failed password for invalid user ubuntu from 115.140.161.61 port 59272 ssh2
Jun 25 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: Invalid user debian1 from 139.59.208.49
Jun 25 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: input_userauth_request: invalid user debian1 [preauth]
Jun 25 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: Failed password for invalid user debian1 from 139.59.208.49 port 35528 ssh2
Jun 25 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Failed password for invalid user ubuntu from 115.140.161.61 port 59272 ssh2
Jun 25 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: Received disconnect from 139.59.208.49 port 35528:11: Bye Bye [preauth]
Jun 25 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: Disconnected from 139.59.208.49 port 35528 [preauth]
Jun 25 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Failed password for invalid user ubuntu from 115.140.161.61 port 59272 ssh2
Jun 25 01:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Failed password for invalid user ubuntu from 115.140.161.61 port 59272 ssh2
Jun 25 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Received disconnect from 115.140.161.61 port 59272:11: disconnected by user [preauth]
Jun 25 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Disconnected from 115.140.161.61 port 59272 [preauth]
Jun 25 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Invalid user pi from 115.140.161.61
Jun 25 01:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: input_userauth_request: invalid user pi [preauth]
Jun 25 01:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Failed password for invalid user pi from 115.140.161.61 port 32974 ssh2
Jun 25 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Failed password for invalid user pi from 115.140.161.61 port 32974 ssh2
Jun 25 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Failed password for invalid user pi from 115.140.161.61 port 32974 ssh2
Jun 25 01:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Failed password for invalid user pi from 115.140.161.61 port 32974 ssh2
Jun 25 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Received disconnect from 115.140.161.61 port 32974:11: disconnected by user [preauth]
Jun 25 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Disconnected from 115.140.161.61 port 32974 [preauth]
Jun 25 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: Invalid user baikal from 115.140.161.61
Jun 25 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: input_userauth_request: invalid user baikal [preauth]
Jun 25 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.140.161.61
Jun 25 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: Failed password for invalid user baikal from 115.140.161.61 port 34862 ssh2
Jun 25 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: Received disconnect from 115.140.161.61 port 34862:11: disconnected by user [preauth]
Jun 25 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: Disconnected from 115.140.161.61 port 34862 [preauth]
Jun 25 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session closed for user root
Jun 25 01:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Invalid user dev from 195.178.110.217
Jun 25 01:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: input_userauth_request: invalid user dev [preauth]
Jun 25 01:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Failed password for invalid user dev from 195.178.110.217 port 33008 ssh2
Jun 25 01:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Connection closed by 195.178.110.217 port 33008 [preauth]
Jun 25 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: Failed password for root from 64.225.17.153 port 44748 ssh2
Jun 25 01:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: Received disconnect from 64.225.17.153 port 44748:11: Bye Bye [preauth]
Jun 25 01:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: Disconnected from 64.225.17.153 port 44748 [preauth]
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14512]: Successful su for rubyman by root
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14512]: + ??? root:rubyman
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587134 of user rubyman.
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14512]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587134.
Jun 25 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session closed for user root
Jun 25 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14449]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Invalid user lis from 136.36.189.65
Jun 25 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: input_userauth_request: invalid user lis [preauth]
Jun 25 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Failed password for invalid user lis from 136.36.189.65 port 35592 ssh2
Jun 25 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Received disconnect from 136.36.189.65 port 35592:11: Bye Bye [preauth]
Jun 25 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Disconnected from 136.36.189.65 port 35592 [preauth]
Jun 25 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13633]: pam_unix(cron:session): session closed for user root
Jun 25 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Invalid user dev from 195.178.110.217
Jun 25 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: input_userauth_request: invalid user dev [preauth]
Jun 25 01:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 01:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Failed password for invalid user dev from 195.178.110.217 port 34874 ssh2
Jun 25 01:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: Failed password for root from 139.59.208.49 port 45954 ssh2
Jun 25 01:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: Received disconnect from 139.59.208.49 port 45954:11: Bye Bye [preauth]
Jun 25 01:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: Disconnected from 139.59.208.49 port 45954 [preauth]
Jun 25 01:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Connection closed by 195.178.110.217 port 34874 [preauth]
Jun 25 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14956]: pam_unix(cron:session): session closed for user root
Jun 25 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14949]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: Successful su for rubyman by root
Jun 25 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: + ??? root:rubyman
Jun 25 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587139 of user rubyman.
Jun 25 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587139.
Jun 25 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session closed for user root
Jun 25 01:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12109]: pam_unix(cron:session): session closed for user root
Jun 25 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153  user=root
Jun 25 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: Failed password for root from 64.225.17.153 port 34532 ssh2
Jun 25 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: Received disconnect from 64.225.17.153 port 34532:11: Bye Bye [preauth]
Jun 25 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: Disconnected from 64.225.17.153 port 34532 [preauth]
Jun 25 01:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14061]: pam_unix(cron:session): session closed for user root
Jun 25 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: Invalid user dev from 195.178.110.217
Jun 25 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: input_userauth_request: invalid user dev [preauth]
Jun 25 01:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Invalid user biblio from 20.204.136.58
Jun 25 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: input_userauth_request: invalid user biblio [preauth]
Jun 25 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: Failed password for invalid user dev from 195.178.110.217 port 36750 ssh2
Jun 25 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: Connection closed by 195.178.110.217 port 36750 [preauth]
Jun 25 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Failed password for invalid user biblio from 20.204.136.58 port 37728 ssh2
Jun 25 01:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Received disconnect from 20.204.136.58 port 37728:11: Bye Bye [preauth]
Jun 25 01:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15327]: Disconnected from 20.204.136.58 port 37728 [preauth]
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15385]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Invalid user acta from 136.36.189.65
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: input_userauth_request: invalid user acta [preauth]
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15450]: Successful su for rubyman by root
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15450]: + ??? root:rubyman
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587144 of user rubyman.
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15450]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587144.
Jun 25 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Failed password for invalid user acta from 136.36.189.65 port 50290 ssh2
Jun 25 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Received disconnect from 136.36.189.65 port 50290:11: Bye Bye [preauth]
Jun 25 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Disconnected from 136.36.189.65 port 50290 [preauth]
Jun 25 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12736]: pam_unix(cron:session): session closed for user root
Jun 25 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15511]: Failed password for root from 139.59.208.49 port 45678 ssh2
Jun 25 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15511]: Received disconnect from 139.59.208.49 port 45678:11: Bye Bye [preauth]
Jun 25 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15511]: Disconnected from 139.59.208.49 port 45678 [preauth]
Jun 25 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15386]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Invalid user dev from 195.178.110.217
Jun 25 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: input_userauth_request: invalid user dev [preauth]
Jun 25 01:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Failed password for invalid user dev from 195.178.110.217 port 38654 ssh2
Jun 25 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Connection closed by 195.178.110.217 port 38654 [preauth]
Jun 25 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14451]: pam_unix(cron:session): session closed for user root
Jun 25 01:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: Invalid user harsha from 64.225.17.153
Jun 25 01:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: input_userauth_request: invalid user harsha [preauth]
Jun 25 01:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 01:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: Failed password for invalid user harsha from 64.225.17.153 port 46514 ssh2
Jun 25 01:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: Received disconnect from 64.225.17.153 port 46514:11: Bye Bye [preauth]
Jun 25 01:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: Disconnected from 64.225.17.153 port 46514 [preauth]
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15782]: pam_unix(cron:session): session closed for user root
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15845]: Successful su for rubyman by root
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15845]: + ??? root:rubyman
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587148 of user rubyman.
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15845]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587148.
Jun 25 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session closed for user root
Jun 25 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 01:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Failed password for root from 103.27.238.116 port 37808 ssh2
Jun 25 01:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Connection closed by 103.27.238.116 port 37808 [preauth]
Jun 25 01:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Invalid user dev from 195.178.110.217
Jun 25 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: input_userauth_request: invalid user dev [preauth]
Jun 25 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Failed password for invalid user dev from 195.178.110.217 port 40548 ssh2
Jun 25 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Connection closed by 195.178.110.217 port 40548 [preauth]
Jun 25 01:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: Invalid user fastuser from 139.59.208.49
Jun 25 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 01:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: Failed password for invalid user fastuser from 139.59.208.49 port 59674 ssh2
Jun 25 01:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: Received disconnect from 139.59.208.49 port 59674:11: Bye Bye [preauth]
Jun 25 01:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: Disconnected from 139.59.208.49 port 59674 [preauth]
Jun 25 01:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14954]: pam_unix(cron:session): session closed for user root
Jun 25 01:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: Invalid user aukcje from 136.36.189.65
Jun 25 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: input_userauth_request: invalid user aukcje [preauth]
Jun 25 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: Failed password for invalid user aukcje from 136.36.189.65 port 32836 ssh2
Jun 25 01:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: Received disconnect from 136.36.189.65 port 32836:11: Bye Bye [preauth]
Jun 25 01:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16131]: Disconnected from 136.36.189.65 port 32836 [preauth]
Jun 25 01:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: Invalid user jara from 141.98.83.240
Jun 25 01:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: input_userauth_request: invalid user jara [preauth]
Jun 25 01:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: Failed password for invalid user jara from 141.98.83.240 port 9600 ssh2
Jun 25 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: Failed password for invalid user jara from 141.98.83.240 port 9600 ssh2
Jun 25 01:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: Failed password for invalid user jara from 141.98.83.240 port 9600 ssh2
Jun 25 01:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: Connection closed by 141.98.83.240 port 9600 [preauth]
Jun 25 01:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16154]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16185]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16246]: Successful su for rubyman by root
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16246]: + ??? root:rubyman
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587154 of user rubyman.
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16246]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587154.
Jun 25 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13632]: pam_unix(cron:session): session closed for user root
Jun 25 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16186]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Invalid user dev from 195.178.110.217
Jun 25 01:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: input_userauth_request: invalid user dev [preauth]
Jun 25 01:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Failed password for invalid user dev from 195.178.110.217 port 42412 ssh2
Jun 25 01:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Connection closed by 195.178.110.217 port 42412 [preauth]
Jun 25 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16486]: Invalid user peertube from 64.225.17.153
Jun 25 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16486]: input_userauth_request: invalid user peertube [preauth]
Jun 25 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16486]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 01:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16486]: Failed password for invalid user peertube from 64.225.17.153 port 36446 ssh2
Jun 25 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16486]: Received disconnect from 64.225.17.153 port 36446:11: Bye Bye [preauth]
Jun 25 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16486]: Disconnected from 64.225.17.153 port 36446 [preauth]
Jun 25 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15388]: pam_unix(cron:session): session closed for user root
Jun 25 01:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: Invalid user aukcje from 20.204.136.58
Jun 25 01:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: input_userauth_request: invalid user aukcje [preauth]
Jun 25 01:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: Invalid user lorenzo from 139.59.208.49
Jun 25 01:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: input_userauth_request: invalid user lorenzo [preauth]
Jun 25 01:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49
Jun 25 01:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: Failed password for invalid user aukcje from 20.204.136.58 port 40006 ssh2
Jun 25 01:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: Received disconnect from 20.204.136.58 port 40006:11: Bye Bye [preauth]
Jun 25 01:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: Disconnected from 20.204.136.58 port 40006 [preauth]
Jun 25 01:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: Failed password for invalid user lorenzo from 139.59.208.49 port 50734 ssh2
Jun 25 01:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: Received disconnect from 139.59.208.49 port 50734:11: Bye Bye [preauth]
Jun 25 01:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: Disconnected from 139.59.208.49 port 50734 [preauth]
Jun 25 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16581]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16644]: Successful su for rubyman by root
Jun 25 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16644]: + ??? root:rubyman
Jun 25 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587159 of user rubyman.
Jun 25 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16644]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587159.
Jun 25 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14060]: pam_unix(cron:session): session closed for user root
Jun 25 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16582]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 01:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16829]: Failed password for root from 38.93.206.2 port 14780 ssh2
Jun 25 01:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16829]: Connection closed by 38.93.206.2 port 14780 [preauth]
Jun 25 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Invalid user developer from 195.178.110.217
Jun 25 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Failed password for invalid user developer from 195.178.110.217 port 44254 ssh2
Jun 25 01:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Connection closed by 195.178.110.217 port 44254 [preauth]
Jun 25 01:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: Invalid user aukcje from 136.36.189.65
Jun 25 01:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: input_userauth_request: invalid user aukcje [preauth]
Jun 25 01:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: Failed password for invalid user aukcje from 136.36.189.65 port 42188 ssh2
Jun 25 01:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: Received disconnect from 136.36.189.65 port 42188:11: Bye Bye [preauth]
Jun 25 01:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: Disconnected from 136.36.189.65 port 42188 [preauth]
Jun 25 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session closed for user root
Jun 25 01:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17041]: Failed password for root from 103.82.132.16 port 41132 ssh2
Jun 25 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17041]: Connection closed by 103.82.132.16 port 41132 [preauth]
Jun 25 01:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Invalid user ubuntu from 64.225.17.153
Jun 25 01:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 01:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Failed password for invalid user ubuntu from 64.225.17.153 port 40484 ssh2
Jun 25 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Received disconnect from 64.225.17.153 port 40484:11: Bye Bye [preauth]
Jun 25 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Disconnected from 64.225.17.153 port 40484 [preauth]
Jun 25 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17092]: pam_unix(cron:session): session closed for user root
Jun 25 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17087]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: Successful su for rubyman by root
Jun 25 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: + ??? root:rubyman
Jun 25 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587161 of user rubyman.
Jun 25 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587161.
Jun 25 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17089]: pam_unix(cron:session): session closed for user root
Jun 25 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session closed for user root
Jun 25 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17088]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Invalid user developer from 195.178.110.217
Jun 25 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Failed password for invalid user developer from 195.178.110.217 port 46112 ssh2
Jun 25 01:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Connection closed by 195.178.110.217 port 46112 [preauth]
Jun 25 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.208.49  user=root
Jun 25 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Failed password for root from 139.59.208.49 port 50016 ssh2
Jun 25 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Received disconnect from 139.59.208.49 port 50016:11: Bye Bye [preauth]
Jun 25 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Disconnected from 139.59.208.49 port 50016 [preauth]
Jun 25 01:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session closed for user root
Jun 25 01:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Invalid user innov from 136.36.189.65
Jun 25 01:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: input_userauth_request: invalid user innov [preauth]
Jun 25 01:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Failed password for invalid user innov from 136.36.189.65 port 34508 ssh2
Jun 25 01:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Received disconnect from 136.36.189.65 port 34508:11: Bye Bye [preauth]
Jun 25 01:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Disconnected from 136.36.189.65 port 34508 [preauth]
Jun 25 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17536]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17601]: Successful su for rubyman by root
Jun 25 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17601]: + ??? root:rubyman
Jun 25 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587167 of user rubyman.
Jun 25 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17601]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587167.
Jun 25 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14953]: pam_unix(cron:session): session closed for user root
Jun 25 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17537]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Invalid user developer from 195.178.110.217
Jun 25 01:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Failed password for invalid user developer from 195.178.110.217 port 47980 ssh2
Jun 25 01:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Connection closed by 195.178.110.217 port 47980 [preauth]
Jun 25 01:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Invalid user administrator from 64.225.17.153
Jun 25 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: input_userauth_request: invalid user administrator [preauth]
Jun 25 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Failed password for invalid user administrator from 64.225.17.153 port 45406 ssh2
Jun 25 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Received disconnect from 64.225.17.153 port 45406:11: Bye Bye [preauth]
Jun 25 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Disconnected from 64.225.17.153 port 45406 [preauth]
Jun 25 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16584]: pam_unix(cron:session): session closed for user root
Jun 25 01:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242  user=root
Jun 25 01:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 01:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Failed password for root from 217.76.154.242 port 52102 ssh2
Jun 25 01:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Connection closed by 217.76.154.242 port 52102 [preauth]
Jun 25 01:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: Failed password for root from 103.122.221.179 port 45856 ssh2
Jun 25 01:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17981]: Connection closed by 103.122.221.179 port 45856 [preauth]
Jun 25 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18111]: Successful su for rubyman by root
Jun 25 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18111]: + ??? root:rubyman
Jun 25 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587171 of user rubyman.
Jun 25 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18111]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587171.
Jun 25 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15387]: pam_unix(cron:session): session closed for user root
Jun 25 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: Invalid user developer from 195.178.110.217
Jun 25 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18052]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: Failed password for invalid user developer from 195.178.110.217 port 49864 ssh2
Jun 25 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: Connection closed by 195.178.110.217 port 49864 [preauth]
Jun 25 01:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: Invalid user mysites from 20.204.136.58
Jun 25 01:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: input_userauth_request: invalid user mysites [preauth]
Jun 25 01:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: Failed password for invalid user mysites from 20.204.136.58 port 33736 ssh2
Jun 25 01:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: Received disconnect from 20.204.136.58 port 33736:11: Bye Bye [preauth]
Jun 25 01:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: Disconnected from 20.204.136.58 port 33736 [preauth]
Jun 25 01:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: Invalid user pmail from 136.36.189.65
Jun 25 01:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: input_userauth_request: invalid user pmail [preauth]
Jun 25 01:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: Failed password for invalid user pmail from 136.36.189.65 port 51060 ssh2
Jun 25 01:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: Received disconnect from 136.36.189.65 port 51060:11: Bye Bye [preauth]
Jun 25 01:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: Disconnected from 136.36.189.65 port 51060 [preauth]
Jun 25 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17091]: pam_unix(cron:session): session closed for user root
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18559]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18620]: Successful su for rubyman by root
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18620]: + ??? root:rubyman
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587175 of user rubyman.
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18620]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587175.
Jun 25 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Invalid user developer from 195.178.110.217
Jun 25 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session closed for user root
Jun 25 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: Invalid user user1 from 64.225.17.153
Jun 25 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: input_userauth_request: invalid user user1 [preauth]
Jun 25 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.17.153
Jun 25 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18560]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Failed password for invalid user developer from 195.178.110.217 port 51752 ssh2
Jun 25 01:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Connection closed by 195.178.110.217 port 51752 [preauth]
Jun 25 01:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: Failed password for root from 80.66.85.226 port 40756 ssh2
Jun 25 01:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: Connection closed by 80.66.85.226 port 40756 [preauth]
Jun 25 01:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: Failed password for invalid user user1 from 64.225.17.153 port 40830 ssh2
Jun 25 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: Received disconnect from 64.225.17.153 port 40830:11: Bye Bye [preauth]
Jun 25 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18810]: Disconnected from 64.225.17.153 port 40830 [preauth]
Jun 25 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17539]: pam_unix(cron:session): session closed for user root
Jun 25 01:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Invalid user developer from 195.178.110.217
Jun 25 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: Invalid user sec from 136.36.189.65
Jun 25 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: input_userauth_request: invalid user sec [preauth]
Jun 25 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18995]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: Successful su for rubyman by root
Jun 25 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: + ??? root:rubyman
Jun 25 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587179 of user rubyman.
Jun 25 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587179.
Jun 25 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Failed password for invalid user developer from 195.178.110.217 port 53612 ssh2
Jun 25 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18981]: Connection closed by 195.178.110.217 port 53612 [preauth]
Jun 25 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: Failed password for invalid user sec from 136.36.189.65 port 48164 ssh2
Jun 25 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: Received disconnect from 136.36.189.65 port 48164:11: Bye Bye [preauth]
Jun 25 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: Disconnected from 136.36.189.65 port 48164 [preauth]
Jun 25 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16188]: pam_unix(cron:session): session closed for user root
Jun 25 01:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18997]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session closed for user root
Jun 25 01:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19406]: Received disconnect from 194.42.205.100 port 50726:11: disconnected by user [preauth]
Jun 25 01:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19406]: Disconnected from 194.42.205.100 port 50726 [preauth]
Jun 25 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19481]: Invalid user developer from 195.178.110.217
Jun 25 01:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19481]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19481]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19481]: Failed password for invalid user developer from 195.178.110.217 port 55506 ssh2
Jun 25 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session closed for user root
Jun 25 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19481]: Connection closed by 195.178.110.217 port 55506 [preauth]
Jun 25 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19756]: Successful su for rubyman by root
Jun 25 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19756]: + ??? root:rubyman
Jun 25 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587186 of user rubyman.
Jun 25 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19756]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587186.
Jun 25 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session closed for user root
Jun 25 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16583]: pam_unix(cron:session): session closed for user root
Jun 25 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19552]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18562]: pam_unix(cron:session): session closed for user root
Jun 25 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: Invalid user accounts from 136.36.189.65
Jun 25 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: input_userauth_request: invalid user accounts [preauth]
Jun 25 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: Failed password for invalid user accounts from 136.36.189.65 port 58014 ssh2
Jun 25 01:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: Received disconnect from 136.36.189.65 port 58014:11: Bye Bye [preauth]
Jun 25 01:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20069]: Disconnected from 136.36.189.65 port 58014 [preauth]
Jun 25 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20079]: Invalid user testnet from 20.204.136.58
Jun 25 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20079]: input_userauth_request: invalid user testnet [preauth]
Jun 25 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20079]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20079]: Failed password for invalid user testnet from 20.204.136.58 port 58616 ssh2
Jun 25 01:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20079]: Received disconnect from 20.204.136.58 port 58616:11: Bye Bye [preauth]
Jun 25 01:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20079]: Disconnected from 20.204.136.58 port 58616 [preauth]
Jun 25 01:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: Invalid user developer from 195.178.110.217
Jun 25 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: Failed password for invalid user developer from 195.178.110.217 port 57388 ssh2
Jun 25 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: Connection closed by 195.178.110.217 port 57388 [preauth]
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20134]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: Successful su for rubyman by root
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: + ??? root:rubyman
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587189 of user rubyman.
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587189.
Jun 25 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17090]: pam_unix(cron:session): session closed for user root
Jun 25 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20135]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18999]: pam_unix(cron:session): session closed for user root
Jun 25 01:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Invalid user developer from 195.178.110.217
Jun 25 01:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Failed password for invalid user developer from 195.178.110.217 port 59270 ssh2
Jun 25 01:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Connection closed by 195.178.110.217 port 59270 [preauth]
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20674]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: Successful su for rubyman by root
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: + ??? root:rubyman
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587193 of user rubyman.
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587193.
Jun 25 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17538]: pam_unix(cron:session): session closed for user root
Jun 25 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Invalid user brc from 136.36.189.65
Jun 25 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: input_userauth_request: invalid user brc [preauth]
Jun 25 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20679]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Failed password for invalid user brc from 136.36.189.65 port 55546 ssh2
Jun 25 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Received disconnect from 136.36.189.65 port 55546:11: Bye Bye [preauth]
Jun 25 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Disconnected from 136.36.189.65 port 55546 [preauth]
Jun 25 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session closed for user root
Jun 25 01:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: Invalid user admin from 2.57.121.25
Jun 25 01:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: input_userauth_request: invalid user admin [preauth]
Jun 25 01:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 01:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: Invalid user developer from 195.178.110.217
Jun 25 01:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: Failed password for invalid user admin from 2.57.121.25 port 61786 ssh2
Jun 25 01:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: Failed password for invalid user developer from 195.178.110.217 port 32916 ssh2
Jun 25 01:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: Failed password for invalid user admin from 2.57.121.25 port 61786 ssh2
Jun 25 01:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: Connection closed by 195.178.110.217 port 32916 [preauth]
Jun 25 01:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: Failed password for invalid user admin from 2.57.121.25 port 61786 ssh2
Jun 25 01:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: Connection closed by 2.57.121.25 port 61786 [preauth]
Jun 25 01:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21153]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: Successful su for rubyman by root
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: + ??? root:rubyman
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587198 of user rubyman.
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587198.
Jun 25 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18053]: pam_unix(cron:session): session closed for user root
Jun 25 01:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21154]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Connection closed by 45.148.10.121 port 57366 [preauth]
Jun 25 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20137]: pam_unix(cron:session): session closed for user root
Jun 25 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Invalid user remont from 136.36.189.65
Jun 25 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: input_userauth_request: invalid user remont [preauth]
Jun 25 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Failed password for invalid user remont from 136.36.189.65 port 38308 ssh2
Jun 25 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Received disconnect from 136.36.189.65 port 38308:11: Bye Bye [preauth]
Jun 25 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Disconnected from 136.36.189.65 port 38308 [preauth]
Jun 25 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: Invalid user developer from 195.178.110.217
Jun 25 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: Failed password for invalid user developer from 195.178.110.217 port 34782 ssh2
Jun 25 01:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: Connection closed by 195.178.110.217 port 34782 [preauth]
Jun 25 01:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: Invalid user accounts from 20.204.136.58
Jun 25 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: input_userauth_request: invalid user accounts [preauth]
Jun 25 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: Failed password for invalid user accounts from 20.204.136.58 port 44168 ssh2
Jun 25 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: Received disconnect from 20.204.136.58 port 44168:11: Bye Bye [preauth]
Jun 25 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: Disconnected from 20.204.136.58 port 44168 [preauth]
Jun 25 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21581]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21647]: Successful su for rubyman by root
Jun 25 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21647]: + ??? root:rubyman
Jun 25 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587201 of user rubyman.
Jun 25 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21647]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587201.
Jun 25 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18561]: pam_unix(cron:session): session closed for user root
Jun 25 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21582]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: Invalid user developer from 195.178.110.217
Jun 25 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20682]: pam_unix(cron:session): session closed for user root
Jun 25 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: Failed password for invalid user developer from 195.178.110.217 port 36634 ssh2
Jun 25 01:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: Connection closed by 195.178.110.217 port 36634 [preauth]
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session closed for user root
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21999]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22067]: Successful su for rubyman by root
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22067]: + ??? root:rubyman
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587208 of user rubyman.
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22067]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587208.
Jun 25 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22001]: pam_unix(cron:session): session closed for user root
Jun 25 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18998]: pam_unix(cron:session): session closed for user root
Jun 25 01:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22000]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: Invalid user cms-test from 136.36.189.65
Jun 25 01:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: input_userauth_request: invalid user cms-test [preauth]
Jun 25 01:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: Failed password for invalid user cms-test from 136.36.189.65 port 49656 ssh2
Jun 25 01:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: Received disconnect from 136.36.189.65 port 49656:11: Bye Bye [preauth]
Jun 25 01:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: Disconnected from 136.36.189.65 port 49656 [preauth]
Jun 25 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: Invalid user developer from 195.178.110.217
Jun 25 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: Failed password for invalid user developer from 195.178.110.217 port 38528 ssh2
Jun 25 01:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: Connection closed by 195.178.110.217 port 38528 [preauth]
Jun 25 01:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21156]: pam_unix(cron:session): session closed for user root
Jun 25 01:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: Connection closed by 194.59.206.2 port 13326 [preauth]
Jun 25 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22527]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22598]: Successful su for rubyman by root
Jun 25 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22598]: + ??? root:rubyman
Jun 25 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587213 of user rubyman.
Jun 25 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22598]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587213.
Jun 25 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session closed for user root
Jun 25 01:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22528]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: Invalid user developer from 195.178.110.217
Jun 25 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: Failed password for invalid user developer from 195.178.110.217 port 40400 ssh2
Jun 25 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22844]: Connection closed by 195.178.110.217 port 40400 [preauth]
Jun 25 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21584]: pam_unix(cron:session): session closed for user root
Jun 25 01:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Invalid user maven from 136.36.189.65
Jun 25 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: input_userauth_request: invalid user maven [preauth]
Jun 25 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.36.189.65
Jun 25 01:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Failed password for invalid user maven from 136.36.189.65 port 35880 ssh2
Jun 25 01:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Received disconnect from 136.36.189.65 port 35880:11: Bye Bye [preauth]
Jun 25 01:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Disconnected from 136.36.189.65 port 35880 [preauth]
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22945]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23004]: Successful su for rubyman by root
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23004]: + ??? root:rubyman
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587216 of user rubyman.
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23004]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587216.
Jun 25 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20136]: pam_unix(cron:session): session closed for user root
Jun 25 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22946]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Invalid user remont from 20.204.136.58
Jun 25 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: input_userauth_request: invalid user remont [preauth]
Jun 25 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Failed password for invalid user remont from 20.204.136.58 port 49210 ssh2
Jun 25 01:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Received disconnect from 20.204.136.58 port 49210:11: Bye Bye [preauth]
Jun 25 01:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Disconnected from 20.204.136.58 port 49210 [preauth]
Jun 25 01:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23238]: Invalid user developer from 195.178.110.217
Jun 25 01:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23238]: input_userauth_request: invalid user developer [preauth]
Jun 25 01:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23238]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23238]: Failed password for invalid user developer from 195.178.110.217 port 42266 ssh2
Jun 25 01:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23238]: Connection closed by 195.178.110.217 port 42266 [preauth]
Jun 25 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22003]: pam_unix(cron:session): session closed for user root
Jun 25 01:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 01:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Failed password for root from 103.153.68.219 port 51582 ssh2
Jun 25 01:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Connection closed by 103.153.68.219 port 51582 [preauth]
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23367]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23430]: Successful su for rubyman by root
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23430]: + ??? root:rubyman
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587219 of user rubyman.
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23430]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587219.
Jun 25 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20680]: pam_unix(cron:session): session closed for user root
Jun 25 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23368]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: Invalid user docker from 195.178.110.217
Jun 25 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: input_userauth_request: invalid user docker [preauth]
Jun 25 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: Failed password for invalid user docker from 195.178.110.217 port 44154 ssh2
Jun 25 01:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: Connection closed by 195.178.110.217 port 44154 [preauth]
Jun 25 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22530]: pam_unix(cron:session): session closed for user root
Jun 25 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23795]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23951]: Successful su for rubyman by root
Jun 25 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23951]: + ??? root:rubyman
Jun 25 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587225 of user rubyman.
Jun 25 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23951]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587225.
Jun 25 01:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21155]: pam_unix(cron:session): session closed for user root
Jun 25 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23796]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: Invalid user dspace from 195.178.110.217
Jun 25 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: input_userauth_request: invalid user dspace [preauth]
Jun 25 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: Failed password for invalid user dspace from 195.178.110.217 port 46012 ssh2
Jun 25 01:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 01:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: Connection closed by 195.178.110.217 port 46012 [preauth]
Jun 25 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: Failed password for root from 103.77.242.62 port 34464 ssh2
Jun 25 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: Connection closed by 103.77.242.62 port 34464 [preauth]
Jun 25 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22948]: pam_unix(cron:session): session closed for user root
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24318]: pam_unix(cron:session): session closed for user root
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24312]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24381]: Successful su for rubyman by root
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24381]: + ??? root:rubyman
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587227 of user rubyman.
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24381]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587227.
Jun 25 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24315]: pam_unix(cron:session): session closed for user root
Jun 25 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21583]: pam_unix(cron:session): session closed for user root
Jun 25 01:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24314]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Invalid user dspace from 195.178.110.217
Jun 25 01:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: input_userauth_request: invalid user dspace [preauth]
Jun 25 01:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Failed password for invalid user dspace from 195.178.110.217 port 47858 ssh2
Jun 25 01:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Connection closed by 195.178.110.217 port 47858 [preauth]
Jun 25 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23371]: pam_unix(cron:session): session closed for user root
Jun 25 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Invalid user sec from 20.204.136.58
Jun 25 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: input_userauth_request: invalid user sec [preauth]
Jun 25 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Failed password for invalid user sec from 20.204.136.58 port 41050 ssh2
Jun 25 01:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Received disconnect from 20.204.136.58 port 41050:11: Bye Bye [preauth]
Jun 25 01:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Disconnected from 20.204.136.58 port 41050 [preauth]
Jun 25 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24769]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24837]: Successful su for rubyman by root
Jun 25 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24837]: + ??? root:rubyman
Jun 25 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587235 of user rubyman.
Jun 25 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24837]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587235.
Jun 25 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22002]: pam_unix(cron:session): session closed for user root
Jun 25 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24770]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Invalid user dspace from 195.178.110.217
Jun 25 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: input_userauth_request: invalid user dspace [preauth]
Jun 25 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Failed password for invalid user dspace from 195.178.110.217 port 49730 ssh2
Jun 25 01:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Connection closed by 195.178.110.217 port 49730 [preauth]
Jun 25 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23798]: pam_unix(cron:session): session closed for user root
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25178]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25243]: Successful su for rubyman by root
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25243]: + ??? root:rubyman
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587237 of user rubyman.
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25243]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587237.
Jun 25 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25303]: Invalid user elastic from 195.178.110.217
Jun 25 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25303]: input_userauth_request: invalid user elastic [preauth]
Jun 25 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25303]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22529]: pam_unix(cron:session): session closed for user root
Jun 25 01:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25303]: Failed password for invalid user elastic from 195.178.110.217 port 51596 ssh2
Jun 25 01:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25303]: Connection closed by 195.178.110.217 port 51596 [preauth]
Jun 25 01:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24317]: pam_unix(cron:session): session closed for user root
Jun 25 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: Invalid user elastic from 195.178.110.217
Jun 25 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: input_userauth_request: invalid user elastic [preauth]
Jun 25 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: Failed password for invalid user elastic from 195.178.110.217 port 53472 ssh2
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25579]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25637]: Successful su for rubyman by root
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25637]: + ??? root:rubyman
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587241 of user rubyman.
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25637]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587241.
Jun 25 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: Connection closed by 195.178.110.217 port 53472 [preauth]
Jun 25 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22947]: pam_unix(cron:session): session closed for user root
Jun 25 01:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25580]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24772]: pam_unix(cron:session): session closed for user root
Jun 25 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: Invalid user elastic from 195.178.110.217
Jun 25 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: input_userauth_request: invalid user elastic [preauth]
Jun 25 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Invalid user brc from 20.204.136.58
Jun 25 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: input_userauth_request: invalid user brc [preauth]
Jun 25 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: Failed password for invalid user elastic from 195.178.110.217 port 55342 ssh2
Jun 25 01:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: Connection closed by 195.178.110.217 port 55342 [preauth]
Jun 25 01:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Failed password for invalid user brc from 20.204.136.58 port 59430 ssh2
Jun 25 01:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Received disconnect from 20.204.136.58 port 59430:11: Bye Bye [preauth]
Jun 25 01:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Disconnected from 20.204.136.58 port 59430 [preauth]
Jun 25 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26080]: Successful su for rubyman by root
Jun 25 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26080]: + ??? root:rubyman
Jun 25 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587245 of user rubyman.
Jun 25 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26080]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587245.
Jun 25 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25965]: pam_unix(cron:session): session closed for user root
Jun 25 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23370]: pam_unix(cron:session): session closed for user root
Jun 25 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25181]: pam_unix(cron:session): session closed for user root
Jun 25 01:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26427]: Invalid user elastic from 195.178.110.217
Jun 25 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26427]: input_userauth_request: invalid user elastic [preauth]
Jun 25 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26427]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26427]: Failed password for invalid user elastic from 195.178.110.217 port 57204 ssh2
Jun 25 01:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26427]: Connection closed by 195.178.110.217 port 57204 [preauth]
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26452]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26452]: pam_unix(cron:session): session closed for user root
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26447]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26522]: Successful su for rubyman by root
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26522]: + ??? root:rubyman
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587252 of user rubyman.
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26522]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587252.
Jun 25 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26449]: pam_unix(cron:session): session closed for user root
Jun 25 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23797]: pam_unix(cron:session): session closed for user root
Jun 25 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26448]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25582]: pam_unix(cron:session): session closed for user root
Jun 25 01:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Invalid user elastic from 195.178.110.217
Jun 25 01:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: input_userauth_request: invalid user elastic [preauth]
Jun 25 01:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Failed password for invalid user elastic from 195.178.110.217 port 59078 ssh2
Jun 25 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Connection closed by 195.178.110.217 port 59078 [preauth]
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26966]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27033]: Successful su for rubyman by root
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27033]: + ??? root:rubyman
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587257 of user rubyman.
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27033]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587257.
Jun 25 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24316]: pam_unix(cron:session): session closed for user root
Jun 25 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26967]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session closed for user root
Jun 25 01:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 25 01:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Failed password for root from 147.45.211.215 port 53868 ssh2
Jun 25 01:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Connection closed by 147.45.211.215 port 53868 [preauth]
Jun 25 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27335]: Invalid user elasticsearch from 195.178.110.217
Jun 25 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27335]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 25 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27335]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27335]: Failed password for invalid user elasticsearch from 195.178.110.217 port 60954 ssh2
Jun 25 01:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27335]: Connection closed by 195.178.110.217 port 60954 [preauth]
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27392]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27451]: Successful su for rubyman by root
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27451]: + ??? root:rubyman
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587261 of user rubyman.
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27451]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587261.
Jun 25 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24771]: pam_unix(cron:session): session closed for user root
Jun 25 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27393]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Invalid user webservice from 20.204.136.58
Jun 25 01:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: input_userauth_request: invalid user webservice [preauth]
Jun 25 01:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Failed password for invalid user webservice from 20.204.136.58 port 58336 ssh2
Jun 25 01:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Received disconnect from 20.204.136.58 port 58336:11: Bye Bye [preauth]
Jun 25 01:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Disconnected from 20.204.136.58 port 58336 [preauth]
Jun 25 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26451]: pam_unix(cron:session): session closed for user root
Jun 25 01:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: Invalid user elasticsearch from 195.178.110.217
Jun 25 01:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 25 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: Failed password for invalid user elasticsearch from 195.178.110.217 port 34592 ssh2
Jun 25 01:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: Connection closed by 195.178.110.217 port 34592 [preauth]
Jun 25 01:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: Failed password for root from 103.176.20.57 port 34290 ssh2
Jun 25 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: Connection closed by 103.176.20.57 port 34290 [preauth]
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27799]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27865]: Successful su for rubyman by root
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27865]: + ??? root:rubyman
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587265 of user rubyman.
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27865]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587265.
Jun 25 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session closed for user root
Jun 25 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: Invalid user elasticsearch from 195.178.110.217
Jun 25 01:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 25 01:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26969]: pam_unix(cron:session): session closed for user root
Jun 25 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: Failed password for invalid user elasticsearch from 195.178.110.217 port 36456 ssh2
Jun 25 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: Connection closed by 195.178.110.217 port 36456 [preauth]
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28271]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28328]: Successful su for rubyman by root
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28328]: + ??? root:rubyman
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587268 of user rubyman.
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28328]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587268.
Jun 25 01:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25581]: pam_unix(cron:session): session closed for user root
Jun 25 01:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28272]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27395]: pam_unix(cron:session): session closed for user root
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28766]: pam_unix(cron:session): session closed for user root
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28759]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: Successful su for rubyman by root
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: + ??? root:rubyman
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587274 of user rubyman.
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587274.
Jun 25 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28762]: pam_unix(cron:session): session closed for user root
Jun 25 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25970]: pam_unix(cron:session): session closed for user root
Jun 25 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28761]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27803]: pam_unix(cron:session): session closed for user root
Jun 25 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: Invalid user cea from 20.204.136.58
Jun 25 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: input_userauth_request: invalid user cea [preauth]
Jun 25 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: Failed password for invalid user cea from 20.204.136.58 port 57476 ssh2
Jun 25 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: Received disconnect from 20.204.136.58 port 57476:11: Bye Bye [preauth]
Jun 25 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: Disconnected from 20.204.136.58 port 57476 [preauth]
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29211]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29299]: Successful su for rubyman by root
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29299]: + ??? root:rubyman
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587279 of user rubyman.
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29299]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587279.
Jun 25 01:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26450]: pam_unix(cron:session): session closed for user root
Jun 25 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29212]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Invalid user es from 195.178.110.217
Jun 25 01:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: input_userauth_request: invalid user es [preauth]
Jun 25 01:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Failed password for invalid user es from 195.178.110.217 port 38332 ssh2
Jun 25 01:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Connection closed by 195.178.110.217 port 38332 [preauth]
Jun 25 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28274]: pam_unix(cron:session): session closed for user root
Jun 25 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29755]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29824]: Successful su for rubyman by root
Jun 25 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29824]: + ??? root:rubyman
Jun 25 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587283 of user rubyman.
Jun 25 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29824]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587283.
Jun 25 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Invalid user khalid from 141.98.83.240
Jun 25 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: input_userauth_request: invalid user khalid [preauth]
Jun 25 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session closed for user root
Jun 25 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Failed password for invalid user khalid from 141.98.83.240 port 29388 ssh2
Jun 25 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: Invalid user es from 195.178.110.217
Jun 25 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: input_userauth_request: invalid user es [preauth]
Jun 25 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Failed password for invalid user khalid from 141.98.83.240 port 29388 ssh2
Jun 25 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: Failed password for invalid user es from 195.178.110.217 port 40162 ssh2
Jun 25 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29756]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: Connection closed by 195.178.110.217 port 40162 [preauth]
Jun 25 01:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Failed password for invalid user khalid from 141.98.83.240 port 29388 ssh2
Jun 25 01:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Connection closed by 141.98.83.240 port 29388 [preauth]
Jun 25 01:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 25 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Received disconnect from 23.94.23.226 port 51344:11: disconnected by user [preauth]
Jun 25 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Disconnected from 23.94.23.226 port 51344 [preauth]
Jun 25 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28765]: pam_unix(cron:session): session closed for user root
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30186]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30248]: Successful su for rubyman by root
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30248]: + ??? root:rubyman
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587286 of user rubyman.
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30248]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587286.
Jun 25 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27394]: pam_unix(cron:session): session closed for user root
Jun 25 01:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30187]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session closed for user root
Jun 25 01:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: Invalid user acta from 20.204.136.58
Jun 25 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: input_userauth_request: invalid user acta [preauth]
Jun 25 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: Failed password for invalid user acta from 20.204.136.58 port 45158 ssh2
Jun 25 01:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: Received disconnect from 20.204.136.58 port 45158:11: Bye Bye [preauth]
Jun 25 01:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: Disconnected from 20.204.136.58 port 45158 [preauth]
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30590]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30663]: Successful su for rubyman by root
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30663]: + ??? root:rubyman
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587290 of user rubyman.
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30663]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587290.
Jun 25 01:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27802]: pam_unix(cron:session): session closed for user root
Jun 25 01:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30591]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.42.93.139  user=root
Jun 25 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30916]: Failed password for root from 182.42.93.139 port 45876 ssh2
Jun 25 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30916]: Received disconnect from 182.42.93.139 port 45876:11: Bye Bye [preauth]
Jun 25 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30916]: Disconnected from 182.42.93.139 port 45876 [preauth]
Jun 25 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session closed for user root
Jun 25 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Invalid user payara from 168.144.92.125
Jun 25 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: input_userauth_request: invalid user payara [preauth]
Jun 25 01:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Failed password for invalid user payara from 168.144.92.125 port 47260 ssh2
Jun 25 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Received disconnect from 168.144.92.125 port 47260:11: Bye Bye [preauth]
Jun 25 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Disconnected from 168.144.92.125 port 47260 [preauth]
Jun 25 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31112]: pam_unix(cron:session): session closed for user root
Jun 25 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31175]: Successful su for rubyman by root
Jun 25 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31175]: + ??? root:rubyman
Jun 25 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587294 of user rubyman.
Jun 25 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31175]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587294.
Jun 25 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28273]: pam_unix(cron:session): session closed for user root
Jun 25 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31109]: pam_unix(cron:session): session closed for user root
Jun 25 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30189]: pam_unix(cron:session): session closed for user root
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31545]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31701]: Successful su for rubyman by root
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31701]: + ??? root:rubyman
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587300 of user rubyman.
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31701]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587300.
Jun 25 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28763]: pam_unix(cron:session): session closed for user root
Jun 25 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31546]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30593]: pam_unix(cron:session): session closed for user root
Jun 25 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32051]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32115]: Successful su for rubyman by root
Jun 25 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32115]: + ??? root:rubyman
Jun 25 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587304 of user rubyman.
Jun 25 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32115]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587304.
Jun 25 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session closed for user root
Jun 25 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32052]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31111]: pam_unix(cron:session): session closed for user root
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32455]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32525]: Successful su for rubyman by root
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32525]: + ??? root:rubyman
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587309 of user rubyman.
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32525]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587309.
Jun 25 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session closed for user root
Jun 25 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32456]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 25 01:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: Failed password for root from 46.19.67.181 port 59598 ssh2
Jun 25 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: Connection closed by 46.19.67.181 port 59598 [preauth]
Jun 25 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31548]: pam_unix(cron:session): session closed for user root
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[408]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[606]: Successful su for rubyman by root
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[606]: + ??? root:rubyman
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587314 of user rubyman.
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[606]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587314.
Jun 25 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30188]: pam_unix(cron:session): session closed for user root
Jun 25 01:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: Invalid user admin from 193.46.255.86
Jun 25 01:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: input_userauth_request: invalid user admin [preauth]
Jun 25 01:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 01:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: Failed password for invalid user admin from 193.46.255.86 port 61150 ssh2
Jun 25 01:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: Failed password for invalid user admin from 193.46.255.86 port 61150 ssh2
Jun 25 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: Failed password for invalid user admin from 193.46.255.86 port 61150 ssh2
Jun 25 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: Connection closed by 193.46.255.86 port 61150 [preauth]
Jun 25 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[866]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 01:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32056]: pam_unix(cron:session): session closed for user root
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[968]: pam_unix(cron:session): session closed for user root
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[962]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1041]: Successful su for rubyman by root
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1041]: + ??? root:rubyman
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587318 of user rubyman.
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1041]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587318.
Jun 25 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[964]: pam_unix(cron:session): session closed for user root
Jun 25 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30592]: pam_unix(cron:session): session closed for user root
Jun 25 01:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[963]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32458]: pam_unix(cron:session): session closed for user root
Jun 25 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Invalid user contenidos from 20.204.136.58
Jun 25 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: input_userauth_request: invalid user contenidos [preauth]
Jun 25 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 01:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Failed password for invalid user contenidos from 20.204.136.58 port 47044 ssh2
Jun 25 01:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Received disconnect from 20.204.136.58 port 47044:11: Bye Bye [preauth]
Jun 25 01:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1398]: Disconnected from 20.204.136.58 port 47044 [preauth]
Jun 25 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1562]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1652]: Successful su for rubyman by root
Jun 25 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1652]: + ??? root:rubyman
Jun 25 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587324 of user rubyman.
Jun 25 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1652]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587324.
Jun 25 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31110]: pam_unix(cron:session): session closed for user root
Jun 25 01:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1563]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[412]: pam_unix(cron:session): session closed for user root
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: Successful su for rubyman by root
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: + ??? root:rubyman
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587326 of user rubyman.
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587326.
Jun 25 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31547]: pam_unix(cron:session): session closed for user root
Jun 25 01:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.150.183.33  user=root
Jun 25 01:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: Failed password for root from 183.150.183.33 port 24985 ssh2
Jun 25 01:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: Received disconnect from 183.150.183.33 port 24985:11: Bye Bye [preauth]
Jun 25 01:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: Disconnected from 183.150.183.33 port 24985 [preauth]
Jun 25 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[967]: pam_unix(cron:session): session closed for user root
Jun 25 01:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 01:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Failed password for root from 103.77.175.15 port 48796 ssh2
Jun 25 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Connection closed by 103.77.175.15 port 48796 [preauth]
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2484]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2553]: Successful su for rubyman by root
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2553]: + ??? root:rubyman
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587331 of user rubyman.
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2553]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587331.
Jun 25 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32055]: pam_unix(cron:session): session closed for user root
Jun 25 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1565]: pam_unix(cron:session): session closed for user root
Jun 25 01:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 01:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Failed password for root from 103.27.238.120 port 57772 ssh2
Jun 25 01:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Connection closed by 103.27.238.120 port 57772 [preauth]
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2911]: pam_unix(cron:session): session closed for user p13x
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2969]: Successful su for rubyman by root
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2969]: + ??? root:rubyman
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587334 of user rubyman.
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2969]: pam_unix(su:session): session closed for user rubyman
Jun 25 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587334.
Jun 25 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32457]: pam_unix(cron:session): session closed for user root
Jun 25 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2912]: pam_unix(cron:session): session closed for user samftp
Jun 25 01:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 01:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: Failed password for root from 103.172.78.219 port 56698 ssh2
Jun 25 01:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: Connection closed by 103.172.78.219 port 56698 [preauth]
Jun 25 01:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session closed for user root
Jun 25 01:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 01:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: Failed password for root from 87.251.79.125 port 53482 ssh2
Jun 25 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3278]: Connection closed by 87.251.79.125 port 53482 [preauth]
Jun 25 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3308]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session closed for user root
Jun 25 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3307]: pam_unix(cron:session): session closed for user root
Jun 25 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3305]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3393]: Successful su for rubyman by root
Jun 25 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3393]: + ??? root:rubyman
Jun 25 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587341 of user rubyman.
Jun 25 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3393]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587341.
Jun 25 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session closed for user root
Jun 25 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3308]: pam_unix(cron:session): session closed for user root
Jun 25 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3306]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Invalid user babygirl from 2.57.121.112
Jun 25 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: input_userauth_request: invalid user babygirl [preauth]
Jun 25 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 02:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Failed password for invalid user babygirl from 2.57.121.112 port 15226 ssh2
Jun 25 02:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Failed password for invalid user babygirl from 2.57.121.112 port 15226 ssh2
Jun 25 02:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Failed password for invalid user babygirl from 2.57.121.112 port 15226 ssh2
Jun 25 02:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Failed password for invalid user babygirl from 2.57.121.112 port 15226 ssh2
Jun 25 02:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Failed password for invalid user babygirl from 2.57.121.112 port 15226 ssh2
Jun 25 02:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Connection closed by 2.57.121.112 port 15226 [preauth]
Jun 25 02:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 02:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2488]: pam_unix(cron:session): session closed for user root
Jun 25 02:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Failed password for root from 197.248.8.33 port 40976 ssh2
Jun 25 02:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Received disconnect from 197.248.8.33 port 40976:11: Bye Bye [preauth]
Jun 25 02:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Disconnected from 197.248.8.33 port 40976 [preauth]
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3957]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4073]: Successful su for rubyman by root
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4073]: + ??? root:rubyman
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587345 of user rubyman.
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4073]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587345.
Jun 25 02:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[966]: pam_unix(cron:session): session closed for user root
Jun 25 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3959]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2914]: pam_unix(cron:session): session closed for user root
Jun 25 02:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Invalid user rstudio from 20.244.95.134
Jun 25 02:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: input_userauth_request: invalid user rstudio [preauth]
Jun 25 02:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.244.95.134
Jun 25 02:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Failed password for invalid user rstudio from 20.244.95.134 port 44652 ssh2
Jun 25 02:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Received disconnect from 20.244.95.134 port 44652:11: Bye Bye [preauth]
Jun 25 02:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Disconnected from 20.244.95.134 port 44652 [preauth]
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4486]: Successful su for rubyman by root
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4486]: + ??? root:rubyman
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587351 of user rubyman.
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4486]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587351.
Jun 25 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1564]: pam_unix(cron:session): session closed for user root
Jun 25 02:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: Invalid user maven from 20.204.136.58
Jun 25 02:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: input_userauth_request: invalid user maven [preauth]
Jun 25 02:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: Failed password for invalid user maven from 20.204.136.58 port 57080 ssh2
Jun 25 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: Received disconnect from 20.204.136.58 port 57080:11: Bye Bye [preauth]
Jun 25 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: Disconnected from 20.204.136.58 port 57080 [preauth]
Jun 25 02:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Invalid user gitlabuser from 202.165.29.123
Jun 25 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: input_userauth_request: invalid user gitlabuser [preauth]
Jun 25 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Failed password for invalid user gitlabuser from 202.165.29.123 port 51018 ssh2
Jun 25 02:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Received disconnect from 202.165.29.123 port 51018:11: Bye Bye [preauth]
Jun 25 02:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Disconnected from 202.165.29.123 port 51018 [preauth]
Jun 25 02:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3310]: pam_unix(cron:session): session closed for user root
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4938]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5006]: Successful su for rubyman by root
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5006]: + ??? root:rubyman
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587354 of user rubyman.
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5006]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587354.
Jun 25 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session closed for user root
Jun 25 02:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4939]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168  user=root
Jun 25 02:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Failed password for root from 95.90.13.168 port 60436 ssh2
Jun 25 02:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Received disconnect from 95.90.13.168 port 60436:11: Bye Bye [preauth]
Jun 25 02:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Disconnected from 95.90.13.168 port 60436 [preauth]
Jun 25 02:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Invalid user test123 from 168.144.92.125
Jun 25 02:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: input_userauth_request: invalid user test123 [preauth]
Jun 25 02:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Failed password for invalid user test123 from 168.144.92.125 port 36400 ssh2
Jun 25 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Received disconnect from 168.144.92.125 port 36400:11: Bye Bye [preauth]
Jun 25 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Disconnected from 168.144.92.125 port 36400 [preauth]
Jun 25 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: Invalid user myuser from 187.16.96.250
Jun 25 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: input_userauth_request: invalid user myuser [preauth]
Jun 25 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: Failed password for invalid user myuser from 187.16.96.250 port 45726 ssh2
Jun 25 02:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: Received disconnect from 187.16.96.250 port 45726:11: Bye Bye [preauth]
Jun 25 02:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: Disconnected from 187.16.96.250 port 45726 [preauth]
Jun 25 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3963]: pam_unix(cron:session): session closed for user root
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5416]: Successful su for rubyman by root
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5416]: + ??? root:rubyman
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587358 of user rubyman.
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5416]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587358.
Jun 25 02:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2487]: pam_unix(cron:session): session closed for user root
Jun 25 02:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4427]: pam_unix(cron:session): session closed for user root
Jun 25 02:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5681]: Invalid user pentest from 197.248.8.33
Jun 25 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5681]: input_userauth_request: invalid user pentest [preauth]
Jun 25 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5681]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5681]: Failed password for invalid user pentest from 197.248.8.33 port 41046 ssh2
Jun 25 02:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5681]: Received disconnect from 197.248.8.33 port 41046:11: Bye Bye [preauth]
Jun 25 02:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5681]: Disconnected from 197.248.8.33 port 41046 [preauth]
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5750]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5752]: pam_unix(cron:session): session closed for user root
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5747]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5819]: Successful su for rubyman by root
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5819]: + ??? root:rubyman
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587366 of user rubyman.
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5819]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587366.
Jun 25 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5749]: pam_unix(cron:session): session closed for user root
Jun 25 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2913]: pam_unix(cron:session): session closed for user root
Jun 25 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Invalid user edubook from 202.165.29.123
Jun 25 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: input_userauth_request: invalid user edubook [preauth]
Jun 25 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Invalid user casaos from 168.144.92.125
Jun 25 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: input_userauth_request: invalid user casaos [preauth]
Jun 25 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5748]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Failed password for invalid user edubook from 202.165.29.123 port 57304 ssh2
Jun 25 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Received disconnect from 202.165.29.123 port 57304:11: Bye Bye [preauth]
Jun 25 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Disconnected from 202.165.29.123 port 57304 [preauth]
Jun 25 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Failed password for invalid user casaos from 168.144.92.125 port 47348 ssh2
Jun 25 02:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Received disconnect from 168.144.92.125 port 47348:11: Bye Bye [preauth]
Jun 25 02:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Disconnected from 168.144.92.125 port 47348 [preauth]
Jun 25 02:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: Invalid user pmail from 20.204.136.58
Jun 25 02:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: input_userauth_request: invalid user pmail [preauth]
Jun 25 02:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.204.136.58
Jun 25 02:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4944]: pam_unix(cron:session): session closed for user root
Jun 25 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: Failed password for invalid user pmail from 20.204.136.58 port 47586 ssh2
Jun 25 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: Received disconnect from 20.204.136.58 port 47586:11: Bye Bye [preauth]
Jun 25 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: Disconnected from 20.204.136.58 port 47586 [preauth]
Jun 25 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6244]: Successful su for rubyman by root
Jun 25 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6244]: + ??? root:rubyman
Jun 25 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587367 of user rubyman.
Jun 25 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6244]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587367.
Jun 25 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3309]: pam_unix(cron:session): session closed for user root
Jun 25 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session closed for user root
Jun 25 02:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Invalid user myuser from 197.248.8.33
Jun 25 02:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: input_userauth_request: invalid user myuser [preauth]
Jun 25 02:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Failed password for invalid user myuser from 197.248.8.33 port 51216 ssh2
Jun 25 02:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Received disconnect from 197.248.8.33 port 51216:11: Bye Bye [preauth]
Jun 25 02:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Disconnected from 197.248.8.33 port 51216 [preauth]
Jun 25 02:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Invalid user atlas from 168.144.92.125
Jun 25 02:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: input_userauth_request: invalid user atlas [preauth]
Jun 25 02:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for invalid user atlas from 168.144.92.125 port 45940 ssh2
Jun 25 02:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Received disconnect from 168.144.92.125 port 45940:11: Bye Bye [preauth]
Jun 25 02:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Disconnected from 168.144.92.125 port 45940 [preauth]
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6637]: Successful su for rubyman by root
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6637]: + ??? root:rubyman
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587371 of user rubyman.
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6637]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587371.
Jun 25 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 02:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3962]: pam_unix(cron:session): session closed for user root
Jun 25 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: Failed password for root from 38.93.206.2 port 30262 ssh2
Jun 25 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: Connection closed by 38.93.206.2 port 30262 [preauth]
Jun 25 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Invalid user user from 202.165.29.123
Jun 25 02:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: input_userauth_request: invalid user user [preauth]
Jun 25 02:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Failed password for invalid user user from 202.165.29.123 port 58284 ssh2
Jun 25 02:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Received disconnect from 202.165.29.123 port 58284:11: Bye Bye [preauth]
Jun 25 02:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Disconnected from 202.165.29.123 port 58284 [preauth]
Jun 25 02:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5751]: pam_unix(cron:session): session closed for user root
Jun 25 02:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.42.93.139  user=root
Jun 25 02:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: Failed password for root from 182.42.93.139 port 40204 ssh2
Jun 25 02:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: Received disconnect from 182.42.93.139 port 40204:11: Bye Bye [preauth]
Jun 25 02:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: Disconnected from 182.42.93.139 port 40204 [preauth]
Jun 25 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7034]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7154]: Successful su for rubyman by root
Jun 25 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7154]: + ??? root:rubyman
Jun 25 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587375 of user rubyman.
Jun 25 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7154]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587375.
Jun 25 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4426]: pam_unix(cron:session): session closed for user root
Jun 25 02:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7035]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7383]: Invalid user ubuntu from 182.42.93.139
Jun 25 02:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7383]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 02:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7383]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.42.93.139
Jun 25 02:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7383]: Failed password for invalid user ubuntu from 182.42.93.139 port 37692 ssh2
Jun 25 02:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7383]: Received disconnect from 182.42.93.139 port 37692:11: Bye Bye [preauth]
Jun 25 02:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7383]: Disconnected from 182.42.93.139 port 37692 [preauth]
Jun 25 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session closed for user root
Jun 25 02:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125  user=root
Jun 25 02:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Failed password for root from 168.144.92.125 port 39126 ssh2
Jun 25 02:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Received disconnect from 168.144.92.125 port 39126:11: Bye Bye [preauth]
Jun 25 02:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Disconnected from 168.144.92.125 port 39126 [preauth]
Jun 25 02:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 02:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Failed password for root from 62.133.62.83 port 43064 ssh2
Jun 25 02:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Connection closed by 62.133.62.83 port 43064 [preauth]
Jun 25 02:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Failed password for root from 197.248.8.33 port 33150 ssh2
Jun 25 02:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Received disconnect from 197.248.8.33 port 33150:11: Bye Bye [preauth]
Jun 25 02:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Disconnected from 197.248.8.33 port 33150 [preauth]
Jun 25 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7497]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: Successful su for rubyman by root
Jun 25 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: + ??? root:rubyman
Jun 25 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587379 of user rubyman.
Jun 25 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587379.
Jun 25 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session closed for user root
Jun 25 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4940]: pam_unix(cron:session): session closed for user root
Jun 25 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7498]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: Invalid user lorenzo from 202.165.29.123
Jun 25 02:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: input_userauth_request: invalid user lorenzo [preauth]
Jun 25 02:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: Failed password for invalid user lorenzo from 202.165.29.123 port 50096 ssh2
Jun 25 02:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: Received disconnect from 202.165.29.123 port 50096:11: Bye Bye [preauth]
Jun 25 02:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: Disconnected from 202.165.29.123 port 50096 [preauth]
Jun 25 02:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6576]: pam_unix(cron:session): session closed for user root
Jun 25 02:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 02:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: Failed password for root from 147.45.199.80 port 54474 ssh2
Jun 25 02:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: Connection closed by 147.45.199.80 port 54474 [preauth]
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8078]: pam_unix(cron:session): session closed for user root
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8073]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: Successful su for rubyman by root
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: + ??? root:rubyman
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587388 of user rubyman.
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587388.
Jun 25 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8075]: pam_unix(cron:session): session closed for user root
Jun 25 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session closed for user root
Jun 25 02:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8074]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Invalid user vpn from 95.90.13.168
Jun 25 02:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: input_userauth_request: invalid user vpn [preauth]
Jun 25 02:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Failed password for invalid user vpn from 95.90.13.168 port 64923 ssh2
Jun 25 02:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Received disconnect from 95.90.13.168 port 64923:11: Bye Bye [preauth]
Jun 25 02:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Disconnected from 95.90.13.168 port 64923 [preauth]
Jun 25 02:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: Invalid user testtesttest from 168.144.92.125
Jun 25 02:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: input_userauth_request: invalid user testtesttest [preauth]
Jun 25 02:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: Failed password for invalid user testtesttest from 168.144.92.125 port 33620 ssh2
Jun 25 02:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: Received disconnect from 168.144.92.125 port 33620:11: Bye Bye [preauth]
Jun 25 02:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: Disconnected from 168.144.92.125 port 33620 [preauth]
Jun 25 02:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7037]: pam_unix(cron:session): session closed for user root
Jun 25 02:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Invalid user bitrix from 187.16.96.250
Jun 25 02:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: input_userauth_request: invalid user bitrix [preauth]
Jun 25 02:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Failed password for invalid user bitrix from 187.16.96.250 port 45752 ssh2
Jun 25 02:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Received disconnect from 187.16.96.250 port 45752:11: Bye Bye [preauth]
Jun 25 02:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Disconnected from 187.16.96.250 port 45752 [preauth]
Jun 25 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8514]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8586]: Successful su for rubyman by root
Jun 25 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8586]: + ??? root:rubyman
Jun 25 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587390 of user rubyman.
Jun 25 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8586]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587390.
Jun 25 02:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: Invalid user wuxianjin from 197.248.8.33
Jun 25 02:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: input_userauth_request: invalid user wuxianjin [preauth]
Jun 25 02:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5750]: pam_unix(cron:session): session closed for user root
Jun 25 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: Failed password for invalid user wuxianjin from 197.248.8.33 port 43320 ssh2
Jun 25 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: Received disconnect from 197.248.8.33 port 43320:11: Bye Bye [preauth]
Jun 25 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: Disconnected from 197.248.8.33 port 43320 [preauth]
Jun 25 02:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8515]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123  user=root
Jun 25 02:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Failed password for root from 202.165.29.123 port 36466 ssh2
Jun 25 02:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Received disconnect from 202.165.29.123 port 36466:11: Bye Bye [preauth]
Jun 25 02:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Disconnected from 202.165.29.123 port 36466 [preauth]
Jun 25 02:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 02:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: Failed password for root from 103.149.28.157 port 35380 ssh2
Jun 25 02:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: Connection closed by 103.149.28.157 port 35380 [preauth]
Jun 25 02:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7500]: pam_unix(cron:session): session closed for user root
Jun 25 02:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Invalid user lg from 95.90.13.168
Jun 25 02:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: input_userauth_request: invalid user lg [preauth]
Jun 25 02:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Failed password for invalid user lg from 95.90.13.168 port 63354 ssh2
Jun 25 02:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Received disconnect from 95.90.13.168 port 63354:11: Bye Bye [preauth]
Jun 25 02:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Disconnected from 95.90.13.168 port 63354 [preauth]
Jun 25 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Invalid user cnt from 168.144.92.125
Jun 25 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: input_userauth_request: invalid user cnt [preauth]
Jun 25 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8924]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8921]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Failed password for invalid user cnt from 168.144.92.125 port 51298 ssh2
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8986]: Successful su for rubyman by root
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8986]: + ??? root:rubyman
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587394 of user rubyman.
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8986]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587394.
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Received disconnect from 168.144.92.125 port 51298:11: Bye Bye [preauth]
Jun 25 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Disconnected from 168.144.92.125 port 51298 [preauth]
Jun 25 02:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session closed for user root
Jun 25 02:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8922]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8077]: pam_unix(cron:session): session closed for user root
Jun 25 02:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 02:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: Failed password for root from 193.37.70.224 port 48838 ssh2
Jun 25 02:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9264]: Connection closed by 193.37.70.224 port 48838 [preauth]
Jun 25 02:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9290]: Failed password for root from 187.16.96.250 port 58022 ssh2
Jun 25 02:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9290]: Received disconnect from 187.16.96.250 port 58022:11: Bye Bye [preauth]
Jun 25 02:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9290]: Disconnected from 187.16.96.250 port 58022 [preauth]
Jun 25 02:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9380]: Successful su for rubyman by root
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9380]: + ??? root:rubyman
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587398 of user rubyman.
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9380]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587398.
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Invalid user xr from 197.248.8.33
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: input_userauth_request: invalid user xr [preauth]
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Failed password for invalid user xr from 197.248.8.33 port 53480 ssh2
Jun 25 02:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Received disconnect from 197.248.8.33 port 53480:11: Bye Bye [preauth]
Jun 25 02:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Disconnected from 197.248.8.33 port 53480 [preauth]
Jun 25 02:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6575]: pam_unix(cron:session): session closed for user root
Jun 25 02:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9323]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Invalid user admin from 45.148.10.121
Jun 25 02:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: input_userauth_request: invalid user admin [preauth]
Jun 25 02:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 02:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Failed password for invalid user admin from 45.148.10.121 port 44156 ssh2
Jun 25 02:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Connection closed by 45.148.10.121 port 44156 [preauth]
Jun 25 02:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Invalid user laura from 202.165.29.123
Jun 25 02:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: input_userauth_request: invalid user laura [preauth]
Jun 25 02:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Failed password for invalid user laura from 202.165.29.123 port 33850 ssh2
Jun 25 02:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Received disconnect from 202.165.29.123 port 33850:11: Bye Bye [preauth]
Jun 25 02:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Disconnected from 202.165.29.123 port 33850 [preauth]
Jun 25 02:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 02:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Failed password for root from 77.94.47.83 port 36936 ssh2
Jun 25 02:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Connection closed by 77.94.47.83 port 36936 [preauth]
Jun 25 02:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168  user=root
Jun 25 02:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9626]: Failed password for root from 95.90.13.168 port 61755 ssh2
Jun 25 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9626]: Received disconnect from 95.90.13.168 port 61755:11: Bye Bye [preauth]
Jun 25 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9626]: Disconnected from 95.90.13.168 port 61755 [preauth]
Jun 25 02:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8518]: pam_unix(cron:session): session closed for user root
Jun 25 02:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: Invalid user zhl from 168.144.92.125
Jun 25 02:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: input_userauth_request: invalid user zhl [preauth]
Jun 25 02:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: Failed password for invalid user zhl from 168.144.92.125 port 53584 ssh2
Jun 25 02:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: Received disconnect from 168.144.92.125 port 53584:11: Bye Bye [preauth]
Jun 25 02:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9663]: Disconnected from 168.144.92.125 port 53584 [preauth]
Jun 25 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9788]: Successful su for rubyman by root
Jun 25 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9788]: + ??? root:rubyman
Jun 25 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587403 of user rubyman.
Jun 25 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9788]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587403.
Jun 25 02:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session closed for user root
Jun 25 02:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8924]: pam_unix(cron:session): session closed for user root
Jun 25 02:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: Failed password for root from 187.16.96.250 port 45286 ssh2
Jun 25 02:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: Received disconnect from 187.16.96.250 port 45286:11: Bye Bye [preauth]
Jun 25 02:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10359]: Disconnected from 187.16.96.250 port 45286 [preauth]
Jun 25 02:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: Invalid user johnson from 95.90.13.168
Jun 25 02:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: input_userauth_request: invalid user johnson [preauth]
Jun 25 02:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10396]: pam_unix(cron:session): session closed for user root
Jun 25 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10391]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10460]: Successful su for rubyman by root
Jun 25 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10460]: + ??? root:rubyman
Jun 25 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587407 of user rubyman.
Jun 25 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10460]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587407.
Jun 25 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: Failed password for invalid user johnson from 95.90.13.168 port 60590 ssh2
Jun 25 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: Received disconnect from 95.90.13.168 port 60590:11: Bye Bye [preauth]
Jun 25 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: Disconnected from 95.90.13.168 port 60590 [preauth]
Jun 25 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10393]: pam_unix(cron:session): session closed for user root
Jun 25 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7499]: pam_unix(cron:session): session closed for user root
Jun 25 02:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10392]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Invalid user prueba from 197.248.8.33
Jun 25 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: input_userauth_request: invalid user prueba [preauth]
Jun 25 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Failed password for invalid user prueba from 197.248.8.33 port 35410 ssh2
Jun 25 02:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Received disconnect from 197.248.8.33 port 35410:11: Bye Bye [preauth]
Jun 25 02:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Disconnected from 197.248.8.33 port 35410 [preauth]
Jun 25 02:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Invalid user remote from 202.165.29.123
Jun 25 02:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: input_userauth_request: invalid user remote [preauth]
Jun 25 02:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Failed password for invalid user remote from 202.165.29.123 port 33338 ssh2
Jun 25 02:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Received disconnect from 202.165.29.123 port 33338:11: Bye Bye [preauth]
Jun 25 02:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10702]: Disconnected from 202.165.29.123 port 33338 [preauth]
Jun 25 02:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Invalid user mahesh from 180.93.52.137
Jun 25 02:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: input_userauth_request: invalid user mahesh [preauth]
Jun 25 02:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.93.52.137
Jun 25 02:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Failed password for invalid user mahesh from 180.93.52.137 port 49558 ssh2
Jun 25 02:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Connection closed by 180.93.52.137 port 49558 [preauth]
Jun 25 02:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125  user=root
Jun 25 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10724]: Failed password for root from 168.144.92.125 port 58710 ssh2
Jun 25 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10724]: Received disconnect from 168.144.92.125 port 58710:11: Bye Bye [preauth]
Jun 25 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10724]: Disconnected from 168.144.92.125 port 58710 [preauth]
Jun 25 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9325]: pam_unix(cron:session): session closed for user root
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10917]: Successful su for rubyman by root
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10917]: + ??? root:rubyman
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587414 of user rubyman.
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10917]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587414.
Jun 25 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8076]: pam_unix(cron:session): session closed for user root
Jun 25 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10849]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Invalid user lili from 95.90.13.168
Jun 25 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: input_userauth_request: invalid user lili [preauth]
Jun 25 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 02:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9727]: pam_unix(cron:session): session closed for user root
Jun 25 02:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Failed password for invalid user lili from 95.90.13.168 port 64366 ssh2
Jun 25 02:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Failed password for root from 141.98.83.240 port 24544 ssh2
Jun 25 02:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Received disconnect from 95.90.13.168 port 64366:11: Bye Bye [preauth]
Jun 25 02:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Disconnected from 95.90.13.168 port 64366 [preauth]
Jun 25 02:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Failed password for root from 141.98.83.240 port 24544 ssh2
Jun 25 02:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Failed password for root from 187.16.96.250 port 44550 ssh2
Jun 25 02:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Received disconnect from 187.16.96.250 port 44550:11: Bye Bye [preauth]
Jun 25 02:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Disconnected from 187.16.96.250 port 44550 [preauth]
Jun 25 02:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Failed password for root from 141.98.83.240 port 24544 ssh2
Jun 25 02:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Connection closed by 141.98.83.240 port 24544 [preauth]
Jun 25 02:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11281]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11277]: pam_unix(cron:session): session closed for user root
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11279]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11346]: Successful su for rubyman by root
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11346]: + ??? root:rubyman
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587418 of user rubyman.
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11346]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587418.
Jun 25 02:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8517]: pam_unix(cron:session): session closed for user root
Jun 25 02:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11280]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: Invalid user tan from 197.248.8.33
Jun 25 02:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: input_userauth_request: invalid user tan [preauth]
Jun 25 02:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: Failed password for invalid user tan from 197.248.8.33 port 45572 ssh2
Jun 25 02:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: Received disconnect from 197.248.8.33 port 45572:11: Bye Bye [preauth]
Jun 25 02:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: Disconnected from 197.248.8.33 port 45572 [preauth]
Jun 25 02:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.42.93.139  user=root
Jun 25 02:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Failed password for root from 182.42.93.139 port 34298 ssh2
Jun 25 02:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: Invalid user lhy from 168.144.92.125
Jun 25 02:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: input_userauth_request: invalid user lhy [preauth]
Jun 25 02:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Received disconnect from 182.42.93.139 port 34298:11: Bye Bye [preauth]
Jun 25 02:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Disconnected from 182.42.93.139 port 34298 [preauth]
Jun 25 02:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Invalid user dolphinscheduler from 202.165.29.123
Jun 25 02:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 25 02:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: Failed password for invalid user lhy from 168.144.92.125 port 54522 ssh2
Jun 25 02:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: Received disconnect from 168.144.92.125 port 54522:11: Bye Bye [preauth]
Jun 25 02:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: Disconnected from 168.144.92.125 port 54522 [preauth]
Jun 25 02:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Failed password for invalid user dolphinscheduler from 202.165.29.123 port 39040 ssh2
Jun 25 02:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Received disconnect from 202.165.29.123 port 39040:11: Bye Bye [preauth]
Jun 25 02:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Disconnected from 202.165.29.123 port 39040 [preauth]
Jun 25 02:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10395]: pam_unix(cron:session): session closed for user root
Jun 25 02:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168  user=root
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11698]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11778]: Successful su for rubyman by root
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11778]: + ??? root:rubyman
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587422 of user rubyman.
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11778]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587422.
Jun 25 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11694]: Failed password for root from 95.90.13.168 port 59595 ssh2
Jun 25 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11694]: Received disconnect from 95.90.13.168 port 59595:11: Bye Bye [preauth]
Jun 25 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11694]: Disconnected from 95.90.13.168 port 59595 [preauth]
Jun 25 02:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session closed for user root
Jun 25 02:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11699]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 02:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Failed password for root from 176.32.39.21 port 58710 ssh2
Jun 25 02:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Failed password for root from 187.16.96.250 port 35868 ssh2
Jun 25 02:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Connection closed by 176.32.39.21 port 58710 [preauth]
Jun 25 02:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Received disconnect from 187.16.96.250 port 35868:11: Bye Bye [preauth]
Jun 25 02:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Disconnected from 187.16.96.250 port 35868 [preauth]
Jun 25 02:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10851]: pam_unix(cron:session): session closed for user root
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12154]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12221]: Successful su for rubyman by root
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12221]: + ??? root:rubyman
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587425 of user rubyman.
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12221]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587425.
Jun 25 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: Invalid user lucas from 168.144.92.125
Jun 25 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: input_userauth_request: invalid user lucas [preauth]
Jun 25 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9324]: pam_unix(cron:session): session closed for user root
Jun 25 02:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: Failed password for invalid user lucas from 168.144.92.125 port 49292 ssh2
Jun 25 02:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: Received disconnect from 168.144.92.125 port 49292:11: Bye Bye [preauth]
Jun 25 02:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: Disconnected from 168.144.92.125 port 49292 [preauth]
Jun 25 02:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12155]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: Invalid user dns from 197.248.8.33
Jun 25 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: input_userauth_request: invalid user dns [preauth]
Jun 25 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: Failed password for invalid user dns from 197.248.8.33 port 55736 ssh2
Jun 25 02:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: Received disconnect from 197.248.8.33 port 55736:11: Bye Bye [preauth]
Jun 25 02:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: Disconnected from 197.248.8.33 port 55736 [preauth]
Jun 25 02:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: Invalid user ftpuser from 202.165.29.123
Jun 25 02:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 02:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12593]: Invalid user monitor from 95.90.13.168
Jun 25 02:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12593]: input_userauth_request: invalid user monitor [preauth]
Jun 25 02:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12593]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: Failed password for invalid user ftpuser from 202.165.29.123 port 48646 ssh2
Jun 25 02:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: Received disconnect from 202.165.29.123 port 48646:11: Bye Bye [preauth]
Jun 25 02:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: Disconnected from 202.165.29.123 port 48646 [preauth]
Jun 25 02:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12593]: Failed password for invalid user monitor from 95.90.13.168 port 59061 ssh2
Jun 25 02:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12593]: Received disconnect from 95.90.13.168 port 59061:11: Bye Bye [preauth]
Jun 25 02:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12593]: Disconnected from 95.90.13.168 port 59061 [preauth]
Jun 25 02:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 02:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11282]: pam_unix(cron:session): session closed for user root
Jun 25 02:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: Failed password for root from 194.113.233.25 port 57844 ssh2
Jun 25 02:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12604]: Connection closed by 194.113.233.25 port 57844 [preauth]
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12701]: pam_unix(cron:session): session closed for user root
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12696]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: Successful su for rubyman by root
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: + ??? root:rubyman
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587432 of user rubyman.
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587432.
Jun 25 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12698]: pam_unix(cron:session): session closed for user root
Jun 25 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session closed for user root
Jun 25 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12697]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Invalid user zimbra from 187.16.96.250
Jun 25 02:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: input_userauth_request: invalid user zimbra [preauth]
Jun 25 02:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Failed password for invalid user zimbra from 187.16.96.250 port 48146 ssh2
Jun 25 02:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Received disconnect from 187.16.96.250 port 48146:11: Bye Bye [preauth]
Jun 25 02:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Disconnected from 187.16.96.250 port 48146 [preauth]
Jun 25 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11701]: pam_unix(cron:session): session closed for user root
Jun 25 02:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 02:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Failed password for root from 109.237.96.109 port 57174 ssh2
Jun 25 02:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Connection closed by 109.237.96.109 port 57174 [preauth]
Jun 25 02:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Invalid user frank from 168.144.92.125
Jun 25 02:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: input_userauth_request: invalid user frank [preauth]
Jun 25 02:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Failed password for invalid user frank from 168.144.92.125 port 45720 ssh2
Jun 25 02:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Received disconnect from 168.144.92.125 port 45720:11: Bye Bye [preauth]
Jun 25 02:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Disconnected from 168.144.92.125 port 45720 [preauth]
Jun 25 02:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Invalid user dave from 95.90.13.168
Jun 25 02:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: input_userauth_request: invalid user dave [preauth]
Jun 25 02:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13153]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13227]: Successful su for rubyman by root
Jun 25 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13227]: + ??? root:rubyman
Jun 25 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587436 of user rubyman.
Jun 25 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13227]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587436.
Jun 25 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Failed password for invalid user dave from 95.90.13.168 port 63989 ssh2
Jun 25 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Received disconnect from 95.90.13.168 port 63989:11: Bye Bye [preauth]
Jun 25 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Disconnected from 95.90.13.168 port 63989 [preauth]
Jun 25 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10394]: pam_unix(cron:session): session closed for user root
Jun 25 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13154]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Invalid user test from 197.248.8.33
Jun 25 02:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: input_userauth_request: invalid user test [preauth]
Jun 25 02:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Failed password for invalid user test from 197.248.8.33 port 37666 ssh2
Jun 25 02:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Received disconnect from 197.248.8.33 port 37666:11: Bye Bye [preauth]
Jun 25 02:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Disconnected from 197.248.8.33 port 37666 [preauth]
Jun 25 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session closed for user root
Jun 25 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Invalid user ubuntu from 202.165.29.123
Jun 25 02:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 02:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Failed password for invalid user ubuntu from 202.165.29.123 port 54364 ssh2
Jun 25 02:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Received disconnect from 202.165.29.123 port 54364:11: Bye Bye [preauth]
Jun 25 02:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Disconnected from 202.165.29.123 port 54364 [preauth]
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13562]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13624]: Successful su for rubyman by root
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13624]: + ??? root:rubyman
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587440 of user rubyman.
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13624]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587440.
Jun 25 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session closed for user root
Jun 25 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13563]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: Failed password for root from 187.16.96.250 port 54248 ssh2
Jun 25 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: Received disconnect from 187.16.96.250 port 54248:11: Bye Bye [preauth]
Jun 25 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: Disconnected from 187.16.96.250 port 54248 [preauth]
Jun 25 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Invalid user oracle from 95.90.13.168
Jun 25 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: input_userauth_request: invalid user oracle [preauth]
Jun 25 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Failed password for invalid user oracle from 95.90.13.168 port 64173 ssh2
Jun 25 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Received disconnect from 95.90.13.168 port 64173:11: Bye Bye [preauth]
Jun 25 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Disconnected from 95.90.13.168 port 64173 [preauth]
Jun 25 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12700]: pam_unix(cron:session): session closed for user root
Jun 25 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125  user=root
Jun 25 02:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Failed password for root from 168.144.92.125 port 46854 ssh2
Jun 25 02:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Received disconnect from 168.144.92.125 port 46854:11: Bye Bye [preauth]
Jun 25 02:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Disconnected from 168.144.92.125 port 46854 [preauth]
Jun 25 02:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 02:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Failed password for root from 103.15.222.183 port 39150 ssh2
Jun 25 02:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Connection closed by 103.15.222.183 port 39150 [preauth]
Jun 25 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13988]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14048]: Successful su for rubyman by root
Jun 25 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14048]: + ??? root:rubyman
Jun 25 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587444 of user rubyman.
Jun 25 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14048]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587444.
Jun 25 02:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11281]: pam_unix(cron:session): session closed for user root
Jun 25 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13989]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: Failed password for root from 197.248.8.33 port 47828 ssh2
Jun 25 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: Received disconnect from 197.248.8.33 port 47828:11: Bye Bye [preauth]
Jun 25 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: Disconnected from 197.248.8.33 port 47828 [preauth]
Jun 25 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13156]: pam_unix(cron:session): session closed for user root
Jun 25 02:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Failed password for root from 202.178.126.219 port 25716 ssh2
Jun 25 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Connection closed by 202.178.126.219 port 25716 [preauth]
Jun 25 02:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Invalid user amir from 202.165.29.123
Jun 25 02:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: input_userauth_request: invalid user amir [preauth]
Jun 25 02:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Failed password for invalid user amir from 202.165.29.123 port 58104 ssh2
Jun 25 02:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Received disconnect from 202.165.29.123 port 58104:11: Bye Bye [preauth]
Jun 25 02:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Disconnected from 202.165.29.123 port 58104 [preauth]
Jun 25 02:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Invalid user wuxianjin from 187.16.96.250
Jun 25 02:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: input_userauth_request: invalid user wuxianjin [preauth]
Jun 25 02:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Failed password for invalid user wuxianjin from 187.16.96.250 port 53258 ssh2
Jun 25 02:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Received disconnect from 187.16.96.250 port 53258:11: Bye Bye [preauth]
Jun 25 02:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Disconnected from 187.16.96.250 port 53258 [preauth]
Jun 25 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14378]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14436]: Successful su for rubyman by root
Jun 25 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14436]: + ??? root:rubyman
Jun 25 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587447 of user rubyman.
Jun 25 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14436]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587447.
Jun 25 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14375]: Invalid user user01 from 95.90.13.168
Jun 25 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14375]: input_userauth_request: invalid user user01 [preauth]
Jun 25 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14375]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14375]: Failed password for invalid user user01 from 95.90.13.168 port 59618 ssh2
Jun 25 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14375]: Received disconnect from 95.90.13.168 port 59618:11: Bye Bye [preauth]
Jun 25 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14375]: Disconnected from 95.90.13.168 port 59618 [preauth]
Jun 25 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11700]: pam_unix(cron:session): session closed for user root
Jun 25 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14379]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: Invalid user alireza from 168.144.92.125
Jun 25 02:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: input_userauth_request: invalid user alireza [preauth]
Jun 25 02:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: Failed password for invalid user alireza from 168.144.92.125 port 49514 ssh2
Jun 25 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: Received disconnect from 168.144.92.125 port 49514:11: Bye Bye [preauth]
Jun 25 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: Disconnected from 168.144.92.125 port 49514 [preauth]
Jun 25 02:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13565]: pam_unix(cron:session): session closed for user root
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14865]: pam_unix(cron:session): session closed for user root
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14857]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: Successful su for rubyman by root
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: + ??? root:rubyman
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587451 of user rubyman.
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587451.
Jun 25 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14860]: pam_unix(cron:session): session closed for user root
Jun 25 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session closed for user root
Jun 25 02:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14858]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Invalid user deploy from 95.90.13.168
Jun 25 02:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: input_userauth_request: invalid user deploy [preauth]
Jun 25 02:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: Failed password for root from 197.248.8.33 port 57982 ssh2
Jun 25 02:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: Received disconnect from 197.248.8.33 port 57982:11: Bye Bye [preauth]
Jun 25 02:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: Disconnected from 197.248.8.33 port 57982 [preauth]
Jun 25 02:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13991]: pam_unix(cron:session): session closed for user root
Jun 25 02:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Failed password for invalid user deploy from 95.90.13.168 port 63596 ssh2
Jun 25 02:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Received disconnect from 95.90.13.168 port 63596:11: Bye Bye [preauth]
Jun 25 02:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Disconnected from 95.90.13.168 port 63596 [preauth]
Jun 25 02:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Invalid user ansible from 202.165.29.123
Jun 25 02:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: input_userauth_request: invalid user ansible [preauth]
Jun 25 02:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Failed password for invalid user ansible from 202.165.29.123 port 49458 ssh2
Jun 25 02:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Received disconnect from 202.165.29.123 port 49458:11: Bye Bye [preauth]
Jun 25 02:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Disconnected from 202.165.29.123 port 49458 [preauth]
Jun 25 02:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Failed password for root from 187.16.96.250 port 32854 ssh2
Jun 25 02:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Received disconnect from 187.16.96.250 port 32854:11: Bye Bye [preauth]
Jun 25 02:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Disconnected from 187.16.96.250 port 32854 [preauth]
Jun 25 02:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Invalid user user1 from 168.144.92.125
Jun 25 02:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: input_userauth_request: invalid user user1 [preauth]
Jun 25 02:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Failed password for invalid user user1 from 168.144.92.125 port 35756 ssh2
Jun 25 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Received disconnect from 168.144.92.125 port 35756:11: Bye Bye [preauth]
Jun 25 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Disconnected from 168.144.92.125 port 35756 [preauth]
Jun 25 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 02:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Failed password for root from 51.250.105.222 port 45830 ssh2
Jun 25 02:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15304]: Connection closed by 51.250.105.222 port 45830 [preauth]
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: Successful su for rubyman by root
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: + ??? root:rubyman
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587458 of user rubyman.
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587458.
Jun 25 02:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12699]: pam_unix(cron:session): session closed for user root
Jun 25 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14381]: pam_unix(cron:session): session closed for user root
Jun 25 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: Successful su for rubyman by root
Jun 25 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: + ??? root:rubyman
Jun 25 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587461 of user rubyman.
Jun 25 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587461.
Jun 25 02:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13155]: pam_unix(cron:session): session closed for user root
Jun 25 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15703]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: Invalid user root2 from 95.90.13.168
Jun 25 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: input_userauth_request: invalid user root2 [preauth]
Jun 25 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: Failed password for invalid user root2 from 95.90.13.168 port 60299 ssh2
Jun 25 02:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: Received disconnect from 95.90.13.168 port 60299:11: Bye Bye [preauth]
Jun 25 02:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: Disconnected from 95.90.13.168 port 60299 [preauth]
Jun 25 02:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14864]: pam_unix(cron:session): session closed for user root
Jun 25 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: Invalid user alex from 197.248.8.33
Jun 25 02:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: input_userauth_request: invalid user alex [preauth]
Jun 25 02:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: Failed password for root from 103.27.238.114 port 50216 ssh2
Jun 25 02:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: Connection closed by 103.27.238.114 port 50216 [preauth]
Jun 25 02:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Invalid user xr from 187.16.96.250
Jun 25 02:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: input_userauth_request: invalid user xr [preauth]
Jun 25 02:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: Failed password for invalid user alex from 197.248.8.33 port 39912 ssh2
Jun 25 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: Received disconnect from 197.248.8.33 port 39912:11: Bye Bye [preauth]
Jun 25 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: Disconnected from 197.248.8.33 port 39912 [preauth]
Jun 25 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Failed password for invalid user xr from 187.16.96.250 port 54088 ssh2
Jun 25 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Received disconnect from 187.16.96.250 port 54088:11: Bye Bye [preauth]
Jun 25 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Disconnected from 187.16.96.250 port 54088 [preauth]
Jun 25 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Invalid user luo from 168.144.92.125
Jun 25 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: input_userauth_request: invalid user luo [preauth]
Jun 25 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: Invalid user steam from 202.165.29.123
Jun 25 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: input_userauth_request: invalid user steam [preauth]
Jun 25 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Failed password for invalid user luo from 168.144.92.125 port 51002 ssh2
Jun 25 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: Failed password for invalid user steam from 202.165.29.123 port 46736 ssh2
Jun 25 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: Received disconnect from 202.165.29.123 port 46736:11: Bye Bye [preauth]
Jun 25 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16044]: Disconnected from 202.165.29.123 port 46736 [preauth]
Jun 25 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Received disconnect from 168.144.92.125 port 51002:11: Bye Bye [preauth]
Jun 25 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Disconnected from 168.144.92.125 port 51002 [preauth]
Jun 25 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16096]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16155]: Successful su for rubyman by root
Jun 25 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16155]: + ??? root:rubyman
Jun 25 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587466 of user rubyman.
Jun 25 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16155]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587466.
Jun 25 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13564]: pam_unix(cron:session): session closed for user root
Jun 25 02:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15310]: pam_unix(cron:session): session closed for user root
Jun 25 02:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Invalid user toby from 95.90.13.168
Jun 25 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: input_userauth_request: invalid user toby [preauth]
Jun 25 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Failed password for invalid user toby from 95.90.13.168 port 60753 ssh2
Jun 25 02:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Received disconnect from 95.90.13.168 port 60753:11: Bye Bye [preauth]
Jun 25 02:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Disconnected from 95.90.13.168 port 60753 [preauth]
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16483]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16548]: Successful su for rubyman by root
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16548]: + ??? root:rubyman
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587471 of user rubyman.
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16548]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587471.
Jun 25 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13990]: pam_unix(cron:session): session closed for user root
Jun 25 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: Invalid user rstudio from 168.144.92.125
Jun 25 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: input_userauth_request: invalid user rstudio [preauth]
Jun 25 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: Failed password for invalid user rstudio from 168.144.92.125 port 46578 ssh2
Jun 25 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: Received disconnect from 168.144.92.125 port 46578:11: Bye Bye [preauth]
Jun 25 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16767]: Disconnected from 168.144.92.125 port 46578 [preauth]
Jun 25 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: Invalid user test from 187.16.96.250
Jun 25 02:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: input_userauth_request: invalid user test [preauth]
Jun 25 02:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: Failed password for invalid user test from 187.16.96.250 port 57006 ssh2
Jun 25 02:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: Received disconnect from 187.16.96.250 port 57006:11: Bye Bye [preauth]
Jun 25 02:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16790]: Disconnected from 187.16.96.250 port 57006 [preauth]
Jun 25 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session closed for user root
Jun 25 02:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Invalid user redhat from 197.248.8.33
Jun 25 02:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: input_userauth_request: invalid user redhat [preauth]
Jun 25 02:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Failed password for invalid user redhat from 197.248.8.33 port 50072 ssh2
Jun 25 02:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Received disconnect from 197.248.8.33 port 50072:11: Bye Bye [preauth]
Jun 25 02:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Disconnected from 197.248.8.33 port 50072 [preauth]
Jun 25 02:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Invalid user wx from 202.165.29.123
Jun 25 02:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: input_userauth_request: invalid user wx [preauth]
Jun 25 02:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: Invalid user admin from 2.57.121.25
Jun 25 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: input_userauth_request: invalid user admin [preauth]
Jun 25 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 02:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Failed password for invalid user wx from 202.165.29.123 port 52872 ssh2
Jun 25 02:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Received disconnect from 202.165.29.123 port 52872:11: Bye Bye [preauth]
Jun 25 02:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Disconnected from 202.165.29.123 port 52872 [preauth]
Jun 25 02:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: Failed password for invalid user admin from 2.57.121.25 port 14936 ssh2
Jun 25 02:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: Failed password for invalid user admin from 2.57.121.25 port 14936 ssh2
Jun 25 02:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: Failed password for invalid user admin from 2.57.121.25 port 14936 ssh2
Jun 25 02:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: Connection closed by 2.57.121.25 port 14936 [preauth]
Jun 25 02:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17000]: pam_unix(cron:session): session closed for user root
Jun 25 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17069]: Successful su for rubyman by root
Jun 25 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17069]: + ??? root:rubyman
Jun 25 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587476 of user rubyman.
Jun 25 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17069]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587476.
Jun 25 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session closed for user root
Jun 25 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session closed for user root
Jun 25 02:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: Invalid user dev2 from 95.90.13.168
Jun 25 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: input_userauth_request: invalid user dev2 [preauth]
Jun 25 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: Failed password for invalid user dev2 from 95.90.13.168 port 64602 ssh2
Jun 25 02:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: Received disconnect from 95.90.13.168 port 64602:11: Bye Bye [preauth]
Jun 25 02:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: Disconnected from 95.90.13.168 port 64602 [preauth]
Jun 25 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session closed for user root
Jun 25 02:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: Connection closed by 194.59.206.2 port 61016 [preauth]
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17438]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17508]: Successful su for rubyman by root
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17508]: + ??? root:rubyman
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587479 of user rubyman.
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17508]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587479.
Jun 25 02:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14861]: pam_unix(cron:session): session closed for user root
Jun 25 02:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17439]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Invalid user deployer from 168.144.92.125
Jun 25 02:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: input_userauth_request: invalid user deployer [preauth]
Jun 25 02:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Failed password for invalid user deployer from 168.144.92.125 port 60402 ssh2
Jun 25 02:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Received disconnect from 168.144.92.125 port 60402:11: Bye Bye [preauth]
Jun 25 02:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Disconnected from 168.144.92.125 port 60402 [preauth]
Jun 25 02:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Invalid user test from 187.16.96.250
Jun 25 02:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: input_userauth_request: invalid user test [preauth]
Jun 25 02:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Failed password for invalid user test from 187.16.96.250 port 34078 ssh2
Jun 25 02:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Received disconnect from 187.16.96.250 port 34078:11: Bye Bye [preauth]
Jun 25 02:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Disconnected from 187.16.96.250 port 34078 [preauth]
Jun 25 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16486]: pam_unix(cron:session): session closed for user root
Jun 25 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: Invalid user nathan from 95.90.13.168
Jun 25 02:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: input_userauth_request: invalid user nathan [preauth]
Jun 25 02:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: Failed password for invalid user nathan from 95.90.13.168 port 61076 ssh2
Jun 25 02:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: Received disconnect from 95.90.13.168 port 61076:11: Bye Bye [preauth]
Jun 25 02:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17873]: Disconnected from 95.90.13.168 port 61076 [preauth]
Jun 25 02:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: Invalid user newuser from 197.248.8.33
Jun 25 02:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: input_userauth_request: invalid user newuser [preauth]
Jun 25 02:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: Failed password for invalid user newuser from 197.248.8.33 port 60232 ssh2
Jun 25 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: Received disconnect from 197.248.8.33 port 60232:11: Bye Bye [preauth]
Jun 25 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: Disconnected from 197.248.8.33 port 60232 [preauth]
Jun 25 02:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123  user=root
Jun 25 02:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Failed password for root from 202.165.29.123 port 59578 ssh2
Jun 25 02:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Received disconnect from 202.165.29.123 port 59578:11: Bye Bye [preauth]
Jun 25 02:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Disconnected from 202.165.29.123 port 59578 [preauth]
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18015]: Successful su for rubyman by root
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18015]: + ??? root:rubyman
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587483 of user rubyman.
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18015]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587483.
Jun 25 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15309]: pam_unix(cron:session): session closed for user root
Jun 25 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17948]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16999]: pam_unix(cron:session): session closed for user root
Jun 25 02:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125  user=root
Jun 25 02:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Failed password for root from 168.144.92.125 port 36178 ssh2
Jun 25 02:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Received disconnect from 168.144.92.125 port 36178:11: Bye Bye [preauth]
Jun 25 02:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Disconnected from 168.144.92.125 port 36178 [preauth]
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18395]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18527]: Successful su for rubyman by root
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18527]: + ??? root:rubyman
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587487 of user rubyman.
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18527]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587487.
Jun 25 02:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18631]: Invalid user dns from 187.16.96.250
Jun 25 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18631]: input_userauth_request: invalid user dns [preauth]
Jun 25 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18631]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session closed for user root
Jun 25 02:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18396]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18631]: Failed password for invalid user dns from 187.16.96.250 port 37786 ssh2
Jun 25 02:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18631]: Received disconnect from 187.16.96.250 port 37786:11: Bye Bye [preauth]
Jun 25 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18631]: Disconnected from 187.16.96.250 port 37786 [preauth]
Jun 25 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168  user=root
Jun 25 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Failed password for root from 95.90.13.168 port 62757 ssh2
Jun 25 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Received disconnect from 95.90.13.168 port 62757:11: Bye Bye [preauth]
Jun 25 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Disconnected from 95.90.13.168 port 62757 [preauth]
Jun 25 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session closed for user root
Jun 25 02:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: Invalid user test from 197.248.8.33
Jun 25 02:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: input_userauth_request: invalid user test [preauth]
Jun 25 02:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123  user=root
Jun 25 02:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: Failed password for invalid user test from 197.248.8.33 port 42162 ssh2
Jun 25 02:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: Received disconnect from 197.248.8.33 port 42162:11: Bye Bye [preauth]
Jun 25 02:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: Disconnected from 197.248.8.33 port 42162 [preauth]
Jun 25 02:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: Failed password for root from 202.165.29.123 port 43132 ssh2
Jun 25 02:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: Received disconnect from 202.165.29.123 port 43132:11: Bye Bye [preauth]
Jun 25 02:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: Disconnected from 202.165.29.123 port 43132 [preauth]
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18955]: Successful su for rubyman by root
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18955]: + ??? root:rubyman
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587493 of user rubyman.
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18955]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587493.
Jun 25 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16098]: pam_unix(cron:session): session closed for user root
Jun 25 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18897]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17950]: pam_unix(cron:session): session closed for user root
Jun 25 02:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19330]: Invalid user deb from 95.90.13.168
Jun 25 02:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19330]: input_userauth_request: invalid user deb [preauth]
Jun 25 02:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19330]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19330]: Failed password for invalid user deb from 95.90.13.168 port 61487 ssh2
Jun 25 02:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19330]: Received disconnect from 95.90.13.168 port 61487:11: Bye Bye [preauth]
Jun 25 02:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19330]: Disconnected from 95.90.13.168 port 61487 [preauth]
Jun 25 02:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125  user=root
Jun 25 02:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Failed password for root from 168.144.92.125 port 37882 ssh2
Jun 25 02:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Received disconnect from 168.144.92.125 port 37882:11: Bye Bye [preauth]
Jun 25 02:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Disconnected from 168.144.92.125 port 37882 [preauth]
Jun 25 02:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Failed password for root from 187.16.96.250 port 33966 ssh2
Jun 25 02:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Received disconnect from 187.16.96.250 port 33966:11: Bye Bye [preauth]
Jun 25 02:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Disconnected from 187.16.96.250 port 33966 [preauth]
Jun 25 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19401]: pam_unix(cron:session): session closed for user root
Jun 25 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19392]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19470]: Successful su for rubyman by root
Jun 25 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19470]: + ??? root:rubyman
Jun 25 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587499 of user rubyman.
Jun 25 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19470]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587499.
Jun 25 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19398]: pam_unix(cron:session): session closed for user root
Jun 25 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session closed for user root
Jun 25 02:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19397]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18398]: pam_unix(cron:session): session closed for user root
Jun 25 02:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123  user=root
Jun 25 02:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: Failed password for root from 197.248.8.33 port 52324 ssh2
Jun 25 02:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: Received disconnect from 197.248.8.33 port 52324:11: Bye Bye [preauth]
Jun 25 02:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: Disconnected from 197.248.8.33 port 52324 [preauth]
Jun 25 02:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: Failed password for root from 202.165.29.123 port 56864 ssh2
Jun 25 02:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: Received disconnect from 202.165.29.123 port 56864:11: Bye Bye [preauth]
Jun 25 02:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: Disconnected from 202.165.29.123 port 56864 [preauth]
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20040]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20107]: Successful su for rubyman by root
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20107]: + ??? root:rubyman
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587503 of user rubyman.
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20107]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587503.
Jun 25 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16998]: pam_unix(cron:session): session closed for user root
Jun 25 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20041]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: Invalid user temp from 95.90.13.168
Jun 25 02:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: input_userauth_request: invalid user temp [preauth]
Jun 25 02:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: Failed password for invalid user temp from 95.90.13.168 port 61335 ssh2
Jun 25 02:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: Received disconnect from 95.90.13.168 port 61335:11: Bye Bye [preauth]
Jun 25 02:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: Disconnected from 95.90.13.168 port 61335 [preauth]
Jun 25 02:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: Invalid user acuser from 168.144.92.125
Jun 25 02:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: input_userauth_request: invalid user acuser [preauth]
Jun 25 02:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18899]: pam_unix(cron:session): session closed for user root
Jun 25 02:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: Failed password for invalid user acuser from 168.144.92.125 port 34078 ssh2
Jun 25 02:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: Received disconnect from 168.144.92.125 port 34078:11: Bye Bye [preauth]
Jun 25 02:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: Disconnected from 168.144.92.125 port 34078 [preauth]
Jun 25 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Invalid user ethan from 187.16.96.250
Jun 25 02:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: input_userauth_request: invalid user ethan [preauth]
Jun 25 02:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Failed password for invalid user ethan from 187.16.96.250 port 41216 ssh2
Jun 25 02:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Received disconnect from 187.16.96.250 port 41216:11: Bye Bye [preauth]
Jun 25 02:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Disconnected from 187.16.96.250 port 41216 [preauth]
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20555]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20619]: Successful su for rubyman by root
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20619]: + ??? root:rubyman
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587505 of user rubyman.
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20619]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587505.
Jun 25 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session closed for user root
Jun 25 02:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20556]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19400]: pam_unix(cron:session): session closed for user root
Jun 25 02:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Invalid user wireguard from 95.90.13.168
Jun 25 02:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: input_userauth_request: invalid user wireguard [preauth]
Jun 25 02:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Failed password for invalid user wireguard from 95.90.13.168 port 63920 ssh2
Jun 25 02:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Received disconnect from 95.90.13.168 port 63920:11: Bye Bye [preauth]
Jun 25 02:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Disconnected from 95.90.13.168 port 63920 [preauth]
Jun 25 02:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21114]: Successful su for rubyman by root
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21114]: + ??? root:rubyman
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587511 of user rubyman.
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21114]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587511.
Jun 25 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: Invalid user raymond from 202.165.29.123
Jun 25 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: input_userauth_request: invalid user raymond [preauth]
Jun 25 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Failed password for root from 197.248.8.33 port 34246 ssh2
Jun 25 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Received disconnect from 197.248.8.33 port 34246:11: Bye Bye [preauth]
Jun 25 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Disconnected from 197.248.8.33 port 34246 [preauth]
Jun 25 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: Failed password for invalid user raymond from 202.165.29.123 port 38834 ssh2
Jun 25 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: Received disconnect from 202.165.29.123 port 38834:11: Bye Bye [preauth]
Jun 25 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: Disconnected from 202.165.29.123 port 38834 [preauth]
Jun 25 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17949]: pam_unix(cron:session): session closed for user root
Jun 25 02:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21049]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125  user=root
Jun 25 02:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: Failed password for root from 168.144.92.125 port 59112 ssh2
Jun 25 02:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: Received disconnect from 168.144.92.125 port 59112:11: Bye Bye [preauth]
Jun 25 02:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: Disconnected from 168.144.92.125 port 59112 [preauth]
Jun 25 02:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: Failed password for root from 187.16.96.250 port 57142 ssh2
Jun 25 02:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: Received disconnect from 187.16.96.250 port 57142:11: Bye Bye [preauth]
Jun 25 02:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21373]: Disconnected from 187.16.96.250 port 57142 [preauth]
Jun 25 02:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20043]: pam_unix(cron:session): session closed for user root
Jun 25 02:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 02:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21412]: Failed password for root from 80.66.85.226 port 41708 ssh2
Jun 25 02:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21412]: Connection closed by 80.66.85.226 port 41708 [preauth]
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21475]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21616]: Successful su for rubyman by root
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21616]: + ??? root:rubyman
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587514 of user rubyman.
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21616]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587514.
Jun 25 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21473]: pam_unix(cron:session): session closed for user root
Jun 25 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18397]: pam_unix(cron:session): session closed for user root
Jun 25 02:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21476]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168  user=root
Jun 25 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Failed password for root from 95.90.13.168 port 62833 ssh2
Jun 25 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Received disconnect from 95.90.13.168 port 62833:11: Bye Bye [preauth]
Jun 25 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Disconnected from 95.90.13.168 port 62833 [preauth]
Jun 25 02:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20558]: pam_unix(cron:session): session closed for user root
Jun 25 02:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 02:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21977]: Failed password for root from 103.82.20.28 port 46736 ssh2
Jun 25 02:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21977]: Connection closed by 103.82.20.28 port 46736 [preauth]
Jun 25 02:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Invalid user mitra from 168.144.92.125
Jun 25 02:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: input_userauth_request: invalid user mitra [preauth]
Jun 25 02:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Failed password for invalid user mitra from 168.144.92.125 port 59404 ssh2
Jun 25 02:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Received disconnect from 168.144.92.125 port 59404:11: Bye Bye [preauth]
Jun 25 02:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Disconnected from 168.144.92.125 port 59404 [preauth]
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session closed for user root
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21999]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22063]: Successful su for rubyman by root
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22063]: + ??? root:rubyman
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587521 of user rubyman.
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22063]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587521.
Jun 25 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Invalid user bitrix from 197.248.8.33
Jun 25 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: input_userauth_request: invalid user bitrix [preauth]
Jun 25 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18898]: pam_unix(cron:session): session closed for user root
Jun 25 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22001]: pam_unix(cron:session): session closed for user root
Jun 25 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Failed password for invalid user bitrix from 197.248.8.33 port 44406 ssh2
Jun 25 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Received disconnect from 197.248.8.33 port 44406:11: Bye Bye [preauth]
Jun 25 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Disconnected from 197.248.8.33 port 44406 [preauth]
Jun 25 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22000]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123  user=root
Jun 25 02:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: Failed password for root from 202.165.29.123 port 51774 ssh2
Jun 25 02:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: Received disconnect from 202.165.29.123 port 51774:11: Bye Bye [preauth]
Jun 25 02:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22284]: Disconnected from 202.165.29.123 port 51774 [preauth]
Jun 25 02:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: Invalid user alex from 187.16.96.250
Jun 25 02:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: input_userauth_request: invalid user alex [preauth]
Jun 25 02:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: Failed password for invalid user alex from 187.16.96.250 port 52142 ssh2
Jun 25 02:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: Received disconnect from 187.16.96.250 port 52142:11: Bye Bye [preauth]
Jun 25 02:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: Disconnected from 187.16.96.250 port 52142 [preauth]
Jun 25 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21051]: pam_unix(cron:session): session closed for user root
Jun 25 02:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168  user=root
Jun 25 02:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22507]: Failed password for root from 95.90.13.168 port 64137 ssh2
Jun 25 02:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22507]: Received disconnect from 95.90.13.168 port 64137:11: Bye Bye [preauth]
Jun 25 02:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22507]: Disconnected from 95.90.13.168 port 64137 [preauth]
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22526]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22595]: Successful su for rubyman by root
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22595]: + ??? root:rubyman
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587524 of user rubyman.
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22595]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587524.
Jun 25 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19399]: pam_unix(cron:session): session closed for user root
Jun 25 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22527]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21478]: pam_unix(cron:session): session closed for user root
Jun 25 02:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Invalid user teamspeak from 168.144.92.125
Jun 25 02:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 02:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Failed password for invalid user teamspeak from 168.144.92.125 port 58116 ssh2
Jun 25 02:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Received disconnect from 168.144.92.125 port 58116:11: Bye Bye [preauth]
Jun 25 02:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Disconnected from 168.144.92.125 port 58116 [preauth]
Jun 25 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22950]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23009]: Successful su for rubyman by root
Jun 25 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23009]: + ??? root:rubyman
Jun 25 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587530 of user rubyman.
Jun 25 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23009]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587530.
Jun 25 02:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20042]: pam_unix(cron:session): session closed for user root
Jun 25 02:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22951]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: Invalid user pentest from 187.16.96.250
Jun 25 02:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: input_userauth_request: invalid user pentest [preauth]
Jun 25 02:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: Failed password for invalid user pentest from 187.16.96.250 port 49898 ssh2
Jun 25 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: Received disconnect from 187.16.96.250 port 49898:11: Bye Bye [preauth]
Jun 25 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: Disconnected from 187.16.96.250 port 49898 [preauth]
Jun 25 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Invalid user lisi from 202.165.29.123
Jun 25 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: input_userauth_request: invalid user lisi [preauth]
Jun 25 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Failed password for invalid user lisi from 202.165.29.123 port 34578 ssh2
Jun 25 02:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Received disconnect from 202.165.29.123 port 34578:11: Bye Bye [preauth]
Jun 25 02:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Disconnected from 202.165.29.123 port 34578 [preauth]
Jun 25 02:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23219]: Failed password for root from 197.248.8.33 port 54576 ssh2
Jun 25 02:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23219]: Received disconnect from 197.248.8.33 port 54576:11: Bye Bye [preauth]
Jun 25 02:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23219]: Disconnected from 197.248.8.33 port 54576 [preauth]
Jun 25 02:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168  user=root
Jun 25 02:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Failed password for root from 95.90.13.168 port 59312 ssh2
Jun 25 02:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Received disconnect from 95.90.13.168 port 59312:11: Bye Bye [preauth]
Jun 25 02:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Disconnected from 95.90.13.168 port 59312 [preauth]
Jun 25 02:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22003]: pam_unix(cron:session): session closed for user root
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23368]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23431]: Successful su for rubyman by root
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23431]: + ??? root:rubyman
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587532 of user rubyman.
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23431]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587532.
Jun 25 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20557]: pam_unix(cron:session): session closed for user root
Jun 25 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23370]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Invalid user admin from 168.144.92.125
Jun 25 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: input_userauth_request: invalid user admin [preauth]
Jun 25 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Failed password for invalid user admin from 168.144.92.125 port 35600 ssh2
Jun 25 02:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Received disconnect from 168.144.92.125 port 35600:11: Bye Bye [preauth]
Jun 25 02:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Disconnected from 168.144.92.125 port 35600 [preauth]
Jun 25 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22529]: pam_unix(cron:session): session closed for user root
Jun 25 02:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Invalid user pwserver from 95.90.13.168
Jun 25 02:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: input_userauth_request: invalid user pwserver [preauth]
Jun 25 02:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Failed password for invalid user pwserver from 95.90.13.168 port 59398 ssh2
Jun 25 02:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Received disconnect from 95.90.13.168 port 59398:11: Bye Bye [preauth]
Jun 25 02:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Disconnected from 95.90.13.168 port 59398 [preauth]
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23793]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23790]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23948]: Successful su for rubyman by root
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23948]: + ??? root:rubyman
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587536 of user rubyman.
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23948]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587536.
Jun 25 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21050]: pam_unix(cron:session): session closed for user root
Jun 25 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23945]: Failed password for root from 187.16.96.250 port 44064 ssh2
Jun 25 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23945]: Received disconnect from 187.16.96.250 port 44064:11: Bye Bye [preauth]
Jun 25 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23945]: Disconnected from 187.16.96.250 port 44064 [preauth]
Jun 25 02:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23791]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: Invalid user debian from 202.165.29.123
Jun 25 02:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: input_userauth_request: invalid user debian [preauth]
Jun 25 02:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: Failed password for invalid user debian from 202.165.29.123 port 59716 ssh2
Jun 25 02:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: Received disconnect from 202.165.29.123 port 59716:11: Bye Bye [preauth]
Jun 25 02:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: Disconnected from 202.165.29.123 port 59716 [preauth]
Jun 25 02:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Failed password for root from 197.248.8.33 port 36502 ssh2
Jun 25 02:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Received disconnect from 197.248.8.33 port 36502:11: Bye Bye [preauth]
Jun 25 02:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Disconnected from 197.248.8.33 port 36502 [preauth]
Jun 25 02:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 02:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: Failed password for root from 103.27.238.116 port 57004 ssh2
Jun 25 02:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: Connection closed by 103.27.238.116 port 57004 [preauth]
Jun 25 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22953]: pam_unix(cron:session): session closed for user root
Jun 25 02:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 25 02:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.77.24.24
Jun 25 02:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 02:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Failed password for root from 103.82.132.16 port 41492 ssh2
Jun 25 02:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Connection closed by 103.82.132.16 port 41492 [preauth]
Jun 25 02:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Invalid user send from 79.125.162.32
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: input_userauth_request: invalid user send [preauth]
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24345]: pam_unix(cron:session): session closed for user root
Jun 25 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24339]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24405]: Successful su for rubyman by root
Jun 25 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24405]: + ??? root:rubyman
Jun 25 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587544 of user rubyman.
Jun 25 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24405]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587544.
Jun 25 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Failed password for invalid user send from 79.125.162.32 port 52691 ssh2
Jun 25 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Received disconnect from 79.125.162.32 port 52691:11: Bye Bye [preauth]
Jun 25 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Disconnected from 79.125.162.32 port 52691 [preauth]
Jun 25 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24342]: pam_unix(cron:session): session closed for user root
Jun 25 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21477]: pam_unix(cron:session): session closed for user root
Jun 25 02:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Invalid user openvpn from 168.144.92.125
Jun 25 02:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: input_userauth_request: invalid user openvpn [preauth]
Jun 25 02:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24340]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Failed password for invalid user openvpn from 168.144.92.125 port 53042 ssh2
Jun 25 02:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Received disconnect from 168.144.92.125 port 53042:11: Bye Bye [preauth]
Jun 25 02:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Disconnected from 168.144.92.125 port 53042 [preauth]
Jun 25 02:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Invalid user lam from 95.90.13.168
Jun 25 02:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: input_userauth_request: invalid user lam [preauth]
Jun 25 02:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Failed password for invalid user lam from 95.90.13.168 port 61662 ssh2
Jun 25 02:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Received disconnect from 95.90.13.168 port 61662:11: Bye Bye [preauth]
Jun 25 02:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Disconnected from 95.90.13.168 port 61662 [preauth]
Jun 25 02:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23372]: pam_unix(cron:session): session closed for user root
Jun 25 02:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Invalid user mauricio from 141.98.83.240
Jun 25 02:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: input_userauth_request: invalid user mauricio [preauth]
Jun 25 02:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 02:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Failed password for invalid user mauricio from 141.98.83.240 port 39210 ssh2
Jun 25 02:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Failed password for invalid user mauricio from 141.98.83.240 port 39210 ssh2
Jun 25 02:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Failed password for invalid user mauricio from 141.98.83.240 port 39210 ssh2
Jun 25 02:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Connection closed by 141.98.83.240 port 39210 [preauth]
Jun 25 02:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 02:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Failed password for root from 187.16.96.250 port 52218 ssh2
Jun 25 02:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Received disconnect from 187.16.96.250 port 52218:11: Bye Bye [preauth]
Jun 25 02:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Disconnected from 187.16.96.250 port 52218 [preauth]
Jun 25 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24865]: Successful su for rubyman by root
Jun 25 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24865]: + ??? root:rubyman
Jun 25 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587547 of user rubyman.
Jun 25 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24865]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587547.
Jun 25 02:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22002]: pam_unix(cron:session): session closed for user root
Jun 25 02:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123  user=root
Jun 25 02:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: Failed password for root from 202.165.29.123 port 47230 ssh2
Jun 25 02:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: Received disconnect from 202.165.29.123 port 47230:11: Bye Bye [preauth]
Jun 25 02:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: Disconnected from 202.165.29.123 port 47230 [preauth]
Jun 25 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Failed password for root from 197.248.8.33 port 46660 ssh2
Jun 25 02:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Received disconnect from 197.248.8.33 port 46660:11: Bye Bye [preauth]
Jun 25 02:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Disconnected from 197.248.8.33 port 46660 [preauth]
Jun 25 02:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23793]: pam_unix(cron:session): session closed for user root
Jun 25 02:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25187]: Invalid user harish from 36.92.41.115
Jun 25 02:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25187]: input_userauth_request: invalid user harish [preauth]
Jun 25 02:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25187]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 02:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25187]: Failed password for invalid user harish from 36.92.41.115 port 45278 ssh2
Jun 25 02:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25187]: Received disconnect from 36.92.41.115 port 45278:11: Bye Bye [preauth]
Jun 25 02:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25187]: Disconnected from 36.92.41.115 port 45278 [preauth]
Jun 25 02:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Invalid user sonarqube from 95.90.13.168
Jun 25 02:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: input_userauth_request: invalid user sonarqube [preauth]
Jun 25 02:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Failed password for invalid user sonarqube from 95.90.13.168 port 59814 ssh2
Jun 25 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Received disconnect from 95.90.13.168 port 59814:11: Bye Bye [preauth]
Jun 25 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Disconnected from 95.90.13.168 port 59814 [preauth]
Jun 25 02:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125  user=root
Jun 25 02:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25202]: Failed password for root from 168.144.92.125 port 36408 ssh2
Jun 25 02:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25202]: Received disconnect from 168.144.92.125 port 36408:11: Bye Bye [preauth]
Jun 25 02:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25202]: Disconnected from 168.144.92.125 port 36408 [preauth]
Jun 25 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25214]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25271]: Successful su for rubyman by root
Jun 25 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25271]: + ??? root:rubyman
Jun 25 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587552 of user rubyman.
Jun 25 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25271]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587552.
Jun 25 02:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22528]: pam_unix(cron:session): session closed for user root
Jun 25 02:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25215]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24344]: pam_unix(cron:session): session closed for user root
Jun 25 02:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Failed password for root from 187.16.96.250 port 43514 ssh2
Jun 25 02:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Received disconnect from 187.16.96.250 port 43514:11: Bye Bye [preauth]
Jun 25 02:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Disconnected from 187.16.96.250 port 43514 [preauth]
Jun 25 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: Successful su for rubyman by root
Jun 25 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: + ??? root:rubyman
Jun 25 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587554 of user rubyman.
Jun 25 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587554.
Jun 25 02:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22952]: pam_unix(cron:session): session closed for user root
Jun 25 02:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: Invalid user admin from 202.165.29.123
Jun 25 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: input_userauth_request: invalid user admin [preauth]
Jun 25 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: Failed password for invalid user admin from 202.165.29.123 port 33312 ssh2
Jun 25 02:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: Received disconnect from 202.165.29.123 port 33312:11: Bye Bye [preauth]
Jun 25 02:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25872]: Disconnected from 202.165.29.123 port 33312 [preauth]
Jun 25 02:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168  user=root
Jun 25 02:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25906]: Failed password for root from 95.90.13.168 port 59388 ssh2
Jun 25 02:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25906]: Received disconnect from 95.90.13.168 port 59388:11: Bye Bye [preauth]
Jun 25 02:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25906]: Disconnected from 95.90.13.168 port 59388 [preauth]
Jun 25 02:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Invalid user ftpuser from 197.248.8.33
Jun 25 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session closed for user root
Jun 25 02:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Failed password for invalid user ftpuser from 197.248.8.33 port 56818 ssh2
Jun 25 02:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Received disconnect from 197.248.8.33 port 56818:11: Bye Bye [preauth]
Jun 25 02:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Disconnected from 197.248.8.33 port 56818 [preauth]
Jun 25 02:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Invalid user jira from 168.144.92.125
Jun 25 02:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: input_userauth_request: invalid user jira [preauth]
Jun 25 02:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Failed password for invalid user jira from 168.144.92.125 port 55524 ssh2
Jun 25 02:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Received disconnect from 168.144.92.125 port 55524:11: Bye Bye [preauth]
Jun 25 02:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Disconnected from 168.144.92.125 port 55524 [preauth]
Jun 25 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26003]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26061]: Successful su for rubyman by root
Jun 25 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26061]: + ??? root:rubyman
Jun 25 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587559 of user rubyman.
Jun 25 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26061]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587559.
Jun 25 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23371]: pam_unix(cron:session): session closed for user root
Jun 25 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26004]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Invalid user AdminGPON from 45.148.10.121
Jun 25 02:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: input_userauth_request: invalid user AdminGPON [preauth]
Jun 25 02:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 02:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Failed password for invalid user AdminGPON from 45.148.10.121 port 45490 ssh2
Jun 25 02:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Connection closed by 45.148.10.121 port 45490 [preauth]
Jun 25 02:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session closed for user root
Jun 25 02:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: Invalid user user from 193.46.255.86
Jun 25 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: input_userauth_request: invalid user user [preauth]
Jun 25 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: Invalid user redhat from 187.16.96.250
Jun 25 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: input_userauth_request: invalid user redhat [preauth]
Jun 25 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: Failed password for invalid user user from 193.46.255.86 port 58452 ssh2
Jun 25 02:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: Failed password for invalid user redhat from 187.16.96.250 port 38180 ssh2
Jun 25 02:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: Received disconnect from 187.16.96.250 port 38180:11: Bye Bye [preauth]
Jun 25 02:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: Disconnected from 187.16.96.250 port 38180 [preauth]
Jun 25 02:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: Failed password for invalid user user from 193.46.255.86 port 58452 ssh2
Jun 25 02:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: Failed password for invalid user user from 193.46.255.86 port 58452 ssh2
Jun 25 02:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: Connection closed by 193.46.255.86 port 58452 [preauth]
Jun 25 02:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26352]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 02:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: Invalid user admin from 95.90.13.168
Jun 25 02:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: input_userauth_request: invalid user admin [preauth]
Jun 25 02:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: Failed password for invalid user admin from 95.90.13.168 port 64402 ssh2
Jun 25 02:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: Received disconnect from 95.90.13.168 port 64402:11: Bye Bye [preauth]
Jun 25 02:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: Disconnected from 95.90.13.168 port 64402 [preauth]
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26409]: pam_unix(cron:session): session closed for user root
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26404]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: Successful su for rubyman by root
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: + ??? root:rubyman
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587562 of user rubyman.
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26469]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587562.
Jun 25 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session closed for user root
Jun 25 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23792]: pam_unix(cron:session): session closed for user root
Jun 25 02:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Invalid user luis from 202.165.29.123
Jun 25 02:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: input_userauth_request: invalid user luis [preauth]
Jun 25 02:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Failed password for invalid user luis from 202.165.29.123 port 60182 ssh2
Jun 25 02:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Received disconnect from 202.165.29.123 port 60182:11: Bye Bye [preauth]
Jun 25 02:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Disconnected from 202.165.29.123 port 60182 [preauth]
Jun 25 02:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 25 02:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Failed password for root from 187.192.86.153 port 35438 ssh2
Jun 25 02:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Received disconnect from 187.192.86.153 port 35438:11: Bye Bye [preauth]
Jun 25 02:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Disconnected from 187.192.86.153 port 35438 [preauth]
Jun 25 02:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125  user=root
Jun 25 02:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: Failed password for root from 168.144.92.125 port 54422 ssh2
Jun 25 02:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: Received disconnect from 168.144.92.125 port 54422:11: Bye Bye [preauth]
Jun 25 02:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: Disconnected from 168.144.92.125 port 54422 [preauth]
Jun 25 02:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25614]: pam_unix(cron:session): session closed for user root
Jun 25 02:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26839]: Failed password for root from 197.248.8.33 port 38748 ssh2
Jun 25 02:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26839]: Received disconnect from 197.248.8.33 port 38748:11: Bye Bye [preauth]
Jun 25 02:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26839]: Disconnected from 197.248.8.33 port 38748 [preauth]
Jun 25 02:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 02:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Failed password for root from 103.122.221.179 port 38038 ssh2
Jun 25 02:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Connection closed by 103.122.221.179 port 38038 [preauth]
Jun 25 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26921]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26988]: Successful su for rubyman by root
Jun 25 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26988]: + ??? root:rubyman
Jun 25 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587568 of user rubyman.
Jun 25 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26988]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587568.
Jun 25 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24343]: pam_unix(cron:session): session closed for user root
Jun 25 02:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26920]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168  user=root
Jun 25 02:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Failed password for root from 95.90.13.168 port 61842 ssh2
Jun 25 02:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Received disconnect from 95.90.13.168 port 61842:11: Bye Bye [preauth]
Jun 25 02:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Disconnected from 95.90.13.168 port 61842 [preauth]
Jun 25 02:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Invalid user ftpuser from 187.16.96.250
Jun 25 02:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 02:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Failed password for invalid user ftpuser from 187.16.96.250 port 35060 ssh2
Jun 25 02:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Received disconnect from 187.16.96.250 port 35060:11: Bye Bye [preauth]
Jun 25 02:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Disconnected from 187.16.96.250 port 35060 [preauth]
Jun 25 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26006]: pam_unix(cron:session): session closed for user root
Jun 25 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27353]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27415]: Successful su for rubyman by root
Jun 25 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27415]: + ??? root:rubyman
Jun 25 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587572 of user rubyman.
Jun 25 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27415]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587572.
Jun 25 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session closed for user root
Jun 25 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27617]: Invalid user myuser from 168.144.92.125
Jun 25 02:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27617]: input_userauth_request: invalid user myuser [preauth]
Jun 25 02:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27617]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.144.92.125
Jun 25 02:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27617]: Failed password for invalid user myuser from 168.144.92.125 port 47934 ssh2
Jun 25 02:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27617]: Received disconnect from 168.144.92.125 port 47934:11: Bye Bye [preauth]
Jun 25 02:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27617]: Disconnected from 168.144.92.125 port 47934 [preauth]
Jun 25 02:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27648]: Invalid user paulina from 202.165.29.123
Jun 25 02:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27648]: input_userauth_request: invalid user paulina [preauth]
Jun 25 02:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27648]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27648]: Failed password for invalid user paulina from 202.165.29.123 port 54112 ssh2
Jun 25 02:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27648]: Received disconnect from 202.165.29.123 port 54112:11: Bye Bye [preauth]
Jun 25 02:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27648]: Disconnected from 202.165.29.123 port 54112 [preauth]
Jun 25 02:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26408]: pam_unix(cron:session): session closed for user root
Jun 25 02:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27710]: Failed password for root from 197.248.8.33 port 48902 ssh2
Jun 25 02:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27710]: Received disconnect from 197.248.8.33 port 48902:11: Bye Bye [preauth]
Jun 25 02:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27710]: Disconnected from 197.248.8.33 port 48902 [preauth]
Jun 25 02:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Invalid user victor from 103.112.173.87
Jun 25 02:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: input_userauth_request: invalid user victor [preauth]
Jun 25 02:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 02:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Failed password for invalid user victor from 103.112.173.87 port 54592 ssh2
Jun 25 02:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Received disconnect from 103.112.173.87 port 54592:11: Bye Bye [preauth]
Jun 25 02:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Disconnected from 103.112.173.87 port 54592 [preauth]
Jun 25 02:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Invalid user minecraft from 95.90.13.168
Jun 25 02:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 02:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.90.13.168
Jun 25 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Failed password for invalid user minecraft from 95.90.13.168 port 61762 ssh2
Jun 25 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Received disconnect from 95.90.13.168 port 61762:11: Bye Bye [preauth]
Jun 25 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Disconnected from 95.90.13.168 port 61762 [preauth]
Jun 25 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27770]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27830]: Successful su for rubyman by root
Jun 25 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27830]: + ??? root:rubyman
Jun 25 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587576 of user rubyman.
Jun 25 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27830]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587576.
Jun 25 02:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session closed for user root
Jun 25 02:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27771]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: Invalid user alex from 187.16.96.250
Jun 25 02:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: input_userauth_request: invalid user alex [preauth]
Jun 25 02:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: Failed password for invalid user alex from 187.16.96.250 port 59430 ssh2
Jun 25 02:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: Received disconnect from 187.16.96.250 port 59430:11: Bye Bye [preauth]
Jun 25 02:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: Disconnected from 187.16.96.250 port 59430 [preauth]
Jun 25 02:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26922]: pam_unix(cron:session): session closed for user root
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28230]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28290]: Successful su for rubyman by root
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28290]: + ??? root:rubyman
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587580 of user rubyman.
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28290]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587580.
Jun 25 02:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session closed for user root
Jun 25 02:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28231]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: Invalid user tina from 202.165.29.123
Jun 25 02:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: input_userauth_request: invalid user tina [preauth]
Jun 25 02:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: Failed password for invalid user tina from 202.165.29.123 port 37426 ssh2
Jun 25 02:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: Received disconnect from 202.165.29.123 port 37426:11: Bye Bye [preauth]
Jun 25 02:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: Disconnected from 202.165.29.123 port 37426 [preauth]
Jun 25 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27356]: pam_unix(cron:session): session closed for user root
Jun 25 02:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 02:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Failed password for root from 197.248.8.33 port 59060 ssh2
Jun 25 02:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Received disconnect from 197.248.8.33 port 59060:11: Bye Bye [preauth]
Jun 25 02:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Disconnected from 197.248.8.33 port 59060 [preauth]
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28733]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28734]: pam_unix(cron:session): session closed for user root
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: Successful su for rubyman by root
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: + ??? root:rubyman
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587585 of user rubyman.
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587585.
Jun 25 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28730]: pam_unix(cron:session): session closed for user root
Jun 25 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26005]: pam_unix(cron:session): session closed for user root
Jun 25 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28727]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29022]: Invalid user newuser from 187.16.96.250
Jun 25 02:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29022]: input_userauth_request: invalid user newuser [preauth]
Jun 25 02:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29022]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29022]: Failed password for invalid user newuser from 187.16.96.250 port 44736 ssh2
Jun 25 02:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29022]: Received disconnect from 187.16.96.250 port 44736:11: Bye Bye [preauth]
Jun 25 02:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29022]: Disconnected from 187.16.96.250 port 44736 [preauth]
Jun 25 02:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: Invalid user comercial from 36.92.41.115
Jun 25 02:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: input_userauth_request: invalid user comercial [preauth]
Jun 25 02:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 02:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: Failed password for invalid user comercial from 36.92.41.115 port 65524 ssh2
Jun 25 02:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: Received disconnect from 36.92.41.115 port 65524:11: Bye Bye [preauth]
Jun 25 02:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: Disconnected from 36.92.41.115 port 65524 [preauth]
Jun 25 02:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 02:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29060]: Failed password for root from 38.93.206.2 port 20284 ssh2
Jun 25 02:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29060]: Connection closed by 38.93.206.2 port 20284 [preauth]
Jun 25 02:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27773]: pam_unix(cron:session): session closed for user root
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29183]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29265]: Successful su for rubyman by root
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29265]: + ??? root:rubyman
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587590 of user rubyman.
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29265]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587590.
Jun 25 02:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session closed for user root
Jun 25 02:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Invalid user gm from 103.112.173.87
Jun 25 02:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: input_userauth_request: invalid user gm [preauth]
Jun 25 02:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 02:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Failed password for invalid user gm from 103.112.173.87 port 52182 ssh2
Jun 25 02:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Received disconnect from 103.112.173.87 port 52182:11: Bye Bye [preauth]
Jun 25 02:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Disconnected from 103.112.173.87 port 52182 [preauth]
Jun 25 02:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Invalid user user05 from 202.165.29.123
Jun 25 02:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: input_userauth_request: invalid user user05 [preauth]
Jun 25 02:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Failed password for invalid user user05 from 202.165.29.123 port 35200 ssh2
Jun 25 02:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Received disconnect from 202.165.29.123 port 35200:11: Bye Bye [preauth]
Jun 25 02:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Disconnected from 202.165.29.123 port 35200 [preauth]
Jun 25 02:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28233]: pam_unix(cron:session): session closed for user root
Jun 25 02:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Invalid user alex from 197.248.8.33
Jun 25 02:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: input_userauth_request: invalid user alex [preauth]
Jun 25 02:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Failed password for invalid user alex from 197.248.8.33 port 40984 ssh2
Jun 25 02:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Received disconnect from 197.248.8.33 port 40984:11: Bye Bye [preauth]
Jun 25 02:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Disconnected from 197.248.8.33 port 40984 [preauth]
Jun 25 02:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 02:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Failed password for root from 187.16.96.250 port 60346 ssh2
Jun 25 02:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Received disconnect from 187.16.96.250 port 60346:11: Bye Bye [preauth]
Jun 25 02:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Disconnected from 187.16.96.250 port 60346 [preauth]
Jun 25 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29714]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29794]: Successful su for rubyman by root
Jun 25 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29794]: + ??? root:rubyman
Jun 25 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587594 of user rubyman.
Jun 25 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29794]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587594.
Jun 25 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Invalid user yana from 36.92.41.115
Jun 25 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: input_userauth_request: invalid user yana [preauth]
Jun 25 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 02:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26921]: pam_unix(cron:session): session closed for user root
Jun 25 02:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Failed password for invalid user yana from 36.92.41.115 port 2308 ssh2
Jun 25 02:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Received disconnect from 36.92.41.115 port 2308:11: Bye Bye [preauth]
Jun 25 02:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Disconnected from 36.92.41.115 port 2308 [preauth]
Jun 25 02:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29715]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28733]: pam_unix(cron:session): session closed for user root
Jun 25 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30159]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30227]: Successful su for rubyman by root
Jun 25 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30227]: + ??? root:rubyman
Jun 25 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587598 of user rubyman.
Jun 25 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30227]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587598.
Jun 25 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session closed for user root
Jun 25 02:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30161]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Invalid user brian from 202.165.29.123
Jun 25 02:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: input_userauth_request: invalid user brian [preauth]
Jun 25 02:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 02:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Failed password for invalid user brian from 202.165.29.123 port 38488 ssh2
Jun 25 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Received disconnect from 202.165.29.123 port 38488:11: Bye Bye [preauth]
Jun 25 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Disconnected from 202.165.29.123 port 38488 [preauth]
Jun 25 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29186]: pam_unix(cron:session): session closed for user root
Jun 25 02:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: Invalid user prueba from 187.16.96.250
Jun 25 02:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: input_userauth_request: invalid user prueba [preauth]
Jun 25 02:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 02:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: Failed password for invalid user prueba from 187.16.96.250 port 45292 ssh2
Jun 25 02:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: Received disconnect from 187.16.96.250 port 45292:11: Bye Bye [preauth]
Jun 25 02:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: Disconnected from 187.16.96.250 port 45292 [preauth]
Jun 25 02:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: Invalid user zimbra from 197.248.8.33
Jun 25 02:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: input_userauth_request: invalid user zimbra [preauth]
Jun 25 02:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 02:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: Failed password for invalid user zimbra from 197.248.8.33 port 51144 ssh2
Jun 25 02:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: Received disconnect from 197.248.8.33 port 51144:11: Bye Bye [preauth]
Jun 25 02:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: Disconnected from 197.248.8.33 port 51144 [preauth]
Jun 25 02:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Invalid user oper from 36.92.41.115
Jun 25 02:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: input_userauth_request: invalid user oper [preauth]
Jun 25 02:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30576]: pam_unix(cron:session): session closed for user p13x
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30649]: Successful su for rubyman by root
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30649]: + ??? root:rubyman
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587603 of user rubyman.
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30649]: pam_unix(su:session): session closed for user rubyman
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587603.
Jun 25 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Failed password for invalid user oper from 36.92.41.115 port 58141 ssh2
Jun 25 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Received disconnect from 36.92.41.115 port 58141:11: Bye Bye [preauth]
Jun 25 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Disconnected from 36.92.41.115 port 58141 [preauth]
Jun 25 02:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27772]: pam_unix(cron:session): session closed for user root
Jun 25 02:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30577]: pam_unix(cron:session): session closed for user samftp
Jun 25 02:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 02:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: Failed password for root from 103.153.68.219 port 52016 ssh2
Jun 25 02:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: Connection closed by 103.153.68.219 port 52016 [preauth]
Jun 25 02:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29718]: pam_unix(cron:session): session closed for user root
Jun 25 02:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 02:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31062]: Invalid user marcus from 103.112.173.87
Jun 25 02:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31062]: input_userauth_request: invalid user marcus [preauth]
Jun 25 02:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31062]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 02:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 02:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31062]: Failed password for invalid user marcus from 103.112.173.87 port 50232 ssh2
Jun 25 02:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31062]: Received disconnect from 103.112.173.87 port 50232:11: Bye Bye [preauth]
Jun 25 02:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31062]: Disconnected from 103.112.173.87 port 50232 [preauth]
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session closed for user root
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31085]: pam_unix(cron:session): session closed for user root
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31083]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31173]: Successful su for rubyman by root
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31173]: + ??? root:rubyman
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587606 of user rubyman.
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31173]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587606.
Jun 25 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session closed for user root
Jun 25 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28232]: pam_unix(cron:session): session closed for user root
Jun 25 03:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31084]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Invalid user debian from 202.165.29.123
Jun 25 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: input_userauth_request: invalid user debian [preauth]
Jun 25 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30163]: pam_unix(cron:session): session closed for user root
Jun 25 03:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Failed password for invalid user debian from 202.165.29.123 port 46336 ssh2
Jun 25 03:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Received disconnect from 202.165.29.123 port 46336:11: Bye Bye [preauth]
Jun 25 03:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Disconnected from 202.165.29.123 port 46336 [preauth]
Jun 25 03:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250  user=root
Jun 25 03:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: Failed password for root from 187.16.96.250 port 41174 ssh2
Jun 25 03:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: Received disconnect from 187.16.96.250 port 41174:11: Bye Bye [preauth]
Jun 25 03:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: Disconnected from 187.16.96.250 port 41174 [preauth]
Jun 25 03:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Invalid user dockeruser from 36.92.41.115
Jun 25 03:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: input_userauth_request: invalid user dockeruser [preauth]
Jun 25 03:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Failed password for invalid user dockeruser from 36.92.41.115 port 6508 ssh2
Jun 25 03:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Received disconnect from 36.92.41.115 port 6508:11: Bye Bye [preauth]
Jun 25 03:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Disconnected from 36.92.41.115 port 6508 [preauth]
Jun 25 03:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Invalid user ethan from 197.248.8.33
Jun 25 03:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: input_userauth_request: invalid user ethan [preauth]
Jun 25 03:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33
Jun 25 03:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Failed password for invalid user ethan from 197.248.8.33 port 33074 ssh2
Jun 25 03:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Received disconnect from 197.248.8.33 port 33074:11: Bye Bye [preauth]
Jun 25 03:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Disconnected from 197.248.8.33 port 33074 [preauth]
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31693]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31762]: Successful su for rubyman by root
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31762]: + ??? root:rubyman
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587614 of user rubyman.
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31762]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587614.
Jun 25 03:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28731]: pam_unix(cron:session): session closed for user root
Jun 25 03:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31694]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 03:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32014]: Failed password for root from 103.77.242.62 port 45106 ssh2
Jun 25 03:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32014]: Connection closed by 103.77.242.62 port 45106 [preauth]
Jun 25 03:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30579]: pam_unix(cron:session): session closed for user root
Jun 25 03:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: Did not receive identification string from 111.70.1.128
Jun 25 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32119]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: Successful su for rubyman by root
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: + ??? root:rubyman
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587619 of user rubyman.
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587619.
Jun 25 03:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session closed for user root
Jun 25 03:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32120]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Invalid user test from 36.92.41.115
Jun 25 03:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: input_userauth_request: invalid user test [preauth]
Jun 25 03:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Invalid user tan from 187.16.96.250
Jun 25 03:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: input_userauth_request: invalid user tan [preauth]
Jun 25 03:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.16.96.250
Jun 25 03:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Failed password for invalid user test from 36.92.41.115 port 24634 ssh2
Jun 25 03:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Received disconnect from 36.92.41.115 port 24634:11: Bye Bye [preauth]
Jun 25 03:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Disconnected from 36.92.41.115 port 24634 [preauth]
Jun 25 03:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Failed password for invalid user tan from 187.16.96.250 port 42340 ssh2
Jun 25 03:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Received disconnect from 187.16.96.250 port 42340:11: Bye Bye [preauth]
Jun 25 03:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Disconnected from 187.16.96.250 port 42340 [preauth]
Jun 25 03:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session closed for user root
Jun 25 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Invalid user khalil from 202.165.29.123
Jun 25 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: input_userauth_request: invalid user khalil [preauth]
Jun 25 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.29.123
Jun 25 03:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Failed password for invalid user khalil from 202.165.29.123 port 57804 ssh2
Jun 25 03:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Received disconnect from 202.165.29.123 port 57804:11: Bye Bye [preauth]
Jun 25 03:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Disconnected from 202.165.29.123 port 57804 [preauth]
Jun 25 03:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: Invalid user opensips from 79.125.162.32
Jun 25 03:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: input_userauth_request: invalid user opensips [preauth]
Jun 25 03:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: Failed password for invalid user opensips from 79.125.162.32 port 56023 ssh2
Jun 25 03:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: Received disconnect from 79.125.162.32 port 56023:11: Bye Bye [preauth]
Jun 25 03:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: Disconnected from 79.125.162.32 port 56023 [preauth]
Jun 25 03:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 03:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: Failed password for root from 202.178.126.219 port 31631 ssh2
Jun 25 03:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: Connection closed by 202.178.126.219 port 31631 [preauth]
Jun 25 03:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.8.33  user=root
Jun 25 03:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Failed password for root from 197.248.8.33 port 43236 ssh2
Jun 25 03:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Received disconnect from 197.248.8.33 port 43236:11: Bye Bye [preauth]
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Disconnected from 197.248.8.33 port 43236 [preauth]
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: Successful su for rubyman by root
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: + ??? root:rubyman
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587621 of user rubyman.
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587621.
Jun 25 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87  user=root
Jun 25 03:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Failed password for root from 103.112.173.87 port 60054 ssh2
Jun 25 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Received disconnect from 103.112.173.87 port 60054:11: Bye Bye [preauth]
Jun 25 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Disconnected from 103.112.173.87 port 60054 [preauth]
Jun 25 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29716]: pam_unix(cron:session): session closed for user root
Jun 25 03:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32536]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31696]: pam_unix(cron:session): session closed for user root
Jun 25 03:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Invalid user odoo1 from 187.192.86.153
Jun 25 03:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: input_userauth_request: invalid user odoo1 [preauth]
Jun 25 03:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Failed password for invalid user odoo1 from 187.192.86.153 port 53586 ssh2
Jun 25 03:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Received disconnect from 187.192.86.153 port 53586:11: Bye Bye [preauth]
Jun 25 03:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Disconnected from 187.192.86.153 port 53586 [preauth]
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[692]: Successful su for rubyman by root
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[692]: + ??? root:rubyman
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587627 of user rubyman.
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[692]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587627.
Jun 25 03:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30162]: pam_unix(cron:session): session closed for user root
Jun 25 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: Invalid user droidbot from 103.155.47.102
Jun 25 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: input_userauth_request: invalid user droidbot [preauth]
Jun 25 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: Failed password for invalid user droidbot from 103.155.47.102 port 54690 ssh2
Jun 25 03:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: Received disconnect from 103.155.47.102 port 54690:11: Bye Bye [preauth]
Jun 25 03:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: Disconnected from 103.155.47.102 port 54690 [preauth]
Jun 25 03:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Invalid user oussama from 36.92.41.115
Jun 25 03:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: input_userauth_request: invalid user oussama [preauth]
Jun 25 03:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Failed password for invalid user oussama from 36.92.41.115 port 53003 ssh2
Jun 25 03:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Received disconnect from 36.92.41.115 port 53003:11: Bye Bye [preauth]
Jun 25 03:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Disconnected from 36.92.41.115 port 53003 [preauth]
Jun 25 03:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32122]: pam_unix(cron:session): session closed for user root
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1074]: pam_unix(cron:session): session closed for user root
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1065]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1152]: Successful su for rubyman by root
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1152]: + ??? root:rubyman
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587630 of user rubyman.
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1152]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587630.
Jun 25 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30578]: pam_unix(cron:session): session closed for user root
Jun 25 03:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1067]: pam_unix(cron:session): session closed for user root
Jun 25 03:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1066]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1388]: Failed password for root from 79.125.162.32 port 34848 ssh2
Jun 25 03:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1388]: Received disconnect from 79.125.162.32 port 34848:11: Bye Bye [preauth]
Jun 25 03:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1388]: Disconnected from 79.125.162.32 port 34848 [preauth]
Jun 25 03:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32538]: pam_unix(cron:session): session closed for user root
Jun 25 03:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115  user=root
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1660]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1740]: Successful su for rubyman by root
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1740]: + ??? root:rubyman
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587635 of user rubyman.
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1740]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587635.
Jun 25 03:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Failed password for root from 36.92.41.115 port 52569 ssh2
Jun 25 03:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Received disconnect from 36.92.41.115 port 52569:11: Bye Bye [preauth]
Jun 25 03:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Disconnected from 36.92.41.115 port 52569 [preauth]
Jun 25 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session closed for user root
Jun 25 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session closed for user root
Jun 25 03:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Invalid user sales1 from 187.192.86.153
Jun 25 03:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: input_userauth_request: invalid user sales1 [preauth]
Jun 25 03:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Failed password for invalid user sales1 from 187.192.86.153 port 39364 ssh2
Jun 25 03:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Received disconnect from 187.192.86.153 port 39364:11: Bye Bye [preauth]
Jun 25 03:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Disconnected from 187.192.86.153 port 39364 [preauth]
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2141]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2218]: Successful su for rubyman by root
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2218]: + ??? root:rubyman
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587639 of user rubyman.
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2218]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587639.
Jun 25 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31695]: pam_unix(cron:session): session closed for user root
Jun 25 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2142]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: Invalid user  from 45.156.87.216
Jun 25 03:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: input_userauth_request: invalid user  [preauth]
Jun 25 03:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: Connection closed by 45.156.87.216 port 58518 [preauth]
Jun 25 03:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: Invalid user testing from 103.155.47.102
Jun 25 03:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: input_userauth_request: invalid user testing [preauth]
Jun 25 03:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: Failed password for invalid user testing from 103.155.47.102 port 42114 ssh2
Jun 25 03:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: Received disconnect from 103.155.47.102 port 42114:11: Bye Bye [preauth]
Jun 25 03:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: Disconnected from 103.155.47.102 port 42114 [preauth]
Jun 25 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1069]: pam_unix(cron:session): session closed for user root
Jun 25 03:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Failed password for root from 79.125.162.32 port 51959 ssh2
Jun 25 03:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Received disconnect from 79.125.162.32 port 51959:11: Bye Bye [preauth]
Jun 25 03:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Disconnected from 79.125.162.32 port 51959 [preauth]
Jun 25 03:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Invalid user guest1 from 36.92.41.115
Jun 25 03:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: input_userauth_request: invalid user guest1 [preauth]
Jun 25 03:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Failed password for invalid user guest1 from 36.92.41.115 port 28356 ssh2
Jun 25 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Received disconnect from 36.92.41.115 port 28356:11: Bye Bye [preauth]
Jun 25 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Disconnected from 36.92.41.115 port 28356 [preauth]
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: Successful su for rubyman by root
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: + ??? root:rubyman
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587644 of user rubyman.
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587644.
Jun 25 03:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32121]: pam_unix(cron:session): session closed for user root
Jun 25 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Invalid user deployer from 45.156.87.216
Jun 25 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: input_userauth_request: invalid user deployer [preauth]
Jun 25 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2594]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Failed password for invalid user deployer from 45.156.87.216 port 42352 ssh2
Jun 25 03:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Connection closed by 45.156.87.216 port 42352 [preauth]
Jun 25 03:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: Invalid user student from 45.156.87.216
Jun 25 03:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: input_userauth_request: invalid user student [preauth]
Jun 25 03:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: Failed password for invalid user student from 45.156.87.216 port 43652 ssh2
Jun 25 03:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2851]: Connection closed by 45.156.87.216 port 43652 [preauth]
Jun 25 03:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Invalid user appuser from 45.156.87.216
Jun 25 03:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: input_userauth_request: invalid user appuser [preauth]
Jun 25 03:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Failed password for invalid user appuser from 45.156.87.216 port 43662 ssh2
Jun 25 03:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Connection closed by 45.156.87.216 port 43662 [preauth]
Jun 25 03:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: Invalid user cloud from 45.156.87.216
Jun 25 03:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: input_userauth_request: invalid user cloud [preauth]
Jun 25 03:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: Failed password for invalid user cloud from 45.156.87.216 port 35760 ssh2
Jun 25 03:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: Connection closed by 45.156.87.216 port 35760 [preauth]
Jun 25 03:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Failed password for root from 45.156.87.216 port 35776 ssh2
Jun 25 03:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Connection closed by 45.156.87.216 port 35776 [preauth]
Jun 25 03:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: Failed password for root from 45.156.87.216 port 48662 ssh2
Jun 25 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: Connection closed by 45.156.87.216 port 48662 [preauth]
Jun 25 03:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1664]: pam_unix(cron:session): session closed for user root
Jun 25 03:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: Invalid user pi from 45.156.87.216
Jun 25 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: input_userauth_request: invalid user pi [preauth]
Jun 25 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: Failed password for invalid user pi from 45.156.87.216 port 51696 ssh2
Jun 25 03:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: Connection closed by 45.156.87.216 port 51696 [preauth]
Jun 25 03:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: Invalid user admin123 from 45.156.87.216
Jun 25 03:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: input_userauth_request: invalid user admin123 [preauth]
Jun 25 03:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: Failed password for invalid user admin123 from 45.156.87.216 port 51702 ssh2
Jun 25 03:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: Connection closed by 45.156.87.216 port 51702 [preauth]
Jun 25 03:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Invalid user minecraft from 45.156.87.216
Jun 25 03:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 03:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Failed password for invalid user minecraft from 45.156.87.216 port 47446 ssh2
Jun 25 03:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Connection closed by 45.156.87.216 port 47446 [preauth]
Jun 25 03:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: Failed password for root from 45.156.87.216 port 47460 ssh2
Jun 25 03:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: Connection closed by 45.156.87.216 port 47460 [preauth]
Jun 25 03:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 03:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: Invalid user martin from 45.156.87.216
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: input_userauth_request: invalid user martin [preauth]
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3018]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: Failed password for root from 103.176.20.57 port 34444 ssh2
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3134]: Successful su for rubyman by root
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3134]: + ??? root:rubyman
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587647 of user rubyman.
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3134]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587647.
Jun 25 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: Connection closed by 103.176.20.57 port 34444 [preauth]
Jun 25 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session closed for user root
Jun 25 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: Failed password for invalid user martin from 45.156.87.216 port 52714 ssh2
Jun 25 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: Connection closed by 45.156.87.216 port 52714 [preauth]
Jun 25 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session closed for user root
Jun 25 03:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3019]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: Invalid user elastic from 45.156.87.216
Jun 25 03:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: input_userauth_request: invalid user elastic [preauth]
Jun 25 03:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: Failed password for invalid user elastic from 45.156.87.216 port 45278 ssh2
Jun 25 03:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: Connection closed by 45.156.87.216 port 45278 [preauth]
Jun 25 03:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Failed password for root from 45.156.87.216 port 45288 ssh2
Jun 25 03:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Connection closed by 45.156.87.216 port 45288 [preauth]
Jun 25 03:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: Invalid user grok from 45.156.87.216
Jun 25 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: input_userauth_request: invalid user grok [preauth]
Jun 25 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Invalid user eric from 103.155.47.102
Jun 25 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: input_userauth_request: invalid user eric [preauth]
Jun 25 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Failed password for invalid user eric from 103.155.47.102 port 54620 ssh2
Jun 25 03:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: Failed password for invalid user grok from 45.156.87.216 port 47568 ssh2
Jun 25 03:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: Connection closed by 45.156.87.216 port 47568 [preauth]
Jun 25 03:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Received disconnect from 103.155.47.102 port 54620:11: Bye Bye [preauth]
Jun 25 03:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Disconnected from 103.155.47.102 port 54620 [preauth]
Jun 25 03:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Invalid user airflow from 45.156.87.216
Jun 25 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: input_userauth_request: invalid user airflow [preauth]
Jun 25 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Failed password for invalid user airflow from 45.156.87.216 port 47584 ssh2
Jun 25 03:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Connection closed by 45.156.87.216 port 47584 [preauth]
Jun 25 03:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: Invalid user admin1 from 45.156.87.216
Jun 25 03:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 03:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: Failed password for invalid user admin1 from 45.156.87.216 port 48942 ssh2
Jun 25 03:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: Connection closed by 45.156.87.216 port 48942 [preauth]
Jun 25 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2145]: pam_unix(cron:session): session closed for user root
Jun 25 03:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: Failed password for root from 45.156.87.216 port 48954 ssh2
Jun 25 03:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: Connection closed by 45.156.87.216 port 48954 [preauth]
Jun 25 03:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: Invalid user admin2 from 45.156.87.216
Jun 25 03:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 03:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: Failed password for invalid user admin2 from 45.156.87.216 port 54054 ssh2
Jun 25 03:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: Connection closed by 45.156.87.216 port 54054 [preauth]
Jun 25 03:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Invalid user admin from 45.156.87.216
Jun 25 03:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Failed password for invalid user admin from 45.156.87.216 port 45072 ssh2
Jun 25 03:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Connection closed by 45.156.87.216 port 45072 [preauth]
Jun 25 03:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115  user=root
Jun 25 03:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Failed password for root from 36.92.41.115 port 45636 ssh2
Jun 25 03:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Received disconnect from 36.92.41.115 port 45636:11: Bye Bye [preauth]
Jun 25 03:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Disconnected from 36.92.41.115 port 45636 [preauth]
Jun 25 03:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Invalid user admin from 103.112.173.87
Jun 25 03:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Failed password for root from 45.156.87.216 port 45096 ssh2
Jun 25 03:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Connection closed by 45.156.87.216 port 45096 [preauth]
Jun 25 03:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Failed password for invalid user admin from 103.112.173.87 port 60690 ssh2
Jun 25 03:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Received disconnect from 103.112.173.87 port 60690:11: Bye Bye [preauth]
Jun 25 03:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Disconnected from 103.112.173.87 port 60690 [preauth]
Jun 25 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: Invalid user jack from 45.156.87.216
Jun 25 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: input_userauth_request: invalid user jack [preauth]
Jun 25 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Invalid user harish from 187.192.86.153
Jun 25 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: input_userauth_request: invalid user harish [preauth]
Jun 25 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3538]: pam_unix(cron:session): session closed for user root
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3532]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3604]: Successful su for rubyman by root
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3604]: + ??? root:rubyman
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587652 of user rubyman.
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3604]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587652.
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Failed password for invalid user harish from 187.192.86.153 port 51984 ssh2
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: Failed password for invalid user jack from 45.156.87.216 port 51814 ssh2
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Received disconnect from 187.192.86.153 port 51984:11: Bye Bye [preauth]
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Disconnected from 187.192.86.153 port 51984 [preauth]
Jun 25 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: Connection closed by 45.156.87.216 port 51814 [preauth]
Jun 25 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3534]: pam_unix(cron:session): session closed for user root
Jun 25 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[626]: pam_unix(cron:session): session closed for user root
Jun 25 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Invalid user appuser from 45.156.87.216
Jun 25 03:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: input_userauth_request: invalid user appuser [preauth]
Jun 25 03:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3533]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Failed password for invalid user appuser from 45.156.87.216 port 51850 ssh2
Jun 25 03:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Connection closed by 45.156.87.216 port 51850 [preauth]
Jun 25 03:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: Invalid user sabina from 79.125.162.32
Jun 25 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: input_userauth_request: invalid user sabina [preauth]
Jun 25 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: Invalid user ai from 45.156.87.216
Jun 25 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: input_userauth_request: invalid user ai [preauth]
Jun 25 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: Failed password for invalid user sabina from 79.125.162.32 port 53482 ssh2
Jun 25 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: Failed password for invalid user ai from 45.156.87.216 port 33226 ssh2
Jun 25 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: Received disconnect from 79.125.162.32 port 53482:11: Bye Bye [preauth]
Jun 25 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: Disconnected from 79.125.162.32 port 53482 [preauth]
Jun 25 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: Connection closed by 45.156.87.216 port 33226 [preauth]
Jun 25 03:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: User vncuser from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 03:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 03:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=vncuser
Jun 25 03:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: Failed password for invalid user vncuser from 45.156.87.216 port 53410 ssh2
Jun 25 03:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4037]: Connection closed by 45.156.87.216 port 53410 [preauth]
Jun 25 03:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Failed password for root from 45.156.87.216 port 53420 ssh2
Jun 25 03:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Connection closed by 45.156.87.216 port 53420 [preauth]
Jun 25 03:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: Invalid user parsa from 45.156.87.216
Jun 25 03:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: input_userauth_request: invalid user parsa [preauth]
Jun 25 03:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: Failed password for invalid user parsa from 45.156.87.216 port 39528 ssh2
Jun 25 03:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: Connection closed by 45.156.87.216 port 39528 [preauth]
Jun 25 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2597]: pam_unix(cron:session): session closed for user root
Jun 25 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Invalid user manoj from 45.156.87.216
Jun 25 03:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: input_userauth_request: invalid user manoj [preauth]
Jun 25 03:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Failed password for invalid user manoj from 45.156.87.216 port 39542 ssh2
Jun 25 03:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Connection closed by 45.156.87.216 port 39542 [preauth]
Jun 25 03:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: Invalid user admin from 45.156.87.216
Jun 25 03:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: Failed password for invalid user admin from 45.156.87.216 port 34366 ssh2
Jun 25 03:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: Connection closed by 45.156.87.216 port 34366 [preauth]
Jun 25 03:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Invalid user frappe from 45.156.87.216
Jun 25 03:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: input_userauth_request: invalid user frappe [preauth]
Jun 25 03:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Failed password for invalid user frappe from 45.156.87.216 port 34382 ssh2
Jun 25 03:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Connection closed by 45.156.87.216 port 34382 [preauth]
Jun 25 03:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Failed password for root from 45.156.87.216 port 47922 ssh2
Jun 25 03:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Connection closed by 45.156.87.216 port 47922 [preauth]
Jun 25 03:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Invalid user postgres from 45.156.87.216
Jun 25 03:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: input_userauth_request: invalid user postgres [preauth]
Jun 25 03:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Failed password for invalid user postgres from 45.156.87.216 port 43886 ssh2
Jun 25 03:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Connection closed by 45.156.87.216 port 43886 [preauth]
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4267]: Successful su for rubyman by root
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4267]: + ??? root:rubyman
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587658 of user rubyman.
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4267]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587658.
Jun 25 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: Invalid user ecommerce from 45.156.87.216
Jun 25 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: input_userauth_request: invalid user ecommerce [preauth]
Jun 25 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: Failed password for invalid user ecommerce from 45.156.87.216 port 43902 ssh2
Jun 25 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: Connection closed by 45.156.87.216 port 43902 [preauth]
Jun 25 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1068]: pam_unix(cron:session): session closed for user root
Jun 25 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4189]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: Invalid user git from 45.156.87.216
Jun 25 03:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: input_userauth_request: invalid user git [preauth]
Jun 25 03:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: Failed password for invalid user git from 45.156.87.216 port 45948 ssh2
Jun 25 03:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: Connection closed by 45.156.87.216 port 45948 [preauth]
Jun 25 03:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: Invalid user master from 45.156.87.216
Jun 25 03:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: input_userauth_request: invalid user master [preauth]
Jun 25 03:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: Failed password for invalid user master from 45.156.87.216 port 45962 ssh2
Jun 25 03:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: Connection closed by 45.156.87.216 port 45962 [preauth]
Jun 25 03:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: Invalid user erp from 103.155.47.102
Jun 25 03:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: input_userauth_request: invalid user erp [preauth]
Jun 25 03:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Invalid user ftpuser from 45.156.87.216
Jun 25 03:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 03:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: Failed password for invalid user erp from 103.155.47.102 port 56336 ssh2
Jun 25 03:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: Received disconnect from 103.155.47.102 port 56336:11: Bye Bye [preauth]
Jun 25 03:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: Disconnected from 103.155.47.102 port 56336 [preauth]
Jun 25 03:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Failed password for invalid user ftpuser from 45.156.87.216 port 59864 ssh2
Jun 25 03:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Connection closed by 45.156.87.216 port 59864 [preauth]
Jun 25 03:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Invalid user bob from 45.156.87.216
Jun 25 03:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: input_userauth_request: invalid user bob [preauth]
Jun 25 03:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Failed password for invalid user bob from 45.156.87.216 port 59868 ssh2
Jun 25 03:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Connection closed by 45.156.87.216 port 59868 [preauth]
Jun 25 03:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Invalid user btc from 45.156.87.216
Jun 25 03:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: input_userauth_request: invalid user btc [preauth]
Jun 25 03:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session closed for user root
Jun 25 03:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Failed password for invalid user btc from 45.156.87.216 port 49718 ssh2
Jun 25 03:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Connection closed by 45.156.87.216 port 49718 [preauth]
Jun 25 03:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: Invalid user bot from 45.156.87.216
Jun 25 03:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: input_userauth_request: invalid user bot [preauth]
Jun 25 03:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: Failed password for invalid user bot from 45.156.87.216 port 52752 ssh2
Jun 25 03:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: Connection closed by 45.156.87.216 port 52752 [preauth]
Jun 25 03:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Invalid user andrew from 36.92.41.115
Jun 25 03:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: input_userauth_request: invalid user andrew [preauth]
Jun 25 03:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Failed password for root from 45.156.87.216 port 52758 ssh2
Jun 25 03:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Connection closed by 45.156.87.216 port 52758 [preauth]
Jun 25 03:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Failed password for invalid user andrew from 36.92.41.115 port 30573 ssh2
Jun 25 03:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Received disconnect from 36.92.41.115 port 30573:11: Bye Bye [preauth]
Jun 25 03:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Disconnected from 36.92.41.115 port 30573 [preauth]
Jun 25 03:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: Invalid user claude from 45.156.87.216
Jun 25 03:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: input_userauth_request: invalid user claude [preauth]
Jun 25 03:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: Failed password for invalid user claude from 45.156.87.216 port 43878 ssh2
Jun 25 03:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4600]: Connection closed by 45.156.87.216 port 43878 [preauth]
Jun 25 03:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: Invalid user trinity from 45.156.87.216
Jun 25 03:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: input_userauth_request: invalid user trinity [preauth]
Jun 25 03:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: Failed password for invalid user trinity from 45.156.87.216 port 43882 ssh2
Jun 25 03:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: Connection closed by 45.156.87.216 port 43882 [preauth]
Jun 25 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: Invalid user centreon from 45.156.87.216
Jun 25 03:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: input_userauth_request: invalid user centreon [preauth]
Jun 25 03:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4633]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: Successful su for rubyman by root
Jun 25 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: + ??? root:rubyman
Jun 25 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587663 of user rubyman.
Jun 25 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587663.
Jun 25 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: Failed password for invalid user centreon from 45.156.87.216 port 57924 ssh2
Jun 25 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: Connection closed by 45.156.87.216 port 57924 [preauth]
Jun 25 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1662]: pam_unix(cron:session): session closed for user root
Jun 25 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Invalid user deploy from 45.156.87.216
Jun 25 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4635]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Failed password for invalid user deploy from 45.156.87.216 port 57942 ssh2
Jun 25 03:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Connection closed by 45.156.87.216 port 57942 [preauth]
Jun 25 03:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: Invalid user oracle from 45.156.87.216
Jun 25 03:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: input_userauth_request: invalid user oracle [preauth]
Jun 25 03:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: Failed password for invalid user oracle from 45.156.87.216 port 45826 ssh2
Jun 25 03:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5008]: Connection closed by 45.156.87.216 port 45826 [preauth]
Jun 25 03:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: Failed password for root from 45.156.87.216 port 57086 ssh2
Jun 25 03:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5030]: Connection closed by 45.156.87.216 port 57086 [preauth]
Jun 25 03:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Failed password for root from 45.156.87.216 port 57102 ssh2
Jun 25 03:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Connection closed by 45.156.87.216 port 57102 [preauth]
Jun 25 03:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Invalid user web from 45.156.87.216
Jun 25 03:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: input_userauth_request: invalid user web [preauth]
Jun 25 03:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Failed password for invalid user web from 45.156.87.216 port 40128 ssh2
Jun 25 03:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Connection closed by 45.156.87.216 port 40128 [preauth]
Jun 25 03:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3537]: pam_unix(cron:session): session closed for user root
Jun 25 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5075]: Invalid user nexus from 45.156.87.216
Jun 25 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5075]: input_userauth_request: invalid user nexus [preauth]
Jun 25 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5075]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5075]: Failed password for invalid user nexus from 45.156.87.216 port 40136 ssh2
Jun 25 03:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5075]: Connection closed by 45.156.87.216 port 40136 [preauth]
Jun 25 03:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: Failed password for root from 45.156.87.216 port 42128 ssh2
Jun 25 03:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: Connection closed by 45.156.87.216 port 42128 [preauth]
Jun 25 03:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5104]: Failed password for root from 79.125.162.32 port 42355 ssh2
Jun 25 03:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5104]: Received disconnect from 79.125.162.32 port 42355:11: Bye Bye [preauth]
Jun 25 03:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5104]: Disconnected from 79.125.162.32 port 42355 [preauth]
Jun 25 03:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: Invalid user user from 45.156.87.216
Jun 25 03:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: input_userauth_request: invalid user user [preauth]
Jun 25 03:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: Failed password for invalid user user from 45.156.87.216 port 42142 ssh2
Jun 25 03:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: Connection closed by 45.156.87.216 port 42142 [preauth]
Jun 25 03:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Invalid user deploy from 45.156.87.216
Jun 25 03:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Failed password for invalid user deploy from 45.156.87.216 port 51744 ssh2
Jun 25 03:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Connection closed by 45.156.87.216 port 51744 [preauth]
Jun 25 03:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Invalid user odoo17 from 45.156.87.216
Jun 25 03:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 03:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: Invalid user guest1 from 187.192.86.153
Jun 25 03:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: input_userauth_request: invalid user guest1 [preauth]
Jun 25 03:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Failed password for invalid user odoo17 from 45.156.87.216 port 51748 ssh2
Jun 25 03:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Connection closed by 45.156.87.216 port 51748 [preauth]
Jun 25 03:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: Failed password for invalid user guest1 from 187.192.86.153 port 59408 ssh2
Jun 25 03:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: Received disconnect from 187.192.86.153 port 59408:11: Bye Bye [preauth]
Jun 25 03:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: Disconnected from 187.192.86.153 port 59408 [preauth]
Jun 25 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5167]: User nobody from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5167]: input_userauth_request: invalid user nobody [preauth]
Jun 25 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=nobody
Jun 25 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5172]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5170]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5230]: Successful su for rubyman by root
Jun 25 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5230]: + ??? root:rubyman
Jun 25 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587667 of user rubyman.
Jun 25 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5230]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587667.
Jun 25 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5167]: Failed password for invalid user nobody from 45.156.87.216 port 58392 ssh2
Jun 25 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5167]: Connection closed by 45.156.87.216 port 58392 [preauth]
Jun 25 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2143]: pam_unix(cron:session): session closed for user root
Jun 25 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5413]: Invalid user sftpuser from 45.156.87.216
Jun 25 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5413]: input_userauth_request: invalid user sftpuser [preauth]
Jun 25 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5413]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5171]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5413]: Failed password for invalid user sftpuser from 45.156.87.216 port 58408 ssh2
Jun 25 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5413]: Connection closed by 45.156.87.216 port 58408 [preauth]
Jun 25 03:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: Invalid user data from 45.156.87.216
Jun 25 03:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: input_userauth_request: invalid user data [preauth]
Jun 25 03:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: Failed password for invalid user data from 45.156.87.216 port 41490 ssh2
Jun 25 03:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5439]: Connection closed by 45.156.87.216 port 41490 [preauth]
Jun 25 03:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5442]: Invalid user oussama from 103.112.173.87
Jun 25 03:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5442]: input_userauth_request: invalid user oussama [preauth]
Jun 25 03:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5442]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5442]: Failed password for invalid user oussama from 103.112.173.87 port 41910 ssh2
Jun 25 03:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5442]: Received disconnect from 103.112.173.87 port 41910:11: Bye Bye [preauth]
Jun 25 03:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5442]: Disconnected from 103.112.173.87 port 41910 [preauth]
Jun 25 03:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: Invalid user amir from 45.156.87.216
Jun 25 03:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: input_userauth_request: invalid user amir [preauth]
Jun 25 03:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: Failed password for invalid user amir from 45.156.87.216 port 49732 ssh2
Jun 25 03:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: Connection closed by 45.156.87.216 port 49732 [preauth]
Jun 25 03:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Invalid user app from 45.156.87.216
Jun 25 03:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: input_userauth_request: invalid user app [preauth]
Jun 25 03:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: Failed password for root from 103.155.47.102 port 39112 ssh2
Jun 25 03:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: Received disconnect from 103.155.47.102 port 39112:11: Bye Bye [preauth]
Jun 25 03:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: Disconnected from 103.155.47.102 port 39112 [preauth]
Jun 25 03:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Failed password for invalid user app from 45.156.87.216 port 49740 ssh2
Jun 25 03:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Connection closed by 45.156.87.216 port 49740 [preauth]
Jun 25 03:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Failed password for root from 45.156.87.216 port 36360 ssh2
Jun 25 03:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Connection closed by 45.156.87.216 port 36360 [preauth]
Jun 25 03:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4192]: pam_unix(cron:session): session closed for user root
Jun 25 03:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Invalid user tester from 45.156.87.216
Jun 25 03:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: input_userauth_request: invalid user tester [preauth]
Jun 25 03:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Failed password for invalid user tester from 45.156.87.216 port 36362 ssh2
Jun 25 03:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Connection closed by 45.156.87.216 port 36362 [preauth]
Jun 25 03:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Invalid user marcus from 36.92.41.115
Jun 25 03:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: input_userauth_request: invalid user marcus [preauth]
Jun 25 03:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Failed password for invalid user marcus from 36.92.41.115 port 1606 ssh2
Jun 25 03:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Received disconnect from 36.92.41.115 port 1606:11: Bye Bye [preauth]
Jun 25 03:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Disconnected from 36.92.41.115 port 1606 [preauth]
Jun 25 03:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: Failed password for root from 45.156.87.216 port 56288 ssh2
Jun 25 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: Connection closed by 45.156.87.216 port 56288 [preauth]
Jun 25 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Failed password for root from 45.156.87.216 port 56296 ssh2
Jun 25 03:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Connection closed by 45.156.87.216 port 56296 [preauth]
Jun 25 03:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: Invalid user admin from 45.156.87.216
Jun 25 03:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: Failed password for invalid user admin from 45.156.87.216 port 36844 ssh2
Jun 25 03:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: Connection closed by 45.156.87.216 port 36844 [preauth]
Jun 25 03:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5591]: Failed password for root from 45.156.87.216 port 36852 ssh2
Jun 25 03:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5591]: Connection closed by 45.156.87.216 port 36852 [preauth]
Jun 25 03:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: Invalid user openclaw from 45.156.87.216
Jun 25 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5661]: Successful su for rubyman by root
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5661]: + ??? root:rubyman
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587670 of user rubyman.
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5661]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587670.
Jun 25 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: Failed password for invalid user openclaw from 45.156.87.216 port 50862 ssh2
Jun 25 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: Connection closed by 45.156.87.216 port 50862 [preauth]
Jun 25 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2596]: pam_unix(cron:session): session closed for user root
Jun 25 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Invalid user oscar from 45.156.87.216
Jun 25 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: input_userauth_request: invalid user oscar [preauth]
Jun 25 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5605]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Failed password for invalid user oscar from 45.156.87.216 port 50876 ssh2
Jun 25 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Connection closed by 45.156.87.216 port 50876 [preauth]
Jun 25 03:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5857]: Invalid user deploy from 45.156.87.216
Jun 25 03:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5857]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5857]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5857]: Failed password for invalid user deploy from 45.156.87.216 port 58006 ssh2
Jun 25 03:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5857]: Connection closed by 45.156.87.216 port 58006 [preauth]
Jun 25 03:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Invalid user openclaw from 45.156.87.216
Jun 25 03:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 03:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Failed password for invalid user openclaw from 45.156.87.216 port 58032 ssh2
Jun 25 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Connection closed by 45.156.87.216 port 58032 [preauth]
Jun 25 03:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: Failed password for root from 45.156.87.216 port 51542 ssh2
Jun 25 03:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: Connection closed by 45.156.87.216 port 51542 [preauth]
Jun 25 03:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: Invalid user tester from 45.156.87.216
Jun 25 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: input_userauth_request: invalid user tester [preauth]
Jun 25 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: Failed password for invalid user tester from 45.156.87.216 port 51544 ssh2
Jun 25 03:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: Connection closed by 45.156.87.216 port 51544 [preauth]
Jun 25 03:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: Invalid user user1 from 45.156.87.216
Jun 25 03:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: input_userauth_request: invalid user user1 [preauth]
Jun 25 03:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4637]: pam_unix(cron:session): session closed for user root
Jun 25 03:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: Failed password for invalid user user1 from 45.156.87.216 port 33192 ssh2
Jun 25 03:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: Connection closed by 45.156.87.216 port 33192 [preauth]
Jun 25 03:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: Invalid user alex from 45.156.87.216
Jun 25 03:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: input_userauth_request: invalid user alex [preauth]
Jun 25 03:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: Failed password for invalid user alex from 45.156.87.216 port 49930 ssh2
Jun 25 03:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: Connection closed by 45.156.87.216 port 49930 [preauth]
Jun 25 03:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Invalid user lin from 45.156.87.216
Jun 25 03:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: input_userauth_request: invalid user lin [preauth]
Jun 25 03:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Failed password for invalid user lin from 45.156.87.216 port 49936 ssh2
Jun 25 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Connection closed by 45.156.87.216 port 49936 [preauth]
Jun 25 03:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Invalid user system from 45.156.87.216
Jun 25 03:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: input_userauth_request: invalid user system [preauth]
Jun 25 03:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Failed password for invalid user system from 45.156.87.216 port 41410 ssh2
Jun 25 03:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Connection closed by 45.156.87.216 port 41410 [preauth]
Jun 25 03:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Invalid user devuser from 45.156.87.216
Jun 25 03:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: input_userauth_request: invalid user devuser [preauth]
Jun 25 03:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Failed password for invalid user devuser from 45.156.87.216 port 41420 ssh2
Jun 25 03:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Connection closed by 45.156.87.216 port 41420 [preauth]
Jun 25 03:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: Invalid user debian from 45.156.87.216
Jun 25 03:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: input_userauth_request: invalid user debian [preauth]
Jun 25 03:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session closed for user root
Jun 25 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6088]: Successful su for rubyman by root
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6088]: + ??? root:rubyman
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587674 of user rubyman.
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6088]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587674.
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: Failed password for invalid user debian from 45.156.87.216 port 41402 ssh2
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Invalid user minecraft from 141.98.83.240
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6009]: Connection closed by 45.156.87.216 port 41402 [preauth]
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: Failed password for root from 79.125.162.32 port 39800 ssh2
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: Received disconnect from 79.125.162.32 port 39800:11: Bye Bye [preauth]
Jun 25 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: Disconnected from 79.125.162.32 port 39800 [preauth]
Jun 25 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Invalid user nurul from 217.76.154.242
Jun 25 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: input_userauth_request: invalid user nurul [preauth]
Jun 25 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6025]: pam_unix(cron:session): session closed for user root
Jun 25 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 25 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Failed password for invalid user minecraft from 141.98.83.240 port 61694 ssh2
Jun 25 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3022]: pam_unix(cron:session): session closed for user root
Jun 25 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: Invalid user openclaw from 45.156.87.216
Jun 25 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Failed password for invalid user nurul from 217.76.154.242 port 33802 ssh2
Jun 25 03:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Connection closed by 217.76.154.242 port 33802 [preauth]
Jun 25 03:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Failed password for invalid user minecraft from 141.98.83.240 port 61694 ssh2
Jun 25 03:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: Failed password for invalid user openclaw from 45.156.87.216 port 41410 ssh2
Jun 25 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: Connection closed by 45.156.87.216 port 41410 [preauth]
Jun 25 03:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Failed password for invalid user minecraft from 141.98.83.240 port 61694 ssh2
Jun 25 03:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Connection closed by 141.98.83.240 port 61694 [preauth]
Jun 25 03:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 03:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Invalid user csgo from 45.156.87.216
Jun 25 03:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: input_userauth_request: invalid user csgo [preauth]
Jun 25 03:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Failed password for invalid user csgo from 45.156.87.216 port 56744 ssh2
Jun 25 03:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Connection closed by 45.156.87.216 port 56744 [preauth]
Jun 25 03:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Invalid user odoo from 45.156.87.216
Jun 25 03:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: input_userauth_request: invalid user odoo [preauth]
Jun 25 03:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Failed password for invalid user odoo from 45.156.87.216 port 32836 ssh2
Jun 25 03:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Connection closed by 45.156.87.216 port 32836 [preauth]
Jun 25 03:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Invalid user nvidia from 45.156.87.216
Jun 25 03:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: input_userauth_request: invalid user nvidia [preauth]
Jun 25 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Invalid user wjx from 103.155.47.102
Jun 25 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: input_userauth_request: invalid user wjx [preauth]
Jun 25 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115  user=root
Jun 25 03:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Failed password for invalid user wjx from 103.155.47.102 port 37476 ssh2
Jun 25 03:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Failed password for invalid user nvidia from 45.156.87.216 port 32846 ssh2
Jun 25 03:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Received disconnect from 103.155.47.102 port 37476:11: Bye Bye [preauth]
Jun 25 03:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Disconnected from 103.155.47.102 port 37476 [preauth]
Jun 25 03:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Connection closed by 45.156.87.216 port 32846 [preauth]
Jun 25 03:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Failed password for root from 36.92.41.115 port 62223 ssh2
Jun 25 03:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Received disconnect from 36.92.41.115 port 62223:11: Bye Bye [preauth]
Jun 25 03:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Disconnected from 36.92.41.115 port 62223 [preauth]
Jun 25 03:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6368]: Failed password for root from 45.156.87.216 port 43488 ssh2
Jun 25 03:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6368]: Connection closed by 45.156.87.216 port 43488 [preauth]
Jun 25 03:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: Invalid user admin from 45.156.87.216
Jun 25 03:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5173]: pam_unix(cron:session): session closed for user root
Jun 25 03:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: Failed password for invalid user admin from 45.156.87.216 port 43492 ssh2
Jun 25 03:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: Connection closed by 45.156.87.216 port 43492 [preauth]
Jun 25 03:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: Invalid user deploy from 45.156.87.216
Jun 25 03:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: Failed password for invalid user deploy from 45.156.87.216 port 39658 ssh2
Jun 25 03:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: Connection closed by 45.156.87.216 port 39658 [preauth]
Jun 25 03:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Invalid user docker from 45.156.87.216
Jun 25 03:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: input_userauth_request: invalid user docker [preauth]
Jun 25 03:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Failed password for invalid user docker from 45.156.87.216 port 39706 ssh2
Jun 25 03:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Connection closed by 45.156.87.216 port 39706 [preauth]
Jun 25 03:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Failed password for root from 45.156.87.216 port 45878 ssh2
Jun 25 03:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Connection closed by 45.156.87.216 port 45878 [preauth]
Jun 25 03:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: Invalid user devops from 45.156.87.216
Jun 25 03:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: input_userauth_request: invalid user devops [preauth]
Jun 25 03:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: Failed password for invalid user devops from 45.156.87.216 port 45886 ssh2
Jun 25 03:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: Connection closed by 45.156.87.216 port 45886 [preauth]
Jun 25 03:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 25 03:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: Invalid user fastuser from 45.156.87.216
Jun 25 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: Failed password for root from 187.192.86.153 port 38494 ssh2
Jun 25 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: Received disconnect from 187.192.86.153 port 38494:11: Bye Bye [preauth]
Jun 25 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: Disconnected from 187.192.86.153 port 38494 [preauth]
Jun 25 03:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: Failed password for invalid user fastuser from 45.156.87.216 port 49296 ssh2
Jun 25 03:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: Connection closed by 45.156.87.216 port 49296 [preauth]
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6478]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6545]: Successful su for rubyman by root
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6545]: + ??? root:rubyman
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587681 of user rubyman.
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6545]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587681.
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6474]: Invalid user master from 45.156.87.216
Jun 25 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6474]: input_userauth_request: invalid user master [preauth]
Jun 25 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6474]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6474]: Failed password for invalid user master from 45.156.87.216 port 49308 ssh2
Jun 25 03:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6474]: Connection closed by 45.156.87.216 port 49308 [preauth]
Jun 25 03:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3535]: pam_unix(cron:session): session closed for user root
Jun 25 03:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6479]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Invalid user ts from 45.156.87.216
Jun 25 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: input_userauth_request: invalid user ts [preauth]
Jun 25 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Failed password for invalid user ts from 45.156.87.216 port 49326 ssh2
Jun 25 03:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Connection closed by 45.156.87.216 port 49326 [preauth]
Jun 25 03:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 03:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Failed password for root from 87.251.79.125 port 52100 ssh2
Jun 25 03:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Connection closed by 87.251.79.125 port 52100 [preauth]
Jun 25 03:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: Failed password for root from 45.156.87.216 port 52164 ssh2
Jun 25 03:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: Connection closed by 45.156.87.216 port 52164 [preauth]
Jun 25 03:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: Invalid user omm from 45.156.87.216
Jun 25 03:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: input_userauth_request: invalid user omm [preauth]
Jun 25 03:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: Failed password for invalid user omm from 45.156.87.216 port 52176 ssh2
Jun 25 03:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: Connection closed by 45.156.87.216 port 52176 [preauth]
Jun 25 03:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Invalid user claude from 45.156.87.216
Jun 25 03:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: input_userauth_request: invalid user claude [preauth]
Jun 25 03:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Failed password for invalid user claude from 45.156.87.216 port 49124 ssh2
Jun 25 03:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Connection closed by 45.156.87.216 port 49124 [preauth]
Jun 25 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Invalid user wizard from 45.156.87.216
Jun 25 03:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: input_userauth_request: invalid user wizard [preauth]
Jun 25 03:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Failed password for invalid user wizard from 45.156.87.216 port 49130 ssh2
Jun 25 03:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Connection closed by 45.156.87.216 port 49130 [preauth]
Jun 25 03:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Invalid user frappe from 45.156.87.216
Jun 25 03:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: input_userauth_request: invalid user frappe [preauth]
Jun 25 03:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Failed password for invalid user frappe from 45.156.87.216 port 34466 ssh2
Jun 25 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Connection closed by 45.156.87.216 port 34466 [preauth]
Jun 25 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5607]: pam_unix(cron:session): session closed for user root
Jun 25 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: Invalid user test from 45.156.87.216
Jun 25 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: input_userauth_request: invalid user test [preauth]
Jun 25 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Invalid user git from 103.112.173.87
Jun 25 03:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: input_userauth_request: invalid user git [preauth]
Jun 25 03:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: Failed password for invalid user test from 45.156.87.216 port 34486 ssh2
Jun 25 03:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6845]: Connection closed by 45.156.87.216 port 34486 [preauth]
Jun 25 03:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Failed password for invalid user git from 103.112.173.87 port 49782 ssh2
Jun 25 03:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Received disconnect from 103.112.173.87 port 49782:11: Bye Bye [preauth]
Jun 25 03:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Disconnected from 103.112.173.87 port 49782 [preauth]
Jun 25 03:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Invalid user testuser from 45.156.87.216
Jun 25 03:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: input_userauth_request: invalid user testuser [preauth]
Jun 25 03:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Failed password for invalid user testuser from 45.156.87.216 port 51582 ssh2
Jun 25 03:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Connection closed by 45.156.87.216 port 51582 [preauth]
Jun 25 03:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Invalid user git from 45.156.87.216
Jun 25 03:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: input_userauth_request: invalid user git [preauth]
Jun 25 03:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Failed password for invalid user git from 45.156.87.216 port 51598 ssh2
Jun 25 03:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Connection closed by 45.156.87.216 port 51598 [preauth]
Jun 25 03:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: Invalid user system from 45.156.87.216
Jun 25 03:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: input_userauth_request: invalid user system [preauth]
Jun 25 03:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: Failed password for invalid user system from 45.156.87.216 port 40138 ssh2
Jun 25 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: Connection closed by 45.156.87.216 port 40138 [preauth]
Jun 25 03:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: Failed password for invalid user ubuntu from 45.156.87.216 port 40146 ssh2
Jun 25 03:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: Connection closed by 45.156.87.216 port 40146 [preauth]
Jun 25 03:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Invalid user guest from 45.156.87.216
Jun 25 03:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: input_userauth_request: invalid user guest [preauth]
Jun 25 03:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6929]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6923]: pam_unix(cron:session): session closed for user root
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6925]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Failed password for invalid user guest from 45.156.87.216 port 44564 ssh2
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7022]: Successful su for rubyman by root
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7022]: + ??? root:rubyman
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587684 of user rubyman.
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7022]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587684.
Jun 25 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Connection closed by 45.156.87.216 port 44564 [preauth]
Jun 25 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4190]: pam_unix(cron:session): session closed for user root
Jun 25 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6926]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Failed password for root from 45.156.87.216 port 44568 ssh2
Jun 25 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Connection closed by 45.156.87.216 port 44568 [preauth]
Jun 25 03:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115  user=root
Jun 25 03:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Failed password for root from 45.156.87.216 port 36588 ssh2
Jun 25 03:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Connection closed by 45.156.87.216 port 36588 [preauth]
Jun 25 03:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: Failed password for root from 36.92.41.115 port 6946 ssh2
Jun 25 03:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: Received disconnect from 36.92.41.115 port 6946:11: Bye Bye [preauth]
Jun 25 03:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: Disconnected from 36.92.41.115 port 6946 [preauth]
Jun 25 03:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Invalid user sysupdate from 45.156.87.216
Jun 25 03:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: input_userauth_request: invalid user sysupdate [preauth]
Jun 25 03:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Failed password for invalid user sysupdate from 45.156.87.216 port 36598 ssh2
Jun 25 03:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Connection closed by 45.156.87.216 port 36598 [preauth]
Jun 25 03:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Invalid user ghost from 45.156.87.216
Jun 25 03:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: input_userauth_request: invalid user ghost [preauth]
Jun 25 03:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Invalid user dinesh from 79.125.162.32
Jun 25 03:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: input_userauth_request: invalid user dinesh [preauth]
Jun 25 03:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Failed password for invalid user ghost from 45.156.87.216 port 51404 ssh2
Jun 25 03:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Connection closed by 45.156.87.216 port 51404 [preauth]
Jun 25 03:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Failed password for invalid user dinesh from 79.125.162.32 port 56916 ssh2
Jun 25 03:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Received disconnect from 79.125.162.32 port 56916:11: Bye Bye [preauth]
Jun 25 03:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Disconnected from 79.125.162.32 port 56916 [preauth]
Jun 25 03:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Failed password for root from 103.155.47.102 port 43350 ssh2
Jun 25 03:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Failed password for root from 45.156.87.216 port 51416 ssh2
Jun 25 03:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Received disconnect from 103.155.47.102 port 43350:11: Bye Bye [preauth]
Jun 25 03:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Disconnected from 103.155.47.102 port 43350 [preauth]
Jun 25 03:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Connection closed by 45.156.87.216 port 51416 [preauth]
Jun 25 03:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: Invalid user appuser from 45.156.87.216
Jun 25 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: input_userauth_request: invalid user appuser [preauth]
Jun 25 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: Failed password for invalid user appuser from 45.156.87.216 port 43986 ssh2
Jun 25 03:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7348]: Connection closed by 45.156.87.216 port 43986 [preauth]
Jun 25 03:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6027]: pam_unix(cron:session): session closed for user root
Jun 25 03:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7361]: Invalid user alex from 45.156.87.216
Jun 25 03:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7361]: input_userauth_request: invalid user alex [preauth]
Jun 25 03:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7361]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7361]: Failed password for invalid user alex from 45.156.87.216 port 43996 ssh2
Jun 25 03:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7361]: Connection closed by 45.156.87.216 port 43996 [preauth]
Jun 25 03:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Invalid user hadoop from 45.156.87.216
Jun 25 03:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 03:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Failed password for invalid user hadoop from 45.156.87.216 port 32834 ssh2
Jun 25 03:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Connection closed by 45.156.87.216 port 32834 [preauth]
Jun 25 03:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Failed password for root from 45.156.87.216 port 32846 ssh2
Jun 25 03:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Connection closed by 45.156.87.216 port 32846 [preauth]
Jun 25 03:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: Failed password for root from 45.156.87.216 port 37690 ssh2
Jun 25 03:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: Connection closed by 45.156.87.216 port 37690 [preauth]
Jun 25 03:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Invalid user zabbix from 45.156.87.216
Jun 25 03:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: input_userauth_request: invalid user zabbix [preauth]
Jun 25 03:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Failed password for invalid user zabbix from 45.156.87.216 port 37706 ssh2
Jun 25 03:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Connection closed by 45.156.87.216 port 37706 [preauth]
Jun 25 03:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: Invalid user sam from 45.156.87.216
Jun 25 03:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: input_userauth_request: invalid user sam [preauth]
Jun 25 03:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: Failed password for invalid user sam from 45.156.87.216 port 49878 ssh2
Jun 25 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: Connection closed by 45.156.87.216 port 49878 [preauth]
Jun 25 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7459]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7518]: Successful su for rubyman by root
Jun 25 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7518]: + ??? root:rubyman
Jun 25 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587689 of user rubyman.
Jun 25 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7518]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587689.
Jun 25 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7592]: Invalid user frappe from 45.156.87.216
Jun 25 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7592]: input_userauth_request: invalid user frappe [preauth]
Jun 25 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7592]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4636]: pam_unix(cron:session): session closed for user root
Jun 25 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7592]: Failed password for invalid user frappe from 45.156.87.216 port 49892 ssh2
Jun 25 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7460]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7592]: Connection closed by 45.156.87.216 port 49892 [preauth]
Jun 25 03:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: Invalid user newuser from 45.156.87.216
Jun 25 03:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: input_userauth_request: invalid user newuser [preauth]
Jun 25 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: Failed password for invalid user newuser from 45.156.87.216 port 50972 ssh2
Jun 25 03:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7806]: Connection closed by 45.156.87.216 port 50972 [preauth]
Jun 25 03:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Invalid user user from 45.156.87.216
Jun 25 03:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: input_userauth_request: invalid user user [preauth]
Jun 25 03:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Failed password for invalid user user from 45.156.87.216 port 50974 ssh2
Jun 25 03:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Connection closed by 45.156.87.216 port 50974 [preauth]
Jun 25 03:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: Invalid user deployer from 45.156.87.216
Jun 25 03:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: input_userauth_request: invalid user deployer [preauth]
Jun 25 03:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: Failed password for invalid user deployer from 45.156.87.216 port 47436 ssh2
Jun 25 03:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: Connection closed by 45.156.87.216 port 47436 [preauth]
Jun 25 03:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Invalid user home from 45.156.87.216
Jun 25 03:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: input_userauth_request: invalid user home [preauth]
Jun 25 03:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Failed password for invalid user home from 45.156.87.216 port 47450 ssh2
Jun 25 03:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Connection closed by 45.156.87.216 port 47450 [preauth]
Jun 25 03:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Invalid user user1 from 45.156.87.216
Jun 25 03:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: input_userauth_request: invalid user user1 [preauth]
Jun 25 03:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Failed password for invalid user user1 from 45.156.87.216 port 44642 ssh2
Jun 25 03:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Connection closed by 45.156.87.216 port 44642 [preauth]
Jun 25 03:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6481]: pam_unix(cron:session): session closed for user root
Jun 25 03:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Failed password for root from 45.156.87.216 port 44650 ssh2
Jun 25 03:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Connection closed by 45.156.87.216 port 44650 [preauth]
Jun 25 03:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: Invalid user teamspeak from 45.156.87.216
Jun 25 03:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 03:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: Failed password for invalid user teamspeak from 45.156.87.216 port 54794 ssh2
Jun 25 03:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7910]: Connection closed by 45.156.87.216 port 54794 [preauth]
Jun 25 03:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7932]: Invalid user username from 45.156.87.216
Jun 25 03:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7932]: input_userauth_request: invalid user username [preauth]
Jun 25 03:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7932]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7932]: Failed password for invalid user username from 45.156.87.216 port 54798 ssh2
Jun 25 03:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7932]: Connection closed by 45.156.87.216 port 54798 [preauth]
Jun 25 03:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Invalid user test from 45.156.87.216
Jun 25 03:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: input_userauth_request: invalid user test [preauth]
Jun 25 03:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Failed password for invalid user test from 45.156.87.216 port 57502 ssh2
Jun 25 03:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Connection closed by 45.156.87.216 port 57502 [preauth]
Jun 25 03:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Invalid user dockeruser from 187.192.86.153
Jun 25 03:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: input_userauth_request: invalid user dockeruser [preauth]
Jun 25 03:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Failed password for invalid user ubuntu from 45.156.87.216 port 57504 ssh2
Jun 25 03:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Connection closed by 45.156.87.216 port 57504 [preauth]
Jun 25 03:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115  user=root
Jun 25 03:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Failed password for invalid user dockeruser from 187.192.86.153 port 46784 ssh2
Jun 25 03:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Received disconnect from 187.192.86.153 port 46784:11: Bye Bye [preauth]
Jun 25 03:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Disconnected from 187.192.86.153 port 46784 [preauth]
Jun 25 03:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Failed password for root from 36.92.41.115 port 27094 ssh2
Jun 25 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Invalid user labuser from 45.156.87.216
Jun 25 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: input_userauth_request: invalid user labuser [preauth]
Jun 25 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Received disconnect from 36.92.41.115 port 27094:11: Bye Bye [preauth]
Jun 25 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Disconnected from 36.92.41.115 port 27094 [preauth]
Jun 25 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7969]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8031]: Successful su for rubyman by root
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8031]: + ??? root:rubyman
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587694 of user rubyman.
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8031]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587694.
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Failed password for invalid user labuser from 45.156.87.216 port 52820 ssh2
Jun 25 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Connection closed by 45.156.87.216 port 52820 [preauth]
Jun 25 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8176]: Invalid user webuser from 45.156.87.216
Jun 25 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8176]: input_userauth_request: invalid user webuser [preauth]
Jun 25 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8176]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5172]: pam_unix(cron:session): session closed for user root
Jun 25 03:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8176]: Failed password for invalid user webuser from 45.156.87.216 port 52826 ssh2
Jun 25 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8176]: Connection closed by 45.156.87.216 port 52826 [preauth]
Jun 25 03:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: Failed password for root from 45.156.87.216 port 51736 ssh2
Jun 25 03:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: Connection closed by 45.156.87.216 port 51736 [preauth]
Jun 25 03:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8240]: Invalid user hadoop from 45.156.87.216
Jun 25 03:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8240]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 03:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8240]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8240]: Failed password for invalid user hadoop from 45.156.87.216 port 51740 ssh2
Jun 25 03:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8240]: Connection closed by 45.156.87.216 port 51740 [preauth]
Jun 25 03:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8250]: Invalid user user from 45.156.87.216
Jun 25 03:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8250]: input_userauth_request: invalid user user [preauth]
Jun 25 03:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8250]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8250]: Failed password for invalid user user from 45.156.87.216 port 49464 ssh2
Jun 25 03:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8250]: Connection closed by 45.156.87.216 port 49464 [preauth]
Jun 25 03:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Invalid user student from 45.156.87.216
Jun 25 03:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: input_userauth_request: invalid user student [preauth]
Jun 25 03:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for invalid user student from 45.156.87.216 port 49478 ssh2
Jun 25 03:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Connection closed by 45.156.87.216 port 49478 [preauth]
Jun 25 03:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: Invalid user user from 45.156.87.216
Jun 25 03:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: input_userauth_request: invalid user user [preauth]
Jun 25 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: Invalid user pb from 103.155.47.102
Jun 25 03:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: input_userauth_request: invalid user pb [preauth]
Jun 25 03:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: Failed password for invalid user user from 45.156.87.216 port 44132 ssh2
Jun 25 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: Connection closed by 45.156.87.216 port 44132 [preauth]
Jun 25 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6929]: pam_unix(cron:session): session closed for user root
Jun 25 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: Failed password for invalid user pb from 103.155.47.102 port 44114 ssh2
Jun 25 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: Received disconnect from 103.155.47.102 port 44114:11: Bye Bye [preauth]
Jun 25 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: Disconnected from 103.155.47.102 port 44114 [preauth]
Jun 25 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Invalid user splunk from 45.156.87.216
Jun 25 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: input_userauth_request: invalid user splunk [preauth]
Jun 25 03:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Failed password for invalid user splunk from 45.156.87.216 port 44138 ssh2
Jun 25 03:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Connection closed by 45.156.87.216 port 44138 [preauth]
Jun 25 03:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Invalid user teamspeak from 45.156.87.216
Jun 25 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Failed password for invalid user teamspeak from 45.156.87.216 port 57042 ssh2
Jun 25 03:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Connection closed by 45.156.87.216 port 57042 [preauth]
Jun 25 03:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: Invalid user admin1 from 45.156.87.216
Jun 25 03:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 03:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: Failed password for invalid user admin1 from 45.156.87.216 port 57052 ssh2
Jun 25 03:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: Connection closed by 45.156.87.216 port 57052 [preauth]
Jun 25 03:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: Failed password for root from 45.156.87.216 port 56538 ssh2
Jun 25 03:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: Connection closed by 45.156.87.216 port 56538 [preauth]
Jun 25 03:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Invalid user user from 45.156.87.216
Jun 25 03:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: input_userauth_request: invalid user user [preauth]
Jun 25 03:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Failed password for invalid user user from 45.156.87.216 port 34268 ssh2
Jun 25 03:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Connection closed by 45.156.87.216 port 34268 [preauth]
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8390]: pam_unix(cron:session): session closed for user root
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8383]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8456]: Successful su for rubyman by root
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8456]: + ??? root:rubyman
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587701 of user rubyman.
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8456]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587701.
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Invalid user comercial from 103.112.173.87
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: input_userauth_request: invalid user comercial [preauth]
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Failed password for invalid user comercial from 103.112.173.87 port 36692 ssh2
Jun 25 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Received disconnect from 103.112.173.87 port 36692:11: Bye Bye [preauth]
Jun 25 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Disconnected from 103.112.173.87 port 36692 [preauth]
Jun 25 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8385]: pam_unix(cron:session): session closed for user root
Jun 25 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5606]: pam_unix(cron:session): session closed for user root
Jun 25 03:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Failed password for invalid user ubuntu from 45.156.87.216 port 34276 ssh2
Jun 25 03:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Connection closed by 45.156.87.216 port 34276 [preauth]
Jun 25 03:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8384]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Invalid user sam from 45.156.87.216
Jun 25 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: input_userauth_request: invalid user sam [preauth]
Jun 25 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Failed password for invalid user sam from 45.156.87.216 port 57748 ssh2
Jun 25 03:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Connection closed by 45.156.87.216 port 57748 [preauth]
Jun 25 03:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: Invalid user tactical from 45.156.87.216
Jun 25 03:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: input_userauth_request: invalid user tactical [preauth]
Jun 25 03:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: Failed password for invalid user tactical from 45.156.87.216 port 57750 ssh2
Jun 25 03:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: Connection closed by 45.156.87.216 port 57750 [preauth]
Jun 25 03:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Invalid user es1 from 79.125.162.32
Jun 25 03:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: input_userauth_request: invalid user es1 [preauth]
Jun 25 03:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Failed password for invalid user es1 from 79.125.162.32 port 56672 ssh2
Jun 25 03:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Received disconnect from 79.125.162.32 port 56672:11: Bye Bye [preauth]
Jun 25 03:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Disconnected from 79.125.162.32 port 56672 [preauth]
Jun 25 03:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Invalid user dev from 45.156.87.216
Jun 25 03:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: input_userauth_request: invalid user dev [preauth]
Jun 25 03:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Failed password for invalid user dev from 45.156.87.216 port 57166 ssh2
Jun 25 03:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Connection closed by 45.156.87.216 port 57166 [preauth]
Jun 25 03:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Failed password for root from 45.156.87.216 port 57174 ssh2
Jun 25 03:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Connection closed by 45.156.87.216 port 57174 [preauth]
Jun 25 03:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Invalid user ts3 from 45.156.87.216
Jun 25 03:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 03:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Failed password for invalid user ts3 from 45.156.87.216 port 48868 ssh2
Jun 25 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Connection closed by 45.156.87.216 port 48868 [preauth]
Jun 25 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session closed for user root
Jun 25 03:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8777]: Failed password for root from 45.156.87.216 port 48882 ssh2
Jun 25 03:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8777]: Connection closed by 45.156.87.216 port 48882 [preauth]
Jun 25 03:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: Invalid user pi from 45.156.87.216
Jun 25 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: input_userauth_request: invalid user pi [preauth]
Jun 25 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: Failed password for invalid user pi from 45.156.87.216 port 54376 ssh2
Jun 25 03:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: Connection closed by 45.156.87.216 port 54376 [preauth]
Jun 25 03:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115  user=root
Jun 25 03:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: Invalid user username from 45.156.87.216
Jun 25 03:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: input_userauth_request: invalid user username [preauth]
Jun 25 03:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Failed password for root from 36.92.41.115 port 16482 ssh2
Jun 25 03:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Received disconnect from 36.92.41.115 port 16482:11: Bye Bye [preauth]
Jun 25 03:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Disconnected from 36.92.41.115 port 16482 [preauth]
Jun 25 03:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: Failed password for invalid user username from 45.156.87.216 port 60978 ssh2
Jun 25 03:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8814]: Connection closed by 45.156.87.216 port 60978 [preauth]
Jun 25 03:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Invalid user labuser from 45.156.87.216
Jun 25 03:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: input_userauth_request: invalid user labuser [preauth]
Jun 25 03:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Failed password for invalid user labuser from 45.156.87.216 port 60988 ssh2
Jun 25 03:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Connection closed by 45.156.87.216 port 60988 [preauth]
Jun 25 03:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: Invalid user admin123 from 45.156.87.216
Jun 25 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: input_userauth_request: invalid user admin123 [preauth]
Jun 25 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: Failed password for invalid user admin123 from 45.156.87.216 port 51256 ssh2
Jun 25 03:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8838]: Connection closed by 45.156.87.216 port 51256 [preauth]
Jun 25 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8849]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8917]: Successful su for rubyman by root
Jun 25 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8917]: + ??? root:rubyman
Jun 25 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587704 of user rubyman.
Jun 25 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8917]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587704.
Jun 25 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Invalid user bot from 45.156.87.216
Jun 25 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: input_userauth_request: invalid user bot [preauth]
Jun 25 03:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Failed password for invalid user bot from 45.156.87.216 port 51264 ssh2
Jun 25 03:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Connection closed by 45.156.87.216 port 51264 [preauth]
Jun 25 03:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6026]: pam_unix(cron:session): session closed for user root
Jun 25 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8850]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: Failed password for root from 45.156.87.216 port 44012 ssh2
Jun 25 03:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: Connection closed by 45.156.87.216 port 44012 [preauth]
Jun 25 03:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Invalid user admin from 45.156.87.216
Jun 25 03:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Failed password for invalid user admin from 45.156.87.216 port 44028 ssh2
Jun 25 03:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Connection closed by 45.156.87.216 port 44028 [preauth]
Jun 25 03:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: Invalid user tomcat from 45.156.87.216
Jun 25 03:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: input_userauth_request: invalid user tomcat [preauth]
Jun 25 03:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: Failed password for invalid user tomcat from 45.156.87.216 port 56518 ssh2
Jun 25 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9139]: Connection closed by 45.156.87.216 port 56518 [preauth]
Jun 25 03:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Invalid user aiuser from 45.156.87.216
Jun 25 03:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: input_userauth_request: invalid user aiuser [preauth]
Jun 25 03:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Failed password for invalid user aiuser from 45.156.87.216 port 56528 ssh2
Jun 25 03:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Connection closed by 45.156.87.216 port 56528 [preauth]
Jun 25 03:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Invalid user webuser from 45.156.87.216
Jun 25 03:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: input_userauth_request: invalid user webuser [preauth]
Jun 25 03:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7972]: pam_unix(cron:session): session closed for user root
Jun 25 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Failed password for invalid user webuser from 45.156.87.216 port 53380 ssh2
Jun 25 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Connection closed by 45.156.87.216 port 53380 [preauth]
Jun 25 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: Invalid user rich from 103.155.47.102
Jun 25 03:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: input_userauth_request: invalid user rich [preauth]
Jun 25 03:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: Failed password for invalid user rich from 103.155.47.102 port 54138 ssh2
Jun 25 03:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: Received disconnect from 103.155.47.102 port 54138:11: Bye Bye [preauth]
Jun 25 03:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9194]: Disconnected from 103.155.47.102 port 54138 [preauth]
Jun 25 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: Invalid user admin from 45.156.87.216
Jun 25 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: Failed password for invalid user admin from 45.156.87.216 port 60632 ssh2
Jun 25 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: Connection closed by 45.156.87.216 port 60632 [preauth]
Jun 25 03:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: Invalid user steam from 45.156.87.216
Jun 25 03:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: input_userauth_request: invalid user steam [preauth]
Jun 25 03:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: Failed password for invalid user steam from 45.156.87.216 port 60642 ssh2
Jun 25 03:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: Connection closed by 45.156.87.216 port 60642 [preauth]
Jun 25 03:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: Invalid user postgres from 45.156.87.216
Jun 25 03:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: input_userauth_request: invalid user postgres [preauth]
Jun 25 03:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: Failed password for invalid user postgres from 45.156.87.216 port 54102 ssh2
Jun 25 03:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9241]: Connection closed by 45.156.87.216 port 54102 [preauth]
Jun 25 03:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: Invalid user deployer from 45.156.87.216
Jun 25 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: input_userauth_request: invalid user deployer [preauth]
Jun 25 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: Failed password for invalid user deployer from 45.156.87.216 port 54124 ssh2
Jun 25 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9251]: Connection closed by 45.156.87.216 port 54124 [preauth]
Jun 25 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: Invalid user user2 from 45.156.87.216
Jun 25 03:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: input_userauth_request: invalid user user2 [preauth]
Jun 25 03:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9275]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9338]: Successful su for rubyman by root
Jun 25 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9338]: + ??? root:rubyman
Jun 25 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587707 of user rubyman.
Jun 25 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9338]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587707.
Jun 25 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: Failed password for invalid user user2 from 45.156.87.216 port 45300 ssh2
Jun 25 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9272]: Connection closed by 45.156.87.216 port 45300 [preauth]
Jun 25 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Invalid user comercial from 187.192.86.153
Jun 25 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: input_userauth_request: invalid user comercial [preauth]
Jun 25 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session closed for user root
Jun 25 03:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Failed password for invalid user comercial from 187.192.86.153 port 60030 ssh2
Jun 25 03:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Received disconnect from 187.192.86.153 port 60030:11: Bye Bye [preauth]
Jun 25 03:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Disconnected from 187.192.86.153 port 60030 [preauth]
Jun 25 03:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: Invalid user system from 45.156.87.216
Jun 25 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: input_userauth_request: invalid user system [preauth]
Jun 25 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9277]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: Failed password for invalid user system from 45.156.87.216 port 45304 ssh2
Jun 25 03:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: Connection closed by 45.156.87.216 port 45304 [preauth]
Jun 25 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: Invalid user trade from 45.156.87.216
Jun 25 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: input_userauth_request: invalid user trade [preauth]
Jun 25 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: Failed password for invalid user trade from 45.156.87.216 port 57706 ssh2
Jun 25 03:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: Connection closed by 45.156.87.216 port 57706 [preauth]
Jun 25 03:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Invalid user dmdba from 45.156.87.216
Jun 25 03:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 03:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Failed password for invalid user dmdba from 45.156.87.216 port 41254 ssh2
Jun 25 03:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Connection closed by 45.156.87.216 port 41254 [preauth]
Jun 25 03:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: Failed password for invalid user ubuntu from 45.156.87.216 port 41270 ssh2
Jun 25 03:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: Connection closed by 45.156.87.216 port 41270 [preauth]
Jun 25 03:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: Invalid user portal from 45.156.87.216
Jun 25 03:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: input_userauth_request: invalid user portal [preauth]
Jun 25 03:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: Failed password for invalid user portal from 45.156.87.216 port 60248 ssh2
Jun 25 03:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: Connection closed by 45.156.87.216 port 60248 [preauth]
Jun 25 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8387]: pam_unix(cron:session): session closed for user root
Jun 25 03:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: Invalid user sales1 from 36.92.41.115
Jun 25 03:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: input_userauth_request: invalid user sales1 [preauth]
Jun 25 03:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: Invalid user tom from 45.156.87.216
Jun 25 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: input_userauth_request: invalid user tom [preauth]
Jun 25 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: Failed password for invalid user sales1 from 36.92.41.115 port 13954 ssh2
Jun 25 03:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: Received disconnect from 36.92.41.115 port 13954:11: Bye Bye [preauth]
Jun 25 03:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: Disconnected from 36.92.41.115 port 13954 [preauth]
Jun 25 03:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: Failed password for invalid user tom from 45.156.87.216 port 60256 ssh2
Jun 25 03:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: Connection closed by 45.156.87.216 port 60256 [preauth]
Jun 25 03:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: Invalid user pi from 45.156.87.216
Jun 25 03:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: input_userauth_request: invalid user pi [preauth]
Jun 25 03:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: Failed password for root from 79.125.162.32 port 13510 ssh2
Jun 25 03:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: Received disconnect from 79.125.162.32 port 13510:11: Bye Bye [preauth]
Jun 25 03:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: Disconnected from 79.125.162.32 port 13510 [preauth]
Jun 25 03:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: Failed password for invalid user pi from 45.156.87.216 port 50682 ssh2
Jun 25 03:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: Connection closed by 45.156.87.216 port 50682 [preauth]
Jun 25 03:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: Failed password for root from 45.156.87.216 port 42924 ssh2
Jun 25 03:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: Connection closed by 45.156.87.216 port 42924 [preauth]
Jun 25 03:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Invalid user clawdbot from 45.156.87.216
Jun 25 03:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: input_userauth_request: invalid user clawdbot [preauth]
Jun 25 03:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Failed password for invalid user clawdbot from 45.156.87.216 port 42948 ssh2
Jun 25 03:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Connection closed by 45.156.87.216 port 42948 [preauth]
Jun 25 03:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Invalid user main from 45.156.87.216
Jun 25 03:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: input_userauth_request: invalid user main [preauth]
Jun 25 03:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9686]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Failed password for invalid user main from 45.156.87.216 port 55622 ssh2
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Connection closed by 45.156.87.216 port 55622 [preauth]
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9748]: Successful su for rubyman by root
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9748]: + ??? root:rubyman
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587713 of user rubyman.
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9748]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587713.
Jun 25 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6928]: pam_unix(cron:session): session closed for user root
Jun 25 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: Invalid user jakob from 45.156.87.216
Jun 25 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: input_userauth_request: invalid user jakob [preauth]
Jun 25 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9687]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: Failed password for invalid user jakob from 45.156.87.216 port 55638 ssh2
Jun 25 03:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: Connection closed by 45.156.87.216 port 55638 [preauth]
Jun 25 03:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: Failed password for root from 45.156.87.216 port 60514 ssh2
Jun 25 03:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: Connection closed by 45.156.87.216 port 60514 [preauth]
Jun 25 03:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: Invalid user testuser from 45.156.87.216
Jun 25 03:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: input_userauth_request: invalid user testuser [preauth]
Jun 25 03:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: Failed password for invalid user testuser from 45.156.87.216 port 47810 ssh2
Jun 25 03:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: Connection closed by 45.156.87.216 port 47810 [preauth]
Jun 25 03:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: Invalid user mc from 45.156.87.216
Jun 25 03:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: input_userauth_request: invalid user mc [preauth]
Jun 25 03:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: Invalid user sales1 from 103.112.173.87
Jun 25 03:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: input_userauth_request: invalid user sales1 [preauth]
Jun 25 03:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: Failed password for invalid user mc from 45.156.87.216 port 47836 ssh2
Jun 25 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: Connection closed by 45.156.87.216 port 47836 [preauth]
Jun 25 03:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: Failed password for invalid user sales1 from 103.112.173.87 port 36872 ssh2
Jun 25 03:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: Received disconnect from 103.112.173.87 port 36872:11: Bye Bye [preauth]
Jun 25 03:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: Disconnected from 103.112.173.87 port 36872 [preauth]
Jun 25 03:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Invalid user jellyfin from 45.156.87.216
Jun 25 03:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 03:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Invalid user postgres from 103.155.47.102
Jun 25 03:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: input_userauth_request: invalid user postgres [preauth]
Jun 25 03:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Failed password for invalid user jellyfin from 45.156.87.216 port 60672 ssh2
Jun 25 03:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Connection closed by 45.156.87.216 port 60672 [preauth]
Jun 25 03:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for invalid user postgres from 103.155.47.102 port 52300 ssh2
Jun 25 03:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Received disconnect from 103.155.47.102 port 52300:11: Bye Bye [preauth]
Jun 25 03:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Disconnected from 103.155.47.102 port 52300 [preauth]
Jun 25 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8852]: pam_unix(cron:session): session closed for user root
Jun 25 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10207]: Invalid user ts3 from 45.156.87.216
Jun 25 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10207]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10207]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10207]: Failed password for invalid user ts3 from 45.156.87.216 port 60682 ssh2
Jun 25 03:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10207]: Connection closed by 45.156.87.216 port 60682 [preauth]
Jun 25 03:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Invalid user root1 from 45.156.87.216
Jun 25 03:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: input_userauth_request: invalid user root1 [preauth]
Jun 25 03:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Failed password for invalid user root1 from 45.156.87.216 port 36864 ssh2
Jun 25 03:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Connection closed by 45.156.87.216 port 36864 [preauth]
Jun 25 03:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: Failed password for root from 45.156.87.216 port 36868 ssh2
Jun 25 03:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: Connection closed by 45.156.87.216 port 36868 [preauth]
Jun 25 03:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Invalid user test3 from 45.156.87.216
Jun 25 03:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: input_userauth_request: invalid user test3 [preauth]
Jun 25 03:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Failed password for invalid user test3 from 45.156.87.216 port 58642 ssh2
Jun 25 03:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Connection closed by 45.156.87.216 port 58642 [preauth]
Jun 25 03:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Invalid user test from 45.156.87.216
Jun 25 03:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: input_userauth_request: invalid user test [preauth]
Jun 25 03:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Failed password for invalid user test from 45.156.87.216 port 44992 ssh2
Jun 25 03:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Connection closed by 45.156.87.216 port 44992 [preauth]
Jun 25 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10393]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10455]: Successful su for rubyman by root
Jun 25 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10455]: + ??? root:rubyman
Jun 25 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587716 of user rubyman.
Jun 25 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10455]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587716.
Jun 25 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 25 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: Invalid user gabriel from 45.156.87.216
Jun 25 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: Failed password for root from 45.148.10.121 port 48320 ssh2
Jun 25 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10390]: Connection closed by 45.148.10.121 port 48320 [preauth]
Jun 25 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7461]: pam_unix(cron:session): session closed for user root
Jun 25 03:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: Failed password for invalid user gabriel from 45.156.87.216 port 45008 ssh2
Jun 25 03:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: Connection closed by 45.156.87.216 port 45008 [preauth]
Jun 25 03:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10394]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: Invalid user vyos from 45.156.87.216
Jun 25 03:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: input_userauth_request: invalid user vyos [preauth]
Jun 25 03:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: Failed password for invalid user vyos from 45.156.87.216 port 37780 ssh2
Jun 25 03:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: Connection closed by 45.156.87.216 port 37780 [preauth]
Jun 25 03:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10650]: Connection reset by 205.210.31.173 port 63970 [preauth]
Jun 25 03:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Invalid user www from 45.156.87.216
Jun 25 03:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: input_userauth_request: invalid user www [preauth]
Jun 25 03:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Failed password for invalid user www from 45.156.87.216 port 37792 ssh2
Jun 25 03:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Connection closed by 45.156.87.216 port 37792 [preauth]
Jun 25 03:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Invalid user es from 45.156.87.216
Jun 25 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: input_userauth_request: invalid user es [preauth]
Jun 25 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Failed password for invalid user es from 45.156.87.216 port 37410 ssh2
Jun 25 03:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Connection closed by 45.156.87.216 port 37410 [preauth]
Jun 25 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Invalid user wso2 from 45.156.87.216
Jun 25 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: input_userauth_request: invalid user wso2 [preauth]
Jun 25 03:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Invalid user vpn from 36.92.41.115
Jun 25 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: input_userauth_request: invalid user vpn [preauth]
Jun 25 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Failed password for invalid user wso2 from 45.156.87.216 port 41666 ssh2
Jun 25 03:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Connection closed by 45.156.87.216 port 41666 [preauth]
Jun 25 03:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Failed password for invalid user vpn from 36.92.41.115 port 11412 ssh2
Jun 25 03:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Received disconnect from 36.92.41.115 port 11412:11: Bye Bye [preauth]
Jun 25 03:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Disconnected from 36.92.41.115 port 11412 [preauth]
Jun 25 03:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9280]: pam_unix(cron:session): session closed for user root
Jun 25 03:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10724]: Failed password for root from 45.156.87.216 port 41674 ssh2
Jun 25 03:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10724]: Connection closed by 45.156.87.216 port 41674 [preauth]
Jun 25 03:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Invalid user claude from 45.156.87.216
Jun 25 03:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: input_userauth_request: invalid user claude [preauth]
Jun 25 03:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Failed password for invalid user claude from 45.156.87.216 port 51826 ssh2
Jun 25 03:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Connection closed by 45.156.87.216 port 51826 [preauth]
Jun 25 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: Invalid user admin1 from 45.156.87.216
Jun 25 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 03:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: Failed password for invalid user admin1 from 45.156.87.216 port 51838 ssh2
Jun 25 03:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: Connection closed by 45.156.87.216 port 51838 [preauth]
Jun 25 03:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Failed password for invalid user ubuntu from 45.156.87.216 port 55366 ssh2
Jun 25 03:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Connection closed by 45.156.87.216 port 55366 [preauth]
Jun 25 03:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Invalid user usuario from 45.156.87.216
Jun 25 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: input_userauth_request: invalid user usuario [preauth]
Jun 25 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Failed password for invalid user usuario from 45.156.87.216 port 55394 ssh2
Jun 25 03:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Connection closed by 45.156.87.216 port 55394 [preauth]
Jun 25 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session closed for user root
Jun 25 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10837]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: Invalid user dmdba from 45.156.87.216
Jun 25 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10909]: Successful su for rubyman by root
Jun 25 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10909]: + ??? root:rubyman
Jun 25 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587724 of user rubyman.
Jun 25 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10909]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587724.
Jun 25 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: Failed password for invalid user dmdba from 45.156.87.216 port 47344 ssh2
Jun 25 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: Connection closed by 45.156.87.216 port 47344 [preauth]
Jun 25 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10839]: pam_unix(cron:session): session closed for user root
Jun 25 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session closed for user root
Jun 25 03:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10838]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Failed password for root from 45.156.87.216 port 41902 ssh2
Jun 25 03:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Connection closed by 45.156.87.216 port 41902 [preauth]
Jun 25 03:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11135]: Failed password for root from 45.156.87.216 port 41934 ssh2
Jun 25 03:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11135]: Connection closed by 45.156.87.216 port 41934 [preauth]
Jun 25 03:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Invalid user won from 79.125.162.32
Jun 25 03:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: input_userauth_request: invalid user won [preauth]
Jun 25 03:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: Invalid user marcus from 187.192.86.153
Jun 25 03:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: input_userauth_request: invalid user marcus [preauth]
Jun 25 03:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Invalid user erp from 45.156.87.216
Jun 25 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: input_userauth_request: invalid user erp [preauth]
Jun 25 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Failed password for invalid user won from 79.125.162.32 port 57179 ssh2
Jun 25 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Received disconnect from 79.125.162.32 port 57179:11: Bye Bye [preauth]
Jun 25 03:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Disconnected from 79.125.162.32 port 57179 [preauth]
Jun 25 03:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: Failed password for invalid user marcus from 187.192.86.153 port 48226 ssh2
Jun 25 03:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: Received disconnect from 187.192.86.153 port 48226:11: Bye Bye [preauth]
Jun 25 03:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11162]: Disconnected from 187.192.86.153 port 48226 [preauth]
Jun 25 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Failed password for invalid user erp from 45.156.87.216 port 36802 ssh2
Jun 25 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Connection closed by 45.156.87.216 port 36802 [preauth]
Jun 25 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: Invalid user user from 103.155.47.102
Jun 25 03:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: input_userauth_request: invalid user user [preauth]
Jun 25 03:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: Failed password for invalid user user from 103.155.47.102 port 34282 ssh2
Jun 25 03:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: Invalid user asterisk from 45.156.87.216
Jun 25 03:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: input_userauth_request: invalid user asterisk [preauth]
Jun 25 03:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: Received disconnect from 103.155.47.102 port 34282:11: Bye Bye [preauth]
Jun 25 03:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11175]: Disconnected from 103.155.47.102 port 34282 [preauth]
Jun 25 03:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: Failed password for invalid user asterisk from 45.156.87.216 port 36814 ssh2
Jun 25 03:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11177]: Connection closed by 45.156.87.216 port 36814 [preauth]
Jun 25 03:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: Invalid user deploy from 45.156.87.216
Jun 25 03:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: Failed password for invalid user deploy from 45.156.87.216 port 51564 ssh2
Jun 25 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: Connection closed by 45.156.87.216 port 51564 [preauth]
Jun 25 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9689]: pam_unix(cron:session): session closed for user root
Jun 25 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Failed password for root from 45.156.87.216 port 51566 ssh2
Jun 25 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Connection closed by 45.156.87.216 port 51566 [preauth]
Jun 25 03:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: Failed password for root from 45.156.87.216 port 46220 ssh2
Jun 25 03:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: Connection closed by 45.156.87.216 port 46220 [preauth]
Jun 25 03:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Invalid user cursor from 45.156.87.216
Jun 25 03:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: input_userauth_request: invalid user cursor [preauth]
Jun 25 03:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Failed password for invalid user cursor from 45.156.87.216 port 43390 ssh2
Jun 25 03:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Connection closed by 45.156.87.216 port 43390 [preauth]
Jun 25 03:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Invalid user christianna from 2.57.121.112
Jun 25 03:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: input_userauth_request: invalid user christianna [preauth]
Jun 25 03:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11283]: Failed password for root from 45.156.87.216 port 43398 ssh2
Jun 25 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11283]: Connection closed by 45.156.87.216 port 43398 [preauth]
Jun 25 03:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Failed password for invalid user christianna from 2.57.121.112 port 42406 ssh2
Jun 25 03:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Failed password for invalid user christianna from 2.57.121.112 port 42406 ssh2
Jun 25 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Invalid user localhost from 45.156.87.216
Jun 25 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: input_userauth_request: invalid user localhost [preauth]
Jun 25 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Failed password for invalid user christianna from 2.57.121.112 port 42406 ssh2
Jun 25 03:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Failed password for invalid user localhost from 45.156.87.216 port 52900 ssh2
Jun 25 03:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Connection closed by 45.156.87.216 port 52900 [preauth]
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Failed password for invalid user christianna from 2.57.121.112 port 42406 ssh2
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11380]: Successful su for rubyman by root
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11380]: + ??? root:rubyman
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587726 of user rubyman.
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11380]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587726.
Jun 25 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: Invalid user kafka from 45.156.87.216
Jun 25 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: input_userauth_request: invalid user kafka [preauth]
Jun 25 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Failed password for invalid user christianna from 2.57.121.112 port 42406 ssh2
Jun 25 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Connection closed by 2.57.121.112 port 42406 [preauth]
Jun 25 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 03:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: Failed password for invalid user kafka from 45.156.87.216 port 52902 ssh2
Jun 25 03:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: Connection closed by 45.156.87.216 port 52902 [preauth]
Jun 25 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8386]: pam_unix(cron:session): session closed for user root
Jun 25 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11314]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Failed password for root from 103.27.238.120 port 40250 ssh2
Jun 25 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Connection closed by 103.27.238.120 port 40250 [preauth]
Jun 25 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: Invalid user sftpuser from 45.156.87.216
Jun 25 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: input_userauth_request: invalid user sftpuser [preauth]
Jun 25 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: Failed password for invalid user sftpuser from 45.156.87.216 port 48482 ssh2
Jun 25 03:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11581]: Connection closed by 45.156.87.216 port 48482 [preauth]
Jun 25 03:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11591]: Invalid user runner from 45.156.87.216
Jun 25 03:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11591]: input_userauth_request: invalid user runner [preauth]
Jun 25 03:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11591]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11591]: Failed password for invalid user runner from 45.156.87.216 port 48496 ssh2
Jun 25 03:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11591]: Connection closed by 45.156.87.216 port 48496 [preauth]
Jun 25 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: Invalid user username from 45.156.87.216
Jun 25 03:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: input_userauth_request: invalid user username [preauth]
Jun 25 03:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: Failed password for invalid user username from 45.156.87.216 port 34094 ssh2
Jun 25 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: Connection closed by 45.156.87.216 port 34094 [preauth]
Jun 25 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Invalid user vmail from 36.92.41.115
Jun 25 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: input_userauth_request: invalid user vmail [preauth]
Jun 25 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Failed password for invalid user vmail from 36.92.41.115 port 41450 ssh2
Jun 25 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Received disconnect from 36.92.41.115 port 41450:11: Bye Bye [preauth]
Jun 25 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Disconnected from 36.92.41.115 port 41450 [preauth]
Jun 25 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Invalid user user from 45.156.87.216
Jun 25 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: input_userauth_request: invalid user user [preauth]
Jun 25 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Failed password for invalid user user from 45.156.87.216 port 34108 ssh2
Jun 25 03:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Connection closed by 45.156.87.216 port 34108 [preauth]
Jun 25 03:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Failed password for invalid user ubuntu from 45.156.87.216 port 47762 ssh2
Jun 25 03:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Connection closed by 45.156.87.216 port 47762 [preauth]
Jun 25 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10396]: pam_unix(cron:session): session closed for user root
Jun 25 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: Invalid user admin from 45.156.87.216
Jun 25 03:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: Failed password for invalid user admin from 45.156.87.216 port 47770 ssh2
Jun 25 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: Connection closed by 45.156.87.216 port 47770 [preauth]
Jun 25 03:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Invalid user master from 45.156.87.216
Jun 25 03:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: input_userauth_request: invalid user master [preauth]
Jun 25 03:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Failed password for invalid user master from 45.156.87.216 port 38974 ssh2
Jun 25 03:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Connection closed by 45.156.87.216 port 38974 [preauth]
Jun 25 03:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: Invalid user admin from 45.156.87.216
Jun 25 03:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: Failed password for invalid user admin from 45.156.87.216 port 38982 ssh2
Jun 25 03:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: Connection closed by 45.156.87.216 port 38982 [preauth]
Jun 25 03:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: Invalid user test from 45.156.87.216
Jun 25 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: input_userauth_request: invalid user test [preauth]
Jun 25 03:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: Failed password for root from 147.45.199.80 port 51936 ssh2
Jun 25 03:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: Connection closed by 147.45.199.80 port 51936 [preauth]
Jun 25 03:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: Failed password for invalid user test from 45.156.87.216 port 49144 ssh2
Jun 25 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11751]: Connection closed by 45.156.87.216 port 49144 [preauth]
Jun 25 03:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Invalid user admin2 from 45.156.87.216
Jun 25 03:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 03:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Failed password for invalid user admin2 from 45.156.87.216 port 36232 ssh2
Jun 25 03:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Connection closed by 45.156.87.216 port 36232 [preauth]
Jun 25 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11778]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11855]: Successful su for rubyman by root
Jun 25 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11855]: + ??? root:rubyman
Jun 25 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587729 of user rubyman.
Jun 25 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11855]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587729.
Jun 25 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8851]: pam_unix(cron:session): session closed for user root
Jun 25 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: Failed password for root from 45.156.87.216 port 36256 ssh2
Jun 25 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: Connection closed by 45.156.87.216 port 36256 [preauth]
Jun 25 03:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11780]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: Invalid user sri from 14.103.117.77
Jun 25 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: input_userauth_request: invalid user sri [preauth]
Jun 25 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.117.77
Jun 25 03:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: Invalid user opc from 45.156.87.216
Jun 25 03:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: input_userauth_request: invalid user opc [preauth]
Jun 25 03:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: Failed password for invalid user sri from 14.103.117.77 port 50326 ssh2
Jun 25 03:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: Failed password for invalid user opc from 45.156.87.216 port 40726 ssh2
Jun 25 03:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: Connection closed by 45.156.87.216 port 40726 [preauth]
Jun 25 03:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: Invalid user www from 45.156.87.216
Jun 25 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: input_userauth_request: invalid user www [preauth]
Jun 25 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: Failed password for invalid user www from 45.156.87.216 port 40738 ssh2
Jun 25 03:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: Connection closed by 45.156.87.216 port 40738 [preauth]
Jun 25 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Failed password for root from 103.155.47.102 port 33992 ssh2
Jun 25 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Received disconnect from 103.155.47.102 port 33992:11: Bye Bye [preauth]
Jun 25 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Disconnected from 103.155.47.102 port 33992 [preauth]
Jun 25 03:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: Failed password for root from 45.156.87.216 port 55992 ssh2
Jun 25 03:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: Connection closed by 45.156.87.216 port 55992 [preauth]
Jun 25 03:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: Invalid user fivem from 45.156.87.216
Jun 25 03:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: input_userauth_request: invalid user fivem [preauth]
Jun 25 03:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 03:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: Failed password for invalid user fivem from 45.156.87.216 port 56004 ssh2
Jun 25 03:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Failed password for root from 103.172.78.219 port 59336 ssh2
Jun 25 03:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: Connection closed by 45.156.87.216 port 56004 [preauth]
Jun 25 03:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Connection closed by 103.172.78.219 port 59336 [preauth]
Jun 25 03:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Invalid user core from 45.156.87.216
Jun 25 03:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: input_userauth_request: invalid user core [preauth]
Jun 25 03:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Failed password for invalid user core from 45.156.87.216 port 46304 ssh2
Jun 25 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Connection closed by 45.156.87.216 port 46304 [preauth]
Jun 25 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: Failed password for root from 62.133.62.83 port 50798 ssh2
Jun 25 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: Connection closed by 62.133.62.83 port 50798 [preauth]
Jun 25 03:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session closed for user root
Jun 25 03:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: Invalid user bot from 45.156.87.216
Jun 25 03:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: input_userauth_request: invalid user bot [preauth]
Jun 25 03:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: Failed password for invalid user bot from 45.156.87.216 port 46318 ssh2
Jun 25 03:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12175]: Connection closed by 45.156.87.216 port 46318 [preauth]
Jun 25 03:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: Invalid user media from 45.156.87.216
Jun 25 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: input_userauth_request: invalid user media [preauth]
Jun 25 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: Failed password for invalid user media from 45.156.87.216 port 57298 ssh2
Jun 25 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12189]: Connection closed by 45.156.87.216 port 57298 [preauth]
Jun 25 03:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Failed password for root from 79.125.162.32 port 46064 ssh2
Jun 25 03:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Received disconnect from 79.125.162.32 port 46064:11: Bye Bye [preauth]
Jun 25 03:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Disconnected from 79.125.162.32 port 46064 [preauth]
Jun 25 03:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12217]: User john from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 03:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12217]: input_userauth_request: invalid user john [preauth]
Jun 25 03:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=john
Jun 25 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12217]: Failed password for invalid user john from 45.156.87.216 port 60102 ssh2
Jun 25 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12217]: Connection closed by 45.156.87.216 port 60102 [preauth]
Jun 25 03:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: Invalid user david from 45.156.87.216
Jun 25 03:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: input_userauth_request: invalid user david [preauth]
Jun 25 03:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: Failed password for invalid user david from 45.156.87.216 port 60134 ssh2
Jun 25 03:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: Connection closed by 45.156.87.216 port 60134 [preauth]
Jun 25 03:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Invalid user daniel from 45.156.87.216
Jun 25 03:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: input_userauth_request: invalid user daniel [preauth]
Jun 25 03:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Failed password for invalid user daniel from 45.156.87.216 port 40128 ssh2
Jun 25 03:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Connection closed by 45.156.87.216 port 40128 [preauth]
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12435]: Successful su for rubyman by root
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12435]: + ??? root:rubyman
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587733 of user rubyman.
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12435]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587733.
Jun 25 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Invalid user openclaw from 45.156.87.216
Jun 25 03:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 03:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session closed for user root
Jun 25 03:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Failed password for invalid user openclaw from 45.156.87.216 port 40130 ssh2
Jun 25 03:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Connection closed by 45.156.87.216 port 40130 [preauth]
Jun 25 03:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: Invalid user steam from 45.156.87.216
Jun 25 03:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: input_userauth_request: invalid user steam [preauth]
Jun 25 03:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Invalid user murat from 36.92.41.115
Jun 25 03:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: input_userauth_request: invalid user murat [preauth]
Jun 25 03:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: Failed password for invalid user steam from 45.156.87.216 port 55670 ssh2
Jun 25 03:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: Connection closed by 45.156.87.216 port 55670 [preauth]
Jun 25 03:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Failed password for invalid user murat from 36.92.41.115 port 34628 ssh2
Jun 25 03:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Received disconnect from 36.92.41.115 port 34628:11: Bye Bye [preauth]
Jun 25 03:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Disconnected from 36.92.41.115 port 34628 [preauth]
Jun 25 03:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: Invalid user myuser from 45.156.87.216
Jun 25 03:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: input_userauth_request: invalid user myuser [preauth]
Jun 25 03:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: Failed password for invalid user myuser from 45.156.87.216 port 55688 ssh2
Jun 25 03:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: Connection closed by 45.156.87.216 port 55688 [preauth]
Jun 25 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: Invalid user karel from 45.156.87.216
Jun 25 03:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: input_userauth_request: invalid user karel [preauth]
Jun 25 03:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: Failed password for invalid user karel from 45.156.87.216 port 46306 ssh2
Jun 25 03:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: Connection closed by 45.156.87.216 port 46306 [preauth]
Jun 25 03:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: Invalid user fivem from 45.156.87.216
Jun 25 03:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: input_userauth_request: invalid user fivem [preauth]
Jun 25 03:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 25 03:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: Failed password for invalid user fivem from 45.156.87.216 port 46318 ssh2
Jun 25 03:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: Connection closed by 45.156.87.216 port 46318 [preauth]
Jun 25 03:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Failed password for root from 187.192.86.153 port 59510 ssh2
Jun 25 03:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Received disconnect from 187.192.86.153 port 59510:11: Bye Bye [preauth]
Jun 25 03:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Disconnected from 187.192.86.153 port 59510 [preauth]
Jun 25 03:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Invalid user deployer from 45.156.87.216
Jun 25 03:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: input_userauth_request: invalid user deployer [preauth]
Jun 25 03:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11316]: pam_unix(cron:session): session closed for user root
Jun 25 03:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Failed password for invalid user deployer from 45.156.87.216 port 46306 ssh2
Jun 25 03:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Connection closed by 45.156.87.216 port 46306 [preauth]
Jun 25 03:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Invalid user root1 from 45.156.87.216
Jun 25 03:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: input_userauth_request: invalid user root1 [preauth]
Jun 25 03:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Failed password for invalid user root1 from 45.156.87.216 port 48522 ssh2
Jun 25 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Connection closed by 45.156.87.216 port 48522 [preauth]
Jun 25 03:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12752]: Invalid user sdadmin from 45.156.87.216
Jun 25 03:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12752]: input_userauth_request: invalid user sdadmin [preauth]
Jun 25 03:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12752]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12752]: Failed password for invalid user sdadmin from 45.156.87.216 port 48538 ssh2
Jun 25 03:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12752]: Connection closed by 45.156.87.216 port 48538 [preauth]
Jun 25 03:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: Invalid user pi from 45.156.87.216
Jun 25 03:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: input_userauth_request: invalid user pi [preauth]
Jun 25 03:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 03:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Failed password for root from 193.37.70.224 port 45502 ssh2
Jun 25 03:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Connection closed by 193.37.70.224 port 45502 [preauth]
Jun 25 03:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: Failed password for invalid user pi from 45.156.87.216 port 60746 ssh2
Jun 25 03:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: Connection closed by 45.156.87.216 port 60746 [preauth]
Jun 25 03:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: Invalid user prem from 45.156.87.216
Jun 25 03:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: input_userauth_request: invalid user prem [preauth]
Jun 25 03:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: Failed password for invalid user prem from 45.156.87.216 port 60760 ssh2
Jun 25 03:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: Connection closed by 45.156.87.216 port 60760 [preauth]
Jun 25 03:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Invalid user student from 45.156.87.216
Jun 25 03:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: input_userauth_request: invalid user student [preauth]
Jun 25 03:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12810]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12811]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12808]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12882]: Successful su for rubyman by root
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12882]: + ??? root:rubyman
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587738 of user rubyman.
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12882]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587738.
Jun 25 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: Failed password for root from 103.155.47.102 port 37034 ssh2
Jun 25 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: Received disconnect from 103.155.47.102 port 37034:11: Bye Bye [preauth]
Jun 25 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: Disconnected from 103.155.47.102 port 37034 [preauth]
Jun 25 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Failed password for invalid user student from 45.156.87.216 port 38134 ssh2
Jun 25 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Connection closed by 45.156.87.216 port 38134 [preauth]
Jun 25 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9688]: pam_unix(cron:session): session closed for user root
Jun 25 03:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: Invalid user rdpuser from 45.156.87.216
Jun 25 03:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 03:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12809]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: Failed password for invalid user rdpuser from 45.156.87.216 port 38136 ssh2
Jun 25 03:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: Connection closed by 45.156.87.216 port 38136 [preauth]
Jun 25 03:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Invalid user developer from 45.156.87.216
Jun 25 03:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: input_userauth_request: invalid user developer [preauth]
Jun 25 03:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Failed password for invalid user developer from 45.156.87.216 port 35802 ssh2
Jun 25 03:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Connection closed by 45.156.87.216 port 35802 [preauth]
Jun 25 03:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Invalid user test from 45.156.87.216
Jun 25 03:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: input_userauth_request: invalid user test [preauth]
Jun 25 03:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Failed password for invalid user test from 45.156.87.216 port 34130 ssh2
Jun 25 03:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Connection closed by 45.156.87.216 port 34130 [preauth]
Jun 25 03:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Invalid user deploy from 45.156.87.216
Jun 25 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Failed password for invalid user deploy from 45.156.87.216 port 34142 ssh2
Jun 25 03:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Connection closed by 45.156.87.216 port 34142 [preauth]
Jun 25 03:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Failed password for root from 45.156.87.216 port 53382 ssh2
Jun 25 03:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Connection closed by 45.156.87.216 port 53382 [preauth]
Jun 25 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11782]: pam_unix(cron:session): session closed for user root
Jun 25 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: Failed password for root from 45.156.87.216 port 53398 ssh2
Jun 25 03:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: Connection closed by 45.156.87.216 port 53398 [preauth]
Jun 25 03:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: Failed password for root from 45.156.87.216 port 33814 ssh2
Jun 25 03:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: Connection closed by 45.156.87.216 port 33814 [preauth]
Jun 25 03:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13211]: Invalid user odoo18 from 45.156.87.216
Jun 25 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13211]: input_userauth_request: invalid user odoo18 [preauth]
Jun 25 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13211]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13211]: Failed password for invalid user odoo18 from 45.156.87.216 port 33826 ssh2
Jun 25 03:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13211]: Connection closed by 45.156.87.216 port 33826 [preauth]
Jun 25 03:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13221]: Invalid user newuser from 45.156.87.216
Jun 25 03:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13221]: input_userauth_request: invalid user newuser [preauth]
Jun 25 03:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13221]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13221]: Failed password for invalid user newuser from 45.156.87.216 port 45914 ssh2
Jun 25 03:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13221]: Connection closed by 45.156.87.216 port 45914 [preauth]
Jun 25 03:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: Invalid user odoo1 from 36.92.41.115
Jun 25 03:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: input_userauth_request: invalid user odoo1 [preauth]
Jun 25 03:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: Failed password for invalid user odoo1 from 36.92.41.115 port 3971 ssh2
Jun 25 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: Received disconnect from 36.92.41.115 port 3971:11: Bye Bye [preauth]
Jun 25 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: Disconnected from 36.92.41.115 port 3971 [preauth]
Jun 25 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: Failed password for invalid user ubuntu from 45.156.87.216 port 49604 ssh2
Jun 25 03:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: Connection closed by 45.156.87.216 port 49604 [preauth]
Jun 25 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session closed for user root
Jun 25 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13255]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: Successful su for rubyman by root
Jun 25 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: + ??? root:rubyman
Jun 25 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587742 of user rubyman.
Jun 25 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587742.
Jun 25 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13275]: User ftp from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13275]: input_userauth_request: invalid user ftp [preauth]
Jun 25 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=ftp
Jun 25 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13275]: Failed password for invalid user ftp from 45.156.87.216 port 49610 ssh2
Jun 25 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13275]: Connection closed by 45.156.87.216 port 49610 [preauth]
Jun 25 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session closed for user root
Jun 25 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10395]: pam_unix(cron:session): session closed for user root
Jun 25 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Invalid user harish from 103.112.173.87
Jun 25 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: input_userauth_request: invalid user harish [preauth]
Jun 25 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Failed password for invalid user harish from 103.112.173.87 port 48256 ssh2
Jun 25 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Invalid user git from 45.156.87.216
Jun 25 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: input_userauth_request: invalid user git [preauth]
Jun 25 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Received disconnect from 103.112.173.87 port 48256:11: Bye Bye [preauth]
Jun 25 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Disconnected from 103.112.173.87 port 48256 [preauth]
Jun 25 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: Failed password for root from 79.125.162.32 port 56297 ssh2
Jun 25 03:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: Received disconnect from 79.125.162.32 port 56297:11: Bye Bye [preauth]
Jun 25 03:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: Disconnected from 79.125.162.32 port 56297 [preauth]
Jun 25 03:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Failed password for invalid user git from 45.156.87.216 port 41278 ssh2
Jun 25 03:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Connection closed by 45.156.87.216 port 41278 [preauth]
Jun 25 03:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Invalid user ark from 45.156.87.216
Jun 25 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: input_userauth_request: invalid user ark [preauth]
Jun 25 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Failed password for invalid user ark from 45.156.87.216 port 41288 ssh2
Jun 25 03:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Connection closed by 45.156.87.216 port 41288 [preauth]
Jun 25 03:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Invalid user sysupdate from 45.156.87.216
Jun 25 03:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: input_userauth_request: invalid user sysupdate [preauth]
Jun 25 03:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Failed password for invalid user sysupdate from 45.156.87.216 port 49704 ssh2
Jun 25 03:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Connection closed by 45.156.87.216 port 49704 [preauth]
Jun 25 03:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Invalid user user1 from 45.156.87.216
Jun 25 03:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: input_userauth_request: invalid user user1 [preauth]
Jun 25 03:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Failed password for invalid user user1 from 45.156.87.216 port 49720 ssh2
Jun 25 03:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Connection closed by 45.156.87.216 port 49720 [preauth]
Jun 25 03:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: User mysql from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 03:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: input_userauth_request: invalid user mysql [preauth]
Jun 25 03:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=mysql
Jun 25 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session closed for user root
Jun 25 03:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: Failed password for invalid user mysql from 45.156.87.216 port 39400 ssh2
Jun 25 03:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: Connection closed by 45.156.87.216 port 39400 [preauth]
Jun 25 03:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Invalid user onkar from 45.156.87.216
Jun 25 03:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: input_userauth_request: invalid user onkar [preauth]
Jun 25 03:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Failed password for invalid user onkar from 45.156.87.216 port 55416 ssh2
Jun 25 03:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Connection closed by 45.156.87.216 port 55416 [preauth]
Jun 25 03:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: Connection closed by 194.59.206.2 port 54510 [preauth]
Jun 25 03:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: Failed password for root from 45.156.87.216 port 55430 ssh2
Jun 25 03:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: Connection closed by 45.156.87.216 port 55430 [preauth]
Jun 25 03:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13683]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13683]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13683]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13683]: Failed password for invalid user ubuntu from 45.156.87.216 port 43634 ssh2
Jun 25 03:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13683]: Connection closed by 45.156.87.216 port 43634 [preauth]
Jun 25 03:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: Invalid user node from 45.156.87.216
Jun 25 03:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: input_userauth_request: invalid user node [preauth]
Jun 25 03:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: Failed password for invalid user node from 45.156.87.216 port 43642 ssh2
Jun 25 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: Connection closed by 45.156.87.216 port 43642 [preauth]
Jun 25 03:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Invalid user rancher from 45.156.87.216
Jun 25 03:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: input_userauth_request: invalid user rancher [preauth]
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13713]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13698]: Failed password for root from 103.155.47.102 port 43576 ssh2
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: Successful su for rubyman by root
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: + ??? root:rubyman
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587747 of user rubyman.
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587747.
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13698]: Received disconnect from 103.155.47.102 port 43576:11: Bye Bye [preauth]
Jun 25 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13698]: Disconnected from 103.155.47.102 port 43576 [preauth]
Jun 25 03:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Failed password for invalid user rancher from 45.156.87.216 port 43866 ssh2
Jun 25 03:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Connection closed by 45.156.87.216 port 43866 [preauth]
Jun 25 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10840]: pam_unix(cron:session): session closed for user root
Jun 25 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13714]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: Invalid user claude from 45.156.87.216
Jun 25 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: input_userauth_request: invalid user claude [preauth]
Jun 25 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: Failed password for invalid user claude from 45.156.87.216 port 43878 ssh2
Jun 25 03:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: Connection closed by 45.156.87.216 port 43878 [preauth]
Jun 25 03:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13991]: Invalid user aaa from 45.156.87.216
Jun 25 03:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13991]: input_userauth_request: invalid user aaa [preauth]
Jun 25 03:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13991]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13991]: Failed password for invalid user aaa from 45.156.87.216 port 52090 ssh2
Jun 25 03:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13991]: Connection closed by 45.156.87.216 port 52090 [preauth]
Jun 25 03:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: Invalid user runner from 45.156.87.216
Jun 25 03:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: input_userauth_request: invalid user runner [preauth]
Jun 25 03:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: Failed password for invalid user runner from 45.156.87.216 port 58650 ssh2
Jun 25 03:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14016]: Connection closed by 45.156.87.216 port 58650 [preauth]
Jun 25 03:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: Failed password for root from 45.156.87.216 port 58654 ssh2
Jun 25 03:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14026]: Connection closed by 45.156.87.216 port 58654 [preauth]
Jun 25 03:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14048]: Invalid user rdpuser from 45.156.87.216
Jun 25 03:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14048]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 03:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14048]: Failed password for invalid user rdpuser from 45.156.87.216 port 47900 ssh2
Jun 25 03:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14048]: Connection closed by 45.156.87.216 port 47900 [preauth]
Jun 25 03:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12811]: pam_unix(cron:session): session closed for user root
Jun 25 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14073]: Invalid user ekp from 187.192.86.153
Jun 25 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14073]: input_userauth_request: invalid user ekp [preauth]
Jun 25 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14073]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14058]: Failed password for root from 45.156.87.216 port 47908 ssh2
Jun 25 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14058]: Connection closed by 45.156.87.216 port 47908 [preauth]
Jun 25 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14073]: Failed password for invalid user ekp from 187.192.86.153 port 41084 ssh2
Jun 25 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14073]: Received disconnect from 187.192.86.153 port 41084:11: Bye Bye [preauth]
Jun 25 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14073]: Disconnected from 187.192.86.153 port 41084 [preauth]
Jun 25 03:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: Invalid user admin from 2.57.121.25
Jun 25 03:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 03:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: Failed password for invalid user admin from 2.57.121.25 port 10322 ssh2
Jun 25 03:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14092]: Invalid user frappe from 45.156.87.216
Jun 25 03:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14092]: input_userauth_request: invalid user frappe [preauth]
Jun 25 03:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14092]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: Failed password for invalid user admin from 2.57.121.25 port 10322 ssh2
Jun 25 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14092]: Failed password for invalid user frappe from 45.156.87.216 port 51256 ssh2
Jun 25 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14092]: Connection closed by 45.156.87.216 port 51256 [preauth]
Jun 25 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14094]: Invalid user ekp from 36.92.41.115
Jun 25 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14094]: input_userauth_request: invalid user ekp [preauth]
Jun 25 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14094]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: Failed password for invalid user admin from 2.57.121.25 port 10322 ssh2
Jun 25 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14094]: Failed password for invalid user ekp from 36.92.41.115 port 34895 ssh2
Jun 25 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: Connection closed by 2.57.121.25 port 10322 [preauth]
Jun 25 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14094]: Received disconnect from 36.92.41.115 port 34895:11: Bye Bye [preauth]
Jun 25 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14094]: Disconnected from 36.92.41.115 port 34895 [preauth]
Jun 25 03:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Invalid user ivan from 45.156.87.216
Jun 25 03:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: input_userauth_request: invalid user ivan [preauth]
Jun 25 03:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Failed password for invalid user ivan from 45.156.87.216 port 51272 ssh2
Jun 25 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Connection closed by 45.156.87.216 port 51272 [preauth]
Jun 25 03:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14127]: Invalid user rocky from 45.156.87.216
Jun 25 03:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14127]: input_userauth_request: invalid user rocky [preauth]
Jun 25 03:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14127]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14127]: Failed password for invalid user rocky from 45.156.87.216 port 58822 ssh2
Jun 25 03:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14127]: Connection closed by 45.156.87.216 port 58822 [preauth]
Jun 25 03:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: Failed password for root from 45.156.87.216 port 58830 ssh2
Jun 25 03:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: Connection closed by 45.156.87.216 port 58830 [preauth]
Jun 25 03:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14147]: Invalid user user3 from 45.156.87.216
Jun 25 03:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14147]: input_userauth_request: invalid user user3 [preauth]
Jun 25 03:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14147]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14151]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14212]: Successful su for rubyman by root
Jun 25 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14212]: + ??? root:rubyman
Jun 25 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587752 of user rubyman.
Jun 25 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14212]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587752.
Jun 25 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14147]: Failed password for invalid user user3 from 45.156.87.216 port 48666 ssh2
Jun 25 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14147]: Connection closed by 45.156.87.216 port 48666 [preauth]
Jun 25 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11315]: pam_unix(cron:session): session closed for user root
Jun 25 03:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14152]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Invalid user ali from 45.156.87.216
Jun 25 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: input_userauth_request: invalid user ali [preauth]
Jun 25 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Failed password for invalid user ali from 45.156.87.216 port 48690 ssh2
Jun 25 03:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Connection closed by 45.156.87.216 port 48690 [preauth]
Jun 25 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Invalid user minecraft from 45.156.87.216
Jun 25 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Failed password for invalid user minecraft from 45.156.87.216 port 35880 ssh2
Jun 25 03:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Connection closed by 45.156.87.216 port 35880 [preauth]
Jun 25 03:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Invalid user test1 from 45.156.87.216
Jun 25 03:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: input_userauth_request: invalid user test1 [preauth]
Jun 25 03:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Failed password for invalid user test1 from 45.156.87.216 port 49064 ssh2
Jun 25 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Connection closed by 45.156.87.216 port 49064 [preauth]
Jun 25 03:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Invalid user liyang from 45.156.87.216
Jun 25 03:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: input_userauth_request: invalid user liyang [preauth]
Jun 25 03:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Failed password for invalid user liyang from 45.156.87.216 port 49074 ssh2
Jun 25 03:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Connection closed by 45.156.87.216 port 49074 [preauth]
Jun 25 03:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Invalid user rock from 45.156.87.216
Jun 25 03:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: input_userauth_request: invalid user rock [preauth]
Jun 25 03:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Failed password for invalid user rock from 45.156.87.216 port 47490 ssh2
Jun 25 03:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Connection closed by 45.156.87.216 port 47490 [preauth]
Jun 25 03:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13261]: pam_unix(cron:session): session closed for user root
Jun 25 03:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: Failed password for root from 45.156.87.216 port 47498 ssh2
Jun 25 03:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: Connection closed by 45.156.87.216 port 47498 [preauth]
Jun 25 03:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Invalid user abhishek from 79.125.162.32
Jun 25 03:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: input_userauth_request: invalid user abhishek [preauth]
Jun 25 03:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Failed password for invalid user abhishek from 79.125.162.32 port 45168 ssh2
Jun 25 03:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: Failed password for root from 45.156.87.216 port 35932 ssh2
Jun 25 03:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Received disconnect from 79.125.162.32 port 45168:11: Bye Bye [preauth]
Jun 25 03:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Disconnected from 79.125.162.32 port 45168 [preauth]
Jun 25 03:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: Connection closed by 45.156.87.216 port 35932 [preauth]
Jun 25 03:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Invalid user x from 45.156.87.216
Jun 25 03:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: input_userauth_request: invalid user x [preauth]
Jun 25 03:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Failed password for invalid user x from 45.156.87.216 port 35956 ssh2
Jun 25 03:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Connection closed by 45.156.87.216 port 35956 [preauth]
Jun 25 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: Invalid user kingbase from 45.156.87.216
Jun 25 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: input_userauth_request: invalid user kingbase [preauth]
Jun 25 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: Failed password for invalid user kingbase from 45.156.87.216 port 48090 ssh2
Jun 25 03:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: Connection closed by 45.156.87.216 port 48090 [preauth]
Jun 25 03:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Failed password for root from 103.155.47.102 port 37376 ssh2
Jun 25 03:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Received disconnect from 103.155.47.102 port 37376:11: Bye Bye [preauth]
Jun 25 03:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Disconnected from 103.155.47.102 port 37376 [preauth]
Jun 25 03:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: Failed password for root from 45.156.87.216 port 48100 ssh2
Jun 25 03:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: Connection closed by 45.156.87.216 port 48100 [preauth]
Jun 25 03:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: Invalid user rdpuser from 45.156.87.216
Jun 25 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14568]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14643]: Successful su for rubyman by root
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14643]: + ??? root:rubyman
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587755 of user rubyman.
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14643]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587755.
Jun 25 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: Failed password for invalid user rdpuser from 45.156.87.216 port 33354 ssh2
Jun 25 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: Connection closed by 45.156.87.216 port 33354 [preauth]
Jun 25 03:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11781]: pam_unix(cron:session): session closed for user root
Jun 25 03:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14566]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Invalid user solana from 45.156.87.216
Jun 25 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: input_userauth_request: invalid user solana [preauth]
Jun 25 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Failed password for invalid user solana from 45.156.87.216 port 33358 ssh2
Jun 25 03:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Connection closed by 45.156.87.216 port 33358 [preauth]
Jun 25 03:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Invalid user linux from 45.156.87.216
Jun 25 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: input_userauth_request: invalid user linux [preauth]
Jun 25 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Failed password for invalid user linux from 45.156.87.216 port 55764 ssh2
Jun 25 03:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Connection closed by 45.156.87.216 port 55764 [preauth]
Jun 25 03:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Invalid user user2 from 45.156.87.216
Jun 25 03:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: input_userauth_request: invalid user user2 [preauth]
Jun 25 03:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Failed password for invalid user user2 from 45.156.87.216 port 52022 ssh2
Jun 25 03:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Connection closed by 45.156.87.216 port 52022 [preauth]
Jun 25 03:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: Invalid user kali from 45.156.87.216
Jun 25 03:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: input_userauth_request: invalid user kali [preauth]
Jun 25 03:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: Failed password for invalid user kali from 45.156.87.216 port 52026 ssh2
Jun 25 03:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: Connection closed by 45.156.87.216 port 52026 [preauth]
Jun 25 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: Invalid user victor from 36.92.41.115
Jun 25 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: input_userauth_request: invalid user victor [preauth]
Jun 25 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: Failed password for invalid user victor from 36.92.41.115 port 27463 ssh2
Jun 25 03:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: Received disconnect from 36.92.41.115 port 27463:11: Bye Bye [preauth]
Jun 25 03:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: Disconnected from 36.92.41.115 port 27463 [preauth]
Jun 25 03:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14971]: Invalid user myuser from 45.156.87.216
Jun 25 03:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14971]: input_userauth_request: invalid user myuser [preauth]
Jun 25 03:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14971]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14971]: Failed password for invalid user myuser from 45.156.87.216 port 55316 ssh2
Jun 25 03:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14971]: Connection closed by 45.156.87.216 port 55316 [preauth]
Jun 25 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13716]: pam_unix(cron:session): session closed for user root
Jun 25 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: Invalid user developer from 45.156.87.216
Jun 25 03:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: input_userauth_request: invalid user developer [preauth]
Jun 25 03:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Invalid user odoo1 from 103.112.173.87
Jun 25 03:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: input_userauth_request: invalid user odoo1 [preauth]
Jun 25 03:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: Failed password for invalid user developer from 45.156.87.216 port 55318 ssh2
Jun 25 03:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: Connection closed by 45.156.87.216 port 55318 [preauth]
Jun 25 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Failed password for invalid user odoo1 from 103.112.173.87 port 50516 ssh2
Jun 25 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Received disconnect from 103.112.173.87 port 50516:11: Bye Bye [preauth]
Jun 25 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Disconnected from 103.112.173.87 port 50516 [preauth]
Jun 25 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: Failed password for root from 45.156.87.216 port 38604 ssh2
Jun 25 03:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15018]: Connection closed by 45.156.87.216 port 38604 [preauth]
Jun 25 03:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: Failed password for root from 45.156.87.216 port 38618 ssh2
Jun 25 03:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: Connection closed by 45.156.87.216 port 38618 [preauth]
Jun 25 03:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Invalid user test from 45.156.87.216
Jun 25 03:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: input_userauth_request: invalid user test [preauth]
Jun 25 03:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Failed password for invalid user test from 45.156.87.216 port 46848 ssh2
Jun 25 03:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15051]: Connection closed by 45.156.87.216 port 46848 [preauth]
Jun 25 03:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: User john from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 03:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: input_userauth_request: invalid user john [preauth]
Jun 25 03:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=john
Jun 25 03:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Failed password for invalid user john from 45.156.87.216 port 46894 ssh2
Jun 25 03:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Connection closed by 45.156.87.216 port 46894 [preauth]
Jun 25 03:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: Invalid user dev from 45.156.87.216
Jun 25 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: input_userauth_request: invalid user dev [preauth]
Jun 25 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15082]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15151]: Successful su for rubyman by root
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15151]: + ??? root:rubyman
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587759 of user rubyman.
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15151]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587759.
Jun 25 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: Failed password for invalid user dev from 45.156.87.216 port 53376 ssh2
Jun 25 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: Connection closed by 45.156.87.216 port 53376 [preauth]
Jun 25 03:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session closed for user root
Jun 25 03:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15083]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Invalid user ansible from 45.156.87.216
Jun 25 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: input_userauth_request: invalid user ansible [preauth]
Jun 25 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Failed password for invalid user ansible from 45.156.87.216 port 53388 ssh2
Jun 25 03:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Connection closed by 45.156.87.216 port 53388 [preauth]
Jun 25 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Invalid user support from 45.156.87.216
Jun 25 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: input_userauth_request: invalid user support [preauth]
Jun 25 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Failed password for invalid user support from 45.156.87.216 port 60354 ssh2
Jun 25 03:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Connection closed by 45.156.87.216 port 60354 [preauth]
Jun 25 03:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: Invalid user guest from 45.156.87.216
Jun 25 03:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: input_userauth_request: invalid user guest [preauth]
Jun 25 03:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: Failed password for invalid user guest from 45.156.87.216 port 60368 ssh2
Jun 25 03:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: Connection closed by 45.156.87.216 port 60368 [preauth]
Jun 25 03:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15369]: Invalid user odoo17 from 45.156.87.216
Jun 25 03:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15369]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 03:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15369]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15369]: Failed password for invalid user odoo17 from 45.156.87.216 port 58324 ssh2
Jun 25 03:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15369]: Connection closed by 45.156.87.216 port 58324 [preauth]
Jun 25 03:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: Invalid user odoo14 from 45.156.87.216
Jun 25 03:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: input_userauth_request: invalid user odoo14 [preauth]
Jun 25 03:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: Failed password for invalid user odoo14 from 45.156.87.216 port 58340 ssh2
Jun 25 03:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15391]: Connection closed by 45.156.87.216 port 58340 [preauth]
Jun 25 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: Failed password for root from 45.156.87.216 port 51276 ssh2
Jun 25 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: Connection closed by 45.156.87.216 port 51276 [preauth]
Jun 25 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session closed for user root
Jun 25 03:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: Invalid user debian from 45.156.87.216
Jun 25 03:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: input_userauth_request: invalid user debian [preauth]
Jun 25 03:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Invalid user admin from 187.192.86.153
Jun 25 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: Failed password for invalid user debian from 45.156.87.216 port 51284 ssh2
Jun 25 03:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15431]: Connection closed by 45.156.87.216 port 51284 [preauth]
Jun 25 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Failed password for invalid user admin from 187.192.86.153 port 53090 ssh2
Jun 25 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Received disconnect from 187.192.86.153 port 53090:11: Bye Bye [preauth]
Jun 25 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Disconnected from 187.192.86.153 port 53090 [preauth]
Jun 25 03:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: Invalid user server from 103.155.47.102
Jun 25 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: input_userauth_request: invalid user server [preauth]
Jun 25 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Failed password for root from 45.156.87.216 port 48004 ssh2
Jun 25 03:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Connection closed by 45.156.87.216 port 48004 [preauth]
Jun 25 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: Failed password for invalid user server from 103.155.47.102 port 41888 ssh2
Jun 25 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: Received disconnect from 103.155.47.102 port 41888:11: Bye Bye [preauth]
Jun 25 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: Disconnected from 103.155.47.102 port 41888 [preauth]
Jun 25 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: Invalid user newuser from 45.156.87.216
Jun 25 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: input_userauth_request: invalid user newuser [preauth]
Jun 25 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: Failed password for invalid user newuser from 45.156.87.216 port 57742 ssh2
Jun 25 03:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15468]: Connection closed by 45.156.87.216 port 57742 [preauth]
Jun 25 03:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: Failed password for root from 45.156.87.216 port 57746 ssh2
Jun 25 03:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: Connection closed by 45.156.87.216 port 57746 [preauth]
Jun 25 03:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: Failed password for root from 45.156.87.216 port 51650 ssh2
Jun 25 03:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: Connection closed by 45.156.87.216 port 51650 [preauth]
Jun 25 03:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15510]: pam_unix(cron:session): session closed for user root
Jun 25 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15505]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: Successful su for rubyman by root
Jun 25 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: + ??? root:rubyman
Jun 25 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587764 of user rubyman.
Jun 25 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587764.
Jun 25 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Failed password for root from 79.125.162.32 port 38714 ssh2
Jun 25 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Received disconnect from 79.125.162.32 port 38714:11: Bye Bye [preauth]
Jun 25 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Disconnected from 79.125.162.32 port 38714 [preauth]
Jun 25 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15507]: pam_unix(cron:session): session closed for user root
Jun 25 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Failed password for root from 45.156.87.216 port 51666 ssh2
Jun 25 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Connection closed by 45.156.87.216 port 51666 [preauth]
Jun 25 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12810]: pam_unix(cron:session): session closed for user root
Jun 25 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15506]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: User vncuser from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 03:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 03:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=vncuser
Jun 25 03:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: Failed password for invalid user vncuser from 45.156.87.216 port 37894 ssh2
Jun 25 03:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: Connection closed by 45.156.87.216 port 37894 [preauth]
Jun 25 03:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Invalid user prefect from 45.156.87.216
Jun 25 03:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: input_userauth_request: invalid user prefect [preauth]
Jun 25 03:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115  user=root
Jun 25 03:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Failed password for invalid user prefect from 45.156.87.216 port 37900 ssh2
Jun 25 03:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Connection closed by 45.156.87.216 port 37900 [preauth]
Jun 25 03:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Failed password for root from 36.92.41.115 port 1775 ssh2
Jun 25 03:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Received disconnect from 36.92.41.115 port 1775:11: Bye Bye [preauth]
Jun 25 03:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Disconnected from 36.92.41.115 port 1775 [preauth]
Jun 25 03:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: Invalid user admin from 45.156.87.216
Jun 25 03:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: Failed password for invalid user admin from 45.156.87.216 port 45282 ssh2
Jun 25 03:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: Connection closed by 45.156.87.216 port 45282 [preauth]
Jun 25 03:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Invalid user oscar from 45.156.87.216
Jun 25 03:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: input_userauth_request: invalid user oscar [preauth]
Jun 25 03:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Failed password for invalid user oscar from 45.156.87.216 port 45302 ssh2
Jun 25 03:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Connection closed by 45.156.87.216 port 45302 [preauth]
Jun 25 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: Invalid user crafty from 45.156.87.216
Jun 25 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: input_userauth_request: invalid user crafty [preauth]
Jun 25 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 03:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: Failed password for invalid user crafty from 45.156.87.216 port 38056 ssh2
Jun 25 03:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: Connection closed by 45.156.87.216 port 38056 [preauth]
Jun 25 03:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Failed password for root from 77.94.47.83 port 36490 ssh2
Jun 25 03:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Connection closed by 77.94.47.83 port 36490 [preauth]
Jun 25 03:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Invalid user cw from 45.156.87.216
Jun 25 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: input_userauth_request: invalid user cw [preauth]
Jun 25 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14568]: pam_unix(cron:session): session closed for user root
Jun 25 03:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 03:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Failed password for invalid user cw from 45.156.87.216 port 38066 ssh2
Jun 25 03:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Connection closed by 45.156.87.216 port 38066 [preauth]
Jun 25 03:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Failed password for root from 103.77.175.15 port 59248 ssh2
Jun 25 03:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Connection closed by 103.77.175.15 port 59248 [preauth]
Jun 25 03:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: Invalid user sam from 45.156.87.216
Jun 25 03:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: input_userauth_request: invalid user sam [preauth]
Jun 25 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: Failed password for invalid user sam from 45.156.87.216 port 44692 ssh2
Jun 25 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: Connection closed by 45.156.87.216 port 44692 [preauth]
Jun 25 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: Failed password for root from 45.156.87.216 port 44704 ssh2
Jun 25 03:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: Connection closed by 45.156.87.216 port 44704 [preauth]
Jun 25 03:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Invalid user linuxuser from 45.156.87.216
Jun 25 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: input_userauth_request: invalid user linuxuser [preauth]
Jun 25 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Failed password for invalid user linuxuser from 45.156.87.216 port 60048 ssh2
Jun 25 03:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Connection closed by 45.156.87.216 port 60048 [preauth]
Jun 25 03:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: Invalid user gitlab-runner from 45.156.87.216
Jun 25 03:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 03:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 03:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: Failed password for invalid user gitlab-runner from 45.156.87.216 port 60064 ssh2
Jun 25 03:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15937]: Connection closed by 45.156.87.216 port 60064 [preauth]
Jun 25 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: Failed password for root from 194.113.233.25 port 59152 ssh2
Jun 25 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: Connection closed by 194.113.233.25 port 59152 [preauth]
Jun 25 03:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Invalid user deploy from 45.156.87.216
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16017]: Successful su for rubyman by root
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16017]: + ??? root:rubyman
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587769 of user rubyman.
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16017]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587769.
Jun 25 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Failed password for invalid user deploy from 45.156.87.216 port 35306 ssh2
Jun 25 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Connection closed by 45.156.87.216 port 35306 [preauth]
Jun 25 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session closed for user root
Jun 25 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Invalid user chris from 45.156.87.216
Jun 25 03:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: input_userauth_request: invalid user chris [preauth]
Jun 25 03:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Failed password for invalid user chris from 45.156.87.216 port 32928 ssh2
Jun 25 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Connection closed by 45.156.87.216 port 32928 [preauth]
Jun 25 03:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Invalid user odoo17 from 45.156.87.216
Jun 25 03:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 03:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Failed password for invalid user odoo17 from 45.156.87.216 port 32942 ssh2
Jun 25 03:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Connection closed by 45.156.87.216 port 32942 [preauth]
Jun 25 03:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Invalid user arthur from 45.156.87.216
Jun 25 03:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: input_userauth_request: invalid user arthur [preauth]
Jun 25 03:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Failed password for invalid user arthur from 45.156.87.216 port 46232 ssh2
Jun 25 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Connection closed by 45.156.87.216 port 46232 [preauth]
Jun 25 03:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Invalid user nagios from 45.156.87.216
Jun 25 03:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: input_userauth_request: invalid user nagios [preauth]
Jun 25 03:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Failed password for invalid user nagios from 45.156.87.216 port 46246 ssh2
Jun 25 03:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Connection closed by 45.156.87.216 port 46246 [preauth]
Jun 25 03:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Invalid user amit from 45.156.87.216
Jun 25 03:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: input_userauth_request: invalid user amit [preauth]
Jun 25 03:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Failed password for invalid user amit from 45.156.87.216 port 47826 ssh2
Jun 25 03:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Connection closed by 45.156.87.216 port 47826 [preauth]
Jun 25 03:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15089]: pam_unix(cron:session): session closed for user root
Jun 25 03:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: Invalid user administrator from 45.156.87.216
Jun 25 03:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: input_userauth_request: invalid user administrator [preauth]
Jun 25 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: Failed password for invalid user administrator from 45.156.87.216 port 47842 ssh2
Jun 25 03:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: Connection closed by 45.156.87.216 port 47842 [preauth]
Jun 25 03:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Invalid user rajvir from 45.156.87.216
Jun 25 03:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: input_userauth_request: invalid user rajvir [preauth]
Jun 25 03:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Failed password for invalid user rajvir from 45.156.87.216 port 38858 ssh2
Jun 25 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Connection closed by 45.156.87.216 port 38858 [preauth]
Jun 25 03:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Failed password for root from 103.155.47.102 port 57106 ssh2
Jun 25 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Received disconnect from 103.155.47.102 port 57106:11: Bye Bye [preauth]
Jun 25 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Disconnected from 103.155.47.102 port 57106 [preauth]
Jun 25 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Failed password for root from 45.156.87.216 port 34834 ssh2
Jun 25 03:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Connection closed by 45.156.87.216 port 34834 [preauth]
Jun 25 03:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Failed password for invalid user ubuntu from 45.156.87.216 port 34846 ssh2
Jun 25 03:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Connection closed by 45.156.87.216 port 34846 [preauth]
Jun 25 03:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Invalid user runner from 45.156.87.216
Jun 25 03:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: input_userauth_request: invalid user runner [preauth]
Jun 25 03:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Failed password for invalid user runner from 45.156.87.216 port 36034 ssh2
Jun 25 03:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Connection closed by 45.156.87.216 port 36034 [preauth]
Jun 25 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16371]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16433]: Successful su for rubyman by root
Jun 25 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16433]: + ??? root:rubyman
Jun 25 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587773 of user rubyman.
Jun 25 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16433]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587773.
Jun 25 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Invalid user git from 36.92.41.115
Jun 25 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: input_userauth_request: invalid user git [preauth]
Jun 25 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: Invalid user user from 45.156.87.216
Jun 25 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: input_userauth_request: invalid user user [preauth]
Jun 25 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13715]: pam_unix(cron:session): session closed for user root
Jun 25 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Failed password for invalid user git from 36.92.41.115 port 15445 ssh2
Jun 25 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Received disconnect from 36.92.41.115 port 15445:11: Bye Bye [preauth]
Jun 25 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Disconnected from 36.92.41.115 port 15445 [preauth]
Jun 25 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: Failed password for invalid user user from 45.156.87.216 port 36044 ssh2
Jun 25 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: Connection closed by 45.156.87.216 port 36044 [preauth]
Jun 25 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: Invalid user admin from 45.156.87.216
Jun 25 03:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: Failed password for invalid user admin from 45.156.87.216 port 56366 ssh2
Jun 25 03:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: Connection closed by 45.156.87.216 port 56366 [preauth]
Jun 25 03:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Failed password for root from 45.156.87.216 port 56382 ssh2
Jun 25 03:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Connection closed by 45.156.87.216 port 56382 [preauth]
Jun 25 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Invalid user alex from 45.156.87.216
Jun 25 03:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: input_userauth_request: invalid user alex [preauth]
Jun 25 03:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 03:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Failed password for invalid user alex from 45.156.87.216 port 54096 ssh2
Jun 25 03:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Failed password for root from 109.237.96.109 port 36278 ssh2
Jun 25 03:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: Connection closed by 109.237.96.109 port 36278 [preauth]
Jun 25 03:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Connection closed by 45.156.87.216 port 54096 [preauth]
Jun 25 03:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16671]: Failed password for root from 45.156.87.216 port 54110 ssh2
Jun 25 03:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16671]: Connection closed by 45.156.87.216 port 54110 [preauth]
Jun 25 03:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: Invalid user pi from 45.156.87.216
Jun 25 03:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: input_userauth_request: invalid user pi [preauth]
Jun 25 03:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Invalid user omm from 79.125.162.32
Jun 25 03:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: input_userauth_request: invalid user omm [preauth]
Jun 25 03:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: Failed password for invalid user pi from 45.156.87.216 port 53130 ssh2
Jun 25 03:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: Connection closed by 45.156.87.216 port 53130 [preauth]
Jun 25 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Failed password for invalid user omm from 79.125.162.32 port 55825 ssh2
Jun 25 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Received disconnect from 79.125.162.32 port 55825:11: Bye Bye [preauth]
Jun 25 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Disconnected from 79.125.162.32 port 55825 [preauth]
Jun 25 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Invalid user guest from 45.156.87.216
Jun 25 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: input_userauth_request: invalid user guest [preauth]
Jun 25 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15509]: pam_unix(cron:session): session closed for user root
Jun 25 03:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Failed password for invalid user guest from 45.156.87.216 port 53140 ssh2
Jun 25 03:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Connection closed by 45.156.87.216 port 53140 [preauth]
Jun 25 03:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Invalid user vmail from 187.192.86.153
Jun 25 03:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: input_userauth_request: invalid user vmail [preauth]
Jun 25 03:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Invalid user teste from 45.156.87.216
Jun 25 03:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: input_userauth_request: invalid user teste [preauth]
Jun 25 03:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Failed password for invalid user vmail from 187.192.86.153 port 35916 ssh2
Jun 25 03:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Received disconnect from 187.192.86.153 port 35916:11: Bye Bye [preauth]
Jun 25 03:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Disconnected from 187.192.86.153 port 35916 [preauth]
Jun 25 03:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Failed password for invalid user teste from 45.156.87.216 port 37286 ssh2
Jun 25 03:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Connection closed by 45.156.87.216 port 37286 [preauth]
Jun 25 03:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: Invalid user claude from 45.156.87.216
Jun 25 03:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: input_userauth_request: invalid user claude [preauth]
Jun 25 03:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: Failed password for invalid user claude from 45.156.87.216 port 37298 ssh2
Jun 25 03:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16756]: Connection closed by 45.156.87.216 port 37298 [preauth]
Jun 25 03:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Invalid user root1 from 45.156.87.216
Jun 25 03:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: input_userauth_request: invalid user root1 [preauth]
Jun 25 03:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Failed password for invalid user root1 from 45.156.87.216 port 36138 ssh2
Jun 25 03:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Connection closed by 45.156.87.216 port 36138 [preauth]
Jun 25 03:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Invalid user testuser from 45.156.87.216
Jun 25 03:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: input_userauth_request: invalid user testuser [preauth]
Jun 25 03:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Failed password for invalid user testuser from 45.156.87.216 port 36162 ssh2
Jun 25 03:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Connection closed by 45.156.87.216 port 36162 [preauth]
Jun 25 03:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16897]: Successful su for rubyman by root
Jun 25 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16897]: + ??? root:rubyman
Jun 25 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587777 of user rubyman.
Jun 25 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16897]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587777.
Jun 25 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Failed password for root from 45.156.87.216 port 33304 ssh2
Jun 25 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Connection closed by 45.156.87.216 port 33304 [preauth]
Jun 25 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14153]: pam_unix(cron:session): session closed for user root
Jun 25 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Failed password for root from 45.156.87.216 port 33318 ssh2
Jun 25 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Connection closed by 45.156.87.216 port 33318 [preauth]
Jun 25 03:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Failed password for root from 45.156.87.216 port 46052 ssh2
Jun 25 03:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Connection closed by 45.156.87.216 port 46052 [preauth]
Jun 25 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Invalid user admin from 45.156.87.216
Jun 25 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Failed password for invalid user admin from 45.156.87.216 port 46060 ssh2
Jun 25 03:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Connection closed by 45.156.87.216 port 46060 [preauth]
Jun 25 03:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Invalid user deploy from 45.156.87.216
Jun 25 03:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Failed password for invalid user deploy from 45.156.87.216 port 50888 ssh2
Jun 25 03:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Connection closed by 45.156.87.216 port 50888 [preauth]
Jun 25 03:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Invalid user deploy from 45.156.87.216
Jun 25 03:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Failed password for invalid user deploy from 45.156.87.216 port 45728 ssh2
Jun 25 03:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Connection closed by 45.156.87.216 port 45728 [preauth]
Jun 25 03:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: Invalid user trader from 45.156.87.216
Jun 25 03:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: input_userauth_request: invalid user trader [preauth]
Jun 25 03:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session closed for user root
Jun 25 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: Failed password for invalid user trader from 45.156.87.216 port 45752 ssh2
Jun 25 03:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: Connection closed by 45.156.87.216 port 45752 [preauth]
Jun 25 03:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: Invalid user home from 45.156.87.216
Jun 25 03:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: input_userauth_request: invalid user home [preauth]
Jun 25 03:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: Failed password for invalid user home from 45.156.87.216 port 41024 ssh2
Jun 25 03:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17250]: Connection closed by 45.156.87.216 port 41024 [preauth]
Jun 25 03:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: Invalid user config from 45.156.87.216
Jun 25 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: input_userauth_request: invalid user config [preauth]
Jun 25 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: Failed password for invalid user config from 45.156.87.216 port 41032 ssh2
Jun 25 03:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: Connection closed by 45.156.87.216 port 41032 [preauth]
Jun 25 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: Invalid user fastuser from 45.156.87.216
Jun 25 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: Failed password for invalid user fastuser from 45.156.87.216 port 49734 ssh2
Jun 25 03:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17287]: Connection closed by 45.156.87.216 port 49734 [preauth]
Jun 25 03:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Failed password for root from 103.155.47.102 port 53734 ssh2
Jun 25 03:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Received disconnect from 103.155.47.102 port 53734:11: Bye Bye [preauth]
Jun 25 03:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Disconnected from 103.155.47.102 port 53734 [preauth]
Jun 25 03:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Failed password for root from 45.156.87.216 port 49736 ssh2
Jun 25 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Connection closed by 45.156.87.216 port 49736 [preauth]
Jun 25 03:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115  user=root
Jun 25 03:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Invalid user guest from 45.156.87.216
Jun 25 03:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: input_userauth_request: invalid user guest [preauth]
Jun 25 03:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Failed password for root from 36.92.41.115 port 45775 ssh2
Jun 25 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Received disconnect from 36.92.41.115 port 45775:11: Bye Bye [preauth]
Jun 25 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Disconnected from 36.92.41.115 port 45775 [preauth]
Jun 25 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Failed password for invalid user guest from 45.156.87.216 port 43582 ssh2
Jun 25 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Connection closed by 45.156.87.216 port 43582 [preauth]
Jun 25 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17321]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17460]: Successful su for rubyman by root
Jun 25 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17460]: + ??? root:rubyman
Jun 25 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587781 of user rubyman.
Jun 25 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17460]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587781.
Jun 25 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17318]: pam_unix(cron:session): session closed for user root
Jun 25 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14567]: pam_unix(cron:session): session closed for user root
Jun 25 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: Invalid user dolphinscheduler from 45.156.87.216
Jun 25 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 25 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: Failed password for root from 38.93.206.2 port 19976 ssh2
Jun 25 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: Connection closed by 38.93.206.2 port 19976 [preauth]
Jun 25 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17322]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: Failed password for invalid user dolphinscheduler from 45.156.87.216 port 43594 ssh2
Jun 25 03:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: Connection closed by 45.156.87.216 port 43594 [preauth]
Jun 25 03:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Invalid user ec2-user from 45.156.87.216
Jun 25 03:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 03:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Failed password for invalid user ec2-user from 45.156.87.216 port 60266 ssh2
Jun 25 03:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Connection closed by 45.156.87.216 port 60266 [preauth]
Jun 25 03:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Invalid user debian from 45.156.87.216
Jun 25 03:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: input_userauth_request: invalid user debian [preauth]
Jun 25 03:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Failed password for invalid user debian from 45.156.87.216 port 60268 ssh2
Jun 25 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Connection closed by 45.156.87.216 port 60268 [preauth]
Jun 25 03:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: Failed password for root from 45.156.87.216 port 53722 ssh2
Jun 25 03:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: Connection closed by 45.156.87.216 port 53722 [preauth]
Jun 25 03:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: Invalid user dev from 45.156.87.216
Jun 25 03:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: input_userauth_request: invalid user dev [preauth]
Jun 25 03:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: Failed password for invalid user dev from 45.156.87.216 port 50890 ssh2
Jun 25 03:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17830]: Connection closed by 45.156.87.216 port 50890 [preauth]
Jun 25 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17841]: Invalid user ranga from 45.156.87.216
Jun 25 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17841]: input_userauth_request: invalid user ranga [preauth]
Jun 25 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17841]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session closed for user root
Jun 25 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17841]: Failed password for invalid user ranga from 45.156.87.216 port 50906 ssh2
Jun 25 03:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17841]: Connection closed by 45.156.87.216 port 50906 [preauth]
Jun 25 03:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Failed password for root from 45.156.87.216 port 33858 ssh2
Jun 25 03:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Connection closed by 45.156.87.216 port 33858 [preauth]
Jun 25 03:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: Failed password for root from 45.156.87.216 port 33862 ssh2
Jun 25 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: Connection closed by 45.156.87.216 port 33862 [preauth]
Jun 25 03:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: Invalid user postgres from 45.156.87.216
Jun 25 03:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: input_userauth_request: invalid user postgres [preauth]
Jun 25 03:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: Failed password for invalid user postgres from 45.156.87.216 port 43482 ssh2
Jun 25 03:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: Connection closed by 45.156.87.216 port 43482 [preauth]
Jun 25 03:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Invalid user plex from 45.156.87.216
Jun 25 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: input_userauth_request: invalid user plex [preauth]
Jun 25 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: Invalid user test from 79.125.162.32
Jun 25 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: input_userauth_request: invalid user test [preauth]
Jun 25 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Failed password for invalid user plex from 45.156.87.216 port 43492 ssh2
Jun 25 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Connection closed by 45.156.87.216 port 43492 [preauth]
Jun 25 03:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: Failed password for invalid user test from 79.125.162.32 port 60983 ssh2
Jun 25 03:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: Received disconnect from 79.125.162.32 port 60983:11: Bye Bye [preauth]
Jun 25 03:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: Disconnected from 79.125.162.32 port 60983 [preauth]
Jun 25 03:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17941]: Invalid user adminuser from 45.156.87.216
Jun 25 03:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17941]: input_userauth_request: invalid user adminuser [preauth]
Jun 25 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17941]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17958]: pam_unix(cron:session): session closed for user root
Jun 25 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17953]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18027]: Successful su for rubyman by root
Jun 25 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18027]: + ??? root:rubyman
Jun 25 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587789 of user rubyman.
Jun 25 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18027]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587789.
Jun 25 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17941]: Failed password for invalid user adminuser from 45.156.87.216 port 53198 ssh2
Jun 25 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17941]: Connection closed by 45.156.87.216 port 53198 [preauth]
Jun 25 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17955]: pam_unix(cron:session): session closed for user root
Jun 25 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15088]: pam_unix(cron:session): session closed for user root
Jun 25 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18225]: Invalid user ansible from 45.156.87.216
Jun 25 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18225]: input_userauth_request: invalid user ansible [preauth]
Jun 25 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18225]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17954]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18225]: Failed password for invalid user ansible from 45.156.87.216 port 42502 ssh2
Jun 25 03:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18225]: Connection closed by 45.156.87.216 port 42502 [preauth]
Jun 25 03:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87  user=root
Jun 25 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: Failed password for root from 45.156.87.216 port 42518 ssh2
Jun 25 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18254]: Connection closed by 45.156.87.216 port 42518 [preauth]
Jun 25 03:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Failed password for root from 103.112.173.87 port 55572 ssh2
Jun 25 03:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Received disconnect from 103.112.173.87 port 55572:11: Bye Bye [preauth]
Jun 25 03:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Disconnected from 103.112.173.87 port 55572 [preauth]
Jun 25 03:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Invalid user admin from 45.156.87.216
Jun 25 03:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Failed password for invalid user admin from 45.156.87.216 port 32864 ssh2
Jun 25 03:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Connection closed by 45.156.87.216 port 32864 [preauth]
Jun 25 03:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: Invalid user work from 45.156.87.216
Jun 25 03:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: input_userauth_request: invalid user work [preauth]
Jun 25 03:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: Failed password for invalid user work from 45.156.87.216 port 32880 ssh2
Jun 25 03:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18305]: Connection closed by 45.156.87.216 port 32880 [preauth]
Jun 25 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Invalid user azureuser from 45.156.87.216
Jun 25 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: input_userauth_request: invalid user azureuser [preauth]
Jun 25 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Failed password for invalid user azureuser from 45.156.87.216 port 47476 ssh2
Jun 25 03:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Connection closed by 45.156.87.216 port 47476 [preauth]
Jun 25 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session closed for user root
Jun 25 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: Invalid user yana from 187.192.86.153
Jun 25 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: input_userauth_request: invalid user yana [preauth]
Jun 25 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Invalid user admin2 from 45.156.87.216
Jun 25 03:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 03:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: Failed password for invalid user yana from 187.192.86.153 port 39020 ssh2
Jun 25 03:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: Received disconnect from 187.192.86.153 port 39020:11: Bye Bye [preauth]
Jun 25 03:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: Disconnected from 187.192.86.153 port 39020 [preauth]
Jun 25 03:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Failed password for invalid user admin2 from 45.156.87.216 port 47488 ssh2
Jun 25 03:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Connection closed by 45.156.87.216 port 47488 [preauth]
Jun 25 03:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18388]: Failed password for root from 45.156.87.216 port 51316 ssh2
Jun 25 03:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18388]: Connection closed by 45.156.87.216 port 51316 [preauth]
Jun 25 03:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Failed password for root from 103.155.47.102 port 45890 ssh2
Jun 25 03:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Received disconnect from 103.155.47.102 port 45890:11: Bye Bye [preauth]
Jun 25 03:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Disconnected from 103.155.47.102 port 45890 [preauth]
Jun 25 03:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: Failed password for invalid user ubuntu from 45.156.87.216 port 51330 ssh2
Jun 25 03:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18483]: Connection closed by 45.156.87.216 port 51330 [preauth]
Jun 25 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Invalid user admin from 36.92.41.115
Jun 25 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Failed password for invalid user admin from 36.92.41.115 port 12479 ssh2
Jun 25 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Received disconnect from 36.92.41.115 port 12479:11: Bye Bye [preauth]
Jun 25 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Disconnected from 36.92.41.115 port 12479 [preauth]
Jun 25 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Invalid user nexus from 45.156.87.216
Jun 25 03:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: input_userauth_request: invalid user nexus [preauth]
Jun 25 03:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Failed password for invalid user nexus from 45.156.87.216 port 48226 ssh2
Jun 25 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Connection closed by 45.156.87.216 port 48226 [preauth]
Jun 25 03:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Invalid user angel from 45.156.87.216
Jun 25 03:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: input_userauth_request: invalid user angel [preauth]
Jun 25 03:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Failed password for invalid user angel from 45.156.87.216 port 50418 ssh2
Jun 25 03:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Connection closed by 45.156.87.216 port 50418 [preauth]
Jun 25 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18524]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18597]: Successful su for rubyman by root
Jun 25 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18597]: + ??? root:rubyman
Jun 25 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587792 of user rubyman.
Jun 25 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18597]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587792.
Jun 25 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Invalid user user1 from 45.156.87.216
Jun 25 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: input_userauth_request: invalid user user1 [preauth]
Jun 25 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Failed password for invalid user user1 from 45.156.87.216 port 50432 ssh2
Jun 25 03:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Connection closed by 45.156.87.216 port 50432 [preauth]
Jun 25 03:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15508]: pam_unix(cron:session): session closed for user root
Jun 25 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18525]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: Invalid user odoo14 from 45.156.87.216
Jun 25 03:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: input_userauth_request: invalid user odoo14 [preauth]
Jun 25 03:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: Failed password for invalid user odoo14 from 45.156.87.216 port 43930 ssh2
Jun 25 03:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: Connection closed by 45.156.87.216 port 43930 [preauth]
Jun 25 03:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: Invalid user claude from 45.156.87.216
Jun 25 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: input_userauth_request: invalid user claude [preauth]
Jun 25 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: Failed password for invalid user claude from 45.156.87.216 port 43946 ssh2
Jun 25 03:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: Connection closed by 45.156.87.216 port 43946 [preauth]
Jun 25 03:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Invalid user server from 45.156.87.216
Jun 25 03:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: input_userauth_request: invalid user server [preauth]
Jun 25 03:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Failed password for invalid user server from 45.156.87.216 port 40468 ssh2
Jun 25 03:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Connection closed by 45.156.87.216 port 40468 [preauth]
Jun 25 03:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: Invalid user dani from 45.156.87.216
Jun 25 03:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: input_userauth_request: invalid user dani [preauth]
Jun 25 03:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: Failed password for invalid user dani from 45.156.87.216 port 40478 ssh2
Jun 25 03:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: Connection closed by 45.156.87.216 port 40478 [preauth]
Jun 25 03:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Invalid user deploy from 45.156.87.216
Jun 25 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Failed password for invalid user deploy from 45.156.87.216 port 38588 ssh2
Jun 25 03:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Connection closed by 45.156.87.216 port 38588 [preauth]
Jun 25 03:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: Invalid user jenkins from 45.156.87.216
Jun 25 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17326]: pam_unix(cron:session): session closed for user root
Jun 25 03:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: Failed password for invalid user jenkins from 45.156.87.216 port 38592 ssh2
Jun 25 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: Connection closed by 45.156.87.216 port 38592 [preauth]
Jun 25 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 03:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: Failed password for root from 103.149.28.157 port 45852 ssh2
Jun 25 03:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: Connection closed by 103.149.28.157 port 45852 [preauth]
Jun 25 03:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18919]: Failed password for root from 45.156.87.216 port 60898 ssh2
Jun 25 03:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18919]: Connection closed by 45.156.87.216 port 60898 [preauth]
Jun 25 03:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: Invalid user guest from 45.156.87.216
Jun 25 03:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: input_userauth_request: invalid user guest [preauth]
Jun 25 03:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: Failed password for invalid user guest from 45.156.87.216 port 60908 ssh2
Jun 25 03:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: Connection closed by 45.156.87.216 port 60908 [preauth]
Jun 25 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: Invalid user osmc from 45.156.87.216
Jun 25 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: input_userauth_request: invalid user osmc [preauth]
Jun 25 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: Failed password for invalid user osmc from 45.156.87.216 port 38596 ssh2
Jun 25 03:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18953]: Connection closed by 45.156.87.216 port 38596 [preauth]
Jun 25 03:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: Invalid user minecraft from 45.156.87.216
Jun 25 03:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 03:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: Failed password for invalid user minecraft from 45.156.87.216 port 38612 ssh2
Jun 25 03:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18963]: Connection closed by 45.156.87.216 port 38612 [preauth]
Jun 25 03:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Invalid user testuser from 45.156.87.216
Jun 25 03:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: input_userauth_request: invalid user testuser [preauth]
Jun 25 03:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18977]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19037]: Successful su for rubyman by root
Jun 25 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19037]: + ??? root:rubyman
Jun 25 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587796 of user rubyman.
Jun 25 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19037]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587796.
Jun 25 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Failed password for invalid user testuser from 45.156.87.216 port 46444 ssh2
Jun 25 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Connection closed by 45.156.87.216 port 46444 [preauth]
Jun 25 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session closed for user root
Jun 25 03:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19304]: Invalid user debian from 45.156.87.216
Jun 25 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19304]: input_userauth_request: invalid user debian [preauth]
Jun 25 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18978]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19304]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19304]: Failed password for invalid user debian from 45.156.87.216 port 46452 ssh2
Jun 25 03:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19304]: Connection closed by 45.156.87.216 port 46452 [preauth]
Jun 25 03:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19327]: Failed password for root from 45.156.87.216 port 37980 ssh2
Jun 25 03:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19327]: Connection closed by 45.156.87.216 port 37980 [preauth]
Jun 25 03:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: Did not receive identification string from 77.90.185.16
Jun 25 03:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: Invalid user test from 45.156.87.216
Jun 25 03:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: input_userauth_request: invalid user test [preauth]
Jun 25 03:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: Failed password for invalid user test from 45.156.87.216 port 40712 ssh2
Jun 25 03:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: Connection closed by 45.156.87.216 port 40712 [preauth]
Jun 25 03:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: Invalid user jean from 79.125.162.32
Jun 25 03:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: input_userauth_request: invalid user jean [preauth]
Jun 25 03:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: Failed password for invalid user jean from 79.125.162.32 port 49850 ssh2
Jun 25 03:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: Received disconnect from 79.125.162.32 port 49850:11: Bye Bye [preauth]
Jun 25 03:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19353]: Disconnected from 79.125.162.32 port 49850 [preauth]
Jun 25 03:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19364]: Failed password for root from 45.156.87.216 port 40720 ssh2
Jun 25 03:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19364]: Connection closed by 45.156.87.216 port 40720 [preauth]
Jun 25 03:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Invalid user ftpuser from 45.156.87.216
Jun 25 03:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 03:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Failed password for invalid user ftpuser from 45.156.87.216 port 59594 ssh2
Jun 25 03:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Connection closed by 45.156.87.216 port 59594 [preauth]
Jun 25 03:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: Invalid user deploy from 45.156.87.216
Jun 25 03:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17957]: pam_unix(cron:session): session closed for user root
Jun 25 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: Failed password for invalid user deploy from 45.156.87.216 port 59596 ssh2
Jun 25 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19402]: Connection closed by 45.156.87.216 port 59596 [preauth]
Jun 25 03:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Invalid user landi from 103.155.47.102
Jun 25 03:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: input_userauth_request: invalid user landi [preauth]
Jun 25 03:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Failed password for invalid user landi from 103.155.47.102 port 60130 ssh2
Jun 25 03:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Received disconnect from 103.155.47.102 port 60130:11: Bye Bye [preauth]
Jun 25 03:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Disconnected from 103.155.47.102 port 60130 [preauth]
Jun 25 03:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: Failed password for root from 45.156.87.216 port 55706 ssh2
Jun 25 03:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: Connection closed by 45.156.87.216 port 55706 [preauth]
Jun 25 03:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Invalid user edward from 36.92.41.115
Jun 25 03:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: input_userauth_request: invalid user edward [preauth]
Jun 25 03:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: Invalid user pi from 45.156.87.216
Jun 25 03:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: input_userauth_request: invalid user pi [preauth]
Jun 25 03:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Failed password for invalid user edward from 36.92.41.115 port 64627 ssh2
Jun 25 03:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Received disconnect from 36.92.41.115 port 64627:11: Bye Bye [preauth]
Jun 25 03:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Disconnected from 36.92.41.115 port 64627 [preauth]
Jun 25 03:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: Failed password for invalid user pi from 45.156.87.216 port 55708 ssh2
Jun 25 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: Connection closed by 45.156.87.216 port 55708 [preauth]
Jun 25 03:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: Invalid user claude from 45.156.87.216
Jun 25 03:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: input_userauth_request: invalid user claude [preauth]
Jun 25 03:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: Failed password for invalid user claude from 45.156.87.216 port 48858 ssh2
Jun 25 03:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19477]: Connection closed by 45.156.87.216 port 48858 [preauth]
Jun 25 03:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Invalid user user10 from 45.156.87.216
Jun 25 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: input_userauth_request: invalid user user10 [preauth]
Jun 25 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Failed password for invalid user user10 from 45.156.87.216 port 48876 ssh2
Jun 25 03:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Connection closed by 45.156.87.216 port 48876 [preauth]
Jun 25 03:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19614]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19767]: Successful su for rubyman by root
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19767]: + ??? root:rubyman
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587802 of user rubyman.
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19767]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587802.
Jun 25 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: Failed password for root from 45.156.87.216 port 41068 ssh2
Jun 25 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: Connection closed by 45.156.87.216 port 41068 [preauth]
Jun 25 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session closed for user root
Jun 25 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19615]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19957]: Invalid user default from 45.156.87.216
Jun 25 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19957]: input_userauth_request: invalid user default [preauth]
Jun 25 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19957]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19957]: Failed password for invalid user default from 45.156.87.216 port 41070 ssh2
Jun 25 03:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19957]: Connection closed by 45.156.87.216 port 41070 [preauth]
Jun 25 03:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: Invalid user mcserver from 45.156.87.216
Jun 25 03:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: input_userauth_request: invalid user mcserver [preauth]
Jun 25 03:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Invalid user edward from 187.192.86.153
Jun 25 03:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: input_userauth_request: invalid user edward [preauth]
Jun 25 03:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: Failed password for invalid user mcserver from 45.156.87.216 port 47844 ssh2
Jun 25 03:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19968]: Connection closed by 45.156.87.216 port 47844 [preauth]
Jun 25 03:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Failed password for invalid user edward from 187.192.86.153 port 50474 ssh2
Jun 25 03:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Received disconnect from 187.192.86.153 port 50474:11: Bye Bye [preauth]
Jun 25 03:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Disconnected from 187.192.86.153 port 50474 [preauth]
Jun 25 03:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: Invalid user cloud from 45.156.87.216
Jun 25 03:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: input_userauth_request: invalid user cloud [preauth]
Jun 25 03:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: Failed password for invalid user cloud from 45.156.87.216 port 42210 ssh2
Jun 25 03:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19994]: Connection closed by 45.156.87.216 port 42210 [preauth]
Jun 25 03:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20005]: Invalid user dev from 45.156.87.216
Jun 25 03:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20005]: input_userauth_request: invalid user dev [preauth]
Jun 25 03:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20005]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20005]: Failed password for invalid user dev from 45.156.87.216 port 42232 ssh2
Jun 25 03:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20005]: Connection closed by 45.156.87.216 port 42232 [preauth]
Jun 25 03:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Invalid user vm from 45.156.87.216
Jun 25 03:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: input_userauth_request: invalid user vm [preauth]
Jun 25 03:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Failed password for invalid user vm from 45.156.87.216 port 47656 ssh2
Jun 25 03:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Connection closed by 45.156.87.216 port 47656 [preauth]
Jun 25 03:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Invalid user user1 from 45.156.87.216
Jun 25 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: input_userauth_request: invalid user user1 [preauth]
Jun 25 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18527]: pam_unix(cron:session): session closed for user root
Jun 25 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Failed password for invalid user user1 from 45.156.87.216 port 47672 ssh2
Jun 25 03:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20046]: Connection closed by 45.156.87.216 port 47672 [preauth]
Jun 25 03:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: Invalid user test from 103.112.173.87
Jun 25 03:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: input_userauth_request: invalid user test [preauth]
Jun 25 03:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: Invalid user nutanix from 45.156.87.216
Jun 25 03:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: input_userauth_request: invalid user nutanix [preauth]
Jun 25 03:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: Failed password for invalid user test from 103.112.173.87 port 32844 ssh2
Jun 25 03:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: Received disconnect from 103.112.173.87 port 32844:11: Bye Bye [preauth]
Jun 25 03:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20068]: Disconnected from 103.112.173.87 port 32844 [preauth]
Jun 25 03:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: Failed password for invalid user nutanix from 45.156.87.216 port 59346 ssh2
Jun 25 03:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: Connection closed by 45.156.87.216 port 59346 [preauth]
Jun 25 03:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Invalid user git from 45.156.87.216
Jun 25 03:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: input_userauth_request: invalid user git [preauth]
Jun 25 03:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Failed password for invalid user git from 45.156.87.216 port 59350 ssh2
Jun 25 03:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Connection closed by 45.156.87.216 port 59350 [preauth]
Jun 25 03:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: Invalid user mohammad from 45.156.87.216
Jun 25 03:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: input_userauth_request: invalid user mohammad [preauth]
Jun 25 03:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: Failed password for invalid user mohammad from 45.156.87.216 port 40166 ssh2
Jun 25 03:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: Connection closed by 45.156.87.216 port 40166 [preauth]
Jun 25 03:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: Failed password for root from 45.156.87.216 port 40172 ssh2
Jun 25 03:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: Connection closed by 45.156.87.216 port 40172 [preauth]
Jun 25 03:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: Invalid user rancher from 45.156.87.216
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: input_userauth_request: invalid user rancher [preauth]
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: Successful su for rubyman by root
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: + ??? root:rubyman
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587805 of user rubyman.
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587805.
Jun 25 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: Failed password for invalid user rancher from 45.156.87.216 port 56784 ssh2
Jun 25 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: Connection closed by 45.156.87.216 port 56784 [preauth]
Jun 25 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session closed for user root
Jun 25 03:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: Invalid user bot from 45.156.87.216
Jun 25 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: input_userauth_request: invalid user bot [preauth]
Jun 25 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Invalid user user from 141.98.83.240
Jun 25 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: input_userauth_request: invalid user user [preauth]
Jun 25 03:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: Failed password for invalid user bot from 45.156.87.216 port 48828 ssh2
Jun 25 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Failed password for invalid user user from 141.98.83.240 port 30100 ssh2
Jun 25 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: Connection closed by 45.156.87.216 port 48828 [preauth]
Jun 25 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Failed password for invalid user user from 141.98.83.240 port 30100 ssh2
Jun 25 03:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Failed password for invalid user user from 141.98.83.240 port 30100 ssh2
Jun 25 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Connection closed by 141.98.83.240 port 30100 [preauth]
Jun 25 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Failed password for root from 45.156.87.216 port 48842 ssh2
Jun 25 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Connection closed by 45.156.87.216 port 48842 [preauth]
Jun 25 03:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: Invalid user sam from 45.156.87.216
Jun 25 03:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: input_userauth_request: invalid user sam [preauth]
Jun 25 03:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: Failed password for invalid user sam from 45.156.87.216 port 58116 ssh2
Jun 25 03:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20530]: Connection closed by 45.156.87.216 port 58116 [preauth]
Jun 25 03:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Failed password for root from 45.156.87.216 port 58146 ssh2
Jun 25 03:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Connection closed by 45.156.87.216 port 58146 [preauth]
Jun 25 03:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: Invalid user gabriel from 45.156.87.216
Jun 25 03:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 03:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: Invalid user tiger from 103.155.47.102
Jun 25 03:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: input_userauth_request: invalid user tiger [preauth]
Jun 25 03:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: Failed password for invalid user gabriel from 45.156.87.216 port 58830 ssh2
Jun 25 03:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: Connection closed by 45.156.87.216 port 58830 [preauth]
Jun 25 03:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: Failed password for invalid user tiger from 103.155.47.102 port 52840 ssh2
Jun 25 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: Received disconnect from 103.155.47.102 port 52840:11: Bye Bye [preauth]
Jun 25 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20567]: Disconnected from 103.155.47.102 port 52840 [preauth]
Jun 25 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18980]: pam_unix(cron:session): session closed for user root
Jun 25 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115  user=root
Jun 25 03:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Invalid user user from 45.156.87.216
Jun 25 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: input_userauth_request: invalid user user [preauth]
Jun 25 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20577]: Failed password for root from 36.92.41.115 port 42734 ssh2
Jun 25 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20577]: Received disconnect from 36.92.41.115 port 42734:11: Bye Bye [preauth]
Jun 25 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20577]: Disconnected from 36.92.41.115 port 42734 [preauth]
Jun 25 03:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Failed password for invalid user user from 45.156.87.216 port 58838 ssh2
Jun 25 03:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Connection closed by 45.156.87.216 port 58838 [preauth]
Jun 25 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20612]: Invalid user frank from 45.156.87.216
Jun 25 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20612]: input_userauth_request: invalid user frank [preauth]
Jun 25 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20612]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20612]: Failed password for invalid user frank from 45.156.87.216 port 58578 ssh2
Jun 25 03:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20612]: Connection closed by 45.156.87.216 port 58578 [preauth]
Jun 25 03:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: Failed password for root from 45.156.87.216 port 58584 ssh2
Jun 25 03:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: Connection closed by 45.156.87.216 port 58584 [preauth]
Jun 25 03:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Failed password for root from 79.125.162.32 port 50602 ssh2
Jun 25 03:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Received disconnect from 79.125.162.32 port 50602:11: Bye Bye [preauth]
Jun 25 03:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Disconnected from 79.125.162.32 port 50602 [preauth]
Jun 25 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Invalid user milad from 45.156.87.216
Jun 25 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: input_userauth_request: invalid user milad [preauth]
Jun 25 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 03:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Failed password for invalid user milad from 45.156.87.216 port 49150 ssh2
Jun 25 03:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Connection closed by 45.156.87.216 port 49150 [preauth]
Jun 25 03:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: Failed password for root from 193.46.255.86 port 14610 ssh2
Jun 25 03:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Invalid user admin from 45.156.87.216
Jun 25 03:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: Failed password for root from 193.46.255.86 port 14610 ssh2
Jun 25 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Failed password for invalid user admin from 45.156.87.216 port 44392 ssh2
Jun 25 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Connection closed by 45.156.87.216 port 44392 [preauth]
Jun 25 03:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: Failed password for root from 193.46.255.86 port 14610 ssh2
Jun 25 03:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: Connection closed by 193.46.255.86 port 14610 [preauth]
Jun 25 03:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20689]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20750]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20752]: pam_unix(cron:session): session closed for user root
Jun 25 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20727]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20836]: Successful su for rubyman by root
Jun 25 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20836]: + ??? root:rubyman
Jun 25 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587810 of user rubyman.
Jun 25 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20836]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587810.
Jun 25 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: Invalid user deploy from 45.156.87.216
Jun 25 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20749]: pam_unix(cron:session): session closed for user root
Jun 25 03:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17325]: pam_unix(cron:session): session closed for user root
Jun 25 03:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: Failed password for invalid user deploy from 45.156.87.216 port 44408 ssh2
Jun 25 03:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: Connection closed by 45.156.87.216 port 44408 [preauth]
Jun 25 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20728]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: Invalid user installer from 45.156.87.216
Jun 25 03:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: input_userauth_request: invalid user installer [preauth]
Jun 25 03:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: Failed password for invalid user installer from 45.156.87.216 port 51208 ssh2
Jun 25 03:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21049]: Connection closed by 45.156.87.216 port 51208 [preauth]
Jun 25 03:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Invalid user crafty from 45.156.87.216
Jun 25 03:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: input_userauth_request: invalid user crafty [preauth]
Jun 25 03:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Failed password for invalid user crafty from 45.156.87.216 port 51218 ssh2
Jun 25 03:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Connection closed by 45.156.87.216 port 51218 [preauth]
Jun 25 03:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21086]: Failed password for root from 45.156.87.216 port 53236 ssh2
Jun 25 03:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21086]: Connection closed by 45.156.87.216 port 53236 [preauth]
Jun 25 03:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: Invalid user user from 45.156.87.216
Jun 25 03:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: input_userauth_request: invalid user user [preauth]
Jun 25 03:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: Failed password for invalid user user from 45.156.87.216 port 53244 ssh2
Jun 25 03:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21096]: Connection closed by 45.156.87.216 port 53244 [preauth]
Jun 25 03:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21120]: Invalid user lucas from 45.156.87.216
Jun 25 03:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21120]: input_userauth_request: invalid user lucas [preauth]
Jun 25 03:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21120]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21120]: Failed password for invalid user lucas from 45.156.87.216 port 60520 ssh2
Jun 25 03:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21120]: Connection closed by 45.156.87.216 port 60520 [preauth]
Jun 25 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19617]: pam_unix(cron:session): session closed for user root
Jun 25 03:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Invalid user admin from 45.156.87.216
Jun 25 03:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Failed password for invalid user admin from 45.156.87.216 port 60524 ssh2
Jun 25 03:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Connection closed by 45.156.87.216 port 60524 [preauth]
Jun 25 03:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: Invalid user gitlab-runner from 45.156.87.216
Jun 25 03:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 03:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: Failed password for invalid user gitlab-runner from 45.156.87.216 port 58162 ssh2
Jun 25 03:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: Connection closed by 45.156.87.216 port 58162 [preauth]
Jun 25 03:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: Invalid user zimbra from 45.156.87.216
Jun 25 03:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: input_userauth_request: invalid user zimbra [preauth]
Jun 25 03:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: Failed password for invalid user zimbra from 45.156.87.216 port 58168 ssh2
Jun 25 03:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: Connection closed by 45.156.87.216 port 58168 [preauth]
Jun 25 03:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: User mysql from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 03:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: input_userauth_request: invalid user mysql [preauth]
Jun 25 03:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=mysql
Jun 25 03:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Failed password for invalid user mysql from 45.156.87.216 port 55622 ssh2
Jun 25 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Connection closed by 45.156.87.216 port 55622 [preauth]
Jun 25 03:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Invalid user minecraft from 45.156.87.216
Jun 25 03:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 03:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Failed password for invalid user minecraft from 45.156.87.216 port 57488 ssh2
Jun 25 03:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Connection closed by 45.156.87.216 port 57488 [preauth]
Jun 25 03:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21229]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21296]: Successful su for rubyman by root
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21296]: + ??? root:rubyman
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587814 of user rubyman.
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21296]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587814.
Jun 25 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Failed password for root from 187.192.86.153 port 36888 ssh2
Jun 25 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Received disconnect from 187.192.86.153 port 36888:11: Bye Bye [preauth]
Jun 25 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Disconnected from 187.192.86.153 port 36888 [preauth]
Jun 25 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Invalid user tom from 45.156.87.216
Jun 25 03:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: input_userauth_request: invalid user tom [preauth]
Jun 25 03:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17956]: pam_unix(cron:session): session closed for user root
Jun 25 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21230]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Failed password for invalid user tom from 45.156.87.216 port 57490 ssh2
Jun 25 03:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Connection closed by 45.156.87.216 port 57490 [preauth]
Jun 25 03:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: Invalid user minecraft from 45.156.87.216
Jun 25 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: Failed password for invalid user minecraft from 45.156.87.216 port 47862 ssh2
Jun 25 03:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: Connection closed by 45.156.87.216 port 47862 [preauth]
Jun 25 03:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: Failed password for root from 45.156.87.216 port 47872 ssh2
Jun 25 03:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: Connection closed by 45.156.87.216 port 47872 [preauth]
Jun 25 03:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21541]: Failed password for root from 103.155.47.102 port 34616 ssh2
Jun 25 03:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21541]: Received disconnect from 103.155.47.102 port 34616:11: Bye Bye [preauth]
Jun 25 03:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21541]: Disconnected from 103.155.47.102 port 34616 [preauth]
Jun 25 03:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Invalid user gm from 36.92.41.115
Jun 25 03:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: input_userauth_request: invalid user gm [preauth]
Jun 25 03:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.92.41.115
Jun 25 03:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21544]: Failed password for root from 45.156.87.216 port 60456 ssh2
Jun 25 03:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21544]: Connection closed by 45.156.87.216 port 60456 [preauth]
Jun 25 03:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Failed password for invalid user gm from 36.92.41.115 port 3344 ssh2
Jun 25 03:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Received disconnect from 36.92.41.115 port 3344:11: Bye Bye [preauth]
Jun 25 03:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Disconnected from 36.92.41.115 port 3344 [preauth]
Jun 25 03:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: Failed password for root from 45.156.87.216 port 40270 ssh2
Jun 25 03:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: Connection closed by 45.156.87.216 port 40270 [preauth]
Jun 25 03:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: Invalid user developer from 45.156.87.216
Jun 25 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: input_userauth_request: invalid user developer [preauth]
Jun 25 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20230]: pam_unix(cron:session): session closed for user root
Jun 25 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: Failed password for invalid user developer from 45.156.87.216 port 40296 ssh2
Jun 25 03:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: Connection closed by 45.156.87.216 port 40296 [preauth]
Jun 25 03:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21625]: Failed password for root from 45.156.87.216 port 43528 ssh2
Jun 25 03:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21625]: Connection closed by 45.156.87.216 port 43528 [preauth]
Jun 25 03:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: Invalid user guest from 45.156.87.216
Jun 25 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: input_userauth_request: invalid user guest [preauth]
Jun 25 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: Failed password for invalid user guest from 45.156.87.216 port 43530 ssh2
Jun 25 03:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: Connection closed by 45.156.87.216 port 43530 [preauth]
Jun 25 03:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: Invalid user www from 45.156.87.216
Jun 25 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: input_userauth_request: invalid user www [preauth]
Jun 25 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: Failed password for invalid user www from 45.156.87.216 port 40898 ssh2
Jun 25 03:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: Connection closed by 45.156.87.216 port 40898 [preauth]
Jun 25 03:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: Invalid user fastuser from 45.156.87.216
Jun 25 03:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 03:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: Failed password for invalid user fastuser from 45.156.87.216 port 40912 ssh2
Jun 25 03:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: Connection closed by 45.156.87.216 port 40912 [preauth]
Jun 25 03:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: Invalid user ekp from 103.112.173.87
Jun 25 03:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: input_userauth_request: invalid user ekp [preauth]
Jun 25 03:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21704]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21766]: Successful su for rubyman by root
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21766]: + ??? root:rubyman
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587818 of user rubyman.
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21766]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587818.
Jun 25 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: Failed password for invalid user ekp from 103.112.173.87 port 34314 ssh2
Jun 25 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: Invalid user kingbase from 45.156.87.216
Jun 25 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: input_userauth_request: invalid user kingbase [preauth]
Jun 25 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: Received disconnect from 103.112.173.87 port 34314:11: Bye Bye [preauth]
Jun 25 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: Disconnected from 103.112.173.87 port 34314 [preauth]
Jun 25 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18526]: pam_unix(cron:session): session closed for user root
Jun 25 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: Failed password for invalid user kingbase from 45.156.87.216 port 59726 ssh2
Jun 25 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: Connection closed by 45.156.87.216 port 59726 [preauth]
Jun 25 03:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21705]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: Invalid user bot from 45.156.87.216
Jun 25 03:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: input_userauth_request: invalid user bot [preauth]
Jun 25 03:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: Failed password for invalid user bot from 45.156.87.216 port 51722 ssh2
Jun 25 03:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21957]: Connection closed by 45.156.87.216 port 51722 [preauth]
Jun 25 03:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: Invalid user admin from 45.156.87.216
Jun 25 03:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: Failed password for invalid user admin from 45.156.87.216 port 51730 ssh2
Jun 25 03:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: Connection closed by 45.156.87.216 port 51730 [preauth]
Jun 25 03:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: Failed password for root from 79.125.162.32 port 3246 ssh2
Jun 25 03:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: Received disconnect from 79.125.162.32 port 3246:11: Bye Bye [preauth]
Jun 25 03:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: Disconnected from 79.125.162.32 port 3246 [preauth]
Jun 25 03:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Failed password for root from 45.156.87.216 port 38550 ssh2
Jun 25 03:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Connection closed by 45.156.87.216 port 38550 [preauth]
Jun 25 03:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 03:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: Failed password for root from 45.156.87.216 port 38560 ssh2
Jun 25 03:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22014]: Connection closed by 45.156.87.216 port 38560 [preauth]
Jun 25 03:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: Failed password for root from 51.250.105.222 port 46234 ssh2
Jun 25 03:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22016]: Connection closed by 51.250.105.222 port 46234 [preauth]
Jun 25 03:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: Invalid user myuser from 45.156.87.216
Jun 25 03:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: input_userauth_request: invalid user myuser [preauth]
Jun 25 03:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: Failed password for invalid user myuser from 45.156.87.216 port 52836 ssh2
Jun 25 03:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22026]: Connection closed by 45.156.87.216 port 52836 [preauth]
Jun 25 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20751]: pam_unix(cron:session): session closed for user root
Jun 25 03:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: Invalid user test from 45.156.87.216
Jun 25 03:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: input_userauth_request: invalid user test [preauth]
Jun 25 03:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: Failed password for invalid user test from 45.156.87.216 port 52846 ssh2
Jun 25 03:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: Connection closed by 45.156.87.216 port 52846 [preauth]
Jun 25 03:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: Invalid user bitrix from 45.156.87.216
Jun 25 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: input_userauth_request: invalid user bitrix [preauth]
Jun 25 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: Failed password for invalid user bitrix from 45.156.87.216 port 36594 ssh2
Jun 25 03:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: Connection closed by 45.156.87.216 port 36594 [preauth]
Jun 25 03:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: Failed password for root from 45.156.87.216 port 54278 ssh2
Jun 25 03:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22089]: Connection closed by 45.156.87.216 port 54278 [preauth]
Jun 25 03:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Invalid user webmaster from 45.156.87.216
Jun 25 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: input_userauth_request: invalid user webmaster [preauth]
Jun 25 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Failed password for invalid user webmaster from 45.156.87.216 port 54294 ssh2
Jun 25 03:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Connection closed by 45.156.87.216 port 54294 [preauth]
Jun 25 03:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Invalid user playground from 45.156.87.216
Jun 25 03:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: input_userauth_request: invalid user playground [preauth]
Jun 25 03:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22126]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22195]: Successful su for rubyman by root
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22195]: + ??? root:rubyman
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587822 of user rubyman.
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22195]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587822.
Jun 25 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Failed password for invalid user playground from 45.156.87.216 port 57562 ssh2
Jun 25 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Connection closed by 45.156.87.216 port 57562 [preauth]
Jun 25 03:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18979]: pam_unix(cron:session): session closed for user root
Jun 25 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: Invalid user ossuser from 45.156.87.216
Jun 25 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: input_userauth_request: invalid user ossuser [preauth]
Jun 25 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22127]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: Failed password for invalid user ossuser from 45.156.87.216 port 57574 ssh2
Jun 25 03:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: Connection closed by 45.156.87.216 port 57574 [preauth]
Jun 25 03:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: Invalid user monitor from 45.156.87.216
Jun 25 03:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: input_userauth_request: invalid user monitor [preauth]
Jun 25 03:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: Failed password for invalid user monitor from 45.156.87.216 port 49206 ssh2
Jun 25 03:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: Connection closed by 45.156.87.216 port 49206 [preauth]
Jun 25 03:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: Invalid user rocketmq from 103.155.47.102
Jun 25 03:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: input_userauth_request: invalid user rocketmq [preauth]
Jun 25 03:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: Failed password for invalid user rocketmq from 103.155.47.102 port 35932 ssh2
Jun 25 03:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: Received disconnect from 103.155.47.102 port 35932:11: Bye Bye [preauth]
Jun 25 03:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22479]: Disconnected from 103.155.47.102 port 35932 [preauth]
Jun 25 03:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Invalid user test1 from 45.156.87.216
Jun 25 03:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: input_userauth_request: invalid user test1 [preauth]
Jun 25 03:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Failed password for invalid user test1 from 45.156.87.216 port 47404 ssh2
Jun 25 03:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Connection closed by 45.156.87.216 port 47404 [preauth]
Jun 25 03:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Invalid user dspace from 45.156.87.216
Jun 25 03:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: input_userauth_request: invalid user dspace [preauth]
Jun 25 03:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Failed password for invalid user dspace from 45.156.87.216 port 47414 ssh2
Jun 25 03:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Connection closed by 45.156.87.216 port 47414 [preauth]
Jun 25 03:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: Invalid user ftpuser from 45.156.87.216
Jun 25 03:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 03:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: Failed password for invalid user ftpuser from 45.156.87.216 port 50684 ssh2
Jun 25 03:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22537]: Connection closed by 45.156.87.216 port 50684 [preauth]
Jun 25 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21232]: pam_unix(cron:session): session closed for user root
Jun 25 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22563]: Invalid user minecraft from 45.156.87.216
Jun 25 03:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22563]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 03:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22563]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22563]: Failed password for invalid user minecraft from 45.156.87.216 port 50696 ssh2
Jun 25 03:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22563]: Connection closed by 45.156.87.216 port 50696 [preauth]
Jun 25 03:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Invalid user rocky from 45.156.87.216
Jun 25 03:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: input_userauth_request: invalid user rocky [preauth]
Jun 25 03:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Failed password for invalid user rocky from 45.156.87.216 port 51002 ssh2
Jun 25 03:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Connection closed by 45.156.87.216 port 51002 [preauth]
Jun 25 03:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: Failed password for root from 45.156.87.216 port 51022 ssh2
Jun 25 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: Connection closed by 45.156.87.216 port 51022 [preauth]
Jun 25 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Invalid user test from 187.192.86.153
Jun 25 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: input_userauth_request: invalid user test [preauth]
Jun 25 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Failed password for invalid user test from 187.192.86.153 port 54234 ssh2
Jun 25 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Received disconnect from 187.192.86.153 port 54234:11: Bye Bye [preauth]
Jun 25 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Disconnected from 187.192.86.153 port 54234 [preauth]
Jun 25 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: Invalid user sonar from 45.156.87.216
Jun 25 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: input_userauth_request: invalid user sonar [preauth]
Jun 25 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: Failed password for invalid user sonar from 45.156.87.216 port 44302 ssh2
Jun 25 03:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: Connection closed by 45.156.87.216 port 44302 [preauth]
Jun 25 03:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 03:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: Invalid user chris from 45.156.87.216
Jun 25 03:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: input_userauth_request: invalid user chris [preauth]
Jun 25 03:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Failed password for root from 103.15.222.183 port 49594 ssh2
Jun 25 03:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22628]: Connection closed by 103.15.222.183 port 49594 [preauth]
Jun 25 03:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: Failed password for invalid user chris from 45.156.87.216 port 42104 ssh2
Jun 25 03:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: Connection closed by 45.156.87.216 port 42104 [preauth]
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22642]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22708]: Successful su for rubyman by root
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22708]: + ??? root:rubyman
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587827 of user rubyman.
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22708]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587827.
Jun 25 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: Invalid user cloud from 45.156.87.216
Jun 25 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: input_userauth_request: invalid user cloud [preauth]
Jun 25 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19616]: pam_unix(cron:session): session closed for user root
Jun 25 03:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: Failed password for invalid user cloud from 45.156.87.216 port 42132 ssh2
Jun 25 03:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: Connection closed by 45.156.87.216 port 42132 [preauth]
Jun 25 03:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22643]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: Failed password for root from 45.156.87.216 port 43508 ssh2
Jun 25 03:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: Connection closed by 45.156.87.216 port 43508 [preauth]
Jun 25 03:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22928]: Failed password for root from 45.156.87.216 port 43524 ssh2
Jun 25 03:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22928]: Connection closed by 45.156.87.216 port 43524 [preauth]
Jun 25 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: Invalid user student from 45.156.87.216
Jun 25 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: input_userauth_request: invalid user student [preauth]
Jun 25 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: Failed password for invalid user student from 45.156.87.216 port 43978 ssh2
Jun 25 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22946]: Connection closed by 45.156.87.216 port 43978 [preauth]
Jun 25 03:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Failed password for root from 45.156.87.216 port 43986 ssh2
Jun 25 03:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Connection closed by 45.156.87.216 port 43986 [preauth]
Jun 25 03:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: Invalid user guest from 45.156.87.216
Jun 25 03:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: input_userauth_request: invalid user guest [preauth]
Jun 25 03:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21707]: pam_unix(cron:session): session closed for user root
Jun 25 03:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: Failed password for invalid user guest from 45.156.87.216 port 57636 ssh2
Jun 25 03:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22979]: Connection closed by 45.156.87.216 port 57636 [preauth]
Jun 25 03:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Invalid user stack from 45.156.87.216
Jun 25 03:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: input_userauth_request: invalid user stack [preauth]
Jun 25 03:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Failed password for invalid user stack from 45.156.87.216 port 39222 ssh2
Jun 25 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Connection closed by 45.156.87.216 port 39222 [preauth]
Jun 25 03:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: Failed password for root from 45.156.87.216 port 39238 ssh2
Jun 25 03:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: Connection closed by 45.156.87.216 port 39238 [preauth]
Jun 25 03:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: Failed password for root from 79.125.162.32 port 55767 ssh2
Jun 25 03:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: Received disconnect from 79.125.162.32 port 55767:11: Bye Bye [preauth]
Jun 25 03:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: Disconnected from 79.125.162.32 port 55767 [preauth]
Jun 25 03:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Invalid user jay from 45.156.87.216
Jun 25 03:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: input_userauth_request: invalid user jay [preauth]
Jun 25 03:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Failed password for invalid user jay from 45.156.87.216 port 54338 ssh2
Jun 25 03:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Connection closed by 45.156.87.216 port 54338 [preauth]
Jun 25 03:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23054]: Failed password for root from 45.156.87.216 port 54350 ssh2
Jun 25 03:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23054]: Connection closed by 45.156.87.216 port 54350 [preauth]
Jun 25 03:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23077]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23082]: pam_unix(cron:session): session closed for user root
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23077]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23146]: Successful su for rubyman by root
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23146]: + ??? root:rubyman
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587834 of user rubyman.
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23146]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587834.
Jun 25 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Failed password for root from 45.156.87.216 port 58602 ssh2
Jun 25 03:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Connection closed by 45.156.87.216 port 58602 [preauth]
Jun 25 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23079]: pam_unix(cron:session): session closed for user root
Jun 25 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session closed for user root
Jun 25 03:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: Invalid user debian from 45.156.87.216
Jun 25 03:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: input_userauth_request: invalid user debian [preauth]
Jun 25 03:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23078]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: Failed password for invalid user debian from 45.156.87.216 port 58610 ssh2
Jun 25 03:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: Connection closed by 45.156.87.216 port 58610 [preauth]
Jun 25 03:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23371]: Failed password for root from 103.155.47.102 port 49098 ssh2
Jun 25 03:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23371]: Received disconnect from 103.155.47.102 port 49098:11: Bye Bye [preauth]
Jun 25 03:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23371]: Disconnected from 103.155.47.102 port 49098 [preauth]
Jun 25 03:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: Failed password for root from 45.156.87.216 port 54744 ssh2
Jun 25 03:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23390]: Connection closed by 45.156.87.216 port 54744 [preauth]
Jun 25 03:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Invalid user deploy from 45.156.87.216
Jun 25 03:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Failed password for invalid user deploy from 45.156.87.216 port 37436 ssh2
Jun 25 03:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Connection closed by 45.156.87.216 port 37436 [preauth]
Jun 25 03:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Invalid user yana from 103.112.173.87
Jun 25 03:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: input_userauth_request: invalid user yana [preauth]
Jun 25 03:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Failed password for invalid user yana from 103.112.173.87 port 45712 ssh2
Jun 25 03:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Received disconnect from 103.112.173.87 port 45712:11: Bye Bye [preauth]
Jun 25 03:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Disconnected from 103.112.173.87 port 45712 [preauth]
Jun 25 03:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: Failed password for root from 45.156.87.216 port 37480 ssh2
Jun 25 03:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: Connection closed by 45.156.87.216 port 37480 [preauth]
Jun 25 03:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Failed password for root from 45.156.87.216 port 59664 ssh2
Jun 25 03:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Connection closed by 45.156.87.216 port 59664 [preauth]
Jun 25 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session closed for user root
Jun 25 03:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: Invalid user adminuser from 45.156.87.216
Jun 25 03:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: input_userauth_request: invalid user adminuser [preauth]
Jun 25 03:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: Failed password for invalid user adminuser from 45.156.87.216 port 59676 ssh2
Jun 25 03:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: Connection closed by 45.156.87.216 port 59676 [preauth]
Jun 25 03:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: Invalid user user from 45.156.87.216
Jun 25 03:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: input_userauth_request: invalid user user [preauth]
Jun 25 03:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: Failed password for invalid user user from 45.156.87.216 port 57052 ssh2
Jun 25 03:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23492]: Connection closed by 45.156.87.216 port 57052 [preauth]
Jun 25 03:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: Failed password for root from 45.156.87.216 port 46718 ssh2
Jun 25 03:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: Connection closed by 45.156.87.216 port 46718 [preauth]
Jun 25 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Failed password for root from 45.156.87.216 port 46728 ssh2
Jun 25 03:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Connection closed by 45.156.87.216 port 46728 [preauth]
Jun 25 03:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Invalid user openvpn from 45.156.87.216
Jun 25 03:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: input_userauth_request: invalid user openvpn [preauth]
Jun 25 03:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Failed password for invalid user openvpn from 45.156.87.216 port 35994 ssh2
Jun 25 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Connection closed by 45.156.87.216 port 35994 [preauth]
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23556]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23624]: Successful su for rubyman by root
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23624]: + ??? root:rubyman
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587837 of user rubyman.
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23624]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587837.
Jun 25 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: Invalid user devops from 45.156.87.216
Jun 25 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: input_userauth_request: invalid user devops [preauth]
Jun 25 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20750]: pam_unix(cron:session): session closed for user root
Jun 25 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: Failed password for invalid user devops from 45.156.87.216 port 35998 ssh2
Jun 25 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23557]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: Connection closed by 45.156.87.216 port 35998 [preauth]
Jun 25 03:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: User vncuser from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 03:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 03:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=vncuser
Jun 25 03:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Failed password for invalid user vncuser from 45.156.87.216 port 46102 ssh2
Jun 25 03:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Connection closed by 45.156.87.216 port 46102 [preauth]
Jun 25 03:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: Failed password for root from 45.156.87.216 port 46114 ssh2
Jun 25 03:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: Connection closed by 45.156.87.216 port 46114 [preauth]
Jun 25 03:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23970]: Invalid user deploy from 45.156.87.216
Jun 25 03:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23970]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23970]: Failed password for invalid user deploy from 45.156.87.216 port 37548 ssh2
Jun 25 03:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23970]: Connection closed by 45.156.87.216 port 37548 [preauth]
Jun 25 03:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Invalid user bob from 45.156.87.216
Jun 25 03:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: input_userauth_request: invalid user bob [preauth]
Jun 25 03:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Failed password for invalid user bob from 45.156.87.216 port 40608 ssh2
Jun 25 03:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Connection closed by 45.156.87.216 port 40608 [preauth]
Jun 25 03:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: Invalid user deploy from 45.156.87.216
Jun 25 03:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22645]: pam_unix(cron:session): session closed for user root
Jun 25 03:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: Failed password for invalid user deploy from 45.156.87.216 port 40610 ssh2
Jun 25 03:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24007]: Connection closed by 45.156.87.216 port 40610 [preauth]
Jun 25 03:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Invalid user devops from 45.156.87.216
Jun 25 03:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: input_userauth_request: invalid user devops [preauth]
Jun 25 03:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Failed password for invalid user devops from 45.156.87.216 port 43710 ssh2
Jun 25 03:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Connection closed by 45.156.87.216 port 43710 [preauth]
Jun 25 03:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Invalid user victor from 187.192.86.153
Jun 25 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: input_userauth_request: invalid user victor [preauth]
Jun 25 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: Invalid user ftpuser from 45.156.87.216
Jun 25 03:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 03:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Failed password for invalid user victor from 187.192.86.153 port 55548 ssh2
Jun 25 03:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Received disconnect from 187.192.86.153 port 55548:11: Bye Bye [preauth]
Jun 25 03:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Disconnected from 187.192.86.153 port 55548 [preauth]
Jun 25 03:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: Failed password for invalid user ftpuser from 45.156.87.216 port 43724 ssh2
Jun 25 03:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: Connection closed by 45.156.87.216 port 43724 [preauth]
Jun 25 03:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Invalid user demo from 45.156.87.216
Jun 25 03:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: input_userauth_request: invalid user demo [preauth]
Jun 25 03:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Failed password for invalid user demo from 45.156.87.216 port 39020 ssh2
Jun 25 03:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Connection closed by 45.156.87.216 port 39020 [preauth]
Jun 25 03:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: Invalid user server from 45.156.87.216
Jun 25 03:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: input_userauth_request: invalid user server [preauth]
Jun 25 03:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: Failed password for invalid user server from 45.156.87.216 port 39030 ssh2
Jun 25 03:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24085]: Connection closed by 45.156.87.216 port 39030 [preauth]
Jun 25 03:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Invalid user administrator from 45.156.87.216
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: input_userauth_request: invalid user administrator [preauth]
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24098]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24161]: Successful su for rubyman by root
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24161]: + ??? root:rubyman
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587840 of user rubyman.
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24161]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587840.
Jun 25 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Failed password for invalid user administrator from 45.156.87.216 port 50558 ssh2
Jun 25 03:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24191]: Invalid user long from 103.155.47.102
Jun 25 03:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24191]: input_userauth_request: invalid user long [preauth]
Jun 25 03:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24191]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Connection closed by 45.156.87.216 port 50558 [preauth]
Jun 25 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21231]: pam_unix(cron:session): session closed for user root
Jun 25 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24191]: Failed password for invalid user long from 103.155.47.102 port 56826 ssh2
Jun 25 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24191]: Received disconnect from 103.155.47.102 port 56826:11: Bye Bye [preauth]
Jun 25 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24191]: Disconnected from 103.155.47.102 port 56826 [preauth]
Jun 25 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24099]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Failed password for root from 45.156.87.216 port 56946 ssh2
Jun 25 03:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Connection closed by 45.156.87.216 port 56946 [preauth]
Jun 25 03:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: Invalid user bernard from 45.156.87.216
Jun 25 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: input_userauth_request: invalid user bernard [preauth]
Jun 25 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: Failed password for invalid user bernard from 45.156.87.216 port 56954 ssh2
Jun 25 03:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: Connection closed by 45.156.87.216 port 56954 [preauth]
Jun 25 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: Failed password for root from 79.125.162.32 port 44650 ssh2
Jun 25 03:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: Received disconnect from 79.125.162.32 port 44650:11: Bye Bye [preauth]
Jun 25 03:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: Disconnected from 79.125.162.32 port 44650 [preauth]
Jun 25 03:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: Failed password for root from 45.156.87.216 port 45260 ssh2
Jun 25 03:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: Connection closed by 45.156.87.216 port 45260 [preauth]
Jun 25 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: Failed password for invalid user ubuntu from 45.156.87.216 port 45270 ssh2
Jun 25 03:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: Connection closed by 45.156.87.216 port 45270 [preauth]
Jun 25 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: Invalid user alex from 45.156.87.216
Jun 25 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: input_userauth_request: invalid user alex [preauth]
Jun 25 03:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: Failed password for invalid user alex from 45.156.87.216 port 36572 ssh2
Jun 25 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: Connection closed by 45.156.87.216 port 36572 [preauth]
Jun 25 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23081]: pam_unix(cron:session): session closed for user root
Jun 25 03:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: Invalid user nginx from 45.156.87.216
Jun 25 03:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: input_userauth_request: invalid user nginx [preauth]
Jun 25 03:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: Failed password for invalid user nginx from 45.156.87.216 port 42584 ssh2
Jun 25 03:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: Connection closed by 45.156.87.216 port 42584 [preauth]
Jun 25 03:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Invalid user app from 45.156.87.216
Jun 25 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: input_userauth_request: invalid user app [preauth]
Jun 25 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Failed password for invalid user app from 45.156.87.216 port 42590 ssh2
Jun 25 03:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Connection closed by 45.156.87.216 port 42590 [preauth]
Jun 25 03:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: Failed password for root from 45.156.87.216 port 52604 ssh2
Jun 25 03:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: Connection closed by 45.156.87.216 port 52604 [preauth]
Jun 25 03:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: Failed password for root from 45.156.87.216 port 52632 ssh2
Jun 25 03:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: Connection closed by 45.156.87.216 port 52632 [preauth]
Jun 25 03:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Invalid user test from 45.156.87.216
Jun 25 03:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: input_userauth_request: invalid user test [preauth]
Jun 25 03:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Failed password for invalid user test from 45.156.87.216 port 38202 ssh2
Jun 25 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Connection closed by 45.156.87.216 port 38202 [preauth]
Jun 25 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24619]: Successful su for rubyman by root
Jun 25 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24619]: + ??? root:rubyman
Jun 25 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587846 of user rubyman.
Jun 25 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24619]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587846.
Jun 25 03:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21706]: pam_unix(cron:session): session closed for user root
Jun 25 03:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24556]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24796]: Failed password for root from 45.156.87.216 port 38216 ssh2
Jun 25 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24796]: Connection closed by 45.156.87.216 port 38216 [preauth]
Jun 25 03:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: Invalid user cloud from 45.156.87.216
Jun 25 03:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: input_userauth_request: invalid user cloud [preauth]
Jun 25 03:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: Failed password for invalid user cloud from 45.156.87.216 port 35126 ssh2
Jun 25 03:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: Connection closed by 45.156.87.216 port 35126 [preauth]
Jun 25 03:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Invalid user bob from 45.156.87.216
Jun 25 03:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: input_userauth_request: invalid user bob [preauth]
Jun 25 03:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Failed password for invalid user bob from 45.156.87.216 port 47722 ssh2
Jun 25 03:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Connection closed by 45.156.87.216 port 47722 [preauth]
Jun 25 03:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: Invalid user dmdba from 45.156.87.216
Jun 25 03:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 03:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: Failed password for invalid user dmdba from 45.156.87.216 port 47758 ssh2
Jun 25 03:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: Connection closed by 45.156.87.216 port 47758 [preauth]
Jun 25 03:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: Failed password for root from 45.156.87.216 port 50446 ssh2
Jun 25 03:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: Connection closed by 45.156.87.216 port 50446 [preauth]
Jun 25 03:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session closed for user root
Jun 25 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24918]: Invalid user admin from 45.156.87.216
Jun 25 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24918]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24918]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24918]: Failed password for invalid user admin from 45.156.87.216 port 50452 ssh2
Jun 25 03:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24918]: Connection closed by 45.156.87.216 port 50452 [preauth]
Jun 25 03:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87  user=root
Jun 25 03:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Failed password for root from 103.112.173.87 port 47882 ssh2
Jun 25 03:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Received disconnect from 103.112.173.87 port 47882:11: Bye Bye [preauth]
Jun 25 03:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Disconnected from 103.112.173.87 port 47882 [preauth]
Jun 25 03:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: Invalid user user from 45.156.87.216
Jun 25 03:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: input_userauth_request: invalid user user [preauth]
Jun 25 03:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: Failed password for invalid user user from 45.156.87.216 port 51638 ssh2
Jun 25 03:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: Connection closed by 45.156.87.216 port 51638 [preauth]
Jun 25 03:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Invalid user deploy from 45.156.87.216
Jun 25 03:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Failed password for invalid user deploy from 45.156.87.216 port 59042 ssh2
Jun 25 03:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Connection closed by 45.156.87.216 port 59042 [preauth]
Jun 25 03:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: Invalid user oracle from 45.156.87.216
Jun 25 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: input_userauth_request: invalid user oracle [preauth]
Jun 25 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: Failed password for invalid user oracle from 45.156.87.216 port 59066 ssh2
Jun 25 03:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24963]: Connection closed by 45.156.87.216 port 59066 [preauth]
Jun 25 03:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Failed password for root from 45.156.87.216 port 37580 ssh2
Jun 25 03:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Connection closed by 45.156.87.216 port 37580 [preauth]
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: Successful su for rubyman by root
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: + ??? root:rubyman
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587848 of user rubyman.
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587848.
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24977]: Failed password for root from 103.155.47.102 port 33240 ssh2
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24977]: Received disconnect from 103.155.47.102 port 33240:11: Bye Bye [preauth]
Jun 25 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24977]: Disconnected from 103.155.47.102 port 33240 [preauth]
Jun 25 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session closed for user root
Jun 25 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25188]: Invalid user admin from 45.156.87.216
Jun 25 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25188]: input_userauth_request: invalid user admin [preauth]
Jun 25 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25188]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25188]: Failed password for invalid user admin from 45.156.87.216 port 37586 ssh2
Jun 25 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25188]: Connection closed by 45.156.87.216 port 37586 [preauth]
Jun 25 03:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25249]: Invalid user user1 from 45.156.87.216
Jun 25 03:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25249]: input_userauth_request: invalid user user1 [preauth]
Jun 25 03:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25249]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25249]: Failed password for invalid user user1 from 45.156.87.216 port 46686 ssh2
Jun 25 03:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25249]: Connection closed by 45.156.87.216 port 46686 [preauth]
Jun 25 03:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: Invalid user rdpuser from 45.156.87.216
Jun 25 03:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 03:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: Failed password for invalid user rdpuser from 45.156.87.216 port 46688 ssh2
Jun 25 03:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: Connection closed by 45.156.87.216 port 46688 [preauth]
Jun 25 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: Invalid user drcomadmin from 45.156.87.216
Jun 25 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 25 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: Failed password for invalid user drcomadmin from 45.156.87.216 port 41312 ssh2
Jun 25 03:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: Connection closed by 45.156.87.216 port 41312 [preauth]
Jun 25 03:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: Invalid user crafty from 45.156.87.216
Jun 25 03:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: input_userauth_request: invalid user crafty [preauth]
Jun 25 03:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: Failed password for invalid user crafty from 45.156.87.216 port 58374 ssh2
Jun 25 03:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: Connection closed by 45.156.87.216 port 58374 [preauth]
Jun 25 03:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: Invalid user postgres from 45.156.87.216
Jun 25 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: input_userauth_request: invalid user postgres [preauth]
Jun 25 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24102]: pam_unix(cron:session): session closed for user root
Jun 25 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: Failed password for invalid user postgres from 45.156.87.216 port 58378 ssh2
Jun 25 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: Connection closed by 45.156.87.216 port 58378 [preauth]
Jun 25 03:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 25 03:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Invalid user ftpuser1 from 45.156.87.216
Jun 25 03:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 25 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Failed password for root from 187.192.86.153 port 59406 ssh2
Jun 25 03:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Received disconnect from 187.192.86.153 port 59406:11: Bye Bye [preauth]
Jun 25 03:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Disconnected from 187.192.86.153 port 59406 [preauth]
Jun 25 03:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Failed password for invalid user ftpuser1 from 45.156.87.216 port 56586 ssh2
Jun 25 03:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Connection closed by 45.156.87.216 port 56586 [preauth]
Jun 25 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: Invalid user public from 79.125.162.32
Jun 25 03:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: input_userauth_request: invalid user public [preauth]
Jun 25 03:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: Failed password for invalid user public from 79.125.162.32 port 59863 ssh2
Jun 25 03:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: Received disconnect from 79.125.162.32 port 59863:11: Bye Bye [preauth]
Jun 25 03:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: Disconnected from 79.125.162.32 port 59863 [preauth]
Jun 25 03:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25376]: Failed password for root from 45.156.87.216 port 56604 ssh2
Jun 25 03:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25376]: Connection closed by 45.156.87.216 port 56604 [preauth]
Jun 25 03:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: Failed password for root from 45.156.87.216 port 41830 ssh2
Jun 25 03:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: Connection closed by 45.156.87.216 port 41830 [preauth]
Jun 25 03:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Failed password for invalid user ubuntu from 45.156.87.216 port 41838 ssh2
Jun 25 03:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Connection closed by 45.156.87.216 port 41838 [preauth]
Jun 25 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25418]: pam_unix(cron:session): session closed for user root
Jun 25 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25411]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25489]: Successful su for rubyman by root
Jun 25 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25489]: + ??? root:rubyman
Jun 25 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587857 of user rubyman.
Jun 25 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25489]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587857.
Jun 25 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25415]: pam_unix(cron:session): session closed for user root
Jun 25 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22644]: pam_unix(cron:session): session closed for user root
Jun 25 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Failed password for root from 45.156.87.216 port 33434 ssh2
Jun 25 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Connection closed by 45.156.87.216 port 33434 [preauth]
Jun 25 03:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25414]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: Failed password for root from 45.156.87.216 port 37326 ssh2
Jun 25 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25690]: Connection closed by 45.156.87.216 port 37326 [preauth]
Jun 25 03:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25700]: Invalid user ducc0x from 45.156.87.216
Jun 25 03:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25700]: input_userauth_request: invalid user ducc0x [preauth]
Jun 25 03:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25700]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25700]: Failed password for invalid user ducc0x from 45.156.87.216 port 37348 ssh2
Jun 25 03:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25700]: Connection closed by 45.156.87.216 port 37348 [preauth]
Jun 25 03:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Invalid user agent from 45.156.87.216
Jun 25 03:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: input_userauth_request: invalid user agent [preauth]
Jun 25 03:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Failed password for invalid user agent from 45.156.87.216 port 42378 ssh2
Jun 25 03:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Connection closed by 45.156.87.216 port 42378 [preauth]
Jun 25 03:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 25 03:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Failed password for root from 147.45.211.215 port 56518 ssh2
Jun 25 03:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Connection closed by 147.45.211.215 port 56518 [preauth]
Jun 25 03:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Invalid user ai from 45.156.87.216
Jun 25 03:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: input_userauth_request: invalid user ai [preauth]
Jun 25 03:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 03:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Failed password for invalid user ai from 45.156.87.216 port 42392 ssh2
Jun 25 03:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Connection closed by 45.156.87.216 port 42392 [preauth]
Jun 25 03:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: Failed password for root from 103.27.238.114 port 60762 ssh2
Jun 25 03:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25760]: Connection closed by 103.27.238.114 port 60762 [preauth]
Jun 25 03:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Invalid user server from 45.156.87.216
Jun 25 03:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: input_userauth_request: invalid user server [preauth]
Jun 25 03:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Failed password for invalid user server from 45.156.87.216 port 36068 ssh2
Jun 25 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Connection closed by 45.156.87.216 port 36068 [preauth]
Jun 25 03:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session closed for user root
Jun 25 03:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Failed password for root from 80.66.85.226 port 49704 ssh2
Jun 25 03:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Connection closed by 80.66.85.226 port 49704 [preauth]
Jun 25 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: Invalid user server from 45.156.87.216
Jun 25 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: input_userauth_request: invalid user server [preauth]
Jun 25 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: Failed password for invalid user server from 45.156.87.216 port 56542 ssh2
Jun 25 03:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25806]: Connection closed by 45.156.87.216 port 56542 [preauth]
Jun 25 03:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Invalid user kipt from 45.156.87.216
Jun 25 03:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: input_userauth_request: invalid user kipt [preauth]
Jun 25 03:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Failed password for invalid user kipt from 45.156.87.216 port 56554 ssh2
Jun 25 03:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Connection closed by 45.156.87.216 port 56554 [preauth]
Jun 25 03:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: Failed password for root from 45.156.87.216 port 36282 ssh2
Jun 25 03:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: Connection closed by 45.156.87.216 port 36282 [preauth]
Jun 25 03:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25851]: Invalid user redhat from 45.156.87.216
Jun 25 03:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25851]: input_userauth_request: invalid user redhat [preauth]
Jun 25 03:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25851]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25851]: Failed password for invalid user redhat from 45.156.87.216 port 36300 ssh2
Jun 25 03:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25851]: Connection closed by 45.156.87.216 port 36300 [preauth]
Jun 25 03:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25861]: Invalid user deploy from 45.156.87.216
Jun 25 03:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25861]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25861]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25869]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25938]: Successful su for rubyman by root
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25938]: + ??? root:rubyman
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587858 of user rubyman.
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25938]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587858.
Jun 25 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25861]: Failed password for invalid user deploy from 45.156.87.216 port 49026 ssh2
Jun 25 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25861]: Connection closed by 45.156.87.216 port 49026 [preauth]
Jun 25 03:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23080]: pam_unix(cron:session): session closed for user root
Jun 25 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25870]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Invalid user gitlab-runner from 45.156.87.216
Jun 25 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Failed password for root from 103.155.47.102 port 58670 ssh2
Jun 25 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Received disconnect from 103.155.47.102 port 58670:11: Bye Bye [preauth]
Jun 25 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Disconnected from 103.155.47.102 port 58670 [preauth]
Jun 25 03:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Failed password for invalid user gitlab-runner from 45.156.87.216 port 49028 ssh2
Jun 25 03:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Connection closed by 45.156.87.216 port 49028 [preauth]
Jun 25 03:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Invalid user fahmi from 45.156.87.216
Jun 25 03:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: input_userauth_request: invalid user fahmi [preauth]
Jun 25 03:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Failed password for invalid user fahmi from 45.156.87.216 port 38120 ssh2
Jun 25 03:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Connection closed by 45.156.87.216 port 38120 [preauth]
Jun 25 03:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: Invalid user hamed from 45.156.87.216
Jun 25 03:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: input_userauth_request: invalid user hamed [preauth]
Jun 25 03:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: Failed password for invalid user hamed from 45.156.87.216 port 47686 ssh2
Jun 25 03:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: Connection closed by 45.156.87.216 port 47686 [preauth]
Jun 25 03:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: Failed password for root from 45.156.87.216 port 47690 ssh2
Jun 25 03:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: Connection closed by 45.156.87.216 port 47690 [preauth]
Jun 25 03:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: Invalid user test from 45.156.87.216
Jun 25 03:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: input_userauth_request: invalid user test [preauth]
Jun 25 03:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: Failed password for invalid user test from 45.156.87.216 port 37290 ssh2
Jun 25 03:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: Connection closed by 45.156.87.216 port 37290 [preauth]
Jun 25 03:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session closed for user root
Jun 25 03:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Invalid user test from 45.156.87.216
Jun 25 03:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: input_userauth_request: invalid user test [preauth]
Jun 25 03:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Failed password for invalid user test from 45.156.87.216 port 37298 ssh2
Jun 25 03:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Connection closed by 45.156.87.216 port 37298 [preauth]
Jun 25 03:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: Invalid user lighthouse from 45.156.87.216
Jun 25 03:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: input_userauth_request: invalid user lighthouse [preauth]
Jun 25 03:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: Failed password for invalid user lighthouse from 45.156.87.216 port 38098 ssh2
Jun 25 03:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: Connection closed by 45.156.87.216 port 38098 [preauth]
Jun 25 03:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: Invalid user ftpuser from 45.156.87.216
Jun 25 03:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 03:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: Failed password for invalid user ftpuser from 45.156.87.216 port 38110 ssh2
Jun 25 03:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: Connection closed by 45.156.87.216 port 38110 [preauth]
Jun 25 03:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: Failed password for root from 45.156.87.216 port 33406 ssh2
Jun 25 03:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26269]: Connection closed by 45.156.87.216 port 33406 [preauth]
Jun 25 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: Invalid user xiao from 45.156.87.216
Jun 25 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: input_userauth_request: invalid user xiao [preauth]
Jun 25 03:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: Invalid user guest1 from 103.112.173.87
Jun 25 03:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: input_userauth_request: invalid user guest1 [preauth]
Jun 25 03:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 03:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: Failed password for invalid user xiao from 45.156.87.216 port 48176 ssh2
Jun 25 03:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: Connection closed by 45.156.87.216 port 48176 [preauth]
Jun 25 03:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: Failed password for invalid user guest1 from 103.112.173.87 port 49884 ssh2
Jun 25 03:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: Received disconnect from 103.112.173.87 port 49884:11: Bye Bye [preauth]
Jun 25 03:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26283]: Disconnected from 103.112.173.87 port 49884 [preauth]
Jun 25 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26295]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26358]: Successful su for rubyman by root
Jun 25 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26358]: + ??? root:rubyman
Jun 25 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587862 of user rubyman.
Jun 25 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26358]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587862.
Jun 25 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: Invalid user runner from 45.156.87.216
Jun 25 03:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: input_userauth_request: invalid user runner [preauth]
Jun 25 03:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23558]: pam_unix(cron:session): session closed for user root
Jun 25 03:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: Failed password for invalid user runner from 45.156.87.216 port 48186 ssh2
Jun 25 03:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: Connection closed by 45.156.87.216 port 48186 [preauth]
Jun 25 03:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26296]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: Invalid user runner from 45.156.87.216
Jun 25 03:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: input_userauth_request: invalid user runner [preauth]
Jun 25 03:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: Failed password for invalid user runner from 45.156.87.216 port 59184 ssh2
Jun 25 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26538]: Connection closed by 45.156.87.216 port 59184 [preauth]
Jun 25 03:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 03:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Invalid user sam from 45.156.87.216
Jun 25 03:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: input_userauth_request: invalid user sam [preauth]
Jun 25 03:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Failed password for root from 79.125.162.32 port 48726 ssh2
Jun 25 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Received disconnect from 79.125.162.32 port 48726:11: Bye Bye [preauth]
Jun 25 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26548]: Disconnected from 79.125.162.32 port 48726 [preauth]
Jun 25 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Failed password for invalid user sam from 45.156.87.216 port 59200 ssh2
Jun 25 03:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Connection closed by 45.156.87.216 port 59200 [preauth]
Jun 25 03:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Failed password for root from 45.156.87.216 port 38032 ssh2
Jun 25 03:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Connection closed by 45.156.87.216 port 38032 [preauth]
Jun 25 03:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Invalid user node from 45.156.87.216
Jun 25 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: input_userauth_request: invalid user node [preauth]
Jun 25 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Failed password for invalid user node from 45.156.87.216 port 38036 ssh2
Jun 25 03:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Connection closed by 45.156.87.216 port 38036 [preauth]
Jun 25 03:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: Invalid user minecraft from 45.156.87.216
Jun 25 03:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 03:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25417]: pam_unix(cron:session): session closed for user root
Jun 25 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: Failed password for invalid user minecraft from 45.156.87.216 port 55162 ssh2
Jun 25 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: Connection closed by 45.156.87.216 port 55162 [preauth]
Jun 25 03:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Invalid user testuser from 45.156.87.216
Jun 25 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: input_userauth_request: invalid user testuser [preauth]
Jun 25 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Failed password for invalid user testuser from 45.156.87.216 port 48346 ssh2
Jun 25 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Connection closed by 45.156.87.216 port 48346 [preauth]
Jun 25 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Invalid user git from 187.192.86.153
Jun 25 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: input_userauth_request: invalid user git [preauth]
Jun 25 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 03:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: Invalid user user from 45.148.10.121
Jun 25 03:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: input_userauth_request: invalid user user [preauth]
Jun 25 03:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 03:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Failed password for invalid user git from 187.192.86.153 port 40066 ssh2
Jun 25 03:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Received disconnect from 187.192.86.153 port 40066:11: Bye Bye [preauth]
Jun 25 03:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Disconnected from 187.192.86.153 port 40066 [preauth]
Jun 25 03:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: Failed password for invalid user user from 45.148.10.121 port 56762 ssh2
Jun 25 03:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: Connection closed by 45.148.10.121 port 56762 [preauth]
Jun 25 03:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Invalid user vagrant from 45.156.87.216
Jun 25 03:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: input_userauth_request: invalid user vagrant [preauth]
Jun 25 03:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Failed password for invalid user vagrant from 45.156.87.216 port 48352 ssh2
Jun 25 03:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Connection closed by 45.156.87.216 port 48352 [preauth]
Jun 25 03:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: Invalid user ai from 45.156.87.216
Jun 25 03:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: input_userauth_request: invalid user ai [preauth]
Jun 25 03:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: Failed password for invalid user ai from 45.156.87.216 port 53360 ssh2
Jun 25 03:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: Connection closed by 45.156.87.216 port 53360 [preauth]
Jun 25 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: Invalid user master from 45.156.87.216
Jun 25 03:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: input_userauth_request: invalid user master [preauth]
Jun 25 03:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: Failed password for invalid user master from 45.156.87.216 port 53372 ssh2
Jun 25 03:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: Connection closed by 45.156.87.216 port 53372 [preauth]
Jun 25 03:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Invalid user claude from 45.156.87.216
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: input_userauth_request: invalid user claude [preauth]
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26801]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: Successful su for rubyman by root
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: + ??? root:rubyman
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587866 of user rubyman.
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587866.
Jun 25 03:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Failed password for invalid user claude from 45.156.87.216 port 54812 ssh2
Jun 25 03:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Connection closed by 45.156.87.216 port 54812 [preauth]
Jun 25 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24100]: pam_unix(cron:session): session closed for user root
Jun 25 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26802]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: Invalid user user2 from 45.156.87.216
Jun 25 03:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: input_userauth_request: invalid user user2 [preauth]
Jun 25 03:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: Failed password for invalid user user2 from 45.156.87.216 port 34102 ssh2
Jun 25 03:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: Connection closed by 45.156.87.216 port 34102 [preauth]
Jun 25 03:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: Invalid user ubuntu from 45.156.87.216
Jun 25 03:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 03:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Invalid user edward from 103.155.47.102
Jun 25 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: input_userauth_request: invalid user edward [preauth]
Jun 25 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: Failed password for invalid user ubuntu from 45.156.87.216 port 34118 ssh2
Jun 25 03:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: Connection closed by 45.156.87.216 port 34118 [preauth]
Jun 25 03:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Failed password for invalid user edward from 103.155.47.102 port 49054 ssh2
Jun 25 03:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Received disconnect from 103.155.47.102 port 49054:11: Bye Bye [preauth]
Jun 25 03:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Disconnected from 103.155.47.102 port 49054 [preauth]
Jun 25 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: Invalid user git from 45.156.87.216
Jun 25 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: input_userauth_request: invalid user git [preauth]
Jun 25 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: Failed password for invalid user git from 45.156.87.216 port 37138 ssh2
Jun 25 03:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27078]: Connection closed by 45.156.87.216 port 37138 [preauth]
Jun 25 03:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: Invalid user test2 from 45.156.87.216
Jun 25 03:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: input_userauth_request: invalid user test2 [preauth]
Jun 25 03:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: Failed password for invalid user test2 from 45.156.87.216 port 37156 ssh2
Jun 25 03:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: Connection closed by 45.156.87.216 port 37156 [preauth]
Jun 25 03:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Invalid user deployer from 45.156.87.216
Jun 25 03:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: input_userauth_request: invalid user deployer [preauth]
Jun 25 03:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25872]: pam_unix(cron:session): session closed for user root
Jun 25 03:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Failed password for invalid user deployer from 45.156.87.216 port 44340 ssh2
Jun 25 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Connection closed by 45.156.87.216 port 44340 [preauth]
Jun 25 03:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Invalid user user from 45.156.87.216
Jun 25 03:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: input_userauth_request: invalid user user [preauth]
Jun 25 03:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Failed password for invalid user user from 45.156.87.216 port 44348 ssh2
Jun 25 03:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Connection closed by 45.156.87.216 port 44348 [preauth]
Jun 25 03:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: Invalid user operator from 45.156.87.216
Jun 25 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: input_userauth_request: invalid user operator [preauth]
Jun 25 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: Failed password for invalid user operator from 45.156.87.216 port 40214 ssh2
Jun 25 03:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27167]: Connection closed by 45.156.87.216 port 40214 [preauth]
Jun 25 03:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 03:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27156]: Failed password for root from 202.178.126.219 port 30434 ssh2
Jun 25 03:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27156]: Connection closed by 202.178.126.219 port 30434 [preauth]
Jun 25 03:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: Failed password for root from 45.156.87.216 port 55368 ssh2
Jun 25 03:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: Connection closed by 45.156.87.216 port 55368 [preauth]
Jun 25 03:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: Invalid user hduser from 45.156.87.216
Jun 25 03:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: input_userauth_request: invalid user hduser [preauth]
Jun 25 03:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: Failed password for invalid user hduser from 45.156.87.216 port 55376 ssh2
Jun 25 03:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: Connection closed by 45.156.87.216 port 55376 [preauth]
Jun 25 03:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: Invalid user user3 from 45.156.87.216
Jun 25 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: input_userauth_request: invalid user user3 [preauth]
Jun 25 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session closed for user p13x
Jun 25 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: Failed password for invalid user user3 from 45.156.87.216 port 40214 ssh2
Jun 25 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: Successful su for rubyman by root
Jun 25 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: + ??? root:rubyman
Jun 25 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27218]: Connection closed by 45.156.87.216 port 40214 [preauth]
Jun 25 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587870 of user rubyman.
Jun 25 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: pam_unix(su:session): session closed for user rubyman
Jun 25 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587870.
Jun 25 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session closed for user root
Jun 25 03:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Invalid user dev from 45.156.87.216
Jun 25 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: input_userauth_request: invalid user dev [preauth]
Jun 25 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session closed for user samftp
Jun 25 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Failed password for invalid user dev from 45.156.87.216 port 40228 ssh2
Jun 25 03:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Connection closed by 45.156.87.216 port 40228 [preauth]
Jun 25 03:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27494]: Invalid user appuser from 45.156.87.216
Jun 25 03:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27494]: input_userauth_request: invalid user appuser [preauth]
Jun 25 03:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27494]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27494]: Failed password for invalid user appuser from 45.156.87.216 port 41544 ssh2
Jun 25 03:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27494]: Connection closed by 45.156.87.216 port 41544 [preauth]
Jun 25 03:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Invalid user username from 45.156.87.216
Jun 25 03:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: input_userauth_request: invalid user username [preauth]
Jun 25 03:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Failed password for invalid user username from 45.156.87.216 port 38158 ssh2
Jun 25 03:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Connection closed by 45.156.87.216 port 38158 [preauth]
Jun 25 03:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27535]: Invalid user user from 45.156.87.216
Jun 25 03:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27535]: input_userauth_request: invalid user user [preauth]
Jun 25 03:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27535]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27535]: Failed password for invalid user user from 45.156.87.216 port 38170 ssh2
Jun 25 03:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27535]: Connection closed by 45.156.87.216 port 38170 [preauth]
Jun 25 03:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27559]: Invalid user minecraft from 45.156.87.216
Jun 25 03:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27559]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 03:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27559]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27559]: Failed password for invalid user minecraft from 45.156.87.216 port 41956 ssh2
Jun 25 03:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27559]: Connection closed by 45.156.87.216 port 41956 [preauth]
Jun 25 03:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27570]: Invalid user devops from 45.156.87.216
Jun 25 03:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27570]: input_userauth_request: invalid user devops [preauth]
Jun 25 03:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27570]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26300]: pam_unix(cron:session): session closed for user root
Jun 25 03:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27570]: Failed password for invalid user devops from 45.156.87.216 port 41974 ssh2
Jun 25 03:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27570]: Connection closed by 45.156.87.216 port 41974 [preauth]
Jun 25 03:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Invalid user developer from 45.156.87.216
Jun 25 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: input_userauth_request: invalid user developer [preauth]
Jun 25 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: Invalid user deploy from 79.125.162.32
Jun 25 03:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: input_userauth_request: invalid user deploy [preauth]
Jun 25 03:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 03:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Failed password for invalid user developer from 45.156.87.216 port 52048 ssh2
Jun 25 03:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Connection closed by 45.156.87.216 port 52048 [preauth]
Jun 25 03:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: Failed password for invalid user deploy from 79.125.162.32 port 50586 ssh2
Jun 25 03:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: Received disconnect from 79.125.162.32 port 50586:11: Bye Bye [preauth]
Jun 25 03:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27613]: Disconnected from 79.125.162.32 port 50586 [preauth]
Jun 25 03:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Invalid user chenxi from 45.156.87.216
Jun 25 03:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: input_userauth_request: invalid user chenxi [preauth]
Jun 25 03:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Failed password for invalid user chenxi from 45.156.87.216 port 52056 ssh2
Jun 25 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Connection closed by 45.156.87.216 port 52056 [preauth]
Jun 25 03:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 03:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: Failed password for root from 45.156.87.216 port 34166 ssh2
Jun 25 03:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: Connection closed by 45.156.87.216 port 34166 [preauth]
Jun 25 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: Invalid user openclaw from 45.156.87.216
Jun 25 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 03:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: Failed password for invalid user openclaw from 45.156.87.216 port 34172 ssh2
Jun 25 03:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27657]: Connection closed by 45.156.87.216 port 34172 [preauth]
Jun 25 03:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27675]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27674]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27676]: pam_unix(cron:session): session closed for user root
Jun 25 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27672]: pam_unix(cron:session): session closed for user root
Jun 25 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27670]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27667]: Failed password for root from 45.156.87.216 port 43958 ssh2
Jun 25 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27767]: Successful su for rubyman by root
Jun 25 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27767]: + ??? root:rubyman
Jun 25 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587874 of user rubyman.
Jun 25 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27767]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587874.
Jun 25 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27667]: Connection closed by 45.156.87.216 port 43958 [preauth]
Jun 25 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27673]: pam_unix(cron:session): session closed for user root
Jun 25 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session closed for user root
Jun 25 04:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Invalid user pi from 45.156.87.216
Jun 25 04:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: input_userauth_request: invalid user pi [preauth]
Jun 25 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27671]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Failed password for invalid user pi from 45.156.87.216 port 43960 ssh2
Jun 25 04:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Connection closed by 45.156.87.216 port 43960 [preauth]
Jun 25 04:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Failed password for root from 45.156.87.216 port 33332 ssh2
Jun 25 04:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Connection closed by 45.156.87.216 port 33332 [preauth]
Jun 25 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102  user=root
Jun 25 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Invalid user dev from 45.156.87.216
Jun 25 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: input_userauth_request: invalid user dev [preauth]
Jun 25 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Bad protocol version identification 'GET / HTTP/1.1' from 65.49.1.94 port 24176
Jun 25 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Failed password for root from 103.155.47.102 port 56572 ssh2
Jun 25 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Received disconnect from 103.155.47.102 port 56572:11: Bye Bye [preauth]
Jun 25 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Disconnected from 103.155.47.102 port 56572 [preauth]
Jun 25 04:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Failed password for invalid user dev from 45.156.87.216 port 33342 ssh2
Jun 25 04:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Connection closed by 45.156.87.216 port 33342 [preauth]
Jun 25 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28049]: Invalid user amine from 45.156.87.216
Jun 25 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28049]: input_userauth_request: invalid user amine [preauth]
Jun 25 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28049]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Invalid user andrew from 187.192.86.153
Jun 25 04:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: input_userauth_request: invalid user andrew [preauth]
Jun 25 04:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 04:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87  user=root
Jun 25 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Failed password for invalid user andrew from 187.192.86.153 port 55486 ssh2
Jun 25 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Received disconnect from 187.192.86.153 port 55486:11: Bye Bye [preauth]
Jun 25 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Disconnected from 187.192.86.153 port 55486 [preauth]
Jun 25 04:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28049]: Failed password for invalid user amine from 45.156.87.216 port 44462 ssh2
Jun 25 04:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28049]: Connection closed by 45.156.87.216 port 44462 [preauth]
Jun 25 04:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: Failed password for root from 103.112.173.87 port 48020 ssh2
Jun 25 04:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: Received disconnect from 103.112.173.87 port 48020:11: Bye Bye [preauth]
Jun 25 04:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: Disconnected from 103.112.173.87 port 48020 [preauth]
Jun 25 04:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Invalid user steam from 45.156.87.216
Jun 25 04:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: input_userauth_request: invalid user steam [preauth]
Jun 25 04:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Failed password for invalid user steam from 45.156.87.216 port 49692 ssh2
Jun 25 04:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Connection closed by 45.156.87.216 port 49692 [preauth]
Jun 25 04:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Invalid user www from 45.156.87.216
Jun 25 04:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: input_userauth_request: invalid user www [preauth]
Jun 25 04:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26804]: pam_unix(cron:session): session closed for user root
Jun 25 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: Bad protocol version identification '\026\003\001' from 65.49.1.212 port 43756
Jun 25 04:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Failed password for invalid user www from 45.156.87.216 port 49698 ssh2
Jun 25 04:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Connection closed by 45.156.87.216 port 49698 [preauth]
Jun 25 04:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Invalid user user from 45.156.87.216
Jun 25 04:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: input_userauth_request: invalid user user [preauth]
Jun 25 04:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Failed password for invalid user user from 45.156.87.216 port 45776 ssh2
Jun 25 04:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Connection closed by 45.156.87.216 port 45776 [preauth]
Jun 25 04:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28217]: Failed password for root from 45.156.87.216 port 45790 ssh2
Jun 25 04:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28217]: Connection closed by 45.156.87.216 port 45790 [preauth]
Jun 25 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28240]: Invalid user pi from 45.156.87.216
Jun 25 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28240]: input_userauth_request: invalid user pi [preauth]
Jun 25 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28240]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28240]: Failed password for invalid user pi from 45.156.87.216 port 42920 ssh2
Jun 25 04:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28240]: Connection closed by 45.156.87.216 port 42920 [preauth]
Jun 25 04:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: Invalid user david from 45.156.87.216
Jun 25 04:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: input_userauth_request: invalid user david [preauth]
Jun 25 04:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: Failed password for invalid user david from 45.156.87.216 port 42936 ssh2
Jun 25 04:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: Connection closed by 45.156.87.216 port 42936 [preauth]
Jun 25 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28266]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28329]: Successful su for rubyman by root
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28329]: + ??? root:rubyman
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587882 of user rubyman.
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28329]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587882.
Jun 25 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Failed password for root from 45.156.87.216 port 49198 ssh2
Jun 25 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Connection closed by 45.156.87.216 port 49198 [preauth]
Jun 25 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25416]: pam_unix(cron:session): session closed for user root
Jun 25 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: Invalid user rocky from 45.156.87.216
Jun 25 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: input_userauth_request: invalid user rocky [preauth]
Jun 25 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28267]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: Failed password for invalid user rocky from 45.156.87.216 port 49200 ssh2
Jun 25 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: Connection closed by 45.156.87.216 port 49200 [preauth]
Jun 25 04:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Invalid user ec2-user from 45.156.87.216
Jun 25 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Failed password for invalid user ec2-user from 45.156.87.216 port 47086 ssh2
Jun 25 04:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Connection closed by 45.156.87.216 port 47086 [preauth]
Jun 25 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: Invalid user tester from 45.156.87.216
Jun 25 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: input_userauth_request: invalid user tester [preauth]
Jun 25 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: Failed password for invalid user tester from 45.156.87.216 port 34520 ssh2
Jun 25 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28553]: Connection closed by 45.156.87.216 port 34520 [preauth]
Jun 25 04:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: Invalid user gary from 45.156.87.216
Jun 25 04:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: input_userauth_request: invalid user gary [preauth]
Jun 25 04:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: Failed password for invalid user gary from 45.156.87.216 port 34534 ssh2
Jun 25 04:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: Connection closed by 45.156.87.216 port 34534 [preauth]
Jun 25 04:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: Invalid user zahra from 45.156.87.216
Jun 25 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: input_userauth_request: invalid user zahra [preauth]
Jun 25 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: Failed password for invalid user zahra from 45.156.87.216 port 58096 ssh2
Jun 25 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: Connection closed by 45.156.87.216 port 58096 [preauth]
Jun 25 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session closed for user root
Jun 25 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28688]: Invalid user coder from 45.156.87.216
Jun 25 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28688]: input_userauth_request: invalid user coder [preauth]
Jun 25 04:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28688]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28688]: Failed password for invalid user coder from 45.156.87.216 port 58108 ssh2
Jun 25 04:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28688]: Connection closed by 45.156.87.216 port 58108 [preauth]
Jun 25 04:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Invalid user ethan from 45.156.87.216
Jun 25 04:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: input_userauth_request: invalid user ethan [preauth]
Jun 25 04:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Failed password for invalid user ethan from 45.156.87.216 port 34690 ssh2
Jun 25 04:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Connection closed by 45.156.87.216 port 34690 [preauth]
Jun 25 04:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Invalid user debian from 45.156.87.216
Jun 25 04:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: input_userauth_request: invalid user debian [preauth]
Jun 25 04:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Failed password for invalid user debian from 45.156.87.216 port 34704 ssh2
Jun 25 04:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Connection closed by 45.156.87.216 port 34704 [preauth]
Jun 25 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: Failed password for root from 45.156.87.216 port 58202 ssh2
Jun 25 04:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: Connection closed by 45.156.87.216 port 58202 [preauth]
Jun 25 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Invalid user myuser from 45.156.87.216
Jun 25 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: input_userauth_request: invalid user myuser [preauth]
Jun 25 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Failed password for invalid user myuser from 45.156.87.216 port 52366 ssh2
Jun 25 04:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Connection closed by 45.156.87.216 port 52366 [preauth]
Jun 25 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28792]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28852]: Successful su for rubyman by root
Jun 25 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28852]: + ??? root:rubyman
Jun 25 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587885 of user rubyman.
Jun 25 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28852]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587885.
Jun 25 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: Invalid user openvpn from 45.156.87.216
Jun 25 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: input_userauth_request: invalid user openvpn [preauth]
Jun 25 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25871]: pam_unix(cron:session): session closed for user root
Jun 25 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: Failed password for invalid user openvpn from 45.156.87.216 port 52382 ssh2
Jun 25 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28789]: Connection closed by 45.156.87.216 port 52382 [preauth]
Jun 25 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28793]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29052]: Invalid user test1 from 45.156.87.216
Jun 25 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29052]: input_userauth_request: invalid user test1 [preauth]
Jun 25 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29052]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29052]: Failed password for invalid user test1 from 45.156.87.216 port 51232 ssh2
Jun 25 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29052]: Connection closed by 45.156.87.216 port 51232 [preauth]
Jun 25 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29057]: Failed password for root from 79.125.162.32 port 39457 ssh2
Jun 25 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29057]: Received disconnect from 79.125.162.32 port 39457:11: Bye Bye [preauth]
Jun 25 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29057]: Disconnected from 79.125.162.32 port 39457 [preauth]
Jun 25 04:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29068]: Failed password for root from 45.156.87.216 port 51244 ssh2
Jun 25 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29068]: Connection closed by 45.156.87.216 port 51244 [preauth]
Jun 25 04:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: Invalid user frontend from 103.155.47.102
Jun 25 04:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: input_userauth_request: invalid user frontend [preauth]
Jun 25 04:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.155.47.102
Jun 25 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: Failed password for root from 45.156.87.216 port 32942 ssh2
Jun 25 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: Connection closed by 45.156.87.216 port 32942 [preauth]
Jun 25 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: Failed password for invalid user frontend from 103.155.47.102 port 50532 ssh2
Jun 25 04:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: Received disconnect from 103.155.47.102 port 50532:11: Bye Bye [preauth]
Jun 25 04:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29094]: Disconnected from 103.155.47.102 port 50532 [preauth]
Jun 25 04:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Invalid user ftpuser from 45.156.87.216
Jun 25 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Failed password for invalid user ftpuser from 45.156.87.216 port 32956 ssh2
Jun 25 04:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Connection closed by 45.156.87.216 port 32956 [preauth]
Jun 25 04:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: Invalid user private from 45.156.87.216
Jun 25 04:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: input_userauth_request: invalid user private [preauth]
Jun 25 04:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: Failed password for invalid user private from 45.156.87.216 port 36028 ssh2
Jun 25 04:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: Connection closed by 45.156.87.216 port 36028 [preauth]
Jun 25 04:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27675]: pam_unix(cron:session): session closed for user root
Jun 25 04:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29164]: Failed password for root from 45.156.87.216 port 36042 ssh2
Jun 25 04:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29164]: Connection closed by 45.156.87.216 port 36042 [preauth]
Jun 25 04:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29175]: Invalid user customer from 45.156.87.216
Jun 25 04:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29175]: input_userauth_request: invalid user customer [preauth]
Jun 25 04:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29175]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29175]: Failed password for invalid user customer from 45.156.87.216 port 40402 ssh2
Jun 25 04:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29175]: Connection closed by 45.156.87.216 port 40402 [preauth]
Jun 25 04:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: Invalid user fivem from 45.156.87.216
Jun 25 04:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: input_userauth_request: invalid user fivem [preauth]
Jun 25 04:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: Failed password for invalid user fivem from 45.156.87.216 port 44548 ssh2
Jun 25 04:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: Connection closed by 45.156.87.216 port 44548 [preauth]
Jun 25 04:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Invalid user support from 45.156.87.216
Jun 25 04:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: input_userauth_request: invalid user support [preauth]
Jun 25 04:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Failed password for invalid user support from 45.156.87.216 port 44552 ssh2
Jun 25 04:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Connection closed by 45.156.87.216 port 44552 [preauth]
Jun 25 04:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Invalid user gabriel from 45.156.87.216
Jun 25 04:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 04:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Failed password for invalid user gabriel from 45.156.87.216 port 34066 ssh2
Jun 25 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29237]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Connection closed by 45.156.87.216 port 34066 [preauth]
Jun 25 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29314]: Successful su for rubyman by root
Jun 25 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29314]: + ??? root:rubyman
Jun 25 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587891 of user rubyman.
Jun 25 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29314]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587891.
Jun 25 04:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Invalid user user4 from 45.156.87.216
Jun 25 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: input_userauth_request: invalid user user4 [preauth]
Jun 25 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26299]: pam_unix(cron:session): session closed for user root
Jun 25 04:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 25 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29240]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Failed password for invalid user user4 from 45.156.87.216 port 34086 ssh2
Jun 25 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Connection closed by 45.156.87.216 port 34086 [preauth]
Jun 25 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: Failed password for root from 187.192.86.153 port 42608 ssh2
Jun 25 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: Received disconnect from 187.192.86.153 port 42608:11: Bye Bye [preauth]
Jun 25 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: Disconnected from 187.192.86.153 port 42608 [preauth]
Jun 25 04:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: Invalid user ansible from 45.156.87.216
Jun 25 04:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: input_userauth_request: invalid user ansible [preauth]
Jun 25 04:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: Failed password for invalid user ansible from 45.156.87.216 port 56686 ssh2
Jun 25 04:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: Connection closed by 45.156.87.216 port 56686 [preauth]
Jun 25 04:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Invalid user student from 45.156.87.216
Jun 25 04:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: input_userauth_request: invalid user student [preauth]
Jun 25 04:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Failed password for invalid user student from 45.156.87.216 port 56700 ssh2
Jun 25 04:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Connection closed by 45.156.87.216 port 56700 [preauth]
Jun 25 04:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29635]: Invalid user root1 from 45.156.87.216
Jun 25 04:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29635]: input_userauth_request: invalid user root1 [preauth]
Jun 25 04:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29635]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29635]: Failed password for invalid user root1 from 45.156.87.216 port 49856 ssh2
Jun 25 04:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29635]: Connection closed by 45.156.87.216 port 49856 [preauth]
Jun 25 04:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: Invalid user user from 45.156.87.216
Jun 25 04:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: input_userauth_request: invalid user user [preauth]
Jun 25 04:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: Failed password for invalid user user from 45.156.87.216 port 55762 ssh2
Jun 25 04:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: Connection closed by 45.156.87.216 port 55762 [preauth]
Jun 25 04:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Invalid user odoo16 from 45.156.87.216
Jun 25 04:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: input_userauth_request: invalid user odoo16 [preauth]
Jun 25 04:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28269]: pam_unix(cron:session): session closed for user root
Jun 25 04:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Failed password for invalid user odoo16 from 45.156.87.216 port 55768 ssh2
Jun 25 04:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Connection closed by 45.156.87.216 port 55768 [preauth]
Jun 25 04:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: Invalid user jenkins from 45.156.87.216
Jun 25 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: Failed password for invalid user jenkins from 45.156.87.216 port 46826 ssh2
Jun 25 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: Connection closed by 45.156.87.216 port 46826 [preauth]
Jun 25 04:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: Invalid user vbox from 45.156.87.216
Jun 25 04:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: input_userauth_request: invalid user vbox [preauth]
Jun 25 04:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: Failed password for invalid user vbox from 45.156.87.216 port 46836 ssh2
Jun 25 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: Connection closed by 45.156.87.216 port 46836 [preauth]
Jun 25 04:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87  user=root
Jun 25 04:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29767]: User ftp from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 04:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29767]: input_userauth_request: invalid user ftp [preauth]
Jun 25 04:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=ftp
Jun 25 04:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: Failed password for root from 103.112.173.87 port 53180 ssh2
Jun 25 04:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29767]: Failed password for invalid user ftp from 45.156.87.216 port 47098 ssh2
Jun 25 04:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: Received disconnect from 103.112.173.87 port 53180:11: Bye Bye [preauth]
Jun 25 04:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: Disconnected from 103.112.173.87 port 53180 [preauth]
Jun 25 04:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29767]: Connection closed by 45.156.87.216 port 47098 [preauth]
Jun 25 04:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: Invalid user martin from 45.156.87.216
Jun 25 04:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: input_userauth_request: invalid user martin [preauth]
Jun 25 04:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: Failed password for invalid user martin from 45.156.87.216 port 47112 ssh2
Jun 25 04:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: Connection closed by 45.156.87.216 port 47112 [preauth]
Jun 25 04:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Invalid user claude from 45.156.87.216
Jun 25 04:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: input_userauth_request: invalid user claude [preauth]
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29867]: Successful su for rubyman by root
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29867]: + ??? root:rubyman
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587895 of user rubyman.
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29867]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587895.
Jun 25 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Failed password for invalid user claude from 45.156.87.216 port 38078 ssh2
Jun 25 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Connection closed by 45.156.87.216 port 38078 [preauth]
Jun 25 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26803]: pam_unix(cron:session): session closed for user root
Jun 25 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29796]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Invalid user user from 45.156.87.216
Jun 25 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: input_userauth_request: invalid user user [preauth]
Jun 25 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Failed password for invalid user user from 45.156.87.216 port 50138 ssh2
Jun 25 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Connection closed by 45.156.87.216 port 50138 [preauth]
Jun 25 04:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: Invalid user a from 45.156.87.216
Jun 25 04:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: input_userauth_request: invalid user a [preauth]
Jun 25 04:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: Failed password for invalid user a from 45.156.87.216 port 50146 ssh2
Jun 25 04:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: Connection closed by 45.156.87.216 port 50146 [preauth]
Jun 25 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: Failed password for root from 45.156.87.216 port 34738 ssh2
Jun 25 04:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30089]: Connection closed by 45.156.87.216 port 34738 [preauth]
Jun 25 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Failed password for root from 45.156.87.216 port 34740 ssh2
Jun 25 04:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Connection closed by 45.156.87.216 port 34740 [preauth]
Jun 25 04:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Failed password for root from 45.156.87.216 port 48550 ssh2
Jun 25 04:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Connection closed by 45.156.87.216 port 48550 [preauth]
Jun 25 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session closed for user root
Jun 25 04:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: User mysql from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 04:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: input_userauth_request: invalid user mysql [preauth]
Jun 25 04:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=mysql
Jun 25 04:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: Invalid user prtg from 79.125.162.32
Jun 25 04:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: input_userauth_request: invalid user prtg [preauth]
Jun 25 04:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32
Jun 25 04:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: Failed password for invalid user mysql from 45.156.87.216 port 41850 ssh2
Jun 25 04:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: Connection closed by 45.156.87.216 port 41850 [preauth]
Jun 25 04:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: Failed password for invalid user prtg from 79.125.162.32 port 32372 ssh2
Jun 25 04:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: Received disconnect from 79.125.162.32 port 32372:11: Bye Bye [preauth]
Jun 25 04:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: Disconnected from 79.125.162.32 port 32372 [preauth]
Jun 25 04:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: Invalid user test from 45.156.87.216
Jun 25 04:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: input_userauth_request: invalid user test [preauth]
Jun 25 04:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: Failed password for invalid user test from 45.156.87.216 port 41874 ssh2
Jun 25 04:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: Connection closed by 45.156.87.216 port 41874 [preauth]
Jun 25 04:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: Invalid user aaa from 45.156.87.216
Jun 25 04:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: input_userauth_request: invalid user aaa [preauth]
Jun 25 04:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: Failed password for invalid user aaa from 45.156.87.216 port 59200 ssh2
Jun 25 04:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: Connection closed by 45.156.87.216 port 59200 [preauth]
Jun 25 04:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: Invalid user steam from 45.156.87.216
Jun 25 04:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: input_userauth_request: invalid user steam [preauth]
Jun 25 04:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: Failed password for invalid user steam from 45.156.87.216 port 59216 ssh2
Jun 25 04:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30227]: Connection closed by 45.156.87.216 port 59216 [preauth]
Jun 25 04:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: Invalid user support from 45.156.87.216
Jun 25 04:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: input_userauth_request: invalid user support [preauth]
Jun 25 04:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30252]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30254]: pam_unix(cron:session): session closed for user root
Jun 25 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30249]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: Failed password for invalid user support from 45.156.87.216 port 40232 ssh2
Jun 25 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: Connection closed by 45.156.87.216 port 40232 [preauth]
Jun 25 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30321]: Successful su for rubyman by root
Jun 25 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30321]: + ??? root:rubyman
Jun 25 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587900 of user rubyman.
Jun 25 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30321]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587900.
Jun 25 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30251]: pam_unix(cron:session): session closed for user root
Jun 25 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session closed for user root
Jun 25 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30250]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: Failed password for root from 45.156.87.216 port 40242 ssh2
Jun 25 04:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: Connection closed by 45.156.87.216 port 40242 [preauth]
Jun 25 04:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: Invalid user teamspeak from 45.156.87.216
Jun 25 04:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 04:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: Failed password for invalid user teamspeak from 45.156.87.216 port 39530 ssh2
Jun 25 04:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: Connection closed by 45.156.87.216 port 39530 [preauth]
Jun 25 04:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Invalid user gitlab from 45.156.87.216
Jun 25 04:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: input_userauth_request: invalid user gitlab [preauth]
Jun 25 04:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Failed password for invalid user gitlab from 45.156.87.216 port 54984 ssh2
Jun 25 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Connection closed by 45.156.87.216 port 54984 [preauth]
Jun 25 04:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: Invalid user kevin from 45.156.87.216
Jun 25 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: input_userauth_request: invalid user kevin [preauth]
Jun 25 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: Failed password for invalid user kevin from 45.156.87.216 port 54986 ssh2
Jun 25 04:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: Connection closed by 45.156.87.216 port 54986 [preauth]
Jun 25 04:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: Invalid user cloud from 45.156.87.216
Jun 25 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: input_userauth_request: invalid user cloud [preauth]
Jun 25 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: Failed password for invalid user cloud from 45.156.87.216 port 44920 ssh2
Jun 25 04:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: Connection closed by 45.156.87.216 port 44920 [preauth]
Jun 25 04:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29242]: pam_unix(cron:session): session closed for user root
Jun 25 04:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Failed password for root from 45.156.87.216 port 44928 ssh2
Jun 25 04:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Connection closed by 45.156.87.216 port 44928 [preauth]
Jun 25 04:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: Failed password for root from 45.156.87.216 port 36990 ssh2
Jun 25 04:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: Connection closed by 45.156.87.216 port 36990 [preauth]
Jun 25 04:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Invalid user media from 45.156.87.216
Jun 25 04:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: input_userauth_request: invalid user media [preauth]
Jun 25 04:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Failed password for invalid user media from 45.156.87.216 port 49600 ssh2
Jun 25 04:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Connection closed by 45.156.87.216 port 49600 [preauth]
Jun 25 04:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Invalid user ts3 from 45.156.87.216
Jun 25 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Failed password for invalid user ts3 from 45.156.87.216 port 49608 ssh2
Jun 25 04:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Connection closed by 45.156.87.216 port 49608 [preauth]
Jun 25 04:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Invalid user claude from 45.156.87.216
Jun 25 04:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: input_userauth_request: invalid user claude [preauth]
Jun 25 04:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Failed password for invalid user claude from 45.156.87.216 port 45952 ssh2
Jun 25 04:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Connection closed by 45.156.87.216 port 45952 [preauth]
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30780]: Successful su for rubyman by root
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30780]: + ??? root:rubyman
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587903 of user rubyman.
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30780]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587903.
Jun 25 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: Invalid user murat from 187.192.86.153
Jun 25 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: input_userauth_request: invalid user murat [preauth]
Jun 25 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: Invalid user azureuser from 45.156.87.216
Jun 25 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: input_userauth_request: invalid user azureuser [preauth]
Jun 25 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: Failed password for invalid user murat from 187.192.86.153 port 43882 ssh2
Jun 25 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: Received disconnect from 187.192.86.153 port 43882:11: Bye Bye [preauth]
Jun 25 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: Disconnected from 187.192.86.153 port 43882 [preauth]
Jun 25 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27674]: pam_unix(cron:session): session closed for user root
Jun 25 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: Failed password for invalid user azureuser from 45.156.87.216 port 45968 ssh2
Jun 25 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: Connection closed by 45.156.87.216 port 45968 [preauth]
Jun 25 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30714]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31071]: Failed password for root from 45.156.87.216 port 43920 ssh2
Jun 25 04:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31071]: Connection closed by 45.156.87.216 port 43920 [preauth]
Jun 25 04:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: Invalid user frappe from 45.156.87.216
Jun 25 04:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: input_userauth_request: invalid user frappe [preauth]
Jun 25 04:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: Failed password for invalid user frappe from 45.156.87.216 port 43926 ssh2
Jun 25 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: Connection closed by 45.156.87.216 port 43926 [preauth]
Jun 25 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Invalid user systemd from 45.156.87.216
Jun 25 04:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: input_userauth_request: invalid user systemd [preauth]
Jun 25 04:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for invalid user systemd from 45.156.87.216 port 42152 ssh2
Jun 25 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Connection closed by 45.156.87.216 port 42152 [preauth]
Jun 25 04:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: Invalid user teamspeak from 45.156.87.216
Jun 25 04:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 04:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: Failed password for invalid user teamspeak from 45.156.87.216 port 60340 ssh2
Jun 25 04:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: Connection closed by 45.156.87.216 port 60340 [preauth]
Jun 25 04:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: Invalid user user from 45.156.87.216
Jun 25 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: input_userauth_request: invalid user user [preauth]
Jun 25 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session closed for user root
Jun 25 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: Failed password for invalid user user from 45.156.87.216 port 60350 ssh2
Jun 25 04:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: Connection closed by 45.156.87.216 port 60350 [preauth]
Jun 25 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Invalid user fastuser from 45.156.87.216
Jun 25 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Failed password for invalid user fastuser from 45.156.87.216 port 59518 ssh2
Jun 25 04:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Connection closed by 45.156.87.216 port 59518 [preauth]
Jun 25 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: Invalid user administrator from 45.156.87.216
Jun 25 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: input_userauth_request: invalid user administrator [preauth]
Jun 25 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: Failed password for invalid user administrator from 45.156.87.216 port 59528 ssh2
Jun 25 04:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: Connection closed by 45.156.87.216 port 59528 [preauth]
Jun 25 04:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Invalid user hadoop from 45.156.87.216
Jun 25 04:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 04:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Failed password for invalid user hadoop from 45.156.87.216 port 59844 ssh2
Jun 25 04:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Connection closed by 45.156.87.216 port 59844 [preauth]
Jun 25 04:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Invalid user deploy from 45.156.87.216
Jun 25 04:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: input_userauth_request: invalid user deploy [preauth]
Jun 25 04:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Failed password for invalid user deploy from 45.156.87.216 port 41920 ssh2
Jun 25 04:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Connection closed by 45.156.87.216 port 41920 [preauth]
Jun 25 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31234]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31302]: Successful su for rubyman by root
Jun 25 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31302]: + ??? root:rubyman
Jun 25 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587907 of user rubyman.
Jun 25 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31302]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587907.
Jun 25 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31300]: Invalid user odoo from 45.156.87.216
Jun 25 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31300]: input_userauth_request: invalid user odoo [preauth]
Jun 25 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31300]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28268]: pam_unix(cron:session): session closed for user root
Jun 25 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Failed password for root from 79.125.162.32 port 39166 ssh2
Jun 25 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Received disconnect from 79.125.162.32 port 39166:11: Bye Bye [preauth]
Jun 25 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Disconnected from 79.125.162.32 port 39166 [preauth]
Jun 25 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31300]: Failed password for invalid user odoo from 45.156.87.216 port 41934 ssh2
Jun 25 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31300]: Connection closed by 45.156.87.216 port 41934 [preauth]
Jun 25 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31235]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Invalid user alex from 45.156.87.216
Jun 25 04:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: input_userauth_request: invalid user alex [preauth]
Jun 25 04:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Failed password for invalid user alex from 45.156.87.216 port 56076 ssh2
Jun 25 04:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Connection closed by 45.156.87.216 port 56076 [preauth]
Jun 25 04:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Failed password for root from 45.156.87.216 port 56078 ssh2
Jun 25 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Connection closed by 45.156.87.216 port 56078 [preauth]
Jun 25 04:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87  user=root
Jun 25 04:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for root from 45.156.87.216 port 54300 ssh2
Jun 25 04:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Connection closed by 45.156.87.216 port 54300 [preauth]
Jun 25 04:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Failed password for root from 103.112.173.87 port 59580 ssh2
Jun 25 04:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Received disconnect from 103.112.173.87 port 59580:11: Bye Bye [preauth]
Jun 25 04:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Disconnected from 103.112.173.87 port 59580 [preauth]
Jun 25 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Invalid user pi from 45.156.87.216
Jun 25 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: input_userauth_request: invalid user pi [preauth]
Jun 25 04:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Failed password for invalid user pi from 45.156.87.216 port 54316 ssh2
Jun 25 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Connection closed by 45.156.87.216 port 54316 [preauth]
Jun 25 04:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Invalid user reza from 45.156.87.216
Jun 25 04:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: input_userauth_request: invalid user reza [preauth]
Jun 25 04:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Failed password for invalid user reza from 45.156.87.216 port 42314 ssh2
Jun 25 04:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Connection closed by 45.156.87.216 port 42314 [preauth]
Jun 25 04:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30253]: pam_unix(cron:session): session closed for user root
Jun 25 04:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Invalid user gpadmin from 45.156.87.216
Jun 25 04:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: input_userauth_request: invalid user gpadmin [preauth]
Jun 25 04:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Failed password for invalid user gpadmin from 45.156.87.216 port 44578 ssh2
Jun 25 04:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Connection closed by 45.156.87.216 port 44578 [preauth]
Jun 25 04:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: Invalid user fa from 45.156.87.216
Jun 25 04:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: input_userauth_request: invalid user fa [preauth]
Jun 25 04:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: Failed password for invalid user fa from 45.156.87.216 port 44586 ssh2
Jun 25 04:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: Connection closed by 45.156.87.216 port 44586 [preauth]
Jun 25 04:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Invalid user ubuntu from 45.156.87.216
Jun 25 04:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 04:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Failed password for invalid user ubuntu from 45.156.87.216 port 56308 ssh2
Jun 25 04:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Connection closed by 45.156.87.216 port 56308 [preauth]
Jun 25 04:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: Failed password for root from 45.156.87.216 port 56330 ssh2
Jun 25 04:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: Connection closed by 45.156.87.216 port 56330 [preauth]
Jun 25 04:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: Invalid user worker from 45.156.87.216
Jun 25 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: input_userauth_request: invalid user worker [preauth]
Jun 25 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31760]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31833]: Successful su for rubyman by root
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31833]: + ??? root:rubyman
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587911 of user rubyman.
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31833]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587911.
Jun 25 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: Failed password for invalid user worker from 45.156.87.216 port 41180 ssh2
Jun 25 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: Connection closed by 45.156.87.216 port 41180 [preauth]
Jun 25 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28794]: pam_unix(cron:session): session closed for user root
Jun 25 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: Invalid user jellyfin from 45.156.87.216
Jun 25 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31761]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: Failed password for invalid user jellyfin from 45.156.87.216 port 41202 ssh2
Jun 25 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: Connection closed by 45.156.87.216 port 41202 [preauth]
Jun 25 04:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: Failed password for root from 45.156.87.216 port 39874 ssh2
Jun 25 04:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: Connection closed by 45.156.87.216 port 39874 [preauth]
Jun 25 04:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Invalid user gd from 45.156.87.216
Jun 25 04:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: input_userauth_request: invalid user gd [preauth]
Jun 25 04:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Failed password for invalid user gd from 45.156.87.216 port 39892 ssh2
Jun 25 04:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Connection closed by 45.156.87.216 port 39892 [preauth]
Jun 25 04:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: Invalid user cloud-user from 45.156.87.216
Jun 25 04:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: input_userauth_request: invalid user cloud-user [preauth]
Jun 25 04:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: Failed password for invalid user cloud-user from 45.156.87.216 port 59268 ssh2
Jun 25 04:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: Connection closed by 45.156.87.216 port 59268 [preauth]
Jun 25 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: Invalid user amin from 45.156.87.216
Jun 25 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: input_userauth_request: invalid user amin [preauth]
Jun 25 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: Failed password for invalid user amin from 45.156.87.216 port 59274 ssh2
Jun 25 04:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: Connection closed by 45.156.87.216 port 59274 [preauth]
Jun 25 04:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: Invalid user term2 from 45.156.87.216
Jun 25 04:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: input_userauth_request: invalid user term2 [preauth]
Jun 25 04:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: Failed password for invalid user term2 from 45.156.87.216 port 36474 ssh2
Jun 25 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: Connection closed by 45.156.87.216 port 36474 [preauth]
Jun 25 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30716]: pam_unix(cron:session): session closed for user root
Jun 25 04:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Invalid user admin1 from 45.156.87.216
Jun 25 04:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 04:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Failed password for invalid user admin1 from 45.156.87.216 port 36480 ssh2
Jun 25 04:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Connection closed by 45.156.87.216 port 36480 [preauth]
Jun 25 04:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32150]: Failed password for root from 45.156.87.216 port 50372 ssh2
Jun 25 04:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32150]: Connection closed by 45.156.87.216 port 50372 [preauth]
Jun 25 04:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: Failed password for root from 45.156.87.216 port 36646 ssh2
Jun 25 04:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: Connection closed by 45.156.87.216 port 36646 [preauth]
Jun 25 04:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: Invalid user grid from 45.156.87.216
Jun 25 04:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: input_userauth_request: invalid user grid [preauth]
Jun 25 04:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32190]: Connection closed by 144.202.92.17 port 58200 [preauth]
Jun 25 04:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: Failed password for invalid user grid from 45.156.87.216 port 36652 ssh2
Jun 25 04:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: Connection closed by 45.156.87.216 port 36652 [preauth]
Jun 25 04:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: Failed password for root from 45.156.87.216 port 49016 ssh2
Jun 25 04:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: Connection closed by 45.156.87.216 port 49016 [preauth]
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32212]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32324]: Successful su for rubyman by root
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32324]: + ??? root:rubyman
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587917 of user rubyman.
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32324]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587917.
Jun 25 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32210]: pam_unix(cron:session): session closed for user root
Jun 25 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: Invalid user ubuntu from 45.156.87.216
Jun 25 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: Invalid user vpn from 187.192.86.153
Jun 25 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: input_userauth_request: invalid user vpn [preauth]
Jun 25 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29241]: pam_unix(cron:session): session closed for user root
Jun 25 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: Failed password for invalid user ubuntu from 45.156.87.216 port 49036 ssh2
Jun 25 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: Connection closed by 45.156.87.216 port 49036 [preauth]
Jun 25 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: Failed password for invalid user vpn from 187.192.86.153 port 46154 ssh2
Jun 25 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: Received disconnect from 187.192.86.153 port 46154:11: Bye Bye [preauth]
Jun 25 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: Disconnected from 187.192.86.153 port 46154 [preauth]
Jun 25 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32213]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Invalid user core from 45.156.87.216
Jun 25 04:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: input_userauth_request: invalid user core [preauth]
Jun 25 04:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Failed password for invalid user core from 45.156.87.216 port 39008 ssh2
Jun 25 04:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Connection closed by 45.156.87.216 port 39008 [preauth]
Jun 25 04:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: User nobody from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 04:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: input_userauth_request: invalid user nobody [preauth]
Jun 25 04:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=nobody
Jun 25 04:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Failed password for invalid user nobody from 45.156.87.216 port 39014 ssh2
Jun 25 04:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Connection closed by 45.156.87.216 port 39014 [preauth]
Jun 25 04:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Invalid user ubuntu from 45.156.87.216
Jun 25 04:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 04:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Failed password for invalid user ubuntu from 45.156.87.216 port 43106 ssh2
Jun 25 04:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Connection closed by 45.156.87.216 port 43106 [preauth]
Jun 25 04:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: Failed password for root from 45.156.87.216 port 43122 ssh2
Jun 25 04:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: Connection closed by 45.156.87.216 port 43122 [preauth]
Jun 25 04:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: Failed password for root from 45.156.87.216 port 57752 ssh2
Jun 25 04:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: Connection closed by 45.156.87.216 port 57752 [preauth]
Jun 25 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31239]: pam_unix(cron:session): session closed for user root
Jun 25 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: Invalid user admin from 45.156.87.216
Jun 25 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: input_userauth_request: invalid user admin [preauth]
Jun 25 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 04:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: Failed password for invalid user admin from 45.156.87.216 port 57754 ssh2
Jun 25 04:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: Connection closed by 45.156.87.216 port 57754 [preauth]
Jun 25 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: Failed password for root from 79.125.162.32 port 57049 ssh2
Jun 25 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: Received disconnect from 79.125.162.32 port 57049:11: Bye Bye [preauth]
Jun 25 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: Disconnected from 79.125.162.32 port 57049 [preauth]
Jun 25 04:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: Failed password for root from 45.156.87.216 port 52074 ssh2
Jun 25 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: Connection closed by 45.156.87.216 port 52074 [preauth]
Jun 25 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 04:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: Invalid user avax from 45.156.87.216
Jun 25 04:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: input_userauth_request: invalid user avax [preauth]
Jun 25 04:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: Failed password for root from 103.82.20.28 port 47366 ssh2
Jun 25 04:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: Connection closed by 103.82.20.28 port 47366 [preauth]
Jun 25 04:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: Failed password for invalid user avax from 45.156.87.216 port 52078 ssh2
Jun 25 04:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32699]: Connection closed by 45.156.87.216 port 52078 [preauth]
Jun 25 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: Invalid user app from 45.156.87.216
Jun 25 04:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: input_userauth_request: invalid user app [preauth]
Jun 25 04:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: Failed password for invalid user app from 45.156.87.216 port 53370 ssh2
Jun 25 04:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: Connection closed by 45.156.87.216 port 53370 [preauth]
Jun 25 04:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Invalid user user from 45.156.87.216
Jun 25 04:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: input_userauth_request: invalid user user [preauth]
Jun 25 04:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Failed password for invalid user user from 45.156.87.216 port 53386 ssh2
Jun 25 04:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Connection closed by 45.156.87.216 port 53386 [preauth]
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: Invalid user uploader from 45.156.87.216
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: input_userauth_request: invalid user uploader [preauth]
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32744]: pam_unix(cron:session): session closed for user root
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[346]: Successful su for rubyman by root
Jun 25 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[346]: + ??? root:rubyman
Jun 25 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587922 of user rubyman.
Jun 25 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[346]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587922.
Jun 25 04:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: Failed password for invalid user uploader from 45.156.87.216 port 35272 ssh2
Jun 25 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: Connection closed by 45.156.87.216 port 35272 [preauth]
Jun 25 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32741]: pam_unix(cron:session): session closed for user root
Jun 25 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session closed for user root
Jun 25 04:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32740]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: Invalid user calvin from 45.156.87.216
Jun 25 04:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: input_userauth_request: invalid user calvin [preauth]
Jun 25 04:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: Failed password for invalid user calvin from 45.156.87.216 port 46422 ssh2
Jun 25 04:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[697]: Connection closed by 45.156.87.216 port 46422 [preauth]
Jun 25 04:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Invalid user potok from 45.156.87.216
Jun 25 04:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: input_userauth_request: invalid user potok [preauth]
Jun 25 04:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Failed password for invalid user potok from 45.156.87.216 port 46434 ssh2
Jun 25 04:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Connection closed by 45.156.87.216 port 46434 [preauth]
Jun 25 04:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Invalid user postgres from 45.156.87.216
Jun 25 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: input_userauth_request: invalid user postgres [preauth]
Jun 25 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Failed password for invalid user postgres from 45.156.87.216 port 38302 ssh2
Jun 25 04:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Connection closed by 45.156.87.216 port 38302 [preauth]
Jun 25 04:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: Failed password for root from 45.156.87.216 port 38316 ssh2
Jun 25 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: Connection closed by 45.156.87.216 port 38316 [preauth]
Jun 25 04:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[776]: Failed password for root from 45.156.87.216 port 39114 ssh2
Jun 25 04:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[776]: Connection closed by 45.156.87.216 port 39114 [preauth]
Jun 25 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31763]: pam_unix(cron:session): session closed for user root
Jun 25 04:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Invalid user odoo18 from 45.156.87.216
Jun 25 04:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: input_userauth_request: invalid user odoo18 [preauth]
Jun 25 04:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Failed password for invalid user odoo18 from 45.156.87.216 port 39144 ssh2
Jun 25 04:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Connection closed by 45.156.87.216 port 39144 [preauth]
Jun 25 04:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: Invalid user ec2-user from 45.156.87.216
Jun 25 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: Failed password for invalid user ec2-user from 45.156.87.216 port 44240 ssh2
Jun 25 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: Connection closed by 45.156.87.216 port 44240 [preauth]
Jun 25 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Invalid user murat from 103.112.173.87
Jun 25 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: input_userauth_request: invalid user murat [preauth]
Jun 25 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Failed password for invalid user murat from 103.112.173.87 port 40864 ssh2
Jun 25 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Received disconnect from 103.112.173.87 port 40864:11: Bye Bye [preauth]
Jun 25 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[834]: Disconnected from 103.112.173.87 port 40864 [preauth]
Jun 25 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: Invalid user user from 45.156.87.216
Jun 25 04:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: input_userauth_request: invalid user user [preauth]
Jun 25 04:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: Failed password for invalid user user from 45.156.87.216 port 44246 ssh2
Jun 25 04:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: Connection closed by 45.156.87.216 port 44246 [preauth]
Jun 25 04:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Invalid user milad from 45.156.87.216
Jun 25 04:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: input_userauth_request: invalid user milad [preauth]
Jun 25 04:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Failed password for invalid user milad from 45.156.87.216 port 57052 ssh2
Jun 25 04:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Connection closed by 45.156.87.216 port 57052 [preauth]
Jun 25 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: Invalid user ai from 45.156.87.216
Jun 25 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: input_userauth_request: invalid user ai [preauth]
Jun 25 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: Failed password for invalid user ai from 45.156.87.216 port 59680 ssh2
Jun 25 04:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[872]: Connection closed by 45.156.87.216 port 59680 [preauth]
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[885]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[960]: Successful su for rubyman by root
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[960]: + ??? root:rubyman
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587926 of user rubyman.
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[960]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587926.
Jun 25 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1017]: Invalid user debian from 45.156.87.216
Jun 25 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1017]: input_userauth_request: invalid user debian [preauth]
Jun 25 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1017]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30252]: pam_unix(cron:session): session closed for user root
Jun 25 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1017]: Failed password for invalid user debian from 45.156.87.216 port 59690 ssh2
Jun 25 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1017]: Connection closed by 45.156.87.216 port 59690 [preauth]
Jun 25 04:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[887]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Invalid user uftp from 45.156.87.216
Jun 25 04:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: input_userauth_request: invalid user uftp [preauth]
Jun 25 04:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Failed password for invalid user uftp from 45.156.87.216 port 50252 ssh2
Jun 25 04:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Connection closed by 45.156.87.216 port 50252 [preauth]
Jun 25 04:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: Invalid user deployer from 45.156.87.216
Jun 25 04:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: input_userauth_request: invalid user deployer [preauth]
Jun 25 04:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: Failed password for invalid user deployer from 45.156.87.216 port 50272 ssh2
Jun 25 04:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1195]: Connection closed by 45.156.87.216 port 50272 [preauth]
Jun 25 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: Invalid user main from 45.156.87.216
Jun 25 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: input_userauth_request: invalid user main [preauth]
Jun 25 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 04:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: Failed password for invalid user main from 45.156.87.216 port 36484 ssh2
Jun 25 04:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: Connection closed by 45.156.87.216 port 36484 [preauth]
Jun 25 04:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Failed password for root from 103.82.132.16 port 41878 ssh2
Jun 25 04:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Connection closed by 103.82.132.16 port 41878 [preauth]
Jun 25 04:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: Invalid user jenkins from 45.156.87.216
Jun 25 04:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 04:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: Failed password for invalid user jenkins from 45.156.87.216 port 36490 ssh2
Jun 25 04:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: Connection closed by 45.156.87.216 port 36490 [preauth]
Jun 25 04:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Failed password for root from 45.156.87.216 port 55958 ssh2
Jun 25 04:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Connection closed by 45.156.87.216 port 55958 [preauth]
Jun 25 04:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session closed for user root
Jun 25 04:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Invalid user newuser from 45.156.87.216
Jun 25 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: input_userauth_request: invalid user newuser [preauth]
Jun 25 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Failed password for invalid user newuser from 45.156.87.216 port 55964 ssh2
Jun 25 04:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Connection closed by 45.156.87.216 port 55964 [preauth]
Jun 25 04:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: Invalid user devops from 45.156.87.216
Jun 25 04:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: input_userauth_request: invalid user devops [preauth]
Jun 25 04:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: Failed password for invalid user devops from 45.156.87.216 port 48658 ssh2
Jun 25 04:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: Connection closed by 45.156.87.216 port 48658 [preauth]
Jun 25 04:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Invalid user tester from 45.156.87.216
Jun 25 04:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: input_userauth_request: invalid user tester [preauth]
Jun 25 04:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Failed password for invalid user tester from 45.156.87.216 port 58302 ssh2
Jun 25 04:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Connection closed by 45.156.87.216 port 58302 [preauth]
Jun 25 04:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: Invalid user openclaw from 45.156.87.216
Jun 25 04:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 04:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: Failed password for invalid user openclaw from 45.156.87.216 port 58304 ssh2
Jun 25 04:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: Connection closed by 45.156.87.216 port 58304 [preauth]
Jun 25 04:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 25 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Invalid user security from 45.156.87.216
Jun 25 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: input_userauth_request: invalid user security [preauth]
Jun 25 04:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Failed password for root from 187.192.86.153 port 45994 ssh2
Jun 25 04:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Received disconnect from 187.192.86.153 port 45994:11: Bye Bye [preauth]
Jun 25 04:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Disconnected from 187.192.86.153 port 45994 [preauth]
Jun 25 04:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Failed password for invalid user security from 45.156.87.216 port 40122 ssh2
Jun 25 04:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Connection closed by 45.156.87.216 port 40122 [preauth]
Jun 25 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1394]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1551]: Successful su for rubyman by root
Jun 25 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1551]: + ??? root:rubyman
Jun 25 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587931 of user rubyman.
Jun 25 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1551]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587931.
Jun 25 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30715]: pam_unix(cron:session): session closed for user root
Jun 25 04:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1693]: Failed password for root from 45.156.87.216 port 40136 ssh2
Jun 25 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1395]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1693]: Connection closed by 45.156.87.216 port 40136 [preauth]
Jun 25 04:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: Invalid user user2 from 45.156.87.216
Jun 25 04:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: input_userauth_request: invalid user user2 [preauth]
Jun 25 04:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: Failed password for invalid user user2 from 45.156.87.216 port 46598 ssh2
Jun 25 04:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: Connection closed by 45.156.87.216 port 46598 [preauth]
Jun 25 04:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.125.162.32  user=root
Jun 25 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: Failed password for root from 45.156.87.216 port 46614 ssh2
Jun 25 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: Connection closed by 45.156.87.216 port 46614 [preauth]
Jun 25 04:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Failed password for root from 79.125.162.32 port 45919 ssh2
Jun 25 04:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Received disconnect from 79.125.162.32 port 45919:11: Bye Bye [preauth]
Jun 25 04:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Disconnected from 79.125.162.32 port 45919 [preauth]
Jun 25 04:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Invalid user botuser from 45.156.87.216
Jun 25 04:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: input_userauth_request: invalid user botuser [preauth]
Jun 25 04:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for invalid user botuser from 45.156.87.216 port 57802 ssh2
Jun 25 04:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Connection closed by 45.156.87.216 port 57802 [preauth]
Jun 25 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Invalid user user1 from 45.156.87.216
Jun 25 04:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: input_userauth_request: invalid user user1 [preauth]
Jun 25 04:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Failed password for invalid user user1 from 45.156.87.216 port 57812 ssh2
Jun 25 04:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Connection closed by 45.156.87.216 port 57812 [preauth]
Jun 25 04:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Invalid user ubuntu from 45.156.87.216
Jun 25 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Failed password for invalid user ubuntu from 45.156.87.216 port 54630 ssh2
Jun 25 04:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Connection closed by 45.156.87.216 port 54630 [preauth]
Jun 25 04:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32743]: pam_unix(cron:session): session closed for user root
Jun 25 04:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 04:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Failed password for root from 103.27.238.116 port 36048 ssh2
Jun 25 04:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Connection closed by 103.27.238.116 port 36048 [preauth]
Jun 25 04:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Invalid user erpnext from 45.156.87.216
Jun 25 04:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: input_userauth_request: invalid user erpnext [preauth]
Jun 25 04:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Failed password for invalid user erpnext from 45.156.87.216 port 59386 ssh2
Jun 25 04:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Connection closed by 45.156.87.216 port 59386 [preauth]
Jun 25 04:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: Invalid user test from 45.156.87.216
Jun 25 04:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: input_userauth_request: invalid user test [preauth]
Jun 25 04:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: Failed password for invalid user test from 45.156.87.216 port 59390 ssh2
Jun 25 04:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: Connection closed by 45.156.87.216 port 59390 [preauth]
Jun 25 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: Invalid user postgres from 45.156.87.216
Jun 25 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: input_userauth_request: invalid user postgres [preauth]
Jun 25 04:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: Failed password for invalid user postgres from 45.156.87.216 port 52596 ssh2
Jun 25 04:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1944]: Connection closed by 45.156.87.216 port 52596 [preauth]
Jun 25 04:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Invalid user neptune from 45.156.87.216
Jun 25 04:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: input_userauth_request: invalid user neptune [preauth]
Jun 25 04:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Failed password for invalid user neptune from 45.156.87.216 port 52600 ssh2
Jun 25 04:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Connection closed by 45.156.87.216 port 52600 [preauth]
Jun 25 04:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: Invalid user jellyfin from 45.156.87.216
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1974]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: Successful su for rubyman by root
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: + ??? root:rubyman
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587936 of user rubyman.
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587936.
Jun 25 04:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: Failed password for invalid user jellyfin from 45.156.87.216 port 59588 ssh2
Jun 25 04:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: Connection closed by 45.156.87.216 port 59588 [preauth]
Jun 25 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31238]: pam_unix(cron:session): session closed for user root
Jun 25 04:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1975]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Invalid user operator from 45.156.87.216
Jun 25 04:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: input_userauth_request: invalid user operator [preauth]
Jun 25 04:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Failed password for invalid user operator from 45.156.87.216 port 48170 ssh2
Jun 25 04:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Connection closed by 45.156.87.216 port 48170 [preauth]
Jun 25 04:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: Invalid user nicole from 141.98.83.240
Jun 25 04:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: input_userauth_request: invalid user nicole [preauth]
Jun 25 04:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 04:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: User ftp from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 04:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: input_userauth_request: invalid user ftp [preauth]
Jun 25 04:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=ftp
Jun 25 04:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: Failed password for invalid user nicole from 141.98.83.240 port 56144 ssh2
Jun 25 04:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Failed password for invalid user ftp from 45.156.87.216 port 48176 ssh2
Jun 25 04:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Connection closed by 45.156.87.216 port 48176 [preauth]
Jun 25 04:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: Failed password for invalid user nicole from 141.98.83.240 port 56144 ssh2
Jun 25 04:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: Failed password for invalid user nicole from 141.98.83.240 port 56144 ssh2
Jun 25 04:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: Connection closed by 141.98.83.240 port 56144 [preauth]
Jun 25 04:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 04:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Invalid user frappe from 45.156.87.216
Jun 25 04:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: input_userauth_request: invalid user frappe [preauth]
Jun 25 04:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Failed password for invalid user frappe from 45.156.87.216 port 47864 ssh2
Jun 25 04:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Connection closed by 45.156.87.216 port 47864 [preauth]
Jun 25 04:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Invalid user packer from 45.156.87.216
Jun 25 04:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: input_userauth_request: invalid user packer [preauth]
Jun 25 04:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Failed password for invalid user packer from 45.156.87.216 port 47888 ssh2
Jun 25 04:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Connection closed by 45.156.87.216 port 47888 [preauth]
Jun 25 04:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Invalid user gns3 from 45.156.87.216
Jun 25 04:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: input_userauth_request: invalid user gns3 [preauth]
Jun 25 04:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Failed password for invalid user gns3 from 45.156.87.216 port 33650 ssh2
Jun 25 04:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Connection closed by 45.156.87.216 port 33650 [preauth]
Jun 25 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[889]: pam_unix(cron:session): session closed for user root
Jun 25 04:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Invalid user kim from 45.156.87.216
Jun 25 04:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: input_userauth_request: invalid user kim [preauth]
Jun 25 04:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Failed password for invalid user kim from 45.156.87.216 port 33664 ssh2
Jun 25 04:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Connection closed by 45.156.87.216 port 33664 [preauth]
Jun 25 04:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: Invalid user ubuntu from 45.156.87.216
Jun 25 04:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 04:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: Failed password for invalid user ubuntu from 45.156.87.216 port 44730 ssh2
Jun 25 04:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: Connection closed by 45.156.87.216 port 44730 [preauth]
Jun 25 04:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: Failed password for root from 45.156.87.216 port 60286 ssh2
Jun 25 04:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: Connection closed by 45.156.87.216 port 60286 [preauth]
Jun 25 04:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Failed password for root from 45.156.87.216 port 60294 ssh2
Jun 25 04:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Connection closed by 45.156.87.216 port 60294 [preauth]
Jun 25 04:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Invalid user node from 45.156.87.216
Jun 25 04:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: input_userauth_request: invalid user node [preauth]
Jun 25 04:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Failed password for invalid user node from 45.156.87.216 port 38386 ssh2
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Connection closed by 45.156.87.216 port 38386 [preauth]
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2521]: Successful su for rubyman by root
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2521]: + ??? root:rubyman
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587938 of user rubyman.
Jun 25 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2521]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587938.
Jun 25 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31762]: pam_unix(cron:session): session closed for user root
Jun 25 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Invalid user fred from 45.156.87.216
Jun 25 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: input_userauth_request: invalid user fred [preauth]
Jun 25 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2453]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Failed password for invalid user fred from 45.156.87.216 port 38396 ssh2
Jun 25 04:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Connection closed by 45.156.87.216 port 38396 [preauth]
Jun 25 04:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Failed password for root from 45.156.87.216 port 54652 ssh2
Jun 25 04:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Connection closed by 45.156.87.216 port 54652 [preauth]
Jun 25 04:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Invalid user appuser from 45.156.87.216
Jun 25 04:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: input_userauth_request: invalid user appuser [preauth]
Jun 25 04:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Failed password for invalid user appuser from 45.156.87.216 port 54664 ssh2
Jun 25 04:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Connection closed by 45.156.87.216 port 54664 [preauth]
Jun 25 04:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Invalid user niaoyun from 45.156.87.216
Jun 25 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: input_userauth_request: invalid user niaoyun [preauth]
Jun 25 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Failed password for invalid user niaoyun from 45.156.87.216 port 47226 ssh2
Jun 25 04:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Connection closed by 45.156.87.216 port 47226 [preauth]
Jun 25 04:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: Invalid user server from 45.156.87.216
Jun 25 04:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: input_userauth_request: invalid user server [preauth]
Jun 25 04:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: Failed password for invalid user server from 45.156.87.216 port 43348 ssh2
Jun 25 04:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: Connection closed by 45.156.87.216 port 43348 [preauth]
Jun 25 04:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1398]: pam_unix(cron:session): session closed for user root
Jun 25 04:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Failed password for root from 45.156.87.216 port 43358 ssh2
Jun 25 04:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Connection closed by 45.156.87.216 port 43358 [preauth]
Jun 25 04:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Invalid user odoo16 from 45.156.87.216
Jun 25 04:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: input_userauth_request: invalid user odoo16 [preauth]
Jun 25 04:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Failed password for invalid user odoo16 from 45.156.87.216 port 46218 ssh2
Jun 25 04:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Connection closed by 45.156.87.216 port 46218 [preauth]
Jun 25 04:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Invalid user vpn from 45.156.87.216
Jun 25 04:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: input_userauth_request: invalid user vpn [preauth]
Jun 25 04:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Failed password for invalid user vpn from 45.156.87.216 port 46230 ssh2
Jun 25 04:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Connection closed by 45.156.87.216 port 46230 [preauth]
Jun 25 04:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Invalid user oper from 187.192.86.153
Jun 25 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: input_userauth_request: invalid user oper [preauth]
Jun 25 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 04:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: Failed password for root from 45.156.87.216 port 57260 ssh2
Jun 25 04:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: Connection closed by 45.156.87.216 port 57260 [preauth]
Jun 25 04:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Failed password for invalid user oper from 187.192.86.153 port 37654 ssh2
Jun 25 04:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Received disconnect from 187.192.86.153 port 37654:11: Bye Bye [preauth]
Jun 25 04:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Disconnected from 187.192.86.153 port 37654 [preauth]
Jun 25 04:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Invalid user appuser from 45.156.87.216
Jun 25 04:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: input_userauth_request: invalid user appuser [preauth]
Jun 25 04:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Failed password for invalid user appuser from 45.156.87.216 port 55980 ssh2
Jun 25 04:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Connection closed by 45.156.87.216 port 55980 [preauth]
Jun 25 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session closed for user root
Jun 25 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2903]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2971]: Successful su for rubyman by root
Jun 25 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2971]: + ??? root:rubyman
Jun 25 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587944 of user rubyman.
Jun 25 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2971]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587944.
Jun 25 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Invalid user admin from 45.156.87.216
Jun 25 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: input_userauth_request: invalid user admin [preauth]
Jun 25 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session closed for user root
Jun 25 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Failed password for invalid user admin from 45.156.87.216 port 55992 ssh2
Jun 25 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Connection closed by 45.156.87.216 port 55992 [preauth]
Jun 25 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32214]: pam_unix(cron:session): session closed for user root
Jun 25 04:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2904]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3177]: Failed password for root from 45.156.87.216 port 55772 ssh2
Jun 25 04:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3177]: Connection closed by 45.156.87.216 port 55772 [preauth]
Jun 25 04:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: Invalid user app from 45.156.87.216
Jun 25 04:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: input_userauth_request: invalid user app [preauth]
Jun 25 04:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: Failed password for invalid user app from 45.156.87.216 port 55800 ssh2
Jun 25 04:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: Connection closed by 45.156.87.216 port 55800 [preauth]
Jun 25 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: Invalid user user from 45.156.87.216
Jun 25 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: input_userauth_request: invalid user user [preauth]
Jun 25 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: Failed password for invalid user user from 45.156.87.216 port 43248 ssh2
Jun 25 04:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: Connection closed by 45.156.87.216 port 43248 [preauth]
Jun 25 04:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Invalid user admin from 45.156.87.216
Jun 25 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: input_userauth_request: invalid user admin [preauth]
Jun 25 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Failed password for invalid user admin from 45.156.87.216 port 43262 ssh2
Jun 25 04:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Connection closed by 45.156.87.216 port 43262 [preauth]
Jun 25 04:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Invalid user teamspeak from 45.156.87.216
Jun 25 04:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 04:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1979]: pam_unix(cron:session): session closed for user root
Jun 25 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Failed password for invalid user teamspeak from 45.156.87.216 port 42864 ssh2
Jun 25 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Connection closed by 45.156.87.216 port 42864 [preauth]
Jun 25 04:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: Failed password for root from 45.156.87.216 port 34632 ssh2
Jun 25 04:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: Connection closed by 45.156.87.216 port 34632 [preauth]
Jun 25 04:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Invalid user hu from 45.156.87.216
Jun 25 04:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: input_userauth_request: invalid user hu [preauth]
Jun 25 04:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Failed password for invalid user hu from 45.156.87.216 port 34678 ssh2
Jun 25 04:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Connection closed by 45.156.87.216 port 34678 [preauth]
Jun 25 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: Invalid user user3 from 45.156.87.216
Jun 25 04:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: input_userauth_request: invalid user user3 [preauth]
Jun 25 04:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: Failed password for invalid user user3 from 45.156.87.216 port 39962 ssh2
Jun 25 04:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3315]: Connection closed by 45.156.87.216 port 39962 [preauth]
Jun 25 04:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: Invalid user admin1 from 45.156.87.216
Jun 25 04:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 04:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: Failed password for invalid user admin1 from 45.156.87.216 port 39976 ssh2
Jun 25 04:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3325]: Connection closed by 45.156.87.216 port 39976 [preauth]
Jun 25 04:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3348]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3412]: Successful su for rubyman by root
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3412]: + ??? root:rubyman
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587948 of user rubyman.
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3412]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587948.
Jun 25 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3345]: Failed password for root from 45.156.87.216 port 52112 ssh2
Jun 25 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3345]: Connection closed by 45.156.87.216 port 52112 [preauth]
Jun 25 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32742]: pam_unix(cron:session): session closed for user root
Jun 25 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Invalid user gitlab from 45.156.87.216
Jun 25 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: input_userauth_request: invalid user gitlab [preauth]
Jun 25 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Failed password for invalid user gitlab from 45.156.87.216 port 52118 ssh2
Jun 25 04:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Connection closed by 45.156.87.216 port 52118 [preauth]
Jun 25 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Invalid user toto from 45.156.87.216
Jun 25 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: input_userauth_request: invalid user toto [preauth]
Jun 25 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Failed password for invalid user toto from 45.156.87.216 port 36674 ssh2
Jun 25 04:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Connection closed by 45.156.87.216 port 36674 [preauth]
Jun 25 04:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Invalid user ubuntu from 45.156.87.216
Jun 25 04:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 04:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Failed password for invalid user ubuntu from 45.156.87.216 port 52934 ssh2
Jun 25 04:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Connection closed by 45.156.87.216 port 52934 [preauth]
Jun 25 04:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: Invalid user deployer from 45.156.87.216
Jun 25 04:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: input_userauth_request: invalid user deployer [preauth]
Jun 25 04:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: Failed password for invalid user deployer from 45.156.87.216 port 52942 ssh2
Jun 25 04:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: Connection closed by 45.156.87.216 port 52942 [preauth]
Jun 25 04:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Invalid user gg from 45.156.87.216
Jun 25 04:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: input_userauth_request: invalid user gg [preauth]
Jun 25 04:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Failed password for invalid user gg from 45.156.87.216 port 34756 ssh2
Jun 25 04:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Connection closed by 45.156.87.216 port 34756 [preauth]
Jun 25 04:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2455]: pam_unix(cron:session): session closed for user root
Jun 25 04:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3798]: Failed password for root from 45.156.87.216 port 34768 ssh2
Jun 25 04:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3798]: Connection closed by 45.156.87.216 port 34768 [preauth]
Jun 25 04:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Failed password for root from 45.156.87.216 port 59498 ssh2
Jun 25 04:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Connection closed by 45.156.87.216 port 59498 [preauth]
Jun 25 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: Invalid user gateway from 45.156.87.216
Jun 25 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: input_userauth_request: invalid user gateway [preauth]
Jun 25 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: Failed password for invalid user gateway from 45.156.87.216 port 35664 ssh2
Jun 25 04:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: Connection closed by 45.156.87.216 port 35664 [preauth]
Jun 25 04:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Failed password for root from 45.156.87.216 port 35672 ssh2
Jun 25 04:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Connection closed by 45.156.87.216 port 35672 [preauth]
Jun 25 04:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Invalid user runner from 45.156.87.216
Jun 25 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: input_userauth_request: invalid user runner [preauth]
Jun 25 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Failed password for invalid user runner from 45.156.87.216 port 34666 ssh2
Jun 25 04:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3873]: Connection closed by 45.156.87.216 port 34666 [preauth]
Jun 25 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3875]: pam_unix(cron:session): session closed for user root
Jun 25 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4007]: Successful su for rubyman by root
Jun 25 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4007]: + ??? root:rubyman
Jun 25 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587952 of user rubyman.
Jun 25 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4007]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587952.
Jun 25 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Invalid user jack from 45.156.87.216
Jun 25 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: input_userauth_request: invalid user jack [preauth]
Jun 25 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[888]: pam_unix(cron:session): session closed for user root
Jun 25 04:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Failed password for invalid user jack from 45.156.87.216 port 34668 ssh2
Jun 25 04:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Connection closed by 45.156.87.216 port 34668 [preauth]
Jun 25 04:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3920]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Failed password for root from 45.156.87.216 port 52496 ssh2
Jun 25 04:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Connection closed by 45.156.87.216 port 52496 [preauth]
Jun 25 04:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: Invalid user ubuntu from 45.156.87.216
Jun 25 04:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 04:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: Failed password for invalid user ubuntu from 45.156.87.216 port 52542 ssh2
Jun 25 04:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: Connection closed by 45.156.87.216 port 52542 [preauth]
Jun 25 04:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: Invalid user username from 45.156.87.216
Jun 25 04:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: input_userauth_request: invalid user username [preauth]
Jun 25 04:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: Failed password for invalid user username from 45.156.87.216 port 56352 ssh2
Jun 25 04:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: Connection closed by 45.156.87.216 port 56352 [preauth]
Jun 25 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Invalid user openclaw from 45.156.87.216
Jun 25 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 04:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Failed password for invalid user openclaw from 45.156.87.216 port 39730 ssh2
Jun 25 04:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Connection closed by 45.156.87.216 port 39730 [preauth]
Jun 25 04:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: User mysql from 45.156.87.216 not allowed because not listed in AllowUsers
Jun 25 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: input_userauth_request: invalid user mysql [preauth]
Jun 25 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: Invalid user vpn from 103.112.173.87
Jun 25 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: input_userauth_request: invalid user vpn [preauth]
Jun 25 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=mysql
Jun 25 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session closed for user root
Jun 25 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: Failed password for invalid user vpn from 103.112.173.87 port 43324 ssh2
Jun 25 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: Failed password for invalid user mysql from 45.156.87.216 port 39746 ssh2
Jun 25 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: Received disconnect from 103.112.173.87 port 43324:11: Bye Bye [preauth]
Jun 25 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4310]: Disconnected from 103.112.173.87 port 43324 [preauth]
Jun 25 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: Connection closed by 45.156.87.216 port 39746 [preauth]
Jun 25 04:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: Invalid user dev from 45.156.87.216
Jun 25 04:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: input_userauth_request: invalid user dev [preauth]
Jun 25 04:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: Failed password for invalid user dev from 45.156.87.216 port 34346 ssh2
Jun 25 04:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: Connection closed by 45.156.87.216 port 34346 [preauth]
Jun 25 04:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: Failed password for root from 45.156.87.216 port 34348 ssh2
Jun 25 04:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4366]: Connection closed by 45.156.87.216 port 34348 [preauth]
Jun 25 04:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Invalid user admin from 45.156.87.216
Jun 25 04:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: input_userauth_request: invalid user admin [preauth]
Jun 25 04:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Failed password for invalid user admin from 45.156.87.216 port 47058 ssh2
Jun 25 04:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Connection closed by 45.156.87.216 port 47058 [preauth]
Jun 25 04:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4391]: Invalid user sam from 45.156.87.216
Jun 25 04:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4391]: input_userauth_request: invalid user sam [preauth]
Jun 25 04:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4391]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4391]: Failed password for invalid user sam from 45.156.87.216 port 47064 ssh2
Jun 25 04:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4391]: Connection closed by 45.156.87.216 port 47064 [preauth]
Jun 25 04:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4407]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: Invalid user oussama from 187.192.86.153
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: input_userauth_request: invalid user oussama [preauth]
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: Invalid user elasticsearch from 45.156.87.216
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4469]: Successful su for rubyman by root
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4469]: + ??? root:rubyman
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587958 of user rubyman.
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4469]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587958.
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: Failed password for invalid user oussama from 187.192.86.153 port 52380 ssh2
Jun 25 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: Received disconnect from 187.192.86.153 port 52380:11: Bye Bye [preauth]
Jun 25 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: Disconnected from 187.192.86.153 port 52380 [preauth]
Jun 25 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: Failed password for invalid user elasticsearch from 45.156.87.216 port 60364 ssh2
Jun 25 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: Connection closed by 45.156.87.216 port 60364 [preauth]
Jun 25 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session closed for user root
Jun 25 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4408]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Invalid user dev from 45.156.87.216
Jun 25 04:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: input_userauth_request: invalid user dev [preauth]
Jun 25 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Failed password for invalid user dev from 45.156.87.216 port 40432 ssh2
Jun 25 04:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Connection closed by 45.156.87.216 port 40432 [preauth]
Jun 25 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Invalid user developer from 45.156.87.216
Jun 25 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: input_userauth_request: invalid user developer [preauth]
Jun 25 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Failed password for invalid user developer from 45.156.87.216 port 40448 ssh2
Jun 25 04:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Connection closed by 45.156.87.216 port 40448 [preauth]
Jun 25 04:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: Invalid user splunk from 45.156.87.216
Jun 25 04:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: input_userauth_request: invalid user splunk [preauth]
Jun 25 04:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: Failed password for invalid user splunk from 45.156.87.216 port 35876 ssh2
Jun 25 04:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4694]: Connection closed by 45.156.87.216 port 35876 [preauth]
Jun 25 04:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Failed password for root from 45.156.87.216 port 35890 ssh2
Jun 25 04:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Connection closed by 45.156.87.216 port 35890 [preauth]
Jun 25 04:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Invalid user oracle from 45.156.87.216
Jun 25 04:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: input_userauth_request: invalid user oracle [preauth]
Jun 25 04:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Failed password for invalid user oracle from 45.156.87.216 port 36234 ssh2
Jun 25 04:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Connection closed by 45.156.87.216 port 36234 [preauth]
Jun 25 04:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 04:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session closed for user root
Jun 25 04:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Failed password for root from 176.32.39.21 port 42730 ssh2
Jun 25 04:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Connection closed by 176.32.39.21 port 42730 [preauth]
Jun 25 04:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Invalid user runner from 45.156.87.216
Jun 25 04:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: input_userauth_request: invalid user runner [preauth]
Jun 25 04:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Failed password for invalid user runner from 45.156.87.216 port 36246 ssh2
Jun 25 04:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Connection closed by 45.156.87.216 port 36246 [preauth]
Jun 25 04:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Invalid user data from 45.156.87.216
Jun 25 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: input_userauth_request: invalid user data [preauth]
Jun 25 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216
Jun 25 04:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Failed password for invalid user data from 45.156.87.216 port 38812 ssh2
Jun 25 04:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Connection closed by 45.156.87.216 port 38812 [preauth]
Jun 25 04:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.216  user=root
Jun 25 04:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Failed password for root from 45.156.87.216 port 39836 ssh2
Jun 25 04:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Connection closed by 45.156.87.216 port 39836 [preauth]
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5010]: Successful su for rubyman by root
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5010]: + ??? root:rubyman
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587963 of user rubyman.
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5010]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587963.
Jun 25 04:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1978]: pam_unix(cron:session): session closed for user root
Jun 25 04:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4947]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session closed for user root
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session closed for user root
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5343]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5422]: Successful su for rubyman by root
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5422]: + ??? root:rubyman
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587968 of user rubyman.
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5422]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587968.
Jun 25 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session closed for user root
Jun 25 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2454]: pam_unix(cron:session): session closed for user root
Jun 25 04:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4410]: pam_unix(cron:session): session closed for user root
Jun 25 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: Invalid user andrew from 103.112.173.87
Jun 25 04:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: input_userauth_request: invalid user andrew [preauth]
Jun 25 04:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 04:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: Failed password for invalid user andrew from 103.112.173.87 port 59214 ssh2
Jun 25 04:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: Received disconnect from 103.112.173.87 port 59214:11: Bye Bye [preauth]
Jun 25 04:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: Disconnected from 103.112.173.87 port 59214 [preauth]
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5845]: Successful su for rubyman by root
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5845]: + ??? root:rubyman
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587972 of user rubyman.
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5845]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587972.
Jun 25 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2906]: pam_unix(cron:session): session closed for user root
Jun 25 04:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 25 04:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: Failed password for root from 187.192.86.153 port 38908 ssh2
Jun 25 04:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: Received disconnect from 187.192.86.153 port 38908:11: Bye Bye [preauth]
Jun 25 04:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: Disconnected from 187.192.86.153 port 38908 [preauth]
Jun 25 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Failed password for root from 103.122.221.179 port 49718 ssh2
Jun 25 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Connection closed by 103.122.221.179 port 49718 [preauth]
Jun 25 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 04:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: Failed password for root from 38.93.206.2 port 46778 ssh2
Jun 25 04:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: Connection closed by 38.93.206.2 port 46778 [preauth]
Jun 25 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4949]: pam_unix(cron:session): session closed for user root
Jun 25 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6183]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6245]: Successful su for rubyman by root
Jun 25 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6245]: + ??? root:rubyman
Jun 25 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587975 of user rubyman.
Jun 25 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6245]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587975.
Jun 25 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session closed for user root
Jun 25 04:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6184]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session closed for user root
Jun 25 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6568]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6633]: Successful su for rubyman by root
Jun 25 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6633]: + ??? root:rubyman
Jun 25 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587979 of user rubyman.
Jun 25 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6633]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587979.
Jun 25 04:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session closed for user root
Jun 25 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.117.77  user=root
Jun 25 04:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Failed password for root from 14.103.117.77 port 50602 ssh2
Jun 25 04:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Received disconnect from 14.103.117.77 port 50602:11: Bye Bye [preauth]
Jun 25 04:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Disconnected from 14.103.117.77 port 50602 [preauth]
Jun 25 04:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Invalid user admin from 193.233.74.227
Jun 25 04:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: input_userauth_request: invalid user admin [preauth]
Jun 25 04:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.233.74.227
Jun 25 04:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Failed password for invalid user admin from 193.233.74.227 port 43798 ssh2
Jun 25 04:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Connection closed by 193.233.74.227 port 43798 [preauth]
Jun 25 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5777]: pam_unix(cron:session): session closed for user root
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7012]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7137]: Successful su for rubyman by root
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7137]: + ??? root:rubyman
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587983 of user rubyman.
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7137]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587983.
Jun 25 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4409]: pam_unix(cron:session): session closed for user root
Jun 25 04:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Invalid user gm from 187.192.86.153
Jun 25 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: input_userauth_request: invalid user gm [preauth]
Jun 25 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153
Jun 25 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Failed password for invalid user gm from 187.192.86.153 port 40078 ssh2
Jun 25 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Received disconnect from 187.192.86.153 port 40078:11: Bye Bye [preauth]
Jun 25 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Disconnected from 187.192.86.153 port 40078 [preauth]
Jun 25 04:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6186]: pam_unix(cron:session): session closed for user root
Jun 25 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7492]: pam_unix(cron:session): session closed for user root
Jun 25 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7487]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7556]: Successful su for rubyman by root
Jun 25 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7556]: + ??? root:rubyman
Jun 25 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587989 of user rubyman.
Jun 25 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7556]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587989.
Jun 25 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session closed for user root
Jun 25 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4948]: pam_unix(cron:session): session closed for user root
Jun 25 04:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session closed for user root
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8069]: Successful su for rubyman by root
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8069]: + ??? root:rubyman
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587994 of user rubyman.
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8069]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587994.
Jun 25 04:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session closed for user root
Jun 25 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8002]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session closed for user root
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8396]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8459]: Successful su for rubyman by root
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8459]: + ??? root:rubyman
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 587997 of user rubyman.
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8459]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 587997.
Jun 25 04:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session closed for user root
Jun 25 04:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8397]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 04:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8652]: Failed password for root from 103.153.68.219 port 52188 ssh2
Jun 25 04:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8652]: Connection closed by 103.153.68.219 port 52188 [preauth]
Jun 25 04:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.192.86.153  user=root
Jun 25 04:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8705]: Failed password for root from 187.192.86.153 port 58216 ssh2
Jun 25 04:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8705]: Received disconnect from 187.192.86.153 port 58216:11: Bye Bye [preauth]
Jun 25 04:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8705]: Disconnected from 187.192.86.153 port 58216 [preauth]
Jun 25 04:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7491]: pam_unix(cron:session): session closed for user root
Jun 25 04:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8753]: Invalid user oper from 103.112.173.87
Jun 25 04:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8753]: input_userauth_request: invalid user oper [preauth]
Jun 25 04:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8753]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 04:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8753]: Failed password for invalid user oper from 103.112.173.87 port 44948 ssh2
Jun 25 04:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8753]: Received disconnect from 103.112.173.87 port 44948:11: Bye Bye [preauth]
Jun 25 04:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8753]: Disconnected from 103.112.173.87 port 44948 [preauth]
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8868]: Successful su for rubyman by root
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8868]: + ??? root:rubyman
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588002 of user rubyman.
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8868]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588002.
Jun 25 04:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6185]: pam_unix(cron:session): session closed for user root
Jun 25 04:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8004]: pam_unix(cron:session): session closed for user root
Jun 25 04:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: Invalid user martina from 220.127.148.6
Jun 25 04:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: input_userauth_request: invalid user martina [preauth]
Jun 25 04:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.127.148.6
Jun 25 04:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: Failed password for invalid user martina from 220.127.148.6 port 46850 ssh2
Jun 25 04:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: Received disconnect from 220.127.148.6 port 46850:11: Bye Bye [preauth]
Jun 25 04:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9177]: Disconnected from 220.127.148.6 port 46850 [preauth]
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9200]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: Successful su for rubyman by root
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: + ??? root:rubyman
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588006 of user rubyman.
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588006.
Jun 25 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session closed for user root
Jun 25 04:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9201]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8400]: pam_unix(cron:session): session closed for user root
Jun 25 04:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: Invalid user martina from 41.86.34.139
Jun 25 04:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: input_userauth_request: invalid user martina [preauth]
Jun 25 04:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 04:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: Failed password for invalid user martina from 41.86.34.139 port 56116 ssh2
Jun 25 04:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: Received disconnect from 41.86.34.139 port 56116:11: Bye Bye [preauth]
Jun 25 04:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9527]: Disconnected from 41.86.34.139 port 56116 [preauth]
Jun 25 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9590]: pam_unix(cron:session): session closed for user root
Jun 25 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9585]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9662]: Successful su for rubyman by root
Jun 25 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9662]: + ??? root:rubyman
Jun 25 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588010 of user rubyman.
Jun 25 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9662]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588010.
Jun 25 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9587]: pam_unix(cron:session): session closed for user root
Jun 25 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session closed for user root
Jun 25 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9586]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 04:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: Failed password for root from 103.77.242.62 port 55796 ssh2
Jun 25 04:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: Connection closed by 103.77.242.62 port 55796 [preauth]
Jun 25 04:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8808]: pam_unix(cron:session): session closed for user root
Jun 25 04:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Connection closed by 194.59.206.2 port 47876 [preauth]
Jun 25 04:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Invalid user vmail from 103.112.173.87
Jun 25 04:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: input_userauth_request: invalid user vmail [preauth]
Jun 25 04:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.173.87
Jun 25 04:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Failed password for invalid user vmail from 103.112.173.87 port 39502 ssh2
Jun 25 04:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Received disconnect from 103.112.173.87 port 39502:11: Bye Bye [preauth]
Jun 25 04:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Disconnected from 103.112.173.87 port 39502 [preauth]
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10211]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10367]: Successful su for rubyman by root
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10367]: + ??? root:rubyman
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588015 of user rubyman.
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10367]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588015.
Jun 25 04:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7490]: pam_unix(cron:session): session closed for user root
Jun 25 04:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10212]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 25 04:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Failed password for root from 45.148.10.121 port 52634 ssh2
Jun 25 04:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Connection closed by 45.148.10.121 port 52634 [preauth]
Jun 25 04:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9203]: pam_unix(cron:session): session closed for user root
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10713]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10714]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10710]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10782]: Successful su for rubyman by root
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10782]: + ??? root:rubyman
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588020 of user rubyman.
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10782]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588020.
Jun 25 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session closed for user root
Jun 25 04:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10711]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9589]: pam_unix(cron:session): session closed for user root
Jun 25 04:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: Bad protocol version identification '' from 16.58.56.214 port 13898
Jun 25 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11128]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: Successful su for rubyman by root
Jun 25 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: + ??? root:rubyman
Jun 25 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588023 of user rubyman.
Jun 25 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588023.
Jun 25 04:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8399]: pam_unix(cron:session): session closed for user root
Jun 25 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11129]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: Invalid user admin from 2.57.121.25
Jun 25 04:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: input_userauth_request: invalid user admin [preauth]
Jun 25 04:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 04:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: Failed password for invalid user admin from 2.57.121.25 port 44132 ssh2
Jun 25 04:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: Failed password for invalid user admin from 2.57.121.25 port 44132 ssh2
Jun 25 04:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: Failed password for invalid user admin from 2.57.121.25 port 44132 ssh2
Jun 25 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: Connection closed by 2.57.121.25 port 44132 [preauth]
Jun 25 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11419]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 04:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10214]: pam_unix(cron:session): session closed for user root
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11617]: Successful su for rubyman by root
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11617]: + ??? root:rubyman
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588028 of user rubyman.
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11617]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588028.
Jun 25 04:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session closed for user root
Jun 25 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11551]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 04:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: Failed password for root from 129.121.47.136 port 36564 ssh2
Jun 25 04:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: Received disconnect from 129.121.47.136 port 36564:11: Bye Bye [preauth]
Jun 25 04:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: Disconnected from 129.121.47.136 port 36564 [preauth]
Jun 25 04:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: Connection closed by 16.58.56.214 port 52376 [preauth]
Jun 25 04:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 04:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: Failed password for root from 87.251.79.125 port 52406 ssh2
Jun 25 04:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: Connection closed by 87.251.79.125 port 52406 [preauth]
Jun 25 04:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10714]: pam_unix(cron:session): session closed for user root
Jun 25 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session closed for user root
Jun 25 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12015]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: Successful su for rubyman by root
Jun 25 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: + ??? root:rubyman
Jun 25 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588035 of user rubyman.
Jun 25 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588035.
Jun 25 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session closed for user root
Jun 25 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9202]: pam_unix(cron:session): session closed for user root
Jun 25 04:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12016]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 04:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Failed password for root from 202.178.126.219 port 44660 ssh2
Jun 25 04:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Connection closed by 202.178.126.219 port 44660 [preauth]
Jun 25 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11131]: pam_unix(cron:session): session closed for user root
Jun 25 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12562]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12633]: Successful su for rubyman by root
Jun 25 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12633]: + ??? root:rubyman
Jun 25 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588039 of user rubyman.
Jun 25 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12633]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588039.
Jun 25 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9588]: pam_unix(cron:session): session closed for user root
Jun 25 04:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12563]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11553]: pam_unix(cron:session): session closed for user root
Jun 25 04:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 04:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: Failed password for root from 103.176.20.57 port 34614 ssh2
Jun 25 04:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: Connection closed by 103.176.20.57 port 34614 [preauth]
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12981]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13043]: Successful su for rubyman by root
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13043]: + ??? root:rubyman
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588042 of user rubyman.
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13043]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588042.
Jun 25 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10213]: pam_unix(cron:session): session closed for user root
Jun 25 04:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12982]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session closed for user root
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13399]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13458]: Successful su for rubyman by root
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13458]: + ??? root:rubyman
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588046 of user rubyman.
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13458]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588046.
Jun 25 04:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10713]: pam_unix(cron:session): session closed for user root
Jun 25 04:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13400]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12565]: pam_unix(cron:session): session closed for user root
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13921]: Successful su for rubyman by root
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13921]: + ??? root:rubyman
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588049 of user rubyman.
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13921]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588049.
Jun 25 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session closed for user root
Jun 25 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11130]: pam_unix(cron:session): session closed for user root
Jun 25 04:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 25 04:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Failed password for root from 94.159.110.201 port 60702 ssh2
Jun 25 04:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Connection closed by 94.159.110.201 port 60702 [preauth]
Jun 25 04:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12984]: pam_unix(cron:session): session closed for user root
Jun 25 04:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: Invalid user postgres from 193.46.255.86
Jun 25 04:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: input_userauth_request: invalid user postgres [preauth]
Jun 25 04:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 04:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: Failed password for invalid user postgres from 193.46.255.86 port 18872 ssh2
Jun 25 04:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: Failed password for invalid user postgres from 193.46.255.86 port 18872 ssh2
Jun 25 04:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: Failed password for invalid user postgres from 193.46.255.86 port 18872 ssh2
Jun 25 04:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: Connection closed by 193.46.255.86 port 18872 [preauth]
Jun 25 04:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14288]: pam_unix(cron:session): session closed for user root
Jun 25 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14354]: Successful su for rubyman by root
Jun 25 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14354]: + ??? root:rubyman
Jun 25 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588058 of user rubyman.
Jun 25 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14354]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588058.
Jun 25 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session closed for user root
Jun 25 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11552]: pam_unix(cron:session): session closed for user root
Jun 25 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14284]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session closed for user root
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14797]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14869]: Successful su for rubyman by root
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14869]: + ??? root:rubyman
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588060 of user rubyman.
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14869]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588060.
Jun 25 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12018]: pam_unix(cron:session): session closed for user root
Jun 25 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14798]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13803]: pam_unix(cron:session): session closed for user root
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15207]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15273]: Successful su for rubyman by root
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15273]: + ??? root:rubyman
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588065 of user rubyman.
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15273]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588065.
Jun 25 04:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12564]: pam_unix(cron:session): session closed for user root
Jun 25 04:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15208]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 04:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: Failed password for root from 41.86.34.139 port 53228 ssh2
Jun 25 04:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: Received disconnect from 41.86.34.139 port 53228:11: Bye Bye [preauth]
Jun 25 04:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: Disconnected from 41.86.34.139 port 53228 [preauth]
Jun 25 04:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Invalid user openhabian from 141.98.83.240
Jun 25 04:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: input_userauth_request: invalid user openhabian [preauth]
Jun 25 04:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 04:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Failed password for invalid user openhabian from 141.98.83.240 port 63634 ssh2
Jun 25 04:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Failed password for invalid user openhabian from 141.98.83.240 port 63634 ssh2
Jun 25 04:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Failed password for invalid user openhabian from 141.98.83.240 port 63634 ssh2
Jun 25 04:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Connection closed by 141.98.83.240 port 63634 [preauth]
Jun 25 04:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 04:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14287]: pam_unix(cron:session): session closed for user root
Jun 25 04:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Invalid user ofbiz from 129.121.47.136
Jun 25 04:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: input_userauth_request: invalid user ofbiz [preauth]
Jun 25 04:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 04:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Failed password for invalid user ofbiz from 129.121.47.136 port 48982 ssh2
Jun 25 04:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Received disconnect from 129.121.47.136 port 48982:11: Bye Bye [preauth]
Jun 25 04:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Disconnected from 129.121.47.136 port 48982 [preauth]
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15592]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: Successful su for rubyman by root
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: + ??? root:rubyman
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588069 of user rubyman.
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588069.
Jun 25 04:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12983]: pam_unix(cron:session): session closed for user root
Jun 25 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14800]: pam_unix(cron:session): session closed for user root
Jun 25 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16044]: Successful su for rubyman by root
Jun 25 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16044]: + ??? root:rubyman
Jun 25 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588072 of user rubyman.
Jun 25 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16044]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588072.
Jun 25 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13401]: pam_unix(cron:session): session closed for user root
Jun 25 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15987]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: User john from 41.86.34.139 not allowed because not listed in AllowUsers
Jun 25 04:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: input_userauth_request: invalid user john [preauth]
Jun 25 04:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=john
Jun 25 04:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Failed password for invalid user john from 41.86.34.139 port 58734 ssh2
Jun 25 04:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Received disconnect from 41.86.34.139 port 58734:11: Bye Bye [preauth]
Jun 25 04:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Disconnected from 41.86.34.139 port 58734 [preauth]
Jun 25 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15211]: pam_unix(cron:session): session closed for user root
Jun 25 04:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: Invalid user znc from 129.121.47.136
Jun 25 04:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: input_userauth_request: invalid user znc [preauth]
Jun 25 04:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 04:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: Failed password for invalid user znc from 129.121.47.136 port 51082 ssh2
Jun 25 04:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: Received disconnect from 129.121.47.136 port 51082:11: Bye Bye [preauth]
Jun 25 04:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: Disconnected from 129.121.47.136 port 51082 [preauth]
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16377]: pam_unix(cron:session): session closed for user root
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: Successful su for rubyman by root
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: + ??? root:rubyman
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588079 of user rubyman.
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588079.
Jun 25 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session closed for user root
Jun 25 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13802]: pam_unix(cron:session): session closed for user root
Jun 25 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Failed password for root from 147.45.199.80 port 54172 ssh2
Jun 25 04:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Connection closed by 147.45.199.80 port 54172 [preauth]
Jun 25 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session closed for user root
Jun 25 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16906]: Successful su for rubyman by root
Jun 25 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16906]: + ??? root:rubyman
Jun 25 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588082 of user rubyman.
Jun 25 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16906]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588082.
Jun 25 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14286]: pam_unix(cron:session): session closed for user root
Jun 25 04:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 04:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for root from 193.37.70.224 port 60654 ssh2
Jun 25 04:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Connection closed by 193.37.70.224 port 60654 [preauth]
Jun 25 04:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Invalid user ofbiz from 41.86.34.139
Jun 25 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: input_userauth_request: invalid user ofbiz [preauth]
Jun 25 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15989]: pam_unix(cron:session): session closed for user root
Jun 25 04:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Failed password for invalid user ofbiz from 41.86.34.139 port 57142 ssh2
Jun 25 04:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Received disconnect from 41.86.34.139 port 57142:11: Bye Bye [preauth]
Jun 25 04:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Disconnected from 41.86.34.139 port 57142 [preauth]
Jun 25 04:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 04:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Failed password for root from 62.133.62.83 port 43596 ssh2
Jun 25 04:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Connection closed by 62.133.62.83 port 43596 [preauth]
Jun 25 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17381]: Successful su for rubyman by root
Jun 25 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17381]: + ??? root:rubyman
Jun 25 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588087 of user rubyman.
Jun 25 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17381]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588087.
Jun 25 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14799]: pam_unix(cron:session): session closed for user root
Jun 25 04:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: Invalid user ubuntu from 129.121.47.136
Jun 25 04:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 04:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 04:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: Failed password for invalid user ubuntu from 129.121.47.136 port 43356 ssh2
Jun 25 04:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: Received disconnect from 129.121.47.136 port 43356:11: Bye Bye [preauth]
Jun 25 04:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: Disconnected from 129.121.47.136 port 43356 [preauth]
Jun 25 04:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16376]: pam_unix(cron:session): session closed for user root
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17808]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17880]: Successful su for rubyman by root
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17880]: + ??? root:rubyman
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588090 of user rubyman.
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17880]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588090.
Jun 25 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15209]: pam_unix(cron:session): session closed for user root
Jun 25 04:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17809]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session closed for user root
Jun 25 04:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 04:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for root from 41.86.34.139 port 60942 ssh2
Jun 25 04:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Received disconnect from 41.86.34.139 port 60942:11: Bye Bye [preauth]
Jun 25 04:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Disconnected from 41.86.34.139 port 60942 [preauth]
Jun 25 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18307]: Successful su for rubyman by root
Jun 25 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18307]: + ??? root:rubyman
Jun 25 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588094 of user rubyman.
Jun 25 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18307]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588094.
Jun 25 04:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session closed for user root
Jun 25 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 04:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: Failed password for root from 129.121.47.136 port 48988 ssh2
Jun 25 04:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: Received disconnect from 129.121.47.136 port 48988:11: Bye Bye [preauth]
Jun 25 04:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: Disconnected from 129.121.47.136 port 48988 [preauth]
Jun 25 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session closed for user root
Jun 25 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18748]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18749]: pam_unix(cron:session): session closed for user root
Jun 25 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18743]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18826]: Successful su for rubyman by root
Jun 25 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18826]: + ??? root:rubyman
Jun 25 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588102 of user rubyman.
Jun 25 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18826]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588102.
Jun 25 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18745]: pam_unix(cron:session): session closed for user root
Jun 25 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session closed for user root
Jun 25 04:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18744]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session closed for user root
Jun 25 04:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: Invalid user corrina from 2.57.121.112
Jun 25 04:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: input_userauth_request: invalid user corrina [preauth]
Jun 25 04:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 04:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19247]: Invalid user postgres from 41.86.34.139
Jun 25 04:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19247]: input_userauth_request: invalid user postgres [preauth]
Jun 25 04:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19247]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: Failed password for invalid user corrina from 2.57.121.112 port 51138 ssh2
Jun 25 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19247]: Failed password for invalid user postgres from 41.86.34.139 port 47460 ssh2
Jun 25 04:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19247]: Received disconnect from 41.86.34.139 port 47460:11: Bye Bye [preauth]
Jun 25 04:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19247]: Disconnected from 41.86.34.139 port 47460 [preauth]
Jun 25 04:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: Failed password for invalid user corrina from 2.57.121.112 port 51138 ssh2
Jun 25 04:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: Failed password for invalid user corrina from 2.57.121.112 port 51138 ssh2
Jun 25 04:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: Failed password for invalid user corrina from 2.57.121.112 port 51138 ssh2
Jun 25 04:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: Failed password for invalid user corrina from 2.57.121.112 port 51138 ssh2
Jun 25 04:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: Connection closed by 2.57.121.112 port 51138 [preauth]
Jun 25 04:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 04:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19354]: Successful su for rubyman by root
Jun 25 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19354]: + ??? root:rubyman
Jun 25 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588105 of user rubyman.
Jun 25 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19354]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588105.
Jun 25 04:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session closed for user root
Jun 25 04:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19289]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: Invalid user ubuntu from 129.121.47.136
Jun 25 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session closed for user root
Jun 25 04:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: Failed password for invalid user ubuntu from 129.121.47.136 port 44060 ssh2
Jun 25 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: Received disconnect from 129.121.47.136 port 44060:11: Bye Bye [preauth]
Jun 25 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19821]: Disconnected from 129.121.47.136 port 44060 [preauth]
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19967]: Successful su for rubyman by root
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19967]: + ??? root:rubyman
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588109 of user rubyman.
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19967]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588109.
Jun 25 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session closed for user root
Jun 25 04:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19907]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18748]: pam_unix(cron:session): session closed for user root
Jun 25 04:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 04:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: Failed password for root from 41.86.34.139 port 55638 ssh2
Jun 25 04:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: Received disconnect from 41.86.34.139 port 55638:11: Bye Bye [preauth]
Jun 25 04:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: Disconnected from 41.86.34.139 port 55638 [preauth]
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20408]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20479]: Successful su for rubyman by root
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20479]: + ??? root:rubyman
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588112 of user rubyman.
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20479]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588112.
Jun 25 04:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session closed for user root
Jun 25 04:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 04:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20781]: Failed password for root from 194.113.233.25 port 45636 ssh2
Jun 25 04:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20781]: Connection closed by 194.113.233.25 port 45636 [preauth]
Jun 25 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19291]: pam_unix(cron:session): session closed for user root
Jun 25 04:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: Invalid user postgres from 129.121.47.136
Jun 25 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: input_userauth_request: invalid user postgres [preauth]
Jun 25 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 04:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: Failed password for invalid user postgres from 129.121.47.136 port 32982 ssh2
Jun 25 04:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: Received disconnect from 129.121.47.136 port 32982:11: Bye Bye [preauth]
Jun 25 04:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20878]: Disconnected from 129.121.47.136 port 32982 [preauth]
Jun 25 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20910]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: Successful su for rubyman by root
Jun 25 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: + ??? root:rubyman
Jun 25 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588116 of user rubyman.
Jun 25 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20969]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588116.
Jun 25 04:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17812]: pam_unix(cron:session): session closed for user root
Jun 25 04:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20911]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 04:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19909]: pam_unix(cron:session): session closed for user root
Jun 25 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21222]: Failed password for root from 103.27.238.120 port 50970 ssh2
Jun 25 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21222]: Connection closed by 103.27.238.120 port 50970 [preauth]
Jun 25 04:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 04:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Failed password for root from 109.237.96.109 port 34800 ssh2
Jun 25 04:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Connection closed by 109.237.96.109 port 34800 [preauth]
Jun 25 04:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 04:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21302]: Failed password for root from 41.86.34.139 port 48040 ssh2
Jun 25 04:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21302]: Received disconnect from 41.86.34.139 port 48040:11: Bye Bye [preauth]
Jun 25 04:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21302]: Disconnected from 41.86.34.139 port 48040 [preauth]
Jun 25 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21322]: pam_unix(cron:session): session closed for user root
Jun 25 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21313]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21389]: Successful su for rubyman by root
Jun 25 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21389]: + ??? root:rubyman
Jun 25 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588123 of user rubyman.
Jun 25 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21389]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588123.
Jun 25 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21316]: pam_unix(cron:session): session closed for user root
Jun 25 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session closed for user root
Jun 25 04:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21314]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20411]: pam_unix(cron:session): session closed for user root
Jun 25 04:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: Failed password for root from 129.121.47.136 port 49976 ssh2
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21783]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: Received disconnect from 129.121.47.136 port 49976:11: Bye Bye [preauth]
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: Disconnected from 129.121.47.136 port 49976 [preauth]
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21855]: Successful su for rubyman by root
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21855]: + ??? root:rubyman
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588128 of user rubyman.
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21855]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588128.
Jun 25 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18746]: pam_unix(cron:session): session closed for user root
Jun 25 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21786]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session closed for user root
Jun 25 04:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 04:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Failed password for root from 103.172.78.219 port 42128 ssh2
Jun 25 04:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Connection closed by 103.172.78.219 port 42128 [preauth]
Jun 25 04:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22264]: Successful su for rubyman by root
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22264]: + ??? root:rubyman
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588132 of user rubyman.
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22264]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588132.
Jun 25 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Failed password for root from 41.86.34.139 port 54396 ssh2
Jun 25 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Received disconnect from 41.86.34.139 port 54396:11: Bye Bye [preauth]
Jun 25 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Disconnected from 41.86.34.139 port 54396 [preauth]
Jun 25 04:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session closed for user root
Jun 25 04:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 04:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: Failed password for root from 77.94.47.83 port 60662 ssh2
Jun 25 04:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: Connection closed by 77.94.47.83 port 60662 [preauth]
Jun 25 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session closed for user root
Jun 25 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22688]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22751]: Successful su for rubyman by root
Jun 25 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22751]: + ??? root:rubyman
Jun 25 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588135 of user rubyman.
Jun 25 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22751]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588135.
Jun 25 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session closed for user root
Jun 25 04:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22689]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Invalid user test from 129.121.47.136
Jun 25 04:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: input_userauth_request: invalid user test [preauth]
Jun 25 04:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 04:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Failed password for invalid user test from 129.121.47.136 port 43586 ssh2
Jun 25 04:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Received disconnect from 129.121.47.136 port 43586:11: Bye Bye [preauth]
Jun 25 04:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Disconnected from 129.121.47.136 port 43586 [preauth]
Jun 25 04:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21788]: pam_unix(cron:session): session closed for user root
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user p13x
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: Successful su for rubyman by root
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: + ??? root:rubyman
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588138 of user rubyman.
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: pam_unix(su:session): session closed for user rubyman
Jun 25 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588138.
Jun 25 04:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 04:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session closed for user root
Jun 25 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Invalid user zhou from 41.86.34.139
Jun 25 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: input_userauth_request: invalid user zhou [preauth]
Jun 25 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session closed for user samftp
Jun 25 04:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Failed password for invalid user zhou from 41.86.34.139 port 60538 ssh2
Jun 25 04:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Received disconnect from 41.86.34.139 port 60538:11: Bye Bye [preauth]
Jun 25 04:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Disconnected from 41.86.34.139 port 60538 [preauth]
Jun 25 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22209]: pam_unix(cron:session): session closed for user root
Jun 25 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23527]: pam_unix(cron:session): session closed for user root
Jun 25 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23522]: pam_unix(cron:session): session closed for user root
Jun 25 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: Successful su for rubyman by root
Jun 25 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: + ??? root:rubyman
Jun 25 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588147 of user rubyman.
Jun 25 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588147.
Jun 25 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23523]: pam_unix(cron:session): session closed for user root
Jun 25 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20912]: pam_unix(cron:session): session closed for user root
Jun 25 05:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23521]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 05:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22692]: pam_unix(cron:session): session closed for user root
Jun 25 05:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Failed password for root from 129.121.47.136 port 43160 ssh2
Jun 25 05:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Received disconnect from 129.121.47.136 port 43160:11: Bye Bye [preauth]
Jun 25 05:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Disconnected from 129.121.47.136 port 43160 [preauth]
Jun 25 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24140]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: Successful su for rubyman by root
Jun 25 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: + ??? root:rubyman
Jun 25 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588150 of user rubyman.
Jun 25 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588150.
Jun 25 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21319]: pam_unix(cron:session): session closed for user root
Jun 25 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24141]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Invalid user radarr from 41.86.34.139
Jun 25 05:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: input_userauth_request: invalid user radarr [preauth]
Jun 25 05:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Failed password for invalid user radarr from 41.86.34.139 port 38082 ssh2
Jun 25 05:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Received disconnect from 41.86.34.139 port 38082:11: Bye Bye [preauth]
Jun 25 05:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Disconnected from 41.86.34.139 port 38082 [preauth]
Jun 25 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session closed for user root
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24570]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24641]: Successful su for rubyman by root
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24641]: + ??? root:rubyman
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24641]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588153 of user rubyman.
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24641]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588153.
Jun 25 05:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21787]: pam_unix(cron:session): session closed for user root
Jun 25 05:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23526]: pam_unix(cron:session): session closed for user root
Jun 25 05:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 05:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24958]: Failed password for root from 129.121.47.136 port 37648 ssh2
Jun 25 05:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24958]: Received disconnect from 129.121.47.136 port 37648:11: Bye Bye [preauth]
Jun 25 05:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24958]: Disconnected from 129.121.47.136 port 37648 [preauth]
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24987]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: Successful su for rubyman by root
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: + ??? root:rubyman
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588157 of user rubyman.
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588157.
Jun 25 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session closed for user root
Jun 25 05:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: Invalid user znc from 41.86.34.139
Jun 25 05:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: input_userauth_request: invalid user znc [preauth]
Jun 25 05:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: Failed password for invalid user znc from 41.86.34.139 port 51386 ssh2
Jun 25 05:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: Received disconnect from 41.86.34.139 port 51386:11: Bye Bye [preauth]
Jun 25 05:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: Disconnected from 41.86.34.139 port 51386 [preauth]
Jun 25 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24143]: pam_unix(cron:session): session closed for user root
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25386]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25446]: Successful su for rubyman by root
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25446]: + ??? root:rubyman
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588161 of user rubyman.
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25446]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588161.
Jun 25 05:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22691]: pam_unix(cron:session): session closed for user root
Jun 25 05:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25387]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: Invalid user ubnt from 45.148.10.121
Jun 25 05:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: input_userauth_request: invalid user ubnt [preauth]
Jun 25 05:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 05:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: Failed password for invalid user ubnt from 45.148.10.121 port 44366 ssh2
Jun 25 05:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: Connection closed by 45.148.10.121 port 44366 [preauth]
Jun 25 05:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24573]: pam_unix(cron:session): session closed for user root
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25775]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25780]: pam_unix(cron:session): session closed for user root
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25775]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25847]: Successful su for rubyman by root
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25847]: + ??? root:rubyman
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588166 of user rubyman.
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25847]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588166.
Jun 25 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25777]: pam_unix(cron:session): session closed for user root
Jun 25 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session closed for user root
Jun 25 05:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25776]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: Invalid user edge from 129.121.47.136
Jun 25 05:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: input_userauth_request: invalid user edge [preauth]
Jun 25 05:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: Failed password for invalid user edge from 129.121.47.136 port 41414 ssh2
Jun 25 05:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: Received disconnect from 129.121.47.136 port 41414:11: Bye Bye [preauth]
Jun 25 05:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: Disconnected from 129.121.47.136 port 41414 [preauth]
Jun 25 05:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 05:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Failed password for root from 41.86.34.139 port 47062 ssh2
Jun 25 05:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Received disconnect from 41.86.34.139 port 47062:11: Bye Bye [preauth]
Jun 25 05:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Disconnected from 41.86.34.139 port 47062 [preauth]
Jun 25 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session closed for user root
Jun 25 05:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 05:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: Failed password for root from 38.93.206.2 port 12386 ssh2
Jun 25 05:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: Connection closed by 38.93.206.2 port 12386 [preauth]
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26205]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26277]: Successful su for rubyman by root
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26277]: + ??? root:rubyman
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588171 of user rubyman.
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26277]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588171.
Jun 25 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23524]: pam_unix(cron:session): session closed for user root
Jun 25 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26206]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25389]: pam_unix(cron:session): session closed for user root
Jun 25 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Invalid user anita from 217.76.154.242
Jun 25 05:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: input_userauth_request: invalid user anita [preauth]
Jun 25 05:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 25 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Failed password for invalid user anita from 217.76.154.242 port 43058 ssh2
Jun 25 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Connection closed by 217.76.154.242 port 43058 [preauth]
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26614]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26684]: Successful su for rubyman by root
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26684]: + ??? root:rubyman
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588175 of user rubyman.
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26684]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588175.
Jun 25 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24142]: pam_unix(cron:session): session closed for user root
Jun 25 05:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26615]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 05:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: Failed password for root from 129.121.47.136 port 52810 ssh2
Jun 25 05:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: Received disconnect from 129.121.47.136 port 52810:11: Bye Bye [preauth]
Jun 25 05:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26980]: Disconnected from 129.121.47.136 port 52810 [preauth]
Jun 25 05:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Invalid user marcel from 41.86.34.139
Jun 25 05:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: input_userauth_request: invalid user marcel [preauth]
Jun 25 05:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25779]: pam_unix(cron:session): session closed for user root
Jun 25 05:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Failed password for invalid user marcel from 41.86.34.139 port 60594 ssh2
Jun 25 05:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Received disconnect from 41.86.34.139 port 60594:11: Bye Bye [preauth]
Jun 25 05:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Disconnected from 41.86.34.139 port 60594 [preauth]
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27091]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27154]: Successful su for rubyman by root
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27154]: + ??? root:rubyman
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588180 of user rubyman.
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27154]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588180.
Jun 25 05:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24572]: pam_unix(cron:session): session closed for user root
Jun 25 05:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27092]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26208]: pam_unix(cron:session): session closed for user root
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27516]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27512]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27627]: Successful su for rubyman by root
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27627]: + ??? root:rubyman
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588184 of user rubyman.
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27627]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588184.
Jun 25 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27510]: pam_unix(cron:session): session closed for user root
Jun 25 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session closed for user root
Jun 25 05:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27513]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 05:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: Failed password for root from 51.250.105.222 port 46644 ssh2
Jun 25 05:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: Connection closed by 51.250.105.222 port 46644 [preauth]
Jun 25 05:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26617]: pam_unix(cron:session): session closed for user root
Jun 25 05:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 05:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 05:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Failed password for root from 129.121.47.136 port 44544 ssh2
Jun 25 05:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Received disconnect from 129.121.47.136 port 44544:11: Bye Bye [preauth]
Jun 25 05:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Disconnected from 129.121.47.136 port 44544 [preauth]
Jun 25 05:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27930]: Failed password for root from 41.86.34.139 port 46052 ssh2
Jun 25 05:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27930]: Received disconnect from 41.86.34.139 port 46052:11: Bye Bye [preauth]
Jun 25 05:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27930]: Disconnected from 41.86.34.139 port 46052 [preauth]
Jun 25 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28035]: pam_unix(cron:session): session closed for user root
Jun 25 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28030]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28148]: Successful su for rubyman by root
Jun 25 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28148]: + ??? root:rubyman
Jun 25 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588190 of user rubyman.
Jun 25 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28148]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588190.
Jun 25 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session closed for user root
Jun 25 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25388]: pam_unix(cron:session): session closed for user root
Jun 25 05:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28031]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27094]: pam_unix(cron:session): session closed for user root
Jun 25 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28501]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: Successful su for rubyman by root
Jun 25 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: + ??? root:rubyman
Jun 25 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588195 of user rubyman.
Jun 25 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588195.
Jun 25 05:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25778]: pam_unix(cron:session): session closed for user root
Jun 25 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28502]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: User www-data from 141.98.83.240 not allowed because not listed in AllowUsers
Jun 25 05:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: input_userauth_request: invalid user www-data [preauth]
Jun 25 05:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=www-data
Jun 25 05:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: Failed password for invalid user www-data from 141.98.83.240 port 19364 ssh2
Jun 25 05:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: message repeated 2 times: [ Failed password for invalid user www-data from 141.98.83.240 port 19364 ssh2]
Jun 25 05:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: Connection closed by 141.98.83.240 port 19364 [preauth]
Jun 25 05:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=www-data
Jun 25 05:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27517]: pam_unix(cron:session): session closed for user root
Jun 25 05:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: Invalid user ubuntu from 41.86.34.139
Jun 25 05:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 05:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: Failed password for invalid user ubuntu from 41.86.34.139 port 50232 ssh2
Jun 25 05:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: Received disconnect from 41.86.34.139 port 50232:11: Bye Bye [preauth]
Jun 25 05:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28963]: Disconnected from 41.86.34.139 port 50232 [preauth]
Jun 25 05:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 05:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: Failed password for root from 129.121.47.136 port 36310 ssh2
Jun 25 05:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: Received disconnect from 129.121.47.136 port 36310:11: Bye Bye [preauth]
Jun 25 05:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: Disconnected from 129.121.47.136 port 36310 [preauth]
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29021]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29086]: Successful su for rubyman by root
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29086]: + ??? root:rubyman
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588200 of user rubyman.
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29086]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588200.
Jun 25 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26207]: pam_unix(cron:session): session closed for user root
Jun 25 05:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29022]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28034]: pam_unix(cron:session): session closed for user root
Jun 25 05:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 05:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: Failed password for root from 80.66.85.226 port 33550 ssh2
Jun 25 05:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: Connection closed by 80.66.85.226 port 33550 [preauth]
Jun 25 05:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 05:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: Failed password for root from 103.149.28.157 port 56432 ssh2
Jun 25 05:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: Connection closed by 103.149.28.157 port 56432 [preauth]
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29447]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29518]: Successful su for rubyman by root
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29518]: + ??? root:rubyman
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588204 of user rubyman.
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29518]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588204.
Jun 25 05:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26616]: pam_unix(cron:session): session closed for user root
Jun 25 05:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29448]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session closed for user root
Jun 25 05:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: Invalid user alex from 41.86.34.139
Jun 25 05:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: input_userauth_request: invalid user alex [preauth]
Jun 25 05:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: Failed password for invalid user alex from 41.86.34.139 port 52340 ssh2
Jun 25 05:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: Received disconnect from 41.86.34.139 port 52340:11: Bye Bye [preauth]
Jun 25 05:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29960]: Disconnected from 41.86.34.139 port 52340 [preauth]
Jun 25 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Invalid user mt from 129.121.47.136
Jun 25 05:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: input_userauth_request: invalid user mt [preauth]
Jun 25 05:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Failed password for invalid user mt from 129.121.47.136 port 58810 ssh2
Jun 25 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Received disconnect from 129.121.47.136 port 58810:11: Bye Bye [preauth]
Jun 25 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Disconnected from 129.121.47.136 port 58810 [preauth]
Jun 25 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29982]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30043]: Successful su for rubyman by root
Jun 25 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30043]: + ??? root:rubyman
Jun 25 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588206 of user rubyman.
Jun 25 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30043]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588206.
Jun 25 05:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27093]: pam_unix(cron:session): session closed for user root
Jun 25 05:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 05:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Failed password for root from 103.77.175.15 port 41522 ssh2
Jun 25 05:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Connection closed by 103.77.175.15 port 41522 [preauth]
Jun 25 05:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29983]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session closed for user root
Jun 25 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30401]: pam_unix(cron:session): session closed for user root
Jun 25 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30396]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: Successful su for rubyman by root
Jun 25 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: + ??? root:rubyman
Jun 25 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588210 of user rubyman.
Jun 25 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588210.
Jun 25 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30398]: pam_unix(cron:session): session closed for user root
Jun 25 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27516]: pam_unix(cron:session): session closed for user root
Jun 25 05:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30397]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session closed for user root
Jun 25 05:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 05:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Failed password for root from 103.15.222.183 port 60114 ssh2
Jun 25 05:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Connection closed by 103.15.222.183 port 60114 [preauth]
Jun 25 05:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: Invalid user enigma from 41.86.34.139
Jun 25 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: input_userauth_request: invalid user enigma [preauth]
Jun 25 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: Successful su for rubyman by root
Jun 25 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: Failed password for invalid user enigma from 41.86.34.139 port 44196 ssh2
Jun 25 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: + ??? root:rubyman
Jun 25 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588216 of user rubyman.
Jun 25 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588216.
Jun 25 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: Received disconnect from 41.86.34.139 port 44196:11: Bye Bye [preauth]
Jun 25 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: Disconnected from 41.86.34.139 port 44196 [preauth]
Jun 25 05:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session closed for user root
Jun 25 05:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30857]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Invalid user radarr from 129.121.47.136
Jun 25 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: input_userauth_request: invalid user radarr [preauth]
Jun 25 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Failed password for invalid user radarr from 129.121.47.136 port 54038 ssh2
Jun 25 05:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Received disconnect from 129.121.47.136 port 54038:11: Bye Bye [preauth]
Jun 25 05:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Disconnected from 129.121.47.136 port 54038 [preauth]
Jun 25 05:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session closed for user root
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session closed for user root
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31356]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31424]: Successful su for rubyman by root
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31424]: + ??? root:rubyman
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588221 of user rubyman.
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31424]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588221.
Jun 25 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28503]: pam_unix(cron:session): session closed for user root
Jun 25 05:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31358]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30400]: pam_unix(cron:session): session closed for user root
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31855]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31921]: Successful su for rubyman by root
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31921]: + ??? root:rubyman
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588225 of user rubyman.
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31921]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588225.
Jun 25 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29023]: pam_unix(cron:session): session closed for user root
Jun 25 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31856]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 05:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32119]: Failed password for root from 41.86.34.139 port 33252 ssh2
Jun 25 05:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32119]: Received disconnect from 41.86.34.139 port 33252:11: Bye Bye [preauth]
Jun 25 05:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32119]: Disconnected from 41.86.34.139 port 33252 [preauth]
Jun 25 05:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: Invalid user test from 129.121.47.136
Jun 25 05:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: input_userauth_request: invalid user test [preauth]
Jun 25 05:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: Failed password for invalid user test from 129.121.47.136 port 57122 ssh2
Jun 25 05:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: Received disconnect from 129.121.47.136 port 57122:11: Bye Bye [preauth]
Jun 25 05:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: Disconnected from 129.121.47.136 port 57122 [preauth]
Jun 25 05:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session closed for user root
Jun 25 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32277]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32334]: Successful su for rubyman by root
Jun 25 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32334]: + ??? root:rubyman
Jun 25 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588229 of user rubyman.
Jun 25 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32334]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588229.
Jun 25 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session closed for user root
Jun 25 05:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32278]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31360]: pam_unix(cron:session): session closed for user root
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32688]: pam_unix(cron:session): session closed for user root
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: Successful su for rubyman by root
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: + ??? root:rubyman
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588238 of user rubyman.
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588238.
Jun 25 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session closed for user root
Jun 25 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29984]: pam_unix(cron:session): session closed for user root
Jun 25 05:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32684]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Invalid user test from 41.86.34.139
Jun 25 05:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: input_userauth_request: invalid user test [preauth]
Jun 25 05:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Failed password for invalid user test from 41.86.34.139 port 48046 ssh2
Jun 25 05:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Received disconnect from 41.86.34.139 port 48046:11: Bye Bye [preauth]
Jun 25 05:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Disconnected from 41.86.34.139 port 48046 [preauth]
Jun 25 05:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31858]: pam_unix(cron:session): session closed for user root
Jun 25 05:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Invalid user alex from 129.121.47.136
Jun 25 05:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: input_userauth_request: invalid user alex [preauth]
Jun 25 05:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Failed password for invalid user alex from 129.121.47.136 port 45460 ssh2
Jun 25 05:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Received disconnect from 129.121.47.136 port 45460:11: Bye Bye [preauth]
Jun 25 05:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Disconnected from 129.121.47.136 port 45460 [preauth]
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[881]: Successful su for rubyman by root
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[881]: + ??? root:rubyman
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588240 of user rubyman.
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[881]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588240.
Jun 25 05:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30399]: pam_unix(cron:session): session closed for user root
Jun 25 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[814]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32280]: pam_unix(cron:session): session closed for user root
Jun 25 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1274]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1349]: Successful su for rubyman by root
Jun 25 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1349]: + ??? root:rubyman
Jun 25 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588244 of user rubyman.
Jun 25 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1349]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588244.
Jun 25 05:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session closed for user root
Jun 25 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1275]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1690]: Invalid user test from 41.86.34.139
Jun 25 05:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1690]: input_userauth_request: invalid user test [preauth]
Jun 25 05:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1690]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1690]: Failed password for invalid user test from 41.86.34.139 port 47170 ssh2
Jun 25 05:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1690]: Received disconnect from 41.86.34.139 port 47170:11: Bye Bye [preauth]
Jun 25 05:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1690]: Disconnected from 41.86.34.139 port 47170 [preauth]
Jun 25 05:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session closed for user root
Jun 25 05:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Invalid user victor from 129.121.47.136
Jun 25 05:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: input_userauth_request: invalid user victor [preauth]
Jun 25 05:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Failed password for invalid user victor from 129.121.47.136 port 37220 ssh2
Jun 25 05:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Received disconnect from 129.121.47.136 port 37220:11: Bye Bye [preauth]
Jun 25 05:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Disconnected from 129.121.47.136 port 37220 [preauth]
Jun 25 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1823]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1883]: Successful su for rubyman by root
Jun 25 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1883]: + ??? root:rubyman
Jun 25 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588247 of user rubyman.
Jun 25 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1883]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588247.
Jun 25 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31359]: pam_unix(cron:session): session closed for user root
Jun 25 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1824]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[816]: pam_unix(cron:session): session closed for user root
Jun 25 05:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 05:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Failed password for root from 103.27.238.114 port 43148 ssh2
Jun 25 05:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Connection closed by 103.27.238.114 port 43148 [preauth]
Jun 25 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2301]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2369]: Successful su for rubyman by root
Jun 25 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2369]: + ??? root:rubyman
Jun 25 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588253 of user rubyman.
Jun 25 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2369]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588253.
Jun 25 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31857]: pam_unix(cron:session): session closed for user root
Jun 25 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Invalid user ubuntu from 41.86.34.139
Jun 25 05:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 05:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Failed password for invalid user ubuntu from 41.86.34.139 port 38818 ssh2
Jun 25 05:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Received disconnect from 41.86.34.139 port 38818:11: Bye Bye [preauth]
Jun 25 05:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Disconnected from 41.86.34.139 port 38818 [preauth]
Jun 25 05:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1278]: pam_unix(cron:session): session closed for user root
Jun 25 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2733]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2737]: pam_unix(cron:session): session closed for user root
Jun 25 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2731]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2804]: Successful su for rubyman by root
Jun 25 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2804]: + ??? root:rubyman
Jun 25 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588258 of user rubyman.
Jun 25 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2804]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588258.
Jun 25 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2733]: pam_unix(cron:session): session closed for user root
Jun 25 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32279]: pam_unix(cron:session): session closed for user root
Jun 25 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2732]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 05:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: Failed password for root from 129.121.47.136 port 48282 ssh2
Jun 25 05:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: Received disconnect from 129.121.47.136 port 48282:11: Bye Bye [preauth]
Jun 25 05:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: Disconnected from 129.121.47.136 port 48282 [preauth]
Jun 25 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1826]: pam_unix(cron:session): session closed for user root
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3158]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3224]: Successful su for rubyman by root
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3224]: + ??? root:rubyman
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588261 of user rubyman.
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3224]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588261.
Jun 25 05:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session closed for user root
Jun 25 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3159]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Invalid user default from 193.46.255.86
Jun 25 05:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: input_userauth_request: invalid user default [preauth]
Jun 25 05:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 05:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Failed password for invalid user default from 193.46.255.86 port 11500 ssh2
Jun 25 05:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Failed password for invalid user default from 193.46.255.86 port 11500 ssh2
Jun 25 05:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Failed password for invalid user default from 193.46.255.86 port 11500 ssh2
Jun 25 05:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Connection closed by 193.46.255.86 port 11500 [preauth]
Jun 25 05:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 05:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Invalid user victor from 41.86.34.139
Jun 25 05:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: input_userauth_request: invalid user victor [preauth]
Jun 25 05:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Failed password for invalid user victor from 41.86.34.139 port 54510 ssh2
Jun 25 05:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Received disconnect from 41.86.34.139 port 54510:11: Bye Bye [preauth]
Jun 25 05:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Disconnected from 41.86.34.139 port 54510 [preauth]
Jun 25 05:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session closed for user root
Jun 25 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3568]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3566]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3626]: Successful su for rubyman by root
Jun 25 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3626]: + ??? root:rubyman
Jun 25 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588266 of user rubyman.
Jun 25 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3626]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588266.
Jun 25 05:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[815]: pam_unix(cron:session): session closed for user root
Jun 25 05:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3567]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 05:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Failed password for root from 129.121.47.136 port 35084 ssh2
Jun 25 05:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Received disconnect from 129.121.47.136 port 35084:11: Bye Bye [preauth]
Jun 25 05:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Disconnected from 129.121.47.136 port 35084 [preauth]
Jun 25 05:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2736]: pam_unix(cron:session): session closed for user root
Jun 25 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4166]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4234]: Successful su for rubyman by root
Jun 25 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4234]: + ??? root:rubyman
Jun 25 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588271 of user rubyman.
Jun 25 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4234]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588271.
Jun 25 05:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1276]: pam_unix(cron:session): session closed for user root
Jun 25 05:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4167]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3161]: pam_unix(cron:session): session closed for user root
Jun 25 05:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 05:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Failed password for root from 41.86.34.139 port 44018 ssh2
Jun 25 05:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Received disconnect from 41.86.34.139 port 44018:11: Bye Bye [preauth]
Jun 25 05:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Disconnected from 41.86.34.139 port 44018 [preauth]
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4576]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: Successful su for rubyman by root
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: + ??? root:rubyman
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588273 of user rubyman.
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588273.
Jun 25 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1825]: pam_unix(cron:session): session closed for user root
Jun 25 05:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4577]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3569]: pam_unix(cron:session): session closed for user root
Jun 25 05:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: Invalid user enigma from 129.121.47.136
Jun 25 05:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: input_userauth_request: invalid user enigma [preauth]
Jun 25 05:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: Failed password for invalid user enigma from 129.121.47.136 port 35224 ssh2
Jun 25 05:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: Received disconnect from 129.121.47.136 port 35224:11: Bye Bye [preauth]
Jun 25 05:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5036]: Disconnected from 129.121.47.136 port 35224 [preauth]
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5089]: pam_unix(cron:session): session closed for user root
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5084]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5152]: Successful su for rubyman by root
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5152]: + ??? root:rubyman
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588282 of user rubyman.
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5152]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588282.
Jun 25 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5086]: pam_unix(cron:session): session closed for user root
Jun 25 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session closed for user root
Jun 25 05:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5085]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4169]: pam_unix(cron:session): session closed for user root
Jun 25 05:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5499]: Connection closed by 194.59.206.2 port 19118 [preauth]
Jun 25 05:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 05:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Failed password for root from 41.86.34.139 port 45550 ssh2
Jun 25 05:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Received disconnect from 41.86.34.139 port 45550:11: Bye Bye [preauth]
Jun 25 05:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Disconnected from 41.86.34.139 port 45550 [preauth]
Jun 25 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5535]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5604]: Successful su for rubyman by root
Jun 25 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5604]: + ??? root:rubyman
Jun 25 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588285 of user rubyman.
Jun 25 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5604]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588285.
Jun 25 05:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2734]: pam_unix(cron:session): session closed for user root
Jun 25 05:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5536]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4579]: pam_unix(cron:session): session closed for user root
Jun 25 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5929]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5987]: Successful su for rubyman by root
Jun 25 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5987]: + ??? root:rubyman
Jun 25 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588289 of user rubyman.
Jun 25 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5987]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588289.
Jun 25 05:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session closed for user root
Jun 25 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Invalid user misha from 129.121.47.136
Jun 25 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: input_userauth_request: invalid user misha [preauth]
Jun 25 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5930]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Failed password for invalid user misha from 129.121.47.136 port 59172 ssh2
Jun 25 05:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Received disconnect from 129.121.47.136 port 59172:11: Bye Bye [preauth]
Jun 25 05:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Disconnected from 129.121.47.136 port 59172 [preauth]
Jun 25 05:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: Connection closed by 45.148.10.121 port 49724 [preauth]
Jun 25 05:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5088]: pam_unix(cron:session): session closed for user root
Jun 25 05:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: Failed password for root from 41.86.34.139 port 54102 ssh2
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6318]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: Received disconnect from 41.86.34.139 port 54102:11: Bye Bye [preauth]
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: Disconnected from 41.86.34.139 port 54102 [preauth]
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6383]: Successful su for rubyman by root
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6383]: + ??? root:rubyman
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588291 of user rubyman.
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6383]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588291.
Jun 25 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3568]: pam_unix(cron:session): session closed for user root
Jun 25 05:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6319]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5538]: pam_unix(cron:session): session closed for user root
Jun 25 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6718]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6793]: Successful su for rubyman by root
Jun 25 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6793]: + ??? root:rubyman
Jun 25 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588295 of user rubyman.
Jun 25 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6793]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588295.
Jun 25 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4168]: pam_unix(cron:session): session closed for user root
Jun 25 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6716]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: Failed password for root from 129.121.47.136 port 45730 ssh2
Jun 25 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: Received disconnect from 129.121.47.136 port 45730:11: Bye Bye [preauth]
Jun 25 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7133]: Disconnected from 129.121.47.136 port 45730 [preauth]
Jun 25 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5932]: pam_unix(cron:session): session closed for user root
Jun 25 05:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Invalid user admin from 2.57.121.25
Jun 25 05:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: input_userauth_request: invalid user admin [preauth]
Jun 25 05:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 05:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Failed password for invalid user admin from 2.57.121.25 port 9164 ssh2
Jun 25 05:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Failed password for invalid user admin from 2.57.121.25 port 9164 ssh2
Jun 25 05:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Failed password for invalid user admin from 2.57.121.25 port 9164 ssh2
Jun 25 05:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Connection closed by 2.57.121.25 port 9164 [preauth]
Jun 25 05:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7234]: pam_unix(cron:session): session closed for user root
Jun 25 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7299]: Successful su for rubyman by root
Jun 25 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7299]: + ??? root:rubyman
Jun 25 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588302 of user rubyman.
Jun 25 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7299]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588302.
Jun 25 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7231]: pam_unix(cron:session): session closed for user root
Jun 25 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session closed for user root
Jun 25 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7230]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Invalid user mt from 41.86.34.139
Jun 25 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: input_userauth_request: invalid user mt [preauth]
Jun 25 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Failed password for invalid user mt from 41.86.34.139 port 33326 ssh2
Jun 25 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Received disconnect from 41.86.34.139 port 33326:11: Bye Bye [preauth]
Jun 25 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Disconnected from 41.86.34.139 port 33326 [preauth]
Jun 25 05:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6323]: pam_unix(cron:session): session closed for user root
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7826]: Successful su for rubyman by root
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7826]: + ??? root:rubyman
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588305 of user rubyman.
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7826]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588305.
Jun 25 05:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5087]: pam_unix(cron:session): session closed for user root
Jun 25 05:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7762]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6718]: pam_unix(cron:session): session closed for user root
Jun 25 05:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Invalid user marcel from 129.121.47.136
Jun 25 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: input_userauth_request: invalid user marcel [preauth]
Jun 25 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Failed password for invalid user marcel from 129.121.47.136 port 46900 ssh2
Jun 25 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Received disconnect from 129.121.47.136 port 46900:11: Bye Bye [preauth]
Jun 25 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Disconnected from 129.121.47.136 port 46900 [preauth]
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8150]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: Successful su for rubyman by root
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: + ??? root:rubyman
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588311 of user rubyman.
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588311.
Jun 25 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5537]: pam_unix(cron:session): session closed for user root
Jun 25 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8151]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Invalid user edge from 41.86.34.139
Jun 25 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: input_userauth_request: invalid user edge [preauth]
Jun 25 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Failed password for invalid user edge from 41.86.34.139 port 43268 ssh2
Jun 25 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Received disconnect from 41.86.34.139 port 43268:11: Bye Bye [preauth]
Jun 25 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Disconnected from 41.86.34.139 port 43268 [preauth]
Jun 25 05:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7233]: pam_unix(cron:session): session closed for user root
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8555]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8614]: Successful su for rubyman by root
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8614]: + ??? root:rubyman
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588314 of user rubyman.
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8614]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588314.
Jun 25 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5931]: pam_unix(cron:session): session closed for user root
Jun 25 05:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8556]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 05:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: Failed password for root from 103.82.132.16 port 42256 ssh2
Jun 25 05:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: Connection closed by 103.82.132.16 port 42256 [preauth]
Jun 25 05:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7764]: pam_unix(cron:session): session closed for user root
Jun 25 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8948]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9064]: Successful su for rubyman by root
Jun 25 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9064]: + ??? root:rubyman
Jun 25 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588319 of user rubyman.
Jun 25 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9064]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588319.
Jun 25 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Invalid user zhou from 129.121.47.136
Jun 25 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: input_userauth_request: invalid user zhou [preauth]
Jun 25 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8945]: pam_unix(cron:session): session closed for user root
Jun 25 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Failed password for invalid user zhou from 129.121.47.136 port 32996 ssh2
Jun 25 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Received disconnect from 129.121.47.136 port 32996:11: Bye Bye [preauth]
Jun 25 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Disconnected from 129.121.47.136 port 32996 [preauth]
Jun 25 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6322]: pam_unix(cron:session): session closed for user root
Jun 25 05:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8949]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: Invalid user misha from 41.86.34.139
Jun 25 05:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: input_userauth_request: invalid user misha [preauth]
Jun 25 05:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139
Jun 25 05:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: Failed password for invalid user misha from 41.86.34.139 port 47006 ssh2
Jun 25 05:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: Received disconnect from 41.86.34.139 port 47006:11: Bye Bye [preauth]
Jun 25 05:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: Disconnected from 41.86.34.139 port 47006 [preauth]
Jun 25 05:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8153]: pam_unix(cron:session): session closed for user root
Jun 25 05:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 05:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: Failed password for root from 103.82.20.28 port 48660 ssh2
Jun 25 05:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: Connection closed by 103.82.20.28 port 48660 [preauth]
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9436]: pam_unix(cron:session): session closed for user root
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9430]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9495]: Successful su for rubyman by root
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9495]: + ??? root:rubyman
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588326 of user rubyman.
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9495]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588326.
Jun 25 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session closed for user root
Jun 25 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6717]: pam_unix(cron:session): session closed for user root
Jun 25 05:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 05:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Failed password for root from 141.98.83.240 port 35102 ssh2
Jun 25 05:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 35102 ssh2]
Jun 25 05:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: Connection closed by 141.98.83.240 port 35102 [preauth]
Jun 25 05:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 05:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session closed for user root
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10094]: Successful su for rubyman by root
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10094]: + ??? root:rubyman
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588328 of user rubyman.
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10094]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588328.
Jun 25 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7232]: pam_unix(cron:session): session closed for user root
Jun 25 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 05:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: User john from 129.121.47.136 not allowed because not listed in AllowUsers
Jun 25 05:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: input_userauth_request: invalid user john [preauth]
Jun 25 05:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=john
Jun 25 05:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: Failed password for invalid user john from 129.121.47.136 port 60288 ssh2
Jun 25 05:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: Received disconnect from 129.121.47.136 port 60288:11: Bye Bye [preauth]
Jun 25 05:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: Disconnected from 129.121.47.136 port 60288 [preauth]
Jun 25 05:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Failed password for root from 103.27.238.116 port 55444 ssh2
Jun 25 05:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Connection closed by 103.27.238.116 port 55444 [preauth]
Jun 25 05:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.34.139  user=root
Jun 25 05:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Failed password for root from 41.86.34.139 port 43448 ssh2
Jun 25 05:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Received disconnect from 41.86.34.139 port 43448:11: Bye Bye [preauth]
Jun 25 05:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Disconnected from 41.86.34.139 port 43448 [preauth]
Jun 25 05:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8951]: pam_unix(cron:session): session closed for user root
Jun 25 05:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: Received disconnect from 38.96.178.220 port 40786:11: disconnected by user [preauth]
Jun 25 05:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: Disconnected from 38.96.178.220 port 40786 [preauth]
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10605]: Successful su for rubyman by root
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10605]: + ??? root:rubyman
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588333 of user rubyman.
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10605]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588333.
Jun 25 05:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7763]: pam_unix(cron:session): session closed for user root
Jun 25 05:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10542]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9435]: pam_unix(cron:session): session closed for user root
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10959]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11021]: Successful su for rubyman by root
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11021]: + ??? root:rubyman
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588338 of user rubyman.
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11021]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588338.
Jun 25 05:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8152]: pam_unix(cron:session): session closed for user root
Jun 25 05:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10960]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136  user=root
Jun 25 05:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Failed password for root from 129.121.47.136 port 40992 ssh2
Jun 25 05:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Received disconnect from 129.121.47.136 port 40992:11: Bye Bye [preauth]
Jun 25 05:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Disconnected from 129.121.47.136 port 40992 [preauth]
Jun 25 05:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9868]: pam_unix(cron:session): session closed for user root
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: Successful su for rubyman by root
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: + ??? root:rubyman
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588340 of user rubyman.
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588340.
Jun 25 05:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session closed for user root
Jun 25 05:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10544]: pam_unix(cron:session): session closed for user root
Jun 25 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11821]: pam_unix(cron:session): session closed for user root
Jun 25 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11816]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11891]: Successful su for rubyman by root
Jun 25 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11891]: + ??? root:rubyman
Jun 25 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588346 of user rubyman.
Jun 25 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11891]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588346.
Jun 25 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11818]: pam_unix(cron:session): session closed for user root
Jun 25 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8950]: pam_unix(cron:session): session closed for user root
Jun 25 05:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11817]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10962]: pam_unix(cron:session): session closed for user root
Jun 25 05:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: Invalid user martina from 129.121.47.136
Jun 25 05:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: input_userauth_request: invalid user martina [preauth]
Jun 25 05:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.121.47.136
Jun 25 05:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: Failed password for invalid user martina from 129.121.47.136 port 34254 ssh2
Jun 25 05:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: Received disconnect from 129.121.47.136 port 34254:11: Bye Bye [preauth]
Jun 25 05:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12259]: Disconnected from 129.121.47.136 port 34254 [preauth]
Jun 25 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12388]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12465]: Successful su for rubyman by root
Jun 25 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12465]: + ??? root:rubyman
Jun 25 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588352 of user rubyman.
Jun 25 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12465]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588352.
Jun 25 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9433]: pam_unix(cron:session): session closed for user root
Jun 25 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12390]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11373]: pam_unix(cron:session): session closed for user root
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12811]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12884]: Successful su for rubyman by root
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12884]: + ??? root:rubyman
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588355 of user rubyman.
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12884]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588355.
Jun 25 05:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session closed for user root
Jun 25 05:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12812]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11820]: pam_unix(cron:session): session closed for user root
Jun 25 05:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 05:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: Failed password for root from 202.178.126.219 port 39077 ssh2
Jun 25 05:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: Connection closed by 202.178.126.219 port 39077 [preauth]
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13227]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13290]: Successful su for rubyman by root
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13290]: + ??? root:rubyman
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588358 of user rubyman.
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13290]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588358.
Jun 25 05:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session closed for user root
Jun 25 05:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13228]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12392]: pam_unix(cron:session): session closed for user root
Jun 25 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13624]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13683]: Successful su for rubyman by root
Jun 25 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13683]: + ??? root:rubyman
Jun 25 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588364 of user rubyman.
Jun 25 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13683]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588364.
Jun 25 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10961]: pam_unix(cron:session): session closed for user root
Jun 25 05:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13625]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12814]: pam_unix(cron:session): session closed for user root
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14038]: pam_unix(cron:session): session closed for user root
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14100]: Successful su for rubyman by root
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14100]: + ??? root:rubyman
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588368 of user rubyman.
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14100]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588368.
Jun 25 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14035]: pam_unix(cron:session): session closed for user root
Jun 25 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11372]: pam_unix(cron:session): session closed for user root
Jun 25 05:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14034]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13232]: pam_unix(cron:session): session closed for user root
Jun 25 05:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14451]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: Failed password for root from 38.93.206.2 port 38782 ssh2
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14521]: Successful su for rubyman by root
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14521]: + ??? root:rubyman
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588372 of user rubyman.
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14521]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588372.
Jun 25 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: Connection closed by 38.93.206.2 port 38782 [preauth]
Jun 25 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11819]: pam_unix(cron:session): session closed for user root
Jun 25 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14453]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14812]: Failed password for root from 103.122.221.179 port 33400 ssh2
Jun 25 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14812]: Connection closed by 103.122.221.179 port 33400 [preauth]
Jun 25 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session closed for user root
Jun 25 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14945]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15009]: Successful su for rubyman by root
Jun 25 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15009]: + ??? root:rubyman
Jun 25 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588377 of user rubyman.
Jun 25 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15009]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588377.
Jun 25 05:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12391]: pam_unix(cron:session): session closed for user root
Jun 25 05:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14946]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session closed for user root
Jun 25 05:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 05:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15297]: Failed password for root from 87.251.79.125 port 46768 ssh2
Jun 25 05:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15297]: Connection closed by 87.251.79.125 port 46768 [preauth]
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15344]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15403]: Successful su for rubyman by root
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15403]: + ??? root:rubyman
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588380 of user rubyman.
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15403]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588380.
Jun 25 05:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12813]: pam_unix(cron:session): session closed for user root
Jun 25 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15345]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14455]: pam_unix(cron:session): session closed for user root
Jun 25 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15738]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15739]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15736]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15796]: Successful su for rubyman by root
Jun 25 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15796]: + ??? root:rubyman
Jun 25 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588385 of user rubyman.
Jun 25 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15796]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588385.
Jun 25 05:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13229]: pam_unix(cron:session): session closed for user root
Jun 25 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15737]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Received disconnect from 91.208.197.64 port 51656:11: disconnected by user [preauth]
Jun 25 05:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Disconnected from 91.208.197.64 port 51656 [preauth]
Jun 25 05:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14948]: pam_unix(cron:session): session closed for user root
Jun 25 05:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 05:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16106]: Failed password for root from 103.153.68.219 port 52352 ssh2
Jun 25 05:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16106]: Connection closed by 103.153.68.219 port 52352 [preauth]
Jun 25 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session closed for user root
Jun 25 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16121]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16191]: Successful su for rubyman by root
Jun 25 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16191]: + ??? root:rubyman
Jun 25 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588389 of user rubyman.
Jun 25 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16191]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588389.
Jun 25 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session closed for user root
Jun 25 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session closed for user root
Jun 25 05:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16122]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15347]: pam_unix(cron:session): session closed for user root
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16544]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16609]: Successful su for rubyman by root
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16609]: + ??? root:rubyman
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588396 of user rubyman.
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16609]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588396.
Jun 25 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14036]: pam_unix(cron:session): session closed for user root
Jun 25 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16545]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15739]: pam_unix(cron:session): session closed for user root
Jun 25 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17112]: Successful su for rubyman by root
Jun 25 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17112]: + ??? root:rubyman
Jun 25 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588398 of user rubyman.
Jun 25 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17112]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588398.
Jun 25 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14454]: pam_unix(cron:session): session closed for user root
Jun 25 05:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 25 05:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Failed password for root from 186.96.158.180 port 27403 ssh2
Jun 25 05:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Received disconnect from 186.96.158.180 port 27403:11: Bye Bye [preauth]
Jun 25 05:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Disconnected from 186.96.158.180 port 27403 [preauth]
Jun 25 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session closed for user root
Jun 25 05:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Invalid user obc from 45.165.14.197
Jun 25 05:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: input_userauth_request: invalid user obc [preauth]
Jun 25 05:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 05:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Failed password for invalid user obc from 45.165.14.197 port 52541 ssh2
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Received disconnect from 45.165.14.197 port 52541:11: Bye Bye [preauth]
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Disconnected from 45.165.14.197 port 52541 [preauth]
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17459]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17520]: Successful su for rubyman by root
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17520]: + ??? root:rubyman
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588402 of user rubyman.
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17520]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588402.
Jun 25 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14947]: pam_unix(cron:session): session closed for user root
Jun 25 05:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17460]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16547]: pam_unix(cron:session): session closed for user root
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17949]: pam_unix(cron:session): session closed for user p13x
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18014]: Successful su for rubyman by root
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18014]: + ??? root:rubyman
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588406 of user rubyman.
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18014]: pam_unix(su:session): session closed for user rubyman
Jun 25 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588406.
Jun 25 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15346]: pam_unix(cron:session): session closed for user root
Jun 25 05:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17950]: pam_unix(cron:session): session closed for user samftp
Jun 25 05:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 05:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: Failed password for root from 103.77.242.62 port 38216 ssh2
Jun 25 05:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18216]: Connection closed by 103.77.242.62 port 38216 [preauth]
Jun 25 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17053]: pam_unix(cron:session): session closed for user root
Jun 25 05:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 05:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221  user=root
Jun 25 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Failed password for root from 143.110.247.221 port 49326 ssh2
Jun 25 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Received disconnect from 143.110.247.221 port 49326:11: Bye Bye [preauth]
Jun 25 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Disconnected from 143.110.247.221 port 49326 [preauth]
Jun 25 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18408]: pam_unix(cron:session): session closed for user root
Jun 25 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18402]: pam_unix(cron:session): session closed for user root
Jun 25 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18400]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18566]: Successful su for rubyman by root
Jun 25 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18566]: + ??? root:rubyman
Jun 25 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588410 of user rubyman.
Jun 25 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18566]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588410.
Jun 25 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18403]: pam_unix(cron:session): session closed for user root
Jun 25 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15738]: pam_unix(cron:session): session closed for user root
Jun 25 06:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18401]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17462]: pam_unix(cron:session): session closed for user root
Jun 25 06:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18969]: Invalid user devops from 190.128.201.18
Jun 25 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18969]: input_userauth_request: invalid user devops [preauth]
Jun 25 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18969]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18969]: Failed password for invalid user devops from 190.128.201.18 port 9399 ssh2
Jun 25 06:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18969]: Received disconnect from 190.128.201.18 port 9399:11: Bye Bye [preauth]
Jun 25 06:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18969]: Disconnected from 190.128.201.18 port 9399 [preauth]
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18990]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: Successful su for rubyman by root
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: + ??? root:rubyman
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588417 of user rubyman.
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588417.
Jun 25 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16124]: pam_unix(cron:session): session closed for user root
Jun 25 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18991]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17952]: pam_unix(cron:session): session closed for user root
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19611]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19762]: Successful su for rubyman by root
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19762]: + ??? root:rubyman
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588422 of user rubyman.
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19762]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588422.
Jun 25 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16546]: pam_unix(cron:session): session closed for user root
Jun 25 06:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19613]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18407]: pam_unix(cron:session): session closed for user root
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20107]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20264]: Successful su for rubyman by root
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20264]: + ??? root:rubyman
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588425 of user rubyman.
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20264]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588425.
Jun 25 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17052]: pam_unix(cron:session): session closed for user root
Jun 25 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20108]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Failed password for root from 147.45.199.80 port 47670 ssh2
Jun 25 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Connection closed by 147.45.199.80 port 47670 [preauth]
Jun 25 06:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 06:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Failed password for root from 193.37.70.224 port 34788 ssh2
Jun 25 06:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Connection closed by 193.37.70.224 port 34788 [preauth]
Jun 25 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18993]: pam_unix(cron:session): session closed for user root
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20629]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: Successful su for rubyman by root
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: + ??? root:rubyman
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588429 of user rubyman.
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588429.
Jun 25 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17461]: pam_unix(cron:session): session closed for user root
Jun 25 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20632]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19615]: pam_unix(cron:session): session closed for user root
Jun 25 06:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 06:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Failed password for root from 103.176.20.57 port 34762 ssh2
Jun 25 06:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Connection closed by 103.176.20.57 port 34762 [preauth]
Jun 25 06:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: Invalid user test from 45.148.10.121
Jun 25 06:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: input_userauth_request: invalid user test [preauth]
Jun 25 06:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 06:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: Failed password for invalid user test from 45.148.10.121 port 40214 ssh2
Jun 25 06:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: Connection closed by 45.148.10.121 port 40214 [preauth]
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21122]: pam_unix(cron:session): session closed for user root
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21116]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21193]: Successful su for rubyman by root
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21193]: + ??? root:rubyman
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588437 of user rubyman.
Jun 25 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21193]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588437.
Jun 25 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21118]: pam_unix(cron:session): session closed for user root
Jun 25 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17951]: pam_unix(cron:session): session closed for user root
Jun 25 06:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21117]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21478]: Connection reset by 62.60.130.219 port 35076 [preauth]
Jun 25 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20110]: pam_unix(cron:session): session closed for user root
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21576]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21650]: Successful su for rubyman by root
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21650]: + ??? root:rubyman
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588439 of user rubyman.
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21650]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588439.
Jun 25 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18404]: pam_unix(cron:session): session closed for user root
Jun 25 06:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21577]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: Failed password for root from 62.133.62.83 port 45466 ssh2
Jun 25 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: Connection closed by 62.133.62.83 port 45466 [preauth]
Jun 25 06:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20634]: pam_unix(cron:session): session closed for user root
Jun 25 06:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 25 06:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.52.186.237
Jun 25 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22016]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: Successful su for rubyman by root
Jun 25 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: + ??? root:rubyman
Jun 25 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588444 of user rubyman.
Jun 25 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588444.
Jun 25 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18992]: pam_unix(cron:session): session closed for user root
Jun 25 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22017]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21120]: pam_unix(cron:session): session closed for user root
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22506]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22566]: Successful su for rubyman by root
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22566]: + ??? root:rubyman
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588447 of user rubyman.
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22566]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588447.
Jun 25 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19614]: pam_unix(cron:session): session closed for user root
Jun 25 06:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22507]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: Invalid user kevin from 14.103.105.62
Jun 25 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: input_userauth_request: invalid user kevin [preauth]
Jun 25 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.62
Jun 25 06:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: Failed password for invalid user kevin from 14.103.105.62 port 37090 ssh2
Jun 25 06:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: Received disconnect from 14.103.105.62 port 37090:11: Bye Bye [preauth]
Jun 25 06:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: Disconnected from 14.103.105.62 port 37090 [preauth]
Jun 25 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21580]: pam_unix(cron:session): session closed for user root
Jun 25 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22911]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23030]: Successful su for rubyman by root
Jun 25 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23030]: + ??? root:rubyman
Jun 25 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588452 of user rubyman.
Jun 25 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23030]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588452.
Jun 25 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22909]: pam_unix(cron:session): session closed for user root
Jun 25 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20109]: pam_unix(cron:session): session closed for user root
Jun 25 06:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22912]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Invalid user admin from 141.98.83.240
Jun 25 06:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 06:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Failed password for invalid user admin from 141.98.83.240 port 58844 ssh2
Jun 25 06:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Failed password for invalid user admin from 141.98.83.240 port 58844 ssh2
Jun 25 06:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Failed password for invalid user admin from 141.98.83.240 port 58844 ssh2
Jun 25 06:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Connection closed by 141.98.83.240 port 58844 [preauth]
Jun 25 06:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22019]: pam_unix(cron:session): session closed for user root
Jun 25 06:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 25 06:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: Failed password for root from 147.45.211.215 port 38822 ssh2
Jun 25 06:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: Connection closed by 147.45.211.215 port 38822 [preauth]
Jun 25 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23433]: pam_unix(cron:session): session closed for user root
Jun 25 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23428]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23498]: Successful su for rubyman by root
Jun 25 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23498]: + ??? root:rubyman
Jun 25 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588456 of user rubyman.
Jun 25 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23498]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588456.
Jun 25 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23430]: pam_unix(cron:session): session closed for user root
Jun 25 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20633]: pam_unix(cron:session): session closed for user root
Jun 25 06:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23429]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22509]: pam_unix(cron:session): session closed for user root
Jun 25 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 06:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: Failed password for root from 194.113.233.25 port 54164 ssh2
Jun 25 06:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23804]: Connection closed by 194.113.233.25 port 54164 [preauth]
Jun 25 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: Successful su for rubyman by root
Jun 25 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: + ??? root:rubyman
Jun 25 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588462 of user rubyman.
Jun 25 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588462.
Jun 25 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21119]: pam_unix(cron:session): session closed for user root
Jun 25 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session closed for user root
Jun 25 06:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24353]: Invalid user ubuntu from 79.110.201.164
Jun 25 06:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24353]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24353]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24353]: Failed password for invalid user ubuntu from 79.110.201.164 port 47012 ssh2
Jun 25 06:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24353]: Received disconnect from 79.110.201.164 port 47012:11: Bye Bye [preauth]
Jun 25 06:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24353]: Disconnected from 79.110.201.164 port 47012 [preauth]
Jun 25 06:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Invalid user shoutcast from 143.110.247.221
Jun 25 06:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: input_userauth_request: invalid user shoutcast [preauth]
Jun 25 06:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Failed password for invalid user shoutcast from 143.110.247.221 port 55272 ssh2
Jun 25 06:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Received disconnect from 143.110.247.221 port 55272:11: Bye Bye [preauth]
Jun 25 06:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24355]: Disconnected from 143.110.247.221 port 55272 [preauth]
Jun 25 06:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 06:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: Invalid user andi from 190.128.201.18
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: input_userauth_request: invalid user andi [preauth]
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24406]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: Failed password for root from 109.237.96.109 port 33922 ssh2
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24477]: Successful su for rubyman by root
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24477]: + ??? root:rubyman
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588469 of user rubyman.
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24477]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588469.
Jun 25 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: Connection closed by 109.237.96.109 port 33922 [preauth]
Jun 25 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Invalid user ftp1 from 45.165.14.197
Jun 25 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: input_userauth_request: invalid user ftp1 [preauth]
Jun 25 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: Failed password for invalid user andi from 190.128.201.18 port 42478 ssh2
Jun 25 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: Received disconnect from 190.128.201.18 port 42478:11: Bye Bye [preauth]
Jun 25 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24403]: Disconnected from 190.128.201.18 port 42478 [preauth]
Jun 25 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21579]: pam_unix(cron:session): session closed for user root
Jun 25 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Failed password for invalid user ftp1 from 45.165.14.197 port 64899 ssh2
Jun 25 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Received disconnect from 45.165.14.197 port 64899:11: Bye Bye [preauth]
Jun 25 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Disconnected from 45.165.14.197 port 64899 [preauth]
Jun 25 06:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24407]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23432]: pam_unix(cron:session): session closed for user root
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24897]: Successful su for rubyman by root
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24897]: + ??? root:rubyman
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588471 of user rubyman.
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24897]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588471.
Jun 25 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22018]: pam_unix(cron:session): session closed for user root
Jun 25 06:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24839]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23979]: pam_unix(cron:session): session closed for user root
Jun 25 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25236]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25293]: Successful su for rubyman by root
Jun 25 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25293]: + ??? root:rubyman
Jun 25 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588474 of user rubyman.
Jun 25 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25293]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588474.
Jun 25 06:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22508]: pam_unix(cron:session): session closed for user root
Jun 25 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197  user=root
Jun 25 06:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25237]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: Failed password for root from 45.165.14.197 port 35186 ssh2
Jun 25 06:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: Received disconnect from 45.165.14.197 port 35186:11: Bye Bye [preauth]
Jun 25 06:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25402]: Disconnected from 45.165.14.197 port 35186 [preauth]
Jun 25 06:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: Invalid user amin from 143.110.247.221
Jun 25 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: input_userauth_request: invalid user amin [preauth]
Jun 25 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: Failed password for invalid user amin from 143.110.247.221 port 52910 ssh2
Jun 25 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: Received disconnect from 143.110.247.221 port 52910:11: Bye Bye [preauth]
Jun 25 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: Disconnected from 143.110.247.221 port 52910 [preauth]
Jun 25 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24409]: pam_unix(cron:session): session closed for user root
Jun 25 06:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18  user=root
Jun 25 06:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25571]: Failed password for root from 190.128.201.18 port 41484 ssh2
Jun 25 06:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25571]: Received disconnect from 190.128.201.18 port 41484:11: Bye Bye [preauth]
Jun 25 06:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25571]: Disconnected from 190.128.201.18 port 41484 [preauth]
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25632]: pam_unix(cron:session): session closed for user root
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25627]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25694]: Successful su for rubyman by root
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25694]: + ??? root:rubyman
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588478 of user rubyman.
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25694]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588478.
Jun 25 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25629]: pam_unix(cron:session): session closed for user root
Jun 25 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session closed for user root
Jun 25 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25628]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Invalid user holland from 2.57.121.112
Jun 25 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: input_userauth_request: invalid user holland [preauth]
Jun 25 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 06:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Failed password for invalid user holland from 2.57.121.112 port 8662 ssh2
Jun 25 06:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Failed password for invalid user holland from 2.57.121.112 port 8662 ssh2
Jun 25 06:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Failed password for invalid user holland from 2.57.121.112 port 8662 ssh2
Jun 25 06:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Failed password for invalid user holland from 2.57.121.112 port 8662 ssh2
Jun 25 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Failed password for invalid user holland from 2.57.121.112 port 8662 ssh2
Jun 25 06:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Connection closed by 2.57.121.112 port 8662 [preauth]
Jun 25 06:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 06:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session closed for user root
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26043]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26112]: Successful su for rubyman by root
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26112]: + ??? root:rubyman
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588484 of user rubyman.
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26112]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588484.
Jun 25 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23431]: pam_unix(cron:session): session closed for user root
Jun 25 06:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26044]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197  user=root
Jun 25 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26309]: Failed password for root from 45.165.14.197 port 3723 ssh2
Jun 25 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26309]: Received disconnect from 45.165.14.197 port 3723:11: Bye Bye [preauth]
Jun 25 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26309]: Disconnected from 45.165.14.197 port 3723 [preauth]
Jun 25 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25239]: pam_unix(cron:session): session closed for user root
Jun 25 06:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: Invalid user admin from 193.46.255.86
Jun 25 06:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 06:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: Failed password for invalid user admin from 193.46.255.86 port 24366 ssh2
Jun 25 06:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: Failed password for invalid user admin from 193.46.255.86 port 24366 ssh2
Jun 25 06:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: Failed password for invalid user admin from 193.46.255.86 port 24366 ssh2
Jun 25 06:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: Connection closed by 193.46.255.86 port 24366 [preauth]
Jun 25 06:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26426]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26453]: pam_unix(cron:session): session closed for user root
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26455]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26518]: Successful su for rubyman by root
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26518]: + ??? root:rubyman
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588488 of user rubyman.
Jun 25 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26518]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588488.
Jun 25 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23978]: pam_unix(cron:session): session closed for user root
Jun 25 06:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26456]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Invalid user nikita from 190.128.201.18
Jun 25 06:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: input_userauth_request: invalid user nikita [preauth]
Jun 25 06:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Failed password for invalid user nikita from 190.128.201.18 port 46380 ssh2
Jun 25 06:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Received disconnect from 190.128.201.18 port 46380:11: Bye Bye [preauth]
Jun 25 06:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Disconnected from 190.128.201.18 port 46380 [preauth]
Jun 25 06:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Invalid user foundry from 143.110.247.221
Jun 25 06:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: input_userauth_request: invalid user foundry [preauth]
Jun 25 06:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Failed password for invalid user foundry from 143.110.247.221 port 37042 ssh2
Jun 25 06:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Received disconnect from 143.110.247.221 port 37042:11: Bye Bye [preauth]
Jun 25 06:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Disconnected from 143.110.247.221 port 37042 [preauth]
Jun 25 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25631]: pam_unix(cron:session): session closed for user root
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26946]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27005]: Successful su for rubyman by root
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27005]: + ??? root:rubyman
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588495 of user rubyman.
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27005]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588495.
Jun 25 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24408]: pam_unix(cron:session): session closed for user root
Jun 25 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26947]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Invalid user liyang from 45.165.14.197
Jun 25 06:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: input_userauth_request: invalid user liyang [preauth]
Jun 25 06:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Failed password for invalid user liyang from 45.165.14.197 port 45153 ssh2
Jun 25 06:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Received disconnect from 45.165.14.197 port 45153:11: Bye Bye [preauth]
Jun 25 06:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Disconnected from 45.165.14.197 port 45153 [preauth]
Jun 25 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session closed for user root
Jun 25 06:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 25 06:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Failed password for root from 186.96.158.180 port 65398 ssh2
Jun 25 06:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Received disconnect from 186.96.158.180 port 65398:11: Bye Bye [preauth]
Jun 25 06:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Disconnected from 186.96.158.180 port 65398 [preauth]
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27365]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27423]: Successful su for rubyman by root
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27423]: + ??? root:rubyman
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588498 of user rubyman.
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27423]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588498.
Jun 25 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24840]: pam_unix(cron:session): session closed for user root
Jun 25 06:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27366]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Connection closed by 14.103.105.62 port 54350 [preauth]
Jun 25 06:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 06:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: Failed password for root from 176.32.39.21 port 59172 ssh2
Jun 25 06:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: Connection closed by 176.32.39.21 port 59172 [preauth]
Jun 25 06:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26458]: pam_unix(cron:session): session closed for user root
Jun 25 06:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Invalid user abbas from 190.128.201.18
Jun 25 06:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: input_userauth_request: invalid user abbas [preauth]
Jun 25 06:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Failed password for invalid user abbas from 190.128.201.18 port 10894 ssh2
Jun 25 06:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Received disconnect from 190.128.201.18 port 10894:11: Bye Bye [preauth]
Jun 25 06:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Disconnected from 190.128.201.18 port 10894 [preauth]
Jun 25 06:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 06:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Failed password for root from 77.94.47.83 port 38930 ssh2
Jun 25 06:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Connection closed by 77.94.47.83 port 38930 [preauth]
Jun 25 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session closed for user root
Jun 25 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27783]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27859]: Successful su for rubyman by root
Jun 25 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27859]: + ??? root:rubyman
Jun 25 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588503 of user rubyman.
Jun 25 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27859]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588503.
Jun 25 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27785]: pam_unix(cron:session): session closed for user root
Jun 25 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25238]: pam_unix(cron:session): session closed for user root
Jun 25 06:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27784]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221  user=root
Jun 25 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: Failed password for root from 143.110.247.221 port 33050 ssh2
Jun 25 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: Received disconnect from 143.110.247.221 port 33050:11: Bye Bye [preauth]
Jun 25 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: Disconnected from 143.110.247.221 port 33050 [preauth]
Jun 25 06:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197  user=root
Jun 25 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26949]: pam_unix(cron:session): session closed for user root
Jun 25 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: Failed password for root from 45.165.14.197 port 19265 ssh2
Jun 25 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: Received disconnect from 45.165.14.197 port 19265:11: Bye Bye [preauth]
Jun 25 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: Disconnected from 45.165.14.197 port 19265 [preauth]
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28281]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28278]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28343]: Successful su for rubyman by root
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28343]: + ??? root:rubyman
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588507 of user rubyman.
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28343]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588507.
Jun 25 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session closed for user root
Jun 25 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28279]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=root
Jun 25 06:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28533]: Failed password for root from 79.110.201.164 port 39078 ssh2
Jun 25 06:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28533]: Received disconnect from 79.110.201.164 port 39078:11: Bye Bye [preauth]
Jun 25 06:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28533]: Disconnected from 79.110.201.164 port 39078 [preauth]
Jun 25 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27368]: pam_unix(cron:session): session closed for user root
Jun 25 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28776]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28835]: Successful su for rubyman by root
Jun 25 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28835]: + ??? root:rubyman
Jun 25 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588513 of user rubyman.
Jun 25 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28835]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588513.
Jun 25 06:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26045]: pam_unix(cron:session): session closed for user root
Jun 25 06:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28777]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: Invalid user amin from 190.128.201.18
Jun 25 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: input_userauth_request: invalid user amin [preauth]
Jun 25 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: Failed password for invalid user amin from 190.128.201.18 port 41964 ssh2
Jun 25 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: Received disconnect from 190.128.201.18 port 41964:11: Bye Bye [preauth]
Jun 25 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: Disconnected from 190.128.201.18 port 41964 [preauth]
Jun 25 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session closed for user root
Jun 25 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: Invalid user abbas from 45.165.14.197
Jun 25 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: input_userauth_request: invalid user abbas [preauth]
Jun 25 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Invalid user yoyo from 143.110.247.221
Jun 25 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: input_userauth_request: invalid user yoyo [preauth]
Jun 25 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: Failed password for invalid user abbas from 45.165.14.197 port 41225 ssh2
Jun 25 06:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: Received disconnect from 45.165.14.197 port 41225:11: Bye Bye [preauth]
Jun 25 06:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: Disconnected from 45.165.14.197 port 41225 [preauth]
Jun 25 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Failed password for invalid user yoyo from 143.110.247.221 port 39276 ssh2
Jun 25 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Received disconnect from 143.110.247.221 port 39276:11: Bye Bye [preauth]
Jun 25 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Disconnected from 143.110.247.221 port 39276 [preauth]
Jun 25 06:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29177]: Invalid user kav from 79.110.201.164
Jun 25 06:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29177]: input_userauth_request: invalid user kav [preauth]
Jun 25 06:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29177]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29177]: Failed password for invalid user kav from 79.110.201.164 port 45956 ssh2
Jun 25 06:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29177]: Received disconnect from 79.110.201.164 port 45956:11: Bye Bye [preauth]
Jun 25 06:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29177]: Disconnected from 79.110.201.164 port 45956 [preauth]
Jun 25 06:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29211]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29290]: Successful su for rubyman by root
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29290]: + ??? root:rubyman
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588516 of user rubyman.
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29290]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588516.
Jun 25 06:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26457]: pam_unix(cron:session): session closed for user root
Jun 25 06:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Failed password for root from 202.178.126.219 port 48143 ssh2
Jun 25 06:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29212]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Connection closed by 202.178.126.219 port 48143 [preauth]
Jun 25 06:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28281]: pam_unix(cron:session): session closed for user root
Jun 25 06:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 06:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Failed password for root from 103.27.238.120 port 33416 ssh2
Jun 25 06:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Connection closed by 103.27.238.120 port 33416 [preauth]
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29806]: Successful su for rubyman by root
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29806]: + ??? root:rubyman
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588519 of user rubyman.
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29806]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588519.
Jun 25 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26948]: pam_unix(cron:session): session closed for user root
Jun 25 06:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: Invalid user payroll from 79.110.201.164
Jun 25 06:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: input_userauth_request: invalid user payroll [preauth]
Jun 25 06:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: Failed password for invalid user payroll from 79.110.201.164 port 43392 ssh2
Jun 25 06:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: Received disconnect from 79.110.201.164 port 43392:11: Bye Bye [preauth]
Jun 25 06:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30052]: Disconnected from 79.110.201.164 port 43392 [preauth]
Jun 25 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28779]: pam_unix(cron:session): session closed for user root
Jun 25 06:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: Invalid user amin from 45.165.14.197
Jun 25 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: input_userauth_request: invalid user amin [preauth]
Jun 25 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18  user=root
Jun 25 06:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: Failed password for invalid user amin from 45.165.14.197 port 15323 ssh2
Jun 25 06:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: Received disconnect from 45.165.14.197 port 15323:11: Bye Bye [preauth]
Jun 25 06:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: Disconnected from 45.165.14.197 port 15323 [preauth]
Jun 25 06:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Failed password for root from 190.128.201.18 port 60118 ssh2
Jun 25 06:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Received disconnect from 190.128.201.18 port 60118:11: Bye Bye [preauth]
Jun 25 06:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Disconnected from 190.128.201.18 port 60118 [preauth]
Jun 25 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30178]: pam_unix(cron:session): session closed for user root
Jun 25 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30172]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30256]: Successful su for rubyman by root
Jun 25 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30256]: + ??? root:rubyman
Jun 25 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588528 of user rubyman.
Jun 25 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30256]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588528.
Jun 25 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30174]: pam_unix(cron:session): session closed for user root
Jun 25 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27367]: pam_unix(cron:session): session closed for user root
Jun 25 06:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30173]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221  user=root
Jun 25 06:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: Failed password for root from 143.110.247.221 port 60950 ssh2
Jun 25 06:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: Received disconnect from 143.110.247.221 port 60950:11: Bye Bye [preauth]
Jun 25 06:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: Disconnected from 143.110.247.221 port 60950 [preauth]
Jun 25 06:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 06:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: Failed password for root from 103.172.78.219 port 37662 ssh2
Jun 25 06:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30532]: Connection closed by 103.172.78.219 port 37662 [preauth]
Jun 25 06:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session closed for user root
Jun 25 06:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=root
Jun 25 06:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Failed password for root from 79.110.201.164 port 44740 ssh2
Jun 25 06:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Received disconnect from 79.110.201.164 port 44740:11: Bye Bye [preauth]
Jun 25 06:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Disconnected from 79.110.201.164 port 44740 [preauth]
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30640]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: Successful su for rubyman by root
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: + ??? root:rubyman
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588530 of user rubyman.
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588530.
Jun 25 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27786]: pam_unix(cron:session): session closed for user root
Jun 25 06:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30641]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 25 06:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Failed password for root from 186.96.158.180 port 8292 ssh2
Jun 25 06:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Received disconnect from 186.96.158.180 port 8292:11: Bye Bye [preauth]
Jun 25 06:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Disconnected from 186.96.158.180 port 8292 [preauth]
Jun 25 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session closed for user root
Jun 25 06:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Invalid user misuser from 45.165.14.197
Jun 25 06:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: input_userauth_request: invalid user misuser [preauth]
Jun 25 06:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Failed password for invalid user misuser from 45.165.14.197 port 46887 ssh2
Jun 25 06:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Received disconnect from 45.165.14.197 port 46887:11: Bye Bye [preauth]
Jun 25 06:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Disconnected from 45.165.14.197 port 46887 [preauth]
Jun 25 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31153]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: Invalid user  from 45.153.34.235
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: input_userauth_request: invalid user  [preauth]
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31211]: Successful su for rubyman by root
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31211]: + ??? root:rubyman
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588535 of user rubyman.
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31211]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588535.
Jun 25 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28280]: pam_unix(cron:session): session closed for user root
Jun 25 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31154]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: Connection closed by 45.153.34.235 port 48598 [preauth]
Jun 25 06:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: Invalid user obc from 190.128.201.18
Jun 25 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: input_userauth_request: invalid user obc [preauth]
Jun 25 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: Failed password for invalid user obc from 190.128.201.18 port 49108 ssh2
Jun 25 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: Received disconnect from 190.128.201.18 port 49108:11: Bye Bye [preauth]
Jun 25 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: Disconnected from 190.128.201.18 port 49108 [preauth]
Jun 25 06:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30177]: pam_unix(cron:session): session closed for user root
Jun 25 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31494]: Invalid user ubuntu from 79.110.201.164
Jun 25 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31494]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31494]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31494]: Failed password for invalid user ubuntu from 79.110.201.164 port 51898 ssh2
Jun 25 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31494]: Received disconnect from 79.110.201.164 port 51898:11: Bye Bye [preauth]
Jun 25 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31494]: Disconnected from 79.110.201.164 port 51898 [preauth]
Jun 25 06:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221  user=root
Jun 25 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Failed password for root from 143.110.247.221 port 35118 ssh2
Jun 25 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Received disconnect from 143.110.247.221 port 35118:11: Bye Bye [preauth]
Jun 25 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Disconnected from 143.110.247.221 port 35118 [preauth]
Jun 25 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: Invalid user agent from 45.153.34.235
Jun 25 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: input_userauth_request: invalid user agent [preauth]
Jun 25 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: Failed password for invalid user agent from 45.153.34.235 port 59586 ssh2
Jun 25 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: Connection closed by 45.153.34.235 port 59586 [preauth]
Jun 25 06:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Invalid user tester from 45.153.34.235
Jun 25 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: input_userauth_request: invalid user tester [preauth]
Jun 25 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for invalid user tester from 45.153.34.235 port 59590 ssh2
Jun 25 06:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Connection closed by 45.153.34.235 port 59590 [preauth]
Jun 25 06:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Invalid user kafka from 45.153.34.235
Jun 25 06:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: input_userauth_request: invalid user kafka [preauth]
Jun 25 06:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Failed password for invalid user kafka from 45.153.34.235 port 59598 ssh2
Jun 25 06:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Connection closed by 45.153.34.235 port 59598 [preauth]
Jun 25 06:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Invalid user rocky from 45.153.34.235
Jun 25 06:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: input_userauth_request: invalid user rocky [preauth]
Jun 25 06:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Failed password for invalid user rocky from 45.153.34.235 port 43878 ssh2
Jun 25 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Connection closed by 45.153.34.235 port 43878 [preauth]
Jun 25 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31728]: Successful su for rubyman by root
Jun 25 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31728]: + ??? root:rubyman
Jun 25 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588538 of user rubyman.
Jun 25 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31728]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588538.
Jun 25 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: Invalid user prem from 45.153.34.235
Jun 25 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: input_userauth_request: invalid user prem [preauth]
Jun 25 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: Failed password for invalid user prem from 45.153.34.235 port 43886 ssh2
Jun 25 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31662]: Connection closed by 45.153.34.235 port 43886 [preauth]
Jun 25 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28778]: pam_unix(cron:session): session closed for user root
Jun 25 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Invalid user deploy from 45.153.34.235
Jun 25 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Failed password for invalid user deploy from 45.153.34.235 port 43890 ssh2
Jun 25 06:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Connection closed by 45.153.34.235 port 43890 [preauth]
Jun 25 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31919]: Failed password for root from 45.153.34.235 port 54794 ssh2
Jun 25 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31919]: Connection closed by 45.153.34.235 port 54794 [preauth]
Jun 25 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: Failed password for root from 45.153.34.235 port 54796 ssh2
Jun 25 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31929]: Connection closed by 45.153.34.235 port 54796 [preauth]
Jun 25 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Invalid user app from 45.153.34.235
Jun 25 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: input_userauth_request: invalid user app [preauth]
Jun 25 06:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Failed password for invalid user app from 45.153.34.235 port 54810 ssh2
Jun 25 06:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Connection closed by 45.153.34.235 port 54810 [preauth]
Jun 25 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: Invalid user kim from 45.153.34.235
Jun 25 06:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: input_userauth_request: invalid user kim [preauth]
Jun 25 06:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: Failed password for invalid user kim from 45.153.34.235 port 56874 ssh2
Jun 25 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: Connection closed by 45.153.34.235 port 56874 [preauth]
Jun 25 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31969]: Invalid user user from 45.153.34.235
Jun 25 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31969]: input_userauth_request: invalid user user [preauth]
Jun 25 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31969]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31969]: Failed password for invalid user user from 45.153.34.235 port 56878 ssh2
Jun 25 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31969]: Connection closed by 45.153.34.235 port 56878 [preauth]
Jun 25 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Invalid user user from 45.153.34.235
Jun 25 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: input_userauth_request: invalid user user [preauth]
Jun 25 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Connection closed by 14.103.105.62 port 59958 [preauth]
Jun 25 06:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Failed password for invalid user user from 45.153.34.235 port 56892 ssh2
Jun 25 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Connection closed by 45.153.34.235 port 56892 [preauth]
Jun 25 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32001]: Invalid user user from 45.153.34.235
Jun 25 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32001]: input_userauth_request: invalid user user [preauth]
Jun 25 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32001]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32001]: Failed password for invalid user user from 45.153.34.235 port 39942 ssh2
Jun 25 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32001]: Connection closed by 45.153.34.235 port 39942 [preauth]
Jun 25 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Invalid user dspace from 45.153.34.235
Jun 25 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: input_userauth_request: invalid user dspace [preauth]
Jun 25 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30644]: pam_unix(cron:session): session closed for user root
Jun 25 06:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Failed password for invalid user dspace from 45.153.34.235 port 39960 ssh2
Jun 25 06:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Connection closed by 45.153.34.235 port 39960 [preauth]
Jun 25 06:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Failed password for root from 45.153.34.235 port 39978 ssh2
Jun 25 06:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Connection closed by 45.153.34.235 port 39978 [preauth]
Jun 25 06:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: Invalid user ansible from 45.153.34.235
Jun 25 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: input_userauth_request: invalid user ansible [preauth]
Jun 25 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: Failed password for invalid user ansible from 45.153.34.235 port 57376 ssh2
Jun 25 06:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: Connection closed by 45.153.34.235 port 57376 [preauth]
Jun 25 06:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: Invalid user linuxuser from 45.153.34.235
Jun 25 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: input_userauth_request: invalid user linuxuser [preauth]
Jun 25 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: Failed password for invalid user linuxuser from 45.153.34.235 port 57384 ssh2
Jun 25 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: Connection closed by 45.153.34.235 port 57384 [preauth]
Jun 25 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: Invalid user es from 45.153.34.235
Jun 25 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: input_userauth_request: invalid user es [preauth]
Jun 25 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: Failed password for invalid user es from 45.153.34.235 port 43330 ssh2
Jun 25 06:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: Connection closed by 45.153.34.235 port 43330 [preauth]
Jun 25 06:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: Invalid user linux from 45.153.34.235
Jun 25 06:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: input_userauth_request: invalid user linux [preauth]
Jun 25 06:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: Failed password for invalid user linux from 45.153.34.235 port 43336 ssh2
Jun 25 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: Connection closed by 45.153.34.235 port 43336 [preauth]
Jun 25 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: Invalid user fastuser from 45.153.34.235
Jun 25 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Invalid user kp from 45.165.14.197
Jun 25 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: input_userauth_request: invalid user kp [preauth]
Jun 25 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: Failed password for invalid user fastuser from 45.153.34.235 port 43350 ssh2
Jun 25 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: Connection closed by 45.153.34.235 port 43350 [preauth]
Jun 25 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Failed password for invalid user kp from 45.165.14.197 port 18093 ssh2
Jun 25 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Received disconnect from 45.165.14.197 port 18093:11: Bye Bye [preauth]
Jun 25 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Disconnected from 45.165.14.197 port 18093 [preauth]
Jun 25 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32106]: Failed password for root from 45.153.34.235 port 49132 ssh2
Jun 25 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32106]: Connection closed by 45.153.34.235 port 49132 [preauth]
Jun 25 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Invalid user app from 45.153.34.235
Jun 25 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: input_userauth_request: invalid user app [preauth]
Jun 25 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32119]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: Successful su for rubyman by root
Jun 25 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: + ??? root:rubyman
Jun 25 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588544 of user rubyman.
Jun 25 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588544.
Jun 25 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Failed password for invalid user app from 45.153.34.235 port 49148 ssh2
Jun 25 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Connection closed by 45.153.34.235 port 49148 [preauth]
Jun 25 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session closed for user root
Jun 25 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: Invalid user teamspeak from 45.153.34.235
Jun 25 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32120]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: Failed password for invalid user teamspeak from 45.153.34.235 port 49160 ssh2
Jun 25 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: Connection closed by 45.153.34.235 port 49160 [preauth]
Jun 25 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Invalid user odoo17 from 45.153.34.235
Jun 25 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Failed password for invalid user odoo17 from 45.153.34.235 port 50458 ssh2
Jun 25 06:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Connection closed by 45.153.34.235 port 50458 [preauth]
Jun 25 06:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: Invalid user bernard from 45.153.34.235
Jun 25 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: input_userauth_request: invalid user bernard [preauth]
Jun 25 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: Invalid user user from 79.110.201.164
Jun 25 06:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: input_userauth_request: invalid user user [preauth]
Jun 25 06:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: Failed password for invalid user bernard from 45.153.34.235 port 50486 ssh2
Jun 25 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: Connection closed by 45.153.34.235 port 50486 [preauth]
Jun 25 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: Failed password for invalid user user from 79.110.201.164 port 56378 ssh2
Jun 25 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: Invalid user test from 45.153.34.235
Jun 25 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: input_userauth_request: invalid user test [preauth]
Jun 25 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: Received disconnect from 79.110.201.164 port 56378:11: Bye Bye [preauth]
Jun 25 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32375]: Disconnected from 79.110.201.164 port 56378 [preauth]
Jun 25 06:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: Failed password for invalid user test from 45.153.34.235 port 50524 ssh2
Jun 25 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: Connection closed by 45.153.34.235 port 50524 [preauth]
Jun 25 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Invalid user ansible from 45.153.34.235
Jun 25 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: input_userauth_request: invalid user ansible [preauth]
Jun 25 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Failed password for invalid user ansible from 45.153.34.235 port 47414 ssh2
Jun 25 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Connection closed by 45.153.34.235 port 47414 [preauth]
Jun 25 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: Failed password for root from 45.153.34.235 port 47438 ssh2
Jun 25 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: Connection closed by 45.153.34.235 port 47438 [preauth]
Jun 25 06:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Failed password for invalid user ubuntu from 45.153.34.235 port 47452 ssh2
Jun 25 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Connection closed by 45.153.34.235 port 47452 [preauth]
Jun 25 06:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Failed password for root from 45.153.34.235 port 33664 ssh2
Jun 25 06:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Connection closed by 45.153.34.235 port 33664 [preauth]
Jun 25 06:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: Invalid user nginx from 45.153.34.235
Jun 25 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: input_userauth_request: invalid user nginx [preauth]
Jun 25 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session closed for user root
Jun 25 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: Failed password for invalid user nginx from 45.153.34.235 port 33668 ssh2
Jun 25 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: Connection closed by 45.153.34.235 port 33668 [preauth]
Jun 25 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: Invalid user webmaster from 45.153.34.235
Jun 25 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: input_userauth_request: invalid user webmaster [preauth]
Jun 25 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: Failed password for invalid user webmaster from 45.153.34.235 port 33678 ssh2
Jun 25 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: Connection closed by 45.153.34.235 port 33678 [preauth]
Jun 25 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: Invalid user test from 45.153.34.235
Jun 25 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: input_userauth_request: invalid user test [preauth]
Jun 25 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: Failed password for invalid user test from 45.153.34.235 port 45638 ssh2
Jun 25 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: Connection closed by 45.153.34.235 port 45638 [preauth]
Jun 25 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: Invalid user steam from 45.153.34.235
Jun 25 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: input_userauth_request: invalid user steam [preauth]
Jun 25 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: Failed password for invalid user steam from 45.153.34.235 port 45646 ssh2
Jun 25 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: Connection closed by 45.153.34.235 port 45646 [preauth]
Jun 25 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Invalid user user03 from 190.128.201.18
Jun 25 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: input_userauth_request: invalid user user03 [preauth]
Jun 25 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Invalid user docker from 45.153.34.235
Jun 25 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: input_userauth_request: invalid user docker [preauth]
Jun 25 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Failed password for invalid user user03 from 190.128.201.18 port 32824 ssh2
Jun 25 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Received disconnect from 190.128.201.18 port 32824:11: Bye Bye [preauth]
Jun 25 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Disconnected from 190.128.201.18 port 32824 [preauth]
Jun 25 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Failed password for invalid user docker from 45.153.34.235 port 45654 ssh2
Jun 25 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Connection closed by 45.153.34.235 port 45654 [preauth]
Jun 25 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: Invalid user deploy from 45.153.34.235
Jun 25 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: Failed password for invalid user deploy from 45.153.34.235 port 58562 ssh2
Jun 25 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: Connection closed by 45.153.34.235 port 58562 [preauth]
Jun 25 06:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Failed password for root from 45.153.34.235 port 58578 ssh2
Jun 25 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Connection closed by 45.153.34.235 port 58578 [preauth]
Jun 25 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: Failed password for root from 45.153.34.235 port 58592 ssh2
Jun 25 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: Connection closed by 45.153.34.235 port 58592 [preauth]
Jun 25 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Invalid user installer from 45.153.34.235
Jun 25 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: input_userauth_request: invalid user installer [preauth]
Jun 25 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Failed password for invalid user installer from 45.153.34.235 port 48972 ssh2
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32565]: pam_unix(cron:session): session closed for user root
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32560]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Connection closed by 45.153.34.235 port 48972 [preauth]
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32628]: Successful su for rubyman by root
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32628]: + ??? root:rubyman
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588549 of user rubyman.
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32628]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588549.
Jun 25 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Invalid user localhost from 45.153.34.235
Jun 25 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: input_userauth_request: invalid user localhost [preauth]
Jun 25 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32562]: pam_unix(cron:session): session closed for user root
Jun 25 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session closed for user root
Jun 25 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Failed password for invalid user localhost from 45.153.34.235 port 48974 ssh2
Jun 25 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Connection closed by 45.153.34.235 port 48974 [preauth]
Jun 25 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: Invalid user hduser from 45.153.34.235
Jun 25 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: input_userauth_request: invalid user hduser [preauth]
Jun 25 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32561]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Failed password for root from 80.66.85.226 port 40484 ssh2
Jun 25 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Connection closed by 80.66.85.226 port 40484 [preauth]
Jun 25 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: Failed password for invalid user hduser from 45.153.34.235 port 48980 ssh2
Jun 25 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: Connection closed by 45.153.34.235 port 48980 [preauth]
Jun 25 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: Invalid user pi from 45.153.34.235
Jun 25 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: input_userauth_request: invalid user pi [preauth]
Jun 25 06:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: Failed password for invalid user pi from 45.153.34.235 port 43438 ssh2
Jun 25 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[400]: Connection closed by 45.153.34.235 port 43438 [preauth]
Jun 25 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[405]: Failed password for root from 45.153.34.235 port 43460 ssh2
Jun 25 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[405]: Connection closed by 45.153.34.235 port 43460 [preauth]
Jun 25 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: Invalid user security from 45.153.34.235
Jun 25 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: input_userauth_request: invalid user security [preauth]
Jun 25 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: Failed password for invalid user security from 45.153.34.235 port 43482 ssh2
Jun 25 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[438]: Connection closed by 45.153.34.235 port 43482 [preauth]
Jun 25 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: Invalid user ali from 45.153.34.235
Jun 25 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: input_userauth_request: invalid user ali [preauth]
Jun 25 06:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: Failed password for invalid user ali from 45.153.34.235 port 52790 ssh2
Jun 25 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: Connection closed by 45.153.34.235 port 52790 [preauth]
Jun 25 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Invalid user misuser from 143.110.247.221
Jun 25 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: input_userauth_request: invalid user misuser [preauth]
Jun 25 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Failed password for invalid user misuser from 143.110.247.221 port 58366 ssh2
Jun 25 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: Failed password for root from 45.153.34.235 port 52804 ssh2
Jun 25 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Received disconnect from 143.110.247.221 port 58366:11: Bye Bye [preauth]
Jun 25 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Disconnected from 143.110.247.221 port 58366 [preauth]
Jun 25 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: Connection closed by 45.153.34.235 port 52804 [preauth]
Jun 25 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[605]: Failed password for root from 45.153.34.235 port 40250 ssh2
Jun 25 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[605]: Connection closed by 45.153.34.235 port 40250 [preauth]
Jun 25 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[615]: Failed password for root from 45.153.34.235 port 40264 ssh2
Jun 25 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[615]: Connection closed by 45.153.34.235 port 40264 [preauth]
Jun 25 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session closed for user root
Jun 25 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Invalid user myuser from 45.153.34.235
Jun 25 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: input_userauth_request: invalid user myuser [preauth]
Jun 25 06:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Failed password for invalid user myuser from 45.153.34.235 port 40278 ssh2
Jun 25 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Connection closed by 45.153.34.235 port 40278 [preauth]
Jun 25 06:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Invalid user deploy from 45.153.34.235
Jun 25 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Failed password for invalid user deploy from 45.153.34.235 port 51668 ssh2
Jun 25 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Connection closed by 45.153.34.235 port 51668 [preauth]
Jun 25 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[654]: Invalid user fahmi from 45.153.34.235
Jun 25 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[654]: input_userauth_request: invalid user fahmi [preauth]
Jun 25 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[654]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[654]: Failed password for invalid user fahmi from 45.153.34.235 port 51682 ssh2
Jun 25 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[654]: Connection closed by 45.153.34.235 port 51682 [preauth]
Jun 25 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: Invalid user deploy from 45.153.34.235
Jun 25 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: Failed password for invalid user deploy from 45.153.34.235 port 51698 ssh2
Jun 25 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: Connection closed by 45.153.34.235 port 51698 [preauth]
Jun 25 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: Invalid user ts3 from 79.110.201.164
Jun 25 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: Invalid user admin from 45.153.34.235
Jun 25 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: Failed password for invalid user ts3 from 79.110.201.164 port 53958 ssh2
Jun 25 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: Received disconnect from 79.110.201.164 port 53958:11: Bye Bye [preauth]
Jun 25 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[692]: Disconnected from 79.110.201.164 port 53958 [preauth]
Jun 25 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: Failed password for invalid user admin from 45.153.34.235 port 36334 ssh2
Jun 25 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: Connection closed by 45.153.34.235 port 36334 [preauth]
Jun 25 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Invalid user runner from 45.153.34.235
Jun 25 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: input_userauth_request: invalid user runner [preauth]
Jun 25 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Failed password for invalid user runner from 45.153.34.235 port 36366 ssh2
Jun 25 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Connection closed by 45.153.34.235 port 36366 [preauth]
Jun 25 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[710]: Connection closed by 194.59.206.2 port 41156 [preauth]
Jun 25 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[708]: Invalid user admin from 45.153.34.235
Jun 25 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[708]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[708]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[708]: Failed password for invalid user admin from 45.153.34.235 port 36378 ssh2
Jun 25 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[708]: Connection closed by 45.153.34.235 port 36378 [preauth]
Jun 25 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Invalid user nexus from 45.153.34.235
Jun 25 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: input_userauth_request: invalid user nexus [preauth]
Jun 25 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Failed password for invalid user nexus from 45.153.34.235 port 40950 ssh2
Jun 25 06:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Connection closed by 45.153.34.235 port 40950 [preauth]
Jun 25 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Invalid user user2 from 45.153.34.235
Jun 25 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: input_userauth_request: invalid user user2 [preauth]
Jun 25 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[814]: Successful su for rubyman by root
Jun 25 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[814]: + ??? root:rubyman
Jun 25 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588552 of user rubyman.
Jun 25 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[814]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588552.
Jun 25 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197  user=root
Jun 25 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Failed password for invalid user user2 from 45.153.34.235 port 40964 ssh2
Jun 25 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Connection closed by 45.153.34.235 port 40964 [preauth]
Jun 25 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30175]: pam_unix(cron:session): session closed for user root
Jun 25 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: Failed password for root from 45.165.14.197 port 58265 ssh2
Jun 25 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: Received disconnect from 45.165.14.197 port 58265:11: Bye Bye [preauth]
Jun 25 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: Disconnected from 45.165.14.197 port 58265 [preauth]
Jun 25 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: Failed password for invalid user ubuntu from 45.153.34.235 port 40966 ssh2
Jun 25 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: Connection closed by 45.153.34.235 port 40966 [preauth]
Jun 25 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Failed password for root from 45.153.34.235 port 54394 ssh2
Jun 25 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Connection closed by 45.153.34.235 port 54394 [preauth]
Jun 25 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Invalid user daniel from 45.153.34.235
Jun 25 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: input_userauth_request: invalid user daniel [preauth]
Jun 25 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Failed password for invalid user daniel from 45.153.34.235 port 54396 ssh2
Jun 25 06:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Connection closed by 45.153.34.235 port 54396 [preauth]
Jun 25 06:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: Invalid user hamed from 45.153.34.235
Jun 25 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: input_userauth_request: invalid user hamed [preauth]
Jun 25 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: Failed password for invalid user hamed from 45.153.34.235 port 54410 ssh2
Jun 25 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: Connection closed by 45.153.34.235 port 54410 [preauth]
Jun 25 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: Invalid user node from 45.153.34.235
Jun 25 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: input_userauth_request: invalid user node [preauth]
Jun 25 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: Failed password for invalid user node from 45.153.34.235 port 49524 ssh2
Jun 25 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: Connection closed by 45.153.34.235 port 49524 [preauth]
Jun 25 06:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1067]: Invalid user devops from 45.153.34.235
Jun 25 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1067]: input_userauth_request: invalid user devops [preauth]
Jun 25 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1067]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1067]: Failed password for invalid user devops from 45.153.34.235 port 49546 ssh2
Jun 25 06:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1067]: Connection closed by 45.153.34.235 port 49546 [preauth]
Jun 25 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Invalid user adminuser from 45.153.34.235
Jun 25 06:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: input_userauth_request: invalid user adminuser [preauth]
Jun 25 06:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Failed password for invalid user adminuser from 45.153.34.235 port 49574 ssh2
Jun 25 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Connection closed by 45.153.34.235 port 49574 [preauth]
Jun 25 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: Invalid user core from 45.153.34.235
Jun 25 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: input_userauth_request: invalid user core [preauth]
Jun 25 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: Failed password for invalid user core from 45.153.34.235 port 43378 ssh2
Jun 25 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: Connection closed by 45.153.34.235 port 43378 [preauth]
Jun 25 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Invalid user sysupdate from 45.153.34.235
Jun 25 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: input_userauth_request: invalid user sysupdate [preauth]
Jun 25 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32122]: pam_unix(cron:session): session closed for user root
Jun 25 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Failed password for invalid user sysupdate from 45.153.34.235 port 43386 ssh2
Jun 25 06:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Connection closed by 45.153.34.235 port 43386 [preauth]
Jun 25 06:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1153]: Failed password for root from 45.153.34.235 port 43398 ssh2
Jun 25 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1153]: Connection closed by 45.153.34.235 port 43398 [preauth]
Jun 25 06:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Invalid user usuario from 45.153.34.235
Jun 25 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: input_userauth_request: invalid user usuario [preauth]
Jun 25 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Failed password for invalid user usuario from 45.153.34.235 port 59198 ssh2
Jun 25 06:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Connection closed by 45.153.34.235 port 59198 [preauth]
Jun 25 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Invalid user clawdbot from 45.153.34.235
Jun 25 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: input_userauth_request: invalid user clawdbot [preauth]
Jun 25 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Failed password for invalid user clawdbot from 45.153.34.235 port 59220 ssh2
Jun 25 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Connection closed by 45.153.34.235 port 59220 [preauth]
Jun 25 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Failed password for root from 45.153.34.235 port 59234 ssh2
Jun 25 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Connection closed by 45.153.34.235 port 59234 [preauth]
Jun 25 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: Failed password for root from 51.250.105.222 port 47076 ssh2
Jun 25 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: Connection closed by 51.250.105.222 port 47076 [preauth]
Jun 25 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: Invalid user test1 from 45.153.34.235
Jun 25 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: input_userauth_request: invalid user test1 [preauth]
Jun 25 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: Failed password for invalid user test1 from 45.153.34.235 port 59782 ssh2
Jun 25 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: Connection closed by 45.153.34.235 port 59782 [preauth]
Jun 25 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Failed password for root from 45.153.34.235 port 59786 ssh2
Jun 25 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Connection closed by 45.153.34.235 port 59786 [preauth]
Jun 25 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Invalid user ftpuser from 45.153.34.235
Jun 25 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Failed password for invalid user ftpuser from 45.153.34.235 port 59806 ssh2
Jun 25 06:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1219]: Connection closed by 45.153.34.235 port 59806 [preauth]
Jun 25 06:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1236]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1302]: Successful su for rubyman by root
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1302]: + ??? root:rubyman
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588556 of user rubyman.
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1302]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588556.
Jun 25 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1222]: Failed password for root from 45.153.34.235 port 37898 ssh2
Jun 25 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1222]: Connection closed by 45.153.34.235 port 37898 [preauth]
Jun 25 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30643]: pam_unix(cron:session): session closed for user root
Jun 25 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Failed password for root from 45.153.34.235 port 37902 ssh2
Jun 25 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Connection closed by 45.153.34.235 port 37902 [preauth]
Jun 25 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1238]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1619]: Invalid user ftpuser1 from 45.153.34.235
Jun 25 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1619]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 25 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1619]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1619]: Failed password for invalid user ftpuser1 from 45.153.34.235 port 60214 ssh2
Jun 25 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1619]: Connection closed by 45.153.34.235 port 60214 [preauth]
Jun 25 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Invalid user alex from 45.153.34.235
Jun 25 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: input_userauth_request: invalid user alex [preauth]
Jun 25 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Failed password for invalid user alex from 45.153.34.235 port 60234 ssh2
Jun 25 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Connection closed by 45.153.34.235 port 60234 [preauth]
Jun 25 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: Invalid user odoo18 from 45.153.34.235
Jun 25 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: input_userauth_request: invalid user odoo18 [preauth]
Jun 25 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: Failed password for invalid user odoo18 from 45.153.34.235 port 60262 ssh2
Jun 25 06:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: Connection closed by 45.153.34.235 port 60262 [preauth]
Jun 25 06:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Invalid user minecraft from 45.153.34.235
Jun 25 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=root
Jun 25 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Failed password for invalid user minecraft from 45.153.34.235 port 57078 ssh2
Jun 25 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Connection closed by 45.153.34.235 port 57078 [preauth]
Jun 25 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Failed password for root from 79.110.201.164 port 60940 ssh2
Jun 25 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Received disconnect from 79.110.201.164 port 60940:11: Bye Bye [preauth]
Jun 25 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Disconnected from 79.110.201.164 port 60940 [preauth]
Jun 25 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: Invalid user redhat from 45.153.34.235
Jun 25 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: input_userauth_request: invalid user redhat [preauth]
Jun 25 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18  user=root
Jun 25 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: Failed password for invalid user redhat from 45.153.34.235 port 57088 ssh2
Jun 25 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1667]: Connection closed by 45.153.34.235 port 57088 [preauth]
Jun 25 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Failed password for root from 190.128.201.18 port 47170 ssh2
Jun 25 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Received disconnect from 190.128.201.18 port 47170:11: Bye Bye [preauth]
Jun 25 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Disconnected from 190.128.201.18 port 47170 [preauth]
Jun 25 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Invalid user bob from 45.153.34.235
Jun 25 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: input_userauth_request: invalid user bob [preauth]
Jun 25 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Failed password for invalid user bob from 45.153.34.235 port 57096 ssh2
Jun 25 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1679]: Connection closed by 45.153.34.235 port 57096 [preauth]
Jun 25 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Failed password for root from 45.153.34.235 port 37486 ssh2
Jun 25 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Connection closed by 45.153.34.235 port 37486 [preauth]
Jun 25 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: Invalid user admin from 45.153.34.235
Jun 25 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: Failed password for invalid user admin from 45.153.34.235 port 37488 ssh2
Jun 25 06:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: Connection closed by 45.153.34.235 port 37488 [preauth]
Jun 25 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Invalid user arthur from 45.153.34.235
Jun 25 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: input_userauth_request: invalid user arthur [preauth]
Jun 25 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32564]: pam_unix(cron:session): session closed for user root
Jun 25 06:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Failed password for invalid user arthur from 45.153.34.235 port 37504 ssh2
Jun 25 06:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Connection closed by 45.153.34.235 port 37504 [preauth]
Jun 25 06:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: Failed password for root from 45.153.34.235 port 37162 ssh2
Jun 25 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: Connection closed by 45.153.34.235 port 37162 [preauth]
Jun 25 06:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Invalid user openclaw from 45.153.34.235
Jun 25 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Failed password for invalid user openclaw from 45.153.34.235 port 37184 ssh2
Jun 25 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Connection closed by 45.153.34.235 port 37184 [preauth]
Jun 25 06:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: Invalid user steam from 45.153.34.235
Jun 25 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: input_userauth_request: invalid user steam [preauth]
Jun 25 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: Failed password for invalid user steam from 45.153.34.235 port 37208 ssh2
Jun 25 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1785]: Connection closed by 45.153.34.235 port 37208 [preauth]
Jun 25 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Invalid user jenkins from 45.153.34.235
Jun 25 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Failed password for invalid user jenkins from 45.153.34.235 port 46450 ssh2
Jun 25 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Connection closed by 45.153.34.235 port 46450 [preauth]
Jun 25 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: Failed password for invalid user ubuntu from 45.153.34.235 port 46452 ssh2
Jun 25 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: Connection closed by 45.153.34.235 port 46452 [preauth]
Jun 25 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221  user=root
Jun 25 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Failed password for invalid user ubuntu from 45.153.34.235 port 46466 ssh2
Jun 25 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1812]: Connection closed by 45.153.34.235 port 46466 [preauth]
Jun 25 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: Failed password for root from 143.110.247.221 port 34034 ssh2
Jun 25 06:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: Received disconnect from 143.110.247.221 port 34034:11: Bye Bye [preauth]
Jun 25 06:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: Disconnected from 143.110.247.221 port 34034 [preauth]
Jun 25 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Failed password for root from 45.153.34.235 port 41918 ssh2
Jun 25 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Connection closed by 45.153.34.235 port 41918 [preauth]
Jun 25 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Invalid user admin1 from 45.153.34.235
Jun 25 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1899]: Successful su for rubyman by root
Jun 25 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1899]: + ??? root:rubyman
Jun 25 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588560 of user rubyman.
Jun 25 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1899]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588560.
Jun 25 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Failed password for invalid user admin1 from 45.153.34.235 port 41934 ssh2
Jun 25 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Connection closed by 45.153.34.235 port 41934 [preauth]
Jun 25 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session closed for user root
Jun 25 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: Invalid user shoutcast from 45.165.14.197
Jun 25 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: input_userauth_request: invalid user shoutcast [preauth]
Jun 25 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: Failed password for root from 45.153.34.235 port 41942 ssh2
Jun 25 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: Connection closed by 45.153.34.235 port 41942 [preauth]
Jun 25 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: Failed password for invalid user shoutcast from 45.165.14.197 port 26094 ssh2
Jun 25 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: Received disconnect from 45.165.14.197 port 26094:11: Bye Bye [preauth]
Jun 25 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2115]: Disconnected from 45.165.14.197 port 26094 [preauth]
Jun 25 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: Invalid user test from 45.153.34.235
Jun 25 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: input_userauth_request: invalid user test [preauth]
Jun 25 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Connection closed by 45.148.10.121 port 44940 [preauth]
Jun 25 06:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: Failed password for invalid user test from 45.153.34.235 port 55740 ssh2
Jun 25 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: Connection closed by 45.153.34.235 port 55740 [preauth]
Jun 25 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Invalid user deploy from 45.153.34.235
Jun 25 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Failed password for invalid user deploy from 45.153.34.235 port 55750 ssh2
Jun 25 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Connection closed by 45.153.34.235 port 55750 [preauth]
Jun 25 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Invalid user user2 from 45.153.34.235
Jun 25 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: input_userauth_request: invalid user user2 [preauth]
Jun 25 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Failed password for invalid user user2 from 45.153.34.235 port 55758 ssh2
Jun 25 06:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Connection closed by 45.153.34.235 port 55758 [preauth]
Jun 25 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: Invalid user ftp1 from 186.96.158.180
Jun 25 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: input_userauth_request: invalid user ftp1 [preauth]
Jun 25 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Invalid user cloud from 45.153.34.235
Jun 25 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: input_userauth_request: invalid user cloud [preauth]
Jun 25 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: Failed password for invalid user ftp1 from 186.96.158.180 port 6040 ssh2
Jun 25 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Failed password for invalid user cloud from 45.153.34.235 port 34018 ssh2
Jun 25 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Connection closed by 45.153.34.235 port 34018 [preauth]
Jun 25 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: Invalid user neptune from 45.153.34.235
Jun 25 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: input_userauth_request: invalid user neptune [preauth]
Jun 25 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: Received disconnect from 186.96.158.180 port 6040:11: Bye Bye [preauth]
Jun 25 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: Disconnected from 186.96.158.180 port 6040 [preauth]
Jun 25 06:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: Failed password for invalid user neptune from 45.153.34.235 port 34030 ssh2
Jun 25 06:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: Connection closed by 45.153.34.235 port 34030 [preauth]
Jun 25 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2228]: Failed password for root from 45.153.34.235 port 34038 ssh2
Jun 25 06:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2228]: Connection closed by 45.153.34.235 port 34038 [preauth]
Jun 25 06:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: Failed password for root from 45.153.34.235 port 46326 ssh2
Jun 25 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: Connection closed by 45.153.34.235 port 46326 [preauth]
Jun 25 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Invalid user support from 45.153.34.235
Jun 25 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: input_userauth_request: invalid user support [preauth]
Jun 25 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[735]: pam_unix(cron:session): session closed for user root
Jun 25 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Failed password for invalid user support from 45.153.34.235 port 46340 ssh2
Jun 25 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Connection closed by 45.153.34.235 port 46340 [preauth]
Jun 25 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Invalid user osmc from 45.153.34.235
Jun 25 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: input_userauth_request: invalid user osmc [preauth]
Jun 25 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Failed password for invalid user osmc from 45.153.34.235 port 46356 ssh2
Jun 25 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Connection closed by 45.153.34.235 port 46356 [preauth]
Jun 25 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2284]: Failed password for root from 45.153.34.235 port 32786 ssh2
Jun 25 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2284]: Connection closed by 45.153.34.235 port 32786 [preauth]
Jun 25 06:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Invalid user parsa from 45.153.34.235
Jun 25 06:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: input_userauth_request: invalid user parsa [preauth]
Jun 25 06:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Failed password for invalid user parsa from 45.153.34.235 port 32794 ssh2
Jun 25 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Connection closed by 45.153.34.235 port 32794 [preauth]
Jun 25 06:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Invalid user www from 45.153.34.235
Jun 25 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: input_userauth_request: invalid user www [preauth]
Jun 25 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Failed password for invalid user www from 45.153.34.235 port 32798 ssh2
Jun 25 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Connection closed by 45.153.34.235 port 32798 [preauth]
Jun 25 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Invalid user ubuntu22 from 79.110.201.164
Jun 25 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: input_userauth_request: invalid user ubuntu22 [preauth]
Jun 25 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Failed password for invalid user ubuntu from 45.153.34.235 port 55692 ssh2
Jun 25 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Connection closed by 45.153.34.235 port 55692 [preauth]
Jun 25 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Failed password for invalid user ubuntu22 from 79.110.201.164 port 45274 ssh2
Jun 25 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Received disconnect from 79.110.201.164 port 45274:11: Bye Bye [preauth]
Jun 25 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Disconnected from 79.110.201.164 port 45274 [preauth]
Jun 25 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Invalid user admin from 45.153.34.235
Jun 25 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Failed password for invalid user admin from 45.153.34.235 port 55694 ssh2
Jun 25 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Connection closed by 45.153.34.235 port 55694 [preauth]
Jun 25 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2344]: Failed password for root from 45.153.34.235 port 55698 ssh2
Jun 25 06:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2344]: Connection closed by 45.153.34.235 port 55698 [preauth]
Jun 25 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Invalid user admin123 from 45.153.34.235
Jun 25 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: input_userauth_request: invalid user admin123 [preauth]
Jun 25 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2358]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Failed password for invalid user admin123 from 45.153.34.235 port 58608 ssh2
Jun 25 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2417]: Successful su for rubyman by root
Jun 25 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2417]: + ??? root:rubyman
Jun 25 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588565 of user rubyman.
Jun 25 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2417]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588565.
Jun 25 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Connection closed by 45.153.34.235 port 58608 [preauth]
Jun 25 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: Invalid user ossuser from 45.153.34.235
Jun 25 06:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: input_userauth_request: invalid user ossuser [preauth]
Jun 25 06:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31667]: pam_unix(cron:session): session closed for user root
Jun 25 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: Failed password for invalid user ossuser from 45.153.34.235 port 58614 ssh2
Jun 25 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: Connection closed by 45.153.34.235 port 58614 [preauth]
Jun 25 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2359]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: Failed password for root from 45.153.34.235 port 58628 ssh2
Jun 25 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2617]: Connection closed by 45.153.34.235 port 58628 [preauth]
Jun 25 06:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Invalid user minecraft from 45.153.34.235
Jun 25 06:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Failed password for invalid user minecraft from 45.153.34.235 port 48340 ssh2
Jun 25 06:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Connection closed by 45.153.34.235 port 48340 [preauth]
Jun 25 06:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: Failed password for root from 45.153.34.235 port 48342 ssh2
Jun 25 06:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: Connection closed by 45.153.34.235 port 48342 [preauth]
Jun 25 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2658]: User nobody from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2658]: input_userauth_request: invalid user nobody [preauth]
Jun 25 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=nobody
Jun 25 06:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2658]: Failed password for invalid user nobody from 45.153.34.235 port 48348 ssh2
Jun 25 06:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2658]: Connection closed by 45.153.34.235 port 48348 [preauth]
Jun 25 06:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Invalid user server from 45.153.34.235
Jun 25 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: input_userauth_request: invalid user server [preauth]
Jun 25 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Failed password for invalid user server from 45.153.34.235 port 43176 ssh2
Jun 25 06:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Connection closed by 45.153.34.235 port 43176 [preauth]
Jun 25 06:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Failed password for root from 45.153.34.235 port 43182 ssh2
Jun 25 06:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Connection closed by 45.153.34.235 port 43182 [preauth]
Jun 25 06:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Invalid user claude from 45.153.34.235
Jun 25 06:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: input_userauth_request: invalid user claude [preauth]
Jun 25 06:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Failed password for invalid user claude from 45.153.34.235 port 43198 ssh2
Jun 25 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Connection closed by 45.153.34.235 port 43198 [preauth]
Jun 25 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: Invalid user deploy from 45.153.34.235
Jun 25 06:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: Failed password for invalid user deploy from 45.153.34.235 port 56474 ssh2
Jun 25 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: Connection closed by 45.153.34.235 port 56474 [preauth]
Jun 25 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session closed for user root
Jun 25 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Invalid user root1 from 45.153.34.235
Jun 25 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: input_userauth_request: invalid user root1 [preauth]
Jun 25 06:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Failed password for invalid user root1 from 45.153.34.235 port 56480 ssh2
Jun 25 06:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Connection closed by 45.153.34.235 port 56480 [preauth]
Jun 25 06:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: Invalid user sonar from 45.153.34.235
Jun 25 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: input_userauth_request: invalid user sonar [preauth]
Jun 25 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: Failed password for invalid user sonar from 45.153.34.235 port 34062 ssh2
Jun 25 06:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2743]: Connection closed by 45.153.34.235 port 34062 [preauth]
Jun 25 06:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: Invalid user lighthouse from 45.153.34.235
Jun 25 06:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: input_userauth_request: invalid user lighthouse [preauth]
Jun 25 06:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: Failed password for invalid user lighthouse from 45.153.34.235 port 34078 ssh2
Jun 25 06:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2756]: Connection closed by 45.153.34.235 port 34078 [preauth]
Jun 25 06:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30169]: pam_unix(cron:session): session closed for user root
Jun 25 06:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2846]: Invalid user fastuser from 45.153.34.235
Jun 25 06:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2846]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 06:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2846]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2846]: Failed password for invalid user fastuser from 45.153.34.235 port 34092 ssh2
Jun 25 06:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2846]: Connection closed by 45.153.34.235 port 34092 [preauth]
Jun 25 06:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Invalid user user from 45.153.34.235
Jun 25 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: input_userauth_request: invalid user user [preauth]
Jun 25 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Failed password for invalid user user from 45.153.34.235 port 34328 ssh2
Jun 25 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Connection closed by 45.153.34.235 port 34328 [preauth]
Jun 25 06:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: Failed password for root from 45.153.34.235 port 34340 ssh2
Jun 25 06:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: Connection closed by 45.153.34.235 port 34340 [preauth]
Jun 25 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Invalid user developer from 45.153.34.235
Jun 25 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: input_userauth_request: invalid user developer [preauth]
Jun 25 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Failed password for invalid user developer from 45.153.34.235 port 34350 ssh2
Jun 25 06:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Connection closed by 45.153.34.235 port 34350 [preauth]
Jun 25 06:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2994]: Invalid user fred from 45.153.34.235
Jun 25 06:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2994]: input_userauth_request: invalid user fred [preauth]
Jun 25 06:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2994]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2994]: Failed password for invalid user fred from 45.153.34.235 port 58406 ssh2
Jun 25 06:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2994]: Connection closed by 45.153.34.235 port 58406 [preauth]
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session closed for user root
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3008]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3079]: Successful su for rubyman by root
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3079]: + ??? root:rubyman
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588573 of user rubyman.
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3079]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588573.
Jun 25 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: Failed password for root from 45.153.34.235 port 58420 ssh2
Jun 25 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Invalid user abhishek from 190.128.201.18
Jun 25 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: input_userauth_request: invalid user abhishek [preauth]
Jun 25 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: Connection closed by 45.153.34.235 port 58420 [preauth]
Jun 25 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3010]: pam_unix(cron:session): session closed for user root
Jun 25 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: Invalid user odoo17 from 45.153.34.235
Jun 25 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32121]: pam_unix(cron:session): session closed for user root
Jun 25 06:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Failed password for invalid user abhishek from 190.128.201.18 port 36848 ssh2
Jun 25 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Received disconnect from 190.128.201.18 port 36848:11: Bye Bye [preauth]
Jun 25 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Disconnected from 190.128.201.18 port 36848 [preauth]
Jun 25 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3009]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: Failed password for invalid user odoo17 from 45.153.34.235 port 58430 ssh2
Jun 25 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: Connection closed by 45.153.34.235 port 58430 [preauth]
Jun 25 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Invalid user web from 45.153.34.235
Jun 25 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: input_userauth_request: invalid user web [preauth]
Jun 25 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Failed password for invalid user web from 45.153.34.235 port 48882 ssh2
Jun 25 06:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Connection closed by 45.153.34.235 port 48882 [preauth]
Jun 25 06:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: Invalid user claude from 45.153.34.235
Jun 25 06:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: input_userauth_request: invalid user claude [preauth]
Jun 25 06:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: Failed password for invalid user claude from 45.153.34.235 port 48892 ssh2
Jun 25 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: Connection closed by 45.153.34.235 port 48892 [preauth]
Jun 25 06:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Failed password for root from 45.153.34.235 port 48894 ssh2
Jun 25 06:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: Invalid user servers from 45.165.14.197
Jun 25 06:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: input_userauth_request: invalid user servers [preauth]
Jun 25 06:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Connection closed by 45.153.34.235 port 48894 [preauth]
Jun 25 06:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Invalid user ranga from 45.153.34.235
Jun 25 06:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: input_userauth_request: invalid user ranga [preauth]
Jun 25 06:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: Failed password for invalid user servers from 45.165.14.197 port 61460 ssh2
Jun 25 06:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: Received disconnect from 45.165.14.197 port 61460:11: Bye Bye [preauth]
Jun 25 06:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: Disconnected from 45.165.14.197 port 61460 [preauth]
Jun 25 06:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Failed password for invalid user ranga from 45.153.34.235 port 46304 ssh2
Jun 25 06:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Connection closed by 45.153.34.235 port 46304 [preauth]
Jun 25 06:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: Invalid user developer from 45.153.34.235
Jun 25 06:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: input_userauth_request: invalid user developer [preauth]
Jun 25 06:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: Failed password for invalid user developer from 45.153.34.235 port 46318 ssh2
Jun 25 06:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: Connection closed by 45.153.34.235 port 46318 [preauth]
Jun 25 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: Failed password for root from 45.153.34.235 port 46336 ssh2
Jun 25 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3343]: Connection closed by 45.153.34.235 port 46336 [preauth]
Jun 25 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: User john from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: input_userauth_request: invalid user john [preauth]
Jun 25 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=john
Jun 25 06:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Failed password for invalid user john from 45.153.34.235 port 38982 ssh2
Jun 25 06:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Connection closed by 45.153.34.235 port 38982 [preauth]
Jun 25 06:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Invalid user francisco from 79.110.201.164
Jun 25 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: input_userauth_request: invalid user francisco [preauth]
Jun 25 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Failed password for invalid user francisco from 79.110.201.164 port 42406 ssh2
Jun 25 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Received disconnect from 79.110.201.164 port 42406:11: Bye Bye [preauth]
Jun 25 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Disconnected from 79.110.201.164 port 42406 [preauth]
Jun 25 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session closed for user root
Jun 25 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: Failed password for invalid user ubuntu from 45.153.34.235 port 38984 ssh2
Jun 25 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: Connection closed by 45.153.34.235 port 38984 [preauth]
Jun 25 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: Invalid user runner from 143.110.247.221
Jun 25 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: input_userauth_request: invalid user runner [preauth]
Jun 25 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.62  user=root
Jun 25 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: Failed password for invalid user runner from 143.110.247.221 port 45574 ssh2
Jun 25 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: Received disconnect from 143.110.247.221 port 45574:11: Bye Bye [preauth]
Jun 25 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3380]: Disconnected from 143.110.247.221 port 45574 [preauth]
Jun 25 06:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Failed password for root from 45.153.34.235 port 38996 ssh2
Jun 25 06:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Connection closed by 45.153.34.235 port 38996 [preauth]
Jun 25 06:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Invalid user myuser from 45.153.34.235
Jun 25 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: input_userauth_request: invalid user myuser [preauth]
Jun 25 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Failed password for root from 14.103.105.62 port 38546 ssh2
Jun 25 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Received disconnect from 14.103.105.62 port 38546:11: Bye Bye [preauth]
Jun 25 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Disconnected from 14.103.105.62 port 38546 [preauth]
Jun 25 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Failed password for invalid user myuser from 45.153.34.235 port 54714 ssh2
Jun 25 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Connection closed by 45.153.34.235 port 54714 [preauth]
Jun 25 06:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Failed password for root from 45.153.34.235 port 54720 ssh2
Jun 25 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Connection closed by 45.153.34.235 port 54720 [preauth]
Jun 25 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Invalid user ivan from 45.153.34.235
Jun 25 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: input_userauth_request: invalid user ivan [preauth]
Jun 25 06:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Failed password for invalid user ivan from 45.153.34.235 port 54736 ssh2
Jun 25 06:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Connection closed by 45.153.34.235 port 54736 [preauth]
Jun 25 06:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Failed password for root from 45.153.34.235 port 60738 ssh2
Jun 25 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Connection closed by 45.153.34.235 port 60738 [preauth]
Jun 25 06:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Invalid user ai from 45.153.34.235
Jun 25 06:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: input_userauth_request: invalid user ai [preauth]
Jun 25 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Failed password for invalid user ai from 45.153.34.235 port 60758 ssh2
Jun 25 06:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Connection closed by 45.153.34.235 port 60758 [preauth]
Jun 25 06:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: Invalid user adminuser from 45.153.34.235
Jun 25 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: input_userauth_request: invalid user adminuser [preauth]
Jun 25 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: Failed password for invalid user adminuser from 45.153.34.235 port 60788 ssh2
Jun 25 06:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: Connection closed by 45.153.34.235 port 60788 [preauth]
Jun 25 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: Invalid user app from 45.153.34.235
Jun 25 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: input_userauth_request: invalid user app [preauth]
Jun 25 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: Failed password for invalid user app from 45.153.34.235 port 50074 ssh2
Jun 25 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: Connection closed by 45.153.34.235 port 50074 [preauth]
Jun 25 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3482]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3556]: Successful su for rubyman by root
Jun 25 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3556]: + ??? root:rubyman
Jun 25 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588575 of user rubyman.
Jun 25 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3556]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588575.
Jun 25 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3479]: Failed password for root from 45.153.34.235 port 50082 ssh2
Jun 25 06:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3479]: Connection closed by 45.153.34.235 port 50082 [preauth]
Jun 25 06:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32563]: pam_unix(cron:session): session closed for user root
Jun 25 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Invalid user rajvir from 45.153.34.235
Jun 25 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: input_userauth_request: invalid user rajvir [preauth]
Jun 25 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3483]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Failed password for invalid user rajvir from 45.153.34.235 port 50098 ssh2
Jun 25 06:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Connection closed by 45.153.34.235 port 50098 [preauth]
Jun 25 06:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3838]: Invalid user steam from 45.153.34.235
Jun 25 06:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3838]: input_userauth_request: invalid user steam [preauth]
Jun 25 06:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3838]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Invalid user admin from 2.57.121.25
Jun 25 06:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 06:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3838]: Failed password for invalid user steam from 45.153.34.235 port 38248 ssh2
Jun 25 06:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3838]: Connection closed by 45.153.34.235 port 38248 [preauth]
Jun 25 06:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: Invalid user amin from 45.153.34.235
Jun 25 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: input_userauth_request: invalid user amin [preauth]
Jun 25 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Failed password for invalid user admin from 2.57.121.25 port 30408 ssh2
Jun 25 06:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: Failed password for invalid user amin from 45.153.34.235 port 38258 ssh2
Jun 25 06:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3851]: Connection closed by 45.153.34.235 port 38258 [preauth]
Jun 25 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Failed password for invalid user admin from 2.57.121.25 port 30408 ssh2
Jun 25 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: Invalid user onkar from 45.153.34.235
Jun 25 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: input_userauth_request: invalid user onkar [preauth]
Jun 25 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Failed password for invalid user admin from 2.57.121.25 port 30408 ssh2
Jun 25 06:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Connection closed by 2.57.121.25 port 30408 [preauth]
Jun 25 06:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 06:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: Failed password for invalid user onkar from 45.153.34.235 port 38268 ssh2
Jun 25 06:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: Connection closed by 45.153.34.235 port 38268 [preauth]
Jun 25 06:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: Failed password for root from 45.153.34.235 port 56624 ssh2
Jun 25 06:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3924]: Connection closed by 45.153.34.235 port 56624 [preauth]
Jun 25 06:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Invalid user pi from 45.153.34.235
Jun 25 06:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: input_userauth_request: invalid user pi [preauth]
Jun 25 06:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Failed password for invalid user pi from 45.153.34.235 port 56630 ssh2
Jun 25 06:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Connection closed by 45.153.34.235 port 56630 [preauth]
Jun 25 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: Invalid user bot from 45.153.34.235
Jun 25 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: input_userauth_request: invalid user bot [preauth]
Jun 25 06:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: Failed password for invalid user bot from 45.153.34.235 port 56640 ssh2
Jun 25 06:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3956]: Connection closed by 45.153.34.235 port 56640 [preauth]
Jun 25 06:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: Invalid user gabriel from 45.153.34.235
Jun 25 06:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 06:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: Failed password for invalid user gabriel from 45.153.34.235 port 46718 ssh2
Jun 25 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: Connection closed by 45.153.34.235 port 46718 [preauth]
Jun 25 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2361]: pam_unix(cron:session): session closed for user root
Jun 25 06:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: Failed password for root from 45.153.34.235 port 46728 ssh2
Jun 25 06:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3991]: Connection closed by 45.153.34.235 port 46728 [preauth]
Jun 25 06:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4036]: Failed password for root from 45.153.34.235 port 46738 ssh2
Jun 25 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4036]: Connection closed by 45.153.34.235 port 46738 [preauth]
Jun 25 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Failed password for root from 45.153.34.235 port 34338 ssh2
Jun 25 06:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Connection closed by 45.153.34.235 port 34338 [preauth]
Jun 25 06:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Invalid user student from 45.153.34.235
Jun 25 06:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: input_userauth_request: invalid user student [preauth]
Jun 25 06:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Failed password for invalid user student from 45.153.34.235 port 34346 ssh2
Jun 25 06:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Connection closed by 45.153.34.235 port 34346 [preauth]
Jun 25 06:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Invalid user user10 from 45.153.34.235
Jun 25 06:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: input_userauth_request: invalid user user10 [preauth]
Jun 25 06:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Failed password for invalid user user10 from 45.153.34.235 port 34354 ssh2
Jun 25 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Connection closed by 45.153.34.235 port 34354 [preauth]
Jun 25 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Invalid user teamspeak from 45.153.34.235
Jun 25 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Failed password for invalid user teamspeak from 45.153.34.235 port 39702 ssh2
Jun 25 06:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Connection closed by 45.153.34.235 port 39702 [preauth]
Jun 25 06:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: Invalid user dev from 45.153.34.235
Jun 25 06:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: input_userauth_request: invalid user dev [preauth]
Jun 25 06:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.105.62  user=root
Jun 25 06:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: Failed password for invalid user dev from 45.153.34.235 port 39718 ssh2
Jun 25 06:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: Connection closed by 45.153.34.235 port 39718 [preauth]
Jun 25 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Invalid user devops from 45.153.34.235
Jun 25 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: input_userauth_request: invalid user devops [preauth]
Jun 25 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: Failed password for root from 14.103.105.62 port 48606 ssh2
Jun 25 06:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: Received disconnect from 14.103.105.62 port 48606:11: Bye Bye [preauth]
Jun 25 06:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: Disconnected from 14.103.105.62 port 48606 [preauth]
Jun 25 06:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Failed password for invalid user devops from 45.153.34.235 port 39730 ssh2
Jun 25 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Connection closed by 45.153.34.235 port 39730 [preauth]
Jun 25 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: Invalid user rocky from 45.153.34.235
Jun 25 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: input_userauth_request: invalid user rocky [preauth]
Jun 25 06:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4122]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: Failed password for invalid user rocky from 45.153.34.235 port 60420 ssh2
Jun 25 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4188]: Successful su for rubyman by root
Jun 25 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4188]: + ??? root:rubyman
Jun 25 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588580 of user rubyman.
Jun 25 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4188]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588580.
Jun 25 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: Connection closed by 45.153.34.235 port 60420 [preauth]
Jun 25 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: Invalid user odoo14 from 45.153.34.235
Jun 25 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: input_userauth_request: invalid user odoo14 [preauth]
Jun 25 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[734]: pam_unix(cron:session): session closed for user root
Jun 25 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: Failed password for invalid user odoo14 from 45.153.34.235 port 60422 ssh2
Jun 25 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: Connection closed by 45.153.34.235 port 60422 [preauth]
Jun 25 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4123]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: Invalid user aiuser from 45.153.34.235
Jun 25 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: input_userauth_request: invalid user aiuser [preauth]
Jun 25 06:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: Failed password for invalid user aiuser from 45.153.34.235 port 48116 ssh2
Jun 25 06:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: Connection closed by 45.153.34.235 port 48116 [preauth]
Jun 25 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Invalid user minecraft from 45.153.34.235
Jun 25 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Failed password for invalid user minecraft from 45.153.34.235 port 48128 ssh2
Jun 25 06:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Connection closed by 45.153.34.235 port 48128 [preauth]
Jun 25 06:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: Invalid user runner from 45.153.34.235
Jun 25 06:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: input_userauth_request: invalid user runner [preauth]
Jun 25 06:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Invalid user gast from 79.110.201.164
Jun 25 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: input_userauth_request: invalid user gast [preauth]
Jun 25 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: Failed password for invalid user runner from 45.153.34.235 port 48140 ssh2
Jun 25 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: Connection closed by 45.153.34.235 port 48140 [preauth]
Jun 25 06:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Invalid user nvidia from 45.153.34.235
Jun 25 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: input_userauth_request: invalid user nvidia [preauth]
Jun 25 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Failed password for invalid user gast from 79.110.201.164 port 56394 ssh2
Jun 25 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Received disconnect from 79.110.201.164 port 56394:11: Bye Bye [preauth]
Jun 25 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Disconnected from 79.110.201.164 port 56394 [preauth]
Jun 25 06:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Failed password for invalid user nvidia from 45.153.34.235 port 50316 ssh2
Jun 25 06:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Connection closed by 45.153.34.235 port 50316 [preauth]
Jun 25 06:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: Invalid user dev from 45.153.34.235
Jun 25 06:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: input_userauth_request: invalid user dev [preauth]
Jun 25 06:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: Failed password for invalid user dev from 45.153.34.235 port 50320 ssh2
Jun 25 06:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: Connection closed by 45.153.34.235 port 50320 [preauth]
Jun 25 06:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: Invalid user guest from 45.153.34.235
Jun 25 06:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: input_userauth_request: invalid user guest [preauth]
Jun 25 06:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: Failed password for invalid user guest from 45.153.34.235 port 50336 ssh2
Jun 25 06:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: Connection closed by 45.153.34.235 port 50336 [preauth]
Jun 25 06:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4458]: Invalid user ai from 45.153.34.235
Jun 25 06:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4458]: input_userauth_request: invalid user ai [preauth]
Jun 25 06:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4458]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Invalid user abhishek from 45.165.14.197
Jun 25 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: input_userauth_request: invalid user abhishek [preauth]
Jun 25 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4458]: Failed password for invalid user ai from 45.153.34.235 port 35808 ssh2
Jun 25 06:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4458]: Connection closed by 45.153.34.235 port 35808 [preauth]
Jun 25 06:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Failed password for invalid user abhishek from 45.165.14.197 port 33795 ssh2
Jun 25 06:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Invalid user guest from 45.153.34.235
Jun 25 06:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: input_userauth_request: invalid user guest [preauth]
Jun 25 06:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Received disconnect from 45.165.14.197 port 33795:11: Bye Bye [preauth]
Jun 25 06:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Disconnected from 45.165.14.197 port 33795 [preauth]
Jun 25 06:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session closed for user root
Jun 25 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Failed password for invalid user guest from 45.153.34.235 port 35814 ssh2
Jun 25 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Connection closed by 45.153.34.235 port 35814 [preauth]
Jun 25 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Invalid user tester from 45.153.34.235
Jun 25 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: input_userauth_request: invalid user tester [preauth]
Jun 25 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for invalid user tester from 45.153.34.235 port 35816 ssh2
Jun 25 06:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Connection closed by 45.153.34.235 port 35816 [preauth]
Jun 25 06:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: Invalid user data from 45.153.34.235
Jun 25 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: input_userauth_request: invalid user data [preauth]
Jun 25 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18  user=root
Jun 25 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: Failed password for invalid user data from 45.153.34.235 port 36874 ssh2
Jun 25 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4505]: Connection closed by 45.153.34.235 port 36874 [preauth]
Jun 25 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: Invalid user jack from 45.153.34.235
Jun 25 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: input_userauth_request: invalid user jack [preauth]
Jun 25 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Failed password for root from 190.128.201.18 port 50550 ssh2
Jun 25 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Received disconnect from 190.128.201.18 port 50550:11: Bye Bye [preauth]
Jun 25 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Disconnected from 190.128.201.18 port 50550 [preauth]
Jun 25 06:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: Failed password for invalid user jack from 45.153.34.235 port 36896 ssh2
Jun 25 06:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4517]: Connection closed by 45.153.34.235 port 36896 [preauth]
Jun 25 06:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Invalid user webuser from 45.153.34.235
Jun 25 06:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: input_userauth_request: invalid user webuser [preauth]
Jun 25 06:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Failed password for invalid user webuser from 45.153.34.235 port 36916 ssh2
Jun 25 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Connection closed by 45.153.34.235 port 36916 [preauth]
Jun 25 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Invalid user administrator from 45.153.34.235
Jun 25 06:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: input_userauth_request: invalid user administrator [preauth]
Jun 25 06:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Failed password for invalid user administrator from 45.153.34.235 port 60642 ssh2
Jun 25 06:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Connection closed by 45.153.34.235 port 60642 [preauth]
Jun 25 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Failed password for root from 45.153.34.235 port 60662 ssh2
Jun 25 06:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Connection closed by 45.153.34.235 port 60662 [preauth]
Jun 25 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: Invalid user operator from 45.153.34.235
Jun 25 06:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: input_userauth_request: invalid user operator [preauth]
Jun 25 06:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: Failed password for invalid user operator from 45.153.34.235 port 60684 ssh2
Jun 25 06:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: Connection closed by 45.153.34.235 port 60684 [preauth]
Jun 25 06:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: Invalid user admin1 from 45.153.34.235
Jun 25 06:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 06:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: Failed password for invalid user admin1 from 45.153.34.235 port 54104 ssh2
Jun 25 06:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: Connection closed by 45.153.34.235 port 54104 [preauth]
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4576]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4640]: Successful su for rubyman by root
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4640]: + ??? root:rubyman
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588582 of user rubyman.
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4640]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588582.
Jun 25 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session closed for user root
Jun 25 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Failed password for root from 45.153.34.235 port 54134 ssh2
Jun 25 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Connection closed by 45.153.34.235 port 54134 [preauth]
Jun 25 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: Invalid user debian from 45.153.34.235
Jun 25 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: input_userauth_request: invalid user debian [preauth]
Jun 25 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4577]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: Failed password for invalid user debian from 45.153.34.235 port 54166 ssh2
Jun 25 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: Connection closed by 45.153.34.235 port 54166 [preauth]
Jun 25 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Invalid user deployer from 45.153.34.235
Jun 25 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: input_userauth_request: invalid user deployer [preauth]
Jun 25 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Invalid user abhishek from 143.110.247.221
Jun 25 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: input_userauth_request: invalid user abhishek [preauth]
Jun 25 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Failed password for invalid user deployer from 45.153.34.235 port 47070 ssh2
Jun 25 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Failed password for invalid user abhishek from 143.110.247.221 port 57216 ssh2
Jun 25 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Connection closed by 45.153.34.235 port 47070 [preauth]
Jun 25 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Received disconnect from 143.110.247.221 port 57216:11: Bye Bye [preauth]
Jun 25 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Disconnected from 143.110.247.221 port 57216 [preauth]
Jun 25 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: Invalid user runner from 45.153.34.235
Jun 25 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: input_userauth_request: invalid user runner [preauth]
Jun 25 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: Failed password for invalid user runner from 45.153.34.235 port 47074 ssh2
Jun 25 06:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: Connection closed by 45.153.34.235 port 47074 [preauth]
Jun 25 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: Invalid user ftpuser from 45.153.34.235
Jun 25 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: Failed password for invalid user ftpuser from 45.153.34.235 port 47086 ssh2
Jun 25 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: Connection closed by 45.153.34.235 port 47086 [preauth]
Jun 25 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4993]: Failed password for root from 45.153.34.235 port 50892 ssh2
Jun 25 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4993]: Connection closed by 45.153.34.235 port 50892 [preauth]
Jun 25 06:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Failed password for root from 45.153.34.235 port 50912 ssh2
Jun 25 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Connection closed by 45.153.34.235 port 50912 [preauth]
Jun 25 06:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: Failed password for root from 45.153.34.235 port 50932 ssh2
Jun 25 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: Connection closed by 45.153.34.235 port 50932 [preauth]
Jun 25 06:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Invalid user cw from 45.153.34.235
Jun 25 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: input_userauth_request: invalid user cw [preauth]
Jun 25 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Failed password for invalid user cw from 45.153.34.235 port 56842 ssh2
Jun 25 06:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Connection closed by 45.153.34.235 port 56842 [preauth]
Jun 25 06:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3485]: pam_unix(cron:session): session closed for user root
Jun 25 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Invalid user bot from 45.153.34.235
Jun 25 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: input_userauth_request: invalid user bot [preauth]
Jun 25 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: Failed password for root from 141.98.83.240 port 56792 ssh2
Jun 25 06:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Failed password for invalid user bot from 45.153.34.235 port 56844 ssh2
Jun 25 06:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Connection closed by 45.153.34.235 port 56844 [preauth]
Jun 25 06:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: Failed password for root from 141.98.83.240 port 56792 ssh2
Jun 25 06:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Failed password for root from 45.153.34.235 port 33174 ssh2
Jun 25 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Connection closed by 45.153.34.235 port 33174 [preauth]
Jun 25 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: Failed password for root from 141.98.83.240 port 56792 ssh2
Jun 25 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: Connection closed by 141.98.83.240 port 56792 [preauth]
Jun 25 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Failed password for invalid user ubuntu from 45.153.34.235 port 33184 ssh2
Jun 25 06:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Connection closed by 45.153.34.235 port 33184 [preauth]
Jun 25 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: Failed password for root from 45.153.34.235 port 33196 ssh2
Jun 25 06:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5073]: Connection closed by 45.153.34.235 port 33196 [preauth]
Jun 25 06:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Invalid user zabbix from 45.153.34.235
Jun 25 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: input_userauth_request: invalid user zabbix [preauth]
Jun 25 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Failed password for invalid user zabbix from 45.153.34.235 port 36086 ssh2
Jun 25 06:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Connection closed by 45.153.34.235 port 36086 [preauth]
Jun 25 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=root
Jun 25 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Invalid user odoo from 45.153.34.235
Jun 25 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: input_userauth_request: invalid user odoo [preauth]
Jun 25 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Failed password for root from 79.110.201.164 port 43748 ssh2
Jun 25 06:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Received disconnect from 79.110.201.164 port 43748:11: Bye Bye [preauth]
Jun 25 06:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Disconnected from 79.110.201.164 port 43748 [preauth]
Jun 25 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Failed password for invalid user odoo from 45.153.34.235 port 36098 ssh2
Jun 25 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Connection closed by 45.153.34.235 port 36098 [preauth]
Jun 25 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5110]: Failed password for root from 45.153.34.235 port 36106 ssh2
Jun 25 06:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5110]: Connection closed by 45.153.34.235 port 36106 [preauth]
Jun 25 06:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: Invalid user fastuser from 45.153.34.235
Jun 25 06:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 06:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: Failed password for invalid user fastuser from 45.153.34.235 port 33946 ssh2
Jun 25 06:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: Connection closed by 45.153.34.235 port 33946 [preauth]
Jun 25 06:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5135]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5263]: Successful su for rubyman by root
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5263]: + ??? root:rubyman
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588586 of user rubyman.
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5263]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588586.
Jun 25 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5133]: pam_unix(cron:session): session closed for user root
Jun 25 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: Failed password for root from 45.153.34.235 port 33970 ssh2
Jun 25 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: Connection closed by 45.153.34.235 port 33970 [preauth]
Jun 25 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: Invalid user portal from 45.153.34.235
Jun 25 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: input_userauth_request: invalid user portal [preauth]
Jun 25 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1831]: pam_unix(cron:session): session closed for user root
Jun 25 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: Failed password for invalid user portal from 45.153.34.235 port 33986 ssh2
Jun 25 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: Connection closed by 45.153.34.235 port 33986 [preauth]
Jun 25 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5136]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: Invalid user admin from 45.153.34.235
Jun 25 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: Failed password for invalid user admin from 45.153.34.235 port 37262 ssh2
Jun 25 06:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5490]: Connection closed by 45.153.34.235 port 37262 [preauth]
Jun 25 06:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Invalid user angel from 45.153.34.235
Jun 25 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: input_userauth_request: invalid user angel [preauth]
Jun 25 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Failed password for invalid user angel from 45.153.34.235 port 37268 ssh2
Jun 25 06:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Connection closed by 45.153.34.235 port 37268 [preauth]
Jun 25 06:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: Invalid user deploy from 45.153.34.235
Jun 25 06:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: Failed password for invalid user deploy from 45.153.34.235 port 37274 ssh2
Jun 25 06:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: Connection closed by 45.153.34.235 port 37274 [preauth]
Jun 25 06:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: Invalid user rdpuser from 45.153.34.235
Jun 25 06:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 06:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: Failed password for invalid user rdpuser from 45.153.34.235 port 36478 ssh2
Jun 25 06:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: Connection closed by 45.153.34.235 port 36478 [preauth]
Jun 25 06:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Invalid user dev from 45.153.34.235
Jun 25 06:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: input_userauth_request: invalid user dev [preauth]
Jun 25 06:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Failed password for invalid user dev from 45.153.34.235 port 36496 ssh2
Jun 25 06:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Connection closed by 45.153.34.235 port 36496 [preauth]
Jun 25 06:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Invalid user fastuser from 45.153.34.235
Jun 25 06:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 06:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Failed password for invalid user fastuser from 45.153.34.235 port 36510 ssh2
Jun 25 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5550]: Connection closed by 45.153.34.235 port 36510 [preauth]
Jun 25 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Invalid user ai from 45.153.34.235
Jun 25 06:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: input_userauth_request: invalid user ai [preauth]
Jun 25 06:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Failed password for invalid user ai from 45.153.34.235 port 43412 ssh2
Jun 25 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Connection closed by 45.153.34.235 port 43412 [preauth]
Jun 25 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Invalid user main from 45.153.34.235
Jun 25 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: input_userauth_request: invalid user main [preauth]
Jun 25 06:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Failed password for invalid user main from 45.153.34.235 port 43414 ssh2
Jun 25 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5564]: Connection closed by 45.153.34.235 port 43414 [preauth]
Jun 25 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4125]: pam_unix(cron:session): session closed for user root
Jun 25 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Invalid user deploy from 45.153.34.235
Jun 25 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: Invalid user roberto from 45.165.14.197
Jun 25 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: input_userauth_request: invalid user roberto [preauth]
Jun 25 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Failed password for invalid user deploy from 45.153.34.235 port 43428 ssh2
Jun 25 06:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Connection closed by 45.153.34.235 port 43428 [preauth]
Jun 25 06:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: Failed password for invalid user roberto from 45.165.14.197 port 1526 ssh2
Jun 25 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: Received disconnect from 45.165.14.197 port 1526:11: Bye Bye [preauth]
Jun 25 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: Disconnected from 45.165.14.197 port 1526 [preauth]
Jun 25 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5607]: Failed password for root from 45.153.34.235 port 35410 ssh2
Jun 25 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5607]: Connection closed by 45.153.34.235 port 35410 [preauth]
Jun 25 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Invalid user hadoop from 45.153.34.235
Jun 25 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Failed password for invalid user hadoop from 45.153.34.235 port 35412 ssh2
Jun 25 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Connection closed by 45.153.34.235 port 35412 [preauth]
Jun 25 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Invalid user media from 45.153.34.235
Jun 25 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: input_userauth_request: invalid user media [preauth]
Jun 25 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Failed password for invalid user media from 45.153.34.235 port 35420 ssh2
Jun 25 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Connection closed by 45.153.34.235 port 35420 [preauth]
Jun 25 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: Invalid user test from 45.153.34.235
Jun 25 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: input_userauth_request: invalid user test [preauth]
Jun 25 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: Failed password for invalid user test from 45.153.34.235 port 47170 ssh2
Jun 25 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: Connection closed by 45.153.34.235 port 47170 [preauth]
Jun 25 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Failed password for root from 45.153.34.235 port 47182 ssh2
Jun 25 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5644]: Connection closed by 45.153.34.235 port 47182 [preauth]
Jun 25 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Invalid user mcserver from 45.153.34.235
Jun 25 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: input_userauth_request: invalid user mcserver [preauth]
Jun 25 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Failed password for invalid user mcserver from 45.153.34.235 port 47186 ssh2
Jun 25 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Connection closed by 45.153.34.235 port 47186 [preauth]
Jun 25 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: Invalid user monitor from 45.153.34.235
Jun 25 06:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: input_userauth_request: invalid user monitor [preauth]
Jun 25 06:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: Failed password for invalid user monitor from 45.153.34.235 port 51806 ssh2
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: Connection closed by 45.153.34.235 port 51806 [preauth]
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session closed for user root
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5735]: Successful su for rubyman by root
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5735]: + ??? root:rubyman
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588592 of user rubyman.
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5735]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588592.
Jun 25 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5671]: pam_unix(cron:session): session closed for user root
Jun 25 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: Failed password for root from 45.153.34.235 port 51818 ssh2
Jun 25 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2360]: pam_unix(cron:session): session closed for user root
Jun 25 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: Connection closed by 45.153.34.235 port 51818 [preauth]
Jun 25 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: Invalid user home from 45.153.34.235
Jun 25 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: input_userauth_request: invalid user home [preauth]
Jun 25 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5670]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: Failed password for invalid user home from 45.153.34.235 port 51826 ssh2
Jun 25 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5922]: Connection closed by 45.153.34.235 port 51826 [preauth]
Jun 25 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: Invalid user user from 45.153.34.235
Jun 25 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: input_userauth_request: invalid user user [preauth]
Jun 25 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: Failed password for invalid user user from 45.153.34.235 port 60026 ssh2
Jun 25 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: Connection closed by 45.153.34.235 port 60026 [preauth]
Jun 25 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Invalid user grid from 45.153.34.235
Jun 25 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: input_userauth_request: invalid user grid [preauth]
Jun 25 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Invalid user yoyo from 190.128.201.18
Jun 25 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: input_userauth_request: invalid user yoyo [preauth]
Jun 25 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Failed password for invalid user grid from 45.153.34.235 port 60032 ssh2
Jun 25 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Connection closed by 45.153.34.235 port 60032 [preauth]
Jun 25 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Failed password for invalid user yoyo from 190.128.201.18 port 49196 ssh2
Jun 25 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Invalid user default from 45.153.34.235
Jun 25 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: input_userauth_request: invalid user default [preauth]
Jun 25 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Received disconnect from 190.128.201.18 port 49196:11: Bye Bye [preauth]
Jun 25 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Disconnected from 190.128.201.18 port 49196 [preauth]
Jun 25 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Failed password for invalid user default from 45.153.34.235 port 60048 ssh2
Jun 25 06:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Connection closed by 45.153.34.235 port 60048 [preauth]
Jun 25 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: Invalid user claude from 45.153.34.235
Jun 25 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: input_userauth_request: invalid user claude [preauth]
Jun 25 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Invalid user postgres from 79.110.201.164
Jun 25 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: input_userauth_request: invalid user postgres [preauth]
Jun 25 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: Failed password for invalid user claude from 45.153.34.235 port 53238 ssh2
Jun 25 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: Connection closed by 45.153.34.235 port 53238 [preauth]
Jun 25 06:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Invalid user admin from 45.153.34.235
Jun 25 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Failed password for invalid user postgres from 79.110.201.164 port 53090 ssh2
Jun 25 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Received disconnect from 79.110.201.164 port 53090:11: Bye Bye [preauth]
Jun 25 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: Disconnected from 79.110.201.164 port 53090 [preauth]
Jun 25 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Failed password for invalid user admin from 45.153.34.235 port 53242 ssh2
Jun 25 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5997]: Connection closed by 45.153.34.235 port 53242 [preauth]
Jun 25 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: Failed password for root from 45.153.34.235 port 53250 ssh2
Jun 25 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: Connection closed by 45.153.34.235 port 53250 [preauth]
Jun 25 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Invalid user labuser from 45.153.34.235
Jun 25 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: input_userauth_request: invalid user labuser [preauth]
Jun 25 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Failed password for invalid user labuser from 45.153.34.235 port 43650 ssh2
Jun 25 06:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Connection closed by 45.153.34.235 port 43650 [preauth]
Jun 25 06:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Invalid user ai from 45.153.34.235
Jun 25 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: input_userauth_request: invalid user ai [preauth]
Jun 25 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4579]: pam_unix(cron:session): session closed for user root
Jun 25 06:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Failed password for invalid user ai from 45.153.34.235 port 43664 ssh2
Jun 25 06:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Connection closed by 45.153.34.235 port 43664 [preauth]
Jun 25 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Invalid user jellyfin from 45.153.34.235
Jun 25 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Failed password for invalid user jellyfin from 45.153.34.235 port 43672 ssh2
Jun 25 06:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Connection closed by 45.153.34.235 port 43672 [preauth]
Jun 25 06:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6070]: Failed password for root from 45.153.34.235 port 41100 ssh2
Jun 25 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6070]: Connection closed by 45.153.34.235 port 41100 [preauth]
Jun 25 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6080]: Invalid user demo from 45.153.34.235
Jun 25 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6080]: input_userauth_request: invalid user demo [preauth]
Jun 25 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6080]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6080]: Failed password for invalid user demo from 45.153.34.235 port 41108 ssh2
Jun 25 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6080]: Connection closed by 45.153.34.235 port 41108 [preauth]
Jun 25 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Invalid user ftp1 from 143.110.247.221
Jun 25 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: input_userauth_request: invalid user ftp1 [preauth]
Jun 25 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Failed password for root from 45.153.34.235 port 55902 ssh2
Jun 25 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Failed password for invalid user ftp1 from 143.110.247.221 port 55830 ssh2
Jun 25 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Connection closed by 45.153.34.235 port 55902 [preauth]
Jun 25 06:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Received disconnect from 143.110.247.221 port 55830:11: Bye Bye [preauth]
Jun 25 06:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Disconnected from 143.110.247.221 port 55830 [preauth]
Jun 25 06:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: Invalid user tester from 45.153.34.235
Jun 25 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: input_userauth_request: invalid user tester [preauth]
Jun 25 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: Invalid user abbas from 186.96.158.180
Jun 25 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: input_userauth_request: invalid user abbas [preauth]
Jun 25 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: Failed password for invalid user tester from 45.153.34.235 port 55918 ssh2
Jun 25 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: Connection closed by 45.153.34.235 port 55918 [preauth]
Jun 25 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: Failed password for invalid user abbas from 186.96.158.180 port 37538 ssh2
Jun 25 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Invalid user tom from 45.153.34.235
Jun 25 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: input_userauth_request: invalid user tom [preauth]
Jun 25 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: Received disconnect from 186.96.158.180 port 37538:11: Bye Bye [preauth]
Jun 25 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: Disconnected from 186.96.158.180 port 37538 [preauth]
Jun 25 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Failed password for invalid user tom from 45.153.34.235 port 55934 ssh2
Jun 25 06:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Connection closed by 45.153.34.235 port 55934 [preauth]
Jun 25 06:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Invalid user teamspeak from 45.153.34.235
Jun 25 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Failed password for invalid user teamspeak from 45.153.34.235 port 41332 ssh2
Jun 25 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Connection closed by 45.153.34.235 port 41332 [preauth]
Jun 25 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: Invalid user debian from 45.153.34.235
Jun 25 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: input_userauth_request: invalid user debian [preauth]
Jun 25 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6209]: Successful su for rubyman by root
Jun 25 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6209]: + ??? root:rubyman
Jun 25 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588597 of user rubyman.
Jun 25 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6209]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588597.
Jun 25 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: Failed password for invalid user debian from 45.153.34.235 port 41344 ssh2
Jun 25 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: Connection closed by 45.153.34.235 port 41344 [preauth]
Jun 25 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3012]: pam_unix(cron:session): session closed for user root
Jun 25 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Failed password for invalid user ubuntu from 45.153.34.235 port 41360 ssh2
Jun 25 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Connection closed by 45.153.34.235 port 41360 [preauth]
Jun 25 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Invalid user user from 45.153.34.235
Jun 25 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: input_userauth_request: invalid user user [preauth]
Jun 25 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Failed password for invalid user user from 45.153.34.235 port 48630 ssh2
Jun 25 06:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Connection closed by 45.153.34.235 port 48630 [preauth]
Jun 25 06:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: Failed password for root from 45.153.34.235 port 48636 ssh2
Jun 25 06:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6404]: Connection closed by 45.153.34.235 port 48636 [preauth]
Jun 25 06:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Invalid user drcomadmin from 45.153.34.235
Jun 25 06:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 25 06:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Failed password for invalid user drcomadmin from 45.153.34.235 port 48648 ssh2
Jun 25 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Connection closed by 45.153.34.235 port 48648 [preauth]
Jun 25 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Invalid user rocky from 45.153.34.235
Jun 25 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: input_userauth_request: invalid user rocky [preauth]
Jun 25 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Failed password for invalid user rocky from 45.153.34.235 port 60336 ssh2
Jun 25 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Connection closed by 45.153.34.235 port 60336 [preauth]
Jun 25 06:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6439]: Failed password for root from 45.153.34.235 port 60360 ssh2
Jun 25 06:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6439]: Connection closed by 45.153.34.235 port 60360 [preauth]
Jun 25 06:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Invalid user teamspeak from 45.153.34.235
Jun 25 06:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 06:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Failed password for invalid user teamspeak from 45.153.34.235 port 60376 ssh2
Jun 25 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Connection closed by 45.153.34.235 port 60376 [preauth]
Jun 25 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Invalid user pi from 45.153.34.235
Jun 25 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: input_userauth_request: invalid user pi [preauth]
Jun 25 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Failed password for invalid user pi from 45.153.34.235 port 51122 ssh2
Jun 25 06:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Connection closed by 45.153.34.235 port 51122 [preauth]
Jun 25 06:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Failed password for root from 45.153.34.235 port 51138 ssh2
Jun 25 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Connection closed by 45.153.34.235 port 51138 [preauth]
Jun 25 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5138]: pam_unix(cron:session): session closed for user root
Jun 25 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Invalid user sam from 45.153.34.235
Jun 25 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: input_userauth_request: invalid user sam [preauth]
Jun 25 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Failed password for invalid user sam from 45.153.34.235 port 51146 ssh2
Jun 25 06:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Connection closed by 45.153.34.235 port 51146 [preauth]
Jun 25 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Failed password for root from 45.153.34.235 port 55370 ssh2
Jun 25 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Connection closed by 45.153.34.235 port 55370 [preauth]
Jun 25 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: Invalid user testuser from 45.153.34.235
Jun 25 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: input_userauth_request: invalid user testuser [preauth]
Jun 25 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: Failed password for invalid user testuser from 45.153.34.235 port 55390 ssh2
Jun 25 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6510]: Connection closed by 45.153.34.235 port 55390 [preauth]
Jun 25 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Invalid user core from 45.153.34.235
Jun 25 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: input_userauth_request: invalid user core [preauth]
Jun 25 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Failed password for invalid user core from 45.153.34.235 port 55416 ssh2
Jun 25 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Connection closed by 45.153.34.235 port 55416 [preauth]
Jun 25 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: Invalid user martin from 45.153.34.235
Jun 25 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: input_userauth_request: invalid user martin [preauth]
Jun 25 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: Failed password for invalid user martin from 45.153.34.235 port 55428 ssh2
Jun 25 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: Connection closed by 45.153.34.235 port 55428 [preauth]
Jun 25 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Invalid user wizard from 45.153.34.235
Jun 25 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: input_userauth_request: invalid user wizard [preauth]
Jun 25 06:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Failed password for invalid user wizard from 45.153.34.235 port 37334 ssh2
Jun 25 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Connection closed by 45.153.34.235 port 37334 [preauth]
Jun 25 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: Invalid user demo from 79.110.201.164
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: input_userauth_request: invalid user demo [preauth]
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Invalid user devops from 45.165.14.197
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: input_userauth_request: invalid user devops [preauth]
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: Failed password for invalid user demo from 79.110.201.164 port 35412 ssh2
Jun 25 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: Failed password for invalid user ubuntu from 45.153.34.235 port 37338 ssh2
Jun 25 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: Received disconnect from 79.110.201.164 port 35412:11: Bye Bye [preauth]
Jun 25 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: Disconnected from 79.110.201.164 port 35412 [preauth]
Jun 25 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: Connection closed by 45.153.34.235 port 37338 [preauth]
Jun 25 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Failed password for invalid user devops from 45.165.14.197 port 40462 ssh2
Jun 25 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Received disconnect from 45.165.14.197 port 40462:11: Bye Bye [preauth]
Jun 25 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Disconnected from 45.165.14.197 port 40462 [preauth]
Jun 25 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: Invalid user user from 45.153.34.235
Jun 25 06:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: input_userauth_request: invalid user user [preauth]
Jun 25 06:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: Failed password for invalid user user from 45.153.34.235 port 37342 ssh2
Jun 25 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: Connection closed by 45.153.34.235 port 37342 [preauth]
Jun 25 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6583]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6648]: Successful su for rubyman by root
Jun 25 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6648]: + ??? root:rubyman
Jun 25 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588601 of user rubyman.
Jun 25 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6648]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588601.
Jun 25 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Failed password for root from 45.153.34.235 port 50330 ssh2
Jun 25 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Connection closed by 45.153.34.235 port 50330 [preauth]
Jun 25 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: Invalid user ftpuser from 45.153.34.235
Jun 25 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3484]: pam_unix(cron:session): session closed for user root
Jun 25 06:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: Failed password for invalid user ftpuser from 45.153.34.235 port 50332 ssh2
Jun 25 06:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6584]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: Connection closed by 45.153.34.235 port 50332 [preauth]
Jun 25 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Failed password for root from 45.153.34.235 port 50342 ssh2
Jun 25 06:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Connection closed by 45.153.34.235 port 50342 [preauth]
Jun 25 06:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Invalid user user from 45.153.34.235
Jun 25 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: input_userauth_request: invalid user user [preauth]
Jun 25 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: Failed password for root from 38.93.206.2 port 9584 ssh2
Jun 25 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: Connection closed by 38.93.206.2 port 9584 [preauth]
Jun 25 06:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Failed password for invalid user user from 45.153.34.235 port 39194 ssh2
Jun 25 06:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Connection closed by 45.153.34.235 port 39194 [preauth]
Jun 25 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Invalid user appuser from 45.153.34.235
Jun 25 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: input_userauth_request: invalid user appuser [preauth]
Jun 25 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for invalid user appuser from 45.153.34.235 port 39204 ssh2
Jun 25 06:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Connection closed by 45.153.34.235 port 39204 [preauth]
Jun 25 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Invalid user user1 from 45.153.34.235
Jun 25 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: input_userauth_request: invalid user user1 [preauth]
Jun 25 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Failed password for invalid user user1 from 45.153.34.235 port 39220 ssh2
Jun 25 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Connection closed by 45.153.34.235 port 39220 [preauth]
Jun 25 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: Invalid user www from 45.153.34.235
Jun 25 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: input_userauth_request: invalid user www [preauth]
Jun 25 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: Failed password for invalid user www from 45.153.34.235 port 49088 ssh2
Jun 25 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: Connection closed by 45.153.34.235 port 49088 [preauth]
Jun 25 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: Invalid user ec2-user from 45.153.34.235
Jun 25 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: Failed password for invalid user ec2-user from 45.153.34.235 port 49090 ssh2
Jun 25 06:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6893]: Connection closed by 45.153.34.235 port 49090 [preauth]
Jun 25 06:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Invalid user sftpuser from 45.153.34.235
Jun 25 06:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: input_userauth_request: invalid user sftpuser [preauth]
Jun 25 06:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Failed password for invalid user sftpuser from 45.153.34.235 port 49106 ssh2
Jun 25 06:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Connection closed by 45.153.34.235 port 49106 [preauth]
Jun 25 06:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Invalid user cursor from 45.153.34.235
Jun 25 06:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: input_userauth_request: invalid user cursor [preauth]
Jun 25 06:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Failed password for invalid user cursor from 45.153.34.235 port 36766 ssh2
Jun 25 06:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Connection closed by 45.153.34.235 port 36766 [preauth]
Jun 25 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6931]: Invalid user hadoop from 45.153.34.235
Jun 25 06:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6931]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 06:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6931]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5673]: pam_unix(cron:session): session closed for user root
Jun 25 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6931]: Failed password for invalid user hadoop from 45.153.34.235 port 36774 ssh2
Jun 25 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6931]: Connection closed by 45.153.34.235 port 36774 [preauth]
Jun 25 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: Invalid user git from 45.153.34.235
Jun 25 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: input_userauth_request: invalid user git [preauth]
Jun 25 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: Failed password for invalid user git from 45.153.34.235 port 36796 ssh2
Jun 25 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: Connection closed by 45.153.34.235 port 36796 [preauth]
Jun 25 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: Failed password for root from 45.153.34.235 port 45354 ssh2
Jun 25 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: Connection closed by 45.153.34.235 port 45354 [preauth]
Jun 25 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: Invalid user newuser from 45.153.34.235
Jun 25 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: input_userauth_request: invalid user newuser [preauth]
Jun 25 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: Failed password for invalid user newuser from 45.153.34.235 port 45356 ssh2
Jun 25 06:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: Connection closed by 45.153.34.235 port 45356 [preauth]
Jun 25 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Invalid user user from 45.153.34.235
Jun 25 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: input_userauth_request: invalid user user [preauth]
Jun 25 06:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Failed password for invalid user user from 45.153.34.235 port 45370 ssh2
Jun 25 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Connection closed by 45.153.34.235 port 45370 [preauth]
Jun 25 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Invalid user admin2 from 45.153.34.235
Jun 25 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18  user=root
Jun 25 06:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Failed password for invalid user admin2 from 45.153.34.235 port 45270 ssh2
Jun 25 06:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Connection closed by 45.153.34.235 port 45270 [preauth]
Jun 25 06:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Failed password for root from 190.128.201.18 port 36436 ssh2
Jun 25 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Received disconnect from 190.128.201.18 port 36436:11: Bye Bye [preauth]
Jun 25 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Disconnected from 190.128.201.18 port 36436 [preauth]
Jun 25 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Invalid user minecraft from 45.153.34.235
Jun 25 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Failed password for invalid user minecraft from 45.153.34.235 port 45280 ssh2
Jun 25 06:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Connection closed by 45.153.34.235 port 45280 [preauth]
Jun 25 06:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7059]: Invalid user guest from 45.153.34.235
Jun 25 06:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7059]: input_userauth_request: invalid user guest [preauth]
Jun 25 06:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7059]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7059]: Failed password for invalid user guest from 45.153.34.235 port 45294 ssh2
Jun 25 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7059]: Connection closed by 45.153.34.235 port 45294 [preauth]
Jun 25 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Invalid user oscar from 45.153.34.235
Jun 25 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: input_userauth_request: invalid user oscar [preauth]
Jun 25 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Failed password for invalid user oscar from 45.153.34.235 port 49906 ssh2
Jun 25 06:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Connection closed by 45.153.34.235 port 49906 [preauth]
Jun 25 06:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7135]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7133]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7201]: Successful su for rubyman by root
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7201]: + ??? root:rubyman
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588606 of user rubyman.
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7201]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588606.
Jun 25 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: Failed password for root from 45.153.34.235 port 49918 ssh2
Jun 25 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7129]: Connection closed by 45.153.34.235 port 49918 [preauth]
Jun 25 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Invalid user cloud from 45.153.34.235
Jun 25 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: input_userauth_request: invalid user cloud [preauth]
Jun 25 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4124]: pam_unix(cron:session): session closed for user root
Jun 25 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7134]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Failed password for invalid user cloud from 45.153.34.235 port 49930 ssh2
Jun 25 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Connection closed by 45.153.34.235 port 49930 [preauth]
Jun 25 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Invalid user master from 45.153.34.235
Jun 25 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: input_userauth_request: invalid user master [preauth]
Jun 25 06:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for invalid user master from 45.153.34.235 port 47134 ssh2
Jun 25 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Connection closed by 45.153.34.235 port 47134 [preauth]
Jun 25 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Invalid user admin from 45.153.34.235
Jun 25 06:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Failed password for invalid user admin from 45.153.34.235 port 47146 ssh2
Jun 25 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Connection closed by 45.153.34.235 port 47146 [preauth]
Jun 25 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: Invalid user jay from 45.153.34.235
Jun 25 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: input_userauth_request: invalid user jay [preauth]
Jun 25 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: Failed password for invalid user jay from 45.153.34.235 port 47160 ssh2
Jun 25 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: Connection closed by 45.153.34.235 port 47160 [preauth]
Jun 25 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: Invalid user odoo16 from 45.153.34.235
Jun 25 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: input_userauth_request: invalid user odoo16 [preauth]
Jun 25 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: Failed password for invalid user odoo16 from 45.153.34.235 port 53282 ssh2
Jun 25 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: Connection closed by 45.153.34.235 port 53282 [preauth]
Jun 25 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221  user=root
Jun 25 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Invalid user asterisk from 45.153.34.235
Jun 25 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: input_userauth_request: invalid user asterisk [preauth]
Jun 25 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: Failed password for root from 143.110.247.221 port 40992 ssh2
Jun 25 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: Received disconnect from 143.110.247.221 port 40992:11: Bye Bye [preauth]
Jun 25 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: Disconnected from 143.110.247.221 port 40992 [preauth]
Jun 25 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Failed password for invalid user asterisk from 45.153.34.235 port 53296 ssh2
Jun 25 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Connection closed by 45.153.34.235 port 53296 [preauth]
Jun 25 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: Invalid user postgres from 45.153.34.235
Jun 25 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: input_userauth_request: invalid user postgres [preauth]
Jun 25 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: User ftp from 79.110.201.164 not allowed because not listed in AllowUsers
Jun 25 06:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: input_userauth_request: invalid user ftp [preauth]
Jun 25 06:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=ftp
Jun 25 06:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: Failed password for invalid user postgres from 45.153.34.235 port 53302 ssh2
Jun 25 06:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: Connection closed by 45.153.34.235 port 53302 [preauth]
Jun 25 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Failed password for invalid user ftp from 79.110.201.164 port 33178 ssh2
Jun 25 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Received disconnect from 79.110.201.164 port 33178:11: Bye Bye [preauth]
Jun 25 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Disconnected from 79.110.201.164 port 33178 [preauth]
Jun 25 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: User mysql from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: input_userauth_request: invalid user mysql [preauth]
Jun 25 06:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=mysql
Jun 25 06:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Failed password for invalid user mysql from 45.153.34.235 port 50668 ssh2
Jun 25 06:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Connection closed by 45.153.34.235 port 50668 [preauth]
Jun 25 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: Invalid user mohammad from 45.153.34.235
Jun 25 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: input_userauth_request: invalid user mohammad [preauth]
Jun 25 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session closed for user root
Jun 25 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: Failed password for invalid user mohammad from 45.153.34.235 port 50682 ssh2
Jun 25 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: Connection closed by 45.153.34.235 port 50682 [preauth]
Jun 25 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Failed password for root from 45.153.34.235 port 50690 ssh2
Jun 25 06:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Connection closed by 45.153.34.235 port 50690 [preauth]
Jun 25 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Invalid user jellyfin from 45.153.34.235
Jun 25 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 06:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Failed password for invalid user jellyfin from 45.153.34.235 port 44276 ssh2
Jun 25 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Connection closed by 45.153.34.235 port 44276 [preauth]
Jun 25 06:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Invalid user kipt from 45.153.34.235
Jun 25 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: input_userauth_request: invalid user kipt [preauth]
Jun 25 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Failed password for invalid user kipt from 45.153.34.235 port 44292 ssh2
Jun 25 06:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Connection closed by 45.153.34.235 port 44292 [preauth]
Jun 25 06:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Invalid user server from 45.153.34.235
Jun 25 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: input_userauth_request: invalid user server [preauth]
Jun 25 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Failed password for invalid user server from 45.153.34.235 port 44296 ssh2
Jun 25 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Connection closed by 45.153.34.235 port 44296 [preauth]
Jun 25 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7543]: Invalid user elasticsearch from 45.153.34.235
Jun 25 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7543]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 25 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7543]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7543]: Failed password for invalid user elasticsearch from 45.153.34.235 port 55244 ssh2
Jun 25 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7543]: Connection closed by 45.153.34.235 port 55244 [preauth]
Jun 25 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: Failed password for root from 45.153.34.235 port 55252 ssh2
Jun 25 06:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7547]: Connection closed by 45.153.34.235 port 55252 [preauth]
Jun 25 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Failed password for root from 45.153.34.235 port 55266 ssh2
Jun 25 06:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Connection closed by 45.153.34.235 port 55266 [preauth]
Jun 25 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Failed password for root from 45.153.34.235 port 51782 ssh2
Jun 25 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Connection closed by 45.153.34.235 port 51782 [preauth]
Jun 25 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Invalid user user03 from 45.165.14.197
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: input_userauth_request: invalid user user03 [preauth]
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: Invalid user tom from 45.153.34.235
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: input_userauth_request: invalid user tom [preauth]
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7743]: Successful su for rubyman by root
Jun 25 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7743]: + ??? root:rubyman
Jun 25 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588609 of user rubyman.
Jun 25 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7743]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588609.
Jun 25 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Failed password for invalid user user03 from 45.165.14.197 port 12897 ssh2
Jun 25 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Received disconnect from 45.165.14.197 port 12897:11: Bye Bye [preauth]
Jun 25 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Disconnected from 45.165.14.197 port 12897 [preauth]
Jun 25 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: Failed password for invalid user tom from 45.153.34.235 port 51784 ssh2
Jun 25 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: Connection closed by 45.153.34.235 port 51784 [preauth]
Jun 25 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session closed for user root
Jun 25 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Invalid user sftpuser from 45.153.34.235
Jun 25 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: input_userauth_request: invalid user sftpuser [preauth]
Jun 25 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Failed password for invalid user sftpuser from 45.153.34.235 port 51790 ssh2
Jun 25 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Connection closed by 45.153.34.235 port 51790 [preauth]
Jun 25 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Failed password for root from 45.153.34.235 port 41328 ssh2
Jun 25 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Connection closed by 45.153.34.235 port 41328 [preauth]
Jun 25 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: Invalid user admin from 45.153.34.235
Jun 25 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: Failed password for invalid user admin from 45.153.34.235 port 41342 ssh2
Jun 25 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: Connection closed by 45.153.34.235 port 41342 [preauth]
Jun 25 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: Invalid user gns3 from 45.153.34.235
Jun 25 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: input_userauth_request: invalid user gns3 [preauth]
Jun 25 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: Failed password for invalid user gns3 from 45.153.34.235 port 41352 ssh2
Jun 25 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7936]: Connection closed by 45.153.34.235 port 41352 [preauth]
Jun 25 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: Invalid user devuser from 45.153.34.235
Jun 25 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: input_userauth_request: invalid user devuser [preauth]
Jun 25 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: Failed password for invalid user devuser from 45.153.34.235 port 50090 ssh2
Jun 25 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7951]: Connection closed by 45.153.34.235 port 50090 [preauth]
Jun 25 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: Failed password for root from 103.15.222.183 port 42306 ssh2
Jun 25 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: Invalid user deploy from 45.153.34.235
Jun 25 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: Connection closed by 103.15.222.183 port 42306 [preauth]
Jun 25 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: Failed password for invalid user deploy from 45.153.34.235 port 50096 ssh2
Jun 25 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7963]: Connection closed by 45.153.34.235 port 50096 [preauth]
Jun 25 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: Invalid user lucas from 45.153.34.235
Jun 25 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: input_userauth_request: invalid user lucas [preauth]
Jun 25 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: Failed password for invalid user lucas from 45.153.34.235 port 50110 ssh2
Jun 25 06:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: Connection closed by 45.153.34.235 port 50110 [preauth]
Jun 25 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7989]: Invalid user david from 45.153.34.235
Jun 25 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7989]: input_userauth_request: invalid user david [preauth]
Jun 25 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7989]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7989]: Failed password for invalid user david from 45.153.34.235 port 36732 ssh2
Jun 25 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7989]: Connection closed by 45.153.34.235 port 36732 [preauth]
Jun 25 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: Failed password for root from 45.153.34.235 port 36740 ssh2
Jun 25 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6586]: pam_unix(cron:session): session closed for user root
Jun 25 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: Connection closed by 45.153.34.235 port 36740 [preauth]
Jun 25 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8024]: Invalid user user1 from 45.153.34.235
Jun 25 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8024]: input_userauth_request: invalid user user1 [preauth]
Jun 25 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8024]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8024]: Failed password for invalid user user1 from 45.153.34.235 port 36754 ssh2
Jun 25 06:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8024]: Connection closed by 45.153.34.235 port 36754 [preauth]
Jun 25 06:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: Invalid user opc from 45.153.34.235
Jun 25 06:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: input_userauth_request: invalid user opc [preauth]
Jun 25 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: Failed password for invalid user opc from 45.153.34.235 port 48488 ssh2
Jun 25 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8034]: Connection closed by 45.153.34.235 port 48488 [preauth]
Jun 25 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Failed password for root from 45.153.34.235 port 48506 ssh2
Jun 25 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Connection closed by 45.153.34.235 port 48506 [preauth]
Jun 25 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: Failed password for root from 45.153.34.235 port 48526 ssh2
Jun 25 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: Connection closed by 45.153.34.235 port 48526 [preauth]
Jun 25 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: Invalid user myuser from 45.153.34.235
Jun 25 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: input_userauth_request: invalid user myuser [preauth]
Jun 25 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: Failed password for invalid user myuser from 45.153.34.235 port 51120 ssh2
Jun 25 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8071]: Connection closed by 45.153.34.235 port 51120 [preauth]
Jun 25 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: Failed password for root from 45.153.34.235 port 51128 ssh2
Jun 25 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: Connection closed by 45.153.34.235 port 51128 [preauth]
Jun 25 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: Invalid user hduser from 79.110.201.164
Jun 25 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: input_userauth_request: invalid user hduser [preauth]
Jun 25 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: Invalid user botuser from 45.153.34.235
Jun 25 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: input_userauth_request: invalid user botuser [preauth]
Jun 25 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: Failed password for invalid user hduser from 79.110.201.164 port 54378 ssh2
Jun 25 06:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: Received disconnect from 79.110.201.164 port 54378:11: Bye Bye [preauth]
Jun 25 06:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8083]: Disconnected from 79.110.201.164 port 54378 [preauth]
Jun 25 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: Failed password for invalid user botuser from 45.153.34.235 port 51132 ssh2
Jun 25 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: Connection closed by 45.153.34.235 port 51132 [preauth]
Jun 25 06:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Invalid user alex from 45.153.34.235
Jun 25 06:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: input_userauth_request: invalid user alex [preauth]
Jun 25 06:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Failed password for invalid user alex from 45.153.34.235 port 57750 ssh2
Jun 25 06:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Connection closed by 45.153.34.235 port 57750 [preauth]
Jun 25 06:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Invalid user dolphinscheduler from 45.153.34.235
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8112]: pam_unix(cron:session): session closed for user root
Jun 25 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8182]: Successful su for rubyman by root
Jun 25 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8182]: + ??? root:rubyman
Jun 25 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588618 of user rubyman.
Jun 25 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8182]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588618.
Jun 25 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Failed password for invalid user dolphinscheduler from 45.153.34.235 port 57758 ssh2
Jun 25 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Connection closed by 45.153.34.235 port 57758 [preauth]
Jun 25 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8109]: pam_unix(cron:session): session closed for user root
Jun 25 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5137]: pam_unix(cron:session): session closed for user root
Jun 25 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: Failed password for root from 45.153.34.235 port 57766 ssh2
Jun 25 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8108]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: Connection closed by 45.153.34.235 port 57766 [preauth]
Jun 25 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Failed password for root from 45.153.34.235 port 33146 ssh2
Jun 25 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Connection closed by 45.153.34.235 port 33146 [preauth]
Jun 25 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for root from 45.153.34.235 port 33162 ssh2
Jun 25 06:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Connection closed by 45.153.34.235 port 33162 [preauth]
Jun 25 06:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8402]: Invalid user chenxi from 45.153.34.235
Jun 25 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8402]: input_userauth_request: invalid user chenxi [preauth]
Jun 25 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8402]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: Failed password for root from 103.149.28.157 port 38706 ssh2
Jun 25 06:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8400]: Connection closed by 103.149.28.157 port 38706 [preauth]
Jun 25 06:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8402]: Failed password for invalid user chenxi from 45.153.34.235 port 33164 ssh2
Jun 25 06:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8402]: Connection closed by 45.153.34.235 port 33164 [preauth]
Jun 25 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Invalid user newuser from 45.153.34.235
Jun 25 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: input_userauth_request: invalid user newuser [preauth]
Jun 25 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18  user=root
Jun 25 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Failed password for invalid user newuser from 45.153.34.235 port 53172 ssh2
Jun 25 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Connection closed by 45.153.34.235 port 53172 [preauth]
Jun 25 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: Failed password for root from 190.128.201.18 port 57202 ssh2
Jun 25 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: Received disconnect from 190.128.201.18 port 57202:11: Bye Bye [preauth]
Jun 25 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: Disconnected from 190.128.201.18 port 57202 [preauth]
Jun 25 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Invalid user potok from 45.153.34.235
Jun 25 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: input_userauth_request: invalid user potok [preauth]
Jun 25 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Failed password for invalid user potok from 45.153.34.235 port 53186 ssh2
Jun 25 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Connection closed by 45.153.34.235 port 53186 [preauth]
Jun 25 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: Invalid user term2 from 45.153.34.235
Jun 25 06:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: input_userauth_request: invalid user term2 [preauth]
Jun 25 06:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: Failed password for invalid user term2 from 45.153.34.235 port 53194 ssh2
Jun 25 06:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: Connection closed by 45.153.34.235 port 53194 [preauth]
Jun 25 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: Invalid user sam from 45.153.34.235
Jun 25 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: input_userauth_request: invalid user sam [preauth]
Jun 25 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: Failed password for invalid user sam from 45.153.34.235 port 48258 ssh2
Jun 25 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: Connection closed by 45.153.34.235 port 48258 [preauth]
Jun 25 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: Invalid user ec2-user from 45.153.34.235
Jun 25 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session closed for user root
Jun 25 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: Failed password for invalid user ec2-user from 45.153.34.235 port 48268 ssh2
Jun 25 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: Connection closed by 45.153.34.235 port 48268 [preauth]
Jun 25 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Invalid user aaa from 45.153.34.235
Jun 25 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: input_userauth_request: invalid user aaa [preauth]
Jun 25 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Failed password for invalid user aaa from 45.153.34.235 port 48282 ssh2
Jun 25 06:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Connection closed by 45.153.34.235 port 48282 [preauth]
Jun 25 06:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Invalid user oracle from 45.153.34.235
Jun 25 06:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: input_userauth_request: invalid user oracle [preauth]
Jun 25 06:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Failed password for invalid user oracle from 45.153.34.235 port 40994 ssh2
Jun 25 06:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Connection closed by 45.153.34.235 port 40994 [preauth]
Jun 25 06:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: Invalid user bot from 45.153.34.235
Jun 25 06:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: input_userauth_request: invalid user bot [preauth]
Jun 25 06:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: Failed password for invalid user bot from 45.153.34.235 port 40998 ssh2
Jun 25 06:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: Connection closed by 45.153.34.235 port 40998 [preauth]
Jun 25 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Invalid user azureuser from 45.153.34.235
Jun 25 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: input_userauth_request: invalid user azureuser [preauth]
Jun 25 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Failed password for invalid user azureuser from 45.153.34.235 port 41014 ssh2
Jun 25 06:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Connection closed by 45.153.34.235 port 41014 [preauth]
Jun 25 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: Invalid user btc from 45.153.34.235
Jun 25 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: input_userauth_request: invalid user btc [preauth]
Jun 25 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: Failed password for invalid user btc from 45.153.34.235 port 52392 ssh2
Jun 25 06:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: Connection closed by 45.153.34.235 port 52392 [preauth]
Jun 25 06:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: Failed password for root from 45.153.34.235 port 52402 ssh2
Jun 25 06:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8555]: Connection closed by 45.153.34.235 port 52402 [preauth]
Jun 25 06:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221  user=root
Jun 25 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Failed password for root from 45.153.34.235 port 52412 ssh2
Jun 25 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Connection closed by 45.153.34.235 port 52412 [preauth]
Jun 25 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: Failed password for root from 143.110.247.221 port 54540 ssh2
Jun 25 06:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: Received disconnect from 143.110.247.221 port 54540:11: Bye Bye [preauth]
Jun 25 06:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: Disconnected from 143.110.247.221 port 54540 [preauth]
Jun 25 06:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Invalid user git from 45.153.34.235
Jun 25 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: input_userauth_request: invalid user git [preauth]
Jun 25 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Failed password for invalid user git from 45.153.34.235 port 54130 ssh2
Jun 25 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Connection closed by 45.153.34.235 port 54130 [preauth]
Jun 25 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8582]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8649]: Successful su for rubyman by root
Jun 25 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8649]: + ??? root:rubyman
Jun 25 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588620 of user rubyman.
Jun 25 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8649]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588620.
Jun 25 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session closed for user root
Jun 25 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: Failed password for root from 45.153.34.235 port 54134 ssh2
Jun 25 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: Connection closed by 45.153.34.235 port 54134 [preauth]
Jun 25 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: Invalid user dmdba from 45.153.34.235
Jun 25 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8583]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: Failed password for invalid user dmdba from 45.153.34.235 port 54148 ssh2
Jun 25 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8808]: Connection closed by 45.153.34.235 port 54148 [preauth]
Jun 25 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Invalid user andi from 45.165.14.197
Jun 25 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: input_userauth_request: invalid user andi [preauth]
Jun 25 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Failed password for invalid user ubuntu from 45.153.34.235 port 34720 ssh2
Jun 25 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Failed password for invalid user andi from 45.165.14.197 port 47963 ssh2
Jun 25 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Connection closed by 45.153.34.235 port 34720 [preauth]
Jun 25 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Received disconnect from 45.165.14.197 port 47963:11: Bye Bye [preauth]
Jun 25 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Disconnected from 45.165.14.197 port 47963 [preauth]
Jun 25 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: Invalid user gabriel from 45.153.34.235
Jun 25 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: Failed password for invalid user gabriel from 45.153.34.235 port 34730 ssh2
Jun 25 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: Connection closed by 45.153.34.235 port 34730 [preauth]
Jun 25 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Failed password for root from 45.153.34.235 port 34744 ssh2
Jun 25 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Connection closed by 45.153.34.235 port 34744 [preauth]
Jun 25 06:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Invalid user runner from 45.153.34.235
Jun 25 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: input_userauth_request: invalid user runner [preauth]
Jun 25 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Failed password for invalid user runner from 45.153.34.235 port 47726 ssh2
Jun 25 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Connection closed by 45.153.34.235 port 47726 [preauth]
Jun 25 06:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Invalid user minecraft from 45.153.34.235
Jun 25 06:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 06:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=root
Jun 25 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Failed password for invalid user minecraft from 45.153.34.235 port 47740 ssh2
Jun 25 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Connection closed by 45.153.34.235 port 47740 [preauth]
Jun 25 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Failed password for root from 79.110.201.164 port 53560 ssh2
Jun 25 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Received disconnect from 79.110.201.164 port 53560:11: Bye Bye [preauth]
Jun 25 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Disconnected from 79.110.201.164 port 53560 [preauth]
Jun 25 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: Failed password for root from 45.153.34.235 port 36334 ssh2
Jun 25 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8899]: Connection closed by 45.153.34.235 port 36334 [preauth]
Jun 25 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Failed password for root from 45.153.34.235 port 36344 ssh2
Jun 25 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Connection closed by 45.153.34.235 port 36344 [preauth]
Jun 25 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session closed for user root
Jun 25 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: Failed password for root from 45.153.34.235 port 36350 ssh2
Jun 25 06:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8928]: Connection closed by 45.153.34.235 port 36350 [preauth]
Jun 25 06:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: Invalid user username from 45.153.34.235
Jun 25 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: input_userauth_request: invalid user username [preauth]
Jun 25 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: Failed password for invalid user username from 45.153.34.235 port 44928 ssh2
Jun 25 06:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: Connection closed by 45.153.34.235 port 44928 [preauth]
Jun 25 06:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: Invalid user gitlab from 45.153.34.235
Jun 25 06:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: input_userauth_request: invalid user gitlab [preauth]
Jun 25 06:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: Failed password for invalid user gitlab from 45.153.34.235 port 44938 ssh2
Jun 25 06:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: Connection closed by 45.153.34.235 port 44938 [preauth]
Jun 25 06:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: Invalid user user3 from 45.153.34.235
Jun 25 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: input_userauth_request: invalid user user3 [preauth]
Jun 25 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: Failed password for invalid user user3 from 45.153.34.235 port 44940 ssh2
Jun 25 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: Connection closed by 45.153.34.235 port 44940 [preauth]
Jun 25 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Failed password for root from 45.153.34.235 port 56142 ssh2
Jun 25 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Connection closed by 45.153.34.235 port 56142 [preauth]
Jun 25 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Failed password for root from 45.153.34.235 port 56150 ssh2
Jun 25 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Connection closed by 45.153.34.235 port 56150 [preauth]
Jun 25 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Invalid user pi from 45.153.34.235
Jun 25 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: input_userauth_request: invalid user pi [preauth]
Jun 25 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Failed password for invalid user pi from 45.153.34.235 port 56162 ssh2
Jun 25 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Connection closed by 45.153.34.235 port 56162 [preauth]
Jun 25 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: Invalid user playground from 45.153.34.235
Jun 25 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: input_userauth_request: invalid user playground [preauth]
Jun 25 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: Failed password for invalid user playground from 45.153.34.235 port 43354 ssh2
Jun 25 06:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9008]: Connection closed by 45.153.34.235 port 43354 [preauth]
Jun 25 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9084]: Successful su for rubyman by root
Jun 25 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9084]: + ??? root:rubyman
Jun 25 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588623 of user rubyman.
Jun 25 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9084]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588623.
Jun 25 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Failed password for root from 45.153.34.235 port 43356 ssh2
Jun 25 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Connection closed by 45.153.34.235 port 43356 [preauth]
Jun 25 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session closed for user root
Jun 25 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: Invalid user ducc0x from 45.153.34.235
Jun 25 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: input_userauth_request: invalid user ducc0x [preauth]
Jun 25 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: Failed password for invalid user ducc0x from 45.153.34.235 port 43372 ssh2
Jun 25 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: Connection closed by 45.153.34.235 port 43372 [preauth]
Jun 25 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: Invalid user odoo17 from 45.153.34.235
Jun 25 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: Failed password for invalid user odoo17 from 45.153.34.235 port 52664 ssh2
Jun 25 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: Connection closed by 45.153.34.235 port 52664 [preauth]
Jun 25 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Invalid user airflow from 45.153.34.235
Jun 25 06:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: input_userauth_request: invalid user airflow [preauth]
Jun 25 06:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for invalid user airflow from 45.153.34.235 port 52668 ssh2
Jun 25 06:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Connection closed by 45.153.34.235 port 52668 [preauth]
Jun 25 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: Invalid user admin from 45.153.34.235
Jun 25 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: Failed password for invalid user admin from 45.153.34.235 port 52684 ssh2
Jun 25 06:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: Connection closed by 45.153.34.235 port 52684 [preauth]
Jun 25 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: Invalid user ec2-user from 45.153.34.235
Jun 25 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: Failed password for invalid user ec2-user from 45.153.34.235 port 34454 ssh2
Jun 25 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: Connection closed by 45.153.34.235 port 34454 [preauth]
Jun 25 06:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Invalid user openvpn from 45.153.34.235
Jun 25 06:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: input_userauth_request: invalid user openvpn [preauth]
Jun 25 06:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Failed password for invalid user openvpn from 45.153.34.235 port 34456 ssh2
Jun 25 06:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Connection closed by 45.153.34.235 port 34456 [preauth]
Jun 25 06:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Invalid user gary from 45.153.34.235
Jun 25 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: input_userauth_request: invalid user gary [preauth]
Jun 25 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Failed password for invalid user gary from 45.153.34.235 port 34466 ssh2
Jun 25 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Connection closed by 45.153.34.235 port 34466 [preauth]
Jun 25 06:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: Invalid user deployer from 45.153.34.235
Jun 25 06:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: input_userauth_request: invalid user deployer [preauth]
Jun 25 06:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: Failed password for invalid user deployer from 45.153.34.235 port 42868 ssh2
Jun 25 06:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: Connection closed by 45.153.34.235 port 42868 [preauth]
Jun 25 06:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9351]: Invalid user sam from 45.153.34.235
Jun 25 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9351]: input_userauth_request: invalid user sam [preauth]
Jun 25 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9351]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8111]: pam_unix(cron:session): session closed for user root
Jun 25 06:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9351]: Failed password for invalid user sam from 45.153.34.235 port 42884 ssh2
Jun 25 06:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9351]: Connection closed by 45.153.34.235 port 42884 [preauth]
Jun 25 06:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9377]: Invalid user admin from 45.153.34.235
Jun 25 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9377]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9377]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9377]: Failed password for invalid user admin from 45.153.34.235 port 42896 ssh2
Jun 25 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9377]: Connection closed by 45.153.34.235 port 42896 [preauth]
Jun 25 06:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: Failed password for invalid user ubuntu from 45.153.34.235 port 53096 ssh2
Jun 25 06:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: Connection closed by 45.153.34.235 port 53096 [preauth]
Jun 25 06:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: Invalid user sysupdate from 45.153.34.235
Jun 25 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: input_userauth_request: invalid user sysupdate [preauth]
Jun 25 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: Failed password for invalid user sysupdate from 45.153.34.235 port 53102 ssh2
Jun 25 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: Connection closed by 45.153.34.235 port 53102 [preauth]
Jun 25 06:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Invalid user student from 45.153.34.235
Jun 25 06:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: input_userauth_request: invalid user student [preauth]
Jun 25 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Failed password for invalid user student from 45.153.34.235 port 40918 ssh2
Jun 25 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Connection closed by 45.153.34.235 port 40918 [preauth]
Jun 25 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Invalid user milad from 45.153.34.235
Jun 25 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: input_userauth_request: invalid user milad [preauth]
Jun 25 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Failed password for invalid user milad from 45.153.34.235 port 40928 ssh2
Jun 25 06:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Connection closed by 45.153.34.235 port 40928 [preauth]
Jun 25 06:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Invalid user test from 45.153.34.235
Jun 25 06:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: input_userauth_request: invalid user test [preauth]
Jun 25 06:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18  user=root
Jun 25 06:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Failed password for invalid user test from 45.153.34.235 port 40930 ssh2
Jun 25 06:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Connection closed by 45.153.34.235 port 40930 [preauth]
Jun 25 06:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: Failed password for root from 190.128.201.18 port 50426 ssh2
Jun 25 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: Invalid user cloud from 45.153.34.235
Jun 25 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: input_userauth_request: invalid user cloud [preauth]
Jun 25 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: Received disconnect from 190.128.201.18 port 50426:11: Bye Bye [preauth]
Jun 25 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: Disconnected from 190.128.201.18 port 50426 [preauth]
Jun 25 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: Failed password for invalid user cloud from 45.153.34.235 port 48258 ssh2
Jun 25 06:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: Connection closed by 45.153.34.235 port 48258 [preauth]
Jun 25 06:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Invalid user guest from 45.153.34.235
Jun 25 06:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: input_userauth_request: invalid user guest [preauth]
Jun 25 06:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9446]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: Successful su for rubyman by root
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: + ??? root:rubyman
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588628 of user rubyman.
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588628.
Jun 25 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Failed password for invalid user guest from 45.153.34.235 port 48264 ssh2
Jun 25 06:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Connection closed by 45.153.34.235 port 48264 [preauth]
Jun 25 06:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Invalid user coder from 45.153.34.235
Jun 25 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: input_userauth_request: invalid user coder [preauth]
Jun 25 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=root
Jun 25 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6585]: pam_unix(cron:session): session closed for user root
Jun 25 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9447]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Failed password for invalid user coder from 45.153.34.235 port 48276 ssh2
Jun 25 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Connection closed by 45.153.34.235 port 48276 [preauth]
Jun 25 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Failed password for root from 79.110.201.164 port 33046 ssh2
Jun 25 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Received disconnect from 79.110.201.164 port 33046:11: Bye Bye [preauth]
Jun 25 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Disconnected from 79.110.201.164 port 33046 [preauth]
Jun 25 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Invalid user appuser from 45.153.34.235
Jun 25 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: input_userauth_request: invalid user appuser [preauth]
Jun 25 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Failed password for invalid user appuser from 45.153.34.235 port 41248 ssh2
Jun 25 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Connection closed by 45.153.34.235 port 41248 [preauth]
Jun 25 06:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9706]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9706]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9706]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9706]: Failed password for invalid user ubuntu from 45.153.34.235 port 41260 ssh2
Jun 25 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9706]: Connection closed by 45.153.34.235 port 41260 [preauth]
Jun 25 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 25 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: Invalid user ts3 from 45.153.34.235
Jun 25 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 06:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: Failed password for root from 186.96.158.180 port 43582 ssh2
Jun 25 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: Received disconnect from 186.96.158.180 port 43582:11: Bye Bye [preauth]
Jun 25 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: Disconnected from 186.96.158.180 port 43582 [preauth]
Jun 25 06:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: Failed password for invalid user ts3 from 45.153.34.235 port 41272 ssh2
Jun 25 06:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: Connection closed by 45.153.34.235 port 41272 [preauth]
Jun 25 06:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: Invalid user trade from 45.153.34.235
Jun 25 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: input_userauth_request: invalid user trade [preauth]
Jun 25 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197  user=root
Jun 25 06:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: Failed password for invalid user trade from 45.153.34.235 port 47080 ssh2
Jun 25 06:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: Connection closed by 45.153.34.235 port 47080 [preauth]
Jun 25 06:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: Failed password for root from 45.165.14.197 port 22901 ssh2
Jun 25 06:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: Received disconnect from 45.165.14.197 port 22901:11: Bye Bye [preauth]
Jun 25 06:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: Disconnected from 45.165.14.197 port 22901 [preauth]
Jun 25 06:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Failed password for root from 45.153.34.235 port 47100 ssh2
Jun 25 06:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Connection closed by 45.153.34.235 port 47100 [preauth]
Jun 25 06:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Invalid user admin from 45.153.34.235
Jun 25 06:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Failed password for invalid user admin from 45.153.34.235 port 47108 ssh2
Jun 25 06:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Connection closed by 45.153.34.235 port 47108 [preauth]
Jun 25 06:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Invalid user erp from 45.153.34.235
Jun 25 06:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: input_userauth_request: invalid user erp [preauth]
Jun 25 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Failed password for invalid user erp from 45.153.34.235 port 52758 ssh2
Jun 25 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Connection closed by 45.153.34.235 port 52758 [preauth]
Jun 25 06:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: Invalid user rancher from 45.153.34.235
Jun 25 06:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: input_userauth_request: invalid user rancher [preauth]
Jun 25 06:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8585]: pam_unix(cron:session): session closed for user root
Jun 25 06:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: Failed password for invalid user rancher from 45.153.34.235 port 52776 ssh2
Jun 25 06:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9783]: Connection closed by 45.153.34.235 port 52776 [preauth]
Jun 25 06:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for root from 45.153.34.235 port 52800 ssh2
Jun 25 06:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Connection closed by 45.153.34.235 port 52800 [preauth]
Jun 25 06:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Invalid user openclaw from 45.153.34.235
Jun 25 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Invalid user servers from 143.110.247.221
Jun 25 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: input_userauth_request: invalid user servers [preauth]
Jun 25 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Failed password for invalid user openclaw from 45.153.34.235 port 52626 ssh2
Jun 25 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Connection closed by 45.153.34.235 port 52626 [preauth]
Jun 25 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9828]: Invalid user user from 45.153.34.235
Jun 25 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9828]: input_userauth_request: invalid user user [preauth]
Jun 25 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9828]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Failed password for invalid user servers from 143.110.247.221 port 43716 ssh2
Jun 25 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Received disconnect from 143.110.247.221 port 43716:11: Bye Bye [preauth]
Jun 25 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Disconnected from 143.110.247.221 port 43716 [preauth]
Jun 25 06:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9828]: Failed password for invalid user user from 45.153.34.235 port 52642 ssh2
Jun 25 06:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9828]: Connection closed by 45.153.34.235 port 52642 [preauth]
Jun 25 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Invalid user trinity from 45.153.34.235
Jun 25 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: input_userauth_request: invalid user trinity [preauth]
Jun 25 06:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Failed password for invalid user trinity from 45.153.34.235 port 52654 ssh2
Jun 25 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Connection closed by 45.153.34.235 port 52654 [preauth]
Jun 25 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Invalid user frappe from 45.153.34.235
Jun 25 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: input_userauth_request: invalid user frappe [preauth]
Jun 25 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Failed password for invalid user frappe from 45.153.34.235 port 34600 ssh2
Jun 25 06:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Connection closed by 45.153.34.235 port 34600 [preauth]
Jun 25 06:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Failed password for root from 45.153.34.235 port 34624 ssh2
Jun 25 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Connection closed by 45.153.34.235 port 34624 [preauth]
Jun 25 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Invalid user alex from 45.153.34.235
Jun 25 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: input_userauth_request: invalid user alex [preauth]
Jun 25 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Failed password for invalid user alex from 45.153.34.235 port 34642 ssh2
Jun 25 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Connection closed by 45.153.34.235 port 34642 [preauth]
Jun 25 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Invalid user admin from 45.153.34.235
Jun 25 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10062]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Failed password for invalid user admin from 45.153.34.235 port 43296 ssh2
Jun 25 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Connection closed by 45.153.34.235 port 43296 [preauth]
Jun 25 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10126]: Successful su for rubyman by root
Jun 25 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10126]: + ??? root:rubyman
Jun 25 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588631 of user rubyman.
Jun 25 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10126]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588631.
Jun 25 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: Invalid user fivem from 45.153.34.235
Jun 25 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: input_userauth_request: invalid user fivem [preauth]
Jun 25 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7135]: pam_unix(cron:session): session closed for user root
Jun 25 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: Failed password for invalid user fivem from 45.153.34.235 port 43302 ssh2
Jun 25 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: Connection closed by 45.153.34.235 port 43302 [preauth]
Jun 25 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10063]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Invalid user main from 45.153.34.235
Jun 25 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: input_userauth_request: invalid user main [preauth]
Jun 25 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Failed password for invalid user main from 45.153.34.235 port 43306 ssh2
Jun 25 06:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Connection closed by 45.153.34.235 port 43306 [preauth]
Jun 25 06:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Invalid user gitlab from 45.153.34.235
Jun 25 06:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: input_userauth_request: invalid user gitlab [preauth]
Jun 25 06:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Failed password for invalid user gitlab from 45.153.34.235 port 57656 ssh2
Jun 25 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Connection closed by 45.153.34.235 port 57656 [preauth]
Jun 25 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10421]: Invalid user user from 45.153.34.235
Jun 25 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10421]: input_userauth_request: invalid user user [preauth]
Jun 25 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10421]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10421]: Failed password for invalid user user from 45.153.34.235 port 57672 ssh2
Jun 25 06:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10421]: Connection closed by 45.153.34.235 port 57672 [preauth]
Jun 25 06:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: Invalid user appuser from 45.153.34.235
Jun 25 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: input_userauth_request: invalid user appuser [preauth]
Jun 25 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: Failed password for invalid user appuser from 45.153.34.235 port 32866 ssh2
Jun 25 06:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: Connection closed by 45.153.34.235 port 32866 [preauth]
Jun 25 06:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: Invalid user user from 45.153.34.235
Jun 25 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: input_userauth_request: invalid user user [preauth]
Jun 25 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: Failed password for invalid user user from 45.153.34.235 port 32894 ssh2
Jun 25 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: Connection closed by 45.153.34.235 port 32894 [preauth]
Jun 25 06:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: Invalid user oracle from 45.153.34.235
Jun 25 06:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: input_userauth_request: invalid user oracle [preauth]
Jun 25 06:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: Failed password for invalid user oracle from 45.153.34.235 port 32928 ssh2
Jun 25 06:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10458]: Connection closed by 45.153.34.235 port 32928 [preauth]
Jun 25 06:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Failed password for root from 45.153.34.235 port 36944 ssh2
Jun 25 06:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Connection closed by 45.153.34.235 port 36944 [preauth]
Jun 25 06:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10484]: Failed password for root from 45.153.34.235 port 36948 ssh2
Jun 25 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10484]: Connection closed by 45.153.34.235 port 36948 [preauth]
Jun 25 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session closed for user root
Jun 25 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: Failed password for root from 45.153.34.235 port 36954 ssh2
Jun 25 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: Connection closed by 45.153.34.235 port 36954 [preauth]
Jun 25 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: Invalid user uftp from 45.153.34.235
Jun 25 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: input_userauth_request: invalid user uftp [preauth]
Jun 25 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: Failed password for invalid user uftp from 45.153.34.235 port 45928 ssh2
Jun 25 06:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: Connection closed by 45.153.34.235 port 45928 [preauth]
Jun 25 06:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Invalid user fivem from 45.153.34.235
Jun 25 06:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: input_userauth_request: invalid user fivem [preauth]
Jun 25 06:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Failed password for invalid user fivem from 45.153.34.235 port 45940 ssh2
Jun 25 06:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Connection closed by 45.153.34.235 port 45940 [preauth]
Jun 25 06:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: Invalid user bitrix from 45.153.34.235
Jun 25 06:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: input_userauth_request: invalid user bitrix [preauth]
Jun 25 06:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=root
Jun 25 06:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: Failed password for invalid user bitrix from 45.153.34.235 port 45954 ssh2
Jun 25 06:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: Connection closed by 45.153.34.235 port 45954 [preauth]
Jun 25 06:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Failed password for root from 79.110.201.164 port 55596 ssh2
Jun 25 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: Invalid user www from 45.153.34.235
Jun 25 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: input_userauth_request: invalid user www [preauth]
Jun 25 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Received disconnect from 79.110.201.164 port 55596:11: Bye Bye [preauth]
Jun 25 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Disconnected from 79.110.201.164 port 55596 [preauth]
Jun 25 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: Failed password for invalid user www from 45.153.34.235 port 53648 ssh2
Jun 25 06:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: Connection closed by 45.153.34.235 port 53648 [preauth]
Jun 25 06:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: Invalid user test from 45.153.34.235
Jun 25 06:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: input_userauth_request: invalid user test [preauth]
Jun 25 06:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: Failed password for invalid user test from 45.153.34.235 port 53654 ssh2
Jun 25 06:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: Connection closed by 45.153.34.235 port 53654 [preauth]
Jun 25 06:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: Invalid user karel from 45.153.34.235
Jun 25 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: input_userauth_request: invalid user karel [preauth]
Jun 25 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: Failed password for invalid user karel from 45.153.34.235 port 53664 ssh2
Jun 25 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: Connection closed by 45.153.34.235 port 53664 [preauth]
Jun 25 06:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: Failed password for invalid user ubuntu from 45.153.34.235 port 50724 ssh2
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: Connection closed by 45.153.34.235 port 50724 [preauth]
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session closed for user root
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10595]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10674]: Successful su for rubyman by root
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10674]: + ??? root:rubyman
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588637 of user rubyman.
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10674]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588637.
Jun 25 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10597]: pam_unix(cron:session): session closed for user root
Jun 25 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: Failed password for root from 45.153.34.235 port 50730 ssh2
Jun 25 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10603]: Connection closed by 45.153.34.235 port 50730 [preauth]
Jun 25 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7581]: pam_unix(cron:session): session closed for user root
Jun 25 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: Invalid user system from 45.153.34.235
Jun 25 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: input_userauth_request: invalid user system [preauth]
Jun 25 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10596]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: Failed password for invalid user system from 45.153.34.235 port 50732 ssh2
Jun 25 06:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: Connection closed by 45.153.34.235 port 50732 [preauth]
Jun 25 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: Invalid user labuser from 45.153.34.235
Jun 25 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: input_userauth_request: invalid user labuser [preauth]
Jun 25 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: Failed password for invalid user labuser from 45.153.34.235 port 36932 ssh2
Jun 25 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10900]: Connection closed by 45.153.34.235 port 36932 [preauth]
Jun 25 06:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Failed password for root from 45.153.34.235 port 36952 ssh2
Jun 25 06:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Connection closed by 45.153.34.235 port 36952 [preauth]
Jun 25 06:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Invalid user oscar from 45.153.34.235
Jun 25 06:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: input_userauth_request: invalid user oscar [preauth]
Jun 25 06:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Failed password for invalid user oscar from 45.153.34.235 port 36968 ssh2
Jun 25 06:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Connection closed by 45.153.34.235 port 36968 [preauth]
Jun 25 06:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Failed password for invalid user ubuntu from 45.153.34.235 port 53294 ssh2
Jun 25 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Connection closed by 45.153.34.235 port 53294 [preauth]
Jun 25 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Invalid user crafty from 45.153.34.235
Jun 25 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: input_userauth_request: invalid user crafty [preauth]
Jun 25 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Failed password for invalid user crafty from 45.153.34.235 port 53302 ssh2
Jun 25 06:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Connection closed by 45.153.34.235 port 53302 [preauth]
Jun 25 06:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: Invalid user pi from 45.153.34.235
Jun 25 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: input_userauth_request: invalid user pi [preauth]
Jun 25 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: Failed password for invalid user pi from 45.153.34.235 port 53306 ssh2
Jun 25 06:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: Connection closed by 45.153.34.235 port 53306 [preauth]
Jun 25 06:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Invalid user foundry from 45.165.14.197
Jun 25 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: input_userauth_request: invalid user foundry [preauth]
Jun 25 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Failed password for root from 45.153.34.235 port 56986 ssh2
Jun 25 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Connection closed by 45.153.34.235 port 56986 [preauth]
Jun 25 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Invalid user ftp1 from 190.128.201.18
Jun 25 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: input_userauth_request: invalid user ftp1 [preauth]
Jun 25 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9449]: pam_unix(cron:session): session closed for user root
Jun 25 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Failed password for invalid user foundry from 45.165.14.197 port 61359 ssh2
Jun 25 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Received disconnect from 45.165.14.197 port 61359:11: Bye Bye [preauth]
Jun 25 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Disconnected from 45.165.14.197 port 61359 [preauth]
Jun 25 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Failed password for invalid user ftp1 from 190.128.201.18 port 36196 ssh2
Jun 25 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Received disconnect from 190.128.201.18 port 36196:11: Bye Bye [preauth]
Jun 25 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Disconnected from 190.128.201.18 port 36196 [preauth]
Jun 25 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Failed password for root from 45.153.34.235 port 57000 ssh2
Jun 25 06:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Connection closed by 45.153.34.235 port 57000 [preauth]
Jun 25 06:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Invalid user app from 45.153.34.235
Jun 25 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: input_userauth_request: invalid user app [preauth]
Jun 25 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Failed password for invalid user app from 45.153.34.235 port 57014 ssh2
Jun 25 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Connection closed by 45.153.34.235 port 57014 [preauth]
Jun 25 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Invalid user csgo from 45.153.34.235
Jun 25 06:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: input_userauth_request: invalid user csgo [preauth]
Jun 25 06:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Failed password for invalid user csgo from 45.153.34.235 port 44888 ssh2
Jun 25 06:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Connection closed by 45.153.34.235 port 44888 [preauth]
Jun 25 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Invalid user splunk from 45.153.34.235
Jun 25 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: input_userauth_request: invalid user splunk [preauth]
Jun 25 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Failed password for invalid user splunk from 45.153.34.235 port 44890 ssh2
Jun 25 06:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Connection closed by 45.153.34.235 port 44890 [preauth]
Jun 25 06:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Invalid user ark from 45.153.34.235
Jun 25 06:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: input_userauth_request: invalid user ark [preauth]
Jun 25 06:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Failed password for invalid user ark from 45.153.34.235 port 44896 ssh2
Jun 25 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Connection closed by 45.153.34.235 port 44896 [preauth]
Jun 25 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: Invalid user frank from 45.153.34.235
Jun 25 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: input_userauth_request: invalid user frank [preauth]
Jun 25 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: Failed password for invalid user frank from 45.153.34.235 port 39028 ssh2
Jun 25 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: Connection closed by 45.153.34.235 port 39028 [preauth]
Jun 25 06:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Invalid user manoj from 45.153.34.235
Jun 25 06:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: input_userauth_request: invalid user manoj [preauth]
Jun 25 06:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Failed password for invalid user manoj from 45.153.34.235 port 39030 ssh2
Jun 25 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Connection closed by 45.153.34.235 port 39030 [preauth]
Jun 25 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Invalid user user from 45.153.34.235
Jun 25 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: input_userauth_request: invalid user user [preauth]
Jun 25 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Failed password for invalid user user from 45.153.34.235 port 39036 ssh2
Jun 25 06:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Connection closed by 45.153.34.235 port 39036 [preauth]
Jun 25 06:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11088]: User mysql from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11088]: input_userauth_request: invalid user mysql [preauth]
Jun 25 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=mysql
Jun 25 06:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11088]: Failed password for invalid user mysql from 45.153.34.235 port 58952 ssh2
Jun 25 06:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11088]: Connection closed by 45.153.34.235 port 58952 [preauth]
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11092]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11163]: Successful su for rubyman by root
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11163]: + ??? root:rubyman
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588642 of user rubyman.
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11163]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588642.
Jun 25 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: Invalid user deploy from 45.153.34.235
Jun 25 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: Failed password for invalid user deploy from 45.153.34.235 port 58958 ssh2
Jun 25 06:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: Connection closed by 45.153.34.235 port 58958 [preauth]
Jun 25 06:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session closed for user root
Jun 25 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: Invalid user user from 45.153.34.235
Jun 25 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: input_userauth_request: invalid user user [preauth]
Jun 25 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11093]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: Failed password for invalid user user from 45.153.34.235 port 58972 ssh2
Jun 25 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: Connection closed by 45.153.34.235 port 58972 [preauth]
Jun 25 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: Invalid user admin from 45.153.34.235
Jun 25 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: Failed password for invalid user admin from 45.153.34.235 port 38646 ssh2
Jun 25 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: Connection closed by 45.153.34.235 port 38646 [preauth]
Jun 25 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: Invalid user debian from 45.153.34.235
Jun 25 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: input_userauth_request: invalid user debian [preauth]
Jun 25 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: Failed password for invalid user debian from 45.153.34.235 port 38660 ssh2
Jun 25 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: Connection closed by 45.153.34.235 port 38660 [preauth]
Jun 25 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: Invalid user amine from 45.153.34.235
Jun 25 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: input_userauth_request: invalid user amine [preauth]
Jun 25 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: Failed password for invalid user amine from 45.153.34.235 port 38688 ssh2
Jun 25 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: Connection closed by 45.153.34.235 port 38688 [preauth]
Jun 25 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Invalid user obc from 143.110.247.221
Jun 25 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: input_userauth_request: invalid user obc [preauth]
Jun 25 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Invalid user administrator from 45.153.34.235
Jun 25 06:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: input_userauth_request: invalid user administrator [preauth]
Jun 25 06:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Failed password for invalid user obc from 143.110.247.221 port 58676 ssh2
Jun 25 06:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Received disconnect from 143.110.247.221 port 58676:11: Bye Bye [preauth]
Jun 25 06:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Disconnected from 143.110.247.221 port 58676 [preauth]
Jun 25 06:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Failed password for invalid user administrator from 45.153.34.235 port 45266 ssh2
Jun 25 06:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Connection closed by 45.153.34.235 port 45266 [preauth]
Jun 25 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Invalid user minecraft from 45.153.34.235
Jun 25 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: Invalid user tv from 79.110.201.164
Jun 25 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: input_userauth_request: invalid user tv [preauth]
Jun 25 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Failed password for invalid user minecraft from 45.153.34.235 port 45274 ssh2
Jun 25 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Connection closed by 45.153.34.235 port 45274 [preauth]
Jun 25 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Invalid user calvin from 45.153.34.235
Jun 25 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: input_userauth_request: invalid user calvin [preauth]
Jun 25 06:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: Failed password for invalid user tv from 79.110.201.164 port 50030 ssh2
Jun 25 06:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: Received disconnect from 79.110.201.164 port 50030:11: Bye Bye [preauth]
Jun 25 06:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: Disconnected from 79.110.201.164 port 50030 [preauth]
Jun 25 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Failed password for invalid user calvin from 45.153.34.235 port 45280 ssh2
Jun 25 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Connection closed by 45.153.34.235 port 45280 [preauth]
Jun 25 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: Failed password for root from 45.153.34.235 port 44634 ssh2
Jun 25 06:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: Connection closed by 45.153.34.235 port 44634 [preauth]
Jun 25 06:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Invalid user ethan from 45.153.34.235
Jun 25 06:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: input_userauth_request: invalid user ethan [preauth]
Jun 25 06:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10065]: pam_unix(cron:session): session closed for user root
Jun 25 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Failed password for invalid user ethan from 45.153.34.235 port 44636 ssh2
Jun 25 06:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Connection closed by 45.153.34.235 port 44636 [preauth]
Jun 25 06:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Invalid user vbox from 45.153.34.235
Jun 25 06:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: input_userauth_request: invalid user vbox [preauth]
Jun 25 06:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Failed password for invalid user vbox from 45.153.34.235 port 44646 ssh2
Jun 25 06:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Connection closed by 45.153.34.235 port 44646 [preauth]
Jun 25 06:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11499]: Invalid user avax from 45.153.34.235
Jun 25 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11499]: input_userauth_request: invalid user avax [preauth]
Jun 25 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11499]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11499]: Failed password for invalid user avax from 45.153.34.235 port 34628 ssh2
Jun 25 06:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11499]: Connection closed by 45.153.34.235 port 34628 [preauth]
Jun 25 06:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: Failed password for root from 45.153.34.235 port 34648 ssh2
Jun 25 06:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: Connection closed by 45.153.34.235 port 34648 [preauth]
Jun 25 06:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: Invalid user sam from 45.153.34.235
Jun 25 06:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: input_userauth_request: invalid user sam [preauth]
Jun 25 06:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: Failed password for invalid user sam from 45.153.34.235 port 34670 ssh2
Jun 25 06:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11523]: Connection closed by 45.153.34.235 port 34670 [preauth]
Jun 25 06:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: Invalid user private from 45.153.34.235
Jun 25 06:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: input_userauth_request: invalid user private [preauth]
Jun 25 06:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: Failed password for invalid user private from 45.153.34.235 port 35590 ssh2
Jun 25 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: Connection closed by 45.153.34.235 port 35590 [preauth]
Jun 25 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: Invalid user claude from 45.153.34.235
Jun 25 06:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: input_userauth_request: invalid user claude [preauth]
Jun 25 06:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: Failed password for invalid user claude from 45.153.34.235 port 35598 ssh2
Jun 25 06:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: Connection closed by 45.153.34.235 port 35598 [preauth]
Jun 25 06:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11545]: Invalid user tester from 45.153.34.235
Jun 25 06:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11545]: input_userauth_request: invalid user tester [preauth]
Jun 25 06:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11545]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11545]: Failed password for invalid user tester from 45.153.34.235 port 35604 ssh2
Jun 25 06:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11545]: Connection closed by 45.153.34.235 port 35604 [preauth]
Jun 25 06:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: Failed password for root from 45.153.34.235 port 53914 ssh2
Jun 25 06:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: Connection closed by 45.153.34.235 port 53914 [preauth]
Jun 25 06:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: Invalid user rdpuser from 45.153.34.235
Jun 25 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11632]: Successful su for rubyman by root
Jun 25 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11632]: + ??? root:rubyman
Jun 25 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588645 of user rubyman.
Jun 25 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11632]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588645.
Jun 25 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: Failed password for invalid user rdpuser from 45.153.34.235 port 53918 ssh2
Jun 25 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: Connection closed by 45.153.34.235 port 53918 [preauth]
Jun 25 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8584]: pam_unix(cron:session): session closed for user root
Jun 25 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Failed password for root from 45.153.34.235 port 53926 ssh2
Jun 25 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Connection closed by 45.153.34.235 port 53926 [preauth]
Jun 25 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11846]: Invalid user ecommerce from 45.153.34.235
Jun 25 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11846]: input_userauth_request: invalid user ecommerce [preauth]
Jun 25 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11846]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11846]: Failed password for invalid user ecommerce from 45.153.34.235 port 59562 ssh2
Jun 25 06:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11846]: Connection closed by 45.153.34.235 port 59562 [preauth]
Jun 25 06:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: Invalid user user2 from 45.153.34.235
Jun 25 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: input_userauth_request: invalid user user2 [preauth]
Jun 25 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: Failed password for invalid user user2 from 45.153.34.235 port 59578 ssh2
Jun 25 06:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: Connection closed by 45.153.34.235 port 59578 [preauth]
Jun 25 06:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: Invalid user user2 from 45.153.34.235
Jun 25 06:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: input_userauth_request: invalid user user2 [preauth]
Jun 25 06:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: Failed password for invalid user user2 from 45.153.34.235 port 59592 ssh2
Jun 25 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: Connection closed by 45.153.34.235 port 59592 [preauth]
Jun 25 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Invalid user nexus from 45.153.34.235
Jun 25 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: input_userauth_request: invalid user nexus [preauth]
Jun 25 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Failed password for invalid user nexus from 45.153.34.235 port 47064 ssh2
Jun 25 06:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Connection closed by 45.153.34.235 port 47064 [preauth]
Jun 25 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: Invalid user debian from 45.153.34.235
Jun 25 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: input_userauth_request: invalid user debian [preauth]
Jun 25 06:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: Failed password for invalid user debian from 45.153.34.235 port 47094 ssh2
Jun 25 06:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: Connection closed by 45.153.34.235 port 47094 [preauth]
Jun 25 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Invalid user user from 45.153.34.235
Jun 25 06:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: input_userauth_request: invalid user user [preauth]
Jun 25 06:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Failed password for invalid user user from 45.153.34.235 port 47110 ssh2
Jun 25 06:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Connection closed by 45.153.34.235 port 47110 [preauth]
Jun 25 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Invalid user admin from 45.153.34.235
Jun 25 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Failed password for invalid user admin from 45.153.34.235 port 34874 ssh2
Jun 25 06:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Connection closed by 45.153.34.235 port 34874 [preauth]
Jun 25 06:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: Invalid user gitlab-runner from 45.153.34.235
Jun 25 06:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 06:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: Failed password for invalid user gitlab-runner from 45.153.34.235 port 34886 ssh2
Jun 25 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: Connection closed by 45.153.34.235 port 34886 [preauth]
Jun 25 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session closed for user root
Jun 25 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Invalid user aaa from 45.153.34.235
Jun 25 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: input_userauth_request: invalid user aaa [preauth]
Jun 25 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Failed password for invalid user aaa from 45.153.34.235 port 34892 ssh2
Jun 25 06:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Connection closed by 45.153.34.235 port 34892 [preauth]
Jun 25 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Invalid user jack from 45.153.34.235
Jun 25 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: input_userauth_request: invalid user jack [preauth]
Jun 25 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197  user=root
Jun 25 06:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Failed password for invalid user jack from 45.153.34.235 port 50262 ssh2
Jun 25 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Connection closed by 45.153.34.235 port 50262 [preauth]
Jun 25 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Invalid user user1 from 45.153.34.235
Jun 25 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: input_userauth_request: invalid user user1 [preauth]
Jun 25 06:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Failed password for root from 45.165.14.197 port 34483 ssh2
Jun 25 06:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Received disconnect from 45.165.14.197 port 34483:11: Bye Bye [preauth]
Jun 25 06:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Disconnected from 45.165.14.197 port 34483 [preauth]
Jun 25 06:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Failed password for invalid user user1 from 45.153.34.235 port 50268 ssh2
Jun 25 06:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Connection closed by 45.153.34.235 port 50268 [preauth]
Jun 25 06:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: User vncuser from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=vncuser
Jun 25 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: Failed password for invalid user vncuser from 45.153.34.235 port 50270 ssh2
Jun 25 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: Connection closed by 45.153.34.235 port 50270 [preauth]
Jun 25 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Invalid user lin from 45.153.34.235
Jun 25 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: input_userauth_request: invalid user lin [preauth]
Jun 25 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Failed password for invalid user lin from 45.153.34.235 port 58668 ssh2
Jun 25 06:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Connection closed by 45.153.34.235 port 58668 [preauth]
Jun 25 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: Invalid user admin2 from 45.153.34.235
Jun 25 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 06:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: Failed password for invalid user admin2 from 45.153.34.235 port 58682 ssh2
Jun 25 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: Connection closed by 45.153.34.235 port 58682 [preauth]
Jun 25 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12048]: Invalid user claude from 45.153.34.235
Jun 25 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12048]: input_userauth_request: invalid user claude [preauth]
Jun 25 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12048]: Failed password for invalid user claude from 45.153.34.235 port 58696 ssh2
Jun 25 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12048]: Connection closed by 45.153.34.235 port 58696 [preauth]
Jun 25 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: User ftp from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: input_userauth_request: invalid user ftp [preauth]
Jun 25 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=ftp
Jun 25 06:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12053]: Invalid user luigi from 79.110.201.164
Jun 25 06:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12053]: input_userauth_request: invalid user luigi [preauth]
Jun 25 06:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12053]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: Failed password for invalid user ftp from 45.153.34.235 port 33310 ssh2
Jun 25 06:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: Connection closed by 45.153.34.235 port 33310 [preauth]
Jun 25 06:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12053]: Failed password for invalid user luigi from 79.110.201.164 port 56936 ssh2
Jun 25 06:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12053]: Received disconnect from 79.110.201.164 port 56936:11: Bye Bye [preauth]
Jun 25 06:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12053]: Disconnected from 79.110.201.164 port 56936 [preauth]
Jun 25 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: Invalid user plex from 45.153.34.235
Jun 25 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: input_userauth_request: invalid user plex [preauth]
Jun 25 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12124]: Successful su for rubyman by root
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12124]: + ??? root:rubyman
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588650 of user rubyman.
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12124]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588650.
Jun 25 06:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: Failed password for invalid user plex from 45.153.34.235 port 33320 ssh2
Jun 25 06:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: Connection closed by 45.153.34.235 port 33320 [preauth]
Jun 25 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Invalid user dmdba from 45.153.34.235
Jun 25 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session closed for user root
Jun 25 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18  user=root
Jun 25 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Failed password for invalid user dmdba from 45.153.34.235 port 33328 ssh2
Jun 25 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Connection closed by 45.153.34.235 port 33328 [preauth]
Jun 25 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12067]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Invalid user root1 from 45.153.34.235
Jun 25 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: input_userauth_request: invalid user root1 [preauth]
Jun 25 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Failed password for root from 190.128.201.18 port 53808 ssh2
Jun 25 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Received disconnect from 190.128.201.18 port 53808:11: Bye Bye [preauth]
Jun 25 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Disconnected from 190.128.201.18 port 53808 [preauth]
Jun 25 06:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Failed password for invalid user root1 from 45.153.34.235 port 37208 ssh2
Jun 25 06:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Connection closed by 45.153.34.235 port 37208 [preauth]
Jun 25 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Invalid user vyos from 45.153.34.235
Jun 25 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: input_userauth_request: invalid user vyos [preauth]
Jun 25 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Failed password for invalid user vyos from 45.153.34.235 port 37216 ssh2
Jun 25 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Connection closed by 45.153.34.235 port 37216 [preauth]
Jun 25 06:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Invalid user devops from 45.153.34.235
Jun 25 06:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: input_userauth_request: invalid user devops [preauth]
Jun 25 06:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Failed password for invalid user devops from 45.153.34.235 port 37228 ssh2
Jun 25 06:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Connection closed by 45.153.34.235 port 37228 [preauth]
Jun 25 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Invalid user xiao from 45.153.34.235
Jun 25 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: input_userauth_request: invalid user xiao [preauth]
Jun 25 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Failed password for invalid user xiao from 45.153.34.235 port 53372 ssh2
Jun 25 06:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Connection closed by 45.153.34.235 port 53372 [preauth]
Jun 25 06:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: Invalid user admin from 45.153.34.235
Jun 25 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: Failed password for invalid user admin from 45.153.34.235 port 53374 ssh2
Jun 25 06:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: Connection closed by 45.153.34.235 port 53374 [preauth]
Jun 25 06:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Invalid user deployer from 45.153.34.235
Jun 25 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: input_userauth_request: invalid user deployer [preauth]
Jun 25 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Failed password for invalid user deployer from 45.153.34.235 port 53378 ssh2
Jun 25 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Connection closed by 45.153.34.235 port 53378 [preauth]
Jun 25 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: Invalid user appuser from 45.153.34.235
Jun 25 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: input_userauth_request: invalid user appuser [preauth]
Jun 25 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: Failed password for invalid user appuser from 45.153.34.235 port 43962 ssh2
Jun 25 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: Connection closed by 45.153.34.235 port 43962 [preauth]
Jun 25 06:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: Invalid user rdpuser from 45.153.34.235
Jun 25 06:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 06:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session closed for user root
Jun 25 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: Failed password for invalid user rdpuser from 45.153.34.235 port 43974 ssh2
Jun 25 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: Connection closed by 45.153.34.235 port 43974 [preauth]
Jun 25 06:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Invalid user rancher from 45.153.34.235
Jun 25 06:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: input_userauth_request: invalid user rancher [preauth]
Jun 25 06:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Failed password for invalid user rancher from 45.153.34.235 port 43986 ssh2
Jun 25 06:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Connection closed by 45.153.34.235 port 43986 [preauth]
Jun 25 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: User vncuser from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=vncuser
Jun 25 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: Failed password for invalid user vncuser from 45.153.34.235 port 52396 ssh2
Jun 25 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: Connection closed by 45.153.34.235 port 52396 [preauth]
Jun 25 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: Failed password for root from 45.153.34.235 port 52406 ssh2
Jun 25 06:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: Connection closed by 45.153.34.235 port 52406 [preauth]
Jun 25 06:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Invalid user pi from 45.153.34.235
Jun 25 06:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: input_userauth_request: invalid user pi [preauth]
Jun 25 06:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Failed password for invalid user pi from 45.153.34.235 port 52422 ssh2
Jun 25 06:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Connection closed by 45.153.34.235 port 52422 [preauth]
Jun 25 06:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221  user=root
Jun 25 06:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12592]: Failed password for root from 45.153.34.235 port 49914 ssh2
Jun 25 06:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12592]: Connection closed by 45.153.34.235 port 49914 [preauth]
Jun 25 06:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: Failed password for root from 143.110.247.221 port 40080 ssh2
Jun 25 06:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: Received disconnect from 143.110.247.221 port 40080:11: Bye Bye [preauth]
Jun 25 06:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: Disconnected from 143.110.247.221 port 40080 [preauth]
Jun 25 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Failed password for root from 45.153.34.235 port 49920 ssh2
Jun 25 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Connection closed by 45.153.34.235 port 49920 [preauth]
Jun 25 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: Failed password for root from 45.153.34.235 port 49934 ssh2
Jun 25 06:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: Connection closed by 45.153.34.235 port 49934 [preauth]
Jun 25 06:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: Invalid user debian from 45.153.34.235
Jun 25 06:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: input_userauth_request: invalid user debian [preauth]
Jun 25 06:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: Failed password for invalid user debian from 45.153.34.235 port 42384 ssh2
Jun 25 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: Connection closed by 45.153.34.235 port 42384 [preauth]
Jun 25 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12690]: Successful su for rubyman by root
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12690]: + ??? root:rubyman
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588653 of user rubyman.
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12690]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588653.
Jun 25 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: Failed password for root from 45.153.34.235 port 42388 ssh2
Jun 25 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: Connection closed by 45.153.34.235 port 42388 [preauth]
Jun 25 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Failed password for root from 103.27.238.114 port 53714 ssh2
Jun 25 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Connection closed by 103.27.238.114 port 53714 [preauth]
Jun 25 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9448]: pam_unix(cron:session): session closed for user root
Jun 25 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Invalid user admin from 45.153.34.235
Jun 25 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Failed password for invalid user admin from 45.153.34.235 port 42404 ssh2
Jun 25 06:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Connection closed by 45.153.34.235 port 42404 [preauth]
Jun 25 06:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Invalid user git from 45.153.34.235
Jun 25 06:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: input_userauth_request: invalid user git [preauth]
Jun 25 06:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Failed password for invalid user git from 45.153.34.235 port 42324 ssh2
Jun 25 06:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Connection closed by 45.153.34.235 port 42324 [preauth]
Jun 25 06:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Invalid user gabriel from 45.153.34.235
Jun 25 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Failed password for invalid user gabriel from 45.153.34.235 port 42346 ssh2
Jun 25 06:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Connection closed by 45.153.34.235 port 42346 [preauth]
Jun 25 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12926]: Invalid user admin from 45.153.34.235
Jun 25 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12926]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12926]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12926]: Failed password for invalid user admin from 45.153.34.235 port 42362 ssh2
Jun 25 06:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12926]: Connection closed by 45.153.34.235 port 42362 [preauth]
Jun 25 06:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Invalid user dev from 45.153.34.235
Jun 25 06:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: input_userauth_request: invalid user dev [preauth]
Jun 25 06:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Failed password for invalid user dev from 45.153.34.235 port 37924 ssh2
Jun 25 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Connection closed by 45.153.34.235 port 37924 [preauth]
Jun 25 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Invalid user test2 from 217.76.154.242
Jun 25 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: input_userauth_request: invalid user test2 [preauth]
Jun 25 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.76.154.242
Jun 25 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: Invalid user postgres from 45.153.34.235
Jun 25 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: input_userauth_request: invalid user postgres [preauth]
Jun 25 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Failed password for invalid user test2 from 217.76.154.242 port 36890 ssh2
Jun 25 06:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12938]: Connection closed by 217.76.154.242 port 36890 [preauth]
Jun 25 06:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: Failed password for invalid user postgres from 45.153.34.235 port 37936 ssh2
Jun 25 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: Connection closed by 45.153.34.235 port 37936 [preauth]
Jun 25 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: Invalid user admin1 from 45.153.34.235
Jun 25 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 06:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: Failed password for invalid user admin1 from 45.153.34.235 port 37938 ssh2
Jun 25 06:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12953]: Connection closed by 45.153.34.235 port 37938 [preauth]
Jun 25 06:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12966]: Failed password for root from 45.153.34.235 port 50208 ssh2
Jun 25 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12966]: Connection closed by 45.153.34.235 port 50208 [preauth]
Jun 25 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session closed for user root
Jun 25 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: Failed password for invalid user ubuntu from 45.153.34.235 port 50220 ssh2
Jun 25 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: Connection closed by 45.153.34.235 port 50220 [preauth]
Jun 25 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Invalid user systemd from 45.153.34.235
Jun 25 06:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: input_userauth_request: invalid user systemd [preauth]
Jun 25 06:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: Invalid user nishi from 79.110.201.164
Jun 25 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: input_userauth_request: invalid user nishi [preauth]
Jun 25 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Failed password for invalid user systemd from 45.153.34.235 port 50228 ssh2
Jun 25 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Connection closed by 45.153.34.235 port 50228 [preauth]
Jun 25 06:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: Invalid user alex from 45.153.34.235
Jun 25 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: input_userauth_request: invalid user alex [preauth]
Jun 25 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: Failed password for invalid user nishi from 79.110.201.164 port 57156 ssh2
Jun 25 06:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: Received disconnect from 79.110.201.164 port 57156:11: Bye Bye [preauth]
Jun 25 06:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: Disconnected from 79.110.201.164 port 57156 [preauth]
Jun 25 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: Failed password for invalid user alex from 45.153.34.235 port 53370 ssh2
Jun 25 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: Connection closed by 45.153.34.235 port 53370 [preauth]
Jun 25 06:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: Invalid user tactical from 45.153.34.235
Jun 25 06:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: input_userauth_request: invalid user tactical [preauth]
Jun 25 06:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: Failed password for invalid user tactical from 45.153.34.235 port 53374 ssh2
Jun 25 06:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: Connection closed by 45.153.34.235 port 53374 [preauth]
Jun 25 06:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13038]: Invalid user ubuntu from 45.153.34.235
Jun 25 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13038]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13038]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13038]: Failed password for invalid user ubuntu from 45.153.34.235 port 53388 ssh2
Jun 25 06:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13038]: Connection closed by 45.153.34.235 port 53388 [preauth]
Jun 25 06:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Invalid user username from 45.153.34.235
Jun 25 06:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: input_userauth_request: invalid user username [preauth]
Jun 25 06:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Invalid user yoyo from 45.165.14.197
Jun 25 06:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: input_userauth_request: invalid user yoyo [preauth]
Jun 25 06:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Failed password for invalid user username from 45.153.34.235 port 51998 ssh2
Jun 25 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Connection closed by 45.153.34.235 port 51998 [preauth]
Jun 25 06:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Failed password for invalid user yoyo from 45.165.14.197 port 11421 ssh2
Jun 25 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Received disconnect from 45.165.14.197 port 11421:11: Bye Bye [preauth]
Jun 25 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Disconnected from 45.165.14.197 port 11421 [preauth]
Jun 25 06:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: Failed password for root from 45.153.34.235 port 52004 ssh2
Jun 25 06:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: Connection closed by 45.153.34.235 port 52004 [preauth]
Jun 25 06:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Invalid user student from 45.153.34.235
Jun 25 06:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: input_userauth_request: invalid user student [preauth]
Jun 25 06:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Failed password for invalid user student from 45.153.34.235 port 52018 ssh2
Jun 25 06:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Connection closed by 45.153.34.235 port 52018 [preauth]
Jun 25 06:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: Invalid user gateway from 45.153.34.235
Jun 25 06:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: input_userauth_request: invalid user gateway [preauth]
Jun 25 06:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: Failed password for invalid user gateway from 45.153.34.235 port 54922 ssh2
Jun 25 06:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: Connection closed by 45.153.34.235 port 54922 [preauth]
Jun 25 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13091]: pam_unix(cron:session): session closed for user root
Jun 25 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13086]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13172]: Successful su for rubyman by root
Jun 25 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13172]: + ??? root:rubyman
Jun 25 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588662 of user rubyman.
Jun 25 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13172]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588662.
Jun 25 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: Invalid user alex from 45.153.34.235
Jun 25 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: input_userauth_request: invalid user alex [preauth]
Jun 25 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13088]: pam_unix(cron:session): session closed for user root
Jun 25 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: Failed password for invalid user alex from 45.153.34.235 port 54924 ssh2
Jun 25 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: Connection closed by 45.153.34.235 port 54924 [preauth]
Jun 25 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10064]: pam_unix(cron:session): session closed for user root
Jun 25 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: Invalid user test from 45.153.34.235
Jun 25 06:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: input_userauth_request: invalid user test [preauth]
Jun 25 06:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13087]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: Failed password for invalid user test from 45.153.34.235 port 54940 ssh2
Jun 25 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: Connection closed by 45.153.34.235 port 54940 [preauth]
Jun 25 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: Failed password for root from 45.153.34.235 port 54220 ssh2
Jun 25 06:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: Connection closed by 45.153.34.235 port 54220 [preauth]
Jun 25 06:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Invalid user tomcat from 45.153.34.235
Jun 25 06:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: input_userauth_request: invalid user tomcat [preauth]
Jun 25 06:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 06:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: Failed password for root from 103.77.175.15 port 52014 ssh2
Jun 25 06:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Failed password for invalid user tomcat from 45.153.34.235 port 54230 ssh2
Jun 25 06:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: Connection closed by 103.77.175.15 port 52014 [preauth]
Jun 25 06:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Connection closed by 45.153.34.235 port 54230 [preauth]
Jun 25 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: Invalid user postgres from 45.153.34.235
Jun 25 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: input_userauth_request: invalid user postgres [preauth]
Jun 25 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: Failed password for invalid user postgres from 45.153.34.235 port 54232 ssh2
Jun 25 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: Connection closed by 45.153.34.235 port 54232 [preauth]
Jun 25 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: Invalid user ftpuser from 45.153.34.235
Jun 25 06:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 06:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: Failed password for invalid user ftpuser from 45.153.34.235 port 40318 ssh2
Jun 25 06:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: Connection closed by 45.153.34.235 port 40318 [preauth]
Jun 25 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Invalid user mc from 45.153.34.235
Jun 25 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: input_userauth_request: invalid user mc [preauth]
Jun 25 06:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Failed password for invalid user mc from 45.153.34.235 port 40324 ssh2
Jun 25 06:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Connection closed by 45.153.34.235 port 40324 [preauth]
Jun 25 06:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: Failed password for root from 45.153.34.235 port 40330 ssh2
Jun 25 06:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: Connection closed by 45.153.34.235 port 40330 [preauth]
Jun 25 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: User nobody from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: input_userauth_request: invalid user nobody [preauth]
Jun 25 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=nobody
Jun 25 06:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Failed password for invalid user nobody from 45.153.34.235 port 60928 ssh2
Jun 25 06:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Connection closed by 45.153.34.235 port 60928 [preauth]
Jun 25 06:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12069]: pam_unix(cron:session): session closed for user root
Jun 25 06:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13463]: Failed password for root from 45.153.34.235 port 60936 ssh2
Jun 25 06:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13463]: Connection closed by 45.153.34.235 port 60936 [preauth]
Jun 25 06:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: Invalid user prefect from 45.153.34.235
Jun 25 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: input_userauth_request: invalid user prefect [preauth]
Jun 25 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Invalid user foundry from 190.128.201.18
Jun 25 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: input_userauth_request: invalid user foundry [preauth]
Jun 25 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 06:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Invalid user nikita from 186.96.158.180
Jun 25 06:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: input_userauth_request: invalid user nikita [preauth]
Jun 25 06:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: Failed password for invalid user prefect from 45.153.34.235 port 60944 ssh2
Jun 25 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: Connection closed by 45.153.34.235 port 60944 [preauth]
Jun 25 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Failed password for invalid user foundry from 190.128.201.18 port 43354 ssh2
Jun 25 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Received disconnect from 190.128.201.18 port 43354:11: Bye Bye [preauth]
Jun 25 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Disconnected from 190.128.201.18 port 43354 [preauth]
Jun 25 06:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Invalid user work from 45.153.34.235
Jun 25 06:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: input_userauth_request: invalid user work [preauth]
Jun 25 06:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Failed password for invalid user nikita from 186.96.158.180 port 63839 ssh2
Jun 25 06:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Received disconnect from 186.96.158.180 port 63839:11: Bye Bye [preauth]
Jun 25 06:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Disconnected from 186.96.158.180 port 63839 [preauth]
Jun 25 06:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Failed password for invalid user work from 45.153.34.235 port 40430 ssh2
Jun 25 06:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Connection closed by 45.153.34.235 port 40430 [preauth]
Jun 25 06:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Invalid user minecraft from 45.153.34.235
Jun 25 06:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 06:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Failed password for invalid user minecraft from 45.153.34.235 port 40440 ssh2
Jun 25 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Connection closed by 45.153.34.235 port 40440 [preauth]
Jun 25 06:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Failed password for root from 45.153.34.235 port 44888 ssh2
Jun 25 06:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Connection closed by 45.153.34.235 port 44888 [preauth]
Jun 25 06:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: Invalid user deploy from 45.153.34.235
Jun 25 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: Failed password for invalid user deploy from 45.153.34.235 port 44896 ssh2
Jun 25 06:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: Connection closed by 45.153.34.235 port 44896 [preauth]
Jun 25 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: User vncuser from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=vncuser
Jun 25 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Failed password for invalid user vncuser from 45.153.34.235 port 44910 ssh2
Jun 25 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Connection closed by 45.153.34.235 port 44910 [preauth]
Jun 25 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13558]: Invalid user git from 45.153.34.235
Jun 25 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13558]: input_userauth_request: invalid user git [preauth]
Jun 25 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13558]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13558]: Failed password for invalid user git from 45.153.34.235 port 55018 ssh2
Jun 25 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13558]: Connection closed by 45.153.34.235 port 55018 [preauth]
Jun 25 06:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: Invalid user home from 45.153.34.235
Jun 25 06:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: input_userauth_request: invalid user home [preauth]
Jun 25 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13639]: Successful su for rubyman by root
Jun 25 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13639]: + ??? root:rubyman
Jun 25 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588664 of user rubyman.
Jun 25 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13639]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588664.
Jun 25 06:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: Failed password for invalid user home from 45.153.34.235 port 55034 ssh2
Jun 25 06:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: Connection closed by 45.153.34.235 port 55034 [preauth]
Jun 25 06:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: Invalid user deploy from 45.153.34.235
Jun 25 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session closed for user root
Jun 25 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: Failed password for invalid user deploy from 45.153.34.235 port 55050 ssh2
Jun 25 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13573]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13712]: Connection closed by 45.153.34.235 port 55050 [preauth]
Jun 25 06:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=root
Jun 25 06:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13834]: Failed password for root from 45.153.34.235 port 41274 ssh2
Jun 25 06:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13834]: Connection closed by 45.153.34.235 port 41274 [preauth]
Jun 25 06:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: Invalid user user from 45.153.34.235
Jun 25 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: input_userauth_request: invalid user user [preauth]
Jun 25 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: Failed password for root from 79.110.201.164 port 36822 ssh2
Jun 25 06:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: Received disconnect from 79.110.201.164 port 36822:11: Bye Bye [preauth]
Jun 25 06:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: Disconnected from 79.110.201.164 port 36822 [preauth]
Jun 25 06:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: Failed password for invalid user user from 45.153.34.235 port 41282 ssh2
Jun 25 06:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: Connection closed by 45.153.34.235 port 41282 [preauth]
Jun 25 06:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Invalid user user3 from 45.153.34.235
Jun 25 06:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: input_userauth_request: invalid user user3 [preauth]
Jun 25 06:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Failed password for invalid user user3 from 45.153.34.235 port 41290 ssh2
Jun 25 06:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Connection closed by 45.153.34.235 port 41290 [preauth]
Jun 25 06:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: Invalid user administrator from 45.153.34.235
Jun 25 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: input_userauth_request: invalid user administrator [preauth]
Jun 25 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: Failed password for invalid user administrator from 45.153.34.235 port 50024 ssh2
Jun 25 06:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: Connection closed by 45.153.34.235 port 50024 [preauth]
Jun 25 06:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Invalid user srv from 143.110.247.221
Jun 25 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: input_userauth_request: invalid user srv [preauth]
Jun 25 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13883]: Failed password for root from 45.153.34.235 port 50038 ssh2
Jun 25 06:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13883]: Connection closed by 45.153.34.235 port 50038 [preauth]
Jun 25 06:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: Invalid user fa from 45.153.34.235
Jun 25 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: input_userauth_request: invalid user fa [preauth]
Jun 25 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for invalid user srv from 143.110.247.221 port 42348 ssh2
Jun 25 06:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Received disconnect from 143.110.247.221 port 42348:11: Bye Bye [preauth]
Jun 25 06:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Disconnected from 143.110.247.221 port 42348 [preauth]
Jun 25 06:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: Failed password for invalid user fa from 45.153.34.235 port 50046 ssh2
Jun 25 06:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: Connection closed by 45.153.34.235 port 50046 [preauth]
Jun 25 06:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Invalid user deploy from 45.153.34.235
Jun 25 06:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: input_userauth_request: invalid user deploy [preauth]
Jun 25 06:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Failed password for invalid user deploy from 45.153.34.235 port 53244 ssh2
Jun 25 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Connection closed by 45.153.34.235 port 53244 [preauth]
Jun 25 06:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session closed for user root
Jun 25 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Failed password for root from 45.153.34.235 port 53246 ssh2
Jun 25 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Connection closed by 45.153.34.235 port 53246 [preauth]
Jun 25 06:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Invalid user frappe from 45.153.34.235
Jun 25 06:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: input_userauth_request: invalid user frappe [preauth]
Jun 25 06:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Failed password for invalid user frappe from 45.153.34.235 port 53252 ssh2
Jun 25 06:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Connection closed by 45.153.34.235 port 53252 [preauth]
Jun 25 06:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Invalid user developer from 45.153.34.235
Jun 25 06:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: input_userauth_request: invalid user developer [preauth]
Jun 25 06:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Failed password for invalid user developer from 45.153.34.235 port 36586 ssh2
Jun 25 06:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Connection closed by 45.153.34.235 port 36586 [preauth]
Jun 25 06:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: Failed password for root from 45.153.34.235 port 36588 ssh2
Jun 25 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: Connection closed by 45.153.34.235 port 36588 [preauth]
Jun 25 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Invalid user admin from 45.153.34.235
Jun 25 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Failed password for invalid user admin from 45.153.34.235 port 36594 ssh2
Jun 25 06:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Connection closed by 45.153.34.235 port 36594 [preauth]
Jun 25 06:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: Invalid user user from 45.153.34.235
Jun 25 06:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: input_userauth_request: invalid user user [preauth]
Jun 25 06:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: Failed password for invalid user user from 45.153.34.235 port 35396 ssh2
Jun 25 06:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: Connection closed by 45.153.34.235 port 35396 [preauth]
Jun 25 06:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Invalid user vm from 45.153.34.235
Jun 25 06:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: input_userauth_request: invalid user vm [preauth]
Jun 25 06:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user vm from 45.153.34.235 port 35404 ssh2
Jun 25 06:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Connection closed by 45.153.34.235 port 35404 [preauth]
Jun 25 06:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Invalid user kingbase from 45.153.34.235
Jun 25 06:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: input_userauth_request: invalid user kingbase [preauth]
Jun 25 06:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Failed password for invalid user kingbase from 45.153.34.235 port 35420 ssh2
Jun 25 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Connection closed by 45.153.34.235 port 35420 [preauth]
Jun 25 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Invalid user support from 45.153.34.235
Jun 25 06:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: input_userauth_request: invalid user support [preauth]
Jun 25 06:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197  user=root
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14030]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14088]: Successful su for rubyman by root
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14088]: + ??? root:rubyman
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588669 of user rubyman.
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14088]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588669.
Jun 25 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Failed password for invalid user support from 45.153.34.235 port 38588 ssh2
Jun 25 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Connection closed by 45.153.34.235 port 38588 [preauth]
Jun 25 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: Failed password for root from 45.165.14.197 port 51169 ssh2
Jun 25 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: Received disconnect from 45.165.14.197 port 51169:11: Bye Bye [preauth]
Jun 25 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: Disconnected from 45.165.14.197 port 51169 [preauth]
Jun 25 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14149]: Invalid user operator from 45.153.34.235
Jun 25 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14149]: input_userauth_request: invalid user operator [preauth]
Jun 25 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14149]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session closed for user root
Jun 25 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14149]: Failed password for invalid user operator from 45.153.34.235 port 38602 ssh2
Jun 25 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14149]: Connection closed by 45.153.34.235 port 38602 [preauth]
Jun 25 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14031]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Failed password for root from 45.153.34.235 port 38614 ssh2
Jun 25 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Connection closed by 45.153.34.235 port 38614 [preauth]
Jun 25 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: Invalid user oracle from 45.153.34.235
Jun 25 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: input_userauth_request: invalid user oracle [preauth]
Jun 25 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: Failed password for invalid user oracle from 45.153.34.235 port 58532 ssh2
Jun 25 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: Connection closed by 45.153.34.235 port 58532 [preauth]
Jun 25 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14279]: Invalid user server from 45.153.34.235
Jun 25 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14279]: input_userauth_request: invalid user server [preauth]
Jun 25 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14279]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14279]: Failed password for invalid user server from 45.153.34.235 port 58548 ssh2
Jun 25 06:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14279]: Connection closed by 45.153.34.235 port 58548 [preauth]
Jun 25 06:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Failed password for root from 45.153.34.235 port 32848 ssh2
Jun 25 06:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Connection closed by 45.153.34.235 port 32848 [preauth]
Jun 25 06:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: Invalid user test1 from 45.153.34.235
Jun 25 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: input_userauth_request: invalid user test1 [preauth]
Jun 25 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: Failed password for invalid user test1 from 45.153.34.235 port 32858 ssh2
Jun 25 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: Connection closed by 45.153.34.235 port 32858 [preauth]
Jun 25 06:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: User ftp from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: input_userauth_request: invalid user ftp [preauth]
Jun 25 06:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=ftp
Jun 25 06:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: Failed password for invalid user ftp from 45.153.34.235 port 32868 ssh2
Jun 25 06:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: Connection closed by 45.153.34.235 port 32868 [preauth]
Jun 25 06:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14337]: User mysql from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14337]: input_userauth_request: invalid user mysql [preauth]
Jun 25 06:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=mysql
Jun 25 06:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14337]: Failed password for invalid user mysql from 45.153.34.235 port 35066 ssh2
Jun 25 06:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14337]: Connection closed by 45.153.34.235 port 35066 [preauth]
Jun 25 06:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Invalid user packer from 45.153.34.235
Jun 25 06:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: input_userauth_request: invalid user packer [preauth]
Jun 25 06:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Failed password for invalid user packer from 45.153.34.235 port 35082 ssh2
Jun 25 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Connection closed by 45.153.34.235 port 35082 [preauth]
Jun 25 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13090]: pam_unix(cron:session): session closed for user root
Jun 25 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Invalid user nutanix from 45.153.34.235
Jun 25 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: input_userauth_request: invalid user nutanix [preauth]
Jun 25 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Failed password for invalid user nutanix from 45.153.34.235 port 35084 ssh2
Jun 25 06:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Connection closed by 45.153.34.235 port 35084 [preauth]
Jun 25 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Invalid user appuser from 45.153.34.235
Jun 25 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: input_userauth_request: invalid user appuser [preauth]
Jun 25 06:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Failed password for invalid user appuser from 45.153.34.235 port 38664 ssh2
Jun 25 06:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Connection closed by 45.153.34.235 port 38664 [preauth]
Jun 25 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=root
Jun 25 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: Invalid user myuser from 45.153.34.235
Jun 25 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: input_userauth_request: invalid user myuser [preauth]
Jun 25 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Failed password for root from 79.110.201.164 port 58580 ssh2
Jun 25 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Received disconnect from 79.110.201.164 port 58580:11: Bye Bye [preauth]
Jun 25 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Disconnected from 79.110.201.164 port 58580 [preauth]
Jun 25 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: Failed password for invalid user myuser from 45.153.34.235 port 38668 ssh2
Jun 25 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: Connection closed by 45.153.34.235 port 38668 [preauth]
Jun 25 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: Invalid user liyang from 45.153.34.235
Jun 25 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: input_userauth_request: invalid user liyang [preauth]
Jun 25 06:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: Failed password for invalid user liyang from 45.153.34.235 port 38680 ssh2
Jun 25 06:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: Connection closed by 45.153.34.235 port 38680 [preauth]
Jun 25 06:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Failed password for root from 45.153.34.235 port 53312 ssh2
Jun 25 06:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Connection closed by 45.153.34.235 port 53312 [preauth]
Jun 25 06:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Invalid user openclaw from 45.153.34.235
Jun 25 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Failed password for invalid user openclaw from 45.153.34.235 port 53326 ssh2
Jun 25 06:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Connection closed by 45.153.34.235 port 53326 [preauth]
Jun 25 06:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14430]: Failed password for root from 45.153.34.235 port 53334 ssh2
Jun 25 06:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14430]: Connection closed by 45.153.34.235 port 53334 [preauth]
Jun 25 06:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Invalid user user from 45.153.34.235
Jun 25 06:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: input_userauth_request: invalid user user [preauth]
Jun 25 06:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Failed password for invalid user user from 45.153.34.235 port 43082 ssh2
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14447]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Connection closed by 45.153.34.235 port 43082 [preauth]
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14515]: Successful su for rubyman by root
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14515]: + ??? root:rubyman
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588672 of user rubyman.
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14515]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588672.
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Invalid user deployer from 45.153.34.235
Jun 25 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: input_userauth_request: invalid user deployer [preauth]
Jun 25 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18  user=root
Jun 25 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Failed password for invalid user deployer from 45.153.34.235 port 43098 ssh2
Jun 25 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Connection closed by 45.153.34.235 port 43098 [preauth]
Jun 25 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: Failed password for root from 190.128.201.18 port 34884 ssh2
Jun 25 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session closed for user root
Jun 25 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: Received disconnect from 190.128.201.18 port 34884:11: Bye Bye [preauth]
Jun 25 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: Disconnected from 190.128.201.18 port 34884 [preauth]
Jun 25 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Invalid user jenkins from 45.153.34.235
Jun 25 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Failed password for invalid user jenkins from 45.153.34.235 port 43104 ssh2
Jun 25 06:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Connection closed by 45.153.34.235 port 43104 [preauth]
Jun 25 06:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Failed password for root from 45.153.34.235 port 46166 ssh2
Jun 25 06:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Connection closed by 45.153.34.235 port 46166 [preauth]
Jun 25 06:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: User ftp from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 06:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: input_userauth_request: invalid user ftp [preauth]
Jun 25 06:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=ftp
Jun 25 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Failed password for invalid user ftp from 45.153.34.235 port 46170 ssh2
Jun 25 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Connection closed by 45.153.34.235 port 46170 [preauth]
Jun 25 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14817]: Invalid user config from 45.153.34.235
Jun 25 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14817]: input_userauth_request: invalid user config [preauth]
Jun 25 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14817]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14817]: Failed password for invalid user config from 45.153.34.235 port 46186 ssh2
Jun 25 06:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14817]: Connection closed by 45.153.34.235 port 46186 [preauth]
Jun 25 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Invalid user guest from 45.153.34.235
Jun 25 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: input_userauth_request: invalid user guest [preauth]
Jun 25 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Failed password for invalid user guest from 45.153.34.235 port 34528 ssh2
Jun 25 06:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Connection closed by 45.153.34.235 port 34528 [preauth]
Jun 25 06:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: Invalid user zahra from 45.153.34.235
Jun 25 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: input_userauth_request: invalid user zahra [preauth]
Jun 25 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: Failed password for invalid user zahra from 45.153.34.235 port 34542 ssh2
Jun 25 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: Connection closed by 45.153.34.235 port 34542 [preauth]
Jun 25 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: Invalid user devops from 45.153.34.235
Jun 25 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: input_userauth_request: invalid user devops [preauth]
Jun 25 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: Failed password for invalid user devops from 45.153.34.235 port 34552 ssh2
Jun 25 06:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: Connection closed by 45.153.34.235 port 34552 [preauth]
Jun 25 06:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: Invalid user nagios from 45.153.34.235
Jun 25 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: input_userauth_request: invalid user nagios [preauth]
Jun 25 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: Failed password for invalid user nagios from 45.153.34.235 port 55620 ssh2
Jun 25 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: Connection closed by 45.153.34.235 port 55620 [preauth]
Jun 25 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Invalid user rock from 45.153.34.235
Jun 25 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: input_userauth_request: invalid user rock [preauth]
Jun 25 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13579]: pam_unix(cron:session): session closed for user root
Jun 25 06:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Failed password for invalid user rock from 45.153.34.235 port 55624 ssh2
Jun 25 06:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Connection closed by 45.153.34.235 port 55624 [preauth]
Jun 25 06:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Invalid user centreon from 45.153.34.235
Jun 25 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: input_userauth_request: invalid user centreon [preauth]
Jun 25 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Failed password for invalid user centreon from 45.153.34.235 port 46554 ssh2
Jun 25 06:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Connection closed by 45.153.34.235 port 46554 [preauth]
Jun 25 06:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Invalid user stack from 45.153.34.235
Jun 25 06:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: input_userauth_request: invalid user stack [preauth]
Jun 25 06:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Failed password for invalid user stack from 45.153.34.235 port 46570 ssh2
Jun 25 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Connection closed by 45.153.34.235 port 46570 [preauth]
Jun 25 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Invalid user amir from 45.153.34.235
Jun 25 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: input_userauth_request: invalid user amir [preauth]
Jun 25 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Failed password for invalid user amir from 45.153.34.235 port 46582 ssh2
Jun 25 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Connection closed by 45.153.34.235 port 46582 [preauth]
Jun 25 06:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Invalid user webuser from 45.153.34.235
Jun 25 06:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: input_userauth_request: invalid user webuser [preauth]
Jun 25 06:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Failed password for invalid user webuser from 45.153.34.235 port 40058 ssh2
Jun 25 06:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Connection closed by 45.153.34.235 port 40058 [preauth]
Jun 25 06:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Invalid user claude from 45.153.34.235
Jun 25 06:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: input_userauth_request: invalid user claude [preauth]
Jun 25 06:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Invalid user liyang from 143.110.247.221
Jun 25 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: input_userauth_request: invalid user liyang [preauth]
Jun 25 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 06:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Failed password for invalid user claude from 45.153.34.235 port 40062 ssh2
Jun 25 06:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Connection closed by 45.153.34.235 port 40062 [preauth]
Jun 25 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Failed password for invalid user liyang from 143.110.247.221 port 56220 ssh2
Jun 25 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Received disconnect from 143.110.247.221 port 56220:11: Bye Bye [preauth]
Jun 25 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Disconnected from 143.110.247.221 port 56220 [preauth]
Jun 25 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: Failed password for root from 45.153.34.235 port 40070 ssh2
Jun 25 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: Connection closed by 45.153.34.235 port 40070 [preauth]
Jun 25 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: Failed password for root from 45.153.34.235 port 49294 ssh2
Jun 25 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: Connection closed by 45.153.34.235 port 49294 [preauth]
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14989]: pam_unix(cron:session): session closed for user p13x
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: Successful su for rubyman by root
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: + ??? root:rubyman
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588676 of user rubyman.
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: pam_unix(su:session): session closed for user rubyman
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588676.
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: Invalid user martin from 45.153.34.235
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: input_userauth_request: invalid user martin [preauth]
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: Failed password for invalid user martin from 45.153.34.235 port 49310 ssh2
Jun 25 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: Connection closed by 45.153.34.235 port 49310 [preauth]
Jun 25 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session closed for user root
Jun 25 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197  user=root
Jun 25 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session closed for user samftp
Jun 25 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Failed password for root from 45.153.34.235 port 49312 ssh2
Jun 25 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Failed password for root from 45.165.14.197 port 21682 ssh2
Jun 25 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Connection closed by 45.153.34.235 port 49312 [preauth]
Jun 25 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Received disconnect from 45.165.14.197 port 21682:11: Bye Bye [preauth]
Jun 25 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Disconnected from 45.165.14.197 port 21682 [preauth]
Jun 25 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: Invalid user bob from 45.153.34.235
Jun 25 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: input_userauth_request: invalid user bob [preauth]
Jun 25 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: Failed password for invalid user bob from 45.153.34.235 port 33970 ssh2
Jun 25 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: Connection closed by 45.153.34.235 port 33970 [preauth]
Jun 25 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15257]: Invalid user aaron from 79.110.201.164
Jun 25 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15257]: input_userauth_request: invalid user aaron [preauth]
Jun 25 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15257]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Invalid user devops from 45.153.34.235
Jun 25 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: input_userauth_request: invalid user devops [preauth]
Jun 25 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15257]: Failed password for invalid user aaron from 79.110.201.164 port 60008 ssh2
Jun 25 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15257]: Received disconnect from 79.110.201.164 port 60008:11: Bye Bye [preauth]
Jun 25 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15257]: Disconnected from 79.110.201.164 port 60008 [preauth]
Jun 25 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for invalid user devops from 45.153.34.235 port 33978 ssh2
Jun 25 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Connection closed by 45.153.34.235 port 33978 [preauth]
Jun 25 06:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Invalid user frappe from 45.153.34.235
Jun 25 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: input_userauth_request: invalid user frappe [preauth]
Jun 25 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Failed password for invalid user frappe from 45.153.34.235 port 33992 ssh2
Jun 25 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Connection closed by 45.153.34.235 port 33992 [preauth]
Jun 25 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: Invalid user crafty from 45.153.34.235
Jun 25 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: input_userauth_request: invalid user crafty [preauth]
Jun 25 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: Failed password for invalid user crafty from 45.153.34.235 port 40836 ssh2
Jun 25 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: Connection closed by 45.153.34.235 port 40836 [preauth]
Jun 25 06:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Invalid user admin from 45.153.34.235
Jun 25 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: input_userauth_request: invalid user admin [preauth]
Jun 25 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Failed password for invalid user admin from 45.153.34.235 port 40838 ssh2
Jun 25 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Connection closed by 45.153.34.235 port 40838 [preauth]
Jun 25 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: Invalid user kevin from 45.153.34.235
Jun 25 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: input_userauth_request: invalid user kevin [preauth]
Jun 25 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: Failed password for invalid user kevin from 45.153.34.235 port 40844 ssh2
Jun 25 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: Connection closed by 45.153.34.235 port 40844 [preauth]
Jun 25 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: Invalid user ftpuser from 45.153.34.235
Jun 25 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: Failed password for invalid user ftpuser from 45.153.34.235 port 51620 ssh2
Jun 25 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: Connection closed by 45.153.34.235 port 51620 [preauth]
Jun 25 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: Invalid user odoo16 from 45.153.34.235
Jun 25 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: input_userauth_request: invalid user odoo16 [preauth]
Jun 25 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session closed for user root
Jun 25 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: Failed password for invalid user odoo16 from 45.153.34.235 port 51622 ssh2
Jun 25 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: Connection closed by 45.153.34.235 port 51622 [preauth]
Jun 25 06:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Invalid user dmdba from 45.153.34.235
Jun 25 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Failed password for invalid user dmdba from 45.153.34.235 port 51636 ssh2
Jun 25 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Connection closed by 45.153.34.235 port 51636 [preauth]
Jun 25 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: Invalid user amit from 45.153.34.235
Jun 25 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: input_userauth_request: invalid user amit [preauth]
Jun 25 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: Failed password for invalid user amit from 45.153.34.235 port 43580 ssh2
Jun 25 06:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: Connection closed by 45.153.34.235 port 43580 [preauth]
Jun 25 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15370]: Invalid user splunk from 45.153.34.235
Jun 25 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15370]: input_userauth_request: invalid user splunk [preauth]
Jun 25 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15370]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15370]: Failed password for invalid user splunk from 45.153.34.235 port 43604 ssh2
Jun 25 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15370]: Connection closed by 45.153.34.235 port 43604 [preauth]
Jun 25 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Invalid user test3 from 45.153.34.235
Jun 25 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: input_userauth_request: invalid user test3 [preauth]
Jun 25 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Failed password for invalid user test3 from 45.153.34.235 port 43622 ssh2
Jun 25 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Connection closed by 45.153.34.235 port 43622 [preauth]
Jun 25 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Failed password for root from 45.153.34.235 port 33814 ssh2
Jun 25 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Connection closed by 45.153.34.235 port 33814 [preauth]
Jun 25 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: Invalid user student from 45.153.34.235
Jun 25 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: input_userauth_request: invalid user student [preauth]
Jun 25 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: Failed password for invalid user student from 45.153.34.235 port 33822 ssh2
Jun 25 06:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: Connection closed by 45.153.34.235 port 33822 [preauth]
Jun 25 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Invalid user user from 45.153.34.235
Jun 25 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: input_userauth_request: invalid user user [preauth]
Jun 25 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 06:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Failed password for invalid user user from 45.153.34.235 port 33830 ssh2
Jun 25 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Connection closed by 45.153.34.235 port 33830 [preauth]
Jun 25 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15427]: pam_unix(cron:session): session closed for user root
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15423]: pam_unix(cron:session): session closed for user root
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15421]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15509]: Successful su for rubyman by root
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15509]: + ??? root:rubyman
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588684 of user rubyman.
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15509]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588684.
Jun 25 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: Failed password for root from 45.153.34.235 port 54806 ssh2
Jun 25 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: Connection closed by 45.153.34.235 port 54806 [preauth]
Jun 25 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: Invalid user vagrant from 45.153.34.235
Jun 25 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: input_userauth_request: invalid user vagrant [preauth]
Jun 25 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15424]: pam_unix(cron:session): session closed for user root
Jun 25 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session closed for user root
Jun 25 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: Failed password for invalid user vagrant from 45.153.34.235 port 54818 ssh2
Jun 25 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: Connection closed by 45.153.34.235 port 54818 [preauth]
Jun 25 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15422]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: Invalid user node from 45.153.34.235
Jun 25 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: input_userauth_request: invalid user node [preauth]
Jun 25 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: Failed password for invalid user node from 45.153.34.235 port 54832 ssh2
Jun 25 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: Connection closed by 45.153.34.235 port 54832 [preauth]
Jun 25 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: Invalid user ts3 from 45.153.34.235
Jun 25 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: Failed password for invalid user ts3 from 45.153.34.235 port 35844 ssh2
Jun 25 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: Connection closed by 45.153.34.235 port 35844 [preauth]
Jun 25 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Invalid user frappe from 45.153.34.235
Jun 25 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: input_userauth_request: invalid user frappe [preauth]
Jun 25 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Failed password for invalid user frappe from 45.153.34.235 port 35864 ssh2
Jun 25 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Connection closed by 45.153.34.235 port 35864 [preauth]
Jun 25 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Invalid user hu from 45.153.34.235
Jun 25 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: input_userauth_request: invalid user hu [preauth]
Jun 25 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Failed password for invalid user hu from 45.153.34.235 port 55668 ssh2
Jun 25 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Connection closed by 45.153.34.235 port 55668 [preauth]
Jun 25 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Failed password for root from 45.153.34.235 port 55676 ssh2
Jun 25 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Connection closed by 45.153.34.235 port 55676 [preauth]
Jun 25 07:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: Invalid user user1 from 45.153.34.235
Jun 25 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: input_userauth_request: invalid user user1 [preauth]
Jun 25 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: Failed password for invalid user user1 from 45.153.34.235 port 55684 ssh2
Jun 25 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: Connection closed by 45.153.34.235 port 55684 [preauth]
Jun 25 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Invalid user test from 45.153.34.235
Jun 25 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: input_userauth_request: invalid user test [preauth]
Jun 25 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Invalid user srv from 190.128.201.18
Jun 25 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: input_userauth_request: invalid user srv [preauth]
Jun 25 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Failed password for invalid user test from 45.153.34.235 port 54296 ssh2
Jun 25 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Connection closed by 45.153.34.235 port 54296 [preauth]
Jun 25 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Failed password for invalid user srv from 190.128.201.18 port 50820 ssh2
Jun 25 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Invalid user user1 from 45.153.34.235
Jun 25 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: input_userauth_request: invalid user user1 [preauth]
Jun 25 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Received disconnect from 190.128.201.18 port 50820:11: Bye Bye [preauth]
Jun 25 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Disconnected from 190.128.201.18 port 50820 [preauth]
Jun 25 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session closed for user root
Jun 25 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Failed password for invalid user user1 from 45.153.34.235 port 54340 ssh2
Jun 25 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Connection closed by 45.153.34.235 port 54340 [preauth]
Jun 25 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Invalid user frappe from 45.153.34.235
Jun 25 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: input_userauth_request: invalid user frappe [preauth]
Jun 25 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Failed password for invalid user frappe from 45.153.34.235 port 54378 ssh2
Jun 25 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Connection closed by 45.153.34.235 port 54378 [preauth]
Jun 25 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Failed password for root from 45.153.34.235 port 53128 ssh2
Jun 25 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Connection closed by 45.153.34.235 port 53128 [preauth]
Jun 25 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Invalid user debian from 45.153.34.235
Jun 25 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: input_userauth_request: invalid user debian [preauth]
Jun 25 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Failed password for invalid user debian from 45.153.34.235 port 53146 ssh2
Jun 25 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Connection closed by 45.153.34.235 port 53146 [preauth]
Jun 25 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Invalid user admin from 45.153.34.235
Jun 25 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: input_userauth_request: invalid user admin [preauth]
Jun 25 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164  user=root
Jun 25 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Failed password for invalid user admin from 45.153.34.235 port 53168 ssh2
Jun 25 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Connection closed by 45.153.34.235 port 53168 [preauth]
Jun 25 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15907]: Failed password for root from 79.110.201.164 port 55168 ssh2
Jun 25 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15907]: Received disconnect from 79.110.201.164 port 55168:11: Bye Bye [preauth]
Jun 25 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15907]: Disconnected from 79.110.201.164 port 55168 [preauth]
Jun 25 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: User john from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: input_userauth_request: invalid user john [preauth]
Jun 25 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=john
Jun 25 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: Failed password for invalid user john from 45.153.34.235 port 37466 ssh2
Jun 25 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15917]: Connection closed by 45.153.34.235 port 37466 [preauth]
Jun 25 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Invalid user hadoop from 45.153.34.235
Jun 25 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Failed password for invalid user hadoop from 45.153.34.235 port 37478 ssh2
Jun 25 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Connection closed by 45.153.34.235 port 37478 [preauth]
Jun 25 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Invalid user root1 from 45.153.34.235
Jun 25 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: input_userauth_request: invalid user root1 [preauth]
Jun 25 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Failed password for invalid user root1 from 45.153.34.235 port 37480 ssh2
Jun 25 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Connection closed by 45.153.34.235 port 37480 [preauth]
Jun 25 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: Invalid user minecraft from 45.153.34.235
Jun 25 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: Failed password for invalid user minecraft from 45.153.34.235 port 39944 ssh2
Jun 25 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: Connection closed by 45.153.34.235 port 39944 [preauth]
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16009]: Successful su for rubyman by root
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16009]: + ??? root:rubyman
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588686 of user rubyman.
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16009]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588686.
Jun 25 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Invalid user ts3 from 45.153.34.235
Jun 25 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Failed password for invalid user ts3 from 45.153.34.235 port 39960 ssh2
Jun 25 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Connection closed by 45.153.34.235 port 39960 [preauth]
Jun 25 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13089]: pam_unix(cron:session): session closed for user root
Jun 25 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15944]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Failed password for root from 45.153.34.235 port 39970 ssh2
Jun 25 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Connection closed by 45.153.34.235 port 39970 [preauth]
Jun 25 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Invalid user user3 from 45.153.34.235
Jun 25 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: input_userauth_request: invalid user user3 [preauth]
Jun 25 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for invalid user user3 from 45.153.34.235 port 52254 ssh2
Jun 25 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Connection closed by 45.153.34.235 port 52254 [preauth]
Jun 25 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Invalid user ubuntu from 45.153.34.235
Jun 25 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Failed password for invalid user ubuntu from 45.153.34.235 port 52262 ssh2
Jun 25 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Connection closed by 45.153.34.235 port 52262 [preauth]
Jun 25 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Invalid user hrm from 45.165.14.197
Jun 25 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: input_userauth_request: invalid user hrm [preauth]
Jun 25 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: Invalid user gitlab-runner from 45.153.34.235
Jun 25 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 07:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Failed password for invalid user hrm from 45.165.14.197 port 63470 ssh2
Jun 25 07:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Received disconnect from 45.165.14.197 port 63470:11: Bye Bye [preauth]
Jun 25 07:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Disconnected from 45.165.14.197 port 63470 [preauth]
Jun 25 07:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: Failed password for invalid user gitlab-runner from 45.153.34.235 port 52270 ssh2
Jun 25 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: Connection closed by 45.153.34.235 port 52270 [preauth]
Jun 25 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16236]: Invalid user dev from 45.153.34.235
Jun 25 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16236]: input_userauth_request: invalid user dev [preauth]
Jun 25 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16236]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16236]: Failed password for invalid user dev from 45.153.34.235 port 52498 ssh2
Jun 25 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16236]: Connection closed by 45.153.34.235 port 52498 [preauth]
Jun 25 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: Invalid user hrm from 143.110.247.221
Jun 25 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: input_userauth_request: invalid user hrm [preauth]
Jun 25 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for root from 45.153.34.235 port 52526 ssh2
Jun 25 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Connection closed by 45.153.34.235 port 52526 [preauth]
Jun 25 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Invalid user chris from 45.153.34.235
Jun 25 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: input_userauth_request: invalid user chris [preauth]
Jun 25 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: Failed password for invalid user hrm from 143.110.247.221 port 51474 ssh2
Jun 25 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: Received disconnect from 143.110.247.221 port 51474:11: Bye Bye [preauth]
Jun 25 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: Disconnected from 143.110.247.221 port 51474 [preauth]
Jun 25 07:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Failed password for invalid user chris from 45.153.34.235 port 52550 ssh2
Jun 25 07:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Connection closed by 45.153.34.235 port 52550 [preauth]
Jun 25 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Invalid user teamspeak from 45.153.34.235
Jun 25 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Failed password for invalid user teamspeak from 45.153.34.235 port 37882 ssh2
Jun 25 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Connection closed by 45.153.34.235 port 37882 [preauth]
Jun 25 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session closed for user root
Jun 25 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: Failed password for root from 45.153.34.235 port 37890 ssh2
Jun 25 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: Connection closed by 45.153.34.235 port 37890 [preauth]
Jun 25 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: Invalid user fivem from 45.153.34.235
Jun 25 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: input_userauth_request: invalid user fivem [preauth]
Jun 25 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: Failed password for invalid user fivem from 45.153.34.235 port 37894 ssh2
Jun 25 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16309]: Connection closed by 45.153.34.235 port 37894 [preauth]
Jun 25 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: Failed password for root from 45.153.34.235 port 55818 ssh2
Jun 25 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: Connection closed by 45.153.34.235 port 55818 [preauth]
Jun 25 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Invalid user ubuntu from 45.153.34.235
Jun 25 07:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 07:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Failed password for invalid user ubuntu from 45.153.34.235 port 55822 ssh2
Jun 25 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Connection closed by 45.153.34.235 port 55822 [preauth]
Jun 25 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: Failed password for root from 45.153.34.235 port 55830 ssh2
Jun 25 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: Connection closed by 45.153.34.235 port 55830 [preauth]
Jun 25 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: Invalid user system from 45.153.34.235
Jun 25 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: input_userauth_request: invalid user system [preauth]
Jun 25 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: Failed password for invalid user system from 45.153.34.235 port 49740 ssh2
Jun 25 07:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: Connection closed by 45.153.34.235 port 49740 [preauth]
Jun 25 07:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: Failed password for root from 45.153.34.235 port 49768 ssh2
Jun 25 07:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: Connection closed by 45.153.34.235 port 49768 [preauth]
Jun 25 07:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Invalid user claude from 45.153.34.235
Jun 25 07:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: input_userauth_request: invalid user claude [preauth]
Jun 25 07:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Failed password for invalid user claude from 45.153.34.235 port 45878 ssh2
Jun 25 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Connection closed by 45.153.34.235 port 45878 [preauth]
Jun 25 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Invalid user deployer from 45.153.34.235
Jun 25 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: input_userauth_request: invalid user deployer [preauth]
Jun 25 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16380]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: Successful su for rubyman by root
Jun 25 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: + ??? root:rubyman
Jun 25 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588692 of user rubyman.
Jun 25 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588692.
Jun 25 07:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Failed password for invalid user deployer from 45.153.34.235 port 45884 ssh2
Jun 25 07:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Connection closed by 45.153.34.235 port 45884 [preauth]
Jun 25 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: Invalid user cloud from 45.153.34.235
Jun 25 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: input_userauth_request: invalid user cloud [preauth]
Jun 25 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13574]: pam_unix(cron:session): session closed for user root
Jun 25 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: Failed password for invalid user cloud from 45.153.34.235 port 45890 ssh2
Jun 25 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16533]: Connection closed by 45.153.34.235 port 45890 [preauth]
Jun 25 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16381]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: Invalid user data from 45.153.34.235
Jun 25 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: input_userauth_request: invalid user data [preauth]
Jun 25 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: Failed password for invalid user data from 45.153.34.235 port 39496 ssh2
Jun 25 07:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: Connection closed by 45.153.34.235 port 39496 [preauth]
Jun 25 07:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16631]: Invalid user server from 45.153.34.235
Jun 25 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16631]: input_userauth_request: invalid user server [preauth]
Jun 25 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16631]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16631]: Failed password for invalid user server from 45.153.34.235 port 39508 ssh2
Jun 25 07:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16631]: Connection closed by 45.153.34.235 port 39508 [preauth]
Jun 25 07:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: Invalid user uploader from 45.153.34.235
Jun 25 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: input_userauth_request: invalid user uploader [preauth]
Jun 25 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: Failed password for invalid user uploader from 45.153.34.235 port 39520 ssh2
Jun 25 07:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: Connection closed by 45.153.34.235 port 39520 [preauth]
Jun 25 07:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Invalid user www from 45.153.34.235
Jun 25 07:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: input_userauth_request: invalid user www [preauth]
Jun 25 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Failed password for invalid user www from 45.153.34.235 port 47626 ssh2
Jun 25 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Connection closed by 45.153.34.235 port 47626 [preauth]
Jun 25 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: Invalid user bot from 45.153.34.235
Jun 25 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: input_userauth_request: invalid user bot [preauth]
Jun 25 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Invalid user pydio from 79.110.201.164
Jun 25 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: input_userauth_request: invalid user pydio [preauth]
Jun 25 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 07:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: Failed password for invalid user bot from 45.153.34.235 port 47640 ssh2
Jun 25 07:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: Connection closed by 45.153.34.235 port 47640 [preauth]
Jun 25 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Failed password for invalid user pydio from 79.110.201.164 port 42884 ssh2
Jun 25 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Received disconnect from 79.110.201.164 port 42884:11: Bye Bye [preauth]
Jun 25 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Disconnected from 79.110.201.164 port 42884 [preauth]
Jun 25 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: Invalid user openclaw from 45.153.34.235
Jun 25 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 07:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: Failed password for invalid user openclaw from 45.153.34.235 port 47650 ssh2
Jun 25 07:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: Connection closed by 45.153.34.235 port 47650 [preauth]
Jun 25 07:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: Invalid user pi from 45.153.34.235
Jun 25 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: input_userauth_request: invalid user pi [preauth]
Jun 25 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: Failed password for invalid user pi from 45.153.34.235 port 46132 ssh2
Jun 25 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: Connection closed by 45.153.34.235 port 46132 [preauth]
Jun 25 07:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Invalid user kingbase from 45.153.34.235
Jun 25 07:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: input_userauth_request: invalid user kingbase [preauth]
Jun 25 07:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15426]: pam_unix(cron:session): session closed for user root
Jun 25 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Failed password for invalid user kingbase from 45.153.34.235 port 46144 ssh2
Jun 25 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Connection closed by 45.153.34.235 port 46144 [preauth]
Jun 25 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Invalid user sdadmin from 45.153.34.235
Jun 25 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: input_userauth_request: invalid user sdadmin [preauth]
Jun 25 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Failed password for invalid user sdadmin from 45.153.34.235 port 46148 ssh2
Jun 25 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Connection closed by 45.153.34.235 port 46148 [preauth]
Jun 25 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16747]: Invalid user newuser from 45.153.34.235
Jun 25 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16747]: input_userauth_request: invalid user newuser [preauth]
Jun 25 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16747]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16747]: Failed password for invalid user newuser from 45.153.34.235 port 60848 ssh2
Jun 25 07:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16747]: Connection closed by 45.153.34.235 port 60848 [preauth]
Jun 25 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: Invalid user a from 45.153.34.235
Jun 25 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: input_userauth_request: invalid user a [preauth]
Jun 25 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: Failed password for invalid user a from 45.153.34.235 port 60862 ssh2
Jun 25 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: Connection closed by 45.153.34.235 port 60862 [preauth]
Jun 25 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Failed password for root from 45.153.34.235 port 60868 ssh2
Jun 25 07:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Connection closed by 45.153.34.235 port 60868 [preauth]
Jun 25 07:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: Failed password for root from 45.153.34.235 port 51586 ssh2
Jun 25 07:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: Connection closed by 45.153.34.235 port 51586 [preauth]
Jun 25 07:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Failed password for root from 45.153.34.235 port 51588 ssh2
Jun 25 07:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Connection closed by 45.153.34.235 port 51588 [preauth]
Jun 25 07:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Invalid user kali from 45.153.34.235
Jun 25 07:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: input_userauth_request: invalid user kali [preauth]
Jun 25 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Invalid user servers from 190.128.201.18
Jun 25 07:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: input_userauth_request: invalid user servers [preauth]
Jun 25 07:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 07:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Failed password for invalid user kali from 45.153.34.235 port 51598 ssh2
Jun 25 07:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Connection closed by 45.153.34.235 port 51598 [preauth]
Jun 25 07:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Failed password for invalid user servers from 190.128.201.18 port 51958 ssh2
Jun 25 07:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Received disconnect from 190.128.201.18 port 51958:11: Bye Bye [preauth]
Jun 25 07:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Disconnected from 190.128.201.18 port 51958 [preauth]
Jun 25 07:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: Invalid user admin123 from 45.153.34.235
Jun 25 07:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: input_userauth_request: invalid user admin123 [preauth]
Jun 25 07:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: Failed password for invalid user admin123 from 45.153.34.235 port 59310 ssh2
Jun 25 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: Connection closed by 45.153.34.235 port 59310 [preauth]
Jun 25 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16822]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16950]: Successful su for rubyman by root
Jun 25 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16950]: + ??? root:rubyman
Jun 25 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588694 of user rubyman.
Jun 25 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16950]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588694.
Jun 25 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: Invalid user postgres from 45.153.34.235
Jun 25 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: input_userauth_request: invalid user postgres [preauth]
Jun 25 07:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 25 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session closed for user root
Jun 25 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: Failed password for invalid user postgres from 45.153.34.235 port 59318 ssh2
Jun 25 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16907]: Connection closed by 45.153.34.235 port 59318 [preauth]
Jun 25 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Failed password for root from 186.96.158.180 port 54771 ssh2
Jun 25 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Received disconnect from 186.96.158.180 port 54771:11: Bye Bye [preauth]
Jun 25 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Disconnected from 186.96.158.180 port 54771 [preauth]
Jun 25 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Invalid user odoo18 from 45.153.34.235
Jun 25 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: input_userauth_request: invalid user odoo18 [preauth]
Jun 25 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16823]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Failed password for invalid user odoo18 from 45.153.34.235 port 59326 ssh2
Jun 25 07:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Connection closed by 45.153.34.235 port 59326 [preauth]
Jun 25 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Failed password for root from 45.153.34.235 port 56786 ssh2
Jun 25 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Connection closed by 45.153.34.235 port 56786 [preauth]
Jun 25 07:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: Invalid user developer from 45.153.34.235
Jun 25 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: input_userauth_request: invalid user developer [preauth]
Jun 25 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: Failed password for invalid user developer from 45.153.34.235 port 56788 ssh2
Jun 25 07:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: Connection closed by 45.153.34.235 port 56788 [preauth]
Jun 25 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17198]: Invalid user wso2 from 45.153.34.235
Jun 25 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17198]: input_userauth_request: invalid user wso2 [preauth]
Jun 25 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17198]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17198]: Failed password for invalid user wso2 from 45.153.34.235 port 56790 ssh2
Jun 25 07:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17198]: Connection closed by 45.153.34.235 port 56790 [preauth]
Jun 25 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17200]: Invalid user ts from 45.153.34.235
Jun 25 07:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17200]: input_userauth_request: invalid user ts [preauth]
Jun 25 07:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17200]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17200]: Failed password for invalid user ts from 45.153.34.235 port 38542 ssh2
Jun 25 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17200]: Connection closed by 45.153.34.235 port 38542 [preauth]
Jun 25 07:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: Invalid user gd from 45.153.34.235
Jun 25 07:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: input_userauth_request: invalid user gd [preauth]
Jun 25 07:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: Failed password for invalid user gd from 45.153.34.235 port 38564 ssh2
Jun 25 07:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: Connection closed by 45.153.34.235 port 38564 [preauth]
Jun 25 07:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17232]: Failed password for root from 45.153.34.235 port 59608 ssh2
Jun 25 07:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17232]: Connection closed by 45.153.34.235 port 59608 [preauth]
Jun 25 07:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17234]: Failed password for root from 45.153.34.235 port 59618 ssh2
Jun 25 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17234]: Connection closed by 45.153.34.235 port 59618 [preauth]
Jun 25 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session closed for user root
Jun 25 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197  user=root
Jun 25 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Invalid user openclaw from 45.153.34.235
Jun 25 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: Failed password for root from 45.165.14.197 port 42008 ssh2
Jun 25 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: Received disconnect from 45.165.14.197 port 42008:11: Bye Bye [preauth]
Jun 25 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17244]: Disconnected from 45.165.14.197 port 42008 [preauth]
Jun 25 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Failed password for invalid user openclaw from 45.153.34.235 port 59630 ssh2
Jun 25 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Connection closed by 45.153.34.235 port 59630 [preauth]
Jun 25 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Invalid user odoo from 45.153.34.235
Jun 25 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: input_userauth_request: invalid user odoo [preauth]
Jun 25 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Failed password for invalid user odoo from 45.153.34.235 port 60406 ssh2
Jun 25 07:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Connection closed by 45.153.34.235 port 60406 [preauth]
Jun 25 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Invalid user debian from 45.153.34.235
Jun 25 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: input_userauth_request: invalid user debian [preauth]
Jun 25 07:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Failed password for invalid user debian from 45.153.34.235 port 60420 ssh2
Jun 25 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Connection closed by 45.153.34.235 port 60420 [preauth]
Jun 25 07:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Invalid user erpnext from 45.153.34.235
Jun 25 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: input_userauth_request: invalid user erpnext [preauth]
Jun 25 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Failed password for invalid user erpnext from 45.153.34.235 port 60422 ssh2
Jun 25 07:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Connection closed by 45.153.34.235 port 60422 [preauth]
Jun 25 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: Invalid user claude from 45.153.34.235
Jun 25 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: input_userauth_request: invalid user claude [preauth]
Jun 25 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: Failed password for invalid user claude from 45.153.34.235 port 40388 ssh2
Jun 25 07:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17322]: Connection closed by 45.153.34.235 port 40388 [preauth]
Jun 25 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: Invalid user pi from 45.153.34.235
Jun 25 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: input_userauth_request: invalid user pi [preauth]
Jun 25 07:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: Failed password for invalid user pi from 45.153.34.235 port 40396 ssh2
Jun 25 07:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: Connection closed by 45.153.34.235 port 40396 [preauth]
Jun 25 07:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Invalid user dev from 45.153.34.235
Jun 25 07:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: input_userauth_request: invalid user dev [preauth]
Jun 25 07:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Failed password for invalid user dev from 45.153.34.235 port 40406 ssh2
Jun 25 07:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Connection closed by 45.153.34.235 port 40406 [preauth]
Jun 25 07:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Invalid user runner from 45.153.34.235
Jun 25 07:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: input_userauth_request: invalid user runner [preauth]
Jun 25 07:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Invalid user anon from 79.110.201.164
Jun 25 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: input_userauth_request: invalid user anon [preauth]
Jun 25 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Failed password for invalid user runner from 45.153.34.235 port 54556 ssh2
Jun 25 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Connection closed by 45.153.34.235 port 54556 [preauth]
Jun 25 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Failed password for invalid user anon from 79.110.201.164 port 50948 ssh2
Jun 25 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Received disconnect from 79.110.201.164 port 50948:11: Bye Bye [preauth]
Jun 25 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Disconnected from 79.110.201.164 port 50948 [preauth]
Jun 25 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Invalid user admin1 from 45.153.34.235
Jun 25 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17358]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17426]: Successful su for rubyman by root
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17426]: + ??? root:rubyman
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588698 of user rubyman.
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17426]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588698.
Jun 25 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Failed password for invalid user admin1 from 45.153.34.235 port 54570 ssh2
Jun 25 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Connection closed by 45.153.34.235 port 54570 [preauth]
Jun 25 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: Invalid user devops from 143.110.247.221
Jun 25 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: input_userauth_request: invalid user devops [preauth]
Jun 25 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17526]: Invalid user ubuntu from 45.153.34.235
Jun 25 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17526]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17526]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14449]: pam_unix(cron:session): session closed for user root
Jun 25 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: Failed password for invalid user devops from 143.110.247.221 port 51602 ssh2
Jun 25 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: Received disconnect from 143.110.247.221 port 51602:11: Bye Bye [preauth]
Jun 25 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: Disconnected from 143.110.247.221 port 51602 [preauth]
Jun 25 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17526]: Failed password for invalid user ubuntu from 45.153.34.235 port 54580 ssh2
Jun 25 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17526]: Connection closed by 45.153.34.235 port 54580 [preauth]
Jun 25 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17359]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: Invalid user teste from 45.153.34.235
Jun 25 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: input_userauth_request: invalid user teste [preauth]
Jun 25 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: Failed password for invalid user teste from 45.153.34.235 port 60192 ssh2
Jun 25 07:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17611]: Connection closed by 45.153.34.235 port 60192 [preauth]
Jun 25 07:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: Invalid user jenkins from 45.153.34.235
Jun 25 07:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 07:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: Failed password for invalid user jenkins from 45.153.34.235 port 60214 ssh2
Jun 25 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: Connection closed by 45.153.34.235 port 60214 [preauth]
Jun 25 07:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Invalid user ftpuser from 45.153.34.235
Jun 25 07:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 07:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Failed password for invalid user ftpuser from 45.153.34.235 port 60220 ssh2
Jun 25 07:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Connection closed by 45.153.34.235 port 60220 [preauth]
Jun 25 07:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: Invalid user chris from 45.153.34.235
Jun 25 07:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: input_userauth_request: invalid user chris [preauth]
Jun 25 07:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: Failed password for invalid user chris from 45.153.34.235 port 45086 ssh2
Jun 25 07:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: Connection closed by 45.153.34.235 port 45086 [preauth]
Jun 25 07:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Invalid user frappe from 45.153.34.235
Jun 25 07:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: input_userauth_request: invalid user frappe [preauth]
Jun 25 07:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Failed password for invalid user frappe from 45.153.34.235 port 45102 ssh2
Jun 25 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Connection closed by 45.153.34.235 port 45102 [preauth]
Jun 25 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: Invalid user odoo14 from 45.153.34.235
Jun 25 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: input_userauth_request: invalid user odoo14 [preauth]
Jun 25 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: Failed password for invalid user odoo14 from 45.153.34.235 port 45110 ssh2
Jun 25 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17736]: Connection closed by 45.153.34.235 port 45110 [preauth]
Jun 25 07:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Invalid user deploy from 45.153.34.235
Jun 25 07:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: input_userauth_request: invalid user deploy [preauth]
Jun 25 07:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Failed password for invalid user deploy from 45.153.34.235 port 45122 ssh2
Jun 25 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Connection closed by 45.153.34.235 port 45122 [preauth]
Jun 25 07:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: Failed password for root from 45.153.34.235 port 39638 ssh2
Jun 25 07:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17773]: Connection closed by 45.153.34.235 port 39638 [preauth]
Jun 25 07:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17784]: Invalid user student from 45.153.34.235
Jun 25 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17784]: input_userauth_request: invalid user student [preauth]
Jun 25 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17784]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session closed for user root
Jun 25 07:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17784]: Failed password for invalid user student from 45.153.34.235 port 39662 ssh2
Jun 25 07:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17784]: Connection closed by 45.153.34.235 port 39662 [preauth]
Jun 25 07:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: Invalid user bob from 45.153.34.235
Jun 25 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: input_userauth_request: invalid user bob [preauth]
Jun 25 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: Failed password for invalid user bob from 45.153.34.235 port 39674 ssh2
Jun 25 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17819]: Connection closed by 45.153.34.235 port 39674 [preauth]
Jun 25 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: Invalid user runner from 45.153.34.235
Jun 25 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: input_userauth_request: invalid user runner [preauth]
Jun 25 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: Failed password for invalid user runner from 45.153.34.235 port 45198 ssh2
Jun 25 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17823]: Connection closed by 45.153.34.235 port 45198 [preauth]
Jun 25 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: Invalid user pi from 45.153.34.235
Jun 25 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: input_userauth_request: invalid user pi [preauth]
Jun 25 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: Failed password for invalid user pi from 45.153.34.235 port 45218 ssh2
Jun 25 07:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: Connection closed by 45.153.34.235 port 45218 [preauth]
Jun 25 07:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: Invalid user deploy from 45.153.34.235
Jun 25 07:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: input_userauth_request: invalid user deploy [preauth]
Jun 25 07:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: Failed password for invalid user deploy from 45.153.34.235 port 45248 ssh2
Jun 25 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: Connection closed by 45.153.34.235 port 45248 [preauth]
Jun 25 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: Invalid user toto from 45.153.34.235
Jun 25 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: input_userauth_request: invalid user toto [preauth]
Jun 25 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: Failed password for invalid user toto from 45.153.34.235 port 55962 ssh2
Jun 25 07:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: Connection closed by 45.153.34.235 port 55962 [preauth]
Jun 25 07:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Invalid user test from 45.153.34.235
Jun 25 07:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: input_userauth_request: invalid user test [preauth]
Jun 25 07:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Failed password for invalid user test from 45.153.34.235 port 55964 ssh2
Jun 25 07:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Connection closed by 45.153.34.235 port 55964 [preauth]
Jun 25 07:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: Invalid user test from 45.153.34.235
Jun 25 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: input_userauth_request: invalid user test [preauth]
Jun 25 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: Failed password for invalid user test from 45.153.34.235 port 55974 ssh2
Jun 25 07:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: Connection closed by 45.153.34.235 port 55974 [preauth]
Jun 25 07:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: Invalid user cloud from 45.153.34.235
Jun 25 07:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: input_userauth_request: invalid user cloud [preauth]
Jun 25 07:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: Failed password for invalid user cloud from 45.153.34.235 port 48382 ssh2
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: Connection closed by 45.153.34.235 port 48382 [preauth]
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session closed for user root
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17907]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: Successful su for rubyman by root
Jun 25 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: + ??? root:rubyman
Jun 25 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588704 of user rubyman.
Jun 25 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588704.
Jun 25 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17910]: pam_unix(cron:session): session closed for user root
Jun 25 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session closed for user root
Jun 25 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17966]: Failed password for root from 45.153.34.235 port 48388 ssh2
Jun 25 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17966]: Connection closed by 45.153.34.235 port 48388 [preauth]
Jun 25 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: Invalid user elastic from 45.153.34.235
Jun 25 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: input_userauth_request: invalid user elastic [preauth]
Jun 25 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17908]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: Failed password for invalid user elastic from 45.153.34.235 port 48394 ssh2
Jun 25 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: Connection closed by 45.153.34.235 port 48394 [preauth]
Jun 25 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: Invalid user username from 45.153.34.235
Jun 25 07:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: input_userauth_request: invalid user username [preauth]
Jun 25 07:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: Failed password for invalid user username from 45.153.34.235 port 33078 ssh2
Jun 25 07:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: Connection closed by 45.153.34.235 port 33078 [preauth]
Jun 25 07:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: Invalid user admin from 45.153.34.235
Jun 25 07:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: input_userauth_request: invalid user admin [preauth]
Jun 25 07:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: Failed password for invalid user admin from 45.153.34.235 port 33082 ssh2
Jun 25 07:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: Connection closed by 45.153.34.235 port 33082 [preauth]
Jun 25 07:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Failed password for root from 45.153.34.235 port 33092 ssh2
Jun 25 07:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Connection closed by 45.153.34.235 port 33092 [preauth]
Jun 25 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Invalid user test1 from 45.153.34.235
Jun 25 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: input_userauth_request: invalid user test1 [preauth]
Jun 25 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Failed password for invalid user test1 from 45.153.34.235 port 57262 ssh2
Jun 25 07:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Connection closed by 45.153.34.235 port 57262 [preauth]
Jun 25 07:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Invalid user worker from 45.153.34.235
Jun 25 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: input_userauth_request: invalid user worker [preauth]
Jun 25 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Failed password for invalid user worker from 45.153.34.235 port 57278 ssh2
Jun 25 07:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Connection closed by 45.153.34.235 port 57278 [preauth]
Jun 25 07:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Invalid user user from 45.153.34.235
Jun 25 07:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: input_userauth_request: invalid user user [preauth]
Jun 25 07:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Failed password for invalid user user from 45.153.34.235 port 57282 ssh2
Jun 25 07:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Connection closed by 45.153.34.235 port 57282 [preauth]
Jun 25 07:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Invalid user dani from 45.153.34.235
Jun 25 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: input_userauth_request: invalid user dani [preauth]
Jun 25 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Failed password for invalid user dani from 45.153.34.235 port 58334 ssh2
Jun 25 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Connection closed by 45.153.34.235 port 58334 [preauth]
Jun 25 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Invalid user roberto from 190.128.201.18
Jun 25 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: input_userauth_request: invalid user roberto [preauth]
Jun 25 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Invalid user gitlab-runner from 45.153.34.235
Jun 25 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Failed password for invalid user roberto from 190.128.201.18 port 51058 ssh2
Jun 25 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16825]: pam_unix(cron:session): session closed for user root
Jun 25 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Received disconnect from 190.128.201.18 port 51058:11: Bye Bye [preauth]
Jun 25 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Disconnected from 190.128.201.18 port 51058 [preauth]
Jun 25 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Failed password for invalid user gitlab-runner from 45.153.34.235 port 58342 ssh2
Jun 25 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Connection closed by 45.153.34.235 port 58342 [preauth]
Jun 25 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18324]: Invalid user david from 45.153.34.235
Jun 25 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18324]: input_userauth_request: invalid user david [preauth]
Jun 25 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Invalid user hassan from 79.110.201.164
Jun 25 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: input_userauth_request: invalid user hassan [preauth]
Jun 25 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.110.201.164
Jun 25 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18324]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Failed password for invalid user hassan from 79.110.201.164 port 47614 ssh2
Jun 25 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18324]: Failed password for invalid user david from 45.153.34.235 port 58348 ssh2
Jun 25 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18324]: Connection closed by 45.153.34.235 port 58348 [preauth]
Jun 25 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Received disconnect from 79.110.201.164 port 47614:11: Bye Bye [preauth]
Jun 25 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Disconnected from 79.110.201.164 port 47614 [preauth]
Jun 25 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Invalid user appuser from 45.153.34.235
Jun 25 07:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: input_userauth_request: invalid user appuser [preauth]
Jun 25 07:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Failed password for invalid user appuser from 45.153.34.235 port 58208 ssh2
Jun 25 07:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Connection closed by 45.153.34.235 port 58208 [preauth]
Jun 25 07:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18343]: Invalid user omm from 45.153.34.235
Jun 25 07:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18343]: input_userauth_request: invalid user omm [preauth]
Jun 25 07:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18343]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Invalid user nikita from 45.165.14.197
Jun 25 07:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: input_userauth_request: invalid user nikita [preauth]
Jun 25 07:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18343]: Failed password for invalid user omm from 45.153.34.235 port 58222 ssh2
Jun 25 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18343]: Connection closed by 45.153.34.235 port 58222 [preauth]
Jun 25 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: Invalid user deploy from 45.153.34.235
Jun 25 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: input_userauth_request: invalid user deploy [preauth]
Jun 25 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Failed password for invalid user nikita from 45.165.14.197 port 17077 ssh2
Jun 25 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Received disconnect from 45.165.14.197 port 17077:11: Bye Bye [preauth]
Jun 25 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Disconnected from 45.165.14.197 port 17077 [preauth]
Jun 25 07:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: Failed password for invalid user deploy from 45.153.34.235 port 58238 ssh2
Jun 25 07:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: Connection closed by 45.153.34.235 port 58238 [preauth]
Jun 25 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18378]: Invalid user test from 45.153.34.235
Jun 25 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18378]: input_userauth_request: invalid user test [preauth]
Jun 25 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18378]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 25 07:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18378]: Failed password for invalid user test from 45.153.34.235 port 34714 ssh2
Jun 25 07:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18378]: Connection closed by 45.153.34.235 port 34714 [preauth]
Jun 25 07:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: Invalid user rdpuser from 45.153.34.235
Jun 25 07:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 07:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: Failed password for root from 45.148.10.121 port 49358 ssh2
Jun 25 07:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: Connection closed by 45.148.10.121 port 49358 [preauth]
Jun 25 07:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: Failed password for invalid user rdpuser from 45.153.34.235 port 34722 ssh2
Jun 25 07:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: Connection closed by 45.153.34.235 port 34722 [preauth]
Jun 25 07:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Invalid user niaoyun from 45.153.34.235
Jun 25 07:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: input_userauth_request: invalid user niaoyun [preauth]
Jun 25 07:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Failed password for invalid user niaoyun from 45.153.34.235 port 34728 ssh2
Jun 25 07:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Connection closed by 45.153.34.235 port 34728 [preauth]
Jun 25 07:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Invalid user git from 45.153.34.235
Jun 25 07:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: input_userauth_request: invalid user git [preauth]
Jun 25 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Failed password for invalid user git from 45.153.34.235 port 55106 ssh2
Jun 25 07:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Connection closed by 45.153.34.235 port 55106 [preauth]
Jun 25 07:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: Invalid user solana from 45.153.34.235
Jun 25 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: input_userauth_request: invalid user solana [preauth]
Jun 25 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18495]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18567]: Successful su for rubyman by root
Jun 25 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18567]: + ??? root:rubyman
Jun 25 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588708 of user rubyman.
Jun 25 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18567]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588708.
Jun 25 07:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: Failed password for invalid user solana from 45.153.34.235 port 55110 ssh2
Jun 25 07:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18490]: Connection closed by 45.153.34.235 port 55110 [preauth]
Jun 25 07:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15425]: pam_unix(cron:session): session closed for user root
Jun 25 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Failed password for root from 45.153.34.235 port 55124 ssh2
Jun 25 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Connection closed by 45.153.34.235 port 55124 [preauth]
Jun 25 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18496]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18761]: Failed password for root from 45.153.34.235 port 48388 ssh2
Jun 25 07:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18761]: Connection closed by 45.153.34.235 port 48388 [preauth]
Jun 25 07:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Failed password for root from 45.153.34.235 port 48402 ssh2
Jun 25 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Connection closed by 45.153.34.235 port 48402 [preauth]
Jun 25 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: Invalid user testuser from 45.153.34.235
Jun 25 07:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: input_userauth_request: invalid user testuser [preauth]
Jun 25 07:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: Failed password for invalid user testuser from 45.153.34.235 port 48416 ssh2
Jun 25 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: Connection closed by 45.153.34.235 port 48416 [preauth]
Jun 25 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: Failed password for root from 45.153.34.235 port 52012 ssh2
Jun 25 07:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: Connection closed by 45.153.34.235 port 52012 [preauth]
Jun 25 07:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: Invalid user jellyfin from 45.153.34.235
Jun 25 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: Failed password for invalid user jellyfin from 45.153.34.235 port 52026 ssh2
Jun 25 07:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18807]: Connection closed by 45.153.34.235 port 52026 [preauth]
Jun 25 07:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18822]: Invalid user reza from 45.153.34.235
Jun 25 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18822]: input_userauth_request: invalid user reza [preauth]
Jun 25 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18822]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18822]: Failed password for invalid user reza from 45.153.34.235 port 52028 ssh2
Jun 25 07:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18822]: Connection closed by 45.153.34.235 port 52028 [preauth]
Jun 25 07:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: Invalid user gpadmin from 45.153.34.235
Jun 25 07:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: input_userauth_request: invalid user gpadmin [preauth]
Jun 25 07:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: Failed password for invalid user gpadmin from 45.153.34.235 port 33542 ssh2
Jun 25 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: Connection closed by 45.153.34.235 port 33542 [preauth]
Jun 25 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: Failed password for root from 103.82.132.16 port 42622 ssh2
Jun 25 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: Connection closed by 103.82.132.16 port 42622 [preauth]
Jun 25 07:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: Invalid user vpn from 45.153.34.235
Jun 25 07:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: input_userauth_request: invalid user vpn [preauth]
Jun 25 07:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17361]: pam_unix(cron:session): session closed for user root
Jun 25 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: Failed password for invalid user vpn from 45.153.34.235 port 33546 ssh2
Jun 25 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: Connection closed by 45.153.34.235 port 33546 [preauth]
Jun 25 07:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Failed password for root from 45.153.34.235 port 33556 ssh2
Jun 25 07:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Connection closed by 45.153.34.235 port 33556 [preauth]
Jun 25 07:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Failed password for root from 45.153.34.235 port 43890 ssh2
Jun 25 07:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Connection closed by 45.153.34.235 port 43890 [preauth]
Jun 25 07:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Invalid user postgres from 45.153.34.235
Jun 25 07:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: input_userauth_request: invalid user postgres [preauth]
Jun 25 07:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Failed password for invalid user postgres from 45.153.34.235 port 43908 ssh2
Jun 25 07:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Connection closed by 45.153.34.235 port 43908 [preauth]
Jun 25 07:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: Invalid user abbas from 143.110.247.221
Jun 25 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: input_userauth_request: invalid user abbas [preauth]
Jun 25 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: Invalid user media from 45.153.34.235
Jun 25 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: input_userauth_request: invalid user media [preauth]
Jun 25 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: Failed password for invalid user abbas from 143.110.247.221 port 39718 ssh2
Jun 25 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: Received disconnect from 143.110.247.221 port 39718:11: Bye Bye [preauth]
Jun 25 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18914]: Disconnected from 143.110.247.221 port 39718 [preauth]
Jun 25 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: Failed password for invalid user media from 45.153.34.235 port 43926 ssh2
Jun 25 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: Connection closed by 45.153.34.235 port 43926 [preauth]
Jun 25 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Invalid user user1 from 45.153.34.235
Jun 25 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: input_userauth_request: invalid user user1 [preauth]
Jun 25 07:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Failed password for invalid user user1 from 45.153.34.235 port 49634 ssh2
Jun 25 07:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Connection closed by 45.153.34.235 port 49634 [preauth]
Jun 25 07:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: Invalid user user4 from 45.153.34.235
Jun 25 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: input_userauth_request: invalid user user4 [preauth]
Jun 25 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: Failed password for invalid user user4 from 45.153.34.235 port 49642 ssh2
Jun 25 07:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18942]: Connection closed by 45.153.34.235 port 49642 [preauth]
Jun 25 07:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Invalid user sam from 45.153.34.235
Jun 25 07:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: input_userauth_request: invalid user sam [preauth]
Jun 25 07:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Failed password for invalid user sam from 45.153.34.235 port 49664 ssh2
Jun 25 07:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Connection closed by 45.153.34.235 port 49664 [preauth]
Jun 25 07:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Invalid user test from 45.153.34.235
Jun 25 07:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: input_userauth_request: invalid user test [preauth]
Jun 25 07:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Failed password for invalid user test from 45.153.34.235 port 43056 ssh2
Jun 25 07:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Connection closed by 45.153.34.235 port 43056 [preauth]
Jun 25 07:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: Invalid user testuser from 45.153.34.235
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: input_userauth_request: invalid user testuser [preauth]
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18967]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19028]: Successful su for rubyman by root
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19028]: + ??? root:rubyman
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588712 of user rubyman.
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19028]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588712.
Jun 25 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: Failed password for invalid user testuser from 45.153.34.235 port 43060 ssh2
Jun 25 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18964]: Connection closed by 45.153.34.235 port 43060 [preauth]
Jun 25 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15945]: pam_unix(cron:session): session closed for user root
Jun 25 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Invalid user testuser from 45.153.34.235
Jun 25 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: input_userauth_request: invalid user testuser [preauth]
Jun 25 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18968]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Failed password for invalid user testuser from 45.153.34.235 port 43074 ssh2
Jun 25 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Connection closed by 45.153.34.235 port 43074 [preauth]
Jun 25 07:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Invalid user claude from 45.153.34.235
Jun 25 07:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: input_userauth_request: invalid user claude [preauth]
Jun 25 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Failed password for invalid user claude from 45.153.34.235 port 53804 ssh2
Jun 25 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Connection closed by 45.153.34.235 port 53804 [preauth]
Jun 25 07:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: Invalid user sam from 45.153.34.235
Jun 25 07:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: input_userauth_request: invalid user sam [preauth]
Jun 25 07:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: Failed password for invalid user sam from 45.153.34.235 port 53806 ssh2
Jun 25 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: Connection closed by 45.153.34.235 port 53806 [preauth]
Jun 25 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Invalid user guest from 45.153.34.235
Jun 25 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: input_userauth_request: invalid user guest [preauth]
Jun 25 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Failed password for invalid user guest from 45.153.34.235 port 53810 ssh2
Jun 25 07:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Connection closed by 45.153.34.235 port 53810 [preauth]
Jun 25 07:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19344]: Failed password for root from 45.153.34.235 port 34760 ssh2
Jun 25 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19344]: Connection closed by 45.153.34.235 port 34760 [preauth]
Jun 25 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19355]: Invalid user dev from 45.153.34.235
Jun 25 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19355]: input_userauth_request: invalid user dev [preauth]
Jun 25 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19355]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19355]: Failed password for invalid user dev from 45.153.34.235 port 34772 ssh2
Jun 25 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19355]: Connection closed by 45.153.34.235 port 34772 [preauth]
Jun 25 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: Invalid user guest from 45.153.34.235
Jun 25 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: input_userauth_request: invalid user guest [preauth]
Jun 25 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: Failed password for invalid user guest from 45.153.34.235 port 34788 ssh2
Jun 25 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: Connection closed by 45.153.34.235 port 34788 [preauth]
Jun 25 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: Invalid user milad from 45.153.34.235
Jun 25 07:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: input_userauth_request: invalid user milad [preauth]
Jun 25 07:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: Failed password for invalid user milad from 45.153.34.235 port 58174 ssh2
Jun 25 07:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: Connection closed by 45.153.34.235 port 58174 [preauth]
Jun 25 07:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Invalid user username from 45.153.34.235
Jun 25 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: input_userauth_request: invalid user username [preauth]
Jun 25 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Failed password for invalid user username from 45.153.34.235 port 58180 ssh2
Jun 25 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Connection closed by 45.153.34.235 port 58180 [preauth]
Jun 25 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: Invalid user admin from 141.98.83.240
Jun 25 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: input_userauth_request: invalid user admin [preauth]
Jun 25 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session closed for user root
Jun 25 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: Invalid user x from 45.153.34.235
Jun 25 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: input_userauth_request: invalid user x [preauth]
Jun 25 07:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: Failed password for invalid user admin from 141.98.83.240 port 35840 ssh2
Jun 25 07:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: Failed password for invalid user x from 45.153.34.235 port 58188 ssh2
Jun 25 07:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19412]: Connection closed by 45.153.34.235 port 58188 [preauth]
Jun 25 07:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: User mysql from 45.153.34.235 not allowed because not listed in AllowUsers
Jun 25 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: input_userauth_request: invalid user mysql [preauth]
Jun 25 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=mysql
Jun 25 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: Failed password for invalid user admin from 141.98.83.240 port 35840 ssh2
Jun 25 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: Failed password for invalid user mysql from 45.153.34.235 port 52484 ssh2
Jun 25 07:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: Connection closed by 45.153.34.235 port 52484 [preauth]
Jun 25 07:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: Failed password for invalid user admin from 141.98.83.240 port 35840 ssh2
Jun 25 07:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: Connection closed by 141.98.83.240 port 35840 [preauth]
Jun 25 07:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 07:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Invalid user openclaw from 45.153.34.235
Jun 25 07:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 07:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Failed password for invalid user openclaw from 45.153.34.235 port 52510 ssh2
Jun 25 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Connection closed by 45.153.34.235 port 52510 [preauth]
Jun 25 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: Invalid user master from 45.153.34.235
Jun 25 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: input_userauth_request: invalid user master [preauth]
Jun 25 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: Failed password for invalid user master from 45.153.34.235 port 52534 ssh2
Jun 25 07:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19453]: Connection closed by 45.153.34.235 port 52534 [preauth]
Jun 25 07:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Invalid user ghost from 45.153.34.235
Jun 25 07:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: input_userauth_request: invalid user ghost [preauth]
Jun 25 07:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Failed password for invalid user ghost from 45.153.34.235 port 53190 ssh2
Jun 25 07:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Connection closed by 45.153.34.235 port 53190 [preauth]
Jun 25 07:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: Invalid user master from 45.153.34.235
Jun 25 07:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: input_userauth_request: invalid user master [preauth]
Jun 25 07:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: Failed password for invalid user master from 45.153.34.235 port 53192 ssh2
Jun 25 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: Connection closed by 45.153.34.235 port 53192 [preauth]
Jun 25 07:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: Invalid user master from 45.153.34.235
Jun 25 07:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: input_userauth_request: invalid user master [preauth]
Jun 25 07:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: Failed password for invalid user master from 45.153.34.235 port 53206 ssh2
Jun 25 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: Connection closed by 45.153.34.235 port 53206 [preauth]
Jun 25 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19599]: Invalid user node from 45.153.34.235
Jun 25 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19599]: input_userauth_request: invalid user node [preauth]
Jun 25 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19599]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197  user=root
Jun 25 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19599]: Failed password for invalid user node from 45.153.34.235 port 48270 ssh2
Jun 25 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19599]: Connection closed by 45.153.34.235 port 48270 [preauth]
Jun 25 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Failed password for root from 45.165.14.197 port 57387 ssh2
Jun 25 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Received disconnect from 45.165.14.197 port 57387:11: Bye Bye [preauth]
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Disconnected from 45.165.14.197 port 57387 [preauth]
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: Invalid user trader from 45.153.34.235
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: input_userauth_request: invalid user trader [preauth]
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19705]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19770]: Successful su for rubyman by root
Jun 25 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19770]: + ??? root:rubyman
Jun 25 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588716 of user rubyman.
Jun 25 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19770]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588716.
Jun 25 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: Failed password for invalid user trader from 45.153.34.235 port 48272 ssh2
Jun 25 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: Connection closed by 45.153.34.235 port 48272 [preauth]
Jun 25 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16382]: pam_unix(cron:session): session closed for user root
Jun 25 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Invalid user gg from 45.153.34.235
Jun 25 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: input_userauth_request: invalid user gg [preauth]
Jun 25 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19706]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Failed password for invalid user gg from 45.153.34.235 port 48284 ssh2
Jun 25 07:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Connection closed by 45.153.34.235 port 48284 [preauth]
Jun 25 07:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Failed password for root from 45.153.34.235 port 44122 ssh2
Jun 25 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19971]: Connection closed by 45.153.34.235 port 44122 [preauth]
Jun 25 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: Invalid user newuser from 45.153.34.235
Jun 25 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: input_userauth_request: invalid user newuser [preauth]
Jun 25 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: Failed password for invalid user newuser from 45.153.34.235 port 44132 ssh2
Jun 25 07:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: Connection closed by 45.153.34.235 port 44132 [preauth]
Jun 25 07:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: Invalid user kp from 190.128.201.18
Jun 25 07:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: input_userauth_request: invalid user kp [preauth]
Jun 25 07:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: Failed password for invalid user kp from 190.128.201.18 port 38266 ssh2
Jun 25 07:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: Received disconnect from 190.128.201.18 port 38266:11: Bye Bye [preauth]
Jun 25 07:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: Disconnected from 190.128.201.18 port 38266 [preauth]
Jun 25 07:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Failed password for root from 45.153.34.235 port 44144 ssh2
Jun 25 07:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Connection closed by 45.153.34.235 port 44144 [preauth]
Jun 25 07:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Invalid user postgres from 45.153.34.235
Jun 25 07:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: input_userauth_request: invalid user postgres [preauth]
Jun 25 07:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Failed password for invalid user postgres from 45.153.34.235 port 54106 ssh2
Jun 25 07:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Connection closed by 45.153.34.235 port 54106 [preauth]
Jun 25 07:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Invalid user openvpn from 45.153.34.235
Jun 25 07:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: input_userauth_request: invalid user openvpn [preauth]
Jun 25 07:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Failed password for invalid user openvpn from 45.153.34.235 port 54110 ssh2
Jun 25 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Connection closed by 45.153.34.235 port 54110 [preauth]
Jun 25 07:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: Failed password for root from 45.153.34.235 port 54136 ssh2
Jun 25 07:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: Connection closed by 45.153.34.235 port 54136 [preauth]
Jun 25 07:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20045]: Invalid user ubuntu from 45.153.34.235
Jun 25 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20045]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20045]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20045]: Failed password for invalid user ubuntu from 45.153.34.235 port 47104 ssh2
Jun 25 07:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20045]: Connection closed by 45.153.34.235 port 47104 [preauth]
Jun 25 07:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18499]: pam_unix(cron:session): session closed for user root
Jun 25 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20047]: Failed password for root from 45.153.34.235 port 47114 ssh2
Jun 25 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20047]: Connection closed by 45.153.34.235 port 47114 [preauth]
Jun 25 07:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: Failed password for root from 45.153.34.235 port 47128 ssh2
Jun 25 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: Connection closed by 45.153.34.235 port 47128 [preauth]
Jun 25 07:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: Failed password for root from 45.153.34.235 port 53768 ssh2
Jun 25 07:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20086]: Connection closed by 45.153.34.235 port 53768 [preauth]
Jun 25 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: Invalid user support from 45.153.34.235
Jun 25 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: input_userauth_request: invalid user support [preauth]
Jun 25 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: Failed password for invalid user support from 45.153.34.235 port 53776 ssh2
Jun 25 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: Connection closed by 45.153.34.235 port 53776 [preauth]
Jun 25 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Invalid user jakob from 45.153.34.235
Jun 25 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: input_userauth_request: invalid user jakob [preauth]
Jun 25 07:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Failed password for invalid user jakob from 45.153.34.235 port 53778 ssh2
Jun 25 07:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Connection closed by 45.153.34.235 port 53778 [preauth]
Jun 25 07:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: Invalid user user1 from 45.153.34.235
Jun 25 07:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: input_userauth_request: invalid user user1 [preauth]
Jun 25 07:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: Failed password for invalid user user1 from 45.153.34.235 port 43052 ssh2
Jun 25 07:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: Connection closed by 45.153.34.235 port 43052 [preauth]
Jun 25 07:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Failed password for root from 45.153.34.235 port 43062 ssh2
Jun 25 07:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Connection closed by 45.153.34.235 port 43062 [preauth]
Jun 25 07:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Invalid user developer from 45.153.34.235
Jun 25 07:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: input_userauth_request: invalid user developer [preauth]
Jun 25 07:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Failed password for invalid user developer from 45.153.34.235 port 43074 ssh2
Jun 25 07:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Connection closed by 45.153.34.235 port 43074 [preauth]
Jun 25 07:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: Invalid user test2 from 45.153.34.235
Jun 25 07:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: input_userauth_request: invalid user test2 [preauth]
Jun 25 07:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20244]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20375]: Successful su for rubyman by root
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20375]: + ??? root:rubyman
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588720 of user rubyman.
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20375]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588720.
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: Failed password for invalid user test2 from 45.153.34.235 port 55776 ssh2
Jun 25 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: Connection closed by 45.153.34.235 port 55776 [preauth]
Jun 25 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20242]: pam_unix(cron:session): session closed for user root
Jun 25 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16824]: pam_unix(cron:session): session closed for user root
Jun 25 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: Failed password for root from 45.153.34.235 port 55784 ssh2
Jun 25 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: Connection closed by 45.153.34.235 port 55784 [preauth]
Jun 25 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Invalid user server from 45.153.34.235
Jun 25 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: input_userauth_request: invalid user server [preauth]
Jun 25 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Failed password for invalid user server from 45.153.34.235 port 55790 ssh2
Jun 25 07:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Connection closed by 45.153.34.235 port 55790 [preauth]
Jun 25 07:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Invalid user deploy from 45.153.34.235
Jun 25 07:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: input_userauth_request: invalid user deploy [preauth]
Jun 25 07:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Failed password for invalid user deploy from 45.153.34.235 port 43902 ssh2
Jun 25 07:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Connection closed by 45.153.34.235 port 43902 [preauth]
Jun 25 07:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20619]: Invalid user customer from 45.153.34.235
Jun 25 07:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20619]: input_userauth_request: invalid user customer [preauth]
Jun 25 07:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20619]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20637]: Invalid user nikita from 143.110.247.221
Jun 25 07:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20637]: input_userauth_request: invalid user nikita [preauth]
Jun 25 07:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20637]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 07:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20619]: Failed password for invalid user customer from 45.153.34.235 port 43914 ssh2
Jun 25 07:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20619]: Connection closed by 45.153.34.235 port 43914 [preauth]
Jun 25 07:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: Invalid user ansible from 45.153.34.235
Jun 25 07:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: input_userauth_request: invalid user ansible [preauth]
Jun 25 07:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20637]: Failed password for invalid user nikita from 143.110.247.221 port 37702 ssh2
Jun 25 07:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: Failed password for invalid user ansible from 45.153.34.235 port 56064 ssh2
Jun 25 07:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: Connection closed by 45.153.34.235 port 56064 [preauth]
Jun 25 07:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20637]: Received disconnect from 143.110.247.221 port 37702:11: Bye Bye [preauth]
Jun 25 07:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20637]: Disconnected from 143.110.247.221 port 37702 [preauth]
Jun 25 07:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: Invalid user deployer from 45.153.34.235
Jun 25 07:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: input_userauth_request: invalid user deployer [preauth]
Jun 25 07:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: Failed password for invalid user deployer from 45.153.34.235 port 56070 ssh2
Jun 25 07:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20662]: Connection closed by 45.153.34.235 port 56070 [preauth]
Jun 25 07:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: Invalid user username from 45.153.34.235
Jun 25 07:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: input_userauth_request: invalid user username [preauth]
Jun 25 07:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: Failed password for invalid user username from 45.153.34.235 port 56088 ssh2
Jun 25 07:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: Connection closed by 45.153.34.235 port 56088 [preauth]
Jun 25 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: Invalid user runner from 45.153.34.235
Jun 25 07:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: input_userauth_request: invalid user runner [preauth]
Jun 25 07:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: Failed password for invalid user runner from 45.153.34.235 port 56800 ssh2
Jun 25 07:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20750]: Connection closed by 45.153.34.235 port 56800 [preauth]
Jun 25 07:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: Invalid user steam from 45.153.34.235
Jun 25 07:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: input_userauth_request: invalid user steam [preauth]
Jun 25 07:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: Failed password for invalid user steam from 45.153.34.235 port 56814 ssh2
Jun 25 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: Connection closed by 45.153.34.235 port 56814 [preauth]
Jun 25 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18970]: pam_unix(cron:session): session closed for user root
Jun 25 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: Invalid user deployer from 45.153.34.235
Jun 25 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: input_userauth_request: invalid user deployer [preauth]
Jun 25 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: Failed password for invalid user deployer from 45.153.34.235 port 56824 ssh2
Jun 25 07:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: Connection closed by 45.153.34.235 port 56824 [preauth]
Jun 25 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: Invalid user crafty from 45.153.34.235
Jun 25 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: input_userauth_request: invalid user crafty [preauth]
Jun 25 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: Failed password for invalid user crafty from 45.153.34.235 port 39238 ssh2
Jun 25 07:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20813]: Connection closed by 45.153.34.235 port 39238 [preauth]
Jun 25 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: Failed password for root from 45.153.34.235 port 39268 ssh2
Jun 25 07:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20815]: Connection closed by 45.153.34.235 port 39268 [preauth]
Jun 25 07:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: Invalid user zimbra from 45.153.34.235
Jun 25 07:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: input_userauth_request: invalid user zimbra [preauth]
Jun 25 07:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: Failed password for invalid user zimbra from 45.153.34.235 port 39292 ssh2
Jun 25 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: Connection closed by 45.153.34.235 port 39292 [preauth]
Jun 25 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Invalid user cloud-user from 45.153.34.235
Jun 25 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: input_userauth_request: invalid user cloud-user [preauth]
Jun 25 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Failed password for invalid user cloud-user from 45.153.34.235 port 50596 ssh2
Jun 25 07:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Connection closed by 45.153.34.235 port 50596 [preauth]
Jun 25 07:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: Failed password for root from 45.153.34.235 port 50612 ssh2
Jun 25 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20853]: Connection closed by 45.153.34.235 port 50612 [preauth]
Jun 25 07:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Failed password for root from 45.153.34.235 port 50640 ssh2
Jun 25 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Connection closed by 45.153.34.235 port 50640 [preauth]
Jun 25 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: Invalid user grok from 45.153.34.235
Jun 25 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: input_userauth_request: invalid user grok [preauth]
Jun 25 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: Failed password for invalid user grok from 45.153.34.235 port 47436 ssh2
Jun 25 07:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: Connection closed by 45.153.34.235 port 47436 [preauth]
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20889]: pam_unix(cron:session): session closed for user root
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20880]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20953]: Successful su for rubyman by root
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20953]: + ??? root:rubyman
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588727 of user rubyman.
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20953]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588727.
Jun 25 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Invalid user dev from 45.153.34.235
Jun 25 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: input_userauth_request: invalid user dev [preauth]
Jun 25 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Failed password for invalid user dev from 45.153.34.235 port 47452 ssh2
Jun 25 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Connection closed by 45.153.34.235 port 47452 [preauth]
Jun 25 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20882]: pam_unix(cron:session): session closed for user root
Jun 25 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17360]: pam_unix(cron:session): session closed for user root
Jun 25 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: Invalid user deploy from 45.153.34.235
Jun 25 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: input_userauth_request: invalid user deploy [preauth]
Jun 25 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20881]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: Failed password for invalid user deploy from 45.153.34.235 port 47468 ssh2
Jun 25 07:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: Connection closed by 45.153.34.235 port 47468 [preauth]
Jun 25 07:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Invalid user testuser from 45.153.34.235
Jun 25 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: input_userauth_request: invalid user testuser [preauth]
Jun 25 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: Invalid user runner from 45.165.14.197
Jun 25 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: input_userauth_request: invalid user runner [preauth]
Jun 25 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: Failed password for invalid user runner from 45.165.14.197 port 34740 ssh2
Jun 25 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Failed password for invalid user testuser from 45.153.34.235 port 48506 ssh2
Jun 25 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: Received disconnect from 45.165.14.197 port 34740:11: Bye Bye [preauth]
Jun 25 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21170]: Disconnected from 45.165.14.197 port 34740 [preauth]
Jun 25 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Connection closed by 45.153.34.235 port 48506 [preauth]
Jun 25 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: Invalid user test from 45.153.34.235
Jun 25 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: input_userauth_request: invalid user test [preauth]
Jun 25 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: Failed password for invalid user test from 45.153.34.235 port 48516 ssh2
Jun 25 07:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21184]: Connection closed by 45.153.34.235 port 48516 [preauth]
Jun 25 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Invalid user system from 45.153.34.235
Jun 25 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: input_userauth_request: invalid user system [preauth]
Jun 25 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Failed password for invalid user system from 45.153.34.235 port 48532 ssh2
Jun 25 07:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Connection closed by 45.153.34.235 port 48532 [preauth]
Jun 25 07:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: Invalid user devops from 186.96.158.180
Jun 25 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: input_userauth_request: invalid user devops [preauth]
Jun 25 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: Failed password for root from 45.153.34.235 port 52010 ssh2
Jun 25 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: Connection closed by 45.153.34.235 port 52010 [preauth]
Jun 25 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: Failed password for invalid user devops from 186.96.158.180 port 30067 ssh2
Jun 25 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: Received disconnect from 186.96.158.180 port 30067:11: Bye Bye [preauth]
Jun 25 07:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: Disconnected from 186.96.158.180 port 30067 [preauth]
Jun 25 07:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Failed password for root from 45.153.34.235 port 52028 ssh2
Jun 25 07:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Connection closed by 45.153.34.235 port 52028 [preauth]
Jun 25 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: Invalid user admin2 from 45.153.34.235
Jun 25 07:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 07:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: Failed password for invalid user admin2 from 45.153.34.235 port 52050 ssh2
Jun 25 07:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21245]: Connection closed by 45.153.34.235 port 52050 [preauth]
Jun 25 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Invalid user admin1 from 45.153.34.235
Jun 25 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Failed password for invalid user admin1 from 45.153.34.235 port 57590 ssh2
Jun 25 07:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Connection closed by 45.153.34.235 port 57590 [preauth]
Jun 25 07:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Invalid user azureuser from 45.153.34.235
Jun 25 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: input_userauth_request: invalid user azureuser [preauth]
Jun 25 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19708]: pam_unix(cron:session): session closed for user root
Jun 25 07:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Failed password for invalid user azureuser from 45.153.34.235 port 57604 ssh2
Jun 25 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Connection closed by 45.153.34.235 port 57604 [preauth]
Jun 25 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: Failed password for root from 45.153.34.235 port 57608 ssh2
Jun 25 07:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21289]: Connection closed by 45.153.34.235 port 57608 [preauth]
Jun 25 07:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21292]: Invalid user openclaw from 45.153.34.235
Jun 25 07:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21292]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 07:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21292]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21292]: Failed password for invalid user openclaw from 45.153.34.235 port 40334 ssh2
Jun 25 07:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21292]: Connection closed by 45.153.34.235 port 40334 [preauth]
Jun 25 07:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Invalid user root1 from 45.153.34.235
Jun 25 07:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: input_userauth_request: invalid user root1 [preauth]
Jun 25 07:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18  user=root
Jun 25 07:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Failed password for invalid user root1 from 45.153.34.235 port 40344 ssh2
Jun 25 07:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21303]: Connection closed by 45.153.34.235 port 40344 [preauth]
Jun 25 07:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: Failed password for root from 190.128.201.18 port 33934 ssh2
Jun 25 07:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235  user=root
Jun 25 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: Received disconnect from 190.128.201.18 port 33934:11: Bye Bye [preauth]
Jun 25 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: Disconnected from 190.128.201.18 port 33934 [preauth]
Jun 25 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Failed password for root from 45.153.34.235 port 57546 ssh2
Jun 25 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Connection closed by 45.153.34.235 port 57546 [preauth]
Jun 25 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Invalid user bot from 45.153.34.235
Jun 25 07:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: input_userauth_request: invalid user bot [preauth]
Jun 25 07:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 25 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Failed password for invalid user bot from 45.153.34.235 port 57556 ssh2
Jun 25 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Connection closed by 45.153.34.235 port 57556 [preauth]
Jun 25 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: Invalid user claude from 45.153.34.235
Jun 25 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: input_userauth_request: invalid user claude [preauth]
Jun 25 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.153.34.235
Jun 25 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Failed password for root from 46.19.67.181 port 55952 ssh2
Jun 25 07:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21340]: Connection closed by 46.19.67.181 port 55952 [preauth]
Jun 25 07:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: Failed password for invalid user claude from 45.153.34.235 port 57560 ssh2
Jun 25 07:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: Connection closed by 45.153.34.235 port 57560 [preauth]
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21365]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21432]: Successful su for rubyman by root
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21432]: + ??? root:rubyman
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588731 of user rubyman.
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21432]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588731.
Jun 25 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session closed for user root
Jun 25 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21366]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 07:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21648]: Failed password for root from 87.251.79.125 port 36810 ssh2
Jun 25 07:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21648]: Connection closed by 87.251.79.125 port 36810 [preauth]
Jun 25 07:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 07:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 07:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Failed password for root from 193.46.255.86 port 27928 ssh2
Jun 25 07:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: Failed password for root from 103.82.20.28 port 57844 ssh2
Jun 25 07:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: Connection closed by 103.82.20.28 port 57844 [preauth]
Jun 25 07:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Failed password for root from 193.46.255.86 port 27928 ssh2
Jun 25 07:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Failed password for root from 193.46.255.86 port 27928 ssh2
Jun 25 07:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: Connection closed by 193.46.255.86 port 27928 [preauth]
Jun 25 07:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21702]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20247]: pam_unix(cron:session): session closed for user root
Jun 25 07:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Invalid user user03 from 143.110.247.221
Jun 25 07:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: input_userauth_request: invalid user user03 [preauth]
Jun 25 07:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 07:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 07:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Failed password for invalid user user03 from 143.110.247.221 port 33968 ssh2
Jun 25 07:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Received disconnect from 143.110.247.221 port 33968:11: Bye Bye [preauth]
Jun 25 07:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Disconnected from 143.110.247.221 port 33968 [preauth]
Jun 25 07:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21760]: Failed password for root from 103.27.238.116 port 54722 ssh2
Jun 25 07:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21760]: Connection closed by 103.27.238.116 port 54722 [preauth]
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21889]: Successful su for rubyman by root
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21889]: + ??? root:rubyman
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588736 of user rubyman.
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21889]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588736.
Jun 25 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18497]: pam_unix(cron:session): session closed for user root
Jun 25 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: Invalid user srv from 45.165.14.197
Jun 25 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: input_userauth_request: invalid user srv [preauth]
Jun 25 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.14.197
Jun 25 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: Failed password for invalid user srv from 45.165.14.197 port 5686 ssh2
Jun 25 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: Received disconnect from 45.165.14.197 port 5686:11: Bye Bye [preauth]
Jun 25 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: Disconnected from 45.165.14.197 port 5686 [preauth]
Jun 25 07:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: Received disconnect from 123.30.240.7 port 51534:11: disconnected by user [preauth]
Jun 25 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: Disconnected from 123.30.240.7 port 51534 [preauth]
Jun 25 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session closed for user root
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22229]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22293]: Successful su for rubyman by root
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22293]: + ??? root:rubyman
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588739 of user rubyman.
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22293]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588739.
Jun 25 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18969]: pam_unix(cron:session): session closed for user root
Jun 25 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Invalid user hrm from 190.128.201.18
Jun 25 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: input_userauth_request: invalid user hrm [preauth]
Jun 25 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 07:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Failed password for invalid user hrm from 190.128.201.18 port 48852 ssh2
Jun 25 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Received disconnect from 190.128.201.18 port 48852:11: Bye Bye [preauth]
Jun 25 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Disconnected from 190.128.201.18 port 48852 [preauth]
Jun 25 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21368]: pam_unix(cron:session): session closed for user root
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22717]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22713]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22776]: Successful su for rubyman by root
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22776]: + ??? root:rubyman
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588743 of user rubyman.
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22776]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588743.
Jun 25 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19707]: pam_unix(cron:session): session closed for user root
Jun 25 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22715]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Invalid user kp from 143.110.247.221
Jun 25 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: input_userauth_request: invalid user kp [preauth]
Jun 25 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Failed password for invalid user kp from 143.110.247.221 port 47944 ssh2
Jun 25 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Received disconnect from 143.110.247.221 port 47944:11: Bye Bye [preauth]
Jun 25 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Disconnected from 143.110.247.221 port 47944 [preauth]
Jun 25 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21827]: pam_unix(cron:session): session closed for user root
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23127]: pam_unix(cron:session): session closed for user root
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23122]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23190]: Successful su for rubyman by root
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23190]: + ??? root:rubyman
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588750 of user rubyman.
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23190]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588750.
Jun 25 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session closed for user root
Jun 25 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20246]: pam_unix(cron:session): session closed for user root
Jun 25 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22232]: pam_unix(cron:session): session closed for user root
Jun 25 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Invalid user liyang from 190.128.201.18
Jun 25 07:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: input_userauth_request: invalid user liyang [preauth]
Jun 25 07:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Failed password for invalid user liyang from 190.128.201.18 port 50536 ssh2
Jun 25 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Received disconnect from 190.128.201.18 port 50536:11: Bye Bye [preauth]
Jun 25 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Disconnected from 190.128.201.18 port 50536 [preauth]
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23576]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23646]: Successful su for rubyman by root
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23646]: + ??? root:rubyman
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588753 of user rubyman.
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23646]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588753.
Jun 25 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20883]: pam_unix(cron:session): session closed for user root
Jun 25 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23577]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221  user=root
Jun 25 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22717]: pam_unix(cron:session): session closed for user root
Jun 25 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24006]: Failed password for root from 143.110.247.221 port 40918 ssh2
Jun 25 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24006]: Received disconnect from 143.110.247.221 port 40918:11: Bye Bye [preauth]
Jun 25 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24006]: Disconnected from 143.110.247.221 port 40918 [preauth]
Jun 25 07:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Invalid user kp from 186.96.158.180
Jun 25 07:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: input_userauth_request: invalid user kp [preauth]
Jun 25 07:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session closed for user root
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24095]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: Successful su for rubyman by root
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: + ??? root:rubyman
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588758 of user rubyman.
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588758.
Jun 25 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Failed password for invalid user kp from 186.96.158.180 port 40287 ssh2
Jun 25 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Received disconnect from 186.96.158.180 port 40287:11: Bye Bye [preauth]
Jun 25 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Disconnected from 186.96.158.180 port 40287 [preauth]
Jun 25 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21367]: pam_unix(cron:session): session closed for user root
Jun 25 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24096]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23126]: pam_unix(cron:session): session closed for user root
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24527]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24591]: Successful su for rubyman by root
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24591]: + ??? root:rubyman
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588763 of user rubyman.
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24591]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588763.
Jun 25 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21826]: pam_unix(cron:session): session closed for user root
Jun 25 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24528]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: Invalid user runner from 190.128.201.18
Jun 25 07:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: input_userauth_request: invalid user runner [preauth]
Jun 25 07:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 07:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: Failed password for invalid user runner from 190.128.201.18 port 34200 ssh2
Jun 25 07:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: Received disconnect from 190.128.201.18 port 34200:11: Bye Bye [preauth]
Jun 25 07:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: Disconnected from 190.128.201.18 port 34200 [preauth]
Jun 25 07:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23579]: pam_unix(cron:session): session closed for user root
Jun 25 07:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: Invalid user roberto from 143.110.247.221
Jun 25 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: input_userauth_request: invalid user roberto [preauth]
Jun 25 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 07:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: Failed password for invalid user roberto from 143.110.247.221 port 40170 ssh2
Jun 25 07:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: Received disconnect from 143.110.247.221 port 40170:11: Bye Bye [preauth]
Jun 25 07:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: Disconnected from 143.110.247.221 port 40170 [preauth]
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24941]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: Successful su for rubyman by root
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: + ??? root:rubyman
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588768 of user rubyman.
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588768.
Jun 25 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session closed for user root
Jun 25 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24942]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24098]: pam_unix(cron:session): session closed for user root
Jun 25 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session closed for user root
Jun 25 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25336]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25411]: Successful su for rubyman by root
Jun 25 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25411]: + ??? root:rubyman
Jun 25 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588770 of user rubyman.
Jun 25 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25411]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588770.
Jun 25 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22716]: pam_unix(cron:session): session closed for user root
Jun 25 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25338]: pam_unix(cron:session): session closed for user root
Jun 25 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25337]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24530]: pam_unix(cron:session): session closed for user root
Jun 25 07:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Invalid user shoutcast from 190.128.201.18
Jun 25 07:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: input_userauth_request: invalid user shoutcast [preauth]
Jun 25 07:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Failed password for invalid user shoutcast from 190.128.201.18 port 48786 ssh2
Jun 25 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Received disconnect from 190.128.201.18 port 48786:11: Bye Bye [preauth]
Jun 25 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Disconnected from 190.128.201.18 port 48786 [preauth]
Jun 25 07:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: Failed password for root from 193.37.70.224 port 52948 ssh2
Jun 25 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: Connection closed by 193.37.70.224 port 52948 [preauth]
Jun 25 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25769]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25767]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25837]: Successful su for rubyman by root
Jun 25 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25837]: + ??? root:rubyman
Jun 25 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588776 of user rubyman.
Jun 25 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25837]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588776.
Jun 25 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session closed for user root
Jun 25 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25768]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26036]: Failed password for root from 147.45.199.80 port 47684 ssh2
Jun 25 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26036]: Connection closed by 147.45.199.80 port 47684 [preauth]
Jun 25 07:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221  user=root
Jun 25 07:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: Failed password for root from 143.110.247.221 port 57102 ssh2
Jun 25 07:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: Received disconnect from 143.110.247.221 port 57102:11: Bye Bye [preauth]
Jun 25 07:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: Disconnected from 143.110.247.221 port 57102 [preauth]
Jun 25 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24944]: pam_unix(cron:session): session closed for user root
Jun 25 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26165]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: Successful su for rubyman by root
Jun 25 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: + ??? root:rubyman
Jun 25 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588780 of user rubyman.
Jun 25 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588780.
Jun 25 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23578]: pam_unix(cron:session): session closed for user root
Jun 25 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26166]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25340]: pam_unix(cron:session): session closed for user root
Jun 25 07:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: Invalid user misuser from 190.128.201.18
Jun 25 07:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: input_userauth_request: invalid user misuser [preauth]
Jun 25 07:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.201.18
Jun 25 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: Failed password for invalid user misuser from 190.128.201.18 port 60878 ssh2
Jun 25 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: Received disconnect from 190.128.201.18 port 60878:11: Bye Bye [preauth]
Jun 25 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: Disconnected from 190.128.201.18 port 60878 [preauth]
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26558]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: Successful su for rubyman by root
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: + ??? root:rubyman
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588785 of user rubyman.
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588785.
Jun 25 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24097]: pam_unix(cron:session): session closed for user root
Jun 25 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26559]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25770]: pam_unix(cron:session): session closed for user root
Jun 25 07:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: Invalid user andi from 143.110.247.221
Jun 25 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: input_userauth_request: invalid user andi [preauth]
Jun 25 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.247.221
Jun 25 07:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: Failed password for invalid user andi from 143.110.247.221 port 54216 ssh2
Jun 25 07:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: Received disconnect from 143.110.247.221 port 54216:11: Bye Bye [preauth]
Jun 25 07:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: Disconnected from 143.110.247.221 port 54216 [preauth]
Jun 25 07:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 25 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Failed password for root from 186.96.158.180 port 65254 ssh2
Jun 25 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Received disconnect from 186.96.158.180 port 65254:11: Bye Bye [preauth]
Jun 25 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26986]: Disconnected from 186.96.158.180 port 65254 [preauth]
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27039]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: Successful su for rubyman by root
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: + ??? root:rubyman
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588788 of user rubyman.
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588788.
Jun 25 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24529]: pam_unix(cron:session): session closed for user root
Jun 25 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27040]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26169]: pam_unix(cron:session): session closed for user root
Jun 25 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: Failed password for root from 103.153.68.219 port 52540 ssh2
Jun 25 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: Connection closed by 103.153.68.219 port 52540 [preauth]
Jun 25 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27467]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27471]: pam_unix(cron:session): session closed for user root
Jun 25 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27464]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27542]: Successful su for rubyman by root
Jun 25 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27542]: + ??? root:rubyman
Jun 25 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588792 of user rubyman.
Jun 25 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27542]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588792.
Jun 25 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24943]: pam_unix(cron:session): session closed for user root
Jun 25 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27467]: pam_unix(cron:session): session closed for user root
Jun 25 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27634]: Failed password for root from 103.122.221.179 port 59230 ssh2
Jun 25 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27634]: Connection closed by 103.122.221.179 port 59230 [preauth]
Jun 25 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27465]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 07:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27756]: Failed password for root from 62.133.62.83 port 55818 ssh2
Jun 25 07:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27756]: Connection closed by 62.133.62.83 port 55818 [preauth]
Jun 25 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session closed for user root
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27908]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27980]: Successful su for rubyman by root
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27980]: + ??? root:rubyman
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588799 of user rubyman.
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27980]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588799.
Jun 25 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25339]: pam_unix(cron:session): session closed for user root
Jun 25 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27910]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27042]: pam_unix(cron:session): session closed for user root
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28369]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: Successful su for rubyman by root
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: + ??? root:rubyman
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588802 of user rubyman.
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588802.
Jun 25 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25769]: pam_unix(cron:session): session closed for user root
Jun 25 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27470]: pam_unix(cron:session): session closed for user root
Jun 25 07:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Failed password for root from 194.113.233.25 port 49874 ssh2
Jun 25 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Connection closed by 194.113.233.25 port 49874 [preauth]
Jun 25 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28869]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28942]: Successful su for rubyman by root
Jun 25 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28942]: + ??? root:rubyman
Jun 25 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588807 of user rubyman.
Jun 25 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28942]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588807.
Jun 25 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26167]: pam_unix(cron:session): session closed for user root
Jun 25 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28870]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27912]: pam_unix(cron:session): session closed for user root
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29305]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29364]: Successful su for rubyman by root
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29364]: + ??? root:rubyman
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588810 of user rubyman.
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29364]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588810.
Jun 25 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26560]: pam_unix(cron:session): session closed for user root
Jun 25 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29306]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 07:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29685]: Failed password for root from 109.237.96.109 port 36218 ssh2
Jun 25 07:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29685]: Connection closed by 109.237.96.109 port 36218 [preauth]
Jun 25 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28372]: pam_unix(cron:session): session closed for user root
Jun 25 07:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 07:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: Failed password for root from 103.77.242.62 port 48836 ssh2
Jun 25 07:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: Connection closed by 103.77.242.62 port 48836 [preauth]
Jun 25 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29834]: pam_unix(cron:session): session closed for user root
Jun 25 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29905]: Successful su for rubyman by root
Jun 25 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29905]: + ??? root:rubyman
Jun 25 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588816 of user rubyman.
Jun 25 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29905]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588816.
Jun 25 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27041]: pam_unix(cron:session): session closed for user root
Jun 25 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29831]: pam_unix(cron:session): session closed for user root
Jun 25 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29830]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: Invalid user liyang from 186.96.158.180
Jun 25 07:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: input_userauth_request: invalid user liyang [preauth]
Jun 25 07:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 07:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: Failed password for invalid user liyang from 186.96.158.180 port 44912 ssh2
Jun 25 07:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: Received disconnect from 186.96.158.180 port 44912:11: Bye Bye [preauth]
Jun 25 07:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30156]: Disconnected from 186.96.158.180 port 44912 [preauth]
Jun 25 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28875]: pam_unix(cron:session): session closed for user root
Jun 25 07:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: Did not receive identification string from 92.118.39.77
Jun 25 07:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: Connection closed by 194.59.206.2 port 21214 [preauth]
Jun 25 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30359]: Successful su for rubyman by root
Jun 25 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30359]: + ??? root:rubyman
Jun 25 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588820 of user rubyman.
Jun 25 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30359]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588820.
Jun 25 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27469]: pam_unix(cron:session): session closed for user root
Jun 25 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29309]: pam_unix(cron:session): session closed for user root
Jun 25 07:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 07:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Failed password for root from 38.93.206.2 port 34524 ssh2
Jun 25 07:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Connection closed by 38.93.206.2 port 34524 [preauth]
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30772]: Successful su for rubyman by root
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30772]: + ??? root:rubyman
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588824 of user rubyman.
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30772]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588824.
Jun 25 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27911]: pam_unix(cron:session): session closed for user root
Jun 25 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30711]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29833]: pam_unix(cron:session): session closed for user root
Jun 25 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: Successful su for rubyman by root
Jun 25 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: + ??? root:rubyman
Jun 25 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588829 of user rubyman.
Jun 25 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588829.
Jun 25 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28371]: pam_unix(cron:session): session closed for user root
Jun 25 07:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30285]: pam_unix(cron:session): session closed for user root
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31699]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31761]: Successful su for rubyman by root
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31761]: + ??? root:rubyman
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588833 of user rubyman.
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31761]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588833.
Jun 25 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28871]: pam_unix(cron:session): session closed for user root
Jun 25 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31700]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session closed for user root
Jun 25 07:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 07:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32087]: Failed password for root from 103.176.20.57 port 34904 ssh2
Jun 25 07:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32087]: Connection closed by 103.176.20.57 port 34904 [preauth]
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32120]: pam_unix(cron:session): session closed for user root
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32115]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32197]: Successful su for rubyman by root
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32197]: + ??? root:rubyman
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588841 of user rubyman.
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32197]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588841.
Jun 25 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32117]: pam_unix(cron:session): session closed for user root
Jun 25 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29307]: pam_unix(cron:session): session closed for user root
Jun 25 07:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32116]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session closed for user root
Jun 25 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32555]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32622]: Successful su for rubyman by root
Jun 25 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32622]: + ??? root:rubyman
Jun 25 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588843 of user rubyman.
Jun 25 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32622]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588843.
Jun 25 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29832]: pam_unix(cron:session): session closed for user root
Jun 25 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Invalid user admin from 141.98.83.240
Jun 25 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: input_userauth_request: invalid user admin [preauth]
Jun 25 07:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 07:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for invalid user admin from 141.98.83.240 port 4538 ssh2
Jun 25 07:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for invalid user admin from 141.98.83.240 port 4538 ssh2
Jun 25 07:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31702]: pam_unix(cron:session): session closed for user root
Jun 25 07:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for invalid user admin from 141.98.83.240 port 4538 ssh2
Jun 25 07:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Connection closed by 141.98.83.240 port 4538 [preauth]
Jun 25 07:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[648]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[646]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[713]: Successful su for rubyman by root
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[713]: + ??? root:rubyman
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588846 of user rubyman.
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[713]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588846.
Jun 25 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30284]: pam_unix(cron:session): session closed for user root
Jun 25 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[647]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: Invalid user obc from 186.96.158.180
Jun 25 07:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: input_userauth_request: invalid user obc [preauth]
Jun 25 07:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 07:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: Failed password for invalid user obc from 186.96.158.180 port 59868 ssh2
Jun 25 07:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: Received disconnect from 186.96.158.180 port 59868:11: Bye Bye [preauth]
Jun 25 07:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: Disconnected from 186.96.158.180 port 59868 [preauth]
Jun 25 07:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Invalid user admin from 2.57.121.25
Jun 25 07:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: input_userauth_request: invalid user admin [preauth]
Jun 25 07:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Failed password for invalid user admin from 2.57.121.25 port 42696 ssh2
Jun 25 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Failed password for invalid user admin from 2.57.121.25 port 42696 ssh2
Jun 25 07:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Failed password for invalid user admin from 2.57.121.25 port 42696 ssh2
Jun 25 07:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Connection closed by 2.57.121.25 port 42696 [preauth]
Jun 25 07:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32119]: pam_unix(cron:session): session closed for user root
Jun 25 07:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1058]: Did not receive identification string from 120.76.158.232
Jun 25 07:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Failed password for root from 92.118.39.77 port 35034 ssh2
Jun 25 07:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Connection closed by 92.118.39.77 port 35034 [preauth]
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1104]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1169]: Successful su for rubyman by root
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1169]: + ??? root:rubyman
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1169]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588851 of user rubyman.
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1169]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588851.
Jun 25 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session closed for user root
Jun 25 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1105]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Invalid user admin from 45.148.10.121
Jun 25 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: input_userauth_request: invalid user admin [preauth]
Jun 25 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 07:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Failed password for invalid user admin from 45.148.10.121 port 43924 ssh2
Jun 25 07:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Connection closed by 45.148.10.121 port 43924 [preauth]
Jun 25 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32559]: pam_unix(cron:session): session closed for user root
Jun 25 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1658]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1795]: Successful su for rubyman by root
Jun 25 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1795]: + ??? root:rubyman
Jun 25 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588855 of user rubyman.
Jun 25 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1795]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588855.
Jun 25 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1656]: pam_unix(cron:session): session closed for user root
Jun 25 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31204]: pam_unix(cron:session): session closed for user root
Jun 25 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1659]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Invalid user josefina from 2.57.121.112
Jun 25 07:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: input_userauth_request: invalid user josefina [preauth]
Jun 25 07:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 07:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Failed password for invalid user josefina from 2.57.121.112 port 53872 ssh2
Jun 25 07:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Failed password for invalid user josefina from 2.57.121.112 port 53872 ssh2
Jun 25 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[649]: pam_unix(cron:session): session closed for user root
Jun 25 07:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Failed password for invalid user josefina from 2.57.121.112 port 53872 ssh2
Jun 25 07:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Failed password for invalid user josefina from 2.57.121.112 port 53872 ssh2
Jun 25 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Connection closed by 2.57.121.112 port 53872 [preauth]
Jun 25 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Invalid user josefina from 2.57.121.112
Jun 25 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: input_userauth_request: invalid user josefina [preauth]
Jun 25 07:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 07:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Failed password for invalid user josefina from 2.57.121.112 port 22848 ssh2
Jun 25 07:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Connection closed by 2.57.121.112 port 22848 [preauth]
Jun 25 07:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Failed password for root from 92.118.39.77 port 38018 ssh2
Jun 25 07:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Connection closed by 92.118.39.77 port 38018 [preauth]
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2244]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2247]: pam_unix(cron:session): session closed for user root
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2242]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2317]: Successful su for rubyman by root
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2317]: + ??? root:rubyman
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588859 of user rubyman.
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2317]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588859.
Jun 25 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2244]: pam_unix(cron:session): session closed for user root
Jun 25 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31701]: pam_unix(cron:session): session closed for user root
Jun 25 07:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2243]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1107]: pam_unix(cron:session): session closed for user root
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2691]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2767]: Successful su for rubyman by root
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2767]: + ??? root:rubyman
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588865 of user rubyman.
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2767]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588865.
Jun 25 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32118]: pam_unix(cron:session): session closed for user root
Jun 25 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2692]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Failed password for root from 92.118.39.77 port 40934 ssh2
Jun 25 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Connection closed by 92.118.39.77 port 40934 [preauth]
Jun 25 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session closed for user root
Jun 25 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Failed password for root from 77.94.47.83 port 52800 ssh2
Jun 25 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Connection closed by 77.94.47.83 port 52800 [preauth]
Jun 25 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3110]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3172]: Successful su for rubyman by root
Jun 25 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3172]: + ??? root:rubyman
Jun 25 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588869 of user rubyman.
Jun 25 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3172]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588869.
Jun 25 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session closed for user root
Jun 25 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2246]: pam_unix(cron:session): session closed for user root
Jun 25 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 07:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Failed password for root from 202.178.126.219 port 29268 ssh2
Jun 25 07:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Connection closed by 202.178.126.219 port 29268 [preauth]
Jun 25 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3507]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3572]: Successful su for rubyman by root
Jun 25 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3572]: + ??? root:rubyman
Jun 25 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588873 of user rubyman.
Jun 25 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3572]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588873.
Jun 25 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[648]: pam_unix(cron:session): session closed for user root
Jun 25 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3508]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2694]: pam_unix(cron:session): session closed for user root
Jun 25 07:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: Failed password for root from 92.118.39.77 port 43828 ssh2
Jun 25 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3973]: Connection closed by 92.118.39.77 port 43828 [preauth]
Jun 25 07:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4102]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4165]: Successful su for rubyman by root
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4165]: + ??? root:rubyman
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588877 of user rubyman.
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4165]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588877.
Jun 25 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1106]: pam_unix(cron:session): session closed for user root
Jun 25 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4103]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4392]: Invalid user abhishek from 186.96.158.180
Jun 25 07:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4392]: input_userauth_request: invalid user abhishek [preauth]
Jun 25 07:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4392]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 07:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4392]: Failed password for invalid user abhishek from 186.96.158.180 port 3091 ssh2
Jun 25 07:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4392]: Received disconnect from 186.96.158.180 port 3091:11: Bye Bye [preauth]
Jun 25 07:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4392]: Disconnected from 186.96.158.180 port 3091 [preauth]
Jun 25 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3114]: pam_unix(cron:session): session closed for user root
Jun 25 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4525]: pam_unix(cron:session): session closed for user root
Jun 25 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4517]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: Successful su for rubyman by root
Jun 25 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: + ??? root:rubyman
Jun 25 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588881 of user rubyman.
Jun 25 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588881.
Jun 25 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4521]: pam_unix(cron:session): session closed for user root
Jun 25 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1660]: pam_unix(cron:session): session closed for user root
Jun 25 07:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Failed password for root from 92.118.39.77 port 46724 ssh2
Jun 25 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Connection closed by 92.118.39.77 port 46724 [preauth]
Jun 25 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3510]: pam_unix(cron:session): session closed for user root
Jun 25 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5064]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5129]: Successful su for rubyman by root
Jun 25 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5129]: + ??? root:rubyman
Jun 25 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588889 of user rubyman.
Jun 25 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5129]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588889.
Jun 25 07:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2245]: pam_unix(cron:session): session closed for user root
Jun 25 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5065]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4105]: pam_unix(cron:session): session closed for user root
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5537]: Successful su for rubyman by root
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5537]: + ??? root:rubyman
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588892 of user rubyman.
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5537]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588892.
Jun 25 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2693]: pam_unix(cron:session): session closed for user root
Jun 25 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 07:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: Failed password for root from 80.66.85.226 port 51288 ssh2
Jun 25 07:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: Connection closed by 80.66.85.226 port 51288 [preauth]
Jun 25 07:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: Failed password for root from 92.118.39.77 port 49596 ssh2
Jun 25 07:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: Connection closed by 92.118.39.77 port 49596 [preauth]
Jun 25 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4524]: pam_unix(cron:session): session closed for user root
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5877]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5935]: Successful su for rubyman by root
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5935]: + ??? root:rubyman
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588895 of user rubyman.
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5935]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588895.
Jun 25 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3113]: pam_unix(cron:session): session closed for user root
Jun 25 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5878]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5067]: pam_unix(cron:session): session closed for user root
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6319]: Successful su for rubyman by root
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6319]: + ??? root:rubyman
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588899 of user rubyman.
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6319]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588899.
Jun 25 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session closed for user root
Jun 25 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6262]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: Failed password for root from 92.118.39.77 port 52424 ssh2
Jun 25 07:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: Connection closed by 92.118.39.77 port 52424 [preauth]
Jun 25 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5481]: pam_unix(cron:session): session closed for user root
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6657]: pam_unix(cron:session): session closed for user root
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6652]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6727]: Successful su for rubyman by root
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6727]: + ??? root:rubyman
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588905 of user rubyman.
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6727]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588905.
Jun 25 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6654]: pam_unix(cron:session): session closed for user root
Jun 25 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4104]: pam_unix(cron:session): session closed for user root
Jun 25 07:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6653]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5880]: pam_unix(cron:session): session closed for user root
Jun 25 07:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7189]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: Successful su for rubyman by root
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: + ??? root:rubyman
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588911 of user rubyman.
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588911.
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Invalid user hrm from 186.96.158.180
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: input_userauth_request: invalid user hrm [preauth]
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Failed password for invalid user hrm from 186.96.158.180 port 12330 ssh2
Jun 25 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Received disconnect from 186.96.158.180 port 12330:11: Bye Bye [preauth]
Jun 25 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Disconnected from 186.96.158.180 port 12330 [preauth]
Jun 25 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4522]: pam_unix(cron:session): session closed for user root
Jun 25 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7190]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Failed password for root from 92.118.39.77 port 55284 ssh2
Jun 25 07:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Connection closed by 92.118.39.77 port 55284 [preauth]
Jun 25 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6264]: pam_unix(cron:session): session closed for user root
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7607]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7765]: Successful su for rubyman by root
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7765]: + ??? root:rubyman
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588914 of user rubyman.
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7765]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588914.
Jun 25 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5066]: pam_unix(cron:session): session closed for user root
Jun 25 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6656]: pam_unix(cron:session): session closed for user root
Jun 25 07:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 07:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8072]: Failed password for root from 51.250.105.222 port 47488 ssh2
Jun 25 07:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8072]: Connection closed by 51.250.105.222 port 47488 [preauth]
Jun 25 07:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8085]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8150]: Successful su for rubyman by root
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8150]: + ??? root:rubyman
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588917 of user rubyman.
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8150]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588917.
Jun 25 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8082]: Failed password for root from 92.118.39.77 port 58120 ssh2
Jun 25 07:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8082]: Connection closed by 92.118.39.77 port 58120 [preauth]
Jun 25 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session closed for user root
Jun 25 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8086]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7193]: pam_unix(cron:session): session closed for user root
Jun 25 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8478]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: Successful su for rubyman by root
Jun 25 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: + ??? root:rubyman
Jun 25 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588921 of user rubyman.
Jun 25 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588921.
Jun 25 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5879]: pam_unix(cron:session): session closed for user root
Jun 25 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8479]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 07:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: Failed password for root from 103.27.238.120 port 44100 ssh2
Jun 25 07:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8760]: Connection closed by 103.27.238.120 port 44100 [preauth]
Jun 25 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7613]: pam_unix(cron:session): session closed for user root
Jun 25 07:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 07:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: Failed password for root from 92.118.39.77 port 60934 ssh2
Jun 25 07:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: Connection closed by 92.118.39.77 port 60934 [preauth]
Jun 25 07:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8864]: Failed password for root from 103.172.78.219 port 35920 ssh2
Jun 25 07:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8864]: Connection closed by 103.172.78.219 port 35920 [preauth]
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8889]: pam_unix(cron:session): session closed for user root
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8884]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8954]: Successful su for rubyman by root
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8954]: + ??? root:rubyman
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588927 of user rubyman.
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8954]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588927.
Jun 25 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8886]: pam_unix(cron:session): session closed for user root
Jun 25 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6263]: pam_unix(cron:session): session closed for user root
Jun 25 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8885]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8088]: pam_unix(cron:session): session closed for user root
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: Successful su for rubyman by root
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: + ??? root:rubyman
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588931 of user rubyman.
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588931.
Jun 25 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6655]: pam_unix(cron:session): session closed for user root
Jun 25 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9313]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session closed for user root
Jun 25 07:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Failed password for root from 92.118.39.77 port 35520 ssh2
Jun 25 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Connection closed by 92.118.39.77 port 35520 [preauth]
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9704]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9763]: Successful su for rubyman by root
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9763]: + ??? root:rubyman
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588935 of user rubyman.
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9763]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588935.
Jun 25 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7192]: pam_unix(cron:session): session closed for user root
Jun 25 07:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9705]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8888]: pam_unix(cron:session): session closed for user root
Jun 25 07:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Invalid user shoutcast from 186.96.158.180
Jun 25 07:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: input_userauth_request: invalid user shoutcast [preauth]
Jun 25 07:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 07:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 07:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Failed password for invalid user shoutcast from 186.96.158.180 port 41722 ssh2
Jun 25 07:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Received disconnect from 186.96.158.180 port 41722:11: Bye Bye [preauth]
Jun 25 07:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10315]: Disconnected from 186.96.158.180 port 41722 [preauth]
Jun 25 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10380]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10439]: Successful su for rubyman by root
Jun 25 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10439]: + ??? root:rubyman
Jun 25 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588940 of user rubyman.
Jun 25 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10439]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588940.
Jun 25 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session closed for user root
Jun 25 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10378]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9315]: pam_unix(cron:session): session closed for user root
Jun 25 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 07:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 07:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: Failed password for root from 92.118.39.77 port 38354 ssh2
Jun 25 07:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: Connection closed by 92.118.39.77 port 38354 [preauth]
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session closed for user p13x
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: Successful su for rubyman by root
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: + ??? root:rubyman
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588944 of user rubyman.
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: pam_unix(su:session): session closed for user rubyman
Jun 25 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588944.
Jun 25 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session closed for user root
Jun 25 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10794]: pam_unix(cron:session): session closed for user samftp
Jun 25 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9707]: pam_unix(cron:session): session closed for user root
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session closed for user root
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session closed for user root
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11202]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11304]: Successful su for rubyman by root
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11304]: + ??? root:rubyman
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588951 of user rubyman.
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11304]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588951.
Jun 25 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session closed for user root
Jun 25 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8480]: pam_unix(cron:session): session closed for user root
Jun 25 08:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11203]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: Failed password for root from 92.118.39.77 port 41178 ssh2
Jun 25 08:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: Connection closed by 92.118.39.77 port 41178 [preauth]
Jun 25 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session closed for user root
Jun 25 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11724]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11824]: Successful su for rubyman by root
Jun 25 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11824]: + ??? root:rubyman
Jun 25 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588954 of user rubyman.
Jun 25 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11824]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588954.
Jun 25 08:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8887]: pam_unix(cron:session): session closed for user root
Jun 25 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11725]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10796]: pam_unix(cron:session): session closed for user root
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12182]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12360]: Successful su for rubyman by root
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12360]: + ??? root:rubyman
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588958 of user rubyman.
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12360]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588958.
Jun 25 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9314]: pam_unix(cron:session): session closed for user root
Jun 25 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12183]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Failed password for root from 92.118.39.77 port 44026 ssh2
Jun 25 08:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Connection closed by 92.118.39.77 port 44026 [preauth]
Jun 25 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session closed for user root
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12703]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: Successful su for rubyman by root
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: + ??? root:rubyman
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588962 of user rubyman.
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588962.
Jun 25 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9706]: pam_unix(cron:session): session closed for user root
Jun 25 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12704]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11727]: pam_unix(cron:session): session closed for user root
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13122]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13194]: Successful su for rubyman by root
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13194]: + ??? root:rubyman
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588967 of user rubyman.
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13194]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588967.
Jun 25 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10380]: pam_unix(cron:session): session closed for user root
Jun 25 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13123]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Failed password for root from 92.118.39.77 port 46844 ssh2
Jun 25 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Connection closed by 92.118.39.77 port 46844 [preauth]
Jun 25 08:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Invalid user misuser from 186.96.158.180
Jun 25 08:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: input_userauth_request: invalid user misuser [preauth]
Jun 25 08:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 08:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Failed password for invalid user misuser from 186.96.158.180 port 2252 ssh2
Jun 25 08:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Received disconnect from 186.96.158.180 port 2252:11: Bye Bye [preauth]
Jun 25 08:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Disconnected from 186.96.158.180 port 2252 [preauth]
Jun 25 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session closed for user root
Jun 25 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session closed for user root
Jun 25 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13600]: Successful su for rubyman by root
Jun 25 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13600]: + ??? root:rubyman
Jun 25 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588972 of user rubyman.
Jun 25 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13600]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588972.
Jun 25 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13532]: pam_unix(cron:session): session closed for user root
Jun 25 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session closed for user root
Jun 25 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Invalid user server from 141.98.83.240
Jun 25 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: input_userauth_request: invalid user server [preauth]
Jun 25 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Failed password for invalid user server from 141.98.83.240 port 13422 ssh2
Jun 25 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Failed password for invalid user server from 141.98.83.240 port 13422 ssh2
Jun 25 08:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Failed password for invalid user server from 141.98.83.240 port 13422 ssh2
Jun 25 08:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Connection closed by 141.98.83.240 port 13422 [preauth]
Jun 25 08:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12706]: pam_unix(cron:session): session closed for user root
Jun 25 08:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Invalid user vpn from 193.46.255.86
Jun 25 08:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: input_userauth_request: invalid user vpn [preauth]
Jun 25 08:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 08:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Failed password for invalid user vpn from 193.46.255.86 port 6706 ssh2
Jun 25 08:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Failed password for invalid user vpn from 193.46.255.86 port 6706 ssh2
Jun 25 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Failed password for invalid user vpn from 193.46.255.86 port 6706 ssh2
Jun 25 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Connection closed by 193.46.255.86 port 6706 [preauth]
Jun 25 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 08:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Failed password for root from 92.118.39.77 port 49672 ssh2
Jun 25 08:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Connection closed by 92.118.39.77 port 49672 [preauth]
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14043]: Successful su for rubyman by root
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14043]: + ??? root:rubyman
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588977 of user rubyman.
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14043]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588977.
Jun 25 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session closed for user root
Jun 25 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13125]: pam_unix(cron:session): session closed for user root
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14369]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14429]: Successful su for rubyman by root
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14429]: + ??? root:rubyman
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588980 of user rubyman.
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14429]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588980.
Jun 25 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11726]: pam_unix(cron:session): session closed for user root
Jun 25 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14370]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session closed for user root
Jun 25 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14829]: Failed password for root from 92.118.39.77 port 52418 ssh2
Jun 25 08:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14829]: Connection closed by 92.118.39.77 port 52418 [preauth]
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: Successful su for rubyman by root
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: + ??? root:rubyman
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588985 of user rubyman.
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588985.
Jun 25 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session closed for user root
Jun 25 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13980]: pam_unix(cron:session): session closed for user root
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15274]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15273]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15380]: Successful su for rubyman by root
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15380]: + ??? root:rubyman
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588988 of user rubyman.
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15380]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588988.
Jun 25 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session closed for user root
Jun 25 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12705]: pam_unix(cron:session): session closed for user root
Jun 25 08:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15274]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Failed password for root from 92.118.39.77 port 55234 ssh2
Jun 25 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Connection closed by 92.118.39.77 port 55234 [preauth]
Jun 25 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14374]: pam_unix(cron:session): session closed for user root
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15758]: pam_unix(cron:session): session closed for user root
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15753]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15818]: Successful su for rubyman by root
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15818]: + ??? root:rubyman
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588995 of user rubyman.
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15818]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588995.
Jun 25 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15755]: pam_unix(cron:session): session closed for user root
Jun 25 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13124]: pam_unix(cron:session): session closed for user root
Jun 25 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15754]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Invalid user admin from 45.148.10.121
Jun 25 08:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: input_userauth_request: invalid user admin [preauth]
Jun 25 08:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 08:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Failed password for invalid user admin from 45.148.10.121 port 47208 ssh2
Jun 25 08:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Connection closed by 45.148.10.121 port 47208 [preauth]
Jun 25 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14871]: pam_unix(cron:session): session closed for user root
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16234]: Successful su for rubyman by root
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16234]: + ??? root:rubyman
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 588999 of user rubyman.
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16234]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 588999.
Jun 25 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13533]: pam_unix(cron:session): session closed for user root
Jun 25 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16165]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: Failed password for root from 92.118.39.77 port 58020 ssh2
Jun 25 08:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: Connection closed by 92.118.39.77 port 58020 [preauth]
Jun 25 08:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15276]: pam_unix(cron:session): session closed for user root
Jun 25 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 25 08:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: Failed password for root from 186.96.158.180 port 21021 ssh2
Jun 25 08:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: Received disconnect from 186.96.158.180 port 21021:11: Bye Bye [preauth]
Jun 25 08:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: Disconnected from 186.96.158.180 port 21021 [preauth]
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16623]: Successful su for rubyman by root
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16623]: + ??? root:rubyman
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589004 of user rubyman.
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16623]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589004.
Jun 25 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session closed for user root
Jun 25 08:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16565]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15757]: pam_unix(cron:session): session closed for user root
Jun 25 08:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: Failed password for root from 92.118.39.77 port 60820 ssh2
Jun 25 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: Connection closed by 92.118.39.77 port 60820 [preauth]
Jun 25 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17072]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17131]: Successful su for rubyman by root
Jun 25 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17131]: + ??? root:rubyman
Jun 25 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589008 of user rubyman.
Jun 25 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17131]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589008.
Jun 25 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14372]: pam_unix(cron:session): session closed for user root
Jun 25 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Failed password for root from 103.15.222.183 port 52790 ssh2
Jun 25 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Connection closed by 103.15.222.183 port 52790 [preauth]
Jun 25 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17073]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session closed for user root
Jun 25 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17478]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17535]: Successful su for rubyman by root
Jun 25 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17535]: + ??? root:rubyman
Jun 25 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589011 of user rubyman.
Jun 25 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17535]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589011.
Jun 25 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session closed for user root
Jun 25 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17479]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 08:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: Failed password for root from 38.93.206.2 port 26172 ssh2
Jun 25 08:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: Connection closed by 38.93.206.2 port 26172 [preauth]
Jun 25 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16567]: pam_unix(cron:session): session closed for user root
Jun 25 08:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: Failed password for root from 92.118.39.77 port 35374 ssh2
Jun 25 08:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: Connection closed by 92.118.39.77 port 35374 [preauth]
Jun 25 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17973]: pam_unix(cron:session): session closed for user root
Jun 25 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17968]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18047]: Successful su for rubyman by root
Jun 25 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18047]: + ??? root:rubyman
Jun 25 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589019 of user rubyman.
Jun 25 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18047]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589019.
Jun 25 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17970]: pam_unix(cron:session): session closed for user root
Jun 25 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15275]: pam_unix(cron:session): session closed for user root
Jun 25 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17969]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17075]: pam_unix(cron:session): session closed for user root
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18589]: Successful su for rubyman by root
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18589]: + ??? root:rubyman
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589022 of user rubyman.
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18589]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589022.
Jun 25 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15756]: pam_unix(cron:session): session closed for user root
Jun 25 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 08:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Failed password for root from 202.178.126.219 port 16324 ssh2
Jun 25 08:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Connection closed by 202.178.126.219 port 16324 [preauth]
Jun 25 08:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Failed password for root from 92.118.39.77 port 38184 ssh2
Jun 25 08:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Connection closed by 92.118.39.77 port 38184 [preauth]
Jun 25 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17481]: pam_unix(cron:session): session closed for user root
Jun 25 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18948]: pam_unix(cron:session): session closed for user root
Jun 25 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18950]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: Successful su for rubyman by root
Jun 25 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: + ??? root:rubyman
Jun 25 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589028 of user rubyman.
Jun 25 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589028.
Jun 25 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session closed for user root
Jun 25 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18951]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17972]: pam_unix(cron:session): session closed for user root
Jun 25 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19614]: Successful su for rubyman by root
Jun 25 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19614]: + ??? root:rubyman
Jun 25 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589032 of user rubyman.
Jun 25 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19614]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589032.
Jun 25 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16566]: pam_unix(cron:session): session closed for user root
Jun 25 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for root from 92.118.39.77 port 40962 ssh2
Jun 25 08:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Connection closed by 92.118.39.77 port 40962 [preauth]
Jun 25 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session closed for user root
Jun 25 08:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 08:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: Failed password for root from 103.149.28.157 port 49280 ssh2
Jun 25 08:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: Connection closed by 103.149.28.157 port 49280 [preauth]
Jun 25 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 25 08:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Failed password for root from 94.159.110.201 port 36108 ssh2
Jun 25 08:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Connection closed by 94.159.110.201 port 36108 [preauth]
Jun 25 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Invalid user servers from 186.96.158.180
Jun 25 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: input_userauth_request: invalid user servers [preauth]
Jun 25 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Failed password for invalid user servers from 186.96.158.180 port 17968 ssh2
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20069]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Received disconnect from 186.96.158.180 port 17968:11: Bye Bye [preauth]
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Disconnected from 186.96.158.180 port 17968 [preauth]
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20133]: Successful su for rubyman by root
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20133]: + ??? root:rubyman
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589036 of user rubyman.
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20133]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589036.
Jun 25 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17074]: pam_unix(cron:session): session closed for user root
Jun 25 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20070]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18953]: pam_unix(cron:session): session closed for user root
Jun 25 08:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20574]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20579]: pam_unix(cron:session): session closed for user root
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20574]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20670]: Successful su for rubyman by root
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20670]: + ??? root:rubyman
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589043 of user rubyman.
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20670]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589043.
Jun 25 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Failed password for root from 92.118.39.77 port 43756 ssh2
Jun 25 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Connection closed by 92.118.39.77 port 43756 [preauth]
Jun 25 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20576]: pam_unix(cron:session): session closed for user root
Jun 25 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: Failed password for root from 176.32.39.21 port 42184 ssh2
Jun 25 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: Connection closed by 176.32.39.21 port 42184 [preauth]
Jun 25 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session closed for user root
Jun 25 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20575]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19445]: pam_unix(cron:session): session closed for user root
Jun 25 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21181]: Successful su for rubyman by root
Jun 25 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21181]: + ??? root:rubyman
Jun 25 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589046 of user rubyman.
Jun 25 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21181]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589046.
Jun 25 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17971]: pam_unix(cron:session): session closed for user root
Jun 25 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20072]: pam_unix(cron:session): session closed for user root
Jun 25 08:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Failed password for root from 92.118.39.77 port 46510 ssh2
Jun 25 08:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Connection closed by 92.118.39.77 port 46510 [preauth]
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21529]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21602]: Successful su for rubyman by root
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21602]: + ??? root:rubyman
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589049 of user rubyman.
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21602]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589049.
Jun 25 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session closed for user root
Jun 25 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21530]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20578]: pam_unix(cron:session): session closed for user root
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22021]: Successful su for rubyman by root
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22021]: + ??? root:rubyman
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589052 of user rubyman.
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22021]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589052.
Jun 25 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18952]: pam_unix(cron:session): session closed for user root
Jun 25 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Failed password for root from 92.118.39.77 port 49256 ssh2
Jun 25 08:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Connection closed by 92.118.39.77 port 49256 [preauth]
Jun 25 08:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user root
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22450]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22512]: Successful su for rubyman by root
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22512]: + ??? root:rubyman
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589058 of user rubyman.
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22512]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589058.
Jun 25 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19441]: pam_unix(cron:session): session closed for user root
Jun 25 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21532]: pam_unix(cron:session): session closed for user root
Jun 25 08:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 25 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Failed password for root from 147.45.211.215 port 54122 ssh2
Jun 25 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Connection closed by 147.45.211.215 port 54122 [preauth]
Jun 25 08:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: Failed password for root from 103.27.238.114 port 36040 ssh2
Jun 25 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: Connection closed by 103.27.238.114 port 36040 [preauth]
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22863]: pam_unix(cron:session): session closed for user root
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22858]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22929]: Successful su for rubyman by root
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22929]: + ??? root:rubyman
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589063 of user rubyman.
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22929]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589063.
Jun 25 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22860]: pam_unix(cron:session): session closed for user root
Jun 25 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20071]: pam_unix(cron:session): session closed for user root
Jun 25 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22859]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: Failed password for root from 92.118.39.77 port 51986 ssh2
Jun 25 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23140]: Connection closed by 92.118.39.77 port 51986 [preauth]
Jun 25 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session closed for user root
Jun 25 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Invalid user roberto from 186.96.158.180
Jun 25 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: input_userauth_request: invalid user roberto [preauth]
Jun 25 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23298]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Failed password for invalid user roberto from 186.96.158.180 port 54281 ssh2
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23382]: Successful su for rubyman by root
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23382]: + ??? root:rubyman
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589067 of user rubyman.
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23382]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589067.
Jun 25 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Received disconnect from 186.96.158.180 port 54281:11: Bye Bye [preauth]
Jun 25 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Disconnected from 186.96.158.180 port 54281 [preauth]
Jun 25 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20577]: pam_unix(cron:session): session closed for user root
Jun 25 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23299]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session closed for user root
Jun 25 08:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: Failed password for root from 92.118.39.77 port 54710 ssh2
Jun 25 08:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: Connection closed by 92.118.39.77 port 54710 [preauth]
Jun 25 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23732]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23803]: Successful su for rubyman by root
Jun 25 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23803]: + ??? root:rubyman
Jun 25 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589070 of user rubyman.
Jun 25 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23803]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589070.
Jun 25 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session closed for user root
Jun 25 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23733]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22862]: pam_unix(cron:session): session closed for user root
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24244]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24242]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24316]: Successful su for rubyman by root
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24316]: + ??? root:rubyman
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589076 of user rubyman.
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24316]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589076.
Jun 25 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21531]: pam_unix(cron:session): session closed for user root
Jun 25 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24243]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23301]: pam_unix(cron:session): session closed for user root
Jun 25 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: Failed password for root from 92.118.39.77 port 57438 ssh2
Jun 25 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: Connection closed by 92.118.39.77 port 57438 [preauth]
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24737]: Successful su for rubyman by root
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24737]: + ??? root:rubyman
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589080 of user rubyman.
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24737]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589080.
Jun 25 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21965]: pam_unix(cron:session): session closed for user root
Jun 25 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 08:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: Failed password for root from 87.251.79.125 port 60680 ssh2
Jun 25 08:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: Connection closed by 87.251.79.125 port 60680 [preauth]
Jun 25 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23735]: pam_unix(cron:session): session closed for user root
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25088]: pam_unix(cron:session): session closed for user root
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25083]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25154]: Successful su for rubyman by root
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25154]: + ??? root:rubyman
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589083 of user rubyman.
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25154]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589083.
Jun 25 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25085]: pam_unix(cron:session): session closed for user root
Jun 25 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user root
Jun 25 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25084]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25364]: Failed password for root from 92.118.39.77 port 60192 ssh2
Jun 25 08:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25364]: Connection closed by 92.118.39.77 port 60192 [preauth]
Jun 25 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24245]: pam_unix(cron:session): session closed for user root
Jun 25 08:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25488]: Connection closed by 194.59.206.2 port 22706 [preauth]
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25509]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25578]: Successful su for rubyman by root
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25578]: + ??? root:rubyman
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589089 of user rubyman.
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25578]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589089.
Jun 25 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22861]: pam_unix(cron:session): session closed for user root
Jun 25 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25510]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24673]: pam_unix(cron:session): session closed for user root
Jun 25 08:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25890]: Received disconnect from 62.210.189.225 port 33106:11: disconnected by user [preauth]
Jun 25 08:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25890]: Disconnected from 62.210.189.225 port 33106 [preauth]
Jun 25 08:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Failed password for root from 92.118.39.77 port 34710 ssh2
Jun 25 08:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Connection closed by 92.118.39.77 port 34710 [preauth]
Jun 25 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25906]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25971]: Successful su for rubyman by root
Jun 25 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25971]: + ??? root:rubyman
Jun 25 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589092 of user rubyman.
Jun 25 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25971]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589092.
Jun 25 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23300]: pam_unix(cron:session): session closed for user root
Jun 25 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25907]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25087]: pam_unix(cron:session): session closed for user root
Jun 25 08:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Invalid user runner from 186.96.158.180
Jun 25 08:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: input_userauth_request: invalid user runner [preauth]
Jun 25 08:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 08:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Failed password for invalid user runner from 186.96.158.180 port 21893 ssh2
Jun 25 08:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Received disconnect from 186.96.158.180 port 21893:11: Bye Bye [preauth]
Jun 25 08:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Disconnected from 186.96.158.180 port 21893 [preauth]
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: Successful su for rubyman by root
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: + ??? root:rubyman
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589096 of user rubyman.
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589096.
Jun 25 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23734]: pam_unix(cron:session): session closed for user root
Jun 25 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25512]: pam_unix(cron:session): session closed for user root
Jun 25 08:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: Failed password for root from 92.118.39.77 port 37450 ssh2
Jun 25 08:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: Connection closed by 92.118.39.77 port 37450 [preauth]
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26783]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26842]: Successful su for rubyman by root
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26842]: + ??? root:rubyman
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589100 of user rubyman.
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26842]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589100.
Jun 25 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: Invalid user support from 141.98.83.240
Jun 25 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: input_userauth_request: invalid user support [preauth]
Jun 25 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24244]: pam_unix(cron:session): session closed for user root
Jun 25 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: Failed password for invalid user support from 141.98.83.240 port 62708 ssh2
Jun 25 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26784]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: Failed password for invalid user support from 141.98.83.240 port 62708 ssh2
Jun 25 08:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: Failed password for invalid user support from 141.98.83.240 port 62708 ssh2
Jun 25 08:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: Connection closed by 141.98.83.240 port 62708 [preauth]
Jun 25 08:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25909]: pam_unix(cron:session): session closed for user root
Jun 25 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session closed for user root
Jun 25 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27183]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: Successful su for rubyman by root
Jun 25 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: + ??? root:rubyman
Jun 25 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589108 of user rubyman.
Jun 25 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589108.
Jun 25 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24672]: pam_unix(cron:session): session closed for user root
Jun 25 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27185]: pam_unix(cron:session): session closed for user root
Jun 25 08:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27184]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: Failed password for root from 92.118.39.77 port 40182 ssh2
Jun 25 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: Connection closed by 92.118.39.77 port 40182 [preauth]
Jun 25 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Failed password for root from 103.82.132.16 port 42996 ssh2
Jun 25 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Connection closed by 103.82.132.16 port 42996 [preauth]
Jun 25 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session closed for user root
Jun 25 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27640]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: Successful su for rubyman by root
Jun 25 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: + ??? root:rubyman
Jun 25 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589110 of user rubyman.
Jun 25 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589110.
Jun 25 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25086]: pam_unix(cron:session): session closed for user root
Jun 25 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27641]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26786]: pam_unix(cron:session): session closed for user root
Jun 25 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 08:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Failed password for root from 103.77.175.15 port 34216 ssh2
Jun 25 08:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Connection closed by 103.77.175.15 port 34216 [preauth]
Jun 25 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28059]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28174]: Successful su for rubyman by root
Jun 25 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28174]: + ??? root:rubyman
Jun 25 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589116 of user rubyman.
Jun 25 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28174]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589116.
Jun 25 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25511]: pam_unix(cron:session): session closed for user root
Jun 25 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28087]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: Failed password for root from 92.118.39.77 port 42930 ssh2
Jun 25 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: Connection closed by 92.118.39.77 port 42930 [preauth]
Jun 25 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27187]: pam_unix(cron:session): session closed for user root
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28501]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28655]: Successful su for rubyman by root
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28655]: + ??? root:rubyman
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589118 of user rubyman.
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28655]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589118.
Jun 25 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25908]: pam_unix(cron:session): session closed for user root
Jun 25 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28502]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Invalid user admin from 2.57.121.25
Jun 25 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: input_userauth_request: invalid user admin [preauth]
Jun 25 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Failed password for invalid user admin from 2.57.121.25 port 40072 ssh2
Jun 25 08:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Failed password for invalid user admin from 2.57.121.25 port 40072 ssh2
Jun 25 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Failed password for root from 193.37.70.224 port 48404 ssh2
Jun 25 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Connection closed by 193.37.70.224 port 48404 [preauth]
Jun 25 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Failed password for invalid user admin from 2.57.121.25 port 40072 ssh2
Jun 25 08:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Connection closed by 2.57.121.25 port 40072 [preauth]
Jun 25 08:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27643]: pam_unix(cron:session): session closed for user root
Jun 25 08:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28992]: Failed password for root from 92.118.39.77 port 45628 ssh2
Jun 25 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28992]: Connection closed by 92.118.39.77 port 45628 [preauth]
Jun 25 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29153]: Successful su for rubyman by root
Jun 25 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29153]: + ??? root:rubyman
Jun 25 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589123 of user rubyman.
Jun 25 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29153]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589123.
Jun 25 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29022]: pam_unix(cron:session): session closed for user root
Jun 25 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session closed for user root
Jun 25 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29026]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Received disconnect from 62.210.199.83 port 55364:11: disconnected by user [preauth]
Jun 25 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Disconnected from 62.210.199.83 port 55364 [preauth]
Jun 25 08:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 25 08:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Failed password for root from 186.96.158.180 port 40328 ssh2
Jun 25 08:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Received disconnect from 186.96.158.180 port 40328:11: Bye Bye [preauth]
Jun 25 08:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Disconnected from 186.96.158.180 port 40328 [preauth]
Jun 25 08:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 08:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: Failed password for root from 147.45.199.80 port 46852 ssh2
Jun 25 08:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: Connection closed by 147.45.199.80 port 46852 [preauth]
Jun 25 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28109]: pam_unix(cron:session): session closed for user root
Jun 25 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session closed for user root
Jun 25 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29713]: Successful su for rubyman by root
Jun 25 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29713]: + ??? root:rubyman
Jun 25 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589131 of user rubyman.
Jun 25 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29713]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589131.
Jun 25 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user root
Jun 25 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26785]: pam_unix(cron:session): session closed for user root
Jun 25 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session closed for user root
Jun 25 08:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Failed password for root from 92.118.39.77 port 48344 ssh2
Jun 25 08:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Connection closed by 92.118.39.77 port 48344 [preauth]
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30186]: Successful su for rubyman by root
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30186]: + ??? root:rubyman
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589134 of user rubyman.
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30186]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589134.
Jun 25 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27186]: pam_unix(cron:session): session closed for user root
Jun 25 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29028]: pam_unix(cron:session): session closed for user root
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30524]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30595]: Successful su for rubyman by root
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30595]: + ??? root:rubyman
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589138 of user rubyman.
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30595]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589138.
Jun 25 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27642]: pam_unix(cron:session): session closed for user root
Jun 25 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30525]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: Failed password for root from 92.118.39.77 port 51068 ssh2
Jun 25 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: Connection closed by 92.118.39.77 port 51068 [preauth]
Jun 25 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user root
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31102]: Successful su for rubyman by root
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31102]: + ??? root:rubyman
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589142 of user rubyman.
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31102]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589142.
Jun 25 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session closed for user root
Jun 25 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30108]: pam_unix(cron:session): session closed for user root
Jun 25 08:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 08:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31374]: Failed password for root from 103.82.20.28 port 46266 ssh2
Jun 25 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31374]: Connection closed by 103.82.20.28 port 46266 [preauth]
Jun 25 08:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 08:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 08:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: Failed password for root from 62.133.62.83 port 48492 ssh2
Jun 25 08:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: Connection closed by 62.133.62.83 port 48492 [preauth]
Jun 25 08:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: Failed password for root from 103.27.238.116 port 39430 ssh2
Jun 25 08:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: Connection closed by 103.27.238.116 port 39430 [preauth]
Jun 25 08:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: Failed password for root from 92.118.39.77 port 53772 ssh2
Jun 25 08:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: Connection closed by 92.118.39.77 port 53772 [preauth]
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31444]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31508]: Successful su for rubyman by root
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31508]: + ??? root:rubyman
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589146 of user rubyman.
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31508]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589146.
Jun 25 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28503]: pam_unix(cron:session): session closed for user root
Jun 25 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31445]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session closed for user root
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31953]: pam_unix(cron:session): session closed for user root
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31947]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32031]: Successful su for rubyman by root
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32031]: + ??? root:rubyman
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589152 of user rubyman.
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32031]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589152.
Jun 25 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session closed for user root
Jun 25 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29027]: pam_unix(cron:session): session closed for user root
Jun 25 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31948]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 08:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Failed password for root from 194.113.233.25 port 43450 ssh2
Jun 25 08:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Connection closed by 194.113.233.25 port 43450 [preauth]
Jun 25 08:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31041]: pam_unix(cron:session): session closed for user root
Jun 25 08:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Failed password for root from 92.118.39.77 port 56476 ssh2
Jun 25 08:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Connection closed by 92.118.39.77 port 56476 [preauth]
Jun 25 08:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32395]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32470]: Successful su for rubyman by root
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32470]: + ??? root:rubyman
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589155 of user rubyman.
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32470]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589155.
Jun 25 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user root
Jun 25 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32400]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: Invalid user user03 from 186.96.158.180
Jun 25 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: input_userauth_request: invalid user user03 [preauth]
Jun 25 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 08:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: Failed password for invalid user user03 from 186.96.158.180 port 52535 ssh2
Jun 25 08:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: Received disconnect from 186.96.158.180 port 52535:11: Bye Bye [preauth]
Jun 25 08:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: Disconnected from 186.96.158.180 port 52535 [preauth]
Jun 25 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31447]: pam_unix(cron:session): session closed for user root
Jun 25 08:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 08:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: Failed password for root from 109.237.96.109 port 42548 ssh2
Jun 25 08:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: Connection closed by 109.237.96.109 port 42548 [preauth]
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[350]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[428]: Successful su for rubyman by root
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[428]: + ??? root:rubyman
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589161 of user rubyman.
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[428]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589161.
Jun 25 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session closed for user root
Jun 25 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Failed password for root from 92.118.39.77 port 59182 ssh2
Jun 25 08:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Connection closed by 92.118.39.77 port 59182 [preauth]
Jun 25 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session closed for user root
Jun 25 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[920]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[916]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: Successful su for rubyman by root
Jun 25 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: + ??? root:rubyman
Jun 25 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589163 of user rubyman.
Jun 25 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589163.
Jun 25 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30526]: pam_unix(cron:session): session closed for user root
Jun 25 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[918]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32402]: pam_unix(cron:session): session closed for user root
Jun 25 08:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Failed password for root from 92.118.39.77 port 33660 ssh2
Jun 25 08:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Connection closed by 92.118.39.77 port 33660 [preauth]
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1477]: Successful su for rubyman by root
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1477]: + ??? root:rubyman
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589167 of user rubyman.
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1477]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589167.
Jun 25 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31040]: pam_unix(cron:session): session closed for user root
Jun 25 08:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session closed for user root
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1929]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1929]: pam_unix(cron:session): session closed for user root
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1923]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2022]: Successful su for rubyman by root
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2022]: + ??? root:rubyman
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589175 of user rubyman.
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2022]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589175.
Jun 25 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1925]: pam_unix(cron:session): session closed for user root
Jun 25 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31446]: pam_unix(cron:session): session closed for user root
Jun 25 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1924]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[920]: pam_unix(cron:session): session closed for user root
Jun 25 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: Failed password for root from 92.118.39.77 port 36350 ssh2
Jun 25 08:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: Connection closed by 92.118.39.77 port 36350 [preauth]
Jun 25 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2422]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2494]: Successful su for rubyman by root
Jun 25 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2494]: + ??? root:rubyman
Jun 25 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589177 of user rubyman.
Jun 25 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2494]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589177.
Jun 25 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31950]: pam_unix(cron:session): session closed for user root
Jun 25 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2423]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1385]: pam_unix(cron:session): session closed for user root
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2857]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2921]: Successful su for rubyman by root
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2921]: + ??? root:rubyman
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589181 of user rubyman.
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2921]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589181.
Jun 25 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32401]: pam_unix(cron:session): session closed for user root
Jun 25 08:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2858]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: Failed password for root from 92.118.39.77 port 39088 ssh2
Jun 25 08:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: Connection closed by 92.118.39.77 port 39088 [preauth]
Jun 25 08:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1928]: pam_unix(cron:session): session closed for user root
Jun 25 08:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 25 08:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Failed password for root from 186.96.158.180 port 63877 ssh2
Jun 25 08:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Received disconnect from 186.96.158.180 port 63877:11: Bye Bye [preauth]
Jun 25 08:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Disconnected from 186.96.158.180 port 63877 [preauth]
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3312]: Successful su for rubyman by root
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3312]: + ??? root:rubyman
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589185 of user rubyman.
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3312]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589185.
Jun 25 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session closed for user root
Jun 25 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3252]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2425]: pam_unix(cron:session): session closed for user root
Jun 25 08:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3648]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3645]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3803]: Successful su for rubyman by root
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3803]: + ??? root:rubyman
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589190 of user rubyman.
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3803]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589190.
Jun 25 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Failed password for root from 92.118.39.77 port 41798 ssh2
Jun 25 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[919]: pam_unix(cron:session): session closed for user root
Jun 25 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Connection closed by 92.118.39.77 port 41798 [preauth]
Jun 25 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3646]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2860]: pam_unix(cron:session): session closed for user root
Jun 25 08:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 08:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Failed password for root from 103.153.68.219 port 52716 ssh2
Jun 25 08:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Connection closed by 103.153.68.219 port 52716 [preauth]
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4261]: pam_unix(cron:session): session closed for user root
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4256]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4330]: Successful su for rubyman by root
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4330]: + ??? root:rubyman
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589195 of user rubyman.
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4330]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589195.
Jun 25 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4258]: pam_unix(cron:session): session closed for user root
Jun 25 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1382]: pam_unix(cron:session): session closed for user root
Jun 25 08:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4257]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3254]: pam_unix(cron:session): session closed for user root
Jun 25 08:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4663]: Failed password for root from 92.118.39.77 port 44520 ssh2
Jun 25 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4663]: Connection closed by 92.118.39.77 port 44520 [preauth]
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4833]: Successful su for rubyman by root
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4833]: + ??? root:rubyman
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589199 of user rubyman.
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4833]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589199.
Jun 25 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1927]: pam_unix(cron:session): session closed for user root
Jun 25 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4697]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 08:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: Failed password for root from 38.93.206.2 port 15284 ssh2
Jun 25 08:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5086]: Connection closed by 38.93.206.2 port 15284 [preauth]
Jun 25 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3648]: pam_unix(cron:session): session closed for user root
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5206]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5271]: Successful su for rubyman by root
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5271]: + ??? root:rubyman
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589204 of user rubyman.
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5271]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589204.
Jun 25 08:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2424]: pam_unix(cron:session): session closed for user root
Jun 25 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: Failed password for root from 92.118.39.77 port 47206 ssh2
Jun 25 08:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5526]: Connection closed by 92.118.39.77 port 47206 [preauth]
Jun 25 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session closed for user root
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5622]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5679]: Successful su for rubyman by root
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5679]: + ??? root:rubyman
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589208 of user rubyman.
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5679]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589208.
Jun 25 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2859]: pam_unix(cron:session): session closed for user root
Jun 25 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5622]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4699]: pam_unix(cron:session): session closed for user root
Jun 25 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 08:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Failed password for root from 103.122.221.179 port 57988 ssh2
Jun 25 08:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Connection closed by 103.122.221.179 port 57988 [preauth]
Jun 25 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6006]: pam_unix(cron:session): session closed for user p13x
Jun 25 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6065]: Successful su for rubyman by root
Jun 25 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6065]: + ??? root:rubyman
Jun 25 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589213 of user rubyman.
Jun 25 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6065]: pam_unix(su:session): session closed for user rubyman
Jun 25 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589213.
Jun 25 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3253]: pam_unix(cron:session): session closed for user root
Jun 25 08:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6007]: pam_unix(cron:session): session closed for user samftp
Jun 25 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Invalid user mahesh from 180.93.52.137
Jun 25 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: input_userauth_request: invalid user mahesh [preauth]
Jun 25 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.93.52.137
Jun 25 08:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Failed password for root from 92.118.39.77 port 49968 ssh2
Jun 25 08:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Connection closed by 92.118.39.77 port 49968 [preauth]
Jun 25 08:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Failed password for invalid user mahesh from 180.93.52.137 port 40152 ssh2
Jun 25 08:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Connection closed by 180.93.52.137 port 40152 [preauth]
Jun 25 08:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Invalid user andi from 186.96.158.180
Jun 25 08:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: input_userauth_request: invalid user andi [preauth]
Jun 25 08:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 08:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 08:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Failed password for invalid user andi from 186.96.158.180 port 54135 ssh2
Jun 25 08:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Received disconnect from 186.96.158.180 port 54135:11: Bye Bye [preauth]
Jun 25 08:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Disconnected from 186.96.158.180 port 54135 [preauth]
Jun 25 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session closed for user root
Jun 25 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Invalid user admin from 193.46.255.86
Jun 25 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: input_userauth_request: invalid user admin [preauth]
Jun 25 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session closed for user root
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6407]: pam_unix(cron:session): session closed for user root
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6493]: Successful su for rubyman by root
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6493]: + ??? root:rubyman
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589220 of user rubyman.
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6493]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589220.
Jun 25 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Failed password for invalid user admin from 193.46.255.86 port 24332 ssh2
Jun 25 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Failed password for invalid user admin from 193.46.255.86 port 24332 ssh2
Jun 25 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session closed for user root
Jun 25 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3647]: pam_unix(cron:session): session closed for user root
Jun 25 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Failed password for invalid user admin from 193.46.255.86 port 24332 ssh2
Jun 25 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Connection closed by 193.46.255.86 port 24332 [preauth]
Jun 25 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5624]: pam_unix(cron:session): session closed for user root
Jun 25 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 09:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: Failed password for root from 92.118.39.77 port 52664 ssh2
Jun 25 09:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6890]: Connection closed by 92.118.39.77 port 52664 [preauth]
Jun 25 09:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6924]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6920]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7021]: Successful su for rubyman by root
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7021]: + ??? root:rubyman
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589224 of user rubyman.
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7021]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589224.
Jun 25 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: Failed password for root from 103.77.242.62 port 59556 ssh2
Jun 25 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: Connection closed by 103.77.242.62 port 59556 [preauth]
Jun 25 09:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4259]: pam_unix(cron:session): session closed for user root
Jun 25 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6922]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Invalid user postgres from 103.227.210.171
Jun 25 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: input_userauth_request: invalid user postgres [preauth]
Jun 25 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.227.210.171
Jun 25 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Failed password for invalid user postgres from 103.227.210.171 port 40768 ssh2
Jun 25 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Connection closed by 103.227.210.171 port 40768 [preauth]
Jun 25 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6009]: pam_unix(cron:session): session closed for user root
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7420]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7479]: Successful su for rubyman by root
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7479]: + ??? root:rubyman
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589226 of user rubyman.
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7479]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589226.
Jun 25 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4698]: pam_unix(cron:session): session closed for user root
Jun 25 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7421]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Failed password for root from 92.118.39.77 port 55344 ssh2
Jun 25 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Connection closed by 92.118.39.77 port 55344 [preauth]
Jun 25 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session closed for user root
Jun 25 09:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: Invalid user username from 141.98.83.240
Jun 25 09:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: input_userauth_request: invalid user username [preauth]
Jun 25 09:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: Failed password for invalid user username from 141.98.83.240 port 57454 ssh2
Jun 25 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: Failed password for invalid user username from 141.98.83.240 port 57454 ssh2
Jun 25 09:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: Failed password for invalid user username from 141.98.83.240 port 57454 ssh2
Jun 25 09:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: Connection closed by 141.98.83.240 port 57454 [preauth]
Jun 25 09:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7889]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7908]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7965]: Successful su for rubyman by root
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7965]: + ??? root:rubyman
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589231 of user rubyman.
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7965]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589231.
Jun 25 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: Invalid user julian from 2.57.121.112
Jun 25 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: input_userauth_request: invalid user julian [preauth]
Jun 25 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5209]: pam_unix(cron:session): session closed for user root
Jun 25 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: Failed password for invalid user julian from 2.57.121.112 port 64216 ssh2
Jun 25 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7909]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: Failed password for invalid user julian from 2.57.121.112 port 64216 ssh2
Jun 25 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: Failed password for invalid user julian from 2.57.121.112 port 64216 ssh2
Jun 25 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: Failed password for invalid user julian from 2.57.121.112 port 64216 ssh2
Jun 25 09:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: Failed password for invalid user julian from 2.57.121.112 port 64216 ssh2
Jun 25 09:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: Connection closed by 2.57.121.112 port 64216 [preauth]
Jun 25 09:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 09:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6924]: pam_unix(cron:session): session closed for user root
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8294]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8354]: Successful su for rubyman by root
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8354]: + ??? root:rubyman
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589235 of user rubyman.
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8354]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589235.
Jun 25 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session closed for user root
Jun 25 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8295]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 09:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: Failed password for root from 92.118.39.77 port 58060 ssh2
Jun 25 09:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: Connection closed by 92.118.39.77 port 58060 [preauth]
Jun 25 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session closed for user root
Jun 25 09:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 09:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Failed password for root from 77.94.47.83 port 39602 ssh2
Jun 25 09:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Connection closed by 77.94.47.83 port 39602 [preauth]
Jun 25 09:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 09:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Failed password for root from 80.66.85.226 port 45558 ssh2
Jun 25 09:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Connection closed by 80.66.85.226 port 45558 [preauth]
Jun 25 09:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 09:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Failed password for root from 103.176.20.57 port 35044 ssh2
Jun 25 09:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Connection closed by 103.176.20.57 port 35044 [preauth]
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8709]: pam_unix(cron:session): session closed for user root
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8704]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8775]: Successful su for rubyman by root
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8775]: + ??? root:rubyman
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589241 of user rubyman.
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8775]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589241.
Jun 25 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8706]: pam_unix(cron:session): session closed for user root
Jun 25 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6008]: pam_unix(cron:session): session closed for user root
Jun 25 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8705]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7911]: pam_unix(cron:session): session closed for user root
Jun 25 09:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Invalid user foundry from 186.96.158.180
Jun 25 09:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: input_userauth_request: invalid user foundry [preauth]
Jun 25 09:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 09:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Failed password for invalid user foundry from 186.96.158.180 port 64200 ssh2
Jun 25 09:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Received disconnect from 186.96.158.180 port 64200:11: Bye Bye [preauth]
Jun 25 09:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Disconnected from 186.96.158.180 port 64200 [preauth]
Jun 25 09:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 09:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9115]: Failed password for root from 92.118.39.77 port 60724 ssh2
Jun 25 09:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9115]: Connection closed by 92.118.39.77 port 60724 [preauth]
Jun 25 09:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: Connection reset by 45.148.10.157 port 21702 [preauth]
Jun 25 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9141]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9138]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9205]: Successful su for rubyman by root
Jun 25 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9205]: + ??? root:rubyman
Jun 25 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589244 of user rubyman.
Jun 25 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9205]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589244.
Jun 25 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session closed for user root
Jun 25 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9139]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8297]: pam_unix(cron:session): session closed for user root
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: Successful su for rubyman by root
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: + ??? root:rubyman
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589249 of user rubyman.
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589249.
Jun 25 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6923]: pam_unix(cron:session): session closed for user root
Jun 25 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: Failed password for root from 202.178.126.219 port 64625 ssh2
Jun 25 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9527]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: Connection closed by 202.178.126.219 port 64625 [preauth]
Jun 25 09:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8708]: pam_unix(cron:session): session closed for user root
Jun 25 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: Failed password for root from 92.118.39.77 port 35186 ssh2
Jun 25 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: Connection closed by 92.118.39.77 port 35186 [preauth]
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10109]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10171]: Successful su for rubyman by root
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10171]: + ??? root:rubyman
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589253 of user rubyman.
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10171]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589253.
Jun 25 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7422]: pam_unix(cron:session): session closed for user root
Jun 25 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9141]: pam_unix(cron:session): session closed for user root
Jun 25 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10603]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10732]: Successful su for rubyman by root
Jun 25 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10732]: + ??? root:rubyman
Jun 25 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589256 of user rubyman.
Jun 25 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10732]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589256.
Jun 25 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session closed for user root
Jun 25 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7910]: pam_unix(cron:session): session closed for user root
Jun 25 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10604]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 09:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: Failed password for root from 92.118.39.77 port 37838 ssh2
Jun 25 09:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: Connection closed by 92.118.39.77 port 37838 [preauth]
Jun 25 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9529]: pam_unix(cron:session): session closed for user root
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11125]: pam_unix(cron:session): session closed for user root
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11196]: Successful su for rubyman by root
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11196]: + ??? root:rubyman
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589265 of user rubyman.
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11196]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589265.
Jun 25 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11120]: pam_unix(cron:session): session closed for user root
Jun 25 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8296]: pam_unix(cron:session): session closed for user root
Jun 25 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11119]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10114]: pam_unix(cron:session): session closed for user root
Jun 25 09:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77  user=root
Jun 25 09:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: Failed password for root from 92.118.39.77 port 40558 ssh2
Jun 25 09:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11558]: Connection closed by 92.118.39.77 port 40558 [preauth]
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11579]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11646]: Successful su for rubyman by root
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11646]: + ??? root:rubyman
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589268 of user rubyman.
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11646]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589268.
Jun 25 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8707]: pam_unix(cron:session): session closed for user root
Jun 25 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11580]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10606]: pam_unix(cron:session): session closed for user root
Jun 25 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180  user=root
Jun 25 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Failed password for root from 186.96.158.180 port 41919 ssh2
Jun 25 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Received disconnect from 186.96.158.180 port 41919:11: Bye Bye [preauth]
Jun 25 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Disconnected from 186.96.158.180 port 41919 [preauth]
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12100]: Successful su for rubyman by root
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12100]: + ??? root:rubyman
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589271 of user rubyman.
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12100]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589271.
Jun 25 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9140]: pam_unix(cron:session): session closed for user root
Jun 25 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12043]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11124]: pam_unix(cron:session): session closed for user root
Jun 25 09:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Invalid user admin from 92.118.39.77
Jun 25 09:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: input_userauth_request: invalid user admin [preauth]
Jun 25 09:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77
Jun 25 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Failed password for invalid user admin from 92.118.39.77 port 43234 ssh2
Jun 25 09:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Connection closed by 92.118.39.77 port 43234 [preauth]
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12622]: Successful su for rubyman by root
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12622]: + ??? root:rubyman
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589275 of user rubyman.
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12622]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589275.
Jun 25 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9528]: pam_unix(cron:session): session closed for user root
Jun 25 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11582]: pam_unix(cron:session): session closed for user root
Jun 25 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13037]: Successful su for rubyman by root
Jun 25 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13037]: + ??? root:rubyman
Jun 25 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589279 of user rubyman.
Jun 25 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13037]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589279.
Jun 25 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10113]: pam_unix(cron:session): session closed for user root
Jun 25 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12976]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Invalid user admin from 92.118.39.77
Jun 25 09:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: input_userauth_request: invalid user admin [preauth]
Jun 25 09:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77
Jun 25 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12046]: pam_unix(cron:session): session closed for user root
Jun 25 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Failed password for invalid user admin from 92.118.39.77 port 45934 ssh2
Jun 25 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Connection closed by 92.118.39.77 port 45934 [preauth]
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13392]: pam_unix(cron:session): session closed for user root
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13454]: Successful su for rubyman by root
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13454]: + ??? root:rubyman
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589286 of user rubyman.
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13454]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589286.
Jun 25 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13389]: pam_unix(cron:session): session closed for user root
Jun 25 09:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10605]: pam_unix(cron:session): session closed for user root
Jun 25 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13388]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 09:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: Failed password for root from 51.250.105.222 port 47910 ssh2
Jun 25 09:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: Connection closed by 51.250.105.222 port 47910 [preauth]
Jun 25 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12560]: pam_unix(cron:session): session closed for user root
Jun 25 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: Successful su for rubyman by root
Jun 25 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: + ??? root:rubyman
Jun 25 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589290 of user rubyman.
Jun 25 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589290.
Jun 25 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11122]: pam_unix(cron:session): session closed for user root
Jun 25 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: Invalid user admin from 92.118.39.77
Jun 25 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: input_userauth_request: invalid user admin [preauth]
Jun 25 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77
Jun 25 09:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: Failed password for invalid user admin from 92.118.39.77 port 48612 ssh2
Jun 25 09:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14083]: Connection closed by 92.118.39.77 port 48612 [preauth]
Jun 25 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12978]: pam_unix(cron:session): session closed for user root
Jun 25 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14227]: pam_unix(cron:session): session closed for user root
Jun 25 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: Successful su for rubyman by root
Jun 25 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: + ??? root:rubyman
Jun 25 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589293 of user rubyman.
Jun 25 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589293.
Jun 25 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11581]: pam_unix(cron:session): session closed for user root
Jun 25 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13391]: pam_unix(cron:session): session closed for user root
Jun 25 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14596]: Invalid user admin from 92.118.39.77
Jun 25 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14596]: input_userauth_request: invalid user admin [preauth]
Jun 25 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14596]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77
Jun 25 09:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14596]: Failed password for invalid user admin from 92.118.39.77 port 51280 ssh2
Jun 25 09:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14596]: Connection closed by 92.118.39.77 port 51280 [preauth]
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14622]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14730]: Successful su for rubyman by root
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14730]: + ??? root:rubyman
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589298 of user rubyman.
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14730]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589298.
Jun 25 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12045]: pam_unix(cron:session): session closed for user root
Jun 25 09:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14623]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Invalid user yoyo from 186.96.158.180
Jun 25 09:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: input_userauth_request: invalid user yoyo [preauth]
Jun 25 09:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Failed password for invalid user yoyo from 186.96.158.180 port 18704 ssh2
Jun 25 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Received disconnect from 186.96.158.180 port 18704:11: Bye Bye [preauth]
Jun 25 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Disconnected from 186.96.158.180 port 18704 [preauth]
Jun 25 09:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session closed for user root
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15107]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15172]: Successful su for rubyman by root
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15172]: + ??? root:rubyman
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589304 of user rubyman.
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15172]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589304.
Jun 25 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session closed for user root
Jun 25 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15108]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: Invalid user admin from 92.118.39.77
Jun 25 09:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: input_userauth_request: invalid user admin [preauth]
Jun 25 09:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77
Jun 25 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: Failed password for invalid user admin from 92.118.39.77 port 53958 ssh2
Jun 25 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: Connection closed by 92.118.39.77 port 53958 [preauth]
Jun 25 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14232]: pam_unix(cron:session): session closed for user root
Jun 25 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15510]: pam_unix(cron:session): session closed for user root
Jun 25 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15505]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: Successful su for rubyman by root
Jun 25 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: + ??? root:rubyman
Jun 25 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589306 of user rubyman.
Jun 25 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589306.
Jun 25 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15507]: pam_unix(cron:session): session closed for user root
Jun 25 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12977]: pam_unix(cron:session): session closed for user root
Jun 25 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15506]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14625]: pam_unix(cron:session): session closed for user root
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15924]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15989]: Successful su for rubyman by root
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15989]: + ??? root:rubyman
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589312 of user rubyman.
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15989]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589312.
Jun 25 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Invalid user admin from 92.118.39.77
Jun 25 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: input_userauth_request: invalid user admin [preauth]
Jun 25 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.77
Jun 25 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13390]: pam_unix(cron:session): session closed for user root
Jun 25 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Failed password for invalid user admin from 92.118.39.77 port 56648 ssh2
Jun 25 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15925]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Connection closed by 92.118.39.77 port 56648 [preauth]
Jun 25 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15111]: pam_unix(cron:session): session closed for user root
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16313]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16372]: Successful su for rubyman by root
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16372]: + ??? root:rubyman
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589317 of user rubyman.
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16372]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589317.
Jun 25 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session closed for user root
Jun 25 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16314]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15509]: pam_unix(cron:session): session closed for user root
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16714]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16712]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16773]: Successful su for rubyman by root
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16773]: + ??? root:rubyman
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589320 of user rubyman.
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16773]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589320.
Jun 25 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session closed for user root
Jun 25 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15927]: pam_unix(cron:session): session closed for user root
Jun 25 09:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17267]: Successful su for rubyman by root
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17267]: + ??? root:rubyman
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589324 of user rubyman.
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17267]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589324.
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Failed password for root from 103.172.78.219 port 46586 ssh2
Jun 25 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Connection closed by 103.172.78.219 port 46586 [preauth]
Jun 25 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14624]: pam_unix(cron:session): session closed for user root
Jun 25 09:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16316]: pam_unix(cron:session): session closed for user root
Jun 25 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17617]: pam_unix(cron:session): session closed for user root
Jun 25 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17612]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17772]: Successful su for rubyman by root
Jun 25 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17772]: + ??? root:rubyman
Jun 25 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589333 of user rubyman.
Jun 25 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17772]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589333.
Jun 25 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15110]: pam_unix(cron:session): session closed for user root
Jun 25 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session closed for user root
Jun 25 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17613]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 09:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Failed password for root from 103.27.238.120 port 54814 ssh2
Jun 25 09:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Connection closed by 103.27.238.120 port 54814 [preauth]
Jun 25 09:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16715]: pam_unix(cron:session): session closed for user root
Jun 25 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Invalid user srv from 186.96.158.180
Jun 25 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: input_userauth_request: invalid user srv [preauth]
Jun 25 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Failed password for invalid user srv from 186.96.158.180 port 16187 ssh2
Jun 25 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Received disconnect from 186.96.158.180 port 16187:11: Bye Bye [preauth]
Jun 25 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Disconnected from 186.96.158.180 port 16187 [preauth]
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18158]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: Successful su for rubyman by root
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: + ??? root:rubyman
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589336 of user rubyman.
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589336.
Jun 25 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15508]: pam_unix(cron:session): session closed for user root
Jun 25 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18160]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session closed for user root
Jun 25 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18669]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18735]: Successful su for rubyman by root
Jun 25 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18735]: + ??? root:rubyman
Jun 25 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589338 of user rubyman.
Jun 25 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18735]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589338.
Jun 25 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15926]: pam_unix(cron:session): session closed for user root
Jun 25 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18670]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17616]: pam_unix(cron:session): session closed for user root
Jun 25 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19079]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19238]: Successful su for rubyman by root
Jun 25 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19238]: + ??? root:rubyman
Jun 25 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589342 of user rubyman.
Jun 25 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19238]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589342.
Jun 25 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16315]: pam_unix(cron:session): session closed for user root
Jun 25 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19080]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18162]: pam_unix(cron:session): session closed for user root
Jun 25 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19784]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19863]: Successful su for rubyman by root
Jun 25 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19863]: + ??? root:rubyman
Jun 25 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589347 of user rubyman.
Jun 25 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19863]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589347.
Jun 25 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16714]: pam_unix(cron:session): session closed for user root
Jun 25 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19785]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18672]: pam_unix(cron:session): session closed for user root
Jun 25 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20293]: pam_unix(cron:session): session closed for user root
Jun 25 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20285]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20363]: Successful su for rubyman by root
Jun 25 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20363]: + ??? root:rubyman
Jun 25 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589353 of user rubyman.
Jun 25 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20363]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589353.
Jun 25 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20290]: pam_unix(cron:session): session closed for user root
Jun 25 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session closed for user root
Jun 25 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19082]: pam_unix(cron:session): session closed for user root
Jun 25 09:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: Connection closed by 194.59.206.2 port 59786 [preauth]
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20897]: Successful su for rubyman by root
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20897]: + ??? root:rubyman
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589356 of user rubyman.
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20897]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589356.
Jun 25 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17615]: pam_unix(cron:session): session closed for user root
Jun 25 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 09:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Failed password for root from 141.98.83.240 port 53458 ssh2
Jun 25 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Failed password for root from 141.98.83.240 port 53458 ssh2
Jun 25 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session closed for user root
Jun 25 09:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Failed password for root from 141.98.83.240 port 53458 ssh2
Jun 25 09:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Connection closed by 141.98.83.240 port 53458 [preauth]
Jun 25 09:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21238]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21304]: Successful su for rubyman by root
Jun 25 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21304]: + ??? root:rubyman
Jun 25 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589360 of user rubyman.
Jun 25 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21304]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589360.
Jun 25 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18161]: pam_unix(cron:session): session closed for user root
Jun 25 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21239]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20292]: pam_unix(cron:session): session closed for user root
Jun 25 09:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Invalid user amin from 186.96.158.180
Jun 25 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: input_userauth_request: invalid user amin [preauth]
Jun 25 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.158.180
Jun 25 09:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Failed password for invalid user amin from 186.96.158.180 port 6758 ssh2
Jun 25 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Received disconnect from 186.96.158.180 port 6758:11: Bye Bye [preauth]
Jun 25 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Disconnected from 186.96.158.180 port 6758 [preauth]
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21669]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21741]: Successful su for rubyman by root
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21741]: + ??? root:rubyman
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589364 of user rubyman.
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21741]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589364.
Jun 25 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session closed for user root
Jun 25 09:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21671]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session closed for user root
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22072]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22140]: Successful su for rubyman by root
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22140]: + ??? root:rubyman
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589368 of user rubyman.
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22140]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589368.
Jun 25 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19081]: pam_unix(cron:session): session closed for user root
Jun 25 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22073]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21241]: pam_unix(cron:session): session closed for user root
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22567]: pam_unix(cron:session): session closed for user root
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22631]: Successful su for rubyman by root
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22631]: + ??? root:rubyman
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589372 of user rubyman.
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22631]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589372.
Jun 25 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22563]: pam_unix(cron:session): session closed for user root
Jun 25 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session closed for user root
Jun 25 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21678]: pam_unix(cron:session): session closed for user root
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: Successful su for rubyman by root
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: + ??? root:rubyman
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589379 of user rubyman.
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589379.
Jun 25 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20291]: pam_unix(cron:session): session closed for user root
Jun 25 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user root
Jun 25 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23427]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23486]: Successful su for rubyman by root
Jun 25 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23486]: + ??? root:rubyman
Jun 25 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589384 of user rubyman.
Jun 25 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23486]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589384.
Jun 25 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session closed for user root
Jun 25 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23428]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22566]: pam_unix(cron:session): session closed for user root
Jun 25 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23936]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24001]: Successful su for rubyman by root
Jun 25 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24001]: + ??? root:rubyman
Jun 25 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589386 of user rubyman.
Jun 25 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24001]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589386.
Jun 25 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21240]: pam_unix(cron:session): session closed for user root
Jun 25 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23937]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 09:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24262]: Failed password for root from 38.93.206.2 port 24414 ssh2
Jun 25 09:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24262]: Connection closed by 38.93.206.2 port 24414 [preauth]
Jun 25 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session closed for user root
Jun 25 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24309]: Connection reset by 205.210.31.104 port 65056 [preauth]
Jun 25 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Invalid user admin from 2.57.121.25
Jun 25 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: input_userauth_request: invalid user admin [preauth]
Jun 25 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for invalid user admin from 2.57.121.25 port 21940 ssh2
Jun 25 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for invalid user admin from 2.57.121.25 port 21940 ssh2
Jun 25 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for invalid user admin from 2.57.121.25 port 21940 ssh2
Jun 25 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Connection closed by 2.57.121.25 port 21940 [preauth]
Jun 25 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24372]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: Successful su for rubyman by root
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: + ??? root:rubyman
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589392 of user rubyman.
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589392.
Jun 25 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24370]: pam_unix(cron:session): session closed for user root
Jun 25 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21672]: pam_unix(cron:session): session closed for user root
Jun 25 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24373]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23430]: pam_unix(cron:session): session closed for user root
Jun 25 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session closed for user root
Jun 25 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: Successful su for rubyman by root
Jun 25 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: + ??? root:rubyman
Jun 25 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589395 of user rubyman.
Jun 25 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589395.
Jun 25 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24883]: pam_unix(cron:session): session closed for user root
Jun 25 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22074]: pam_unix(cron:session): session closed for user root
Jun 25 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24882]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23940]: pam_unix(cron:session): session closed for user root
Jun 25 09:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 09:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Failed password for root from 103.15.222.183 port 35030 ssh2
Jun 25 09:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Connection closed by 103.15.222.183 port 35030 [preauth]
Jun 25 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25308]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25373]: Successful su for rubyman by root
Jun 25 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25373]: + ??? root:rubyman
Jun 25 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589401 of user rubyman.
Jun 25 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25373]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589401.
Jun 25 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22565]: pam_unix(cron:session): session closed for user root
Jun 25 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25309]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24375]: pam_unix(cron:session): session closed for user root
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25713]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25714]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25711]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25770]: Successful su for rubyman by root
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25770]: + ??? root:rubyman
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589405 of user rubyman.
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25770]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589405.
Jun 25 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session closed for user root
Jun 25 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25712]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24885]: pam_unix(cron:session): session closed for user root
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26093]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26157]: Successful su for rubyman by root
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26157]: + ??? root:rubyman
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589410 of user rubyman.
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26157]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589410.
Jun 25 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23429]: pam_unix(cron:session): session closed for user root
Jun 25 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26094]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25311]: pam_unix(cron:session): session closed for user root
Jun 25 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26487]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26547]: Successful su for rubyman by root
Jun 25 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26547]: + ??? root:rubyman
Jun 25 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589413 of user rubyman.
Jun 25 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26547]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589413.
Jun 25 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session closed for user root
Jun 25 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26488]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25714]: pam_unix(cron:session): session closed for user root
Jun 25 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26946]: Failed password for root from 202.178.126.219 port 3414 ssh2
Jun 25 09:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26946]: Connection closed by 202.178.126.219 port 3414 [preauth]
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26979]: pam_unix(cron:session): session closed for user root
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26973]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27043]: Successful su for rubyman by root
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27043]: + ??? root:rubyman
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589419 of user rubyman.
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27043]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589419.
Jun 25 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26976]: pam_unix(cron:session): session closed for user root
Jun 25 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24374]: pam_unix(cron:session): session closed for user root
Jun 25 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26975]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26096]: pam_unix(cron:session): session closed for user root
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27425]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27495]: Successful su for rubyman by root
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27495]: + ??? root:rubyman
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589424 of user rubyman.
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27495]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589424.
Jun 25 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24884]: pam_unix(cron:session): session closed for user root
Jun 25 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27426]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26490]: pam_unix(cron:session): session closed for user root
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27834]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27901]: Successful su for rubyman by root
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27901]: + ??? root:rubyman
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589428 of user rubyman.
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27901]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589428.
Jun 25 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25310]: pam_unix(cron:session): session closed for user root
Jun 25 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27835]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Failed password for root from 87.251.79.125 port 38822 ssh2
Jun 25 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Connection closed by 87.251.79.125 port 38822 [preauth]
Jun 25 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26978]: pam_unix(cron:session): session closed for user root
Jun 25 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28362]: Successful su for rubyman by root
Jun 25 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28362]: + ??? root:rubyman
Jun 25 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589431 of user rubyman.
Jun 25 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28362]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589431.
Jun 25 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25713]: pam_unix(cron:session): session closed for user root
Jun 25 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28304]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27430]: pam_unix(cron:session): session closed for user root
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28793]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28853]: Successful su for rubyman by root
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28853]: + ??? root:rubyman
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589435 of user rubyman.
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28853]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589435.
Jun 25 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26095]: pam_unix(cron:session): session closed for user root
Jun 25 09:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28794]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session closed for user root
Jun 25 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session closed for user root
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29211]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29301]: Successful su for rubyman by root
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29301]: + ??? root:rubyman
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589441 of user rubyman.
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29301]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589441.
Jun 25 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26489]: pam_unix(cron:session): session closed for user root
Jun 25 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session closed for user root
Jun 25 09:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29212]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 25 09:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29507]: Failed password for root from 46.19.67.181 port 37654 ssh2
Jun 25 09:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29507]: Connection closed by 46.19.67.181 port 37654 [preauth]
Jun 25 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session closed for user root
Jun 25 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29863]: Successful su for rubyman by root
Jun 25 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29863]: + ??? root:rubyman
Jun 25 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589447 of user rubyman.
Jun 25 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29863]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589447.
Jun 25 09:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26977]: pam_unix(cron:session): session closed for user root
Jun 25 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28796]: pam_unix(cron:session): session closed for user root
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30273]: Successful su for rubyman by root
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30273]: + ??? root:rubyman
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589452 of user rubyman.
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30273]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589452.
Jun 25 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27427]: pam_unix(cron:session): session closed for user root
Jun 25 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session closed for user root
Jun 25 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30626]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30685]: Successful su for rubyman by root
Jun 25 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30685]: + ??? root:rubyman
Jun 25 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589454 of user rubyman.
Jun 25 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30685]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589454.
Jun 25 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session closed for user root
Jun 25 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30627]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session closed for user root
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31125]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31185]: Successful su for rubyman by root
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31185]: + ??? root:rubyman
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589457 of user rubyman.
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31185]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589457.
Jun 25 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session closed for user root
Jun 25 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31126]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Invalid user admin from 193.46.255.86
Jun 25 09:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: input_userauth_request: invalid user admin [preauth]
Jun 25 09:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 09:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Failed password for invalid user admin from 193.46.255.86 port 26776 ssh2
Jun 25 09:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Failed password for invalid user admin from 193.46.255.86 port 26776 ssh2
Jun 25 09:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 09:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Failed password for invalid user admin from 193.46.255.86 port 26776 ssh2
Jun 25 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Connection closed by 193.46.255.86 port 26776 [preauth]
Jun 25 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 09:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30216]: pam_unix(cron:session): session closed for user root
Jun 25 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31534]: pam_unix(cron:session): session closed for user root
Jun 25 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31524]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31690]: Successful su for rubyman by root
Jun 25 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31690]: + ??? root:rubyman
Jun 25 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589463 of user rubyman.
Jun 25 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31690]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589463.
Jun 25 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31526]: pam_unix(cron:session): session closed for user root
Jun 25 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session closed for user root
Jun 25 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31525]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session closed for user root
Jun 25 09:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 09:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Failed password for root from 193.37.70.224 port 52990 ssh2
Jun 25 09:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Connection closed by 193.37.70.224 port 52990 [preauth]
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32079]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32147]: Successful su for rubyman by root
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32147]: + ??? root:rubyman
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589468 of user rubyman.
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32147]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589468.
Jun 25 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session closed for user root
Jun 25 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32080]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31128]: pam_unix(cron:session): session closed for user root
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: Successful su for rubyman by root
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: + ??? root:rubyman
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589471 of user rubyman.
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589471.
Jun 25 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session closed for user root
Jun 25 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32509]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31532]: pam_unix(cron:session): session closed for user root
Jun 25 09:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 09:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Failed password for root from 147.45.199.80 port 37136 ssh2
Jun 25 09:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Connection closed by 147.45.199.80 port 37136 [preauth]
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[588]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[654]: Successful su for rubyman by root
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[654]: + ??? root:rubyman
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589476 of user rubyman.
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[654]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589476.
Jun 25 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30215]: pam_unix(cron:session): session closed for user root
Jun 25 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32082]: pam_unix(cron:session): session closed for user root
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1010]: pam_unix(cron:session): session closed for user p13x
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1103]: Successful su for rubyman by root
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1103]: + ??? root:rubyman
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589479 of user rubyman.
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1103]: pam_unix(su:session): session closed for user rubyman
Jun 25 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589479.
Jun 25 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session closed for user root
Jun 25 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1011]: pam_unix(cron:session): session closed for user samftp
Jun 25 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32511]: pam_unix(cron:session): session closed for user root
Jun 25 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 09:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1386]: Failed password for root from 103.149.28.157 port 59812 ssh2
Jun 25 09:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1386]: Connection closed by 103.149.28.157 port 59812 [preauth]
Jun 25 09:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 09:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 10:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: Failed password for root from 103.27.238.114 port 46634 ssh2
Jun 25 10:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1563]: Connection closed by 103.27.238.114 port 46634 [preauth]
Jun 25 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1582]: pam_unix(cron:session): session closed for user root
Jun 25 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1592]: pam_unix(cron:session): session closed for user root
Jun 25 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1691]: Successful su for rubyman by root
Jun 25 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1691]: + ??? root:rubyman
Jun 25 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589485 of user rubyman.
Jun 25 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1691]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589485.
Jun 25 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31127]: pam_unix(cron:session): session closed for user root
Jun 25 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1586]: pam_unix(cron:session): session closed for user root
Jun 25 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: Invalid user ubnt from 141.98.83.240
Jun 25 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: input_userauth_request: invalid user ubnt [preauth]
Jun 25 10:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1581]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: Failed password for invalid user ubnt from 141.98.83.240 port 20506 ssh2
Jun 25 10:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: Failed password for invalid user ubnt from 141.98.83.240 port 20506 ssh2
Jun 25 10:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: Failed password for invalid user ubnt from 141.98.83.240 port 20506 ssh2
Jun 25 10:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: Connection closed by 141.98.83.240 port 20506 [preauth]
Jun 25 10:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[592]: pam_unix(cron:session): session closed for user root
Jun 25 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Failed password for root from 62.133.62.83 port 40696 ssh2
Jun 25 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Connection closed by 62.133.62.83 port 40696 [preauth]
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2182]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2258]: Successful su for rubyman by root
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2258]: + ??? root:rubyman
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589491 of user rubyman.
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2258]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589491.
Jun 25 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31531]: pam_unix(cron:session): session closed for user root
Jun 25 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2183]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1014]: pam_unix(cron:session): session closed for user root
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2630]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2690]: Successful su for rubyman by root
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2690]: + ??? root:rubyman
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589495 of user rubyman.
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2690]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589495.
Jun 25 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32081]: pam_unix(cron:session): session closed for user root
Jun 25 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2631]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1591]: pam_unix(cron:session): session closed for user root
Jun 25 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3040]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3098]: Successful su for rubyman by root
Jun 25 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3098]: + ??? root:rubyman
Jun 25 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589498 of user rubyman.
Jun 25 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3098]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589498.
Jun 25 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32510]: pam_unix(cron:session): session closed for user root
Jun 25 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: Failed password for root from 194.113.233.25 port 53804 ssh2
Jun 25 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: Connection closed by 194.113.233.25 port 53804 [preauth]
Jun 25 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3041]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2185]: pam_unix(cron:session): session closed for user root
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3423]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3487]: Successful su for rubyman by root
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3487]: + ??? root:rubyman
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589502 of user rubyman.
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3487]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589502.
Jun 25 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session closed for user root
Jun 25 10:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3424]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2633]: pam_unix(cron:session): session closed for user root
Jun 25 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: Failed password for root from 109.237.96.109 port 40802 ssh2
Jun 25 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: Connection closed by 109.237.96.109 port 40802 [preauth]
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session closed for user root
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3987]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4091]: Successful su for rubyman by root
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4091]: + ??? root:rubyman
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589507 of user rubyman.
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4091]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589507.
Jun 25 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3991]: pam_unix(cron:session): session closed for user root
Jun 25 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1012]: pam_unix(cron:session): session closed for user root
Jun 25 10:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3988]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3043]: pam_unix(cron:session): session closed for user root
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4467]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4538]: Successful su for rubyman by root
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4538]: + ??? root:rubyman
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589513 of user rubyman.
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4538]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589513.
Jun 25 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1590]: pam_unix(cron:session): session closed for user root
Jun 25 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4468]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3426]: pam_unix(cron:session): session closed for user root
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4991]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: Successful su for rubyman by root
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: + ??? root:rubyman
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589517 of user rubyman.
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589517.
Jun 25 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2184]: pam_unix(cron:session): session closed for user root
Jun 25 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4992]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session closed for user root
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5395]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5457]: Successful su for rubyman by root
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5457]: + ??? root:rubyman
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589520 of user rubyman.
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5457]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589520.
Jun 25 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2632]: pam_unix(cron:session): session closed for user root
Jun 25 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5396]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4470]: pam_unix(cron:session): session closed for user root
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5786]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5909]: Successful su for rubyman by root
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5909]: + ??? root:rubyman
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589527 of user rubyman.
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5909]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589527.
Jun 25 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5784]: pam_unix(cron:session): session closed for user root
Jun 25 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session closed for user root
Jun 25 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5787]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4994]: pam_unix(cron:session): session closed for user root
Jun 25 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6267]: pam_unix(cron:session): session closed for user root
Jun 25 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6329]: Successful su for rubyman by root
Jun 25 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6329]: + ??? root:rubyman
Jun 25 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589534 of user rubyman.
Jun 25 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6329]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589534.
Jun 25 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6263]: pam_unix(cron:session): session closed for user root
Jun 25 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3425]: pam_unix(cron:session): session closed for user root
Jun 25 10:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6262]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session closed for user root
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6681]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6756]: Successful su for rubyman by root
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6756]: + ??? root:rubyman
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589535 of user rubyman.
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6756]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589535.
Jun 25 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3993]: pam_unix(cron:session): session closed for user root
Jun 25 10:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6682]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session closed for user root
Jun 25 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7190]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: Successful su for rubyman by root
Jun 25 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: + ??? root:rubyman
Jun 25 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589541 of user rubyman.
Jun 25 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589541.
Jun 25 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4469]: pam_unix(cron:session): session closed for user root
Jun 25 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7192]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6265]: pam_unix(cron:session): session closed for user root
Jun 25 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7758]: Successful su for rubyman by root
Jun 25 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7758]: + ??? root:rubyman
Jun 25 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589545 of user rubyman.
Jun 25 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7758]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589545.
Jun 25 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4993]: pam_unix(cron:session): session closed for user root
Jun 25 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6684]: pam_unix(cron:session): session closed for user root
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8074]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8137]: Successful su for rubyman by root
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8137]: + ??? root:rubyman
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589548 of user rubyman.
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8137]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589548.
Jun 25 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session closed for user root
Jun 25 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8075]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7194]: pam_unix(cron:session): session closed for user root
Jun 25 10:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8445]: Failed password for root from 103.82.132.16 port 43380 ssh2
Jun 25 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8445]: Connection closed by 103.82.132.16 port 43380 [preauth]
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session closed for user root
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: Successful su for rubyman by root
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: + ??? root:rubyman
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589555 of user rubyman.
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589555.
Jun 25 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8468]: pam_unix(cron:session): session closed for user root
Jun 25 10:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session closed for user root
Jun 25 10:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session closed for user root
Jun 25 10:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 10:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: Failed password for root from 103.77.175.15 port 44678 ssh2
Jun 25 10:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: Connection closed by 103.77.175.15 port 44678 [preauth]
Jun 25 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8906]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8979]: Successful su for rubyman by root
Jun 25 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8979]: + ??? root:rubyman
Jun 25 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589559 of user rubyman.
Jun 25 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8979]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589559.
Jun 25 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6264]: pam_unix(cron:session): session closed for user root
Jun 25 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8907]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 10:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9180]: Failed password for root from 103.82.20.28 port 39662 ssh2
Jun 25 10:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9180]: Connection closed by 103.82.20.28 port 39662 [preauth]
Jun 25 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8077]: pam_unix(cron:session): session closed for user root
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session closed for user root
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9314]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: Successful su for rubyman by root
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: + ??? root:rubyman
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589562 of user rubyman.
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589562.
Jun 25 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6683]: pam_unix(cron:session): session closed for user root
Jun 25 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9315]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8471]: pam_unix(cron:session): session closed for user root
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9696]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9759]: Successful su for rubyman by root
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9759]: + ??? root:rubyman
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589566 of user rubyman.
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9759]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589566.
Jun 25 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9697]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7193]: pam_unix(cron:session): session closed for user root
Jun 25 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session closed for user root
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10370]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10433]: Successful su for rubyman by root
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10433]: + ??? root:rubyman
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589570 of user rubyman.
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10433]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589570.
Jun 25 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session closed for user root
Jun 25 10:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10371]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9317]: pam_unix(cron:session): session closed for user root
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session closed for user root
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10783]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10858]: Successful su for rubyman by root
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10858]: + ??? root:rubyman
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589574 of user rubyman.
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10858]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589574.
Jun 25 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session closed for user root
Jun 25 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8076]: pam_unix(cron:session): session closed for user root
Jun 25 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10784]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9703]: pam_unix(cron:session): session closed for user root
Jun 25 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Failed password for root from 38.93.206.2 port 51944 ssh2
Jun 25 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Connection closed by 38.93.206.2 port 51944 [preauth]
Jun 25 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11303]: Successful su for rubyman by root
Jun 25 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11303]: + ??? root:rubyman
Jun 25 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589580 of user rubyman.
Jun 25 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11303]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589580.
Jun 25 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8469]: pam_unix(cron:session): session closed for user root
Jun 25 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Failed password for root from 176.32.39.21 port 57392 ssh2
Jun 25 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Connection closed by 176.32.39.21 port 57392 [preauth]
Jun 25 10:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Invalid user test from 121.184.144.232
Jun 25 10:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: input_userauth_request: invalid user test [preauth]
Jun 25 10:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 10:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Failed password for invalid user test from 121.184.144.232 port 58374 ssh2
Jun 25 10:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Received disconnect from 121.184.144.232 port 58374:11: Bye Bye [preauth]
Jun 25 10:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Disconnected from 121.184.144.232 port 58374 [preauth]
Jun 25 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10373]: pam_unix(cron:session): session closed for user root
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11720]: Successful su for rubyman by root
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11720]: + ??? root:rubyman
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589586 of user rubyman.
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11720]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589586.
Jun 25 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8908]: pam_unix(cron:session): session closed for user root
Jun 25 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 25 10:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: Failed password for root from 103.27.238.116 port 47144 ssh2
Jun 25 10:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: Connection closed by 103.27.238.116 port 47144 [preauth]
Jun 25 10:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Failed password for root from 89.223.69.22 port 38724 ssh2
Jun 25 10:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Connection closed by 89.223.69.22 port 38724 [preauth]
Jun 25 10:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 10:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: Failed password for root from 80.66.85.226 port 35540 ssh2
Jun 25 10:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: Connection closed by 80.66.85.226 port 35540 [preauth]
Jun 25 10:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: Invalid user user from 106.13.181.42
Jun 25 10:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: input_userauth_request: invalid user user [preauth]
Jun 25 10:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: Failed password for invalid user user from 106.13.181.42 port 51578 ssh2
Jun 25 10:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: Received disconnect from 106.13.181.42 port 51578:11: Bye Bye [preauth]
Jun 25 10:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12034]: Disconnected from 106.13.181.42 port 51578 [preauth]
Jun 25 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10789]: pam_unix(cron:session): session closed for user root
Jun 25 10:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Invalid user explore from 27.128.170.160
Jun 25 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: input_userauth_request: invalid user explore [preauth]
Jun 25 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 10:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Failed password for invalid user explore from 27.128.170.160 port 34618 ssh2
Jun 25 10:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Received disconnect from 27.128.170.160 port 34618:11: Bye Bye [preauth]
Jun 25 10:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Disconnected from 27.128.170.160 port 34618 [preauth]
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12120]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12183]: Successful su for rubyman by root
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12183]: + ??? root:rubyman
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589589 of user rubyman.
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12183]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589589.
Jun 25 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9316]: pam_unix(cron:session): session closed for user root
Jun 25 10:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12121]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Invalid user oracle from 43.156.71.43
Jun 25 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: input_userauth_request: invalid user oracle [preauth]
Jun 25 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11230]: pam_unix(cron:session): session closed for user root
Jun 25 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Failed password for invalid user oracle from 43.156.71.43 port 33300 ssh2
Jun 25 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Received disconnect from 43.156.71.43 port 33300:11: Bye Bye [preauth]
Jun 25 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Disconnected from 43.156.71.43 port 33300 [preauth]
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12641]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12704]: Successful su for rubyman by root
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12704]: + ??? root:rubyman
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589592 of user rubyman.
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12704]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589592.
Jun 25 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9702]: pam_unix(cron:session): session closed for user root
Jun 25 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12642]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11657]: pam_unix(cron:session): session closed for user root
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13056]: pam_unix(cron:session): session closed for user root
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13048]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13127]: Successful su for rubyman by root
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13127]: + ??? root:rubyman
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589596 of user rubyman.
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13127]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589596.
Jun 25 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13053]: pam_unix(cron:session): session closed for user root
Jun 25 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10372]: pam_unix(cron:session): session closed for user root
Jun 25 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13052]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12123]: pam_unix(cron:session): session closed for user root
Jun 25 10:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Invalid user keyara from 2.57.121.112
Jun 25 10:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: input_userauth_request: invalid user keyara [preauth]
Jun 25 10:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13497]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13566]: Successful su for rubyman by root
Jun 25 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13566]: + ??? root:rubyman
Jun 25 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Failed password for invalid user keyara from 2.57.121.112 port 11012 ssh2
Jun 25 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589602 of user rubyman.
Jun 25 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13566]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589602.
Jun 25 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session closed for user root
Jun 25 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Failed password for invalid user keyara from 2.57.121.112 port 11012 ssh2
Jun 25 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13498]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Failed password for invalid user keyara from 2.57.121.112 port 11012 ssh2
Jun 25 10:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Failed password for invalid user keyara from 2.57.121.112 port 11012 ssh2
Jun 25 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Connection closed by 2.57.121.112 port 11012 [preauth]
Jun 25 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: Invalid user keyara from 2.57.121.112
Jun 25 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: input_userauth_request: invalid user keyara [preauth]
Jun 25 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: Failed password for invalid user keyara from 2.57.121.112 port 12486 ssh2
Jun 25 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: Connection closed by 2.57.121.112 port 12486 [preauth]
Jun 25 10:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Failed password for root from 106.13.181.42 port 41400 ssh2
Jun 25 10:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Received disconnect from 106.13.181.42 port 41400:11: Bye Bye [preauth]
Jun 25 10:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Disconnected from 106.13.181.42 port 41400 [preauth]
Jun 25 10:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session closed for user root
Jun 25 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13910]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13980]: Successful su for rubyman by root
Jun 25 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13980]: + ??? root:rubyman
Jun 25 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589607 of user rubyman.
Jun 25 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13980]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589607.
Jun 25 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11229]: pam_unix(cron:session): session closed for user root
Jun 25 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13911]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 10:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Failed password for root from 77.94.47.83 port 41338 ssh2
Jun 25 10:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Connection closed by 77.94.47.83 port 41338 [preauth]
Jun 25 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13055]: pam_unix(cron:session): session closed for user root
Jun 25 10:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Failed password for root from 106.13.181.42 port 58322 ssh2
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14302]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14361]: Successful su for rubyman by root
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14361]: + ??? root:rubyman
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589611 of user rubyman.
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14361]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589611.
Jun 25 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Received disconnect from 106.13.181.42 port 58322:11: Bye Bye [preauth]
Jun 25 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Disconnected from 106.13.181.42 port 58322 [preauth]
Jun 25 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11656]: pam_unix(cron:session): session closed for user root
Jun 25 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14303]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13500]: pam_unix(cron:session): session closed for user root
Jun 25 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: Invalid user user from 141.98.83.240
Jun 25 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: input_userauth_request: invalid user user [preauth]
Jun 25 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 10:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: Failed password for invalid user user from 141.98.83.240 port 37736 ssh2
Jun 25 10:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: Failed password for invalid user user from 141.98.83.240 port 37736 ssh2
Jun 25 10:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: Failed password for invalid user user from 141.98.83.240 port 37736 ssh2
Jun 25 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: Connection closed by 141.98.83.240 port 37736 [preauth]
Jun 25 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14677]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14789]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14852]: Successful su for rubyman by root
Jun 25 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14852]: + ??? root:rubyman
Jun 25 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589615 of user rubyman.
Jun 25 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14852]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589615.
Jun 25 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12122]: pam_unix(cron:session): session closed for user root
Jun 25 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14790]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: Invalid user ubuntu from 106.13.181.42
Jun 25 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: Failed password for invalid user ubuntu from 106.13.181.42 port 45398 ssh2
Jun 25 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: Received disconnect from 106.13.181.42 port 45398:11: Bye Bye [preauth]
Jun 25 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: Disconnected from 106.13.181.42 port 45398 [preauth]
Jun 25 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13913]: pam_unix(cron:session): session closed for user root
Jun 25 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session closed for user root
Jun 25 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15271]: Successful su for rubyman by root
Jun 25 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15271]: + ??? root:rubyman
Jun 25 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589623 of user rubyman.
Jun 25 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15271]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589623.
Jun 25 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session closed for user root
Jun 25 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: Failed password for root from 103.122.221.179 port 48824 ssh2
Jun 25 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: Connection closed by 103.122.221.179 port 48824 [preauth]
Jun 25 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12643]: pam_unix(cron:session): session closed for user root
Jun 25 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15504]: Invalid user ardi from 27.128.170.160
Jun 25 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15504]: input_userauth_request: invalid user ardi [preauth]
Jun 25 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15504]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 10:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15504]: Failed password for invalid user ardi from 27.128.170.160 port 39710 ssh2
Jun 25 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15504]: Received disconnect from 27.128.170.160 port 39710:11: Bye Bye [preauth]
Jun 25 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15504]: Disconnected from 27.128.170.160 port 39710 [preauth]
Jun 25 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14305]: pam_unix(cron:session): session closed for user root
Jun 25 10:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15592]: Connection closed by 194.59.206.2 port 28168 [preauth]
Jun 25 10:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15603]: Invalid user lily from 106.13.181.42
Jun 25 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15603]: input_userauth_request: invalid user lily [preauth]
Jun 25 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15603]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15603]: Failed password for invalid user lily from 106.13.181.42 port 33054 ssh2
Jun 25 10:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15603]: Received disconnect from 106.13.181.42 port 33054:11: Bye Bye [preauth]
Jun 25 10:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15603]: Disconnected from 106.13.181.42 port 33054 [preauth]
Jun 25 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15615]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: Successful su for rubyman by root
Jun 25 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: + ??? root:rubyman
Jun 25 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589625 of user rubyman.
Jun 25 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589625.
Jun 25 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13054]: pam_unix(cron:session): session closed for user root
Jun 25 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15616]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session closed for user root
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16072]: Successful su for rubyman by root
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16072]: + ??? root:rubyman
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589630 of user rubyman.
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16072]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589630.
Jun 25 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13499]: pam_unix(cron:session): session closed for user root
Jun 25 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Invalid user admin from 106.13.181.42
Jun 25 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: input_userauth_request: invalid user admin [preauth]
Jun 25 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Failed password for invalid user admin from 106.13.181.42 port 49216 ssh2
Jun 25 10:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Received disconnect from 106.13.181.42 port 49216:11: Bye Bye [preauth]
Jun 25 10:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Disconnected from 106.13.181.42 port 49216 [preauth]
Jun 25 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15202]: pam_unix(cron:session): session closed for user root
Jun 25 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16399]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16462]: Successful su for rubyman by root
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16462]: + ??? root:rubyman
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589633 of user rubyman.
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16462]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589633.
Jun 25 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Failed password for root from 27.128.170.160 port 44772 ssh2
Jun 25 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Received disconnect from 27.128.170.160 port 44772:11: Bye Bye [preauth]
Jun 25 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Disconnected from 27.128.170.160 port 44772 [preauth]
Jun 25 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13912]: pam_unix(cron:session): session closed for user root
Jun 25 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16400]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15618]: pam_unix(cron:session): session closed for user root
Jun 25 10:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 10:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Failed password for root from 121.184.144.232 port 41734 ssh2
Jun 25 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Received disconnect from 121.184.144.232 port 41734:11: Bye Bye [preauth]
Jun 25 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16742]: Disconnected from 121.184.144.232 port 41734 [preauth]
Jun 25 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Invalid user test from 43.156.71.43
Jun 25 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: input_userauth_request: invalid user test [preauth]
Jun 25 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Failed password for invalid user test from 43.156.71.43 port 54470 ssh2
Jun 25 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Received disconnect from 43.156.71.43 port 54470:11: Bye Bye [preauth]
Jun 25 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Disconnected from 43.156.71.43 port 54470 [preauth]
Jun 25 10:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Failed password for root from 106.13.181.42 port 36352 ssh2
Jun 25 10:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Received disconnect from 106.13.181.42 port 36352:11: Bye Bye [preauth]
Jun 25 10:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Disconnected from 106.13.181.42 port 36352 [preauth]
Jun 25 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: Successful su for rubyman by root
Jun 25 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: + ??? root:rubyman
Jun 25 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589636 of user rubyman.
Jun 25 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589636.
Jun 25 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14304]: pam_unix(cron:session): session closed for user root
Jun 25 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16008]: pam_unix(cron:session): session closed for user root
Jun 25 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 10:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: Failed password for root from 202.178.126.219 port 49963 ssh2
Jun 25 10:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: Connection closed by 202.178.126.219 port 49963 [preauth]
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17300]: pam_unix(cron:session): session closed for user root
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17373]: Successful su for rubyman by root
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17373]: + ??? root:rubyman
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589642 of user rubyman.
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17373]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589642.
Jun 25 10:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user root
Jun 25 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session closed for user root
Jun 25 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Invalid user zookeeper from 106.13.181.42
Jun 25 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: input_userauth_request: invalid user zookeeper [preauth]
Jun 25 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Failed password for invalid user zookeeper from 106.13.181.42 port 53272 ssh2
Jun 25 10:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Received disconnect from 106.13.181.42 port 53272:11: Bye Bye [preauth]
Jun 25 10:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17604]: Disconnected from 106.13.181.42 port 53272 [preauth]
Jun 25 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16402]: pam_unix(cron:session): session closed for user root
Jun 25 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Invalid user gokul from 43.156.71.43
Jun 25 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: input_userauth_request: invalid user gokul [preauth]
Jun 25 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Failed password for invalid user gokul from 43.156.71.43 port 49114 ssh2
Jun 25 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Received disconnect from 43.156.71.43 port 49114:11: Bye Bye [preauth]
Jun 25 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17812]: Disconnected from 43.156.71.43 port 49114 [preauth]
Jun 25 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Invalid user julian from 121.184.144.232
Jun 25 10:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: input_userauth_request: invalid user julian [preauth]
Jun 25 10:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Failed password for invalid user julian from 121.184.144.232 port 58936 ssh2
Jun 25 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Received disconnect from 121.184.144.232 port 58936:11: Bye Bye [preauth]
Jun 25 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Disconnected from 121.184.144.232 port 58936 [preauth]
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17838]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17916]: Successful su for rubyman by root
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17916]: + ??? root:rubyman
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589647 of user rubyman.
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17916]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589647.
Jun 25 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15200]: pam_unix(cron:session): session closed for user root
Jun 25 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17839]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18106]: Invalid user wesley from 27.128.170.160
Jun 25 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18106]: input_userauth_request: invalid user wesley [preauth]
Jun 25 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18106]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18106]: Failed password for invalid user wesley from 27.128.170.160 port 47290 ssh2
Jun 25 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18106]: Received disconnect from 27.128.170.160 port 47290:11: Bye Bye [preauth]
Jun 25 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18106]: Disconnected from 27.128.170.160 port 47290 [preauth]
Jun 25 10:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: Failed password for root from 51.250.105.222 port 48316 ssh2
Jun 25 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18174]: Connection closed by 51.250.105.222 port 48316 [preauth]
Jun 25 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session closed for user root
Jun 25 10:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18207]: Invalid user ftp_user from 106.13.181.42
Jun 25 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18207]: input_userauth_request: invalid user ftp_user [preauth]
Jun 25 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18207]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18207]: Failed password for invalid user ftp_user from 106.13.181.42 port 40776 ssh2
Jun 25 10:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18207]: Received disconnect from 106.13.181.42 port 40776:11: Bye Bye [preauth]
Jun 25 10:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18207]: Disconnected from 106.13.181.42 port 40776 [preauth]
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18344]: Successful su for rubyman by root
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18344]: + ??? root:rubyman
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589650 of user rubyman.
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18344]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589650.
Jun 25 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15617]: pam_unix(cron:session): session closed for user root
Jun 25 10:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session closed for user root
Jun 25 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18774]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18863]: Successful su for rubyman by root
Jun 25 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18863]: + ??? root:rubyman
Jun 25 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589656 of user rubyman.
Jun 25 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18863]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589656.
Jun 25 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: Invalid user rahim from 106.13.181.42
Jun 25 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: input_userauth_request: invalid user rahim [preauth]
Jun 25 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16007]: pam_unix(cron:session): session closed for user root
Jun 25 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: Failed password for invalid user rahim from 106.13.181.42 port 56160 ssh2
Jun 25 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: Received disconnect from 106.13.181.42 port 56160:11: Bye Bye [preauth]
Jun 25 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: Disconnected from 106.13.181.42 port 56160 [preauth]
Jun 25 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19042]: Invalid user emc from 43.156.71.43
Jun 25 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19042]: input_userauth_request: invalid user emc [preauth]
Jun 25 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19042]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19042]: Failed password for invalid user emc from 43.156.71.43 port 60592 ssh2
Jun 25 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19042]: Received disconnect from 43.156.71.43 port 60592:11: Bye Bye [preauth]
Jun 25 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19042]: Disconnected from 43.156.71.43 port 60592 [preauth]
Jun 25 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: Failed password for root from 121.184.144.232 port 9372 ssh2
Jun 25 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: Received disconnect from 121.184.144.232 port 9372:11: Bye Bye [preauth]
Jun 25 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: Disconnected from 121.184.144.232 port 9372 [preauth]
Jun 25 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17841]: pam_unix(cron:session): session closed for user root
Jun 25 10:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Failed password for root from 27.128.170.160 port 60464 ssh2
Jun 25 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Received disconnect from 27.128.170.160 port 60464:11: Bye Bye [preauth]
Jun 25 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Disconnected from 27.128.170.160 port 60464 [preauth]
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19293]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19415]: Successful su for rubyman by root
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19415]: + ??? root:rubyman
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589659 of user rubyman.
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19415]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589659.
Jun 25 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19291]: pam_unix(cron:session): session closed for user root
Jun 25 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16401]: pam_unix(cron:session): session closed for user root
Jun 25 10:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 25 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19836]: Failed password for root from 147.45.211.215 port 60054 ssh2
Jun 25 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19836]: Connection closed by 147.45.211.215 port 60054 [preauth]
Jun 25 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Invalid user admin from 2.57.121.25
Jun 25 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: input_userauth_request: invalid user admin [preauth]
Jun 25 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Failed password for invalid user admin from 2.57.121.25 port 43096 ssh2
Jun 25 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Failed password for invalid user admin from 2.57.121.25 port 43096 ssh2
Jun 25 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Failed password for invalid user admin from 2.57.121.25 port 43096 ssh2
Jun 25 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Connection closed by 2.57.121.25 port 43096 [preauth]
Jun 25 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 10:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19912]: Invalid user admin from 106.13.181.42
Jun 25 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19912]: input_userauth_request: invalid user admin [preauth]
Jun 25 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19912]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19912]: Failed password for invalid user admin from 106.13.181.42 port 44536 ssh2
Jun 25 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19912]: Received disconnect from 106.13.181.42 port 44536:11: Bye Bye [preauth]
Jun 25 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19912]: Disconnected from 106.13.181.42 port 44536 [preauth]
Jun 25 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18279]: pam_unix(cron:session): session closed for user root
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20011]: pam_unix(cron:session): session closed for user root
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20006]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20072]: Successful su for rubyman by root
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20072]: + ??? root:rubyman
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589663 of user rubyman.
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20072]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589663.
Jun 25 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20008]: pam_unix(cron:session): session closed for user root
Jun 25 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session closed for user root
Jun 25 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Failed password for root from 43.156.71.43 port 58822 ssh2
Jun 25 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Received disconnect from 43.156.71.43 port 58822:11: Bye Bye [preauth]
Jun 25 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Disconnected from 43.156.71.43 port 58822 [preauth]
Jun 25 10:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20450]: Invalid user lsfadmin from 121.184.144.232
Jun 25 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20450]: input_userauth_request: invalid user lsfadmin [preauth]
Jun 25 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20450]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20450]: Failed password for invalid user lsfadmin from 121.184.144.232 port 26012 ssh2
Jun 25 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20450]: Received disconnect from 121.184.144.232 port 26012:11: Bye Bye [preauth]
Jun 25 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20450]: Disconnected from 121.184.144.232 port 26012 [preauth]
Jun 25 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18777]: pam_unix(cron:session): session closed for user root
Jun 25 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Invalid user gabriele from 106.13.181.42
Jun 25 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: input_userauth_request: invalid user gabriele [preauth]
Jun 25 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Failed password for invalid user gabriele from 106.13.181.42 port 59460 ssh2
Jun 25 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Received disconnect from 106.13.181.42 port 59460:11: Bye Bye [preauth]
Jun 25 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Disconnected from 106.13.181.42 port 59460 [preauth]
Jun 25 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Invalid user eugene from 27.128.170.160
Jun 25 10:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: input_userauth_request: invalid user eugene [preauth]
Jun 25 10:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 10:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Failed password for invalid user eugene from 27.128.170.160 port 59170 ssh2
Jun 25 10:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Received disconnect from 27.128.170.160 port 59170:11: Bye Bye [preauth]
Jun 25 10:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Disconnected from 27.128.170.160 port 59170 [preauth]
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20549]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20619]: Successful su for rubyman by root
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20619]: + ??? root:rubyman
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589670 of user rubyman.
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20619]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589670.
Jun 25 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user root
Jun 25 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20550]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: Failed password for root from 103.77.242.62 port 42006 ssh2
Jun 25 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: Connection closed by 103.77.242.62 port 42006 [preauth]
Jun 25 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19296]: pam_unix(cron:session): session closed for user root
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21052]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: Successful su for rubyman by root
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: + ??? root:rubyman
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589674 of user rubyman.
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589674.
Jun 25 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17840]: pam_unix(cron:session): session closed for user root
Jun 25 10:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Invalid user student from 43.156.71.43
Jun 25 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: input_userauth_request: invalid user student [preauth]
Jun 25 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Failed password for invalid user student from 43.156.71.43 port 58988 ssh2
Jun 25 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Received disconnect from 43.156.71.43 port 58988:11: Bye Bye [preauth]
Jun 25 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Disconnected from 43.156.71.43 port 58988 [preauth]
Jun 25 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: Failed password for root from 106.13.181.42 port 47382 ssh2
Jun 25 10:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: Received disconnect from 106.13.181.42 port 47382:11: Bye Bye [preauth]
Jun 25 10:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: Disconnected from 106.13.181.42 port 47382 [preauth]
Jun 25 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20010]: pam_unix(cron:session): session closed for user root
Jun 25 10:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: User mysql from 121.184.144.232 not allowed because not listed in AllowUsers
Jun 25 10:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: input_userauth_request: invalid user mysql [preauth]
Jun 25 10:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=mysql
Jun 25 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: Failed password for invalid user mysql from 121.184.144.232 port 40695 ssh2
Jun 25 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: Received disconnect from 121.184.144.232 port 40695:11: Bye Bye [preauth]
Jun 25 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: Disconnected from 121.184.144.232 port 40695 [preauth]
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21467]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: Successful su for rubyman by root
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: + ??? root:rubyman
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589678 of user rubyman.
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589678.
Jun 25 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18278]: pam_unix(cron:session): session closed for user root
Jun 25 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21469]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Invalid user vpsuser from 27.128.170.160
Jun 25 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: input_userauth_request: invalid user vpsuser [preauth]
Jun 25 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Failed password for invalid user vpsuser from 27.128.170.160 port 54496 ssh2
Jun 25 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Received disconnect from 27.128.170.160 port 54496:11: Bye Bye [preauth]
Jun 25 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Disconnected from 27.128.170.160 port 54496 [preauth]
Jun 25 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20552]: pam_unix(cron:session): session closed for user root
Jun 25 10:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Failed password for root from 106.13.181.42 port 35428 ssh2
Jun 25 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Received disconnect from 106.13.181.42 port 35428:11: Bye Bye [preauth]
Jun 25 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Disconnected from 106.13.181.42 port 35428 [preauth]
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21902]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21965]: Successful su for rubyman by root
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21965]: + ??? root:rubyman
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589682 of user rubyman.
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21965]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589682.
Jun 25 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18776]: pam_unix(cron:session): session closed for user root
Jun 25 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Invalid user mahesh from 180.93.52.137
Jun 25 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: input_userauth_request: invalid user mahesh [preauth]
Jun 25 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.93.52.137
Jun 25 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21903]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Failed password for invalid user mahesh from 180.93.52.137 port 58750 ssh2
Jun 25 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Connection closed by 180.93.52.137 port 58750 [preauth]
Jun 25 10:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Invalid user switch from 43.156.71.43
Jun 25 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: input_userauth_request: invalid user switch [preauth]
Jun 25 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 10:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Failed password for invalid user switch from 43.156.71.43 port 51962 ssh2
Jun 25 10:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Received disconnect from 43.156.71.43 port 51962:11: Bye Bye [preauth]
Jun 25 10:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Disconnected from 43.156.71.43 port 51962 [preauth]
Jun 25 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session closed for user root
Jun 25 10:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: Invalid user min from 121.184.144.232
Jun 25 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: input_userauth_request: invalid user min [preauth]
Jun 25 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: Failed password for invalid user min from 121.184.144.232 port 56643 ssh2
Jun 25 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: Received disconnect from 121.184.144.232 port 56643:11: Bye Bye [preauth]
Jun 25 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22286]: Disconnected from 121.184.144.232 port 56643 [preauth]
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22411]: pam_unix(cron:session): session closed for user root
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22406]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: Successful su for rubyman by root
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: + ??? root:rubyman
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589688 of user rubyman.
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589688.
Jun 25 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22408]: pam_unix(cron:session): session closed for user root
Jun 25 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session closed for user root
Jun 25 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22407]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: Invalid user astro from 106.13.181.42
Jun 25 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: input_userauth_request: invalid user astro [preauth]
Jun 25 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: Failed password for invalid user astro from 106.13.181.42 port 51590 ssh2
Jun 25 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: Received disconnect from 106.13.181.42 port 51590:11: Bye Bye [preauth]
Jun 25 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: Disconnected from 106.13.181.42 port 51590 [preauth]
Jun 25 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21471]: pam_unix(cron:session): session closed for user root
Jun 25 10:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: Failed password for root from 103.176.20.57 port 35188 ssh2
Jun 25 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: Connection closed by 103.176.20.57 port 35188 [preauth]
Jun 25 10:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Invalid user gokul from 27.128.170.160
Jun 25 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: input_userauth_request: invalid user gokul [preauth]
Jun 25 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Failed password for invalid user gokul from 27.128.170.160 port 57930 ssh2
Jun 25 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Received disconnect from 27.128.170.160 port 57930:11: Bye Bye [preauth]
Jun 25 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Disconnected from 27.128.170.160 port 57930 [preauth]
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22846]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22913]: Successful su for rubyman by root
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22913]: + ??? root:rubyman
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589691 of user rubyman.
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22913]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589691.
Jun 25 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20009]: pam_unix(cron:session): session closed for user root
Jun 25 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Invalid user eugene from 43.156.71.43
Jun 25 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: input_userauth_request: invalid user eugene [preauth]
Jun 25 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Failed password for invalid user eugene from 43.156.71.43 port 35572 ssh2
Jun 25 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Received disconnect from 43.156.71.43 port 35572:11: Bye Bye [preauth]
Jun 25 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Disconnected from 43.156.71.43 port 35572 [preauth]
Jun 25 10:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: Failed password for root from 106.13.181.42 port 38738 ssh2
Jun 25 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: Received disconnect from 106.13.181.42 port 38738:11: Bye Bye [preauth]
Jun 25 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23155]: Disconnected from 106.13.181.42 port 38738 [preauth]
Jun 25 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21905]: pam_unix(cron:session): session closed for user root
Jun 25 10:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 10:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23255]: Failed password for root from 121.184.144.232 port 6317 ssh2
Jun 25 10:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23255]: Received disconnect from 121.184.144.232 port 6317:11: Bye Bye [preauth]
Jun 25 10:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23255]: Disconnected from 121.184.144.232 port 6317 [preauth]
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23258]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23327]: Successful su for rubyman by root
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23327]: + ??? root:rubyman
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589696 of user rubyman.
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23327]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589696.
Jun 25 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20551]: pam_unix(cron:session): session closed for user root
Jun 25 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22410]: pam_unix(cron:session): session closed for user root
Jun 25 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23668]: Invalid user admin from 106.13.181.42
Jun 25 10:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23668]: input_userauth_request: invalid user admin [preauth]
Jun 25 10:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23668]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23668]: Failed password for invalid user admin from 106.13.181.42 port 54826 ssh2
Jun 25 10:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23668]: Received disconnect from 106.13.181.42 port 54826:11: Bye Bye [preauth]
Jun 25 10:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23668]: Disconnected from 106.13.181.42 port 54826 [preauth]
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23688]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23757]: Successful su for rubyman by root
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23757]: + ??? root:rubyman
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589699 of user rubyman.
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23757]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589699.
Jun 25 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session closed for user root
Jun 25 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23689]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 10:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Failed password for root from 193.46.255.86 port 38382 ssh2
Jun 25 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Failed password for root from 27.128.170.160 port 38860 ssh2
Jun 25 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Received disconnect from 27.128.170.160 port 38860:11: Bye Bye [preauth]
Jun 25 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Disconnected from 27.128.170.160 port 38860 [preauth]
Jun 25 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Failed password for root from 193.46.255.86 port 38382 ssh2
Jun 25 10:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Failed password for root from 193.46.255.86 port 38382 ssh2
Jun 25 10:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Connection closed by 193.46.255.86 port 38382 [preauth]
Jun 25 10:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 10:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Failed password for root from 43.156.71.43 port 59128 ssh2
Jun 25 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Received disconnect from 43.156.71.43 port 59128:11: Bye Bye [preauth]
Jun 25 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Disconnected from 43.156.71.43 port 59128 [preauth]
Jun 25 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22849]: pam_unix(cron:session): session closed for user root
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24195]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24276]: Successful su for rubyman by root
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24276]: + ??? root:rubyman
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589703 of user rubyman.
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24276]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589703.
Jun 25 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21470]: pam_unix(cron:session): session closed for user root
Jun 25 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24196]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24485]: Failed password for root from 121.184.144.232 port 22173 ssh2
Jun 25 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24485]: Received disconnect from 121.184.144.232 port 22173:11: Bye Bye [preauth]
Jun 25 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24485]: Disconnected from 121.184.144.232 port 22173 [preauth]
Jun 25 10:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Invalid user abcd from 106.13.181.42
Jun 25 10:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: input_userauth_request: invalid user abcd [preauth]
Jun 25 10:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Failed password for invalid user abcd from 106.13.181.42 port 42410 ssh2
Jun 25 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Received disconnect from 106.13.181.42 port 42410:11: Bye Bye [preauth]
Jun 25 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Disconnected from 106.13.181.42 port 42410 [preauth]
Jun 25 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23261]: pam_unix(cron:session): session closed for user root
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session closed for user root
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24622]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24710]: Successful su for rubyman by root
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24710]: + ??? root:rubyman
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589707 of user rubyman.
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24710]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589707.
Jun 25 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24625]: pam_unix(cron:session): session closed for user root
Jun 25 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21904]: pam_unix(cron:session): session closed for user root
Jun 25 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24624]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Failed password for root from 43.156.71.43 port 55298 ssh2
Jun 25 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23691]: pam_unix(cron:session): session closed for user root
Jun 25 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Received disconnect from 43.156.71.43 port 55298:11: Bye Bye [preauth]
Jun 25 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Disconnected from 43.156.71.43 port 55298 [preauth]
Jun 25 10:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: Invalid user sftpuser from 106.13.181.42
Jun 25 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: input_userauth_request: invalid user sftpuser [preauth]
Jun 25 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: Failed password for invalid user sftpuser from 106.13.181.42 port 58890 ssh2
Jun 25 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: Received disconnect from 106.13.181.42 port 58890:11: Bye Bye [preauth]
Jun 25 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: Disconnected from 106.13.181.42 port 58890 [preauth]
Jun 25 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: Failed password for root from 27.128.170.160 port 36304 ssh2
Jun 25 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: Received disconnect from 27.128.170.160 port 36304:11: Bye Bye [preauth]
Jun 25 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25052]: Disconnected from 27.128.170.160 port 36304 [preauth]
Jun 25 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25085]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25155]: Successful su for rubyman by root
Jun 25 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25155]: + ??? root:rubyman
Jun 25 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589713 of user rubyman.
Jun 25 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25155]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589713.
Jun 25 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22409]: pam_unix(cron:session): session closed for user root
Jun 25 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25086]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24198]: pam_unix(cron:session): session closed for user root
Jun 25 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Failed password for root from 121.184.144.232 port 39010 ssh2
Jun 25 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Received disconnect from 121.184.144.232 port 39010:11: Bye Bye [preauth]
Jun 25 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Disconnected from 121.184.144.232 port 39010 [preauth]
Jun 25 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25545]: Successful su for rubyman by root
Jun 25 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25545]: + ??? root:rubyman
Jun 25 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589718 of user rubyman.
Jun 25 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25545]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589718.
Jun 25 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session closed for user root
Jun 25 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25481]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25698]: Failed password for root from 106.13.181.42 port 46044 ssh2
Jun 25 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25698]: Received disconnect from 106.13.181.42 port 46044:11: Bye Bye [preauth]
Jun 25 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25698]: Disconnected from 106.13.181.42 port 46044 [preauth]
Jun 25 10:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session closed for user root
Jun 25 10:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: Invalid user jordi from 43.156.71.43
Jun 25 10:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: input_userauth_request: invalid user jordi [preauth]
Jun 25 10:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: Failed password for invalid user jordi from 43.156.71.43 port 34622 ssh2
Jun 25 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: Received disconnect from 43.156.71.43 port 34622:11: Bye Bye [preauth]
Jun 25 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25824]: Disconnected from 43.156.71.43 port 34622 [preauth]
Jun 25 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25872]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25933]: Successful su for rubyman by root
Jun 25 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25933]: + ??? root:rubyman
Jun 25 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589722 of user rubyman.
Jun 25 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25933]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589722.
Jun 25 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23260]: pam_unix(cron:session): session closed for user root
Jun 25 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25873]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Invalid user test from 27.128.170.160
Jun 25 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: input_userauth_request: invalid user test [preauth]
Jun 25 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Failed password for invalid user test from 27.128.170.160 port 43448 ssh2
Jun 25 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Received disconnect from 27.128.170.160 port 43448:11: Bye Bye [preauth]
Jun 25 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Disconnected from 27.128.170.160 port 43448 [preauth]
Jun 25 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: Invalid user amaldonado from 106.13.181.42
Jun 25 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: input_userauth_request: invalid user amaldonado [preauth]
Jun 25 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: Failed password for invalid user amaldonado from 106.13.181.42 port 33658 ssh2
Jun 25 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: Received disconnect from 106.13.181.42 port 33658:11: Bye Bye [preauth]
Jun 25 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: Disconnected from 106.13.181.42 port 33658 [preauth]
Jun 25 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25088]: pam_unix(cron:session): session closed for user root
Jun 25 10:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Invalid user oracle from 121.184.144.232
Jun 25 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: input_userauth_request: invalid user oracle [preauth]
Jun 25 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Failed password for invalid user oracle from 121.184.144.232 port 56386 ssh2
Jun 25 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Received disconnect from 121.184.144.232 port 56386:11: Bye Bye [preauth]
Jun 25 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Disconnected from 121.184.144.232 port 56386 [preauth]
Jun 25 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26271]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26341]: Successful su for rubyman by root
Jun 25 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26341]: + ??? root:rubyman
Jun 25 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589725 of user rubyman.
Jun 25 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26341]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589725.
Jun 25 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23690]: pam_unix(cron:session): session closed for user root
Jun 25 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26272]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25483]: pam_unix(cron:session): session closed for user root
Jun 25 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Invalid user wesley from 43.156.71.43
Jun 25 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: input_userauth_request: invalid user wesley [preauth]
Jun 25 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Failed password for invalid user wesley from 43.156.71.43 port 43752 ssh2
Jun 25 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Received disconnect from 43.156.71.43 port 43752:11: Bye Bye [preauth]
Jun 25 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Disconnected from 43.156.71.43 port 43752 [preauth]
Jun 25 10:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 10:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Failed password for root from 103.172.78.219 port 53914 ssh2
Jun 25 10:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Connection closed by 103.172.78.219 port 53914 [preauth]
Jun 25 10:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: Failed password for root from 106.13.181.42 port 49578 ssh2
Jun 25 10:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: Received disconnect from 106.13.181.42 port 49578:11: Bye Bye [preauth]
Jun 25 10:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: Disconnected from 106.13.181.42 port 49578 [preauth]
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26766]: pam_unix(cron:session): session closed for user root
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26683]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26827]: Successful su for rubyman by root
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26827]: + ??? root:rubyman
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589734 of user rubyman.
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26827]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589734.
Jun 25 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26689]: pam_unix(cron:session): session closed for user root
Jun 25 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24197]: pam_unix(cron:session): session closed for user root
Jun 25 10:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: Invalid user administrator from 27.128.170.160
Jun 25 10:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: input_userauth_request: invalid user administrator [preauth]
Jun 25 10:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: Failed password for invalid user administrator from 27.128.170.160 port 55564 ssh2
Jun 25 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: Received disconnect from 27.128.170.160 port 55564:11: Bye Bye [preauth]
Jun 25 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: Disconnected from 27.128.170.160 port 55564 [preauth]
Jun 25 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25875]: pam_unix(cron:session): session closed for user root
Jun 25 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27186]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27257]: Successful su for rubyman by root
Jun 25 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27257]: + ??? root:rubyman
Jun 25 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589736 of user rubyman.
Jun 25 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27257]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589736.
Jun 25 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session closed for user root
Jun 25 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27187]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 10:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27454]: Failed password for root from 121.184.144.232 port 7563 ssh2
Jun 25 10:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27454]: Received disconnect from 121.184.144.232 port 7563:11: Bye Bye [preauth]
Jun 25 10:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27454]: Disconnected from 121.184.144.232 port 7563 [preauth]
Jun 25 10:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Failed password for root from 106.13.181.42 port 37132 ssh2
Jun 25 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Received disconnect from 106.13.181.42 port 37132:11: Bye Bye [preauth]
Jun 25 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Disconnected from 106.13.181.42 port 37132 [preauth]
Jun 25 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26274]: pam_unix(cron:session): session closed for user root
Jun 25 10:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Invalid user min from 43.156.71.43
Jun 25 10:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: input_userauth_request: invalid user min [preauth]
Jun 25 10:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 10:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 10:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Failed password for invalid user min from 43.156.71.43 port 38996 ssh2
Jun 25 10:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Received disconnect from 43.156.71.43 port 38996:11: Bye Bye [preauth]
Jun 25 10:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Disconnected from 43.156.71.43 port 38996 [preauth]
Jun 25 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27617]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27683]: Successful su for rubyman by root
Jun 25 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27683]: + ??? root:rubyman
Jun 25 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589739 of user rubyman.
Jun 25 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27683]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589739.
Jun 25 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25087]: pam_unix(cron:session): session closed for user root
Jun 25 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27618]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: Failed password for root from 141.98.83.240 port 26808 ssh2
Jun 25 10:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 26808 ssh2]
Jun 25 10:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: Connection closed by 141.98.83.240 port 26808 [preauth]
Jun 25 10:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26765]: pam_unix(cron:session): session closed for user root
Jun 25 10:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: Failed password for root from 106.13.181.42 port 53454 ssh2
Jun 25 10:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: Received disconnect from 106.13.181.42 port 53454:11: Bye Bye [preauth]
Jun 25 10:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: Disconnected from 106.13.181.42 port 53454 [preauth]
Jun 25 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Failed password for root from 27.128.170.160 port 41896 ssh2
Jun 25 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Received disconnect from 27.128.170.160 port 41896:11: Bye Bye [preauth]
Jun 25 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Disconnected from 27.128.170.160 port 41896 [preauth]
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28042]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28153]: Successful su for rubyman by root
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28153]: + ??? root:rubyman
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589745 of user rubyman.
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28153]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589745.
Jun 25 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25482]: pam_unix(cron:session): session closed for user root
Jun 25 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 10:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Failed password for root from 121.184.144.232 port 25521 ssh2
Jun 25 10:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Received disconnect from 121.184.144.232 port 25521:11: Bye Bye [preauth]
Jun 25 10:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Disconnected from 121.184.144.232 port 25521 [preauth]
Jun 25 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session closed for user root
Jun 25 10:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: Failed password for root from 43.156.71.43 port 44048 ssh2
Jun 25 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: Received disconnect from 43.156.71.43 port 44048:11: Bye Bye [preauth]
Jun 25 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: Disconnected from 43.156.71.43 port 44048 [preauth]
Jun 25 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28485]: pam_unix(cron:session): session closed for user p13x
Jun 25 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28554]: Successful su for rubyman by root
Jun 25 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28554]: + ??? root:rubyman
Jun 25 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589747 of user rubyman.
Jun 25 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28554]: pam_unix(su:session): session closed for user rubyman
Jun 25 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589747.
Jun 25 10:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25874]: pam_unix(cron:session): session closed for user root
Jun 25 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28486]: pam_unix(cron:session): session closed for user samftp
Jun 25 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 10:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Failed password for root from 106.13.181.42 port 41216 ssh2
Jun 25 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Received disconnect from 106.13.181.42 port 41216:11: Bye Bye [preauth]
Jun 25 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Disconnected from 106.13.181.42 port 41216 [preauth]
Jun 25 10:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27620]: pam_unix(cron:session): session closed for user root
Jun 25 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29003]: pam_unix(cron:session): session closed for user root
Jun 25 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29010]: pam_unix(cron:session): session closed for user root
Jun 25 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29105]: Successful su for rubyman by root
Jun 25 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29105]: + ??? root:rubyman
Jun 25 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589752 of user rubyman.
Jun 25 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29105]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589752.
Jun 25 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26273]: pam_unix(cron:session): session closed for user root
Jun 25 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29005]: pam_unix(cron:session): session closed for user root
Jun 25 11:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29002]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Invalid user julian from 27.128.170.160
Jun 25 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: input_userauth_request: invalid user julian [preauth]
Jun 25 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 11:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Failed password for invalid user julian from 27.128.170.160 port 52654 ssh2
Jun 25 11:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Received disconnect from 27.128.170.160 port 52654:11: Bye Bye [preauth]
Jun 25 11:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Disconnected from 27.128.170.160 port 52654 [preauth]
Jun 25 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session closed for user root
Jun 25 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Connection closed by 106.13.181.42 port 57424 [preauth]
Jun 25 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 11:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Failed password for root from 121.184.144.232 port 40171 ssh2
Jun 25 11:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Received disconnect from 121.184.144.232 port 40171:11: Bye Bye [preauth]
Jun 25 11:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Disconnected from 121.184.144.232 port 40171 [preauth]
Jun 25 11:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: Did not receive identification string from 195.178.110.228
Jun 25 11:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 11:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Failed password for root from 43.156.71.43 port 45160 ssh2
Jun 25 11:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Received disconnect from 43.156.71.43 port 45160:11: Bye Bye [preauth]
Jun 25 11:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Disconnected from 43.156.71.43 port 45160 [preauth]
Jun 25 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29622]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29697]: Successful su for rubyman by root
Jun 25 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29697]: + ??? root:rubyman
Jun 25 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589758 of user rubyman.
Jun 25 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29697]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589758.
Jun 25 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26764]: pam_unix(cron:session): session closed for user root
Jun 25 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29623]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session closed for user root
Jun 25 11:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=root
Jun 25 11:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Failed password for root from 106.13.181.42 port 44108 ssh2
Jun 25 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Received disconnect from 106.13.181.42 port 44108:11: Bye Bye [preauth]
Jun 25 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Disconnected from 106.13.181.42 port 44108 [preauth]
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30067]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30138]: Successful su for rubyman by root
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30138]: + ??? root:rubyman
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589763 of user rubyman.
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30138]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589763.
Jun 25 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session closed for user root
Jun 25 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30068]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29009]: pam_unix(cron:session): session closed for user root
Jun 25 11:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: Invalid user emc from 27.128.170.160
Jun 25 11:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: input_userauth_request: invalid user emc [preauth]
Jun 25 11:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: Failed password for invalid user emc from 27.128.170.160 port 44998 ssh2
Jun 25 11:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: Received disconnect from 27.128.170.160 port 44998:11: Bye Bye [preauth]
Jun 25 11:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: Disconnected from 27.128.170.160 port 44998 [preauth]
Jun 25 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: Invalid user hammad from 121.184.144.232
Jun 25 11:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: input_userauth_request: invalid user hammad [preauth]
Jun 25 11:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: Failed password for invalid user hammad from 121.184.144.232 port 56607 ssh2
Jun 25 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: Received disconnect from 121.184.144.232 port 56607:11: Bye Bye [preauth]
Jun 25 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: Disconnected from 121.184.144.232 port 56607 [preauth]
Jun 25 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Failed password for root from 38.93.206.2 port 51164 ssh2
Jun 25 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Connection closed by 38.93.206.2 port 51164 [preauth]
Jun 25 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: Invalid user explore from 43.156.71.43
Jun 25 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: input_userauth_request: invalid user explore [preauth]
Jun 25 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 11:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: Failed password for invalid user explore from 43.156.71.43 port 60728 ssh2
Jun 25 11:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: Received disconnect from 43.156.71.43 port 60728:11: Bye Bye [preauth]
Jun 25 11:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: Disconnected from 43.156.71.43 port 60728 [preauth]
Jun 25 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30495]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30562]: Successful su for rubyman by root
Jun 25 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30562]: + ??? root:rubyman
Jun 25 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589767 of user rubyman.
Jun 25 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30562]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589767.
Jun 25 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27619]: pam_unix(cron:session): session closed for user root
Jun 25 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30496]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 11:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: User ftp from 106.13.181.42 not allowed because not listed in AllowUsers
Jun 25 11:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: input_userauth_request: invalid user ftp [preauth]
Jun 25 11:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42  user=ftp
Jun 25 11:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Failed password for root from 103.27.238.120 port 37284 ssh2
Jun 25 11:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Connection closed by 103.27.238.120 port 37284 [preauth]
Jun 25 11:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: Failed password for invalid user ftp from 106.13.181.42 port 60844 ssh2
Jun 25 11:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: Received disconnect from 106.13.181.42 port 60844:11: Bye Bye [preauth]
Jun 25 11:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: Disconnected from 106.13.181.42 port 60844 [preauth]
Jun 25 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29626]: pam_unix(cron:session): session closed for user root
Jun 25 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 11:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30885]: Failed password for root from 103.153.68.219 port 52850 ssh2
Jun 25 11:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30885]: Connection closed by 103.153.68.219 port 52850 [preauth]
Jun 25 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31009]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31076]: Successful su for rubyman by root
Jun 25 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31076]: + ??? root:rubyman
Jun 25 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589770 of user rubyman.
Jun 25 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31076]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589770.
Jun 25 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session closed for user root
Jun 25 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31010]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30070]: pam_unix(cron:session): session closed for user root
Jun 25 11:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Invalid user deployer from 106.13.181.42
Jun 25 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: input_userauth_request: invalid user deployer [preauth]
Jun 25 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.42
Jun 25 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Failed password for invalid user deployer from 106.13.181.42 port 48276 ssh2
Jun 25 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Received disconnect from 106.13.181.42 port 48276:11: Bye Bye [preauth]
Jun 25 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Disconnected from 106.13.181.42 port 48276 [preauth]
Jun 25 11:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31406]: Invalid user ardi from 121.184.144.232
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31406]: input_userauth_request: invalid user ardi [preauth]
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31406]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session closed for user root
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31410]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31484]: Successful su for rubyman by root
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31484]: + ??? root:rubyman
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589774 of user rubyman.
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31484]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589774.
Jun 25 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31406]: Failed password for invalid user ardi from 121.184.144.232 port 6494 ssh2
Jun 25 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31406]: Received disconnect from 121.184.144.232 port 6494:11: Bye Bye [preauth]
Jun 25 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31406]: Disconnected from 121.184.144.232 port 6494 [preauth]
Jun 25 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session closed for user root
Jun 25 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28487]: pam_unix(cron:session): session closed for user root
Jun 25 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Failed password for root from 43.156.71.43 port 40280 ssh2
Jun 25 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Received disconnect from 43.156.71.43 port 40280:11: Bye Bye [preauth]
Jun 25 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Disconnected from 43.156.71.43 port 40280 [preauth]
Jun 25 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31412]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: Invalid user lsfadmin from 27.128.170.160
Jun 25 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: input_userauth_request: invalid user lsfadmin [preauth]
Jun 25 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: Failed password for invalid user lsfadmin from 27.128.170.160 port 49714 ssh2
Jun 25 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: Received disconnect from 27.128.170.160 port 49714:11: Bye Bye [preauth]
Jun 25 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: Disconnected from 27.128.170.160 port 49714 [preauth]
Jun 25 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30498]: pam_unix(cron:session): session closed for user root
Jun 25 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 11:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: Failed password for root from 87.251.79.125 port 37438 ssh2
Jun 25 11:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: Connection closed by 87.251.79.125 port 37438 [preauth]
Jun 25 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31961]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32039]: Successful su for rubyman by root
Jun 25 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32039]: + ??? root:rubyman
Jun 25 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589782 of user rubyman.
Jun 25 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32039]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589782.
Jun 25 11:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29008]: pam_unix(cron:session): session closed for user root
Jun 25 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31962]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32185]: Received disconnect from 106.13.181.42 port 35834:11: Bye Bye [preauth]
Jun 25 11:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32185]: Disconnected from 106.13.181.42 port 35834 [preauth]
Jun 25 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31012]: pam_unix(cron:session): session closed for user root
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32370]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32436]: Successful su for rubyman by root
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32436]: + ??? root:rubyman
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589785 of user rubyman.
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32436]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589785.
Jun 25 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29624]: pam_unix(cron:session): session closed for user root
Jun 25 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32371]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: Invalid user test from 43.156.71.43
Jun 25 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: input_userauth_request: invalid user test [preauth]
Jun 25 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: Failed password for invalid user test from 43.156.71.43 port 42874 ssh2
Jun 25 11:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: Received disconnect from 43.156.71.43 port 42874:11: Bye Bye [preauth]
Jun 25 11:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32625]: Disconnected from 43.156.71.43 port 42874 [preauth]
Jun 25 11:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 11:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32627]: Failed password for root from 121.184.144.232 port 23029 ssh2
Jun 25 11:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32627]: Received disconnect from 121.184.144.232 port 23029:11: Bye Bye [preauth]
Jun 25 11:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32627]: Disconnected from 121.184.144.232 port 23029 [preauth]
Jun 25 11:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32693]: Invalid user oracle from 27.128.170.160
Jun 25 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32693]: input_userauth_request: invalid user oracle [preauth]
Jun 25 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32693]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32693]: Failed password for invalid user oracle from 27.128.170.160 port 44264 ssh2
Jun 25 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32693]: Received disconnect from 27.128.170.160 port 44264:11: Bye Bye [preauth]
Jun 25 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32693]: Disconnected from 27.128.170.160 port 44264 [preauth]
Jun 25 11:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31415]: pam_unix(cron:session): session closed for user root
Jun 25 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Failed password for root from 103.15.222.183 port 45558 ssh2
Jun 25 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Connection closed by 103.15.222.183 port 45558 [preauth]
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[323]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[390]: Successful su for rubyman by root
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[390]: + ??? root:rubyman
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589788 of user rubyman.
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[390]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589788.
Jun 25 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30069]: pam_unix(cron:session): session closed for user root
Jun 25 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[324]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31964]: pam_unix(cron:session): session closed for user root
Jun 25 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[889]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: Successful su for rubyman by root
Jun 25 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: + ??? root:rubyman
Jun 25 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589796 of user rubyman.
Jun 25 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589796.
Jun 25 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[887]: pam_unix(cron:session): session closed for user root
Jun 25 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30497]: pam_unix(cron:session): session closed for user root
Jun 25 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[890]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Invalid user ardi from 43.156.71.43
Jun 25 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: input_userauth_request: invalid user ardi [preauth]
Jun 25 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 11:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Failed password for invalid user ardi from 43.156.71.43 port 43494 ssh2
Jun 25 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Received disconnect from 43.156.71.43 port 43494:11: Bye Bye [preauth]
Jun 25 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Disconnected from 43.156.71.43 port 43494 [preauth]
Jun 25 11:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Invalid user gokul from 121.184.144.232
Jun 25 11:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: input_userauth_request: invalid user gokul [preauth]
Jun 25 11:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Failed password for invalid user gokul from 121.184.144.232 port 40254 ssh2
Jun 25 11:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Received disconnect from 121.184.144.232 port 40254:11: Bye Bye [preauth]
Jun 25 11:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Disconnected from 121.184.144.232 port 40254 [preauth]
Jun 25 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32374]: pam_unix(cron:session): session closed for user root
Jun 25 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1428]: Failed password for root from 27.128.170.160 port 56654 ssh2
Jun 25 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1428]: Received disconnect from 27.128.170.160 port 56654:11: Bye Bye [preauth]
Jun 25 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1428]: Disconnected from 27.128.170.160 port 56654 [preauth]
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1553]: pam_unix(cron:session): session closed for user root
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1486]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1638]: Successful su for rubyman by root
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1638]: + ??? root:rubyman
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589797 of user rubyman.
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1638]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589797.
Jun 25 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1550]: pam_unix(cron:session): session closed for user root
Jun 25 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31011]: pam_unix(cron:session): session closed for user root
Jun 25 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1487]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[326]: pam_unix(cron:session): session closed for user root
Jun 25 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2073]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2145]: Successful su for rubyman by root
Jun 25 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2145]: + ??? root:rubyman
Jun 25 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589805 of user rubyman.
Jun 25 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2145]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589805.
Jun 25 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31414]: pam_unix(cron:session): session closed for user root
Jun 25 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2074]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2388]: Invalid user administrator from 43.156.71.43
Jun 25 11:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2388]: input_userauth_request: invalid user administrator [preauth]
Jun 25 11:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2388]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 11:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2388]: Failed password for invalid user administrator from 43.156.71.43 port 49904 ssh2
Jun 25 11:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2388]: Received disconnect from 43.156.71.43 port 49904:11: Bye Bye [preauth]
Jun 25 11:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2388]: Disconnected from 43.156.71.43 port 49904 [preauth]
Jun 25 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[892]: pam_unix(cron:session): session closed for user root
Jun 25 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Invalid user wesley from 121.184.144.232
Jun 25 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: input_userauth_request: invalid user wesley [preauth]
Jun 25 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for invalid user wesley from 121.184.144.232 port 22690 ssh2
Jun 25 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Received disconnect from 121.184.144.232 port 22690:11: Bye Bye [preauth]
Jun 25 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Disconnected from 121.184.144.232 port 22690 [preauth]
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: Successful su for rubyman by root
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: + ??? root:rubyman
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589807 of user rubyman.
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2578]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589807.
Jun 25 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31963]: pam_unix(cron:session): session closed for user root
Jun 25 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2506]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 11:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Failed password for root from 27.128.170.160 port 44926 ssh2
Jun 25 11:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Received disconnect from 27.128.170.160 port 44926:11: Bye Bye [preauth]
Jun 25 11:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Disconnected from 27.128.170.160 port 44926 [preauth]
Jun 25 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1552]: pam_unix(cron:session): session closed for user root
Jun 25 11:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 25 11:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:165.154.48.24
Jun 25 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3018]: Successful su for rubyman by root
Jun 25 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3018]: + ??? root:rubyman
Jun 25 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589812 of user rubyman.
Jun 25 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3018]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589812.
Jun 25 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32372]: pam_unix(cron:session): session closed for user root
Jun 25 11:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 11:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Failed password for root from 43.156.71.43 port 46170 ssh2
Jun 25 11:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Received disconnect from 43.156.71.43 port 46170:11: Bye Bye [preauth]
Jun 25 11:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Disconnected from 43.156.71.43 port 46170 [preauth]
Jun 25 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2076]: pam_unix(cron:session): session closed for user root
Jun 25 11:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 11:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Failed password for root from 193.37.70.224 port 54106 ssh2
Jun 25 11:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Connection closed by 193.37.70.224 port 54106 [preauth]
Jun 25 11:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Invalid user switch from 121.184.144.232
Jun 25 11:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: input_userauth_request: invalid user switch [preauth]
Jun 25 11:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Failed password for invalid user switch from 121.184.144.232 port 7070 ssh2
Jun 25 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Received disconnect from 121.184.144.232 port 7070:11: Bye Bye [preauth]
Jun 25 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Disconnected from 121.184.144.232 port 7070 [preauth]
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3409]: Successful su for rubyman by root
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3409]: + ??? root:rubyman
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589815 of user rubyman.
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3409]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589815.
Jun 25 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[325]: pam_unix(cron:session): session closed for user root
Jun 25 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Invalid user student from 27.128.170.160
Jun 25 11:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: input_userauth_request: invalid user student [preauth]
Jun 25 11:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 11:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Failed password for invalid user student from 27.128.170.160 port 50234 ssh2
Jun 25 11:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Received disconnect from 27.128.170.160 port 50234:11: Bye Bye [preauth]
Jun 25 11:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Disconnected from 27.128.170.160 port 50234 [preauth]
Jun 25 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session closed for user root
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3852]: pam_unix(cron:session): session closed for user root
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3847]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: Successful su for rubyman by root
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: + ??? root:rubyman
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589823 of user rubyman.
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589823.
Jun 25 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3849]: pam_unix(cron:session): session closed for user root
Jun 25 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session closed for user root
Jun 25 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2960]: pam_unix(cron:session): session closed for user root
Jun 25 11:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 11:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Failed password for root from 43.156.71.43 port 46668 ssh2
Jun 25 11:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Received disconnect from 43.156.71.43 port 46668:11: Bye Bye [preauth]
Jun 25 11:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Disconnected from 43.156.71.43 port 46668 [preauth]
Jun 25 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4395]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4461]: Successful su for rubyman by root
Jun 25 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4461]: + ??? root:rubyman
Jun 25 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589825 of user rubyman.
Jun 25 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4461]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589825.
Jun 25 11:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1551]: pam_unix(cron:session): session closed for user root
Jun 25 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4396]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Invalid user emc from 121.184.144.232
Jun 25 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: input_userauth_request: invalid user emc [preauth]
Jun 25 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Failed password for invalid user emc from 121.184.144.232 port 22019 ssh2
Jun 25 11:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Received disconnect from 121.184.144.232 port 22019:11: Bye Bye [preauth]
Jun 25 11:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Disconnected from 121.184.144.232 port 22019 [preauth]
Jun 25 11:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 11:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: Failed password for root from 147.45.199.80 port 35178 ssh2
Jun 25 11:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: Connection closed by 147.45.199.80 port 35178 [preauth]
Jun 25 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3354]: pam_unix(cron:session): session closed for user root
Jun 25 11:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 11:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: Failed password for root from 27.128.170.160 port 43308 ssh2
Jun 25 11:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: Received disconnect from 27.128.170.160 port 43308:11: Bye Bye [preauth]
Jun 25 11:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: Disconnected from 27.128.170.160 port 43308 [preauth]
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4911]: pam_unix(cron:session): session closed for user root
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4989]: Successful su for rubyman by root
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4989]: + ??? root:rubyman
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589829 of user rubyman.
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4989]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589829.
Jun 25 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2075]: pam_unix(cron:session): session closed for user root
Jun 25 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3851]: pam_unix(cron:session): session closed for user root
Jun 25 11:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 11:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5297]: Failed password for root from 62.133.62.83 port 42512 ssh2
Jun 25 11:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5297]: Connection closed by 62.133.62.83 port 42512 [preauth]
Jun 25 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Invalid user julian from 43.156.71.43
Jun 25 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: input_userauth_request: invalid user julian [preauth]
Jun 25 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Failed password for invalid user julian from 43.156.71.43 port 53332 ssh2
Jun 25 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Received disconnect from 43.156.71.43 port 53332:11: Bye Bye [preauth]
Jun 25 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Disconnected from 43.156.71.43 port 53332 [preauth]
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5323]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5397]: Successful su for rubyman by root
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5397]: + ??? root:rubyman
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589834 of user rubyman.
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5397]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589834.
Jun 25 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session closed for user root
Jun 25 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5324]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Invalid user student from 121.184.144.232
Jun 25 11:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: input_userauth_request: invalid user student [preauth]
Jun 25 11:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for invalid user student from 121.184.144.232 port 37433 ssh2
Jun 25 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Received disconnect from 121.184.144.232 port 37433:11: Bye Bye [preauth]
Jun 25 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Disconnected from 121.184.144.232 port 37433 [preauth]
Jun 25 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4398]: pam_unix(cron:session): session closed for user root
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5727]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5789]: Successful su for rubyman by root
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5789]: + ??? root:rubyman
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589839 of user rubyman.
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5789]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589839.
Jun 25 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2959]: pam_unix(cron:session): session closed for user root
Jun 25 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5728]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Invalid user switch from 27.128.170.160
Jun 25 11:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: input_userauth_request: invalid user switch [preauth]
Jun 25 11:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Failed password for invalid user switch from 27.128.170.160 port 34724 ssh2
Jun 25 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Received disconnect from 27.128.170.160 port 34724:11: Bye Bye [preauth]
Jun 25 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Disconnected from 27.128.170.160 port 34724 [preauth]
Jun 25 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4918]: pam_unix(cron:session): session closed for user root
Jun 25 11:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Invalid user vpsuser from 43.156.71.43
Jun 25 11:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: input_userauth_request: invalid user vpsuser [preauth]
Jun 25 11:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 11:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Failed password for invalid user vpsuser from 43.156.71.43 port 45134 ssh2
Jun 25 11:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Received disconnect from 43.156.71.43 port 45134:11: Bye Bye [preauth]
Jun 25 11:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Disconnected from 43.156.71.43 port 45134 [preauth]
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session closed for user root
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6114]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6188]: Successful su for rubyman by root
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6188]: + ??? root:rubyman
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589845 of user rubyman.
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6188]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589845.
Jun 25 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6116]: pam_unix(cron:session): session closed for user root
Jun 25 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3353]: pam_unix(cron:session): session closed for user root
Jun 25 11:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6115]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5329]: pam_unix(cron:session): session closed for user root
Jun 25 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6459]: Failed password for root from 121.184.144.232 port 52554 ssh2
Jun 25 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6459]: Received disconnect from 121.184.144.232 port 52554:11: Bye Bye [preauth]
Jun 25 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6459]: Disconnected from 121.184.144.232 port 52554 [preauth]
Jun 25 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 11:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: Failed password for root from 194.113.233.25 port 35878 ssh2
Jun 25 11:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: Connection closed by 194.113.233.25 port 35878 [preauth]
Jun 25 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6542]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6540]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6608]: Successful su for rubyman by root
Jun 25 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6608]: + ??? root:rubyman
Jun 25 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589848 of user rubyman.
Jun 25 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6608]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589848.
Jun 25 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session closed for user root
Jun 25 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6541]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5730]: pam_unix(cron:session): session closed for user root
Jun 25 11:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Failed password for root from 27.128.170.160 port 57516 ssh2
Jun 25 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Received disconnect from 27.128.170.160 port 57516:11: Bye Bye [preauth]
Jun 25 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Disconnected from 27.128.170.160 port 57516 [preauth]
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6981]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7119]: Successful su for rubyman by root
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7119]: + ??? root:rubyman
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589852 of user rubyman.
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7119]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589852.
Jun 25 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4397]: pam_unix(cron:session): session closed for user root
Jun 25 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6984]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7258]: Failed password for root from 43.156.71.43 port 52864 ssh2
Jun 25 11:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7258]: Received disconnect from 43.156.71.43 port 52864:11: Bye Bye [preauth]
Jun 25 11:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7258]: Disconnected from 43.156.71.43 port 52864 [preauth]
Jun 25 11:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 11:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Failed password for root from 109.237.96.109 port 41048 ssh2
Jun 25 11:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Connection closed by 109.237.96.109 port 41048 [preauth]
Jun 25 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6118]: pam_unix(cron:session): session closed for user root
Jun 25 11:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: Invalid user test from 121.184.144.232
Jun 25 11:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: input_userauth_request: invalid user test [preauth]
Jun 25 11:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: Failed password for invalid user test from 121.184.144.232 port 43643 ssh2
Jun 25 11:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: Received disconnect from 121.184.144.232 port 43643:11: Bye Bye [preauth]
Jun 25 11:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7443]: Disconnected from 121.184.144.232 port 43643 [preauth]
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7463]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7522]: Successful su for rubyman by root
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7522]: + ??? root:rubyman
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589857 of user rubyman.
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7522]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589857.
Jun 25 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session closed for user root
Jun 25 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6543]: pam_unix(cron:session): session closed for user root
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7945]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8005]: Successful su for rubyman by root
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8005]: + ??? root:rubyman
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589860 of user rubyman.
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8005]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589860.
Jun 25 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5328]: pam_unix(cron:session): session closed for user root
Jun 25 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7946]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: Invalid user hammad from 27.128.170.160
Jun 25 11:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: input_userauth_request: invalid user hammad [preauth]
Jun 25 11:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 11:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: Failed password for invalid user hammad from 27.128.170.160 port 36870 ssh2
Jun 25 11:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: Received disconnect from 27.128.170.160 port 36870:11: Bye Bye [preauth]
Jun 25 11:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: Disconnected from 27.128.170.160 port 36870 [preauth]
Jun 25 11:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Failed password for root from 43.156.71.43 port 54136 ssh2
Jun 25 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Received disconnect from 43.156.71.43 port 54136:11: Bye Bye [preauth]
Jun 25 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Disconnected from 43.156.71.43 port 54136 [preauth]
Jun 25 11:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: Did not receive identification string from 205.210.31.180
Jun 25 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6990]: pam_unix(cron:session): session closed for user root
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8349]: pam_unix(cron:session): session closed for user root
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8343]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8414]: Successful su for rubyman by root
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8414]: + ??? root:rubyman
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589869 of user rubyman.
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8414]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589869.
Jun 25 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8346]: pam_unix(cron:session): session closed for user root
Jun 25 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5729]: pam_unix(cron:session): session closed for user root
Jun 25 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Invalid user eugene from 121.184.144.232
Jun 25 11:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: input_userauth_request: invalid user eugene [preauth]
Jun 25 11:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Failed password for invalid user eugene from 121.184.144.232 port 21363 ssh2
Jun 25 11:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Received disconnect from 121.184.144.232 port 21363:11: Bye Bye [preauth]
Jun 25 11:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Disconnected from 121.184.144.232 port 21363 [preauth]
Jun 25 11:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7466]: pam_unix(cron:session): session closed for user root
Jun 25 11:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 11:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Failed password for root from 141.98.83.240 port 48230 ssh2
Jun 25 11:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 48230 ssh2]
Jun 25 11:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Connection closed by 141.98.83.240 port 48230 [preauth]
Jun 25 11:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8845]: Successful su for rubyman by root
Jun 25 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8845]: + ??? root:rubyman
Jun 25 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589870 of user rubyman.
Jun 25 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8845]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589870.
Jun 25 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session closed for user root
Jun 25 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: User mysql from 43.156.71.43 not allowed because not listed in AllowUsers
Jun 25 11:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: input_userauth_request: invalid user mysql [preauth]
Jun 25 11:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=mysql
Jun 25 11:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: Failed password for invalid user mysql from 43.156.71.43 port 48576 ssh2
Jun 25 11:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: Received disconnect from 43.156.71.43 port 48576:11: Bye Bye [preauth]
Jun 25 11:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: Disconnected from 43.156.71.43 port 48576 [preauth]
Jun 25 11:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Failed password for root from 27.128.170.160 port 59706 ssh2
Jun 25 11:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Received disconnect from 27.128.170.160 port 59706:11: Bye Bye [preauth]
Jun 25 11:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Disconnected from 27.128.170.160 port 59706 [preauth]
Jun 25 11:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7948]: pam_unix(cron:session): session closed for user root
Jun 25 11:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 11:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9168]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 11:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9168]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9179]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9243]: Successful su for rubyman by root
Jun 25 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9243]: + ??? root:rubyman
Jun 25 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589877 of user rubyman.
Jun 25 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9243]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589877.
Jun 25 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6542]: pam_unix(cron:session): session closed for user root
Jun 25 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9180]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9461]: Connection closed by 71.31.179.88 port 60835 [preauth]
Jun 25 11:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232  user=root
Jun 25 11:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Failed password for root from 121.184.144.232 port 37164 ssh2
Jun 25 11:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Received disconnect from 121.184.144.232 port 37164:11: Bye Bye [preauth]
Jun 25 11:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Disconnected from 121.184.144.232 port 37164 [preauth]
Jun 25 11:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8348]: pam_unix(cron:session): session closed for user root
Jun 25 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9576]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9642]: Successful su for rubyman by root
Jun 25 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9642]: + ??? root:rubyman
Jun 25 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589880 of user rubyman.
Jun 25 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9642]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589880.
Jun 25 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6985]: pam_unix(cron:session): session closed for user root
Jun 25 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9577]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43  user=root
Jun 25 11:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Failed password for root from 43.156.71.43 port 60840 ssh2
Jun 25 11:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Received disconnect from 43.156.71.43 port 60840:11: Bye Bye [preauth]
Jun 25 11:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Disconnected from 43.156.71.43 port 60840 [preauth]
Jun 25 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8780]: pam_unix(cron:session): session closed for user root
Jun 25 11:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=root
Jun 25 11:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Failed password for root from 27.128.170.160 port 53724 ssh2
Jun 25 11:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Received disconnect from 27.128.170.160 port 53724:11: Bye Bye [preauth]
Jun 25 11:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Disconnected from 27.128.170.160 port 53724 [preauth]
Jun 25 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10153]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10306]: Successful su for rubyman by root
Jun 25 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10306]: + ??? root:rubyman
Jun 25 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589883 of user rubyman.
Jun 25 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10306]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589883.
Jun 25 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7465]: pam_unix(cron:session): session closed for user root
Jun 25 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10154]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9182]: pam_unix(cron:session): session closed for user root
Jun 25 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Invalid user administrator from 121.184.144.232
Jun 25 11:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: input_userauth_request: invalid user administrator [preauth]
Jun 25 11:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Failed password for invalid user administrator from 121.184.144.232 port 52403 ssh2
Jun 25 11:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Received disconnect from 121.184.144.232 port 52403:11: Bye Bye [preauth]
Jun 25 11:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Disconnected from 121.184.144.232 port 52403 [preauth]
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10656]: pam_unix(cron:session): session closed for user root
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10723]: Successful su for rubyman by root
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10723]: + ??? root:rubyman
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589891 of user rubyman.
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10723]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589891.
Jun 25 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10653]: pam_unix(cron:session): session closed for user root
Jun 25 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7947]: pam_unix(cron:session): session closed for user root
Jun 25 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: Invalid user hammad from 43.156.71.43
Jun 25 11:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: input_userauth_request: invalid user hammad [preauth]
Jun 25 11:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: Failed password for invalid user hammad from 43.156.71.43 port 55006 ssh2
Jun 25 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: Received disconnect from 43.156.71.43 port 55006:11: Bye Bye [preauth]
Jun 25 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: Disconnected from 43.156.71.43 port 55006 [preauth]
Jun 25 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session closed for user root
Jun 25 11:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Connection closed by 194.59.206.2 port 40400 [preauth]
Jun 25 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11175]: Successful su for rubyman by root
Jun 25 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11175]: + ??? root:rubyman
Jun 25 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589892 of user rubyman.
Jun 25 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11175]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589892.
Jun 25 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8347]: pam_unix(cron:session): session closed for user root
Jun 25 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Invalid user test from 27.128.170.160
Jun 25 11:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: input_userauth_request: invalid user test [preauth]
Jun 25 11:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 11:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Failed password for invalid user test from 27.128.170.160 port 39780 ssh2
Jun 25 11:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Received disconnect from 27.128.170.160 port 39780:11: Bye Bye [preauth]
Jun 25 11:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Disconnected from 27.128.170.160 port 39780 [preauth]
Jun 25 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10157]: pam_unix(cron:session): session closed for user root
Jun 25 11:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Invalid user explore from 121.184.144.232
Jun 25 11:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: input_userauth_request: invalid user explore [preauth]
Jun 25 11:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Failed password for invalid user explore from 121.184.144.232 port 2765 ssh2
Jun 25 11:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Received disconnect from 121.184.144.232 port 2765:11: Bye Bye [preauth]
Jun 25 11:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Disconnected from 121.184.144.232 port 2765 [preauth]
Jun 25 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11541]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11601]: Successful su for rubyman by root
Jun 25 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11601]: + ??? root:rubyman
Jun 25 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589896 of user rubyman.
Jun 25 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11601]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589896.
Jun 25 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8778]: pam_unix(cron:session): session closed for user root
Jun 25 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11542]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Invalid user lsfadmin from 43.156.71.43
Jun 25 11:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: input_userauth_request: invalid user lsfadmin [preauth]
Jun 25 11:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.71.43
Jun 25 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Failed password for invalid user lsfadmin from 43.156.71.43 port 44550 ssh2
Jun 25 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Received disconnect from 43.156.71.43 port 44550:11: Bye Bye [preauth]
Jun 25 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Disconnected from 43.156.71.43 port 44550 [preauth]
Jun 25 11:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10655]: pam_unix(cron:session): session closed for user root
Jun 25 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: Successful su for rubyman by root
Jun 25 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: + ??? root:rubyman
Jun 25 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589900 of user rubyman.
Jun 25 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589900.
Jun 25 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9181]: pam_unix(cron:session): session closed for user root
Jun 25 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 11:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: Invalid user jordi from 27.128.170.160
Jun 25 11:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: input_userauth_request: invalid user jordi [preauth]
Jun 25 11:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session closed for user root
Jun 25 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Failed password for root from 103.27.238.114 port 57168 ssh2
Jun 25 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: Failed password for invalid user jordi from 27.128.170.160 port 44012 ssh2
Jun 25 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: Received disconnect from 27.128.170.160 port 44012:11: Bye Bye [preauth]
Jun 25 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12435]: Disconnected from 27.128.170.160 port 44012 [preauth]
Jun 25 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Connection closed by 103.27.238.114 port 57168 [preauth]
Jun 25 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12520]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12583]: Successful su for rubyman by root
Jun 25 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12583]: + ??? root:rubyman
Jun 25 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589906 of user rubyman.
Jun 25 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12583]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589906.
Jun 25 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session closed for user root
Jun 25 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12521]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: Invalid user vpsuser from 121.184.144.232
Jun 25 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: input_userauth_request: invalid user vpsuser [preauth]
Jun 25 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: Failed password for invalid user vpsuser from 121.184.144.232 port 17780 ssh2
Jun 25 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: Received disconnect from 121.184.144.232 port 17780:11: Bye Bye [preauth]
Jun 25 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12777]: Disconnected from 121.184.144.232 port 17780 [preauth]
Jun 25 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11544]: pam_unix(cron:session): session closed for user root
Jun 25 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session closed for user root
Jun 25 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12938]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13005]: Successful su for rubyman by root
Jun 25 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13005]: + ??? root:rubyman
Jun 25 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589908 of user rubyman.
Jun 25 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13005]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589908.
Jun 25 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session closed for user root
Jun 25 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10156]: pam_unix(cron:session): session closed for user root
Jun 25 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12001]: pam_unix(cron:session): session closed for user root
Jun 25 11:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: Invalid user min from 27.128.170.160
Jun 25 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: input_userauth_request: invalid user min [preauth]
Jun 25 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160
Jun 25 11:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: Failed password for invalid user min from 27.128.170.160 port 46420 ssh2
Jun 25 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: Received disconnect from 27.128.170.160 port 46420:11: Bye Bye [preauth]
Jun 25 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: Disconnected from 27.128.170.160 port 46420 [preauth]
Jun 25 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13447]: Successful su for rubyman by root
Jun 25 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13447]: + ??? root:rubyman
Jun 25 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589916 of user rubyman.
Jun 25 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13447]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589916.
Jun 25 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session closed for user root
Jun 25 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Invalid user jordi from 121.184.144.232
Jun 25 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: input_userauth_request: invalid user jordi [preauth]
Jun 25 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.144.232
Jun 25 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Failed password for root from 103.149.28.157 port 42106 ssh2
Jun 25 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Connection closed by 103.149.28.157 port 42106 [preauth]
Jun 25 11:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Failed password for invalid user jordi from 121.184.144.232 port 21232 ssh2
Jun 25 11:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Received disconnect from 121.184.144.232 port 21232:11: Bye Bye [preauth]
Jun 25 11:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Disconnected from 121.184.144.232 port 21232 [preauth]
Jun 25 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session closed for user root
Jun 25 11:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 11:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 11:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13748]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13792]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: Successful su for rubyman by root
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: + ??? root:rubyman
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589919 of user rubyman.
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589919.
Jun 25 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session closed for user root
Jun 25 11:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13793]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session closed for user root
Jun 25 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14252]: Successful su for rubyman by root
Jun 25 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14252]: + ??? root:rubyman
Jun 25 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589922 of user rubyman.
Jun 25 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14252]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589922.
Jun 25 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11543]: pam_unix(cron:session): session closed for user root
Jun 25 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: User mysql from 27.128.170.160 not allowed because not listed in AllowUsers
Jun 25 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: input_userauth_request: invalid user mysql [preauth]
Jun 25 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.170.160  user=mysql
Jun 25 11:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Failed password for invalid user mysql from 27.128.170.160 port 43414 ssh2
Jun 25 11:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Received disconnect from 27.128.170.160 port 43414:11: Bye Bye [preauth]
Jun 25 11:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Disconnected from 27.128.170.160 port 43414 [preauth]
Jun 25 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session closed for user root
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14784]: Successful su for rubyman by root
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14784]: + ??? root:rubyman
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589927 of user rubyman.
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14784]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589927.
Jun 25 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14577]: pam_unix(cron:session): session closed for user root
Jun 25 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12000]: pam_unix(cron:session): session closed for user root
Jun 25 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Invalid user admin from 2.57.121.25
Jun 25 11:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: input_userauth_request: invalid user admin [preauth]
Jun 25 11:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 11:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Failed password for invalid user admin from 2.57.121.25 port 8184 ssh2
Jun 25 11:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Failed password for invalid user admin from 2.57.121.25 port 8184 ssh2
Jun 25 11:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Failed password for invalid user admin from 2.57.121.25 port 8184 ssh2
Jun 25 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: Connection closed by 2.57.121.25 port 8184 [preauth]
Jun 25 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15048]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13795]: pam_unix(cron:session): session closed for user root
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session closed for user root
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15235]: Successful su for rubyman by root
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15235]: + ??? root:rubyman
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589931 of user rubyman.
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15235]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589931.
Jun 25 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session closed for user root
Jun 25 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session closed for user root
Jun 25 11:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Failed password for root from 80.66.85.226 port 49166 ssh2
Jun 25 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Connection closed by 80.66.85.226 port 49166 [preauth]
Jun 25 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user root
Jun 25 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: Successful su for rubyman by root
Jun 25 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: + ??? root:rubyman
Jun 25 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589938 of user rubyman.
Jun 25 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589938.
Jun 25 11:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session closed for user root
Jun 25 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session closed for user root
Jun 25 11:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Invalid user ali from 193.46.255.86
Jun 25 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: input_userauth_request: invalid user ali [preauth]
Jun 25 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 11:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Failed password for invalid user ali from 193.46.255.86 port 62994 ssh2
Jun 25 11:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Failed password for invalid user ali from 193.46.255.86 port 62994 ssh2
Jun 25 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15983]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16042]: Successful su for rubyman by root
Jun 25 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16042]: + ??? root:rubyman
Jun 25 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589942 of user rubyman.
Jun 25 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16042]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589942.
Jun 25 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Failed password for invalid user ali from 193.46.255.86 port 62994 ssh2
Jun 25 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Connection closed by 193.46.255.86 port 62994 [preauth]
Jun 25 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session closed for user root
Jun 25 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: Connection closed by 103.203.57.2 port 54312 [preauth]
Jun 25 11:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: Received disconnect from 206.212.244.18 port 62150:11: disconnected by user [preauth]
Jun 25 11:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: Disconnected from 206.212.244.18 port 62150 [preauth]
Jun 25 11:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session closed for user root
Jun 25 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16427]: Successful su for rubyman by root
Jun 25 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16427]: + ??? root:rubyman
Jun 25 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589946 of user rubyman.
Jun 25 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16427]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589946.
Jun 25 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13794]: pam_unix(cron:session): session closed for user root
Jun 25 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session closed for user root
Jun 25 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16768]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16834]: Successful su for rubyman by root
Jun 25 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16834]: + ??? root:rubyman
Jun 25 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589949 of user rubyman.
Jun 25 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16834]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589949.
Jun 25 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user root
Jun 25 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: Failed password for root from 103.82.132.16 port 43790 ssh2
Jun 25 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16846]: Connection closed by 103.82.132.16 port 43790 [preauth]
Jun 25 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16769]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15987]: pam_unix(cron:session): session closed for user root
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17267]: pam_unix(cron:session): session closed for user root
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17262]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17337]: Successful su for rubyman by root
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17337]: + ??? root:rubyman
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589953 of user rubyman.
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17337]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589953.
Jun 25 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17264]: pam_unix(cron:session): session closed for user root
Jun 25 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session closed for user root
Jun 25 11:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17263]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16370]: pam_unix(cron:session): session closed for user root
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17784]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17866]: Successful su for rubyman by root
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17866]: + ??? root:rubyman
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589960 of user rubyman.
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17866]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589960.
Jun 25 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session closed for user root
Jun 25 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17785]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 11:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Failed password for root from 38.93.206.2 port 40318 ssh2
Jun 25 11:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Connection closed by 38.93.206.2 port 40318 [preauth]
Jun 25 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16771]: pam_unix(cron:session): session closed for user root
Jun 25 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18230]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18299]: Successful su for rubyman by root
Jun 25 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18299]: + ??? root:rubyman
Jun 25 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589963 of user rubyman.
Jun 25 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18299]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589963.
Jun 25 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session closed for user root
Jun 25 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18231]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17266]: pam_unix(cron:session): session closed for user root
Jun 25 11:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18697]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 25 11:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18697]: Received disconnect from 191.101.33.115 port 58336:11: disconnected by user [preauth]
Jun 25 11:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18697]: Disconnected from 191.101.33.115 port 58336 [preauth]
Jun 25 11:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: Invalid user gpadmin from 180.93.52.137
Jun 25 11:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: input_userauth_request: invalid user gpadmin [preauth]
Jun 25 11:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.93.52.137
Jun 25 11:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: Failed password for invalid user gpadmin from 180.93.52.137 port 37000 ssh2
Jun 25 11:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: Connection closed by 180.93.52.137 port 37000 [preauth]
Jun 25 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18734]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18803]: Successful su for rubyman by root
Jun 25 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18803]: + ??? root:rubyman
Jun 25 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589968 of user rubyman.
Jun 25 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18803]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589968.
Jun 25 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session closed for user root
Jun 25 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18735]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Invalid user khadijah from 2.57.121.112
Jun 25 11:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: input_userauth_request: invalid user khadijah [preauth]
Jun 25 11:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 11:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Failed password for invalid user khadijah from 2.57.121.112 port 42608 ssh2
Jun 25 11:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17789]: pam_unix(cron:session): session closed for user root
Jun 25 11:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Failed password for invalid user khadijah from 2.57.121.112 port 42608 ssh2
Jun 25 11:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Failed password for invalid user khadijah from 2.57.121.112 port 42608 ssh2
Jun 25 11:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Failed password for invalid user khadijah from 2.57.121.112 port 42608 ssh2
Jun 25 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: Connection closed by 2.57.121.112 port 42608 [preauth]
Jun 25 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19059]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: Invalid user khadijah from 2.57.121.112
Jun 25 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: input_userauth_request: invalid user khadijah [preauth]
Jun 25 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: Failed password for invalid user khadijah from 2.57.121.112 port 18096 ssh2
Jun 25 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19099]: Connection closed by 2.57.121.112 port 18096 [preauth]
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19246]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19308]: Successful su for rubyman by root
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19308]: + ??? root:rubyman
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589972 of user rubyman.
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19308]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589972.
Jun 25 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session closed for user root
Jun 25 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19247]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19461]: Failed password for root from 103.82.20.28 port 43236 ssh2
Jun 25 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19461]: Connection closed by 103.82.20.28 port 43236 [preauth]
Jun 25 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18233]: pam_unix(cron:session): session closed for user root
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session closed for user root
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: Successful su for rubyman by root
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: + ??? root:rubyman
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589975 of user rubyman.
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589975.
Jun 25 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session closed for user root
Jun 25 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16770]: pam_unix(cron:session): session closed for user root
Jun 25 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18737]: pam_unix(cron:session): session closed for user root
Jun 25 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: Failed password for root from 77.94.47.83 port 42868 ssh2
Jun 25 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: Connection closed by 77.94.47.83 port 42868 [preauth]
Jun 25 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20405]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20481]: Successful su for rubyman by root
Jun 25 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20481]: + ??? root:rubyman
Jun 25 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589982 of user rubyman.
Jun 25 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20481]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589982.
Jun 25 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17265]: pam_unix(cron:session): session closed for user root
Jun 25 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20406]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19250]: pam_unix(cron:session): session closed for user root
Jun 25 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 11:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 11:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20855]: Bad protocol version identification 'GET / HTTP/1.1' from 67.205.158.255 port 44164
Jun 25 11:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20856]: Bad protocol version identification 'GET /favicon.ico HTTP/1.1' from 67.205.158.255 port 44176
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20911]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20970]: Successful su for rubyman by root
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20970]: + ??? root:rubyman
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589985 of user rubyman.
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20970]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589985.
Jun 25 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17787]: pam_unix(cron:session): session closed for user root
Jun 25 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20912]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session closed for user root
Jun 25 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Failed password for root from 103.27.238.116 port 49422 ssh2
Jun 25 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Connection closed by 103.27.238.116 port 49422 [preauth]
Jun 25 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21322]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21387]: Successful su for rubyman by root
Jun 25 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21387]: + ??? root:rubyman
Jun 25 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589991 of user rubyman.
Jun 25 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21387]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589991.
Jun 25 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 25 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18232]: pam_unix(cron:session): session closed for user root
Jun 25 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Failed password for root from 94.159.110.201 port 50128 ssh2
Jun 25 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Connection closed by 94.159.110.201 port 50128 [preauth]
Jun 25 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21323]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session closed for user root
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21754]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: Successful su for rubyman by root
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: + ??? root:rubyman
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 589994 of user rubyman.
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 589994.
Jun 25 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18736]: pam_unix(cron:session): session closed for user root
Jun 25 11:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21755]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: Invalid user admin from 141.98.83.240
Jun 25 11:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: input_userauth_request: invalid user admin [preauth]
Jun 25 11:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: Failed password for invalid user admin from 141.98.83.240 port 21356 ssh2
Jun 25 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 11:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: Failed password for invalid user admin from 141.98.83.240 port 21356 ssh2
Jun 25 11:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22062]: Failed password for root from 103.77.175.15 port 55142 ssh2
Jun 25 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22062]: Connection closed by 103.77.175.15 port 55142 [preauth]
Jun 25 11:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: Failed password for invalid user admin from 141.98.83.240 port 21356 ssh2
Jun 25 11:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: Connection closed by 141.98.83.240 port 21356 [preauth]
Jun 25 11:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20914]: pam_unix(cron:session): session closed for user root
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22164]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22164]: pam_unix(cron:session): session closed for user root
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22159]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22231]: Successful su for rubyman by root
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22231]: + ??? root:rubyman
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590001 of user rubyman.
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22231]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590001.
Jun 25 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22161]: pam_unix(cron:session): session closed for user root
Jun 25 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19248]: pam_unix(cron:session): session closed for user root
Jun 25 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22160]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21325]: pam_unix(cron:session): session closed for user root
Jun 25 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22684]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22754]: Successful su for rubyman by root
Jun 25 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22754]: + ??? root:rubyman
Jun 25 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590003 of user rubyman.
Jun 25 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22754]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590003.
Jun 25 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19877]: pam_unix(cron:session): session closed for user root
Jun 25 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22685]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21757]: pam_unix(cron:session): session closed for user root
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: Successful su for rubyman by root
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: + ??? root:rubyman
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590007 of user rubyman.
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23151]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590007.
Jun 25 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20408]: pam_unix(cron:session): session closed for user root
Jun 25 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22163]: pam_unix(cron:session): session closed for user root
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23508]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23573]: Successful su for rubyman by root
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23573]: + ??? root:rubyman
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590011 of user rubyman.
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23573]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590011.
Jun 25 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session closed for user root
Jun 25 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23511]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22687]: pam_unix(cron:session): session closed for user root
Jun 25 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: Failed password for root from 51.250.105.222 port 48764 ssh2
Jun 25 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24001]: Connection closed by 51.250.105.222 port 48764 [preauth]
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24031]: pam_unix(cron:session): session closed for user p13x
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24091]: Successful su for rubyman by root
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24091]: + ??? root:rubyman
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590016 of user rubyman.
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24091]: pam_unix(su:session): session closed for user rubyman
Jun 25 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590016.
Jun 25 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session closed for user root
Jun 25 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24032]: pam_unix(cron:session): session closed for user samftp
Jun 25 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session closed for user root
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session closed for user root
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24447]: pam_unix(cron:session): session closed for user root
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24445]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24545]: Successful su for rubyman by root
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24545]: + ??? root:rubyman
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590019 of user rubyman.
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24545]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590019.
Jun 25 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session closed for user root
Jun 25 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21756]: pam_unix(cron:session): session closed for user root
Jun 25 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24446]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23513]: pam_unix(cron:session): session closed for user root
Jun 25 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24958]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: Successful su for rubyman by root
Jun 25 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: + ??? root:rubyman
Jun 25 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590027 of user rubyman.
Jun 25 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590027.
Jun 25 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22162]: pam_unix(cron:session): session closed for user root
Jun 25 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24960]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24034]: pam_unix(cron:session): session closed for user root
Jun 25 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Failed password for root from 103.122.221.179 port 59750 ssh2
Jun 25 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Connection closed by 103.122.221.179 port 59750 [preauth]
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25371]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25431]: Successful su for rubyman by root
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25431]: + ??? root:rubyman
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590030 of user rubyman.
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25431]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590030.
Jun 25 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22686]: pam_unix(cron:session): session closed for user root
Jun 25 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25372]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session closed for user root
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25824]: Successful su for rubyman by root
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25824]: + ??? root:rubyman
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590034 of user rubyman.
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25824]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590034.
Jun 25 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session closed for user root
Jun 25 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24962]: pam_unix(cron:session): session closed for user root
Jun 25 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26145]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26210]: Successful su for rubyman by root
Jun 25 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26210]: + ??? root:rubyman
Jun 25 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590038 of user rubyman.
Jun 25 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26210]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590038.
Jun 25 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23512]: pam_unix(cron:session): session closed for user root
Jun 25 12:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26147]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25374]: pam_unix(cron:session): session closed for user root
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26552]: pam_unix(cron:session): session closed for user root
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26547]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26622]: Successful su for rubyman by root
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26622]: + ??? root:rubyman
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590046 of user rubyman.
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26622]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590046.
Jun 25 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26549]: pam_unix(cron:session): session closed for user root
Jun 25 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24033]: pam_unix(cron:session): session closed for user root
Jun 25 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26548]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session closed for user root
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27059]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27126]: Successful su for rubyman by root
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27126]: + ??? root:rubyman
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590048 of user rubyman.
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27126]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590048.
Jun 25 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24449]: pam_unix(cron:session): session closed for user root
Jun 25 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 12:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Failed password for root from 202.178.126.219 port 48242 ssh2
Jun 25 12:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Connection closed by 202.178.126.219 port 48242 [preauth]
Jun 25 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session closed for user root
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27549]: Successful su for rubyman by root
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27549]: + ??? root:rubyman
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590052 of user rubyman.
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27549]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590052.
Jun 25 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24961]: pam_unix(cron:session): session closed for user root
Jun 25 12:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27482]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26551]: pam_unix(cron:session): session closed for user root
Jun 25 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27895]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27959]: Successful su for rubyman by root
Jun 25 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27959]: + ??? root:rubyman
Jun 25 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590056 of user rubyman.
Jun 25 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27959]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590056.
Jun 25 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25373]: pam_unix(cron:session): session closed for user root
Jun 25 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27896]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27060]: pam_unix(cron:session): session closed for user root
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28348]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28468]: Successful su for rubyman by root
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28468]: + ??? root:rubyman
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590062 of user rubyman.
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28468]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590062.
Jun 25 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28346]: pam_unix(cron:session): session closed for user root
Jun 25 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session closed for user root
Jun 25 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28349]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27484]: pam_unix(cron:session): session closed for user root
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28945]: pam_unix(cron:session): session closed for user root
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28939]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29015]: Successful su for rubyman by root
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29015]: + ??? root:rubyman
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590065 of user rubyman.
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29015]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590065.
Jun 25 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28941]: pam_unix(cron:session): session closed for user root
Jun 25 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26149]: pam_unix(cron:session): session closed for user root
Jun 25 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28940]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27898]: pam_unix(cron:session): session closed for user root
Jun 25 12:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: Connection closed by 192.248.150.180 port 36718 [preauth]
Jun 25 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29393]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29460]: Successful su for rubyman by root
Jun 25 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29460]: + ??? root:rubyman
Jun 25 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590072 of user rubyman.
Jun 25 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29460]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590072.
Jun 25 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26550]: pam_unix(cron:session): session closed for user root
Jun 25 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29394]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28351]: pam_unix(cron:session): session closed for user root
Jun 25 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Failed password for root from 103.77.242.62 port 52692 ssh2
Jun 25 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Connection closed by 103.77.242.62 port 52692 [preauth]
Jun 25 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30000]: Successful su for rubyman by root
Jun 25 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30000]: + ??? root:rubyman
Jun 25 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590076 of user rubyman.
Jun 25 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30000]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590076.
Jun 25 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27059]: pam_unix(cron:session): session closed for user root
Jun 25 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29941]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28944]: pam_unix(cron:session): session closed for user root
Jun 25 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30410]: Successful su for rubyman by root
Jun 25 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30410]: + ??? root:rubyman
Jun 25 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590079 of user rubyman.
Jun 25 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30410]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590079.
Jun 25 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27483]: pam_unix(cron:session): session closed for user root
Jun 25 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30354]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29396]: pam_unix(cron:session): session closed for user root
Jun 25 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30756]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30821]: Successful su for rubyman by root
Jun 25 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30821]: + ??? root:rubyman
Jun 25 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590083 of user rubyman.
Jun 25 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30821]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590083.
Jun 25 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session closed for user root
Jun 25 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30759]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29943]: pam_unix(cron:session): session closed for user root
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31268]: pam_unix(cron:session): session closed for user root
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31263]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: Successful su for rubyman by root
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: + ??? root:rubyman
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590087 of user rubyman.
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31331]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590087.
Jun 25 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31265]: pam_unix(cron:session): session closed for user root
Jun 25 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28350]: pam_unix(cron:session): session closed for user root
Jun 25 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31264]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 12:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Failed password for root from 103.176.20.57 port 35310 ssh2
Jun 25 12:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Connection closed by 103.176.20.57 port 35310 [preauth]
Jun 25 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30356]: pam_unix(cron:session): session closed for user root
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31797]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31862]: Successful su for rubyman by root
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31862]: + ??? root:rubyman
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590093 of user rubyman.
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31862]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590093.
Jun 25 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28942]: pam_unix(cron:session): session closed for user root
Jun 25 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31798]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30761]: pam_unix(cron:session): session closed for user root
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session closed for user root
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32217]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32276]: Successful su for rubyman by root
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32276]: + ??? root:rubyman
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590098 of user rubyman.
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32276]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590098.
Jun 25 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29395]: pam_unix(cron:session): session closed for user root
Jun 25 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32218]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31267]: pam_unix(cron:session): session closed for user root
Jun 25 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32623]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32689]: Successful su for rubyman by root
Jun 25 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32689]: + ??? root:rubyman
Jun 25 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590103 of user rubyman.
Jun 25 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32689]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590103.
Jun 25 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29942]: pam_unix(cron:session): session closed for user root
Jun 25 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32624]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31800]: pam_unix(cron:session): session closed for user root
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[713]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[714]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[711]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[776]: Successful su for rubyman by root
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[776]: + ??? root:rubyman
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590106 of user rubyman.
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[776]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590106.
Jun 25 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30355]: pam_unix(cron:session): session closed for user root
Jun 25 12:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[712]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32220]: pam_unix(cron:session): session closed for user root
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1163]: pam_unix(cron:session): session closed for user root
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1158]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1232]: Successful su for rubyman by root
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1232]: + ??? root:rubyman
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590110 of user rubyman.
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1232]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590110.
Jun 25 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1160]: pam_unix(cron:session): session closed for user root
Jun 25 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30760]: pam_unix(cron:session): session closed for user root
Jun 25 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1159]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session closed for user root
Jun 25 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1743]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1819]: Successful su for rubyman by root
Jun 25 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1819]: + ??? root:rubyman
Jun 25 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590116 of user rubyman.
Jun 25 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1819]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590116.
Jun 25 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31266]: pam_unix(cron:session): session closed for user root
Jun 25 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[714]: pam_unix(cron:session): session closed for user root
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2235]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2298]: Successful su for rubyman by root
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2298]: + ??? root:rubyman
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590120 of user rubyman.
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2298]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590120.
Jun 25 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31799]: pam_unix(cron:session): session closed for user root
Jun 25 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2236]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: Received disconnect from 194.120.230.72 port 40460:11: disconnected by user [preauth]
Jun 25 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: Disconnected from 194.120.230.72 port 40460 [preauth]
Jun 25 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1162]: pam_unix(cron:session): session closed for user root
Jun 25 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Invalid user USERID from 141.98.83.240
Jun 25 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: input_userauth_request: invalid user USERID [preauth]
Jun 25 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Failed password for invalid user USERID from 141.98.83.240 port 11014 ssh2
Jun 25 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Failed password for invalid user USERID from 141.98.83.240 port 11014 ssh2
Jun 25 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Failed password for invalid user USERID from 141.98.83.240 port 11014 ssh2
Jun 25 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Connection closed by 141.98.83.240 port 11014 [preauth]
Jun 25 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2658]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2721]: Successful su for rubyman by root
Jun 25 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2721]: + ??? root:rubyman
Jun 25 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590125 of user rubyman.
Jun 25 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2721]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590125.
Jun 25 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32219]: pam_unix(cron:session): session closed for user root
Jun 25 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2659]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1747]: pam_unix(cron:session): session closed for user root
Jun 25 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3058]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3124]: Successful su for rubyman by root
Jun 25 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3124]: + ??? root:rubyman
Jun 25 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590128 of user rubyman.
Jun 25 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3124]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590128.
Jun 25 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session closed for user root
Jun 25 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3059]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Failed password for root from 87.251.79.125 port 47936 ssh2
Jun 25 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3300]: Connection closed by 87.251.79.125 port 47936 [preauth]
Jun 25 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 12:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Failed password for root from 103.172.78.219 port 49678 ssh2
Jun 25 12:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Connection closed by 103.172.78.219 port 49678 [preauth]
Jun 25 12:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2238]: pam_unix(cron:session): session closed for user root
Jun 25 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3463]: pam_unix(cron:session): session closed for user root
Jun 25 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3457]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3528]: Successful su for rubyman by root
Jun 25 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3528]: + ??? root:rubyman
Jun 25 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590135 of user rubyman.
Jun 25 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3528]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590135.
Jun 25 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3459]: pam_unix(cron:session): session closed for user root
Jun 25 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[713]: pam_unix(cron:session): session closed for user root
Jun 25 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3458]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2661]: pam_unix(cron:session): session closed for user root
Jun 25 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4084]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4149]: Successful su for rubyman by root
Jun 25 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4149]: + ??? root:rubyman
Jun 25 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590139 of user rubyman.
Jun 25 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4149]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590139.
Jun 25 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1161]: pam_unix(cron:session): session closed for user root
Jun 25 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4085]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3061]: pam_unix(cron:session): session closed for user root
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4495]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: Successful su for rubyman by root
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: + ??? root:rubyman
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590142 of user rubyman.
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590142.
Jun 25 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session closed for user root
Jun 25 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4496]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3462]: pam_unix(cron:session): session closed for user root
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5018]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5076]: Successful su for rubyman by root
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5076]: + ??? root:rubyman
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590146 of user rubyman.
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5076]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590146.
Jun 25 12:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2237]: pam_unix(cron:session): session closed for user root
Jun 25 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5019]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 25 12:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: Failed password for root from 46.19.67.181 port 41548 ssh2
Jun 25 12:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5292]: Connection closed by 46.19.67.181 port 41548 [preauth]
Jun 25 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session closed for user root
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5425]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5486]: Successful su for rubyman by root
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5486]: + ??? root:rubyman
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590150 of user rubyman.
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5486]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590150.
Jun 25 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2660]: pam_unix(cron:session): session closed for user root
Jun 25 12:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5426]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 12:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Failed password for root from 38.93.206.2 port 5694 ssh2
Jun 25 12:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Connection closed by 38.93.206.2 port 5694 [preauth]
Jun 25 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4498]: pam_unix(cron:session): session closed for user root
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5817]: pam_unix(cron:session): session closed for user root
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5809]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: Successful su for rubyman by root
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: + ??? root:rubyman
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590154 of user rubyman.
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590154.
Jun 25 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5813]: pam_unix(cron:session): session closed for user root
Jun 25 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3060]: pam_unix(cron:session): session closed for user root
Jun 25 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5810]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5021]: pam_unix(cron:session): session closed for user root
Jun 25 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Connection closed by 194.59.206.2 port 17730 [preauth]
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6240]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6304]: Successful su for rubyman by root
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6304]: + ??? root:rubyman
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590160 of user rubyman.
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6304]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590160.
Jun 25 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3460]: pam_unix(cron:session): session closed for user root
Jun 25 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6241]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 12:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: Failed password for root from 193.37.70.224 port 44394 ssh2
Jun 25 12:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: Connection closed by 193.37.70.224 port 44394 [preauth]
Jun 25 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5428]: pam_unix(cron:session): session closed for user root
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6635]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6699]: Successful su for rubyman by root
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6699]: + ??? root:rubyman
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590164 of user rubyman.
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6699]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590164.
Jun 25 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4086]: pam_unix(cron:session): session closed for user root
Jun 25 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6636]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 12:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Failed password for root from 103.27.238.120 port 48052 ssh2
Jun 25 12:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Connection closed by 103.27.238.120 port 48052 [preauth]
Jun 25 12:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 12:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Failed password for root from 202.178.126.219 port 10459 ssh2
Jun 25 12:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Connection closed by 202.178.126.219 port 10459 [preauth]
Jun 25 12:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5816]: pam_unix(cron:session): session closed for user root
Jun 25 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7147]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7214]: Successful su for rubyman by root
Jun 25 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7214]: + ??? root:rubyman
Jun 25 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590169 of user rubyman.
Jun 25 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7214]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590169.
Jun 25 12:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4497]: pam_unix(cron:session): session closed for user root
Jun 25 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7148]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 12:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Failed password for root from 103.153.68.219 port 53022 ssh2
Jun 25 12:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Connection closed by 103.153.68.219 port 53022 [preauth]
Jun 25 12:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6243]: pam_unix(cron:session): session closed for user root
Jun 25 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7545]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7625]: Successful su for rubyman by root
Jun 25 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7625]: + ??? root:rubyman
Jun 25 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590172 of user rubyman.
Jun 25 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7625]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590172.
Jun 25 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5020]: pam_unix(cron:session): session closed for user root
Jun 25 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7547]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: Failed password for root from 103.15.222.183 port 56100 ssh2
Jun 25 12:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: Connection closed by 103.15.222.183 port 56100 [preauth]
Jun 25 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6638]: pam_unix(cron:session): session closed for user root
Jun 25 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 12:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: Failed password for root from 147.45.199.80 port 58994 ssh2
Jun 25 12:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: Connection closed by 147.45.199.80 port 58994 [preauth]
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session closed for user root
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8102]: Successful su for rubyman by root
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8102]: + ??? root:rubyman
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590176 of user rubyman.
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8102]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590176.
Jun 25 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session closed for user root
Jun 25 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5427]: pam_unix(cron:session): session closed for user root
Jun 25 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 12:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Failed password for root from 62.133.62.83 port 33896 ssh2
Jun 25 12:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Connection closed by 62.133.62.83 port 33896 [preauth]
Jun 25 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7150]: pam_unix(cron:session): session closed for user root
Jun 25 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: Failed password for root from 193.46.255.86 port 29108 ssh2
Jun 25 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 29108 ssh2]
Jun 25 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: Connection closed by 193.46.255.86 port 29108 [preauth]
Jun 25 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8530]: Successful su for rubyman by root
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8530]: + ??? root:rubyman
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590182 of user rubyman.
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8530]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590182.
Jun 25 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5814]: pam_unix(cron:session): session closed for user root
Jun 25 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8459]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7549]: pam_unix(cron:session): session closed for user root
Jun 25 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8866]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8929]: Successful su for rubyman by root
Jun 25 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8929]: + ??? root:rubyman
Jun 25 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590186 of user rubyman.
Jun 25 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8929]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590186.
Jun 25 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6242]: pam_unix(cron:session): session closed for user root
Jun 25 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8868]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session closed for user root
Jun 25 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9259]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9323]: Successful su for rubyman by root
Jun 25 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9323]: + ??? root:rubyman
Jun 25 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590192 of user rubyman.
Jun 25 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9323]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590192.
Jun 25 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6637]: pam_unix(cron:session): session closed for user root
Jun 25 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9261]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 12:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: Failed password for root from 194.113.233.25 port 51338 ssh2
Jun 25 12:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: Connection closed by 194.113.233.25 port 51338 [preauth]
Jun 25 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8461]: pam_unix(cron:session): session closed for user root
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9650]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9647]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9762]: Successful su for rubyman by root
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9762]: + ??? root:rubyman
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590194 of user rubyman.
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9762]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590194.
Jun 25 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9645]: pam_unix(cron:session): session closed for user root
Jun 25 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7149]: pam_unix(cron:session): session closed for user root
Jun 25 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9648]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: Invalid user admin from 2.57.121.25
Jun 25 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: input_userauth_request: invalid user admin [preauth]
Jun 25 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 12:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: Failed password for invalid user admin from 2.57.121.25 port 23312 ssh2
Jun 25 12:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: Failed password for invalid user admin from 2.57.121.25 port 23312 ssh2
Jun 25 12:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: Failed password for invalid user admin from 2.57.121.25 port 23312 ssh2
Jun 25 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: Connection closed by 2.57.121.25 port 23312 [preauth]
Jun 25 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10310]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session closed for user root
Jun 25 12:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 12:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: Failed password for root from 109.237.96.109 port 39960 ssh2
Jun 25 12:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10402]: Connection closed by 109.237.96.109 port 39960 [preauth]
Jun 25 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10419]: pam_unix(cron:session): session closed for user root
Jun 25 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: Successful su for rubyman by root
Jun 25 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: + ??? root:rubyman
Jun 25 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590202 of user rubyman.
Jun 25 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590202.
Jun 25 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10416]: pam_unix(cron:session): session closed for user root
Jun 25 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7548]: pam_unix(cron:session): session closed for user root
Jun 25 12:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9263]: pam_unix(cron:session): session closed for user root
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10930]: Successful su for rubyman by root
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10930]: + ??? root:rubyman
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590206 of user rubyman.
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10930]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590206.
Jun 25 12:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session closed for user root
Jun 25 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10863]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9650]: pam_unix(cron:session): session closed for user root
Jun 25 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11279]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11276]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: Successful su for rubyman by root
Jun 25 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: + ??? root:rubyman
Jun 25 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590209 of user rubyman.
Jun 25 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590209.
Jun 25 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8460]: pam_unix(cron:session): session closed for user root
Jun 25 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11277]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10418]: pam_unix(cron:session): session closed for user root
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11683]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11760]: Successful su for rubyman by root
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11760]: + ??? root:rubyman
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590214 of user rubyman.
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11760]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590214.
Jun 25 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session closed for user root
Jun 25 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11684]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session closed for user root
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12143]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12209]: Successful su for rubyman by root
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12209]: + ??? root:rubyman
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590217 of user rubyman.
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12209]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590217.
Jun 25 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9262]: pam_unix(cron:session): session closed for user root
Jun 25 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12144]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11279]: pam_unix(cron:session): session closed for user root
Jun 25 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12670]: pam_unix(cron:session): session closed for user root
Jun 25 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12664]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12735]: Successful su for rubyman by root
Jun 25 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12735]: + ??? root:rubyman
Jun 25 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590223 of user rubyman.
Jun 25 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12735]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590223.
Jun 25 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session closed for user root
Jun 25 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9649]: pam_unix(cron:session): session closed for user root
Jun 25 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11686]: pam_unix(cron:session): session closed for user root
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: Successful su for rubyman by root
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: + ??? root:rubyman
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590229 of user rubyman.
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590229.
Jun 25 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10417]: pam_unix(cron:session): session closed for user root
Jun 25 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12146]: pam_unix(cron:session): session closed for user root
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13518]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13585]: Successful su for rubyman by root
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13585]: + ??? root:rubyman
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590231 of user rubyman.
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13585]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590231.
Jun 25 12:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session closed for user root
Jun 25 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13519]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12668]: pam_unix(cron:session): session closed for user root
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13929]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13930]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13927]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: Successful su for rubyman by root
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: + ??? root:rubyman
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590235 of user rubyman.
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590235.
Jun 25 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11278]: pam_unix(cron:session): session closed for user root
Jun 25 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13928]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13105]: pam_unix(cron:session): session closed for user root
Jun 25 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14315]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14375]: Successful su for rubyman by root
Jun 25 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14375]: + ??? root:rubyman
Jun 25 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590241 of user rubyman.
Jun 25 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14375]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590241.
Jun 25 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11685]: pam_unix(cron:session): session closed for user root
Jun 25 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 12:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 12:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13521]: pam_unix(cron:session): session closed for user root
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14797]: pam_unix(cron:session): session closed for user root
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14865]: Successful su for rubyman by root
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14865]: + ??? root:rubyman
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590243 of user rubyman.
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14865]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590243.
Jun 25 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14794]: pam_unix(cron:session): session closed for user root
Jun 25 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12145]: pam_unix(cron:session): session closed for user root
Jun 25 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14793]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13930]: pam_unix(cron:session): session closed for user root
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15239]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15307]: Successful su for rubyman by root
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15307]: + ??? root:rubyman
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590249 of user rubyman.
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15307]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590249.
Jun 25 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12667]: pam_unix(cron:session): session closed for user root
Jun 25 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15240]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 12:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Failed password for root from 141.98.83.240 port 53770 ssh2
Jun 25 12:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 53770 ssh2]
Jun 25 12:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Connection closed by 141.98.83.240 port 53770 [preauth]
Jun 25 12:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 12:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: Invalid user sysadm from 101.36.111.119
Jun 25 12:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: input_userauth_request: invalid user sysadm [preauth]
Jun 25 12:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 12:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 12:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: Failed password for invalid user sysadm from 101.36.111.119 port 38242 ssh2
Jun 25 12:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: Received disconnect from 101.36.111.119 port 38242:11: Bye Bye [preauth]
Jun 25 12:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: Disconnected from 101.36.111.119 port 38242 [preauth]
Jun 25 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session closed for user root
Jun 25 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Invalid user zabbix from 180.93.52.137
Jun 25 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: input_userauth_request: invalid user zabbix [preauth]
Jun 25 12:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 12:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.93.52.137
Jun 25 12:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Failed password for invalid user zabbix from 180.93.52.137 port 46164 ssh2
Jun 25 12:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Connection closed by 180.93.52.137 port 46164 [preauth]
Jun 25 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15691]: Successful su for rubyman by root
Jun 25 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15691]: + ??? root:rubyman
Jun 25 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590253 of user rubyman.
Jun 25 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15691]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590253.
Jun 25 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session closed for user root
Jun 25 12:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15631]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14796]: pam_unix(cron:session): session closed for user root
Jun 25 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16014]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16083]: Successful su for rubyman by root
Jun 25 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16083]: + ??? root:rubyman
Jun 25 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590259 of user rubyman.
Jun 25 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16083]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590259.
Jun 25 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13520]: pam_unix(cron:session): session closed for user root
Jun 25 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16015]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session closed for user root
Jun 25 12:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 25 12:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Failed password for root from 147.45.211.215 port 55546 ssh2
Jun 25 12:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Connection closed by 147.45.211.215 port 55546 [preauth]
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16406]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16471]: Successful su for rubyman by root
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16471]: + ??? root:rubyman
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590262 of user rubyman.
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16471]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590262.
Jun 25 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13929]: pam_unix(cron:session): session closed for user root
Jun 25 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16407]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15633]: pam_unix(cron:session): session closed for user root
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16806]: pam_unix(cron:session): session closed for user root
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16909]: Successful su for rubyman by root
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16909]: + ??? root:rubyman
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590269 of user rubyman.
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16909]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590269.
Jun 25 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session closed for user root
Jun 25 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session closed for user root
Jun 25 12:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: Did not receive identification string from 118.26.110.171
Jun 25 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16017]: pam_unix(cron:session): session closed for user root
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17331]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17406]: Successful su for rubyman by root
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17406]: + ??? root:rubyman
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590273 of user rubyman.
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17406]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590273.
Jun 25 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14795]: pam_unix(cron:session): session closed for user root
Jun 25 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17332]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16409]: pam_unix(cron:session): session closed for user root
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17838]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17910]: Successful su for rubyman by root
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17910]: + ??? root:rubyman
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590275 of user rubyman.
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17910]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590275.
Jun 25 12:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15241]: pam_unix(cron:session): session closed for user root
Jun 25 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17839]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 12:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Failed password for root from 66.116.205.19 port 51378 ssh2
Jun 25 12:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Received disconnect from 66.116.205.19 port 51378:11: Bye Bye [preauth]
Jun 25 12:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Disconnected from 66.116.205.19 port 51378 [preauth]
Jun 25 12:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session closed for user root
Jun 25 12:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 12:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 12:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Failed password for root from 80.66.85.226 port 40574 ssh2
Jun 25 12:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Connection closed by 80.66.85.226 port 40574 [preauth]
Jun 25 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18266]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18336]: Successful su for rubyman by root
Jun 25 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18336]: + ??? root:rubyman
Jun 25 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590281 of user rubyman.
Jun 25 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18336]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590281.
Jun 25 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15632]: pam_unix(cron:session): session closed for user root
Jun 25 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18267]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session closed for user root
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18763]: pam_unix(cron:session): session closed for user p13x
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18841]: Successful su for rubyman by root
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18841]: + ??? root:rubyman
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590286 of user rubyman.
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18841]: pam_unix(su:session): session closed for user rubyman
Jun 25 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590286.
Jun 25 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16016]: pam_unix(cron:session): session closed for user root
Jun 25 12:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18764]: pam_unix(cron:session): session closed for user samftp
Jun 25 12:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17841]: pam_unix(cron:session): session closed for user root
Jun 25 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19283]: pam_unix(cron:session): session closed for user root
Jun 25 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session closed for user root
Jun 25 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19280]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19375]: Successful su for rubyman by root
Jun 25 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19375]: + ??? root:rubyman
Jun 25 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590287 of user rubyman.
Jun 25 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19375]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590287.
Jun 25 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16408]: pam_unix(cron:session): session closed for user root
Jun 25 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19284]: pam_unix(cron:session): session closed for user root
Jun 25 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19281]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18270]: pam_unix(cron:session): session closed for user root
Jun 25 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: Connection closed by 45.148.10.121 port 37436 [preauth]
Jun 25 13:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Failed password for root from 113.201.65.26 port 37810 ssh2
Jun 25 13:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Received disconnect from 113.201.65.26 port 37810:11: Bye Bye [preauth]
Jun 25 13:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Disconnected from 113.201.65.26 port 37810 [preauth]
Jun 25 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19996]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: Successful su for rubyman by root
Jun 25 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: + ??? root:rubyman
Jun 25 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590295 of user rubyman.
Jun 25 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590295.
Jun 25 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session closed for user root
Jun 25 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19997]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18767]: pam_unix(cron:session): session closed for user root
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20504]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20565]: Successful su for rubyman by root
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20565]: + ??? root:rubyman
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590299 of user rubyman.
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20565]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590299.
Jun 25 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session closed for user root
Jun 25 13:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20505]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: Invalid user frappeuser from 101.36.111.119
Jun 25 13:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: input_userauth_request: invalid user frappeuser [preauth]
Jun 25 13:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: Failed password for invalid user frappeuser from 101.36.111.119 port 40112 ssh2
Jun 25 13:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: Received disconnect from 101.36.111.119 port 40112:11: Bye Bye [preauth]
Jun 25 13:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20850]: Disconnected from 101.36.111.119 port 40112 [preauth]
Jun 25 13:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19286]: pam_unix(cron:session): session closed for user root
Jun 25 13:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 13:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Failed password for root from 103.27.238.114 port 39474 ssh2
Jun 25 13:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Connection closed by 103.27.238.114 port 39474 [preauth]
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21067]: Successful su for rubyman by root
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21067]: + ??? root:rubyman
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590302 of user rubyman.
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21067]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590302.
Jun 25 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17840]: pam_unix(cron:session): session closed for user root
Jun 25 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21003]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21287]: Invalid user appuser from 66.116.205.19
Jun 25 13:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21287]: input_userauth_request: invalid user appuser [preauth]
Jun 25 13:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21287]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21287]: Failed password for invalid user appuser from 66.116.205.19 port 40166 ssh2
Jun 25 13:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21287]: Received disconnect from 66.116.205.19 port 40166:11: Bye Bye [preauth]
Jun 25 13:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21287]: Disconnected from 66.116.205.19 port 40166 [preauth]
Jun 25 13:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 13:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 13:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19999]: pam_unix(cron:session): session closed for user root
Jun 25 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: Successful su for rubyman by root
Jun 25 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: + ??? root:rubyman
Jun 25 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590308 of user rubyman.
Jun 25 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590308.
Jun 25 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18268]: pam_unix(cron:session): session closed for user root
Jun 25 13:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Invalid user alice from 113.201.65.26
Jun 25 13:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: input_userauth_request: invalid user alice [preauth]
Jun 25 13:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Failed password for invalid user alice from 113.201.65.26 port 51662 ssh2
Jun 25 13:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Received disconnect from 113.201.65.26 port 51662:11: Bye Bye [preauth]
Jun 25 13:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Disconnected from 113.201.65.26 port 51662 [preauth]
Jun 25 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: Failed password for root from 101.36.111.119 port 43230 ssh2
Jun 25 13:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: Received disconnect from 101.36.111.119 port 43230:11: Bye Bye [preauth]
Jun 25 13:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: Disconnected from 101.36.111.119 port 43230 [preauth]
Jun 25 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20507]: pam_unix(cron:session): session closed for user root
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21856]: pam_unix(cron:session): session closed for user root
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21851]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: Successful su for rubyman by root
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: + ??? root:rubyman
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590310 of user rubyman.
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590310.
Jun 25 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21853]: pam_unix(cron:session): session closed for user root
Jun 25 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18766]: pam_unix(cron:session): session closed for user root
Jun 25 13:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21852]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21005]: pam_unix(cron:session): session closed for user root
Jun 25 13:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: Failed password for root from 66.116.205.19 port 43228 ssh2
Jun 25 13:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: Received disconnect from 66.116.205.19 port 43228:11: Bye Bye [preauth]
Jun 25 13:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22239]: Disconnected from 66.116.205.19 port 43228 [preauth]
Jun 25 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22293]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22448]: Successful su for rubyman by root
Jun 25 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22448]: + ??? root:rubyman
Jun 25 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590318 of user rubyman.
Jun 25 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22448]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590318.
Jun 25 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19285]: pam_unix(cron:session): session closed for user root
Jun 25 13:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Invalid user sandeep from 113.201.65.26
Jun 25 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: input_userauth_request: invalid user sandeep [preauth]
Jun 25 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Failed password for invalid user sandeep from 113.201.65.26 port 57378 ssh2
Jun 25 13:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Received disconnect from 113.201.65.26 port 57378:11: Bye Bye [preauth]
Jun 25 13:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Disconnected from 113.201.65.26 port 57378 [preauth]
Jun 25 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session closed for user root
Jun 25 13:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: Invalid user erpuser from 101.36.111.119
Jun 25 13:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: input_userauth_request: invalid user erpuser [preauth]
Jun 25 13:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: Failed password for invalid user erpuser from 101.36.111.119 port 58474 ssh2
Jun 25 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: Received disconnect from 101.36.111.119 port 58474:11: Bye Bye [preauth]
Jun 25 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22735]: Disconnected from 101.36.111.119 port 58474 [preauth]
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22796]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22862]: Successful su for rubyman by root
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22862]: + ??? root:rubyman
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590321 of user rubyman.
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22862]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590321.
Jun 25 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19998]: pam_unix(cron:session): session closed for user root
Jun 25 13:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22797]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21855]: pam_unix(cron:session): session closed for user root
Jun 25 13:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: Invalid user gitlabuser from 113.201.65.26
Jun 25 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: input_userauth_request: invalid user gitlabuser [preauth]
Jun 25 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23178]: Failed password for root from 66.116.205.19 port 33902 ssh2
Jun 25 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23178]: Received disconnect from 66.116.205.19 port 33902:11: Bye Bye [preauth]
Jun 25 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23178]: Disconnected from 66.116.205.19 port 33902 [preauth]
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23193]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23266]: Successful su for rubyman by root
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23266]: + ??? root:rubyman
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590326 of user rubyman.
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23266]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590326.
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: Failed password for invalid user gitlabuser from 113.201.65.26 port 34854 ssh2
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: Received disconnect from 113.201.65.26 port 34854:11: Bye Bye [preauth]
Jun 25 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23189]: Disconnected from 113.201.65.26 port 34854 [preauth]
Jun 25 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20506]: pam_unix(cron:session): session closed for user root
Jun 25 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23194]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session closed for user root
Jun 25 13:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: Failed password for root from 101.36.111.119 port 47584 ssh2
Jun 25 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: Received disconnect from 101.36.111.119 port 47584:11: Bye Bye [preauth]
Jun 25 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23585]: Disconnected from 101.36.111.119 port 47584 [preauth]
Jun 25 13:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 13:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: Failed password for root from 103.149.28.157 port 52690 ssh2
Jun 25 13:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: Connection closed by 103.149.28.157 port 52690 [preauth]
Jun 25 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23761]: Successful su for rubyman by root
Jun 25 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23761]: + ??? root:rubyman
Jun 25 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590329 of user rubyman.
Jun 25 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23761]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590329.
Jun 25 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session closed for user root
Jun 25 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21004]: pam_unix(cron:session): session closed for user root
Jun 25 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22799]: pam_unix(cron:session): session closed for user root
Jun 25 13:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: Received disconnect from 185.28.37.194 port 57674:11: disconnected by user [preauth]
Jun 25 13:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: Disconnected from 185.28.37.194 port 57674 [preauth]
Jun 25 13:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Failed password for root from 113.201.65.26 port 40548 ssh2
Jun 25 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Received disconnect from 113.201.65.26 port 40548:11: Bye Bye [preauth]
Jun 25 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Disconnected from 113.201.65.26 port 40548 [preauth]
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session closed for user root
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24245]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24328]: Successful su for rubyman by root
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24328]: + ??? root:rubyman
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590337 of user rubyman.
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24328]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590337.
Jun 25 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24248]: pam_unix(cron:session): session closed for user root
Jun 25 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21416]: pam_unix(cron:session): session closed for user root
Jun 25 13:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24246]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Invalid user sshuser from 66.116.205.19
Jun 25 13:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: input_userauth_request: invalid user sshuser [preauth]
Jun 25 13:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Failed password for invalid user sshuser from 66.116.205.19 port 59590 ssh2
Jun 25 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Received disconnect from 66.116.205.19 port 59590:11: Bye Bye [preauth]
Jun 25 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Disconnected from 66.116.205.19 port 59590 [preauth]
Jun 25 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23196]: pam_unix(cron:session): session closed for user root
Jun 25 13:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Invalid user rayne from 2.57.121.112
Jun 25 13:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: input_userauth_request: invalid user rayne [preauth]
Jun 25 13:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 13:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Failed password for invalid user rayne from 2.57.121.112 port 3192 ssh2
Jun 25 13:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Failed password for invalid user rayne from 2.57.121.112 port 3192 ssh2
Jun 25 13:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Failed password for invalid user rayne from 2.57.121.112 port 3192 ssh2
Jun 25 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Invalid user user01 from 101.36.111.119
Jun 25 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: input_userauth_request: invalid user user01 [preauth]
Jun 25 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Failed password for invalid user rayne from 2.57.121.112 port 3192 ssh2
Jun 25 13:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: Connection closed by 2.57.121.112 port 3192 [preauth]
Jun 25 13:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 13:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24682]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 13:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Invalid user rayne from 2.57.121.112
Jun 25 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: input_userauth_request: invalid user rayne [preauth]
Jun 25 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Failed password for invalid user user01 from 101.36.111.119 port 35946 ssh2
Jun 25 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Received disconnect from 101.36.111.119 port 35946:11: Bye Bye [preauth]
Jun 25 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Disconnected from 101.36.111.119 port 35946 [preauth]
Jun 25 13:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Failed password for invalid user rayne from 2.57.121.112 port 21552 ssh2
Jun 25 13:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Connection closed by 2.57.121.112 port 21552 [preauth]
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24717]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24789]: Successful su for rubyman by root
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24789]: + ??? root:rubyman
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590339 of user rubyman.
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24789]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590339.
Jun 25 13:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21854]: pam_unix(cron:session): session closed for user root
Jun 25 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24718]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session closed for user root
Jun 25 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: Failed password for root from 113.201.65.26 port 46244 ssh2
Jun 25 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: Received disconnect from 113.201.65.26 port 46244:11: Bye Bye [preauth]
Jun 25 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: Disconnected from 113.201.65.26 port 46244 [preauth]
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25124]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: Successful su for rubyman by root
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: + ??? root:rubyman
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590344 of user rubyman.
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590344.
Jun 25 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session closed for user root
Jun 25 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25125]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Failed password for root from 103.82.132.16 port 44174 ssh2
Jun 25 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Connection closed by 103.82.132.16 port 44174 [preauth]
Jun 25 13:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: Failed password for root from 66.116.205.19 port 48842 ssh2
Jun 25 13:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: Received disconnect from 66.116.205.19 port 48842:11: Bye Bye [preauth]
Jun 25 13:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: Disconnected from 66.116.205.19 port 48842 [preauth]
Jun 25 13:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24253]: pam_unix(cron:session): session closed for user root
Jun 25 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25513]: Invalid user alice from 101.36.111.119
Jun 25 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25513]: input_userauth_request: invalid user alice [preauth]
Jun 25 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25513]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25513]: Failed password for invalid user alice from 101.36.111.119 port 44072 ssh2
Jun 25 13:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25513]: Received disconnect from 101.36.111.119 port 44072:11: Bye Bye [preauth]
Jun 25 13:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25513]: Disconnected from 101.36.111.119 port 44072 [preauth]
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25587]: Successful su for rubyman by root
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25587]: + ??? root:rubyman
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590347 of user rubyman.
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25587]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590347.
Jun 25 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22798]: pam_unix(cron:session): session closed for user root
Jun 25 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Failed password for root from 113.201.65.26 port 51934 ssh2
Jun 25 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Received disconnect from 113.201.65.26 port 51934:11: Bye Bye [preauth]
Jun 25 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Disconnected from 113.201.65.26 port 51934 [preauth]
Jun 25 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24720]: pam_unix(cron:session): session closed for user root
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: Successful su for rubyman by root
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: + ??? root:rubyman
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590351 of user rubyman.
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590351.
Jun 25 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23195]: pam_unix(cron:session): session closed for user root
Jun 25 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session closed for user root
Jun 25 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Failed password for root from 66.116.205.19 port 42924 ssh2
Jun 25 13:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Received disconnect from 66.116.205.19 port 42924:11: Bye Bye [preauth]
Jun 25 13:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Disconnected from 66.116.205.19 port 42924 [preauth]
Jun 25 13:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 13:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: Failed password for root from 77.94.47.83 port 53824 ssh2
Jun 25 13:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: Connection closed by 77.94.47.83 port 53824 [preauth]
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26314]: pam_unix(cron:session): session closed for user root
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26386]: Successful su for rubyman by root
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26386]: + ??? root:rubyman
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590358 of user rubyman.
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26386]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590358.
Jun 25 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26373]: Invalid user hafiz from 101.36.111.119
Jun 25 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26373]: input_userauth_request: invalid user hafiz [preauth]
Jun 25 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26373]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26373]: Failed password for invalid user hafiz from 101.36.111.119 port 56422 ssh2
Jun 25 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26373]: Received disconnect from 101.36.111.119 port 56422:11: Bye Bye [preauth]
Jun 25 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26373]: Disconnected from 101.36.111.119 port 56422 [preauth]
Jun 25 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session closed for user root
Jun 25 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session closed for user root
Jun 25 13:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: Failed password for root from 113.201.65.26 port 57628 ssh2
Jun 25 13:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: Received disconnect from 113.201.65.26 port 57628:11: Bye Bye [preauth]
Jun 25 13:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: Disconnected from 113.201.65.26 port 57628 [preauth]
Jun 25 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session closed for user root
Jun 25 13:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26802]: Received disconnect from 178.73.210.62 port 49926:11: disconnected by user [preauth]
Jun 25 13:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26802]: Disconnected from 178.73.210.62 port 49926 [preauth]
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26830]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26895]: Successful su for rubyman by root
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26895]: + ??? root:rubyman
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590361 of user rubyman.
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26895]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590361.
Jun 25 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session closed for user root
Jun 25 13:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26831]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session closed for user root
Jun 25 13:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Failed password for root from 66.116.205.19 port 43958 ssh2
Jun 25 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Received disconnect from 66.116.205.19 port 43958:11: Bye Bye [preauth]
Jun 25 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Disconnected from 66.116.205.19 port 43958 [preauth]
Jun 25 13:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Invalid user frappeuser from 113.201.65.26
Jun 25 13:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: input_userauth_request: invalid user frappeuser [preauth]
Jun 25 13:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Failed password for invalid user frappeuser from 113.201.65.26 port 35090 ssh2
Jun 25 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Received disconnect from 113.201.65.26 port 35090:11: Bye Bye [preauth]
Jun 25 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Disconnected from 113.201.65.26 port 35090 [preauth]
Jun 25 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27244]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27239]: pam_unix(cron:session): session closed for user root
Jun 25 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27241]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27319]: Successful su for rubyman by root
Jun 25 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27319]: + ??? root:rubyman
Jun 25 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590365 of user rubyman.
Jun 25 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27319]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590365.
Jun 25 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24719]: pam_unix(cron:session): session closed for user root
Jun 25 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27242]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Failed password for root from 101.36.111.119 port 53326 ssh2
Jun 25 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Received disconnect from 101.36.111.119 port 53326:11: Bye Bye [preauth]
Jun 25 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Disconnected from 101.36.111.119 port 53326 [preauth]
Jun 25 13:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26313]: pam_unix(cron:session): session closed for user root
Jun 25 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27659]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: Successful su for rubyman by root
Jun 25 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: + ??? root:rubyman
Jun 25 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590372 of user rubyman.
Jun 25 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590372.
Jun 25 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25126]: pam_unix(cron:session): session closed for user root
Jun 25 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27660]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: Failed password for root from 38.93.206.2 port 8382 ssh2
Jun 25 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: Connection closed by 38.93.206.2 port 8382 [preauth]
Jun 25 13:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 13:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 13:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26833]: pam_unix(cron:session): session closed for user root
Jun 25 13:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Invalid user rahim from 113.201.65.26
Jun 25 13:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: input_userauth_request: invalid user rahim [preauth]
Jun 25 13:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Failed password for invalid user rahim from 113.201.65.26 port 40792 ssh2
Jun 25 13:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Received disconnect from 113.201.65.26 port 40792:11: Bye Bye [preauth]
Jun 25 13:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Disconnected from 113.201.65.26 port 40792 [preauth]
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28136]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28200]: Successful su for rubyman by root
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28200]: + ??? root:rubyman
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590375 of user rubyman.
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28200]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590375.
Jun 25 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Invalid user squid from 66.116.205.19
Jun 25 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: input_userauth_request: invalid user squid [preauth]
Jun 25 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25528]: pam_unix(cron:session): session closed for user root
Jun 25 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28137]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Failed password for invalid user squid from 66.116.205.19 port 60680 ssh2
Jun 25 13:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Received disconnect from 66.116.205.19 port 60680:11: Bye Bye [preauth]
Jun 25 13:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Disconnected from 66.116.205.19 port 60680 [preauth]
Jun 25 13:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28430]: Failed password for root from 101.36.111.119 port 49604 ssh2
Jun 25 13:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28430]: Received disconnect from 101.36.111.119 port 49604:11: Bye Bye [preauth]
Jun 25 13:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28430]: Disconnected from 101.36.111.119 port 49604 [preauth]
Jun 25 13:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27244]: pam_unix(cron:session): session closed for user root
Jun 25 13:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: Invalid user alice from 141.98.83.240
Jun 25 13:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: input_userauth_request: invalid user alice [preauth]
Jun 25 13:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 13:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: Failed password for invalid user alice from 141.98.83.240 port 38556 ssh2
Jun 25 13:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: Failed password for invalid user alice from 141.98.83.240 port 38556 ssh2
Jun 25 13:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: Failed password for invalid user alice from 141.98.83.240 port 38556 ssh2
Jun 25 13:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: Connection closed by 141.98.83.240 port 38556 [preauth]
Jun 25 13:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28480]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28541]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28542]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28544]: pam_unix(cron:session): session closed for user root
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28539]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28695]: Successful su for rubyman by root
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28695]: + ??? root:rubyman
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590378 of user rubyman.
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28695]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590378.
Jun 25 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session closed for user root
Jun 25 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28541]: pam_unix(cron:session): session closed for user root
Jun 25 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Failed password for root from 51.250.105.222 port 49178 ssh2
Jun 25 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Connection closed by 51.250.105.222 port 49178 [preauth]
Jun 25 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28540]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: Invalid user admin from 45.148.10.121
Jun 25 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: input_userauth_request: invalid user admin [preauth]
Jun 25 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 13:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: Failed password for invalid user admin from 45.148.10.121 port 54290 ssh2
Jun 25 13:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: Connection closed by 45.148.10.121 port 54290 [preauth]
Jun 25 13:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 13:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28953]: Failed password for root from 103.82.20.28 port 59938 ssh2
Jun 25 13:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28953]: Connection closed by 103.82.20.28 port 59938 [preauth]
Jun 25 13:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: Invalid user exam from 113.201.65.26
Jun 25 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: input_userauth_request: invalid user exam [preauth]
Jun 25 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: Failed password for invalid user exam from 113.201.65.26 port 46492 ssh2
Jun 25 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: Received disconnect from 113.201.65.26 port 46492:11: Bye Bye [preauth]
Jun 25 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28986]: Disconnected from 113.201.65.26 port 46492 [preauth]
Jun 25 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27662]: pam_unix(cron:session): session closed for user root
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29083]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29155]: Successful su for rubyman by root
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29155]: + ??? root:rubyman
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590386 of user rubyman.
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29155]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590386.
Jun 25 13:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session closed for user root
Jun 25 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29084]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: Failed password for root from 66.116.205.19 port 54230 ssh2
Jun 25 13:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: Received disconnect from 66.116.205.19 port 54230:11: Bye Bye [preauth]
Jun 25 13:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: Disconnected from 66.116.205.19 port 54230 [preauth]
Jun 25 13:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Invalid user exam from 101.36.111.119
Jun 25 13:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: input_userauth_request: invalid user exam [preauth]
Jun 25 13:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28139]: pam_unix(cron:session): session closed for user root
Jun 25 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Failed password for invalid user exam from 101.36.111.119 port 32908 ssh2
Jun 25 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Received disconnect from 101.36.111.119 port 32908:11: Bye Bye [preauth]
Jun 25 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Disconnected from 101.36.111.119 port 32908 [preauth]
Jun 25 13:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29522]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29512]: Failed password for root from 103.27.238.116 port 35542 ssh2
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29512]: Connection closed by 103.27.238.116 port 35542 [preauth]
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: Successful su for rubyman by root
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: + ??? root:rubyman
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590390 of user rubyman.
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590390.
Jun 25 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26832]: pam_unix(cron:session): session closed for user root
Jun 25 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Failed password for root from 113.201.65.26 port 52190 ssh2
Jun 25 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Received disconnect from 113.201.65.26 port 52190:11: Bye Bye [preauth]
Jun 25 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Disconnected from 113.201.65.26 port 52190 [preauth]
Jun 25 13:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28543]: pam_unix(cron:session): session closed for user root
Jun 25 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30045]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30114]: Successful su for rubyman by root
Jun 25 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30114]: + ??? root:rubyman
Jun 25 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590392 of user rubyman.
Jun 25 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30114]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590392.
Jun 25 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session closed for user root
Jun 25 13:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30046]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29086]: pam_unix(cron:session): session closed for user root
Jun 25 13:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: Invalid user exam from 66.116.205.19
Jun 25 13:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: input_userauth_request: invalid user exam [preauth]
Jun 25 13:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: Failed password for invalid user exam from 66.116.205.19 port 46762 ssh2
Jun 25 13:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: Received disconnect from 66.116.205.19 port 46762:11: Bye Bye [preauth]
Jun 25 13:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30399]: Disconnected from 66.116.205.19 port 46762 [preauth]
Jun 25 13:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: Invalid user sshuser from 101.36.111.119
Jun 25 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: input_userauth_request: invalid user sshuser [preauth]
Jun 25 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: Failed password for invalid user sshuser from 101.36.111.119 port 36858 ssh2
Jun 25 13:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: Received disconnect from 101.36.111.119 port 36858:11: Bye Bye [preauth]
Jun 25 13:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: Disconnected from 101.36.111.119 port 36858 [preauth]
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30461]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30526]: Successful su for rubyman by root
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30526]: + ??? root:rubyman
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590396 of user rubyman.
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30526]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590396.
Jun 25 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27661]: pam_unix(cron:session): session closed for user root
Jun 25 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30462]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Failed password for root from 113.201.65.26 port 57892 ssh2
Jun 25 13:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Received disconnect from 113.201.65.26 port 57892:11: Bye Bye [preauth]
Jun 25 13:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Disconnected from 113.201.65.26 port 57892 [preauth]
Jun 25 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29525]: pam_unix(cron:session): session closed for user root
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session closed for user root
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30877]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31054]: Successful su for rubyman by root
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31054]: + ??? root:rubyman
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590402 of user rubyman.
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31054]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590402.
Jun 25 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30879]: pam_unix(cron:session): session closed for user root
Jun 25 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28138]: pam_unix(cron:session): session closed for user root
Jun 25 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30878]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30051]: pam_unix(cron:session): session closed for user root
Jun 25 13:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Invalid user alice from 66.116.205.19
Jun 25 13:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: input_userauth_request: invalid user alice [preauth]
Jun 25 13:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Failed password for invalid user alice from 66.116.205.19 port 55044 ssh2
Jun 25 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Received disconnect from 66.116.205.19 port 55044:11: Bye Bye [preauth]
Jun 25 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Disconnected from 66.116.205.19 port 55044 [preauth]
Jun 25 13:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Failed password for root from 101.36.111.119 port 41578 ssh2
Jun 25 13:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Received disconnect from 101.36.111.119 port 41578:11: Bye Bye [preauth]
Jun 25 13:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Disconnected from 101.36.111.119 port 41578 [preauth]
Jun 25 13:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: Failed password for root from 113.201.65.26 port 35352 ssh2
Jun 25 13:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: Received disconnect from 113.201.65.26 port 35352:11: Bye Bye [preauth]
Jun 25 13:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: Disconnected from 113.201.65.26 port 35352 [preauth]
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31489]: Successful su for rubyman by root
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31489]: + ??? root:rubyman
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590407 of user rubyman.
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31489]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590407.
Jun 25 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28542]: pam_unix(cron:session): session closed for user root
Jun 25 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31419]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30466]: pam_unix(cron:session): session closed for user root
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31923]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31994]: Successful su for rubyman by root
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31994]: + ??? root:rubyman
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590410 of user rubyman.
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31994]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590410.
Jun 25 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29085]: pam_unix(cron:session): session closed for user root
Jun 25 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31924]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Did not receive identification string from 91.92.40.13
Jun 25 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session closed for user root
Jun 25 13:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Invalid user be from 113.201.65.26
Jun 25 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: input_userauth_request: invalid user be [preauth]
Jun 25 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Failed password for invalid user be from 113.201.65.26 port 41046 ssh2
Jun 25 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Received disconnect from 113.201.65.26 port 41046:11: Bye Bye [preauth]
Jun 25 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Disconnected from 113.201.65.26 port 41046 [preauth]
Jun 25 13:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Invalid user gitlabuser from 101.36.111.119
Jun 25 13:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: input_userauth_request: invalid user gitlabuser [preauth]
Jun 25 13:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Failed password for invalid user gitlabuser from 101.36.111.119 port 34112 ssh2
Jun 25 13:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Received disconnect from 101.36.111.119 port 34112:11: Bye Bye [preauth]
Jun 25 13:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Disconnected from 101.36.111.119 port 34112 [preauth]
Jun 25 13:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: Failed password for root from 66.116.205.19 port 50860 ssh2
Jun 25 13:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: Received disconnect from 66.116.205.19 port 50860:11: Bye Bye [preauth]
Jun 25 13:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32321]: Disconnected from 66.116.205.19 port 50860 [preauth]
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32339]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32410]: Successful su for rubyman by root
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32410]: + ??? root:rubyman
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590414 of user rubyman.
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32410]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590414.
Jun 25 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session closed for user root
Jun 25 13:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32340]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31423]: pam_unix(cron:session): session closed for user root
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[353]: Successful su for rubyman by root
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[353]: + ??? root:rubyman
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590420 of user rubyman.
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[353]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590420.
Jun 25 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30047]: pam_unix(cron:session): session closed for user root
Jun 25 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: User ftp from 193.46.255.86 not allowed because not listed in AllowUsers
Jun 25 13:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: input_userauth_request: invalid user ftp [preauth]
Jun 25 13:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=ftp
Jun 25 13:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: Failed password for invalid user ftp from 193.46.255.86 port 9920 ssh2
Jun 25 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: message repeated 2 times: [ Failed password for invalid user ftp from 193.46.255.86 port 9920 ssh2]
Jun 25 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: Connection closed by 193.46.255.86 port 9920 [preauth]
Jun 25 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=ftp
Jun 25 13:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: Invalid user ubuntu from 113.201.65.26
Jun 25 13:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 13:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: Failed password for invalid user ubuntu from 113.201.65.26 port 46742 ssh2
Jun 25 13:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: Received disconnect from 113.201.65.26 port 46742:11: Bye Bye [preauth]
Jun 25 13:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: Disconnected from 113.201.65.26 port 46742 [preauth]
Jun 25 13:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31926]: pam_unix(cron:session): session closed for user root
Jun 25 13:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: Failed password for root from 91.92.40.13 port 47022 ssh2
Jun 25 13:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[836]: Connection closed by 91.92.40.13 port 47022 [preauth]
Jun 25 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[855]: pam_unix(cron:session): session closed for user root
Jun 25 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[849]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[927]: Successful su for rubyman by root
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[927]: + ??? root:rubyman
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590423 of user rubyman.
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[927]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590423.
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: Invalid user ubuntu from 101.36.111.119
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: Failed password for invalid user ubuntu from 101.36.111.119 port 41734 ssh2
Jun 25 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[851]: pam_unix(cron:session): session closed for user root
Jun 25 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session closed for user root
Jun 25 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: Received disconnect from 101.36.111.119 port 41734:11: Bye Bye [preauth]
Jun 25 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: Disconnected from 101.36.111.119 port 41734 [preauth]
Jun 25 13:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[850]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Did not receive identification string from 3.16.148.58
Jun 25 13:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Invalid user erpuser from 66.116.205.19
Jun 25 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: input_userauth_request: invalid user erpuser [preauth]
Jun 25 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Failed password for invalid user erpuser from 66.116.205.19 port 41940 ssh2
Jun 25 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Received disconnect from 66.116.205.19 port 41940:11: Bye Bye [preauth]
Jun 25 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Disconnected from 66.116.205.19 port 41940 [preauth]
Jun 25 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32343]: pam_unix(cron:session): session closed for user root
Jun 25 13:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: Connection closed by 194.59.206.2 port 63132 [preauth]
Jun 25 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1357]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1463]: Successful su for rubyman by root
Jun 25 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1463]: + ??? root:rubyman
Jun 25 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590428 of user rubyman.
Jun 25 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1463]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590428.
Jun 25 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30880]: pam_unix(cron:session): session closed for user root
Jun 25 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for root from 113.201.65.26 port 52444 ssh2
Jun 25 13:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Received disconnect from 113.201.65.26 port 52444:11: Bye Bye [preauth]
Jun 25 13:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Disconnected from 113.201.65.26 port 52444 [preauth]
Jun 25 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32760]: pam_unix(cron:session): session closed for user root
Jun 25 13:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Failed password for root from 103.77.175.15 port 37418 ssh2
Jun 25 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1877]: Connection closed by 103.77.175.15 port 37418 [preauth]
Jun 25 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1879]: Failed password for root from 103.122.221.179 port 60268 ssh2
Jun 25 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1879]: Connection closed by 103.122.221.179 port 60268 [preauth]
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1929]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1925]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2016]: Successful su for rubyman by root
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2016]: + ??? root:rubyman
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590433 of user rubyman.
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2016]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590433.
Jun 25 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31420]: pam_unix(cron:session): session closed for user root
Jun 25 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1927]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Failed password for root from 101.36.111.119 port 46648 ssh2
Jun 25 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Received disconnect from 101.36.111.119 port 46648:11: Bye Bye [preauth]
Jun 25 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Disconnected from 101.36.111.119 port 46648 [preauth]
Jun 25 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: Failed password for root from 91.92.40.13 port 59838 ssh2
Jun 25 13:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: Connection closed by 91.92.40.13 port 59838 [preauth]
Jun 25 13:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Invalid user user01 from 66.116.205.19
Jun 25 13:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: input_userauth_request: invalid user user01 [preauth]
Jun 25 13:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Failed password for invalid user user01 from 66.116.205.19 port 59052 ssh2
Jun 25 13:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Received disconnect from 66.116.205.19 port 59052:11: Bye Bye [preauth]
Jun 25 13:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Disconnected from 66.116.205.19 port 59052 [preauth]
Jun 25 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session closed for user root
Jun 25 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2396]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2458]: Successful su for rubyman by root
Jun 25 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2458]: + ??? root:rubyman
Jun 25 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590436 of user rubyman.
Jun 25 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2458]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590436.
Jun 25 13:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31925]: pam_unix(cron:session): session closed for user root
Jun 25 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Invalid user admin from 113.201.65.26
Jun 25 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: input_userauth_request: invalid user admin [preauth]
Jun 25 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2397]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Failed password for invalid user admin from 113.201.65.26 port 58146 ssh2
Jun 25 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Received disconnect from 113.201.65.26 port 58146:11: Bye Bye [preauth]
Jun 25 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Disconnected from 113.201.65.26 port 58146 [preauth]
Jun 25 13:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session closed for user root
Jun 25 13:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 13:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 13:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2882]: Successful su for rubyman by root
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2882]: + ??? root:rubyman
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590442 of user rubyman.
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2882]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590442.
Jun 25 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32342]: pam_unix(cron:session): session closed for user root
Jun 25 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2823]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: Failed password for root from 91.92.40.13 port 53794 ssh2
Jun 25 13:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: Connection closed by 91.92.40.13 port 53794 [preauth]
Jun 25 13:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Invalid user stream from 101.36.111.119
Jun 25 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: input_userauth_request: invalid user stream [preauth]
Jun 25 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Failed password for invalid user stream from 101.36.111.119 port 50552 ssh2
Jun 25 13:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Received disconnect from 101.36.111.119 port 50552:11: Bye Bye [preauth]
Jun 25 13:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Disconnected from 101.36.111.119 port 50552 [preauth]
Jun 25 13:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Failed password for root from 66.116.205.19 port 45728 ssh2
Jun 25 13:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Received disconnect from 66.116.205.19 port 45728:11: Bye Bye [preauth]
Jun 25 13:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Disconnected from 66.116.205.19 port 45728 [preauth]
Jun 25 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1929]: pam_unix(cron:session): session closed for user root
Jun 25 13:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: Invalid user user01 from 113.201.65.26
Jun 25 13:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: input_userauth_request: invalid user user01 [preauth]
Jun 25 13:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: Failed password for invalid user user01 from 113.201.65.26 port 35622 ssh2
Jun 25 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: Received disconnect from 113.201.65.26 port 35622:11: Bye Bye [preauth]
Jun 25 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: Disconnected from 113.201.65.26 port 35622 [preauth]
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session closed for user root
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3224]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3296]: Successful su for rubyman by root
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3296]: + ??? root:rubyman
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590445 of user rubyman.
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3296]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590445.
Jun 25 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session closed for user root
Jun 25 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32759]: pam_unix(cron:session): session closed for user root
Jun 25 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3226]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2399]: pam_unix(cron:session): session closed for user root
Jun 25 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3649]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3813]: Successful su for rubyman by root
Jun 25 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3813]: + ??? root:rubyman
Jun 25 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590450 of user rubyman.
Jun 25 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3813]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590450.
Jun 25 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[852]: pam_unix(cron:session): session closed for user root
Jun 25 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: Failed password for root from 91.92.40.13 port 43954 ssh2
Jun 25 13:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: Connection closed by 91.92.40.13 port 43954 [preauth]
Jun 25 13:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Failed password for root from 101.36.111.119 port 50526 ssh2
Jun 25 13:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Received disconnect from 101.36.111.119 port 50526:11: Bye Bye [preauth]
Jun 25 13:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Disconnected from 101.36.111.119 port 50526 [preauth]
Jun 25 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2825]: pam_unix(cron:session): session closed for user root
Jun 25 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.58.173.254  user=root
Jun 25 13:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: Failed password for root from 106.58.173.254 port 57676 ssh2
Jun 25 13:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: Received disconnect from 106.58.173.254 port 57676:11: Bye Bye [preauth]
Jun 25 13:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: Disconnected from 106.58.173.254 port 57676 [preauth]
Jun 25 13:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Invalid user squid from 113.201.65.26
Jun 25 13:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: input_userauth_request: invalid user squid [preauth]
Jun 25 13:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: Invalid user stream from 66.116.205.19
Jun 25 13:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: input_userauth_request: invalid user stream [preauth]
Jun 25 13:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Failed password for invalid user squid from 113.201.65.26 port 41324 ssh2
Jun 25 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Received disconnect from 113.201.65.26 port 41324:11: Bye Bye [preauth]
Jun 25 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Disconnected from 113.201.65.26 port 41324 [preauth]
Jun 25 13:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: Failed password for invalid user stream from 66.116.205.19 port 35236 ssh2
Jun 25 13:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: Received disconnect from 66.116.205.19 port 35236:11: Bye Bye [preauth]
Jun 25 13:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: Disconnected from 66.116.205.19 port 35236 [preauth]
Jun 25 13:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Invalid user www from 14.103.116.98
Jun 25 13:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: input_userauth_request: invalid user www [preauth]
Jun 25 13:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.116.98
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4271]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4341]: Successful su for rubyman by root
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4341]: + ??? root:rubyman
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590456 of user rubyman.
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4341]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590456.
Jun 25 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Failed password for invalid user www from 14.103.116.98 port 37462 ssh2
Jun 25 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Received disconnect from 14.103.116.98 port 37462:11: Bye Bye [preauth]
Jun 25 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Disconnected from 14.103.116.98 port 37462 [preauth]
Jun 25 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session closed for user root
Jun 25 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session closed for user root
Jun 25 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4685]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4773]: Successful su for rubyman by root
Jun 25 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4773]: + ??? root:rubyman
Jun 25 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590459 of user rubyman.
Jun 25 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4773]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590459.
Jun 25 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1928]: pam_unix(cron:session): session closed for user root
Jun 25 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4686]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: Failed password for root from 91.92.40.13 port 55584 ssh2
Jun 25 13:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5069]: Connection closed by 91.92.40.13 port 55584 [preauth]
Jun 25 13:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Invalid user stream from 113.201.65.26
Jun 25 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: input_userauth_request: invalid user stream [preauth]
Jun 25 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Failed password for invalid user stream from 113.201.65.26 port 47024 ssh2
Jun 25 13:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Received disconnect from 113.201.65.26 port 47024:11: Bye Bye [preauth]
Jun 25 13:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Disconnected from 113.201.65.26 port 47024 [preauth]
Jun 25 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session closed for user root
Jun 25 13:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5130]: Failed password for root from 101.36.111.119 port 49786 ssh2
Jun 25 13:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5130]: Received disconnect from 101.36.111.119 port 49786:11: Bye Bye [preauth]
Jun 25 13:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5130]: Disconnected from 101.36.111.119 port 49786 [preauth]
Jun 25 13:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5195]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: Failed password for root from 66.116.205.19 port 54014 ssh2
Jun 25 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: Received disconnect from 66.116.205.19 port 54014:11: Bye Bye [preauth]
Jun 25 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: Disconnected from 66.116.205.19 port 54014 [preauth]
Jun 25 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5322]: Successful su for rubyman by root
Jun 25 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5322]: + ??? root:rubyman
Jun 25 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590462 of user rubyman.
Jun 25 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5322]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590462.
Jun 25 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5193]: pam_unix(cron:session): session closed for user root
Jun 25 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2398]: pam_unix(cron:session): session closed for user root
Jun 25 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5196]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Invalid user admin from 2.57.121.25
Jun 25 13:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: input_userauth_request: invalid user admin [preauth]
Jun 25 13:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 13:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Failed password for invalid user admin from 2.57.121.25 port 40874 ssh2
Jun 25 13:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Failed password for invalid user admin from 2.57.121.25 port 40874 ssh2
Jun 25 13:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Failed password for invalid user admin from 2.57.121.25 port 40874 ssh2
Jun 25 13:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Connection closed by 2.57.121.25 port 40874 [preauth]
Jun 25 13:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session closed for user root
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5692]: pam_unix(cron:session): session closed for user root
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5687]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5755]: Successful su for rubyman by root
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5755]: + ??? root:rubyman
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590470 of user rubyman.
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5755]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590470.
Jun 25 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session closed for user root
Jun 25 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session closed for user root
Jun 25 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Failed password for root from 113.201.65.26 port 52716 ssh2
Jun 25 13:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Received disconnect from 113.201.65.26 port 52716:11: Bye Bye [preauth]
Jun 25 13:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Disconnected from 113.201.65.26 port 52716 [preauth]
Jun 25 13:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4688]: pam_unix(cron:session): session closed for user root
Jun 25 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Failed password for root from 91.92.40.13 port 58458 ssh2
Jun 25 13:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Connection closed by 91.92.40.13 port 58458 [preauth]
Jun 25 13:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Invalid user be from 101.36.111.119
Jun 25 13:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: input_userauth_request: invalid user be [preauth]
Jun 25 13:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Failed password for invalid user be from 101.36.111.119 port 33220 ssh2
Jun 25 13:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Received disconnect from 101.36.111.119 port 33220:11: Bye Bye [preauth]
Jun 25 13:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Disconnected from 101.36.111.119 port 33220 [preauth]
Jun 25 13:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6116]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6189]: Successful su for rubyman by root
Jun 25 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6189]: + ??? root:rubyman
Jun 25 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590473 of user rubyman.
Jun 25 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6189]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590473.
Jun 25 13:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3228]: pam_unix(cron:session): session closed for user root
Jun 25 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6107]: Did not receive identification string from 13.89.124.221
Jun 25 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6372]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 13.89.124.221 port 48006
Jun 25 13:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Failed password for root from 66.116.205.19 port 48758 ssh2
Jun 25 13:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Received disconnect from 66.116.205.19 port 48758:11: Bye Bye [preauth]
Jun 25 13:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Disconnected from 66.116.205.19 port 48758 [preauth]
Jun 25 13:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5198]: pam_unix(cron:session): session closed for user root
Jun 25 13:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 13:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: Failed password for root from 103.77.242.62 port 35064 ssh2
Jun 25 13:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: Connection closed by 103.77.242.62 port 35064 [preauth]
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6585]: Successful su for rubyman by root
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6585]: + ??? root:rubyman
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590477 of user rubyman.
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6585]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590477.
Jun 25 13:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Invalid user hafiz from 113.201.65.26
Jun 25 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: input_userauth_request: invalid user hafiz [preauth]
Jun 25 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3651]: pam_unix(cron:session): session closed for user root
Jun 25 13:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Failed password for invalid user hafiz from 113.201.65.26 port 58424 ssh2
Jun 25 13:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Received disconnect from 113.201.65.26 port 58424:11: Bye Bye [preauth]
Jun 25 13:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Disconnected from 113.201.65.26 port 58424 [preauth]
Jun 25 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5691]: pam_unix(cron:session): session closed for user root
Jun 25 13:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 13:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Failed password for root from 91.92.40.13 port 60372 ssh2
Jun 25 13:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Connection closed by 91.92.40.13 port 60372 [preauth]
Jun 25 13:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: Failed password for root from 87.251.79.125 port 37350 ssh2
Jun 25 13:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: Connection closed by 87.251.79.125 port 37350 [preauth]
Jun 25 13:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Invalid user sandeep from 101.36.111.119
Jun 25 13:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: input_userauth_request: invalid user sandeep [preauth]
Jun 25 13:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Failed password for invalid user sandeep from 101.36.111.119 port 35398 ssh2
Jun 25 13:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Received disconnect from 101.36.111.119 port 35398:11: Bye Bye [preauth]
Jun 25 13:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Disconnected from 101.36.111.119 port 35398 [preauth]
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6952]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7041]: Successful su for rubyman by root
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7041]: + ??? root:rubyman
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590481 of user rubyman.
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7041]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590481.
Jun 25 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session closed for user root
Jun 25 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6953]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Failed password for root from 66.116.205.19 port 44504 ssh2
Jun 25 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Received disconnect from 66.116.205.19 port 44504:11: Bye Bye [preauth]
Jun 25 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Disconnected from 66.116.205.19 port 44504 [preauth]
Jun 25 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session closed for user root
Jun 25 13:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: Failed password for root from 113.201.65.26 port 35886 ssh2
Jun 25 13:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: Received disconnect from 113.201.65.26 port 35886:11: Bye Bye [preauth]
Jun 25 13:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: Disconnected from 113.201.65.26 port 35886 [preauth]
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7439]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7504]: Successful su for rubyman by root
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7504]: + ??? root:rubyman
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590486 of user rubyman.
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7504]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590486.
Jun 25 13:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4687]: pam_unix(cron:session): session closed for user root
Jun 25 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7440]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7791]: Failed password for root from 103.176.20.57 port 35448 ssh2
Jun 25 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7791]: Connection closed by 103.176.20.57 port 35448 [preauth]
Jun 25 13:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6528]: pam_unix(cron:session): session closed for user root
Jun 25 13:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: Failed password for root from 91.92.40.13 port 53664 ssh2
Jun 25 13:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: Connection closed by 91.92.40.13 port 53664 [preauth]
Jun 25 13:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: Invalid user appuser from 101.36.111.119
Jun 25 13:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: input_userauth_request: invalid user appuser [preauth]
Jun 25 13:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: Failed password for invalid user appuser from 101.36.111.119 port 56148 ssh2
Jun 25 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: Received disconnect from 101.36.111.119 port 56148:11: Bye Bye [preauth]
Jun 25 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: Disconnected from 101.36.111.119 port 56148 [preauth]
Jun 25 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7940]: pam_unix(cron:session): session closed for user root
Jun 25 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8002]: Successful su for rubyman by root
Jun 25 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8002]: + ??? root:rubyman
Jun 25 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590492 of user rubyman.
Jun 25 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8002]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590492.
Jun 25 13:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session closed for user root
Jun 25 13:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5197]: pam_unix(cron:session): session closed for user root
Jun 25 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7936]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6958]: pam_unix(cron:session): session closed for user root
Jun 25 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: Failed password for root from 113.201.65.26 port 41572 ssh2
Jun 25 13:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: Received disconnect from 113.201.65.26 port 41572:11: Bye Bye [preauth]
Jun 25 13:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8277]: Disconnected from 113.201.65.26 port 41572 [preauth]
Jun 25 13:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Invalid user hafiz from 66.116.205.19
Jun 25 13:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: input_userauth_request: invalid user hafiz [preauth]
Jun 25 13:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Failed password for invalid user hafiz from 66.116.205.19 port 41224 ssh2
Jun 25 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Received disconnect from 66.116.205.19 port 41224:11: Bye Bye [preauth]
Jun 25 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Disconnected from 66.116.205.19 port 41224 [preauth]
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8356]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8425]: Successful su for rubyman by root
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8425]: + ??? root:rubyman
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590495 of user rubyman.
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8425]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590495.
Jun 25 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session closed for user root
Jun 25 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8357]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7442]: pam_unix(cron:session): session closed for user root
Jun 25 13:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Failed password for root from 91.92.40.13 port 59652 ssh2
Jun 25 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Connection closed by 91.92.40.13 port 59652 [preauth]
Jun 25 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8760]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8824]: Successful su for rubyman by root
Jun 25 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8824]: + ??? root:rubyman
Jun 25 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590499 of user rubyman.
Jun 25 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8824]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590499.
Jun 25 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6118]: pam_unix(cron:session): session closed for user root
Jun 25 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: Invalid user squid from 101.36.111.119
Jun 25 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: input_userauth_request: invalid user squid [preauth]
Jun 25 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8761]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: Failed password for invalid user squid from 101.36.111.119 port 43308 ssh2
Jun 25 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: Received disconnect from 101.36.111.119 port 43308:11: Bye Bye [preauth]
Jun 25 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: Disconnected from 101.36.111.119 port 43308 [preauth]
Jun 25 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26  user=root
Jun 25 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9053]: Failed password for root from 113.201.65.26 port 47270 ssh2
Jun 25 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9053]: Received disconnect from 113.201.65.26 port 47270:11: Bye Bye [preauth]
Jun 25 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9053]: Disconnected from 113.201.65.26 port 47270 [preauth]
Jun 25 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7939]: pam_unix(cron:session): session closed for user root
Jun 25 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: Invalid user rahim from 66.116.205.19
Jun 25 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: input_userauth_request: invalid user rahim [preauth]
Jun 25 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: Failed password for invalid user rahim from 66.116.205.19 port 57292 ssh2
Jun 25 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: Received disconnect from 66.116.205.19 port 57292:11: Bye Bye [preauth]
Jun 25 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9141]: Disconnected from 66.116.205.19 port 57292 [preauth]
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9168]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9231]: Successful su for rubyman by root
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9231]: + ??? root:rubyman
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590504 of user rubyman.
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9231]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590504.
Jun 25 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6527]: pam_unix(cron:session): session closed for user root
Jun 25 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9169]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: Failed password for root from 141.98.83.240 port 41430 ssh2
Jun 25 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 41430 ssh2]
Jun 25 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: Connection closed by 141.98.83.240 port 41430 [preauth]
Jun 25 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8359]: pam_unix(cron:session): session closed for user root
Jun 25 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 13:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Failed password for root from 193.37.70.224 port 54558 ssh2
Jun 25 13:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Connection closed by 193.37.70.224 port 54558 [preauth]
Jun 25 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Failed password for root from 91.92.40.13 port 34638 ssh2
Jun 25 13:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Connection closed by 91.92.40.13 port 34638 [preauth]
Jun 25 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9560]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9626]: Successful su for rubyman by root
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9626]: + ??? root:rubyman
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590509 of user rubyman.
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9626]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590509.
Jun 25 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: Failed password for root from 202.178.126.219 port 18351 ssh2
Jun 25 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6954]: pam_unix(cron:session): session closed for user root
Jun 25 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: Connection closed by 202.178.126.219 port 18351 [preauth]
Jun 25 13:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9561]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Failed password for root from 101.36.111.119 port 56256 ssh2
Jun 25 13:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Received disconnect from 101.36.111.119 port 56256:11: Bye Bye [preauth]
Jun 25 13:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Disconnected from 101.36.111.119 port 56256 [preauth]
Jun 25 13:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: Invalid user sysadm from 113.201.65.26
Jun 25 13:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: input_userauth_request: invalid user sysadm [preauth]
Jun 25 13:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: Failed password for invalid user sysadm from 113.201.65.26 port 52980 ssh2
Jun 25 13:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: Received disconnect from 113.201.65.26 port 52980:11: Bye Bye [preauth]
Jun 25 13:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: Disconnected from 113.201.65.26 port 52980 [preauth]
Jun 25 13:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9909]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8764]: pam_unix(cron:session): session closed for user root
Jun 25 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10141]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session closed for user root
Jun 25 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10138]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10305]: Successful su for rubyman by root
Jun 25 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10305]: + ??? root:rubyman
Jun 25 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590512 of user rubyman.
Jun 25 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10305]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590512.
Jun 25 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10140]: pam_unix(cron:session): session closed for user root
Jun 25 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7441]: pam_unix(cron:session): session closed for user root
Jun 25 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10139]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: Invalid user frappeuser from 66.116.205.19
Jun 25 13:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: input_userauth_request: invalid user frappeuser [preauth]
Jun 25 13:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: Failed password for invalid user frappeuser from 66.116.205.19 port 52716 ssh2
Jun 25 13:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: Received disconnect from 66.116.205.19 port 52716:11: Bye Bye [preauth]
Jun 25 13:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: Disconnected from 66.116.205.19 port 52716 [preauth]
Jun 25 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9171]: pam_unix(cron:session): session closed for user root
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10753]: Successful su for rubyman by root
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10753]: + ??? root:rubyman
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590518 of user rubyman.
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10753]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590518.
Jun 25 13:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: Failed password for root from 91.92.40.13 port 55994 ssh2
Jun 25 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session closed for user root
Jun 25 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10678]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: Connection closed by 91.92.40.13 port 55994 [preauth]
Jun 25 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Invalid user appuser from 113.201.65.26
Jun 25 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: input_userauth_request: invalid user appuser [preauth]
Jun 25 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Failed password for invalid user appuser from 113.201.65.26 port 58690 ssh2
Jun 25 13:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Received disconnect from 113.201.65.26 port 58690:11: Bye Bye [preauth]
Jun 25 13:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Disconnected from 113.201.65.26 port 58690 [preauth]
Jun 25 13:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: Failed password for root from 101.36.111.119 port 47940 ssh2
Jun 25 13:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: Received disconnect from 101.36.111.119 port 47940:11: Bye Bye [preauth]
Jun 25 13:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: Disconnected from 101.36.111.119 port 47940 [preauth]
Jun 25 13:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9563]: pam_unix(cron:session): session closed for user root
Jun 25 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: Successful su for rubyman by root
Jun 25 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: + ??? root:rubyman
Jun 25 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590523 of user rubyman.
Jun 25 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590523.
Jun 25 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8358]: pam_unix(cron:session): session closed for user root
Jun 25 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Invalid user gitlabuser from 66.116.205.19
Jun 25 13:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: input_userauth_request: invalid user gitlabuser [preauth]
Jun 25 13:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Failed password for invalid user gitlabuser from 66.116.205.19 port 56374 ssh2
Jun 25 13:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Received disconnect from 66.116.205.19 port 56374:11: Bye Bye [preauth]
Jun 25 13:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Disconnected from 66.116.205.19 port 56374 [preauth]
Jun 25 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10142]: pam_unix(cron:session): session closed for user root
Jun 25 13:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 13:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Failed password for root from 62.133.62.83 port 38950 ssh2
Jun 25 13:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Connection closed by 62.133.62.83 port 38950 [preauth]
Jun 25 13:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 13:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: Failed password for root from 147.45.199.80 port 39930 ssh2
Jun 25 13:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: Connection closed by 147.45.199.80 port 39930 [preauth]
Jun 25 13:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Invalid user sshuser from 113.201.65.26
Jun 25 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: input_userauth_request: invalid user sshuser [preauth]
Jun 25 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Failed password for invalid user sshuser from 113.201.65.26 port 36154 ssh2
Jun 25 13:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Received disconnect from 113.201.65.26 port 36154:11: Bye Bye [preauth]
Jun 25 13:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Disconnected from 113.201.65.26 port 36154 [preauth]
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11531]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: Successful su for rubyman by root
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: + ??? root:rubyman
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590525 of user rubyman.
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590525.
Jun 25 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8763]: pam_unix(cron:session): session closed for user root
Jun 25 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11532]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Failed password for root from 91.92.40.13 port 52434 ssh2
Jun 25 13:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Connection closed by 91.92.40.13 port 52434 [preauth]
Jun 25 13:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Invalid user rahim from 101.36.111.119
Jun 25 13:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: input_userauth_request: invalid user rahim [preauth]
Jun 25 13:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 13:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Failed password for invalid user rahim from 101.36.111.119 port 32990 ssh2
Jun 25 13:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Received disconnect from 101.36.111.119 port 32990:11: Bye Bye [preauth]
Jun 25 13:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Disconnected from 101.36.111.119 port 32990 [preauth]
Jun 25 13:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10681]: pam_unix(cron:session): session closed for user root
Jun 25 13:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: Failed password for root from 103.172.78.219 port 39614 ssh2
Jun 25 13:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: Connection closed by 103.172.78.219 port 39614 [preauth]
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: Successful su for rubyman by root
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: + ??? root:rubyman
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590529 of user rubyman.
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590529.
Jun 25 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9170]: pam_unix(cron:session): session closed for user root
Jun 25 13:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session closed for user root
Jun 25 13:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Invalid user erpuser from 113.201.65.26
Jun 25 13:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: input_userauth_request: invalid user erpuser [preauth]
Jun 25 13:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.201.65.26
Jun 25 13:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Failed password for invalid user erpuser from 113.201.65.26 port 41852 ssh2
Jun 25 13:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Received disconnect from 113.201.65.26 port 41852:11: Bye Bye [preauth]
Jun 25 13:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Disconnected from 113.201.65.26 port 41852 [preauth]
Jun 25 13:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: Invalid user sandeep from 66.116.205.19
Jun 25 13:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: input_userauth_request: invalid user sandeep [preauth]
Jun 25 13:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: Failed password for invalid user sandeep from 66.116.205.19 port 59356 ssh2
Jun 25 13:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: Received disconnect from 66.116.205.19 port 59356:11: Bye Bye [preauth]
Jun 25 13:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: Disconnected from 66.116.205.19 port 59356 [preauth]
Jun 25 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session closed for user root
Jun 25 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12519]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12585]: Successful su for rubyman by root
Jun 25 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12585]: + ??? root:rubyman
Jun 25 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590533 of user rubyman.
Jun 25 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12585]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590533.
Jun 25 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9562]: pam_unix(cron:session): session closed for user root
Jun 25 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12521]: pam_unix(cron:session): session closed for user root
Jun 25 13:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12520]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: Failed password for root from 91.92.40.13 port 41684 ssh2
Jun 25 13:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: Connection closed by 91.92.40.13 port 41684 [preauth]
Jun 25 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session closed for user root
Jun 25 13:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 13:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12916]: Failed password for root from 194.113.233.25 port 59082 ssh2
Jun 25 13:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12916]: Connection closed by 194.113.233.25 port 59082 [preauth]
Jun 25 13:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12918]: Failed password for root from 101.36.111.119 port 50026 ssh2
Jun 25 13:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12918]: Received disconnect from 101.36.111.119 port 50026:11: Bye Bye [preauth]
Jun 25 13:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12918]: Disconnected from 101.36.111.119 port 50026 [preauth]
Jun 25 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12967]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13035]: Successful su for rubyman by root
Jun 25 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13035]: + ??? root:rubyman
Jun 25 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590541 of user rubyman.
Jun 25 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13035]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590541.
Jun 25 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10141]: pam_unix(cron:session): session closed for user root
Jun 25 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session closed for user root
Jun 25 13:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Invalid user be from 66.116.205.19
Jun 25 13:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: input_userauth_request: invalid user be [preauth]
Jun 25 13:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Failed password for invalid user be from 66.116.205.19 port 47364 ssh2
Jun 25 13:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Received disconnect from 66.116.205.19 port 47364:11: Bye Bye [preauth]
Jun 25 13:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Disconnected from 66.116.205.19 port 47364 [preauth]
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13449]: Successful su for rubyman by root
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13449]: + ??? root:rubyman
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590545 of user rubyman.
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13449]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590545.
Jun 25 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10679]: pam_unix(cron:session): session closed for user root
Jun 25 13:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 13:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Failed password for root from 109.237.96.109 port 36246 ssh2
Jun 25 13:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13657]: Connection closed by 109.237.96.109 port 36246 [preauth]
Jun 25 13:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: Failed password for root from 91.92.40.13 port 54878 ssh2
Jun 25 13:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13655]: Connection closed by 91.92.40.13 port 54878 [preauth]
Jun 25 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session closed for user root
Jun 25 13:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 13:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: Failed password for root from 101.36.111.119 port 34294 ssh2
Jun 25 13:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: Received disconnect from 101.36.111.119 port 34294:11: Bye Bye [preauth]
Jun 25 13:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: Disconnected from 101.36.111.119 port 34294 [preauth]
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13857]: Successful su for rubyman by root
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13857]: + ??? root:rubyman
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590548 of user rubyman.
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13857]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590548.
Jun 25 13:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session closed for user root
Jun 25 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session closed for user root
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14190]: pam_unix(cron:session): session closed for user p13x
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14249]: Successful su for rubyman by root
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14249]: + ??? root:rubyman
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590552 of user rubyman.
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14249]: pam_unix(su:session): session closed for user rubyman
Jun 25 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590552.
Jun 25 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session closed for user root
Jun 25 13:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14191]: pam_unix(cron:session): session closed for user samftp
Jun 25 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Invalid user sysadm from 66.116.205.19
Jun 25 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: input_userauth_request: invalid user sysadm [preauth]
Jun 25 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 13:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Failed password for invalid user sysadm from 66.116.205.19 port 48748 ssh2
Jun 25 13:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Received disconnect from 66.116.205.19 port 48748:11: Bye Bye [preauth]
Jun 25 13:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Disconnected from 66.116.205.19 port 48748 [preauth]
Jun 25 13:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 13:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Failed password for root from 91.92.40.13 port 41402 ssh2
Jun 25 13:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Connection closed by 91.92.40.13 port 41402 [preauth]
Jun 25 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13388]: pam_unix(cron:session): session closed for user root
Jun 25 13:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 13:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: Invalid user admin from 101.36.111.119
Jun 25 13:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: input_userauth_request: invalid user admin [preauth]
Jun 25 13:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 13:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session closed for user root
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session closed for user root
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: Failed password for invalid user admin from 101.36.111.119 port 48994 ssh2
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: Received disconnect from 101.36.111.119 port 48994:11: Bye Bye [preauth]
Jun 25 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14576]: Disconnected from 101.36.111.119 port 48994 [preauth]
Jun 25 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14726]: Successful su for rubyman by root
Jun 25 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14726]: + ??? root:rubyman
Jun 25 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590555 of user rubyman.
Jun 25 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14726]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590555.
Jun 25 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session closed for user root
Jun 25 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session closed for user root
Jun 25 14:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session closed for user root
Jun 25 14:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 14:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: Failed password for root from 103.15.222.183 port 38294 ssh2
Jun 25 14:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: Connection closed by 103.15.222.183 port 38294 [preauth]
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15179]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: Successful su for rubyman by root
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: + ??? root:rubyman
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590562 of user rubyman.
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590562.
Jun 25 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session closed for user root
Jun 25 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15180]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 14:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: Failed password for root from 103.27.238.120 port 58702 ssh2
Jun 25 14:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15426]: Connection closed by 103.27.238.120 port 58702 [preauth]
Jun 25 14:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 14:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Invalid user ubuntu from 66.116.205.19
Jun 25 14:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 14:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 14:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: Failed password for root from 91.92.40.13 port 35448 ssh2
Jun 25 14:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: Connection closed by 91.92.40.13 port 35448 [preauth]
Jun 25 14:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Failed password for invalid user ubuntu from 66.116.205.19 port 44448 ssh2
Jun 25 14:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Received disconnect from 66.116.205.19 port 44448:11: Bye Bye [preauth]
Jun 25 14:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Disconnected from 66.116.205.19 port 44448 [preauth]
Jun 25 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session closed for user root
Jun 25 14:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Received disconnect from 103.176.90.41 port 26166:11: disconnected by user [preauth]
Jun 25 14:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Disconnected from 103.176.90.41 port 26166 [preauth]
Jun 25 14:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 14:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Failed password for root from 103.153.68.219 port 53230 ssh2
Jun 25 14:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Connection closed by 103.153.68.219 port 53230 [preauth]
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15577]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15639]: Successful su for rubyman by root
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15639]: + ??? root:rubyman
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590566 of user rubyman.
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15639]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590566.
Jun 25 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session closed for user root
Jun 25 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15578]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.111.119  user=root
Jun 25 14:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: Failed password for root from 101.36.111.119 port 42750 ssh2
Jun 25 14:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: Received disconnect from 101.36.111.119 port 42750:11: Bye Bye [preauth]
Jun 25 14:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: Disconnected from 101.36.111.119 port 42750 [preauth]
Jun 25 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session closed for user root
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: Successful su for rubyman by root
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: + ??? root:rubyman
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590570 of user rubyman.
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590570.
Jun 25 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session closed for user root
Jun 25 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 14:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: Failed password for root from 91.92.40.13 port 40324 ssh2
Jun 25 14:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: Connection closed by 91.92.40.13 port 40324 [preauth]
Jun 25 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: Invalid user admin from 66.116.205.19
Jun 25 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: input_userauth_request: invalid user admin [preauth]
Jun 25 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19
Jun 25 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: Failed password for invalid user admin from 66.116.205.19 port 50240 ssh2
Jun 25 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: Received disconnect from 66.116.205.19 port 50240:11: Bye Bye [preauth]
Jun 25 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: Disconnected from 66.116.205.19 port 50240 [preauth]
Jun 25 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15182]: pam_unix(cron:session): session closed for user root
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16359]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16421]: Successful su for rubyman by root
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16421]: + ??? root:rubyman
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590576 of user rubyman.
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16421]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590576.
Jun 25 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session closed for user root
Jun 25 14:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16360]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15580]: pam_unix(cron:session): session closed for user root
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16757]: pam_unix(cron:session): session closed for user root
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16752]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16828]: Successful su for rubyman by root
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16828]: + ??? root:rubyman
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590578 of user rubyman.
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16828]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590578.
Jun 25 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16754]: pam_unix(cron:session): session closed for user root
Jun 25 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14192]: pam_unix(cron:session): session closed for user root
Jun 25 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16753]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Failed password for root from 91.92.40.13 port 51534 ssh2
Jun 25 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Connection closed by 91.92.40.13 port 51534 [preauth]
Jun 25 14:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session closed for user root
Jun 25 14:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: Failed password for root from 38.93.206.2 port 35380 ssh2
Jun 25 14:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: Connection closed by 38.93.206.2 port 35380 [preauth]
Jun 25 14:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.205.19  user=root
Jun 25 14:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 14:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: Failed password for root from 66.116.205.19 port 35442 ssh2
Jun 25 14:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 14:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: Received disconnect from 66.116.205.19 port 35442:11: Bye Bye [preauth]
Jun 25 14:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: Disconnected from 66.116.205.19 port 35442 [preauth]
Jun 25 14:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17287]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17363]: Successful su for rubyman by root
Jun 25 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17363]: + ??? root:rubyman
Jun 25 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590584 of user rubyman.
Jun 25 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17363]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590584.
Jun 25 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14584]: pam_unix(cron:session): session closed for user root
Jun 25 14:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17288]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Invalid user AdminGPON from 45.148.10.121
Jun 25 14:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: input_userauth_request: invalid user AdminGPON [preauth]
Jun 25 14:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 14:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Failed password for invalid user AdminGPON from 45.148.10.121 port 45966 ssh2
Jun 25 14:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Connection closed by 45.148.10.121 port 45966 [preauth]
Jun 25 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session closed for user root
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17787]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17860]: Successful su for rubyman by root
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17860]: + ??? root:rubyman
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590588 of user rubyman.
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17860]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590588.
Jun 25 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15181]: pam_unix(cron:session): session closed for user root
Jun 25 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17789]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 14:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Failed password for root from 91.92.40.13 port 59594 ssh2
Jun 25 14:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Connection closed by 91.92.40.13 port 59594 [preauth]
Jun 25 14:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session closed for user root
Jun 25 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18225]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18295]: Successful su for rubyman by root
Jun 25 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18295]: + ??? root:rubyman
Jun 25 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590592 of user rubyman.
Jun 25 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18295]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590592.
Jun 25 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15579]: pam_unix(cron:session): session closed for user root
Jun 25 14:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18226]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session closed for user root
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18722]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: Successful su for rubyman by root
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: + ??? root:rubyman
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590597 of user rubyman.
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590597.
Jun 25 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18720]: pam_unix(cron:session): session closed for user root
Jun 25 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session closed for user root
Jun 25 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.13  user=root
Jun 25 14:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: Failed password for root from 91.92.40.13 port 36864 ssh2
Jun 25 14:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: Connection closed by 91.92.40.13 port 36864 [preauth]
Jun 25 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17791]: pam_unix(cron:session): session closed for user root
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19330]: pam_unix(cron:session): session closed for user root
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19324]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19400]: Successful su for rubyman by root
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19400]: + ??? root:rubyman
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590605 of user rubyman.
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19400]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590605.
Jun 25 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19327]: pam_unix(cron:session): session closed for user root
Jun 25 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16361]: pam_unix(cron:session): session closed for user root
Jun 25 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19326]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18229]: pam_unix(cron:session): session closed for user root
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19978]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20043]: Successful su for rubyman by root
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20043]: + ??? root:rubyman
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590609 of user rubyman.
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20043]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590609.
Jun 25 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16755]: pam_unix(cron:session): session closed for user root
Jun 25 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19979]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18727]: pam_unix(cron:session): session closed for user root
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20486]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20546]: Successful su for rubyman by root
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20546]: + ??? root:rubyman
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590611 of user rubyman.
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20546]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590611.
Jun 25 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17290]: pam_unix(cron:session): session closed for user root
Jun 25 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20487]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19329]: pam_unix(cron:session): session closed for user root
Jun 25 14:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 14:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Failed password for root from 202.178.126.219 port 36693 ssh2
Jun 25 14:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Connection closed by 202.178.126.219 port 36693 [preauth]
Jun 25 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21043]: Successful su for rubyman by root
Jun 25 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21043]: + ??? root:rubyman
Jun 25 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590615 of user rubyman.
Jun 25 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21043]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590615.
Jun 25 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17790]: pam_unix(cron:session): session closed for user root
Jun 25 14:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20982]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19981]: pam_unix(cron:session): session closed for user root
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: Successful su for rubyman by root
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: + ??? root:rubyman
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590619 of user rubyman.
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21452]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590619.
Jun 25 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18227]: pam_unix(cron:session): session closed for user root
Jun 25 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20489]: pam_unix(cron:session): session closed for user root
Jun 25 14:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 14:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: Failed password for root from 80.66.85.226 port 57736 ssh2
Jun 25 14:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21809]: Connection closed by 80.66.85.226 port 57736 [preauth]
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session closed for user root
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21820]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21893]: Successful su for rubyman by root
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21893]: + ??? root:rubyman
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590623 of user rubyman.
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21893]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590623.
Jun 25 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21822]: pam_unix(cron:session): session closed for user root
Jun 25 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session closed for user root
Jun 25 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21821]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20984]: pam_unix(cron:session): session closed for user root
Jun 25 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22258]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22418]: Successful su for rubyman by root
Jun 25 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22418]: + ??? root:rubyman
Jun 25 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590630 of user rubyman.
Jun 25 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22418]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590630.
Jun 25 14:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19328]: pam_unix(cron:session): session closed for user root
Jun 25 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22259]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Invalid user carlos from 141.98.83.240
Jun 25 14:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: input_userauth_request: invalid user carlos [preauth]
Jun 25 14:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 14:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Failed password for invalid user carlos from 141.98.83.240 port 63838 ssh2
Jun 25 14:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Failed password for invalid user carlos from 141.98.83.240 port 63838 ssh2
Jun 25 14:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Failed password for invalid user carlos from 141.98.83.240 port 63838 ssh2
Jun 25 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Connection closed by 141.98.83.240 port 63838 [preauth]
Jun 25 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session closed for user root
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22751]: pam_unix(cron:session): session closed for user root
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22753]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22825]: Successful su for rubyman by root
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22825]: + ??? root:rubyman
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590636 of user rubyman.
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22825]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590636.
Jun 25 14:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19980]: pam_unix(cron:session): session closed for user root
Jun 25 14:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22754]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session closed for user root
Jun 25 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23219]: Successful su for rubyman by root
Jun 25 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23219]: + ??? root:rubyman
Jun 25 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590641 of user rubyman.
Jun 25 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23219]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590641.
Jun 25 14:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20488]: pam_unix(cron:session): session closed for user root
Jun 25 14:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: Invalid user ansadmin from 106.58.173.254
Jun 25 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: input_userauth_request: invalid user ansadmin [preauth]
Jun 25 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.58.173.254
Jun 25 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22261]: pam_unix(cron:session): session closed for user root
Jun 25 14:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: Failed password for invalid user ansadmin from 106.58.173.254 port 41568 ssh2
Jun 25 14:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: Received disconnect from 106.58.173.254 port 41568:11: Bye Bye [preauth]
Jun 25 14:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23491]: Disconnected from 106.58.173.254 port 41568 [preauth]
Jun 25 14:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23527]: Bad protocol version identification '\026\003\001' from 152.32.180.86 port 32788
Jun 25 14:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: Did not receive identification string from 152.32.180.86
Jun 25 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Connection closed by 152.32.180.86 port 39982 [preauth]
Jun 25 14:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: Protocol major versions differ for 152.32.180.86: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
Jun 25 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23581]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: Successful su for rubyman by root
Jun 25 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: + ??? root:rubyman
Jun 25 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590642 of user rubyman.
Jun 25 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23654]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590642.
Jun 25 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session closed for user root
Jun 25 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23582]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session closed for user root
Jun 25 14:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Received disconnect from 104.194.9.81 port 44204:11: disconnected by user [preauth]
Jun 25 14:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Disconnected from 104.194.9.81 port 44204 [preauth]
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session closed for user root
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24452]: Successful su for rubyman by root
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24452]: + ??? root:rubyman
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590650 of user rubyman.
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24452]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590650.
Jun 25 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session closed for user root
Jun 25 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session closed for user root
Jun 25 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24385]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23155]: pam_unix(cron:session): session closed for user root
Jun 25 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: Successful su for rubyman by root
Jun 25 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: + ??? root:rubyman
Jun 25 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590652 of user rubyman.
Jun 25 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590652.
Jun 25 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21823]: pam_unix(cron:session): session closed for user root
Jun 25 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24839]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23584]: pam_unix(cron:session): session closed for user root
Jun 25 14:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25231]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25231]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25245]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25244]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25242]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25299]: Successful su for rubyman by root
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25299]: + ??? root:rubyman
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590656 of user rubyman.
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25299]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590656.
Jun 25 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22260]: pam_unix(cron:session): session closed for user root
Jun 25 14:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25243]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Invalid user admin from 193.46.255.86
Jun 25 14:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: input_userauth_request: invalid user admin [preauth]
Jun 25 14:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 14:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Failed password for invalid user admin from 193.46.255.86 port 42444 ssh2
Jun 25 14:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Failed password for invalid user admin from 193.46.255.86 port 42444 ssh2
Jun 25 14:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Failed password for invalid user admin from 193.46.255.86 port 42444 ssh2
Jun 25 14:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Connection closed by 193.46.255.86 port 42444 [preauth]
Jun 25 14:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 14:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session closed for user root
Jun 25 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25636]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25695]: Successful su for rubyman by root
Jun 25 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25695]: + ??? root:rubyman
Jun 25 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590662 of user rubyman.
Jun 25 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25695]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590662.
Jun 25 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session closed for user root
Jun 25 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25637]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session closed for user root
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26020]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26078]: Successful su for rubyman by root
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26078]: + ??? root:rubyman
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590664 of user rubyman.
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26078]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590664.
Jun 25 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23154]: pam_unix(cron:session): session closed for user root
Jun 25 14:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 14:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: Failed password for root from 176.32.39.21 port 41980 ssh2
Jun 25 14:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26300]: Connection closed by 176.32.39.21 port 41980 [preauth]
Jun 25 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25245]: pam_unix(cron:session): session closed for user root
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26421]: pam_unix(cron:session): session closed for user root
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26484]: Successful su for rubyman by root
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26484]: + ??? root:rubyman
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590670 of user rubyman.
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26484]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590670.
Jun 25 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26418]: pam_unix(cron:session): session closed for user root
Jun 25 14:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23583]: pam_unix(cron:session): session closed for user root
Jun 25 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26417]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session closed for user root
Jun 25 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26932]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26999]: Successful su for rubyman by root
Jun 25 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26999]: + ??? root:rubyman
Jun 25 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590674 of user rubyman.
Jun 25 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26999]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590674.
Jun 25 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session closed for user root
Jun 25 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26933]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session closed for user root
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27353]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27415]: Successful su for rubyman by root
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27415]: + ??? root:rubyman
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590679 of user rubyman.
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27415]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590679.
Jun 25 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24840]: pam_unix(cron:session): session closed for user root
Jun 25 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: Invalid user rico from 106.58.173.254
Jun 25 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: input_userauth_request: invalid user rico [preauth]
Jun 25 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.58.173.254
Jun 25 14:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: Failed password for invalid user rico from 106.58.173.254 port 45364 ssh2
Jun 25 14:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: Received disconnect from 106.58.173.254 port 45364:11: Bye Bye [preauth]
Jun 25 14:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27636]: Disconnected from 106.58.173.254 port 45364 [preauth]
Jun 25 14:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26420]: pam_unix(cron:session): session closed for user root
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27759]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27819]: Successful su for rubyman by root
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27819]: + ??? root:rubyman
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590682 of user rubyman.
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27819]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590682.
Jun 25 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25244]: pam_unix(cron:session): session closed for user root
Jun 25 14:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27760]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26935]: pam_unix(cron:session): session closed for user root
Jun 25 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28225]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: Successful su for rubyman by root
Jun 25 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: + ??? root:rubyman
Jun 25 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590686 of user rubyman.
Jun 25 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590686.
Jun 25 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session closed for user root
Jun 25 14:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28226]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27356]: pam_unix(cron:session): session closed for user root
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28714]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28715]: pam_unix(cron:session): session closed for user root
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28708]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: Successful su for rubyman by root
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: + ??? root:rubyman
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590691 of user rubyman.
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590691.
Jun 25 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28711]: pam_unix(cron:session): session closed for user root
Jun 25 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session closed for user root
Jun 25 14:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28709]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27763]: pam_unix(cron:session): session closed for user root
Jun 25 14:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29109]: Connection closed by 194.59.206.2 port 32016 [preauth]
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29163]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: Successful su for rubyman by root
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: + ??? root:rubyman
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590697 of user rubyman.
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590697.
Jun 25 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26419]: pam_unix(cron:session): session closed for user root
Jun 25 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29164]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 14:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session closed for user root
Jun 25 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29514]: Failed password for root from 103.27.238.114 port 50026 ssh2
Jun 25 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29514]: Connection closed by 103.27.238.114 port 50026 [preauth]
Jun 25 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29693]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29778]: Successful su for rubyman by root
Jun 25 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29778]: + ??? root:rubyman
Jun 25 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590700 of user rubyman.
Jun 25 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29778]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590700.
Jun 25 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26934]: pam_unix(cron:session): session closed for user root
Jun 25 14:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29695]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: Invalid user rayven from 2.57.121.112
Jun 25 14:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: input_userauth_request: invalid user rayven [preauth]
Jun 25 14:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 14:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: Failed password for invalid user rayven from 2.57.121.112 port 33782 ssh2
Jun 25 14:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: Failed password for invalid user rayven from 2.57.121.112 port 33782 ssh2
Jun 25 14:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28714]: pam_unix(cron:session): session closed for user root
Jun 25 14:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: Failed password for invalid user rayven from 2.57.121.112 port 33782 ssh2
Jun 25 14:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: Invalid user rayven from 2.57.121.112
Jun 25 14:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: input_userauth_request: invalid user rayven [preauth]
Jun 25 14:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: Failed password for invalid user rayven from 2.57.121.112 port 33782 ssh2
Jun 25 14:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: Connection closed by 2.57.121.112 port 33782 [preauth]
Jun 25 14:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 14:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 14:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 14:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: Failed password for invalid user rayven from 2.57.121.112 port 40910 ssh2
Jun 25 14:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: Connection closed by 2.57.121.112 port 40910 [preauth]
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30139]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30209]: Successful su for rubyman by root
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30209]: + ??? root:rubyman
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590705 of user rubyman.
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30209]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590705.
Jun 25 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session closed for user root
Jun 25 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29166]: pam_unix(cron:session): session closed for user root
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30545]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: Successful su for rubyman by root
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: + ??? root:rubyman
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590708 of user rubyman.
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590708.
Jun 25 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session closed for user root
Jun 25 14:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30548]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29698]: pam_unix(cron:session): session closed for user root
Jun 25 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31064]: pam_unix(cron:session): session closed for user root
Jun 25 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31059]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31128]: Successful su for rubyman by root
Jun 25 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31128]: + ??? root:rubyman
Jun 25 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590714 of user rubyman.
Jun 25 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31128]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590714.
Jun 25 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28227]: pam_unix(cron:session): session closed for user root
Jun 25 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31061]: pam_unix(cron:session): session closed for user root
Jun 25 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31060]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31335]: Connection closed by 66.132.224.85 port 11832 [preauth]
Jun 25 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session closed for user root
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31655]: Successful su for rubyman by root
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31655]: + ??? root:rubyman
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590720 of user rubyman.
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31655]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590720.
Jun 25 14:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28712]: pam_unix(cron:session): session closed for user root
Jun 25 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30550]: pam_unix(cron:session): session closed for user root
Jun 25 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32001]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: Successful su for rubyman by root
Jun 25 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: + ??? root:rubyman
Jun 25 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590724 of user rubyman.
Jun 25 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590724.
Jun 25 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29165]: pam_unix(cron:session): session closed for user root
Jun 25 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32002]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 14:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Failed password for root from 77.94.47.83 port 39110 ssh2
Jun 25 14:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Connection closed by 77.94.47.83 port 39110 [preauth]
Jun 25 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31063]: pam_unix(cron:session): session closed for user root
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32467]: Successful su for rubyman by root
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32467]: + ??? root:rubyman
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590726 of user rubyman.
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32467]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590726.
Jun 25 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29697]: pam_unix(cron:session): session closed for user root
Jun 25 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32404]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 14:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 14:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 14:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31494]: pam_unix(cron:session): session closed for user root
Jun 25 14:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Invalid user admin from 2.57.121.25
Jun 25 14:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: input_userauth_request: invalid user admin [preauth]
Jun 25 14:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 14:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Failed password for invalid user admin from 2.57.121.25 port 37608 ssh2
Jun 25 14:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Failed password for invalid user admin from 2.57.121.25 port 37608 ssh2
Jun 25 14:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Failed password for invalid user admin from 2.57.121.25 port 37608 ssh2
Jun 25 14:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Connection closed by 2.57.121.25 port 37608 [preauth]
Jun 25 14:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[362]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[625]: Successful su for rubyman by root
Jun 25 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[625]: + ??? root:rubyman
Jun 25 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590731 of user rubyman.
Jun 25 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[625]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590731.
Jun 25 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[360]: pam_unix(cron:session): session closed for user root
Jun 25 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30143]: pam_unix(cron:session): session closed for user root
Jun 25 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[363]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 14:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32005]: pam_unix(cron:session): session closed for user root
Jun 25 14:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Failed password for root from 103.82.132.16 port 44554 ssh2
Jun 25 14:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Connection closed by 103.82.132.16 port 44554 [preauth]
Jun 25 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session closed for user root
Jun 25 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1017]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: Successful su for rubyman by root
Jun 25 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: + ??? root:rubyman
Jun 25 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590737 of user rubyman.
Jun 25 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590737.
Jun 25 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session closed for user root
Jun 25 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30549]: pam_unix(cron:session): session closed for user root
Jun 25 14:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session closed for user root
Jun 25 14:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1618]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Failed password for root from 103.149.28.157 port 34964 ssh2
Jun 25 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Connection closed by 103.149.28.157 port 34964 [preauth]
Jun 25 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: Successful su for rubyman by root
Jun 25 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: + ??? root:rubyman
Jun 25 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590741 of user rubyman.
Jun 25 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590741.
Jun 25 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31062]: pam_unix(cron:session): session closed for user root
Jun 25 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1619]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[365]: pam_unix(cron:session): session closed for user root
Jun 25 14:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 25 14:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Failed password for root from 45.148.10.121 port 45774 ssh2
Jun 25 14:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Connection closed by 45.148.10.121 port 45774 [preauth]
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2184]: Successful su for rubyman by root
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2184]: + ??? root:rubyman
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590745 of user rubyman.
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2184]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590745.
Jun 25 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session closed for user root
Jun 25 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2110]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 14:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2420]: Failed password for root from 51.250.105.222 port 49638 ssh2
Jun 25 14:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2420]: Connection closed by 51.250.105.222 port 49638 [preauth]
Jun 25 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session closed for user root
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2540]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2614]: Successful su for rubyman by root
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2614]: + ??? root:rubyman
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590749 of user rubyman.
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2614]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590749.
Jun 25 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32003]: pam_unix(cron:session): session closed for user root
Jun 25 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session closed for user root
Jun 25 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2950]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3010]: Successful su for rubyman by root
Jun 25 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3010]: + ??? root:rubyman
Jun 25 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590753 of user rubyman.
Jun 25 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3010]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590753.
Jun 25 14:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32405]: pam_unix(cron:session): session closed for user root
Jun 25 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2951]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: Invalid user user from 141.98.83.240
Jun 25 14:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: input_userauth_request: invalid user user [preauth]
Jun 25 14:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: Failed password for invalid user user from 141.98.83.240 port 19532 ssh2
Jun 25 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: Failed password for invalid user user from 141.98.83.240 port 19532 ssh2
Jun 25 14:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: Failed password for invalid user user from 141.98.83.240 port 19532 ssh2
Jun 25 14:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: Connection closed by 141.98.83.240 port 19532 [preauth]
Jun 25 14:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2112]: pam_unix(cron:session): session closed for user root
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session closed for user root
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: Successful su for rubyman by root
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: + ??? root:rubyman
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590759 of user rubyman.
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590759.
Jun 25 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3341]: pam_unix(cron:session): session closed for user root
Jun 25 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[364]: pam_unix(cron:session): session closed for user root
Jun 25 14:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session closed for user root
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session closed for user root
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: Successful su for rubyman by root
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: + ??? root:rubyman
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590763 of user rubyman.
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590763.
Jun 25 14:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session closed for user root
Jun 25 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232  user=root
Jun 25 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: Failed password for root from 79.72.57.232 port 57204 ssh2
Jun 25 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: message repeated 5 times: [ Failed password for root from 79.72.57.232 port 57204 ssh2]
Jun 25 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: error: maximum authentication attempts exceeded for root from 79.72.57.232 port 57204 ssh2 [preauth]
Jun 25 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232  user=root
Jun 25 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232  user=root
Jun 25 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: Failed password for root from 79.72.57.232 port 52558 ssh2
Jun 25 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: message repeated 2 times: [ Failed password for root from 79.72.57.232 port 52558 ssh2]
Jun 25 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2953]: pam_unix(cron:session): session closed for user root
Jun 25 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: Failed password for root from 79.72.57.232 port 52558 ssh2
Jun 25 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: message repeated 2 times: [ Failed password for root from 79.72.57.232 port 52558 ssh2]
Jun 25 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: error: maximum authentication attempts exceeded for root from 79.72.57.232 port 52558 ssh2 [preauth]
Jun 25 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232  user=root
Jun 25 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4315]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232  user=root
Jun 25 14:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: Failed password for root from 79.72.57.232 port 39436 ssh2
Jun 25 14:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: message repeated 2 times: [ Failed password for root from 79.72.57.232 port 39436 ssh2]
Jun 25 14:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: Failed password for root from 79.72.57.232 port 39436 ssh2
Jun 25 14:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 14:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: Failed password for root from 79.72.57.232 port 39436 ssh2
Jun 25 14:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Failed password for root from 202.178.126.219 port 25974 ssh2
Jun 25 14:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Connection closed by 202.178.126.219 port 25974 [preauth]
Jun 25 14:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: Failed password for root from 79.72.57.232 port 39436 ssh2
Jun 25 14:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: error: maximum authentication attempts exceeded for root from 79.72.57.232 port 39436 ssh2 [preauth]
Jun 25 14:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232  user=root
Jun 25 14:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4368]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232  user=root
Jun 25 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: Failed password for root from 79.72.57.232 port 43994 ssh2
Jun 25 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: Received disconnect from 79.72.57.232 port 43994:11: disconnected by user [preauth]
Jun 25 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4409]: Disconnected from 79.72.57.232 port 43994 [preauth]
Jun 25 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Invalid user admin from 79.72.57.232
Jun 25 14:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: input_userauth_request: invalid user admin [preauth]
Jun 25 14:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Failed password for invalid user admin from 79.72.57.232 port 44008 ssh2
Jun 25 14:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4422]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Failed password for invalid user admin from 79.72.57.232 port 44008 ssh2
Jun 25 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4484]: Successful su for rubyman by root
Jun 25 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4484]: + ??? root:rubyman
Jun 25 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590769 of user rubyman.
Jun 25 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4484]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590769.
Jun 25 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Failed password for invalid user admin from 79.72.57.232 port 44008 ssh2
Jun 25 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session closed for user root
Jun 25 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Failed password for invalid user admin from 79.72.57.232 port 44008 ssh2
Jun 25 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Failed password for invalid user admin from 79.72.57.232 port 44008 ssh2
Jun 25 14:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Failed password for invalid user admin from 79.72.57.232 port 44008 ssh2
Jun 25 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: error: maximum authentication attempts exceeded for invalid user admin from 79.72.57.232 port 44008 ssh2 [preauth]
Jun 25 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Invalid user admin from 79.72.57.232
Jun 25 14:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: input_userauth_request: invalid user admin [preauth]
Jun 25 14:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Failed password for invalid user admin from 79.72.57.232 port 60488 ssh2
Jun 25 14:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Failed password for invalid user admin from 79.72.57.232 port 60488 ssh2
Jun 25 14:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Failed password for invalid user admin from 79.72.57.232 port 60488 ssh2
Jun 25 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Failed password for invalid user admin from 79.72.57.232 port 60488 ssh2
Jun 25 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Failed password for invalid user admin from 79.72.57.232 port 60488 ssh2
Jun 25 14:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Failed password for invalid user admin from 79.72.57.232 port 60488 ssh2
Jun 25 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: error: maximum authentication attempts exceeded for invalid user admin from 79.72.57.232 port 60488 ssh2 [preauth]
Jun 25 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Invalid user admin from 79.72.57.232
Jun 25 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: input_userauth_request: invalid user admin [preauth]
Jun 25 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for invalid user admin from 79.72.57.232 port 49278 ssh2
Jun 25 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for invalid user admin from 79.72.57.232 port 49278 ssh2
Jun 25 14:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for invalid user admin from 79.72.57.232 port 49278 ssh2
Jun 25 14:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for invalid user admin from 79.72.57.232 port 49278 ssh2
Jun 25 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Received disconnect from 79.72.57.232 port 49278:11: disconnected by user [preauth]
Jun 25 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Disconnected from 79.72.57.232 port 49278 [preauth]
Jun 25 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session closed for user root
Jun 25 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Invalid user oracle from 79.72.57.232
Jun 25 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: input_userauth_request: invalid user oracle [preauth]
Jun 25 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Failed password for invalid user oracle from 79.72.57.232 port 37030 ssh2
Jun 25 14:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Failed password for invalid user oracle from 79.72.57.232 port 37030 ssh2
Jun 25 14:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Failed password for invalid user oracle from 79.72.57.232 port 37030 ssh2
Jun 25 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Failed password for invalid user oracle from 79.72.57.232 port 37030 ssh2
Jun 25 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Failed password for invalid user oracle from 79.72.57.232 port 37030 ssh2
Jun 25 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Failed password for invalid user oracle from 79.72.57.232 port 37030 ssh2
Jun 25 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: error: maximum authentication attempts exceeded for invalid user oracle from 79.72.57.232 port 37030 ssh2 [preauth]
Jun 25 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Invalid user oracle from 79.72.57.232
Jun 25 14:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: input_userauth_request: invalid user oracle [preauth]
Jun 25 14:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Failed password for invalid user oracle from 79.72.57.232 port 46084 ssh2
Jun 25 14:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Failed password for invalid user oracle from 79.72.57.232 port 46084 ssh2
Jun 25 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Failed password for invalid user oracle from 79.72.57.232 port 46084 ssh2
Jun 25 14:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Failed password for invalid user oracle from 79.72.57.232 port 46084 ssh2
Jun 25 14:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Failed password for invalid user oracle from 79.72.57.232 port 46084 ssh2
Jun 25 14:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Failed password for invalid user oracle from 79.72.57.232 port 46084 ssh2
Jun 25 14:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: error: maximum authentication attempts exceeded for invalid user oracle from 79.72.57.232 port 46084 ssh2 [preauth]
Jun 25 14:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Invalid user oracle from 79.72.57.232
Jun 25 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: input_userauth_request: invalid user oracle [preauth]
Jun 25 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4957]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Failed password for invalid user oracle from 79.72.57.232 port 48254 ssh2
Jun 25 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5018]: Successful su for rubyman by root
Jun 25 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5018]: + ??? root:rubyman
Jun 25 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590774 of user rubyman.
Jun 25 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5018]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590774.
Jun 25 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Failed password for invalid user oracle from 79.72.57.232 port 48254 ssh2
Jun 25 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Received disconnect from 79.72.57.232 port 48254:11: disconnected by user [preauth]
Jun 25 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Disconnected from 79.72.57.232 port 48254 [preauth]
Jun 25 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2111]: pam_unix(cron:session): session closed for user root
Jun 25 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Invalid user usuario from 79.72.57.232
Jun 25 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: input_userauth_request: invalid user usuario [preauth]
Jun 25 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4958]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Failed password for invalid user usuario from 79.72.57.232 port 57052 ssh2
Jun 25 14:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Failed password for invalid user usuario from 79.72.57.232 port 57052 ssh2
Jun 25 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Failed password for invalid user usuario from 79.72.57.232 port 57052 ssh2
Jun 25 14:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Failed password for invalid user usuario from 79.72.57.232 port 57052 ssh2
Jun 25 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Failed password for invalid user usuario from 79.72.57.232 port 57052 ssh2
Jun 25 14:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Failed password for invalid user usuario from 79.72.57.232 port 57052 ssh2
Jun 25 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: error: maximum authentication attempts exceeded for invalid user usuario from 79.72.57.232 port 57052 ssh2 [preauth]
Jun 25 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Invalid user usuario from 79.72.57.232
Jun 25 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: input_userauth_request: invalid user usuario [preauth]
Jun 25 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Failed password for invalid user usuario from 79.72.57.232 port 56250 ssh2
Jun 25 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Failed password for invalid user usuario from 79.72.57.232 port 56250 ssh2
Jun 25 14:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Failed password for invalid user usuario from 79.72.57.232 port 56250 ssh2
Jun 25 14:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Failed password for invalid user usuario from 79.72.57.232 port 56250 ssh2
Jun 25 14:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Failed password for invalid user usuario from 79.72.57.232 port 56250 ssh2
Jun 25 14:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Failed password for invalid user usuario from 79.72.57.232 port 56250 ssh2
Jun 25 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: error: maximum authentication attempts exceeded for invalid user usuario from 79.72.57.232 port 56250 ssh2 [preauth]
Jun 25 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: Invalid user usuario from 79.72.57.232
Jun 25 14:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: input_userauth_request: invalid user usuario [preauth]
Jun 25 14:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: Failed password for invalid user usuario from 79.72.57.232 port 52996 ssh2
Jun 25 14:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session closed for user root
Jun 25 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: Failed password for invalid user usuario from 79.72.57.232 port 52996 ssh2
Jun 25 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: Received disconnect from 79.72.57.232 port 52996:11: disconnected by user [preauth]
Jun 25 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: Disconnected from 79.72.57.232 port 52996 [preauth]
Jun 25 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5266]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Invalid user test from 79.72.57.232
Jun 25 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: input_userauth_request: invalid user test [preauth]
Jun 25 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for invalid user test from 79.72.57.232 port 53768 ssh2
Jun 25 14:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for invalid user test from 79.72.57.232 port 53768 ssh2
Jun 25 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for invalid user test from 79.72.57.232 port 53768 ssh2
Jun 25 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for invalid user test from 79.72.57.232 port 53768 ssh2
Jun 25 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for invalid user test from 79.72.57.232 port 53768 ssh2
Jun 25 14:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for invalid user test from 79.72.57.232 port 53768 ssh2
Jun 25 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: error: maximum authentication attempts exceeded for invalid user test from 79.72.57.232 port 53768 ssh2 [preauth]
Jun 25 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Invalid user test from 79.72.57.232
Jun 25 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: input_userauth_request: invalid user test [preauth]
Jun 25 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for invalid user test from 79.72.57.232 port 42676 ssh2
Jun 25 14:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for invalid user test from 79.72.57.232 port 42676 ssh2
Jun 25 14:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for invalid user test from 79.72.57.232 port 42676 ssh2
Jun 25 14:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for invalid user test from 79.72.57.232 port 42676 ssh2
Jun 25 14:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for invalid user test from 79.72.57.232 port 42676 ssh2
Jun 25 14:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for invalid user test from 79.72.57.232 port 42676 ssh2
Jun 25 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: error: maximum authentication attempts exceeded for invalid user test from 79.72.57.232 port 42676 ssh2 [preauth]
Jun 25 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Invalid user test from 79.72.57.232
Jun 25 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: input_userauth_request: invalid user test [preauth]
Jun 25 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Failed password for invalid user test from 79.72.57.232 port 33144 ssh2
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5374]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5435]: Successful su for rubyman by root
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5435]: + ??? root:rubyman
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590779 of user rubyman.
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5435]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590779.
Jun 25 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Failed password for invalid user test from 79.72.57.232 port 33144 ssh2
Jun 25 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Received disconnect from 79.72.57.232 port 33144:11: disconnected by user [preauth]
Jun 25 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Disconnected from 79.72.57.232 port 33144 [preauth]
Jun 25 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Invalid user user from 79.72.57.232
Jun 25 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: input_userauth_request: invalid user user [preauth]
Jun 25 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session closed for user root
Jun 25 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5375]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Failed password for invalid user user from 79.72.57.232 port 46502 ssh2
Jun 25 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Failed password for invalid user user from 79.72.57.232 port 46502 ssh2
Jun 25 14:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Failed password for invalid user user from 79.72.57.232 port 46502 ssh2
Jun 25 14:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Failed password for invalid user user from 79.72.57.232 port 46502 ssh2
Jun 25 14:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Failed password for invalid user user from 79.72.57.232 port 46502 ssh2
Jun 25 14:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Failed password for invalid user user from 79.72.57.232 port 46502 ssh2
Jun 25 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: error: maximum authentication attempts exceeded for invalid user user from 79.72.57.232 port 46502 ssh2 [preauth]
Jun 25 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Invalid user user from 79.72.57.232
Jun 25 14:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: input_userauth_request: invalid user user [preauth]
Jun 25 14:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Failed password for invalid user user from 79.72.57.232 port 59298 ssh2
Jun 25 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Failed password for invalid user user from 79.72.57.232 port 59298 ssh2
Jun 25 14:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Failed password for invalid user user from 79.72.57.232 port 59298 ssh2
Jun 25 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Failed password for invalid user user from 79.72.57.232 port 59298 ssh2
Jun 25 14:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Failed password for invalid user user from 79.72.57.232 port 59298 ssh2
Jun 25 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Failed password for invalid user user from 79.72.57.232 port 59298 ssh2
Jun 25 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: error: maximum authentication attempts exceeded for invalid user user from 79.72.57.232 port 59298 ssh2 [preauth]
Jun 25 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5637]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Invalid user user from 79.72.57.232
Jun 25 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: input_userauth_request: invalid user user [preauth]
Jun 25 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Failed password for invalid user user from 79.72.57.232 port 37696 ssh2
Jun 25 14:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Failed password for invalid user user from 79.72.57.232 port 37696 ssh2
Jun 25 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session closed for user root
Jun 25 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Failed password for invalid user user from 79.72.57.232 port 37696 ssh2
Jun 25 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Failed password for invalid user user from 79.72.57.232 port 37696 ssh2
Jun 25 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Received disconnect from 79.72.57.232 port 37696:11: disconnected by user [preauth]
Jun 25 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Disconnected from 79.72.57.232 port 37696 [preauth]
Jun 25 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Invalid user ftpuser from 79.72.57.232
Jun 25 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: Failed password for root from 38.93.206.2 port 64058 ssh2
Jun 25 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: Connection closed by 38.93.206.2 port 64058 [preauth]
Jun 25 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Failed password for invalid user ftpuser from 79.72.57.232 port 60460 ssh2
Jun 25 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Failed password for invalid user ftpuser from 79.72.57.232 port 60460 ssh2
Jun 25 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Failed password for invalid user ftpuser from 79.72.57.232 port 60460 ssh2
Jun 25 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Failed password for invalid user ftpuser from 79.72.57.232 port 60460 ssh2
Jun 25 14:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Failed password for invalid user ftpuser from 79.72.57.232 port 60460 ssh2
Jun 25 14:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Failed password for invalid user ftpuser from 79.72.57.232 port 60460 ssh2
Jun 25 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: error: maximum authentication attempts exceeded for invalid user ftpuser from 79.72.57.232 port 60460 ssh2 [preauth]
Jun 25 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: Invalid user ftpuser from 79.72.57.232
Jun 25 14:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 14:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: Failed password for invalid user ftpuser from 79.72.57.232 port 34252 ssh2
Jun 25 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: Failed password for invalid user ftpuser from 79.72.57.232 port 34252 ssh2
Jun 25 14:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: Failed password for invalid user ftpuser from 79.72.57.232 port 34252 ssh2
Jun 25 14:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: Failed password for invalid user ftpuser from 79.72.57.232 port 34252 ssh2
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session closed for user root
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5843]: Successful su for rubyman by root
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5843]: + ??? root:rubyman
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590780 of user rubyman.
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5843]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590780.
Jun 25 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: Failed password for invalid user ftpuser from 79.72.57.232 port 34252 ssh2
Jun 25 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5772]: pam_unix(cron:session): session closed for user root
Jun 25 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2952]: pam_unix(cron:session): session closed for user root
Jun 25 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: Failed password for invalid user ftpuser from 79.72.57.232 port 34252 ssh2
Jun 25 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: error: maximum authentication attempts exceeded for invalid user ftpuser from 79.72.57.232 port 34252 ssh2 [preauth]
Jun 25 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5749]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: Invalid user ftpuser from 79.72.57.232
Jun 25 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: Failed password for invalid user ftpuser from 79.72.57.232 port 37074 ssh2
Jun 25 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: Failed password for invalid user ftpuser from 79.72.57.232 port 37074 ssh2
Jun 25 14:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: Failed password for invalid user ftpuser from 79.72.57.232 port 37074 ssh2
Jun 25 14:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: Failed password for invalid user ftpuser from 79.72.57.232 port 37074 ssh2
Jun 25 14:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: Received disconnect from 79.72.57.232 port 37074:11: disconnected by user [preauth]
Jun 25 14:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: Disconnected from 79.72.57.232 port 37074 [preauth]
Jun 25 14:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 14:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Invalid user test1 from 79.72.57.232
Jun 25 14:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: input_userauth_request: invalid user test1 [preauth]
Jun 25 14:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for invalid user test1 from 79.72.57.232 port 35916 ssh2
Jun 25 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for invalid user test1 from 79.72.57.232 port 35916 ssh2
Jun 25 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for invalid user test1 from 79.72.57.232 port 35916 ssh2
Jun 25 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for invalid user test1 from 79.72.57.232 port 35916 ssh2
Jun 25 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for invalid user test1 from 79.72.57.232 port 35916 ssh2
Jun 25 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 14:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for invalid user test1 from 79.72.57.232 port 35916 ssh2
Jun 25 14:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: error: maximum authentication attempts exceeded for invalid user test1 from 79.72.57.232 port 35916 ssh2 [preauth]
Jun 25 14:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Failed password for root from 103.27.238.116 port 56030 ssh2
Jun 25 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Connection closed by 103.27.238.116 port 56030 [preauth]
Jun 25 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Invalid user test1 from 79.72.57.232
Jun 25 14:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: input_userauth_request: invalid user test1 [preauth]
Jun 25 14:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user test1 from 79.72.57.232 port 49940 ssh2
Jun 25 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4961]: pam_unix(cron:session): session closed for user root
Jun 25 14:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user test1 from 79.72.57.232 port 49940 ssh2
Jun 25 14:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user test1 from 79.72.57.232 port 49940 ssh2
Jun 25 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user test1 from 79.72.57.232 port 49940 ssh2
Jun 25 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user test1 from 79.72.57.232 port 49940 ssh2
Jun 25 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user test1 from 79.72.57.232 port 49940 ssh2
Jun 25 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: error: maximum authentication attempts exceeded for invalid user test1 from 79.72.57.232 port 49940 ssh2 [preauth]
Jun 25 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: Invalid user test1 from 79.72.57.232
Jun 25 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: input_userauth_request: invalid user test1 [preauth]
Jun 25 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: Failed password for invalid user test1 from 79.72.57.232 port 56742 ssh2
Jun 25 14:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: Failed password for invalid user test1 from 79.72.57.232 port 56742 ssh2
Jun 25 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: Received disconnect from 79.72.57.232 port 56742:11: disconnected by user [preauth]
Jun 25 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: Disconnected from 79.72.57.232 port 56742 [preauth]
Jun 25 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Invalid user test2 from 79.72.57.232
Jun 25 14:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: input_userauth_request: invalid user test2 [preauth]
Jun 25 14:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user test2 from 79.72.57.232 port 56744 ssh2
Jun 25 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user test2 from 79.72.57.232 port 56744 ssh2
Jun 25 14:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user test2 from 79.72.57.232 port 56744 ssh2
Jun 25 14:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user test2 from 79.72.57.232 port 56744 ssh2
Jun 25 14:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user test2 from 79.72.57.232 port 56744 ssh2
Jun 25 14:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6269]: Successful su for rubyman by root
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6269]: + ??? root:rubyman
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590788 of user rubyman.
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6269]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590788.
Jun 25 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user test2 from 79.72.57.232 port 56744 ssh2
Jun 25 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: error: maximum authentication attempts exceeded for invalid user test2 from 79.72.57.232 port 56744 ssh2 [preauth]
Jun 25 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Invalid user test2 from 79.72.57.232
Jun 25 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: input_userauth_request: invalid user test2 [preauth]
Jun 25 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session closed for user root
Jun 25 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for invalid user test2 from 79.72.57.232 port 60602 ssh2
Jun 25 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Failed password for root from 103.82.20.28 port 42684 ssh2
Jun 25 14:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Connection closed by 103.82.20.28 port 42684 [preauth]
Jun 25 14:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for invalid user test2 from 79.72.57.232 port 60602 ssh2
Jun 25 14:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for invalid user test2 from 79.72.57.232 port 60602 ssh2
Jun 25 14:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for invalid user test2 from 79.72.57.232 port 60602 ssh2
Jun 25 14:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for invalid user test2 from 79.72.57.232 port 60602 ssh2
Jun 25 14:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for invalid user test2 from 79.72.57.232 port 60602 ssh2
Jun 25 14:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: error: maximum authentication attempts exceeded for invalid user test2 from 79.72.57.232 port 60602 ssh2 [preauth]
Jun 25 14:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Invalid user test2 from 79.72.57.232
Jun 25 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: input_userauth_request: invalid user test2 [preauth]
Jun 25 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Failed password for invalid user test2 from 79.72.57.232 port 45312 ssh2
Jun 25 14:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Failed password for invalid user test2 from 79.72.57.232 port 45312 ssh2
Jun 25 14:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Received disconnect from 79.72.57.232 port 45312:11: disconnected by user [preauth]
Jun 25 14:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Disconnected from 79.72.57.232 port 45312 [preauth]
Jun 25 14:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Invalid user ubuntu from 79.72.57.232
Jun 25 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Failed password for invalid user ubuntu from 79.72.57.232 port 57116 ssh2
Jun 25 14:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Failed password for invalid user ubuntu from 79.72.57.232 port 57116 ssh2
Jun 25 14:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Failed password for invalid user ubuntu from 79.72.57.232 port 57116 ssh2
Jun 25 14:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5377]: pam_unix(cron:session): session closed for user root
Jun 25 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Failed password for invalid user ubuntu from 79.72.57.232 port 57116 ssh2
Jun 25 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Failed password for invalid user ubuntu from 79.72.57.232 port 57116 ssh2
Jun 25 14:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Failed password for invalid user ubuntu from 79.72.57.232 port 57116 ssh2
Jun 25 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: error: maximum authentication attempts exceeded for invalid user ubuntu from 79.72.57.232 port 57116 ssh2 [preauth]
Jun 25 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Invalid user ubuntu from 79.72.57.232
Jun 25 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for invalid user ubuntu from 79.72.57.232 port 59284 ssh2
Jun 25 14:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for invalid user ubuntu from 79.72.57.232 port 59284 ssh2
Jun 25 14:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for invalid user ubuntu from 79.72.57.232 port 59284 ssh2
Jun 25 14:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for invalid user ubuntu from 79.72.57.232 port 59284 ssh2
Jun 25 14:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for invalid user ubuntu from 79.72.57.232 port 59284 ssh2
Jun 25 14:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for invalid user ubuntu from 79.72.57.232 port 59284 ssh2
Jun 25 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: error: maximum authentication attempts exceeded for invalid user ubuntu from 79.72.57.232 port 59284 ssh2 [preauth]
Jun 25 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Disconnecting: Too many authentication failures [preauth]
Jun 25 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 25 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Invalid user ubuntu from 79.72.57.232
Jun 25 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Failed password for invalid user ubuntu from 79.72.57.232 port 49414 ssh2
Jun 25 14:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Failed password for invalid user ubuntu from 79.72.57.232 port 49414 ssh2
Jun 25 14:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Failed password for invalid user ubuntu from 79.72.57.232 port 49414 ssh2
Jun 25 14:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6677]: Successful su for rubyman by root
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6677]: + ??? root:rubyman
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590791 of user rubyman.
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6677]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590791.
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Failed password for invalid user ubuntu from 79.72.57.232 port 49414 ssh2
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Received disconnect from 79.72.57.232 port 49414:11: disconnected by user [preauth]
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Disconnected from 79.72.57.232 port 49414 [preauth]
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session closed for user root
Jun 25 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: Invalid user pi from 79.72.57.232
Jun 25 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: input_userauth_request: invalid user pi [preauth]
Jun 25 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: Failed password for invalid user pi from 79.72.57.232 port 36012 ssh2
Jun 25 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: Failed password for invalid user pi from 79.72.57.232 port 36012 ssh2
Jun 25 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: Failed password for invalid user pi from 79.72.57.232 port 36012 ssh2
Jun 25 14:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: Failed password for invalid user pi from 79.72.57.232 port 36012 ssh2
Jun 25 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: Received disconnect from 79.72.57.232 port 36012:11: disconnected by user [preauth]
Jun 25 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: Disconnected from 79.72.57.232 port 36012 [preauth]
Jun 25 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 25 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Invalid user baikal from 79.72.57.232
Jun 25 14:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: input_userauth_request: invalid user baikal [preauth]
Jun 25 14:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.72.57.232
Jun 25 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Failed password for invalid user baikal from 79.72.57.232 port 37236 ssh2
Jun 25 14:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Received disconnect from 79.72.57.232 port 37236:11: disconnected by user [preauth]
Jun 25 14:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Disconnected from 79.72.57.232 port 37236 [preauth]
Jun 25 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session closed for user root
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7119]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7184]: Successful su for rubyman by root
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7184]: + ??? root:rubyman
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590795 of user rubyman.
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7184]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590795.
Jun 25 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session closed for user root
Jun 25 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7120]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session closed for user root
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7516]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7581]: Successful su for rubyman by root
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7581]: + ??? root:rubyman
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590798 of user rubyman.
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7581]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590798.
Jun 25 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4960]: pam_unix(cron:session): session closed for user root
Jun 25 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7517]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session closed for user root
Jun 25 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8013]: pam_unix(cron:session): session closed for user root
Jun 25 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8077]: Successful su for rubyman by root
Jun 25 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8077]: + ??? root:rubyman
Jun 25 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590802 of user rubyman.
Jun 25 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8077]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590802.
Jun 25 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5376]: pam_unix(cron:session): session closed for user root
Jun 25 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8009]: pam_unix(cron:session): session closed for user root
Jun 25 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.87  user=root
Jun 25 14:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8282]: Failed password for root from 207.46.224.87 port 55808 ssh2
Jun 25 14:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8282]: Connection closed by 207.46.224.87 port 55808 [preauth]
Jun 25 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7122]: pam_unix(cron:session): session closed for user root
Jun 25 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8431]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: Successful su for rubyman by root
Jun 25 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: + ??? root:rubyman
Jun 25 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590808 of user rubyman.
Jun 25 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590808.
Jun 25 14:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session closed for user root
Jun 25 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7519]: pam_unix(cron:session): session closed for user root
Jun 25 14:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: Invalid user dev from 103.227.210.171
Jun 25 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: input_userauth_request: invalid user dev [preauth]
Jun 25 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.227.210.171
Jun 25 14:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: Failed password for invalid user dev from 103.227.210.171 port 57878 ssh2
Jun 25 14:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8812]: Connection closed by 103.227.210.171 port 57878 [preauth]
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8835]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8895]: Successful su for rubyman by root
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8895]: + ??? root:rubyman
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590812 of user rubyman.
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8895]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590812.
Jun 25 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session closed for user root
Jun 25 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8836]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Did not receive identification string from 195.184.76.204
Jun 25 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Did not receive identification string from 195.184.76.160
Jun 25 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8011]: pam_unix(cron:session): session closed for user root
Jun 25 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9189]: Bad protocol version identification '\026\003\003\002b\001' from 195.184.76.167 port 54869
Jun 25 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9190]: Did not receive identification string from 195.184.76.204
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9239]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9304]: Successful su for rubyman by root
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9304]: + ??? root:rubyman
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590816 of user rubyman.
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9304]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590816.
Jun 25 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session closed for user root
Jun 25 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9240]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session closed for user root
Jun 25 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9625]: pam_unix(cron:session): session closed for user p13x
Jun 25 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9684]: Successful su for rubyman by root
Jun 25 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9684]: + ??? root:rubyman
Jun 25 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590820 of user rubyman.
Jun 25 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9684]: pam_unix(su:session): session closed for user rubyman
Jun 25 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590820.
Jun 25 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session closed for user root
Jun 25 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9626]: pam_unix(cron:session): session closed for user samftp
Jun 25 14:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 14:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Connection closed by 195.184.76.34 port 60085 [preauth]
Jun 25 14:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Connection closed by 195.184.76.143 port 54695 [preauth]
Jun 25 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8838]: pam_unix(cron:session): session closed for user root
Jun 25 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10210]: pam_unix(cron:session): session closed for user root
Jun 25 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10206]: pam_unix(cron:session): session closed for user root
Jun 25 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10204]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: Successful su for rubyman by root
Jun 25 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: + ??? root:rubyman
Jun 25 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590828 of user rubyman.
Jun 25 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590828.
Jun 25 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10207]: pam_unix(cron:session): session closed for user root
Jun 25 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7518]: pam_unix(cron:session): session closed for user root
Jun 25 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10205]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9242]: pam_unix(cron:session): session closed for user root
Jun 25 15:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10805]: Failed password for root from 87.251.79.125 port 46010 ssh2
Jun 25 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10805]: Connection closed by 87.251.79.125 port 46010 [preauth]
Jun 25 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10888]: Successful su for rubyman by root
Jun 25 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10888]: + ??? root:rubyman
Jun 25 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590831 of user rubyman.
Jun 25 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10888]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590831.
Jun 25 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8010]: pam_unix(cron:session): session closed for user root
Jun 25 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10818]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9628]: pam_unix(cron:session): session closed for user root
Jun 25 15:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 15:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: Failed password for root from 103.122.221.179 port 59418 ssh2
Jun 25 15:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: Connection closed by 103.122.221.179 port 59418 [preauth]
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11231]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11296]: Successful su for rubyman by root
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11296]: + ??? root:rubyman
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590835 of user rubyman.
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11296]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590835.
Jun 25 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8433]: pam_unix(cron:session): session closed for user root
Jun 25 15:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11232]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10209]: pam_unix(cron:session): session closed for user root
Jun 25 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11643]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11702]: Successful su for rubyman by root
Jun 25 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11702]: + ??? root:rubyman
Jun 25 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590839 of user rubyman.
Jun 25 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11702]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590839.
Jun 25 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8837]: pam_unix(cron:session): session closed for user root
Jun 25 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11644]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Invalid user  from 91.92.40.124
Jun 25 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: input_userauth_request: invalid user  [preauth]
Jun 25 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10821]: pam_unix(cron:session): session closed for user root
Jun 25 15:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Connection closed by 91.92.40.124 port 39372 [preauth]
Jun 25 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12103]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12163]: Successful su for rubyman by root
Jun 25 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12163]: + ??? root:rubyman
Jun 25 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590845 of user rubyman.
Jun 25 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12163]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590845.
Jun 25 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9241]: pam_unix(cron:session): session closed for user root
Jun 25 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12104]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12536]: Failed password for root from 91.92.40.124 port 32892 ssh2
Jun 25 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11234]: pam_unix(cron:session): session closed for user root
Jun 25 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12536]: Connection closed by 91.92.40.124 port 32892 [preauth]
Jun 25 15:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: Invalid user claude from 91.92.40.124
Jun 25 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: input_userauth_request: invalid user claude [preauth]
Jun 25 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: Failed password for invalid user claude from 91.92.40.124 port 40572 ssh2
Jun 25 15:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: Connection closed by 91.92.40.124 port 40572 [preauth]
Jun 25 15:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: User mysql from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 15:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: input_userauth_request: invalid user mysql [preauth]
Jun 25 15:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=mysql
Jun 25 15:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Failed password for invalid user mysql from 91.92.40.124 port 40638 ssh2
Jun 25 15:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Connection closed by 91.92.40.124 port 40638 [preauth]
Jun 25 15:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: Failed password for root from 91.92.40.124 port 41918 ssh2
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12640]: pam_unix(cron:session): session closed for user root
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12635]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: Successful su for rubyman by root
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: + ??? root:rubyman
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590851 of user rubyman.
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590851.
Jun 25 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: Connection closed by 91.92.40.124 port 41918 [preauth]
Jun 25 15:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: Invalid user ai from 91.92.40.124
Jun 25 15:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: input_userauth_request: invalid user ai [preauth]
Jun 25 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12637]: pam_unix(cron:session): session closed for user root
Jun 25 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9627]: pam_unix(cron:session): session closed for user root
Jun 25 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12636]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: Failed password for invalid user ai from 91.92.40.124 port 46602 ssh2
Jun 25 15:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Invalid user user from 91.92.40.124
Jun 25 15:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: input_userauth_request: invalid user user [preauth]
Jun 25 15:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12623]: Connection closed by 91.92.40.124 port 46602 [preauth]
Jun 25 15:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Failed password for invalid user user from 91.92.40.124 port 46640 ssh2
Jun 25 15:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: Connection reset by 45.227.254.170 port 29798 [preauth]
Jun 25 15:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: Invalid user chris from 91.92.40.124
Jun 25 15:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: input_userauth_request: invalid user chris [preauth]
Jun 25 15:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Connection closed by 91.92.40.124 port 46640 [preauth]
Jun 25 15:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: Failed password for invalid user chris from 91.92.40.124 port 48766 ssh2
Jun 25 15:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Invalid user devops from 91.92.40.124
Jun 25 15:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: input_userauth_request: invalid user devops [preauth]
Jun 25 15:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: Connection closed by 91.92.40.124 port 48766 [preauth]
Jun 25 15:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Failed password for invalid user devops from 91.92.40.124 port 48858 ssh2
Jun 25 15:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Connection closed by 91.92.40.124 port 48858 [preauth]
Jun 25 15:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session closed for user root
Jun 25 15:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Failed password for root from 91.92.40.124 port 41710 ssh2
Jun 25 15:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12967]: Connection closed by 91.92.40.124 port 41710 [preauth]
Jun 25 15:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12990]: Failed password for root from 91.92.40.124 port 51622 ssh2
Jun 25 15:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: Invalid user linux from 91.92.40.124
Jun 25 15:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: input_userauth_request: invalid user linux [preauth]
Jun 25 15:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12990]: Connection closed by 91.92.40.124 port 51622 [preauth]
Jun 25 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: Failed password for invalid user linux from 91.92.40.124 port 51668 ssh2
Jun 25 15:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13033]: Invalid user ansible from 91.92.40.124
Jun 25 15:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13033]: input_userauth_request: invalid user ansible [preauth]
Jun 25 15:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: Connection closed by 91.92.40.124 port 51668 [preauth]
Jun 25 15:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13033]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 15:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13033]: Failed password for invalid user ansible from 91.92.40.124 port 49608 ssh2
Jun 25 15:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13043]: Invalid user guest from 91.92.40.124
Jun 25 15:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13043]: input_userauth_request: invalid user guest [preauth]
Jun 25 15:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: Failed password for root from 193.37.70.224 port 36908 ssh2
Jun 25 15:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: Connection closed by 193.37.70.224 port 36908 [preauth]
Jun 25 15:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13033]: Connection closed by 91.92.40.124 port 49608 [preauth]
Jun 25 15:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13043]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13100]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13184]: Successful su for rubyman by root
Jun 25 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13184]: + ??? root:rubyman
Jun 25 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590853 of user rubyman.
Jun 25 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13184]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590853.
Jun 25 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13043]: Failed password for invalid user guest from 91.92.40.124 port 49652 ssh2
Jun 25 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10208]: pam_unix(cron:session): session closed for user root
Jun 25 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13043]: Connection closed by 91.92.40.124 port 49652 [preauth]
Jun 25 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13101]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Failed password for root from 91.92.40.124 port 57136 ssh2
Jun 25 15:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Connection closed by 91.92.40.124 port 57136 [preauth]
Jun 25 15:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: Invalid user www from 91.92.40.124
Jun 25 15:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: input_userauth_request: invalid user www [preauth]
Jun 25 15:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: Failed password for root from 91.92.40.124 port 59544 ssh2
Jun 25 15:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: Connection closed by 91.92.40.124 port 59544 [preauth]
Jun 25 15:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: Failed password for invalid user www from 91.92.40.124 port 59586 ssh2
Jun 25 15:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: Connection closed by 91.92.40.124 port 59586 [preauth]
Jun 25 15:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Failed password for root from 91.92.40.124 port 59212 ssh2
Jun 25 15:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Invalid user fa from 91.92.40.124
Jun 25 15:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: input_userauth_request: invalid user fa [preauth]
Jun 25 15:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Connection closed by 91.92.40.124 port 59212 [preauth]
Jun 25 15:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Failed password for invalid user fa from 91.92.40.124 port 59064 ssh2
Jun 25 15:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: Invalid user www from 91.92.40.124
Jun 25 15:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: input_userauth_request: invalid user www [preauth]
Jun 25 15:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Connection closed by 91.92.40.124 port 59064 [preauth]
Jun 25 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12106]: pam_unix(cron:session): session closed for user root
Jun 25 15:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: Failed password for invalid user www from 91.92.40.124 port 59096 ssh2
Jun 25 15:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: Connection closed by 91.92.40.124 port 59096 [preauth]
Jun 25 15:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Invalid user es from 91.92.40.124
Jun 25 15:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: input_userauth_request: invalid user es [preauth]
Jun 25 15:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Failed password for invalid user es from 91.92.40.124 port 39974 ssh2
Jun 25 15:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Connection closed by 91.92.40.124 port 39974 [preauth]
Jun 25 15:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Failed password for root from 91.92.40.124 port 33622 ssh2
Jun 25 15:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Connection closed by 91.92.40.124 port 33622 [preauth]
Jun 25 15:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Invalid user admin from 91.92.40.124
Jun 25 15:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Failed password for invalid user admin from 91.92.40.124 port 33650 ssh2
Jun 25 15:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Connection closed by 91.92.40.124 port 33650 [preauth]
Jun 25 15:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Invalid user runner from 91.92.40.124
Jun 25 15:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: input_userauth_request: invalid user runner [preauth]
Jun 25 15:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Failed password for invalid user runner from 91.92.40.124 port 34866 ssh2
Jun 25 15:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Connection closed by 91.92.40.124 port 34866 [preauth]
Jun 25 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13603]: Successful su for rubyman by root
Jun 25 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13603]: + ??? root:rubyman
Jun 25 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590858 of user rubyman.
Jun 25 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13603]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590858.
Jun 25 15:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: Invalid user sysupdate from 91.92.40.124
Jun 25 15:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: input_userauth_request: invalid user sysupdate [preauth]
Jun 25 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10819]: pam_unix(cron:session): session closed for user root
Jun 25 15:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13536]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: Failed password for invalid user sysupdate from 91.92.40.124 port 57336 ssh2
Jun 25 15:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13522]: Connection closed by 91.92.40.124 port 57336 [preauth]
Jun 25 15:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: Invalid user rocky from 91.92.40.124
Jun 25 15:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: input_userauth_request: invalid user rocky [preauth]
Jun 25 15:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: Failed password for invalid user rocky from 91.92.40.124 port 57358 ssh2
Jun 25 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Invalid user www from 91.92.40.124
Jun 25 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: input_userauth_request: invalid user www [preauth]
Jun 25 15:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: Connection closed by 91.92.40.124 port 57358 [preauth]
Jun 25 15:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Failed password for invalid user www from 91.92.40.124 port 39532 ssh2
Jun 25 15:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Connection closed by 91.92.40.124 port 39532 [preauth]
Jun 25 15:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13821]: Invalid user runner from 91.92.40.124
Jun 25 15:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13821]: input_userauth_request: invalid user runner [preauth]
Jun 25 15:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13821]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13821]: Failed password for invalid user runner from 91.92.40.124 port 40598 ssh2
Jun 25 15:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13821]: Connection closed by 91.92.40.124 port 40598 [preauth]
Jun 25 15:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: Invalid user guest from 91.92.40.124
Jun 25 15:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: input_userauth_request: invalid user guest [preauth]
Jun 25 15:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: Failed password for invalid user guest from 91.92.40.124 port 40630 ssh2
Jun 25 15:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: Connection closed by 91.92.40.124 port 40630 [preauth]
Jun 25 15:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: Invalid user work from 91.92.40.124
Jun 25 15:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: input_userauth_request: invalid user work [preauth]
Jun 25 15:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12639]: pam_unix(cron:session): session closed for user root
Jun 25 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: Failed password for invalid user work from 91.92.40.124 port 50246 ssh2
Jun 25 15:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: Connection closed by 91.92.40.124 port 50246 [preauth]
Jun 25 15:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for root from 91.92.40.124 port 60140 ssh2
Jun 25 15:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Connection closed by 91.92.40.124 port 60140 [preauth]
Jun 25 15:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Invalid user admin123 from 91.92.40.124
Jun 25 15:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: input_userauth_request: invalid user admin123 [preauth]
Jun 25 15:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Failed password for invalid user admin123 from 91.92.40.124 port 60218 ssh2
Jun 25 15:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Connection closed by 91.92.40.124 port 60218 [preauth]
Jun 25 15:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Invalid user uftp from 91.92.40.124
Jun 25 15:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: input_userauth_request: invalid user uftp [preauth]
Jun 25 15:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for invalid user uftp from 91.92.40.124 port 36144 ssh2
Jun 25 15:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Connection closed by 91.92.40.124 port 36144 [preauth]
Jun 25 15:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13945]: Invalid user jellyfin from 91.92.40.124
Jun 25 15:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13945]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 15:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13945]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13945]: Failed password for invalid user jellyfin from 91.92.40.124 port 36200 ssh2
Jun 25 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13945]: Connection closed by 91.92.40.124 port 36200 [preauth]
Jun 25 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14034]: Successful su for rubyman by root
Jun 25 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14034]: + ??? root:rubyman
Jun 25 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590862 of user rubyman.
Jun 25 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14034]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590862.
Jun 25 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Invalid user kevin from 91.92.40.124
Jun 25 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: input_userauth_request: invalid user kevin [preauth]
Jun 25 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11233]: pam_unix(cron:session): session closed for user root
Jun 25 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13975]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Failed password for invalid user kevin from 91.92.40.124 port 37858 ssh2
Jun 25 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 25 15:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Connection closed by 91.92.40.124 port 37858 [preauth]
Jun 25 15:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Invalid user odoo17 from 91.92.40.124
Jun 25 15:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 15:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14192]: Failed password for root from 147.45.211.215 port 47448 ssh2
Jun 25 15:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14192]: Connection closed by 147.45.211.215 port 47448 [preauth]
Jun 25 15:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Failed password for invalid user odoo17 from 91.92.40.124 port 37912 ssh2
Jun 25 15:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Connection closed by 91.92.40.124 port 37912 [preauth]
Jun 25 15:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 15:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Failed password for root from 91.92.40.124 port 56654 ssh2
Jun 25 15:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Failed password for root from 103.77.175.15 port 47906 ssh2
Jun 25 15:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Connection closed by 91.92.40.124 port 56654 [preauth]
Jun 25 15:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Connection closed by 103.77.175.15 port 47906 [preauth]
Jun 25 15:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Failed password for root from 91.92.40.124 port 53526 ssh2
Jun 25 15:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Connection closed by 91.92.40.124 port 53526 [preauth]
Jun 25 15:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: Invalid user ossuser from 91.92.40.124
Jun 25 15:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: input_userauth_request: invalid user ossuser [preauth]
Jun 25 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: Failed password for invalid user ossuser from 91.92.40.124 port 53564 ssh2
Jun 25 15:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: Connection closed by 91.92.40.124 port 53564 [preauth]
Jun 25 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: Invalid user dev from 91.92.40.124
Jun 25 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: input_userauth_request: invalid user dev [preauth]
Jun 25 15:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: Failed password for invalid user dev from 91.92.40.124 port 45746 ssh2
Jun 25 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: Connection closed by 91.92.40.124 port 45746 [preauth]
Jun 25 15:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session closed for user root
Jun 25 15:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Invalid user gitlab-runner from 91.92.40.124
Jun 25 15:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 15:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Failed password for invalid user gitlab-runner from 91.92.40.124 port 56824 ssh2
Jun 25 15:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Connection closed by 91.92.40.124 port 56824 [preauth]
Jun 25 15:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Invalid user gabriel from 91.92.40.124
Jun 25 15:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 15:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Failed password for invalid user gabriel from 91.92.40.124 port 56870 ssh2
Jun 25 15:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Connection closed by 91.92.40.124 port 56870 [preauth]
Jun 25 15:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Invalid user admin from 91.92.40.124
Jun 25 15:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Failed password for invalid user admin from 91.92.40.124 port 33148 ssh2
Jun 25 15:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Connection closed by 91.92.40.124 port 33148 [preauth]
Jun 25 15:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Invalid user tomcat from 91.92.40.124
Jun 25 15:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: input_userauth_request: invalid user tomcat [preauth]
Jun 25 15:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Failed password for invalid user tomcat from 91.92.40.124 port 33246 ssh2
Jun 25 15:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Connection closed by 91.92.40.124 port 33246 [preauth]
Jun 25 15:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Invalid user minecraft from 91.92.40.124
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14379]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14496]: Successful su for rubyman by root
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14496]: + ??? root:rubyman
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590866 of user rubyman.
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14496]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590866.
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14377]: pam_unix(cron:session): session closed for user root
Jun 25 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Failed password for invalid user minecraft from 91.92.40.124 port 43928 ssh2
Jun 25 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Connection closed by 91.92.40.124 port 43928 [preauth]
Jun 25 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11645]: pam_unix(cron:session): session closed for user root
Jun 25 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14725]: Invalid user ubuntu from 91.92.40.124
Jun 25 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14725]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 15:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14725]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14725]: Failed password for invalid user ubuntu from 91.92.40.124 port 51194 ssh2
Jun 25 15:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14725]: Connection closed by 91.92.40.124 port 51194 [preauth]
Jun 25 15:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Invalid user sftpuser from 91.92.40.124
Jun 25 15:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: input_userauth_request: invalid user sftpuser [preauth]
Jun 25 15:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Failed password for invalid user sftpuser from 91.92.40.124 port 51292 ssh2
Jun 25 15:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Connection closed by 91.92.40.124 port 51292 [preauth]
Jun 25 15:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: Failed password for root from 91.92.40.124 port 35378 ssh2
Jun 25 15:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: Connection closed by 91.92.40.124 port 35378 [preauth]
Jun 25 15:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Invalid user avax from 91.92.40.124
Jun 25 15:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: input_userauth_request: invalid user avax [preauth]
Jun 25 15:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Failed password for invalid user avax from 91.92.40.124 port 35428 ssh2
Jun 25 15:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Connection closed by 91.92.40.124 port 35428 [preauth]
Jun 25 15:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Failed password for root from 91.92.40.124 port 34596 ssh2
Jun 25 15:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Connection closed by 91.92.40.124 port 34596 [preauth]
Jun 25 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13538]: pam_unix(cron:session): session closed for user root
Jun 25 15:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Invalid user testuser from 91.92.40.124
Jun 25 15:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: input_userauth_request: invalid user testuser [preauth]
Jun 25 15:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Failed password for invalid user testuser from 91.92.40.124 port 34976 ssh2
Jun 25 15:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Connection closed by 91.92.40.124 port 34976 [preauth]
Jun 25 15:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: Invalid user deploy from 91.92.40.124
Jun 25 15:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: Failed password for invalid user deploy from 91.92.40.124 port 35020 ssh2
Jun 25 15:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: Connection closed by 91.92.40.124 port 35020 [preauth]
Jun 25 15:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: Failed password for root from 91.92.40.124 port 44402 ssh2
Jun 25 15:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: Connection closed by 91.92.40.124 port 44402 [preauth]
Jun 25 15:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Invalid user gitlab-runner from 91.92.40.124
Jun 25 15:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 15:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Failed password for invalid user gitlab-runner from 91.92.40.124 port 44502 ssh2
Jun 25 15:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Connection closed by 91.92.40.124 port 44502 [preauth]
Jun 25 15:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: Invalid user deploy from 91.92.40.124
Jun 25 15:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session closed for user root
Jun 25 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15049]: Successful su for rubyman by root
Jun 25 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15049]: + ??? root:rubyman
Jun 25 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590870 of user rubyman.
Jun 25 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15049]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590870.
Jun 25 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: Failed password for invalid user deploy from 91.92.40.124 port 43298 ssh2
Jun 25 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14969]: Connection closed by 91.92.40.124 port 43298 [preauth]
Jun 25 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12105]: pam_unix(cron:session): session closed for user root
Jun 25 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14976]: pam_unix(cron:session): session closed for user root
Jun 25 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: Failed password for root from 62.133.62.83 port 43862 ssh2
Jun 25 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: Connection closed by 62.133.62.83 port 43862 [preauth]
Jun 25 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Failed password for root from 91.92.40.124 port 53592 ssh2
Jun 25 15:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Connection closed by 91.92.40.124 port 53592 [preauth]
Jun 25 15:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Invalid user amine from 91.92.40.124
Jun 25 15:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: input_userauth_request: invalid user amine [preauth]
Jun 25 15:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Failed password for invalid user amine from 91.92.40.124 port 53628 ssh2
Jun 25 15:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Connection closed by 91.92.40.124 port 53628 [preauth]
Jun 25 15:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Invalid user deployer from 91.92.40.124
Jun 25 15:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: input_userauth_request: invalid user deployer [preauth]
Jun 25 15:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Failed password for invalid user deployer from 91.92.40.124 port 34598 ssh2
Jun 25 15:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Connection closed by 91.92.40.124 port 34598 [preauth]
Jun 25 15:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Invalid user openvpn from 91.92.40.124
Jun 25 15:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: input_userauth_request: invalid user openvpn [preauth]
Jun 25 15:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Failed password for invalid user openvpn from 91.92.40.124 port 34686 ssh2
Jun 25 15:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Connection closed by 91.92.40.124 port 34686 [preauth]
Jun 25 15:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Invalid user devops from 91.92.40.124
Jun 25 15:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: input_userauth_request: invalid user devops [preauth]
Jun 25 15:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Failed password for invalid user devops from 91.92.40.124 port 45600 ssh2
Jun 25 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Connection closed by 91.92.40.124 port 45600 [preauth]
Jun 25 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session closed for user root
Jun 25 15:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Invalid user csgo from 91.92.40.124
Jun 25 15:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: input_userauth_request: invalid user csgo [preauth]
Jun 25 15:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Failed password for invalid user csgo from 91.92.40.124 port 41770 ssh2
Jun 25 15:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Connection closed by 91.92.40.124 port 41770 [preauth]
Jun 25 15:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: Invalid user ts from 91.92.40.124
Jun 25 15:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: input_userauth_request: invalid user ts [preauth]
Jun 25 15:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: Failed password for invalid user ts from 91.92.40.124 port 41788 ssh2
Jun 25 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: Connection closed by 91.92.40.124 port 41788 [preauth]
Jun 25 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: Invalid user main from 91.92.40.124
Jun 25 15:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: input_userauth_request: invalid user main [preauth]
Jun 25 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: Failed password for invalid user main from 91.92.40.124 port 45996 ssh2
Jun 25 15:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15397]: Connection closed by 91.92.40.124 port 45996 [preauth]
Jun 25 15:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Invalid user liyang from 91.92.40.124
Jun 25 15:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: input_userauth_request: invalid user liyang [preauth]
Jun 25 15:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Failed password for invalid user liyang from 91.92.40.124 port 46030 ssh2
Jun 25 15:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Connection closed by 91.92.40.124 port 46030 [preauth]
Jun 25 15:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 15:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Invalid user openclaw from 91.92.40.124
Jun 25 15:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 15:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Failed password for root from 147.45.199.80 port 38534 ssh2
Jun 25 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Connection closed by 147.45.199.80 port 38534 [preauth]
Jun 25 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15432]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15498]: Successful su for rubyman by root
Jun 25 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15498]: + ??? root:rubyman
Jun 25 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590877 of user rubyman.
Jun 25 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15498]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590877.
Jun 25 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user openclaw from 91.92.40.124 port 48304 ssh2
Jun 25 15:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Connection closed by 91.92.40.124 port 48304 [preauth]
Jun 25 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12638]: pam_unix(cron:session): session closed for user root
Jun 25 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15433]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: Invalid user manoj from 91.92.40.124
Jun 25 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: input_userauth_request: invalid user manoj [preauth]
Jun 25 15:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: Failed password for invalid user manoj from 91.92.40.124 port 48338 ssh2
Jun 25 15:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15543]: Connection closed by 91.92.40.124 port 48338 [preauth]
Jun 25 15:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15678]: Failed password for root from 103.77.242.62 port 45726 ssh2
Jun 25 15:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15678]: Connection closed by 103.77.242.62 port 45726 [preauth]
Jun 25 15:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Invalid user test from 91.92.40.124
Jun 25 15:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: input_userauth_request: invalid user test [preauth]
Jun 25 15:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Failed password for invalid user test from 91.92.40.124 port 45808 ssh2
Jun 25 15:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Connection closed by 91.92.40.124 port 45808 [preauth]
Jun 25 15:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Invalid user testuser from 91.92.40.124
Jun 25 15:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: input_userauth_request: invalid user testuser [preauth]
Jun 25 15:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Failed password for invalid user testuser from 91.92.40.124 port 44006 ssh2
Jun 25 15:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Connection closed by 91.92.40.124 port 44006 [preauth]
Jun 25 15:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: Failed password for root from 91.92.40.124 port 44090 ssh2
Jun 25 15:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: Connection closed by 91.92.40.124 port 44090 [preauth]
Jun 25 15:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Invalid user ubuntu from 91.92.40.124
Jun 25 15:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 15:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Failed password for invalid user ubuntu from 91.92.40.124 port 54742 ssh2
Jun 25 15:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Connection closed by 91.92.40.124 port 54742 [preauth]
Jun 25 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14382]: pam_unix(cron:session): session closed for user root
Jun 25 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: User nobody from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 15:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: input_userauth_request: invalid user nobody [preauth]
Jun 25 15:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=nobody
Jun 25 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: Failed password for invalid user nobody from 91.92.40.124 port 49344 ssh2
Jun 25 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15777]: Connection closed by 91.92.40.124 port 49344 [preauth]
Jun 25 15:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: Invalid user user1 from 91.92.40.124
Jun 25 15:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: input_userauth_request: invalid user user1 [preauth]
Jun 25 15:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: Failed password for invalid user user1 from 91.92.40.124 port 49396 ssh2
Jun 25 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15792]: Connection closed by 91.92.40.124 port 49396 [preauth]
Jun 25 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Invalid user deploy from 91.92.40.124
Jun 25 15:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Failed password for invalid user deploy from 91.92.40.124 port 46220 ssh2
Jun 25 15:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Connection closed by 91.92.40.124 port 46220 [preauth]
Jun 25 15:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: Invalid user lucas from 91.92.40.124
Jun 25 15:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: input_userauth_request: invalid user lucas [preauth]
Jun 25 15:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: Failed password for invalid user lucas from 91.92.40.124 port 46260 ssh2
Jun 25 15:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: Connection closed by 91.92.40.124 port 46260 [preauth]
Jun 25 15:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: Invalid user dmdba from 91.92.40.124
Jun 25 15:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 15:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: Failed password for invalid user dmdba from 91.92.40.124 port 57294 ssh2
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15907]: Successful su for rubyman by root
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15907]: + ??? root:rubyman
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590882 of user rubyman.
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15907]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590882.
Jun 25 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: Connection closed by 91.92.40.124 port 57294 [preauth]
Jun 25 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session closed for user root
Jun 25 15:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: Invalid user dev from 91.92.40.124
Jun 25 15:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: input_userauth_request: invalid user dev [preauth]
Jun 25 15:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15848]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: Failed password for invalid user dev from 91.92.40.124 port 50506 ssh2
Jun 25 15:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: Connection closed by 91.92.40.124 port 50506 [preauth]
Jun 25 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: Invalid user ethan from 91.92.40.124
Jun 25 15:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: input_userauth_request: invalid user ethan [preauth]
Jun 25 15:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: Failed password for invalid user ethan from 91.92.40.124 port 50598 ssh2
Jun 25 15:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16086]: Connection closed by 91.92.40.124 port 50598 [preauth]
Jun 25 15:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: User ftp from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 15:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: input_userauth_request: invalid user ftp [preauth]
Jun 25 15:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=ftp
Jun 25 15:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: Failed password for invalid user ftp from 91.92.40.124 port 54354 ssh2
Jun 25 15:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: Connection closed by 91.92.40.124 port 54354 [preauth]
Jun 25 15:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: Invalid user crafty from 91.92.40.124
Jun 25 15:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: input_userauth_request: invalid user crafty [preauth]
Jun 25 15:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: Failed password for invalid user crafty from 91.92.40.124 port 54506 ssh2
Jun 25 15:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: Connection closed by 91.92.40.124 port 54506 [preauth]
Jun 25 15:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: Invalid user myuser from 91.92.40.124
Jun 25 15:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: input_userauth_request: invalid user myuser [preauth]
Jun 25 15:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: Failed password for invalid user myuser from 91.92.40.124 port 52720 ssh2
Jun 25 15:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: Connection closed by 91.92.40.124 port 52720 [preauth]
Jun 25 15:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Invalid user test1 from 91.92.40.124
Jun 25 15:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: input_userauth_request: invalid user test1 [preauth]
Jun 25 15:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session closed for user root
Jun 25 15:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Invalid user admin from 141.98.83.240
Jun 25 15:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 15:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Failed password for invalid user test1 from 91.92.40.124 port 52824 ssh2
Jun 25 15:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Connection closed by 91.92.40.124 port 52824 [preauth]
Jun 25 15:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Failed password for invalid user admin from 141.98.83.240 port 23744 ssh2
Jun 25 15:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Failed password for invalid user admin from 141.98.83.240 port 23744 ssh2
Jun 25 15:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Invalid user git from 91.92.40.124
Jun 25 15:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: input_userauth_request: invalid user git [preauth]
Jun 25 15:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 15:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Failed password for invalid user admin from 141.98.83.240 port 23744 ssh2
Jun 25 15:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Connection closed by 141.98.83.240 port 23744 [preauth]
Jun 25 15:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 15:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Failed password for invalid user git from 91.92.40.124 port 55252 ssh2
Jun 25 15:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: Failed password for root from 103.176.20.57 port 35580 ssh2
Jun 25 15:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Connection closed by 91.92.40.124 port 55252 [preauth]
Jun 25 15:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: Connection closed by 103.176.20.57 port 35580 [preauth]
Jun 25 15:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Failed password for root from 91.92.40.124 port 38374 ssh2
Jun 25 15:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Connection closed by 91.92.40.124 port 38374 [preauth]
Jun 25 15:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Invalid user git from 91.92.40.124
Jun 25 15:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: input_userauth_request: invalid user git [preauth]
Jun 25 15:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Failed password for invalid user git from 91.92.40.124 port 38410 ssh2
Jun 25 15:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Connection closed by 91.92.40.124 port 38410 [preauth]
Jun 25 15:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Invalid user calvin from 91.92.40.124
Jun 25 15:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: input_userauth_request: invalid user calvin [preauth]
Jun 25 15:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Failed password for invalid user calvin from 91.92.40.124 port 52350 ssh2
Jun 25 15:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Connection closed by 91.92.40.124 port 52350 [preauth]
Jun 25 15:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16258]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16315]: Successful su for rubyman by root
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16315]: + ??? root:rubyman
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590885 of user rubyman.
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16315]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590885.
Jun 25 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16254]: Failed password for root from 194.113.233.25 port 48830 ssh2
Jun 25 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16254]: Connection closed by 194.113.233.25 port 48830 [preauth]
Jun 25 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Invalid user rdpuser from 91.92.40.124
Jun 25 15:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13537]: pam_unix(cron:session): session closed for user root
Jun 25 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16259]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Failed password for invalid user rdpuser from 91.92.40.124 port 52416 ssh2
Jun 25 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Connection closed by 91.92.40.124 port 52416 [preauth]
Jun 25 15:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: Invalid user admin1 from 91.92.40.124
Jun 25 15:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 15:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: Failed password for invalid user admin1 from 91.92.40.124 port 48828 ssh2
Jun 25 15:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: Connection closed by 91.92.40.124 port 48828 [preauth]
Jun 25 15:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Invalid user minecraft from 91.92.40.124
Jun 25 15:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 15:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Failed password for invalid user minecraft from 91.92.40.124 port 48882 ssh2
Jun 25 15:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Connection closed by 91.92.40.124 port 48882 [preauth]
Jun 25 15:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Invalid user postgres from 91.92.40.124
Jun 25 15:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: input_userauth_request: invalid user postgres [preauth]
Jun 25 15:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Failed password for invalid user postgres from 91.92.40.124 port 45112 ssh2
Jun 25 15:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Connection closed by 91.92.40.124 port 45112 [preauth]
Jun 25 15:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Invalid user guest from 91.92.40.124
Jun 25 15:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: input_userauth_request: invalid user guest [preauth]
Jun 25 15:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Failed password for invalid user guest from 91.92.40.124 port 60358 ssh2
Jun 25 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Connection closed by 91.92.40.124 port 60358 [preauth]
Jun 25 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Invalid user minecraft from 91.92.40.124
Jun 25 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15435]: pam_unix(cron:session): session closed for user root
Jun 25 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Failed password for invalid user minecraft from 91.92.40.124 port 60372 ssh2
Jun 25 15:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Connection closed by 91.92.40.124 port 60372 [preauth]
Jun 25 15:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: Failed password for root from 91.92.40.124 port 55566 ssh2
Jun 25 15:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: Connection closed by 91.92.40.124 port 55566 [preauth]
Jun 25 15:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Invalid user dmdba from 91.92.40.124
Jun 25 15:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 15:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Failed password for invalid user dmdba from 91.92.40.124 port 47522 ssh2
Jun 25 15:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Connection closed by 91.92.40.124 port 47522 [preauth]
Jun 25 15:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: Invalid user mcserver from 91.92.40.124
Jun 25 15:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: input_userauth_request: invalid user mcserver [preauth]
Jun 25 15:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: Failed password for invalid user mcserver from 91.92.40.124 port 47602 ssh2
Jun 25 15:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: Connection closed by 91.92.40.124 port 47602 [preauth]
Jun 25 15:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: Invalid user fastuser from 91.92.40.124
Jun 25 15:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 15:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: Failed password for invalid user fastuser from 91.92.40.124 port 44134 ssh2
Jun 25 15:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: Connection closed by 91.92.40.124 port 44134 [preauth]
Jun 25 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: Successful su for rubyman by root
Jun 25 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: + ??? root:rubyman
Jun 25 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590889 of user rubyman.
Jun 25 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16736]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590889.
Jun 25 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: Invalid user crafty from 91.92.40.124
Jun 25 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: input_userauth_request: invalid user crafty [preauth]
Jun 25 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session closed for user root
Jun 25 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: Failed password for invalid user crafty from 91.92.40.124 port 44158 ssh2
Jun 25 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: Connection closed by 91.92.40.124 port 44158 [preauth]
Jun 25 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Invalid user ts3 from 91.92.40.124
Jun 25 15:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 15:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Failed password for invalid user ts3 from 91.92.40.124 port 53034 ssh2
Jun 25 15:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Connection closed by 91.92.40.124 port 53034 [preauth]
Jun 25 15:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Invalid user frappe from 91.92.40.124
Jun 25 15:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: input_userauth_request: invalid user frappe [preauth]
Jun 25 15:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Failed password for invalid user frappe from 91.92.40.124 port 53068 ssh2
Jun 25 15:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Connection closed by 91.92.40.124 port 53068 [preauth]
Jun 25 15:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: Invalid user sftpuser from 91.92.40.124
Jun 25 15:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: input_userauth_request: invalid user sftpuser [preauth]
Jun 25 15:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: Failed password for invalid user sftpuser from 91.92.40.124 port 55488 ssh2
Jun 25 15:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: Connection closed by 91.92.40.124 port 55488 [preauth]
Jun 25 15:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: Invalid user ark from 91.92.40.124
Jun 25 15:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: input_userauth_request: invalid user ark [preauth]
Jun 25 15:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: Failed password for invalid user ark from 91.92.40.124 port 35850 ssh2
Jun 25 15:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17083]: Connection closed by 91.92.40.124 port 35850 [preauth]
Jun 25 15:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Invalid user test from 91.92.40.124
Jun 25 15:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: input_userauth_request: invalid user test [preauth]
Jun 25 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session closed for user root
Jun 25 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Failed password for invalid user test from 91.92.40.124 port 35858 ssh2
Jun 25 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Connection closed by 91.92.40.124 port 35858 [preauth]
Jun 25 15:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: Invalid user bob from 91.92.40.124
Jun 25 15:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: input_userauth_request: invalid user bob [preauth]
Jun 25 15:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 15:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: Failed password for invalid user bob from 91.92.40.124 port 50384 ssh2
Jun 25 15:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Failed password for root from 109.237.96.109 port 54364 ssh2
Jun 25 15:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Connection closed by 109.237.96.109 port 54364 [preauth]
Jun 25 15:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: Connection closed by 91.92.40.124 port 50384 [preauth]
Jun 25 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Invalid user guest from 91.92.40.124
Jun 25 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: input_userauth_request: invalid user guest [preauth]
Jun 25 15:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Failed password for invalid user guest from 91.92.40.124 port 50460 ssh2
Jun 25 15:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Connection closed by 91.92.40.124 port 50460 [preauth]
Jun 25 15:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Failed password for root from 91.92.40.124 port 51748 ssh2
Jun 25 15:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Connection closed by 91.92.40.124 port 51748 [preauth]
Jun 25 15:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: Invalid user jenkins from 91.92.40.124
Jun 25 15:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 15:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Connection reset by 198.235.24.237 port 60910 [preauth]
Jun 25 15:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: Failed password for invalid user jenkins from 91.92.40.124 port 51788 ssh2
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session closed for user root
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17193]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: Successful su for rubyman by root
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: + ??? root:rubyman
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590896 of user rubyman.
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590896.
Jun 25 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: Connection closed by 91.92.40.124 port 51788 [preauth]
Jun 25 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session closed for user root
Jun 25 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Invalid user postgres from 91.92.40.124
Jun 25 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: input_userauth_request: invalid user postgres [preauth]
Jun 25 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14381]: pam_unix(cron:session): session closed for user root
Jun 25 15:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17194]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Failed password for invalid user postgres from 91.92.40.124 port 42616 ssh2
Jun 25 15:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Connection closed by 91.92.40.124 port 42616 [preauth]
Jun 25 15:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: Failed password for root from 91.92.40.124 port 41792 ssh2
Jun 25 15:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: Connection closed by 91.92.40.124 port 41792 [preauth]
Jun 25 15:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: Invalid user admin from 91.92.40.124
Jun 25 15:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: Invalid user ubnt from 193.46.255.86
Jun 25 15:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: input_userauth_request: invalid user ubnt [preauth]
Jun 25 15:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 15:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: Failed password for invalid user ubnt from 193.46.255.86 port 18364 ssh2
Jun 25 15:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: Failed password for invalid user admin from 91.92.40.124 port 41832 ssh2
Jun 25 15:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: Invalid user milad from 91.92.40.124
Jun 25 15:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: input_userauth_request: invalid user milad [preauth]
Jun 25 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: Failed password for invalid user ubnt from 193.46.255.86 port 18364 ssh2
Jun 25 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: Connection closed by 91.92.40.124 port 41832 [preauth]
Jun 25 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Invalid user user from 45.148.10.121
Jun 25 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: input_userauth_request: invalid user user [preauth]
Jun 25 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: Failed password for invalid user ubnt from 193.46.255.86 port 18364 ssh2
Jun 25 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: Connection closed by 193.46.255.86 port 18364 [preauth]
Jun 25 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17532]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 15:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Failed password for invalid user user from 45.148.10.121 port 48314 ssh2
Jun 25 15:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Connection closed by 45.148.10.121 port 48314 [preauth]
Jun 25 15:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: Failed password for invalid user milad from 91.92.40.124 port 57012 ssh2
Jun 25 15:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Invalid user ai from 91.92.40.124
Jun 25 15:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: input_userauth_request: invalid user ai [preauth]
Jun 25 15:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: Connection closed by 91.92.40.124 port 57012 [preauth]
Jun 25 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16261]: pam_unix(cron:session): session closed for user root
Jun 25 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Failed password for invalid user ai from 91.92.40.124 port 57098 ssh2
Jun 25 15:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Connection closed by 91.92.40.124 port 57098 [preauth]
Jun 25 15:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: Failed password for root from 91.92.40.124 port 35270 ssh2
Jun 25 15:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: Connection closed by 91.92.40.124 port 35270 [preauth]
Jun 25 15:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Failed password for root from 91.92.40.124 port 35330 ssh2
Jun 25 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: Invalid user vagrant from 91.92.40.124
Jun 25 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: input_userauth_request: invalid user vagrant [preauth]
Jun 25 15:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Connection closed by 91.92.40.124 port 35330 [preauth]
Jun 25 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: Failed password for invalid user vagrant from 91.92.40.124 port 42238 ssh2
Jun 25 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: Connection closed by 91.92.40.124 port 42238 [preauth]
Jun 25 15:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: Failed password for root from 91.92.40.124 port 53140 ssh2
Jun 25 15:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: Connection closed by 91.92.40.124 port 53140 [preauth]
Jun 25 15:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: Invalid user daniel from 91.92.40.124
Jun 25 15:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: input_userauth_request: invalid user daniel [preauth]
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17733]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17693]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17814]: Successful su for rubyman by root
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17814]: + ??? root:rubyman
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590898 of user rubyman.
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17814]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590898.
Jun 25 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: Failed password for invalid user daniel from 91.92.40.124 port 53268 ssh2
Jun 25 15:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: Connection closed by 91.92.40.124 port 53268 [preauth]
Jun 25 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: Invalid user mohammad from 91.92.40.124
Jun 25 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: input_userauth_request: invalid user mohammad [preauth]
Jun 25 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17696]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14977]: pam_unix(cron:session): session closed for user root
Jun 25 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: Failed password for invalid user mohammad from 91.92.40.124 port 34316 ssh2
Jun 25 15:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: Connection closed by 91.92.40.124 port 34316 [preauth]
Jun 25 15:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Invalid user developer from 91.92.40.124
Jun 25 15:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: input_userauth_request: invalid user developer [preauth]
Jun 25 15:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Failed password for invalid user developer from 91.92.40.124 port 36640 ssh2
Jun 25 15:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Connection closed by 91.92.40.124 port 36640 [preauth]
Jun 25 15:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: User mysql from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 15:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: input_userauth_request: invalid user mysql [preauth]
Jun 25 15:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=mysql
Jun 25 15:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: Failed password for invalid user mysql from 91.92.40.124 port 53750 ssh2
Jun 25 15:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18052]: Connection closed by 91.92.40.124 port 53750 [preauth]
Jun 25 15:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Invalid user user from 91.92.40.124
Jun 25 15:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: input_userauth_request: invalid user user [preauth]
Jun 25 15:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Failed password for invalid user user from 91.92.40.124 port 53808 ssh2
Jun 25 15:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Connection closed by 91.92.40.124 port 53808 [preauth]
Jun 25 15:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Failed password for root from 91.92.40.124 port 56430 ssh2
Jun 25 15:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Connection closed by 91.92.40.124 port 56430 [preauth]
Jun 25 15:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session closed for user root
Jun 25 15:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: Invalid user sysupdate from 91.92.40.124
Jun 25 15:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: input_userauth_request: invalid user sysupdate [preauth]
Jun 25 15:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: Failed password for invalid user sysupdate from 91.92.40.124 port 56476 ssh2
Jun 25 15:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: Connection closed by 91.92.40.124 port 56476 [preauth]
Jun 25 15:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: Failed password for root from 91.92.40.124 port 39174 ssh2
Jun 25 15:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: Connection closed by 91.92.40.124 port 39174 [preauth]
Jun 25 15:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18156]: Invalid user deployer from 91.92.40.124
Jun 25 15:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18156]: input_userauth_request: invalid user deployer [preauth]
Jun 25 15:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18156]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18156]: Failed password for invalid user deployer from 91.92.40.124 port 40592 ssh2
Jun 25 15:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18156]: Connection closed by 91.92.40.124 port 40592 [preauth]
Jun 25 15:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: Invalid user erp from 91.92.40.124
Jun 25 15:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: input_userauth_request: invalid user erp [preauth]
Jun 25 15:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: Failed password for invalid user erp from 91.92.40.124 port 40638 ssh2
Jun 25 15:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18176]: Connection closed by 91.92.40.124 port 40638 [preauth]
Jun 25 15:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for root from 91.92.40.124 port 57044 ssh2
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Connection closed by 91.92.40.124 port 57044 [preauth]
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18199]: pam_unix(cron:session): session closed for user root
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18202]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18274]: Successful su for rubyman by root
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18274]: + ??? root:rubyman
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590902 of user rubyman.
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18274]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590902.
Jun 25 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: Invalid user odoo from 91.92.40.124
Jun 25 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: input_userauth_request: invalid user odoo [preauth]
Jun 25 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15434]: pam_unix(cron:session): session closed for user root
Jun 25 15:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18203]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: Failed password for invalid user odoo from 91.92.40.124 port 57076 ssh2
Jun 25 15:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: Connection closed by 91.92.40.124 port 57076 [preauth]
Jun 25 15:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18553]: Failed password for root from 91.92.40.124 port 41900 ssh2
Jun 25 15:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18553]: Connection closed by 91.92.40.124 port 41900 [preauth]
Jun 25 15:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Invalid user martin from 91.92.40.124
Jun 25 15:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: input_userauth_request: invalid user martin [preauth]
Jun 25 15:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Failed password for invalid user martin from 91.92.40.124 port 59644 ssh2
Jun 25 15:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Connection closed by 91.92.40.124 port 59644 [preauth]
Jun 25 15:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: Invalid user admin1 from 91.92.40.124
Jun 25 15:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 15:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: Failed password for invalid user admin1 from 91.92.40.124 port 59734 ssh2
Jun 25 15:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18590]: Connection closed by 91.92.40.124 port 59734 [preauth]
Jun 25 15:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: Invalid user node from 91.92.40.124
Jun 25 15:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: input_userauth_request: invalid user node [preauth]
Jun 25 15:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: Failed password for invalid user node from 91.92.40.124 port 50270 ssh2
Jun 25 15:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18613]: Connection closed by 91.92.40.124 port 50270 [preauth]
Jun 25 15:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17197]: pam_unix(cron:session): session closed for user root
Jun 25 15:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Failed password for root from 91.92.40.124 port 50346 ssh2
Jun 25 15:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Connection closed by 91.92.40.124 port 50346 [preauth]
Jun 25 15:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Invalid user rajvir from 91.92.40.124
Jun 25 15:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: input_userauth_request: invalid user rajvir [preauth]
Jun 25 15:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Failed password for invalid user rajvir from 91.92.40.124 port 59230 ssh2
Jun 25 15:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Connection closed by 91.92.40.124 port 59230 [preauth]
Jun 25 15:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Failed password for root from 91.92.40.124 port 41968 ssh2
Jun 25 15:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Connection closed by 91.92.40.124 port 41968 [preauth]
Jun 25 15:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: Failed password for root from 91.92.40.124 port 42024 ssh2
Jun 25 15:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: Connection closed by 91.92.40.124 port 42024 [preauth]
Jun 25 15:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Invalid user deploy from 91.92.40.124
Jun 25 15:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18728]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18799]: Successful su for rubyman by root
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18799]: + ??? root:rubyman
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590908 of user rubyman.
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18799]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590908.
Jun 25 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Failed password for invalid user deploy from 91.92.40.124 port 53840 ssh2
Jun 25 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Connection closed by 91.92.40.124 port 53840 [preauth]
Jun 25 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session closed for user root
Jun 25 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: Failed password for root from 91.92.40.124 port 53860 ssh2
Jun 25 15:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: Connection closed by 91.92.40.124 port 53860 [preauth]
Jun 25 15:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: Invalid user ftpuser1 from 91.92.40.124
Jun 25 15:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 25 15:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: Failed password for invalid user ftpuser1 from 91.92.40.124 port 39050 ssh2
Jun 25 15:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: Connection closed by 91.92.40.124 port 39050 [preauth]
Jun 25 15:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: Failed password for root from 91.92.40.124 port 59280 ssh2
Jun 25 15:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: Connection closed by 91.92.40.124 port 59280 [preauth]
Jun 25 15:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: Invalid user test3 from 91.92.40.124
Jun 25 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: input_userauth_request: invalid user test3 [preauth]
Jun 25 15:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: Failed password for invalid user test3 from 91.92.40.124 port 59322 ssh2
Jun 25 15:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: Connection closed by 91.92.40.124 port 59322 [preauth]
Jun 25 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: Invalid user data from 91.92.40.124
Jun 25 15:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: input_userauth_request: invalid user data [preauth]
Jun 25 15:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: Failed password for invalid user data from 91.92.40.124 port 58180 ssh2
Jun 25 15:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: Connection closed by 91.92.40.124 port 58180 [preauth]
Jun 25 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17733]: pam_unix(cron:session): session closed for user root
Jun 25 15:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Invalid user admin from 91.92.40.124
Jun 25 15:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for invalid user admin from 91.92.40.124 port 58264 ssh2
Jun 25 15:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Connection closed by 91.92.40.124 port 58264 [preauth]
Jun 25 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Invalid user app from 91.92.40.124
Jun 25 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: input_userauth_request: invalid user app [preauth]
Jun 25 15:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Failed password for invalid user app from 91.92.40.124 port 39078 ssh2
Jun 25 15:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Connection closed by 91.92.40.124 port 39078 [preauth]
Jun 25 15:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Invalid user solana from 91.92.40.124
Jun 25 15:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: input_userauth_request: invalid user solana [preauth]
Jun 25 15:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Failed password for invalid user solana from 91.92.40.124 port 39106 ssh2
Jun 25 15:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Connection closed by 91.92.40.124 port 39106 [preauth]
Jun 25 15:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Invalid user debian from 91.92.40.124
Jun 25 15:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: input_userauth_request: invalid user debian [preauth]
Jun 25 15:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Failed password for invalid user debian from 91.92.40.124 port 40624 ssh2
Jun 25 15:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Connection closed by 91.92.40.124 port 40624 [preauth]
Jun 25 15:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: Invalid user admin from 91.92.40.124
Jun 25 15:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: Failed password for invalid user admin from 91.92.40.124 port 60408 ssh2
Jun 25 15:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19246]: Connection closed by 91.92.40.124 port 60408 [preauth]
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19259]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19320]: Successful su for rubyman by root
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19320]: + ??? root:rubyman
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590912 of user rubyman.
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19320]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590912.
Jun 25 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16260]: pam_unix(cron:session): session closed for user root
Jun 25 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19260]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: Failed password for root from 91.92.40.124 port 60422 ssh2
Jun 25 15:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: Connection closed by 91.92.40.124 port 60422 [preauth]
Jun 25 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Invalid user botuser from 91.92.40.124
Jun 25 15:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: input_userauth_request: invalid user botuser [preauth]
Jun 25 15:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Failed password for invalid user botuser from 91.92.40.124 port 40296 ssh2
Jun 25 15:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Connection closed by 91.92.40.124 port 40296 [preauth]
Jun 25 15:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: Invalid user tom from 91.92.40.124
Jun 25 15:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: input_userauth_request: invalid user tom [preauth]
Jun 25 15:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: Failed password for invalid user tom from 91.92.40.124 port 52360 ssh2
Jun 25 15:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: Connection closed by 91.92.40.124 port 52360 [preauth]
Jun 25 15:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: Invalid user user from 91.92.40.124
Jun 25 15:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: input_userauth_request: invalid user user [preauth]
Jun 25 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: Failed password for invalid user user from 91.92.40.124 port 52426 ssh2
Jun 25 15:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19751]: Connection closed by 91.92.40.124 port 52426 [preauth]
Jun 25 15:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: Invalid user admin from 91.92.40.124
Jun 25 15:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: Failed password for invalid user admin from 91.92.40.124 port 35604 ssh2
Jun 25 15:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19775]: Connection closed by 91.92.40.124 port 35604 [preauth]
Jun 25 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18205]: pam_unix(cron:session): session closed for user root
Jun 25 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Invalid user media from 91.92.40.124
Jun 25 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: input_userauth_request: invalid user media [preauth]
Jun 25 15:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Failed password for invalid user media from 91.92.40.124 port 35686 ssh2
Jun 25 15:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Connection closed by 91.92.40.124 port 35686 [preauth]
Jun 25 15:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: Invalid user airflow from 91.92.40.124
Jun 25 15:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: input_userauth_request: invalid user airflow [preauth]
Jun 25 15:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: Failed password for invalid user airflow from 91.92.40.124 port 49824 ssh2
Jun 25 15:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19824]: Connection closed by 91.92.40.124 port 49824 [preauth]
Jun 25 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: Invalid user pi from 91.92.40.124
Jun 25 15:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: input_userauth_request: invalid user pi [preauth]
Jun 25 15:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: Failed password for invalid user pi from 91.92.40.124 port 39364 ssh2
Jun 25 15:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: Connection closed by 91.92.40.124 port 39364 [preauth]
Jun 25 15:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: Invalid user gns3 from 91.92.40.124
Jun 25 15:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: input_userauth_request: invalid user gns3 [preauth]
Jun 25 15:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: Failed password for invalid user gns3 from 91.92.40.124 port 39458 ssh2
Jun 25 15:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: Connection closed by 91.92.40.124 port 39458 [preauth]
Jun 25 15:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: Invalid user rdpuser from 91.92.40.124
Jun 25 15:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 15:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: Failed password for invalid user rdpuser from 91.92.40.124 port 34242 ssh2
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session closed for user root
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19901]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: Successful su for rubyman by root
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: + ??? root:rubyman
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590918 of user rubyman.
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590918.
Jun 25 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: Connection closed by 91.92.40.124 port 34242 [preauth]
Jun 25 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Invalid user tester from 91.92.40.124
Jun 25 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: input_userauth_request: invalid user tester [preauth]
Jun 25 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19903]: pam_unix(cron:session): session closed for user root
Jun 25 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session closed for user root
Jun 25 15:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Failed password for invalid user tester from 91.92.40.124 port 34330 ssh2
Jun 25 15:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Connection closed by 91.92.40.124 port 34330 [preauth]
Jun 25 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19902]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Invalid user sam from 91.92.40.124
Jun 25 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: input_userauth_request: invalid user sam [preauth]
Jun 25 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Failed password for invalid user sam from 91.92.40.124 port 56114 ssh2
Jun 25 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Connection closed by 91.92.40.124 port 56114 [preauth]
Jun 25 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: Invalid user user from 91.92.40.124
Jun 25 15:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: input_userauth_request: invalid user user [preauth]
Jun 25 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: Failed password for invalid user user from 91.92.40.124 port 59104 ssh2
Jun 25 15:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: Connection closed by 91.92.40.124 port 59104 [preauth]
Jun 25 15:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: Invalid user runner from 91.92.40.124
Jun 25 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: input_userauth_request: invalid user runner [preauth]
Jun 25 15:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: Failed password for invalid user runner from 91.92.40.124 port 59166 ssh2
Jun 25 15:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: Connection closed by 91.92.40.124 port 59166 [preauth]
Jun 25 15:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Invalid user user3 from 91.92.40.124
Jun 25 15:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: input_userauth_request: invalid user user3 [preauth]
Jun 25 15:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Failed password for invalid user user3 from 91.92.40.124 port 57780 ssh2
Jun 25 15:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Connection closed by 91.92.40.124 port 57780 [preauth]
Jun 25 15:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: Connection closed by 45.148.10.239 port 57716 [preauth]
Jun 25 15:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18732]: pam_unix(cron:session): session closed for user root
Jun 25 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: Invalid user oscar from 91.92.40.124
Jun 25 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: input_userauth_request: invalid user oscar [preauth]
Jun 25 15:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: Failed password for invalid user oscar from 91.92.40.124 port 57860 ssh2
Jun 25 15:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20346]: Connection closed by 91.92.40.124 port 57860 [preauth]
Jun 25 15:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: Failed password for root from 91.92.40.124 port 47308 ssh2
Jun 25 15:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20392]: Connection closed by 91.92.40.124 port 47308 [preauth]
Jun 25 15:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Invalid user cloud from 91.92.40.124
Jun 25 15:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: input_userauth_request: invalid user cloud [preauth]
Jun 25 15:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Failed password for invalid user cloud from 91.92.40.124 port 40206 ssh2
Jun 25 15:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Connection closed by 91.92.40.124 port 40206 [preauth]
Jun 25 15:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: Invalid user deploy from 91.92.40.124
Jun 25 15:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: Failed password for invalid user deploy from 91.92.40.124 port 40272 ssh2
Jun 25 15:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: Connection closed by 91.92.40.124 port 40272 [preauth]
Jun 25 15:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20440]: Invalid user admin1 from 91.92.40.124
Jun 25 15:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20440]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 15:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20440]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20440]: Failed password for invalid user admin1 from 91.92.40.124 port 49252 ssh2
Jun 25 15:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20440]: Connection closed by 91.92.40.124 port 49252 [preauth]
Jun 25 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20451]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20523]: Successful su for rubyman by root
Jun 25 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20523]: + ??? root:rubyman
Jun 25 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590923 of user rubyman.
Jun 25 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20523]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590923.
Jun 25 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Invalid user developer from 91.92.40.124
Jun 25 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: input_userauth_request: invalid user developer [preauth]
Jun 25 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session closed for user root
Jun 25 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20452]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Failed password for invalid user developer from 91.92.40.124 port 49310 ssh2
Jun 25 15:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Connection closed by 91.92.40.124 port 49310 [preauth]
Jun 25 15:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Invalid user angel from 91.92.40.124
Jun 25 15:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: input_userauth_request: invalid user angel [preauth]
Jun 25 15:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Failed password for invalid user angel from 91.92.40.124 port 43986 ssh2
Jun 25 15:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Connection closed by 91.92.40.124 port 43986 [preauth]
Jun 25 15:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: Failed password for root from 91.92.40.124 port 50350 ssh2
Jun 25 15:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: Connection closed by 91.92.40.124 port 50350 [preauth]
Jun 25 15:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: Invalid user kim from 91.92.40.124
Jun 25 15:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: input_userauth_request: invalid user kim [preauth]
Jun 25 15:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: Failed password for invalid user kim from 91.92.40.124 port 50392 ssh2
Jun 25 15:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: Connection closed by 91.92.40.124 port 50392 [preauth]
Jun 25 15:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Invalid user x from 91.92.40.124
Jun 25 15:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: input_userauth_request: invalid user x [preauth]
Jun 25 15:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Failed password for invalid user x from 91.92.40.124 port 45020 ssh2
Jun 25 15:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Connection closed by 91.92.40.124 port 45020 [preauth]
Jun 25 15:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19262]: pam_unix(cron:session): session closed for user root
Jun 25 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: Invalid user appuser from 91.92.40.124
Jun 25 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: input_userauth_request: invalid user appuser [preauth]
Jun 25 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: Failed password for invalid user appuser from 91.92.40.124 port 45058 ssh2
Jun 25 15:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: Connection closed by 91.92.40.124 port 45058 [preauth]
Jun 25 15:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: Invalid user postgres from 91.92.40.124
Jun 25 15:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: input_userauth_request: invalid user postgres [preauth]
Jun 25 15:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: Failed password for invalid user postgres from 91.92.40.124 port 50354 ssh2
Jun 25 15:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: Connection closed by 91.92.40.124 port 50354 [preauth]
Jun 25 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: Invalid user gabriel from 91.92.40.124
Jun 25 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 15:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: Failed password for invalid user gabriel from 91.92.40.124 port 56910 ssh2
Jun 25 15:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: Connection closed by 91.92.40.124 port 56910 [preauth]
Jun 25 15:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20950]: Invalid user nexus from 91.92.40.124
Jun 25 15:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20950]: input_userauth_request: invalid user nexus [preauth]
Jun 25 15:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20950]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20950]: Failed password for invalid user nexus from 91.92.40.124 port 56932 ssh2
Jun 25 15:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20950]: Connection closed by 91.92.40.124 port 56932 [preauth]
Jun 25 15:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Invalid user devops from 91.92.40.124
Jun 25 15:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: input_userauth_request: invalid user devops [preauth]
Jun 25 15:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Failed password for invalid user devops from 91.92.40.124 port 45998 ssh2
Jun 25 15:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Connection closed by 91.92.40.124 port 45998 [preauth]
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21034]: Successful su for rubyman by root
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21034]: + ??? root:rubyman
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590925 of user rubyman.
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21034]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590925.
Jun 25 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17732]: pam_unix(cron:session): session closed for user root
Jun 25 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Failed password for root from 91.92.40.124 port 46052 ssh2
Jun 25 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Connection closed by 91.92.40.124 port 46052 [preauth]
Jun 25 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Invalid user deployer from 91.92.40.124
Jun 25 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: input_userauth_request: invalid user deployer [preauth]
Jun 25 15:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Failed password for invalid user deployer from 91.92.40.124 port 53670 ssh2
Jun 25 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Connection closed by 91.92.40.124 port 53670 [preauth]
Jun 25 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: Invalid user user2 from 91.92.40.124
Jun 25 15:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: input_userauth_request: invalid user user2 [preauth]
Jun 25 15:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: Failed password for invalid user user2 from 91.92.40.124 port 53742 ssh2
Jun 25 15:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: Connection closed by 91.92.40.124 port 53742 [preauth]
Jun 25 15:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: Invalid user vm from 91.92.40.124
Jun 25 15:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: input_userauth_request: invalid user vm [preauth]
Jun 25 15:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: Failed password for invalid user vm from 91.92.40.124 port 60840 ssh2
Jun 25 15:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: Connection closed by 91.92.40.124 port 60840 [preauth]
Jun 25 15:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 15:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: Invalid user bot from 91.92.40.124
Jun 25 15:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: input_userauth_request: invalid user bot [preauth]
Jun 25 15:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: Failed password for root from 103.172.78.219 port 34452 ssh2
Jun 25 15:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: Connection closed by 103.172.78.219 port 34452 [preauth]
Jun 25 15:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: Failed password for invalid user bot from 91.92.40.124 port 54722 ssh2
Jun 25 15:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: Connection closed by 91.92.40.124 port 54722 [preauth]
Jun 25 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21307]: Invalid user guest from 91.92.40.124
Jun 25 15:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21307]: input_userauth_request: invalid user guest [preauth]
Jun 25 15:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21307]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19905]: pam_unix(cron:session): session closed for user root
Jun 25 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21307]: Failed password for invalid user guest from 91.92.40.124 port 54820 ssh2
Jun 25 15:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21307]: Connection closed by 91.92.40.124 port 54820 [preauth]
Jun 25 15:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Invalid user bot from 91.92.40.124
Jun 25 15:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: input_userauth_request: invalid user bot [preauth]
Jun 25 15:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Failed password for invalid user bot from 91.92.40.124 port 56738 ssh2
Jun 25 15:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Connection closed by 91.92.40.124 port 56738 [preauth]
Jun 25 15:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21356]: Failed password for root from 91.92.40.124 port 56772 ssh2
Jun 25 15:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21356]: Connection closed by 91.92.40.124 port 56772 [preauth]
Jun 25 15:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: Failed password for root from 91.92.40.124 port 35852 ssh2
Jun 25 15:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: Connection closed by 91.92.40.124 port 35852 [preauth]
Jun 25 15:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Invalid user administrator from 91.92.40.124
Jun 25 15:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: input_userauth_request: invalid user administrator [preauth]
Jun 25 15:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Failed password for invalid user administrator from 91.92.40.124 port 55030 ssh2
Jun 25 15:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Connection closed by 91.92.40.124 port 55030 [preauth]
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21404]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: Successful su for rubyman by root
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: + ??? root:rubyman
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590929 of user rubyman.
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21472]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590929.
Jun 25 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18204]: pam_unix(cron:session): session closed for user root
Jun 25 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21405]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: Failed password for root from 91.92.40.124 port 55082 ssh2
Jun 25 15:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: Connection closed by 91.92.40.124 port 55082 [preauth]
Jun 25 15:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: Invalid user admin from 91.92.40.124
Jun 25 15:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: Failed password for invalid user admin from 91.92.40.124 port 40972 ssh2
Jun 25 15:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: Connection closed by 91.92.40.124 port 40972 [preauth]
Jun 25 15:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Invalid user git from 91.92.40.124
Jun 25 15:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: input_userauth_request: invalid user git [preauth]
Jun 25 15:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Failed password for invalid user git from 91.92.40.124 port 41048 ssh2
Jun 25 15:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Connection closed by 91.92.40.124 port 41048 [preauth]
Jun 25 15:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Invalid user david from 91.92.40.124
Jun 25 15:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: input_userauth_request: invalid user david [preauth]
Jun 25 15:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Failed password for invalid user david from 91.92.40.124 port 37168 ssh2
Jun 25 15:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Connection closed by 91.92.40.124 port 37168 [preauth]
Jun 25 15:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21749]: Invalid user nexus from 91.92.40.124
Jun 25 15:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21749]: input_userauth_request: invalid user nexus [preauth]
Jun 25 15:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21749]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21749]: Failed password for invalid user nexus from 91.92.40.124 port 45416 ssh2
Jun 25 15:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21749]: Connection closed by 91.92.40.124 port 45416 [preauth]
Jun 25 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20458]: pam_unix(cron:session): session closed for user root
Jun 25 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: Invalid user webmaster from 91.92.40.124
Jun 25 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: input_userauth_request: invalid user webmaster [preauth]
Jun 25 15:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: Failed password for invalid user webmaster from 91.92.40.124 port 45462 ssh2
Jun 25 15:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: Connection closed by 91.92.40.124 port 45462 [preauth]
Jun 25 15:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Invalid user jellyfin from 91.92.40.124
Jun 25 15:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Failed password for invalid user jellyfin from 91.92.40.124 port 44786 ssh2
Jun 25 15:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Connection closed by 91.92.40.124 port 44786 [preauth]
Jun 25 15:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21807]: Invalid user deployer from 91.92.40.124
Jun 25 15:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21807]: input_userauth_request: invalid user deployer [preauth]
Jun 25 15:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21807]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21807]: Failed password for invalid user deployer from 91.92.40.124 port 44852 ssh2
Jun 25 15:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21807]: Connection closed by 91.92.40.124 port 44852 [preauth]
Jun 25 15:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Invalid user admin123 from 91.92.40.124
Jun 25 15:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: input_userauth_request: invalid user admin123 [preauth]
Jun 25 15:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Failed password for invalid user admin123 from 91.92.40.124 port 56710 ssh2
Jun 25 15:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Connection closed by 91.92.40.124 port 56710 [preauth]
Jun 25 15:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Invalid user teste from 91.92.40.124
Jun 25 15:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: input_userauth_request: invalid user teste [preauth]
Jun 25 15:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Failed password for invalid user teste from 91.92.40.124 port 55428 ssh2
Jun 25 15:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Connection closed by 91.92.40.124 port 55428 [preauth]
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21864]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21928]: Successful su for rubyman by root
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21928]: + ??? root:rubyman
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590934 of user rubyman.
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21928]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590934.
Jun 25 15:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18731]: pam_unix(cron:session): session closed for user root
Jun 25 15:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21890]: Failed password for root from 91.92.40.124 port 55512 ssh2
Jun 25 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21866]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21890]: Connection closed by 91.92.40.124 port 55512 [preauth]
Jun 25 15:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Failed password for root from 91.92.40.124 port 57038 ssh2
Jun 25 15:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Connection closed by 91.92.40.124 port 57038 [preauth]
Jun 25 15:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Invalid user core from 91.92.40.124
Jun 25 15:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: input_userauth_request: invalid user core [preauth]
Jun 25 15:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Failed password for invalid user core from 91.92.40.124 port 57108 ssh2
Jun 25 15:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Connection closed by 91.92.40.124 port 57108 [preauth]
Jun 25 15:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22146]: Invalid user openclaw from 91.92.40.124
Jun 25 15:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22146]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 15:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22146]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22146]: Failed password for invalid user openclaw from 91.92.40.124 port 41304 ssh2
Jun 25 15:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22146]: Connection closed by 91.92.40.124 port 41304 [preauth]
Jun 25 15:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22170]: Invalid user server from 91.92.40.124
Jun 25 15:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22170]: input_userauth_request: invalid user server [preauth]
Jun 25 15:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22170]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22170]: Failed password for invalid user server from 91.92.40.124 port 55622 ssh2
Jun 25 15:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22170]: Connection closed by 91.92.40.124 port 55622 [preauth]
Jun 25 15:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session closed for user root
Jun 25 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Failed password for root from 91.92.40.124 port 55734 ssh2
Jun 25 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Connection closed by 91.92.40.124 port 55734 [preauth]
Jun 25 15:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: Invalid user ubuntu from 91.92.40.124
Jun 25 15:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 15:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: Failed password for invalid user ubuntu from 91.92.40.124 port 37264 ssh2
Jun 25 15:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22225]: Connection closed by 91.92.40.124 port 37264 [preauth]
Jun 25 15:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: Failed password for root from 91.92.40.124 port 37322 ssh2
Jun 25 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: Connection closed by 91.92.40.124 port 37322 [preauth]
Jun 25 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22258]: Invalid user deploy from 91.92.40.124
Jun 25 15:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22258]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22258]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22258]: Failed password for invalid user deploy from 91.92.40.124 port 47118 ssh2
Jun 25 15:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22258]: Connection closed by 91.92.40.124 port 47118 [preauth]
Jun 25 15:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Invalid user ftpuser from 91.92.40.124
Jun 25 15:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 15:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Failed password for invalid user ftpuser from 91.92.40.124 port 44576 ssh2
Jun 25 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Connection closed by 91.92.40.124 port 44576 [preauth]
Jun 25 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22292]: pam_unix(cron:session): session closed for user root
Jun 25 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22443]: Successful su for rubyman by root
Jun 25 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22443]: + ??? root:rubyman
Jun 25 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590939 of user rubyman.
Jun 25 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22443]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590939.
Jun 25 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22287]: pam_unix(cron:session): session closed for user root
Jun 25 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19261]: pam_unix(cron:session): session closed for user root
Jun 25 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Failed password for root from 91.92.40.124 port 44656 ssh2
Jun 25 15:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Connection closed by 91.92.40.124 port 44656 [preauth]
Jun 25 15:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: Invalid user newuser from 91.92.40.124
Jun 25 15:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: input_userauth_request: invalid user newuser [preauth]
Jun 25 15:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: Failed password for invalid user newuser from 91.92.40.124 port 42776 ssh2
Jun 25 15:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: Connection closed by 91.92.40.124 port 42776 [preauth]
Jun 25 15:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: Failed password for root from 91.92.40.124 port 42826 ssh2
Jun 25 15:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: Connection closed by 91.92.40.124 port 42826 [preauth]
Jun 25 15:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: Invalid user adminuser from 91.92.40.124
Jun 25 15:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: input_userauth_request: invalid user adminuser [preauth]
Jun 25 15:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: Failed password for invalid user adminuser from 91.92.40.124 port 43122 ssh2
Jun 25 15:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: Connection closed by 91.92.40.124 port 43122 [preauth]
Jun 25 15:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Failed password for root from 91.92.40.124 port 53720 ssh2
Jun 25 15:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Connection closed by 91.92.40.124 port 53720 [preauth]
Jun 25 15:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21407]: pam_unix(cron:session): session closed for user root
Jun 25 15:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Invalid user runner from 91.92.40.124
Jun 25 15:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: input_userauth_request: invalid user runner [preauth]
Jun 25 15:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Failed password for invalid user runner from 91.92.40.124 port 53786 ssh2
Jun 25 15:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Connection closed by 91.92.40.124 port 53786 [preauth]
Jun 25 15:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: Invalid user deployer from 91.92.40.124
Jun 25 15:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: input_userauth_request: invalid user deployer [preauth]
Jun 25 15:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: Failed password for invalid user deployer from 91.92.40.124 port 59010 ssh2
Jun 25 15:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: Connection closed by 91.92.40.124 port 59010 [preauth]
Jun 25 15:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Invalid user gitlab from 91.92.40.124
Jun 25 15:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: input_userauth_request: invalid user gitlab [preauth]
Jun 25 15:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Failed password for invalid user gitlab from 91.92.40.124 port 59078 ssh2
Jun 25 15:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Connection closed by 91.92.40.124 port 59078 [preauth]
Jun 25 15:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Invalid user rocky from 91.92.40.124
Jun 25 15:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: input_userauth_request: invalid user rocky [preauth]
Jun 25 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Failed password for invalid user rocky from 91.92.40.124 port 60026 ssh2
Jun 25 15:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Connection closed by 91.92.40.124 port 60026 [preauth]
Jun 25 15:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22829]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22827]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22897]: Successful su for rubyman by root
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22897]: + ??? root:rubyman
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590944 of user rubyman.
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22897]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590944.
Jun 25 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Failed password for root from 91.92.40.124 port 53996 ssh2
Jun 25 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Connection closed by 91.92.40.124 port 53996 [preauth]
Jun 25 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19904]: pam_unix(cron:session): session closed for user root
Jun 25 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22828]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22917]: Failed password for root from 91.92.40.124 port 54018 ssh2
Jun 25 15:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22917]: Connection closed by 91.92.40.124 port 54018 [preauth]
Jun 25 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Failed password for root from 91.92.40.124 port 35166 ssh2
Jun 25 15:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Connection closed by 91.92.40.124 port 35166 [preauth]
Jun 25 15:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23096]: Invalid user niaoyun from 91.92.40.124
Jun 25 15:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23096]: input_userauth_request: invalid user niaoyun [preauth]
Jun 25 15:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23096]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23096]: Failed password for invalid user niaoyun from 91.92.40.124 port 35218 ssh2
Jun 25 15:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23096]: Connection closed by 91.92.40.124 port 35218 [preauth]
Jun 25 15:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: Invalid user odoo16 from 91.92.40.124
Jun 25 15:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: input_userauth_request: invalid user odoo16 [preauth]
Jun 25 15:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: Failed password for invalid user odoo16 from 91.92.40.124 port 44608 ssh2
Jun 25 15:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: Connection closed by 91.92.40.124 port 44608 [preauth]
Jun 25 15:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23144]: Invalid user jack from 91.92.40.124
Jun 25 15:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23144]: input_userauth_request: invalid user jack [preauth]
Jun 25 15:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23144]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21868]: pam_unix(cron:session): session closed for user root
Jun 25 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23144]: Failed password for invalid user jack from 91.92.40.124 port 35624 ssh2
Jun 25 15:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23144]: Connection closed by 91.92.40.124 port 35624 [preauth]
Jun 25 15:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: Invalid user rock from 91.92.40.124
Jun 25 15:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: input_userauth_request: invalid user rock [preauth]
Jun 25 15:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: Failed password for invalid user rock from 91.92.40.124 port 35668 ssh2
Jun 25 15:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23154]: Connection closed by 91.92.40.124 port 35668 [preauth]
Jun 25 15:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: Invalid user dev from 91.92.40.124
Jun 25 15:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: input_userauth_request: invalid user dev [preauth]
Jun 25 15:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: Failed password for invalid user dev from 91.92.40.124 port 45502 ssh2
Jun 25 15:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: Connection closed by 91.92.40.124 port 45502 [preauth]
Jun 25 15:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Invalid user openclaw from 91.92.40.124
Jun 25 15:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 15:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Failed password for invalid user openclaw from 91.92.40.124 port 40476 ssh2
Jun 25 15:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Connection closed by 91.92.40.124 port 40476 [preauth]
Jun 25 15:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: Invalid user kingbase from 91.92.40.124
Jun 25 15:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: input_userauth_request: invalid user kingbase [preauth]
Jun 25 15:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 25 15:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: Failed password for root from 94.159.110.201 port 42568 ssh2
Jun 25 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: Failed password for invalid user kingbase from 91.92.40.124 port 40538 ssh2
Jun 25 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: Connection closed by 94.159.110.201 port 42568 [preauth]
Jun 25 15:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: Connection closed by 91.92.40.124 port 40538 [preauth]
Jun 25 15:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Invalid user system from 91.92.40.124
Jun 25 15:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: input_userauth_request: invalid user system [preauth]
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23266]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23337]: Successful su for rubyman by root
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23337]: + ??? root:rubyman
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590948 of user rubyman.
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23337]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590948.
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Failed password for invalid user system from 91.92.40.124 port 40582 ssh2
Jun 25 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20453]: pam_unix(cron:session): session closed for user root
Jun 25 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Connection closed by 91.92.40.124 port 40582 [preauth]
Jun 25 15:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23267]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: Failed password for root from 91.92.40.124 port 40636 ssh2
Jun 25 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: Connection closed by 91.92.40.124 port 40636 [preauth]
Jun 25 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Invalid user ubuntu from 91.92.40.124
Jun 25 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 15:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Failed password for invalid user ubuntu from 91.92.40.124 port 60384 ssh2
Jun 25 15:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Connection closed by 91.92.40.124 port 60384 [preauth]
Jun 25 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Invalid user ansible from 91.92.40.124
Jun 25 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: input_userauth_request: invalid user ansible [preauth]
Jun 25 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Failed password for invalid user ansible from 91.92.40.124 port 60450 ssh2
Jun 25 15:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Connection closed by 91.92.40.124 port 60450 [preauth]
Jun 25 15:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: Invalid user user from 91.92.40.124
Jun 25 15:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: input_userauth_request: invalid user user [preauth]
Jun 25 15:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: Failed password for invalid user user from 91.92.40.124 port 51922 ssh2
Jun 25 15:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: Connection closed by 91.92.40.124 port 51922 [preauth]
Jun 25 15:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Invalid user aaa from 91.92.40.124
Jun 25 15:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: input_userauth_request: invalid user aaa [preauth]
Jun 25 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Failed password for invalid user aaa from 91.92.40.124 port 59188 ssh2
Jun 25 15:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Connection closed by 91.92.40.124 port 59188 [preauth]
Jun 25 15:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22291]: pam_unix(cron:session): session closed for user root
Jun 25 15:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23603]: Failed password for root from 91.92.40.124 port 59222 ssh2
Jun 25 15:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23603]: Connection closed by 91.92.40.124 port 59222 [preauth]
Jun 25 15:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 15:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Failed password for root from 103.15.222.183 port 48768 ssh2
Jun 25 15:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Connection closed by 103.15.222.183 port 48768 [preauth]
Jun 25 15:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: Failed password for root from 91.92.40.124 port 48624 ssh2
Jun 25 15:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: Connection closed by 91.92.40.124 port 48624 [preauth]
Jun 25 15:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23671]: Invalid user playground from 91.92.40.124
Jun 25 15:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23671]: input_userauth_request: invalid user playground [preauth]
Jun 25 15:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23671]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23671]: Failed password for invalid user playground from 91.92.40.124 port 57596 ssh2
Jun 25 15:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23671]: Connection closed by 91.92.40.124 port 57596 [preauth]
Jun 25 15:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23687]: Invalid user postgres from 91.92.40.124
Jun 25 15:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23687]: input_userauth_request: invalid user postgres [preauth]
Jun 25 15:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23687]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23687]: Failed password for invalid user postgres from 91.92.40.124 port 57650 ssh2
Jun 25 15:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23687]: Connection closed by 91.92.40.124 port 57650 [preauth]
Jun 25 15:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Invalid user user from 91.92.40.124
Jun 25 15:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: input_userauth_request: invalid user user [preauth]
Jun 25 15:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Failed password for invalid user user from 91.92.40.124 port 52880 ssh2
Jun 25 15:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Connection closed by 91.92.40.124 port 52880 [preauth]
Jun 25 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23713]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23710]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23785]: Successful su for rubyman by root
Jun 25 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23785]: + ??? root:rubyman
Jun 25 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590951 of user rubyman.
Jun 25 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23785]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590951.
Jun 25 15:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: Invalid user plex from 91.92.40.124
Jun 25 15:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: input_userauth_request: invalid user plex [preauth]
Jun 25 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session closed for user root
Jun 25 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: Failed password for invalid user plex from 91.92.40.124 port 52928 ssh2
Jun 25 15:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23711]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: Connection closed by 91.92.40.124 port 52928 [preauth]
Jun 25 15:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Invalid user user2 from 91.92.40.124
Jun 25 15:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: input_userauth_request: invalid user user2 [preauth]
Jun 25 15:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Failed password for invalid user user2 from 91.92.40.124 port 46272 ssh2
Jun 25 15:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Connection closed by 91.92.40.124 port 46272 [preauth]
Jun 25 15:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: Invalid user runner from 91.92.40.124
Jun 25 15:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: input_userauth_request: invalid user runner [preauth]
Jun 25 15:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: Failed password for invalid user runner from 91.92.40.124 port 46354 ssh2
Jun 25 15:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24084]: Connection closed by 91.92.40.124 port 46354 [preauth]
Jun 25 15:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: Invalid user openvpn from 91.92.40.124
Jun 25 15:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: input_userauth_request: invalid user openvpn [preauth]
Jun 25 15:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: Failed password for invalid user openvpn from 91.92.40.124 port 40220 ssh2
Jun 25 15:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24099]: Connection closed by 91.92.40.124 port 40220 [preauth]
Jun 25 15:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: Invalid user odoo14 from 91.92.40.124
Jun 25 15:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: input_userauth_request: invalid user odoo14 [preauth]
Jun 25 15:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: Failed password for invalid user odoo14 from 91.92.40.124 port 60184 ssh2
Jun 25 15:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: Connection closed by 91.92.40.124 port 60184 [preauth]
Jun 25 15:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22830]: pam_unix(cron:session): session closed for user root
Jun 25 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: Failed password for root from 91.92.40.124 port 60230 ssh2
Jun 25 15:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: Connection closed by 91.92.40.124 port 60230 [preauth]
Jun 25 15:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: Invalid user admin from 91.92.40.124
Jun 25 15:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: Failed password for invalid user admin from 91.92.40.124 port 39890 ssh2
Jun 25 15:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: Connection closed by 91.92.40.124 port 39890 [preauth]
Jun 25 15:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: Invalid user admin from 91.92.40.124
Jun 25 15:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: Failed password for invalid user admin from 91.92.40.124 port 39920 ssh2
Jun 25 15:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: Connection closed by 91.92.40.124 port 39920 [preauth]
Jun 25 15:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24218]: Invalid user chris from 91.92.40.124
Jun 25 15:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24218]: input_userauth_request: invalid user chris [preauth]
Jun 25 15:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24218]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24218]: Failed password for invalid user chris from 91.92.40.124 port 57698 ssh2
Jun 25 15:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24218]: Connection closed by 91.92.40.124 port 57698 [preauth]
Jun 25 15:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Failed password for root from 91.92.40.124 port 47766 ssh2
Jun 25 15:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Connection closed by 91.92.40.124 port 47766 [preauth]
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24248]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24321]: Successful su for rubyman by root
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24321]: + ??? root:rubyman
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590957 of user rubyman.
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24321]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590957.
Jun 25 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: Invalid user hadoop from 91.92.40.124
Jun 25 15:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 15:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21406]: pam_unix(cron:session): session closed for user root
Jun 25 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: Failed password for invalid user hadoop from 91.92.40.124 port 47830 ssh2
Jun 25 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: Connection closed by 91.92.40.124 port 47830 [preauth]
Jun 25 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Failed password for root from 91.92.40.124 port 45352 ssh2
Jun 25 15:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Connection closed by 91.92.40.124 port 45352 [preauth]
Jun 25 15:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Invalid user sam from 91.92.40.124
Jun 25 15:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: input_userauth_request: invalid user sam [preauth]
Jun 25 15:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Failed password for invalid user sam from 91.92.40.124 port 34808 ssh2
Jun 25 15:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Connection closed by 91.92.40.124 port 34808 [preauth]
Jun 25 15:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: Invalid user splunk from 91.92.40.124
Jun 25 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: input_userauth_request: invalid user splunk [preauth]
Jun 25 15:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: Failed password for invalid user splunk from 91.92.40.124 port 34828 ssh2
Jun 25 15:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24554]: Connection closed by 91.92.40.124 port 34828 [preauth]
Jun 25 15:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Invalid user claude from 91.92.40.124
Jun 25 15:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: input_userauth_request: invalid user claude [preauth]
Jun 25 15:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Failed password for invalid user claude from 91.92.40.124 port 55436 ssh2
Jun 25 15:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Connection closed by 91.92.40.124 port 55436 [preauth]
Jun 25 15:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23269]: pam_unix(cron:session): session closed for user root
Jun 25 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Invalid user ubuntu from 91.92.40.124
Jun 25 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Failed password for root from 103.27.238.120 port 41192 ssh2
Jun 25 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Connection closed by 103.27.238.120 port 41192 [preauth]
Jun 25 15:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Failed password for invalid user ubuntu from 91.92.40.124 port 55546 ssh2
Jun 25 15:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Connection closed by 91.92.40.124 port 55546 [preauth]
Jun 25 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: Failed password for root from 91.92.40.124 port 35064 ssh2
Jun 25 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: Connection closed by 91.92.40.124 port 35064 [preauth]
Jun 25 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: Failed password for root from 91.92.40.124 port 46944 ssh2
Jun 25 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: Connection closed by 91.92.40.124 port 46944 [preauth]
Jun 25 15:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: Failed password for root from 91.92.40.124 port 46996 ssh2
Jun 25 15:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: Connection closed by 91.92.40.124 port 46996 [preauth]
Jun 25 15:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: Invalid user lighthouse from 91.92.40.124
Jun 25 15:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: input_userauth_request: invalid user lighthouse [preauth]
Jun 25 15:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24714]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24713]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24716]: pam_unix(cron:session): session closed for user root
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24710]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: Failed password for invalid user lighthouse from 91.92.40.124 port 47530 ssh2
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24786]: Successful su for rubyman by root
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24786]: + ??? root:rubyman
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590959 of user rubyman.
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24786]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590959.
Jun 25 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: Connection closed by 91.92.40.124 port 47530 [preauth]
Jun 25 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24712]: pam_unix(cron:session): session closed for user root
Jun 25 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21867]: pam_unix(cron:session): session closed for user root
Jun 25 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Failed password for root from 91.92.40.124 port 47576 ssh2
Jun 25 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24711]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Connection closed by 91.92.40.124 port 47576 [preauth]
Jun 25 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 15:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: User vncuser from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 15:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 15:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Failed password for root from 103.153.68.219 port 53404 ssh2
Jun 25 15:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Connection closed by 103.153.68.219 port 53404 [preauth]
Jun 25 15:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=vncuser
Jun 25 15:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: Failed password for invalid user vncuser from 91.92.40.124 port 35926 ssh2
Jun 25 15:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: Connection closed by 91.92.40.124 port 35926 [preauth]
Jun 25 15:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Invalid user deploy from 91.92.40.124
Jun 25 15:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Failed password for invalid user deploy from 91.92.40.124 port 35966 ssh2
Jun 25 15:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Connection closed by 91.92.40.124 port 35966 [preauth]
Jun 25 15:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: Invalid user devuser from 91.92.40.124
Jun 25 15:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: input_userauth_request: invalid user devuser [preauth]
Jun 25 15:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: Failed password for invalid user devuser from 91.92.40.124 port 53950 ssh2
Jun 25 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: Connection closed by 91.92.40.124 port 53950 [preauth]
Jun 25 15:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: Invalid user uploader from 91.92.40.124
Jun 25 15:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: input_userauth_request: invalid user uploader [preauth]
Jun 25 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: Failed password for invalid user uploader from 91.92.40.124 port 53998 ssh2
Jun 25 15:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: Connection closed by 91.92.40.124 port 53998 [preauth]
Jun 25 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Invalid user rancher from 91.92.40.124
Jun 25 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: input_userauth_request: invalid user rancher [preauth]
Jun 25 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23713]: pam_unix(cron:session): session closed for user root
Jun 25 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Failed password for invalid user rancher from 91.92.40.124 port 36056 ssh2
Jun 25 15:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Connection closed by 91.92.40.124 port 36056 [preauth]
Jun 25 15:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Invalid user milad from 91.92.40.124
Jun 25 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: input_userauth_request: invalid user milad [preauth]
Jun 25 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Connection closed by 194.59.206.2 port 21830 [preauth]
Jun 25 15:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Failed password for invalid user milad from 91.92.40.124 port 56344 ssh2
Jun 25 15:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Connection closed by 91.92.40.124 port 56344 [preauth]
Jun 25 15:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Failed password for root from 91.92.40.124 port 56426 ssh2
Jun 25 15:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Connection closed by 91.92.40.124 port 56426 [preauth]
Jun 25 15:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Invalid user server from 91.92.40.124
Jun 25 15:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: input_userauth_request: invalid user server [preauth]
Jun 25 15:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Failed password for invalid user server from 91.92.40.124 port 59786 ssh2
Jun 25 15:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Connection closed by 91.92.40.124 port 59786 [preauth]
Jun 25 15:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Invalid user bob from 91.92.40.124
Jun 25 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: input_userauth_request: invalid user bob [preauth]
Jun 25 15:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Failed password for invalid user bob from 91.92.40.124 port 52440 ssh2
Jun 25 15:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Connection closed by 91.92.40.124 port 52440 [preauth]
Jun 25 15:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25167]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25237]: Successful su for rubyman by root
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25237]: + ??? root:rubyman
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590966 of user rubyman.
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25237]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590966.
Jun 25 15:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22288]: pam_unix(cron:session): session closed for user root
Jun 25 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: Failed password for root from 91.92.40.124 port 52504 ssh2
Jun 25 15:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25168]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: Connection closed by 91.92.40.124 port 52504 [preauth]
Jun 25 15:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: Invalid user ec2-user from 91.92.40.124
Jun 25 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 15:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: Failed password for invalid user ec2-user from 91.92.40.124 port 55442 ssh2
Jun 25 15:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: Connection closed by 91.92.40.124 port 55442 [preauth]
Jun 25 15:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: Failed password for root from 91.92.40.124 port 55480 ssh2
Jun 25 15:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: Connection closed by 91.92.40.124 port 55480 [preauth]
Jun 25 15:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: Invalid user chenxi from 91.92.40.124
Jun 25 15:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: input_userauth_request: invalid user chenxi [preauth]
Jun 25 15:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: Failed password for invalid user chenxi from 91.92.40.124 port 47022 ssh2
Jun 25 15:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25444]: Connection closed by 91.92.40.124 port 47022 [preauth]
Jun 25 15:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: Invalid user deploy from 91.92.40.124
Jun 25 15:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: Failed password for invalid user deploy from 91.92.40.124 port 53878 ssh2
Jun 25 15:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: Connection closed by 91.92.40.124 port 53878 [preauth]
Jun 25 15:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session closed for user root
Jun 25 15:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: Failed password for root from 91.92.40.124 port 53954 ssh2
Jun 25 15:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: Connection closed by 91.92.40.124 port 53954 [preauth]
Jun 25 15:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Invalid user deploy from 91.92.40.124
Jun 25 15:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Failed password for invalid user deploy from 91.92.40.124 port 33614 ssh2
Jun 25 15:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Connection closed by 91.92.40.124 port 33614 [preauth]
Jun 25 15:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: Failed password for root from 91.92.40.124 port 33688 ssh2
Jun 25 15:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: Connection closed by 91.92.40.124 port 33688 [preauth]
Jun 25 15:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Invalid user jack from 91.92.40.124
Jun 25 15:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: input_userauth_request: invalid user jack [preauth]
Jun 25 15:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Failed password for invalid user jack from 91.92.40.124 port 56068 ssh2
Jun 25 15:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Connection closed by 91.92.40.124 port 56068 [preauth]
Jun 25 15:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: Invalid user operator from 91.92.40.124
Jun 25 15:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: input_userauth_request: invalid user operator [preauth]
Jun 25 15:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: Failed password for invalid user operator from 91.92.40.124 port 45456 ssh2
Jun 25 15:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25570]: Connection closed by 91.92.40.124 port 45456 [preauth]
Jun 25 15:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25583]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25641]: Successful su for rubyman by root
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25641]: + ??? root:rubyman
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25641]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590969 of user rubyman.
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25641]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590969.
Jun 25 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22829]: pam_unix(cron:session): session closed for user root
Jun 25 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: Failed password for root from 91.92.40.124 port 45518 ssh2
Jun 25 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25740]: Failed password for root from 38.93.206.2 port 51294 ssh2
Jun 25 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25740]: Connection closed by 38.93.206.2 port 51294 [preauth]
Jun 25 15:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: Connection closed by 91.92.40.124 port 45518 [preauth]
Jun 25 15:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25584]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: Invalid user server from 91.92.40.124
Jun 25 15:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: input_userauth_request: invalid user server [preauth]
Jun 25 15:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: Failed password for invalid user server from 91.92.40.124 port 43856 ssh2
Jun 25 15:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25825]: Connection closed by 91.92.40.124 port 43856 [preauth]
Jun 25 15:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: Invalid user bob from 91.92.40.124
Jun 25 15:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: input_userauth_request: invalid user bob [preauth]
Jun 25 15:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 15:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: Failed password for invalid user bob from 91.92.40.124 port 43908 ssh2
Jun 25 15:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: Failed password for root from 80.66.85.226 port 57106 ssh2
Jun 25 15:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: Connection closed by 80.66.85.226 port 57106 [preauth]
Jun 25 15:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: Connection closed by 91.92.40.124 port 43908 [preauth]
Jun 25 15:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25860]: Invalid user username from 91.92.40.124
Jun 25 15:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25860]: input_userauth_request: invalid user username [preauth]
Jun 25 15:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25860]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25860]: Failed password for invalid user username from 91.92.40.124 port 48898 ssh2
Jun 25 15:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25860]: Connection closed by 91.92.40.124 port 48898 [preauth]
Jun 25 15:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25870]: Failed password for root from 91.92.40.124 port 48952 ssh2
Jun 25 15:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25870]: Connection closed by 91.92.40.124 port 48952 [preauth]
Jun 25 15:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24714]: pam_unix(cron:session): session closed for user root
Jun 25 15:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: Failed password for root from 91.92.40.124 port 37430 ssh2
Jun 25 15:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: Connection closed by 91.92.40.124 port 37430 [preauth]
Jun 25 15:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Failed password for root from 91.92.40.124 port 59712 ssh2
Jun 25 15:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Connection closed by 91.92.40.124 port 59712 [preauth]
Jun 25 15:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25943]: Invalid user ubuntu from 91.92.40.124
Jun 25 15:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25943]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 15:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25943]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25943]: Failed password for invalid user ubuntu from 91.92.40.124 port 59778 ssh2
Jun 25 15:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25943]: Connection closed by 91.92.40.124 port 59778 [preauth]
Jun 25 15:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Failed password for root from 91.92.40.124 port 51090 ssh2
Jun 25 15:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Connection closed by 91.92.40.124 port 51090 [preauth]
Jun 25 15:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Invalid user root1 from 91.92.40.124
Jun 25 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: input_userauth_request: invalid user root1 [preauth]
Jun 25 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Failed password for invalid user root1 from 91.92.40.124 port 37624 ssh2
Jun 25 15:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Connection closed by 91.92.40.124 port 37624 [preauth]
Jun 25 15:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25999]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: Invalid user vyos from 91.92.40.124
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: input_userauth_request: invalid user vyos [preauth]
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: Successful su for rubyman by root
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: + ??? root:rubyman
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590975 of user rubyman.
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590975.
Jun 25 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23268]: pam_unix(cron:session): session closed for user root
Jun 25 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: Failed password for invalid user vyos from 91.92.40.124 port 37682 ssh2
Jun 25 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25988]: Connection closed by 91.92.40.124 port 37682 [preauth]
Jun 25 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26000]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: Failed password for root from 91.92.40.124 port 47884 ssh2
Jun 25 15:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: Connection closed by 91.92.40.124 port 47884 [preauth]
Jun 25 15:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Invalid user minecraft from 91.92.40.124
Jun 25 15:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 15:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Failed password for invalid user minecraft from 91.92.40.124 port 47956 ssh2
Jun 25 15:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Connection closed by 91.92.40.124 port 47956 [preauth]
Jun 25 15:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26271]: Invalid user newuser from 91.92.40.124
Jun 25 15:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26271]: input_userauth_request: invalid user newuser [preauth]
Jun 25 15:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26271]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26271]: Failed password for invalid user newuser from 91.92.40.124 port 38478 ssh2
Jun 25 15:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26271]: Connection closed by 91.92.40.124 port 38478 [preauth]
Jun 25 15:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Invalid user vpn from 91.92.40.124
Jun 25 15:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: input_userauth_request: invalid user vpn [preauth]
Jun 25 15:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Failed password for invalid user vpn from 91.92.40.124 port 36936 ssh2
Jun 25 15:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Connection closed by 91.92.40.124 port 36936 [preauth]
Jun 25 15:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Failed password for root from 91.92.40.124 port 36994 ssh2
Jun 25 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25170]: pam_unix(cron:session): session closed for user root
Jun 25 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Connection closed by 91.92.40.124 port 36994 [preauth]
Jun 25 15:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Invalid user home from 91.92.40.124
Jun 25 15:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: input_userauth_request: invalid user home [preauth]
Jun 25 15:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Failed password for invalid user home from 91.92.40.124 port 49184 ssh2
Jun 25 15:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Connection closed by 91.92.40.124 port 49184 [preauth]
Jun 25 15:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: Failed password for root from 91.92.40.124 port 49262 ssh2
Jun 25 15:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: Connection closed by 91.92.40.124 port 49262 [preauth]
Jun 25 15:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Invalid user git from 91.92.40.124
Jun 25 15:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: input_userauth_request: invalid user git [preauth]
Jun 25 15:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Failed password for invalid user git from 91.92.40.124 port 43124 ssh2
Jun 25 15:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Connection closed by 91.92.40.124 port 43124 [preauth]
Jun 25 15:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Failed password for root from 91.92.40.124 port 43186 ssh2
Jun 25 15:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Connection closed by 91.92.40.124 port 43186 [preauth]
Jun 25 15:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: Invalid user user3 from 91.92.40.124
Jun 25 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: input_userauth_request: invalid user user3 [preauth]
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26413]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26471]: Successful su for rubyman by root
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26471]: + ??? root:rubyman
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590978 of user rubyman.
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26471]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590978.
Jun 25 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: Failed password for invalid user user3 from 91.92.40.124 port 36026 ssh2
Jun 25 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26410]: Connection closed by 91.92.40.124 port 36026 [preauth]
Jun 25 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23712]: pam_unix(cron:session): session closed for user root
Jun 25 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26414]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Invalid user oracle from 91.92.40.124
Jun 25 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: input_userauth_request: invalid user oracle [preauth]
Jun 25 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Failed password for invalid user oracle from 91.92.40.124 port 52984 ssh2
Jun 25 15:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Connection closed by 91.92.40.124 port 52984 [preauth]
Jun 25 15:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: User nobody from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 15:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: input_userauth_request: invalid user nobody [preauth]
Jun 25 15:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=nobody
Jun 25 15:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: Failed password for invalid user nobody from 91.92.40.124 port 53042 ssh2
Jun 25 15:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: Connection closed by 91.92.40.124 port 53042 [preauth]
Jun 25 15:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Invalid user centreon from 91.92.40.124
Jun 25 15:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: input_userauth_request: invalid user centreon [preauth]
Jun 25 15:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Failed password for invalid user centreon from 91.92.40.124 port 49784 ssh2
Jun 25 15:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Connection closed by 91.92.40.124 port 49784 [preauth]
Jun 25 15:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Invalid user testuser from 91.92.40.124
Jun 25 15:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: input_userauth_request: invalid user testuser [preauth]
Jun 25 15:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Failed password for invalid user testuser from 91.92.40.124 port 49854 ssh2
Jun 25 15:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Connection closed by 91.92.40.124 port 49854 [preauth]
Jun 25 15:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26811]: Invalid user opc from 91.92.40.124
Jun 25 15:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26811]: input_userauth_request: invalid user opc [preauth]
Jun 25 15:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26811]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25586]: pam_unix(cron:session): session closed for user root
Jun 25 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26811]: Failed password for invalid user opc from 91.92.40.124 port 48054 ssh2
Jun 25 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26811]: Connection closed by 91.92.40.124 port 48054 [preauth]
Jun 25 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Invalid user user from 91.92.40.124
Jun 25 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: input_userauth_request: invalid user user [preauth]
Jun 25 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Failed password for invalid user user from 91.92.40.124 port 59904 ssh2
Jun 25 15:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Connection closed by 91.92.40.124 port 59904 [preauth]
Jun 25 15:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: Invalid user claude from 91.92.40.124
Jun 25 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: input_userauth_request: invalid user claude [preauth]
Jun 25 15:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: Failed password for invalid user claude from 91.92.40.124 port 59944 ssh2
Jun 25 15:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: Connection closed by 91.92.40.124 port 59944 [preauth]
Jun 25 15:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: Invalid user master from 91.92.40.124
Jun 25 15:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: input_userauth_request: invalid user master [preauth]
Jun 25 15:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: Failed password for invalid user master from 91.92.40.124 port 43134 ssh2
Jun 25 15:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: Connection closed by 91.92.40.124 port 43134 [preauth]
Jun 25 15:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Failed password for root from 91.92.40.124 port 43202 ssh2
Jun 25 15:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Connection closed by 91.92.40.124 port 43202 [preauth]
Jun 25 15:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26904]: Invalid user ubuntu from 91.92.40.124
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26904]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26912]: pam_unix(cron:session): session closed for user root
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26907]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26904]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26979]: Successful su for rubyman by root
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26979]: + ??? root:rubyman
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590981 of user rubyman.
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26979]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590981.
Jun 25 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26909]: pam_unix(cron:session): session closed for user root
Jun 25 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26904]: Failed password for invalid user ubuntu from 91.92.40.124 port 33842 ssh2
Jun 25 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26904]: Connection closed by 91.92.40.124 port 33842 [preauth]
Jun 25 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24253]: pam_unix(cron:session): session closed for user root
Jun 25 15:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Invalid user kipt from 91.92.40.124
Jun 25 15:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: input_userauth_request: invalid user kipt [preauth]
Jun 25 15:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Failed password for invalid user kipt from 91.92.40.124 port 60290 ssh2
Jun 25 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Connection closed by 91.92.40.124 port 60290 [preauth]
Jun 25 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: Invalid user karel from 91.92.40.124
Jun 25 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: input_userauth_request: invalid user karel [preauth]
Jun 25 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: Failed password for invalid user karel from 91.92.40.124 port 60356 ssh2
Jun 25 15:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: Connection closed by 91.92.40.124 port 60356 [preauth]
Jun 25 15:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Invalid user media from 91.92.40.124
Jun 25 15:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: input_userauth_request: invalid user media [preauth]
Jun 25 15:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Failed password for invalid user media from 91.92.40.124 port 32820 ssh2
Jun 25 15:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Connection closed by 91.92.40.124 port 32820 [preauth]
Jun 25 15:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: Invalid user jenkins from 91.92.40.124
Jun 25 15:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 15:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: Failed password for invalid user jenkins from 91.92.40.124 port 32866 ssh2
Jun 25 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: Connection closed by 91.92.40.124 port 32866 [preauth]
Jun 25 15:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: Invalid user dev from 91.92.40.124
Jun 25 15:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: input_userauth_request: invalid user dev [preauth]
Jun 25 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26002]: pam_unix(cron:session): session closed for user root
Jun 25 15:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: Failed password for invalid user dev from 91.92.40.124 port 50098 ssh2
Jun 25 15:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27262]: Connection closed by 91.92.40.124 port 50098 [preauth]
Jun 25 15:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Failed password for root from 91.92.40.124 port 59956 ssh2
Jun 25 15:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Connection closed by 91.92.40.124 port 59956 [preauth]
Jun 25 15:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Invalid user bot from 91.92.40.124
Jun 25 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: input_userauth_request: invalid user bot [preauth]
Jun 25 15:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Failed password for invalid user bot from 91.92.40.124 port 60052 ssh2
Jun 25 15:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Connection closed by 91.92.40.124 port 60052 [preauth]
Jun 25 15:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27352]: Invalid user ansible from 91.92.40.124
Jun 25 15:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27352]: input_userauth_request: invalid user ansible [preauth]
Jun 25 15:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27352]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27352]: Failed password for invalid user ansible from 91.92.40.124 port 41256 ssh2
Jun 25 15:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27352]: Connection closed by 91.92.40.124 port 41256 [preauth]
Jun 25 15:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: Invalid user appuser from 91.92.40.124
Jun 25 15:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: input_userauth_request: invalid user appuser [preauth]
Jun 25 15:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: Failed password for invalid user appuser from 91.92.40.124 port 41328 ssh2
Jun 25 15:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: Connection closed by 91.92.40.124 port 41328 [preauth]
Jun 25 15:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27383]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: Successful su for rubyman by root
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: + ??? root:rubyman
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590988 of user rubyman.
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590988.
Jun 25 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: Invalid user username from 91.92.40.124
Jun 25 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: input_userauth_request: invalid user username [preauth]
Jun 25 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24713]: pam_unix(cron:session): session closed for user root
Jun 25 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: Failed password for invalid user username from 91.92.40.124 port 49460 ssh2
Jun 25 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27384]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: Connection closed by 91.92.40.124 port 49460 [preauth]
Jun 25 15:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Invalid user ftpuser from 91.92.40.124
Jun 25 15:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 15:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Failed password for invalid user ftpuser from 91.92.40.124 port 42074 ssh2
Jun 25 15:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27622]: Connection closed by 91.92.40.124 port 42074 [preauth]
Jun 25 15:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: Invalid user frappe from 91.92.40.124
Jun 25 15:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: input_userauth_request: invalid user frappe [preauth]
Jun 25 15:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: Failed password for invalid user frappe from 91.92.40.124 port 42156 ssh2
Jun 25 15:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27646]: Connection closed by 91.92.40.124 port 42156 [preauth]
Jun 25 15:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: Invalid user coder from 91.92.40.124
Jun 25 15:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: input_userauth_request: invalid user coder [preauth]
Jun 25 15:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: Failed password for invalid user coder from 91.92.40.124 port 38980 ssh2
Jun 25 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27677]: Connection closed by 91.92.40.124 port 38980 [preauth]
Jun 25 15:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: Invalid user appuser from 91.92.40.124
Jun 25 15:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: input_userauth_request: invalid user appuser [preauth]
Jun 25 15:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: Failed password for invalid user appuser from 91.92.40.124 port 44124 ssh2
Jun 25 15:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: Connection closed by 91.92.40.124 port 44124 [preauth]
Jun 25 15:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Invalid user tester from 91.92.40.124
Jun 25 15:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: input_userauth_request: invalid user tester [preauth]
Jun 25 15:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session closed for user root
Jun 25 15:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Failed password for invalid user tester from 91.92.40.124 port 44172 ssh2
Jun 25 15:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Connection closed by 91.92.40.124 port 44172 [preauth]
Jun 25 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: Failed password for root from 91.92.40.124 port 39154 ssh2
Jun 25 15:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: Connection closed by 91.92.40.124 port 39154 [preauth]
Jun 25 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: Invalid user btc from 91.92.40.124
Jun 25 15:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: input_userauth_request: invalid user btc [preauth]
Jun 25 15:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: Failed password for invalid user btc from 91.92.40.124 port 39250 ssh2
Jun 25 15:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: Connection closed by 91.92.40.124 port 39250 [preauth]
Jun 25 15:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: User vncuser from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 15:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 15:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=vncuser
Jun 25 15:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Failed password for invalid user vncuser from 91.92.40.124 port 40976 ssh2
Jun 25 15:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Connection closed by 91.92.40.124 port 40976 [preauth]
Jun 25 15:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: Invalid user trade from 91.92.40.124
Jun 25 15:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: input_userauth_request: invalid user trade [preauth]
Jun 25 15:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: Failed password for invalid user trade from 91.92.40.124 port 42806 ssh2
Jun 25 15:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27793]: Connection closed by 91.92.40.124 port 42806 [preauth]
Jun 25 15:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27816]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27805]: Invalid user jakob from 91.92.40.124
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27805]: input_userauth_request: invalid user jakob [preauth]
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: Successful su for rubyman by root
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: + ??? root:rubyman
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590991 of user rubyman.
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590991.
Jun 25 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27805]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27805]: Failed password for invalid user jakob from 91.92.40.124 port 42832 ssh2
Jun 25 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25169]: pam_unix(cron:session): session closed for user root
Jun 25 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27805]: Connection closed by 91.92.40.124 port 42832 [preauth]
Jun 25 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27817]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: Invalid user user4 from 91.92.40.124
Jun 25 15:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: input_userauth_request: invalid user user4 [preauth]
Jun 25 15:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: Failed password for invalid user user4 from 91.92.40.124 port 43714 ssh2
Jun 25 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28103]: Connection closed by 91.92.40.124 port 43714 [preauth]
Jun 25 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Invalid user nagios from 91.92.40.124
Jun 25 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: input_userauth_request: invalid user nagios [preauth]
Jun 25 15:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Failed password for invalid user nagios from 91.92.40.124 port 43754 ssh2
Jun 25 15:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Connection closed by 91.92.40.124 port 43754 [preauth]
Jun 25 15:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: Invalid user user from 91.92.40.124
Jun 25 15:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: input_userauth_request: invalid user user [preauth]
Jun 25 15:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: Failed password for invalid user user from 91.92.40.124 port 32796 ssh2
Jun 25 15:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: Connection closed by 91.92.40.124 port 32796 [preauth]
Jun 25 15:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: Invalid user rdpuser from 91.92.40.124
Jun 25 15:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 15:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: Failed password for invalid user rdpuser from 91.92.40.124 port 35826 ssh2
Jun 25 15:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: Connection closed by 91.92.40.124 port 35826 [preauth]
Jun 25 15:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Invalid user pi from 91.92.40.124
Jun 25 15:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: input_userauth_request: invalid user pi [preauth]
Jun 25 15:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26911]: pam_unix(cron:session): session closed for user root
Jun 25 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Failed password for invalid user pi from 91.92.40.124 port 35870 ssh2
Jun 25 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Connection closed by 91.92.40.124 port 35870 [preauth]
Jun 25 15:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: Failed password for root from 91.92.40.124 port 38852 ssh2
Jun 25 15:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28229]: Connection closed by 91.92.40.124 port 38852 [preauth]
Jun 25 15:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: Failed password for root from 91.92.40.124 port 38914 ssh2
Jun 25 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: Connection closed by 91.92.40.124 port 38914 [preauth]
Jun 25 15:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Invalid user myuser from 91.92.40.124
Jun 25 15:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: input_userauth_request: invalid user myuser [preauth]
Jun 25 15:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Failed password for invalid user myuser from 91.92.40.124 port 52962 ssh2
Jun 25 15:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Connection closed by 91.92.40.124 port 52962 [preauth]
Jun 25 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Invalid user admin from 2.57.121.25
Jun 25 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Failed password for root from 91.92.40.124 port 50926 ssh2
Jun 25 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Connection closed by 91.92.40.124 port 50926 [preauth]
Jun 25 15:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Failed password for invalid user admin from 2.57.121.25 port 63548 ssh2
Jun 25 15:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Failed password for invalid user admin from 2.57.121.25 port 63548 ssh2
Jun 25 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: Invalid user deploy from 91.92.40.124
Jun 25 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28297]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28356]: Successful su for rubyman by root
Jun 25 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28356]: + ??? root:rubyman
Jun 25 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 590996 of user rubyman.
Jun 25 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28356]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 590996.
Jun 25 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Failed password for invalid user admin from 2.57.121.25 port 63548 ssh2
Jun 25 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Connection closed by 2.57.121.25 port 63548 [preauth]
Jun 25 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 15:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: Failed password for invalid user deploy from 91.92.40.124 port 51000 ssh2
Jun 25 15:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: Connection closed by 91.92.40.124 port 51000 [preauth]
Jun 25 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25585]: pam_unix(cron:session): session closed for user root
Jun 25 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: Invalid user dspace from 91.92.40.124
Jun 25 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: input_userauth_request: invalid user dspace [preauth]
Jun 25 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: Failed password for invalid user dspace from 91.92.40.124 port 33880 ssh2
Jun 25 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: Connection closed by 91.92.40.124 port 33880 [preauth]
Jun 25 15:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: Failed password for root from 91.92.40.124 port 33940 ssh2
Jun 25 15:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: Connection closed by 91.92.40.124 port 33940 [preauth]
Jun 25 15:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: Invalid user bernard from 91.92.40.124
Jun 25 15:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: input_userauth_request: invalid user bernard [preauth]
Jun 25 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: Failed password for invalid user bernard from 91.92.40.124 port 55736 ssh2
Jun 25 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: Connection closed by 91.92.40.124 port 55736 [preauth]
Jun 25 15:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: Failed password for root from 91.92.40.124 port 55796 ssh2
Jun 25 15:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: Connection closed by 91.92.40.124 port 55796 [preauth]
Jun 25 15:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: Invalid user developer from 91.92.40.124
Jun 25 15:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: input_userauth_request: invalid user developer [preauth]
Jun 25 15:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: Failed password for invalid user developer from 91.92.40.124 port 47906 ssh2
Jun 25 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: Connection closed by 91.92.40.124 port 47906 [preauth]
Jun 25 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session closed for user root
Jun 25 15:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: Invalid user admin from 91.92.40.124
Jun 25 15:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: Failed password for invalid user admin from 91.92.40.124 port 57158 ssh2
Jun 25 15:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: Connection closed by 91.92.40.124 port 57158 [preauth]
Jun 25 15:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Failed password for root from 91.92.40.124 port 57242 ssh2
Jun 25 15:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Connection closed by 91.92.40.124 port 57242 [preauth]
Jun 25 15:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Invalid user test from 91.92.40.124
Jun 25 15:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: input_userauth_request: invalid user test [preauth]
Jun 25 15:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Failed password for invalid user test from 91.92.40.124 port 37780 ssh2
Jun 25 15:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Connection closed by 91.92.40.124 port 37780 [preauth]
Jun 25 15:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Failed password for root from 91.92.40.124 port 37796 ssh2
Jun 25 15:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Connection closed by 91.92.40.124 port 37796 [preauth]
Jun 25 15:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: Invalid user amir from 91.92.40.124
Jun 25 15:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: input_userauth_request: invalid user amir [preauth]
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28810]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28940]: Successful su for rubyman by root
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28940]: + ??? root:rubyman
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591000 of user rubyman.
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28940]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591000.
Jun 25 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28806]: pam_unix(cron:session): session closed for user root
Jun 25 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: Failed password for invalid user amir from 91.92.40.124 port 42070 ssh2
Jun 25 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: Connection closed by 91.92.40.124 port 42070 [preauth]
Jun 25 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26001]: pam_unix(cron:session): session closed for user root
Jun 25 15:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28811]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Invalid user cloud from 91.92.40.124
Jun 25 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: input_userauth_request: invalid user cloud [preauth]
Jun 25 15:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Failed password for invalid user cloud from 91.92.40.124 port 52702 ssh2
Jun 25 15:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Connection closed by 91.92.40.124 port 52702 [preauth]
Jun 25 15:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: Failed password for root from 91.92.40.124 port 52788 ssh2
Jun 25 15:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: Connection closed by 91.92.40.124 port 52788 [preauth]
Jun 25 15:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29204]: Failed password for root from 91.92.40.124 port 57380 ssh2
Jun 25 15:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29204]: Connection closed by 91.92.40.124 port 57380 [preauth]
Jun 25 15:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Invalid user ftpuser from 91.92.40.124
Jun 25 15:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 15:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Failed password for invalid user ftpuser from 91.92.40.124 port 57434 ssh2
Jun 25 15:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Connection closed by 91.92.40.124 port 57434 [preauth]
Jun 25 15:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Invalid user labuser from 91.92.40.124
Jun 25 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: input_userauth_request: invalid user labuser [preauth]
Jun 25 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27819]: pam_unix(cron:session): session closed for user root
Jun 25 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Failed password for invalid user labuser from 91.92.40.124 port 34608 ssh2
Jun 25 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Connection closed by 91.92.40.124 port 34608 [preauth]
Jun 25 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Failed password for root from 91.92.40.124 port 54782 ssh2
Jun 25 15:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Connection closed by 91.92.40.124 port 54782 [preauth]
Jun 25 15:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: Invalid user sam from 91.92.40.124
Jun 25 15:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: input_userauth_request: invalid user sam [preauth]
Jun 25 15:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: Failed password for invalid user sam from 91.92.40.124 port 54832 ssh2
Jun 25 15:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: Connection closed by 91.92.40.124 port 54832 [preauth]
Jun 25 15:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: Invalid user user from 91.92.40.124
Jun 25 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: input_userauth_request: invalid user user [preauth]
Jun 25 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: Failed password for invalid user user from 91.92.40.124 port 44632 ssh2
Jun 25 15:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: Connection closed by 91.92.40.124 port 44632 [preauth]
Jun 25 15:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: Invalid user user from 91.92.40.124
Jun 25 15:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: input_userauth_request: invalid user user [preauth]
Jun 25 15:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: Failed password for invalid user user from 91.92.40.124 port 44726 ssh2
Jun 25 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29340]: Connection closed by 91.92.40.124 port 44726 [preauth]
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session closed for user root
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: Successful su for rubyman by root
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: + ??? root:rubyman
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591004 of user rubyman.
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29429]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591004.
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29350]: Invalid user osmc from 91.92.40.124
Jun 25 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29350]: input_userauth_request: invalid user osmc [preauth]
Jun 25 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29350]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session closed for user root
Jun 25 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26415]: pam_unix(cron:session): session closed for user root
Jun 25 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29350]: Failed password for invalid user osmc from 91.92.40.124 port 39610 ssh2
Jun 25 15:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29350]: Connection closed by 91.92.40.124 port 39610 [preauth]
Jun 25 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: Invalid user cursor from 91.92.40.124
Jun 25 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: input_userauth_request: invalid user cursor [preauth]
Jun 25 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: Failed password for invalid user cursor from 91.92.40.124 port 42066 ssh2
Jun 25 15:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: Connection closed by 91.92.40.124 port 42066 [preauth]
Jun 25 15:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: Invalid user zabbix from 91.92.40.124
Jun 25 15:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: input_userauth_request: invalid user zabbix [preauth]
Jun 25 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: Failed password for invalid user zabbix from 91.92.40.124 port 42146 ssh2
Jun 25 15:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: Connection closed by 91.92.40.124 port 42146 [preauth]
Jun 25 15:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Invalid user admin from 91.92.40.124
Jun 25 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Failed password for invalid user admin from 91.92.40.124 port 49636 ssh2
Jun 25 15:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Connection closed by 91.92.40.124 port 49636 [preauth]
Jun 25 15:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: Invalid user fivem from 91.92.40.124
Jun 25 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: input_userauth_request: invalid user fivem [preauth]
Jun 25 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: Failed password for invalid user fivem from 91.92.40.124 port 49714 ssh2
Jun 25 15:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: Connection closed by 91.92.40.124 port 49714 [preauth]
Jun 25 15:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Invalid user zimbra from 91.92.40.124
Jun 25 15:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: input_userauth_request: invalid user zimbra [preauth]
Jun 25 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Failed password for invalid user zimbra from 91.92.40.124 port 56178 ssh2
Jun 25 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Connection closed by 91.92.40.124 port 56178 [preauth]
Jun 25 15:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session closed for user root
Jun 25 15:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: Invalid user dani from 141.98.83.240
Jun 25 15:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: input_userauth_request: invalid user dani [preauth]
Jun 25 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: Invalid user minecraft from 91.92.40.124
Jun 25 15:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 15:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: Failed password for invalid user dani from 141.98.83.240 port 18700 ssh2
Jun 25 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: Failed password for invalid user minecraft from 91.92.40.124 port 50720 ssh2
Jun 25 15:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: Connection closed by 91.92.40.124 port 50720 [preauth]
Jun 25 15:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: Failed password for invalid user dani from 141.98.83.240 port 18700 ssh2
Jun 25 15:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: Failed password for invalid user dani from 141.98.83.240 port 18700 ssh2
Jun 25 15:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: Connection closed by 141.98.83.240 port 18700 [preauth]
Jun 25 15:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29881]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 15:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Invalid user gg from 91.92.40.124
Jun 25 15:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: input_userauth_request: invalid user gg [preauth]
Jun 25 15:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Failed password for invalid user gg from 91.92.40.124 port 50782 ssh2
Jun 25 15:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Connection closed by 91.92.40.124 port 50782 [preauth]
Jun 25 15:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29921]: Invalid user ecommerce from 91.92.40.124
Jun 25 15:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29921]: input_userauth_request: invalid user ecommerce [preauth]
Jun 25 15:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29921]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29921]: Failed password for invalid user ecommerce from 91.92.40.124 port 59632 ssh2
Jun 25 15:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29921]: Connection closed by 91.92.40.124 port 59632 [preauth]
Jun 25 15:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29931]: Invalid user test1 from 91.92.40.124
Jun 25 15:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29931]: input_userauth_request: invalid user test1 [preauth]
Jun 25 15:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29931]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29931]: Failed password for invalid user test1 from 91.92.40.124 port 59672 ssh2
Jun 25 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29931]: Connection closed by 91.92.40.124 port 59672 [preauth]
Jun 25 15:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: Invalid user debian from 91.92.40.124
Jun 25 15:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: input_userauth_request: invalid user debian [preauth]
Jun 25 15:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29953]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30019]: Successful su for rubyman by root
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30019]: + ??? root:rubyman
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591010 of user rubyman.
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30019]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591010.
Jun 25 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: Failed password for invalid user debian from 91.92.40.124 port 50622 ssh2
Jun 25 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: Connection closed by 91.92.40.124 port 50622 [preauth]
Jun 25 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26910]: pam_unix(cron:session): session closed for user root
Jun 25 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29954]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Invalid user openclaw from 91.92.40.124
Jun 25 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Failed password for invalid user openclaw from 91.92.40.124 port 50634 ssh2
Jun 25 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Connection closed by 91.92.40.124 port 50634 [preauth]
Jun 25 15:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30234]: Failed password for root from 91.92.40.124 port 50734 ssh2
Jun 25 15:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30234]: Connection closed by 91.92.40.124 port 50734 [preauth]
Jun 25 15:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30257]: Failed password for root from 91.92.40.124 port 45728 ssh2
Jun 25 15:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30257]: Connection closed by 91.92.40.124 port 45728 [preauth]
Jun 25 15:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: Failed password for root from 91.92.40.124 port 45780 ssh2
Jun 25 15:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: Connection closed by 91.92.40.124 port 45780 [preauth]
Jun 25 15:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: Invalid user user from 91.92.40.124
Jun 25 15:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: input_userauth_request: invalid user user [preauth]
Jun 25 15:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: Failed password for invalid user user from 91.92.40.124 port 55554 ssh2
Jun 25 15:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: Connection closed by 91.92.40.124 port 55554 [preauth]
Jun 25 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28813]: pam_unix(cron:session): session closed for user root
Jun 25 15:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: Invalid user admin from 91.92.40.124
Jun 25 15:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: Failed password for invalid user admin from 91.92.40.124 port 46214 ssh2
Jun 25 15:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: Connection closed by 91.92.40.124 port 46214 [preauth]
Jun 25 15:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: Invalid user frappe from 91.92.40.124
Jun 25 15:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: input_userauth_request: invalid user frappe [preauth]
Jun 25 15:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: Failed password for invalid user frappe from 91.92.40.124 port 46262 ssh2
Jun 25 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: Connection closed by 91.92.40.124 port 46262 [preauth]
Jun 25 15:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: Invalid user packer from 91.92.40.124
Jun 25 15:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: input_userauth_request: invalid user packer [preauth]
Jun 25 15:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: Failed password for invalid user packer from 91.92.40.124 port 33586 ssh2
Jun 25 15:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: Connection closed by 91.92.40.124 port 33586 [preauth]
Jun 25 15:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Invalid user user from 91.92.40.124
Jun 25 15:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: input_userauth_request: invalid user user [preauth]
Jun 25 15:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Failed password for invalid user user from 91.92.40.124 port 33610 ssh2
Jun 25 15:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Connection closed by 91.92.40.124 port 33610 [preauth]
Jun 25 15:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Failed password for root from 91.92.40.124 port 43420 ssh2
Jun 25 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Connection closed by 91.92.40.124 port 43420 [preauth]
Jun 25 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30391]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: Successful su for rubyman by root
Jun 25 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: + ??? root:rubyman
Jun 25 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591014 of user rubyman.
Jun 25 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591014.
Jun 25 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27385]: pam_unix(cron:session): session closed for user root
Jun 25 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30554]: Invalid user systemd from 91.92.40.124
Jun 25 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30554]: input_userauth_request: invalid user systemd [preauth]
Jun 25 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30554]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30554]: Failed password for invalid user systemd from 91.92.40.124 port 57474 ssh2
Jun 25 15:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30554]: Connection closed by 91.92.40.124 port 57474 [preauth]
Jun 25 15:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: Invalid user dev from 91.92.40.124
Jun 25 15:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: input_userauth_request: invalid user dev [preauth]
Jun 25 15:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: Failed password for invalid user dev from 91.92.40.124 port 57506 ssh2
Jun 25 15:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: Connection closed by 91.92.40.124 port 57506 [preauth]
Jun 25 15:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Invalid user debian from 91.92.40.124
Jun 25 15:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: input_userauth_request: invalid user debian [preauth]
Jun 25 15:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Failed password for invalid user debian from 91.92.40.124 port 42236 ssh2
Jun 25 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Connection closed by 91.92.40.124 port 42236 [preauth]
Jun 25 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Failed password for root from 91.92.40.124 port 42262 ssh2
Jun 25 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Connection closed by 91.92.40.124 port 42262 [preauth]
Jun 25 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Invalid user debian from 91.92.40.124
Jun 25 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: input_userauth_request: invalid user debian [preauth]
Jun 25 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for invalid user debian from 91.92.40.124 port 47522 ssh2
Jun 25 15:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Connection closed by 91.92.40.124 port 47522 [preauth]
Jun 25 15:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session closed for user root
Jun 25 15:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Failed password for root from 91.92.40.124 port 47598 ssh2
Jun 25 15:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Connection closed by 91.92.40.124 port 47598 [preauth]
Jun 25 15:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Invalid user home from 91.92.40.124
Jun 25 15:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: input_userauth_request: invalid user home [preauth]
Jun 25 15:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Failed password for invalid user home from 91.92.40.124 port 53622 ssh2
Jun 25 15:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Connection closed by 91.92.40.124 port 53622 [preauth]
Jun 25 15:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: Invalid user student from 91.92.40.124
Jun 25 15:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: input_userauth_request: invalid user student [preauth]
Jun 25 15:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: Failed password for invalid user student from 91.92.40.124 port 33310 ssh2
Jun 25 15:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: Connection closed by 91.92.40.124 port 33310 [preauth]
Jun 25 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Invalid user hamed from 91.92.40.124
Jun 25 15:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: input_userauth_request: invalid user hamed [preauth]
Jun 25 15:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Failed password for invalid user hamed from 91.92.40.124 port 33366 ssh2
Jun 25 15:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Connection closed by 91.92.40.124 port 33366 [preauth]
Jun 25 15:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Invalid user pi from 91.92.40.124
Jun 25 15:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: input_userauth_request: invalid user pi [preauth]
Jun 25 15:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Failed password for invalid user pi from 91.92.40.124 port 52642 ssh2
Jun 25 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Connection closed by 91.92.40.124 port 52642 [preauth]
Jun 25 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30902]: Successful su for rubyman by root
Jun 25 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30902]: + ??? root:rubyman
Jun 25 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591018 of user rubyman.
Jun 25 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30902]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591018.
Jun 25 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27818]: pam_unix(cron:session): session closed for user root
Jun 25 15:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Failed password for root from 91.92.40.124 port 52702 ssh2
Jun 25 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Connection closed by 91.92.40.124 port 52702 [preauth]
Jun 25 15:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Invalid user alex from 91.92.40.124
Jun 25 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: input_userauth_request: invalid user alex [preauth]
Jun 25 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Failed password for invalid user alex from 91.92.40.124 port 49072 ssh2
Jun 25 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Connection closed by 91.92.40.124 port 49072 [preauth]
Jun 25 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Invalid user steam from 91.92.40.124
Jun 25 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: input_userauth_request: invalid user steam [preauth]
Jun 25 15:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Failed password for invalid user steam from 91.92.40.124 port 51824 ssh2
Jun 25 15:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Connection closed by 91.92.40.124 port 51824 [preauth]
Jun 25 15:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Invalid user test from 91.92.40.124
Jun 25 15:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: input_userauth_request: invalid user test [preauth]
Jun 25 15:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Failed password for invalid user test from 91.92.40.124 port 51916 ssh2
Jun 25 15:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Connection closed by 91.92.40.124 port 51916 [preauth]
Jun 25 15:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: Invalid user bot from 91.92.40.124
Jun 25 15:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: input_userauth_request: invalid user bot [preauth]
Jun 25 15:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: Failed password for invalid user bot from 91.92.40.124 port 59408 ssh2
Jun 25 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: Connection closed by 91.92.40.124 port 59408 [preauth]
Jun 25 15:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29956]: pam_unix(cron:session): session closed for user root
Jun 25 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: Invalid user user1 from 91.92.40.124
Jun 25 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: input_userauth_request: invalid user user1 [preauth]
Jun 25 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: Failed password for invalid user user1 from 91.92.40.124 port 59464 ssh2
Jun 25 15:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: Connection closed by 91.92.40.124 port 59464 [preauth]
Jun 25 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Invalid user teamspeak from 91.92.40.124
Jun 25 15:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 15:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Failed password for invalid user teamspeak from 91.92.40.124 port 42080 ssh2
Jun 25 15:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Connection closed by 91.92.40.124 port 42080 [preauth]
Jun 25 15:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: Invalid user wso2 from 91.92.40.124
Jun 25 15:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: input_userauth_request: invalid user wso2 [preauth]
Jun 25 15:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: Failed password for invalid user wso2 from 91.92.40.124 port 38286 ssh2
Jun 25 15:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: Connection closed by 91.92.40.124 port 38286 [preauth]
Jun 25 15:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31322]: Invalid user username from 91.92.40.124
Jun 25 15:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31322]: input_userauth_request: invalid user username [preauth]
Jun 25 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31322]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31322]: Failed password for invalid user username from 91.92.40.124 port 38344 ssh2
Jun 25 15:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31322]: Connection closed by 91.92.40.124 port 38344 [preauth]
Jun 25 15:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Invalid user nvidia from 91.92.40.124
Jun 25 15:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: input_userauth_request: invalid user nvidia [preauth]
Jun 25 15:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Failed password for invalid user nvidia from 91.92.40.124 port 46240 ssh2
Jun 25 15:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Connection closed by 91.92.40.124 port 46240 [preauth]
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31412]: Successful su for rubyman by root
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31412]: + ??? root:rubyman
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591022 of user rubyman.
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31412]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591022.
Jun 25 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: Invalid user claude from 91.92.40.124
Jun 25 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: input_userauth_request: invalid user claude [preauth]
Jun 25 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session closed for user root
Jun 25 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: Failed password for invalid user claude from 91.92.40.124 port 46320 ssh2
Jun 25 15:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: Connection closed by 91.92.40.124 port 46320 [preauth]
Jun 25 15:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: User john from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: input_userauth_request: invalid user john [preauth]
Jun 25 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=john
Jun 25 15:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: Failed password for invalid user john from 91.92.40.124 port 39102 ssh2
Jun 25 15:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: Connection closed by 91.92.40.124 port 39102 [preauth]
Jun 25 15:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: Failed password for root from 91.92.40.124 port 39174 ssh2
Jun 25 15:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: Connection closed by 91.92.40.124 port 39174 [preauth]
Jun 25 15:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: Invalid user usuario from 91.92.40.124
Jun 25 15:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: input_userauth_request: invalid user usuario [preauth]
Jun 25 15:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: Failed password for invalid user usuario from 91.92.40.124 port 49922 ssh2
Jun 25 15:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: Connection closed by 91.92.40.124 port 49922 [preauth]
Jun 25 15:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: User ftp from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 15:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: input_userauth_request: invalid user ftp [preauth]
Jun 25 15:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=ftp
Jun 25 15:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: Failed password for invalid user ftp from 91.92.40.124 port 54730 ssh2
Jun 25 15:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: Connection closed by 91.92.40.124 port 54730 [preauth]
Jun 25 15:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31765]: Invalid user hduser from 91.92.40.124
Jun 25 15:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31765]: input_userauth_request: invalid user hduser [preauth]
Jun 25 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31765]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session closed for user root
Jun 25 15:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31765]: Failed password for invalid user hduser from 91.92.40.124 port 54754 ssh2
Jun 25 15:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31765]: Connection closed by 91.92.40.124 port 54754 [preauth]
Jun 25 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Invalid user ec2-user from 91.92.40.124
Jun 25 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 15:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Failed password for invalid user ec2-user from 91.92.40.124 port 53270 ssh2
Jun 25 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Connection closed by 91.92.40.124 port 53270 [preauth]
Jun 25 15:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: Invalid user root1 from 91.92.40.124
Jun 25 15:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: input_userauth_request: invalid user root1 [preauth]
Jun 25 15:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: Failed password for invalid user root1 from 91.92.40.124 port 53330 ssh2
Jun 25 15:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: Connection closed by 91.92.40.124 port 53330 [preauth]
Jun 25 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: Failed password for root from 91.92.40.124 port 47684 ssh2
Jun 25 15:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: Connection closed by 91.92.40.124 port 47684 [preauth]
Jun 25 15:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Invalid user asterisk from 91.92.40.124
Jun 25 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: input_userauth_request: invalid user asterisk [preauth]
Jun 25 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Failed password for invalid user asterisk from 91.92.40.124 port 37692 ssh2
Jun 25 15:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Connection closed by 91.92.40.124 port 37692 [preauth]
Jun 25 15:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31872]: pam_unix(cron:session): session closed for user root
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31866]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31943]: Successful su for rubyman by root
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31943]: + ??? root:rubyman
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591026 of user rubyman.
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31943]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591026.
Jun 25 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Invalid user vbox from 91.92.40.124
Jun 25 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: input_userauth_request: invalid user vbox [preauth]
Jun 25 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session closed for user root
Jun 25 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Failed password for invalid user vbox from 91.92.40.124 port 37752 ssh2
Jun 25 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28812]: pam_unix(cron:session): session closed for user root
Jun 25 15:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Connection closed by 91.92.40.124 port 37752 [preauth]
Jun 25 15:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31867]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: Invalid user config from 91.92.40.124
Jun 25 15:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: input_userauth_request: invalid user config [preauth]
Jun 25 15:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: Failed password for invalid user config from 91.92.40.124 port 41432 ssh2
Jun 25 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32146]: Connection closed by 91.92.40.124 port 41432 [preauth]
Jun 25 15:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32179]: Invalid user ftpuser from 91.92.40.124
Jun 25 15:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32179]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 15:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32179]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32179]: Failed password for invalid user ftpuser from 91.92.40.124 port 41466 ssh2
Jun 25 15:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32179]: Connection closed by 91.92.40.124 port 41466 [preauth]
Jun 25 15:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: Failed password for root from 91.92.40.124 port 50130 ssh2
Jun 25 15:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: Connection closed by 91.92.40.124 port 50130 [preauth]
Jun 25 15:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Failed password for root from 91.92.40.124 port 50214 ssh2
Jun 25 15:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Connection closed by 91.92.40.124 port 50214 [preauth]
Jun 25 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Invalid user portal from 91.92.40.124
Jun 25 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: input_userauth_request: invalid user portal [preauth]
Jun 25 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session closed for user root
Jun 25 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Failed password for invalid user portal from 91.92.40.124 port 57136 ssh2
Jun 25 15:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Connection closed by 91.92.40.124 port 57136 [preauth]
Jun 25 15:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: Invalid user sonar from 91.92.40.124
Jun 25 15:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: input_userauth_request: invalid user sonar [preauth]
Jun 25 15:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: Failed password for invalid user sonar from 91.92.40.124 port 38398 ssh2
Jun 25 15:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: Connection closed by 91.92.40.124 port 38398 [preauth]
Jun 25 15:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: Invalid user tactical from 91.92.40.124
Jun 25 15:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: input_userauth_request: invalid user tactical [preauth]
Jun 25 15:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: Failed password for invalid user tactical from 91.92.40.124 port 38422 ssh2
Jun 25 15:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32282]: Connection closed by 91.92.40.124 port 38422 [preauth]
Jun 25 15:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Invalid user admin from 91.92.40.124
Jun 25 15:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Failed password for invalid user admin from 91.92.40.124 port 47110 ssh2
Jun 25 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Connection closed by 91.92.40.124 port 47110 [preauth]
Jun 25 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: Invalid user master from 91.92.40.124
Jun 25 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: input_userauth_request: invalid user master [preauth]
Jun 25 15:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: Failed password for invalid user master from 91.92.40.124 port 47030 ssh2
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32327]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: Connection closed by 91.92.40.124 port 47030 [preauth]
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32410]: Successful su for rubyman by root
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32410]: + ??? root:rubyman
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591032 of user rubyman.
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32410]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591032.
Jun 25 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Invalid user testuser from 91.92.40.124
Jun 25 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: input_userauth_request: invalid user testuser [preauth]
Jun 25 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session closed for user root
Jun 25 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32328]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Failed password for invalid user testuser from 91.92.40.124 port 47102 ssh2
Jun 25 15:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Connection closed by 91.92.40.124 port 47102 [preauth]
Jun 25 15:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: Failed password for root from 91.92.40.124 port 43744 ssh2
Jun 25 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32580]: Connection closed by 91.92.40.124 port 43744 [preauth]
Jun 25 15:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Failed password for root from 91.92.40.124 port 43822 ssh2
Jun 25 15:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Connection closed by 91.92.40.124 port 43822 [preauth]
Jun 25 15:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: Invalid user minecraft from 91.92.40.124
Jun 25 15:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 15:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: Failed password for invalid user minecraft from 91.92.40.124 port 49950 ssh2
Jun 25 15:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32634]: Connection closed by 91.92.40.124 port 49950 [preauth]
Jun 25 15:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: Invalid user sam from 91.92.40.124
Jun 25 15:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: input_userauth_request: invalid user sam [preauth]
Jun 25 15:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: Failed password for invalid user sam from 91.92.40.124 port 45360 ssh2
Jun 25 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32660]: Connection closed by 91.92.40.124 port 45360 [preauth]
Jun 25 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31350]: pam_unix(cron:session): session closed for user root
Jun 25 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: Invalid user newuser from 91.92.40.124
Jun 25 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: input_userauth_request: invalid user newuser [preauth]
Jun 25 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: Failed password for invalid user newuser from 91.92.40.124 port 45396 ssh2
Jun 25 15:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32674]: Connection closed by 91.92.40.124 port 45396 [preauth]
Jun 25 15:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: Invalid user azureuser from 91.92.40.124
Jun 25 15:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: input_userauth_request: invalid user azureuser [preauth]
Jun 25 15:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: Failed password for invalid user azureuser from 91.92.40.124 port 47770 ssh2
Jun 25 15:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: Connection closed by 91.92.40.124 port 47770 [preauth]
Jun 25 15:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Invalid user deploy from 91.92.40.124
Jun 25 15:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Failed password for invalid user deploy from 91.92.40.124 port 47826 ssh2
Jun 25 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Connection closed by 91.92.40.124 port 47826 [preauth]
Jun 25 15:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: Invalid user xiao from 91.92.40.124
Jun 25 15:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: input_userauth_request: invalid user xiao [preauth]
Jun 25 15:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: Failed password for invalid user xiao from 91.92.40.124 port 47270 ssh2
Jun 25 15:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: Connection closed by 91.92.40.124 port 47270 [preauth]
Jun 25 15:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Failed password for root from 91.92.40.124 port 47248 ssh2
Jun 25 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32765]: Connection closed by 91.92.40.124 port 47248 [preauth]
Jun 25 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[308]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: Successful su for rubyman by root
Jun 25 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: + ??? root:rubyman
Jun 25 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591038 of user rubyman.
Jun 25 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591038.
Jun 25 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: Invalid user student from 91.92.40.124
Jun 25 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: input_userauth_request: invalid user student [preauth]
Jun 25 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29955]: pam_unix(cron:session): session closed for user root
Jun 25 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: Failed password for invalid user student from 91.92.40.124 port 47344 ssh2
Jun 25 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: Connection closed by 91.92.40.124 port 47344 [preauth]
Jun 25 15:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: Invalid user deploy from 91.92.40.124
Jun 25 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: Failed password for invalid user deploy from 91.92.40.124 port 58090 ssh2
Jun 25 15:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: Connection closed by 91.92.40.124 port 58090 [preauth]
Jun 25 15:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: Invalid user gary from 91.92.40.124
Jun 25 15:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: input_userauth_request: invalid user gary [preauth]
Jun 25 15:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: Failed password for invalid user gary from 91.92.40.124 port 52572 ssh2
Jun 25 15:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: Connection closed by 91.92.40.124 port 52572 [preauth]
Jun 25 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: Invalid user node from 91.92.40.124
Jun 25 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: input_userauth_request: invalid user node [preauth]
Jun 25 15:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: Failed password for invalid user node from 91.92.40.124 port 52634 ssh2
Jun 25 15:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: Connection closed by 91.92.40.124 port 52634 [preauth]
Jun 25 15:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Invalid user webuser from 91.92.40.124
Jun 25 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: input_userauth_request: invalid user webuser [preauth]
Jun 25 15:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Failed password for invalid user webuser from 91.92.40.124 port 59210 ssh2
Jun 25 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Connection closed by 91.92.40.124 port 59210 [preauth]
Jun 25 15:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31871]: pam_unix(cron:session): session closed for user root
Jun 25 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: Failed password for root from 91.92.40.124 port 59306 ssh2
Jun 25 15:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: Connection closed by 91.92.40.124 port 59306 [preauth]
Jun 25 15:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Invalid user claude from 91.92.40.124
Jun 25 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: input_userauth_request: invalid user claude [preauth]
Jun 25 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Failed password for invalid user claude from 91.92.40.124 port 44016 ssh2
Jun 25 15:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Connection closed by 91.92.40.124 port 44016 [preauth]
Jun 25 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[838]: Invalid user appuser from 91.92.40.124
Jun 25 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[838]: input_userauth_request: invalid user appuser [preauth]
Jun 25 15:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[838]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[838]: Failed password for invalid user appuser from 91.92.40.124 port 44090 ssh2
Jun 25 15:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[838]: Connection closed by 91.92.40.124 port 44090 [preauth]
Jun 25 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[863]: Invalid user myuser from 91.92.40.124
Jun 25 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[863]: input_userauth_request: invalid user myuser [preauth]
Jun 25 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[863]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[863]: Failed password for invalid user myuser from 91.92.40.124 port 50050 ssh2
Jun 25 15:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[863]: Connection closed by 91.92.40.124 port 50050 [preauth]
Jun 25 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: Invalid user admin1 from 91.92.40.124
Jun 25 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 15:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: Failed password for invalid user admin1 from 91.92.40.124 port 42902 ssh2
Jun 25 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: Connection closed by 91.92.40.124 port 42902 [preauth]
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[887]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[956]: Successful su for rubyman by root
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[956]: + ??? root:rubyman
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591041 of user rubyman.
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[956]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591041.
Jun 25 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: Invalid user rocky from 91.92.40.124
Jun 25 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: input_userauth_request: invalid user rocky [preauth]
Jun 25 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: Failed password for invalid user rocky from 91.92.40.124 port 42950 ssh2
Jun 25 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: Connection closed by 91.92.40.124 port 42950 [preauth]
Jun 25 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session closed for user root
Jun 25 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[888]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Invalid user user10 from 91.92.40.124
Jun 25 15:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: input_userauth_request: invalid user user10 [preauth]
Jun 25 15:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Failed password for invalid user user10 from 91.92.40.124 port 39332 ssh2
Jun 25 15:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Connection closed by 91.92.40.124 port 39332 [preauth]
Jun 25 15:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Invalid user username from 91.92.40.124
Jun 25 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: input_userauth_request: invalid user username [preauth]
Jun 25 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Failed password for invalid user username from 91.92.40.124 port 39382 ssh2
Jun 25 15:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Connection closed by 91.92.40.124 port 39382 [preauth]
Jun 25 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: Failed password for root from 91.92.40.124 port 57036 ssh2
Jun 25 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: Connection closed by 91.92.40.124 port 57036 [preauth]
Jun 25 15:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1226]: Invalid user master from 91.92.40.124
Jun 25 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1226]: input_userauth_request: invalid user master [preauth]
Jun 25 15:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1226]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1226]: Failed password for invalid user master from 91.92.40.124 port 57034 ssh2
Jun 25 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1226]: Connection closed by 91.92.40.124 port 57034 [preauth]
Jun 25 15:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Invalid user user1 from 91.92.40.124
Jun 25 15:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: input_userauth_request: invalid user user1 [preauth]
Jun 25 15:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Failed password for invalid user user1 from 91.92.40.124 port 57108 ssh2
Jun 25 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32330]: pam_unix(cron:session): session closed for user root
Jun 25 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Connection closed by 91.92.40.124 port 57108 [preauth]
Jun 25 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Invalid user pi from 91.92.40.124
Jun 25 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: input_userauth_request: invalid user pi [preauth]
Jun 25 15:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 25 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Failed password for invalid user pi from 91.92.40.124 port 37406 ssh2
Jun 25 15:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for root from 45.148.10.121 port 41898 ssh2
Jun 25 15:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Connection closed by 91.92.40.124 port 37406 [preauth]
Jun 25 15:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Connection closed by 45.148.10.121 port 41898 [preauth]
Jun 25 15:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Invalid user bitrix from 91.92.40.124
Jun 25 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: input_userauth_request: invalid user bitrix [preauth]
Jun 25 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Failed password for invalid user bitrix from 91.92.40.124 port 37468 ssh2
Jun 25 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Connection closed by 91.92.40.124 port 37468 [preauth]
Jun 25 15:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Invalid user bot from 91.92.40.124
Jun 25 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: input_userauth_request: invalid user bot [preauth]
Jun 25 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Failed password for invalid user bot from 91.92.40.124 port 32804 ssh2
Jun 25 15:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Connection closed by 91.92.40.124 port 32804 [preauth]
Jun 25 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Invalid user admin from 91.92.40.124
Jun 25 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Failed password for invalid user admin from 91.92.40.124 port 44198 ssh2
Jun 25 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Connection closed by 91.92.40.124 port 44198 [preauth]
Jun 25 15:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1385]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1480]: Successful su for rubyman by root
Jun 25 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1480]: + ??? root:rubyman
Jun 25 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591044 of user rubyman.
Jun 25 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1480]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591044.
Jun 25 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1370]: Invalid user dmdba from 91.92.40.124
Jun 25 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1370]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1370]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1370]: Failed password for invalid user dmdba from 91.92.40.124 port 44270 ssh2
Jun 25 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session closed for user root
Jun 25 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1370]: Connection closed by 91.92.40.124 port 44270 [preauth]
Jun 25 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1386]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: Invalid user administrator from 91.92.40.124
Jun 25 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: input_userauth_request: invalid user administrator [preauth]
Jun 25 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: Failed password for invalid user administrator from 91.92.40.124 port 34378 ssh2
Jun 25 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: Connection closed by 91.92.40.124 port 34378 [preauth]
Jun 25 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Failed password for root from 91.92.40.124 port 34474 ssh2
Jun 25 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Connection closed by 91.92.40.124 port 34474 [preauth]
Jun 25 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: Invalid user steam from 91.92.40.124
Jun 25 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: input_userauth_request: invalid user steam [preauth]
Jun 25 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: Failed password for invalid user steam from 91.92.40.124 port 39704 ssh2
Jun 25 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: Connection closed by 91.92.40.124 port 39704 [preauth]
Jun 25 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: Invalid user app from 91.92.40.124
Jun 25 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: input_userauth_request: invalid user app [preauth]
Jun 25 15:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: Failed password for invalid user app from 91.92.40.124 port 42292 ssh2
Jun 25 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1822]: Connection closed by 91.92.40.124 port 42292 [preauth]
Jun 25 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: Invalid user runner from 91.92.40.124
Jun 25 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: input_userauth_request: invalid user runner [preauth]
Jun 25 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session closed for user root
Jun 25 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: Failed password for invalid user runner from 91.92.40.124 port 42388 ssh2
Jun 25 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: Connection closed by 91.92.40.124 port 42388 [preauth]
Jun 25 15:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: Invalid user ubuntu from 91.92.40.124
Jun 25 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: Failed password for invalid user ubuntu from 91.92.40.124 port 34732 ssh2
Jun 25 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: Connection closed by 91.92.40.124 port 34732 [preauth]
Jun 25 15:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1873]: Failed password for root from 91.92.40.124 port 34792 ssh2
Jun 25 15:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1873]: Connection closed by 91.92.40.124 port 34792 [preauth]
Jun 25 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: Invalid user default from 91.92.40.124
Jun 25 15:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: input_userauth_request: invalid user default [preauth]
Jun 25 15:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: Failed password for invalid user default from 91.92.40.124 port 53188 ssh2
Jun 25 15:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: Connection closed by 91.92.40.124 port 53188 [preauth]
Jun 25 15:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: Invalid user admin1 from 91.92.40.124
Jun 25 15:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 15:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: Failed password for invalid user admin1 from 91.92.40.124 port 45538 ssh2
Jun 25 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1935]: Connection closed by 91.92.40.124 port 45538 [preauth]
Jun 25 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1964]: pam_unix(cron:session): session closed for user root
Jun 25 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1958]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2065]: Successful su for rubyman by root
Jun 25 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2065]: + ??? root:rubyman
Jun 25 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591052 of user rubyman.
Jun 25 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2065]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591052.
Jun 25 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: Invalid user deploy from 91.92.40.124
Jun 25 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1960]: pam_unix(cron:session): session closed for user root
Jun 25 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session closed for user root
Jun 25 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: Failed password for invalid user deploy from 91.92.40.124 port 45580 ssh2
Jun 25 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: Connection closed by 91.92.40.124 port 45580 [preauth]
Jun 25 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: Failed password for root from 91.92.40.124 port 46812 ssh2
Jun 25 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: Connection closed by 91.92.40.124 port 46812 [preauth]
Jun 25 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for root from 91.92.40.124 port 46862 ssh2
Jun 25 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Connection closed by 91.92.40.124 port 46862 [preauth]
Jun 25 15:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Invalid user installer from 91.92.40.124
Jun 25 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: input_userauth_request: invalid user installer [preauth]
Jun 25 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Failed password for invalid user installer from 91.92.40.124 port 53854 ssh2
Jun 25 15:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Connection closed by 91.92.40.124 port 53854 [preauth]
Jun 25 15:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: Invalid user user1 from 91.92.40.124
Jun 25 15:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: input_userauth_request: invalid user user1 [preauth]
Jun 25 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: Failed password for invalid user user1 from 91.92.40.124 port 51418 ssh2
Jun 25 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: Connection closed by 91.92.40.124 port 51418 [preauth]
Jun 25 15:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Invalid user debian from 91.92.40.124
Jun 25 15:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: input_userauth_request: invalid user debian [preauth]
Jun 25 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[890]: pam_unix(cron:session): session closed for user root
Jun 25 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Failed password for invalid user debian from 91.92.40.124 port 51476 ssh2
Jun 25 15:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Connection closed by 91.92.40.124 port 51476 [preauth]
Jun 25 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2398]: Failed password for root from 91.92.40.124 port 39342 ssh2
Jun 25 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2398]: Connection closed by 91.92.40.124 port 39342 [preauth]
Jun 25 15:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: Invalid user developer from 91.92.40.124
Jun 25 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: input_userauth_request: invalid user developer [preauth]
Jun 25 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: Failed password for invalid user developer from 91.92.40.124 port 39384 ssh2
Jun 25 15:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2418]: Connection closed by 91.92.40.124 port 39384 [preauth]
Jun 25 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: Invalid user deployer from 91.92.40.124
Jun 25 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: input_userauth_request: invalid user deployer [preauth]
Jun 25 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: Failed password for invalid user deployer from 91.92.40.124 port 57736 ssh2
Jun 25 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: Connection closed by 91.92.40.124 port 57736 [preauth]
Jun 25 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: Failed password for root from 91.92.40.124 port 56152 ssh2
Jun 25 15:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2453]: Connection closed by 91.92.40.124 port 56152 [preauth]
Jun 25 15:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2467]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2545]: Successful su for rubyman by root
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2545]: + ??? root:rubyman
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591054 of user rubyman.
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2545]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591054.
Jun 25 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session closed for user root
Jun 25 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: Failed password for root from 91.92.40.124 port 56242 ssh2
Jun 25 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2468]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: Connection closed by 91.92.40.124 port 56242 [preauth]
Jun 25 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: Invalid user rancher from 91.92.40.124
Jun 25 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: input_userauth_request: invalid user rancher [preauth]
Jun 25 15:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: Failed password for invalid user rancher from 91.92.40.124 port 54236 ssh2
Jun 25 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: Connection closed by 91.92.40.124 port 54236 [preauth]
Jun 25 15:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: Invalid user user from 91.92.40.124
Jun 25 15:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: input_userauth_request: invalid user user [preauth]
Jun 25 15:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: Failed password for invalid user user from 91.92.40.124 port 54264 ssh2
Jun 25 15:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: Connection closed by 91.92.40.124 port 54264 [preauth]
Jun 25 15:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Invalid user devops from 91.92.40.124
Jun 25 15:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: input_userauth_request: invalid user devops [preauth]
Jun 25 15:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Failed password for invalid user devops from 91.92.40.124 port 54970 ssh2
Jun 25 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Connection closed by 91.92.40.124 port 54970 [preauth]
Jun 25 15:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Invalid user openclaw from 91.92.40.124
Jun 25 15:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 15:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Failed password for invalid user openclaw from 91.92.40.124 port 48050 ssh2
Jun 25 15:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Connection closed by 91.92.40.124 port 48050 [preauth]
Jun 25 15:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Invalid user frappe from 91.92.40.124
Jun 25 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: input_userauth_request: invalid user frappe [preauth]
Jun 25 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Failed password for invalid user frappe from 91.92.40.124 port 48078 ssh2
Jun 25 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Connection closed by 91.92.40.124 port 48078 [preauth]
Jun 25 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session closed for user root
Jun 25 15:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Invalid user grok from 91.92.40.124
Jun 25 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: input_userauth_request: invalid user grok [preauth]
Jun 25 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Failed password for invalid user grok from 91.92.40.124 port 36208 ssh2
Jun 25 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Connection closed by 91.92.40.124 port 36208 [preauth]
Jun 25 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Invalid user potok from 91.92.40.124
Jun 25 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: input_userauth_request: invalid user potok [preauth]
Jun 25 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Failed password for invalid user potok from 91.92.40.124 port 36230 ssh2
Jun 25 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Connection closed by 91.92.40.124 port 36230 [preauth]
Jun 25 15:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Invalid user app from 91.92.40.124
Jun 25 15:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: input_userauth_request: invalid user app [preauth]
Jun 25 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Failed password for invalid user app from 91.92.40.124 port 54448 ssh2
Jun 25 15:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Connection closed by 91.92.40.124 port 54448 [preauth]
Jun 25 15:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: Invalid user deploy from 91.92.40.124
Jun 25 15:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: Failed password for invalid user deploy from 91.92.40.124 port 54556 ssh2
Jun 25 15:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2903]: Connection closed by 91.92.40.124 port 54556 [preauth]
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2925]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: Invalid user steam from 91.92.40.124
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: input_userauth_request: invalid user steam [preauth]
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2984]: Successful su for rubyman by root
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2984]: + ??? root:rubyman
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591058 of user rubyman.
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2984]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591058.
Jun 25 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: Failed password for invalid user steam from 91.92.40.124 port 54326 ssh2
Jun 25 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32329]: pam_unix(cron:session): session closed for user root
Jun 25 15:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: Connection closed by 91.92.40.124 port 54326 [preauth]
Jun 25 15:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2926]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Invalid user gabriel from 91.92.40.124
Jun 25 15:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 15:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Failed password for invalid user gabriel from 91.92.40.124 port 54388 ssh2
Jun 25 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Connection closed by 91.92.40.124 port 54388 [preauth]
Jun 25 15:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: Failed password for root from 91.92.40.124 port 58636 ssh2
Jun 25 15:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: Connection closed by 91.92.40.124 port 58636 [preauth]
Jun 25 15:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Invalid user cloud from 91.92.40.124
Jun 25 15:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: input_userauth_request: invalid user cloud [preauth]
Jun 25 15:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Failed password for invalid user cloud from 91.92.40.124 port 46276 ssh2
Jun 25 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Connection closed by 91.92.40.124 port 46276 [preauth]
Jun 25 15:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3200]: Invalid user hadoop from 91.92.40.124
Jun 25 15:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3200]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 15:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3200]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3200]: Failed password for invalid user hadoop from 91.92.40.124 port 46354 ssh2
Jun 25 15:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3200]: Connection closed by 91.92.40.124 port 46354 [preauth]
Jun 25 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Invalid user test from 91.92.40.124
Jun 25 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: input_userauth_request: invalid user test [preauth]
Jun 25 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1963]: pam_unix(cron:session): session closed for user root
Jun 25 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Failed password for invalid user test from 91.92.40.124 port 45852 ssh2
Jun 25 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Connection closed by 91.92.40.124 port 45852 [preauth]
Jun 25 15:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: Invalid user ubuntu from 91.92.40.124
Jun 25 15:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 15:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: Failed password for invalid user ubuntu from 91.92.40.124 port 45990 ssh2
Jun 25 15:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: Connection closed by 91.92.40.124 port 45990 [preauth]
Jun 25 15:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: Invalid user trader from 91.92.40.124
Jun 25 15:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: input_userauth_request: invalid user trader [preauth]
Jun 25 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: Failed password for invalid user trader from 91.92.40.124 port 33108 ssh2
Jun 25 15:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: Connection closed by 91.92.40.124 port 33108 [preauth]
Jun 25 15:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Invalid user fivem from 91.92.40.124
Jun 25 15:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: input_userauth_request: invalid user fivem [preauth]
Jun 25 15:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Failed password for invalid user fivem from 91.92.40.124 port 54530 ssh2
Jun 25 15:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Connection closed by 91.92.40.124 port 54530 [preauth]
Jun 25 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Invalid user jenkins from 91.92.40.124
Jun 25 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Failed password for invalid user jenkins from 91.92.40.124 port 54628 ssh2
Jun 25 15:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Connection closed by 91.92.40.124 port 54628 [preauth]
Jun 25 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Invalid user postgres from 91.92.40.124
Jun 25 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: input_userauth_request: invalid user postgres [preauth]
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3332]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: Successful su for rubyman by root
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: + ??? root:rubyman
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591062 of user rubyman.
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591062.
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Failed password for invalid user postgres from 91.92.40.124 port 48798 ssh2
Jun 25 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Connection closed by 91.92.40.124 port 48798 [preauth]
Jun 25 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[310]: pam_unix(cron:session): session closed for user root
Jun 25 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3333]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: Invalid user pi from 91.92.40.124
Jun 25 15:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: input_userauth_request: invalid user pi [preauth]
Jun 25 15:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: Failed password for invalid user pi from 91.92.40.124 port 48876 ssh2
Jun 25 15:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: Connection closed by 91.92.40.124 port 48876 [preauth]
Jun 25 15:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: Invalid user admin from 91.92.40.124
Jun 25 15:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: Failed password for invalid user admin from 91.92.40.124 port 36898 ssh2
Jun 25 15:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: Connection closed by 91.92.40.124 port 36898 [preauth]
Jun 25 15:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Failed password for root from 91.92.40.124 port 60930 ssh2
Jun 25 15:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Connection closed by 91.92.40.124 port 60930 [preauth]
Jun 25 15:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: Invalid user root1 from 91.92.40.124
Jun 25 15:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: input_userauth_request: invalid user root1 [preauth]
Jun 25 15:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: Failed password for invalid user root1 from 91.92.40.124 port 60984 ssh2
Jun 25 15:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: Connection closed by 91.92.40.124 port 60984 [preauth]
Jun 25 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Invalid user support from 91.92.40.124
Jun 25 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: input_userauth_request: invalid user support [preauth]
Jun 25 15:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Failed password for invalid user support from 91.92.40.124 port 45538 ssh2
Jun 25 15:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Connection closed by 91.92.40.124 port 45538 [preauth]
Jun 25 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2471]: pam_unix(cron:session): session closed for user root
Jun 25 15:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Invalid user odoo17 from 91.92.40.124
Jun 25 15:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 15:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Failed password for invalid user odoo17 from 91.92.40.124 port 39028 ssh2
Jun 25 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Connection closed by 91.92.40.124 port 39028 [preauth]
Jun 25 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: Invalid user myuser from 91.92.40.124
Jun 25 15:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: input_userauth_request: invalid user myuser [preauth]
Jun 25 15:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: Invalid user shiann from 2.57.121.112
Jun 25 15:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: input_userauth_request: invalid user shiann [preauth]
Jun 25 15:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: Failed password for invalid user myuser from 91.92.40.124 port 39112 ssh2
Jun 25 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: Connection closed by 91.92.40.124 port 39112 [preauth]
Jun 25 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: Failed password for invalid user shiann from 2.57.121.112 port 15796 ssh2
Jun 25 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: User mysql from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: input_userauth_request: invalid user mysql [preauth]
Jun 25 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=mysql
Jun 25 15:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: Failed password for invalid user shiann from 2.57.121.112 port 15796 ssh2
Jun 25 15:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: Failed password for invalid user mysql from 91.92.40.124 port 58094 ssh2
Jun 25 15:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: Failed password for invalid user shiann from 2.57.121.112 port 15796 ssh2
Jun 25 15:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: Connection closed by 91.92.40.124 port 58094 [preauth]
Jun 25 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: Failed password for invalid user shiann from 2.57.121.112 port 15796 ssh2
Jun 25 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: Failed password for invalid user shiann from 2.57.121.112 port 15796 ssh2
Jun 25 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: Connection closed by 2.57.121.112 port 15796 [preauth]
Jun 25 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: Invalid user redhat from 91.92.40.124
Jun 25 15:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: input_userauth_request: invalid user redhat [preauth]
Jun 25 15:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: Failed password for invalid user redhat from 91.92.40.124 port 58190 ssh2
Jun 25 15:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: Connection closed by 91.92.40.124 port 58190 [preauth]
Jun 25 15:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: Invalid user monitor from 91.92.40.124
Jun 25 15:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: input_userauth_request: invalid user monitor [preauth]
Jun 25 15:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: Failed password for invalid user monitor from 91.92.40.124 port 36308 ssh2
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3969]: Successful su for rubyman by root
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3969]: + ??? root:rubyman
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591068 of user rubyman.
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3969]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591068.
Jun 25 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: Connection closed by 91.92.40.124 port 36308 [preauth]
Jun 25 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[889]: pam_unix(cron:session): session closed for user root
Jun 25 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3851]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4136]: Failed password for root from 91.92.40.124 port 36382 ssh2
Jun 25 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4136]: Connection closed by 91.92.40.124 port 36382 [preauth]
Jun 25 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Invalid user alex from 91.92.40.124
Jun 25 15:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: input_userauth_request: invalid user alex [preauth]
Jun 25 15:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Failed password for invalid user alex from 91.92.40.124 port 49468 ssh2
Jun 25 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Connection closed by 91.92.40.124 port 49468 [preauth]
Jun 25 15:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: Invalid user admin from 91.92.40.124
Jun 25 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: input_userauth_request: invalid user admin [preauth]
Jun 25 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: Failed password for invalid user admin from 91.92.40.124 port 37714 ssh2
Jun 25 15:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4238]: Connection closed by 91.92.40.124 port 37714 [preauth]
Jun 25 15:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: Invalid user ducc0x from 91.92.40.124
Jun 25 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: input_userauth_request: invalid user ducc0x [preauth]
Jun 25 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: Failed password for invalid user ducc0x from 91.92.40.124 port 37784 ssh2
Jun 25 15:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4249]: Connection closed by 91.92.40.124 port 37784 [preauth]
Jun 25 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Invalid user neptune from 91.92.40.124
Jun 25 15:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: input_userauth_request: invalid user neptune [preauth]
Jun 25 15:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Failed password for invalid user neptune from 91.92.40.124 port 49156 ssh2
Jun 25 15:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Connection closed by 91.92.40.124 port 49156 [preauth]
Jun 25 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2928]: pam_unix(cron:session): session closed for user root
Jun 25 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: Invalid user lin from 91.92.40.124
Jun 25 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: input_userauth_request: invalid user lin [preauth]
Jun 25 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: Failed password for invalid user lin from 91.92.40.124 port 49232 ssh2
Jun 25 15:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: Connection closed by 91.92.40.124 port 49232 [preauth]
Jun 25 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: Invalid user guest from 91.92.40.124
Jun 25 15:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: input_userauth_request: invalid user guest [preauth]
Jun 25 15:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: Failed password for invalid user guest from 91.92.40.124 port 56264 ssh2
Jun 25 15:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: Connection closed by 91.92.40.124 port 56264 [preauth]
Jun 25 15:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: Invalid user user from 91.92.40.124
Jun 25 15:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: input_userauth_request: invalid user user [preauth]
Jun 25 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: Failed password for invalid user user from 91.92.40.124 port 45392 ssh2
Jun 25 15:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: Connection closed by 91.92.40.124 port 45392 [preauth]
Jun 25 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Failed password for root from 91.92.40.124 port 45414 ssh2
Jun 25 15:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Connection closed by 91.92.40.124 port 45414 [preauth]
Jun 25 15:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Invalid user odoo14 from 91.92.40.124
Jun 25 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: input_userauth_request: invalid user odoo14 [preauth]
Jun 25 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Failed password for invalid user odoo14 from 91.92.40.124 port 49202 ssh2
Jun 25 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Connection closed by 91.92.40.124 port 49202 [preauth]
Jun 25 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4393]: pam_unix(cron:session): session closed for user root
Jun 25 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4388]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4454]: Successful su for rubyman by root
Jun 25 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4454]: + ??? root:rubyman
Jun 25 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591072 of user rubyman.
Jun 25 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4454]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591072.
Jun 25 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4495]: Invalid user nginx from 91.92.40.124
Jun 25 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4495]: input_userauth_request: invalid user nginx [preauth]
Jun 25 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4495]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4390]: pam_unix(cron:session): session closed for user root
Jun 25 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session closed for user root
Jun 25 15:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4495]: Failed password for invalid user nginx from 91.92.40.124 port 49272 ssh2
Jun 25 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4495]: Connection closed by 91.92.40.124 port 49272 [preauth]
Jun 25 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4389]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: Invalid user debian from 91.92.40.124
Jun 25 15:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: input_userauth_request: invalid user debian [preauth]
Jun 25 15:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: Invalid user willem from 68.183.236.1
Jun 25 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: input_userauth_request: invalid user willem [preauth]
Jun 25 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 15:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: Failed password for invalid user debian from 91.92.40.124 port 58822 ssh2
Jun 25 15:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: Connection closed by 91.92.40.124 port 58822 [preauth]
Jun 25 15:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: Failed password for invalid user willem from 68.183.236.1 port 41844 ssh2
Jun 25 15:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: Received disconnect from 68.183.236.1 port 41844:11: Bye Bye [preauth]
Jun 25 15:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: Disconnected from 68.183.236.1 port 41844 [preauth]
Jun 25 15:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: Invalid user term2 from 91.92.40.124
Jun 25 15:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: input_userauth_request: invalid user term2 [preauth]
Jun 25 15:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: Failed password for invalid user term2 from 91.92.40.124 port 34116 ssh2
Jun 25 15:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: Connection closed by 91.92.40.124 port 34116 [preauth]
Jun 25 15:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Invalid user ai from 91.92.40.124
Jun 25 15:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: input_userauth_request: invalid user ai [preauth]
Jun 25 15:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Failed password for invalid user ai from 91.92.40.124 port 34200 ssh2
Jun 25 15:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Connection closed by 91.92.40.124 port 34200 [preauth]
Jun 25 15:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: Invalid user teamspeak from 91.92.40.124
Jun 25 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: Failed password for invalid user teamspeak from 91.92.40.124 port 49466 ssh2
Jun 25 15:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: Connection closed by 91.92.40.124 port 49466 [preauth]
Jun 25 15:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session closed for user root
Jun 25 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: Invalid user tom from 91.92.40.124
Jun 25 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: input_userauth_request: invalid user tom [preauth]
Jun 25 15:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: Failed password for invalid user tom from 91.92.40.124 port 49512 ssh2
Jun 25 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: Connection closed by 91.92.40.124 port 49512 [preauth]
Jun 25 15:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: Invalid user dani from 91.92.40.124
Jun 25 15:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: input_userauth_request: invalid user dani [preauth]
Jun 25 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: Failed password for invalid user dani from 91.92.40.124 port 51098 ssh2
Jun 25 15:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4854]: Connection closed by 91.92.40.124 port 51098 [preauth]
Jun 25 15:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Invalid user system from 91.92.40.124
Jun 25 15:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: input_userauth_request: invalid user system [preauth]
Jun 25 15:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Failed password for invalid user system from 91.92.40.124 port 49514 ssh2
Jun 25 15:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Connection closed by 91.92.40.124 port 49514 [preauth]
Jun 25 15:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: Invalid user odoo18 from 91.92.40.124
Jun 25 15:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: input_userauth_request: invalid user odoo18 [preauth]
Jun 25 15:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: Failed password for invalid user odoo18 from 91.92.40.124 port 49604 ssh2
Jun 25 15:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: Connection closed by 91.92.40.124 port 49604 [preauth]
Jun 25 15:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Invalid user admin2 from 91.92.40.124
Jun 25 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 15:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Failed password for invalid user admin2 from 91.92.40.124 port 59986 ssh2
Jun 25 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Connection closed by 91.92.40.124 port 59986 [preauth]
Jun 25 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4958]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5024]: Successful su for rubyman by root
Jun 25 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5024]: + ??? root:rubyman
Jun 25 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591076 of user rubyman.
Jun 25 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5024]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591076.
Jun 25 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: Invalid user dev from 91.92.40.124
Jun 25 15:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: input_userauth_request: invalid user dev [preauth]
Jun 25 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1962]: pam_unix(cron:session): session closed for user root
Jun 25 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: Failed password for invalid user dev from 91.92.40.124 port 60056 ssh2
Jun 25 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4960]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: Connection closed by 91.92.40.124 port 60056 [preauth]
Jun 25 15:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Failed password for root from 91.92.40.124 port 34528 ssh2
Jun 25 15:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Connection closed by 91.92.40.124 port 34528 [preauth]
Jun 25 15:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Invalid user test from 91.92.40.124
Jun 25 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: input_userauth_request: invalid user test [preauth]
Jun 25 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Failed password for invalid user test from 91.92.40.124 port 44784 ssh2
Jun 25 15:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Connection closed by 91.92.40.124 port 44784 [preauth]
Jun 25 15:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: Invalid user webuser from 91.92.40.124
Jun 25 15:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: input_userauth_request: invalid user webuser [preauth]
Jun 25 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: Failed password for invalid user webuser from 91.92.40.124 port 44876 ssh2
Jun 25 15:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5254]: Connection closed by 91.92.40.124 port 44876 [preauth]
Jun 25 15:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Invalid user splunk from 91.92.40.124
Jun 25 15:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: input_userauth_request: invalid user splunk [preauth]
Jun 25 15:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Failed password for invalid user splunk from 91.92.40.124 port 40604 ssh2
Jun 25 15:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Connection closed by 91.92.40.124 port 40604 [preauth]
Jun 25 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3853]: pam_unix(cron:session): session closed for user root
Jun 25 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Invalid user deploy from 91.92.40.124
Jun 25 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Failed password for invalid user deploy from 91.92.40.124 port 40636 ssh2
Jun 25 15:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Connection closed by 91.92.40.124 port 40636 [preauth]
Jun 25 15:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Failed password for root from 91.92.40.124 port 40132 ssh2
Jun 25 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Connection closed by 91.92.40.124 port 40132 [preauth]
Jun 25 15:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5348]: Failed password for root from 91.92.40.124 port 59138 ssh2
Jun 25 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5348]: Connection closed by 91.92.40.124 port 59138 [preauth]
Jun 25 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Invalid user ftpuser from 91.92.40.124
Jun 25 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Failed password for invalid user ftpuser from 91.92.40.124 port 59176 ssh2
Jun 25 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Connection closed by 91.92.40.124 port 59176 [preauth]
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5392]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5453]: Successful su for rubyman by root
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5453]: + ??? root:rubyman
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591081 of user rubyman.
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5453]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591081.
Jun 25 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5383]: Failed password for root from 91.92.40.124 port 45406 ssh2
Jun 25 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2469]: pam_unix(cron:session): session closed for user root
Jun 25 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5383]: Connection closed by 91.92.40.124 port 45406 [preauth]
Jun 25 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5393]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: Invalid user martin from 91.92.40.124
Jun 25 15:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: input_userauth_request: invalid user martin [preauth]
Jun 25 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: Failed password for invalid user martin from 91.92.40.124 port 45420 ssh2
Jun 25 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: Connection closed by 91.92.40.124 port 45420 [preauth]
Jun 25 15:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Invalid user amit from 91.92.40.124
Jun 25 15:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: input_userauth_request: invalid user amit [preauth]
Jun 25 15:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Failed password for invalid user amit from 91.92.40.124 port 54132 ssh2
Jun 25 15:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Connection closed by 91.92.40.124 port 54132 [preauth]
Jun 25 15:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Failed password for root from 91.92.40.124 port 45708 ssh2
Jun 25 15:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Connection closed by 91.92.40.124 port 45708 [preauth]
Jun 25 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: Invalid user node from 91.92.40.124
Jun 25 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: input_userauth_request: invalid user node [preauth]
Jun 25 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: Failed password for invalid user node from 91.92.40.124 port 45792 ssh2
Jun 25 15:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5673]: Connection closed by 91.92.40.124 port 45792 [preauth]
Jun 25 15:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Invalid user user1 from 91.92.40.124
Jun 25 15:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: input_userauth_request: invalid user user1 [preauth]
Jun 25 15:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Failed password for invalid user user1 from 91.92.40.124 port 50180 ssh2
Jun 25 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4392]: pam_unix(cron:session): session closed for user root
Jun 25 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Connection closed by 91.92.40.124 port 50180 [preauth]
Jun 25 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Invalid user odoo16 from 91.92.40.124
Jun 25 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: input_userauth_request: invalid user odoo16 [preauth]
Jun 25 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Failed password for invalid user odoo16 from 91.92.40.124 port 56542 ssh2
Jun 25 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Connection closed by 91.92.40.124 port 56542 [preauth]
Jun 25 15:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Invalid user deploy from 91.92.40.124
Jun 25 15:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: input_userauth_request: invalid user deploy [preauth]
Jun 25 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Failed password for invalid user deploy from 91.92.40.124 port 56566 ssh2
Jun 25 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Connection closed by 91.92.40.124 port 56566 [preauth]
Jun 25 15:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: Invalid user username from 91.92.40.124
Jun 25 15:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: input_userauth_request: invalid user username [preauth]
Jun 25 15:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: Failed password for invalid user username from 91.92.40.124 port 39772 ssh2
Jun 25 15:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: Connection closed by 91.92.40.124 port 39772 [preauth]
Jun 25 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Invalid user pi from 91.92.40.124
Jun 25 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: input_userauth_request: invalid user pi [preauth]
Jun 25 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Failed password for invalid user pi from 91.92.40.124 port 39824 ssh2
Jun 25 15:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Connection closed by 91.92.40.124 port 39824 [preauth]
Jun 25 15:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Invalid user worker from 91.92.40.124
Jun 25 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: input_userauth_request: invalid user worker [preauth]
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5802]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5869]: Successful su for rubyman by root
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5869]: + ??? root:rubyman
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591084 of user rubyman.
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5869]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591084.
Jun 25 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Failed password for invalid user worker from 91.92.40.124 port 54656 ssh2
Jun 25 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Connection closed by 91.92.40.124 port 54656 [preauth]
Jun 25 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2927]: pam_unix(cron:session): session closed for user root
Jun 25 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Invalid user appuser from 91.92.40.124
Jun 25 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: input_userauth_request: invalid user appuser [preauth]
Jun 25 15:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Failed password for invalid user appuser from 91.92.40.124 port 49728 ssh2
Jun 25 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Connection closed by 91.92.40.124 port 49728 [preauth]
Jun 25 15:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: Invalid user user from 91.92.40.124
Jun 25 15:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: input_userauth_request: invalid user user [preauth]
Jun 25 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: Failed password for invalid user user from 91.92.40.124 port 49762 ssh2
Jun 25 15:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: Connection closed by 91.92.40.124 port 49762 [preauth]
Jun 25 15:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Invalid user deployer from 91.92.40.124
Jun 25 15:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: input_userauth_request: invalid user deployer [preauth]
Jun 25 15:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Failed password for invalid user deployer from 91.92.40.124 port 51880 ssh2
Jun 25 15:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Connection closed by 91.92.40.124 port 51880 [preauth]
Jun 25 15:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Invalid user ranga from 91.92.40.124
Jun 25 15:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: input_userauth_request: invalid user ranga [preauth]
Jun 25 15:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 15:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Failed password for invalid user ranga from 91.92.40.124 port 51946 ssh2
Jun 25 15:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Connection closed by 91.92.40.124 port 51946 [preauth]
Jun 25 15:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Failed password for root from 202.178.126.219 port 53229 ssh2
Jun 25 15:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Connection closed by 202.178.126.219 port 53229 [preauth]
Jun 25 15:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6110]: Invalid user gateway from 91.92.40.124
Jun 25 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6110]: input_userauth_request: invalid user gateway [preauth]
Jun 25 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6110]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6110]: Failed password for invalid user gateway from 91.92.40.124 port 41660 ssh2
Jun 25 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6110]: Connection closed by 91.92.40.124 port 41660 [preauth]
Jun 25 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4962]: pam_unix(cron:session): session closed for user root
Jun 25 15:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: Invalid user support from 91.92.40.124
Jun 25 15:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: input_userauth_request: invalid user support [preauth]
Jun 25 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: Failed password for invalid user support from 91.92.40.124 port 56744 ssh2
Jun 25 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: Connection closed by 91.92.40.124 port 56744 [preauth]
Jun 25 15:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6155]: Failed password for root from 77.94.47.83 port 54922 ssh2
Jun 25 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6155]: Connection closed by 77.94.47.83 port 54922 [preauth]
Jun 25 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: Failed password for root from 91.92.40.124 port 56834 ssh2
Jun 25 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: Connection closed by 91.92.40.124 port 56834 [preauth]
Jun 25 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Invalid user gitlab-runner from 91.92.40.124
Jun 25 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Failed password for invalid user gitlab-runner from 91.92.40.124 port 35214 ssh2
Jun 25 15:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Connection closed by 91.92.40.124 port 35214 [preauth]
Jun 25 15:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6193]: Invalid user openclaw from 91.92.40.124
Jun 25 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6193]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6193]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6193]: Failed password for invalid user openclaw from 91.92.40.124 port 35286 ssh2
Jun 25 15:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6193]: Connection closed by 91.92.40.124 port 35286 [preauth]
Jun 25 15:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: Invalid user frank from 91.92.40.124
Jun 25 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: input_userauth_request: invalid user frank [preauth]
Jun 25 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: Failed password for invalid user frank from 91.92.40.124 port 38188 ssh2
Jun 25 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: Connection closed by 91.92.40.124 port 38188 [preauth]
Jun 25 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6216]: pam_unix(cron:session): session closed for user p13x
Jun 25 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6276]: Successful su for rubyman by root
Jun 25 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6276]: + ??? root:rubyman
Jun 25 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591089 of user rubyman.
Jun 25 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6276]: pam_unix(su:session): session closed for user rubyman
Jun 25 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591089.
Jun 25 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3334]: pam_unix(cron:session): session closed for user root
Jun 25 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Invalid user odoo17 from 91.92.40.124
Jun 25 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6217]: pam_unix(cron:session): session closed for user samftp
Jun 25 15:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Failed password for invalid user odoo17 from 91.92.40.124 port 37052 ssh2
Jun 25 15:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Connection closed by 91.92.40.124 port 37052 [preauth]
Jun 25 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Invalid user administrator from 91.92.40.124
Jun 25 15:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: input_userauth_request: invalid user administrator [preauth]
Jun 25 15:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Failed password for invalid user administrator from 91.92.40.124 port 37088 ssh2
Jun 25 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Connection closed by 91.92.40.124 port 37088 [preauth]
Jun 25 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Failed password for root from 103.200.25.79 port 35930 ssh2
Jun 25 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Received disconnect from 103.200.25.79 port 35930:11: Bye Bye [preauth]
Jun 25 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6467]: Disconnected from 103.200.25.79 port 35930 [preauth]
Jun 25 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: Invalid user cloud from 91.92.40.124
Jun 25 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: input_userauth_request: invalid user cloud [preauth]
Jun 25 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: Failed password for invalid user cloud from 91.92.40.124 port 37138 ssh2
Jun 25 15:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6490]: Connection closed by 91.92.40.124 port 37138 [preauth]
Jun 25 15:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: Invalid user claude from 91.92.40.124
Jun 25 15:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: input_userauth_request: invalid user claude [preauth]
Jun 25 15:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: Failed password for invalid user claude from 91.92.40.124 port 37150 ssh2
Jun 25 15:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: Connection closed by 91.92.40.124 port 37150 [preauth]
Jun 25 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6525]: Invalid user user1 from 91.92.40.124
Jun 25 15:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6525]: input_userauth_request: invalid user user1 [preauth]
Jun 25 15:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6525]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6525]: Failed password for invalid user user1 from 91.92.40.124 port 35168 ssh2
Jun 25 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6525]: Connection closed by 91.92.40.124 port 35168 [preauth]
Jun 25 15:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6536]: Invalid user dolphinscheduler from 91.92.40.124
Jun 25 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6536]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 25 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5395]: pam_unix(cron:session): session closed for user root
Jun 25 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6536]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6536]: Failed password for invalid user dolphinscheduler from 91.92.40.124 port 35208 ssh2
Jun 25 15:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6536]: Connection closed by 91.92.40.124 port 35208 [preauth]
Jun 25 15:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Failed password for root from 91.92.40.124 port 39082 ssh2
Jun 25 15:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Connection closed by 91.92.40.124 port 39082 [preauth]
Jun 25 15:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 15:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for root from 91.92.40.124 port 39132 ssh2
Jun 25 15:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Connection closed by 91.92.40.124 port 39132 [preauth]
Jun 25 15:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: Invalid user oscar from 91.92.40.124
Jun 25 15:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: input_userauth_request: invalid user oscar [preauth]
Jun 25 15:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: Failed password for invalid user oscar from 91.92.40.124 port 43970 ssh2
Jun 25 15:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: Connection closed by 91.92.40.124 port 43970 [preauth]
Jun 25 15:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 15:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: Invalid user parsa from 91.92.40.124
Jun 25 15:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: input_userauth_request: invalid user parsa [preauth]
Jun 25 15:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 15:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 15:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: Failed password for invalid user parsa from 91.92.40.124 port 35338 ssh2
Jun 25 15:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: Connection closed by 91.92.40.124 port 35338 [preauth]
Jun 25 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6635]: pam_unix(cron:session): session closed for user root
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6630]: pam_unix(cron:session): session closed for user root
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6628]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6731]: Successful su for rubyman by root
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6731]: + ??? root:rubyman
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591092 of user rubyman.
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6731]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591092.
Jun 25 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: Invalid user sam from 91.92.40.124
Jun 25 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: input_userauth_request: invalid user sam [preauth]
Jun 25 16:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6632]: pam_unix(cron:session): session closed for user root
Jun 25 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3852]: pam_unix(cron:session): session closed for user root
Jun 25 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: Failed password for invalid user sam from 91.92.40.124 port 35388 ssh2
Jun 25 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6625]: Connection closed by 91.92.40.124 port 35388 [preauth]
Jun 25 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6629]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 16:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Failed password for root from 103.27.238.114 port 60592 ssh2
Jun 25 16:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Connection closed by 103.27.238.114 port 60592 [preauth]
Jun 25 16:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Failed password for invalid user ubuntu from 91.92.40.124 port 35360 ssh2
Jun 25 16:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Connection closed by 91.92.40.124 port 35360 [preauth]
Jun 25 16:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Invalid user admin2 from 91.92.40.124
Jun 25 16:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 16:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Failed password for invalid user admin2 from 91.92.40.124 port 35396 ssh2
Jun 25 16:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6985]: Connection closed by 91.92.40.124 port 35396 [preauth]
Jun 25 16:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: Failed password for invalid user ubuntu from 91.92.40.124 port 36632 ssh2
Jun 25 16:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: Connection closed by 91.92.40.124 port 36632 [preauth]
Jun 25 16:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Failed password for root from 91.92.40.124 port 51818 ssh2
Jun 25 16:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Connection closed by 91.92.40.124 port 51818 [preauth]
Jun 25 16:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: Invalid user deploy from 91.92.40.124
Jun 25 16:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: input_userauth_request: invalid user deploy [preauth]
Jun 25 16:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5806]: pam_unix(cron:session): session closed for user root
Jun 25 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: Failed password for invalid user deploy from 91.92.40.124 port 51890 ssh2
Jun 25 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7118]: Connection closed by 91.92.40.124 port 51890 [preauth]
Jun 25 16:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7193]: Failed password for root from 91.92.40.124 port 39428 ssh2
Jun 25 16:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7193]: Connection closed by 91.92.40.124 port 39428 [preauth]
Jun 25 16:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: Invalid user devops from 91.92.40.124
Jun 25 16:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: input_userauth_request: invalid user devops [preauth]
Jun 25 16:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: Failed password for invalid user devops from 91.92.40.124 port 39460 ssh2
Jun 25 16:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7206]: Connection closed by 91.92.40.124 port 39460 [preauth]
Jun 25 16:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Failed password for root from 91.92.40.124 port 38318 ssh2
Jun 25 16:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Connection closed by 91.92.40.124 port 38318 [preauth]
Jun 25 16:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Invalid user cloud-user from 91.92.40.124
Jun 25 16:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: input_userauth_request: invalid user cloud-user [preauth]
Jun 25 16:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Failed password for invalid user cloud-user from 91.92.40.124 port 38342 ssh2
Jun 25 16:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Connection closed by 91.92.40.124 port 38342 [preauth]
Jun 25 16:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: Invalid user root1 from 91.92.40.124
Jun 25 16:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: input_userauth_request: invalid user root1 [preauth]
Jun 25 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7265]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7333]: Successful su for rubyman by root
Jun 25 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7333]: + ??? root:rubyman
Jun 25 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591099 of user rubyman.
Jun 25 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7333]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591099.
Jun 25 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: Failed password for invalid user root1 from 91.92.40.124 port 33256 ssh2
Jun 25 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7253]: Connection closed by 91.92.40.124 port 33256 [preauth]
Jun 25 16:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4391]: pam_unix(cron:session): session closed for user root
Jun 25 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Invalid user pi from 91.92.40.124
Jun 25 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: input_userauth_request: invalid user pi [preauth]
Jun 25 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7266]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Failed password for invalid user pi from 91.92.40.124 port 38242 ssh2
Jun 25 16:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Connection closed by 91.92.40.124 port 38242 [preauth]
Jun 25 16:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7516]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7516]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7516]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7516]: Failed password for invalid user ubuntu from 91.92.40.124 port 38284 ssh2
Jun 25 16:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7516]: Connection closed by 91.92.40.124 port 38284 [preauth]
Jun 25 16:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Invalid user erpnext from 91.92.40.124
Jun 25 16:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: input_userauth_request: invalid user erpnext [preauth]
Jun 25 16:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Failed password for invalid user erpnext from 91.92.40.124 port 54800 ssh2
Jun 25 16:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Connection closed by 91.92.40.124 port 54800 [preauth]
Jun 25 16:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Invalid user teamspeak from 91.92.40.124
Jun 25 16:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 16:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Failed password for invalid user teamspeak from 91.92.40.124 port 54826 ssh2
Jun 25 16:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Connection closed by 91.92.40.124 port 54826 [preauth]
Jun 25 16:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: Failed password for root from 91.92.40.124 port 44352 ssh2
Jun 25 16:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: Connection closed by 91.92.40.124 port 44352 [preauth]
Jun 25 16:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session closed for user root
Jun 25 16:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Invalid user amin from 91.92.40.124
Jun 25 16:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: input_userauth_request: invalid user amin [preauth]
Jun 25 16:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Failed password for invalid user amin from 91.92.40.124 port 44378 ssh2
Jun 25 16:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Connection closed by 91.92.40.124 port 44378 [preauth]
Jun 25 16:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: Invalid user core from 91.92.40.124
Jun 25 16:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: input_userauth_request: invalid user core [preauth]
Jun 25 16:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: Failed password for invalid user core from 91.92.40.124 port 39012 ssh2
Jun 25 16:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: Connection closed by 91.92.40.124 port 39012 [preauth]
Jun 25 16:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: Failed password for root from 91.92.40.124 port 53242 ssh2
Jun 25 16:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: Connection closed by 91.92.40.124 port 53242 [preauth]
Jun 25 16:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Invalid user user2 from 91.92.40.124
Jun 25 16:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: input_userauth_request: invalid user user2 [preauth]
Jun 25 16:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Failed password for invalid user user2 from 91.92.40.124 port 53278 ssh2
Jun 25 16:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7764]: Connection closed by 91.92.40.124 port 53278 [preauth]
Jun 25 16:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: Invalid user user1 from 91.92.40.124
Jun 25 16:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: input_userauth_request: invalid user user1 [preauth]
Jun 25 16:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7786]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7844]: Successful su for rubyman by root
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7844]: + ??? root:rubyman
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591105 of user rubyman.
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7844]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591105.
Jun 25 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: Failed password for invalid user user1 from 91.92.40.124 port 59214 ssh2
Jun 25 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: Connection closed by 91.92.40.124 port 59214 [preauth]
Jun 25 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4961]: pam_unix(cron:session): session closed for user root
Jun 25 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Invalid user stack from 91.92.40.124
Jun 25 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: input_userauth_request: invalid user stack [preauth]
Jun 25 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7787]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Failed password for invalid user stack from 91.92.40.124 port 59248 ssh2
Jun 25 16:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Connection closed by 91.92.40.124 port 59248 [preauth]
Jun 25 16:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: Invalid user cloud from 91.92.40.124
Jun 25 16:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: input_userauth_request: invalid user cloud [preauth]
Jun 25 16:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: Failed password for invalid user cloud from 91.92.40.124 port 46460 ssh2
Jun 25 16:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: Connection closed by 91.92.40.124 port 46460 [preauth]
Jun 25 16:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Invalid user cw from 91.92.40.124
Jun 25 16:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: input_userauth_request: invalid user cw [preauth]
Jun 25 16:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Failed password for invalid user cw from 91.92.40.124 port 46538 ssh2
Jun 25 16:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Connection closed by 91.92.40.124 port 46538 [preauth]
Jun 25 16:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Failed password for invalid user ubuntu from 91.92.40.124 port 52978 ssh2
Jun 25 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Connection closed by 91.92.40.124 port 52978 [preauth]
Jun 25 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: User mysql from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: input_userauth_request: invalid user mysql [preauth]
Jun 25 16:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=mysql
Jun 25 16:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for invalid user mysql from 91.92.40.124 port 45222 ssh2
Jun 25 16:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 91.92.40.124 port 45222 [preauth]
Jun 25 16:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: Invalid user guest from 91.92.40.124
Jun 25 16:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: input_userauth_request: invalid user guest [preauth]
Jun 25 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6634]: pam_unix(cron:session): session closed for user root
Jun 25 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: Failed password for invalid user guest from 91.92.40.124 port 45230 ssh2
Jun 25 16:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: Connection closed by 91.92.40.124 port 45230 [preauth]
Jun 25 16:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8131]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8131]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8131]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8131]: Failed password for invalid user ubuntu from 91.92.40.124 port 60356 ssh2
Jun 25 16:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8131]: Connection closed by 91.92.40.124 port 60356 [preauth]
Jun 25 16:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: Invalid user fastuser from 91.92.40.124
Jun 25 16:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 16:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: Failed password for invalid user fastuser from 91.92.40.124 port 35738 ssh2
Jun 25 16:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: Connection closed by 91.92.40.124 port 35738 [preauth]
Jun 25 16:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: Failed password for root from 91.92.40.124 port 35786 ssh2
Jun 25 16:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: Connection closed by 91.92.40.124 port 35786 [preauth]
Jun 25 16:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: Failed password for root from 91.92.40.124 port 35120 ssh2
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8189]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: Connection closed by 91.92.40.124 port 35120 [preauth]
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8249]: Successful su for rubyman by root
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8249]: + ??? root:rubyman
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591107 of user rubyman.
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8249]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591107.
Jun 25 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: Invalid user frappe from 91.92.40.124
Jun 25 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: input_userauth_request: invalid user frappe [preauth]
Jun 25 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5394]: pam_unix(cron:session): session closed for user root
Jun 25 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8190]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: Failed password for invalid user frappe from 91.92.40.124 port 35164 ssh2
Jun 25 16:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: Connection closed by 91.92.40.124 port 35164 [preauth]
Jun 25 16:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8432]: Invalid user teamspeak from 91.92.40.124
Jun 25 16:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8432]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 16:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8432]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8432]: Failed password for invalid user teamspeak from 91.92.40.124 port 54550 ssh2
Jun 25 16:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8432]: Connection closed by 91.92.40.124 port 54550 [preauth]
Jun 25 16:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Failed password for root from 91.92.40.124 port 43804 ssh2
Jun 25 16:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Connection closed by 91.92.40.124 port 43804 [preauth]
Jun 25 16:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: Invalid user admin from 91.92.40.124
Jun 25 16:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: input_userauth_request: invalid user admin [preauth]
Jun 25 16:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: Failed password for invalid user admin from 91.92.40.124 port 43838 ssh2
Jun 25 16:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8479]: Connection closed by 91.92.40.124 port 43838 [preauth]
Jun 25 16:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8502]: Invalid user customer from 91.92.40.124
Jun 25 16:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8502]: input_userauth_request: invalid user customer [preauth]
Jun 25 16:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8502]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8502]: Failed password for invalid user customer from 91.92.40.124 port 37410 ssh2
Jun 25 16:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8502]: Connection closed by 91.92.40.124 port 37410 [preauth]
Jun 25 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7268]: pam_unix(cron:session): session closed for user root
Jun 25 16:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Invalid user linuxuser from 91.92.40.124
Jun 25 16:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: input_userauth_request: invalid user linuxuser [preauth]
Jun 25 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Failed password for invalid user linuxuser from 91.92.40.124 port 37480 ssh2
Jun 25 16:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Connection closed by 91.92.40.124 port 37480 [preauth]
Jun 25 16:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: Failed password for invalid user ubuntu from 91.92.40.124 port 56974 ssh2
Jun 25 16:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: Connection closed by 91.92.40.124 port 56974 [preauth]
Jun 25 16:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: Invalid user hadoop from 91.92.40.124
Jun 25 16:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 16:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: Failed password for invalid user hadoop from 91.92.40.124 port 57010 ssh2
Jun 25 16:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: Connection closed by 91.92.40.124 port 57010 [preauth]
Jun 25 16:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Failed password for root from 68.183.236.1 port 36884 ssh2
Jun 25 16:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Received disconnect from 68.183.236.1 port 36884:11: Bye Bye [preauth]
Jun 25 16:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Disconnected from 68.183.236.1 port 36884 [preauth]
Jun 25 16:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Invalid user appuser from 91.92.40.124
Jun 25 16:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: input_userauth_request: invalid user appuser [preauth]
Jun 25 16:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Failed password for invalid user appuser from 91.92.40.124 port 48026 ssh2
Jun 25 16:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Connection closed by 91.92.40.124 port 48026 [preauth]
Jun 25 16:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Invalid user master from 91.92.40.124
Jun 25 16:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: input_userauth_request: invalid user master [preauth]
Jun 25 16:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Failed password for invalid user master from 91.92.40.124 port 52822 ssh2
Jun 25 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8595]: Connection closed by 91.92.40.124 port 52822 [preauth]
Jun 25 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8616]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8676]: Successful su for rubyman by root
Jun 25 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8676]: + ??? root:rubyman
Jun 25 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591111 of user rubyman.
Jun 25 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8676]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591111.
Jun 25 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5805]: pam_unix(cron:session): session closed for user root
Jun 25 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: Invalid user tester from 91.92.40.124
Jun 25 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: input_userauth_request: invalid user tester [preauth]
Jun 25 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8617]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: Failed password for invalid user tester from 91.92.40.124 port 52872 ssh2
Jun 25 16:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: Connection closed by 91.92.40.124 port 52872 [preauth]
Jun 25 16:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 16:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: Invalid user aiuser from 91.92.40.124
Jun 25 16:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: input_userauth_request: invalid user aiuser [preauth]
Jun 25 16:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Failed password for root from 51.250.105.222 port 50062 ssh2
Jun 25 16:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Connection closed by 51.250.105.222 port 50062 [preauth]
Jun 25 16:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: Failed password for invalid user aiuser from 91.92.40.124 port 45964 ssh2
Jun 25 16:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: Connection closed by 91.92.40.124 port 45964 [preauth]
Jun 25 16:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Invalid user demo from 91.92.40.124
Jun 25 16:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: input_userauth_request: invalid user demo [preauth]
Jun 25 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Failed password for invalid user demo from 91.92.40.124 port 46026 ssh2
Jun 25 16:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Connection closed by 91.92.40.124 port 46026 [preauth]
Jun 25 16:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Invalid user gd from 91.92.40.124
Jun 25 16:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: input_userauth_request: invalid user gd [preauth]
Jun 25 16:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Failed password for invalid user gd from 91.92.40.124 port 33554 ssh2
Jun 25 16:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Connection closed by 91.92.40.124 port 33554 [preauth]
Jun 25 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Invalid user sam from 91.92.40.124
Jun 25 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: input_userauth_request: invalid user sam [preauth]
Jun 25 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Failed password for invalid user sam from 91.92.40.124 port 50262 ssh2
Jun 25 16:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7789]: pam_unix(cron:session): session closed for user root
Jun 25 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Connection closed by 91.92.40.124 port 50262 [preauth]
Jun 25 16:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: Invalid user tester from 91.92.40.124
Jun 25 16:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: input_userauth_request: invalid user tester [preauth]
Jun 25 16:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: Failed password for invalid user tester from 91.92.40.124 port 50348 ssh2
Jun 25 16:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: Connection closed by 91.92.40.124 port 50348 [preauth]
Jun 25 16:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8962]: Failed password for root from 91.92.40.124 port 53088 ssh2
Jun 25 16:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8962]: Connection closed by 91.92.40.124 port 53088 [preauth]
Jun 25 16:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 25 16:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8977]: Failed password for root from 91.92.40.124 port 53138 ssh2
Jun 25 16:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8977]: Connection closed by 91.92.40.124 port 53138 [preauth]
Jun 25 16:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Failed password for root from 89.223.69.22 port 39524 ssh2
Jun 25 16:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Connection closed by 89.223.69.22 port 39524 [preauth]
Jun 25 16:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: Invalid user odoo from 91.92.40.124
Jun 25 16:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: input_userauth_request: invalid user odoo [preauth]
Jun 25 16:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Invalid user duo from 103.200.25.79
Jun 25 16:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: input_userauth_request: invalid user duo [preauth]
Jun 25 16:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Failed password for invalid user duo from 103.200.25.79 port 34604 ssh2
Jun 25 16:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Received disconnect from 103.200.25.79 port 34604:11: Bye Bye [preauth]
Jun 25 16:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Disconnected from 103.200.25.79 port 34604 [preauth]
Jun 25 16:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: Failed password for invalid user odoo from 91.92.40.124 port 37930 ssh2
Jun 25 16:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: Connection closed by 91.92.40.124 port 37930 [preauth]
Jun 25 16:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Failed password for root from 91.92.40.124 port 51108 ssh2
Jun 25 16:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Connection closed by 91.92.40.124 port 51108 [preauth]
Jun 25 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9042]: pam_unix(cron:session): session closed for user root
Jun 25 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9037]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9105]: Successful su for rubyman by root
Jun 25 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9105]: + ??? root:rubyman
Jun 25 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591115 of user rubyman.
Jun 25 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9105]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591115.
Jun 25 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9039]: pam_unix(cron:session): session closed for user root
Jun 25 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6218]: pam_unix(cron:session): session closed for user root
Jun 25 16:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9035]: Failed password for root from 91.92.40.124 port 51174 ssh2
Jun 25 16:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9038]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9035]: Connection closed by 91.92.40.124 port 51174 [preauth]
Jun 25 16:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Invalid user test from 91.92.40.124
Jun 25 16:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: input_userauth_request: invalid user test [preauth]
Jun 25 16:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Failed password for invalid user test from 91.92.40.124 port 34034 ssh2
Jun 25 16:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Connection closed by 91.92.40.124 port 34034 [preauth]
Jun 25 16:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: Invalid user ts3 from 91.92.40.124
Jun 25 16:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 16:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: Failed password for invalid user ts3 from 91.92.40.124 port 34120 ssh2
Jun 25 16:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: Connection closed by 91.92.40.124 port 34120 [preauth]
Jun 25 16:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9347]: Failed password for root from 91.92.40.124 port 50932 ssh2
Jun 25 16:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9347]: Connection closed by 91.92.40.124 port 50932 [preauth]
Jun 25 16:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: Invalid user david from 91.92.40.124
Jun 25 16:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: input_userauth_request: invalid user david [preauth]
Jun 25 16:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: Failed password for invalid user david from 91.92.40.124 port 52750 ssh2
Jun 25 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8192]: pam_unix(cron:session): session closed for user root
Jun 25 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9369]: Connection closed by 91.92.40.124 port 52750 [preauth]
Jun 25 16:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: Invalid user test1 from 91.92.40.124
Jun 25 16:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: input_userauth_request: invalid user test1 [preauth]
Jun 25 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: Failed password for invalid user test1 from 91.92.40.124 port 52822 ssh2
Jun 25 16:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9382]: Connection closed by 91.92.40.124 port 52822 [preauth]
Jun 25 16:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9415]: Invalid user jellyfin from 91.92.40.124
Jun 25 16:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9415]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 16:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9415]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9415]: Failed password for invalid user jellyfin from 91.92.40.124 port 41646 ssh2
Jun 25 16:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9415]: Connection closed by 91.92.40.124 port 41646 [preauth]
Jun 25 16:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Invalid user minecraft from 91.92.40.124
Jun 25 16:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 16:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Failed password for invalid user minecraft from 91.92.40.124 port 41716 ssh2
Jun 25 16:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9454]: Failed password for root from 68.183.236.1 port 34720 ssh2
Jun 25 16:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9454]: Received disconnect from 68.183.236.1 port 34720:11: Bye Bye [preauth]
Jun 25 16:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9454]: Disconnected from 68.183.236.1 port 34720 [preauth]
Jun 25 16:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Connection closed by 91.92.40.124 port 41716 [preauth]
Jun 25 16:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: Failed password for root from 91.92.40.124 port 51728 ssh2
Jun 25 16:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: Connection closed by 91.92.40.124 port 51728 [preauth]
Jun 25 16:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Invalid user prefect from 91.92.40.124
Jun 25 16:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: input_userauth_request: invalid user prefect [preauth]
Jun 25 16:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Failed password for invalid user prefect from 91.92.40.124 port 37198 ssh2
Jun 25 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9476]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Connection closed by 91.92.40.124 port 37198 [preauth]
Jun 25 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9540]: Successful su for rubyman by root
Jun 25 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9540]: + ??? root:rubyman
Jun 25 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591123 of user rubyman.
Jun 25 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9540]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591123.
Jun 25 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: Invalid user test from 91.92.40.124
Jun 25 16:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: input_userauth_request: invalid user test [preauth]
Jun 25 16:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6633]: pam_unix(cron:session): session closed for user root
Jun 25 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: Failed password for invalid user test from 91.92.40.124 port 37276 ssh2
Jun 25 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: Connection closed by 91.92.40.124 port 37276 [preauth]
Jun 25 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9477]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: Invalid user toto from 91.92.40.124
Jun 25 16:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: input_userauth_request: invalid user toto [preauth]
Jun 25 16:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: Failed password for invalid user toto from 91.92.40.124 port 42694 ssh2
Jun 25 16:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9736]: Connection closed by 91.92.40.124 port 42694 [preauth]
Jun 25 16:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: Failed password for root from 91.92.40.124 port 45790 ssh2
Jun 25 16:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: Connection closed by 91.92.40.124 port 45790 [preauth]
Jun 25 16:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Invalid user user from 91.92.40.124
Jun 25 16:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: input_userauth_request: invalid user user [preauth]
Jun 25 16:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Failed password for invalid user user from 91.92.40.124 port 45866 ssh2
Jun 25 16:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Connection closed by 91.92.40.124 port 45866 [preauth]
Jun 25 16:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9797]: Invalid user prem from 91.92.40.124
Jun 25 16:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9797]: input_userauth_request: invalid user prem [preauth]
Jun 25 16:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9797]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9797]: Failed password for invalid user prem from 91.92.40.124 port 58668 ssh2
Jun 25 16:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9797]: Connection closed by 91.92.40.124 port 58668 [preauth]
Jun 25 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8619]: pam_unix(cron:session): session closed for user root
Jun 25 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Invalid user dev from 91.92.40.124
Jun 25 16:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: input_userauth_request: invalid user dev [preauth]
Jun 25 16:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Failed password for invalid user dev from 91.92.40.124 port 57552 ssh2
Jun 25 16:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Connection closed by 91.92.40.124 port 57552 [preauth]
Jun 25 16:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Invalid user alex from 91.92.40.124
Jun 25 16:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: input_userauth_request: invalid user alex [preauth]
Jun 25 16:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Failed password for invalid user alex from 91.92.40.124 port 57612 ssh2
Jun 25 16:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Connection closed by 91.92.40.124 port 57612 [preauth]
Jun 25 16:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9875]: Invalid user onkar from 91.92.40.124
Jun 25 16:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9875]: input_userauth_request: invalid user onkar [preauth]
Jun 25 16:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9875]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 16:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9875]: Failed password for invalid user onkar from 91.92.40.124 port 41438 ssh2
Jun 25 16:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Failed password for root from 103.82.132.16 port 44956 ssh2
Jun 25 16:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Connection closed by 103.82.132.16 port 44956 [preauth]
Jun 25 16:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9875]: Connection closed by 91.92.40.124 port 41438 [preauth]
Jun 25 16:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: Invalid user admin from 91.92.40.124
Jun 25 16:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: input_userauth_request: invalid user admin [preauth]
Jun 25 16:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Failed password for root from 103.200.25.79 port 44796 ssh2
Jun 25 16:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Received disconnect from 103.200.25.79 port 44796:11: Bye Bye [preauth]
Jun 25 16:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Disconnected from 103.200.25.79 port 44796 [preauth]
Jun 25 16:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: Failed password for invalid user admin from 91.92.40.124 port 41496 ssh2
Jun 25 16:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9911]: Connection closed by 91.92.40.124 port 41496 [preauth]
Jun 25 16:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Invalid user fred from 91.92.40.124
Jun 25 16:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: input_userauth_request: invalid user fred [preauth]
Jun 25 16:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10082]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10146]: Successful su for rubyman by root
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10146]: + ??? root:rubyman
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591126 of user rubyman.
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10146]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591126.
Jun 25 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Failed password for invalid user fred from 91.92.40.124 port 57926 ssh2
Jun 25 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Connection closed by 91.92.40.124 port 57926 [preauth]
Jun 25 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7267]: pam_unix(cron:session): session closed for user root
Jun 25 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: Invalid user ghost from 91.92.40.124
Jun 25 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: input_userauth_request: invalid user ghost [preauth]
Jun 25 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10083]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: Failed password for invalid user ghost from 91.92.40.124 port 43804 ssh2
Jun 25 16:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: Connection closed by 91.92.40.124 port 43804 [preauth]
Jun 25 16:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Invalid user openclaw from 91.92.40.124
Jun 25 16:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 16:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Failed password for invalid user openclaw from 91.92.40.124 port 43840 ssh2
Jun 25 16:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Connection closed by 91.92.40.124 port 43840 [preauth]
Jun 25 16:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Invalid user ali from 91.92.40.124
Jun 25 16:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: input_userauth_request: invalid user ali [preauth]
Jun 25 16:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Failed password for invalid user ali from 91.92.40.124 port 40680 ssh2
Jun 25 16:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10451]: Connection closed by 91.92.40.124 port 40680 [preauth]
Jun 25 16:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10461]: Invalid user kafka from 91.92.40.124
Jun 25 16:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10461]: input_userauth_request: invalid user kafka [preauth]
Jun 25 16:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10461]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10461]: Failed password for invalid user kafka from 91.92.40.124 port 40746 ssh2
Jun 25 16:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10461]: Connection closed by 91.92.40.124 port 40746 [preauth]
Jun 25 16:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: Invalid user developer from 91.92.40.124
Jun 25 16:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: input_userauth_request: invalid user developer [preauth]
Jun 25 16:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: Failed password for invalid user developer from 91.92.40.124 port 60206 ssh2
Jun 25 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: Connection closed by 91.92.40.124 port 60206 [preauth]
Jun 25 16:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9041]: pam_unix(cron:session): session closed for user root
Jun 25 16:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Invalid user testuser from 91.92.40.124
Jun 25 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: input_userauth_request: invalid user testuser [preauth]
Jun 25 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Failed password for invalid user testuser from 91.92.40.124 port 45984 ssh2
Jun 25 16:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Connection closed by 91.92.40.124 port 45984 [preauth]
Jun 25 16:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: Invalid user www from 91.92.40.124
Jun 25 16:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: input_userauth_request: invalid user www [preauth]
Jun 25 16:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: Failed password for invalid user www from 91.92.40.124 port 46056 ssh2
Jun 25 16:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10537]: Connection closed by 91.92.40.124 port 46056 [preauth]
Jun 25 16:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Invalid user system from 91.92.40.124
Jun 25 16:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: input_userauth_request: invalid user system [preauth]
Jun 25 16:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Failed password for invalid user system from 91.92.40.124 port 54992 ssh2
Jun 25 16:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Connection closed by 91.92.40.124 port 54992 [preauth]
Jun 25 16:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Invalid user odoo18 from 91.92.40.124
Jun 25 16:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: input_userauth_request: invalid user odoo18 [preauth]
Jun 25 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: Invalid user csserver from 68.183.236.1
Jun 25 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: input_userauth_request: invalid user csserver [preauth]
Jun 25 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for invalid user odoo18 from 91.92.40.124 port 55054 ssh2
Jun 25 16:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: Failed password for invalid user csserver from 68.183.236.1 port 35870 ssh2
Jun 25 16:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: Received disconnect from 68.183.236.1 port 35870:11: Bye Bye [preauth]
Jun 25 16:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10583]: Disconnected from 68.183.236.1 port 35870 [preauth]
Jun 25 16:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Connection closed by 91.92.40.124 port 55054 [preauth]
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10603]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10665]: Successful su for rubyman by root
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10665]: + ??? root:rubyman
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591130 of user rubyman.
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10665]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591130.
Jun 25 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: Failed password for root from 91.92.40.124 port 44178 ssh2
Jun 25 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7788]: pam_unix(cron:session): session closed for user root
Jun 25 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: Connection closed by 91.92.40.124 port 44178 [preauth]
Jun 25 16:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: Invalid user user3 from 91.92.40.124
Jun 25 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: input_userauth_request: invalid user user3 [preauth]
Jun 25 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: Failed password for invalid user user3 from 91.92.40.124 port 44232 ssh2
Jun 25 16:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10723]: Connection closed by 91.92.40.124 port 44232 [preauth]
Jun 25 16:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Invalid user demo from 193.46.255.86
Jun 25 16:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: input_userauth_request: invalid user demo [preauth]
Jun 25 16:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 16:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: Invalid user user from 91.92.40.124
Jun 25 16:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: input_userauth_request: invalid user user [preauth]
Jun 25 16:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Failed password for invalid user demo from 193.46.255.86 port 37942 ssh2
Jun 25 16:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: Failed password for invalid user user from 91.92.40.124 port 44450 ssh2
Jun 25 16:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Failed password for invalid user demo from 193.46.255.86 port 37942 ssh2
Jun 25 16:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: Connection closed by 91.92.40.124 port 44450 [preauth]
Jun 25 16:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Invalid user sdadmin from 91.92.40.124
Jun 25 16:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: input_userauth_request: invalid user sdadmin [preauth]
Jun 25 16:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Failed password for invalid user demo from 193.46.255.86 port 37942 ssh2
Jun 25 16:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Connection closed by 193.46.255.86 port 37942 [preauth]
Jun 25 16:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 16:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Failed password for invalid user sdadmin from 91.92.40.124 port 55896 ssh2
Jun 25 16:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Connection closed by 91.92.40.124 port 55896 [preauth]
Jun 25 16:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: Invalid user nutanix from 91.92.40.124
Jun 25 16:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: input_userauth_request: invalid user nutanix [preauth]
Jun 25 16:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: Failed password for invalid user nutanix from 91.92.40.124 port 55994 ssh2
Jun 25 16:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10913]: Connection closed by 91.92.40.124 port 55994 [preauth]
Jun 25 16:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Failed password for root from 91.92.40.124 port 35714 ssh2
Jun 25 16:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Connection closed by 91.92.40.124 port 35714 [preauth]
Jun 25 16:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9479]: pam_unix(cron:session): session closed for user root
Jun 25 16:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: Invalid user test from 91.92.40.124
Jun 25 16:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: input_userauth_request: invalid user test [preauth]
Jun 25 16:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: Failed password for invalid user test from 91.92.40.124 port 59358 ssh2
Jun 25 16:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10971]: Connection closed by 91.92.40.124 port 59358 [preauth]
Jun 25 16:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 16:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Invalid user agent from 91.92.40.124
Jun 25 16:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: input_userauth_request: invalid user agent [preauth]
Jun 25 16:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Failed password for root from 141.98.83.240 port 47986 ssh2
Jun 25 16:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Failed password for invalid user agent from 91.92.40.124 port 59468 ssh2
Jun 25 16:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Failed password for root from 141.98.83.240 port 47986 ssh2
Jun 25 16:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Connection closed by 91.92.40.124 port 59468 [preauth]
Jun 25 16:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Failed password for root from 141.98.83.240 port 47986 ssh2
Jun 25 16:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Connection closed by 141.98.83.240 port 47986 [preauth]
Jun 25 16:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Invalid user alex from 91.92.40.124
Jun 25 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: input_userauth_request: invalid user alex [preauth]
Jun 25 16:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Failed password for invalid user alex from 91.92.40.124 port 54518 ssh2
Jun 25 16:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Connection closed by 91.92.40.124 port 54518 [preauth]
Jun 25 16:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: Invalid user jay from 91.92.40.124
Jun 25 16:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: input_userauth_request: invalid user jay [preauth]
Jun 25 16:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: Failed password for invalid user jay from 91.92.40.124 port 54574 ssh2
Jun 25 16:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: Connection closed by 91.92.40.124 port 54574 [preauth]
Jun 25 16:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Invalid user kamil from 103.200.25.79
Jun 25 16:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: input_userauth_request: invalid user kamil [preauth]
Jun 25 16:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Failed password for invalid user kamil from 103.200.25.79 port 59786 ssh2
Jun 25 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Received disconnect from 103.200.25.79 port 59786:11: Bye Bye [preauth]
Jun 25 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Disconnected from 103.200.25.79 port 59786 [preauth]
Jun 25 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11173]: Successful su for rubyman by root
Jun 25 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11173]: + ??? root:rubyman
Jun 25 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591133 of user rubyman.
Jun 25 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11173]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591133.
Jun 25 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session closed for user root
Jun 25 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Failed password for root from 91.92.40.124 port 58934 ssh2
Jun 25 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Connection closed by 91.92.40.124 port 58934 [preauth]
Jun 25 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8191]: pam_unix(cron:session): session closed for user root
Jun 25 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: Invalid user admin from 91.92.40.124
Jun 25 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: input_userauth_request: invalid user admin [preauth]
Jun 25 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11048]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: Failed password for invalid user admin from 91.92.40.124 port 59458 ssh2
Jun 25 16:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: Connection closed by 91.92.40.124 port 59458 [preauth]
Jun 25 16:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Invalid user debian from 91.92.40.124
Jun 25 16:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: input_userauth_request: invalid user debian [preauth]
Jun 25 16:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Failed password for invalid user debian from 91.92.40.124 port 59534 ssh2
Jun 25 16:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Connection closed by 91.92.40.124 port 59534 [preauth]
Jun 25 16:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Invalid user aaa from 91.92.40.124
Jun 25 16:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: input_userauth_request: invalid user aaa [preauth]
Jun 25 16:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Failed password for invalid user aaa from 91.92.40.124 port 50868 ssh2
Jun 25 16:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Connection closed by 91.92.40.124 port 50868 [preauth]
Jun 25 16:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Failed password for root from 91.92.40.124 port 50932 ssh2
Jun 25 16:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Connection closed by 91.92.40.124 port 50932 [preauth]
Jun 25 16:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: Failed password for root from 91.92.40.124 port 37662 ssh2
Jun 25 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: Connection closed by 91.92.40.124 port 37662 [preauth]
Jun 25 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10085]: pam_unix(cron:session): session closed for user root
Jun 25 16:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Invalid user grid from 91.92.40.124
Jun 25 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: input_userauth_request: invalid user grid [preauth]
Jun 25 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Failed password for invalid user grid from 91.92.40.124 port 53178 ssh2
Jun 25 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Connection closed by 91.92.40.124 port 53178 [preauth]
Jun 25 16:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11522]: Failed password for root from 91.92.40.124 port 53222 ssh2
Jun 25 16:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11522]: Connection closed by 91.92.40.124 port 53222 [preauth]
Jun 25 16:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: Failed password for root from 91.92.40.124 port 38442 ssh2
Jun 25 16:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: Connection closed by 91.92.40.124 port 38442 [preauth]
Jun 25 16:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Invalid user steam from 91.92.40.124
Jun 25 16:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: input_userauth_request: invalid user steam [preauth]
Jun 25 16:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Failed password for invalid user steam from 91.92.40.124 port 38516 ssh2
Jun 25 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Connection closed by 91.92.40.124 port 38516 [preauth]
Jun 25 16:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Failed password for root from 68.183.236.1 port 32800 ssh2
Jun 25 16:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Received disconnect from 68.183.236.1 port 32800:11: Bye Bye [preauth]
Jun 25 16:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Disconnected from 68.183.236.1 port 32800 [preauth]
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Invalid user minecraft from 91.92.40.124
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11593]: pam_unix(cron:session): session closed for user root
Jun 25 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11588]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11656]: Successful su for rubyman by root
Jun 25 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11656]: + ??? root:rubyman
Jun 25 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591139 of user rubyman.
Jun 25 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11656]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591139.
Jun 25 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11590]: pam_unix(cron:session): session closed for user root
Jun 25 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Failed password for invalid user minecraft from 91.92.40.124 port 40274 ssh2
Jun 25 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8618]: pam_unix(cron:session): session closed for user root
Jun 25 16:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Connection closed by 91.92.40.124 port 40274 [preauth]
Jun 25 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11589]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: Invalid user git from 91.92.40.124
Jun 25 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: input_userauth_request: invalid user git [preauth]
Jun 25 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: Failed password for invalid user git from 91.92.40.124 port 40338 ssh2
Jun 25 16:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11729]: Connection closed by 91.92.40.124 port 40338 [preauth]
Jun 25 16:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: Invalid user data from 91.92.40.124
Jun 25 16:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: input_userauth_request: invalid user data [preauth]
Jun 25 16:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: Failed password for invalid user data from 91.92.40.124 port 59208 ssh2
Jun 25 16:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: Connection closed by 91.92.40.124 port 59208 [preauth]
Jun 25 16:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Invalid user clawdbot from 91.92.40.124
Jun 25 16:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: input_userauth_request: invalid user clawdbot [preauth]
Jun 25 16:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Failed password for invalid user clawdbot from 91.92.40.124 port 47160 ssh2
Jun 25 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Connection closed by 91.92.40.124 port 47160 [preauth]
Jun 25 16:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Invalid user frappe from 91.92.40.124
Jun 25 16:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: input_userauth_request: invalid user frappe [preauth]
Jun 25 16:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Failed password for invalid user frappe from 91.92.40.124 port 47202 ssh2
Jun 25 16:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Connection closed by 91.92.40.124 port 47202 [preauth]
Jun 25 16:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Invalid user rdpuser from 91.92.40.124
Jun 25 16:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 16:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10603]: pam_unix(cron:session): session closed for user root
Jun 25 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Failed password for invalid user rdpuser from 91.92.40.124 port 51616 ssh2
Jun 25 16:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Connection closed by 91.92.40.124 port 51616 [preauth]
Jun 25 16:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Invalid user test2 from 91.92.40.124
Jun 25 16:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: input_userauth_request: invalid user test2 [preauth]
Jun 25 16:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Failed password for invalid user test2 from 91.92.40.124 port 51692 ssh2
Jun 25 16:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Connection closed by 91.92.40.124 port 51692 [preauth]
Jun 25 16:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Failed password for root from 91.92.40.124 port 48738 ssh2
Jun 25 16:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Connection closed by 91.92.40.124 port 48738 [preauth]
Jun 25 16:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Failed password for invalid user ubuntu from 91.92.40.124 port 58538 ssh2
Jun 25 16:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Connection closed by 91.92.40.124 port 58538 [preauth]
Jun 25 16:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Failed password for root from 91.92.40.124 port 58566 ssh2
Jun 25 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Connection closed by 91.92.40.124 port 58566 [preauth]
Jun 25 16:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: Invalid user debian from 103.200.25.79
Jun 25 16:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: input_userauth_request: invalid user debian [preauth]
Jun 25 16:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: Failed password for invalid user debian from 103.200.25.79 port 41162 ssh2
Jun 25 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: Received disconnect from 103.200.25.79 port 41162:11: Bye Bye [preauth]
Jun 25 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: Disconnected from 103.200.25.79 port 41162 [preauth]
Jun 25 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12095]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: Successful su for rubyman by root
Jun 25 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: + ??? root:rubyman
Jun 25 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591144 of user rubyman.
Jun 25 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591144.
Jun 25 16:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: Failed password for root from 91.92.40.124 port 59696 ssh2
Jun 25 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9040]: pam_unix(cron:session): session closed for user root
Jun 25 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: Connection closed by 91.92.40.124 port 59696 [preauth]
Jun 25 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12096]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Invalid user crafty from 91.92.40.124
Jun 25 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: input_userauth_request: invalid user crafty [preauth]
Jun 25 16:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Failed password for invalid user crafty from 91.92.40.124 port 59764 ssh2
Jun 25 16:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Connection closed by 91.92.40.124 port 59764 [preauth]
Jun 25 16:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Invalid user gpadmin from 91.92.40.124
Jun 25 16:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: input_userauth_request: invalid user gpadmin [preauth]
Jun 25 16:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Failed password for invalid user gpadmin from 91.92.40.124 port 51658 ssh2
Jun 25 16:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Connection closed by 91.92.40.124 port 51658 [preauth]
Jun 25 16:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: Failed password for root from 91.92.40.124 port 56796 ssh2
Jun 25 16:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: Connection closed by 91.92.40.124 port 56796 [preauth]
Jun 25 16:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: Invalid user docker from 91.92.40.124
Jun 25 16:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: input_userauth_request: invalid user docker [preauth]
Jun 25 16:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: Failed password for invalid user docker from 91.92.40.124 port 56852 ssh2
Jun 25 16:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: Connection closed by 91.92.40.124 port 56852 [preauth]
Jun 25 16:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Invalid user omm from 91.92.40.124
Jun 25 16:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: input_userauth_request: invalid user omm [preauth]
Jun 25 16:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Failed password for invalid user omm from 91.92.40.124 port 59122 ssh2
Jun 25 16:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Connection closed by 91.92.40.124 port 59122 [preauth]
Jun 25 16:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11050]: pam_unix(cron:session): session closed for user root
Jun 25 16:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Failed password for root from 91.92.40.124 port 44454 ssh2
Jun 25 16:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Connection closed by 91.92.40.124 port 44454 [preauth]
Jun 25 16:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12581]: Invalid user fivem from 91.92.40.124
Jun 25 16:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12581]: input_userauth_request: invalid user fivem [preauth]
Jun 25 16:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12581]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12581]: Failed password for invalid user fivem from 91.92.40.124 port 44528 ssh2
Jun 25 16:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12581]: Connection closed by 91.92.40.124 port 44528 [preauth]
Jun 25 16:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Invalid user adminuser from 91.92.40.124
Jun 25 16:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: input_userauth_request: invalid user adminuser [preauth]
Jun 25 16:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Failed password for invalid user adminuser from 91.92.40.124 port 48422 ssh2
Jun 25 16:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Connection closed by 91.92.40.124 port 48422 [preauth]
Jun 25 16:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Invalid user test from 68.183.236.1
Jun 25 16:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: input_userauth_request: invalid user test [preauth]
Jun 25 16:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Failed password for invalid user test from 68.183.236.1 port 36442 ssh2
Jun 25 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: Failed password for root from 91.92.40.124 port 48460 ssh2
Jun 25 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Received disconnect from 68.183.236.1 port 36442:11: Bye Bye [preauth]
Jun 25 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Disconnected from 68.183.236.1 port 36442 [preauth]
Jun 25 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: Connection closed by 91.92.40.124 port 48460 [preauth]
Jun 25 16:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: Invalid user test from 91.92.40.124
Jun 25 16:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: input_userauth_request: invalid user test [preauth]
Jun 25 16:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12643]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: Failed password for invalid user test from 91.92.40.124 port 52454 ssh2
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12706]: Successful su for rubyman by root
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12706]: + ??? root:rubyman
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591149 of user rubyman.
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12706]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591149.
Jun 25 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: Connection closed by 91.92.40.124 port 52454 [preauth]
Jun 25 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9478]: pam_unix(cron:session): session closed for user root
Jun 25 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Invalid user elasticsearch from 91.92.40.124
Jun 25 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 25 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Failed password for invalid user elasticsearch from 91.92.40.124 port 42772 ssh2
Jun 25 16:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Connection closed by 91.92.40.124 port 42772 [preauth]
Jun 25 16:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12918]: Failed password for root from 91.92.40.124 port 42870 ssh2
Jun 25 16:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12918]: Connection closed by 91.92.40.124 port 42870 [preauth]
Jun 25 16:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: Failed password for root from 91.92.40.124 port 51678 ssh2
Jun 25 16:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12940]: Connection closed by 91.92.40.124 port 51678 [preauth]
Jun 25 16:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: Invalid user user from 91.92.40.124
Jun 25 16:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: input_userauth_request: invalid user user [preauth]
Jun 25 16:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: Failed password for invalid user user from 91.92.40.124 port 51744 ssh2
Jun 25 16:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: Connection closed by 91.92.40.124 port 51744 [preauth]
Jun 25 16:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: Invalid user alex from 91.92.40.124
Jun 25 16:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: input_userauth_request: invalid user alex [preauth]
Jun 25 16:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: Failed password for invalid user alex from 91.92.40.124 port 42398 ssh2
Jun 25 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: Connection closed by 91.92.40.124 port 42398 [preauth]
Jun 25 16:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session closed for user root
Jun 25 16:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: Failed password for root from 103.149.28.157 port 45574 ssh2
Jun 25 16:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: Connection closed by 103.149.28.157 port 45574 [preauth]
Jun 25 16:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: Failed password for root from 91.92.40.124 port 42490 ssh2
Jun 25 16:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: Connection closed by 91.92.40.124 port 42490 [preauth]
Jun 25 16:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Invalid user user from 91.92.40.124
Jun 25 16:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: input_userauth_request: invalid user user [preauth]
Jun 25 16:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Failed password for invalid user user from 91.92.40.124 port 37394 ssh2
Jun 25 16:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Connection closed by 91.92.40.124 port 37394 [preauth]
Jun 25 16:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Invalid user web from 91.92.40.124
Jun 25 16:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: input_userauth_request: invalid user web [preauth]
Jun 25 16:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Failed password for invalid user web from 91.92.40.124 port 43218 ssh2
Jun 25 16:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Connection closed by 91.92.40.124 port 43218 [preauth]
Jun 25 16:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: Invalid user claude from 91.92.40.124
Jun 25 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: input_userauth_request: invalid user claude [preauth]
Jun 25 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Invalid user common from 103.200.25.79
Jun 25 16:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: input_userauth_request: invalid user common [preauth]
Jun 25 16:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: Failed password for invalid user claude from 91.92.40.124 port 43250 ssh2
Jun 25 16:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: Connection closed by 91.92.40.124 port 43250 [preauth]
Jun 25 16:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Failed password for invalid user common from 103.200.25.79 port 33952 ssh2
Jun 25 16:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Received disconnect from 103.200.25.79 port 33952:11: Bye Bye [preauth]
Jun 25 16:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Disconnected from 103.200.25.79 port 33952 [preauth]
Jun 25 16:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: Invalid user gitlab from 91.92.40.124
Jun 25 16:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: input_userauth_request: invalid user gitlab [preauth]
Jun 25 16:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13085]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: Failed password for invalid user gitlab from 91.92.40.124 port 34804 ssh2
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13155]: Successful su for rubyman by root
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13155]: + ??? root:rubyman
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591154 of user rubyman.
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13155]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591154.
Jun 25 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: Connection closed by 91.92.40.124 port 34804 [preauth]
Jun 25 16:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10084]: pam_unix(cron:session): session closed for user root
Jun 25 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Invalid user fahmi from 91.92.40.124
Jun 25 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: input_userauth_request: invalid user fahmi [preauth]
Jun 25 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13086]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Failed password for invalid user fahmi from 91.92.40.124 port 35162 ssh2
Jun 25 16:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Connection closed by 91.92.40.124 port 35162 [preauth]
Jun 25 16:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: Invalid user student from 91.92.40.124
Jun 25 16:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: input_userauth_request: invalid user student [preauth]
Jun 25 16:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: Failed password for invalid user student from 91.92.40.124 port 35218 ssh2
Jun 25 16:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: Connection closed by 91.92.40.124 port 35218 [preauth]
Jun 25 16:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Failed password for root from 91.92.40.124 port 35700 ssh2
Jun 25 16:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Connection closed by 91.92.40.124 port 35700 [preauth]
Jun 25 16:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: Invalid user server from 91.92.40.124
Jun 25 16:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: input_userauth_request: invalid user server [preauth]
Jun 25 16:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: Failed password for invalid user server from 91.92.40.124 port 35742 ssh2
Jun 25 16:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: Connection closed by 91.92.40.124 port 35742 [preauth]
Jun 25 16:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: Invalid user ec2-user from 91.92.40.124
Jun 25 16:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 16:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: Failed password for invalid user ec2-user from 91.92.40.124 port 52878 ssh2
Jun 25 16:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13418]: Connection closed by 91.92.40.124 port 52878 [preauth]
Jun 25 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session closed for user root
Jun 25 16:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Invalid user localhost from 91.92.40.124
Jun 25 16:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: input_userauth_request: invalid user localhost [preauth]
Jun 25 16:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Failed password for invalid user localhost from 91.92.40.124 port 51786 ssh2
Jun 25 16:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Connection closed by 91.92.40.124 port 51786 [preauth]
Jun 25 16:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: Invalid user kali from 91.92.40.124
Jun 25 16:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: input_userauth_request: invalid user kali [preauth]
Jun 25 16:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: Failed password for invalid user kali from 91.92.40.124 port 51832 ssh2
Jun 25 16:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: Connection closed by 91.92.40.124 port 51832 [preauth]
Jun 25 16:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 25 16:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Received disconnect from 209.90.232.251 port 42128:11: disconnected by user [preauth]
Jun 25 16:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Disconnected from 209.90.232.251 port 42128 [preauth]
Jun 25 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: Invalid user student from 91.92.40.124
Jun 25 16:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: input_userauth_request: invalid user student [preauth]
Jun 25 16:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: Failed password for invalid user student from 91.92.40.124 port 60024 ssh2
Jun 25 16:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: Connection closed by 91.92.40.124 port 60024 [preauth]
Jun 25 16:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Failed password for root from 68.183.236.1 port 34832 ssh2
Jun 25 16:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Received disconnect from 68.183.236.1 port 34832:11: Bye Bye [preauth]
Jun 25 16:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Disconnected from 68.183.236.1 port 34832 [preauth]
Jun 25 16:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: Invalid user support from 91.92.40.124
Jun 25 16:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: input_userauth_request: invalid user support [preauth]
Jun 25 16:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 16:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: Failed password for invalid user support from 91.92.40.124 port 60096 ssh2
Jun 25 16:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13496]: Connection closed by 91.92.40.124 port 60096 [preauth]
Jun 25 16:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: Failed password for root from 38.93.206.2 port 16954 ssh2
Jun 25 16:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13506]: Connection closed by 38.93.206.2 port 16954 [preauth]
Jun 25 16:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Invalid user operator from 91.92.40.124
Jun 25 16:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: input_userauth_request: invalid user operator [preauth]
Jun 25 16:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13523]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13587]: Successful su for rubyman by root
Jun 25 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13587]: + ??? root:rubyman
Jun 25 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591156 of user rubyman.
Jun 25 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13587]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591156.
Jun 25 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Failed password for invalid user operator from 91.92.40.124 port 40396 ssh2
Jun 25 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13509]: Connection closed by 91.92.40.124 port 40396 [preauth]
Jun 25 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session closed for user root
Jun 25 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Invalid user admin2 from 91.92.40.124
Jun 25 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 16:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13525]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Failed password for invalid user admin2 from 91.92.40.124 port 52050 ssh2
Jun 25 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Connection closed by 91.92.40.124 port 52050 [preauth]
Jun 25 16:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: User vncuser from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 16:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 16:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=vncuser
Jun 25 16:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: Failed password for invalid user vncuser from 91.92.40.124 port 52116 ssh2
Jun 25 16:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: Connection closed by 91.92.40.124 port 52116 [preauth]
Jun 25 16:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: Invalid user ai from 91.92.40.124
Jun 25 16:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: input_userauth_request: invalid user ai [preauth]
Jun 25 16:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: Failed password for invalid user ai from 91.92.40.124 port 44622 ssh2
Jun 25 16:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13810]: Connection closed by 91.92.40.124 port 44622 [preauth]
Jun 25 16:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Invalid user elastic from 91.92.40.124
Jun 25 16:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: input_userauth_request: invalid user elastic [preauth]
Jun 25 16:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Failed password for invalid user elastic from 91.92.40.124 port 44672 ssh2
Jun 25 16:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Connection closed by 91.92.40.124 port 44672 [preauth]
Jun 25 16:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Failed password for root from 91.92.40.124 port 43976 ssh2
Jun 25 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session closed for user root
Jun 25 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Connection closed by 91.92.40.124 port 43976 [preauth]
Jun 25 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: Invalid user postgres from 91.92.40.124
Jun 25 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: input_userauth_request: invalid user postgres [preauth]
Jun 25 16:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: Failed password for invalid user postgres from 91.92.40.124 port 60240 ssh2
Jun 25 16:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13870]: Connection closed by 91.92.40.124 port 60240 [preauth]
Jun 25 16:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Invalid user main from 91.92.40.124
Jun 25 16:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: input_userauth_request: invalid user main [preauth]
Jun 25 16:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Failed password for invalid user main from 91.92.40.124 port 60268 ssh2
Jun 25 16:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Connection closed by 91.92.40.124 port 60268 [preauth]
Jun 25 16:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Failed password for invalid user ubuntu from 91.92.40.124 port 32980 ssh2
Jun 25 16:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Connection closed by 91.92.40.124 port 32980 [preauth]
Jun 25 16:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Invalid user gituser from 103.200.25.79
Jun 25 16:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: input_userauth_request: invalid user gituser [preauth]
Jun 25 16:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Invalid user ftpuser from 91.92.40.124
Jun 25 16:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 16:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for invalid user gituser from 103.200.25.79 port 57098 ssh2
Jun 25 16:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Received disconnect from 103.200.25.79 port 57098:11: Bye Bye [preauth]
Jun 25 16:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Disconnected from 103.200.25.79 port 57098 [preauth]
Jun 25 16:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Failed password for invalid user ftpuser from 91.92.40.124 port 33046 ssh2
Jun 25 16:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Connection closed by 91.92.40.124 port 33046 [preauth]
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13957]: pam_unix(cron:session): session closed for user root
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14026]: Successful su for rubyman by root
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14026]: + ??? root:rubyman
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591163 of user rubyman.
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14026]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591163.
Jun 25 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: Failed password for root from 91.92.40.124 port 59666 ssh2
Jun 25 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13953]: pam_unix(cron:session): session closed for user root
Jun 25 16:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: Connection closed by 91.92.40.124 port 59666 [preauth]
Jun 25 16:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11049]: pam_unix(cron:session): session closed for user root
Jun 25 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13952]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: Failed password for root from 91.92.40.124 port 59742 ssh2
Jun 25 16:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: Connection closed by 91.92.40.124 port 59742 [preauth]
Jun 25 16:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Failed password for invalid user ubuntu from 91.92.40.124 port 33386 ssh2
Jun 25 16:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Connection closed by 91.92.40.124 port 33386 [preauth]
Jun 25 16:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Invalid user wizard from 91.92.40.124
Jun 25 16:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: input_userauth_request: invalid user wizard [preauth]
Jun 25 16:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Failed password for invalid user wizard from 91.92.40.124 port 47534 ssh2
Jun 25 16:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Connection closed by 91.92.40.124 port 47534 [preauth]
Jun 25 16:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: User john from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 16:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: input_userauth_request: invalid user john [preauth]
Jun 25 16:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=john
Jun 25 16:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Failed password for invalid user john from 91.92.40.124 port 47566 ssh2
Jun 25 16:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Connection closed by 91.92.40.124 port 47566 [preauth]
Jun 25 16:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: Invalid user runner from 91.92.40.124
Jun 25 16:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: input_userauth_request: invalid user runner [preauth]
Jun 25 16:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13088]: pam_unix(cron:session): session closed for user root
Jun 25 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: Failed password for invalid user runner from 91.92.40.124 port 41282 ssh2
Jun 25 16:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14292]: Connection closed by 91.92.40.124 port 41282 [preauth]
Jun 25 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Invalid user security from 91.92.40.124
Jun 25 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: input_userauth_request: invalid user security [preauth]
Jun 25 16:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Failed password for invalid user security from 91.92.40.124 port 41330 ssh2
Jun 25 16:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Connection closed by 91.92.40.124 port 41330 [preauth]
Jun 25 16:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Invalid user claude from 91.92.40.124
Jun 25 16:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: input_userauth_request: invalid user claude [preauth]
Jun 25 16:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: Invalid user duo from 68.183.236.1
Jun 25 16:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: input_userauth_request: invalid user duo [preauth]
Jun 25 16:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Failed password for invalid user claude from 91.92.40.124 port 50762 ssh2
Jun 25 16:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Connection closed by 91.92.40.124 port 50762 [preauth]
Jun 25 16:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Invalid user claude from 91.92.40.124
Jun 25 16:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: input_userauth_request: invalid user claude [preauth]
Jun 25 16:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: Failed password for invalid user duo from 68.183.236.1 port 57506 ssh2
Jun 25 16:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: Received disconnect from 68.183.236.1 port 57506:11: Bye Bye [preauth]
Jun 25 16:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: Disconnected from 68.183.236.1 port 57506 [preauth]
Jun 25 16:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Failed password for invalid user claude from 91.92.40.124 port 34154 ssh2
Jun 25 16:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Connection closed by 91.92.40.124 port 34154 [preauth]
Jun 25 16:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Failed password for invalid user ubuntu from 91.92.40.124 port 34228 ssh2
Jun 25 16:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Connection closed by 91.92.40.124 port 34228 [preauth]
Jun 25 16:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14390]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: Failed password for root from 91.92.40.124 port 59940 ssh2
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14456]: Successful su for rubyman by root
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14456]: + ??? root:rubyman
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591167 of user rubyman.
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14456]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591167.
Jun 25 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: Connection closed by 91.92.40.124 port 59940 [preauth]
Jun 25 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11591]: pam_unix(cron:session): session closed for user root
Jun 25 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14391]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: Invalid user admin from 91.92.40.124
Jun 25 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: input_userauth_request: invalid user admin [preauth]
Jun 25 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: Failed password for invalid user admin from 91.92.40.124 port 59818 ssh2
Jun 25 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: Connection closed by 91.92.40.124 port 59818 [preauth]
Jun 25 16:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: Invalid user a from 91.92.40.124
Jun 25 16:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: input_userauth_request: invalid user a [preauth]
Jun 25 16:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: Failed password for invalid user a from 91.92.40.124 port 59854 ssh2
Jun 25 16:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14693]: Connection closed by 91.92.40.124 port 59854 [preauth]
Jun 25 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14723]: Failed password for root from 91.92.40.124 port 46198 ssh2
Jun 25 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14723]: Connection closed by 91.92.40.124 port 46198 [preauth]
Jun 25 16:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Invalid user ubuntu from 91.92.40.124
Jun 25 16:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 16:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Failed password for invalid user ubuntu from 91.92.40.124 port 46272 ssh2
Jun 25 16:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Connection closed by 91.92.40.124 port 46272 [preauth]
Jun 25 16:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Invalid user fastuser from 91.92.40.124
Jun 25 16:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 16:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Failed password for invalid user fastuser from 91.92.40.124 port 45646 ssh2
Jun 25 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Connection closed by 91.92.40.124 port 45646 [preauth]
Jun 25 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13527]: pam_unix(cron:session): session closed for user root
Jun 25 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: Invalid user kingbase from 91.92.40.124
Jun 25 16:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: input_userauth_request: invalid user kingbase [preauth]
Jun 25 16:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: Failed password for invalid user kingbase from 91.92.40.124 port 54180 ssh2
Jun 25 16:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: Connection closed by 91.92.40.124 port 54180 [preauth]
Jun 25 16:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: Invalid user oracle from 91.92.40.124
Jun 25 16:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: input_userauth_request: invalid user oracle [preauth]
Jun 25 16:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: Failed password for invalid user oracle from 91.92.40.124 port 54204 ssh2
Jun 25 16:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: Connection closed by 91.92.40.124 port 54204 [preauth]
Jun 25 16:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: Invalid user drcomadmin from 91.92.40.124
Jun 25 16:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 25 16:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: Failed password for invalid user drcomadmin from 91.92.40.124 port 35540 ssh2
Jun 25 16:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: Connection closed by 91.92.40.124 port 35540 [preauth]
Jun 25 16:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: Invalid user pi from 91.92.40.124
Jun 25 16:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: input_userauth_request: invalid user pi [preauth]
Jun 25 16:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Failed password for root from 103.200.25.79 port 45858 ssh2
Jun 25 16:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Received disconnect from 103.200.25.79 port 45858:11: Bye Bye [preauth]
Jun 25 16:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Disconnected from 103.200.25.79 port 45858 [preauth]
Jun 25 16:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: Failed password for invalid user pi from 91.92.40.124 port 35686 ssh2
Jun 25 16:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14886]: Connection closed by 91.92.40.124 port 35686 [preauth]
Jun 25 16:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: Invalid user labuser from 91.92.40.124
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: input_userauth_request: invalid user labuser [preauth]
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14908]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14908]: pam_unix(cron:session): session closed for user root
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14910]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14978]: Successful su for rubyman by root
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14978]: + ??? root:rubyman
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591170 of user rubyman.
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14978]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591170.
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: Failed password for invalid user labuser from 91.92.40.124 port 51646 ssh2
Jun 25 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12097]: pam_unix(cron:session): session closed for user root
Jun 25 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14898]: Connection closed by 91.92.40.124 port 51646 [preauth]
Jun 25 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14911]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Invalid user oracle from 91.92.40.124
Jun 25 16:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: input_userauth_request: invalid user oracle [preauth]
Jun 25 16:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Failed password for invalid user oracle from 91.92.40.124 port 51696 ssh2
Jun 25 16:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Connection closed by 91.92.40.124 port 51696 [preauth]
Jun 25 16:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Invalid user azureuser from 91.92.40.124
Jun 25 16:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: input_userauth_request: invalid user azureuser [preauth]
Jun 25 16:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Failed password for invalid user azureuser from 91.92.40.124 port 34458 ssh2
Jun 25 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Connection closed by 91.92.40.124 port 34458 [preauth]
Jun 25 16:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: Failed password for root from 91.92.40.124 port 54160 ssh2
Jun 25 16:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15190]: Connection closed by 91.92.40.124 port 54160 [preauth]
Jun 25 16:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Invalid user server from 91.92.40.124
Jun 25 16:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: input_userauth_request: invalid user server [preauth]
Jun 25 16:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Failed password for invalid user server from 91.92.40.124 port 54214 ssh2
Jun 25 16:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Connection closed by 91.92.40.124 port 54214 [preauth]
Jun 25 16:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Invalid user fastuser from 91.92.40.124
Jun 25 16:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 16:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13955]: pam_unix(cron:session): session closed for user root
Jun 25 16:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Failed password for invalid user fastuser from 91.92.40.124 port 38926 ssh2
Jun 25 16:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Connection closed by 91.92.40.124 port 38926 [preauth]
Jun 25 16:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: Failed password for root from 68.183.236.1 port 56910 ssh2
Jun 25 16:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: Received disconnect from 68.183.236.1 port 56910:11: Bye Bye [preauth]
Jun 25 16:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: Disconnected from 68.183.236.1 port 56910 [preauth]
Jun 25 16:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: Failed password for root from 91.92.40.124 port 38972 ssh2
Jun 25 16:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: Connection closed by 91.92.40.124 port 38972 [preauth]
Jun 25 16:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: Invalid user user from 91.92.40.124
Jun 25 16:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: input_userauth_request: invalid user user [preauth]
Jun 25 16:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: Failed password for invalid user user from 91.92.40.124 port 54788 ssh2
Jun 25 16:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Invalid user mc from 91.92.40.124
Jun 25 16:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: input_userauth_request: invalid user mc [preauth]
Jun 25 16:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: Connection closed by 91.92.40.124 port 54788 [preauth]
Jun 25 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Failed password for invalid user mc from 91.92.40.124 port 40334 ssh2
Jun 25 16:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Connection closed by 91.92.40.124 port 40334 [preauth]
Jun 25 16:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: Invalid user test from 91.92.40.124
Jun 25 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: input_userauth_request: invalid user test [preauth]
Jun 25 16:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: Failed password for invalid user test from 91.92.40.124 port 40386 ssh2
Jun 25 16:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15338]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15396]: Successful su for rubyman by root
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15396]: + ??? root:rubyman
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591175 of user rubyman.
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15396]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591175.
Jun 25 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: Connection closed by 91.92.40.124 port 40386 [preauth]
Jun 25 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session closed for user root
Jun 25 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15339]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: Failed password for root from 91.92.40.124 port 46370 ssh2
Jun 25 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Invalid user trinity from 91.92.40.124
Jun 25 16:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: input_userauth_request: invalid user trinity [preauth]
Jun 25 16:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: Connection closed by 91.92.40.124 port 46370 [preauth]
Jun 25 16:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Failed password for invalid user trinity from 91.92.40.124 port 46470 ssh2
Jun 25 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Connection closed by 91.92.40.124 port 46470 [preauth]
Jun 25 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Invalid user reza from 91.92.40.124
Jun 25 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: input_userauth_request: invalid user reza [preauth]
Jun 25 16:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Failed password for invalid user reza from 91.92.40.124 port 41280 ssh2
Jun 25 16:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Connection closed by 91.92.40.124 port 41280 [preauth]
Jun 25 16:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Invalid user ivan from 91.92.40.124
Jun 25 16:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: input_userauth_request: invalid user ivan [preauth]
Jun 25 16:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Failed password for invalid user ivan from 91.92.40.124 port 41330 ssh2
Jun 25 16:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Connection closed by 91.92.40.124 port 41330 [preauth]
Jun 25 16:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Invalid user private from 91.92.40.124
Jun 25 16:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: input_userauth_request: invalid user private [preauth]
Jun 25 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Failed password for invalid user private from 91.92.40.124 port 51744 ssh2
Jun 25 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Invalid user ts3 from 91.92.40.124
Jun 25 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14393]: pam_unix(cron:session): session closed for user root
Jun 25 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Connection closed by 91.92.40.124 port 51744 [preauth]
Jun 25 16:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Failed password for invalid user ts3 from 91.92.40.124 port 51788 ssh2
Jun 25 16:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: Invalid user deploy from 91.92.40.124
Jun 25 16:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: input_userauth_request: invalid user deploy [preauth]
Jun 25 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Connection closed by 91.92.40.124 port 51788 [preauth]
Jun 25 16:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: Failed password for invalid user deploy from 91.92.40.124 port 33638 ssh2
Jun 25 16:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: Invalid user pi from 91.92.40.124
Jun 25 16:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: input_userauth_request: invalid user pi [preauth]
Jun 25 16:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: Connection closed by 91.92.40.124 port 33638 [preauth]
Jun 25 16:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Failed password for root from 103.200.25.79 port 34796 ssh2
Jun 25 16:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Received disconnect from 103.200.25.79 port 34796:11: Bye Bye [preauth]
Jun 25 16:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Disconnected from 103.200.25.79 port 34796 [preauth]
Jun 25 16:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: Failed password for invalid user pi from 91.92.40.124 port 40962 ssh2
Jun 25 16:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Invalid user claude from 91.92.40.124
Jun 25 16:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: input_userauth_request: invalid user claude [preauth]
Jun 25 16:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15672]: Connection closed by 91.92.40.124 port 40962 [preauth]
Jun 25 16:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Failed password for invalid user claude from 91.92.40.124 port 41038 ssh2
Jun 25 16:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: Invalid user dev from 91.92.40.124
Jun 25 16:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: input_userauth_request: invalid user dev [preauth]
Jun 25 16:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Connection closed by 91.92.40.124 port 41038 [preauth]
Jun 25 16:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: Failed password for invalid user dev from 91.92.40.124 port 49594 ssh2
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: Invalid user test from 91.92.40.124
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: input_userauth_request: invalid user test [preauth]
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15750]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15806]: Successful su for rubyman by root
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15806]: + ??? root:rubyman
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591179 of user rubyman.
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15806]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591179.
Jun 25 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: Connection closed by 91.92.40.124 port 49594 [preauth]
Jun 25 16:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13087]: pam_unix(cron:session): session closed for user root
Jun 25 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: Failed password for invalid user test from 91.92.40.124 port 49654 ssh2
Jun 25 16:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15749]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Invalid user arthur from 91.92.40.124
Jun 25 16:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: input_userauth_request: invalid user arthur [preauth]
Jun 25 16:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: Connection closed by 91.92.40.124 port 49654 [preauth]
Jun 25 16:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Failed password for root from 103.27.238.116 port 51280 ssh2
Jun 25 16:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Connection closed by 103.27.238.116 port 51280 [preauth]
Jun 25 16:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Failed password for invalid user arthur from 91.92.40.124 port 45556 ssh2
Jun 25 16:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: Invalid user hu from 91.92.40.124
Jun 25 16:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: input_userauth_request: invalid user hu [preauth]
Jun 25 16:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Connection closed by 91.92.40.124 port 45556 [preauth]
Jun 25 16:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: Failed password for invalid user hu from 91.92.40.124 port 48534 ssh2
Jun 25 16:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: Invalid user teamspeak from 91.92.40.124
Jun 25 16:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 16:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: Connection closed by 91.92.40.124 port 48534 [preauth]
Jun 25 16:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: Failed password for invalid user teamspeak from 91.92.40.124 port 48554 ssh2
Jun 25 16:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Invalid user newuser from 91.92.40.124
Jun 25 16:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: input_userauth_request: invalid user newuser [preauth]
Jun 25 16:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: Connection closed by 91.92.40.124 port 48554 [preauth]
Jun 25 16:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 16:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Failed password for invalid user newuser from 91.92.40.124 port 60570 ssh2
Jun 25 16:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: Invalid user zahra from 91.92.40.124
Jun 25 16:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: input_userauth_request: invalid user zahra [preauth]
Jun 25 16:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Failed password for root from 87.251.79.125 port 44920 ssh2
Jun 25 16:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Connection closed by 87.251.79.125 port 44920 [preauth]
Jun 25 16:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Connection closed by 91.92.40.124 port 60570 [preauth]
Jun 25 16:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: Failed password for invalid user zahra from 91.92.40.124 port 60622 ssh2
Jun 25 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: Failed password for root from 68.183.236.1 port 54258 ssh2
Jun 25 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14913]: pam_unix(cron:session): session closed for user root
Jun 25 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: Received disconnect from 68.183.236.1 port 54258:11: Bye Bye [preauth]
Jun 25 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: Disconnected from 68.183.236.1 port 54258 [preauth]
Jun 25 16:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: Connection closed by 91.92.40.124 port 60622 [preauth]
Jun 25 16:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Failed password for root from 91.92.40.124 port 57790 ssh2
Jun 25 16:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: User ftp from 91.92.40.124 not allowed because not listed in AllowUsers
Jun 25 16:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: input_userauth_request: invalid user ftp [preauth]
Jun 25 16:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Connection closed by 91.92.40.124 port 57790 [preauth]
Jun 25 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=ftp
Jun 25 16:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: Failed password for invalid user ftp from 91.92.40.124 port 57850 ssh2
Jun 25 16:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Invalid user app from 91.92.40.124
Jun 25 16:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: input_userauth_request: invalid user app [preauth]
Jun 25 16:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: Connection closed by 91.92.40.124 port 57850 [preauth]
Jun 25 16:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Failed password for invalid user app from 91.92.40.124 port 55598 ssh2
Jun 25 16:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Connection closed by 91.92.40.124 port 55598 [preauth]
Jun 25 16:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: Failed password for root from 91.92.40.124 port 55640 ssh2
Jun 25 16:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Invalid user student from 91.92.40.124
Jun 25 16:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: input_userauth_request: invalid user student [preauth]
Jun 25 16:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: Connection closed by 91.92.40.124 port 55640 [preauth]
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session closed for user root
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16232]: Successful su for rubyman by root
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16232]: + ??? root:rubyman
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591185 of user rubyman.
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16232]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591185.
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Failed password for invalid user student from 91.92.40.124 port 47456 ssh2
Jun 25 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16163]: pam_unix(cron:session): session closed for user root
Jun 25 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16148]: Invalid user admin from 91.92.40.124
Jun 25 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16148]: input_userauth_request: invalid user admin [preauth]
Jun 25 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13526]: pam_unix(cron:session): session closed for user root
Jun 25 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Connection closed by 91.92.40.124 port 47456 [preauth]
Jun 25 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16148]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16162]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16148]: Failed password for invalid user admin from 91.92.40.124 port 45928 ssh2
Jun 25 16:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16148]: Connection closed by 91.92.40.124 port 45928 [preauth]
Jun 25 16:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: Invalid user test from 91.92.40.124
Jun 25 16:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: input_userauth_request: invalid user test [preauth]
Jun 25 16:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: Failed password for invalid user test from 91.92.40.124 port 46018 ssh2
Jun 25 16:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Invalid user user2 from 91.92.40.124
Jun 25 16:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: input_userauth_request: invalid user user2 [preauth]
Jun 25 16:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: Connection closed by 91.92.40.124 port 46018 [preauth]
Jun 25 16:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124
Jun 25 16:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Failed password for invalid user user2 from 91.92.40.124 port 35470 ssh2
Jun 25 16:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16434]: Connection closed by 91.92.40.124 port 35470 [preauth]
Jun 25 16:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.124  user=root
Jun 25 16:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16457]: Failed password for root from 91.92.40.124 port 52322 ssh2
Jun 25 16:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16457]: Connection closed by 91.92.40.124 port 52322 [preauth]
Jun 25 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15341]: pam_unix(cron:session): session closed for user root
Jun 25 16:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Invalid user speedtest from 103.200.25.79
Jun 25 16:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: input_userauth_request: invalid user speedtest [preauth]
Jun 25 16:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Failed password for invalid user speedtest from 103.200.25.79 port 48264 ssh2
Jun 25 16:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Received disconnect from 103.200.25.79 port 48264:11: Bye Bye [preauth]
Jun 25 16:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Disconnected from 103.200.25.79 port 48264 [preauth]
Jun 25 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16591]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16660]: Successful su for rubyman by root
Jun 25 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16660]: + ??? root:rubyman
Jun 25 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591190 of user rubyman.
Jun 25 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16660]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591190.
Jun 25 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13954]: pam_unix(cron:session): session closed for user root
Jun 25 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16592]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15751]: pam_unix(cron:session): session closed for user root
Jun 25 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: Invalid user debian from 68.183.236.1
Jun 25 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: input_userauth_request: invalid user debian [preauth]
Jun 25 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 16:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: Failed password for invalid user debian from 68.183.236.1 port 43354 ssh2
Jun 25 16:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: Received disconnect from 68.183.236.1 port 43354:11: Bye Bye [preauth]
Jun 25 16:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: Disconnected from 68.183.236.1 port 43354 [preauth]
Jun 25 16:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 16:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Failed password for root from 176.32.39.21 port 56744 ssh2
Jun 25 16:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Connection closed by 176.32.39.21 port 56744 [preauth]
Jun 25 16:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Failed password for root from 103.82.20.28 port 35164 ssh2
Jun 25 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: Invalid user ubnt from 45.148.10.121
Jun 25 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: input_userauth_request: invalid user ubnt [preauth]
Jun 25 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Connection closed by 103.82.20.28 port 35164 [preauth]
Jun 25 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 16:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: Failed password for invalid user ubnt from 45.148.10.121 port 53574 ssh2
Jun 25 16:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: Connection closed by 45.148.10.121 port 53574 [preauth]
Jun 25 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17158]: Successful su for rubyman by root
Jun 25 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17158]: + ??? root:rubyman
Jun 25 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591195 of user rubyman.
Jun 25 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17158]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591195.
Jun 25 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14392]: pam_unix(cron:session): session closed for user root
Jun 25 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17100]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16165]: pam_unix(cron:session): session closed for user root
Jun 25 16:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Invalid user test from 103.200.25.79
Jun 25 16:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: input_userauth_request: invalid user test [preauth]
Jun 25 16:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Failed password for invalid user test from 103.200.25.79 port 60548 ssh2
Jun 25 16:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Received disconnect from 103.200.25.79 port 60548:11: Bye Bye [preauth]
Jun 25 16:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Disconnected from 103.200.25.79 port 60548 [preauth]
Jun 25 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17516]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17573]: Successful su for rubyman by root
Jun 25 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17573]: + ??? root:rubyman
Jun 25 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591198 of user rubyman.
Jun 25 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17573]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591198.
Jun 25 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14912]: pam_unix(cron:session): session closed for user root
Jun 25 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17515]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 16:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: Failed password for root from 193.37.70.224 port 33520 ssh2
Jun 25 16:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: Connection closed by 193.37.70.224 port 33520 [preauth]
Jun 25 16:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16594]: pam_unix(cron:session): session closed for user root
Jun 25 16:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: Invalid user admin from 68.183.236.1
Jun 25 16:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: input_userauth_request: invalid user admin [preauth]
Jun 25 16:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: Failed password for invalid user admin from 68.183.236.1 port 36296 ssh2
Jun 25 16:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: Received disconnect from 68.183.236.1 port 36296:11: Bye Bye [preauth]
Jun 25 16:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: Disconnected from 68.183.236.1 port 36296 [preauth]
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18012]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18079]: Successful su for rubyman by root
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18079]: + ??? root:rubyman
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591202 of user rubyman.
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18079]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591202.
Jun 25 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15340]: pam_unix(cron:session): session closed for user root
Jun 25 16:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18013]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17102]: pam_unix(cron:session): session closed for user root
Jun 25 16:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: Failed password for root from 103.200.25.79 port 57136 ssh2
Jun 25 16:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: Received disconnect from 103.200.25.79 port 57136:11: Bye Bye [preauth]
Jun 25 16:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: Disconnected from 103.200.25.79 port 57136 [preauth]
Jun 25 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18524]: pam_unix(cron:session): session closed for user root
Jun 25 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18594]: Successful su for rubyman by root
Jun 25 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18594]: + ??? root:rubyman
Jun 25 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591206 of user rubyman.
Jun 25 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18594]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591206.
Jun 25 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session closed for user root
Jun 25 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15750]: pam_unix(cron:session): session closed for user root
Jun 25 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17517]: pam_unix(cron:session): session closed for user root
Jun 25 16:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18926]: Failed password for root from 68.183.236.1 port 51146 ssh2
Jun 25 16:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18926]: Received disconnect from 68.183.236.1 port 51146:11: Bye Bye [preauth]
Jun 25 16:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18926]: Disconnected from 68.183.236.1 port 51146 [preauth]
Jun 25 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18988]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19052]: Successful su for rubyman by root
Jun 25 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19052]: + ??? root:rubyman
Jun 25 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591211 of user rubyman.
Jun 25 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19052]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591211.
Jun 25 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session closed for user root
Jun 25 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18015]: pam_unix(cron:session): session closed for user root
Jun 25 16:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Failed password for root from 103.200.25.79 port 54782 ssh2
Jun 25 16:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Received disconnect from 103.200.25.79 port 54782:11: Bye Bye [preauth]
Jun 25 16:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Disconnected from 103.200.25.79 port 54782 [preauth]
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19489]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19744]: Successful su for rubyman by root
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19744]: + ??? root:rubyman
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591216 of user rubyman.
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19744]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591216.
Jun 25 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16593]: pam_unix(cron:session): session closed for user root
Jun 25 16:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19490]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 16:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Failed password for root from 62.133.62.83 port 54016 ssh2
Jun 25 16:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Connection closed by 62.133.62.83 port 54016 [preauth]
Jun 25 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session closed for user root
Jun 25 16:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Invalid user hyun from 68.183.236.1
Jun 25 16:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: input_userauth_request: invalid user hyun [preauth]
Jun 25 16:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Failed password for invalid user hyun from 68.183.236.1 port 36364 ssh2
Jun 25 16:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Received disconnect from 68.183.236.1 port 36364:11: Bye Bye [preauth]
Jun 25 16:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Disconnected from 68.183.236.1 port 36364 [preauth]
Jun 25 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20100]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20258]: Successful su for rubyman by root
Jun 25 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20258]: + ??? root:rubyman
Jun 25 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591220 of user rubyman.
Jun 25 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20258]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591220.
Jun 25 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17101]: pam_unix(cron:session): session closed for user root
Jun 25 16:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20101]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18989]: pam_unix(cron:session): session closed for user root
Jun 25 16:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Invalid user csserver from 103.200.25.79
Jun 25 16:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: input_userauth_request: invalid user csserver [preauth]
Jun 25 16:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Failed password for invalid user csserver from 103.200.25.79 port 33226 ssh2
Jun 25 16:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Received disconnect from 103.200.25.79 port 33226:11: Bye Bye [preauth]
Jun 25 16:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Disconnected from 103.200.25.79 port 33226 [preauth]
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20613]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20728]: Successful su for rubyman by root
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20728]: + ??? root:rubyman
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591224 of user rubyman.
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20728]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591224.
Jun 25 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17516]: pam_unix(cron:session): session closed for user root
Jun 25 16:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20617]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 16:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: Failed password for root from 147.45.199.80 port 53166 ssh2
Jun 25 16:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: Connection closed by 147.45.199.80 port 53166 [preauth]
Jun 25 16:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19493]: pam_unix(cron:session): session closed for user root
Jun 25 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Invalid user server from 68.183.236.1
Jun 25 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: input_userauth_request: invalid user server [preauth]
Jun 25 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Failed password for invalid user server from 68.183.236.1 port 49268 ssh2
Jun 25 16:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Received disconnect from 68.183.236.1 port 49268:11: Bye Bye [preauth]
Jun 25 16:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Disconnected from 68.183.236.1 port 49268 [preauth]
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session closed for user root
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21183]: Successful su for rubyman by root
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21183]: + ??? root:rubyman
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591231 of user rubyman.
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21183]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591231.
Jun 25 16:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user root
Jun 25 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18014]: pam_unix(cron:session): session closed for user root
Jun 25 16:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 16:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: Failed password for root from 194.113.233.25 port 57776 ssh2
Jun 25 16:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21459]: Connection closed by 194.113.233.25 port 57776 [preauth]
Jun 25 16:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20103]: pam_unix(cron:session): session closed for user root
Jun 25 16:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21503]: Connection closed by 194.59.206.2 port 59600 [preauth]
Jun 25 16:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: Failed password for root from 103.200.25.79 port 36312 ssh2
Jun 25 16:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: Received disconnect from 103.200.25.79 port 36312:11: Bye Bye [preauth]
Jun 25 16:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: Disconnected from 103.200.25.79 port 36312 [preauth]
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21642]: Successful su for rubyman by root
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21642]: + ??? root:rubyman
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591235 of user rubyman.
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21642]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591235.
Jun 25 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21569]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session closed for user root
Jun 25 16:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 16:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Failed password for root from 103.122.221.179 port 35178 ssh2
Jun 25 16:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Connection closed by 103.122.221.179 port 35178 [preauth]
Jun 25 16:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Invalid user common from 68.183.236.1
Jun 25 16:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: input_userauth_request: invalid user common [preauth]
Jun 25 16:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Failed password for invalid user common from 68.183.236.1 port 56648 ssh2
Jun 25 16:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Received disconnect from 68.183.236.1 port 56648:11: Bye Bye [preauth]
Jun 25 16:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Disconnected from 68.183.236.1 port 56648 [preauth]
Jun 25 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20619]: pam_unix(cron:session): session closed for user root
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21999]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22057]: Successful su for rubyman by root
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22057]: + ??? root:rubyman
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591237 of user rubyman.
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22057]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591237.
Jun 25 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18988]: pam_unix(cron:session): session closed for user root
Jun 25 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22000]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 16:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: Failed password for root from 109.237.96.109 port 50456 ssh2
Jun 25 16:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: Connection closed by 109.237.96.109 port 50456 [preauth]
Jun 25 16:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: Invalid user igor from 103.200.25.79
Jun 25 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: input_userauth_request: invalid user igor [preauth]
Jun 25 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session closed for user root
Jun 25 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: Failed password for invalid user igor from 103.200.25.79 port 48364 ssh2
Jun 25 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: Received disconnect from 103.200.25.79 port 48364:11: Bye Bye [preauth]
Jun 25 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: Disconnected from 103.200.25.79 port 48364 [preauth]
Jun 25 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22493]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22552]: Successful su for rubyman by root
Jun 25 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22552]: + ??? root:rubyman
Jun 25 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591242 of user rubyman.
Jun 25 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22552]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591242.
Jun 25 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19491]: pam_unix(cron:session): session closed for user root
Jun 25 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22494]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: User backup from 68.183.236.1 not allowed because not listed in AllowUsers
Jun 25 16:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: input_userauth_request: invalid user backup [preauth]
Jun 25 16:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=backup
Jun 25 16:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: Failed password for invalid user backup from 68.183.236.1 port 40158 ssh2
Jun 25 16:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: Received disconnect from 68.183.236.1 port 40158:11: Bye Bye [preauth]
Jun 25 16:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: Disconnected from 68.183.236.1 port 40158 [preauth]
Jun 25 16:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21571]: pam_unix(cron:session): session closed for user root
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22960]: Successful su for rubyman by root
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22960]: + ??? root:rubyman
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591245 of user rubyman.
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22960]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591245.
Jun 25 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20102]: pam_unix(cron:session): session closed for user root
Jun 25 16:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: Invalid user testuser from 103.200.25.79
Jun 25 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: input_userauth_request: invalid user testuser [preauth]
Jun 25 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22002]: pam_unix(cron:session): session closed for user root
Jun 25 16:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: Failed password for invalid user testuser from 103.200.25.79 port 47674 ssh2
Jun 25 16:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: Received disconnect from 103.200.25.79 port 47674:11: Bye Bye [preauth]
Jun 25 16:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: Disconnected from 103.200.25.79 port 47674 [preauth]
Jun 25 16:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23289]: Received disconnect from 138.68.4.170 port 45276:11: disconnected by user [preauth]
Jun 25 16:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23289]: Disconnected from 138.68.4.170 port 45276 [preauth]
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23318]: pam_unix(cron:session): session closed for user root
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23310]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23390]: Successful su for rubyman by root
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23390]: + ??? root:rubyman
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591254 of user rubyman.
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23390]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591254.
Jun 25 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23312]: pam_unix(cron:session): session closed for user root
Jun 25 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20618]: pam_unix(cron:session): session closed for user root
Jun 25 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23311]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: Invalid user testuser from 68.183.236.1
Jun 25 16:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: input_userauth_request: invalid user testuser [preauth]
Jun 25 16:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: Failed password for invalid user testuser from 68.183.236.1 port 51720 ssh2
Jun 25 16:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: Received disconnect from 68.183.236.1 port 51720:11: Bye Bye [preauth]
Jun 25 16:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23634]: Disconnected from 68.183.236.1 port 51720 [preauth]
Jun 25 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22496]: pam_unix(cron:session): session closed for user root
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23770]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23934]: Successful su for rubyman by root
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23934]: + ??? root:rubyman
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591256 of user rubyman.
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23934]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591256.
Jun 25 16:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session closed for user root
Jun 25 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23771]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22900]: pam_unix(cron:session): session closed for user root
Jun 25 16:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Invalid user appserver from 103.200.25.79
Jun 25 16:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: input_userauth_request: invalid user appserver [preauth]
Jun 25 16:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Failed password for invalid user appserver from 103.200.25.79 port 57598 ssh2
Jun 25 16:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Received disconnect from 103.200.25.79 port 57598:11: Bye Bye [preauth]
Jun 25 16:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Disconnected from 103.200.25.79 port 57598 [preauth]
Jun 25 16:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Invalid user jeff from 141.98.83.240
Jun 25 16:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: input_userauth_request: invalid user jeff [preauth]
Jun 25 16:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 16:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Failed password for invalid user jeff from 141.98.83.240 port 26690 ssh2
Jun 25 16:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Failed password for invalid user jeff from 141.98.83.240 port 26690 ssh2
Jun 25 16:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Failed password for invalid user jeff from 141.98.83.240 port 26690 ssh2
Jun 25 16:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Connection closed by 141.98.83.240 port 26690 [preauth]
Jun 25 16:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 16:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Invalid user admin from 2.57.121.25
Jun 25 16:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: input_userauth_request: invalid user admin [preauth]
Jun 25 16:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 16:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Failed password for invalid user admin from 2.57.121.25 port 60134 ssh2
Jun 25 16:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Failed password for invalid user admin from 2.57.121.25 port 60134 ssh2
Jun 25 16:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Failed password for invalid user admin from 2.57.121.25 port 60134 ssh2
Jun 25 16:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Connection closed by 2.57.121.25 port 60134 [preauth]
Jun 25 16:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24298]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24363]: Successful su for rubyman by root
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24363]: + ??? root:rubyman
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591259 of user rubyman.
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24363]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591259.
Jun 25 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21570]: pam_unix(cron:session): session closed for user root
Jun 25 16:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24299]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Failed password for root from 68.183.236.1 port 46662 ssh2
Jun 25 16:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Received disconnect from 68.183.236.1 port 46662:11: Bye Bye [preauth]
Jun 25 16:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Disconnected from 68.183.236.1 port 46662 [preauth]
Jun 25 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23314]: pam_unix(cron:session): session closed for user root
Jun 25 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24732]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24797]: Successful su for rubyman by root
Jun 25 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24797]: + ??? root:rubyman
Jun 25 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591263 of user rubyman.
Jun 25 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24797]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591263.
Jun 25 16:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22001]: pam_unix(cron:session): session closed for user root
Jun 25 16:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24733]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23777]: pam_unix(cron:session): session closed for user root
Jun 25 16:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25066]: Failed password for root from 103.200.25.79 port 33774 ssh2
Jun 25 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25066]: Received disconnect from 103.200.25.79 port 33774:11: Bye Bye [preauth]
Jun 25 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25066]: Disconnected from 103.200.25.79 port 33774 [preauth]
Jun 25 16:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25100]: Received disconnect from 168.194.64.3 port 48782:11: disconnected by user [preauth]
Jun 25 16:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25100]: Disconnected from 168.194.64.3 port 48782 [preauth]
Jun 25 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25129]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25254]: Successful su for rubyman by root
Jun 25 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25254]: + ??? root:rubyman
Jun 25 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591267 of user rubyman.
Jun 25 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25254]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591267.
Jun 25 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session closed for user root
Jun 25 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22495]: pam_unix(cron:session): session closed for user root
Jun 25 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25130]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Invalid user gituser from 68.183.236.1
Jun 25 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: input_userauth_request: invalid user gituser [preauth]
Jun 25 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Failed password for invalid user gituser from 68.183.236.1 port 38140 ssh2
Jun 25 16:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Received disconnect from 68.183.236.1 port 38140:11: Bye Bye [preauth]
Jun 25 16:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Disconnected from 68.183.236.1 port 38140 [preauth]
Jun 25 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24302]: pam_unix(cron:session): session closed for user root
Jun 25 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Invalid user aspera from 41.82.50.218
Jun 25 16:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: input_userauth_request: invalid user aspera [preauth]
Jun 25 16:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 16:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Failed password for invalid user aspera from 41.82.50.218 port 41195 ssh2
Jun 25 16:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Received disconnect from 41.82.50.218 port 41195:11: Bye Bye [preauth]
Jun 25 16:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Disconnected from 41.82.50.218 port 41195 [preauth]
Jun 25 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25618]: pam_unix(cron:session): session closed for user root
Jun 25 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25677]: Successful su for rubyman by root
Jun 25 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25677]: + ??? root:rubyman
Jun 25 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591274 of user rubyman.
Jun 25 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25677]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591274.
Jun 25 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25615]: pam_unix(cron:session): session closed for user root
Jun 25 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session closed for user root
Jun 25 16:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25614]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 16:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Failed password for root from 103.77.242.62 port 56360 ssh2
Jun 25 16:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Connection closed by 103.77.242.62 port 56360 [preauth]
Jun 25 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24735]: pam_unix(cron:session): session closed for user root
Jun 25 16:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Invalid user user1 from 103.200.25.79
Jun 25 16:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: input_userauth_request: invalid user user1 [preauth]
Jun 25 16:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Failed password for invalid user user1 from 103.200.25.79 port 48086 ssh2
Jun 25 16:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Received disconnect from 103.200.25.79 port 48086:11: Bye Bye [preauth]
Jun 25 16:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Disconnected from 103.200.25.79 port 48086 [preauth]
Jun 25 16:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 16:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Failed password for root from 103.176.20.57 port 35726 ssh2
Jun 25 16:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Connection closed by 103.176.20.57 port 35726 [preauth]
Jun 25 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26040]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26110]: Successful su for rubyman by root
Jun 25 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26110]: + ??? root:rubyman
Jun 25 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591278 of user rubyman.
Jun 25 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26110]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591278.
Jun 25 16:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23313]: pam_unix(cron:session): session closed for user root
Jun 25 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26041]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Invalid user speedtest from 68.183.236.1
Jun 25 16:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: input_userauth_request: invalid user speedtest [preauth]
Jun 25 16:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Failed password for invalid user speedtest from 68.183.236.1 port 36884 ssh2
Jun 25 16:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Received disconnect from 68.183.236.1 port 36884:11: Bye Bye [preauth]
Jun 25 16:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Disconnected from 68.183.236.1 port 36884 [preauth]
Jun 25 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session closed for user root
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26442]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26503]: Successful su for rubyman by root
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26503]: + ??? root:rubyman
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591282 of user rubyman.
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26503]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591282.
Jun 25 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23772]: pam_unix(cron:session): session closed for user root
Jun 25 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26443]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Invalid user andrew from 102.210.148.92
Jun 25 16:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: input_userauth_request: invalid user andrew [preauth]
Jun 25 16:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 16:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Failed password for invalid user andrew from 102.210.148.92 port 58138 ssh2
Jun 25 16:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Received disconnect from 102.210.148.92 port 58138:11: Bye Bye [preauth]
Jun 25 16:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Disconnected from 102.210.148.92 port 58138 [preauth]
Jun 25 16:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session closed for user root
Jun 25 16:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 16:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: Failed password for root from 103.77.175.15 port 58474 ssh2
Jun 25 16:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: Connection closed by 103.77.175.15 port 58474 [preauth]
Jun 25 16:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: Invalid user hyun from 103.200.25.79
Jun 25 16:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: input_userauth_request: invalid user hyun [preauth]
Jun 25 16:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: Failed password for invalid user hyun from 103.200.25.79 port 60078 ssh2
Jun 25 16:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: Received disconnect from 103.200.25.79 port 60078:11: Bye Bye [preauth]
Jun 25 16:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: Disconnected from 103.200.25.79 port 60078 [preauth]
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26986]: Successful su for rubyman by root
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26986]: + ??? root:rubyman
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591286 of user rubyman.
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26986]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591286.
Jun 25 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24300]: pam_unix(cron:session): session closed for user root
Jun 25 16:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26926]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: Failed password for root from 68.183.236.1 port 52398 ssh2
Jun 25 16:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: Received disconnect from 68.183.236.1 port 52398:11: Bye Bye [preauth]
Jun 25 16:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: Disconnected from 68.183.236.1 port 52398 [preauth]
Jun 25 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26043]: pam_unix(cron:session): session closed for user root
Jun 25 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27411]: Successful su for rubyman by root
Jun 25 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27411]: + ??? root:rubyman
Jun 25 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591292 of user rubyman.
Jun 25 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27411]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591292.
Jun 25 16:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24734]: pam_unix(cron:session): session closed for user root
Jun 25 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27350]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26445]: pam_unix(cron:session): session closed for user root
Jun 25 16:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: Invalid user admin from 103.200.25.79
Jun 25 16:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: input_userauth_request: invalid user admin [preauth]
Jun 25 16:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: Failed password for invalid user admin from 103.200.25.79 port 35230 ssh2
Jun 25 16:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: Received disconnect from 103.200.25.79 port 35230:11: Bye Bye [preauth]
Jun 25 16:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: Disconnected from 103.200.25.79 port 35230 [preauth]
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session closed for user root
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27756]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27825]: Successful su for rubyman by root
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27825]: + ??? root:rubyman
Jun 25 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591297 of user rubyman.
Jun 25 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27825]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591297.
Jun 25 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27758]: pam_unix(cron:session): session closed for user root
Jun 25 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25131]: pam_unix(cron:session): session closed for user root
Jun 25 16:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27757]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: Failed password for root from 68.183.236.1 port 50546 ssh2
Jun 25 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: Received disconnect from 68.183.236.1 port 50546:11: Bye Bye [preauth]
Jun 25 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: Disconnected from 68.183.236.1 port 50546 [preauth]
Jun 25 16:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session closed for user root
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28248]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28313]: Successful su for rubyman by root
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28313]: + ??? root:rubyman
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591301 of user rubyman.
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28313]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591301.
Jun 25 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session closed for user root
Jun 25 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28249]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27352]: pam_unix(cron:session): session closed for user root
Jun 25 16:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Invalid user 7days from 103.200.25.79
Jun 25 16:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: input_userauth_request: invalid user 7days [preauth]
Jun 25 16:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Failed password for invalid user 7days from 103.200.25.79 port 60836 ssh2
Jun 25 16:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Received disconnect from 103.200.25.79 port 60836:11: Bye Bye [preauth]
Jun 25 16:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Disconnected from 103.200.25.79 port 60836 [preauth]
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28743]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28812]: Successful su for rubyman by root
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28812]: + ??? root:rubyman
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591305 of user rubyman.
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28812]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591305.
Jun 25 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26042]: pam_unix(cron:session): session closed for user root
Jun 25 16:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: Invalid user appserver from 68.183.236.1
Jun 25 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: input_userauth_request: invalid user appserver [preauth]
Jun 25 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: Failed password for invalid user appserver from 68.183.236.1 port 57372 ssh2
Jun 25 16:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: Received disconnect from 68.183.236.1 port 57372:11: Bye Bye [preauth]
Jun 25 16:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: Disconnected from 68.183.236.1 port 57372 [preauth]
Jun 25 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27760]: pam_unix(cron:session): session closed for user root
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29172]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29170]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: Successful su for rubyman by root
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: + ??? root:rubyman
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591308 of user rubyman.
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591308.
Jun 25 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26444]: pam_unix(cron:session): session closed for user root
Jun 25 16:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29171]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28251]: pam_unix(cron:session): session closed for user root
Jun 25 16:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Failed password for root from 103.200.25.79 port 36244 ssh2
Jun 25 16:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Received disconnect from 103.200.25.79 port 36244:11: Bye Bye [preauth]
Jun 25 16:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Disconnected from 103.200.25.79 port 36244 [preauth]
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29688]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29773]: Successful su for rubyman by root
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29773]: + ??? root:rubyman
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591312 of user rubyman.
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29773]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591312.
Jun 25 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26927]: pam_unix(cron:session): session closed for user root
Jun 25 16:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29689]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: Failed password for root from 68.183.236.1 port 46896 ssh2
Jun 25 16:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: Received disconnect from 68.183.236.1 port 46896:11: Bye Bye [preauth]
Jun 25 16:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: Disconnected from 68.183.236.1 port 46896 [preauth]
Jun 25 16:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Received disconnect from 206.212.244.18 port 64030:11: disconnected by user [preauth]
Jun 25 16:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Disconnected from 206.212.244.18 port 64030 [preauth]
Jun 25 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28746]: pam_unix(cron:session): session closed for user root
Jun 25 16:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 16:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Failed password for root from 80.66.85.226 port 42084 ssh2
Jun 25 16:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Connection closed by 80.66.85.226 port 42084 [preauth]
Jun 25 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session closed for user root
Jun 25 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30133]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: Successful su for rubyman by root
Jun 25 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: + ??? root:rubyman
Jun 25 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591319 of user rubyman.
Jun 25 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591319.
Jun 25 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30137]: pam_unix(cron:session): session closed for user root
Jun 25 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27351]: pam_unix(cron:session): session closed for user root
Jun 25 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30134]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session closed for user root
Jun 25 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30490]: Failed password for root from 103.200.25.79 port 52122 ssh2
Jun 25 16:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30490]: Received disconnect from 103.200.25.79 port 52122:11: Bye Bye [preauth]
Jun 25 16:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30490]: Disconnected from 103.200.25.79 port 52122 [preauth]
Jun 25 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30588]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30666]: Successful su for rubyman by root
Jun 25 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30666]: + ??? root:rubyman
Jun 25 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591324 of user rubyman.
Jun 25 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30666]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591324.
Jun 25 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27759]: pam_unix(cron:session): session closed for user root
Jun 25 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30589]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1  user=root
Jun 25 16:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: Failed password for root from 68.183.236.1 port 37274 ssh2
Jun 25 16:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: Received disconnect from 68.183.236.1 port 37274:11: Bye Bye [preauth]
Jun 25 16:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: Disconnected from 68.183.236.1 port 37274 [preauth]
Jun 25 16:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 16:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: Failed password for root from 103.172.78.219 port 48802 ssh2
Jun 25 16:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: Connection closed by 103.172.78.219 port 48802 [preauth]
Jun 25 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29691]: pam_unix(cron:session): session closed for user root
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31100]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31162]: Successful su for rubyman by root
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31162]: + ??? root:rubyman
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591327 of user rubyman.
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31162]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591327.
Jun 25 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28250]: pam_unix(cron:session): session closed for user root
Jun 25 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31101]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: User backup from 103.200.25.79 not allowed because not listed in AllowUsers
Jun 25 16:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: input_userauth_request: invalid user backup [preauth]
Jun 25 16:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=backup
Jun 25 16:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30139]: pam_unix(cron:session): session closed for user root
Jun 25 16:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Failed password for invalid user backup from 103.200.25.79 port 37428 ssh2
Jun 25 16:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Received disconnect from 103.200.25.79 port 37428:11: Bye Bye [preauth]
Jun 25 16:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Disconnected from 103.200.25.79 port 37428 [preauth]
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31656]: Successful su for rubyman by root
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31656]: + ??? root:rubyman
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591331 of user rubyman.
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31656]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591331.
Jun 25 16:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28745]: pam_unix(cron:session): session closed for user root
Jun 25 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31500]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Connection closed by 45.148.10.121 port 36678 [preauth]
Jun 25 16:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: Invalid user user1 from 68.183.236.1
Jun 25 16:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: input_userauth_request: invalid user user1 [preauth]
Jun 25 16:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: Failed password for invalid user user1 from 68.183.236.1 port 35938 ssh2
Jun 25 16:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: Received disconnect from 68.183.236.1 port 35938:11: Bye Bye [preauth]
Jun 25 16:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31875]: Disconnected from 68.183.236.1 port 35938 [preauth]
Jun 25 16:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30591]: pam_unix(cron:session): session closed for user root
Jun 25 16:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: Invalid user espana from 102.210.148.92
Jun 25 16:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: input_userauth_request: invalid user espana [preauth]
Jun 25 16:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 16:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: Failed password for invalid user espana from 102.210.148.92 port 56588 ssh2
Jun 25 16:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: Received disconnect from 102.210.148.92 port 56588:11: Bye Bye [preauth]
Jun 25 16:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31962]: Disconnected from 102.210.148.92 port 56588 [preauth]
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32020]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32087]: Successful su for rubyman by root
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32087]: + ??? root:rubyman
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591334 of user rubyman.
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32087]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591334.
Jun 25 16:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29172]: pam_unix(cron:session): session closed for user root
Jun 25 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32021]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31104]: pam_unix(cron:session): session closed for user root
Jun 25 16:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: Invalid user server from 103.200.25.79
Jun 25 16:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: input_userauth_request: invalid user server [preauth]
Jun 25 16:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 16:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: Failed password for invalid user server from 103.200.25.79 port 49576 ssh2
Jun 25 16:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: Received disconnect from 103.200.25.79 port 49576:11: Bye Bye [preauth]
Jun 25 16:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: Disconnected from 103.200.25.79 port 49576 [preauth]
Jun 25 16:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 16:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: Failed password for root from 103.15.222.183 port 59250 ssh2
Jun 25 16:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32402]: Connection closed by 103.15.222.183 port 59250 [preauth]
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32428]: pam_unix(cron:session): session closed for user root
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32423]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32501]: Successful su for rubyman by root
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32501]: + ??? root:rubyman
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591340 of user rubyman.
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32501]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591340.
Jun 25 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32425]: pam_unix(cron:session): session closed for user root
Jun 25 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29690]: pam_unix(cron:session): session closed for user root
Jun 25 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Invalid user igor from 68.183.236.1
Jun 25 16:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: input_userauth_request: invalid user igor [preauth]
Jun 25 16:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Failed password for invalid user igor from 68.183.236.1 port 60096 ssh2
Jun 25 16:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Received disconnect from 68.183.236.1 port 60096:11: Bye Bye [preauth]
Jun 25 16:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Disconnected from 68.183.236.1 port 60096 [preauth]
Jun 25 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31502]: pam_unix(cron:session): session closed for user root
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[408]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[613]: Successful su for rubyman by root
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[613]: + ??? root:rubyman
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591344 of user rubyman.
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[613]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591344.
Jun 25 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30138]: pam_unix(cron:session): session closed for user root
Jun 25 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[772]: Failed password for root from 38.93.206.2 port 57940 ssh2
Jun 25 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[772]: Connection closed by 38.93.206.2 port 57940 [preauth]
Jun 25 16:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: Invalid user stealth from 102.210.148.92
Jun 25 16:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: input_userauth_request: invalid user stealth [preauth]
Jun 25 16:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 16:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: Failed password for invalid user stealth from 102.210.148.92 port 43486 ssh2
Jun 25 16:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: Received disconnect from 102.210.148.92 port 43486:11: Bye Bye [preauth]
Jun 25 16:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: Disconnected from 102.210.148.92 port 43486 [preauth]
Jun 25 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32023]: pam_unix(cron:session): session closed for user root
Jun 25 16:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: Failed password for root from 103.200.25.79 port 42174 ssh2
Jun 25 16:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: Received disconnect from 103.200.25.79 port 42174:11: Bye Bye [preauth]
Jun 25 16:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[918]: Disconnected from 103.200.25.79 port 42174 [preauth]
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[973]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1061]: Successful su for rubyman by root
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1061]: + ??? root:rubyman
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591349 of user rubyman.
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1061]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591349.
Jun 25 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30590]: pam_unix(cron:session): session closed for user root
Jun 25 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[974]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1295]: Invalid user kamil from 68.183.236.1
Jun 25 16:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1295]: input_userauth_request: invalid user kamil [preauth]
Jun 25 16:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1295]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1295]: Failed password for invalid user kamil from 68.183.236.1 port 52234 ssh2
Jun 25 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1295]: Received disconnect from 68.183.236.1 port 52234:11: Bye Bye [preauth]
Jun 25 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1295]: Disconnected from 68.183.236.1 port 52234 [preauth]
Jun 25 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32427]: pam_unix(cron:session): session closed for user root
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1475]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1617]: Successful su for rubyman by root
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1617]: + ??? root:rubyman
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591353 of user rubyman.
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1617]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591353.
Jun 25 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31102]: pam_unix(cron:session): session closed for user root
Jun 25 16:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1476]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 16:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Failed password for root from 103.27.238.120 port 51872 ssh2
Jun 25 16:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Connection closed by 103.27.238.120 port 51872 [preauth]
Jun 25 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 16:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Failed password for root from 103.153.68.219 port 53594 ssh2
Jun 25 16:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Connection closed by 103.153.68.219 port 53594 [preauth]
Jun 25 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[412]: pam_unix(cron:session): session closed for user root
Jun 25 16:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Invalid user mxbackup from 102.210.148.92
Jun 25 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: input_userauth_request: invalid user mxbackup [preauth]
Jun 25 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Failed password for invalid user mxbackup from 102.210.148.92 port 39350 ssh2
Jun 25 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Received disconnect from 102.210.148.92 port 39350:11: Bye Bye [preauth]
Jun 25 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Disconnected from 102.210.148.92 port 39350 [preauth]
Jun 25 16:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79  user=root
Jun 25 16:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: Failed password for root from 103.200.25.79 port 47588 ssh2
Jun 25 16:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: Received disconnect from 103.200.25.79 port 47588:11: Bye Bye [preauth]
Jun 25 16:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: Disconnected from 103.200.25.79 port 47588 [preauth]
Jun 25 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2021]: pam_unix(cron:session): session closed for user p13x
Jun 25 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2100]: Successful su for rubyman by root
Jun 25 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2100]: + ??? root:rubyman
Jun 25 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591357 of user rubyman.
Jun 25 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2100]: pam_unix(su:session): session closed for user rubyman
Jun 25 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591357.
Jun 25 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31501]: pam_unix(cron:session): session closed for user root
Jun 25 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2022]: pam_unix(cron:session): session closed for user samftp
Jun 25 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 16:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Invalid user 7days from 68.183.236.1
Jun 25 16:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: input_userauth_request: invalid user 7days [preauth]
Jun 25 16:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 16:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.236.1
Jun 25 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Failed password for invalid user 7days from 68.183.236.1 port 36810 ssh2
Jun 25 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Received disconnect from 68.183.236.1 port 36810:11: Bye Bye [preauth]
Jun 25 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Disconnected from 68.183.236.1 port 36810 [preauth]
Jun 25 16:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[976]: pam_unix(cron:session): session closed for user root
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2472]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2477]: pam_unix(cron:session): session closed for user root
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2471]: pam_unix(cron:session): session closed for user root
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2468]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2576]: Successful su for rubyman by root
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2576]: + ??? root:rubyman
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591364 of user rubyman.
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2576]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591364.
Jun 25 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32022]: pam_unix(cron:session): session closed for user root
Jun 25 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2472]: pam_unix(cron:session): session closed for user root
Jun 25 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2469]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1478]: pam_unix(cron:session): session closed for user root
Jun 25 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Invalid user willem from 103.200.25.79
Jun 25 17:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: input_userauth_request: invalid user willem [preauth]
Jun 25 17:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.79
Jun 25 17:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Failed password for invalid user willem from 103.200.25.79 port 58746 ssh2
Jun 25 17:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Received disconnect from 103.200.25.79 port 58746:11: Bye Bye [preauth]
Jun 25 17:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Disconnected from 103.200.25.79 port 58746 [preauth]
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3057]: Successful su for rubyman by root
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3057]: + ??? root:rubyman
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591367 of user rubyman.
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3057]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591367.
Jun 25 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32426]: pam_unix(cron:session): session closed for user root
Jun 25 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Invalid user cash from 102.210.148.92
Jun 25 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: input_userauth_request: invalid user cash [preauth]
Jun 25 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Failed password for invalid user cash from 102.210.148.92 port 39512 ssh2
Jun 25 17:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Received disconnect from 102.210.148.92 port 39512:11: Bye Bye [preauth]
Jun 25 17:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Disconnected from 102.210.148.92 port 39512 [preauth]
Jun 25 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 17:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Failed password for root from 193.46.255.86 port 30556 ssh2
Jun 25 17:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 30556 ssh2]
Jun 25 17:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Connection closed by 193.46.255.86 port 30556 [preauth]
Jun 25 17:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: Invalid user fas from 41.82.50.218
Jun 25 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: input_userauth_request: invalid user fas [preauth]
Jun 25 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: Failed password for invalid user fas from 41.82.50.218 port 43090 ssh2
Jun 25 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: Received disconnect from 41.82.50.218 port 43090:11: Bye Bye [preauth]
Jun 25 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: Disconnected from 41.82.50.218 port 43090 [preauth]
Jun 25 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2025]: pam_unix(cron:session): session closed for user root
Jun 25 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3387]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3450]: Successful su for rubyman by root
Jun 25 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3450]: + ??? root:rubyman
Jun 25 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591371 of user rubyman.
Jun 25 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3450]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591371.
Jun 25 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session closed for user root
Jun 25 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3388]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2476]: pam_unix(cron:session): session closed for user root
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3936]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4032]: Successful su for rubyman by root
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4032]: + ??? root:rubyman
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591376 of user rubyman.
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4032]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591376.
Jun 25 17:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[975]: pam_unix(cron:session): session closed for user root
Jun 25 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3933]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Invalid user mon from 102.210.148.92
Jun 25 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: input_userauth_request: invalid user mon [preauth]
Jun 25 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Failed password for invalid user mon from 102.210.148.92 port 38704 ssh2
Jun 25 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Received disconnect from 102.210.148.92 port 38704:11: Bye Bye [preauth]
Jun 25 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Disconnected from 102.210.148.92 port 38704 [preauth]
Jun 25 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user root
Jun 25 17:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Invalid user ultra from 41.82.50.218
Jun 25 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: input_userauth_request: invalid user ultra [preauth]
Jun 25 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Failed password for invalid user ultra from 41.82.50.218 port 49995 ssh2
Jun 25 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Received disconnect from 41.82.50.218 port 49995:11: Bye Bye [preauth]
Jun 25 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Disconnected from 41.82.50.218 port 49995 [preauth]
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4401]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4460]: Successful su for rubyman by root
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4460]: + ??? root:rubyman
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591381 of user rubyman.
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4460]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591381.
Jun 25 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1477]: pam_unix(cron:session): session closed for user root
Jun 25 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4402]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3390]: pam_unix(cron:session): session closed for user root
Jun 25 17:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Invalid user leo from 141.98.83.240
Jun 25 17:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: input_userauth_request: invalid user leo [preauth]
Jun 25 17:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Failed password for invalid user leo from 141.98.83.240 port 63836 ssh2
Jun 25 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Failed password for invalid user leo from 141.98.83.240 port 63836 ssh2
Jun 25 17:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Failed password for invalid user leo from 141.98.83.240 port 63836 ssh2
Jun 25 17:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Connection closed by 141.98.83.240 port 63836 [preauth]
Jun 25 17:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 17:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: Invalid user  from 64.62.197.166
Jun 25 17:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: input_userauth_request: invalid user  [preauth]
Jun 25 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: Connection closed by 64.62.197.166 port 15751 [preauth]
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session closed for user root
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4909]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4991]: Successful su for rubyman by root
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4991]: + ??? root:rubyman
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591387 of user rubyman.
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4991]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591387.
Jun 25 17:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4911]: pam_unix(cron:session): session closed for user root
Jun 25 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2023]: pam_unix(cron:session): session closed for user root
Jun 25 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4910]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3936]: pam_unix(cron:session): session closed for user root
Jun 25 17:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Invalid user dn from 102.210.148.92
Jun 25 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: input_userauth_request: invalid user dn [preauth]
Jun 25 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Failed password for invalid user dn from 102.210.148.92 port 45876 ssh2
Jun 25 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Received disconnect from 102.210.148.92 port 45876:11: Bye Bye [preauth]
Jun 25 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Disconnected from 102.210.148.92 port 45876 [preauth]
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5427]: Successful su for rubyman by root
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5427]: + ??? root:rubyman
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591390 of user rubyman.
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5427]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591390.
Jun 25 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2473]: pam_unix(cron:session): session closed for user root
Jun 25 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4405]: pam_unix(cron:session): session closed for user root
Jun 25 17:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: Invalid user kid from 41.82.50.218
Jun 25 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: input_userauth_request: invalid user kid [preauth]
Jun 25 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: Failed password for invalid user kid from 41.82.50.218 port 42813 ssh2
Jun 25 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: Received disconnect from 41.82.50.218 port 42813:11: Bye Bye [preauth]
Jun 25 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: Disconnected from 41.82.50.218 port 42813 [preauth]
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5758]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5822]: Successful su for rubyman by root
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5822]: + ??? root:rubyman
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591393 of user rubyman.
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5822]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591393.
Jun 25 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session closed for user root
Jun 25 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5759]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session closed for user root
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6208]: Successful su for rubyman by root
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6208]: + ??? root:rubyman
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591398 of user rubyman.
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6208]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591398.
Jun 25 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3389]: pam_unix(cron:session): session closed for user root
Jun 25 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6143]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Invalid user anton from 102.210.148.92
Jun 25 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: input_userauth_request: invalid user anton [preauth]
Jun 25 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Failed password for invalid user anton from 102.210.148.92 port 44240 ssh2
Jun 25 17:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Received disconnect from 102.210.148.92 port 44240:11: Bye Bye [preauth]
Jun 25 17:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Disconnected from 102.210.148.92 port 44240 [preauth]
Jun 25 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5357]: pam_unix(cron:session): session closed for user root
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6534]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6659]: Successful su for rubyman by root
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6659]: + ??? root:rubyman
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591402 of user rubyman.
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6659]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591402.
Jun 25 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session closed for user root
Jun 25 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3934]: pam_unix(cron:session): session closed for user root
Jun 25 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6535]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Invalid user sas from 41.82.50.218
Jun 25 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: input_userauth_request: invalid user sas [preauth]
Jun 25 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Failed password for invalid user sas from 41.82.50.218 port 57050 ssh2
Jun 25 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Received disconnect from 41.82.50.218 port 57050:11: Bye Bye [preauth]
Jun 25 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Disconnected from 41.82.50.218 port 57050 [preauth]
Jun 25 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5761]: pam_unix(cron:session): session closed for user root
Jun 25 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7140]: pam_unix(cron:session): session closed for user root
Jun 25 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7134]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7210]: Successful su for rubyman by root
Jun 25 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7210]: + ??? root:rubyman
Jun 25 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591410 of user rubyman.
Jun 25 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7210]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591410.
Jun 25 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session closed for user root
Jun 25 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4403]: pam_unix(cron:session): session closed for user root
Jun 25 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7135]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6146]: pam_unix(cron:session): session closed for user root
Jun 25 17:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Invalid user dump from 102.210.148.92
Jun 25 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: input_userauth_request: invalid user dump [preauth]
Jun 25 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Failed password for invalid user dump from 102.210.148.92 port 33938 ssh2
Jun 25 17:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Received disconnect from 102.210.148.92 port 33938:11: Bye Bye [preauth]
Jun 25 17:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Disconnected from 102.210.148.92 port 33938 [preauth]
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7569]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7740]: Successful su for rubyman by root
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7740]: + ??? root:rubyman
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591414 of user rubyman.
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7740]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591414.
Jun 25 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4912]: pam_unix(cron:session): session closed for user root
Jun 25 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7570]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6537]: pam_unix(cron:session): session closed for user root
Jun 25 17:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Invalid user song from 41.82.50.218
Jun 25 17:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: input_userauth_request: invalid user song [preauth]
Jun 25 17:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8065]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8126]: Successful su for rubyman by root
Jun 25 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8126]: + ??? root:rubyman
Jun 25 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591417 of user rubyman.
Jun 25 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8126]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591417.
Jun 25 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Failed password for invalid user song from 41.82.50.218 port 54202 ssh2
Jun 25 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Received disconnect from 41.82.50.218 port 54202:11: Bye Bye [preauth]
Jun 25 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Disconnected from 41.82.50.218 port 54202 [preauth]
Jun 25 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5355]: pam_unix(cron:session): session closed for user root
Jun 25 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8066]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7139]: pam_unix(cron:session): session closed for user root
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8456]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8520]: Successful su for rubyman by root
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8520]: + ??? root:rubyman
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591421 of user rubyman.
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8520]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591421.
Jun 25 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5760]: pam_unix(cron:session): session closed for user root
Jun 25 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8457]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Invalid user newweb from 102.210.148.92
Jun 25 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: input_userauth_request: invalid user newweb [preauth]
Jun 25 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Failed password for invalid user newweb from 102.210.148.92 port 51228 ssh2
Jun 25 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Received disconnect from 102.210.148.92 port 51228:11: Bye Bye [preauth]
Jun 25 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Disconnected from 102.210.148.92 port 51228 [preauth]
Jun 25 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7572]: pam_unix(cron:session): session closed for user root
Jun 25 17:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 17:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: Failed password for root from 202.178.126.219 port 56995 ssh2
Jun 25 17:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: Connection closed by 202.178.126.219 port 56995 [preauth]
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8853]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8914]: Successful su for rubyman by root
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8914]: + ??? root:rubyman
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591425 of user rubyman.
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8914]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591425.
Jun 25 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6144]: pam_unix(cron:session): session closed for user root
Jun 25 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8854]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8068]: pam_unix(cron:session): session closed for user root
Jun 25 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Invalid user stefani from 2.57.121.112
Jun 25 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: input_userauth_request: invalid user stefani [preauth]
Jun 25 17:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 17:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for invalid user stefani from 2.57.121.112 port 5908 ssh2
Jun 25 17:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: Invalid user gold from 41.82.50.218
Jun 25 17:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: input_userauth_request: invalid user gold [preauth]
Jun 25 17:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for invalid user stefani from 2.57.121.112 port 5908 ssh2
Jun 25 17:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: Failed password for invalid user gold from 41.82.50.218 port 53526 ssh2
Jun 25 17:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: Received disconnect from 41.82.50.218 port 53526:11: Bye Bye [preauth]
Jun 25 17:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9229]: Disconnected from 41.82.50.218 port 53526 [preauth]
Jun 25 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for invalid user stefani from 2.57.121.112 port 5908 ssh2
Jun 25 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for invalid user stefani from 2.57.121.112 port 5908 ssh2
Jun 25 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for invalid user stefani from 2.57.121.112 port 5908 ssh2
Jun 25 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Connection closed by 2.57.121.112 port 5908 [preauth]
Jun 25 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9264]: pam_unix(cron:session): session closed for user root
Jun 25 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9258]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: Successful su for rubyman by root
Jun 25 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: + ??? root:rubyman
Jun 25 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591428 of user rubyman.
Jun 25 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591428.
Jun 25 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9261]: pam_unix(cron:session): session closed for user root
Jun 25 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6536]: pam_unix(cron:session): session closed for user root
Jun 25 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9259]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8459]: pam_unix(cron:session): session closed for user root
Jun 25 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: Invalid user ocw from 102.210.148.92
Jun 25 17:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: input_userauth_request: invalid user ocw [preauth]
Jun 25 17:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: Failed password for invalid user ocw from 102.210.148.92 port 40582 ssh2
Jun 25 17:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: Received disconnect from 102.210.148.92 port 40582:11: Bye Bye [preauth]
Jun 25 17:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: Disconnected from 102.210.148.92 port 40582 [preauth]
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9679]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9747]: Successful su for rubyman by root
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9747]: + ??? root:rubyman
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591435 of user rubyman.
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9747]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591435.
Jun 25 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session closed for user root
Jun 25 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9680]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session closed for user root
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10353]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10349]: pam_unix(cron:session): session closed for user root
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10351]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10416]: Successful su for rubyman by root
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10416]: + ??? root:rubyman
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591439 of user rubyman.
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10416]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591439.
Jun 25 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7571]: pam_unix(cron:session): session closed for user root
Jun 25 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10352]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9263]: pam_unix(cron:session): session closed for user root
Jun 25 17:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: Invalid user speedtest from 41.82.50.218
Jun 25 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: input_userauth_request: invalid user speedtest [preauth]
Jun 25 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: Failed password for invalid user speedtest from 41.82.50.218 port 57424 ssh2
Jun 25 17:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: Received disconnect from 41.82.50.218 port 57424:11: Bye Bye [preauth]
Jun 25 17:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: Disconnected from 41.82.50.218 port 57424 [preauth]
Jun 25 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10776]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10841]: Successful su for rubyman by root
Jun 25 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10841]: + ??? root:rubyman
Jun 25 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591445 of user rubyman.
Jun 25 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10841]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591445.
Jun 25 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8067]: pam_unix(cron:session): session closed for user root
Jun 25 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10777]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: Invalid user ftp-eu from 102.210.148.92
Jun 25 17:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: input_userauth_request: invalid user ftp-eu [preauth]
Jun 25 17:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: Failed password for invalid user ftp-eu from 102.210.148.92 port 49194 ssh2
Jun 25 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: Received disconnect from 102.210.148.92 port 49194:11: Bye Bye [preauth]
Jun 25 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: Disconnected from 102.210.148.92 port 49194 [preauth]
Jun 25 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9682]: pam_unix(cron:session): session closed for user root
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11186]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: Successful su for rubyman by root
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: + ??? root:rubyman
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591448 of user rubyman.
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591448.
Jun 25 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session closed for user root
Jun 25 17:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session closed for user root
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11603]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11603]: pam_unix(cron:session): session closed for user root
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11598]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11667]: Successful su for rubyman by root
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11667]: + ??? root:rubyman
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591452 of user rubyman.
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11667]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591452.
Jun 25 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11600]: pam_unix(cron:session): session closed for user root
Jun 25 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session closed for user root
Jun 25 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11599]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 17:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: Failed password for root from 77.94.47.83 port 33836 ssh2
Jun 25 17:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: Connection closed by 77.94.47.83 port 33836 [preauth]
Jun 25 17:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 25 17:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Failed password for root from 147.45.211.215 port 57650 ssh2
Jun 25 17:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Connection closed by 147.45.211.215 port 57650 [preauth]
Jun 25 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session closed for user root
Jun 25 17:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Invalid user wwwalt from 41.82.50.218
Jun 25 17:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: input_userauth_request: invalid user wwwalt [preauth]
Jun 25 17:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Failed password for invalid user wwwalt from 41.82.50.218 port 44389 ssh2
Jun 25 17:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Received disconnect from 41.82.50.218 port 44389:11: Bye Bye [preauth]
Jun 25 17:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Disconnected from 41.82.50.218 port 44389 [preauth]
Jun 25 17:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: Invalid user qmailadmin from 102.210.148.92
Jun 25 17:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: input_userauth_request: invalid user qmailadmin [preauth]
Jun 25 17:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: Failed password for invalid user qmailadmin from 102.210.148.92 port 41164 ssh2
Jun 25 17:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: Received disconnect from 102.210.148.92 port 41164:11: Bye Bye [preauth]
Jun 25 17:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: Disconnected from 102.210.148.92 port 41164 [preauth]
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12165]: Successful su for rubyman by root
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12165]: + ??? root:rubyman
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591457 of user rubyman.
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12165]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591457.
Jun 25 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Invalid user test from 45.148.10.121
Jun 25 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: input_userauth_request: invalid user test [preauth]
Jun 25 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9262]: pam_unix(cron:session): session closed for user root
Jun 25 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12099]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Failed password for invalid user test from 45.148.10.121 port 52468 ssh2
Jun 25 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Connection closed by 45.148.10.121 port 52468 [preauth]
Jun 25 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11191]: pam_unix(cron:session): session closed for user root
Jun 25 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12689]: Successful su for rubyman by root
Jun 25 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12689]: + ??? root:rubyman
Jun 25 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591461 of user rubyman.
Jun 25 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12689]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591461.
Jun 25 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9681]: pam_unix(cron:session): session closed for user root
Jun 25 17:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11602]: pam_unix(cron:session): session closed for user root
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13035]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13095]: Successful su for rubyman by root
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13095]: + ??? root:rubyman
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591465 of user rubyman.
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13095]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591465.
Jun 25 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10353]: pam_unix(cron:session): session closed for user root
Jun 25 17:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13036]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13324]: Invalid user hockey from 102.210.148.92
Jun 25 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13324]: input_userauth_request: invalid user hockey [preauth]
Jun 25 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13324]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Invalid user messages from 41.82.50.218
Jun 25 17:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: input_userauth_request: invalid user messages [preauth]
Jun 25 17:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13324]: Failed password for invalid user hockey from 102.210.148.92 port 38634 ssh2
Jun 25 17:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13324]: Received disconnect from 102.210.148.92 port 38634:11: Bye Bye [preauth]
Jun 25 17:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13324]: Disconnected from 102.210.148.92 port 38634 [preauth]
Jun 25 17:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Failed password for invalid user messages from 41.82.50.218 port 40244 ssh2
Jun 25 17:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Received disconnect from 41.82.50.218 port 40244:11: Bye Bye [preauth]
Jun 25 17:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Disconnected from 41.82.50.218 port 40244 [preauth]
Jun 25 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12101]: pam_unix(cron:session): session closed for user root
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13454]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: Successful su for rubyman by root
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: + ??? root:rubyman
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591470 of user rubyman.
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591470.
Jun 25 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session closed for user root
Jun 25 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13455]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 17:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Failed password for root from 202.178.126.219 port 29958 ssh2
Jun 25 17:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Connection closed by 202.178.126.219 port 29958 [preauth]
Jun 25 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session closed for user root
Jun 25 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13860]: pam_unix(cron:session): session closed for user root
Jun 25 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13855]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13928]: Successful su for rubyman by root
Jun 25 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13928]: + ??? root:rubyman
Jun 25 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591478 of user rubyman.
Jun 25 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13928]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591478.
Jun 25 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13857]: pam_unix(cron:session): session closed for user root
Jun 25 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11190]: pam_unix(cron:session): session closed for user root
Jun 25 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13856]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13038]: pam_unix(cron:session): session closed for user root
Jun 25 17:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: Invalid user public from 102.210.148.92
Jun 25 17:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: input_userauth_request: invalid user public [preauth]
Jun 25 17:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: Failed password for invalid user public from 102.210.148.92 port 36932 ssh2
Jun 25 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: Received disconnect from 102.210.148.92 port 36932:11: Bye Bye [preauth]
Jun 25 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: Disconnected from 102.210.148.92 port 36932 [preauth]
Jun 25 17:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: Invalid user portugal from 41.82.50.218
Jun 25 17:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: input_userauth_request: invalid user portugal [preauth]
Jun 25 17:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: Failed password for invalid user portugal from 41.82.50.218 port 59356 ssh2
Jun 25 17:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: Received disconnect from 41.82.50.218 port 59356:11: Bye Bye [preauth]
Jun 25 17:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: Disconnected from 41.82.50.218 port 59356 [preauth]
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14350]: Successful su for rubyman by root
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14350]: + ??? root:rubyman
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591479 of user rubyman.
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14350]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591479.
Jun 25 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11601]: pam_unix(cron:session): session closed for user root
Jun 25 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14286]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13457]: pam_unix(cron:session): session closed for user root
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14741]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14834]: Successful su for rubyman by root
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14834]: + ??? root:rubyman
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591483 of user rubyman.
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14834]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591483.
Jun 25 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12100]: pam_unix(cron:session): session closed for user root
Jun 25 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14742]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 17:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15046]: Failed password for root from 51.250.105.222 port 50514 ssh2
Jun 25 17:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15046]: Connection closed by 51.250.105.222 port 50514 [preauth]
Jun 25 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13859]: pam_unix(cron:session): session closed for user root
Jun 25 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15178]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15244]: Successful su for rubyman by root
Jun 25 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15244]: + ??? root:rubyman
Jun 25 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591487 of user rubyman.
Jun 25 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15244]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591487.
Jun 25 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user root
Jun 25 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15179]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Invalid user hades from 102.210.148.92
Jun 25 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: input_userauth_request: invalid user hades [preauth]
Jun 25 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Failed password for invalid user hades from 102.210.148.92 port 56174 ssh2
Jun 25 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Received disconnect from 102.210.148.92 port 56174:11: Bye Bye [preauth]
Jun 25 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Disconnected from 102.210.148.92 port 56174 [preauth]
Jun 25 17:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Invalid user mama from 41.82.50.218
Jun 25 17:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: input_userauth_request: invalid user mama [preauth]
Jun 25 17:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Failed password for invalid user mama from 41.82.50.218 port 40152 ssh2
Jun 25 17:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Received disconnect from 41.82.50.218 port 40152:11: Bye Bye [preauth]
Jun 25 17:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Disconnected from 41.82.50.218 port 40152 [preauth]
Jun 25 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14288]: pam_unix(cron:session): session closed for user root
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15564]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15625]: Successful su for rubyman by root
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15625]: + ??? root:rubyman
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591491 of user rubyman.
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15625]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591491.
Jun 25 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13037]: pam_unix(cron:session): session closed for user root
Jun 25 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15565]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 17:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Failed password for root from 103.27.238.114 port 42888 ssh2
Jun 25 17:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Connection closed by 103.27.238.114 port 42888 [preauth]
Jun 25 17:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14745]: pam_unix(cron:session): session closed for user root
Jun 25 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15966]: pam_unix(cron:session): session closed for user root
Jun 25 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16027]: Successful su for rubyman by root
Jun 25 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16027]: + ??? root:rubyman
Jun 25 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591498 of user rubyman.
Jun 25 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16027]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591498.
Jun 25 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13456]: pam_unix(cron:session): session closed for user root
Jun 25 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15963]: pam_unix(cron:session): session closed for user root
Jun 25 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15181]: pam_unix(cron:session): session closed for user root
Jun 25 17:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Invalid user jiaowu from 102.210.148.92
Jun 25 17:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: input_userauth_request: invalid user jiaowu [preauth]
Jun 25 17:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Connection closed by 194.59.206.2 port 24686 [preauth]
Jun 25 17:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Failed password for invalid user jiaowu from 102.210.148.92 port 39632 ssh2
Jun 25 17:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Received disconnect from 102.210.148.92 port 39632:11: Bye Bye [preauth]
Jun 25 17:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Disconnected from 102.210.148.92 port 39632 [preauth]
Jun 25 17:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16351]: Invalid user meetings from 41.82.50.218
Jun 25 17:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16351]: input_userauth_request: invalid user meetings [preauth]
Jun 25 17:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16351]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16351]: Failed password for invalid user meetings from 41.82.50.218 port 45511 ssh2
Jun 25 17:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16351]: Received disconnect from 41.82.50.218 port 45511:11: Bye Bye [preauth]
Jun 25 17:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16351]: Disconnected from 41.82.50.218 port 45511 [preauth]
Jun 25 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16447]: Successful su for rubyman by root
Jun 25 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16447]: + ??? root:rubyman
Jun 25 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591502 of user rubyman.
Jun 25 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16447]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591502.
Jun 25 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13858]: pam_unix(cron:session): session closed for user root
Jun 25 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16380]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15567]: pam_unix(cron:session): session closed for user root
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16778]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16846]: Successful su for rubyman by root
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16846]: + ??? root:rubyman
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591507 of user rubyman.
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16846]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591507.
Jun 25 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14287]: pam_unix(cron:session): session closed for user root
Jun 25 17:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16779]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session closed for user root
Jun 25 17:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 17:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Failed password for root from 141.98.83.240 port 30318 ssh2
Jun 25 17:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 30318 ssh2]
Jun 25 17:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Connection closed by 141.98.83.240 port 30318 [preauth]
Jun 25 17:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17280]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17348]: Successful su for rubyman by root
Jun 25 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17348]: + ??? root:rubyman
Jun 25 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591510 of user rubyman.
Jun 25 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17348]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591510.
Jun 25 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14744]: pam_unix(cron:session): session closed for user root
Jun 25 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17281]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Invalid user server11 from 102.210.148.92
Jun 25 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: input_userauth_request: invalid user server11 [preauth]
Jun 25 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Failed password for invalid user server11 from 102.210.148.92 port 34830 ssh2
Jun 25 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Received disconnect from 102.210.148.92 port 34830:11: Bye Bye [preauth]
Jun 25 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Disconnected from 102.210.148.92 port 34830 [preauth]
Jun 25 17:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Invalid user xmlrpc from 41.82.50.218
Jun 25 17:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: input_userauth_request: invalid user xmlrpc [preauth]
Jun 25 17:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Failed password for invalid user xmlrpc from 41.82.50.218 port 59010 ssh2
Jun 25 17:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Received disconnect from 41.82.50.218 port 59010:11: Bye Bye [preauth]
Jun 25 17:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Disconnected from 41.82.50.218 port 59010 [preauth]
Jun 25 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16382]: pam_unix(cron:session): session closed for user root
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17774]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17844]: Successful su for rubyman by root
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17844]: + ??? root:rubyman
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591513 of user rubyman.
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17844]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591513.
Jun 25 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15180]: pam_unix(cron:session): session closed for user root
Jun 25 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17775]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 17:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Failed password for root from 103.82.132.16 port 45402 ssh2
Jun 25 17:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Connection closed by 103.82.132.16 port 45402 [preauth]
Jun 25 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16781]: pam_unix(cron:session): session closed for user root
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18206]: pam_unix(cron:session): session closed for user root
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18200]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18280]: Successful su for rubyman by root
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18280]: + ??? root:rubyman
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591520 of user rubyman.
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18280]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591520.
Jun 25 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18203]: pam_unix(cron:session): session closed for user root
Jun 25 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15566]: pam_unix(cron:session): session closed for user root
Jun 25 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18202]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17283]: pam_unix(cron:session): session closed for user root
Jun 25 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Invalid user evaluacion from 102.210.148.92
Jun 25 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: input_userauth_request: invalid user evaluacion [preauth]
Jun 25 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Failed password for invalid user evaluacion from 102.210.148.92 port 41946 ssh2
Jun 25 17:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Received disconnect from 102.210.148.92 port 41946:11: Bye Bye [preauth]
Jun 25 17:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Disconnected from 102.210.148.92 port 41946 [preauth]
Jun 25 17:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Invalid user admin from 2.57.121.25
Jun 25 17:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: input_userauth_request: invalid user admin [preauth]
Jun 25 17:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 17:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Invalid user pnc from 41.82.50.218
Jun 25 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: input_userauth_request: invalid user pnc [preauth]
Jun 25 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Failed password for invalid user admin from 2.57.121.25 port 22666 ssh2
Jun 25 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Failed password for invalid user pnc from 41.82.50.218 port 50568 ssh2
Jun 25 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Received disconnect from 41.82.50.218 port 50568:11: Bye Bye [preauth]
Jun 25 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Disconnected from 41.82.50.218 port 50568 [preauth]
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Failed password for invalid user admin from 2.57.121.25 port 22666 ssh2
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18752]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18836]: Successful su for rubyman by root
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18836]: + ??? root:rubyman
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591523 of user rubyman.
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18836]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591523.
Jun 25 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Failed password for invalid user admin from 2.57.121.25 port 22666 ssh2
Jun 25 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Connection closed by 2.57.121.25 port 22666 [preauth]
Jun 25 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session closed for user root
Jun 25 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18754]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17777]: pam_unix(cron:session): session closed for user root
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19266]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19328]: Successful su for rubyman by root
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19328]: + ??? root:rubyman
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591528 of user rubyman.
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19328]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591528.
Jun 25 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16381]: pam_unix(cron:session): session closed for user root
Jun 25 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19267]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18205]: pam_unix(cron:session): session closed for user root
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19877]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19939]: Successful su for rubyman by root
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19939]: + ??? root:rubyman
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591531 of user rubyman.
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19939]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591531.
Jun 25 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19962]: Invalid user jgdw from 102.210.148.92
Jun 25 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19962]: input_userauth_request: invalid user jgdw [preauth]
Jun 25 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19962]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.148.92
Jun 25 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16780]: pam_unix(cron:session): session closed for user root
Jun 25 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19962]: Failed password for invalid user jgdw from 102.210.148.92 port 44932 ssh2
Jun 25 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19962]: Received disconnect from 102.210.148.92 port 44932:11: Bye Bye [preauth]
Jun 25 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19962]: Disconnected from 102.210.148.92 port 44932 [preauth]
Jun 25 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: Failed password for root from 87.251.79.125 port 38090 ssh2
Jun 25 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: Connection closed by 87.251.79.125 port 38090 [preauth]
Jun 25 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18756]: pam_unix(cron:session): session closed for user root
Jun 25 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Invalid user charlotte from 41.82.50.218
Jun 25 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: input_userauth_request: invalid user charlotte [preauth]
Jun 25 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Failed password for invalid user charlotte from 41.82.50.218 port 41870 ssh2
Jun 25 17:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Received disconnect from 41.82.50.218 port 41870:11: Bye Bye [preauth]
Jun 25 17:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Disconnected from 41.82.50.218 port 41870 [preauth]
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20511]: Successful su for rubyman by root
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20511]: + ??? root:rubyman
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591535 of user rubyman.
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20511]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591535.
Jun 25 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20383]: pam_unix(cron:session): session closed for user root
Jun 25 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17282]: pam_unix(cron:session): session closed for user root
Jun 25 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 17:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Failed password for root from 38.93.206.2 port 17290 ssh2
Jun 25 17:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Connection closed by 38.93.206.2 port 17290 [preauth]
Jun 25 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19269]: pam_unix(cron:session): session closed for user root
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20978]: pam_unix(cron:session): session closed for user root
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: Successful su for rubyman by root
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: + ??? root:rubyman
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591542 of user rubyman.
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591542.
Jun 25 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session closed for user root
Jun 25 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17776]: pam_unix(cron:session): session closed for user root
Jun 25 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19880]: pam_unix(cron:session): session closed for user root
Jun 25 17:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: Invalid user fortress from 41.82.50.218
Jun 25 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: input_userauth_request: invalid user fortress [preauth]
Jun 25 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21486]: Successful su for rubyman by root
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21486]: + ??? root:rubyman
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591547 of user rubyman.
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21486]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591547.
Jun 25 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: Failed password for invalid user fortress from 41.82.50.218 port 56791 ssh2
Jun 25 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: Received disconnect from 41.82.50.218 port 56791:11: Bye Bye [preauth]
Jun 25 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: Disconnected from 41.82.50.218 port 56791 [preauth]
Jun 25 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18204]: pam_unix(cron:session): session closed for user root
Jun 25 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21552]: Failed password for root from 193.37.70.224 port 49308 ssh2
Jun 25 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21552]: Connection closed by 193.37.70.224 port 49308 [preauth]
Jun 25 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20390]: pam_unix(cron:session): session closed for user root
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21863]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21926]: Successful su for rubyman by root
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21926]: + ??? root:rubyman
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591551 of user rubyman.
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21926]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591551.
Jun 25 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18755]: pam_unix(cron:session): session closed for user root
Jun 25 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21864]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session closed for user root
Jun 25 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22258]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: Successful su for rubyman by root
Jun 25 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: + ??? root:rubyman
Jun 25 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591556 of user rubyman.
Jun 25 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591556.
Jun 25 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19268]: pam_unix(cron:session): session closed for user root
Jun 25 17:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22259]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Invalid user hts from 41.82.50.218
Jun 25 17:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: input_userauth_request: invalid user hts [preauth]
Jun 25 17:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Failed password for invalid user hts from 41.82.50.218 port 54846 ssh2
Jun 25 17:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Received disconnect from 41.82.50.218 port 54846:11: Bye Bye [preauth]
Jun 25 17:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Disconnected from 41.82.50.218 port 54846 [preauth]
Jun 25 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session closed for user root
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22744]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22815]: Successful su for rubyman by root
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22815]: + ??? root:rubyman
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591559 of user rubyman.
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22815]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591559.
Jun 25 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session closed for user root
Jun 25 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22745]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: Failed password for root from 103.149.28.157 port 56088 ssh2
Jun 25 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: Connection closed by 103.149.28.157 port 56088 [preauth]
Jun 25 17:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21867]: pam_unix(cron:session): session closed for user root
Jun 25 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Failed password for root from 62.133.62.83 port 54304 ssh2
Jun 25 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Connection closed by 62.133.62.83 port 54304 [preauth]
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23158]: pam_unix(cron:session): session closed for user root
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23229]: Successful su for rubyman by root
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23229]: + ??? root:rubyman
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591562 of user rubyman.
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23229]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591562.
Jun 25 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23155]: pam_unix(cron:session): session closed for user root
Jun 25 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20389]: pam_unix(cron:session): session closed for user root
Jun 25 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23154]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22261]: pam_unix(cron:session): session closed for user root
Jun 25 17:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Invalid user otp from 41.82.50.218
Jun 25 17:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: input_userauth_request: invalid user otp [preauth]
Jun 25 17:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Failed password for invalid user otp from 41.82.50.218 port 53651 ssh2
Jun 25 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Received disconnect from 41.82.50.218 port 53651:11: Bye Bye [preauth]
Jun 25 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Disconnected from 41.82.50.218 port 53651 [preauth]
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23611]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23687]: Successful su for rubyman by root
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23687]: + ??? root:rubyman
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591569 of user rubyman.
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23687]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591569.
Jun 25 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session closed for user root
Jun 25 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23613]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22747]: pam_unix(cron:session): session closed for user root
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: Successful su for rubyman by root
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: + ??? root:rubyman
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591572 of user rubyman.
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591572.
Jun 25 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21416]: pam_unix(cron:session): session closed for user root
Jun 25 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23157]: pam_unix(cron:session): session closed for user root
Jun 25 17:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 17:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Failed password for root from 147.45.199.80 port 50450 ssh2
Jun 25 17:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Connection closed by 147.45.199.80 port 50450 [preauth]
Jun 25 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: Successful su for rubyman by root
Jun 25 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: + ??? root:rubyman
Jun 25 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591576 of user rubyman.
Jun 25 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591576.
Jun 25 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21866]: pam_unix(cron:session): session closed for user root
Jun 25 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Failed password for root from 194.113.233.25 port 54150 ssh2
Jun 25 17:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Connection closed by 194.113.233.25 port 54150 [preauth]
Jun 25 17:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Invalid user bts from 41.82.50.218
Jun 25 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: input_userauth_request: invalid user bts [preauth]
Jun 25 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.50.218
Jun 25 17:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Failed password for invalid user bts from 41.82.50.218 port 54882 ssh2
Jun 25 17:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Received disconnect from 41.82.50.218 port 54882:11: Bye Bye [preauth]
Jun 25 17:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Disconnected from 41.82.50.218 port 54882 [preauth]
Jun 25 17:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Failed password for root from 103.27.238.116 port 60452 ssh2
Jun 25 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23615]: pam_unix(cron:session): session closed for user root
Jun 25 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Connection closed by 103.27.238.116 port 60452 [preauth]
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24976]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25040]: Successful su for rubyman by root
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25040]: + ??? root:rubyman
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591580 of user rubyman.
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25040]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591580.
Jun 25 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22260]: pam_unix(cron:session): session closed for user root
Jun 25 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24977]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session closed for user root
Jun 25 17:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 17:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: Failed password for root from 109.237.96.109 port 41086 ssh2
Jun 25 17:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25361]: Connection closed by 109.237.96.109 port 41086 [preauth]
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25378]: pam_unix(cron:session): session closed for user root
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25372]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25443]: Successful su for rubyman by root
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25443]: + ??? root:rubyman
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591584 of user rubyman.
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25443]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591584.
Jun 25 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25374]: pam_unix(cron:session): session closed for user root
Jun 25 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22746]: pam_unix(cron:session): session closed for user root
Jun 25 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25373]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session closed for user root
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25803]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25869]: Successful su for rubyman by root
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25869]: + ??? root:rubyman
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591591 of user rubyman.
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25869]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591591.
Jun 25 17:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23156]: pam_unix(cron:session): session closed for user root
Jun 25 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25804]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24979]: pam_unix(cron:session): session closed for user root
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26195]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26258]: Successful su for rubyman by root
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26258]: + ??? root:rubyman
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591595 of user rubyman.
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26258]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591595.
Jun 25 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23614]: pam_unix(cron:session): session closed for user root
Jun 25 17:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26196]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: Connection closed by 45.148.10.121 port 51244 [preauth]
Jun 25 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25377]: pam_unix(cron:session): session closed for user root
Jun 25 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: Failed password for root from 103.82.20.28 port 38432 ssh2
Jun 25 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26531]: Connection closed by 103.82.20.28 port 38432 [preauth]
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26594]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26652]: Successful su for rubyman by root
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26652]: + ??? root:rubyman
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591599 of user rubyman.
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26652]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591599.
Jun 25 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user root
Jun 25 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26595]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25806]: pam_unix(cron:session): session closed for user root
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27074]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: Successful su for rubyman by root
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: + ??? root:rubyman
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591603 of user rubyman.
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591603.
Jun 25 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24563]: pam_unix(cron:session): session closed for user root
Jun 25 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27075]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: Failed password for root from 193.46.255.86 port 30520 ssh2
Jun 25 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 30520 ssh2]
Jun 25 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: Connection closed by 193.46.255.86 port 30520 [preauth]
Jun 25 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27351]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 25 17:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26199]: pam_unix(cron:session): session closed for user root
Jun 25 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27498]: pam_unix(cron:session): session closed for user root
Jun 25 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27569]: Successful su for rubyman by root
Jun 25 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27569]: + ??? root:rubyman
Jun 25 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591609 of user rubyman.
Jun 25 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27569]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591609.
Jun 25 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24978]: pam_unix(cron:session): session closed for user root
Jun 25 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27495]: pam_unix(cron:session): session closed for user root
Jun 25 17:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27494]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26598]: pam_unix(cron:session): session closed for user root
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27933]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28005]: Successful su for rubyman by root
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28005]: + ??? root:rubyman
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591612 of user rubyman.
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28005]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591612.
Jun 25 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25376]: pam_unix(cron:session): session closed for user root
Jun 25 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27934]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27077]: pam_unix(cron:session): session closed for user root
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28396]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28458]: Successful su for rubyman by root
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28458]: + ??? root:rubyman
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591616 of user rubyman.
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28458]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591616.
Jun 25 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25805]: pam_unix(cron:session): session closed for user root
Jun 25 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28397]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27497]: pam_unix(cron:session): session closed for user root
Jun 25 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28893]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28960]: Successful su for rubyman by root
Jun 25 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28960]: + ??? root:rubyman
Jun 25 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591621 of user rubyman.
Jun 25 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28960]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591621.
Jun 25 17:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26198]: pam_unix(cron:session): session closed for user root
Jun 25 17:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28895]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27937]: pam_unix(cron:session): session closed for user root
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29324]: pam_unix(cron:session): session closed for user p13x
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29383]: Successful su for rubyman by root
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29383]: + ??? root:rubyman
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591624 of user rubyman.
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29383]: pam_unix(su:session): session closed for user rubyman
Jun 25 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591624.
Jun 25 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26596]: pam_unix(cron:session): session closed for user root
Jun 25 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29325]: pam_unix(cron:session): session closed for user samftp
Jun 25 17:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28399]: pam_unix(cron:session): session closed for user root
Jun 25 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session closed for user root
Jun 25 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session closed for user root
Jun 25 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29866]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29963]: Successful su for rubyman by root
Jun 25 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29963]: + ??? root:rubyman
Jun 25 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591634 of user rubyman.
Jun 25 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29963]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591634.
Jun 25 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27076]: pam_unix(cron:session): session closed for user root
Jun 25 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session closed for user root
Jun 25 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29867]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28899]: pam_unix(cron:session): session closed for user root
Jun 25 18:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: Invalid user admin from 141.98.83.240
Jun 25 18:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: input_userauth_request: invalid user admin [preauth]
Jun 25 18:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 18:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: Failed password for invalid user admin from 141.98.83.240 port 43280 ssh2
Jun 25 18:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: Failed password for invalid user admin from 141.98.83.240 port 43280 ssh2
Jun 25 18:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: Failed password for invalid user admin from 141.98.83.240 port 43280 ssh2
Jun 25 18:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: Connection closed by 141.98.83.240 port 43280 [preauth]
Jun 25 18:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30330]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30379]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30446]: Successful su for rubyman by root
Jun 25 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30446]: + ??? root:rubyman
Jun 25 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591638 of user rubyman.
Jun 25 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30446]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591638.
Jun 25 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session closed for user root
Jun 25 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30380]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 18:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: Failed password for root from 103.122.221.179 port 33152 ssh2
Jun 25 18:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: Connection closed by 103.122.221.179 port 33152 [preauth]
Jun 25 18:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29327]: pam_unix(cron:session): session closed for user root
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30794]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30868]: Successful su for rubyman by root
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30868]: + ??? root:rubyman
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591640 of user rubyman.
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30868]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591640.
Jun 25 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27935]: pam_unix(cron:session): session closed for user root
Jun 25 18:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30796]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29871]: pam_unix(cron:session): session closed for user root
Jun 25 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31298]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31361]: Successful su for rubyman by root
Jun 25 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31361]: + ??? root:rubyman
Jun 25 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591643 of user rubyman.
Jun 25 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31361]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591643.
Jun 25 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28398]: pam_unix(cron:session): session closed for user root
Jun 25 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31299]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30382]: pam_unix(cron:session): session closed for user root
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31798]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31857]: Successful su for rubyman by root
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31857]: + ??? root:rubyman
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591647 of user rubyman.
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31857]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591647.
Jun 25 18:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28898]: pam_unix(cron:session): session closed for user root
Jun 25 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31799]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30798]: pam_unix(cron:session): session closed for user root
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32223]: pam_unix(cron:session): session closed for user root
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32218]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32283]: Successful su for rubyman by root
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32283]: + ??? root:rubyman
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591656 of user rubyman.
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32283]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591656.
Jun 25 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32220]: pam_unix(cron:session): session closed for user root
Jun 25 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29326]: pam_unix(cron:session): session closed for user root
Jun 25 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32219]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31301]: pam_unix(cron:session): session closed for user root
Jun 25 18:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: Connection reset by 62.60.130.219 port 29672 [preauth]
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32652]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32724]: Successful su for rubyman by root
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32724]: + ??? root:rubyman
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591657 of user rubyman.
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32724]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591657.
Jun 25 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session closed for user root
Jun 25 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32653]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31801]: pam_unix(cron:session): session closed for user root
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[815]: Successful su for rubyman by root
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[815]: + ??? root:rubyman
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591661 of user rubyman.
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[815]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591661.
Jun 25 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30381]: pam_unix(cron:session): session closed for user root
Jun 25 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[745]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 18:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: Failed password for root from 80.66.85.226 port 48818 ssh2
Jun 25 18:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: Connection closed by 80.66.85.226 port 48818 [preauth]
Jun 25 18:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32222]: pam_unix(cron:session): session closed for user root
Jun 25 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: Successful su for rubyman by root
Jun 25 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: + ??? root:rubyman
Jun 25 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591665 of user rubyman.
Jun 25 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591665.
Jun 25 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30797]: pam_unix(cron:session): session closed for user root
Jun 25 18:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1204]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32655]: pam_unix(cron:session): session closed for user root
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1761]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1868]: Successful su for rubyman by root
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1868]: + ??? root:rubyman
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591670 of user rubyman.
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1868]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591670.
Jun 25 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1759]: pam_unix(cron:session): session closed for user root
Jun 25 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31300]: pam_unix(cron:session): session closed for user root
Jun 25 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1762]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[747]: pam_unix(cron:session): session closed for user root
Jun 25 18:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 18:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Failed password for root from 103.176.20.57 port 35882 ssh2
Jun 25 18:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Connection closed by 103.176.20.57 port 35882 [preauth]
Jun 25 18:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 18:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Failed password for root from 103.77.242.62 port 38786 ssh2
Jun 25 18:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Connection closed by 103.77.242.62 port 38786 [preauth]
Jun 25 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session closed for user root
Jun 25 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2342]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2408]: Successful su for rubyman by root
Jun 25 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2408]: + ??? root:rubyman
Jun 25 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591675 of user rubyman.
Jun 25 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2408]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591675.
Jun 25 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session closed for user root
Jun 25 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31800]: pam_unix(cron:session): session closed for user root
Jun 25 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2343]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session closed for user root
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2792]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2861]: Successful su for rubyman by root
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2861]: + ??? root:rubyman
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591681 of user rubyman.
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2861]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591681.
Jun 25 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32221]: pam_unix(cron:session): session closed for user root
Jun 25 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2793]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1764]: pam_unix(cron:session): session closed for user root
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3185]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3248]: Successful su for rubyman by root
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3248]: + ??? root:rubyman
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591684 of user rubyman.
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3248]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591684.
Jun 25 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32654]: pam_unix(cron:session): session closed for user root
Jun 25 18:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3186]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session closed for user root
Jun 25 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3588]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3647]: Successful su for rubyman by root
Jun 25 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3647]: + ??? root:rubyman
Jun 25 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591689 of user rubyman.
Jun 25 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3647]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591689.
Jun 25 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session closed for user root
Jun 25 18:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3589]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2795]: pam_unix(cron:session): session closed for user root
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: Successful su for rubyman by root
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: + ??? root:rubyman
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591693 of user rubyman.
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4248]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591693.
Jun 25 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1205]: pam_unix(cron:session): session closed for user root
Jun 25 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session closed for user root
Jun 25 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4594]: pam_unix(cron:session): session closed for user root
Jun 25 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4589]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4659]: Successful su for rubyman by root
Jun 25 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4659]: + ??? root:rubyman
Jun 25 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591698 of user rubyman.
Jun 25 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4659]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591698.
Jun 25 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4591]: pam_unix(cron:session): session closed for user root
Jun 25 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1763]: pam_unix(cron:session): session closed for user root
Jun 25 18:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4590]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 25 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: Failed password for root from 46.19.67.181 port 39080 ssh2
Jun 25 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4994]: Connection closed by 46.19.67.181 port 39080 [preauth]
Jun 25 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3591]: pam_unix(cron:session): session closed for user root
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5127]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: Successful su for rubyman by root
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: + ??? root:rubyman
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591703 of user rubyman.
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591703.
Jun 25 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session closed for user root
Jun 25 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5128]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session closed for user root
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5549]: pam_unix(cron:session): session closed for user root
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5551]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5615]: Successful su for rubyman by root
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5615]: + ??? root:rubyman
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591708 of user rubyman.
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5615]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591708.
Jun 25 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2794]: pam_unix(cron:session): session closed for user root
Jun 25 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5552]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4593]: pam_unix(cron:session): session closed for user root
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5939]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5998]: Successful su for rubyman by root
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5998]: + ??? root:rubyman
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591712 of user rubyman.
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5998]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591712.
Jun 25 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3187]: pam_unix(cron:session): session closed for user root
Jun 25 18:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5130]: pam_unix(cron:session): session closed for user root
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6339]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6401]: Successful su for rubyman by root
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6401]: + ??? root:rubyman
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591715 of user rubyman.
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6401]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591715.
Jun 25 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3590]: pam_unix(cron:session): session closed for user root
Jun 25 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6340]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 25 18:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5555]: pam_unix(cron:session): session closed for user root
Jun 25 18:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Failed password for root from 45.148.10.121 port 56908 ssh2
Jun 25 18:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Connection closed by 45.148.10.121 port 56908 [preauth]
Jun 25 18:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 18:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: Failed password for root from 103.77.175.15 port 40714 ssh2
Jun 25 18:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: Connection closed by 103.77.175.15 port 40714 [preauth]
Jun 25 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6745]: pam_unix(cron:session): session closed for user root
Jun 25 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6740]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6817]: Successful su for rubyman by root
Jun 25 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6817]: + ??? root:rubyman
Jun 25 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591722 of user rubyman.
Jun 25 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6817]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591722.
Jun 25 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session closed for user root
Jun 25 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6742]: pam_unix(cron:session): session closed for user root
Jun 25 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6741]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5942]: pam_unix(cron:session): session closed for user root
Jun 25 18:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 18:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Failed password for root from 103.172.78.219 port 54984 ssh2
Jun 25 18:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Connection closed by 103.172.78.219 port 54984 [preauth]
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7271]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7340]: Successful su for rubyman by root
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7340]: + ??? root:rubyman
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591725 of user rubyman.
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7340]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591725.
Jun 25 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4592]: pam_unix(cron:session): session closed for user root
Jun 25 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7272]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6345]: pam_unix(cron:session): session closed for user root
Jun 25 18:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 18:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for root from 38.93.206.2 port 29334 ssh2
Jun 25 18:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Connection closed by 38.93.206.2 port 29334 [preauth]
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7782]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7840]: Successful su for rubyman by root
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7840]: + ??? root:rubyman
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591731 of user rubyman.
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7840]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591731.
Jun 25 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5129]: pam_unix(cron:session): session closed for user root
Jun 25 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7783]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6744]: pam_unix(cron:session): session closed for user root
Jun 25 18:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8130]: Did not receive identification string from 195.178.110.217
Jun 25 18:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 18:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8146]: Failed password for root from 103.15.222.183 port 41410 ssh2
Jun 25 18:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8146]: Connection closed by 103.15.222.183 port 41410 [preauth]
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8167]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8227]: Successful su for rubyman by root
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8227]: + ??? root:rubyman
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591733 of user rubyman.
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8227]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591733.
Jun 25 18:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5553]: pam_unix(cron:session): session closed for user root
Jun 25 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8168]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7274]: pam_unix(cron:session): session closed for user root
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: Successful su for rubyman by root
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: + ??? root:rubyman
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591737 of user rubyman.
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591737.
Jun 25 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session closed for user root
Jun 25 18:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8562]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7785]: pam_unix(cron:session): session closed for user root
Jun 25 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8963]: pam_unix(cron:session): session closed for user root
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8958]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: Successful su for rubyman by root
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: + ??? root:rubyman
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591744 of user rubyman.
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591744.
Jun 25 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8960]: pam_unix(cron:session): session closed for user root
Jun 25 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6341]: pam_unix(cron:session): session closed for user root
Jun 25 18:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8959]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8170]: pam_unix(cron:session): session closed for user root
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9380]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9447]: Successful su for rubyman by root
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9447]: + ??? root:rubyman
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591748 of user rubyman.
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9447]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591748.
Jun 25 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6743]: pam_unix(cron:session): session closed for user root
Jun 25 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 18:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: Failed password for root from 202.178.126.219 port 51671 ssh2
Jun 25 18:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: Connection closed by 202.178.126.219 port 51671 [preauth]
Jun 25 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session closed for user root
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9776]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9843]: Successful su for rubyman by root
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9843]: + ??? root:rubyman
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591751 of user rubyman.
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9843]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591751.
Jun 25 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7273]: pam_unix(cron:session): session closed for user root
Jun 25 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9781]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 18:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 18:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: Failed password for root from 103.27.238.120 port 34302 ssh2
Jun 25 18:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: Connection closed by 103.27.238.120 port 34302 [preauth]
Jun 25 18:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Failed password for root from 103.153.68.219 port 53772 ssh2
Jun 25 18:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Connection closed by 103.153.68.219 port 53772 [preauth]
Jun 25 18:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 18:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Failed password for root from 176.32.39.21 port 38476 ssh2
Jun 25 18:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Connection closed by 176.32.39.21 port 38476 [preauth]
Jun 25 18:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8962]: pam_unix(cron:session): session closed for user root
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10455]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10517]: Successful su for rubyman by root
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10517]: + ??? root:rubyman
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591756 of user rubyman.
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10517]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591756.
Jun 25 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7784]: pam_unix(cron:session): session closed for user root
Jun 25 18:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10456]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9383]: pam_unix(cron:session): session closed for user root
Jun 25 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Invalid user michael from 141.98.83.240
Jun 25 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: input_userauth_request: invalid user michael [preauth]
Jun 25 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 18:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Failed password for invalid user michael from 141.98.83.240 port 22086 ssh2
Jun 25 18:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Failed password for invalid user michael from 141.98.83.240 port 22086 ssh2
Jun 25 18:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Failed password for invalid user michael from 141.98.83.240 port 22086 ssh2
Jun 25 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Connection closed by 141.98.83.240 port 22086 [preauth]
Jun 25 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 18:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Received disconnect from 50.7.233.211 port 24584:11: disconnected by user [preauth]
Jun 25 18:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Disconnected from 50.7.233.211 port 24584 [preauth]
Jun 25 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10876]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10939]: Successful su for rubyman by root
Jun 25 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10939]: + ??? root:rubyman
Jun 25 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591759 of user rubyman.
Jun 25 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10939]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591759.
Jun 25 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8169]: pam_unix(cron:session): session closed for user root
Jun 25 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10877]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9783]: pam_unix(cron:session): session closed for user root
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11292]: pam_unix(cron:session): session closed for user root
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11361]: Successful su for rubyman by root
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11361]: + ??? root:rubyman
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591765 of user rubyman.
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11361]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591765.
Jun 25 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session closed for user root
Jun 25 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session closed for user root
Jun 25 18:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session closed for user root
Jun 25 18:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: Connection closed by 194.59.206.2 port 27116 [preauth]
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11838]: Successful su for rubyman by root
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11838]: + ??? root:rubyman
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591770 of user rubyman.
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11838]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591770.
Jun 25 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8961]: pam_unix(cron:session): session closed for user root
Jun 25 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10879]: pam_unix(cron:session): session closed for user root
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12376]: Successful su for rubyman by root
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12376]: + ??? root:rubyman
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591773 of user rubyman.
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12376]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591773.
Jun 25 18:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session closed for user root
Jun 25 18:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12197]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11291]: pam_unix(cron:session): session closed for user root
Jun 25 18:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12706]: Failed password for root from 195.178.110.217 port 39280 ssh2
Jun 25 18:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12706]: Connection closed by 195.178.110.217 port 39280 [preauth]
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12786]: Successful su for rubyman by root
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12786]: + ??? root:rubyman
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591779 of user rubyman.
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12786]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591779.
Jun 25 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9782]: pam_unix(cron:session): session closed for user root
Jun 25 18:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12719]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11754]: pam_unix(cron:session): session closed for user root
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13138]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: Successful su for rubyman by root
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: + ??? root:rubyman
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591782 of user rubyman.
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591782.
Jun 25 18:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10457]: pam_unix(cron:session): session closed for user root
Jun 25 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13139]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12199]: pam_unix(cron:session): session closed for user root
Jun 25 18:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: Failed password for root from 195.178.110.217 port 42430 ssh2
Jun 25 18:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13491]: Connection closed by 195.178.110.217 port 42430 [preauth]
Jun 25 18:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: Invalid user admin from 2.57.121.25
Jun 25 18:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: input_userauth_request: invalid user admin [preauth]
Jun 25 18:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 18:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: Failed password for invalid user admin from 2.57.121.25 port 42906 ssh2
Jun 25 18:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: Failed password for invalid user admin from 2.57.121.25 port 42906 ssh2
Jun 25 18:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: Failed password for invalid user admin from 2.57.121.25 port 42906 ssh2
Jun 25 18:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: Connection closed by 2.57.121.25 port 42906 [preauth]
Jun 25 18:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13517]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session closed for user root
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13545]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13615]: Successful su for rubyman by root
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13615]: + ??? root:rubyman
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591789 of user rubyman.
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13615]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591789.
Jun 25 18:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13548]: pam_unix(cron:session): session closed for user root
Jun 25 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10878]: pam_unix(cron:session): session closed for user root
Jun 25 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13546]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: Invalid user stefany from 2.57.121.112
Jun 25 18:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: input_userauth_request: invalid user stefany [preauth]
Jun 25 18:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 18:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: Failed password for invalid user stefany from 2.57.121.112 port 54624 ssh2
Jun 25 18:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: Failed password for invalid user stefany from 2.57.121.112 port 54624 ssh2
Jun 25 18:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: Failed password for invalid user stefany from 2.57.121.112 port 54624 ssh2
Jun 25 18:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: Failed password for invalid user stefany from 2.57.121.112 port 54624 ssh2
Jun 25 18:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: Failed password for invalid user stefany from 2.57.121.112 port 54624 ssh2
Jun 25 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: Connection closed by 2.57.121.112 port 54624 [preauth]
Jun 25 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13868]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session closed for user root
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13989]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14058]: Successful su for rubyman by root
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14058]: + ??? root:rubyman
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591792 of user rubyman.
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14058]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591792.
Jun 25 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session closed for user root
Jun 25 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13990]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13143]: pam_unix(cron:session): session closed for user root
Jun 25 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14327]: Failed password for root from 195.178.110.217 port 45536 ssh2
Jun 25 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14327]: Connection closed by 195.178.110.217 port 45536 [preauth]
Jun 25 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: Successful su for rubyman by root
Jun 25 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: + ??? root:rubyman
Jun 25 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591796 of user rubyman.
Jun 25 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591796.
Jun 25 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session closed for user root
Jun 25 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14587]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13550]: pam_unix(cron:session): session closed for user root
Jun 25 18:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: Successful su for rubyman by root
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: + ??? root:rubyman
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591799 of user rubyman.
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591799.
Jun 25 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12198]: pam_unix(cron:session): session closed for user root
Jun 25 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15322]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Failed password for root from 195.178.110.217 port 48616 ssh2
Jun 25 18:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15583]: Connection closed by 195.178.110.217 port 48616 [preauth]
Jun 25 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13992]: pam_unix(cron:session): session closed for user root
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15830]: Successful su for rubyman by root
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15830]: + ??? root:rubyman
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591804 of user rubyman.
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15830]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591804.
Jun 25 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session closed for user root
Jun 25 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session closed for user root
Jun 25 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session closed for user root
Jun 25 18:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16191]: pam_unix(cron:session): session closed for user root
Jun 25 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16185]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16253]: Successful su for rubyman by root
Jun 25 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16253]: + ??? root:rubyman
Jun 25 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591809 of user rubyman.
Jun 25 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16253]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591809.
Jun 25 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16188]: pam_unix(cron:session): session closed for user root
Jun 25 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13140]: pam_unix(cron:session): session closed for user root
Jun 25 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16186]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: Failed password for root from 195.178.110.217 port 51708 ssh2
Jun 25 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16180]: Connection closed by 195.178.110.217 port 51708 [preauth]
Jun 25 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session closed for user root
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16605]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16674]: Successful su for rubyman by root
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16674]: + ??? root:rubyman
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591815 of user rubyman.
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16674]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591815.
Jun 25 18:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13549]: pam_unix(cron:session): session closed for user root
Jun 25 18:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16606]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session closed for user root
Jun 25 18:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 18:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: Failed password for root from 77.94.47.83 port 48700 ssh2
Jun 25 18:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17072]: Connection closed by 77.94.47.83 port 48700 [preauth]
Jun 25 18:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Failed password for root from 195.178.110.217 port 54738 ssh2
Jun 25 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Connection closed by 195.178.110.217 port 54738 [preauth]
Jun 25 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17117]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17176]: Successful su for rubyman by root
Jun 25 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17176]: + ??? root:rubyman
Jun 25 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591820 of user rubyman.
Jun 25 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17176]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591820.
Jun 25 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13991]: pam_unix(cron:session): session closed for user root
Jun 25 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16190]: pam_unix(cron:session): session closed for user root
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17522]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17581]: Successful su for rubyman by root
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17581]: + ??? root:rubyman
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591823 of user rubyman.
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17581]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591823.
Jun 25 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14588]: pam_unix(cron:session): session closed for user root
Jun 25 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17523]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: Failed password for root from 195.178.110.217 port 57756 ssh2
Jun 25 18:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: Connection closed by 195.178.110.217 port 57756 [preauth]
Jun 25 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16608]: pam_unix(cron:session): session closed for user root
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18020]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18085]: Successful su for rubyman by root
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18085]: + ??? root:rubyman
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591826 of user rubyman.
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18085]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591826.
Jun 25 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session closed for user root
Jun 25 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18021]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session closed for user root
Jun 25 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18538]: pam_unix(cron:session): session closed for user root
Jun 25 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18533]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18603]: Successful su for rubyman by root
Jun 25 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18603]: + ??? root:rubyman
Jun 25 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591832 of user rubyman.
Jun 25 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18603]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591832.
Jun 25 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18535]: pam_unix(cron:session): session closed for user root
Jun 25 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session closed for user root
Jun 25 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18534]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: Failed password for root from 195.178.110.217 port 60902 ssh2
Jun 25 18:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: Connection closed by 195.178.110.217 port 60902 [preauth]
Jun 25 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17525]: pam_unix(cron:session): session closed for user root
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18989]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: Successful su for rubyman by root
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: + ??? root:rubyman
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591839 of user rubyman.
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591839.
Jun 25 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session closed for user root
Jun 25 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18990]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session closed for user root
Jun 25 18:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: Failed password for root from 195.178.110.217 port 35650 ssh2
Jun 25 18:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: Connection closed by 195.178.110.217 port 35650 [preauth]
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19748]: Successful su for rubyman by root
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19748]: + ??? root:rubyman
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591841 of user rubyman.
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19748]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591841.
Jun 25 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: Invalid user admin from 193.46.255.86
Jun 25 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: input_userauth_request: invalid user admin [preauth]
Jun 25 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16607]: pam_unix(cron:session): session closed for user root
Jun 25 18:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19552]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: Failed password for invalid user admin from 193.46.255.86 port 40222 ssh2
Jun 25 18:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: Failed password for invalid user admin from 193.46.255.86 port 40222 ssh2
Jun 25 18:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: Failed password for invalid user admin from 193.46.255.86 port 40222 ssh2
Jun 25 18:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: Connection closed by 193.46.255.86 port 40222 [preauth]
Jun 25 18:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 18:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18537]: pam_unix(cron:session): session closed for user root
Jun 25 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20104]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: Successful su for rubyman by root
Jun 25 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: + ??? root:rubyman
Jun 25 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591845 of user rubyman.
Jun 25 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591845.
Jun 25 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session closed for user root
Jun 25 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20105]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Failed password for root from 195.178.110.217 port 38728 ssh2
Jun 25 18:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Connection closed by 195.178.110.217 port 38728 [preauth]
Jun 25 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18992]: pam_unix(cron:session): session closed for user root
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20609]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: Successful su for rubyman by root
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: + ??? root:rubyman
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591848 of user rubyman.
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591848.
Jun 25 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17524]: pam_unix(cron:session): session closed for user root
Jun 25 18:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20610]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Failed password for root from 51.250.105.222 port 50920 ssh2
Jun 25 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Connection closed by 51.250.105.222 port 50920 [preauth]
Jun 25 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session closed for user root
Jun 25 18:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session closed for user root
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21101]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21180]: Successful su for rubyman by root
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21180]: + ??? root:rubyman
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591856 of user rubyman.
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21180]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591856.
Jun 25 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21103]: pam_unix(cron:session): session closed for user root
Jun 25 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session closed for user root
Jun 25 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: Failed password for root from 195.178.110.217 port 41768 ssh2
Jun 25 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: Connection closed by 195.178.110.217 port 41768 [preauth]
Jun 25 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21102]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20107]: pam_unix(cron:session): session closed for user root
Jun 25 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21566]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21639]: Successful su for rubyman by root
Jun 25 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21639]: + ??? root:rubyman
Jun 25 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591858 of user rubyman.
Jun 25 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21639]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591858.
Jun 25 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18536]: pam_unix(cron:session): session closed for user root
Jun 25 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21567]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: Invalid user admin from 45.148.10.121
Jun 25 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: input_userauth_request: invalid user admin [preauth]
Jun 25 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: Failed password for invalid user admin from 45.148.10.121 port 40070 ssh2
Jun 25 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21859]: Connection closed by 45.148.10.121 port 40070 [preauth]
Jun 25 18:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20612]: pam_unix(cron:session): session closed for user root
Jun 25 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Failed password for root from 195.178.110.217 port 44782 ssh2
Jun 25 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Connection closed by 195.178.110.217 port 44782 [preauth]
Jun 25 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21989]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22046]: Successful su for rubyman by root
Jun 25 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22046]: + ??? root:rubyman
Jun 25 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591863 of user rubyman.
Jun 25 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22046]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591863.
Jun 25 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18991]: pam_unix(cron:session): session closed for user root
Jun 25 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21990]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session closed for user root
Jun 25 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22482]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: Successful su for rubyman by root
Jun 25 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: + ??? root:rubyman
Jun 25 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591866 of user rubyman.
Jun 25 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591866.
Jun 25 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session closed for user root
Jun 25 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22483]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: Failed password for root from 195.178.110.217 port 47952 ssh2
Jun 25 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22722]: Connection closed by 195.178.110.217 port 47952 [preauth]
Jun 25 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21569]: pam_unix(cron:session): session closed for user root
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22890]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22953]: Successful su for rubyman by root
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22953]: + ??? root:rubyman
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591872 of user rubyman.
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22953]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591872.
Jun 25 18:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20106]: pam_unix(cron:session): session closed for user root
Jun 25 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22891]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21992]: pam_unix(cron:session): session closed for user root
Jun 25 18:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: Failed password for root from 195.178.110.217 port 50978 ssh2
Jun 25 18:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: Connection closed by 195.178.110.217 port 50978 [preauth]
Jun 25 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23297]: pam_unix(cron:session): session closed for user root
Jun 25 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23374]: Successful su for rubyman by root
Jun 25 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23374]: + ??? root:rubyman
Jun 25 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591874 of user rubyman.
Jun 25 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23374]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591874.
Jun 25 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20611]: pam_unix(cron:session): session closed for user root
Jun 25 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session closed for user root
Jun 25 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: Invalid user  from 91.92.40.171
Jun 25 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: input_userauth_request: invalid user  [preauth]
Jun 25 18:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22488]: pam_unix(cron:session): session closed for user root
Jun 25 18:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23648]: Connection closed by 91.92.40.171 port 43768 [preauth]
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23754]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23751]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: Successful su for rubyman by root
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: + ??? root:rubyman
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591880 of user rubyman.
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591880.
Jun 25 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session closed for user root
Jun 25 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23752]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for root from 91.92.40.171 port 60498 ssh2
Jun 25 18:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Connection closed by 91.92.40.171 port 60498 [preauth]
Jun 25 18:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: Invalid user mohamed from 141.98.83.240
Jun 25 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: input_userauth_request: invalid user mohamed [preauth]
Jun 25 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 18:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: Invalid user openclaw from 91.92.40.171
Jun 25 18:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 18:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: Failed password for invalid user mohamed from 141.98.83.240 port 56104 ssh2
Jun 25 18:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: Failed password for invalid user mohamed from 141.98.83.240 port 56104 ssh2
Jun 25 18:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: Failed password for invalid user openclaw from 91.92.40.171 port 59464 ssh2
Jun 25 18:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: Connection closed by 91.92.40.171 port 59464 [preauth]
Jun 25 18:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: Failed password for invalid user mohamed from 141.98.83.240 port 56104 ssh2
Jun 25 18:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: Connection closed by 141.98.83.240 port 56104 [preauth]
Jun 25 18:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 18:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Failed password for root from 195.178.110.217 port 54014 ssh2
Jun 25 18:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Connection closed by 195.178.110.217 port 54014 [preauth]
Jun 25 18:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: Failed password for root from 91.92.40.171 port 59514 ssh2
Jun 25 18:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: Connection closed by 91.92.40.171 port 59514 [preauth]
Jun 25 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session closed for user root
Jun 25 18:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24185]: Failed password for root from 91.92.40.171 port 56728 ssh2
Jun 25 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24185]: Connection closed by 91.92.40.171 port 56728 [preauth]
Jun 25 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Invalid user dmdba from 91.92.40.171
Jun 25 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 18:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Failed password for invalid user dmdba from 91.92.40.171 port 56758 ssh2
Jun 25 18:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Connection closed by 91.92.40.171 port 56758 [preauth]
Jun 25 18:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: Invalid user installer from 91.92.40.171
Jun 25 18:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: input_userauth_request: invalid user installer [preauth]
Jun 25 18:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: Failed password for invalid user installer from 91.92.40.171 port 33992 ssh2
Jun 25 18:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 18:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: Connection closed by 91.92.40.171 port 33992 [preauth]
Jun 25 18:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: Failed password for root from 87.251.79.125 port 56034 ssh2
Jun 25 18:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: Connection closed by 87.251.79.125 port 56034 [preauth]
Jun 25 18:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Failed password for root from 91.92.40.171 port 42322 ssh2
Jun 25 18:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Connection closed by 91.92.40.171 port 42322 [preauth]
Jun 25 18:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Invalid user parsa from 91.92.40.171
Jun 25 18:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: input_userauth_request: invalid user parsa [preauth]
Jun 25 18:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Failed password for invalid user parsa from 91.92.40.171 port 42352 ssh2
Jun 25 18:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Connection closed by 91.92.40.171 port 42352 [preauth]
Jun 25 18:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: Invalid user pi from 91.92.40.171
Jun 25 18:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: input_userauth_request: invalid user pi [preauth]
Jun 25 18:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: Failed password for invalid user pi from 91.92.40.171 port 44374 ssh2
Jun 25 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: Connection closed by 91.92.40.171 port 44374 [preauth]
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24321]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24319]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24380]: Successful su for rubyman by root
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24380]: + ??? root:rubyman
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591884 of user rubyman.
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24380]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591884.
Jun 25 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: Invalid user user2 from 91.92.40.171
Jun 25 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: input_userauth_request: invalid user user2 [preauth]
Jun 25 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session closed for user root
Jun 25 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24320]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: Failed password for invalid user user2 from 91.92.40.171 port 44404 ssh2
Jun 25 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24317]: Connection closed by 91.92.40.171 port 44404 [preauth]
Jun 25 18:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Invalid user azureuser from 91.92.40.171
Jun 25 18:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: input_userauth_request: invalid user azureuser [preauth]
Jun 25 18:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Failed password for invalid user azureuser from 91.92.40.171 port 38980 ssh2
Jun 25 18:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24569]: Connection closed by 91.92.40.171 port 38980 [preauth]
Jun 25 18:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Invalid user guest from 91.92.40.171
Jun 25 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: input_userauth_request: invalid user guest [preauth]
Jun 25 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Failed password for invalid user guest from 91.92.40.171 port 39060 ssh2
Jun 25 18:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Connection closed by 91.92.40.171 port 39060 [preauth]
Jun 25 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: Invalid user tester from 91.92.40.171
Jun 25 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: input_userauth_request: invalid user tester [preauth]
Jun 25 18:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: Failed password for invalid user tester from 91.92.40.171 port 38714 ssh2
Jun 25 18:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: Connection closed by 91.92.40.171 port 38714 [preauth]
Jun 25 18:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: Invalid user ubuntu from 91.92.40.171
Jun 25 18:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 18:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: Failed password for invalid user ubuntu from 91.92.40.171 port 38794 ssh2
Jun 25 18:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: Connection closed by 91.92.40.171 port 38794 [preauth]
Jun 25 18:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Failed password for root from 91.92.40.171 port 45942 ssh2
Jun 25 18:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Connection closed by 91.92.40.171 port 45942 [preauth]
Jun 25 18:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23296]: pam_unix(cron:session): session closed for user root
Jun 25 18:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Invalid user dev from 91.92.40.171
Jun 25 18:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: input_userauth_request: invalid user dev [preauth]
Jun 25 18:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Failed password for invalid user dev from 91.92.40.171 port 35106 ssh2
Jun 25 18:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Connection closed by 91.92.40.171 port 35106 [preauth]
Jun 25 18:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Invalid user admin2 from 91.92.40.171
Jun 25 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Failed password for invalid user admin2 from 91.92.40.171 port 35158 ssh2
Jun 25 18:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Connection closed by 91.92.40.171 port 35158 [preauth]
Jun 25 18:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Failed password for root from 91.92.40.171 port 49932 ssh2
Jun 25 18:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Connection closed by 91.92.40.171 port 49932 [preauth]
Jun 25 18:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Invalid user amir from 91.92.40.171
Jun 25 18:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: input_userauth_request: invalid user amir [preauth]
Jun 25 18:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Failed password for invalid user amir from 91.92.40.171 port 49960 ssh2
Jun 25 18:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Connection closed by 91.92.40.171 port 49960 [preauth]
Jun 25 18:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Failed password for root from 195.178.110.217 port 56994 ssh2
Jun 25 18:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Connection closed by 195.178.110.217 port 56994 [preauth]
Jun 25 18:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Invalid user kipt from 91.92.40.171
Jun 25 18:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: input_userauth_request: invalid user kipt [preauth]
Jun 25 18:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Failed password for invalid user kipt from 91.92.40.171 port 49396 ssh2
Jun 25 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Connection closed by 91.92.40.171 port 49396 [preauth]
Jun 25 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24762]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24827]: Successful su for rubyman by root
Jun 25 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24827]: + ??? root:rubyman
Jun 25 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591888 of user rubyman.
Jun 25 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24827]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591888.
Jun 25 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21991]: pam_unix(cron:session): session closed for user root
Jun 25 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24764]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Failed password for root from 91.92.40.171 port 49430 ssh2
Jun 25 18:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Connection closed by 91.92.40.171 port 49430 [preauth]
Jun 25 18:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: Failed password for root from 91.92.40.171 port 46802 ssh2
Jun 25 18:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: Connection closed by 91.92.40.171 port 46802 [preauth]
Jun 25 18:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 18:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: Failed password for root from 103.27.238.114 port 53436 ssh2
Jun 25 18:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25018]: Connection closed by 103.27.238.114 port 53436 [preauth]
Jun 25 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: Failed password for root from 91.92.40.171 port 51854 ssh2
Jun 25 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: Connection closed by 91.92.40.171 port 51854 [preauth]
Jun 25 18:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Invalid user user1 from 91.92.40.171
Jun 25 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: input_userauth_request: invalid user user1 [preauth]
Jun 25 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Failed password for invalid user user1 from 91.92.40.171 port 51882 ssh2
Jun 25 18:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Connection closed by 91.92.40.171 port 51882 [preauth]
Jun 25 18:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Invalid user jenkins from 91.92.40.171
Jun 25 18:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 18:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Failed password for invalid user jenkins from 91.92.40.171 port 53304 ssh2
Jun 25 18:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Connection closed by 91.92.40.171 port 53304 [preauth]
Jun 25 18:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Invalid user main from 91.92.40.171
Jun 25 18:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: input_userauth_request: invalid user main [preauth]
Jun 25 18:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session closed for user root
Jun 25 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Failed password for invalid user main from 91.92.40.171 port 53348 ssh2
Jun 25 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Connection closed by 91.92.40.171 port 53348 [preauth]
Jun 25 18:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 18:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: Failed password for root from 193.37.70.224 port 35478 ssh2
Jun 25 18:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: Connection closed by 193.37.70.224 port 35478 [preauth]
Jun 25 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: Failed password for root from 91.92.40.171 port 39650 ssh2
Jun 25 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: Connection closed by 91.92.40.171 port 39650 [preauth]
Jun 25 18:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25135]: Failed password for root from 91.92.40.171 port 39712 ssh2
Jun 25 18:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25135]: Connection closed by 91.92.40.171 port 39712 [preauth]
Jun 25 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Invalid user opc from 91.92.40.171
Jun 25 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: input_userauth_request: invalid user opc [preauth]
Jun 25 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Failed password for invalid user opc from 91.92.40.171 port 51120 ssh2
Jun 25 18:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Connection closed by 91.92.40.171 port 51120 [preauth]
Jun 25 18:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Invalid user admin1 from 91.92.40.171
Jun 25 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Failed password for invalid user admin1 from 91.92.40.171 port 51164 ssh2
Jun 25 18:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Connection closed by 91.92.40.171 port 51164 [preauth]
Jun 25 18:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Invalid user newuser from 91.92.40.171
Jun 25 18:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: input_userauth_request: invalid user newuser [preauth]
Jun 25 18:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25190]: pam_unix(cron:session): session closed for user p13x
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25250]: Successful su for rubyman by root
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25250]: + ??? root:rubyman
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591892 of user rubyman.
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25250]: pam_unix(su:session): session closed for user rubyman
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591892.
Jun 25 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Failed password for invalid user newuser from 91.92.40.171 port 39592 ssh2
Jun 25 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Connection closed by 91.92.40.171 port 39592 [preauth]
Jun 25 18:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: Invalid user app from 91.92.40.171
Jun 25 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: input_userauth_request: invalid user app [preauth]
Jun 25 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22487]: pam_unix(cron:session): session closed for user root
Jun 25 18:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session closed for user samftp
Jun 25 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: Failed password for invalid user app from 91.92.40.171 port 39602 ssh2
Jun 25 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: Connection closed by 91.92.40.171 port 39602 [preauth]
Jun 25 18:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: Invalid user ubuntu from 91.92.40.171
Jun 25 18:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 18:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: Failed password for invalid user ubuntu from 91.92.40.171 port 41720 ssh2
Jun 25 18:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: Connection closed by 91.92.40.171 port 41720 [preauth]
Jun 25 18:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25452]: Invalid user asterisk from 91.92.40.171
Jun 25 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25452]: input_userauth_request: invalid user asterisk [preauth]
Jun 25 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25452]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25452]: Failed password for invalid user asterisk from 91.92.40.171 port 47872 ssh2
Jun 25 18:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25452]: Connection closed by 91.92.40.171 port 47872 [preauth]
Jun 25 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: Invalid user admin from 91.92.40.171
Jun 25 18:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: input_userauth_request: invalid user admin [preauth]
Jun 25 18:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: Failed password for invalid user admin from 91.92.40.171 port 47952 ssh2
Jun 25 18:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: Connection closed by 91.92.40.171 port 47952 [preauth]
Jun 25 18:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25498]: Invalid user tom from 91.92.40.171
Jun 25 18:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25498]: input_userauth_request: invalid user tom [preauth]
Jun 25 18:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25498]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 18:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25498]: Failed password for invalid user tom from 91.92.40.171 port 45004 ssh2
Jun 25 18:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25498]: Connection closed by 91.92.40.171 port 45004 [preauth]
Jun 25 18:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25482]: Failed password for root from 195.178.110.217 port 60026 ssh2
Jun 25 18:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25482]: Connection closed by 195.178.110.217 port 60026 [preauth]
Jun 25 18:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: Invalid user deployer from 91.92.40.171
Jun 25 18:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: input_userauth_request: invalid user deployer [preauth]
Jun 25 18:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24323]: pam_unix(cron:session): session closed for user root
Jun 25 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: Failed password for invalid user deployer from 91.92.40.171 port 45050 ssh2
Jun 25 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: Connection closed by 91.92.40.171 port 45050 [preauth]
Jun 25 18:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Invalid user portal from 91.92.40.171
Jun 25 18:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: input_userauth_request: invalid user portal [preauth]
Jun 25 18:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Failed password for invalid user portal from 91.92.40.171 port 59116 ssh2
Jun 25 18:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Connection closed by 91.92.40.171 port 59116 [preauth]
Jun 25 18:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Invalid user student from 91.92.40.171
Jun 25 18:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: input_userauth_request: invalid user student [preauth]
Jun 25 18:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Failed password for invalid user student from 91.92.40.171 port 59154 ssh2
Jun 25 18:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Connection closed by 91.92.40.171 port 59154 [preauth]
Jun 25 18:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: Failed password for root from 91.92.40.171 port 50276 ssh2
Jun 25 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: Connection closed by 91.92.40.171 port 50276 [preauth]
Jun 25 18:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Invalid user linuxuser from 91.92.40.171
Jun 25 18:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: input_userauth_request: invalid user linuxuser [preauth]
Jun 25 18:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 18:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Failed password for invalid user linuxuser from 91.92.40.171 port 50344 ssh2
Jun 25 18:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Connection closed by 91.92.40.171 port 50344 [preauth]
Jun 25 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Invalid user kafka from 91.92.40.171
Jun 25 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: input_userauth_request: invalid user kafka [preauth]
Jun 25 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Failed password for invalid user kafka from 91.92.40.171 port 44824 ssh2
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Connection closed by 91.92.40.171 port 44824 [preauth]
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session closed for user root
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25615]: pam_unix(cron:session): session closed for user root
Jun 25 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25609]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25700]: Successful su for rubyman by root
Jun 25 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25700]: + ??? root:rubyman
Jun 25 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591896 of user rubyman.
Jun 25 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25700]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591896.
Jun 25 19:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: Invalid user user from 91.92.40.171
Jun 25 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: input_userauth_request: invalid user user [preauth]
Jun 25 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22892]: pam_unix(cron:session): session closed for user root
Jun 25 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user root
Jun 25 19:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: Failed password for invalid user user from 91.92.40.171 port 44872 ssh2
Jun 25 19:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25762]: Connection closed by 91.92.40.171 port 44872 [preauth]
Jun 25 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25917]: Invalid user test from 91.92.40.171
Jun 25 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25917]: input_userauth_request: invalid user test [preauth]
Jun 25 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25917]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25917]: Failed password for invalid user test from 91.92.40.171 port 36342 ssh2
Jun 25 19:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25917]: Connection closed by 91.92.40.171 port 36342 [preauth]
Jun 25 19:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: Invalid user admin from 91.92.40.171
Jun 25 19:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: Failed password for invalid user admin from 91.92.40.171 port 46606 ssh2
Jun 25 19:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25932]: Connection closed by 91.92.40.171 port 46606 [preauth]
Jun 25 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: Invalid user root1 from 91.92.40.171
Jun 25 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: input_userauth_request: invalid user root1 [preauth]
Jun 25 19:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 25 19:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: Failed password for invalid user root1 from 91.92.40.171 port 46640 ssh2
Jun 25 19:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: Connection closed by 91.92.40.171 port 46640 [preauth]
Jun 25 19:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: Failed password for root from 94.159.110.201 port 57706 ssh2
Jun 25 19:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25952]: Connection closed by 94.159.110.201 port 57706 [preauth]
Jun 25 19:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: Failed password for root from 91.92.40.171 port 41178 ssh2
Jun 25 19:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: Connection closed by 91.92.40.171 port 41178 [preauth]
Jun 25 19:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25986]: Invalid user martin from 91.92.40.171
Jun 25 19:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25986]: input_userauth_request: invalid user martin [preauth]
Jun 25 19:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25986]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25986]: Failed password for invalid user martin from 91.92.40.171 port 41230 ssh2
Jun 25 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25986]: Connection closed by 91.92.40.171 port 41230 [preauth]
Jun 25 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24767]: pam_unix(cron:session): session closed for user root
Jun 25 19:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Invalid user openclaw from 91.92.40.171
Jun 25 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Failed password for invalid user openclaw from 91.92.40.171 port 39094 ssh2
Jun 25 19:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Connection closed by 91.92.40.171 port 39094 [preauth]
Jun 25 19:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Invalid user server from 91.92.40.171
Jun 25 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: input_userauth_request: invalid user server [preauth]
Jun 25 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Failed password for invalid user server from 91.92.40.171 port 39134 ssh2
Jun 25 19:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Connection closed by 91.92.40.171 port 39134 [preauth]
Jun 25 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: Invalid user nagios from 91.92.40.171
Jun 25 19:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: input_userauth_request: invalid user nagios [preauth]
Jun 25 19:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: Failed password for invalid user nagios from 91.92.40.171 port 34292 ssh2
Jun 25 19:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: Connection closed by 91.92.40.171 port 34292 [preauth]
Jun 25 19:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Invalid user user1 from 91.92.40.171
Jun 25 19:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: input_userauth_request: invalid user user1 [preauth]
Jun 25 19:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Failed password for invalid user user1 from 91.92.40.171 port 34332 ssh2
Jun 25 19:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Connection closed by 91.92.40.171 port 34332 [preauth]
Jun 25 19:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Invalid user runner from 91.92.40.171
Jun 25 19:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: input_userauth_request: invalid user runner [preauth]
Jun 25 19:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Failed password for invalid user runner from 91.92.40.171 port 34656 ssh2
Jun 25 19:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Connection closed by 91.92.40.171 port 34656 [preauth]
Jun 25 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26187]: Successful su for rubyman by root
Jun 25 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26187]: + ??? root:rubyman
Jun 25 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591904 of user rubyman.
Jun 25 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26187]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591904.
Jun 25 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: Invalid user postgres from 91.92.40.171
Jun 25 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: input_userauth_request: invalid user postgres [preauth]
Jun 25 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for root from 195.178.110.217 port 34928 ssh2
Jun 25 19:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Connection closed by 195.178.110.217 port 34928 [preauth]
Jun 25 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session closed for user root
Jun 25 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: Failed password for invalid user postgres from 91.92.40.171 port 34686 ssh2
Jun 25 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: Connection closed by 91.92.40.171 port 34686 [preauth]
Jun 25 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: Invalid user appuser from 91.92.40.171
Jun 25 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: input_userauth_request: invalid user appuser [preauth]
Jun 25 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: Failed password for invalid user appuser from 91.92.40.171 port 44446 ssh2
Jun 25 19:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: Connection closed by 91.92.40.171 port 44446 [preauth]
Jun 25 19:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: Invalid user hduser from 91.92.40.171
Jun 25 19:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: input_userauth_request: invalid user hduser [preauth]
Jun 25 19:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: Failed password for invalid user hduser from 91.92.40.171 port 44476 ssh2
Jun 25 19:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: Connection closed by 91.92.40.171 port 44476 [preauth]
Jun 25 19:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: Invalid user lighthouse from 91.92.40.171
Jun 25 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: input_userauth_request: invalid user lighthouse [preauth]
Jun 25 19:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: Failed password for invalid user lighthouse from 91.92.40.171 port 49954 ssh2
Jun 25 19:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: Connection closed by 91.92.40.171 port 49954 [preauth]
Jun 25 19:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26429]: Invalid user developer from 91.92.40.171
Jun 25 19:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26429]: input_userauth_request: invalid user developer [preauth]
Jun 25 19:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26429]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26429]: Failed password for invalid user developer from 91.92.40.171 port 49376 ssh2
Jun 25 19:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26429]: Connection closed by 91.92.40.171 port 49376 [preauth]
Jun 25 19:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: Invalid user mohammad from 91.92.40.171
Jun 25 19:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: input_userauth_request: invalid user mohammad [preauth]
Jun 25 19:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: Failed password for invalid user mohammad from 91.92.40.171 port 49418 ssh2
Jun 25 19:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: Connection closed by 91.92.40.171 port 49418 [preauth]
Jun 25 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session closed for user root
Jun 25 19:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26469]: Invalid user pi from 91.92.40.171
Jun 25 19:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26469]: input_userauth_request: invalid user pi [preauth]
Jun 25 19:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26469]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26469]: Failed password for invalid user pi from 91.92.40.171 port 38246 ssh2
Jun 25 19:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26469]: Connection closed by 91.92.40.171 port 38246 [preauth]
Jun 25 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26481]: Invalid user app from 91.92.40.171
Jun 25 19:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26481]: input_userauth_request: invalid user app [preauth]
Jun 25 19:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26481]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 19:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26481]: Failed password for invalid user app from 91.92.40.171 port 38264 ssh2
Jun 25 19:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26481]: Connection closed by 91.92.40.171 port 38264 [preauth]
Jun 25 19:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26492]: Failed password for root from 62.133.62.83 port 35868 ssh2
Jun 25 19:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26492]: Connection closed by 62.133.62.83 port 35868 [preauth]
Jun 25 19:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Failed password for root from 91.92.40.171 port 55626 ssh2
Jun 25 19:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Connection closed by 91.92.40.171 port 55626 [preauth]
Jun 25 19:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: Failed password for invalid user ubuntu from 91.92.40.171 port 55656 ssh2
Jun 25 19:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: Connection closed by 91.92.40.171 port 55656 [preauth]
Jun 25 19:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: Invalid user neptune from 91.92.40.171
Jun 25 19:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: input_userauth_request: invalid user neptune [preauth]
Jun 25 19:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: Failed password for invalid user neptune from 91.92.40.171 port 55654 ssh2
Jun 25 19:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26527]: Connection closed by 91.92.40.171 port 55654 [preauth]
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26542]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26540]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26606]: Successful su for rubyman by root
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26606]: + ??? root:rubyman
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591907 of user rubyman.
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26606]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591907.
Jun 25 19:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23754]: pam_unix(cron:session): session closed for user root
Jun 25 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Invalid user ftpuser from 91.92.40.171
Jun 25 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Failed password for invalid user ftpuser from 91.92.40.171 port 55682 ssh2
Jun 25 19:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26541]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Connection closed by 91.92.40.171 port 55682 [preauth]
Jun 25 19:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: Invalid user csgo from 91.92.40.171
Jun 25 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: input_userauth_request: invalid user csgo [preauth]
Jun 25 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: Failed password for invalid user csgo from 91.92.40.171 port 50014 ssh2
Jun 25 19:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: Connection closed by 91.92.40.171 port 50014 [preauth]
Jun 25 19:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: Invalid user core from 91.92.40.171
Jun 25 19:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: input_userauth_request: invalid user core [preauth]
Jun 25 19:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: Failed password for invalid user core from 91.92.40.171 port 50050 ssh2
Jun 25 19:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26880]: Connection closed by 91.92.40.171 port 50050 [preauth]
Jun 25 19:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Invalid user admin from 91.92.40.171
Jun 25 19:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Failed password for invalid user admin from 91.92.40.171 port 49612 ssh2
Jun 25 19:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Connection closed by 91.92.40.171 port 49612 [preauth]
Jun 25 19:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26939]: Failed password for root from 91.92.40.171 port 56544 ssh2
Jun 25 19:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26939]: Connection closed by 91.92.40.171 port 56544 [preauth]
Jun 25 19:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26951]: Invalid user claude from 91.92.40.171
Jun 25 19:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26951]: input_userauth_request: invalid user claude [preauth]
Jun 25 19:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26951]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26951]: Failed password for invalid user claude from 91.92.40.171 port 56590 ssh2
Jun 25 19:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26951]: Connection closed by 91.92.40.171 port 56590 [preauth]
Jun 25 19:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25614]: pam_unix(cron:session): session closed for user root
Jun 25 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: Invalid user appuser from 91.92.40.171
Jun 25 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: input_userauth_request: invalid user appuser [preauth]
Jun 25 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Failed password for root from 103.82.132.16 port 45778 ssh2
Jun 25 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Connection closed by 103.82.132.16 port 45778 [preauth]
Jun 25 19:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: Failed password for invalid user appuser from 91.92.40.171 port 56484 ssh2
Jun 25 19:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: Connection closed by 91.92.40.171 port 56484 [preauth]
Jun 25 19:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: Failed password for root from 195.178.110.217 port 37930 ssh2
Jun 25 19:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26953]: Connection closed by 195.178.110.217 port 37930 [preauth]
Jun 25 19:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: Invalid user nginx from 91.92.40.171
Jun 25 19:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: input_userauth_request: invalid user nginx [preauth]
Jun 25 19:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: Failed password for invalid user nginx from 91.92.40.171 port 56518 ssh2
Jun 25 19:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: Connection closed by 91.92.40.171 port 56518 [preauth]
Jun 25 19:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27020]: Invalid user claude from 91.92.40.171
Jun 25 19:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27020]: input_userauth_request: invalid user claude [preauth]
Jun 25 19:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27020]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27020]: Failed password for invalid user claude from 91.92.40.171 port 39876 ssh2
Jun 25 19:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27020]: Connection closed by 91.92.40.171 port 39876 [preauth]
Jun 25 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: Invalid user test from 91.92.40.171
Jun 25 19:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: input_userauth_request: invalid user test [preauth]
Jun 25 19:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: Failed password for invalid user test from 91.92.40.171 port 39908 ssh2
Jun 25 19:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: Connection closed by 91.92.40.171 port 39908 [preauth]
Jun 25 19:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: Invalid user test1 from 91.92.40.171
Jun 25 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: input_userauth_request: invalid user test1 [preauth]
Jun 25 19:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: Failed password for invalid user test1 from 91.92.40.171 port 48494 ssh2
Jun 25 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: Connection closed by 91.92.40.171 port 48494 [preauth]
Jun 25 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27055]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: User ftp from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: input_userauth_request: invalid user ftp [preauth]
Jun 25 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27117]: Successful su for rubyman by root
Jun 25 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27117]: + ??? root:rubyman
Jun 25 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591911 of user rubyman.
Jun 25 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27117]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591911.
Jun 25 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=ftp
Jun 25 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24321]: pam_unix(cron:session): session closed for user root
Jun 25 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: Failed password for invalid user ftp from 91.92.40.171 port 48540 ssh2
Jun 25 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: Connection closed by 91.92.40.171 port 48540 [preauth]
Jun 25 19:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: Invalid user www from 91.92.40.171
Jun 25 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: input_userauth_request: invalid user www [preauth]
Jun 25 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: Failed password for invalid user www from 91.92.40.171 port 58800 ssh2
Jun 25 19:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27323]: Connection closed by 91.92.40.171 port 58800 [preauth]
Jun 25 19:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Invalid user frappe from 91.92.40.171
Jun 25 19:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: input_userauth_request: invalid user frappe [preauth]
Jun 25 19:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Failed password for invalid user frappe from 91.92.40.171 port 58858 ssh2
Jun 25 19:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Connection closed by 91.92.40.171 port 58858 [preauth]
Jun 25 19:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Failed password for root from 91.92.40.171 port 36072 ssh2
Jun 25 19:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Connection closed by 91.92.40.171 port 36072 [preauth]
Jun 25 19:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: Invalid user ec2-user from 91.92.40.171
Jun 25 19:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 19:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: Failed password for invalid user ec2-user from 91.92.40.171 port 36112 ssh2
Jun 25 19:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: Connection closed by 91.92.40.171 port 36112 [preauth]
Jun 25 19:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: Invalid user dev from 91.92.40.171
Jun 25 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: input_userauth_request: invalid user dev [preauth]
Jun 25 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: Failed password for invalid user dev from 91.92.40.171 port 54876 ssh2
Jun 25 19:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: Connection closed by 91.92.40.171 port 54876 [preauth]
Jun 25 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session closed for user root
Jun 25 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: Invalid user user from 91.92.40.171
Jun 25 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: input_userauth_request: invalid user user [preauth]
Jun 25 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: Failed password for invalid user user from 91.92.40.171 port 47260 ssh2
Jun 25 19:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: Connection closed by 91.92.40.171 port 47260 [preauth]
Jun 25 19:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27436]: Invalid user niaoyun from 91.92.40.171
Jun 25 19:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27436]: input_userauth_request: invalid user niaoyun [preauth]
Jun 25 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27436]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27436]: Failed password for invalid user niaoyun from 91.92.40.171 port 47326 ssh2
Jun 25 19:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27436]: Connection closed by 91.92.40.171 port 47326 [preauth]
Jun 25 19:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Failed password for invalid user ubuntu from 91.92.40.171 port 41452 ssh2
Jun 25 19:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Connection closed by 91.92.40.171 port 41452 [preauth]
Jun 25 19:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: Invalid user wso2 from 91.92.40.171
Jun 25 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: input_userauth_request: invalid user wso2 [preauth]
Jun 25 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: Failed password for invalid user wso2 from 91.92.40.171 port 41506 ssh2
Jun 25 19:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: Connection closed by 91.92.40.171 port 41506 [preauth]
Jun 25 19:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: Invalid user devops from 91.92.40.171
Jun 25 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: input_userauth_request: invalid user devops [preauth]
Jun 25 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: Failed password for invalid user devops from 91.92.40.171 port 48426 ssh2
Jun 25 19:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: Connection closed by 91.92.40.171 port 48426 [preauth]
Jun 25 19:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27565]: Successful su for rubyman by root
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27565]: + ??? root:rubyman
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591915 of user rubyman.
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27565]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591915.
Jun 25 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Failed password for root from 91.92.40.171 port 48484 ssh2
Jun 25 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Connection closed by 91.92.40.171 port 48484 [preauth]
Jun 25 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session closed for user root
Jun 25 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27497]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27616]: Failed password for root from 195.178.110.217 port 40960 ssh2
Jun 25 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27616]: Connection closed by 195.178.110.217 port 40960 [preauth]
Jun 25 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27754]: Failed password for root from 91.92.40.171 port 38646 ssh2
Jun 25 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27754]: Connection closed by 91.92.40.171 port 38646 [preauth]
Jun 25 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: Invalid user admin from 91.92.40.171
Jun 25 19:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: Failed password for invalid user admin from 91.92.40.171 port 38680 ssh2
Jun 25 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: Connection closed by 91.92.40.171 port 38680 [preauth]
Jun 25 19:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Invalid user gitlab-runner from 91.92.40.171
Jun 25 19:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 19:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Failed password for invalid user gitlab-runner from 91.92.40.171 port 42958 ssh2
Jun 25 19:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Connection closed by 91.92.40.171 port 42958 [preauth]
Jun 25 19:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Invalid user postgres from 91.92.40.171
Jun 25 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: input_userauth_request: invalid user postgres [preauth]
Jun 25 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Failed password for invalid user postgres from 91.92.40.171 port 43020 ssh2
Jun 25 19:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Connection closed by 91.92.40.171 port 43020 [preauth]
Jun 25 19:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: Invalid user elasticsearch from 91.92.40.171
Jun 25 19:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 25 19:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: Failed password for invalid user elasticsearch from 91.92.40.171 port 45956 ssh2
Jun 25 19:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27822]: Connection closed by 91.92.40.171 port 45956 [preauth]
Jun 25 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26543]: pam_unix(cron:session): session closed for user root
Jun 25 19:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: Failed password for root from 38.93.206.2 port 55984 ssh2
Jun 25 19:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: Connection closed by 38.93.206.2 port 55984 [preauth]
Jun 25 19:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Failed password for root from 91.92.40.171 port 33592 ssh2
Jun 25 19:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Connection closed by 91.92.40.171 port 33592 [preauth]
Jun 25 19:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Invalid user user3 from 91.92.40.171
Jun 25 19:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: input_userauth_request: invalid user user3 [preauth]
Jun 25 19:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Failed password for invalid user user3 from 91.92.40.171 port 33640 ssh2
Jun 25 19:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Connection closed by 91.92.40.171 port 33640 [preauth]
Jun 25 19:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: Invalid user data from 91.92.40.171
Jun 25 19:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: input_userauth_request: invalid user data [preauth]
Jun 25 19:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: Failed password for invalid user data from 91.92.40.171 port 55648 ssh2
Jun 25 19:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: Connection closed by 91.92.40.171 port 55648 [preauth]
Jun 25 19:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: Invalid user web from 91.92.40.171
Jun 25 19:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: input_userauth_request: invalid user web [preauth]
Jun 25 19:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: Failed password for invalid user web from 91.92.40.171 port 55702 ssh2
Jun 25 19:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: Connection closed by 91.92.40.171 port 55702 [preauth]
Jun 25 19:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: Failed password for root from 91.92.40.171 port 56694 ssh2
Jun 25 19:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: Connection closed by 91.92.40.171 port 56694 [preauth]
Jun 25 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27933]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27937]: pam_unix(cron:session): session closed for user root
Jun 25 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28014]: Successful su for rubyman by root
Jun 25 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28014]: + ??? root:rubyman
Jun 25 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591920 of user rubyman.
Jun 25 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28014]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591920.
Jun 25 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Invalid user steam from 91.92.40.171
Jun 25 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: input_userauth_request: invalid user steam [preauth]
Jun 25 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27933]: pam_unix(cron:session): session closed for user root
Jun 25 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session closed for user root
Jun 25 19:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Failed password for invalid user steam from 91.92.40.171 port 56722 ssh2
Jun 25 19:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Connection closed by 91.92.40.171 port 56722 [preauth]
Jun 25 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Invalid user frappe from 91.92.40.171
Jun 25 19:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: input_userauth_request: invalid user frappe [preauth]
Jun 25 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Failed password for invalid user frappe from 91.92.40.171 port 56708 ssh2
Jun 25 19:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Connection closed by 91.92.40.171 port 56708 [preauth]
Jun 25 19:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: Invalid user sysupdate from 91.92.40.171
Jun 25 19:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: input_userauth_request: invalid user sysupdate [preauth]
Jun 25 19:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: Failed password for invalid user sysupdate from 91.92.40.171 port 56790 ssh2
Jun 25 19:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: Connection closed by 91.92.40.171 port 56790 [preauth]
Jun 25 19:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: Invalid user home from 91.92.40.171
Jun 25 19:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: input_userauth_request: invalid user home [preauth]
Jun 25 19:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: Failed password for invalid user home from 91.92.40.171 port 48472 ssh2
Jun 25 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28302]: Connection closed by 91.92.40.171 port 48472 [preauth]
Jun 25 19:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Invalid user dmdba from 91.92.40.171
Jun 25 19:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 19:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Failed password for invalid user dmdba from 91.92.40.171 port 48528 ssh2
Jun 25 19:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Connection closed by 91.92.40.171 port 48528 [preauth]
Jun 25 19:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Invalid user manoj from 91.92.40.171
Jun 25 19:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: input_userauth_request: invalid user manoj [preauth]
Jun 25 19:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Failed password for invalid user manoj from 91.92.40.171 port 45754 ssh2
Jun 25 19:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Connection closed by 91.92.40.171 port 45754 [preauth]
Jun 25 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session closed for user root
Jun 25 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: Invalid user odoo14 from 91.92.40.171
Jun 25 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: input_userauth_request: invalid user odoo14 [preauth]
Jun 25 19:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: Failed password for invalid user odoo14 from 91.92.40.171 port 45774 ssh2
Jun 25 19:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28346]: Connection closed by 91.92.40.171 port 45774 [preauth]
Jun 25 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28381]: Invalid user dmdba from 91.92.40.171
Jun 25 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28381]: input_userauth_request: invalid user dmdba [preauth]
Jun 25 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28381]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: Failed password for root from 195.178.110.217 port 44062 ssh2
Jun 25 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: Connection closed by 195.178.110.217 port 44062 [preauth]
Jun 25 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Failed password for root from 194.113.233.25 port 47136 ssh2
Jun 25 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Connection closed by 194.113.233.25 port 47136 [preauth]
Jun 25 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28381]: Failed password for invalid user dmdba from 91.92.40.171 port 35182 ssh2
Jun 25 19:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28381]: Connection closed by 91.92.40.171 port 35182 [preauth]
Jun 25 19:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: Failed password for root from 91.92.40.171 port 43266 ssh2
Jun 25 19:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: Connection closed by 91.92.40.171 port 43266 [preauth]
Jun 25 19:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Invalid user frappe from 91.92.40.171
Jun 25 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: input_userauth_request: invalid user frappe [preauth]
Jun 25 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Failed password for invalid user frappe from 91.92.40.171 port 43306 ssh2
Jun 25 19:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Connection closed by 91.92.40.171 port 43306 [preauth]
Jun 25 19:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: Invalid user minecraft from 91.92.40.171
Jun 25 19:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 19:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 19:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: Failed password for invalid user minecraft from 91.92.40.171 port 44550 ssh2
Jun 25 19:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: Connection closed by 91.92.40.171 port 44550 [preauth]
Jun 25 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: Failed password for root from 147.45.199.80 port 45276 ssh2
Jun 25 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28437]: Connection closed by 147.45.199.80 port 45276 [preauth]
Jun 25 19:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28451]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28524]: Successful su for rubyman by root
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28524]: + ??? root:rubyman
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591927 of user rubyman.
Jun 25 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28524]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591927.
Jun 25 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28439]: Failed password for root from 91.92.40.171 port 44614 ssh2
Jun 25 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28439]: Connection closed by 91.92.40.171 port 44614 [preauth]
Jun 25 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session closed for user root
Jun 25 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28452]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Invalid user newuser from 91.92.40.171
Jun 25 19:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: input_userauth_request: invalid user newuser [preauth]
Jun 25 19:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Failed password for invalid user newuser from 91.92.40.171 port 43776 ssh2
Jun 25 19:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Connection closed by 91.92.40.171 port 43776 [preauth]
Jun 25 19:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: Failed password for root from 91.92.40.171 port 43830 ssh2
Jun 25 19:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: Connection closed by 91.92.40.171 port 43830 [preauth]
Jun 25 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Invalid user admin from 91.92.40.171
Jun 25 19:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Failed password for invalid user admin from 91.92.40.171 port 49630 ssh2
Jun 25 19:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Connection closed by 91.92.40.171 port 49630 [preauth]
Jun 25 19:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Invalid user user10 from 91.92.40.171
Jun 25 19:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: input_userauth_request: invalid user user10 [preauth]
Jun 25 19:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Failed password for invalid user user10 from 91.92.40.171 port 49686 ssh2
Jun 25 19:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Connection closed by 91.92.40.171 port 49686 [preauth]
Jun 25 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28870]: Failed password for root from 91.92.40.171 port 55996 ssh2
Jun 25 19:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28870]: Connection closed by 91.92.40.171 port 55996 [preauth]
Jun 25 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27499]: pam_unix(cron:session): session closed for user root
Jun 25 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: Failed password for root from 91.92.40.171 port 44064 ssh2
Jun 25 19:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: Connection closed by 91.92.40.171 port 44064 [preauth]
Jun 25 19:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28924]: Failed password for root from 91.92.40.171 port 44122 ssh2
Jun 25 19:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28924]: Connection closed by 91.92.40.171 port 44122 [preauth]
Jun 25 19:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Invalid user openclaw from 91.92.40.171
Jun 25 19:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 19:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Failed password for invalid user openclaw from 91.92.40.171 port 57172 ssh2
Jun 25 19:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Connection closed by 91.92.40.171 port 57172 [preauth]
Jun 25 19:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: Failed password for root from 91.92.40.171 port 57218 ssh2
Jun 25 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: Connection closed by 91.92.40.171 port 57218 [preauth]
Jun 25 19:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28969]: Invalid user webmaster from 91.92.40.171
Jun 25 19:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28969]: input_userauth_request: invalid user webmaster [preauth]
Jun 25 19:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28969]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28969]: Failed password for invalid user webmaster from 91.92.40.171 port 52756 ssh2
Jun 25 19:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28969]: Connection closed by 91.92.40.171 port 52756 [preauth]
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29049]: Successful su for rubyman by root
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29049]: + ??? root:rubyman
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591930 of user rubyman.
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29049]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591930.
Jun 25 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29084]: Invalid user master from 91.92.40.171
Jun 25 19:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29084]: input_userauth_request: invalid user master [preauth]
Jun 25 19:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29084]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session closed for user root
Jun 25 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29084]: Failed password for invalid user master from 91.92.40.171 port 52772 ssh2
Jun 25 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29084]: Connection closed by 91.92.40.171 port 52772 [preauth]
Jun 25 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28982]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for root from 91.92.40.171 port 38144 ssh2
Jun 25 19:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Connection closed by 91.92.40.171 port 38144 [preauth]
Jun 25 19:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Failed password for root from 195.178.110.217 port 47044 ssh2
Jun 25 19:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Connection closed by 195.178.110.217 port 47044 [preauth]
Jun 25 19:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Failed password for root from 91.92.40.171 port 38180 ssh2
Jun 25 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Connection closed by 91.92.40.171 port 38180 [preauth]
Jun 25 19:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: Failed password for root from 91.92.40.171 port 49562 ssh2
Jun 25 19:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29299]: Connection closed by 91.92.40.171 port 49562 [preauth]
Jun 25 19:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: Invalid user deploy from 91.92.40.171
Jun 25 19:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: Failed password for invalid user deploy from 91.92.40.171 port 42638 ssh2
Jun 25 19:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: Connection closed by 91.92.40.171 port 42638 [preauth]
Jun 25 19:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 19:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: Failed password for invalid user ubuntu from 91.92.40.171 port 42770 ssh2
Jun 25 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Failed password for root from 109.237.96.109 port 41326 ssh2
Jun 25 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: Connection closed by 91.92.40.171 port 42770 [preauth]
Jun 25 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Connection closed by 109.237.96.109 port 41326 [preauth]
Jun 25 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27935]: pam_unix(cron:session): session closed for user root
Jun 25 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Invalid user openclaw from 91.92.40.171
Jun 25 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Failed password for invalid user openclaw from 91.92.40.171 port 33316 ssh2
Jun 25 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Connection closed by 91.92.40.171 port 33316 [preauth]
Jun 25 19:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Invalid user sam from 91.92.40.171
Jun 25 19:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: input_userauth_request: invalid user sam [preauth]
Jun 25 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Failed password for invalid user sam from 91.92.40.171 port 33374 ssh2
Jun 25 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Connection closed by 91.92.40.171 port 33374 [preauth]
Jun 25 19:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Failed password for root from 91.92.40.171 port 60080 ssh2
Jun 25 19:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Connection closed by 91.92.40.171 port 60080 [preauth]
Jun 25 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Invalid user admin from 91.92.40.171
Jun 25 19:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Failed password for invalid user admin from 91.92.40.171 port 60144 ssh2
Jun 25 19:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Connection closed by 91.92.40.171 port 60144 [preauth]
Jun 25 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: Invalid user cloud from 91.92.40.171
Jun 25 19:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: input_userauth_request: invalid user cloud [preauth]
Jun 25 19:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: Failed password for invalid user cloud from 91.92.40.171 port 53742 ssh2
Jun 25 19:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: Connection closed by 91.92.40.171 port 53742 [preauth]
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29432]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29509]: Successful su for rubyman by root
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29509]: + ??? root:rubyman
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591933 of user rubyman.
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29509]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591933.
Jun 25 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Invalid user myuser from 91.92.40.171
Jun 25 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: input_userauth_request: invalid user myuser [preauth]
Jun 25 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26542]: pam_unix(cron:session): session closed for user root
Jun 25 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Failed password for invalid user myuser from 91.92.40.171 port 53786 ssh2
Jun 25 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29433]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Connection closed by 91.92.40.171 port 53786 [preauth]
Jun 25 19:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: Invalid user hamed from 91.92.40.171
Jun 25 19:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: input_userauth_request: invalid user hamed [preauth]
Jun 25 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: Failed password for invalid user hamed from 91.92.40.171 port 39150 ssh2
Jun 25 19:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: Connection closed by 91.92.40.171 port 39150 [preauth]
Jun 25 19:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: Failed password for root from 91.92.40.171 port 39190 ssh2
Jun 25 19:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: Connection closed by 91.92.40.171 port 39190 [preauth]
Jun 25 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Invalid user git from 91.92.40.171
Jun 25 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: input_userauth_request: invalid user git [preauth]
Jun 25 19:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Failed password for invalid user git from 91.92.40.171 port 56324 ssh2
Jun 25 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Connection closed by 91.92.40.171 port 56324 [preauth]
Jun 25 19:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: Invalid user teamspeak from 91.92.40.171
Jun 25 19:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 19:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: Failed password for invalid user teamspeak from 91.92.40.171 port 47072 ssh2
Jun 25 19:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: Connection closed by 91.92.40.171 port 47072 [preauth]
Jun 25 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: Invalid user fred from 91.92.40.171
Jun 25 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: input_userauth_request: invalid user fred [preauth]
Jun 25 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: Failed password for invalid user fred from 91.92.40.171 port 47120 ssh2
Jun 25 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: Connection closed by 91.92.40.171 port 47120 [preauth]
Jun 25 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28454]: pam_unix(cron:session): session closed for user root
Jun 25 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Invalid user deploy from 91.92.40.171
Jun 25 19:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Failed password for invalid user deploy from 91.92.40.171 port 37378 ssh2
Jun 25 19:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Connection closed by 91.92.40.171 port 37378 [preauth]
Jun 25 19:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Invalid user adminuser from 91.92.40.171
Jun 25 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: input_userauth_request: invalid user adminuser [preauth]
Jun 25 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Failed password for root from 195.178.110.217 port 50136 ssh2
Jun 25 19:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Connection closed by 195.178.110.217 port 50136 [preauth]
Jun 25 19:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Failed password for invalid user adminuser from 91.92.40.171 port 37428 ssh2
Jun 25 19:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Connection closed by 91.92.40.171 port 37428 [preauth]
Jun 25 19:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: Invalid user test from 91.92.40.171
Jun 25 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: input_userauth_request: invalid user test [preauth]
Jun 25 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: Failed password for invalid user test from 91.92.40.171 port 57384 ssh2
Jun 25 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: Connection closed by 91.92.40.171 port 57384 [preauth]
Jun 25 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Invalid user prefect from 91.92.40.171
Jun 25 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: input_userauth_request: invalid user prefect [preauth]
Jun 25 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Failed password for invalid user prefect from 91.92.40.171 port 57434 ssh2
Jun 25 19:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Connection closed by 91.92.40.171 port 57434 [preauth]
Jun 25 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: Invalid user master from 91.92.40.171
Jun 25 19:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: input_userauth_request: invalid user master [preauth]
Jun 25 19:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: Failed password for invalid user master from 91.92.40.171 port 39144 ssh2
Jun 25 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: Connection closed by 91.92.40.171 port 39144 [preauth]
Jun 25 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30003]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: Successful su for rubyman by root
Jun 25 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: + ??? root:rubyman
Jun 25 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591937 of user rubyman.
Jun 25 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591937.
Jun 25 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30001]: pam_unix(cron:session): session closed for user root
Jun 25 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session closed for user root
Jun 25 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: Failed password for root from 91.92.40.171 port 39226 ssh2
Jun 25 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30195]: Connection closed by 91.92.40.171 port 39226 [preauth]
Jun 25 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30004]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: Failed password for root from 91.92.40.171 port 55298 ssh2
Jun 25 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30363]: Connection closed by 91.92.40.171 port 55298 [preauth]
Jun 25 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: Invalid user app from 91.92.40.171
Jun 25 19:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: input_userauth_request: invalid user app [preauth]
Jun 25 19:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: Failed password for invalid user app from 91.92.40.171 port 55446 ssh2
Jun 25 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: Connection closed by 91.92.40.171 port 55446 [preauth]
Jun 25 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30395]: Failed password for root from 91.92.40.171 port 58192 ssh2
Jun 25 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30395]: Connection closed by 91.92.40.171 port 58192 [preauth]
Jun 25 19:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Invalid user minecraft from 91.92.40.171
Jun 25 19:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 19:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Failed password for invalid user minecraft from 91.92.40.171 port 51034 ssh2
Jun 25 19:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Connection closed by 91.92.40.171 port 51034 [preauth]
Jun 25 19:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Failed password for invalid user ubuntu from 91.92.40.171 port 51104 ssh2
Jun 25 19:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Connection closed by 91.92.40.171 port 51104 [preauth]
Jun 25 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28985]: pam_unix(cron:session): session closed for user root
Jun 25 19:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: Invalid user guest from 91.92.40.171
Jun 25 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: input_userauth_request: invalid user guest [preauth]
Jun 25 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: Failed password for invalid user guest from 91.92.40.171 port 49394 ssh2
Jun 25 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30461]: Connection closed by 91.92.40.171 port 49394 [preauth]
Jun 25 19:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: Invalid user jellyfin from 91.92.40.171
Jun 25 19:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 19:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: Failed password for invalid user jellyfin from 91.92.40.171 port 49442 ssh2
Jun 25 19:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: Connection closed by 91.92.40.171 port 49442 [preauth]
Jun 25 19:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: Invalid user runner from 91.92.40.171
Jun 25 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: input_userauth_request: invalid user runner [preauth]
Jun 25 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: Failed password for invalid user runner from 91.92.40.171 port 43298 ssh2
Jun 25 19:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: Connection closed by 91.92.40.171 port 43298 [preauth]
Jun 25 19:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: Invalid user administrator from 91.92.40.171
Jun 25 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: input_userauth_request: invalid user administrator [preauth]
Jun 25 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: Failed password for invalid user administrator from 91.92.40.171 port 43336 ssh2
Jun 25 19:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30509]: Connection closed by 91.92.40.171 port 43336 [preauth]
Jun 25 19:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: Invalid user docker from 91.92.40.171
Jun 25 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: input_userauth_request: invalid user docker [preauth]
Jun 25 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: Failed password for invalid user docker from 91.92.40.171 port 33656 ssh2
Jun 25 19:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: Connection closed by 91.92.40.171 port 33656 [preauth]
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30542]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30543]: pam_unix(cron:session): session closed for user root
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30623]: Successful su for rubyman by root
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30623]: + ??? root:rubyman
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591944 of user rubyman.
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30623]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591944.
Jun 25 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: Failed password for root from 91.92.40.171 port 33702 ssh2
Jun 25 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30538]: pam_unix(cron:session): session closed for user root
Jun 25 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: Connection closed by 91.92.40.171 port 33702 [preauth]
Jun 25 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27498]: pam_unix(cron:session): session closed for user root
Jun 25 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30537]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: Invalid user operator from 91.92.40.171
Jun 25 19:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: input_userauth_request: invalid user operator [preauth]
Jun 25 19:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: Failed password for invalid user operator from 91.92.40.171 port 59592 ssh2
Jun 25 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30821]: Connection closed by 91.92.40.171 port 59592 [preauth]
Jun 25 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Invalid user vpn from 91.92.40.171
Jun 25 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: input_userauth_request: invalid user vpn [preauth]
Jun 25 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Failed password for root from 195.178.110.217 port 53120 ssh2
Jun 25 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Connection closed by 195.178.110.217 port 53120 [preauth]
Jun 25 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Failed password for invalid user vpn from 91.92.40.171 port 59664 ssh2
Jun 25 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Connection closed by 91.92.40.171 port 59664 [preauth]
Jun 25 19:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Invalid user appuser from 91.92.40.171
Jun 25 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: input_userauth_request: invalid user appuser [preauth]
Jun 25 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Failed password for invalid user appuser from 91.92.40.171 port 57764 ssh2
Jun 25 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Connection closed by 91.92.40.171 port 57764 [preauth]
Jun 25 19:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Failed password for invalid user ubuntu from 91.92.40.171 port 57870 ssh2
Jun 25 19:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Connection closed by 91.92.40.171 port 57870 [preauth]
Jun 25 19:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Invalid user bob from 91.92.40.171
Jun 25 19:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: input_userauth_request: invalid user bob [preauth]
Jun 25 19:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Failed password for invalid user bob from 91.92.40.171 port 57250 ssh2
Jun 25 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Connection closed by 91.92.40.171 port 57250 [preauth]
Jun 25 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: Received disconnect from 212.192.240.10 port 47906:11: disconnected by user [preauth]
Jun 25 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: Disconnected from 212.192.240.10 port 47906 [preauth]
Jun 25 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session closed for user root
Jun 25 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Invalid user user from 91.92.40.171
Jun 25 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: input_userauth_request: invalid user user [preauth]
Jun 25 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Failed password for invalid user user from 91.92.40.171 port 57314 ssh2
Jun 25 19:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Connection closed by 91.92.40.171 port 57314 [preauth]
Jun 25 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: Invalid user teamspeak from 91.92.40.171
Jun 25 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 19:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: Failed password for invalid user teamspeak from 91.92.40.171 port 58828 ssh2
Jun 25 19:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: Connection closed by 91.92.40.171 port 58828 [preauth]
Jun 25 19:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: Invalid user sonar from 91.92.40.171
Jun 25 19:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: input_userauth_request: invalid user sonar [preauth]
Jun 25 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: Failed password for invalid user sonar from 91.92.40.171 port 35592 ssh2
Jun 25 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: Connection closed by 91.92.40.171 port 35592 [preauth]
Jun 25 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: Invalid user usuario from 91.92.40.171
Jun 25 19:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: input_userauth_request: invalid user usuario [preauth]
Jun 25 19:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: Failed password for invalid user usuario from 91.92.40.171 port 35698 ssh2
Jun 25 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: Connection closed by 91.92.40.171 port 35698 [preauth]
Jun 25 19:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Invalid user deploy from 91.92.40.171
Jun 25 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Failed password for invalid user deploy from 91.92.40.171 port 45108 ssh2
Jun 25 19:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Connection closed by 91.92.40.171 port 45108 [preauth]
Jun 25 19:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: Invalid user playground from 91.92.40.171
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: input_userauth_request: invalid user playground [preauth]
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31105]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31172]: Successful su for rubyman by root
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31172]: + ??? root:rubyman
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591948 of user rubyman.
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31172]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591948.
Jun 25 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: Failed password for invalid user playground from 91.92.40.171 port 45146 ssh2
Jun 25 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: Connection closed by 91.92.40.171 port 45146 [preauth]
Jun 25 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27934]: pam_unix(cron:session): session closed for user root
Jun 25 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31106]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Invalid user administrator from 91.92.40.171
Jun 25 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: input_userauth_request: invalid user administrator [preauth]
Jun 25 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Failed password for invalid user administrator from 91.92.40.171 port 44130 ssh2
Jun 25 19:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Connection closed by 91.92.40.171 port 44130 [preauth]
Jun 25 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Invalid user test from 91.92.40.171
Jun 25 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: input_userauth_request: invalid user test [preauth]
Jun 25 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Failed password for invalid user test from 91.92.40.171 port 44198 ssh2
Jun 25 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Connection closed by 91.92.40.171 port 44198 [preauth]
Jun 25 19:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Invalid user ftpuser from 91.92.40.171
Jun 25 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Failed password for invalid user ftpuser from 91.92.40.171 port 46818 ssh2
Jun 25 19:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Connection closed by 91.92.40.171 port 46818 [preauth]
Jun 25 19:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: Failed password for root from 91.92.40.171 port 46906 ssh2
Jun 25 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: Connection closed by 91.92.40.171 port 46906 [preauth]
Jun 25 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31428]: Invalid user plex from 91.92.40.171
Jun 25 19:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31428]: input_userauth_request: invalid user plex [preauth]
Jun 25 19:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31428]: Failed password for invalid user plex from 91.92.40.171 port 44496 ssh2
Jun 25 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31428]: Connection closed by 91.92.40.171 port 44496 [preauth]
Jun 25 19:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: Invalid user steam from 91.92.40.171
Jun 25 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: input_userauth_request: invalid user steam [preauth]
Jun 25 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30007]: pam_unix(cron:session): session closed for user root
Jun 25 19:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: Failed password for invalid user steam from 91.92.40.171 port 44532 ssh2
Jun 25 19:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: Connection closed by 91.92.40.171 port 44532 [preauth]
Jun 25 19:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: Failed password for root from 91.92.40.171 port 58876 ssh2
Jun 25 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: Connection closed by 91.92.40.171 port 58876 [preauth]
Jun 25 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: Invalid user user2 from 91.92.40.171
Jun 25 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: input_userauth_request: invalid user user2 [preauth]
Jun 25 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: Failed password for invalid user user2 from 91.92.40.171 port 58958 ssh2
Jun 25 19:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: Connection closed by 91.92.40.171 port 58958 [preauth]
Jun 25 19:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: Failed password for root from 195.178.110.217 port 56072 ssh2
Jun 25 19:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: Connection closed by 195.178.110.217 port 56072 [preauth]
Jun 25 19:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: Invalid user operator from 91.92.40.171
Jun 25 19:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: input_userauth_request: invalid user operator [preauth]
Jun 25 19:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: Failed password for invalid user operator from 91.92.40.171 port 51676 ssh2
Jun 25 19:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: Connection closed by 91.92.40.171 port 51676 [preauth]
Jun 25 19:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: Invalid user splunk from 91.92.40.171
Jun 25 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: input_userauth_request: invalid user splunk [preauth]
Jun 25 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: Failed password for invalid user splunk from 91.92.40.171 port 39790 ssh2
Jun 25 19:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: Connection closed by 91.92.40.171 port 39790 [preauth]
Jun 25 19:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: Invalid user minecraft from 91.92.40.171
Jun 25 19:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 19:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31552]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31701]: Successful su for rubyman by root
Jun 25 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31701]: + ??? root:rubyman
Jun 25 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591953 of user rubyman.
Jun 25 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31701]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591953.
Jun 25 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: Failed password for invalid user minecraft from 91.92.40.171 port 39826 ssh2
Jun 25 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: Connection closed by 91.92.40.171 port 39826 [preauth]
Jun 25 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28453]: pam_unix(cron:session): session closed for user root
Jun 25 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Invalid user erp from 91.92.40.171
Jun 25 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: input_userauth_request: invalid user erp [preauth]
Jun 25 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31554]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Failed password for invalid user erp from 91.92.40.171 port 55326 ssh2
Jun 25 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Connection closed by 91.92.40.171 port 55326 [preauth]
Jun 25 19:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Invalid user oracle from 91.92.40.171
Jun 25 19:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: input_userauth_request: invalid user oracle [preauth]
Jun 25 19:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Failed password for invalid user oracle from 91.92.40.171 port 55338 ssh2
Jun 25 19:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Connection closed by 91.92.40.171 port 55338 [preauth]
Jun 25 19:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: Invalid user rancher from 91.92.40.171
Jun 25 19:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: input_userauth_request: invalid user rancher [preauth]
Jun 25 19:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: Failed password for invalid user rancher from 91.92.40.171 port 47476 ssh2
Jun 25 19:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: Connection closed by 91.92.40.171 port 47476 [preauth]
Jun 25 19:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: Invalid user testuser from 91.92.40.171
Jun 25 19:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: input_userauth_request: invalid user testuser [preauth]
Jun 25 19:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: Failed password for invalid user testuser from 91.92.40.171 port 47572 ssh2
Jun 25 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: Connection closed by 91.92.40.171 port 47572 [preauth]
Jun 25 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: Invalid user bot from 91.92.40.171
Jun 25 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: input_userauth_request: invalid user bot [preauth]
Jun 25 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: Failed password for invalid user bot from 91.92.40.171 port 55298 ssh2
Jun 25 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31955]: Connection closed by 91.92.40.171 port 55298 [preauth]
Jun 25 19:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: Invalid user prem from 91.92.40.171
Jun 25 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: input_userauth_request: invalid user prem [preauth]
Jun 25 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: Did not receive identification string from 77.90.185.16
Jun 25 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30542]: pam_unix(cron:session): session closed for user root
Jun 25 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: Failed password for invalid user prem from 91.92.40.171 port 55378 ssh2
Jun 25 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: Connection closed by 91.92.40.171 port 55378 [preauth]
Jun 25 19:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: Failed password for root from 91.92.40.171 port 33810 ssh2
Jun 25 19:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: Connection closed by 91.92.40.171 port 33810 [preauth]
Jun 25 19:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32017]: Invalid user support from 91.92.40.171
Jun 25 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32017]: input_userauth_request: invalid user support [preauth]
Jun 25 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32017]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32017]: Failed password for invalid user support from 91.92.40.171 port 33838 ssh2
Jun 25 19:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32017]: Connection closed by 91.92.40.171 port 33838 [preauth]
Jun 25 19:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Invalid user amin from 91.92.40.171
Jun 25 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: input_userauth_request: invalid user amin [preauth]
Jun 25 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Failed password for invalid user amin from 91.92.40.171 port 36138 ssh2
Jun 25 19:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Connection closed by 91.92.40.171 port 36138 [preauth]
Jun 25 19:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: Invalid user fastuser from 91.92.40.171
Jun 25 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: Failed password for invalid user fastuser from 91.92.40.171 port 36182 ssh2
Jun 25 19:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: Connection closed by 91.92.40.171 port 36182 [preauth]
Jun 25 19:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Invalid user tactical from 91.92.40.171
Jun 25 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: input_userauth_request: invalid user tactical [preauth]
Jun 25 19:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Failed password for invalid user tactical from 91.92.40.171 port 54170 ssh2
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32079]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32141]: Successful su for rubyman by root
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32141]: + ??? root:rubyman
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591956 of user rubyman.
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32141]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591956.
Jun 25 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Connection closed by 91.92.40.171 port 54170 [preauth]
Jun 25 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: Invalid user dspace from 91.92.40.171
Jun 25 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: input_userauth_request: invalid user dspace [preauth]
Jun 25 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28983]: pam_unix(cron:session): session closed for user root
Jun 25 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: Failed password for invalid user dspace from 91.92.40.171 port 54258 ssh2
Jun 25 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32208]: Connection closed by 91.92.40.171 port 54258 [preauth]
Jun 25 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32080]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Invalid user steam from 91.92.40.171
Jun 25 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: input_userauth_request: invalid user steam [preauth]
Jun 25 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Failed password for invalid user steam from 91.92.40.171 port 35238 ssh2
Jun 25 19:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Connection closed by 91.92.40.171 port 35238 [preauth]
Jun 25 19:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: Invalid user fivem from 91.92.40.171
Jun 25 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: input_userauth_request: invalid user fivem [preauth]
Jun 25 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: Failed password for invalid user fivem from 91.92.40.171 port 57508 ssh2
Jun 25 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32338]: Connection closed by 91.92.40.171 port 57508 [preauth]
Jun 25 19:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32329]: Failed password for root from 195.178.110.217 port 59142 ssh2
Jun 25 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32329]: Connection closed by 195.178.110.217 port 59142 [preauth]
Jun 25 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: User john from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: input_userauth_request: invalid user john [preauth]
Jun 25 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=john
Jun 25 19:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Failed password for invalid user john from 91.92.40.171 port 57516 ssh2
Jun 25 19:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Connection closed by 91.92.40.171 port 57516 [preauth]
Jun 25 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: Invalid user potok from 91.92.40.171
Jun 25 19:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: input_userauth_request: invalid user potok [preauth]
Jun 25 19:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: Failed password for invalid user potok from 91.92.40.171 port 58722 ssh2
Jun 25 19:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: Connection closed by 91.92.40.171 port 58722 [preauth]
Jun 25 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: Invalid user ducc0x from 91.92.40.171
Jun 25 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: input_userauth_request: invalid user ducc0x [preauth]
Jun 25 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: Failed password for invalid user ducc0x from 91.92.40.171 port 58730 ssh2
Jun 25 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: Connection closed by 91.92.40.171 port 58730 [preauth]
Jun 25 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session closed for user root
Jun 25 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: Invalid user myuser from 91.92.40.171
Jun 25 19:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: input_userauth_request: invalid user myuser [preauth]
Jun 25 19:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: Failed password for invalid user myuser from 91.92.40.171 port 39112 ssh2
Jun 25 19:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: Connection closed by 91.92.40.171 port 39112 [preauth]
Jun 25 19:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: Failed password for root from 91.92.40.171 port 39234 ssh2
Jun 25 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: Connection closed by 91.92.40.171 port 39234 [preauth]
Jun 25 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Failed password for root from 91.92.40.171 port 52146 ssh2
Jun 25 19:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Connection closed by 91.92.40.171 port 52146 [preauth]
Jun 25 19:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: Failed password for root from 91.92.40.171 port 52194 ssh2
Jun 25 19:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: Connection closed by 91.92.40.171 port 52194 [preauth]
Jun 25 19:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Failed password for root from 91.92.40.171 port 54160 ssh2
Jun 25 19:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Connection closed by 91.92.40.171 port 54160 [preauth]
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32506]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32567]: Successful su for rubyman by root
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32567]: + ??? root:rubyman
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591960 of user rubyman.
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32567]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591960.
Jun 25 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Failed password for root from 91.92.40.171 port 54226 ssh2
Jun 25 19:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Connection closed by 91.92.40.171 port 54226 [preauth]
Jun 25 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29434]: pam_unix(cron:session): session closed for user root
Jun 25 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32507]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: Invalid user claude from 91.92.40.171
Jun 25 19:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: input_userauth_request: invalid user claude [preauth]
Jun 25 19:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: Failed password for invalid user claude from 91.92.40.171 port 35938 ssh2
Jun 25 19:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: Connection closed by 91.92.40.171 port 35938 [preauth]
Jun 25 19:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Invalid user admin from 91.92.40.171
Jun 25 19:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Failed password for invalid user admin from 91.92.40.171 port 35974 ssh2
Jun 25 19:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Connection closed by 91.92.40.171 port 35974 [preauth]
Jun 25 19:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: Invalid user runner from 91.92.40.171
Jun 25 19:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: input_userauth_request: invalid user runner [preauth]
Jun 25 19:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: Failed password for invalid user runner from 91.92.40.171 port 51864 ssh2
Jun 25 19:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[325]: Connection closed by 91.92.40.171 port 51864 [preauth]
Jun 25 19:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: Invalid user openclaw from 91.92.40.171
Jun 25 19:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 19:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: Failed password for invalid user openclaw from 91.92.40.171 port 51878 ssh2
Jun 25 19:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[340]: Connection closed by 91.92.40.171 port 51878 [preauth]
Jun 25 19:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: Invalid user systemd from 91.92.40.171
Jun 25 19:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: input_userauth_request: invalid user systemd [preauth]
Jun 25 19:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: Failed password for invalid user systemd from 91.92.40.171 port 53274 ssh2
Jun 25 19:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[365]: Connection closed by 91.92.40.171 port 53274 [preauth]
Jun 25 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31556]: pam_unix(cron:session): session closed for user root
Jun 25 19:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Failed password for root from 91.92.40.171 port 53334 ssh2
Jun 25 19:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Connection closed by 91.92.40.171 port 53334 [preauth]
Jun 25 19:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: Invalid user sam from 91.92.40.171
Jun 25 19:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: input_userauth_request: invalid user sam [preauth]
Jun 25 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: Failed password for invalid user sam from 91.92.40.171 port 38768 ssh2
Jun 25 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: Connection closed by 91.92.40.171 port 38768 [preauth]
Jun 25 19:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: Invalid user tom from 91.92.40.171
Jun 25 19:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: input_userauth_request: invalid user tom [preauth]
Jun 25 19:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: Failed password for invalid user tom from 91.92.40.171 port 38824 ssh2
Jun 25 19:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: Connection closed by 91.92.40.171 port 38824 [preauth]
Jun 25 19:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: Invalid user jenkins from 91.92.40.171
Jun 25 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: Failed password for invalid user jenkins from 91.92.40.171 port 35110 ssh2
Jun 25 19:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: Connection closed by 91.92.40.171 port 35110 [preauth]
Jun 25 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Failed password for root from 195.178.110.217 port 33974 ssh2
Jun 25 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Connection closed by 195.178.110.217 port 33974 [preauth]
Jun 25 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[597]: Failed password for root from 91.92.40.171 port 34418 ssh2
Jun 25 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[597]: Connection closed by 91.92.40.171 port 34418 [preauth]
Jun 25 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session closed for user root
Jun 25 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[620]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: Successful su for rubyman by root
Jun 25 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: + ??? root:rubyman
Jun 25 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591965 of user rubyman.
Jun 25 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591965.
Jun 25 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: Failed password for root from 91.92.40.171 port 34506 ssh2
Jun 25 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: Connection closed by 91.92.40.171 port 34506 [preauth]
Jun 25 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session closed for user root
Jun 25 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session closed for user root
Jun 25 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: Invalid user trinity from 91.92.40.171
Jun 25 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: input_userauth_request: invalid user trinity [preauth]
Jun 25 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[621]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: Failed password for invalid user trinity from 91.92.40.171 port 35894 ssh2
Jun 25 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[844]: Connection closed by 91.92.40.171 port 35894 [preauth]
Jun 25 19:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: Invalid user newuser from 91.92.40.171
Jun 25 19:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: input_userauth_request: invalid user newuser [preauth]
Jun 25 19:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: Failed password for invalid user newuser from 91.92.40.171 port 35956 ssh2
Jun 25 19:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[920]: Connection closed by 91.92.40.171 port 35956 [preauth]
Jun 25 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[946]: Invalid user student from 91.92.40.171
Jun 25 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[946]: input_userauth_request: invalid user student [preauth]
Jun 25 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[946]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[946]: Failed password for invalid user student from 91.92.40.171 port 59018 ssh2
Jun 25 19:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[946]: Connection closed by 91.92.40.171 port 59018 [preauth]
Jun 25 19:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[959]: Invalid user pi from 91.92.40.171
Jun 25 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[959]: input_userauth_request: invalid user pi [preauth]
Jun 25 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[959]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[959]: Failed password for invalid user pi from 91.92.40.171 port 59064 ssh2
Jun 25 19:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[959]: Connection closed by 91.92.40.171 port 59064 [preauth]
Jun 25 19:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Invalid user media from 91.92.40.171
Jun 25 19:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: input_userauth_request: invalid user media [preauth]
Jun 25 19:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Failed password for invalid user media from 91.92.40.171 port 54478 ssh2
Jun 25 19:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Connection closed by 91.92.40.171 port 54478 [preauth]
Jun 25 19:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Invalid user term2 from 91.92.40.171
Jun 25 19:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: input_userauth_request: invalid user term2 [preauth]
Jun 25 19:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32082]: pam_unix(cron:session): session closed for user root
Jun 25 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user term2 from 91.92.40.171 port 54518 ssh2
Jun 25 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Connection closed by 91.92.40.171 port 54518 [preauth]
Jun 25 19:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Invalid user david from 91.92.40.171
Jun 25 19:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: input_userauth_request: invalid user david [preauth]
Jun 25 19:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Failed password for invalid user david from 91.92.40.171 port 36022 ssh2
Jun 25 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Connection closed by 91.92.40.171 port 36022 [preauth]
Jun 25 19:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: Invalid user worker from 91.92.40.171
Jun 25 19:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: input_userauth_request: invalid user worker [preauth]
Jun 25 19:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: Failed password for invalid user worker from 91.92.40.171 port 36090 ssh2
Jun 25 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: Connection closed by 91.92.40.171 port 36090 [preauth]
Jun 25 19:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1090]: Failed password for root from 91.92.40.171 port 41980 ssh2
Jun 25 19:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1090]: Connection closed by 91.92.40.171 port 41980 [preauth]
Jun 25 19:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: Failed password for invalid user ubuntu from 91.92.40.171 port 42022 ssh2
Jun 25 19:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: Connection closed by 91.92.40.171 port 42022 [preauth]
Jun 25 19:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: Invalid user user from 91.92.40.171
Jun 25 19:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: input_userauth_request: invalid user user [preauth]
Jun 25 19:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: Failed password for invalid user user from 91.92.40.171 port 49558 ssh2
Jun 25 19:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: Connection closed by 91.92.40.171 port 49558 [preauth]
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1134]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1131]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1201]: Successful su for rubyman by root
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1201]: + ??? root:rubyman
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591971 of user rubyman.
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1201]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591971.
Jun 25 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30539]: pam_unix(cron:session): session closed for user root
Jun 25 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Failed password for root from 91.92.40.171 port 49608 ssh2
Jun 25 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1132]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Connection closed by 91.92.40.171 port 49608 [preauth]
Jun 25 19:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Invalid user guest from 91.92.40.171
Jun 25 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: input_userauth_request: invalid user guest [preauth]
Jun 25 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Failed password for invalid user guest from 91.92.40.171 port 35396 ssh2
Jun 25 19:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Connection closed by 91.92.40.171 port 35396 [preauth]
Jun 25 19:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: Invalid user user from 91.92.40.171
Jun 25 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: input_userauth_request: invalid user user [preauth]
Jun 25 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: Failed password for invalid user user from 91.92.40.171 port 43348 ssh2
Jun 25 19:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1463]: Connection closed by 91.92.40.171 port 43348 [preauth]
Jun 25 19:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: Failed password for root from 91.92.40.171 port 43430 ssh2
Jun 25 19:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: Connection closed by 91.92.40.171 port 43430 [preauth]
Jun 25 19:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 25 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Failed password for root from 195.178.110.217 port 36986 ssh2
Jun 25 19:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Connection closed by 195.178.110.217 port 36986 [preauth]
Jun 25 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: Failed password for root from 91.92.40.171 port 43426 ssh2
Jun 25 19:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: Connection closed by 91.92.40.171 port 43426 [preauth]
Jun 25 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Failed password for root from 91.92.40.171 port 43490 ssh2
Jun 25 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32509]: pam_unix(cron:session): session closed for user root
Jun 25 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Connection closed by 91.92.40.171 port 43490 [preauth]
Jun 25 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Failed password for root from 91.92.40.171 port 53250 ssh2
Jun 25 19:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Connection closed by 91.92.40.171 port 53250 [preauth]
Jun 25 19:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: Invalid user user4 from 91.92.40.171
Jun 25 19:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: input_userauth_request: invalid user user4 [preauth]
Jun 25 19:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: Failed password for invalid user user4 from 91.92.40.171 port 53318 ssh2
Jun 25 19:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: Connection closed by 91.92.40.171 port 53318 [preauth]
Jun 25 19:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Invalid user testuser from 91.92.40.171
Jun 25 19:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: input_userauth_request: invalid user testuser [preauth]
Jun 25 19:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Failed password for invalid user testuser from 91.92.40.171 port 41814 ssh2
Jun 25 19:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Connection closed by 91.92.40.171 port 41814 [preauth]
Jun 25 19:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 19:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Failed password for root from 103.149.28.157 port 38410 ssh2
Jun 25 19:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Connection closed by 103.149.28.157 port 38410 [preauth]
Jun 25 19:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: Failed password for root from 91.92.40.171 port 41862 ssh2
Jun 25 19:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: Connection closed by 91.92.40.171 port 41862 [preauth]
Jun 25 19:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: Failed password for root from 91.92.40.171 port 51544 ssh2
Jun 25 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: Connection closed by 91.92.40.171 port 51544 [preauth]
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session closed for user root
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1787]: Successful su for rubyman by root
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1787]: + ??? root:rubyman
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591974 of user rubyman.
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1787]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591974.
Jun 25 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session closed for user root
Jun 25 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: Failed password for root from 91.92.40.171 port 51594 ssh2
Jun 25 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: Connection closed by 91.92.40.171 port 51594 [preauth]
Jun 25 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1709]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Invalid user gabriel from 91.92.40.171
Jun 25 19:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Failed password for invalid user gabriel from 91.92.40.171 port 54900 ssh2
Jun 25 19:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Connection closed by 91.92.40.171 port 54900 [preauth]
Jun 25 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2026]: Failed password for root from 91.92.40.171 port 54946 ssh2
Jun 25 19:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2026]: Connection closed by 91.92.40.171 port 54946 [preauth]
Jun 25 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: Invalid user fastuser from 91.92.40.171
Jun 25 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 19:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: Failed password for invalid user fastuser from 91.92.40.171 port 47308 ssh2
Jun 25 19:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2078]: Failed password for root from 103.27.238.116 port 36292 ssh2
Jun 25 19:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2067]: Connection closed by 91.92.40.171 port 47308 [preauth]
Jun 25 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2078]: Connection closed by 103.27.238.116 port 36292 [preauth]
Jun 25 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Invalid user nexus from 91.92.40.171
Jun 25 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: input_userauth_request: invalid user nexus [preauth]
Jun 25 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Failed password for invalid user nexus from 91.92.40.171 port 34868 ssh2
Jun 25 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Connection closed by 91.92.40.171 port 34868 [preauth]
Jun 25 19:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: Failed password for invalid user ubuntu from 91.92.40.171 port 34958 ssh2
Jun 25 19:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: Connection closed by 91.92.40.171 port 34958 [preauth]
Jun 25 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session closed for user root
Jun 25 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Invalid user gitlab-runner from 91.92.40.171
Jun 25 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 19:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Failed password for invalid user gitlab-runner from 91.92.40.171 port 42142 ssh2
Jun 25 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Connection closed by 91.92.40.171 port 42142 [preauth]
Jun 25 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: Invalid user ansible from 91.92.40.171
Jun 25 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: input_userauth_request: invalid user ansible [preauth]
Jun 25 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: Failed password for invalid user ansible from 91.92.40.171 port 42196 ssh2
Jun 25 19:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2164]: Connection closed by 91.92.40.171 port 42196 [preauth]
Jun 25 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: User ftp from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: input_userauth_request: invalid user ftp [preauth]
Jun 25 19:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=ftp
Jun 25 19:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Failed password for invalid user ftp from 91.92.40.171 port 51918 ssh2
Jun 25 19:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Connection closed by 91.92.40.171 port 51918 [preauth]
Jun 25 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: Invalid user test from 91.92.40.171
Jun 25 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: input_userauth_request: invalid user test [preauth]
Jun 25 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: Failed password for invalid user test from 91.92.40.171 port 51974 ssh2
Jun 25 19:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: Connection closed by 91.92.40.171 port 51974 [preauth]
Jun 25 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: Invalid user admin from 195.178.110.217
Jun 25 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2222]: Invalid user demo from 91.92.40.171
Jun 25 19:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2222]: input_userauth_request: invalid user demo [preauth]
Jun 25 19:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: Failed password for invalid user admin from 195.178.110.217 port 40036 ssh2
Jun 25 19:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: Connection closed by 195.178.110.217 port 40036 [preauth]
Jun 25 19:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2222]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2222]: Failed password for invalid user demo from 91.92.40.171 port 41166 ssh2
Jun 25 19:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2222]: Connection closed by 91.92.40.171 port 41166 [preauth]
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2234]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2298]: Successful su for rubyman by root
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2298]: + ??? root:rubyman
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591980 of user rubyman.
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2298]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591980.
Jun 25 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31555]: pam_unix(cron:session): session closed for user root
Jun 25 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Failed password for root from 91.92.40.171 port 41248 ssh2
Jun 25 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Connection closed by 91.92.40.171 port 41248 [preauth]
Jun 25 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2235]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Failed password for root from 91.92.40.171 port 36908 ssh2
Jun 25 19:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Connection closed by 91.92.40.171 port 36908 [preauth]
Jun 25 19:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2501]: Invalid user arthur from 91.92.40.171
Jun 25 19:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2501]: input_userauth_request: invalid user arthur [preauth]
Jun 25 19:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2501]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2501]: Failed password for invalid user arthur from 91.92.40.171 port 36950 ssh2
Jun 25 19:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2501]: Connection closed by 91.92.40.171 port 36950 [preauth]
Jun 25 19:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: Invalid user stack from 91.92.40.171
Jun 25 19:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: input_userauth_request: invalid user stack [preauth]
Jun 25 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: Failed password for invalid user stack from 91.92.40.171 port 47288 ssh2
Jun 25 19:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: Connection closed by 91.92.40.171 port 47288 [preauth]
Jun 25 19:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: Failed password for root from 91.92.40.171 port 47400 ssh2
Jun 25 19:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: Connection closed by 91.92.40.171 port 47400 [preauth]
Jun 25 19:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Invalid user gabriel from 91.92.40.171
Jun 25 19:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 19:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Failed password for invalid user gabriel from 91.92.40.171 port 53268 ssh2
Jun 25 19:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Connection closed by 91.92.40.171 port 53268 [preauth]
Jun 25 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1134]: pam_unix(cron:session): session closed for user root
Jun 25 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Invalid user dev from 91.92.40.171
Jun 25 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: input_userauth_request: invalid user dev [preauth]
Jun 25 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Failed password for invalid user dev from 91.92.40.171 port 56320 ssh2
Jun 25 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Connection closed by 91.92.40.171 port 56320 [preauth]
Jun 25 19:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: Invalid user support from 91.92.40.171
Jun 25 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: input_userauth_request: invalid user support [preauth]
Jun 25 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: Failed password for invalid user support from 91.92.40.171 port 56342 ssh2
Jun 25 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: Connection closed by 91.92.40.171 port 56342 [preauth]
Jun 25 19:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: Invalid user cloud from 91.92.40.171
Jun 25 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: input_userauth_request: invalid user cloud [preauth]
Jun 25 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: Failed password for invalid user cloud from 91.92.40.171 port 52080 ssh2
Jun 25 19:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: Connection closed by 91.92.40.171 port 52080 [preauth]
Jun 25 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: Invalid user odoo16 from 91.92.40.171
Jun 25 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: input_userauth_request: invalid user odoo16 [preauth]
Jun 25 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: Failed password for invalid user odoo16 from 91.92.40.171 port 52100 ssh2
Jun 25 19:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: Connection closed by 91.92.40.171 port 52100 [preauth]
Jun 25 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Invalid user runner from 91.92.40.171
Jun 25 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: input_userauth_request: invalid user runner [preauth]
Jun 25 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Failed password for invalid user runner from 91.92.40.171 port 41830 ssh2
Jun 25 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Connection closed by 91.92.40.171 port 41830 [preauth]
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2676]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2743]: Successful su for rubyman by root
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2743]: + ??? root:rubyman
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591983 of user rubyman.
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2743]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591983.
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Invalid user oscar from 91.92.40.171
Jun 25 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: input_userauth_request: invalid user oscar [preauth]
Jun 25 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for invalid user oscar from 91.92.40.171 port 41856 ssh2
Jun 25 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Connection closed by 91.92.40.171 port 41856 [preauth]
Jun 25 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32081]: pam_unix(cron:session): session closed for user root
Jun 25 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2677]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Failed password for root from 91.92.40.171 port 55058 ssh2
Jun 25 19:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2929]: Connection closed by 91.92.40.171 port 55058 [preauth]
Jun 25 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Failed password for root from 91.92.40.171 port 55114 ssh2
Jun 25 19:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Connection closed by 91.92.40.171 port 55114 [preauth]
Jun 25 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Invalid user deployer from 91.92.40.171
Jun 25 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: input_userauth_request: invalid user deployer [preauth]
Jun 25 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Failed password for invalid user deployer from 91.92.40.171 port 35252 ssh2
Jun 25 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Connection closed by 91.92.40.171 port 35252 [preauth]
Jun 25 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: Invalid user student from 91.92.40.171
Jun 25 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: input_userauth_request: invalid user student [preauth]
Jun 25 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: Invalid user admin from 195.178.110.217
Jun 25 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: Failed password for invalid user student from 91.92.40.171 port 35310 ssh2
Jun 25 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2975]: Connection closed by 91.92.40.171 port 35310 [preauth]
Jun 25 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: Failed password for invalid user admin from 195.178.110.217 port 43090 ssh2
Jun 25 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2964]: Connection closed by 195.178.110.217 port 43090 [preauth]
Jun 25 19:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Failed password for root from 91.92.40.171 port 49470 ssh2
Jun 25 19:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Connection closed by 91.92.40.171 port 49470 [preauth]
Jun 25 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session closed for user root
Jun 25 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Invalid user admin1 from 91.92.40.171
Jun 25 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Failed password for invalid user admin1 from 91.92.40.171 port 49492 ssh2
Jun 25 19:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Connection closed by 91.92.40.171 port 49492 [preauth]
Jun 25 19:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Invalid user odoo18 from 91.92.40.171
Jun 25 19:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: input_userauth_request: invalid user odoo18 [preauth]
Jun 25 19:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Failed password for invalid user odoo18 from 91.92.40.171 port 55116 ssh2
Jun 25 19:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Connection closed by 91.92.40.171 port 55116 [preauth]
Jun 25 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Invalid user odoo17 from 91.92.40.171
Jun 25 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Failed password for invalid user odoo17 from 91.92.40.171 port 37016 ssh2
Jun 25 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Connection closed by 91.92.40.171 port 37016 [preauth]
Jun 25 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Invalid user splunk from 91.92.40.171
Jun 25 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: input_userauth_request: invalid user splunk [preauth]
Jun 25 19:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Failed password for invalid user splunk from 91.92.40.171 port 37070 ssh2
Jun 25 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Connection closed by 91.92.40.171 port 37070 [preauth]
Jun 25 19:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: Invalid user git from 91.92.40.171
Jun 25 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: input_userauth_request: invalid user git [preauth]
Jun 25 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: Failed password for invalid user git from 91.92.40.171 port 36050 ssh2
Jun 25 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: Connection closed by 91.92.40.171 port 36050 [preauth]
Jun 25 19:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: Invalid user student from 91.92.40.171
Jun 25 19:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: input_userauth_request: invalid user student [preauth]
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3103]: pam_unix(cron:session): session closed for user root
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: Successful su for rubyman by root
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: + ??? root:rubyman
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591990 of user rubyman.
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591990.
Jun 25 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: Failed password for invalid user student from 91.92.40.171 port 36142 ssh2
Jun 25 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: Connection closed by 91.92.40.171 port 36142 [preauth]
Jun 25 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session closed for user root
Jun 25 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32508]: pam_unix(cron:session): session closed for user root
Jun 25 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: Invalid user debian from 91.92.40.171
Jun 25 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: input_userauth_request: invalid user debian [preauth]
Jun 25 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: Failed password for invalid user debian from 91.92.40.171 port 37338 ssh2
Jun 25 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: Connection closed by 91.92.40.171 port 37338 [preauth]
Jun 25 19:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Failed password for root from 91.92.40.171 port 37374 ssh2
Jun 25 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Connection closed by 91.92.40.171 port 37374 [preauth]
Jun 25 19:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Invalid user ftpuser from 91.92.40.171
Jun 25 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Failed password for invalid user ftpuser from 91.92.40.171 port 33530 ssh2
Jun 25 19:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Connection closed by 91.92.40.171 port 33530 [preauth]
Jun 25 19:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Invalid user system from 91.92.40.171
Jun 25 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: input_userauth_request: invalid user system [preauth]
Jun 25 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Failed password for invalid user system from 91.92.40.171 port 33568 ssh2
Jun 25 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Connection closed by 91.92.40.171 port 33568 [preauth]
Jun 25 19:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: User vncuser from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=vncuser
Jun 25 19:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Failed password for invalid user vncuser from 91.92.40.171 port 57448 ssh2
Jun 25 19:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Connection closed by 91.92.40.171 port 57448 [preauth]
Jun 25 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2237]: pam_unix(cron:session): session closed for user root
Jun 25 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Invalid user uploader from 91.92.40.171
Jun 25 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: input_userauth_request: invalid user uploader [preauth]
Jun 25 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Failed password for invalid user uploader from 91.92.40.171 port 57508 ssh2
Jun 25 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Connection closed by 91.92.40.171 port 57508 [preauth]
Jun 25 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Invalid user user2 from 91.92.40.171
Jun 25 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: input_userauth_request: invalid user user2 [preauth]
Jun 25 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Failed password for invalid user user2 from 91.92.40.171 port 41414 ssh2
Jun 25 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Connection closed by 91.92.40.171 port 41414 [preauth]
Jun 25 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: Invalid user claude from 91.92.40.171
Jun 25 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: input_userauth_request: invalid user claude [preauth]
Jun 25 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: Failed password for invalid user claude from 91.92.40.171 port 41450 ssh2
Jun 25 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: Connection closed by 91.92.40.171 port 41450 [preauth]
Jun 25 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3519]: Invalid user sftpuser from 91.92.40.171
Jun 25 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3519]: input_userauth_request: invalid user sftpuser [preauth]
Jun 25 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3519]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3519]: Failed password for invalid user sftpuser from 91.92.40.171 port 33632 ssh2
Jun 25 19:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3519]: Connection closed by 91.92.40.171 port 33632 [preauth]
Jun 25 19:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Invalid user test from 91.92.40.171
Jun 25 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: input_userauth_request: invalid user test [preauth]
Jun 25 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: Invalid user admin from 195.178.110.217
Jun 25 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Failed password for invalid user test from 91.92.40.171 port 33710 ssh2
Jun 25 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Connection closed by 91.92.40.171 port 33710 [preauth]
Jun 25 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: Failed password for invalid user admin from 195.178.110.217 port 46124 ssh2
Jun 25 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3531]: Connection closed by 195.178.110.217 port 46124 [preauth]
Jun 25 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: Invalid user postgres from 91.92.40.171
Jun 25 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: input_userauth_request: invalid user postgres [preauth]
Jun 25 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3560]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: Failed password for invalid user postgres from 91.92.40.171 port 39382 ssh2
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: Connection closed by 91.92.40.171 port 39382 [preauth]
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3626]: Successful su for rubyman by root
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3626]: + ??? root:rubyman
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591993 of user rubyman.
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3626]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591993.
Jun 25 19:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: Invalid user osmc from 91.92.40.171
Jun 25 19:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: input_userauth_request: invalid user osmc [preauth]
Jun 25 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session closed for user root
Jun 25 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3561]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: Failed password for invalid user osmc from 91.92.40.171 port 39446 ssh2
Jun 25 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3826]: Connection closed by 91.92.40.171 port 39446 [preauth]
Jun 25 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: Invalid user deployer from 91.92.40.171
Jun 25 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: input_userauth_request: invalid user deployer [preauth]
Jun 25 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: Failed password for invalid user deployer from 91.92.40.171 port 51806 ssh2
Jun 25 19:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: Connection closed by 91.92.40.171 port 51806 [preauth]
Jun 25 19:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: Invalid user test from 91.92.40.171
Jun 25 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: input_userauth_request: invalid user test [preauth]
Jun 25 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: Failed password for invalid user test from 91.92.40.171 port 51812 ssh2
Jun 25 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3987]: Connection closed by 91.92.40.171 port 51812 [preauth]
Jun 25 19:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: Invalid user master from 91.92.40.171
Jun 25 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: input_userauth_request: invalid user master [preauth]
Jun 25 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: Failed password for invalid user master from 91.92.40.171 port 37956 ssh2
Jun 25 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4035]: Connection closed by 91.92.40.171 port 37956 [preauth]
Jun 25 19:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Failed password for root from 91.92.40.171 port 37990 ssh2
Jun 25 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Connection closed by 91.92.40.171 port 37990 [preauth]
Jun 25 19:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Invalid user rdpuser from 91.92.40.171
Jun 25 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Failed password for invalid user rdpuser from 91.92.40.171 port 39856 ssh2
Jun 25 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Connection closed by 91.92.40.171 port 39856 [preauth]
Jun 25 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2679]: pam_unix(cron:session): session closed for user root
Jun 25 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Invalid user wizard from 91.92.40.171
Jun 25 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: input_userauth_request: invalid user wizard [preauth]
Jun 25 19:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Failed password for invalid user wizard from 91.92.40.171 port 39888 ssh2
Jun 25 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Connection closed by 91.92.40.171 port 39888 [preauth]
Jun 25 19:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4121]: Failed password for root from 91.92.40.171 port 49584 ssh2
Jun 25 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4121]: Connection closed by 91.92.40.171 port 49584 [preauth]
Jun 25 19:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Invalid user www from 91.92.40.171
Jun 25 19:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: input_userauth_request: invalid user www [preauth]
Jun 25 19:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Failed password for invalid user www from 91.92.40.171 port 49656 ssh2
Jun 25 19:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Connection closed by 91.92.40.171 port 49656 [preauth]
Jun 25 19:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Invalid user oracle from 91.92.40.171
Jun 25 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: input_userauth_request: invalid user oracle [preauth]
Jun 25 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Failed password for invalid user oracle from 91.92.40.171 port 48298 ssh2
Jun 25 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Connection closed by 91.92.40.171 port 48298 [preauth]
Jun 25 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: Invalid user username from 91.92.40.171
Jun 25 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: input_userauth_request: invalid user username [preauth]
Jun 25 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: Failed password for invalid user username from 91.92.40.171 port 48324 ssh2
Jun 25 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4163]: Connection closed by 91.92.40.171 port 48324 [preauth]
Jun 25 19:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: Failed password for root from 91.92.40.171 port 46500 ssh2
Jun 25 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: Connection closed by 91.92.40.171 port 46500 [preauth]
Jun 25 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4251]: Successful su for rubyman by root
Jun 25 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4251]: + ??? root:rubyman
Jun 25 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 591997 of user rubyman.
Jun 25 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4251]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 591997.
Jun 25 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1133]: pam_unix(cron:session): session closed for user root
Jun 25 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: Failed password for root from 91.92.40.171 port 38002 ssh2
Jun 25 19:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: Connection closed by 91.92.40.171 port 38002 [preauth]
Jun 25 19:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Invalid user crafty from 91.92.40.171
Jun 25 19:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: input_userauth_request: invalid user crafty [preauth]
Jun 25 19:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Failed password for invalid user crafty from 91.92.40.171 port 38046 ssh2
Jun 25 19:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Connection closed by 91.92.40.171 port 38046 [preauth]
Jun 25 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: Invalid user jellyfin from 91.92.40.171
Jun 25 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: Failed password for invalid user jellyfin from 91.92.40.171 port 50168 ssh2
Jun 25 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: Connection closed by 91.92.40.171 port 50168 [preauth]
Jun 25 19:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: Invalid user openvpn from 91.92.40.171
Jun 25 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: input_userauth_request: invalid user openvpn [preauth]
Jun 25 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: Failed password for invalid user openvpn from 91.92.40.171 port 50210 ssh2
Jun 25 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: Connection closed by 91.92.40.171 port 50210 [preauth]
Jun 25 19:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Invalid user admin from 195.178.110.217
Jun 25 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: Failed password for root from 91.92.40.171 port 46048 ssh2
Jun 25 19:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: Connection closed by 91.92.40.171 port 46048 [preauth]
Jun 25 19:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for invalid user admin from 195.178.110.217 port 49172 ssh2
Jun 25 19:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Connection closed by 195.178.110.217 port 49172 [preauth]
Jun 25 19:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Invalid user username from 91.92.40.171
Jun 25 19:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: input_userauth_request: invalid user username [preauth]
Jun 25 19:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Failed password for invalid user username from 91.92.40.171 port 46088 ssh2
Jun 25 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Connection closed by 91.92.40.171 port 46088 [preauth]
Jun 25 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3102]: pam_unix(cron:session): session closed for user root
Jun 25 19:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Failed password for invalid user ubuntu from 91.92.40.171 port 34986 ssh2
Jun 25 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Connection closed by 91.92.40.171 port 34986 [preauth]
Jun 25 19:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: Failed password for root from 91.92.40.171 port 35004 ssh2
Jun 25 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: Connection closed by 91.92.40.171 port 35004 [preauth]
Jun 25 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: Invalid user admin from 45.148.10.121
Jun 25 19:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 25 19:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: Failed password for invalid user admin from 45.148.10.121 port 55344 ssh2
Jun 25 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4585]: Connection closed by 45.148.10.121 port 55344 [preauth]
Jun 25 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: Invalid user avax from 91.92.40.171
Jun 25 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: input_userauth_request: invalid user avax [preauth]
Jun 25 19:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: Failed password for invalid user avax from 91.92.40.171 port 35914 ssh2
Jun 25 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: Connection closed by 91.92.40.171 port 35914 [preauth]
Jun 25 19:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Invalid user rdpuser from 91.92.40.171
Jun 25 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Failed password for invalid user rdpuser from 91.92.40.171 port 35992 ssh2
Jun 25 19:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Connection closed by 91.92.40.171 port 35992 [preauth]
Jun 25 19:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for root from 91.92.40.171 port 33788 ssh2
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4620]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Connection closed by 91.92.40.171 port 33788 [preauth]
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4687]: Successful su for rubyman by root
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4687]: + ??? root:rubyman
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592001 of user rubyman.
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4687]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592001.
Jun 25 19:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session closed for user root
Jun 25 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4621]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: Failed password for root from 91.92.40.171 port 34416 ssh2
Jun 25 19:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4924]: Connection closed by 91.92.40.171 port 34416 [preauth]
Jun 25 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Invalid user vagrant from 91.92.40.171
Jun 25 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: input_userauth_request: invalid user vagrant [preauth]
Jun 25 19:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Failed password for invalid user vagrant from 91.92.40.171 port 34452 ssh2
Jun 25 19:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Connection closed by 91.92.40.171 port 34452 [preauth]
Jun 25 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: Invalid user trader from 91.92.40.171
Jun 25 19:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: input_userauth_request: invalid user trader [preauth]
Jun 25 19:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: Failed password for invalid user trader from 91.92.40.171 port 50122 ssh2
Jun 25 19:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5017]: Connection closed by 91.92.40.171 port 50122 [preauth]
Jun 25 19:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: Invalid user www from 91.92.40.171
Jun 25 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: input_userauth_request: invalid user www [preauth]
Jun 25 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: Failed password for invalid user www from 91.92.40.171 port 50222 ssh2
Jun 25 19:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5027]: Connection closed by 91.92.40.171 port 50222 [preauth]
Jun 25 19:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: Invalid user user from 91.92.40.171
Jun 25 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: input_userauth_request: invalid user user [preauth]
Jun 25 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: Failed password for invalid user user from 91.92.40.171 port 53084 ssh2
Jun 25 19:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: Connection closed by 91.92.40.171 port 53084 [preauth]
Jun 25 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5060]: Invalid user admin from 91.92.40.171
Jun 25 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5060]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5060]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3563]: pam_unix(cron:session): session closed for user root
Jun 25 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5060]: Failed password for invalid user admin from 91.92.40.171 port 53196 ssh2
Jun 25 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5060]: Connection closed by 91.92.40.171 port 53196 [preauth]
Jun 25 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: Invalid user node from 91.92.40.171
Jun 25 19:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: input_userauth_request: invalid user node [preauth]
Jun 25 19:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: Failed password for invalid user node from 91.92.40.171 port 52850 ssh2
Jun 25 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: Connection closed by 91.92.40.171 port 52850 [preauth]
Jun 25 19:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Invalid user dev from 91.92.40.171
Jun 25 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: input_userauth_request: invalid user dev [preauth]
Jun 25 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Failed password for invalid user dev from 91.92.40.171 port 52916 ssh2
Jun 25 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Connection closed by 91.92.40.171 port 52916 [preauth]
Jun 25 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: Invalid user ivan from 91.92.40.171
Jun 25 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: input_userauth_request: invalid user ivan [preauth]
Jun 25 19:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: Failed password for invalid user ivan from 91.92.40.171 port 50004 ssh2
Jun 25 19:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: Connection closed by 91.92.40.171 port 50004 [preauth]
Jun 25 19:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Invalid user admin123 from 91.92.40.171
Jun 25 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: input_userauth_request: invalid user admin123 [preauth]
Jun 25 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5125]: Failed password for root from 103.82.20.28 port 57080 ssh2
Jun 25 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5125]: Connection closed by 103.82.20.28 port 57080 [preauth]
Jun 25 19:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Failed password for invalid user admin123 from 91.92.40.171 port 50048 ssh2
Jun 25 19:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Connection closed by 91.92.40.171 port 50048 [preauth]
Jun 25 19:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: Invalid user admin from 195.178.110.217
Jun 25 19:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Invalid user sdadmin from 91.92.40.171
Jun 25 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: input_userauth_request: invalid user sdadmin [preauth]
Jun 25 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: Invalid user admin from 141.98.83.240
Jun 25 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: Failed password for invalid user admin from 195.178.110.217 port 52226 ssh2
Jun 25 19:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5137]: Connection closed by 195.178.110.217 port 52226 [preauth]
Jun 25 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Failed password for invalid user sdadmin from 91.92.40.171 port 40642 ssh2
Jun 25 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: Failed password for invalid user admin from 141.98.83.240 port 43134 ssh2
Jun 25 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Connection closed by 91.92.40.171 port 40642 [preauth]
Jun 25 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5167]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5227]: Successful su for rubyman by root
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5227]: + ??? root:rubyman
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592005 of user rubyman.
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5227]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592005.
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: Failed password for invalid user admin from 141.98.83.240 port 43134 ssh2
Jun 25 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: Invalid user test2 from 91.92.40.171
Jun 25 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: input_userauth_request: invalid user test2 [preauth]
Jun 25 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: Failed password for invalid user admin from 141.98.83.240 port 43134 ssh2
Jun 25 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2236]: pam_unix(cron:session): session closed for user root
Jun 25 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: Connection closed by 141.98.83.240 port 43134 [preauth]
Jun 25 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5151]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: Failed password for invalid user test2 from 91.92.40.171 port 40694 ssh2
Jun 25 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: Connection closed by 91.92.40.171 port 40694 [preauth]
Jun 25 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5168]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: Invalid user deploy from 91.92.40.171
Jun 25 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: Failed password for invalid user deploy from 91.92.40.171 port 37572 ssh2
Jun 25 19:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: Connection closed by 91.92.40.171 port 37572 [preauth]
Jun 25 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: Invalid user vbox from 91.92.40.171
Jun 25 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: input_userauth_request: invalid user vbox [preauth]
Jun 25 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: Failed password for invalid user vbox from 91.92.40.171 port 37622 ssh2
Jun 25 19:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: Connection closed by 91.92.40.171 port 37622 [preauth]
Jun 25 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: Invalid user media from 91.92.40.171
Jun 25 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: input_userauth_request: invalid user media [preauth]
Jun 25 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: Failed password for invalid user media from 91.92.40.171 port 46884 ssh2
Jun 25 19:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: Connection closed by 91.92.40.171 port 46884 [preauth]
Jun 25 19:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: Failed password for root from 91.92.40.171 port 46906 ssh2
Jun 25 19:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5474]: Connection closed by 91.92.40.171 port 46906 [preauth]
Jun 25 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Invalid user fastuser from 91.92.40.171
Jun 25 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Failed password for invalid user fastuser from 91.92.40.171 port 50808 ssh2
Jun 25 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Connection closed by 91.92.40.171 port 50808 [preauth]
Jun 25 19:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Invalid user cloud from 91.92.40.171
Jun 25 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: input_userauth_request: invalid user cloud [preauth]
Jun 25 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session closed for user root
Jun 25 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Failed password for invalid user cloud from 91.92.40.171 port 50882 ssh2
Jun 25 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Connection closed by 91.92.40.171 port 50882 [preauth]
Jun 25 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Invalid user fastuser from 91.92.40.171
Jun 25 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: input_userauth_request: invalid user fastuser [preauth]
Jun 25 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Failed password for invalid user fastuser from 91.92.40.171 port 59716 ssh2
Jun 25 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Connection closed by 91.92.40.171 port 59716 [preauth]
Jun 25 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Invalid user node from 91.92.40.171
Jun 25 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: input_userauth_request: invalid user node [preauth]
Jun 25 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Failed password for invalid user node from 91.92.40.171 port 53360 ssh2
Jun 25 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Connection closed by 91.92.40.171 port 53360 [preauth]
Jun 25 19:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 19:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Failed password for root from 91.92.40.171 port 53402 ssh2
Jun 25 19:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Connection closed by 91.92.40.171 port 53402 [preauth]
Jun 25 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Failed password for root from 80.66.85.226 port 56526 ssh2
Jun 25 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Connection closed by 80.66.85.226 port 56526 [preauth]
Jun 25 19:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: Failed password for root from 91.92.40.171 port 45476 ssh2
Jun 25 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: Connection closed by 91.92.40.171 port 45476 [preauth]
Jun 25 19:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Invalid user jay from 91.92.40.171
Jun 25 19:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: input_userauth_request: invalid user jay [preauth]
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session closed for user root
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5663]: Successful su for rubyman by root
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5663]: + ??? root:rubyman
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592010 of user rubyman.
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5663]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592010.
Jun 25 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session closed for user root
Jun 25 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Failed password for invalid user jay from 91.92.40.171 port 45534 ssh2
Jun 25 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Connection closed by 91.92.40.171 port 45534 [preauth]
Jun 25 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2678]: pam_unix(cron:session): session closed for user root
Jun 25 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Invalid user admin from 91.92.40.171
Jun 25 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Failed password for invalid user admin from 91.92.40.171 port 56134 ssh2
Jun 25 19:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Connection closed by 91.92.40.171 port 56134 [preauth]
Jun 25 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: Invalid user sam from 91.92.40.171
Jun 25 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: input_userauth_request: invalid user sam [preauth]
Jun 25 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: Failed password for invalid user sam from 91.92.40.171 port 56224 ssh2
Jun 25 19:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: Connection closed by 91.92.40.171 port 56224 [preauth]
Jun 25 19:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Invalid user pi from 91.92.40.171
Jun 25 19:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: input_userauth_request: invalid user pi [preauth]
Jun 25 19:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Failed password for invalid user pi from 91.92.40.171 port 55880 ssh2
Jun 25 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Connection closed by 91.92.40.171 port 55880 [preauth]
Jun 25 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: Invalid user admin from 195.178.110.217
Jun 25 19:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Failed password for root from 91.92.40.171 port 55914 ssh2
Jun 25 19:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Connection closed by 91.92.40.171 port 55914 [preauth]
Jun 25 19:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: Failed password for invalid user admin from 195.178.110.217 port 55188 ssh2
Jun 25 19:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: Connection closed by 195.178.110.217 port 55188 [preauth]
Jun 25 19:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Failed password for root from 91.92.40.171 port 54968 ssh2
Jun 25 19:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Connection closed by 91.92.40.171 port 54968 [preauth]
Jun 25 19:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4623]: pam_unix(cron:session): session closed for user root
Jun 25 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Invalid user node from 91.92.40.171
Jun 25 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: input_userauth_request: invalid user node [preauth]
Jun 25 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Failed password for invalid user node from 91.92.40.171 port 60740 ssh2
Jun 25 19:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Connection closed by 91.92.40.171 port 60740 [preauth]
Jun 25 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Invalid user sam from 91.92.40.171
Jun 25 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: input_userauth_request: invalid user sam [preauth]
Jun 25 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Failed password for invalid user sam from 91.92.40.171 port 60768 ssh2
Jun 25 19:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Connection closed by 91.92.40.171 port 60768 [preauth]
Jun 25 19:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: Invalid user cw from 91.92.40.171
Jun 25 19:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: input_userauth_request: invalid user cw [preauth]
Jun 25 19:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: Failed password for invalid user cw from 91.92.40.171 port 55454 ssh2
Jun 25 19:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: Connection closed by 91.92.40.171 port 55454 [preauth]
Jun 25 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Invalid user alex from 91.92.40.171
Jun 25 19:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: input_userauth_request: invalid user alex [preauth]
Jun 25 19:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Failed password for invalid user alex from 91.92.40.171 port 55496 ssh2
Jun 25 19:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Connection closed by 91.92.40.171 port 55496 [preauth]
Jun 25 19:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: Invalid user rdpuser from 91.92.40.171
Jun 25 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 19:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: Failed password for invalid user rdpuser from 91.92.40.171 port 57384 ssh2
Jun 25 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: Connection closed by 91.92.40.171 port 57384 [preauth]
Jun 25 19:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6037]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6102]: Successful su for rubyman by root
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6102]: + ??? root:rubyman
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592015 of user rubyman.
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6102]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592015.
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Invalid user claude from 91.92.40.171
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: input_userauth_request: invalid user claude [preauth]
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Failed password for invalid user claude from 91.92.40.171 port 57426 ssh2
Jun 25 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Connection closed by 91.92.40.171 port 57426 [preauth]
Jun 25 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3101]: pam_unix(cron:session): session closed for user root
Jun 25 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6038]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Failed password for root from 91.92.40.171 port 52088 ssh2
Jun 25 19:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Connection closed by 91.92.40.171 port 52088 [preauth]
Jun 25 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Invalid user appuser from 91.92.40.171
Jun 25 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: input_userauth_request: invalid user appuser [preauth]
Jun 25 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Failed password for invalid user appuser from 91.92.40.171 port 52148 ssh2
Jun 25 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Connection closed by 91.92.40.171 port 52148 [preauth]
Jun 25 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Invalid user ftpuser from 91.92.40.171
Jun 25 19:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 19:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Failed password for invalid user ftpuser from 91.92.40.171 port 55964 ssh2
Jun 25 19:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Connection closed by 91.92.40.171 port 55964 [preauth]
Jun 25 19:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Invalid user guest from 91.92.40.171
Jun 25 19:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: input_userauth_request: invalid user guest [preauth]
Jun 25 19:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Failed password for invalid user guest from 91.92.40.171 port 55992 ssh2
Jun 25 19:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Connection closed by 91.92.40.171 port 55992 [preauth]
Jun 25 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5170]: pam_unix(cron:session): session closed for user root
Jun 25 19:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Failed password for invalid user ubuntu from 91.92.40.171 port 34668 ssh2
Jun 25 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Connection closed by 91.92.40.171 port 34668 [preauth]
Jun 25 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Failed password for invalid user ubuntu from 91.92.40.171 port 33616 ssh2
Jun 25 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Connection closed by 91.92.40.171 port 33616 [preauth]
Jun 25 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: Invalid user ark from 91.92.40.171
Jun 25 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: input_userauth_request: invalid user ark [preauth]
Jun 25 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: Failed password for invalid user ark from 91.92.40.171 port 33678 ssh2
Jun 25 19:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6407]: Connection closed by 91.92.40.171 port 33678 [preauth]
Jun 25 19:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6429]: Failed password for root from 91.92.40.171 port 47434 ssh2
Jun 25 19:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6429]: Connection closed by 91.92.40.171 port 47434 [preauth]
Jun 25 19:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Invalid user drcomadmin from 91.92.40.171
Jun 25 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 25 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Invalid user admin from 195.178.110.217
Jun 25 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Failed password for invalid user drcomadmin from 91.92.40.171 port 47502 ssh2
Jun 25 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Connection closed by 91.92.40.171 port 47502 [preauth]
Jun 25 19:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Failed password for invalid user admin from 195.178.110.217 port 58212 ssh2
Jun 25 19:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Connection closed by 195.178.110.217 port 58212 [preauth]
Jun 25 19:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Invalid user ali from 91.92.40.171
Jun 25 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: input_userauth_request: invalid user ali [preauth]
Jun 25 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Failed password for invalid user ali from 91.92.40.171 port 33772 ssh2
Jun 25 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Connection closed by 91.92.40.171 port 33772 [preauth]
Jun 25 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6462]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6523]: Successful su for rubyman by root
Jun 25 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6523]: + ??? root:rubyman
Jun 25 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592020 of user rubyman.
Jun 25 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6523]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592020.
Jun 25 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3562]: pam_unix(cron:session): session closed for user root
Jun 25 19:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: Failed password for root from 91.92.40.171 port 33824 ssh2
Jun 25 19:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: Connection closed by 91.92.40.171 port 33824 [preauth]
Jun 25 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6463]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: Invalid user bob from 91.92.40.171
Jun 25 19:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: input_userauth_request: invalid user bob [preauth]
Jun 25 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: Failed password for invalid user bob from 91.92.40.171 port 60188 ssh2
Jun 25 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6715]: Connection closed by 91.92.40.171 port 60188 [preauth]
Jun 25 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Invalid user teste from 91.92.40.171
Jun 25 19:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: input_userauth_request: invalid user teste [preauth]
Jun 25 19:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Failed password for invalid user teste from 91.92.40.171 port 60250 ssh2
Jun 25 19:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Connection closed by 91.92.40.171 port 60250 [preauth]
Jun 25 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Invalid user martin from 91.92.40.171
Jun 25 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: input_userauth_request: invalid user martin [preauth]
Jun 25 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Failed password for invalid user martin from 91.92.40.171 port 47304 ssh2
Jun 25 19:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Connection closed by 91.92.40.171 port 47304 [preauth]
Jun 25 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Invalid user fivem from 91.92.40.171
Jun 25 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: input_userauth_request: invalid user fivem [preauth]
Jun 25 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Failed password for invalid user fivem from 91.92.40.171 port 60660 ssh2
Jun 25 19:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Connection closed by 91.92.40.171 port 60660 [preauth]
Jun 25 19:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 19:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: Invalid user admin from 91.92.40.171
Jun 25 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: Failed password for root from 202.178.126.219 port 6760 ssh2
Jun 25 19:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: Connection closed by 202.178.126.219 port 6760 [preauth]
Jun 25 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session closed for user root
Jun 25 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: Failed password for invalid user admin from 91.92.40.171 port 60722 ssh2
Jun 25 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: Connection closed by 91.92.40.171 port 60722 [preauth]
Jun 25 19:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Invalid user fahmi from 91.92.40.171
Jun 25 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: input_userauth_request: invalid user fahmi [preauth]
Jun 25 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Failed password for invalid user fahmi from 91.92.40.171 port 56788 ssh2
Jun 25 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6828]: Connection closed by 91.92.40.171 port 56788 [preauth]
Jun 25 19:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Invalid user user3 from 91.92.40.171
Jun 25 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: input_userauth_request: invalid user user3 [preauth]
Jun 25 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Failed password for invalid user user3 from 91.92.40.171 port 56832 ssh2
Jun 25 19:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Connection closed by 91.92.40.171 port 56832 [preauth]
Jun 25 19:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Invalid user runner from 91.92.40.171
Jun 25 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: input_userauth_request: invalid user runner [preauth]
Jun 25 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Failed password for invalid user runner from 91.92.40.171 port 34144 ssh2
Jun 25 19:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Connection closed by 91.92.40.171 port 34144 [preauth]
Jun 25 19:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Invalid user core from 91.92.40.171
Jun 25 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: input_userauth_request: invalid user core [preauth]
Jun 25 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for invalid user core from 91.92.40.171 port 34184 ssh2
Jun 25 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Connection closed by 91.92.40.171 port 34184 [preauth]
Jun 25 19:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Invalid user test from 91.92.40.171
Jun 25 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: input_userauth_request: invalid user test [preauth]
Jun 25 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Failed password for invalid user test from 91.92.40.171 port 46612 ssh2
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Connection closed by 91.92.40.171 port 46612 [preauth]
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6898]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6972]: Successful su for rubyman by root
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6972]: + ??? root:rubyman
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592024 of user rubyman.
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6972]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592024.
Jun 25 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: Invalid user myuser from 91.92.40.171
Jun 25 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: input_userauth_request: invalid user myuser [preauth]
Jun 25 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session closed for user root
Jun 25 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6899]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: Failed password for invalid user myuser from 91.92.40.171 port 46658 ssh2
Jun 25 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: Connection closed by 91.92.40.171 port 46658 [preauth]
Jun 25 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Invalid user ec2-user from 91.92.40.171
Jun 25 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Failed password for invalid user ec2-user from 91.92.40.171 port 60166 ssh2
Jun 25 19:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Connection closed by 91.92.40.171 port 60166 [preauth]
Jun 25 19:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Invalid user admin from 91.92.40.171
Jun 25 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Failed password for invalid user admin from 91.92.40.171 port 53010 ssh2
Jun 25 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Connection closed by 91.92.40.171 port 53010 [preauth]
Jun 25 19:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: Invalid user admin from 195.178.110.217
Jun 25 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: Failed password for root from 91.92.40.171 port 53088 ssh2
Jun 25 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: Connection closed by 91.92.40.171 port 53088 [preauth]
Jun 25 19:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: Failed password for invalid user admin from 195.178.110.217 port 33012 ssh2
Jun 25 19:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: Connection closed by 195.178.110.217 port 33012 [preauth]
Jun 25 19:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Invalid user ai from 91.92.40.171
Jun 25 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: input_userauth_request: invalid user ai [preauth]
Jun 25 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Failed password for invalid user ai from 91.92.40.171 port 42286 ssh2
Jun 25 19:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Connection closed by 91.92.40.171 port 42286 [preauth]
Jun 25 19:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6040]: pam_unix(cron:session): session closed for user root
Jun 25 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: Failed password for invalid user ubuntu from 91.92.40.171 port 42380 ssh2
Jun 25 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: Connection closed by 91.92.40.171 port 42380 [preauth]
Jun 25 19:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Failed password for root from 91.92.40.171 port 49372 ssh2
Jun 25 19:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Connection closed by 91.92.40.171 port 49372 [preauth]
Jun 25 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Invalid user solana from 91.92.40.171
Jun 25 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: input_userauth_request: invalid user solana [preauth]
Jun 25 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Failed password for invalid user solana from 91.92.40.171 port 49414 ssh2
Jun 25 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Connection closed by 91.92.40.171 port 49414 [preauth]
Jun 25 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: Invalid user packer from 91.92.40.171
Jun 25 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: input_userauth_request: invalid user packer [preauth]
Jun 25 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: Failed password for invalid user packer from 91.92.40.171 port 57994 ssh2
Jun 25 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: Connection closed by 91.92.40.171 port 57994 [preauth]
Jun 25 19:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: Invalid user hadoop from 91.92.40.171
Jun 25 19:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: Failed password for invalid user hadoop from 91.92.40.171 port 58024 ssh2
Jun 25 19:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: Connection closed by 91.92.40.171 port 58024 [preauth]
Jun 25 19:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: Invalid user myuser from 91.92.40.171
Jun 25 19:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: input_userauth_request: invalid user myuser [preauth]
Jun 25 19:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: Failed password for invalid user myuser from 91.92.40.171 port 50448 ssh2
Jun 25 19:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7406]: Connection closed by 91.92.40.171 port 50448 [preauth]
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7473]: Successful su for rubyman by root
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7473]: + ??? root:rubyman
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592028 of user rubyman.
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7473]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592028.
Jun 25 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: Invalid user redhat from 91.92.40.171
Jun 25 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: input_userauth_request: invalid user redhat [preauth]
Jun 25 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4622]: pam_unix(cron:session): session closed for user root
Jun 25 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: Failed password for invalid user redhat from 91.92.40.171 port 50468 ssh2
Jun 25 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: Connection closed by 91.92.40.171 port 50468 [preauth]
Jun 25 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7415]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: Failed password for root from 91.92.40.171 port 54302 ssh2
Jun 25 19:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: Connection closed by 91.92.40.171 port 54302 [preauth]
Jun 25 19:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Failed password for root from 91.92.40.171 port 54344 ssh2
Jun 25 19:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Connection closed by 91.92.40.171 port 54344 [preauth]
Jun 25 19:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Invalid user bot from 91.92.40.171
Jun 25 19:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: input_userauth_request: invalid user bot [preauth]
Jun 25 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Failed password for invalid user bot from 91.92.40.171 port 53236 ssh2
Jun 25 19:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Connection closed by 91.92.40.171 port 53236 [preauth]
Jun 25 19:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Invalid user rancher from 91.92.40.171
Jun 25 19:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: input_userauth_request: invalid user rancher [preauth]
Jun 25 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Failed password for invalid user rancher from 91.92.40.171 port 53284 ssh2
Jun 25 19:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Connection closed by 91.92.40.171 port 53284 [preauth]
Jun 25 19:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: User vncuser from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 19:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=vncuser
Jun 25 19:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: Failed password for invalid user vncuser from 91.92.40.171 port 43432 ssh2
Jun 25 19:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7827]: Connection closed by 91.92.40.171 port 43432 [preauth]
Jun 25 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6465]: pam_unix(cron:session): session closed for user root
Jun 25 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Failed password for root from 91.92.40.171 port 49686 ssh2
Jun 25 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Connection closed by 91.92.40.171 port 49686 [preauth]
Jun 25 19:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: Invalid user clawdbot from 91.92.40.171
Jun 25 19:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: input_userauth_request: invalid user clawdbot [preauth]
Jun 25 19:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: Failed password for invalid user clawdbot from 91.92.40.171 port 49752 ssh2
Jun 25 19:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: Connection closed by 91.92.40.171 port 49752 [preauth]
Jun 25 19:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: Invalid user runner from 91.92.40.171
Jun 25 19:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: input_userauth_request: invalid user runner [preauth]
Jun 25 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: Failed password for invalid user runner from 91.92.40.171 port 44132 ssh2
Jun 25 19:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: Connection closed by 91.92.40.171 port 44132 [preauth]
Jun 25 19:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: Invalid user admin from 195.178.110.217
Jun 25 19:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Invalid user odoo16 from 91.92.40.171
Jun 25 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: input_userauth_request: invalid user odoo16 [preauth]
Jun 25 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: Failed password for invalid user admin from 195.178.110.217 port 36040 ssh2
Jun 25 19:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: Connection closed by 195.178.110.217 port 36040 [preauth]
Jun 25 19:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Failed password for invalid user odoo16 from 91.92.40.171 port 44170 ssh2
Jun 25 19:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Connection closed by 91.92.40.171 port 44170 [preauth]
Jun 25 19:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Failed password for root from 91.92.40.171 port 50204 ssh2
Jun 25 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Connection closed by 91.92.40.171 port 50204 [preauth]
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7933]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session closed for user root
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7930]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7998]: Successful su for rubyman by root
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7998]: + ??? root:rubyman
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592033 of user rubyman.
Jun 25 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7998]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592033.
Jun 25 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Invalid user steam from 91.92.40.171
Jun 25 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: input_userauth_request: invalid user steam [preauth]
Jun 25 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5169]: pam_unix(cron:session): session closed for user root
Jun 25 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7932]: pam_unix(cron:session): session closed for user root
Jun 25 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Failed password for invalid user steam from 91.92.40.171 port 50286 ssh2
Jun 25 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Connection closed by 91.92.40.171 port 50286 [preauth]
Jun 25 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7931]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Invalid user xiao from 91.92.40.171
Jun 25 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: input_userauth_request: invalid user xiao [preauth]
Jun 25 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Failed password for invalid user xiao from 91.92.40.171 port 43434 ssh2
Jun 25 19:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8207]: Connection closed by 91.92.40.171 port 43434 [preauth]
Jun 25 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: Failed password for root from 91.92.40.171 port 43516 ssh2
Jun 25 19:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: Connection closed by 91.92.40.171 port 43516 [preauth]
Jun 25 19:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Invalid user zimbra from 91.92.40.171
Jun 25 19:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: input_userauth_request: invalid user zimbra [preauth]
Jun 25 19:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Failed password for invalid user zimbra from 91.92.40.171 port 45708 ssh2
Jun 25 19:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Connection closed by 91.92.40.171 port 45708 [preauth]
Jun 25 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8264]: Invalid user cloud from 91.92.40.171
Jun 25 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8264]: input_userauth_request: invalid user cloud [preauth]
Jun 25 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8264]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8264]: Failed password for invalid user cloud from 91.92.40.171 port 36622 ssh2
Jun 25 19:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8264]: Connection closed by 91.92.40.171 port 36622 [preauth]
Jun 25 19:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Invalid user fa from 91.92.40.171
Jun 25 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: input_userauth_request: invalid user fa [preauth]
Jun 25 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6901]: pam_unix(cron:session): session closed for user root
Jun 25 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Failed password for invalid user fa from 91.92.40.171 port 36688 ssh2
Jun 25 19:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Connection closed by 91.92.40.171 port 36688 [preauth]
Jun 25 19:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: Invalid user grok from 91.92.40.171
Jun 25 19:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: input_userauth_request: invalid user grok [preauth]
Jun 25 19:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: Failed password for invalid user grok from 91.92.40.171 port 51676 ssh2
Jun 25 19:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: Connection closed by 91.92.40.171 port 51676 [preauth]
Jun 25 19:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Connection closed by 194.59.206.2 port 21206 [preauth]
Jun 25 19:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: Invalid user ghost from 91.92.40.171
Jun 25 19:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: input_userauth_request: invalid user ghost [preauth]
Jun 25 19:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: Failed password for invalid user ghost from 91.92.40.171 port 51738 ssh2
Jun 25 19:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: Connection closed by 91.92.40.171 port 51738 [preauth]
Jun 25 19:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: Invalid user gateway from 91.92.40.171
Jun 25 19:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: input_userauth_request: invalid user gateway [preauth]
Jun 25 19:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: Failed password for invalid user gateway from 91.92.40.171 port 39344 ssh2
Jun 25 19:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8339]: Connection closed by 91.92.40.171 port 39344 [preauth]
Jun 25 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Invalid user jenkins from 91.92.40.171
Jun 25 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: input_userauth_request: invalid user jenkins [preauth]
Jun 25 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Failed password for invalid user jenkins from 91.92.40.171 port 39398 ssh2
Jun 25 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Connection closed by 91.92.40.171 port 39398 [preauth]
Jun 25 19:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Invalid user ts3 from 91.92.40.171
Jun 25 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Failed password for invalid user ts3 from 91.92.40.171 port 57344 ssh2
Jun 25 19:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Connection closed by 91.92.40.171 port 57344 [preauth]
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8372]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8444]: Successful su for rubyman by root
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8444]: + ??? root:rubyman
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592039 of user rubyman.
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8444]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592039.
Jun 25 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: Invalid user jellyfin from 91.92.40.171
Jun 25 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: input_userauth_request: invalid user jellyfin [preauth]
Jun 25 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session closed for user root
Jun 25 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8373]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: Failed password for invalid user jellyfin from 91.92.40.171 port 57386 ssh2
Jun 25 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8543]: Connection closed by 91.92.40.171 port 57386 [preauth]
Jun 25 19:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: Failed password for root from 91.92.40.171 port 54346 ssh2
Jun 25 19:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: Connection closed by 91.92.40.171 port 54346 [preauth]
Jun 25 19:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8650]: Failed password for root from 91.92.40.171 port 54398 ssh2
Jun 25 19:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8650]: Connection closed by 91.92.40.171 port 54398 [preauth]
Jun 25 19:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Invalid user admin from 195.178.110.217
Jun 25 19:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Invalid user aiuser from 91.92.40.171
Jun 25 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: input_userauth_request: invalid user aiuser [preauth]
Jun 25 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Failed password for invalid user admin from 195.178.110.217 port 39114 ssh2
Jun 25 19:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Connection closed by 195.178.110.217 port 39114 [preauth]
Jun 25 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Failed password for invalid user aiuser from 91.92.40.171 port 50162 ssh2
Jun 25 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Connection closed by 91.92.40.171 port 50162 [preauth]
Jun 25 19:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Invalid user default from 91.92.40.171
Jun 25 19:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: input_userauth_request: invalid user default [preauth]
Jun 25 19:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Failed password for invalid user default from 91.92.40.171 port 58594 ssh2
Jun 25 19:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Connection closed by 91.92.40.171 port 58594 [preauth]
Jun 25 19:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Failed password for invalid user ubuntu from 91.92.40.171 port 58678 ssh2
Jun 25 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Connection closed by 91.92.40.171 port 58678 [preauth]
Jun 25 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7417]: pam_unix(cron:session): session closed for user root
Jun 25 19:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Invalid user bot from 91.92.40.171
Jun 25 19:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: input_userauth_request: invalid user bot [preauth]
Jun 25 19:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Failed password for invalid user bot from 91.92.40.171 port 60720 ssh2
Jun 25 19:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Connection closed by 91.92.40.171 port 60720 [preauth]
Jun 25 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: User mysql from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: input_userauth_request: invalid user mysql [preauth]
Jun 25 19:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=mysql
Jun 25 19:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Failed password for invalid user mysql from 91.92.40.171 port 60746 ssh2
Jun 25 19:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Connection closed by 91.92.40.171 port 60746 [preauth]
Jun 25 19:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: Invalid user customer from 91.92.40.171
Jun 25 19:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: input_userauth_request: invalid user customer [preauth]
Jun 25 19:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: Failed password for invalid user customer from 91.92.40.171 port 39696 ssh2
Jun 25 19:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: Connection closed by 91.92.40.171 port 39696 [preauth]
Jun 25 19:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: Invalid user user from 91.92.40.171
Jun 25 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: input_userauth_request: invalid user user [preauth]
Jun 25 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: Failed password for invalid user user from 91.92.40.171 port 39746 ssh2
Jun 25 19:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: Connection closed by 91.92.40.171 port 39746 [preauth]
Jun 25 19:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Invalid user chris from 91.92.40.171
Jun 25 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: input_userauth_request: invalid user chris [preauth]
Jun 25 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 19:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Failed password for invalid user chris from 91.92.40.171 port 54338 ssh2
Jun 25 19:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Connection closed by 91.92.40.171 port 54338 [preauth]
Jun 25 19:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Failed password for root from 103.122.221.179 port 54766 ssh2
Jun 25 19:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Connection closed by 103.122.221.179 port 54766 [preauth]
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8869]: Successful su for rubyman by root
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8869]: + ??? root:rubyman
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592041 of user rubyman.
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8869]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592041.
Jun 25 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Invalid user gd from 91.92.40.171
Jun 25 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: input_userauth_request: invalid user gd [preauth]
Jun 25 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6039]: pam_unix(cron:session): session closed for user root
Jun 25 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Failed password for invalid user gd from 91.92.40.171 port 54360 ssh2
Jun 25 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Connection closed by 91.92.40.171 port 54360 [preauth]
Jun 25 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: Invalid user gns3 from 91.92.40.171
Jun 25 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: input_userauth_request: invalid user gns3 [preauth]
Jun 25 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: Failed password for invalid user gns3 from 91.92.40.171 port 43734 ssh2
Jun 25 19:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9062]: Connection closed by 91.92.40.171 port 43734 [preauth]
Jun 25 19:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: Invalid user labuser from 91.92.40.171
Jun 25 19:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: input_userauth_request: invalid user labuser [preauth]
Jun 25 19:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: Failed password for invalid user labuser from 91.92.40.171 port 43786 ssh2
Jun 25 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: Connection closed by 91.92.40.171 port 43786 [preauth]
Jun 25 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9096]: Failed password for root from 91.92.40.171 port 33634 ssh2
Jun 25 19:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9096]: Connection closed by 91.92.40.171 port 33634 [preauth]
Jun 25 19:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Invalid user kevin from 91.92.40.171
Jun 25 19:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: input_userauth_request: invalid user kevin [preauth]
Jun 25 19:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Failed password for invalid user kevin from 91.92.40.171 port 49846 ssh2
Jun 25 19:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Connection closed by 91.92.40.171 port 49846 [preauth]
Jun 25 19:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: Invalid user testuser from 91.92.40.171
Jun 25 19:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: input_userauth_request: invalid user testuser [preauth]
Jun 25 19:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: Failed password for invalid user testuser from 91.92.40.171 port 49866 ssh2
Jun 25 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: Connection closed by 91.92.40.171 port 49866 [preauth]
Jun 25 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7934]: pam_unix(cron:session): session closed for user root
Jun 25 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: Invalid user server from 91.92.40.171
Jun 25 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: input_userauth_request: invalid user server [preauth]
Jun 25 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: Failed password for invalid user server from 91.92.40.171 port 45540 ssh2
Jun 25 19:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9159]: Connection closed by 91.92.40.171 port 45540 [preauth]
Jun 25 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9169]: Failed password for root from 91.92.40.171 port 45628 ssh2
Jun 25 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9169]: Connection closed by 91.92.40.171 port 45628 [preauth]
Jun 25 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Invalid user admin from 195.178.110.217
Jun 25 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: Invalid user admin from 91.92.40.171
Jun 25 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Failed password for invalid user admin from 195.178.110.217 port 42048 ssh2
Jun 25 19:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: Failed password for invalid user admin from 91.92.40.171 port 37400 ssh2
Jun 25 19:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Connection closed by 195.178.110.217 port 42048 [preauth]
Jun 25 19:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: Connection closed by 91.92.40.171 port 37400 [preauth]
Jun 25 19:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: Failed password for root from 91.92.40.171 port 37454 ssh2
Jun 25 19:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9207]: Connection closed by 91.92.40.171 port 37454 [preauth]
Jun 25 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Invalid user gary from 91.92.40.171
Jun 25 19:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: input_userauth_request: invalid user gary [preauth]
Jun 25 19:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for invalid user gary from 91.92.40.171 port 40726 ssh2
Jun 25 19:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Connection closed by 91.92.40.171 port 40726 [preauth]
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9230]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9294]: Successful su for rubyman by root
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9294]: + ??? root:rubyman
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592045 of user rubyman.
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9294]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592045.
Jun 25 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9284]: Invalid user bot from 91.92.40.171
Jun 25 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9284]: input_userauth_request: invalid user bot [preauth]
Jun 25 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6464]: pam_unix(cron:session): session closed for user root
Jun 25 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9284]: Failed password for invalid user bot from 91.92.40.171 port 40742 ssh2
Jun 25 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9231]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9284]: Connection closed by 91.92.40.171 port 40742 [preauth]
Jun 25 19:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: Failed password for root from 91.92.40.171 port 36228 ssh2
Jun 25 19:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9474]: Connection closed by 91.92.40.171 port 36228 [preauth]
Jun 25 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: Invalid user minecraft from 91.92.40.171
Jun 25 19:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 19:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: Failed password for invalid user minecraft from 91.92.40.171 port 36288 ssh2
Jun 25 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: Connection closed by 91.92.40.171 port 36288 [preauth]
Jun 25 19:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: Failed password for root from 91.92.40.171 port 33202 ssh2
Jun 25 19:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9506]: Connection closed by 91.92.40.171 port 33202 [preauth]
Jun 25 19:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Invalid user kingbase from 91.92.40.171
Jun 25 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: input_userauth_request: invalid user kingbase [preauth]
Jun 25 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Failed password for invalid user kingbase from 91.92.40.171 port 33262 ssh2
Jun 25 19:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Connection closed by 91.92.40.171 port 33262 [preauth]
Jun 25 19:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Invalid user gg from 91.92.40.171
Jun 25 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: input_userauth_request: invalid user gg [preauth]
Jun 25 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Invalid user admin from 2.57.121.25
Jun 25 19:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 19:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Failed password for invalid user gg from 91.92.40.171 port 46050 ssh2
Jun 25 19:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Connection closed by 91.92.40.171 port 46050 [preauth]
Jun 25 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Failed password for invalid user admin from 2.57.121.25 port 41712 ssh2
Jun 25 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8375]: pam_unix(cron:session): session closed for user root
Jun 25 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Failed password for invalid user admin from 2.57.121.25 port 41712 ssh2
Jun 25 19:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Invalid user dev from 91.92.40.171
Jun 25 19:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: input_userauth_request: invalid user dev [preauth]
Jun 25 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Failed password for invalid user admin from 2.57.121.25 port 41712 ssh2
Jun 25 19:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Connection closed by 2.57.121.25 port 41712 [preauth]
Jun 25 19:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 19:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Failed password for invalid user dev from 91.92.40.171 port 44628 ssh2
Jun 25 19:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Connection closed by 91.92.40.171 port 44628 [preauth]
Jun 25 19:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: Failed password for root from 91.92.40.171 port 44646 ssh2
Jun 25 19:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: Connection closed by 91.92.40.171 port 44646 [preauth]
Jun 25 19:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: Invalid user labuser from 91.92.40.171
Jun 25 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: input_userauth_request: invalid user labuser [preauth]
Jun 25 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: Failed password for invalid user labuser from 91.92.40.171 port 49756 ssh2
Jun 25 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: Connection closed by 91.92.40.171 port 49756 [preauth]
Jun 25 19:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: Invalid user cloud-user from 91.92.40.171
Jun 25 19:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: input_userauth_request: invalid user cloud-user [preauth]
Jun 25 19:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: Failed password for invalid user cloud-user from 91.92.40.171 port 49794 ssh2
Jun 25 19:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9619]: Connection closed by 91.92.40.171 port 49794 [preauth]
Jun 25 19:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: Invalid user developer from 91.92.40.171
Jun 25 19:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: input_userauth_request: invalid user developer [preauth]
Jun 25 19:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: Failed password for invalid user developer from 91.92.40.171 port 55496 ssh2
Jun 25 19:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: Connection closed by 91.92.40.171 port 55496 [preauth]
Jun 25 19:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Invalid user user from 91.92.40.171
Jun 25 19:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: input_userauth_request: invalid user user [preauth]
Jun 25 19:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9648]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9646]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9709]: Successful su for rubyman by root
Jun 25 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9709]: + ??? root:rubyman
Jun 25 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592049 of user rubyman.
Jun 25 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9709]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592049.
Jun 25 19:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Failed password for invalid user user from 91.92.40.171 port 55566 ssh2
Jun 25 19:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Connection closed by 91.92.40.171 port 55566 [preauth]
Jun 25 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6900]: pam_unix(cron:session): session closed for user root
Jun 25 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: Invalid user dolphinscheduler from 91.92.40.171
Jun 25 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 25 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9647]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: Failed password for invalid user dolphinscheduler from 91.92.40.171 port 50636 ssh2
Jun 25 19:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: Connection closed by 91.92.40.171 port 50636 [preauth]
Jun 25 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Invalid user admin from 195.178.110.217
Jun 25 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Failed password for invalid user ubuntu from 91.92.40.171 port 50748 ssh2
Jun 25 19:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Connection closed by 91.92.40.171 port 50748 [preauth]
Jun 25 19:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Failed password for invalid user admin from 195.178.110.217 port 45050 ssh2
Jun 25 19:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Connection closed by 195.178.110.217 port 45050 [preauth]
Jun 25 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: Invalid user oracle from 91.92.40.171
Jun 25 19:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: input_userauth_request: invalid user oracle [preauth]
Jun 25 19:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: Failed password for invalid user oracle from 91.92.40.171 port 37880 ssh2
Jun 25 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: Connection closed by 91.92.40.171 port 37880 [preauth]
Jun 25 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Invalid user gitlab-runner from 91.92.40.171
Jun 25 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Failed password for invalid user gitlab-runner from 91.92.40.171 port 37910 ssh2
Jun 25 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Connection closed by 91.92.40.171 port 37910 [preauth]
Jun 25 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10139]: Invalid user odoo18 from 91.92.40.171
Jun 25 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10139]: input_userauth_request: invalid user odoo18 [preauth]
Jun 25 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10139]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10139]: Failed password for invalid user odoo18 from 91.92.40.171 port 42152 ssh2
Jun 25 19:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10139]: Connection closed by 91.92.40.171 port 42152 [preauth]
Jun 25 19:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Invalid user oscar from 91.92.40.171
Jun 25 19:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: input_userauth_request: invalid user oscar [preauth]
Jun 25 19:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session closed for user root
Jun 25 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Failed password for invalid user oscar from 91.92.40.171 port 42178 ssh2
Jun 25 19:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Connection closed by 91.92.40.171 port 42178 [preauth]
Jun 25 19:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Invalid user user from 91.92.40.171
Jun 25 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: input_userauth_request: invalid user user [preauth]
Jun 25 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Failed password for invalid user user from 91.92.40.171 port 41488 ssh2
Jun 25 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Connection closed by 91.92.40.171 port 41488 [preauth]
Jun 25 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Invalid user dev from 91.92.40.171
Jun 25 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: input_userauth_request: invalid user dev [preauth]
Jun 25 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Failed password for invalid user dev from 91.92.40.171 port 41534 ssh2
Jun 25 19:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10195]: Connection closed by 91.92.40.171 port 41534 [preauth]
Jun 25 19:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Failed password for root from 91.92.40.171 port 57806 ssh2
Jun 25 19:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Connection closed by 91.92.40.171 port 57806 [preauth]
Jun 25 19:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 25 19:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Failed password for root from 147.45.211.215 port 59110 ssh2
Jun 25 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Connection closed by 147.45.211.215 port 59110 [preauth]
Jun 25 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Failed password for root from 91.92.40.171 port 57854 ssh2
Jun 25 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Connection closed by 91.92.40.171 port 57854 [preauth]
Jun 25 19:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Invalid user claude from 91.92.40.171
Jun 25 19:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: input_userauth_request: invalid user claude [preauth]
Jun 25 19:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Failed password for invalid user claude from 91.92.40.171 port 40974 ssh2
Jun 25 19:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Connection closed by 91.92.40.171 port 40974 [preauth]
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10342]: pam_unix(cron:session): session closed for user root
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10336]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10413]: Successful su for rubyman by root
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10413]: + ??? root:rubyman
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592055 of user rubyman.
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10413]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592055.
Jun 25 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: Invalid user sftpuser from 91.92.40.171
Jun 25 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: input_userauth_request: invalid user sftpuser [preauth]
Jun 25 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10339]: pam_unix(cron:session): session closed for user root
Jun 25 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7416]: pam_unix(cron:session): session closed for user root
Jun 25 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: Failed password for invalid user sftpuser from 91.92.40.171 port 41056 ssh2
Jun 25 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10436]: Connection closed by 91.92.40.171 port 41056 [preauth]
Jun 25 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10337]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Invalid user user from 91.92.40.171
Jun 25 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: input_userauth_request: invalid user user [preauth]
Jun 25 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Failed password for invalid user user from 91.92.40.171 port 51116 ssh2
Jun 25 19:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Connection closed by 91.92.40.171 port 51116 [preauth]
Jun 25 19:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: Invalid user git from 91.92.40.171
Jun 25 19:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: input_userauth_request: invalid user git [preauth]
Jun 25 19:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: Failed password for invalid user git from 91.92.40.171 port 51158 ssh2
Jun 25 19:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10633]: Connection closed by 91.92.40.171 port 51158 [preauth]
Jun 25 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Failed password for root from 91.92.40.171 port 55414 ssh2
Jun 25 19:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Connection closed by 91.92.40.171 port 55414 [preauth]
Jun 25 19:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Invalid user ai from 91.92.40.171
Jun 25 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: input_userauth_request: invalid user ai [preauth]
Jun 25 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Failed password for invalid user ai from 91.92.40.171 port 37984 ssh2
Jun 25 19:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Connection closed by 91.92.40.171 port 37984 [preauth]
Jun 25 19:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10703]: Failed password for root from 91.92.40.171 port 38096 ssh2
Jun 25 19:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10703]: Connection closed by 91.92.40.171 port 38096 [preauth]
Jun 25 19:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9233]: pam_unix(cron:session): session closed for user root
Jun 25 19:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: Invalid user minecraft from 91.92.40.171
Jun 25 19:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 19:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: Failed password for invalid user minecraft from 91.92.40.171 port 37538 ssh2
Jun 25 19:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: Connection closed by 91.92.40.171 port 37538 [preauth]
Jun 25 19:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: Invalid user alex from 91.92.40.171
Jun 25 19:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: input_userauth_request: invalid user alex [preauth]
Jun 25 19:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: Failed password for invalid user alex from 91.92.40.171 port 37588 ssh2
Jun 25 19:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: Connection closed by 91.92.40.171 port 37588 [preauth]
Jun 25 19:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Invalid user admin from 195.178.110.217
Jun 25 19:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Invalid user liyang from 91.92.40.171
Jun 25 19:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: input_userauth_request: invalid user liyang [preauth]
Jun 25 19:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Failed password for invalid user admin from 195.178.110.217 port 48054 ssh2
Jun 25 19:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Connection closed by 195.178.110.217 port 48054 [preauth]
Jun 25 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Failed password for invalid user liyang from 91.92.40.171 port 53988 ssh2
Jun 25 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Connection closed by 91.92.40.171 port 53988 [preauth]
Jun 25 19:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: User nobody from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: input_userauth_request: invalid user nobody [preauth]
Jun 25 19:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=nobody
Jun 25 19:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Failed password for invalid user nobody from 91.92.40.171 port 54054 ssh2
Jun 25 19:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Connection closed by 91.92.40.171 port 54054 [preauth]
Jun 25 19:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Invalid user lucas from 91.92.40.171
Jun 25 19:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: input_userauth_request: invalid user lucas [preauth]
Jun 25 19:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Failed password for invalid user lucas from 91.92.40.171 port 37894 ssh2
Jun 25 19:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Connection closed by 91.92.40.171 port 37894 [preauth]
Jun 25 19:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Invalid user root1 from 91.92.40.171
Jun 25 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: input_userauth_request: invalid user root1 [preauth]
Jun 25 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10822]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: Successful su for rubyman by root
Jun 25 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: + ??? root:rubyman
Jun 25 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592061 of user rubyman.
Jun 25 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592061.
Jun 25 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Failed password for invalid user root1 from 91.92.40.171 port 37926 ssh2
Jun 25 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Connection closed by 91.92.40.171 port 37926 [preauth]
Jun 25 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7933]: pam_unix(cron:session): session closed for user root
Jun 25 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10823]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Failed password for root from 91.92.40.171 port 50470 ssh2
Jun 25 19:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Connection closed by 91.92.40.171 port 50470 [preauth]
Jun 25 19:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: Failed password for root from 91.92.40.171 port 50490 ssh2
Jun 25 19:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: Connection closed by 91.92.40.171 port 50490 [preauth]
Jun 25 19:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: Failed password for invalid user ubuntu from 91.92.40.171 port 59358 ssh2
Jun 25 19:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: Connection closed by 91.92.40.171 port 59358 [preauth]
Jun 25 19:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Invalid user username from 91.92.40.171
Jun 25 19:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: input_userauth_request: invalid user username [preauth]
Jun 25 19:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Failed password for invalid user username from 91.92.40.171 port 59426 ssh2
Jun 25 19:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11118]: Connection closed by 91.92.40.171 port 59426 [preauth]
Jun 25 19:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Invalid user admin from 91.92.40.171
Jun 25 19:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Failed password for invalid user admin from 91.92.40.171 port 50604 ssh2
Jun 25 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Connection closed by 91.92.40.171 port 50604 [preauth]
Jun 25 19:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Invalid user test from 91.92.40.171
Jun 25 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: input_userauth_request: invalid user test [preauth]
Jun 25 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9649]: pam_unix(cron:session): session closed for user root
Jun 25 19:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Failed password for invalid user test from 91.92.40.171 port 50624 ssh2
Jun 25 19:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Connection closed by 91.92.40.171 port 50624 [preauth]
Jun 25 19:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Invalid user ts3 from 91.92.40.171
Jun 25 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Failed password for invalid user ts3 from 91.92.40.171 port 51320 ssh2
Jun 25 19:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Connection closed by 91.92.40.171 port 51320 [preauth]
Jun 25 19:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Failed password for root from 91.92.40.171 port 51358 ssh2
Jun 25 19:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Connection closed by 91.92.40.171 port 51358 [preauth]
Jun 25 19:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Failed password for root from 91.92.40.171 port 47444 ssh2
Jun 25 19:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Connection closed by 91.92.40.171 port 47444 [preauth]
Jun 25 19:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: Invalid user user1 from 91.92.40.171
Jun 25 19:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: input_userauth_request: invalid user user1 [preauth]
Jun 25 19:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: Failed password for invalid user user1 from 91.92.40.171 port 47466 ssh2
Jun 25 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: Connection closed by 91.92.40.171 port 47466 [preauth]
Jun 25 19:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: Invalid user root1 from 91.92.40.171
Jun 25 19:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: input_userauth_request: invalid user root1 [preauth]
Jun 25 19:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11263]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: Failed password for invalid user root1 from 91.92.40.171 port 39318 ssh2
Jun 25 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11328]: Successful su for rubyman by root
Jun 25 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11328]: + ??? root:rubyman
Jun 25 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592063 of user rubyman.
Jun 25 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11328]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592063.
Jun 25 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: Connection closed by 91.92.40.171 port 39318 [preauth]
Jun 25 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8374]: pam_unix(cron:session): session closed for user root
Jun 25 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11264]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: Failed password for root from 91.92.40.171 port 43164 ssh2
Jun 25 19:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11502]: Connection closed by 91.92.40.171 port 43164 [preauth]
Jun 25 19:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: Invalid user coder from 91.92.40.171
Jun 25 19:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: input_userauth_request: invalid user coder [preauth]
Jun 25 19:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: Failed password for invalid user coder from 91.92.40.171 port 43198 ssh2
Jun 25 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Invalid user admin from 195.178.110.217
Jun 25 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: Connection closed by 91.92.40.171 port 43198 [preauth]
Jun 25 19:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for invalid user admin from 195.178.110.217 port 51054 ssh2
Jun 25 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Connection closed by 195.178.110.217 port 51054 [preauth]
Jun 25 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: Invalid user deployer from 91.92.40.171
Jun 25 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: input_userauth_request: invalid user deployer [preauth]
Jun 25 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: Failed password for invalid user deployer from 91.92.40.171 port 56892 ssh2
Jun 25 19:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: Connection closed by 91.92.40.171 port 56892 [preauth]
Jun 25 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Invalid user developer from 91.92.40.171
Jun 25 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: input_userauth_request: invalid user developer [preauth]
Jun 25 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Failed password for invalid user developer from 91.92.40.171 port 56956 ssh2
Jun 25 19:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Connection closed by 91.92.40.171 port 56956 [preauth]
Jun 25 19:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Invalid user odoo17 from 91.92.40.171
Jun 25 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Failed password for invalid user odoo17 from 91.92.40.171 port 33610 ssh2
Jun 25 19:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Connection closed by 91.92.40.171 port 33610 [preauth]
Jun 25 19:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: Invalid user x from 91.92.40.171
Jun 25 19:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: input_userauth_request: invalid user x [preauth]
Jun 25 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10341]: pam_unix(cron:session): session closed for user root
Jun 25 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: Failed password for invalid user x from 91.92.40.171 port 33616 ssh2
Jun 25 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: Connection closed by 91.92.40.171 port 33616 [preauth]
Jun 25 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Invalid user security from 91.92.40.171
Jun 25 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: input_userauth_request: invalid user security [preauth]
Jun 25 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Failed password for invalid user security from 91.92.40.171 port 57828 ssh2
Jun 25 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Connection closed by 91.92.40.171 port 57828 [preauth]
Jun 25 19:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11648]: Invalid user gabriel from 91.92.40.171
Jun 25 19:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11648]: input_userauth_request: invalid user gabriel [preauth]
Jun 25 19:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11648]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11648]: Failed password for invalid user gabriel from 91.92.40.171 port 57896 ssh2
Jun 25 19:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11648]: Connection closed by 91.92.40.171 port 57896 [preauth]
Jun 25 19:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11671]: Failed password for root from 91.92.40.171 port 44362 ssh2
Jun 25 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11671]: Connection closed by 91.92.40.171 port 44362 [preauth]
Jun 25 19:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: Invalid user chris from 91.92.40.171
Jun 25 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: input_userauth_request: invalid user chris [preauth]
Jun 25 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: Failed password for invalid user chris from 91.92.40.171 port 44408 ssh2
Jun 25 19:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11681]: Connection closed by 91.92.40.171 port 44408 [preauth]
Jun 25 19:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11692]: Invalid user zahra from 91.92.40.171
Jun 25 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11692]: input_userauth_request: invalid user zahra [preauth]
Jun 25 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11692]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11692]: Failed password for invalid user zahra from 91.92.40.171 port 57848 ssh2
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11692]: Connection closed by 91.92.40.171 port 57848 [preauth]
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11695]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11775]: Successful su for rubyman by root
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11775]: + ??? root:rubyman
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592067 of user rubyman.
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11775]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592067.
Jun 25 19:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session closed for user root
Jun 25 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11696]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11908]: Failed password for root from 91.92.40.171 port 57928 ssh2
Jun 25 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11908]: Connection closed by 91.92.40.171 port 57928 [preauth]
Jun 25 19:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Invalid user www from 91.92.40.171
Jun 25 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: input_userauth_request: invalid user www [preauth]
Jun 25 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Failed password for invalid user www from 91.92.40.171 port 35512 ssh2
Jun 25 19:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Connection closed by 91.92.40.171 port 35512 [preauth]
Jun 25 19:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Invalid user dev from 91.92.40.171
Jun 25 19:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: input_userauth_request: invalid user dev [preauth]
Jun 25 19:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Failed password for invalid user dev from 91.92.40.171 port 38636 ssh2
Jun 25 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Connection closed by 91.92.40.171 port 38636 [preauth]
Jun 25 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Invalid user server from 91.92.40.171
Jun 25 19:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: input_userauth_request: invalid user server [preauth]
Jun 25 19:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Failed password for invalid user server from 91.92.40.171 port 38682 ssh2
Jun 25 19:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Connection closed by 91.92.40.171 port 38682 [preauth]
Jun 25 19:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Invalid user odoo from 91.92.40.171
Jun 25 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: input_userauth_request: invalid user odoo [preauth]
Jun 25 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Failed password for invalid user odoo from 91.92.40.171 port 44020 ssh2
Jun 25 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Connection closed by 91.92.40.171 port 44020 [preauth]
Jun 25 19:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: User vncuser from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: input_userauth_request: invalid user vncuser [preauth]
Jun 25 19:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=vncuser
Jun 25 19:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10825]: pam_unix(cron:session): session closed for user root
Jun 25 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: Failed password for invalid user vncuser from 91.92.40.171 port 44098 ssh2
Jun 25 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: Connection closed by 91.92.40.171 port 44098 [preauth]
Jun 25 19:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Failed password for root from 91.92.40.171 port 52890 ssh2
Jun 25 19:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Connection closed by 91.92.40.171 port 52890 [preauth]
Jun 25 19:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12124]: Invalid user lin from 91.92.40.171
Jun 25 19:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12124]: input_userauth_request: invalid user lin [preauth]
Jun 25 19:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12124]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: Invalid user admin from 195.178.110.217
Jun 25 19:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12124]: Failed password for invalid user lin from 91.92.40.171 port 52968 ssh2
Jun 25 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12124]: Connection closed by 91.92.40.171 port 52968 [preauth]
Jun 25 19:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: Failed password for invalid user admin from 195.178.110.217 port 54030 ssh2
Jun 25 19:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: Connection closed by 195.178.110.217 port 54030 [preauth]
Jun 25 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Invalid user botuser from 91.92.40.171
Jun 25 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: input_userauth_request: invalid user botuser [preauth]
Jun 25 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Failed password for invalid user botuser from 91.92.40.171 port 43108 ssh2
Jun 25 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Connection closed by 91.92.40.171 port 43108 [preauth]
Jun 25 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Invalid user sam from 91.92.40.171
Jun 25 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: input_userauth_request: invalid user sam [preauth]
Jun 25 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Failed password for invalid user sam from 91.92.40.171 port 43148 ssh2
Jun 25 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Connection closed by 91.92.40.171 port 43148 [preauth]
Jun 25 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Failed password for root from 91.92.40.171 port 36404 ssh2
Jun 25 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Connection closed by 91.92.40.171 port 36404 [preauth]
Jun 25 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12422]: Successful su for rubyman by root
Jun 25 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12422]: + ??? root:rubyman
Jun 25 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592071 of user rubyman.
Jun 25 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12422]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592071.
Jun 25 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12182]: pam_unix(cron:session): session closed for user root
Jun 25 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9232]: pam_unix(cron:session): session closed for user root
Jun 25 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Invalid user cursor from 91.92.40.171
Jun 25 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: input_userauth_request: invalid user cursor [preauth]
Jun 25 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Failed password for invalid user cursor from 91.92.40.171 port 36456 ssh2
Jun 25 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Connection closed by 91.92.40.171 port 36456 [preauth]
Jun 25 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: Invalid user bitrix from 91.92.40.171
Jun 25 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: input_userauth_request: invalid user bitrix [preauth]
Jun 25 19:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: Failed password for root from 103.176.20.57 port 36002 ssh2
Jun 25 19:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: Connection closed by 103.176.20.57 port 36002 [preauth]
Jun 25 19:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: Failed password for invalid user bitrix from 91.92.40.171 port 50990 ssh2
Jun 25 19:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: Connection closed by 91.92.40.171 port 50990 [preauth]
Jun 25 19:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Invalid user azureuser from 91.92.40.171
Jun 25 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: input_userauth_request: invalid user azureuser [preauth]
Jun 25 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Failed password for invalid user azureuser from 91.92.40.171 port 44684 ssh2
Jun 25 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Connection closed by 91.92.40.171 port 44684 [preauth]
Jun 25 19:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Invalid user kali from 91.92.40.171
Jun 25 19:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: input_userauth_request: invalid user kali [preauth]
Jun 25 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Failed password for invalid user kali from 91.92.40.171 port 44720 ssh2
Jun 25 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Connection closed by 91.92.40.171 port 44720 [preauth]
Jun 25 19:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: Invalid user user from 91.92.40.171
Jun 25 19:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: input_userauth_request: invalid user user [preauth]
Jun 25 19:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: Failed password for invalid user user from 91.92.40.171 port 58054 ssh2
Jun 25 19:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: Connection closed by 91.92.40.171 port 58054 [preauth]
Jun 25 19:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: Invalid user deploy from 91.92.40.171
Jun 25 19:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11266]: pam_unix(cron:session): session closed for user root
Jun 25 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: Failed password for invalid user deploy from 91.92.40.171 port 58086 ssh2
Jun 25 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: Connection closed by 91.92.40.171 port 58086 [preauth]
Jun 25 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Invalid user daniel from 193.46.255.86
Jun 25 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: input_userauth_request: invalid user daniel [preauth]
Jun 25 19:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Failed password for invalid user daniel from 193.46.255.86 port 3982 ssh2
Jun 25 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Invalid user jack from 91.92.40.171
Jun 25 19:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: input_userauth_request: invalid user jack [preauth]
Jun 25 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Failed password for invalid user daniel from 193.46.255.86 port 3982 ssh2
Jun 25 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Failed password for invalid user jack from 91.92.40.171 port 57624 ssh2
Jun 25 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Connection closed by 91.92.40.171 port 57624 [preauth]
Jun 25 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Failed password for invalid user daniel from 193.46.255.86 port 3982 ssh2
Jun 25 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Connection closed by 193.46.255.86 port 3982 [preauth]
Jun 25 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Invalid user amit from 91.92.40.171
Jun 25 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: input_userauth_request: invalid user amit [preauth]
Jun 25 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Failed password for invalid user amit from 91.92.40.171 port 57664 ssh2
Jun 25 19:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Connection closed by 91.92.40.171 port 57664 [preauth]
Jun 25 19:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Failed password for root from 91.92.40.171 port 44368 ssh2
Jun 25 19:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Connection closed by 91.92.40.171 port 44368 [preauth]
Jun 25 19:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Failed password for root from 103.77.242.62 port 49512 ssh2
Jun 25 19:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Connection closed by 103.77.242.62 port 49512 [preauth]
Jun 25 19:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Failed password for root from 91.92.40.171 port 44394 ssh2
Jun 25 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Connection closed by 91.92.40.171 port 44394 [preauth]
Jun 25 19:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: Invalid user devops from 91.92.40.171
Jun 25 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: input_userauth_request: invalid user devops [preauth]
Jun 25 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: Failed password for invalid user devops from 91.92.40.171 port 44430 ssh2
Jun 25 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: Connection closed by 91.92.40.171 port 44430 [preauth]
Jun 25 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12838]: pam_unix(cron:session): session closed for user root
Jun 25 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12833]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12912]: Successful su for rubyman by root
Jun 25 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12912]: + ??? root:rubyman
Jun 25 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592076 of user rubyman.
Jun 25 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12912]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592076.
Jun 25 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: Invalid user home from 91.92.40.171
Jun 25 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: input_userauth_request: invalid user home [preauth]
Jun 25 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12835]: pam_unix(cron:session): session closed for user root
Jun 25 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9648]: pam_unix(cron:session): session closed for user root
Jun 25 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: Failed password for invalid user home from 91.92.40.171 port 44438 ssh2
Jun 25 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: Connection closed by 91.92.40.171 port 44438 [preauth]
Jun 25 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12834]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Invalid user user1 from 91.92.40.171
Jun 25 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: input_userauth_request: invalid user user1 [preauth]
Jun 25 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Failed password for invalid user user1 from 91.92.40.171 port 52794 ssh2
Jun 25 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Connection closed by 91.92.40.171 port 52794 [preauth]
Jun 25 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Invalid user admin from 195.178.110.217
Jun 25 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Invalid user nutanix from 91.92.40.171
Jun 25 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: input_userauth_request: invalid user nutanix [preauth]
Jun 25 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Failed password for invalid user admin from 195.178.110.217 port 57026 ssh2
Jun 25 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Connection closed by 195.178.110.217 port 57026 [preauth]
Jun 25 19:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Failed password for invalid user nutanix from 91.92.40.171 port 52844 ssh2
Jun 25 19:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Connection closed by 91.92.40.171 port 52844 [preauth]
Jun 25 19:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: Invalid user guest from 91.92.40.171
Jun 25 19:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: input_userauth_request: invalid user guest [preauth]
Jun 25 19:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: Failed password for invalid user guest from 91.92.40.171 port 49180 ssh2
Jun 25 19:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: Connection closed by 91.92.40.171 port 49180 [preauth]
Jun 25 19:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: Invalid user rocky from 91.92.40.171
Jun 25 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: input_userauth_request: invalid user rocky [preauth]
Jun 25 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: Failed password for invalid user rocky from 91.92.40.171 port 49254 ssh2
Jun 25 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: Connection closed by 91.92.40.171 port 49254 [preauth]
Jun 25 19:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: Failed password for root from 91.92.40.171 port 34270 ssh2
Jun 25 19:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: Connection closed by 91.92.40.171 port 34270 [preauth]
Jun 25 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11698]: pam_unix(cron:session): session closed for user root
Jun 25 19:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Invalid user user3 from 91.92.40.171
Jun 25 19:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: input_userauth_request: invalid user user3 [preauth]
Jun 25 19:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Failed password for invalid user user3 from 91.92.40.171 port 40124 ssh2
Jun 25 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Connection closed by 91.92.40.171 port 40124 [preauth]
Jun 25 19:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: Invalid user jack from 91.92.40.171
Jun 25 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: input_userauth_request: invalid user jack [preauth]
Jun 25 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: Failed password for invalid user jack from 91.92.40.171 port 40166 ssh2
Jun 25 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: Connection closed by 91.92.40.171 port 40166 [preauth]
Jun 25 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: Invalid user deployer from 91.92.40.171
Jun 25 19:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: input_userauth_request: invalid user deployer [preauth]
Jun 25 19:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: Failed password for invalid user deployer from 91.92.40.171 port 43896 ssh2
Jun 25 19:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: Connection closed by 91.92.40.171 port 43896 [preauth]
Jun 25 19:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13282]: Failed password for root from 91.92.40.171 port 43930 ssh2
Jun 25 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13282]: Connection closed by 91.92.40.171 port 43930 [preauth]
Jun 25 19:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Invalid user admin from 91.92.40.171
Jun 25 19:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Failed password for invalid user admin from 91.92.40.171 port 33156 ssh2
Jun 25 19:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Connection closed by 91.92.40.171 port 33156 [preauth]
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13309]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: Invalid user webuser from 91.92.40.171
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: input_userauth_request: invalid user webuser [preauth]
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13376]: Successful su for rubyman by root
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13376]: + ??? root:rubyman
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592082 of user rubyman.
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13376]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592082.
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: Failed password for invalid user webuser from 91.92.40.171 port 33190 ssh2
Jun 25 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: Connection closed by 91.92.40.171 port 33190 [preauth]
Jun 25 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10340]: pam_unix(cron:session): session closed for user root
Jun 25 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13310]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: Invalid user user2 from 91.92.40.171
Jun 25 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: input_userauth_request: invalid user user2 [preauth]
Jun 25 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: Failed password for invalid user user2 from 91.92.40.171 port 51840 ssh2
Jun 25 19:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: Connection closed by 91.92.40.171 port 51840 [preauth]
Jun 25 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Failed password for root from 91.92.40.171 port 51886 ssh2
Jun 25 19:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Connection closed by 91.92.40.171 port 51886 [preauth]
Jun 25 19:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Invalid user tomcat from 91.92.40.171
Jun 25 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: input_userauth_request: invalid user tomcat [preauth]
Jun 25 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Failed password for invalid user tomcat from 91.92.40.171 port 32842 ssh2
Jun 25 19:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Connection closed by 91.92.40.171 port 32842 [preauth]
Jun 25 19:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Failed password for root from 91.92.40.171 port 32888 ssh2
Jun 25 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Connection closed by 91.92.40.171 port 32888 [preauth]
Jun 25 19:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Invalid user root1 from 91.92.40.171
Jun 25 19:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: input_userauth_request: invalid user root1 [preauth]
Jun 25 19:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for invalid user root1 from 91.92.40.171 port 52396 ssh2
Jun 25 19:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Connection closed by 91.92.40.171 port 52396 [preauth]
Jun 25 19:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: Invalid user admin from 91.92.40.171
Jun 25 19:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: Failed password for invalid user admin from 91.92.40.171 port 52442 ssh2
Jun 25 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: Connection closed by 91.92.40.171 port 52442 [preauth]
Jun 25 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session closed for user root
Jun 25 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Invalid user user from 91.92.40.171
Jun 25 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: input_userauth_request: invalid user user [preauth]
Jun 25 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Failed password for invalid user user from 91.92.40.171 port 53430 ssh2
Jun 25 19:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13666]: Connection closed by 91.92.40.171 port 53430 [preauth]
Jun 25 19:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13671]: Invalid user crafty from 91.92.40.171
Jun 25 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13671]: input_userauth_request: invalid user crafty [preauth]
Jun 25 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13671]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13671]: Failed password for invalid user crafty from 91.92.40.171 port 53470 ssh2
Jun 25 19:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13671]: Connection closed by 91.92.40.171 port 53470 [preauth]
Jun 25 19:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Invalid user admin from 195.178.110.217
Jun 25 19:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: Invalid user private from 91.92.40.171
Jun 25 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: input_userauth_request: invalid user private [preauth]
Jun 25 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Failed password for invalid user admin from 195.178.110.217 port 60032 ssh2
Jun 25 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Connection closed by 195.178.110.217 port 60032 [preauth]
Jun 25 19:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: Failed password for invalid user private from 91.92.40.171 port 34880 ssh2
Jun 25 19:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: Connection closed by 91.92.40.171 port 34880 [preauth]
Jun 25 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: Invalid user frappe from 91.92.40.171
Jun 25 19:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: input_userauth_request: invalid user frappe [preauth]
Jun 25 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: Failed password for invalid user frappe from 91.92.40.171 port 34914 ssh2
Jun 25 19:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: Connection closed by 91.92.40.171 port 34914 [preauth]
Jun 25 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: Invalid user debian from 91.92.40.171
Jun 25 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: input_userauth_request: invalid user debian [preauth]
Jun 25 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: Failed password for invalid user debian from 91.92.40.171 port 57734 ssh2
Jun 25 19:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: Connection closed by 91.92.40.171 port 57734 [preauth]
Jun 25 19:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Invalid user user from 91.92.40.171
Jun 25 19:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: input_userauth_request: invalid user user [preauth]
Jun 25 19:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13748]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for invalid user user from 91.92.40.171 port 57798 ssh2
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Connection closed by 91.92.40.171 port 57798 [preauth]
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13811]: Successful su for rubyman by root
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13811]: + ??? root:rubyman
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592087 of user rubyman.
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13811]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592087.
Jun 25 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Invalid user ranga from 91.92.40.171
Jun 25 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: input_userauth_request: invalid user ranga [preauth]
Jun 25 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10824]: pam_unix(cron:session): session closed for user root
Jun 25 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13751]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Failed password for invalid user ranga from 91.92.40.171 port 38816 ssh2
Jun 25 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Connection closed by 91.92.40.171 port 38816 [preauth]
Jun 25 19:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Invalid user fivem from 91.92.40.171
Jun 25 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: input_userauth_request: invalid user fivem [preauth]
Jun 25 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Failed password for invalid user fivem from 91.92.40.171 port 38856 ssh2
Jun 25 19:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Connection closed by 91.92.40.171 port 38856 [preauth]
Jun 25 19:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Invalid user rocky from 91.92.40.171
Jun 25 19:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: input_userauth_request: invalid user rocky [preauth]
Jun 25 19:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Failed password for invalid user rocky from 91.92.40.171 port 38896 ssh2
Jun 25 19:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Connection closed by 91.92.40.171 port 38896 [preauth]
Jun 25 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14039]: Invalid user test from 91.92.40.171
Jun 25 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14039]: input_userauth_request: invalid user test [preauth]
Jun 25 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14039]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14039]: Failed password for invalid user test from 91.92.40.171 port 37488 ssh2
Jun 25 19:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14039]: Connection closed by 91.92.40.171 port 37488 [preauth]
Jun 25 19:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Failed password for root from 91.92.40.171 port 37518 ssh2
Jun 25 19:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Connection closed by 91.92.40.171 port 37518 [preauth]
Jun 25 19:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: Invalid user angel from 91.92.40.171
Jun 25 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: input_userauth_request: invalid user angel [preauth]
Jun 25 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: Failed password for invalid user angel from 91.92.40.171 port 45684 ssh2
Jun 25 19:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14072]: Connection closed by 91.92.40.171 port 45684 [preauth]
Jun 25 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: Invalid user ansible from 91.92.40.171
Jun 25 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: input_userauth_request: invalid user ansible [preauth]
Jun 25 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12837]: pam_unix(cron:session): session closed for user root
Jun 25 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: Failed password for invalid user ansible from 91.92.40.171 port 45710 ssh2
Jun 25 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14082]: Connection closed by 91.92.40.171 port 45710 [preauth]
Jun 25 19:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: Failed password for root from 91.92.40.171 port 41260 ssh2
Jun 25 19:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: Connection closed by 91.92.40.171 port 41260 [preauth]
Jun 25 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: Invalid user odoo from 91.92.40.171
Jun 25 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: input_userauth_request: invalid user odoo [preauth]
Jun 25 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: Failed password for invalid user odoo from 91.92.40.171 port 41282 ssh2
Jun 25 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14114]: Connection closed by 91.92.40.171 port 41282 [preauth]
Jun 25 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: Invalid user user from 91.92.40.171
Jun 25 19:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: input_userauth_request: invalid user user [preauth]
Jun 25 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: Failed password for invalid user user from 91.92.40.171 port 34342 ssh2
Jun 25 19:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: Connection closed by 91.92.40.171 port 34342 [preauth]
Jun 25 19:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: Failed password for invalid user ubuntu from 91.92.40.171 port 34418 ssh2
Jun 25 19:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: Connection closed by 91.92.40.171 port 34418 [preauth]
Jun 25 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14157]: Failed password for root from 91.92.40.171 port 43462 ssh2
Jun 25 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14157]: Connection closed by 91.92.40.171 port 43462 [preauth]
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14172]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14169]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: Successful su for rubyman by root
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: + ??? root:rubyman
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592090 of user rubyman.
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592090.
Jun 25 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: Invalid user gitlab from 91.92.40.171
Jun 25 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: input_userauth_request: invalid user gitlab [preauth]
Jun 25 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11265]: pam_unix(cron:session): session closed for user root
Jun 25 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: Failed password for invalid user gitlab from 91.92.40.171 port 43526 ssh2
Jun 25 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14231]: Connection closed by 91.92.40.171 port 43526 [preauth]
Jun 25 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14170]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Failed password for root from 91.92.40.171 port 53822 ssh2
Jun 25 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Connection closed by 91.92.40.171 port 53822 [preauth]
Jun 25 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: Invalid user admin from 195.178.110.217
Jun 25 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Invalid user dani from 91.92.40.171
Jun 25 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: input_userauth_request: invalid user dani [preauth]
Jun 25 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: Failed password for invalid user admin from 195.178.110.217 port 34792 ssh2
Jun 25 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Failed password for invalid user dani from 91.92.40.171 port 53868 ssh2
Jun 25 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: Connection closed by 195.178.110.217 port 34792 [preauth]
Jun 25 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Connection closed by 91.92.40.171 port 53868 [preauth]
Jun 25 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Invalid user deployer from 91.92.40.171
Jun 25 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: input_userauth_request: invalid user deployer [preauth]
Jun 25 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Failed password for invalid user deployer from 91.92.40.171 port 35216 ssh2
Jun 25 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Connection closed by 91.92.40.171 port 35216 [preauth]
Jun 25 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Invalid user newuser from 91.92.40.171
Jun 25 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: input_userauth_request: invalid user newuser [preauth]
Jun 25 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Failed password for invalid user newuser from 91.92.40.171 port 35264 ssh2
Jun 25 19:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Connection closed by 91.92.40.171 port 35264 [preauth]
Jun 25 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: Invalid user rocky from 91.92.40.171
Jun 25 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: input_userauth_request: invalid user rocky [preauth]
Jun 25 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: Failed password for invalid user rocky from 91.92.40.171 port 55778 ssh2
Jun 25 19:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: Connection closed by 91.92.40.171 port 55778 [preauth]
Jun 25 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Invalid user pi from 91.92.40.171
Jun 25 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: input_userauth_request: invalid user pi [preauth]
Jun 25 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13312]: pam_unix(cron:session): session closed for user root
Jun 25 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Failed password for invalid user pi from 91.92.40.171 port 55870 ssh2
Jun 25 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Connection closed by 91.92.40.171 port 55870 [preauth]
Jun 25 19:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: Failed password for root from 91.92.40.171 port 37634 ssh2
Jun 25 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: Connection closed by 91.92.40.171 port 37634 [preauth]
Jun 25 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: User ftp from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: input_userauth_request: invalid user ftp [preauth]
Jun 25 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=ftp
Jun 25 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: Failed password for invalid user ftp from 91.92.40.171 port 37666 ssh2
Jun 25 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: Connection closed by 91.92.40.171 port 37666 [preauth]
Jun 25 19:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Failed password for root from 91.92.40.171 port 58798 ssh2
Jun 25 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Connection closed by 91.92.40.171 port 58798 [preauth]
Jun 25 19:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Invalid user openclaw from 91.92.40.171
Jun 25 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Failed password for invalid user openclaw from 91.92.40.171 port 58852 ssh2
Jun 25 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Connection closed by 91.92.40.171 port 58852 [preauth]
Jun 25 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Invalid user adminuser from 91.92.40.171
Jun 25 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: input_userauth_request: invalid user adminuser [preauth]
Jun 25 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Failed password for invalid user adminuser from 91.92.40.171 port 44994 ssh2
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Connection closed by 91.92.40.171 port 44994 [preauth]
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: Successful su for rubyman by root
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: + ??? root:rubyman
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592094 of user rubyman.
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14693]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592094.
Jun 25 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14855]: Invalid user teamspeak from 91.92.40.171
Jun 25 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14855]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11697]: pam_unix(cron:session): session closed for user root
Jun 25 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14855]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14855]: Failed password for invalid user teamspeak from 91.92.40.171 port 45012 ssh2
Jun 25 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14855]: Connection closed by 91.92.40.171 port 45012 [preauth]
Jun 25 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Invalid user webuser from 91.92.40.171
Jun 25 19:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: input_userauth_request: invalid user webuser [preauth]
Jun 25 19:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Failed password for invalid user webuser from 91.92.40.171 port 49872 ssh2
Jun 25 19:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Connection closed by 91.92.40.171 port 49872 [preauth]
Jun 25 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Invalid user admin from 91.92.40.171
Jun 25 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Failed password for invalid user admin from 91.92.40.171 port 60248 ssh2
Jun 25 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Connection closed by 91.92.40.171 port 60248 [preauth]
Jun 25 19:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Invalid user deploy from 91.92.40.171
Jun 25 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Failed password for invalid user deploy from 91.92.40.171 port 60264 ssh2
Jun 25 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Connection closed by 91.92.40.171 port 60264 [preauth]
Jun 25 19:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: Invalid user nexus from 91.92.40.171
Jun 25 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: input_userauth_request: invalid user nexus [preauth]
Jun 25 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: Failed password for invalid user nexus from 91.92.40.171 port 59988 ssh2
Jun 25 19:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14976]: Connection closed by 91.92.40.171 port 59988 [preauth]
Jun 25 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Failed password for root from 91.92.40.171 port 60074 ssh2
Jun 25 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Connection closed by 91.92.40.171 port 60074 [preauth]
Jun 25 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13753]: pam_unix(cron:session): session closed for user root
Jun 25 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Invalid user test3 from 91.92.40.171
Jun 25 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: input_userauth_request: invalid user test3 [preauth]
Jun 25 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Failed password for invalid user test3 from 91.92.40.171 port 54112 ssh2
Jun 25 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Connection closed by 91.92.40.171 port 54112 [preauth]
Jun 25 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Invalid user admin from 195.178.110.217
Jun 25 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: Invalid user config from 91.92.40.171
Jun 25 19:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: input_userauth_request: invalid user config [preauth]
Jun 25 19:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Failed password for invalid user admin from 195.178.110.217 port 37804 ssh2
Jun 25 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Connection closed by 195.178.110.217 port 37804 [preauth]
Jun 25 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: Failed password for invalid user config from 91.92.40.171 port 54158 ssh2
Jun 25 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: Connection closed by 91.92.40.171 port 54158 [preauth]
Jun 25 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Invalid user git from 91.92.40.171
Jun 25 19:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: input_userauth_request: invalid user git [preauth]
Jun 25 19:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Failed password for invalid user git from 91.92.40.171 port 32818 ssh2
Jun 25 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15065]: Connection closed by 91.92.40.171 port 32818 [preauth]
Jun 25 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: Invalid user testuser from 91.92.40.171
Jun 25 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: input_userauth_request: invalid user testuser [preauth]
Jun 25 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: Failed password for invalid user testuser from 91.92.40.171 port 32848 ssh2
Jun 25 19:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: Connection closed by 91.92.40.171 port 32848 [preauth]
Jun 25 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: Invalid user localhost from 91.92.40.171
Jun 25 19:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: input_userauth_request: invalid user localhost [preauth]
Jun 25 19:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: Failed password for invalid user localhost from 91.92.40.171 port 50930 ssh2
Jun 25 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: Connection closed by 91.92.40.171 port 50930 [preauth]
Jun 25 19:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: Invalid user test from 91.92.40.171
Jun 25 19:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: input_userauth_request: invalid user test [preauth]
Jun 25 19:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: Failed password for invalid user test from 91.92.40.171 port 51016 ssh2
Jun 25 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15110]: pam_unix(cron:session): session closed for user root
Jun 25 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15104]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15093]: Connection closed by 91.92.40.171 port 51016 [preauth]
Jun 25 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: Successful su for rubyman by root
Jun 25 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: + ??? root:rubyman
Jun 25 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592098 of user rubyman.
Jun 25 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592098.
Jun 25 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15106]: pam_unix(cron:session): session closed for user root
Jun 25 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: Invalid user deploy from 91.92.40.171
Jun 25 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12186]: pam_unix(cron:session): session closed for user root
Jun 25 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: Failed password for invalid user deploy from 91.92.40.171 port 41036 ssh2
Jun 25 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15282]: Connection closed by 91.92.40.171 port 41036 [preauth]
Jun 25 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15105]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Invalid user a from 91.92.40.171
Jun 25 19:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: input_userauth_request: invalid user a [preauth]
Jun 25 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Failed password for invalid user a from 91.92.40.171 port 41084 ssh2
Jun 25 19:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Connection closed by 91.92.40.171 port 41084 [preauth]
Jun 25 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15404]: Failed password for root from 91.92.40.171 port 41026 ssh2
Jun 25 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15404]: Connection closed by 91.92.40.171 port 41026 [preauth]
Jun 25 19:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Invalid user mc from 91.92.40.171
Jun 25 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: input_userauth_request: invalid user mc [preauth]
Jun 25 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user mc from 91.92.40.171 port 41108 ssh2
Jun 25 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Connection closed by 91.92.40.171 port 41108 [preauth]
Jun 25 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: Invalid user devops from 91.92.40.171
Jun 25 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: input_userauth_request: invalid user devops [preauth]
Jun 25 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: Failed password for invalid user devops from 91.92.40.171 port 55600 ssh2
Jun 25 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: Connection closed by 91.92.40.171 port 55600 [preauth]
Jun 25 19:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Invalid user alex from 91.92.40.171
Jun 25 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: input_userauth_request: invalid user alex [preauth]
Jun 25 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session closed for user root
Jun 25 19:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Failed password for invalid user alex from 91.92.40.171 port 55662 ssh2
Jun 25 19:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Connection closed by 91.92.40.171 port 55662 [preauth]
Jun 25 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: Invalid user ftpuser1 from 91.92.40.171
Jun 25 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: input_userauth_request: invalid user ftpuser1 [preauth]
Jun 25 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: Failed password for invalid user ftpuser1 from 91.92.40.171 port 52220 ssh2
Jun 25 19:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: Connection closed by 91.92.40.171 port 52220 [preauth]
Jun 25 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Failed password for root from 91.92.40.171 port 52248 ssh2
Jun 25 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Connection closed by 91.92.40.171 port 52248 [preauth]
Jun 25 19:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Failed password for root from 91.92.40.171 port 54910 ssh2
Jun 25 19:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Connection closed by 91.92.40.171 port 54910 [preauth]
Jun 25 19:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Failed password for root from 91.92.40.171 port 54974 ssh2
Jun 25 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Connection closed by 91.92.40.171 port 54974 [preauth]
Jun 25 19:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: Invalid user admin from 91.92.40.171
Jun 25 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: Failed password for invalid user admin from 91.92.40.171 port 50342 ssh2
Jun 25 19:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: Connection closed by 91.92.40.171 port 50342 [preauth]
Jun 25 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: Successful su for rubyman by root
Jun 25 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: + ??? root:rubyman
Jun 25 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592106 of user rubyman.
Jun 25 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592106.
Jun 25 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Invalid user jakob from 91.92.40.171
Jun 25 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: input_userauth_request: invalid user jakob [preauth]
Jun 25 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12836]: pam_unix(cron:session): session closed for user root
Jun 25 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Failed password for invalid user jakob from 91.92.40.171 port 50386 ssh2
Jun 25 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Connection closed by 91.92.40.171 port 50386 [preauth]
Jun 25 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15615]: Invalid user admin from 195.178.110.217
Jun 25 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15615]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15615]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15615]: Failed password for invalid user admin from 195.178.110.217 port 40856 ssh2
Jun 25 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15615]: Connection closed by 195.178.110.217 port 40856 [preauth]
Jun 25 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Invalid user tester from 91.92.40.171
Jun 25 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: input_userauth_request: invalid user tester [preauth]
Jun 25 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Failed password for invalid user tester from 91.92.40.171 port 49414 ssh2
Jun 25 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Connection closed by 91.92.40.171 port 49414 [preauth]
Jun 25 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: Invalid user user from 91.92.40.171
Jun 25 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: input_userauth_request: invalid user user [preauth]
Jun 25 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: Failed password for invalid user user from 91.92.40.171 port 40628 ssh2
Jun 25 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15826]: Connection closed by 91.92.40.171 port 40628 [preauth]
Jun 25 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: Invalid user bob from 91.92.40.171
Jun 25 19:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: input_userauth_request: invalid user bob [preauth]
Jun 25 19:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: Failed password for invalid user bob from 91.92.40.171 port 40696 ssh2
Jun 25 19:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15836]: Connection closed by 91.92.40.171 port 40696 [preauth]
Jun 25 19:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: Invalid user main from 91.92.40.171
Jun 25 19:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: input_userauth_request: invalid user main [preauth]
Jun 25 19:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: Failed password for invalid user main from 91.92.40.171 port 41682 ssh2
Jun 25 19:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: Connection closed by 91.92.40.171 port 41682 [preauth]
Jun 25 19:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Failed password for root from 91.92.40.171 port 41738 ssh2
Jun 25 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Connection closed by 91.92.40.171 port 41738 [preauth]
Jun 25 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14584]: pam_unix(cron:session): session closed for user root
Jun 25 19:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: Failed password for root from 91.92.40.171 port 56184 ssh2
Jun 25 19:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: Connection closed by 91.92.40.171 port 56184 [preauth]
Jun 25 19:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: Invalid user pi from 91.92.40.171
Jun 25 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: input_userauth_request: invalid user pi [preauth]
Jun 25 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: Failed password for invalid user pi from 91.92.40.171 port 56216 ssh2
Jun 25 19:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: Connection closed by 91.92.40.171 port 56216 [preauth]
Jun 25 19:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Invalid user aaa from 91.92.40.171
Jun 25 19:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: input_userauth_request: invalid user aaa [preauth]
Jun 25 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Failed password for invalid user aaa from 91.92.40.171 port 59314 ssh2
Jun 25 19:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Connection closed by 91.92.40.171 port 59314 [preauth]
Jun 25 19:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Invalid user admin1 from 91.92.40.171
Jun 25 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Failed password for invalid user admin1 from 91.92.40.171 port 59358 ssh2
Jun 25 19:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Connection closed by 91.92.40.171 port 59358 [preauth]
Jun 25 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Invalid user crafty from 91.92.40.171
Jun 25 19:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: input_userauth_request: invalid user crafty [preauth]
Jun 25 19:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Failed password for invalid user crafty from 91.92.40.171 port 50378 ssh2
Jun 25 19:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Connection closed by 91.92.40.171 port 50378 [preauth]
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: Successful su for rubyman by root
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: + ??? root:rubyman
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592109 of user rubyman.
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16028]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592109.
Jun 25 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Invalid user mcserver from 91.92.40.171
Jun 25 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: input_userauth_request: invalid user mcserver [preauth]
Jun 25 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13311]: pam_unix(cron:session): session closed for user root
Jun 25 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Failed password for invalid user mcserver from 91.92.40.171 port 50402 ssh2
Jun 25 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Connection closed by 91.92.40.171 port 50402 [preauth]
Jun 25 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: Invalid user data from 91.92.40.171
Jun 25 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: input_userauth_request: invalid user data [preauth]
Jun 25 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: Failed password for invalid user data from 91.92.40.171 port 33214 ssh2
Jun 25 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: Connection closed by 91.92.40.171 port 33214 [preauth]
Jun 25 19:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Failed password for invalid user ubuntu from 91.92.40.171 port 33280 ssh2
Jun 25 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16223]: Connection closed by 91.92.40.171 port 33280 [preauth]
Jun 25 19:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: Invalid user vyos from 91.92.40.171
Jun 25 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: input_userauth_request: invalid user vyos [preauth]
Jun 25 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: Failed password for invalid user vyos from 91.92.40.171 port 50302 ssh2
Jun 25 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: Connection closed by 91.92.40.171 port 50302 [preauth]
Jun 25 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: Failed password for root from 38.93.206.2 port 62114 ssh2
Jun 25 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: Connection closed by 38.93.206.2 port 62114 [preauth]
Jun 25 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Invalid user milad from 91.92.40.171
Jun 25 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: input_userauth_request: invalid user milad [preauth]
Jun 25 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Failed password for invalid user milad from 91.92.40.171 port 50362 ssh2
Jun 25 19:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Connection closed by 91.92.40.171 port 50362 [preauth]
Jun 25 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: Invalid user deploy from 91.92.40.171
Jun 25 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Invalid user admin from 195.178.110.217
Jun 25 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: Failed password for invalid user deploy from 91.92.40.171 port 38638 ssh2
Jun 25 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: Connection closed by 91.92.40.171 port 38638 [preauth]
Jun 25 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Failed password for invalid user admin from 195.178.110.217 port 43808 ssh2
Jun 25 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Connection closed by 195.178.110.217 port 43808 [preauth]
Jun 25 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15108]: pam_unix(cron:session): session closed for user root
Jun 25 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: Invalid user username from 91.92.40.171
Jun 25 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: input_userauth_request: invalid user username [preauth]
Jun 25 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: Failed password for invalid user username from 91.92.40.171 port 38172 ssh2
Jun 25 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: Connection closed by 91.92.40.171 port 38172 [preauth]
Jun 25 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: User mysql from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: input_userauth_request: invalid user mysql [preauth]
Jun 25 19:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=mysql
Jun 25 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Failed password for invalid user mysql from 91.92.40.171 port 38208 ssh2
Jun 25 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Connection closed by 91.92.40.171 port 38208 [preauth]
Jun 25 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Failed password for invalid user ubuntu from 91.92.40.171 port 56656 ssh2
Jun 25 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Connection closed by 91.92.40.171 port 56656 [preauth]
Jun 25 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Invalid user developer from 91.92.40.171
Jun 25 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: input_userauth_request: invalid user developer [preauth]
Jun 25 19:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Failed password for invalid user developer from 91.92.40.171 port 56708 ssh2
Jun 25 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Connection closed by 91.92.40.171 port 56708 [preauth]
Jun 25 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Invalid user ai from 91.92.40.171
Jun 25 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: input_userauth_request: invalid user ai [preauth]
Jun 25 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Failed password for invalid user ai from 91.92.40.171 port 55200 ssh2
Jun 25 19:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16369]: Connection closed by 91.92.40.171 port 55200 [preauth]
Jun 25 19:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16382]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Invalid user alex from 91.92.40.171
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: input_userauth_request: invalid user alex [preauth]
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16444]: Successful su for rubyman by root
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16444]: + ??? root:rubyman
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592113 of user rubyman.
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16444]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592113.
Jun 25 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Failed password for invalid user alex from 91.92.40.171 port 55254 ssh2
Jun 25 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Connection closed by 91.92.40.171 port 55254 [preauth]
Jun 25 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user root
Jun 25 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Invalid user ec2-user from 91.92.40.171
Jun 25 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: input_userauth_request: invalid user ec2-user [preauth]
Jun 25 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Failed password for invalid user ec2-user from 91.92.40.171 port 39976 ssh2
Jun 25 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Connection closed by 91.92.40.171 port 39976 [preauth]
Jun 25 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: Failed password for root from 91.92.40.171 port 40064 ssh2
Jun 25 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16646]: Connection closed by 91.92.40.171 port 40064 [preauth]
Jun 25 19:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: Invalid user gpadmin from 91.92.40.171
Jun 25 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: input_userauth_request: invalid user gpadmin [preauth]
Jun 25 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: Failed password for invalid user gpadmin from 91.92.40.171 port 46120 ssh2
Jun 25 19:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: Connection closed by 91.92.40.171 port 46120 [preauth]
Jun 25 19:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: Failed password for root from 91.92.40.171 port 46150 ssh2
Jun 25 19:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: Connection closed by 91.92.40.171 port 46150 [preauth]
Jun 25 19:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Invalid user trade from 91.92.40.171
Jun 25 19:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: input_userauth_request: invalid user trade [preauth]
Jun 25 19:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Failed password for invalid user trade from 91.92.40.171 port 49580 ssh2
Jun 25 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Connection closed by 91.92.40.171 port 49580 [preauth]
Jun 25 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: Invalid user hadoop from 91.92.40.171
Jun 25 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session closed for user root
Jun 25 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: Failed password for invalid user hadoop from 91.92.40.171 port 49618 ssh2
Jun 25 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: Connection closed by 91.92.40.171 port 49618 [preauth]
Jun 25 19:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Invalid user claude from 91.92.40.171
Jun 25 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: input_userauth_request: invalid user claude [preauth]
Jun 25 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Failed password for invalid user claude from 91.92.40.171 port 39030 ssh2
Jun 25 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Connection closed by 91.92.40.171 port 39030 [preauth]
Jun 25 19:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: Invalid user user from 91.92.40.171
Jun 25 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: input_userauth_request: invalid user user [preauth]
Jun 25 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: Failed password for invalid user user from 91.92.40.171 port 39046 ssh2
Jun 25 19:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16752]: Connection closed by 91.92.40.171 port 39046 [preauth]
Jun 25 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Invalid user git from 91.92.40.171
Jun 25 19:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: input_userauth_request: invalid user git [preauth]
Jun 25 19:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Failed password for invalid user git from 91.92.40.171 port 45948 ssh2
Jun 25 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Connection closed by 91.92.40.171 port 45948 [preauth]
Jun 25 19:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: Invalid user admin from 195.178.110.217
Jun 25 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217
Jun 25 19:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16789]: Failed password for root from 91.92.40.171 port 46032 ssh2
Jun 25 19:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16789]: Connection closed by 91.92.40.171 port 46032 [preauth]
Jun 25 19:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: Failed password for invalid user admin from 195.178.110.217 port 46880 ssh2
Jun 25 19:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: Connection closed by 195.178.110.217 port 46880 [preauth]
Jun 25 19:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Invalid user system from 91.92.40.171
Jun 25 19:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: input_userauth_request: invalid user system [preauth]
Jun 25 19:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Failed password for invalid user system from 91.92.40.171 port 33332 ssh2
Jun 25 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Connection closed by 91.92.40.171 port 33332 [preauth]
Jun 25 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: Successful su for rubyman by root
Jun 25 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: + ??? root:rubyman
Jun 25 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592116 of user rubyman.
Jun 25 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592116.
Jun 25 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14172]: pam_unix(cron:session): session closed for user root
Jun 25 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17080]: Failed password for root from 91.92.40.171 port 44804 ssh2
Jun 25 19:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17080]: Connection closed by 91.92.40.171 port 44804 [preauth]
Jun 25 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Invalid user admin2 from 91.92.40.171
Jun 25 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Failed password for invalid user admin2 from 91.92.40.171 port 44892 ssh2
Jun 25 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Connection closed by 91.92.40.171 port 44892 [preauth]
Jun 25 19:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: Invalid user deploy from 91.92.40.171
Jun 25 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: Failed password for invalid user deploy from 91.92.40.171 port 46700 ssh2
Jun 25 19:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: Connection closed by 91.92.40.171 port 46700 [preauth]
Jun 25 19:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: Failed password for root from 91.92.40.171 port 46736 ssh2
Jun 25 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: Connection closed by 91.92.40.171 port 46736 [preauth]
Jun 25 19:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: Failed password for root from 91.92.40.171 port 35658 ssh2
Jun 25 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: Connection closed by 91.92.40.171 port 35658 [preauth]
Jun 25 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17216]: Invalid user appuser from 91.92.40.171
Jun 25 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17216]: input_userauth_request: invalid user appuser [preauth]
Jun 25 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17216]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17216]: Failed password for invalid user appuser from 91.92.40.171 port 35738 ssh2
Jun 25 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17216]: Connection closed by 91.92.40.171 port 35738 [preauth]
Jun 25 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session closed for user root
Jun 25 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: Invalid user reza from 91.92.40.171
Jun 25 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: input_userauth_request: invalid user reza [preauth]
Jun 25 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: Failed password for invalid user reza from 91.92.40.171 port 50436 ssh2
Jun 25 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: Connection closed by 91.92.40.171 port 50436 [preauth]
Jun 25 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Failed password for root from 103.172.78.219 port 56028 ssh2
Jun 25 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Connection closed by 103.172.78.219 port 56028 [preauth]
Jun 25 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Failed password for root from 91.92.40.171 port 50478 ssh2
Jun 25 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Connection closed by 91.92.40.171 port 50478 [preauth]
Jun 25 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Failed password for root from 103.15.222.183 port 51862 ssh2
Jun 25 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Connection closed by 103.15.222.183 port 51862 [preauth]
Jun 25 19:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: Invalid user cloud from 91.92.40.171
Jun 25 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: input_userauth_request: invalid user cloud [preauth]
Jun 25 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: Failed password for invalid user cloud from 91.92.40.171 port 52142 ssh2
Jun 25 19:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: Connection closed by 91.92.40.171 port 52142 [preauth]
Jun 25 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: Invalid user btc from 91.92.40.171
Jun 25 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: input_userauth_request: invalid user btc [preauth]
Jun 25 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: Failed password for invalid user btc from 91.92.40.171 port 52188 ssh2
Jun 25 19:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17301]: Connection closed by 91.92.40.171 port 52188 [preauth]
Jun 25 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Invalid user deploy from 91.92.40.171
Jun 25 19:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Failed password for invalid user deploy from 91.92.40.171 port 56784 ssh2
Jun 25 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Connection closed by 91.92.40.171 port 56784 [preauth]
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session closed for user root
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17328]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17405]: Successful su for rubyman by root
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17405]: + ??? root:rubyman
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592120 of user rubyman.
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17405]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592120.
Jun 25 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Invalid user claude from 91.92.40.171
Jun 25 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: input_userauth_request: invalid user claude [preauth]
Jun 25 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17330]: pam_unix(cron:session): session closed for user root
Jun 25 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session closed for user root
Jun 25 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Failed password for invalid user claude from 91.92.40.171 port 56856 ssh2
Jun 25 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Connection closed by 91.92.40.171 port 56856 [preauth]
Jun 25 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17329]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: Failed password for root from 91.92.40.171 port 51058 ssh2
Jun 25 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: Connection closed by 91.92.40.171 port 51058 [preauth]
Jun 25 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Invalid user ossuser from 91.92.40.171
Jun 25 19:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: input_userauth_request: invalid user ossuser [preauth]
Jun 25 19:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Failed password for invalid user ossuser from 91.92.40.171 port 51082 ssh2
Jun 25 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Connection closed by 91.92.40.171 port 51082 [preauth]
Jun 25 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: Invalid user pi from 91.92.40.171
Jun 25 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: input_userauth_request: invalid user pi [preauth]
Jun 25 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: Failed password for invalid user pi from 91.92.40.171 port 60354 ssh2
Jun 25 19:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: Connection closed by 91.92.40.171 port 60354 [preauth]
Jun 25 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Invalid user support from 91.92.40.171
Jun 25 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: input_userauth_request: invalid user support [preauth]
Jun 25 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Failed password for invalid user support from 91.92.40.171 port 60388 ssh2
Jun 25 19:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Connection closed by 91.92.40.171 port 60388 [preauth]
Jun 25 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17767]: Invalid user student from 91.92.40.171
Jun 25 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17767]: input_userauth_request: invalid user student [preauth]
Jun 25 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17767]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17767]: Failed password for invalid user student from 91.92.40.171 port 38248 ssh2
Jun 25 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17767]: Connection closed by 91.92.40.171 port 38248 [preauth]
Jun 25 19:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session closed for user root
Jun 25 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Invalid user user from 91.92.40.171
Jun 25 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: input_userauth_request: invalid user user [preauth]
Jun 25 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Failed password for invalid user user from 91.92.40.171 port 38324 ssh2
Jun 25 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Connection closed by 91.92.40.171 port 38324 [preauth]
Jun 25 19:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17815]: Invalid user testuser from 91.92.40.171
Jun 25 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17815]: input_userauth_request: invalid user testuser [preauth]
Jun 25 19:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17815]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17815]: Failed password for invalid user testuser from 91.92.40.171 port 48318 ssh2
Jun 25 19:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17815]: Connection closed by 91.92.40.171 port 48318 [preauth]
Jun 25 19:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17829]: User mysql from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17829]: input_userauth_request: invalid user mysql [preauth]
Jun 25 19:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=mysql
Jun 25 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17829]: Failed password for invalid user mysql from 91.92.40.171 port 48380 ssh2
Jun 25 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17829]: Connection closed by 91.92.40.171 port 48380 [preauth]
Jun 25 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17858]: Invalid user app from 91.92.40.171
Jun 25 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17858]: input_userauth_request: invalid user app [preauth]
Jun 25 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17858]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17858]: Failed password for invalid user app from 91.92.40.171 port 42582 ssh2
Jun 25 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17858]: Connection closed by 91.92.40.171 port 42582 [preauth]
Jun 25 19:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17870]: Invalid user kim from 91.92.40.171
Jun 25 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17870]: input_userauth_request: invalid user kim [preauth]
Jun 25 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17870]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17870]: Failed password for invalid user kim from 91.92.40.171 port 42614 ssh2
Jun 25 19:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17870]: Connection closed by 91.92.40.171 port 42614 [preauth]
Jun 25 19:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: Invalid user dev from 91.92.40.171
Jun 25 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: input_userauth_request: invalid user dev [preauth]
Jun 25 19:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17964]: Successful su for rubyman by root
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17964]: + ??? root:rubyman
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592127 of user rubyman.
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17964]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592127.
Jun 25 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: Failed password for invalid user dev from 91.92.40.171 port 50098 ssh2
Jun 25 19:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17880]: Connection closed by 91.92.40.171 port 50098 [preauth]
Jun 25 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: Invalid user server from 91.92.40.171
Jun 25 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: input_userauth_request: invalid user server [preauth]
Jun 25 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15107]: pam_unix(cron:session): session closed for user root
Jun 25 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17896]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: Failed password for invalid user server from 91.92.40.171 port 46356 ssh2
Jun 25 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: Connection closed by 91.92.40.171 port 46356 [preauth]
Jun 25 19:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: Invalid user deploy from 91.92.40.171
Jun 25 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: Failed password for invalid user deploy from 91.92.40.171 port 46414 ssh2
Jun 25 19:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: Connection closed by 91.92.40.171 port 46414 [preauth]
Jun 25 19:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Invalid user kingbase from 91.92.40.171
Jun 25 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: input_userauth_request: invalid user kingbase [preauth]
Jun 25 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for invalid user kingbase from 91.92.40.171 port 38610 ssh2
Jun 25 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Connection closed by 91.92.40.171 port 38610 [preauth]
Jun 25 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: Invalid user hu from 91.92.40.171
Jun 25 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: input_userauth_request: invalid user hu [preauth]
Jun 25 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: Failed password for invalid user hu from 91.92.40.171 port 38626 ssh2
Jun 25 19:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18199]: Connection closed by 91.92.40.171 port 38626 [preauth]
Jun 25 19:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18229]: Failed password for root from 91.92.40.171 port 39564 ssh2
Jun 25 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18229]: Connection closed by 91.92.40.171 port 39564 [preauth]
Jun 25 19:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Invalid user openvpn from 91.92.40.171
Jun 25 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: input_userauth_request: invalid user openvpn [preauth]
Jun 25 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Failed password for invalid user openvpn from 91.92.40.171 port 39602 ssh2
Jun 25 19:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Connection closed by 91.92.40.171 port 39602 [preauth]
Jun 25 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16807]: pam_unix(cron:session): session closed for user root
Jun 25 19:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Failed password for root from 91.92.40.171 port 50250 ssh2
Jun 25 19:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Connection closed by 91.92.40.171 port 50250 [preauth]
Jun 25 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18288]: Invalid user alex from 91.92.40.171
Jun 25 19:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18288]: input_userauth_request: invalid user alex [preauth]
Jun 25 19:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18288]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18288]: Failed password for invalid user alex from 91.92.40.171 port 50276 ssh2
Jun 25 19:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18288]: Connection closed by 91.92.40.171 port 50276 [preauth]
Jun 25 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Invalid user admin1 from 91.92.40.171
Jun 25 19:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 19:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Failed password for invalid user admin1 from 91.92.40.171 port 39112 ssh2
Jun 25 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Connection closed by 91.92.40.171 port 39112 [preauth]
Jun 25 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: Invalid user zabbix from 91.92.40.171
Jun 25 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: input_userauth_request: invalid user zabbix [preauth]
Jun 25 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 19:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: Failed password for invalid user zabbix from 91.92.40.171 port 39164 ssh2
Jun 25 19:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18328]: Connection closed by 91.92.40.171 port 39164 [preauth]
Jun 25 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: Failed password for root from 141.98.83.240 port 24388 ssh2
Jun 25 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: Invalid user frank from 91.92.40.171
Jun 25 19:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: input_userauth_request: invalid user frank [preauth]
Jun 25 19:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: Failed password for root from 141.98.83.240 port 24388 ssh2
Jun 25 19:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: Failed password for invalid user frank from 91.92.40.171 port 59954 ssh2
Jun 25 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18340]: Connection closed by 91.92.40.171 port 59954 [preauth]
Jun 25 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: Failed password for root from 141.98.83.240 port 24388 ssh2
Jun 25 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: Connection closed by 141.98.83.240 port 24388 [preauth]
Jun 25 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18350]: Invalid user omm from 91.92.40.171
Jun 25 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18350]: input_userauth_request: invalid user omm [preauth]
Jun 25 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18353]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18350]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18500]: Successful su for rubyman by root
Jun 25 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18500]: + ??? root:rubyman
Jun 25 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592130 of user rubyman.
Jun 25 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18500]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592130.
Jun 25 19:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18350]: Failed password for invalid user omm from 91.92.40.171 port 60006 ssh2
Jun 25 19:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18350]: Connection closed by 91.92.40.171 port 60006 [preauth]
Jun 25 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session closed for user root
Jun 25 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18354]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Failed password for root from 91.92.40.171 port 46822 ssh2
Jun 25 19:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Connection closed by 91.92.40.171 port 46822 [preauth]
Jun 25 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: User mysql from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: input_userauth_request: invalid user mysql [preauth]
Jun 25 19:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=mysql
Jun 25 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: Failed password for invalid user mysql from 91.92.40.171 port 46842 ssh2
Jun 25 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18703]: Connection closed by 91.92.40.171 port 46842 [preauth]
Jun 25 19:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: Invalid user vm from 91.92.40.171
Jun 25 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: input_userauth_request: invalid user vm [preauth]
Jun 25 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: Failed password for invalid user vm from 91.92.40.171 port 57532 ssh2
Jun 25 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: Connection closed by 91.92.40.171 port 57532 [preauth]
Jun 25 19:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: Invalid user elastic from 91.92.40.171
Jun 25 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: input_userauth_request: invalid user elastic [preauth]
Jun 25 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: Failed password for invalid user elastic from 91.92.40.171 port 57586 ssh2
Jun 25 19:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: Connection closed by 91.92.40.171 port 57586 [preauth]
Jun 25 19:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: Invalid user debian from 91.92.40.171
Jun 25 19:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: input_userauth_request: invalid user debian [preauth]
Jun 25 19:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: Failed password for invalid user debian from 91.92.40.171 port 33292 ssh2
Jun 25 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: Connection closed by 91.92.40.171 port 33292 [preauth]
Jun 25 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17332]: pam_unix(cron:session): session closed for user root
Jun 25 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: Failed password for root from 91.92.40.171 port 33358 ssh2
Jun 25 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: Connection closed by 91.92.40.171 port 33358 [preauth]
Jun 25 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Invalid user rajvir from 91.92.40.171
Jun 25 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: input_userauth_request: invalid user rajvir [preauth]
Jun 25 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Failed password for invalid user rajvir from 91.92.40.171 port 59582 ssh2
Jun 25 19:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Connection closed by 91.92.40.171 port 59582 [preauth]
Jun 25 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: Invalid user guest from 91.92.40.171
Jun 25 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: input_userauth_request: invalid user guest [preauth]
Jun 25 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: Failed password for invalid user guest from 91.92.40.171 port 35768 ssh2
Jun 25 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: Connection closed by 91.92.40.171 port 35768 [preauth]
Jun 25 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: Failed password for root from 91.92.40.171 port 35826 ssh2
Jun 25 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: Connection closed by 91.92.40.171 port 35826 [preauth]
Jun 25 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Invalid user pi from 91.92.40.171
Jun 25 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: input_userauth_request: invalid user pi [preauth]
Jun 25 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Failed password for invalid user pi from 91.92.40.171 port 45492 ssh2
Jun 25 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Connection closed by 91.92.40.171 port 45492 [preauth]
Jun 25 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: Invalid user toto from 91.92.40.171
Jun 25 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: input_userauth_request: invalid user toto [preauth]
Jun 25 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18891]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18951]: Successful su for rubyman by root
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18951]: + ??? root:rubyman
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592134 of user rubyman.
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18951]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592134.
Jun 25 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: Failed password for invalid user toto from 91.92.40.171 port 45550 ssh2
Jun 25 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18888]: Connection closed by 91.92.40.171 port 45550 [preauth]
Jun 25 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15966]: pam_unix(cron:session): session closed for user root
Jun 25 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18892]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19118]: Invalid user ethan from 91.92.40.171
Jun 25 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19118]: input_userauth_request: invalid user ethan [preauth]
Jun 25 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19118]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19118]: Failed password for invalid user ethan from 91.92.40.171 port 60456 ssh2
Jun 25 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19118]: Connection closed by 91.92.40.171 port 60456 [preauth]
Jun 25 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: Invalid user linux from 91.92.40.171
Jun 25 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: input_userauth_request: invalid user linux [preauth]
Jun 25 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: Failed password for invalid user linux from 91.92.40.171 port 60494 ssh2
Jun 25 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: Connection closed by 91.92.40.171 port 60494 [preauth]
Jun 25 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: Invalid user ansible from 91.92.40.171
Jun 25 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: input_userauth_request: invalid user ansible [preauth]
Jun 25 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: Failed password for invalid user ansible from 91.92.40.171 port 34572 ssh2
Jun 25 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: Connection closed by 91.92.40.171 port 34572 [preauth]
Jun 25 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: Invalid user user from 91.92.40.171
Jun 25 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: input_userauth_request: invalid user user [preauth]
Jun 25 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: Failed password for invalid user user from 91.92.40.171 port 34634 ssh2
Jun 25 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: Connection closed by 91.92.40.171 port 34634 [preauth]
Jun 25 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Invalid user ai from 91.92.40.171
Jun 25 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: input_userauth_request: invalid user ai [preauth]
Jun 25 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Failed password for invalid user ai from 91.92.40.171 port 38462 ssh2
Jun 25 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Connection closed by 91.92.40.171 port 38462 [preauth]
Jun 25 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Invalid user hadoop from 91.92.40.171
Jun 25 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17898]: pam_unix(cron:session): session closed for user root
Jun 25 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Failed password for invalid user hadoop from 91.92.40.171 port 38580 ssh2
Jun 25 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19308]: Connection closed by 91.92.40.171 port 38580 [preauth]
Jun 25 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: Invalid user deploy from 91.92.40.171
Jun 25 19:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: Failed password for invalid user deploy from 91.92.40.171 port 47162 ssh2
Jun 25 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19339]: Connection closed by 91.92.40.171 port 47162 [preauth]
Jun 25 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: Failed password for root from 91.92.40.171 port 47230 ssh2
Jun 25 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: Connection closed by 91.92.40.171 port 47230 [preauth]
Jun 25 19:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: Invalid user minecraft from 91.92.40.171
Jun 25 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: Failed password for invalid user minecraft from 91.92.40.171 port 59290 ssh2
Jun 25 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: Connection closed by 91.92.40.171 port 59290 [preauth]
Jun 25 19:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: Invalid user deploy from 91.92.40.171
Jun 25 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: Failed password for invalid user deploy from 91.92.40.171 port 59328 ssh2
Jun 25 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19384]: Connection closed by 91.92.40.171 port 59328 [preauth]
Jun 25 19:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: Invalid user administrator from 91.92.40.171
Jun 25 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: input_userauth_request: invalid user administrator [preauth]
Jun 25 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: Failed password for invalid user administrator from 91.92.40.171 port 40214 ssh2
Jun 25 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: Connection closed by 91.92.40.171 port 40214 [preauth]
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19410]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19480]: Successful su for rubyman by root
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19480]: + ??? root:rubyman
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592139 of user rubyman.
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19480]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592139.
Jun 25 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Invalid user aaa from 91.92.40.171
Jun 25 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: input_userauth_request: invalid user aaa [preauth]
Jun 25 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session closed for user root
Jun 25 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Failed password for invalid user aaa from 91.92.40.171 port 40280 ssh2
Jun 25 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Connection closed by 91.92.40.171 port 40280 [preauth]
Jun 25 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19411]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: Failed password for root from 91.92.40.171 port 47724 ssh2
Jun 25 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: Connection closed by 91.92.40.171 port 47724 [preauth]
Jun 25 19:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19883]: Invalid user ubuntu from 91.92.40.171
Jun 25 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19883]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19883]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19883]: Failed password for invalid user ubuntu from 91.92.40.171 port 47756 ssh2
Jun 25 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19883]: Connection closed by 91.92.40.171 port 47756 [preauth]
Jun 25 19:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19904]: Failed password for root from 91.92.40.171 port 50364 ssh2
Jun 25 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19904]: Connection closed by 91.92.40.171 port 50364 [preauth]
Jun 25 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Invalid user karel from 91.92.40.171
Jun 25 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: input_userauth_request: invalid user karel [preauth]
Jun 25 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Failed password for invalid user karel from 91.92.40.171 port 50390 ssh2
Jun 25 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Connection closed by 91.92.40.171 port 50390 [preauth]
Jun 25 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: Failed password for root from 91.92.40.171 port 39522 ssh2
Jun 25 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: Connection closed by 91.92.40.171 port 39522 [preauth]
Jun 25 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Invalid user debian from 91.92.40.171
Jun 25 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: input_userauth_request: invalid user debian [preauth]
Jun 25 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18359]: pam_unix(cron:session): session closed for user root
Jun 25 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Failed password for invalid user debian from 91.92.40.171 port 39582 ssh2
Jun 25 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Connection closed by 91.92.40.171 port 39582 [preauth]
Jun 25 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19978]: Failed password for root from 91.92.40.171 port 53900 ssh2
Jun 25 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19978]: Connection closed by 91.92.40.171 port 53900 [preauth]
Jun 25 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Invalid user daniel from 91.92.40.171
Jun 25 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: input_userauth_request: invalid user daniel [preauth]
Jun 25 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Failed password for invalid user daniel from 91.92.40.171 port 53920 ssh2
Jun 25 19:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Connection closed by 91.92.40.171 port 53920 [preauth]
Jun 25 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: Invalid user user from 91.92.40.171
Jun 25 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: input_userauth_request: invalid user user [preauth]
Jun 25 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: Failed password for invalid user user from 91.92.40.171 port 38748 ssh2
Jun 25 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: Connection closed by 91.92.40.171 port 38748 [preauth]
Jun 25 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Failed password for root from 103.77.175.15 port 51176 ssh2
Jun 25 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Connection closed by 103.77.175.15 port 51176 [preauth]
Jun 25 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Failed password for root from 91.92.40.171 port 38804 ssh2
Jun 25 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Connection closed by 91.92.40.171 port 38804 [preauth]
Jun 25 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20034]: Invalid user ts3 from 91.92.40.171
Jun 25 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20034]: input_userauth_request: invalid user ts3 [preauth]
Jun 25 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20034]: Failed password for invalid user ts3 from 91.92.40.171 port 60876 ssh2
Jun 25 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20034]: Connection closed by 91.92.40.171 port 60876 [preauth]
Jun 25 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20050]: pam_unix(cron:session): session closed for user root
Jun 25 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20115]: Successful su for rubyman by root
Jun 25 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20115]: + ??? root:rubyman
Jun 25 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592146 of user rubyman.
Jun 25 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20115]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592146.
Jun 25 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: Invalid user postgres from 91.92.40.171
Jun 25 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: input_userauth_request: invalid user postgres [preauth]
Jun 25 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20047]: pam_unix(cron:session): session closed for user root
Jun 25 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16806]: pam_unix(cron:session): session closed for user root
Jun 25 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: Failed password for invalid user postgres from 91.92.40.171 port 60942 ssh2
Jun 25 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: Connection closed by 91.92.40.171 port 60942 [preauth]
Jun 25 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20046]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Invalid user frappe from 91.92.40.171
Jun 25 19:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: input_userauth_request: invalid user frappe [preauth]
Jun 25 19:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Failed password for invalid user frappe from 91.92.40.171 port 34288 ssh2
Jun 25 19:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Connection closed by 91.92.40.171 port 34288 [preauth]
Jun 25 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Invalid user test1 from 91.92.40.171
Jun 25 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: input_userauth_request: invalid user test1 [preauth]
Jun 25 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Failed password for invalid user test1 from 91.92.40.171 port 56000 ssh2
Jun 25 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Connection closed by 91.92.40.171 port 56000 [preauth]
Jun 25 19:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20472]: Failed password for root from 91.92.40.171 port 56056 ssh2
Jun 25 19:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20472]: Connection closed by 91.92.40.171 port 56056 [preauth]
Jun 25 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20482]: Failed password for root from 91.92.40.171 port 36852 ssh2
Jun 25 19:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20482]: Connection closed by 91.92.40.171 port 36852 [preauth]
Jun 25 19:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Invalid user admin2 from 91.92.40.171
Jun 25 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: input_userauth_request: invalid user admin2 [preauth]
Jun 25 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Failed password for invalid user admin2 from 91.92.40.171 port 36904 ssh2
Jun 25 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Connection closed by 91.92.40.171 port 36904 [preauth]
Jun 25 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18894]: pam_unix(cron:session): session closed for user root
Jun 25 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Invalid user agent from 91.92.40.171
Jun 25 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: input_userauth_request: invalid user agent [preauth]
Jun 25 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Invalid user whitley from 2.57.121.112
Jun 25 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: input_userauth_request: invalid user whitley [preauth]
Jun 25 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Failed password for invalid user agent from 91.92.40.171 port 53116 ssh2
Jun 25 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Connection closed by 91.92.40.171 port 53116 [preauth]
Jun 25 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Failed password for invalid user whitley from 2.57.121.112 port 34874 ssh2
Jun 25 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Failed password for invalid user whitley from 2.57.121.112 port 34874 ssh2
Jun 25 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Invalid user deploy from 91.92.40.171
Jun 25 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Failed password for invalid user whitley from 2.57.121.112 port 34874 ssh2
Jun 25 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Failed password for invalid user deploy from 91.92.40.171 port 53214 ssh2
Jun 25 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Connection closed by 91.92.40.171 port 53214 [preauth]
Jun 25 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Failed password for invalid user whitley from 2.57.121.112 port 34874 ssh2
Jun 25 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: Invalid user frappe from 91.92.40.171
Jun 25 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: input_userauth_request: invalid user frappe [preauth]
Jun 25 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Failed password for invalid user whitley from 2.57.121.112 port 34874 ssh2
Jun 25 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Connection closed by 2.57.121.112 port 34874 [preauth]
Jun 25 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: Failed password for invalid user frappe from 91.92.40.171 port 44156 ssh2
Jun 25 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: Connection closed by 91.92.40.171 port 44156 [preauth]
Jun 25 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: Failed password for root from 91.92.40.171 port 44228 ssh2
Jun 25 19:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: Connection closed by 91.92.40.171 port 44228 [preauth]
Jun 25 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Invalid user sam from 91.92.40.171
Jun 25 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: input_userauth_request: invalid user sam [preauth]
Jun 25 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Failed password for invalid user sam from 91.92.40.171 port 43176 ssh2
Jun 25 19:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Connection closed by 91.92.40.171 port 43176 [preauth]
Jun 25 19:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: Invalid user tester from 91.92.40.171
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: input_userauth_request: invalid user tester [preauth]
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20749]: Successful su for rubyman by root
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20749]: + ??? root:rubyman
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592148 of user rubyman.
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20749]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592148.
Jun 25 19:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: Failed password for invalid user tester from 91.92.40.171 port 43226 ssh2
Jun 25 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: Connection closed by 91.92.40.171 port 43226 [preauth]
Jun 25 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17331]: pam_unix(cron:session): session closed for user root
Jun 25 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20609]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: Invalid user devuser from 91.92.40.171
Jun 25 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: input_userauth_request: invalid user devuser [preauth]
Jun 25 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: Failed password for invalid user devuser from 91.92.40.171 port 45220 ssh2
Jun 25 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20946]: Connection closed by 91.92.40.171 port 45220 [preauth]
Jun 25 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: Invalid user gitlab from 91.92.40.171
Jun 25 19:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: input_userauth_request: invalid user gitlab [preauth]
Jun 25 19:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: Failed password for invalid user gitlab from 91.92.40.171 port 45306 ssh2
Jun 25 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: Connection closed by 91.92.40.171 port 45306 [preauth]
Jun 25 19:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: Invalid user server from 91.92.40.171
Jun 25 19:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: input_userauth_request: invalid user server [preauth]
Jun 25 19:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: Failed password for invalid user server from 91.92.40.171 port 49812 ssh2
Jun 25 19:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: Connection closed by 91.92.40.171 port 49812 [preauth]
Jun 25 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: Invalid user guest from 91.92.40.171
Jun 25 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: input_userauth_request: invalid user guest [preauth]
Jun 25 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: Failed password for invalid user guest from 91.92.40.171 port 49832 ssh2
Jun 25 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: Connection closed by 91.92.40.171 port 49832 [preauth]
Jun 25 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Failed password for root from 103.27.238.120 port 45030 ssh2
Jun 25 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Connection closed by 103.27.238.120 port 45030 [preauth]
Jun 25 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: User john from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 19:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: input_userauth_request: invalid user john [preauth]
Jun 25 19:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=john
Jun 25 19:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: Failed password for invalid user john from 91.92.40.171 port 58240 ssh2
Jun 25 19:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: Connection closed by 91.92.40.171 port 58240 [preauth]
Jun 25 19:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Invalid user user from 91.92.40.171
Jun 25 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: input_userauth_request: invalid user user [preauth]
Jun 25 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session closed for user root
Jun 25 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Failed password for invalid user user from 91.92.40.171 port 58294 ssh2
Jun 25 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Connection closed by 91.92.40.171 port 58294 [preauth]
Jun 25 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 19:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Failed password for root from 103.153.68.219 port 53956 ssh2
Jun 25 19:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Connection closed by 103.153.68.219 port 53956 [preauth]
Jun 25 19:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: Failed password for root from 91.92.40.171 port 44742 ssh2
Jun 25 19:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: Connection closed by 91.92.40.171 port 44742 [preauth]
Jun 25 19:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: Invalid user runner from 91.92.40.171
Jun 25 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: input_userauth_request: invalid user runner [preauth]
Jun 25 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: Failed password for invalid user runner from 91.92.40.171 port 44794 ssh2
Jun 25 19:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21082]: Connection closed by 91.92.40.171 port 44794 [preauth]
Jun 25 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Invalid user master from 91.92.40.171
Jun 25 19:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: input_userauth_request: invalid user master [preauth]
Jun 25 19:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Failed password for invalid user master from 91.92.40.171 port 34766 ssh2
Jun 25 19:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Connection closed by 91.92.40.171 port 34766 [preauth]
Jun 25 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Invalid user username from 91.92.40.171
Jun 25 19:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: input_userauth_request: invalid user username [preauth]
Jun 25 19:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Failed password for invalid user username from 91.92.40.171 port 34832 ssh2
Jun 25 19:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Connection closed by 91.92.40.171 port 34832 [preauth]
Jun 25 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: Invalid user uftp from 91.92.40.171
Jun 25 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: input_userauth_request: invalid user uftp [preauth]
Jun 25 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: Failed password for invalid user uftp from 91.92.40.171 port 37338 ssh2
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: Connection closed by 91.92.40.171 port 37338 [preauth]
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21143]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21209]: Successful su for rubyman by root
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21209]: + ??? root:rubyman
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592152 of user rubyman.
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21209]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592152.
Jun 25 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21280]: Invalid user deploy from 91.92.40.171
Jun 25 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21280]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21280]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17897]: pam_unix(cron:session): session closed for user root
Jun 25 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21280]: Failed password for invalid user deploy from 91.92.40.171 port 37428 ssh2
Jun 25 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21280]: Connection closed by 91.92.40.171 port 37428 [preauth]
Jun 25 19:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Invalid user deploy from 91.92.40.171
Jun 25 19:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Failed password for invalid user deploy from 91.92.40.171 port 36430 ssh2
Jun 25 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Connection closed by 91.92.40.171 port 36430 [preauth]
Jun 25 19:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Invalid user deploy from 91.92.40.171
Jun 25 19:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Failed password for invalid user deploy from 91.92.40.171 port 36492 ssh2
Jun 25 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Connection closed by 91.92.40.171 port 36492 [preauth]
Jun 25 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: Invalid user admin1 from 91.92.40.171
Jun 25 19:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: input_userauth_request: invalid user admin1 [preauth]
Jun 25 19:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: Failed password for invalid user admin1 from 91.92.40.171 port 35534 ssh2
Jun 25 19:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: Connection closed by 91.92.40.171 port 35534 [preauth]
Jun 25 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Invalid user devops from 91.92.40.171
Jun 25 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: input_userauth_request: invalid user devops [preauth]
Jun 25 19:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Failed password for invalid user devops from 91.92.40.171 port 36500 ssh2
Jun 25 19:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Connection closed by 91.92.40.171 port 36500 [preauth]
Jun 25 19:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Invalid user pi from 91.92.40.171
Jun 25 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: input_userauth_request: invalid user pi [preauth]
Jun 25 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Failed password for invalid user pi from 91.92.40.171 port 36550 ssh2
Jun 25 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Connection closed by 91.92.40.171 port 36550 [preauth]
Jun 25 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20049]: pam_unix(cron:session): session closed for user root
Jun 25 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Invalid user minecraft from 91.92.40.171
Jun 25 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 19:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Failed password for invalid user minecraft from 91.92.40.171 port 40510 ssh2
Jun 25 19:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Connection closed by 91.92.40.171 port 40510 [preauth]
Jun 25 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: Failed password for root from 91.92.40.171 port 40566 ssh2
Jun 25 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: Connection closed by 91.92.40.171 port 40566 [preauth]
Jun 25 19:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Failed password for root from 91.92.40.171 port 49018 ssh2
Jun 25 19:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Connection closed by 91.92.40.171 port 49018 [preauth]
Jun 25 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: Failed password for root from 91.92.40.171 port 49064 ssh2
Jun 25 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21564]: Connection closed by 91.92.40.171 port 49064 [preauth]
Jun 25 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: Invalid user amine from 91.92.40.171
Jun 25 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: input_userauth_request: invalid user amine [preauth]
Jun 25 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: Failed password for invalid user amine from 91.92.40.171 port 36626 ssh2
Jun 25 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21576]: Connection closed by 91.92.40.171 port 36626 [preauth]
Jun 25 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21590]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: Invalid user deployer from 91.92.40.171
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: input_userauth_request: invalid user deployer [preauth]
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21658]: Successful su for rubyman by root
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21658]: + ??? root:rubyman
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592156 of user rubyman.
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21658]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592156.
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: Failed password for invalid user deployer from 91.92.40.171 port 36740 ssh2
Jun 25 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: Connection closed by 91.92.40.171 port 36740 [preauth]
Jun 25 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18355]: pam_unix(cron:session): session closed for user root
Jun 25 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21591]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21855]: Failed password for root from 91.92.40.171 port 52268 ssh2
Jun 25 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21855]: Connection closed by 91.92.40.171 port 52268 [preauth]
Jun 25 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Invalid user bernard from 91.92.40.171
Jun 25 19:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: input_userauth_request: invalid user bernard [preauth]
Jun 25 19:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Failed password for invalid user bernard from 91.92.40.171 port 52306 ssh2
Jun 25 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Connection closed by 91.92.40.171 port 52306 [preauth]
Jun 25 19:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21890]: Failed password for root from 91.92.40.171 port 60844 ssh2
Jun 25 19:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21890]: Connection closed by 91.92.40.171 port 60844 [preauth]
Jun 25 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Invalid user calvin from 91.92.40.171
Jun 25 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: input_userauth_request: invalid user calvin [preauth]
Jun 25 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Failed password for invalid user calvin from 91.92.40.171 port 60926 ssh2
Jun 25 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Connection closed by 91.92.40.171 port 60926 [preauth]
Jun 25 19:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: Invalid user sysupdate from 91.92.40.171
Jun 25 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: input_userauth_request: invalid user sysupdate [preauth]
Jun 25 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: Failed password for invalid user sysupdate from 91.92.40.171 port 44402 ssh2
Jun 25 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: Connection closed by 91.92.40.171 port 44402 [preauth]
Jun 25 19:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20611]: pam_unix(cron:session): session closed for user root
Jun 25 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: Invalid user deploy from 91.92.40.171
Jun 25 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: input_userauth_request: invalid user deploy [preauth]
Jun 25 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: Failed password for invalid user deploy from 91.92.40.171 port 44418 ssh2
Jun 25 19:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: Connection closed by 91.92.40.171 port 44418 [preauth]
Jun 25 19:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: Failed password for root from 91.92.40.171 port 43350 ssh2
Jun 25 19:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: Connection closed by 91.92.40.171 port 43350 [preauth]
Jun 25 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21977]: Failed password for root from 91.92.40.171 port 43410 ssh2
Jun 25 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21977]: Connection closed by 91.92.40.171 port 43410 [preauth]
Jun 25 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: Invalid user ftpuser from 91.92.40.171
Jun 25 19:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 19:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: Failed password for invalid user ftpuser from 91.92.40.171 port 37992 ssh2
Jun 25 19:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: Connection closed by 91.92.40.171 port 37992 [preauth]
Jun 25 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22010]: Invalid user user1 from 91.92.40.171
Jun 25 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22010]: input_userauth_request: invalid user user1 [preauth]
Jun 25 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22010]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22010]: Failed password for invalid user user1 from 91.92.40.171 port 38060 ssh2
Jun 25 19:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22010]: Connection closed by 91.92.40.171 port 38060 [preauth]
Jun 25 19:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22023]: pam_unix(cron:session): session closed for user p13x
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: Successful su for rubyman by root
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: + ??? root:rubyman
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592160 of user rubyman.
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: pam_unix(su:session): session closed for user rubyman
Jun 25 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592160.
Jun 25 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: Failed password for root from 91.92.40.171 port 54006 ssh2
Jun 25 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22020]: Connection closed by 91.92.40.171 port 54006 [preauth]
Jun 25 19:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18893]: pam_unix(cron:session): session closed for user root
Jun 25 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22241]: Invalid user admin from 91.92.40.171
Jun 25 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22241]: input_userauth_request: invalid user admin [preauth]
Jun 25 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22241]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22024]: pam_unix(cron:session): session closed for user samftp
Jun 25 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22241]: Failed password for invalid user admin from 91.92.40.171 port 34926 ssh2
Jun 25 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22241]: Connection closed by 91.92.40.171 port 34926 [preauth]
Jun 25 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: Invalid user user1 from 91.92.40.171
Jun 25 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: input_userauth_request: invalid user user1 [preauth]
Jun 25 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: Failed password for invalid user user1 from 91.92.40.171 port 34956 ssh2
Jun 25 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22287]: Connection closed by 91.92.40.171 port 34956 [preauth]
Jun 25 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: Invalid user postgres from 91.92.40.171
Jun 25 19:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: input_userauth_request: invalid user postgres [preauth]
Jun 25 19:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: Failed password for invalid user postgres from 91.92.40.171 port 54496 ssh2
Jun 25 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: Connection closed by 91.92.40.171 port 54496 [preauth]
Jun 25 19:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: Invalid user ftpuser from 91.92.40.171
Jun 25 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: input_userauth_request: invalid user ftpuser [preauth]
Jun 25 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: Failed password for invalid user ftpuser from 91.92.40.171 port 54542 ssh2
Jun 25 19:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: Connection closed by 91.92.40.171 port 54542 [preauth]
Jun 25 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: Failed password for root from 91.92.40.171 port 53476 ssh2
Jun 25 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: Connection closed by 91.92.40.171 port 53476 [preauth]
Jun 25 19:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: Invalid user admin123 from 91.92.40.171
Jun 25 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: input_userauth_request: invalid user admin123 [preauth]
Jun 25 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session closed for user root
Jun 25 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: Failed password for invalid user admin123 from 91.92.40.171 port 53540 ssh2
Jun 25 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: Connection closed by 91.92.40.171 port 53540 [preauth]
Jun 25 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: Failed password for root from 91.92.40.171 port 50776 ssh2
Jun 25 19:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: Connection closed by 91.92.40.171 port 50776 [preauth]
Jun 25 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Invalid user tester from 91.92.40.171
Jun 25 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: input_userauth_request: invalid user tester [preauth]
Jun 25 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Failed password for invalid user tester from 91.92.40.171 port 50816 ssh2
Jun 25 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Connection closed by 91.92.40.171 port 50816 [preauth]
Jun 25 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: Failed password for root from 91.92.40.171 port 40576 ssh2
Jun 25 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: Connection closed by 91.92.40.171 port 40576 [preauth]
Jun 25 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Invalid user bot from 91.92.40.171
Jun 25 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: input_userauth_request: invalid user bot [preauth]
Jun 25 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 19:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Failed password for invalid user bot from 91.92.40.171 port 40624 ssh2
Jun 25 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Connection closed by 91.92.40.171 port 40624 [preauth]
Jun 25 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: Invalid user milad from 91.92.40.171
Jun 25 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: input_userauth_request: invalid user milad [preauth]
Jun 25 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: Failed password for invalid user milad from 91.92.40.171 port 34452 ssh2
Jun 25 20:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22531]: Connection closed by 91.92.40.171 port 34452 [preauth]
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22545]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22549]: pam_unix(cron:session): session closed for user root
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22544]: pam_unix(cron:session): session closed for user root
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22542]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: Successful su for rubyman by root
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: + ??? root:rubyman
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592168 of user rubyman.
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592168.
Jun 25 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Invalid user nvidia from 91.92.40.171
Jun 25 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: input_userauth_request: invalid user nvidia [preauth]
Jun 25 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22545]: pam_unix(cron:session): session closed for user root
Jun 25 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session closed for user root
Jun 25 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Failed password for invalid user nvidia from 91.92.40.171 port 34494 ssh2
Jun 25 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Connection closed by 91.92.40.171 port 34494 [preauth]
Jun 25 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22543]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: Invalid user monitor from 91.92.40.171
Jun 25 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: input_userauth_request: invalid user monitor [preauth]
Jun 25 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: Failed password for invalid user monitor from 91.92.40.171 port 47144 ssh2
Jun 25 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22870]: Connection closed by 91.92.40.171 port 47144 [preauth]
Jun 25 20:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Invalid user developer from 91.92.40.171
Jun 25 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: input_userauth_request: invalid user developer [preauth]
Jun 25 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Failed password for invalid user developer from 91.92.40.171 port 47198 ssh2
Jun 25 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Connection closed by 91.92.40.171 port 47198 [preauth]
Jun 25 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: Invalid user claude from 91.92.40.171
Jun 25 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: input_userauth_request: invalid user claude [preauth]
Jun 25 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: Failed password for invalid user claude from 91.92.40.171 port 59742 ssh2
Jun 25 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: Connection closed by 91.92.40.171 port 59742 [preauth]
Jun 25 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Invalid user debian from 91.92.40.171
Jun 25 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: input_userauth_request: invalid user debian [preauth]
Jun 25 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Failed password for invalid user debian from 91.92.40.171 port 50000 ssh2
Jun 25 20:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Connection closed by 91.92.40.171 port 50000 [preauth]
Jun 25 20:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: Invalid user erpnext from 91.92.40.171
Jun 25 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: input_userauth_request: invalid user erpnext [preauth]
Jun 25 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: Failed password for invalid user erpnext from 91.92.40.171 port 50044 ssh2
Jun 25 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21593]: pam_unix(cron:session): session closed for user root
Jun 25 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22940]: Connection closed by 91.92.40.171 port 50044 [preauth]
Jun 25 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: Invalid user system from 91.92.40.171
Jun 25 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: input_userauth_request: invalid user system [preauth]
Jun 25 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: Failed password for invalid user system from 91.92.40.171 port 39578 ssh2
Jun 25 20:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: Connection closed by 91.92.40.171 port 39578 [preauth]
Jun 25 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 20:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: Failed password for root from 91.92.40.171 port 39624 ssh2
Jun 25 20:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: Connection closed by 91.92.40.171 port 39624 [preauth]
Jun 25 20:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: Invalid user teamspeak from 91.92.40.171
Jun 25 20:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 20:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: Failed password for invalid user teamspeak from 91.92.40.171 port 51386 ssh2
Jun 25 20:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23034]: Connection closed by 91.92.40.171 port 51386 [preauth]
Jun 25 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: Invalid user appuser from 91.92.40.171
Jun 25 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: input_userauth_request: invalid user appuser [preauth]
Jun 25 20:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: Failed password for invalid user appuser from 91.92.40.171 port 51412 ssh2
Jun 25 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23045]: Connection closed by 91.92.40.171 port 51412 [preauth]
Jun 25 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: Invalid user admin from 91.92.40.171
Jun 25 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: input_userauth_request: invalid user admin [preauth]
Jun 25 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: Failed password for invalid user admin from 91.92.40.171 port 39788 ssh2
Jun 25 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: Connection closed by 91.92.40.171 port 39788 [preauth]
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23137]: Successful su for rubyman by root
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23137]: + ??? root:rubyman
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592171 of user rubyman.
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23137]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592171.
Jun 25 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: Invalid user es from 91.92.40.171
Jun 25 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: input_userauth_request: invalid user es [preauth]
Jun 25 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: Failed password for invalid user es from 91.92.40.171 port 39890 ssh2
Jun 25 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: Connection closed by 91.92.40.171 port 39890 [preauth]
Jun 25 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20048]: pam_unix(cron:session): session closed for user root
Jun 25 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23340]: Invalid user debian from 91.92.40.171
Jun 25 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23340]: input_userauth_request: invalid user debian [preauth]
Jun 25 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23340]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23340]: Failed password for invalid user debian from 91.92.40.171 port 32868 ssh2
Jun 25 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23340]: Connection closed by 91.92.40.171 port 32868 [preauth]
Jun 25 20:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23352]: Invalid user airflow from 91.92.40.171
Jun 25 20:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23352]: input_userauth_request: invalid user airflow [preauth]
Jun 25 20:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23352]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23352]: Failed password for invalid user airflow from 91.92.40.171 port 32946 ssh2
Jun 25 20:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23352]: Connection closed by 91.92.40.171 port 32946 [preauth]
Jun 25 20:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: Invalid user admin from 91.92.40.171
Jun 25 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: input_userauth_request: invalid user admin [preauth]
Jun 25 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: Failed password for invalid user admin from 91.92.40.171 port 60202 ssh2
Jun 25 20:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23378]: Connection closed by 91.92.40.171 port 60202 [preauth]
Jun 25 20:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23389]: Invalid user claude from 91.92.40.171
Jun 25 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23389]: input_userauth_request: invalid user claude [preauth]
Jun 25 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23389]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23389]: Failed password for invalid user claude from 91.92.40.171 port 60288 ssh2
Jun 25 20:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23389]: Connection closed by 91.92.40.171 port 60288 [preauth]
Jun 25 20:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Invalid user devops from 91.92.40.171
Jun 25 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: input_userauth_request: invalid user devops [preauth]
Jun 25 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Failed password for invalid user devops from 91.92.40.171 port 39962 ssh2
Jun 25 20:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Connection closed by 91.92.40.171 port 39962 [preauth]
Jun 25 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22026]: pam_unix(cron:session): session closed for user root
Jun 25 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Invalid user debian from 91.92.40.171
Jun 25 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: input_userauth_request: invalid user debian [preauth]
Jun 25 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Failed password for invalid user debian from 91.92.40.171 port 40030 ssh2
Jun 25 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Connection closed by 91.92.40.171 port 40030 [preauth]
Jun 25 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: Invalid user david from 91.92.40.171
Jun 25 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: input_userauth_request: invalid user david [preauth]
Jun 25 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: Failed password for invalid user david from 91.92.40.171 port 43756 ssh2
Jun 25 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: Connection closed by 91.92.40.171 port 43756 [preauth]
Jun 25 20:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: Invalid user work from 91.92.40.171
Jun 25 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: input_userauth_request: invalid user work [preauth]
Jun 25 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: Failed password for invalid user work from 91.92.40.171 port 43802 ssh2
Jun 25 20:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23471]: Connection closed by 91.92.40.171 port 43802 [preauth]
Jun 25 20:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23490]: Invalid user rock from 91.92.40.171
Jun 25 20:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23490]: input_userauth_request: invalid user rock [preauth]
Jun 25 20:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23490]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23490]: Failed password for invalid user rock from 91.92.40.171 port 57384 ssh2
Jun 25 20:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23490]: Connection closed by 91.92.40.171 port 57384 [preauth]
Jun 25 20:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 20:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: Failed password for root from 91.92.40.171 port 59146 ssh2
Jun 25 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: Connection closed by 91.92.40.171 port 59146 [preauth]
Jun 25 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Invalid user teamspeak from 91.92.40.171
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: input_userauth_request: invalid user teamspeak [preauth]
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23519]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23581]: Successful su for rubyman by root
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23581]: + ??? root:rubyman
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592175 of user rubyman.
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23581]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592175.
Jun 25 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for invalid user teamspeak from 91.92.40.171 port 59170 ssh2
Jun 25 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Connection closed by 91.92.40.171 port 59170 [preauth]
Jun 25 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20610]: pam_unix(cron:session): session closed for user root
Jun 25 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: Invalid user test from 91.92.40.171
Jun 25 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: input_userauth_request: invalid user test [preauth]
Jun 25 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: Failed password for invalid user test from 91.92.40.171 port 43262 ssh2
Jun 25 20:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: Connection closed by 91.92.40.171 port 43262 [preauth]
Jun 25 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Invalid user admin from 91.92.40.171
Jun 25 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: input_userauth_request: invalid user admin [preauth]
Jun 25 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Failed password for invalid user admin from 91.92.40.171 port 43318 ssh2
Jun 25 20:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Connection closed by 91.92.40.171 port 43318 [preauth]
Jun 25 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: Invalid user user1 from 91.92.40.171
Jun 25 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: input_userauth_request: invalid user user1 [preauth]
Jun 25 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: Failed password for invalid user user1 from 91.92.40.171 port 36520 ssh2
Jun 25 20:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: Connection closed by 91.92.40.171 port 36520 [preauth]
Jun 25 20:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: Invalid user test from 91.92.40.171
Jun 25 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: input_userauth_request: invalid user test [preauth]
Jun 25 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: Failed password for invalid user test from 91.92.40.171 port 36540 ssh2
Jun 25 20:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: Connection closed by 91.92.40.171 port 36540 [preauth]
Jun 25 20:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Invalid user ts from 91.92.40.171
Jun 25 20:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: input_userauth_request: invalid user ts [preauth]
Jun 25 20:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Failed password for invalid user ts from 91.92.40.171 port 59358 ssh2
Jun 25 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Connection closed by 91.92.40.171 port 59358 [preauth]
Jun 25 20:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: Invalid user postgres from 91.92.40.171
Jun 25 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: input_userauth_request: invalid user postgres [preauth]
Jun 25 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22548]: pam_unix(cron:session): session closed for user root
Jun 25 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: Failed password for invalid user postgres from 91.92.40.171 port 59448 ssh2
Jun 25 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: Connection closed by 91.92.40.171 port 59448 [preauth]
Jun 25 20:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Invalid user centreon from 91.92.40.171
Jun 25 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: input_userauth_request: invalid user centreon [preauth]
Jun 25 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Failed password for invalid user centreon from 91.92.40.171 port 42530 ssh2
Jun 25 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Connection closed by 91.92.40.171 port 42530 [preauth]
Jun 25 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Invalid user minecraft from 91.92.40.171
Jun 25 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: input_userauth_request: invalid user minecraft [preauth]
Jun 25 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Failed password for invalid user minecraft from 91.92.40.171 port 42578 ssh2
Jun 25 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Connection closed by 91.92.40.171 port 42578 [preauth]
Jun 25 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: Invalid user ecommerce from 91.92.40.171
Jun 25 20:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: input_userauth_request: invalid user ecommerce [preauth]
Jun 25 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: Failed password for invalid user ecommerce from 91.92.40.171 port 33542 ssh2
Jun 25 20:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24029]: Connection closed by 91.92.40.171 port 33542 [preauth]
Jun 25 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: Invalid user odoo14 from 91.92.40.171
Jun 25 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: input_userauth_request: invalid user odoo14 [preauth]
Jun 25 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: Failed password for invalid user odoo14 from 91.92.40.171 port 56154 ssh2
Jun 25 20:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24039]: Connection closed by 91.92.40.171 port 56154 [preauth]
Jun 25 20:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 20:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Invalid user test1 from 91.92.40.171
Jun 25 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: input_userauth_request: invalid user test1 [preauth]
Jun 25 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Failed password for root from 77.94.47.83 port 45150 ssh2
Jun 25 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Connection closed by 77.94.47.83 port 45150 [preauth]
Jun 25 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24126]: Successful su for rubyman by root
Jun 25 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24126]: + ??? root:rubyman
Jun 25 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592180 of user rubyman.
Jun 25 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24126]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592180.
Jun 25 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Failed password for invalid user test1 from 91.92.40.171 port 56226 ssh2
Jun 25 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Connection closed by 91.92.40.171 port 56226 [preauth]
Jun 25 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session closed for user root
Jun 25 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=root
Jun 25 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24064]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24309]: Failed password for root from 91.92.40.171 port 45988 ssh2
Jun 25 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24309]: Connection closed by 91.92.40.171 port 45988 [preauth]
Jun 25 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: Invalid user openclaw from 91.92.40.171
Jun 25 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: input_userauth_request: invalid user openclaw [preauth]
Jun 25 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: Failed password for invalid user openclaw from 91.92.40.171 port 46058 ssh2
Jun 25 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: Connection closed by 91.92.40.171 port 46058 [preauth]
Jun 25 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: Invalid user rdpuser from 91.92.40.171
Jun 25 20:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: input_userauth_request: invalid user rdpuser [preauth]
Jun 25 20:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: Failed password for invalid user rdpuser from 91.92.40.171 port 50466 ssh2
Jun 25 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: Connection closed by 91.92.40.171 port 50466 [preauth]
Jun 25 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Invalid user chenxi from 91.92.40.171
Jun 25 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: input_userauth_request: invalid user chenxi [preauth]
Jun 25 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Failed password for invalid user chenxi from 91.92.40.171 port 50544 ssh2
Jun 25 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Connection closed by 91.92.40.171 port 50544 [preauth]
Jun 25 20:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24394]: User nobody from 91.92.40.171 not allowed because not listed in AllowUsers
Jun 25 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24394]: input_userauth_request: invalid user nobody [preauth]
Jun 25 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171  user=nobody
Jun 25 20:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24394]: Failed password for invalid user nobody from 91.92.40.171 port 58966 ssh2
Jun 25 20:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24394]: Connection closed by 91.92.40.171 port 58966 [preauth]
Jun 25 20:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23070]: pam_unix(cron:session): session closed for user root
Jun 25 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: Invalid user odoo17 from 91.92.40.171
Jun 25 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: input_userauth_request: invalid user odoo17 [preauth]
Jun 25 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: Failed password for invalid user odoo17 from 91.92.40.171 port 59012 ssh2
Jun 25 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24404]: Connection closed by 91.92.40.171 port 59012 [preauth]
Jun 25 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Invalid user onkar from 91.92.40.171
Jun 25 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: input_userauth_request: invalid user onkar [preauth]
Jun 25 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Failed password for invalid user onkar from 91.92.40.171 port 42542 ssh2
Jun 25 20:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Connection closed by 91.92.40.171 port 42542 [preauth]
Jun 25 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: Invalid user grid from 91.92.40.171
Jun 25 20:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: input_userauth_request: invalid user grid [preauth]
Jun 25 20:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.171
Jun 25 20:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: Failed password for invalid user grid from 91.92.40.171 port 42552 ssh2
Jun 25 20:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: Connection closed by 91.92.40.171 port 42552 [preauth]
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24505]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24566]: Successful su for rubyman by root
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24566]: + ??? root:rubyman
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592183 of user rubyman.
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24566]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592183.
Jun 25 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21592]: pam_unix(cron:session): session closed for user root
Jun 25 20:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24506]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23522]: pam_unix(cron:session): session closed for user root
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session closed for user root
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: Successful su for rubyman by root
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: + ??? root:rubyman
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592188 of user rubyman.
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592188.
Jun 25 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24917]: pam_unix(cron:session): session closed for user root
Jun 25 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22025]: pam_unix(cron:session): session closed for user root
Jun 25 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24916]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24066]: pam_unix(cron:session): session closed for user root
Jun 25 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25349]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25416]: Successful su for rubyman by root
Jun 25 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25416]: + ??? root:rubyman
Jun 25 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592194 of user rubyman.
Jun 25 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25416]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592194.
Jun 25 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22547]: pam_unix(cron:session): session closed for user root
Jun 25 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25350]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24508]: pam_unix(cron:session): session closed for user root
Jun 25 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25743]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25806]: Successful su for rubyman by root
Jun 25 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25806]: + ??? root:rubyman
Jun 25 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592197 of user rubyman.
Jun 25 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25806]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592197.
Jun 25 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23069]: pam_unix(cron:session): session closed for user root
Jun 25 20:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25744]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24919]: pam_unix(cron:session): session closed for user root
Jun 25 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26200]: Successful su for rubyman by root
Jun 25 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26200]: + ??? root:rubyman
Jun 25 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592201 of user rubyman.
Jun 25 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26200]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592201.
Jun 25 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23521]: pam_unix(cron:session): session closed for user root
Jun 25 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25352]: pam_unix(cron:session): session closed for user root
Jun 25 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26528]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: Successful su for rubyman by root
Jun 25 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: + ??? root:rubyman
Jun 25 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592205 of user rubyman.
Jun 25 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592205.
Jun 25 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26526]: pam_unix(cron:session): session closed for user root
Jun 25 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24065]: pam_unix(cron:session): session closed for user root
Jun 25 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26531]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session closed for user root
Jun 25 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27100]: pam_unix(cron:session): session closed for user root
Jun 25 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27095]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27166]: Successful su for rubyman by root
Jun 25 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27166]: + ??? root:rubyman
Jun 25 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592210 of user rubyman.
Jun 25 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27166]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592210.
Jun 25 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27097]: pam_unix(cron:session): session closed for user root
Jun 25 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24507]: pam_unix(cron:session): session closed for user root
Jun 25 20:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session closed for user root
Jun 25 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27552]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27550]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27619]: Successful su for rubyman by root
Jun 25 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27619]: + ??? root:rubyman
Jun 25 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592217 of user rubyman.
Jun 25 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27619]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592217.
Jun 25 20:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24918]: pam_unix(cron:session): session closed for user root
Jun 25 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27551]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26533]: pam_unix(cron:session): session closed for user root
Jun 25 20:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 20:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27947]: Failed password for root from 51.250.105.222 port 51348 ssh2
Jun 25 20:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27947]: Connection closed by 51.250.105.222 port 51348 [preauth]
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27986]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28052]: Successful su for rubyman by root
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28052]: + ??? root:rubyman
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592220 of user rubyman.
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28052]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592220.
Jun 25 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25351]: pam_unix(cron:session): session closed for user root
Jun 25 20:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 25 20:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.156.235.93
Jun 25 20:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 25 20:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.156.235.93
Jun 25 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27099]: pam_unix(cron:session): session closed for user root
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28442]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28504]: Successful su for rubyman by root
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28504]: + ??? root:rubyman
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592224 of user rubyman.
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28504]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592224.
Jun 25 20:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25745]: pam_unix(cron:session): session closed for user root
Jun 25 20:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27553]: pam_unix(cron:session): session closed for user root
Jun 25 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28948]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28945]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29012]: Successful su for rubyman by root
Jun 25 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29012]: + ??? root:rubyman
Jun 25 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592229 of user rubyman.
Jun 25 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29012]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592229.
Jun 25 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26131]: pam_unix(cron:session): session closed for user root
Jun 25 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28946]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27987]: pam_unix(cron:session): session closed for user root
Jun 25 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29380]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29381]: pam_unix(cron:session): session closed for user root
Jun 25 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29446]: Successful su for rubyman by root
Jun 25 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29446]: + ??? root:rubyman
Jun 25 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592236 of user rubyman.
Jun 25 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29446]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592236.
Jun 25 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29378]: pam_unix(cron:session): session closed for user root
Jun 25 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26532]: pam_unix(cron:session): session closed for user root
Jun 25 20:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 20:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: Failed password for root from 87.251.79.125 port 41134 ssh2
Jun 25 20:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: Connection closed by 87.251.79.125 port 41134 [preauth]
Jun 25 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session closed for user root
Jun 25 20:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30016]: Successful su for rubyman by root
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30016]: + ??? root:rubyman
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592239 of user rubyman.
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30016]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592239.
Jun 25 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Failed password for root from 193.37.70.224 port 34700 ssh2
Jun 25 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Connection closed by 193.37.70.224 port 34700 [preauth]
Jun 25 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session closed for user root
Jun 25 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28948]: pam_unix(cron:session): session closed for user root
Jun 25 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30367]: pam_unix(cron:session): session closed for user root
Jun 25 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30369]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: Successful su for rubyman by root
Jun 25 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: + ??? root:rubyman
Jun 25 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592242 of user rubyman.
Jun 25 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592242.
Jun 25 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27552]: pam_unix(cron:session): session closed for user root
Jun 25 20:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30370]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29380]: pam_unix(cron:session): session closed for user root
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30852]: Successful su for rubyman by root
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30852]: + ??? root:rubyman
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592247 of user rubyman.
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30852]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592247.
Jun 25 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27986]: pam_unix(cron:session): session closed for user root
Jun 25 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29953]: pam_unix(cron:session): session closed for user root
Jun 25 20:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Failed password for root from 62.133.62.83 port 33842 ssh2
Jun 25 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Connection closed by 62.133.62.83 port 33842 [preauth]
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31282]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: Successful su for rubyman by root
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: + ??? root:rubyman
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592251 of user rubyman.
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592251.
Jun 25 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session closed for user root
Jun 25 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31283]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30372]: pam_unix(cron:session): session closed for user root
Jun 25 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Invalid user admin from 141.98.83.240
Jun 25 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: input_userauth_request: invalid user admin [preauth]
Jun 25 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 20:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Failed password for invalid user admin from 141.98.83.240 port 42760 ssh2
Jun 25 20:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Failed password for invalid user admin from 141.98.83.240 port 42760 ssh2
Jun 25 20:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Failed password for invalid user admin from 141.98.83.240 port 42760 ssh2
Jun 25 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Connection closed by 141.98.83.240 port 42760 [preauth]
Jun 25 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31791]: pam_unix(cron:session): session closed for user root
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31786]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31852]: Successful su for rubyman by root
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31852]: + ??? root:rubyman
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592257 of user rubyman.
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31852]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592257.
Jun 25 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session closed for user root
Jun 25 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28947]: pam_unix(cron:session): session closed for user root
Jun 25 20:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31787]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30789]: pam_unix(cron:session): session closed for user root
Jun 25 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32236]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32299]: Successful su for rubyman by root
Jun 25 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32299]: + ??? root:rubyman
Jun 25 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592261 of user rubyman.
Jun 25 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32299]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592261.
Jun 25 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29379]: pam_unix(cron:session): session closed for user root
Jun 25 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32237]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32535]: Did not receive identification string from 122.231.191.3
Jun 25 20:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31285]: pam_unix(cron:session): session closed for user root
Jun 25 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32651]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32717]: Successful su for rubyman by root
Jun 25 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32717]: + ??? root:rubyman
Jun 25 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592267 of user rubyman.
Jun 25 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32717]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592267.
Jun 25 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session closed for user root
Jun 25 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32652]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31790]: pam_unix(cron:session): session closed for user root
Jun 25 20:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: Did not receive identification string from 122.231.191.3
Jun 25 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[763]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: Successful su for rubyman by root
Jun 25 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: + ??? root:rubyman
Jun 25 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592270 of user rubyman.
Jun 25 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592270.
Jun 25 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30371]: pam_unix(cron:session): session closed for user root
Jun 25 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[764]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: Failed password for root from 194.113.233.25 port 39856 ssh2
Jun 25 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: Connection closed by 194.113.233.25 port 39856 [preauth]
Jun 25 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session closed for user root
Jun 25 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1225]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1293]: Successful su for rubyman by root
Jun 25 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1293]: + ??? root:rubyman
Jun 25 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592273 of user rubyman.
Jun 25 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1293]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592273.
Jun 25 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30788]: pam_unix(cron:session): session closed for user root
Jun 25 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 20:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: Failed password for root from 147.45.199.80 port 56378 ssh2
Jun 25 20:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: Connection closed by 147.45.199.80 port 56378 [preauth]
Jun 25 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32654]: pam_unix(cron:session): session closed for user root
Jun 25 20:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 20:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: Failed password for root from 109.237.96.109 port 60108 ssh2
Jun 25 20:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: Connection closed by 109.237.96.109 port 60108 [preauth]
Jun 25 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1788]: pam_unix(cron:session): session closed for user root
Jun 25 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1783]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1849]: Successful su for rubyman by root
Jun 25 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1849]: + ??? root:rubyman
Jun 25 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592277 of user rubyman.
Jun 25 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1849]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592277.
Jun 25 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1785]: pam_unix(cron:session): session closed for user root
Jun 25 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31284]: pam_unix(cron:session): session closed for user root
Jun 25 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1784]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[766]: pam_unix(cron:session): session closed for user root
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2291]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2292]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2289]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2367]: Successful su for rubyman by root
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2367]: + ??? root:rubyman
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592284 of user rubyman.
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2367]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592284.
Jun 25 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session closed for user root
Jun 25 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2290]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1230]: pam_unix(cron:session): session closed for user root
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2722]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2790]: Successful su for rubyman by root
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2790]: + ??? root:rubyman
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592289 of user rubyman.
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2790]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592289.
Jun 25 20:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session closed for user root
Jun 25 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2723]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1787]: pam_unix(cron:session): session closed for user root
Jun 25 20:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 20:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3098]: Failed password for root from 103.27.238.114 port 35756 ssh2
Jun 25 20:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3098]: Connection closed by 103.27.238.114 port 35756 [preauth]
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3119]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3179]: Successful su for rubyman by root
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3179]: + ??? root:rubyman
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592291 of user rubyman.
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3179]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592291.
Jun 25 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32653]: pam_unix(cron:session): session closed for user root
Jun 25 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3120]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2292]: pam_unix(cron:session): session closed for user root
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3575]: Successful su for rubyman by root
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3575]: + ??? root:rubyman
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592295 of user rubyman.
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3575]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592295.
Jun 25 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[765]: pam_unix(cron:session): session closed for user root
Jun 25 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3510]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2728]: pam_unix(cron:session): session closed for user root
Jun 25 20:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4116]: pam_unix(cron:session): session closed for user root
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4111]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: Successful su for rubyman by root
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: + ??? root:rubyman
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592304 of user rubyman.
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592304.
Jun 25 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Failed password for root from 38.93.206.2 port 34476 ssh2
Jun 25 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Connection closed by 38.93.206.2 port 34476 [preauth]
Jun 25 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4113]: pam_unix(cron:session): session closed for user root
Jun 25 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session closed for user root
Jun 25 20:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4112]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Failed password for root from 176.32.39.21 port 55144 ssh2
Jun 25 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Connection closed by 176.32.39.21 port 55144 [preauth]
Jun 25 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3122]: pam_unix(cron:session): session closed for user root
Jun 25 20:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Connection closed by 194.59.206.2 port 31842 [preauth]
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4568]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4566]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4633]: Successful su for rubyman by root
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4633]: + ??? root:rubyman
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592307 of user rubyman.
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4633]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592307.
Jun 25 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1786]: pam_unix(cron:session): session closed for user root
Jun 25 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4567]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: Failed password for root from 103.82.132.16 port 46148 ssh2
Jun 25 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4968]: Connection closed by 103.82.132.16 port 46148 [preauth]
Jun 25 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3512]: pam_unix(cron:session): session closed for user root
Jun 25 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: Invalid user user from 193.46.255.86
Jun 25 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: input_userauth_request: invalid user user [preauth]
Jun 25 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: Failed password for invalid user user from 193.46.255.86 port 60086 ssh2
Jun 25 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: Failed password for invalid user user from 193.46.255.86 port 60086 ssh2
Jun 25 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5082]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5142]: Successful su for rubyman by root
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5142]: + ??? root:rubyman
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592309 of user rubyman.
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5142]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592309.
Jun 25 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: Failed password for invalid user user from 193.46.255.86 port 60086 ssh2
Jun 25 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: Connection closed by 193.46.255.86 port 60086 [preauth]
Jun 25 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: Invalid user admin from 2.57.121.25
Jun 25 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: input_userauth_request: invalid user admin [preauth]
Jun 25 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2291]: pam_unix(cron:session): session closed for user root
Jun 25 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: Failed password for invalid user admin from 2.57.121.25 port 64142 ssh2
Jun 25 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5083]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: Failed password for invalid user admin from 2.57.121.25 port 64142 ssh2
Jun 25 20:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: Failed password for invalid user admin from 2.57.121.25 port 64142 ssh2
Jun 25 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: Connection closed by 2.57.121.25 port 64142 [preauth]
Jun 25 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4115]: pam_unix(cron:session): session closed for user root
Jun 25 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5501]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5560]: Successful su for rubyman by root
Jun 25 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5560]: + ??? root:rubyman
Jun 25 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592313 of user rubyman.
Jun 25 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5560]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592313.
Jun 25 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2727]: pam_unix(cron:session): session closed for user root
Jun 25 20:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5502]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4569]: pam_unix(cron:session): session closed for user root
Jun 25 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5888]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5946]: Successful su for rubyman by root
Jun 25 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5946]: + ??? root:rubyman
Jun 25 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592318 of user rubyman.
Jun 25 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5946]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592318.
Jun 25 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3121]: pam_unix(cron:session): session closed for user root
Jun 25 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5889]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5085]: pam_unix(cron:session): session closed for user root
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session closed for user root
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6339]: Successful su for rubyman by root
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6339]: + ??? root:rubyman
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592321 of user rubyman.
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6339]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592321.
Jun 25 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session closed for user root
Jun 25 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session closed for user root
Jun 25 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5504]: pam_unix(cron:session): session closed for user root
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6702]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6776]: Successful su for rubyman by root
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6776]: + ??? root:rubyman
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592327 of user rubyman.
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6776]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592327.
Jun 25 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4114]: pam_unix(cron:session): session closed for user root
Jun 25 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6704]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5891]: pam_unix(cron:session): session closed for user root
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7210]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7272]: Successful su for rubyman by root
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7272]: + ??? root:rubyman
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592333 of user rubyman.
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7272]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592333.
Jun 25 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4568]: pam_unix(cron:session): session closed for user root
Jun 25 20:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7211]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session closed for user root
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: Successful su for rubyman by root
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: + ??? root:rubyman
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592337 of user rubyman.
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592337.
Jun 25 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5084]: pam_unix(cron:session): session closed for user root
Jun 25 20:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6706]: pam_unix(cron:session): session closed for user root
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8092]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8214]: Successful su for rubyman by root
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8214]: + ??? root:rubyman
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592341 of user rubyman.
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8214]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592341.
Jun 25 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8090]: pam_unix(cron:session): session closed for user root
Jun 25 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5503]: pam_unix(cron:session): session closed for user root
Jun 25 20:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8093]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7214]: pam_unix(cron:session): session closed for user root
Jun 25 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8585]: pam_unix(cron:session): session closed for user root
Jun 25 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8580]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8647]: Successful su for rubyman by root
Jun 25 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8647]: + ??? root:rubyman
Jun 25 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592348 of user rubyman.
Jun 25 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8647]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592348.
Jun 25 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8582]: pam_unix(cron:session): session closed for user root
Jun 25 20:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5890]: pam_unix(cron:session): session closed for user root
Jun 25 20:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8581]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session closed for user root
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9003]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: Successful su for rubyman by root
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: + ??? root:rubyman
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592350 of user rubyman.
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592350.
Jun 25 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session closed for user root
Jun 25 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9004]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8095]: pam_unix(cron:session): session closed for user root
Jun 25 20:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9378]: Received disconnect from 188.44.20.30 port 53882:11: disconnected by user [preauth]
Jun 25 20:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9378]: Disconnected from 188.44.20.30 port 53882 [preauth]
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9406]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9467]: Successful su for rubyman by root
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9467]: + ??? root:rubyman
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592356 of user rubyman.
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9467]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592356.
Jun 25 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6705]: pam_unix(cron:session): session closed for user root
Jun 25 20:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9407]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 20:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Failed password for root from 80.66.85.226 port 52050 ssh2
Jun 25 20:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Connection closed by 80.66.85.226 port 52050 [preauth]
Jun 25 20:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8584]: pam_unix(cron:session): session closed for user root
Jun 25 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9799]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9873]: Successful su for rubyman by root
Jun 25 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9873]: + ??? root:rubyman
Jun 25 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592359 of user rubyman.
Jun 25 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9873]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592359.
Jun 25 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7213]: pam_unix(cron:session): session closed for user root
Jun 25 20:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9800]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9006]: pam_unix(cron:session): session closed for user root
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10522]: Successful su for rubyman by root
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10522]: + ??? root:rubyman
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592362 of user rubyman.
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10522]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592362.
Jun 25 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7613]: pam_unix(cron:session): session closed for user root
Jun 25 20:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session closed for user root
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10892]: pam_unix(cron:session): session closed for user root
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10887]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10958]: Successful su for rubyman by root
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10958]: + ??? root:rubyman
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592368 of user rubyman.
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10958]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592368.
Jun 25 20:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10889]: pam_unix(cron:session): session closed for user root
Jun 25 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8094]: pam_unix(cron:session): session closed for user root
Jun 25 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10888]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session closed for user root
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11403]: Successful su for rubyman by root
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11403]: + ??? root:rubyman
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592372 of user rubyman.
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11403]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592372.
Jun 25 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8583]: pam_unix(cron:session): session closed for user root
Jun 25 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11333]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session closed for user root
Jun 25 20:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Invalid user edu from 188.245.244.188
Jun 25 20:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: input_userauth_request: invalid user edu [preauth]
Jun 25 20:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 20:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Failed password for invalid user edu from 188.245.244.188 port 60916 ssh2
Jun 25 20:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Received disconnect from 188.245.244.188 port 60916:11: Bye Bye [preauth]
Jun 25 20:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Disconnected from 188.245.244.188 port 60916 [preauth]
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11841]: Successful su for rubyman by root
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11841]: + ??? root:rubyman
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592376 of user rubyman.
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11841]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592376.
Jun 25 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9005]: pam_unix(cron:session): session closed for user root
Jun 25 20:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11760]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 20:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: Failed password for root from 103.27.238.116 port 60920 ssh2
Jun 25 20:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: Connection closed by 103.27.238.116 port 60920 [preauth]
Jun 25 20:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Invalid user user from 141.98.83.240
Jun 25 20:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: input_userauth_request: invalid user user [preauth]
Jun 25 20:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 20:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for invalid user user from 141.98.83.240 port 27290 ssh2
Jun 25 20:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for invalid user user from 141.98.83.240 port 27290 ssh2
Jun 25 20:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for invalid user user from 141.98.83.240 port 27290 ssh2
Jun 25 20:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Connection closed by 141.98.83.240 port 27290 [preauth]
Jun 25 20:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10891]: pam_unix(cron:session): session closed for user root
Jun 25 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12212]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12391]: Successful su for rubyman by root
Jun 25 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12391]: + ??? root:rubyman
Jun 25 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592380 of user rubyman.
Jun 25 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12391]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592380.
Jun 25 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session closed for user root
Jun 25 20:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12213]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 20:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for root from 202.178.126.219 port 28471 ssh2
Jun 25 20:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Connection closed by 202.178.126.219 port 28471 [preauth]
Jun 25 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11335]: pam_unix(cron:session): session closed for user root
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12733]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12800]: Successful su for rubyman by root
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12800]: + ??? root:rubyman
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592386 of user rubyman.
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12800]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592386.
Jun 25 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9801]: pam_unix(cron:session): session closed for user root
Jun 25 20:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12734]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session closed for user root
Jun 25 20:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 20:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13133]: Failed password for root from 103.149.28.157 port 48988 ssh2
Jun 25 20:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13133]: Connection closed by 103.149.28.157 port 48988 [preauth]
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13153]: pam_unix(cron:session): session closed for user root
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13147]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13226]: Successful su for rubyman by root
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13226]: + ??? root:rubyman
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592390 of user rubyman.
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13226]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592390.
Jun 25 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session closed for user root
Jun 25 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session closed for user root
Jun 25 20:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12215]: pam_unix(cron:session): session closed for user root
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13654]: Successful su for rubyman by root
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13654]: + ??? root:rubyman
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592394 of user rubyman.
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13654]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592394.
Jun 25 20:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10890]: pam_unix(cron:session): session closed for user root
Jun 25 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12736]: pam_unix(cron:session): session closed for user root
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14003]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14063]: Successful su for rubyman by root
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14063]: + ??? root:rubyman
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592398 of user rubyman.
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14063]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592398.
Jun 25 20:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session closed for user root
Jun 25 20:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14004]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: Invalid user mahesh from 103.227.210.171
Jun 25 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: input_userauth_request: invalid user mahesh [preauth]
Jun 25 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.227.210.171
Jun 25 20:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: Failed password for invalid user mahesh from 103.227.210.171 port 33784 ssh2
Jun 25 20:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: Connection closed by 103.227.210.171 port 33784 [preauth]
Jun 25 20:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 25 20:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Received disconnect from 154.16.115.17 port 39930:11: disconnected by user [preauth]
Jun 25 20:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Disconnected from 154.16.115.17 port 39930 [preauth]
Jun 25 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session closed for user root
Jun 25 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14394]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14454]: Successful su for rubyman by root
Jun 25 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14454]: + ??? root:rubyman
Jun 25 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592402 of user rubyman.
Jun 25 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14454]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592402.
Jun 25 20:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11761]: pam_unix(cron:session): session closed for user root
Jun 25 20:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14395]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: Received disconnect from 65.181.112.131 port 59466:11: disconnected by user [preauth]
Jun 25 20:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: Disconnected from 65.181.112.131 port 59466 [preauth]
Jun 25 20:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session closed for user root
Jun 25 20:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Failed password for root from 117.247.23.131 port 51650 ssh2
Jun 25 20:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Received disconnect from 117.247.23.131 port 51650:11: Bye Bye [preauth]
Jun 25 20:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Disconnected from 117.247.23.131 port 51650 [preauth]
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14880]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: Successful su for rubyman by root
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: + ??? root:rubyman
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592406 of user rubyman.
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592406.
Jun 25 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12214]: pam_unix(cron:session): session closed for user root
Jun 25 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14881]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14006]: pam_unix(cron:session): session closed for user root
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15290]: pam_unix(cron:session): session closed for user root
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15285]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15349]: Successful su for rubyman by root
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15349]: + ??? root:rubyman
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592412 of user rubyman.
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15349]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592412.
Jun 25 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15287]: pam_unix(cron:session): session closed for user root
Jun 25 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12735]: pam_unix(cron:session): session closed for user root
Jun 25 20:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15286]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 20:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Failed password for root from 103.82.20.28 port 42344 ssh2
Jun 25 20:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15607]: Connection closed by 103.82.20.28 port 42344 [preauth]
Jun 25 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14397]: pam_unix(cron:session): session closed for user root
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15697]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15767]: Successful su for rubyman by root
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15767]: + ??? root:rubyman
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592417 of user rubyman.
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15767]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592417.
Jun 25 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session closed for user root
Jun 25 20:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14883]: pam_unix(cron:session): session closed for user root
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16151]: Successful su for rubyman by root
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16151]: + ??? root:rubyman
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592421 of user rubyman.
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16151]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592421.
Jun 25 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session closed for user root
Jun 25 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16094]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: Received disconnect from 172.245.225.106 port 55662:11: disconnected by user [preauth]
Jun 25 20:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: Disconnected from 172.245.225.106 port 55662 [preauth]
Jun 25 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15289]: pam_unix(cron:session): session closed for user root
Jun 25 20:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: Invalid user sysadmin from 117.247.23.131
Jun 25 20:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: input_userauth_request: invalid user sysadmin [preauth]
Jun 25 20:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 20:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: Failed password for invalid user sysadmin from 117.247.23.131 port 48061 ssh2
Jun 25 20:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: Received disconnect from 117.247.23.131 port 48061:11: Bye Bye [preauth]
Jun 25 20:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: Disconnected from 117.247.23.131 port 48061 [preauth]
Jun 25 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16483]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16549]: Successful su for rubyman by root
Jun 25 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16549]: + ??? root:rubyman
Jun 25 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592425 of user rubyman.
Jun 25 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16549]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592425.
Jun 25 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14005]: pam_unix(cron:session): session closed for user root
Jun 25 20:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 20:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Invalid user obi from 188.245.244.188
Jun 25 20:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: input_userauth_request: invalid user obi [preauth]
Jun 25 20:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 20:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 20:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Failed password for invalid user obi from 188.245.244.188 port 58192 ssh2
Jun 25 20:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Received disconnect from 188.245.244.188 port 58192:11: Bye Bye [preauth]
Jun 25 20:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Disconnected from 188.245.244.188 port 58192 [preauth]
Jun 25 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session closed for user root
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16948]: pam_unix(cron:session): session closed for user p13x
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: Successful su for rubyman by root
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: + ??? root:rubyman
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592428 of user rubyman.
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: pam_unix(su:session): session closed for user rubyman
Jun 25 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592428.
Jun 25 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14396]: pam_unix(cron:session): session closed for user root
Jun 25 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16949]: pam_unix(cron:session): session closed for user samftp
Jun 25 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16096]: pam_unix(cron:session): session closed for user root
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17386]: pam_unix(cron:session): session closed for user root
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17392]: pam_unix(cron:session): session closed for user root
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17384]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17490]: Successful su for rubyman by root
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17490]: + ??? root:rubyman
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592432 of user rubyman.
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17490]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592432.
Jun 25 21:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17388]: pam_unix(cron:session): session closed for user root
Jun 25 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14882]: pam_unix(cron:session): session closed for user root
Jun 25 21:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: Invalid user dl from 188.245.244.188
Jun 25 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: input_userauth_request: invalid user dl [preauth]
Jun 25 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: Failed password for invalid user dl from 188.245.244.188 port 45912 ssh2
Jun 25 21:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: Received disconnect from 188.245.244.188 port 45912:11: Bye Bye [preauth]
Jun 25 21:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17847]: Disconnected from 188.245.244.188 port 45912 [preauth]
Jun 25 21:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16486]: pam_unix(cron:session): session closed for user root
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17986]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17984]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18064]: Successful su for rubyman by root
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18064]: + ??? root:rubyman
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592440 of user rubyman.
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18064]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592440.
Jun 25 21:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15288]: pam_unix(cron:session): session closed for user root
Jun 25 21:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17985]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16951]: pam_unix(cron:session): session closed for user root
Jun 25 21:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: Invalid user git2 from 117.247.23.131
Jun 25 21:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: input_userauth_request: invalid user git2 [preauth]
Jun 25 21:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 21:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: Failed password for invalid user git2 from 117.247.23.131 port 55494 ssh2
Jun 25 21:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: Received disconnect from 117.247.23.131 port 55494:11: Bye Bye [preauth]
Jun 25 21:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: Disconnected from 117.247.23.131 port 55494 [preauth]
Jun 25 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18500]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18568]: Successful su for rubyman by root
Jun 25 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18568]: + ??? root:rubyman
Jun 25 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592443 of user rubyman.
Jun 25 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18568]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592443.
Jun 25 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15699]: pam_unix(cron:session): session closed for user root
Jun 25 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18501]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Invalid user edu3 from 188.245.244.188
Jun 25 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: input_userauth_request: invalid user edu3 [preauth]
Jun 25 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17390]: pam_unix(cron:session): session closed for user root
Jun 25 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Failed password for invalid user edu3 from 188.245.244.188 port 55118 ssh2
Jun 25 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Received disconnect from 188.245.244.188 port 55118:11: Bye Bye [preauth]
Jun 25 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Disconnected from 188.245.244.188 port 55118 [preauth]
Jun 25 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18935]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18998]: Successful su for rubyman by root
Jun 25 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18998]: + ??? root:rubyman
Jun 25 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592447 of user rubyman.
Jun 25 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18998]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592447.
Jun 25 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session closed for user root
Jun 25 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18936]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17987]: pam_unix(cron:session): session closed for user root
Jun 25 21:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 21:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: Failed password for root from 103.122.221.179 port 45634 ssh2
Jun 25 21:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19374]: Connection closed by 103.122.221.179 port 45634 [preauth]
Jun 25 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: Successful su for rubyman by root
Jun 25 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: + ??? root:rubyman
Jun 25 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592453 of user rubyman.
Jun 25 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592453.
Jun 25 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session closed for user root
Jun 25 21:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19949]: Invalid user ultima from 188.245.244.188
Jun 25 21:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19949]: input_userauth_request: invalid user ultima [preauth]
Jun 25 21:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19949]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19949]: Failed password for invalid user ultima from 188.245.244.188 port 50840 ssh2
Jun 25 21:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19949]: Received disconnect from 188.245.244.188 port 50840:11: Bye Bye [preauth]
Jun 25 21:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19949]: Disconnected from 188.245.244.188 port 50840 [preauth]
Jun 25 21:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18503]: pam_unix(cron:session): session closed for user root
Jun 25 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20050]: pam_unix(cron:session): session closed for user root
Jun 25 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: Successful su for rubyman by root
Jun 25 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: + ??? root:rubyman
Jun 25 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592459 of user rubyman.
Jun 25 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592459.
Jun 25 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20047]: pam_unix(cron:session): session closed for user root
Jun 25 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16950]: pam_unix(cron:session): session closed for user root
Jun 25 21:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20046]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: Invalid user andrey from 117.247.23.131
Jun 25 21:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: input_userauth_request: invalid user andrey [preauth]
Jun 25 21:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 21:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: Failed password for invalid user andrey from 117.247.23.131 port 60852 ssh2
Jun 25 21:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: Received disconnect from 117.247.23.131 port 60852:11: Bye Bye [preauth]
Jun 25 21:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: Disconnected from 117.247.23.131 port 60852 [preauth]
Jun 25 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18938]: pam_unix(cron:session): session closed for user root
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20580]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20672]: Successful su for rubyman by root
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20672]: + ??? root:rubyman
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592462 of user rubyman.
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20672]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592462.
Jun 25 21:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17389]: pam_unix(cron:session): session closed for user root
Jun 25 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20581]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20929]: Did not receive identification string from 188.240.59.37
Jun 25 21:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20951]: Connection reset by 69.5.169.102 port 16196 [preauth]
Jun 25 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: Invalid user sdp from 188.245.244.188
Jun 25 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: input_userauth_request: invalid user sdp [preauth]
Jun 25 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: Failed password for invalid user sdp from 188.245.244.188 port 48872 ssh2
Jun 25 21:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: Received disconnect from 188.245.244.188 port 48872:11: Bye Bye [preauth]
Jun 25 21:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: Disconnected from 188.245.244.188 port 48872 [preauth]
Jun 25 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session closed for user root
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: Successful su for rubyman by root
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: + ??? root:rubyman
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592466 of user rubyman.
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592466.
Jun 25 21:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17986]: pam_unix(cron:session): session closed for user root
Jun 25 21:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20049]: pam_unix(cron:session): session closed for user root
Jun 25 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21576]: Successful su for rubyman by root
Jun 25 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21576]: + ??? root:rubyman
Jun 25 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592469 of user rubyman.
Jun 25 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21576]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592469.
Jun 25 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18502]: pam_unix(cron:session): session closed for user root
Jun 25 21:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: Invalid user svi from 188.245.244.188
Jun 25 21:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: input_userauth_request: invalid user svi [preauth]
Jun 25 21:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: Failed password for invalid user svi from 188.245.244.188 port 42786 ssh2
Jun 25 21:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: Received disconnect from 188.245.244.188 port 42786:11: Bye Bye [preauth]
Jun 25 21:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: Disconnected from 188.245.244.188 port 42786 [preauth]
Jun 25 21:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20583]: pam_unix(cron:session): session closed for user root
Jun 25 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21936]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21929]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21933]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22043]: Successful su for rubyman by root
Jun 25 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22043]: + ??? root:rubyman
Jun 25 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592473 of user rubyman.
Jun 25 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22043]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592473.
Jun 25 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21929]: pam_unix(cron:session): session closed for user root
Jun 25 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18937]: pam_unix(cron:session): session closed for user root
Jun 25 21:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21934]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Failed password for root from 103.176.20.57 port 36178 ssh2
Jun 25 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Invalid user n8n from 117.247.23.131
Jun 25 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: input_userauth_request: invalid user n8n [preauth]
Jun 25 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Connection closed by 103.176.20.57 port 36178 [preauth]
Jun 25 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Failed password for invalid user n8n from 117.247.23.131 port 55426 ssh2
Jun 25 21:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Received disconnect from 117.247.23.131 port 55426:11: Bye Bye [preauth]
Jun 25 21:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Disconnected from 117.247.23.131 port 55426 [preauth]
Jun 25 21:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 21:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: Failed password for root from 202.178.126.219 port 37308 ssh2
Jun 25 21:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: Connection closed by 202.178.126.219 port 37308 [preauth]
Jun 25 21:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21086]: pam_unix(cron:session): session closed for user root
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22517]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22515]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22516]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22518]: pam_unix(cron:session): session closed for user root
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22581]: Successful su for rubyman by root
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22581]: + ??? root:rubyman
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592479 of user rubyman.
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22581]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592479.
Jun 25 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22515]: pam_unix(cron:session): session closed for user root
Jun 25 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session closed for user root
Jun 25 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22514]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 21:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: Failed password for root from 103.77.242.62 port 60194 ssh2
Jun 25 21:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: Connection closed by 103.77.242.62 port 60194 [preauth]
Jun 25 21:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22863]: User nyx from 188.245.244.188 not allowed because not listed in AllowUsers
Jun 25 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22863]: input_userauth_request: invalid user nyx [preauth]
Jun 25 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188  user=nyx
Jun 25 21:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22863]: Failed password for invalid user nyx from 188.245.244.188 port 54808 ssh2
Jun 25 21:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22863]: Received disconnect from 188.245.244.188 port 54808:11: Bye Bye [preauth]
Jun 25 21:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22863]: Disconnected from 188.245.244.188 port 54808 [preauth]
Jun 25 21:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21503]: pam_unix(cron:session): session closed for user root
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22963]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23027]: Successful su for rubyman by root
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23027]: + ??? root:rubyman
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592484 of user rubyman.
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23027]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592484.
Jun 25 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20048]: pam_unix(cron:session): session closed for user root
Jun 25 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22964]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21936]: pam_unix(cron:session): session closed for user root
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23379]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23442]: Successful su for rubyman by root
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23442]: + ??? root:rubyman
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592490 of user rubyman.
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23442]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592490.
Jun 25 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20582]: pam_unix(cron:session): session closed for user root
Jun 25 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23380]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 21:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: Failed password for root from 38.93.206.2 port 53076 ssh2
Jun 25 21:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: Connection closed by 38.93.206.2 port 53076 [preauth]
Jun 25 21:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: Invalid user cwcx from 188.245.244.188
Jun 25 21:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: input_userauth_request: invalid user cwcx [preauth]
Jun 25 21:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: Failed password for invalid user cwcx from 188.245.244.188 port 49050 ssh2
Jun 25 21:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: Received disconnect from 188.245.244.188 port 49050:11: Bye Bye [preauth]
Jun 25 21:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: Disconnected from 188.245.244.188 port 49050 [preauth]
Jun 25 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22517]: pam_unix(cron:session): session closed for user root
Jun 25 21:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23798]: Invalid user virt from 117.247.23.131
Jun 25 21:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23798]: input_userauth_request: invalid user virt [preauth]
Jun 25 21:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23798]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23798]: Failed password for invalid user virt from 117.247.23.131 port 56728 ssh2
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23817]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23967]: Successful su for rubyman by root
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23967]: + ??? root:rubyman
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592493 of user rubyman.
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23967]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592493.
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23798]: Received disconnect from 117.247.23.131 port 56728:11: Bye Bye [preauth]
Jun 25 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23798]: Disconnected from 117.247.23.131 port 56728 [preauth]
Jun 25 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session closed for user root
Jun 25 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23819]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22966]: pam_unix(cron:session): session closed for user root
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24337]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24335]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24393]: Successful su for rubyman by root
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24393]: + ??? root:rubyman
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592496 of user rubyman.
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24393]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592496.
Jun 25 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session closed for user root
Jun 25 21:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24336]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23382]: pam_unix(cron:session): session closed for user root
Jun 25 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Received disconnect from 23.239.96.154 port 47412:11: disconnected by user [preauth]
Jun 25 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Disconnected from 23.239.96.154 port 47412 [preauth]
Jun 25 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Invalid user ichat from 188.245.244.188
Jun 25 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: input_userauth_request: invalid user ichat [preauth]
Jun 25 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Failed password for invalid user ichat from 188.245.244.188 port 50150 ssh2
Jun 25 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Received disconnect from 188.245.244.188 port 50150:11: Bye Bye [preauth]
Jun 25 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Disconnected from 188.245.244.188 port 50150 [preauth]
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session closed for user root
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24756]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: Successful su for rubyman by root
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: + ??? root:rubyman
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592500 of user rubyman.
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592500.
Jun 25 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: Invalid user sky from 141.98.83.240
Jun 25 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: input_userauth_request: invalid user sky [preauth]
Jun 25 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24758]: pam_unix(cron:session): session closed for user root
Jun 25 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21935]: pam_unix(cron:session): session closed for user root
Jun 25 21:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: Failed password for invalid user sky from 141.98.83.240 port 61960 ssh2
Jun 25 21:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24757]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: Failed password for invalid user sky from 141.98.83.240 port 61960 ssh2
Jun 25 21:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: Failed password for invalid user sky from 141.98.83.240 port 61960 ssh2
Jun 25 21:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: Connection closed by 141.98.83.240 port 61960 [preauth]
Jun 25 21:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 21:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: Received disconnect from 143.198.153.185 port 46232:11: disconnected by user [preauth]
Jun 25 21:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: Disconnected from 143.198.153.185 port 46232 [preauth]
Jun 25 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23821]: pam_unix(cron:session): session closed for user root
Jun 25 21:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: Invalid user dorien from 2.57.121.112
Jun 25 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: input_userauth_request: invalid user dorien [preauth]
Jun 25 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 21:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: Failed password for invalid user dorien from 2.57.121.112 port 13892 ssh2
Jun 25 21:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: Failed password for invalid user dorien from 2.57.121.112 port 13892 ssh2
Jun 25 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: Failed password for invalid user dorien from 2.57.121.112 port 13892 ssh2
Jun 25 21:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: Failed password for invalid user dorien from 2.57.121.112 port 13892 ssh2
Jun 25 21:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: Failed password for invalid user dorien from 2.57.121.112 port 13892 ssh2
Jun 25 21:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: Connection closed by 2.57.121.112 port 13892 [preauth]
Jun 25 21:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 21:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25260]: Successful su for rubyman by root
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25260]: + ??? root:rubyman
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592506 of user rubyman.
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25260]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592506.
Jun 25 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22516]: pam_unix(cron:session): session closed for user root
Jun 25 21:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25197]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24338]: pam_unix(cron:session): session closed for user root
Jun 25 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 21:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: Failed password for root from 103.15.222.183 port 34164 ssh2
Jun 25 21:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: Connection closed by 103.15.222.183 port 34164 [preauth]
Jun 25 21:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: Invalid user cpan from 188.245.244.188
Jun 25 21:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: input_userauth_request: invalid user cpan [preauth]
Jun 25 21:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: Failed password for invalid user cpan from 188.245.244.188 port 54036 ssh2
Jun 25 21:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: Received disconnect from 188.245.244.188 port 54036:11: Bye Bye [preauth]
Jun 25 21:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25539]: Disconnected from 188.245.244.188 port 54036 [preauth]
Jun 25 21:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 21:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25573]: Failed password for root from 117.247.23.131 port 42050 ssh2
Jun 25 21:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25573]: Received disconnect from 117.247.23.131 port 42050:11: Bye Bye [preauth]
Jun 25 21:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25573]: Disconnected from 117.247.23.131 port 42050 [preauth]
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25604]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session closed for user root
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25602]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25661]: Successful su for rubyman by root
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25661]: + ??? root:rubyman
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592510 of user rubyman.
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25661]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592510.
Jun 25 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22965]: pam_unix(cron:session): session closed for user root
Jun 25 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25603]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24760]: pam_unix(cron:session): session closed for user root
Jun 25 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25987]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26045]: Successful su for rubyman by root
Jun 25 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26045]: + ??? root:rubyman
Jun 25 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592516 of user rubyman.
Jun 25 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26045]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592516.
Jun 25 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23381]: pam_unix(cron:session): session closed for user root
Jun 25 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25988]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25199]: pam_unix(cron:session): session closed for user root
Jun 25 21:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Invalid user ingenieria from 188.245.244.188
Jun 25 21:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: input_userauth_request: invalid user ingenieria [preauth]
Jun 25 21:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Failed password for invalid user ingenieria from 188.245.244.188 port 35116 ssh2
Jun 25 21:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Received disconnect from 188.245.244.188 port 35116:11: Bye Bye [preauth]
Jun 25 21:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Disconnected from 188.245.244.188 port 35116 [preauth]
Jun 25 21:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 21:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26365]: Failed password for root from 103.172.78.219 port 51436 ssh2
Jun 25 21:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26365]: Connection closed by 103.172.78.219 port 51436 [preauth]
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26384]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26442]: Successful su for rubyman by root
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26442]: + ??? root:rubyman
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592519 of user rubyman.
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26442]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592519.
Jun 25 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23820]: pam_unix(cron:session): session closed for user root
Jun 25 21:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26385]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25605]: pam_unix(cron:session): session closed for user root
Jun 25 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: Failed password for root from 203.200.74.18 port 33954 ssh2
Jun 25 21:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: Received disconnect from 203.200.74.18 port 33954:11: Bye Bye [preauth]
Jun 25 21:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: Disconnected from 203.200.74.18 port 33954 [preauth]
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session closed for user root
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26865]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26936]: Successful su for rubyman by root
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26936]: + ??? root:rubyman
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592525 of user rubyman.
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26936]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592525.
Jun 25 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26867]: pam_unix(cron:session): session closed for user root
Jun 25 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24337]: pam_unix(cron:session): session closed for user root
Jun 25 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26866]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25990]: pam_unix(cron:session): session closed for user root
Jun 25 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: Invalid user ah from 117.247.23.131
Jun 25 21:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: input_userauth_request: invalid user ah [preauth]
Jun 25 21:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 21:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: Invalid user ecc from 188.245.244.188
Jun 25 21:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: input_userauth_request: invalid user ecc [preauth]
Jun 25 21:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: Failed password for invalid user ah from 117.247.23.131 port 54568 ssh2
Jun 25 21:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: Received disconnect from 117.247.23.131 port 54568:11: Bye Bye [preauth]
Jun 25 21:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27233]: Disconnected from 117.247.23.131 port 54568 [preauth]
Jun 25 21:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: Failed password for invalid user ecc from 188.245.244.188 port 47542 ssh2
Jun 25 21:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: Received disconnect from 188.245.244.188 port 47542:11: Bye Bye [preauth]
Jun 25 21:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: Disconnected from 188.245.244.188 port 47542 [preauth]
Jun 25 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27316]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27387]: Successful su for rubyman by root
Jun 25 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27387]: + ??? root:rubyman
Jun 25 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592529 of user rubyman.
Jun 25 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27387]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592529.
Jun 25 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session closed for user root
Jun 25 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27317]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26387]: pam_unix(cron:session): session closed for user root
Jun 25 21:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Received disconnect from 210.210.155.71 port 50484:11: disconnected by user [preauth]
Jun 25 21:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Disconnected from 210.210.155.71 port 50484 [preauth]
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27728]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: Successful su for rubyman by root
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: + ??? root:rubyman
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592533 of user rubyman.
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592533.
Jun 25 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25198]: pam_unix(cron:session): session closed for user root
Jun 25 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26869]: pam_unix(cron:session): session closed for user root
Jun 25 21:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Invalid user head from 188.245.244.188
Jun 25 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: input_userauth_request: invalid user head [preauth]
Jun 25 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Failed password for invalid user head from 188.245.244.188 port 58074 ssh2
Jun 25 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Received disconnect from 188.245.244.188 port 58074:11: Bye Bye [preauth]
Jun 25 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Disconnected from 188.245.244.188 port 58074 [preauth]
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28260]: Successful su for rubyman by root
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28260]: + ??? root:rubyman
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592539 of user rubyman.
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28260]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592539.
Jun 25 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25604]: pam_unix(cron:session): session closed for user root
Jun 25 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27319]: pam_unix(cron:session): session closed for user root
Jun 25 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28746]: Successful su for rubyman by root
Jun 25 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28746]: + ??? root:rubyman
Jun 25 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592541 of user rubyman.
Jun 25 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28746]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592541.
Jun 25 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25989]: pam_unix(cron:session): session closed for user root
Jun 25 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28680]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Invalid user odoo from 193.46.255.86
Jun 25 21:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: input_userauth_request: invalid user odoo [preauth]
Jun 25 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 21:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Failed password for invalid user odoo from 193.46.255.86 port 8694 ssh2
Jun 25 21:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Failed password for invalid user odoo from 193.46.255.86 port 8694 ssh2
Jun 25 21:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Failed password for invalid user odoo from 193.46.255.86 port 8694 ssh2
Jun 25 21:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Connection closed by 193.46.255.86 port 8694 [preauth]
Jun 25 21:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 21:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: Failed password for root from 117.247.23.131 port 51038 ssh2
Jun 25 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: Received disconnect from 117.247.23.131 port 51038:11: Bye Bye [preauth]
Jun 25 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28981]: Disconnected from 117.247.23.131 port 51038 [preauth]
Jun 25 21:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Failed password for root from 77.94.47.83 port 54876 ssh2
Jun 25 21:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Connection closed by 77.94.47.83 port 54876 [preauth]
Jun 25 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27731]: pam_unix(cron:session): session closed for user root
Jun 25 21:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: Invalid user out from 188.245.244.188
Jun 25 21:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: input_userauth_request: invalid user out [preauth]
Jun 25 21:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: Failed password for invalid user out from 188.245.244.188 port 36116 ssh2
Jun 25 21:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: Received disconnect from 188.245.244.188 port 36116:11: Bye Bye [preauth]
Jun 25 21:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29042]: Disconnected from 188.245.244.188 port 36116 [preauth]
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29111]: pam_unix(cron:session): session closed for user root
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29106]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29183]: Successful su for rubyman by root
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29183]: + ??? root:rubyman
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592547 of user rubyman.
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29183]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592547.
Jun 25 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29108]: pam_unix(cron:session): session closed for user root
Jun 25 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26386]: pam_unix(cron:session): session closed for user root
Jun 25 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: Invalid user yousef from 102.210.149.105
Jun 25 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: input_userauth_request: invalid user yousef [preauth]
Jun 25 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29107]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: Failed password for invalid user yousef from 102.210.149.105 port 59542 ssh2
Jun 25 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: Received disconnect from 102.210.149.105 port 59542:11: Bye Bye [preauth]
Jun 25 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: Disconnected from 102.210.149.105 port 59542 [preauth]
Jun 25 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28202]: pam_unix(cron:session): session closed for user root
Jun 25 21:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29665]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29760]: Successful su for rubyman by root
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29760]: + ??? root:rubyman
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592551 of user rubyman.
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29760]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592551.
Jun 25 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Failed password for root from 203.200.74.18 port 42618 ssh2
Jun 25 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Received disconnect from 203.200.74.18 port 42618:11: Bye Bye [preauth]
Jun 25 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Disconnected from 203.200.74.18 port 42618 [preauth]
Jun 25 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26868]: pam_unix(cron:session): session closed for user root
Jun 25 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29669]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28683]: pam_unix(cron:session): session closed for user root
Jun 25 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Failed password for root from 103.27.238.120 port 55766 ssh2
Jun 25 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Connection closed by 103.27.238.120 port 55766 [preauth]
Jun 25 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Invalid user showcase from 188.245.244.188
Jun 25 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: input_userauth_request: invalid user showcase [preauth]
Jun 25 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Failed password for invalid user showcase from 188.245.244.188 port 54512 ssh2
Jun 25 21:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Received disconnect from 188.245.244.188 port 54512:11: Bye Bye [preauth]
Jun 25 21:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30047]: Disconnected from 188.245.244.188 port 54512 [preauth]
Jun 25 21:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Received disconnect from 154.16.119.22 port 45912:11: disconnected by user [preauth]
Jun 25 21:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Disconnected from 154.16.119.22 port 45912 [preauth]
Jun 25 21:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: Failed password for root from 103.153.68.219 port 54122 ssh2
Jun 25 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30088]: Connection closed by 103.153.68.219 port 54122 [preauth]
Jun 25 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30119]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: Successful su for rubyman by root
Jun 25 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: + ??? root:rubyman
Jun 25 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592556 of user rubyman.
Jun 25 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592556.
Jun 25 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27318]: pam_unix(cron:session): session closed for user root
Jun 25 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30120]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: Received disconnect from 176.123.2.173 port 46126:11: disconnected by user [preauth]
Jun 25 21:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: Disconnected from 176.123.2.173 port 46126 [preauth]
Jun 25 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29110]: pam_unix(cron:session): session closed for user root
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30531]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30604]: Successful su for rubyman by root
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30604]: + ??? root:rubyman
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592560 of user rubyman.
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30604]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592560.
Jun 25 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session closed for user root
Jun 25 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Invalid user ubuntu from 203.200.74.18
Jun 25 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 21:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for invalid user ubuntu from 203.200.74.18 port 43288 ssh2
Jun 25 21:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Received disconnect from 203.200.74.18 port 43288:11: Bye Bye [preauth]
Jun 25 21:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Disconnected from 203.200.74.18 port 43288 [preauth]
Jun 25 21:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Invalid user mahesh from 117.247.23.131
Jun 25 21:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: input_userauth_request: invalid user mahesh [preauth]
Jun 25 21:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Failed password for invalid user mahesh from 117.247.23.131 port 37562 ssh2
Jun 25 21:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Received disconnect from 117.247.23.131 port 37562:11: Bye Bye [preauth]
Jun 25 21:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Disconnected from 117.247.23.131 port 37562 [preauth]
Jun 25 21:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29671]: pam_unix(cron:session): session closed for user root
Jun 25 21:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30900]: Invalid user elvis from 188.245.244.188
Jun 25 21:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30900]: input_userauth_request: invalid user elvis [preauth]
Jun 25 21:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30900]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30900]: Failed password for invalid user elvis from 188.245.244.188 port 47084 ssh2
Jun 25 21:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30900]: Received disconnect from 188.245.244.188 port 47084:11: Bye Bye [preauth]
Jun 25 21:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30900]: Disconnected from 188.245.244.188 port 47084 [preauth]
Jun 25 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31053]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: Successful su for rubyman by root
Jun 25 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: + ??? root:rubyman
Jun 25 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592563 of user rubyman.
Jun 25 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592563.
Jun 25 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session closed for user root
Jun 25 21:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30125]: pam_unix(cron:session): session closed for user root
Jun 25 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31454]: pam_unix(cron:session): session closed for user root
Jun 25 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31448]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31522]: Successful su for rubyman by root
Jun 25 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31522]: + ??? root:rubyman
Jun 25 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592569 of user rubyman.
Jun 25 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31522]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592569.
Jun 25 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31450]: pam_unix(cron:session): session closed for user root
Jun 25 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28682]: pam_unix(cron:session): session closed for user root
Jun 25 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Failed password for root from 203.200.74.18 port 63506 ssh2
Jun 25 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Received disconnect from 203.200.74.18 port 63506:11: Bye Bye [preauth]
Jun 25 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Disconnected from 203.200.74.18 port 63506 [preauth]
Jun 25 21:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31449]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Invalid user admin from 2.57.121.25
Jun 25 21:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: input_userauth_request: invalid user admin [preauth]
Jun 25 21:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 21:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Failed password for invalid user admin from 2.57.121.25 port 57798 ssh2
Jun 25 21:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session closed for user root
Jun 25 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Failed password for invalid user admin from 2.57.121.25 port 57798 ssh2
Jun 25 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Failed password for invalid user admin from 2.57.121.25 port 57798 ssh2
Jun 25 21:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Connection closed by 2.57.121.25 port 57798 [preauth]
Jun 25 21:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: Invalid user cme from 188.245.244.188
Jun 25 21:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: input_userauth_request: invalid user cme [preauth]
Jun 25 21:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: Connection closed by 194.59.206.2 port 55712 [preauth]
Jun 25 21:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: Failed password for invalid user cme from 188.245.244.188 port 57578 ssh2
Jun 25 21:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: Received disconnect from 188.245.244.188 port 57578:11: Bye Bye [preauth]
Jun 25 21:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: Disconnected from 188.245.244.188 port 57578 [preauth]
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31995]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: Successful su for rubyman by root
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: + ??? root:rubyman
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592574 of user rubyman.
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592574.
Jun 25 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29109]: pam_unix(cron:session): session closed for user root
Jun 25 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31996]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 21:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Failed password for root from 103.77.175.15 port 33470 ssh2
Jun 25 21:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Connection closed by 103.77.175.15 port 33470 [preauth]
Jun 25 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31057]: pam_unix(cron:session): session closed for user root
Jun 25 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32412]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: Successful su for rubyman by root
Jun 25 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: + ??? root:rubyman
Jun 25 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592577 of user rubyman.
Jun 25 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592577.
Jun 25 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29670]: pam_unix(cron:session): session closed for user root
Jun 25 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32413]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32536]: Failed password for root from 203.200.74.18 port 48294 ssh2
Jun 25 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32536]: Received disconnect from 203.200.74.18 port 48294:11: Bye Bye [preauth]
Jun 25 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32536]: Disconnected from 203.200.74.18 port 48294 [preauth]
Jun 25 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: Invalid user sysadmin from 117.247.23.131
Jun 25 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: input_userauth_request: invalid user sysadmin [preauth]
Jun 25 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 21:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: Failed password for invalid user sysadmin from 117.247.23.131 port 57758 ssh2
Jun 25 21:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: Received disconnect from 117.247.23.131 port 57758:11: Bye Bye [preauth]
Jun 25 21:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: Disconnected from 117.247.23.131 port 57758 [preauth]
Jun 25 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31453]: pam_unix(cron:session): session closed for user root
Jun 25 21:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Invalid user vps from 188.245.244.188
Jun 25 21:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: input_userauth_request: invalid user vps [preauth]
Jun 25 21:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Failed password for invalid user vps from 188.245.244.188 port 42528 ssh2
Jun 25 21:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Received disconnect from 188.245.244.188 port 42528:11: Bye Bye [preauth]
Jun 25 21:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Disconnected from 188.245.244.188 port 42528 [preauth]
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[365]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[363]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[439]: Successful su for rubyman by root
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[439]: + ??? root:rubyman
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592582 of user rubyman.
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[439]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592582.
Jun 25 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30122]: pam_unix(cron:session): session closed for user root
Jun 25 21:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[364]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 21:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Failed password for root from 193.37.70.224 port 48038 ssh2
Jun 25 21:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Connection closed by 193.37.70.224 port 48038 [preauth]
Jun 25 21:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31998]: pam_unix(cron:session): session closed for user root
Jun 25 21:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 21:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: Failed password for root from 51.250.105.222 port 51750 ssh2
Jun 25 21:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[869]: Connection closed by 51.250.105.222 port 51750 [preauth]
Jun 25 21:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 21:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: Failed password for root from 87.251.79.125 port 33798 ssh2
Jun 25 21:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[894]: Connection closed by 87.251.79.125 port 33798 [preauth]
Jun 25 21:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: User mysql from 102.210.149.105 not allowed because not listed in AllowUsers
Jun 25 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: input_userauth_request: invalid user mysql [preauth]
Jun 25 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=mysql
Jun 25 21:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Failed password for invalid user mysql from 102.210.149.105 port 39552 ssh2
Jun 25 21:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Received disconnect from 102.210.149.105 port 39552:11: Bye Bye [preauth]
Jun 25 21:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Disconnected from 102.210.149.105 port 39552 [preauth]
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[933]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[929]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: Successful su for rubyman by root
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: + ??? root:rubyman
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592586 of user rubyman.
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592586.
Jun 25 21:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session closed for user root
Jun 25 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Invalid user miriam from 203.200.74.18
Jun 25 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: input_userauth_request: invalid user miriam [preauth]
Jun 25 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 21:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[930]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Failed password for invalid user miriam from 203.200.74.18 port 43210 ssh2
Jun 25 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Received disconnect from 203.200.74.18 port 43210:11: Bye Bye [preauth]
Jun 25 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Disconnected from 203.200.74.18 port 43210 [preauth]
Jun 25 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32415]: pam_unix(cron:session): session closed for user root
Jun 25 21:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Invalid user dev02 from 188.245.244.188
Jun 25 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: input_userauth_request: invalid user dev02 [preauth]
Jun 25 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.245.244.188
Jun 25 21:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Failed password for invalid user dev02 from 188.245.244.188 port 54968 ssh2
Jun 25 21:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Received disconnect from 188.245.244.188 port 54968:11: Bye Bye [preauth]
Jun 25 21:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Disconnected from 188.245.244.188 port 54968 [preauth]
Jun 25 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1414]: pam_unix(cron:session): session closed for user root
Jun 25 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1405]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1574]: Successful su for rubyman by root
Jun 25 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1574]: + ??? root:rubyman
Jun 25 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592590 of user rubyman.
Jun 25 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1574]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592590.
Jun 25 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session closed for user root
Jun 25 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31055]: pam_unix(cron:session): session closed for user root
Jun 25 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1408]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[366]: pam_unix(cron:session): session closed for user root
Jun 25 21:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 21:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: Failed password for root from 117.247.23.131 port 37510 ssh2
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2006]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: Successful su for rubyman by root
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: + ??? root:rubyman
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592596 of user rubyman.
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592596.
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: Received disconnect from 117.247.23.131 port 37510:11: Bye Bye [preauth]
Jun 25 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: Disconnected from 117.247.23.131 port 37510 [preauth]
Jun 25 21:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31451]: pam_unix(cron:session): session closed for user root
Jun 25 21:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 21:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: Failed password for root from 203.200.74.18 port 55850 ssh2
Jun 25 21:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: Received disconnect from 203.200.74.18 port 55850:11: Bye Bye [preauth]
Jun 25 21:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: Disconnected from 203.200.74.18 port 55850 [preauth]
Jun 25 21:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Invalid user longnt from 102.210.149.105
Jun 25 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: input_userauth_request: invalid user longnt [preauth]
Jun 25 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 21:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Failed password for invalid user longnt from 102.210.149.105 port 35590 ssh2
Jun 25 21:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Received disconnect from 102.210.149.105 port 35590:11: Bye Bye [preauth]
Jun 25 21:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Disconnected from 102.210.149.105 port 35590 [preauth]
Jun 25 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[933]: pam_unix(cron:session): session closed for user root
Jun 25 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2457]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2455]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2534]: Successful su for rubyman by root
Jun 25 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2534]: + ??? root:rubyman
Jun 25 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592599 of user rubyman.
Jun 25 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2534]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592599.
Jun 25 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31997]: pam_unix(cron:session): session closed for user root
Jun 25 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2456]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 21:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Failed password for root from 62.133.62.83 port 33318 ssh2
Jun 25 21:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Connection closed by 62.133.62.83 port 33318 [preauth]
Jun 25 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1413]: pam_unix(cron:session): session closed for user root
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2887]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2885]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2946]: Successful su for rubyman by root
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2946]: + ??? root:rubyman
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592605 of user rubyman.
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2946]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592605.
Jun 25 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32414]: pam_unix(cron:session): session closed for user root
Jun 25 21:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2886]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Failed password for root from 203.200.74.18 port 57082 ssh2
Jun 25 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Received disconnect from 203.200.74.18 port 57082:11: Bye Bye [preauth]
Jun 25 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Disconnected from 203.200.74.18 port 57082 [preauth]
Jun 25 21:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 9.234.8.67 port 47760
Jun 25 21:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Invalid user steam from 5.182.83.231
Jun 25 21:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: input_userauth_request: invalid user steam [preauth]
Jun 25 21:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 21:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Failed password for invalid user steam from 5.182.83.231 port 59508 ssh2
Jun 25 21:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Received disconnect from 5.182.83.231 port 59508:11: Bye Bye [preauth]
Jun 25 21:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Disconnected from 5.182.83.231 port 59508 [preauth]
Jun 25 21:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: Connection closed by 9.234.8.67 port 47748 [preauth]
Jun 25 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session closed for user root
Jun 25 21:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: Invalid user talia from 102.210.149.105
Jun 25 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: input_userauth_request: invalid user talia [preauth]
Jun 25 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 21:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: Failed password for invalid user talia from 102.210.149.105 port 46716 ssh2
Jun 25 21:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: Received disconnect from 102.210.149.105 port 46716:11: Bye Bye [preauth]
Jun 25 21:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: Disconnected from 102.210.149.105 port 46716 [preauth]
Jun 25 21:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3401]: Successful su for rubyman by root
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3401]: + ??? root:rubyman
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592607 of user rubyman.
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3401]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592607.
Jun 25 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: Connection reset by 198.235.24.211 port 58274 [preauth]
Jun 25 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session closed for user root
Jun 25 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[365]: pam_unix(cron:session): session closed for user root
Jun 25 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2458]: pam_unix(cron:session): session closed for user root
Jun 25 21:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 21:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Failed password for root from 117.247.23.131 port 46566 ssh2
Jun 25 21:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Received disconnect from 117.247.23.131 port 46566:11: Bye Bye [preauth]
Jun 25 21:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Disconnected from 117.247.23.131 port 46566 [preauth]
Jun 25 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3920]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3923]: pam_unix(cron:session): session closed for user root
Jun 25 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3918]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4036]: Successful su for rubyman by root
Jun 25 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4036]: + ??? root:rubyman
Jun 25 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592616 of user rubyman.
Jun 25 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4036]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592616.
Jun 25 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Invalid user testuser from 203.200.74.18
Jun 25 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: input_userauth_request: invalid user testuser [preauth]
Jun 25 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3920]: pam_unix(cron:session): session closed for user root
Jun 25 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[932]: pam_unix(cron:session): session closed for user root
Jun 25 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Failed password for invalid user testuser from 203.200.74.18 port 25828 ssh2
Jun 25 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Received disconnect from 203.200.74.18 port 25828:11: Bye Bye [preauth]
Jun 25 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Disconnected from 203.200.74.18 port 25828 [preauth]
Jun 25 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2888]: pam_unix(cron:session): session closed for user root
Jun 25 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 21:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: Failed password for root from 194.113.233.25 port 59438 ssh2
Jun 25 21:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: Connection closed by 194.113.233.25 port 59438 [preauth]
Jun 25 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4421]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4489]: Successful su for rubyman by root
Jun 25 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4489]: + ??? root:rubyman
Jun 25 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592618 of user rubyman.
Jun 25 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4489]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592618.
Jun 25 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session closed for user root
Jun 25 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4422]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=root
Jun 25 21:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4702]: Failed password for root from 102.210.149.105 port 43760 ssh2
Jun 25 21:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4702]: Received disconnect from 102.210.149.105 port 43760:11: Bye Bye [preauth]
Jun 25 21:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4702]: Disconnected from 102.210.149.105 port 43760 [preauth]
Jun 25 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session closed for user root
Jun 25 21:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4940]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5008]: Successful su for rubyman by root
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5008]: + ??? root:rubyman
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592622 of user rubyman.
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5008]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592622.
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Invalid user devuser from 203.200.74.18
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: input_userauth_request: invalid user devuser [preauth]
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 21:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Failed password for invalid user devuser from 203.200.74.18 port 21428 ssh2
Jun 25 21:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Received disconnect from 203.200.74.18 port 21428:11: Bye Bye [preauth]
Jun 25 21:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Disconnected from 203.200.74.18 port 21428 [preauth]
Jun 25 21:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2008]: pam_unix(cron:session): session closed for user root
Jun 25 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4944]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 21:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: Failed password for root from 147.45.199.80 port 38396 ssh2
Jun 25 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: Connection closed by 147.45.199.80 port 38396 [preauth]
Jun 25 21:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Failed password for root from 109.237.96.109 port 59068 ssh2
Jun 25 21:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Connection closed by 109.237.96.109 port 59068 [preauth]
Jun 25 21:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session closed for user root
Jun 25 21:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Invalid user sommer from 141.98.83.240
Jun 25 21:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: input_userauth_request: invalid user sommer [preauth]
Jun 25 21:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 21:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Failed password for invalid user sommer from 141.98.83.240 port 24588 ssh2
Jun 25 21:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Failed password for invalid user sommer from 141.98.83.240 port 24588 ssh2
Jun 25 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5294]: Invalid user ftp_user from 5.182.83.231
Jun 25 21:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5294]: input_userauth_request: invalid user ftp_user [preauth]
Jun 25 21:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5294]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 21:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Failed password for invalid user sommer from 141.98.83.240 port 24588 ssh2
Jun 25 21:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Connection closed by 141.98.83.240 port 24588 [preauth]
Jun 25 21:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 21:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5294]: Failed password for invalid user ftp_user from 5.182.83.231 port 58950 ssh2
Jun 25 21:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5294]: Received disconnect from 5.182.83.231 port 58950:11: Bye Bye [preauth]
Jun 25 21:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5294]: Disconnected from 5.182.83.231 port 58950 [preauth]
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5421]: Successful su for rubyman by root
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5421]: + ??? root:rubyman
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592627 of user rubyman.
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5421]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592627.
Jun 25 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2457]: pam_unix(cron:session): session closed for user root
Jun 25 21:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session closed for user root
Jun 25 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: Invalid user scp from 102.210.149.105
Jun 25 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: input_userauth_request: invalid user scp [preauth]
Jun 25 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 21:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: Failed password for invalid user scp from 102.210.149.105 port 50660 ssh2
Jun 25 21:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: Received disconnect from 102.210.149.105 port 50660:11: Bye Bye [preauth]
Jun 25 21:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: Disconnected from 102.210.149.105 port 50660 [preauth]
Jun 25 21:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: Invalid user deployer from 117.247.23.131
Jun 25 21:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: input_userauth_request: invalid user deployer [preauth]
Jun 25 21:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 21:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: Failed password for invalid user deployer from 117.247.23.131 port 51039 ssh2
Jun 25 21:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: Received disconnect from 117.247.23.131 port 51039:11: Bye Bye [preauth]
Jun 25 21:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: Disconnected from 117.247.23.131 port 51039 [preauth]
Jun 25 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: Invalid user def from 203.200.74.18
Jun 25 21:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: input_userauth_request: invalid user def [preauth]
Jun 25 21:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 21:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: Failed password for invalid user def from 203.200.74.18 port 64108 ssh2
Jun 25 21:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: Received disconnect from 203.200.74.18 port 64108:11: Bye Bye [preauth]
Jun 25 21:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: Disconnected from 203.200.74.18 port 64108 [preauth]
Jun 25 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5756]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5820]: Successful su for rubyman by root
Jun 25 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5820]: + ??? root:rubyman
Jun 25 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592630 of user rubyman.
Jun 25 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5820]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592630.
Jun 25 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2887]: pam_unix(cron:session): session closed for user root
Jun 25 21:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5757]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4947]: pam_unix(cron:session): session closed for user root
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6146]: pam_unix(cron:session): session closed for user root
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6213]: Successful su for rubyman by root
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6213]: + ??? root:rubyman
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592636 of user rubyman.
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6213]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592636.
Jun 25 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session closed for user root
Jun 25 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3289]: pam_unix(cron:session): session closed for user root
Jun 25 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Failed password for root from 5.182.83.231 port 49634 ssh2
Jun 25 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Received disconnect from 5.182.83.231 port 49634:11: Bye Bye [preauth]
Jun 25 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Disconnected from 5.182.83.231 port 49634 [preauth]
Jun 25 21:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6141]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5357]: pam_unix(cron:session): session closed for user root
Jun 25 21:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6553]: Invalid user ubuntu from 203.200.74.18
Jun 25 21:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6553]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 21:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6553]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 21:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=root
Jun 25 21:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6553]: Failed password for invalid user ubuntu from 203.200.74.18 port 36954 ssh2
Jun 25 21:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6553]: Received disconnect from 203.200.74.18 port 36954:11: Bye Bye [preauth]
Jun 25 21:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6553]: Disconnected from 203.200.74.18 port 36954 [preauth]
Jun 25 21:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: Failed password for root from 102.210.149.105 port 50618 ssh2
Jun 25 21:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: Received disconnect from 102.210.149.105 port 50618:11: Bye Bye [preauth]
Jun 25 21:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6555]: Disconnected from 102.210.149.105 port 50618 [preauth]
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6567]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6638]: Successful su for rubyman by root
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6638]: + ??? root:rubyman
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592640 of user rubyman.
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6638]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592640.
Jun 25 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session closed for user root
Jun 25 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6568]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5759]: pam_unix(cron:session): session closed for user root
Jun 25 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7025]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7146]: Successful su for rubyman by root
Jun 25 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7146]: + ??? root:rubyman
Jun 25 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592646 of user rubyman.
Jun 25 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7146]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592646.
Jun 25 21:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session closed for user root
Jun 25 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7026]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7364]: Invalid user devuser from 5.182.83.231
Jun 25 21:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7364]: input_userauth_request: invalid user devuser [preauth]
Jun 25 21:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7364]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 21:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7364]: Failed password for invalid user devuser from 5.182.83.231 port 54722 ssh2
Jun 25 21:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7364]: Received disconnect from 5.182.83.231 port 54722:11: Bye Bye [preauth]
Jun 25 21:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7364]: Disconnected from 5.182.83.231 port 54722 [preauth]
Jun 25 21:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6144]: pam_unix(cron:session): session closed for user root
Jun 25 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Invalid user ventas from 117.247.23.131
Jun 25 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: input_userauth_request: invalid user ventas [preauth]
Jun 25 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 21:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Failed password for invalid user ventas from 117.247.23.131 port 60988 ssh2
Jun 25 21:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Received disconnect from 117.247.23.131 port 60988:11: Bye Bye [preauth]
Jun 25 21:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Disconnected from 117.247.23.131 port 60988 [preauth]
Jun 25 21:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 21:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: Failed password for root from 203.200.74.18 port 34418 ssh2
Jun 25 21:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: Received disconnect from 203.200.74.18 port 34418:11: Bye Bye [preauth]
Jun 25 21:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7467]: Disconnected from 203.200.74.18 port 34418 [preauth]
Jun 25 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7487]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7548]: Successful su for rubyman by root
Jun 25 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7548]: + ??? root:rubyman
Jun 25 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592650 of user rubyman.
Jun 25 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7548]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592650.
Jun 25 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session closed for user root
Jun 25 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=root
Jun 25 21:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Failed password for root from 102.210.149.105 port 46098 ssh2
Jun 25 21:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Received disconnect from 102.210.149.105 port 46098:11: Bye Bye [preauth]
Jun 25 21:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Disconnected from 102.210.149.105 port 46098 [preauth]
Jun 25 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session closed for user root
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8032]: Successful su for rubyman by root
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8032]: + ??? root:rubyman
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592652 of user rubyman.
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8032]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592652.
Jun 25 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5355]: pam_unix(cron:session): session closed for user root
Jun 25 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 25 21:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: Failed password for root from 147.45.211.215 port 41568 ssh2
Jun 25 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: Connection closed by 147.45.211.215 port 41568 [preauth]
Jun 25 21:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 21:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: Failed password for root from 5.182.83.231 port 51020 ssh2
Jun 25 21:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: Received disconnect from 5.182.83.231 port 51020:11: Bye Bye [preauth]
Jun 25 21:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: Disconnected from 5.182.83.231 port 51020 [preauth]
Jun 25 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session closed for user root
Jun 25 21:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 21:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Failed password for root from 203.200.74.18 port 43068 ssh2
Jun 25 21:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Received disconnect from 203.200.74.18 port 43068:11: Bye Bye [preauth]
Jun 25 21:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Disconnected from 203.200.74.18 port 43068 [preauth]
Jun 25 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8377]: pam_unix(cron:session): session closed for user root
Jun 25 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8372]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8446]: Successful su for rubyman by root
Jun 25 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8446]: + ??? root:rubyman
Jun 25 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592658 of user rubyman.
Jun 25 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8446]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592658.
Jun 25 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8374]: pam_unix(cron:session): session closed for user root
Jun 25 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5758]: pam_unix(cron:session): session closed for user root
Jun 25 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8373]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7490]: pam_unix(cron:session): session closed for user root
Jun 25 21:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Invalid user socks from 102.210.149.105
Jun 25 21:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: input_userauth_request: invalid user socks [preauth]
Jun 25 21:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 21:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Failed password for invalid user socks from 102.210.149.105 port 36106 ssh2
Jun 25 21:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Received disconnect from 102.210.149.105 port 36106:11: Bye Bye [preauth]
Jun 25 21:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Disconnected from 102.210.149.105 port 36106 [preauth]
Jun 25 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8872]: Successful su for rubyman by root
Jun 25 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8872]: + ??? root:rubyman
Jun 25 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592663 of user rubyman.
Jun 25 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8872]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592663.
Jun 25 21:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6143]: pam_unix(cron:session): session closed for user root
Jun 25 21:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 21:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: Failed password for root from 117.247.23.131 port 41396 ssh2
Jun 25 21:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: Received disconnect from 117.247.23.131 port 41396:11: Bye Bye [preauth]
Jun 25 21:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: Disconnected from 117.247.23.131 port 41396 [preauth]
Jun 25 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7974]: pam_unix(cron:session): session closed for user root
Jun 25 21:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: Invalid user elsearch from 5.182.83.231
Jun 25 21:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: input_userauth_request: invalid user elsearch [preauth]
Jun 25 21:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 21:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: Failed password for invalid user elsearch from 5.182.83.231 port 50240 ssh2
Jun 25 21:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: Received disconnect from 5.182.83.231 port 50240:11: Bye Bye [preauth]
Jun 25 21:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9156]: Disconnected from 5.182.83.231 port 50240 [preauth]
Jun 25 21:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9178]: Invalid user petra from 203.200.74.18
Jun 25 21:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9178]: input_userauth_request: invalid user petra [preauth]
Jun 25 21:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9178]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 21:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9178]: Failed password for invalid user petra from 203.200.74.18 port 39940 ssh2
Jun 25 21:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9178]: Received disconnect from 203.200.74.18 port 39940:11: Bye Bye [preauth]
Jun 25 21:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9178]: Disconnected from 203.200.74.18 port 39940 [preauth]
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9210]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9272]: Successful su for rubyman by root
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9272]: + ??? root:rubyman
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592666 of user rubyman.
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9272]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592666.
Jun 25 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session closed for user root
Jun 25 21:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9211]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:103.206.179.220  user=ftp
Jun 25 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8376]: pam_unix(cron:session): session closed for user root
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9626]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9685]: Successful su for rubyman by root
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9685]: + ??? root:rubyman
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592672 of user rubyman.
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9685]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592672.
Jun 25 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7027]: pam_unix(cron:session): session closed for user root
Jun 25 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9627]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Invalid user pivpn from 102.210.149.105
Jun 25 21:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: input_userauth_request: invalid user pivpn [preauth]
Jun 25 21:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Failed password for invalid user pivpn from 102.210.149.105 port 45314 ssh2
Jun 25 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Received disconnect from 102.210.149.105 port 45314:11: Bye Bye [preauth]
Jun 25 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Disconnected from 102.210.149.105 port 45314 [preauth]
Jun 25 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session closed for user root
Jun 25 21:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Invalid user ftp_user from 203.200.74.18
Jun 25 21:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: input_userauth_request: invalid user ftp_user [preauth]
Jun 25 21:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 21:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Failed password for invalid user ftp_user from 203.200.74.18 port 45920 ssh2
Jun 25 21:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Received disconnect from 203.200.74.18 port 45920:11: Bye Bye [preauth]
Jun 25 21:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Disconnected from 203.200.74.18 port 45920 [preauth]
Jun 25 21:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Invalid user tu from 5.182.83.231
Jun 25 21:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: input_userauth_request: invalid user tu [preauth]
Jun 25 21:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 21:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Failed password for invalid user tu from 5.182.83.231 port 45608 ssh2
Jun 25 21:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Received disconnect from 5.182.83.231 port 45608:11: Bye Bye [preauth]
Jun 25 21:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Disconnected from 5.182.83.231 port 45608 [preauth]
Jun 25 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10206]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10355]: Successful su for rubyman by root
Jun 25 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10355]: + ??? root:rubyman
Jun 25 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592674 of user rubyman.
Jun 25 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10355]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592674.
Jun 25 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session closed for user root
Jun 25 21:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10207]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9213]: pam_unix(cron:session): session closed for user root
Jun 25 21:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 21:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: Failed password for root from 38.93.206.2 port 62258 ssh2
Jun 25 21:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10653]: Connection closed by 38.93.206.2 port 62258 [preauth]
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10701]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10703]: pam_unix(cron:session): session closed for user root
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10698]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10781]: Successful su for rubyman by root
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10781]: + ??? root:rubyman
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592681 of user rubyman.
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10781]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592681.
Jun 25 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10700]: pam_unix(cron:session): session closed for user root
Jun 25 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7972]: pam_unix(cron:session): session closed for user root
Jun 25 21:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10699]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Invalid user gitlab-runner from 117.247.23.131
Jun 25 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 25 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 21:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Failed password for invalid user gitlab-runner from 117.247.23.131 port 42128 ssh2
Jun 25 21:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Received disconnect from 117.247.23.131 port 42128:11: Bye Bye [preauth]
Jun 25 21:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Disconnected from 117.247.23.131 port 42128 [preauth]
Jun 25 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9629]: pam_unix(cron:session): session closed for user root
Jun 25 21:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Invalid user geoserver from 102.210.149.105
Jun 25 21:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: input_userauth_request: invalid user geoserver [preauth]
Jun 25 21:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 21:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Failed password for invalid user geoserver from 102.210.149.105 port 43750 ssh2
Jun 25 21:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Received disconnect from 102.210.149.105 port 43750:11: Bye Bye [preauth]
Jun 25 21:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11096]: Disconnected from 102.210.149.105 port 43750 [preauth]
Jun 25 21:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 21:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Failed password for root from 203.200.74.18 port 9164 ssh2
Jun 25 21:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Received disconnect from 203.200.74.18 port 9164:11: Bye Bye [preauth]
Jun 25 21:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Disconnected from 203.200.74.18 port 9164 [preauth]
Jun 25 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Invalid user test from 5.182.83.231
Jun 25 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: input_userauth_request: invalid user test [preauth]
Jun 25 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Failed password for invalid user test from 5.182.83.231 port 53528 ssh2
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Received disconnect from 5.182.83.231 port 53528:11: Bye Bye [preauth]
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Disconnected from 5.182.83.231 port 53528 [preauth]
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: Successful su for rubyman by root
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: + ??? root:rubyman
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592684 of user rubyman.
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592684.
Jun 25 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8375]: pam_unix(cron:session): session closed for user root
Jun 25 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10209]: pam_unix(cron:session): session closed for user root
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11591]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11589]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: Successful su for rubyman by root
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: + ??? root:rubyman
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592690 of user rubyman.
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592690.
Jun 25 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session closed for user root
Jun 25 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11590]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10702]: pam_unix(cron:session): session closed for user root
Jun 25 21:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 21:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Failed password for root from 203.200.74.18 port 39704 ssh2
Jun 25 21:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Received disconnect from 203.200.74.18 port 39704:11: Bye Bye [preauth]
Jun 25 21:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Disconnected from 203.200.74.18 port 39704 [preauth]
Jun 25 21:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: Invalid user test1 from 102.210.149.105
Jun 25 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: input_userauth_request: invalid user test1 [preauth]
Jun 25 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12049]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12114]: Successful su for rubyman by root
Jun 25 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12114]: + ??? root:rubyman
Jun 25 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592693 of user rubyman.
Jun 25 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12114]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592693.
Jun 25 21:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: Failed password for invalid user test1 from 102.210.149.105 port 35638 ssh2
Jun 25 21:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: Received disconnect from 102.210.149.105 port 35638:11: Bye Bye [preauth]
Jun 25 21:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12046]: Disconnected from 102.210.149.105 port 35638 [preauth]
Jun 25 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9212]: pam_unix(cron:session): session closed for user root
Jun 25 21:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12050]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Invalid user deploy from 5.182.83.231
Jun 25 21:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: input_userauth_request: invalid user deploy [preauth]
Jun 25 21:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 21:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Failed password for invalid user deploy from 5.182.83.231 port 34970 ssh2
Jun 25 21:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Received disconnect from 5.182.83.231 port 34970:11: Bye Bye [preauth]
Jun 25 21:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Disconnected from 5.182.83.231 port 34970 [preauth]
Jun 25 21:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session closed for user root
Jun 25 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12571]: pam_unix(cron:session): session closed for user p13x
Jun 25 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12636]: Successful su for rubyman by root
Jun 25 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12636]: + ??? root:rubyman
Jun 25 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592698 of user rubyman.
Jun 25 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12636]: pam_unix(su:session): session closed for user rubyman
Jun 25 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592698.
Jun 25 21:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9628]: pam_unix(cron:session): session closed for user root
Jun 25 21:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12572]: pam_unix(cron:session): session closed for user samftp
Jun 25 21:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 21:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: Failed password for root from 117.247.23.131 port 49484 ssh2
Jun 25 21:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: Received disconnect from 117.247.23.131 port 49484:11: Bye Bye [preauth]
Jun 25 21:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: Disconnected from 117.247.23.131 port 49484 [preauth]
Jun 25 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session closed for user root
Jun 25 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: Failed password for root from 80.66.85.226 port 38276 ssh2
Jun 25 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: Connection closed by 80.66.85.226 port 38276 [preauth]
Jun 25 21:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 21:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: Invalid user flex from 203.200.74.18
Jun 25 21:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: input_userauth_request: invalid user flex [preauth]
Jun 25 21:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 21:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 21:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: Failed password for root from 103.27.238.114 port 46348 ssh2
Jun 25 21:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: Connection closed by 103.27.238.114 port 46348 [preauth]
Jun 25 21:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: Failed password for invalid user flex from 203.200.74.18 port 34950 ssh2
Jun 25 21:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: Received disconnect from 203.200.74.18 port 34950:11: Bye Bye [preauth]
Jun 25 21:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: Disconnected from 203.200.74.18 port 34950 [preauth]
Jun 25 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12992]: pam_unix(cron:session): session closed for user root
Jun 25 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session closed for user root
Jun 25 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12990]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13081]: Successful su for rubyman by root
Jun 25 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13081]: + ??? root:rubyman
Jun 25 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592700 of user rubyman.
Jun 25 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13081]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592700.
Jun 25 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12993]: pam_unix(cron:session): session closed for user root
Jun 25 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10208]: pam_unix(cron:session): session closed for user root
Jun 25 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12991]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Invalid user gittest from 102.210.149.105
Jun 25 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: input_userauth_request: invalid user gittest [preauth]
Jun 25 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Failed password for invalid user gittest from 102.210.149.105 port 54664 ssh2
Jun 25 22:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Received disconnect from 102.210.149.105 port 54664:11: Bye Bye [preauth]
Jun 25 22:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Disconnected from 102.210.149.105 port 54664 [preauth]
Jun 25 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12052]: pam_unix(cron:session): session closed for user root
Jun 25 22:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Invalid user flex from 5.182.83.231
Jun 25 22:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: input_userauth_request: invalid user flex [preauth]
Jun 25 22:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Failed password for invalid user flex from 5.182.83.231 port 50696 ssh2
Jun 25 22:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Received disconnect from 5.182.83.231 port 50696:11: Bye Bye [preauth]
Jun 25 22:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Disconnected from 5.182.83.231 port 50696 [preauth]
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13499]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13568]: Successful su for rubyman by root
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13568]: + ??? root:rubyman
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592708 of user rubyman.
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13568]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592708.
Jun 25 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10701]: pam_unix(cron:session): session closed for user root
Jun 25 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13500]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12574]: pam_unix(cron:session): session closed for user root
Jun 25 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: Invalid user test from 203.200.74.18
Jun 25 22:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: input_userauth_request: invalid user test [preauth]
Jun 25 22:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 22:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: Failed password for invalid user test from 203.200.74.18 port 18846 ssh2
Jun 25 22:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: Received disconnect from 203.200.74.18 port 18846:11: Bye Bye [preauth]
Jun 25 22:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: Disconnected from 203.200.74.18 port 18846 [preauth]
Jun 25 22:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 22:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13869]: Failed password for root from 103.82.132.16 port 46914 ssh2
Jun 25 22:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13869]: Connection closed by 103.82.132.16 port 46914 [preauth]
Jun 25 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13924]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13921]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: Successful su for rubyman by root
Jun 25 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: + ??? root:rubyman
Jun 25 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592712 of user rubyman.
Jun 25 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592712.
Jun 25 22:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session closed for user root
Jun 25 22:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13922]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12995]: pam_unix(cron:session): session closed for user root
Jun 25 22:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Invalid user frappe from 117.247.23.131
Jun 25 22:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: input_userauth_request: invalid user frappe [preauth]
Jun 25 22:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 22:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Failed password for invalid user frappe from 117.247.23.131 port 38562 ssh2
Jun 25 22:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Received disconnect from 117.247.23.131 port 38562:11: Bye Bye [preauth]
Jun 25 22:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Disconnected from 117.247.23.131 port 38562 [preauth]
Jun 25 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Invalid user ahmed from 102.210.149.105
Jun 25 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: input_userauth_request: invalid user ahmed [preauth]
Jun 25 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Failed password for invalid user ahmed from 102.210.149.105 port 48116 ssh2
Jun 25 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Received disconnect from 102.210.149.105 port 48116:11: Bye Bye [preauth]
Jun 25 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Disconnected from 102.210.149.105 port 48116 [preauth]
Jun 25 22:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: Failed password for root from 5.182.83.231 port 48386 ssh2
Jun 25 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: Received disconnect from 5.182.83.231 port 48386:11: Bye Bye [preauth]
Jun 25 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: Disconnected from 5.182.83.231 port 48386 [preauth]
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14320]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: Successful su for rubyman by root
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: + ??? root:rubyman
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592716 of user rubyman.
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592716.
Jun 25 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11591]: pam_unix(cron:session): session closed for user root
Jun 25 22:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13502]: pam_unix(cron:session): session closed for user root
Jun 25 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Invalid user steam from 203.200.74.18
Jun 25 22:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: input_userauth_request: invalid user steam [preauth]
Jun 25 22:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 22:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Failed password for invalid user steam from 203.200.74.18 port 41790 ssh2
Jun 25 22:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Received disconnect from 203.200.74.18 port 41790:11: Bye Bye [preauth]
Jun 25 22:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Disconnected from 203.200.74.18 port 41790 [preauth]
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14795]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14857]: Successful su for rubyman by root
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14857]: + ??? root:rubyman
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592719 of user rubyman.
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14857]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592719.
Jun 25 22:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12051]: pam_unix(cron:session): session closed for user root
Jun 25 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14796]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15054]: Bad protocol version identification '\026\003\001' from 65.49.1.38 port 32570
Jun 25 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13925]: pam_unix(cron:session): session closed for user root
Jun 25 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15215]: pam_unix(cron:session): session closed for user root
Jun 25 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15209]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15282]: Successful su for rubyman by root
Jun 25 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15282]: + ??? root:rubyman
Jun 25 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592728 of user rubyman.
Jun 25 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15282]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592728.
Jun 25 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15212]: pam_unix(cron:session): session closed for user root
Jun 25 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12573]: pam_unix(cron:session): session closed for user root
Jun 25 22:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Failed password for root from 5.182.83.231 port 57476 ssh2
Jun 25 22:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Received disconnect from 5.182.83.231 port 57476:11: Bye Bye [preauth]
Jun 25 22:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Disconnected from 5.182.83.231 port 57476 [preauth]
Jun 25 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=root
Jun 25 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15211]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15423]: Failed password for root from 102.210.149.105 port 56232 ssh2
Jun 25 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15423]: Received disconnect from 102.210.149.105 port 56232:11: Bye Bye [preauth]
Jun 25 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15423]: Disconnected from 102.210.149.105 port 56232 [preauth]
Jun 25 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14320]: pam_unix(cron:session): session closed for user root
Jun 25 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: Invalid user deploy from 203.200.74.18
Jun 25 22:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: input_userauth_request: invalid user deploy [preauth]
Jun 25 22:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 22:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: Failed password for invalid user deploy from 203.200.74.18 port 49366 ssh2
Jun 25 22:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: Received disconnect from 203.200.74.18 port 49366:11: Bye Bye [preauth]
Jun 25 22:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: Disconnected from 203.200.74.18 port 49366 [preauth]
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15627]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15697]: Successful su for rubyman by root
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15697]: + ??? root:rubyman
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592730 of user rubyman.
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15697]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592730.
Jun 25 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session closed for user root
Jun 25 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15628]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15906]: Failed password for root from 117.247.23.131 port 52375 ssh2
Jun 25 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15906]: Received disconnect from 117.247.23.131 port 52375:11: Bye Bye [preauth]
Jun 25 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15906]: Disconnected from 117.247.23.131 port 52375 [preauth]
Jun 25 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14798]: pam_unix(cron:session): session closed for user root
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16018]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16080]: Successful su for rubyman by root
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16080]: + ??? root:rubyman
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592733 of user rubyman.
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16080]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592733.
Jun 25 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13501]: pam_unix(cron:session): session closed for user root
Jun 25 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16019]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Invalid user ubuntu from 5.182.83.231
Jun 25 22:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 22:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Failed password for invalid user ubuntu from 5.182.83.231 port 36792 ssh2
Jun 25 22:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Received disconnect from 5.182.83.231 port 36792:11: Bye Bye [preauth]
Jun 25 22:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Disconnected from 5.182.83.231 port 36792 [preauth]
Jun 25 22:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: Invalid user jason from 203.200.74.18
Jun 25 22:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: input_userauth_request: invalid user jason [preauth]
Jun 25 22:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 22:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15214]: pam_unix(cron:session): session closed for user root
Jun 25 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: Failed password for invalid user jason from 203.200.74.18 port 38970 ssh2
Jun 25 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: Received disconnect from 203.200.74.18 port 38970:11: Bye Bye [preauth]
Jun 25 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16327]: Disconnected from 203.200.74.18 port 38970 [preauth]
Jun 25 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Invalid user dennis from 102.210.149.105
Jun 25 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: input_userauth_request: invalid user dennis [preauth]
Jun 25 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Failed password for invalid user dennis from 102.210.149.105 port 53558 ssh2
Jun 25 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Received disconnect from 102.210.149.105 port 53558:11: Bye Bye [preauth]
Jun 25 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Disconnected from 102.210.149.105 port 53558 [preauth]
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16414]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16478]: Successful su for rubyman by root
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16478]: + ??? root:rubyman
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592737 of user rubyman.
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16478]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592737.
Jun 25 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13924]: pam_unix(cron:session): session closed for user root
Jun 25 22:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16415]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session closed for user root
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16817]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17033]: Successful su for rubyman by root
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17033]: + ??? root:rubyman
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592742 of user rubyman.
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17033]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592742.
Jun 25 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16815]: pam_unix(cron:session): session closed for user root
Jun 25 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14319]: pam_unix(cron:session): session closed for user root
Jun 25 22:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16818]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Invalid user def from 5.182.83.231
Jun 25 22:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: input_userauth_request: invalid user def [preauth]
Jun 25 22:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Failed password for invalid user def from 5.182.83.231 port 55082 ssh2
Jun 25 22:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Received disconnect from 5.182.83.231 port 55082:11: Bye Bye [preauth]
Jun 25 22:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Disconnected from 5.182.83.231 port 55082 [preauth]
Jun 25 22:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18  user=root
Jun 25 22:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: Failed password for root from 203.200.74.18 port 20284 ssh2
Jun 25 22:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: Received disconnect from 203.200.74.18 port 20284:11: Bye Bye [preauth]
Jun 25 22:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: Disconnected from 203.200.74.18 port 20284 [preauth]
Jun 25 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16021]: pam_unix(cron:session): session closed for user root
Jun 25 22:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Invalid user openstack from 117.247.23.131
Jun 25 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: input_userauth_request: invalid user openstack [preauth]
Jun 25 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 22:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Failed password for invalid user openstack from 117.247.23.131 port 60400 ssh2
Jun 25 22:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Received disconnect from 117.247.23.131 port 60400:11: Bye Bye [preauth]
Jun 25 22:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Disconnected from 117.247.23.131 port 60400 [preauth]
Jun 25 22:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Invalid user tech from 102.210.149.105
Jun 25 22:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: input_userauth_request: invalid user tech [preauth]
Jun 25 22:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17419]: pam_unix(cron:session): session closed for user root
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17414]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17490]: Successful su for rubyman by root
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17490]: + ??? root:rubyman
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592750 of user rubyman.
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17490]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592750.
Jun 25 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Failed password for invalid user tech from 102.210.149.105 port 34536 ssh2
Jun 25 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Received disconnect from 102.210.149.105 port 34536:11: Bye Bye [preauth]
Jun 25 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Disconnected from 102.210.149.105 port 34536 [preauth]
Jun 25 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: Invalid user sysadmin from 141.98.83.240
Jun 25 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: input_userauth_request: invalid user sysadmin [preauth]
Jun 25 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14797]: pam_unix(cron:session): session closed for user root
Jun 25 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17416]: pam_unix(cron:session): session closed for user root
Jun 25 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: Failed password for invalid user sysadmin from 141.98.83.240 port 41994 ssh2
Jun 25 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17415]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: Failed password for invalid user sysadmin from 141.98.83.240 port 41994 ssh2
Jun 25 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: Failed password for invalid user sysadmin from 141.98.83.240 port 41994 ssh2
Jun 25 22:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: Connection closed by 141.98.83.240 port 41994 [preauth]
Jun 25 22:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16417]: pam_unix(cron:session): session closed for user root
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17944]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18015]: Successful su for rubyman by root
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18015]: + ??? root:rubyman
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592752 of user rubyman.
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18015]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592752.
Jun 25 22:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15213]: pam_unix(cron:session): session closed for user root
Jun 25 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17945]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Invalid user ubuntu from 203.200.74.18
Jun 25 22:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 22:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Failed password for invalid user ubuntu from 203.200.74.18 port 45434 ssh2
Jun 25 22:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Received disconnect from 203.200.74.18 port 45434:11: Bye Bye [preauth]
Jun 25 22:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Disconnected from 203.200.74.18 port 45434 [preauth]
Jun 25 22:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16821]: pam_unix(cron:session): session closed for user root
Jun 25 22:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: Invalid user ubuntu from 5.182.83.231
Jun 25 22:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 22:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: Failed password for invalid user ubuntu from 5.182.83.231 port 44984 ssh2
Jun 25 22:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: Received disconnect from 5.182.83.231 port 44984:11: Bye Bye [preauth]
Jun 25 22:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18326]: Disconnected from 5.182.83.231 port 44984 [preauth]
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18401]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18534]: Successful su for rubyman by root
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18534]: + ??? root:rubyman
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592756 of user rubyman.
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18534]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592756.
Jun 25 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15629]: pam_unix(cron:session): session closed for user root
Jun 25 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18402]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=root
Jun 25 22:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: Failed password for root from 102.210.149.105 port 45642 ssh2
Jun 25 22:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: Received disconnect from 102.210.149.105 port 45642:11: Bye Bye [preauth]
Jun 25 22:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: Disconnected from 102.210.149.105 port 45642 [preauth]
Jun 25 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17418]: pam_unix(cron:session): session closed for user root
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: Successful su for rubyman by root
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: + ??? root:rubyman
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592760 of user rubyman.
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592760.
Jun 25 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16020]: pam_unix(cron:session): session closed for user root
Jun 25 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Invalid user neerja from 203.200.74.18
Jun 25 22:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: input_userauth_request: invalid user neerja [preauth]
Jun 25 22:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Failed password for invalid user neerja from 203.200.74.18 port 53382 ssh2
Jun 25 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Received disconnect from 203.200.74.18 port 53382:11: Bye Bye [preauth]
Jun 25 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Disconnected from 203.200.74.18 port 53382 [preauth]
Jun 25 22:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session closed for user root
Jun 25 22:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: Invalid user admin from 117.247.23.131
Jun 25 22:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: input_userauth_request: invalid user admin [preauth]
Jun 25 22:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 22:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: Failed password for invalid user admin from 117.247.23.131 port 49454 ssh2
Jun 25 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: Received disconnect from 117.247.23.131 port 49454:11: Bye Bye [preauth]
Jun 25 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: Disconnected from 117.247.23.131 port 49454 [preauth]
Jun 25 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 22:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: Failed password for root from 5.182.83.231 port 38608 ssh2
Jun 25 22:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: Received disconnect from 5.182.83.231 port 38608:11: Bye Bye [preauth]
Jun 25 22:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: Disconnected from 5.182.83.231 port 38608 [preauth]
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19397]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19459]: Successful su for rubyman by root
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19459]: + ??? root:rubyman
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592764 of user rubyman.
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19459]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592764.
Jun 25 22:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16416]: pam_unix(cron:session): session closed for user root
Jun 25 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19398]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18404]: pam_unix(cron:session): session closed for user root
Jun 25 22:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Invalid user user from 102.210.149.105
Jun 25 22:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: input_userauth_request: invalid user user [preauth]
Jun 25 22:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Failed password for invalid user user from 102.210.149.105 port 43134 ssh2
Jun 25 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Received disconnect from 102.210.149.105 port 43134:11: Bye Bye [preauth]
Jun 25 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Disconnected from 102.210.149.105 port 43134 [preauth]
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20021]: pam_unix(cron:session): session closed for user root
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20015]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20082]: Successful su for rubyman by root
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20082]: + ??? root:rubyman
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592768 of user rubyman.
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20082]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592768.
Jun 25 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20017]: pam_unix(cron:session): session closed for user root
Jun 25 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16819]: pam_unix(cron:session): session closed for user root
Jun 25 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Invalid user tu from 203.200.74.18
Jun 25 22:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: input_userauth_request: invalid user tu [preauth]
Jun 25 22:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Failed password for invalid user tu from 203.200.74.18 port 30978 ssh2
Jun 25 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Received disconnect from 203.200.74.18 port 30978:11: Bye Bye [preauth]
Jun 25 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20427]: Disconnected from 203.200.74.18 port 30978 [preauth]
Jun 25 22:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18904]: pam_unix(cron:session): session closed for user root
Jun 25 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20552]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20626]: Successful su for rubyman by root
Jun 25 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20626]: + ??? root:rubyman
Jun 25 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592775 of user rubyman.
Jun 25 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20626]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592775.
Jun 25 22:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17417]: pam_unix(cron:session): session closed for user root
Jun 25 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20553]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 22:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Failed password for root from 5.182.83.231 port 43354 ssh2
Jun 25 22:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Received disconnect from 5.182.83.231 port 43354:11: Bye Bye [preauth]
Jun 25 22:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Disconnected from 5.182.83.231 port 43354 [preauth]
Jun 25 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19400]: pam_unix(cron:session): session closed for user root
Jun 25 22:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Invalid user admin from 193.46.255.86
Jun 25 22:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: input_userauth_request: invalid user admin [preauth]
Jun 25 22:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 22:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Failed password for invalid user admin from 193.46.255.86 port 43514 ssh2
Jun 25 22:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Failed password for invalid user admin from 193.46.255.86 port 43514 ssh2
Jun 25 22:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Failed password for invalid user admin from 193.46.255.86 port 43514 ssh2
Jun 25 22:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Connection closed by 193.46.255.86 port 43514 [preauth]
Jun 25 22:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session closed for user root
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21050]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: Successful su for rubyman by root
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: + ??? root:rubyman
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592780 of user rubyman.
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21116]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592780.
Jun 25 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17946]: pam_unix(cron:session): session closed for user root
Jun 25 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21051]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=root
Jun 25 22:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: Failed password for root from 102.210.149.105 port 44290 ssh2
Jun 25 22:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: Received disconnect from 102.210.149.105 port 44290:11: Bye Bye [preauth]
Jun 25 22:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: Disconnected from 102.210.149.105 port 44290 [preauth]
Jun 25 22:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 22:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: Failed password for root from 117.247.23.131 port 58434 ssh2
Jun 25 22:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: Received disconnect from 117.247.23.131 port 58434:11: Bye Bye [preauth]
Jun 25 22:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: Disconnected from 117.247.23.131 port 58434 [preauth]
Jun 25 22:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Invalid user pasha from 203.200.74.18
Jun 25 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: input_userauth_request: invalid user pasha [preauth]
Jun 25 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 22:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Failed password for invalid user pasha from 203.200.74.18 port 48536 ssh2
Jun 25 22:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Received disconnect from 203.200.74.18 port 48536:11: Bye Bye [preauth]
Jun 25 22:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Disconnected from 203.200.74.18 port 48536 [preauth]
Jun 25 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20019]: pam_unix(cron:session): session closed for user root
Jun 25 22:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 22:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: Failed password for root from 103.27.238.116 port 60936 ssh2
Jun 25 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: Connection closed by 103.27.238.116 port 60936 [preauth]
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21478]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: Successful su for rubyman by root
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: + ??? root:rubyman
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592783 of user rubyman.
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592783.
Jun 25 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18403]: pam_unix(cron:session): session closed for user root
Jun 25 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21479]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20555]: pam_unix(cron:session): session closed for user root
Jun 25 22:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Invalid user petra from 5.182.83.231
Jun 25 22:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: input_userauth_request: invalid user petra [preauth]
Jun 25 22:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Failed password for invalid user petra from 5.182.83.231 port 59244 ssh2
Jun 25 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Received disconnect from 5.182.83.231 port 59244:11: Bye Bye [preauth]
Jun 25 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Disconnected from 5.182.83.231 port 59244 [preauth]
Jun 25 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21908]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21971]: Successful su for rubyman by root
Jun 25 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21971]: + ??? root:rubyman
Jun 25 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592787 of user rubyman.
Jun 25 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21971]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592787.
Jun 25 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18903]: pam_unix(cron:session): session closed for user root
Jun 25 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21909]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Invalid user elsearch from 203.200.74.18
Jun 25 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: input_userauth_request: invalid user elsearch [preauth]
Jun 25 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 22:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Failed password for invalid user elsearch from 203.200.74.18 port 49406 ssh2
Jun 25 22:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Received disconnect from 203.200.74.18 port 49406:11: Bye Bye [preauth]
Jun 25 22:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Disconnected from 203.200.74.18 port 49406 [preauth]
Jun 25 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session closed for user root
Jun 25 22:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=root
Jun 25 22:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: Failed password for root from 102.210.149.105 port 33350 ssh2
Jun 25 22:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: Received disconnect from 102.210.149.105 port 33350:11: Bye Bye [preauth]
Jun 25 22:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: Disconnected from 102.210.149.105 port 33350 [preauth]
Jun 25 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22407]: pam_unix(cron:session): session closed for user root
Jun 25 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22402]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22471]: Successful su for rubyman by root
Jun 25 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22471]: + ??? root:rubyman
Jun 25 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592793 of user rubyman.
Jun 25 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22471]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592793.
Jun 25 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22404]: pam_unix(cron:session): session closed for user root
Jun 25 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19399]: pam_unix(cron:session): session closed for user root
Jun 25 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22403]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21481]: pam_unix(cron:session): session closed for user root
Jun 25 22:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 22:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: Failed password for root from 5.182.83.231 port 34196 ssh2
Jun 25 22:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: Received disconnect from 5.182.83.231 port 34196:11: Bye Bye [preauth]
Jun 25 22:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: Disconnected from 5.182.83.231 port 34196 [preauth]
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22914]: Successful su for rubyman by root
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22914]: + ??? root:rubyman
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592797 of user rubyman.
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22914]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592797.
Jun 25 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20018]: pam_unix(cron:session): session closed for user root
Jun 25 22:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 22:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Failed password for root from 117.247.23.131 port 55394 ssh2
Jun 25 22:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Received disconnect from 117.247.23.131 port 55394:11: Bye Bye [preauth]
Jun 25 22:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Disconnected from 117.247.23.131 port 55394 [preauth]
Jun 25 22:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: Invalid user elasticsearch from 203.200.74.18
Jun 25 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 25 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.200.74.18
Jun 25 22:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: Failed password for invalid user elasticsearch from 203.200.74.18 port 37550 ssh2
Jun 25 22:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: Received disconnect from 203.200.74.18 port 37550:11: Bye Bye [preauth]
Jun 25 22:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23118]: Disconnected from 203.200.74.18 port 37550 [preauth]
Jun 25 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21911]: pam_unix(cron:session): session closed for user root
Jun 25 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23256]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23323]: Successful su for rubyman by root
Jun 25 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23323]: + ??? root:rubyman
Jun 25 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592802 of user rubyman.
Jun 25 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23323]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592802.
Jun 25 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20554]: pam_unix(cron:session): session closed for user root
Jun 25 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23257]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=root
Jun 25 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Failed password for root from 102.210.149.105 port 45302 ssh2
Jun 25 22:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Received disconnect from 102.210.149.105 port 45302:11: Bye Bye [preauth]
Jun 25 22:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Disconnected from 102.210.149.105 port 45302 [preauth]
Jun 25 22:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22406]: pam_unix(cron:session): session closed for user root
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23681]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: Successful su for rubyman by root
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: + ??? root:rubyman
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592805 of user rubyman.
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592805.
Jun 25 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21052]: pam_unix(cron:session): session closed for user root
Jun 25 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23678]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Invalid user ubuntu from 5.182.83.231
Jun 25 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Failed password for invalid user ubuntu from 5.182.83.231 port 39168 ssh2
Jun 25 22:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Received disconnect from 5.182.83.231 port 39168:11: Bye Bye [preauth]
Jun 25 22:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Disconnected from 5.182.83.231 port 39168 [preauth]
Jun 25 22:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 22:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: Failed password for root from 103.149.28.157 port 59528 ssh2
Jun 25 22:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: Connection closed by 103.149.28.157 port 59528 [preauth]
Jun 25 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22850]: pam_unix(cron:session): session closed for user root
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24193]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24274]: Successful su for rubyman by root
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24274]: + ??? root:rubyman
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592811 of user rubyman.
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24274]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592811.
Jun 25 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21480]: pam_unix(cron:session): session closed for user root
Jun 25 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24194]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session closed for user root
Jun 25 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24620]: pam_unix(cron:session): session closed for user root
Jun 25 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24615]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: Successful su for rubyman by root
Jun 25 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: + ??? root:rubyman
Jun 25 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592817 of user rubyman.
Jun 25 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592817.
Jun 25 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24617]: pam_unix(cron:session): session closed for user root
Jun 25 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21910]: pam_unix(cron:session): session closed for user root
Jun 25 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131  user=root
Jun 25 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=root
Jun 25 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24616]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for root from 117.247.23.131 port 51831 ssh2
Jun 25 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Received disconnect from 117.247.23.131 port 51831:11: Bye Bye [preauth]
Jun 25 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Disconnected from 117.247.23.131 port 51831 [preauth]
Jun 25 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Failed password for root from 102.210.149.105 port 41138 ssh2
Jun 25 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Received disconnect from 102.210.149.105 port 41138:11: Bye Bye [preauth]
Jun 25 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Disconnected from 102.210.149.105 port 41138 [preauth]
Jun 25 22:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Invalid user jason from 5.182.83.231
Jun 25 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: input_userauth_request: invalid user jason [preauth]
Jun 25 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Failed password for invalid user jason from 5.182.83.231 port 34000 ssh2
Jun 25 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Received disconnect from 5.182.83.231 port 34000:11: Bye Bye [preauth]
Jun 25 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24949]: Disconnected from 5.182.83.231 port 34000 [preauth]
Jun 25 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23681]: pam_unix(cron:session): session closed for user root
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25066]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25134]: Successful su for rubyman by root
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25134]: + ??? root:rubyman
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592820 of user rubyman.
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25134]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592820.
Jun 25 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22405]: pam_unix(cron:session): session closed for user root
Jun 25 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25067]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24196]: pam_unix(cron:session): session closed for user root
Jun 25 22:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 25 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: Failed password for root from 46.19.67.181 port 57974 ssh2
Jun 25 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: Connection closed by 46.19.67.181 port 57974 [preauth]
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25471]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25537]: Successful su for rubyman by root
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25537]: + ??? root:rubyman
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592823 of user rubyman.
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25537]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592823.
Jun 25 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22849]: pam_unix(cron:session): session closed for user root
Jun 25 22:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25472]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 25 22:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Failed password for root from 103.82.20.28 port 39268 ssh2
Jun 25 22:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Connection closed by 103.82.20.28 port 39268 [preauth]
Jun 25 22:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24619]: pam_unix(cron:session): session closed for user root
Jun 25 22:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: Invalid user pasha from 5.182.83.231
Jun 25 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: input_userauth_request: invalid user pasha [preauth]
Jun 25 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: Failed password for invalid user pasha from 5.182.83.231 port 53892 ssh2
Jun 25 22:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: Received disconnect from 5.182.83.231 port 53892:11: Bye Bye [preauth]
Jun 25 22:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25807]: Disconnected from 5.182.83.231 port 53892 [preauth]
Jun 25 22:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25869]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25867]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25928]: Successful su for rubyman by root
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25928]: + ??? root:rubyman
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592827 of user rubyman.
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25928]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592827.
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Invalid user q from 102.210.149.105
Jun 25 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: input_userauth_request: invalid user q [preauth]
Jun 25 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Failed password for invalid user q from 102.210.149.105 port 45984 ssh2
Jun 25 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Received disconnect from 102.210.149.105 port 45984:11: Bye Bye [preauth]
Jun 25 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Disconnected from 102.210.149.105 port 45984 [preauth]
Jun 25 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23258]: pam_unix(cron:session): session closed for user root
Jun 25 22:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25868]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25071]: pam_unix(cron:session): session closed for user root
Jun 25 22:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Invalid user ubuntu from 117.247.23.131
Jun 25 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 22:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Failed password for invalid user ubuntu from 117.247.23.131 port 51441 ssh2
Jun 25 22:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Received disconnect from 117.247.23.131 port 51441:11: Bye Bye [preauth]
Jun 25 22:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26223]: Disconnected from 117.247.23.131 port 51441 [preauth]
Jun 25 22:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: Invalid user admin from 2.57.121.25
Jun 25 22:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: input_userauth_request: invalid user admin [preauth]
Jun 25 22:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 22:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: Failed password for invalid user admin from 2.57.121.25 port 36032 ssh2
Jun 25 22:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: Failed password for invalid user admin from 2.57.121.25 port 36032 ssh2
Jun 25 22:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: Failed password for invalid user admin from 2.57.121.25 port 36032 ssh2
Jun 25 22:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: Connection closed by 2.57.121.25 port 36032 [preauth]
Jun 25 22:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26260]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: Successful su for rubyman by root
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: + ??? root:rubyman
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592831 of user rubyman.
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592831.
Jun 25 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23680]: pam_unix(cron:session): session closed for user root
Jun 25 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26261]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25474]: pam_unix(cron:session): session closed for user root
Jun 25 22:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 22:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Failed password for root from 202.178.126.219 port 57148 ssh2
Jun 25 22:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Connection closed by 202.178.126.219 port 57148 [preauth]
Jun 25 22:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Invalid user neerja from 5.182.83.231
Jun 25 22:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: input_userauth_request: invalid user neerja [preauth]
Jun 25 22:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Failed password for invalid user neerja from 5.182.83.231 port 53888 ssh2
Jun 25 22:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Received disconnect from 5.182.83.231 port 53888:11: Bye Bye [preauth]
Jun 25 22:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Disconnected from 5.182.83.231 port 53888 [preauth]
Jun 25 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session closed for user root
Jun 25 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26665]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26817]: Successful su for rubyman by root
Jun 25 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26817]: + ??? root:rubyman
Jun 25 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592835 of user rubyman.
Jun 25 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26817]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592835.
Jun 25 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26668]: pam_unix(cron:session): session closed for user root
Jun 25 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24195]: pam_unix(cron:session): session closed for user root
Jun 25 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26667]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105  user=root
Jun 25 22:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: Failed password for root from 102.210.149.105 port 34134 ssh2
Jun 25 22:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: Received disconnect from 102.210.149.105 port 34134:11: Bye Bye [preauth]
Jun 25 22:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: Disconnected from 102.210.149.105 port 34134 [preauth]
Jun 25 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25870]: pam_unix(cron:session): session closed for user root
Jun 25 22:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: Connection closed by 194.59.206.2 port 39618 [preauth]
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27262]: Successful su for rubyman by root
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27262]: + ??? root:rubyman
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592841 of user rubyman.
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27262]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592841.
Jun 25 22:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24618]: pam_unix(cron:session): session closed for user root
Jun 25 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26263]: pam_unix(cron:session): session closed for user root
Jun 25 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27618]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27616]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: Successful su for rubyman by root
Jun 25 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: + ??? root:rubyman
Jun 25 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592846 of user rubyman.
Jun 25 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592846.
Jun 25 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25069]: pam_unix(cron:session): session closed for user root
Jun 25 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27617]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 22:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27907]: Failed password for root from 5.182.83.231 port 39994 ssh2
Jun 25 22:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27907]: Received disconnect from 5.182.83.231 port 39994:11: Bye Bye [preauth]
Jun 25 22:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27907]: Disconnected from 5.182.83.231 port 39994 [preauth]
Jun 25 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26676]: pam_unix(cron:session): session closed for user root
Jun 25 22:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: Invalid user ww from 117.247.23.131
Jun 25 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: input_userauth_request: invalid user ww [preauth]
Jun 25 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 22:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: Failed password for invalid user ww from 117.247.23.131 port 35850 ssh2
Jun 25 22:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: Received disconnect from 117.247.23.131 port 35850:11: Bye Bye [preauth]
Jun 25 22:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27972]: Disconnected from 117.247.23.131 port 35850 [preauth]
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28039]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28150]: Successful su for rubyman by root
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28150]: + ??? root:rubyman
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592849 of user rubyman.
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28150]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592849.
Jun 25 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25473]: pam_unix(cron:session): session closed for user root
Jun 25 22:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28040]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Invalid user sanjay from 102.210.149.105
Jun 25 22:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: input_userauth_request: invalid user sanjay [preauth]
Jun 25 22:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Failed password for invalid user sanjay from 102.210.149.105 port 49302 ssh2
Jun 25 22:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Received disconnect from 102.210.149.105 port 49302:11: Bye Bye [preauth]
Jun 25 22:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Disconnected from 102.210.149.105 port 49302 [preauth]
Jun 25 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session closed for user root
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28480]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28549]: Successful su for rubyman by root
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28549]: + ??? root:rubyman
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592853 of user rubyman.
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28549]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592853.
Jun 25 22:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25869]: pam_unix(cron:session): session closed for user root
Jun 25 22:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28481]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 25 22:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: Failed password for root from 94.159.110.201 port 36052 ssh2
Jun 25 22:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: Connection closed by 94.159.110.201 port 36052 [preauth]
Jun 25 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27619]: pam_unix(cron:session): session closed for user root
Jun 25 22:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Invalid user elasticsearch from 5.182.83.231
Jun 25 22:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 25 22:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Failed password for invalid user elasticsearch from 5.182.83.231 port 37538 ssh2
Jun 25 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Received disconnect from 5.182.83.231 port 37538:11: Bye Bye [preauth]
Jun 25 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28945]: Disconnected from 5.182.83.231 port 37538 [preauth]
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28996]: pam_unix(cron:session): session closed for user root
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28990]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29067]: Successful su for rubyman by root
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29067]: + ??? root:rubyman
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592860 of user rubyman.
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29067]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592860.
Jun 25 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28993]: pam_unix(cron:session): session closed for user root
Jun 25 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26262]: pam_unix(cron:session): session closed for user root
Jun 25 22:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28992]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Invalid user luther from 2.57.121.112
Jun 25 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: input_userauth_request: invalid user luther [preauth]
Jun 25 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 22:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Failed password for invalid user luther from 2.57.121.112 port 61878 ssh2
Jun 25 22:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Failed password for invalid user luther from 2.57.121.112 port 61878 ssh2
Jun 25 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Failed password for invalid user luther from 2.57.121.112 port 61878 ssh2
Jun 25 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Invalid user user from 102.210.149.105
Jun 25 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: input_userauth_request: invalid user user [preauth]
Jun 25 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Failed password for invalid user luther from 2.57.121.112 port 61878 ssh2
Jun 25 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28042]: pam_unix(cron:session): session closed for user root
Jun 25 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Failed password for invalid user user from 102.210.149.105 port 38518 ssh2
Jun 25 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Received disconnect from 102.210.149.105 port 38518:11: Bye Bye [preauth]
Jun 25 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Disconnected from 102.210.149.105 port 38518 [preauth]
Jun 25 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Failed password for invalid user luther from 2.57.121.112 port 61878 ssh2
Jun 25 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Connection closed by 2.57.121.112 port 61878 [preauth]
Jun 25 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 22:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 25 22:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: Failed password for root from 176.32.39.21 port 48946 ssh2
Jun 25 22:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29426]: Connection closed by 176.32.39.21 port 48946 [preauth]
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29458]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29455]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29626]: Successful su for rubyman by root
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29626]: + ??? root:rubyman
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592863 of user rubyman.
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29626]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592863.
Jun 25 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session closed for user root
Jun 25 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29457]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Invalid user yf from 117.247.23.131
Jun 25 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: input_userauth_request: invalid user yf [preauth]
Jun 25 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 22:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28483]: pam_unix(cron:session): session closed for user root
Jun 25 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Failed password for invalid user yf from 117.247.23.131 port 59230 ssh2
Jun 25 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 25 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Received disconnect from 117.247.23.131 port 59230:11: Bye Bye [preauth]
Jun 25 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Disconnected from 117.247.23.131 port 59230 [preauth]
Jun 25 22:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Failed password for root from 103.122.221.179 port 59690 ssh2
Jun 25 22:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Connection closed by 103.122.221.179 port 59690 [preauth]
Jun 25 22:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: Failed password for root from 38.93.206.2 port 26626 ssh2
Jun 25 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: Connection closed by 38.93.206.2 port 26626 [preauth]
Jun 25 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30003]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30068]: Successful su for rubyman by root
Jun 25 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30068]: + ??? root:rubyman
Jun 25 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592867 of user rubyman.
Jun 25 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30068]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592867.
Jun 25 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27193]: pam_unix(cron:session): session closed for user root
Jun 25 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Invalid user miriam from 5.182.83.231
Jun 25 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: input_userauth_request: invalid user miriam [preauth]
Jun 25 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30004]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Failed password for invalid user miriam from 5.182.83.231 port 49512 ssh2
Jun 25 22:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Received disconnect from 5.182.83.231 port 49512:11: Bye Bye [preauth]
Jun 25 22:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Disconnected from 5.182.83.231 port 49512 [preauth]
Jun 25 22:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28995]: pam_unix(cron:session): session closed for user root
Jun 25 22:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Invalid user user from 141.98.83.240
Jun 25 22:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: input_userauth_request: invalid user user [preauth]
Jun 25 22:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 22:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Failed password for invalid user user from 141.98.83.240 port 5596 ssh2
Jun 25 22:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Failed password for invalid user user from 141.98.83.240 port 5596 ssh2
Jun 25 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Failed password for invalid user user from 141.98.83.240 port 5596 ssh2
Jun 25 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Connection closed by 141.98.83.240 port 5596 [preauth]
Jun 25 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 22:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: Invalid user postgresql from 102.210.149.105
Jun 25 22:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: input_userauth_request: invalid user postgresql [preauth]
Jun 25 22:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: Failed password for invalid user postgresql from 102.210.149.105 port 55950 ssh2
Jun 25 22:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: Received disconnect from 102.210.149.105 port 55950:11: Bye Bye [preauth]
Jun 25 22:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: Disconnected from 102.210.149.105 port 55950 [preauth]
Jun 25 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30419]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30484]: Successful su for rubyman by root
Jun 25 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30484]: + ??? root:rubyman
Jun 25 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592871 of user rubyman.
Jun 25 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30484]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592871.
Jun 25 22:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27618]: pam_unix(cron:session): session closed for user root
Jun 25 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30420]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29459]: pam_unix(cron:session): session closed for user root
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30843]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31064]: Successful su for rubyman by root
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31064]: + ??? root:rubyman
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592877 of user rubyman.
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31064]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592877.
Jun 25 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session closed for user root
Jun 25 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28041]: pam_unix(cron:session): session closed for user root
Jun 25 22:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30844]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Failed password for root from 5.182.83.231 port 45708 ssh2
Jun 25 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Received disconnect from 5.182.83.231 port 45708:11: Bye Bye [preauth]
Jun 25 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Disconnected from 5.182.83.231 port 45708 [preauth]
Jun 25 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30007]: pam_unix(cron:session): session closed for user root
Jun 25 22:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 25 22:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31378]: Failed password for root from 103.176.20.57 port 36328 ssh2
Jun 25 22:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31378]: Connection closed by 103.176.20.57 port 36328 [preauth]
Jun 25 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31438]: pam_unix(cron:session): session closed for user root
Jun 25 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31433]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31506]: Successful su for rubyman by root
Jun 25 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31506]: + ??? root:rubyman
Jun 25 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592880 of user rubyman.
Jun 25 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31506]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592880.
Jun 25 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session closed for user root
Jun 25 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28482]: pam_unix(cron:session): session closed for user root
Jun 25 22:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31434]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31813]: Invalid user mahdi from 102.210.149.105
Jun 25 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31813]: input_userauth_request: invalid user mahdi [preauth]
Jun 25 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31813]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31813]: Failed password for invalid user mahdi from 102.210.149.105 port 46040 ssh2
Jun 25 22:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31813]: Received disconnect from 102.210.149.105 port 46040:11: Bye Bye [preauth]
Jun 25 22:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31813]: Disconnected from 102.210.149.105 port 46040 [preauth]
Jun 25 22:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Invalid user remoto from 117.247.23.131
Jun 25 22:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: input_userauth_request: invalid user remoto [preauth]
Jun 25 22:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 22:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Failed password for invalid user remoto from 117.247.23.131 port 55888 ssh2
Jun 25 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Received disconnect from 117.247.23.131 port 55888:11: Bye Bye [preauth]
Jun 25 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Disconnected from 117.247.23.131 port 55888 [preauth]
Jun 25 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30422]: pam_unix(cron:session): session closed for user root
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31972]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32049]: Successful su for rubyman by root
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32049]: + ??? root:rubyman
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592886 of user rubyman.
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32049]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592886.
Jun 25 22:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session closed for user root
Jun 25 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30847]: pam_unix(cron:session): session closed for user root
Jun 25 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 22:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32326]: Failed password for root from 5.182.83.231 port 44434 ssh2
Jun 25 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32326]: Received disconnect from 5.182.83.231 port 44434:11: Bye Bye [preauth]
Jun 25 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32326]: Disconnected from 5.182.83.231 port 44434 [preauth]
Jun 25 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 25 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32336]: Failed password for root from 103.77.242.62 port 42674 ssh2
Jun 25 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32336]: Connection closed by 103.77.242.62 port 42674 [preauth]
Jun 25 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32391]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: Successful su for rubyman by root
Jun 25 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: + ??? root:rubyman
Jun 25 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592891 of user rubyman.
Jun 25 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592891.
Jun 25 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29458]: pam_unix(cron:session): session closed for user root
Jun 25 22:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32392]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: Invalid user username from 102.210.149.105
Jun 25 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: input_userauth_request: invalid user username [preauth]
Jun 25 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.149.105
Jun 25 22:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: Failed password for invalid user username from 102.210.149.105 port 33818 ssh2
Jun 25 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: Received disconnect from 102.210.149.105 port 33818:11: Bye Bye [preauth]
Jun 25 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32713]: Disconnected from 102.210.149.105 port 33818 [preauth]
Jun 25 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session closed for user root
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[340]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: Successful su for rubyman by root
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: + ??? root:rubyman
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592894 of user rubyman.
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592894.
Jun 25 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session closed for user root
Jun 25 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[341]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session closed for user root
Jun 25 22:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: Invalid user testuser from 5.182.83.231
Jun 25 22:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: input_userauth_request: invalid user testuser [preauth]
Jun 25 22:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231
Jun 25 22:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: Failed password for invalid user testuser from 5.182.83.231 port 48488 ssh2
Jun 25 22:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: Received disconnect from 5.182.83.231 port 48488:11: Bye Bye [preauth]
Jun 25 22:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[893]: Disconnected from 5.182.83.231 port 48488 [preauth]
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[897]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[966]: Successful su for rubyman by root
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[966]: + ??? root:rubyman
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592898 of user rubyman.
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[966]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592898.
Jun 25 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30421]: pam_unix(cron:session): session closed for user root
Jun 25 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[898]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Invalid user debian from 117.247.23.131
Jun 25 22:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: input_userauth_request: invalid user debian [preauth]
Jun 25 22:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.247.23.131
Jun 25 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Failed password for invalid user debian from 117.247.23.131 port 47760 ssh2
Jun 25 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Received disconnect from 117.247.23.131 port 47760:11: Bye Bye [preauth]
Jun 25 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Disconnected from 117.247.23.131 port 47760 [preauth]
Jun 25 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32394]: pam_unix(cron:session): session closed for user root
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1376]: pam_unix(cron:session): session closed for user root
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1476]: Successful su for rubyman by root
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1476]: + ??? root:rubyman
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592902 of user rubyman.
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1476]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592902.
Jun 25 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session closed for user root
Jun 25 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30845]: pam_unix(cron:session): session closed for user root
Jun 25 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 25 22:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Failed password for root from 103.15.222.183 port 44670 ssh2
Jun 25 22:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Connection closed by 103.15.222.183 port 44670 [preauth]
Jun 25 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[343]: pam_unix(cron:session): session closed for user root
Jun 25 22:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 25 22:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: Failed password for root from 77.94.47.83 port 33868 ssh2
Jun 25 22:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: Connection closed by 77.94.47.83 port 33868 [preauth]
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1962]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2067]: Successful su for rubyman by root
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2067]: + ??? root:rubyman
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592908 of user rubyman.
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2067]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592908.
Jun 25 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session closed for user root
Jun 25 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1963]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.182.83.231  user=root
Jun 25 22:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Failed password for root from 5.182.83.231 port 34950 ssh2
Jun 25 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Received disconnect from 5.182.83.231 port 34950:11: Bye Bye [preauth]
Jun 25 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Disconnected from 5.182.83.231 port 34950 [preauth]
Jun 25 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session closed for user root
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2424]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2489]: Successful su for rubyman by root
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2489]: + ??? root:rubyman
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592912 of user rubyman.
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2489]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592912.
Jun 25 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31975]: pam_unix(cron:session): session closed for user root
Jun 25 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2425]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1375]: pam_unix(cron:session): session closed for user root
Jun 25 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 25 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: Failed password for root from 103.172.78.219 port 49424 ssh2
Jun 25 22:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: Connection closed by 103.172.78.219 port 49424 [preauth]
Jun 25 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2856]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2917]: Successful su for rubyman by root
Jun 25 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2917]: + ??? root:rubyman
Jun 25 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592917 of user rubyman.
Jun 25 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2917]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592917.
Jun 25 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32393]: pam_unix(cron:session): session closed for user root
Jun 25 22:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2857]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Connection closed by 98.22.234.53 port 55338 [preauth]
Jun 25 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1965]: pam_unix(cron:session): session closed for user root
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3243]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3306]: Successful su for rubyman by root
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3306]: + ??? root:rubyman
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592921 of user rubyman.
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3306]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592921.
Jun 25 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[342]: pam_unix(cron:session): session closed for user root
Jun 25 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3244]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2427]: pam_unix(cron:session): session closed for user root
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3641]: pam_unix(cron:session): session closed for user root
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: Successful su for rubyman by root
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: + ??? root:rubyman
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592929 of user rubyman.
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592929.
Jun 25 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3638]: pam_unix(cron:session): session closed for user root
Jun 25 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session closed for user root
Jun 25 22:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3637]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2859]: pam_unix(cron:session): session closed for user root
Jun 25 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 25 22:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Failed password for root from 193.37.70.224 port 42258 ssh2
Jun 25 22:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Connection closed by 193.37.70.224 port 42258 [preauth]
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4280]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4357]: Successful su for rubyman by root
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4357]: + ??? root:rubyman
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592931 of user rubyman.
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4357]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592931.
Jun 25 22:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session closed for user root
Jun 25 22:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3247]: pam_unix(cron:session): session closed for user root
Jun 25 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4693]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4783]: Successful su for rubyman by root
Jun 25 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4783]: + ??? root:rubyman
Jun 25 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592934 of user rubyman.
Jun 25 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4783]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592934.
Jun 25 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1964]: pam_unix(cron:session): session closed for user root
Jun 25 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 25 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: Failed password for root from 87.251.79.125 port 42326 ssh2
Jun 25 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5020]: Connection closed by 87.251.79.125 port 42326 [preauth]
Jun 25 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4694]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3640]: pam_unix(cron:session): session closed for user root
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5198]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5264]: Successful su for rubyman by root
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5264]: + ??? root:rubyman
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592939 of user rubyman.
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5264]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592939.
Jun 25 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2426]: pam_unix(cron:session): session closed for user root
Jun 25 22:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5199]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session closed for user root
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5670]: Successful su for rubyman by root
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5670]: + ??? root:rubyman
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592942 of user rubyman.
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5670]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592942.
Jun 25 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2858]: pam_unix(cron:session): session closed for user root
Jun 25 22:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5613]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 25 22:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: Failed password for root from 62.133.62.83 port 59526 ssh2
Jun 25 22:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: Connection closed by 62.133.62.83 port 59526 [preauth]
Jun 25 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session closed for user root
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session closed for user root
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6063]: Successful su for rubyman by root
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6063]: + ??? root:rubyman
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592949 of user rubyman.
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6063]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592949.
Jun 25 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session closed for user root
Jun 25 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3246]: pam_unix(cron:session): session closed for user root
Jun 25 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5201]: pam_unix(cron:session): session closed for user root
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6481]: Successful su for rubyman by root
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6481]: + ??? root:rubyman
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592953 of user rubyman.
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6481]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592953.
Jun 25 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3639]: pam_unix(cron:session): session closed for user root
Jun 25 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 25 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6418]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6628]: Failed password for root from 51.250.105.222 port 52170 ssh2
Jun 25 22:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6628]: Connection closed by 51.250.105.222 port 52170 [preauth]
Jun 25 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5615]: pam_unix(cron:session): session closed for user root
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6830]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6899]: Successful su for rubyman by root
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6899]: + ??? root:rubyman
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592957 of user rubyman.
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6899]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592957.
Jun 25 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session closed for user root
Jun 25 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6831]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 25 22:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: Failed password for root from 103.27.238.120 port 38210 ssh2
Jun 25 22:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: Connection closed by 103.27.238.120 port 38210 [preauth]
Jun 25 22:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: Invalid user admin from 34.14.26.255
Jun 25 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: input_userauth_request: invalid user admin [preauth]
Jun 25 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.14.26.255
Jun 25 22:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: Failed password for invalid user admin from 34.14.26.255 port 2908 ssh2
Jun 25 22:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: Connection closed by 34.14.26.255 port 2908 [preauth]
Jun 25 22:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7189]: Connection closed by 34.14.26.255 port 2900 [preauth]
Jun 25 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Did not receive identification string from 35.195.199.109
Jun 25 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 25 22:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: Failed password for root from 103.153.68.219 port 54282 ssh2
Jun 25 22:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: Connection closed by 103.153.68.219 port 54282 [preauth]
Jun 25 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6001]: pam_unix(cron:session): session closed for user root
Jun 25 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Invalid user qzmmo from 35.195.199.109
Jun 25 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: input_userauth_request: invalid user qzmmo [preauth]
Jun 25 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Connection closed by 35.195.199.109 port 14062 [preauth]
Jun 25 22:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 25 22:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Failed password for root from 194.113.233.25 port 58022 ssh2
Jun 25 22:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Connection closed by 194.113.233.25 port 58022 [preauth]
Jun 25 22:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Did not receive identification string from 35.195.199.109
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7344]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: Successful su for rubyman by root
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: + ??? root:rubyman
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592961 of user rubyman.
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592961.
Jun 25 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4695]: pam_unix(cron:session): session closed for user root
Jun 25 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7345]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session closed for user root
Jun 25 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7834]: pam_unix(cron:session): session closed for user p13x
Jun 25 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7892]: Successful su for rubyman by root
Jun 25 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7892]: + ??? root:rubyman
Jun 25 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592965 of user rubyman.
Jun 25 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7892]: pam_unix(su:session): session closed for user rubyman
Jun 25 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592965.
Jun 25 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5200]: pam_unix(cron:session): session closed for user root
Jun 25 22:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7835]: pam_unix(cron:session): session closed for user samftp
Jun 25 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session closed for user root
Jun 25 22:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 22:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 25 22:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Failed password for root from 109.237.96.109 port 41648 ssh2
Jun 25 22:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Connection closed by 109.237.96.109 port 41648 [preauth]
Jun 25 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session closed for user root
Jun 25 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8221]: pam_unix(cron:session): session closed for user root
Jun 25 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8219]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8310]: Successful su for rubyman by root
Jun 25 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8310]: + ??? root:rubyman
Jun 25 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592972 of user rubyman.
Jun 25 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8310]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592972.
Jun 25 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session closed for user root
Jun 25 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session closed for user root
Jun 25 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8220]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 25 23:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: Failed password for root from 147.45.199.80 port 37142 ssh2
Jun 25 23:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8594]: Connection closed by 147.45.199.80 port 37142 [preauth]
Jun 25 23:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7347]: pam_unix(cron:session): session closed for user root
Jun 25 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8719]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8788]: Successful su for rubyman by root
Jun 25 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8788]: + ??? root:rubyman
Jun 25 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592976 of user rubyman.
Jun 25 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8788]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592976.
Jun 25 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session closed for user root
Jun 25 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8720]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7837]: pam_unix(cron:session): session closed for user root
Jun 25 23:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9180]: Successful su for rubyman by root
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9180]: + ??? root:rubyman
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592980 of user rubyman.
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9180]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592980.
Jun 25 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6419]: pam_unix(cron:session): session closed for user root
Jun 25 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: Failed password for root from 202.178.126.219 port 46667 ssh2
Jun 25 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: Connection closed by 202.178.126.219 port 46667 [preauth]
Jun 25 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9123]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 25 23:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8224]: pam_unix(cron:session): session closed for user root
Jun 25 23:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: Failed password for root from 89.223.69.22 port 40104 ssh2
Jun 25 23:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: Connection closed by 89.223.69.22 port 40104 [preauth]
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9568]: Successful su for rubyman by root
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9568]: + ??? root:rubyman
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592985 of user rubyman.
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9568]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592985.
Jun 25 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session closed for user root
Jun 25 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8724]: pam_unix(cron:session): session closed for user root
Jun 25 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10084]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10148]: Successful su for rubyman by root
Jun 25 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10148]: + ??? root:rubyman
Jun 25 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592989 of user rubyman.
Jun 25 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10148]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592989.
Jun 25 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7346]: pam_unix(cron:session): session closed for user root
Jun 25 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10085]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9125]: pam_unix(cron:session): session closed for user root
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10583]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10584]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10586]: pam_unix(cron:session): session closed for user root
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10580]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10656]: Successful su for rubyman by root
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10656]: + ??? root:rubyman
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592991 of user rubyman.
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10656]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592991.
Jun 25 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10583]: pam_unix(cron:session): session closed for user root
Jun 25 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7836]: pam_unix(cron:session): session closed for user root
Jun 25 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Failed password for root from 141.98.83.240 port 10578 ssh2
Jun 25 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10581]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Failed password for root from 141.98.83.240 port 10578 ssh2
Jun 25 23:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Failed password for root from 141.98.83.240 port 10578 ssh2
Jun 25 23:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Connection closed by 141.98.83.240 port 10578 [preauth]
Jun 25 23:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 25 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9511]: pam_unix(cron:session): session closed for user root
Jun 25 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11034]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11106]: Successful su for rubyman by root
Jun 25 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11106]: + ??? root:rubyman
Jun 25 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 592997 of user rubyman.
Jun 25 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11106]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 592997.
Jun 25 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8223]: pam_unix(cron:session): session closed for user root
Jun 25 23:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11035]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10088]: pam_unix(cron:session): session closed for user root
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11472]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11534]: Successful su for rubyman by root
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11534]: + ??? root:rubyman
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593001 of user rubyman.
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11534]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593001.
Jun 25 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8723]: pam_unix(cron:session): session closed for user root
Jun 25 23:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session closed for user root
Jun 25 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: Successful su for rubyman by root
Jun 25 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: + ??? root:rubyman
Jun 25 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593006 of user rubyman.
Jun 25 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593006.
Jun 25 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9124]: pam_unix(cron:session): session closed for user root
Jun 25 23:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11903]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 25 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Failed password for root from 103.77.175.15 port 43922 ssh2
Jun 25 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Connection closed by 103.77.175.15 port 43922 [preauth]
Jun 25 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11037]: pam_unix(cron:session): session closed for user root
Jun 25 23:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: Invalid user tomcat from 193.46.255.86
Jun 25 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: input_userauth_request: invalid user tomcat [preauth]
Jun 25 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12446]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12563]: Successful su for rubyman by root
Jun 25 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12563]: + ??? root:rubyman
Jun 25 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593010 of user rubyman.
Jun 25 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12563]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593010.
Jun 25 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: Failed password for invalid user tomcat from 193.46.255.86 port 40174 ssh2
Jun 25 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12444]: pam_unix(cron:session): session closed for user root
Jun 25 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: Failed password for invalid user tomcat from 193.46.255.86 port 40174 ssh2
Jun 25 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9510]: pam_unix(cron:session): session closed for user root
Jun 25 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: Failed password for invalid user tomcat from 193.46.255.86 port 40174 ssh2
Jun 25 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: Connection closed by 193.46.255.86 port 40174 [preauth]
Jun 25 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 25 23:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22  user=root
Jun 25 23:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Failed password for root from 45.123.217.22 port 42424 ssh2
Jun 25 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Received disconnect from 45.123.217.22 port 42424:11: Bye Bye [preauth]
Jun 25 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Disconnected from 45.123.217.22 port 42424 [preauth]
Jun 25 23:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11472]: pam_unix(cron:session): session closed for user root
Jun 25 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12960]: pam_unix(cron:session): session closed for user root
Jun 25 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12955]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13025]: Successful su for rubyman by root
Jun 25 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13025]: + ??? root:rubyman
Jun 25 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593017 of user rubyman.
Jun 25 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13025]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593017.
Jun 25 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12957]: pam_unix(cron:session): session closed for user root
Jun 25 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10087]: pam_unix(cron:session): session closed for user root
Jun 25 23:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12956]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session closed for user root
Jun 25 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13461]: Successful su for rubyman by root
Jun 25 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13461]: + ??? root:rubyman
Jun 25 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593021 of user rubyman.
Jun 25 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13461]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593021.
Jun 25 23:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10584]: pam_unix(cron:session): session closed for user root
Jun 25 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12450]: pam_unix(cron:session): session closed for user root
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13860]: Successful su for rubyman by root
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13860]: + ??? root:rubyman
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593025 of user rubyman.
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13860]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593025.
Jun 25 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11036]: pam_unix(cron:session): session closed for user root
Jun 25 23:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13802]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12959]: pam_unix(cron:session): session closed for user root
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: Successful su for rubyman by root
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: + ??? root:rubyman
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593028 of user rubyman.
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593028.
Jun 25 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11471]: pam_unix(cron:session): session closed for user root
Jun 25 23:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13399]: pam_unix(cron:session): session closed for user root
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14686]: Successful su for rubyman by root
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14686]: + ??? root:rubyman
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593032 of user rubyman.
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14686]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593032.
Jun 25 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session closed for user root
Jun 25 23:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14587]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13804]: pam_unix(cron:session): session closed for user root
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session closed for user root
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15147]: Successful su for rubyman by root
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15147]: + ??? root:rubyman
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593036 of user rubyman.
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15147]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593036.
Jun 25 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15073]: pam_unix(cron:session): session closed for user root
Jun 25 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session closed for user root
Jun 25 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session closed for user root
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15493]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: Successful su for rubyman by root
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: + ??? root:rubyman
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593042 of user rubyman.
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593042.
Jun 25 23:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12958]: pam_unix(cron:session): session closed for user root
Jun 25 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15495]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session closed for user root
Jun 25 23:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15897]: pam_unix(cron:session): session closed for user root
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15959]: Successful su for rubyman by root
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15959]: + ??? root:rubyman
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593047 of user rubyman.
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15959]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593047.
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: Failed password for root from 80.66.85.226 port 57072 ssh2
Jun 25 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: Connection closed by 80.66.85.226 port 57072 [preauth]
Jun 25 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13398]: pam_unix(cron:session): session closed for user root
Jun 25 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session closed for user root
Jun 25 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: Successful su for rubyman by root
Jun 25 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: + ??? root:rubyman
Jun 25 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593051 of user rubyman.
Jun 25 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593051.
Jun 25 23:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13803]: pam_unix(cron:session): session closed for user root
Jun 25 23:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15498]: pam_unix(cron:session): session closed for user root
Jun 25 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: Invalid user amax from 45.123.217.22
Jun 25 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: input_userauth_request: invalid user amax [preauth]
Jun 25 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 25 23:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: Failed password for invalid user amax from 45.123.217.22 port 41648 ssh2
Jun 25 23:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: Received disconnect from 45.123.217.22 port 41648:11: Bye Bye [preauth]
Jun 25 23:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: Disconnected from 45.123.217.22 port 41648 [preauth]
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16676]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16734]: Successful su for rubyman by root
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16734]: + ??? root:rubyman
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593055 of user rubyman.
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16734]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593055.
Jun 25 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session closed for user root
Jun 25 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16677]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 25 23:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: Failed password for root from 38.93.206.2 port 1194 ssh2
Jun 25 23:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: Connection closed by 38.93.206.2 port 1194 [preauth]
Jun 25 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15902]: pam_unix(cron:session): session closed for user root
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17180]: pam_unix(cron:session): session closed for user root
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17175]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17239]: Successful su for rubyman by root
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17239]: + ??? root:rubyman
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593059 of user rubyman.
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17239]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593059.
Jun 25 23:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session closed for user root
Jun 25 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14588]: pam_unix(cron:session): session closed for user root
Jun 25 23:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17176]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session closed for user root
Jun 25 23:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Invalid user fr from 2.27.20.149
Jun 25 23:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: input_userauth_request: invalid user fr [preauth]
Jun 25 23:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Failed password for invalid user fr from 2.27.20.149 port 54542 ssh2
Jun 25 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Received disconnect from 2.27.20.149 port 54542:11: Bye Bye [preauth]
Jun 25 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Disconnected from 2.27.20.149 port 54542 [preauth]
Jun 25 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17613]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17766]: Successful su for rubyman by root
Jun 25 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17766]: + ??? root:rubyman
Jun 25 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593066 of user rubyman.
Jun 25 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17766]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593066.
Jun 25 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15074]: pam_unix(cron:session): session closed for user root
Jun 25 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Invalid user ubuntu from 45.123.217.22
Jun 25 23:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 23:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 25 23:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Failed password for invalid user ubuntu from 45.123.217.22 port 52196 ssh2
Jun 25 23:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Received disconnect from 45.123.217.22 port 52196:11: Bye Bye [preauth]
Jun 25 23:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Disconnected from 45.123.217.22 port 52196 [preauth]
Jun 25 23:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session closed for user root
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18128]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18126]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18191]: Successful su for rubyman by root
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18191]: + ??? root:rubyman
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593071 of user rubyman.
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18191]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593071.
Jun 25 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15496]: pam_unix(cron:session): session closed for user root
Jun 25 23:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18127]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17179]: pam_unix(cron:session): session closed for user root
Jun 25 23:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149  user=root
Jun 25 23:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Failed password for root from 2.27.20.149 port 52962 ssh2
Jun 25 23:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Received disconnect from 2.27.20.149 port 52962:11: Bye Bye [preauth]
Jun 25 23:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18610]: Disconnected from 2.27.20.149 port 52962 [preauth]
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18704]: Successful su for rubyman by root
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18704]: + ??? root:rubyman
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593073 of user rubyman.
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18704]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593073.
Jun 25 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session closed for user root
Jun 25 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17616]: pam_unix(cron:session): session closed for user root
Jun 25 23:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18555]: Did not receive identification string from 111.70.1.128
Jun 25 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19061]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19119]: Successful su for rubyman by root
Jun 25 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19119]: + ??? root:rubyman
Jun 25 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593079 of user rubyman.
Jun 25 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19119]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593079.
Jun 25 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session closed for user root
Jun 25 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19059]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149  user=root
Jun 25 23:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Failed password for root from 2.27.20.149 port 43704 ssh2
Jun 25 23:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Received disconnect from 2.27.20.149 port 43704:11: Bye Bye [preauth]
Jun 25 23:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Disconnected from 2.27.20.149 port 43704 [preauth]
Jun 25 23:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22  user=root
Jun 25 23:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: Failed password for root from 45.123.217.22 port 45414 ssh2
Jun 25 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: Received disconnect from 45.123.217.22 port 45414:11: Bye Bye [preauth]
Jun 25 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: Disconnected from 45.123.217.22 port 45414 [preauth]
Jun 25 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18129]: pam_unix(cron:session): session closed for user root
Jun 25 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19759]: pam_unix(cron:session): session closed for user root
Jun 25 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19754]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19843]: Successful su for rubyman by root
Jun 25 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19843]: + ??? root:rubyman
Jun 25 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593084 of user rubyman.
Jun 25 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19843]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593084.
Jun 25 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session closed for user root
Jun 25 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19756]: pam_unix(cron:session): session closed for user root
Jun 25 23:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19755]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18641]: pam_unix(cron:session): session closed for user root
Jun 25 23:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Invalid user theo from 2.27.20.149
Jun 25 23:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: input_userauth_request: invalid user theo [preauth]
Jun 25 23:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Failed password for invalid user theo from 2.27.20.149 port 57278 ssh2
Jun 25 23:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Received disconnect from 2.27.20.149 port 57278:11: Bye Bye [preauth]
Jun 25 23:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Disconnected from 2.27.20.149 port 57278 [preauth]
Jun 25 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20375]: Successful su for rubyman by root
Jun 25 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20375]: + ??? root:rubyman
Jun 25 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593088 of user rubyman.
Jun 25 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20375]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593088.
Jun 25 23:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17178]: pam_unix(cron:session): session closed for user root
Jun 25 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20299]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19061]: pam_unix(cron:session): session closed for user root
Jun 25 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20809]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20806]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20870]: Successful su for rubyman by root
Jun 25 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20870]: + ??? root:rubyman
Jun 25 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593091 of user rubyman.
Jun 25 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20870]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593091.
Jun 25 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Invalid user admin from 2.57.121.25
Jun 25 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: input_userauth_request: invalid user admin [preauth]
Jun 25 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17615]: pam_unix(cron:session): session closed for user root
Jun 25 23:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20807]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Failed password for invalid user admin from 2.57.121.25 port 6926 ssh2
Jun 25 23:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Failed password for invalid user admin from 2.57.121.25 port 6926 ssh2
Jun 25 23:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Failed password for invalid user admin from 2.57.121.25 port 6926 ssh2
Jun 25 23:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Connection closed by 2.57.121.25 port 6926 [preauth]
Jun 25 23:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 25 23:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Invalid user vamshi from 45.123.217.22
Jun 25 23:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: input_userauth_request: invalid user vamshi [preauth]
Jun 25 23:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 25 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Failed password for invalid user vamshi from 45.123.217.22 port 54006 ssh2
Jun 25 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19758]: pam_unix(cron:session): session closed for user root
Jun 25 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Received disconnect from 45.123.217.22 port 54006:11: Bye Bye [preauth]
Jun 25 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Disconnected from 45.123.217.22 port 54006 [preauth]
Jun 25 23:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149  user=root
Jun 25 23:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: Failed password for root from 2.27.20.149 port 35846 ssh2
Jun 25 23:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: Received disconnect from 2.27.20.149 port 35846:11: Bye Bye [preauth]
Jun 25 23:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: Disconnected from 2.27.20.149 port 35846 [preauth]
Jun 25 23:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Bad protocol version identification 'GET / HTTP/1.1' from 172.104.11.51 port 31784
Jun 25 23:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Bad protocol version identification '\026\003\001' from 172.104.11.51 port 31796
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21221]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21219]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21280]: Successful su for rubyman by root
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21280]: + ??? root:rubyman
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593095 of user rubyman.
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21280]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593095.
Jun 25 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18128]: pam_unix(cron:session): session closed for user root
Jun 25 23:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21220]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20301]: pam_unix(cron:session): session closed for user root
Jun 25 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21648]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: Successful su for rubyman by root
Jun 25 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: + ??? root:rubyman
Jun 25 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593100 of user rubyman.
Jun 25 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21719]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593100.
Jun 25 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18640]: pam_unix(cron:session): session closed for user root
Jun 25 23:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21650]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: Invalid user builder from 2.27.20.149
Jun 25 23:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: input_userauth_request: invalid user builder [preauth]
Jun 25 23:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: Failed password for invalid user builder from 2.27.20.149 port 36700 ssh2
Jun 25 23:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: Received disconnect from 2.27.20.149 port 36700:11: Bye Bye [preauth]
Jun 25 23:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: Disconnected from 2.27.20.149 port 36700 [preauth]
Jun 25 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20809]: pam_unix(cron:session): session closed for user root
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22057]: pam_unix(cron:session): session closed for user root
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22052]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22124]: Successful su for rubyman by root
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22124]: + ??? root:rubyman
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593103 of user rubyman.
Jun 25 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22124]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593103.
Jun 25 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session closed for user root
Jun 25 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19060]: pam_unix(cron:session): session closed for user root
Jun 25 23:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22053]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Invalid user dolphinscheduler from 45.123.217.22
Jun 25 23:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: input_userauth_request: invalid user dolphinscheduler [preauth]
Jun 25 23:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 25 23:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session closed for user root
Jun 25 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 25 23:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Failed password for invalid user dolphinscheduler from 45.123.217.22 port 57654 ssh2
Jun 25 23:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Received disconnect from 45.123.217.22 port 57654:11: Bye Bye [preauth]
Jun 25 23:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Disconnected from 45.123.217.22 port 57654 [preauth]
Jun 25 23:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22501]: Failed password for root from 103.27.238.114 port 56976 ssh2
Jun 25 23:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22501]: Connection closed by 103.27.238.114 port 56976 [preauth]
Jun 25 23:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22530]: Connection closed by 194.59.206.2 port 35548 [preauth]
Jun 25 23:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: Invalid user ubuntu from 2.27.20.149
Jun 25 23:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: input_userauth_request: invalid user ubuntu [preauth]
Jun 25 23:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: Failed password for invalid user ubuntu from 2.27.20.149 port 54088 ssh2
Jun 25 23:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: Received disconnect from 2.27.20.149 port 54088:11: Bye Bye [preauth]
Jun 25 23:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: Disconnected from 2.27.20.149 port 54088 [preauth]
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22583]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: Successful su for rubyman by root
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: + ??? root:rubyman
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593109 of user rubyman.
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593109.
Jun 25 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22585]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19757]: pam_unix(cron:session): session closed for user root
Jun 25 23:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 25 23:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22879]: Failed password for root from 103.82.132.16 port 47564 ssh2
Jun 25 23:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22879]: Connection closed by 103.82.132.16 port 47564 [preauth]
Jun 25 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21652]: pam_unix(cron:session): session closed for user root
Jun 25 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23005]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23063]: Successful su for rubyman by root
Jun 25 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23063]: + ??? root:rubyman
Jun 25 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593113 of user rubyman.
Jun 25 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23063]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593113.
Jun 25 23:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20300]: pam_unix(cron:session): session closed for user root
Jun 25 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: Invalid user user from 141.98.83.240
Jun 25 23:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: input_userauth_request: invalid user user [preauth]
Jun 25 23:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 23:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: Failed password for invalid user user from 141.98.83.240 port 28040 ssh2
Jun 25 23:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: Failed password for invalid user user from 141.98.83.240 port 28040 ssh2
Jun 25 23:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: Failed password for invalid user user from 141.98.83.240 port 28040 ssh2
Jun 25 23:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: Connection closed by 141.98.83.240 port 28040 [preauth]
Jun 25 23:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 23:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23325]: Invalid user khalid from 2.27.20.149
Jun 25 23:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23325]: input_userauth_request: invalid user khalid [preauth]
Jun 25 23:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23325]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23325]: Failed password for invalid user khalid from 2.27.20.149 port 45002 ssh2
Jun 25 23:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23325]: Received disconnect from 2.27.20.149 port 45002:11: Bye Bye [preauth]
Jun 25 23:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23325]: Disconnected from 2.27.20.149 port 45002 [preauth]
Jun 25 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session closed for user root
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23421]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23481]: Successful su for rubyman by root
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23481]: + ??? root:rubyman
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593118 of user rubyman.
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23481]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593118.
Jun 25 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20808]: pam_unix(cron:session): session closed for user root
Jun 25 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23422]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: Invalid user transfer from 45.123.217.22
Jun 25 23:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: input_userauth_request: invalid user transfer [preauth]
Jun 25 23:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 25 23:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: Failed password for invalid user transfer from 45.123.217.22 port 47930 ssh2
Jun 25 23:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: Received disconnect from 45.123.217.22 port 47930:11: Bye Bye [preauth]
Jun 25 23:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: Disconnected from 45.123.217.22 port 47930 [preauth]
Jun 25 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22588]: pam_unix(cron:session): session closed for user root
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23934]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23932]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23996]: Successful su for rubyman by root
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23996]: + ??? root:rubyman
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593121 of user rubyman.
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23996]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593121.
Jun 25 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21221]: pam_unix(cron:session): session closed for user root
Jun 25 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23933]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: Invalid user vpn from 2.27.20.149
Jun 25 23:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: input_userauth_request: invalid user vpn [preauth]
Jun 25 23:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: Failed password for invalid user vpn from 2.27.20.149 port 52818 ssh2
Jun 25 23:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: Received disconnect from 2.27.20.149 port 52818:11: Bye Bye [preauth]
Jun 25 23:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: Disconnected from 2.27.20.149 port 52818 [preauth]
Jun 25 23:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session closed for user root
Jun 25 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24370]: pam_unix(cron:session): session closed for user root
Jun 25 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24365]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: Successful su for rubyman by root
Jun 25 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: + ??? root:rubyman
Jun 25 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593128 of user rubyman.
Jun 25 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593128.
Jun 25 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session closed for user root
Jun 25 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21651]: pam_unix(cron:session): session closed for user root
Jun 25 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23424]: pam_unix(cron:session): session closed for user root
Jun 25 23:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24802]: Invalid user guest from 2.27.20.149
Jun 25 23:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24802]: input_userauth_request: invalid user guest [preauth]
Jun 25 23:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24802]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24802]: Failed password for invalid user guest from 2.27.20.149 port 59864 ssh2
Jun 25 23:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24802]: Received disconnect from 2.27.20.149 port 59864:11: Bye Bye [preauth]
Jun 25 23:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24802]: Disconnected from 2.27.20.149 port 59864 [preauth]
Jun 25 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24821]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24885]: Successful su for rubyman by root
Jun 25 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24885]: + ??? root:rubyman
Jun 25 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593131 of user rubyman.
Jun 25 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24885]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593131.
Jun 25 23:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session closed for user root
Jun 25 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24822]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22  user=root
Jun 25 23:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: Failed password for root from 45.123.217.22 port 40154 ssh2
Jun 25 23:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: Received disconnect from 45.123.217.22 port 40154:11: Bye Bye [preauth]
Jun 25 23:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: Disconnected from 45.123.217.22 port 40154 [preauth]
Jun 25 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23935]: pam_unix(cron:session): session closed for user root
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25226]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25283]: Successful su for rubyman by root
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25283]: + ??? root:rubyman
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593135 of user rubyman.
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25283]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593135.
Jun 25 23:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22586]: pam_unix(cron:session): session closed for user root
Jun 25 23:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25227]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149  user=root
Jun 25 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24369]: pam_unix(cron:session): session closed for user root
Jun 25 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: Failed password for root from 2.27.20.149 port 33284 ssh2
Jun 25 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: Received disconnect from 2.27.20.149 port 33284:11: Bye Bye [preauth]
Jun 25 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: Disconnected from 2.27.20.149 port 33284 [preauth]
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25676]: Successful su for rubyman by root
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25676]: + ??? root:rubyman
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593139 of user rubyman.
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25676]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593139.
Jun 25 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session closed for user root
Jun 25 23:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24824]: pam_unix(cron:session): session closed for user root
Jun 25 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26007]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26004]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: Successful su for rubyman by root
Jun 25 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: + ??? root:rubyman
Jun 25 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593143 of user rubyman.
Jun 25 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593143.
Jun 25 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26002]: pam_unix(cron:session): session closed for user root
Jun 25 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23423]: pam_unix(cron:session): session closed for user root
Jun 25 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26005]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149  user=root
Jun 25 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Failed password for root from 2.27.20.149 port 56724 ssh2
Jun 25 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Received disconnect from 2.27.20.149 port 56724:11: Bye Bye [preauth]
Jun 25 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Disconnected from 2.27.20.149 port 56724 [preauth]
Jun 25 23:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Invalid user robot from 45.123.217.22
Jun 25 23:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: input_userauth_request: invalid user robot [preauth]
Jun 25 23:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 25 23:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Failed password for invalid user robot from 45.123.217.22 port 38658 ssh2
Jun 25 23:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Received disconnect from 45.123.217.22 port 38658:11: Bye Bye [preauth]
Jun 25 23:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Disconnected from 45.123.217.22 port 38658 [preauth]
Jun 25 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25229]: pam_unix(cron:session): session closed for user root
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26494]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26494]: pam_unix(cron:session): session closed for user root
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26488]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26556]: Successful su for rubyman by root
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26556]: + ??? root:rubyman
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593149 of user rubyman.
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26556]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593149.
Jun 25 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26490]: pam_unix(cron:session): session closed for user root
Jun 25 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23934]: pam_unix(cron:session): session closed for user root
Jun 25 23:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26489]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25615]: pam_unix(cron:session): session closed for user root
Jun 25 23:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149  user=root
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26997]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27065]: Successful su for rubyman by root
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27065]: + ??? root:rubyman
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593154 of user rubyman.
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27065]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593154.
Jun 25 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: Failed password for root from 2.27.20.149 port 43988 ssh2
Jun 25 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: Received disconnect from 2.27.20.149 port 43988:11: Bye Bye [preauth]
Jun 25 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: Disconnected from 2.27.20.149 port 43988 [preauth]
Jun 25 23:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24368]: pam_unix(cron:session): session closed for user root
Jun 25 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26998]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26007]: pam_unix(cron:session): session closed for user root
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27426]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: Successful su for rubyman by root
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: + ??? root:rubyman
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593159 of user rubyman.
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593159.
Jun 25 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24823]: pam_unix(cron:session): session closed for user root
Jun 25 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27427]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Invalid user test from 45.123.217.22
Jun 25 23:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: input_userauth_request: invalid user test [preauth]
Jun 25 23:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 25 23:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Failed password for invalid user test from 45.123.217.22 port 37568 ssh2
Jun 25 23:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Received disconnect from 45.123.217.22 port 37568:11: Bye Bye [preauth]
Jun 25 23:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Disconnected from 45.123.217.22 port 37568 [preauth]
Jun 25 23:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26492]: pam_unix(cron:session): session closed for user root
Jun 25 23:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 25 23:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Failed password for root from 202.178.126.219 port 58112 ssh2
Jun 25 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Connection closed by 202.178.126.219 port 58112 [preauth]
Jun 25 23:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: Invalid user administrator from 2.27.20.149
Jun 25 23:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: input_userauth_request: invalid user administrator [preauth]
Jun 25 23:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: Failed password for invalid user administrator from 2.27.20.149 port 33270 ssh2
Jun 25 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: Received disconnect from 2.27.20.149 port 33270:11: Bye Bye [preauth]
Jun 25 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: Disconnected from 2.27.20.149 port 33270 [preauth]
Jun 25 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27903]: Successful su for rubyman by root
Jun 25 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27903]: + ??? root:rubyman
Jun 25 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593162 of user rubyman.
Jun 25 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27903]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593162.
Jun 25 23:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25228]: pam_unix(cron:session): session closed for user root
Jun 25 23:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27000]: pam_unix(cron:session): session closed for user root
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28294]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28353]: Successful su for rubyman by root
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28353]: + ??? root:rubyman
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593167 of user rubyman.
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28353]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593167.
Jun 25 23:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25614]: pam_unix(cron:session): session closed for user root
Jun 25 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28295]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: Invalid user tester from 2.27.20.149
Jun 25 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: input_userauth_request: invalid user tester [preauth]
Jun 25 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: Failed password for invalid user tester from 2.27.20.149 port 58418 ssh2
Jun 25 23:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: Received disconnect from 2.27.20.149 port 58418:11: Bye Bye [preauth]
Jun 25 23:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: Disconnected from 2.27.20.149 port 58418 [preauth]
Jun 25 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27431]: pam_unix(cron:session): session closed for user root
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session closed for user root
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28864]: Successful su for rubyman by root
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28864]: + ??? root:rubyman
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593175 of user rubyman.
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28864]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593175.
Jun 25 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28797]: pam_unix(cron:session): session closed for user root
Jun 25 23:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26006]: pam_unix(cron:session): session closed for user root
Jun 25 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28796]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22  user=root
Jun 25 23:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: Failed password for root from 45.123.217.22 port 56268 ssh2
Jun 25 23:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: Received disconnect from 45.123.217.22 port 56268:11: Bye Bye [preauth]
Jun 25 23:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: Disconnected from 45.123.217.22 port 56268 [preauth]
Jun 25 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27840]: pam_unix(cron:session): session closed for user root
Jun 25 23:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29242]: Invalid user ghostadmin from 2.27.20.149
Jun 25 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29242]: input_userauth_request: invalid user ghostadmin [preauth]
Jun 25 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29242]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29242]: Failed password for invalid user ghostadmin from 2.27.20.149 port 34760 ssh2
Jun 25 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29242]: Received disconnect from 2.27.20.149 port 34760:11: Bye Bye [preauth]
Jun 25 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29242]: Disconnected from 2.27.20.149 port 34760 [preauth]
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29334]: Successful su for rubyman by root
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29334]: + ??? root:rubyman
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593177 of user rubyman.
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29334]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593177.
Jun 25 23:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26491]: pam_unix(cron:session): session closed for user root
Jun 25 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29262]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28297]: pam_unix(cron:session): session closed for user root
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29867]: Successful su for rubyman by root
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29867]: + ??? root:rubyman
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593180 of user rubyman.
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29867]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593180.
Jun 25 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26999]: pam_unix(cron:session): session closed for user root
Jun 25 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29796]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session closed for user root
Jun 25 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Invalid user test_user from 2.27.20.149
Jun 25 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: input_userauth_request: invalid user test_user [preauth]
Jun 25 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Failed password for invalid user test_user from 2.27.20.149 port 43620 ssh2
Jun 25 23:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Received disconnect from 2.27.20.149 port 43620:11: Bye Bye [preauth]
Jun 25 23:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Disconnected from 2.27.20.149 port 43620 [preauth]
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30287]: Successful su for rubyman by root
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30287]: + ??? root:rubyman
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593184 of user rubyman.
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30287]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593184.
Jun 25 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27430]: pam_unix(cron:session): session closed for user root
Jun 25 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Invalid user admin from 45.123.217.22
Jun 25 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: input_userauth_request: invalid user admin [preauth]
Jun 25 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 25 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Failed password for invalid user admin from 45.123.217.22 port 57436 ssh2
Jun 25 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Received disconnect from 45.123.217.22 port 57436:11: Bye Bye [preauth]
Jun 25 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Disconnected from 45.123.217.22 port 57436 [preauth]
Jun 25 23:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 25 23:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: Failed password for root from 103.27.238.116 port 43224 ssh2
Jun 25 23:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: Connection closed by 103.27.238.116 port 43224 [preauth]
Jun 25 23:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session closed for user root
Jun 25 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30648]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30646]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30704]: Successful su for rubyman by root
Jun 25 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30704]: + ??? root:rubyman
Jun 25 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593188 of user rubyman.
Jun 25 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30704]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593188.
Jun 25 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27839]: pam_unix(cron:session): session closed for user root
Jun 25 23:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30647]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31014]: Invalid user sbh from 2.27.20.149
Jun 25 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31014]: input_userauth_request: invalid user sbh [preauth]
Jun 25 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31014]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31014]: Failed password for invalid user sbh from 2.27.20.149 port 51744 ssh2
Jun 25 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31014]: Received disconnect from 2.27.20.149 port 51744:11: Bye Bye [preauth]
Jun 25 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31014]: Disconnected from 2.27.20.149 port 51744 [preauth]
Jun 25 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session closed for user root
Jun 25 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31145]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31140]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31145]: pam_unix(cron:session): session closed for user root
Jun 25 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31138]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: Successful su for rubyman by root
Jun 25 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: + ??? root:rubyman
Jun 25 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593195 of user rubyman.
Jun 25 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593195.
Jun 25 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31140]: pam_unix(cron:session): session closed for user root
Jun 25 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28296]: pam_unix(cron:session): session closed for user root
Jun 25 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31139]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session closed for user root
Jun 25 23:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31676]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Invalid user fabien from 2.27.20.149
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: input_userauth_request: invalid user fabien [preauth]
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31744]: Successful su for rubyman by root
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31744]: + ??? root:rubyman
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593200 of user rubyman.
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31744]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593200.
Jun 25 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Failed password for invalid user fabien from 2.27.20.149 port 60522 ssh2
Jun 25 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Received disconnect from 2.27.20.149 port 60522:11: Bye Bye [preauth]
Jun 25 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Disconnected from 2.27.20.149 port 60522 [preauth]
Jun 25 23:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28798]: pam_unix(cron:session): session closed for user root
Jun 25 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31675]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Invalid user partner from 45.123.217.22
Jun 25 23:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: input_userauth_request: invalid user partner [preauth]
Jun 25 23:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 25 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Failed password for invalid user partner from 45.123.217.22 port 50402 ssh2
Jun 25 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Received disconnect from 45.123.217.22 port 50402:11: Bye Bye [preauth]
Jun 25 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Disconnected from 45.123.217.22 port 50402 [preauth]
Jun 25 23:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30649]: pam_unix(cron:session): session closed for user root
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32163]: Successful su for rubyman by root
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32163]: + ??? root:rubyman
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593202 of user rubyman.
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32163]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593202.
Jun 25 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29263]: pam_unix(cron:session): session closed for user root
Jun 25 23:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31144]: pam_unix(cron:session): session closed for user root
Jun 25 23:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Invalid user hadoop from 2.27.20.149
Jun 25 23:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: input_userauth_request: invalid user hadoop [preauth]
Jun 25 23:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Failed password for invalid user hadoop from 2.27.20.149 port 33534 ssh2
Jun 25 23:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Received disconnect from 2.27.20.149 port 33534:11: Bye Bye [preauth]
Jun 25 23:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Disconnected from 2.27.20.149 port 33534 [preauth]
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32501]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32562]: Successful su for rubyman by root
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32562]: + ??? root:rubyman
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593206 of user rubyman.
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32562]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593206.
Jun 25 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session closed for user root
Jun 25 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32502]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31678]: pam_unix(cron:session): session closed for user root
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[578]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[650]: Successful su for rubyman by root
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[650]: + ??? root:rubyman
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593211 of user rubyman.
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[650]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593211.
Jun 25 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30230]: pam_unix(cron:session): session closed for user root
Jun 25 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[579]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: Invalid user planka from 45.123.217.22
Jun 25 23:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: input_userauth_request: invalid user planka [preauth]
Jun 25 23:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 25 23:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: Failed password for invalid user planka from 45.123.217.22 port 41448 ssh2
Jun 25 23:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: Received disconnect from 45.123.217.22 port 41448:11: Bye Bye [preauth]
Jun 25 23:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: Disconnected from 45.123.217.22 port 41448 [preauth]
Jun 25 23:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Invalid user mike from 2.27.20.149
Jun 25 23:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: input_userauth_request: invalid user mike [preauth]
Jun 25 23:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Failed password for invalid user mike from 2.27.20.149 port 34212 ssh2
Jun 25 23:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Received disconnect from 2.27.20.149 port 34212:11: Bye Bye [preauth]
Jun 25 23:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Disconnected from 2.27.20.149 port 34212 [preauth]
Jun 25 23:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32102]: pam_unix(cron:session): session closed for user root
Jun 25 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session closed for user root
Jun 25 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1017]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: Successful su for rubyman by root
Jun 25 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: + ??? root:rubyman
Jun 25 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593215 of user rubyman.
Jun 25 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593215.
Jun 25 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session closed for user root
Jun 25 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30648]: pam_unix(cron:session): session closed for user root
Jun 25 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Invalid user marion from 2.57.121.112
Jun 25 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: input_userauth_request: invalid user marion [preauth]
Jun 25 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 23:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Failed password for invalid user marion from 2.57.121.112 port 41218 ssh2
Jun 25 23:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Failed password for invalid user marion from 2.57.121.112 port 41218 ssh2
Jun 25 23:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Failed password for invalid user marion from 2.57.121.112 port 41218 ssh2
Jun 25 23:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Failed password for invalid user marion from 2.57.121.112 port 41218 ssh2
Jun 25 23:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Failed password for invalid user marion from 2.57.121.112 port 41218 ssh2
Jun 25 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Connection closed by 2.57.121.112 port 41218 [preauth]
Jun 25 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 25 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 25 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32504]: pam_unix(cron:session): session closed for user root
Jun 25 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1618]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: Successful su for rubyman by root
Jun 25 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: + ??? root:rubyman
Jun 25 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593220 of user rubyman.
Jun 25 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593220.
Jun 25 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31143]: pam_unix(cron:session): session closed for user root
Jun 25 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1619]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Invalid user debian from 2.27.20.149
Jun 25 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: input_userauth_request: invalid user debian [preauth]
Jun 25 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Failed password for invalid user debian from 2.27.20.149 port 45740 ssh2
Jun 25 23:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Received disconnect from 2.27.20.149 port 45740:11: Bye Bye [preauth]
Jun 25 23:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Disconnected from 2.27.20.149 port 45740 [preauth]
Jun 25 23:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[581]: pam_unix(cron:session): session closed for user root
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2101]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: Successful su for rubyman by root
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: + ??? root:rubyman
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593225 of user rubyman.
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593225.
Jun 25 23:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31676]: pam_unix(cron:session): session closed for user root
Jun 25 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22  user=root
Jun 25 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2102]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 25 23:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: Failed password for root from 45.123.217.22 port 53086 ssh2
Jun 25 23:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: Received disconnect from 45.123.217.22 port 53086:11: Bye Bye [preauth]
Jun 25 23:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: Disconnected from 45.123.217.22 port 53086 [preauth]
Jun 25 23:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2365]: Failed password for root from 103.149.28.157 port 41794 ssh2
Jun 25 23:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2365]: Connection closed by 103.149.28.157 port 41794 [preauth]
Jun 25 23:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session closed for user root
Jun 25 23:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149  user=root
Jun 25 23:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Failed password for root from 2.27.20.149 port 38512 ssh2
Jun 25 23:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Received disconnect from 2.27.20.149 port 38512:11: Bye Bye [preauth]
Jun 25 23:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Disconnected from 2.27.20.149 port 38512 [preauth]
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2545]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2616]: Successful su for rubyman by root
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2616]: + ??? root:rubyman
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593228 of user rubyman.
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2616]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593228.
Jun 25 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32101]: pam_unix(cron:session): session closed for user root
Jun 25 23:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session closed for user root
Jun 25 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 25 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 25 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 25 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2954]: pam_unix(cron:session): session closed for user p13x
Jun 25 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3015]: Successful su for rubyman by root
Jun 25 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3015]: + ??? root:rubyman
Jun 25 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 25 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593235 of user rubyman.
Jun 25 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3015]: pam_unix(su:session): session closed for user rubyman
Jun 25 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593235.
Jun 25 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session closed for user root
Jun 25 23:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2955]: pam_unix(cron:session): session closed for user samftp
Jun 25 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2104]: pam_unix(cron:session): session closed for user root
Jun 25 23:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: Invalid user frappe from 2.27.20.149
Jun 25 23:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: input_userauth_request: invalid user frappe [preauth]
Jun 25 23:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 25 23:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: Failed password for invalid user frappe from 2.27.20.149 port 33802 ssh2
Jun 25 23:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: Received disconnect from 2.27.20.149 port 33802:11: Bye Bye [preauth]
Jun 25 23:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: Disconnected from 2.27.20.149 port 33802 [preauth]
Jun 25 23:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 25 23:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Invalid user user from 141.98.83.240
Jun 25 23:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: input_userauth_request: invalid user user [preauth]
Jun 25 23:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 25 23:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Failed password for invalid user user from 141.98.83.240 port 55912 ssh2
Jun 25 23:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Failed password for invalid user user from 141.98.83.240 port 55912 ssh2
Jun 25 23:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: pam_unix(sshd:auth): check pass; user unknown
Jun 25 23:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Failed password for invalid user user from 141.98.83.240 port 55912 ssh2
Jun 25 23:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Connection closed by 141.98.83.240 port 55912 [preauth]
Jun 25 23:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session closed for user root
Jun 26 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3348]: pam_unix(cron:session): session closed for user root
Jun 26 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3346]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3432]: Successful su for rubyman by root
Jun 26 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3432]: + ??? root:rubyman
Jun 26 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593239 of user rubyman.
Jun 26 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3432]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593239.
Jun 26 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session closed for user root
Jun 26 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session closed for user root
Jun 26 00:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3347]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Invalid user test from 45.123.217.22
Jun 26 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: input_userauth_request: invalid user test [preauth]
Jun 26 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 26 00:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Failed password for invalid user test from 45.123.217.22 port 33160 ssh2
Jun 26 00:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Received disconnect from 45.123.217.22 port 33160:11: Bye Bye [preauth]
Jun 26 00:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Disconnected from 45.123.217.22 port 33160 [preauth]
Jun 26 00:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 00:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Failed password for root from 103.82.20.28 port 59816 ssh2
Jun 26 00:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Connection closed by 103.82.20.28 port 59816 [preauth]
Jun 26 00:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2546]: pam_unix(cron:session): session closed for user root
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4031]: pam_unix(cron:session): session closed for user root
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4033]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4116]: Successful su for rubyman by root
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4116]: + ??? root:rubyman
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593244 of user rubyman.
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4116]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593244.
Jun 26 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session closed for user root
Jun 26 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4035]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 26 00:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4319]: Failed password for root from 193.46.255.86 port 56348 ssh2
Jun 26 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4319]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 56348 ssh2]
Jun 26 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4319]: Connection closed by 193.46.255.86 port 56348 [preauth]
Jun 26 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4319]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 26 00:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149  user=root
Jun 26 00:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: Failed password for root from 2.27.20.149 port 37854 ssh2
Jun 26 00:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: Received disconnect from 2.27.20.149 port 37854:11: Bye Bye [preauth]
Jun 26 00:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: Disconnected from 2.27.20.149 port 37854 [preauth]
Jun 26 00:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session closed for user root
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4470]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4535]: Successful su for rubyman by root
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4535]: + ??? root:rubyman
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593248 of user rubyman.
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4535]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593248.
Jun 26 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session closed for user root
Jun 26 00:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4474]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 00:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session closed for user root
Jun 26 00:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: Failed password for root from 38.93.206.2 port 18576 ssh2
Jun 26 00:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4903]: Connection closed by 38.93.206.2 port 18576 [preauth]
Jun 26 00:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 26 00:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Failed password for root from 147.45.211.215 port 44348 ssh2
Jun 26 00:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Connection closed by 147.45.211.215 port 44348 [preauth]
Jun 26 00:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4994]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5051]: Successful su for rubyman by root
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5051]: + ??? root:rubyman
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593252 of user rubyman.
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5051]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593252.
Jun 26 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Invalid user arjun from 45.123.217.22
Jun 26 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: input_userauth_request: invalid user arjun [preauth]
Jun 26 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 26 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2103]: pam_unix(cron:session): session closed for user root
Jun 26 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Failed password for invalid user arjun from 45.123.217.22 port 45528 ssh2
Jun 26 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Received disconnect from 45.123.217.22 port 45528:11: Bye Bye [preauth]
Jun 26 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Disconnected from 45.123.217.22 port 45528 [preauth]
Jun 26 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4995]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149  user=root
Jun 26 00:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5233]: Failed password for root from 2.27.20.149 port 55164 ssh2
Jun 26 00:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5233]: Received disconnect from 2.27.20.149 port 55164:11: Bye Bye [preauth]
Jun 26 00:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5233]: Disconnected from 2.27.20.149 port 55164 [preauth]
Jun 26 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4037]: pam_unix(cron:session): session closed for user root
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5465]: Successful su for rubyman by root
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5465]: + ??? root:rubyman
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593257 of user rubyman.
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5465]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593257.
Jun 26 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2545]: pam_unix(cron:session): session closed for user root
Jun 26 00:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session closed for user root
Jun 26 00:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Invalid user cisco from 2.27.20.149
Jun 26 00:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: input_userauth_request: invalid user cisco [preauth]
Jun 26 00:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 26 00:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Failed password for invalid user cisco from 2.27.20.149 port 33424 ssh2
Jun 26 00:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Received disconnect from 2.27.20.149 port 33424:11: Bye Bye [preauth]
Jun 26 00:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Disconnected from 2.27.20.149 port 33424 [preauth]
Jun 26 00:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5799]: pam_unix(cron:session): session closed for user root
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Connection reset by 45.148.10.157 port 48598 [preauth]
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5868]: Successful su for rubyman by root
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5868]: + ??? root:rubyman
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593262 of user rubyman.
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5868]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593262.
Jun 26 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session closed for user root
Jun 26 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session closed for user root
Jun 26 00:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5795]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4997]: pam_unix(cron:session): session closed for user root
Jun 26 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22  user=root
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6216]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6282]: Successful su for rubyman by root
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6282]: + ??? root:rubyman
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593266 of user rubyman.
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6282]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593266.
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: Failed password for root from 45.123.217.22 port 49948 ssh2
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: Received disconnect from 45.123.217.22 port 49948:11: Bye Bye [preauth]
Jun 26 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6204]: Disconnected from 45.123.217.22 port 49948 [preauth]
Jun 26 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session closed for user root
Jun 26 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6217]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149  user=root
Jun 26 00:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Failed password for root from 2.27.20.149 port 59210 ssh2
Jun 26 00:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Received disconnect from 2.27.20.149 port 59210:11: Bye Bye [preauth]
Jun 26 00:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Disconnected from 2.27.20.149 port 59210 [preauth]
Jun 26 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5403]: pam_unix(cron:session): session closed for user root
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6610]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6679]: Successful su for rubyman by root
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6679]: + ??? root:rubyman
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593271 of user rubyman.
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6679]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593271.
Jun 26 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4036]: pam_unix(cron:session): session closed for user root
Jun 26 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6611]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5798]: pam_unix(cron:session): session closed for user root
Jun 26 00:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 00:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Failed password for root from 77.94.47.83 port 50758 ssh2
Jun 26 00:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Connection closed by 77.94.47.83 port 50758 [preauth]
Jun 26 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7186]: Successful su for rubyman by root
Jun 26 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7186]: + ??? root:rubyman
Jun 26 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593275 of user rubyman.
Jun 26 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7186]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593275.
Jun 26 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session closed for user root
Jun 26 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7122]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Invalid user farid from 2.27.20.149
Jun 26 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: input_userauth_request: invalid user farid [preauth]
Jun 26 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 26 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Failed password for invalid user farid from 2.27.20.149 port 36448 ssh2
Jun 26 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Received disconnect from 2.27.20.149 port 36448:11: Bye Bye [preauth]
Jun 26 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Disconnected from 2.27.20.149 port 36448 [preauth]
Jun 26 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Failed password for root from 193.37.70.224 port 55924 ssh2
Jun 26 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Connection closed by 193.37.70.224 port 55924 [preauth]
Jun 26 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session closed for user root
Jun 26 00:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Invalid user integral from 45.123.217.22
Jun 26 00:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: input_userauth_request: invalid user integral [preauth]
Jun 26 00:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 26 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Failed password for invalid user integral from 45.123.217.22 port 49884 ssh2
Jun 26 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Received disconnect from 45.123.217.22 port 49884:11: Bye Bye [preauth]
Jun 26 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Disconnected from 45.123.217.22 port 49884 [preauth]
Jun 26 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7526]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7745]: Successful su for rubyman by root
Jun 26 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7745]: + ??? root:rubyman
Jun 26 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593279 of user rubyman.
Jun 26 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7745]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593279.
Jun 26 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7522]: pam_unix(cron:session): session closed for user root
Jun 26 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4996]: pam_unix(cron:session): session closed for user root
Jun 26 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7527]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session closed for user root
Jun 26 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 00:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Failed password for root from 103.122.221.179 port 55032 ssh2
Jun 26 00:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Connection closed by 103.122.221.179 port 55032 [preauth]
Jun 26 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Invalid user devops from 2.27.20.149
Jun 26 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: input_userauth_request: invalid user devops [preauth]
Jun 26 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.27.20.149
Jun 26 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Failed password for invalid user devops from 2.27.20.149 port 39934 ssh2
Jun 26 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Received disconnect from 2.27.20.149 port 39934:11: Bye Bye [preauth]
Jun 26 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Disconnected from 2.27.20.149 port 39934 [preauth]
Jun 26 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8103]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8104]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session closed for user root
Jun 26 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8101]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8172]: Successful su for rubyman by root
Jun 26 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8172]: + ??? root:rubyman
Jun 26 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593285 of user rubyman.
Jun 26 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8172]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593285.
Jun 26 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8103]: pam_unix(cron:session): session closed for user root
Jun 26 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5402]: pam_unix(cron:session): session closed for user root
Jun 26 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8102]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: Failed password for root from 103.176.20.57 port 36482 ssh2
Jun 26 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8405]: Connection closed by 103.176.20.57 port 36482 [preauth]
Jun 26 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7124]: pam_unix(cron:session): session closed for user root
Jun 26 00:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 00:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: Failed password for root from 87.251.79.125 port 59254 ssh2
Jun 26 00:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: Connection closed by 87.251.79.125 port 59254 [preauth]
Jun 26 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8541]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8609]: Successful su for rubyman by root
Jun 26 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8609]: + ??? root:rubyman
Jun 26 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593289 of user rubyman.
Jun 26 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8609]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593289.
Jun 26 00:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5797]: pam_unix(cron:session): session closed for user root
Jun 26 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8542]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7529]: pam_unix(cron:session): session closed for user root
Jun 26 00:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 00:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for root from 62.133.62.83 port 37616 ssh2
Jun 26 00:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Connection closed by 62.133.62.83 port 37616 [preauth]
Jun 26 00:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: Invalid user tomcat from 45.123.217.22
Jun 26 00:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: input_userauth_request: invalid user tomcat [preauth]
Jun 26 00:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 26 00:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: Failed password for invalid user tomcat from 45.123.217.22 port 50376 ssh2
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: Received disconnect from 45.123.217.22 port 50376:11: Bye Bye [preauth]
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8931]: Disconnected from 45.123.217.22 port 50376 [preauth]
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8942]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9007]: Successful su for rubyman by root
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9007]: + ??? root:rubyman
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593294 of user rubyman.
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9007]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593294.
Jun 26 00:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6218]: pam_unix(cron:session): session closed for user root
Jun 26 00:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8943]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 00:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: Failed password for root from 103.15.222.183 port 55180 ssh2
Jun 26 00:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9218]: Connection closed by 103.15.222.183 port 55180 [preauth]
Jun 26 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8105]: pam_unix(cron:session): session closed for user root
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9338]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9396]: Successful su for rubyman by root
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9396]: + ??? root:rubyman
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593298 of user rubyman.
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9396]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593298.
Jun 26 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session closed for user root
Jun 26 00:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9339]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 00:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: Failed password for root from 103.77.242.62 port 53272 ssh2
Jun 26 00:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: Connection closed by 103.77.242.62 port 53272 [preauth]
Jun 26 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8544]: pam_unix(cron:session): session closed for user root
Jun 26 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9734]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9732]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: Successful su for rubyman by root
Jun 26 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: + ??? root:rubyman
Jun 26 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593302 of user rubyman.
Jun 26 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9796]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593302.
Jun 26 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7123]: pam_unix(cron:session): session closed for user root
Jun 26 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9733]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8945]: pam_unix(cron:session): session closed for user root
Jun 26 00:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: Invalid user shoply from 45.123.217.22
Jun 26 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: input_userauth_request: invalid user shoply [preauth]
Jun 26 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 26 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: Failed password for invalid user shoply from 45.123.217.22 port 55152 ssh2
Jun 26 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: Received disconnect from 45.123.217.22 port 55152:11: Bye Bye [preauth]
Jun 26 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: Disconnected from 45.123.217.22 port 55152 [preauth]
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session closed for user root
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10398]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10466]: Successful su for rubyman by root
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10466]: + ??? root:rubyman
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593307 of user rubyman.
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10466]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593307.
Jun 26 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10401]: pam_unix(cron:session): session closed for user root
Jun 26 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7528]: pam_unix(cron:session): session closed for user root
Jun 26 00:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10399]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 00:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10750]: Failed password for root from 194.113.233.25 port 43306 ssh2
Jun 26 00:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10750]: Connection closed by 194.113.233.25 port 43306 [preauth]
Jun 26 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9341]: pam_unix(cron:session): session closed for user root
Jun 26 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10917]: Successful su for rubyman by root
Jun 26 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10917]: + ??? root:rubyman
Jun 26 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593311 of user rubyman.
Jun 26 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10917]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593311.
Jun 26 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8104]: pam_unix(cron:session): session closed for user root
Jun 26 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10849]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9735]: pam_unix(cron:session): session closed for user root
Jun 26 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session closed for user root
Jun 26 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11274]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: Successful su for rubyman by root
Jun 26 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: + ??? root:rubyman
Jun 26 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593316 of user rubyman.
Jun 26 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593316.
Jun 26 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8543]: pam_unix(cron:session): session closed for user root
Jun 26 00:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11275]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 00:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: Failed password for root from 109.237.96.109 port 57926 ssh2
Jun 26 00:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: Connection closed by 109.237.96.109 port 57926 [preauth]
Jun 26 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10403]: pam_unix(cron:session): session closed for user root
Jun 26 00:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 00:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Failed password for root from 51.250.105.222 port 52536 ssh2
Jun 26 00:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Connection closed by 51.250.105.222 port 52536 [preauth]
Jun 26 00:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 00:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22  user=root
Jun 26 00:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11678]: Failed password for root from 103.172.78.219 port 50458 ssh2
Jun 26 00:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11678]: Connection closed by 103.172.78.219 port 50458 [preauth]
Jun 26 00:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Failed password for root from 45.123.217.22 port 56822 ssh2
Jun 26 00:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Received disconnect from 45.123.217.22 port 56822:11: Bye Bye [preauth]
Jun 26 00:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: Disconnected from 45.123.217.22 port 56822 [preauth]
Jun 26 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11692]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11770]: Successful su for rubyman by root
Jun 26 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11770]: + ??? root:rubyman
Jun 26 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593321 of user rubyman.
Jun 26 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11770]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593321.
Jun 26 00:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8944]: pam_unix(cron:session): session closed for user root
Jun 26 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11693]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10851]: pam_unix(cron:session): session closed for user root
Jun 26 00:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 00:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: Failed password for root from 147.45.199.80 port 34918 ssh2
Jun 26 00:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: Connection closed by 147.45.199.80 port 34918 [preauth]
Jun 26 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12145]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12211]: Successful su for rubyman by root
Jun 26 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12211]: + ??? root:rubyman
Jun 26 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593324 of user rubyman.
Jun 26 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12211]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593324.
Jun 26 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9340]: pam_unix(cron:session): session closed for user root
Jun 26 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12146]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11277]: pam_unix(cron:session): session closed for user root
Jun 26 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12677]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12680]: pam_unix(cron:session): session closed for user root
Jun 26 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12675]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12749]: Successful su for rubyman by root
Jun 26 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12749]: + ??? root:rubyman
Jun 26 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593330 of user rubyman.
Jun 26 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12749]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593330.
Jun 26 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12677]: pam_unix(cron:session): session closed for user root
Jun 26 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9734]: pam_unix(cron:session): session closed for user root
Jun 26 00:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12676]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11695]: pam_unix(cron:session): session closed for user root
Jun 26 00:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Invalid user alex from 45.123.217.22
Jun 26 00:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: input_userauth_request: invalid user alex [preauth]
Jun 26 00:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 26 00:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Failed password for invalid user alex from 45.123.217.22 port 45878 ssh2
Jun 26 00:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Received disconnect from 45.123.217.22 port 45878:11: Bye Bye [preauth]
Jun 26 00:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Disconnected from 45.123.217.22 port 45878 [preauth]
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13120]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13198]: Successful su for rubyman by root
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13198]: + ??? root:rubyman
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593336 of user rubyman.
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13198]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593336.
Jun 26 00:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10402]: pam_unix(cron:session): session closed for user root
Jun 26 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13121]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12148]: pam_unix(cron:session): session closed for user root
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13593]: Successful su for rubyman by root
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13593]: + ??? root:rubyman
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593339 of user rubyman.
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13593]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593339.
Jun 26 00:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session closed for user root
Jun 26 00:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12679]: pam_unix(cron:session): session closed for user root
Jun 26 00:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Did not receive identification string from 95.216.102.220
Jun 26 00:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.84.101.167  user=root
Jun 26 00:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Failed password for root from 20.84.101.167 port 49614 ssh2
Jun 26 00:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Connection closed by 20.84.101.167 port 49614 [preauth]
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14018]: Successful su for rubyman by root
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14018]: + ??? root:rubyman
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593342 of user rubyman.
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14018]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593342.
Jun 26 00:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11276]: pam_unix(cron:session): session closed for user root
Jun 26 00:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13952]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13123]: pam_unix(cron:session): session closed for user root
Jun 26 00:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Invalid user user2 from 45.123.217.22
Jun 26 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: input_userauth_request: invalid user user2 [preauth]
Jun 26 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 26 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Failed password for invalid user user2 from 45.123.217.22 port 51164 ssh2
Jun 26 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Received disconnect from 45.123.217.22 port 51164:11: Bye Bye [preauth]
Jun 26 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Disconnected from 45.123.217.22 port 51164 [preauth]
Jun 26 00:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.245.32.125  user=root
Jun 26 00:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Failed password for root from 151.245.32.125 port 40156 ssh2
Jun 26 00:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Connection closed by 151.245.32.125 port 40156 [preauth]
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14402]: Successful su for rubyman by root
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14402]: + ??? root:rubyman
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593346 of user rubyman.
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14402]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593346.
Jun 26 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11694]: pam_unix(cron:session): session closed for user root
Jun 26 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.126  user=root
Jun 26 00:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: Failed password for root from 202.29.220.126 port 62258 ssh2
Jun 26 00:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: Connection closed by 202.29.220.126 port 62258 [preauth]
Jun 26 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13533]: pam_unix(cron:session): session closed for user root
Jun 26 00:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 00:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14738]: Failed password for root from 202.178.126.219 port 11081 ssh2
Jun 26 00:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14738]: Connection closed by 202.178.126.219 port 11081 [preauth]
Jun 26 00:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.224.166  user=root
Jun 26 00:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: Failed password for root from 202.29.224.166 port 37666 ssh2
Jun 26 00:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14803]: Connection closed by 202.29.224.166 port 37666 [preauth]
Jun 26 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14829]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14829]: pam_unix(cron:session): session closed for user root
Jun 26 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14824]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14898]: Successful su for rubyman by root
Jun 26 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14898]: + ??? root:rubyman
Jun 26 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593350 of user rubyman.
Jun 26 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14898]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593350.
Jun 26 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14826]: pam_unix(cron:session): session closed for user root
Jun 26 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12147]: pam_unix(cron:session): session closed for user root
Jun 26 00:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14825]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Invalid user admin from 2.57.121.25
Jun 26 00:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: input_userauth_request: invalid user admin [preauth]
Jun 26 00:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 00:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Failed password for invalid user admin from 2.57.121.25 port 50230 ssh2
Jun 26 00:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Failed password for invalid user admin from 2.57.121.25 port 50230 ssh2
Jun 26 00:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Failed password for invalid user admin from 2.57.121.25 port 50230 ssh2
Jun 26 00:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: Connection closed by 2.57.121.25 port 50230 [preauth]
Jun 26 00:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15118]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 00:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13954]: pam_unix(cron:session): session closed for user root
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15334]: Successful su for rubyman by root
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15334]: + ??? root:rubyman
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593356 of user rubyman.
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15334]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593356.
Jun 26 00:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12678]: pam_unix(cron:session): session closed for user root
Jun 26 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.6  user=root
Jun 26 00:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: Failed password for root from 202.29.220.6 port 6705 ssh2
Jun 26 00:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: Connection closed by 202.29.220.6 port 6705 [preauth]
Jun 26 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14344]: pam_unix(cron:session): session closed for user root
Jun 26 00:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Invalid user hu from 45.123.217.22
Jun 26 00:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: input_userauth_request: invalid user hu [preauth]
Jun 26 00:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 26 00:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Failed password for invalid user hu from 45.123.217.22 port 46788 ssh2
Jun 26 00:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Received disconnect from 45.123.217.22 port 46788:11: Bye Bye [preauth]
Jun 26 00:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Disconnected from 45.123.217.22 port 46788 [preauth]
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15726]: Successful su for rubyman by root
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15726]: + ??? root:rubyman
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593360 of user rubyman.
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15726]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593360.
Jun 26 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13122]: pam_unix(cron:session): session closed for user root
Jun 26 00:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.89.209  user=root
Jun 26 00:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Failed password for root from 174.138.89.209 port 51130 ssh2
Jun 26 00:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Connection closed by 174.138.89.209 port 51130 [preauth]
Jun 26 00:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14828]: pam_unix(cron:session): session closed for user root
Jun 26 00:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.62.111.247  user=root
Jun 26 00:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 00:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Failed password for root from 211.62.111.247 port 52796 ssh2
Jun 26 00:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Connection closed by 211.62.111.247 port 52796 [preauth]
Jun 26 00:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: Failed password for root from 103.153.68.219 port 54454 ssh2
Jun 26 00:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: Connection closed by 103.153.68.219 port 54454 [preauth]
Jun 26 00:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 00:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16040]: Failed password for root from 103.27.238.120 port 48844 ssh2
Jun 26 00:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16040]: Connection closed by 103.27.238.120 port 48844 [preauth]
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16052]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16114]: Successful su for rubyman by root
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16114]: + ??? root:rubyman
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593366 of user rubyman.
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16114]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593366.
Jun 26 00:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13532]: pam_unix(cron:session): session closed for user root
Jun 26 00:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16054]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.130  user=root
Jun 26 00:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16349]: Failed password for root from 202.29.220.130 port 59016 ssh2
Jun 26 00:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16349]: Connection closed by 202.29.220.130 port 59016 [preauth]
Jun 26 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session closed for user root
Jun 26 00:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.20.228.110  user=root
Jun 26 00:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: Failed password for root from 1.20.228.110 port 60590 ssh2
Jun 26 00:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: Connection closed by 1.20.228.110 port 60590 [preauth]
Jun 26 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16442]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16514]: Successful su for rubyman by root
Jun 26 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16514]: + ??? root:rubyman
Jun 26 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593369 of user rubyman.
Jun 26 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16514]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593369.
Jun 26 00:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13953]: pam_unix(cron:session): session closed for user root
Jun 26 00:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16441]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: Invalid user info from 45.123.217.22
Jun 26 00:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: input_userauth_request: invalid user info [preauth]
Jun 26 00:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 26 00:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: Failed password for invalid user info from 45.123.217.22 port 43112 ssh2
Jun 26 00:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: Received disconnect from 45.123.217.22 port 43112:11: Bye Bye [preauth]
Jun 26 00:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: Disconnected from 45.123.217.22 port 43112 [preauth]
Jun 26 00:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.89.209  user=root
Jun 26 00:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Failed password for root from 174.138.89.209 port 50194 ssh2
Jun 26 00:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Connection closed by 174.138.89.209 port 50194 [preauth]
Jun 26 00:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session closed for user root
Jun 26 00:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.228.248  user=root
Jun 26 00:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Failed password for root from 202.29.228.248 port 51964 ssh2
Jun 26 00:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Connection closed by 202.29.228.248 port 51964 [preauth]
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16891]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16894]: pam_unix(cron:session): session closed for user root
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16865]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17024]: Successful su for rubyman by root
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17024]: + ??? root:rubyman
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593372 of user rubyman.
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17024]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593372.
Jun 26 00:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16891]: pam_unix(cron:session): session closed for user root
Jun 26 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14343]: pam_unix(cron:session): session closed for user root
Jun 26 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Invalid user  from 141.98.83.240
Jun 26 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: input_userauth_request: invalid user  [preauth]
Jun 26 00:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 00:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16870]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Failed password for invalid user  from 141.98.83.240 port 21860 ssh2
Jun 26 00:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Connection closed by 141.98.83.240 port 21860 [preauth]
Jun 26 00:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Invalid user appuser from 141.98.83.240
Jun 26 00:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: input_userauth_request: invalid user appuser [preauth]
Jun 26 00:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 00:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Failed password for invalid user appuser from 141.98.83.240 port 21890 ssh2
Jun 26 00:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Failed password for invalid user appuser from 141.98.83.240 port 21890 ssh2
Jun 26 00:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Connection closed by 141.98.83.240 port 21890 [preauth]
Jun 26 00:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 00:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16056]: pam_unix(cron:session): session closed for user root
Jun 26 00:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: Connection closed by 194.59.206.2 port 40330 [preauth]
Jun 26 00:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.191.143  user=root
Jun 26 00:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Failed password for root from 68.183.191.143 port 53102 ssh2
Jun 26 00:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Connection closed by 68.183.191.143 port 53102 [preauth]
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17392]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17472]: Successful su for rubyman by root
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17472]: + ??? root:rubyman
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593380 of user rubyman.
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17472]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593380.
Jun 26 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14827]: pam_unix(cron:session): session closed for user root
Jun 26 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17393]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.227.153.56  user=root
Jun 26 00:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Failed password for root from 185.227.153.56 port 44510 ssh2
Jun 26 00:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Connection closed by 185.227.153.56 port 44510 [preauth]
Jun 26 00:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16443]: pam_unix(cron:session): session closed for user root
Jun 26 00:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.4.92  user=root
Jun 26 00:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: Failed password for root from 165.154.4.92 port 47146 ssh2
Jun 26 00:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: Connection closed by 165.154.4.92 port 47146 [preauth]
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17900]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17962]: Successful su for rubyman by root
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17962]: + ??? root:rubyman
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593382 of user rubyman.
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17962]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593382.
Jun 26 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session closed for user root
Jun 26 00:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17901]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22  user=root
Jun 26 00:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: Failed password for root from 45.123.217.22 port 49372 ssh2
Jun 26 00:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: Received disconnect from 45.123.217.22 port 49372:11: Bye Bye [preauth]
Jun 26 00:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18138]: Disconnected from 45.123.217.22 port 49372 [preauth]
Jun 26 00:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16893]: pam_unix(cron:session): session closed for user root
Jun 26 00:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.149.97  user=root
Jun 26 00:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Failed password for root from 51.15.149.97 port 54668 ssh2
Jun 26 00:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Connection closed by 51.15.149.97 port 54668 [preauth]
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18336]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: Successful su for rubyman by root
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: + ??? root:rubyman
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593387 of user rubyman.
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593387.
Jun 26 00:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session closed for user root
Jun 26 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18337]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17395]: pam_unix(cron:session): session closed for user root
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18907]: Successful su for rubyman by root
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18907]: + ??? root:rubyman
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593390 of user rubyman.
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18907]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593390.
Jun 26 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16055]: pam_unix(cron:session): session closed for user root
Jun 26 00:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.149.97  user=root
Jun 26 00:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Failed password for root from 51.15.149.97 port 17817 ssh2
Jun 26 00:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Connection closed by 51.15.149.97 port 17817 [preauth]
Jun 26 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17903]: pam_unix(cron:session): session closed for user root
Jun 26 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 00:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19275]: Failed password for root from 80.66.85.226 port 48266 ssh2
Jun 26 00:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19275]: Connection closed by 80.66.85.226 port 48266 [preauth]
Jun 26 00:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134  user=root
Jun 26 00:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Failed password for root from 177.53.215.134 port 53504 ssh2
Jun 26 00:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Received disconnect from 177.53.215.134 port 53504:11: Bye Bye [preauth]
Jun 26 00:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Disconnected from 177.53.215.134 port 53504 [preauth]
Jun 26 00:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22  user=root
Jun 26 00:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: Failed password for root from 45.123.217.22 port 54442 ssh2
Jun 26 00:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: Received disconnect from 45.123.217.22 port 54442:11: Bye Bye [preauth]
Jun 26 00:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: Disconnected from 45.123.217.22 port 54442 [preauth]
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19342]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19345]: pam_unix(cron:session): session closed for user root
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19339]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19412]: Successful su for rubyman by root
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19412]: + ??? root:rubyman
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593396 of user rubyman.
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19412]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593396.
Jun 26 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19342]: pam_unix(cron:session): session closed for user root
Jun 26 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16442]: pam_unix(cron:session): session closed for user root
Jun 26 00:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19340]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.27.99.9  user=root
Jun 26 00:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19877]: Failed password for root from 179.27.99.9 port 44202 ssh2
Jun 26 00:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19877]: Connection closed by 179.27.99.9 port 44202 [preauth]
Jun 26 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18339]: pam_unix(cron:session): session closed for user root
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19996]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: Successful su for rubyman by root
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: + ??? root:rubyman
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593400 of user rubyman.
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593400.
Jun 26 00:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16892]: pam_unix(cron:session): session closed for user root
Jun 26 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19997]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.19.232  user=root
Jun 26 00:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: Failed password for root from 206.189.19.232 port 59854 ssh2
Jun 26 00:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20378]: Connection closed by 206.189.19.232 port 59854 [preauth]
Jun 26 00:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18843]: pam_unix(cron:session): session closed for user root
Jun 26 00:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Invalid user socksuser from 150.241.113.163
Jun 26 00:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: input_userauth_request: invalid user socksuser [preauth]
Jun 26 00:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 00:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Failed password for invalid user socksuser from 150.241.113.163 port 51916 ssh2
Jun 26 00:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Received disconnect from 150.241.113.163 port 51916:11: Bye Bye [preauth]
Jun 26 00:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Disconnected from 150.241.113.163 port 51916 [preauth]
Jun 26 00:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.99.188.194  user=root
Jun 26 00:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: Failed password for root from 46.99.188.194 port 51492 ssh2
Jun 26 00:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: Connection closed by 46.99.188.194 port 51492 [preauth]
Jun 26 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20509]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: Successful su for rubyman by root
Jun 26 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: + ??? root:rubyman
Jun 26 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593405 of user rubyman.
Jun 26 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593405.
Jun 26 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17394]: pam_unix(cron:session): session closed for user root
Jun 26 00:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20510]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.118.107.46  user=root
Jun 26 00:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20891]: Failed password for root from 83.118.107.46 port 33236 ssh2
Jun 26 00:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20891]: Connection closed by 83.118.107.46 port 33236 [preauth]
Jun 26 00:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19344]: pam_unix(cron:session): session closed for user root
Jun 26 00:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Invalid user dev from 45.123.217.22
Jun 26 00:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: input_userauth_request: invalid user dev [preauth]
Jun 26 00:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22
Jun 26 00:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Failed password for invalid user dev from 45.123.217.22 port 42176 ssh2
Jun 26 00:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Received disconnect from 45.123.217.22 port 42176:11: Bye Bye [preauth]
Jun 26 00:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Disconnected from 45.123.217.22 port 42176 [preauth]
Jun 26 00:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.68.186.7  user=root
Jun 26 00:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Failed password for root from 36.68.186.7 port 49744 ssh2
Jun 26 00:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Connection closed by 36.68.186.7 port 49744 [preauth]
Jun 26 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21001]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21066]: Successful su for rubyman by root
Jun 26 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21066]: + ??? root:rubyman
Jun 26 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593408 of user rubyman.
Jun 26 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21066]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593408.
Jun 26 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17902]: pam_unix(cron:session): session closed for user root
Jun 26 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.132.36  user=root
Jun 26 00:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: Failed password for root from 159.192.132.36 port 36314 ssh2
Jun 26 00:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21316]: Connection closed by 159.192.132.36 port 36314 [preauth]
Jun 26 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19999]: pam_unix(cron:session): session closed for user root
Jun 26 00:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.236.76  user=root
Jun 26 00:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21408]: Failed password for root from 202.29.236.76 port 34808 ssh2
Jun 26 00:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21408]: Connection closed by 202.29.236.76 port 34808 [preauth]
Jun 26 00:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21412]: Did not receive identification string from 45.79.207.71
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21559]: Successful su for rubyman by root
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21559]: + ??? root:rubyman
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593414 of user rubyman.
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21559]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593414.
Jun 26 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21422]: pam_unix(cron:session): session closed for user root
Jun 26 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18338]: pam_unix(cron:session): session closed for user root
Jun 26 00:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21425]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
Jun 26 00:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21825]: Failed password for root from 51.178.114.78 port 60252 ssh2
Jun 26 00:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21825]: Received disconnect from 51.178.114.78 port 60252:11: Bye Bye [preauth]
Jun 26 00:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21825]: Disconnected from 51.178.114.78 port 60252 [preauth]
Jun 26 00:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.17.133.31  user=root
Jun 26 00:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21827]: Failed password for root from 27.17.133.31 port 33790 ssh2
Jun 26 00:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21827]: Connection closed by 27.17.133.31 port 33790 [preauth]
Jun 26 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21873]: Connection closed by 192.155.90.220 port 24424 [preauth]
Jun 26 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21887]: Connection closed by 192.155.90.220 port 24428 [preauth]
Jun 26 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21889]: fatal: Unable to negotiate with 192.155.90.220 port 24430: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Jun 26 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20512]: pam_unix(cron:session): session closed for user root
Jun 26 00:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.126  user=root
Jun 26 00:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Failed password for root from 202.29.220.126 port 30071 ssh2
Jun 26 00:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Connection closed by 202.29.220.126 port 30071 [preauth]
Jun 26 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session closed for user root
Jun 26 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21959]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22025]: Successful su for rubyman by root
Jun 26 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22025]: + ??? root:rubyman
Jun 26 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593421 of user rubyman.
Jun 26 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22025]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593421.
Jun 26 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session closed for user root
Jun 26 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21961]: pam_unix(cron:session): session closed for user root
Jun 26 00:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21960]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.230.5  user=root
Jun 26 00:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: Failed password for root from 202.29.230.5 port 41666 ssh2
Jun 26 00:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: Connection closed by 202.29.230.5 port 41666 [preauth]
Jun 26 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21004]: pam_unix(cron:session): session closed for user root
Jun 26 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.123.217.22  user=root
Jun 26 00:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: Failed password for root from 45.123.217.22 port 40332 ssh2
Jun 26 00:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: Received disconnect from 45.123.217.22 port 40332:11: Bye Bye [preauth]
Jun 26 00:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: Disconnected from 45.123.217.22 port 40332 [preauth]
Jun 26 00:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.146.182  user=root
Jun 26 00:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: Failed password for root from 152.32.146.182 port 53410 ssh2
Jun 26 00:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: Connection closed by 152.32.146.182 port 53410 [preauth]
Jun 26 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22482]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22550]: Successful su for rubyman by root
Jun 26 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22550]: + ??? root:rubyman
Jun 26 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593423 of user rubyman.
Jun 26 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22550]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593423.
Jun 26 00:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19343]: pam_unix(cron:session): session closed for user root
Jun 26 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 26 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22483]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: Failed password for root from 176.32.39.21 port 36578 ssh2
Jun 26 00:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22687]: Connection closed by 176.32.39.21 port 36578 [preauth]
Jun 26 00:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.135.24.10  user=root
Jun 26 00:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22807]: Failed password for root from 206.135.24.10 port 53140 ssh2
Jun 26 00:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22807]: Connection closed by 206.135.24.10 port 53140 [preauth]
Jun 26 00:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21427]: pam_unix(cron:session): session closed for user root
Jun 26 00:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 00:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: Failed password for root from 103.90.227.203 port 54040 ssh2
Jun 26 00:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: Received disconnect from 103.90.227.203 port 54040:11: Bye Bye [preauth]
Jun 26 00:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22880]: Disconnected from 103.90.227.203 port 54040 [preauth]
Jun 26 00:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.126  user=root
Jun 26 00:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22890]: Failed password for root from 202.29.220.126 port 10876 ssh2
Jun 26 00:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22890]: Connection closed by 202.29.220.126 port 10876 [preauth]
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22902]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22968]: Successful su for rubyman by root
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22968]: + ??? root:rubyman
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593428 of user rubyman.
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22968]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593428.
Jun 26 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19998]: pam_unix(cron:session): session closed for user root
Jun 26 00:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22903]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.131.130.11  user=root
Jun 26 00:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23204]: Failed password for root from 114.131.130.11 port 50558 ssh2
Jun 26 00:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23204]: Connection closed by 114.131.130.11 port 50558 [preauth]
Jun 26 00:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session closed for user root
Jun 26 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23318]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23313]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23384]: Successful su for rubyman by root
Jun 26 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23384]: + ??? root:rubyman
Jun 26 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593431 of user rubyman.
Jun 26 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23384]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593431.
Jun 26 00:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20511]: pam_unix(cron:session): session closed for user root
Jun 26 00:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23314]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.240.87.244  user=root
Jun 26 00:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: Failed password for root from 77.240.87.244 port 52854 ssh2
Jun 26 00:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: Connection closed by 77.240.87.244 port 52854 [preauth]
Jun 26 00:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22488]: pam_unix(cron:session): session closed for user root
Jun 26 00:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.136.54  user=root
Jun 26 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23712]: Failed password for root from 157.230.136.54 port 46164 ssh2
Jun 26 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23712]: Connection closed by 157.230.136.54 port 46164 [preauth]
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23734]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23809]: Successful su for rubyman by root
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23809]: + ??? root:rubyman
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593436 of user rubyman.
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23809]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593436.
Jun 26 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21003]: pam_unix(cron:session): session closed for user root
Jun 26 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23735]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22905]: pam_unix(cron:session): session closed for user root
Jun 26 00:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.6  user=root
Jun 26 00:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Failed password for root from 202.29.220.6 port 44210 ssh2
Jun 26 00:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Connection closed by 202.29.220.6 port 44210 [preauth]
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24257]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24258]: pam_unix(cron:session): session closed for user root
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24338]: Successful su for rubyman by root
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24338]: + ??? root:rubyman
Jun 26 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593441 of user rubyman.
Jun 26 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24338]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593441.
Jun 26 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session closed for user root
Jun 26 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21426]: pam_unix(cron:session): session closed for user root
Jun 26 00:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24253]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.187.64.123  user=root
Jun 26 00:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: Failed password for root from 31.187.64.123 port 55958 ssh2
Jun 26 00:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: Connection closed by 31.187.64.123 port 55958 [preauth]
Jun 26 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23319]: pam_unix(cron:session): session closed for user root
Jun 26 00:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.13.207.88  user=root
Jun 26 00:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: Failed password for root from 103.13.207.88 port 46812 ssh2
Jun 26 00:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: Connection closed by 103.13.207.88 port 46812 [preauth]
Jun 26 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24724]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24797]: Successful su for rubyman by root
Jun 26 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24797]: + ??? root:rubyman
Jun 26 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593447 of user rubyman.
Jun 26 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24797]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593447.
Jun 26 00:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21962]: pam_unix(cron:session): session closed for user root
Jun 26 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24725]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session closed for user root
Jun 26 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25069]: Invalid user aria from 177.53.215.134
Jun 26 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25069]: input_userauth_request: invalid user aria [preauth]
Jun 26 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25069]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25069]: Failed password for invalid user aria from 177.53.215.134 port 59318 ssh2
Jun 26 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25069]: Received disconnect from 177.53.215.134 port 59318:11: Bye Bye [preauth]
Jun 26 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25069]: Disconnected from 177.53.215.134 port 59318 [preauth]
Jun 26 00:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Invalid user vendas from 51.178.114.78
Jun 26 00:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: input_userauth_request: invalid user vendas [preauth]
Jun 26 00:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 00:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Failed password for invalid user vendas from 51.178.114.78 port 53164 ssh2
Jun 26 00:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Received disconnect from 51.178.114.78 port 53164:11: Bye Bye [preauth]
Jun 26 00:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Disconnected from 51.178.114.78 port 53164 [preauth]
Jun 26 00:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.126  user=root
Jun 26 00:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Failed password for root from 202.29.220.126 port 64492 ssh2
Jun 26 00:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25113]: Connection closed by 202.29.220.126 port 64492 [preauth]
Jun 26 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25134]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25135]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25201]: Successful su for rubyman by root
Jun 26 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25201]: + ??? root:rubyman
Jun 26 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593450 of user rubyman.
Jun 26 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25201]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593450.
Jun 26 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22487]: pam_unix(cron:session): session closed for user root
Jun 26 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 00:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25133]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Failed password for root from 38.93.206.2 port 37930 ssh2
Jun 26 00:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Connection closed by 38.93.206.2 port 37930 [preauth]
Jun 26 00:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 00:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: Failed password for root from 143.20.185.207 port 49174 ssh2
Jun 26 00:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: Connection closed by 143.20.185.207 port 49174 [preauth]
Jun 26 00:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.228.248  user=root
Jun 26 00:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: Failed password for root from 202.29.228.248 port 56744 ssh2
Jun 26 00:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: Connection closed by 202.29.228.248 port 56744 [preauth]
Jun 26 00:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24257]: pam_unix(cron:session): session closed for user root
Jun 26 00:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Failed password for root from 120.48.84.44 port 55894 ssh2
Jun 26 00:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Connection closed by 120.48.84.44 port 55894 [preauth]
Jun 26 00:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: Failed password for root from 120.48.84.44 port 33038 ssh2
Jun 26 00:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: Connection closed by 120.48.84.44 port 33038 [preauth]
Jun 26 00:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Failed password for root from 120.48.84.44 port 33046 ssh2
Jun 26 00:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Connection closed by 120.48.84.44 port 33046 [preauth]
Jun 26 00:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25518]: Failed password for root from 120.48.84.44 port 33056 ssh2
Jun 26 00:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25518]: Connection closed by 120.48.84.44 port 33056 [preauth]
Jun 26 00:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: Failed password for root from 120.48.84.44 port 34552 ssh2
Jun 26 00:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: Connection closed by 120.48.84.44 port 34552 [preauth]
Jun 26 00:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25531]: Failed password for root from 120.48.84.44 port 34558 ssh2
Jun 26 00:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25531]: Connection closed by 120.48.84.44 port 34558 [preauth]
Jun 26 00:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: Failed password for root from 120.48.84.44 port 34566 ssh2
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: Connection closed by 120.48.84.44 port 34566 [preauth]
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25545]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25606]: Successful su for rubyman by root
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25606]: + ??? root:rubyman
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593454 of user rubyman.
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25606]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593454.
Jun 26 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Invalid user usr1 from 150.241.113.163
Jun 26 00:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: input_userauth_request: invalid user usr1 [preauth]
Jun 26 00:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22904]: pam_unix(cron:session): session closed for user root
Jun 26 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Failed password for root from 120.48.84.44 port 32814 ssh2
Jun 26 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Connection closed by 120.48.84.44 port 32814 [preauth]
Jun 26 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Failed password for invalid user usr1 from 150.241.113.163 port 60372 ssh2
Jun 26 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Received disconnect from 150.241.113.163 port 60372:11: Bye Bye [preauth]
Jun 26 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Disconnected from 150.241.113.163 port 60372 [preauth]
Jun 26 00:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25546]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Failed password for root from 120.48.84.44 port 32818 ssh2
Jun 26 00:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Connection closed by 120.48.84.44 port 32818 [preauth]
Jun 26 00:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25801]: Invalid user lucjan from 103.90.227.203
Jun 26 00:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25801]: input_userauth_request: invalid user lucjan [preauth]
Jun 26 00:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25801]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 00:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25801]: Failed password for invalid user lucjan from 103.90.227.203 port 50354 ssh2
Jun 26 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25801]: Received disconnect from 103.90.227.203 port 50354:11: Bye Bye [preauth]
Jun 26 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25801]: Disconnected from 103.90.227.203 port 50354 [preauth]
Jun 26 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25794]: Failed password for root from 120.48.84.44 port 32830 ssh2
Jun 26 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25794]: Connection closed by 120.48.84.44 port 32830 [preauth]
Jun 26 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: Failed password for root from 120.48.84.44 port 49050 ssh2
Jun 26 00:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: Connection closed by 120.48.84.44 port 49050 [preauth]
Jun 26 00:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: Failed password for root from 120.48.84.44 port 49060 ssh2
Jun 26 00:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: Connection closed by 120.48.84.44 port 49060 [preauth]
Jun 26 00:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25838]: Failed password for root from 120.48.84.44 port 49074 ssh2
Jun 26 00:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25838]: Connection closed by 120.48.84.44 port 49074 [preauth]
Jun 26 00:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.27.12.122  user=root
Jun 26 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: Failed password for root from 125.27.12.122 port 35338 ssh2
Jun 26 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: Connection closed by 125.27.12.122 port 35338 [preauth]
Jun 26 00:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25843]: Failed password for root from 120.48.84.44 port 52878 ssh2
Jun 26 00:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25843]: Connection closed by 120.48.84.44 port 52878 [preauth]
Jun 26 00:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Failed password for root from 120.48.84.44 port 52884 ssh2
Jun 26 00:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Connection closed by 120.48.84.44 port 52884 [preauth]
Jun 26 00:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session closed for user root
Jun 26 00:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Failed password for root from 120.48.84.44 port 50138 ssh2
Jun 26 00:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Connection closed by 120.48.84.44 port 50138 [preauth]
Jun 26 00:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25908]: Failed password for root from 120.48.84.44 port 50142 ssh2
Jun 26 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25908]: Connection closed by 120.48.84.44 port 50142 [preauth]
Jun 26 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Invalid user tunnel from 51.178.114.78
Jun 26 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: input_userauth_request: invalid user tunnel [preauth]
Jun 26 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 00:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Failed password for invalid user tunnel from 51.178.114.78 port 54420 ssh2
Jun 26 00:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Received disconnect from 51.178.114.78 port 54420:11: Bye Bye [preauth]
Jun 26 00:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Disconnected from 51.178.114.78 port 54420 [preauth]
Jun 26 00:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: Failed password for root from 120.48.84.44 port 50156 ssh2
Jun 26 00:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25912]: Connection closed by 120.48.84.44 port 50156 [preauth]
Jun 26 00:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: Failed password for root from 120.48.84.44 port 43634 ssh2
Jun 26 00:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25934]: Connection closed by 120.48.84.44 port 43634 [preauth]
Jun 26 00:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: Failed password for root from 120.48.84.44 port 43648 ssh2
Jun 26 00:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: Connection closed by 120.48.84.44 port 43648 [preauth]
Jun 26 00:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.148.158  user=root
Jun 26 00:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: Failed password for root from 120.48.84.44 port 47138 ssh2
Jun 26 00:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25949]: Connection closed by 120.48.84.44 port 47138 [preauth]
Jun 26 00:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25957]: Failed password for root from 159.65.148.158 port 52474 ssh2
Jun 26 00:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25957]: Connection closed by 159.65.148.158 port 52474 [preauth]
Jun 26 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: Failed password for root from 120.48.84.44 port 47144 ssh2
Jun 26 00:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25960]: Connection closed by 120.48.84.44 port 47144 [preauth]
Jun 26 00:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25982]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26040]: Successful su for rubyman by root
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26040]: + ??? root:rubyman
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593458 of user rubyman.
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26040]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593458.
Jun 26 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Failed password for root from 120.48.84.44 port 47160 ssh2
Jun 26 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Connection closed by 120.48.84.44 port 47160 [preauth]
Jun 26 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134  user=root
Jun 26 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23318]: pam_unix(cron:session): session closed for user root
Jun 26 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Failed password for root from 177.53.215.134 port 40802 ssh2
Jun 26 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Received disconnect from 177.53.215.134 port 40802:11: Bye Bye [preauth]
Jun 26 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Disconnected from 177.53.215.134 port 40802 [preauth]
Jun 26 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25983]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: Failed password for root from 120.48.84.44 port 50604 ssh2
Jun 26 00:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: Connection closed by 120.48.84.44 port 50604 [preauth]
Jun 26 00:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: Failed password for root from 120.48.84.44 port 50610 ssh2
Jun 26 00:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: Connection closed by 120.48.84.44 port 50610 [preauth]
Jun 26 00:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Failed password for root from 120.48.84.44 port 55286 ssh2
Jun 26 00:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Connection closed by 120.48.84.44 port 55286 [preauth]
Jun 26 00:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26264]: Failed password for root from 120.48.84.44 port 57260 ssh2
Jun 26 00:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26264]: Connection closed by 120.48.84.44 port 57260 [preauth]
Jun 26 00:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.21.21.240  user=root
Jun 26 00:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26267]: Failed password for root from 88.21.21.240 port 52028 ssh2
Jun 26 00:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26267]: Connection closed by 88.21.21.240 port 52028 [preauth]
Jun 26 00:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: Failed password for root from 120.48.84.44 port 57270 ssh2
Jun 26 00:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26278]: Connection closed by 120.48.84.44 port 57270 [preauth]
Jun 26 00:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: Failed password for root from 120.48.84.44 port 57284 ssh2
Jun 26 00:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: Connection closed by 120.48.84.44 port 57284 [preauth]
Jun 26 00:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26307]: Failed password for root from 120.48.84.44 port 60034 ssh2
Jun 26 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26307]: Connection closed by 120.48.84.44 port 60034 [preauth]
Jun 26 00:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25135]: pam_unix(cron:session): session closed for user root
Jun 26 00:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26332]: Failed password for root from 120.48.84.44 port 60044 ssh2
Jun 26 00:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26332]: Connection closed by 120.48.84.44 port 60044 [preauth]
Jun 26 00:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Failed password for root from 120.48.84.44 port 60060 ssh2
Jun 26 00:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Connection closed by 120.48.84.44 port 60060 [preauth]
Jun 26 00:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Failed password for root from 120.48.84.44 port 47920 ssh2
Jun 26 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Connection closed by 120.48.84.44 port 47920 [preauth]
Jun 26 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: Failed password for root from 120.48.84.44 port 47936 ssh2
Jun 26 00:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: Connection closed by 120.48.84.44 port 47936 [preauth]
Jun 26 00:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 00:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: Failed password for root from 150.241.113.163 port 47252 ssh2
Jun 26 00:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: Received disconnect from 150.241.113.163 port 47252:11: Bye Bye [preauth]
Jun 26 00:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: Disconnected from 150.241.113.163 port 47252 [preauth]
Jun 26 00:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: Failed password for root from 120.48.84.44 port 47944 ssh2
Jun 26 00:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26378]: Connection closed by 120.48.84.44 port 47944 [preauth]
Jun 26 00:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Failed password for root from 120.48.84.44 port 48396 ssh2
Jun 26 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Connection closed by 120.48.84.44 port 48396 [preauth]
Jun 26 00:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26414]: pam_unix(cron:session): session closed for user root
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26409]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26474]: Successful su for rubyman by root
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26474]: + ??? root:rubyman
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593464 of user rubyman.
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26474]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593464.
Jun 26 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26406]: Failed password for root from 120.48.84.44 port 48412 ssh2
Jun 26 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26406]: Connection closed by 120.48.84.44 port 48412 [preauth]
Jun 26 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23736]: pam_unix(cron:session): session closed for user root
Jun 26 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26411]: pam_unix(cron:session): session closed for user root
Jun 26 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26410]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: Failed password for root from 120.48.84.44 port 40924 ssh2
Jun 26 00:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: Connection closed by 120.48.84.44 port 40924 [preauth]
Jun 26 00:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Failed password for root from 120.48.84.44 port 50836 ssh2
Jun 26 00:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Connection closed by 120.48.84.44 port 50836 [preauth]
Jun 26 00:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 00:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Failed password for root from 103.77.175.15 port 54358 ssh2
Jun 26 00:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Connection closed by 103.77.175.15 port 54358 [preauth]
Jun 26 00:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.224.230  user=root
Jun 26 00:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: Failed password for root from 120.48.84.44 port 57652 ssh2
Jun 26 00:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: Connection closed by 120.48.84.44 port 57652 [preauth]
Jun 26 00:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Failed password for root from 202.29.224.230 port 46819 ssh2
Jun 26 00:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Connection closed by 202.29.224.230 port 46819 [preauth]
Jun 26 00:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25548]: pam_unix(cron:session): session closed for user root
Jun 26 00:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Failed password for root from 120.48.84.44 port 57656 ssh2
Jun 26 00:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Connection closed by 120.48.84.44 port 57656 [preauth]
Jun 26 00:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Failed password for root from 120.48.84.44 port 42756 ssh2
Jun 26 00:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Connection closed by 120.48.84.44 port 42756 [preauth]
Jun 26 00:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: Invalid user kudrethoxha from 103.90.227.203
Jun 26 00:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: input_userauth_request: invalid user kudrethoxha [preauth]
Jun 26 00:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 00:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26885]: Connection closed by 45.148.10.121 port 54956 [preauth]
Jun 26 00:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: Failed password for root from 120.48.84.44 port 42758 ssh2
Jun 26 00:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: Connection closed by 120.48.84.44 port 42758 [preauth]
Jun 26 00:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Invalid user mahima from 51.178.114.78
Jun 26 00:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: input_userauth_request: invalid user mahima [preauth]
Jun 26 00:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 00:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: Failed password for invalid user kudrethoxha from 103.90.227.203 port 59024 ssh2
Jun 26 00:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Failed password for invalid user mahima from 51.178.114.78 port 33120 ssh2
Jun 26 00:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Received disconnect from 51.178.114.78 port 33120:11: Bye Bye [preauth]
Jun 26 00:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Disconnected from 51.178.114.78 port 33120 [preauth]
Jun 26 00:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: Received disconnect from 103.90.227.203 port 59024:11: Bye Bye [preauth]
Jun 26 00:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26881]: Disconnected from 103.90.227.203 port 59024 [preauth]
Jun 26 00:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Failed password for root from 120.48.84.44 port 43928 ssh2
Jun 26 00:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Connection closed by 120.48.84.44 port 43928 [preauth]
Jun 26 00:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: Failed password for root from 120.48.84.44 port 43960 ssh2
Jun 26 00:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26912]: Connection closed by 120.48.84.44 port 43960 [preauth]
Jun 26 00:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.20.215.123  user=root
Jun 26 00:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26946]: Failed password for root from 157.20.215.123 port 42066 ssh2
Jun 26 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26946]: Connection closed by 157.20.215.123 port 42066 [preauth]
Jun 26 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26949]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27016]: Successful su for rubyman by root
Jun 26 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27016]: + ??? root:rubyman
Jun 26 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593467 of user rubyman.
Jun 26 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27016]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593467.
Jun 26 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24255]: pam_unix(cron:session): session closed for user root
Jun 26 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26950]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Invalid user tunnel from 177.53.215.134
Jun 26 00:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: input_userauth_request: invalid user tunnel [preauth]
Jun 26 00:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 00:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Failed password for invalid user tunnel from 177.53.215.134 port 50494 ssh2
Jun 26 00:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Received disconnect from 177.53.215.134 port 50494:11: Bye Bye [preauth]
Jun 26 00:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Disconnected from 177.53.215.134 port 50494 [preauth]
Jun 26 00:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Invalid user mohsen from 150.241.113.163
Jun 26 00:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: input_userauth_request: invalid user mohsen [preauth]
Jun 26 00:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 00:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25985]: pam_unix(cron:session): session closed for user root
Jun 26 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Failed password for invalid user mohsen from 150.241.113.163 port 11132 ssh2
Jun 26 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Received disconnect from 150.241.113.163 port 11132:11: Bye Bye [preauth]
Jun 26 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Disconnected from 150.241.113.163 port 11132 [preauth]
Jun 26 00:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.228.248  user=root
Jun 26 00:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27365]: Failed password for root from 202.29.228.248 port 47076 ssh2
Jun 26 00:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27365]: Connection closed by 202.29.228.248 port 47076 [preauth]
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27384]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27444]: Successful su for rubyman by root
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27444]: + ??? root:rubyman
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593472 of user rubyman.
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27444]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593472.
Jun 26 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24727]: pam_unix(cron:session): session closed for user root
Jun 26 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27385]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.136.248.227  user=root
Jun 26 00:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: Failed password for root from 177.136.248.227 port 57668 ssh2
Jun 26 00:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: Connection closed by 177.136.248.227 port 57668 [preauth]
Jun 26 00:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26413]: pam_unix(cron:session): session closed for user root
Jun 26 00:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Invalid user hlw from 51.178.114.78
Jun 26 00:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: input_userauth_request: invalid user hlw [preauth]
Jun 26 00:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 00:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Failed password for invalid user hlw from 51.178.114.78 port 60426 ssh2
Jun 26 00:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Received disconnect from 51.178.114.78 port 60426:11: Bye Bye [preauth]
Jun 26 00:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Disconnected from 51.178.114.78 port 60426 [preauth]
Jun 26 00:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.69.226.76  user=root
Jun 26 00:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: Failed password for root from 118.69.226.76 port 33704 ssh2
Jun 26 00:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27773]: Connection closed by 118.69.226.76 port 33704 [preauth]
Jun 26 00:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: Failed password for root from 120.48.84.44 port 42230 ssh2
Jun 26 00:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27775]: Connection closed by 120.48.84.44 port 42230 [preauth]
Jun 26 00:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: Failed password for root from 120.48.84.44 port 42232 ssh2
Jun 26 00:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27785]: Connection closed by 120.48.84.44 port 42232 [preauth]
Jun 26 00:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27798]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27864]: Successful su for rubyman by root
Jun 26 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27864]: + ??? root:rubyman
Jun 26 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593476 of user rubyman.
Jun 26 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27864]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593476.
Jun 26 00:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: Failed password for root from 120.48.84.44 port 55194 ssh2
Jun 26 00:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: Connection closed by 120.48.84.44 port 55194 [preauth]
Jun 26 00:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Invalid user usuario2 from 103.90.227.203
Jun 26 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: input_userauth_request: invalid user usuario2 [preauth]
Jun 26 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25134]: pam_unix(cron:session): session closed for user root
Jun 26 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Failed password for invalid user usuario2 from 103.90.227.203 port 50198 ssh2
Jun 26 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Received disconnect from 103.90.227.203 port 50198:11: Bye Bye [preauth]
Jun 26 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Disconnected from 103.90.227.203 port 50198 [preauth]
Jun 26 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: Failed password for root from 120.48.84.44 port 55204 ssh2
Jun 26 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27799]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: Connection closed by 120.48.84.44 port 55204 [preauth]
Jun 26 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 00:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: Failed password for root from 150.241.113.163 port 16098 ssh2
Jun 26 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: Received disconnect from 150.241.113.163 port 16098:11: Bye Bye [preauth]
Jun 26 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: Disconnected from 150.241.113.163 port 16098 [preauth]
Jun 26 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28111]: Failed password for root from 120.48.84.44 port 55208 ssh2
Jun 26 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28111]: Connection closed by 120.48.84.44 port 55208 [preauth]
Jun 26 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Invalid user ubnt from 193.46.255.86
Jun 26 00:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: input_userauth_request: invalid user ubnt [preauth]
Jun 26 00:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 00:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: Failed password for root from 120.48.84.44 port 42142 ssh2
Jun 26 00:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: Connection closed by 120.48.84.44 port 42142 [preauth]
Jun 26 00:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Failed password for invalid user ubnt from 193.46.255.86 port 4550 ssh2
Jun 26 00:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Failed password for invalid user ubnt from 193.46.255.86 port 4550 ssh2
Jun 26 00:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28131]: Failed password for root from 120.48.84.44 port 42144 ssh2
Jun 26 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28131]: Connection closed by 120.48.84.44 port 42144 [preauth]
Jun 26 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Failed password for invalid user ubnt from 193.46.255.86 port 4550 ssh2
Jun 26 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Connection closed by 193.46.255.86 port 4550 [preauth]
Jun 26 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 00:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Failed password for root from 120.48.84.44 port 42152 ssh2
Jun 26 00:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Connection closed by 120.48.84.44 port 42152 [preauth]
Jun 26 00:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.0.84.125  user=root
Jun 26 00:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28168]: Failed password for root from 120.48.84.44 port 35542 ssh2
Jun 26 00:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28168]: Connection closed by 120.48.84.44 port 35542 [preauth]
Jun 26 00:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: Failed password for root from 49.0.84.125 port 37760 ssh2
Jun 26 00:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28170]: Connection closed by 49.0.84.125 port 37760 [preauth]
Jun 26 00:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Failed password for root from 120.48.84.44 port 35556 ssh2
Jun 26 00:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Connection closed by 120.48.84.44 port 35556 [preauth]
Jun 26 00:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28196]: Failed password for root from 120.48.84.44 port 48490 ssh2
Jun 26 00:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28196]: Connection closed by 120.48.84.44 port 48490 [preauth]
Jun 26 00:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26952]: pam_unix(cron:session): session closed for user root
Jun 26 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Failed password for root from 120.48.84.44 port 48502 ssh2
Jun 26 00:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Connection closed by 120.48.84.44 port 48502 [preauth]
Jun 26 00:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: Failed password for root from 120.48.84.44 port 48508 ssh2
Jun 26 00:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: Connection closed by 120.48.84.44 port 48508 [preauth]
Jun 26 00:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: Failed password for root from 120.48.84.44 port 41990 ssh2
Jun 26 00:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: Connection closed by 120.48.84.44 port 41990 [preauth]
Jun 26 00:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: Invalid user sami from 177.53.215.134
Jun 26 00:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: input_userauth_request: invalid user sami [preauth]
Jun 26 00:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 00:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: Failed password for invalid user sami from 177.53.215.134 port 60218 ssh2
Jun 26 00:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: Received disconnect from 177.53.215.134 port 60218:11: Bye Bye [preauth]
Jun 26 00:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: Disconnected from 177.53.215.134 port 60218 [preauth]
Jun 26 00:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.136.54  user=root
Jun 26 00:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Failed password for root from 120.48.84.44 port 42016 ssh2
Jun 26 00:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Connection closed by 120.48.84.44 port 42016 [preauth]
Jun 26 00:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: Failed password for root from 157.230.136.54 port 45806 ssh2
Jun 26 00:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: Connection closed by 157.230.136.54 port 45806 [preauth]
Jun 26 00:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Failed password for root from 120.48.84.44 port 41240 ssh2
Jun 26 00:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Connection closed by 120.48.84.44 port 41240 [preauth]
Jun 26 00:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Failed password for root from 120.48.84.44 port 41250 ssh2
Jun 26 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Connection closed by 120.48.84.44 port 41250 [preauth]
Jun 26 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28358]: Successful su for rubyman by root
Jun 26 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28358]: + ??? root:rubyman
Jun 26 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593479 of user rubyman.
Jun 26 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28358]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593479.
Jun 26 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25547]: pam_unix(cron:session): session closed for user root
Jun 26 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28369]: Failed password for root from 120.48.84.44 port 41974 ssh2
Jun 26 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28369]: Connection closed by 120.48.84.44 port 41974 [preauth]
Jun 26 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: Failed password for root from 120.48.84.44 port 41992 ssh2
Jun 26 00:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28546]: Connection closed by 120.48.84.44 port 41992 [preauth]
Jun 26 00:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: Failed password for root from 120.48.84.44 port 45626 ssh2
Jun 26 00:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: Connection closed by 120.48.84.44 port 45626 [preauth]
Jun 26 00:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: Failed password for root from 120.48.84.44 port 45640 ssh2
Jun 26 00:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28563]: Connection closed by 120.48.84.44 port 45640 [preauth]
Jun 26 00:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.84.44  user=root
Jun 26 00:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: Failed password for root from 120.48.84.44 port 45650 ssh2
Jun 26 00:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28674]: Connection closed by 120.48.84.44 port 45650 [preauth]
Jun 26 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.105.98.252  user=root
Jun 26 00:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: Invalid user yuany from 51.178.114.78
Jun 26 00:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: input_userauth_request: invalid user yuany [preauth]
Jun 26 00:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 00:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: Failed password for root from 202.105.98.252 port 35018 ssh2
Jun 26 00:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: Connection closed by 202.105.98.252 port 35018 [preauth]
Jun 26 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: Failed password for invalid user yuany from 51.178.114.78 port 52434 ssh2
Jun 26 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: Received disconnect from 51.178.114.78 port 52434:11: Bye Bye [preauth]
Jun 26 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: Disconnected from 51.178.114.78 port 52434 [preauth]
Jun 26 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session closed for user root
Jun 26 00:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: Failed password for root from 150.241.113.163 port 48022 ssh2
Jun 26 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: Received disconnect from 150.241.113.163 port 48022:11: Bye Bye [preauth]
Jun 26 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28759]: Disconnected from 150.241.113.163 port 48022 [preauth]
Jun 26 00:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.162.13.50  user=root
Jun 26 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for root from 90.162.13.50 port 55840 ssh2
Jun 26 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Connection closed by 90.162.13.50 port 55840 [preauth]
Jun 26 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28823]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28825]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28826]: pam_unix(cron:session): session closed for user root
Jun 26 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28821]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28898]: Successful su for rubyman by root
Jun 26 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28898]: + ??? root:rubyman
Jun 26 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593486 of user rubyman.
Jun 26 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28898]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593486.
Jun 26 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28823]: pam_unix(cron:session): session closed for user root
Jun 26 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25984]: pam_unix(cron:session): session closed for user root
Jun 26 00:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28822]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Invalid user testuser from 103.90.227.203
Jun 26 00:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: input_userauth_request: invalid user testuser [preauth]
Jun 26 00:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 00:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Failed password for invalid user testuser from 103.90.227.203 port 43474 ssh2
Jun 26 00:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Received disconnect from 103.90.227.203 port 43474:11: Bye Bye [preauth]
Jun 26 00:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Disconnected from 103.90.227.203 port 43474 [preauth]
Jun 26 00:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.130  user=root
Jun 26 00:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: Failed password for root from 202.29.220.130 port 37548 ssh2
Jun 26 00:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: Connection closed by 202.29.220.130 port 37548 [preauth]
Jun 26 00:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27802]: pam_unix(cron:session): session closed for user root
Jun 26 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.193.196  user=root
Jun 26 00:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: Failed password for root from 110.164.193.196 port 57186 ssh2
Jun 26 00:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: Connection closed by 110.164.193.196 port 57186 [preauth]
Jun 26 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Invalid user hlw from 177.53.215.134
Jun 26 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: input_userauth_request: invalid user hlw [preauth]
Jun 26 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29300]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29297]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29362]: Successful su for rubyman by root
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29362]: + ??? root:rubyman
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593490 of user rubyman.
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29362]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593490.
Jun 26 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Failed password for invalid user hlw from 177.53.215.134 port 41712 ssh2
Jun 26 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Received disconnect from 177.53.215.134 port 41712:11: Bye Bye [preauth]
Jun 26 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Disconnected from 177.53.215.134 port 41712 [preauth]
Jun 26 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26412]: pam_unix(cron:session): session closed for user root
Jun 26 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29298]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 00:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29679]: Failed password for root from 150.241.113.163 port 31370 ssh2
Jun 26 00:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29679]: Received disconnect from 150.241.113.163 port 31370:11: Bye Bye [preauth]
Jun 26 00:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29679]: Disconnected from 150.241.113.163 port 31370 [preauth]
Jun 26 00:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.147.26.126  user=root
Jun 26 00:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: Failed password for root from 185.147.26.126 port 44528 ssh2
Jun 26 00:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: Connection closed by 185.147.26.126 port 44528 [preauth]
Jun 26 00:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Invalid user soporte from 51.178.114.78
Jun 26 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: input_userauth_request: invalid user soporte [preauth]
Jun 26 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 00:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Failed password for invalid user soporte from 51.178.114.78 port 38702 ssh2
Jun 26 00:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Received disconnect from 51.178.114.78 port 38702:11: Bye Bye [preauth]
Jun 26 00:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Disconnected from 51.178.114.78 port 38702 [preauth]
Jun 26 00:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28302]: pam_unix(cron:session): session closed for user root
Jun 26 00:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.210.76.170  user=root
Jun 26 00:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Failed password for root from 182.210.76.170 port 33088 ssh2
Jun 26 00:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Connection closed by 182.210.76.170 port 33088 [preauth]
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29858]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: Successful su for rubyman by root
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: + ??? root:rubyman
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593493 of user rubyman.
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593493.
Jun 26 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26951]: pam_unix(cron:session): session closed for user root
Jun 26 00:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.126  user=root
Jun 26 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: Failed password for root from 202.29.220.126 port 63628 ssh2
Jun 26 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: Connection closed by 202.29.220.126 port 63628 [preauth]
Jun 26 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28825]: pam_unix(cron:session): session closed for user root
Jun 26 00:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: Invalid user deploy from 103.90.227.203
Jun 26 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: input_userauth_request: invalid user deploy [preauth]
Jun 26 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 00:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: Failed password for invalid user deploy from 103.90.227.203 port 50482 ssh2
Jun 26 00:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: Received disconnect from 103.90.227.203 port 50482:11: Bye Bye [preauth]
Jun 26 00:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: Disconnected from 103.90.227.203 port 50482 [preauth]
Jun 26 00:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.53.207.106  user=root
Jun 26 00:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: Failed password for root from 182.53.207.106 port 36938 ssh2
Jun 26 00:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: Connection closed by 182.53.207.106 port 36938 [preauth]
Jun 26 00:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Invalid user devops from 150.241.113.163
Jun 26 00:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: input_userauth_request: invalid user devops [preauth]
Jun 26 00:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 00:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for invalid user devops from 150.241.113.163 port 49192 ssh2
Jun 26 00:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Received disconnect from 150.241.113.163 port 49192:11: Bye Bye [preauth]
Jun 26 00:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Disconnected from 150.241.113.163 port 49192 [preauth]
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30285]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30351]: Successful su for rubyman by root
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30351]: + ??? root:rubyman
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593497 of user rubyman.
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30351]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593497.
Jun 26 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session closed for user root
Jun 26 00:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134  user=root
Jun 26 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Failed password for root from 177.53.215.134 port 51410 ssh2
Jun 26 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Received disconnect from 177.53.215.134 port 51410:11: Bye Bye [preauth]
Jun 26 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Disconnected from 177.53.215.134 port 51410 [preauth]
Jun 26 00:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
Jun 26 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Failed password for root from 51.178.114.78 port 56640 ssh2
Jun 26 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Received disconnect from 51.178.114.78 port 56640:11: Bye Bye [preauth]
Jun 26 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Disconnected from 51.178.114.78 port 56640 [preauth]
Jun 26 00:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.117.72.24  user=root
Jun 26 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: Failed password for root from 133.117.72.24 port 36662 ssh2
Jun 26 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30604]: Connection closed by 133.117.72.24 port 36662 [preauth]
Jun 26 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29300]: pam_unix(cron:session): session closed for user root
Jun 26 00:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Invalid user gerardo from 141.98.83.240
Jun 26 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: input_userauth_request: invalid user gerardo [preauth]
Jun 26 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 00:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Failed password for invalid user gerardo from 141.98.83.240 port 27188 ssh2
Jun 26 00:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Failed password for invalid user gerardo from 141.98.83.240 port 27188 ssh2
Jun 26 00:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Failed password for invalid user gerardo from 141.98.83.240 port 27188 ssh2
Jun 26 00:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: Connection closed by 141.98.83.240 port 27188 [preauth]
Jun 26 00:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30706]: pam_unix(cron:session): session closed for user p13x
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30765]: Successful su for rubyman by root
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30765]: + ??? root:rubyman
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593501 of user rubyman.
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30765]: pam_unix(su:session): session closed for user rubyman
Jun 26 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593501.
Jun 26 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session closed for user root
Jun 26 00:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session closed for user samftp
Jun 26 00:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: Invalid user giulia from 150.241.113.163
Jun 26 00:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: input_userauth_request: invalid user giulia [preauth]
Jun 26 00:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29862]: pam_unix(cron:session): session closed for user root
Jun 26 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: Failed password for invalid user giulia from 150.241.113.163 port 30516 ssh2
Jun 26 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: Received disconnect from 150.241.113.163 port 30516:11: Bye Bye [preauth]
Jun 26 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31120]: Disconnected from 150.241.113.163 port 30516 [preauth]
Jun 26 00:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.21.21.240  user=root
Jun 26 00:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 00:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Failed password for root from 88.21.21.240 port 32782 ssh2
Jun 26 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Connection closed by 88.21.21.240 port 32782 [preauth]
Jun 26 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Invalid user aws from 103.90.227.203
Jun 26 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: input_userauth_request: invalid user aws [preauth]
Jun 26 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Failed password for invalid user aws from 103.90.227.203 port 54928 ssh2
Jun 26 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Received disconnect from 103.90.227.203 port 54928:11: Bye Bye [preauth]
Jun 26 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Disconnected from 103.90.227.203 port 54928 [preauth]
Jun 26 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31209]: pam_unix(cron:session): session closed for user root
Jun 26 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session closed for user root
Jun 26 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31295]: Successful su for rubyman by root
Jun 26 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31295]: + ??? root:rubyman
Jun 26 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593507 of user rubyman.
Jun 26 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31295]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593507.
Jun 26 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session closed for user root
Jun 26 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session closed for user root
Jun 26 01:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31204]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Invalid user sami from 51.178.114.78
Jun 26 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: input_userauth_request: invalid user sami [preauth]
Jun 26 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Failed password for invalid user sami from 51.178.114.78 port 44774 ssh2
Jun 26 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Received disconnect from 51.178.114.78 port 44774:11: Bye Bye [preauth]
Jun 26 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Disconnected from 51.178.114.78 port 44774 [preauth]
Jun 26 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Invalid user mahima from 177.53.215.134
Jun 26 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: input_userauth_request: invalid user mahima [preauth]
Jun 26 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Failed password for invalid user mahima from 177.53.215.134 port 32866 ssh2
Jun 26 01:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Received disconnect from 177.53.215.134 port 32866:11: Bye Bye [preauth]
Jun 26 01:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Disconnected from 177.53.215.134 port 32866 [preauth]
Jun 26 01:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.232.118  user=root
Jun 26 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Failed password for root from 202.29.232.118 port 59490 ssh2
Jun 26 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Connection closed by 202.29.232.118 port 59490 [preauth]
Jun 26 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session closed for user root
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31810]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31881]: Successful su for rubyman by root
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31881]: + ??? root:rubyman
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593514 of user rubyman.
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31881]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593514.
Jun 26 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 01:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31868]: Failed password for root from 103.82.132.16 port 47910 ssh2
Jun 26 01:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31868]: Connection closed by 103.82.132.16 port 47910 [preauth]
Jun 26 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28824]: pam_unix(cron:session): session closed for user root
Jun 26 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31811]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 01:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: Failed password for root from 150.241.113.163 port 14246 ssh2
Jun 26 01:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: Received disconnect from 150.241.113.163 port 14246:11: Bye Bye [preauth]
Jun 26 01:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32077]: Disconnected from 150.241.113.163 port 14246 [preauth]
Jun 26 01:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.131.130.11  user=root
Jun 26 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32145]: Failed password for root from 114.131.130.11 port 38298 ssh2
Jun 26 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32145]: Connection closed by 114.131.130.11 port 38298 [preauth]
Jun 26 01:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30709]: pam_unix(cron:session): session closed for user root
Jun 26 01:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 01:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: Failed password for root from 103.27.238.114 port 39284 ssh2
Jun 26 01:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32203]: Connection closed by 103.27.238.114 port 39284 [preauth]
Jun 26 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.232.196  user=root
Jun 26 01:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: Failed password for root from 161.35.232.196 port 35016 ssh2
Jun 26 01:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: Connection closed by 161.35.232.196 port 35016 [preauth]
Jun 26 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32247]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32304]: Successful su for rubyman by root
Jun 26 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32304]: + ??? root:rubyman
Jun 26 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593517 of user rubyman.
Jun 26 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32304]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593517.
Jun 26 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29299]: pam_unix(cron:session): session closed for user root
Jun 26 01:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: Invalid user user from 103.90.227.203
Jun 26 01:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: input_userauth_request: invalid user user [preauth]
Jun 26 01:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: Failed password for invalid user user from 103.90.227.203 port 44428 ssh2
Jun 26 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: Received disconnect from 103.90.227.203 port 44428:11: Bye Bye [preauth]
Jun 26 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: Disconnected from 103.90.227.203 port 44428 [preauth]
Jun 26 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: Invalid user mika from 51.178.114.78
Jun 26 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: input_userauth_request: invalid user mika [preauth]
Jun 26 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: Failed password for invalid user mika from 51.178.114.78 port 42778 ssh2
Jun 26 01:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: Received disconnect from 51.178.114.78 port 42778:11: Bye Bye [preauth]
Jun 26 01:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: Disconnected from 51.178.114.78 port 42778 [preauth]
Jun 26 01:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.193.196  user=root
Jun 26 01:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: Failed password for root from 110.164.193.196 port 35056 ssh2
Jun 26 01:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: Connection closed by 110.164.193.196 port 35056 [preauth]
Jun 26 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: Invalid user mohammad from 177.53.215.134
Jun 26 01:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: input_userauth_request: invalid user mohammad [preauth]
Jun 26 01:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: Failed password for invalid user mohammad from 177.53.215.134 port 42558 ssh2
Jun 26 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31208]: pam_unix(cron:session): session closed for user root
Jun 26 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: Received disconnect from 177.53.215.134 port 42558:11: Bye Bye [preauth]
Jun 26 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: Disconnected from 177.53.215.134 port 42558 [preauth]
Jun 26 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Invalid user git from 150.241.113.163
Jun 26 01:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: input_userauth_request: invalid user git [preauth]
Jun 26 01:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Failed password for invalid user git from 150.241.113.163 port 57238 ssh2
Jun 26 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Received disconnect from 150.241.113.163 port 57238:11: Bye Bye [preauth]
Jun 26 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Disconnected from 150.241.113.163 port 57238 [preauth]
Jun 26 01:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.231.182.3  user=root
Jun 26 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: Failed password for root from 49.231.182.3 port 40604 ssh2
Jun 26 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: Connection closed by 49.231.182.3 port 40604 [preauth]
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32660]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32726]: Successful su for rubyman by root
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32726]: + ??? root:rubyman
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593521 of user rubyman.
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32726]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593521.
Jun 26 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29861]: pam_unix(cron:session): session closed for user root
Jun 26 01:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32661]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.132.34  user=root
Jun 26 01:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Failed password for root from 159.192.132.34 port 57418 ssh2
Jun 26 01:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Connection closed by 159.192.132.34 port 57418 [preauth]
Jun 26 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session closed for user root
Jun 26 01:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.93.112.20  user=root
Jun 26 01:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Failed password for root from 188.93.112.20 port 55762 ssh2
Jun 26 01:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[738]: Connection closed by 188.93.112.20 port 55762 [preauth]
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[750]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[825]: Successful su for rubyman by root
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[825]: + ??? root:rubyman
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593524 of user rubyman.
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[825]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593524.
Jun 26 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session closed for user root
Jun 26 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[751]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
Jun 26 01:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: Failed password for root from 51.178.114.78 port 37294 ssh2
Jun 26 01:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: Received disconnect from 51.178.114.78 port 37294:11: Bye Bye [preauth]
Jun 26 01:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: Disconnected from 51.178.114.78 port 37294 [preauth]
Jun 26 01:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.180.136  user=root
Jun 26 01:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Failed password for root from 165.22.180.136 port 49962 ssh2
Jun 26 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Connection closed by 165.22.180.136 port 49962 [preauth]
Jun 26 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Failed password for root from 150.241.113.163 port 48538 ssh2
Jun 26 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Received disconnect from 150.241.113.163 port 48538:11: Bye Bye [preauth]
Jun 26 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Disconnected from 150.241.113.163 port 48538 [preauth]
Jun 26 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32250]: pam_unix(cron:session): session closed for user root
Jun 26 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1158]: Failed password for root from 103.90.227.203 port 57212 ssh2
Jun 26 01:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1158]: Received disconnect from 103.90.227.203 port 57212:11: Bye Bye [preauth]
Jun 26 01:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1158]: Disconnected from 103.90.227.203 port 57212 [preauth]
Jun 26 01:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Invalid user aliyun from 177.53.215.134
Jun 26 01:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: input_userauth_request: invalid user aliyun [preauth]
Jun 26 01:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Failed password for invalid user aliyun from 177.53.215.134 port 52272 ssh2
Jun 26 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Received disconnect from 177.53.215.134 port 52272:11: Bye Bye [preauth]
Jun 26 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Disconnected from 177.53.215.134 port 52272 [preauth]
Jun 26 01:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.205.184.118  user=root
Jun 26 01:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: Failed password for root from 92.205.184.118 port 55630 ssh2
Jun 26 01:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: Connection closed by 92.205.184.118 port 55630 [preauth]
Jun 26 01:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 01:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: Failed password for root from 143.20.185.207 port 32870 ssh2
Jun 26 01:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1214]: Connection closed by 143.20.185.207 port 32870 [preauth]
Jun 26 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1234]: pam_unix(cron:session): session closed for user root
Jun 26 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: Successful su for rubyman by root
Jun 26 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: + ??? root:rubyman
Jun 26 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593531 of user rubyman.
Jun 26 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593531.
Jun 26 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1231]: pam_unix(cron:session): session closed for user root
Jun 26 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session closed for user root
Jun 26 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1230]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.63.214.90  user=root
Jun 26 01:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1703]: Failed password for root from 211.63.214.90 port 40852 ssh2
Jun 26 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1703]: Connection closed by 211.63.214.90 port 40852 [preauth]
Jun 26 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32663]: pam_unix(cron:session): session closed for user root
Jun 26 01:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.191.141.115  user=root
Jun 26 01:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: Failed password for root from 185.191.141.115 port 36214 ssh2
Jun 26 01:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: Connection closed by 185.191.141.115 port 36214 [preauth]
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1815]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1881]: Successful su for rubyman by root
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1881]: + ??? root:rubyman
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593534 of user rubyman.
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1881]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593534.
Jun 26 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31207]: pam_unix(cron:session): session closed for user root
Jun 26 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1816]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Invalid user mohammad from 51.178.114.78
Jun 26 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: input_userauth_request: invalid user mohammad [preauth]
Jun 26 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2141]: Failed password for root from 150.241.113.163 port 61024 ssh2
Jun 26 01:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2141]: Received disconnect from 150.241.113.163 port 61024:11: Bye Bye [preauth]
Jun 26 01:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2141]: Disconnected from 150.241.113.163 port 61024 [preauth]
Jun 26 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Failed password for invalid user mohammad from 51.178.114.78 port 60876 ssh2
Jun 26 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Received disconnect from 51.178.114.78 port 60876:11: Bye Bye [preauth]
Jun 26 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Disconnected from 51.178.114.78 port 60876 [preauth]
Jun 26 01:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.6  user=root
Jun 26 01:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Failed password for root from 202.29.220.6 port 50752 ssh2
Jun 26 01:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Connection closed by 202.29.220.6 port 50752 [preauth]
Jun 26 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[753]: pam_unix(cron:session): session closed for user root
Jun 26 01:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Invalid user www from 177.53.215.134
Jun 26 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: input_userauth_request: invalid user www [preauth]
Jun 26 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2375]: Successful su for rubyman by root
Jun 26 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2375]: + ??? root:rubyman
Jun 26 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593538 of user rubyman.
Jun 26 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2375]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593538.
Jun 26 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Failed password for root from 103.90.227.203 port 50036 ssh2
Jun 26 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Received disconnect from 103.90.227.203 port 50036:11: Bye Bye [preauth]
Jun 26 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Disconnected from 103.90.227.203 port 50036 [preauth]
Jun 26 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for invalid user www from 177.53.215.134 port 33762 ssh2
Jun 26 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Received disconnect from 177.53.215.134 port 33762:11: Bye Bye [preauth]
Jun 26 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Disconnected from 177.53.215.134 port 33762 [preauth]
Jun 26 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session closed for user root
Jun 26 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2309]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1233]: pam_unix(cron:session): session closed for user root
Jun 26 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2713]: Invalid user abd from 150.241.113.163
Jun 26 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2713]: input_userauth_request: invalid user abd [preauth]
Jun 26 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2713]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2713]: Failed password for invalid user abd from 150.241.113.163 port 31880 ssh2
Jun 26 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.240.87.244  user=root
Jun 26 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2713]: Received disconnect from 150.241.113.163 port 31880:11: Bye Bye [preauth]
Jun 26 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2713]: Disconnected from 150.241.113.163 port 31880 [preauth]
Jun 26 01:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: Failed password for root from 77.240.87.244 port 35174 ssh2
Jun 26 01:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: Connection closed by 77.240.87.244 port 35174 [preauth]
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2743]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2742]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2740]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2805]: Successful su for rubyman by root
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2805]: + ??? root:rubyman
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593542 of user rubyman.
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2805]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593542.
Jun 26 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32249]: pam_unix(cron:session): session closed for user root
Jun 26 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2741]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
Jun 26 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Failed password for root from 51.178.114.78 port 37004 ssh2
Jun 26 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Received disconnect from 51.178.114.78 port 37004:11: Bye Bye [preauth]
Jun 26 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Disconnected from 51.178.114.78 port 37004 [preauth]
Jun 26 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.76.106  user=root
Jun 26 01:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Failed password for root from 51.91.76.106 port 46578 ssh2
Jun 26 01:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Connection closed by 51.91.76.106 port 46578 [preauth]
Jun 26 01:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1818]: pam_unix(cron:session): session closed for user root
Jun 26 01:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.228.248  user=root
Jun 26 01:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for root from 202.29.228.248 port 59334 ssh2
Jun 26 01:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Connection closed by 202.29.228.248 port 59334 [preauth]
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: Successful su for rubyman by root
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: + ??? root:rubyman
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593548 of user rubyman.
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593548.
Jun 26 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3138]: pam_unix(cron:session): session closed for user root
Jun 26 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32662]: pam_unix(cron:session): session closed for user root
Jun 26 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3141]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Invalid user soporte from 177.53.215.134
Jun 26 01:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: input_userauth_request: invalid user soporte [preauth]
Jun 26 01:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Failed password for invalid user soporte from 177.53.215.134 port 43428 ssh2
Jun 26 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Received disconnect from 177.53.215.134 port 43428:11: Bye Bye [preauth]
Jun 26 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Disconnected from 177.53.215.134 port 43428 [preauth]
Jun 26 01:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.99.188.194  user=root
Jun 26 01:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Failed password for root from 103.90.227.203 port 44164 ssh2
Jun 26 01:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Received disconnect from 103.90.227.203 port 44164:11: Bye Bye [preauth]
Jun 26 01:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Disconnected from 103.90.227.203 port 44164 [preauth]
Jun 26 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Failed password for root from 46.99.188.194 port 43296 ssh2
Jun 26 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3529]: Connection closed by 46.99.188.194 port 43296 [preauth]
Jun 26 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2313]: pam_unix(cron:session): session closed for user root
Jun 26 01:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Invalid user user1 from 150.241.113.163
Jun 26 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: input_userauth_request: invalid user user1 [preauth]
Jun 26 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Failed password for invalid user user1 from 150.241.113.163 port 19120 ssh2
Jun 26 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Received disconnect from 150.241.113.163 port 19120:11: Bye Bye [preauth]
Jun 26 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Disconnected from 150.241.113.163 port 19120 [preauth]
Jun 26 01:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 26 01:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: Failed password for root from 46.19.67.181 port 37720 ssh2
Jun 26 01:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: Connection closed by 46.19.67.181 port 37720 [preauth]
Jun 26 01:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.228.248  user=root
Jun 26 01:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Failed password for root from 202.29.228.248 port 38166 ssh2
Jun 26 01:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Connection closed by 202.29.228.248 port 38166 [preauth]
Jun 26 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3638]: pam_unix(cron:session): session closed for user root
Jun 26 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: Successful su for rubyman by root
Jun 26 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: + ??? root:rubyman
Jun 26 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593556 of user rubyman.
Jun 26 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3801]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593556.
Jun 26 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[752]: pam_unix(cron:session): session closed for user root
Jun 26 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session closed for user root
Jun 26 01:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4138]: Invalid user info1 from 51.178.114.78
Jun 26 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4138]: input_userauth_request: invalid user info1 [preauth]
Jun 26 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4138]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4138]: Failed password for invalid user info1 from 51.178.114.78 port 34010 ssh2
Jun 26 01:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4138]: Received disconnect from 51.178.114.78 port 34010:11: Bye Bye [preauth]
Jun 26 01:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4138]: Disconnected from 51.178.114.78 port 34010 [preauth]
Jun 26 01:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.21.21.240  user=root
Jun 26 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4148]: Failed password for root from 88.21.21.240 port 42654 ssh2
Jun 26 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4148]: Connection closed by 88.21.21.240 port 42654 [preauth]
Jun 26 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2743]: pam_unix(cron:session): session closed for user root
Jun 26 01:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.230.5  user=root
Jun 26 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: Failed password for root from 202.29.230.5 port 47238 ssh2
Jun 26 01:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4269]: Connection closed by 202.29.230.5 port 47238 [preauth]
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4352]: Successful su for rubyman by root
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4352]: + ??? root:rubyman
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593560 of user rubyman.
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4352]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593560.
Jun 26 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1232]: pam_unix(cron:session): session closed for user root
Jun 26 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 01:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4557]: Failed password for root from 150.241.113.163 port 26720 ssh2
Jun 26 01:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4557]: Received disconnect from 150.241.113.163 port 26720:11: Bye Bye [preauth]
Jun 26 01:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4557]: Disconnected from 150.241.113.163 port 26720 [preauth]
Jun 26 01:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134  user=root
Jun 26 01:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: Failed password for root from 177.53.215.134 port 53136 ssh2
Jun 26 01:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: Received disconnect from 177.53.215.134 port 53136:11: Bye Bye [preauth]
Jun 26 01:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: Disconnected from 177.53.215.134 port 53136 [preauth]
Jun 26 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.13.207.88  user=root
Jun 26 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3143]: pam_unix(cron:session): session closed for user root
Jun 26 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Failed password for root from 103.13.207.88 port 34212 ssh2
Jun 26 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Connection closed by 103.13.207.88 port 34212 [preauth]
Jun 26 01:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Failed password for root from 103.90.227.203 port 60966 ssh2
Jun 26 01:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Received disconnect from 103.90.227.203 port 60966:11: Bye Bye [preauth]
Jun 26 01:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Disconnected from 103.90.227.203 port 60966 [preauth]
Jun 26 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.74.204  user=root
Jun 26 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Failed password for root from 122.154.74.204 port 44208 ssh2
Jun 26 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Connection closed by 122.154.74.204 port 44208 [preauth]
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4703]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4834]: Successful su for rubyman by root
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4834]: + ??? root:rubyman
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593561 of user rubyman.
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4834]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593561.
Jun 26 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1817]: pam_unix(cron:session): session closed for user root
Jun 26 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4704]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: Invalid user sharepoint from 51.178.114.78
Jun 26 01:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: input_userauth_request: invalid user sharepoint [preauth]
Jun 26 01:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: Failed password for invalid user sharepoint from 51.178.114.78 port 46508 ssh2
Jun 26 01:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: Received disconnect from 51.178.114.78 port 46508:11: Bye Bye [preauth]
Jun 26 01:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5064]: Disconnected from 51.178.114.78 port 46508 [preauth]
Jun 26 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.180.136  user=root
Jun 26 01:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Failed password for root from 165.22.180.136 port 42388 ssh2
Jun 26 01:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Connection closed by 165.22.180.136 port 42388 [preauth]
Jun 26 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3637]: pam_unix(cron:session): session closed for user root
Jun 26 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Invalid user test1 from 150.241.113.163
Jun 26 01:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: input_userauth_request: invalid user test1 [preauth]
Jun 26 01:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.138.20  user=root
Jun 26 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Failed password for invalid user test1 from 150.241.113.163 port 46668 ssh2
Jun 26 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Received disconnect from 150.241.113.163 port 46668:11: Bye Bye [preauth]
Jun 26 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Disconnected from 150.241.113.163 port 46668 [preauth]
Jun 26 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Failed password for root from 139.59.138.20 port 36844 ssh2
Jun 26 01:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Connection closed by 139.59.138.20 port 36844 [preauth]
Jun 26 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5279]: Successful su for rubyman by root
Jun 26 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5279]: + ??? root:rubyman
Jun 26 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593567 of user rubyman.
Jun 26 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5279]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593567.
Jun 26 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session closed for user root
Jun 26 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5215]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.63.214.90  user=root
Jun 26 01:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Failed password for root from 211.63.214.90 port 44032 ssh2
Jun 26 01:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Connection closed by 211.63.214.90 port 44032 [preauth]
Jun 26 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session closed for user root
Jun 26 01:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134  user=root
Jun 26 01:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Failed password for root from 177.53.215.134 port 34628 ssh2
Jun 26 01:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Received disconnect from 177.53.215.134 port 34628:11: Bye Bye [preauth]
Jun 26 01:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Disconnected from 177.53.215.134 port 34628 [preauth]
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5622]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: Successful su for rubyman by root
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: + ??? root:rubyman
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593569 of user rubyman.
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593569.
Jun 26 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2742]: pam_unix(cron:session): session closed for user root
Jun 26 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
Jun 26 01:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5853]: Failed password for root from 51.178.114.78 port 37368 ssh2
Jun 26 01:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5853]: Received disconnect from 51.178.114.78 port 37368:11: Bye Bye [preauth]
Jun 26 01:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5853]: Disconnected from 51.178.114.78 port 37368 [preauth]
Jun 26 01:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5868]: Invalid user user from 103.90.227.203
Jun 26 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5868]: input_userauth_request: invalid user user [preauth]
Jun 26 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5868]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5868]: Failed password for invalid user user from 103.90.227.203 port 35760 ssh2
Jun 26 01:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5868]: Received disconnect from 103.90.227.203 port 35760:11: Bye Bye [preauth]
Jun 26 01:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5868]: Disconnected from 103.90.227.203 port 35760 [preauth]
Jun 26 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Invalid user morris from 2.57.121.112
Jun 26 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: input_userauth_request: invalid user morris [preauth]
Jun 26 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 01:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for invalid user morris from 2.57.121.112 port 29110 ssh2
Jun 26 01:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for invalid user morris from 2.57.121.112 port 29110 ssh2
Jun 26 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for invalid user morris from 2.57.121.112 port 29110 ssh2
Jun 26 01:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.125.169.27  user=root
Jun 26 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Failed password for root from 179.125.169.27 port 59330 ssh2
Jun 26 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Connection closed by 179.125.169.27 port 59330 [preauth]
Jun 26 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for invalid user morris from 2.57.121.112 port 29110 ssh2
Jun 26 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Connection closed by 2.57.121.112 port 29110 [preauth]
Jun 26 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 26 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Invalid user morris from 2.57.121.112
Jun 26 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: input_userauth_request: invalid user morris [preauth]
Jun 26 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Failed password for invalid user morris from 2.57.121.112 port 56782 ssh2
Jun 26 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Connection closed by 2.57.121.112 port 56782 [preauth]
Jun 26 01:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Invalid user testftp from 150.241.113.163
Jun 26 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: input_userauth_request: invalid user testftp [preauth]
Jun 26 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4706]: pam_unix(cron:session): session closed for user root
Jun 26 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Failed password for invalid user testftp from 150.241.113.163 port 64950 ssh2
Jun 26 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Received disconnect from 150.241.113.163 port 64950:11: Bye Bye [preauth]
Jun 26 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Disconnected from 150.241.113.163 port 64950 [preauth]
Jun 26 01:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.225.158  user=root
Jun 26 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: Failed password for root from 202.29.225.158 port 45190 ssh2
Jun 26 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6008]: Connection closed by 202.29.225.158 port 45190 [preauth]
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6032]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session closed for user root
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6093]: Successful su for rubyman by root
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6093]: + ??? root:rubyman
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593573 of user rubyman.
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6093]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593573.
Jun 26 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6030]: pam_unix(cron:session): session closed for user root
Jun 26 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3142]: pam_unix(cron:session): session closed for user root
Jun 26 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.7.203  user=root
Jun 26 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Failed password for root from 181.115.7.203 port 5972 ssh2
Jun 26 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Connection closed by 181.115.7.203 port 5972 [preauth]
Jun 26 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5217]: pam_unix(cron:session): session closed for user root
Jun 26 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Invalid user tidb from 177.53.215.134
Jun 26 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: input_userauth_request: invalid user tidb [preauth]
Jun 26 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Failed password for invalid user tidb from 177.53.215.134 port 44336 ssh2
Jun 26 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Received disconnect from 177.53.215.134 port 44336:11: Bye Bye [preauth]
Jun 26 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Disconnected from 177.53.215.134 port 44336 [preauth]
Jun 26 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.21.21.240  user=root
Jun 26 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Failed password for root from 88.21.21.240 port 45290 ssh2
Jun 26 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Connection closed by 88.21.21.240 port 45290 [preauth]
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6453]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6520]: Successful su for rubyman by root
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6520]: + ??? root:rubyman
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593581 of user rubyman.
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6520]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593581.
Jun 26 01:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: Invalid user guest from 51.178.114.78
Jun 26 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: input_userauth_request: invalid user guest [preauth]
Jun 26 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session closed for user root
Jun 26 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6454]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: Failed password for invalid user guest from 51.178.114.78 port 34664 ssh2
Jun 26 01:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: Received disconnect from 51.178.114.78 port 34664:11: Bye Bye [preauth]
Jun 26 01:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6661]: Disconnected from 51.178.114.78 port 34664 [preauth]
Jun 26 01:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: Invalid user samy from 150.241.113.163
Jun 26 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: input_userauth_request: invalid user samy [preauth]
Jun 26 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: Failed password for invalid user samy from 150.241.113.163 port 21266 ssh2
Jun 26 01:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: Received disconnect from 150.241.113.163 port 21266:11: Bye Bye [preauth]
Jun 26 01:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: Disconnected from 150.241.113.163 port 21266 [preauth]
Jun 26 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Failed password for root from 103.90.227.203 port 48240 ssh2
Jun 26 01:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Received disconnect from 103.90.227.203 port 48240:11: Bye Bye [preauth]
Jun 26 01:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Disconnected from 103.90.227.203 port 48240 [preauth]
Jun 26 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session closed for user root
Jun 26 01:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.89.209  user=root
Jun 26 01:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6863]: Failed password for root from 174.138.89.209 port 53744 ssh2
Jun 26 01:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6863]: Connection closed by 174.138.89.209 port 53744 [preauth]
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6874]: pam_unix(cron:session): session closed for user root
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6876]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: Successful su for rubyman by root
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: + ??? root:rubyman
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593585 of user rubyman.
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593585.
Jun 26 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session closed for user root
Jun 26 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6877]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.118.107.37  user=root
Jun 26 01:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: Failed password for root from 83.118.107.37 port 34228 ssh2
Jun 26 01:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: Connection closed by 83.118.107.37 port 34228 [preauth]
Jun 26 01:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6032]: pam_unix(cron:session): session closed for user root
Jun 26 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Invalid user saga from 150.241.113.163
Jun 26 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: input_userauth_request: invalid user saga [preauth]
Jun 26 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for invalid user saga from 150.241.113.163 port 20700 ssh2
Jun 26 01:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Received disconnect from 150.241.113.163 port 20700:11: Bye Bye [preauth]
Jun 26 01:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Disconnected from 150.241.113.163 port 20700 [preauth]
Jun 26 01:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.180.123.139  user=root
Jun 26 01:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Failed password for root from 180.180.123.139 port 37677 ssh2
Jun 26 01:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Connection closed by 180.180.123.139 port 37677 [preauth]
Jun 26 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7387]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7447]: Successful su for rubyman by root
Jun 26 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7447]: + ??? root:rubyman
Jun 26 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593588 of user rubyman.
Jun 26 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7447]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593588.
Jun 26 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4705]: pam_unix(cron:session): session closed for user root
Jun 26 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7388]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Invalid user app from 51.178.114.78
Jun 26 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: input_userauth_request: invalid user app [preauth]
Jun 26 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Failed password for invalid user app from 51.178.114.78 port 51154 ssh2
Jun 26 01:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Received disconnect from 51.178.114.78 port 51154:11: Bye Bye [preauth]
Jun 26 01:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Disconnected from 51.178.114.78 port 51154 [preauth]
Jun 26 01:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134  user=root
Jun 26 01:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7743]: Failed password for root from 177.53.215.134 port 54034 ssh2
Jun 26 01:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7743]: Received disconnect from 177.53.215.134 port 54034:11: Bye Bye [preauth]
Jun 26 01:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7743]: Disconnected from 177.53.215.134 port 54034 [preauth]
Jun 26 01:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6456]: pam_unix(cron:session): session closed for user root
Jun 26 01:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Invalid user ubuntu from 103.90.227.203
Jun 26 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Failed password for invalid user ubuntu from 103.90.227.203 port 56932 ssh2
Jun 26 01:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Received disconnect from 103.90.227.203 port 56932:11: Bye Bye [preauth]
Jun 26 01:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Disconnected from 103.90.227.203 port 56932 [preauth]
Jun 26 01:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.136.248.227  user=root
Jun 26 01:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: Failed password for root from 177.136.248.227 port 47254 ssh2
Jun 26 01:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: Connection closed by 177.136.248.227 port 47254 [preauth]
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7879]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7937]: Successful su for rubyman by root
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7937]: + ??? root:rubyman
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593593 of user rubyman.
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7937]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593593.
Jun 26 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5216]: pam_unix(cron:session): session closed for user root
Jun 26 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7880]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 01:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: Failed password for root from 103.27.238.116 port 38864 ssh2
Jun 26 01:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8150]: Connection closed by 103.27.238.116 port 38864 [preauth]
Jun 26 01:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.117.243.211  user=root
Jun 26 01:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: Failed password for root from 80.117.243.211 port 52982 ssh2
Jun 26 01:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: Connection closed by 80.117.243.211 port 52982 [preauth]
Jun 26 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6880]: pam_unix(cron:session): session closed for user root
Jun 26 01:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: Invalid user user1 from 150.241.113.163
Jun 26 01:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: input_userauth_request: invalid user user1 [preauth]
Jun 26 01:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: Failed password for invalid user user1 from 150.241.113.163 port 63800 ssh2
Jun 26 01:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: Received disconnect from 150.241.113.163 port 63800:11: Bye Bye [preauth]
Jun 26 01:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: Disconnected from 150.241.113.163 port 63800 [preauth]
Jun 26 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.138.20  user=root
Jun 26 01:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: Failed password for root from 139.59.138.20 port 45560 ssh2
Jun 26 01:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: Connection closed by 139.59.138.20 port 45560 [preauth]
Jun 26 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8277]: pam_unix(cron:session): session closed for user root
Jun 26 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8272]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8340]: Successful su for rubyman by root
Jun 26 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8340]: + ??? root:rubyman
Jun 26 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593599 of user rubyman.
Jun 26 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8340]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593599.
Jun 26 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: Invalid user aliyun from 51.178.114.78
Jun 26 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: input_userauth_request: invalid user aliyun [preauth]
Jun 26 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8274]: pam_unix(cron:session): session closed for user root
Jun 26 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5624]: pam_unix(cron:session): session closed for user root
Jun 26 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: Failed password for invalid user aliyun from 51.178.114.78 port 56732 ssh2
Jun 26 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: Received disconnect from 51.178.114.78 port 56732:11: Bye Bye [preauth]
Jun 26 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: Disconnected from 51.178.114.78 port 56732 [preauth]
Jun 26 01:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8273]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: Invalid user mika from 177.53.215.134
Jun 26 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: input_userauth_request: invalid user mika [preauth]
Jun 26 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: Failed password for invalid user mika from 177.53.215.134 port 35502 ssh2
Jun 26 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: Received disconnect from 177.53.215.134 port 35502:11: Bye Bye [preauth]
Jun 26 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8605]: Disconnected from 177.53.215.134 port 35502 [preauth]
Jun 26 01:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session closed for user root
Jun 26 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.53.207.106  user=root
Jun 26 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: Failed password for root from 182.53.207.106 port 57534 ssh2
Jun 26 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: Connection closed by 182.53.207.106 port 57534 [preauth]
Jun 26 01:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8706]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Failed password for root from 103.90.227.203 port 43682 ssh2
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Received disconnect from 103.90.227.203 port 43682:11: Bye Bye [preauth]
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Disconnected from 103.90.227.203 port 43682 [preauth]
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8783]: Successful su for rubyman by root
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8783]: + ??? root:rubyman
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593602 of user rubyman.
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8783]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593602.
Jun 26 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session closed for user root
Jun 26 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8707]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Invalid user baba from 150.241.113.163
Jun 26 01:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: input_userauth_request: invalid user baba [preauth]
Jun 26 01:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Failed password for invalid user baba from 150.241.113.163 port 12826 ssh2
Jun 26 01:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Received disconnect from 150.241.113.163 port 12826:11: Bye Bye [preauth]
Jun 26 01:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Disconnected from 150.241.113.163 port 12826 [preauth]
Jun 26 01:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.171.25.1  user=root
Jun 26 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Failed password for root from 112.171.25.1 port 61128 ssh2
Jun 26 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Connection closed by 112.171.25.1 port 61128 [preauth]
Jun 26 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7882]: pam_unix(cron:session): session closed for user root
Jun 26 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.76.106  user=root
Jun 26 01:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: Failed password for root from 51.91.76.106 port 40446 ssh2
Jun 26 01:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: Connection closed by 51.91.76.106 port 40446 [preauth]
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9180]: Successful su for rubyman by root
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9180]: + ??? root:rubyman
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593606 of user rubyman.
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9180]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593606.
Jun 26 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6455]: pam_unix(cron:session): session closed for user root
Jun 26 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9123]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
Jun 26 01:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Failed password for root from 51.178.114.78 port 50218 ssh2
Jun 26 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Received disconnect from 51.178.114.78 port 50218:11: Bye Bye [preauth]
Jun 26 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Disconnected from 51.178.114.78 port 50218 [preauth]
Jun 26 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8276]: pam_unix(cron:session): session closed for user root
Jun 26 01:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: Invalid user abcd1234 from 177.53.215.134
Jun 26 01:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: input_userauth_request: invalid user abcd1234 [preauth]
Jun 26 01:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: Failed password for invalid user abcd1234 from 177.53.215.134 port 45178 ssh2
Jun 26 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: Received disconnect from 177.53.215.134 port 45178:11: Bye Bye [preauth]
Jun 26 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: Disconnected from 177.53.215.134 port 45178 [preauth]
Jun 26 01:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.147.26.126  user=root
Jun 26 01:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9496]: Failed password for root from 185.147.26.126 port 53652 ssh2
Jun 26 01:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9496]: Connection closed by 185.147.26.126 port 53652 [preauth]
Jun 26 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9515]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9512]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9572]: Successful su for rubyman by root
Jun 26 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9572]: + ??? root:rubyman
Jun 26 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593612 of user rubyman.
Jun 26 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9572]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593612.
Jun 26 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6879]: pam_unix(cron:session): session closed for user root
Jun 26 01:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9513]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 01:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Failed password for root from 150.241.113.163 port 42336 ssh2
Jun 26 01:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Received disconnect from 150.241.113.163 port 42336:11: Bye Bye [preauth]
Jun 26 01:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Disconnected from 150.241.113.163 port 42336 [preauth]
Jun 26 01:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: Invalid user admin from 2.57.121.25
Jun 26 01:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: input_userauth_request: invalid user admin [preauth]
Jun 26 01:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 01:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: Failed password for invalid user admin from 2.57.121.25 port 29786 ssh2
Jun 26 01:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: Failed password for invalid user admin from 2.57.121.25 port 29786 ssh2
Jun 26 01:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9803]: Failed password for root from 103.90.227.203 port 45608 ssh2
Jun 26 01:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9803]: Received disconnect from 103.90.227.203 port 45608:11: Bye Bye [preauth]
Jun 26 01:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9803]: Disconnected from 103.90.227.203 port 45608 [preauth]
Jun 26 01:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: Failed password for invalid user admin from 2.57.121.25 port 29786 ssh2
Jun 26 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: Connection closed by 2.57.121.25 port 29786 [preauth]
Jun 26 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9793]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 01:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.27.12.122  user=root
Jun 26 01:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: Failed password for root from 125.27.12.122 port 40590 ssh2
Jun 26 01:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9827]: Connection closed by 125.27.12.122 port 40590 [preauth]
Jun 26 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8709]: pam_unix(cron:session): session closed for user root
Jun 26 01:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.236.76  user=root
Jun 26 01:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Failed password for root from 202.29.236.76 port 44870 ssh2
Jun 26 01:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Connection closed by 202.29.236.76 port 44870 [preauth]
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10090]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10157]: Successful su for rubyman by root
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10157]: + ??? root:rubyman
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593614 of user rubyman.
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10157]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593614.
Jun 26 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session closed for user root
Jun 26 01:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10091]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
Jun 26 01:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Failed password for root from 51.178.114.78 port 47094 ssh2
Jun 26 01:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Received disconnect from 51.178.114.78 port 47094:11: Bye Bye [preauth]
Jun 26 01:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Disconnected from 51.178.114.78 port 47094 [preauth]
Jun 26 01:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.6.37  user=root
Jun 26 01:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: Failed password for root from 110.49.6.37 port 59938 ssh2
Jun 26 01:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: Connection closed by 110.49.6.37 port 59938 [preauth]
Jun 26 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9125]: pam_unix(cron:session): session closed for user root
Jun 26 01:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10574]: Invalid user home from 150.241.113.163
Jun 26 01:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10574]: input_userauth_request: invalid user home [preauth]
Jun 26 01:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10574]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10574]: Failed password for invalid user home from 150.241.113.163 port 16570 ssh2
Jun 26 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10574]: Received disconnect from 150.241.113.163 port 16570:11: Bye Bye [preauth]
Jun 26 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10574]: Disconnected from 150.241.113.163 port 16570 [preauth]
Jun 26 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session closed for user root
Jun 26 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10595]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10670]: Successful su for rubyman by root
Jun 26 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10670]: + ??? root:rubyman
Jun 26 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593621 of user rubyman.
Jun 26 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10670]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593621.
Jun 26 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Invalid user dev from 177.53.215.134
Jun 26 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: input_userauth_request: invalid user dev [preauth]
Jun 26 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10597]: pam_unix(cron:session): session closed for user root
Jun 26 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7881]: pam_unix(cron:session): session closed for user root
Jun 26 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Failed password for invalid user dev from 177.53.215.134 port 54874 ssh2
Jun 26 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Received disconnect from 177.53.215.134 port 54874:11: Bye Bye [preauth]
Jun 26 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Disconnected from 177.53.215.134 port 54874 [preauth]
Jun 26 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10596]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 01:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Failed password for root from 143.20.185.207 port 44796 ssh2
Jun 26 01:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Connection closed by 143.20.185.207 port 44796 [preauth]
Jun 26 01:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9515]: pam_unix(cron:session): session closed for user root
Jun 26 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11001]: Failed password for root from 103.90.227.203 port 41832 ssh2
Jun 26 01:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11001]: Received disconnect from 103.90.227.203 port 41832:11: Bye Bye [preauth]
Jun 26 01:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11001]: Disconnected from 103.90.227.203 port 41832 [preauth]
Jun 26 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 01:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Failed password for root from 141.98.83.240 port 9744 ssh2
Jun 26 01:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 01:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.62.111.247  user=root
Jun 26 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Failed password for root from 141.98.83.240 port 9744 ssh2
Jun 26 01:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Failed password for root from 193.37.70.224 port 40720 ssh2
Jun 26 01:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Failed password for root from 211.62.111.247 port 53720 ssh2
Jun 26 01:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Connection closed by 193.37.70.224 port 40720 [preauth]
Jun 26 01:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Connection closed by 211.62.111.247 port 53720 [preauth]
Jun 26 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Failed password for root from 141.98.83.240 port 9744 ssh2
Jun 26 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Connection closed by 141.98.83.240 port 9744 [preauth]
Jun 26 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11067]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11064]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: Invalid user aria from 51.178.114.78
Jun 26 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: input_userauth_request: invalid user aria [preauth]
Jun 26 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11134]: Successful su for rubyman by root
Jun 26 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11134]: + ??? root:rubyman
Jun 26 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593624 of user rubyman.
Jun 26 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11134]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593624.
Jun 26 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: Failed password for invalid user aria from 51.178.114.78 port 56542 ssh2
Jun 26 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: Received disconnect from 51.178.114.78 port 56542:11: Bye Bye [preauth]
Jun 26 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11059]: Disconnected from 51.178.114.78 port 56542 [preauth]
Jun 26 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8275]: pam_unix(cron:session): session closed for user root
Jun 26 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11065]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Invalid user tao from 150.241.113.163
Jun 26 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: input_userauth_request: invalid user tao [preauth]
Jun 26 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Failed password for invalid user tao from 150.241.113.163 port 22766 ssh2
Jun 26 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Received disconnect from 150.241.113.163 port 22766:11: Bye Bye [preauth]
Jun 26 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Disconnected from 150.241.113.163 port 22766 [preauth]
Jun 26 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10093]: pam_unix(cron:session): session closed for user root
Jun 26 01:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.19.232  user=root
Jun 26 01:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Failed password for root from 206.189.19.232 port 52186 ssh2
Jun 26 01:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Connection closed by 206.189.19.232 port 52186 [preauth]
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11555]: Successful su for rubyman by root
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11555]: + ??? root:rubyman
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593628 of user rubyman.
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11555]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593628.
Jun 26 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8708]: pam_unix(cron:session): session closed for user root
Jun 26 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134  user=root
Jun 26 01:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Failed password for root from 177.53.215.134 port 36326 ssh2
Jun 26 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Received disconnect from 177.53.215.134 port 36326:11: Bye Bye [preauth]
Jun 26 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Disconnected from 177.53.215.134 port 36326 [preauth]
Jun 26 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session closed for user root
Jun 26 01:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.244.100  user=root
Jun 26 01:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Failed password for root from 150.241.244.100 port 41472 ssh2
Jun 26 01:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Connection closed by 150.241.244.100 port 41472 [preauth]
Jun 26 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Invalid user tidb from 51.178.114.78
Jun 26 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: input_userauth_request: invalid user tidb [preauth]
Jun 26 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Failed password for invalid user tidb from 51.178.114.78 port 35190 ssh2
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Received disconnect from 51.178.114.78 port 35190:11: Bye Bye [preauth]
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Disconnected from 51.178.114.78 port 35190 [preauth]
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11963]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: Invalid user tempuser from 103.90.227.203
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: input_userauth_request: invalid user tempuser [preauth]
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12025]: Successful su for rubyman by root
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12025]: + ??? root:rubyman
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593633 of user rubyman.
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12025]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593633.
Jun 26 01:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: Failed password for invalid user tempuser from 103.90.227.203 port 35858 ssh2
Jun 26 01:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: Received disconnect from 103.90.227.203 port 35858:11: Bye Bye [preauth]
Jun 26 01:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: Disconnected from 103.90.227.203 port 35858 [preauth]
Jun 26 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9124]: pam_unix(cron:session): session closed for user root
Jun 26 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11964]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12209]: Failed password for root from 150.241.113.163 port 49694 ssh2
Jun 26 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12209]: Received disconnect from 150.241.113.163 port 49694:11: Bye Bye [preauth]
Jun 26 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12209]: Disconnected from 150.241.113.163 port 49694 [preauth]
Jun 26 01:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.235.12  user=root
Jun 26 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: Failed password for root from 202.29.235.12 port 38788 ssh2
Jun 26 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: Connection closed by 202.29.235.12 port 38788 [preauth]
Jun 26 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11067]: pam_unix(cron:session): session closed for user root
Jun 26 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.225.158  user=root
Jun 26 01:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: Failed password for root from 202.29.225.158 port 41764 ssh2
Jun 26 01:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: Connection closed by 202.29.225.158 port 41764 [preauth]
Jun 26 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12488]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12547]: Successful su for rubyman by root
Jun 26 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12547]: + ??? root:rubyman
Jun 26 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593636 of user rubyman.
Jun 26 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12547]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593636.
Jun 26 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9514]: pam_unix(cron:session): session closed for user root
Jun 26 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12489]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 01:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12687]: Failed password for root from 202.178.126.219 port 42286 ssh2
Jun 26 01:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12687]: Connection closed by 202.178.126.219 port 42286 [preauth]
Jun 26 01:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 01:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Failed password for root from 62.133.62.83 port 43204 ssh2
Jun 26 01:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Connection closed by 62.133.62.83 port 43204 [preauth]
Jun 26 01:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 01:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Failed password for root from 77.94.47.83 port 46712 ssh2
Jun 26 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Connection closed by 77.94.47.83 port 46712 [preauth]
Jun 26 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for root from 87.251.79.125 port 53754 ssh2
Jun 26 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Connection closed by 87.251.79.125 port 53754 [preauth]
Jun 26 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Invalid user vendas from 177.53.215.134
Jun 26 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: input_userauth_request: invalid user vendas [preauth]
Jun 26 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.7.203  user=root
Jun 26 01:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Failed password for invalid user vendas from 177.53.215.134 port 46034 ssh2
Jun 26 01:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Received disconnect from 177.53.215.134 port 46034:11: Bye Bye [preauth]
Jun 26 01:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Disconnected from 177.53.215.134 port 46034 [preauth]
Jun 26 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Failed password for root from 181.115.7.203 port 5973 ssh2
Jun 26 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Connection closed by 181.115.7.203 port 5973 [preauth]
Jun 26 01:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session closed for user root
Jun 26 01:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 01:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Failed password for root from 150.241.113.163 port 62876 ssh2
Jun 26 01:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Received disconnect from 150.241.113.163 port 62876:11: Bye Bye [preauth]
Jun 26 01:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Disconnected from 150.241.113.163 port 62876 [preauth]
Jun 26 01:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.68.186.7  user=root
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session closed for user root
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12914]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: Successful su for rubyman by root
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: + ??? root:rubyman
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593640 of user rubyman.
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593640.
Jun 26 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: Failed password for root from 36.68.186.7 port 36812 ssh2
Jun 26 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: Connection closed by 36.68.186.7 port 36812 [preauth]
Jun 26 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session closed for user root
Jun 26 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10092]: pam_unix(cron:session): session closed for user root
Jun 26 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
Jun 26 01:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: Failed password for root from 51.178.114.78 port 48608 ssh2
Jun 26 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: Received disconnect from 51.178.114.78 port 48608:11: Bye Bye [preauth]
Jun 26 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: Disconnected from 51.178.114.78 port 48608 [preauth]
Jun 26 01:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.89.209  user=root
Jun 26 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: Failed password for root from 103.90.227.203 port 39744 ssh2
Jun 26 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: Received disconnect from 103.90.227.203 port 39744:11: Bye Bye [preauth]
Jun 26 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: Disconnected from 103.90.227.203 port 39744 [preauth]
Jun 26 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: Failed password for root from 174.138.89.209 port 41774 ssh2
Jun 26 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13246]: Connection closed by 174.138.89.209 port 41774 [preauth]
Jun 26 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11966]: pam_unix(cron:session): session closed for user root
Jun 26 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: Connection closed by 194.59.206.2 port 35748 [preauth]
Jun 26 01:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 01:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13344]: Failed password for root from 38.93.206.2 port 35852 ssh2
Jun 26 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13344]: Connection closed by 38.93.206.2 port 35852 [preauth]
Jun 26 01:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: Failed password for root from 103.149.28.157 port 52326 ssh2
Jun 26 01:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: Connection closed by 103.149.28.157 port 52326 [preauth]
Jun 26 01:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.27.99.9  user=root
Jun 26 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: Failed password for root from 179.27.99.9 port 39688 ssh2
Jun 26 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: Connection closed by 179.27.99.9 port 39688 [preauth]
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13365]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: Successful su for rubyman by root
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: + ??? root:rubyman
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593647 of user rubyman.
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593647.
Jun 26 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session closed for user root
Jun 26 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13367]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.144.204  user=root
Jun 26 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: Failed password for root from 159.192.144.204 port 49404 ssh2
Jun 26 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: Connection closed by 159.192.144.204 port 49404 [preauth]
Jun 26 01:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163  user=root
Jun 26 01:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: Invalid user guest from 177.53.215.134
Jun 26 01:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: input_userauth_request: invalid user guest [preauth]
Jun 26 01:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: Failed password for root from 150.241.113.163 port 50058 ssh2
Jun 26 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: Received disconnect from 150.241.113.163 port 50058:11: Bye Bye [preauth]
Jun 26 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: Disconnected from 150.241.113.163 port 50058 [preauth]
Jun 26 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12491]: pam_unix(cron:session): session closed for user root
Jun 26 01:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: Failed password for invalid user guest from 177.53.215.134 port 55732 ssh2
Jun 26 01:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: Received disconnect from 177.53.215.134 port 55732:11: Bye Bye [preauth]
Jun 26 01:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: Disconnected from 177.53.215.134 port 55732 [preauth]
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13787]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13848]: Successful su for rubyman by root
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13848]: + ??? root:rubyman
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593652 of user rubyman.
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13848]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593652.
Jun 26 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11066]: pam_unix(cron:session): session closed for user root
Jun 26 01:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13789]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: Invalid user dev from 51.178.114.78
Jun 26 01:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: input_userauth_request: invalid user dev [preauth]
Jun 26 01:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: Failed password for invalid user dev from 51.178.114.78 port 56368 ssh2
Jun 26 01:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: Received disconnect from 51.178.114.78 port 56368:11: Bye Bye [preauth]
Jun 26 01:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: Disconnected from 51.178.114.78 port 56368 [preauth]
Jun 26 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session closed for user root
Jun 26 01:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Invalid user Guest from 103.90.227.203
Jun 26 01:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: input_userauth_request: invalid user Guest [preauth]
Jun 26 01:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Failed password for invalid user Guest from 103.90.227.203 port 60924 ssh2
Jun 26 01:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Received disconnect from 103.90.227.203 port 60924:11: Bye Bye [preauth]
Jun 26 01:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Disconnected from 103.90.227.203 port 60924 [preauth]
Jun 26 01:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 01:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14167]: Failed password for root from 103.82.20.28 port 36546 ssh2
Jun 26 01:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14167]: Connection closed by 103.82.20.28 port 36546 [preauth]
Jun 26 01:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14252]: Successful su for rubyman by root
Jun 26 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14252]: + ??? root:rubyman
Jun 26 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593655 of user rubyman.
Jun 26 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14252]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593655.
Jun 26 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Failed password for root from 194.113.233.25 port 46706 ssh2
Jun 26 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Connection closed by 194.113.233.25 port 46706 [preauth]
Jun 26 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session closed for user root
Jun 26 01:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Invalid user william from 150.241.113.163
Jun 26 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: input_userauth_request: invalid user william [preauth]
Jun 26 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Failed password for invalid user william from 150.241.113.163 port 34316 ssh2
Jun 26 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Received disconnect from 150.241.113.163 port 34316:11: Bye Bye [preauth]
Jun 26 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Disconnected from 150.241.113.163 port 34316 [preauth]
Jun 26 01:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.147.26.126  user=root
Jun 26 01:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: Failed password for root from 185.147.26.126 port 40376 ssh2
Jun 26 01:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14493]: Connection closed by 185.147.26.126 port 40376 [preauth]
Jun 26 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13369]: pam_unix(cron:session): session closed for user root
Jun 26 01:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Invalid user me from 177.53.215.134
Jun 26 01:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: input_userauth_request: invalid user me [preauth]
Jun 26 01:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Failed password for invalid user me from 177.53.215.134 port 37200 ssh2
Jun 26 01:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Received disconnect from 177.53.215.134 port 37200:11: Bye Bye [preauth]
Jun 26 01:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Disconnected from 177.53.215.134 port 37200 [preauth]
Jun 26 01:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.136.248.227  user=root
Jun 26 01:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Failed password for root from 177.136.248.227 port 53254 ssh2
Jun 26 01:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Connection closed by 177.136.248.227 port 53254 [preauth]
Jun 26 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14584]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: Successful su for rubyman by root
Jun 26 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: + ??? root:rubyman
Jun 26 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593658 of user rubyman.
Jun 26 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14694]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593658.
Jun 26 01:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11965]: pam_unix(cron:session): session closed for user root
Jun 26 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Invalid user me from 51.178.114.78
Jun 26 01:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: input_userauth_request: invalid user me [preauth]
Jun 26 01:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Failed password for invalid user me from 51.178.114.78 port 36448 ssh2
Jun 26 01:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Received disconnect from 51.178.114.78 port 36448:11: Bye Bye [preauth]
Jun 26 01:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Disconnected from 51.178.114.78 port 36448 [preauth]
Jun 26 01:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.20.228.110  user=root
Jun 26 01:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14987]: Failed password for root from 1.20.228.110 port 40466 ssh2
Jun 26 01:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14987]: Connection closed by 1.20.228.110 port 40466 [preauth]
Jun 26 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13791]: pam_unix(cron:session): session closed for user root
Jun 26 01:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.126  user=root
Jun 26 01:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15064]: Failed password for root from 202.29.220.126 port 38441 ssh2
Jun 26 01:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15064]: Connection closed by 202.29.220.126 port 38441 [preauth]
Jun 26 01:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: Invalid user id from 103.90.227.203
Jun 26 01:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: input_userauth_request: invalid user id [preauth]
Jun 26 01:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 01:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: Failed password for invalid user id from 103.90.227.203 port 54300 ssh2
Jun 26 01:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: Received disconnect from 103.90.227.203 port 54300:11: Bye Bye [preauth]
Jun 26 01:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: Disconnected from 103.90.227.203 port 54300 [preauth]
Jun 26 01:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Failed password for root from 109.237.96.109 port 37540 ssh2
Jun 26 01:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Connection closed by 109.237.96.109 port 37540 [preauth]
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15097]: pam_unix(cron:session): session closed for user root
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15091]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15163]: Successful su for rubyman by root
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15163]: + ??? root:rubyman
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593662 of user rubyman.
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15163]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593662.
Jun 26 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15094]: pam_unix(cron:session): session closed for user root
Jun 26 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session closed for user root
Jun 26 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15093]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: Invalid user admin from 139.19.117.131
Jun 26 01:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: input_userauth_request: invalid user admin [preauth]
Jun 26 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: Invalid user contabilidad from 150.241.113.163
Jun 26 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: input_userauth_request: invalid user contabilidad [preauth]
Jun 26 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.241.113.163
Jun 26 01:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: Failed password for invalid user contabilidad from 150.241.113.163 port 48842 ssh2
Jun 26 01:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: Received disconnect from 150.241.113.163 port 48842:11: Bye Bye [preauth]
Jun 26 01:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: Disconnected from 150.241.113.163 port 48842 [preauth]
Jun 26 01:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: Connection closed by 139.19.117.131 port 53586 [preauth]
Jun 26 01:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.22.211.47  user=root
Jun 26 01:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: Failed password for root from 77.22.211.47 port 61462 ssh2
Jun 26 01:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15412]: Connection closed by 77.22.211.47 port 61462 [preauth]
Jun 26 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user root
Jun 26 01:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Invalid user admin from 45.148.10.121
Jun 26 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: input_userauth_request: invalid user admin [preauth]
Jun 26 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 01:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Failed password for invalid user admin from 45.148.10.121 port 34532 ssh2
Jun 26 01:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Connection closed by 45.148.10.121 port 34532 [preauth]
Jun 26 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.101.166  user=root
Jun 26 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Failed password for root from 64.227.101.166 port 14462 ssh2
Jun 26 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Connection closed by 64.227.101.166 port 14462 [preauth]
Jun 26 01:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Invalid user info1 from 177.53.215.134
Jun 26 01:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: input_userauth_request: invalid user info1 [preauth]
Jun 26 01:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Failed password for invalid user info1 from 177.53.215.134 port 46906 ssh2
Jun 26 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Received disconnect from 177.53.215.134 port 46906:11: Bye Bye [preauth]
Jun 26 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Disconnected from 177.53.215.134 port 46906 [preauth]
Jun 26 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15589]: Successful su for rubyman by root
Jun 26 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15589]: + ??? root:rubyman
Jun 26 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593669 of user rubyman.
Jun 26 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15589]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593669.
Jun 26 01:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session closed for user root
Jun 26 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Invalid user www from 51.178.114.78
Jun 26 01:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: input_userauth_request: invalid user www [preauth]
Jun 26 01:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Failed password for invalid user www from 51.178.114.78 port 47058 ssh2
Jun 26 01:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Received disconnect from 51.178.114.78 port 47058:11: Bye Bye [preauth]
Jun 26 01:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Disconnected from 51.178.114.78 port 47058 [preauth]
Jun 26 01:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15797]: Connection closed by 144.202.92.17 port 34082 [preauth]
Jun 26 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14587]: pam_unix(cron:session): session closed for user root
Jun 26 01:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.224.166  user=root
Jun 26 01:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: Failed password for root from 202.29.224.166 port 51078 ssh2
Jun 26 01:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: Connection closed by 202.29.224.166 port 51078 [preauth]
Jun 26 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15925]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15924]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15922]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15980]: Successful su for rubyman by root
Jun 26 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15980]: + ??? root:rubyman
Jun 26 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593672 of user rubyman.
Jun 26 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15980]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593672.
Jun 26 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13368]: pam_unix(cron:session): session closed for user root
Jun 26 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15923]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16167]: Failed password for root from 103.90.227.203 port 58796 ssh2
Jun 26 01:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16167]: Received disconnect from 103.90.227.203 port 58796:11: Bye Bye [preauth]
Jun 26 01:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16167]: Disconnected from 103.90.227.203 port 58796 [preauth]
Jun 26 01:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 01:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Failed password for root from 147.45.199.80 port 34774 ssh2
Jun 26 01:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Connection closed by 147.45.199.80 port 34774 [preauth]
Jun 26 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.52.133.47  user=root
Jun 26 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Failed password for root from 176.52.133.47 port 58732 ssh2
Jun 26 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Connection closed by 176.52.133.47 port 58732 [preauth]
Jun 26 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15096]: pam_unix(cron:session): session closed for user root
Jun 26 01:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.13.207.88  user=root
Jun 26 01:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: Failed password for root from 103.13.207.88 port 36944 ssh2
Jun 26 01:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16300]: Connection closed by 103.13.207.88 port 36944 [preauth]
Jun 26 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16321]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16319]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: Successful su for rubyman by root
Jun 26 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: + ??? root:rubyman
Jun 26 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593676 of user rubyman.
Jun 26 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16378]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593676.
Jun 26 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13790]: pam_unix(cron:session): session closed for user root
Jun 26 01:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78  user=root
Jun 26 01:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16566]: Failed password for root from 51.178.114.78 port 55644 ssh2
Jun 26 01:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16566]: Received disconnect from 51.178.114.78 port 55644:11: Bye Bye [preauth]
Jun 26 01:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16566]: Disconnected from 51.178.114.78 port 55644 [preauth]
Jun 26 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134  user=root
Jun 26 01:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Failed password for root from 177.53.215.134 port 56612 ssh2
Jun 26 01:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Received disconnect from 177.53.215.134 port 56612:11: Bye Bye [preauth]
Jun 26 01:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Disconnected from 177.53.215.134 port 56612 [preauth]
Jun 26 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.186.115.74  user=root
Jun 26 01:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: Failed password for root from 211.186.115.74 port 33908 ssh2
Jun 26 01:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16609]: Connection closed by 211.186.115.74 port 33908 [preauth]
Jun 26 01:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15526]: pam_unix(cron:session): session closed for user root
Jun 26 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.235.12  user=root
Jun 26 01:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Failed password for root from 202.29.235.12 port 49188 ssh2
Jun 26 01:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Connection closed by 202.29.235.12 port 49188 [preauth]
Jun 26 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16719]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16721]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16848]: Successful su for rubyman by root
Jun 26 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16848]: + ??? root:rubyman
Jun 26 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593680 of user rubyman.
Jun 26 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16848]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593680.
Jun 26 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16719]: pam_unix(cron:session): session closed for user root
Jun 26 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user root
Jun 26 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: Invalid user snoopy from 43.162.112.238
Jun 26 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: input_userauth_request: invalid user snoopy [preauth]
Jun 26 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: Failed password for invalid user snoopy from 43.162.112.238 port 57456 ssh2
Jun 26 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: Received disconnect from 43.162.112.238 port 57456:11: Bye Bye [preauth]
Jun 26 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: Disconnected from 43.162.112.238 port 57456 [preauth]
Jun 26 01:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.224.230  user=root
Jun 26 01:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: Invalid user user from 103.90.227.203
Jun 26 01:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: input_userauth_request: invalid user user [preauth]
Jun 26 01:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: Failed password for root from 202.29.224.230 port 9831 ssh2
Jun 26 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: Failed password for invalid user user from 103.90.227.203 port 51120 ssh2
Jun 26 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: Connection closed by 202.29.224.230 port 9831 [preauth]
Jun 26 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: Received disconnect from 103.90.227.203 port 51120:11: Bye Bye [preauth]
Jun 26 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: Disconnected from 103.90.227.203 port 51120 [preauth]
Jun 26 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15925]: pam_unix(cron:session): session closed for user root
Jun 26 01:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 01:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Failed password for root from 103.15.222.183 port 37428 ssh2
Jun 26 01:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Connection closed by 103.15.222.183 port 37428 [preauth]
Jun 26 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session closed for user root
Jun 26 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17389]: Successful su for rubyman by root
Jun 26 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17389]: + ??? root:rubyman
Jun 26 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593685 of user rubyman.
Jun 26 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17389]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593685.
Jun 26 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Invalid user sumit from 51.178.114.78
Jun 26 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: input_userauth_request: invalid user sumit [preauth]
Jun 26 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session closed for user root
Jun 26 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session closed for user root
Jun 26 01:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Failed password for invalid user sumit from 51.178.114.78 port 41362 ssh2
Jun 26 01:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Received disconnect from 51.178.114.78 port 41362:11: Bye Bye [preauth]
Jun 26 01:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Disconnected from 51.178.114.78 port 41362 [preauth]
Jun 26 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.117.72.24  user=root
Jun 26 01:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 01:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Failed password for root from 133.117.72.24 port 34654 ssh2
Jun 26 01:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Connection closed by 133.117.72.24 port 34654 [preauth]
Jun 26 01:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: Failed password for root from 51.250.105.222 port 52954 ssh2
Jun 26 01:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: Connection closed by 51.250.105.222 port 52954 [preauth]
Jun 26 01:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Invalid user app from 177.53.215.134
Jun 26 01:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: input_userauth_request: invalid user app [preauth]
Jun 26 01:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Failed password for invalid user app from 177.53.215.134 port 38054 ssh2
Jun 26 01:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Received disconnect from 177.53.215.134 port 38054:11: Bye Bye [preauth]
Jun 26 01:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Disconnected from 177.53.215.134 port 38054 [preauth]
Jun 26 01:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16322]: pam_unix(cron:session): session closed for user root
Jun 26 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17829]: Bad protocol version identification 'GET / HTTP/1.1' from 45.79.207.111 port 45438
Jun 26 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 01:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17831]: Failed password for root from 103.176.20.57 port 36664 ssh2
Jun 26 01:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17831]: Connection closed by 103.176.20.57 port 36664 [preauth]
Jun 26 01:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.19.232  user=root
Jun 26 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17843]: Failed password for root from 206.189.19.232 port 36944 ssh2
Jun 26 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17843]: Connection closed by 206.189.19.232 port 36944 [preauth]
Jun 26 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17868]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17941]: Successful su for rubyman by root
Jun 26 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17941]: + ??? root:rubyman
Jun 26 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593692 of user rubyman.
Jun 26 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17941]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593692.
Jun 26 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15095]: pam_unix(cron:session): session closed for user root
Jun 26 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17869]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.138.20  user=root
Jun 26 01:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: Failed password for root from 139.59.138.20 port 55594 ssh2
Jun 26 01:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: Connection closed by 139.59.138.20 port 55594 [preauth]
Jun 26 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16724]: pam_unix(cron:session): session closed for user root
Jun 26 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 26 01:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Failed password for root from 89.223.69.22 port 40254 ssh2
Jun 26 01:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: Invalid user clinton from 103.90.227.203
Jun 26 01:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: input_userauth_request: invalid user clinton [preauth]
Jun 26 01:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Connection closed by 89.223.69.22 port 40254 [preauth]
Jun 26 01:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: Failed password for invalid user clinton from 103.90.227.203 port 38336 ssh2
Jun 26 01:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: Received disconnect from 103.90.227.203 port 38336:11: Bye Bye [preauth]
Jun 26 01:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: Disconnected from 103.90.227.203 port 38336 [preauth]
Jun 26 01:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.37.174.180  user=root
Jun 26 01:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: Failed password for root from 211.37.174.180 port 63506 ssh2
Jun 26 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18284]: Connection closed by 211.37.174.180 port 63506 [preauth]
Jun 26 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18310]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Invalid user abcd1234 from 51.178.114.78
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: input_userauth_request: invalid user abcd1234 [preauth]
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.114.78
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: Successful su for rubyman by root
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: + ??? root:rubyman
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593697 of user rubyman.
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593697.
Jun 26 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Failed password for invalid user abcd1234 from 51.178.114.78 port 41144 ssh2
Jun 26 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Received disconnect from 51.178.114.78 port 41144:11: Bye Bye [preauth]
Jun 26 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Disconnected from 51.178.114.78 port 41144 [preauth]
Jun 26 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15525]: pam_unix(cron:session): session closed for user root
Jun 26 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 01:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Failed password for root from 103.122.221.179 port 34408 ssh2
Jun 26 01:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Connection closed by 103.122.221.179 port 34408 [preauth]
Jun 26 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session closed for user root
Jun 26 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: Invalid user yuany from 177.53.215.134
Jun 26 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: input_userauth_request: invalid user yuany [preauth]
Jun 26 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: Failed password for invalid user yuany from 177.53.215.134 port 47758 ssh2
Jun 26 01:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: Received disconnect from 177.53.215.134 port 47758:11: Bye Bye [preauth]
Jun 26 01:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: Disconnected from 177.53.215.134 port 47758 [preauth]
Jun 26 01:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.193.195  user=root
Jun 26 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: Failed password for root from 110.164.193.195 port 45286 ssh2
Jun 26 01:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: Connection closed by 110.164.193.195 port 45286 [preauth]
Jun 26 01:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18894]: Successful su for rubyman by root
Jun 26 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18894]: + ??? root:rubyman
Jun 26 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593699 of user rubyman.
Jun 26 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18894]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593699.
Jun 26 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15924]: pam_unix(cron:session): session closed for user root
Jun 26 01:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.131.130.11  user=root
Jun 26 01:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19231]: Failed password for root from 114.131.130.11 port 46448 ssh2
Jun 26 01:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19231]: Connection closed by 114.131.130.11 port 46448 [preauth]
Jun 26 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17871]: pam_unix(cron:session): session closed for user root
Jun 26 01:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.118.107.37  user=root
Jun 26 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19311]: Failed password for root from 83.118.107.37 port 42180 ssh2
Jun 26 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19311]: Connection closed by 83.118.107.37 port 42180 [preauth]
Jun 26 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19331]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19397]: Successful su for rubyman by root
Jun 26 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19397]: + ??? root:rubyman
Jun 26 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593703 of user rubyman.
Jun 26 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19397]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593703.
Jun 26 01:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16321]: pam_unix(cron:session): session closed for user root
Jun 26 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19332]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203  user=root
Jun 26 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: Failed password for root from 103.90.227.203 port 60232 ssh2
Jun 26 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: Received disconnect from 103.90.227.203 port 60232:11: Bye Bye [preauth]
Jun 26 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19772]: Disconnected from 103.90.227.203 port 60232 [preauth]
Jun 26 01:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 01:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.5.7  user=root
Jun 26 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: Failed password for root from 103.77.242.62 port 35724 ssh2
Jun 26 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: Connection closed by 103.77.242.62 port 35724 [preauth]
Jun 26 01:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: Failed password for root from 103.112.5.7 port 35766 ssh2
Jun 26 01:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19832]: Connection closed by 103.112.5.7 port 35766 [preauth]
Jun 26 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session closed for user root
Jun 26 01:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134  user=root
Jun 26 01:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.118.107.46  user=root
Jun 26 01:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Failed password for root from 177.53.215.134 port 57436 ssh2
Jun 26 01:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Received disconnect from 177.53.215.134 port 57436:11: Bye Bye [preauth]
Jun 26 01:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Disconnected from 177.53.215.134 port 57436 [preauth]
Jun 26 01:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: Failed password for root from 83.118.107.46 port 36670 ssh2
Jun 26 01:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19935]: Connection closed by 83.118.107.46 port 36670 [preauth]
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19960]: pam_unix(cron:session): session closed for user root
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19955]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: Successful su for rubyman by root
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: + ??? root:rubyman
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593707 of user rubyman.
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593707.
Jun 26 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19957]: pam_unix(cron:session): session closed for user root
Jun 26 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16723]: pam_unix(cron:session): session closed for user root
Jun 26 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 26 01:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Failed password for root from 193.46.255.86 port 55226 ssh2
Jun 26 01:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 55226 ssh2]
Jun 26 01:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Connection closed by 193.46.255.86 port 55226 [preauth]
Jun 26 01:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 26 01:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.27.99.9  user=root
Jun 26 01:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Failed password for root from 179.27.99.9 port 38998 ssh2
Jun 26 01:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Connection closed by 179.27.99.9 port 38998 [preauth]
Jun 26 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session closed for user root
Jun 26 01:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.193.196  user=root
Jun 26 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Failed password for root from 110.164.193.196 port 41736 ssh2
Jun 26 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Connection closed by 110.164.193.196 port 41736 [preauth]
Jun 26 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20562]: Successful su for rubyman by root
Jun 26 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20562]: + ??? root:rubyman
Jun 26 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593714 of user rubyman.
Jun 26 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20562]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593714.
Jun 26 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session closed for user root
Jun 26 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20496]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.93.112.20  user=root
Jun 26 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: Failed password for root from 188.93.112.20 port 60396 ssh2
Jun 26 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: Connection closed by 188.93.112.20 port 60396 [preauth]
Jun 26 01:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: Invalid user azure from 103.90.227.203
Jun 26 01:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: input_userauth_request: invalid user azure [preauth]
Jun 26 01:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: Failed password for invalid user azure from 103.90.227.203 port 53532 ssh2
Jun 26 01:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: Received disconnect from 103.90.227.203 port 53532:11: Bye Bye [preauth]
Jun 26 01:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: Disconnected from 103.90.227.203 port 53532 [preauth]
Jun 26 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19334]: pam_unix(cron:session): session closed for user root
Jun 26 01:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 01:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: Failed password for root from 143.20.185.207 port 56714 ssh2
Jun 26 01:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: Connection closed by 143.20.185.207 port 56714 [preauth]
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21057]: Successful su for rubyman by root
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21057]: + ??? root:rubyman
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593718 of user rubyman.
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21057]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593718.
Jun 26 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17870]: pam_unix(cron:session): session closed for user root
Jun 26 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Invalid user sumit from 177.53.215.134
Jun 26 01:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: input_userauth_request: invalid user sumit [preauth]
Jun 26 01:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Failed password for invalid user sumit from 177.53.215.134 port 38930 ssh2
Jun 26 01:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Received disconnect from 177.53.215.134 port 38930:11: Bye Bye [preauth]
Jun 26 01:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Disconnected from 177.53.215.134 port 38930 [preauth]
Jun 26 01:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 01:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Failed password for root from 103.172.78.219 port 44250 ssh2
Jun 26 01:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Connection closed by 103.172.78.219 port 44250 [preauth]
Jun 26 01:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19959]: pam_unix(cron:session): session closed for user root
Jun 26 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.20.215.123  user=root
Jun 26 01:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Failed password for root from 157.20.215.123 port 55588 ssh2
Jun 26 01:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Connection closed by 157.20.215.123 port 55588 [preauth]
Jun 26 01:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: Invalid user ve from 43.162.112.238
Jun 26 01:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: input_userauth_request: invalid user ve [preauth]
Jun 26 01:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: Failed password for invalid user ve from 43.162.112.238 port 47272 ssh2
Jun 26 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: Received disconnect from 43.162.112.238 port 47272:11: Bye Bye [preauth]
Jun 26 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21381]: Disconnected from 43.162.112.238 port 47272 [preauth]
Jun 26 01:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.93.112.20  user=root
Jun 26 01:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Failed password for root from 188.93.112.20 port 60756 ssh2
Jun 26 01:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Connection closed by 188.93.112.20 port 60756 [preauth]
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21420]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21486]: Successful su for rubyman by root
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21486]: + ??? root:rubyman
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593722 of user rubyman.
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21486]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593722.
Jun 26 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18312]: pam_unix(cron:session): session closed for user root
Jun 26 01:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21422]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.225.158  user=root
Jun 26 01:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Failed password for root from 202.29.225.158 port 39002 ssh2
Jun 26 01:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Connection closed by 202.29.225.158 port 39002 [preauth]
Jun 26 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session closed for user root
Jun 26 01:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: Invalid user Test from 103.90.227.203
Jun 26 01:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: input_userauth_request: invalid user Test [preauth]
Jun 26 01:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: Failed password for invalid user Test from 103.90.227.203 port 36904 ssh2
Jun 26 01:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: Received disconnect from 103.90.227.203 port 36904:11: Bye Bye [preauth]
Jun 26 01:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21832]: Disconnected from 103.90.227.203 port 36904 [preauth]
Jun 26 01:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.131.130.11  user=root
Jun 26 01:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Failed password for root from 114.131.130.11 port 57100 ssh2
Jun 26 01:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Connection closed by 114.131.130.11 port 57100 [preauth]
Jun 26 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21858]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21920]: Successful su for rubyman by root
Jun 26 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21920]: + ??? root:rubyman
Jun 26 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593726 of user rubyman.
Jun 26 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21920]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593726.
Jun 26 01:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session closed for user root
Jun 26 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21859]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: Invalid user sharepoint from 177.53.215.134
Jun 26 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: input_userauth_request: invalid user sharepoint [preauth]
Jun 26 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.53.215.134
Jun 26 01:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: Failed password for invalid user sharepoint from 177.53.215.134 port 48654 ssh2
Jun 26 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: Received disconnect from 177.53.215.134 port 48654:11: Bye Bye [preauth]
Jun 26 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22143]: Disconnected from 177.53.215.134 port 48654 [preauth]
Jun 26 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.227.153.56  user=root
Jun 26 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for root from 185.227.153.56 port 44186 ssh2
Jun 26 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Connection closed by 185.227.153.56 port 44186 [preauth]
Jun 26 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20997]: pam_unix(cron:session): session closed for user root
Jun 26 01:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Invalid user anket from 43.162.112.238
Jun 26 01:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: input_userauth_request: invalid user anket [preauth]
Jun 26 01:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 01:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Failed password for invalid user anket from 43.162.112.238 port 56744 ssh2
Jun 26 01:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Received disconnect from 43.162.112.238 port 56744:11: Bye Bye [preauth]
Jun 26 01:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Disconnected from 43.162.112.238 port 56744 [preauth]
Jun 26 01:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.27.99.9  user=root
Jun 26 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: Failed password for root from 179.27.99.9 port 55830 ssh2
Jun 26 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: Connection closed by 179.27.99.9 port 55830 [preauth]
Jun 26 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22268]: pam_unix(cron:session): session closed for user root
Jun 26 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22428]: Successful su for rubyman by root
Jun 26 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22428]: + ??? root:rubyman
Jun 26 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593730 of user rubyman.
Jun 26 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22428]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593730.
Jun 26 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19333]: pam_unix(cron:session): session closed for user root
Jun 26 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session closed for user root
Jun 26 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.224.230  user=root
Jun 26 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22692]: Failed password for root from 202.29.224.230 port 41913 ssh2
Jun 26 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22692]: Connection closed by 202.29.224.230 port 41913 [preauth]
Jun 26 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session closed for user root
Jun 26 01:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.135.24.10  user=root
Jun 26 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: Failed password for root from 206.135.24.10 port 37858 ssh2
Jun 26 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: Connection closed by 206.135.24.10 port 37858 [preauth]
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22784]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: Successful su for rubyman by root
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: + ??? root:rubyman
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593736 of user rubyman.
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593736.
Jun 26 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session closed for user root
Jun 26 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22785]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: Invalid user gmodserver from 103.90.227.203
Jun 26 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: input_userauth_request: invalid user gmodserver [preauth]
Jun 26 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: Failed password for invalid user gmodserver from 103.90.227.203 port 54626 ssh2
Jun 26 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: Received disconnect from 103.90.227.203 port 54626:11: Bye Bye [preauth]
Jun 26 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23040]: Disconnected from 103.90.227.203 port 54626 [preauth]
Jun 26 01:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.117.243.211  user=root
Jun 26 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: Failed password for root from 80.117.243.211 port 60888 ssh2
Jun 26 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: Connection closed by 80.117.243.211 port 60888 [preauth]
Jun 26 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21862]: pam_unix(cron:session): session closed for user root
Jun 26 01:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23180]: Invalid user conf from 43.162.112.238
Jun 26 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23180]: input_userauth_request: invalid user conf [preauth]
Jun 26 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23180]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 01:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23180]: Failed password for invalid user conf from 43.162.112.238 port 50906 ssh2
Jun 26 01:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23180]: Received disconnect from 43.162.112.238 port 50906:11: Bye Bye [preauth]
Jun 26 01:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23180]: Disconnected from 43.162.112.238 port 50906 [preauth]
Jun 26 01:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.235.21  user=root
Jun 26 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Failed password for root from 122.154.235.21 port 48500 ssh2
Jun 26 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Connection closed by 122.154.235.21 port 48500 [preauth]
Jun 26 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23205]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23277]: Successful su for rubyman by root
Jun 26 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23277]: + ??? root:rubyman
Jun 26 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593740 of user rubyman.
Jun 26 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23277]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593740.
Jun 26 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session closed for user root
Jun 26 01:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: Failed password for root from 80.66.85.226 port 60170 ssh2
Jun 26 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: Connection closed by 80.66.85.226 port 60170 [preauth]
Jun 26 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23206]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.118.107.37  user=root
Jun 26 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: Failed password for root from 83.118.107.37 port 56642 ssh2
Jun 26 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: Connection closed by 83.118.107.37 port 56642 [preauth]
Jun 26 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session closed for user root
Jun 26 01:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Invalid user emily from 141.98.83.240
Jun 26 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: input_userauth_request: invalid user emily [preauth]
Jun 26 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 01:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Failed password for invalid user emily from 141.98.83.240 port 37042 ssh2
Jun 26 01:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Failed password for invalid user emily from 141.98.83.240 port 37042 ssh2
Jun 26 01:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Failed password for invalid user emily from 141.98.83.240 port 37042 ssh2
Jun 26 01:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Connection closed by 141.98.83.240 port 37042 [preauth]
Jun 26 01:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 01:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.205.184.118  user=root
Jun 26 01:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: Failed password for root from 92.205.184.118 port 49228 ssh2
Jun 26 01:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: Connection closed by 92.205.184.118 port 49228 [preauth]
Jun 26 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23702]: Successful su for rubyman by root
Jun 26 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23702]: + ??? root:rubyman
Jun 26 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593743 of user rubyman.
Jun 26 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23702]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593743.
Jun 26 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20996]: pam_unix(cron:session): session closed for user root
Jun 26 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Invalid user ram from 103.90.227.203
Jun 26 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: input_userauth_request: invalid user ram [preauth]
Jun 26 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.227.203
Jun 26 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Failed password for invalid user ram from 103.90.227.203 port 35502 ssh2
Jun 26 01:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Received disconnect from 103.90.227.203 port 35502:11: Bye Bye [preauth]
Jun 26 01:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Disconnected from 103.90.227.203 port 35502 [preauth]
Jun 26 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22787]: pam_unix(cron:session): session closed for user root
Jun 26 01:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: Invalid user photobook from 43.162.112.238
Jun 26 01:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: input_userauth_request: invalid user photobook [preauth]
Jun 26 01:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 01:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: Failed password for invalid user photobook from 43.162.112.238 port 58544 ssh2
Jun 26 01:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: Received disconnect from 43.162.112.238 port 58544:11: Bye Bye [preauth]
Jun 26 01:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24126]: Disconnected from 43.162.112.238 port 58544 [preauth]
Jun 26 01:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.232.118  user=root
Jun 26 01:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: Failed password for root from 202.29.232.118 port 43478 ssh2
Jun 26 01:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: Connection closed by 202.29.232.118 port 43478 [preauth]
Jun 26 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: Successful su for rubyman by root
Jun 26 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: + ??? root:rubyman
Jun 26 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593747 of user rubyman.
Jun 26 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593747.
Jun 26 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21423]: pam_unix(cron:session): session closed for user root
Jun 26 01:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.125.169.27  user=root
Jun 26 01:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24462]: Failed password for root from 179.125.169.27 port 41747 ssh2
Jun 26 01:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24462]: Connection closed by 179.125.169.27 port 41747 [preauth]
Jun 26 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23208]: pam_unix(cron:session): session closed for user root
Jun 26 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.20.140.252  user=root
Jun 26 01:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: Failed password for root from 1.20.140.252 port 40208 ssh2
Jun 26 01:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: Connection closed by 1.20.140.252 port 40208 [preauth]
Jun 26 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24590]: pam_unix(cron:session): session closed for user root
Jun 26 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24669]: Successful su for rubyman by root
Jun 26 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24669]: + ??? root:rubyman
Jun 26 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593755 of user rubyman.
Jun 26 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24669]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593755.
Jun 26 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session closed for user root
Jun 26 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21860]: pam_unix(cron:session): session closed for user root
Jun 26 01:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.74.205  user=root
Jun 26 01:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Failed password for root from 122.154.74.205 port 37560 ssh2
Jun 26 01:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Connection closed by 122.154.74.205 port 37560 [preauth]
Jun 26 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session closed for user root
Jun 26 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Invalid user ing from 43.162.112.238
Jun 26 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: input_userauth_request: invalid user ing [preauth]
Jun 26 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 01:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Failed password for invalid user ing from 43.162.112.238 port 60238 ssh2
Jun 26 01:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Received disconnect from 43.162.112.238 port 60238:11: Bye Bye [preauth]
Jun 26 01:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Disconnected from 43.162.112.238 port 60238 [preauth]
Jun 26 01:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.101.166  user=root
Jun 26 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25015]: Failed password for root from 64.227.101.166 port 53936 ssh2
Jun 26 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25015]: Connection closed by 64.227.101.166 port 53936 [preauth]
Jun 26 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25035]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25109]: Successful su for rubyman by root
Jun 26 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25109]: + ??? root:rubyman
Jun 26 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593757 of user rubyman.
Jun 26 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25109]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593757.
Jun 26 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session closed for user root
Jun 26 01:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25036]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.180.136  user=root
Jun 26 01:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25347]: Failed password for root from 165.22.180.136 port 44478 ssh2
Jun 26 01:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25347]: Connection closed by 165.22.180.136 port 44478 [preauth]
Jun 26 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user root
Jun 26 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25434]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25499]: Successful su for rubyman by root
Jun 26 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25499]: + ??? root:rubyman
Jun 26 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593761 of user rubyman.
Jun 26 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25499]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593761.
Jun 26 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22786]: pam_unix(cron:session): session closed for user root
Jun 26 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25435]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.52.133.47  user=root
Jun 26 01:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Failed password for root from 176.52.133.47 port 48646 ssh2
Jun 26 01:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Connection closed by 176.52.133.47 port 48646 [preauth]
Jun 26 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24589]: pam_unix(cron:session): session closed for user root
Jun 26 01:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25809]: Invalid user repro from 43.162.112.238
Jun 26 01:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25809]: input_userauth_request: invalid user repro [preauth]
Jun 26 01:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25809]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25809]: Failed password for invalid user repro from 43.162.112.238 port 51314 ssh2
Jun 26 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25809]: Received disconnect from 43.162.112.238 port 51314:11: Bye Bye [preauth]
Jun 26 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25809]: Disconnected from 43.162.112.238 port 51314 [preauth]
Jun 26 01:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.19.114.132  user=root
Jun 26 01:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Failed password for root from 61.19.114.132 port 40094 ssh2
Jun 26 01:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Connection closed by 61.19.114.132 port 40094 [preauth]
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25832]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25891]: Successful su for rubyman by root
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25891]: + ??? root:rubyman
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593766 of user rubyman.
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25891]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593766.
Jun 26 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23207]: pam_unix(cron:session): session closed for user root
Jun 26 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25833]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Failed password for root from 103.153.68.219 port 54626 ssh2
Jun 26 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Connection closed by 103.153.68.219 port 54626 [preauth]
Jun 26 01:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 01:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Failed password for root from 103.27.238.120 port 59504 ssh2
Jun 26 01:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Connection closed by 103.27.238.120 port 59504 [preauth]
Jun 26 01:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.221.2  user=root
Jun 26 01:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Failed password for root from 202.29.221.2 port 37018 ssh2
Jun 26 01:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Connection closed by 202.29.221.2 port 37018 [preauth]
Jun 26 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session closed for user root
Jun 26 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26236]: pam_unix(cron:session): session closed for user p13x
Jun 26 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26300]: Successful su for rubyman by root
Jun 26 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26300]: + ??? root:rubyman
Jun 26 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593769 of user rubyman.
Jun 26 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26300]: pam_unix(su:session): session closed for user rubyman
Jun 26 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593769.
Jun 26 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session closed for user root
Jun 26 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26238]: pam_unix(cron:session): session closed for user samftp
Jun 26 01:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.42.96.25  user=root
Jun 26 01:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Failed password for root from 119.42.96.25 port 53028 ssh2
Jun 26 01:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Connection closed by 119.42.96.25 port 53028 [preauth]
Jun 26 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25437]: pam_unix(cron:session): session closed for user root
Jun 26 01:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Invalid user origin from 43.162.112.238
Jun 26 01:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: input_userauth_request: invalid user origin [preauth]
Jun 26 01:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 01:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 01:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Failed password for invalid user origin from 43.162.112.238 port 38158 ssh2
Jun 26 01:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Received disconnect from 43.162.112.238 port 38158:11: Bye Bye [preauth]
Jun 26 01:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Disconnected from 43.162.112.238 port 38158 [preauth]
Jun 26 01:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 01:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.236.76  user=root
Jun 26 01:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: Failed password for root from 202.29.236.76 port 54624 ssh2
Jun 26 01:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26621]: Connection closed by 202.29.236.76 port 54624 [preauth]
Jun 26 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26638]: pam_unix(cron:session): session closed for user root
Jun 26 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26634]: pam_unix(cron:session): session closed for user root
Jun 26 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26632]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26808]: Successful su for rubyman by root
Jun 26 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26808]: + ??? root:rubyman
Jun 26 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593779 of user rubyman.
Jun 26 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26808]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593779.
Jun 26 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session closed for user root
Jun 26 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26635]: pam_unix(cron:session): session closed for user root
Jun 26 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27034]: Did not receive identification string from 64.89.160.135
Jun 26 02:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.188.187.59  user=root
Jun 26 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: Failed password for root from 196.188.187.59 port 47106 ssh2
Jun 26 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27065]: Connection closed by 196.188.187.59 port 47106 [preauth]
Jun 26 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25835]: pam_unix(cron:session): session closed for user root
Jun 26 02:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.232.196  user=root
Jun 26 02:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: Failed password for root from 161.35.232.196 port 55658 ssh2
Jun 26 02:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: Connection closed by 161.35.232.196 port 55658 [preauth]
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27215]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27300]: Successful su for rubyman by root
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27300]: + ??? root:rubyman
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593780 of user rubyman.
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27300]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593780.
Jun 26 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24588]: pam_unix(cron:session): session closed for user root
Jun 26 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27218]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26240]: pam_unix(cron:session): session closed for user root
Jun 26 02:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Invalid user athletics from 43.162.112.238
Jun 26 02:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: input_userauth_request: invalid user athletics [preauth]
Jun 26 02:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Failed password for invalid user athletics from 43.162.112.238 port 37690 ssh2
Jun 26 02:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Received disconnect from 43.162.112.238 port 37690:11: Bye Bye [preauth]
Jun 26 02:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27625]: Disconnected from 43.162.112.238 port 37690 [preauth]
Jun 26 02:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.171.25.1  user=root
Jun 26 02:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Failed password for root from 112.171.25.1 port 26412 ssh2
Jun 26 02:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27635]: Connection closed by 112.171.25.1 port 26412 [preauth]
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27716]: Successful su for rubyman by root
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27716]: + ??? root:rubyman
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593786 of user rubyman.
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27716]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593786.
Jun 26 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25037]: pam_unix(cron:session): session closed for user root
Jun 26 02:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26637]: pam_unix(cron:session): session closed for user root
Jun 26 02:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.144.206  user=root
Jun 26 02:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: Failed password for root from 159.192.144.206 port 43360 ssh2
Jun 26 02:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: Connection closed by 159.192.144.206 port 43360 [preauth]
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: Successful su for rubyman by root
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: + ??? root:rubyman
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593788 of user rubyman.
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593788.
Jun 26 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25436]: pam_unix(cron:session): session closed for user root
Jun 26 02:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28114]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.191.143  user=root
Jun 26 02:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: Failed password for root from 68.183.191.143 port 49032 ssh2
Jun 26 02:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: Connection closed by 68.183.191.143 port 49032 [preauth]
Jun 26 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session closed for user root
Jun 26 02:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Invalid user ps from 43.162.112.238
Jun 26 02:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: input_userauth_request: invalid user ps [preauth]
Jun 26 02:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.74.204  user=root
Jun 26 02:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Failed password for invalid user ps from 43.162.112.238 port 43778 ssh2
Jun 26 02:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Received disconnect from 43.162.112.238 port 43778:11: Bye Bye [preauth]
Jun 26 02:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Disconnected from 43.162.112.238 port 43778 [preauth]
Jun 26 02:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: Failed password for root from 122.154.74.204 port 57340 ssh2
Jun 26 02:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: Connection closed by 122.154.74.204 port 57340 [preauth]
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28668]: Successful su for rubyman by root
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28668]: + ??? root:rubyman
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593794 of user rubyman.
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28668]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593794.
Jun 26 02:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25834]: pam_unix(cron:session): session closed for user root
Jun 26 02:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.27.12.122  user=root
Jun 26 02:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: Failed password for root from 125.27.12.122 port 57456 ssh2
Jun 26 02:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: Connection closed by 125.27.12.122 port 57456 [preauth]
Jun 26 02:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27658]: pam_unix(cron:session): session closed for user root
Jun 26 02:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.146.182  user=root
Jun 26 02:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: Failed password for root from 152.32.146.182 port 13226 ssh2
Jun 26 02:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29024]: Connection closed by 152.32.146.182 port 13226 [preauth]
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29042]: pam_unix(cron:session): session closed for user root
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29036]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29110]: Successful su for rubyman by root
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29110]: + ??? root:rubyman
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593796 of user rubyman.
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29110]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593796.
Jun 26 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29038]: pam_unix(cron:session): session closed for user root
Jun 26 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session closed for user root
Jun 26 02:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29037]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.117.72.24  user=root
Jun 26 02:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Failed password for root from 133.117.72.24 port 59372 ssh2
Jun 26 02:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Connection closed by 133.117.72.24 port 59372 [preauth]
Jun 26 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session closed for user root
Jun 26 02:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.147.26.126  user=root
Jun 26 02:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29485]: Invalid user c2 from 43.162.112.238
Jun 26 02:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29485]: input_userauth_request: invalid user c2 [preauth]
Jun 26 02:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29485]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: Failed password for root from 185.147.26.126 port 43204 ssh2
Jun 26 02:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: Connection closed by 185.147.26.126 port 43204 [preauth]
Jun 26 02:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29485]: Failed password for invalid user c2 from 43.162.112.238 port 53298 ssh2
Jun 26 02:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29485]: Received disconnect from 43.162.112.238 port 53298:11: Bye Bye [preauth]
Jun 26 02:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29485]: Disconnected from 43.162.112.238 port 53298 [preauth]
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29505]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29661]: Successful su for rubyman by root
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29661]: + ??? root:rubyman
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593803 of user rubyman.
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29661]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593803.
Jun 26 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29506]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26636]: pam_unix(cron:session): session closed for user root
Jun 26 02:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.235.12  user=root
Jun 26 02:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Failed password for root from 202.29.235.12 port 60486 ssh2
Jun 26 02:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Connection closed by 202.29.235.12 port 60486 [preauth]
Jun 26 02:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session closed for user root
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30034]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30103]: Successful su for rubyman by root
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30103]: + ??? root:rubyman
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593806 of user rubyman.
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30103]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593806.
Jun 26 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27219]: pam_unix(cron:session): session closed for user root
Jun 26 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30035]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.191.143  user=root
Jun 26 02:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: Failed password for root from 68.183.191.143 port 58560 ssh2
Jun 26 02:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30368]: Connection closed by 68.183.191.143 port 58560 [preauth]
Jun 26 02:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29041]: pam_unix(cron:session): session closed for user root
Jun 26 02:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.37.174.180  user=root
Jun 26 02:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: Failed password for root from 211.37.174.180 port 12032 ssh2
Jun 26 02:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: Connection closed by 211.37.174.180 port 12032 [preauth]
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30458]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30523]: Successful su for rubyman by root
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30523]: + ??? root:rubyman
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593810 of user rubyman.
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30523]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593810.
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: Invalid user lambda from 43.162.112.238
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: input_userauth_request: invalid user lambda [preauth]
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: Failed password for invalid user lambda from 43.162.112.238 port 34362 ssh2
Jun 26 02:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: Received disconnect from 43.162.112.238 port 34362:11: Bye Bye [preauth]
Jun 26 02:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: Disconnected from 43.162.112.238 port 34362 [preauth]
Jun 26 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27657]: pam_unix(cron:session): session closed for user root
Jun 26 02:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30459]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 02:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for root from 143.20.185.207 port 40388 ssh2
Jun 26 02:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Connection closed by 143.20.185.207 port 40388 [preauth]
Jun 26 02:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 26 02:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Failed password for root from 94.159.110.201 port 38470 ssh2
Jun 26 02:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Connection closed by 94.159.110.201 port 38470 [preauth]
Jun 26 02:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.19.232  user=root
Jun 26 02:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Failed password for root from 206.189.19.232 port 60964 ssh2
Jun 26 02:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Connection closed by 206.189.19.232 port 60964 [preauth]
Jun 26 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29508]: pam_unix(cron:session): session closed for user root
Jun 26 02:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30884]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31097]: Successful su for rubyman by root
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31097]: + ??? root:rubyman
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593816 of user rubyman.
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31097]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593816.
Jun 26 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30879]: pam_unix(cron:session): session closed for user root
Jun 26 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28115]: pam_unix(cron:session): session closed for user root
Jun 26 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.100.212.141  user=root
Jun 26 02:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Failed password for root from 185.100.212.141 port 59506 ssh2
Jun 26 02:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Connection closed by 185.100.212.141 port 59506 [preauth]
Jun 26 02:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30037]: pam_unix(cron:session): session closed for user root
Jun 26 02:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.3.77.254  user=root
Jun 26 02:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Failed password for root from 95.3.77.254 port 57692 ssh2
Jun 26 02:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Connection closed by 95.3.77.254 port 57692 [preauth]
Jun 26 02:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31468]: Invalid user opole from 43.162.112.238
Jun 26 02:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31468]: input_userauth_request: invalid user opole [preauth]
Jun 26 02:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31468]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31468]: Failed password for invalid user opole from 43.162.112.238 port 56632 ssh2
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31468]: Received disconnect from 43.162.112.238 port 56632:11: Bye Bye [preauth]
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31468]: Disconnected from 43.162.112.238 port 56632 [preauth]
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31478]: pam_unix(cron:session): session closed for user root
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31471]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31554]: Successful su for rubyman by root
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31554]: + ??? root:rubyman
Jun 26 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593822 of user rubyman.
Jun 26 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31554]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593822.
Jun 26 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31475]: pam_unix(cron:session): session closed for user root
Jun 26 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session closed for user root
Jun 26 02:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31472]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.76.106  user=root
Jun 26 02:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: Failed password for root from 51.91.76.106 port 47242 ssh2
Jun 26 02:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: Connection closed by 51.91.76.106 port 47242 [preauth]
Jun 26 02:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30461]: pam_unix(cron:session): session closed for user root
Jun 26 02:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.209.126  user=root
Jun 26 02:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Failed password for root from 158.160.209.126 port 34734 ssh2
Jun 26 02:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Connection closed by 158.160.209.126 port 34734 [preauth]
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32019]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32092]: Successful su for rubyman by root
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32092]: + ??? root:rubyman
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593825 of user rubyman.
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32092]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593825.
Jun 26 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29040]: pam_unix(cron:session): session closed for user root
Jun 26 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32020]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30885]: pam_unix(cron:session): session closed for user root
Jun 26 02:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: Invalid user AdminGPON from 45.148.10.121
Jun 26 02:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: input_userauth_request: invalid user AdminGPON [preauth]
Jun 26 02:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 02:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: Failed password for invalid user AdminGPON from 45.148.10.121 port 54780 ssh2
Jun 26 02:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: Connection closed by 45.148.10.121 port 54780 [preauth]
Jun 26 02:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.147.26.126  user=root
Jun 26 02:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: Failed password for root from 185.147.26.126 port 60282 ssh2
Jun 26 02:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: Connection closed by 185.147.26.126 port 60282 [preauth]
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32435]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32505]: Successful su for rubyman by root
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32505]: + ??? root:rubyman
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593830 of user rubyman.
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32505]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593830.
Jun 26 02:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29507]: pam_unix(cron:session): session closed for user root
Jun 26 02:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32436]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Invalid user velocity from 43.162.112.238
Jun 26 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: input_userauth_request: invalid user velocity [preauth]
Jun 26 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user velocity from 43.162.112.238 port 39892 ssh2
Jun 26 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Received disconnect from 43.162.112.238 port 39892:11: Bye Bye [preauth]
Jun 26 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Disconnected from 43.162.112.238 port 39892 [preauth]
Jun 26 02:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.74.204  user=root
Jun 26 02:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Failed password for root from 122.154.74.204 port 51952 ssh2
Jun 26 02:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Connection closed by 122.154.74.204 port 51952 [preauth]
Jun 26 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31477]: pam_unix(cron:session): session closed for user root
Jun 26 02:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.166.144.212  user=root
Jun 26 02:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[375]: Failed password for root from 45.166.144.212 port 37150 ssh2
Jun 26 02:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[375]: Connection closed by 45.166.144.212 port 37150 [preauth]
Jun 26 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[387]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: Successful su for rubyman by root
Jun 26 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: + ??? root:rubyman
Jun 26 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593833 of user rubyman.
Jun 26 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593833.
Jun 26 02:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30036]: pam_unix(cron:session): session closed for user root
Jun 26 02:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[388]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.245.32.125  user=root
Jun 26 02:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Failed password for root from 151.245.32.125 port 45578 ssh2
Jun 26 02:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Connection closed by 151.245.32.125 port 45578 [preauth]
Jun 26 02:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32022]: pam_unix(cron:session): session closed for user root
Jun 26 02:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.176.205.111  user=root
Jun 26 02:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Failed password for root from 74.176.205.111 port 55334 ssh2
Jun 26 02:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Connection closed by 74.176.205.111 port 55334 [preauth]
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[947]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1016]: Successful su for rubyman by root
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1016]: + ??? root:rubyman
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593837 of user rubyman.
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1016]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593837.
Jun 26 02:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30460]: pam_unix(cron:session): session closed for user root
Jun 26 02:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1238]: Invalid user interno from 43.162.112.238
Jun 26 02:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1238]: input_userauth_request: invalid user interno [preauth]
Jun 26 02:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1238]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1238]: Failed password for invalid user interno from 43.162.112.238 port 47494 ssh2
Jun 26 02:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1238]: Received disconnect from 43.162.112.238 port 47494:11: Bye Bye [preauth]
Jun 26 02:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1238]: Disconnected from 43.162.112.238 port 47494 [preauth]
Jun 26 02:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32439]: pam_unix(cron:session): session closed for user root
Jun 26 02:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.84.101.167  user=root
Jun 26 02:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1401]: Failed password for root from 20.84.101.167 port 48166 ssh2
Jun 26 02:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1401]: Connection closed by 20.84.101.167 port 48166 [preauth]
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1443]: pam_unix(cron:session): session closed for user root
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: Successful su for rubyman by root
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: + ??? root:rubyman
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593846 of user rubyman.
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593846.
Jun 26 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1428]: pam_unix(cron:session): session closed for user root
Jun 26 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30884]: pam_unix(cron:session): session closed for user root
Jun 26 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.132.36  user=root
Jun 26 02:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: Failed password for root from 159.192.132.36 port 41892 ssh2
Jun 26 02:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: Connection closed by 159.192.132.36 port 41892 [preauth]
Jun 26 02:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[390]: pam_unix(cron:session): session closed for user root
Jun 26 02:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.117.243.211  user=root
Jun 26 02:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Failed password for root from 80.117.243.211 port 39920 ssh2
Jun 26 02:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Connection closed by 80.117.243.211 port 39920 [preauth]
Jun 26 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2035]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2116]: Successful su for rubyman by root
Jun 26 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2116]: + ??? root:rubyman
Jun 26 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593849 of user rubyman.
Jun 26 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2116]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593849.
Jun 26 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Invalid user wwww from 43.162.112.238
Jun 26 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: input_userauth_request: invalid user wwww [preauth]
Jun 26 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31476]: pam_unix(cron:session): session closed for user root
Jun 26 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2036]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for invalid user wwww from 43.162.112.238 port 46370 ssh2
Jun 26 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Received disconnect from 43.162.112.238 port 46370:11: Bye Bye [preauth]
Jun 26 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Disconnected from 43.162.112.238 port 46370 [preauth]
Jun 26 02:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.180.136  user=root
Jun 26 02:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Failed password for root from 165.22.180.136 port 56834 ssh2
Jun 26 02:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Connection closed by 165.22.180.136 port 56834 [preauth]
Jun 26 02:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[950]: pam_unix(cron:session): session closed for user root
Jun 26 02:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.166.144.212  user=root
Jun 26 02:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 26 02:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2469]: Failed password for root from 45.166.144.212 port 54228 ssh2
Jun 26 02:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2469]: Connection closed by 45.166.144.212 port 54228 [preauth]
Jun 26 02:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Failed password for root from 147.45.211.215 port 41956 ssh2
Jun 26 02:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Connection closed by 147.45.211.215 port 41956 [preauth]
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2482]: pam_unix(cron:session): session closed for user root
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2484]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2555]: Successful su for rubyman by root
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2555]: + ??? root:rubyman
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593853 of user rubyman.
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2555]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593853.
Jun 26 02:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32021]: pam_unix(cron:session): session closed for user root
Jun 26 02:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1431]: pam_unix(cron:session): session closed for user root
Jun 26 02:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 02:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: Failed password for root from 38.93.206.2 port 35676 ssh2
Jun 26 02:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: Connection closed by 38.93.206.2 port 35676 [preauth]
Jun 26 02:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.42.96.25  user=root
Jun 26 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2976]: Successful su for rubyman by root
Jun 26 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2976]: + ??? root:rubyman
Jun 26 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593856 of user rubyman.
Jun 26 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2976]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593856.
Jun 26 02:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: Failed password for root from 119.42.96.25 port 52050 ssh2
Jun 26 02:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: Connection closed by 119.42.96.25 port 52050 [preauth]
Jun 26 02:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32438]: pam_unix(cron:session): session closed for user root
Jun 26 02:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Invalid user gs from 43.162.112.238
Jun 26 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: input_userauth_request: invalid user gs [preauth]
Jun 26 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Failed password for invalid user gs from 43.162.112.238 port 55878 ssh2
Jun 26 02:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Received disconnect from 43.162.112.238 port 55878:11: Bye Bye [preauth]
Jun 26 02:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Disconnected from 43.162.112.238 port 55878 [preauth]
Jun 26 02:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.118.107.37  user=root
Jun 26 02:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: Failed password for root from 83.118.107.37 port 42984 ssh2
Jun 26 02:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: Connection closed by 83.118.107.37 port 42984 [preauth]
Jun 26 02:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2038]: pam_unix(cron:session): session closed for user root
Jun 26 02:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.99.188.194  user=root
Jun 26 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: Failed password for root from 46.99.188.194 port 43214 ssh2
Jun 26 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: Connection closed by 46.99.188.194 port 43214 [preauth]
Jun 26 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3310]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3370]: Successful su for rubyman by root
Jun 26 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3370]: + ??? root:rubyman
Jun 26 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593862 of user rubyman.
Jun 26 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3370]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593862.
Jun 26 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[389]: pam_unix(cron:session): session closed for user root
Jun 26 02:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.77.131.229  user=root
Jun 26 02:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2488]: pam_unix(cron:session): session closed for user root
Jun 26 02:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: Failed password for root from 110.77.131.229 port 57592 ssh2
Jun 26 02:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: Connection closed by 110.77.131.229 port 57592 [preauth]
Jun 26 02:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Invalid user testuser from 141.98.83.240
Jun 26 02:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: input_userauth_request: invalid user testuser [preauth]
Jun 26 02:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 02:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Failed password for invalid user testuser from 141.98.83.240 port 53076 ssh2
Jun 26 02:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Failed password for invalid user testuser from 141.98.83.240 port 53076 ssh2
Jun 26 02:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Failed password for invalid user testuser from 141.98.83.240 port 53076 ssh2
Jun 26 02:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Connection closed by 141.98.83.240 port 53076 [preauth]
Jun 26 02:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3805]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3806]: pam_unix(cron:session): session closed for user root
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3801]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3922]: Successful su for rubyman by root
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3922]: + ??? root:rubyman
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593866 of user rubyman.
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3922]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593866.
Jun 26 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3803]: pam_unix(cron:session): session closed for user root
Jun 26 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session closed for user root
Jun 26 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3802]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Invalid user clark from 43.162.112.238
Jun 26 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: input_userauth_request: invalid user clark [preauth]
Jun 26 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Failed password for invalid user clark from 43.162.112.238 port 44166 ssh2
Jun 26 02:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Received disconnect from 43.162.112.238 port 44166:11: Bye Bye [preauth]
Jun 26 02:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Disconnected from 43.162.112.238 port 44166 [preauth]
Jun 26 02:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.231.182.3  user=root
Jun 26 02:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4244]: Failed password for root from 49.231.182.3 port 50200 ssh2
Jun 26 02:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4244]: Connection closed by 49.231.182.3 port 50200 [preauth]
Jun 26 02:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session closed for user root
Jun 26 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4357]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4422]: Successful su for rubyman by root
Jun 26 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4422]: + ??? root:rubyman
Jun 26 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593870 of user rubyman.
Jun 26 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4422]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593870.
Jun 26 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1430]: pam_unix(cron:session): session closed for user root
Jun 26 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.20.140.252  user=root
Jun 26 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4358]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Failed password for root from 1.20.140.252 port 46206 ssh2
Jun 26 02:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Connection closed by 1.20.140.252 port 46206 [preauth]
Jun 26 02:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Invalid user admin from 2.57.121.25
Jun 26 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: input_userauth_request: invalid user admin [preauth]
Jun 26 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 02:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Failed password for invalid user admin from 2.57.121.25 port 21418 ssh2
Jun 26 02:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Failed password for invalid user admin from 2.57.121.25 port 21418 ssh2
Jun 26 02:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Failed password for invalid user admin from 2.57.121.25 port 21418 ssh2
Jun 26 02:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Connection closed by 2.57.121.25 port 21418 [preauth]
Jun 26 02:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 02:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.5.35  user=root
Jun 26 02:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Failed password for root from 103.112.5.35 port 36058 ssh2
Jun 26 02:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Connection closed by 103.112.5.35 port 36058 [preauth]
Jun 26 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session closed for user root
Jun 26 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.84.101.167  user=root
Jun 26 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4839]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4940]: Successful su for rubyman by root
Jun 26 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4940]: + ??? root:rubyman
Jun 26 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593875 of user rubyman.
Jun 26 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4940]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593875.
Jun 26 02:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: Failed password for root from 20.84.101.167 port 38884 ssh2
Jun 26 02:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: Connection closed by 20.84.101.167 port 38884 [preauth]
Jun 26 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2037]: pam_unix(cron:session): session closed for user root
Jun 26 02:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4840]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: Invalid user pdu from 43.162.112.238
Jun 26 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: input_userauth_request: invalid user pdu [preauth]
Jun 26 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: Failed password for invalid user pdu from 43.162.112.238 port 41034 ssh2
Jun 26 02:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: Received disconnect from 43.162.112.238 port 41034:11: Bye Bye [preauth]
Jun 26 02:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5128]: Disconnected from 43.162.112.238 port 41034 [preauth]
Jun 26 02:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.193.152.133  user=root
Jun 26 02:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Failed password for root from 20.193.152.133 port 48190 ssh2
Jun 26 02:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Connection closed by 20.193.152.133 port 48190 [preauth]
Jun 26 02:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3805]: pam_unix(cron:session): session closed for user root
Jun 26 02:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.100.67.250  user=root
Jun 26 02:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: Failed password for root from 171.100.67.250 port 53056 ssh2
Jun 26 02:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: Connection closed by 171.100.67.250 port 53056 [preauth]
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5286]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5355]: Successful su for rubyman by root
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5355]: + ??? root:rubyman
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593878 of user rubyman.
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5355]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593878.
Jun 26 02:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2487]: pam_unix(cron:session): session closed for user root
Jun 26 02:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5287]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.209.126  user=root
Jun 26 02:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: Failed password for root from 158.160.209.126 port 51030 ssh2
Jun 26 02:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: Connection closed by 158.160.209.126 port 51030 [preauth]
Jun 26 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4360]: pam_unix(cron:session): session closed for user root
Jun 26 02:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.74.204  user=root
Jun 26 02:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Failed password for root from 122.154.74.204 port 58308 ssh2
Jun 26 02:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Connection closed by 122.154.74.204 port 58308 [preauth]
Jun 26 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5687]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5753]: Successful su for rubyman by root
Jun 26 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5753]: + ??? root:rubyman
Jun 26 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593882 of user rubyman.
Jun 26 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5753]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593882.
Jun 26 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session closed for user root
Jun 26 02:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Invalid user bux from 43.162.112.238
Jun 26 02:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: input_userauth_request: invalid user bux [preauth]
Jun 26 02:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.162.112.238
Jun 26 02:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Failed password for invalid user bux from 43.162.112.238 port 58418 ssh2
Jun 26 02:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Received disconnect from 43.162.112.238 port 58418:11: Bye Bye [preauth]
Jun 26 02:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Disconnected from 43.162.112.238 port 58418 [preauth]
Jun 26 02:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4842]: pam_unix(cron:session): session closed for user root
Jun 26 02:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.5.35  user=root
Jun 26 02:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: Failed password for root from 103.112.5.35 port 37716 ssh2
Jun 26 02:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: Connection closed by 103.112.5.35 port 37716 [preauth]
Jun 26 02:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.176.205.111  user=root
Jun 26 02:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Failed password for root from 74.176.205.111 port 43560 ssh2
Jun 26 02:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Connection closed by 74.176.205.111 port 43560 [preauth]
Jun 26 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session closed for user root
Jun 26 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6156]: Successful su for rubyman by root
Jun 26 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6156]: + ??? root:rubyman
Jun 26 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593887 of user rubyman.
Jun 26 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6156]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593887.
Jun 26 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session closed for user root
Jun 26 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3312]: pam_unix(cron:session): session closed for user root
Jun 26 02:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6086]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.144.204  user=root
Jun 26 02:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6422]: Failed password for root from 159.192.144.204 port 48762 ssh2
Jun 26 02:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6422]: Connection closed by 159.192.144.204 port 48762 [preauth]
Jun 26 02:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5289]: pam_unix(cron:session): session closed for user root
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6508]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6577]: Successful su for rubyman by root
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6577]: + ??? root:rubyman
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593892 of user rubyman.
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6577]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593892.
Jun 26 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.62.111.247  user=root
Jun 26 02:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Failed password for root from 211.62.111.247 port 53022 ssh2
Jun 26 02:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Connection closed by 211.62.111.247 port 53022 [preauth]
Jun 26 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3804]: pam_unix(cron:session): session closed for user root
Jun 26 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6510]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.123.141.251  user=root
Jun 26 02:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: Failed password for root from 121.123.141.251 port 36272 ssh2
Jun 26 02:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: Connection closed by 121.123.141.251 port 36272 [preauth]
Jun 26 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session closed for user root
Jun 26 02:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.5.35  user=root
Jun 26 02:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Failed password for root from 103.112.5.35 port 49590 ssh2
Jun 26 02:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Connection closed by 103.112.5.35 port 49590 [preauth]
Jun 26 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6935]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6936]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6931]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7024]: Successful su for rubyman by root
Jun 26 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7024]: + ??? root:rubyman
Jun 26 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593897 of user rubyman.
Jun 26 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7024]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593897.
Jun 26 02:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4359]: pam_unix(cron:session): session closed for user root
Jun 26 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6934]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session closed for user root
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7430]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: Successful su for rubyman by root
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: + ??? root:rubyman
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593900 of user rubyman.
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593900.
Jun 26 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.37.174.180  user=root
Jun 26 02:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Failed password for root from 211.37.174.180 port 24220 ssh2
Jun 26 02:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Connection closed by 211.37.174.180 port 24220 [preauth]
Jun 26 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4841]: pam_unix(cron:session): session closed for user root
Jun 26 02:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7431]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session closed for user root
Jun 26 02:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.62.111.247  user=root
Jun 26 02:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: Failed password for root from 211.62.111.247 port 57604 ssh2
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: Connection closed by 211.62.111.247 port 57604 [preauth]
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7920]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7917]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: Successful su for rubyman by root
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: + ??? root:rubyman
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593904 of user rubyman.
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593904.
Jun 26 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5288]: pam_unix(cron:session): session closed for user root
Jun 26 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7918]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.125.152.18  user=root
Jun 26 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: Failed password for root from 135.125.152.18 port 47540 ssh2
Jun 26 02:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8211]: Connection closed by 135.125.152.18 port 47540 [preauth]
Jun 26 02:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 02:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Failed password for root from 143.20.185.207 port 52310 ssh2
Jun 26 02:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8221]: Connection closed by 143.20.185.207 port 52310 [preauth]
Jun 26 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6936]: pam_unix(cron:session): session closed for user root
Jun 26 02:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: Failed password for root from 103.77.175.15 port 36598 ssh2
Jun 26 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: Connection closed by 103.77.175.15 port 36598 [preauth]
Jun 26 02:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.240.87.244  user=root
Jun 26 02:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: Failed password for root from 77.240.87.244 port 55090 ssh2
Jun 26 02:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: Connection closed by 77.240.87.244 port 55090 [preauth]
Jun 26 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session closed for user root
Jun 26 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8310]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8381]: Successful su for rubyman by root
Jun 26 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8381]: + ??? root:rubyman
Jun 26 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593908 of user rubyman.
Jun 26 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8381]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593908.
Jun 26 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session closed for user root
Jun 26 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session closed for user root
Jun 26 02:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 02:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: Failed password for root from 103.82.132.16 port 48238 ssh2
Jun 26 02:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: Connection closed by 103.82.132.16 port 48238 [preauth]
Jun 26 02:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.187.64.123  user=root
Jun 26 02:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7433]: pam_unix(cron:session): session closed for user root
Jun 26 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: Failed password for root from 31.187.64.123 port 57046 ssh2
Jun 26 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: Connection closed by 31.187.64.123 port 57046 [preauth]
Jun 26 02:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8705]: Connection closed by 194.59.206.2 port 19868 [preauth]
Jun 26 02:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.171.25.1  user=root
Jun 26 02:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Failed password for root from 112.171.25.1 port 23488 ssh2
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Connection closed by 112.171.25.1 port 23488 [preauth]
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8749]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8822]: Successful su for rubyman by root
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8822]: + ??? root:rubyman
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593915 of user rubyman.
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8822]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593915.
Jun 26 02:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6088]: pam_unix(cron:session): session closed for user root
Jun 26 02:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8750]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.52.133.47  user=root
Jun 26 02:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: Failed password for root from 176.52.133.47 port 38052 ssh2
Jun 26 02:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: Connection closed by 176.52.133.47 port 38052 [preauth]
Jun 26 02:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7920]: pam_unix(cron:session): session closed for user root
Jun 26 02:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.20.228.110  user=root
Jun 26 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9164]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9161]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9150]: Failed password for root from 1.20.228.110 port 48052 ssh2
Jun 26 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: Successful su for rubyman by root
Jun 26 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: + ??? root:rubyman
Jun 26 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593919 of user rubyman.
Jun 26 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593919.
Jun 26 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9150]: Connection closed by 1.20.228.110 port 48052 [preauth]
Jun 26 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6511]: pam_unix(cron:session): session closed for user root
Jun 26 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9162]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 02:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Failed password for root from 103.27.238.114 port 49820 ssh2
Jun 26 02:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Connection closed by 103.27.238.114 port 49820 [preauth]
Jun 26 02:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.221.2  user=root
Jun 26 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9457]: Failed password for root from 202.29.221.2 port 36374 ssh2
Jun 26 02:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9457]: Connection closed by 202.29.221.2 port 36374 [preauth]
Jun 26 02:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session closed for user root
Jun 26 02:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.76.106  user=root
Jun 26 02:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Invalid user admin from 139.19.117.131
Jun 26 02:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: input_userauth_request: invalid user admin [preauth]
Jun 26 02:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Failed password for root from 51.91.76.106 port 40996 ssh2
Jun 26 02:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Connection closed by 51.91.76.106 port 40996 [preauth]
Jun 26 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9552]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9616]: Successful su for rubyman by root
Jun 26 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9616]: + ??? root:rubyman
Jun 26 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593924 of user rubyman.
Jun 26 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9616]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593924.
Jun 26 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6935]: pam_unix(cron:session): session closed for user root
Jun 26 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9553]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Connection closed by 139.19.117.131 port 51038 [preauth]
Jun 26 02:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: Invalid user annalee from 2.57.121.112
Jun 26 02:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: input_userauth_request: invalid user annalee [preauth]
Jun 26 02:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: Failed password for invalid user annalee from 2.57.121.112 port 52606 ssh2
Jun 26 02:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: Failed password for invalid user annalee from 2.57.121.112 port 52606 ssh2
Jun 26 02:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: Failed password for invalid user annalee from 2.57.121.112 port 52606 ssh2
Jun 26 02:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: Failed password for invalid user annalee from 2.57.121.112 port 52606 ssh2
Jun 26 02:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: Failed password for invalid user annalee from 2.57.121.112 port 52606 ssh2
Jun 26 02:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: Connection closed by 2.57.121.112 port 52606 [preauth]
Jun 26 02:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 02:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 26 02:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.136.54  user=root
Jun 26 02:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: Failed password for root from 157.230.136.54 port 51572 ssh2
Jun 26 02:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: Connection closed by 157.230.136.54 port 51572 [preauth]
Jun 26 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8752]: pam_unix(cron:session): session closed for user root
Jun 26 02:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.180.136  user=root
Jun 26 02:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: Failed password for root from 165.22.180.136 port 33454 ssh2
Jun 26 02:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: Connection closed by 165.22.180.136 port 33454 [preauth]
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10200]: Successful su for rubyman by root
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10200]: + ??? root:rubyman
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593927 of user rubyman.
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10200]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593927.
Jun 26 02:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7432]: pam_unix(cron:session): session closed for user root
Jun 26 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.123.141.251  user=root
Jun 26 02:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: Failed password for root from 121.123.141.251 port 56862 ssh2
Jun 26 02:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10530]: Connection closed by 121.123.141.251 port 56862 [preauth]
Jun 26 02:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9164]: pam_unix(cron:session): session closed for user root
Jun 26 02:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.4.92  user=root
Jun 26 02:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: Failed password for root from 165.154.4.92 port 38614 ssh2
Jun 26 02:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: Connection closed by 165.154.4.92 port 38614 [preauth]
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10640]: pam_unix(cron:session): session closed for user root
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10635]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10709]: Successful su for rubyman by root
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10709]: + ??? root:rubyman
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593931 of user rubyman.
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10709]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593931.
Jun 26 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10637]: pam_unix(cron:session): session closed for user root
Jun 26 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7919]: pam_unix(cron:session): session closed for user root
Jun 26 02:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10636]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.52.133.47  user=root
Jun 26 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: Failed password for root from 176.52.133.47 port 37854 ssh2
Jun 26 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: Connection closed by 176.52.133.47 port 37854 [preauth]
Jun 26 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9556]: pam_unix(cron:session): session closed for user root
Jun 26 02:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.117.243.211  user=root
Jun 26 02:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Failed password for root from 80.117.243.211 port 35644 ssh2
Jun 26 02:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Connection closed by 80.117.243.211 port 35644 [preauth]
Jun 26 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11089]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11161]: Successful su for rubyman by root
Jun 26 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11161]: + ??? root:rubyman
Jun 26 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593937 of user rubyman.
Jun 26 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11161]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593937.
Jun 26 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session closed for user root
Jun 26 02:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11091]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.180.136  user=root
Jun 26 02:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11420]: Failed password for root from 165.22.180.136 port 34090 ssh2
Jun 26 02:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11420]: Connection closed by 165.22.180.136 port 34090 [preauth]
Jun 26 02:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session closed for user root
Jun 26 02:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.95.24.146  user=root
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11581]: Successful su for rubyman by root
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11581]: + ??? root:rubyman
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593940 of user rubyman.
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11581]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593940.
Jun 26 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11518]: Failed password for root from 150.95.24.146 port 44964 ssh2
Jun 26 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11518]: Connection closed by 150.95.24.146 port 44964 [preauth]
Jun 26 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8751]: pam_unix(cron:session): session closed for user root
Jun 26 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11522]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Invalid user admin from 193.46.255.86
Jun 26 02:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: input_userauth_request: invalid user admin [preauth]
Jun 26 02:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 02:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Failed password for invalid user admin from 193.46.255.86 port 5370 ssh2
Jun 26 02:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Failed password for invalid user admin from 193.46.255.86 port 5370 ssh2
Jun 26 02:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Failed password for invalid user admin from 193.46.255.86 port 5370 ssh2
Jun 26 02:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: Connection closed by 193.46.255.86 port 5370 [preauth]
Jun 26 02:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11833]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 02:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10639]: pam_unix(cron:session): session closed for user root
Jun 26 02:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.166.144.212  user=root
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11987]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12048]: Successful su for rubyman by root
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12048]: + ??? root:rubyman
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593946 of user rubyman.
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12048]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593946.
Jun 26 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Failed password for root from 45.166.144.212 port 36178 ssh2
Jun 26 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Connection closed by 45.166.144.212 port 36178 [preauth]
Jun 26 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9163]: pam_unix(cron:session): session closed for user root
Jun 26 02:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11988]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11093]: pam_unix(cron:session): session closed for user root
Jun 26 02:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.235.21  user=root
Jun 26 02:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: Failed password for root from 122.154.235.21 port 52280 ssh2
Jun 26 02:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: Connection closed by 122.154.235.21 port 52280 [preauth]
Jun 26 02:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 02:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Failed password for root from 202.178.126.219 port 27341 ssh2
Jun 26 02:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Connection closed by 202.178.126.219 port 27341 [preauth]
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12507]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12630]: Successful su for rubyman by root
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12630]: + ??? root:rubyman
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593949 of user rubyman.
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12630]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593949.
Jun 26 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.52.133.47  user=root
Jun 26 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12505]: pam_unix(cron:session): session closed for user root
Jun 26 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Failed password for root from 176.52.133.47 port 42680 ssh2
Jun 26 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Connection closed by 176.52.133.47 port 42680 [preauth]
Jun 26 02:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9555]: pam_unix(cron:session): session closed for user root
Jun 26 02:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12508]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.117.72.24  user=root
Jun 26 02:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Failed password for root from 133.117.72.24 port 49920 ssh2
Jun 26 02:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Connection closed by 133.117.72.24 port 49920 [preauth]
Jun 26 02:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11524]: pam_unix(cron:session): session closed for user root
Jun 26 02:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.180.136  user=root
Jun 26 02:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13005]: Failed password for root from 165.22.180.136 port 52462 ssh2
Jun 26 02:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13005]: Connection closed by 165.22.180.136 port 52462 [preauth]
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session closed for user root
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13010]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13080]: Successful su for rubyman by root
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13080]: + ??? root:rubyman
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593953 of user rubyman.
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13080]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593953.
Jun 26 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13012]: pam_unix(cron:session): session closed for user root
Jun 26 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10132]: pam_unix(cron:session): session closed for user root
Jun 26 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13011]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.95.24.146  user=root
Jun 26 02:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Failed password for root from 150.95.24.146 port 60388 ssh2
Jun 26 02:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Connection closed by 150.95.24.146 port 60388 [preauth]
Jun 26 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11991]: pam_unix(cron:session): session closed for user root
Jun 26 02:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.210.76.170  user=root
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13461]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Failed password for root from 182.210.76.170 port 63892 ssh2
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Connection closed by 182.210.76.170 port 63892 [preauth]
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13531]: Successful su for rubyman by root
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13531]: + ??? root:rubyman
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593961 of user rubyman.
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13531]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593961.
Jun 26 02:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10638]: pam_unix(cron:session): session closed for user root
Jun 26 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13462]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12510]: pam_unix(cron:session): session closed for user root
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13869]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13934]: Successful su for rubyman by root
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13934]: + ??? root:rubyman
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593963 of user rubyman.
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13934]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593963.
Jun 26 02:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11092]: pam_unix(cron:session): session closed for user root
Jun 26 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13870]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session closed for user root
Jun 26 02:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.231.182.3  user=root
Jun 26 02:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14253]: Failed password for root from 49.231.182.3 port 40804 ssh2
Jun 26 02:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14253]: Connection closed by 49.231.182.3 port 40804 [preauth]
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14264]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14324]: Successful su for rubyman by root
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14324]: + ??? root:rubyman
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593968 of user rubyman.
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14324]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593968.
Jun 26 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11523]: pam_unix(cron:session): session closed for user root
Jun 26 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14265]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: Failed password for root from 193.37.70.224 port 56466 ssh2
Jun 26 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: Connection closed by 193.37.70.224 port 56466 [preauth]
Jun 26 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13464]: pam_unix(cron:session): session closed for user root
Jun 26 02:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14700]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14697]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14811]: Successful su for rubyman by root
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14811]: + ??? root:rubyman
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593972 of user rubyman.
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14811]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593972.
Jun 26 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.100.212.141  user=root
Jun 26 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11990]: pam_unix(cron:session): session closed for user root
Jun 26 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: Failed password for root from 185.100.212.141 port 38402 ssh2
Jun 26 02:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14694]: Connection closed by 185.100.212.141 port 38402 [preauth]
Jun 26 02:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14698]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.176.205.111  user=root
Jun 26 02:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: Failed password for root from 74.176.205.111 port 58742 ssh2
Jun 26 02:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15060]: Connection closed by 74.176.205.111 port 58742 [preauth]
Jun 26 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13872]: pam_unix(cron:session): session closed for user root
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15159]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15158]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15160]: pam_unix(cron:session): session closed for user root
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15155]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: Successful su for rubyman by root
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: + ??? root:rubyman
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593975 of user rubyman.
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593975.
Jun 26 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15157]: pam_unix(cron:session): session closed for user root
Jun 26 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session closed for user root
Jun 26 02:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15156]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.89.209  user=root
Jun 26 02:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15486]: Failed password for root from 174.138.89.209 port 56936 ssh2
Jun 26 02:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15486]: Connection closed by 174.138.89.209 port 56936 [preauth]
Jun 26 02:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14267]: pam_unix(cron:session): session closed for user root
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15572]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15642]: Successful su for rubyman by root
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15642]: + ??? root:rubyman
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593982 of user rubyman.
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15642]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593982.
Jun 26 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.77.131.229  user=root
Jun 26 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Failed password for root from 110.77.131.229 port 36782 ssh2
Jun 26 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Connection closed by 110.77.131.229 port 36782 [preauth]
Jun 26 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session closed for user root
Jun 26 02:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15573]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 26 02:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Failed password for root from 45.148.10.121 port 49702 ssh2
Jun 26 02:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15834]: Connection closed by 45.148.10.121 port 49702 [preauth]
Jun 26 02:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 02:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Failed password for root from 62.133.62.83 port 54912 ssh2
Jun 26 02:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Connection closed by 62.133.62.83 port 54912 [preauth]
Jun 26 02:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Invalid user vpn from 141.98.83.240
Jun 26 02:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: input_userauth_request: invalid user vpn [preauth]
Jun 26 02:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Failed password for invalid user vpn from 141.98.83.240 port 53010 ssh2
Jun 26 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Failed password for invalid user vpn from 141.98.83.240 port 53010 ssh2
Jun 26 02:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 26 02:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 02:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.191.143  user=root
Jun 26 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15891]: Failed password for root from 176.32.39.21 port 54354 ssh2
Jun 26 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Failed password for invalid user vpn from 141.98.83.240 port 53010 ssh2
Jun 26 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15891]: Connection closed by 176.32.39.21 port 54354 [preauth]
Jun 26 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Connection closed by 141.98.83.240 port 53010 [preauth]
Jun 26 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15893]: Failed password for root from 68.183.191.143 port 58454 ssh2
Jun 26 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15893]: Connection closed by 68.183.191.143 port 58454 [preauth]
Jun 26 02:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14700]: pam_unix(cron:session): session closed for user root
Jun 26 02:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.146.182  user=root
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15978]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16040]: Successful su for rubyman by root
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16040]: + ??? root:rubyman
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593986 of user rubyman.
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16040]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593986.
Jun 26 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: Failed password for root from 152.32.146.182 port 47262 ssh2
Jun 26 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: Connection closed by 152.32.146.182 port 47262 [preauth]
Jun 26 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13463]: pam_unix(cron:session): session closed for user root
Jun 26 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15979]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.101.166  user=root
Jun 26 02:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: Failed password for root from 64.227.101.166 port 33248 ssh2
Jun 26 02:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: Connection closed by 64.227.101.166 port 33248 [preauth]
Jun 26 02:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15159]: pam_unix(cron:session): session closed for user root
Jun 26 02:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 02:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: Failed password for root from 87.251.79.125 port 37946 ssh2
Jun 26 02:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16343]: Connection closed by 87.251.79.125 port 37946 [preauth]
Jun 26 02:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.123.141.251  user=root
Jun 26 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: Successful su for rubyman by root
Jun 26 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: + ??? root:rubyman
Jun 26 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593989 of user rubyman.
Jun 26 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593989.
Jun 26 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Failed password for root from 121.123.141.251 port 55232 ssh2
Jun 26 02:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Connection closed by 121.123.141.251 port 55232 [preauth]
Jun 26 02:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13871]: pam_unix(cron:session): session closed for user root
Jun 26 02:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.224.230  user=root
Jun 26 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15575]: pam_unix(cron:session): session closed for user root
Jun 26 02:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Failed password for root from 202.29.224.230 port 16242 ssh2
Jun 26 02:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Connection closed by 202.29.224.230 port 16242 [preauth]
Jun 26 02:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.118.107.37  user=root
Jun 26 02:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Failed password for root from 83.118.107.37 port 60498 ssh2
Jun 26 02:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Connection closed by 83.118.107.37 port 60498 [preauth]
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16776]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16842]: Successful su for rubyman by root
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16842]: + ??? root:rubyman
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593994 of user rubyman.
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16842]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593994.
Jun 26 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14266]: pam_unix(cron:session): session closed for user root
Jun 26 02:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16777]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.3.77.254  user=root
Jun 26 02:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Failed password for root from 95.3.77.254 port 54254 ssh2
Jun 26 02:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Connection closed by 95.3.77.254 port 54254 [preauth]
Jun 26 02:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15981]: pam_unix(cron:session): session closed for user root
Jun 26 02:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 02:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: Failed password for root from 103.27.238.116 port 60356 ssh2
Jun 26 02:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17245]: Connection closed by 103.27.238.116 port 60356 [preauth]
Jun 26 02:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.166.144.212  user=root
Jun 26 02:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Failed password for root from 45.166.144.212 port 50936 ssh2
Jun 26 02:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Connection closed by 45.166.144.212 port 50936 [preauth]
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17278]: pam_unix(cron:session): session closed for user root
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17349]: Successful su for rubyman by root
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17349]: + ??? root:rubyman
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 593999 of user rubyman.
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17349]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 593999.
Jun 26 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17274]: pam_unix(cron:session): session closed for user root
Jun 26 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14699]: pam_unix(cron:session): session closed for user root
Jun 26 02:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.37.174.180  user=root
Jun 26 02:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: Failed password for root from 211.37.174.180 port 46762 ssh2
Jun 26 02:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: Connection closed by 211.37.174.180 port 46762 [preauth]
Jun 26 02:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 02:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Failed password for root from 194.113.233.25 port 56528 ssh2
Jun 26 02:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Connection closed by 194.113.233.25 port 56528 [preauth]
Jun 26 02:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16377]: pam_unix(cron:session): session closed for user root
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17812]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17891]: Successful su for rubyman by root
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17891]: + ??? root:rubyman
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594003 of user rubyman.
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17891]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594003.
Jun 26 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15158]: pam_unix(cron:session): session closed for user root
Jun 26 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17959]: Failed password for root from 143.20.185.207 port 36022 ssh2
Jun 26 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17959]: Connection closed by 143.20.185.207 port 36022 [preauth]
Jun 26 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16779]: pam_unix(cron:session): session closed for user root
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18317]: Successful su for rubyman by root
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18317]: + ??? root:rubyman
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594007 of user rubyman.
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18317]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594007.
Jun 26 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15574]: pam_unix(cron:session): session closed for user root
Jun 26 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 02:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: Failed password for root from 77.94.47.83 port 38058 ssh2
Jun 26 02:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: Connection closed by 77.94.47.83 port 38058 [preauth]
Jun 26 02:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 02:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.236.76  user=root
Jun 26 02:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: Failed password for root from 109.237.96.109 port 33442 ssh2
Jun 26 02:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: Connection closed by 109.237.96.109 port 33442 [preauth]
Jun 26 02:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Failed password for root from 202.29.236.76 port 33034 ssh2
Jun 26 02:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Connection closed by 202.29.236.76 port 33034 [preauth]
Jun 26 02:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17277]: pam_unix(cron:session): session closed for user root
Jun 26 02:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.93.112.20  user=root
Jun 26 02:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: Failed password for root from 188.93.112.20 port 35162 ssh2
Jun 26 02:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: Connection closed by 188.93.112.20 port 35162 [preauth]
Jun 26 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18752]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18836]: Successful su for rubyman by root
Jun 26 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18836]: + ??? root:rubyman
Jun 26 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594012 of user rubyman.
Jun 26 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18836]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594012.
Jun 26 02:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15980]: pam_unix(cron:session): session closed for user root
Jun 26 02:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18754]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.42.96.25  user=root
Jun 26 02:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19078]: Failed password for root from 119.42.96.25 port 38482 ssh2
Jun 26 02:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19078]: Connection closed by 119.42.96.25 port 38482 [preauth]
Jun 26 02:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17815]: pam_unix(cron:session): session closed for user root
Jun 26 02:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.187.64.123  user=root
Jun 26 02:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: Failed password for root from 31.187.64.123 port 55200 ssh2
Jun 26 02:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: Connection closed by 31.187.64.123 port 55200 [preauth]
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19276]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19274]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19337]: Successful su for rubyman by root
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19337]: + ??? root:rubyman
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594015 of user rubyman.
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19337]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594015.
Jun 26 02:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16376]: pam_unix(cron:session): session closed for user root
Jun 26 02:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19275]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.126  user=root
Jun 26 02:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: Failed password for root from 202.29.220.126 port 37747 ssh2
Jun 26 02:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: Connection closed by 202.29.220.126 port 37747 [preauth]
Jun 26 02:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18251]: pam_unix(cron:session): session closed for user root
Jun 26 02:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.63.214.90  user=root
Jun 26 02:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19880]: Failed password for root from 211.63.214.90 port 33712 ssh2
Jun 26 02:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19880]: Connection closed by 211.63.214.90 port 33712 [preauth]
Jun 26 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19899]: pam_unix(cron:session): session closed for user root
Jun 26 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: Successful su for rubyman by root
Jun 26 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: + ??? root:rubyman
Jun 26 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594021 of user rubyman.
Jun 26 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594021.
Jun 26 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16778]: pam_unix(cron:session): session closed for user root
Jun 26 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session closed for user root
Jun 26 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 02:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Failed password for root from 147.45.199.80 port 37330 ssh2
Jun 26 02:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Connection closed by 147.45.199.80 port 37330 [preauth]
Jun 26 02:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18756]: pam_unix(cron:session): session closed for user root
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20422]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20496]: Successful su for rubyman by root
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20496]: + ??? root:rubyman
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594026 of user rubyman.
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20496]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594026.
Jun 26 02:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17275]: pam_unix(cron:session): session closed for user root
Jun 26 02:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20423]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19277]: pam_unix(cron:session): session closed for user root
Jun 26 02:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.98.152.181  user=root
Jun 26 02:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: Failed password for root from 103.98.152.181 port 35750 ssh2
Jun 26 02:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20840]: Connection closed by 103.98.152.181 port 35750 [preauth]
Jun 26 02:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.68.186.7  user=root
Jun 26 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20923]: Failed password for root from 36.68.186.7 port 38642 ssh2
Jun 26 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20923]: Connection closed by 36.68.186.7 port 38642 [preauth]
Jun 26 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20994]: Successful su for rubyman by root
Jun 26 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20994]: + ??? root:rubyman
Jun 26 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594030 of user rubyman.
Jun 26 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20994]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594030.
Jun 26 02:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17814]: pam_unix(cron:session): session closed for user root
Jun 26 02:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20936]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.148.158  user=root
Jun 26 02:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21239]: Failed password for root from 159.65.148.158 port 32880 ssh2
Jun 26 02:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21239]: Connection closed by 159.65.148.158 port 32880 [preauth]
Jun 26 02:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19898]: pam_unix(cron:session): session closed for user root
Jun 26 02:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.130  user=root
Jun 26 02:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Failed password for root from 202.29.220.130 port 39070 ssh2
Jun 26 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Connection closed by 202.29.220.130 port 39070 [preauth]
Jun 26 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21345]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: Successful su for rubyman by root
Jun 26 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: + ??? root:rubyman
Jun 26 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594033 of user rubyman.
Jun 26 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594033.
Jun 26 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session closed for user root
Jun 26 02:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21346]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.235.21  user=root
Jun 26 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session closed for user root
Jun 26 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21681]: Failed password for root from 122.154.235.21 port 39306 ssh2
Jun 26 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21681]: Connection closed by 122.154.235.21 port 39306 [preauth]
Jun 26 02:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.133.140  user=root
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21777]: pam_unix(cron:session): session closed for user p13x
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: Successful su for rubyman by root
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: + ??? root:rubyman
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594038 of user rubyman.
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: pam_unix(su:session): session closed for user rubyman
Jun 26 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594038.
Jun 26 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21771]: Failed password for root from 159.192.133.140 port 43504 ssh2
Jun 26 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21771]: Connection closed by 159.192.133.140 port 43504 [preauth]
Jun 26 02:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18755]: pam_unix(cron:session): session closed for user root
Jun 26 02:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21778]: pam_unix(cron:session): session closed for user samftp
Jun 26 02:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 02:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.95.24.146  user=root
Jun 26 02:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22080]: Failed password for root from 150.95.24.146 port 56350 ssh2
Jun 26 02:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22080]: Connection closed by 150.95.24.146 port 56350 [preauth]
Jun 26 02:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20938]: pam_unix(cron:session): session closed for user root
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22189]: pam_unix(cron:session): session closed for user root
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22185]: pam_unix(cron:session): session closed for user root
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22182]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22278]: Successful su for rubyman by root
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22278]: + ??? root:rubyman
Jun 26 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594045 of user rubyman.
Jun 26 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22278]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594045.
Jun 26 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22186]: pam_unix(cron:session): session closed for user root
Jun 26 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19276]: pam_unix(cron:session): session closed for user root
Jun 26 03:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22184]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.162.13.50  user=root
Jun 26 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21348]: pam_unix(cron:session): session closed for user root
Jun 26 03:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: Failed password for root from 90.162.13.50 port 52178 ssh2
Jun 26 03:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: Connection closed by 90.162.13.50 port 52178 [preauth]
Jun 26 03:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.77.131.229  user=root
Jun 26 03:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: Failed password for root from 110.77.131.229 port 33756 ssh2
Jun 26 03:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: Connection closed by 110.77.131.229 port 33756 [preauth]
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22778]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22777]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22775]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22775]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22852]: Successful su for rubyman by root
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22852]: + ??? root:rubyman
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594048 of user rubyman.
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22852]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594048.
Jun 26 03:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session closed for user root
Jun 26 03:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22776]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21780]: pam_unix(cron:session): session closed for user root
Jun 26 03:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 03:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: Failed password for root from 51.250.105.222 port 53360 ssh2
Jun 26 03:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: Connection closed by 51.250.105.222 port 53360 [preauth]
Jun 26 03:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.117.243.211  user=root
Jun 26 03:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: Failed password for root from 80.117.243.211 port 41242 ssh2
Jun 26 03:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: Connection closed by 80.117.243.211 port 41242 [preauth]
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23183]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23181]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23254]: Successful su for rubyman by root
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23254]: + ??? root:rubyman
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594053 of user rubyman.
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23254]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594053.
Jun 26 03:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session closed for user root
Jun 26 03:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.20.228.110  user=root
Jun 26 03:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: Failed password for root from 1.20.228.110 port 60446 ssh2
Jun 26 03:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23514]: Connection closed by 1.20.228.110 port 60446 [preauth]
Jun 26 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22188]: pam_unix(cron:session): session closed for user root
Jun 26 03:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.205.85  user=root
Jun 26 03:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: Failed password for root from 206.189.205.85 port 53322 ssh2
Jun 26 03:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: Connection closed by 206.189.205.85 port 53322 [preauth]
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23607]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23676]: Successful su for rubyman by root
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23676]: + ??? root:rubyman
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594056 of user rubyman.
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23676]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594056.
Jun 26 03:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20937]: pam_unix(cron:session): session closed for user root
Jun 26 03:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23608]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.162.13.50  user=root
Jun 26 03:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: Failed password for root from 90.162.13.50 port 45840 ssh2
Jun 26 03:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: Connection closed by 90.162.13.50 port 45840 [preauth]
Jun 26 03:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22778]: pam_unix(cron:session): session closed for user root
Jun 26 03:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: Connection closed by 103.203.57.2 port 45088 [preauth]
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: Successful su for rubyman by root
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: + ??? root:rubyman
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594061 of user rubyman.
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594061.
Jun 26 03:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21347]: pam_unix(cron:session): session closed for user root
Jun 26 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.166.144.212  user=root
Jun 26 03:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Failed password for root from 45.166.144.212 port 46198 ssh2
Jun 26 03:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Connection closed by 45.166.144.212 port 46198 [preauth]
Jun 26 03:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23184]: pam_unix(cron:session): session closed for user root
Jun 26 03:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: Invalid user arm from 180.76.234.73
Jun 26 03:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: input_userauth_request: invalid user arm [preauth]
Jun 26 03:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.234.73
Jun 26 03:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 03:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: Failed password for invalid user arm from 180.76.234.73 port 40124 ssh2
Jun 26 03:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24524]: Connection closed by 180.76.234.73 port 40124 [preauth]
Jun 26 03:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: Failed password for root from 38.93.206.2 port 31822 ssh2
Jun 26 03:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: Connection closed by 38.93.206.2 port 31822 [preauth]
Jun 26 03:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.53.207.106  user=root
Jun 26 03:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Failed password for root from 182.53.207.106 port 40042 ssh2
Jun 26 03:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Connection closed by 182.53.207.106 port 40042 [preauth]
Jun 26 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session closed for user root
Jun 26 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24634]: Successful su for rubyman by root
Jun 26 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24634]: + ??? root:rubyman
Jun 26 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594065 of user rubyman.
Jun 26 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24634]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594065.
Jun 26 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session closed for user root
Jun 26 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21779]: pam_unix(cron:session): session closed for user root
Jun 26 03:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24559]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.235.12  user=root
Jun 26 03:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 03:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: Failed password for root from 202.29.235.12 port 52762 ssh2
Jun 26 03:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: Connection closed by 202.29.235.12 port 52762 [preauth]
Jun 26 03:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: Failed password for root from 103.82.20.28 port 45642 ssh2
Jun 26 03:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: Connection closed by 103.82.20.28 port 45642 [preauth]
Jun 26 03:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23610]: pam_unix(cron:session): session closed for user root
Jun 26 03:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24955]: Connection reset by 45.148.10.157 port 42462 [preauth]
Jun 26 03:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 03:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: Failed password for root from 103.149.28.157 port 34674 ssh2
Jun 26 03:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: Connection closed by 103.149.28.157 port 34674 [preauth]
Jun 26 03:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.187.64.123  user=root
Jun 26 03:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Failed password for root from 31.187.64.123 port 34482 ssh2
Jun 26 03:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Connection closed by 31.187.64.123 port 34482 [preauth]
Jun 26 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25013]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25088]: Successful su for rubyman by root
Jun 26 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25088]: + ??? root:rubyman
Jun 26 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594070 of user rubyman.
Jun 26 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25088]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594070.
Jun 26 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22187]: pam_unix(cron:session): session closed for user root
Jun 26 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.20.140.252  user=root
Jun 26 03:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: Failed password for root from 1.20.140.252 port 43796 ssh2
Jun 26 03:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: Connection closed by 1.20.140.252 port 43796 [preauth]
Jun 26 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session closed for user root
Jun 26 03:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 03:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: Invalid user david from 103.143.10.140
Jun 26 03:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: input_userauth_request: invalid user david [preauth]
Jun 26 03:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25374]: Failed password for root from 103.15.222.183 port 47908 ssh2
Jun 26 03:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25374]: Connection closed by 103.15.222.183 port 47908 [preauth]
Jun 26 03:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: Failed password for invalid user david from 103.143.10.140 port 45080 ssh2
Jun 26 03:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: Received disconnect from 103.143.10.140 port 45080:11: Bye Bye [preauth]
Jun 26 03:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: Disconnected from 103.143.10.140 port 45080 [preauth]
Jun 26 03:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 03:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Failed password for root from 14.103.118.107 port 37632 ssh2
Jun 26 03:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Received disconnect from 14.103.118.107 port 37632:11: Bye Bye [preauth]
Jun 26 03:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Disconnected from 14.103.118.107 port 37632 [preauth]
Jun 26 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.98.152.181  user=root
Jun 26 03:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: Failed password for root from 103.98.152.181 port 39704 ssh2
Jun 26 03:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25418]: Connection closed by 103.98.152.181 port 39704 [preauth]
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25422]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25492]: Successful su for rubyman by root
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25492]: + ??? root:rubyman
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594076 of user rubyman.
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25492]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594076.
Jun 26 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22777]: pam_unix(cron:session): session closed for user root
Jun 26 03:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25423]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.180.123.139  user=root
Jun 26 03:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: Failed password for root from 180.180.123.139 port 32228 ssh2
Jun 26 03:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: Connection closed by 180.180.123.139 port 32228 [preauth]
Jun 26 03:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24563]: pam_unix(cron:session): session closed for user root
Jun 26 03:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.240.87.244  user=root
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25815]: Failed password for root from 77.240.87.244 port 35076 ssh2
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25826]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25815]: Connection closed by 77.240.87.244 port 35076 [preauth]
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25885]: Successful su for rubyman by root
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25885]: + ??? root:rubyman
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594080 of user rubyman.
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25885]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594080.
Jun 26 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23183]: pam_unix(cron:session): session closed for user root
Jun 26 03:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25827]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.187.64.123  user=root
Jun 26 03:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: Failed password for root from 31.187.64.123 port 51278 ssh2
Jun 26 03:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: Connection closed by 31.187.64.123 port 51278 [preauth]
Jun 26 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session closed for user root
Jun 26 03:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.136.54  user=root
Jun 26 03:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Invalid user vh from 61.76.112.4
Jun 26 03:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: input_userauth_request: invalid user vh [preauth]
Jun 26 03:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 03:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: Failed password for root from 157.230.136.54 port 41768 ssh2
Jun 26 03:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: Connection closed by 157.230.136.54 port 41768 [preauth]
Jun 26 03:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Failed password for invalid user vh from 61.76.112.4 port 44678 ssh2
Jun 26 03:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Received disconnect from 61.76.112.4 port 44678:11: Bye Bye [preauth]
Jun 26 03:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Disconnected from 61.76.112.4 port 44678 [preauth]
Jun 26 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26222]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26219]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26345]: Successful su for rubyman by root
Jun 26 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26345]: + ??? root:rubyman
Jun 26 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594082 of user rubyman.
Jun 26 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26345]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594082.
Jun 26 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26217]: pam_unix(cron:session): session closed for user root
Jun 26 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23609]: pam_unix(cron:session): session closed for user root
Jun 26 03:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.188.187.59  user=root
Jun 26 03:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 03:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: Failed password for root from 196.188.187.59 port 43256 ssh2
Jun 26 03:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: Connection closed by 196.188.187.59 port 43256 [preauth]
Jun 26 03:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26620]: Failed password for root from 80.66.85.226 port 45118 ssh2
Jun 26 03:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26620]: Connection closed by 80.66.85.226 port 45118 [preauth]
Jun 26 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session closed for user root
Jun 26 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.209.126  user=root
Jun 26 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26801]: pam_unix(cron:session): session closed for user root
Jun 26 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26795]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26864]: Successful su for rubyman by root
Jun 26 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26864]: + ??? root:rubyman
Jun 26 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594090 of user rubyman.
Jun 26 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26864]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594090.
Jun 26 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: Failed password for root from 158.160.209.126 port 50288 ssh2
Jun 26 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26792]: Connection closed by 158.160.209.126 port 50288 [preauth]
Jun 26 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session closed for user root
Jun 26 03:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26798]: pam_unix(cron:session): session closed for user root
Jun 26 03:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26797]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.193.152.133  user=root
Jun 26 03:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Failed password for root from 20.193.152.133 port 51862 ssh2
Jun 26 03:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Connection closed by 20.193.152.133 port 51862 [preauth]
Jun 26 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session closed for user root
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27316]: Successful su for rubyman by root
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27316]: + ??? root:rubyman
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594093 of user rubyman.
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27316]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594093.
Jun 26 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session closed for user root
Jun 26 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.74.205  user=root
Jun 26 03:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: Failed password for root from 122.154.74.205 port 51382 ssh2
Jun 26 03:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: Connection closed by 122.154.74.205 port 51382 [preauth]
Jun 26 03:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session closed for user root
Jun 26 03:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.52.133.47  user=root
Jun 26 03:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: Failed password for root from 176.52.133.47 port 53330 ssh2
Jun 26 03:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27647]: Connection closed by 176.52.133.47 port 53330 [preauth]
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27659]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27722]: Successful su for rubyman by root
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27722]: + ??? root:rubyman
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594097 of user rubyman.
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27722]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594097.
Jun 26 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user root
Jun 26 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27660]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 03:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: Failed password for root from 103.176.20.57 port 36802 ssh2
Jun 26 03:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: Connection closed by 103.176.20.57 port 36802 [preauth]
Jun 26 03:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.144.204  user=root
Jun 26 03:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: Failed password for root from 159.192.144.204 port 60750 ssh2
Jun 26 03:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: Connection closed by 159.192.144.204 port 60750 [preauth]
Jun 26 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26800]: pam_unix(cron:session): session closed for user root
Jun 26 03:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 03:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28110]: Failed password for root from 143.20.185.207 port 48010 ssh2
Jun 26 03:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28110]: Connection closed by 143.20.185.207 port 48010 [preauth]
Jun 26 03:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.13.207.88  user=root
Jun 26 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: Failed password for root from 103.13.207.88 port 41288 ssh2
Jun 26 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: Connection closed by 103.13.207.88 port 41288 [preauth]
Jun 26 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28128]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28192]: Successful su for rubyman by root
Jun 26 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28192]: + ??? root:rubyman
Jun 26 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594101 of user rubyman.
Jun 26 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28192]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594101.
Jun 26 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25424]: pam_unix(cron:session): session closed for user root
Jun 26 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: Invalid user andre from 141.98.83.240
Jun 26 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: input_userauth_request: invalid user andre [preauth]
Jun 26 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28129]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: Failed password for invalid user andre from 141.98.83.240 port 33326 ssh2
Jun 26 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: Failed password for invalid user andre from 141.98.83.240 port 33326 ssh2
Jun 26 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: Failed password for invalid user andre from 141.98.83.240 port 33326 ssh2
Jun 26 03:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: Connection closed by 141.98.83.240 port 33326 [preauth]
Jun 26 03:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28327]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 03:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session closed for user root
Jun 26 03:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.191.141.115  user=root
Jun 26 03:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28512]: Failed password for root from 185.191.141.115 port 53956 ssh2
Jun 26 03:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28512]: Connection closed by 185.191.141.115 port 53956 [preauth]
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28533]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28680]: Successful su for rubyman by root
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28680]: + ??? root:rubyman
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594105 of user rubyman.
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28680]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594105.
Jun 26 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: Failed password for root from 103.122.221.179 port 34716 ssh2
Jun 26 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: Connection closed by 103.122.221.179 port 34716 [preauth]
Jun 26 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session closed for user root
Jun 26 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28534]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.176.205.111  user=root
Jun 26 03:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: Failed password for root from 74.176.205.111 port 56978 ssh2
Jun 26 03:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: Connection closed by 74.176.205.111 port 56978 [preauth]
Jun 26 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27662]: pam_unix(cron:session): session closed for user root
Jun 26 03:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.3.77.254  user=root
Jun 26 03:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: Failed password for root from 95.3.77.254 port 35698 ssh2
Jun 26 03:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29034]: Connection closed by 95.3.77.254 port 35698 [preauth]
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29052]: pam_unix(cron:session): session closed for user root
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29047]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29122]: Successful su for rubyman by root
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29122]: + ??? root:rubyman
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594109 of user rubyman.
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29122]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594109.
Jun 26 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29049]: pam_unix(cron:session): session closed for user root
Jun 26 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26222]: pam_unix(cron:session): session closed for user root
Jun 26 03:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29048]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.53.207.106  user=root
Jun 26 03:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Failed password for root from 182.53.207.106 port 46298 ssh2
Jun 26 03:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Connection closed by 182.53.207.106 port 46298 [preauth]
Jun 26 03:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28132]: pam_unix(cron:session): session closed for user root
Jun 26 03:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 03:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Failed password for root from 103.77.242.62 port 46418 ssh2
Jun 26 03:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29448]: Connection closed by 103.77.242.62 port 46418 [preauth]
Jun 26 03:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.235.12  user=root
Jun 26 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29518]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29519]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29516]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: Failed password for root from 202.29.235.12 port 54402 ssh2
Jun 26 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: Successful su for rubyman by root
Jun 26 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: + ??? root:rubyman
Jun 26 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594116 of user rubyman.
Jun 26 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29675]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594116.
Jun 26 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: Connection closed by 202.29.235.12 port 54402 [preauth]
Jun 26 03:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26799]: pam_unix(cron:session): session closed for user root
Jun 26 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29517]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.37.174.180  user=root
Jun 26 03:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: Failed password for root from 211.37.174.180 port 3660 ssh2
Jun 26 03:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: Connection closed by 211.37.174.180 port 3660 [preauth]
Jun 26 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28536]: pam_unix(cron:session): session closed for user root
Jun 26 03:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.227.153.56  user=root
Jun 26 03:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Failed password for root from 185.227.153.56 port 43342 ssh2
Jun 26 03:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Connection closed by 185.227.153.56 port 43342 [preauth]
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30045]: pam_unix(cron:session): session closed for user root
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30047]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30119]: Successful su for rubyman by root
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30119]: + ??? root:rubyman
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594119 of user rubyman.
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30119]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594119.
Jun 26 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session closed for user root
Jun 26 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30051]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 03:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30318]: Failed password for root from 103.172.78.219 port 44858 ssh2
Jun 26 03:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30318]: Connection closed by 103.172.78.219 port 44858 [preauth]
Jun 26 03:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.0.84.125  user=root
Jun 26 03:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Failed password for root from 49.0.84.125 port 57058 ssh2
Jun 26 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Connection closed by 49.0.84.125 port 57058 [preauth]
Jun 26 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 26 03:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: Failed password for root from 46.19.67.181 port 50340 ssh2
Jun 26 03:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: Connection closed by 46.19.67.181 port 50340 [preauth]
Jun 26 03:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29051]: pam_unix(cron:session): session closed for user root
Jun 26 03:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.205.85  user=root
Jun 26 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 03:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30468]: Failed password for root from 206.189.205.85 port 36798 ssh2
Jun 26 03:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30468]: Connection closed by 206.189.205.85 port 36798 [preauth]
Jun 26 03:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for root from 103.143.10.140 port 50316 ssh2
Jun 26 03:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Received disconnect from 103.143.10.140 port 50316:11: Bye Bye [preauth]
Jun 26 03:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Disconnected from 103.143.10.140 port 50316 [preauth]
Jun 26 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30482]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30551]: Successful su for rubyman by root
Jun 26 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30551]: + ??? root:rubyman
Jun 26 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594124 of user rubyman.
Jun 26 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30551]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594124.
Jun 26 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27661]: pam_unix(cron:session): session closed for user root
Jun 26 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30483]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.191.141.115  user=root
Jun 26 03:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Failed password for root from 185.191.141.115 port 45752 ssh2
Jun 26 03:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Connection closed by 185.191.141.115 port 45752 [preauth]
Jun 26 03:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29519]: pam_unix(cron:session): session closed for user root
Jun 26 03:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Invalid user admin from 2.57.121.25
Jun 26 03:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: input_userauth_request: invalid user admin [preauth]
Jun 26 03:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 03:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.130  user=root
Jun 26 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Failed password for invalid user admin from 2.57.121.25 port 62810 ssh2
Jun 26 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30888]: Failed password for root from 202.29.220.130 port 50556 ssh2
Jun 26 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30888]: Connection closed by 202.29.220.130 port 50556 [preauth]
Jun 26 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30910]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Failed password for invalid user admin from 2.57.121.25 port 62810 ssh2
Jun 26 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31061]: Successful su for rubyman by root
Jun 26 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31061]: + ??? root:rubyman
Jun 26 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594128 of user rubyman.
Jun 26 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31061]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594128.
Jun 26 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Failed password for invalid user admin from 2.57.121.25 port 62810 ssh2
Jun 26 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Connection closed by 2.57.121.25 port 62810 [preauth]
Jun 26 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28131]: pam_unix(cron:session): session closed for user root
Jun 26 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30911]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.205.85  user=root
Jun 26 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: Failed password for root from 206.189.205.85 port 49084 ssh2
Jun 26 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: Connection closed by 206.189.205.85 port 49084 [preauth]
Jun 26 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30053]: pam_unix(cron:session): session closed for user root
Jun 26 03:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Invalid user user from 45.148.10.121
Jun 26 03:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: input_userauth_request: invalid user user [preauth]
Jun 26 03:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 03:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Failed password for invalid user user from 45.148.10.121 port 48520 ssh2
Jun 26 03:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Connection closed by 45.148.10.121 port 48520 [preauth]
Jun 26 03:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.149.97  user=root
Jun 26 03:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: Failed password for root from 51.15.149.97 port 30406 ssh2
Jun 26 03:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: Connection closed by 51.15.149.97 port 30406 [preauth]
Jun 26 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31403]: pam_unix(cron:session): session closed for user root
Jun 26 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31397]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31475]: Successful su for rubyman by root
Jun 26 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31475]: + ??? root:rubyman
Jun 26 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594136 of user rubyman.
Jun 26 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31475]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594136.
Jun 26 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28535]: pam_unix(cron:session): session closed for user root
Jun 26 03:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31400]: pam_unix(cron:session): session closed for user root
Jun 26 03:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31399]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 03:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: Failed password for root from 103.143.10.140 port 60490 ssh2
Jun 26 03:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: Received disconnect from 103.143.10.140 port 60490:11: Bye Bye [preauth]
Jun 26 03:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: Disconnected from 103.143.10.140 port 60490 [preauth]
Jun 26 03:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.117.72.24  user=root
Jun 26 03:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31844]: Failed password for root from 133.117.72.24 port 34922 ssh2
Jun 26 03:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31844]: Connection closed by 133.117.72.24 port 34922 [preauth]
Jun 26 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30485]: pam_unix(cron:session): session closed for user root
Jun 26 03:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.11.96.13  user=root
Jun 26 03:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: Failed password for root from 121.11.96.13 port 40320 ssh2
Jun 26 03:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: Received disconnect from 121.11.96.13 port 40320:11: Bye Bye [preauth]
Jun 26 03:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: Disconnected from 121.11.96.13 port 40320 [preauth]
Jun 26 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31950]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32028]: Successful su for rubyman by root
Jun 26 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32028]: + ??? root:rubyman
Jun 26 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594138 of user rubyman.
Jun 26 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32028]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594138.
Jun 26 03:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29050]: pam_unix(cron:session): session closed for user root
Jun 26 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30913]: pam_unix(cron:session): session closed for user root
Jun 26 03:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.232.196  user=root
Jun 26 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: Failed password for root from 161.35.232.196 port 53206 ssh2
Jun 26 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: Connection closed by 161.35.232.196 port 53206 [preauth]
Jun 26 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: Successful su for rubyman by root
Jun 26 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: + ??? root:rubyman
Jun 26 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594142 of user rubyman.
Jun 26 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594142.
Jun 26 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29518]: pam_unix(cron:session): session closed for user root
Jun 26 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Invalid user ts from 103.143.10.140
Jun 26 03:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: input_userauth_request: invalid user ts [preauth]
Jun 26 03:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Failed password for invalid user ts from 103.143.10.140 port 42424 ssh2
Jun 26 03:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Received disconnect from 103.143.10.140 port 42424:11: Bye Bye [preauth]
Jun 26 03:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Disconnected from 103.143.10.140 port 42424 [preauth]
Jun 26 03:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.186.115.74  user=root
Jun 26 03:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32682]: Failed password for root from 211.186.115.74 port 41400 ssh2
Jun 26 03:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32682]: Connection closed by 211.186.115.74 port 41400 [preauth]
Jun 26 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31402]: pam_unix(cron:session): session closed for user root
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[308]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[375]: Successful su for rubyman by root
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[375]: + ??? root:rubyman
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594147 of user rubyman.
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[375]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594147.
Jun 26 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30052]: pam_unix(cron:session): session closed for user root
Jun 26 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.84.101.167  user=root
Jun 26 03:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Failed password for root from 20.84.101.167 port 45338 ssh2
Jun 26 03:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Connection closed by 20.84.101.167 port 45338 [preauth]
Jun 26 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31954]: pam_unix(cron:session): session closed for user root
Jun 26 03:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.90.19.40  user=root
Jun 26 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[876]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[944]: Successful su for rubyman by root
Jun 26 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[944]: + ??? root:rubyman
Jun 26 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594151 of user rubyman.
Jun 26 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[944]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594151.
Jun 26 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[865]: Failed password for root from 78.90.19.40 port 50918 ssh2
Jun 26 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[865]: Connection closed by 78.90.19.40 port 50918 [preauth]
Jun 26 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30484]: pam_unix(cron:session): session closed for user root
Jun 26 03:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[877]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Invalid user arm from 103.143.10.140
Jun 26 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: input_userauth_request: invalid user arm [preauth]
Jun 26 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Failed password for invalid user arm from 103.143.10.140 port 52598 ssh2
Jun 26 03:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Received disconnect from 103.143.10.140 port 52598:11: Bye Bye [preauth]
Jun 26 03:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Disconnected from 103.143.10.140 port 52598 [preauth]
Jun 26 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.68.186.7  user=root
Jun 26 03:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: Failed password for root from 36.68.186.7 port 38584 ssh2
Jun 26 03:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: Connection closed by 36.68.186.7 port 38584 [preauth]
Jun 26 03:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session closed for user root
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1341]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1340]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1344]: pam_unix(cron:session): session closed for user root
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1423]: Successful su for rubyman by root
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1423]: + ??? root:rubyman
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594155 of user rubyman.
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1423]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594155.
Jun 26 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1340]: pam_unix(cron:session): session closed for user root
Jun 26 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30912]: pam_unix(cron:session): session closed for user root
Jun 26 03:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1339]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.147.26.126  user=root
Jun 26 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: Failed password for root from 185.147.26.126 port 58794 ssh2
Jun 26 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1818]: Connection closed by 185.147.26.126 port 58794 [preauth]
Jun 26 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session closed for user root
Jun 26 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.100.212.141  user=root
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: Failed password for root from 185.100.212.141 port 53608 ssh2
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1924]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2022]: Successful su for rubyman by root
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2022]: + ??? root:rubyman
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594160 of user rubyman.
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2022]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594160.
Jun 26 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1920]: Connection closed by 185.100.212.141 port 53608 [preauth]
Jun 26 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31401]: pam_unix(cron:session): session closed for user root
Jun 26 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1925]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 03:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Failed password for root from 103.143.10.140 port 34518 ssh2
Jun 26 03:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Received disconnect from 103.143.10.140 port 34518:11: Bye Bye [preauth]
Jun 26 03:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Disconnected from 103.143.10.140 port 34518 [preauth]
Jun 26 03:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.191.141.115  user=root
Jun 26 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Failed password for root from 185.191.141.115 port 52324 ssh2
Jun 26 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Connection closed by 185.191.141.115 port 52324 [preauth]
Jun 26 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[879]: pam_unix(cron:session): session closed for user root
Jun 26 03:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.100.67.250  user=root
Jun 26 03:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: Failed password for root from 171.100.67.250 port 55274 ssh2
Jun 26 03:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: Connection closed by 171.100.67.250 port 55274 [preauth]
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2476]: Successful su for rubyman by root
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2476]: + ??? root:rubyman
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594164 of user rubyman.
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2476]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594164.
Jun 26 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31953]: pam_unix(cron:session): session closed for user root
Jun 26 03:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2411]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 03:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Failed password for root from 61.76.112.4 port 44582 ssh2
Jun 26 03:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Received disconnect from 61.76.112.4 port 44582:11: Bye Bye [preauth]
Jun 26 03:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Disconnected from 61.76.112.4 port 44582 [preauth]
Jun 26 03:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1343]: pam_unix(cron:session): session closed for user root
Jun 26 03:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.225.158  user=root
Jun 26 03:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Failed password for root from 202.29.225.158 port 33170 ssh2
Jun 26 03:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Connection closed by 202.29.225.158 port 33170 [preauth]
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2835]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2895]: Successful su for rubyman by root
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2895]: + ??? root:rubyman
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594169 of user rubyman.
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2895]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594169.
Jun 26 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session closed for user root
Jun 26 03:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2836]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Invalid user ftptest from 103.143.10.140
Jun 26 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: input_userauth_request: invalid user ftptest [preauth]
Jun 26 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Failed password for invalid user ftptest from 103.143.10.140 port 44686 ssh2
Jun 26 03:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Received disconnect from 103.143.10.140 port 44686:11: Bye Bye [preauth]
Jun 26 03:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Disconnected from 103.143.10.140 port 44686 [preauth]
Jun 26 03:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 03:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Failed password for root from 103.27.238.120 port 42002 ssh2
Jun 26 03:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Connection closed by 103.27.238.120 port 42002 [preauth]
Jun 26 03:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1928]: pam_unix(cron:session): session closed for user root
Jun 26 03:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 03:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: Failed password for root from 202.178.126.219 port 9206 ssh2
Jun 26 03:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3206]: Connection closed by 202.178.126.219 port 9206 [preauth]
Jun 26 03:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.125.169.27  user=root
Jun 26 03:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: Failed password for root from 179.125.169.27 port 11653 ssh2
Jun 26 03:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: Connection closed by 179.125.169.27 port 11653 [preauth]
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3294]: Successful su for rubyman by root
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3294]: + ??? root:rubyman
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594174 of user rubyman.
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3294]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594174.
Jun 26 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[310]: pam_unix(cron:session): session closed for user root
Jun 26 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 26 03:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Failed password for root from 193.46.255.86 port 46042 ssh2
Jun 26 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 46042 ssh2]
Jun 26 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Connection closed by 193.46.255.86 port 46042 [preauth]
Jun 26 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 26 03:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.89.209  user=root
Jun 26 03:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Failed password for root from 174.138.89.209 port 38222 ssh2
Jun 26 03:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Connection closed by 174.138.89.209 port 38222 [preauth]
Jun 26 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2413]: pam_unix(cron:session): session closed for user root
Jun 26 03:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 03:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Failed password for root from 103.153.68.219 port 54796 ssh2
Jun 26 03:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Connection closed by 103.153.68.219 port 54796 [preauth]
Jun 26 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.48.4.14  user=root
Jun 26 03:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: Failed password for root from 179.48.4.14 port 32836 ssh2
Jun 26 03:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: Connection closed by 179.48.4.14 port 32836 [preauth]
Jun 26 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session closed for user root
Jun 26 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3804]: Successful su for rubyman by root
Jun 26 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3804]: + ??? root:rubyman
Jun 26 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594180 of user rubyman.
Jun 26 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3804]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594180.
Jun 26 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session closed for user root
Jun 26 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[878]: pam_unix(cron:session): session closed for user root
Jun 26 03:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3632]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Invalid user t2 from 61.76.112.4
Jun 26 03:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: input_userauth_request: invalid user t2 [preauth]
Jun 26 03:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Failed password for invalid user t2 from 61.76.112.4 port 49750 ssh2
Jun 26 03:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Received disconnect from 61.76.112.4 port 49750:11: Bye Bye [preauth]
Jun 26 03:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Disconnected from 61.76.112.4 port 49750 [preauth]
Jun 26 03:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Invalid user samira from 103.143.10.140
Jun 26 03:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: input_userauth_request: invalid user samira [preauth]
Jun 26 03:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Failed password for invalid user samira from 103.143.10.140 port 54852 ssh2
Jun 26 03:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Received disconnect from 103.143.10.140 port 54852:11: Bye Bye [preauth]
Jun 26 03:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Disconnected from 103.143.10.140 port 54852 [preauth]
Jun 26 03:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.180.136  user=root
Jun 26 03:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: Failed password for root from 165.22.180.136 port 36216 ssh2
Jun 26 03:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: Connection closed by 165.22.180.136 port 36216 [preauth]
Jun 26 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2839]: pam_unix(cron:session): session closed for user root
Jun 26 03:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4225]: Connection closed by 194.59.206.2 port 25560 [preauth]
Jun 26 03:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.112.5.7  user=root
Jun 26 03:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Failed password for root from 103.112.5.7 port 39070 ssh2
Jun 26 03:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Connection closed by 103.112.5.7 port 39070 [preauth]
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4358]: Successful su for rubyman by root
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4358]: + ??? root:rubyman
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594183 of user rubyman.
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4358]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594183.
Jun 26 03:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1341]: pam_unix(cron:session): session closed for user root
Jun 26 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.235.21  user=root
Jun 26 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3233]: pam_unix(cron:session): session closed for user root
Jun 26 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Failed password for root from 122.154.235.21 port 54310 ssh2
Jun 26 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Connection closed by 122.154.235.21 port 54310 [preauth]
Jun 26 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4788]: Successful su for rubyman by root
Jun 26 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4788]: + ??? root:rubyman
Jun 26 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594186 of user rubyman.
Jun 26 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4788]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594186.
Jun 26 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1927]: pam_unix(cron:session): session closed for user root
Jun 26 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4697]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: Invalid user zz from 103.143.10.140
Jun 26 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: input_userauth_request: invalid user zz [preauth]
Jun 26 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: Failed password for invalid user zz from 103.143.10.140 port 36800 ssh2
Jun 26 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: Received disconnect from 103.143.10.140 port 36800:11: Bye Bye [preauth]
Jun 26 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: Disconnected from 103.143.10.140 port 36800 [preauth]
Jun 26 03:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.42.96.25  user=root
Jun 26 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session closed for user root
Jun 26 03:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: Failed password for root from 119.42.96.25 port 39806 ssh2
Jun 26 03:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: Connection closed by 119.42.96.25 port 39806 [preauth]
Jun 26 03:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: Invalid user admin from 139.19.117.131
Jun 26 03:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: input_userauth_request: invalid user admin [preauth]
Jun 26 03:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.93.112.20  user=root
Jun 26 03:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5196]: Failed password for root from 188.93.112.20 port 59320 ssh2
Jun 26 03:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5196]: Connection closed by 188.93.112.20 port 59320 [preauth]
Jun 26 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Invalid user ubuntu from 61.76.112.4
Jun 26 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5211]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5275]: Successful su for rubyman by root
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5275]: + ??? root:rubyman
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594192 of user rubyman.
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5275]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594192.
Jun 26 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Failed password for invalid user ubuntu from 61.76.112.4 port 56932 ssh2
Jun 26 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Received disconnect from 61.76.112.4 port 56932:11: Bye Bye [preauth]
Jun 26 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Disconnected from 61.76.112.4 port 56932 [preauth]
Jun 26 03:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2412]: pam_unix(cron:session): session closed for user root
Jun 26 03:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: Connection closed by 139.19.117.131 port 39744 [preauth]
Jun 26 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.132.34  user=root
Jun 26 03:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Failed password for root from 159.192.132.34 port 33456 ssh2
Jun 26 03:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Connection closed by 159.192.132.34 port 33456 [preauth]
Jun 26 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4284]: pam_unix(cron:session): session closed for user root
Jun 26 03:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.231.182.3  user=root
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5622]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5684]: Successful su for rubyman by root
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5684]: + ??? root:rubyman
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594194 of user rubyman.
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5684]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594194.
Jun 26 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Failed password for root from 49.231.182.3 port 48764 ssh2
Jun 26 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Connection closed by 49.231.182.3 port 48764 [preauth]
Jun 26 03:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2837]: pam_unix(cron:session): session closed for user root
Jun 26 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Invalid user vh from 103.143.10.140
Jun 26 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: input_userauth_request: invalid user vh [preauth]
Jun 26 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Failed password for invalid user vh from 103.143.10.140 port 46942 ssh2
Jun 26 03:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Received disconnect from 103.143.10.140 port 46942:11: Bye Bye [preauth]
Jun 26 03:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Disconnected from 103.143.10.140 port 46942 [preauth]
Jun 26 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4699]: pam_unix(cron:session): session closed for user root
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6017]: pam_unix(cron:session): session closed for user root
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6012]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6079]: Successful su for rubyman by root
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6079]: + ??? root:rubyman
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594200 of user rubyman.
Jun 26 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6079]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594200.
Jun 26 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6014]: pam_unix(cron:session): session closed for user root
Jun 26 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3232]: pam_unix(cron:session): session closed for user root
Jun 26 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6013]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Failed password for root from 143.20.185.207 port 59948 ssh2
Jun 26 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Connection closed by 143.20.185.207 port 59948 [preauth]
Jun 26 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session closed for user root
Jun 26 03:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Invalid user desenvolvimento from 61.76.112.4
Jun 26 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: input_userauth_request: invalid user desenvolvimento [preauth]
Jun 26 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.225.158  user=root
Jun 26 03:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Failed password for invalid user desenvolvimento from 61.76.112.4 port 35480 ssh2
Jun 26 03:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Received disconnect from 61.76.112.4 port 35480:11: Bye Bye [preauth]
Jun 26 03:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Disconnected from 61.76.112.4 port 35480 [preauth]
Jun 26 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: Failed password for root from 202.29.225.158 port 54426 ssh2
Jun 26 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: Connection closed by 202.29.225.158 port 54426 [preauth]
Jun 26 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: Successful su for rubyman by root
Jun 26 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: + ??? root:rubyman
Jun 26 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594205 of user rubyman.
Jun 26 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594205.
Jun 26 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session closed for user root
Jun 26 03:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6439]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 03:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.1.220.166  user=root
Jun 26 03:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: Failed password for root from 103.143.10.140 port 57096 ssh2
Jun 26 03:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: Received disconnect from 103.143.10.140 port 57096:11: Bye Bye [preauth]
Jun 26 03:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6755]: Disconnected from 103.143.10.140 port 57096 [preauth]
Jun 26 03:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: Failed password for root from 1.1.220.166 port 38742 ssh2
Jun 26 03:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: Connection closed by 1.1.220.166 port 38742 [preauth]
Jun 26 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session closed for user root
Jun 26 03:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Invalid user ubuntu from 14.103.118.107
Jun 26 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107
Jun 26 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Failed password for invalid user ubuntu from 14.103.118.107 port 50780 ssh2
Jun 26 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Received disconnect from 14.103.118.107 port 50780:11: Bye Bye [preauth]
Jun 26 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Disconnected from 14.103.118.107 port 50780 [preauth]
Jun 26 03:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.210.76.170  user=root
Jun 26 03:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6847]: Failed password for root from 182.210.76.170 port 45219 ssh2
Jun 26 03:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6847]: Connection closed by 182.210.76.170 port 45219 [preauth]
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6861]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6858]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6922]: Successful su for rubyman by root
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6922]: + ??? root:rubyman
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594208 of user rubyman.
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6922]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594208.
Jun 26 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session closed for user root
Jun 26 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.76.106  user=root
Jun 26 03:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: Failed password for root from 51.91.76.106 port 47766 ssh2
Jun 26 03:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7261]: Connection closed by 51.91.76.106 port 47766 [preauth]
Jun 26 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session closed for user root
Jun 26 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39  user=root
Jun 26 03:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Failed password for root from 191.96.110.39 port 51720 ssh2
Jun 26 03:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Received disconnect from 191.96.110.39 port 51720:11: Bye Bye [preauth]
Jun 26 03:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Disconnected from 191.96.110.39 port 51720 [preauth]
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: Successful su for rubyman by root
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: + ??? root:rubyman
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594213 of user rubyman.
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594213.
Jun 26 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4698]: pam_unix(cron:session): session closed for user root
Jun 26 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: Invalid user stalker from 185.148.1.18
Jun 26 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: input_userauth_request: invalid user stalker [preauth]
Jun 26 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 03:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: Failed password for invalid user stalker from 185.148.1.18 port 40596 ssh2
Jun 26 03:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: Received disconnect from 185.148.1.18 port 40596:11: Bye Bye [preauth]
Jun 26 03:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7604]: Disconnected from 185.148.1.18 port 40596 [preauth]
Jun 26 03:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7735]: Connection closed by 14.103.118.107 port 45954 [preauth]
Jun 26 03:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.245.32.125  user=root
Jun 26 03:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: Failed password for root from 151.245.32.125 port 44310 ssh2
Jun 26 03:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: Connection closed by 151.245.32.125 port 44310 [preauth]
Jun 26 03:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: Failed password for root from 103.143.10.140 port 39008 ssh2
Jun 26 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: Received disconnect from 103.143.10.140 port 39008:11: Bye Bye [preauth]
Jun 26 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7776]: Disconnected from 103.143.10.140 port 39008 [preauth]
Jun 26 03:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session closed for user root
Jun 26 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Invalid user vitor from 61.76.112.4
Jun 26 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: input_userauth_request: invalid user vitor [preauth]
Jun 26 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user vitor from 61.76.112.4 port 42399 ssh2
Jun 26 03:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Received disconnect from 61.76.112.4 port 42399:11: Bye Bye [preauth]
Jun 26 03:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Disconnected from 61.76.112.4 port 42399 [preauth]
Jun 26 03:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.42.96.25  user=root
Jun 26 03:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7852]: Failed password for root from 119.42.96.25 port 57418 ssh2
Jun 26 03:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7852]: Connection closed by 119.42.96.25 port 57418 [preauth]
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7866]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7864]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: Successful su for rubyman by root
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: + ??? root:rubyman
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594217 of user rubyman.
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7975]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594217.
Jun 26 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7862]: pam_unix(cron:session): session closed for user root
Jun 26 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session closed for user root
Jun 26 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7865]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.193.152.133  user=root
Jun 26 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Failed password for root from 20.193.152.133 port 34156 ssh2
Jun 26 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Connection closed by 20.193.152.133 port 34156 [preauth]
Jun 26 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6861]: pam_unix(cron:session): session closed for user root
Jun 26 03:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 03:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Invalid user luciano from 141.98.83.240
Jun 26 03:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: input_userauth_request: invalid user luciano [preauth]
Jun 26 03:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 03:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: Failed password for root from 14.103.118.107 port 44636 ssh2
Jun 26 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: Received disconnect from 14.103.118.107 port 44636:11: Bye Bye [preauth]
Jun 26 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: Disconnected from 14.103.118.107 port 44636 [preauth]
Jun 26 03:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Failed password for invalid user luciano from 141.98.83.240 port 27718 ssh2
Jun 26 03:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Failed password for invalid user luciano from 141.98.83.240 port 27718 ssh2
Jun 26 03:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Failed password for invalid user luciano from 141.98.83.240 port 27718 ssh2
Jun 26 03:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Connection closed by 141.98.83.240 port 27718 [preauth]
Jun 26 03:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8347]: pam_unix(cron:session): session closed for user root
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8341]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8411]: Successful su for rubyman by root
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8411]: + ??? root:rubyman
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594221 of user rubyman.
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8411]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594221.
Jun 26 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.123.141.251  user=root
Jun 26 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8343]: pam_unix(cron:session): session closed for user root
Jun 26 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5624]: pam_unix(cron:session): session closed for user root
Jun 26 03:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8413]: Failed password for root from 121.123.141.251 port 50556 ssh2
Jun 26 03:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8413]: Connection closed by 121.123.141.251 port 50556 [preauth]
Jun 26 03:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8342]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.205.184.118  user=root
Jun 26 03:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8689]: Failed password for root from 92.205.184.118 port 50592 ssh2
Jun 26 03:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8689]: Connection closed by 92.205.184.118 port 50592 [preauth]
Jun 26 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7355]: pam_unix(cron:session): session closed for user root
Jun 26 03:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 03:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Failed password for root from 103.143.10.140 port 49164 ssh2
Jun 26 03:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Received disconnect from 103.143.10.140 port 49164:11: Bye Bye [preauth]
Jun 26 03:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Disconnected from 103.143.10.140 port 49164 [preauth]
Jun 26 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 26 03:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: Failed password for root from 89.223.69.22 port 40468 ssh2
Jun 26 03:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: Connection closed by 89.223.69.22 port 40468 [preauth]
Jun 26 03:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.0.84.125  user=root
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8785]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: Failed password for root from 49.0.84.125 port 49958 ssh2
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8782]: Connection closed by 49.0.84.125 port 49958 [preauth]
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8853]: Successful su for rubyman by root
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8853]: + ??? root:rubyman
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594227 of user rubyman.
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8853]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594227.
Jun 26 03:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6015]: pam_unix(cron:session): session closed for user root
Jun 26 03:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8786]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Invalid user admin from 14.103.118.107
Jun 26 03:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: input_userauth_request: invalid user admin [preauth]
Jun 26 03:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107
Jun 26 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Failed password for invalid user admin from 14.103.118.107 port 50426 ssh2
Jun 26 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Received disconnect from 14.103.118.107 port 50426:11: Bye Bye [preauth]
Jun 26 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Disconnected from 14.103.118.107 port 50426 [preauth]
Jun 26 03:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.123.141.251  user=root
Jun 26 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 03:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for root from 121.123.141.251 port 46758 ssh2
Jun 26 03:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Connection closed by 121.123.141.251 port 46758 [preauth]
Jun 26 03:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Failed password for root from 61.76.112.4 port 44842 ssh2
Jun 26 03:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Received disconnect from 61.76.112.4 port 44842:11: Bye Bye [preauth]
Jun 26 03:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Disconnected from 61.76.112.4 port 44842 [preauth]
Jun 26 03:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7867]: pam_unix(cron:session): session closed for user root
Jun 26 03:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.118.107.37  user=root
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9190]: Failed password for root from 83.118.107.37 port 47646 ssh2
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9190]: Connection closed by 83.118.107.37 port 47646 [preauth]
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9200]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: Successful su for rubyman by root
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: + ??? root:rubyman
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594233 of user rubyman.
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9262]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594233.
Jun 26 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session closed for user root
Jun 26 03:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9201]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.147.26.126  user=root
Jun 26 03:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Failed password for root from 185.147.26.126 port 58994 ssh2
Jun 26 03:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9491]: Connection closed by 185.147.26.126 port 58994 [preauth]
Jun 26 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8346]: pam_unix(cron:session): session closed for user root
Jun 26 03:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Invalid user debian from 103.143.10.140
Jun 26 03:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: input_userauth_request: invalid user debian [preauth]
Jun 26 03:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Failed password for invalid user debian from 103.143.10.140 port 59356 ssh2
Jun 26 03:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Received disconnect from 103.143.10.140 port 59356:11: Bye Bye [preauth]
Jun 26 03:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Disconnected from 103.143.10.140 port 59356 [preauth]
Jun 26 03:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 03:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: Failed password for root from 14.103.118.107 port 51266 ssh2
Jun 26 03:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: Received disconnect from 14.103.118.107 port 51266:11: Bye Bye [preauth]
Jun 26 03:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9561]: Disconnected from 14.103.118.107 port 51266 [preauth]
Jun 26 03:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.117.72.24  user=root
Jun 26 03:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: Failed password for root from 133.117.72.24 port 52446 ssh2
Jun 26 03:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: Connection closed by 133.117.72.24 port 52446 [preauth]
Jun 26 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9596]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9658]: Successful su for rubyman by root
Jun 26 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9658]: + ??? root:rubyman
Jun 26 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594237 of user rubyman.
Jun 26 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9658]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594237.
Jun 26 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session closed for user root
Jun 26 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9597]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.117.243.211  user=root
Jun 26 03:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Failed password for root from 80.117.243.211 port 34024 ssh2
Jun 26 03:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Connection closed by 80.117.243.211 port 34024 [preauth]
Jun 26 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session closed for user root
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: Successful su for rubyman by root
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: + ??? root:rubyman
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594240 of user rubyman.
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594240.
Jun 26 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.74.204  user=root
Jun 26 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7354]: pam_unix(cron:session): session closed for user root
Jun 26 03:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: Failed password for root from 122.154.74.204 port 58536 ssh2
Jun 26 03:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10372]: Connection closed by 122.154.74.204 port 58536 [preauth]
Jun 26 03:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10167]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Connection closed by 14.103.118.107 port 46786 [preauth]
Jun 26 03:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9203]: pam_unix(cron:session): session closed for user root
Jun 26 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.180.123.139  user=root
Jun 26 03:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Invalid user samira from 61.76.112.4
Jun 26 03:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: input_userauth_request: invalid user samira [preauth]
Jun 26 03:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10581]: Failed password for root from 180.180.123.139 port 62035 ssh2
Jun 26 03:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Failed password for invalid user samira from 61.76.112.4 port 48579 ssh2
Jun 26 03:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Received disconnect from 61.76.112.4 port 48579:11: Bye Bye [preauth]
Jun 26 03:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Disconnected from 61.76.112.4 port 48579 [preauth]
Jun 26 03:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10581]: Connection closed by 180.180.123.139 port 62035 [preauth]
Jun 26 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Invalid user socks from 103.143.10.140
Jun 26 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: input_userauth_request: invalid user socks [preauth]
Jun 26 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Failed password for invalid user socks from 103.143.10.140 port 41292 ssh2
Jun 26 03:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Received disconnect from 103.143.10.140 port 41292:11: Bye Bye [preauth]
Jun 26 03:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Disconnected from 103.143.10.140 port 41292 [preauth]
Jun 26 03:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.62.111.247  user=root
Jun 26 03:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10672]: Failed password for root from 211.62.111.247 port 35334 ssh2
Jun 26 03:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10672]: Connection closed by 211.62.111.247 port 35334 [preauth]
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10689]: pam_unix(cron:session): session closed for user root
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10683]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10760]: Successful su for rubyman by root
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10760]: + ??? root:rubyman
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594243 of user rubyman.
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10760]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594243.
Jun 26 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10685]: pam_unix(cron:session): session closed for user root
Jun 26 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7866]: pam_unix(cron:session): session closed for user root
Jun 26 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10684]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.22.211.47  user=root
Jun 26 03:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Failed password for root from 77.22.211.47 port 59616 ssh2
Jun 26 03:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11033]: Connection closed by 77.22.211.47 port 59616 [preauth]
Jun 26 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9599]: pam_unix(cron:session): session closed for user root
Jun 26 03:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 03:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11125]: Failed password for root from 14.103.118.107 port 49110 ssh2
Jun 26 03:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11125]: Received disconnect from 14.103.118.107 port 49110:11: Bye Bye [preauth]
Jun 26 03:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11125]: Disconnected from 14.103.118.107 port 49110 [preauth]
Jun 26 03:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.144.206  user=root
Jun 26 03:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Failed password for root from 159.192.144.206 port 48330 ssh2
Jun 26 03:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Connection closed by 159.192.144.206 port 48330 [preauth]
Jun 26 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11142]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11211]: Successful su for rubyman by root
Jun 26 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11211]: + ??? root:rubyman
Jun 26 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594249 of user rubyman.
Jun 26 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11211]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594249.
Jun 26 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session closed for user root
Jun 26 03:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11140]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Invalid user admin from 152.32.135.217
Jun 26 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: input_userauth_request: invalid user admin [preauth]
Jun 26 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 03:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Failed password for invalid user admin from 152.32.135.217 port 52324 ssh2
Jun 26 03:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Received disconnect from 152.32.135.217 port 52324:11: Bye Bye [preauth]
Jun 26 03:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Disconnected from 152.32.135.217 port 52324 [preauth]
Jun 26 03:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.235.12  user=root
Jun 26 03:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: Failed password for root from 202.29.235.12 port 51032 ssh2
Jun 26 03:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: Connection closed by 202.29.235.12 port 51032 [preauth]
Jun 26 03:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10169]: pam_unix(cron:session): session closed for user root
Jun 26 03:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Invalid user adeel from 103.143.10.140
Jun 26 03:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: input_userauth_request: invalid user adeel [preauth]
Jun 26 03:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Failed password for invalid user adeel from 103.143.10.140 port 51444 ssh2
Jun 26 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Received disconnect from 103.143.10.140 port 51444:11: Bye Bye [preauth]
Jun 26 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Disconnected from 103.143.10.140 port 51444 [preauth]
Jun 26 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11633]: Successful su for rubyman by root
Jun 26 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11633]: + ??? root:rubyman
Jun 26 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594254 of user rubyman.
Jun 26 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11633]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594254.
Jun 26 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.62.111.247  user=root
Jun 26 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session closed for user root
Jun 26 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Failed password for root from 211.62.111.247 port 59790 ssh2
Jun 26 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Connection closed by 211.62.111.247 port 59790 [preauth]
Jun 26 03:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 03:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: Invalid user ws from 185.148.1.18
Jun 26 03:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: input_userauth_request: invalid user ws [preauth]
Jun 26 03:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 03:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: Failed password for invalid user ws from 185.148.1.18 port 60600 ssh2
Jun 26 03:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: Failed password for root from 14.103.118.107 port 50870 ssh2
Jun 26 03:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: Received disconnect from 185.148.1.18 port 60600:11: Bye Bye [preauth]
Jun 26 03:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11886]: Disconnected from 185.148.1.18 port 60600 [preauth]
Jun 26 03:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 03:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: Received disconnect from 14.103.118.107 port 50870:11: Bye Bye [preauth]
Jun 26 03:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: Disconnected from 14.103.118.107 port 50870 [preauth]
Jun 26 03:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Failed password for root from 61.76.112.4 port 40941 ssh2
Jun 26 03:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Received disconnect from 61.76.112.4 port 40941:11: Bye Bye [preauth]
Jun 26 03:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Disconnected from 61.76.112.4 port 40941 [preauth]
Jun 26 03:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.135.24.10  user=root
Jun 26 03:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Failed password for root from 206.135.24.10 port 54542 ssh2
Jun 26 03:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Connection closed by 206.135.24.10 port 54542 [preauth]
Jun 26 03:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10687]: pam_unix(cron:session): session closed for user root
Jun 26 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Failed password for root from 38.93.206.2 port 28320 ssh2
Jun 26 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Connection closed by 38.93.206.2 port 28320 [preauth]
Jun 26 03:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Invalid user ubuntu from 191.96.110.39
Jun 26 03:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 03:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Failed password for invalid user ubuntu from 191.96.110.39 port 46838 ssh2
Jun 26 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Received disconnect from 191.96.110.39 port 46838:11: Bye Bye [preauth]
Jun 26 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Disconnected from 191.96.110.39 port 46838 [preauth]
Jun 26 03:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.89.209  user=root
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12040]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12098]: Successful su for rubyman by root
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12098]: + ??? root:rubyman
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594258 of user rubyman.
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12098]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594258.
Jun 26 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: Failed password for root from 174.138.89.209 port 42100 ssh2
Jun 26 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: Connection closed by 174.138.89.209 port 42100 [preauth]
Jun 26 03:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9202]: pam_unix(cron:session): session closed for user root
Jun 26 03:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11143]: pam_unix(cron:session): session closed for user root
Jun 26 03:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.6  user=root
Jun 26 03:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12507]: Failed password for root from 202.29.220.6 port 27481 ssh2
Jun 26 03:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12507]: Connection closed by 202.29.220.6 port 27481 [preauth]
Jun 26 03:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Invalid user monaco from 103.143.10.140
Jun 26 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: input_userauth_request: invalid user monaco [preauth]
Jun 26 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 03:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Failed password for invalid user monaco from 103.143.10.140 port 33384 ssh2
Jun 26 03:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Received disconnect from 103.143.10.140 port 33384:11: Bye Bye [preauth]
Jun 26 03:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Disconnected from 103.143.10.140 port 33384 [preauth]
Jun 26 03:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: Failed password for root from 14.103.118.107 port 35158 ssh2
Jun 26 03:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: Received disconnect from 14.103.118.107 port 35158:11: Bye Bye [preauth]
Jun 26 03:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: Disconnected from 14.103.118.107 port 35158 [preauth]
Jun 26 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12569]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12634]: Successful su for rubyman by root
Jun 26 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12634]: + ??? root:rubyman
Jun 26 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594261 of user rubyman.
Jun 26 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12634]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594261.
Jun 26 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Invalid user ttt from 152.32.135.217
Jun 26 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: input_userauth_request: invalid user ttt [preauth]
Jun 26 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Failed password for invalid user ttt from 152.32.135.217 port 45336 ssh2
Jun 26 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Received disconnect from 152.32.135.217 port 45336:11: Bye Bye [preauth]
Jun 26 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Disconnected from 152.32.135.217 port 45336 [preauth]
Jun 26 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9598]: pam_unix(cron:session): session closed for user root
Jun 26 03:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12570]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.225.158  user=root
Jun 26 03:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: Failed password for root from 202.29.225.158 port 41954 ssh2
Jun 26 03:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: Connection closed by 202.29.225.158 port 41954 [preauth]
Jun 26 03:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18  user=root
Jun 26 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: Invalid user legales from 191.96.110.39
Jun 26 03:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: input_userauth_request: invalid user legales [preauth]
Jun 26 03:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 03:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Failed password for root from 185.148.1.18 port 41396 ssh2
Jun 26 03:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Received disconnect from 185.148.1.18 port 41396:11: Bye Bye [preauth]
Jun 26 03:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Disconnected from 185.148.1.18 port 41396 [preauth]
Jun 26 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: Failed password for invalid user legales from 191.96.110.39 port 53044 ssh2
Jun 26 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: Received disconnect from 191.96.110.39 port 53044:11: Bye Bye [preauth]
Jun 26 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: Disconnected from 191.96.110.39 port 53044 [preauth]
Jun 26 03:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.20.215.123  user=root
Jun 26 03:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Failed password for root from 157.20.215.123 port 58426 ssh2
Jun 26 03:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Connection closed by 157.20.215.123 port 58426 [preauth]
Jun 26 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session closed for user root
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session closed for user root
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12989]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13061]: Successful su for rubyman by root
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13061]: + ??? root:rubyman
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594267 of user rubyman.
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13061]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594267.
Jun 26 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12991]: pam_unix(cron:session): session closed for user root
Jun 26 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10168]: pam_unix(cron:session): session closed for user root
Jun 26 03:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.144.204  user=root
Jun 26 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12990]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13267]: Failed password for root from 159.192.144.204 port 59714 ssh2
Jun 26 03:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13267]: Connection closed by 159.192.144.204 port 59714 [preauth]
Jun 26 03:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 03:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Failed password for root from 61.76.112.4 port 35750 ssh2
Jun 26 03:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Received disconnect from 61.76.112.4 port 35750:11: Bye Bye [preauth]
Jun 26 03:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Disconnected from 61.76.112.4 port 35750 [preauth]
Jun 26 03:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 03:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: Failed password for root from 14.103.118.107 port 48770 ssh2
Jun 26 03:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: Received disconnect from 14.103.118.107 port 48770:11: Bye Bye [preauth]
Jun 26 03:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: Disconnected from 14.103.118.107 port 48770 [preauth]
Jun 26 03:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Invalid user w from 202.85.222.190
Jun 26 03:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: input_userauth_request: invalid user w [preauth]
Jun 26 03:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.85.222.190
Jun 26 03:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.225.158  user=root
Jun 26 03:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for invalid user w from 202.85.222.190 port 43553 ssh2
Jun 26 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Received disconnect from 202.85.222.190 port 43553:11: Bye Bye [preauth]
Jun 26 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Disconnected from 202.85.222.190 port 43553 [preauth]
Jun 26 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12043]: pam_unix(cron:session): session closed for user root
Jun 26 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: Failed password for root from 202.29.225.158 port 48554 ssh2
Jun 26 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: Connection closed by 202.29.225.158 port 48554 [preauth]
Jun 26 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: Invalid user vpnuser from 103.143.10.140
Jun 26 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: input_userauth_request: invalid user vpnuser [preauth]
Jun 26 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217  user=root
Jun 26 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: Failed password for invalid user vpnuser from 103.143.10.140 port 43542 ssh2
Jun 26 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: Received disconnect from 103.143.10.140 port 43542:11: Bye Bye [preauth]
Jun 26 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: Disconnected from 103.143.10.140 port 43542 [preauth]
Jun 26 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Failed password for root from 152.32.135.217 port 39262 ssh2
Jun 26 03:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Received disconnect from 152.32.135.217 port 39262:11: Bye Bye [preauth]
Jun 26 03:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Disconnected from 152.32.135.217 port 39262 [preauth]
Jun 26 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.205.184.118  user=root
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: Invalid user jellyfin from 191.96.110.39
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: input_userauth_request: invalid user jellyfin [preauth]
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13448]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: Successful su for rubyman by root
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: + ??? root:rubyman
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594271 of user rubyman.
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594271.
Jun 26 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Failed password for root from 92.205.184.118 port 35486 ssh2
Jun 26 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: Failed password for invalid user jellyfin from 191.96.110.39 port 59264 ssh2
Jun 26 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Connection closed by 92.205.184.118 port 35486 [preauth]
Jun 26 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: Received disconnect from 191.96.110.39 port 59264:11: Bye Bye [preauth]
Jun 26 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: Disconnected from 191.96.110.39 port 59264 [preauth]
Jun 26 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10686]: pam_unix(cron:session): session closed for user root
Jun 26 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13449]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: Failed password for root from 202.178.126.219 port 22406 ssh2
Jun 26 03:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: Connection closed by 202.178.126.219 port 22406 [preauth]
Jun 26 03:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Invalid user jack from 185.148.1.18
Jun 26 03:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: input_userauth_request: invalid user jack [preauth]
Jun 26 03:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 03:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Failed password for invalid user jack from 185.148.1.18 port 50422 ssh2
Jun 26 03:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Received disconnect from 185.148.1.18 port 50422:11: Bye Bye [preauth]
Jun 26 03:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Disconnected from 185.148.1.18 port 50422 [preauth]
Jun 26 03:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.132.36  user=root
Jun 26 03:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: Failed password for root from 159.192.132.36 port 39302 ssh2
Jun 26 03:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13780]: Connection closed by 159.192.132.36 port 39302 [preauth]
Jun 26 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12572]: pam_unix(cron:session): session closed for user root
Jun 26 03:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Invalid user ubuntu from 14.103.118.107
Jun 26 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107
Jun 26 03:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Failed password for invalid user ubuntu from 14.103.118.107 port 36516 ssh2
Jun 26 03:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Received disconnect from 14.103.118.107 port 36516:11: Bye Bye [preauth]
Jun 26 03:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Disconnected from 14.103.118.107 port 36516 [preauth]
Jun 26 03:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Invalid user asya from 2.57.121.112
Jun 26 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: input_userauth_request: invalid user asya [preauth]
Jun 26 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Failed password for invalid user asya from 2.57.121.112 port 8242 ssh2
Jun 26 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Failed password for invalid user asya from 2.57.121.112 port 8242 ssh2
Jun 26 03:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Failed password for invalid user asya from 2.57.121.112 port 8242 ssh2
Jun 26 03:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Failed password for invalid user asya from 2.57.121.112 port 8242 ssh2
Jun 26 03:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Failed password for invalid user asya from 2.57.121.112 port 8242 ssh2
Jun 26 03:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Connection closed by 2.57.121.112 port 8242 [preauth]
Jun 26 03:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 03:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 26 03:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.149.97  user=root
Jun 26 03:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: Failed password for root from 51.15.149.97 port 30261 ssh2
Jun 26 03:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: Connection closed by 51.15.149.97 port 30261 [preauth]
Jun 26 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13879]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13876]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13940]: Successful su for rubyman by root
Jun 26 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13940]: + ??? root:rubyman
Jun 26 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594275 of user rubyman.
Jun 26 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13940]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594275.
Jun 26 03:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11142]: pam_unix(cron:session): session closed for user root
Jun 26 03:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13877]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Invalid user alex from 152.32.135.217
Jun 26 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: input_userauth_request: invalid user alex [preauth]
Jun 26 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 03:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Failed password for invalid user alex from 152.32.135.217 port 38792 ssh2
Jun 26 03:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Received disconnect from 152.32.135.217 port 38792:11: Bye Bye [preauth]
Jun 26 03:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Disconnected from 152.32.135.217 port 38792 [preauth]
Jun 26 03:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.117.243.211  user=root
Jun 26 03:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Failed password for root from 80.117.243.211 port 38460 ssh2
Jun 26 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Connection closed by 80.117.243.211 port 38460 [preauth]
Jun 26 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: Invalid user ai from 191.96.110.39
Jun 26 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: input_userauth_request: invalid user ai [preauth]
Jun 26 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: Failed password for invalid user ai from 191.96.110.39 port 37216 ssh2
Jun 26 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: Received disconnect from 191.96.110.39 port 37216:11: Bye Bye [preauth]
Jun 26 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: Disconnected from 191.96.110.39 port 37216 [preauth]
Jun 26 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12993]: pam_unix(cron:session): session closed for user root
Jun 26 03:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14249]: Invalid user windows from 103.143.10.140
Jun 26 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14249]: input_userauth_request: invalid user windows [preauth]
Jun 26 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14249]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14249]: Failed password for invalid user windows from 103.143.10.140 port 53702 ssh2
Jun 26 03:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14249]: Received disconnect from 103.143.10.140 port 53702:11: Bye Bye [preauth]
Jun 26 03:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14249]: Disconnected from 103.143.10.140 port 53702 [preauth]
Jun 26 03:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: Invalid user socks from 61.76.112.4
Jun 26 03:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: input_userauth_request: invalid user socks [preauth]
Jun 26 03:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 03:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: Failed password for invalid user socks from 61.76.112.4 port 40963 ssh2
Jun 26 03:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: Received disconnect from 61.76.112.4 port 40963:11: Bye Bye [preauth]
Jun 26 03:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: Disconnected from 61.76.112.4 port 40963 [preauth]
Jun 26 03:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.118.246  user=root
Jun 26 03:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14269]: Failed password for root from 117.50.118.246 port 64938 ssh2
Jun 26 03:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14269]: Connection closed by 117.50.118.246 port 64938 [preauth]
Jun 26 03:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14287]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14284]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14280]: Invalid user username from 185.148.1.18
Jun 26 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14280]: input_userauth_request: invalid user username [preauth]
Jun 26 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14280]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14342]: Successful su for rubyman by root
Jun 26 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14342]: + ??? root:rubyman
Jun 26 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594279 of user rubyman.
Jun 26 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14342]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594279.
Jun 26 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14280]: Failed password for invalid user username from 185.148.1.18 port 59440 ssh2
Jun 26 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14280]: Received disconnect from 185.148.1.18 port 59440:11: Bye Bye [preauth]
Jun 26 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14280]: Disconnected from 185.148.1.18 port 59440 [preauth]
Jun 26 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session closed for user root
Jun 26 03:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 26 03:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Failed password for root from 45.148.10.121 port 58922 ssh2
Jun 26 03:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Connection closed by 45.148.10.121 port 58922 [preauth]
Jun 26 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 03:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: Failed password for root from 14.103.118.107 port 44118 ssh2
Jun 26 03:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: Received disconnect from 14.103.118.107 port 44118:11: Bye Bye [preauth]
Jun 26 03:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14564]: Disconnected from 14.103.118.107 port 44118 [preauth]
Jun 26 03:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.224.230  user=root
Jun 26 03:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Failed password for root from 202.29.224.230 port 30268 ssh2
Jun 26 03:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Connection closed by 202.29.224.230 port 30268 [preauth]
Jun 26 03:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13451]: pam_unix(cron:session): session closed for user root
Jun 26 03:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.136.54  user=root
Jun 26 03:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: Failed password for root from 157.230.136.54 port 36116 ssh2
Jun 26 03:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: Connection closed by 157.230.136.54 port 36116 [preauth]
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14732]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14733]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14727]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14827]: Successful su for rubyman by root
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14827]: + ??? root:rubyman
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594284 of user rubyman.
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14827]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594284.
Jun 26 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39  user=root
Jun 26 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session closed for user root
Jun 26 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217  user=root
Jun 26 03:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14730]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Failed password for root from 191.96.110.39 port 43386 ssh2
Jun 26 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Received disconnect from 191.96.110.39 port 43386:11: Bye Bye [preauth]
Jun 26 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Disconnected from 191.96.110.39 port 43386 [preauth]
Jun 26 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Failed password for root from 152.32.135.217 port 41638 ssh2
Jun 26 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Received disconnect from 152.32.135.217 port 41638:11: Bye Bye [preauth]
Jun 26 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Disconnected from 152.32.135.217 port 41638 [preauth]
Jun 26 03:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.188.187.59  user=root
Jun 26 03:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: Failed password for root from 196.188.187.59 port 49828 ssh2
Jun 26 03:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: Connection closed by 196.188.187.59 port 49828 [preauth]
Jun 26 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13879]: pam_unix(cron:session): session closed for user root
Jun 26 03:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Invalid user george from 14.103.118.107
Jun 26 03:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: input_userauth_request: invalid user george [preauth]
Jun 26 03:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107
Jun 26 03:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Failed password for invalid user george from 14.103.118.107 port 46942 ssh2
Jun 26 03:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Received disconnect from 14.103.118.107 port 46942:11: Bye Bye [preauth]
Jun 26 03:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Disconnected from 14.103.118.107 port 46942 [preauth]
Jun 26 03:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 03:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Failed password for root from 103.143.10.140 port 35658 ssh2
Jun 26 03:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Received disconnect from 103.143.10.140 port 35658:11: Bye Bye [preauth]
Jun 26 03:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Disconnected from 103.143.10.140 port 35658 [preauth]
Jun 26 03:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: Invalid user admin from 185.148.1.18
Jun 26 03:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: input_userauth_request: invalid user admin [preauth]
Jun 26 03:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: Failed password for invalid user admin from 185.148.1.18 port 40232 ssh2
Jun 26 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: Received disconnect from 185.148.1.18 port 40232:11: Bye Bye [preauth]
Jun 26 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15169]: Disconnected from 185.148.1.18 port 40232 [preauth]
Jun 26 03:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.77.131.229  user=root
Jun 26 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session closed for user root
Jun 26 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15268]: Successful su for rubyman by root
Jun 26 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15268]: + ??? root:rubyman
Jun 26 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594289 of user rubyman.
Jun 26 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15268]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594289.
Jun 26 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Failed password for root from 110.77.131.229 port 32838 ssh2
Jun 26 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Connection closed by 110.77.131.229 port 32838 [preauth]
Jun 26 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session closed for user root
Jun 26 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12571]: pam_unix(cron:session): session closed for user root
Jun 26 03:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.99.188.194  user=root
Jun 26 03:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15521]: Failed password for root from 46.99.188.194 port 43478 ssh2
Jun 26 03:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15521]: Connection closed by 46.99.188.194 port 43478 [preauth]
Jun 26 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14287]: pam_unix(cron:session): session closed for user root
Jun 26 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: Invalid user arm from 61.76.112.4
Jun 26 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: input_userauth_request: invalid user arm [preauth]
Jun 26 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 03:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: Invalid user bot from 191.96.110.39
Jun 26 03:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: input_userauth_request: invalid user bot [preauth]
Jun 26 03:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 03:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: Failed password for invalid user arm from 61.76.112.4 port 46841 ssh2
Jun 26 03:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: Received disconnect from 61.76.112.4 port 46841:11: Bye Bye [preauth]
Jun 26 03:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: Disconnected from 61.76.112.4 port 46841 [preauth]
Jun 26 03:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: Failed password for invalid user bot from 191.96.110.39 port 49584 ssh2
Jun 26 03:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: Received disconnect from 191.96.110.39 port 49584:11: Bye Bye [preauth]
Jun 26 03:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: Disconnected from 191.96.110.39 port 49584 [preauth]
Jun 26 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Invalid user jellyfin from 152.32.135.217
Jun 26 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: input_userauth_request: invalid user jellyfin [preauth]
Jun 26 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 03:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Failed password for invalid user jellyfin from 152.32.135.217 port 41108 ssh2
Jun 26 03:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Received disconnect from 152.32.135.217 port 41108:11: Bye Bye [preauth]
Jun 26 03:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Disconnected from 152.32.135.217 port 41108 [preauth]
Jun 26 03:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.193.152.133  user=root
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15619]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15617]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15685]: Successful su for rubyman by root
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15685]: + ??? root:rubyman
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594293 of user rubyman.
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15685]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594293.
Jun 26 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: Failed password for root from 20.193.152.133 port 59178 ssh2
Jun 26 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: Connection closed by 20.193.152.133 port 59178 [preauth]
Jun 26 03:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12992]: pam_unix(cron:session): session closed for user root
Jun 26 03:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15618]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 03:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Failed password for root from 14.103.118.107 port 43956 ssh2
Jun 26 03:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Received disconnect from 14.103.118.107 port 43956:11: Bye Bye [preauth]
Jun 26 03:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Disconnected from 14.103.118.107 port 43956 [preauth]
Jun 26 03:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.90.19.40  user=root
Jun 26 03:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Failed password for root from 78.90.19.40 port 54018 ssh2
Jun 26 03:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Connection closed by 78.90.19.40 port 54018 [preauth]
Jun 26 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14733]: pam_unix(cron:session): session closed for user root
Jun 26 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: Invalid user riad from 185.148.1.18
Jun 26 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: input_userauth_request: invalid user riad [preauth]
Jun 26 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 03:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: Failed password for invalid user riad from 185.148.1.18 port 49246 ssh2
Jun 26 03:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: Received disconnect from 185.148.1.18 port 49246:11: Bye Bye [preauth]
Jun 26 03:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15991]: Disconnected from 185.148.1.18 port 49246 [preauth]
Jun 26 03:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16014]: Invalid user vitor from 103.143.10.140
Jun 26 03:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16014]: input_userauth_request: invalid user vitor [preauth]
Jun 26 03:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16014]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 03:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.180.123.139  user=root
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16017]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16014]: Failed password for invalid user vitor from 103.143.10.140 port 45816 ssh2
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16014]: Received disconnect from 103.143.10.140 port 45816:11: Bye Bye [preauth]
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16014]: Disconnected from 103.143.10.140 port 45816 [preauth]
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16079]: Successful su for rubyman by root
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16079]: + ??? root:rubyman
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594297 of user rubyman.
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16079]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594297.
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Failed password for root from 180.180.123.139 port 47334 ssh2
Jun 26 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Connection closed by 180.180.123.139 port 47334 [preauth]
Jun 26 03:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13450]: pam_unix(cron:session): session closed for user root
Jun 26 03:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16018]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Invalid user sergey from 191.96.110.39
Jun 26 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: input_userauth_request: invalid user sergey [preauth]
Jun 26 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 03:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Failed password for invalid user sergey from 191.96.110.39 port 55784 ssh2
Jun 26 03:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Received disconnect from 191.96.110.39 port 55784:11: Bye Bye [preauth]
Jun 26 03:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Disconnected from 191.96.110.39 port 55784 [preauth]
Jun 26 03:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Invalid user lien from 152.32.135.217
Jun 26 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: input_userauth_request: invalid user lien [preauth]
Jun 26 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 03:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Failed password for invalid user lien from 152.32.135.217 port 34378 ssh2
Jun 26 03:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Received disconnect from 152.32.135.217 port 34378:11: Bye Bye [preauth]
Jun 26 03:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Disconnected from 152.32.135.217 port 34378 [preauth]
Jun 26 03:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.220.6  user=root
Jun 26 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session closed for user root
Jun 26 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Failed password for root from 202.29.220.6 port 61744 ssh2
Jun 26 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Connection closed by 202.29.220.6 port 61744 [preauth]
Jun 26 03:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 03:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Failed password for root from 14.103.118.107 port 50458 ssh2
Jun 26 03:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Received disconnect from 14.103.118.107 port 50458:11: Bye Bye [preauth]
Jun 26 03:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16366]: Disconnected from 14.103.118.107 port 50458 [preauth]
Jun 26 03:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16417]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16483]: Successful su for rubyman by root
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16483]: + ??? root:rubyman
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594301 of user rubyman.
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16483]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594301.
Jun 26 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.118.107.46  user=root
Jun 26 03:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Failed password for root from 83.118.107.46 port 57770 ssh2
Jun 26 03:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Connection closed by 83.118.107.46 port 57770 [preauth]
Jun 26 03:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session closed for user root
Jun 26 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16418]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16597]: Failed password for root from 143.20.185.207 port 43644 ssh2
Jun 26 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16597]: Connection closed by 143.20.185.207 port 43644 [preauth]
Jun 26 03:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Invalid user vpnuser from 61.76.112.4
Jun 26 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: input_userauth_request: invalid user vpnuser [preauth]
Jun 26 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 03:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Failed password for invalid user vpnuser from 61.76.112.4 port 49892 ssh2
Jun 26 03:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Received disconnect from 61.76.112.4 port 49892:11: Bye Bye [preauth]
Jun 26 03:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Disconnected from 61.76.112.4 port 49892 [preauth]
Jun 26 03:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.210.76.170  user=root
Jun 26 03:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: Failed password for root from 182.210.76.170 port 32301 ssh2
Jun 26 03:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: Connection closed by 182.210.76.170 port 32301 [preauth]
Jun 26 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15620]: pam_unix(cron:session): session closed for user root
Jun 26 03:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: Invalid user radius from 185.148.1.18
Jun 26 03:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: input_userauth_request: invalid user radius [preauth]
Jun 26 03:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 03:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: Failed password for invalid user radius from 185.148.1.18 port 58266 ssh2
Jun 26 03:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: Received disconnect from 185.148.1.18 port 58266:11: Bye Bye [preauth]
Jun 26 03:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: Disconnected from 185.148.1.18 port 58266 [preauth]
Jun 26 03:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39  user=root
Jun 26 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Failed password for root from 191.96.110.39 port 33740 ssh2
Jun 26 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Received disconnect from 191.96.110.39 port 33740:11: Bye Bye [preauth]
Jun 26 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Disconnected from 191.96.110.39 port 33740 [preauth]
Jun 26 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.228.248  user=root
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16836]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16834]: pam_unix(cron:session): session closed for user p13x
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16994]: Successful su for rubyman by root
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16994]: + ??? root:rubyman
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594305 of user rubyman.
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16994]: pam_unix(su:session): session closed for user rubyman
Jun 26 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594305.
Jun 26 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Invalid user dev from 152.32.135.217
Jun 26 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: input_userauth_request: invalid user dev [preauth]
Jun 26 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Failed password for root from 103.143.10.140 port 55990 ssh2
Jun 26 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Received disconnect from 103.143.10.140 port 55990:11: Bye Bye [preauth]
Jun 26 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Disconnected from 103.143.10.140 port 55990 [preauth]
Jun 26 03:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16829]: Failed password for root from 202.29.228.248 port 47872 ssh2
Jun 26 03:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16829]: Connection closed by 202.29.228.248 port 47872 [preauth]
Jun 26 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14286]: pam_unix(cron:session): session closed for user root
Jun 26 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Failed password for invalid user dev from 152.32.135.217 port 59582 ssh2
Jun 26 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Received disconnect from 152.32.135.217 port 59582:11: Bye Bye [preauth]
Jun 26 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16955]: Disconnected from 152.32.135.217 port 59582 [preauth]
Jun 26 03:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16835]: pam_unix(cron:session): session closed for user samftp
Jun 26 03:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17183]: Connection closed by 14.103.118.107 port 39404 [preauth]
Jun 26 03:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 03:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.39.62.227  user=root
Jun 26 03:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Failed password for root from 20.39.62.227 port 51198 ssh2
Jun 26 03:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Connection closed by 20.39.62.227 port 51198 [preauth]
Jun 26 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16020]: pam_unix(cron:session): session closed for user root
Jun 26 03:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.187.64.123  user=root
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17337]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session closed for user root
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17339]: pam_unix(cron:session): session closed for user root
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: Successful su for rubyman by root
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: + ??? root:rubyman
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594312 of user rubyman.
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17435]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594312.
Jun 26 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17330]: Failed password for root from 31.187.64.123 port 52926 ssh2
Jun 26 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17330]: Connection closed by 31.187.64.123 port 52926 [preauth]
Jun 26 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17336]: pam_unix(cron:session): session closed for user root
Jun 26 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14732]: pam_unix(cron:session): session closed for user root
Jun 26 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Invalid user tester from 191.96.110.39
Jun 26 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: input_userauth_request: invalid user tester [preauth]
Jun 26 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Failed password for invalid user tester from 191.96.110.39 port 39910 ssh2
Jun 26 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Received disconnect from 191.96.110.39 port 39910:11: Bye Bye [preauth]
Jun 26 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Disconnected from 191.96.110.39 port 39910 [preauth]
Jun 26 04:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.221.2  user=root
Jun 26 04:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: Failed password for root from 202.29.221.2 port 49400 ssh2
Jun 26 04:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17803]: Connection closed by 202.29.221.2 port 49400 [preauth]
Jun 26 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16421]: pam_unix(cron:session): session closed for user root
Jun 26 04:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Invalid user ubuntu from 14.103.118.107
Jun 26 04:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 04:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107
Jun 26 04:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Invalid user auser from 152.32.135.217
Jun 26 04:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: input_userauth_request: invalid user auser [preauth]
Jun 26 04:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Failed password for invalid user ubuntu from 14.103.118.107 port 32788 ssh2
Jun 26 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Failed password for invalid user auser from 152.32.135.217 port 47452 ssh2
Jun 26 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Received disconnect from 152.32.135.217 port 47452:11: Bye Bye [preauth]
Jun 26 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Disconnected from 152.32.135.217 port 47452 [preauth]
Jun 26 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17926]: Failed password for root from 103.82.132.16 port 48584 ssh2
Jun 26 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Received disconnect from 14.103.118.107 port 32788:11: Bye Bye [preauth]
Jun 26 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Disconnected from 14.103.118.107 port 32788 [preauth]
Jun 26 04:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17926]: Connection closed by 103.82.132.16 port 48584 [preauth]
Jun 26 04:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Failed password for root from 193.37.70.224 port 53862 ssh2
Jun 26 04:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Connection closed by 193.37.70.224 port 53862 [preauth]
Jun 26 04:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.136.248.227  user=root
Jun 26 04:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: Failed password for root from 177.136.248.227 port 57738 ssh2
Jun 26 04:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: Connection closed by 177.136.248.227 port 57738 [preauth]
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17954]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17952]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18029]: Successful su for rubyman by root
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18029]: + ??? root:rubyman
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594318 of user rubyman.
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18029]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594318.
Jun 26 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session closed for user root
Jun 26 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: Invalid user desenvolvimento from 103.143.10.140
Jun 26 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: input_userauth_request: invalid user desenvolvimento [preauth]
Jun 26 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17953]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: Failed password for invalid user desenvolvimento from 103.143.10.140 port 37926 ssh2
Jun 26 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: Received disconnect from 103.143.10.140 port 37926:11: Bye Bye [preauth]
Jun 26 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18205]: Disconnected from 103.143.10.140 port 37926 [preauth]
Jun 26 04:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Invalid user ts from 61.76.112.4
Jun 26 04:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: input_userauth_request: invalid user ts [preauth]
Jun 26 04:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Failed password for invalid user ts from 61.76.112.4 port 53221 ssh2
Jun 26 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Received disconnect from 61.76.112.4 port 53221:11: Bye Bye [preauth]
Jun 26 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18234]: Disconnected from 61.76.112.4 port 53221 [preauth]
Jun 26 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.49.6.37  user=root
Jun 26 04:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: Failed password for root from 110.49.6.37 port 44482 ssh2
Jun 26 04:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: Connection closed by 110.49.6.37 port 44482 [preauth]
Jun 26 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session closed for user root
Jun 26 04:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: Invalid user zch from 185.148.1.18
Jun 26 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: input_userauth_request: invalid user zch [preauth]
Jun 26 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: Failed password for invalid user zch from 185.148.1.18 port 39052 ssh2
Jun 26 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: Received disconnect from 185.148.1.18 port 39052:11: Bye Bye [preauth]
Jun 26 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18376]: Disconnected from 185.148.1.18 port 39052 [preauth]
Jun 26 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39  user=root
Jun 26 04:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.63.214.90  user=root
Jun 26 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: Failed password for root from 191.96.110.39 port 46118 ssh2
Jun 26 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: Received disconnect from 191.96.110.39 port 46118:11: Bye Bye [preauth]
Jun 26 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18407]: Disconnected from 191.96.110.39 port 46118 [preauth]
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18409]: Failed password for root from 211.63.214.90 port 56760 ssh2
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18484]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18409]: Connection closed by 211.63.214.90 port 56760 [preauth]
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18551]: Successful su for rubyman by root
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18551]: + ??? root:rubyman
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594320 of user rubyman.
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18551]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594320.
Jun 26 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15619]: pam_unix(cron:session): session closed for user root
Jun 26 04:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: Failed password for root from 103.27.238.114 port 60366 ssh2
Jun 26 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18742]: Connection closed by 103.27.238.114 port 60366 [preauth]
Jun 26 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Invalid user ubuntu from 14.103.118.107
Jun 26 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107
Jun 26 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Failed password for invalid user ubuntu from 14.103.118.107 port 43848 ssh2
Jun 26 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Received disconnect from 14.103.118.107 port 43848:11: Bye Bye [preauth]
Jun 26 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Disconnected from 14.103.118.107 port 43848 [preauth]
Jun 26 04:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Invalid user ts3 from 152.32.135.217
Jun 26 04:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: input_userauth_request: invalid user ts3 [preauth]
Jun 26 04:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.225.158  user=root
Jun 26 04:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Failed password for invalid user ts3 from 152.32.135.217 port 60474 ssh2
Jun 26 04:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Received disconnect from 152.32.135.217 port 60474:11: Bye Bye [preauth]
Jun 26 04:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Disconnected from 152.32.135.217 port 60474 [preauth]
Jun 26 04:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Failed password for root from 202.29.225.158 port 37008 ssh2
Jun 26 04:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Connection closed by 202.29.225.158 port 37008 [preauth]
Jun 26 04:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17338]: pam_unix(cron:session): session closed for user root
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18924]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18983]: Successful su for rubyman by root
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18983]: + ??? root:rubyman
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594326 of user rubyman.
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18983]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594326.
Jun 26 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.132.36  user=root
Jun 26 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: Failed password for root from 159.192.132.36 port 55728 ssh2
Jun 26 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: Connection closed by 159.192.132.36 port 55728 [preauth]
Jun 26 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16019]: pam_unix(cron:session): session closed for user root
Jun 26 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18925]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19264]: Failed password for root from 103.143.10.140 port 48100 ssh2
Jun 26 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19264]: Received disconnect from 103.143.10.140 port 48100:11: Bye Bye [preauth]
Jun 26 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19264]: Disconnected from 103.143.10.140 port 48100 [preauth]
Jun 26 04:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.84.101.167  user=root
Jun 26 04:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19327]: Failed password for root from 20.84.101.167 port 59080 ssh2
Jun 26 04:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19327]: Connection closed by 20.84.101.167 port 59080 [preauth]
Jun 26 04:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 04:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Failed password for root from 62.133.62.83 port 41270 ssh2
Jun 26 04:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19329]: Connection closed by 62.133.62.83 port 41270 [preauth]
Jun 26 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17955]: pam_unix(cron:session): session closed for user root
Jun 26 04:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Invalid user adv from 191.96.110.39
Jun 26 04:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: input_userauth_request: invalid user adv [preauth]
Jun 26 04:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Failed password for invalid user adv from 191.96.110.39 port 52312 ssh2
Jun 26 04:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Received disconnect from 191.96.110.39 port 52312:11: Bye Bye [preauth]
Jun 26 04:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Disconnected from 191.96.110.39 port 52312 [preauth]
Jun 26 04:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19369]: Connection closed by 14.103.118.107 port 35862 [preauth]
Jun 26 04:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 04:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19413]: Failed password for root from 61.76.112.4 port 45952 ssh2
Jun 26 04:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19413]: Received disconnect from 61.76.112.4 port 45952:11: Bye Bye [preauth]
Jun 26 04:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19413]: Disconnected from 61.76.112.4 port 45952 [preauth]
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19425]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19552]: Successful su for rubyman by root
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19552]: + ??? root:rubyman
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594328 of user rubyman.
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19552]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594328.
Jun 26 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.76.106  user=root
Jun 26 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16420]: pam_unix(cron:session): session closed for user root
Jun 26 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Failed password for root from 51.91.76.106 port 57638 ssh2
Jun 26 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Connection closed by 51.91.76.106 port 57638 [preauth]
Jun 26 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: Invalid user ftpuser from 152.32.135.217
Jun 26 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: Failed password for invalid user ftpuser from 152.32.135.217 port 56658 ssh2
Jun 26 04:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: Received disconnect from 152.32.135.217 port 56658:11: Bye Bye [preauth]
Jun 26 04:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: Disconnected from 152.32.135.217 port 56658 [preauth]
Jun 26 04:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: Invalid user vamsi from 185.148.1.18
Jun 26 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: input_userauth_request: invalid user vamsi [preauth]
Jun 26 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: Failed password for invalid user vamsi from 185.148.1.18 port 48074 ssh2
Jun 26 04:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: Received disconnect from 185.148.1.18 port 48074:11: Bye Bye [preauth]
Jun 26 04:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: Disconnected from 185.148.1.18 port 48074 [preauth]
Jun 26 04:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.22.211.47  user=root
Jun 26 04:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Failed password for root from 77.22.211.47 port 59640 ssh2
Jun 26 04:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Connection closed by 77.22.211.47 port 59640 [preauth]
Jun 26 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session closed for user root
Jun 26 04:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.93.112.20  user=root
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20057]: pam_unix(cron:session): session closed for user root
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20051]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Failed password for root from 188.93.112.20 port 45068 ssh2
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Connection closed by 188.93.112.20 port 45068 [preauth]
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20120]: Successful su for rubyman by root
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20120]: + ??? root:rubyman
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594333 of user rubyman.
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20120]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594333.
Jun 26 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: Invalid user ubuntu from 103.143.10.140
Jun 26 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20054]: pam_unix(cron:session): session closed for user root
Jun 26 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16836]: pam_unix(cron:session): session closed for user root
Jun 26 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: Failed password for invalid user ubuntu from 103.143.10.140 port 58274 ssh2
Jun 26 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: Received disconnect from 103.143.10.140 port 58274:11: Bye Bye [preauth]
Jun 26 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20304]: Disconnected from 103.143.10.140 port 58274 [preauth]
Jun 26 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20053]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 04:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: Failed password for root from 14.103.118.107 port 52882 ssh2
Jun 26 04:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: Received disconnect from 14.103.118.107 port 52882:11: Bye Bye [preauth]
Jun 26 04:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: Disconnected from 14.103.118.107 port 52882 [preauth]
Jun 26 04:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Invalid user admin from 191.96.110.39
Jun 26 04:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: input_userauth_request: invalid user admin [preauth]
Jun 26 04:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Failed password for invalid user admin from 191.96.110.39 port 58512 ssh2
Jun 26 04:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Received disconnect from 191.96.110.39 port 58512:11: Bye Bye [preauth]
Jun 26 04:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Disconnected from 191.96.110.39 port 58512 [preauth]
Jun 26 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.228.248  user=root
Jun 26 04:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Failed password for root from 202.29.228.248 port 34296 ssh2
Jun 26 04:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Connection closed by 202.29.228.248 port 34296 [preauth]
Jun 26 04:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18927]: pam_unix(cron:session): session closed for user root
Jun 26 04:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Invalid user ai from 152.32.135.217
Jun 26 04:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: input_userauth_request: invalid user ai [preauth]
Jun 26 04:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Failed password for invalid user ai from 152.32.135.217 port 53996 ssh2
Jun 26 04:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Received disconnect from 152.32.135.217 port 53996:11: Bye Bye [preauth]
Jun 26 04:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Disconnected from 152.32.135.217 port 53996 [preauth]
Jun 26 04:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.99.188.194  user=root
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20597]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: Failed password for root from 46.99.188.194 port 59808 ssh2
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20712]: Successful su for rubyman by root
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20712]: + ??? root:rubyman
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594338 of user rubyman.
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20712]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594338.
Jun 26 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: Connection closed by 46.99.188.194 port 59808 [preauth]
Jun 26 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17337]: pam_unix(cron:session): session closed for user root
Jun 26 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20598]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 04:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20977]: Failed password for root from 87.251.79.125 port 54052 ssh2
Jun 26 04:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20977]: Connection closed by 87.251.79.125 port 54052 [preauth]
Jun 26 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: Invalid user bann from 141.98.83.240
Jun 26 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: input_userauth_request: invalid user bann [preauth]
Jun 26 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 04:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: Failed password for invalid user bann from 141.98.83.240 port 39818 ssh2
Jun 26 04:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: Failed password for invalid user bann from 141.98.83.240 port 39818 ssh2
Jun 26 04:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: Failed password for invalid user bann from 141.98.83.240 port 39818 ssh2
Jun 26 04:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: Connection closed by 141.98.83.240 port 39818 [preauth]
Jun 26 04:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.118.107  user=root
Jun 26 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session closed for user root
Jun 26 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: Invalid user ftptest from 61.76.112.4
Jun 26 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: input_userauth_request: invalid user ftptest [preauth]
Jun 26 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 04:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Failed password for root from 14.103.118.107 port 40236 ssh2
Jun 26 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Received disconnect from 14.103.118.107 port 40236:11: Bye Bye [preauth]
Jun 26 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Disconnected from 14.103.118.107 port 40236 [preauth]
Jun 26 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: Failed password for invalid user ftptest from 61.76.112.4 port 40618 ssh2
Jun 26 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: Received disconnect from 61.76.112.4 port 40618:11: Bye Bye [preauth]
Jun 26 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21033]: Disconnected from 61.76.112.4 port 40618 [preauth]
Jun 26 04:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Invalid user eren from 191.96.110.39
Jun 26 04:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: input_userauth_request: invalid user eren [preauth]
Jun 26 04:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Failed password for invalid user eren from 191.96.110.39 port 36470 ssh2
Jun 26 04:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21088]: Bad protocol version identification '' from 3.129.187.38 port 48448
Jun 26 04:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Received disconnect from 191.96.110.39 port 36470:11: Bye Bye [preauth]
Jun 26 04:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Disconnected from 191.96.110.39 port 36470 [preauth]
Jun 26 04:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.171.25.1  user=root
Jun 26 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Failed password for root from 112.171.25.1 port 41244 ssh2
Jun 26 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Connection closed by 112.171.25.1 port 41244 [preauth]
Jun 26 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21179]: Successful su for rubyman by root
Jun 26 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21179]: + ??? root:rubyman
Jun 26 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594342 of user rubyman.
Jun 26 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21179]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594342.
Jun 26 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17954]: pam_unix(cron:session): session closed for user root
Jun 26 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: Invalid user srs from 103.143.10.140
Jun 26 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: input_userauth_request: invalid user srs [preauth]
Jun 26 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 04:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: Failed password for invalid user srs from 103.143.10.140 port 40218 ssh2
Jun 26 04:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: Received disconnect from 103.143.10.140 port 40218:11: Bye Bye [preauth]
Jun 26 04:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: Disconnected from 103.143.10.140 port 40218 [preauth]
Jun 26 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18  user=root
Jun 26 04:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Failed password for root from 185.148.1.18 port 57092 ssh2
Jun 26 04:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Received disconnect from 185.148.1.18 port 57092:11: Bye Bye [preauth]
Jun 26 04:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Disconnected from 185.148.1.18 port 57092 [preauth]
Jun 26 04:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21433]: Invalid user ftptest from 152.32.135.217
Jun 26 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21433]: input_userauth_request: invalid user ftptest [preauth]
Jun 26 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21433]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21433]: Failed password for invalid user ftptest from 152.32.135.217 port 36866 ssh2
Jun 26 04:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21433]: Received disconnect from 152.32.135.217 port 36866:11: Bye Bye [preauth]
Jun 26 04:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21433]: Disconnected from 152.32.135.217 port 36866 [preauth]
Jun 26 04:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session closed for user root
Jun 26 04:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 04:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.205.85  user=root
Jun 26 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: Failed password for root from 194.113.233.25 port 55604 ssh2
Jun 26 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: Connection closed by 194.113.233.25 port 55604 [preauth]
Jun 26 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Failed password for root from 206.189.205.85 port 44454 ssh2
Jun 26 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Connection closed by 206.189.205.85 port 44454 [preauth]
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21544]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21618]: Successful su for rubyman by root
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21618]: + ??? root:rubyman
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594346 of user rubyman.
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21618]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594346.
Jun 26 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18486]: pam_unix(cron:session): session closed for user root
Jun 26 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21547]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21873]: Invalid user ubuntu from 191.96.110.39
Jun 26 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21873]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21873]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21873]: Failed password for invalid user ubuntu from 191.96.110.39 port 42678 ssh2
Jun 26 04:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21873]: Received disconnect from 191.96.110.39 port 42678:11: Bye Bye [preauth]
Jun 26 04:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21873]: Disconnected from 191.96.110.39 port 42678 [preauth]
Jun 26 04:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21856]: Connection reset by 205.210.31.79 port 58768 [preauth]
Jun 26 04:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.4.92  user=root
Jun 26 04:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: Failed password for root from 165.154.4.92 port 40196 ssh2
Jun 26 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: Connection closed by 165.154.4.92 port 40196 [preauth]
Jun 26 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20600]: pam_unix(cron:session): session closed for user root
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21973]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22087]: Successful su for rubyman by root
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22087]: + ??? root:rubyman
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594351 of user rubyman.
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22087]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594351.
Jun 26 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21971]: pam_unix(cron:session): session closed for user root
Jun 26 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18926]: pam_unix(cron:session): session closed for user root
Jun 26 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21974]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Invalid user ubuntu from 152.32.135.217
Jun 26 04:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 04:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22404]: Connection closed by 3.129.187.38 port 46886 [preauth]
Jun 26 04:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Failed password for invalid user ubuntu from 152.32.135.217 port 57928 ssh2
Jun 26 04:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Received disconnect from 152.32.135.217 port 57928:11: Bye Bye [preauth]
Jun 26 04:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Disconnected from 152.32.135.217 port 57928 [preauth]
Jun 26 04:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 04:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22423]: Failed password for root from 103.143.10.140 port 50404 ssh2
Jun 26 04:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22423]: Received disconnect from 103.143.10.140 port 50404:11: Bye Bye [preauth]
Jun 26 04:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22423]: Disconnected from 103.143.10.140 port 50404 [preauth]
Jun 26 04:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 04:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: Failed password for root from 61.76.112.4 port 40966 ssh2
Jun 26 04:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: Received disconnect from 61.76.112.4 port 40966:11: Bye Bye [preauth]
Jun 26 04:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22460]: Disconnected from 61.76.112.4 port 40966 [preauth]
Jun 26 04:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.133.140  user=root
Jun 26 04:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Failed password for root from 159.192.133.140 port 56728 ssh2
Jun 26 04:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Connection closed by 159.192.133.140 port 56728 [preauth]
Jun 26 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21113]: pam_unix(cron:session): session closed for user root
Jun 26 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18  user=root
Jun 26 04:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: Failed password for root from 185.148.1.18 port 37890 ssh2
Jun 26 04:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: Received disconnect from 185.148.1.18 port 37890:11: Bye Bye [preauth]
Jun 26 04:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: Disconnected from 185.148.1.18 port 37890 [preauth]
Jun 26 04:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 04:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: Failed password for root from 109.237.96.109 port 46462 ssh2
Jun 26 04:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22550]: Connection closed by 109.237.96.109 port 46462 [preauth]
Jun 26 04:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.231.182.3  user=root
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22569]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22571]: pam_unix(cron:session): session closed for user root
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22565]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: Successful su for rubyman by root
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: + ??? root:rubyman
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594359 of user rubyman.
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22634]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594359.
Jun 26 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: Failed password for root from 49.231.182.3 port 58432 ssh2
Jun 26 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: Connection closed by 49.231.182.3 port 58432 [preauth]
Jun 26 04:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22567]: pam_unix(cron:session): session closed for user root
Jun 26 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session closed for user root
Jun 26 04:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22566]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.187.64.123  user=root
Jun 26 04:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Failed password for root from 31.187.64.123 port 41696 ssh2
Jun 26 04:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Connection closed by 31.187.64.123 port 41696 [preauth]
Jun 26 04:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21549]: pam_unix(cron:session): session closed for user root
Jun 26 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: Invalid user test_user from 191.96.110.39
Jun 26 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: input_userauth_request: invalid user test_user [preauth]
Jun 26 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: Failed password for invalid user test_user from 191.96.110.39 port 48872 ssh2
Jun 26 04:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: Received disconnect from 191.96.110.39 port 48872:11: Bye Bye [preauth]
Jun 26 04:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: Disconnected from 191.96.110.39 port 48872 [preauth]
Jun 26 04:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Invalid user adv from 152.32.135.217
Jun 26 04:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: input_userauth_request: invalid user adv [preauth]
Jun 26 04:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Failed password for invalid user adv from 152.32.135.217 port 42800 ssh2
Jun 26 04:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Received disconnect from 152.32.135.217 port 42800:11: Bye Bye [preauth]
Jun 26 04:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Disconnected from 152.32.135.217 port 42800 [preauth]
Jun 26 04:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.19.232  user=root
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23075]: Successful su for rubyman by root
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23075]: + ??? root:rubyman
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594362 of user rubyman.
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23075]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594362.
Jun 26 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23006]: Failed password for root from 206.189.19.232 port 42132 ssh2
Jun 26 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23006]: Connection closed by 206.189.19.232 port 42132 [preauth]
Jun 26 04:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20055]: pam_unix(cron:session): session closed for user root
Jun 26 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Failed password for root from 103.143.10.140 port 60594 ssh2
Jun 26 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Received disconnect from 103.143.10.140 port 60594:11: Bye Bye [preauth]
Jun 26 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Disconnected from 103.143.10.140 port 60594 [preauth]
Jun 26 04:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 04:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: Failed password for root from 103.77.175.15 port 47092 ssh2
Jun 26 04:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: Connection closed by 103.77.175.15 port 47092 [preauth]
Jun 26 04:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.53.207.106  user=root
Jun 26 04:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Failed password for root from 182.53.207.106 port 57642 ssh2
Jun 26 04:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Connection closed by 182.53.207.106 port 57642 [preauth]
Jun 26 04:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21976]: pam_unix(cron:session): session closed for user root
Jun 26 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.228.248  user=root
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23444]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Failed password for root from 202.29.228.248 port 45616 ssh2
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23508]: Successful su for rubyman by root
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23508]: + ??? root:rubyman
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594365 of user rubyman.
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23508]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594365.
Jun 26 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Connection closed by 202.29.228.248 port 45616 [preauth]
Jun 26 04:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20599]: pam_unix(cron:session): session closed for user root
Jun 26 04:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: Invalid user bot from 152.32.135.217
Jun 26 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: input_userauth_request: invalid user bot [preauth]
Jun 26 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23747]: Failed password for root from 61.76.112.4 port 47668 ssh2
Jun 26 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23747]: Received disconnect from 61.76.112.4 port 47668:11: Bye Bye [preauth]
Jun 26 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23747]: Disconnected from 61.76.112.4 port 47668 [preauth]
Jun 26 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: Failed password for invalid user bot from 152.32.135.217 port 46462 ssh2
Jun 26 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: Received disconnect from 152.32.135.217 port 46462:11: Bye Bye [preauth]
Jun 26 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: Disconnected from 152.32.135.217 port 46462 [preauth]
Jun 26 04:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session closed for user root
Jun 26 04:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: Bad protocol version identification 'GET / HTTP/1.1' from 64.62.156.182 port 16206
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23960]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24026]: Successful su for rubyman by root
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24026]: + ??? root:rubyman
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594371 of user rubyman.
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24026]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594371.
Jun 26 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session closed for user root
Jun 26 04:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23961]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39  user=root
Jun 26 04:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: Failed password for root from 191.96.110.39 port 55204 ssh2
Jun 26 04:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: Received disconnect from 191.96.110.39 port 55204:11: Bye Bye [preauth]
Jun 26 04:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: Disconnected from 191.96.110.39 port 55204 [preauth]
Jun 26 04:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140  user=root
Jun 26 04:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: Failed password for root from 103.143.10.140 port 42554 ssh2
Jun 26 04:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: Received disconnect from 103.143.10.140 port 42554:11: Bye Bye [preauth]
Jun 26 04:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24271]: Disconnected from 103.143.10.140 port 42554 [preauth]
Jun 26 04:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.209.126  user=root
Jun 26 04:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: Failed password for root from 158.160.209.126 port 57178 ssh2
Jun 26 04:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: Connection closed by 158.160.209.126 port 57178 [preauth]
Jun 26 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23012]: pam_unix(cron:session): session closed for user root
Jun 26 04:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 04:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Failed password for root from 147.45.199.80 port 42276 ssh2
Jun 26 04:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Connection closed by 147.45.199.80 port 42276 [preauth]
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24449]: Successful su for rubyman by root
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24449]: + ??? root:rubyman
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594374 of user rubyman.
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24449]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594374.
Jun 26 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.48.4.14  user=root
Jun 26 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21548]: pam_unix(cron:session): session closed for user root
Jun 26 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Failed password for root from 179.48.4.14 port 57344 ssh2
Jun 26 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Connection closed by 179.48.4.14 port 57344 [preauth]
Jun 26 04:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: Invalid user ubuntu from 152.32.135.217
Jun 26 04:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 04:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: Failed password for invalid user ubuntu from 152.32.135.217 port 39390 ssh2
Jun 26 04:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: Received disconnect from 152.32.135.217 port 39390:11: Bye Bye [preauth]
Jun 26 04:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: Disconnected from 152.32.135.217 port 39390 [preauth]
Jun 26 04:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 04:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: Failed password for root from 77.94.47.83 port 52718 ssh2
Jun 26 04:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: Connection closed by 77.94.47.83 port 52718 [preauth]
Jun 26 04:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session closed for user root
Jun 26 04:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.187.64.123  user=root
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24831]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24830]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24833]: pam_unix(cron:session): session closed for user root
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24828]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24893]: Successful su for rubyman by root
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24893]: + ??? root:rubyman
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594381 of user rubyman.
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24893]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594381.
Jun 26 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: Failed password for root from 31.187.64.123 port 58888 ssh2
Jun 26 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: Connection closed by 31.187.64.123 port 58888 [preauth]
Jun 26 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24830]: pam_unix(cron:session): session closed for user root
Jun 26 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21975]: pam_unix(cron:session): session closed for user root
Jun 26 04:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24829]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Invalid user w from 185.148.1.18
Jun 26 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: input_userauth_request: invalid user w [preauth]
Jun 26 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Failed password for invalid user w from 185.148.1.18 port 55930 ssh2
Jun 26 04:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Received disconnect from 185.148.1.18 port 55930:11: Bye Bye [preauth]
Jun 26 04:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Disconnected from 185.148.1.18 port 55930 [preauth]
Jun 26 04:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Failed password for root from 61.76.112.4 port 43418 ssh2
Jun 26 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Received disconnect from 61.76.112.4 port 43418:11: Bye Bye [preauth]
Jun 26 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Disconnected from 61.76.112.4 port 43418 [preauth]
Jun 26 04:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: Invalid user t2 from 103.143.10.140
Jun 26 04:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: input_userauth_request: invalid user t2 [preauth]
Jun 26 04:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.10.140
Jun 26 04:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: Failed password for invalid user t2 from 103.143.10.140 port 52700 ssh2
Jun 26 04:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: Received disconnect from 103.143.10.140 port 52700:11: Bye Bye [preauth]
Jun 26 04:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: Disconnected from 103.143.10.140 port 52700 [preauth]
Jun 26 04:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.63.214.90  user=root
Jun 26 04:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Failed password for root from 211.63.214.90 port 60346 ssh2
Jun 26 04:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Connection closed by 211.63.214.90 port 60346 [preauth]
Jun 26 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23963]: pam_unix(cron:session): session closed for user root
Jun 26 04:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Invalid user ftpuser from 191.96.110.39
Jun 26 04:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 04:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Failed password for invalid user ftpuser from 191.96.110.39 port 33070 ssh2
Jun 26 04:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Received disconnect from 191.96.110.39 port 33070:11: Bye Bye [preauth]
Jun 26 04:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Disconnected from 191.96.110.39 port 33070 [preauth]
Jun 26 04:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217  user=root
Jun 26 04:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Failed password for root from 152.32.135.217 port 42204 ssh2
Jun 26 04:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Received disconnect from 152.32.135.217 port 42204:11: Bye Bye [preauth]
Jun 26 04:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Disconnected from 152.32.135.217 port 42204 [preauth]
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25270]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25267]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25330]: Successful su for rubyman by root
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25330]: + ??? root:rubyman
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594383 of user rubyman.
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25330]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594383.
Jun 26 04:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22569]: pam_unix(cron:session): session closed for user root
Jun 26 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: Invalid user admin from 2.57.121.25
Jun 26 04:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: input_userauth_request: invalid user admin [preauth]
Jun 26 04:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 04:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.135.24.10  user=root
Jun 26 04:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: Failed password for invalid user admin from 2.57.121.25 port 64224 ssh2
Jun 26 04:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24391]: pam_unix(cron:session): session closed for user root
Jun 26 04:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: Failed password for root from 206.135.24.10 port 50394 ssh2
Jun 26 04:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: Connection closed by 206.135.24.10 port 50394 [preauth]
Jun 26 04:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: Failed password for invalid user admin from 2.57.121.25 port 64224 ssh2
Jun 26 04:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: Failed password for invalid user admin from 2.57.121.25 port 64224 ssh2
Jun 26 04:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: Connection closed by 2.57.121.25 port 64224 [preauth]
Jun 26 04:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25661]: pam_unix(cron:session): session closed for user root
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25663]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25726]: Successful su for rubyman by root
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25726]: + ??? root:rubyman
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594387 of user rubyman.
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25726]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594387.
Jun 26 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23011]: pam_unix(cron:session): session closed for user root
Jun 26 04:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Invalid user ftpuser from 152.32.135.217
Jun 26 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Failed password for invalid user ftpuser from 152.32.135.217 port 36980 ssh2
Jun 26 04:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Received disconnect from 152.32.135.217 port 36980:11: Bye Bye [preauth]
Jun 26 04:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Disconnected from 152.32.135.217 port 36980 [preauth]
Jun 26 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24832]: pam_unix(cron:session): session closed for user root
Jun 26 04:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Invalid user windows from 61.76.112.4
Jun 26 04:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: input_userauth_request: invalid user windows [preauth]
Jun 26 04:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 04:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Failed password for invalid user windows from 61.76.112.4 port 34304 ssh2
Jun 26 04:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Received disconnect from 61.76.112.4 port 34304:11: Bye Bye [preauth]
Jun 26 04:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Disconnected from 61.76.112.4 port 34304 [preauth]
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26055]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: Invalid user lien from 191.96.110.39
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: input_userauth_request: invalid user lien [preauth]
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26119]: Successful su for rubyman by root
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26119]: + ??? root:rubyman
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594392 of user rubyman.
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26119]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594392.
Jun 26 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: Failed password for invalid user lien from 191.96.110.39 port 39296 ssh2
Jun 26 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: Received disconnect from 191.96.110.39 port 39296:11: Bye Bye [preauth]
Jun 26 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: Disconnected from 191.96.110.39 port 39296 [preauth]
Jun 26 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session closed for user root
Jun 26 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26056]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: Invalid user minecraft from 185.148.1.18
Jun 26 04:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: input_userauth_request: invalid user minecraft [preauth]
Jun 26 04:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: Failed password for invalid user minecraft from 185.148.1.18 port 36682 ssh2
Jun 26 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: Received disconnect from 185.148.1.18 port 36682:11: Bye Bye [preauth]
Jun 26 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: Disconnected from 185.148.1.18 port 36682 [preauth]
Jun 26 04:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25270]: pam_unix(cron:session): session closed for user root
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26458]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26519]: Successful su for rubyman by root
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26519]: + ??? root:rubyman
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594396 of user rubyman.
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26519]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594396.
Jun 26 04:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23962]: pam_unix(cron:session): session closed for user root
Jun 26 04:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26459]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217  user=root
Jun 26 04:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Failed password for root from 152.32.135.217 port 39512 ssh2
Jun 26 04:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Received disconnect from 152.32.135.217 port 39512:11: Bye Bye [preauth]
Jun 26 04:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Disconnected from 152.32.135.217 port 39512 [preauth]
Jun 26 04:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session closed for user root
Jun 26 04:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 04:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: Failed password for root from 103.27.238.116 port 51524 ssh2
Jun 26 04:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: Connection closed by 103.27.238.116 port 51524 [preauth]
Jun 26 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26947]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26947]: pam_unix(cron:session): session closed for user root
Jun 26 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26942]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27008]: Successful su for rubyman by root
Jun 26 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27008]: + ??? root:rubyman
Jun 26 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594401 of user rubyman.
Jun 26 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27008]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594401.
Jun 26 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session closed for user root
Jun 26 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24390]: pam_unix(cron:session): session closed for user root
Jun 26 04:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26943]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.11.96.13  user=root
Jun 26 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Failed password for root from 121.11.96.13 port 35180 ssh2
Jun 26 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Received disconnect from 121.11.96.13 port 35180:11: Bye Bye [preauth]
Jun 26 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Disconnected from 121.11.96.13 port 35180 [preauth]
Jun 26 04:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: Invalid user ftpuser from 191.96.110.39
Jun 26 04:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 04:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: Failed password for invalid user ftpuser from 191.96.110.39 port 45538 ssh2
Jun 26 04:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: Received disconnect from 191.96.110.39 port 45538:11: Bye Bye [preauth]
Jun 26 04:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27300]: Disconnected from 191.96.110.39 port 45538 [preauth]
Jun 26 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26058]: pam_unix(cron:session): session closed for user root
Jun 26 04:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: Failed password for root from 61.76.112.4 port 56264 ssh2
Jun 26 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: Received disconnect from 61.76.112.4 port 56264:11: Bye Bye [preauth]
Jun 26 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27366]: Disconnected from 61.76.112.4 port 56264 [preauth]
Jun 26 04:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: Invalid user admin from 193.46.255.86
Jun 26 04:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: input_userauth_request: invalid user admin [preauth]
Jun 26 04:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 04:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Invalid user test_user from 152.32.135.217
Jun 26 04:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: input_userauth_request: invalid user test_user [preauth]
Jun 26 04:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: Failed password for invalid user admin from 193.46.255.86 port 3454 ssh2
Jun 26 04:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Failed password for invalid user test_user from 152.32.135.217 port 56260 ssh2
Jun 26 04:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Received disconnect from 152.32.135.217 port 56260:11: Bye Bye [preauth]
Jun 26 04:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Disconnected from 152.32.135.217 port 56260 [preauth]
Jun 26 04:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: Failed password for invalid user admin from 193.46.255.86 port 3454 ssh2
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27398]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27464]: Successful su for rubyman by root
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27464]: + ??? root:rubyman
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594406 of user rubyman.
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27464]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594406.
Jun 26 04:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: Failed password for invalid user admin from 193.46.255.86 port 3454 ssh2
Jun 26 04:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: Connection closed by 193.46.255.86 port 3454 [preauth]
Jun 26 04:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27385]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 04:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24831]: pam_unix(cron:session): session closed for user root
Jun 26 04:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27399]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: Invalid user adrian from 202.85.222.190
Jun 26 04:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: input_userauth_request: invalid user adrian [preauth]
Jun 26 04:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.85.222.190
Jun 26 04:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: Failed password for invalid user adrian from 202.85.222.190 port 47888 ssh2
Jun 26 04:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: Received disconnect from 202.85.222.190 port 47888:11: Bye Bye [preauth]
Jun 26 04:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: Disconnected from 202.85.222.190 port 47888 [preauth]
Jun 26 04:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Invalid user curso from 185.148.1.18
Jun 26 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: input_userauth_request: invalid user curso [preauth]
Jun 26 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Failed password for invalid user curso from 185.148.1.18 port 45688 ssh2
Jun 26 04:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Received disconnect from 185.148.1.18 port 45688:11: Bye Bye [preauth]
Jun 26 04:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Disconnected from 185.148.1.18 port 45688 [preauth]
Jun 26 04:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 04:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: Failed password for root from 143.20.185.207 port 55590 ssh2
Jun 26 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: Connection closed by 143.20.185.207 port 55590 [preauth]
Jun 26 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26461]: pam_unix(cron:session): session closed for user root
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27818]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27815]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27887]: Successful su for rubyman by root
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27887]: + ??? root:rubyman
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594411 of user rubyman.
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27887]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594411.
Jun 26 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25269]: pam_unix(cron:session): session closed for user root
Jun 26 04:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27816]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26946]: pam_unix(cron:session): session closed for user root
Jun 26 04:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217  user=root
Jun 26 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Failed password for root from 152.32.135.217 port 36482 ssh2
Jun 26 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Received disconnect from 152.32.135.217 port 36482:11: Bye Bye [preauth]
Jun 26 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Disconnected from 152.32.135.217 port 36482 [preauth]
Jun 26 04:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: Invalid user ts3 from 191.96.110.39
Jun 26 04:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: input_userauth_request: invalid user ts3 [preauth]
Jun 26 04:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: Failed password for invalid user ts3 from 191.96.110.39 port 51768 ssh2
Jun 26 04:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: Received disconnect from 191.96.110.39 port 51768:11: Bye Bye [preauth]
Jun 26 04:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: Disconnected from 191.96.110.39 port 51768 [preauth]
Jun 26 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28286]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28342]: Successful su for rubyman by root
Jun 26 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28342]: + ??? root:rubyman
Jun 26 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594414 of user rubyman.
Jun 26 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28342]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594414.
Jun 26 04:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session closed for user root
Jun 26 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28284]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28679]: Invalid user zz from 61.76.112.4
Jun 26 04:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28679]: input_userauth_request: invalid user zz [preauth]
Jun 26 04:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28679]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 04:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28679]: Failed password for invalid user zz from 61.76.112.4 port 50369 ssh2
Jun 26 04:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28679]: Received disconnect from 61.76.112.4 port 50369:11: Bye Bye [preauth]
Jun 26 04:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28679]: Disconnected from 61.76.112.4 port 50369 [preauth]
Jun 26 04:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27401]: pam_unix(cron:session): session closed for user root
Jun 26 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28788]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28848]: Successful su for rubyman by root
Jun 26 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28848]: + ??? root:rubyman
Jun 26 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594419 of user rubyman.
Jun 26 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28848]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594419.
Jun 26 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26057]: pam_unix(cron:session): session closed for user root
Jun 26 04:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28789]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Invalid user adminuser from 185.148.1.18
Jun 26 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: input_userauth_request: invalid user adminuser [preauth]
Jun 26 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Failed password for invalid user adminuser from 185.148.1.18 port 54716 ssh2
Jun 26 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Received disconnect from 185.148.1.18 port 54716:11: Bye Bye [preauth]
Jun 26 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29061]: Disconnected from 185.148.1.18 port 54716 [preauth]
Jun 26 04:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: Invalid user eren from 152.32.135.217
Jun 26 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: input_userauth_request: invalid user eren [preauth]
Jun 26 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: Failed password for invalid user eren from 152.32.135.217 port 49174 ssh2
Jun 26 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: Received disconnect from 152.32.135.217 port 49174:11: Bye Bye [preauth]
Jun 26 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: Disconnected from 152.32.135.217 port 49174 [preauth]
Jun 26 04:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 04:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29097]: Failed password for root from 51.250.105.222 port 53766 ssh2
Jun 26 04:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29097]: Connection closed by 51.250.105.222 port 53766 [preauth]
Jun 26 04:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27818]: pam_unix(cron:session): session closed for user root
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29220]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29220]: pam_unix(cron:session): session closed for user root
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29214]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29300]: Successful su for rubyman by root
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29300]: + ??? root:rubyman
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594424 of user rubyman.
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29300]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594424.
Jun 26 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session closed for user root
Jun 26 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26460]: pam_unix(cron:session): session closed for user root
Jun 26 04:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Invalid user auser from 191.96.110.39
Jun 26 04:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: input_userauth_request: invalid user auser [preauth]
Jun 26 04:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Failed password for invalid user auser from 191.96.110.39 port 57988 ssh2
Jun 26 04:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Received disconnect from 191.96.110.39 port 57988:11: Bye Bye [preauth]
Jun 26 04:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Disconnected from 191.96.110.39 port 57988 [preauth]
Jun 26 04:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28286]: pam_unix(cron:session): session closed for user root
Jun 26 04:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217  user=root
Jun 26 04:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: Failed password for root from 152.32.135.217 port 50848 ssh2
Jun 26 04:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: Received disconnect from 152.32.135.217 port 50848:11: Bye Bye [preauth]
Jun 26 04:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: Disconnected from 152.32.135.217 port 50848 [preauth]
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29798]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29875]: Successful su for rubyman by root
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29875]: + ??? root:rubyman
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594428 of user rubyman.
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29875]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594428.
Jun 26 04:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26945]: pam_unix(cron:session): session closed for user root
Jun 26 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: Invalid user ubnt from 45.148.10.121
Jun 26 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: input_userauth_request: invalid user ubnt [preauth]
Jun 26 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 04:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: Failed password for invalid user ubnt from 45.148.10.121 port 49124 ssh2
Jun 26 04:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30060]: Connection closed by 45.148.10.121 port 49124 [preauth]
Jun 26 04:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: Invalid user adeel from 61.76.112.4
Jun 26 04:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: input_userauth_request: invalid user adeel [preauth]
Jun 26 04:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 04:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: Failed password for invalid user adeel from 61.76.112.4 port 51025 ssh2
Jun 26 04:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: Received disconnect from 61.76.112.4 port 51025:11: Bye Bye [preauth]
Jun 26 04:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: Disconnected from 61.76.112.4 port 51025 [preauth]
Jun 26 04:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28791]: pam_unix(cron:session): session closed for user root
Jun 26 04:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 04:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: Failed password for root from 80.66.85.226 port 35180 ssh2
Jun 26 04:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30221]: Connection closed by 80.66.85.226 port 35180 [preauth]
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30232]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30294]: Successful su for rubyman by root
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30294]: + ??? root:rubyman
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594432 of user rubyman.
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30294]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594432.
Jun 26 04:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27400]: pam_unix(cron:session): session closed for user root
Jun 26 04:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30233]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: Invalid user legales from 152.32.135.217
Jun 26 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: input_userauth_request: invalid user legales [preauth]
Jun 26 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session closed for user root
Jun 26 04:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: Failed password for invalid user legales from 152.32.135.217 port 54954 ssh2
Jun 26 04:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: Received disconnect from 152.32.135.217 port 54954:11: Bye Bye [preauth]
Jun 26 04:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: Disconnected from 152.32.135.217 port 54954 [preauth]
Jun 26 04:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39  user=root
Jun 26 04:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Failed password for root from 191.96.110.39 port 35972 ssh2
Jun 26 04:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Received disconnect from 191.96.110.39 port 35972:11: Bye Bye [preauth]
Jun 26 04:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Disconnected from 191.96.110.39 port 35972 [preauth]
Jun 26 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: Successful su for rubyman by root
Jun 26 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: + ??? root:rubyman
Jun 26 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594436 of user rubyman.
Jun 26 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594436.
Jun 26 04:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27817]: pam_unix(cron:session): session closed for user root
Jun 26 04:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Invalid user marco from 175.170.144.17
Jun 26 04:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: input_userauth_request: invalid user marco [preauth]
Jun 26 04:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17
Jun 26 04:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Failed password for invalid user marco from 175.170.144.17 port 33466 ssh2
Jun 26 04:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Received disconnect from 175.170.144.17 port 33466:11: Bye Bye [preauth]
Jun 26 04:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Disconnected from 175.170.144.17 port 33466 [preauth]
Jun 26 04:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29801]: pam_unix(cron:session): session closed for user root
Jun 26 04:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Invalid user monaco from 61.76.112.4
Jun 26 04:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: input_userauth_request: invalid user monaco [preauth]
Jun 26 04:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 04:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Failed password for invalid user monaco from 61.76.112.4 port 42347 ssh2
Jun 26 04:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Received disconnect from 61.76.112.4 port 42347:11: Bye Bye [preauth]
Jun 26 04:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Disconnected from 61.76.112.4 port 42347 [preauth]
Jun 26 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31153]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: Successful su for rubyman by root
Jun 26 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: + ??? root:rubyman
Jun 26 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594440 of user rubyman.
Jun 26 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594440.
Jun 26 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session closed for user root
Jun 26 04:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31154]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: Invalid user tester from 152.32.135.217
Jun 26 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: input_userauth_request: invalid user tester [preauth]
Jun 26 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: Failed password for invalid user tester from 152.32.135.217 port 34798 ssh2
Jun 26 04:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: Received disconnect from 152.32.135.217 port 34798:11: Bye Bye [preauth]
Jun 26 04:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: Disconnected from 152.32.135.217 port 34798 [preauth]
Jun 26 04:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Invalid user u1 from 185.148.1.18
Jun 26 04:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: input_userauth_request: invalid user u1 [preauth]
Jun 26 04:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30235]: pam_unix(cron:session): session closed for user root
Jun 26 04:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Failed password for invalid user u1 from 185.148.1.18 port 44514 ssh2
Jun 26 04:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Received disconnect from 185.148.1.18 port 44514:11: Bye Bye [preauth]
Jun 26 04:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Disconnected from 185.148.1.18 port 44514 [preauth]
Jun 26 04:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 04:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for root from 38.93.206.2 port 21880 ssh2
Jun 26 04:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Connection closed by 38.93.206.2 port 21880 [preauth]
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31654]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31656]: pam_unix(cron:session): session closed for user root
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31651]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31726]: Successful su for rubyman by root
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31726]: + ??? root:rubyman
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594446 of user rubyman.
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31726]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594446.
Jun 26 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31653]: pam_unix(cron:session): session closed for user root
Jun 26 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39  user=root
Jun 26 04:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28790]: pam_unix(cron:session): session closed for user root
Jun 26 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: Failed password for root from 191.96.110.39 port 42226 ssh2
Jun 26 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: Received disconnect from 191.96.110.39 port 42226:11: Bye Bye [preauth]
Jun 26 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31723]: Disconnected from 191.96.110.39 port 42226 [preauth]
Jun 26 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31652]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30657]: pam_unix(cron:session): session closed for user root
Jun 26 04:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: Connection closed by 194.59.206.2 port 47030 [preauth]
Jun 26 04:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: Invalid user sergey from 152.32.135.217
Jun 26 04:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: input_userauth_request: invalid user sergey [preauth]
Jun 26 04:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: Failed password for invalid user sergey from 152.32.135.217 port 48012 ssh2
Jun 26 04:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: Received disconnect from 152.32.135.217 port 48012:11: Bye Bye [preauth]
Jun 26 04:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32063]: Disconnected from 152.32.135.217 port 48012 [preauth]
Jun 26 04:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 26 04:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32089]: Failed password for root from 147.45.211.215 port 42952 ssh2
Jun 26 04:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32089]: Connection closed by 147.45.211.215 port 42952 [preauth]
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32182]: Successful su for rubyman by root
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32182]: + ??? root:rubyman
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594452 of user rubyman.
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32182]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594452.
Jun 26 04:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29217]: pam_unix(cron:session): session closed for user root
Jun 26 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32110]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session closed for user root
Jun 26 04:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32462]: Invalid user david from 61.76.112.4
Jun 26 04:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32462]: input_userauth_request: invalid user david [preauth]
Jun 26 04:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32462]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 04:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32462]: Failed password for invalid user david from 61.76.112.4 port 35183 ssh2
Jun 26 04:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32462]: Received disconnect from 61.76.112.4 port 35183:11: Bye Bye [preauth]
Jun 26 04:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32462]: Disconnected from 61.76.112.4 port 35183 [preauth]
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32529]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32527]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32586]: Successful su for rubyman by root
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32586]: + ??? root:rubyman
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594454 of user rubyman.
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32586]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594454.
Jun 26 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session closed for user root
Jun 26 04:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32528]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Invalid user it from 152.32.135.217
Jun 26 04:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: input_userauth_request: invalid user it [preauth]
Jun 26 04:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217
Jun 26 04:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Invalid user ttt from 191.96.110.39
Jun 26 04:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: input_userauth_request: invalid user ttt [preauth]
Jun 26 04:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Failed password for invalid user it from 152.32.135.217 port 36750 ssh2
Jun 26 04:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Received disconnect from 152.32.135.217 port 36750:11: Bye Bye [preauth]
Jun 26 04:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Disconnected from 152.32.135.217 port 36750 [preauth]
Jun 26 04:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Failed password for invalid user ttt from 191.96.110.39 port 48492 ssh2
Jun 26 04:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Received disconnect from 191.96.110.39 port 48492:11: Bye Bye [preauth]
Jun 26 04:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Disconnected from 191.96.110.39 port 48492 [preauth]
Jun 26 04:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31655]: pam_unix(cron:session): session closed for user root
Jun 26 04:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[601]: Invalid user admin from 139.19.117.131
Jun 26 04:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[601]: input_userauth_request: invalid user admin [preauth]
Jun 26 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[613]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[679]: Successful su for rubyman by root
Jun 26 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[679]: + ??? root:rubyman
Jun 26 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594459 of user rubyman.
Jun 26 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[679]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594459.
Jun 26 04:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30234]: pam_unix(cron:session): session closed for user root
Jun 26 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[614]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[601]: Connection closed by 139.19.117.131 port 37098 [preauth]
Jun 26 04:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: Invalid user admin from 141.98.83.240
Jun 26 04:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: input_userauth_request: invalid user admin [preauth]
Jun 26 04:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: Failed password for invalid user admin from 141.98.83.240 port 42434 ssh2
Jun 26 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: Failed password for invalid user admin from 141.98.83.240 port 42434 ssh2
Jun 26 04:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: Failed password for invalid user admin from 141.98.83.240 port 42434 ssh2
Jun 26 04:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: Connection closed by 141.98.83.240 port 42434 [preauth]
Jun 26 04:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[882]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 04:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32112]: pam_unix(cron:session): session closed for user root
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1040]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1130]: Successful su for rubyman by root
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1130]: + ??? root:rubyman
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594462 of user rubyman.
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1130]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594462.
Jun 26 04:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30656]: pam_unix(cron:session): session closed for user root
Jun 26 04:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1041]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217  user=root
Jun 26 04:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Failed password for root from 152.32.135.217 port 39206 ssh2
Jun 26 04:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Received disconnect from 152.32.135.217 port 39206:11: Bye Bye [preauth]
Jun 26 04:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Disconnected from 152.32.135.217 port 39206 [preauth]
Jun 26 04:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Invalid user debian from 61.76.112.4
Jun 26 04:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: input_userauth_request: invalid user debian [preauth]
Jun 26 04:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Failed password for invalid user debian from 61.76.112.4 port 56777 ssh2
Jun 26 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Received disconnect from 61.76.112.4 port 56777:11: Bye Bye [preauth]
Jun 26 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Disconnected from 61.76.112.4 port 56777 [preauth]
Jun 26 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32530]: pam_unix(cron:session): session closed for user root
Jun 26 04:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18  user=root
Jun 26 04:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: Failed password for root from 185.148.1.18 port 34312 ssh2
Jun 26 04:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: Received disconnect from 185.148.1.18 port 34312:11: Bye Bye [preauth]
Jun 26 04:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: Disconnected from 185.148.1.18 port 34312 [preauth]
Jun 26 04:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Invalid user alex from 191.96.110.39
Jun 26 04:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: input_userauth_request: invalid user alex [preauth]
Jun 26 04:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Failed password for invalid user alex from 191.96.110.39 port 54704 ssh2
Jun 26 04:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Received disconnect from 191.96.110.39 port 54704:11: Bye Bye [preauth]
Jun 26 04:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Disconnected from 191.96.110.39 port 54704 [preauth]
Jun 26 04:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: Failed password for root from 103.15.222.183 port 58316 ssh2
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1629]: pam_unix(cron:session): session closed for user root
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: Connection closed by 103.15.222.183 port 58316 [preauth]
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1698]: Successful su for rubyman by root
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1698]: + ??? root:rubyman
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594468 of user rubyman.
Jun 26 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1698]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594468.
Jun 26 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1623]: pam_unix(cron:session): session closed for user root
Jun 26 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session closed for user root
Jun 26 04:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[616]: pam_unix(cron:session): session closed for user root
Jun 26 04:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.135.217  user=root
Jun 26 04:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2111]: Failed password for root from 152.32.135.217 port 58018 ssh2
Jun 26 04:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2111]: Received disconnect from 152.32.135.217 port 58018:11: Bye Bye [preauth]
Jun 26 04:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2111]: Disconnected from 152.32.135.217 port 58018 [preauth]
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2135]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2133]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2218]: Successful su for rubyman by root
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2218]: + ??? root:rubyman
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594473 of user rubyman.
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2218]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594473.
Jun 26 04:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31654]: pam_unix(cron:session): session closed for user root
Jun 26 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2134]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1050]: pam_unix(cron:session): session closed for user root
Jun 26 04:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Invalid user srs from 61.76.112.4
Jun 26 04:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: input_userauth_request: invalid user srs [preauth]
Jun 26 04:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2572]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2639]: Successful su for rubyman by root
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2639]: + ??? root:rubyman
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594477 of user rubyman.
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2639]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594477.
Jun 26 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Failed password for invalid user srs from 61.76.112.4 port 52140 ssh2
Jun 26 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Received disconnect from 61.76.112.4 port 52140:11: Bye Bye [preauth]
Jun 26 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Disconnected from 61.76.112.4 port 52140 [preauth]
Jun 26 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32111]: pam_unix(cron:session): session closed for user root
Jun 26 04:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2573]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39  user=root
Jun 26 04:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Failed password for root from 191.96.110.39 port 60948 ssh2
Jun 26 04:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Received disconnect from 191.96.110.39 port 60948:11: Bye Bye [preauth]
Jun 26 04:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Disconnected from 191.96.110.39 port 60948 [preauth]
Jun 26 04:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1625]: pam_unix(cron:session): session closed for user root
Jun 26 04:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: Invalid user dev from 185.148.1.18
Jun 26 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: input_userauth_request: invalid user dev [preauth]
Jun 26 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: Successful su for rubyman by root
Jun 26 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: + ??? root:rubyman
Jun 26 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594480 of user rubyman.
Jun 26 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3051]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594480.
Jun 26 04:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: Failed password for invalid user dev from 185.148.1.18 port 43338 ssh2
Jun 26 04:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: Received disconnect from 185.148.1.18 port 43338:11: Bye Bye [preauth]
Jun 26 04:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: Disconnected from 185.148.1.18 port 43338 [preauth]
Jun 26 04:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32529]: pam_unix(cron:session): session closed for user root
Jun 26 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2137]: pam_unix(cron:session): session closed for user root
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3376]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3493]: Successful su for rubyman by root
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3493]: + ??? root:rubyman
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594485 of user rubyman.
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3493]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594485.
Jun 26 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3374]: pam_unix(cron:session): session closed for user root
Jun 26 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[615]: pam_unix(cron:session): session closed for user root
Jun 26 04:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3377]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 04:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: Failed password for root from 103.82.20.28 port 55918 ssh2
Jun 26 04:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: Connection closed by 103.82.20.28 port 55918 [preauth]
Jun 26 04:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 04:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Failed password for root from 103.149.28.157 port 45250 ssh2
Jun 26 04:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Connection closed by 103.149.28.157 port 45250 [preauth]
Jun 26 04:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Invalid user anunturi from 177.11.196.79
Jun 26 04:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: input_userauth_request: invalid user anunturi [preauth]
Jun 26 04:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 04:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Failed password for invalid user anunturi from 177.11.196.79 port 44284 ssh2
Jun 26 04:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Received disconnect from 177.11.196.79 port 44284:11: Bye Bye [preauth]
Jun 26 04:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3857]: Disconnected from 177.11.196.79 port 44284 [preauth]
Jun 26 04:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2576]: pam_unix(cron:session): session closed for user root
Jun 26 04:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17  user=root
Jun 26 04:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 04:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3998]: Failed password for root from 175.170.144.17 port 48240 ssh2
Jun 26 04:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3998]: Received disconnect from 175.170.144.17 port 48240:11: Bye Bye [preauth]
Jun 26 04:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3998]: Disconnected from 175.170.144.17 port 48240 [preauth]
Jun 26 04:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4016]: Failed password for root from 61.76.112.4 port 57048 ssh2
Jun 26 04:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4016]: Received disconnect from 61.76.112.4 port 57048:11: Bye Bye [preauth]
Jun 26 04:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4016]: Disconnected from 61.76.112.4 port 57048 [preauth]
Jun 26 04:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Invalid user it from 191.96.110.39
Jun 26 04:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: input_userauth_request: invalid user it [preauth]
Jun 26 04:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Failed password for invalid user it from 191.96.110.39 port 38916 ssh2
Jun 26 04:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Received disconnect from 191.96.110.39 port 38916:11: Bye Bye [preauth]
Jun 26 04:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Disconnected from 191.96.110.39 port 38916 [preauth]
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session closed for user root
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4138]: Successful su for rubyman by root
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4138]: + ??? root:rubyman
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594493 of user rubyman.
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4138]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594493.
Jun 26 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session closed for user root
Jun 26 04:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1042]: pam_unix(cron:session): session closed for user root
Jun 26 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4073]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user root
Jun 26 04:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18  user=root
Jun 26 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: Failed password for root from 185.148.1.18 port 52366 ssh2
Jun 26 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4517]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: Received disconnect from 185.148.1.18 port 52366:11: Bye Bye [preauth]
Jun 26 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: Disconnected from 185.148.1.18 port 52366 [preauth]
Jun 26 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: Successful su for rubyman by root
Jun 26 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: + ??? root:rubyman
Jun 26 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594495 of user rubyman.
Jun 26 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594495.
Jun 26 04:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1624]: pam_unix(cron:session): session closed for user root
Jun 26 04:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: Invalid user matic from 175.170.144.17
Jun 26 04:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: input_userauth_request: invalid user matic [preauth]
Jun 26 04:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17
Jun 26 04:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: Failed password for invalid user matic from 175.170.144.17 port 36902 ssh2
Jun 26 04:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: Received disconnect from 175.170.144.17 port 36902:11: Bye Bye [preauth]
Jun 26 04:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: Disconnected from 175.170.144.17 port 36902 [preauth]
Jun 26 04:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3379]: pam_unix(cron:session): session closed for user root
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5040]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5098]: Successful su for rubyman by root
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5098]: + ??? root:rubyman
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594499 of user rubyman.
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5098]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594499.
Jun 26 04:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2135]: pam_unix(cron:session): session closed for user root
Jun 26 04:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5041]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Invalid user dev from 191.96.110.39
Jun 26 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: input_userauth_request: invalid user dev [preauth]
Jun 26 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Failed password for invalid user dev from 191.96.110.39 port 45130 ssh2
Jun 26 04:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Received disconnect from 191.96.110.39 port 45130:11: Bye Bye [preauth]
Jun 26 04:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Disconnected from 191.96.110.39 port 45130 [preauth]
Jun 26 04:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 04:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: Failed password for root from 61.76.112.4 port 35592 ssh2
Jun 26 04:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: Received disconnect from 61.76.112.4 port 35592:11: Bye Bye [preauth]
Jun 26 04:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: Disconnected from 61.76.112.4 port 35592 [preauth]
Jun 26 04:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 04:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4076]: pam_unix(cron:session): session closed for user root
Jun 26 04:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: Failed password for root from 103.176.20.57 port 36950 ssh2
Jun 26 04:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: Connection closed by 103.176.20.57 port 36950 [preauth]
Jun 26 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5457]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5516]: Successful su for rubyman by root
Jun 26 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5516]: + ??? root:rubyman
Jun 26 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594504 of user rubyman.
Jun 26 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5516]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594504.
Jun 26 04:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2575]: pam_unix(cron:session): session closed for user root
Jun 26 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5458]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4522]: pam_unix(cron:session): session closed for user root
Jun 26 04:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18  user=root
Jun 26 04:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: Failed password for root from 185.148.1.18 port 33150 ssh2
Jun 26 04:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: Received disconnect from 185.148.1.18 port 33150:11: Bye Bye [preauth]
Jun 26 04:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5805]: Disconnected from 185.148.1.18 port 33150 [preauth]
Jun 26 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5844]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5909]: Successful su for rubyman by root
Jun 26 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5909]: + ??? root:rubyman
Jun 26 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594508 of user rubyman.
Jun 26 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5909]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594508.
Jun 26 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session closed for user root
Jun 26 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5845]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: Invalid user rishi from 175.170.144.17
Jun 26 04:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: input_userauth_request: invalid user rishi [preauth]
Jun 26 04:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17
Jun 26 04:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: Failed password for invalid user rishi from 175.170.144.17 port 42450 ssh2
Jun 26 04:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: Received disconnect from 175.170.144.17 port 42450:11: Bye Bye [preauth]
Jun 26 04:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6137]: Disconnected from 175.170.144.17 port 42450 [preauth]
Jun 26 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5043]: pam_unix(cron:session): session closed for user root
Jun 26 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 04:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Failed password for root from 143.20.185.207 port 39312 ssh2
Jun 26 04:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Connection closed by 143.20.185.207 port 39312 [preauth]
Jun 26 04:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Invalid user ftptest from 191.96.110.39
Jun 26 04:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: input_userauth_request: invalid user ftptest [preauth]
Jun 26 04:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.96.110.39
Jun 26 04:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Failed password for invalid user ftptest from 191.96.110.39 port 51380 ssh2
Jun 26 04:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Received disconnect from 191.96.110.39 port 51380:11: Bye Bye [preauth]
Jun 26 04:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Disconnected from 191.96.110.39 port 51380 [preauth]
Jun 26 04:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: Invalid user mediasite from 177.11.196.79
Jun 26 04:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: input_userauth_request: invalid user mediasite [preauth]
Jun 26 04:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 04:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: Failed password for invalid user mediasite from 177.11.196.79 port 56242 ssh2
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: Received disconnect from 177.11.196.79 port 56242:11: Bye Bye [preauth]
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: Disconnected from 177.11.196.79 port 56242 [preauth]
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6249]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6249]: pam_unix(cron:session): session closed for user root
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6244]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6310]: Successful su for rubyman by root
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6310]: + ??? root:rubyman
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594514 of user rubyman.
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6310]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594514.
Jun 26 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6246]: pam_unix(cron:session): session closed for user root
Jun 26 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3378]: pam_unix(cron:session): session closed for user root
Jun 26 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6245]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.112.4  user=root
Jun 26 04:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: Failed password for root from 61.76.112.4 port 39256 ssh2
Jun 26 04:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: Received disconnect from 61.76.112.4 port 39256:11: Bye Bye [preauth]
Jun 26 04:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: Disconnected from 61.76.112.4 port 39256 [preauth]
Jun 26 04:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 04:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: Failed password for root from 103.122.221.179 port 57462 ssh2
Jun 26 04:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6576]: Connection closed by 103.122.221.179 port 57462 [preauth]
Jun 26 04:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5460]: pam_unix(cron:session): session closed for user root
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6667]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6743]: Successful su for rubyman by root
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6743]: + ??? root:rubyman
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594517 of user rubyman.
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6743]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594517.
Jun 26 04:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session closed for user root
Jun 26 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6668]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5847]: pam_unix(cron:session): session closed for user root
Jun 26 04:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 04:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 04:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Failed password for root from 103.172.78.219 port 53656 ssh2
Jun 26 04:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Connection closed by 103.172.78.219 port 53656 [preauth]
Jun 26 04:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7134]: Failed password for root from 103.77.242.62 port 57076 ssh2
Jun 26 04:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7134]: Connection closed by 103.77.242.62 port 57076 [preauth]
Jun 26 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7179]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7244]: Successful su for rubyman by root
Jun 26 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7244]: + ??? root:rubyman
Jun 26 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594521 of user rubyman.
Jun 26 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7244]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594521.
Jun 26 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4521]: pam_unix(cron:session): session closed for user root
Jun 26 04:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7180]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Invalid user myspace from 177.11.196.79
Jun 26 04:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: input_userauth_request: invalid user myspace [preauth]
Jun 26 04:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 04:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Failed password for invalid user myspace from 177.11.196.79 port 58290 ssh2
Jun 26 04:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Received disconnect from 177.11.196.79 port 58290:11: Bye Bye [preauth]
Jun 26 04:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Disconnected from 177.11.196.79 port 58290 [preauth]
Jun 26 04:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6248]: pam_unix(cron:session): session closed for user root
Jun 26 04:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7591]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7751]: Successful su for rubyman by root
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7751]: + ??? root:rubyman
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594525 of user rubyman.
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7751]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594525.
Jun 26 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5042]: pam_unix(cron:session): session closed for user root
Jun 26 04:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7592]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6670]: pam_unix(cron:session): session closed for user root
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8068]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8130]: Successful su for rubyman by root
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8130]: + ??? root:rubyman
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594529 of user rubyman.
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8130]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594529.
Jun 26 04:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5459]: pam_unix(cron:session): session closed for user root
Jun 26 04:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8069]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Invalid user ve from 177.11.196.79
Jun 26 04:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: input_userauth_request: invalid user ve [preauth]
Jun 26 04:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 04:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Failed password for invalid user ve from 177.11.196.79 port 59664 ssh2
Jun 26 04:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Received disconnect from 177.11.196.79 port 59664:11: Bye Bye [preauth]
Jun 26 04:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Disconnected from 177.11.196.79 port 59664 [preauth]
Jun 26 04:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 26 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Failed password for root from 176.32.39.21 port 32954 ssh2
Jun 26 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Connection closed by 176.32.39.21 port 32954 [preauth]
Jun 26 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7182]: pam_unix(cron:session): session closed for user root
Jun 26 04:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8412]: Invalid user user10 from 185.148.1.18
Jun 26 04:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8412]: input_userauth_request: invalid user user10 [preauth]
Jun 26 04:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8412]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8412]: Failed password for invalid user user10 from 185.148.1.18 port 51098 ssh2
Jun 26 04:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8412]: Received disconnect from 185.148.1.18 port 51098:11: Bye Bye [preauth]
Jun 26 04:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8412]: Disconnected from 185.148.1.18 port 51098 [preauth]
Jun 26 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8468]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8471]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session closed for user root
Jun 26 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: Successful su for rubyman by root
Jun 26 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: + ??? root:rubyman
Jun 26 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594537 of user rubyman.
Jun 26 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594537.
Jun 26 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8468]: pam_unix(cron:session): session closed for user root
Jun 26 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5846]: pam_unix(cron:session): session closed for user root
Jun 26 04:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7594]: pam_unix(cron:session): session closed for user root
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8899]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8973]: Successful su for rubyman by root
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8973]: + ??? root:rubyman
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594541 of user rubyman.
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8973]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594541.
Jun 26 04:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6247]: pam_unix(cron:session): session closed for user root
Jun 26 04:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8901]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Invalid user whm from 177.11.196.79
Jun 26 04:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: input_userauth_request: invalid user whm [preauth]
Jun 26 04:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 04:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Failed password for invalid user whm from 177.11.196.79 port 43704 ssh2
Jun 26 04:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Received disconnect from 177.11.196.79 port 43704:11: Bye Bye [preauth]
Jun 26 04:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9213]: Disconnected from 177.11.196.79 port 43704 [preauth]
Jun 26 04:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Invalid user admin from 185.148.1.18
Jun 26 04:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: input_userauth_request: invalid user admin [preauth]
Jun 26 04:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8071]: pam_unix(cron:session): session closed for user root
Jun 26 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Failed password for invalid user admin from 185.148.1.18 port 60120 ssh2
Jun 26 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Received disconnect from 185.148.1.18 port 60120:11: Bye Bye [preauth]
Jun 26 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Disconnected from 185.148.1.18 port 60120 [preauth]
Jun 26 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: Successful su for rubyman by root
Jun 26 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: + ??? root:rubyman
Jun 26 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594543 of user rubyman.
Jun 26 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594543.
Jun 26 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6669]: pam_unix(cron:session): session closed for user root
Jun 26 04:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9308]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8471]: pam_unix(cron:session): session closed for user root
Jun 26 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9688]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9751]: Successful su for rubyman by root
Jun 26 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9751]: + ??? root:rubyman
Jun 26 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594547 of user rubyman.
Jun 26 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9751]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594547.
Jun 26 04:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7181]: pam_unix(cron:session): session closed for user root
Jun 26 04:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9689]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Invalid user web from 185.148.1.18
Jun 26 04:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: input_userauth_request: invalid user web [preauth]
Jun 26 04:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Failed password for invalid user web from 185.148.1.18 port 40906 ssh2
Jun 26 04:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Received disconnect from 185.148.1.18 port 40906:11: Bye Bye [preauth]
Jun 26 04:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Disconnected from 185.148.1.18 port 40906 [preauth]
Jun 26 04:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8903]: pam_unix(cron:session): session closed for user root
Jun 26 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Invalid user admin from 175.170.144.17
Jun 26 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: input_userauth_request: invalid user admin [preauth]
Jun 26 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17
Jun 26 04:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Failed password for invalid user admin from 175.170.144.17 port 59098 ssh2
Jun 26 04:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Received disconnect from 175.170.144.17 port 59098:11: Bye Bye [preauth]
Jun 26 04:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Disconnected from 175.170.144.17 port 59098 [preauth]
Jun 26 04:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Invalid user mlm from 177.11.196.79
Jun 26 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: input_userauth_request: invalid user mlm [preauth]
Jun 26 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 04:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for invalid user mlm from 177.11.196.79 port 44104 ssh2
Jun 26 04:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Received disconnect from 177.11.196.79 port 44104:11: Bye Bye [preauth]
Jun 26 04:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Disconnected from 177.11.196.79 port 44104 [preauth]
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10366]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10364]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10426]: Successful su for rubyman by root
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10426]: + ??? root:rubyman
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594551 of user rubyman.
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10426]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594551.
Jun 26 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Connection closed by 45.148.10.121 port 54694 [preauth]
Jun 26 04:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7593]: pam_unix(cron:session): session closed for user root
Jun 26 04:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10365]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session closed for user root
Jun 26 04:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: User mail from 185.148.1.18 not allowed because not listed in AllowUsers
Jun 26 04:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: input_userauth_request: invalid user mail [preauth]
Jun 26 04:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18  user=mail
Jun 26 04:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: Failed password for invalid user mail from 185.148.1.18 port 49928 ssh2
Jun 26 04:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: Received disconnect from 185.148.1.18 port 49928:11: Bye Bye [preauth]
Jun 26 04:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: Disconnected from 185.148.1.18 port 49928 [preauth]
Jun 26 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10789]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10789]: pam_unix(cron:session): session closed for user root
Jun 26 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10782]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10856]: Successful su for rubyman by root
Jun 26 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10856]: + ??? root:rubyman
Jun 26 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594560 of user rubyman.
Jun 26 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10856]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594560.
Jun 26 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8070]: pam_unix(cron:session): session closed for user root
Jun 26 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10784]: pam_unix(cron:session): session closed for user root
Jun 26 04:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10783]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9691]: pam_unix(cron:session): session closed for user root
Jun 26 04:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: Invalid user internet from 177.11.196.79
Jun 26 04:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: input_userauth_request: invalid user internet [preauth]
Jun 26 04:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 04:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: Failed password for invalid user internet from 177.11.196.79 port 46352 ssh2
Jun 26 04:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: Received disconnect from 177.11.196.79 port 46352:11: Bye Bye [preauth]
Jun 26 04:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: Disconnected from 177.11.196.79 port 46352 [preauth]
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11226]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11302]: Successful su for rubyman by root
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11302]: + ??? root:rubyman
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594562 of user rubyman.
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11302]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594562.
Jun 26 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8469]: pam_unix(cron:session): session closed for user root
Jun 26 04:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11529]: Invalid user egor from 185.148.1.18
Jun 26 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11529]: input_userauth_request: invalid user egor [preauth]
Jun 26 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11529]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.1.18
Jun 26 04:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11529]: Failed password for invalid user egor from 185.148.1.18 port 58948 ssh2
Jun 26 04:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11529]: Received disconnect from 185.148.1.18 port 58948:11: Bye Bye [preauth]
Jun 26 04:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11529]: Disconnected from 185.148.1.18 port 58948 [preauth]
Jun 26 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10367]: pam_unix(cron:session): session closed for user root
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11648]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11711]: Successful su for rubyman by root
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11711]: + ??? root:rubyman
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594566 of user rubyman.
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11711]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594566.
Jun 26 04:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8902]: pam_unix(cron:session): session closed for user root
Jun 26 04:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11647]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session closed for user root
Jun 26 04:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: Invalid user tcdn from 177.11.196.79
Jun 26 04:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: input_userauth_request: invalid user tcdn [preauth]
Jun 26 04:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 04:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: Failed password for invalid user tcdn from 177.11.196.79 port 53286 ssh2
Jun 26 04:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: Received disconnect from 177.11.196.79 port 53286:11: Bye Bye [preauth]
Jun 26 04:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: Disconnected from 177.11.196.79 port 53286 [preauth]
Jun 26 04:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12110]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Failed password for root from 103.27.238.120 port 52738 ssh2
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12169]: Successful su for rubyman by root
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12169]: + ??? root:rubyman
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12169]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594569 of user rubyman.
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12169]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594569.
Jun 26 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Connection closed by 103.27.238.120 port 52738 [preauth]
Jun 26 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session closed for user root
Jun 26 04:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12111]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11229]: pam_unix(cron:session): session closed for user root
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user p13x
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: Successful su for rubyman by root
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: + ??? root:rubyman
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594573 of user rubyman.
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12692]: pam_unix(su:session): session closed for user rubyman
Jun 26 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594573.
Jun 26 04:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9690]: pam_unix(cron:session): session closed for user root
Jun 26 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session closed for user samftp
Jun 26 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11649]: pam_unix(cron:session): session closed for user root
Jun 26 04:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Invalid user geoserver from 175.170.144.17
Jun 26 04:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: input_userauth_request: invalid user geoserver [preauth]
Jun 26 04:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 04:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17
Jun 26 04:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Failed password for invalid user geoserver from 175.170.144.17 port 41968 ssh2
Jun 26 04:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Received disconnect from 175.170.144.17 port 41968:11: Bye Bye [preauth]
Jun 26 04:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Disconnected from 175.170.144.17 port 41968 [preauth]
Jun 26 04:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 04:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 04:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Failed password for root from 103.153.68.219 port 54962 ssh2
Jun 26 04:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Connection closed by 103.153.68.219 port 54962 [preauth]
Jun 26 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session closed for user root
Jun 26 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13046]: pam_unix(cron:session): session closed for user root
Jun 26 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13040]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: Successful su for rubyman by root
Jun 26 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: + ??? root:rubyman
Jun 26 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594577 of user rubyman.
Jun 26 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594577.
Jun 26 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session closed for user root
Jun 26 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10366]: pam_unix(cron:session): session closed for user root
Jun 26 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 05:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13041]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Failed password for root from 141.98.83.240 port 14236 ssh2
Jun 26 05:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 14236 ssh2]
Jun 26 05:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Connection closed by 141.98.83.240 port 14236 [preauth]
Jun 26 05:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 05:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: Invalid user prm from 177.11.196.79
Jun 26 05:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: input_userauth_request: invalid user prm [preauth]
Jun 26 05:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: Failed password for invalid user prm from 177.11.196.79 port 52462 ssh2
Jun 26 05:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: Received disconnect from 177.11.196.79 port 52462:11: Bye Bye [preauth]
Jun 26 05:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13395]: Disconnected from 177.11.196.79 port 52462 [preauth]
Jun 26 05:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12113]: pam_unix(cron:session): session closed for user root
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13557]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13627]: Successful su for rubyman by root
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13627]: + ??? root:rubyman
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594584 of user rubyman.
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13627]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594584.
Jun 26 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session closed for user root
Jun 26 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13558]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12632]: pam_unix(cron:session): session closed for user root
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14037]: Successful su for rubyman by root
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14037]: + ??? root:rubyman
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594588 of user rubyman.
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14037]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594588.
Jun 26 05:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session closed for user root
Jun 26 05:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: Invalid user ford from 177.11.196.79
Jun 26 05:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: input_userauth_request: invalid user ford [preauth]
Jun 26 05:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: Failed password for invalid user ford from 177.11.196.79 port 45404 ssh2
Jun 26 05:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: Received disconnect from 177.11.196.79 port 45404:11: Bye Bye [preauth]
Jun 26 05:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: Disconnected from 177.11.196.79 port 45404 [preauth]
Jun 26 05:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13045]: pam_unix(cron:session): session closed for user root
Jun 26 05:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Invalid user ftpuser from 175.170.144.17
Jun 26 05:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 05:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17
Jun 26 05:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Failed password for invalid user ftpuser from 175.170.144.17 port 47514 ssh2
Jun 26 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Received disconnect from 175.170.144.17 port 47514:11: Bye Bye [preauth]
Jun 26 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Disconnected from 175.170.144.17 port 47514 [preauth]
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: Successful su for rubyman by root
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: + ??? root:rubyman
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594594 of user rubyman.
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594594.
Jun 26 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11648]: pam_unix(cron:session): session closed for user root
Jun 26 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13560]: pam_unix(cron:session): session closed for user root
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14836]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14902]: Successful su for rubyman by root
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14902]: + ??? root:rubyman
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594596 of user rubyman.
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14902]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594596.
Jun 26 05:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12112]: pam_unix(cron:session): session closed for user root
Jun 26 05:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14837]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17  user=root
Jun 26 05:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: Failed password for root from 175.170.144.17 port 36176 ssh2
Jun 26 05:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: Received disconnect from 175.170.144.17 port 36176:11: Bye Bye [preauth]
Jun 26 05:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: Disconnected from 175.170.144.17 port 36176 [preauth]
Jun 26 05:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: Invalid user pim from 177.11.196.79
Jun 26 05:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: input_userauth_request: invalid user pim [preauth]
Jun 26 05:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: Failed password for invalid user pim from 177.11.196.79 port 49896 ssh2
Jun 26 05:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: Received disconnect from 177.11.196.79 port 49896:11: Bye Bye [preauth]
Jun 26 05:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: Disconnected from 177.11.196.79 port 49896 [preauth]
Jun 26 05:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session closed for user root
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15265]: pam_unix(cron:session): session closed for user root
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: Successful su for rubyman by root
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: + ??? root:rubyman
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594600 of user rubyman.
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594600.
Jun 26 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15261]: pam_unix(cron:session): session closed for user root
Jun 26 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session closed for user root
Jun 26 05:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15260]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14363]: pam_unix(cron:session): session closed for user root
Jun 26 05:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 26 05:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.252.94
Jun 26 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15765]: Successful su for rubyman by root
Jun 26 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15765]: + ??? root:rubyman
Jun 26 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594608 of user rubyman.
Jun 26 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15765]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594608.
Jun 26 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13044]: pam_unix(cron:session): session closed for user root
Jun 26 05:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14839]: pam_unix(cron:session): session closed for user root
Jun 26 05:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Invalid user classifieds from 177.11.196.79
Jun 26 05:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: input_userauth_request: invalid user classifieds [preauth]
Jun 26 05:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Failed password for invalid user classifieds from 177.11.196.79 port 49356 ssh2
Jun 26 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Received disconnect from 177.11.196.79 port 49356:11: Bye Bye [preauth]
Jun 26 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Disconnected from 177.11.196.79 port 49356 [preauth]
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16086]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16144]: Successful su for rubyman by root
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16144]: + ??? root:rubyman
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594612 of user rubyman.
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16144]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594612.
Jun 26 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13559]: pam_unix(cron:session): session closed for user root
Jun 26 05:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16087]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15264]: pam_unix(cron:session): session closed for user root
Jun 26 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16478]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16544]: Successful su for rubyman by root
Jun 26 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16544]: + ??? root:rubyman
Jun 26 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594614 of user rubyman.
Jun 26 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16544]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594614.
Jun 26 05:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session closed for user root
Jun 26 05:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16480]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 05:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Failed password for root from 143.20.185.207 port 51300 ssh2
Jun 26 05:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Connection closed by 143.20.185.207 port 51300 [preauth]
Jun 26 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session closed for user root
Jun 26 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Invalid user qp from 177.11.196.79
Jun 26 05:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: input_userauth_request: invalid user qp [preauth]
Jun 26 05:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Failed password for invalid user qp from 177.11.196.79 port 57164 ssh2
Jun 26 05:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Received disconnect from 177.11.196.79 port 57164:11: Bye Bye [preauth]
Jun 26 05:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Disconnected from 177.11.196.79 port 57164 [preauth]
Jun 26 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16947]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17099]: Successful su for rubyman by root
Jun 26 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17099]: + ??? root:rubyman
Jun 26 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594620 of user rubyman.
Jun 26 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17099]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594620.
Jun 26 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16945]: pam_unix(cron:session): session closed for user root
Jun 26 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session closed for user root
Jun 26 05:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16948]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 26 05:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17311]: Failed password for root from 46.19.67.181 port 43724 ssh2
Jun 26 05:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17311]: Connection closed by 46.19.67.181 port 43724 [preauth]
Jun 26 05:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16089]: pam_unix(cron:session): session closed for user root
Jun 26 05:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: Invalid user charlize from 2.57.121.112
Jun 26 05:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: input_userauth_request: invalid user charlize [preauth]
Jun 26 05:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 05:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: Failed password for invalid user charlize from 2.57.121.112 port 47988 ssh2
Jun 26 05:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17486]: pam_unix(cron:session): session closed for user root
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17481]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17545]: Successful su for rubyman by root
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17545]: + ??? root:rubyman
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594625 of user rubyman.
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17545]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594625.
Jun 26 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: Failed password for invalid user charlize from 2.57.121.112 port 47988 ssh2
Jun 26 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session closed for user root
Jun 26 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: Failed password for invalid user charlize from 2.57.121.112 port 47988 ssh2
Jun 26 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14838]: pam_unix(cron:session): session closed for user root
Jun 26 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: Failed password for invalid user charlize from 2.57.121.112 port 47988 ssh2
Jun 26 05:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: Failed password for invalid user charlize from 2.57.121.112 port 47988 ssh2
Jun 26 05:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: Connection closed by 2.57.121.112 port 47988 [preauth]
Jun 26 05:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 05:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 26 05:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17879]: Invalid user userb from 175.170.144.17
Jun 26 05:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17879]: input_userauth_request: invalid user userb [preauth]
Jun 26 05:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17879]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17
Jun 26 05:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17879]: Failed password for invalid user userb from 175.170.144.17 port 47276 ssh2
Jun 26 05:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17879]: Received disconnect from 175.170.144.17 port 47276:11: Bye Bye [preauth]
Jun 26 05:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17879]: Disconnected from 175.170.144.17 port 47276 [preauth]
Jun 26 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16482]: pam_unix(cron:session): session closed for user root
Jun 26 05:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Invalid user bookshop from 177.11.196.79
Jun 26 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: input_userauth_request: invalid user bookshop [preauth]
Jun 26 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Failed password for invalid user bookshop from 177.11.196.79 port 51916 ssh2
Jun 26 05:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Received disconnect from 177.11.196.79 port 51916:11: Bye Bye [preauth]
Jun 26 05:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Disconnected from 177.11.196.79 port 51916 [preauth]
Jun 26 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: Successful su for rubyman by root
Jun 26 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: + ??? root:rubyman
Jun 26 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594629 of user rubyman.
Jun 26 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594629.
Jun 26 05:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15262]: pam_unix(cron:session): session closed for user root
Jun 26 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18012]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16950]: pam_unix(cron:session): session closed for user root
Jun 26 05:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 05:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Failed password for root from 202.178.126.219 port 45957 ssh2
Jun 26 05:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18403]: Connection closed by 202.178.126.219 port 45957 [preauth]
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18536]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18534]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18597]: Successful su for rubyman by root
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18597]: + ??? root:rubyman
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594634 of user rubyman.
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18597]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594634.
Jun 26 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session closed for user root
Jun 26 05:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18535]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: Invalid user admin from 193.46.255.86
Jun 26 05:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: input_userauth_request: invalid user admin [preauth]
Jun 26 05:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 05:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: Failed password for invalid user admin from 193.46.255.86 port 3928 ssh2
Jun 26 05:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: Failed password for invalid user admin from 193.46.255.86 port 3928 ssh2
Jun 26 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17485]: pam_unix(cron:session): session closed for user root
Jun 26 05:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: Failed password for invalid user admin from 193.46.255.86 port 3928 ssh2
Jun 26 05:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: Connection closed by 193.46.255.86 port 3928 [preauth]
Jun 26 05:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18872]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 05:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: Invalid user gif from 177.11.196.79
Jun 26 05:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: input_userauth_request: invalid user gif [preauth]
Jun 26 05:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: Failed password for invalid user gif from 177.11.196.79 port 37136 ssh2
Jun 26 05:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: Received disconnect from 177.11.196.79 port 37136:11: Bye Bye [preauth]
Jun 26 05:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18949]: Disconnected from 177.11.196.79 port 37136 [preauth]
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18960]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19022]: Successful su for rubyman by root
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19022]: + ??? root:rubyman
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594637 of user rubyman.
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19022]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594637.
Jun 26 05:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16088]: pam_unix(cron:session): session closed for user root
Jun 26 05:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18961]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Invalid user kevin from 175.170.144.17
Jun 26 05:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: input_userauth_request: invalid user kevin [preauth]
Jun 26 05:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17
Jun 26 05:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Failed password for invalid user kevin from 175.170.144.17 port 52824 ssh2
Jun 26 05:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Received disconnect from 175.170.144.17 port 52824:11: Bye Bye [preauth]
Jun 26 05:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Disconnected from 175.170.144.17 port 52824 [preauth]
Jun 26 05:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 05:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19364]: Failed password for root from 38.93.206.2 port 58928 ssh2
Jun 26 05:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19364]: Connection closed by 38.93.206.2 port 58928 [preauth]
Jun 26 05:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18014]: pam_unix(cron:session): session closed for user root
Jun 26 05:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: Invalid user admin from 2.57.121.25
Jun 26 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: input_userauth_request: invalid user admin [preauth]
Jun 26 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 05:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: Failed password for invalid user admin from 2.57.121.25 port 15512 ssh2
Jun 26 05:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19472]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: Failed password for invalid user admin from 2.57.121.25 port 15512 ssh2
Jun 26 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19470]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19725]: Successful su for rubyman by root
Jun 26 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19725]: + ??? root:rubyman
Jun 26 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594642 of user rubyman.
Jun 26 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19725]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594642.
Jun 26 05:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: Failed password for invalid user admin from 2.57.121.25 port 15512 ssh2
Jun 26 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: Connection closed by 2.57.121.25 port 15512 [preauth]
Jun 26 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19455]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16481]: pam_unix(cron:session): session closed for user root
Jun 26 05:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19471]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18537]: pam_unix(cron:session): session closed for user root
Jun 26 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20077]: pam_unix(cron:session): session closed for user root
Jun 26 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20072]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20230]: Successful su for rubyman by root
Jun 26 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20230]: + ??? root:rubyman
Jun 26 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594648 of user rubyman.
Jun 26 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20230]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594648.
Jun 26 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20074]: pam_unix(cron:session): session closed for user root
Jun 26 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16949]: pam_unix(cron:session): session closed for user root
Jun 26 05:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20073]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20459]: Invalid user cosmo from 177.11.196.79
Jun 26 05:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20459]: input_userauth_request: invalid user cosmo [preauth]
Jun 26 05:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20459]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20459]: Failed password for invalid user cosmo from 177.11.196.79 port 36836 ssh2
Jun 26 05:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20459]: Received disconnect from 177.11.196.79 port 36836:11: Bye Bye [preauth]
Jun 26 05:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20459]: Disconnected from 177.11.196.79 port 36836 [preauth]
Jun 26 05:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18963]: pam_unix(cron:session): session closed for user root
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20610]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20751]: Successful su for rubyman by root
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20751]: + ??? root:rubyman
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594652 of user rubyman.
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20751]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594652.
Jun 26 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session closed for user root
Jun 26 05:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20611]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: Invalid user aditya from 175.170.144.17
Jun 26 05:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: input_userauth_request: invalid user aditya [preauth]
Jun 26 05:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.17
Jun 26 05:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: Failed password for invalid user aditya from 175.170.144.17 port 58376 ssh2
Jun 26 05:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: Received disconnect from 175.170.144.17 port 58376:11: Bye Bye [preauth]
Jun 26 05:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: Disconnected from 175.170.144.17 port 58376 [preauth]
Jun 26 05:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19473]: pam_unix(cron:session): session closed for user root
Jun 26 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session closed for user root
Jun 26 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21183]: Successful su for rubyman by root
Jun 26 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21183]: + ??? root:rubyman
Jun 26 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594655 of user rubyman.
Jun 26 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21183]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594655.
Jun 26 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18013]: pam_unix(cron:session): session closed for user root
Jun 26 05:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: Invalid user scores from 177.11.196.79
Jun 26 05:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: input_userauth_request: invalid user scores [preauth]
Jun 26 05:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: Failed password for invalid user scores from 177.11.196.79 port 49616 ssh2
Jun 26 05:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: Received disconnect from 177.11.196.79 port 49616:11: Bye Bye [preauth]
Jun 26 05:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21397]: Disconnected from 177.11.196.79 port 49616 [preauth]
Jun 26 05:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20076]: pam_unix(cron:session): session closed for user root
Jun 26 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21610]: Successful su for rubyman by root
Jun 26 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21610]: + ??? root:rubyman
Jun 26 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594661 of user rubyman.
Jun 26 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21610]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594661.
Jun 26 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18536]: pam_unix(cron:session): session closed for user root
Jun 26 05:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21537]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.183.133  user=root
Jun 26 05:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 05:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21838]: Failed password for root from 188.166.183.133 port 59998 ssh2
Jun 26 05:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21838]: Connection closed by 188.166.183.133 port 59998 [preauth]
Jun 26 05:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: Failed password for root from 193.37.70.224 port 48264 ssh2
Jun 26 05:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: Connection closed by 193.37.70.224 port 48264 [preauth]
Jun 26 05:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20613]: pam_unix(cron:session): session closed for user root
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21965]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22021]: Successful su for rubyman by root
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22021]: + ??? root:rubyman
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594664 of user rubyman.
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22021]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594664.
Jun 26 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18962]: pam_unix(cron:session): session closed for user root
Jun 26 05:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Invalid user suspended from 177.11.196.79
Jun 26 05:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: input_userauth_request: invalid user suspended [preauth]
Jun 26 05:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Failed password for invalid user suspended from 177.11.196.79 port 43232 ssh2
Jun 26 05:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Received disconnect from 177.11.196.79 port 43232:11: Bye Bye [preauth]
Jun 26 05:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Disconnected from 177.11.196.79 port 43232 [preauth]
Jun 26 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session closed for user root
Jun 26 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session closed for user root
Jun 26 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22450]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: Successful su for rubyman by root
Jun 26 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: + ??? root:rubyman
Jun 26 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594668 of user rubyman.
Jun 26 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594668.
Jun 26 05:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19472]: pam_unix(cron:session): session closed for user root
Jun 26 05:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user root
Jun 26 05:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21539]: pam_unix(cron:session): session closed for user root
Jun 26 05:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 05:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Failed password for root from 62.133.62.83 port 38576 ssh2
Jun 26 05:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Connection closed by 62.133.62.83 port 38576 [preauth]
Jun 26 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22965]: Successful su for rubyman by root
Jun 26 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22965]: + ??? root:rubyman
Jun 26 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594675 of user rubyman.
Jun 26 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22965]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594675.
Jun 26 05:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20075]: pam_unix(cron:session): session closed for user root
Jun 26 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Invalid user lupus from 177.11.196.79
Jun 26 05:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: input_userauth_request: invalid user lupus [preauth]
Jun 26 05:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session closed for user root
Jun 26 05:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Failed password for invalid user lupus from 177.11.196.79 port 48480 ssh2
Jun 26 05:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Received disconnect from 177.11.196.79 port 48480:11: Bye Bye [preauth]
Jun 26 05:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Disconnected from 177.11.196.79 port 48480 [preauth]
Jun 26 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23309]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23303]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23377]: Successful su for rubyman by root
Jun 26 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23377]: + ??? root:rubyman
Jun 26 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594679 of user rubyman.
Jun 26 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23377]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594679.
Jun 26 05:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20612]: pam_unix(cron:session): session closed for user root
Jun 26 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23306]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: Invalid user track from 175.170.144.16
Jun 26 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: input_userauth_request: invalid user track [preauth]
Jun 26 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.170.144.16
Jun 26 05:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: Failed password for invalid user track from 175.170.144.16 port 41240 ssh2
Jun 26 05:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session closed for user root
Jun 26 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23796]: Successful su for rubyman by root
Jun 26 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23796]: + ??? root:rubyman
Jun 26 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594684 of user rubyman.
Jun 26 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23796]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594684.
Jun 26 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session closed for user root
Jun 26 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23726]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session closed for user root
Jun 26 05:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: Invalid user masa from 177.11.196.79
Jun 26 05:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: input_userauth_request: invalid user masa [preauth]
Jun 26 05:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.196.79
Jun 26 05:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: Failed password for invalid user masa from 177.11.196.79 port 43028 ssh2
Jun 26 05:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: Received disconnect from 177.11.196.79 port 43028:11: Bye Bye [preauth]
Jun 26 05:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: Disconnected from 177.11.196.79 port 43028 [preauth]
Jun 26 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24240]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24241]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24233]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: Successful su for rubyman by root
Jun 26 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: + ??? root:rubyman
Jun 26 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594688 of user rubyman.
Jun 26 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594688.
Jun 26 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21538]: pam_unix(cron:session): session closed for user root
Jun 26 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23309]: pam_unix(cron:session): session closed for user root
Jun 26 05:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: Did not receive identification string from 202.194.98.218
Jun 26 05:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.194.98.218  user=root
Jun 26 05:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24611]: Failed password for root from 202.194.98.218 port 34906 ssh2
Jun 26 05:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24611]: Connection closed by 202.194.98.218 port 34906 [preauth]
Jun 26 05:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.194.98.218  user=root
Jun 26 05:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: Failed password for root from 202.194.98.218 port 37962 ssh2
Jun 26 05:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: Connection closed by 202.194.98.218 port 37962 [preauth]
Jun 26 05:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.194.98.218  user=root
Jun 26 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Failed password for root from 202.194.98.218 port 40970 ssh2
Jun 26 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Connection closed by 202.194.98.218 port 40970 [preauth]
Jun 26 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24688]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24692]: pam_unix(cron:session): session closed for user root
Jun 26 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24758]: Successful su for rubyman by root
Jun 26 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24758]: + ??? root:rubyman
Jun 26 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594690 of user rubyman.
Jun 26 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24758]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594690.
Jun 26 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24688]: pam_unix(cron:session): session closed for user root
Jun 26 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21965]: pam_unix(cron:session): session closed for user root
Jun 26 05:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24687]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 05:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24982]: Failed password for root from 87.251.79.125 port 53614 ssh2
Jun 26 05:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24982]: Connection closed by 87.251.79.125 port 53614 [preauth]
Jun 26 05:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 05:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: Failed password for root from 194.113.233.25 port 53884 ssh2
Jun 26 05:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25026]: Connection closed by 194.113.233.25 port 53884 [preauth]
Jun 26 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23728]: pam_unix(cron:session): session closed for user root
Jun 26 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25119]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25192]: Successful su for rubyman by root
Jun 26 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25192]: + ??? root:rubyman
Jun 26 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594698 of user rubyman.
Jun 26 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25192]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594698.
Jun 26 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session closed for user root
Jun 26 05:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25120]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: Invalid user test from 45.148.10.121
Jun 26 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: input_userauth_request: invalid user test [preauth]
Jun 26 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24241]: pam_unix(cron:session): session closed for user root
Jun 26 05:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: Failed password for invalid user test from 45.148.10.121 port 38180 ssh2
Jun 26 05:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: Connection closed by 45.148.10.121 port 38180 [preauth]
Jun 26 05:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 05:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Failed password for root from 141.98.83.240 port 24308 ssh2
Jun 26 05:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 24308 ssh2]
Jun 26 05:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Connection closed by 141.98.83.240 port 24308 [preauth]
Jun 26 05:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25520]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25582]: Successful su for rubyman by root
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25582]: + ??? root:rubyman
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594700 of user rubyman.
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25582]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594700.
Jun 26 05:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session closed for user root
Jun 26 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25521]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 05:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Failed password for root from 109.237.96.109 port 42764 ssh2
Jun 26 05:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Connection closed by 109.237.96.109 port 42764 [preauth]
Jun 26 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24691]: pam_unix(cron:session): session closed for user root
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25975]: Successful su for rubyman by root
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25975]: + ??? root:rubyman
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594705 of user rubyman.
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25975]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594705.
Jun 26 05:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23307]: pam_unix(cron:session): session closed for user root
Jun 26 05:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25122]: pam_unix(cron:session): session closed for user root
Jun 26 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: Successful su for rubyman by root
Jun 26 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: + ??? root:rubyman
Jun 26 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594709 of user rubyman.
Jun 26 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594709.
Jun 26 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23727]: pam_unix(cron:session): session closed for user root
Jun 26 05:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25524]: pam_unix(cron:session): session closed for user root
Jun 26 05:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 05:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: Failed password for root from 103.82.132.16 port 48922 ssh2
Jun 26 05:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26676]: Connection closed by 103.82.132.16 port 48922 [preauth]
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26788]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26787]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26788]: pam_unix(cron:session): session closed for user root
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26783]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26850]: Successful su for rubyman by root
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26850]: + ??? root:rubyman
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594714 of user rubyman.
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26850]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594714.
Jun 26 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26785]: pam_unix(cron:session): session closed for user root
Jun 26 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24240]: pam_unix(cron:session): session closed for user root
Jun 26 05:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26784]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session closed for user root
Jun 26 05:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: Connection closed by 194.59.206.2 port 24316 [preauth]
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27211]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27295]: Successful su for rubyman by root
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27295]: + ??? root:rubyman
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594720 of user rubyman.
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27295]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594720.
Jun 26 05:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24689]: pam_unix(cron:session): session closed for user root
Jun 26 05:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27212]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session closed for user root
Jun 26 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27643]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27705]: Successful su for rubyman by root
Jun 26 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27705]: + ??? root:rubyman
Jun 26 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594722 of user rubyman.
Jun 26 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27705]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594722.
Jun 26 05:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25121]: pam_unix(cron:session): session closed for user root
Jun 26 05:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 26 05:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: Failed password for root from 147.45.199.80 port 59322 ssh2
Jun 26 05:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27803]: Connection closed by 147.45.199.80 port 59322 [preauth]
Jun 26 05:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 05:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27870]: Failed password for root from 89.223.69.22 port 40596 ssh2
Jun 26 05:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27870]: Connection closed by 89.223.69.22 port 40596 [preauth]
Jun 26 05:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27892]: Failed password for root from 103.27.238.114 port 42708 ssh2
Jun 26 05:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27892]: Connection closed by 103.27.238.114 port 42708 [preauth]
Jun 26 05:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26787]: pam_unix(cron:session): session closed for user root
Jun 26 05:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 05:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27996]: Failed password for root from 143.20.185.207 port 35054 ssh2
Jun 26 05:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27996]: Connection closed by 143.20.185.207 port 35054 [preauth]
Jun 26 05:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: Invalid user admin from 139.19.117.131
Jun 26 05:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: input_userauth_request: invalid user admin [preauth]
Jun 26 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28178]: Successful su for rubyman by root
Jun 26 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28178]: + ??? root:rubyman
Jun 26 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594726 of user rubyman.
Jun 26 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28178]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594726.
Jun 26 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session closed for user root
Jun 26 05:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: Connection closed by 139.19.117.131 port 48484 [preauth]
Jun 26 05:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27214]: pam_unix(cron:session): session closed for user root
Jun 26 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: Successful su for rubyman by root
Jun 26 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: + ??? root:rubyman
Jun 26 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594731 of user rubyman.
Jun 26 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28658]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594731.
Jun 26 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session closed for user root
Jun 26 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28505]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session closed for user root
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29026]: pam_unix(cron:session): session closed for user root
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29095]: Successful su for rubyman by root
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29095]: + ??? root:rubyman
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594739 of user rubyman.
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29095]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594739.
Jun 26 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29022]: pam_unix(cron:session): session closed for user root
Jun 26 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session closed for user root
Jun 26 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29021]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session closed for user root
Jun 26 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29472]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29470]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29639]: Successful su for rubyman by root
Jun 26 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29639]: + ??? root:rubyman
Jun 26 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594741 of user rubyman.
Jun 26 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29639]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594741.
Jun 26 05:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26786]: pam_unix(cron:session): session closed for user root
Jun 26 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29471]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 05:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Failed password for root from 77.94.47.83 port 48868 ssh2
Jun 26 05:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Connection closed by 77.94.47.83 port 48868 [preauth]
Jun 26 05:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28507]: pam_unix(cron:session): session closed for user root
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30015]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30080]: Successful su for rubyman by root
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30080]: + ??? root:rubyman
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594744 of user rubyman.
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30080]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594744.
Jun 26 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27213]: pam_unix(cron:session): session closed for user root
Jun 26 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session closed for user root
Jun 26 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30499]: Successful su for rubyman by root
Jun 26 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30499]: + ??? root:rubyman
Jun 26 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594750 of user rubyman.
Jun 26 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30499]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594750.
Jun 26 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session closed for user root
Jun 26 05:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29473]: pam_unix(cron:session): session closed for user root
Jun 26 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30849]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31067]: Successful su for rubyman by root
Jun 26 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31067]: + ??? root:rubyman
Jun 26 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594752 of user rubyman.
Jun 26 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31067]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594752.
Jun 26 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30847]: pam_unix(cron:session): session closed for user root
Jun 26 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session closed for user root
Jun 26 05:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30850]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user root
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31438]: pam_unix(cron:session): session closed for user root
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31433]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: Successful su for rubyman by root
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: + ??? root:rubyman
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594759 of user rubyman.
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594759.
Jun 26 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session closed for user root
Jun 26 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28506]: pam_unix(cron:session): session closed for user root
Jun 26 05:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31434]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session closed for user root
Jun 26 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31979]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32055]: Successful su for rubyman by root
Jun 26 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32055]: + ??? root:rubyman
Jun 26 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594763 of user rubyman.
Jun 26 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32055]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594763.
Jun 26 05:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29023]: pam_unix(cron:session): session closed for user root
Jun 26 05:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31977]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30852]: pam_unix(cron:session): session closed for user root
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32450]: Successful su for rubyman by root
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32450]: + ??? root:rubyman
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594768 of user rubyman.
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32450]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594768.
Jun 26 05:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29472]: pam_unix(cron:session): session closed for user root
Jun 26 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session closed for user root
Jun 26 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[327]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[397]: Successful su for rubyman by root
Jun 26 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[397]: + ??? root:rubyman
Jun 26 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594772 of user rubyman.
Jun 26 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[397]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594772.
Jun 26 05:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user root
Jun 26 05:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31980]: pam_unix(cron:session): session closed for user root
Jun 26 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[892]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[961]: Successful su for rubyman by root
Jun 26 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[961]: + ??? root:rubyman
Jun 26 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594775 of user rubyman.
Jun 26 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[961]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594775.
Jun 26 05:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30435]: pam_unix(cron:session): session closed for user root
Jun 26 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[893]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 05:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Failed password for root from 80.66.85.226 port 60738 ssh2
Jun 26 05:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Connection closed by 80.66.85.226 port 60738 [preauth]
Jun 26 05:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session closed for user root
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1357]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session closed for user root
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1353]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: Successful su for rubyman by root
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: + ??? root:rubyman
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594779 of user rubyman.
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594779.
Jun 26 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1356]: pam_unix(cron:session): session closed for user root
Jun 26 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30851]: pam_unix(cron:session): session closed for user root
Jun 26 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1354]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session closed for user root
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1933]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2036]: Successful su for rubyman by root
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2036]: + ??? root:rubyman
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594785 of user rubyman.
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2036]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594785.
Jun 26 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session closed for user root
Jun 26 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1935]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 05:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2241]: Failed password for root from 51.250.105.222 port 54168 ssh2
Jun 26 05:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2241]: Connection closed by 51.250.105.222 port 54168 [preauth]
Jun 26 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[896]: pam_unix(cron:session): session closed for user root
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2414]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2479]: Successful su for rubyman by root
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2479]: + ??? root:rubyman
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594789 of user rubyman.
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2479]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594789.
Jun 26 05:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31979]: pam_unix(cron:session): session closed for user root
Jun 26 05:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2416]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2678]: Did not receive identification string from 45.225.135.30
Jun 26 05:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2679]: Did not receive identification string from 45.225.135.30
Jun 26 05:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session closed for user root
Jun 26 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2836]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2896]: Successful su for rubyman by root
Jun 26 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2896]: + ??? root:rubyman
Jun 26 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594793 of user rubyman.
Jun 26 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2896]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594793.
Jun 26 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session closed for user root
Jun 26 05:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2837]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1943]: pam_unix(cron:session): session closed for user root
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3223]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: Successful su for rubyman by root
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: + ??? root:rubyman
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594797 of user rubyman.
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594797.
Jun 26 05:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session closed for user root
Jun 26 05:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3224]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2418]: pam_unix(cron:session): session closed for user root
Jun 26 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 05:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: Failed password for root from 103.27.238.116 port 51436 ssh2
Jun 26 05:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: Connection closed by 103.27.238.116 port 51436 [preauth]
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session closed for user root
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3626]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: Successful su for rubyman by root
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: + ??? root:rubyman
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594804 of user rubyman.
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594804.
Jun 26 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3628]: pam_unix(cron:session): session closed for user root
Jun 26 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[894]: pam_unix(cron:session): session closed for user root
Jun 26 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3627]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session closed for user root
Jun 26 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4259]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4258]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4257]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4330]: Successful su for rubyman by root
Jun 26 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4330]: + ??? root:rubyman
Jun 26 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594809 of user rubyman.
Jun 26 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4330]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594809.
Jun 26 05:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1357]: pam_unix(cron:session): session closed for user root
Jun 26 05:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4258]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Invalid user apidev from 164.92.161.148
Jun 26 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: input_userauth_request: invalid user apidev [preauth]
Jun 26 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 05:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Failed password for invalid user apidev from 164.92.161.148 port 51020 ssh2
Jun 26 05:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Received disconnect from 164.92.161.148 port 51020:11: Bye Bye [preauth]
Jun 26 05:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Disconnected from 164.92.161.148 port 51020 [preauth]
Jun 26 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4550]: Invalid user pig from 107.150.98.168
Jun 26 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4550]: input_userauth_request: invalid user pig [preauth]
Jun 26 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4550]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 05:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4550]: Failed password for invalid user pig from 107.150.98.168 port 44286 ssh2
Jun 26 05:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4550]: Received disconnect from 107.150.98.168 port 44286:11: Bye Bye [preauth]
Jun 26 05:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4550]: Disconnected from 107.150.98.168 port 44286 [preauth]
Jun 26 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session closed for user root
Jun 26 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4674]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4671]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4746]: Successful su for rubyman by root
Jun 26 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4746]: + ??? root:rubyman
Jun 26 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594811 of user rubyman.
Jun 26 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4746]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594811.
Jun 26 05:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1942]: pam_unix(cron:session): session closed for user root
Jun 26 05:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4672]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3630]: pam_unix(cron:session): session closed for user root
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5177]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5237]: Successful su for rubyman by root
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5237]: + ??? root:rubyman
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594815 of user rubyman.
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5237]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594815.
Jun 26 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2417]: pam_unix(cron:session): session closed for user root
Jun 26 05:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5178]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session closed for user root
Jun 26 05:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: Invalid user admin from 141.98.83.240
Jun 26 05:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: input_userauth_request: invalid user admin [preauth]
Jun 26 05:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 05:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: Failed password for invalid user admin from 141.98.83.240 port 64572 ssh2
Jun 26 05:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: Failed password for invalid user admin from 141.98.83.240 port 64572 ssh2
Jun 26 05:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 05:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: Failed password for invalid user admin from 141.98.83.240 port 64572 ssh2
Jun 26 05:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: Connection closed by 141.98.83.240 port 64572 [preauth]
Jun 26 05:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5595]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: Successful su for rubyman by root
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: + ??? root:rubyman
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594820 of user rubyman.
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594820.
Jun 26 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: Connection closed by 45.148.10.121 port 46098 [preauth]
Jun 26 05:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2839]: pam_unix(cron:session): session closed for user root
Jun 26 05:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4674]: pam_unix(cron:session): session closed for user root
Jun 26 05:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 05:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Failed password for root from 103.77.175.15 port 57574 ssh2
Jun 26 05:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Connection closed by 103.77.175.15 port 57574 [preauth]
Jun 26 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session closed for user root
Jun 26 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6046]: Successful su for rubyman by root
Jun 26 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6046]: + ??? root:rubyman
Jun 26 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594825 of user rubyman.
Jun 26 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6046]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594825.
Jun 26 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5982]: pam_unix(cron:session): session closed for user root
Jun 26 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3226]: pam_unix(cron:session): session closed for user root
Jun 26 05:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5981]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5180]: pam_unix(cron:session): session closed for user root
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6400]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6464]: Successful su for rubyman by root
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6464]: + ??? root:rubyman
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594831 of user rubyman.
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6464]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594831.
Jun 26 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3629]: pam_unix(cron:session): session closed for user root
Jun 26 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session closed for user root
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6880]: Successful su for rubyman by root
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6880]: + ??? root:rubyman
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594834 of user rubyman.
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6880]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594834.
Jun 26 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4259]: pam_unix(cron:session): session closed for user root
Jun 26 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6820]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7165]: Failed password for root from 143.20.185.207 port 46982 ssh2
Jun 26 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7165]: Connection closed by 143.20.185.207 port 46982 [preauth]
Jun 26 05:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 05:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 05:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Failed password for root from 38.93.206.2 port 39748 ssh2
Jun 26 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5984]: pam_unix(cron:session): session closed for user root
Jun 26 05:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Connection closed by 38.93.206.2 port 39748 [preauth]
Jun 26 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7311]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7373]: Successful su for rubyman by root
Jun 26 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7373]: + ??? root:rubyman
Jun 26 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594838 of user rubyman.
Jun 26 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7373]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594838.
Jun 26 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4673]: pam_unix(cron:session): session closed for user root
Jun 26 05:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7312]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session closed for user root
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7805]: pam_unix(cron:session): session closed for user p13x
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7862]: Successful su for rubyman by root
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7862]: + ??? root:rubyman
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594842 of user rubyman.
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7862]: pam_unix(su:session): session closed for user rubyman
Jun 26 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594842.
Jun 26 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5179]: pam_unix(cron:session): session closed for user root
Jun 26 05:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7806]: pam_unix(cron:session): session closed for user samftp
Jun 26 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session closed for user root
Jun 26 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8196]: pam_unix(cron:session): session closed for user root
Jun 26 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8200]: pam_unix(cron:session): session closed for user root
Jun 26 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8194]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8284]: Successful su for rubyman by root
Jun 26 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8284]: + ??? root:rubyman
Jun 26 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594849 of user rubyman.
Jun 26 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8284]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594849.
Jun 26 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8197]: pam_unix(cron:session): session closed for user root
Jun 26 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session closed for user root
Jun 26 06:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8195]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7314]: pam_unix(cron:session): session closed for user root
Jun 26 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8687]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8754]: Successful su for rubyman by root
Jun 26 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8754]: + ??? root:rubyman
Jun 26 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594853 of user rubyman.
Jun 26 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8754]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594853.
Jun 26 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5983]: pam_unix(cron:session): session closed for user root
Jun 26 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8688]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7808]: pam_unix(cron:session): session closed for user root
Jun 26 06:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 06:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Failed password for root from 202.178.126.219 port 28275 ssh2
Jun 26 06:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Connection closed by 202.178.126.219 port 28275 [preauth]
Jun 26 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9093]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9091]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9150]: Successful su for rubyman by root
Jun 26 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9150]: + ??? root:rubyman
Jun 26 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594857 of user rubyman.
Jun 26 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9150]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594857.
Jun 26 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6402]: pam_unix(cron:session): session closed for user root
Jun 26 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9092]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8199]: pam_unix(cron:session): session closed for user root
Jun 26 06:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 06:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Failed password for root from 103.15.222.183 port 40536 ssh2
Jun 26 06:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Connection closed by 103.15.222.183 port 40536 [preauth]
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9477]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9542]: Successful su for rubyman by root
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9542]: + ??? root:rubyman
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594861 of user rubyman.
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9542]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594861.
Jun 26 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session closed for user root
Jun 26 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9478]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8690]: pam_unix(cron:session): session closed for user root
Jun 26 06:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: User mysql from 193.46.255.86 not allowed because not listed in AllowUsers
Jun 26 06:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: input_userauth_request: invalid user mysql [preauth]
Jun 26 06:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=mysql
Jun 26 06:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Failed password for invalid user mysql from 193.46.255.86 port 28740 ssh2
Jun 26 06:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: message repeated 2 times: [ Failed password for invalid user mysql from 193.46.255.86 port 28740 ssh2]
Jun 26 06:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Connection closed by 193.46.255.86 port 28740 [preauth]
Jun 26 06:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=mysql
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9904]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10116]: Successful su for rubyman by root
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10116]: + ??? root:rubyman
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594864 of user rubyman.
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10116]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594864.
Jun 26 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7313]: pam_unix(cron:session): session closed for user root
Jun 26 06:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9908]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Invalid user qgzx from 164.92.161.148
Jun 26 06:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: input_userauth_request: invalid user qgzx [preauth]
Jun 26 06:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Failed password for invalid user qgzx from 164.92.161.148 port 38234 ssh2
Jun 26 06:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Received disconnect from 164.92.161.148 port 38234:11: Bye Bye [preauth]
Jun 26 06:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Disconnected from 164.92.161.148 port 38234 [preauth]
Jun 26 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9094]: pam_unix(cron:session): session closed for user root
Jun 26 06:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: Invalid user strong from 107.150.98.168
Jun 26 06:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: input_userauth_request: invalid user strong [preauth]
Jun 26 06:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10547]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10550]: pam_unix(cron:session): session closed for user root
Jun 26 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10545]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10616]: Successful su for rubyman by root
Jun 26 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10616]: + ??? root:rubyman
Jun 26 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594871 of user rubyman.
Jun 26 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10616]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594871.
Jun 26 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: Failed password for invalid user strong from 107.150.98.168 port 30346 ssh2
Jun 26 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: Received disconnect from 107.150.98.168 port 30346:11: Bye Bye [preauth]
Jun 26 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: Disconnected from 107.150.98.168 port 30346 [preauth]
Jun 26 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10547]: pam_unix(cron:session): session closed for user root
Jun 26 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7807]: pam_unix(cron:session): session closed for user root
Jun 26 06:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10546]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9480]: pam_unix(cron:session): session closed for user root
Jun 26 06:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Invalid user buildbot from 164.92.161.148
Jun 26 06:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: input_userauth_request: invalid user buildbot [preauth]
Jun 26 06:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Failed password for invalid user buildbot from 164.92.161.148 port 33846 ssh2
Jun 26 06:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Received disconnect from 164.92.161.148 port 33846:11: Bye Bye [preauth]
Jun 26 06:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Disconnected from 164.92.161.148 port 33846 [preauth]
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10999]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11070]: Successful su for rubyman by root
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11070]: + ??? root:rubyman
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594874 of user rubyman.
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11070]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594874.
Jun 26 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8198]: pam_unix(cron:session): session closed for user root
Jun 26 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9910]: pam_unix(cron:session): session closed for user root
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11427]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11501]: Successful su for rubyman by root
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11501]: + ??? root:rubyman
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594879 of user rubyman.
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11501]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594879.
Jun 26 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8689]: pam_unix(cron:session): session closed for user root
Jun 26 06:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11428]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Invalid user hippo from 107.150.98.168
Jun 26 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: input_userauth_request: invalid user hippo [preauth]
Jun 26 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Failed password for invalid user hippo from 107.150.98.168 port 11588 ssh2
Jun 26 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Received disconnect from 107.150.98.168 port 11588:11: Bye Bye [preauth]
Jun 26 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11670]: Disconnected from 107.150.98.168 port 11588 [preauth]
Jun 26 06:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: Invalid user ident from 164.92.161.148
Jun 26 06:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: input_userauth_request: invalid user ident [preauth]
Jun 26 06:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: Failed password for invalid user ident from 164.92.161.148 port 60056 ssh2
Jun 26 06:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: Received disconnect from 164.92.161.148 port 60056:11: Bye Bye [preauth]
Jun 26 06:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11712]: Disconnected from 164.92.161.148 port 60056 [preauth]
Jun 26 06:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10549]: pam_unix(cron:session): session closed for user root
Jun 26 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11862]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11863]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11860]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11952]: Successful su for rubyman by root
Jun 26 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11952]: + ??? root:rubyman
Jun 26 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594883 of user rubyman.
Jun 26 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11952]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594883.
Jun 26 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9093]: pam_unix(cron:session): session closed for user root
Jun 26 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11861]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11002]: pam_unix(cron:session): session closed for user root
Jun 26 06:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Invalid user observer from 164.92.161.148
Jun 26 06:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: input_userauth_request: invalid user observer [preauth]
Jun 26 06:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Failed password for invalid user observer from 164.92.161.148 port 50002 ssh2
Jun 26 06:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Received disconnect from 164.92.161.148 port 50002:11: Bye Bye [preauth]
Jun 26 06:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Disconnected from 164.92.161.148 port 50002 [preauth]
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12407]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12527]: Successful su for rubyman by root
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12527]: + ??? root:rubyman
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594886 of user rubyman.
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12527]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594886.
Jun 26 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12405]: pam_unix(cron:session): session closed for user root
Jun 26 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9479]: pam_unix(cron:session): session closed for user root
Jun 26 06:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12408]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: Invalid user rideofthemonth from 107.150.98.168
Jun 26 06:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: input_userauth_request: invalid user rideofthemonth [preauth]
Jun 26 06:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: Failed password for invalid user rideofthemonth from 107.150.98.168 port 47834 ssh2
Jun 26 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: Received disconnect from 107.150.98.168 port 47834:11: Bye Bye [preauth]
Jun 26 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: Disconnected from 107.150.98.168 port 47834 [preauth]
Jun 26 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11432]: pam_unix(cron:session): session closed for user root
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session closed for user root
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12914]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12988]: Successful su for rubyman by root
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12988]: + ??? root:rubyman
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594893 of user rubyman.
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12988]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594893.
Jun 26 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session closed for user root
Jun 26 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9909]: pam_unix(cron:session): session closed for user root
Jun 26 06:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13264]: Invalid user excalibur from 164.92.161.148
Jun 26 06:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13264]: input_userauth_request: invalid user excalibur [preauth]
Jun 26 06:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13264]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13264]: Failed password for invalid user excalibur from 164.92.161.148 port 51832 ssh2
Jun 26 06:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13264]: Received disconnect from 164.92.161.148 port 51832:11: Bye Bye [preauth]
Jun 26 06:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13264]: Disconnected from 164.92.161.148 port 51832 [preauth]
Jun 26 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11863]: pam_unix(cron:session): session closed for user root
Jun 26 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13361]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13430]: Successful su for rubyman by root
Jun 26 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13430]: + ??? root:rubyman
Jun 26 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594898 of user rubyman.
Jun 26 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13430]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594898.
Jun 26 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10548]: pam_unix(cron:session): session closed for user root
Jun 26 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13362]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Invalid user finance from 107.150.98.168
Jun 26 06:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: input_userauth_request: invalid user finance [preauth]
Jun 26 06:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Failed password for invalid user finance from 107.150.98.168 port 29078 ssh2
Jun 26 06:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Received disconnect from 107.150.98.168 port 29078:11: Bye Bye [preauth]
Jun 26 06:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Disconnected from 107.150.98.168 port 29078 [preauth]
Jun 26 06:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: Invalid user admin from 2.57.121.25
Jun 26 06:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: input_userauth_request: invalid user admin [preauth]
Jun 26 06:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 06:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: Failed password for invalid user admin from 2.57.121.25 port 4880 ssh2
Jun 26 06:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: Failed password for invalid user admin from 2.57.121.25 port 4880 ssh2
Jun 26 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: Failed password for invalid user admin from 2.57.121.25 port 4880 ssh2
Jun 26 06:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: Connection closed by 2.57.121.25 port 4880 [preauth]
Jun 26 06:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 06:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12411]: pam_unix(cron:session): session closed for user root
Jun 26 06:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 06:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Failed password for root from 103.82.20.28 port 44640 ssh2
Jun 26 06:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Connection closed by 103.82.20.28 port 44640 [preauth]
Jun 26 06:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: Invalid user webcast from 164.92.161.148
Jun 26 06:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: input_userauth_request: invalid user webcast [preauth]
Jun 26 06:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: Failed password for invalid user webcast from 164.92.161.148 port 57004 ssh2
Jun 26 06:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: Received disconnect from 164.92.161.148 port 57004:11: Bye Bye [preauth]
Jun 26 06:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13756]: Disconnected from 164.92.161.148 port 57004 [preauth]
Jun 26 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: Successful su for rubyman by root
Jun 26 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: + ??? root:rubyman
Jun 26 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594903 of user rubyman.
Jun 26 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594903.
Jun 26 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11001]: pam_unix(cron:session): session closed for user root
Jun 26 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13778]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 06:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 06:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: Failed password for root from 103.149.28.157 port 55778 ssh2
Jun 26 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session closed for user root
Jun 26 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14096]: Connection closed by 103.149.28.157 port 55778 [preauth]
Jun 26 06:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Failed password for root from 103.176.20.57 port 37100 ssh2
Jun 26 06:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Connection closed by 103.176.20.57 port 37100 [preauth]
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14177]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14237]: Successful su for rubyman by root
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14237]: + ??? root:rubyman
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594905 of user rubyman.
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14237]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594905.
Jun 26 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: Invalid user translate from 107.150.98.168
Jun 26 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: input_userauth_request: invalid user translate [preauth]
Jun 26 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11431]: pam_unix(cron:session): session closed for user root
Jun 26 06:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14178]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: Failed password for invalid user translate from 107.150.98.168 port 10320 ssh2
Jun 26 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: Received disconnect from 107.150.98.168 port 10320:11: Bye Bye [preauth]
Jun 26 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: Disconnected from 107.150.98.168 port 10320 [preauth]
Jun 26 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Invalid user qmailadmin from 164.92.161.148
Jun 26 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: input_userauth_request: invalid user qmailadmin [preauth]
Jun 26 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Failed password for invalid user qmailadmin from 164.92.161.148 port 59540 ssh2
Jun 26 06:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Received disconnect from 164.92.161.148 port 59540:11: Bye Bye [preauth]
Jun 26 06:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Disconnected from 164.92.161.148 port 59540 [preauth]
Jun 26 06:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13364]: pam_unix(cron:session): session closed for user root
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14647]: Successful su for rubyman by root
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14647]: + ??? root:rubyman
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594909 of user rubyman.
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14647]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594909.
Jun 26 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11862]: pam_unix(cron:session): session closed for user root
Jun 26 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session closed for user root
Jun 26 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Invalid user cover from 164.92.161.148
Jun 26 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: input_userauth_request: invalid user cover [preauth]
Jun 26 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Failed password for invalid user cover from 164.92.161.148 port 48450 ssh2
Jun 26 06:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Received disconnect from 164.92.161.148 port 48450:11: Bye Bye [preauth]
Jun 26 06:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Disconnected from 164.92.161.148 port 48450 [preauth]
Jun 26 06:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Invalid user csi from 107.150.98.168
Jun 26 06:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: input_userauth_request: invalid user csi [preauth]
Jun 26 06:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session closed for user root
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15061]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15136]: Successful su for rubyman by root
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15136]: + ??? root:rubyman
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594913 of user rubyman.
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15136]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594913.
Jun 26 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Failed password for invalid user csi from 107.150.98.168 port 46566 ssh2
Jun 26 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Received disconnect from 107.150.98.168 port 46566:11: Bye Bye [preauth]
Jun 26 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Disconnected from 107.150.98.168 port 46566 [preauth]
Jun 26 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15063]: pam_unix(cron:session): session closed for user root
Jun 26 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12409]: pam_unix(cron:session): session closed for user root
Jun 26 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15062]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14180]: pam_unix(cron:session): session closed for user root
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15548]: Successful su for rubyman by root
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15548]: + ??? root:rubyman
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594920 of user rubyman.
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15548]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594920.
Jun 26 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: Failed password for root from 103.172.78.219 port 44326 ssh2
Jun 26 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session closed for user root
Jun 26 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: Connection closed by 103.172.78.219 port 44326 [preauth]
Jun 26 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: Invalid user stg from 164.92.161.148
Jun 26 06:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: input_userauth_request: invalid user stg [preauth]
Jun 26 06:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: Failed password for invalid user stg from 164.92.161.148 port 35732 ssh2
Jun 26 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: Received disconnect from 164.92.161.148 port 35732:11: Bye Bye [preauth]
Jun 26 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15736]: Disconnected from 164.92.161.148 port 35732 [preauth]
Jun 26 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14575]: pam_unix(cron:session): session closed for user root
Jun 26 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Invalid user esl from 107.150.98.168
Jun 26 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: input_userauth_request: invalid user esl [preauth]
Jun 26 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Failed password for invalid user esl from 107.150.98.168 port 27824 ssh2
Jun 26 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Received disconnect from 107.150.98.168 port 27824:11: Bye Bye [preauth]
Jun 26 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Disconnected from 107.150.98.168 port 27824 [preauth]
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15890]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15890]: pam_unix(cron:session): session closed for user root
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15892]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15952]: Successful su for rubyman by root
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15952]: + ??? root:rubyman
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594925 of user rubyman.
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15952]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594925.
Jun 26 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13363]: pam_unix(cron:session): session closed for user root
Jun 26 06:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15893]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 06:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: Failed password for root from 103.77.242.62 port 39486 ssh2
Jun 26 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16183]: Connection closed by 103.77.242.62 port 39486 [preauth]
Jun 26 06:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Invalid user vms from 164.92.161.148
Jun 26 06:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: input_userauth_request: invalid user vms [preauth]
Jun 26 06:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session closed for user root
Jun 26 06:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Failed password for invalid user vms from 164.92.161.148 port 58554 ssh2
Jun 26 06:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Received disconnect from 164.92.161.148 port 58554:11: Bye Bye [preauth]
Jun 26 06:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Disconnected from 164.92.161.148 port 58554 [preauth]
Jun 26 06:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 06:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: Failed password for root from 103.122.221.179 port 43588 ssh2
Jun 26 06:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16271]: Connection closed by 103.122.221.179 port 43588 [preauth]
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: Successful su for rubyman by root
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: + ??? root:rubyman
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594929 of user rubyman.
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16339]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594929.
Jun 26 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13779]: pam_unix(cron:session): session closed for user root
Jun 26 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session closed for user root
Jun 26 06:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: Invalid user spo from 107.150.98.168
Jun 26 06:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: input_userauth_request: invalid user spo [preauth]
Jun 26 06:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: Failed password for invalid user spo from 107.150.98.168 port 64058 ssh2
Jun 26 06:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: Received disconnect from 107.150.98.168 port 64058:11: Bye Bye [preauth]
Jun 26 06:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: Disconnected from 107.150.98.168 port 64058 [preauth]
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16677]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16735]: Successful su for rubyman by root
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16735]: + ??? root:rubyman
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594932 of user rubyman.
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16735]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594932.
Jun 26 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Invalid user oes from 164.92.161.148
Jun 26 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: input_userauth_request: invalid user oes [preauth]
Jun 26 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14179]: pam_unix(cron:session): session closed for user root
Jun 26 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Failed password for invalid user oes from 164.92.161.148 port 50732 ssh2
Jun 26 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Received disconnect from 164.92.161.148 port 50732:11: Bye Bye [preauth]
Jun 26 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Disconnected from 164.92.161.148 port 50732 [preauth]
Jun 26 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: Invalid user peugeot from 92.113.142.203
Jun 26 06:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: input_userauth_request: invalid user peugeot [preauth]
Jun 26 06:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: Failed password for invalid user peugeot from 92.113.142.203 port 57746 ssh2
Jun 26 06:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: Received disconnect from 92.113.142.203 port 57746:11: Bye Bye [preauth]
Jun 26 06:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: Disconnected from 92.113.142.203 port 57746 [preauth]
Jun 26 06:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15895]: pam_unix(cron:session): session closed for user root
Jun 26 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17182]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17181]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17182]: pam_unix(cron:session): session closed for user root
Jun 26 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17242]: Successful su for rubyman by root
Jun 26 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17242]: + ??? root:rubyman
Jun 26 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594941 of user rubyman.
Jun 26 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17242]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594941.
Jun 26 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17179]: pam_unix(cron:session): session closed for user root
Jun 26 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14574]: pam_unix(cron:session): session closed for user root
Jun 26 06:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17178]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: Invalid user user from 141.98.83.240
Jun 26 06:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: input_userauth_request: invalid user user [preauth]
Jun 26 06:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 06:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: Failed password for invalid user user from 141.98.83.240 port 29058 ssh2
Jun 26 06:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: Failed password for invalid user user from 141.98.83.240 port 29058 ssh2
Jun 26 06:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: Failed password for invalid user user from 141.98.83.240 port 29058 ssh2
Jun 26 06:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: Connection closed by 141.98.83.240 port 29058 [preauth]
Jun 26 06:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session closed for user root
Jun 26 06:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Invalid user fip from 164.92.161.148
Jun 26 06:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: input_userauth_request: invalid user fip [preauth]
Jun 26 06:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for invalid user fip from 164.92.161.148 port 53942 ssh2
Jun 26 06:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Received disconnect from 164.92.161.148 port 53942:11: Bye Bye [preauth]
Jun 26 06:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Disconnected from 164.92.161.148 port 53942 [preauth]
Jun 26 06:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: Invalid user puppetmaster from 107.150.98.168
Jun 26 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: input_userauth_request: invalid user puppetmaster [preauth]
Jun 26 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: Failed password for invalid user puppetmaster from 107.150.98.168 port 45302 ssh2
Jun 26 06:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: Received disconnect from 107.150.98.168 port 45302:11: Bye Bye [preauth]
Jun 26 06:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17600]: Disconnected from 107.150.98.168 port 45302 [preauth]
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17774]: Successful su for rubyman by root
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17774]: + ??? root:rubyman
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594942 of user rubyman.
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17774]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594942.
Jun 26 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15064]: pam_unix(cron:session): session closed for user root
Jun 26 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session closed for user root
Jun 26 06:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 06:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Failed password for root from 143.20.185.207 port 58918 ssh2
Jun 26 06:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Connection closed by 143.20.185.207 port 58918 [preauth]
Jun 26 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18139]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18136]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18204]: Successful su for rubyman by root
Jun 26 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18204]: + ??? root:rubyman
Jun 26 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594947 of user rubyman.
Jun 26 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18204]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594947.
Jun 26 06:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session closed for user root
Jun 26 06:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18390]: Invalid user ftp16 from 164.92.161.148
Jun 26 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18390]: input_userauth_request: invalid user ftp16 [preauth]
Jun 26 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18390]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18137]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18390]: Failed password for invalid user ftp16 from 164.92.161.148 port 55774 ssh2
Jun 26 06:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18390]: Received disconnect from 164.92.161.148 port 55774:11: Bye Bye [preauth]
Jun 26 06:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18390]: Disconnected from 164.92.161.148 port 55774 [preauth]
Jun 26 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17181]: pam_unix(cron:session): session closed for user root
Jun 26 06:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Invalid user ftp9 from 107.150.98.168
Jun 26 06:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: input_userauth_request: invalid user ftp9 [preauth]
Jun 26 06:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Failed password for invalid user ftp9 from 107.150.98.168 port 26552 ssh2
Jun 26 06:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Received disconnect from 107.150.98.168 port 26552:11: Bye Bye [preauth]
Jun 26 06:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Disconnected from 107.150.98.168 port 26552 [preauth]
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18643]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18711]: Successful su for rubyman by root
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18711]: + ??? root:rubyman
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594952 of user rubyman.
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18711]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594952.
Jun 26 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15894]: pam_unix(cron:session): session closed for user root
Jun 26 06:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18644]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: Invalid user gastro from 92.113.142.203
Jun 26 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: input_userauth_request: invalid user gastro [preauth]
Jun 26 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: Failed password for invalid user gastro from 92.113.142.203 port 55544 ssh2
Jun 26 06:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: Received disconnect from 92.113.142.203 port 55544:11: Bye Bye [preauth]
Jun 26 06:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: Disconnected from 92.113.142.203 port 55544 [preauth]
Jun 26 06:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: Invalid user is from 164.92.161.148
Jun 26 06:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: input_userauth_request: invalid user is [preauth]
Jun 26 06:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: Failed password for invalid user is from 164.92.161.148 port 41452 ssh2
Jun 26 06:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: Received disconnect from 164.92.161.148 port 41452:11: Bye Bye [preauth]
Jun 26 06:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: Disconnected from 164.92.161.148 port 41452 [preauth]
Jun 26 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17622]: pam_unix(cron:session): session closed for user root
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19093]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19253]: Successful su for rubyman by root
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19253]: + ??? root:rubyman
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594955 of user rubyman.
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19253]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594955.
Jun 26 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session closed for user root
Jun 26 06:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19096]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18139]: pam_unix(cron:session): session closed for user root
Jun 26 06:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Invalid user cet from 164.92.161.148
Jun 26 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: input_userauth_request: invalid user cet [preauth]
Jun 26 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Failed password for invalid user cet from 164.92.161.148 port 37728 ssh2
Jun 26 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Received disconnect from 164.92.161.148 port 37728:11: Bye Bye [preauth]
Jun 26 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Disconnected from 164.92.161.148 port 37728 [preauth]
Jun 26 06:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: Invalid user adt from 107.150.98.168
Jun 26 06:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: input_userauth_request: invalid user adt [preauth]
Jun 26 06:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: Failed password for invalid user adt from 107.150.98.168 port 62788 ssh2
Jun 26 06:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: Received disconnect from 107.150.98.168 port 62788:11: Bye Bye [preauth]
Jun 26 06:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19780]: Disconnected from 107.150.98.168 port 62788 [preauth]
Jun 26 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session closed for user root
Jun 26 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19793]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19891]: Successful su for rubyman by root
Jun 26 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19891]: + ??? root:rubyman
Jun 26 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594963 of user rubyman.
Jun 26 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19891]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594963.
Jun 26 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session closed for user root
Jun 26 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19796]: pam_unix(cron:session): session closed for user root
Jun 26 06:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: Invalid user torrent from 92.113.142.203
Jun 26 06:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: input_userauth_request: invalid user torrent [preauth]
Jun 26 06:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: Failed password for invalid user torrent from 92.113.142.203 port 36046 ssh2
Jun 26 06:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: Received disconnect from 92.113.142.203 port 36046:11: Bye Bye [preauth]
Jun 26 06:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: Disconnected from 92.113.142.203 port 36046 [preauth]
Jun 26 06:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18649]: pam_unix(cron:session): session closed for user root
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: Successful su for rubyman by root
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: + ??? root:rubyman
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594965 of user rubyman.
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594965.
Jun 26 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17180]: pam_unix(cron:session): session closed for user root
Jun 26 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20654]: Invalid user jokes from 164.92.161.148
Jun 26 06:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20654]: input_userauth_request: invalid user jokes [preauth]
Jun 26 06:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20654]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20654]: Failed password for invalid user jokes from 164.92.161.148 port 52990 ssh2
Jun 26 06:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20654]: Received disconnect from 164.92.161.148 port 52990:11: Bye Bye [preauth]
Jun 26 06:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20654]: Disconnected from 164.92.161.148 port 52990 [preauth]
Jun 26 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19098]: pam_unix(cron:session): session closed for user root
Jun 26 06:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 26 06:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20830]: Failed password for root from 45.148.10.121 port 59006 ssh2
Jun 26 06:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20830]: Connection closed by 45.148.10.121 port 59006 [preauth]
Jun 26 06:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Invalid user pesquisa from 107.150.98.168
Jun 26 06:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: input_userauth_request: invalid user pesquisa [preauth]
Jun 26 06:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Failed password for invalid user pesquisa from 107.150.98.168 port 44016 ssh2
Jun 26 06:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Received disconnect from 107.150.98.168 port 44016:11: Bye Bye [preauth]
Jun 26 06:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Disconnected from 107.150.98.168 port 44016 [preauth]
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20853]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20926]: Successful su for rubyman by root
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20926]: + ??? root:rubyman
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594969 of user rubyman.
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20926]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594969.
Jun 26 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17621]: pam_unix(cron:session): session closed for user root
Jun 26 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20854]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Invalid user annualreport from 92.113.142.203
Jun 26 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: input_userauth_request: invalid user annualreport [preauth]
Jun 26 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Failed password for invalid user annualreport from 92.113.142.203 port 40918 ssh2
Jun 26 06:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Received disconnect from 92.113.142.203 port 40918:11: Bye Bye [preauth]
Jun 26 06:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Disconnected from 92.113.142.203 port 40918 [preauth]
Jun 26 06:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19798]: pam_unix(cron:session): session closed for user root
Jun 26 06:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: User pulse from 164.92.161.148 not allowed because not listed in AllowUsers
Jun 26 06:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: input_userauth_request: invalid user pulse [preauth]
Jun 26 06:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148  user=pulse
Jun 26 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Failed password for invalid user pulse from 164.92.161.148 port 48148 ssh2
Jun 26 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Received disconnect from 164.92.161.148 port 48148:11: Bye Bye [preauth]
Jun 26 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Disconnected from 164.92.161.148 port 48148 [preauth]
Jun 26 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Invalid user chassidy from 2.57.121.112
Jun 26 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: input_userauth_request: invalid user chassidy [preauth]
Jun 26 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21275]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21274]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21272]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21338]: Successful su for rubyman by root
Jun 26 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21338]: + ??? root:rubyman
Jun 26 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594973 of user rubyman.
Jun 26 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21338]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594973.
Jun 26 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Failed password for invalid user chassidy from 2.57.121.112 port 12024 ssh2
Jun 26 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18138]: pam_unix(cron:session): session closed for user root
Jun 26 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Failed password for invalid user chassidy from 2.57.121.112 port 12024 ssh2
Jun 26 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21273]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Failed password for invalid user chassidy from 2.57.121.112 port 12024 ssh2
Jun 26 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Failed password for invalid user chassidy from 2.57.121.112 port 12024 ssh2
Jun 26 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Connection closed by 2.57.121.112 port 12024 [preauth]
Jun 26 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 26 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21540]: Invalid user chassidy from 2.57.121.112
Jun 26 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21540]: input_userauth_request: invalid user chassidy [preauth]
Jun 26 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21540]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21540]: Failed password for invalid user chassidy from 2.57.121.112 port 10250 ssh2
Jun 26 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21540]: Connection closed by 2.57.121.112 port 10250 [preauth]
Jun 26 06:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20346]: pam_unix(cron:session): session closed for user root
Jun 26 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Failed password for root from 103.27.238.120 port 35186 ssh2
Jun 26 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Connection closed by 103.27.238.120 port 35186 [preauth]
Jun 26 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21696]: Invalid user fred from 107.150.98.168
Jun 26 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21696]: input_userauth_request: invalid user fred [preauth]
Jun 26 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21696]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21696]: Failed password for invalid user fred from 107.150.98.168 port 25260 ssh2
Jun 26 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21696]: Received disconnect from 107.150.98.168 port 25260:11: Bye Bye [preauth]
Jun 26 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21696]: Disconnected from 107.150.98.168 port 25260 [preauth]
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21712]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21711]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21709]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21770]: Successful su for rubyman by root
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21770]: + ??? root:rubyman
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594977 of user rubyman.
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21770]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594977.
Jun 26 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18645]: pam_unix(cron:session): session closed for user root
Jun 26 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Invalid user gis2 from 92.113.142.203
Jun 26 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: input_userauth_request: invalid user gis2 [preauth]
Jun 26 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21710]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Failed password for invalid user gis2 from 92.113.142.203 port 52372 ssh2
Jun 26 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Received disconnect from 92.113.142.203 port 52372:11: Bye Bye [preauth]
Jun 26 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Disconnected from 92.113.142.203 port 52372 [preauth]
Jun 26 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Invalid user spec from 164.92.161.148
Jun 26 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: input_userauth_request: invalid user spec [preauth]
Jun 26 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Failed password for invalid user spec from 164.92.161.148 port 45692 ssh2
Jun 26 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Received disconnect from 164.92.161.148 port 45692:11: Bye Bye [preauth]
Jun 26 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Disconnected from 164.92.161.148 port 45692 [preauth]
Jun 26 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20856]: pam_unix(cron:session): session closed for user root
Jun 26 06:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Failed password for root from 103.153.68.219 port 55142 ssh2
Jun 26 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Connection closed by 103.153.68.219 port 55142 [preauth]
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22117]: pam_unix(cron:session): session closed for user root
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22112]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22186]: Successful su for rubyman by root
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22186]: + ??? root:rubyman
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594981 of user rubyman.
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22186]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594981.
Jun 26 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22114]: pam_unix(cron:session): session closed for user root
Jun 26 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19097]: pam_unix(cron:session): session closed for user root
Jun 26 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22113]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21275]: pam_unix(cron:session): session closed for user root
Jun 26 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: Invalid user praca from 107.150.98.168
Jun 26 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: input_userauth_request: invalid user praca [preauth]
Jun 26 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Invalid user releasephp from 164.92.161.148
Jun 26 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: input_userauth_request: invalid user releasephp [preauth]
Jun 26 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.161.148
Jun 26 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: Failed password for invalid user praca from 107.150.98.168 port 61498 ssh2
Jun 26 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: Received disconnect from 107.150.98.168 port 61498:11: Bye Bye [preauth]
Jun 26 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: Disconnected from 107.150.98.168 port 61498 [preauth]
Jun 26 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Failed password for invalid user releasephp from 164.92.161.148 port 50482 ssh2
Jun 26 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Received disconnect from 164.92.161.148 port 50482:11: Bye Bye [preauth]
Jun 26 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Disconnected from 164.92.161.148 port 50482 [preauth]
Jun 26 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22618]: Connection closed by 194.59.206.2 port 52080 [preauth]
Jun 26 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Invalid user traktor from 92.113.142.203
Jun 26 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: input_userauth_request: invalid user traktor [preauth]
Jun 26 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Failed password for invalid user traktor from 92.113.142.203 port 57722 ssh2
Jun 26 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Received disconnect from 92.113.142.203 port 57722:11: Bye Bye [preauth]
Jun 26 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Disconnected from 92.113.142.203 port 57722 [preauth]
Jun 26 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22649]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22719]: Successful su for rubyman by root
Jun 26 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22719]: + ??? root:rubyman
Jun 26 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594987 of user rubyman.
Jun 26 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22719]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594987.
Jun 26 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19797]: pam_unix(cron:session): session closed for user root
Jun 26 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22650]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21712]: pam_unix(cron:session): session closed for user root
Jun 26 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23055]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: Successful su for rubyman by root
Jun 26 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: + ??? root:rubyman
Jun 26 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594992 of user rubyman.
Jun 26 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594992.
Jun 26 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20345]: pam_unix(cron:session): session closed for user root
Jun 26 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23056]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22116]: pam_unix(cron:session): session closed for user root
Jun 26 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: Invalid user symphony from 92.113.142.203
Jun 26 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: input_userauth_request: invalid user symphony [preauth]
Jun 26 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: Failed password for invalid user symphony from 92.113.142.203 port 35850 ssh2
Jun 26 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: Received disconnect from 92.113.142.203 port 35850:11: Bye Bye [preauth]
Jun 26 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: Disconnected from 92.113.142.203 port 35850 [preauth]
Jun 26 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Invalid user add from 107.150.98.168
Jun 26 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: input_userauth_request: invalid user add [preauth]
Jun 26 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Failed password for invalid user add from 107.150.98.168 port 42724 ssh2
Jun 26 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Received disconnect from 107.150.98.168 port 42724:11: Bye Bye [preauth]
Jun 26 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Disconnected from 107.150.98.168 port 42724 [preauth]
Jun 26 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23542]: Successful su for rubyman by root
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23542]: + ??? root:rubyman
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594997 of user rubyman.
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23542]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594997.
Jun 26 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20855]: pam_unix(cron:session): session closed for user root
Jun 26 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19791]: pam_unix(cron:session): session closed for user root
Jun 26 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Invalid user admin from 139.19.117.131
Jun 26 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: input_userauth_request: invalid user admin [preauth]
Jun 26 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Connection closed by 139.19.117.131 port 60806 [preauth]
Jun 26 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22652]: pam_unix(cron:session): session closed for user root
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24200]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24197]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24278]: Successful su for rubyman by root
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24278]: + ??? root:rubyman
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 594999 of user rubyman.
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24278]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 594999.
Jun 26 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21274]: pam_unix(cron:session): session closed for user root
Jun 26 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24198]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Invalid user pub from 92.113.142.203
Jun 26 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: input_userauth_request: invalid user pub [preauth]
Jun 26 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23058]: pam_unix(cron:session): session closed for user root
Jun 26 06:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Failed password for invalid user pub from 92.113.142.203 port 37328 ssh2
Jun 26 06:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Received disconnect from 92.113.142.203 port 37328:11: Bye Bye [preauth]
Jun 26 06:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Disconnected from 92.113.142.203 port 37328 [preauth]
Jun 26 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: Invalid user nature from 107.150.98.168
Jun 26 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: input_userauth_request: invalid user nature [preauth]
Jun 26 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: Failed password for invalid user nature from 107.150.98.168 port 23964 ssh2
Jun 26 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: Received disconnect from 107.150.98.168 port 23964:11: Bye Bye [preauth]
Jun 26 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: Disconnected from 107.150.98.168 port 23964 [preauth]
Jun 26 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session closed for user root
Jun 26 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24714]: Successful su for rubyman by root
Jun 26 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24714]: + ??? root:rubyman
Jun 26 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595006 of user rubyman.
Jun 26 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24714]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595006.
Jun 26 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24632]: pam_unix(cron:session): session closed for user root
Jun 26 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21711]: pam_unix(cron:session): session closed for user root
Jun 26 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session closed for user root
Jun 26 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: Failed password for root from 193.37.70.224 port 37032 ssh2
Jun 26 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: Connection closed by 193.37.70.224 port 37032 [preauth]
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25075]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25141]: Successful su for rubyman by root
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25141]: + ??? root:rubyman
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595011 of user rubyman.
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25141]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595011.
Jun 26 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session closed for user root
Jun 26 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25076]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: Invalid user cloud1 from 92.113.142.203
Jun 26 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: input_userauth_request: invalid user cloud1 [preauth]
Jun 26 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: Failed password for invalid user cloud1 from 92.113.142.203 port 48716 ssh2
Jun 26 06:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: Received disconnect from 92.113.142.203 port 48716:11: Bye Bye [preauth]
Jun 26 06:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: Disconnected from 92.113.142.203 port 48716 [preauth]
Jun 26 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24200]: pam_unix(cron:session): session closed for user root
Jun 26 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25450]: Invalid user clc from 107.150.98.168
Jun 26 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25450]: input_userauth_request: invalid user clc [preauth]
Jun 26 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25450]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25450]: Failed password for invalid user clc from 107.150.98.168 port 60206 ssh2
Jun 26 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25450]: Received disconnect from 107.150.98.168 port 60206:11: Bye Bye [preauth]
Jun 26 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25450]: Disconnected from 107.150.98.168 port 60206 [preauth]
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25545]: Successful su for rubyman by root
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25545]: + ??? root:rubyman
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595013 of user rubyman.
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25545]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595013.
Jun 26 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22651]: pam_unix(cron:session): session closed for user root
Jun 26 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25481]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session closed for user root
Jun 26 06:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: Failed password for root from 62.133.62.83 port 47608 ssh2
Jun 26 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: Connection closed by 62.133.62.83 port 47608 [preauth]
Jun 26 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25871]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25932]: Successful su for rubyman by root
Jun 26 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25932]: + ??? root:rubyman
Jun 26 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595018 of user rubyman.
Jun 26 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25932]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595018.
Jun 26 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23057]: pam_unix(cron:session): session closed for user root
Jun 26 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25872]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: Invalid user server06 from 92.113.142.203
Jun 26 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: input_userauth_request: invalid user server06 [preauth]
Jun 26 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: Failed password for invalid user server06 from 92.113.142.203 port 60596 ssh2
Jun 26 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: Received disconnect from 92.113.142.203 port 60596:11: Bye Bye [preauth]
Jun 26 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: Disconnected from 92.113.142.203 port 60596 [preauth]
Jun 26 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25079]: pam_unix(cron:session): session closed for user root
Jun 26 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Invalid user mailinglist from 107.150.98.168
Jun 26 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: input_userauth_request: invalid user mailinglist [preauth]
Jun 26 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Failed password for invalid user mailinglist from 107.150.98.168 port 41444 ssh2
Jun 26 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Received disconnect from 107.150.98.168 port 41444:11: Bye Bye [preauth]
Jun 26 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Disconnected from 107.150.98.168 port 41444 [preauth]
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26269]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26268]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26266]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26388]: Successful su for rubyman by root
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26388]: + ??? root:rubyman
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595022 of user rubyman.
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26388]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595022.
Jun 26 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26263]: pam_unix(cron:session): session closed for user root
Jun 26 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23476]: pam_unix(cron:session): session closed for user root
Jun 26 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26267]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25483]: pam_unix(cron:session): session closed for user root
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26832]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26835]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26835]: pam_unix(cron:session): session closed for user root
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26830]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26896]: Successful su for rubyman by root
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26896]: + ??? root:rubyman
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595027 of user rubyman.
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26896]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595027.
Jun 26 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26832]: pam_unix(cron:session): session closed for user root
Jun 26 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24199]: pam_unix(cron:session): session closed for user root
Jun 26 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26831]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: Invalid user spa from 92.113.142.203
Jun 26 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: input_userauth_request: invalid user spa [preauth]
Jun 26 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: Failed password for invalid user spa from 92.113.142.203 port 35732 ssh2
Jun 26 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: Received disconnect from 92.113.142.203 port 35732:11: Bye Bye [preauth]
Jun 26 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: Disconnected from 92.113.142.203 port 35732 [preauth]
Jun 26 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25874]: pam_unix(cron:session): session closed for user root
Jun 26 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: Invalid user chapters from 107.150.98.168
Jun 26 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: input_userauth_request: invalid user chapters [preauth]
Jun 26 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.98.168
Jun 26 06:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: Failed password for invalid user chapters from 107.150.98.168 port 22692 ssh2
Jun 26 06:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: Received disconnect from 107.150.98.168 port 22692:11: Bye Bye [preauth]
Jun 26 06:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: Disconnected from 107.150.98.168 port 22692 [preauth]
Jun 26 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27288]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27286]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27356]: Successful su for rubyman by root
Jun 26 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27356]: + ??? root:rubyman
Jun 26 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595033 of user rubyman.
Jun 26 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27356]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595033.
Jun 26 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24633]: pam_unix(cron:session): session closed for user root
Jun 26 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27287]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26269]: pam_unix(cron:session): session closed for user root
Jun 26 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27691]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27760]: Successful su for rubyman by root
Jun 26 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27760]: + ??? root:rubyman
Jun 26 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595037 of user rubyman.
Jun 26 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27760]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595037.
Jun 26 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25078]: pam_unix(cron:session): session closed for user root
Jun 26 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27692]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Invalid user olga from 92.113.142.203
Jun 26 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: input_userauth_request: invalid user olga [preauth]
Jun 26 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Failed password for invalid user olga from 92.113.142.203 port 43582 ssh2
Jun 26 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Received disconnect from 92.113.142.203 port 43582:11: Bye Bye [preauth]
Jun 26 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Disconnected from 92.113.142.203 port 43582 [preauth]
Jun 26 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 06:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27959]: Failed password for root from 38.93.206.2 port 1100 ssh2
Jun 26 06:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27959]: Connection closed by 38.93.206.2 port 1100 [preauth]
Jun 26 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26834]: pam_unix(cron:session): session closed for user root
Jun 26 06:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 06:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: Failed password for root from 194.113.233.25 port 39190 ssh2
Jun 26 06:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: Connection closed by 194.113.233.25 port 39190 [preauth]
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28164]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28225]: Successful su for rubyman by root
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28225]: + ??? root:rubyman
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595041 of user rubyman.
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28225]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595041.
Jun 26 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25482]: pam_unix(cron:session): session closed for user root
Jun 26 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28165]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27289]: pam_unix(cron:session): session closed for user root
Jun 26 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: Invalid user wow from 92.113.142.203
Jun 26 06:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: input_userauth_request: invalid user wow [preauth]
Jun 26 06:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: Failed password for invalid user wow from 92.113.142.203 port 58234 ssh2
Jun 26 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: Received disconnect from 92.113.142.203 port 58234:11: Bye Bye [preauth]
Jun 26 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28556]: Disconnected from 92.113.142.203 port 58234 [preauth]
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28719]: Successful su for rubyman by root
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28719]: + ??? root:rubyman
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595046 of user rubyman.
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28719]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595046.
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Failed password for root from 87.251.79.125 port 34490 ssh2
Jun 26 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Connection closed by 87.251.79.125 port 34490 [preauth]
Jun 26 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25873]: pam_unix(cron:session): session closed for user root
Jun 26 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28655]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27694]: pam_unix(cron:session): session closed for user root
Jun 26 06:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29066]: Failed password for root from 109.237.96.109 port 53764 ssh2
Jun 26 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29066]: Connection closed by 109.237.96.109 port 53764 [preauth]
Jun 26 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29085]: pam_unix(cron:session): session closed for user root
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29080]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29068]: Failed password for root from 147.45.211.215 port 59864 ssh2
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29068]: Connection closed by 147.45.211.215 port 59864 [preauth]
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: Successful su for rubyman by root
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: + ??? root:rubyman
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595051 of user rubyman.
Jun 26 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595051.
Jun 26 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29082]: pam_unix(cron:session): session closed for user root
Jun 26 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26268]: pam_unix(cron:session): session closed for user root
Jun 26 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29081]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28167]: pam_unix(cron:session): session closed for user root
Jun 26 06:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Invalid user ant from 92.113.142.203
Jun 26 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: input_userauth_request: invalid user ant [preauth]
Jun 26 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Failed password for invalid user ant from 92.113.142.203 port 45144 ssh2
Jun 26 06:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Received disconnect from 92.113.142.203 port 45144:11: Bye Bye [preauth]
Jun 26 06:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Disconnected from 92.113.142.203 port 45144 [preauth]
Jun 26 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: Successful su for rubyman by root
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: + ??? root:rubyman
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595054 of user rubyman.
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595054.
Jun 26 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: Failed password for root from 143.20.185.207 port 42656 ssh2
Jun 26 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29627]: Connection closed by 143.20.185.207 port 42656 [preauth]
Jun 26 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26833]: pam_unix(cron:session): session closed for user root
Jun 26 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28657]: pam_unix(cron:session): session closed for user root
Jun 26 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: Invalid user admin from 141.98.83.240
Jun 26 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: input_userauth_request: invalid user admin [preauth]
Jun 26 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: Failed password for invalid user admin from 141.98.83.240 port 55608 ssh2
Jun 26 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: Failed password for invalid user admin from 141.98.83.240 port 55608 ssh2
Jun 26 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: Failed password for invalid user admin from 141.98.83.240 port 55608 ssh2
Jun 26 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: Connection closed by 141.98.83.240 port 55608 [preauth]
Jun 26 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30076]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30154]: Successful su for rubyman by root
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30154]: + ??? root:rubyman
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595059 of user rubyman.
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30154]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595059.
Jun 26 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27288]: pam_unix(cron:session): session closed for user root
Jun 26 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30077]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29084]: pam_unix(cron:session): session closed for user root
Jun 26 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Invalid user agenda from 92.113.142.203
Jun 26 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: input_userauth_request: invalid user agenda [preauth]
Jun 26 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Failed password for invalid user agenda from 92.113.142.203 port 41878 ssh2
Jun 26 06:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Received disconnect from 92.113.142.203 port 41878:11: Bye Bye [preauth]
Jun 26 06:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Disconnected from 92.113.142.203 port 41878 [preauth]
Jun 26 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30499]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30496]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30563]: Successful su for rubyman by root
Jun 26 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30563]: + ??? root:rubyman
Jun 26 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595063 of user rubyman.
Jun 26 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30563]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595063.
Jun 26 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27693]: pam_unix(cron:session): session closed for user root
Jun 26 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30497]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user root
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30916]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31068]: Successful su for rubyman by root
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31068]: + ??? root:rubyman
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595067 of user rubyman.
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31068]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595067.
Jun 26 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28166]: pam_unix(cron:session): session closed for user root
Jun 26 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31003]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: Invalid user do from 92.113.142.203
Jun 26 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: input_userauth_request: invalid user do [preauth]
Jun 26 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session closed for user root
Jun 26 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: Failed password for invalid user do from 92.113.142.203 port 55594 ssh2
Jun 26 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: Received disconnect from 92.113.142.203 port 55594:11: Bye Bye [preauth]
Jun 26 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31317]: Disconnected from 92.113.142.203 port 55594 [preauth]
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31405]: pam_unix(cron:session): session closed for user root
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31400]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31482]: Successful su for rubyman by root
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31482]: + ??? root:rubyman
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595071 of user rubyman.
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31482]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595071.
Jun 26 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31402]: pam_unix(cron:session): session closed for user root
Jun 26 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session closed for user root
Jun 26 06:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31401]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 06:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: Failed password for root from 147.45.199.80 port 52032 ssh2
Jun 26 06:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: Connection closed by 147.45.199.80 port 52032 [preauth]
Jun 26 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30499]: pam_unix(cron:session): session closed for user root
Jun 26 06:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 26 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: Failed password for root from 176.32.39.21 port 50318 ssh2
Jun 26 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: Connection closed by 176.32.39.21 port 50318 [preauth]
Jun 26 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31953]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32027]: Successful su for rubyman by root
Jun 26 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32027]: + ??? root:rubyman
Jun 26 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595078 of user rubyman.
Jun 26 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32027]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595078.
Jun 26 06:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29083]: pam_unix(cron:session): session closed for user root
Jun 26 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31950]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: Invalid user nsm from 92.113.142.203
Jun 26 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: input_userauth_request: invalid user nsm [preauth]
Jun 26 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: Failed password for invalid user nsm from 92.113.142.203 port 47966 ssh2
Jun 26 06:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: Received disconnect from 92.113.142.203 port 47966:11: Bye Bye [preauth]
Jun 26 06:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: Disconnected from 92.113.142.203 port 47966 [preauth]
Jun 26 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31005]: pam_unix(cron:session): session closed for user root
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: Successful su for rubyman by root
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: + ??? root:rubyman
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595081 of user rubyman.
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595081.
Jun 26 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user root
Jun 26 06:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31404]: pam_unix(cron:session): session closed for user root
Jun 26 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[304]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[373]: Successful su for rubyman by root
Jun 26 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[373]: + ??? root:rubyman
Jun 26 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595084 of user rubyman.
Jun 26 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[373]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595084.
Jun 26 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30078]: pam_unix(cron:session): session closed for user root
Jun 26 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[305]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: Invalid user eko from 92.113.142.203
Jun 26 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: input_userauth_request: invalid user eko [preauth]
Jun 26 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: Failed password for invalid user eko from 92.113.142.203 port 46436 ssh2
Jun 26 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: Received disconnect from 92.113.142.203 port 46436:11: Bye Bye [preauth]
Jun 26 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: Disconnected from 92.113.142.203 port 46436 [preauth]
Jun 26 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31953]: pam_unix(cron:session): session closed for user root
Jun 26 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[870]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: Successful su for rubyman by root
Jun 26 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: + ??? root:rubyman
Jun 26 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595090 of user rubyman.
Jun 26 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595090.
Jun 26 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30498]: pam_unix(cron:session): session closed for user root
Jun 26 06:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[871]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session closed for user root
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1330]: pam_unix(cron:session): session closed for user root
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1324]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: Successful su for rubyman by root
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: + ??? root:rubyman
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595095 of user rubyman.
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595095.
Jun 26 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1326]: pam_unix(cron:session): session closed for user root
Jun 26 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31004]: pam_unix(cron:session): session closed for user root
Jun 26 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1325]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: Invalid user admin from 193.46.255.86
Jun 26 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: input_userauth_request: invalid user admin [preauth]
Jun 26 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 06:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: Failed password for invalid user admin from 193.46.255.86 port 51106 ssh2
Jun 26 06:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: Failed password for invalid user admin from 193.46.255.86 port 51106 ssh2
Jun 26 06:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: Failed password for invalid user admin from 193.46.255.86 port 51106 ssh2
Jun 26 06:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: Connection closed by 193.46.255.86 port 51106 [preauth]
Jun 26 06:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 06:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Invalid user ca from 92.113.142.203
Jun 26 06:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: input_userauth_request: invalid user ca [preauth]
Jun 26 06:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Failed password for invalid user ca from 92.113.142.203 port 34224 ssh2
Jun 26 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Received disconnect from 92.113.142.203 port 34224:11: Bye Bye [preauth]
Jun 26 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Disconnected from 92.113.142.203 port 34224 [preauth]
Jun 26 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[307]: pam_unix(cron:session): session closed for user root
Jun 26 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2008]: Successful su for rubyman by root
Jun 26 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2008]: + ??? root:rubyman
Jun 26 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595099 of user rubyman.
Jun 26 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2008]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595099.
Jun 26 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31403]: pam_unix(cron:session): session closed for user root
Jun 26 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session closed for user root
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2395]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2458]: Successful su for rubyman by root
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2458]: + ??? root:rubyman
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595104 of user rubyman.
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2458]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595104.
Jun 26 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session closed for user root
Jun 26 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2396]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: Invalid user construction from 92.113.142.203
Jun 26 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: input_userauth_request: invalid user construction [preauth]
Jun 26 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.113.142.203
Jun 26 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: Failed password for invalid user construction from 92.113.142.203 port 38804 ssh2
Jun 26 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: Received disconnect from 92.113.142.203 port 38804:11: Bye Bye [preauth]
Jun 26 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2660]: Disconnected from 92.113.142.203 port 38804 [preauth]
Jun 26 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1329]: pam_unix(cron:session): session closed for user root
Jun 26 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2819]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2879]: Successful su for rubyman by root
Jun 26 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2879]: + ??? root:rubyman
Jun 26 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595107 of user rubyman.
Jun 26 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2879]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595107.
Jun 26 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session closed for user root
Jun 26 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2820]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1915]: pam_unix(cron:session): session closed for user root
Jun 26 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Failed password for root from 103.82.132.16 port 49284 ssh2
Jun 26 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Connection closed by 103.82.132.16 port 49284 [preauth]
Jun 26 06:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Failed password for root from 77.94.47.83 port 59208 ssh2
Jun 26 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Connection closed by 77.94.47.83 port 59208 [preauth]
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3205]: pam_unix(cron:session): session closed for user p13x
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3272]: Successful su for rubyman by root
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3272]: + ??? root:rubyman
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595110 of user rubyman.
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3272]: pam_unix(su:session): session closed for user rubyman
Jun 26 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595110.
Jun 26 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session closed for user root
Jun 26 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3206]: pam_unix(cron:session): session closed for user samftp
Jun 26 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: Invalid user admin from 45.148.10.121
Jun 26 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: input_userauth_request: invalid user admin [preauth]
Jun 26 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: Failed password for invalid user admin from 45.148.10.121 port 32980 ssh2
Jun 26 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3450]: Connection closed by 45.148.10.121 port 32980 [preauth]
Jun 26 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2398]: pam_unix(cron:session): session closed for user root
Jun 26 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session closed for user root
Jun 26 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3617]: pam_unix(cron:session): session closed for user root
Jun 26 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3611]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3796]: Successful su for rubyman by root
Jun 26 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3796]: + ??? root:rubyman
Jun 26 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595114 of user rubyman.
Jun 26 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3796]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595114.
Jun 26 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3614]: pam_unix(cron:session): session closed for user root
Jun 26 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[872]: pam_unix(cron:session): session closed for user root
Jun 26 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3612]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session closed for user root
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4311]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4382]: Successful su for rubyman by root
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4382]: + ??? root:rubyman
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595121 of user rubyman.
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4382]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595121.
Jun 26 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session closed for user root
Jun 26 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4312]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3208]: pam_unix(cron:session): session closed for user root
Jun 26 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: Failed password for root from 80.66.85.226 port 48254 ssh2
Jun 26 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: Connection closed by 80.66.85.226 port 48254 [preauth]
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4723]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4721]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4852]: Successful su for rubyman by root
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4852]: + ??? root:rubyman
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595126 of user rubyman.
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4852]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595126.
Jun 26 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1913]: pam_unix(cron:session): session closed for user root
Jun 26 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4722]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3616]: pam_unix(cron:session): session closed for user root
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5236]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5233]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5297]: Successful su for rubyman by root
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5297]: + ??? root:rubyman
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595129 of user rubyman.
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5297]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595129.
Jun 26 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2397]: pam_unix(cron:session): session closed for user root
Jun 26 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5234]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session closed for user root
Jun 26 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Failed password for root from 103.27.238.114 port 53314 ssh2
Jun 26 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Connection closed by 103.27.238.114 port 53314 [preauth]
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5638]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5696]: Successful su for rubyman by root
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5696]: + ??? root:rubyman
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595133 of user rubyman.
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5696]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595133.
Jun 26 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2821]: pam_unix(cron:session): session closed for user root
Jun 26 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5639]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4724]: pam_unix(cron:session): session closed for user root
Jun 26 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6027]: pam_unix(cron:session): session closed for user root
Jun 26 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6022]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6090]: Successful su for rubyman by root
Jun 26 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6090]: + ??? root:rubyman
Jun 26 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595140 of user rubyman.
Jun 26 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6090]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595140.
Jun 26 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6024]: pam_unix(cron:session): session closed for user root
Jun 26 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3207]: pam_unix(cron:session): session closed for user root
Jun 26 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5236]: pam_unix(cron:session): session closed for user root
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6515]: Successful su for rubyman by root
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6515]: + ??? root:rubyman
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595143 of user rubyman.
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6515]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595143.
Jun 26 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3615]: pam_unix(cron:session): session closed for user root
Jun 26 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6447]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5641]: pam_unix(cron:session): session closed for user root
Jun 26 07:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 07:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Failed password for root from 202.178.126.219 port 20008 ssh2
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6863]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Connection closed by 202.178.126.219 port 20008 [preauth]
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6928]: Successful su for rubyman by root
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6928]: + ??? root:rubyman
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595147 of user rubyman.
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6928]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595147.
Jun 26 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4313]: pam_unix(cron:session): session closed for user root
Jun 26 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6864]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6026]: pam_unix(cron:session): session closed for user root
Jun 26 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7356]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: Successful su for rubyman by root
Jun 26 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: + ??? root:rubyman
Jun 26 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595151 of user rubyman.
Jun 26 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7420]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595151.
Jun 26 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4723]: pam_unix(cron:session): session closed for user root
Jun 26 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7357]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: Invalid user admin from 2.57.121.25
Jun 26 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: input_userauth_request: invalid user admin [preauth]
Jun 26 07:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 07:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: Failed password for invalid user admin from 2.57.121.25 port 39192 ssh2
Jun 26 07:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: Failed password for invalid user admin from 2.57.121.25 port 39192 ssh2
Jun 26 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session closed for user root
Jun 26 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: Failed password for invalid user admin from 2.57.121.25 port 39192 ssh2
Jun 26 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: Connection closed by 2.57.121.25 port 39192 [preauth]
Jun 26 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7765]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 07:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Failed password for root from 51.250.105.222 port 54570 ssh2
Jun 26 07:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Connection closed by 51.250.105.222 port 54570 [preauth]
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: Successful su for rubyman by root
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: + ??? root:rubyman
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595155 of user rubyman.
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595155.
Jun 26 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session closed for user root
Jun 26 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5235]: pam_unix(cron:session): session closed for user root
Jun 26 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7854]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session closed for user root
Jun 26 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 26 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: Failed password for root from 46.19.67.181 port 42340 ssh2
Jun 26 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: Connection closed by 46.19.67.181 port 42340 [preauth]
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8337]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8336]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8338]: pam_unix(cron:session): session closed for user root
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8332]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8404]: Successful su for rubyman by root
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8404]: + ??? root:rubyman
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595164 of user rubyman.
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8404]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595164.
Jun 26 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8335]: pam_unix(cron:session): session closed for user root
Jun 26 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5640]: pam_unix(cron:session): session closed for user root
Jun 26 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8334]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 07:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: Failed password for root from 143.20.185.207 port 54572 ssh2
Jun 26 07:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: Connection closed by 143.20.185.207 port 54572 [preauth]
Jun 26 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session closed for user root
Jun 26 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8765]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8835]: Successful su for rubyman by root
Jun 26 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8835]: + ??? root:rubyman
Jun 26 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595166 of user rubyman.
Jun 26 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8835]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595166.
Jun 26 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6025]: pam_unix(cron:session): session closed for user root
Jun 26 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8766]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7856]: pam_unix(cron:session): session closed for user root
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9165]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9166]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9163]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9226]: Successful su for rubyman by root
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9226]: + ??? root:rubyman
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595172 of user rubyman.
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9226]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595172.
Jun 26 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6448]: pam_unix(cron:session): session closed for user root
Jun 26 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9164]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8337]: pam_unix(cron:session): session closed for user root
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9556]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9619]: Successful su for rubyman by root
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9619]: + ??? root:rubyman
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595176 of user rubyman.
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9619]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595176.
Jun 26 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session closed for user root
Jun 26 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9557]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Failed password for root from 141.98.83.240 port 9860 ssh2
Jun 26 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 9860 ssh2]
Jun 26 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Connection closed by 141.98.83.240 port 9860 [preauth]
Jun 26 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8768]: pam_unix(cron:session): session closed for user root
Jun 26 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10128]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10194]: Successful su for rubyman by root
Jun 26 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10194]: + ??? root:rubyman
Jun 26 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595178 of user rubyman.
Jun 26 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10194]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595178.
Jun 26 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7358]: pam_unix(cron:session): session closed for user root
Jun 26 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10129]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9166]: pam_unix(cron:session): session closed for user root
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10624]: pam_unix(cron:session): session closed for user root
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10618]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10694]: Successful su for rubyman by root
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10694]: + ??? root:rubyman
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595182 of user rubyman.
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10694]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595182.
Jun 26 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10621]: pam_unix(cron:session): session closed for user root
Jun 26 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7855]: pam_unix(cron:session): session closed for user root
Jun 26 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10619]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9560]: pam_unix(cron:session): session closed for user root
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11152]: Successful su for rubyman by root
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11152]: + ??? root:rubyman
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595189 of user rubyman.
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11152]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595189.
Jun 26 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8336]: pam_unix(cron:session): session closed for user root
Jun 26 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session closed for user root
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session closed for user root
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11570]: Successful su for rubyman by root
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11570]: + ??? root:rubyman
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595195 of user rubyman.
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11570]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595195.
Jun 26 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8767]: pam_unix(cron:session): session closed for user root
Jun 26 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10623]: pam_unix(cron:session): session closed for user root
Jun 26 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12022]: Successful su for rubyman by root
Jun 26 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12022]: + ??? root:rubyman
Jun 26 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595197 of user rubyman.
Jun 26 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12022]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595197.
Jun 26 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9165]: pam_unix(cron:session): session closed for user root
Jun 26 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session closed for user root
Jun 26 07:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12489]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12487]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: Successful su for rubyman by root
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: + ??? root:rubyman
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595202 of user rubyman.
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12546]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595202.
Jun 26 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: Failed password for root from 202.178.126.219 port 62304 ssh2
Jun 26 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9558]: pam_unix(cron:session): session closed for user root
Jun 26 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: Connection closed by 202.178.126.219 port 62304 [preauth]
Jun 26 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12488]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session closed for user root
Jun 26 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12903]: pam_unix(cron:session): session closed for user root
Jun 26 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12897]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12964]: Successful su for rubyman by root
Jun 26 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12964]: + ??? root:rubyman
Jun 26 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595209 of user rubyman.
Jun 26 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12964]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595209.
Jun 26 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12899]: pam_unix(cron:session): session closed for user root
Jun 26 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session closed for user root
Jun 26 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12898]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11964]: pam_unix(cron:session): session closed for user root
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13338]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13339]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13336]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13405]: Successful su for rubyman by root
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13405]: + ??? root:rubyman
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595211 of user rubyman.
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13405]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595211.
Jun 26 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10622]: pam_unix(cron:session): session closed for user root
Jun 26 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13337]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session closed for user root
Jun 26 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13812]: Successful su for rubyman by root
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13812]: + ??? root:rubyman
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595216 of user rubyman.
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13812]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595216.
Jun 26 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: Failed password for root from 103.27.238.116 port 58404 ssh2
Jun 26 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: Connection closed by 103.27.238.116 port 58404 [preauth]
Jun 26 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session closed for user root
Jun 26 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13743]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12902]: pam_unix(cron:session): session closed for user root
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14145]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14207]: Successful su for rubyman by root
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14207]: + ??? root:rubyman
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595219 of user rubyman.
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14207]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595219.
Jun 26 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session closed for user root
Jun 26 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14146]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13339]: pam_unix(cron:session): session closed for user root
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14529]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14590]: Successful su for rubyman by root
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14590]: + ??? root:rubyman
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595224 of user rubyman.
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14590]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595224.
Jun 26 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11963]: pam_unix(cron:session): session closed for user root
Jun 26 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session closed for user root
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session closed for user root
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15088]: Successful su for rubyman by root
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15088]: + ??? root:rubyman
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595229 of user rubyman.
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15088]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595229.
Jun 26 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15018]: pam_unix(cron:session): session closed for user root
Jun 26 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12489]: pam_unix(cron:session): session closed for user root
Jun 26 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15016]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session closed for user root
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15446]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15511]: Successful su for rubyman by root
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15511]: + ??? root:rubyman
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595234 of user rubyman.
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15511]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595234.
Jun 26 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12900]: pam_unix(cron:session): session closed for user root
Jun 26 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14533]: pam_unix(cron:session): session closed for user root
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15839]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15899]: Successful su for rubyman by root
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15899]: + ??? root:rubyman
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595237 of user rubyman.
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15899]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595237.
Jun 26 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13338]: pam_unix(cron:session): session closed for user root
Jun 26 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15840]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session closed for user root
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16222]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16280]: Successful su for rubyman by root
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16280]: + ??? root:rubyman
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595242 of user rubyman.
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16280]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595242.
Jun 26 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session closed for user root
Jun 26 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16223]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.183.133  user=root
Jun 26 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: Failed password for root from 188.166.183.133 port 51764 ssh2
Jun 26 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: Connection closed by 188.166.183.133 port 51764 [preauth]
Jun 26 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15449]: pam_unix(cron:session): session closed for user root
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16612]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16679]: Successful su for rubyman by root
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16679]: + ??? root:rubyman
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595246 of user rubyman.
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16679]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595246.
Jun 26 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14147]: pam_unix(cron:session): session closed for user root
Jun 26 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16613]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15842]: pam_unix(cron:session): session closed for user root
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session closed for user root
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17113]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17178]: Successful su for rubyman by root
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17178]: + ??? root:rubyman
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595249 of user rubyman.
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17178]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595249.
Jun 26 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17115]: pam_unix(cron:session): session closed for user root
Jun 26 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14531]: pam_unix(cron:session): session closed for user root
Jun 26 07:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17114]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 07:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Failed password for root from 103.15.222.183 port 50998 ssh2
Jun 26 07:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Connection closed by 103.15.222.183 port 50998 [preauth]
Jun 26 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session closed for user root
Jun 26 07:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: Connection closed by 194.59.206.2 port 43610 [preauth]
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17616]: Successful su for rubyman by root
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17616]: + ??? root:rubyman
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595256 of user rubyman.
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17616]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595256.
Jun 26 07:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session closed for user root
Jun 26 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16615]: pam_unix(cron:session): session closed for user root
Jun 26 07:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: Invalid user admin from 45.148.10.121
Jun 26 07:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: input_userauth_request: invalid user admin [preauth]
Jun 26 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 07:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: Failed password for invalid user admin from 45.148.10.121 port 52438 ssh2
Jun 26 07:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: Connection closed by 45.148.10.121 port 52438 [preauth]
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18068]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18066]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18133]: Successful su for rubyman by root
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18133]: + ??? root:rubyman
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595259 of user rubyman.
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18133]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595259.
Jun 26 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 26 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15448]: pam_unix(cron:session): session closed for user root
Jun 26 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: Failed password for root from 89.223.69.22 port 40754 ssh2
Jun 26 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: Connection closed by 89.223.69.22 port 40754 [preauth]
Jun 26 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18067]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17117]: pam_unix(cron:session): session closed for user root
Jun 26 07:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18567]: Failed password for root from 38.93.206.2 port 57206 ssh2
Jun 26 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18567]: Connection closed by 38.93.206.2 port 57206 [preauth]
Jun 26 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18578]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18640]: Successful su for rubyman by root
Jun 26 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18640]: + ??? root:rubyman
Jun 26 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595263 of user rubyman.
Jun 26 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18640]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595263.
Jun 26 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15841]: pam_unix(cron:session): session closed for user root
Jun 26 07:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17556]: pam_unix(cron:session): session closed for user root
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18997]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: Successful su for rubyman by root
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: + ??? root:rubyman
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595267 of user rubyman.
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595267.
Jun 26 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16224]: pam_unix(cron:session): session closed for user root
Jun 26 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18998]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18069]: pam_unix(cron:session): session closed for user root
Jun 26 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session closed for user root
Jun 26 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19759]: Successful su for rubyman by root
Jun 26 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19759]: + ??? root:rubyman
Jun 26 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595273 of user rubyman.
Jun 26 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19759]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595273.
Jun 26 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session closed for user root
Jun 26 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16614]: pam_unix(cron:session): session closed for user root
Jun 26 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19552]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 07:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Failed password for root from 143.20.185.207 port 38328 ssh2
Jun 26 07:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Connection closed by 143.20.185.207 port 38328 [preauth]
Jun 26 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session closed for user root
Jun 26 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20137]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: Successful su for rubyman by root
Jun 26 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: + ??? root:rubyman
Jun 26 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595277 of user rubyman.
Jun 26 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595277.
Jun 26 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17116]: pam_unix(cron:session): session closed for user root
Jun 26 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20138]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19001]: pam_unix(cron:session): session closed for user root
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20666]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20801]: Successful su for rubyman by root
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20801]: + ??? root:rubyman
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595282 of user rubyman.
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20801]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595282.
Jun 26 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17554]: pam_unix(cron:session): session closed for user root
Jun 26 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: Failed password for root from 103.77.175.15 port 39836 ssh2
Jun 26 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20868]: Connection closed by 103.77.175.15 port 39836 [preauth]
Jun 26 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session closed for user root
Jun 26 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21140]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21207]: Successful su for rubyman by root
Jun 26 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21207]: + ??? root:rubyman
Jun 26 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595285 of user rubyman.
Jun 26 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21207]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595285.
Jun 26 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18068]: pam_unix(cron:session): session closed for user root
Jun 26 07:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21141]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session closed for user root
Jun 26 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21570]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21707]: Successful su for rubyman by root
Jun 26 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21707]: + ??? root:rubyman
Jun 26 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595291 of user rubyman.
Jun 26 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21707]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595291.
Jun 26 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session closed for user root
Jun 26 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session closed for user root
Jun 26 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21571]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20672]: pam_unix(cron:session): session closed for user root
Jun 26 07:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: Invalid user andrea from 141.98.83.240
Jun 26 07:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: input_userauth_request: invalid user andrea [preauth]
Jun 26 07:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: Failed password for invalid user andrea from 141.98.83.240 port 31876 ssh2
Jun 26 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: Failed password for invalid user andrea from 141.98.83.240 port 31876 ssh2
Jun 26 07:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: Failed password for invalid user andrea from 141.98.83.240 port 31876 ssh2
Jun 26 07:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: Connection closed by 141.98.83.240 port 31876 [preauth]
Jun 26 07:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session closed for user root
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22071]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22146]: Successful su for rubyman by root
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22146]: + ??? root:rubyman
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595294 of user rubyman.
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22146]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595294.
Jun 26 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22073]: pam_unix(cron:session): session closed for user root
Jun 26 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18999]: pam_unix(cron:session): session closed for user root
Jun 26 07:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22072]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session closed for user root
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22663]: Successful su for rubyman by root
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22663]: + ??? root:rubyman
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595300 of user rubyman.
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22663]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595300.
Jun 26 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session closed for user root
Jun 26 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21574]: pam_unix(cron:session): session closed for user root
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23003]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23061]: Successful su for rubyman by root
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23061]: + ??? root:rubyman
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595305 of user rubyman.
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23061]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595305.
Jun 26 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session closed for user root
Jun 26 07:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23004]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user root
Jun 26 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23425]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23423]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23485]: Successful su for rubyman by root
Jun 26 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23485]: + ??? root:rubyman
Jun 26 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595310 of user rubyman.
Jun 26 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23485]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595310.
Jun 26 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session closed for user root
Jun 26 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23424]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 07:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: Failed password for root from 103.176.20.57 port 37284 ssh2
Jun 26 07:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: Connection closed by 103.176.20.57 port 37284 [preauth]
Jun 26 07:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22599]: pam_unix(cron:session): session closed for user root
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23945]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23942]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24009]: Successful su for rubyman by root
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24009]: + ??? root:rubyman
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595312 of user rubyman.
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24009]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595312.
Jun 26 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21143]: pam_unix(cron:session): session closed for user root
Jun 26 07:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23943]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session closed for user root
Jun 26 07:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 07:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: Failed password for root from 103.82.20.28 port 48346 ssh2
Jun 26 07:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: Connection closed by 103.82.20.28 port 48346 [preauth]
Jun 26 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24372]: pam_unix(cron:session): session closed for user root
Jun 26 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24438]: Successful su for rubyman by root
Jun 26 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24438]: + ??? root:rubyman
Jun 26 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595320 of user rubyman.
Jun 26 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24438]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595320.
Jun 26 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24369]: pam_unix(cron:session): session closed for user root
Jun 26 07:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21573]: pam_unix(cron:session): session closed for user root
Jun 26 07:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24368]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: Invalid user deisy from 2.57.121.112
Jun 26 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: input_userauth_request: invalid user deisy [preauth]
Jun 26 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: Failed password for invalid user deisy from 2.57.121.112 port 20748 ssh2
Jun 26 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23426]: pam_unix(cron:session): session closed for user root
Jun 26 07:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: Failed password for invalid user deisy from 2.57.121.112 port 20748 ssh2
Jun 26 07:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: Failed password for invalid user deisy from 2.57.121.112 port 20748 ssh2
Jun 26 07:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: Failed password for invalid user deisy from 2.57.121.112 port 20748 ssh2
Jun 26 07:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: Failed password for invalid user deisy from 2.57.121.112 port 20748 ssh2
Jun 26 07:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: Connection closed by 2.57.121.112 port 20748 [preauth]
Jun 26 07:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 07:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24743]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 26 07:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: Invalid user user from 193.46.255.86
Jun 26 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: input_userauth_request: invalid user user [preauth]
Jun 26 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: Successful su for rubyman by root
Jun 26 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: + ??? root:rubyman
Jun 26 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595322 of user rubyman.
Jun 26 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595322.
Jun 26 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: Failed password for invalid user user from 193.46.255.86 port 49374 ssh2
Jun 26 07:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22074]: pam_unix(cron:session): session closed for user root
Jun 26 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24839]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: Failed password for invalid user user from 193.46.255.86 port 49374 ssh2
Jun 26 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 07:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: Failed password for invalid user user from 193.46.255.86 port 49374 ssh2
Jun 26 07:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: Connection closed by 193.46.255.86 port 49374 [preauth]
Jun 26 07:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24834]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 07:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 07:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Failed password for root from 103.172.78.219 port 48176 ssh2
Jun 26 07:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Connection closed by 103.172.78.219 port 48176 [preauth]
Jun 26 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23945]: pam_unix(cron:session): session closed for user root
Jun 26 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 07:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: Failed password for root from 103.149.28.157 port 38068 ssh2
Jun 26 07:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: Connection closed by 103.149.28.157 port 38068 [preauth]
Jun 26 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25248]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: Successful su for rubyman by root
Jun 26 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: + ??? root:rubyman
Jun 26 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595327 of user rubyman.
Jun 26 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595327.
Jun 26 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22598]: pam_unix(cron:session): session closed for user root
Jun 26 07:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25249]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24371]: pam_unix(cron:session): session closed for user root
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25632]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25691]: Successful su for rubyman by root
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25691]: + ??? root:rubyman
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595330 of user rubyman.
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25691]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595330.
Jun 26 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23005]: pam_unix(cron:session): session closed for user root
Jun 26 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25633]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session closed for user root
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26081]: Successful su for rubyman by root
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26081]: + ??? root:rubyman
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595334 of user rubyman.
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26081]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595334.
Jun 26 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23425]: pam_unix(cron:session): session closed for user root
Jun 26 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26024]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 07:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Failed password for root from 103.77.242.62 port 50174 ssh2
Jun 26 07:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Connection closed by 103.77.242.62 port 50174 [preauth]
Jun 26 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25251]: pam_unix(cron:session): session closed for user root
Jun 26 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26423]: pam_unix(cron:session): session closed for user root
Jun 26 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26418]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26486]: Successful su for rubyman by root
Jun 26 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26486]: + ??? root:rubyman
Jun 26 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595338 of user rubyman.
Jun 26 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26486]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595338.
Jun 26 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26420]: pam_unix(cron:session): session closed for user root
Jun 26 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23944]: pam_unix(cron:session): session closed for user root
Jun 26 07:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26419]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25635]: pam_unix(cron:session): session closed for user root
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26929]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26926]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26993]: Successful su for rubyman by root
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26993]: + ??? root:rubyman
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26993]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595344 of user rubyman.
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26993]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595344.
Jun 26 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24370]: pam_unix(cron:session): session closed for user root
Jun 26 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26927]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26026]: pam_unix(cron:session): session closed for user root
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27345]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27413]: Successful su for rubyman by root
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27413]: + ??? root:rubyman
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595348 of user rubyman.
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27413]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595348.
Jun 26 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24840]: pam_unix(cron:session): session closed for user root
Jun 26 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27346]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26422]: pam_unix(cron:session): session closed for user root
Jun 26 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27758]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27818]: Successful su for rubyman by root
Jun 26 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27818]: + ??? root:rubyman
Jun 26 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595353 of user rubyman.
Jun 26 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27818]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595353.
Jun 26 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25250]: pam_unix(cron:session): session closed for user root
Jun 26 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27759]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: Failed password for root from 193.37.70.224 port 45394 ssh2
Jun 26 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: Connection closed by 193.37.70.224 port 45394 [preauth]
Jun 26 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: Failed password for root from 103.122.221.179 port 36842 ssh2
Jun 26 07:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: Connection closed by 103.122.221.179 port 36842 [preauth]
Jun 26 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26929]: pam_unix(cron:session): session closed for user root
Jun 26 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28223]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28221]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28281]: Successful su for rubyman by root
Jun 26 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28281]: + ??? root:rubyman
Jun 26 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595356 of user rubyman.
Jun 26 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28281]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595356.
Jun 26 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25634]: pam_unix(cron:session): session closed for user root
Jun 26 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28222]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session closed for user root
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28708]: pam_unix(cron:session): session closed for user root
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28702]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28779]: Successful su for rubyman by root
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28779]: + ??? root:rubyman
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595362 of user rubyman.
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28779]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595362.
Jun 26 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session closed for user root
Jun 26 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26025]: pam_unix(cron:session): session closed for user root
Jun 26 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28703]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: Failed password for root from 62.133.62.83 port 34996 ssh2
Jun 26 07:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: Connection closed by 62.133.62.83 port 34996 [preauth]
Jun 26 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session closed for user root
Jun 26 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29168]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29242]: Successful su for rubyman by root
Jun 26 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29242]: + ??? root:rubyman
Jun 26 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595366 of user rubyman.
Jun 26 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29242]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595366.
Jun 26 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26421]: pam_unix(cron:session): session closed for user root
Jun 26 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29169]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session closed for user root
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29691]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29689]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29774]: Successful su for rubyman by root
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29774]: + ??? root:rubyman
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595370 of user rubyman.
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29774]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595370.
Jun 26 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session closed for user root
Jun 26 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29690]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 07:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Did not receive identification string from 80.94.92.234
Jun 26 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session closed for user root
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30128]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30200]: Successful su for rubyman by root
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30200]: + ??? root:rubyman
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595376 of user rubyman.
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30200]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595376.
Jun 26 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session closed for user root
Jun 26 07:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30129]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29171]: pam_unix(cron:session): session closed for user root
Jun 26 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30548]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30544]: pam_unix(cron:session): session closed for user p13x
Jun 26 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30620]: Successful su for rubyman by root
Jun 26 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30620]: + ??? root:rubyman
Jun 26 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595378 of user rubyman.
Jun 26 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30620]: pam_unix(su:session): session closed for user rubyman
Jun 26 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595378.
Jun 26 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27760]: pam_unix(cron:session): session closed for user root
Jun 26 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30545]: pam_unix(cron:session): session closed for user samftp
Jun 26 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29692]: pam_unix(cron:session): session closed for user root
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31055]: pam_unix(cron:session): session closed for user root
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31050]: pam_unix(cron:session): session closed for user root
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31140]: Successful su for rubyman by root
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31140]: + ??? root:rubyman
Jun 26 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595382 of user rubyman.
Jun 26 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31140]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595382.
Jun 26 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31052]: pam_unix(cron:session): session closed for user root
Jun 26 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28223]: pam_unix(cron:session): session closed for user root
Jun 26 08:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31049]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 08:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: Failed password for root from 194.113.233.25 port 37058 ssh2
Jun 26 08:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: Connection closed by 194.113.233.25 port 37058 [preauth]
Jun 26 08:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30132]: pam_unix(cron:session): session closed for user root
Jun 26 08:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: Failed password for root from 143.20.185.207 port 50330 ssh2
Jun 26 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: Connection closed by 143.20.185.207 port 50330 [preauth]
Jun 26 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31560]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31715]: Successful su for rubyman by root
Jun 26 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31715]: + ??? root:rubyman
Jun 26 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595389 of user rubyman.
Jun 26 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31715]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595389.
Jun 26 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28705]: pam_unix(cron:session): session closed for user root
Jun 26 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31561]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30549]: pam_unix(cron:session): session closed for user root
Jun 26 08:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 08:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Failed password for root from 103.27.238.120 port 45872 ssh2
Jun 26 08:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Connection closed by 103.27.238.120 port 45872 [preauth]
Jun 26 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32080]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32142]: Successful su for rubyman by root
Jun 26 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32142]: + ??? root:rubyman
Jun 26 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595396 of user rubyman.
Jun 26 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32142]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595396.
Jun 26 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29170]: pam_unix(cron:session): session closed for user root
Jun 26 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32081]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 08:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: Failed password for root from 109.237.96.109 port 41118 ssh2
Jun 26 08:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: Connection closed by 109.237.96.109 port 41118 [preauth]
Jun 26 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session closed for user root
Jun 26 08:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 08:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Failed password for root from 87.251.79.125 port 33346 ssh2
Jun 26 08:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Connection closed by 87.251.79.125 port 33346 [preauth]
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: Successful su for rubyman by root
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: + ??? root:rubyman
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595398 of user rubyman.
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595398.
Jun 26 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29691]: pam_unix(cron:session): session closed for user root
Jun 26 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31563]: pam_unix(cron:session): session closed for user root
Jun 26 08:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 08:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[427]: Failed password for root from 103.153.68.219 port 55312 ssh2
Jun 26 08:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[427]: Connection closed by 103.153.68.219 port 55312 [preauth]
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[439]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: Successful su for rubyman by root
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: + ??? root:rubyman
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595402 of user rubyman.
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595402.
Jun 26 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30130]: pam_unix(cron:session): session closed for user root
Jun 26 08:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[440]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32083]: pam_unix(cron:session): session closed for user root
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1000]: pam_unix(cron:session): session closed for user root
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[993]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1091]: Successful su for rubyman by root
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1091]: + ??? root:rubyman
Jun 26 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595408 of user rubyman.
Jun 26 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1091]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595408.
Jun 26 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[995]: pam_unix(cron:session): session closed for user root
Jun 26 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30548]: pam_unix(cron:session): session closed for user root
Jun 26 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[994]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Invalid user admin from 2.57.121.25
Jun 26 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: input_userauth_request: invalid user admin [preauth]
Jun 26 08:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 08:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Failed password for invalid user admin from 2.57.121.25 port 12970 ssh2
Jun 26 08:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Failed password for invalid user admin from 2.57.121.25 port 12970 ssh2
Jun 26 08:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Failed password for invalid user admin from 2.57.121.25 port 12970 ssh2
Jun 26 08:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Connection closed by 2.57.121.25 port 12970 [preauth]
Jun 26 08:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session closed for user root
Jun 26 08:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: Failed password for root from 141.98.83.240 port 56308 ssh2
Jun 26 08:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: Failed password for root from 141.98.83.240 port 56308 ssh2
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1594]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1674]: Successful su for rubyman by root
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1674]: + ??? root:rubyman
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595412 of user rubyman.
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1674]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595412.
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: Failed password for root from 141.98.83.240 port 56308 ssh2
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: Connection closed by 141.98.83.240 port 56308 [preauth]
Jun 26 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31053]: pam_unix(cron:session): session closed for user root
Jun 26 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1595]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[443]: pam_unix(cron:session): session closed for user root
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2085]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2082]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: Successful su for rubyman by root
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: + ??? root:rubyman
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595416 of user rubyman.
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595416.
Jun 26 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31562]: pam_unix(cron:session): session closed for user root
Jun 26 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2083]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session closed for user root
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2504]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2585]: Successful su for rubyman by root
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2585]: + ??? root:rubyman
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595420 of user rubyman.
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2585]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595420.
Jun 26 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32082]: pam_unix(cron:session): session closed for user root
Jun 26 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 08:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2842]: Failed password for root from 147.45.199.80 port 60902 ssh2
Jun 26 08:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2842]: Connection closed by 147.45.199.80 port 60902 [preauth]
Jun 26 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1597]: pam_unix(cron:session): session closed for user root
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2932]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2929]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3044]: Successful su for rubyman by root
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3044]: + ??? root:rubyman
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595425 of user rubyman.
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3044]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595425.
Jun 26 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2927]: pam_unix(cron:session): session closed for user root
Jun 26 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session closed for user root
Jun 26 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2930]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2085]: pam_unix(cron:session): session closed for user root
Jun 26 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3407]: pam_unix(cron:session): session closed for user root
Jun 26 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3402]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: Successful su for rubyman by root
Jun 26 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: + ??? root:rubyman
Jun 26 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595428 of user rubyman.
Jun 26 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595428.
Jun 26 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3404]: pam_unix(cron:session): session closed for user root
Jun 26 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[441]: pam_unix(cron:session): session closed for user root
Jun 26 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3403]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session closed for user root
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3998]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: Successful su for rubyman by root
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: + ??? root:rubyman
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595436 of user rubyman.
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595436.
Jun 26 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[996]: pam_unix(cron:session): session closed for user root
Jun 26 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3999]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2932]: pam_unix(cron:session): session closed for user root
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4509]: Successful su for rubyman by root
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4509]: + ??? root:rubyman
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595438 of user rubyman.
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4509]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595438.
Jun 26 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1596]: pam_unix(cron:session): session closed for user root
Jun 26 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3406]: pam_unix(cron:session): session closed for user root
Jun 26 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4967]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5025]: Successful su for rubyman by root
Jun 26 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5025]: + ??? root:rubyman
Jun 26 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595442 of user rubyman.
Jun 26 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5025]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595442.
Jun 26 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2084]: pam_unix(cron:session): session closed for user root
Jun 26 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4968]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4005]: pam_unix(cron:session): session closed for user root
Jun 26 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5365]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5433]: Successful su for rubyman by root
Jun 26 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5433]: + ??? root:rubyman
Jun 26 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595446 of user rubyman.
Jun 26 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5433]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595446.
Jun 26 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2506]: pam_unix(cron:session): session closed for user root
Jun 26 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5366]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4451]: pam_unix(cron:session): session closed for user root
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5765]: pam_unix(cron:session): session closed for user root
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5759]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5831]: Successful su for rubyman by root
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5831]: + ??? root:rubyman
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595452 of user rubyman.
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5831]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595452.
Jun 26 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5761]: pam_unix(cron:session): session closed for user root
Jun 26 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2931]: pam_unix(cron:session): session closed for user root
Jun 26 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5760]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: Failed password for root from 38.93.206.2 port 49592 ssh2
Jun 26 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5989]: Connection closed by 38.93.206.2 port 49592 [preauth]
Jun 26 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4971]: pam_unix(cron:session): session closed for user root
Jun 26 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6182]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6249]: Successful su for rubyman by root
Jun 26 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6249]: + ??? root:rubyman
Jun 26 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595457 of user rubyman.
Jun 26 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6249]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595457.
Jun 26 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3405]: pam_unix(cron:session): session closed for user root
Jun 26 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6183]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5372]: pam_unix(cron:session): session closed for user root
Jun 26 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6575]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session closed for user root
Jun 26 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6639]: Successful su for rubyman by root
Jun 26 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6639]: + ??? root:rubyman
Jun 26 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595460 of user rubyman.
Jun 26 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6639]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595460.
Jun 26 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session closed for user root
Jun 26 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5764]: pam_unix(cron:session): session closed for user root
Jun 26 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7026]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7147]: Successful su for rubyman by root
Jun 26 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7147]: + ??? root:rubyman
Jun 26 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595466 of user rubyman.
Jun 26 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7147]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595466.
Jun 26 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session closed for user root
Jun 26 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7027]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6185]: pam_unix(cron:session): session closed for user root
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7543]: Successful su for rubyman by root
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7543]: + ??? root:rubyman
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595469 of user rubyman.
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7543]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595469.
Jun 26 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session closed for user root
Jun 26 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7483]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Failed password for root from 80.66.85.226 port 35418 ssh2
Jun 26 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Connection closed by 80.66.85.226 port 35418 [preauth]
Jun 26 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6576]: pam_unix(cron:session): session closed for user root
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session closed for user root
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7966]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8035]: Successful su for rubyman by root
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8035]: + ??? root:rubyman
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595473 of user rubyman.
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8035]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595473.
Jun 26 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7968]: pam_unix(cron:session): session closed for user root
Jun 26 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5371]: pam_unix(cron:session): session closed for user root
Jun 26 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7967]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7030]: pam_unix(cron:session): session closed for user root
Jun 26 08:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Failed password for root from 77.94.47.83 port 43748 ssh2
Jun 26 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Connection closed by 77.94.47.83 port 43748 [preauth]
Jun 26 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8392]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: Successful su for rubyman by root
Jun 26 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: + ??? root:rubyman
Jun 26 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595482 of user rubyman.
Jun 26 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595482.
Jun 26 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5762]: pam_unix(cron:session): session closed for user root
Jun 26 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8393]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7485]: pam_unix(cron:session): session closed for user root
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8801]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8863]: Successful su for rubyman by root
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8863]: + ??? root:rubyman
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595485 of user rubyman.
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8863]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595485.
Jun 26 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6184]: pam_unix(cron:session): session closed for user root
Jun 26 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8802]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9051]: Connection reset by 164.90.176.216 port 29871 [preauth]
Jun 26 08:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session closed for user root
Jun 26 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9199]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9196]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9256]: Successful su for rubyman by root
Jun 26 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9256]: + ??? root:rubyman
Jun 26 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595488 of user rubyman.
Jun 26 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9256]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595488.
Jun 26 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6575]: pam_unix(cron:session): session closed for user root
Jun 26 08:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9197]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8396]: pam_unix(cron:session): session closed for user root
Jun 26 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9577]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9650]: Successful su for rubyman by root
Jun 26 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9650]: + ??? root:rubyman
Jun 26 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595491 of user rubyman.
Jun 26 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9650]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595491.
Jun 26 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session closed for user root
Jun 26 08:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session closed for user root
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session closed for user root
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10158]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10319]: Successful su for rubyman by root
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10319]: + ??? root:rubyman
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595499 of user rubyman.
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10319]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595499.
Jun 26 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10160]: pam_unix(cron:session): session closed for user root
Jun 26 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7484]: pam_unix(cron:session): session closed for user root
Jun 26 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10159]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9199]: pam_unix(cron:session): session closed for user root
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10685]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10760]: Successful su for rubyman by root
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10760]: + ??? root:rubyman
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595502 of user rubyman.
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10760]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595502.
Jun 26 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7969]: pam_unix(cron:session): session closed for user root
Jun 26 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10686]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 08:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10953]: Failed password for root from 143.20.185.207 port 34040 ssh2
Jun 26 08:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10953]: Connection closed by 143.20.185.207 port 34040 [preauth]
Jun 26 08:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: Invalid user admin from 139.19.117.131
Jun 26 08:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: input_userauth_request: invalid user admin [preauth]
Jun 26 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: Connection closed by 139.19.117.131 port 37304 [preauth]
Jun 26 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9581]: pam_unix(cron:session): session closed for user root
Jun 26 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11116]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11184]: Successful su for rubyman by root
Jun 26 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11184]: + ??? root:rubyman
Jun 26 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595506 of user rubyman.
Jun 26 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11184]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595506.
Jun 26 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8394]: pam_unix(cron:session): session closed for user root
Jun 26 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11117]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session closed for user root
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11540]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11537]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11597]: Successful su for rubyman by root
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11597]: + ??? root:rubyman
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595510 of user rubyman.
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11597]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595510.
Jun 26 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session closed for user root
Jun 26 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10689]: pam_unix(cron:session): session closed for user root
Jun 26 08:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Failed password for root from 103.82.132.16 port 49610 ssh2
Jun 26 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Connection closed by 103.82.132.16 port 49610 [preauth]
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: Successful su for rubyman by root
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: + ??? root:rubyman
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595513 of user rubyman.
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12054]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595513.
Jun 26 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9198]: pam_unix(cron:session): session closed for user root
Jun 26 08:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11119]: pam_unix(cron:session): session closed for user root
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12512]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12510]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12511]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12513]: pam_unix(cron:session): session closed for user root
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12508]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12573]: Successful su for rubyman by root
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12573]: + ??? root:rubyman
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595519 of user rubyman.
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12573]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595519.
Jun 26 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12510]: pam_unix(cron:session): session closed for user root
Jun 26 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session closed for user root
Jun 26 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11540]: pam_unix(cron:session): session closed for user root
Jun 26 08:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: Connection closed by 194.59.206.2 port 45890 [preauth]
Jun 26 08:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 08:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Failed password for root from 51.250.105.222 port 54970 ssh2
Jun 26 08:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Connection closed by 51.250.105.222 port 54970 [preauth]
Jun 26 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12964]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12963]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12961]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13029]: Successful su for rubyman by root
Jun 26 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13029]: + ??? root:rubyman
Jun 26 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595523 of user rubyman.
Jun 26 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13029]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595523.
Jun 26 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10161]: pam_unix(cron:session): session closed for user root
Jun 26 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12962]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session closed for user root
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13379]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13376]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13436]: Successful su for rubyman by root
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13436]: + ??? root:rubyman
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595529 of user rubyman.
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13436]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595529.
Jun 26 08:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Invalid user ubnt from 141.98.83.240
Jun 26 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: input_userauth_request: invalid user ubnt [preauth]
Jun 26 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10687]: pam_unix(cron:session): session closed for user root
Jun 26 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13377]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Failed password for invalid user ubnt from 141.98.83.240 port 39150 ssh2
Jun 26 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Failed password for invalid user ubnt from 141.98.83.240 port 39150 ssh2
Jun 26 08:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Failed password for invalid user ubnt from 141.98.83.240 port 39150 ssh2
Jun 26 08:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Connection closed by 141.98.83.240 port 39150 [preauth]
Jun 26 08:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12512]: pam_unix(cron:session): session closed for user root
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: Successful su for rubyman by root
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: + ??? root:rubyman
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595533 of user rubyman.
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13838]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595533.
Jun 26 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session closed for user root
Jun 26 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13778]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12964]: pam_unix(cron:session): session closed for user root
Jun 26 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14170]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14237]: Successful su for rubyman by root
Jun 26 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14237]: + ??? root:rubyman
Jun 26 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595535 of user rubyman.
Jun 26 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14237]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595535.
Jun 26 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session closed for user root
Jun 26 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14172]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13379]: pam_unix(cron:session): session closed for user root
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14566]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14568]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14567]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14568]: pam_unix(cron:session): session closed for user root
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14563]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: Successful su for rubyman by root
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: + ??? root:rubyman
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595543 of user rubyman.
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595543.
Jun 26 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session closed for user root
Jun 26 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session closed for user root
Jun 26 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14564]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session closed for user root
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15153]: Successful su for rubyman by root
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15153]: + ??? root:rubyman
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595545 of user rubyman.
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15153]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595545.
Jun 26 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12511]: pam_unix(cron:session): session closed for user root
Jun 26 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15079]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Invalid user admin1 from 193.46.255.86
Jun 26 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: input_userauth_request: invalid user admin1 [preauth]
Jun 26 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14174]: pam_unix(cron:session): session closed for user root
Jun 26 08:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Failed password for invalid user admin1 from 193.46.255.86 port 4266 ssh2
Jun 26 08:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Failed password for invalid user admin1 from 193.46.255.86 port 4266 ssh2
Jun 26 08:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Failed password for invalid user admin1 from 193.46.255.86 port 4266 ssh2
Jun 26 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: Connection closed by 193.46.255.86 port 4266 [preauth]
Jun 26 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15403]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15478]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15540]: Successful su for rubyman by root
Jun 26 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15540]: + ??? root:rubyman
Jun 26 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595549 of user rubyman.
Jun 26 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15540]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595549.
Jun 26 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12963]: pam_unix(cron:session): session closed for user root
Jun 26 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 08:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: Failed password for root from 103.27.238.114 port 35600 ssh2
Jun 26 08:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: Connection closed by 103.27.238.114 port 35600 [preauth]
Jun 26 08:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14567]: pam_unix(cron:session): session closed for user root
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15874]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: Successful su for rubyman by root
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: + ??? root:rubyman
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595555 of user rubyman.
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595555.
Jun 26 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13378]: pam_unix(cron:session): session closed for user root
Jun 26 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15875]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session closed for user root
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16256]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16259]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: Successful su for rubyman by root
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: + ??? root:rubyman
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595557 of user rubyman.
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595557.
Jun 26 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16256]: pam_unix(cron:session): session closed for user root
Jun 26 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13779]: pam_unix(cron:session): session closed for user root
Jun 26 08:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16260]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session closed for user root
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16738]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16735]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16738]: pam_unix(cron:session): session closed for user root
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16803]: Successful su for rubyman by root
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16803]: + ??? root:rubyman
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595562 of user rubyman.
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16803]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595562.
Jun 26 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16735]: pam_unix(cron:session): session closed for user root
Jun 26 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session closed for user root
Jun 26 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15877]: pam_unix(cron:session): session closed for user root
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17257]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17256]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17254]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17330]: Successful su for rubyman by root
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17330]: + ??? root:rubyman
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595568 of user rubyman.
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17330]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595568.
Jun 26 08:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14566]: pam_unix(cron:session): session closed for user root
Jun 26 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17255]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16262]: pam_unix(cron:session): session closed for user root
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17757]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17830]: Successful su for rubyman by root
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17830]: + ??? root:rubyman
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595573 of user rubyman.
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17830]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595573.
Jun 26 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15080]: pam_unix(cron:session): session closed for user root
Jun 26 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17758]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session closed for user root
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18187]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18259]: Successful su for rubyman by root
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18259]: + ??? root:rubyman
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595578 of user rubyman.
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18259]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595578.
Jun 26 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session closed for user root
Jun 26 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18188]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17257]: pam_unix(cron:session): session closed for user root
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18688]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: Successful su for rubyman by root
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: + ??? root:rubyman
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595581 of user rubyman.
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595581.
Jun 26 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15876]: pam_unix(cron:session): session closed for user root
Jun 26 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18689]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session closed for user root
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19113]: pam_unix(cron:session): session closed for user root
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19108]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19273]: Successful su for rubyman by root
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19273]: + ??? root:rubyman
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595584 of user rubyman.
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19273]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595584.
Jun 26 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19110]: pam_unix(cron:session): session closed for user root
Jun 26 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16261]: pam_unix(cron:session): session closed for user root
Jun 26 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19109]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18190]: pam_unix(cron:session): session closed for user root
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19844]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19917]: Successful su for rubyman by root
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19917]: + ??? root:rubyman
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595590 of user rubyman.
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19917]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595590.
Jun 26 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session closed for user root
Jun 26 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19846]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18692]: pam_unix(cron:session): session closed for user root
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: Successful su for rubyman by root
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: + ??? root:rubyman
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595594 of user rubyman.
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595594.
Jun 26 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17256]: pam_unix(cron:session): session closed for user root
Jun 26 08:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20345]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19112]: pam_unix(cron:session): session closed for user root
Jun 26 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20852]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20850]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20916]: Successful su for rubyman by root
Jun 26 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20916]: + ??? root:rubyman
Jun 26 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595598 of user rubyman.
Jun 26 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20916]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595598.
Jun 26 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session closed for user root
Jun 26 08:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20851]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session closed for user root
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21252]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21314]: Successful su for rubyman by root
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21314]: + ??? root:rubyman
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595602 of user rubyman.
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21314]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595602.
Jun 26 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18189]: pam_unix(cron:session): session closed for user root
Jun 26 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21253]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session closed for user root
Jun 26 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21687]: pam_unix(cron:session): session closed for user root
Jun 26 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21682]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21753]: Successful su for rubyman by root
Jun 26 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21753]: + ??? root:rubyman
Jun 26 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595606 of user rubyman.
Jun 26 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21753]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595606.
Jun 26 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session closed for user root
Jun 26 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18690]: pam_unix(cron:session): session closed for user root
Jun 26 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21683]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20853]: pam_unix(cron:session): session closed for user root
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22113]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22195]: Successful su for rubyman by root
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22195]: + ??? root:rubyman
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595612 of user rubyman.
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22195]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595612.
Jun 26 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19111]: pam_unix(cron:session): session closed for user root
Jun 26 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22114]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21255]: pam_unix(cron:session): session closed for user root
Jun 26 08:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.20.185.207  user=root
Jun 26 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22566]: Failed password for root from 143.20.185.207 port 46004 ssh2
Jun 26 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22566]: Connection closed by 143.20.185.207 port 46004 [preauth]
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22618]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22680]: Successful su for rubyman by root
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22680]: + ??? root:rubyman
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595616 of user rubyman.
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22680]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595616.
Jun 26 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session closed for user root
Jun 26 08:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22619]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 26 08:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21686]: pam_unix(cron:session): session closed for user root
Jun 26 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: Failed password for root from 176.32.39.21 port 40224 ssh2
Jun 26 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: Connection closed by 176.32.39.21 port 40224 [preauth]
Jun 26 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23028]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23088]: Successful su for rubyman by root
Jun 26 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23088]: + ??? root:rubyman
Jun 26 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595620 of user rubyman.
Jun 26 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23088]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595620.
Jun 26 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20346]: pam_unix(cron:session): session closed for user root
Jun 26 08:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23029]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22116]: pam_unix(cron:session): session closed for user root
Jun 26 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23441]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: Successful su for rubyman by root
Jun 26 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: + ??? root:rubyman
Jun 26 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595624 of user rubyman.
Jun 26 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595624.
Jun 26 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20852]: pam_unix(cron:session): session closed for user root
Jun 26 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23442]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22621]: pam_unix(cron:session): session closed for user root
Jun 26 08:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23978]: pam_unix(cron:session): session closed for user root
Jun 26 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23971]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24043]: Successful su for rubyman by root
Jun 26 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24043]: + ??? root:rubyman
Jun 26 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595629 of user rubyman.
Jun 26 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24043]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595629.
Jun 26 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Failed password for root from 103.27.238.116 port 45342 ssh2
Jun 26 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Connection closed by 103.27.238.116 port 45342 [preauth]
Jun 26 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session closed for user root
Jun 26 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21254]: pam_unix(cron:session): session closed for user root
Jun 26 08:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23972]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: Invalid user  from 45.156.87.13
Jun 26 08:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: input_userauth_request: invalid user  [preauth]
Jun 26 08:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: Connection closed by 45.156.87.13 port 43748 [preauth]
Jun 26 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23031]: pam_unix(cron:session): session closed for user root
Jun 26 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24424]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: Successful su for rubyman by root
Jun 26 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: + ??? root:rubyman
Jun 26 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595636 of user rubyman.
Jun 26 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595636.
Jun 26 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21685]: pam_unix(cron:session): session closed for user root
Jun 26 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24422]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: User john from 45.156.87.13 not allowed because not listed in AllowUsers
Jun 26 08:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: input_userauth_request: invalid user john [preauth]
Jun 26 08:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=john
Jun 26 08:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Failed password for invalid user john from 45.156.87.13 port 49498 ssh2
Jun 26 08:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Connection closed by 45.156.87.13 port 49498 [preauth]
Jun 26 08:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Invalid user admin from 45.156.87.13
Jun 26 08:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: input_userauth_request: invalid user admin [preauth]
Jun 26 08:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Failed password for invalid user admin from 45.156.87.13 port 49514 ssh2
Jun 26 08:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Connection closed by 45.156.87.13 port 49514 [preauth]
Jun 26 08:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: Invalid user lucas from 45.156.87.13
Jun 26 08:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: input_userauth_request: invalid user lucas [preauth]
Jun 26 08:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: Failed password for invalid user lucas from 45.156.87.13 port 38138 ssh2
Jun 26 08:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24739]: Connection closed by 45.156.87.13 port 38138 [preauth]
Jun 26 08:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Invalid user devops from 45.156.87.13
Jun 26 08:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: input_userauth_request: invalid user devops [preauth]
Jun 26 08:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Failed password for invalid user devops from 45.156.87.13 port 38152 ssh2
Jun 26 08:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Connection closed by 45.156.87.13 port 38152 [preauth]
Jun 26 08:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Invalid user term2 from 45.156.87.13
Jun 26 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: input_userauth_request: invalid user term2 [preauth]
Jun 26 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Failed password for invalid user term2 from 45.156.87.13 port 46988 ssh2
Jun 26 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Connection closed by 45.156.87.13 port 46988 [preauth]
Jun 26 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23444]: pam_unix(cron:session): session closed for user root
Jun 26 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: Invalid user dev from 45.156.87.13
Jun 26 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: input_userauth_request: invalid user dev [preauth]
Jun 26 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: Failed password for invalid user dev from 45.156.87.13 port 47002 ssh2
Jun 26 08:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24817]: Connection closed by 45.156.87.13 port 47002 [preauth]
Jun 26 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Invalid user martin from 45.156.87.13
Jun 26 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: input_userauth_request: invalid user martin [preauth]
Jun 26 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Failed password for invalid user martin from 45.156.87.13 port 59078 ssh2
Jun 26 08:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Connection closed by 45.156.87.13 port 59078 [preauth]
Jun 26 08:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Invalid user guest from 45.156.87.13
Jun 26 08:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: input_userauth_request: invalid user guest [preauth]
Jun 26 08:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Failed password for invalid user guest from 45.156.87.13 port 56478 ssh2
Jun 26 08:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Connection closed by 45.156.87.13 port 56478 [preauth]
Jun 26 08:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Invalid user user3 from 45.156.87.13
Jun 26 08:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: input_userauth_request: invalid user user3 [preauth]
Jun 26 08:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Failed password for invalid user user3 from 45.156.87.13 port 56488 ssh2
Jun 26 08:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Connection closed by 45.156.87.13 port 56488 [preauth]
Jun 26 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: Failed password for root from 45.156.87.13 port 34808 ssh2
Jun 26 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: Connection closed by 45.156.87.13 port 34808 [preauth]
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24874]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24931]: Successful su for rubyman by root
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24931]: + ??? root:rubyman
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595638 of user rubyman.
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24931]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595638.
Jun 26 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session closed for user root
Jun 26 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: Failed password for root from 45.156.87.13 port 34822 ssh2
Jun 26 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: Connection closed by 45.156.87.13 port 34822 [preauth]
Jun 26 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 08:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Failed password for root from 45.156.87.13 port 37358 ssh2
Jun 26 08:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Connection closed by 45.156.87.13 port 37358 [preauth]
Jun 26 08:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25133]: Failed password for root from 38.93.206.2 port 51750 ssh2
Jun 26 08:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25133]: Connection closed by 38.93.206.2 port 51750 [preauth]
Jun 26 08:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Invalid user jack from 45.156.87.13
Jun 26 08:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: input_userauth_request: invalid user jack [preauth]
Jun 26 08:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Failed password for invalid user jack from 45.156.87.13 port 37362 ssh2
Jun 26 08:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Connection closed by 45.156.87.13 port 37362 [preauth]
Jun 26 08:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25171]: Invalid user guest from 45.156.87.13
Jun 26 08:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25171]: input_userauth_request: invalid user guest [preauth]
Jun 26 08:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25171]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25171]: Failed password for invalid user guest from 45.156.87.13 port 58542 ssh2
Jun 26 08:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25171]: Connection closed by 45.156.87.13 port 58542 [preauth]
Jun 26 08:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Invalid user system from 45.156.87.13
Jun 26 08:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: input_userauth_request: invalid user system [preauth]
Jun 26 08:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Failed password for invalid user system from 45.156.87.13 port 58552 ssh2
Jun 26 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Connection closed by 45.156.87.13 port 58552 [preauth]
Jun 26 08:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Invalid user test from 45.156.87.13
Jun 26 08:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: input_userauth_request: invalid user test [preauth]
Jun 26 08:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Failed password for invalid user test from 45.156.87.13 port 45054 ssh2
Jun 26 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Connection closed by 45.156.87.13 port 45054 [preauth]
Jun 26 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session closed for user root
Jun 26 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Invalid user jakob from 45.156.87.13
Jun 26 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: input_userauth_request: invalid user jakob [preauth]
Jun 26 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Failed password for invalid user jakob from 45.156.87.13 port 45066 ssh2
Jun 26 08:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Connection closed by 45.156.87.13 port 45066 [preauth]
Jun 26 08:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Failed password for root from 45.156.87.13 port 59956 ssh2
Jun 26 08:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Connection closed by 45.156.87.13 port 59956 [preauth]
Jun 26 08:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: Failed password for root from 45.156.87.13 port 59980 ssh2
Jun 26 08:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: Connection closed by 45.156.87.13 port 59980 [preauth]
Jun 26 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25282]: Invalid user azureuser from 45.156.87.13
Jun 26 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25282]: input_userauth_request: invalid user azureuser [preauth]
Jun 26 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25282]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25282]: Failed password for invalid user azureuser from 45.156.87.13 port 40796 ssh2
Jun 26 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25282]: Connection closed by 45.156.87.13 port 40796 [preauth]
Jun 26 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25292]: Failed password for root from 45.156.87.13 port 60492 ssh2
Jun 26 08:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25292]: Connection closed by 45.156.87.13 port 60492 [preauth]
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25364]: Successful su for rubyman by root
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25364]: + ??? root:rubyman
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595642 of user rubyman.
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25364]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595642.
Jun 26 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25357]: Invalid user test from 45.156.87.13
Jun 26 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25357]: input_userauth_request: invalid user test [preauth]
Jun 26 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25357]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 26 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25357]: Failed password for invalid user test from 45.156.87.13 port 60500 ssh2
Jun 26 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25357]: Connection closed by 45.156.87.13 port 60500 [preauth]
Jun 26 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22620]: pam_unix(cron:session): session closed for user root
Jun 26 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Invalid user devon from 141.98.83.240
Jun 26 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: input_userauth_request: invalid user devon [preauth]
Jun 26 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: Failed password for root from 147.45.211.215 port 34044 ssh2
Jun 26 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25410]: Connection closed by 147.45.211.215 port 34044 [preauth]
Jun 26 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Invalid user user from 45.156.87.13
Jun 26 08:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: input_userauth_request: invalid user user [preauth]
Jun 26 08:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Failed password for invalid user devon from 141.98.83.240 port 16092 ssh2
Jun 26 08:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Failed password for invalid user user from 45.156.87.13 port 33330 ssh2
Jun 26 08:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Connection closed by 45.156.87.13 port 33330 [preauth]
Jun 26 08:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Failed password for invalid user devon from 141.98.83.240 port 16092 ssh2
Jun 26 08:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Failed password for invalid user devon from 141.98.83.240 port 16092 ssh2
Jun 26 08:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Connection closed by 141.98.83.240 port 16092 [preauth]
Jun 26 08:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Invalid user server from 45.156.87.13
Jun 26 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: input_userauth_request: invalid user server [preauth]
Jun 26 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Failed password for invalid user server from 45.156.87.13 port 33340 ssh2
Jun 26 08:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Connection closed by 45.156.87.13 port 33340 [preauth]
Jun 26 08:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Invalid user appuser from 45.156.87.13
Jun 26 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: input_userauth_request: invalid user appuser [preauth]
Jun 26 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Failed password for invalid user appuser from 45.156.87.13 port 47022 ssh2
Jun 26 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Connection closed by 45.156.87.13 port 47022 [preauth]
Jun 26 08:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25590]: Invalid user claude from 45.156.87.13
Jun 26 08:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25590]: input_userauth_request: invalid user claude [preauth]
Jun 26 08:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25590]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25590]: Failed password for invalid user claude from 45.156.87.13 port 47030 ssh2
Jun 26 08:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25590]: Connection closed by 45.156.87.13 port 47030 [preauth]
Jun 26 08:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25613]: Failed password for root from 45.156.87.13 port 44624 ssh2
Jun 26 08:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25613]: Connection closed by 45.156.87.13 port 44624 [preauth]
Jun 26 08:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: Invalid user cloud from 45.156.87.13
Jun 26 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: input_userauth_request: invalid user cloud [preauth]
Jun 26 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24424]: pam_unix(cron:session): session closed for user root
Jun 26 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: Failed password for invalid user cloud from 45.156.87.13 port 44632 ssh2
Jun 26 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: Connection closed by 45.156.87.13 port 44632 [preauth]
Jun 26 08:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Invalid user frappe from 45.156.87.13
Jun 26 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: input_userauth_request: invalid user frappe [preauth]
Jun 26 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Failed password for invalid user frappe from 45.156.87.13 port 53026 ssh2
Jun 26 08:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Connection closed by 45.156.87.13 port 53026 [preauth]
Jun 26 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: Invalid user git from 45.156.87.13
Jun 26 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: input_userauth_request: invalid user git [preauth]
Jun 26 08:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: Failed password for invalid user git from 45.156.87.13 port 53034 ssh2
Jun 26 08:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: Connection closed by 45.156.87.13 port 53034 [preauth]
Jun 26 08:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: Failed password for root from 45.156.87.13 port 43866 ssh2
Jun 26 08:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25694]: Connection closed by 45.156.87.13 port 43866 [preauth]
Jun 26 08:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: Failed password for root from 45.156.87.13 port 43892 ssh2
Jun 26 08:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: Connection closed by 45.156.87.13 port 43892 [preauth]
Jun 26 08:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: Invalid user deploy from 45.156.87.13
Jun 26 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: input_userauth_request: invalid user deploy [preauth]
Jun 26 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25719]: pam_unix(cron:session): session closed for user p13x
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25778]: Successful su for rubyman by root
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25778]: + ??? root:rubyman
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595647 of user rubyman.
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25778]: pam_unix(su:session): session closed for user rubyman
Jun 26 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595647.
Jun 26 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: Failed password for invalid user deploy from 45.156.87.13 port 58452 ssh2
Jun 26 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: Connection closed by 45.156.87.13 port 58452 [preauth]
Jun 26 08:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23030]: pam_unix(cron:session): session closed for user root
Jun 26 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: Failed password for root from 103.15.222.183 port 33268 ssh2
Jun 26 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Invalid user hadoop from 45.156.87.13
Jun 26 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: input_userauth_request: invalid user hadoop [preauth]
Jun 26 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25779]: Connection closed by 103.15.222.183 port 33268 [preauth]
Jun 26 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25720]: pam_unix(cron:session): session closed for user samftp
Jun 26 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Failed password for invalid user hadoop from 45.156.87.13 port 58456 ssh2
Jun 26 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Connection closed by 45.156.87.13 port 58456 [preauth]
Jun 26 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Invalid user vpn from 45.156.87.13
Jun 26 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: input_userauth_request: invalid user vpn [preauth]
Jun 26 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Failed password for invalid user vpn from 45.156.87.13 port 57436 ssh2
Jun 26 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Connection closed by 45.156.87.13 port 57436 [preauth]
Jun 26 08:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Failed password for root from 45.156.87.13 port 57444 ssh2
Jun 26 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Connection closed by 45.156.87.13 port 57444 [preauth]
Jun 26 08:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26006]: Invalid user tactical from 45.156.87.13
Jun 26 08:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26006]: input_userauth_request: invalid user tactical [preauth]
Jun 26 08:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26006]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26006]: Failed password for invalid user tactical from 45.156.87.13 port 57716 ssh2
Jun 26 08:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26006]: Connection closed by 45.156.87.13 port 57716 [preauth]
Jun 26 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26028]: Invalid user dev from 45.156.87.13
Jun 26 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26028]: input_userauth_request: invalid user dev [preauth]
Jun 26 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26028]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26028]: Failed password for invalid user dev from 45.156.87.13 port 57732 ssh2
Jun 26 08:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26028]: Connection closed by 45.156.87.13 port 57732 [preauth]
Jun 26 08:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: User john from 45.156.87.13 not allowed because not listed in AllowUsers
Jun 26 08:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: input_userauth_request: invalid user john [preauth]
Jun 26 08:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=john
Jun 26 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session closed for user root
Jun 26 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Failed password for invalid user john from 45.156.87.13 port 53100 ssh2
Jun 26 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Connection closed by 45.156.87.13 port 53100 [preauth]
Jun 26 08:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: Invalid user dspace from 45.156.87.13
Jun 26 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: input_userauth_request: invalid user dspace [preauth]
Jun 26 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: Failed password for invalid user dspace from 45.156.87.13 port 46510 ssh2
Jun 26 08:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: Connection closed by 45.156.87.13 port 46510 [preauth]
Jun 26 08:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: Invalid user portal from 45.156.87.13
Jun 26 08:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: input_userauth_request: invalid user portal [preauth]
Jun 26 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: Failed password for invalid user portal from 45.156.87.13 port 46516 ssh2
Jun 26 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26078]: Connection closed by 45.156.87.13 port 46516 [preauth]
Jun 26 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Invalid user teamspeak from 45.156.87.13
Jun 26 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: input_userauth_request: invalid user teamspeak [preauth]
Jun 26 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for invalid user teamspeak from 45.156.87.13 port 40874 ssh2
Jun 26 08:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Connection closed by 45.156.87.13 port 40874 [preauth]
Jun 26 08:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Failed password for root from 45.156.87.13 port 40890 ssh2
Jun 26 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Connection closed by 45.156.87.13 port 40890 [preauth]
Jun 26 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26134]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26135]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26138]: pam_unix(cron:session): session closed for user root
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26134]: pam_unix(cron:session): session closed for user root
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26226]: Successful su for rubyman by root
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26226]: + ??? root:rubyman
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595655 of user rubyman.
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26226]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595655.
Jun 26 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: Failed password for root from 45.156.87.13 port 60978 ssh2
Jun 26 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: Connection closed by 45.156.87.13 port 60978 [preauth]
Jun 26 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26135]: pam_unix(cron:session): session closed for user root
Jun 26 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: Invalid user dev from 45.156.87.13
Jun 26 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: input_userauth_request: invalid user dev [preauth]
Jun 26 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23443]: pam_unix(cron:session): session closed for user root
Jun 26 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Failed password for root from 202.178.126.219 port 34134 ssh2
Jun 26 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Connection closed by 202.178.126.219 port 34134 [preauth]
Jun 26 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26133]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: Failed password for invalid user dev from 45.156.87.13 port 60984 ssh2
Jun 26 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: Connection closed by 45.156.87.13 port 60984 [preauth]
Jun 26 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26455]: Failed password for root from 45.156.87.13 port 51810 ssh2
Jun 26 09:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26455]: Connection closed by 45.156.87.13 port 51810 [preauth]
Jun 26 09:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26478]: Invalid user labuser from 45.156.87.13
Jun 26 09:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26478]: input_userauth_request: invalid user labuser [preauth]
Jun 26 09:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26478]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26478]: Failed password for invalid user labuser from 45.156.87.13 port 51822 ssh2
Jun 26 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26478]: Connection closed by 45.156.87.13 port 51822 [preauth]
Jun 26 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: Failed password for root from 45.156.87.13 port 49252 ssh2
Jun 26 09:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: Connection closed by 45.156.87.13 port 49252 [preauth]
Jun 26 09:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: Invalid user odoo18 from 45.156.87.13
Jun 26 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: input_userauth_request: invalid user odoo18 [preauth]
Jun 26 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: Failed password for invalid user odoo18 from 45.156.87.13 port 44770 ssh2
Jun 26 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: Connection closed by 45.156.87.13 port 44770 [preauth]
Jun 26 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Invalid user app from 45.156.87.13
Jun 26 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: input_userauth_request: invalid user app [preauth]
Jun 26 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25306]: pam_unix(cron:session): session closed for user root
Jun 26 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Failed password for invalid user app from 45.156.87.13 port 44774 ssh2
Jun 26 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Connection closed by 45.156.87.13 port 44774 [preauth]
Jun 26 09:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Invalid user user1 from 45.156.87.13
Jun 26 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: input_userauth_request: invalid user user1 [preauth]
Jun 26 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Failed password for invalid user user1 from 45.156.87.13 port 37714 ssh2
Jun 26 09:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Connection closed by 45.156.87.13 port 37714 [preauth]
Jun 26 09:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Invalid user deploy from 45.156.87.13
Jun 26 09:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: input_userauth_request: invalid user deploy [preauth]
Jun 26 09:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Failed password for invalid user deploy from 45.156.87.13 port 37728 ssh2
Jun 26 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Connection closed by 45.156.87.13 port 37728 [preauth]
Jun 26 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: Invalid user bot from 45.156.87.13
Jun 26 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: input_userauth_request: invalid user bot [preauth]
Jun 26 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: Failed password for invalid user bot from 45.156.87.13 port 40872 ssh2
Jun 26 09:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26625]: Connection closed by 45.156.87.13 port 40872 [preauth]
Jun 26 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26635]: Invalid user odoo from 45.156.87.13
Jun 26 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26635]: input_userauth_request: invalid user odoo [preauth]
Jun 26 09:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26635]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26635]: Failed password for invalid user odoo from 45.156.87.13 port 40884 ssh2
Jun 26 09:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26635]: Connection closed by 45.156.87.13 port 40884 [preauth]
Jun 26 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: Invalid user dmdba from 45.156.87.13
Jun 26 09:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: input_userauth_request: invalid user dmdba [preauth]
Jun 26 09:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: Successful su for rubyman by root
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: + ??? root:rubyman
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595658 of user rubyman.
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595658.
Jun 26 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: Failed password for invalid user dmdba from 45.156.87.13 port 37454 ssh2
Jun 26 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: Connection closed by 45.156.87.13 port 37454 [preauth]
Jun 26 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session closed for user root
Jun 26 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: Invalid user user3 from 45.156.87.13
Jun 26 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: input_userauth_request: invalid user user3 [preauth]
Jun 26 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: Failed password for invalid user user3 from 45.156.87.13 port 37470 ssh2
Jun 26 09:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: Connection closed by 45.156.87.13 port 37470 [preauth]
Jun 26 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: Failed password for invalid user ubuntu from 45.156.87.13 port 34694 ssh2
Jun 26 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: Connection closed by 45.156.87.13 port 34694 [preauth]
Jun 26 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: Invalid user elasticsearch from 45.156.87.13
Jun 26 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 26 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: Failed password for invalid user elasticsearch from 45.156.87.13 port 39318 ssh2
Jun 26 09:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: Connection closed by 45.156.87.13 port 39318 [preauth]
Jun 26 09:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 26 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: Invalid user admin from 45.156.87.13
Jun 26 09:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27028]: Failed password for root from 46.19.67.181 port 55736 ssh2
Jun 26 09:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27028]: Connection closed by 46.19.67.181 port 55736 [preauth]
Jun 26 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: Failed password for invalid user admin from 45.156.87.13 port 39330 ssh2
Jun 26 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: Connection closed by 45.156.87.13 port 39330 [preauth]
Jun 26 09:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: Invalid user linux from 45.156.87.13
Jun 26 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: input_userauth_request: invalid user linux [preauth]
Jun 26 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: Failed password for invalid user linux from 45.156.87.13 port 47936 ssh2
Jun 26 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: Connection closed by 45.156.87.13 port 47936 [preauth]
Jun 26 09:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session closed for user root
Jun 26 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: Failed password for root from 45.156.87.13 port 47940 ssh2
Jun 26 09:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27093]: Connection closed by 45.156.87.13 port 47940 [preauth]
Jun 26 09:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Failed password for root from 45.156.87.13 port 37770 ssh2
Jun 26 09:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Connection closed by 45.156.87.13 port 37770 [preauth]
Jun 26 09:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Invalid user splunk from 45.156.87.13
Jun 26 09:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: input_userauth_request: invalid user splunk [preauth]
Jun 26 09:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Failed password for invalid user splunk from 45.156.87.13 port 37776 ssh2
Jun 26 09:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Connection closed by 45.156.87.13 port 37776 [preauth]
Jun 26 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Invalid user operator from 45.156.87.13
Jun 26 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: input_userauth_request: invalid user operator [preauth]
Jun 26 09:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Invalid user admin from 2.57.121.25
Jun 26 09:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Failed password for invalid user operator from 45.156.87.13 port 34428 ssh2
Jun 26 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Connection closed by 45.156.87.13 port 34428 [preauth]
Jun 26 09:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Failed password for invalid user admin from 2.57.121.25 port 27434 ssh2
Jun 26 09:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Invalid user admin2 from 45.156.87.13
Jun 26 09:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: input_userauth_request: invalid user admin2 [preauth]
Jun 26 09:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Failed password for invalid user admin from 2.57.121.25 port 27434 ssh2
Jun 26 09:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Failed password for invalid user admin2 from 45.156.87.13 port 44258 ssh2
Jun 26 09:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Connection closed by 45.156.87.13 port 44258 [preauth]
Jun 26 09:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Failed password for invalid user admin from 2.57.121.25 port 27434 ssh2
Jun 26 09:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Connection closed by 2.57.121.25 port 27434 [preauth]
Jun 26 09:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27168]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27165]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27232]: Successful su for rubyman by root
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27232]: + ??? root:rubyman
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595661 of user rubyman.
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27232]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595661.
Jun 26 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: Invalid user minecraft from 45.156.87.13
Jun 26 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: input_userauth_request: invalid user minecraft [preauth]
Jun 26 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session closed for user root
Jun 26 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: Failed password for invalid user minecraft from 45.156.87.13 port 44268 ssh2
Jun 26 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: Connection closed by 45.156.87.13 port 44268 [preauth]
Jun 26 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27166]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27434]: Failed password for root from 45.156.87.13 port 42634 ssh2
Jun 26 09:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27434]: Connection closed by 45.156.87.13 port 42634 [preauth]
Jun 26 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: Invalid user emery from 2.57.121.112
Jun 26 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: input_userauth_request: invalid user emery [preauth]
Jun 26 09:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 09:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Invalid user openclaw from 45.156.87.13
Jun 26 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: input_userauth_request: invalid user openclaw [preauth]
Jun 26 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: Failed password for invalid user emery from 2.57.121.112 port 63932 ssh2
Jun 26 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Failed password for invalid user openclaw from 45.156.87.13 port 42650 ssh2
Jun 26 09:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27459]: Connection closed by 45.156.87.13 port 42650 [preauth]
Jun 26 09:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: Failed password for invalid user emery from 2.57.121.112 port 63932 ssh2
Jun 26 09:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: Failed password for invalid user emery from 2.57.121.112 port 63932 ssh2
Jun 26 09:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: Invalid user core from 45.156.87.13
Jun 26 09:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: input_userauth_request: invalid user core [preauth]
Jun 26 09:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: Failed password for invalid user emery from 2.57.121.112 port 63932 ssh2
Jun 26 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: Failed password for invalid user core from 45.156.87.13 port 34212 ssh2
Jun 26 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: Connection closed by 45.156.87.13 port 34212 [preauth]
Jun 26 09:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: Failed password for invalid user emery from 2.57.121.112 port 63932 ssh2
Jun 26 09:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: Connection closed by 2.57.121.112 port 63932 [preauth]
Jun 26 09:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 09:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27444]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 26 09:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: Failed password for root from 45.156.87.13 port 34214 ssh2
Jun 26 09:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: Connection closed by 45.156.87.13 port 34214 [preauth]
Jun 26 09:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Invalid user cloud from 45.156.87.13
Jun 26 09:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: input_userauth_request: invalid user cloud [preauth]
Jun 26 09:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26137]: pam_unix(cron:session): session closed for user root
Jun 26 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Failed password for invalid user cloud from 45.156.87.13 port 34488 ssh2
Jun 26 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Connection closed by 45.156.87.13 port 34488 [preauth]
Jun 26 09:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Invalid user web from 45.156.87.13
Jun 26 09:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: input_userauth_request: invalid user web [preauth]
Jun 26 09:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Failed password for invalid user web from 45.156.87.13 port 50780 ssh2
Jun 26 09:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Connection closed by 45.156.87.13 port 50780 [preauth]
Jun 26 09:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Invalid user myuser from 45.156.87.13
Jun 26 09:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: input_userauth_request: invalid user myuser [preauth]
Jun 26 09:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Failed password for invalid user myuser from 45.156.87.13 port 50794 ssh2
Jun 26 09:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Connection closed by 45.156.87.13 port 50794 [preauth]
Jun 26 09:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Invalid user pi from 45.156.87.13
Jun 26 09:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: input_userauth_request: invalid user pi [preauth]
Jun 26 09:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Failed password for invalid user pi from 45.156.87.13 port 44972 ssh2
Jun 26 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Connection closed by 45.156.87.13 port 44972 [preauth]
Jun 26 09:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: Invalid user git from 45.156.87.13
Jun 26 09:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: input_userauth_request: invalid user git [preauth]
Jun 26 09:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: Failed password for invalid user git from 45.156.87.13 port 44984 ssh2
Jun 26 09:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27599]: Connection closed by 45.156.87.13 port 44984 [preauth]
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27613]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27672]: Successful su for rubyman by root
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27672]: + ??? root:rubyman
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595666 of user rubyman.
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27672]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595666.
Jun 26 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: Failed password for root from 45.156.87.13 port 50550 ssh2
Jun 26 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: Connection closed by 45.156.87.13 port 50550 [preauth]
Jun 26 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24876]: pam_unix(cron:session): session closed for user root
Jun 26 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27614]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: Invalid user minecraft from 45.156.87.13
Jun 26 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: input_userauth_request: invalid user minecraft [preauth]
Jun 26 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: Failed password for invalid user minecraft from 45.156.87.13 port 34592 ssh2
Jun 26 09:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: Connection closed by 45.156.87.13 port 34592 [preauth]
Jun 26 09:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: Invalid user student from 45.156.87.13
Jun 26 09:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: input_userauth_request: invalid user student [preauth]
Jun 26 09:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: Failed password for invalid user student from 45.156.87.13 port 34602 ssh2
Jun 26 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: Connection closed by 45.156.87.13 port 34602 [preauth]
Jun 26 09:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Invalid user system from 45.156.87.13
Jun 26 09:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: input_userauth_request: invalid user system [preauth]
Jun 26 09:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Failed password for invalid user system from 45.156.87.13 port 41650 ssh2
Jun 26 09:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Connection closed by 45.156.87.13 port 41650 [preauth]
Jun 26 09:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Invalid user user2 from 45.156.87.13
Jun 26 09:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: input_userauth_request: invalid user user2 [preauth]
Jun 26 09:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Failed password for invalid user user2 from 45.156.87.13 port 41652 ssh2
Jun 26 09:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Connection closed by 45.156.87.13 port 41652 [preauth]
Jun 26 09:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26662]: pam_unix(cron:session): session closed for user root
Jun 26 09:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27944]: Failed password for root from 45.156.87.13 port 58144 ssh2
Jun 26 09:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27944]: Connection closed by 45.156.87.13 port 58144 [preauth]
Jun 26 09:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: Invalid user sam from 45.156.87.13
Jun 26 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: input_userauth_request: invalid user sam [preauth]
Jun 26 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: Failed password for invalid user sam from 45.156.87.13 port 54584 ssh2
Jun 26 09:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: Connection closed by 45.156.87.13 port 54584 [preauth]
Jun 26 09:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: Invalid user user from 45.156.87.13
Jun 26 09:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: input_userauth_request: invalid user user [preauth]
Jun 26 09:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: Failed password for invalid user user from 45.156.87.13 port 54594 ssh2
Jun 26 09:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: Connection closed by 45.156.87.13 port 54594 [preauth]
Jun 26 09:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for invalid user ubuntu from 45.156.87.13 port 47386 ssh2
Jun 26 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Connection closed by 45.156.87.13 port 47386 [preauth]
Jun 26 09:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: Invalid user bot from 45.156.87.13
Jun 26 09:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: input_userauth_request: invalid user bot [preauth]
Jun 26 09:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: Failed password for invalid user bot from 45.156.87.13 port 47396 ssh2
Jun 26 09:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: Connection closed by 45.156.87.13 port 47396 [preauth]
Jun 26 09:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Invalid user niaoyun from 45.156.87.13
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: input_userauth_request: invalid user niaoyun [preauth]
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28051]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: Successful su for rubyman by root
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: + ??? root:rubyman
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595671 of user rubyman.
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28166]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595671.
Jun 26 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Failed password for invalid user niaoyun from 45.156.87.13 port 33110 ssh2
Jun 26 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Connection closed by 45.156.87.13 port 33110 [preauth]
Jun 26 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25305]: pam_unix(cron:session): session closed for user root
Jun 26 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28052]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Invalid user osmc from 45.156.87.13
Jun 26 09:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: input_userauth_request: invalid user osmc [preauth]
Jun 26 09:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Failed password for invalid user osmc from 45.156.87.13 port 53266 ssh2
Jun 26 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Connection closed by 45.156.87.13 port 53266 [preauth]
Jun 26 09:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Failed password for root from 45.156.87.13 port 53270 ssh2
Jun 26 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Connection closed by 45.156.87.13 port 53270 [preauth]
Jun 26 09:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Invalid user ftpuser from 45.156.87.13
Jun 26 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Failed password for invalid user ftpuser from 45.156.87.13 port 36682 ssh2
Jun 26 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Connection closed by 45.156.87.13 port 36682 [preauth]
Jun 26 09:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Failed password for invalid user ubuntu from 45.156.87.13 port 36694 ssh2
Jun 26 09:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Connection closed by 45.156.87.13 port 36694 [preauth]
Jun 26 09:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Invalid user user10 from 45.156.87.13
Jun 26 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: input_userauth_request: invalid user user10 [preauth]
Jun 26 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27168]: pam_unix(cron:session): session closed for user root
Jun 26 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Failed password for invalid user user10 from 45.156.87.13 port 57392 ssh2
Jun 26 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Connection closed by 45.156.87.13 port 57392 [preauth]
Jun 26 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: Invalid user user from 45.156.87.13
Jun 26 09:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: input_userauth_request: invalid user user [preauth]
Jun 26 09:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: Failed password for invalid user user from 45.156.87.13 port 49954 ssh2
Jun 26 09:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: Connection closed by 45.156.87.13 port 49954 [preauth]
Jun 26 09:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: Invalid user support from 45.156.87.13
Jun 26 09:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: input_userauth_request: invalid user support [preauth]
Jun 26 09:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: Failed password for invalid user support from 45.156.87.13 port 49964 ssh2
Jun 26 09:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: Connection closed by 45.156.87.13 port 49964 [preauth]
Jun 26 09:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28481]: Connection reset by 45.148.10.147 port 21814 [preauth]
Jun 26 09:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 09:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: Invalid user solana from 45.156.87.13
Jun 26 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: input_userauth_request: invalid user solana [preauth]
Jun 26 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28479]: Failed password for root from 202.178.126.219 port 51137 ssh2
Jun 26 09:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28479]: Connection closed by 202.178.126.219 port 51137 [preauth]
Jun 26 09:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: Failed password for invalid user solana from 45.156.87.13 port 50990 ssh2
Jun 26 09:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: Connection closed by 45.156.87.13 port 50990 [preauth]
Jun 26 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: Invalid user kali from 45.156.87.13
Jun 26 09:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: input_userauth_request: invalid user kali [preauth]
Jun 26 09:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: Failed password for invalid user kali from 45.156.87.13 port 50994 ssh2
Jun 26 09:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: Connection closed by 45.156.87.13 port 50994 [preauth]
Jun 26 09:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28532]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28527]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28528]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28532]: pam_unix(cron:session): session closed for user root
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28520]: Invalid user ansible from 45.156.87.13
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28520]: input_userauth_request: invalid user ansible [preauth]
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28520]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28682]: Successful su for rubyman by root
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28682]: + ??? root:rubyman
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595676 of user rubyman.
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28682]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595676.
Jun 26 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28520]: Failed password for invalid user ansible from 45.156.87.13 port 56234 ssh2
Jun 26 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28520]: Connection closed by 45.156.87.13 port 56234 [preauth]
Jun 26 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28525]: pam_unix(cron:session): session closed for user root
Jun 26 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session closed for user root
Jun 26 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Invalid user sam from 45.156.87.13
Jun 26 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: input_userauth_request: invalid user sam [preauth]
Jun 26 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Failed password for invalid user sam from 45.156.87.13 port 47214 ssh2
Jun 26 09:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Connection closed by 45.156.87.13 port 47214 [preauth]
Jun 26 09:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Failed password for root from 45.156.87.13 port 47228 ssh2
Jun 26 09:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Connection closed by 45.156.87.13 port 47228 [preauth]
Jun 26 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: Invalid user deployer from 45.156.87.13
Jun 26 09:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: input_userauth_request: invalid user deployer [preauth]
Jun 26 09:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: Failed password for invalid user deployer from 45.156.87.13 port 36152 ssh2
Jun 26 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: Connection closed by 45.156.87.13 port 36152 [preauth]
Jun 26 09:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: Invalid user tom from 45.156.87.13
Jun 26 09:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: input_userauth_request: invalid user tom [preauth]
Jun 26 09:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: Failed password for invalid user tom from 45.156.87.13 port 36154 ssh2
Jun 26 09:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28952]: Connection closed by 45.156.87.13 port 36154 [preauth]
Jun 26 09:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28976]: Invalid user dev from 45.156.87.13
Jun 26 09:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28976]: input_userauth_request: invalid user dev [preauth]
Jun 26 09:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28976]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27616]: pam_unix(cron:session): session closed for user root
Jun 26 09:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28976]: Failed password for invalid user dev from 45.156.87.13 port 46962 ssh2
Jun 26 09:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28976]: Connection closed by 45.156.87.13 port 46962 [preauth]
Jun 26 09:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29013]: Invalid user centreon from 45.156.87.13
Jun 26 09:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29013]: input_userauth_request: invalid user centreon [preauth]
Jun 26 09:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29013]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29013]: Failed password for invalid user centreon from 45.156.87.13 port 50814 ssh2
Jun 26 09:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29013]: Connection closed by 45.156.87.13 port 50814 [preauth]
Jun 26 09:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: Failed password for root from 45.156.87.13 port 50816 ssh2
Jun 26 09:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29032]: Connection closed by 45.156.87.13 port 50816 [preauth]
Jun 26 09:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29059]: Failed password for root from 45.156.87.13 port 39150 ssh2
Jun 26 09:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29059]: Connection closed by 45.156.87.13 port 39150 [preauth]
Jun 26 09:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: Failed password for root from 45.156.87.13 port 39154 ssh2
Jun 26 09:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: Connection closed by 45.156.87.13 port 39154 [preauth]
Jun 26 09:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29084]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: Invalid user rocky from 45.156.87.13
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: input_userauth_request: invalid user rocky [preauth]
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29156]: Successful su for rubyman by root
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29156]: + ??? root:rubyman
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595680 of user rubyman.
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29156]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595680.
Jun 26 09:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: Failed password for invalid user rocky from 45.156.87.13 port 56590 ssh2
Jun 26 09:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: Connection closed by 45.156.87.13 port 56590 [preauth]
Jun 26 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26136]: pam_unix(cron:session): session closed for user root
Jun 26 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29085]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: Failed password for root from 45.156.87.13 port 47692 ssh2
Jun 26 09:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: Connection closed by 45.156.87.13 port 47692 [preauth]
Jun 26 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: Invalid user test from 45.156.87.13
Jun 26 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: input_userauth_request: invalid user test [preauth]
Jun 26 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: Failed password for invalid user test from 45.156.87.13 port 47704 ssh2
Jun 26 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: Connection closed by 45.156.87.13 port 47704 [preauth]
Jun 26 09:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: Failed password for root from 45.156.87.13 port 33726 ssh2
Jun 26 09:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: Connection closed by 45.156.87.13 port 33726 [preauth]
Jun 26 09:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: Invalid user fastuser from 45.156.87.13
Jun 26 09:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: input_userauth_request: invalid user fastuser [preauth]
Jun 26 09:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: Failed password for invalid user fastuser from 45.156.87.13 port 33736 ssh2
Jun 26 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: Connection closed by 45.156.87.13 port 33736 [preauth]
Jun 26 09:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Invalid user newuser from 45.156.87.13
Jun 26 09:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: input_userauth_request: invalid user newuser [preauth]
Jun 26 09:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28054]: pam_unix(cron:session): session closed for user root
Jun 26 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Failed password for invalid user newuser from 45.156.87.13 port 40972 ssh2
Jun 26 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Connection closed by 45.156.87.13 port 40972 [preauth]
Jun 26 09:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: Invalid user debian from 45.156.87.13
Jun 26 09:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: input_userauth_request: invalid user debian [preauth]
Jun 26 09:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: Failed password for invalid user debian from 45.156.87.13 port 45088 ssh2
Jun 26 09:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: Connection closed by 45.156.87.13 port 45088 [preauth]
Jun 26 09:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: Failed password for root from 45.156.87.13 port 45100 ssh2
Jun 26 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29483]: Connection closed by 45.156.87.13 port 45100 [preauth]
Jun 26 09:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Invalid user wso2 from 45.156.87.13
Jun 26 09:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: input_userauth_request: invalid user wso2 [preauth]
Jun 26 09:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Failed password for invalid user wso2 from 45.156.87.13 port 56880 ssh2
Jun 26 09:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Connection closed by 45.156.87.13 port 56880 [preauth]
Jun 26 09:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: Invalid user clawdbot from 45.156.87.13
Jun 26 09:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: input_userauth_request: invalid user clawdbot [preauth]
Jun 26 09:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: Failed password for invalid user clawdbot from 45.156.87.13 port 56894 ssh2
Jun 26 09:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: Connection closed by 45.156.87.13 port 56894 [preauth]
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29627]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29693]: Successful su for rubyman by root
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29693]: + ??? root:rubyman
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595683 of user rubyman.
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29693]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595683.
Jun 26 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Failed password for root from 45.156.87.13 port 47494 ssh2
Jun 26 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Connection closed by 45.156.87.13 port 47494 [preauth]
Jun 26 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26661]: pam_unix(cron:session): session closed for user root
Jun 26 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29628]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29916]: Invalid user botuser from 45.156.87.13
Jun 26 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29916]: input_userauth_request: invalid user botuser [preauth]
Jun 26 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29916]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29916]: Failed password for invalid user botuser from 45.156.87.13 port 42510 ssh2
Jun 26 09:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29916]: Connection closed by 45.156.87.13 port 42510 [preauth]
Jun 26 09:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: Invalid user openclaw from 45.156.87.13
Jun 26 09:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: input_userauth_request: invalid user openclaw [preauth]
Jun 26 09:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: Failed password for invalid user openclaw from 45.156.87.13 port 42528 ssh2
Jun 26 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: Connection closed by 45.156.87.13 port 42528 [preauth]
Jun 26 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: Invalid user test from 45.156.87.13
Jun 26 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: input_userauth_request: invalid user test [preauth]
Jun 26 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: Failed password for invalid user test from 45.156.87.13 port 51120 ssh2
Jun 26 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: Connection closed by 45.156.87.13 port 51120 [preauth]
Jun 26 09:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Invalid user drcomadmin from 45.156.87.13
Jun 26 09:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: input_userauth_request: invalid user drcomadmin [preauth]
Jun 26 09:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Failed password for invalid user drcomadmin from 45.156.87.13 port 51136 ssh2
Jun 26 09:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Connection closed by 45.156.87.13 port 51136 [preauth]
Jun 26 09:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: Failed password for root from 45.156.87.13 port 53990 ssh2
Jun 26 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: Connection closed by 45.156.87.13 port 53990 [preauth]
Jun 26 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28528]: pam_unix(cron:session): session closed for user root
Jun 26 09:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: Invalid user deploy from 45.156.87.13
Jun 26 09:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: input_userauth_request: invalid user deploy [preauth]
Jun 26 09:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: Failed password for invalid user deploy from 45.156.87.13 port 50040 ssh2
Jun 26 09:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30021]: Connection closed by 45.156.87.13 port 50040 [preauth]
Jun 26 09:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: Invalid user user4 from 45.156.87.13
Jun 26 09:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: input_userauth_request: invalid user user4 [preauth]
Jun 26 09:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: Failed password for invalid user user4 from 45.156.87.13 port 50042 ssh2
Jun 26 09:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: Connection closed by 45.156.87.13 port 50042 [preauth]
Jun 26 09:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Failed password for root from 45.156.87.13 port 60602 ssh2
Jun 26 09:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Connection closed by 45.156.87.13 port 60602 [preauth]
Jun 26 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: Invalid user admin from 45.156.87.13
Jun 26 09:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: Failed password for invalid user admin from 45.156.87.13 port 60616 ssh2
Jun 26 09:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30070]: Connection closed by 45.156.87.13 port 60616 [preauth]
Jun 26 09:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: Invalid user airflow from 45.156.87.13
Jun 26 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: input_userauth_request: invalid user airflow [preauth]
Jun 26 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30100]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30098]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: Successful su for rubyman by root
Jun 26 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: + ??? root:rubyman
Jun 26 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595687 of user rubyman.
Jun 26 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30170]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595687.
Jun 26 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: Failed password for invalid user airflow from 45.156.87.13 port 54636 ssh2
Jun 26 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: Connection closed by 45.156.87.13 port 54636 [preauth]
Jun 26 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27167]: pam_unix(cron:session): session closed for user root
Jun 26 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30099]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30351]: Invalid user deploy from 45.156.87.13
Jun 26 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30351]: input_userauth_request: invalid user deploy [preauth]
Jun 26 09:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30351]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30351]: Failed password for invalid user deploy from 45.156.87.13 port 54650 ssh2
Jun 26 09:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30351]: Connection closed by 45.156.87.13 port 54650 [preauth]
Jun 26 09:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30367]: Invalid user ranga from 45.156.87.13
Jun 26 09:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30367]: input_userauth_request: invalid user ranga [preauth]
Jun 26 09:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30367]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30367]: Failed password for invalid user ranga from 45.156.87.13 port 52236 ssh2
Jun 26 09:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30367]: Connection closed by 45.156.87.13 port 52236 [preauth]
Jun 26 09:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: Failed password for root from 45.156.87.13 port 41570 ssh2
Jun 26 09:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: Connection closed by 45.156.87.13 port 41570 [preauth]
Jun 26 09:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: Failed password for root from 45.156.87.13 port 41582 ssh2
Jun 26 09:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: Connection closed by 45.156.87.13 port 41582 [preauth]
Jun 26 09:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: Invalid user debian from 45.156.87.13
Jun 26 09:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: input_userauth_request: invalid user debian [preauth]
Jun 26 09:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: Failed password for invalid user debian from 45.156.87.13 port 49032 ssh2
Jun 26 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29088]: pam_unix(cron:session): session closed for user root
Jun 26 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: Connection closed by 45.156.87.13 port 49032 [preauth]
Jun 26 09:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30455]: Failed password for root from 45.156.87.13 port 36788 ssh2
Jun 26 09:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30455]: Connection closed by 45.156.87.13 port 36788 [preauth]
Jun 26 09:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: Failed password for root from 45.156.87.13 port 36822 ssh2
Jun 26 09:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: Connection closed by 45.156.87.13 port 36822 [preauth]
Jun 26 09:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: Invalid user ansible from 45.156.87.13
Jun 26 09:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: input_userauth_request: invalid user ansible [preauth]
Jun 26 09:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: Failed password for invalid user ansible from 45.156.87.13 port 42598 ssh2
Jun 26 09:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30498]: Connection closed by 45.156.87.13 port 42598 [preauth]
Jun 26 09:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: Invalid user cloud from 45.156.87.13
Jun 26 09:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: input_userauth_request: invalid user cloud [preauth]
Jun 26 09:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: Failed password for invalid user cloud from 45.156.87.13 port 42612 ssh2
Jun 26 09:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: Connection closed by 45.156.87.13 port 42612 [preauth]
Jun 26 09:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: Invalid user deploy from 45.156.87.13
Jun 26 09:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: input_userauth_request: invalid user deploy [preauth]
Jun 26 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30526]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30665]: Successful su for rubyman by root
Jun 26 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30665]: + ??? root:rubyman
Jun 26 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595692 of user rubyman.
Jun 26 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30665]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595692.
Jun 26 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30524]: pam_unix(cron:session): session closed for user root
Jun 26 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: Failed password for invalid user deploy from 45.156.87.13 port 41464 ssh2
Jun 26 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: Connection closed by 45.156.87.13 port 41464 [preauth]
Jun 26 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27615]: pam_unix(cron:session): session closed for user root
Jun 26 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Invalid user openvpn from 45.156.87.13
Jun 26 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: input_userauth_request: invalid user openvpn [preauth]
Jun 26 09:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Failed password for invalid user openvpn from 45.156.87.13 port 36386 ssh2
Jun 26 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Connection closed by 45.156.87.13 port 36386 [preauth]
Jun 26 09:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Invalid user karel from 45.156.87.13
Jun 26 09:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: input_userauth_request: invalid user karel [preauth]
Jun 26 09:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Failed password for invalid user karel from 45.156.87.13 port 36390 ssh2
Jun 26 09:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Connection closed by 45.156.87.13 port 36390 [preauth]
Jun 26 09:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: Invalid user amir from 45.156.87.13
Jun 26 09:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: input_userauth_request: invalid user amir [preauth]
Jun 26 09:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: Failed password for invalid user amir from 45.156.87.13 port 52960 ssh2
Jun 26 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: Connection closed by 45.156.87.13 port 52960 [preauth]
Jun 26 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Failed password for invalid user ubuntu from 45.156.87.13 port 52970 ssh2
Jun 26 09:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Connection closed by 45.156.87.13 port 52970 [preauth]
Jun 26 09:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Invalid user server from 45.156.87.13
Jun 26 09:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: input_userauth_request: invalid user server [preauth]
Jun 26 09:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Failed password for invalid user server from 45.156.87.13 port 57324 ssh2
Jun 26 09:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Connection closed by 45.156.87.13 port 57324 [preauth]
Jun 26 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session closed for user root
Jun 26 09:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Invalid user dani from 45.156.87.13
Jun 26 09:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: input_userauth_request: invalid user dani [preauth]
Jun 26 09:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Failed password for invalid user dani from 45.156.87.13 port 57332 ssh2
Jun 26 09:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Connection closed by 45.156.87.13 port 57332 [preauth]
Jun 26 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: Failed password for root from 45.156.87.13 port 51702 ssh2
Jun 26 09:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: Connection closed by 45.156.87.13 port 51702 [preauth]
Jun 26 09:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: User ftp from 45.156.87.13 not allowed because not listed in AllowUsers
Jun 26 09:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: input_userauth_request: invalid user ftp [preauth]
Jun 26 09:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=ftp
Jun 26 09:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: Failed password for invalid user ftp from 45.156.87.13 port 51718 ssh2
Jun 26 09:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: Connection closed by 45.156.87.13 port 51718 [preauth]
Jun 26 09:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Invalid user alex from 45.156.87.13
Jun 26 09:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: input_userauth_request: invalid user alex [preauth]
Jun 26 09:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Failed password for invalid user alex from 45.156.87.13 port 50794 ssh2
Jun 26 09:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Connection closed by 45.156.87.13 port 50794 [preauth]
Jun 26 09:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Invalid user openclaw from 45.156.87.13
Jun 26 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: input_userauth_request: invalid user openclaw [preauth]
Jun 26 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Failed password for invalid user openclaw from 45.156.87.13 port 53166 ssh2
Jun 26 09:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Connection closed by 45.156.87.13 port 53166 [preauth]
Jun 26 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31153]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31152]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31153]: pam_unix(cron:session): session closed for user root
Jun 26 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31148]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: Successful su for rubyman by root
Jun 26 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: + ??? root:rubyman
Jun 26 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595696 of user rubyman.
Jun 26 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595696.
Jun 26 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: Invalid user zabbix from 45.156.87.13
Jun 26 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: input_userauth_request: invalid user zabbix [preauth]
Jun 26 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31150]: pam_unix(cron:session): session closed for user root
Jun 26 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28053]: pam_unix(cron:session): session closed for user root
Jun 26 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: Failed password for invalid user zabbix from 45.156.87.13 port 53178 ssh2
Jun 26 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: Connection closed by 45.156.87.13 port 53178 [preauth]
Jun 26 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31429]: User mysql from 45.156.87.13 not allowed because not listed in AllowUsers
Jun 26 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31429]: input_userauth_request: invalid user mysql [preauth]
Jun 26 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=mysql
Jun 26 09:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31429]: Failed password for invalid user mysql from 45.156.87.13 port 36102 ssh2
Jun 26 09:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31429]: Connection closed by 45.156.87.13 port 36102 [preauth]
Jun 26 09:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31439]: Invalid user hadoop from 45.156.87.13
Jun 26 09:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31439]: input_userauth_request: invalid user hadoop [preauth]
Jun 26 09:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31439]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31439]: Failed password for invalid user hadoop from 45.156.87.13 port 36114 ssh2
Jun 26 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31439]: Connection closed by 45.156.87.13 port 36114 [preauth]
Jun 26 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: Invalid user node from 45.156.87.13
Jun 26 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: input_userauth_request: invalid user node [preauth]
Jun 26 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: Failed password for invalid user node from 45.156.87.13 port 33950 ssh2
Jun 26 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: Connection closed by 45.156.87.13 port 33950 [preauth]
Jun 26 09:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31475]: Invalid user aaa from 45.156.87.13
Jun 26 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31475]: input_userauth_request: invalid user aaa [preauth]
Jun 26 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31475]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31475]: Failed password for invalid user aaa from 45.156.87.13 port 33960 ssh2
Jun 26 09:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31475]: Connection closed by 45.156.87.13 port 33960 [preauth]
Jun 26 09:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: Invalid user server from 45.156.87.13
Jun 26 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: input_userauth_request: invalid user server [preauth]
Jun 26 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: Failed password for invalid user server from 45.156.87.13 port 49814 ssh2
Jun 26 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: Connection closed by 45.156.87.13 port 49814 [preauth]
Jun 26 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session closed for user root
Jun 26 09:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Invalid user mohammad from 45.156.87.13
Jun 26 09:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: input_userauth_request: invalid user mohammad [preauth]
Jun 26 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Failed password for invalid user mohammad from 45.156.87.13 port 49826 ssh2
Jun 26 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Connection closed by 45.156.87.13 port 49826 [preauth]
Jun 26 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31552]: Failed password for root from 193.37.70.224 port 46976 ssh2
Jun 26 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31552]: Connection closed by 193.37.70.224 port 46976 [preauth]
Jun 26 09:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Invalid user gitlab-runner from 45.156.87.13
Jun 26 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 26 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Failed password for invalid user gitlab-runner from 45.156.87.13 port 50316 ssh2
Jun 26 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Connection closed by 45.156.87.13 port 50316 [preauth]
Jun 26 09:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: Invalid user postgres from 45.156.87.13
Jun 26 09:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: input_userauth_request: invalid user postgres [preauth]
Jun 26 09:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: Failed password for invalid user postgres from 45.156.87.13 port 51228 ssh2
Jun 26 09:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: Connection closed by 45.156.87.13 port 51228 [preauth]
Jun 26 09:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: Invalid user deploy from 45.156.87.13
Jun 26 09:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: input_userauth_request: invalid user deploy [preauth]
Jun 26 09:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: Failed password for invalid user deploy from 45.156.87.13 port 51258 ssh2
Jun 26 09:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: Connection closed by 45.156.87.13 port 51258 [preauth]
Jun 26 09:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: Invalid user ai from 45.156.87.13
Jun 26 09:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: input_userauth_request: invalid user ai [preauth]
Jun 26 09:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: Failed password for invalid user ai from 45.156.87.13 port 50148 ssh2
Jun 26 09:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: Connection closed by 45.156.87.13 port 50148 [preauth]
Jun 26 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31705]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31702]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31780]: Successful su for rubyman by root
Jun 26 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31780]: + ??? root:rubyman
Jun 26 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595702 of user rubyman.
Jun 26 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31780]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595702.
Jun 26 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Invalid user system from 45.156.87.13
Jun 26 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: input_userauth_request: invalid user system [preauth]
Jun 26 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28527]: pam_unix(cron:session): session closed for user root
Jun 26 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for invalid user system from 45.156.87.13 port 50160 ssh2
Jun 26 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Connection closed by 45.156.87.13 port 50160 [preauth]
Jun 26 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31703]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: Invalid user teamspeak from 45.156.87.13
Jun 26 09:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: input_userauth_request: invalid user teamspeak [preauth]
Jun 26 09:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: Failed password for invalid user teamspeak from 45.156.87.13 port 54070 ssh2
Jun 26 09:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31972]: Connection closed by 45.156.87.13 port 54070 [preauth]
Jun 26 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Invalid user calvin from 45.156.87.13
Jun 26 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: input_userauth_request: invalid user calvin [preauth]
Jun 26 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Failed password for invalid user calvin from 45.156.87.13 port 54086 ssh2
Jun 26 09:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Connection closed by 45.156.87.13 port 54086 [preauth]
Jun 26 09:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Invalid user ali from 45.156.87.13
Jun 26 09:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: input_userauth_request: invalid user ali [preauth]
Jun 26 09:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Failed password for invalid user ali from 45.156.87.13 port 48124 ssh2
Jun 26 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Connection closed by 45.156.87.13 port 48124 [preauth]
Jun 26 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: Invalid user oracle from 45.156.87.13
Jun 26 09:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: input_userauth_request: invalid user oracle [preauth]
Jun 26 09:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: Failed password for invalid user oracle from 45.156.87.13 port 48126 ssh2
Jun 26 09:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: Connection closed by 45.156.87.13 port 48126 [preauth]
Jun 26 09:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30531]: pam_unix(cron:session): session closed for user root
Jun 26 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Failed password for root from 45.156.87.13 port 41880 ssh2
Jun 26 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Connection closed by 45.156.87.13 port 41880 [preauth]
Jun 26 09:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: Failed password for root from 45.156.87.13 port 33662 ssh2
Jun 26 09:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: Connection closed by 45.156.87.13 port 33662 [preauth]
Jun 26 09:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Invalid user kevin from 45.156.87.13
Jun 26 09:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: input_userauth_request: invalid user kevin [preauth]
Jun 26 09:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Failed password for invalid user kevin from 45.156.87.13 port 33670 ssh2
Jun 26 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Connection closed by 45.156.87.13 port 33670 [preauth]
Jun 26 09:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: Invalid user fastuser from 45.156.87.13
Jun 26 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: input_userauth_request: invalid user fastuser [preauth]
Jun 26 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: Failed password for invalid user fastuser from 45.156.87.13 port 35006 ssh2
Jun 26 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32118]: Connection closed by 45.156.87.13 port 35006 [preauth]
Jun 26 09:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32130]: Invalid user sonar from 45.156.87.13
Jun 26 09:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32130]: input_userauth_request: invalid user sonar [preauth]
Jun 26 09:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32130]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32130]: Failed password for invalid user sonar from 45.156.87.13 port 35022 ssh2
Jun 26 09:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32130]: Connection closed by 45.156.87.13 port 35022 [preauth]
Jun 26 09:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: Invalid user debian from 45.156.87.13
Jun 26 09:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: input_userauth_request: invalid user debian [preauth]
Jun 26 09:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32159]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32154]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32217]: Successful su for rubyman by root
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32217]: + ??? root:rubyman
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595706 of user rubyman.
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32217]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595706.
Jun 26 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: Failed password for invalid user debian from 45.156.87.13 port 39872 ssh2
Jun 26 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: Connection closed by 45.156.87.13 port 39872 [preauth]
Jun 26 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29086]: pam_unix(cron:session): session closed for user root
Jun 26 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32155]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Invalid user media from 45.156.87.13
Jun 26 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: input_userauth_request: invalid user media [preauth]
Jun 26 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Failed password for invalid user media from 45.156.87.13 port 39882 ssh2
Jun 26 09:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Connection closed by 45.156.87.13 port 39882 [preauth]
Jun 26 09:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: Invalid user cloud from 45.156.87.13
Jun 26 09:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: input_userauth_request: invalid user cloud [preauth]
Jun 26 09:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: Failed password for invalid user cloud from 45.156.87.13 port 44488 ssh2
Jun 26 09:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: Connection closed by 45.156.87.13 port 44488 [preauth]
Jun 26 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Invalid user student from 45.156.87.13
Jun 26 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: input_userauth_request: invalid user student [preauth]
Jun 26 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Failed password for invalid user student from 45.156.87.13 port 41644 ssh2
Jun 26 09:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Connection closed by 45.156.87.13 port 41644 [preauth]
Jun 26 09:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Failed password for root from 45.156.87.13 port 41662 ssh2
Jun 26 09:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Connection closed by 45.156.87.13 port 41662 [preauth]
Jun 26 09:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: Invalid user git from 45.156.87.13
Jun 26 09:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: input_userauth_request: invalid user git [preauth]
Jun 26 09:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 09:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: Failed password for invalid user git from 45.156.87.13 port 59652 ssh2
Jun 26 09:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: Connection closed by 45.156.87.13 port 59652 [preauth]
Jun 26 09:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: Failed password for root from 62.133.62.83 port 48198 ssh2
Jun 26 09:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: Connection closed by 62.133.62.83 port 48198 [preauth]
Jun 26 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31152]: pam_unix(cron:session): session closed for user root
Jun 26 09:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: Invalid user rocky from 45.156.87.13
Jun 26 09:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: input_userauth_request: invalid user rocky [preauth]
Jun 26 09:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: Failed password for invalid user rocky from 45.156.87.13 port 59654 ssh2
Jun 26 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: Connection closed by 45.156.87.13 port 59654 [preauth]
Jun 26 09:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Failed password for root from 45.156.87.13 port 48200 ssh2
Jun 26 09:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Connection closed by 45.156.87.13 port 48200 [preauth]
Jun 26 09:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Invalid user lin from 45.156.87.13
Jun 26 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: input_userauth_request: invalid user lin [preauth]
Jun 26 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Failed password for invalid user lin from 45.156.87.13 port 37584 ssh2
Jun 26 09:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Connection closed by 45.156.87.13 port 37584 [preauth]
Jun 26 09:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: Invalid user support from 45.156.87.13
Jun 26 09:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: input_userauth_request: invalid user support [preauth]
Jun 26 09:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: Failed password for invalid user support from 45.156.87.13 port 37600 ssh2
Jun 26 09:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: Connection closed by 45.156.87.13 port 37600 [preauth]
Jun 26 09:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Invalid user trade from 45.156.87.13
Jun 26 09:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: input_userauth_request: invalid user trade [preauth]
Jun 26 09:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Failed password for invalid user trade from 45.156.87.13 port 59942 ssh2
Jun 26 09:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Connection closed by 45.156.87.13 port 59942 [preauth]
Jun 26 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32576]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32637]: Successful su for rubyman by root
Jun 26 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32637]: + ??? root:rubyman
Jun 26 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595710 of user rubyman.
Jun 26 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32637]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595710.
Jun 26 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session closed for user root
Jun 26 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Invalid user potok from 45.156.87.13
Jun 26 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: input_userauth_request: invalid user potok [preauth]
Jun 26 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32577]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Failed password for invalid user potok from 45.156.87.13 port 59960 ssh2
Jun 26 09:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Connection closed by 45.156.87.13 port 59960 [preauth]
Jun 26 09:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[378]: Failed password for root from 45.156.87.13 port 34802 ssh2
Jun 26 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[378]: Connection closed by 45.156.87.13 port 34802 [preauth]
Jun 26 09:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[408]: Failed password for root from 45.156.87.13 port 34804 ssh2
Jun 26 09:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[408]: Connection closed by 45.156.87.13 port 34804 [preauth]
Jun 26 09:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: Invalid user iptv from 43.159.51.254
Jun 26 09:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: input_userauth_request: invalid user iptv [preauth]
Jun 26 09:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: Invalid user zahra from 45.156.87.13
Jun 26 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: input_userauth_request: invalid user zahra [preauth]
Jun 26 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: Failed password for invalid user iptv from 43.159.51.254 port 38030 ssh2
Jun 26 09:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: Received disconnect from 43.159.51.254 port 38030:11: Bye Bye [preauth]
Jun 26 09:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[410]: Disconnected from 43.159.51.254 port 38030 [preauth]
Jun 26 09:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: Failed password for invalid user zahra from 45.156.87.13 port 46620 ssh2
Jun 26 09:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: Connection closed by 45.156.87.13 port 46620 [preauth]
Jun 26 09:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: Invalid user user1 from 45.156.87.13
Jun 26 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: input_userauth_request: invalid user user1 [preauth]
Jun 26 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: Failed password for invalid user user1 from 45.156.87.13 port 48084 ssh2
Jun 26 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[579]: Connection closed by 45.156.87.13 port 48084 [preauth]
Jun 26 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Invalid user crafty from 45.156.87.13
Jun 26 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: input_userauth_request: invalid user crafty [preauth]
Jun 26 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31705]: pam_unix(cron:session): session closed for user root
Jun 26 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Failed password for invalid user crafty from 45.156.87.13 port 48094 ssh2
Jun 26 09:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Connection closed by 45.156.87.13 port 48094 [preauth]
Jun 26 09:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: Invalid user claude from 45.156.87.13
Jun 26 09:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: input_userauth_request: invalid user claude [preauth]
Jun 26 09:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: Failed password for invalid user claude from 45.156.87.13 port 57466 ssh2
Jun 26 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: Connection closed by 45.156.87.13 port 57466 [preauth]
Jun 26 09:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: Invalid user admin from 45.156.87.13
Jun 26 09:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: Failed password for invalid user admin from 45.156.87.13 port 57478 ssh2
Jun 26 09:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: Connection closed by 45.156.87.13 port 57478 [preauth]
Jun 26 09:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: User vncuser from 45.156.87.13 not allowed because not listed in AllowUsers
Jun 26 09:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: input_userauth_request: invalid user vncuser [preauth]
Jun 26 09:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=vncuser
Jun 26 09:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: Failed password for invalid user vncuser from 45.156.87.13 port 58452 ssh2
Jun 26 09:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: Connection closed by 45.156.87.13 port 58452 [preauth]
Jun 26 09:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: Invalid user lighthouse from 45.156.87.13
Jun 26 09:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: input_userauth_request: invalid user lighthouse [preauth]
Jun 26 09:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: Failed password for invalid user lighthouse from 45.156.87.13 port 58456 ssh2
Jun 26 09:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: Connection closed by 45.156.87.13 port 58456 [preauth]
Jun 26 09:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 09:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[694]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[691]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[753]: Successful su for rubyman by root
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[753]: + ??? root:rubyman
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595714 of user rubyman.
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[753]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595714.
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Invalid user martin from 45.156.87.13
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: input_userauth_request: invalid user martin [preauth]
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: Failed password for root from 103.176.20.57 port 37428 ssh2
Jun 26 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: Connection closed by 103.176.20.57 port 37428 [preauth]
Jun 26 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Failed password for invalid user martin from 45.156.87.13 port 52538 ssh2
Jun 26 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Connection closed by 45.156.87.13 port 52538 [preauth]
Jun 26 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30100]: pam_unix(cron:session): session closed for user root
Jun 26 09:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[692]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: Failed password for root from 45.156.87.13 port 46838 ssh2
Jun 26 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: Connection closed by 45.156.87.13 port 46838 [preauth]
Jun 26 09:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: Invalid user monitor from 45.156.87.13
Jun 26 09:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: input_userauth_request: invalid user monitor [preauth]
Jun 26 09:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: Failed password for invalid user monitor from 45.156.87.13 port 46840 ssh2
Jun 26 09:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: Connection closed by 45.156.87.13 port 46840 [preauth]
Jun 26 09:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: Failed password for root from 45.156.87.13 port 58220 ssh2
Jun 26 09:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: Connection closed by 45.156.87.13 port 58220 [preauth]
Jun 26 09:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: Invalid user reza from 45.156.87.13
Jun 26 09:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: input_userauth_request: invalid user reza [preauth]
Jun 26 09:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: Failed password for invalid user reza from 45.156.87.13 port 58224 ssh2
Jun 26 09:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1027]: Connection closed by 45.156.87.13 port 58224 [preauth]
Jun 26 09:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32159]: pam_unix(cron:session): session closed for user root
Jun 26 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Failed password for root from 45.156.87.13 port 42380 ssh2
Jun 26 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Connection closed by 45.156.87.13 port 42380 [preauth]
Jun 26 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Invalid user teamspeak from 45.156.87.13
Jun 26 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: input_userauth_request: invalid user teamspeak [preauth]
Jun 26 09:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Failed password for invalid user teamspeak from 45.156.87.13 port 49624 ssh2
Jun 26 09:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Connection closed by 45.156.87.13 port 49624 [preauth]
Jun 26 09:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Failed password for root from 45.156.87.13 port 49656 ssh2
Jun 26 09:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Connection closed by 45.156.87.13 port 49656 [preauth]
Jun 26 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: Invalid user ghost from 45.156.87.13
Jun 26 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: input_userauth_request: invalid user ghost [preauth]
Jun 26 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: Failed password for invalid user ghost from 45.156.87.13 port 42892 ssh2
Jun 26 09:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1135]: Connection closed by 45.156.87.13 port 42892 [preauth]
Jun 26 09:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: Invalid user btc from 45.156.87.13
Jun 26 09:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: input_userauth_request: invalid user btc [preauth]
Jun 26 09:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: Failed password for invalid user btc from 45.156.87.13 port 42908 ssh2
Jun 26 09:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: Connection closed by 45.156.87.13 port 42908 [preauth]
Jun 26 09:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1174]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1175]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1176]: pam_unix(cron:session): session closed for user root
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1170]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Invalid user myuser from 45.156.87.13
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: input_userauth_request: invalid user myuser [preauth]
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1245]: Successful su for rubyman by root
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1245]: + ??? root:rubyman
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595722 of user rubyman.
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1245]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595722.
Jun 26 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Failed password for invalid user myuser from 45.156.87.13 port 34060 ssh2
Jun 26 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Connection closed by 45.156.87.13 port 34060 [preauth]
Jun 26 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1173]: pam_unix(cron:session): session closed for user root
Jun 26 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30530]: pam_unix(cron:session): session closed for user root
Jun 26 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1172]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: Failed password for root from 45.156.87.13 port 36412 ssh2
Jun 26 09:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1566]: Connection closed by 45.156.87.13 port 36412 [preauth]
Jun 26 09:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Invalid user root1 from 45.156.87.13
Jun 26 09:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: input_userauth_request: invalid user root1 [preauth]
Jun 26 09:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Failed password for invalid user root1 from 45.156.87.13 port 36420 ssh2
Jun 26 09:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Connection closed by 45.156.87.13 port 36420 [preauth]
Jun 26 09:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Invalid user oracle from 45.156.87.13
Jun 26 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: input_userauth_request: invalid user oracle [preauth]
Jun 26 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Failed password for invalid user oracle from 45.156.87.13 port 34316 ssh2
Jun 26 09:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Connection closed by 45.156.87.13 port 34316 [preauth]
Jun 26 09:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1637]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1637]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1637]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1637]: Failed password for invalid user ubuntu from 45.156.87.13 port 34326 ssh2
Jun 26 09:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1637]: Connection closed by 45.156.87.13 port 34326 [preauth]
Jun 26 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Invalid user postgres from 45.156.87.13
Jun 26 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: input_userauth_request: invalid user postgres [preauth]
Jun 26 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Failed password for invalid user postgres from 45.156.87.13 port 55692 ssh2
Jun 26 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Connection closed by 45.156.87.13 port 55692 [preauth]
Jun 26 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32579]: pam_unix(cron:session): session closed for user root
Jun 26 09:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Invalid user erpnext from 45.156.87.13
Jun 26 09:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: input_userauth_request: invalid user erpnext [preauth]
Jun 26 09:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Failed password for invalid user erpnext from 45.156.87.13 port 55700 ssh2
Jun 26 09:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Connection closed by 45.156.87.13 port 55700 [preauth]
Jun 26 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: Invalid user devops from 45.156.87.13
Jun 26 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: input_userauth_request: invalid user devops [preauth]
Jun 26 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 09:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: Failed password for invalid user devops from 45.156.87.13 port 33352 ssh2
Jun 26 09:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: Failed password for root from 103.172.78.219 port 55494 ssh2
Jun 26 09:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: Connection closed by 45.156.87.13 port 33352 [preauth]
Jun 26 09:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: Connection closed by 103.172.78.219 port 55494 [preauth]
Jun 26 09:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: Invalid user root1 from 45.156.87.13
Jun 26 09:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: input_userauth_request: invalid user root1 [preauth]
Jun 26 09:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: Failed password for invalid user root1 from 45.156.87.13 port 33160 ssh2
Jun 26 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: Connection closed by 45.156.87.13 port 33160 [preauth]
Jun 26 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: Invalid user arthur from 45.156.87.13
Jun 26 09:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: input_userauth_request: invalid user arthur [preauth]
Jun 26 09:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: Failed password for invalid user arthur from 45.156.87.13 port 33188 ssh2
Jun 26 09:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: Connection closed by 45.156.87.13 port 33188 [preauth]
Jun 26 09:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1779]: Invalid user test from 45.156.87.13
Jun 26 09:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1779]: input_userauth_request: invalid user test [preauth]
Jun 26 09:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1779]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: Successful su for rubyman by root
Jun 26 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: + ??? root:rubyman
Jun 26 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595724 of user rubyman.
Jun 26 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595724.
Jun 26 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1779]: Failed password for invalid user test from 45.156.87.13 port 38142 ssh2
Jun 26 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1779]: Connection closed by 45.156.87.13 port 38142 [preauth]
Jun 26 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31151]: pam_unix(cron:session): session closed for user root
Jun 26 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1783]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Failed password for invalid user ubuntu from 45.156.87.13 port 38150 ssh2
Jun 26 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Connection closed by 45.156.87.13 port 38150 [preauth]
Jun 26 09:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Invalid user admin from 45.156.87.13
Jun 26 09:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Failed password for invalid user admin from 45.156.87.13 port 46896 ssh2
Jun 26 09:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Connection closed by 45.156.87.13 port 46896 [preauth]
Jun 26 09:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2130]: Failed password for root from 45.156.87.13 port 56526 ssh2
Jun 26 09:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2130]: Connection closed by 45.156.87.13 port 56526 [preauth]
Jun 26 09:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Invalid user user1 from 45.156.87.13
Jun 26 09:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: input_userauth_request: invalid user user1 [preauth]
Jun 26 09:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Failed password for invalid user user1 from 45.156.87.13 port 56538 ssh2
Jun 26 09:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Connection closed by 45.156.87.13 port 56538 [preauth]
Jun 26 09:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 09:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Invalid user claude from 45.156.87.13
Jun 26 09:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: input_userauth_request: invalid user claude [preauth]
Jun 26 09:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: Failed password for root from 103.77.175.15 port 50326 ssh2
Jun 26 09:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: Connection closed by 103.77.175.15 port 50326 [preauth]
Jun 26 09:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Failed password for invalid user claude from 45.156.87.13 port 34684 ssh2
Jun 26 09:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Connection closed by 45.156.87.13 port 34684 [preauth]
Jun 26 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[694]: pam_unix(cron:session): session closed for user root
Jun 26 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Invalid user app from 45.156.87.13
Jun 26 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: input_userauth_request: invalid user app [preauth]
Jun 26 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Failed password for invalid user app from 45.156.87.13 port 34692 ssh2
Jun 26 09:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Connection closed by 45.156.87.13 port 34692 [preauth]
Jun 26 09:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Invalid user admin1 from 45.156.87.13
Jun 26 09:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: input_userauth_request: invalid user admin1 [preauth]
Jun 26 09:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Failed password for invalid user admin1 from 45.156.87.13 port 55358 ssh2
Jun 26 09:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Connection closed by 45.156.87.13 port 55358 [preauth]
Jun 26 09:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: Invalid user user from 45.156.87.13
Jun 26 09:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: input_userauth_request: invalid user user [preauth]
Jun 26 09:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: Failed password for invalid user user from 45.156.87.13 port 55248 ssh2
Jun 26 09:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: Connection closed by 45.156.87.13 port 55248 [preauth]
Jun 26 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: Invalid user test from 45.156.87.13
Jun 26 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: input_userauth_request: invalid user test [preauth]
Jun 26 09:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: Failed password for invalid user test from 45.156.87.13 port 55258 ssh2
Jun 26 09:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: Connection closed by 45.156.87.13 port 55258 [preauth]
Jun 26 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Failed password for root from 45.156.87.13 port 35634 ssh2
Jun 26 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Connection closed by 45.156.87.13 port 35634 [preauth]
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2290]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2289]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2284]: pam_unix(cron:session): session closed for user root
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2286]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2358]: Successful su for rubyman by root
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2358]: + ??? root:rubyman
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595728 of user rubyman.
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2358]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595728.
Jun 26 09:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: Invalid user debian from 45.156.87.13
Jun 26 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: input_userauth_request: invalid user debian [preauth]
Jun 26 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31704]: pam_unix(cron:session): session closed for user root
Jun 26 09:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2288]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: Failed password for invalid user debian from 45.156.87.13 port 35638 ssh2
Jun 26 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2490]: Connection closed by 45.156.87.13 port 35638 [preauth]
Jun 26 09:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: Invalid user vbox from 45.156.87.13
Jun 26 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: input_userauth_request: invalid user vbox [preauth]
Jun 26 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: Failed password for invalid user vbox from 45.156.87.13 port 46352 ssh2
Jun 26 09:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: Connection closed by 45.156.87.13 port 46352 [preauth]
Jun 26 09:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Failed password for root from 45.156.87.13 port 46368 ssh2
Jun 26 09:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 26 09:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Connection closed by 45.156.87.13 port 46368 [preauth]
Jun 26 09:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: Failed password for root from 94.159.110.201 port 59048 ssh2
Jun 26 09:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: Connection closed by 94.159.110.201 port 59048 [preauth]
Jun 26 09:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Invalid user postgres from 45.156.87.13
Jun 26 09:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: input_userauth_request: invalid user postgres [preauth]
Jun 26 09:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Failed password for invalid user postgres from 45.156.87.13 port 35496 ssh2
Jun 26 09:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 09:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Connection closed by 45.156.87.13 port 35496 [preauth]
Jun 26 09:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Failed password for root from 103.82.20.28 port 57662 ssh2
Jun 26 09:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Connection closed by 103.82.20.28 port 57662 [preauth]
Jun 26 09:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Invalid user gitlab from 45.156.87.13
Jun 26 09:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: input_userauth_request: invalid user gitlab [preauth]
Jun 26 09:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Failed password for invalid user gitlab from 45.156.87.13 port 38832 ssh2
Jun 26 09:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Connection closed by 45.156.87.13 port 38832 [preauth]
Jun 26 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: Invalid user frappe from 45.156.87.13
Jun 26 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: input_userauth_request: invalid user frappe [preauth]
Jun 26 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1175]: pam_unix(cron:session): session closed for user root
Jun 26 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: Failed password for invalid user frappe from 45.156.87.13 port 38846 ssh2
Jun 26 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2642]: Connection closed by 45.156.87.13 port 38846 [preauth]
Jun 26 09:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: Invalid user milad from 45.156.87.13
Jun 26 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: input_userauth_request: invalid user milad [preauth]
Jun 26 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: Failed password for invalid user milad from 45.156.87.13 port 36838 ssh2
Jun 26 09:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: Connection closed by 45.156.87.13 port 36838 [preauth]
Jun 26 09:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Invalid user user1 from 45.156.87.13
Jun 26 09:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: input_userauth_request: invalid user user1 [preauth]
Jun 26 09:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Failed password for invalid user user1 from 45.156.87.13 port 36848 ssh2
Jun 26 09:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Connection closed by 45.156.87.13 port 36848 [preauth]
Jun 26 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Invalid user devops from 45.156.87.13
Jun 26 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: input_userauth_request: invalid user devops [preauth]
Jun 26 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: Failed password for root from 194.113.233.25 port 52960 ssh2
Jun 26 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: Connection closed by 194.113.233.25 port 52960 [preauth]
Jun 26 09:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Failed password for invalid user devops from 45.156.87.13 port 60238 ssh2
Jun 26 09:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Connection closed by 45.156.87.13 port 60238 [preauth]
Jun 26 09:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2733]: Invalid user media from 45.156.87.13
Jun 26 09:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2733]: input_userauth_request: invalid user media [preauth]
Jun 26 09:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2733]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2733]: Failed password for invalid user media from 45.156.87.13 port 60250 ssh2
Jun 26 09:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2733]: Connection closed by 45.156.87.13 port 60250 [preauth]
Jun 26 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2815]: Successful su for rubyman by root
Jun 26 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2815]: + ??? root:rubyman
Jun 26 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595733 of user rubyman.
Jun 26 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2815]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595733.
Jun 26 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32156]: pam_unix(cron:session): session closed for user root
Jun 26 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: Failed password for root from 45.156.87.13 port 59162 ssh2
Jun 26 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: Connection closed by 45.156.87.13 port 59162 [preauth]
Jun 26 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: User ftp from 45.156.87.13 not allowed because not listed in AllowUsers
Jun 26 09:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: input_userauth_request: invalid user ftp [preauth]
Jun 26 09:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=ftp
Jun 26 09:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: Failed password for invalid user ftp from 45.156.87.13 port 55482 ssh2
Jun 26 09:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: Connection closed by 45.156.87.13 port 55482 [preauth]
Jun 26 09:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Invalid user admin from 45.156.87.13
Jun 26 09:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Failed password for invalid user admin from 45.156.87.13 port 55486 ssh2
Jun 26 09:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Connection closed by 45.156.87.13 port 55486 [preauth]
Jun 26 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: Failed password for invalid user ubuntu from 45.156.87.13 port 40758 ssh2
Jun 26 09:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: Connection closed by 45.156.87.13 port 40758 [preauth]
Jun 26 09:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: Invalid user config from 45.156.87.13
Jun 26 09:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: input_userauth_request: invalid user config [preauth]
Jun 26 09:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: Failed password for invalid user config from 45.156.87.13 port 40764 ssh2
Jun 26 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3053]: Connection closed by 45.156.87.13 port 40764 [preauth]
Jun 26 09:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: Failed password for root from 45.156.87.13 port 57210 ssh2
Jun 26 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: Connection closed by 45.156.87.13 port 57210 [preauth]
Jun 26 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1785]: pam_unix(cron:session): session closed for user root
Jun 26 09:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Invalid user user from 45.156.87.13
Jun 26 09:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: input_userauth_request: invalid user user [preauth]
Jun 26 09:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Failed password for invalid user user from 45.156.87.13 port 57220 ssh2
Jun 26 09:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Connection closed by 45.156.87.13 port 57220 [preauth]
Jun 26 09:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: Invalid user dmdba from 45.156.87.13
Jun 26 09:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: input_userauth_request: invalid user dmdba [preauth]
Jun 26 09:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: Failed password for invalid user dmdba from 45.156.87.13 port 42276 ssh2
Jun 26 09:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: Connection closed by 45.156.87.13 port 42276 [preauth]
Jun 26 09:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Failed password for invalid user ubuntu from 45.156.87.13 port 41406 ssh2
Jun 26 09:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Connection closed by 45.156.87.13 port 41406 [preauth]
Jun 26 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3138]: Invalid user kim from 45.156.87.13
Jun 26 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3138]: input_userauth_request: invalid user kim [preauth]
Jun 26 09:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3138]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3138]: Failed password for invalid user kim from 45.156.87.13 port 41438 ssh2
Jun 26 09:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3138]: Connection closed by 45.156.87.13 port 41438 [preauth]
Jun 26 09:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Failed password for root from 45.156.87.13 port 44056 ssh2
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Connection closed by 45.156.87.13 port 44056 [preauth]
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3220]: Successful su for rubyman by root
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3220]: + ??? root:rubyman
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595738 of user rubyman.
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3220]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595738.
Jun 26 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32578]: pam_unix(cron:session): session closed for user root
Jun 26 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Invalid user deploy from 45.156.87.13
Jun 26 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: input_userauth_request: invalid user deploy [preauth]
Jun 26 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3161]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Failed password for invalid user deploy from 45.156.87.13 port 44086 ssh2
Jun 26 09:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Connection closed by 45.156.87.13 port 44086 [preauth]
Jun 26 09:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Invalid user aaa from 45.156.87.13
Jun 26 09:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: input_userauth_request: invalid user aaa [preauth]
Jun 26 09:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Failed password for invalid user aaa from 45.156.87.13 port 49424 ssh2
Jun 26 09:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Connection closed by 45.156.87.13 port 49424 [preauth]
Jun 26 09:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: Invalid user bot from 45.156.87.13
Jun 26 09:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: input_userauth_request: invalid user bot [preauth]
Jun 26 09:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: Failed password for invalid user bot from 45.156.87.13 port 56952 ssh2
Jun 26 09:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: Connection closed by 45.156.87.13 port 56952 [preauth]
Jun 26 09:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Invalid user trinity from 45.156.87.13
Jun 26 09:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: input_userauth_request: invalid user trinity [preauth]
Jun 26 09:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Failed password for invalid user trinity from 45.156.87.13 port 56960 ssh2
Jun 26 09:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Connection closed by 45.156.87.13 port 56960 [preauth]
Jun 26 09:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Invalid user deployer from 45.156.87.13
Jun 26 09:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: input_userauth_request: invalid user deployer [preauth]
Jun 26 09:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Failed password for invalid user deployer from 45.156.87.13 port 37838 ssh2
Jun 26 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Connection closed by 45.156.87.13 port 37838 [preauth]
Jun 26 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2290]: pam_unix(cron:session): session closed for user root
Jun 26 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Invalid user user1 from 45.156.87.13
Jun 26 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: input_userauth_request: invalid user user1 [preauth]
Jun 26 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Failed password for invalid user user1 from 45.156.87.13 port 37854 ssh2
Jun 26 09:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Connection closed by 45.156.87.13 port 37854 [preauth]
Jun 26 09:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3514]: Failed password for root from 45.156.87.13 port 45580 ssh2
Jun 26 09:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3514]: Connection closed by 45.156.87.13 port 45580 [preauth]
Jun 26 09:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: Failed password for root from 45.156.87.13 port 45598 ssh2
Jun 26 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: Connection closed by 45.156.87.13 port 45598 [preauth]
Jun 26 09:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: Invalid user bernard from 45.156.87.13
Jun 26 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: input_userauth_request: invalid user bernard [preauth]
Jun 26 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: Failed password for invalid user bernard from 45.156.87.13 port 59480 ssh2
Jun 26 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: Connection closed by 45.156.87.13 port 59480 [preauth]
Jun 26 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3564]: Failed password for root from 45.156.87.13 port 50296 ssh2
Jun 26 09:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3564]: Connection closed by 45.156.87.13 port 50296 [preauth]
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3581]: pam_unix(cron:session): session closed for user root
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3576]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3643]: Successful su for rubyman by root
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3643]: + ??? root:rubyman
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595745 of user rubyman.
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3643]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595745.
Jun 26 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3648]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3648]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3648]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3578]: pam_unix(cron:session): session closed for user root
Jun 26 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[693]: pam_unix(cron:session): session closed for user root
Jun 26 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Failed password for root from 109.237.96.109 port 42442 ssh2
Jun 26 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Connection closed by 109.237.96.109 port 42442 [preauth]
Jun 26 09:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3648]: Failed password for invalid user ubuntu from 45.156.87.13 port 50302 ssh2
Jun 26 09:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3648]: Connection closed by 45.156.87.13 port 50302 [preauth]
Jun 26 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3577]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Invalid user private from 45.156.87.13
Jun 26 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: input_userauth_request: invalid user private [preauth]
Jun 26 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Failed password for invalid user private from 45.156.87.13 port 49440 ssh2
Jun 26 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4050]: Connection closed by 45.156.87.13 port 49440 [preauth]
Jun 26 09:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: Failed password for root from 45.156.87.13 port 49456 ssh2
Jun 26 09:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: Connection closed by 45.156.87.13 port 49456 [preauth]
Jun 26 09:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Invalid user gns3 from 45.156.87.13
Jun 26 09:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: input_userauth_request: invalid user gns3 [preauth]
Jun 26 09:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Failed password for invalid user gns3 from 45.156.87.13 port 44692 ssh2
Jun 26 09:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Connection closed by 45.156.87.13 port 44692 [preauth]
Jun 26 09:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Invalid user guest from 45.156.87.13
Jun 26 09:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: input_userauth_request: invalid user guest [preauth]
Jun 26 09:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Failed password for invalid user guest from 45.156.87.13 port 44704 ssh2
Jun 26 09:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 09:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Connection closed by 45.156.87.13 port 44704 [preauth]
Jun 26 09:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: Failed password for root from 103.77.242.62 port 60792 ssh2
Jun 26 09:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: Connection closed by 103.77.242.62 port 60792 [preauth]
Jun 26 09:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: Failed password for root from 45.156.87.13 port 43126 ssh2
Jun 26 09:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: Connection closed by 45.156.87.13 port 43126 [preauth]
Jun 26 09:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2752]: pam_unix(cron:session): session closed for user root
Jun 26 09:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: Failed password for root from 103.149.28.157 port 48620 ssh2
Jun 26 09:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: Connection closed by 103.149.28.157 port 48620 [preauth]
Jun 26 09:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: Invalid user runner from 45.156.87.13
Jun 26 09:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: input_userauth_request: invalid user runner [preauth]
Jun 26 09:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: Failed password for invalid user runner from 45.156.87.13 port 43140 ssh2
Jun 26 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: Connection closed by 45.156.87.13 port 43140 [preauth]
Jun 26 09:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Invalid user student from 45.156.87.13
Jun 26 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: input_userauth_request: invalid user student [preauth]
Jun 26 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Failed password for invalid user student from 45.156.87.13 port 37138 ssh2
Jun 26 09:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Connection closed by 45.156.87.13 port 37138 [preauth]
Jun 26 09:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Invalid user gitlab-runner from 45.156.87.13
Jun 26 09:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: input_userauth_request: invalid user gitlab-runner [preauth]
Jun 26 09:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Failed password for invalid user gitlab-runner from 45.156.87.13 port 37148 ssh2
Jun 26 09:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Connection closed by 45.156.87.13 port 37148 [preauth]
Jun 26 09:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4214]: Invalid user claude from 45.156.87.13
Jun 26 09:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4214]: input_userauth_request: invalid user claude [preauth]
Jun 26 09:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4214]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4214]: Failed password for invalid user claude from 45.156.87.13 port 42388 ssh2
Jun 26 09:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4214]: Connection closed by 45.156.87.13 port 42388 [preauth]
Jun 26 09:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Invalid user amin from 45.156.87.13
Jun 26 09:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: input_userauth_request: invalid user amin [preauth]
Jun 26 09:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Failed password for invalid user amin from 45.156.87.13 port 53822 ssh2
Jun 26 09:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Connection closed by 45.156.87.13 port 53822 [preauth]
Jun 26 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4235]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4313]: Successful su for rubyman by root
Jun 26 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4313]: + ??? root:rubyman
Jun 26 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595748 of user rubyman.
Jun 26 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4313]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595748.
Jun 26 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Invalid user admin from 45.156.87.13
Jun 26 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1174]: pam_unix(cron:session): session closed for user root
Jun 26 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Failed password for invalid user admin from 45.156.87.13 port 53824 ssh2
Jun 26 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4236]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Connection closed by 45.156.87.13 port 53824 [preauth]
Jun 26 09:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: Invalid user claude from 45.156.87.13
Jun 26 09:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: input_userauth_request: invalid user claude [preauth]
Jun 26 09:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: Failed password for invalid user claude from 45.156.87.13 port 51830 ssh2
Jun 26 09:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: Connection closed by 45.156.87.13 port 51830 [preauth]
Jun 26 09:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Invalid user odoo16 from 45.156.87.13
Jun 26 09:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: input_userauth_request: invalid user odoo16 [preauth]
Jun 26 09:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Failed password for invalid user odoo16 from 45.156.87.13 port 51848 ssh2
Jun 26 09:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4527]: Connection closed by 45.156.87.13 port 51848 [preauth]
Jun 26 09:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: Failed password for root from 45.156.87.13 port 36738 ssh2
Jun 26 09:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4537]: Connection closed by 45.156.87.13 port 36738 [preauth]
Jun 26 09:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: Invalid user wizard from 45.156.87.13
Jun 26 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: input_userauth_request: invalid user wizard [preauth]
Jun 26 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: Failed password for invalid user wizard from 45.156.87.13 port 36740 ssh2
Jun 26 09:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: Connection closed by 45.156.87.13 port 36740 [preauth]
Jun 26 09:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 09:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Failed password for root from 87.251.79.125 port 37230 ssh2
Jun 26 09:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Connection closed by 87.251.79.125 port 37230 [preauth]
Jun 26 09:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Invalid user testuser from 45.156.87.13
Jun 26 09:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: input_userauth_request: invalid user testuser [preauth]
Jun 26 09:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Failed password for invalid user testuser from 45.156.87.13 port 43038 ssh2
Jun 26 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3163]: pam_unix(cron:session): session closed for user root
Jun 26 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Connection closed by 45.156.87.13 port 43038 [preauth]
Jun 26 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Invalid user www from 45.156.87.13
Jun 26 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: input_userauth_request: invalid user www [preauth]
Jun 26 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Failed password for invalid user www from 45.156.87.13 port 43046 ssh2
Jun 26 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Connection closed by 45.156.87.13 port 43046 [preauth]
Jun 26 09:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Invalid user prefect from 45.156.87.13
Jun 26 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: input_userauth_request: invalid user prefect [preauth]
Jun 26 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Failed password for invalid user prefect from 45.156.87.13 port 42768 ssh2
Jun 26 09:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Connection closed by 45.156.87.13 port 42768 [preauth]
Jun 26 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Invalid user gabriel from 45.156.87.13
Jun 26 09:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: input_userauth_request: invalid user gabriel [preauth]
Jun 26 09:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Failed password for invalid user gabriel from 45.156.87.13 port 37348 ssh2
Jun 26 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Connection closed by 45.156.87.13 port 37348 [preauth]
Jun 26 09:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Did not receive identification string from 91.92.40.49
Jun 26 09:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Failed password for root from 45.156.87.13 port 37366 ssh2
Jun 26 09:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Connection closed by 45.156.87.13 port 37366 [preauth]
Jun 26 09:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Invalid user test from 45.156.87.13
Jun 26 09:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: input_userauth_request: invalid user test [preauth]
Jun 26 09:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Failed password for invalid user test from 45.156.87.13 port 58544 ssh2
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Connection closed by 45.156.87.13 port 58544 [preauth]
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4771]: Successful su for rubyman by root
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4771]: + ??? root:rubyman
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595752 of user rubyman.
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4771]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595752.
Jun 26 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1784]: pam_unix(cron:session): session closed for user root
Jun 26 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Invalid user minecraft from 45.156.87.13
Jun 26 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: input_userauth_request: invalid user minecraft [preauth]
Jun 26 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4684]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Failed password for invalid user minecraft from 45.156.87.13 port 58560 ssh2
Jun 26 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Connection closed by 45.156.87.13 port 58560 [preauth]
Jun 26 09:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Invalid user hu from 45.156.87.13
Jun 26 09:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: input_userauth_request: invalid user hu [preauth]
Jun 26 09:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Failed password for invalid user hu from 45.156.87.13 port 43254 ssh2
Jun 26 09:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Connection closed by 45.156.87.13 port 43254 [preauth]
Jun 26 09:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Invalid user user from 45.156.87.13
Jun 26 09:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: input_userauth_request: invalid user user [preauth]
Jun 26 09:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Failed password for invalid user user from 45.156.87.13 port 43262 ssh2
Jun 26 09:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Connection closed by 45.156.87.13 port 43262 [preauth]
Jun 26 09:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: Invalid user appuser from 45.156.87.13
Jun 26 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: input_userauth_request: invalid user appuser [preauth]
Jun 26 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: Failed password for invalid user appuser from 45.156.87.13 port 33852 ssh2
Jun 26 09:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: Connection closed by 45.156.87.13 port 33852 [preauth]
Jun 26 09:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: Failed password for invalid user ubuntu from 45.156.87.13 port 60802 ssh2
Jun 26 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5105]: Connection closed by 45.156.87.13 port 60802 [preauth]
Jun 26 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3580]: pam_unix(cron:session): session closed for user root
Jun 26 09:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5124]: Failed password for root from 45.156.87.13 port 60806 ssh2
Jun 26 09:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5124]: Connection closed by 45.156.87.13 port 60806 [preauth]
Jun 26 09:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5080]: Failed password for root from 91.92.40.49 port 47828 ssh2
Jun 26 09:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5080]: Connection closed by 91.92.40.49 port 47828 [preauth]
Jun 26 09:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: Failed password for root from 45.156.87.13 port 36890 ssh2
Jun 26 09:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: Connection closed by 45.156.87.13 port 36890 [preauth]
Jun 26 09:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5175]: Invalid user ftpuser from 45.156.87.13
Jun 26 09:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5175]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 09:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5175]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5175]: Failed password for invalid user ftpuser from 45.156.87.13 port 36904 ssh2
Jun 26 09:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5175]: Connection closed by 45.156.87.13 port 36904 [preauth]
Jun 26 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Invalid user deploy from 43.159.51.254
Jun 26 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: input_userauth_request: invalid user deploy [preauth]
Jun 26 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Failed password for invalid user deploy from 43.159.51.254 port 35102 ssh2
Jun 26 09:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Received disconnect from 43.159.51.254 port 35102:11: Bye Bye [preauth]
Jun 26 09:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Disconnected from 43.159.51.254 port 35102 [preauth]
Jun 26 09:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: Invalid user testuser from 45.156.87.13
Jun 26 09:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: input_userauth_request: invalid user testuser [preauth]
Jun 26 09:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: Failed password for invalid user testuser from 45.156.87.13 port 42478 ssh2
Jun 26 09:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: Connection closed by 45.156.87.13 port 42478 [preauth]
Jun 26 09:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: Invalid user ecommerce from 45.156.87.13
Jun 26 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: input_userauth_request: invalid user ecommerce [preauth]
Jun 26 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 26 09:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: Failed password for invalid user ecommerce from 45.156.87.13 port 48858 ssh2
Jun 26 09:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5197]: Connection closed by 45.156.87.13 port 48858 [preauth]
Jun 26 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5199]: Failed password for root from 89.223.69.22 port 40916 ssh2
Jun 26 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5199]: Connection closed by 89.223.69.22 port 40916 [preauth]
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5276]: Successful su for rubyman by root
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5276]: + ??? root:rubyman
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595755 of user rubyman.
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5276]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595755.
Jun 26 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: User vncuser from 45.156.87.13 not allowed because not listed in AllowUsers
Jun 26 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: input_userauth_request: invalid user vncuser [preauth]
Jun 26 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=vncuser
Jun 26 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2289]: pam_unix(cron:session): session closed for user root
Jun 26 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for invalid user vncuser from 45.156.87.13 port 48868 ssh2
Jun 26 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Connection closed by 45.156.87.13 port 48868 [preauth]
Jun 26 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Invalid user user from 45.156.87.13
Jun 26 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: input_userauth_request: invalid user user [preauth]
Jun 26 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Failed password for invalid user user from 45.156.87.13 port 33568 ssh2
Jun 26 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Connection closed by 45.156.87.13 port 33568 [preauth]
Jun 26 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Invalid user steam from 45.156.87.13
Jun 26 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: input_userauth_request: invalid user steam [preauth]
Jun 26 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Failed password for invalid user steam from 45.156.87.13 port 33584 ssh2
Jun 26 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Connection closed by 45.156.87.13 port 33584 [preauth]
Jun 26 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5508]: Failed password for root from 45.156.87.13 port 60376 ssh2
Jun 26 09:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5508]: Connection closed by 45.156.87.13 port 60376 [preauth]
Jun 26 09:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: Invalid user neptune from 45.156.87.13
Jun 26 09:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: input_userauth_request: invalid user neptune [preauth]
Jun 26 09:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: Failed password for invalid user neptune from 45.156.87.13 port 60378 ssh2
Jun 26 09:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: Connection closed by 45.156.87.13 port 60378 [preauth]
Jun 26 09:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: Invalid user bot from 45.156.87.13
Jun 26 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: input_userauth_request: invalid user bot [preauth]
Jun 26 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: Failed password for invalid user bot from 45.156.87.13 port 54492 ssh2
Jun 26 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4239]: pam_unix(cron:session): session closed for user root
Jun 26 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: Connection closed by 45.156.87.13 port 54492 [preauth]
Jun 26 09:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: Failed password for root from 45.156.87.13 port 44170 ssh2
Jun 26 09:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: Connection closed by 45.156.87.13 port 44170 [preauth]
Jun 26 09:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Invalid user user2 from 45.156.87.13
Jun 26 09:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: input_userauth_request: invalid user user2 [preauth]
Jun 26 09:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Failed password for invalid user user2 from 45.156.87.13 port 44182 ssh2
Jun 26 09:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Connection closed by 45.156.87.13 port 44182 [preauth]
Jun 26 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Invalid user tomcat from 45.156.87.13
Jun 26 09:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: input_userauth_request: invalid user tomcat [preauth]
Jun 26 09:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Failed password for invalid user tomcat from 45.156.87.13 port 55608 ssh2
Jun 26 09:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Connection closed by 45.156.87.13 port 55608 [preauth]
Jun 26 09:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Invalid user rancher from 45.156.87.13
Jun 26 09:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: input_userauth_request: invalid user rancher [preauth]
Jun 26 09:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Failed password for invalid user rancher from 45.156.87.13 port 55612 ssh2
Jun 26 09:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Connection closed by 45.156.87.13 port 55612 [preauth]
Jun 26 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Invalid user admin from 45.156.87.13
Jun 26 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5641]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Failed password for invalid user admin from 45.156.87.13 port 50430 ssh2
Jun 26 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5703]: Successful su for rubyman by root
Jun 26 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5703]: + ??? root:rubyman
Jun 26 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595759 of user rubyman.
Jun 26 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5703]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595759.
Jun 26 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Connection closed by 45.156.87.13 port 50430 [preauth]
Jun 26 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2751]: pam_unix(cron:session): session closed for user root
Jun 26 09:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5642]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: Invalid user eric from 141.98.83.240
Jun 26 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: input_userauth_request: invalid user eric [preauth]
Jun 26 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Failed password for root from 45.156.87.13 port 50432 ssh2
Jun 26 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Connection closed by 45.156.87.13 port 50432 [preauth]
Jun 26 09:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: Failed password for invalid user eric from 141.98.83.240 port 21860 ssh2
Jun 26 09:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5895]: Invalid user admin123 from 45.156.87.13
Jun 26 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5895]: input_userauth_request: invalid user admin123 [preauth]
Jun 26 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5895]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: Failed password for invalid user eric from 141.98.83.240 port 21860 ssh2
Jun 26 09:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5895]: Failed password for invalid user admin123 from 45.156.87.13 port 38660 ssh2
Jun 26 09:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5895]: Connection closed by 45.156.87.13 port 38660 [preauth]
Jun 26 09:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: Failed password for invalid user eric from 141.98.83.240 port 21860 ssh2
Jun 26 09:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: Connection closed by 141.98.83.240 port 21860 [preauth]
Jun 26 09:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5885]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 09:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Invalid user data from 45.156.87.13
Jun 26 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: input_userauth_request: invalid user data [preauth]
Jun 26 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Failed password for invalid user data from 45.156.87.13 port 38664 ssh2
Jun 26 09:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Connection closed by 45.156.87.13 port 38664 [preauth]
Jun 26 09:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Failed password for root from 45.156.87.13 port 53250 ssh2
Jun 26 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Connection closed by 45.156.87.13 port 53250 [preauth]
Jun 26 09:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Invalid user packer from 45.156.87.13
Jun 26 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: input_userauth_request: invalid user packer [preauth]
Jun 26 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Failed password for invalid user packer from 45.156.87.13 port 44928 ssh2
Jun 26 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Connection closed by 45.156.87.13 port 44928 [preauth]
Jun 26 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4686]: pam_unix(cron:session): session closed for user root
Jun 26 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Failed password for root from 45.156.87.13 port 44930 ssh2
Jun 26 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Connection closed by 45.156.87.13 port 44930 [preauth]
Jun 26 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: Invalid user admin from 45.156.87.13
Jun 26 09:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: Failed password for invalid user admin from 45.156.87.13 port 44258 ssh2
Jun 26 09:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: Connection closed by 45.156.87.13 port 44258 [preauth]
Jun 26 09:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: Invalid user deployer from 45.156.87.13
Jun 26 09:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: input_userauth_request: invalid user deployer [preauth]
Jun 26 09:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: Invalid user bot from 91.92.40.49
Jun 26 09:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: input_userauth_request: invalid user bot [preauth]
Jun 26 09:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: Failed password for invalid user deployer from 45.156.87.13 port 44260 ssh2
Jun 26 09:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: Connection closed by 45.156.87.13 port 44260 [preauth]
Jun 26 09:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: Failed password for invalid user bot from 91.92.40.49 port 29920 ssh2
Jun 26 09:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: Connection closed by 91.92.40.49 port 29920 [preauth]
Jun 26 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Failed password for root from 45.156.87.13 port 56758 ssh2
Jun 26 09:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Connection closed by 45.156.87.13 port 56758 [preauth]
Jun 26 09:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6045]: Failed password for root from 45.156.87.13 port 55244 ssh2
Jun 26 09:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6045]: Connection closed by 45.156.87.13 port 55244 [preauth]
Jun 26 09:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6065]: pam_unix(cron:session): session closed for user root
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6060]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: Invalid user mohammad from 43.159.51.254
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: input_userauth_request: invalid user mohammad [preauth]
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6125]: Successful su for rubyman by root
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6125]: + ??? root:rubyman
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595764 of user rubyman.
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6125]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595764.
Jun 26 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: Invalid user master from 45.156.87.13
Jun 26 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: input_userauth_request: invalid user master [preauth]
Jun 26 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6062]: pam_unix(cron:session): session closed for user root
Jun 26 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: Failed password for invalid user mohammad from 43.159.51.254 port 46132 ssh2
Jun 26 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: Received disconnect from 43.159.51.254 port 46132:11: Bye Bye [preauth]
Jun 26 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: Disconnected from 43.159.51.254 port 46132 [preauth]
Jun 26 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3162]: pam_unix(cron:session): session closed for user root
Jun 26 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: Failed password for invalid user master from 45.156.87.13 port 55258 ssh2
Jun 26 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: Connection closed by 45.156.87.13 port 55258 [preauth]
Jun 26 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6061]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Invalid user rock from 45.156.87.13
Jun 26 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: input_userauth_request: invalid user rock [preauth]
Jun 26 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Failed password for invalid user rock from 45.156.87.13 port 57986 ssh2
Jun 26 09:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6338]: Connection closed by 45.156.87.13 port 57986 [preauth]
Jun 26 09:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Invalid user administrador from 91.92.40.49
Jun 26 09:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: input_userauth_request: invalid user administrador [preauth]
Jun 26 09:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Invalid user agent from 45.156.87.13
Jun 26 09:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: input_userauth_request: invalid user agent [preauth]
Jun 26 09:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Failed password for invalid user agent from 45.156.87.13 port 58000 ssh2
Jun 26 09:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Connection closed by 45.156.87.13 port 58000 [preauth]
Jun 26 09:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: Invalid user pi from 45.156.87.13
Jun 26 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: input_userauth_request: invalid user pi [preauth]
Jun 26 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Failed password for invalid user administrador from 91.92.40.49 port 33142 ssh2
Jun 26 09:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: Failed password for invalid user pi from 45.156.87.13 port 47756 ssh2
Jun 26 09:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: Connection closed by 45.156.87.13 port 47756 [preauth]
Jun 26 09:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Invalid user openclaw from 45.156.87.13
Jun 26 09:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: input_userauth_request: invalid user openclaw [preauth]
Jun 26 09:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Connection closed by 91.92.40.49 port 33142 [preauth]
Jun 26 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Failed password for invalid user openclaw from 45.156.87.13 port 45168 ssh2
Jun 26 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6401]: Connection closed by 45.156.87.13 port 45168 [preauth]
Jun 26 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Invalid user deployer from 45.156.87.13
Jun 26 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: input_userauth_request: invalid user deployer [preauth]
Jun 26 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5215]: pam_unix(cron:session): session closed for user root
Jun 26 09:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: Invalid user deployer from 91.92.40.49
Jun 26 09:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: input_userauth_request: invalid user deployer [preauth]
Jun 26 09:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Failed password for invalid user deployer from 45.156.87.13 port 45180 ssh2
Jun 26 09:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Connection closed by 45.156.87.13 port 45180 [preauth]
Jun 26 09:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Failed password for invalid user ubuntu from 45.156.87.13 port 48400 ssh2
Jun 26 09:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Connection closed by 45.156.87.13 port 48400 [preauth]
Jun 26 09:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: Failed password for invalid user deployer from 91.92.40.49 port 21220 ssh2
Jun 26 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Invalid user master from 45.156.87.13
Jun 26 09:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: input_userauth_request: invalid user master [preauth]
Jun 26 09:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Failed password for invalid user master from 45.156.87.13 port 48414 ssh2
Jun 26 09:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Connection closed by 45.156.87.13 port 48414 [preauth]
Jun 26 09:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: Connection closed by 91.92.40.49 port 21220 [preauth]
Jun 26 09:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Failed password for root from 91.92.40.49 port 58948 ssh2
Jun 26 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Invalid user dev from 45.156.87.13
Jun 26 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: input_userauth_request: invalid user dev [preauth]
Jun 26 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Failed password for invalid user dev from 45.156.87.13 port 49250 ssh2
Jun 26 09:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Connection closed by 45.156.87.13 port 49250 [preauth]
Jun 26 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: Invalid user jellyfin from 45.156.87.13
Jun 26 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: input_userauth_request: invalid user jellyfin [preauth]
Jun 26 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Connection closed by 91.92.40.49 port 58948 [preauth]
Jun 26 09:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: Failed password for invalid user jellyfin from 45.156.87.13 port 49270 ssh2
Jun 26 09:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: Connection closed by 45.156.87.13 port 49270 [preauth]
Jun 26 09:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6515]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6578]: Successful su for rubyman by root
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6578]: + ??? root:rubyman
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595771 of user rubyman.
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6578]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595771.
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Invalid user testuser from 91.92.40.49
Jun 26 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: input_userauth_request: invalid user testuser [preauth]
Jun 26 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Failed password for root from 103.122.221.179 port 38718 ssh2
Jun 26 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Connection closed by 103.122.221.179 port 38718 [preauth]
Jun 26 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: Failed password for root from 45.156.87.13 port 37840 ssh2
Jun 26 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: Connection closed by 45.156.87.13 port 37840 [preauth]
Jun 26 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3579]: pam_unix(cron:session): session closed for user root
Jun 26 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: Invalid user ubuntu from 45.156.87.13
Jun 26 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: Failed password for invalid user ubuntu from 45.156.87.13 port 39418 ssh2
Jun 26 09:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: Connection closed by 45.156.87.13 port 39418 [preauth]
Jun 26 09:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Failed password for invalid user testuser from 91.92.40.49 port 26480 ssh2
Jun 26 09:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Invalid user admin from 139.19.117.131
Jun 26 09:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Invalid user oscar from 45.156.87.13
Jun 26 09:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: input_userauth_request: invalid user oscar [preauth]
Jun 26 09:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Connection closed by 91.92.40.49 port 26480 [preauth]
Jun 26 09:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Failed password for invalid user oscar from 45.156.87.13 port 39434 ssh2
Jun 26 09:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Connection closed by 45.156.87.13 port 39434 [preauth]
Jun 26 09:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: Invalid user test3 from 45.156.87.13
Jun 26 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: input_userauth_request: invalid user test3 [preauth]
Jun 26 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: Failed password for invalid user test3 from 45.156.87.13 port 49176 ssh2
Jun 26 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: Connection closed by 45.156.87.13 port 49176 [preauth]
Jun 26 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Connection closed by 139.19.117.131 port 46516 [preauth]
Jun 26 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Failed password for root from 91.92.40.49 port 47220 ssh2
Jun 26 09:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Invalid user nginx from 45.156.87.13
Jun 26 09:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: input_userauth_request: invalid user nginx [preauth]
Jun 26 09:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Failed password for invalid user nginx from 45.156.87.13 port 49190 ssh2
Jun 26 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6852]: Connection closed by 45.156.87.13 port 49190 [preauth]
Jun 26 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: Invalid user appuser from 45.156.87.13
Jun 26 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: input_userauth_request: invalid user appuser [preauth]
Jun 26 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5644]: pam_unix(cron:session): session closed for user root
Jun 26 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: Failed password for invalid user appuser from 45.156.87.13 port 43394 ssh2
Jun 26 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: Connection closed by 45.156.87.13 port 43394 [preauth]
Jun 26 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Connection closed by 91.92.40.49 port 47220 [preauth]
Jun 26 09:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Invalid user user from 45.156.87.13
Jun 26 09:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: input_userauth_request: invalid user user [preauth]
Jun 26 09:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Failed password for invalid user user from 45.156.87.13 port 37786 ssh2
Jun 26 09:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Connection closed by 45.156.87.13 port 37786 [preauth]
Jun 26 09:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Failed password for root from 45.156.87.13 port 37808 ssh2
Jun 26 09:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Connection closed by 45.156.87.13 port 37808 [preauth]
Jun 26 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Invalid user roberto from 91.92.40.49
Jun 26 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: input_userauth_request: invalid user roberto [preauth]
Jun 26 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Invalid user erp from 45.156.87.13
Jun 26 09:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: input_userauth_request: invalid user erp [preauth]
Jun 26 09:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Failed password for invalid user erp from 45.156.87.13 port 54866 ssh2
Jun 26 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Connection closed by 45.156.87.13 port 54866 [preauth]
Jun 26 09:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 09:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: Failed password for root from 147.45.199.80 port 37316 ssh2
Jun 26 09:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6938]: Connection closed by 147.45.199.80 port 37316 [preauth]
Jun 26 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6954]: Invalid user teamspeak from 45.156.87.13
Jun 26 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6954]: input_userauth_request: invalid user teamspeak [preauth]
Jun 26 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6954]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Invalid user user from 91.92.40.49
Jun 26 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: input_userauth_request: invalid user user [preauth]
Jun 26 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6954]: Failed password for invalid user teamspeak from 45.156.87.13 port 54872 ssh2
Jun 26 09:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6954]: Connection closed by 45.156.87.13 port 54872 [preauth]
Jun 26 09:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Failed password for invalid user roberto from 91.92.40.49 port 14678 ssh2
Jun 26 09:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Invalid user toto from 45.156.87.13
Jun 26 09:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: input_userauth_request: invalid user toto [preauth]
Jun 26 09:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6978]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6975]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7120]: Successful su for rubyman by root
Jun 26 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7120]: + ??? root:rubyman
Jun 26 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595775 of user rubyman.
Jun 26 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7120]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595775.
Jun 26 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Failed password for invalid user toto from 45.156.87.13 port 41012 ssh2
Jun 26 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Connection closed by 45.156.87.13 port 41012 [preauth]
Jun 26 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 26 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Failed password for root from 193.46.255.86 port 3226 ssh2
Jun 26 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4238]: pam_unix(cron:session): session closed for user root
Jun 26 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Failed password for invalid user user from 91.92.40.49 port 54858 ssh2
Jun 26 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6976]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Invalid user tester from 45.156.87.13
Jun 26 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: input_userauth_request: invalid user tester [preauth]
Jun 26 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Connection closed by 91.92.40.49 port 14678 [preauth]
Jun 26 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Failed password for root from 193.46.255.86 port 3226 ssh2
Jun 26 09:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Failed password for invalid user tester from 45.156.87.13 port 41020 ssh2
Jun 26 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Failed password for root from 193.46.255.86 port 3226 ssh2
Jun 26 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Connection closed by 45.156.87.13 port 41020 [preauth]
Jun 26 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Connection closed by 193.46.255.86 port 3226 [preauth]
Jun 26 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 26 09:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Invalid user runner from 45.156.87.13
Jun 26 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: input_userauth_request: invalid user runner [preauth]
Jun 26 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Failed password for invalid user runner from 45.156.87.13 port 42684 ssh2
Jun 26 09:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Connection closed by 45.156.87.13 port 42684 [preauth]
Jun 26 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Invalid user puppet from 43.159.51.254
Jun 26 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: input_userauth_request: invalid user puppet [preauth]
Jun 26 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Invalid user gg from 45.156.87.13
Jun 26 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: input_userauth_request: invalid user gg [preauth]
Jun 26 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Failed password for invalid user puppet from 43.159.51.254 port 57348 ssh2
Jun 26 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Received disconnect from 43.159.51.254 port 57348:11: Bye Bye [preauth]
Jun 26 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Disconnected from 43.159.51.254 port 57348 [preauth]
Jun 26 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Connection closed by 91.92.40.49 port 54858 [preauth]
Jun 26 09:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Failed password for invalid user gg from 45.156.87.13 port 55706 ssh2
Jun 26 09:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Connection closed by 45.156.87.13 port 55706 [preauth]
Jun 26 09:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: Invalid user user from 45.156.87.13
Jun 26 09:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: input_userauth_request: invalid user user [preauth]
Jun 26 09:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: Failed password for invalid user user from 45.156.87.13 port 55712 ssh2
Jun 26 09:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7357]: Connection closed by 45.156.87.13 port 55712 [preauth]
Jun 26 09:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: Invalid user test from 91.92.40.49
Jun 26 09:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: input_userauth_request: invalid user test [preauth]
Jun 26 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Invalid user minecraft from 45.156.87.13
Jun 26 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: input_userauth_request: invalid user minecraft [preauth]
Jun 26 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Failed password for invalid user minecraft from 45.156.87.13 port 34754 ssh2
Jun 26 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Connection closed by 45.156.87.13 port 34754 [preauth]
Jun 26 09:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6064]: pam_unix(cron:session): session closed for user root
Jun 26 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Failed password for root from 45.156.87.13 port 34756 ssh2
Jun 26 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Connection closed by 45.156.87.13 port 34756 [preauth]
Jun 26 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Invalid user deployer from 45.156.87.13
Jun 26 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: input_userauth_request: invalid user deployer [preauth]
Jun 26 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Failed password for invalid user deployer from 45.156.87.13 port 40858 ssh2
Jun 26 09:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7436]: Connection closed by 45.156.87.13 port 40858 [preauth]
Jun 26 09:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: Failed password for invalid user test from 91.92.40.49 port 17006 ssh2
Jun 26 09:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Invalid user fa from 45.156.87.13
Jun 26 09:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: input_userauth_request: invalid user fa [preauth]
Jun 26 09:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Failed password for invalid user fa from 45.156.87.13 port 40874 ssh2
Jun 26 09:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Connection closed by 45.156.87.13 port 40874 [preauth]
Jun 26 09:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Invalid user claude from 45.156.87.13
Jun 26 09:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: input_userauth_request: invalid user claude [preauth]
Jun 26 09:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Failed password for invalid user claude from 45.156.87.13 port 35428 ssh2
Jun 26 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Connection closed by 45.156.87.13 port 35428 [preauth]
Jun 26 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Invalid user testuser from 91.92.40.49
Jun 26 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: input_userauth_request: invalid user testuser [preauth]
Jun 26 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Invalid user admin1 from 45.156.87.13
Jun 26 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: input_userauth_request: invalid user admin1 [preauth]
Jun 26 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Failed password for invalid user admin1 from 45.156.87.13 port 40608 ssh2
Jun 26 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Connection closed by 45.156.87.13 port 40608 [preauth]
Jun 26 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: Connection closed by 91.92.40.49 port 17006 [preauth]
Jun 26 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Invalid user cloud from 91.92.40.49
Jun 26 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: input_userauth_request: invalid user cloud [preauth]
Jun 26 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7497]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7498]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7557]: Successful su for rubyman by root
Jun 26 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7557]: + ??? root:rubyman
Jun 26 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595779 of user rubyman.
Jun 26 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7557]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595779.
Jun 26 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Invalid user ftpuser from 45.156.87.13
Jun 26 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Failed password for invalid user ftpuser from 45.156.87.13 port 40612 ssh2
Jun 26 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4685]: pam_unix(cron:session): session closed for user root
Jun 26 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Connection closed by 45.156.87.13 port 40612 [preauth]
Jun 26 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7496]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: Invalid user kipt from 45.156.87.13
Jun 26 09:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: input_userauth_request: invalid user kipt [preauth]
Jun 26 09:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Failed password for invalid user testuser from 91.92.40.49 port 49842 ssh2
Jun 26 09:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: Failed password for invalid user kipt from 45.156.87.13 port 54916 ssh2
Jun 26 09:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: Connection closed by 45.156.87.13 port 54916 [preauth]
Jun 26 09:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Failed password for invalid user cloud from 91.92.40.49 port 49850 ssh2
Jun 26 09:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7852]: Failed password for root from 45.156.87.13 port 54928 ssh2
Jun 26 09:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7852]: Connection closed by 45.156.87.13 port 54928 [preauth]
Jun 26 09:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: Failed password for root from 45.156.87.13 port 56996 ssh2
Jun 26 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7874]: Connection closed by 45.156.87.13 port 56996 [preauth]
Jun 26 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: Failed password for invalid user ubuntu from 91.92.40.49 port 47662 ssh2
Jun 26 09:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Connection closed by 91.92.40.49 port 49842 [preauth]
Jun 26 09:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: Failed password for root from 45.156.87.13 port 57008 ssh2
Jun 26 09:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: Connection closed by 45.156.87.13 port 57008 [preauth]
Jun 26 09:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Invalid user fastuser from 45.156.87.13
Jun 26 09:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: input_userauth_request: invalid user fastuser [preauth]
Jun 26 09:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Connection closed by 91.92.40.49 port 49850 [preauth]
Jun 26 09:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Failed password for invalid user fastuser from 45.156.87.13 port 48420 ssh2
Jun 26 09:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Connection closed by 45.156.87.13 port 48420 [preauth]
Jun 26 09:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: Invalid user deploy from 91.92.40.49
Jun 26 09:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: input_userauth_request: invalid user deploy [preauth]
Jun 26 09:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6515]: pam_unix(cron:session): session closed for user root
Jun 26 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: Invalid user alex from 45.156.87.13
Jun 26 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: input_userauth_request: invalid user alex [preauth]
Jun 26 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: Failed password for invalid user alex from 45.156.87.13 port 48434 ssh2
Jun 26 09:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: Connection closed by 45.156.87.13 port 48434 [preauth]
Jun 26 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: Connection closed by 91.92.40.49 port 47662 [preauth]
Jun 26 09:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Invalid user security from 45.156.87.13
Jun 26 09:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: input_userauth_request: invalid user security [preauth]
Jun 26 09:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Failed password for invalid user security from 45.156.87.13 port 40086 ssh2
Jun 26 09:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Connection closed by 45.156.87.13 port 40086 [preauth]
Jun 26 09:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: Invalid user vagrant from 45.156.87.13
Jun 26 09:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: input_userauth_request: invalid user vagrant [preauth]
Jun 26 09:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: Failed password for invalid user vagrant from 45.156.87.13 port 40112 ssh2
Jun 26 09:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: Connection closed by 45.156.87.13 port 40112 [preauth]
Jun 26 09:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: Invalid user frank from 45.156.87.13
Jun 26 09:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: input_userauth_request: invalid user frank [preauth]
Jun 26 09:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: Failed password for invalid user frank from 45.156.87.13 port 59430 ssh2
Jun 26 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: Connection closed by 45.156.87.13 port 59430 [preauth]
Jun 26 09:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: Failed password for invalid user deploy from 91.92.40.49 port 17000 ssh2
Jun 26 09:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: Failed password for root from 45.156.87.13 port 59446 ssh2
Jun 26 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: Connection closed by 45.156.87.13 port 59446 [preauth]
Jun 26 09:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8009]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Invalid user user from 45.156.87.13
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: input_userauth_request: invalid user user [preauth]
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8071]: Successful su for rubyman by root
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8071]: + ??? root:rubyman
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595782 of user rubyman.
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8071]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595782.
Jun 26 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Failed password for invalid user user from 45.156.87.13 port 37352 ssh2
Jun 26 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Connection closed by 45.156.87.13 port 37352 [preauth]
Jun 26 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session closed for user root
Jun 26 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: Connection closed by 91.92.40.49 port 17000 [preauth]
Jun 26 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Invalid user minecraft from 91.92.40.49
Jun 26 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: input_userauth_request: invalid user minecraft [preauth]
Jun 26 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8010]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Invalid user centreon from 91.92.40.49
Jun 26 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: input_userauth_request: invalid user centreon [preauth]
Jun 26 09:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8255]: Failed password for root from 45.156.87.13 port 37366 ssh2
Jun 26 09:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8255]: Connection closed by 45.156.87.13 port 37366 [preauth]
Jun 26 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Failed password for root from 91.92.40.49 port 10414 ssh2
Jun 26 09:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: User nobody from 45.156.87.13 not allowed because not listed in AllowUsers
Jun 26 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: input_userauth_request: invalid user nobody [preauth]
Jun 26 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=nobody
Jun 26 09:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: Failed password for invalid user nobody from 45.156.87.13 port 33150 ssh2
Jun 26 09:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8266]: Connection closed by 45.156.87.13 port 33150 [preauth]
Jun 26 09:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8289]: Invalid user bob from 45.156.87.13
Jun 26 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8289]: input_userauth_request: invalid user bob [preauth]
Jun 26 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8289]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: Invalid user drcom from 43.159.51.254
Jun 26 09:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: input_userauth_request: invalid user drcom [preauth]
Jun 26 09:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8289]: Failed password for invalid user bob from 45.156.87.13 port 39094 ssh2
Jun 26 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8289]: Connection closed by 45.156.87.13 port 39094 [preauth]
Jun 26 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: Failed password for invalid user drcom from 43.159.51.254 port 40168 ssh2
Jun 26 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: Received disconnect from 43.159.51.254 port 40168:11: Bye Bye [preauth]
Jun 26 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: Disconnected from 43.159.51.254 port 40168 [preauth]
Jun 26 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Failed password for invalid user minecraft from 91.92.40.49 port 10432 ssh2
Jun 26 09:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Failed password for root from 45.156.87.13 port 39108 ssh2
Jun 26 09:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Connection closed by 45.156.87.13 port 39108 [preauth]
Jun 26 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user centreon from 91.92.40.49 port 32136 ssh2
Jun 26 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Connection closed by 91.92.40.49 port 10414 [preauth]
Jun 26 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Failed password for root from 45.156.87.13 port 49186 ssh2
Jun 26 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Connection closed by 45.156.87.13 port 49186 [preauth]
Jun 26 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Invalid user app from 45.156.87.13
Jun 26 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: input_userauth_request: invalid user app [preauth]
Jun 26 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6978]: pam_unix(cron:session): session closed for user root
Jun 26 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Failed password for invalid user app from 45.156.87.13 port 49200 ssh2
Jun 26 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Connection closed by 45.156.87.13 port 49200 [preauth]
Jun 26 09:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Invalid user myuser from 45.156.87.13
Jun 26 09:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: input_userauth_request: invalid user myuser [preauth]
Jun 26 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Failed password for invalid user myuser from 45.156.87.13 port 36480 ssh2
Jun 26 09:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Connection closed by 45.156.87.13 port 36480 [preauth]
Jun 26 09:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Invalid user newuser from 45.156.87.13
Jun 26 09:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: input_userauth_request: invalid user newuser [preauth]
Jun 26 09:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Connection closed by 91.92.40.49 port 32136 [preauth]
Jun 26 09:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for invalid user newuser from 45.156.87.13 port 36484 ssh2
Jun 26 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Connection closed by 45.156.87.13 port 36484 [preauth]
Jun 26 09:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: Failed password for root from 45.156.87.13 port 36374 ssh2
Jun 26 09:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: Connection closed by 45.156.87.13 port 36374 [preauth]
Jun 26 09:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: Invalid user jenkins from 91.92.40.49
Jun 26 09:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: input_userauth_request: invalid user jenkins [preauth]
Jun 26 09:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8417]: Failed password for root from 45.156.87.13 port 36384 ssh2
Jun 26 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8417]: Connection closed by 45.156.87.13 port 36384 [preauth]
Jun 26 09:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Invalid user tom from 45.156.87.13
Jun 26 09:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: input_userauth_request: invalid user tom [preauth]
Jun 26 09:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Connection closed by 91.92.40.49 port 10432 [preauth]
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8441]: pam_unix(cron:session): session closed for user root
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8508]: Successful su for rubyman by root
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8508]: + ??? root:rubyman
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595785 of user rubyman.
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8508]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595785.
Jun 26 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Failed password for invalid user tom from 45.156.87.13 port 56266 ssh2
Jun 26 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Connection closed by 45.156.87.13 port 56266 [preauth]
Jun 26 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session closed for user root
Jun 26 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5643]: pam_unix(cron:session): session closed for user root
Jun 26 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: Invalid user es from 45.156.87.13
Jun 26 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: input_userauth_request: invalid user es [preauth]
Jun 26 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8436]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: Failed password for invalid user es from 45.156.87.13 port 56268 ssh2
Jun 26 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8678]: Connection closed by 45.156.87.13 port 56268 [preauth]
Jun 26 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Invalid user nutanix from 45.156.87.13
Jun 26 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: input_userauth_request: invalid user nutanix [preauth]
Jun 26 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Failed password for invalid user nutanix from 45.156.87.13 port 48460 ssh2
Jun 26 09:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Connection closed by 45.156.87.13 port 48460 [preauth]
Jun 26 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: Failed password for invalid user jenkins from 91.92.40.49 port 62638 ssh2
Jun 26 09:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Failed password for root from 45.156.87.13 port 48472 ssh2
Jun 26 09:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Connection closed by 45.156.87.13 port 48472 [preauth]
Jun 26 09:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: Invalid user deploy from 91.92.40.49
Jun 26 09:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: input_userauth_request: invalid user deploy [preauth]
Jun 26 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: Invalid user test1 from 45.156.87.13
Jun 26 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: input_userauth_request: invalid user test1 [preauth]
Jun 26 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: Failed password for invalid user test1 from 45.156.87.13 port 35090 ssh2
Jun 26 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8763]: Connection closed by 45.156.87.13 port 35090 [preauth]
Jun 26 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: Invalid user ethan from 45.156.87.13
Jun 26 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: input_userauth_request: invalid user ethan [preauth]
Jun 26 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: Failed password for invalid user ethan from 45.156.87.13 port 35118 ssh2
Jun 26 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8787]: Connection closed by 45.156.87.13 port 35118 [preauth]
Jun 26 09:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: Failed password for invalid user ubuntu from 91.92.40.49 port 44378 ssh2
Jun 26 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Failed password for root from 45.156.87.13 port 52716 ssh2
Jun 26 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8797]: Connection closed by 45.156.87.13 port 52716 [preauth]
Jun 26 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7498]: pam_unix(cron:session): session closed for user root
Jun 26 09:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Failed password for root from 45.156.87.13 port 52732 ssh2
Jun 26 09:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Connection closed by 45.156.87.13 port 52732 [preauth]
Jun 26 09:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8842]: Connection closed by 194.59.206.2 port 15866 [preauth]
Jun 26 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8844]: Invalid user claude from 45.156.87.13
Jun 26 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8844]: input_userauth_request: invalid user claude [preauth]
Jun 26 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8844]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: Failed password for invalid user deploy from 91.92.40.49 port 44426 ssh2
Jun 26 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8844]: Failed password for invalid user claude from 45.156.87.13 port 42836 ssh2
Jun 26 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8844]: Connection closed by 45.156.87.13 port 42836 [preauth]
Jun 26 09:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: Invalid user www from 45.156.87.13
Jun 26 09:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: input_userauth_request: invalid user www [preauth]
Jun 26 09:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: Failed password for invalid user www from 45.156.87.13 port 57350 ssh2
Jun 26 09:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: Connection closed by 45.156.87.13 port 57350 [preauth]
Jun 26 09:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Failed password for root from 91.92.40.49 port 59592 ssh2
Jun 26 09:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: Connection closed by 91.92.40.49 port 44378 [preauth]
Jun 26 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: Invalid user cloud from 45.156.87.13
Jun 26 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: input_userauth_request: invalid user cloud [preauth]
Jun 26 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: Failed password for invalid user cloud from 45.156.87.13 port 57370 ssh2
Jun 26 09:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: Connection closed by 45.156.87.13 port 57370 [preauth]
Jun 26 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: Invalid user gateway from 45.156.87.13
Jun 26 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: input_userauth_request: invalid user gateway [preauth]
Jun 26 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: Failed password for invalid user gateway from 45.156.87.13 port 51066 ssh2
Jun 26 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8891]: Connection closed by 45.156.87.13 port 51066 [preauth]
Jun 26 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8901]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8897]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8974]: Successful su for rubyman by root
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8974]: + ??? root:rubyman
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595791 of user rubyman.
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8974]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595791.
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Invalid user matt from 91.92.40.49
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: input_userauth_request: invalid user matt [preauth]
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: Invalid user deployer from 45.156.87.13
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: input_userauth_request: invalid user deployer [preauth]
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: Failed password for invalid user deployer from 45.156.87.13 port 51074 ssh2
Jun 26 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6063]: pam_unix(cron:session): session closed for user root
Jun 26 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: Connection closed by 45.156.87.13 port 51074 [preauth]
Jun 26 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: Connection closed by 91.92.40.49 port 44426 [preauth]
Jun 26 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8898]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: Invalid user aroy from 91.92.40.49
Jun 26 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: input_userauth_request: invalid user aroy [preauth]
Jun 26 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: Invalid user kafka from 45.156.87.13
Jun 26 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: input_userauth_request: invalid user kafka [preauth]
Jun 26 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: Failed password for invalid user kafka from 45.156.87.13 port 45622 ssh2
Jun 26 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9149]: Connection closed by 45.156.87.13 port 45622 [preauth]
Jun 26 09:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Connection closed by 91.92.40.49 port 59592 [preauth]
Jun 26 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: User ftp from 45.156.87.13 not allowed because not listed in AllowUsers
Jun 26 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: input_userauth_request: invalid user ftp [preauth]
Jun 26 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=ftp
Jun 26 09:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: Failed password for invalid user ftp from 45.156.87.13 port 45630 ssh2
Jun 26 09:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: Connection closed by 45.156.87.13 port 45630 [preauth]
Jun 26 09:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: Invalid user gitlab from 45.156.87.13
Jun 26 09:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: input_userauth_request: invalid user gitlab [preauth]
Jun 26 09:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: Failed password for invalid user gitlab from 45.156.87.13 port 42238 ssh2
Jun 26 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: Connection closed by 45.156.87.13 port 42238 [preauth]
Jun 26 09:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Failed password for invalid user matt from 91.92.40.49 port 62062 ssh2
Jun 26 09:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: Invalid user dev from 43.159.51.254
Jun 26 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: input_userauth_request: invalid user dev [preauth]
Jun 26 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: Failed password for root from 45.156.87.13 port 42242 ssh2
Jun 26 09:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9197]: Connection closed by 45.156.87.13 port 42242 [preauth]
Jun 26 09:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: Failed password for invalid user dev from 43.159.51.254 port 51276 ssh2
Jun 26 09:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: Received disconnect from 43.159.51.254 port 51276:11: Bye Bye [preauth]
Jun 26 09:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9199]: Disconnected from 43.159.51.254 port 51276 [preauth]
Jun 26 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: Failed password for invalid user aroy from 91.92.40.49 port 62112 ssh2
Jun 26 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Invalid user onkar from 45.156.87.13
Jun 26 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: input_userauth_request: invalid user onkar [preauth]
Jun 26 09:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Failed password for invalid user onkar from 45.156.87.13 port 58506 ssh2
Jun 26 09:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Connection closed by 45.156.87.13 port 58506 [preauth]
Jun 26 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Invalid user runner from 45.156.87.13
Jun 26 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: input_userauth_request: invalid user runner [preauth]
Jun 26 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Invalid user dmdba from 91.92.40.49
Jun 26 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: input_userauth_request: invalid user dmdba [preauth]
Jun 26 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8013]: pam_unix(cron:session): session closed for user root
Jun 26 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Failed password for invalid user runner from 45.156.87.13 port 58538 ssh2
Jun 26 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Connection closed by 45.156.87.13 port 58538 [preauth]
Jun 26 09:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: Invalid user student from 45.156.87.13
Jun 26 09:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: input_userauth_request: invalid user student [preauth]
Jun 26 09:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: Failed password for invalid user student from 45.156.87.13 port 58558 ssh2
Jun 26 09:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: Connection closed by 45.156.87.13 port 58558 [preauth]
Jun 26 09:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9281]: Invalid user labuser from 45.156.87.13
Jun 26 09:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9281]: input_userauth_request: invalid user labuser [preauth]
Jun 26 09:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9281]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9281]: Failed password for invalid user labuser from 45.156.87.13 port 39420 ssh2
Jun 26 09:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9281]: Connection closed by 45.156.87.13 port 39420 [preauth]
Jun 26 09:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: Failed password for root from 45.156.87.13 port 39430 ssh2
Jun 26 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: Connection closed by 45.156.87.13 port 39430 [preauth]
Jun 26 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Invalid user admin from 45.156.87.13
Jun 26 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Failed password for invalid user admin from 45.156.87.13 port 51638 ssh2
Jun 26 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Connection closed by 45.156.87.13 port 51638 [preauth]
Jun 26 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9201]: Did not receive identification string from 91.92.40.49
Jun 26 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Invalid user webuser from 45.156.87.13
Jun 26 09:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: input_userauth_request: invalid user webuser [preauth]
Jun 26 09:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Invalid user weblogic from 91.92.40.49
Jun 26 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: input_userauth_request: invalid user weblogic [preauth]
Jun 26 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Failed password for invalid user webuser from 45.156.87.13 port 51642 ssh2
Jun 26 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Connection closed by 45.156.87.13 port 51642 [preauth]
Jun 26 09:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: Failed password for root from 91.92.40.49 port 16204 ssh2
Jun 26 09:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: Connection closed by 91.92.40.49 port 16204 [preauth]
Jun 26 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Failed password for invalid user weblogic from 91.92.40.49 port 57208 ssh2
Jun 26 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Connection closed by 91.92.40.49 port 57208 [preauth]
Jun 26 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Invalid user jack from 45.156.87.13
Jun 26 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: input_userauth_request: invalid user jack [preauth]
Jun 26 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9343]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9341]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: Successful su for rubyman by root
Jun 26 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: + ??? root:rubyman
Jun 26 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595795 of user rubyman.
Jun 26 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595795.
Jun 26 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Failed password for invalid user jack from 45.156.87.13 port 47262 ssh2
Jun 26 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Connection closed by 45.156.87.13 port 47262 [preauth]
Jun 26 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session closed for user root
Jun 26 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Failed password for root from 91.92.40.49 port 53024 ssh2
Jun 26 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Connection closed by 91.92.40.49 port 53024 [preauth]
Jun 26 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Invalid user data from 45.156.87.13
Jun 26 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: input_userauth_request: invalid user data [preauth]
Jun 26 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9342]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Failed password for invalid user data from 45.156.87.13 port 47280 ssh2
Jun 26 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Connection closed by 45.156.87.13 port 47280 [preauth]
Jun 26 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Failed password for invalid user dmdba from 91.92.40.49 port 34532 ssh2
Jun 26 09:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: Failed password for root from 45.156.87.13 port 42378 ssh2
Jun 26 09:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: Connection closed by 45.156.87.13 port 42378 [preauth]
Jun 26 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: Invalid user main from 45.156.87.13
Jun 26 09:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: input_userauth_request: invalid user main [preauth]
Jun 26 09:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: Failed password for invalid user main from 45.156.87.13 port 42392 ssh2
Jun 26 09:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: Connection closed by 45.156.87.13 port 42392 [preauth]
Jun 26 09:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Invalid user username from 45.156.87.13
Jun 26 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: input_userauth_request: invalid user username [preauth]
Jun 26 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Failed password for invalid user username from 45.156.87.13 port 50202 ssh2
Jun 26 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Connection closed by 45.156.87.13 port 50202 [preauth]
Jun 26 09:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: Invalid user user3 from 45.156.87.13
Jun 26 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: input_userauth_request: invalid user user3 [preauth]
Jun 26 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: Failed password for invalid user user3 from 45.156.87.13 port 50206 ssh2
Jun 26 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: Connection closed by 45.156.87.13 port 50206 [preauth]
Jun 26 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Invalid user docker from 45.156.87.13
Jun 26 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: input_userauth_request: invalid user docker [preauth]
Jun 26 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Failed password for invalid user docker from 45.156.87.13 port 36228 ssh2
Jun 26 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Connection closed by 45.156.87.13 port 36228 [preauth]
Jun 26 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8440]: pam_unix(cron:session): session closed for user root
Jun 26 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: Failed password for invalid user ubuntu from 91.92.40.49 port 15680 ssh2
Jun 26 09:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Failed password for root from 45.156.87.13 port 36244 ssh2
Jun 26 09:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Connection closed by 45.156.87.13 port 36244 [preauth]
Jun 26 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: Invalid user cp from 91.92.40.49
Jun 26 09:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: input_userauth_request: invalid user cp [preauth]
Jun 26 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Failed password for root from 45.156.87.13 port 42790 ssh2
Jun 26 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Connection closed by 45.156.87.13 port 42790 [preauth]
Jun 26 09:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Invalid user ftpuser from 45.156.87.13
Jun 26 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Failed password for invalid user ftpuser from 45.156.87.13 port 43096 ssh2
Jun 26 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Connection closed by 45.156.87.13 port 43096 [preauth]
Jun 26 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Invalid user alex from 45.156.87.13
Jun 26 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: input_userauth_request: invalid user alex [preauth]
Jun 26 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9188]: Connection closed by 91.92.40.49 port 15680 [preauth]
Jun 26 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Failed password for invalid user alex from 45.156.87.13 port 43106 ssh2
Jun 26 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Connection closed by 45.156.87.13 port 43106 [preauth]
Jun 26 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9745]: Invalid user postgres from 45.156.87.13
Jun 26 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9745]: input_userauth_request: invalid user postgres [preauth]
Jun 26 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9745]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9745]: Failed password for invalid user postgres from 45.156.87.13 port 37100 ssh2
Jun 26 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9745]: Connection closed by 45.156.87.13 port 37100 [preauth]
Jun 26 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Invalid user user from 91.92.40.49
Jun 26 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: input_userauth_request: invalid user user [preauth]
Jun 26 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9761]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9760]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9758]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: Failed password for invalid user cp from 91.92.40.49 port 18114 ssh2
Jun 26 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9822]: Successful su for rubyman by root
Jun 26 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9822]: + ??? root:rubyman
Jun 26 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595799 of user rubyman.
Jun 26 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9822]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595799.
Jun 26 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Failed password for root from 45.156.87.13 port 37110 ssh2
Jun 26 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6977]: pam_unix(cron:session): session closed for user root
Jun 26 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Connection closed by 45.156.87.13 port 37110 [preauth]
Jun 26 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9759]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Invalid user student from 45.156.87.13
Jun 26 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: input_userauth_request: invalid user student [preauth]
Jun 26 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Invalid user administrator from 91.92.40.49
Jun 26 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: input_userauth_request: invalid user administrator [preauth]
Jun 26 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Failed password for invalid user student from 45.156.87.13 port 49576 ssh2
Jun 26 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10180]: Connection closed by 45.156.87.13 port 49576 [preauth]
Jun 26 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Failed password for invalid user user from 91.92.40.49 port 18124 ssh2
Jun 26 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: Failed password for root from 45.156.87.13 port 49580 ssh2
Jun 26 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10205]: Connection closed by 45.156.87.13 port 49580 [preauth]
Jun 26 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Invalid user test2 from 45.156.87.13
Jun 26 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: input_userauth_request: invalid user test2 [preauth]
Jun 26 09:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Failed password for invalid user test2 from 45.156.87.13 port 34728 ssh2
Jun 26 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Connection closed by 45.156.87.13 port 34728 [preauth]
Jun 26 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Failed password for invalid user administrator from 91.92.40.49 port 49050 ssh2
Jun 26 09:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: Connection closed by 91.92.40.49 port 18114 [preauth]
Jun 26 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Invalid user frappe from 45.156.87.13
Jun 26 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: input_userauth_request: invalid user frappe [preauth]
Jun 26 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Connection closed by 91.92.40.49 port 18124 [preauth]
Jun 26 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: Invalid user webuser from 91.92.40.49
Jun 26 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: input_userauth_request: invalid user webuser [preauth]
Jun 26 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Failed password for invalid user frappe from 45.156.87.13 port 34744 ssh2
Jun 26 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Connection closed by 45.156.87.13 port 34744 [preauth]
Jun 26 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Invalid user sam from 45.156.87.13
Jun 26 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: input_userauth_request: invalid user sam [preauth]
Jun 26 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10351]: Invalid user admin from 43.159.51.254
Jun 26 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10351]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10351]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Failed password for invalid user sam from 45.156.87.13 port 36874 ssh2
Jun 26 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Connection closed by 45.156.87.13 port 36874 [preauth]
Jun 26 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: Failed password for root from 103.27.238.120 port 56566 ssh2
Jun 26 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10351]: Failed password for invalid user admin from 43.159.51.254 port 34110 ssh2
Jun 26 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: Connection closed by 103.27.238.120 port 56566 [preauth]
Jun 26 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10351]: Received disconnect from 43.159.51.254 port 34110:11: Bye Bye [preauth]
Jun 26 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10351]: Disconnected from 43.159.51.254 port 34110 [preauth]
Jun 26 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8901]: pam_unix(cron:session): session closed for user root
Jun 26 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Connection closed by 91.92.40.49 port 49050 [preauth]
Jun 26 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Invalid user oscar from 45.156.87.13
Jun 26 09:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: input_userauth_request: invalid user oscar [preauth]
Jun 26 09:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Failed password for invalid user oscar from 45.156.87.13 port 36900 ssh2
Jun 26 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Connection closed by 45.156.87.13 port 36900 [preauth]
Jun 26 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: Failed password for invalid user webuser from 91.92.40.49 port 62376 ssh2
Jun 26 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Failed password for root from 45.156.87.13 port 33508 ssh2
Jun 26 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Connection closed by 45.156.87.13 port 33508 [preauth]
Jun 26 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: Invalid user dstserver from 91.92.40.49
Jun 26 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: input_userauth_request: invalid user dstserver [preauth]
Jun 26 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Invalid user hadoop from 45.156.87.13
Jun 26 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: input_userauth_request: invalid user hadoop [preauth]
Jun 26 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Failed password for invalid user hadoop from 45.156.87.13 port 33524 ssh2
Jun 26 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Connection closed by 45.156.87.13 port 33524 [preauth]
Jun 26 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Invalid user rdpuser from 45.156.87.13
Jun 26 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: input_userauth_request: invalid user rdpuser [preauth]
Jun 26 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: Connection closed by 91.92.40.49 port 62376 [preauth]
Jun 26 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Failed password for invalid user rdpuser from 45.156.87.13 port 48712 ssh2
Jun 26 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Connection closed by 45.156.87.13 port 48712 [preauth]
Jun 26 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: Failed password for invalid user dstserver from 91.92.40.49 port 19574 ssh2
Jun 26 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Invalid user rdpuser from 45.156.87.13
Jun 26 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: input_userauth_request: invalid user rdpuser [preauth]
Jun 26 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Failed password for invalid user rdpuser from 45.156.87.13 port 48730 ssh2
Jun 26 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Connection closed by 45.156.87.13 port 48730 [preauth]
Jun 26 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: Invalid user rdpuser from 45.156.87.13
Jun 26 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: input_userauth_request: invalid user rdpuser [preauth]
Jun 26 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: Failed password for invalid user rdpuser from 45.156.87.13 port 43308 ssh2
Jun 26 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10454]: Connection closed by 45.156.87.13 port 43308 [preauth]
Jun 26 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10528]: Successful su for rubyman by root
Jun 26 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10528]: + ??? root:rubyman
Jun 26 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595803 of user rubyman.
Jun 26 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10528]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595803.
Jun 26 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7497]: pam_unix(cron:session): session closed for user root
Jun 26 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Invalid user stack from 45.156.87.13
Jun 26 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: input_userauth_request: invalid user stack [preauth]
Jun 26 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Failed password for invalid user stack from 45.156.87.13 port 43314 ssh2
Jun 26 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Connection closed by 45.156.87.13 port 43314 [preauth]
Jun 26 09:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Invalid user pi from 45.156.87.13
Jun 26 09:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: input_userauth_request: invalid user pi [preauth]
Jun 26 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: Connection closed by 91.92.40.49 port 19574 [preauth]
Jun 26 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Failed password for invalid user pi from 45.156.87.13 port 51918 ssh2
Jun 26 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Connection closed by 45.156.87.13 port 51918 [preauth]
Jun 26 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Invalid user daniel from 45.156.87.13
Jun 26 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: input_userauth_request: invalid user daniel [preauth]
Jun 26 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Failed password for invalid user daniel from 45.156.87.13 port 51926 ssh2
Jun 26 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Connection closed by 45.156.87.13 port 51926 [preauth]
Jun 26 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Failed password for root from 45.156.87.13 port 52680 ssh2
Jun 26 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Connection closed by 45.156.87.13 port 52680 [preauth]
Jun 26 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: Failed password for root from 91.92.40.49 port 21858 ssh2
Jun 26 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Invalid user mcserver from 45.156.87.13
Jun 26 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: input_userauth_request: invalid user mcserver [preauth]
Jun 26 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Failed password for invalid user mcserver from 45.156.87.13 port 52696 ssh2
Jun 26 09:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Connection closed by 45.156.87.13 port 52696 [preauth]
Jun 26 09:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Invalid user redhat from 45.156.87.13
Jun 26 09:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: input_userauth_request: invalid user redhat [preauth]
Jun 26 09:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Failed password for root from 103.153.68.219 port 55490 ssh2
Jun 26 09:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Connection closed by 103.153.68.219 port 55490 [preauth]
Jun 26 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Failed password for invalid user redhat from 45.156.87.13 port 43856 ssh2
Jun 26 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Connection closed by 45.156.87.13 port 43856 [preauth]
Jun 26 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9344]: pam_unix(cron:session): session closed for user root
Jun 26 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Failed password for root from 45.156.87.13 port 43862 ssh2
Jun 26 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Connection closed by 45.156.87.13 port 43862 [preauth]
Jun 26 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: Connection closed by 91.92.40.49 port 21858 [preauth]
Jun 26 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10844]: Invalid user hamed from 45.156.87.13
Jun 26 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10844]: input_userauth_request: invalid user hamed [preauth]
Jun 26 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10844]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10844]: Failed password for invalid user hamed from 45.156.87.13 port 49022 ssh2
Jun 26 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10844]: Connection closed by 45.156.87.13 port 49022 [preauth]
Jun 26 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: Invalid user openclaw from 45.156.87.13
Jun 26 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: input_userauth_request: invalid user openclaw [preauth]
Jun 26 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: Failed password for invalid user openclaw from 45.156.87.13 port 49030 ssh2
Jun 26 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: Connection closed by 45.156.87.13 port 49030 [preauth]
Jun 26 09:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: Invalid user kafka from 91.92.40.49
Jun 26 09:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: input_userauth_request: invalid user kafka [preauth]
Jun 26 09:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Invalid user claude from 45.156.87.13
Jun 26 09:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: input_userauth_request: invalid user claude [preauth]
Jun 26 09:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Failed password for invalid user claude from 45.156.87.13 port 39088 ssh2
Jun 26 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Connection closed by 45.156.87.13 port 39088 [preauth]
Jun 26 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Failed password for root from 45.156.87.13 port 39106 ssh2
Jun 26 09:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Connection closed by 45.156.87.13 port 39106 [preauth]
Jun 26 09:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: Invalid user claude from 91.92.40.49
Jun 26 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: input_userauth_request: invalid user claude [preauth]
Jun 26 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: Invalid user jenkins from 45.156.87.13
Jun 26 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: input_userauth_request: invalid user jenkins [preauth]
Jun 26 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: Failed password for invalid user jenkins from 45.156.87.13 port 45954 ssh2
Jun 26 09:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: Connection closed by 45.156.87.13 port 45954 [preauth]
Jun 26 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10924]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10921]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10924]: pam_unix(cron:session): session closed for user root
Jun 26 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10919]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10992]: Successful su for rubyman by root
Jun 26 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10992]: + ??? root:rubyman
Jun 26 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10992]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595808 of user rubyman.
Jun 26 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10992]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595808.
Jun 26 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10921]: pam_unix(cron:session): session closed for user root
Jun 26 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Invalid user user from 45.156.87.13
Jun 26 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: input_userauth_request: invalid user user [preauth]
Jun 26 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8011]: pam_unix(cron:session): session closed for user root
Jun 26 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Failed password for invalid user user from 45.156.87.13 port 45968 ssh2
Jun 26 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Connection closed by 45.156.87.13 port 45968 [preauth]
Jun 26 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10920]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: User mysql from 45.156.87.13 not allowed because not listed in AllowUsers
Jun 26 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: input_userauth_request: invalid user mysql [preauth]
Jun 26 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=mysql
Jun 26 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: Failed password for invalid user kafka from 91.92.40.49 port 51746 ssh2
Jun 26 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Failed password for invalid user mysql from 45.156.87.13 port 49594 ssh2
Jun 26 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Connection closed by 45.156.87.13 port 49594 [preauth]
Jun 26 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Invalid user opc from 45.156.87.13
Jun 26 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: input_userauth_request: invalid user opc [preauth]
Jun 26 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Failed password for invalid user opc from 45.156.87.13 port 49602 ssh2
Jun 26 09:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Connection closed by 45.156.87.13 port 49602 [preauth]
Jun 26 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: Invalid user pi from 45.156.87.13
Jun 26 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: input_userauth_request: invalid user pi [preauth]
Jun 26 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: Failed password for invalid user ubuntu from 91.92.40.49 port 51794 ssh2
Jun 26 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: Failed password for invalid user pi from 45.156.87.13 port 36960 ssh2
Jun 26 09:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: Connection closed by 45.156.87.13 port 36960 [preauth]
Jun 26 09:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: Failed password for invalid user claude from 91.92.40.49 port 20768 ssh2
Jun 26 09:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11260]: Invalid user ducc0x from 45.156.87.13
Jun 26 09:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11260]: input_userauth_request: invalid user ducc0x [preauth]
Jun 26 09:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11260]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13
Jun 26 09:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11260]: Failed password for invalid user ducc0x from 45.156.87.13 port 36976 ssh2
Jun 26 09:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11260]: Connection closed by 45.156.87.13 port 36976 [preauth]
Jun 26 09:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.87.13  user=root
Jun 26 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Failed password for root from 45.156.87.13 port 51092 ssh2
Jun 26 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Connection closed by 45.156.87.13 port 51092 [preauth]
Jun 26 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10429]: Connection closed by 91.92.40.49 port 51746 [preauth]
Jun 26 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Connection reset by 45.156.87.13 port 51114 [preauth]
Jun 26 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9761]: pam_unix(cron:session): session closed for user root
Jun 26 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: Failed password for root from 43.159.51.254 port 45150 ssh2
Jun 26 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: Received disconnect from 43.159.51.254 port 45150:11: Bye Bye [preauth]
Jun 26 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11318]: Disconnected from 43.159.51.254 port 45150 [preauth]
Jun 26 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10441]: Connection closed by 91.92.40.49 port 51794 [preauth]
Jun 26 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: Connection closed by 91.92.40.49 port 20768 [preauth]
Jun 26 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Invalid user aaa from 91.92.40.49
Jun 26 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: input_userauth_request: invalid user aaa [preauth]
Jun 26 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: Invalid user testuser from 91.92.40.49
Jun 26 09:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: input_userauth_request: invalid user testuser [preauth]
Jun 26 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Failed password for invalid user aaa from 91.92.40.49 port 11672 ssh2
Jun 26 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11384]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11461]: Successful su for rubyman by root
Jun 26 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11461]: + ??? root:rubyman
Jun 26 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595814 of user rubyman.
Jun 26 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11461]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595814.
Jun 26 09:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8439]: pam_unix(cron:session): session closed for user root
Jun 26 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11385]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: Failed password for invalid user testuser from 91.92.40.49 port 22902 ssh2
Jun 26 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10812]: Connection closed by 91.92.40.49 port 11672 [preauth]
Jun 26 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: Failed password for invalid user ubuntu from 91.92.40.49 port 46252 ssh2
Jun 26 09:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: Connection closed by 91.92.40.49 port 22902 [preauth]
Jun 26 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Failed password for root from 91.92.40.49 port 44922 ssh2
Jun 26 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: Connection closed by 91.92.40.49 port 46252 [preauth]
Jun 26 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session closed for user root
Jun 26 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Connection closed by 91.92.40.49 port 44922 [preauth]
Jun 26 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 09:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: Failed password for root from 80.66.85.226 port 36678 ssh2
Jun 26 09:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: Connection closed by 80.66.85.226 port 36678 [preauth]
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11838]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11836]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11906]: Successful su for rubyman by root
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11906]: + ??? root:rubyman
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595817 of user rubyman.
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11906]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595817.
Jun 26 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8899]: pam_unix(cron:session): session closed for user root
Jun 26 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11837]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Invalid user runner from 91.92.40.49
Jun 26 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: input_userauth_request: invalid user runner [preauth]
Jun 26 09:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: Failed password for invalid user ubuntu from 91.92.40.49 port 25536 ssh2
Jun 26 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: Invalid user test from 91.92.40.49
Jun 26 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: input_userauth_request: invalid user test [preauth]
Jun 26 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Failed password for invalid user runner from 91.92.40.49 port 26478 ssh2
Jun 26 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10923]: pam_unix(cron:session): session closed for user root
Jun 26 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: Connection closed by 91.92.40.49 port 25536 [preauth]
Jun 26 09:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: Failed password for invalid user test from 91.92.40.49 port 26496 ssh2
Jun 26 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Connection closed by 91.92.40.49 port 26478 [preauth]
Jun 26 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: Failed password for root from 43.159.51.254 port 56254 ssh2
Jun 26 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: Received disconnect from 43.159.51.254 port 56254:11: Bye Bye [preauth]
Jun 26 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: Disconnected from 43.159.51.254 port 56254 [preauth]
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12396]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12465]: Successful su for rubyman by root
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12465]: + ??? root:rubyman
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595821 of user rubyman.
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12465]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595821.
Jun 26 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: Connection closed by 91.92.40.49 port 26496 [preauth]
Jun 26 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9343]: pam_unix(cron:session): session closed for user root
Jun 26 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12398]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Failed password for root from 91.92.40.49 port 61976 ssh2
Jun 26 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: Invalid user pi from 91.92.40.49
Jun 26 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: input_userauth_request: invalid user pi [preauth]
Jun 26 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Invalid user monitor from 91.92.40.49
Jun 26 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: input_userauth_request: invalid user monitor [preauth]
Jun 26 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Connection closed by 91.92.40.49 port 61976 [preauth]
Jun 26 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: Invalid user botuser from 91.92.40.49
Jun 26 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: input_userauth_request: invalid user botuser [preauth]
Jun 26 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: Failed password for invalid user pi from 91.92.40.49 port 61492 ssh2
Jun 26 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11387]: pam_unix(cron:session): session closed for user root
Jun 26 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Failed password for invalid user monitor from 91.92.40.49 port 26182 ssh2
Jun 26 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: Invalid user deployer from 91.92.40.49
Jun 26 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: input_userauth_request: invalid user deployer [preauth]
Jun 26 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: Failed password for invalid user botuser from 91.92.40.49 port 26190 ssh2
Jun 26 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: Connection closed by 91.92.40.49 port 61492 [preauth]
Jun 26 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Connection closed by 91.92.40.49 port 26182 [preauth]
Jun 26 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: Connection closed by 91.92.40.49 port 26190 [preauth]
Jun 26 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: Failed password for invalid user deployer from 91.92.40.49 port 31934 ssh2
Jun 26 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: Connection closed by 91.92.40.49 port 31934 [preauth]
Jun 26 09:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12810]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: Successful su for rubyman by root
Jun 26 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: + ??? root:rubyman
Jun 26 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595825 of user rubyman.
Jun 26 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595825.
Jun 26 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12808]: pam_unix(cron:session): session closed for user root
Jun 26 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9760]: pam_unix(cron:session): session closed for user root
Jun 26 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12811]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: Failed password for root from 91.92.40.49 port 59360 ssh2
Jun 26 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: Invalid user devops from 91.92.40.49
Jun 26 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: input_userauth_request: invalid user devops [preauth]
Jun 26 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: Connection closed by 91.92.40.49 port 59360 [preauth]
Jun 26 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: Failed password for root from 38.93.206.2 port 52502 ssh2
Jun 26 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13219]: Connection closed by 38.93.206.2 port 52502 [preauth]
Jun 26 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Invalid user elastic from 91.92.40.49
Jun 26 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: input_userauth_request: invalid user elastic [preauth]
Jun 26 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: Failed password for invalid user devops from 91.92.40.49 port 59392 ssh2
Jun 26 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11839]: pam_unix(cron:session): session closed for user root
Jun 26 09:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Failed password for invalid user elastic from 91.92.40.49 port 43044 ssh2
Jun 26 09:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: Connection closed by 91.92.40.49 port 59392 [preauth]
Jun 26 09:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Connection closed by 91.92.40.49 port 43044 [preauth]
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13328]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13330]: pam_unix(cron:session): session closed for user root
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13325]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13394]: Successful su for rubyman by root
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13394]: + ??? root:rubyman
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595834 of user rubyman.
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13394]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595834.
Jun 26 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13327]: pam_unix(cron:session): session closed for user root
Jun 26 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session closed for user root
Jun 26 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13326]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: Invalid user sam from 43.159.51.254
Jun 26 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: input_userauth_request: invalid user sam [preauth]
Jun 26 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: Failed password for invalid user sam from 43.159.51.254 port 39098 ssh2
Jun 26 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: Received disconnect from 43.159.51.254 port 39098:11: Bye Bye [preauth]
Jun 26 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: Disconnected from 43.159.51.254 port 39098 [preauth]
Jun 26 09:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Invalid user piyush from 91.92.40.49
Jun 26 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: input_userauth_request: invalid user piyush [preauth]
Jun 26 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: Invalid user elina from 91.92.40.49
Jun 26 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: input_userauth_request: invalid user elina [preauth]
Jun 26 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: Failed password for root from 91.92.40.49 port 27230 ssh2
Jun 26 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12401]: pam_unix(cron:session): session closed for user root
Jun 26 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Failed password for invalid user piyush from 91.92.40.49 port 32852 ssh2
Jun 26 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: Failed password for invalid user elina from 91.92.40.49 port 27246 ssh2
Jun 26 09:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Did not receive identification string from 91.92.40.49
Jun 26 09:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: Connection closed by 91.92.40.49 port 27230 [preauth]
Jun 26 09:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Connection closed by 91.92.40.49 port 32852 [preauth]
Jun 26 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13271]: Connection closed by 91.92.40.49 port 27246 [preauth]
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13768]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13765]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13840]: Successful su for rubyman by root
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13840]: + ??? root:rubyman
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595837 of user rubyman.
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13840]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595837.
Jun 26 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10922]: pam_unix(cron:session): session closed for user root
Jun 26 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13766]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Invalid user debian from 91.92.40.49
Jun 26 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: input_userauth_request: invalid user debian [preauth]
Jun 26 09:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: Did not receive identification string from 80.94.92.234
Jun 26 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Failed password for invalid user debian from 91.92.40.49 port 27826 ssh2
Jun 26 09:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Invalid user mostafa from 91.92.40.49
Jun 26 09:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: input_userauth_request: invalid user mostafa [preauth]
Jun 26 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12813]: pam_unix(cron:session): session closed for user root
Jun 26 09:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Connection closed by 91.92.40.49 port 27826 [preauth]
Jun 26 09:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Failed password for invalid user mostafa from 91.92.40.49 port 55816 ssh2
Jun 26 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: Failed password for root from 91.92.40.49 port 55846 ssh2
Jun 26 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14186]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14187]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14244]: Successful su for rubyman by root
Jun 26 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14244]: + ??? root:rubyman
Jun 26 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595842 of user rubyman.
Jun 26 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14244]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595842.
Jun 26 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11386]: pam_unix(cron:session): session closed for user root
Jun 26 09:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14185]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Connection closed by 91.92.40.49 port 55816 [preauth]
Jun 26 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: Connection closed by 91.92.40.49 port 55846 [preauth]
Jun 26 09:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Failed password for root from 43.159.51.254 port 50128 ssh2
Jun 26 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Received disconnect from 43.159.51.254 port 50128:11: Bye Bye [preauth]
Jun 26 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14444]: Disconnected from 43.159.51.254 port 50128 [preauth]
Jun 26 09:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Invalid user bitnami from 91.92.40.49
Jun 26 09:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: input_userauth_request: invalid user bitnami [preauth]
Jun 26 09:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13329]: pam_unix(cron:session): session closed for user root
Jun 26 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: Invalid user soporte from 91.92.40.49
Jun 26 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: input_userauth_request: invalid user soporte [preauth]
Jun 26 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 09:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Failed password for root from 77.94.47.83 port 55266 ssh2
Jun 26 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Failed password for invalid user bitnami from 91.92.40.49 port 62022 ssh2
Jun 26 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Connection closed by 77.94.47.83 port 55266 [preauth]
Jun 26 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Failed password for root from 91.92.40.49 port 27572 ssh2
Jun 26 09:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: Failed password for invalid user soporte from 91.92.40.49 port 27586 ssh2
Jun 26 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Connection closed by 91.92.40.49 port 62022 [preauth]
Jun 26 09:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: Invalid user headscale from 91.92.40.49
Jun 26 09:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: input_userauth_request: invalid user headscale [preauth]
Jun 26 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: Successful su for rubyman by root
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: + ??? root:rubyman
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595845 of user rubyman.
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595845.
Jun 26 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11838]: pam_unix(cron:session): session closed for user root
Jun 26 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Connection closed by 91.92.40.49 port 27572 [preauth]
Jun 26 09:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14064]: Connection closed by 91.92.40.49 port 27586 [preauth]
Jun 26 09:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: Failed password for invalid user headscale from 91.92.40.49 port 14222 ssh2
Jun 26 09:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Failed password for root from 91.92.40.49 port 37874 ssh2
Jun 26 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13768]: pam_unix(cron:session): session closed for user root
Jun 26 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: Connection closed by 91.92.40.49 port 14222 [preauth]
Jun 26 09:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Connection closed by 91.92.40.49 port 37874 [preauth]
Jun 26 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: Failed password for invalid user ubuntu from 91.92.40.49 port 44130 ssh2
Jun 26 09:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15069]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15137]: Successful su for rubyman by root
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15137]: + ??? root:rubyman
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595848 of user rubyman.
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15137]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595848.
Jun 26 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12400]: pam_unix(cron:session): session closed for user root
Jun 26 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: Connection closed by 91.92.40.49 port 44130 [preauth]
Jun 26 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Invalid user openclaw from 91.92.40.49
Jun 26 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: input_userauth_request: invalid user openclaw [preauth]
Jun 26 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14555]: Invalid user test from 91.92.40.49
Jun 26 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14555]: input_userauth_request: invalid user test [preauth]
Jun 26 09:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Invalid user hadoop from 91.92.40.49
Jun 26 09:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: input_userauth_request: invalid user hadoop [preauth]
Jun 26 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14555]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Failed password for invalid user openclaw from 91.92.40.49 port 50302 ssh2
Jun 26 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15383]: Failed password for root from 43.159.51.254 port 32930 ssh2
Jun 26 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15383]: Received disconnect from 43.159.51.254 port 32930:11: Bye Bye [preauth]
Jun 26 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15383]: Disconnected from 43.159.51.254 port 32930 [preauth]
Jun 26 09:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14555]: Failed password for invalid user test from 91.92.40.49 port 40334 ssh2
Jun 26 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14187]: pam_unix(cron:session): session closed for user root
Jun 26 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Failed password for invalid user hadoop from 91.92.40.49 port 40372 ssh2
Jun 26 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14577]: Connection closed by 91.92.40.49 port 50302 [preauth]
Jun 26 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: Invalid user alex from 91.92.40.49
Jun 26 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: input_userauth_request: invalid user alex [preauth]
Jun 26 09:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: Invalid user cc from 91.92.40.49
Jun 26 09:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: input_userauth_request: invalid user cc [preauth]
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15220]: Invalid user user1 from 91.92.40.49
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15220]: input_userauth_request: invalid user user1 [preauth]
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session closed for user root
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15476]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15543]: Successful su for rubyman by root
Jun 26 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15543]: + ??? root:rubyman
Jun 26 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595855 of user rubyman.
Jun 26 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15543]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595855.
Jun 26 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: Failed password for invalid user alex from 91.92.40.49 port 40678 ssh2
Jun 26 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15478]: pam_unix(cron:session): session closed for user root
Jun 26 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12812]: pam_unix(cron:session): session closed for user root
Jun 26 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15477]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: Failed password for invalid user cc from 91.92.40.49 port 40734 ssh2
Jun 26 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15220]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15220]: Failed password for invalid user user1 from 91.92.40.49 port 29018 ssh2
Jun 26 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Invalid user deployer from 91.92.40.49
Jun 26 09:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: input_userauth_request: invalid user deployer [preauth]
Jun 26 09:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: Connection closed by 91.92.40.49 port 40678 [preauth]
Jun 26 09:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: Connection closed by 91.92.40.49 port 40734 [preauth]
Jun 26 09:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15220]: Connection closed by 91.92.40.49 port 29018 [preauth]
Jun 26 09:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Failed password for invalid user deployer from 91.92.40.49 port 18002 ssh2
Jun 26 09:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session closed for user root
Jun 26 09:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Connection closed by 91.92.40.49 port 18002 [preauth]
Jun 26 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15906]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15904]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15968]: Successful su for rubyman by root
Jun 26 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15968]: + ??? root:rubyman
Jun 26 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595859 of user rubyman.
Jun 26 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15968]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595859.
Jun 26 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13328]: pam_unix(cron:session): session closed for user root
Jun 26 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15905]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: Failed password for root from 91.92.40.49 port 49862 ssh2
Jun 26 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15757]: Invalid user sasha from 91.92.40.49
Jun 26 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15757]: input_userauth_request: invalid user sasha [preauth]
Jun 26 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: Connection closed by 91.92.40.49 port 49862 [preauth]
Jun 26 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15757]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15757]: Failed password for invalid user sasha from 91.92.40.49 port 26610 ssh2
Jun 26 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: Invalid user claude from 91.92.40.49
Jun 26 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: input_userauth_request: invalid user claude [preauth]
Jun 26 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15757]: Connection closed by 91.92.40.49 port 26610 [preauth]
Jun 26 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session closed for user root
Jun 26 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: Failed password for invalid user claude from 91.92.40.49 port 34800 ssh2
Jun 26 09:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 09:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: Failed password for root from 43.159.51.254 port 44022 ssh2
Jun 26 09:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: Received disconnect from 43.159.51.254 port 44022:11: Bye Bye [preauth]
Jun 26 09:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: Disconnected from 43.159.51.254 port 44022 [preauth]
Jun 26 09:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Failed password for root from 91.92.40.49 port 49876 ssh2
Jun 26 09:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Connection closed by 91.92.40.49 port 49876 [preauth]
Jun 26 09:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: Invalid user mh from 91.92.40.49
Jun 26 09:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: input_userauth_request: invalid user mh [preauth]
Jun 26 09:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: Did not receive identification string from 91.92.40.49
Jun 26 09:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Invalid user guest from 91.92.40.49
Jun 26 09:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: input_userauth_request: invalid user guest [preauth]
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16300]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16358]: Successful su for rubyman by root
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16358]: + ??? root:rubyman
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595862 of user rubyman.
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16358]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595862.
Jun 26 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: Failed password for invalid user mh from 91.92.40.49 port 13448 ssh2
Jun 26 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13767]: pam_unix(cron:session): session closed for user root
Jun 26 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Failed password for invalid user guest from 91.92.40.49 port 22360 ssh2
Jun 26 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for root from 91.92.40.49 port 22340 ssh2
Jun 26 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: Connection closed by 91.92.40.49 port 13448 [preauth]
Jun 26 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Connection closed by 91.92.40.49 port 22360 [preauth]
Jun 26 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Connection closed by 91.92.40.49 port 22340 [preauth]
Jun 26 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16242]: Did not receive identification string from 91.92.40.49
Jun 26 09:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: Connection closed by 91.92.40.49 port 34800 [preauth]
Jun 26 09:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.234  user=root
Jun 26 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16583]: Failed password for root from 80.94.92.234 port 59206 ssh2
Jun 26 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16583]: Connection closed by 80.94.92.234 port 59206 [preauth]
Jun 26 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session closed for user root
Jun 26 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: Invalid user ftptest from 91.92.40.49
Jun 26 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: input_userauth_request: invalid user ftptest [preauth]
Jun 26 09:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: Failed password for invalid user ftptest from 91.92.40.49 port 25764 ssh2
Jun 26 09:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: Connection closed by 91.92.40.49 port 25764 [preauth]
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16710]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16707]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16768]: Successful su for rubyman by root
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16768]: + ??? root:rubyman
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595868 of user rubyman.
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16768]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595868.
Jun 26 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14186]: pam_unix(cron:session): session closed for user root
Jun 26 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16708]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: Invalid user bot from 91.92.40.49
Jun 26 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: input_userauth_request: invalid user bot [preauth]
Jun 26 09:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: Failed password for invalid user bot from 91.92.40.49 port 32702 ssh2
Jun 26 09:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: Connection closed by 91.92.40.49 port 32702 [preauth]
Jun 26 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session closed for user root
Jun 26 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: Failed password for root from 91.92.40.49 port 45460 ssh2
Jun 26 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: Invalid user ubuntu from 43.159.51.254
Jun 26 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: Failed password for invalid user ubuntu from 43.159.51.254 port 55034 ssh2
Jun 26 09:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: Received disconnect from 43.159.51.254 port 55034:11: Bye Bye [preauth]
Jun 26 09:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: Disconnected from 43.159.51.254 port 55034 [preauth]
Jun 26 09:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: Connection closed by 91.92.40.49 port 45460 [preauth]
Jun 26 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Invalid user alex from 91.92.40.49
Jun 26 09:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: input_userauth_request: invalid user alex [preauth]
Jun 26 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17269]: Successful su for rubyman by root
Jun 26 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17269]: + ??? root:rubyman
Jun 26 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595870 of user rubyman.
Jun 26 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17269]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595870.
Jun 26 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session closed for user root
Jun 26 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Failed password for invalid user alex from 91.92.40.49 port 10446 ssh2
Jun 26 09:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: Failed password for invalid user ubuntu from 91.92.40.49 port 19598 ssh2
Jun 26 09:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Connection closed by 91.92.40.49 port 10446 [preauth]
Jun 26 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session closed for user root
Jun 26 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17147]: Invalid user centos from 91.92.40.49
Jun 26 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17147]: input_userauth_request: invalid user centos [preauth]
Jun 26 09:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: Connection closed by 91.92.40.49 port 19598 [preauth]
Jun 26 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17147]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17147]: Failed password for invalid user centos from 91.92.40.49 port 56854 ssh2
Jun 26 09:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: Invalid user osboxes from 91.92.40.49
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: input_userauth_request: invalid user osboxes [preauth]
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17623]: pam_unix(cron:session): session closed for user root
Jun 26 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17778]: Successful su for rubyman by root
Jun 26 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17778]: + ??? root:rubyman
Jun 26 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595876 of user rubyman.
Jun 26 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17778]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595876.
Jun 26 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session closed for user root
Jun 26 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session closed for user root
Jun 26 09:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: Invalid user gabrielle from 141.98.83.240
Jun 26 09:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: input_userauth_request: invalid user gabrielle [preauth]
Jun 26 09:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 09:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17147]: Connection closed by 91.92.40.49 port 56854 [preauth]
Jun 26 09:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: Failed password for invalid user gabrielle from 141.98.83.240 port 50874 ssh2
Jun 26 09:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: Failed password for invalid user gabrielle from 141.98.83.240 port 50874 ssh2
Jun 26 09:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: Failed password for invalid user gabrielle from 141.98.83.240 port 50874 ssh2
Jun 26 09:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: Connection closed by 141.98.83.240 port 50874 [preauth]
Jun 26 09:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 09:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: Failed password for invalid user osboxes from 91.92.40.49 port 22858 ssh2
Jun 26 09:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Failed password for root from 91.92.40.49 port 33656 ssh2
Jun 26 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16710]: pam_unix(cron:session): session closed for user root
Jun 26 09:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Invalid user claude from 91.92.40.49
Jun 26 09:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: input_userauth_request: invalid user claude [preauth]
Jun 26 09:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: Connection closed by 91.92.40.49 port 22858 [preauth]
Jun 26 09:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.234  user=root
Jun 26 09:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Failed password for root from 80.94.92.234 port 34038 ssh2
Jun 26 09:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Connection closed by 80.94.92.234 port 34038 [preauth]
Jun 26 09:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: Invalid user ts3 from 43.159.51.254
Jun 26 09:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: input_userauth_request: invalid user ts3 [preauth]
Jun 26 09:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Connection closed by 91.92.40.49 port 33656 [preauth]
Jun 26 09:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: Failed password for invalid user ts3 from 43.159.51.254 port 37896 ssh2
Jun 26 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: Received disconnect from 43.159.51.254 port 37896:11: Bye Bye [preauth]
Jun 26 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18163]: Disconnected from 43.159.51.254 port 37896 [preauth]
Jun 26 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Did not receive identification string from 91.92.40.49
Jun 26 09:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18185]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18184]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18182]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18262]: Successful su for rubyman by root
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18262]: + ??? root:rubyman
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595880 of user rubyman.
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18262]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595880.
Jun 26 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Failed password for invalid user claude from 91.92.40.49 port 47152 ssh2
Jun 26 09:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session closed for user root
Jun 26 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18183]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: Invalid user debian from 91.92.40.49
Jun 26 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: input_userauth_request: invalid user debian [preauth]
Jun 26 09:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: Invalid user web from 91.92.40.49
Jun 26 09:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: input_userauth_request: invalid user web [preauth]
Jun 26 09:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Connection closed by 91.92.40.49 port 47152 [preauth]
Jun 26 09:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17616]: Invalid user admin from 91.92.40.49
Jun 26 09:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17616]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.183.133  user=root
Jun 26 09:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18598]: Failed password for root from 188.166.183.133 port 53946 ssh2
Jun 26 09:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18598]: Connection closed by 188.166.183.133 port 53946 [preauth]
Jun 26 09:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: Failed password for invalid user debian from 91.92.40.49 port 31068 ssh2
Jun 26 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17209]: pam_unix(cron:session): session closed for user root
Jun 26 09:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: Failed password for invalid user web from 91.92.40.49 port 31116 ssh2
Jun 26 09:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: Did not receive identification string from 91.92.40.49
Jun 26 09:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18704]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18701]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18767]: Successful su for rubyman by root
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18767]: + ??? root:rubyman
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595884 of user rubyman.
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18767]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595884.
Jun 26 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15906]: pam_unix(cron:session): session closed for user root
Jun 26 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18702]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: Failed password for invalid user ubuntu from 91.92.40.49 port 48782 ssh2
Jun 26 09:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: Invalid user amine from 91.92.40.49
Jun 26 09:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: input_userauth_request: invalid user amine [preauth]
Jun 26 09:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18078]: Connection closed by 91.92.40.49 port 48782 [preauth]
Jun 26 09:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Failed password for root from 91.92.40.49 port 13046 ssh2
Jun 26 09:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Invalid user a from 91.92.40.49
Jun 26 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: input_userauth_request: invalid user a [preauth]
Jun 26 09:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: Failed password for invalid user amine from 91.92.40.49 port 33548 ssh2
Jun 26 09:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Connection closed by 91.92.40.49 port 13046 [preauth]
Jun 26 09:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: Connection closed by 91.92.40.49 port 33548 [preauth]
Jun 26 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Failed password for invalid user a from 91.92.40.49 port 36044 ssh2
Jun 26 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Connection closed by 91.92.40.49 port 36044 [preauth]
Jun 26 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17622]: pam_unix(cron:session): session closed for user root
Jun 26 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19117]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: Invalid user alec from 91.92.40.49
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: input_userauth_request: invalid user alec [preauth]
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19277]: Successful su for rubyman by root
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19277]: + ??? root:rubyman
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595890 of user rubyman.
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19277]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595890.
Jun 26 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session closed for user root
Jun 26 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19266]: Failed password for root from 43.159.51.254 port 48848 ssh2
Jun 26 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19266]: Received disconnect from 43.159.51.254 port 48848:11: Bye Bye [preauth]
Jun 26 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19266]: Disconnected from 43.159.51.254 port 48848 [preauth]
Jun 26 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: Failed password for invalid user alec from 91.92.40.49 port 48558 ssh2
Jun 26 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: Failed password for root from 91.92.40.49 port 59620 ssh2
Jun 26 09:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: Connection closed by 91.92.40.49 port 48558 [preauth]
Jun 26 09:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19064]: Connection closed by 91.92.40.49 port 59620 [preauth]
Jun 26 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18185]: pam_unix(cron:session): session closed for user root
Jun 26 09:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: Invalid user sammy from 91.92.40.49
Jun 26 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: input_userauth_request: invalid user sammy [preauth]
Jun 26 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Failed password for root from 51.250.105.222 port 55402 ssh2
Jun 26 09:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Connection closed by 51.250.105.222 port 55402 [preauth]
Jun 26 09:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Failed password for invalid user ubuntu from 91.92.40.49 port 16302 ssh2
Jun 26 09:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: Failed password for invalid user sammy from 91.92.40.49 port 16356 ssh2
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19841]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19836]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19910]: Successful su for rubyman by root
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19910]: + ??? root:rubyman
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595892 of user rubyman.
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19910]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595892.
Jun 26 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16709]: pam_unix(cron:session): session closed for user root
Jun 26 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Connection closed by 91.92.40.49 port 16302 [preauth]
Jun 26 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19837]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Invalid user installer from 91.92.40.49
Jun 26 09:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: input_userauth_request: invalid user installer [preauth]
Jun 26 09:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.234  user=root
Jun 26 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: Connection closed by 91.92.40.49 port 16356 [preauth]
Jun 26 09:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Failed password for root from 80.94.92.234 port 37032 ssh2
Jun 26 09:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Connection closed by 80.94.92.234 port 37032 [preauth]
Jun 26 09:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Failed password for invalid user installer from 91.92.40.49 port 51440 ssh2
Jun 26 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18704]: pam_unix(cron:session): session closed for user root
Jun 26 09:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: Invalid user sdadmin from 91.92.40.49
Jun 26 09:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: input_userauth_request: invalid user sdadmin [preauth]
Jun 26 09:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Connection closed by 91.92.40.49 port 51440 [preauth]
Jun 26 09:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: Failed password for invalid user sdadmin from 91.92.40.49 port 52278 ssh2
Jun 26 09:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: Invalid user user3 from 91.92.40.49
Jun 26 09:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: input_userauth_request: invalid user user3 [preauth]
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20351]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20352]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20352]: pam_unix(cron:session): session closed for user root
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20424]: Successful su for rubyman by root
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20424]: + ??? root:rubyman
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595897 of user rubyman.
Jun 26 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20424]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595897.
Jun 26 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20349]: pam_unix(cron:session): session closed for user root
Jun 26 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17208]: pam_unix(cron:session): session closed for user root
Jun 26 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20348]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: Invalid user celeste from 91.92.40.49
Jun 26 09:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: input_userauth_request: invalid user celeste [preauth]
Jun 26 09:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: Connection closed by 91.92.40.49 port 52278 [preauth]
Jun 26 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 09:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Failed password for root from 43.159.51.254 port 59946 ssh2
Jun 26 09:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Received disconnect from 43.159.51.254 port 59946:11: Bye Bye [preauth]
Jun 26 09:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Disconnected from 43.159.51.254 port 59946 [preauth]
Jun 26 09:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: Failed password for invalid user user3 from 91.92.40.49 port 12456 ssh2
Jun 26 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: Failed password for invalid user celeste from 91.92.40.49 port 47710 ssh2
Jun 26 09:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19121]: pam_unix(cron:session): session closed for user root
Jun 26 09:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: Invalid user j from 91.92.40.49
Jun 26 09:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: input_userauth_request: invalid user j [preauth]
Jun 26 09:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: Connection closed by 91.92.40.49 port 12456 [preauth]
Jun 26 09:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19830]: Connection closed by 91.92.40.49 port 47710 [preauth]
Jun 26 09:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: Failed password for invalid user j from 91.92.40.49 port 25902 ssh2
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20896]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20894]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20959]: Successful su for rubyman by root
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20959]: + ??? root:rubyman
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595903 of user rubyman.
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20959]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595903.
Jun 26 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17621]: pam_unix(cron:session): session closed for user root
Jun 26 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20895]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20314]: Invalid user ubuntu from 91.92.40.49
Jun 26 09:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20314]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 09:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20314]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20314]: Failed password for invalid user ubuntu from 91.92.40.49 port 63546 ssh2
Jun 26 09:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20136]: Connection closed by 91.92.40.49 port 25902 [preauth]
Jun 26 09:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20314]: Connection closed by 91.92.40.49 port 63546 [preauth]
Jun 26 09:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19842]: pam_unix(cron:session): session closed for user root
Jun 26 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Invalid user share from 91.92.40.49
Jun 26 09:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: input_userauth_request: invalid user share [preauth]
Jun 26 09:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.234  user=root
Jun 26 09:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Failed password for root from 80.94.92.234 port 40032 ssh2
Jun 26 09:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Connection closed by 80.94.92.234 port 40032 [preauth]
Jun 26 09:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20726]: Invalid user readonlyuser from 91.92.40.49
Jun 26 09:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20726]: input_userauth_request: invalid user readonlyuser [preauth]
Jun 26 09:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Invalid user backend from 91.92.40.49
Jun 26 09:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: input_userauth_request: invalid user backend [preauth]
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21308]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21377]: Successful su for rubyman by root
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21377]: + ??? root:rubyman
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595907 of user rubyman.
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21377]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595907.
Jun 26 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Failed password for invalid user share from 91.92.40.49 port 38988 ssh2
Jun 26 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18184]: pam_unix(cron:session): session closed for user root
Jun 26 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Did not receive identification string from 91.92.40.49
Jun 26 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21309]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20726]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20726]: Failed password for invalid user readonlyuser from 91.92.40.49 port 27710 ssh2
Jun 26 09:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Failed password for invalid user backend from 91.92.40.49 port 27758 ssh2
Jun 26 09:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: Invalid user admin1 from 91.92.40.49
Jun 26 09:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: input_userauth_request: invalid user admin1 [preauth]
Jun 26 09:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: Invalid user sol from 43.159.51.254
Jun 26 09:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: input_userauth_request: invalid user sol [preauth]
Jun 26 09:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: Failed password for invalid user sol from 43.159.51.254 port 42850 ssh2
Jun 26 09:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: Received disconnect from 43.159.51.254 port 42850:11: Bye Bye [preauth]
Jun 26 09:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: Disconnected from 43.159.51.254 port 42850 [preauth]
Jun 26 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20351]: pam_unix(cron:session): session closed for user root
Jun 26 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: Failed password for invalid user admin1 from 91.92.40.49 port 17658 ssh2
Jun 26 09:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Invalid user bot from 91.92.40.49
Jun 26 09:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: input_userauth_request: invalid user bot [preauth]
Jun 26 09:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: Invalid user jenkins from 91.92.40.49
Jun 26 09:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: input_userauth_request: invalid user jenkins [preauth]
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21754]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: Successful su for rubyman by root
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: + ??? root:rubyman
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595910 of user rubyman.
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595910.
Jun 26 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Failed password for invalid user bot from 91.92.40.49 port 51368 ssh2
Jun 26 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18703]: pam_unix(cron:session): session closed for user root
Jun 26 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21755]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: Failed password for root from 103.82.132.16 port 49954 ssh2
Jun 26 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: Connection closed by 103.82.132.16 port 49954 [preauth]
Jun 26 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Failed password for root from 91.92.40.49 port 48566 ssh2
Jun 26 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: Failed password for invalid user jenkins from 91.92.40.49 port 48576 ssh2
Jun 26 09:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Connection closed by 91.92.40.49 port 51368 [preauth]
Jun 26 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: Invalid user admin from 2.57.121.25
Jun 26 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: input_userauth_request: invalid user admin [preauth]
Jun 26 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Connection closed by 91.92.40.49 port 48566 [preauth]
Jun 26 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: Failed password for invalid user admin from 2.57.121.25 port 25190 ssh2
Jun 26 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: Failed password for invalid user admin from 2.57.121.25 port 25190 ssh2
Jun 26 09:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: Failed password for invalid user admin from 2.57.121.25 port 25190 ssh2
Jun 26 09:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21251]: Connection closed by 91.92.40.49 port 48576 [preauth]
Jun 26 09:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: Connection closed by 2.57.121.25 port 25190 [preauth]
Jun 26 09:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22027]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 09:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: Invalid user bot from 91.92.40.49
Jun 26 09:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: input_userauth_request: invalid user bot [preauth]
Jun 26 09:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Invalid user user from 91.92.40.49
Jun 26 09:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: input_userauth_request: invalid user user [preauth]
Jun 26 09:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20897]: pam_unix(cron:session): session closed for user root
Jun 26 09:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: Failed password for invalid user bot from 91.92.40.49 port 36850 ssh2
Jun 26 09:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22071]: Did not receive identification string from 91.92.40.49
Jun 26 09:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Failed password for invalid user user from 91.92.40.49 port 65166 ssh2
Jun 26 09:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22173]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22169]: pam_unix(cron:session): session closed for user p13x
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22234]: Successful su for rubyman by root
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22234]: + ??? root:rubyman
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595915 of user rubyman.
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22234]: pam_unix(su:session): session closed for user rubyman
Jun 26 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595915.
Jun 26 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19119]: pam_unix(cron:session): session closed for user root
Jun 26 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22170]: pam_unix(cron:session): session closed for user samftp
Jun 26 09:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: Connection closed by 91.92.40.49 port 36850 [preauth]
Jun 26 09:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Connection closed by 91.92.40.49 port 65166 [preauth]
Jun 26 09:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22167]: Did not receive identification string from 91.92.40.49
Jun 26 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21311]: pam_unix(cron:session): session closed for user root
Jun 26 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: Invalid user dany from 91.92.40.49
Jun 26 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: input_userauth_request: invalid user dany [preauth]
Jun 26 09:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: Invalid user song from 43.159.51.254
Jun 26 09:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: input_userauth_request: invalid user song [preauth]
Jun 26 09:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 09:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.234  user=root
Jun 26 09:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: Failed password for invalid user song from 43.159.51.254 port 53956 ssh2
Jun 26 09:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: Received disconnect from 43.159.51.254 port 53956:11: Bye Bye [preauth]
Jun 26 09:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22607]: Disconnected from 43.159.51.254 port 53956 [preauth]
Jun 26 09:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22037]: Invalid user test from 91.92.40.49
Jun 26 09:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22037]: input_userauth_request: invalid user test [preauth]
Jun 26 09:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Failed password for root from 80.94.92.234 port 42992 ssh2
Jun 26 09:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Connection closed by 80.94.92.234 port 42992 [preauth]
Jun 26 09:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Invalid user matias from 91.92.40.49
Jun 26 09:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: input_userauth_request: invalid user matias [preauth]
Jun 26 09:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: Invalid user monitor from 91.92.40.49
Jun 26 09:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: input_userauth_request: invalid user monitor [preauth]
Jun 26 09:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: Failed password for invalid user dany from 91.92.40.49 port 34804 ssh2
Jun 26 09:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22037]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22037]: Failed password for invalid user test from 91.92.40.49 port 54996 ssh2
Jun 26 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 09:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 09:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 09:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: Failed password for invalid user monitor from 91.92.40.49 port 55076 ssh2
Jun 26 09:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: Connection closed by 91.92.40.49 port 34804 [preauth]
Jun 26 09:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22666]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22666]: pam_unix(cron:session): session closed for user root
Jun 26 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22670]: pam_unix(cron:session): session closed for user root
Jun 26 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22664]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: Successful su for rubyman by root
Jun 26 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: + ??? root:rubyman
Jun 26 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595918 of user rubyman.
Jun 26 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595918.
Jun 26 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22037]: Connection closed by 91.92.40.49 port 54996 [preauth]
Jun 26 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22667]: pam_unix(cron:session): session closed for user root
Jun 26 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19841]: pam_unix(cron:session): session closed for user root
Jun 26 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22665]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Failed password for invalid user matias from 91.92.40.49 port 55002 ssh2
Jun 26 10:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: Connection closed by 91.92.40.49 port 55076 [preauth]
Jun 26 10:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21757]: pam_unix(cron:session): session closed for user root
Jun 26 10:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Invalid user eduardo from 91.92.40.49
Jun 26 10:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: input_userauth_request: invalid user eduardo [preauth]
Jun 26 10:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23179]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23177]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23256]: Successful su for rubyman by root
Jun 26 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23256]: + ??? root:rubyman
Jun 26 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595925 of user rubyman.
Jun 26 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23256]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595925.
Jun 26 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20350]: pam_unix(cron:session): session closed for user root
Jun 26 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23178]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Invalid user eva from 91.92.40.49
Jun 26 10:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: input_userauth_request: invalid user eva [preauth]
Jun 26 10:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Failed password for invalid user eduardo from 91.92.40.49 port 41314 ssh2
Jun 26 10:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Failed password for root from 91.92.40.49 port 22588 ssh2
Jun 26 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Connection closed by 91.92.40.49 port 41314 [preauth]
Jun 26 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Failed password for invalid user eva from 91.92.40.49 port 22604 ssh2
Jun 26 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22173]: pam_unix(cron:session): session closed for user root
Jun 26 10:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: Invalid user maud from 91.92.40.49
Jun 26 10:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: input_userauth_request: invalid user maud [preauth]
Jun 26 10:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22639]: Connection closed by 91.92.40.49 port 22588 [preauth]
Jun 26 10:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Connection closed by 91.92.40.49 port 22604 [preauth]
Jun 26 10:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Invalid user caprover from 43.159.51.254
Jun 26 10:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: input_userauth_request: invalid user caprover [preauth]
Jun 26 10:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 10:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: Failed password for root from 91.92.40.49 port 34232 ssh2
Jun 26 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: Invalid user ecommerce from 91.92.40.49
Jun 26 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: input_userauth_request: invalid user ecommerce [preauth]
Jun 26 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Failed password for invalid user caprover from 43.159.51.254 port 36784 ssh2
Jun 26 10:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Received disconnect from 43.159.51.254 port 36784:11: Bye Bye [preauth]
Jun 26 10:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23580]: Disconnected from 43.159.51.254 port 36784 [preauth]
Jun 26 10:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: Failed password for invalid user maud from 91.92.40.49 port 13670 ssh2
Jun 26 10:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.234  user=root
Jun 26 10:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: Connection closed by 91.92.40.49 port 34232 [preauth]
Jun 26 10:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: Failed password for root from 80.94.92.234 port 45970 ssh2
Jun 26 10:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: Connection closed by 80.94.92.234 port 45970 [preauth]
Jun 26 10:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: Connection closed by 91.92.40.49 port 13670 [preauth]
Jun 26 10:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: Failed password for invalid user ecommerce from 91.92.40.49 port 46938 ssh2
Jun 26 10:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: Connection closed by 91.92.40.49 port 46938 [preauth]
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23622]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23619]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23691]: Successful su for rubyman by root
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23691]: + ??? root:rubyman
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595929 of user rubyman.
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23691]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595929.
Jun 26 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20896]: pam_unix(cron:session): session closed for user root
Jun 26 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23620]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Invalid user github from 91.92.40.49
Jun 26 10:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: input_userauth_request: invalid user github [preauth]
Jun 26 10:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Invalid user devuser from 91.92.40.49
Jun 26 10:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: input_userauth_request: invalid user devuser [preauth]
Jun 26 10:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22669]: pam_unix(cron:session): session closed for user root
Jun 26 10:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Failed password for invalid user devuser from 91.92.40.49 port 38300 ssh2
Jun 26 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Failed password for root from 91.92.40.49 port 53530 ssh2
Jun 26 10:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Connection closed by 91.92.40.49 port 38300 [preauth]
Jun 26 10:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Invalid user jboss from 91.92.40.49
Jun 26 10:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: input_userauth_request: invalid user jboss [preauth]
Jun 26 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Failed password for invalid user github from 91.92.40.49 port 24998 ssh2
Jun 26 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24143]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24141]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: Successful su for rubyman by root
Jun 26 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: + ??? root:rubyman
Jun 26 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595934 of user rubyman.
Jun 26 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595934.
Jun 26 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Connection closed by 91.92.40.49 port 53530 [preauth]
Jun 26 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21310]: pam_unix(cron:session): session closed for user root
Jun 26 10:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24142]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Failed password for invalid user jboss from 91.92.40.49 port 27622 ssh2
Jun 26 10:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Connection closed by 91.92.40.49 port 24998 [preauth]
Jun 26 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session closed for user root
Jun 26 10:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24068]: Invalid user no from 91.92.40.49
Jun 26 10:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24068]: input_userauth_request: invalid user no [preauth]
Jun 26 10:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Connection closed by 91.92.40.49 port 27622 [preauth]
Jun 26 10:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: Invalid user ali from 91.92.40.49
Jun 26 10:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: input_userauth_request: invalid user ali [preauth]
Jun 26 10:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24068]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24068]: Failed password for invalid user no from 91.92.40.49 port 30662 ssh2
Jun 26 10:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: Invalid user vbox from 43.159.51.254
Jun 26 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: input_userauth_request: invalid user vbox [preauth]
Jun 26 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 10:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: Failed password for invalid user vbox from 43.159.51.254 port 47868 ssh2
Jun 26 10:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: Received disconnect from 43.159.51.254 port 47868:11: Bye Bye [preauth]
Jun 26 10:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24558]: Disconnected from 43.159.51.254 port 47868 [preauth]
Jun 26 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24570]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24656]: Successful su for rubyman by root
Jun 26 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24656]: + ??? root:rubyman
Jun 26 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595940 of user rubyman.
Jun 26 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24656]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595940.
Jun 26 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21756]: pam_unix(cron:session): session closed for user root
Jun 26 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: Failed password for invalid user ali from 91.92.40.49 port 30668 ssh2
Jun 26 10:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: Invalid user root1 from 91.92.40.49
Jun 26 10:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: input_userauth_request: invalid user root1 [preauth]
Jun 26 10:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24068]: Connection closed by 91.92.40.49 port 30662 [preauth]
Jun 26 10:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: Invalid user postgres from 91.92.40.49
Jun 26 10:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: input_userauth_request: invalid user postgres [preauth]
Jun 26 10:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24367]: Invalid user admin from 91.92.40.49
Jun 26 10:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24367]: input_userauth_request: invalid user admin [preauth]
Jun 26 10:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: Connection closed by 91.92.40.49 port 30668 [preauth]
Jun 26 10:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.234  user=root
Jun 26 10:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Did not receive identification string from 91.92.40.49
Jun 26 10:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Failed password for root from 80.94.92.234 port 48956 ssh2
Jun 26 10:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Connection closed by 80.94.92.234 port 48956 [preauth]
Jun 26 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23622]: pam_unix(cron:session): session closed for user root
Jun 26 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24852]: Did not receive identification string from 91.92.40.49
Jun 26 10:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: Failed password for invalid user root1 from 91.92.40.49 port 56250 ssh2
Jun 26 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24139]: Failed password for invalid user postgres from 91.92.40.49 port 24104 ssh2
Jun 26 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24367]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24367]: Failed password for invalid user admin from 91.92.40.49 port 24106 ssh2
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25004]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25004]: pam_unix(cron:session): session closed for user root
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25078]: Successful su for rubyman by root
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25078]: + ??? root:rubyman
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595941 of user rubyman.
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25078]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595941.
Jun 26 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session closed for user root
Jun 26 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22171]: pam_unix(cron:session): session closed for user root
Jun 26 10:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24568]: Invalid user deploy from 91.92.40.49
Jun 26 10:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24568]: input_userauth_request: invalid user deploy [preauth]
Jun 26 10:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: Invalid user bot from 91.92.40.49
Jun 26 10:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: input_userauth_request: invalid user bot [preauth]
Jun 26 10:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: Invalid user admin from 91.92.40.49
Jun 26 10:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: input_userauth_request: invalid user admin [preauth]
Jun 26 10:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24568]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24568]: Failed password for invalid user deploy from 91.92.40.49 port 63620 ssh2
Jun 26 10:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: Failed password for invalid user bot from 91.92.40.49 port 63648 ssh2
Jun 26 10:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: Failed password for invalid user admin from 91.92.40.49 port 17332 ssh2
Jun 26 10:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session closed for user root
Jun 26 10:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24568]: Connection closed by 91.92.40.49 port 63620 [preauth]
Jun 26 10:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: Connection closed by 91.92.40.49 port 63648 [preauth]
Jun 26 10:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: Connection closed by 91.92.40.49 port 17332 [preauth]
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25432]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25503]: Successful su for rubyman by root
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25503]: + ??? root:rubyman
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595948 of user rubyman.
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25503]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595948.
Jun 26 10:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Invalid user test1234 from 43.159.51.254
Jun 26 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: input_userauth_request: invalid user test1234 [preauth]
Jun 26 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22668]: pam_unix(cron:session): session closed for user root
Jun 26 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25433]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Failed password for invalid user test1234 from 43.159.51.254 port 58938 ssh2
Jun 26 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Received disconnect from 43.159.51.254 port 58938:11: Bye Bye [preauth]
Jun 26 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Disconnected from 43.159.51.254 port 58938 [preauth]
Jun 26 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25322]: Invalid user kafka from 91.92.40.49
Jun 26 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25322]: input_userauth_request: invalid user kafka [preauth]
Jun 26 10:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Invalid user admin from 91.92.40.49
Jun 26 10:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: input_userauth_request: invalid user admin [preauth]
Jun 26 10:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25322]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25336]: Invalid user developer from 91.92.40.49
Jun 26 10:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25336]: input_userauth_request: invalid user developer [preauth]
Jun 26 10:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25322]: Failed password for invalid user kafka from 91.92.40.49 port 23308 ssh2
Jun 26 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25336]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Failed password for invalid user admin from 91.92.40.49 port 23282 ssh2
Jun 26 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25322]: Connection closed by 91.92.40.49 port 23308 [preauth]
Jun 26 10:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Connection closed by 91.92.40.49 port 23282 [preauth]
Jun 26 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25336]: Failed password for invalid user developer from 91.92.40.49 port 23344 ssh2
Jun 26 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25336]: Connection closed by 91.92.40.49 port 23344 [preauth]
Jun 26 10:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24573]: pam_unix(cron:session): session closed for user root
Jun 26 10:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.234  user=root
Jun 26 10:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25785]: Failed password for root from 80.94.92.234 port 51920 ssh2
Jun 26 10:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25785]: Connection closed by 80.94.92.234 port 51920 [preauth]
Jun 26 10:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Invalid user web from 91.92.40.49
Jun 26 10:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: input_userauth_request: invalid user web [preauth]
Jun 26 10:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: Invalid user server from 91.92.40.49
Jun 26 10:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: input_userauth_request: invalid user server [preauth]
Jun 26 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25846]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25843]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: Successful su for rubyman by root
Jun 26 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: + ??? root:rubyman
Jun 26 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595951 of user rubyman.
Jun 26 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595951.
Jun 26 10:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Failed password for invalid user web from 91.92.40.49 port 15442 ssh2
Jun 26 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23179]: pam_unix(cron:session): session closed for user root
Jun 26 10:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25844]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: Failed password for invalid user server from 91.92.40.49 port 43082 ssh2
Jun 26 10:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Connection closed by 91.92.40.49 port 15442 [preauth]
Jun 26 10:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25747]: Connection closed by 91.92.40.49 port 43082 [preauth]
Jun 26 10:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: Failed password for root from 91.92.40.49 port 30202 ssh2
Jun 26 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25003]: pam_unix(cron:session): session closed for user root
Jun 26 10:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: Invalid user zookeeper from 91.92.40.49
Jun 26 10:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: input_userauth_request: invalid user zookeeper [preauth]
Jun 26 10:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25799]: Connection closed by 91.92.40.49 port 30202 [preauth]
Jun 26 10:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: Failed password for invalid user zookeeper from 91.92.40.49 port 32184 ssh2
Jun 26 10:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26086]: Invalid user localhost from 91.92.40.49
Jun 26 10:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26086]: input_userauth_request: invalid user localhost [preauth]
Jun 26 10:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: Connection closed by 91.92.40.49 port 32184 [preauth]
Jun 26 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26086]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26251]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: Successful su for rubyman by root
Jun 26 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: + ??? root:rubyman
Jun 26 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595955 of user rubyman.
Jun 26 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595955.
Jun 26 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26086]: Failed password for invalid user localhost from 91.92.40.49 port 34048 ssh2
Jun 26 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23621]: pam_unix(cron:session): session closed for user root
Jun 26 10:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26249]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 10:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 10:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: Failed password for root from 103.27.238.114 port 46190 ssh2
Jun 26 10:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26490]: Connection closed by 103.27.238.114 port 46190 [preauth]
Jun 26 10:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26492]: Failed password for root from 43.159.51.254 port 41786 ssh2
Jun 26 10:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26492]: Received disconnect from 43.159.51.254 port 41786:11: Bye Bye [preauth]
Jun 26 10:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26492]: Disconnected from 43.159.51.254 port 41786 [preauth]
Jun 26 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Failed password for root from 91.92.40.49 port 44486 ssh2
Jun 26 10:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26086]: Connection closed by 91.92.40.49 port 34048 [preauth]
Jun 26 10:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25435]: pam_unix(cron:session): session closed for user root
Jun 26 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Connection closed by 91.92.40.49 port 44486 [preauth]
Jun 26 10:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for root from 91.92.40.49 port 13614 ssh2
Jun 26 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26226]: Invalid user yellow from 91.92.40.49
Jun 26 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26226]: input_userauth_request: invalid user yellow [preauth]
Jun 26 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: Invalid user danny from 91.92.40.49
Jun 26 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: input_userauth_request: invalid user danny [preauth]
Jun 26 10:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Connection closed by 91.92.40.49 port 13614 [preauth]
Jun 26 10:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26226]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.92.234  user=root
Jun 26 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26226]: Failed password for invalid user yellow from 91.92.40.49 port 13636 ssh2
Jun 26 10:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: Failed password for invalid user danny from 91.92.40.49 port 39142 ssh2
Jun 26 10:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Failed password for root from 80.94.92.234 port 54856 ssh2
Jun 26 10:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Connection closed by 80.94.92.234 port 54856 [preauth]
Jun 26 10:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26226]: Connection closed by 91.92.40.49 port 13636 [preauth]
Jun 26 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: Connection closed by 91.92.40.49 port 39142 [preauth]
Jun 26 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26651]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26652]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26649]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Invalid user git from 91.92.40.49
Jun 26 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: input_userauth_request: invalid user git [preauth]
Jun 26 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26854]: Successful su for rubyman by root
Jun 26 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26854]: + ??? root:rubyman
Jun 26 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595959 of user rubyman.
Jun 26 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26854]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595959.
Jun 26 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session closed for user root
Jun 26 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24143]: pam_unix(cron:session): session closed for user root
Jun 26 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26650]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Failed password for invalid user git from 91.92.40.49 port 38880 ssh2
Jun 26 10:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Connection closed by 91.92.40.49 port 38880 [preauth]
Jun 26 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Invalid user kevin from 91.92.40.49
Jun 26 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: input_userauth_request: invalid user kevin [preauth]
Jun 26 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27027]: Invalid user tmp from 91.92.40.49
Jun 26 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27027]: input_userauth_request: invalid user tmp [preauth]
Jun 26 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25846]: pam_unix(cron:session): session closed for user root
Jun 26 10:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27027]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Failed password for invalid user kevin from 91.92.40.49 port 23642 ssh2
Jun 26 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27027]: Failed password for invalid user tmp from 91.92.40.49 port 23650 ssh2
Jun 26 10:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Connection closed by 91.92.40.49 port 23642 [preauth]
Jun 26 10:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27027]: Connection closed by 91.92.40.49 port 23650 [preauth]
Jun 26 10:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session closed for user root
Jun 26 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27322]: Successful su for rubyman by root
Jun 26 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27322]: + ??? root:rubyman
Jun 26 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595964 of user rubyman.
Jun 26 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27322]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595964.
Jun 26 10:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24572]: pam_unix(cron:session): session closed for user root
Jun 26 10:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session closed for user root
Jun 26 10:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Failed password for root from 91.92.40.49 port 20662 ssh2
Jun 26 10:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Invalid user jester from 43.159.51.254
Jun 26 10:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: input_userauth_request: invalid user jester [preauth]
Jun 26 10:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 10:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Connection closed by 91.92.40.49 port 20662 [preauth]
Jun 26 10:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Failed password for invalid user jester from 43.159.51.254 port 52872 ssh2
Jun 26 10:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Received disconnect from 43.159.51.254 port 52872:11: Bye Bye [preauth]
Jun 26 10:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Disconnected from 43.159.51.254 port 52872 [preauth]
Jun 26 10:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Failed password for root from 91.92.40.49 port 20684 ssh2
Jun 26 10:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Connection closed by 91.92.40.49 port 20684 [preauth]
Jun 26 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26251]: pam_unix(cron:session): session closed for user root
Jun 26 10:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: Invalid user a from 91.92.40.49
Jun 26 10:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: input_userauth_request: invalid user a [preauth]
Jun 26 10:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: Invalid user marina from 91.92.40.49
Jun 26 10:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: input_userauth_request: invalid user marina [preauth]
Jun 26 10:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: Failed password for invalid user a from 91.92.40.49 port 46788 ssh2
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27699]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27697]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27693]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27770]: Successful su for rubyman by root
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27770]: + ??? root:rubyman
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595972 of user rubyman.
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27770]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595972.
Jun 26 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: Connection closed by 91.92.40.49 port 46788 [preauth]
Jun 26 10:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25002]: pam_unix(cron:session): session closed for user root
Jun 26 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: Failed password for invalid user marina from 91.92.40.49 port 39174 ssh2
Jun 26 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27694]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27556]: Connection closed by 91.92.40.49 port 39174 [preauth]
Jun 26 10:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: Failed password for root from 91.92.40.49 port 25336 ssh2
Jun 26 10:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27608]: Failed password for root from 91.92.40.49 port 47912 ssh2
Jun 26 10:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: Connection closed by 91.92.40.49 port 25336 [preauth]
Jun 26 10:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Invalid user admin from 91.92.40.49
Jun 26 10:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: input_userauth_request: invalid user admin [preauth]
Jun 26 10:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27608]: Connection closed by 91.92.40.49 port 47912 [preauth]
Jun 26 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26652]: pam_unix(cron:session): session closed for user root
Jun 26 10:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Failed password for invalid user admin from 91.92.40.49 port 18010 ssh2
Jun 26 10:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Connection closed by 91.92.40.49 port 18010 [preauth]
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28174]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28235]: Successful su for rubyman by root
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28235]: + ??? root:rubyman
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595974 of user rubyman.
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28235]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595974.
Jun 26 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25434]: pam_unix(cron:session): session closed for user root
Jun 26 10:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28175]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Invalid user avalanche from 91.92.40.49
Jun 26 10:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: input_userauth_request: invalid user avalanche [preauth]
Jun 26 10:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Invalid user idempiere from 91.92.40.49
Jun 26 10:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: input_userauth_request: invalid user idempiere [preauth]
Jun 26 10:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Failed password for invalid user avalanche from 91.92.40.49 port 29200 ssh2
Jun 26 10:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: Failed password for root from 91.92.40.49 port 29152 ssh2
Jun 26 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session closed for user root
Jun 26 10:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Failed password for invalid user idempiere from 91.92.40.49 port 52630 ssh2
Jun 26 10:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: Invalid user reza from 43.159.51.254
Jun 26 10:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: input_userauth_request: invalid user reza [preauth]
Jun 26 10:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 10:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Connection closed by 91.92.40.49 port 29200 [preauth]
Jun 26 10:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: Failed password for invalid user reza from 43.159.51.254 port 35768 ssh2
Jun 26 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: Received disconnect from 43.159.51.254 port 35768:11: Bye Bye [preauth]
Jun 26 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: Disconnected from 43.159.51.254 port 35768 [preauth]
Jun 26 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: Connection closed by 91.92.40.49 port 29152 [preauth]
Jun 26 10:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Connection closed by 91.92.40.49 port 52630 [preauth]
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28668]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28665]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28734]: Successful su for rubyman by root
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28734]: + ??? root:rubyman
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595978 of user rubyman.
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28734]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595978.
Jun 26 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25845]: pam_unix(cron:session): session closed for user root
Jun 26 10:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28667]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28408]: Invalid user sales from 91.92.40.49
Jun 26 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28408]: input_userauth_request: invalid user sales [preauth]
Jun 26 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Invalid user steam from 91.92.40.49
Jun 26 10:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: input_userauth_request: invalid user steam [preauth]
Jun 26 10:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28408]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Invalid user git from 91.92.40.49
Jun 26 10:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: input_userauth_request: invalid user git [preauth]
Jun 26 10:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28408]: Failed password for invalid user sales from 91.92.40.49 port 12602 ssh2
Jun 26 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27699]: pam_unix(cron:session): session closed for user root
Jun 26 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Failed password for invalid user steam from 91.92.40.49 port 22928 ssh2
Jun 26 10:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28408]: Connection closed by 91.92.40.49 port 12602 [preauth]
Jun 26 10:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Failed password for invalid user git from 91.92.40.49 port 22966 ssh2
Jun 26 10:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Invalid user malika from 91.92.40.49
Jun 26 10:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: input_userauth_request: invalid user malika [preauth]
Jun 26 10:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Connection closed by 91.92.40.49 port 22928 [preauth]
Jun 26 10:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: Invalid user justin from 152.53.0.56
Jun 26 10:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: input_userauth_request: invalid user justin [preauth]
Jun 26 10:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Connection closed by 91.92.40.49 port 22966 [preauth]
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29108]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29105]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: Failed password for invalid user justin from 152.53.0.56 port 60264 ssh2
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: Received disconnect from 152.53.0.56 port 60264:11: Bye Bye [preauth]
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29091]: Disconnected from 152.53.0.56 port 60264 [preauth]
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29170]: Successful su for rubyman by root
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29170]: + ??? root:rubyman
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595982 of user rubyman.
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29170]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595982.
Jun 26 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session closed for user root
Jun 26 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29106]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Failed password for invalid user malika from 91.92.40.49 port 50834 ssh2
Jun 26 10:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Connection closed by 91.92.40.49 port 50834 [preauth]
Jun 26 10:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session closed for user root
Jun 26 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29391]: Did not receive identification string from 91.92.40.49
Jun 26 10:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28930]: Failed password for root from 91.92.40.49 port 65264 ssh2
Jun 26 10:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: Invalid user professor from 91.92.40.49
Jun 26 10:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: input_userauth_request: invalid user professor [preauth]
Jun 26 10:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Invalid user kobo from 43.159.51.254
Jun 26 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: input_userauth_request: invalid user kobo [preauth]
Jun 26 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 10:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Failed password for invalid user kobo from 43.159.51.254 port 46850 ssh2
Jun 26 10:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Received disconnect from 43.159.51.254 port 46850:11: Bye Bye [preauth]
Jun 26 10:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Disconnected from 43.159.51.254 port 46850 [preauth]
Jun 26 10:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user root
Jun 26 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: Successful su for rubyman by root
Jun 26 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: + ??? root:rubyman
Jun 26 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595988 of user rubyman.
Jun 26 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595988.
Jun 26 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user root
Jun 26 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28930]: Connection closed by 91.92.40.49 port 65264 [preauth]
Jun 26 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26651]: pam_unix(cron:session): session closed for user root
Jun 26 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29005]: Failed password for invalid user professor from 91.92.40.49 port 29796 ssh2
Jun 26 10:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: Invalid user repo from 91.92.40.49
Jun 26 10:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: input_userauth_request: invalid user repo [preauth]
Jun 26 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Did not receive identification string from 91.92.40.49
Jun 26 10:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28669]: pam_unix(cron:session): session closed for user root
Jun 26 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: Invalid user system from 91.92.40.49
Jun 26 10:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: input_userauth_request: invalid user system [preauth]
Jun 26 10:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29093]: Failed password for root from 91.92.40.49 port 31780 ssh2
Jun 26 10:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Failed password for root from 91.92.40.49 port 31818 ssh2
Jun 26 10:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30116]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30197]: Successful su for rubyman by root
Jun 26 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30197]: + ??? root:rubyman
Jun 26 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595993 of user rubyman.
Jun 26 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30197]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595993.
Jun 26 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: Failed password for invalid user system from 91.92.40.49 port 61822 ssh2
Jun 26 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Invalid user aaa from 91.92.40.49
Jun 26 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: input_userauth_request: invalid user aaa [preauth]
Jun 26 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session closed for user root
Jun 26 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30117]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: Invalid user client from 91.92.40.49
Jun 26 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: input_userauth_request: invalid user client [preauth]
Jun 26 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Failed password for root from 141.98.83.240 port 14122 ssh2
Jun 26 10:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 14122 ssh2]
Jun 26 10:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Connection closed by 141.98.83.240 port 14122 [preauth]
Jun 26 10:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 10:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Failed password for invalid user aaa from 91.92.40.49 port 18808 ssh2
Jun 26 10:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29108]: pam_unix(cron:session): session closed for user root
Jun 26 10:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: Failed password for root from 91.92.40.49 port 27458 ssh2
Jun 26 10:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Connection closed by 91.92.40.49 port 18808 [preauth]
Jun 26 10:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: Did not receive identification string from 91.92.40.49
Jun 26 10:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: Connection closed by 91.92.40.49 port 27458 [preauth]
Jun 26 10:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: Failed password for invalid user client from 91.92.40.49 port 33890 ssh2
Jun 26 10:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: Invalid user test3 from 91.92.40.49
Jun 26 10:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: input_userauth_request: invalid user test3 [preauth]
Jun 26 10:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30550]: pam_unix(cron:session): session closed for user root
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30631]: Successful su for rubyman by root
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30631]: + ??? root:rubyman
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 595996 of user rubyman.
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30631]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 595996.
Jun 26 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27697]: pam_unix(cron:session): session closed for user root
Jun 26 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30553]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: Invalid user qwe from 43.159.51.254
Jun 26 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: input_userauth_request: invalid user qwe [preauth]
Jun 26 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 10:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: Failed password for invalid user qwe from 43.159.51.254 port 58004 ssh2
Jun 26 10:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: Received disconnect from 43.159.51.254 port 58004:11: Bye Bye [preauth]
Jun 26 10:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: Disconnected from 43.159.51.254 port 58004 [preauth]
Jun 26 10:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: Failed password for invalid user test3 from 91.92.40.49 port 56550 ssh2
Jun 26 10:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Invalid user admin from 193.46.255.86
Jun 26 10:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: input_userauth_request: invalid user admin [preauth]
Jun 26 10:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 10:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Failed password for invalid user admin from 193.46.255.86 port 4254 ssh2
Jun 26 10:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Failed password for invalid user admin from 193.46.255.86 port 4254 ssh2
Jun 26 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Invalid user cyber from 91.92.40.49
Jun 26 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: input_userauth_request: invalid user cyber [preauth]
Jun 26 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user root
Jun 26 10:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Failed password for invalid user admin from 193.46.255.86 port 4254 ssh2
Jun 26 10:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Connection closed by 193.46.255.86 port 4254 [preauth]
Jun 26 10:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 10:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30839]: Did not receive identification string from 91.92.40.49
Jun 26 10:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30850]: Did not receive identification string from 91.92.40.49
Jun 26 10:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: Invalid user winston from 91.92.40.49
Jun 26 10:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: input_userauth_request: invalid user winston [preauth]
Jun 26 10:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Failed password for invalid user cyber from 91.92.40.49 port 39636 ssh2
Jun 26 10:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31076]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31137]: Successful su for rubyman by root
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31137]: + ??? root:rubyman
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596001 of user rubyman.
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31137]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596001.
Jun 26 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session closed for user root
Jun 26 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31077]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: Failed password for root from 91.92.40.49 port 39582 ssh2
Jun 26 10:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Connection closed by 91.92.40.49 port 39636 [preauth]
Jun 26 10:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Invalid user debian from 91.92.40.49
Jun 26 10:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: input_userauth_request: invalid user debian [preauth]
Jun 26 10:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Invalid user tony from 91.92.40.49
Jun 26 10:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: input_userauth_request: invalid user tony [preauth]
Jun 26 10:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: Connection closed by 91.92.40.49 port 39582 [preauth]
Jun 26 10:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30119]: pam_unix(cron:session): session closed for user root
Jun 26 10:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: Invalid user ubuntu from 91.92.40.49
Jun 26 10:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 10:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: Invalid user francisca from 2.57.121.112
Jun 26 10:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: input_userauth_request: invalid user francisca [preauth]
Jun 26 10:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 10:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Failed password for invalid user debian from 91.92.40.49 port 31642 ssh2
Jun 26 10:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: Failed password for invalid user francisca from 2.57.121.112 port 39728 ssh2
Jun 26 10:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: Failed password for invalid user francisca from 2.57.121.112 port 39728 ssh2
Jun 26 10:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: Failed password for invalid user francisca from 2.57.121.112 port 39728 ssh2
Jun 26 10:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: Failed password for invalid user francisca from 2.57.121.112 port 39728 ssh2
Jun 26 10:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: Failed password for invalid user francisca from 2.57.121.112 port 39728 ssh2
Jun 26 10:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: Connection closed by 2.57.121.112 port 39728 [preauth]
Jun 26 10:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 10:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31425]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 26 10:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Failed password for invalid user tony from 91.92.40.49 port 39538 ssh2
Jun 26 10:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: Failed password for invalid user ubuntu from 91.92.40.49 port 17158 ssh2
Jun 26 10:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Connection closed by 91.92.40.49 port 31642 [preauth]
Jun 26 10:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: Invalid user marketing from 91.92.40.49
Jun 26 10:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: input_userauth_request: invalid user marketing [preauth]
Jun 26 10:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: Invalid user ubuntu from 91.92.40.49
Jun 26 10:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 10:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30814]: Connection closed by 91.92.40.49 port 17158 [preauth]
Jun 26 10:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: Failed password for root from 91.92.40.49 port 31680 ssh2
Jun 26 10:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: Connection closed by 91.92.40.49 port 31680 [preauth]
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31476]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31548]: Successful su for rubyman by root
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31548]: + ??? root:rubyman
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596005 of user rubyman.
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31548]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596005.
Jun 26 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: Failed password for invalid user marketing from 91.92.40.49 port 28906 ssh2
Jun 26 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: Failed password for invalid user ubuntu from 91.92.40.49 port 28946 ssh2
Jun 26 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: Connection closed by 91.92.40.49 port 28906 [preauth]
Jun 26 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31064]: Connection closed by 91.92.40.49 port 28946 [preauth]
Jun 26 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28668]: pam_unix(cron:session): session closed for user root
Jun 26 10:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31477]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31858]: Failed password for root from 43.159.51.254 port 40834 ssh2
Jun 26 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31858]: Received disconnect from 43.159.51.254 port 40834:11: Bye Bye [preauth]
Jun 26 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31858]: Disconnected from 43.159.51.254 port 40834 [preauth]
Jun 26 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30555]: pam_unix(cron:session): session closed for user root
Jun 26 10:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 10:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31903]: Failed password for root from 43.160.249.98 port 60622 ssh2
Jun 26 10:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31903]: Received disconnect from 43.160.249.98 port 60622:11: Bye Bye [preauth]
Jun 26 10:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31903]: Disconnected from 43.160.249.98 port 60622 [preauth]
Jun 26 10:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 10:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: Failed password for root from 202.178.126.219 port 58824 ssh2
Jun 26 10:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: Connection closed by 202.178.126.219 port 58824 [preauth]
Jun 26 10:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Failed password for root from 91.92.40.49 port 50520 ssh2
Jun 26 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32003]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32002]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32003]: pam_unix(cron:session): session closed for user root
Jun 26 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31998]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32083]: Successful su for rubyman by root
Jun 26 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32083]: + ??? root:rubyman
Jun 26 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596011 of user rubyman.
Jun 26 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32083]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596011.
Jun 26 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32000]: pam_unix(cron:session): session closed for user root
Jun 26 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29107]: pam_unix(cron:session): session closed for user root
Jun 26 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31999]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Invalid user intranet from 91.92.40.49
Jun 26 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: input_userauth_request: invalid user intranet [preauth]
Jun 26 10:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Connection closed by 91.92.40.49 port 50520 [preauth]
Jun 26 10:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: Invalid user appuser from 91.92.40.49
Jun 26 10:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: input_userauth_request: invalid user appuser [preauth]
Jun 26 10:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: Failed password for root from 91.92.40.49 port 50564 ssh2
Jun 26 10:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Failed password for invalid user intranet from 91.92.40.49 port 34812 ssh2
Jun 26 10:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: Failed password for invalid user appuser from 91.92.40.49 port 34828 ssh2
Jun 26 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: Connection closed by 91.92.40.49 port 50564 [preauth]
Jun 26 10:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Connection closed by 91.92.40.49 port 34812 [preauth]
Jun 26 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31079]: pam_unix(cron:session): session closed for user root
Jun 26 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Invalid user sharon from 91.92.40.49
Jun 26 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: input_userauth_request: invalid user sharon [preauth]
Jun 26 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31849]: Connection closed by 91.92.40.49 port 34828 [preauth]
Jun 26 10:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Failed password for invalid user sharon from 91.92.40.49 port 54572 ssh2
Jun 26 10:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: Invalid user leo from 91.92.40.49
Jun 26 10:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: input_userauth_request: invalid user leo [preauth]
Jun 26 10:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Connection closed by 91.92.40.49 port 54572 [preauth]
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32451]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32452]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32449]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32525]: Successful su for rubyman by root
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32525]: + ??? root:rubyman
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596015 of user rubyman.
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32525]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596015.
Jun 26 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Invalid user vianmj from 4.184.246.230
Jun 26 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: input_userauth_request: invalid user vianmj [preauth]
Jun 26 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: Invalid user testuser from 91.92.40.49
Jun 26 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: input_userauth_request: invalid user testuser [preauth]
Jun 26 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Failed password for invalid user vianmj from 4.184.246.230 port 38514 ssh2
Jun 26 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Received disconnect from 4.184.246.230 port 38514:11: Bye Bye [preauth]
Jun 26 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Disconnected from 4.184.246.230 port 38514 [preauth]
Jun 26 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user root
Jun 26 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32450]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: Failed password for invalid user leo from 91.92.40.49 port 47708 ssh2
Jun 26 10:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: Failed password for invalid user testuser from 91.92.40.49 port 47770 ssh2
Jun 26 10:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 10:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: Connection closed by 91.92.40.49 port 47708 [preauth]
Jun 26 10:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Failed password for root from 43.159.51.254 port 51886 ssh2
Jun 26 10:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Received disconnect from 43.159.51.254 port 51886:11: Bye Bye [preauth]
Jun 26 10:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32752]: Disconnected from 43.159.51.254 port 51886 [preauth]
Jun 26 10:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 10:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: Connection closed by 91.92.40.49 port 47770 [preauth]
Jun 26 10:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Failed password for root from 38.93.206.2 port 41706 ssh2
Jun 26 10:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Connection closed by 38.93.206.2 port 41706 [preauth]
Jun 26 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31479]: pam_unix(cron:session): session closed for user root
Jun 26 10:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: Failed password for root from 91.92.40.49 port 37560 ssh2
Jun 26 10:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: Invalid user bob from 91.92.40.49
Jun 26 10:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: input_userauth_request: invalid user bob [preauth]
Jun 26 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: Connection closed by 91.92.40.49 port 37560 [preauth]
Jun 26 10:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Invalid user ubuntu from 91.92.40.49
Jun 26 10:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 10:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: Failed password for invalid user bob from 91.92.40.49 port 43270 ssh2
Jun 26 10:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Failed password for invalid user ubuntu from 91.92.40.49 port 53960 ssh2
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[428]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[429]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[426]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32428]: Connection closed by 91.92.40.49 port 43270 [preauth]
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: Successful su for rubyman by root
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: + ??? root:rubyman
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596019 of user rubyman.
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596019.
Jun 26 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Invalid user dany from 91.92.40.49
Jun 26 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: input_userauth_request: invalid user dany [preauth]
Jun 26 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Connection closed by 91.92.40.49 port 53960 [preauth]
Jun 26 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30118]: pam_unix(cron:session): session closed for user root
Jun 26 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[427]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Failed password for invalid user dany from 91.92.40.49 port 41956 ssh2
Jun 26 10:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Connection closed by 91.92.40.49 port 41956 [preauth]
Jun 26 10:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: Invalid user vss from 91.92.40.49
Jun 26 10:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: input_userauth_request: invalid user vss [preauth]
Jun 26 10:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: Failed password for invalid user vss from 91.92.40.49 port 47970 ssh2
Jun 26 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32002]: pam_unix(cron:session): session closed for user root
Jun 26 10:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: Invalid user toto from 91.92.40.49
Jun 26 10:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: input_userauth_request: invalid user toto [preauth]
Jun 26 10:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: Connection closed by 91.92.40.49 port 47970 [preauth]
Jun 26 10:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: Failed password for invalid user toto from 91.92.40.49 port 55268 ssh2
Jun 26 10:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Invalid user farmacia from 91.92.40.49
Jun 26 10:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: input_userauth_request: invalid user farmacia [preauth]
Jun 26 10:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: Connection closed by 91.92.40.49 port 55268 [preauth]
Jun 26 10:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Failed password for invalid user farmacia from 91.92.40.49 port 43498 ssh2
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[980]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[978]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1059]: Successful su for rubyman by root
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1059]: + ??? root:rubyman
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596023 of user rubyman.
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1059]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596023.
Jun 26 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30554]: pam_unix(cron:session): session closed for user root
Jun 26 10:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[979]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Connection closed by 91.92.40.49 port 43498 [preauth]
Jun 26 10:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Invalid user anna from 91.92.40.49
Jun 26 10:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: input_userauth_request: invalid user anna [preauth]
Jun 26 10:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Failed password for invalid user anna from 91.92.40.49 port 54648 ssh2
Jun 26 10:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Connection closed by 91.92.40.49 port 54648 [preauth]
Jun 26 10:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[968]: Invalid user user from 91.92.40.49
Jun 26 10:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[968]: input_userauth_request: invalid user user [preauth]
Jun 26 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: User john from 43.159.51.254 not allowed because not listed in AllowUsers
Jun 26 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: input_userauth_request: invalid user john [preauth]
Jun 26 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=john
Jun 26 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32452]: pam_unix(cron:session): session closed for user root
Jun 26 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Failed password for invalid user john from 43.159.51.254 port 34770 ssh2
Jun 26 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Received disconnect from 43.159.51.254 port 34770:11: Bye Bye [preauth]
Jun 26 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Disconnected from 43.159.51.254 port 34770 [preauth]
Jun 26 10:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[968]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[968]: Failed password for invalid user user from 91.92.40.49 port 48982 ssh2
Jun 26 10:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Invalid user sally from 91.92.40.49
Jun 26 10:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: input_userauth_request: invalid user sally [preauth]
Jun 26 10:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[968]: Connection closed by 91.92.40.49 port 48982 [preauth]
Jun 26 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Invalid user anderson from 91.92.40.49
Jun 26 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: input_userauth_request: invalid user anderson [preauth]
Jun 26 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1553]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1636]: Successful su for rubyman by root
Jun 26 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1636]: + ??? root:rubyman
Jun 26 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596027 of user rubyman.
Jun 26 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1636]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596027.
Jun 26 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31078]: pam_unix(cron:session): session closed for user root
Jun 26 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Failed password for invalid user sally from 91.92.40.49 port 28808 ssh2
Jun 26 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1554]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Failed password for invalid user anderson from 91.92.40.49 port 28842 ssh2
Jun 26 10:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Connection closed by 91.92.40.49 port 28808 [preauth]
Jun 26 10:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Invalid user app from 91.92.40.49
Jun 26 10:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: input_userauth_request: invalid user app [preauth]
Jun 26 10:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Connection closed by 91.92.40.49 port 28842 [preauth]
Jun 26 10:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Failed password for invalid user app from 91.92.40.49 port 26396 ssh2
Jun 26 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[429]: pam_unix(cron:session): session closed for user root
Jun 26 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Invalid user deploy from 91.92.40.49
Jun 26 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: input_userauth_request: invalid user deploy [preauth]
Jun 26 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Connection closed by 91.92.40.49 port 26396 [preauth]
Jun 26 10:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Failed password for invalid user deploy from 91.92.40.49 port 29994 ssh2
Jun 26 10:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Invalid user rosa from 91.92.40.49
Jun 26 10:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: input_userauth_request: invalid user rosa [preauth]
Jun 26 10:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Connection closed by 91.92.40.49 port 29994 [preauth]
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session closed for user root
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2047]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2126]: Successful su for rubyman by root
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2126]: + ??? root:rubyman
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596031 of user rubyman.
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2126]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596031.
Jun 26 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: Invalid user user from 91.92.40.49
Jun 26 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: input_userauth_request: invalid user user [preauth]
Jun 26 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2050]: pam_unix(cron:session): session closed for user root
Jun 26 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31478]: pam_unix(cron:session): session closed for user root
Jun 26 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Failed password for invalid user rosa from 91.92.40.49 port 49482 ssh2
Jun 26 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2048]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: Failed password for invalid user user from 91.92.40.49 port 35064 ssh2
Jun 26 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Connection closed by 91.92.40.49 port 49482 [preauth]
Jun 26 10:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1965]: User mysql from 91.92.40.49 not allowed because not listed in AllowUsers
Jun 26 10:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1965]: input_userauth_request: invalid user mysql [preauth]
Jun 26 10:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: Connection closed by 91.92.40.49 port 35064 [preauth]
Jun 26 10:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[981]: pam_unix(cron:session): session closed for user root
Jun 26 10:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=mysql
Jun 26 10:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 10:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1965]: Failed password for invalid user mysql from 91.92.40.49 port 19540 ssh2
Jun 26 10:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2485]: Failed password for root from 103.27.238.116 port 37410 ssh2
Jun 26 10:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2485]: Connection closed by 103.27.238.116 port 37410 [preauth]
Jun 26 10:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Invalid user sam from 91.92.40.49
Jun 26 10:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: input_userauth_request: invalid user sam [preauth]
Jun 26 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2521]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: Successful su for rubyman by root
Jun 26 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: + ??? root:rubyman
Jun 26 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596037 of user rubyman.
Jun 26 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596037.
Jun 26 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1965]: Connection closed by 91.92.40.49 port 19540 [preauth]
Jun 26 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32001]: pam_unix(cron:session): session closed for user root
Jun 26 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2522]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Invalid user postgres from 91.92.40.49
Jun 26 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: input_userauth_request: invalid user postgres [preauth]
Jun 26 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: Failed password for root from 103.15.222.183 port 43810 ssh2
Jun 26 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: Connection closed by 103.15.222.183 port 43810 [preauth]
Jun 26 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Invalid user admin from 139.19.117.131
Jun 26 10:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: input_userauth_request: invalid user admin [preauth]
Jun 26 10:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Failed password for invalid user sam from 91.92.40.49 port 63062 ssh2
Jun 26 10:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Connection closed by 139.19.117.131 port 59814 [preauth]
Jun 26 10:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Failed password for invalid user postgres from 91.92.40.49 port 63106 ssh2
Jun 26 10:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2412]: Invalid user fa from 91.92.40.49
Jun 26 10:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2412]: input_userauth_request: invalid user fa [preauth]
Jun 26 10:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Connection closed by 91.92.40.49 port 63062 [preauth]
Jun 26 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1557]: pam_unix(cron:session): session closed for user root
Jun 26 10:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Connection closed by 91.92.40.49 port 63106 [preauth]
Jun 26 10:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2412]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2412]: Failed password for invalid user fa from 91.92.40.49 port 44742 ssh2
Jun 26 10:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: Invalid user jeff from 91.92.40.49
Jun 26 10:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: input_userauth_request: invalid user jeff [preauth]
Jun 26 10:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Invalid user aidan from 152.53.0.56
Jun 26 10:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: input_userauth_request: invalid user aidan [preauth]
Jun 26 10:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Failed password for invalid user aidan from 152.53.0.56 port 39948 ssh2
Jun 26 10:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Received disconnect from 152.53.0.56 port 39948:11: Bye Bye [preauth]
Jun 26 10:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Disconnected from 152.53.0.56 port 39948 [preauth]
Jun 26 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2960]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3019]: Successful su for rubyman by root
Jun 26 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3019]: + ??? root:rubyman
Jun 26 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596043 of user rubyman.
Jun 26 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3019]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596043.
Jun 26 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32451]: pam_unix(cron:session): session closed for user root
Jun 26 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2412]: Connection closed by 91.92.40.49 port 44742 [preauth]
Jun 26 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2959]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: Failed password for invalid user jeff from 91.92.40.49 port 17846 ssh2
Jun 26 10:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: Invalid user www from 91.92.40.49
Jun 26 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: input_userauth_request: invalid user www [preauth]
Jun 26 10:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: Connection closed by 91.92.40.49 port 17846 [preauth]
Jun 26 10:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: Failed password for root from 91.92.40.49 port 27098 ssh2
Jun 26 10:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session closed for user root
Jun 26 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: Failed password for invalid user www from 91.92.40.49 port 27136 ssh2
Jun 26 10:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: Connection closed by 91.92.40.49 port 27098 [preauth]
Jun 26 10:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: Connection closed by 91.92.40.49 port 27136 [preauth]
Jun 26 10:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: Invalid user runner from 91.92.40.49
Jun 26 10:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: input_userauth_request: invalid user runner [preauth]
Jun 26 10:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: Invalid user rancher from 43.160.249.98
Jun 26 10:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: input_userauth_request: invalid user rancher [preauth]
Jun 26 10:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 10:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: Failed password for invalid user rancher from 43.160.249.98 port 53060 ssh2
Jun 26 10:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: Received disconnect from 43.160.249.98 port 53060:11: Bye Bye [preauth]
Jun 26 10:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: Disconnected from 43.160.249.98 port 53060 [preauth]
Jun 26 10:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Invalid user app from 91.92.40.49
Jun 26 10:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: input_userauth_request: invalid user app [preauth]
Jun 26 10:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3358]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: Failed password for invalid user runner from 91.92.40.49 port 53338 ssh2
Jun 26 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3416]: Successful su for rubyman by root
Jun 26 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3416]: + ??? root:rubyman
Jun 26 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596045 of user rubyman.
Jun 26 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3416]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596045.
Jun 26 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[428]: pam_unix(cron:session): session closed for user root
Jun 26 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3359]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: Invalid user deploy from 91.92.40.49
Jun 26 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: input_userauth_request: invalid user deploy [preauth]
Jun 26 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 10:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Failed password for root from 193.37.70.224 port 33734 ssh2
Jun 26 10:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Connection closed by 193.37.70.224 port 33734 [preauth]
Jun 26 10:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: Connection closed by 91.92.40.49 port 53338 [preauth]
Jun 26 10:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for invalid user app from 91.92.40.49 port 33044 ssh2
Jun 26 10:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: Failed password for invalid user deploy from 91.92.40.49 port 45662 ssh2
Jun 26 10:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Failed password for root from 4.184.246.230 port 34338 ssh2
Jun 26 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2524]: pam_unix(cron:session): session closed for user root
Jun 26 10:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Received disconnect from 4.184.246.230 port 34338:11: Bye Bye [preauth]
Jun 26 10:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Disconnected from 4.184.246.230 port 34338 [preauth]
Jun 26 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Connection closed by 91.92.40.49 port 33044 [preauth]
Jun 26 10:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Invalid user deepak from 152.53.0.56
Jun 26 10:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: input_userauth_request: invalid user deepak [preauth]
Jun 26 10:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Failed password for invalid user deepak from 152.53.0.56 port 39756 ssh2
Jun 26 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Received disconnect from 152.53.0.56 port 39756:11: Bye Bye [preauth]
Jun 26 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Disconnected from 152.53.0.56 port 39756 [preauth]
Jun 26 10:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3873]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3870]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3993]: Successful su for rubyman by root
Jun 26 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3993]: + ??? root:rubyman
Jun 26 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3993]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596050 of user rubyman.
Jun 26 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3993]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596050.
Jun 26 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[980]: pam_unix(cron:session): session closed for user root
Jun 26 10:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3871]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Failed password for root from 91.92.40.49 port 41058 ssh2
Jun 26 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: Failed password for root from 91.92.40.49 port 30982 ssh2
Jun 26 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Failed password for root from 91.92.40.49 port 31052 ssh2
Jun 26 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Connection closed by 91.92.40.49 port 41058 [preauth]
Jun 26 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: Invalid user ts3 from 91.92.40.49
Jun 26 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: input_userauth_request: invalid user ts3 [preauth]
Jun 26 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2961]: pam_unix(cron:session): session closed for user root
Jun 26 10:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3324]: Connection closed by 91.92.40.49 port 30982 [preauth]
Jun 26 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4337]: Failed password for root from 62.133.62.83 port 34152 ssh2
Jun 26 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4337]: Connection closed by 62.133.62.83 port 34152 [preauth]
Jun 26 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Connection closed by 91.92.40.49 port 31052 [preauth]
Jun 26 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3347]: Failed password for invalid user ts3 from 91.92.40.49 port 31076 ssh2
Jun 26 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Failed password for root from 91.92.40.49 port 22436 ssh2
Jun 26 10:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Invalid user developer1 from 91.92.40.49
Jun 26 10:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: input_userauth_request: invalid user developer1 [preauth]
Jun 26 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4383]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4384]: pam_unix(cron:session): session closed for user root
Jun 26 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4379]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4453]: Successful su for rubyman by root
Jun 26 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4453]: + ??? root:rubyman
Jun 26 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596056 of user rubyman.
Jun 26 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4453]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596056.
Jun 26 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4381]: pam_unix(cron:session): session closed for user root
Jun 26 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1555]: pam_unix(cron:session): session closed for user root
Jun 26 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4380]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Invalid user chris from 4.184.246.230
Jun 26 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: input_userauth_request: invalid user chris [preauth]
Jun 26 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Failed password for invalid user chris from 4.184.246.230 port 57270 ssh2
Jun 26 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Received disconnect from 4.184.246.230 port 57270:11: Bye Bye [preauth]
Jun 26 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Disconnected from 4.184.246.230 port 57270 [preauth]
Jun 26 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Connection closed by 91.92.40.49 port 22436 [preauth]
Jun 26 10:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Invalid user postgres from 43.160.249.98
Jun 26 10:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: input_userauth_request: invalid user postgres [preauth]
Jun 26 10:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Failed password for invalid user postgres from 43.160.249.98 port 56190 ssh2
Jun 26 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Received disconnect from 43.160.249.98 port 56190:11: Bye Bye [preauth]
Jun 26 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Disconnected from 43.160.249.98 port 56190 [preauth]
Jun 26 10:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Failed password for invalid user developer1 from 91.92.40.49 port 43814 ssh2
Jun 26 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Failed password for root from 91.92.40.49 port 43870 ssh2
Jun 26 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Invalid user vagrant from 91.92.40.49
Jun 26 10:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: input_userauth_request: invalid user vagrant [preauth]
Jun 26 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3361]: pam_unix(cron:session): session closed for user root
Jun 26 10:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Connection closed by 91.92.40.49 port 43814 [preauth]
Jun 26 10:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4842]: Connection closed by 194.59.206.2 port 16672 [preauth]
Jun 26 10:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 10:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4840]: Failed password for root from 152.53.0.56 port 33808 ssh2
Jun 26 10:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4840]: Received disconnect from 152.53.0.56 port 33808:11: Bye Bye [preauth]
Jun 26 10:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4840]: Disconnected from 152.53.0.56 port 33808 [preauth]
Jun 26 10:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Connection closed by 91.92.40.49 port 43870 [preauth]
Jun 26 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Failed password for invalid user vagrant from 91.92.40.49 port 30626 ssh2
Jun 26 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4949]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4947]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5017]: Successful su for rubyman by root
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5017]: + ??? root:rubyman
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596060 of user rubyman.
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5017]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596060.
Jun 26 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session closed for user root
Jun 26 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4948]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Invalid user sss from 91.92.40.49
Jun 26 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: input_userauth_request: invalid user sss [preauth]
Jun 26 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Connection closed by 91.92.40.49 port 30626 [preauth]
Jun 26 10:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: Failed password for root from 91.92.40.49 port 55778 ssh2
Jun 26 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Failed password for invalid user sss from 91.92.40.49 port 55830 ssh2
Jun 26 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Invalid user test from 91.92.40.49
Jun 26 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: input_userauth_request: invalid user test [preauth]
Jun 26 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: Connection closed by 91.92.40.49 port 55778 [preauth]
Jun 26 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: Invalid user runner from 91.92.40.49
Jun 26 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: input_userauth_request: invalid user runner [preauth]
Jun 26 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Connection closed by 91.92.40.49 port 55830 [preauth]
Jun 26 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3873]: pam_unix(cron:session): session closed for user root
Jun 26 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Failed password for invalid user test from 91.92.40.49 port 50028 ssh2
Jun 26 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: Failed password for invalid user runner from 91.92.40.49 port 50074 ssh2
Jun 26 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Invalid user adminuser from 91.92.40.49
Jun 26 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: input_userauth_request: invalid user adminuser [preauth]
Jun 26 10:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Failed password for root from 4.184.246.230 port 46526 ssh2
Jun 26 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Received disconnect from 4.184.246.230 port 46526:11: Bye Bye [preauth]
Jun 26 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Disconnected from 4.184.246.230 port 46526 [preauth]
Jun 26 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Connection closed by 91.92.40.49 port 50028 [preauth]
Jun 26 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: Connection closed by 91.92.40.49 port 50074 [preauth]
Jun 26 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5366]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Failed password for invalid user adminuser from 91.92.40.49 port 22664 ssh2
Jun 26 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5431]: Successful su for rubyman by root
Jun 26 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5431]: + ??? root:rubyman
Jun 26 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596065 of user rubyman.
Jun 26 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5431]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596065.
Jun 26 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2523]: pam_unix(cron:session): session closed for user root
Jun 26 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5371]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Connection closed by 91.92.40.49 port 22664 [preauth]
Jun 26 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Invalid user purple from 152.53.0.56
Jun 26 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: input_userauth_request: invalid user purple [preauth]
Jun 26 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Failed password for invalid user purple from 152.53.0.56 port 41380 ssh2
Jun 26 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Received disconnect from 152.53.0.56 port 41380:11: Bye Bye [preauth]
Jun 26 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Disconnected from 152.53.0.56 port 41380 [preauth]
Jun 26 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: Failed password for root from 43.160.249.98 port 42332 ssh2
Jun 26 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: Received disconnect from 43.160.249.98 port 42332:11: Bye Bye [preauth]
Jun 26 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5682]: Disconnected from 43.160.249.98 port 42332 [preauth]
Jun 26 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4383]: pam_unix(cron:session): session closed for user root
Jun 26 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Invalid user andrew from 91.92.40.49
Jun 26 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: input_userauth_request: invalid user andrew [preauth]
Jun 26 10:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5262]: Failed password for root from 91.92.40.49 port 28262 ssh2
Jun 26 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: Invalid user bot from 91.92.40.49
Jun 26 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: input_userauth_request: invalid user bot [preauth]
Jun 26 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for invalid user andrew from 91.92.40.49 port 28320 ssh2
Jun 26 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5262]: Connection closed by 91.92.40.49 port 28262 [preauth]
Jun 26 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: Failed password for invalid user bot from 91.92.40.49 port 45216 ssh2
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: Invalid user devops from 91.92.40.49
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: input_userauth_request: invalid user devops [preauth]
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Connection closed by 91.92.40.49 port 28320 [preauth]
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5768]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5831]: Successful su for rubyman by root
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5831]: + ??? root:rubyman
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596067 of user rubyman.
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5831]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596067.
Jun 26 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: Invalid user daniel from 91.92.40.49
Jun 26 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: input_userauth_request: invalid user daniel [preauth]
Jun 26 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: Connection closed by 91.92.40.49 port 45216 [preauth]
Jun 26 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2960]: pam_unix(cron:session): session closed for user root
Jun 26 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5769]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: Failed password for invalid user devops from 91.92.40.49 port 12942 ssh2
Jun 26 10:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: Connection closed by 91.92.40.49 port 12942 [preauth]
Jun 26 10:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: Failed password for invalid user daniel from 91.92.40.49 port 39468 ssh2
Jun 26 10:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: Connection closed by 91.92.40.49 port 39468 [preauth]
Jun 26 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Failed password for root from 91.92.40.49 port 11764 ssh2
Jun 26 10:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6078]: Invalid user monitor from 4.184.246.230
Jun 26 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6078]: input_userauth_request: invalid user monitor [preauth]
Jun 26 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6078]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 10:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Connection closed by 91.92.40.49 port 11764 [preauth]
Jun 26 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4950]: pam_unix(cron:session): session closed for user root
Jun 26 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6078]: Failed password for invalid user monitor from 4.184.246.230 port 56718 ssh2
Jun 26 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6078]: Received disconnect from 4.184.246.230 port 56718:11: Bye Bye [preauth]
Jun 26 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6078]: Disconnected from 4.184.246.230 port 56718 [preauth]
Jun 26 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6047]: Failed password for root from 91.92.40.49 port 19942 ssh2
Jun 26 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6047]: Connection closed by 91.92.40.49 port 19942 [preauth]
Jun 26 10:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6237]: Successful su for rubyman by root
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6237]: + ??? root:rubyman
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596071 of user rubyman.
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6237]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596071.
Jun 26 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3360]: pam_unix(cron:session): session closed for user root
Jun 26 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Failed password for root from 152.53.0.56 port 38950 ssh2
Jun 26 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Received disconnect from 152.53.0.56 port 38950:11: Bye Bye [preauth]
Jun 26 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Disconnected from 152.53.0.56 port 38950 [preauth]
Jun 26 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: Invalid user user from 91.92.40.49
Jun 26 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: input_userauth_request: invalid user user [preauth]
Jun 26 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: Failed password for invalid user user from 91.92.40.49 port 51462 ssh2
Jun 26 10:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Failed password for root from 91.92.40.49 port 60602 ssh2
Jun 26 10:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: Connection closed by 91.92.40.49 port 51462 [preauth]
Jun 26 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: Did not receive identification string from 91.92.40.49
Jun 26 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Connection closed by 91.92.40.49 port 60602 [preauth]
Jun 26 10:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5373]: pam_unix(cron:session): session closed for user root
Jun 26 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Invalid user claude from 91.92.40.49
Jun 26 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: input_userauth_request: invalid user claude [preauth]
Jun 26 10:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Failed password for invalid user claude from 91.92.40.49 port 51046 ssh2
Jun 26 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Invalid user trial from 43.160.249.98
Jun 26 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: input_userauth_request: invalid user trial [preauth]
Jun 26 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 10:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Failed password for invalid user trial from 43.160.249.98 port 37704 ssh2
Jun 26 10:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Received disconnect from 43.160.249.98 port 37704:11: Bye Bye [preauth]
Jun 26 10:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Disconnected from 43.160.249.98 port 37704 [preauth]
Jun 26 10:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Connection closed by 91.92.40.49 port 51046 [preauth]
Jun 26 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session closed for user root
Jun 26 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6568]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6640]: Successful su for rubyman by root
Jun 26 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6640]: + ??? root:rubyman
Jun 26 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596077 of user rubyman.
Jun 26 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6640]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596077.
Jun 26 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session closed for user root
Jun 26 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3872]: pam_unix(cron:session): session closed for user root
Jun 26 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: Invalid user gold from 91.92.40.49
Jun 26 10:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: input_userauth_request: invalid user gold [preauth]
Jun 26 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: Failed password for invalid user gold from 91.92.40.49 port 41690 ssh2
Jun 26 10:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 10:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: Invalid user ftpuser from 91.92.40.49
Jun 26 10:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 10:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 10:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: Failed password for root from 194.113.233.25 port 58686 ssh2
Jun 26 10:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: Connection closed by 194.113.233.25 port 58686 [preauth]
Jun 26 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Failed password for root from 4.184.246.230 port 56914 ssh2
Jun 26 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Received disconnect from 4.184.246.230 port 56914:11: Bye Bye [preauth]
Jun 26 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Disconnected from 4.184.246.230 port 56914 [preauth]
Jun 26 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6524]: Connection closed by 91.92.40.49 port 41690 [preauth]
Jun 26 10:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session closed for user root
Jun 26 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: Failed password for invalid user ftpuser from 91.92.40.49 port 59944 ssh2
Jun 26 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6557]: Connection closed by 91.92.40.49 port 59944 [preauth]
Jun 26 10:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Failed password for root from 152.53.0.56 port 56118 ssh2
Jun 26 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Received disconnect from 152.53.0.56 port 56118:11: Bye Bye [preauth]
Jun 26 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Disconnected from 152.53.0.56 port 56118 [preauth]
Jun 26 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7120]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7118]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7189]: Successful su for rubyman by root
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7189]: + ??? root:rubyman
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596082 of user rubyman.
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7189]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596082.
Jun 26 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4382]: pam_unix(cron:session): session closed for user root
Jun 26 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7119]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: Invalid user ranga from 91.92.40.49
Jun 26 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: input_userauth_request: invalid user ranga [preauth]
Jun 26 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Invalid user bob from 91.92.40.49
Jun 26 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: input_userauth_request: invalid user bob [preauth]
Jun 26 10:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: Failed password for invalid user ranga from 91.92.40.49 port 24742 ssh2
Jun 26 10:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Failed password for invalid user bob from 91.92.40.49 port 24696 ssh2
Jun 26 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7001]: Invalid user wangchen from 91.92.40.49
Jun 26 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7001]: input_userauth_request: invalid user wangchen [preauth]
Jun 26 10:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: Connection closed by 91.92.40.49 port 24742 [preauth]
Jun 26 10:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Connection closed by 91.92.40.49 port 24696 [preauth]
Jun 26 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session closed for user root
Jun 26 10:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7001]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7001]: Failed password for invalid user wangchen from 91.92.40.49 port 38538 ssh2
Jun 26 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: Invalid user david from 91.92.40.49
Jun 26 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: input_userauth_request: invalid user david [preauth]
Jun 26 10:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7001]: Connection closed by 91.92.40.49 port 38538 [preauth]
Jun 26 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: Failed password for invalid user david from 91.92.40.49 port 47624 ssh2
Jun 26 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: Invalid user tutor from 43.160.249.98
Jun 26 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: input_userauth_request: invalid user tutor [preauth]
Jun 26 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7531]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7607]: Successful su for rubyman by root
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7607]: + ??? root:rubyman
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596085 of user rubyman.
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7607]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596085.
Jun 26 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: Failed password for invalid user tutor from 43.160.249.98 port 45660 ssh2
Jun 26 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: Received disconnect from 43.160.249.98 port 45660:11: Bye Bye [preauth]
Jun 26 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7528]: Disconnected from 43.160.249.98 port 45660 [preauth]
Jun 26 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7115]: Connection closed by 91.92.40.49 port 47624 [preauth]
Jun 26 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Invalid user kevin from 91.92.40.49
Jun 26 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: input_userauth_request: invalid user kevin [preauth]
Jun 26 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4949]: pam_unix(cron:session): session closed for user root
Jun 26 10:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7532]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Failed password for root from 91.92.40.49 port 31434 ssh2
Jun 26 10:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Invalid user deployer from 91.92.40.49
Jun 26 10:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: input_userauth_request: invalid user deployer [preauth]
Jun 26 10:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Connection closed by 91.92.40.49 port 31434 [preauth]
Jun 26 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Failed password for invalid user kevin from 91.92.40.49 port 31458 ssh2
Jun 26 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Failed password for invalid user deployer from 91.92.40.49 port 26826 ssh2
Jun 26 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Failed password for root from 4.184.246.230 port 58676 ssh2
Jun 26 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Received disconnect from 4.184.246.230 port 58676:11: Bye Bye [preauth]
Jun 26 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Disconnected from 4.184.246.230 port 58676 [preauth]
Jun 26 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Connection closed by 91.92.40.49 port 31458 [preauth]
Jun 26 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Connection closed by 91.92.40.49 port 26826 [preauth]
Jun 26 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6573]: pam_unix(cron:session): session closed for user root
Jun 26 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Failed password for root from 152.53.0.56 port 57734 ssh2
Jun 26 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Received disconnect from 152.53.0.56 port 57734:11: Bye Bye [preauth]
Jun 26 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Disconnected from 152.53.0.56 port 57734 [preauth]
Jun 26 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7964]: Failed password for root from 109.237.96.109 port 38104 ssh2
Jun 26 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7964]: Connection closed by 109.237.96.109 port 38104 [preauth]
Jun 26 10:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: Failed password for root from 91.92.40.49 port 62626 ssh2
Jun 26 10:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7880]: Connection closed by 91.92.40.49 port 62626 [preauth]
Jun 26 10:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8097]: Successful su for rubyman by root
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8097]: + ??? root:rubyman
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596089 of user rubyman.
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8097]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596089.
Jun 26 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5372]: pam_unix(cron:session): session closed for user root
Jun 26 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: Failed password for root from 91.92.40.49 port 28462 ssh2
Jun 26 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: Invalid user ubuntu from 91.92.40.49
Jun 26 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: Connection closed by 91.92.40.49 port 28462 [preauth]
Jun 26 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session closed for user root
Jun 26 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: Invalid user manoj from 91.92.40.49
Jun 26 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: input_userauth_request: invalid user manoj [preauth]
Jun 26 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: Failed password for invalid user ubuntu from 91.92.40.49 port 51330 ssh2
Jun 26 10:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Invalid user webadm from 91.92.40.49
Jun 26 10:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: input_userauth_request: invalid user webadm [preauth]
Jun 26 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8005]: Connection closed by 91.92.40.49 port 51330 [preauth]
Jun 26 10:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: Failed password for invalid user manoj from 91.92.40.49 port 51354 ssh2
Jun 26 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Failed password for invalid user webadm from 91.92.40.49 port 48940 ssh2
Jun 26 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8441]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8559]: Successful su for rubyman by root
Jun 26 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8559]: + ??? root:rubyman
Jun 26 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596094 of user rubyman.
Jun 26 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8559]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596094.
Jun 26 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: Invalid user odoo17 from 91.92.40.49
Jun 26 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: input_userauth_request: invalid user odoo17 [preauth]
Jun 26 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session closed for user root
Jun 26 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: Connection closed by 91.92.40.49 port 51354 [preauth]
Jun 26 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session closed for user root
Jun 26 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8439]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: Failed password for root from 43.160.249.98 port 52848 ssh2
Jun 26 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: Received disconnect from 43.160.249.98 port 52848:11: Bye Bye [preauth]
Jun 26 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: Disconnected from 43.160.249.98 port 52848 [preauth]
Jun 26 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Connection closed by 91.92.40.49 port 48940 [preauth]
Jun 26 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Invalid user vianmj from 152.53.0.56
Jun 26 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: input_userauth_request: invalid user vianmj [preauth]
Jun 26 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: Invalid user bkp from 4.184.246.230
Jun 26 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: input_userauth_request: invalid user bkp [preauth]
Jun 26 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Failed password for invalid user vianmj from 152.53.0.56 port 56734 ssh2
Jun 26 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Received disconnect from 152.53.0.56 port 56734:11: Bye Bye [preauth]
Jun 26 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Disconnected from 152.53.0.56 port 56734 [preauth]
Jun 26 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: Failed password for invalid user bkp from 4.184.246.230 port 43458 ssh2
Jun 26 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: Received disconnect from 4.184.246.230 port 43458:11: Bye Bye [preauth]
Jun 26 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8795]: Disconnected from 4.184.246.230 port 43458 [preauth]
Jun 26 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: Failed password for invalid user odoo17 from 91.92.40.49 port 58522 ssh2
Jun 26 10:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7534]: pam_unix(cron:session): session closed for user root
Jun 26 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: Connection closed by 91.92.40.49 port 58522 [preauth]
Jun 26 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: Invalid user ts3server from 91.92.40.49
Jun 26 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: input_userauth_request: invalid user ts3server [preauth]
Jun 26 10:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Invalid user gns3 from 91.92.40.49
Jun 26 10:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: input_userauth_request: invalid user gns3 [preauth]
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8938]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8940]: pam_unix(cron:session): session closed for user root
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8935]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9010]: Successful su for rubyman by root
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9010]: + ??? root:rubyman
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596101 of user rubyman.
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9010]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596101.
Jun 26 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: Failed password for invalid user ts3server from 91.92.40.49 port 28374 ssh2
Jun 26 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8937]: pam_unix(cron:session): session closed for user root
Jun 26 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6177]: pam_unix(cron:session): session closed for user root
Jun 26 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Invalid user devops from 91.92.40.49
Jun 26 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: input_userauth_request: invalid user devops [preauth]
Jun 26 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8936]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9200]: Failed password for root from 87.251.79.125 port 44804 ssh2
Jun 26 10:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9200]: Connection closed by 87.251.79.125 port 44804 [preauth]
Jun 26 10:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for invalid user gns3 from 91.92.40.49 port 28398 ssh2
Jun 26 10:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: Connection closed by 91.92.40.49 port 28374 [preauth]
Jun 26 10:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Failed password for invalid user devops from 91.92.40.49 port 63534 ssh2
Jun 26 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Invalid user deployer from 91.92.40.49
Jun 26 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: input_userauth_request: invalid user deployer [preauth]
Jun 26 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Connection closed by 91.92.40.49 port 28398 [preauth]
Jun 26 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Connection closed by 91.92.40.49 port 63534 [preauth]
Jun 26 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Failed password for invalid user deployer from 91.92.40.49 port 35380 ssh2
Jun 26 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session closed for user root
Jun 26 10:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Invalid user ubuntu from 91.92.40.49
Jun 26 10:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 10:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Connection closed by 91.92.40.49 port 35380 [preauth]
Jun 26 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Failed password for invalid user ubuntu from 91.92.40.49 port 10340 ssh2
Jun 26 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: Invalid user mcserver from 91.92.40.49
Jun 26 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: input_userauth_request: invalid user mcserver [preauth]
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9442]: Successful su for rubyman by root
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9442]: + ??? root:rubyman
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596106 of user rubyman.
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9442]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596106.
Jun 26 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session closed for user root
Jun 26 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9376]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Invalid user postgres from 152.53.0.56
Jun 26 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: input_userauth_request: invalid user postgres [preauth]
Jun 26 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Connection closed by 91.92.40.49 port 10340 [preauth]
Jun 26 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Failed password for invalid user postgres from 152.53.0.56 port 49436 ssh2
Jun 26 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Received disconnect from 152.53.0.56 port 49436:11: Bye Bye [preauth]
Jun 26 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Disconnected from 152.53.0.56 port 49436 [preauth]
Jun 26 10:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 10:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: Failed password for root from 4.184.246.230 port 50288 ssh2
Jun 26 10:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: Received disconnect from 4.184.246.230 port 50288:11: Bye Bye [preauth]
Jun 26 10:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: Disconnected from 4.184.246.230 port 50288 [preauth]
Jun 26 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: Failed password for invalid user mcserver from 91.92.40.49 port 60094 ssh2
Jun 26 10:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Invalid user steam from 91.92.40.49
Jun 26 10:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: input_userauth_request: invalid user steam [preauth]
Jun 26 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: Invalid user ajadmin from 43.160.249.98
Jun 26 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: input_userauth_request: invalid user ajadmin [preauth]
Jun 26 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 10:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: Failed password for invalid user ajadmin from 43.160.249.98 port 41072 ssh2
Jun 26 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: Received disconnect from 43.160.249.98 port 41072:11: Bye Bye [preauth]
Jun 26 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9681]: Disconnected from 43.160.249.98 port 41072 [preauth]
Jun 26 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9223]: Connection closed by 91.92.40.49 port 60094 [preauth]
Jun 26 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8441]: pam_unix(cron:session): session closed for user root
Jun 26 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for invalid user steam from 91.92.40.49 port 31408 ssh2
Jun 26 10:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Connection closed by 91.92.40.49 port 31408 [preauth]
Jun 26 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9788]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9854]: Successful su for rubyman by root
Jun 26 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9854]: + ??? root:rubyman
Jun 26 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596109 of user rubyman.
Jun 26 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9854]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596109.
Jun 26 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9348]: Failed password for root from 91.92.40.49 port 61996 ssh2
Jun 26 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7120]: pam_unix(cron:session): session closed for user root
Jun 26 10:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9789]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Failed password for root from 91.92.40.49 port 42926 ssh2
Jun 26 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Invalid user jenny from 141.98.83.240
Jun 26 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: input_userauth_request: invalid user jenny [preauth]
Jun 26 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Failed password for invalid user jenny from 141.98.83.240 port 38688 ssh2
Jun 26 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Invalid user rancher from 91.92.40.49
Jun 26 10:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: input_userauth_request: invalid user rancher [preauth]
Jun 26 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Failed password for invalid user jenny from 141.98.83.240 port 38688 ssh2
Jun 26 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Failed password for invalid user jenny from 141.98.83.240 port 38688 ssh2
Jun 26 10:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Connection closed by 141.98.83.240 port 38688 [preauth]
Jun 26 10:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 10:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9348]: Connection closed by 91.92.40.49 port 61996 [preauth]
Jun 26 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8939]: pam_unix(cron:session): session closed for user root
Jun 26 10:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Connection closed by 91.92.40.49 port 42926 [preauth]
Jun 26 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Failed password for invalid user rancher from 91.92.40.49 port 59816 ssh2
Jun 26 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Invalid user aj from 152.53.0.56
Jun 26 10:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: input_userauth_request: invalid user aj [preauth]
Jun 26 10:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: Invalid user user1 from 91.92.40.49
Jun 26 10:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: input_userauth_request: invalid user user1 [preauth]
Jun 26 10:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Failed password for invalid user aj from 152.53.0.56 port 46920 ssh2
Jun 26 10:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Received disconnect from 152.53.0.56 port 46920:11: Bye Bye [preauth]
Jun 26 10:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Disconnected from 152.53.0.56 port 46920 [preauth]
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10520]: Successful su for rubyman by root
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10520]: + ??? root:rubyman
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596112 of user rubyman.
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10520]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596112.
Jun 26 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7533]: pam_unix(cron:session): session closed for user root
Jun 26 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Connection closed by 91.92.40.49 port 59816 [preauth]
Jun 26 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Invalid user rancher from 4.184.246.230
Jun 26 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: input_userauth_request: invalid user rancher [preauth]
Jun 26 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10459]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Failed password for invalid user rancher from 4.184.246.230 port 44986 ssh2
Jun 26 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Received disconnect from 4.184.246.230 port 44986:11: Bye Bye [preauth]
Jun 26 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Disconnected from 4.184.246.230 port 44986 [preauth]
Jun 26 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Invalid user nominatim from 91.92.40.49
Jun 26 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: input_userauth_request: invalid user nominatim [preauth]
Jun 26 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: Failed password for invalid user user1 from 91.92.40.49 port 16250 ssh2
Jun 26 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Failed password for root from 91.92.40.49 port 16280 ssh2
Jun 26 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Invalid user ui from 91.92.40.49
Jun 26 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: input_userauth_request: invalid user ui [preauth]
Jun 26 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Failed password for invalid user nominatim from 91.92.40.49 port 55606 ssh2
Jun 26 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Invalid user testing from 91.92.40.49
Jun 26 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: input_userauth_request: invalid user testing [preauth]
Jun 26 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session closed for user root
Jun 26 10:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: Connection closed by 91.92.40.49 port 16250 [preauth]
Jun 26 10:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10871]: Invalid user testuser from 43.160.249.98
Jun 26 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10871]: input_userauth_request: invalid user testuser [preauth]
Jun 26 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10871]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10871]: Failed password for invalid user testuser from 43.160.249.98 port 52706 ssh2
Jun 26 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10871]: Received disconnect from 43.160.249.98 port 52706:11: Bye Bye [preauth]
Jun 26 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10871]: Disconnected from 43.160.249.98 port 52706 [preauth]
Jun 26 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Failed password for invalid user ui from 91.92.40.49 port 53562 ssh2
Jun 26 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Failed password for invalid user testing from 91.92.40.49 port 53650 ssh2
Jun 26 10:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10900]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10899]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10897]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10967]: Successful su for rubyman by root
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10967]: + ??? root:rubyman
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596116 of user rubyman.
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10967]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596116.
Jun 26 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Invalid user ai from 91.92.40.49
Jun 26 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: input_userauth_request: invalid user ai [preauth]
Jun 26 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8038]: pam_unix(cron:session): session closed for user root
Jun 26 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10898]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Invalid user dm from 91.92.40.49
Jun 26 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: input_userauth_request: invalid user dm [preauth]
Jun 26 10:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Did not receive identification string from 91.92.40.49
Jun 26 10:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 10:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Failed password for invalid user ai from 91.92.40.49 port 16666 ssh2
Jun 26 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Failed password for root from 103.176.20.57 port 37568 ssh2
Jun 26 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Connection closed by 103.176.20.57 port 37568 [preauth]
Jun 26 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session closed for user root
Jun 26 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Failed password for invalid user dm from 91.92.40.49 port 59928 ssh2
Jun 26 10:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Did not receive identification string from 91.92.40.49
Jun 26 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Invalid user testuser from 152.53.0.56
Jun 26 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: input_userauth_request: invalid user testuser [preauth]
Jun 26 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Failed password for invalid user testuser from 152.53.0.56 port 57340 ssh2
Jun 26 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Received disconnect from 152.53.0.56 port 57340:11: Bye Bye [preauth]
Jun 26 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Disconnected from 152.53.0.56 port 57340 [preauth]
Jun 26 10:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Invalid user trial from 4.184.246.230
Jun 26 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: input_userauth_request: invalid user trial [preauth]
Jun 26 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: Invalid user ftpuser from 91.92.40.49
Jun 26 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Failed password for invalid user trial from 4.184.246.230 port 49696 ssh2
Jun 26 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Received disconnect from 4.184.246.230 port 49696:11: Bye Bye [preauth]
Jun 26 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Disconnected from 4.184.246.230 port 49696 [preauth]
Jun 26 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: Invalid user guest from 91.92.40.49
Jun 26 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: input_userauth_request: invalid user guest [preauth]
Jun 26 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11329]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session closed for user root
Jun 26 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11327]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11401]: Successful su for rubyman by root
Jun 26 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11401]: + ??? root:rubyman
Jun 26 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596120 of user rubyman.
Jun 26 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11401]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596120.
Jun 26 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8440]: pam_unix(cron:session): session closed for user root
Jun 26 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11329]: pam_unix(cron:session): session closed for user root
Jun 26 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Failed password for root from 147.45.199.80 port 51908 ssh2
Jun 26 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Connection closed by 147.45.199.80 port 51908 [preauth]
Jun 26 10:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11328]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Invalid user bob from 91.92.40.49
Jun 26 10:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: input_userauth_request: invalid user bob [preauth]
Jun 26 10:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: Failed password for invalid user ftpuser from 91.92.40.49 port 41960 ssh2
Jun 26 10:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: Failed password for root from 103.172.78.219 port 53614 ssh2
Jun 26 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Invalid user user from 45.78.207.244
Jun 26 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: input_userauth_request: invalid user user [preauth]
Jun 26 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11652]: Connection closed by 103.172.78.219 port 53614 [preauth]
Jun 26 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Failed password for invalid user user from 45.78.207.244 port 43214 ssh2
Jun 26 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Received disconnect from 45.78.207.244 port 43214:11: Bye Bye [preauth]
Jun 26 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Disconnected from 45.78.207.244 port 43214 [preauth]
Jun 26 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10870]: Failed password for invalid user guest from 91.92.40.49 port 49988 ssh2
Jun 26 10:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session closed for user root
Jun 26 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Failed password for invalid user bob from 91.92.40.49 port 44490 ssh2
Jun 26 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11664]: Did not receive identification string from 91.92.40.49
Jun 26 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11686]: Did not receive identification string from 91.92.40.49
Jun 26 10:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11703]: Did not receive identification string from 91.92.40.49
Jun 26 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11812]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11793]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11884]: Successful su for rubyman by root
Jun 26 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11884]: + ??? root:rubyman
Jun 26 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596127 of user rubyman.
Jun 26 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11884]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596127.
Jun 26 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8938]: pam_unix(cron:session): session closed for user root
Jun 26 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Invalid user chris from 43.160.249.98
Jun 26 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: input_userauth_request: invalid user chris [preauth]
Jun 26 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11811]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Failed password for invalid user chris from 43.160.249.98 port 42740 ssh2
Jun 26 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Received disconnect from 43.160.249.98 port 42740:11: Bye Bye [preauth]
Jun 26 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Disconnected from 43.160.249.98 port 42740 [preauth]
Jun 26 10:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: Invalid user test from 91.92.40.49
Jun 26 10:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: input_userauth_request: invalid user test [preauth]
Jun 26 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Invalid user git from 91.92.40.49
Jun 26 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: input_userauth_request: invalid user git [preauth]
Jun 26 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: Invalid user alfred from 91.92.40.49
Jun 26 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: input_userauth_request: invalid user alfred [preauth]
Jun 26 10:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: Failed password for invalid user test from 91.92.40.49 port 61340 ssh2
Jun 26 10:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 10:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Failed password for root from 152.53.0.56 port 54740 ssh2
Jun 26 10:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Received disconnect from 152.53.0.56 port 54740:11: Bye Bye [preauth]
Jun 26 10:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Disconnected from 152.53.0.56 port 54740 [preauth]
Jun 26 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10900]: pam_unix(cron:session): session closed for user root
Jun 26 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Failed password for invalid user git from 91.92.40.49 port 61366 ssh2
Jun 26 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: Connection closed by 91.92.40.49 port 61340 [preauth]
Jun 26 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: Failed password for invalid user alfred from 91.92.40.49 port 27772 ssh2
Jun 26 10:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 10:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Failed password for root from 4.184.246.230 port 42738 ssh2
Jun 26 10:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Received disconnect from 4.184.246.230 port 42738:11: Bye Bye [preauth]
Jun 26 10:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Disconnected from 4.184.246.230 port 42738 [preauth]
Jun 26 10:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Connection closed by 91.92.40.49 port 61366 [preauth]
Jun 26 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: Connection closed by 91.92.40.49 port 27772 [preauth]
Jun 26 10:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: Invalid user cloudera from 91.92.40.49
Jun 26 10:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: input_userauth_request: invalid user cloudera [preauth]
Jun 26 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: Failed password for invalid user cloudera from 91.92.40.49 port 12918 ssh2
Jun 26 10:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11906]: Connection closed by 91.92.40.49 port 12918 [preauth]
Jun 26 10:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12436]: Successful su for rubyman by root
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12436]: + ??? root:rubyman
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596131 of user rubyman.
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12436]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596131.
Jun 26 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9377]: pam_unix(cron:session): session closed for user root
Jun 26 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: Invalid user user from 91.92.40.49
Jun 26 10:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: input_userauth_request: invalid user user [preauth]
Jun 26 10:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: Failed password for invalid user user from 91.92.40.49 port 40800 ssh2
Jun 26 10:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12229]: Connection closed by 91.92.40.49 port 40800 [preauth]
Jun 26 10:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: Invalid user cloud from 91.92.40.49
Jun 26 10:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: input_userauth_request: invalid user cloud [preauth]
Jun 26 10:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11331]: pam_unix(cron:session): session closed for user root
Jun 26 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: Failed password for invalid user cloud from 91.92.40.49 port 55296 ssh2
Jun 26 10:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: Invalid user anna from 91.92.40.49
Jun 26 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: input_userauth_request: invalid user anna [preauth]
Jun 26 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: Connection closed by 91.92.40.49 port 55296 [preauth]
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12862]: Successful su for rubyman by root
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12862]: + ??? root:rubyman
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596134 of user rubyman.
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12862]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596134.
Jun 26 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session closed for user root
Jun 26 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Invalid user frappe from 91.92.40.49
Jun 26 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: input_userauth_request: invalid user frappe [preauth]
Jun 26 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 10:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13057]: Failed password for root from 152.53.0.56 port 51462 ssh2
Jun 26 10:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13057]: Received disconnect from 152.53.0.56 port 51462:11: Bye Bye [preauth]
Jun 26 10:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13057]: Disconnected from 152.53.0.56 port 51462 [preauth]
Jun 26 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: Failed password for invalid user anna from 91.92.40.49 port 45546 ssh2
Jun 26 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: Failed password for root from 43.160.249.98 port 52012 ssh2
Jun 26 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: Received disconnect from 43.160.249.98 port 52012:11: Bye Bye [preauth]
Jun 26 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: Disconnected from 43.160.249.98 port 52012 [preauth]
Jun 26 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session closed for user root
Jun 26 10:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Failed password for invalid user frappe from 91.92.40.49 port 40826 ssh2
Jun 26 10:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: Connection closed by 91.92.40.49 port 45546 [preauth]
Jun 26 10:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Invalid user tutor from 4.184.246.230
Jun 26 10:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: input_userauth_request: invalid user tutor [preauth]
Jun 26 10:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Failed password for invalid user tutor from 4.184.246.230 port 38056 ssh2
Jun 26 10:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Received disconnect from 4.184.246.230 port 38056:11: Bye Bye [preauth]
Jun 26 10:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Disconnected from 4.184.246.230 port 38056 [preauth]
Jun 26 10:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Invalid user arm from 91.92.40.49
Jun 26 10:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: input_userauth_request: invalid user arm [preauth]
Jun 26 10:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Connection closed by 91.92.40.49 port 40826 [preauth]
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13221]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13285]: Successful su for rubyman by root
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13285]: + ??? root:rubyman
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596138 of user rubyman.
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13285]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596138.
Jun 26 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session closed for user root
Jun 26 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13223]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: Did not receive identification string from 77.90.185.16
Jun 26 10:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: Invalid user wet from 91.92.40.49
Jun 26 10:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: input_userauth_request: invalid user wet [preauth]
Jun 26 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Failed password for invalid user arm from 91.92.40.49 port 45600 ssh2
Jun 26 10:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Failed password for root from 91.92.40.49 port 30672 ssh2
Jun 26 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session closed for user root
Jun 26 10:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: Failed password for invalid user wet from 91.92.40.49 port 13210 ssh2
Jun 26 10:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: Invalid user localadmin from 91.92.40.49
Jun 26 10:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: input_userauth_request: invalid user localadmin [preauth]
Jun 26 10:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Did not receive identification string from 91.92.40.49
Jun 26 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Invalid user ajadmin from 152.53.0.56
Jun 26 10:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: input_userauth_request: invalid user ajadmin [preauth]
Jun 26 10:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Failed password for invalid user ajadmin from 152.53.0.56 port 34020 ssh2
Jun 26 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Received disconnect from 152.53.0.56 port 34020:11: Bye Bye [preauth]
Jun 26 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Disconnected from 152.53.0.56 port 34020 [preauth]
Jun 26 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: Failed password for root from 103.82.20.28 port 35242 ssh2
Jun 26 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: Connection closed by 103.82.20.28 port 35242 [preauth]
Jun 26 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13634]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13635]: pam_unix(cron:session): session closed for user root
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13630]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13699]: Successful su for rubyman by root
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13699]: + ??? root:rubyman
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596145 of user rubyman.
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13699]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596145.
Jun 26 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13059]: Failed password for invalid user localadmin from 91.92.40.49 port 10744 ssh2
Jun 26 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13632]: pam_unix(cron:session): session closed for user root
Jun 26 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10899]: pam_unix(cron:session): session closed for user root
Jun 26 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Invalid user botuser from 91.92.40.49
Jun 26 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: input_userauth_request: invalid user botuser [preauth]
Jun 26 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Did not receive identification string from 91.92.40.49
Jun 26 10:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session closed for user root
Jun 26 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Did not receive identification string from 91.92.40.49
Jun 26 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for root from 4.184.246.230 port 50676 ssh2
Jun 26 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Received disconnect from 4.184.246.230 port 50676:11: Bye Bye [preauth]
Jun 26 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Disconnected from 4.184.246.230 port 50676 [preauth]
Jun 26 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Failed password for invalid user botuser from 91.92.40.49 port 55862 ssh2
Jun 26 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13606]: Did not receive identification string from 91.92.40.49
Jun 26 10:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 10:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14031]: Failed password for root from 43.160.249.98 port 60280 ssh2
Jun 26 10:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14031]: Received disconnect from 43.160.249.98 port 60280:11: Bye Bye [preauth]
Jun 26 10:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14031]: Disconnected from 43.160.249.98 port 60280 [preauth]
Jun 26 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: Did not receive identification string from 91.92.40.49
Jun 26 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: Invalid user root1 from 91.92.40.49
Jun 26 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: input_userauth_request: invalid user root1 [preauth]
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14089]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14154]: Successful su for rubyman by root
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14154]: + ??? root:rubyman
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596148 of user rubyman.
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14154]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596148.
Jun 26 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11330]: pam_unix(cron:session): session closed for user root
Jun 26 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14090]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Invalid user jenkins from 91.92.40.49
Jun 26 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: input_userauth_request: invalid user jenkins [preauth]
Jun 26 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13225]: pam_unix(cron:session): session closed for user root
Jun 26 10:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: Invalid user trial from 152.53.0.56
Jun 26 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: input_userauth_request: invalid user trial [preauth]
Jun 26 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Failed password for root from 103.77.242.62 port 43220 ssh2
Jun 26 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Connection closed by 103.77.242.62 port 43220 [preauth]
Jun 26 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Failed password for invalid user jenkins from 91.92.40.49 port 33672 ssh2
Jun 26 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: Invalid user gary from 91.92.40.49
Jun 26 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: input_userauth_request: invalid user gary [preauth]
Jun 26 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: Failed password for invalid user trial from 152.53.0.56 port 37212 ssh2
Jun 26 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: Received disconnect from 152.53.0.56 port 37212:11: Bye Bye [preauth]
Jun 26 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: Disconnected from 152.53.0.56 port 37212 [preauth]
Jun 26 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Connection closed by 91.92.40.49 port 33672 [preauth]
Jun 26 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: Did not receive identification string from 91.92.40.49
Jun 26 10:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: Failed password for invalid user gary from 91.92.40.49 port 25594 ssh2
Jun 26 10:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14053]: Connection closed by 91.92.40.49 port 25594 [preauth]
Jun 26 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: Failed password for root from 91.92.40.49 port 17170 ssh2
Jun 26 10:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: Connection closed by 91.92.40.49 port 17170 [preauth]
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14488]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14548]: Successful su for rubyman by root
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14548]: + ??? root:rubyman
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596152 of user rubyman.
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14548]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596152.
Jun 26 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11812]: pam_unix(cron:session): session closed for user root
Jun 26 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14489]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Invalid user user from 91.92.40.49
Jun 26 10:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: input_userauth_request: invalid user user [preauth]
Jun 26 10:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Failed password for root from 91.92.40.49 port 41820 ssh2
Jun 26 10:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Connection closed by 91.92.40.49 port 41820 [preauth]
Jun 26 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Failed password for invalid user user from 91.92.40.49 port 17696 ssh2
Jun 26 10:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 26 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Failed password for root from 46.19.67.181 port 49050 ssh2
Jun 26 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Connection closed by 46.19.67.181 port 49050 [preauth]
Jun 26 10:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Invalid user postgres from 4.184.246.230
Jun 26 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: input_userauth_request: invalid user postgres [preauth]
Jun 26 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Connection closed by 91.92.40.49 port 17696 [preauth]
Jun 26 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Failed password for invalid user postgres from 4.184.246.230 port 43090 ssh2
Jun 26 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Received disconnect from 4.184.246.230 port 43090:11: Bye Bye [preauth]
Jun 26 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Disconnected from 4.184.246.230 port 43090 [preauth]
Jun 26 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13634]: pam_unix(cron:session): session closed for user root
Jun 26 10:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: Failed password for root from 91.92.40.49 port 49322 ssh2
Jun 26 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Invalid user karel from 91.92.40.49
Jun 26 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: input_userauth_request: invalid user karel [preauth]
Jun 26 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Failed password for root from 43.160.249.98 port 56762 ssh2
Jun 26 10:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Received disconnect from 43.160.249.98 port 56762:11: Bye Bye [preauth]
Jun 26 10:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Disconnected from 43.160.249.98 port 56762 [preauth]
Jun 26 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: Connection closed by 91.92.40.49 port 49322 [preauth]
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14989]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: Successful su for rubyman by root
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: + ??? root:rubyman
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596157 of user rubyman.
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596157.
Jun 26 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session closed for user root
Jun 26 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Failed password for invalid user karel from 91.92.40.49 port 41170 ssh2
Jun 26 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: Invalid user pruebas from 91.92.40.49
Jun 26 10:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: input_userauth_request: invalid user pruebas [preauth]
Jun 26 10:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: Invalid user kafka from 152.53.0.56
Jun 26 10:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: input_userauth_request: invalid user kafka [preauth]
Jun 26 10:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: Failed password for invalid user kafka from 152.53.0.56 port 59604 ssh2
Jun 26 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: Received disconnect from 152.53.0.56 port 59604:11: Bye Bye [preauth]
Jun 26 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: Disconnected from 152.53.0.56 port 59604 [preauth]
Jun 26 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Connection closed by 91.92.40.49 port 41170 [preauth]
Jun 26 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14092]: pam_unix(cron:session): session closed for user root
Jun 26 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: Failed password for invalid user pruebas from 91.92.40.49 port 48322 ssh2
Jun 26 10:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Invalid user admin1 from 91.92.40.49
Jun 26 10:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: input_userauth_request: invalid user admin1 [preauth]
Jun 26 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: Connection closed by 91.92.40.49 port 48322 [preauth]
Jun 26 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: Invalid user alex from 91.92.40.49
Jun 26 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: input_userauth_request: invalid user alex [preauth]
Jun 26 10:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Failed password for invalid user admin1 from 91.92.40.49 port 47294 ssh2
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15400]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: Successful su for rubyman by root
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: + ??? root:rubyman
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596161 of user rubyman.
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596161.
Jun 26 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session closed for user root
Jun 26 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15401]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: Failed password for root from 103.149.28.157 port 59204 ssh2
Jun 26 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: Connection closed by 103.149.28.157 port 59204 [preauth]
Jun 26 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 10:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: Failed password for invalid user alex from 91.92.40.49 port 33130 ssh2
Jun 26 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: Failed password for root from 80.66.85.226 port 41194 ssh2
Jun 26 10:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: Connection closed by 80.66.85.226 port 41194 [preauth]
Jun 26 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Invalid user seed from 91.92.40.49
Jun 26 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: input_userauth_request: invalid user seed [preauth]
Jun 26 10:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Connection closed by 91.92.40.49 port 47294 [preauth]
Jun 26 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Invalid user admin from 2.57.121.25
Jun 26 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: input_userauth_request: invalid user admin [preauth]
Jun 26 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Invalid user testuser from 4.184.246.230
Jun 26 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: input_userauth_request: invalid user testuser [preauth]
Jun 26 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Failed password for invalid user testuser from 4.184.246.230 port 37102 ssh2
Jun 26 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Failed password for invalid user admin from 2.57.121.25 port 46854 ssh2
Jun 26 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Received disconnect from 4.184.246.230 port 37102:11: Bye Bye [preauth]
Jun 26 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Disconnected from 4.184.246.230 port 37102 [preauth]
Jun 26 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Failed password for invalid user admin from 2.57.121.25 port 46854 ssh2
Jun 26 10:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Failed password for invalid user admin from 2.57.121.25 port 46854 ssh2
Jun 26 10:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: Connection closed by 2.57.121.25 port 46854 [preauth]
Jun 26 10:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15697]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 10:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14491]: pam_unix(cron:session): session closed for user root
Jun 26 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: Connection closed by 91.92.40.49 port 33130 [preauth]
Jun 26 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Failed password for invalid user seed from 91.92.40.49 port 19208 ssh2
Jun 26 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session closed for user root
Jun 26 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15800]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15867]: Successful su for rubyman by root
Jun 26 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15867]: + ??? root:rubyman
Jun 26 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596164 of user rubyman.
Jun 26 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15867]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596164.
Jun 26 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15802]: pam_unix(cron:session): session closed for user root
Jun 26 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13224]: pam_unix(cron:session): session closed for user root
Jun 26 10:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Connection closed by 91.92.40.49 port 19208 [preauth]
Jun 26 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15801]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Failed password for root from 91.92.40.49 port 33276 ssh2
Jun 26 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Invalid user deepak from 43.160.249.98
Jun 26 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: input_userauth_request: invalid user deepak [preauth]
Jun 26 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Invalid user admin from 152.53.0.56
Jun 26 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: input_userauth_request: invalid user admin [preauth]
Jun 26 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Failed password for invalid user deepak from 43.160.249.98 port 48558 ssh2
Jun 26 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Received disconnect from 43.160.249.98 port 48558:11: Bye Bye [preauth]
Jun 26 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Disconnected from 43.160.249.98 port 48558 [preauth]
Jun 26 10:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Failed password for invalid user admin from 152.53.0.56 port 51186 ssh2
Jun 26 10:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Received disconnect from 152.53.0.56 port 51186:11: Bye Bye [preauth]
Jun 26 10:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Disconnected from 152.53.0.56 port 51186 [preauth]
Jun 26 10:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session closed for user root
Jun 26 10:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15629]: Invalid user dummy from 91.92.40.49
Jun 26 10:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15629]: input_userauth_request: invalid user dummy [preauth]
Jun 26 10:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: Invalid user test from 91.92.40.49
Jun 26 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: input_userauth_request: invalid user test [preauth]
Jun 26 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 10:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Failed password for root from 103.77.175.15 port 60808 ssh2
Jun 26 10:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Connection closed by 103.77.175.15 port 60808 [preauth]
Jun 26 10:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Invalid user tuan from 91.92.40.49
Jun 26 10:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: input_userauth_request: invalid user tuan [preauth]
Jun 26 10:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Did not receive identification string from 91.92.40.49
Jun 26 10:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16114]: Did not receive identification string from 91.92.40.49
Jun 26 10:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: Failed password for root from 91.92.40.49 port 57472 ssh2
Jun 26 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15629]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15629]: Failed password for invalid user dummy from 91.92.40.49 port 57498 ssh2
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16232]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16230]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16294]: Successful su for rubyman by root
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16294]: + ??? root:rubyman
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596171 of user rubyman.
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16294]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596171.
Jun 26 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15641]: Failed password for invalid user test from 91.92.40.49 port 25432 ssh2
Jun 26 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13633]: pam_unix(cron:session): session closed for user root
Jun 26 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16231]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 10:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: Failed password for root from 4.184.246.230 port 38720 ssh2
Jun 26 10:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: Received disconnect from 4.184.246.230 port 38720:11: Bye Bye [preauth]
Jun 26 10:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: Disconnected from 4.184.246.230 port 38720 [preauth]
Jun 26 10:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Did not receive identification string from 91.92.40.49
Jun 26 10:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: Did not receive identification string from 91.92.40.49
Jun 26 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15403]: pam_unix(cron:session): session closed for user root
Jun 26 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: Invalid user calvin from 91.92.40.49
Jun 26 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15754]: input_userauth_request: invalid user calvin [preauth]
Jun 26 10:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: Invalid user azureuser from 91.92.40.49
Jun 26 10:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: input_userauth_request: invalid user azureuser [preauth]
Jun 26 10:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 10:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Failed password for root from 91.92.40.49 port 39852 ssh2
Jun 26 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: Failed password for invalid user azureuser from 91.92.40.49 port 39890 ssh2
Jun 26 10:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Invalid user ubuntu from 91.92.40.49
Jun 26 10:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 10:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16634]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16703]: Successful su for rubyman by root
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16703]: + ??? root:rubyman
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596174 of user rubyman.
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16703]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596174.
Jun 26 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16630]: Failed password for root from 152.53.0.56 port 54708 ssh2
Jun 26 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16630]: Received disconnect from 152.53.0.56 port 54708:11: Bye Bye [preauth]
Jun 26 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16630]: Disconnected from 152.53.0.56 port 54708 [preauth]
Jun 26 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14091]: pam_unix(cron:session): session closed for user root
Jun 26 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16635]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: Connection closed by 91.92.40.49 port 39890 [preauth]
Jun 26 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Failed password for invalid user ubuntu from 91.92.40.49 port 44402 ssh2
Jun 26 10:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 10:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Failed password for root from 43.160.249.98 port 49754 ssh2
Jun 26 10:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Received disconnect from 43.160.249.98 port 49754:11: Bye Bye [preauth]
Jun 26 10:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Disconnected from 43.160.249.98 port 49754 [preauth]
Jun 26 10:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 10:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Invalid user user from 91.92.40.49
Jun 26 10:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: input_userauth_request: invalid user user [preauth]
Jun 26 10:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: Failed password for root from 103.122.221.179 port 47208 ssh2
Jun 26 10:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: Connection closed by 103.122.221.179 port 47208 [preauth]
Jun 26 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session closed for user root
Jun 26 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Failed password for invalid user user from 91.92.40.49 port 62678 ssh2
Jun 26 10:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Connection closed by 91.92.40.49 port 44402 [preauth]
Jun 26 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: Invalid user budda from 91.92.40.49
Jun 26 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: input_userauth_request: invalid user budda [preauth]
Jun 26 10:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: Invalid user user from 91.92.40.49
Jun 26 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: input_userauth_request: invalid user user [preauth]
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17147]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Connection closed by 91.92.40.49 port 62678 [preauth]
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17204]: Successful su for rubyman by root
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17204]: + ??? root:rubyman
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596178 of user rubyman.
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17204]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596178.
Jun 26 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14490]: pam_unix(cron:session): session closed for user root
Jun 26 10:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17148]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: Failed password for invalid user budda from 91.92.40.49 port 56400 ssh2
Jun 26 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Invalid user ajadmin from 4.184.246.230
Jun 26 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: input_userauth_request: invalid user ajadmin [preauth]
Jun 26 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Failed password for invalid user ajadmin from 4.184.246.230 port 57992 ssh2
Jun 26 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Received disconnect from 4.184.246.230 port 57992:11: Bye Bye [preauth]
Jun 26 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Disconnected from 4.184.246.230 port 57992 [preauth]
Jun 26 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: Failed password for invalid user user from 91.92.40.49 port 56438 ssh2
Jun 26 10:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Invalid user sysupdate from 91.92.40.49
Jun 26 10:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: input_userauth_request: invalid user sysupdate [preauth]
Jun 26 10:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16619]: Connection closed by 91.92.40.49 port 56400 [preauth]
Jun 26 10:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: Connection closed by 91.92.40.49 port 56438 [preauth]
Jun 26 10:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: Invalid user user from 91.92.40.49
Jun 26 10:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: input_userauth_request: invalid user user [preauth]
Jun 26 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session closed for user root
Jun 26 10:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Failed password for invalid user sysupdate from 91.92.40.49 port 54776 ssh2
Jun 26 10:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: Failed password for invalid user user from 91.92.40.49 port 38734 ssh2
Jun 26 10:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Connection closed by 91.92.40.49 port 54776 [preauth]
Jun 26 10:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Invalid user demo from 91.92.40.49
Jun 26 10:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: input_userauth_request: invalid user demo [preauth]
Jun 26 10:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Failed password for root from 152.53.0.56 port 51074 ssh2
Jun 26 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Received disconnect from 152.53.0.56 port 51074:11: Bye Bye [preauth]
Jun 26 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Disconnected from 152.53.0.56 port 51074 [preauth]
Jun 26 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: Connection closed by 91.92.40.49 port 38734 [preauth]
Jun 26 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Failed password for invalid user demo from 91.92.40.49 port 27686 ssh2
Jun 26 10:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Invalid user user from 91.92.40.49
Jun 26 10:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: input_userauth_request: invalid user user [preauth]
Jun 26 10:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Connection closed by 91.92.40.49 port 27686 [preauth]
Jun 26 10:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Failed password for invalid user user from 91.92.40.49 port 17038 ssh2
Jun 26 10:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Connection closed by 91.92.40.49 port 17038 [preauth]
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17563]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session closed for user p13x
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: Successful su for rubyman by root
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: + ??? root:rubyman
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596183 of user rubyman.
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: pam_unix(su:session): session closed for user rubyman
Jun 26 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596183.
Jun 26 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session closed for user root
Jun 26 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session closed for user samftp
Jun 26 10:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Invalid user dev from 91.92.40.49
Jun 26 10:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: input_userauth_request: invalid user dev [preauth]
Jun 26 10:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Failed password for invalid user dev from 91.92.40.49 port 48832 ssh2
Jun 26 10:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16638]: pam_unix(cron:session): session closed for user root
Jun 26 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Connection closed by 91.92.40.49 port 48832 [preauth]
Jun 26 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: Invalid user bot from 91.92.40.49
Jun 26 10:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: input_userauth_request: invalid user bot [preauth]
Jun 26 10:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Invalid user monitor from 43.160.249.98
Jun 26 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: input_userauth_request: invalid user monitor [preauth]
Jun 26 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Failed password for invalid user monitor from 43.160.249.98 port 37342 ssh2
Jun 26 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Received disconnect from 43.160.249.98 port 37342:11: Bye Bye [preauth]
Jun 26 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Disconnected from 43.160.249.98 port 37342 [preauth]
Jun 26 10:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 10:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 10:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: Failed password for invalid user bot from 91.92.40.49 port 48886 ssh2
Jun 26 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Invalid user user1 from 91.92.40.49
Jun 26 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: input_userauth_request: invalid user user1 [preauth]
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18082]: pam_unix(cron:session): session closed for user root
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18078]: pam_unix(cron:session): session closed for user root
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: Connection closed by 91.92.40.49 port 48886 [preauth]
Jun 26 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18177]: Successful su for rubyman by root
Jun 26 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18177]: + ??? root:rubyman
Jun 26 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596188 of user rubyman.
Jun 26 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18177]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596188.
Jun 26 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18148]: Failed password for root from 4.184.246.230 port 50232 ssh2
Jun 26 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18148]: Received disconnect from 4.184.246.230 port 50232:11: Bye Bye [preauth]
Jun 26 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18148]: Disconnected from 4.184.246.230 port 50232 [preauth]
Jun 26 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15402]: pam_unix(cron:session): session closed for user root
Jun 26 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18079]: pam_unix(cron:session): session closed for user root
Jun 26 11:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Failed password for invalid user user1 from 91.92.40.49 port 29594 ssh2
Jun 26 11:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Connection closed by 91.92.40.49 port 29594 [preauth]
Jun 26 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: Invalid user gd from 91.92.40.49
Jun 26 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: input_userauth_request: invalid user gd [preauth]
Jun 26 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Invalid user test from 91.92.40.49
Jun 26 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: input_userauth_request: invalid user test [preauth]
Jun 26 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17150]: pam_unix(cron:session): session closed for user root
Jun 26 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: Invalid user monitor from 152.53.0.56
Jun 26 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: input_userauth_request: invalid user monitor [preauth]
Jun 26 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: Failed password for invalid user monitor from 152.53.0.56 port 34848 ssh2
Jun 26 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: Received disconnect from 152.53.0.56 port 34848:11: Bye Bye [preauth]
Jun 26 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: Disconnected from 152.53.0.56 port 34848 [preauth]
Jun 26 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: Failed password for invalid user gd from 91.92.40.49 port 51178 ssh2
Jun 26 11:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Failed password for invalid user test from 91.92.40.49 port 51160 ssh2
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18700]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18773]: Successful su for rubyman by root
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18773]: + ??? root:rubyman
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596195 of user rubyman.
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18773]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596195.
Jun 26 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session closed for user root
Jun 26 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: Connection closed by 91.92.40.49 port 51178 [preauth]
Jun 26 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18701]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Connection closed by 91.92.40.49 port 51160 [preauth]
Jun 26 11:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Invalid user rogelio from 91.92.40.49
Jun 26 11:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: input_userauth_request: invalid user rogelio [preauth]
Jun 26 11:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Failed password for invalid user rogelio from 91.92.40.49 port 63952 ssh2
Jun 26 11:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 26 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17564]: pam_unix(cron:session): session closed for user root
Jun 26 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: Failed password for root from 176.32.39.21 port 44002 ssh2
Jun 26 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19037]: Connection closed by 176.32.39.21 port 44002 [preauth]
Jun 26 11:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: Invalid user milad from 91.92.40.49
Jun 26 11:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: input_userauth_request: invalid user milad [preauth]
Jun 26 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19006]: Did not receive identification string from 91.92.40.49
Jun 26 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: Failed password for invalid user milad from 91.92.40.49 port 13354 ssh2
Jun 26 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18563]: Connection closed by 91.92.40.49 port 13354 [preauth]
Jun 26 11:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: Failed password for root from 91.92.40.49 port 18986 ssh2
Jun 26 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: Connection closed by 91.92.40.49 port 18986 [preauth]
Jun 26 11:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19027]: Did not receive identification string from 91.92.40.49
Jun 26 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Invalid user grafana from 4.184.246.230
Jun 26 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: input_userauth_request: invalid user grafana [preauth]
Jun 26 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 11:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Failed password for invalid user grafana from 4.184.246.230 port 55310 ssh2
Jun 26 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Received disconnect from 4.184.246.230 port 55310:11: Bye Bye [preauth]
Jun 26 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Disconnected from 4.184.246.230 port 55310 [preauth]
Jun 26 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19223]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19287]: Successful su for rubyman by root
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19287]: + ??? root:rubyman
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596199 of user rubyman.
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19287]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596199.
Jun 26 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16232]: pam_unix(cron:session): session closed for user root
Jun 26 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: Failed password for root from 91.92.40.49 port 19030 ssh2
Jun 26 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Connection closed by 91.92.40.49 port 63952 [preauth]
Jun 26 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: Failed password for root from 43.160.249.98 port 48954 ssh2
Jun 26 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: Received disconnect from 43.160.249.98 port 48954:11: Bye Bye [preauth]
Jun 26 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: Disconnected from 43.160.249.98 port 48954 [preauth]
Jun 26 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19224]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18985]: Invalid user debian from 91.92.40.49
Jun 26 11:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18985]: input_userauth_request: invalid user debian [preauth]
Jun 26 11:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: Connection closed by 91.92.40.49 port 19030 [preauth]
Jun 26 11:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18985]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: Invalid user rancher from 152.53.0.56
Jun 26 11:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: input_userauth_request: invalid user rancher [preauth]
Jun 26 11:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 11:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18985]: Failed password for invalid user debian from 91.92.40.49 port 59974 ssh2
Jun 26 11:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Invalid user adam from 91.92.40.49
Jun 26 11:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: input_userauth_request: invalid user adam [preauth]
Jun 26 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: Failed password for invalid user rancher from 152.53.0.56 port 56194 ssh2
Jun 26 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: Received disconnect from 152.53.0.56 port 56194:11: Bye Bye [preauth]
Jun 26 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19706]: Disconnected from 152.53.0.56 port 56194 [preauth]
Jun 26 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: Invalid user linux from 91.92.40.49
Jun 26 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: input_userauth_request: invalid user linux [preauth]
Jun 26 11:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18985]: Connection closed by 91.92.40.49 port 59974 [preauth]
Jun 26 11:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: Failed password for invalid user linux from 91.92.40.49 port 42900 ssh2
Jun 26 11:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for invalid user adam from 91.92.40.49 port 42862 ssh2
Jun 26 11:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19448]: Connection closed by 91.92.40.49 port 42900 [preauth]
Jun 26 11:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Connection closed by 91.92.40.49 port 42862 [preauth]
Jun 26 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18081]: pam_unix(cron:session): session closed for user root
Jun 26 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Invalid user ubuntu from 91.92.40.49
Jun 26 11:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Failed password for invalid user ubuntu from 91.92.40.49 port 11536 ssh2
Jun 26 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19844]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19911]: Successful su for rubyman by root
Jun 26 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19911]: + ??? root:rubyman
Jun 26 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596201 of user rubyman.
Jun 26 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19911]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596201.
Jun 26 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Connection closed by 91.92.40.49 port 11536 [preauth]
Jun 26 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: Invalid user rdpuser from 91.92.40.49
Jun 26 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: input_userauth_request: invalid user rdpuser [preauth]
Jun 26 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16637]: pam_unix(cron:session): session closed for user root
Jun 26 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19846]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: Failed password for invalid user rdpuser from 91.92.40.49 port 11564 ssh2
Jun 26 11:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: Connection closed by 91.92.40.49 port 11564 [preauth]
Jun 26 11:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18703]: pam_unix(cron:session): session closed for user root
Jun 26 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Failed password for root from 91.92.40.49 port 46888 ssh2
Jun 26 11:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 11:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20292]: Failed password for root from 38.93.206.2 port 52814 ssh2
Jun 26 11:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20292]: Connection closed by 38.93.206.2 port 52814 [preauth]
Jun 26 11:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: Invalid user kafka from 4.184.246.230
Jun 26 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: input_userauth_request: invalid user kafka [preauth]
Jun 26 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Connection closed by 91.92.40.49 port 46888 [preauth]
Jun 26 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: Failed password for invalid user kafka from 4.184.246.230 port 33864 ssh2
Jun 26 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: Received disconnect from 4.184.246.230 port 33864:11: Bye Bye [preauth]
Jun 26 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: Disconnected from 4.184.246.230 port 33864 [preauth]
Jun 26 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: Failed password for root from 103.27.238.120 port 39022 ssh2
Jun 26 11:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: Connection closed by 103.27.238.120 port 39022 [preauth]
Jun 26 11:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Failed password for root from 91.92.40.49 port 52912 ssh2
Jun 26 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20358]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20429]: Successful su for rubyman by root
Jun 26 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20429]: + ??? root:rubyman
Jun 26 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596207 of user rubyman.
Jun 26 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20429]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596207.
Jun 26 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: Invalid user chris from 152.53.0.56
Jun 26 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: input_userauth_request: invalid user chris [preauth]
Jun 26 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: Failed password for invalid user chris from 152.53.0.56 port 38948 ssh2
Jun 26 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: Received disconnect from 152.53.0.56 port 38948:11: Bye Bye [preauth]
Jun 26 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20354]: Disconnected from 152.53.0.56 port 38948 [preauth]
Jun 26 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17149]: pam_unix(cron:session): session closed for user root
Jun 26 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20360]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Connection closed by 91.92.40.49 port 52912 [preauth]
Jun 26 11:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 11:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Failed password for root from 77.94.47.83 port 47918 ssh2
Jun 26 11:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20632]: Connection closed by 77.94.47.83 port 47918 [preauth]
Jun 26 11:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Invalid user bkp from 43.160.249.98
Jun 26 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: input_userauth_request: invalid user bkp [preauth]
Jun 26 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20258]: Failed password for root from 91.92.40.49 port 41792 ssh2
Jun 26 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Failed password for invalid user bkp from 43.160.249.98 port 43410 ssh2
Jun 26 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Received disconnect from 43.160.249.98 port 43410:11: Bye Bye [preauth]
Jun 26 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Disconnected from 43.160.249.98 port 43410 [preauth]
Jun 26 11:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20258]: Connection closed by 91.92.40.49 port 41792 [preauth]
Jun 26 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session closed for user root
Jun 26 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 11:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20812]: Failed password for root from 103.153.68.219 port 55670 ssh2
Jun 26 11:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20812]: Connection closed by 103.153.68.219 port 55670 [preauth]
Jun 26 11:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Failed password for root from 91.92.40.49 port 52542 ssh2
Jun 26 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Connection closed by 91.92.40.49 port 52542 [preauth]
Jun 26 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: Failed password for root from 91.92.40.49 port 18118 ssh2
Jun 26 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: Invalid user redhat from 91.92.40.49
Jun 26 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: input_userauth_request: invalid user redhat [preauth]
Jun 26 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: Connection closed by 91.92.40.49 port 18118 [preauth]
Jun 26 11:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: Failed password for invalid user redhat from 91.92.40.49 port 22468 ssh2
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session closed for user root
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20879]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20950]: Successful su for rubyman by root
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20950]: + ??? root:rubyman
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596211 of user rubyman.
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20950]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596211.
Jun 26 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20881]: pam_unix(cron:session): session closed for user root
Jun 26 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17563]: pam_unix(cron:session): session closed for user root
Jun 26 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20880]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: Connection closed by 91.92.40.49 port 22468 [preauth]
Jun 26 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: Invalid user elasticsearch from 91.92.40.49
Jun 26 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 26 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20856]: Invalid user ftpuser from 91.92.40.49
Jun 26 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20856]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session closed for user root
Jun 26 11:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: Failed password for invalid user elasticsearch from 91.92.40.49 port 62652 ssh2
Jun 26 11:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Invalid user aj from 4.184.246.230
Jun 26 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: input_userauth_request: invalid user aj [preauth]
Jun 26 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 11:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Failed password for invalid user aj from 4.184.246.230 port 48902 ssh2
Jun 26 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Received disconnect from 4.184.246.230 port 48902:11: Bye Bye [preauth]
Jun 26 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Disconnected from 4.184.246.230 port 48902 [preauth]
Jun 26 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20856]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20846]: Connection closed by 91.92.40.49 port 62652 [preauth]
Jun 26 11:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20856]: Failed password for invalid user ftpuser from 91.92.40.49 port 44886 ssh2
Jun 26 11:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 11:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21295]: Failed password for root from 152.53.0.56 port 49892 ssh2
Jun 26 11:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21295]: Received disconnect from 152.53.0.56 port 49892:11: Bye Bye [preauth]
Jun 26 11:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21295]: Disconnected from 152.53.0.56 port 49892 [preauth]
Jun 26 11:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20856]: Connection closed by 91.92.40.49 port 44886 [preauth]
Jun 26 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21335]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21334]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21331]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: Successful su for rubyman by root
Jun 26 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: + ??? root:rubyman
Jun 26 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596216 of user rubyman.
Jun 26 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596216.
Jun 26 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Failed password for root from 91.92.40.49 port 60848 ssh2
Jun 26 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18080]: pam_unix(cron:session): session closed for user root
Jun 26 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21332]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Invalid user ubuntu from 91.92.40.49
Jun 26 11:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Connection closed by 91.92.40.49 port 60848 [preauth]
Jun 26 11:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Failed password for invalid user ubuntu from 91.92.40.49 port 53510 ssh2
Jun 26 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20362]: pam_unix(cron:session): session closed for user root
Jun 26 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Invalid user grafana from 43.160.249.98
Jun 26 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: input_userauth_request: invalid user grafana [preauth]
Jun 26 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 11:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: Invalid user admin from 91.92.40.49
Jun 26 11:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Failed password for invalid user grafana from 43.160.249.98 port 37626 ssh2
Jun 26 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Received disconnect from 43.160.249.98 port 37626:11: Bye Bye [preauth]
Jun 26 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Disconnected from 43.160.249.98 port 37626 [preauth]
Jun 26 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Connection closed by 91.92.40.49 port 53510 [preauth]
Jun 26 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21780]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21777]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: Successful su for rubyman by root
Jun 26 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: + ??? root:rubyman
Jun 26 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596220 of user rubyman.
Jun 26 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21839]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596220.
Jun 26 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18702]: pam_unix(cron:session): session closed for user root
Jun 26 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: Failed password for invalid user admin from 91.92.40.49 port 43770 ssh2
Jun 26 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21778]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Invalid user ubuntu from 91.92.40.49
Jun 26 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 11:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: Connection closed by 91.92.40.49 port 43770 [preauth]
Jun 26 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Invalid user claude from 91.92.40.49
Jun 26 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: input_userauth_request: invalid user claude [preauth]
Jun 26 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Invalid user ftpadmin from 91.92.40.49
Jun 26 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: input_userauth_request: invalid user ftpadmin [preauth]
Jun 26 11:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20883]: pam_unix(cron:session): session closed for user root
Jun 26 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22126]: Invalid user admin from 4.184.246.230
Jun 26 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22126]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22126]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22126]: Failed password for invalid user admin from 4.184.246.230 port 46182 ssh2
Jun 26 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22126]: Received disconnect from 4.184.246.230 port 46182:11: Bye Bye [preauth]
Jun 26 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22126]: Disconnected from 4.184.246.230 port 46182 [preauth]
Jun 26 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: Invalid user ftpuser from 193.46.255.86
Jun 26 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Failed password for invalid user ubuntu from 91.92.40.49 port 16952 ssh2
Jun 26 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: Failed password for invalid user ftpuser from 193.46.255.86 port 8744 ssh2
Jun 26 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: Invalid user grafana from 152.53.0.56
Jun 26 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: input_userauth_request: invalid user grafana [preauth]
Jun 26 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 11:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: Failed password for invalid user ftpuser from 193.46.255.86 port 8744 ssh2
Jun 26 11:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: Failed password for invalid user grafana from 152.53.0.56 port 42150 ssh2
Jun 26 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: Received disconnect from 152.53.0.56 port 42150:11: Bye Bye [preauth]
Jun 26 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: Disconnected from 152.53.0.56 port 42150 [preauth]
Jun 26 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: Failed password for invalid user ftpuser from 193.46.255.86 port 8744 ssh2
Jun 26 11:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: Connection closed by 193.46.255.86 port 8744 [preauth]
Jun 26 11:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 11:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Failed password for invalid user ftpadmin from 91.92.40.49 port 37596 ssh2
Jun 26 11:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Failed password for invalid user claude from 91.92.40.49 port 16990 ssh2
Jun 26 11:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: Failed password for root from 91.92.40.49 port 17018 ssh2
Jun 26 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Connection closed by 91.92.40.49 port 16952 [preauth]
Jun 26 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22199]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22259]: Successful su for rubyman by root
Jun 26 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22259]: + ??? root:rubyman
Jun 26 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596225 of user rubyman.
Jun 26 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22259]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596225.
Jun 26 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session closed for user root
Jun 26 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22200]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Connection closed by 91.92.40.49 port 16990 [preauth]
Jun 26 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21642]: Connection closed by 91.92.40.49 port 17018 [preauth]
Jun 26 11:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: Invalid user jerimiah from 141.98.83.240
Jun 26 11:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: input_userauth_request: invalid user jerimiah [preauth]
Jun 26 11:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 11:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: Failed password for invalid user jerimiah from 141.98.83.240 port 20960 ssh2
Jun 26 11:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: Failed password for invalid user jerimiah from 141.98.83.240 port 20960 ssh2
Jun 26 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: Failed password for invalid user jerimiah from 141.98.83.240 port 20960 ssh2
Jun 26 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: Connection closed by 141.98.83.240 port 20960 [preauth]
Jun 26 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22549]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 11:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22031]: Invalid user david from 91.92.40.49
Jun 26 11:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22031]: input_userauth_request: invalid user david [preauth]
Jun 26 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: Invalid user afk from 91.92.40.49
Jun 26 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: input_userauth_request: invalid user afk [preauth]
Jun 26 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21335]: pam_unix(cron:session): session closed for user root
Jun 26 11:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22031]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22031]: Failed password for invalid user david from 91.92.40.49 port 21966 ssh2
Jun 26 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: Failed password for invalid user afk from 91.92.40.49 port 21986 ssh2
Jun 26 11:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22031]: Connection closed by 91.92.40.49 port 21966 [preauth]
Jun 26 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: Invalid user student from 91.92.40.49
Jun 26 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: input_userauth_request: invalid user student [preauth]
Jun 26 11:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: Connection closed by 91.92.40.49 port 21986 [preauth]
Jun 26 11:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: Failed password for invalid user student from 91.92.40.49 port 32596 ssh2
Jun 26 11:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: Invalid user jpg from 91.92.40.49
Jun 26 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22022]: input_userauth_request: invalid user jpg [preauth]
Jun 26 11:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Invalid user kafka from 43.160.249.98
Jun 26 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: input_userauth_request: invalid user kafka [preauth]
Jun 26 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Failed password for invalid user kafka from 43.160.249.98 port 38454 ssh2
Jun 26 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Received disconnect from 43.160.249.98 port 38454:11: Bye Bye [preauth]
Jun 26 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Disconnected from 43.160.249.98 port 38454 [preauth]
Jun 26 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22698]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22700]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22830]: Successful su for rubyman by root
Jun 26 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22830]: + ??? root:rubyman
Jun 26 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596230 of user rubyman.
Jun 26 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22830]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596230.
Jun 26 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22698]: pam_unix(cron:session): session closed for user root
Jun 26 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session closed for user root
Jun 26 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22532]: Connection closed by 91.92.40.49 port 32596 [preauth]
Jun 26 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22674]: Did not receive identification string from 91.92.40.49
Jun 26 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Did not receive identification string from 91.92.40.49
Jun 26 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: Failed password for root from 202.178.126.219 port 39992 ssh2
Jun 26 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: Failed password for root from 91.92.40.49 port 32622 ssh2
Jun 26 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23074]: Connection closed by 202.178.126.219 port 39992 [preauth]
Jun 26 11:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21780]: pam_unix(cron:session): session closed for user root
Jun 26 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Invalid user justin from 4.184.246.230
Jun 26 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: input_userauth_request: invalid user justin [preauth]
Jun 26 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: Invalid user cacti from 91.92.40.49
Jun 26 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22296]: input_userauth_request: invalid user cacti [preauth]
Jun 26 11:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 11:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Failed password for invalid user justin from 4.184.246.230 port 44754 ssh2
Jun 26 11:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Received disconnect from 4.184.246.230 port 44754:11: Bye Bye [preauth]
Jun 26 11:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Disconnected from 4.184.246.230 port 44754 [preauth]
Jun 26 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: Failed password for root from 152.53.0.56 port 60936 ssh2
Jun 26 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: Received disconnect from 152.53.0.56 port 60936:11: Bye Bye [preauth]
Jun 26 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23138]: Disconnected from 152.53.0.56 port 60936 [preauth]
Jun 26 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22552]: Connection closed by 91.92.40.49 port 32622 [preauth]
Jun 26 11:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22638]: Invalid user user1 from 91.92.40.49
Jun 26 11:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22638]: input_userauth_request: invalid user user1 [preauth]
Jun 26 11:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: Invalid user debian from 91.92.40.49
Jun 26 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: input_userauth_request: invalid user debian [preauth]
Jun 26 11:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22638]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22638]: Failed password for invalid user user1 from 91.92.40.49 port 51876 ssh2
Jun 26 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23206]: pam_unix(cron:session): session closed for user root
Jun 26 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23199]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23281]: Successful su for rubyman by root
Jun 26 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23281]: + ??? root:rubyman
Jun 26 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596236 of user rubyman.
Jun 26 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23281]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596236.
Jun 26 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: Invalid user admin from 91.92.40.49
Jun 26 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20361]: pam_unix(cron:session): session closed for user root
Jun 26 11:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23203]: pam_unix(cron:session): session closed for user root
Jun 26 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23202]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: Failed password for invalid user debian from 91.92.40.49 port 51888 ssh2
Jun 26 11:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22638]: Connection closed by 91.92.40.49 port 51876 [preauth]
Jun 26 11:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: Failed password for invalid user admin from 91.92.40.49 port 19824 ssh2
Jun 26 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: Connection closed by 91.92.40.49 port 51888 [preauth]
Jun 26 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22673]: Connection closed by 91.92.40.49 port 19824 [preauth]
Jun 26 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22202]: pam_unix(cron:session): session closed for user root
Jun 26 11:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: Failed password for root from 91.92.40.49 port 36550 ssh2
Jun 26 11:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Did not receive identification string from 91.92.40.49
Jun 26 11:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: Invalid user admin from 91.92.40.49
Jun 26 11:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: Connection closed by 91.92.40.49 port 36550 [preauth]
Jun 26 11:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: Failed password for invalid user admin from 91.92.40.49 port 64504 ssh2
Jun 26 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23680]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: Successful su for rubyman by root
Jun 26 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: + ??? root:rubyman
Jun 26 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596239 of user rubyman.
Jun 26 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596239.
Jun 26 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 26 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20882]: pam_unix(cron:session): session closed for user root
Jun 26 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23179]: Connection closed by 91.92.40.49 port 64504 [preauth]
Jun 26 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23681]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: Failed password for root from 147.45.211.215 port 55210 ssh2
Jun 26 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23922]: Connection closed by 147.45.211.215 port 55210 [preauth]
Jun 26 11:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: Failed password for root from 91.92.40.49 port 58384 ssh2
Jun 26 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: Invalid user chris from 91.92.40.49
Jun 26 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: input_userauth_request: invalid user chris [preauth]
Jun 26 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23548]: Connection closed by 91.92.40.49 port 58384 [preauth]
Jun 26 11:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: Invalid user purple from 43.160.249.98
Jun 26 11:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: input_userauth_request: invalid user purple [preauth]
Jun 26 11:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 11:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: Failed password for invalid user purple from 43.160.249.98 port 51668 ssh2
Jun 26 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: Received disconnect from 43.160.249.98 port 51668:11: Bye Bye [preauth]
Jun 26 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: Disconnected from 43.160.249.98 port 51668 [preauth]
Jun 26 11:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: Failed password for invalid user chris from 91.92.40.49 port 19260 ssh2
Jun 26 11:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Invalid user bkp from 152.53.0.56
Jun 26 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: input_userauth_request: invalid user bkp [preauth]
Jun 26 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 11:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Failed password for invalid user bkp from 152.53.0.56 port 51236 ssh2
Jun 26 11:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Received disconnect from 152.53.0.56 port 51236:11: Bye Bye [preauth]
Jun 26 11:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Disconnected from 152.53.0.56 port 51236 [preauth]
Jun 26 11:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: Failed password for root from 4.184.246.230 port 49066 ssh2
Jun 26 11:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: Received disconnect from 4.184.246.230 port 49066:11: Bye Bye [preauth]
Jun 26 11:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: Disconnected from 4.184.246.230 port 49066 [preauth]
Jun 26 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: Connection closed by 91.92.40.49 port 19260 [preauth]
Jun 26 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22703]: pam_unix(cron:session): session closed for user root
Jun 26 11:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: Invalid user deploy from 91.92.40.49
Jun 26 11:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: input_userauth_request: invalid user deploy [preauth]
Jun 26 11:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Invalid user appuser from 91.92.40.49
Jun 26 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: input_userauth_request: invalid user appuser [preauth]
Jun 26 11:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: Failed password for invalid user deploy from 91.92.40.49 port 63626 ssh2
Jun 26 11:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: Connection closed by 91.92.40.49 port 63626 [preauth]
Jun 26 11:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Failed password for invalid user appuser from 91.92.40.49 port 63670 ssh2
Jun 26 11:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Connection closed by 91.92.40.49 port 63670 [preauth]
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24287]: Successful su for rubyman by root
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24287]: + ??? root:rubyman
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596242 of user rubyman.
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24287]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596242.
Jun 26 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: Invalid user devuser from 91.92.40.49
Jun 26 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: input_userauth_request: invalid user devuser [preauth]
Jun 26 11:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21334]: pam_unix(cron:session): session closed for user root
Jun 26 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: Failed password for invalid user devuser from 91.92.40.49 port 58870 ssh2
Jun 26 11:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: Connection closed by 91.92.40.49 port 58870 [preauth]
Jun 26 11:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24207]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: User john from 91.92.40.49 not allowed because not listed in AllowUsers
Jun 26 11:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: input_userauth_request: invalid user john [preauth]
Jun 26 11:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=john
Jun 26 11:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Invalid user admin from 91.92.40.49
Jun 26 11:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: Failed password for invalid user john from 91.92.40.49 port 52792 ssh2
Jun 26 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23205]: pam_unix(cron:session): session closed for user root
Jun 26 11:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24480]: Connection closed by 91.92.40.49 port 52792 [preauth]
Jun 26 11:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Failed password for invalid user admin from 91.92.40.49 port 13888 ssh2
Jun 26 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Connection closed by 91.92.40.49 port 13888 [preauth]
Jun 26 11:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Invalid user myuser from 91.92.40.49
Jun 26 11:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: input_userauth_request: invalid user myuser [preauth]
Jun 26 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24655]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24650]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24720]: Successful su for rubyman by root
Jun 26 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24720]: + ??? root:rubyman
Jun 26 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596247 of user rubyman.
Jun 26 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24720]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596247.
Jun 26 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21779]: pam_unix(cron:session): session closed for user root
Jun 26 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24652]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Failed password for invalid user myuser from 91.92.40.49 port 58544 ssh2
Jun 26 11:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 11:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Connection closed by 91.92.40.49 port 58544 [preauth]
Jun 26 11:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Failed password for root from 152.53.0.56 port 53158 ssh2
Jun 26 11:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Received disconnect from 152.53.0.56 port 53158:11: Bye Bye [preauth]
Jun 26 11:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Disconnected from 152.53.0.56 port 53158 [preauth]
Jun 26 11:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Invalid user purple from 4.184.246.230
Jun 26 11:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: input_userauth_request: invalid user purple [preauth]
Jun 26 11:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 11:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Failed password for invalid user purple from 4.184.246.230 port 52126 ssh2
Jun 26 11:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Received disconnect from 4.184.246.230 port 52126:11: Bye Bye [preauth]
Jun 26 11:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24944]: Disconnected from 4.184.246.230 port 52126 [preauth]
Jun 26 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Invalid user sam from 91.92.40.49
Jun 26 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: input_userauth_request: invalid user sam [preauth]
Jun 26 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23683]: pam_unix(cron:session): session closed for user root
Jun 26 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 11:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Failed password for root from 43.160.249.98 port 47126 ssh2
Jun 26 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Received disconnect from 43.160.249.98 port 47126:11: Bye Bye [preauth]
Jun 26 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24994]: Disconnected from 43.160.249.98 port 47126 [preauth]
Jun 26 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: Failed password for root from 91.92.40.49 port 39632 ssh2
Jun 26 11:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Failed password for invalid user sam from 91.92.40.49 port 25710 ssh2
Jun 26 11:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Invalid user dev from 91.92.40.49
Jun 26 11:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: input_userauth_request: invalid user dev [preauth]
Jun 26 11:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: Connection closed by 91.92.40.49 port 39632 [preauth]
Jun 26 11:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Connection closed by 91.92.40.49 port 25710 [preauth]
Jun 26 11:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Failed password for invalid user dev from 91.92.40.49 port 61280 ssh2
Jun 26 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25073]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25071]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25134]: Successful su for rubyman by root
Jun 26 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25134]: + ??? root:rubyman
Jun 26 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596251 of user rubyman.
Jun 26 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25134]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596251.
Jun 26 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Connection closed by 91.92.40.49 port 61280 [preauth]
Jun 26 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22201]: pam_unix(cron:session): session closed for user root
Jun 26 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25072]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: Failed password for root from 91.92.40.49 port 20102 ssh2
Jun 26 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Invalid user user from 91.92.40.49
Jun 26 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: input_userauth_request: invalid user user [preauth]
Jun 26 11:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: Connection closed by 91.92.40.49 port 20102 [preauth]
Jun 26 11:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: Invalid user debian from 91.92.40.49
Jun 26 11:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: input_userauth_request: invalid user debian [preauth]
Jun 26 11:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24209]: pam_unix(cron:session): session closed for user root
Jun 26 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Failed password for invalid user user from 91.92.40.49 port 42580 ssh2
Jun 26 11:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: Failed password for invalid user debian from 91.92.40.49 port 42612 ssh2
Jun 26 11:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Connection closed by 91.92.40.49 port 42580 [preauth]
Jun 26 11:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Invalid user test from 91.92.40.49
Jun 26 11:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: input_userauth_request: invalid user test [preauth]
Jun 26 11:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: Connection closed by 91.92.40.49 port 42612 [preauth]
Jun 26 11:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Failed password for invalid user test from 91.92.40.49 port 20694 ssh2
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: Invalid user vyos from 91.92.40.49
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: input_userauth_request: invalid user vyos [preauth]
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session closed for user root
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25473]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25548]: Successful su for rubyman by root
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25548]: + ??? root:rubyman
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596257 of user rubyman.
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25548]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596257.
Jun 26 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25477]: pam_unix(cron:session): session closed for user root
Jun 26 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22702]: pam_unix(cron:session): session closed for user root
Jun 26 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Connection closed by 91.92.40.49 port 20694 [preauth]
Jun 26 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25474]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: Failed password for invalid user vyos from 91.92.40.49 port 37674 ssh2
Jun 26 11:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Invalid user tutor from 152.53.0.56
Jun 26 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: input_userauth_request: invalid user tutor [preauth]
Jun 26 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56
Jun 26 11:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Failed password for invalid user tutor from 152.53.0.56 port 47918 ssh2
Jun 26 11:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Received disconnect from 152.53.0.56 port 47918:11: Bye Bye [preauth]
Jun 26 11:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Disconnected from 152.53.0.56 port 47918 [preauth]
Jun 26 11:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: Invalid user deepak from 4.184.246.230
Jun 26 11:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: input_userauth_request: invalid user deepak [preauth]
Jun 26 11:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 11:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: Failed password for invalid user deepak from 4.184.246.230 port 38644 ssh2
Jun 26 11:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: Connection closed by 91.92.40.49 port 37674 [preauth]
Jun 26 11:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: Received disconnect from 4.184.246.230 port 38644:11: Bye Bye [preauth]
Jun 26 11:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: Disconnected from 4.184.246.230 port 38644 [preauth]
Jun 26 11:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 11:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: Failed password for root from 91.92.40.49 port 27800 ssh2
Jun 26 11:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: Failed password for root from 51.250.105.222 port 55828 ssh2
Jun 26 11:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: Connection closed by 51.250.105.222 port 55828 [preauth]
Jun 26 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Invalid user postgres from 91.92.40.49
Jun 26 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: input_userauth_request: invalid user postgres [preauth]
Jun 26 11:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24655]: pam_unix(cron:session): session closed for user root
Jun 26 11:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: Connection closed by 91.92.40.49 port 27800 [preauth]
Jun 26 11:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Failed password for invalid user postgres from 91.92.40.49 port 62090 ssh2
Jun 26 11:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: Invalid user aidan from 43.160.249.98
Jun 26 11:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: input_userauth_request: invalid user aidan [preauth]
Jun 26 11:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 11:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: Failed password for invalid user aidan from 43.160.249.98 port 60510 ssh2
Jun 26 11:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: Received disconnect from 43.160.249.98 port 60510:11: Bye Bye [preauth]
Jun 26 11:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: Disconnected from 43.160.249.98 port 60510 [preauth]
Jun 26 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Connection closed by 91.92.40.49 port 62090 [preauth]
Jun 26 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25979]: Successful su for rubyman by root
Jun 26 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25979]: + ??? root:rubyman
Jun 26 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596260 of user rubyman.
Jun 26 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25979]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596260.
Jun 26 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23204]: pam_unix(cron:session): session closed for user root
Jun 26 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: Invalid user openclaw from 91.92.40.49
Jun 26 11:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: input_userauth_request: invalid user openclaw [preauth]
Jun 26 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: Failed password for root from 91.92.40.49 port 32462 ssh2
Jun 26 11:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: Failed password for invalid user openclaw from 91.92.40.49 port 32398 ssh2
Jun 26 11:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: Invalid user rdpuser from 91.92.40.49
Jun 26 11:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: input_userauth_request: invalid user rdpuser [preauth]
Jun 26 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25074]: pam_unix(cron:session): session closed for user root
Jun 26 11:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: Connection closed by 91.92.40.49 port 32462 [preauth]
Jun 26 11:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: Connection closed by 91.92.40.49 port 32398 [preauth]
Jun 26 11:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: Failed password for invalid user rdpuser from 91.92.40.49 port 57456 ssh2
Jun 26 11:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: Invalid user p from 91.92.40.49
Jun 26 11:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: input_userauth_request: invalid user p [preauth]
Jun 26 11:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: Connection closed by 91.92.40.49 port 57456 [preauth]
Jun 26 11:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26319]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26319]: pam_unix(cron:session): session closed for user root
Jun 26 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26321]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26384]: Successful su for rubyman by root
Jun 26 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26384]: + ??? root:rubyman
Jun 26 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596264 of user rubyman.
Jun 26 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26384]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596264.
Jun 26 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.53.0.56  user=root
Jun 26 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: Invalid user ubuntu from 91.92.40.49
Jun 26 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: Failed password for invalid user p from 91.92.40.49 port 62046 ssh2
Jun 26 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23682]: pam_unix(cron:session): session closed for user root
Jun 26 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Failed password for root from 152.53.0.56 port 33852 ssh2
Jun 26 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Received disconnect from 152.53.0.56 port 33852:11: Bye Bye [preauth]
Jun 26 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Disconnected from 152.53.0.56 port 33852 [preauth]
Jun 26 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26322]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 11:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: Failed password for root from 4.184.246.230 port 45520 ssh2
Jun 26 11:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: Received disconnect from 4.184.246.230 port 45520:11: Bye Bye [preauth]
Jun 26 11:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: Disconnected from 4.184.246.230 port 45520 [preauth]
Jun 26 11:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: Failed password for invalid user ubuntu from 91.92.40.49 port 62090 ssh2
Jun 26 11:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: Connection closed by 91.92.40.49 port 62046 [preauth]
Jun 26 11:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: Invalid user myuser from 91.92.40.49
Jun 26 11:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: input_userauth_request: invalid user myuser [preauth]
Jun 26 11:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25479]: pam_unix(cron:session): session closed for user root
Jun 26 11:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26192]: Connection closed by 91.92.40.49 port 62090 [preauth]
Jun 26 11:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: Failed password for invalid user myuser from 91.92.40.49 port 11300 ssh2
Jun 26 11:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: Invalid user guest from 91.92.40.49
Jun 26 11:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: input_userauth_request: invalid user guest [preauth]
Jun 26 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26812]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: Connection closed by 91.92.40.49 port 11300 [preauth]
Jun 26 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26871]: Successful su for rubyman by root
Jun 26 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26871]: + ??? root:rubyman
Jun 26 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596269 of user rubyman.
Jun 26 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26871]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596269.
Jun 26 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24208]: pam_unix(cron:session): session closed for user root
Jun 26 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26439]: Invalid user fox from 91.92.40.49
Jun 26 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26439]: input_userauth_request: invalid user fox [preauth]
Jun 26 11:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26813]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: Invalid user justin from 43.160.249.98
Jun 26 11:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: input_userauth_request: invalid user justin [preauth]
Jun 26 11:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 11:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: Failed password for invalid user justin from 43.160.249.98 port 51894 ssh2
Jun 26 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: Received disconnect from 43.160.249.98 port 51894:11: Bye Bye [preauth]
Jun 26 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: Disconnected from 43.160.249.98 port 51894 [preauth]
Jun 26 11:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: Failed password for invalid user guest from 91.92.40.49 port 50502 ssh2
Jun 26 11:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26439]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26439]: Failed password for invalid user fox from 91.92.40.49 port 50544 ssh2
Jun 26 11:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: Connection closed by 91.92.40.49 port 50502 [preauth]
Jun 26 11:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session closed for user root
Jun 26 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26439]: Connection closed by 91.92.40.49 port 50544 [preauth]
Jun 26 11:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: Failed password for root from 91.92.40.49 port 60478 ssh2
Jun 26 11:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27125]: Did not receive identification string from 91.92.40.49
Jun 26 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: Invalid user aidan from 4.184.246.230
Jun 26 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: input_userauth_request: invalid user aidan [preauth]
Jun 26 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27301]: Successful su for rubyman by root
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27301]: + ??? root:rubyman
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596273 of user rubyman.
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27301]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596273.
Jun 26 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: Failed password for invalid user aidan from 4.184.246.230 port 50656 ssh2
Jun 26 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: Received disconnect from 4.184.246.230 port 50656:11: Bye Bye [preauth]
Jun 26 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: Disconnected from 4.184.246.230 port 50656 [preauth]
Jun 26 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session closed for user root
Jun 26 11:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: Connection closed by 91.92.40.49 port 60478 [preauth]
Jun 26 11:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Invalid user xbot from 91.92.40.49
Jun 26 11:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: input_userauth_request: invalid user xbot [preauth]
Jun 26 11:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26326]: pam_unix(cron:session): session closed for user root
Jun 26 11:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27080]: Invalid user azureuser from 91.92.40.49
Jun 26 11:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27080]: input_userauth_request: invalid user azureuser [preauth]
Jun 26 11:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Failed password for invalid user xbot from 91.92.40.49 port 17692 ssh2
Jun 26 11:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: Invalid user dbs from 91.92.40.49
Jun 26 11:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: input_userauth_request: invalid user dbs [preauth]
Jun 26 11:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: Failed password for root from 91.92.40.49 port 59698 ssh2
Jun 26 11:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27115]: Invalid user amir from 91.92.40.49
Jun 26 11:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27115]: input_userauth_request: invalid user amir [preauth]
Jun 26 11:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27080]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27080]: Failed password for invalid user azureuser from 91.92.40.49 port 59772 ssh2
Jun 26 11:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: Failed password for invalid user dbs from 91.92.40.49 port 56104 ssh2
Jun 26 11:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: Connection closed by 91.92.40.49 port 59698 [preauth]
Jun 26 11:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27115]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27080]: Connection closed by 91.92.40.49 port 59772 [preauth]
Jun 26 11:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27115]: Failed password for invalid user amir from 91.92.40.49 port 56154 ssh2
Jun 26 11:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27649]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27648]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27649]: pam_unix(cron:session): session closed for user root
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27713]: Successful su for rubyman by root
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27713]: + ??? root:rubyman
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596279 of user rubyman.
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27713]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596279.
Jun 26 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session closed for user root
Jun 26 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25073]: pam_unix(cron:session): session closed for user root
Jun 26 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27115]: Connection closed by 91.92.40.49 port 56154 [preauth]
Jun 26 11:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: Failed password for root from 91.92.40.49 port 57568 ssh2
Jun 26 11:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: Connection closed by 91.92.40.49 port 56104 [preauth]
Jun 26 11:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27943]: Did not receive identification string from 195.178.110.227
Jun 26 11:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: Connection closed by 91.92.40.49 port 57568 [preauth]
Jun 26 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session closed for user root
Jun 26 11:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28013]: Invalid user admin from 43.160.249.98
Jun 26 11:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28013]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28013]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28013]: Failed password for invalid user admin from 43.160.249.98 port 48832 ssh2
Jun 26 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28013]: Received disconnect from 43.160.249.98 port 48832:11: Bye Bye [preauth]
Jun 26 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28013]: Disconnected from 43.160.249.98 port 48832 [preauth]
Jun 26 11:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Failed password for root from 91.92.40.49 port 57416 ssh2
Jun 26 11:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.184.246.230  user=root
Jun 26 11:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27642]: Invalid user admin123 from 91.92.40.49
Jun 26 11:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27642]: input_userauth_request: invalid user admin123 [preauth]
Jun 26 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28148]: Failed password for root from 4.184.246.230 port 37936 ssh2
Jun 26 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28148]: Received disconnect from 4.184.246.230 port 37936:11: Bye Bye [preauth]
Jun 26 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28148]: Disconnected from 4.184.246.230 port 37936 [preauth]
Jun 26 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28152]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28231]: Successful su for rubyman by root
Jun 26 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28231]: + ??? root:rubyman
Jun 26 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596285 of user rubyman.
Jun 26 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28231]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596285.
Jun 26 11:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25478]: pam_unix(cron:session): session closed for user root
Jun 26 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28153]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Invalid user claude from 91.92.40.49
Jun 26 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: input_userauth_request: invalid user claude [preauth]
Jun 26 11:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27642]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27642]: Failed password for invalid user admin123 from 91.92.40.49 port 31478 ssh2
Jun 26 11:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27602]: Connection closed by 91.92.40.49 port 57416 [preauth]
Jun 26 11:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Failed password for invalid user claude from 91.92.40.49 port 31514 ssh2
Jun 26 11:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session closed for user root
Jun 26 11:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Invalid user user from 91.92.40.49
Jun 26 11:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: input_userauth_request: invalid user user [preauth]
Jun 26 11:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27642]: Connection closed by 91.92.40.49 port 31478 [preauth]
Jun 26 11:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Connection closed by 91.92.40.49 port 31514 [preauth]
Jun 26 11:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27933]: Failed password for invalid user user from 91.92.40.49 port 36564 ssh2
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28658]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28723]: Successful su for rubyman by root
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28723]: + ??? root:rubyman
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596287 of user rubyman.
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28723]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596287.
Jun 26 11:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session closed for user root
Jun 26 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for root from 91.92.40.49 port 33476 ssh2
Jun 26 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28659]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Invalid user myuser from 91.92.40.49
Jun 26 11:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: input_userauth_request: invalid user myuser [preauth]
Jun 26 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: Invalid user minecraft from 91.92.40.49
Jun 26 11:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: input_userauth_request: invalid user minecraft [preauth]
Jun 26 11:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Connection closed by 91.92.40.49 port 33476 [preauth]
Jun 26 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27648]: pam_unix(cron:session): session closed for user root
Jun 26 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Failed password for invalid user myuser from 91.92.40.49 port 11542 ssh2
Jun 26 11:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Invalid user master from 91.92.40.49
Jun 26 11:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: input_userauth_request: invalid user master [preauth]
Jun 26 11:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Connection closed by 91.92.40.49 port 11542 [preauth]
Jun 26 11:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 11:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: Failed password for root from 43.160.249.98 port 46356 ssh2
Jun 26 11:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: Received disconnect from 43.160.249.98 port 46356:11: Bye Bye [preauth]
Jun 26 11:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: Disconnected from 43.160.249.98 port 46356 [preauth]
Jun 26 11:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28343]: Failed password for invalid user minecraft from 91.92.40.49 port 11572 ssh2
Jun 26 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29092]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29089]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: Successful su for rubyman by root
Jun 26 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: + ??? root:rubyman
Jun 26 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596292 of user rubyman.
Jun 26 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596292.
Jun 26 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26325]: pam_unix(cron:session): session closed for user root
Jun 26 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29090]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29041]: Did not receive identification string from 91.92.40.49
Jun 26 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Failed password for invalid user master from 91.92.40.49 port 34140 ssh2
Jun 26 11:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: Invalid user nadir from 91.92.40.49
Jun 26 11:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: input_userauth_request: invalid user nadir [preauth]
Jun 26 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: Invalid user hadoop from 91.92.40.49
Jun 26 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: input_userauth_request: invalid user hadoop [preauth]
Jun 26 11:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Connection closed by 91.92.40.49 port 34140 [preauth]
Jun 26 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28923]: Invalid user tfj from 91.92.40.49
Jun 26 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28923]: input_userauth_request: invalid user tfj [preauth]
Jun 26 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session closed for user root
Jun 26 11:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: Failed password for invalid user nadir from 91.92.40.49 port 59594 ssh2
Jun 26 11:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: Failed password for invalid user hadoop from 91.92.40.49 port 28978 ssh2
Jun 26 11:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28923]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28923]: Failed password for invalid user tfj from 91.92.40.49 port 54052 ssh2
Jun 26 11:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: Invalid user deployer from 91.92.40.49
Jun 26 11:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: input_userauth_request: invalid user deployer [preauth]
Jun 26 11:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28561]: Connection closed by 91.92.40.49 port 59594 [preauth]
Jun 26 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28832]: Connection closed by 91.92.40.49 port 28978 [preauth]
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29522]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29519]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29672]: Successful su for rubyman by root
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29672]: + ??? root:rubyman
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596295 of user rubyman.
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29672]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596295.
Jun 26 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26814]: pam_unix(cron:session): session closed for user root
Jun 26 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29520]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28923]: Connection closed by 91.92.40.49 port 54052 [preauth]
Jun 26 11:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: Failed password for invalid user deployer from 91.92.40.49 port 32942 ssh2
Jun 26 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: Invalid user chenxi from 91.92.40.49
Jun 26 11:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: input_userauth_request: invalid user chenxi [preauth]
Jun 26 11:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29031]: Connection closed by 91.92.40.49 port 32942 [preauth]
Jun 26 11:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: Failed password for invalid user chenxi from 91.92.40.49 port 53756 ssh2
Jun 26 11:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28661]: pam_unix(cron:session): session closed for user root
Jun 26 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: Invalid user ubuntu from 91.92.40.49
Jun 26 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 11:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: Connection closed by 91.92.40.49 port 53756 [preauth]
Jun 26 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: Failed password for invalid user ubuntu from 91.92.40.49 port 25644 ssh2
Jun 26 11:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: Invalid user deployer from 91.92.40.49
Jun 26 11:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: input_userauth_request: invalid user deployer [preauth]
Jun 26 11:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: Connection closed by 91.92.40.49 port 25644 [preauth]
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30060]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30063]: pam_unix(cron:session): session closed for user root
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30056]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30137]: Successful su for rubyman by root
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30137]: + ??? root:rubyman
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596299 of user rubyman.
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30137]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596299.
Jun 26 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Failed password for root from 91.92.40.49 port 42326 ssh2
Jun 26 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30058]: pam_unix(cron:session): session closed for user root
Jun 26 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27227]: pam_unix(cron:session): session closed for user root
Jun 26 11:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Invalid user vianmj from 43.160.249.98
Jun 26 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: input_userauth_request: invalid user vianmj [preauth]
Jun 26 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30057]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: Failed password for invalid user deployer from 91.92.40.49 port 26934 ssh2
Jun 26 11:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Failed password for invalid user vianmj from 43.160.249.98 port 57762 ssh2
Jun 26 11:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Received disconnect from 43.160.249.98 port 57762:11: Bye Bye [preauth]
Jun 26 11:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Disconnected from 43.160.249.98 port 57762 [preauth]
Jun 26 11:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Connection closed by 91.92.40.49 port 42326 [preauth]
Jun 26 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: Invalid user alex from 91.92.40.49
Jun 26 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: input_userauth_request: invalid user alex [preauth]
Jun 26 11:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: Connection closed by 91.92.40.49 port 26934 [preauth]
Jun 26 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29092]: pam_unix(cron:session): session closed for user root
Jun 26 11:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: Failed password for invalid user alex from 91.92.40.49 port 37738 ssh2
Jun 26 11:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29967]: Connection closed by 91.92.40.49 port 37738 [preauth]
Jun 26 11:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: Invalid user user2 from 91.92.40.49
Jun 26 11:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: input_userauth_request: invalid user user2 [preauth]
Jun 26 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: Invalid user student from 91.92.40.49
Jun 26 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: input_userauth_request: invalid user student [preauth]
Jun 26 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30516]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30515]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30513]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30590]: Successful su for rubyman by root
Jun 26 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30590]: + ??? root:rubyman
Jun 26 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596305 of user rubyman.
Jun 26 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30590]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596305.
Jun 26 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: Failed password for invalid user user2 from 91.92.40.49 port 20452 ssh2
Jun 26 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27647]: pam_unix(cron:session): session closed for user root
Jun 26 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: Connection closed by 91.92.40.49 port 20452 [preauth]
Jun 26 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: Failed password for root from 91.92.40.49 port 20528 ssh2
Jun 26 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30514]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: Failed password for invalid user student from 91.92.40.49 port 33294 ssh2
Jun 26 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: Connection closed by 91.92.40.49 port 20528 [preauth]
Jun 26 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: Connection closed by 91.92.40.49 port 33294 [preauth]
Jun 26 11:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: Invalid user admin from 139.19.117.131
Jun 26 11:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: Connection closed by 139.19.117.131 port 36480 [preauth]
Jun 26 11:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: Invalid user weblogic from 91.92.40.49
Jun 26 11:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: input_userauth_request: invalid user weblogic [preauth]
Jun 26 11:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: Failed password for invalid user weblogic from 91.92.40.49 port 43988 ssh2
Jun 26 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29522]: pam_unix(cron:session): session closed for user root
Jun 26 11:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: Connection closed by 91.92.40.49 port 43988 [preauth]
Jun 26 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: Invalid user oracle from 91.92.40.49
Jun 26 11:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: input_userauth_request: invalid user oracle [preauth]
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31040]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31102]: Successful su for rubyman by root
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31102]: + ??? root:rubyman
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596309 of user rubyman.
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31102]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596309.
Jun 26 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: Received disconnect from 144.217.74.127 port 38242:11: disconnected by user [preauth]
Jun 26 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: Disconnected from 144.217.74.127 port 38242 [preauth]
Jun 26 11:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28154]: pam_unix(cron:session): session closed for user root
Jun 26 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: Failed password for root from 103.82.132.16 port 50274 ssh2
Jun 26 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: Connection closed by 103.82.132.16 port 50274 [preauth]
Jun 26 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: Invalid user postgres from 91.92.40.49
Jun 26 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: input_userauth_request: invalid user postgres [preauth]
Jun 26 11:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: Failed password for invalid user oracle from 91.92.40.49 port 32596 ssh2
Jun 26 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: Connection closed by 91.92.40.49 port 32596 [preauth]
Jun 26 11:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: Failed password for invalid user postgres from 91.92.40.49 port 32630 ssh2
Jun 26 11:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30849]: Connection closed by 91.92.40.49 port 32630 [preauth]
Jun 26 11:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 11:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: Invalid user xiao from 91.92.40.49
Jun 26 11:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: input_userauth_request: invalid user xiao [preauth]
Jun 26 11:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31352]: Failed password for root from 43.160.249.98 port 39482 ssh2
Jun 26 11:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31352]: Received disconnect from 43.160.249.98 port 39482:11: Bye Bye [preauth]
Jun 26 11:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31352]: Disconnected from 43.160.249.98 port 39482 [preauth]
Jun 26 11:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30062]: pam_unix(cron:session): session closed for user root
Jun 26 11:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: Failed password for invalid user xiao from 91.92.40.49 port 53660 ssh2
Jun 26 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: Invalid user trader from 91.92.40.49
Jun 26 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: input_userauth_request: invalid user trader [preauth]
Jun 26 11:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: Connection closed by 91.92.40.49 port 53660 [preauth]
Jun 26 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: Failed password for invalid user trader from 91.92.40.49 port 13926 ssh2
Jun 26 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31460]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31524]: Successful su for rubyman by root
Jun 26 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31524]: + ??? root:rubyman
Jun 26 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596313 of user rubyman.
Jun 26 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31524]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596313.
Jun 26 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28660]: pam_unix(cron:session): session closed for user root
Jun 26 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31461]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: Connection closed by 91.92.40.49 port 13926 [preauth]
Jun 26 11:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31394]: Invalid user demo from 91.92.40.49
Jun 26 11:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31394]: input_userauth_request: invalid user demo [preauth]
Jun 26 11:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: Failed password for root from 91.92.40.49 port 10526 ssh2
Jun 26 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30516]: pam_unix(cron:session): session closed for user root
Jun 26 11:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31394]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31394]: Failed password for invalid user demo from 91.92.40.49 port 16666 ssh2
Jun 26 11:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: Connection closed by 91.92.40.49 port 10526 [preauth]
Jun 26 11:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: Failed password for root from 91.92.40.49 port 16690 ssh2
Jun 26 11:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: Received disconnect from 148.153.245.161 port 38110:11: disconnected by user [preauth]
Jun 26 11:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: Disconnected from 148.153.245.161 port 38110 [preauth]
Jun 26 11:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31394]: Connection closed by 91.92.40.49 port 16666 [preauth]
Jun 26 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: Connection closed by 91.92.40.49 port 16690 [preauth]
Jun 26 11:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: Successful su for rubyman by root
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: + ??? root:rubyman
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596320 of user rubyman.
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32043]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596320.
Jun 26 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29091]: pam_unix(cron:session): session closed for user root
Jun 26 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31975]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Failed password for root from 91.92.40.49 port 57850 ssh2
Jun 26 11:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Connection closed by 91.92.40.49 port 57850 [preauth]
Jun 26 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31041]: pam_unix(cron:session): session closed for user root
Jun 26 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Invalid user andrea from 91.92.40.49
Jun 26 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: input_userauth_request: invalid user andrea [preauth]
Jun 26 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Invalid user aj from 43.160.249.98
Jun 26 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: input_userauth_request: invalid user aj [preauth]
Jun 26 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98
Jun 26 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Failed password for invalid user aj from 43.160.249.98 port 57284 ssh2
Jun 26 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Received disconnect from 43.160.249.98 port 57284:11: Bye Bye [preauth]
Jun 26 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Disconnected from 43.160.249.98 port 57284 [preauth]
Jun 26 11:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: User john from 91.92.40.49 not allowed because not listed in AllowUsers
Jun 26 11:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: input_userauth_request: invalid user john [preauth]
Jun 26 11:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session closed for user root
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: Successful su for rubyman by root
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: + ??? root:rubyman
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596321 of user rubyman.
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32457]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596321.
Jun 26 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Failed password for invalid user andrea from 91.92.40.49 port 51850 ssh2
Jun 26 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session closed for user root
Jun 26 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29521]: pam_unix(cron:session): session closed for user root
Jun 26 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31960]: Invalid user aa from 91.92.40.49
Jun 26 11:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31960]: input_userauth_request: invalid user aa [preauth]
Jun 26 11:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=john
Jun 26 11:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32371]: Did not receive identification string from 91.92.40.49
Jun 26 11:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Did not receive identification string from 91.92.40.49
Jun 26 11:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: Failed password for invalid user john from 91.92.40.49 port 36240 ssh2
Jun 26 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Connection closed by 91.92.40.49 port 51850 [preauth]
Jun 26 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31950]: Failed password for root from 91.92.40.49 port 36244 ssh2
Jun 26 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31463]: pam_unix(cron:session): session closed for user root
Jun 26 11:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31960]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31960]: Failed password for invalid user aa from 91.92.40.49 port 36256 ssh2
Jun 26 11:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[324]: Connection closed by 194.59.206.2 port 31214 [preauth]
Jun 26 11:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: Connection closed by 91.92.40.49 port 36240 [preauth]
Jun 26 11:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[382]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[592]: Successful su for rubyman by root
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[592]: + ??? root:rubyman
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596328 of user rubyman.
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[592]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596328.
Jun 26 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30060]: pam_unix(cron:session): session closed for user root
Jun 26 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[383]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Invalid user elasticsearch from 91.92.40.49
Jun 26 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 26 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Invalid user public from 91.92.40.49
Jun 26 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: input_userauth_request: invalid user public [preauth]
Jun 26 11:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Invalid user jenkins from 91.92.40.49
Jun 26 11:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: input_userauth_request: invalid user jenkins [preauth]
Jun 26 11:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Failed password for invalid user elasticsearch from 91.92.40.49 port 23640 ssh2
Jun 26 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31977]: pam_unix(cron:session): session closed for user root
Jun 26 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Failed password for invalid user public from 91.92.40.49 port 23670 ssh2
Jun 26 11:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Failed password for invalid user jenkins from 91.92.40.49 port 40476 ssh2
Jun 26 11:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[888]: Did not receive identification string from 91.92.40.49
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[959]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[953]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1023]: Successful su for rubyman by root
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1023]: + ??? root:rubyman
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596331 of user rubyman.
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1023]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596331.
Jun 26 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.160.249.98  user=root
Jun 26 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[898]: Did not receive identification string from 91.92.40.49
Jun 26 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30515]: pam_unix(cron:session): session closed for user root
Jun 26 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: Failed password for root from 43.160.249.98 port 43684 ssh2
Jun 26 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: Received disconnect from 43.160.249.98 port 43684:11: Bye Bye [preauth]
Jun 26 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: Disconnected from 43.160.249.98 port 43684 [preauth]
Jun 26 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[956]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session closed for user root
Jun 26 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: Failed password for root from 91.92.40.49 port 18374 ssh2
Jun 26 11:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[371]: Invalid user user from 91.92.40.49
Jun 26 11:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[371]: input_userauth_request: invalid user user [preauth]
Jun 26 11:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: Invalid user user1 from 91.92.40.49
Jun 26 11:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: input_userauth_request: invalid user user1 [preauth]
Jun 26 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: Connection closed by 91.92.40.49 port 18374 [preauth]
Jun 26 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[371]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[371]: Failed password for invalid user user from 91.92.40.49 port 20224 ssh2
Jun 26 11:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: Failed password for root from 91.92.40.49 port 53616 ssh2
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1591]: Successful su for rubyman by root
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1591]: + ??? root:rubyman
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596336 of user rubyman.
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1591]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596336.
Jun 26 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31040]: pam_unix(cron:session): session closed for user root
Jun 26 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1428]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: Failed password for invalid user user1 from 91.92.40.49 port 11958 ssh2
Jun 26 11:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: Invalid user jarvis from 91.92.40.49
Jun 26 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: input_userauth_request: invalid user jarvis [preauth]
Jun 26 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: Connection closed by 91.92.40.49 port 53616 [preauth]
Jun 26 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 11:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1834]: Failed password for root from 195.178.110.227 port 37972 ssh2
Jun 26 11:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1834]: Connection closed by 195.178.110.227 port 37972 [preauth]
Jun 26 11:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1794]: Did not receive identification string from 91.92.40.49
Jun 26 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[385]: pam_unix(cron:session): session closed for user root
Jun 26 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: Invalid user martin from 91.92.40.49
Jun 26 11:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: input_userauth_request: invalid user martin [preauth]
Jun 26 11:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Did not receive identification string from 91.92.40.49
Jun 26 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: Failed password for invalid user jarvis from 91.92.40.49 port 18414 ssh2
Jun 26 11:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: Failed password for invalid user martin from 91.92.40.49 port 43632 ssh2
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2011]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2008]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: Successful su for rubyman by root
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: + ??? root:rubyman
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596339 of user rubyman.
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596339.
Jun 26 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31462]: pam_unix(cron:session): session closed for user root
Jun 26 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Did not receive identification string from 91.92.40.49
Jun 26 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Invalid user matias from 141.98.83.240
Jun 26 11:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: input_userauth_request: invalid user matias [preauth]
Jun 26 11:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Failed password for invalid user matias from 141.98.83.240 port 32260 ssh2
Jun 26 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Failed password for invalid user matias from 141.98.83.240 port 32260 ssh2
Jun 26 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Failed password for invalid user matias from 141.98.83.240 port 32260 ssh2
Jun 26 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Connection closed by 141.98.83.240 port 32260 [preauth]
Jun 26 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 11:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: Connection closed by 91.92.40.49 port 43632 [preauth]
Jun 26 11:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Invalid user user from 91.92.40.49
Jun 26 11:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: input_userauth_request: invalid user user [preauth]
Jun 26 11:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: Invalid user user1 from 91.92.40.49
Jun 26 11:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: input_userauth_request: invalid user user1 [preauth]
Jun 26 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[959]: pam_unix(cron:session): session closed for user root
Jun 26 11:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Failed password for invalid user user from 91.92.40.49 port 19926 ssh2
Jun 26 11:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: Failed password for invalid user user1 from 91.92.40.49 port 18160 ssh2
Jun 26 11:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Invalid user gissell from 2.57.121.112
Jun 26 11:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: input_userauth_request: invalid user gissell [preauth]
Jun 26 11:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 11:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Failed password for invalid user gissell from 2.57.121.112 port 4882 ssh2
Jun 26 11:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Failed password for invalid user gissell from 2.57.121.112 port 4882 ssh2
Jun 26 11:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Failed password for invalid user gissell from 2.57.121.112 port 4882 ssh2
Jun 26 11:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2466]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2463]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2462]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2466]: pam_unix(cron:session): session closed for user root
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2460]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2538]: Successful su for rubyman by root
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2538]: + ??? root:rubyman
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596348 of user rubyman.
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2538]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596348.
Jun 26 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Failed password for invalid user gissell from 2.57.121.112 port 4882 ssh2
Jun 26 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Connection closed by 2.57.121.112 port 4882 [preauth]
Jun 26 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 26 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Invalid user gissell from 2.57.121.112
Jun 26 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: input_userauth_request: invalid user gissell [preauth]
Jun 26 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2462]: pam_unix(cron:session): session closed for user root
Jun 26 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session closed for user root
Jun 26 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: Connection closed by 91.92.40.49 port 18160 [preauth]
Jun 26 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Failed password for invalid user gissell from 2.57.121.112 port 52960 ssh2
Jun 26 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Connection closed by 2.57.121.112 port 52960 [preauth]
Jun 26 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2461]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Invalid user gg from 91.92.40.49
Jun 26 11:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: input_userauth_request: invalid user gg [preauth]
Jun 26 11:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Invalid user splunk from 91.92.40.49
Jun 26 11:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: input_userauth_request: invalid user splunk [preauth]
Jun 26 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1431]: pam_unix(cron:session): session closed for user root
Jun 26 11:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Failed password for invalid user gg from 91.92.40.49 port 28038 ssh2
Jun 26 11:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Invalid user tactical from 91.92.40.49
Jun 26 11:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: input_userauth_request: invalid user tactical [preauth]
Jun 26 11:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: Invalid user scanner from 91.92.40.49
Jun 26 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: input_userauth_request: invalid user scanner [preauth]
Jun 26 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 11:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Failed password for root from 195.178.110.227 port 41230 ssh2
Jun 26 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Connection closed by 195.178.110.227 port 41230 [preauth]
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2922]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2923]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2985]: Successful su for rubyman by root
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2985]: + ??? root:rubyman
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596349 of user rubyman.
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2985]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596349.
Jun 26 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session closed for user root
Jun 26 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2921]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Failed password for invalid user tactical from 91.92.40.49 port 10030 ssh2
Jun 26 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for invalid user splunk from 91.92.40.49 port 23364 ssh2
Jun 26 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Invalid user elasticsearch from 91.92.40.49
Jun 26 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: input_userauth_request: invalid user elasticsearch [preauth]
Jun 26 11:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2359]: Failed password for invalid user scanner from 91.92.40.49 port 23420 ssh2
Jun 26 11:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Invalid user deploy from 91.92.40.49
Jun 26 11:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: input_userauth_request: invalid user deploy [preauth]
Jun 26 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Failed password for invalid user deploy from 91.92.40.49 port 39032 ssh2
Jun 26 11:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Connection closed by 91.92.40.49 port 10030 [preauth]
Jun 26 11:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Did not receive identification string from 91.92.40.49
Jun 26 11:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Connection closed by 91.92.40.49 port 39032 [preauth]
Jun 26 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2011]: pam_unix(cron:session): session closed for user root
Jun 26 11:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Failed password for invalid user elasticsearch from 91.92.40.49 port 38984 ssh2
Jun 26 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Invalid user arthur from 91.92.40.49
Jun 26 11:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: input_userauth_request: invalid user arthur [preauth]
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: Successful su for rubyman by root
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: + ??? root:rubyman
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596353 of user rubyman.
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596353.
Jun 26 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[384]: pam_unix(cron:session): session closed for user root
Jun 26 11:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Failed password for invalid user arthur from 91.92.40.49 port 42880 ssh2
Jun 26 11:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2465]: pam_unix(cron:session): session closed for user root
Jun 26 11:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Invalid user server from 91.92.40.49
Jun 26 11:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: input_userauth_request: invalid user server [preauth]
Jun 26 11:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Connection closed by 91.92.40.49 port 42880 [preauth]
Jun 26 11:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Invalid user webtest from 91.92.40.49
Jun 26 11:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: input_userauth_request: invalid user webtest [preauth]
Jun 26 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Failed password for invalid user server from 91.92.40.49 port 58112 ssh2
Jun 26 11:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2918]: Failed password for root from 91.92.40.49 port 13552 ssh2
Jun 26 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3829]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3826]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3941]: Successful su for rubyman by root
Jun 26 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3941]: + ??? root:rubyman
Jun 26 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596358 of user rubyman.
Jun 26 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3941]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596358.
Jun 26 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[958]: pam_unix(cron:session): session closed for user root
Jun 26 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Invalid user openclaw from 91.92.40.49
Jun 26 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: input_userauth_request: invalid user openclaw [preauth]
Jun 26 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3827]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Failed password for invalid user webtest from 91.92.40.49 port 47294 ssh2
Jun 26 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: Failed password for root from 103.27.238.114 port 56762 ssh2
Jun 26 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: Connection closed by 103.27.238.114 port 56762 [preauth]
Jun 26 11:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Connection closed by 91.92.40.49 port 58112 [preauth]
Jun 26 11:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for invalid user openclaw from 91.92.40.49 port 47308 ssh2
Jun 26 11:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: Invalid user rocky from 91.92.40.49
Jun 26 11:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: input_userauth_request: invalid user rocky [preauth]
Jun 26 11:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4245]: Invalid user ubuntu from 113.125.165.132
Jun 26 11:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4245]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 11:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4245]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.165.132
Jun 26 11:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4245]: Failed password for invalid user ubuntu from 113.125.165.132 port 40236 ssh2
Jun 26 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Connection closed by 91.92.40.49 port 47294 [preauth]
Jun 26 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2923]: pam_unix(cron:session): session closed for user root
Jun 26 11:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 11:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Invalid user george from 91.92.40.49
Jun 26 11:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: input_userauth_request: invalid user george [preauth]
Jun 26 11:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: Failed password for root from 195.178.110.227 port 44448 ssh2
Jun 26 11:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4287]: Connection closed by 195.178.110.227 port 44448 [preauth]
Jun 26 11:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Connection closed by 91.92.40.49 port 47308 [preauth]
Jun 26 11:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: Failed password for invalid user rocky from 91.92.40.49 port 56954 ssh2
Jun 26 11:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4352]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: Successful su for rubyman by root
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: + ??? root:rubyman
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596362 of user rubyman.
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596362.
Jun 26 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4350]: pam_unix(cron:session): session closed for user root
Jun 26 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Failed password for invalid user george from 91.92.40.49 port 56978 ssh2
Jun 26 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1430]: pam_unix(cron:session): session closed for user root
Jun 26 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4353]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Invalid user odoo18 from 91.92.40.49
Jun 26 11:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: input_userauth_request: invalid user odoo18 [preauth]
Jun 26 11:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: Connection closed by 91.92.40.49 port 56954 [preauth]
Jun 26 11:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Connection closed by 91.92.40.49 port 56978 [preauth]
Jun 26 11:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Failed password for invalid user odoo18 from 91.92.40.49 port 22752 ssh2
Jun 26 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3331]: pam_unix(cron:session): session closed for user root
Jun 26 11:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Failed password for root from 91.92.40.49 port 22784 ssh2
Jun 26 11:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: Invalid user ethan from 91.92.40.49
Jun 26 11:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: input_userauth_request: invalid user ethan [preauth]
Jun 26 11:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Connection closed by 91.92.40.49 port 22752 [preauth]
Jun 26 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Connection closed by 91.92.40.49 port 22784 [preauth]
Jun 26 11:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: Invalid user gitlab from 91.92.40.49
Jun 26 11:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: input_userauth_request: invalid user gitlab [preauth]
Jun 26 11:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: Failed password for invalid user ethan from 91.92.40.49 port 26080 ssh2
Jun 26 11:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: Failed password for root from 91.92.40.49 port 60422 ssh2
Jun 26 11:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4219]: Connection closed by 91.92.40.49 port 26080 [preauth]
Jun 26 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4247]: Connection closed by 91.92.40.49 port 60422 [preauth]
Jun 26 11:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: Failed password for invalid user gitlab from 91.92.40.49 port 26122 ssh2
Jun 26 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4349]: Connection closed by 91.92.40.49 port 26122 [preauth]
Jun 26 11:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4974]: pam_unix(cron:session): session closed for user root
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4968]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5034]: Successful su for rubyman by root
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5034]: + ??? root:rubyman
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596369 of user rubyman.
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5034]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596369.
Jun 26 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4971]: pam_unix(cron:session): session closed for user root
Jun 26 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2010]: pam_unix(cron:session): session closed for user root
Jun 26 11:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Invalid user ali from 91.92.40.49
Jun 26 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: input_userauth_request: invalid user ali [preauth]
Jun 26 11:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Failed password for invalid user ali from 91.92.40.49 port 12104 ssh2
Jun 26 11:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: Invalid user erpnext from 91.92.40.49
Jun 26 11:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: input_userauth_request: invalid user erpnext [preauth]
Jun 26 11:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Connection closed by 91.92.40.49 port 12104 [preauth]
Jun 26 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: Failed password for invalid user erpnext from 91.92.40.49 port 43556 ssh2
Jun 26 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3829]: pam_unix(cron:session): session closed for user root
Jun 26 11:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: Connection closed by 91.92.40.49 port 43556 [preauth]
Jun 26 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: Invalid user sam from 91.92.40.49
Jun 26 11:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: input_userauth_request: invalid user sam [preauth]
Jun 26 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: Successful su for rubyman by root
Jun 26 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: + ??? root:rubyman
Jun 26 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596374 of user rubyman.
Jun 26 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596374.
Jun 26 11:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2463]: pam_unix(cron:session): session closed for user root
Jun 26 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5296]: Failed password for root from 91.92.40.49 port 43876 ssh2
Jun 26 11:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: Failed password for invalid user sam from 91.92.40.49 port 43838 ssh2
Jun 26 11:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 11:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5688]: Failed password for root from 195.178.110.227 port 47656 ssh2
Jun 26 11:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5688]: Connection closed by 195.178.110.227 port 47656 [preauth]
Jun 26 11:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5296]: Connection closed by 91.92.40.49 port 43876 [preauth]
Jun 26 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4355]: pam_unix(cron:session): session closed for user root
Jun 26 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5752]: Did not receive identification string from 198.235.24.24
Jun 26 11:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: Connection closed by 91.92.40.49 port 43838 [preauth]
Jun 26 11:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5392]: Invalid user zabbix from 91.92.40.49
Jun 26 11:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5392]: input_userauth_request: invalid user zabbix [preauth]
Jun 26 11:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5392]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5392]: Failed password for invalid user zabbix from 91.92.40.49 port 27224 ssh2
Jun 26 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5819]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5817]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5880]: Successful su for rubyman by root
Jun 26 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5880]: + ??? root:rubyman
Jun 26 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596376 of user rubyman.
Jun 26 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5880]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596376.
Jun 26 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2922]: pam_unix(cron:session): session closed for user root
Jun 26 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5818]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5401]: Failed password for root from 91.92.40.49 port 27256 ssh2
Jun 26 11:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: Invalid user odoo from 91.92.40.49
Jun 26 11:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: input_userauth_request: invalid user odoo [preauth]
Jun 26 11:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5392]: Connection closed by 91.92.40.49 port 27224 [preauth]
Jun 26 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5401]: Connection closed by 91.92.40.49 port 27256 [preauth]
Jun 26 11:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4973]: pam_unix(cron:session): session closed for user root
Jun 26 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5687]: Invalid user deploy from 91.92.40.49
Jun 26 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5687]: input_userauth_request: invalid user deploy [preauth]
Jun 26 11:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: Failed password for invalid user odoo from 91.92.40.49 port 28806 ssh2
Jun 26 11:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Did not receive identification string from 91.92.40.49
Jun 26 11:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5687]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5687]: Failed password for invalid user deploy from 91.92.40.49 port 23872 ssh2
Jun 26 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5665]: Connection closed by 91.92.40.49 port 28806 [preauth]
Jun 26 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6208]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6275]: Successful su for rubyman by root
Jun 26 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6275]: + ??? root:rubyman
Jun 26 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596381 of user rubyman.
Jun 26 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6275]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596381.
Jun 26 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3330]: pam_unix(cron:session): session closed for user root
Jun 26 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Invalid user ubuntu from 91.92.40.49
Jun 26 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6209]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5687]: Connection closed by 91.92.40.49 port 23872 [preauth]
Jun 26 11:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Failed password for invalid user ubuntu from 91.92.40.49 port 13520 ssh2
Jun 26 11:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: Failed password for root from 91.92.40.49 port 13588 ssh2
Jun 26 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: Invalid user deploy from 91.92.40.49
Jun 26 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: input_userauth_request: invalid user deploy [preauth]
Jun 26 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5415]: pam_unix(cron:session): session closed for user root
Jun 26 11:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: Failed password for invalid user deploy from 91.92.40.49 port 47772 ssh2
Jun 26 11:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Invalid user steam from 91.92.40.49
Jun 26 11:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: input_userauth_request: invalid user steam [preauth]
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6083]: Connection closed by 91.92.40.49 port 47772 [preauth]
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6672]: Successful su for rubyman by root
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6672]: + ??? root:rubyman
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596384 of user rubyman.
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6672]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596384.
Jun 26 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3828]: pam_unix(cron:session): session closed for user root
Jun 26 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6608]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Invalid user manasa from 45.78.207.244
Jun 26 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: input_userauth_request: invalid user manasa [preauth]
Jun 26 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6605]: Failed password for root from 195.178.110.227 port 50894 ssh2
Jun 26 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6605]: Connection closed by 195.178.110.227 port 50894 [preauth]
Jun 26 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Failed password for invalid user manasa from 45.78.207.244 port 59346 ssh2
Jun 26 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Received disconnect from 45.78.207.244 port 59346:11: Bye Bye [preauth]
Jun 26 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Disconnected from 45.78.207.244 port 59346 [preauth]
Jun 26 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Failed password for invalid user steam from 91.92.40.49 port 60930 ssh2
Jun 26 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: Invalid user kafka from 91.92.40.49
Jun 26 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: input_userauth_request: invalid user kafka [preauth]
Jun 26 11:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Connection closed by 91.92.40.49 port 60930 [preauth]
Jun 26 11:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: Failed password for invalid user kafka from 91.92.40.49 port 64850 ssh2
Jun 26 11:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Failed password for root from 91.92.40.49 port 35502 ssh2
Jun 26 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5820]: pam_unix(cron:session): session closed for user root
Jun 26 11:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6477]: Connection closed by 91.92.40.49 port 64850 [preauth]
Jun 26 11:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Connection closed by 91.92.40.49 port 35502 [preauth]
Jun 26 11:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7125]: pam_unix(cron:session): session closed for user root
Jun 26 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7120]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7194]: Successful su for rubyman by root
Jun 26 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7194]: + ??? root:rubyman
Jun 26 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596390 of user rubyman.
Jun 26 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7194]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596390.
Jun 26 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: Failed password for root from 91.92.40.49 port 37408 ssh2
Jun 26 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7122]: pam_unix(cron:session): session closed for user root
Jun 26 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4354]: pam_unix(cron:session): session closed for user root
Jun 26 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: Connection closed by 91.92.40.49 port 37408 [preauth]
Jun 26 11:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: Received disconnect from 207.180.221.143 port 57794:11: disconnected by user [preauth]
Jun 26 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: Disconnected from 207.180.221.143 port 57794 [preauth]
Jun 26 11:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6940]: Invalid user idempiere from 91.92.40.49
Jun 26 11:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6940]: input_userauth_request: invalid user idempiere [preauth]
Jun 26 11:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session closed for user root
Jun 26 11:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: Invalid user ftpuser2 from 91.92.40.49
Jun 26 11:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: input_userauth_request: invalid user ftpuser2 [preauth]
Jun 26 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Failed password for root from 193.37.70.224 port 52402 ssh2
Jun 26 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7480]: Connection closed by 193.37.70.224 port 52402 [preauth]
Jun 26 11:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6940]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6940]: Failed password for invalid user idempiere from 91.92.40.49 port 15544 ssh2
Jun 26 11:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Invalid user lucas from 91.92.40.49
Jun 26 11:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: input_userauth_request: invalid user lucas [preauth]
Jun 26 11:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: Failed password for invalid user ftpuser2 from 91.92.40.49 port 38184 ssh2
Jun 26 11:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6940]: Connection closed by 91.92.40.49 port 15544 [preauth]
Jun 26 11:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: Invalid user tom from 45.78.207.244
Jun 26 11:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: input_userauth_request: invalid user tom [preauth]
Jun 26 11:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 11:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: Failed password for invalid user tom from 45.78.207.244 port 51064 ssh2
Jun 26 11:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: Received disconnect from 45.78.207.244 port 51064:11: Bye Bye [preauth]
Jun 26 11:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: Disconnected from 45.78.207.244 port 51064 [preauth]
Jun 26 11:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Failed password for invalid user lucas from 91.92.40.49 port 38218 ssh2
Jun 26 11:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Invalid user kim from 91.92.40.49
Jun 26 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: input_userauth_request: invalid user kim [preauth]
Jun 26 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7573]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7570]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7741]: Successful su for rubyman by root
Jun 26 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7741]: + ??? root:rubyman
Jun 26 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596394 of user rubyman.
Jun 26 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7741]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596394.
Jun 26 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: Connection closed by 91.92.40.49 port 38184 [preauth]
Jun 26 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4972]: pam_unix(cron:session): session closed for user root
Jun 26 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7571]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Connection closed by 91.92.40.49 port 38218 [preauth]
Jun 26 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Failed password for invalid user kim from 91.92.40.49 port 10570 ssh2
Jun 26 11:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7544]: Did not receive identification string from 91.92.40.49
Jun 26 11:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Invalid user user3 from 91.92.40.49
Jun 26 11:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: input_userauth_request: invalid user user3 [preauth]
Jun 26 11:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Connection closed by 91.92.40.49 port 10570 [preauth]
Jun 26 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6610]: pam_unix(cron:session): session closed for user root
Jun 26 11:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Failed password for invalid user user3 from 91.92.40.49 port 39686 ssh2
Jun 26 11:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 11:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8011]: Failed password for root from 195.178.110.227 port 54096 ssh2
Jun 26 11:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 11:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8011]: Connection closed by 195.178.110.227 port 54096 [preauth]
Jun 26 11:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Failed password for root from 62.133.62.83 port 46340 ssh2
Jun 26 11:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8046]: Connection closed by 62.133.62.83 port 46340 [preauth]
Jun 26 11:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Connection closed by 91.92.40.49 port 39686 [preauth]
Jun 26 11:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Invalid user ian from 91.92.40.49
Jun 26 11:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: input_userauth_request: invalid user ian [preauth]
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8069]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8067]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8129]: Successful su for rubyman by root
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8129]: + ??? root:rubyman
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596398 of user rubyman.
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8129]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596398.
Jun 26 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session closed for user root
Jun 26 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: Invalid user kali from 91.92.40.49
Jun 26 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: input_userauth_request: invalid user kali [preauth]
Jun 26 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8068]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Failed password for invalid user ian from 91.92.40.49 port 53570 ssh2
Jun 26 11:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: Failed password for invalid user kali from 91.92.40.49 port 53578 ssh2
Jun 26 11:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: Invalid user app from 91.92.40.49
Jun 26 11:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: input_userauth_request: invalid user app [preauth]
Jun 26 11:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Connection closed by 91.92.40.49 port 53570 [preauth]
Jun 26 11:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: Connection closed by 91.92.40.49 port 53578 [preauth]
Jun 26 11:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: Failed password for invalid user app from 91.92.40.49 port 57104 ssh2
Jun 26 11:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244  user=root
Jun 26 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: Connection closed by 91.92.40.49 port 57104 [preauth]
Jun 26 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Failed password for root from 45.78.207.244 port 43298 ssh2
Jun 26 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Received disconnect from 45.78.207.244 port 43298:11: Bye Bye [preauth]
Jun 26 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Disconnected from 45.78.207.244 port 43298 [preauth]
Jun 26 11:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7124]: pam_unix(cron:session): session closed for user root
Jun 26 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: Invalid user ubuntu from 91.92.40.49
Jun 26 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 11:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: Failed password for invalid user ubuntu from 91.92.40.49 port 24490 ssh2
Jun 26 11:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8349]: Connection closed by 91.92.40.49 port 24490 [preauth]
Jun 26 11:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Invalid user solana from 91.92.40.49
Jun 26 11:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: input_userauth_request: invalid user solana [preauth]
Jun 26 11:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Failed password for invalid user solana from 91.92.40.49 port 64618 ssh2
Jun 26 11:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Connection closed by 91.92.40.49 port 64618 [preauth]
Jun 26 11:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Failed password for root from 91.92.40.49 port 62528 ssh2
Jun 26 11:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Connection closed by 91.92.40.49 port 62528 [preauth]
Jun 26 11:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Invalid user apex from 91.92.40.49
Jun 26 11:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: input_userauth_request: invalid user apex [preauth]
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8545]: Successful su for rubyman by root
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8545]: + ??? root:rubyman
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596402 of user rubyman.
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8545]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596402.
Jun 26 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Failed password for invalid user apex from 91.92.40.49 port 55720 ssh2
Jun 26 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5819]: pam_unix(cron:session): session closed for user root
Jun 26 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8482]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Connection closed by 91.92.40.49 port 55720 [preauth]
Jun 26 11:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 11:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Failed password for root from 38.93.206.2 port 35264 ssh2
Jun 26 11:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Connection closed by 38.93.206.2 port 35264 [preauth]
Jun 26 11:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Invalid user ftptest from 91.92.40.49
Jun 26 11:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: input_userauth_request: invalid user ftptest [preauth]
Jun 26 11:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Failed password for invalid user ftptest from 91.92.40.49 port 43282 ssh2
Jun 26 11:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Connection closed by 91.92.40.49 port 43282 [preauth]
Jun 26 11:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7573]: pam_unix(cron:session): session closed for user root
Jun 26 11:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Invalid user deploy from 91.92.40.49
Jun 26 11:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: input_userauth_request: invalid user deploy [preauth]
Jun 26 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Failed password for invalid user deploy from 91.92.40.49 port 23030 ssh2
Jun 26 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Connection closed by 91.92.40.49 port 23030 [preauth]
Jun 26 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: Invalid user ubuntu from 91.92.40.49
Jun 26 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 11:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: Failed password for invalid user ubuntu from 91.92.40.49 port 25324 ssh2
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8886]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8885]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8883]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: Successful su for rubyman by root
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: + ??? root:rubyman
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596406 of user rubyman.
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596406.
Jun 26 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: Connection closed by 91.92.40.49 port 25324 [preauth]
Jun 26 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session closed for user root
Jun 26 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8884]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: Failed password for root from 91.92.40.49 port 26406 ssh2
Jun 26 11:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: Connection closed by 91.92.40.49 port 26406 [preauth]
Jun 26 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 11:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Failed password for root from 195.178.110.227 port 57262 ssh2
Jun 26 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9161]: Connection closed by 195.178.110.227 port 57262 [preauth]
Jun 26 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: Invalid user admin from 91.92.40.49
Jun 26 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Invalid user ansible from 45.78.207.244
Jun 26 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: input_userauth_request: invalid user ansible [preauth]
Jun 26 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 11:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Failed password for invalid user ansible from 45.78.207.244 port 37148 ssh2
Jun 26 11:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Received disconnect from 45.78.207.244 port 37148:11: Bye Bye [preauth]
Jun 26 11:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Disconnected from 45.78.207.244 port 37148 [preauth]
Jun 26 11:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: Failed password for invalid user admin from 91.92.40.49 port 42182 ssh2
Jun 26 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8070]: pam_unix(cron:session): session closed for user root
Jun 26 11:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: Connection closed by 91.92.40.49 port 42182 [preauth]
Jun 26 11:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: Invalid user admin from 91.92.40.49
Jun 26 11:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: Failed password for invalid user admin from 91.92.40.49 port 47302 ssh2
Jun 26 11:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9160]: Connection closed by 91.92.40.49 port 47302 [preauth]
Jun 26 11:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: Failed password for root from 91.92.40.49 port 46712 ssh2
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9299]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9296]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9299]: pam_unix(cron:session): session closed for user root
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9293]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: Connection closed by 91.92.40.49 port 46712 [preauth]
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9362]: Successful su for rubyman by root
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9362]: + ??? root:rubyman
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596410 of user rubyman.
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9362]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596410.
Jun 26 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9295]: pam_unix(cron:session): session closed for user root
Jun 26 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6609]: pam_unix(cron:session): session closed for user root
Jun 26 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9294]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9271]: Failed password for root from 91.92.40.49 port 45334 ssh2
Jun 26 11:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: Invalid user admin from 2.57.121.25
Jun 26 11:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 11:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: Failed password for invalid user admin from 2.57.121.25 port 20056 ssh2
Jun 26 11:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: Invalid user demo from 91.92.40.49
Jun 26 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: input_userauth_request: invalid user demo [preauth]
Jun 26 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: Failed password for invalid user admin from 2.57.121.25 port 20056 ssh2
Jun 26 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9271]: Connection closed by 91.92.40.49 port 45334 [preauth]
Jun 26 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session closed for user root
Jun 26 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: Failed password for invalid user admin from 2.57.121.25 port 20056 ssh2
Jun 26 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: Connection closed by 2.57.121.25 port 20056 [preauth]
Jun 26 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9629]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9652]: Received disconnect from 185.135.157.99 port 56448:11: disconnected by user [preauth]
Jun 26 11:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9652]: Disconnected from 185.135.157.99 port 56448 [preauth]
Jun 26 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: Failed password for invalid user demo from 91.92.40.49 port 42664 ssh2
Jun 26 11:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Invalid user claude from 91.92.40.49
Jun 26 11:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: input_userauth_request: invalid user claude [preauth]
Jun 26 11:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: Connection closed by 91.92.40.49 port 42664 [preauth]
Jun 26 11:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9798]: Successful su for rubyman by root
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9798]: + ??? root:rubyman
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596416 of user rubyman.
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9798]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596416.
Jun 26 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244  user=root
Jun 26 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Failed password for root from 45.78.207.244 port 45818 ssh2
Jun 26 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Received disconnect from 45.78.207.244 port 45818:11: Bye Bye [preauth]
Jun 26 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Disconnected from 45.78.207.244 port 45818 [preauth]
Jun 26 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7123]: pam_unix(cron:session): session closed for user root
Jun 26 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Failed password for invalid user claude from 91.92.40.49 port 34472 ssh2
Jun 26 11:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: Invalid user odoo from 91.92.40.49
Jun 26 11:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: input_userauth_request: invalid user odoo [preauth]
Jun 26 11:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Connection closed by 91.92.40.49 port 34472 [preauth]
Jun 26 11:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Invalid user vpn from 91.92.40.49
Jun 26 11:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: input_userauth_request: invalid user vpn [preauth]
Jun 26 11:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: Failed password for invalid user odoo from 91.92.40.49 port 35598 ssh2
Jun 26 11:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Failed password for invalid user vpn from 91.92.40.49 port 35618 ssh2
Jun 26 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8886]: pam_unix(cron:session): session closed for user root
Jun 26 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: Connection closed by 91.92.40.49 port 35598 [preauth]
Jun 26 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Connection closed by 91.92.40.49 port 35618 [preauth]
Jun 26 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: Invalid user alpha from 91.92.40.49
Jun 26 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: input_userauth_request: invalid user alpha [preauth]
Jun 26 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 11:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: Failed password for root from 195.178.110.227 port 60468 ssh2
Jun 26 11:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: Connection closed by 195.178.110.227 port 60468 [preauth]
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: Successful su for rubyman by root
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: + ??? root:rubyman
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596421 of user rubyman.
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10475]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596421.
Jun 26 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7572]: pam_unix(cron:session): session closed for user root
Jun 26 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: Failed password for invalid user alpha from 91.92.40.49 port 15816 ssh2
Jun 26 11:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10200]: Invalid user dst from 91.92.40.49
Jun 26 11:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10200]: input_userauth_request: invalid user dst [preauth]
Jun 26 11:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: Connection closed by 91.92.40.49 port 15816 [preauth]
Jun 26 11:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Invalid user student from 91.92.40.49
Jun 26 11:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: input_userauth_request: invalid user student [preauth]
Jun 26 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10200]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Invalid user kafka from 91.92.40.49
Jun 26 11:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: input_userauth_request: invalid user kafka [preauth]
Jun 26 11:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10200]: Failed password for invalid user dst from 91.92.40.49 port 33444 ssh2
Jun 26 11:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Failed password for invalid user student from 91.92.40.49 port 43414 ssh2
Jun 26 11:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10200]: Connection closed by 91.92.40.49 port 33444 [preauth]
Jun 26 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Failed password for invalid user kafka from 91.92.40.49 port 43468 ssh2
Jun 26 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session closed for user root
Jun 26 11:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Connection closed by 91.92.40.49 port 43414 [preauth]
Jun 26 11:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10333]: Connection closed by 91.92.40.49 port 43468 [preauth]
Jun 26 11:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: Invalid user sammy from 45.78.207.244
Jun 26 11:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: input_userauth_request: invalid user sammy [preauth]
Jun 26 11:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 11:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10403]: Invalid user pakchoi from 91.92.40.49
Jun 26 11:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10403]: input_userauth_request: invalid user pakchoi [preauth]
Jun 26 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: Failed password for invalid user sammy from 45.78.207.244 port 40582 ssh2
Jun 26 11:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: Received disconnect from 45.78.207.244 port 40582:11: Bye Bye [preauth]
Jun 26 11:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: Disconnected from 45.78.207.244 port 40582 [preauth]
Jun 26 11:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10403]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: Failed password for root from 194.113.233.25 port 53558 ssh2
Jun 26 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: Connection closed by 194.113.233.25 port 53558 [preauth]
Jun 26 11:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10403]: Failed password for invalid user pakchoi from 91.92.40.49 port 49244 ssh2
Jun 26 11:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10844]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: Successful su for rubyman by root
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: + ??? root:rubyman
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596426 of user rubyman.
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596426.
Jun 26 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Invalid user develop from 91.92.40.49
Jun 26 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: input_userauth_request: invalid user develop [preauth]
Jun 26 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10838]: Failed password for root from 103.15.222.183 port 54272 ssh2
Jun 26 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10403]: Connection closed by 91.92.40.49 port 49244 [preauth]
Jun 26 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10838]: Connection closed by 103.15.222.183 port 54272 [preauth]
Jun 26 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8069]: pam_unix(cron:session): session closed for user root
Jun 26 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10843]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Failed password for invalid user develop from 91.92.40.49 port 62760 ssh2
Jun 26 11:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Invalid user flow from 91.92.40.49
Jun 26 11:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: input_userauth_request: invalid user flow [preauth]
Jun 26 11:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Connection closed by 91.92.40.49 port 62760 [preauth]
Jun 26 11:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Invalid user alex from 91.92.40.49
Jun 26 11:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: input_userauth_request: invalid user alex [preauth]
Jun 26 11:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9728]: pam_unix(cron:session): session closed for user root
Jun 26 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Failed password for invalid user flow from 91.92.40.49 port 15416 ssh2
Jun 26 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Invalid user jakob from 91.92.40.49
Jun 26 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: input_userauth_request: invalid user jakob [preauth]
Jun 26 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Failed password for invalid user alex from 91.92.40.49 port 41960 ssh2
Jun 26 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Connection closed by 91.92.40.49 port 15416 [preauth]
Jun 26 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Connection closed by 91.92.40.49 port 41960 [preauth]
Jun 26 11:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Failed password for invalid user jakob from 91.92.40.49 port 17750 ssh2
Jun 26 11:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Connection closed by 91.92.40.49 port 17750 [preauth]
Jun 26 11:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: Failed password for root from 91.92.40.49 port 24488 ssh2
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11262]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11259]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11330]: Successful su for rubyman by root
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11330]: + ??? root:rubyman
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596428 of user rubyman.
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11330]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596428.
Jun 26 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: Connection closed by 91.92.40.49 port 24488 [preauth]
Jun 26 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session closed for user root
Jun 26 11:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11260]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Invalid user joe from 91.92.40.49
Jun 26 11:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: input_userauth_request: invalid user joe [preauth]
Jun 26 11:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Failed password for invalid user joe from 91.92.40.49 port 23394 ssh2
Jun 26 11:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Connection closed by 91.92.40.49 port 23394 [preauth]
Jun 26 11:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244  user=root
Jun 26 11:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: Invalid user deploy from 91.92.40.49
Jun 26 11:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: input_userauth_request: invalid user deploy [preauth]
Jun 26 11:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Failed password for root from 45.78.207.244 port 50366 ssh2
Jun 26 11:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Received disconnect from 45.78.207.244 port 50366:11: Bye Bye [preauth]
Jun 26 11:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Disconnected from 45.78.207.244 port 50366 [preauth]
Jun 26 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10417]: pam_unix(cron:session): session closed for user root
Jun 26 11:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: Failed password for invalid user deploy from 91.92.40.49 port 30966 ssh2
Jun 26 11:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 11:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: Failed password for root from 195.178.110.227 port 35414 ssh2
Jun 26 11:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11628]: Connection closed by 195.178.110.227 port 35414 [preauth]
Jun 26 11:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: Connection closed by 91.92.40.49 port 30966 [preauth]
Jun 26 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11689]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11692]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11693]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11690]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11693]: pam_unix(cron:session): session closed for user root
Jun 26 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11687]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11775]: Successful su for rubyman by root
Jun 26 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11775]: + ??? root:rubyman
Jun 26 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596436 of user rubyman.
Jun 26 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11775]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596436.
Jun 26 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8885]: pam_unix(cron:session): session closed for user root
Jun 26 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11689]: pam_unix(cron:session): session closed for user root
Jun 26 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11688]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: Failed password for root from 109.237.96.109 port 54068 ssh2
Jun 26 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: Connection closed by 109.237.96.109 port 54068 [preauth]
Jun 26 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Invalid user cloud from 91.92.40.49
Jun 26 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: input_userauth_request: invalid user cloud [preauth]
Jun 26 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Failed password for invalid user cloud from 91.92.40.49 port 61786 ssh2
Jun 26 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Invalid user dev from 91.92.40.49
Jun 26 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: input_userauth_request: invalid user dev [preauth]
Jun 26 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session closed for user root
Jun 26 11:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12095]: Failed password for root from 103.27.238.116 port 35776 ssh2
Jun 26 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12095]: Connection closed by 103.27.238.116 port 35776 [preauth]
Jun 26 11:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Failed password for root from 91.92.40.49 port 28288 ssh2
Jun 26 11:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Connection closed by 91.92.40.49 port 61786 [preauth]
Jun 26 11:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Failed password for invalid user dev from 91.92.40.49 port 44576 ssh2
Jun 26 11:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Connection closed by 91.92.40.49 port 28288 [preauth]
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12189]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12375]: Successful su for rubyman by root
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12375]: + ??? root:rubyman
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596440 of user rubyman.
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12375]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596440.
Jun 26 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Connection closed by 91.92.40.49 port 44576 [preauth]
Jun 26 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9296]: pam_unix(cron:session): session closed for user root
Jun 26 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12190]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: Invalid user valheim from 45.78.207.244
Jun 26 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: input_userauth_request: invalid user valheim [preauth]
Jun 26 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 11:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: Failed password for invalid user valheim from 45.78.207.244 port 37328 ssh2
Jun 26 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: Received disconnect from 45.78.207.244 port 37328:11: Bye Bye [preauth]
Jun 26 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: Disconnected from 45.78.207.244 port 37328 [preauth]
Jun 26 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: Invalid user ark from 91.92.40.49
Jun 26 11:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: input_userauth_request: invalid user ark [preauth]
Jun 26 11:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: Invalid user steam from 91.92.40.49
Jun 26 11:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: input_userauth_request: invalid user steam [preauth]
Jun 26 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11263]: pam_unix(cron:session): session closed for user root
Jun 26 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: Failed password for invalid user ark from 91.92.40.49 port 44982 ssh2
Jun 26 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: Failed password for invalid user steam from 91.92.40.49 port 45012 ssh2
Jun 26 11:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Invalid user uftp from 91.92.40.49
Jun 26 11:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: input_userauth_request: invalid user uftp [preauth]
Jun 26 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: Connection closed by 91.92.40.49 port 44982 [preauth]
Jun 26 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12724]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: Successful su for rubyman by root
Jun 26 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: + ??? root:rubyman
Jun 26 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596442 of user rubyman.
Jun 26 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596442.
Jun 26 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9727]: pam_unix(cron:session): session closed for user root
Jun 26 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12725]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12042]: Connection closed by 91.92.40.49 port 45012 [preauth]
Jun 26 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for invalid user uftp from 91.92.40.49 port 45034 ssh2
Jun 26 11:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Failed password for root from 195.178.110.227 port 38608 ssh2
Jun 26 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Connection closed by 195.178.110.227 port 38608 [preauth]
Jun 26 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: Invalid user nina from 91.92.40.49
Jun 26 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: input_userauth_request: invalid user nina [preauth]
Jun 26 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11692]: pam_unix(cron:session): session closed for user root
Jun 26 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: Failed password for invalid user nina from 91.92.40.49 port 57472 ssh2
Jun 26 11:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: Connection closed by 91.92.40.49 port 57472 [preauth]
Jun 26 11:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Invalid user b2 from 91.92.40.49
Jun 26 11:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: input_userauth_request: invalid user b2 [preauth]
Jun 26 11:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Invalid user admin from 193.46.255.86
Jun 26 11:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: input_userauth_request: invalid user admin [preauth]
Jun 26 11:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 11:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Failed password for invalid user admin from 193.46.255.86 port 50078 ssh2
Jun 26 11:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Failed password for invalid user b2 from 91.92.40.49 port 57484 ssh2
Jun 26 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Failed password for invalid user admin from 193.46.255.86 port 50078 ssh2
Jun 26 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: Did not receive identification string from 91.92.40.49
Jun 26 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Connection closed by 91.92.40.49 port 57484 [preauth]
Jun 26 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: Failed password for root from 91.92.40.49 port 43680 ssh2
Jun 26 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: Connection closed by 91.92.40.49 port 43680 [preauth]
Jun 26 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Failed password for invalid user admin from 193.46.255.86 port 50078 ssh2
Jun 26 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Connection closed by 193.46.255.86 port 50078 [preauth]
Jun 26 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: Invalid user test from 91.92.40.49
Jun 26 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: input_userauth_request: invalid user test [preauth]
Jun 26 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Failed password for root from 91.92.40.49 port 64376 ssh2
Jun 26 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Connection closed by 91.92.40.49 port 64376 [preauth]
Jun 26 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: Failed password for invalid user test from 91.92.40.49 port 27120 ssh2
Jun 26 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: Connection closed by 91.92.40.49 port 27120 [preauth]
Jun 26 11:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: Did not receive identification string from 91.92.40.49
Jun 26 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13159]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13157]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13225]: Successful su for rubyman by root
Jun 26 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13225]: + ??? root:rubyman
Jun 26 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596446 of user rubyman.
Jun 26 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13225]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596446.
Jun 26 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10416]: pam_unix(cron:session): session closed for user root
Jun 26 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13158]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: Invalid user openclaw from 91.92.40.49
Jun 26 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: input_userauth_request: invalid user openclaw [preauth]
Jun 26 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12192]: pam_unix(cron:session): session closed for user root
Jun 26 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: Failed password for invalid user openclaw from 91.92.40.49 port 25608 ssh2
Jun 26 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12991]: Connection closed by 91.92.40.49 port 25608 [preauth]
Jun 26 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Failed password for root from 87.251.79.125 port 38798 ssh2
Jun 26 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Connection closed by 87.251.79.125 port 38798 [preauth]
Jun 26 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Invalid user security from 91.92.40.49
Jun 26 11:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: input_userauth_request: invalid user security [preauth]
Jun 26 11:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13570]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13568]: pam_unix(cron:session): session closed for user p13x
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13630]: Successful su for rubyman by root
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13630]: + ??? root:rubyman
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596452 of user rubyman.
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13630]: pam_unix(su:session): session closed for user rubyman
Jun 26 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596452.
Jun 26 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10844]: pam_unix(cron:session): session closed for user root
Jun 26 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13569]: pam_unix(cron:session): session closed for user samftp
Jun 26 11:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Failed password for invalid user security from 91.92.40.49 port 60474 ssh2
Jun 26 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Invalid user pi from 91.92.40.49
Jun 26 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: input_userauth_request: invalid user pi [preauth]
Jun 26 11:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 11:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: Failed password for root from 91.92.40.49 port 60528 ssh2
Jun 26 11:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: Invalid user payara from 45.78.207.244
Jun 26 11:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: input_userauth_request: invalid user payara [preauth]
Jun 26 11:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 11:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Connection closed by 91.92.40.49 port 60474 [preauth]
Jun 26 11:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: Failed password for invalid user payara from 45.78.207.244 port 46748 ssh2
Jun 26 11:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: Received disconnect from 45.78.207.244 port 46748:11: Bye Bye [preauth]
Jun 26 11:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: Disconnected from 45.78.207.244 port 46748 [preauth]
Jun 26 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 11:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Failed password for invalid user pi from 91.92.40.49 port 60602 ssh2
Jun 26 11:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12727]: pam_unix(cron:session): session closed for user root
Jun 26 11:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: Connection closed by 91.92.40.49 port 60528 [preauth]
Jun 26 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13442]: Connection closed by 91.92.40.49 port 60602 [preauth]
Jun 26 11:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Invalid user user from 91.92.40.49
Jun 26 11:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: input_userauth_request: invalid user user [preauth]
Jun 26 11:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: Invalid user mike from 141.98.83.240
Jun 26 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: input_userauth_request: invalid user mike [preauth]
Jun 26 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: Invalid user andre from 91.92.40.49
Jun 26 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: input_userauth_request: invalid user andre [preauth]
Jun 26 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: Failed password for invalid user mike from 141.98.83.240 port 53920 ssh2
Jun 26 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13995]: pam_unix(cron:session): session closed for user root
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13991]: pam_unix(cron:session): session closed for user root
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13989]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14079]: Successful su for rubyman by root
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14079]: + ??? root:rubyman
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596454 of user rubyman.
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14079]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596454.
Jun 26 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: Failed password for invalid user mike from 141.98.83.240 port 53920 ssh2
Jun 26 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: Failed password for root from 91.92.40.49 port 22720 ssh2
Jun 26 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13992]: pam_unix(cron:session): session closed for user root
Jun 26 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11262]: pam_unix(cron:session): session closed for user root
Jun 26 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: Failed password for invalid user mike from 141.98.83.240 port 53920 ssh2
Jun 26 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: Connection closed by 141.98.83.240 port 53920 [preauth]
Jun 26 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Failed password for invalid user user from 91.92.40.49 port 22764 ssh2
Jun 26 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13990]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Failed password for root from 195.178.110.227 port 41802 ssh2
Jun 26 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Connection closed by 195.178.110.227 port 41802 [preauth]
Jun 26 12:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: Failed password for invalid user andre from 91.92.40.49 port 26462 ssh2
Jun 26 12:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: Connection closed by 91.92.40.49 port 22720 [preauth]
Jun 26 12:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Connection closed by 91.92.40.49 port 22764 [preauth]
Jun 26 12:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: Connection closed by 91.92.40.49 port 26462 [preauth]
Jun 26 12:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13961]: Invalid user nvidia from 91.92.40.49
Jun 26 12:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13961]: input_userauth_request: invalid user nvidia [preauth]
Jun 26 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13160]: pam_unix(cron:session): session closed for user root
Jun 26 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13961]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13961]: Failed password for invalid user nvidia from 91.92.40.49 port 51242 ssh2
Jun 26 12:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: Invalid user jack from 91.92.40.49
Jun 26 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: input_userauth_request: invalid user jack [preauth]
Jun 26 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14482]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14552]: Successful su for rubyman by root
Jun 26 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14552]: + ??? root:rubyman
Jun 26 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596462 of user rubyman.
Jun 26 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14552]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596462.
Jun 26 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13961]: Connection closed by 91.92.40.49 port 51242 [preauth]
Jun 26 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11690]: pam_unix(cron:session): session closed for user root
Jun 26 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14783]: Connection closed by 45.78.207.244 port 38670 [preauth]
Jun 26 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14483]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: Failed password for invalid user jack from 91.92.40.49 port 35770 ssh2
Jun 26 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Invalid user main from 91.92.40.49
Jun 26 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: input_userauth_request: invalid user main [preauth]
Jun 26 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: Connection closed by 91.92.40.49 port 35770 [preauth]
Jun 26 12:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Failed password for invalid user main from 91.92.40.49 port 53774 ssh2
Jun 26 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Connection closed by 91.92.40.49 port 53774 [preauth]
Jun 26 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Invalid user qwer from 91.92.40.49
Jun 26 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: input_userauth_request: invalid user qwer [preauth]
Jun 26 12:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session closed for user root
Jun 26 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Failed password for root from 91.92.40.49 port 53828 ssh2
Jun 26 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Failed password for invalid user qwer from 91.92.40.49 port 17446 ssh2
Jun 26 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Connection closed by 91.92.40.49 port 53828 [preauth]
Jun 26 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Connection closed by 91.92.40.49 port 17446 [preauth]
Jun 26 12:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Invalid user username from 91.92.40.49
Jun 26 12:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: input_userauth_request: invalid user username [preauth]
Jun 26 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Failed password for invalid user username from 91.92.40.49 port 11956 ssh2
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14995]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14994]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15052]: Successful su for rubyman by root
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15052]: + ??? root:rubyman
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596465 of user rubyman.
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15052]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596465.
Jun 26 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12191]: pam_unix(cron:session): session closed for user root
Jun 26 12:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Invalid user scanner from 91.92.40.49
Jun 26 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: input_userauth_request: invalid user scanner [preauth]
Jun 26 12:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Connection closed by 91.92.40.49 port 11956 [preauth]
Jun 26 12:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Invalid user minecraft from 91.92.40.49
Jun 26 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: input_userauth_request: invalid user minecraft [preauth]
Jun 26 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Failed password for invalid user scanner from 91.92.40.49 port 38790 ssh2
Jun 26 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Failed password for invalid user minecraft from 91.92.40.49 port 28008 ssh2
Jun 26 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Connection closed by 91.92.40.49 port 38790 [preauth]
Jun 26 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13994]: pam_unix(cron:session): session closed for user root
Jun 26 12:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Connection closed by 91.92.40.49 port 28008 [preauth]
Jun 26 12:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Failed password for root from 91.92.40.49 port 53362 ssh2
Jun 26 12:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: Invalid user postgres from 91.92.40.49
Jun 26 12:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: input_userauth_request: invalid user postgres [preauth]
Jun 26 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15365]: Failed password for root from 195.178.110.227 port 44992 ssh2
Jun 26 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15365]: Connection closed by 195.178.110.227 port 44992 [preauth]
Jun 26 12:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Connection closed by 91.92.40.49 port 53362 [preauth]
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15393]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15452]: Successful su for rubyman by root
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15452]: + ??? root:rubyman
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596470 of user rubyman.
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15452]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596470.
Jun 26 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12726]: pam_unix(cron:session): session closed for user root
Jun 26 12:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Invalid user codex from 91.92.40.49
Jun 26 12:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: input_userauth_request: invalid user codex [preauth]
Jun 26 12:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 12:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: Failed password for invalid user postgres from 91.92.40.49 port 13078 ssh2
Jun 26 12:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: Failed password for root from 147.45.199.80 port 39162 ssh2
Jun 26 12:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: Connection closed by 147.45.199.80 port 39162 [preauth]
Jun 26 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Failed password for invalid user codex from 91.92.40.49 port 22166 ssh2
Jun 26 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Invalid user n8n from 91.92.40.49
Jun 26 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: input_userauth_request: invalid user n8n [preauth]
Jun 26 12:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15268]: Connection closed by 91.92.40.49 port 13078 [preauth]
Jun 26 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14485]: pam_unix(cron:session): session closed for user root
Jun 26 12:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Connection closed by 91.92.40.49 port 22166 [preauth]
Jun 26 12:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Failed password for invalid user n8n from 91.92.40.49 port 61012 ssh2
Jun 26 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15792]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15852]: Successful su for rubyman by root
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15852]: + ??? root:rubyman
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596473 of user rubyman.
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15852]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596473.
Jun 26 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Connection closed by 91.92.40.49 port 61012 [preauth]
Jun 26 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13159]: pam_unix(cron:session): session closed for user root
Jun 26 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15793]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: Invalid user s from 91.92.40.49
Jun 26 12:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: input_userauth_request: invalid user s [preauth]
Jun 26 12:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Invalid user test1 from 45.78.207.244
Jun 26 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: input_userauth_request: invalid user test1 [preauth]
Jun 26 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 12:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Failed password for invalid user test1 from 45.78.207.244 port 33816 ssh2
Jun 26 12:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Received disconnect from 45.78.207.244 port 33816:11: Bye Bye [preauth]
Jun 26 12:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Disconnected from 45.78.207.244 port 33816 [preauth]
Jun 26 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14995]: pam_unix(cron:session): session closed for user root
Jun 26 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: Failed password for invalid user s from 91.92.40.49 port 44422 ssh2
Jun 26 12:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Invalid user cyrus from 91.92.40.49
Jun 26 12:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: input_userauth_request: invalid user cyrus [preauth]
Jun 26 12:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15637]: Failed password for root from 91.92.40.49 port 54800 ssh2
Jun 26 12:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: Invalid user avax from 91.92.40.49
Jun 26 12:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: input_userauth_request: invalid user avax [preauth]
Jun 26 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: Connection closed by 91.92.40.49 port 44422 [preauth]
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16195]: pam_unix(cron:session): session closed for user root
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: Successful su for rubyman by root
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: + ??? root:rubyman
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596480 of user rubyman.
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596480.
Jun 26 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: Invalid user ts3 from 91.92.40.49
Jun 26 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: input_userauth_request: invalid user ts3 [preauth]
Jun 26 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16191]: pam_unix(cron:session): session closed for user root
Jun 26 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13570]: pam_unix(cron:session): session closed for user root
Jun 26 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Failed password for invalid user cyrus from 91.92.40.49 port 55806 ssh2
Jun 26 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16190]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15637]: Connection closed by 91.92.40.49 port 54800 [preauth]
Jun 26 12:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: Failed password for invalid user avax from 91.92.40.49 port 55808 ssh2
Jun 26 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: Failed password for invalid user ts3 from 91.92.40.49 port 42704 ssh2
Jun 26 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Invalid user frappe from 91.92.40.49
Jun 26 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: input_userauth_request: invalid user frappe [preauth]
Jun 26 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Connection closed by 91.92.40.49 port 55806 [preauth]
Jun 26 12:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16523]: Connection reset by 45.148.10.141 port 34728 [preauth]
Jun 26 12:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: Connection closed by 91.92.40.49 port 55808 [preauth]
Jun 26 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session closed for user root
Jun 26 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: Failed password for root from 195.178.110.227 port 48192 ssh2
Jun 26 12:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16534]: Connection closed by 195.178.110.227 port 48192 [preauth]
Jun 26 12:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16563]: Did not receive identification string from 64.89.160.135
Jun 26 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Invalid user sam from 91.92.40.49
Jun 26 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: input_userauth_request: invalid user sam [preauth]
Jun 26 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Failed password for invalid user sam from 91.92.40.49 port 42912 ssh2
Jun 26 12:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Connection closed by 91.92.40.49 port 42912 [preauth]
Jun 26 12:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: Did not receive identification string from 91.92.40.49
Jun 26 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Invalid user admin from 113.125.165.132
Jun 26 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.165.132
Jun 26 12:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Failed password for invalid user admin from 113.125.165.132 port 46216 ssh2
Jun 26 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16625]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16693]: Successful su for rubyman by root
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16693]: + ??? root:rubyman
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596483 of user rubyman.
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16693]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596483.
Jun 26 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Failed password for invalid user frappe from 91.92.40.49 port 16432 ssh2
Jun 26 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244  user=root
Jun 26 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13993]: pam_unix(cron:session): session closed for user root
Jun 26 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16626]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: Failed password for root from 45.78.207.244 port 50396 ssh2
Jun 26 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: Received disconnect from 45.78.207.244 port 50396:11: Bye Bye [preauth]
Jun 26 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: Disconnected from 45.78.207.244 port 50396 [preauth]
Jun 26 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15795]: pam_unix(cron:session): session closed for user root
Jun 26 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16445]: Invalid user teamspeak from 91.92.40.49
Jun 26 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16445]: input_userauth_request: invalid user teamspeak [preauth]
Jun 26 12:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: Invalid user g from 91.92.40.49
Jun 26 12:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: input_userauth_request: invalid user g [preauth]
Jun 26 12:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16445]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16445]: Failed password for invalid user teamspeak from 91.92.40.49 port 34140 ssh2
Jun 26 12:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: Invalid user game from 91.92.40.49
Jun 26 12:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: input_userauth_request: invalid user game [preauth]
Jun 26 12:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16445]: Connection closed by 91.92.40.49 port 34140 [preauth]
Jun 26 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Invalid user newuser from 91.92.40.49
Jun 26 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: input_userauth_request: invalid user newuser [preauth]
Jun 26 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: Failed password for invalid user g from 91.92.40.49 port 13110 ssh2
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17129]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17187]: Successful su for rubyman by root
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17187]: + ??? root:rubyman
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596488 of user rubyman.
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17187]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596488.
Jun 26 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16471]: Failed password for root from 91.92.40.49 port 33818 ssh2
Jun 26 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: Connection closed by 91.92.40.49 port 13110 [preauth]
Jun 26 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16471]: Connection closed by 91.92.40.49 port 33818 [preauth]
Jun 26 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: Failed password for invalid user game from 91.92.40.49 port 60054 ssh2
Jun 26 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Failed password for invalid user newuser from 91.92.40.49 port 60090 ssh2
Jun 26 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14484]: pam_unix(cron:session): session closed for user root
Jun 26 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: Connection closed by 91.92.40.49 port 60054 [preauth]
Jun 26 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Connection closed by 91.92.40.49 port 60090 [preauth]
Jun 26 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17130]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: Invalid user madhuri from 91.92.40.49
Jun 26 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: input_userauth_request: invalid user madhuri [preauth]
Jun 26 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: Failed password for invalid user madhuri from 91.92.40.49 port 54322 ssh2
Jun 26 12:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16194]: pam_unix(cron:session): session closed for user root
Jun 26 12:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: Connection closed by 91.92.40.49 port 54322 [preauth]
Jun 26 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Invalid user aaa from 91.92.40.49
Jun 26 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: input_userauth_request: invalid user aaa [preauth]
Jun 26 12:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: Failed password for root from 91.92.40.49 port 31798 ssh2
Jun 26 12:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: Received disconnect from 65.181.112.131 port 47004:11: disconnected by user [preauth]
Jun 26 12:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: Disconnected from 65.181.112.131 port 47004 [preauth]
Jun 26 12:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17557]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17614]: Successful su for rubyman by root
Jun 26 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17614]: + ??? root:rubyman
Jun 26 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596492 of user rubyman.
Jun 26 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17614]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596492.
Jun 26 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: Connection closed by 91.92.40.49 port 31798 [preauth]
Jun 26 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14994]: pam_unix(cron:session): session closed for user root
Jun 26 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Failed password for invalid user aaa from 91.92.40.49 port 51374 ssh2
Jun 26 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17558]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Connection closed by 91.92.40.49 port 51374 [preauth]
Jun 26 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: Failed password for root from 195.178.110.227 port 51378 ssh2
Jun 26 12:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Failed password for root from 91.92.40.49 port 16008 ssh2
Jun 26 12:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: Connection closed by 195.178.110.227 port 51378 [preauth]
Jun 26 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16628]: pam_unix(cron:session): session closed for user root
Jun 26 12:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Connection closed by 91.92.40.49 port 16008 [preauth]
Jun 26 12:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: Invalid user user from 91.92.40.49
Jun 26 12:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: input_userauth_request: invalid user user [preauth]
Jun 26 12:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Invalid user azureuser from 91.92.40.49
Jun 26 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: input_userauth_request: invalid user azureuser [preauth]
Jun 26 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: Failed password for invalid user user from 91.92.40.49 port 47964 ssh2
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18074]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18202]: Successful su for rubyman by root
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18202]: + ??? root:rubyman
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596498 of user rubyman.
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18202]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596498.
Jun 26 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18074]: pam_unix(cron:session): session closed for user root
Jun 26 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session closed for user root
Jun 26 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: Invalid user chris from 91.92.40.49
Jun 26 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: input_userauth_request: invalid user chris [preauth]
Jun 26 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Failed password for invalid user azureuser from 91.92.40.49 port 48002 ssh2
Jun 26 12:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: Connection closed by 91.92.40.49 port 47964 [preauth]
Jun 26 12:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: Failed password for invalid user chris from 91.92.40.49 port 15544 ssh2
Jun 26 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session closed for user root
Jun 26 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Connection closed by 91.92.40.49 port 48002 [preauth]
Jun 26 12:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: Connection closed by 91.92.40.49 port 15544 [preauth]
Jun 26 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: Invalid user sftpuser from 113.125.165.132
Jun 26 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: input_userauth_request: invalid user sftpuser [preauth]
Jun 26 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.165.132
Jun 26 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: Failed password for invalid user sftpuser from 113.125.165.132 port 49504 ssh2
Jun 26 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Invalid user vpn from 91.92.40.49
Jun 26 12:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: input_userauth_request: invalid user vpn [preauth]
Jun 26 12:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: Received disconnect from 113.125.165.132 port 49504:11: Bye Bye [preauth]
Jun 26 12:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: Disconnected from 113.125.165.132 port 49504 [preauth]
Jun 26 12:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Invalid user admin2 from 91.92.40.49
Jun 26 12:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: input_userauth_request: invalid user admin2 [preauth]
Jun 26 12:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18685]: pam_unix(cron:session): session closed for user root
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18679]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: Successful su for rubyman by root
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: + ??? root:rubyman
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596502 of user rubyman.
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596502.
Jun 26 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session closed for user root
Jun 26 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15794]: pam_unix(cron:session): session closed for user root
Jun 26 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Invalid user postgres from 91.92.40.49
Jun 26 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: input_userauth_request: invalid user postgres [preauth]
Jun 26 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Failed password for invalid user vpn from 91.92.40.49 port 43418 ssh2
Jun 26 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Failed password for invalid user admin2 from 91.92.40.49 port 43470 ssh2
Jun 26 12:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Failed password for invalid user postgres from 91.92.40.49 port 35722 ssh2
Jun 26 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Connection closed by 91.92.40.49 port 43418 [preauth]
Jun 26 12:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: Failed password for root from 107.175.87.129 port 45662 ssh2
Jun 26 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: Received disconnect from 107.175.87.129 port 45662:11: Bye Bye [preauth]
Jun 26 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: Disconnected from 107.175.87.129 port 45662 [preauth]
Jun 26 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17560]: pam_unix(cron:session): session closed for user root
Jun 26 12:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Connection closed by 91.92.40.49 port 43470 [preauth]
Jun 26 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Connection closed by 91.92.40.49 port 35722 [preauth]
Jun 26 12:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19050]: Did not receive identification string from 91.92.40.49
Jun 26 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: Invalid user node from 91.92.40.49
Jun 26 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: input_userauth_request: invalid user node [preauth]
Jun 26 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19233]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19231]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Failed password for root from 195.178.110.227 port 54542 ssh2
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: Invalid user saeid from 45.78.207.244
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: input_userauth_request: invalid user saeid [preauth]
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: Successful su for rubyman by root
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: + ??? root:rubyman
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596507 of user rubyman.
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596507.
Jun 26 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Connection closed by 195.178.110.227 port 54542 [preauth]
Jun 26 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: Failed password for invalid user saeid from 45.78.207.244 port 54702 ssh2
Jun 26 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: Received disconnect from 45.78.207.244 port 54702:11: Bye Bye [preauth]
Jun 26 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: Disconnected from 45.78.207.244 port 54702 [preauth]
Jun 26 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16193]: pam_unix(cron:session): session closed for user root
Jun 26 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19232]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Invalid user python from 91.92.40.49
Jun 26 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: input_userauth_request: invalid user python [preauth]
Jun 26 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: Failed password for invalid user node from 91.92.40.49 port 63190 ssh2
Jun 26 12:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: Invalid user deployer from 91.92.40.49
Jun 26 12:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: input_userauth_request: invalid user deployer [preauth]
Jun 26 12:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Failed password for invalid user python from 91.92.40.49 port 43316 ssh2
Jun 26 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18079]: pam_unix(cron:session): session closed for user root
Jun 26 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: Connection closed by 91.92.40.49 port 63190 [preauth]
Jun 26 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: Failed password for invalid user deployer from 91.92.40.49 port 53062 ssh2
Jun 26 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19041]: Invalid user osm from 91.92.40.49
Jun 26 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19041]: input_userauth_request: invalid user osm [preauth]
Jun 26 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Connection closed by 91.92.40.49 port 43316 [preauth]
Jun 26 12:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Failed password for root from 80.66.85.226 port 44918 ssh2
Jun 26 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Connection closed by 80.66.85.226 port 44918 [preauth]
Jun 26 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Failed password for root from 91.92.40.49 port 43346 ssh2
Jun 26 12:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19936]: Successful su for rubyman by root
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19936]: + ??? root:rubyman
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596511 of user rubyman.
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19936]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596511.
Jun 26 12:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16627]: pam_unix(cron:session): session closed for user root
Jun 26 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Did not receive identification string from 91.92.40.49
Jun 26 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19041]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19041]: Failed password for invalid user osm from 91.92.40.49 port 21576 ssh2
Jun 26 12:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19849]: Did not receive identification string from 91.92.40.49
Jun 26 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: Invalid user brad from 91.92.40.49
Jun 26 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: input_userauth_request: invalid user brad [preauth]
Jun 26 12:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19552]: Invalid user armin from 91.92.40.49
Jun 26 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19552]: input_userauth_request: invalid user armin [preauth]
Jun 26 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session closed for user root
Jun 26 12:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: Failed password for invalid user brad from 91.92.40.49 port 28844 ssh2
Jun 26 12:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: Invalid user anmol from 91.92.40.49
Jun 26 12:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: input_userauth_request: invalid user anmol [preauth]
Jun 26 12:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20262]: Did not receive identification string from 91.92.40.49
Jun 26 12:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19552]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19552]: Failed password for invalid user armin from 91.92.40.49 port 17244 ssh2
Jun 26 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: Did not receive identification string from 91.92.40.49
Jun 26 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: Failed password for invalid user anmol from 91.92.40.49 port 50062 ssh2
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20375]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20440]: Successful su for rubyman by root
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20440]: + ??? root:rubyman
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596517 of user rubyman.
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20440]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596517.
Jun 26 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17131]: pam_unix(cron:session): session closed for user root
Jun 26 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Invalid user pi from 91.92.40.49
Jun 26 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: input_userauth_request: invalid user pi [preauth]
Jun 26 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20376]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: Connection closed by 91.92.40.49 port 50062 [preauth]
Jun 26 12:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Failed password for invalid user pi from 91.92.40.49 port 33646 ssh2
Jun 26 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19234]: pam_unix(cron:session): session closed for user root
Jun 26 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Did not receive identification string from 91.92.40.49
Jun 26 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20679]: Did not receive identification string from 91.92.40.49
Jun 26 12:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: Invalid user jason1 from 107.175.87.129
Jun 26 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: input_userauth_request: invalid user jason1 [preauth]
Jun 26 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: Failed password for root from 195.178.110.227 port 57720 ssh2
Jun 26 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20826]: Connection closed by 195.178.110.227 port 57720 [preauth]
Jun 26 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Did not receive identification string from 91.92.40.49
Jun 26 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: Failed password for invalid user jason1 from 107.175.87.129 port 37534 ssh2
Jun 26 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: Received disconnect from 107.175.87.129 port 37534:11: Bye Bye [preauth]
Jun 26 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: Disconnected from 107.175.87.129 port 37534 [preauth]
Jun 26 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 12:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: Failed password for root from 103.176.20.57 port 37700 ssh2
Jun 26 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: Connection closed by 103.176.20.57 port 37700 [preauth]
Jun 26 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20892]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20890]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: Successful su for rubyman by root
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: + ??? root:rubyman
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596519 of user rubyman.
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596519.
Jun 26 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Invalid user deploy from 91.92.40.49
Jun 26 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: input_userauth_request: invalid user deploy [preauth]
Jun 26 12:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17559]: pam_unix(cron:session): session closed for user root
Jun 26 12:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20891]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20246]: Failed password for root from 91.92.40.49 port 36728 ssh2
Jun 26 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Failed password for invalid user deploy from 91.92.40.49 port 21034 ssh2
Jun 26 12:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244  user=root
Jun 26 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Failed password for root from 45.78.207.244 port 34346 ssh2
Jun 26 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Received disconnect from 45.78.207.244 port 34346:11: Bye Bye [preauth]
Jun 26 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Disconnected from 45.78.207.244 port 34346 [preauth]
Jun 26 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: Failed password for root from 91.92.40.49 port 46164 ssh2
Jun 26 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Connection closed by 91.92.40.49 port 21034 [preauth]
Jun 26 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: Failed password for root from 103.172.78.219 port 47766 ssh2
Jun 26 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: Connection closed by 103.172.78.219 port 47766 [preauth]
Jun 26 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Failed password for root from 91.92.40.49 port 46168 ssh2
Jun 26 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session closed for user root
Jun 26 12:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: Connection closed by 91.92.40.49 port 46164 [preauth]
Jun 26 12:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Connection closed by 91.92.40.49 port 46168 [preauth]
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21307]: pam_unix(cron:session): session closed for user root
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21302]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21385]: Successful su for rubyman by root
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21385]: + ??? root:rubyman
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596525 of user rubyman.
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21385]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596525.
Jun 26 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21304]: pam_unix(cron:session): session closed for user root
Jun 26 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18078]: pam_unix(cron:session): session closed for user root
Jun 26 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21303]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Invalid user user01 from 91.92.40.49
Jun 26 12:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: input_userauth_request: invalid user user01 [preauth]
Jun 26 12:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: Failed password for root from 91.92.40.49 port 63062 ssh2
Jun 26 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20378]: pam_unix(cron:session): session closed for user root
Jun 26 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Failed password for invalid user user01 from 91.92.40.49 port 51656 ssh2
Jun 26 12:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21722]: Received disconnect from 62.210.189.225 port 34944:11: disconnected by user [preauth]
Jun 26 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21722]: Disconnected from 62.210.189.225 port 34944 [preauth]
Jun 26 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: Invalid user ftpuser from 107.175.87.129
Jun 26 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: Invalid user jay from 91.92.40.49
Jun 26 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: input_userauth_request: invalid user jay [preauth]
Jun 26 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: Failed password for invalid user ftpuser from 107.175.87.129 port 42666 ssh2
Jun 26 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: Received disconnect from 107.175.87.129 port 42666:11: Bye Bye [preauth]
Jun 26 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: Disconnected from 107.175.87.129 port 42666 [preauth]
Jun 26 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: Connection closed by 91.92.40.49 port 63062 [preauth]
Jun 26 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Invalid user testuser from 91.92.40.49
Jun 26 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: input_userauth_request: invalid user testuser [preauth]
Jun 26 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Connection closed by 91.92.40.49 port 51656 [preauth]
Jun 26 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244  user=root
Jun 26 12:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Failed password for root from 45.78.207.244 port 56750 ssh2
Jun 26 12:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Received disconnect from 45.78.207.244 port 56750:11: Bye Bye [preauth]
Jun 26 12:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Disconnected from 45.78.207.244 port 56750 [preauth]
Jun 26 12:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21797]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21868]: Successful su for rubyman by root
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21868]: + ??? root:rubyman
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596529 of user rubyman.
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21868]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596529.
Jun 26 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: Failed password for invalid user jay from 91.92.40.49 port 47114 ssh2
Jun 26 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session closed for user root
Jun 26 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21798]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Failed password for invalid user testuser from 91.92.40.49 port 47170 ssh2
Jun 26 12:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: Invalid user user from 91.92.40.49
Jun 26 12:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: input_userauth_request: invalid user user [preauth]
Jun 26 12:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: Failed password for root from 195.178.110.227 port 60876 ssh2
Jun 26 12:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: Connection closed by 195.178.110.227 port 60876 [preauth]
Jun 26 12:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: Connection closed by 91.92.40.49 port 47114 [preauth]
Jun 26 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: Invalid user telegram from 91.92.40.49
Jun 26 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: input_userauth_request: invalid user telegram [preauth]
Jun 26 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20893]: pam_unix(cron:session): session closed for user root
Jun 26 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: Failed password for invalid user user from 91.92.40.49 port 31828 ssh2
Jun 26 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: Failed password for invalid user telegram from 91.92.40.49 port 48804 ssh2
Jun 26 12:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: Invalid user student from 91.92.40.49
Jun 26 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: input_userauth_request: invalid user student [preauth]
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session closed for user root
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22214]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22277]: Successful su for rubyman by root
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22277]: + ??? root:rubyman
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596532 of user rubyman.
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22277]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596532.
Jun 26 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19233]: pam_unix(cron:session): session closed for user root
Jun 26 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22215]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: Invalid user dani from 91.92.40.49
Jun 26 12:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: input_userauth_request: invalid user dani [preauth]
Jun 26 12:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Did not receive identification string from 91.92.40.49
Jun 26 12:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Did not receive identification string from 91.92.40.49
Jun 26 12:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21721]: Failed password for invalid user student from 91.92.40.49 port 40714 ssh2
Jun 26 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21736]: Invalid user rock from 91.92.40.49
Jun 26 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21736]: input_userauth_request: invalid user rock [preauth]
Jun 26 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Invalid user trung from 107.175.87.129
Jun 26 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: input_userauth_request: invalid user trung [preauth]
Jun 26 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: Failed password for invalid user dani from 91.92.40.49 port 63574 ssh2
Jun 26 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Failed password for invalid user trung from 107.175.87.129 port 53366 ssh2
Jun 26 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Received disconnect from 107.175.87.129 port 53366:11: Bye Bye [preauth]
Jun 26 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Disconnected from 107.175.87.129 port 53366 [preauth]
Jun 26 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21306]: pam_unix(cron:session): session closed for user root
Jun 26 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Invalid user hadoop from 45.78.207.244
Jun 26 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: input_userauth_request: invalid user hadoop [preauth]
Jun 26 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 12:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Failed password for invalid user hadoop from 45.78.207.244 port 56284 ssh2
Jun 26 12:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Received disconnect from 45.78.207.244 port 56284:11: Bye Bye [preauth]
Jun 26 12:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Disconnected from 45.78.207.244 port 56284 [preauth]
Jun 26 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Invalid user deploy from 91.92.40.49
Jun 26 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: input_userauth_request: invalid user deploy [preauth]
Jun 26 12:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22712]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22783]: Successful su for rubyman by root
Jun 26 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22783]: + ??? root:rubyman
Jun 26 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596537 of user rubyman.
Jun 26 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22783]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596537.
Jun 26 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session closed for user root
Jun 26 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22713]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: Invalid user steam from 91.92.40.49
Jun 26 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: input_userauth_request: invalid user steam [preauth]
Jun 26 12:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22155]: Failed password for root from 91.92.40.49 port 23402 ssh2
Jun 26 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21800]: pam_unix(cron:session): session closed for user root
Jun 26 12:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: Failed password for invalid user steam from 91.92.40.49 port 46338 ssh2
Jun 26 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22155]: Connection closed by 91.92.40.49 port 23402 [preauth]
Jun 26 12:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: Invalid user openclaw from 91.92.40.49
Jun 26 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: input_userauth_request: invalid user openclaw [preauth]
Jun 26 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: Failed password for root from 195.178.110.227 port 35802 ssh2
Jun 26 12:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23063]: Connection closed by 195.178.110.227 port 35802 [preauth]
Jun 26 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: Connection closed by 91.92.40.49 port 46338 [preauth]
Jun 26 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Invalid user william from 91.92.40.49
Jun 26 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: input_userauth_request: invalid user william [preauth]
Jun 26 12:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: Failed password for invalid user openclaw from 91.92.40.49 port 53606 ssh2
Jun 26 12:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: Invalid user kafka from 91.92.40.49
Jun 26 12:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: input_userauth_request: invalid user kafka [preauth]
Jun 26 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: Invalid user web from 91.92.40.49
Jun 26 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: input_userauth_request: invalid user web [preauth]
Jun 26 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: Connection closed by 91.92.40.49 port 53606 [preauth]
Jun 26 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Failed password for invalid user william from 91.92.40.49 port 23044 ssh2
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23183]: Successful su for rubyman by root
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23183]: + ??? root:rubyman
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596541 of user rubyman.
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23183]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596541.
Jun 26 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Connection closed by 91.92.40.49 port 23044 [preauth]
Jun 26 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: Failed password for invalid user kafka from 91.92.40.49 port 53642 ssh2
Jun 26 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: Connection closed by 91.92.40.49 port 53642 [preauth]
Jun 26 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: Failed password for invalid user web from 91.92.40.49 port 29572 ssh2
Jun 26 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22968]: Connection closed by 91.92.40.49 port 29572 [preauth]
Jun 26 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20377]: pam_unix(cron:session): session closed for user root
Jun 26 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: Invalid user ftpuser from 45.78.207.244
Jun 26 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: Failed password for invalid user ftpuser from 45.78.207.244 port 44816 ssh2
Jun 26 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: Received disconnect from 45.78.207.244 port 44816:11: Bye Bye [preauth]
Jun 26 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23426]: Disconnected from 45.78.207.244 port 44816 [preauth]
Jun 26 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Invalid user tet from 107.175.87.129
Jun 26 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: input_userauth_request: invalid user tet [preauth]
Jun 26 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Failed password for invalid user tet from 107.175.87.129 port 37340 ssh2
Jun 26 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Received disconnect from 107.175.87.129 port 37340:11: Bye Bye [preauth]
Jun 26 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Disconnected from 107.175.87.129 port 37340 [preauth]
Jun 26 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: Invalid user admin from 91.92.40.49
Jun 26 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Invalid user fahmi from 91.92.40.49
Jun 26 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: input_userauth_request: invalid user fahmi [preauth]
Jun 26 12:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: Failed password for invalid user admin from 91.92.40.49 port 22234 ssh2
Jun 26 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22217]: pam_unix(cron:session): session closed for user root
Jun 26 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Failed password for invalid user fahmi from 91.92.40.49 port 32928 ssh2
Jun 26 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: Connection closed by 91.92.40.49 port 22234 [preauth]
Jun 26 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Connection closed by 91.92.40.49 port 32928 [preauth]
Jun 26 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23561]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23562]: pam_unix(cron:session): session closed for user root
Jun 26 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23557]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23626]: Successful su for rubyman by root
Jun 26 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23626]: + ??? root:rubyman
Jun 26 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596547 of user rubyman.
Jun 26 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23626]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596547.
Jun 26 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session closed for user root
Jun 26 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20892]: pam_unix(cron:session): session closed for user root
Jun 26 12:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23558]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: Failed password for root from 91.92.40.49 port 35250 ssh2
Jun 26 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Invalid user peter from 91.92.40.49
Jun 26 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: input_userauth_request: invalid user peter [preauth]
Jun 26 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: Connection closed by 91.92.40.49 port 35250 [preauth]
Jun 26 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22716]: pam_unix(cron:session): session closed for user root
Jun 26 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Failed password for invalid user peter from 91.92.40.49 port 27542 ssh2
Jun 26 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Connection closed by 91.92.40.49 port 27542 [preauth]
Jun 26 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24110]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24107]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24176]: Successful su for rubyman by root
Jun 26 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24176]: + ??? root:rubyman
Jun 26 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596553 of user rubyman.
Jun 26 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24176]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596553.
Jun 26 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21305]: pam_unix(cron:session): session closed for user root
Jun 26 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24108]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: Failed password for root from 91.92.40.49 port 49290 ssh2
Jun 26 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: Failed password for root from 107.175.87.129 port 37630 ssh2
Jun 26 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: Received disconnect from 107.175.87.129 port 37630:11: Bye Bye [preauth]
Jun 26 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24392]: Disconnected from 107.175.87.129 port 37630 [preauth]
Jun 26 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: Failed password for root from 91.92.40.49 port 49302 ssh2
Jun 26 12:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: Failed password for root from 202.178.126.219 port 28766 ssh2
Jun 26 12:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: Connection closed by 202.178.126.219 port 28766 [preauth]
Jun 26 12:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24416]: Failed password for root from 195.178.110.227 port 38964 ssh2
Jun 26 12:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23948]: Connection closed by 91.92.40.49 port 49290 [preauth]
Jun 26 12:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24416]: Connection closed by 195.178.110.227 port 38964 [preauth]
Jun 26 12:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: Failed password for root from 91.92.40.49 port 49324 ssh2
Jun 26 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24453]: Failed password for root from 103.82.20.28 port 50426 ssh2
Jun 26 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24453]: Connection closed by 103.82.20.28 port 50426 [preauth]
Jun 26 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23126]: pam_unix(cron:session): session closed for user root
Jun 26 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: Connection closed by 91.92.40.49 port 49302 [preauth]
Jun 26 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Invalid user ftpuser from 91.92.40.49
Jun 26 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 12:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: Connection closed by 91.92.40.49 port 49324 [preauth]
Jun 26 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Failed password for invalid user ftpuser from 91.92.40.49 port 18166 ssh2
Jun 26 12:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: Successful su for rubyman by root
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: + ??? root:rubyman
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596555 of user rubyman.
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596555.
Jun 26 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21799]: pam_unix(cron:session): session closed for user root
Jun 26 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24556]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Connection closed by 91.92.40.49 port 18166 [preauth]
Jun 26 12:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24105]: Failed password for root from 91.92.40.49 port 59534 ssh2
Jun 26 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23561]: pam_unix(cron:session): session closed for user root
Jun 26 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24428]: Invalid user green from 91.92.40.49
Jun 26 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24428]: input_userauth_request: invalid user green [preauth]
Jun 26 12:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24105]: Connection closed by 91.92.40.49 port 59534 [preauth]
Jun 26 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: Invalid user www from 91.92.40.49
Jun 26 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: input_userauth_request: invalid user www [preauth]
Jun 26 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: Failed password for root from 103.77.242.62 port 53852 ssh2
Jun 26 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24965]: Connection closed by 103.77.242.62 port 53852 [preauth]
Jun 26 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Failed password for root from 91.92.40.49 port 20626 ssh2
Jun 26 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: Successful su for rubyman by root
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: + ??? root:rubyman
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596559 of user rubyman.
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596559.
Jun 26 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24428]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Invalid user home from 107.175.87.129
Jun 26 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: input_userauth_request: invalid user home [preauth]
Jun 26 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22216]: pam_unix(cron:session): session closed for user root
Jun 26 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24428]: Failed password for invalid user green from 91.92.40.49 port 20644 ssh2
Jun 26 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for invalid user home from 107.175.87.129 port 36864 ssh2
Jun 26 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Received disconnect from 107.175.87.129 port 36864:11: Bye Bye [preauth]
Jun 26 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Disconnected from 107.175.87.129 port 36864 [preauth]
Jun 26 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: Failed password for invalid user www from 91.92.40.49 port 52902 ssh2
Jun 26 12:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Invalid user ubuntu from 91.92.40.49
Jun 26 12:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 12:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: Did not receive identification string from 91.92.40.49
Jun 26 12:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24111]: pam_unix(cron:session): session closed for user root
Jun 26 12:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Failed password for invalid user ubuntu from 91.92.40.49 port 51998 ssh2
Jun 26 12:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Invalid user ubuntu from 91.92.40.49
Jun 26 12:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 12:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.165.132  user=root
Jun 26 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25396]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: Failed password for root from 113.125.165.132 port 35364 ssh2
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25455]: Successful su for rubyman by root
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25455]: + ??? root:rubyman
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596565 of user rubyman.
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25455]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596565.
Jun 26 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: Failed password for root from 195.178.110.227 port 42130 ssh2
Jun 26 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: Connection closed by 195.178.110.227 port 42130 [preauth]
Jun 26 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25397]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22715]: pam_unix(cron:session): session closed for user root
Jun 26 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Failed password for invalid user ubuntu from 91.92.40.49 port 10528 ssh2
Jun 26 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: Failed password for root from 91.92.40.49 port 10584 ssh2
Jun 26 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244  user=root
Jun 26 12:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: Failed password for root from 91.92.40.49 port 42704 ssh2
Jun 26 12:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: Failed password for root from 45.78.207.244 port 51766 ssh2
Jun 26 12:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: Received disconnect from 45.78.207.244 port 51766:11: Bye Bye [preauth]
Jun 26 12:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25670]: Disconnected from 45.78.207.244 port 51766 [preauth]
Jun 26 12:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session closed for user root
Jun 26 12:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: Did not receive identification string from 91.92.40.49
Jun 26 12:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: Failed password for root from 91.92.40.49 port 40382 ssh2
Jun 26 12:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25782]: Invalid user github from 107.175.87.129
Jun 26 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25782]: input_userauth_request: invalid user github [preauth]
Jun 26 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25782]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25782]: Failed password for invalid user github from 107.175.87.129 port 40068 ssh2
Jun 26 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25782]: Received disconnect from 107.175.87.129 port 40068:11: Bye Bye [preauth]
Jun 26 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25782]: Disconnected from 107.175.87.129 port 40068 [preauth]
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Invalid user ftpuser from 91.92.40.49
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25803]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25804]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25804]: pam_unix(cron:session): session closed for user root
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25798]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25873]: Successful su for rubyman by root
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25873]: + ??? root:rubyman
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596567 of user rubyman.
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25873]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596567.
Jun 26 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25800]: pam_unix(cron:session): session closed for user root
Jun 26 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session closed for user root
Jun 26 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25799]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: Failed password for root from 91.92.40.49 port 35698 ssh2
Jun 26 12:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Failed password for invalid user ftpuser from 91.92.40.49 port 47584 ssh2
Jun 26 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Invalid user ivan from 91.92.40.49
Jun 26 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: input_userauth_request: invalid user ivan [preauth]
Jun 26 12:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Did not receive identification string from 91.92.40.49
Jun 26 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session closed for user root
Jun 26 12:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: Connection closed by 91.92.40.49 port 35698 [preauth]
Jun 26 12:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Did not receive identification string from 91.92.40.49
Jun 26 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26114]: Did not receive identification string from 91.92.40.49
Jun 26 12:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Invalid user ai from 91.92.40.49
Jun 26 12:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: input_userauth_request: invalid user ai [preauth]
Jun 26 12:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Failed password for invalid user ivan from 91.92.40.49 port 16308 ssh2
Jun 26 12:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Invalid user ana from 91.92.40.49
Jun 26 12:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: input_userauth_request: invalid user ana [preauth]
Jun 26 12:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 12:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for root from 141.98.83.240 port 5484 ssh2
Jun 26 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for root from 141.98.83.240 port 5484 ssh2
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26311]: Successful su for rubyman by root
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26311]: + ??? root:rubyman
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596574 of user rubyman.
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26311]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596574.
Jun 26 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for root from 141.98.83.240 port 5484 ssh2
Jun 26 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Connection closed by 141.98.83.240 port 5484 [preauth]
Jun 26 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 12:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: Connection reset by 45.78.207.244 port 37716 [preauth]
Jun 26 12:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session closed for user root
Jun 26 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Failed password for invalid user ai from 91.92.40.49 port 62996 ssh2
Jun 26 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: Failed password for root from 77.94.47.83 port 47616 ssh2
Jun 26 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26472]: Connection closed by 77.94.47.83 port 47616 [preauth]
Jun 26 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: Invalid user pz from 91.92.40.49
Jun 26 12:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: input_userauth_request: invalid user pz [preauth]
Jun 26 12:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Failed password for invalid user ana from 91.92.40.49 port 32246 ssh2
Jun 26 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Invalid user ftpuser from 91.92.40.49
Jun 26 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: input_userauth_request: invalid user ftpuser [preauth]
Jun 26 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Invalid user admin from 139.19.117.131
Jun 26 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Connection closed by 91.92.40.49 port 62996 [preauth]
Jun 26 12:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26501]: Connection closed by 139.19.117.131 port 59746 [preauth]
Jun 26 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: Failed password for invalid user pz from 91.92.40.49 port 22932 ssh2
Jun 26 12:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Failed password for invalid user ftpuser from 91.92.40.49 port 51664 ssh2
Jun 26 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session closed for user root
Jun 26 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26588]: Failed password for root from 103.149.28.157 port 41522 ssh2
Jun 26 12:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26588]: Connection closed by 103.149.28.157 port 41522 [preauth]
Jun 26 12:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Failed password for root from 195.178.110.227 port 45296 ssh2
Jun 26 12:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Connection closed by 195.178.110.227 port 45296 [preauth]
Jun 26 12:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25796]: Connection closed by 91.92.40.49 port 22932 [preauth]
Jun 26 12:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Connection closed by 91.92.40.49 port 51664 [preauth]
Jun 26 12:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Failed password for root from 107.175.87.129 port 53742 ssh2
Jun 26 12:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Received disconnect from 107.175.87.129 port 53742:11: Bye Bye [preauth]
Jun 26 12:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Disconnected from 107.175.87.129 port 53742 [preauth]
Jun 26 12:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26652]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26801]: Successful su for rubyman by root
Jun 26 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26801]: + ??? root:rubyman
Jun 26 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596579 of user rubyman.
Jun 26 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26801]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596579.
Jun 26 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24110]: pam_unix(cron:session): session closed for user root
Jun 26 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Invalid user botuser from 91.92.40.49
Jun 26 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: input_userauth_request: invalid user botuser [preauth]
Jun 26 12:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26491]: Invalid user redmine from 91.92.40.49
Jun 26 12:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26491]: input_userauth_request: invalid user redmine [preauth]
Jun 26 12:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27015]: Connection closed by 45.148.10.121 port 38852 [preauth]
Jun 26 12:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Failed password for invalid user botuser from 91.92.40.49 port 55882 ssh2
Jun 26 12:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26491]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26491]: Failed password for invalid user redmine from 91.92.40.49 port 12604 ssh2
Jun 26 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25803]: pam_unix(cron:session): session closed for user root
Jun 26 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Invalid user sahil from 91.92.40.49
Jun 26 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: input_userauth_request: invalid user sahil [preauth]
Jun 26 12:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Invalid user user2 from 45.78.207.244
Jun 26 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: input_userauth_request: invalid user user2 [preauth]
Jun 26 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.207.244
Jun 26 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Connection closed by 91.92.40.49 port 55882 [preauth]
Jun 26 12:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Failed password for invalid user user2 from 45.78.207.244 port 58866 ssh2
Jun 26 12:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Received disconnect from 45.78.207.244 port 58866:11: Bye Bye [preauth]
Jun 26 12:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27086]: Disconnected from 45.78.207.244 port 58866 [preauth]
Jun 26 12:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26491]: Connection closed by 91.92.40.49 port 12604 [preauth]
Jun 26 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 12:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Failed password for invalid user sahil from 91.92.40.49 port 63888 ssh2
Jun 26 12:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Failed password for root from 103.122.221.179 port 50262 ssh2
Jun 26 12:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Connection closed by 103.122.221.179 port 50262 [preauth]
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27146]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27144]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27209]: Successful su for rubyman by root
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27209]: + ??? root:rubyman
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596581 of user rubyman.
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27209]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596581.
Jun 26 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session closed for user root
Jun 26 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27145]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Invalid user ops from 91.92.40.49
Jun 26 12:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: input_userauth_request: invalid user ops [preauth]
Jun 26 12:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Connection closed by 91.92.40.49 port 63888 [preauth]
Jun 26 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26981]: Invalid user benjamin from 91.92.40.49
Jun 26 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26981]: input_userauth_request: invalid user benjamin [preauth]
Jun 26 12:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Failed password for invalid user ops from 91.92.40.49 port 35350 ssh2
Jun 26 12:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26981]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26981]: Failed password for invalid user benjamin from 91.92.40.49 port 35382 ssh2
Jun 26 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session closed for user root
Jun 26 12:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26990]: Failed password for root from 91.92.40.49 port 26812 ssh2
Jun 26 12:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Connection closed by 91.92.40.49 port 35350 [preauth]
Jun 26 12:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27088]: Invalid user marketing from 91.92.40.49
Jun 26 12:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27088]: input_userauth_request: invalid user marketing [preauth]
Jun 26 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26981]: Connection closed by 91.92.40.49 port 35382 [preauth]
Jun 26 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: Invalid user cas from 91.92.40.49
Jun 26 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: input_userauth_request: invalid user cas [preauth]
Jun 26 12:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26990]: Connection closed by 91.92.40.49 port 26812 [preauth]
Jun 26 12:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: Failed password for root from 107.175.87.129 port 52136 ssh2
Jun 26 12:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: Received disconnect from 107.175.87.129 port 52136:11: Bye Bye [preauth]
Jun 26 12:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27528]: Disconnected from 107.175.87.129 port 52136 [preauth]
Jun 26 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27088]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27088]: Failed password for invalid user marketing from 91.92.40.49 port 37886 ssh2
Jun 26 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: Failed password for invalid user cas from 91.92.40.49 port 37938 ssh2
Jun 26 12:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27589]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27590]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27587]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27648]: Successful su for rubyman by root
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27648]: + ??? root:rubyman
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596588 of user rubyman.
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27648]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596588.
Jun 26 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227  user=root
Jun 26 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session closed for user root
Jun 26 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27588]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: Failed password for root from 195.178.110.227 port 48442 ssh2
Jun 26 12:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27577]: Connection closed by 195.178.110.227 port 48442 [preauth]
Jun 26 12:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27088]: Connection closed by 91.92.40.49 port 37886 [preauth]
Jun 26 12:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27111]: Connection closed by 91.92.40.49 port 37938 [preauth]
Jun 26 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session closed for user root
Jun 26 12:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: Failed password for root from 91.92.40.49 port 27648 ssh2
Jun 26 12:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Invalid user ubuntu from 91.92.40.49
Jun 26 12:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 12:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27545]: Invalid user server from 91.92.40.49
Jun 26 12:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27545]: input_userauth_request: invalid user server [preauth]
Jun 26 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: Connection closed by 91.92.40.49 port 27648 [preauth]
Jun 26 12:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28001]: pam_unix(cron:session): session closed for user root
Jun 26 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27994]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28117]: Successful su for rubyman by root
Jun 26 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28117]: + ??? root:rubyman
Jun 26 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596590 of user rubyman.
Jun 26 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28117]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596590.
Jun 26 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Failed password for invalid user ubuntu from 91.92.40.49 port 50000 ssh2
Jun 26 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27545]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session closed for user root
Jun 26 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27997]: pam_unix(cron:session): session closed for user root
Jun 26 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27576]: Invalid user aaa from 91.92.40.49
Jun 26 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27576]: input_userauth_request: invalid user aaa [preauth]
Jun 26 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27545]: Failed password for invalid user server from 91.92.40.49 port 17894 ssh2
Jun 26 12:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27996]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27564]: Connection closed by 91.92.40.49 port 50000 [preauth]
Jun 26 12:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27576]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27545]: Connection closed by 91.92.40.49 port 17894 [preauth]
Jun 26 12:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27576]: Failed password for invalid user aaa from 91.92.40.49 port 50028 ssh2
Jun 26 12:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27147]: pam_unix(cron:session): session closed for user root
Jun 26 12:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27576]: Connection closed by 91.92.40.49 port 50028 [preauth]
Jun 26 12:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28431]: Connection closed by 194.59.206.2 port 46664 [preauth]
Jun 26 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Invalid user csserver from 91.92.40.49
Jun 26 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: input_userauth_request: invalid user csserver [preauth]
Jun 26 12:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: Failed password for root from 107.175.87.129 port 39756 ssh2
Jun 26 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: Received disconnect from 107.175.87.129 port 39756:11: Bye Bye [preauth]
Jun 26 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: Disconnected from 107.175.87.129 port 39756 [preauth]
Jun 26 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Failed password for invalid user csserver from 91.92.40.49 port 47090 ssh2
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28493]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28563]: Successful su for rubyman by root
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28563]: + ??? root:rubyman
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596596 of user rubyman.
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28563]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596596.
Jun 26 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25801]: pam_unix(cron:session): session closed for user root
Jun 26 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: Invalid user odoo from 91.92.40.49
Jun 26 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: input_userauth_request: invalid user odoo [preauth]
Jun 26 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28489]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Invalid user mc from 91.92.40.49
Jun 26 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: input_userauth_request: invalid user mc [preauth]
Jun 26 12:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Connection closed by 91.92.40.49 port 47090 [preauth]
Jun 26 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: Failed password for invalid user odoo from 91.92.40.49 port 51090 ssh2
Jun 26 12:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Failed password for invalid user mc from 91.92.40.49 port 31476 ssh2
Jun 26 12:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Invalid user admin from 195.178.110.227
Jun 26 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: Connection closed by 91.92.40.49 port 51090 [preauth]
Jun 26 12:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227
Jun 26 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27590]: pam_unix(cron:session): session closed for user root
Jun 26 12:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Failed password for invalid user admin from 195.178.110.227 port 51588 ssh2
Jun 26 12:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Connection closed by 195.178.110.227 port 51588 [preauth]
Jun 26 12:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: Invalid user test from 91.92.40.49
Jun 26 12:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: input_userauth_request: invalid user test [preauth]
Jun 26 12:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: Failed password for invalid user test from 91.92.40.49 port 58464 ssh2
Jun 26 12:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: Connection closed by 91.92.40.49 port 58464 [preauth]
Jun 26 12:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Connection closed by 91.92.40.49 port 31476 [preauth]
Jun 26 12:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Failed password for root from 91.92.40.49 port 64530 ssh2
Jun 26 12:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Connection closed by 91.92.40.49 port 64530 [preauth]
Jun 26 12:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Failed password for root from 91.92.40.49 port 52606 ssh2
Jun 26 12:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Connection closed by 91.92.40.49 port 52606 [preauth]
Jun 26 12:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29017]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29088]: Successful su for rubyman by root
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29088]: + ??? root:rubyman
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596600 of user rubyman.
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29088]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596600.
Jun 26 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26243]: pam_unix(cron:session): session closed for user root
Jun 26 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28875]: Invalid user stef from 91.92.40.49
Jun 26 12:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28875]: input_userauth_request: invalid user stef [preauth]
Jun 26 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28875]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28875]: Failed password for invalid user stef from 91.92.40.49 port 62918 ssh2
Jun 26 12:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Invalid user user from 91.92.40.49
Jun 26 12:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: input_userauth_request: invalid user user [preauth]
Jun 26 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 12:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Failed password for root from 38.93.206.2 port 10556 ssh2
Jun 26 12:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Connection closed by 38.93.206.2 port 10556 [preauth]
Jun 26 12:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27999]: pam_unix(cron:session): session closed for user root
Jun 26 12:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28875]: Connection closed by 91.92.40.49 port 62918 [preauth]
Jun 26 12:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 12:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Failed password for root from 103.27.238.120 port 49740 ssh2
Jun 26 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Failed password for invalid user user from 91.92.40.49 port 46612 ssh2
Jun 26 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Connection closed by 103.27.238.120 port 49740 [preauth]
Jun 26 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Invalid user work from 107.175.87.129
Jun 26 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: input_userauth_request: invalid user work [preauth]
Jun 26 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Failed password for invalid user work from 107.175.87.129 port 33910 ssh2
Jun 26 12:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Received disconnect from 107.175.87.129 port 33910:11: Bye Bye [preauth]
Jun 26 12:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29402]: Disconnected from 107.175.87.129 port 33910 [preauth]
Jun 26 12:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Connection closed by 91.92.40.49 port 46612 [preauth]
Jun 26 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: Invalid user andreas from 91.92.40.49
Jun 26 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: input_userauth_request: invalid user andreas [preauth]
Jun 26 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29461]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29458]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29621]: Successful su for rubyman by root
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29621]: + ??? root:rubyman
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596603 of user rubyman.
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29621]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596603.
Jun 26 12:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26658]: pam_unix(cron:session): session closed for user root
Jun 26 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29459]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: Failed password for invalid user andreas from 91.92.40.49 port 62274 ssh2
Jun 26 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: Connection closed by 91.92.40.49 port 62274 [preauth]
Jun 26 12:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 12:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: Failed password for root from 103.153.68.219 port 55842 ssh2
Jun 26 12:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: Connection closed by 103.153.68.219 port 55842 [preauth]
Jun 26 12:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29323]: Failed password for root from 91.92.40.49 port 62330 ssh2
Jun 26 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28493]: pam_unix(cron:session): session closed for user root
Jun 26 12:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: Invalid user pi from 91.92.40.49
Jun 26 12:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: input_userauth_request: invalid user pi [preauth]
Jun 26 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29323]: Connection closed by 91.92.40.49 port 62330 [preauth]
Jun 26 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: Invalid user fastuser from 91.92.40.49
Jun 26 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: input_userauth_request: invalid user fastuser [preauth]
Jun 26 12:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: Failed password for invalid user pi from 91.92.40.49 port 17090 ssh2
Jun 26 12:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: Failed password for invalid user fastuser from 91.92.40.49 port 20964 ssh2
Jun 26 12:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: Connection closed by 91.92.40.49 port 17090 [preauth]
Jun 26 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Failed password for root from 103.77.175.15 port 43090 ssh2
Jun 26 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Connection closed by 103.77.175.15 port 43090 [preauth]
Jun 26 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: Connection closed by 91.92.40.49 port 20964 [preauth]
Jun 26 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Failed password for root from 91.92.40.49 port 63176 ssh2
Jun 26 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: Successful su for rubyman by root
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: + ??? root:rubyman
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596607 of user rubyman.
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596607.
Jun 26 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.165.132  user=root
Jun 26 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Failed password for root from 113.125.165.132 port 43492 ssh2
Jun 26 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: Invalid user admin from 195.178.110.227
Jun 26 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27146]: pam_unix(cron:session): session closed for user root
Jun 26 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227
Jun 26 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30012]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: Failed password for invalid user admin from 195.178.110.227 port 54744 ssh2
Jun 26 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: Invalid user deployer from 91.92.40.49
Jun 26 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: input_userauth_request: invalid user deployer [preauth]
Jun 26 12:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30009]: Connection closed by 195.178.110.227 port 54744 [preauth]
Jun 26 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Connection closed by 91.92.40.49 port 63176 [preauth]
Jun 26 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: Failed password for invalid user deployer from 91.92.40.49 port 47604 ssh2
Jun 26 12:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: Invalid user gmod from 91.92.40.49
Jun 26 12:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: input_userauth_request: invalid user gmod [preauth]
Jun 26 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: Connection closed by 91.92.40.49 port 47604 [preauth]
Jun 26 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: Invalid user stan from 107.175.87.129
Jun 26 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: input_userauth_request: invalid user stan [preauth]
Jun 26 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: Failed password for invalid user stan from 107.175.87.129 port 37754 ssh2
Jun 26 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: Received disconnect from 107.175.87.129 port 37754:11: Bye Bye [preauth]
Jun 26 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30343]: Disconnected from 107.175.87.129 port 37754 [preauth]
Jun 26 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: Invalid user test from 91.92.40.49
Jun 26 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: input_userauth_request: invalid user test [preauth]
Jun 26 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session closed for user root
Jun 26 12:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: Failed password for invalid user gmod from 91.92.40.49 port 15600 ssh2
Jun 26 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: Failed password for invalid user test from 91.92.40.49 port 15662 ssh2
Jun 26 12:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: Connection closed by 91.92.40.49 port 15600 [preauth]
Jun 26 12:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: Failed password for root from 91.92.40.49 port 58842 ssh2
Jun 26 12:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: Connection closed by 91.92.40.49 port 15662 [preauth]
Jun 26 12:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30345]: Invalid user deployer from 91.92.40.49
Jun 26 12:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30345]: input_userauth_request: invalid user deployer [preauth]
Jun 26 12:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: Connection closed by 91.92.40.49 port 58842 [preauth]
Jun 26 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session closed for user root
Jun 26 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: Successful su for rubyman by root
Jun 26 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: + ??? root:rubyman
Jun 26 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596613 of user rubyman.
Jun 26 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596613.
Jun 26 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30345]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30435]: pam_unix(cron:session): session closed for user root
Jun 26 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27589]: pam_unix(cron:session): session closed for user root
Jun 26 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30345]: Failed password for invalid user deployer from 91.92.40.49 port 10288 ssh2
Jun 26 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30345]: Connection closed by 91.92.40.49 port 10288 [preauth]
Jun 26 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: Invalid user ubuntu from 91.92.40.49
Jun 26 12:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 12:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Invalid user kelvin from 91.92.40.49
Jun 26 12:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: input_userauth_request: invalid user kelvin [preauth]
Jun 26 12:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: Failed password for invalid user ubuntu from 91.92.40.49 port 36782 ssh2
Jun 26 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Failed password for invalid user kelvin from 91.92.40.49 port 51508 ssh2
Jun 26 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: Connection closed by 91.92.40.49 port 36782 [preauth]
Jun 26 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29461]: pam_unix(cron:session): session closed for user root
Jun 26 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: Invalid user main from 91.92.40.49
Jun 26 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: input_userauth_request: invalid user main [preauth]
Jun 26 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Connection closed by 91.92.40.49 port 51508 [preauth]
Jun 26 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: Failed password for invalid user main from 91.92.40.49 port 23762 ssh2
Jun 26 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: Connection closed by 91.92.40.49 port 23762 [preauth]
Jun 26 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Invalid user azureuser from 91.92.40.49
Jun 26 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: input_userauth_request: invalid user azureuser [preauth]
Jun 26 12:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30909]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30907]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31064]: Successful su for rubyman by root
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31064]: + ??? root:rubyman
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596620 of user rubyman.
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31064]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596620.
Jun 26 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for invalid user azureuser from 91.92.40.49 port 15994 ssh2
Jun 26 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27998]: pam_unix(cron:session): session closed for user root
Jun 26 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30908]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Invalid user student from 91.92.40.49
Jun 26 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: input_userauth_request: invalid user student [preauth]
Jun 26 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Connection closed by 91.92.40.49 port 15994 [preauth]
Jun 26 12:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Failed password for invalid user student from 91.92.40.49 port 21376 ssh2
Jun 26 12:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Invalid user deploy from 91.92.40.49
Jun 26 12:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: input_userauth_request: invalid user deploy [preauth]
Jun 26 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Connection closed by 91.92.40.49 port 21376 [preauth]
Jun 26 12:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: Invalid user admin from 195.178.110.227
Jun 26 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227
Jun 26 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Failed password for root from 107.175.87.129 port 60694 ssh2
Jun 26 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Received disconnect from 107.175.87.129 port 60694:11: Bye Bye [preauth]
Jun 26 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Disconnected from 107.175.87.129 port 60694 [preauth]
Jun 26 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: Failed password for invalid user admin from 195.178.110.227 port 57900 ssh2
Jun 26 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31282]: Connection closed by 195.178.110.227 port 57900 [preauth]
Jun 26 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Failed password for invalid user deploy from 91.92.40.49 port 39928 ssh2
Jun 26 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30014]: pam_unix(cron:session): session closed for user root
Jun 26 12:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Connection closed by 91.92.40.49 port 39928 [preauth]
Jun 26 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: Failed password for root from 91.92.40.49 port 59274 ssh2
Jun 26 12:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Invalid user zabbix from 91.92.40.49
Jun 26 12:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: input_userauth_request: invalid user zabbix [preauth]
Jun 26 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31248]: Connection closed by 91.92.40.49 port 59274 [preauth]
Jun 26 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: Invalid user ts3 from 91.92.40.49
Jun 26 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: input_userauth_request: invalid user ts3 [preauth]
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31415]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31477]: Successful su for rubyman by root
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31477]: + ??? root:rubyman
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596621 of user rubyman.
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31477]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596621.
Jun 26 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Failed password for invalid user zabbix from 91.92.40.49 port 54084 ssh2
Jun 26 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28490]: pam_unix(cron:session): session closed for user root
Jun 26 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31414]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Connection closed by 91.92.40.49 port 54084 [preauth]
Jun 26 12:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: Failed password for invalid user ts3 from 91.92.40.49 port 18878 ssh2
Jun 26 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Invalid user oracle from 91.92.40.49
Jun 26 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: input_userauth_request: invalid user oracle [preauth]
Jun 26 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: Connection closed by 91.92.40.49 port 18878 [preauth]
Jun 26 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Failed password for invalid user oracle from 91.92.40.49 port 21078 ssh2
Jun 26 12:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Received disconnect from 51.68.126.146 port 49036:11: disconnected by user [preauth]
Jun 26 12:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Disconnected from 51.68.126.146 port 49036 [preauth]
Jun 26 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: Invalid user dev from 91.92.40.49
Jun 26 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: input_userauth_request: invalid user dev [preauth]
Jun 26 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Connection closed by 91.92.40.49 port 21078 [preauth]
Jun 26 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session closed for user root
Jun 26 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: Failed password for invalid user dev from 91.92.40.49 port 43942 ssh2
Jun 26 12:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: Connection closed by 91.92.40.49 port 43942 [preauth]
Jun 26 12:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: Invalid user zabbix from 91.92.40.49
Jun 26 12:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: input_userauth_request: invalid user zabbix [preauth]
Jun 26 12:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: Failed password for invalid user zabbix from 91.92.40.49 port 58938 ssh2
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31929]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31927]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31997]: Successful su for rubyman by root
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31997]: + ??? root:rubyman
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596626 of user rubyman.
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31997]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596626.
Jun 26 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: Invalid user local from 91.92.40.49
Jun 26 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: input_userauth_request: invalid user local [preauth]
Jun 26 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session closed for user root
Jun 26 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31928]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31796]: Connection closed by 91.92.40.49 port 58938 [preauth]
Jun 26 12:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: Failed password for root from 51.250.105.222 port 56252 ssh2
Jun 26 12:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32201]: Connection closed by 51.250.105.222 port 56252 [preauth]
Jun 26 12:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: Failed password for invalid user local from 91.92.40.49 port 36524 ssh2
Jun 26 12:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: Failed password for root from 107.175.87.129 port 33342 ssh2
Jun 26 12:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: Received disconnect from 107.175.87.129 port 33342:11: Bye Bye [preauth]
Jun 26 12:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: Disconnected from 107.175.87.129 port 33342 [preauth]
Jun 26 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Invalid user oracle from 91.92.40.49
Jun 26 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: input_userauth_request: invalid user oracle [preauth]
Jun 26 12:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: Connection closed by 91.92.40.49 port 36524 [preauth]
Jun 26 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32237]: Received disconnect from 198.38.85.149 port 37060:11: disconnected by user [preauth]
Jun 26 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32237]: Disconnected from 198.38.85.149 port 37060 [preauth]
Jun 26 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Invalid user try from 91.92.40.49
Jun 26 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: input_userauth_request: invalid user try [preauth]
Jun 26 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Failed password for invalid user oracle from 91.92.40.49 port 16706 ssh2
Jun 26 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30910]: pam_unix(cron:session): session closed for user root
Jun 26 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Failed password for invalid user try from 91.92.40.49 port 29022 ssh2
Jun 26 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Connection closed by 91.92.40.49 port 16706 [preauth]
Jun 26 12:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: Invalid user RPM from 91.92.40.49
Jun 26 12:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: input_userauth_request: invalid user RPM [preauth]
Jun 26 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Connection closed by 91.92.40.49 port 29022 [preauth]
Jun 26 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: Invalid user admin from 195.178.110.227
Jun 26 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227
Jun 26 12:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: Failed password for invalid user RPM from 91.92.40.49 port 24968 ssh2
Jun 26 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: Failed password for invalid user admin from 195.178.110.227 port 32790 ssh2
Jun 26 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: Connection closed by 195.178.110.227 port 32790 [preauth]
Jun 26 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32344]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: Successful su for rubyman by root
Jun 26 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: + ??? root:rubyman
Jun 26 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596629 of user rubyman.
Jun 26 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596629.
Jun 26 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32344]: pam_unix(cron:session): session closed for user root
Jun 26 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29460]: pam_unix(cron:session): session closed for user root
Jun 26 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: Invalid user linux from 91.92.40.49
Jun 26 12:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: input_userauth_request: invalid user linux [preauth]
Jun 26 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32193]: Connection closed by 91.92.40.49 port 24968 [preauth]
Jun 26 12:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: Failed password for invalid user linux from 91.92.40.49 port 61038 ssh2
Jun 26 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session closed for user root
Jun 26 12:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: Connection closed by 91.92.40.49 port 61038 [preauth]
Jun 26 12:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: Invalid user oracle from 91.92.40.49
Jun 26 12:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: input_userauth_request: invalid user oracle [preauth]
Jun 26 12:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: Invalid user www from 91.92.40.49
Jun 26 12:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: input_userauth_request: invalid user www [preauth]
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[413]: pam_unix(cron:session): session closed for user root
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32325]: Invalid user frank from 91.92.40.49
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32325]: input_userauth_request: invalid user frank [preauth]
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[618]: Successful su for rubyman by root
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[618]: + ??? root:rubyman
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596636 of user rubyman.
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[618]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596636.
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: Failed password for invalid user oracle from 91.92.40.49 port 26022 ssh2
Jun 26 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session closed for user root
Jun 26 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30013]: pam_unix(cron:session): session closed for user root
Jun 26 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[408]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Invalid user superset from 107.175.87.129
Jun 26 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: input_userauth_request: invalid user superset [preauth]
Jun 26 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Failed password for invalid user superset from 107.175.87.129 port 55590 ssh2
Jun 26 12:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Received disconnect from 107.175.87.129 port 55590:11: Bye Bye [preauth]
Jun 26 12:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Disconnected from 107.175.87.129 port 55590 [preauth]
Jun 26 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: Failed password for invalid user www from 91.92.40.49 port 36436 ssh2
Jun 26 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32325]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Invalid user pi from 91.92.40.49
Jun 26 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: input_userauth_request: invalid user pi [preauth]
Jun 26 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32325]: Failed password for invalid user frank from 91.92.40.49 port 12818 ssh2
Jun 26 12:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32314]: Connection closed by 91.92.40.49 port 26022 [preauth]
Jun 26 12:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: Invalid user test from 91.92.40.49
Jun 26 12:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: input_userauth_request: invalid user test [preauth]
Jun 26 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31931]: pam_unix(cron:session): session closed for user root
Jun 26 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: Invalid user log from 91.92.40.49
Jun 26 12:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: input_userauth_request: invalid user log [preauth]
Jun 26 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Failed password for root from 91.92.40.49 port 14748 ssh2
Jun 26 12:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: Failed password for invalid user test from 91.92.40.49 port 64252 ssh2
Jun 26 12:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: Connection closed by 91.92.40.49 port 36436 [preauth]
Jun 26 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: Failed password for invalid user log from 91.92.40.49 port 32012 ssh2
Jun 26 12:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Connection closed by 91.92.40.49 port 14748 [preauth]
Jun 26 12:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32751]: Connection closed by 91.92.40.49 port 64252 [preauth]
Jun 26 12:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: Connection closed by 91.92.40.49 port 32012 [preauth]
Jun 26 12:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: Invalid user admin from 91.92.40.49
Jun 26 12:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Failed password for invalid user pi from 91.92.40.49 port 14816 ssh2
Jun 26 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: Successful su for rubyman by root
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: + ??? root:rubyman
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596640 of user rubyman.
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596640.
Jun 26 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Invalid user admin from 195.178.110.227
Jun 26 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.227
Jun 26 12:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: Failed password for invalid user admin from 91.92.40.49 port 27442 ssh2
Jun 26 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session closed for user root
Jun 26 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Failed password for invalid user admin from 195.178.110.227 port 35934 ssh2
Jun 26 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Connection closed by 195.178.110.227 port 35934 [preauth]
Jun 26 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1019]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Connection closed by 91.92.40.49 port 14816 [preauth]
Jun 26 12:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Invalid user abuse from 91.92.40.49
Jun 26 12:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: input_userauth_request: invalid user abuse [preauth]
Jun 26 12:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[845]: Connection closed by 91.92.40.49 port 27442 [preauth]
Jun 26 12:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Invalid user admin1 from 91.92.40.49
Jun 26 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: input_userauth_request: invalid user admin1 [preauth]
Jun 26 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Failed password for invalid user abuse from 91.92.40.49 port 31974 ssh2
Jun 26 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session closed for user root
Jun 26 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: Invalid user brenda from 91.92.40.49
Jun 26 12:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: input_userauth_request: invalid user brenda [preauth]
Jun 26 12:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Connection closed by 91.92.40.49 port 31974 [preauth]
Jun 26 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Failed password for invalid user admin1 from 91.92.40.49 port 16002 ssh2
Jun 26 12:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: Failed password for invalid user brenda from 91.92.40.49 port 57600 ssh2
Jun 26 12:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1600]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Failed password for root from 107.175.87.129 port 36822 ssh2
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1597]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Received disconnect from 107.175.87.129 port 36822:11: Bye Bye [preauth]
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Disconnected from 107.175.87.129 port 36822 [preauth]
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1671]: Successful su for rubyman by root
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1671]: + ??? root:rubyman
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596644 of user rubyman.
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1671]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596644.
Jun 26 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[993]: Failed password for root from 91.92.40.49 port 57644 ssh2
Jun 26 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30909]: pam_unix(cron:session): session closed for user root
Jun 26 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Invalid user moodle from 91.92.40.49
Jun 26 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: input_userauth_request: invalid user moodle [preauth]
Jun 26 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1599]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Connection closed by 91.92.40.49 port 16002 [preauth]
Jun 26 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: Connection closed by 91.92.40.49 port 57600 [preauth]
Jun 26 12:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[993]: Connection closed by 91.92.40.49 port 57644 [preauth]
Jun 26 12:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Failed password for invalid user moodle from 91.92.40.49 port 57666 ssh2
Jun 26 12:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1430]: Invalid user hadoop from 91.92.40.49
Jun 26 12:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1430]: input_userauth_request: invalid user hadoop [preauth]
Jun 26 12:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[412]: pam_unix(cron:session): session closed for user root
Jun 26 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Invalid user ubuntu from 91.92.40.49
Jun 26 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Connection closed by 91.92.40.49 port 57666 [preauth]
Jun 26 12:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1430]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: Invalid user term2 from 91.92.40.49
Jun 26 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: input_userauth_request: invalid user term2 [preauth]
Jun 26 12:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1430]: Failed password for invalid user hadoop from 91.92.40.49 port 28866 ssh2
Jun 26 12:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Failed password for invalid user ubuntu from 91.92.40.49 port 19722 ssh2
Jun 26 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2087]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: Failed password for invalid user term2 from 91.92.40.49 port 19744 ssh2
Jun 26 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2165]: Successful su for rubyman by root
Jun 26 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2165]: + ??? root:rubyman
Jun 26 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596649 of user rubyman.
Jun 26 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2165]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596649.
Jun 26 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31415]: pam_unix(cron:session): session closed for user root
Jun 26 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2088]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: Did not receive identification string from 91.92.40.49
Jun 26 12:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: Connection closed by 91.92.40.49 port 19744 [preauth]
Jun 26 12:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1430]: Connection closed by 91.92.40.49 port 28866 [preauth]
Jun 26 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session closed for user root
Jun 26 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Did not receive identification string from 91.92.40.49
Jun 26 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: Invalid user frappe from 91.92.40.49
Jun 26 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: input_userauth_request: invalid user frappe [preauth]
Jun 26 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Connection closed by 91.92.40.49 port 19722 [preauth]
Jun 26 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: Invalid user config from 91.92.40.49
Jun 26 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: input_userauth_request: invalid user config [preauth]
Jun 26 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: Invalid user audi from 91.92.40.49
Jun 26 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: input_userauth_request: invalid user audi [preauth]
Jun 26 12:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: Failed password for invalid user frappe from 91.92.40.49 port 28008 ssh2
Jun 26 12:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: Failed password for invalid user config from 91.92.40.49 port 17096 ssh2
Jun 26 12:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: Failed password for invalid user audi from 91.92.40.49 port 63006 ssh2
Jun 26 12:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1943]: Connection closed by 91.92.40.49 port 28008 [preauth]
Jun 26 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: Connection closed by 91.92.40.49 port 17096 [preauth]
Jun 26 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2266]: Connection closed by 91.92.40.49 port 63006 [preauth]
Jun 26 12:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Failed password for root from 107.175.87.129 port 42418 ssh2
Jun 26 12:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Received disconnect from 107.175.87.129 port 42418:11: Bye Bye [preauth]
Jun 26 12:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Disconnected from 107.175.87.129 port 42418 [preauth]
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2531]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2606]: Successful su for rubyman by root
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2606]: + ??? root:rubyman
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596653 of user rubyman.
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2606]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596653.
Jun 26 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31929]: pam_unix(cron:session): session closed for user root
Jun 26 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2532]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 26 12:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Failed password for root from 46.19.67.181 port 56300 ssh2
Jun 26 12:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Connection closed by 46.19.67.181 port 56300 [preauth]
Jun 26 12:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: Received disconnect from 104.194.10.248 port 38220:11: disconnected by user [preauth]
Jun 26 12:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2822]: Disconnected from 104.194.10.248 port 38220 [preauth]
Jun 26 12:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1601]: pam_unix(cron:session): session closed for user root
Jun 26 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2483]: Invalid user ubuntu from 91.92.40.49
Jun 26 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2483]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 12:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2932]: Failed password for root from 202.178.126.219 port 47024 ssh2
Jun 26 12:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2932]: Connection closed by 202.178.126.219 port 47024 [preauth]
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session closed for user root
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2953]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3023]: Successful su for rubyman by root
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3023]: + ??? root:rubyman
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596657 of user rubyman.
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3023]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596657.
Jun 26 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2955]: pam_unix(cron:session): session closed for user root
Jun 26 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32348]: pam_unix(cron:session): session closed for user root
Jun 26 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2954]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: Invalid user jenkins from 91.92.40.49
Jun 26 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: input_userauth_request: invalid user jenkins [preauth]
Jun 26 12:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2483]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2483]: Failed password for invalid user ubuntu from 91.92.40.49 port 18310 ssh2
Jun 26 12:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: Invalid user n8n from 91.92.40.49
Jun 26 12:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: input_userauth_request: invalid user n8n [preauth]
Jun 26 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2794]: Invalid user pds from 91.92.40.49
Jun 26 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2794]: input_userauth_request: invalid user pds [preauth]
Jun 26 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: Failed password for invalid user jenkins from 91.92.40.49 port 25214 ssh2
Jun 26 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2483]: Connection closed by 91.92.40.49 port 18310 [preauth]
Jun 26 12:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2090]: pam_unix(cron:session): session closed for user root
Jun 26 12:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: Failed password for invalid user n8n from 91.92.40.49 port 22688 ssh2
Jun 26 12:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2794]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2506]: Connection closed by 91.92.40.49 port 25214 [preauth]
Jun 26 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3360]: Failed password for root from 107.175.87.129 port 41530 ssh2
Jun 26 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2794]: Failed password for invalid user pds from 91.92.40.49 port 22734 ssh2
Jun 26 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3360]: Received disconnect from 107.175.87.129 port 41530:11: Bye Bye [preauth]
Jun 26 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3360]: Disconnected from 107.175.87.129 port 41530 [preauth]
Jun 26 12:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Invalid user appuser from 91.92.40.49
Jun 26 12:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: input_userauth_request: invalid user appuser [preauth]
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3384]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3382]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3451]: Successful su for rubyman by root
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3451]: + ??? root:rubyman
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596662 of user rubyman.
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3451]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596662.
Jun 26 12:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session closed for user root
Jun 26 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3383]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2892]: Failed password for invalid user appuser from 91.92.40.49 port 10752 ssh2
Jun 26 12:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: Failed password for root from 91.92.40.49 port 13370 ssh2
Jun 26 12:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: Invalid user admin from 2.57.121.25
Jun 26 12:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: Failed password for invalid user admin from 2.57.121.25 port 42562 ssh2
Jun 26 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: Failed password for invalid user admin from 2.57.121.25 port 42562 ssh2
Jun 26 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: Failed password for invalid user admin from 2.57.121.25 port 42562 ssh2
Jun 26 12:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: Connection closed by 2.57.121.25 port 42562 [preauth]
Jun 26 12:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2534]: pam_unix(cron:session): session closed for user root
Jun 26 12:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: Did not receive identification string from 91.92.40.49
Jun 26 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3669]: Did not receive identification string from 91.92.40.49
Jun 26 12:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: Did not receive identification string from 91.92.40.49
Jun 26 12:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: Failed password for root from 91.92.40.49 port 10448 ssh2
Jun 26 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Invalid user steam from 91.92.40.49
Jun 26 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: input_userauth_request: invalid user steam [preauth]
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: Successful su for rubyman by root
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: + ??? root:rubyman
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596667 of user rubyman.
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596667.
Jun 26 12:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session closed for user root
Jun 26 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3940]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: Connection closed by 91.92.40.49 port 10448 [preauth]
Jun 26 12:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Failed password for invalid user steam from 91.92.40.49 port 10630 ssh2
Jun 26 12:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Invalid user ftptest from 91.92.40.49
Jun 26 12:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: input_userauth_request: invalid user ftptest [preauth]
Jun 26 12:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: Failed password for root from 91.92.40.49 port 39026 ssh2
Jun 26 12:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3327]: Connection closed by 91.92.40.49 port 10630 [preauth]
Jun 26 12:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Failed password for invalid user ftptest from 91.92.40.49 port 38978 ssh2
Jun 26 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session closed for user root
Jun 26 12:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: Connection closed by 91.92.40.49 port 39026 [preauth]
Jun 26 12:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Invalid user lab from 107.175.87.129
Jun 26 12:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: input_userauth_request: invalid user lab [preauth]
Jun 26 12:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Failed password for invalid user lab from 107.175.87.129 port 59008 ssh2
Jun 26 12:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Received disconnect from 107.175.87.129 port 59008:11: Bye Bye [preauth]
Jun 26 12:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Disconnected from 107.175.87.129 port 59008 [preauth]
Jun 26 12:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Invalid user oracle from 193.46.255.86
Jun 26 12:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: input_userauth_request: invalid user oracle [preauth]
Jun 26 12:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 12:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Failed password for invalid user oracle from 193.46.255.86 port 55552 ssh2
Jun 26 12:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Failed password for invalid user oracle from 193.46.255.86 port 55552 ssh2
Jun 26 12:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Failed password for invalid user oracle from 193.46.255.86 port 55552 ssh2
Jun 26 12:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Connection closed by 193.46.255.86 port 55552 [preauth]
Jun 26 12:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 12:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4416]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4478]: Successful su for rubyman by root
Jun 26 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4478]: + ??? root:rubyman
Jun 26 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596671 of user rubyman.
Jun 26 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4478]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596671.
Jun 26 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1600]: pam_unix(cron:session): session closed for user root
Jun 26 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4417]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: Received disconnect from 23.94.92.98 port 34898:11: disconnected by user [preauth]
Jun 26 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: Disconnected from 23.94.92.98 port 34898 [preauth]
Jun 26 12:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: Invalid user n8n from 91.92.40.49
Jun 26 12:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: input_userauth_request: invalid user n8n [preauth]
Jun 26 12:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Did not receive identification string from 91.92.40.49
Jun 26 12:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3385]: pam_unix(cron:session): session closed for user root
Jun 26 12:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: Invalid user azureuser from 91.92.40.49
Jun 26 12:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: input_userauth_request: invalid user azureuser [preauth]
Jun 26 12:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: Failed password for invalid user n8n from 91.92.40.49 port 58534 ssh2
Jun 26 12:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4936]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4937]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4934]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5002]: Successful su for rubyman by root
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5002]: + ??? root:rubyman
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596676 of user rubyman.
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5002]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596676.
Jun 26 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4248]: Connection closed by 91.92.40.49 port 58534 [preauth]
Jun 26 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: Failed password for invalid user azureuser from 91.92.40.49 port 60652 ssh2
Jun 26 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2089]: pam_unix(cron:session): session closed for user root
Jun 26 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4935]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Invalid user testuser from 91.92.40.49
Jun 26 12:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: input_userauth_request: invalid user testuser [preauth]
Jun 26 12:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: Did not receive identification string from 91.92.40.49
Jun 26 12:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Did not receive identification string from 91.92.40.49
Jun 26 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session closed for user root
Jun 26 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: Did not receive identification string from 91.92.40.49
Jun 26 12:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49  user=root
Jun 26 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: Invalid user radmin from 107.175.87.129
Jun 26 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: input_userauth_request: invalid user radmin [preauth]
Jun 26 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4384]: Failed password for root from 91.92.40.49 port 28272 ssh2
Jun 26 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: Failed password for invalid user radmin from 107.175.87.129 port 41892 ssh2
Jun 26 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: Received disconnect from 107.175.87.129 port 41892:11: Bye Bye [preauth]
Jun 26 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: Disconnected from 107.175.87.129 port 41892 [preauth]
Jun 26 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Did not receive identification string from 91.92.40.49
Jun 26 12:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Failed password for invalid user testuser from 91.92.40.49 port 21844 ssh2
Jun 26 12:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Invalid user openhabian from 91.92.40.49
Jun 26 12:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: input_userauth_request: invalid user openhabian [preauth]
Jun 26 12:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session closed for user root
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5342]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: Successful su for rubyman by root
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: + ??? root:rubyman
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596679 of user rubyman.
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596679.
Jun 26 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session closed for user root
Jun 26 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2533]: pam_unix(cron:session): session closed for user root
Jun 26 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for invalid user openhabian from 91.92.40.49 port 15616 ssh2
Jun 26 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: Invalid user ubuntu from 91.92.40.49
Jun 26 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5343]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Connection closed by 91.92.40.49 port 15616 [preauth]
Jun 26 12:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: Failed password for invalid user ubuntu from 91.92.40.49 port 59252 ssh2
Jun 26 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session closed for user root
Jun 26 12:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Invalid user gracelyn from 2.57.121.112
Jun 26 12:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: input_userauth_request: invalid user gracelyn [preauth]
Jun 26 12:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 12:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: Connection closed by 91.92.40.49 port 59252 [preauth]
Jun 26 12:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Failed password for invalid user gracelyn from 2.57.121.112 port 25734 ssh2
Jun 26 12:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Failed password for invalid user gracelyn from 2.57.121.112 port 25734 ssh2
Jun 26 12:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Failed password for invalid user gracelyn from 2.57.121.112 port 25734 ssh2
Jun 26 12:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Failed password for invalid user gracelyn from 2.57.121.112 port 25734 ssh2
Jun 26 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Failed password for invalid user gracelyn from 2.57.121.112 port 25734 ssh2
Jun 26 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Connection closed by 2.57.121.112 port 25734 [preauth]
Jun 26 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5793]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5866]: Successful su for rubyman by root
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5866]: + ??? root:rubyman
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596684 of user rubyman.
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5866]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596684.
Jun 26 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session closed for user root
Jun 26 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 26 12:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6040]: Failed password for root from 94.159.110.201 port 57704 ssh2
Jun 26 12:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6040]: Connection closed by 94.159.110.201 port 57704 [preauth]
Jun 26 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: Invalid user composer from 91.92.40.49
Jun 26 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: input_userauth_request: invalid user composer [preauth]
Jun 26 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: Invalid user lin from 91.92.40.49
Jun 26 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: input_userauth_request: invalid user lin [preauth]
Jun 26 12:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Invalid user root1 from 91.92.40.49
Jun 26 12:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: input_userauth_request: invalid user root1 [preauth]
Jun 26 12:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: Invalid user user from 107.175.87.129
Jun 26 12:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: input_userauth_request: invalid user user [preauth]
Jun 26 12:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Invalid user cloud from 91.92.40.49
Jun 26 12:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: input_userauth_request: invalid user cloud [preauth]
Jun 26 12:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: Failed password for invalid user user from 107.175.87.129 port 37154 ssh2
Jun 26 12:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: Received disconnect from 107.175.87.129 port 37154:11: Bye Bye [preauth]
Jun 26 12:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: Disconnected from 107.175.87.129 port 37154 [preauth]
Jun 26 12:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: Failed password for invalid user composer from 91.92.40.49 port 10480 ssh2
Jun 26 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4937]: pam_unix(cron:session): session closed for user root
Jun 26 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: Failed password for invalid user lin from 91.92.40.49 port 41590 ssh2
Jun 26 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: Connection closed by 91.92.40.49 port 10480 [preauth]
Jun 26 12:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Failed password for invalid user root1 from 91.92.40.49 port 41606 ssh2
Jun 26 12:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: Invalid user web from 91.92.40.49
Jun 26 12:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: input_userauth_request: invalid user web [preauth]
Jun 26 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Failed password for invalid user cloud from 91.92.40.49 port 51056 ssh2
Jun 26 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5411]: Connection closed by 91.92.40.49 port 41590 [preauth]
Jun 26 12:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Invalid user admin from 91.92.40.49
Jun 26 12:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Connection closed by 91.92.40.49 port 41606 [preauth]
Jun 26 12:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Invalid user lalita from 141.98.83.240
Jun 26 12:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: input_userauth_request: invalid user lalita [preauth]
Jun 26 12:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Connection closed by 91.92.40.49 port 51056 [preauth]
Jun 26 12:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 12:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: Failed password for invalid user web from 91.92.40.49 port 28742 ssh2
Jun 26 12:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.49
Jun 26 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Failed password for invalid user lalita from 141.98.83.240 port 9294 ssh2
Jun 26 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Failed password for invalid user admin from 91.92.40.49 port 19210 ssh2
Jun 26 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Failed password for invalid user lalita from 141.98.83.240 port 9294 ssh2
Jun 26 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5725]: Connection closed by 91.92.40.49 port 28742 [preauth]
Jun 26 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Connection closed by 91.92.40.49 port 19210 [preauth]
Jun 26 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Failed password for invalid user lalita from 141.98.83.240 port 9294 ssh2
Jun 26 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Connection closed by 141.98.83.240 port 9294 [preauth]
Jun 26 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6195]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6256]: Successful su for rubyman by root
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6256]: + ??? root:rubyman
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596688 of user rubyman.
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6256]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596688.
Jun 26 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3384]: pam_unix(cron:session): session closed for user root
Jun 26 12:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6196]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session closed for user root
Jun 26 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6579]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6648]: Successful su for rubyman by root
Jun 26 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6648]: + ??? root:rubyman
Jun 26 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596692 of user rubyman.
Jun 26 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6648]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596692.
Jun 26 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session closed for user root
Jun 26 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6580]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Invalid user vpn from 107.175.87.129
Jun 26 12:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: input_userauth_request: invalid user vpn [preauth]
Jun 26 12:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Failed password for invalid user vpn from 107.175.87.129 port 42162 ssh2
Jun 26 12:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Received disconnect from 107.175.87.129 port 42162:11: Bye Bye [preauth]
Jun 26 12:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Disconnected from 107.175.87.129 port 42162 [preauth]
Jun 26 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session closed for user root
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7050]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7043]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7161]: Successful su for rubyman by root
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7161]: + ??? root:rubyman
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596696 of user rubyman.
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7161]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596696.
Jun 26 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4418]: pam_unix(cron:session): session closed for user root
Jun 26 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 12:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: Failed password for root from 103.82.132.16 port 50614 ssh2
Jun 26 12:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: Connection closed by 103.82.132.16 port 50614 [preauth]
Jun 26 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6198]: pam_unix(cron:session): session closed for user root
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7503]: pam_unix(cron:session): session closed for user root
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7498]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7570]: Successful su for rubyman by root
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7570]: + ??? root:rubyman
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596703 of user rubyman.
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7570]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596703.
Jun 26 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7500]: pam_unix(cron:session): session closed for user root
Jun 26 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4936]: pam_unix(cron:session): session closed for user root
Jun 26 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=root
Jun 26 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7499]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: Failed password for root from 107.175.87.129 port 57408 ssh2
Jun 26 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: Received disconnect from 107.175.87.129 port 57408:11: Bye Bye [preauth]
Jun 26 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7846]: Disconnected from 107.175.87.129 port 57408 [preauth]
Jun 26 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Received disconnect from 103.185.53.93 port 38638:11: disconnected by user [preauth]
Jun 26 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Disconnected from 103.185.53.93 port 38638 [preauth]
Jun 26 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6582]: pam_unix(cron:session): session closed for user root
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8017]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8084]: Successful su for rubyman by root
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8084]: + ??? root:rubyman
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596708 of user rubyman.
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8084]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596708.
Jun 26 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session closed for user root
Jun 26 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8018]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7051]: pam_unix(cron:session): session closed for user root
Jun 26 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Invalid user kate from 107.175.87.129
Jun 26 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: input_userauth_request: invalid user kate [preauth]
Jun 26 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Failed password for invalid user kate from 107.175.87.129 port 37458 ssh2
Jun 26 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Received disconnect from 107.175.87.129 port 37458:11: Bye Bye [preauth]
Jun 26 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Disconnected from 107.175.87.129 port 37458 [preauth]
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8416]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8414]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8487]: Successful su for rubyman by root
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8487]: + ??? root:rubyman
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596712 of user rubyman.
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8487]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596712.
Jun 26 12:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5795]: pam_unix(cron:session): session closed for user root
Jun 26 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8415]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7502]: pam_unix(cron:session): session closed for user root
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8818]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8881]: Successful su for rubyman by root
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8881]: + ??? root:rubyman
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596716 of user rubyman.
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8881]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596716.
Jun 26 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6197]: pam_unix(cron:session): session closed for user root
Jun 26 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8819]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session closed for user root
Jun 26 12:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: Invalid user sentry from 107.175.87.129
Jun 26 12:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: input_userauth_request: invalid user sentry [preauth]
Jun 26 12:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 12:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: Failed password for invalid user sentry from 107.175.87.129 port 51128 ssh2
Jun 26 12:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: Received disconnect from 107.175.87.129 port 51128:11: Bye Bye [preauth]
Jun 26 12:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9182]: Disconnected from 107.175.87.129 port 51128 [preauth]
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9217]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9214]: pam_unix(cron:session): session closed for user p13x
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9277]: Successful su for rubyman by root
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9277]: + ??? root:rubyman
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596719 of user rubyman.
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9277]: pam_unix(su:session): session closed for user rubyman
Jun 26 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596719.
Jun 26 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6581]: pam_unix(cron:session): session closed for user root
Jun 26 12:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9216]: pam_unix(cron:session): session closed for user samftp
Jun 26 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 12:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Invalid user admin from 45.148.10.121
Jun 26 12:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: input_userauth_request: invalid user admin [preauth]
Jun 26 12:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 12:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 12:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Failed password for invalid user admin from 45.148.10.121 port 42812 ssh2
Jun 26 12:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Connection closed by 45.148.10.121 port 42812 [preauth]
Jun 26 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session closed for user root
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9606]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9603]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9607]: pam_unix(cron:session): session closed for user root
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9602]: pam_unix(cron:session): session closed for user root
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9600]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9694]: Successful su for rubyman by root
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9694]: + ??? root:rubyman
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596722 of user rubyman.
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9694]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596722.
Jun 26 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9603]: pam_unix(cron:session): session closed for user root
Jun 26 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7050]: pam_unix(cron:session): session closed for user root
Jun 26 13:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9601]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8821]: pam_unix(cron:session): session closed for user root
Jun 26 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Invalid user x from 107.175.87.129
Jun 26 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: input_userauth_request: invalid user x [preauth]
Jun 26 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Failed password for invalid user x from 107.175.87.129 port 55196 ssh2
Jun 26 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Received disconnect from 107.175.87.129 port 55196:11: Bye Bye [preauth]
Jun 26 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Disconnected from 107.175.87.129 port 55196 [preauth]
Jun 26 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10374]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10442]: Successful su for rubyman by root
Jun 26 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10442]: + ??? root:rubyman
Jun 26 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596730 of user rubyman.
Jun 26 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10442]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596730.
Jun 26 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7501]: pam_unix(cron:session): session closed for user root
Jun 26 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10376]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9218]: pam_unix(cron:session): session closed for user root
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: Successful su for rubyman by root
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: + ??? root:rubyman
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596734 of user rubyman.
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596734.
Jun 26 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8019]: pam_unix(cron:session): session closed for user root
Jun 26 13:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10794]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9606]: pam_unix(cron:session): session closed for user root
Jun 26 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: Invalid user nifi from 107.175.87.129
Jun 26 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: input_userauth_request: invalid user nifi [preauth]
Jun 26 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 13:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: Failed password for invalid user nifi from 107.175.87.129 port 54906 ssh2
Jun 26 13:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: Received disconnect from 107.175.87.129 port 54906:11: Bye Bye [preauth]
Jun 26 13:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: Disconnected from 107.175.87.129 port 54906 [preauth]
Jun 26 13:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: Received disconnect from 192.210.194.2 port 45542:11: disconnected by user [preauth]
Jun 26 13:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: Disconnected from 192.210.194.2 port 45542 [preauth]
Jun 26 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11271]: Successful su for rubyman by root
Jun 26 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11271]: + ??? root:rubyman
Jun 26 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596738 of user rubyman.
Jun 26 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11271]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596738.
Jun 26 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8416]: pam_unix(cron:session): session closed for user root
Jun 26 13:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 13:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Failed password for root from 193.37.70.224 port 38410 ssh2
Jun 26 13:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Connection closed by 193.37.70.224 port 38410 [preauth]
Jun 26 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10378]: pam_unix(cron:session): session closed for user root
Jun 26 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11629]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11687]: Successful su for rubyman by root
Jun 26 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11687]: + ??? root:rubyman
Jun 26 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596741 of user rubyman.
Jun 26 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11687]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596741.
Jun 26 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8820]: pam_unix(cron:session): session closed for user root
Jun 26 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11630]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11903]: Received disconnect from 154.12.226.37 port 56460:11: disconnected by user [preauth]
Jun 26 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11903]: Disconnected from 154.12.226.37 port 56460 [preauth]
Jun 26 13:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 13:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: Failed password for root from 62.133.62.83 port 34600 ssh2
Jun 26 13:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: Connection closed by 62.133.62.83 port 34600 [preauth]
Jun 26 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10796]: pam_unix(cron:session): session closed for user root
Jun 26 13:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: User backup from 107.175.87.129 not allowed because not listed in AllowUsers
Jun 26 13:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: input_userauth_request: invalid user backup [preauth]
Jun 26 13:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129  user=backup
Jun 26 13:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: Failed password for invalid user backup from 107.175.87.129 port 50958 ssh2
Jun 26 13:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: Received disconnect from 107.175.87.129 port 50958:11: Bye Bye [preauth]
Jun 26 13:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: Disconnected from 107.175.87.129 port 50958 [preauth]
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12091]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12091]: pam_unix(cron:session): session closed for user root
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: Successful su for rubyman by root
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: + ??? root:rubyman
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596745 of user rubyman.
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596745.
Jun 26 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session closed for user root
Jun 26 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9217]: pam_unix(cron:session): session closed for user root
Jun 26 13:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12087]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 26 13:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: Failed password for root from 89.223.69.22 port 41428 ssh2
Jun 26 13:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: Connection closed by 89.223.69.22 port 41428 [preauth]
Jun 26 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session closed for user root
Jun 26 13:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 26 13:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Failed password for root from 176.32.39.21 port 33040 ssh2
Jun 26 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Received disconnect from 212.192.240.10 port 61512:11: disconnected by user [preauth]
Jun 26 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Disconnected from 212.192.240.10 port 61512 [preauth]
Jun 26 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Connection closed by 176.32.39.21 port 33040 [preauth]
Jun 26 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12642]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12712]: Successful su for rubyman by root
Jun 26 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12712]: + ??? root:rubyman
Jun 26 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596751 of user rubyman.
Jun 26 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12712]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596751.
Jun 26 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9605]: pam_unix(cron:session): session closed for user root
Jun 26 13:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12643]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Invalid user jony from 107.175.87.129
Jun 26 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: input_userauth_request: invalid user jony [preauth]
Jun 26 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.87.129
Jun 26 13:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Failed password for invalid user jony from 107.175.87.129 port 53664 ssh2
Jun 26 13:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Received disconnect from 107.175.87.129 port 53664:11: Bye Bye [preauth]
Jun 26 13:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Disconnected from 107.175.87.129 port 53664 [preauth]
Jun 26 13:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 13:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: Failed password for root from 103.27.238.114 port 39072 ssh2
Jun 26 13:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: Connection closed by 103.27.238.114 port 39072 [preauth]
Jun 26 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11632]: pam_unix(cron:session): session closed for user root
Jun 26 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13136]: Successful su for rubyman by root
Jun 26 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13136]: + ??? root:rubyman
Jun 26 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596756 of user rubyman.
Jun 26 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13136]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596756.
Jun 26 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session closed for user root
Jun 26 13:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session closed for user root
Jun 26 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13480]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13477]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13539]: Successful su for rubyman by root
Jun 26 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13539]: + ??? root:rubyman
Jun 26 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596761 of user rubyman.
Jun 26 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13539]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596761.
Jun 26 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session closed for user root
Jun 26 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13478]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session closed for user root
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14007]: Successful su for rubyman by root
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14007]: + ??? root:rubyman
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596763 of user rubyman.
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14007]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596763.
Jun 26 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13876]: pam_unix(cron:session): session closed for user root
Jun 26 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session closed for user root
Jun 26 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13879]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: Received disconnect from 194.120.230.72 port 45244:11: disconnected by user [preauth]
Jun 26 13:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: Disconnected from 194.120.230.72 port 45244 [preauth]
Jun 26 13:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session closed for user root
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14363]: pam_unix(cron:session): session closed for user root
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14358]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: Successful su for rubyman by root
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: + ??? root:rubyman
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596771 of user rubyman.
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14426]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596771.
Jun 26 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session closed for user root
Jun 26 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11631]: pam_unix(cron:session): session closed for user root
Jun 26 13:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14359]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 13:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Failed password for root from 194.113.233.25 port 54038 ssh2
Jun 26 13:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Connection closed by 194.113.233.25 port 54038 [preauth]
Jun 26 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13480]: pam_unix(cron:session): session closed for user root
Jun 26 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14874]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: Successful su for rubyman by root
Jun 26 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: + ??? root:rubyman
Jun 26 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596776 of user rubyman.
Jun 26 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596776.
Jun 26 13:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session closed for user root
Jun 26 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14875]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13881]: pam_unix(cron:session): session closed for user root
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15293]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15291]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15348]: Successful su for rubyman by root
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15348]: + ??? root:rubyman
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596778 of user rubyman.
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15348]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596778.
Jun 26 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session closed for user root
Jun 26 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15292]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session closed for user root
Jun 26 13:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 13:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15619]: Failed password for root from 109.237.96.109 port 40876 ssh2
Jun 26 13:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15619]: Connection closed by 109.237.96.109 port 40876 [preauth]
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15669]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15735]: Successful su for rubyman by root
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15735]: + ??? root:rubyman
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596784 of user rubyman.
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15735]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596784.
Jun 26 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session closed for user root
Jun 26 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15671]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14877]: pam_unix(cron:session): session closed for user root
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16052]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16114]: Successful su for rubyman by root
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16114]: + ??? root:rubyman
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596787 of user rubyman.
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16114]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596787.
Jun 26 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13479]: pam_unix(cron:session): session closed for user root
Jun 26 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16054]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15294]: pam_unix(cron:session): session closed for user root
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16447]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16449]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16448]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16446]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16449]: pam_unix(cron:session): session closed for user root
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16521]: Successful su for rubyman by root
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16521]: + ??? root:rubyman
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596793 of user rubyman.
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16521]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596793.
Jun 26 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16446]: pam_unix(cron:session): session closed for user root
Jun 26 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13880]: pam_unix(cron:session): session closed for user root
Jun 26 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16445]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15673]: pam_unix(cron:session): session closed for user root
Jun 26 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16910]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16908]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17041]: Successful su for rubyman by root
Jun 26 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17041]: + ??? root:rubyman
Jun 26 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596796 of user rubyman.
Jun 26 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17041]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596796.
Jun 26 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session closed for user root
Jun 26 13:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16909]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16056]: pam_unix(cron:session): session closed for user root
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17372]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17372]: pam_unix(cron:session): session closed for user root
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17374]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: Successful su for rubyman by root
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: + ??? root:rubyman
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596800 of user rubyman.
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596800.
Jun 26 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14876]: pam_unix(cron:session): session closed for user root
Jun 26 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17375]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 13:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Failed password for root from 87.251.79.125 port 34860 ssh2
Jun 26 13:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Connection closed by 87.251.79.125 port 34860 [preauth]
Jun 26 13:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17776]: Received disconnect from 149.56.241.206 port 55850:11: disconnected by user [preauth]
Jun 26 13:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17776]: Disconnected from 149.56.241.206 port 55850 [preauth]
Jun 26 13:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16448]: pam_unix(cron:session): session closed for user root
Jun 26 13:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: Invalid user admin from 141.98.83.240
Jun 26 13:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: input_userauth_request: invalid user admin [preauth]
Jun 26 13:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: Failed password for invalid user admin from 141.98.83.240 port 45030 ssh2
Jun 26 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: Failed password for invalid user admin from 141.98.83.240 port 45030 ssh2
Jun 26 13:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: Failed password for invalid user admin from 141.98.83.240 port 45030 ssh2
Jun 26 13:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: Connection closed by 141.98.83.240 port 45030 [preauth]
Jun 26 13:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17832]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17958]: Successful su for rubyman by root
Jun 26 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17958]: + ??? root:rubyman
Jun 26 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596805 of user rubyman.
Jun 26 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17958]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596805.
Jun 26 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15293]: pam_unix(cron:session): session closed for user root
Jun 26 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17896]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16911]: pam_unix(cron:session): session closed for user root
Jun 26 13:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: Failed password for root from 103.15.222.183 port 36540 ssh2
Jun 26 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18400]: Successful su for rubyman by root
Jun 26 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18400]: + ??? root:rubyman
Jun 26 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596810 of user rubyman.
Jun 26 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18400]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596810.
Jun 26 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: Connection closed by 103.15.222.183 port 36540 [preauth]
Jun 26 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15672]: pam_unix(cron:session): session closed for user root
Jun 26 13:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18324]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session closed for user root
Jun 26 13:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: Failed password for root from 38.93.206.2 port 55690 ssh2
Jun 26 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: Connection closed by 38.93.206.2 port 55690 [preauth]
Jun 26 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18829]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18829]: pam_unix(cron:session): session closed for user root
Jun 26 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18904]: Successful su for rubyman by root
Jun 26 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18904]: + ??? root:rubyman
Jun 26 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596816 of user rubyman.
Jun 26 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18904]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596816.
Jun 26 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session closed for user root
Jun 26 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16055]: pam_unix(cron:session): session closed for user root
Jun 26 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17898]: pam_unix(cron:session): session closed for user root
Jun 26 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19358]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19355]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: Successful su for rubyman by root
Jun 26 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: + ??? root:rubyman
Jun 26 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596819 of user rubyman.
Jun 26 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596819.
Jun 26 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16447]: pam_unix(cron:session): session closed for user root
Jun 26 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19356]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Received disconnect from 86.111.176.100 port 35458:11: disconnected by user [preauth]
Jun 26 13:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Disconnected from 86.111.176.100 port 35458 [preauth]
Jun 26 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18326]: pam_unix(cron:session): session closed for user root
Jun 26 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 13:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19900]: Failed password for root from 147.45.199.80 port 34994 ssh2
Jun 26 13:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19900]: Connection closed by 147.45.199.80 port 34994 [preauth]
Jun 26 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19980]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20040]: Successful su for rubyman by root
Jun 26 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20040]: + ??? root:rubyman
Jun 26 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596823 of user rubyman.
Jun 26 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20040]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596823.
Jun 26 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16910]: pam_unix(cron:session): session closed for user root
Jun 26 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19981]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session closed for user root
Jun 26 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20484]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20485]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20541]: Successful su for rubyman by root
Jun 26 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20541]: + ??? root:rubyman
Jun 26 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596828 of user rubyman.
Jun 26 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20541]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596828.
Jun 26 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session closed for user root
Jun 26 13:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20483]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19359]: pam_unix(cron:session): session closed for user root
Jun 26 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 13:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Failed password for root from 103.27.238.116 port 47118 ssh2
Jun 26 13:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Connection closed by 103.27.238.116 port 47118 [preauth]
Jun 26 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20980]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: Successful su for rubyman by root
Jun 26 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: + ??? root:rubyman
Jun 26 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596833 of user rubyman.
Jun 26 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596833.
Jun 26 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17897]: pam_unix(cron:session): session closed for user root
Jun 26 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19983]: pam_unix(cron:session): session closed for user root
Jun 26 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21393]: pam_unix(cron:session): session closed for user root
Jun 26 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: Successful su for rubyman by root
Jun 26 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: + ??? root:rubyman
Jun 26 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596835 of user rubyman.
Jun 26 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596835.
Jun 26 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session closed for user root
Jun 26 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18325]: pam_unix(cron:session): session closed for user root
Jun 26 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20485]: pam_unix(cron:session): session closed for user root
Jun 26 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21852]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21920]: Successful su for rubyman by root
Jun 26 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21920]: + ??? root:rubyman
Jun 26 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596843 of user rubyman.
Jun 26 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21920]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596843.
Jun 26 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session closed for user root
Jun 26 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21853]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: Invalid user admin from 139.19.117.131
Jun 26 13:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: input_userauth_request: invalid user admin [preauth]
Jun 26 13:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: Connection closed by 139.19.117.131 port 36562 [preauth]
Jun 26 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session closed for user root
Jun 26 13:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 26 13:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: Failed password for root from 147.45.211.215 port 52110 ssh2
Jun 26 13:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: Connection closed by 147.45.211.215 port 52110 [preauth]
Jun 26 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22260]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22261]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22258]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22419]: Successful su for rubyman by root
Jun 26 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22419]: + ??? root:rubyman
Jun 26 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596845 of user rubyman.
Jun 26 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22419]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596845.
Jun 26 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19358]: pam_unix(cron:session): session closed for user root
Jun 26 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22259]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21392]: pam_unix(cron:session): session closed for user root
Jun 26 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.239  user=root
Jun 26 13:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Failed password for root from 45.148.10.239 port 47968 ssh2
Jun 26 13:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Connection closed by 45.148.10.239 port 47968 [preauth]
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22753]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: Successful su for rubyman by root
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: + ??? root:rubyman
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596849 of user rubyman.
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22823]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596849.
Jun 26 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19982]: pam_unix(cron:session): session closed for user root
Jun 26 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22754]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: Received disconnect from 62.210.207.172 port 44442:11: disconnected by user [preauth]
Jun 26 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: Disconnected from 62.210.207.172 port 44442 [preauth]
Jun 26 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Invalid user yn from 217.160.226.51
Jun 26 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: input_userauth_request: invalid user yn [preauth]
Jun 26 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Failed password for invalid user yn from 217.160.226.51 port 40196 ssh2
Jun 26 13:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Received disconnect from 217.160.226.51 port 40196:11: Bye Bye [preauth]
Jun 26 13:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23066]: Disconnected from 217.160.226.51 port 40196 [preauth]
Jun 26 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21855]: pam_unix(cron:session): session closed for user root
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23156]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23219]: Successful su for rubyman by root
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23219]: + ??? root:rubyman
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596853 of user rubyman.
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23219]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596853.
Jun 26 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20484]: pam_unix(cron:session): session closed for user root
Jun 26 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23154]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Failed password for root from 80.66.85.226 port 57578 ssh2
Jun 26 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Connection closed by 80.66.85.226 port 57578 [preauth]
Jun 26 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22261]: pam_unix(cron:session): session closed for user root
Jun 26 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23580]: pam_unix(cron:session): session closed for user root
Jun 26 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23575]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23650]: Successful su for rubyman by root
Jun 26 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23650]: + ??? root:rubyman
Jun 26 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596860 of user rubyman.
Jun 26 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23650]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596860.
Jun 26 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23577]: pam_unix(cron:session): session closed for user root
Jun 26 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20982]: pam_unix(cron:session): session closed for user root
Jun 26 13:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23576]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session closed for user root
Jun 26 13:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24068]: Connection closed by 194.59.206.2 port 60374 [preauth]
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24197]: Successful su for rubyman by root
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24197]: + ??? root:rubyman
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596864 of user rubyman.
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24197]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596864.
Jun 26 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session closed for user root
Jun 26 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23156]: pam_unix(cron:session): session closed for user root
Jun 26 13:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24537]: Invalid user postfixtester from 217.160.226.51
Jun 26 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24537]: input_userauth_request: invalid user postfixtester [preauth]
Jun 26 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24537]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24537]: Failed password for invalid user postfixtester from 217.160.226.51 port 39398 ssh2
Jun 26 13:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24537]: Received disconnect from 217.160.226.51 port 39398:11: Bye Bye [preauth]
Jun 26 13:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24537]: Disconnected from 217.160.226.51 port 39398 [preauth]
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24624]: Successful su for rubyman by root
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24624]: + ??? root:rubyman
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596867 of user rubyman.
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24624]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596867.
Jun 26 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21854]: pam_unix(cron:session): session closed for user root
Jun 26 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24559]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23579]: pam_unix(cron:session): session closed for user root
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24969]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24967]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25032]: Successful su for rubyman by root
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25032]: + ??? root:rubyman
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596871 of user rubyman.
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25032]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596871.
Jun 26 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22260]: pam_unix(cron:session): session closed for user root
Jun 26 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24968]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session closed for user root
Jun 26 13:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Invalid user factorio from 217.160.226.51
Jun 26 13:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: input_userauth_request: invalid user factorio [preauth]
Jun 26 13:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Failed password for invalid user factorio from 217.160.226.51 port 33232 ssh2
Jun 26 13:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Received disconnect from 217.160.226.51 port 33232:11: Bye Bye [preauth]
Jun 26 13:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25345]: Disconnected from 217.160.226.51 port 33232 [preauth]
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25367]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25365]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25430]: Successful su for rubyman by root
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25430]: + ??? root:rubyman
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596875 of user rubyman.
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25430]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596875.
Jun 26 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session closed for user root
Jun 26 13:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25366]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session closed for user root
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session closed for user root
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25832]: Successful su for rubyman by root
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25832]: + ??? root:rubyman
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596881 of user rubyman.
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25832]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596881.
Jun 26 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session closed for user root
Jun 26 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23155]: pam_unix(cron:session): session closed for user root
Jun 26 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26053]: Received disconnect from 167.114.156.169 port 44020:11: disconnected by user [preauth]
Jun 26 13:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26053]: Disconnected from 167.114.156.169 port 44020 [preauth]
Jun 26 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24970]: pam_unix(cron:session): session closed for user root
Jun 26 13:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Invalid user temp from 217.160.226.51
Jun 26 13:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: input_userauth_request: invalid user temp [preauth]
Jun 26 13:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Failed password for invalid user temp from 217.160.226.51 port 50002 ssh2
Jun 26 13:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Received disconnect from 217.160.226.51 port 50002:11: Bye Bye [preauth]
Jun 26 13:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Disconnected from 217.160.226.51 port 50002 [preauth]
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26188]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26186]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: Successful su for rubyman by root
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: + ??? root:rubyman
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596885 of user rubyman.
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596885.
Jun 26 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23578]: pam_unix(cron:session): session closed for user root
Jun 26 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26187]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25368]: pam_unix(cron:session): session closed for user root
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26584]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26648]: Successful su for rubyman by root
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26648]: + ??? root:rubyman
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596890 of user rubyman.
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26648]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596890.
Jun 26 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user root
Jun 26 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26585]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26975]: Invalid user incoming from 217.160.226.51
Jun 26 13:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26975]: input_userauth_request: invalid user incoming [preauth]
Jun 26 13:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26975]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26975]: Failed password for invalid user incoming from 217.160.226.51 port 48174 ssh2
Jun 26 13:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26975]: Received disconnect from 217.160.226.51 port 48174:11: Bye Bye [preauth]
Jun 26 13:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26975]: Disconnected from 217.160.226.51 port 48174 [preauth]
Jun 26 13:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session closed for user root
Jun 26 13:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: Invalid user ubnt from 193.46.255.86
Jun 26 13:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: input_userauth_request: invalid user ubnt [preauth]
Jun 26 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 13:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: Failed password for invalid user ubnt from 193.46.255.86 port 37070 ssh2
Jun 26 13:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: Failed password for invalid user ubnt from 193.46.255.86 port 37070 ssh2
Jun 26 13:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: Failed password for invalid user ubnt from 193.46.255.86 port 37070 ssh2
Jun 26 13:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: Connection closed by 193.46.255.86 port 37070 [preauth]
Jun 26 13:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27075]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27073]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27137]: Successful su for rubyman by root
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27137]: + ??? root:rubyman
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596893 of user rubyman.
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27137]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596893.
Jun 26 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session closed for user root
Jun 26 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27074]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session closed for user root
Jun 26 13:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Received disconnect from 185.28.37.194 port 51228:11: disconnected by user [preauth]
Jun 26 13:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Disconnected from 185.28.37.194 port 51228 [preauth]
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27495]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27490]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27620]: Successful su for rubyman by root
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27620]: + ??? root:rubyman
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596897 of user rubyman.
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27620]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596897.
Jun 26 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27490]: pam_unix(cron:session): session closed for user root
Jun 26 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24969]: pam_unix(cron:session): session closed for user root
Jun 26 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27494]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Invalid user deploy from 217.160.226.51
Jun 26 13:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: input_userauth_request: invalid user deploy [preauth]
Jun 26 13:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Failed password for invalid user deploy from 217.160.226.51 port 39098 ssh2
Jun 26 13:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Received disconnect from 217.160.226.51 port 39098:11: Bye Bye [preauth]
Jun 26 13:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Disconnected from 217.160.226.51 port 39098 [preauth]
Jun 26 13:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Did not receive identification string from 47.254.192.213
Jun 26 13:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: Invalid user  from 47.254.192.213
Jun 26 13:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: input_userauth_request: invalid user  [preauth]
Jun 26 13:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27905]: Connection closed by 47.254.192.213 port 16494 [preauth]
Jun 26 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26587]: pam_unix(cron:session): session closed for user root
Jun 26 13:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: Invalid user AdminGPON from 45.148.10.121
Jun 26 13:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: input_userauth_request: invalid user AdminGPON [preauth]
Jun 26 13:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: Failed password for invalid user AdminGPON from 45.148.10.121 port 60258 ssh2
Jun 26 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: Connection closed by 45.148.10.121 port 60258 [preauth]
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28009]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28008]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28005]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28010]: pam_unix(cron:session): session closed for user root
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28001]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28123]: Successful su for rubyman by root
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28123]: + ??? root:rubyman
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596902 of user rubyman.
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28123]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596902.
Jun 26 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25367]: pam_unix(cron:session): session closed for user root
Jun 26 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28005]: pam_unix(cron:session): session closed for user root
Jun 26 13:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28002]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27076]: pam_unix(cron:session): session closed for user root
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28481]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28479]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28555]: Successful su for rubyman by root
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28555]: + ??? root:rubyman
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596909 of user rubyman.
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28555]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596909.
Jun 26 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session closed for user root
Jun 26 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28480]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51  user=root
Jun 26 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: Failed password for root from 217.160.226.51 port 50678 ssh2
Jun 26 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: Received disconnect from 217.160.226.51 port 50678:11: Bye Bye [preauth]
Jun 26 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: Disconnected from 217.160.226.51 port 50678 [preauth]
Jun 26 13:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session closed for user root
Jun 26 13:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 13:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28960]: Failed password for root from 103.176.20.57 port 37828 ssh2
Jun 26 13:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28960]: Connection closed by 103.176.20.57 port 37828 [preauth]
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29011]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: Successful su for rubyman by root
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: + ??? root:rubyman
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596914 of user rubyman.
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596914.
Jun 26 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26188]: pam_unix(cron:session): session closed for user root
Jun 26 13:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29012]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Invalid user admin from 2.57.121.25
Jun 26 13:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: input_userauth_request: invalid user admin [preauth]
Jun 26 13:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 13:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Failed password for invalid user admin from 2.57.121.25 port 4668 ssh2
Jun 26 13:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Failed password for invalid user admin from 2.57.121.25 port 4668 ssh2
Jun 26 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28009]: pam_unix(cron:session): session closed for user root
Jun 26 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Failed password for invalid user admin from 2.57.121.25 port 4668 ssh2
Jun 26 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Connection closed by 2.57.121.25 port 4668 [preauth]
Jun 26 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29436]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29434]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29512]: Successful su for rubyman by root
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29512]: + ??? root:rubyman
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596916 of user rubyman.
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29512]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596916.
Jun 26 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26586]: pam_unix(cron:session): session closed for user root
Jun 26 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29648]: Failed password for root from 103.172.78.219 port 36952 ssh2
Jun 26 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29648]: Connection closed by 103.172.78.219 port 36952 [preauth]
Jun 26 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Invalid user howard from 217.160.226.51
Jun 26 13:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: input_userauth_request: invalid user howard [preauth]
Jun 26 13:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Failed password for invalid user howard from 217.160.226.51 port 46268 ssh2
Jun 26 13:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Received disconnect from 217.160.226.51 port 46268:11: Bye Bye [preauth]
Jun 26 13:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Disconnected from 217.160.226.51 port 46268 [preauth]
Jun 26 13:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Invalid user paxton from 141.98.83.240
Jun 26 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: input_userauth_request: invalid user paxton [preauth]
Jun 26 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28482]: pam_unix(cron:session): session closed for user root
Jun 26 13:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for invalid user paxton from 141.98.83.240 port 14368 ssh2
Jun 26 13:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for invalid user paxton from 141.98.83.240 port 14368 ssh2
Jun 26 13:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for invalid user paxton from 141.98.83.240 port 14368 ssh2
Jun 26 13:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Connection closed by 141.98.83.240 port 14368 [preauth]
Jun 26 13:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29982]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29981]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29979]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30040]: Successful su for rubyman by root
Jun 26 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30040]: + ??? root:rubyman
Jun 26 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596920 of user rubyman.
Jun 26 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30040]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596920.
Jun 26 13:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27075]: pam_unix(cron:session): session closed for user root
Jun 26 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29980]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29014]: pam_unix(cron:session): session closed for user root
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30402]: pam_unix(cron:session): session closed for user root
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30397]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30469]: Successful su for rubyman by root
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30469]: + ??? root:rubyman
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596928 of user rubyman.
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30469]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596928.
Jun 26 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30399]: pam_unix(cron:session): session closed for user root
Jun 26 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27495]: pam_unix(cron:session): session closed for user root
Jun 26 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30398]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51  user=root
Jun 26 13:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Failed password for root from 217.160.226.51 port 48858 ssh2
Jun 26 13:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Received disconnect from 217.160.226.51 port 48858:11: Bye Bye [preauth]
Jun 26 13:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Disconnected from 217.160.226.51 port 48858 [preauth]
Jun 26 13:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: Did not receive identification string from 66.228.62.150
Jun 26 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29439]: pam_unix(cron:session): session closed for user root
Jun 26 13:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30824]: Connection closed by 172.236.228.222 port 2672 [preauth]
Jun 26 13:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Connection closed by 172.236.228.222 port 2688 [preauth]
Jun 26 13:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: fatal: Unable to negotiate with 172.236.228.222 port 2690: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30852]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: Successful su for rubyman by root
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: + ??? root:rubyman
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596930 of user rubyman.
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596930.
Jun 26 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28008]: pam_unix(cron:session): session closed for user root
Jun 26 13:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29982]: pam_unix(cron:session): session closed for user root
Jun 26 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31351]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: Successful su for rubyman by root
Jun 26 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: + ??? root:rubyman
Jun 26 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596934 of user rubyman.
Jun 26 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596934.
Jun 26 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28481]: pam_unix(cron:session): session closed for user root
Jun 26 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31352]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: Invalid user mb from 217.160.226.51
Jun 26 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: input_userauth_request: invalid user mb [preauth]
Jun 26 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: Failed password for invalid user mb from 217.160.226.51 port 51510 ssh2
Jun 26 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: Received disconnect from 217.160.226.51 port 51510:11: Bye Bye [preauth]
Jun 26 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31699]: Disconnected from 217.160.226.51 port 51510 [preauth]
Jun 26 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30401]: pam_unix(cron:session): session closed for user root
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31854]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31851]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: Successful su for rubyman by root
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: + ??? root:rubyman
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596938 of user rubyman.
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596938.
Jun 26 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29013]: pam_unix(cron:session): session closed for user root
Jun 26 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Failed password for root from 77.94.47.83 port 54918 ssh2
Jun 26 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Connection closed by 77.94.47.83 port 54918 [preauth]
Jun 26 13:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30856]: pam_unix(cron:session): session closed for user root
Jun 26 13:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: Invalid user composer from 217.160.226.51
Jun 26 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: input_userauth_request: invalid user composer [preauth]
Jun 26 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: Failed password for invalid user composer from 217.160.226.51 port 54266 ssh2
Jun 26 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: Received disconnect from 217.160.226.51 port 54266:11: Bye Bye [preauth]
Jun 26 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32264]: Disconnected from 217.160.226.51 port 54266 [preauth]
Jun 26 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32277]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32278]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32275]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32332]: Successful su for rubyman by root
Jun 26 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32332]: + ??? root:rubyman
Jun 26 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596942 of user rubyman.
Jun 26 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32332]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596942.
Jun 26 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29436]: pam_unix(cron:session): session closed for user root
Jun 26 13:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32276]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31355]: pam_unix(cron:session): session closed for user root
Jun 26 13:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: Received disconnect from 23.94.92.98 port 38222:11: disconnected by user [preauth]
Jun 26 13:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: Disconnected from 23.94.92.98 port 38222 [preauth]
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session closed for user root
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32758]: Successful su for rubyman by root
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32758]: + ??? root:rubyman
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596949 of user rubyman.
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32758]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596949.
Jun 26 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32684]: pam_unix(cron:session): session closed for user root
Jun 26 13:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29981]: pam_unix(cron:session): session closed for user root
Jun 26 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31854]: pam_unix(cron:session): session closed for user root
Jun 26 13:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: Received disconnect from 5.161.101.51 port 49950:11: disconnected by user [preauth]
Jun 26 13:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: Disconnected from 5.161.101.51 port 49950 [preauth]
Jun 26 13:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Invalid user admin from 217.160.226.51
Jun 26 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: input_userauth_request: invalid user admin [preauth]
Jun 26 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Failed password for invalid user admin from 217.160.226.51 port 51152 ssh2
Jun 26 13:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Received disconnect from 217.160.226.51 port 51152:11: Bye Bye [preauth]
Jun 26 13:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Disconnected from 217.160.226.51 port 51152 [preauth]
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[814]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[811]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[880]: Successful su for rubyman by root
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[880]: + ??? root:rubyman
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596953 of user rubyman.
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[880]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596953.
Jun 26 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30400]: pam_unix(cron:session): session closed for user root
Jun 26 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32278]: pam_unix(cron:session): session closed for user root
Jun 26 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1282]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1280]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1354]: Successful su for rubyman by root
Jun 26 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1354]: + ??? root:rubyman
Jun 26 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596956 of user rubyman.
Jun 26 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1354]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596956.
Jun 26 13:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session closed for user root
Jun 26 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1281]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: Failed password for root from 103.82.20.28 port 50562 ssh2
Jun 26 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: Connection closed by 103.82.20.28 port 50562 [preauth]
Jun 26 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 13:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Failed password for root from 103.77.242.62 port 36336 ssh2
Jun 26 13:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Connection closed by 103.77.242.62 port 36336 [preauth]
Jun 26 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session closed for user root
Jun 26 13:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: Invalid user librenms from 217.160.226.51
Jun 26 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: input_userauth_request: invalid user librenms [preauth]
Jun 26 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: Failed password for invalid user librenms from 217.160.226.51 port 40360 ssh2
Jun 26 13:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: Received disconnect from 217.160.226.51 port 40360:11: Bye Bye [preauth]
Jun 26 13:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1795]: Disconnected from 217.160.226.51 port 40360 [preauth]
Jun 26 13:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: Successful su for rubyman by root
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: + ??? root:rubyman
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596961 of user rubyman.
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596961.
Jun 26 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 26 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Received disconnect from 209.209.8.82 port 48104:11: disconnected by user [preauth]
Jun 26 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Disconnected from 209.209.8.82 port 48104 [preauth]
Jun 26 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session closed for user root
Jun 26 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[815]: pam_unix(cron:session): session closed for user root
Jun 26 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2403]: Successful su for rubyman by root
Jun 26 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2403]: + ??? root:rubyman
Jun 26 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596965 of user rubyman.
Jun 26 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2403]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596965.
Jun 26 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session closed for user root
Jun 26 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session closed for user root
Jun 26 13:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51  user=root
Jun 26 13:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Failed password for root from 217.160.226.51 port 36010 ssh2
Jun 26 13:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Received disconnect from 217.160.226.51 port 36010:11: Bye Bye [preauth]
Jun 26 13:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Disconnected from 217.160.226.51 port 36010 [preauth]
Jun 26 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2774]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2775]: pam_unix(cron:session): session closed for user root
Jun 26 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2842]: Successful su for rubyman by root
Jun 26 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2842]: + ??? root:rubyman
Jun 26 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596971 of user rubyman.
Jun 26 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2842]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596971.
Jun 26 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session closed for user root
Jun 26 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32277]: pam_unix(cron:session): session closed for user root
Jun 26 13:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session closed for user root
Jun 26 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3191]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: Successful su for rubyman by root
Jun 26 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: + ??? root:rubyman
Jun 26 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596975 of user rubyman.
Jun 26 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3260]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596975.
Jun 26 13:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session closed for user root
Jun 26 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3189]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session closed for user root
Jun 26 13:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Invalid user developer from 217.160.226.51
Jun 26 13:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: input_userauth_request: invalid user developer [preauth]
Jun 26 13:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 13:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 13:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Failed password for invalid user developer from 217.160.226.51 port 50618 ssh2
Jun 26 13:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Received disconnect from 217.160.226.51 port 50618:11: Bye Bye [preauth]
Jun 26 13:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Disconnected from 217.160.226.51 port 50618 [preauth]
Jun 26 13:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3575]: Received disconnect from 185.28.37.194 port 52842:11: disconnected by user [preauth]
Jun 26 13:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3575]: Disconnected from 185.28.37.194 port 52842 [preauth]
Jun 26 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3594]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3652]: Successful su for rubyman by root
Jun 26 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3652]: + ??? root:rubyman
Jun 26 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596978 of user rubyman.
Jun 26 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3652]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596978.
Jun 26 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[814]: pam_unix(cron:session): session closed for user root
Jun 26 13:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3595]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 13:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: Failed password for root from 103.122.221.179 port 53258 ssh2
Jun 26 13:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4077]: Connection closed by 103.122.221.179 port 53258 [preauth]
Jun 26 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2774]: pam_unix(cron:session): session closed for user root
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4189]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4190]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4258]: Successful su for rubyman by root
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4258]: + ??? root:rubyman
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596984 of user rubyman.
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4258]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596984.
Jun 26 13:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1282]: pam_unix(cron:session): session closed for user root
Jun 26 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 13:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Failed password for root from 103.149.28.157 port 52086 ssh2
Jun 26 13:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Connection closed by 103.149.28.157 port 52086 [preauth]
Jun 26 13:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51  user=root
Jun 26 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: Failed password for root from 217.160.226.51 port 41434 ssh2
Jun 26 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: Received disconnect from 217.160.226.51 port 41434:11: Bye Bye [preauth]
Jun 26 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: Disconnected from 217.160.226.51 port 41434 [preauth]
Jun 26 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3191]: pam_unix(cron:session): session closed for user root
Jun 26 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session closed for user p13x
Jun 26 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: Successful su for rubyman by root
Jun 26 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: + ??? root:rubyman
Jun 26 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596987 of user rubyman.
Jun 26 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: pam_unix(su:session): session closed for user rubyman
Jun 26 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596987.
Jun 26 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session closed for user root
Jun 26 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session closed for user samftp
Jun 26 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3597]: pam_unix(cron:session): session closed for user root
Jun 26 13:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 13:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 13:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5083]: Failed password for root from 51.250.105.222 port 56682 ssh2
Jun 26 13:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5083]: Connection closed by 51.250.105.222 port 56682 [preauth]
Jun 26 13:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5110]: Connection closed by 192.248.150.180 port 43234 [preauth]
Jun 26 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5119]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5118]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5115]: pam_unix(cron:session): session closed for user root
Jun 26 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5119]: pam_unix(cron:session): session closed for user root
Jun 26 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5113]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5206]: Successful su for rubyman by root
Jun 26 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5206]: + ??? root:rubyman
Jun 26 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596995 of user rubyman.
Jun 26 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5206]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596995.
Jun 26 14:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session closed for user root
Jun 26 14:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5116]: pam_unix(cron:session): session closed for user root
Jun 26 14:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5114]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: Invalid user johnny from 217.160.226.51
Jun 26 14:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: input_userauth_request: invalid user johnny [preauth]
Jun 26 14:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: Failed password for invalid user johnny from 217.160.226.51 port 49782 ssh2
Jun 26 14:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: Received disconnect from 217.160.226.51 port 49782:11: Bye Bye [preauth]
Jun 26 14:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: Disconnected from 217.160.226.51 port 49782 [preauth]
Jun 26 14:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4190]: pam_unix(cron:session): session closed for user root
Jun 26 14:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: Failed password for root from 103.27.238.120 port 60422 ssh2
Jun 26 14:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5540]: Connection closed by 103.27.238.120 port 60422 [preauth]
Jun 26 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5624]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5688]: Successful su for rubyman by root
Jun 26 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5688]: + ??? root:rubyman
Jun 26 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 596998 of user rubyman.
Jun 26 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5688]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 596998.
Jun 26 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session closed for user root
Jun 26 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: Received disconnect from 172.110.219.251 port 54900:11: disconnected by user [preauth]
Jun 26 14:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: Disconnected from 172.110.219.251 port 54900 [preauth]
Jun 26 14:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 14:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: Failed password for root from 103.153.68.219 port 56000 ssh2
Jun 26 14:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: Connection closed by 103.153.68.219 port 56000 [preauth]
Jun 26 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session closed for user root
Jun 26 14:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 14:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Failed password for root from 202.178.126.219 port 58771 ssh2
Jun 26 14:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Connection closed by 202.178.126.219 port 58771 [preauth]
Jun 26 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6086]: Successful su for rubyman by root
Jun 26 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6086]: + ??? root:rubyman
Jun 26 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597001 of user rubyman.
Jun 26 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6086]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597001.
Jun 26 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3190]: pam_unix(cron:session): session closed for user root
Jun 26 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Invalid user mcserver from 217.160.226.51
Jun 26 14:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: input_userauth_request: invalid user mcserver [preauth]
Jun 26 14:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Failed password for invalid user mcserver from 217.160.226.51 port 58100 ssh2
Jun 26 14:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Received disconnect from 217.160.226.51 port 58100:11: Bye Bye [preauth]
Jun 26 14:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Disconnected from 217.160.226.51 port 58100 [preauth]
Jun 26 14:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5118]: pam_unix(cron:session): session closed for user root
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6421]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6419]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6477]: Successful su for rubyman by root
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6477]: + ??? root:rubyman
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597005 of user rubyman.
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6477]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597005.
Jun 26 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3596]: pam_unix(cron:session): session closed for user root
Jun 26 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5627]: pam_unix(cron:session): session closed for user root
Jun 26 14:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51  user=root
Jun 26 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6828]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6825]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: Failed password for root from 217.160.226.51 port 49960 ssh2
Jun 26 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6887]: Successful su for rubyman by root
Jun 26 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6887]: + ??? root:rubyman
Jun 26 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597009 of user rubyman.
Jun 26 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6887]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597009.
Jun 26 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: Received disconnect from 217.160.226.51 port 49960:11: Bye Bye [preauth]
Jun 26 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: Disconnected from 217.160.226.51 port 49960 [preauth]
Jun 26 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4189]: pam_unix(cron:session): session closed for user root
Jun 26 14:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6826]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session closed for user root
Jun 26 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7327]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7327]: pam_unix(cron:session): session closed for user root
Jun 26 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7397]: Successful su for rubyman by root
Jun 26 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7397]: + ??? root:rubyman
Jun 26 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597015 of user rubyman.
Jun 26 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7397]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597015.
Jun 26 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user root
Jun 26 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session closed for user root
Jun 26 14:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session closed for user root
Jun 26 14:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: Invalid user user3 from 217.160.226.51
Jun 26 14:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: input_userauth_request: invalid user user3 [preauth]
Jun 26 14:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: Failed password for invalid user user3 from 217.160.226.51 port 44392 ssh2
Jun 26 14:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: Received disconnect from 217.160.226.51 port 44392:11: Bye Bye [preauth]
Jun 26 14:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: Disconnected from 217.160.226.51 port 44392 [preauth]
Jun 26 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7849]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7847]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7911]: Successful su for rubyman by root
Jun 26 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7911]: + ??? root:rubyman
Jun 26 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597019 of user rubyman.
Jun 26 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7911]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597019.
Jun 26 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5117]: pam_unix(cron:session): session closed for user root
Jun 26 14:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7848]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6828]: pam_unix(cron:session): session closed for user root
Jun 26 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 14:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Invalid user kami from 2.57.121.112
Jun 26 14:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: input_userauth_request: invalid user kami [preauth]
Jun 26 14:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Failed password for root from 38.93.206.2 port 49282 ssh2
Jun 26 14:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Connection closed by 38.93.206.2 port 49282 [preauth]
Jun 26 14:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 14:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Failed password for invalid user kami from 2.57.121.112 port 28520 ssh2
Jun 26 14:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Failed password for invalid user kami from 2.57.121.112 port 28520 ssh2
Jun 26 14:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Failed password for invalid user kami from 2.57.121.112 port 28520 ssh2
Jun 26 14:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Failed password for invalid user kami from 2.57.121.112 port 28520 ssh2
Jun 26 14:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Failed password for invalid user kami from 2.57.121.112 port 28520 ssh2
Jun 26 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Connection closed by 2.57.121.112 port 28520 [preauth]
Jun 26 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 26 14:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: Did not receive identification string from 195.178.110.217
Jun 26 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8245]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8304]: Successful su for rubyman by root
Jun 26 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8304]: + ??? root:rubyman
Jun 26 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597023 of user rubyman.
Jun 26 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8304]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597023.
Jun 26 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session closed for user root
Jun 26 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8246]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session closed for user root
Jun 26 14:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Invalid user traefik from 217.160.226.51
Jun 26 14:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: input_userauth_request: invalid user traefik [preauth]
Jun 26 14:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Failed password for invalid user traefik from 217.160.226.51 port 58662 ssh2
Jun 26 14:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Received disconnect from 217.160.226.51 port 58662:11: Bye Bye [preauth]
Jun 26 14:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Disconnected from 217.160.226.51 port 58662 [preauth]
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8643]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8702]: Successful su for rubyman by root
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8702]: + ??? root:rubyman
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597027 of user rubyman.
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8702]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597027.
Jun 26 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6030]: pam_unix(cron:session): session closed for user root
Jun 26 14:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8644]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session closed for user root
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9162]: Successful su for rubyman by root
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9162]: + ??? root:rubyman
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597033 of user rubyman.
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9162]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597033.
Jun 26 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session closed for user root
Jun 26 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6421]: pam_unix(cron:session): session closed for user root
Jun 26 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9048]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: Invalid user peter from 141.98.83.240
Jun 26 14:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: input_userauth_request: invalid user peter [preauth]
Jun 26 14:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 14:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: Failed password for invalid user peter from 141.98.83.240 port 38870 ssh2
Jun 26 14:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: Failed password for invalid user peter from 141.98.83.240 port 38870 ssh2
Jun 26 14:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: Failed password for invalid user peter from 141.98.83.240 port 38870 ssh2
Jun 26 14:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: Connection closed by 141.98.83.240 port 38870 [preauth]
Jun 26 14:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9383]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 14:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8248]: pam_unix(cron:session): session closed for user root
Jun 26 14:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Invalid user webuser from 217.160.226.51
Jun 26 14:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: input_userauth_request: invalid user webuser [preauth]
Jun 26 14:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Failed password for invalid user webuser from 217.160.226.51 port 36834 ssh2
Jun 26 14:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Received disconnect from 217.160.226.51 port 36834:11: Bye Bye [preauth]
Jun 26 14:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Disconnected from 217.160.226.51 port 36834 [preauth]
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session closed for user root
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9521]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: Successful su for rubyman by root
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: + ??? root:rubyman
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597039 of user rubyman.
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597039.
Jun 26 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session closed for user root
Jun 26 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6827]: pam_unix(cron:session): session closed for user root
Jun 26 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 14:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: Failed password for root from 103.77.175.15 port 53520 ssh2
Jun 26 14:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: Connection closed by 103.77.175.15 port 53520 [preauth]
Jun 26 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8646]: pam_unix(cron:session): session closed for user root
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10200]: Successful su for rubyman by root
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10200]: + ??? root:rubyman
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597042 of user rubyman.
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10200]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597042.
Jun 26 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user root
Jun 26 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9051]: pam_unix(cron:session): session closed for user root
Jun 26 14:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Invalid user fran from 217.160.226.51
Jun 26 14:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: input_userauth_request: invalid user fran [preauth]
Jun 26 14:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Failed password for invalid user fran from 217.160.226.51 port 37800 ssh2
Jun 26 14:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Received disconnect from 217.160.226.51 port 37800:11: Bye Bye [preauth]
Jun 26 14:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Disconnected from 217.160.226.51 port 37800 [preauth]
Jun 26 14:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10637]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10635]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 26 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10701]: Successful su for rubyman by root
Jun 26 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10701]: + ??? root:rubyman
Jun 26 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597047 of user rubyman.
Jun 26 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10701]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597047.
Jun 26 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10621]: Failed password for root from 195.178.110.217 port 52536 ssh2
Jun 26 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10621]: Connection closed by 195.178.110.217 port 52536 [preauth]
Jun 26 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7849]: pam_unix(cron:session): session closed for user root
Jun 26 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10636]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session closed for user root
Jun 26 14:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Received disconnect from 96.127.175.154 port 34834:11: disconnected by user [preauth]
Jun 26 14:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Disconnected from 96.127.175.154 port 34834 [preauth]
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11058]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11055]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11118]: Successful su for rubyman by root
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11118]: + ??? root:rubyman
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597052 of user rubyman.
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11118]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597052.
Jun 26 14:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8247]: pam_unix(cron:session): session closed for user root
Jun 26 14:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11056]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session closed for user root
Jun 26 14:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Invalid user ftpuser2 from 217.160.226.51
Jun 26 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: input_userauth_request: invalid user ftpuser2 [preauth]
Jun 26 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Failed password for invalid user ftpuser2 from 217.160.226.51 port 55912 ssh2
Jun 26 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Received disconnect from 217.160.226.51 port 55912:11: Bye Bye [preauth]
Jun 26 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Disconnected from 217.160.226.51 port 55912 [preauth]
Jun 26 14:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 26 14:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: Failed password for root from 195.178.110.217 port 55722 ssh2
Jun 26 14:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: Connection closed by 195.178.110.217 port 55722 [preauth]
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11475]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11540]: Successful su for rubyman by root
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11540]: + ??? root:rubyman
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597054 of user rubyman.
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11540]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597054.
Jun 26 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8645]: pam_unix(cron:session): session closed for user root
Jun 26 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11476]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 26 14:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Failed password for root from 45.148.10.121 port 38742 ssh2
Jun 26 14:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Connection closed by 45.148.10.121 port 38742 [preauth]
Jun 26 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10638]: pam_unix(cron:session): session closed for user root
Jun 26 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11942]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11941]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11940]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11942]: pam_unix(cron:session): session closed for user root
Jun 26 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11918]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12013]: Successful su for rubyman by root
Jun 26 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12013]: + ??? root:rubyman
Jun 26 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597062 of user rubyman.
Jun 26 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12013]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597062.
Jun 26 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session closed for user root
Jun 26 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9049]: pam_unix(cron:session): session closed for user root
Jun 26 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11919]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 26 14:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Received disconnect from 188.44.20.32 port 59080:11: disconnected by user [preauth]
Jun 26 14:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Disconnected from 188.44.20.32 port 59080 [preauth]
Jun 26 14:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11058]: pam_unix(cron:session): session closed for user root
Jun 26 14:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Invalid user user from 217.160.226.51
Jun 26 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: input_userauth_request: invalid user user [preauth]
Jun 26 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Failed password for invalid user user from 217.160.226.51 port 54136 ssh2
Jun 26 14:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Received disconnect from 217.160.226.51 port 54136:11: Bye Bye [preauth]
Jun 26 14:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Disconnected from 217.160.226.51 port 54136 [preauth]
Jun 26 14:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 26 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Failed password for root from 195.178.110.217 port 58780 ssh2
Jun 26 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Connection closed by 195.178.110.217 port 58780 [preauth]
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12562]: Successful su for rubyman by root
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12562]: + ??? root:rubyman
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597064 of user rubyman.
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12562]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597064.
Jun 26 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session closed for user root
Jun 26 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: Received disconnect from 68.235.62.179 port 10146:11: disconnected by user [preauth]
Jun 26 14:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: Disconnected from 68.235.62.179 port 10146 [preauth]
Jun 26 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11482]: pam_unix(cron:session): session closed for user root
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12914]: pam_unix(cron:session): session closed for user root
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12977]: Successful su for rubyman by root
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12977]: + ??? root:rubyman
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597070 of user rubyman.
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12977]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597070.
Jun 26 14:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10126]: pam_unix(cron:session): session closed for user root
Jun 26 14:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Invalid user itadmin from 217.160.226.51
Jun 26 14:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: input_userauth_request: invalid user itadmin [preauth]
Jun 26 14:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Failed password for invalid user itadmin from 217.160.226.51 port 43256 ssh2
Jun 26 14:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Received disconnect from 217.160.226.51 port 43256:11: Bye Bye [preauth]
Jun 26 14:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Disconnected from 217.160.226.51 port 43256 [preauth]
Jun 26 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11941]: pam_unix(cron:session): session closed for user root
Jun 26 14:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 26 14:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: Failed password for root from 195.178.110.217 port 33630 ssh2
Jun 26 14:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13317]: Connection closed by 195.178.110.217 port 33630 [preauth]
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13332]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13329]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13391]: Successful su for rubyman by root
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13391]: + ??? root:rubyman
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597074 of user rubyman.
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13391]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597074.
Jun 26 14:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10637]: pam_unix(cron:session): session closed for user root
Jun 26 14:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13330]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session closed for user root
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13727]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13798]: Successful su for rubyman by root
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13798]: + ??? root:rubyman
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597077 of user rubyman.
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13798]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597077.
Jun 26 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11057]: pam_unix(cron:session): session closed for user root
Jun 26 14:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13728]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: Invalid user satisfactory from 217.160.226.51
Jun 26 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: input_userauth_request: invalid user satisfactory [preauth]
Jun 26 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: Failed password for invalid user satisfactory from 217.160.226.51 port 47846 ssh2
Jun 26 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: Received disconnect from 217.160.226.51 port 47846:11: Bye Bye [preauth]
Jun 26 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14021]: Disconnected from 217.160.226.51 port 47846 [preauth]
Jun 26 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session closed for user root
Jun 26 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14135]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14136]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14138]: pam_unix(cron:session): session closed for user root
Jun 26 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14133]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: Successful su for rubyman by root
Jun 26 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: + ??? root:rubyman
Jun 26 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597084 of user rubyman.
Jun 26 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597084.
Jun 26 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14135]: pam_unix(cron:session): session closed for user root
Jun 26 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11477]: pam_unix(cron:session): session closed for user root
Jun 26 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.217  user=root
Jun 26 14:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: Failed password for root from 195.178.110.217 port 36698 ssh2
Jun 26 14:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: Connection closed by 195.178.110.217 port 36698 [preauth]
Jun 26 14:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: Received disconnect from 172.245.225.106 port 34784:11: disconnected by user [preauth]
Jun 26 14:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14467]: Disconnected from 172.245.225.106 port 34784 [preauth]
Jun 26 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13332]: pam_unix(cron:session): session closed for user root
Jun 26 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 14:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Failed password for root from 193.37.70.224 port 54478 ssh2
Jun 26 14:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Connection closed by 193.37.70.224 port 54478 [preauth]
Jun 26 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14555]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14627]: Successful su for rubyman by root
Jun 26 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14627]: + ??? root:rubyman
Jun 26 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597087 of user rubyman.
Jun 26 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14627]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597087.
Jun 26 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11940]: pam_unix(cron:session): session closed for user root
Jun 26 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14556]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51  user=root
Jun 26 14:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Failed password for root from 217.160.226.51 port 56590 ssh2
Jun 26 14:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Received disconnect from 217.160.226.51 port 56590:11: Bye Bye [preauth]
Jun 26 14:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Disconnected from 217.160.226.51 port 56590 [preauth]
Jun 26 14:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 14:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 14:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Failed password for root from 62.133.62.83 port 40524 ssh2
Jun 26 14:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Connection closed by 62.133.62.83 port 40524 [preauth]
Jun 26 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13731]: pam_unix(cron:session): session closed for user root
Jun 26 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Failed password for root from 103.82.132.16 port 50916 ssh2
Jun 26 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Connection closed by 103.82.132.16 port 50916 [preauth]
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15117]: Successful su for rubyman by root
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15117]: + ??? root:rubyman
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597092 of user rubyman.
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15117]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597092.
Jun 26 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session closed for user root
Jun 26 14:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14137]: pam_unix(cron:session): session closed for user root
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15455]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15454]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15452]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15511]: Successful su for rubyman by root
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15511]: + ??? root:rubyman
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597096 of user rubyman.
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15511]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597096.
Jun 26 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session closed for user root
Jun 26 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Invalid user morgan from 217.160.226.51
Jun 26 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: input_userauth_request: invalid user morgan [preauth]
Jun 26 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Failed password for invalid user morgan from 217.160.226.51 port 41712 ssh2
Jun 26 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Received disconnect from 217.160.226.51 port 41712:11: Bye Bye [preauth]
Jun 26 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Disconnected from 217.160.226.51 port 41712 [preauth]
Jun 26 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14558]: pam_unix(cron:session): session closed for user root
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15842]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15843]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15840]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15900]: Successful su for rubyman by root
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15900]: + ??? root:rubyman
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597101 of user rubyman.
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15900]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597101.
Jun 26 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13331]: pam_unix(cron:session): session closed for user root
Jun 26 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15841]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15056]: pam_unix(cron:session): session closed for user root
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16229]: pam_unix(cron:session): session closed for user root
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16224]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16289]: Successful su for rubyman by root
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16289]: + ??? root:rubyman
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597105 of user rubyman.
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16289]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597105.
Jun 26 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16226]: pam_unix(cron:session): session closed for user root
Jun 26 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13729]: pam_unix(cron:session): session closed for user root
Jun 26 14:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Invalid user gmodserver from 217.160.226.51
Jun 26 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: input_userauth_request: invalid user gmodserver [preauth]
Jun 26 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.226.51
Jun 26 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Failed password for invalid user gmodserver from 217.160.226.51 port 57458 ssh2
Jun 26 14:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Received disconnect from 217.160.226.51 port 57458:11: Bye Bye [preauth]
Jun 26 14:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Disconnected from 217.160.226.51 port 57458 [preauth]
Jun 26 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15455]: pam_unix(cron:session): session closed for user root
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16655]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16719]: Successful su for rubyman by root
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16719]: + ??? root:rubyman
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597109 of user rubyman.
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16719]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597109.
Jun 26 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16656]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14136]: pam_unix(cron:session): session closed for user root
Jun 26 14:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: Invalid user admin from 139.19.117.131
Jun 26 14:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: input_userauth_request: invalid user admin [preauth]
Jun 26 14:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17014]: Connection closed by 139.19.117.131 port 44460 [preauth]
Jun 26 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15843]: pam_unix(cron:session): session closed for user root
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17155]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17154]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17152]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17209]: Successful su for rubyman by root
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17209]: + ??? root:rubyman
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597113 of user rubyman.
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17209]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597113.
Jun 26 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14557]: pam_unix(cron:session): session closed for user root
Jun 26 14:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17153]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16228]: pam_unix(cron:session): session closed for user root
Jun 26 14:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Invalid user test from 193.46.255.86
Jun 26 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: input_userauth_request: invalid user test [preauth]
Jun 26 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 14:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Failed password for invalid user test from 193.46.255.86 port 25718 ssh2
Jun 26 14:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Failed password for invalid user test from 193.46.255.86 port 25718 ssh2
Jun 26 14:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Failed password for invalid user test from 193.46.255.86 port 25718 ssh2
Jun 26 14:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Connection closed by 193.46.255.86 port 25718 [preauth]
Jun 26 14:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 14:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 14:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Failed password for root from 194.113.233.25 port 56076 ssh2
Jun 26 14:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Connection closed by 194.113.233.25 port 56076 [preauth]
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17565]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17564]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17619]: Successful su for rubyman by root
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17619]: + ??? root:rubyman
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597117 of user rubyman.
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17619]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597117.
Jun 26 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15055]: pam_unix(cron:session): session closed for user root
Jun 26 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session closed for user root
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18074]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18135]: Successful su for rubyman by root
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18135]: + ??? root:rubyman
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597123 of user rubyman.
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18135]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597123.
Jun 26 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15454]: pam_unix(cron:session): session closed for user root
Jun 26 14:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18075]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17155]: pam_unix(cron:session): session closed for user root
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18574]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session closed for user root
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18574]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18644]: Successful su for rubyman by root
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18644]: + ??? root:rubyman
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597127 of user rubyman.
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18644]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597127.
Jun 26 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session closed for user root
Jun 26 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15842]: pam_unix(cron:session): session closed for user root
Jun 26 14:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 14:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: Failed password for root from 109.237.96.109 port 47658 ssh2
Jun 26 14:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: Connection closed by 109.237.96.109 port 47658 [preauth]
Jun 26 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17565]: pam_unix(cron:session): session closed for user root
Jun 26 14:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18979]: Connection closed by 194.59.206.2 port 36354 [preauth]
Jun 26 14:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19004]: Received disconnect from 104.194.10.248 port 38178:11: disconnected by user [preauth]
Jun 26 14:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19004]: Disconnected from 104.194.10.248 port 38178 [preauth]
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19033]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19031]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19098]: Successful su for rubyman by root
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19098]: + ??? root:rubyman
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597131 of user rubyman.
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19098]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597131.
Jun 26 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session closed for user root
Jun 26 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19032]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session closed for user root
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19799]: Successful su for rubyman by root
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19799]: + ??? root:rubyman
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597135 of user rubyman.
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19799]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597135.
Jun 26 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session closed for user root
Jun 26 14:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19726]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18578]: pam_unix(cron:session): session closed for user root
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20235]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20237]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20231]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: Successful su for rubyman by root
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: + ??? root:rubyman
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597139 of user rubyman.
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597139.
Jun 26 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17154]: pam_unix(cron:session): session closed for user root
Jun 26 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20232]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19034]: pam_unix(cron:session): session closed for user root
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20800]: Successful su for rubyman by root
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20800]: + ??? root:rubyman
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597143 of user rubyman.
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20800]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597143.
Jun 26 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17564]: pam_unix(cron:session): session closed for user root
Jun 26 14:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20666]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19729]: pam_unix(cron:session): session closed for user root
Jun 26 14:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 14:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Failed password for root from 103.27.238.114 port 49608 ssh2
Jun 26 14:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21077]: Connection closed by 103.27.238.114 port 49608 [preauth]
Jun 26 14:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 26 14:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: Failed password for root from 46.19.67.181 port 50132 ssh2
Jun 26 14:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: Connection closed by 46.19.67.181 port 50132 [preauth]
Jun 26 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Invalid user postgres from 141.98.83.240
Jun 26 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: input_userauth_request: invalid user postgres [preauth]
Jun 26 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 14:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Failed password for invalid user postgres from 141.98.83.240 port 28820 ssh2
Jun 26 14:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Failed password for invalid user postgres from 141.98.83.240 port 28820 ssh2
Jun 26 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Failed password for invalid user postgres from 141.98.83.240 port 28820 ssh2
Jun 26 14:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Connection closed by 141.98.83.240 port 28820 [preauth]
Jun 26 14:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session closed for user root
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21220]: Successful su for rubyman by root
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21220]: + ??? root:rubyman
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597147 of user rubyman.
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21220]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597147.
Jun 26 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session closed for user root
Jun 26 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session closed for user root
Jun 26 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20237]: pam_unix(cron:session): session closed for user root
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: Successful su for rubyman by root
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: + ??? root:rubyman
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597153 of user rubyman.
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597153.
Jun 26 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session closed for user root
Jun 26 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session closed for user root
Jun 26 14:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 14:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Failed password for root from 87.251.79.125 port 37510 ssh2
Jun 26 14:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Connection closed by 87.251.79.125 port 37510 [preauth]
Jun 26 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22023]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: Successful su for rubyman by root
Jun 26 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: + ??? root:rubyman
Jun 26 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597157 of user rubyman.
Jun 26 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597157.
Jun 26 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19033]: pam_unix(cron:session): session closed for user root
Jun 26 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22024]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session closed for user root
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22515]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22512]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22573]: Successful su for rubyman by root
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22573]: + ??? root:rubyman
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597161 of user rubyman.
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22573]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597161.
Jun 26 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19728]: pam_unix(cron:session): session closed for user root
Jun 26 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: Invalid user admin from 2.57.121.25
Jun 26 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: input_userauth_request: invalid user admin [preauth]
Jun 26 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 14:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: Failed password for invalid user admin from 2.57.121.25 port 56920 ssh2
Jun 26 14:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: Failed password for invalid user admin from 2.57.121.25 port 56920 ssh2
Jun 26 14:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: Failed password for invalid user admin from 2.57.121.25 port 56920 ssh2
Jun 26 14:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: Connection closed by 2.57.121.25 port 56920 [preauth]
Jun 26 14:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 14:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session closed for user root
Jun 26 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22930]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22928]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23041]: Successful su for rubyman by root
Jun 26 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23041]: + ??? root:rubyman
Jun 26 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597166 of user rubyman.
Jun 26 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23041]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597166.
Jun 26 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22926]: pam_unix(cron:session): session closed for user root
Jun 26 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20235]: pam_unix(cron:session): session closed for user root
Jun 26 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22929]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22026]: pam_unix(cron:session): session closed for user root
Jun 26 14:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 14:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: Failed password for root from 147.45.199.80 port 34530 ssh2
Jun 26 14:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23418]: Connection closed by 147.45.199.80 port 34530 [preauth]
Jun 26 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23434]: pam_unix(cron:session): session closed for user root
Jun 26 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23429]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23500]: Successful su for rubyman by root
Jun 26 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23500]: + ??? root:rubyman
Jun 26 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597174 of user rubyman.
Jun 26 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23500]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597174.
Jun 26 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23431]: pam_unix(cron:session): session closed for user root
Jun 26 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session closed for user root
Jun 26 14:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23430]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22515]: pam_unix(cron:session): session closed for user root
Jun 26 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24043]: Successful su for rubyman by root
Jun 26 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24043]: + ??? root:rubyman
Jun 26 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597176 of user rubyman.
Jun 26 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24043]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597176.
Jun 26 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session closed for user root
Jun 26 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22931]: pam_unix(cron:session): session closed for user root
Jun 26 14:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: Received disconnect from 148.113.201.25 port 51544:11: disconnected by user [preauth]
Jun 26 14:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: Disconnected from 148.113.201.25 port 51544 [preauth]
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24399]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24463]: Successful su for rubyman by root
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24463]: + ??? root:rubyman
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597181 of user rubyman.
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24463]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597181.
Jun 26 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21610]: pam_unix(cron:session): session closed for user root
Jun 26 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24400]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23433]: pam_unix(cron:session): session closed for user root
Jun 26 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24831]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24889]: Successful su for rubyman by root
Jun 26 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24889]: + ??? root:rubyman
Jun 26 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597185 of user rubyman.
Jun 26 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24889]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597185.
Jun 26 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22025]: pam_unix(cron:session): session closed for user root
Jun 26 14:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24832]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session closed for user root
Jun 26 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25228]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25285]: Successful su for rubyman by root
Jun 26 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25285]: + ??? root:rubyman
Jun 26 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597190 of user rubyman.
Jun 26 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25285]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597190.
Jun 26 14:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22514]: pam_unix(cron:session): session closed for user root
Jun 26 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25229]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24402]: pam_unix(cron:session): session closed for user root
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25614]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session closed for user root
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25680]: Successful su for rubyman by root
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25680]: + ??? root:rubyman
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597193 of user rubyman.
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25680]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597193.
Jun 26 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25614]: pam_unix(cron:session): session closed for user root
Jun 26 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22930]: pam_unix(cron:session): session closed for user root
Jun 26 14:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24834]: pam_unix(cron:session): session closed for user root
Jun 26 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26038]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26033]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26037]: pam_unix(cron:session): session closed for user root
Jun 26 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26106]: Successful su for rubyman by root
Jun 26 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26106]: + ??? root:rubyman
Jun 26 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597198 of user rubyman.
Jun 26 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26106]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597198.
Jun 26 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23432]: pam_unix(cron:session): session closed for user root
Jun 26 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26034]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25231]: pam_unix(cron:session): session closed for user root
Jun 26 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 14:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: Failed password for root from 80.66.85.226 port 48888 ssh2
Jun 26 14:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: Connection closed by 80.66.85.226 port 48888 [preauth]
Jun 26 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26443]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26441]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26502]: Successful su for rubyman by root
Jun 26 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26502]: + ??? root:rubyman
Jun 26 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597205 of user rubyman.
Jun 26 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26502]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597205.
Jun 26 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session closed for user root
Jun 26 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26442]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 14:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Failed password for root from 103.15.222.183 port 47050 ssh2
Jun 26 14:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Connection closed by 103.15.222.183 port 47050 [preauth]
Jun 26 14:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Invalid user user from 45.148.10.121
Jun 26 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: input_userauth_request: invalid user user [preauth]
Jun 26 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 14:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Failed password for invalid user user from 45.148.10.121 port 33620 ssh2
Jun 26 14:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Connection closed by 45.148.10.121 port 33620 [preauth]
Jun 26 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session closed for user root
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26926]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26927]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26922]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26985]: Successful su for rubyman by root
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26985]: + ??? root:rubyman
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597207 of user rubyman.
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26985]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597207.
Jun 26 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24401]: pam_unix(cron:session): session closed for user root
Jun 26 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26038]: pam_unix(cron:session): session closed for user root
Jun 26 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27350]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27346]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27409]: Successful su for rubyman by root
Jun 26 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27409]: + ??? root:rubyman
Jun 26 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597211 of user rubyman.
Jun 26 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27409]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597211.
Jun 26 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24833]: pam_unix(cron:session): session closed for user root
Jun 26 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26444]: pam_unix(cron:session): session closed for user root
Jun 26 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: Failed password for root from 38.93.206.2 port 41900 ssh2
Jun 26 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: Connection closed by 38.93.206.2 port 41900 [preauth]
Jun 26 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27757]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27756]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27758]: pam_unix(cron:session): session closed for user root
Jun 26 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27752]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27821]: Successful su for rubyman by root
Jun 26 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27821]: + ??? root:rubyman
Jun 26 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597216 of user rubyman.
Jun 26 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27821]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597216.
Jun 26 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27755]: pam_unix(cron:session): session closed for user root
Jun 26 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25230]: pam_unix(cron:session): session closed for user root
Jun 26 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27754]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26927]: pam_unix(cron:session): session closed for user root
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28246]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28243]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28309]: Successful su for rubyman by root
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28309]: + ??? root:rubyman
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597221 of user rubyman.
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28309]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597221.
Jun 26 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25615]: pam_unix(cron:session): session closed for user root
Jun 26 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28244]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27350]: pam_unix(cron:session): session closed for user root
Jun 26 14:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 14:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: Failed password for root from 103.27.238.116 port 36848 ssh2
Jun 26 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: Connection closed by 103.27.238.116 port 36848 [preauth]
Jun 26 14:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28752]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28755]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28750]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28813]: Successful su for rubyman by root
Jun 26 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28813]: + ??? root:rubyman
Jun 26 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597225 of user rubyman.
Jun 26 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28813]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597225.
Jun 26 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26036]: pam_unix(cron:session): session closed for user root
Jun 26 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: Failed password for root from 202.178.126.219 port 44653 ssh2
Jun 26 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: Connection closed by 202.178.126.219 port 44653 [preauth]
Jun 26 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27757]: pam_unix(cron:session): session closed for user root
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29168]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29233]: Successful su for rubyman by root
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29233]: + ??? root:rubyman
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597230 of user rubyman.
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29233]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597230.
Jun 26 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26443]: pam_unix(cron:session): session closed for user root
Jun 26 14:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29169]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28247]: pam_unix(cron:session): session closed for user root
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29684]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29685]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29681]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29768]: Successful su for rubyman by root
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29768]: + ??? root:rubyman
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597235 of user rubyman.
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29768]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597235.
Jun 26 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26926]: pam_unix(cron:session): session closed for user root
Jun 26 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29682]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28755]: pam_unix(cron:session): session closed for user root
Jun 26 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30133]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30134]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30138]: pam_unix(cron:session): session closed for user root
Jun 26 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30130]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: Successful su for rubyman by root
Jun 26 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: + ??? root:rubyman
Jun 26 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597237 of user rubyman.
Jun 26 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597237.
Jun 26 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30133]: pam_unix(cron:session): session closed for user root
Jun 26 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session closed for user root
Jun 26 14:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30132]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29171]: pam_unix(cron:session): session closed for user root
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30575]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30654]: Successful su for rubyman by root
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30654]: + ??? root:rubyman
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597245 of user rubyman.
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30654]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597245.
Jun 26 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27756]: pam_unix(cron:session): session closed for user root
Jun 26 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30576]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29685]: pam_unix(cron:session): session closed for user root
Jun 26 14:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 14:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 26 14:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: Failed password for root from 89.223.69.22 port 41610 ssh2
Jun 26 14:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: Connection closed by 89.223.69.22 port 41610 [preauth]
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31085]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31148]: Successful su for rubyman by root
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31148]: + ??? root:rubyman
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597250 of user rubyman.
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31148]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597250.
Jun 26 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28246]: pam_unix(cron:session): session closed for user root
Jun 26 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30137]: pam_unix(cron:session): session closed for user root
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31489]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31561]: Successful su for rubyman by root
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31561]: + ??? root:rubyman
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597253 of user rubyman.
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31561]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597253.
Jun 26 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28752]: pam_unix(cron:session): session closed for user root
Jun 26 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31490]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30578]: pam_unix(cron:session): session closed for user root
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31996]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31997]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31994]: pam_unix(cron:session): session closed for user p13x
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32062]: Successful su for rubyman by root
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32062]: + ??? root:rubyman
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597256 of user rubyman.
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32062]: pam_unix(su:session): session closed for user rubyman
Jun 26 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597256.
Jun 26 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29170]: pam_unix(cron:session): session closed for user root
Jun 26 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31995]: pam_unix(cron:session): session closed for user samftp
Jun 26 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session closed for user root
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32395]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32394]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32402]: pam_unix(cron:session): session closed for user root
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32394]: pam_unix(cron:session): session closed for user root
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32392]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32498]: Successful su for rubyman by root
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32498]: + ??? root:rubyman
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597259 of user rubyman.
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32498]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597259.
Jun 26 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32395]: pam_unix(cron:session): session closed for user root
Jun 26 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29684]: pam_unix(cron:session): session closed for user root
Jun 26 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32393]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Invalid user reyna from 141.98.83.240
Jun 26 15:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: input_userauth_request: invalid user reyna [preauth]
Jun 26 15:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 15:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Failed password for invalid user reyna from 141.98.83.240 port 58460 ssh2
Jun 26 15:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Received disconnect from 102.223.47.171 port 58818:11: disconnected by user [preauth]
Jun 26 15:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Disconnected from 102.223.47.171 port 58818 [preauth]
Jun 26 15:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Failed password for invalid user reyna from 141.98.83.240 port 58460 ssh2
Jun 26 15:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session closed for user root
Jun 26 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Failed password for invalid user reyna from 141.98.83.240 port 58460 ssh2
Jun 26 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Connection closed by 141.98.83.240 port 58460 [preauth]
Jun 26 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[588]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[585]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[657]: Successful su for rubyman by root
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[657]: + ??? root:rubyman
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597267 of user rubyman.
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[657]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597267.
Jun 26 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30134]: pam_unix(cron:session): session closed for user root
Jun 26 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[586]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31997]: pam_unix(cron:session): session closed for user root
Jun 26 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1118]: Successful su for rubyman by root
Jun 26 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1118]: + ??? root:rubyman
Jun 26 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597270 of user rubyman.
Jun 26 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1118]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597270.
Jun 26 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30577]: pam_unix(cron:session): session closed for user root
Jun 26 15:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32401]: pam_unix(cron:session): session closed for user root
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1657]: Successful su for rubyman by root
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1657]: + ??? root:rubyman
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597274 of user rubyman.
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1657]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597274.
Jun 26 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session closed for user root
Jun 26 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1579]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[588]: pam_unix(cron:session): session closed for user root
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2078]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2076]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2142]: Successful su for rubyman by root
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2142]: + ??? root:rubyman
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597278 of user rubyman.
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2142]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597278.
Jun 26 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session closed for user root
Jun 26 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2077]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1027]: pam_unix(cron:session): session closed for user root
Jun 26 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2456]: Received disconnect from 104.194.9.81 port 37514:11: disconnected by user [preauth]
Jun 26 15:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2456]: Disconnected from 104.194.9.81 port 37514 [preauth]
Jun 26 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2516]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2515]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2514]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2513]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2516]: pam_unix(cron:session): session closed for user root
Jun 26 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2593]: Successful su for rubyman by root
Jun 26 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2593]: + ??? root:rubyman
Jun 26 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597285 of user rubyman.
Jun 26 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2593]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597285.
Jun 26 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2513]: pam_unix(cron:session): session closed for user root
Jun 26 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31996]: pam_unix(cron:session): session closed for user root
Jun 26 15:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2512]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Did not receive identification string from 129.222.172.38
Jun 26 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1581]: pam_unix(cron:session): session closed for user root
Jun 26 15:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 15:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Failed password for root from 202.178.126.219 port 28513 ssh2
Jun 26 15:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Connection closed by 202.178.126.219 port 28513 [preauth]
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2962]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2959]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3028]: Successful su for rubyman by root
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3028]: + ??? root:rubyman
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597290 of user rubyman.
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3028]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597290.
Jun 26 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32400]: pam_unix(cron:session): session closed for user root
Jun 26 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2960]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2079]: pam_unix(cron:session): session closed for user root
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3355]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3356]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3353]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3411]: Successful su for rubyman by root
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3411]: + ??? root:rubyman
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597294 of user rubyman.
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3411]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597294.
Jun 26 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[587]: pam_unix(cron:session): session closed for user root
Jun 26 15:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3354]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2515]: pam_unix(cron:session): session closed for user root
Jun 26 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3858]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3859]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3855]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: Successful su for rubyman by root
Jun 26 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: + ??? root:rubyman
Jun 26 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597297 of user rubyman.
Jun 26 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597297.
Jun 26 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1025]: pam_unix(cron:session): session closed for user root
Jun 26 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3857]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2962]: pam_unix(cron:session): session closed for user root
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4363]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4361]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: Successful su for rubyman by root
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: + ??? root:rubyman
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597301 of user rubyman.
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597301.
Jun 26 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4359]: pam_unix(cron:session): session closed for user root
Jun 26 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session closed for user root
Jun 26 15:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3356]: pam_unix(cron:session): session closed for user root
Jun 26 15:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 15:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 15:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Failed password for root from 77.94.47.83 port 45608 ssh2
Jun 26 15:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Connection closed by 77.94.47.83 port 45608 [preauth]
Jun 26 15:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: Failed password for root from 103.176.20.57 port 37980 ssh2
Jun 26 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: Connection closed by 103.176.20.57 port 37980 [preauth]
Jun 26 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4973]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4972]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4974]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4974]: pam_unix(cron:session): session closed for user root
Jun 26 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4968]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5033]: Successful su for rubyman by root
Jun 26 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5033]: + ??? root:rubyman
Jun 26 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597305 of user rubyman.
Jun 26 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5033]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597305.
Jun 26 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4971]: pam_unix(cron:session): session closed for user root
Jun 26 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2078]: pam_unix(cron:session): session closed for user root
Jun 26 15:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3859]: pam_unix(cron:session): session closed for user root
Jun 26 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5479]: Successful su for rubyman by root
Jun 26 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5479]: + ??? root:rubyman
Jun 26 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597311 of user rubyman.
Jun 26 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5479]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597311.
Jun 26 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2514]: pam_unix(cron:session): session closed for user root
Jun 26 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session closed for user root
Jun 26 15:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 26 15:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 15:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Failed password for root from 176.32.39.21 port 48948 ssh2
Jun 26 15:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Connection closed by 176.32.39.21 port 48948 [preauth]
Jun 26 15:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: Failed password for root from 103.172.78.219 port 48258 ssh2
Jun 26 15:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: Connection closed by 103.172.78.219 port 48258 [preauth]
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5805]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: Successful su for rubyman by root
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: + ??? root:rubyman
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597315 of user rubyman.
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597315.
Jun 26 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2961]: pam_unix(cron:session): session closed for user root
Jun 26 15:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5806]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4973]: pam_unix(cron:session): session closed for user root
Jun 26 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6192]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6253]: Successful su for rubyman by root
Jun 26 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6253]: + ??? root:rubyman
Jun 26 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597319 of user rubyman.
Jun 26 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6253]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597319.
Jun 26 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3355]: pam_unix(cron:session): session closed for user root
Jun 26 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6193]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session closed for user root
Jun 26 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6581]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6582]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6579]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6647]: Successful su for rubyman by root
Jun 26 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6647]: + ??? root:rubyman
Jun 26 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597325 of user rubyman.
Jun 26 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6647]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597325.
Jun 26 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3858]: pam_unix(cron:session): session closed for user root
Jun 26 15:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6580]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5808]: pam_unix(cron:session): session closed for user root
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7035]: pam_unix(cron:session): session closed for user root
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7027]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: Successful su for rubyman by root
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: + ??? root:rubyman
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597330 of user rubyman.
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597330.
Jun 26 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7030]: pam_unix(cron:session): session closed for user root
Jun 26 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4363]: pam_unix(cron:session): session closed for user root
Jun 26 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6195]: pam_unix(cron:session): session closed for user root
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7918]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7915]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7979]: Successful su for rubyman by root
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7979]: + ??? root:rubyman
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597333 of user rubyman.
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7979]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597333.
Jun 26 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4972]: pam_unix(cron:session): session closed for user root
Jun 26 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7916]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6582]: pam_unix(cron:session): session closed for user root
Jun 26 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8310]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session closed for user root
Jun 26 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8371]: Successful su for rubyman by root
Jun 26 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8371]: + ??? root:rubyman
Jun 26 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597338 of user rubyman.
Jun 26 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8371]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597338.
Jun 26 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session closed for user root
Jun 26 15:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Invalid user testuser from 193.46.255.86
Jun 26 15:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: input_userauth_request: invalid user testuser [preauth]
Jun 26 15:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 15:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Failed password for invalid user testuser from 193.46.255.86 port 21644 ssh2
Jun 26 15:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Failed password for invalid user testuser from 193.46.255.86 port 21644 ssh2
Jun 26 15:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Failed password for invalid user testuser from 193.46.255.86 port 21644 ssh2
Jun 26 15:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Connection closed by 193.46.255.86 port 21644 [preauth]
Jun 26 15:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 15:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7034]: pam_unix(cron:session): session closed for user root
Jun 26 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8728]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8729]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8726]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8787]: Successful su for rubyman by root
Jun 26 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8787]: + ??? root:rubyman
Jun 26 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597342 of user rubyman.
Jun 26 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8787]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597342.
Jun 26 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session closed for user root
Jun 26 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8727]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7918]: pam_unix(cron:session): session closed for user root
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9177]: Successful su for rubyman by root
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9177]: + ??? root:rubyman
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597346 of user rubyman.
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9177]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597346.
Jun 26 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6194]: pam_unix(cron:session): session closed for user root
Jun 26 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9119]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session closed for user root
Jun 26 15:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session closed for user root
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9504]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: Successful su for rubyman by root
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: + ??? root:rubyman
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597350 of user rubyman.
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597350.
Jun 26 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Failed password for root from 45.148.10.121 port 52268 ssh2
Jun 26 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Connection closed by 45.148.10.121 port 52268 [preauth]
Jun 26 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session closed for user root
Jun 26 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6581]: pam_unix(cron:session): session closed for user root
Jun 26 15:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8729]: pam_unix(cron:session): session closed for user root
Jun 26 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10107]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10106]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10104]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10180]: Successful su for rubyman by root
Jun 26 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10180]: + ??? root:rubyman
Jun 26 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597357 of user rubyman.
Jun 26 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10180]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597357.
Jun 26 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7031]: pam_unix(cron:session): session closed for user root
Jun 26 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10105]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session closed for user root
Jun 26 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 15:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: Failed password for root from 103.77.242.62 port 47038 ssh2
Jun 26 15:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: Connection closed by 103.77.242.62 port 47038 [preauth]
Jun 26 15:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Invalid user rhonda from 2.57.121.112
Jun 26 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: input_userauth_request: invalid user rhonda [preauth]
Jun 26 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Failed password for invalid user rhonda from 2.57.121.112 port 64828 ssh2
Jun 26 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10615]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10616]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10613]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10681]: Successful su for rubyman by root
Jun 26 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10681]: + ??? root:rubyman
Jun 26 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597362 of user rubyman.
Jun 26 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10681]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597362.
Jun 26 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Failed password for invalid user rhonda from 2.57.121.112 port 64828 ssh2
Jun 26 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7917]: pam_unix(cron:session): session closed for user root
Jun 26 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Failed password for invalid user rhonda from 2.57.121.112 port 64828 ssh2
Jun 26 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10614]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Failed password for invalid user rhonda from 2.57.121.112 port 64828 ssh2
Jun 26 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Connection closed by 2.57.121.112 port 64828 [preauth]
Jun 26 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: PAM service(sshd) ignoring max retries; 4 > 3
Jun 26 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: Invalid user rhonda from 2.57.121.112
Jun 26 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: input_userauth_request: invalid user rhonda [preauth]
Jun 26 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 15:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: Failed password for invalid user rhonda from 2.57.121.112 port 6646 ssh2
Jun 26 15:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: Connection closed by 2.57.121.112 port 6646 [preauth]
Jun 26 15:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 15:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: Failed password for root from 51.250.105.222 port 57066 ssh2
Jun 26 15:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: Connection closed by 51.250.105.222 port 57066 [preauth]
Jun 26 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session closed for user root
Jun 26 15:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 15:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11016]: Failed password for root from 103.82.20.28 port 37376 ssh2
Jun 26 15:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11016]: Connection closed by 103.82.20.28 port 37376 [preauth]
Jun 26 15:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11027]: Connection reset by 147.185.132.177 port 64670 [preauth]
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11042]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11039]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11105]: Successful su for rubyman by root
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11105]: + ??? root:rubyman
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597364 of user rubyman.
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11105]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597364.
Jun 26 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8310]: pam_unix(cron:session): session closed for user root
Jun 26 15:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11040]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10107]: pam_unix(cron:session): session closed for user root
Jun 26 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11460]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11459]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11456]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11531]: Successful su for rubyman by root
Jun 26 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11531]: + ??? root:rubyman
Jun 26 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597369 of user rubyman.
Jun 26 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11531]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597369.
Jun 26 15:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8728]: pam_unix(cron:session): session closed for user root
Jun 26 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11458]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10616]: pam_unix(cron:session): session closed for user root
Jun 26 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11903]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session closed for user root
Jun 26 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11898]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11995]: Successful su for rubyman by root
Jun 26 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11995]: + ??? root:rubyman
Jun 26 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597377 of user rubyman.
Jun 26 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11995]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597377.
Jun 26 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session closed for user root
Jun 26 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9121]: pam_unix(cron:session): session closed for user root
Jun 26 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11899]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11042]: pam_unix(cron:session): session closed for user root
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12538]: Successful su for rubyman by root
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12538]: + ??? root:rubyman
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597378 of user rubyman.
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12538]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597378.
Jun 26 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Invalid user reza from 141.98.83.240
Jun 26 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: input_userauth_request: invalid user reza [preauth]
Jun 26 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session closed for user root
Jun 26 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Failed password for invalid user reza from 141.98.83.240 port 3280 ssh2
Jun 26 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Failed password for invalid user reza from 141.98.83.240 port 3280 ssh2
Jun 26 15:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Failed password for invalid user reza from 141.98.83.240 port 3280 ssh2
Jun 26 15:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Connection closed by 141.98.83.240 port 3280 [preauth]
Jun 26 15:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 15:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: Received disconnect from 176.65.131.189 port 9244:11: disconnected by user [preauth]
Jun 26 15:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: Disconnected from 176.65.131.189 port 9244 [preauth]
Jun 26 15:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11460]: pam_unix(cron:session): session closed for user root
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12895]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12892]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12952]: Successful su for rubyman by root
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12952]: + ??? root:rubyman
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597382 of user rubyman.
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12952]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597382.
Jun 26 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10106]: pam_unix(cron:session): session closed for user root
Jun 26 15:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12893]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 15:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Failed password for root from 103.122.221.179 port 51628 ssh2
Jun 26 15:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13150]: Connection closed by 103.122.221.179 port 51628 [preauth]
Jun 26 15:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session closed for user root
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13304]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13367]: Successful su for rubyman by root
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13367]: + ??? root:rubyman
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597387 of user rubyman.
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13367]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597387.
Jun 26 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10615]: pam_unix(cron:session): session closed for user root
Jun 26 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13305]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session closed for user root
Jun 26 15:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 15:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: Failed password for root from 103.27.238.120 port 42916 ssh2
Jun 26 15:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: Connection closed by 103.27.238.120 port 42916 [preauth]
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13770]: Successful su for rubyman by root
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13770]: + ??? root:rubyman
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597391 of user rubyman.
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13770]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597391.
Jun 26 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session closed for user root
Jun 26 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13701]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12895]: pam_unix(cron:session): session closed for user root
Jun 26 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14042]: Failed password for root from 103.153.68.219 port 56160 ssh2
Jun 26 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14042]: Connection closed by 103.153.68.219 port 56160 [preauth]
Jun 26 15:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: Failed password for root from 103.149.28.157 port 34314 ssh2
Jun 26 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: Connection closed by 103.149.28.157 port 34314 [preauth]
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14115]: pam_unix(cron:session): session closed for user root
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14110]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14179]: Successful su for rubyman by root
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14179]: + ??? root:rubyman
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597399 of user rubyman.
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14179]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597399.
Jun 26 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14112]: pam_unix(cron:session): session closed for user root
Jun 26 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11459]: pam_unix(cron:session): session closed for user root
Jun 26 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14111]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Received disconnect from 212.192.240.10 port 57270:11: disconnected by user [preauth]
Jun 26 15:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Disconnected from 212.192.240.10 port 57270 [preauth]
Jun 26 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13307]: pam_unix(cron:session): session closed for user root
Jun 26 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14480]: Connection closed by 194.59.206.2 port 52694 [preauth]
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14531]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14528]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14595]: Successful su for rubyman by root
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14595]: + ??? root:rubyman
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597402 of user rubyman.
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14595]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597402.
Jun 26 15:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11903]: pam_unix(cron:session): session closed for user root
Jun 26 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14529]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 15:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: Failed password for root from 38.93.206.2 port 5852 ssh2
Jun 26 15:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: Connection closed by 38.93.206.2 port 5852 [preauth]
Jun 26 15:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13703]: pam_unix(cron:session): session closed for user root
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15031]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15094]: Successful su for rubyman by root
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15094]: + ??? root:rubyman
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597405 of user rubyman.
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15094]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597405.
Jun 26 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session closed for user root
Jun 26 15:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15032]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15320]: Received disconnect from 212.192.240.10 port 33904:11: disconnected by user [preauth]
Jun 26 15:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15320]: Disconnected from 212.192.240.10 port 33904 [preauth]
Jun 26 15:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14114]: pam_unix(cron:session): session closed for user root
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15426]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15427]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15424]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15482]: Successful su for rubyman by root
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15482]: + ??? root:rubyman
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597409 of user rubyman.
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15482]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597409.
Jun 26 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12894]: pam_unix(cron:session): session closed for user root
Jun 26 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15425]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14531]: pam_unix(cron:session): session closed for user root
Jun 26 15:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Invalid user admin from 2.57.121.25
Jun 26 15:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: input_userauth_request: invalid user admin [preauth]
Jun 26 15:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 15:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Failed password for invalid user admin from 2.57.121.25 port 21222 ssh2
Jun 26 15:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Failed password for invalid user admin from 2.57.121.25 port 21222 ssh2
Jun 26 15:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Failed password for invalid user admin from 2.57.121.25 port 21222 ssh2
Jun 26 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Connection closed by 2.57.121.25 port 21222 [preauth]
Jun 26 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: Connection closed by 66.132.172.189 port 19360 [preauth]
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15817]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15873]: Successful su for rubyman by root
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15873]: + ??? root:rubyman
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597412 of user rubyman.
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15873]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597412.
Jun 26 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13306]: pam_unix(cron:session): session closed for user root
Jun 26 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15035]: pam_unix(cron:session): session closed for user root
Jun 26 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16207]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session closed for user root
Jun 26 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16205]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16271]: Successful su for rubyman by root
Jun 26 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16271]: + ??? root:rubyman
Jun 26 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597417 of user rubyman.
Jun 26 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16271]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597417.
Jun 26 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16207]: pam_unix(cron:session): session closed for user root
Jun 26 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13702]: pam_unix(cron:session): session closed for user root
Jun 26 15:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16206]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15427]: pam_unix(cron:session): session closed for user root
Jun 26 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16691]: Successful su for rubyman by root
Jun 26 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16691]: + ??? root:rubyman
Jun 26 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597423 of user rubyman.
Jun 26 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16691]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597423.
Jun 26 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14113]: pam_unix(cron:session): session closed for user root
Jun 26 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16623]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15817]: pam_unix(cron:session): session closed for user root
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17122]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17180]: Successful su for rubyman by root
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17180]: + ??? root:rubyman
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597426 of user rubyman.
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17180]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597426.
Jun 26 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session closed for user root
Jun 26 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17123]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session closed for user root
Jun 26 15:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 26 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Received disconnect from 139.180.163.29 port 46402:11: disconnected by user [preauth]
Jun 26 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Disconnected from 139.180.163.29 port 46402 [preauth]
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17539]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17536]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17596]: Successful su for rubyman by root
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17596]: + ??? root:rubyman
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597432 of user rubyman.
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17596]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597432.
Jun 26 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15034]: pam_unix(cron:session): session closed for user root
Jun 26 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17537]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 15:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: Failed password for root from 193.37.70.224 port 33378 ssh2
Jun 26 15:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17891]: Connection closed by 193.37.70.224 port 33378 [preauth]
Jun 26 15:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16626]: pam_unix(cron:session): session closed for user root
Jun 26 15:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 15:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Failed password for root from 62.133.62.83 port 35850 ssh2
Jun 26 15:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Connection closed by 62.133.62.83 port 35850 [preauth]
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18043]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18045]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: Successful su for rubyman by root
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: + ??? root:rubyman
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597434 of user rubyman.
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597434.
Jun 26 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18043]: pam_unix(cron:session): session closed for user root
Jun 26 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15426]: pam_unix(cron:session): session closed for user root
Jun 26 15:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18047]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17125]: pam_unix(cron:session): session closed for user root
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18641]: pam_unix(cron:session): session closed for user root
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18712]: Successful su for rubyman by root
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18712]: + ??? root:rubyman
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597440 of user rubyman.
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18712]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597440.
Jun 26 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session closed for user root
Jun 26 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session closed for user root
Jun 26 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18637]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17539]: pam_unix(cron:session): session closed for user root
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19086]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19082]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: Successful su for rubyman by root
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: + ??? root:rubyman
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597445 of user rubyman.
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597445.
Jun 26 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session closed for user root
Jun 26 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19083]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18049]: pam_unix(cron:session): session closed for user root
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19796]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19793]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19870]: Successful su for rubyman by root
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19870]: + ??? root:rubyman
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597450 of user rubyman.
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19870]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597450.
Jun 26 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16625]: pam_unix(cron:session): session closed for user root
Jun 26 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18640]: pam_unix(cron:session): session closed for user root
Jun 26 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20292]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20360]: Successful su for rubyman by root
Jun 26 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20360]: + ??? root:rubyman
Jun 26 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597453 of user rubyman.
Jun 26 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20360]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597453.
Jun 26 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17124]: pam_unix(cron:session): session closed for user root
Jun 26 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20293]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19086]: pam_unix(cron:session): session closed for user root
Jun 26 15:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.211.215  user=root
Jun 26 15:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: Failed password for root from 147.45.211.215 port 57448 ssh2
Jun 26 15:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: Connection closed by 147.45.211.215 port 57448 [preauth]
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20795]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20857]: Successful su for rubyman by root
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20857]: + ??? root:rubyman
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597457 of user rubyman.
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20857]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597457.
Jun 26 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17538]: pam_unix(cron:session): session closed for user root
Jun 26 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19797]: pam_unix(cron:session): session closed for user root
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21227]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21227]: pam_unix(cron:session): session closed for user root
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21291]: Successful su for rubyman by root
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21291]: + ??? root:rubyman
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597461 of user rubyman.
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21291]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597461.
Jun 26 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session closed for user root
Jun 26 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18048]: pam_unix(cron:session): session closed for user root
Jun 26 15:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21223]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session closed for user root
Jun 26 15:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Failed password for root from 194.113.233.25 port 56230 ssh2
Jun 26 15:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Connection closed by 194.113.233.25 port 56230 [preauth]
Jun 26 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21687]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21686]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21754]: Successful su for rubyman by root
Jun 26 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21754]: + ??? root:rubyman
Jun 26 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597468 of user rubyman.
Jun 26 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21754]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597468.
Jun 26 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session closed for user root
Jun 26 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21685]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 15:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21960]: Failed password for root from 103.77.175.15 port 35746 ssh2
Jun 26 15:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21960]: Connection closed by 103.77.175.15 port 35746 [preauth]
Jun 26 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session closed for user root
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22095]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22158]: Successful su for rubyman by root
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22158]: + ??? root:rubyman
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597473 of user rubyman.
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22158]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597473.
Jun 26 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19084]: pam_unix(cron:session): session closed for user root
Jun 26 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22089]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session closed for user root
Jun 26 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 15:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: Failed password for root from 109.237.96.109 port 48450 ssh2
Jun 26 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22577]: Connection closed by 109.237.96.109 port 48450 [preauth]
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22591]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: Successful su for rubyman by root
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: + ??? root:rubyman
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597475 of user rubyman.
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597475.
Jun 26 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19796]: pam_unix(cron:session): session closed for user root
Jun 26 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21687]: pam_unix(cron:session): session closed for user root
Jun 26 15:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 15:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22976]: Failed password for root from 103.82.132.16 port 51234 ssh2
Jun 26 15:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22976]: Connection closed by 103.82.132.16 port 51234 [preauth]
Jun 26 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22999]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22998]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22995]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23054]: Successful su for rubyman by root
Jun 26 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23054]: + ??? root:rubyman
Jun 26 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597479 of user rubyman.
Jun 26 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23054]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597479.
Jun 26 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session closed for user root
Jun 26 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22997]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22095]: pam_unix(cron:session): session closed for user root
Jun 26 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23404]: Did not receive identification string from 91.92.40.24
Jun 26 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23412]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23408]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23412]: pam_unix(cron:session): session closed for user root
Jun 26 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23406]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23479]: Successful su for rubyman by root
Jun 26 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23479]: + ??? root:rubyman
Jun 26 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597485 of user rubyman.
Jun 26 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23479]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597485.
Jun 26 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23408]: pam_unix(cron:session): session closed for user root
Jun 26 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session closed for user root
Jun 26 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23407]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.24  user=root
Jun 26 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: Failed password for root from 91.92.40.24 port 61572 ssh2
Jun 26 15:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23742]: Connection closed by 91.92.40.24 port 61572 [preauth]
Jun 26 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session closed for user root
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23956]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23955]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23953]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24032]: Successful su for rubyman by root
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24032]: + ??? root:rubyman
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597490 of user rubyman.
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24032]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597490.
Jun 26 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session closed for user root
Jun 26 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23954]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.239  user=root
Jun 26 15:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Failed password for root from 45.148.10.239 port 34228 ssh2
Jun 26 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Connection closed by 45.148.10.239 port 34228 [preauth]
Jun 26 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22999]: pam_unix(cron:session): session closed for user root
Jun 26 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: Failed password for root from 141.98.83.240 port 60006 ssh2
Jun 26 15:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 60006 ssh2]
Jun 26 15:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: Connection closed by 141.98.83.240 port 60006 [preauth]
Jun 26 15:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24393]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24392]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24390]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24451]: Successful su for rubyman by root
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24451]: + ??? root:rubyman
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597493 of user rubyman.
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24451]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597493.
Jun 26 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21686]: pam_unix(cron:session): session closed for user root
Jun 26 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24391]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Invalid user ubnt from 45.148.10.121
Jun 26 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: input_userauth_request: invalid user ubnt [preauth]
Jun 26 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 15:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Failed password for invalid user ubnt from 45.148.10.121 port 55072 ssh2
Jun 26 15:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Connection closed by 45.148.10.121 port 55072 [preauth]
Jun 26 15:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Received disconnect from 50.7.233.211 port 6242:11: disconnected by user [preauth]
Jun 26 15:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Disconnected from 50.7.233.211 port 6242 [preauth]
Jun 26 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23411]: pam_unix(cron:session): session closed for user root
Jun 26 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24821]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24822]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24877]: Successful su for rubyman by root
Jun 26 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24877]: + ??? root:rubyman
Jun 26 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597497 of user rubyman.
Jun 26 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24877]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597497.
Jun 26 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session closed for user root
Jun 26 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24820]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23956]: pam_unix(cron:session): session closed for user root
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25276]: Successful su for rubyman by root
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25276]: + ??? root:rubyman
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597501 of user rubyman.
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25276]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597501.
Jun 26 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session closed for user root
Jun 26 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24393]: pam_unix(cron:session): session closed for user root
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session closed for user root
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25608]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25672]: Successful su for rubyman by root
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25672]: + ??? root:rubyman
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597505 of user rubyman.
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25672]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597505.
Jun 26 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session closed for user root
Jun 26 15:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22998]: pam_unix(cron:session): session closed for user root
Jun 26 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25609]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24822]: pam_unix(cron:session): session closed for user root
Jun 26 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 15:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Failed password for root from 87.251.79.125 port 46168 ssh2
Jun 26 15:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Connection closed by 87.251.79.125 port 46168 [preauth]
Jun 26 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26089]: Successful su for rubyman by root
Jun 26 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26089]: + ??? root:rubyman
Jun 26 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597511 of user rubyman.
Jun 26 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26089]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597511.
Jun 26 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23410]: pam_unix(cron:session): session closed for user root
Jun 26 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26024]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25219]: pam_unix(cron:session): session closed for user root
Jun 26 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26434]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26431]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26492]: Successful su for rubyman by root
Jun 26 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26492]: + ??? root:rubyman
Jun 26 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597516 of user rubyman.
Jun 26 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26492]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597516.
Jun 26 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23955]: pam_unix(cron:session): session closed for user root
Jun 26 15:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26432]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user root
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26913]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26911]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26975]: Successful su for rubyman by root
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26975]: + ??? root:rubyman
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597519 of user rubyman.
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26975]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597519.
Jun 26 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24392]: pam_unix(cron:session): session closed for user root
Jun 26 15:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26912]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 15:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 15:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27192]: Failed password for root from 147.45.199.80 port 40310 ssh2
Jun 26 15:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27192]: Connection closed by 147.45.199.80 port 40310 [preauth]
Jun 26 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26026]: pam_unix(cron:session): session closed for user root
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27331]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27328]: pam_unix(cron:session): session closed for user p13x
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27393]: Successful su for rubyman by root
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27393]: + ??? root:rubyman
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597524 of user rubyman.
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27393]: pam_unix(su:session): session closed for user rubyman
Jun 26 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597524.
Jun 26 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24821]: pam_unix(cron:session): session closed for user root
Jun 26 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27329]: pam_unix(cron:session): session closed for user samftp
Jun 26 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26434]: pam_unix(cron:session): session closed for user root
Jun 26 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27747]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27750]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27746]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27751]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27749]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27751]: pam_unix(cron:session): session closed for user root
Jun 26 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27746]: pam_unix(cron:session): session closed for user root
Jun 26 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27744]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27834]: Successful su for rubyman by root
Jun 26 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27834]: + ??? root:rubyman
Jun 26 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597528 of user rubyman.
Jun 26 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27834]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597528.
Jun 26 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27747]: pam_unix(cron:session): session closed for user root
Jun 26 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25218]: pam_unix(cron:session): session closed for user root
Jun 26 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27745]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26914]: pam_unix(cron:session): session closed for user root
Jun 26 16:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28291]: Received disconnect from 94.250.61.10 port 38074:11: disconnected by user [preauth]
Jun 26 16:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28291]: Disconnected from 94.250.61.10 port 38074 [preauth]
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28304]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28302]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28369]: Successful su for rubyman by root
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28369]: + ??? root:rubyman
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597534 of user rubyman.
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28369]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597534.
Jun 26 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session closed for user root
Jun 26 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27331]: pam_unix(cron:session): session closed for user root
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28798]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28859]: Successful su for rubyman by root
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28859]: + ??? root:rubyman
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597539 of user rubyman.
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28859]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597539.
Jun 26 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26025]: pam_unix(cron:session): session closed for user root
Jun 26 16:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27750]: pam_unix(cron:session): session closed for user root
Jun 26 16:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 16:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: Failed password for root from 103.27.238.114 port 60188 ssh2
Jun 26 16:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: Connection closed by 103.27.238.114 port 60188 [preauth]
Jun 26 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29230]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29231]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29228]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29305]: Successful su for rubyman by root
Jun 26 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29305]: + ??? root:rubyman
Jun 26 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597544 of user rubyman.
Jun 26 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29305]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597544.
Jun 26 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26433]: pam_unix(cron:session): session closed for user root
Jun 26 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29229]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session closed for user root
Jun 26 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29679]: Received disconnect from 89.163.206.178 port 37806:11: disconnected by user [preauth]
Jun 26 16:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29679]: Disconnected from 89.163.206.178 port 37806 [preauth]
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29767]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29834]: Successful su for rubyman by root
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29834]: + ??? root:rubyman
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597546 of user rubyman.
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29834]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597546.
Jun 26 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26913]: pam_unix(cron:session): session closed for user root
Jun 26 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 16:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30055]: Failed password for root from 80.66.85.226 port 50346 ssh2
Jun 26 16:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30055]: Connection closed by 80.66.85.226 port 50346 [preauth]
Jun 26 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28801]: pam_unix(cron:session): session closed for user root
Jun 26 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30196]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30195]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session closed for user root
Jun 26 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30193]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30262]: Successful su for rubyman by root
Jun 26 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30262]: + ??? root:rubyman
Jun 26 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597551 of user rubyman.
Jun 26 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30262]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597551.
Jun 26 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30195]: pam_unix(cron:session): session closed for user root
Jun 26 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session closed for user root
Jun 26 16:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30194]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29231]: pam_unix(cron:session): session closed for user root
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30639]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30637]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30705]: Successful su for rubyman by root
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30705]: + ??? root:rubyman
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597557 of user rubyman.
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30705]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597557.
Jun 26 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27749]: pam_unix(cron:session): session closed for user root
Jun 26 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30638]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29767]: pam_unix(cron:session): session closed for user root
Jun 26 16:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: Invalid user admin from 193.46.255.86
Jun 26 16:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: input_userauth_request: invalid user admin [preauth]
Jun 26 16:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 16:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: Failed password for invalid user admin from 193.46.255.86 port 47192 ssh2
Jun 26 16:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31148]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31203]: Successful su for rubyman by root
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31203]: + ??? root:rubyman
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597561 of user rubyman.
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31203]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597561.
Jun 26 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: Failed password for invalid user admin from 193.46.255.86 port 47192 ssh2
Jun 26 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28304]: pam_unix(cron:session): session closed for user root
Jun 26 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: Failed password for invalid user admin from 193.46.255.86 port 47192 ssh2
Jun 26 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: Connection closed by 193.46.255.86 port 47192 [preauth]
Jun 26 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31147]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session closed for user root
Jun 26 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31550]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31700]: Successful su for rubyman by root
Jun 26 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31700]: + ??? root:rubyman
Jun 26 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597564 of user rubyman.
Jun 26 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31700]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597564.
Jun 26 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session closed for user root
Jun 26 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31552]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30640]: pam_unix(cron:session): session closed for user root
Jun 26 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32055]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32049]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32051]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32188]: Successful su for rubyman by root
Jun 26 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32188]: + ??? root:rubyman
Jun 26 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597568 of user rubyman.
Jun 26 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32188]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597568.
Jun 26 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32049]: pam_unix(cron:session): session closed for user root
Jun 26 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29230]: pam_unix(cron:session): session closed for user root
Jun 26 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32052]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session closed for user root
Jun 26 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32555]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session closed for user root
Jun 26 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32552]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32621]: Successful su for rubyman by root
Jun 26 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32621]: + ??? root:rubyman
Jun 26 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597574 of user rubyman.
Jun 26 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32621]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597574.
Jun 26 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session closed for user root
Jun 26 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session closed for user root
Jun 26 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32553]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31555]: pam_unix(cron:session): session closed for user root
Jun 26 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[671]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[669]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[740]: Successful su for rubyman by root
Jun 26 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[740]: + ??? root:rubyman
Jun 26 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597580 of user rubyman.
Jun 26 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[740]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597580.
Jun 26 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30196]: pam_unix(cron:session): session closed for user root
Jun 26 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[670]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: Received disconnect from 62.210.189.225 port 61288:11: disconnected by user [preauth]
Jun 26 16:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[980]: Disconnected from 62.210.189.225 port 61288 [preauth]
Jun 26 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32056]: pam_unix(cron:session): session closed for user root
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1132]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1131]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1129]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1192]: Successful su for rubyman by root
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1192]: + ??? root:rubyman
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597584 of user rubyman.
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1192]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597584.
Jun 26 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30639]: pam_unix(cron:session): session closed for user root
Jun 26 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1130]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session closed for user root
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1682]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1677]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1758]: Successful su for rubyman by root
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1758]: + ??? root:rubyman
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597588 of user rubyman.
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1758]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597588.
Jun 26 16:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31148]: pam_unix(cron:session): session closed for user root
Jun 26 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1678]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 16:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Failed password for root from 38.93.206.2 port 48014 ssh2
Jun 26 16:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Connection closed by 38.93.206.2 port 48014 [preauth]
Jun 26 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[672]: pam_unix(cron:session): session closed for user root
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2177]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2178]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: Successful su for rubyman by root
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: + ??? root:rubyman
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597592 of user rubyman.
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597592.
Jun 26 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31554]: pam_unix(cron:session): session closed for user root
Jun 26 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2176]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 16:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Failed password for root from 103.15.222.183 port 57478 ssh2
Jun 26 16:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2473]: Connection closed by 103.15.222.183 port 57478 [preauth]
Jun 26 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1132]: pam_unix(cron:session): session closed for user root
Jun 26 16:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Invalid user admin from 195.96.138.233
Jun 26 16:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: input_userauth_request: invalid user admin [preauth]
Jun 26 16:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.96.138.233
Jun 26 16:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Failed password for invalid user admin from 195.96.138.233 port 56276 ssh2
Jun 26 16:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Connection closed by 195.96.138.233 port 56276 [preauth]
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2609]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2611]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2611]: pam_unix(cron:session): session closed for user root
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2606]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2673]: Successful su for rubyman by root
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2673]: + ??? root:rubyman
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597600 of user rubyman.
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2673]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597600.
Jun 26 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session closed for user root
Jun 26 16:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32055]: pam_unix(cron:session): session closed for user root
Jun 26 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2607]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1682]: pam_unix(cron:session): session closed for user root
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3034]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3105]: Successful su for rubyman by root
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3105]: + ??? root:rubyman
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597602 of user rubyman.
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3105]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597602.
Jun 26 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32555]: pam_unix(cron:session): session closed for user root
Jun 26 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2178]: pam_unix(cron:session): session closed for user root
Jun 26 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Received disconnect from 62.210.207.172 port 41878:11: disconnected by user [preauth]
Jun 26 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Disconnected from 62.210.207.172 port 41878 [preauth]
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3437]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3433]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3433]: pam_unix(cron:session): session closed for user root
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3435]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: Successful su for rubyman by root
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: + ??? root:rubyman
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597605 of user rubyman.
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3503]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597605.
Jun 26 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[671]: pam_unix(cron:session): session closed for user root
Jun 26 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3436]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: Invalid user admin from 141.98.83.240
Jun 26 16:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: input_userauth_request: invalid user admin [preauth]
Jun 26 16:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 16:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: Failed password for invalid user admin from 141.98.83.240 port 50792 ssh2
Jun 26 16:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: Failed password for invalid user admin from 141.98.83.240 port 50792 ssh2
Jun 26 16:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: Failed password for invalid user admin from 141.98.83.240 port 50792 ssh2
Jun 26 16:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: Connection closed by 141.98.83.240 port 50792 [preauth]
Jun 26 16:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 16:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session closed for user root
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4010]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4015]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4008]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: Successful su for rubyman by root
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: + ??? root:rubyman
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597610 of user rubyman.
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597610.
Jun 26 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1131]: pam_unix(cron:session): session closed for user root
Jun 26 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4009]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3037]: pam_unix(cron:session): session closed for user root
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4444]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4445]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4442]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: Successful su for rubyman by root
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: + ??? root:rubyman
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597615 of user rubyman.
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597615.
Jun 26 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1679]: pam_unix(cron:session): session closed for user root
Jun 26 16:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4443]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session closed for user root
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4968]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session closed for user root
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5029]: Successful su for rubyman by root
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5029]: + ??? root:rubyman
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597622 of user rubyman.
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5029]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597622.
Jun 26 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4966]: pam_unix(cron:session): session closed for user root
Jun 26 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2177]: pam_unix(cron:session): session closed for user root
Jun 26 16:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4965]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 16:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Failed password for root from 103.27.238.116 port 36030 ssh2
Jun 26 16:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Connection closed by 103.27.238.116 port 36030 [preauth]
Jun 26 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4015]: pam_unix(cron:session): session closed for user root
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5469]: Successful su for rubyman by root
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5469]: + ??? root:rubyman
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597625 of user rubyman.
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5469]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597625.
Jun 26 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2609]: pam_unix(cron:session): session closed for user root
Jun 26 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5402]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4445]: pam_unix(cron:session): session closed for user root
Jun 26 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: Connection closed by 45.148.10.121 port 36116 [preauth]
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5792]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5868]: Successful su for rubyman by root
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5868]: + ??? root:rubyman
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597629 of user rubyman.
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5868]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597629.
Jun 26 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session closed for user root
Jun 26 16:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5793]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4968]: pam_unix(cron:session): session closed for user root
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6194]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6191]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6252]: Successful su for rubyman by root
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6252]: + ??? root:rubyman
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597632 of user rubyman.
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6252]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597632.
Jun 26 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3437]: pam_unix(cron:session): session closed for user root
Jun 26 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6192]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5404]: pam_unix(cron:session): session closed for user root
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6577]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6578]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6575]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6639]: Successful su for rubyman by root
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6639]: + ??? root:rubyman
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597636 of user rubyman.
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6639]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597636.
Jun 26 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4010]: pam_unix(cron:session): session closed for user root
Jun 26 16:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6576]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5795]: pam_unix(cron:session): session closed for user root
Jun 26 16:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.110.201  user=root
Jun 26 16:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: Failed password for root from 94.159.110.201 port 59408 ssh2
Jun 26 16:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6981]: Connection closed by 94.159.110.201 port 59408 [preauth]
Jun 26 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7035]: pam_unix(cron:session): session closed for user root
Jun 26 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7027]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: Successful su for rubyman by root
Jun 26 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: + ??? root:rubyman
Jun 26 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597642 of user rubyman.
Jun 26 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597642.
Jun 26 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7030]: pam_unix(cron:session): session closed for user root
Jun 26 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4444]: pam_unix(cron:session): session closed for user root
Jun 26 16:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7028]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Invalid user admin from 139.19.117.131
Jun 26 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: input_userauth_request: invalid user admin [preauth]
Jun 26 16:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Connection closed by 139.19.117.131 port 43672 [preauth]
Jun 26 16:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6194]: pam_unix(cron:session): session closed for user root
Jun 26 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7520]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7521]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7518]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7594]: Successful su for rubyman by root
Jun 26 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7594]: + ??? root:rubyman
Jun 26 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597648 of user rubyman.
Jun 26 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7594]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597648.
Jun 26 16:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4967]: pam_unix(cron:session): session closed for user root
Jun 26 16:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7519]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 26 16:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: Failed password for root from 46.19.67.181 port 50926 ssh2
Jun 26 16:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: Connection closed by 46.19.67.181 port 50926 [preauth]
Jun 26 16:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6578]: pam_unix(cron:session): session closed for user root
Jun 26 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8010]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8072]: Successful su for rubyman by root
Jun 26 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8072]: + ??? root:rubyman
Jun 26 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597650 of user rubyman.
Jun 26 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8072]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597650.
Jun 26 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5403]: pam_unix(cron:session): session closed for user root
Jun 26 16:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8011]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7034]: pam_unix(cron:session): session closed for user root
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8403]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8402]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8400]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8462]: Successful su for rubyman by root
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8462]: + ??? root:rubyman
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597654 of user rubyman.
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8462]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597654.
Jun 26 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session closed for user root
Jun 26 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8401]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7521]: pam_unix(cron:session): session closed for user root
Jun 26 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8866]: Successful su for rubyman by root
Jun 26 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8866]: + ??? root:rubyman
Jun 26 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597658 of user rubyman.
Jun 26 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8866]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597658.
Jun 26 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6193]: pam_unix(cron:session): session closed for user root
Jun 26 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: Invalid user admin from 2.57.121.25
Jun 26 16:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: input_userauth_request: invalid user admin [preauth]
Jun 26 16:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 16:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: Failed password for invalid user admin from 2.57.121.25 port 55362 ssh2
Jun 26 16:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: Failed password for invalid user admin from 2.57.121.25 port 55362 ssh2
Jun 26 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: Failed password for invalid user admin from 2.57.121.25 port 55362 ssh2
Jun 26 16:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: Connection closed by 2.57.121.25 port 55362 [preauth]
Jun 26 16:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8014]: pam_unix(cron:session): session closed for user root
Jun 26 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9201]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9204]: pam_unix(cron:session): session closed for user root
Jun 26 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9199]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9270]: Successful su for rubyman by root
Jun 26 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9270]: + ??? root:rubyman
Jun 26 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597665 of user rubyman.
Jun 26 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9270]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597665.
Jun 26 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9201]: pam_unix(cron:session): session closed for user root
Jun 26 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6577]: pam_unix(cron:session): session closed for user root
Jun 26 16:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9200]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: Did not receive identification string from 91.92.40.176
Jun 26 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8403]: pam_unix(cron:session): session closed for user root
Jun 26 16:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: Connection closed by 194.59.206.2 port 30482 [preauth]
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9625]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9618]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9687]: Successful su for rubyman by root
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9687]: + ??? root:rubyman
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597668 of user rubyman.
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9687]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597668.
Jun 26 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7031]: pam_unix(cron:session): session closed for user root
Jun 26 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9619]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session closed for user root
Jun 26 16:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Failed password for root from 77.94.47.83 port 46122 ssh2
Jun 26 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10145]: Connection closed by 77.94.47.83 port 46122 [preauth]
Jun 26 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10214]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10211]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10360]: Successful su for rubyman by root
Jun 26 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10360]: + ??? root:rubyman
Jun 26 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597672 of user rubyman.
Jun 26 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10360]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597672.
Jun 26 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7520]: pam_unix(cron:session): session closed for user root
Jun 26 16:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10212]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9203]: pam_unix(cron:session): session closed for user root
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10702]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10703]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10700]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10769]: Successful su for rubyman by root
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10769]: + ??? root:rubyman
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597677 of user rubyman.
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10769]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597677.
Jun 26 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8013]: pam_unix(cron:session): session closed for user root
Jun 26 16:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10701]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9625]: pam_unix(cron:session): session closed for user root
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11117]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11114]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11179]: Successful su for rubyman by root
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11179]: + ??? root:rubyman
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597681 of user rubyman.
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11179]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597681.
Jun 26 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8402]: pam_unix(cron:session): session closed for user root
Jun 26 16:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11115]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10214]: pam_unix(cron:session): session closed for user root
Jun 26 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11543]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11545]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11546]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11544]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11546]: pam_unix(cron:session): session closed for user root
Jun 26 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11541]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11608]: Successful su for rubyman by root
Jun 26 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11608]: + ??? root:rubyman
Jun 26 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597687 of user rubyman.
Jun 26 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11608]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597687.
Jun 26 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11543]: pam_unix(cron:session): session closed for user root
Jun 26 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session closed for user root
Jun 26 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11542]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10703]: pam_unix(cron:session): session closed for user root
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12031]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12092]: Successful su for rubyman by root
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12092]: + ??? root:rubyman
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597690 of user rubyman.
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12092]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597690.
Jun 26 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9202]: pam_unix(cron:session): session closed for user root
Jun 26 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11117]: pam_unix(cron:session): session closed for user root
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: Successful su for rubyman by root
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: + ??? root:rubyman
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597696 of user rubyman.
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597696.
Jun 26 16:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: Invalid user vera from 2.57.121.112
Jun 26 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: input_userauth_request: invalid user vera [preauth]
Jun 26 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9620]: pam_unix(cron:session): session closed for user root
Jun 26 16:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: Failed password for invalid user vera from 2.57.121.112 port 4124 ssh2
Jun 26 16:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: Failed password for invalid user vera from 2.57.121.112 port 4124 ssh2
Jun 26 16:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: Failed password for invalid user vera from 2.57.121.112 port 4124 ssh2
Jun 26 16:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: Failed password for invalid user vera from 2.57.121.112 port 4124 ssh2
Jun 26 16:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Failed password for root from 91.92.40.176 port 43210 ssh2
Jun 26 16:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Connection closed by 91.92.40.176 port 43210 [preauth]
Jun 26 16:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: Failed password for invalid user vera from 2.57.121.112 port 4124 ssh2
Jun 26 16:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: Connection closed by 2.57.121.112 port 4124 [preauth]
Jun 26 16:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 16:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12693]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 26 16:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11545]: pam_unix(cron:session): session closed for user root
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13030]: Successful su for rubyman by root
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13030]: + ??? root:rubyman
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597699 of user rubyman.
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13030]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597699.
Jun 26 16:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10213]: pam_unix(cron:session): session closed for user root
Jun 26 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 16:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Failed password for root from 103.176.20.57 port 38136 ssh2
Jun 26 16:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Connection closed by 103.176.20.57 port 38136 [preauth]
Jun 26 16:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13283]: Received disconnect from 172.110.219.251 port 43992:11: disconnected by user [preauth]
Jun 26 16:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13283]: Disconnected from 172.110.219.251 port 43992 [preauth]
Jun 26 16:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12031]: pam_unix(cron:session): session closed for user root
Jun 26 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13500]: Successful su for rubyman by root
Jun 26 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13500]: + ??? root:rubyman
Jun 26 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597702 of user rubyman.
Jun 26 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13500]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597702.
Jun 26 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session closed for user root
Jun 26 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10702]: pam_unix(cron:session): session closed for user root
Jun 26 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Failed password for root from 91.92.40.176 port 43740 ssh2
Jun 26 16:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Connection closed by 91.92.40.176 port 43740 [preauth]
Jun 26 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12550]: pam_unix(cron:session): session closed for user root
Jun 26 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13877]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13874]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13876]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session closed for user root
Jun 26 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13872]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13946]: Successful su for rubyman by root
Jun 26 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13946]: + ??? root:rubyman
Jun 26 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597708 of user rubyman.
Jun 26 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13946]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597708.
Jun 26 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13874]: pam_unix(cron:session): session closed for user root
Jun 26 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11116]: pam_unix(cron:session): session closed for user root
Jun 26 16:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13873]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session closed for user root
Jun 26 16:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 16:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: Failed password for root from 103.172.78.219 port 36692 ssh2
Jun 26 16:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: Connection closed by 103.172.78.219 port 36692 [preauth]
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14305]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14303]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14368]: Successful su for rubyman by root
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14368]: + ??? root:rubyman
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597713 of user rubyman.
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14368]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597713.
Jun 26 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11544]: pam_unix(cron:session): session closed for user root
Jun 26 16:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14304]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session closed for user root
Jun 26 16:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: Failed password for root from 91.92.40.176 port 60372 ssh2
Jun 26 16:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: Connection closed by 91.92.40.176 port 60372 [preauth]
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14797]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14798]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14795]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14857]: Successful su for rubyman by root
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14857]: + ??? root:rubyman
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597717 of user rubyman.
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14857]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597717.
Jun 26 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session closed for user root
Jun 26 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14796]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13877]: pam_unix(cron:session): session closed for user root
Jun 26 16:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Invalid user walter from 141.98.83.240
Jun 26 16:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: input_userauth_request: invalid user walter [preauth]
Jun 26 16:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 16:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Failed password for invalid user walter from 141.98.83.240 port 64946 ssh2
Jun 26 16:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 26 16:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Received disconnect from 62.210.207.172 port 53090:11: disconnected by user [preauth]
Jun 26 16:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Disconnected from 62.210.207.172 port 53090 [preauth]
Jun 26 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15205]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15206]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Failed password for invalid user walter from 141.98.83.240 port 64946 ssh2
Jun 26 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15269]: Successful su for rubyman by root
Jun 26 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15269]: + ??? root:rubyman
Jun 26 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597722 of user rubyman.
Jun 26 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15269]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597722.
Jun 26 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Failed password for invalid user walter from 141.98.83.240 port 64946 ssh2
Jun 26 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Connection closed by 141.98.83.240 port 64946 [preauth]
Jun 26 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session closed for user root
Jun 26 16:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15204]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14306]: pam_unix(cron:session): session closed for user root
Jun 26 16:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Failed password for root from 91.92.40.176 port 34770 ssh2
Jun 26 16:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Connection closed by 91.92.40.176 port 34770 [preauth]
Jun 26 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15584]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15645]: Successful su for rubyman by root
Jun 26 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15645]: + ??? root:rubyman
Jun 26 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597727 of user rubyman.
Jun 26 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15645]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597727.
Jun 26 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session closed for user root
Jun 26 16:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 16:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Failed password for root from 202.178.126.219 port 49797 ssh2
Jun 26 16:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Connection closed by 202.178.126.219 port 49797 [preauth]
Jun 26 16:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 16:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Failed password for root from 43.159.51.254 port 58334 ssh2
Jun 26 16:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Received disconnect from 43.159.51.254 port 58334:11: Bye Bye [preauth]
Jun 26 16:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Disconnected from 43.159.51.254 port 58334 [preauth]
Jun 26 16:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 16:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: Failed password for root from 51.250.105.222 port 57488 ssh2
Jun 26 16:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15879]: Connection closed by 51.250.105.222 port 57488 [preauth]
Jun 26 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14798]: pam_unix(cron:session): session closed for user root
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15989]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15987]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15989]: pam_unix(cron:session): session closed for user root
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15983]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: Successful su for rubyman by root
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: + ??? root:rubyman
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597733 of user rubyman.
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597733.
Jun 26 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session closed for user root
Jun 26 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session closed for user root
Jun 26 16:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15206]: pam_unix(cron:session): session closed for user root
Jun 26 16:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Failed password for root from 91.92.40.176 port 37360 ssh2
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16401]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16398]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Connection closed by 91.92.40.176 port 37360 [preauth]
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16467]: Successful su for rubyman by root
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16467]: + ??? root:rubyman
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597735 of user rubyman.
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16467]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597735.
Jun 26 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13876]: pam_unix(cron:session): session closed for user root
Jun 26 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16399]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session closed for user root
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: Successful su for rubyman by root
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: + ??? root:rubyman
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597739 of user rubyman.
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597739.
Jun 26 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14305]: pam_unix(cron:session): session closed for user root
Jun 26 16:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16800]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Invalid user luser from 43.159.51.254
Jun 26 16:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: input_userauth_request: invalid user luser [preauth]
Jun 26 16:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 16:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Failed password for invalid user luser from 43.159.51.254 port 44382 ssh2
Jun 26 16:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Received disconnect from 43.159.51.254 port 44382:11: Bye Bye [preauth]
Jun 26 16:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Disconnected from 43.159.51.254 port 44382 [preauth]
Jun 26 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session closed for user root
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17372]: Successful su for rubyman by root
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17372]: + ??? root:rubyman
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597745 of user rubyman.
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17372]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597745.
Jun 26 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14797]: pam_unix(cron:session): session closed for user root
Jun 26 16:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: Failed password for root from 91.92.40.176 port 44764 ssh2
Jun 26 16:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: Connection closed by 91.92.40.176 port 44764 [preauth]
Jun 26 16:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.223.69.22  user=root
Jun 26 16:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Failed password for root from 89.223.69.22 port 41982 ssh2
Jun 26 16:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Connection closed by 89.223.69.22 port 41982 [preauth]
Jun 26 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16401]: pam_unix(cron:session): session closed for user root
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17808]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17809]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17806]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17880]: Successful su for rubyman by root
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17880]: + ??? root:rubyman
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597748 of user rubyman.
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17880]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597748.
Jun 26 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15205]: pam_unix(cron:session): session closed for user root
Jun 26 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17807]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Invalid user happy from 43.159.51.254
Jun 26 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: input_userauth_request: invalid user happy [preauth]
Jun 26 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 16:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Failed password for invalid user happy from 43.159.51.254 port 51900 ssh2
Jun 26 16:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Received disconnect from 43.159.51.254 port 51900:11: Bye Bye [preauth]
Jun 26 16:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Disconnected from 43.159.51.254 port 51900 [preauth]
Jun 26 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session closed for user root
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session closed for user root
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: Successful su for rubyman by root
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: + ??? root:rubyman
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597752 of user rubyman.
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597752.
Jun 26 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session closed for user root
Jun 26 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session closed for user root
Jun 26 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Failed password for root from 91.92.40.176 port 40222 ssh2
Jun 26 16:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Connection closed by 91.92.40.176 port 40222 [preauth]
Jun 26 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17307]: pam_unix(cron:session): session closed for user root
Jun 26 16:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: Invalid user test from 45.148.10.121
Jun 26 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: input_userauth_request: invalid user test [preauth]
Jun 26 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18774]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18772]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: Successful su for rubyman by root
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: + ??? root:rubyman
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597757 of user rubyman.
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18857]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597757.
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: Failed password for invalid user test from 45.148.10.121 port 50528 ssh2
Jun 26 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18768]: Connection closed by 45.148.10.121 port 50528 [preauth]
Jun 26 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15987]: pam_unix(cron:session): session closed for user root
Jun 26 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18773]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18916]: Failed password for root from 103.77.242.62 port 57650 ssh2
Jun 26 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18916]: Connection closed by 103.77.242.62 port 57650 [preauth]
Jun 26 16:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 16:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: Failed password for root from 43.159.51.254 port 59478 ssh2
Jun 26 16:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: Received disconnect from 43.159.51.254 port 59478:11: Bye Bye [preauth]
Jun 26 16:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: Disconnected from 43.159.51.254 port 59478 [preauth]
Jun 26 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17809]: pam_unix(cron:session): session closed for user root
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19297]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19355]: Successful su for rubyman by root
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19355]: + ??? root:rubyman
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597763 of user rubyman.
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19355]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597763.
Jun 26 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16400]: pam_unix(cron:session): session closed for user root
Jun 26 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19296]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session closed for user root
Jun 26 16:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: Failed password for root from 91.92.40.176 port 43794 ssh2
Jun 26 16:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: Connection closed by 91.92.40.176 port 43794 [preauth]
Jun 26 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19911]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19912]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19909]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: Successful su for rubyman by root
Jun 26 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: + ??? root:rubyman
Jun 26 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597768 of user rubyman.
Jun 26 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597768.
Jun 26 16:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session closed for user root
Jun 26 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Invalid user mine from 43.159.51.254
Jun 26 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: input_userauth_request: invalid user mine [preauth]
Jun 26 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19910]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Failed password for invalid user mine from 43.159.51.254 port 38758 ssh2
Jun 26 16:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Received disconnect from 43.159.51.254 port 38758:11: Bye Bye [preauth]
Jun 26 16:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Disconnected from 43.159.51.254 port 38758 [preauth]
Jun 26 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session closed for user root
Jun 26 16:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 16:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Failed password for root from 103.82.20.28 port 50844 ssh2
Jun 26 16:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Connection closed by 103.82.20.28 port 50844 [preauth]
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20411]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20408]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20477]: Successful su for rubyman by root
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20477]: + ??? root:rubyman
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597770 of user rubyman.
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20477]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597770.
Jun 26 16:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session closed for user root
Jun 26 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session closed for user root
Jun 26 16:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 16:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20881]: Failed password for root from 43.159.51.254 port 46196 ssh2
Jun 26 16:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20881]: Received disconnect from 43.159.51.254 port 46196:11: Bye Bye [preauth]
Jun 26 16:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20881]: Disconnected from 43.159.51.254 port 46196 [preauth]
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20915]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20914]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20916]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20917]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20917]: pam_unix(cron:session): session closed for user root
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20912]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20980]: Successful su for rubyman by root
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20980]: + ??? root:rubyman
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597776 of user rubyman.
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20980]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597776.
Jun 26 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20914]: pam_unix(cron:session): session closed for user root
Jun 26 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17808]: pam_unix(cron:session): session closed for user root
Jun 26 16:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: Failed password for root from 91.92.40.176 port 60540 ssh2
Jun 26 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21179]: Connection closed by 91.92.40.176 port 60540 [preauth]
Jun 26 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: Failed password for root from 38.93.206.2 port 24256 ssh2
Jun 26 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: Connection closed by 38.93.206.2 port 24256 [preauth]
Jun 26 16:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19912]: pam_unix(cron:session): session closed for user root
Jun 26 16:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 16:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21322]: Failed password for root from 193.37.70.224 port 47340 ssh2
Jun 26 16:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21322]: Connection closed by 193.37.70.224 port 47340 [preauth]
Jun 26 16:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 16:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Failed password for root from 62.133.62.83 port 60542 ssh2
Jun 26 16:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Connection closed by 62.133.62.83 port 60542 [preauth]
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21359]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21360]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21357]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: Successful su for rubyman by root
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: + ??? root:rubyman
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597779 of user rubyman.
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597779.
Jun 26 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session closed for user root
Jun 26 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21358]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 16:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: Failed password for root from 43.159.51.254 port 53604 ssh2
Jun 26 16:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: Received disconnect from 43.159.51.254 port 53604:11: Bye Bye [preauth]
Jun 26 16:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21690]: Disconnected from 43.159.51.254 port 53604 [preauth]
Jun 26 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: Invalid user admin from 193.46.255.86
Jun 26 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: input_userauth_request: invalid user admin [preauth]
Jun 26 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20411]: pam_unix(cron:session): session closed for user root
Jun 26 16:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: Failed password for invalid user admin from 193.46.255.86 port 47550 ssh2
Jun 26 16:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: Failed password for invalid user admin from 193.46.255.86 port 47550 ssh2
Jun 26 16:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: Failed password for invalid user admin from 193.46.255.86 port 47550 ssh2
Jun 26 16:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: Connection closed by 193.46.255.86 port 47550 [preauth]
Jun 26 16:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21712]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 16:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 16:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21775]: Failed password for root from 103.122.221.179 port 52908 ssh2
Jun 26 16:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21775]: Connection closed by 103.122.221.179 port 52908 [preauth]
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21802]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21798]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21862]: Successful su for rubyman by root
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21862]: + ??? root:rubyman
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597783 of user rubyman.
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21862]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597783.
Jun 26 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18774]: pam_unix(cron:session): session closed for user root
Jun 26 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21799]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: Failed password for root from 91.92.40.176 port 47766 ssh2
Jun 26 16:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: Connection closed by 91.92.40.176 port 47766 [preauth]
Jun 26 16:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 16:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22050]: Failed password for root from 103.27.238.120 port 53540 ssh2
Jun 26 16:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22050]: Connection closed by 103.27.238.120 port 53540 [preauth]
Jun 26 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20916]: pam_unix(cron:session): session closed for user root
Jun 26 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: Received disconnect from 104.194.10.248 port 54730:11: disconnected by user [preauth]
Jun 26 16:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: Disconnected from 104.194.10.248 port 54730 [preauth]
Jun 26 16:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 16:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: Failed password for root from 202.178.126.219 port 33028 ssh2
Jun 26 16:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: Connection closed by 202.178.126.219 port 33028 [preauth]
Jun 26 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 16:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: Failed password for root from 103.153.68.219 port 56316 ssh2
Jun 26 16:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: Connection closed by 103.153.68.219 port 56316 [preauth]
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22224]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22225]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22283]: Successful su for rubyman by root
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22283]: + ??? root:rubyman
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597787 of user rubyman.
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22283]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597787.
Jun 26 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19297]: pam_unix(cron:session): session closed for user root
Jun 26 16:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22223]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 16:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Failed password for root from 43.159.51.254 port 32804 ssh2
Jun 26 16:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Received disconnect from 43.159.51.254 port 32804:11: Bye Bye [preauth]
Jun 26 16:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Disconnected from 43.159.51.254 port 32804 [preauth]
Jun 26 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21360]: pam_unix(cron:session): session closed for user root
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session closed for user p13x
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22770]: Successful su for rubyman by root
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22770]: + ??? root:rubyman
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597792 of user rubyman.
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22770]: pam_unix(su:session): session closed for user rubyman
Jun 26 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597792.
Jun 26 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19911]: pam_unix(cron:session): session closed for user root
Jun 26 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session closed for user samftp
Jun 26 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 16:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Failed password for root from 91.92.40.176 port 42364 ssh2
Jun 26 16:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Connection closed by 91.92.40.176 port 42364 [preauth]
Jun 26 16:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21802]: pam_unix(cron:session): session closed for user root
Jun 26 16:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 16:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: Invalid user sammy from 43.159.51.254
Jun 26 16:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: input_userauth_request: invalid user sammy [preauth]
Jun 26 16:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 16:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: Failed password for invalid user sammy from 43.159.51.254 port 40290 ssh2
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23113]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23115]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23116]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23116]: pam_unix(cron:session): session closed for user root
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23111]: pam_unix(cron:session): session closed for user root
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23109]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: Received disconnect from 43.159.51.254 port 40290:11: Bye Bye [preauth]
Jun 26 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23106]: Disconnected from 43.159.51.254 port 40290 [preauth]
Jun 26 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23205]: Successful su for rubyman by root
Jun 26 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23205]: + ??? root:rubyman
Jun 26 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597797 of user rubyman.
Jun 26 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23205]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597797.
Jun 26 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23113]: pam_unix(cron:session): session closed for user root
Jun 26 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session closed for user root
Jun 26 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23110]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22225]: pam_unix(cron:session): session closed for user root
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: Successful su for rubyman by root
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: + ??? root:rubyman
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597802 of user rubyman.
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23704]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597802.
Jun 26 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20915]: pam_unix(cron:session): session closed for user root
Jun 26 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 17:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Failed password for root from 103.149.28.157 port 44816 ssh2
Jun 26 17:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Connection closed by 103.149.28.157 port 44816 [preauth]
Jun 26 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: Failed password for root from 91.92.40.176 port 60218 ssh2
Jun 26 17:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: Connection closed by 91.92.40.176 port 60218 [preauth]
Jun 26 17:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session closed for user root
Jun 26 17:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Invalid user admin1 from 43.159.51.254
Jun 26 17:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: input_userauth_request: invalid user admin1 [preauth]
Jun 26 17:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for invalid user admin1 from 43.159.51.254 port 47770 ssh2
Jun 26 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Received disconnect from 43.159.51.254 port 47770:11: Bye Bye [preauth]
Jun 26 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Disconnected from 43.159.51.254 port 47770 [preauth]
Jun 26 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24158]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: Successful su for rubyman by root
Jun 26 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: + ??? root:rubyman
Jun 26 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597806 of user rubyman.
Jun 26 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24226]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597806.
Jun 26 17:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21359]: pam_unix(cron:session): session closed for user root
Jun 26 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24345]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 26 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24345]: Received disconnect from 62.210.207.172 port 52416:11: disconnected by user [preauth]
Jun 26 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24345]: Disconnected from 62.210.207.172 port 52416 [preauth]
Jun 26 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23115]: pam_unix(cron:session): session closed for user root
Jun 26 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24583]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24658]: Successful su for rubyman by root
Jun 26 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24658]: + ??? root:rubyman
Jun 26 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597810 of user rubyman.
Jun 26 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24658]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597810.
Jun 26 17:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21800]: pam_unix(cron:session): session closed for user root
Jun 26 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 17:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24850]: Failed password for root from 194.113.233.25 port 52064 ssh2
Jun 26 17:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24850]: Connection closed by 194.113.233.25 port 52064 [preauth]
Jun 26 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session closed for user root
Jun 26 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: Did not receive identification string from 120.76.158.232
Jun 26 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Invalid user mohammad from 43.159.51.254
Jun 26 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: input_userauth_request: invalid user mohammad [preauth]
Jun 26 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Failed password for invalid user mohammad from 43.159.51.254 port 55208 ssh2
Jun 26 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Received disconnect from 43.159.51.254 port 55208:11: Bye Bye [preauth]
Jun 26 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Disconnected from 43.159.51.254 port 55208 [preauth]
Jun 26 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Failed password for root from 91.92.40.176 port 44294 ssh2
Jun 26 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Connection closed by 91.92.40.176 port 44294 [preauth]
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: Successful su for rubyman by root
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: + ??? root:rubyman
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597815 of user rubyman.
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25066]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597815.
Jun 26 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22224]: pam_unix(cron:session): session closed for user root
Jun 26 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session closed for user root
Jun 26 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25406]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25407]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25405]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25404]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25407]: pam_unix(cron:session): session closed for user root
Jun 26 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25402]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25470]: Successful su for rubyman by root
Jun 26 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25470]: + ??? root:rubyman
Jun 26 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597818 of user rubyman.
Jun 26 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25470]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597818.
Jun 26 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25404]: pam_unix(cron:session): session closed for user root
Jun 26 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session closed for user root
Jun 26 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25403]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
Jun 26 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: Received disconnect from 149.56.241.206 port 54674:11: disconnected by user [preauth]
Jun 26 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25707]: Disconnected from 149.56.241.206 port 54674 [preauth]
Jun 26 17:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: Failed password for root from 43.159.51.254 port 34472 ssh2
Jun 26 17:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: Received disconnect from 43.159.51.254 port 34472:11: Bye Bye [preauth]
Jun 26 17:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: Disconnected from 43.159.51.254 port 34472 [preauth]
Jun 26 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session closed for user root
Jun 26 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25754]: Failed password for root from 109.237.96.109 port 54860 ssh2
Jun 26 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25754]: Connection closed by 109.237.96.109 port 54860 [preauth]
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25834]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25833]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25831]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25896]: Successful su for rubyman by root
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25896]: + ??? root:rubyman
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597825 of user rubyman.
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25896]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597825.
Jun 26 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session closed for user root
Jun 26 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25832]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: Failed password for root from 91.92.40.176 port 57336 ssh2
Jun 26 17:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: Connection closed by 91.92.40.176 port 57336 [preauth]
Jun 26 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session closed for user root
Jun 26 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Jun 26 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.78.243.65
Jun 26 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Invalid user user from 43.159.51.254
Jun 26 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: input_userauth_request: invalid user user [preauth]
Jun 26 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26247]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26309]: Successful su for rubyman by root
Jun 26 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26309]: + ??? root:rubyman
Jun 26 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597828 of user rubyman.
Jun 26 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26309]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597828.
Jun 26 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Failed password for invalid user user from 43.159.51.254 port 41976 ssh2
Jun 26 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Received disconnect from 43.159.51.254 port 41976:11: Bye Bye [preauth]
Jun 26 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Disconnected from 43.159.51.254 port 41976 [preauth]
Jun 26 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session closed for user root
Jun 26 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25406]: pam_unix(cron:session): session closed for user root
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26791]: Successful su for rubyman by root
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26791]: + ??? root:rubyman
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597832 of user rubyman.
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26791]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597832.
Jun 26 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session closed for user root
Jun 26 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: Invalid user will from 141.98.83.240
Jun 26 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: input_userauth_request: invalid user will [preauth]
Jun 26 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: Failed password for invalid user will from 141.98.83.240 port 7384 ssh2
Jun 26 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25834]: pam_unix(cron:session): session closed for user root
Jun 26 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: Failed password for invalid user will from 141.98.83.240 port 7384 ssh2
Jun 26 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: Failed password for invalid user will from 141.98.83.240 port 7384 ssh2
Jun 26 17:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: Connection closed by 141.98.83.240 port 7384 [preauth]
Jun 26 17:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 17:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: Invalid user ftpuser01 from 43.159.51.254
Jun 26 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: input_userauth_request: invalid user ftpuser01 [preauth]
Jun 26 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: Failed password for root from 91.92.40.176 port 38314 ssh2
Jun 26 17:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: Failed password for invalid user ftpuser01 from 43.159.51.254 port 49380 ssh2
Jun 26 17:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: Received disconnect from 43.159.51.254 port 49380:11: Bye Bye [preauth]
Jun 26 17:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: Disconnected from 43.159.51.254 port 49380 [preauth]
Jun 26 17:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27072]: Connection closed by 91.92.40.176 port 38314 [preauth]
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27127]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27246]: Successful su for rubyman by root
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27246]: + ??? root:rubyman
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597838 of user rubyman.
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27246]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597838.
Jun 26 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27125]: pam_unix(cron:session): session closed for user root
Jun 26 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session closed for user root
Jun 26 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session closed for user root
Jun 26 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27642]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27640]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27641]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27643]: pam_unix(cron:session): session closed for user root
Jun 26 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27638]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: Successful su for rubyman by root
Jun 26 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: + ??? root:rubyman
Jun 26 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597843 of user rubyman.
Jun 26 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597843.
Jun 26 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27640]: pam_unix(cron:session): session closed for user root
Jun 26 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session closed for user root
Jun 26 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27639]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Invalid user deploy from 43.159.51.254
Jun 26 17:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: input_userauth_request: invalid user deploy [preauth]
Jun 26 17:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Failed password for invalid user deploy from 43.159.51.254 port 56808 ssh2
Jun 26 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Received disconnect from 43.159.51.254 port 56808:11: Bye Bye [preauth]
Jun 26 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Disconnected from 43.159.51.254 port 56808 [preauth]
Jun 26 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session closed for user root
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28138]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28137]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28135]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28211]: Successful su for rubyman by root
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28211]: + ??? root:rubyman
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597847 of user rubyman.
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28211]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597847.
Jun 26 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25405]: pam_unix(cron:session): session closed for user root
Jun 26 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28136]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Failed password for root from 91.92.40.176 port 39676 ssh2
Jun 26 17:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Connection closed by 91.92.40.176 port 39676 [preauth]
Jun 26 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session closed for user root
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28551]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28550]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28548]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28697]: Successful su for rubyman by root
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28697]: + ??? root:rubyman
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597852 of user rubyman.
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28697]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597852.
Jun 26 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25833]: pam_unix(cron:session): session closed for user root
Jun 26 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28549]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Failed password for root from 43.159.51.254 port 36062 ssh2
Jun 26 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Received disconnect from 43.159.51.254 port 36062:11: Bye Bye [preauth]
Jun 26 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Disconnected from 43.159.51.254 port 36062 [preauth]
Jun 26 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27642]: pam_unix(cron:session): session closed for user root
Jun 26 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29057]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29056]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29051]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29117]: Successful su for rubyman by root
Jun 26 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29117]: + ??? root:rubyman
Jun 26 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597856 of user rubyman.
Jun 26 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29117]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597856.
Jun 26 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26247]: pam_unix(cron:session): session closed for user root
Jun 26 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29052]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28138]: pam_unix(cron:session): session closed for user root
Jun 26 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Failed password for root from 91.92.40.176 port 41244 ssh2
Jun 26 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Connection closed by 91.92.40.176 port 41244 [preauth]
Jun 26 17:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Invalid user serv from 43.159.51.254
Jun 26 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: input_userauth_request: invalid user serv [preauth]
Jun 26 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29471]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29633]: Successful su for rubyman by root
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29633]: + ??? root:rubyman
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597860 of user rubyman.
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29633]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597860.
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Failed password for invalid user serv from 43.159.51.254 port 43490 ssh2
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Received disconnect from 43.159.51.254 port 43490:11: Bye Bye [preauth]
Jun 26 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Disconnected from 43.159.51.254 port 43490 [preauth]
Jun 26 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session closed for user root
Jun 26 17:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29472]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 17:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for root from 87.251.79.125 port 58788 ssh2
Jun 26 17:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Connection closed by 87.251.79.125 port 58788 [preauth]
Jun 26 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28551]: pam_unix(cron:session): session closed for user root
Jun 26 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session closed for user root
Jun 26 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30014]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30090]: Successful su for rubyman by root
Jun 26 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30090]: + ??? root:rubyman
Jun 26 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597863 of user rubyman.
Jun 26 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30090]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597863.
Jun 26 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session closed for user root
Jun 26 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session closed for user root
Jun 26 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30015]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29057]: pam_unix(cron:session): session closed for user root
Jun 26 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: Failed password for root from 43.159.51.254 port 50936 ssh2
Jun 26 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: Received disconnect from 43.159.51.254 port 50936:11: Bye Bye [preauth]
Jun 26 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30429]: Disconnected from 43.159.51.254 port 50936 [preauth]
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30464]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30461]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30533]: Successful su for rubyman by root
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30533]: + ??? root:rubyman
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597869 of user rubyman.
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30533]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597869.
Jun 26 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30462]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27641]: pam_unix(cron:session): session closed for user root
Jun 26 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30678]: Received disconnect from 141.95.34.214 port 48126:11: disconnected by user [preauth]
Jun 26 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30678]: Disconnected from 141.95.34.214 port 48126 [preauth]
Jun 26 17:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Failed password for root from 103.82.132.16 port 51638 ssh2
Jun 26 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Connection closed by 103.82.132.16 port 51638 [preauth]
Jun 26 17:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29479]: pam_unix(cron:session): session closed for user root
Jun 26 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: Failed password for root from 91.92.40.176 port 42508 ssh2
Jun 26 17:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30834]: Connection closed by 91.92.40.176 port 42508 [preauth]
Jun 26 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Failed password for root from 147.45.199.80 port 53262 ssh2
Jun 26 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Connection closed by 147.45.199.80 port 53262 [preauth]
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30897]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30898]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30888]: pam_unix(cron:session): session closed for user root
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30891]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31053]: Successful su for rubyman by root
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31053]: + ??? root:rubyman
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597875 of user rubyman.
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31053]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597875.
Jun 26 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28137]: pam_unix(cron:session): session closed for user root
Jun 26 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30896]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.32.39.21  user=root
Jun 26 17:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Failed password for root from 176.32.39.21 port 45872 ssh2
Jun 26 17:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Connection closed by 176.32.39.21 port 45872 [preauth]
Jun 26 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user root
Jun 26 17:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: Failed password for root from 43.159.51.254 port 58424 ssh2
Jun 26 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: Received disconnect from 43.159.51.254 port 58424:11: Bye Bye [preauth]
Jun 26 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: Disconnected from 43.159.51.254 port 58424 [preauth]
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31388]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: Successful su for rubyman by root
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: + ??? root:rubyman
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597879 of user rubyman.
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31460]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597879.
Jun 26 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28550]: pam_unix(cron:session): session closed for user root
Jun 26 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31389]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session closed for user root
Jun 26 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31893]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31962]: Successful su for rubyman by root
Jun 26 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31962]: + ??? root:rubyman
Jun 26 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597883 of user rubyman.
Jun 26 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31962]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597883.
Jun 26 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29056]: pam_unix(cron:session): session closed for user root
Jun 26 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Invalid user suser from 43.159.51.254
Jun 26 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: input_userauth_request: invalid user suser [preauth]
Jun 26 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Failed password for invalid user suser from 43.159.51.254 port 37646 ssh2
Jun 26 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Received disconnect from 43.159.51.254 port 37646:11: Bye Bye [preauth]
Jun 26 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Disconnected from 43.159.51.254 port 37646 [preauth]
Jun 26 17:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 17:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Failed password for root from 103.77.175.15 port 46272 ssh2
Jun 26 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30898]: pam_unix(cron:session): session closed for user root
Jun 26 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Connection closed by 103.77.175.15 port 46272 [preauth]
Jun 26 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Failed password for root from 91.92.40.176 port 55088 ssh2
Jun 26 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Connection closed by 91.92.40.176 port 55088 [preauth]
Jun 26 17:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32306]: Connection closed by 45.148.10.121 port 51392 [preauth]
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32314]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32311]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32314]: pam_unix(cron:session): session closed for user root
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32309]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32381]: Successful su for rubyman by root
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32381]: + ??? root:rubyman
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597888 of user rubyman.
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32381]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597888.
Jun 26 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32311]: pam_unix(cron:session): session closed for user root
Jun 26 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29473]: pam_unix(cron:session): session closed for user root
Jun 26 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32310]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31391]: pam_unix(cron:session): session closed for user root
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32759]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32756]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[360]: Successful su for rubyman by root
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[360]: + ??? root:rubyman
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597892 of user rubyman.
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[360]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597892.
Jun 26 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user root
Jun 26 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Invalid user ubuntu from 43.159.51.254
Jun 26 17:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 17:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Failed password for invalid user ubuntu from 43.159.51.254 port 45112 ssh2
Jun 26 17:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Received disconnect from 43.159.51.254 port 45112:11: Bye Bye [preauth]
Jun 26 17:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Disconnected from 43.159.51.254 port 45112 [preauth]
Jun 26 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session closed for user root
Jun 26 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[862]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[928]: Successful su for rubyman by root
Jun 26 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[928]: + ??? root:rubyman
Jun 26 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597896 of user rubyman.
Jun 26 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[928]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597896.
Jun 26 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30464]: pam_unix(cron:session): session closed for user root
Jun 26 17:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[863]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session closed for user root
Jun 26 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Failed password for root from 91.92.40.176 port 43176 ssh2
Jun 26 17:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Connection closed by 91.92.40.176 port 43176 [preauth]
Jun 26 17:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 17:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: Failed password for root from 43.159.51.254 port 52604 ssh2
Jun 26 17:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: Received disconnect from 43.159.51.254 port 52604:11: Bye Bye [preauth]
Jun 26 17:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: Disconnected from 43.159.51.254 port 52604 [preauth]
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1322]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1323]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1320]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1394]: Successful su for rubyman by root
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1394]: + ??? root:rubyman
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597900 of user rubyman.
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1394]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597900.
Jun 26 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30897]: pam_unix(cron:session): session closed for user root
Jun 26 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1321]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 17:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Failed password for root from 80.66.85.226 port 45198 ssh2
Jun 26 17:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Connection closed by 80.66.85.226 port 45198 [preauth]
Jun 26 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32759]: pam_unix(cron:session): session closed for user root
Jun 26 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1871]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1872]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1868]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: Successful su for rubyman by root
Jun 26 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: + ??? root:rubyman
Jun 26 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597904 of user rubyman.
Jun 26 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597904.
Jun 26 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31390]: pam_unix(cron:session): session closed for user root
Jun 26 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1870]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: Invalid user admin from 139.19.117.131
Jun 26 17:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: input_userauth_request: invalid user admin [preauth]
Jun 26 17:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: Connection closed by 139.19.117.131 port 50746 [preauth]
Jun 26 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session closed for user root
Jun 26 17:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Failed password for root from 43.159.51.254 port 60082 ssh2
Jun 26 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Received disconnect from 43.159.51.254 port 60082:11: Bye Bye [preauth]
Jun 26 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Disconnected from 43.159.51.254 port 60082 [preauth]
Jun 26 17:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Invalid user admin from 2.57.121.25
Jun 26 17:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: input_userauth_request: invalid user admin [preauth]
Jun 26 17:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 17:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Failed password for invalid user admin from 2.57.121.25 port 35472 ssh2
Jun 26 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2374]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2373]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session closed for user root
Jun 26 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2438]: Successful su for rubyman by root
Jun 26 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2438]: + ??? root:rubyman
Jun 26 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597911 of user rubyman.
Jun 26 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2438]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597911.
Jun 26 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Failed password for invalid user admin from 2.57.121.25 port 35472 ssh2
Jun 26 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2373]: pam_unix(cron:session): session closed for user root
Jun 26 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31893]: pam_unix(cron:session): session closed for user root
Jun 26 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Failed password for invalid user admin from 2.57.121.25 port 35472 ssh2
Jun 26 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: Connection closed by 2.57.121.25 port 35472 [preauth]
Jun 26 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2360]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1323]: pam_unix(cron:session): session closed for user root
Jun 26 17:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: Failed password for root from 91.92.40.176 port 53562 ssh2
Jun 26 17:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2813]: Connection closed by 91.92.40.176 port 53562 [preauth]
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2827]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2826]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2890]: Successful su for rubyman by root
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2890]: + ??? root:rubyman
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597914 of user rubyman.
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2890]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597914.
Jun 26 17:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session closed for user root
Jun 26 17:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2825]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: Invalid user guest from 43.159.51.254
Jun 26 17:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: input_userauth_request: invalid user guest [preauth]
Jun 26 17:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: Failed password for invalid user guest from 43.159.51.254 port 39350 ssh2
Jun 26 17:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: Received disconnect from 43.159.51.254 port 39350:11: Bye Bye [preauth]
Jun 26 17:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: Disconnected from 43.159.51.254 port 39350 [preauth]
Jun 26 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1872]: pam_unix(cron:session): session closed for user root
Jun 26 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3219]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3218]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3216]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3281]: Successful su for rubyman by root
Jun 26 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3281]: + ??? root:rubyman
Jun 26 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597918 of user rubyman.
Jun 26 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3281]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597918.
Jun 26 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session closed for user root
Jun 26 17:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session closed for user root
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3621]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3620]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3683]: Successful su for rubyman by root
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3683]: + ??? root:rubyman
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597923 of user rubyman.
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3683]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597923.
Jun 26 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[864]: pam_unix(cron:session): session closed for user root
Jun 26 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: Invalid user consulta1 from 43.159.51.254
Jun 26 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: input_userauth_request: invalid user consulta1 [preauth]
Jun 26 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: Failed password for invalid user consulta1 from 43.159.51.254 port 46810 ssh2
Jun 26 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: Received disconnect from 43.159.51.254 port 46810:11: Bye Bye [preauth]
Jun 26 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: Disconnected from 43.159.51.254 port 46810 [preauth]
Jun 26 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2827]: pam_unix(cron:session): session closed for user root
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4216]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4215]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4213]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: Successful su for rubyman by root
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: + ??? root:rubyman
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597927 of user rubyman.
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597927.
Jun 26 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4340]: Received disconnect from 209.90.232.26 port 50386:11: disconnected by user [preauth]
Jun 26 17:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4340]: Disconnected from 209.90.232.26 port 50386 [preauth]
Jun 26 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1322]: pam_unix(cron:session): session closed for user root
Jun 26 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4214]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Failed password for root from 91.92.40.176 port 40150 ssh2
Jun 26 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Connection closed by 91.92.40.176 port 40150 [preauth]
Jun 26 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3219]: pam_unix(cron:session): session closed for user root
Jun 26 17:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: Invalid user vhserver3 from 43.159.51.254
Jun 26 17:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: input_userauth_request: invalid user vhserver3 [preauth]
Jun 26 17:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: Failed password for invalid user vhserver3 from 43.159.51.254 port 54326 ssh2
Jun 26 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: Received disconnect from 43.159.51.254 port 54326:11: Bye Bye [preauth]
Jun 26 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: Disconnected from 43.159.51.254 port 54326 [preauth]
Jun 26 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4628]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4629]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4629]: pam_unix(cron:session): session closed for user root
Jun 26 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4624]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4698]: Successful su for rubyman by root
Jun 26 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4698]: + ??? root:rubyman
Jun 26 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597934 of user rubyman.
Jun 26 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4698]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597934.
Jun 26 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4626]: pam_unix(cron:session): session closed for user root
Jun 26 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1871]: pam_unix(cron:session): session closed for user root
Jun 26 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4625]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3621]: pam_unix(cron:session): session closed for user root
Jun 26 17:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5112]: Connection closed by 194.59.206.2 port 38408 [preauth]
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5169]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5170]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5167]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5233]: Successful su for rubyman by root
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5233]: + ??? root:rubyman
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597937 of user rubyman.
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5233]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597937.
Jun 26 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2374]: pam_unix(cron:session): session closed for user root
Jun 26 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5168]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 17:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Failed password for root from 103.27.238.114 port 42478 ssh2
Jun 26 17:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Connection closed by 103.27.238.114 port 42478 [preauth]
Jun 26 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4216]: pam_unix(cron:session): session closed for user root
Jun 26 17:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: Failed password for root from 43.159.51.254 port 33520 ssh2
Jun 26 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: Received disconnect from 43.159.51.254 port 33520:11: Bye Bye [preauth]
Jun 26 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: Disconnected from 43.159.51.254 port 33520 [preauth]
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5593]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5591]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5648]: Successful su for rubyman by root
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5648]: + ??? root:rubyman
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597941 of user rubyman.
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5648]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597941.
Jun 26 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2826]: pam_unix(cron:session): session closed for user root
Jun 26 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5592]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4628]: pam_unix(cron:session): session closed for user root
Jun 26 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5976]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5977]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5974]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6033]: Successful su for rubyman by root
Jun 26 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6033]: + ??? root:rubyman
Jun 26 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597944 of user rubyman.
Jun 26 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6033]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597944.
Jun 26 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3218]: pam_unix(cron:session): session closed for user root
Jun 26 17:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5975]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Failed password for root from 91.92.40.176 port 39628 ssh2
Jun 26 17:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Connection closed by 91.92.40.176 port 39628 [preauth]
Jun 26 17:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: Invalid user webuser from 43.159.51.254
Jun 26 17:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: input_userauth_request: invalid user webuser [preauth]
Jun 26 17:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: Failed password for invalid user webuser from 43.159.51.254 port 40954 ssh2
Jun 26 17:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: Received disconnect from 43.159.51.254 port 40954:11: Bye Bye [preauth]
Jun 26 17:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: Disconnected from 43.159.51.254 port 40954 [preauth]
Jun 26 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5170]: pam_unix(cron:session): session closed for user root
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6371]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6370]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6368]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6427]: Successful su for rubyman by root
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6427]: + ??? root:rubyman
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597949 of user rubyman.
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6427]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597949.
Jun 26 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3620]: pam_unix(cron:session): session closed for user root
Jun 26 17:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6369]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: Invalid user user from 141.98.83.240
Jun 26 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: input_userauth_request: invalid user user [preauth]
Jun 26 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 17:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: Failed password for invalid user user from 141.98.83.240 port 40126 ssh2
Jun 26 17:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: Failed password for invalid user user from 141.98.83.240 port 40126 ssh2
Jun 26 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: Failed password for invalid user user from 141.98.83.240 port 40126 ssh2
Jun 26 17:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: Connection closed by 141.98.83.240 port 40126 [preauth]
Jun 26 17:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6595]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5594]: pam_unix(cron:session): session closed for user root
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6782]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6779]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6782]: pam_unix(cron:session): session closed for user root
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6772]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6850]: Successful su for rubyman by root
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6850]: + ??? root:rubyman
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597956 of user rubyman.
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6850]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597956.
Jun 26 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6775]: pam_unix(cron:session): session closed for user root
Jun 26 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4215]: pam_unix(cron:session): session closed for user root
Jun 26 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6773]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254  user=root
Jun 26 17:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Failed password for root from 43.159.51.254 port 48516 ssh2
Jun 26 17:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Received disconnect from 43.159.51.254 port 48516:11: Bye Bye [preauth]
Jun 26 17:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7159]: Disconnected from 43.159.51.254 port 48516 [preauth]
Jun 26 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5977]: pam_unix(cron:session): session closed for user root
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7304]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7372]: Successful su for rubyman by root
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7372]: + ??? root:rubyman
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597959 of user rubyman.
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7372]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597959.
Jun 26 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4627]: pam_unix(cron:session): session closed for user root
Jun 26 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7305]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6371]: pam_unix(cron:session): session closed for user root
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7806]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7807]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7804]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7861]: Successful su for rubyman by root
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7861]: + ??? root:rubyman
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597962 of user rubyman.
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7861]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597962.
Jun 26 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5169]: pam_unix(cron:session): session closed for user root
Jun 26 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: Invalid user jarservice from 43.159.51.254
Jun 26 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: input_userauth_request: invalid user jarservice [preauth]
Jun 26 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.51.254
Jun 26 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7805]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: Failed password for invalid user jarservice from 43.159.51.254 port 56004 ssh2
Jun 26 17:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: Received disconnect from 43.159.51.254 port 56004:11: Bye Bye [preauth]
Jun 26 17:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: Disconnected from 43.159.51.254 port 56004 [preauth]
Jun 26 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 17:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: Failed password for root from 38.93.206.2 port 65296 ssh2
Jun 26 17:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: Connection closed by 38.93.206.2 port 65296 [preauth]
Jun 26 17:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: Failed password for root from 91.92.40.176 port 53692 ssh2
Jun 26 17:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: Connection closed by 91.92.40.176 port 53692 [preauth]
Jun 26 17:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6779]: pam_unix(cron:session): session closed for user root
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8199]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8260]: Successful su for rubyman by root
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8260]: + ??? root:rubyman
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597968 of user rubyman.
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8260]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597968.
Jun 26 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5593]: pam_unix(cron:session): session closed for user root
Jun 26 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8200]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7307]: pam_unix(cron:session): session closed for user root
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8598]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8599]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8594]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8596]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8713]: Successful su for rubyman by root
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8713]: + ??? root:rubyman
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597970 of user rubyman.
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8713]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597970.
Jun 26 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8594]: pam_unix(cron:session): session closed for user root
Jun 26 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5976]: pam_unix(cron:session): session closed for user root
Jun 26 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8597]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7807]: pam_unix(cron:session): session closed for user root
Jun 26 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9084]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9084]: pam_unix(cron:session): session closed for user root
Jun 26 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9079]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9146]: Successful su for rubyman by root
Jun 26 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9146]: + ??? root:rubyman
Jun 26 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597977 of user rubyman.
Jun 26 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9146]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597977.
Jun 26 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9081]: pam_unix(cron:session): session closed for user root
Jun 26 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6370]: pam_unix(cron:session): session closed for user root
Jun 26 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9080]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8203]: pam_unix(cron:session): session closed for user root
Jun 26 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: Failed password for root from 91.92.40.176 port 37690 ssh2
Jun 26 17:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: Connection closed by 91.92.40.176 port 37690 [preauth]
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9502]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9568]: Successful su for rubyman by root
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9568]: + ??? root:rubyman
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597981 of user rubyman.
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9568]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597981.
Jun 26 17:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6776]: pam_unix(cron:session): session closed for user root
Jun 26 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9503]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8599]: pam_unix(cron:session): session closed for user root
Jun 26 17:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.15.222.183  user=root
Jun 26 17:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: Failed password for root from 103.15.222.183 port 39678 ssh2
Jun 26 17:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: Connection closed by 103.15.222.183 port 39678 [preauth]
Jun 26 17:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10079]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10143]: Successful su for rubyman by root
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10143]: + ??? root:rubyman
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597985 of user rubyman.
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10143]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597985.
Jun 26 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: Failed password for root from 202.178.126.219 port 59368 ssh2
Jun 26 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: Connection closed by 202.178.126.219 port 59368 [preauth]
Jun 26 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7306]: pam_unix(cron:session): session closed for user root
Jun 26 17:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10080]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session closed for user root
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10572]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10569]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10634]: Successful su for rubyman by root
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10634]: + ??? root:rubyman
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597989 of user rubyman.
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10634]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597989.
Jun 26 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7806]: pam_unix(cron:session): session closed for user root
Jun 26 17:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10570]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session closed for user root
Jun 26 17:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10935]: Received disconnect from 87.121.69.138 port 47112:11: disconnected by user [preauth]
Jun 26 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10935]: Disconnected from 87.121.69.138 port 47112 [preauth]
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11001]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10998]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11063]: Successful su for rubyman by root
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11063]: + ??? root:rubyman
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597994 of user rubyman.
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11063]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597994.
Jun 26 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8202]: pam_unix(cron:session): session closed for user root
Jun 26 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10999]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10082]: pam_unix(cron:session): session closed for user root
Jun 26 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Failed password for root from 91.92.40.176 port 59562 ssh2
Jun 26 17:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Connection closed by 91.92.40.176 port 59562 [preauth]
Jun 26 17:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 17:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Failed password for root from 43.164.192.38 port 49350 ssh2
Jun 26 17:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Received disconnect from 43.164.192.38 port 49350:11: Bye Bye [preauth]
Jun 26 17:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Disconnected from 43.164.192.38 port 49350 [preauth]
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11418]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11417]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session closed for user root
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11415]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11496]: Successful su for rubyman by root
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11496]: + ??? root:rubyman
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 597997 of user rubyman.
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11496]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 597997.
Jun 26 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11417]: pam_unix(cron:session): session closed for user root
Jun 26 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8598]: pam_unix(cron:session): session closed for user root
Jun 26 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11416]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10572]: pam_unix(cron:session): session closed for user root
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11889]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11888]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11886]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: Successful su for rubyman by root
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: + ??? root:rubyman
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598003 of user rubyman.
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598003.
Jun 26 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session closed for user root
Jun 26 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11887]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 26 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Failed password for root from 193.46.255.86 port 51990 ssh2
Jun 26 17:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: message repeated 2 times: [ Failed password for root from 193.46.255.86 port 51990 ssh2]
Jun 26 17:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Connection closed by 193.46.255.86 port 51990 [preauth]
Jun 26 17:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86  user=root
Jun 26 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11001]: pam_unix(cron:session): session closed for user root
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12432]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12435]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12430]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: Successful su for rubyman by root
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: + ??? root:rubyman
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598007 of user rubyman.
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598007.
Jun 26 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9504]: pam_unix(cron:session): session closed for user root
Jun 26 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12431]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session closed for user root
Jun 26 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12847]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12845]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12914]: Successful su for rubyman by root
Jun 26 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12914]: + ??? root:rubyman
Jun 26 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598011 of user rubyman.
Jun 26 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12914]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598011.
Jun 26 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10081]: pam_unix(cron:session): session closed for user root
Jun 26 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12846]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11889]: pam_unix(cron:session): session closed for user root
Jun 26 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: Failed password for root from 91.92.40.176 port 41930 ssh2
Jun 26 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13202]: Connection closed by 91.92.40.176 port 41930 [preauth]
Jun 26 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.116  user=root
Jun 26 17:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: Failed password for root from 103.27.238.116 port 49818 ssh2
Jun 26 17:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: Connection closed by 103.27.238.116 port 49818 [preauth]
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13264]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13328]: Successful su for rubyman by root
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13328]: + ??? root:rubyman
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598016 of user rubyman.
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13328]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598016.
Jun 26 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10571]: pam_unix(cron:session): session closed for user root
Jun 26 17:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13265]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121  user=root
Jun 26 17:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Failed password for root from 45.148.10.121 port 57426 ssh2
Jun 26 17:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Connection closed by 45.148.10.121 port 57426 [preauth]
Jun 26 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12435]: pam_unix(cron:session): session closed for user root
Jun 26 17:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: Received disconnect from 176.123.2.173 port 41290:11: disconnected by user [preauth]
Jun 26 17:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: Disconnected from 176.123.2.173 port 41290 [preauth]
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13662]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13660]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13661]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13663]: pam_unix(cron:session): session closed for user root
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13658]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13743]: Successful su for rubyman by root
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13743]: + ??? root:rubyman
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598020 of user rubyman.
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13743]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598020.
Jun 26 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13660]: pam_unix(cron:session): session closed for user root
Jun 26 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session closed for user root
Jun 26 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13659]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session closed for user root
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14112]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14111]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14109]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14177]: Successful su for rubyman by root
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14177]: + ??? root:rubyman
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598025 of user rubyman.
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14177]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598025.
Jun 26 17:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11418]: pam_unix(cron:session): session closed for user root
Jun 26 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14110]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13267]: pam_unix(cron:session): session closed for user root
Jun 26 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Invalid user yazmine from 2.57.121.112
Jun 26 17:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: input_userauth_request: invalid user yazmine [preauth]
Jun 26 17:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14504]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14506]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14502]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14563]: Successful su for rubyman by root
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14563]: + ??? root:rubyman
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598030 of user rubyman.
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14563]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598030.
Jun 26 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Failed password for invalid user yazmine from 2.57.121.112 port 26604 ssh2
Jun 26 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Failed password for invalid user yazmine from 2.57.121.112 port 26604 ssh2
Jun 26 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11888]: pam_unix(cron:session): session closed for user root
Jun 26 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Failed password for invalid user yazmine from 2.57.121.112 port 26604 ssh2
Jun 26 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14503]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Failed password for invalid user yazmine from 2.57.121.112 port 26604 ssh2
Jun 26 17:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Failed password for invalid user yazmine from 2.57.121.112 port 26604 ssh2
Jun 26 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: Connection closed by 2.57.121.112 port 26604 [preauth]
Jun 26 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Jun 26 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14499]: PAM service(sshd) ignoring max retries; 5 > 3
Jun 26 17:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176  user=root
Jun 26 17:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: Failed password for root from 91.92.40.176 port 59110 ssh2
Jun 26 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: Connection closed by 91.92.40.176 port 59110 [preauth]
Jun 26 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13662]: pam_unix(cron:session): session closed for user root
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14989]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: Successful su for rubyman by root
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: + ??? root:rubyman
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598034 of user rubyman.
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598034.
Jun 26 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12432]: pam_unix(cron:session): session closed for user root
Jun 26 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.94.47.83  user=root
Jun 26 17:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15248]: Failed password for root from 77.94.47.83 port 50676 ssh2
Jun 26 17:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15248]: Connection closed by 77.94.47.83 port 50676 [preauth]
Jun 26 17:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14112]: pam_unix(cron:session): session closed for user root
Jun 26 17:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15383]: Received disconnect from 162.144.84.221 port 47758:11: disconnected by user [preauth]
Jun 26 17:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15383]: Disconnected from 162.144.84.221 port 47758 [preauth]
Jun 26 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15397]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15453]: Successful su for rubyman by root
Jun 26 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15453]: + ??? root:rubyman
Jun 26 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598039 of user rubyman.
Jun 26 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15453]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598039.
Jun 26 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12847]: pam_unix(cron:session): session closed for user root
Jun 26 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14506]: pam_unix(cron:session): session closed for user root
Jun 26 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15783]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session closed for user root
Jun 26 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15781]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: Successful su for rubyman by root
Jun 26 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: + ??? root:rubyman
Jun 26 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598042 of user rubyman.
Jun 26 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598042.
Jun 26 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15783]: pam_unix(cron:session): session closed for user root
Jun 26 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13266]: pam_unix(cron:session): session closed for user root
Jun 26 17:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15782]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session closed for user root
Jun 26 17:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 17:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Failed password for root from 43.164.192.38 port 50282 ssh2
Jun 26 17:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Received disconnect from 43.164.192.38 port 50282:11: Bye Bye [preauth]
Jun 26 17:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Disconnected from 43.164.192.38 port 50282 [preauth]
Jun 26 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Invalid user admin from 91.92.40.176
Jun 26 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: input_userauth_request: invalid user admin [preauth]
Jun 26 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Failed password for invalid user admin from 91.92.40.176 port 58208 ssh2
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Connection closed by 91.92.40.176 port 58208 [preauth]
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16204]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: Successful su for rubyman by root
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: + ??? root:rubyman
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598048 of user rubyman.
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598048.
Jun 26 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13661]: pam_unix(cron:session): session closed for user root
Jun 26 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16202]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Received disconnect from 94.250.61.10 port 35752:11: disconnected by user [preauth]
Jun 26 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Disconnected from 94.250.61.10 port 35752 [preauth]
Jun 26 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15397]: pam_unix(cron:session): session closed for user root
Jun 26 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16605]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16604]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16602]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16666]: Successful su for rubyman by root
Jun 26 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16666]: + ??? root:rubyman
Jun 26 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598051 of user rubyman.
Jun 26 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16666]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598051.
Jun 26 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14111]: pam_unix(cron:session): session closed for user root
Jun 26 17:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16603]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session closed for user root
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17101]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: Successful su for rubyman by root
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: + ??? root:rubyman
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598055 of user rubyman.
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598055.
Jun 26 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14504]: pam_unix(cron:session): session closed for user root
Jun 26 17:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17100]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Invalid user ubuntu from 43.164.192.38
Jun 26 17:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: input_userauth_request: invalid user ubuntu [preauth]
Jun 26 17:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 17:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Failed password for invalid user ubuntu from 43.164.192.38 port 59858 ssh2
Jun 26 17:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Received disconnect from 43.164.192.38 port 59858:11: Bye Bye [preauth]
Jun 26 17:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Disconnected from 43.164.192.38 port 59858 [preauth]
Jun 26 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16204]: pam_unix(cron:session): session closed for user root
Jun 26 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17509]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17508]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17506]: pam_unix(cron:session): session closed for user p13x
Jun 26 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17566]: Successful su for rubyman by root
Jun 26 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17566]: + ??? root:rubyman
Jun 26 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598060 of user rubyman.
Jun 26 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17566]: pam_unix(su:session): session closed for user rubyman
Jun 26 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598060.
Jun 26 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session closed for user root
Jun 26 17:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17507]: pam_unix(cron:session): session closed for user samftp
Jun 26 17:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: Invalid user admin from 91.92.40.176
Jun 26 17:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: input_userauth_request: invalid user admin [preauth]
Jun 26 17:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 17:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 17:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: Failed password for invalid user admin from 91.92.40.176 port 51364 ssh2
Jun 26 17:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17917]: Connection closed by 91.92.40.176 port 51364 [preauth]
Jun 26 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16605]: pam_unix(cron:session): session closed for user root
Jun 26 17:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 17:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 17:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17960]: Failed password for root from 141.98.83.240 port 33774 ssh2
Jun 26 17:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17960]: message repeated 2 times: [ Failed password for root from 141.98.83.240 port 33774 ssh2]
Jun 26 17:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17960]: Connection closed by 141.98.83.240 port 33774 [preauth]
Jun 26 17:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17960]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240  user=root
Jun 26 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18027]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18027]: pam_unix(cron:session): session closed for user root
Jun 26 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session closed for user root
Jun 26 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18021]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18113]: Successful su for rubyman by root
Jun 26 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18113]: + ??? root:rubyman
Jun 26 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598063 of user rubyman.
Jun 26 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18113]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598063.
Jun 26 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session closed for user root
Jun 26 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session closed for user root
Jun 26 18:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17102]: pam_unix(cron:session): session closed for user root
Jun 26 18:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Failed password for root from 43.164.192.38 port 41208 ssh2
Jun 26 18:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Received disconnect from 43.164.192.38 port 41208:11: Bye Bye [preauth]
Jun 26 18:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Disconnected from 43.164.192.38 port 41208 [preauth]
Jun 26 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18631]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18632]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18628]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: Successful su for rubyman by root
Jun 26 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: + ??? root:rubyman
Jun 26 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598070 of user rubyman.
Jun 26 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18701]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598070.
Jun 26 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session closed for user root
Jun 26 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18630]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17509]: pam_unix(cron:session): session closed for user root
Jun 26 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19054]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19053]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19051]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19112]: Successful su for rubyman by root
Jun 26 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19112]: + ??? root:rubyman
Jun 26 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598075 of user rubyman.
Jun 26 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19112]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598075.
Jun 26 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session closed for user root
Jun 26 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19052]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session closed for user root
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19745]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19744]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19741]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19807]: Successful su for rubyman by root
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19807]: + ??? root:rubyman
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598079 of user rubyman.
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19807]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598079.
Jun 26 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16604]: pam_unix(cron:session): session closed for user root
Jun 26 18:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19743]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Invalid user admin from 91.92.40.176
Jun 26 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Failed password for invalid user admin from 91.92.40.176 port 41212 ssh2
Jun 26 18:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Connection closed by 91.92.40.176 port 41212 [preauth]
Jun 26 18:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20014]: Failed password for root from 43.164.192.38 port 50768 ssh2
Jun 26 18:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20014]: Received disconnect from 43.164.192.38 port 50768:11: Bye Bye [preauth]
Jun 26 18:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20014]: Disconnected from 43.164.192.38 port 50768 [preauth]
Jun 26 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18632]: pam_unix(cron:session): session closed for user root
Jun 26 18:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20104]: Received disconnect from 192.3.145.26 port 43932:11: disconnected by user [preauth]
Jun 26 18:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20104]: Disconnected from 192.3.145.26 port 43932 [preauth]
Jun 26 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20258]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20255]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20253]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20320]: Successful su for rubyman by root
Jun 26 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20320]: + ??? root:rubyman
Jun 26 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598082 of user rubyman.
Jun 26 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20320]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598082.
Jun 26 18:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17101]: pam_unix(cron:session): session closed for user root
Jun 26 18:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20254]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Connection reset by 45.148.10.152 port 17460 [preauth]
Jun 26 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19054]: pam_unix(cron:session): session closed for user root
Jun 26 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20726]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20724]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20725]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20727]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20727]: pam_unix(cron:session): session closed for user root
Jun 26 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20712]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20832]: Successful su for rubyman by root
Jun 26 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20832]: + ??? root:rubyman
Jun 26 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598088 of user rubyman.
Jun 26 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20832]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598088.
Jun 26 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20724]: pam_unix(cron:session): session closed for user root
Jun 26 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17508]: pam_unix(cron:session): session closed for user root
Jun 26 18:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20716]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19745]: pam_unix(cron:session): session closed for user root
Jun 26 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Invalid user manager from 43.164.192.38
Jun 26 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: input_userauth_request: invalid user manager [preauth]
Jun 26 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Failed password for invalid user manager from 43.164.192.38 port 60284 ssh2
Jun 26 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Received disconnect from 43.164.192.38 port 60284:11: Bye Bye [preauth]
Jun 26 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Disconnected from 43.164.192.38 port 60284 [preauth]
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21202]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21203]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21199]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21263]: Successful su for rubyman by root
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21263]: + ??? root:rubyman
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598092 of user rubyman.
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21263]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598092.
Jun 26 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session closed for user root
Jun 26 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21200]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20258]: pam_unix(cron:session): session closed for user root
Jun 26 18:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.20.57  user=root
Jun 26 18:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Failed password for root from 103.176.20.57 port 38274 ssh2
Jun 26 18:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Connection closed by 103.176.20.57 port 38274 [preauth]
Jun 26 18:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: Invalid user admin from 91.92.40.176
Jun 26 18:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: Failed password for invalid user admin from 91.92.40.176 port 41608 ssh2
Jun 26 18:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: Connection closed by 91.92.40.176 port 41608 [preauth]
Jun 26 18:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.105.222  user=root
Jun 26 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21712]: Successful su for rubyman by root
Jun 26 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21712]: + ??? root:rubyman
Jun 26 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598097 of user rubyman.
Jun 26 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21712]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598097.
Jun 26 18:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Failed password for root from 51.250.105.222 port 57942 ssh2
Jun 26 18:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Connection closed by 51.250.105.222 port 57942 [preauth]
Jun 26 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18631]: pam_unix(cron:session): session closed for user root
Jun 26 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20726]: pam_unix(cron:session): session closed for user root
Jun 26 18:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Failed password for root from 43.164.192.38 port 41582 ssh2
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Received disconnect from 43.164.192.38 port 41582:11: Bye Bye [preauth]
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Disconnected from 43.164.192.38 port 41582 [preauth]
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22048]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22047]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22045]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22110]: Successful su for rubyman by root
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22110]: + ??? root:rubyman
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598101 of user rubyman.
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22110]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598101.
Jun 26 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19053]: pam_unix(cron:session): session closed for user root
Jun 26 18:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22046]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21203]: pam_unix(cron:session): session closed for user root
Jun 26 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22537]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22538]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22533]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22535]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22657]: Successful su for rubyman by root
Jun 26 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22657]: + ??? root:rubyman
Jun 26 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598104 of user rubyman.
Jun 26 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22657]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598104.
Jun 26 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22533]: pam_unix(cron:session): session closed for user root
Jun 26 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19744]: pam_unix(cron:session): session closed for user root
Jun 26 18:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22536]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.78.219  user=root
Jun 26 18:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Failed password for root from 103.172.78.219 port 36748 ssh2
Jun 26 18:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Connection closed by 103.172.78.219 port 36748 [preauth]
Jun 26 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session closed for user root
Jun 26 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23035]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23036]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23034]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23037]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23037]: pam_unix(cron:session): session closed for user root
Jun 26 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23032]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23106]: Successful su for rubyman by root
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23106]: + ??? root:rubyman
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598110 of user rubyman.
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23106]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598110.
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: Invalid user real1 from 43.153.59.240
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: input_userauth_request: invalid user real1 [preauth]
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23034]: pam_unix(cron:session): session closed for user root
Jun 26 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: Failed password for invalid user real1 from 43.153.59.240 port 55648 ssh2
Jun 26 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: Received disconnect from 43.153.59.240 port 55648:11: Bye Bye [preauth]
Jun 26 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: Disconnected from 43.153.59.240 port 55648 [preauth]
Jun 26 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20255]: pam_unix(cron:session): session closed for user root
Jun 26 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23033]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23332]: Failed password for root from 43.164.192.38 port 51130 ssh2
Jun 26 18:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23332]: Received disconnect from 43.164.192.38 port 51130:11: Bye Bye [preauth]
Jun 26 18:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23332]: Disconnected from 43.164.192.38 port 51130 [preauth]
Jun 26 18:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: Invalid user admin from 91.92.40.176
Jun 26 18:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22048]: pam_unix(cron:session): session closed for user root
Jun 26 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: Failed password for invalid user admin from 91.92.40.176 port 43800 ssh2
Jun 26 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: Connection closed by 91.92.40.176 port 43800 [preauth]
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23492]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23491]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23488]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23563]: Successful su for rubyman by root
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23563]: + ??? root:rubyman
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598115 of user rubyman.
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23563]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598115.
Jun 26 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20725]: pam_unix(cron:session): session closed for user root
Jun 26 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23490]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22538]: pam_unix(cron:session): session closed for user root
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24014]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24011]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24070]: Successful su for rubyman by root
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24070]: + ??? root:rubyman
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598120 of user rubyman.
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24070]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598120.
Jun 26 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21202]: pam_unix(cron:session): session closed for user root
Jun 26 18:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24012]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Failed password for root from 43.164.192.38 port 60678 ssh2
Jun 26 18:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Received disconnect from 43.164.192.38 port 60678:11: Bye Bye [preauth]
Jun 26 18:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Disconnected from 43.164.192.38 port 60678 [preauth]
Jun 26 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23036]: pam_unix(cron:session): session closed for user root
Jun 26 18:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.133.62.83  user=root
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24431]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24428]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Failed password for root from 62.133.62.83 port 59522 ssh2
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: Successful su for rubyman by root
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: + ??? root:rubyman
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598123 of user rubyman.
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24499]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Connection closed by 62.133.62.83 port 59522 [preauth]
Jun 26 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598123.
Jun 26 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session closed for user root
Jun 26 18:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24429]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.37.70.224  user=root
Jun 26 18:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24735]: Failed password for root from 193.37.70.224 port 50866 ssh2
Jun 26 18:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24735]: Connection closed by 193.37.70.224 port 50866 [preauth]
Jun 26 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23492]: pam_unix(cron:session): session closed for user root
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24865]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24864]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24862]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24919]: Successful su for rubyman by root
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24919]: + ??? root:rubyman
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598127 of user rubyman.
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24919]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598127.
Jun 26 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22047]: pam_unix(cron:session): session closed for user root
Jun 26 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Invalid user admin from 91.92.40.176
Jun 26 18:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Failed password for invalid user admin from 91.92.40.176 port 57924 ssh2
Jun 26 18:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Connection closed by 91.92.40.176 port 57924 [preauth]
Jun 26 18:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24014]: pam_unix(cron:session): session closed for user root
Jun 26 18:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Failed password for root from 43.164.192.38 port 42006 ssh2
Jun 26 18:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Received disconnect from 43.164.192.38 port 42006:11: Bye Bye [preauth]
Jun 26 18:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Disconnected from 43.164.192.38 port 42006 [preauth]
Jun 26 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25265]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25267]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25264]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25266]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25267]: pam_unix(cron:session): session closed for user root
Jun 26 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25262]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25326]: Successful su for rubyman by root
Jun 26 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25326]: + ??? root:rubyman
Jun 26 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598135 of user rubyman.
Jun 26 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25326]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598135.
Jun 26 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25264]: pam_unix(cron:session): session closed for user root
Jun 26 18:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22537]: pam_unix(cron:session): session closed for user root
Jun 26 18:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25263]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24431]: pam_unix(cron:session): session closed for user root
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25679]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25678]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25676]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25744]: Successful su for rubyman by root
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25744]: + ??? root:rubyman
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598137 of user rubyman.
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25744]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598137.
Jun 26 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23035]: pam_unix(cron:session): session closed for user root
Jun 26 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25677]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24865]: pam_unix(cron:session): session closed for user root
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26070]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26066]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26066]: pam_unix(cron:session): session closed for user root
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26068]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26137]: Successful su for rubyman by root
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26137]: + ??? root:rubyman
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598141 of user rubyman.
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26137]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598141.
Jun 26 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23491]: pam_unix(cron:session): session closed for user root
Jun 26 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26069]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: Failed password for root from 43.164.192.38 port 51576 ssh2
Jun 26 18:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: Received disconnect from 43.164.192.38 port 51576:11: Bye Bye [preauth]
Jun 26 18:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: Disconnected from 43.164.192.38 port 51576 [preauth]
Jun 26 18:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26365]: Connection closed by 162.40.172.58 port 50410 [preauth]
Jun 26 18:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Invalid user tyxy from 43.153.59.240
Jun 26 18:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: input_userauth_request: invalid user tyxy [preauth]
Jun 26 18:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Failed password for invalid user tyxy from 43.153.59.240 port 42212 ssh2
Jun 26 18:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Received disconnect from 43.153.59.240 port 42212:11: Bye Bye [preauth]
Jun 26 18:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Disconnected from 43.153.59.240 port 42212 [preauth]
Jun 26 18:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.67.181  user=root
Jun 26 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25266]: pam_unix(cron:session): session closed for user root
Jun 26 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: Failed password for root from 46.19.67.181 port 50954 ssh2
Jun 26 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: Connection closed by 46.19.67.181 port 50954 [preauth]
Jun 26 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: Invalid user admin from 91.92.40.176
Jun 26 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: Failed password for invalid user admin from 91.92.40.176 port 55956 ssh2
Jun 26 18:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26471]: Connection closed by 91.92.40.176 port 55956 [preauth]
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26485]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: Successful su for rubyman by root
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: + ??? root:rubyman
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598146 of user rubyman.
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598146.
Jun 26 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24013]: pam_unix(cron:session): session closed for user root
Jun 26 18:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26486]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25679]: pam_unix(cron:session): session closed for user root
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26966]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26967]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26964]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27025]: Successful su for rubyman by root
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27025]: + ??? root:rubyman
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598151 of user rubyman.
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27025]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598151.
Jun 26 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24430]: pam_unix(cron:session): session closed for user root
Jun 26 18:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26965]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.93.206.2  user=root
Jun 26 18:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Failed password for root from 38.93.206.2 port 35268 ssh2
Jun 26 18:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27212]: Connection closed by 38.93.206.2 port 35268 [preauth]
Jun 26 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session closed for user root
Jun 26 18:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Invalid user nj from 43.153.59.240
Jun 26 18:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: input_userauth_request: invalid user nj [preauth]
Jun 26 18:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Failed password for invalid user nj from 43.153.59.240 port 34336 ssh2
Jun 26 18:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Received disconnect from 43.153.59.240 port 34336:11: Bye Bye [preauth]
Jun 26 18:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Disconnected from 43.153.59.240 port 34336 [preauth]
Jun 26 18:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27340]: Invalid user free from 43.164.192.38
Jun 26 18:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27340]: input_userauth_request: invalid user free [preauth]
Jun 26 18:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27340]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27340]: Failed password for invalid user free from 43.164.192.38 port 32894 ssh2
Jun 26 18:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27340]: Received disconnect from 43.164.192.38 port 32894:11: Bye Bye [preauth]
Jun 26 18:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27340]: Disconnected from 43.164.192.38 port 32894 [preauth]
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27389]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27390]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27388]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27391]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27391]: pam_unix(cron:session): session closed for user root
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: Successful su for rubyman by root
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: + ??? root:rubyman
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598157 of user rubyman.
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27452]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598157.
Jun 26 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27388]: pam_unix(cron:session): session closed for user root
Jun 26 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24864]: pam_unix(cron:session): session closed for user root
Jun 26 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.242.62  user=root
Jun 26 18:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: Failed password for root from 103.77.242.62 port 40096 ssh2
Jun 26 18:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: Connection closed by 103.77.242.62 port 40096 [preauth]
Jun 26 18:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Invalid user admin from 45.148.10.121
Jun 26 18:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 18:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Invalid user admin from 2.57.121.25
Jun 26 18:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 18:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Failed password for invalid user admin from 45.148.10.121 port 48292 ssh2
Jun 26 18:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Connection closed by 45.148.10.121 port 48292 [preauth]
Jun 26 18:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Failed password for invalid user admin from 2.57.121.25 port 40716 ssh2
Jun 26 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.113.233.25  user=root
Jun 26 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26488]: pam_unix(cron:session): session closed for user root
Jun 26 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: Failed password for root from 194.113.233.25 port 38898 ssh2
Jun 26 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Failed password for invalid user admin from 2.57.121.25 port 40716 ssh2
Jun 26 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: Connection closed by 194.113.233.25 port 38898 [preauth]
Jun 26 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Failed password for invalid user admin from 2.57.121.25 port 40716 ssh2
Jun 26 18:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Connection closed by 2.57.121.25 port 40716 [preauth]
Jun 26 18:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27839]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27840]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27910]: Successful su for rubyman by root
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27910]: + ??? root:rubyman
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598162 of user rubyman.
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27910]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598162.
Jun 26 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25265]: pam_unix(cron:session): session closed for user root
Jun 26 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26967]: pam_unix(cron:session): session closed for user root
Jun 26 18:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: Invalid user admin from 91.92.40.176
Jun 26 18:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: Failed password for invalid user admin from 91.92.40.176 port 44264 ssh2
Jun 26 18:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28275]: Connection closed by 91.92.40.176 port 44264 [preauth]
Jun 26 18:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Invalid user st1 from 43.153.59.240
Jun 26 18:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: input_userauth_request: invalid user st1 [preauth]
Jun 26 18:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28304]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28363]: Successful su for rubyman by root
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28363]: + ??? root:rubyman
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598165 of user rubyman.
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28363]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598165.
Jun 26 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Failed password for invalid user st1 from 43.153.59.240 port 42664 ssh2
Jun 26 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Received disconnect from 43.153.59.240 port 42664:11: Bye Bye [preauth]
Jun 26 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Disconnected from 43.153.59.240 port 42664 [preauth]
Jun 26 18:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: Invalid user pmf from 43.164.192.38
Jun 26 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: input_userauth_request: invalid user pmf [preauth]
Jun 26 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25678]: pam_unix(cron:session): session closed for user root
Jun 26 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: Failed password for invalid user pmf from 43.164.192.38 port 42452 ssh2
Jun 26 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28305]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: Received disconnect from 43.164.192.38 port 42452:11: Bye Bye [preauth]
Jun 26 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28427]: Disconnected from 43.164.192.38 port 42452 [preauth]
Jun 26 18:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27390]: pam_unix(cron:session): session closed for user root
Jun 26 18:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28801]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28798]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28859]: Successful su for rubyman by root
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28859]: + ??? root:rubyman
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598170 of user rubyman.
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28859]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598170.
Jun 26 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.237.96.109  user=root
Jun 26 18:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28795]: Failed password for root from 109.237.96.109 port 58884 ssh2
Jun 26 18:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28795]: Connection closed by 109.237.96.109 port 58884 [preauth]
Jun 26 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26070]: pam_unix(cron:session): session closed for user root
Jun 26 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27840]: pam_unix(cron:session): session closed for user root
Jun 26 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29228]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29229]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29226]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: Successful su for rubyman by root
Jun 26 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: + ??? root:rubyman
Jun 26 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598173 of user rubyman.
Jun 26 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598173.
Jun 26 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26487]: pam_unix(cron:session): session closed for user root
Jun 26 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29227]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Invalid user admin from 139.19.117.131
Jun 26 18:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: Invalid user ahmed from 43.164.192.38
Jun 26 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: input_userauth_request: invalid user ahmed [preauth]
Jun 26 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: Failed password for invalid user ahmed from 43.164.192.38 port 52004 ssh2
Jun 26 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: Received disconnect from 43.164.192.38 port 52004:11: Bye Bye [preauth]
Jun 26 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29617]: Disconnected from 43.164.192.38 port 52004 [preauth]
Jun 26 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.20.28  user=root
Jun 26 18:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Connection closed by 139.19.117.131 port 50748 [preauth]
Jun 26 18:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: Failed password for root from 103.82.20.28 port 44858 ssh2
Jun 26 18:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29619]: Connection closed by 103.82.20.28 port 44858 [preauth]
Jun 26 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session closed for user root
Jun 26 18:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: Invalid user testlab from 43.153.59.240
Jun 26 18:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: input_userauth_request: invalid user testlab [preauth]
Jun 26 18:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: Failed password for invalid user testlab from 43.153.59.240 port 50804 ssh2
Jun 26 18:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: Received disconnect from 43.153.59.240 port 50804:11: Bye Bye [preauth]
Jun 26 18:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: Disconnected from 43.153.59.240 port 50804 [preauth]
Jun 26 18:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29744]: Received disconnect from 78.111.75.47 port 57346:11: disconnected by user [preauth]
Jun 26 18:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29744]: Disconnected from 78.111.75.47 port 57346 [preauth]
Jun 26 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29776]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29774]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29775]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29773]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29776]: pam_unix(cron:session): session closed for user root
Jun 26 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29771]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29854]: Successful su for rubyman by root
Jun 26 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29854]: + ??? root:rubyman
Jun 26 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598178 of user rubyman.
Jun 26 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29854]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598178.
Jun 26 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29773]: pam_unix(cron:session): session closed for user root
Jun 26 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26966]: pam_unix(cron:session): session closed for user root
Jun 26 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Invalid user francisco from 141.98.83.240
Jun 26 18:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: input_userauth_request: invalid user francisco [preauth]
Jun 26 18:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Failed password for invalid user francisco from 141.98.83.240 port 20450 ssh2
Jun 26 18:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Failed password for invalid user francisco from 141.98.83.240 port 20450 ssh2
Jun 26 18:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Failed password for invalid user francisco from 141.98.83.240 port 20450 ssh2
Jun 26 18:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Connection closed by 141.98.83.240 port 20450 [preauth]
Jun 26 18:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 18:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.120  user=root
Jun 26 18:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Failed password for root from 103.27.238.120 port 36010 ssh2
Jun 26 18:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Connection closed by 103.27.238.120 port 36010 [preauth]
Jun 26 18:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Invalid user admin from 91.92.40.176
Jun 26 18:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Failed password for invalid user admin from 91.92.40.176 port 52510 ssh2
Jun 26 18:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Connection closed by 91.92.40.176 port 52510 [preauth]
Jun 26 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28801]: pam_unix(cron:session): session closed for user root
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30239]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30238]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30235]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30307]: Successful su for rubyman by root
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30307]: + ??? root:rubyman
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598182 of user rubyman.
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30307]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598182.
Jun 26 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.68.219  user=root
Jun 26 18:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Failed password for root from 103.153.68.219 port 56470 ssh2
Jun 26 18:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Connection closed by 103.153.68.219 port 56470 [preauth]
Jun 26 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27389]: pam_unix(cron:session): session closed for user root
Jun 26 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30237]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Invalid user trung from 43.164.192.38
Jun 26 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: input_userauth_request: invalid user trung [preauth]
Jun 26 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.122.221.179  user=root
Jun 26 18:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Failed password for invalid user trung from 43.164.192.38 port 33322 ssh2
Jun 26 18:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Received disconnect from 43.164.192.38 port 33322:11: Bye Bye [preauth]
Jun 26 18:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30556]: Disconnected from 43.164.192.38 port 33322 [preauth]
Jun 26 18:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Failed password for root from 103.122.221.179 port 37032 ssh2
Jun 26 18:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Connection closed by 103.122.221.179 port 37032 [preauth]
Jun 26 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29229]: pam_unix(cron:session): session closed for user root
Jun 26 18:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: Invalid user reboot from 43.153.59.240
Jun 26 18:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: input_userauth_request: invalid user reboot [preauth]
Jun 26 18:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: Failed password for invalid user reboot from 43.153.59.240 port 55630 ssh2
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: Received disconnect from 43.153.59.240 port 55630:11: Bye Bye [preauth]
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30659]: Disconnected from 43.153.59.240 port 55630 [preauth]
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30672]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30673]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30670]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30728]: Successful su for rubyman by root
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30728]: + ??? root:rubyman
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598186 of user rubyman.
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30728]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598186.
Jun 26 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27839]: pam_unix(cron:session): session closed for user root
Jun 26 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29775]: pam_unix(cron:session): session closed for user root
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31172]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31169]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31226]: Successful su for rubyman by root
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31226]: + ??? root:rubyman
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598190 of user rubyman.
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31226]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598190.
Jun 26 18:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session closed for user root
Jun 26 18:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31170]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30239]: pam_unix(cron:session): session closed for user root
Jun 26 18:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Failed password for root from 43.164.192.38 port 42858 ssh2
Jun 26 18:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Received disconnect from 43.164.192.38 port 42858:11: Bye Bye [preauth]
Jun 26 18:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Disconnected from 43.164.192.38 port 42858 [preauth]
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31667]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31728]: Successful su for rubyman by root
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31728]: + ??? root:rubyman
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598194 of user rubyman.
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31728]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598194.
Jun 26 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session closed for user root
Jun 26 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Invalid user sistemas from 43.153.59.240
Jun 26 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: input_userauth_request: invalid user sistemas [preauth]
Jun 26 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Failed password for invalid user sistemas from 43.153.59.240 port 46842 ssh2
Jun 26 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Received disconnect from 43.153.59.240 port 46842:11: Bye Bye [preauth]
Jun 26 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Disconnected from 43.153.59.240 port 46842 [preauth]
Jun 26 18:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: Invalid user admin from 91.92.40.176
Jun 26 18:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: Failed password for invalid user admin from 91.92.40.176 port 51528 ssh2
Jun 26 18:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31961]: Connection closed by 91.92.40.176 port 51528 [preauth]
Jun 26 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30673]: pam_unix(cron:session): session closed for user root
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32096]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session closed for user root
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32093]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32165]: Successful su for rubyman by root
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32165]: + ??? root:rubyman
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598200 of user rubyman.
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32165]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598200.
Jun 26 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32096]: pam_unix(cron:session): session closed for user root
Jun 26 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29228]: pam_unix(cron:session): session closed for user root
Jun 26 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32095]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31172]: pam_unix(cron:session): session closed for user root
Jun 26 18:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: Connection closed by 194.59.206.2 port 26362 [preauth]
Jun 26 18:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32534]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32532]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32597]: Successful su for rubyman by root
Jun 26 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32597]: + ??? root:rubyman
Jun 26 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598206 of user rubyman.
Jun 26 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32597]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598206.
Jun 26 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Failed password for root from 43.164.192.38 port 52418 ssh2
Jun 26 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Received disconnect from 43.164.192.38 port 52418:11: Bye Bye [preauth]
Jun 26 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Disconnected from 43.164.192.38 port 52418 [preauth]
Jun 26 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29774]: pam_unix(cron:session): session closed for user root
Jun 26 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32533]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.178.126.219  user=root
Jun 26 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: Invalid user lider from 43.153.59.240
Jun 26 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: input_userauth_request: invalid user lider [preauth]
Jun 26 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: Failed password for root from 202.178.126.219 port 38166 ssh2
Jun 26 18:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: Connection closed by 202.178.126.219 port 38166 [preauth]
Jun 26 18:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: Failed password for invalid user lider from 43.153.59.240 port 53352 ssh2
Jun 26 18:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: Received disconnect from 43.153.59.240 port 53352:11: Bye Bye [preauth]
Jun 26 18:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: Disconnected from 43.153.59.240 port 53352 [preauth]
Jun 26 18:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session closed for user root
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[621]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[688]: Successful su for rubyman by root
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[688]: + ??? root:rubyman
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598208 of user rubyman.
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[688]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598208.
Jun 26 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30238]: pam_unix(cron:session): session closed for user root
Jun 26 18:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session closed for user root
Jun 26 18:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.251.79.125  user=root
Jun 26 18:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Failed password for root from 87.251.79.125 port 33150 ssh2
Jun 26 18:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Connection closed by 87.251.79.125 port 33150 [preauth]
Jun 26 18:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.157  user=root
Jun 26 18:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: Failed password for root from 103.149.28.157 port 55338 ssh2
Jun 26 18:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: Connection closed by 103.149.28.157 port 55338 [preauth]
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1064]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1065]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1061]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1149]: Successful su for rubyman by root
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1149]: + ??? root:rubyman
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598212 of user rubyman.
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1149]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598212.
Jun 26 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30672]: pam_unix(cron:session): session closed for user root
Jun 26 18:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1380]: Invalid user admin from 91.92.40.176
Jun 26 18:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1380]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1380]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1380]: Failed password for invalid user admin from 91.92.40.176 port 47350 ssh2
Jun 26 18:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1380]: Connection closed by 91.92.40.176 port 47350 [preauth]
Jun 26 18:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1424]: Invalid user junior from 43.153.59.240
Jun 26 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1424]: input_userauth_request: invalid user junior [preauth]
Jun 26 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1424]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1403]: Failed password for root from 43.164.192.38 port 33758 ssh2
Jun 26 18:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1403]: Received disconnect from 43.164.192.38 port 33758:11: Bye Bye [preauth]
Jun 26 18:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1403]: Disconnected from 43.164.192.38 port 33758 [preauth]
Jun 26 18:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1424]: Failed password for invalid user junior from 43.153.59.240 port 33450 ssh2
Jun 26 18:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1424]: Received disconnect from 43.153.59.240 port 33450:11: Bye Bye [preauth]
Jun 26 18:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1424]: Disconnected from 43.153.59.240 port 33450 [preauth]
Jun 26 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session closed for user root
Jun 26 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1635]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1636]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1633]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1698]: Successful su for rubyman by root
Jun 26 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1698]: + ??? root:rubyman
Jun 26 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598218 of user rubyman.
Jun 26 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1698]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598218.
Jun 26 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31171]: pam_unix(cron:session): session closed for user root
Jun 26 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1634]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session closed for user root
Jun 26 18:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.45.199.80  user=root
Jun 26 18:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Failed password for root from 147.45.199.80 port 38220 ssh2
Jun 26 18:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Connection closed by 147.45.199.80 port 38220 [preauth]
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2124]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2122]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2123]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2121]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2124]: pam_unix(cron:session): session closed for user root
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2119]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2208]: Successful su for rubyman by root
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2208]: + ??? root:rubyman
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598222 of user rubyman.
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2208]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598222.
Jun 26 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2121]: pam_unix(cron:session): session closed for user root
Jun 26 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31667]: pam_unix(cron:session): session closed for user root
Jun 26 18:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2120]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1065]: pam_unix(cron:session): session closed for user root
Jun 26 18:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Invalid user viva from 43.153.59.240
Jun 26 18:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: input_userauth_request: invalid user viva [preauth]
Jun 26 18:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Failed password for invalid user viva from 43.153.59.240 port 58890 ssh2
Jun 26 18:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Received disconnect from 43.153.59.240 port 58890:11: Bye Bye [preauth]
Jun 26 18:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Disconnected from 43.153.59.240 port 58890 [preauth]
Jun 26 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: Invalid user sysadmin from 43.164.192.38
Jun 26 18:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: input_userauth_request: invalid user sysadmin [preauth]
Jun 26 18:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: Failed password for invalid user sysadmin from 43.164.192.38 port 43346 ssh2
Jun 26 18:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: Received disconnect from 43.164.192.38 port 43346:11: Bye Bye [preauth]
Jun 26 18:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: Disconnected from 43.164.192.38 port 43346 [preauth]
Jun 26 18:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Invalid user admin from 193.46.255.86
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2597]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2596]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2663]: Successful su for rubyman by root
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2663]: + ??? root:rubyman
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598227 of user rubyman.
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2663]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598227.
Jun 26 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Failed password for invalid user admin from 193.46.255.86 port 49894 ssh2
Jun 26 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Failed password for invalid user admin from 193.46.255.86 port 49894 ssh2
Jun 26 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session closed for user root
Jun 26 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2594]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Failed password for invalid user admin from 193.46.255.86 port 49894 ssh2
Jun 26 18:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Connection closed by 193.46.255.86 port 49894 [preauth]
Jun 26 18:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.46.255.86
Jun 26 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1636]: pam_unix(cron:session): session closed for user root
Jun 26 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: Invalid user admin from 91.92.40.176
Jun 26 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: Failed password for invalid user admin from 91.92.40.176 port 58690 ssh2
Jun 26 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: Connection closed by 91.92.40.176 port 58690 [preauth]
Jun 26 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3012]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3009]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3071]: Successful su for rubyman by root
Jun 26 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3071]: + ??? root:rubyman
Jun 26 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598231 of user rubyman.
Jun 26 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3071]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598231.
Jun 26 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32534]: pam_unix(cron:session): session closed for user root
Jun 26 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3010]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2123]: pam_unix(cron:session): session closed for user root
Jun 26 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: Invalid user msu from 43.153.59.240
Jun 26 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: input_userauth_request: invalid user msu [preauth]
Jun 26 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: Failed password for invalid user msu from 43.153.59.240 port 58834 ssh2
Jun 26 18:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: Received disconnect from 43.153.59.240 port 58834:11: Bye Bye [preauth]
Jun 26 18:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3370]: Disconnected from 43.153.59.240 port 58834 [preauth]
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3399]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3400]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3397]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3460]: Successful su for rubyman by root
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3460]: + ??? root:rubyman
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598234 of user rubyman.
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3460]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598234.
Jun 26 18:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session closed for user root
Jun 26 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: Invalid user minecraft from 43.164.192.38
Jun 26 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: input_userauth_request: invalid user minecraft [preauth]
Jun 26 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3398]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: Failed password for invalid user minecraft from 43.164.192.38 port 52898 ssh2
Jun 26 18:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: Received disconnect from 43.164.192.38 port 52898:11: Bye Bye [preauth]
Jun 26 18:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: Disconnected from 43.164.192.38 port 52898 [preauth]
Jun 26 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2597]: pam_unix(cron:session): session closed for user root
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3952]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3950]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4110]: Successful su for rubyman by root
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4110]: + ??? root:rubyman
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598238 of user rubyman.
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4110]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598238.
Jun 26 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session closed for user root
Jun 26 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1064]: pam_unix(cron:session): session closed for user root
Jun 26 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session closed for user root
Jun 26 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Invalid user as3 from 43.153.59.240
Jun 26 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: input_userauth_request: invalid user as3 [preauth]
Jun 26 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Failed password for invalid user as3 from 43.153.59.240 port 37660 ssh2
Jun 26 18:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Received disconnect from 43.153.59.240 port 37660:11: Bye Bye [preauth]
Jun 26 18:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Disconnected from 43.153.59.240 port 37660 [preauth]
Jun 26 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4500]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4501]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4503]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4503]: pam_unix(cron:session): session closed for user root
Jun 26 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4498]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4573]: Successful su for rubyman by root
Jun 26 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4573]: + ??? root:rubyman
Jun 26 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598243 of user rubyman.
Jun 26 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4573]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598243.
Jun 26 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4500]: pam_unix(cron:session): session closed for user root
Jun 26 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1635]: pam_unix(cron:session): session closed for user root
Jun 26 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4499]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: Invalid user admin from 91.92.40.176
Jun 26 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: Invalid user admin1 from 43.164.192.38
Jun 26 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: input_userauth_request: invalid user admin1 [preauth]
Jun 26 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: Failed password for invalid user admin from 91.92.40.176 port 36044 ssh2
Jun 26 18:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: Connection closed by 91.92.40.176 port 36044 [preauth]
Jun 26 18:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: Failed password for invalid user admin1 from 43.164.192.38 port 34218 ssh2
Jun 26 18:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: Received disconnect from 43.164.192.38 port 34218:11: Bye Bye [preauth]
Jun 26 18:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: Disconnected from 43.164.192.38 port 34218 [preauth]
Jun 26 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3400]: pam_unix(cron:session): session closed for user root
Jun 26 18:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.66.85.226  user=root
Jun 26 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: Failed password for root from 80.66.85.226 port 52858 ssh2
Jun 26 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: Connection closed by 80.66.85.226 port 52858 [preauth]
Jun 26 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5051]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5049]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5114]: Successful su for rubyman by root
Jun 26 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5114]: + ??? root:rubyman
Jun 26 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598249 of user rubyman.
Jun 26 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5114]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598249.
Jun 26 18:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2122]: pam_unix(cron:session): session closed for user root
Jun 26 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5050]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3952]: pam_unix(cron:session): session closed for user root
Jun 26 18:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: User man from 43.153.59.240 not allowed because not listed in AllowUsers
Jun 26 18:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: input_userauth_request: invalid user man [preauth]
Jun 26 18:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240  user=man
Jun 26 18:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: Failed password for invalid user man from 43.153.59.240 port 34722 ssh2
Jun 26 18:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: Received disconnect from 43.153.59.240 port 34722:11: Bye Bye [preauth]
Jun 26 18:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: Disconnected from 43.153.59.240 port 34722 [preauth]
Jun 26 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5470]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5469]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5467]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5531]: Successful su for rubyman by root
Jun 26 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5531]: + ??? root:rubyman
Jun 26 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598253 of user rubyman.
Jun 26 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5531]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598253.
Jun 26 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2596]: pam_unix(cron:session): session closed for user root
Jun 26 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5468]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4502]: pam_unix(cron:session): session closed for user root
Jun 26 18:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: Failed password for root from 43.164.192.38 port 43766 ssh2
Jun 26 18:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: Received disconnect from 43.164.192.38 port 43766:11: Bye Bye [preauth]
Jun 26 18:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5833]: Disconnected from 43.164.192.38 port 43766 [preauth]
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5867]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5865]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5923]: Successful su for rubyman by root
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5923]: + ??? root:rubyman
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598257 of user rubyman.
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5923]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598257.
Jun 26 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3012]: pam_unix(cron:session): session closed for user root
Jun 26 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5866]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.132.16  user=root
Jun 26 18:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: Failed password for root from 103.82.132.16 port 52046 ssh2
Jun 26 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: Connection closed by 103.82.132.16 port 52046 [preauth]
Jun 26 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Received disconnect from 176.65.131.192 port 36702:11: disconnected by user [preauth]
Jun 26 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Disconnected from 176.65.131.192 port 36702 [preauth]
Jun 26 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5052]: pam_unix(cron:session): session closed for user root
Jun 26 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6254]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6253]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6251]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6309]: Successful su for rubyman by root
Jun 26 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6309]: + ??? root:rubyman
Jun 26 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598261 of user rubyman.
Jun 26 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6309]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598261.
Jun 26 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3399]: pam_unix(cron:session): session closed for user root
Jun 26 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Invalid user inv from 43.153.59.240
Jun 26 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: input_userauth_request: invalid user inv [preauth]
Jun 26 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6252]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Failed password for invalid user inv from 43.153.59.240 port 54158 ssh2
Jun 26 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Received disconnect from 43.153.59.240 port 54158:11: Bye Bye [preauth]
Jun 26 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Disconnected from 43.153.59.240 port 54158 [preauth]
Jun 26 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Invalid user admin from 91.92.40.176
Jun 26 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Failed password for invalid user admin from 91.92.40.176 port 45384 ssh2
Jun 26 18:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Connection closed by 91.92.40.176 port 45384 [preauth]
Jun 26 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5470]: pam_unix(cron:session): session closed for user root
Jun 26 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6646]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6647]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6647]: pam_unix(cron:session): session closed for user root
Jun 26 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6642]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6726]: Successful su for rubyman by root
Jun 26 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6726]: + ??? root:rubyman
Jun 26 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598265 of user rubyman.
Jun 26 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6726]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598265.
Jun 26 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3950]: pam_unix(cron:session): session closed for user root
Jun 26 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6644]: pam_unix(cron:session): session closed for user root
Jun 26 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Failed password for root from 43.164.192.38 port 53326 ssh2
Jun 26 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Received disconnect from 43.164.192.38 port 53326:11: Bye Bye [preauth]
Jun 26 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Disconnected from 43.164.192.38 port 53326 [preauth]
Jun 26 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6643]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: Received disconnect from 193.142.43.122 port 56576:11: disconnected by user [preauth]
Jun 26 18:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: Disconnected from 193.142.43.122 port 56576 [preauth]
Jun 26 18:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5868]: pam_unix(cron:session): session closed for user root
Jun 26 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7192]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7193]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7189]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7260]: Successful su for rubyman by root
Jun 26 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7260]: + ??? root:rubyman
Jun 26 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598271 of user rubyman.
Jun 26 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7260]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598271.
Jun 26 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4501]: pam_unix(cron:session): session closed for user root
Jun 26 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7190]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Invalid user gap from 43.153.59.240
Jun 26 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: input_userauth_request: invalid user gap [preauth]
Jun 26 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Failed password for invalid user gap from 43.153.59.240 port 36416 ssh2
Jun 26 18:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Received disconnect from 43.153.59.240 port 36416:11: Bye Bye [preauth]
Jun 26 18:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Disconnected from 43.153.59.240 port 36416 [preauth]
Jun 26 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6254]: pam_unix(cron:session): session closed for user root
Jun 26 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7599]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7757]: Successful su for rubyman by root
Jun 26 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7757]: + ??? root:rubyman
Jun 26 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598276 of user rubyman.
Jun 26 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7757]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598276.
Jun 26 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5051]: pam_unix(cron:session): session closed for user root
Jun 26 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: Invalid user rsync from 43.164.192.38
Jun 26 18:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: input_userauth_request: invalid user rsync [preauth]
Jun 26 18:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: Failed password for invalid user rsync from 43.164.192.38 port 34648 ssh2
Jun 26 18:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: Received disconnect from 43.164.192.38 port 34648:11: Bye Bye [preauth]
Jun 26 18:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: Disconnected from 43.164.192.38 port 34648 [preauth]
Jun 26 18:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6646]: pam_unix(cron:session): session closed for user root
Jun 26 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8081]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8080]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8078]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: Invalid user admin from 91.92.40.176
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: Successful su for rubyman by root
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: + ??? root:rubyman
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598279 of user rubyman.
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598279.
Jun 26 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: Failed password for invalid user admin from 91.92.40.176 port 47452 ssh2
Jun 26 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: Connection closed by 91.92.40.176 port 47452 [preauth]
Jun 26 18:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5469]: pam_unix(cron:session): session closed for user root
Jun 26 18:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8079]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Invalid user skywalker from 43.153.59.240
Jun 26 18:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: input_userauth_request: invalid user skywalker [preauth]
Jun 26 18:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Failed password for invalid user skywalker from 43.153.59.240 port 51622 ssh2
Jun 26 18:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Received disconnect from 43.153.59.240 port 51622:11: Bye Bye [preauth]
Jun 26 18:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Disconnected from 43.153.59.240 port 51622 [preauth]
Jun 26 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7193]: pam_unix(cron:session): session closed for user root
Jun 26 18:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: Received disconnect from 185.219.133.156 port 38662:11: disconnected by user [preauth]
Jun 26 18:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: Disconnected from 185.219.133.156 port 38662 [preauth]
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8487]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: Successful su for rubyman by root
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: + ??? root:rubyman
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598283 of user rubyman.
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598283.
Jun 26 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5867]: pam_unix(cron:session): session closed for user root
Jun 26 18:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: Invalid user testvps from 43.164.192.38
Jun 26 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: input_userauth_request: invalid user testvps [preauth]
Jun 26 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session closed for user root
Jun 26 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: Failed password for invalid user testvps from 43.164.192.38 port 44188 ssh2
Jun 26 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: Received disconnect from 43.164.192.38 port 44188:11: Bye Bye [preauth]
Jun 26 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8792]: Disconnected from 43.164.192.38 port 44188 [preauth]
Jun 26 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8880]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8881]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8883]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8882]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8883]: pam_unix(cron:session): session closed for user root
Jun 26 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: Successful su for rubyman by root
Jun 26 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: + ??? root:rubyman
Jun 26 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598289 of user rubyman.
Jun 26 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598289.
Jun 26 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8880]: pam_unix(cron:session): session closed for user root
Jun 26 18:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6253]: pam_unix(cron:session): session closed for user root
Jun 26 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8081]: pam_unix(cron:session): session closed for user root
Jun 26 18:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Invalid user digital from 43.153.59.240
Jun 26 18:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: input_userauth_request: invalid user digital [preauth]
Jun 26 18:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Failed password for invalid user digital from 43.153.59.240 port 42100 ssh2
Jun 26 18:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Received disconnect from 43.153.59.240 port 42100:11: Bye Bye [preauth]
Jun 26 18:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Disconnected from 43.153.59.240 port 42100 [preauth]
Jun 26 18:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Invalid user admin from 141.98.83.240
Jun 26 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 18:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Failed password for invalid user admin from 141.98.83.240 port 42956 ssh2
Jun 26 18:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Failed password for invalid user admin from 141.98.83.240 port 42956 ssh2
Jun 26 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Failed password for invalid user admin from 141.98.83.240 port 42956 ssh2
Jun 26 18:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Connection closed by 141.98.83.240 port 42956 [preauth]
Jun 26 18:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.83.240
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9313]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: Successful su for rubyman by root
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: + ??? root:rubyman
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598293 of user rubyman.
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598293.
Jun 26 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9311]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6645]: pam_unix(cron:session): session closed for user root
Jun 26 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: Invalid user admin from 45.148.10.121
Jun 26 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.121
Jun 26 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session closed for user root
Jun 26 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: Failed password for invalid user admin from 45.148.10.121 port 54152 ssh2
Jun 26 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9618]: Connection closed by 45.148.10.121 port 54152 [preauth]
Jun 26 18:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9659]: Invalid user admin from 91.92.40.176
Jun 26 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9659]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9659]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9659]: Failed password for invalid user admin from 91.92.40.176 port 59262 ssh2
Jun 26 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9659]: Connection closed by 91.92.40.176 port 59262 [preauth]
Jun 26 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: Invalid user youssef from 43.164.192.38
Jun 26 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: input_userauth_request: invalid user youssef [preauth]
Jun 26 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: Failed password for invalid user youssef from 43.164.192.38 port 53730 ssh2
Jun 26 18:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: Received disconnect from 43.164.192.38 port 53730:11: Bye Bye [preauth]
Jun 26 18:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9691]: Disconnected from 43.164.192.38 port 53730 [preauth]
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9716]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9713]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9774]: Successful su for rubyman by root
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9774]: + ??? root:rubyman
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598297 of user rubyman.
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9774]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598297.
Jun 26 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7192]: pam_unix(cron:session): session closed for user root
Jun 26 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9714]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8882]: pam_unix(cron:session): session closed for user root
Jun 26 18:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: Invalid user hcm from 43.153.59.240
Jun 26 18:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: input_userauth_request: invalid user hcm [preauth]
Jun 26 18:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: Failed password for invalid user hcm from 43.153.59.240 port 37642 ssh2
Jun 26 18:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: Received disconnect from 43.153.59.240 port 37642:11: Bye Bye [preauth]
Jun 26 18:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10348]: Disconnected from 43.153.59.240 port 37642 [preauth]
Jun 26 18:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.77.175.15  user=root
Jun 26 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10382]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Failed password for root from 103.77.175.15 port 56788 ssh2
Jun 26 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10440]: Successful su for rubyman by root
Jun 26 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10440]: + ??? root:rubyman
Jun 26 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Connection closed by 103.77.175.15 port 56788 [preauth]
Jun 26 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598301 of user rubyman.
Jun 26 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10440]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598301.
Jun 26 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session closed for user root
Jun 26 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10380]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9313]: pam_unix(cron:session): session closed for user root
Jun 26 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10794]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10858]: Successful su for rubyman by root
Jun 26 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10858]: + ??? root:rubyman
Jun 26 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598307 of user rubyman.
Jun 26 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10858]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598307.
Jun 26 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8080]: pam_unix(cron:session): session closed for user root
Jun 26 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Invalid user ars from 43.164.192.38
Jun 26 18:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: input_userauth_request: invalid user ars [preauth]
Jun 26 18:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Failed password for invalid user ars from 43.164.192.38 port 35052 ssh2
Jun 26 18:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Received disconnect from 43.164.192.38 port 35052:11: Bye Bye [preauth]
Jun 26 18:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Disconnected from 43.164.192.38 port 35052 [preauth]
Jun 26 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9716]: pam_unix(cron:session): session closed for user root
Jun 26 18:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Invalid user stash from 43.153.59.240
Jun 26 18:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: input_userauth_request: invalid user stash [preauth]
Jun 26 18:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Failed password for invalid user stash from 43.153.59.240 port 46724 ssh2
Jun 26 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Received disconnect from 43.153.59.240 port 46724:11: Bye Bye [preauth]
Jun 26 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Disconnected from 43.153.59.240 port 46724 [preauth]
Jun 26 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11213]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11210]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11212]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11211]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11213]: pam_unix(cron:session): session closed for user root
Jun 26 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: Successful su for rubyman by root
Jun 26 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: + ??? root:rubyman
Jun 26 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598312 of user rubyman.
Jun 26 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598312.
Jun 26 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11210]: pam_unix(cron:session): session closed for user root
Jun 26 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8487]: pam_unix(cron:session): session closed for user root
Jun 26 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Invalid user admin from 91.92.40.176
Jun 26 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Failed password for invalid user admin from 91.92.40.176 port 60126 ssh2
Jun 26 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11573]: Connection closed by 91.92.40.176 port 60126 [preauth]
Jun 26 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10382]: pam_unix(cron:session): session closed for user root
Jun 26 18:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Received disconnect from 38.96.178.220 port 39340:11: disconnected by user [preauth]
Jun 26 18:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Disconnected from 38.96.178.220 port 39340 [preauth]
Jun 26 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11664]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11661]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11742]: Successful su for rubyman by root
Jun 26 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11742]: + ??? root:rubyman
Jun 26 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598316 of user rubyman.
Jun 26 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11742]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598316.
Jun 26 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8881]: pam_unix(cron:session): session closed for user root
Jun 26 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11662]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session closed for user root
Jun 26 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38  user=root
Jun 26 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: Invalid user memphis from 43.153.59.240
Jun 26 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: input_userauth_request: invalid user memphis [preauth]
Jun 26 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.59.240
Jun 26 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Failed password for root from 43.164.192.38 port 44596 ssh2
Jun 26 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Received disconnect from 43.164.192.38 port 44596:11: Bye Bye [preauth]
Jun 26 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Disconnected from 43.164.192.38 port 44596 [preauth]
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12126]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12125]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12123]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12186]: Successful su for rubyman by root
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12186]: + ??? root:rubyman
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598320 of user rubyman.
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12186]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598320.
Jun 26 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: Failed password for invalid user memphis from 43.153.59.240 port 33796 ssh2
Jun 26 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: Received disconnect from 43.153.59.240 port 33796:11: Bye Bye [preauth]
Jun 26 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: Disconnected from 43.153.59.240 port 33796 [preauth]
Jun 26 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session closed for user root
Jun 26 18:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12124]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11212]: pam_unix(cron:session): session closed for user root
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12642]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: Successful su for rubyman by root
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: + ??? root:rubyman
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598325 of user rubyman.
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598325.
Jun 26 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session closed for user root
Jun 26 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12643]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11664]: pam_unix(cron:session): session closed for user root
Jun 26 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13062]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13060]: pam_unix(cron:session): session closed for user p13x
Jun 26 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13124]: Successful su for rubyman by root
Jun 26 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13124]: + ??? root:rubyman
Jun 26 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598328 of user rubyman.
Jun 26 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13124]: pam_unix(su:session): session closed for user rubyman
Jun 26 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598328.
Jun 26 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session closed for user root
Jun 26 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session closed for user samftp
Jun 26 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: Invalid user git from 43.164.192.38
Jun 26 18:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: input_userauth_request: invalid user git [preauth]
Jun 26 18:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.164.192.38
Jun 26 18:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: Failed password for invalid user git from 43.164.192.38 port 54130 ssh2
Jun 26 18:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: Received disconnect from 43.164.192.38 port 54130:11: Bye Bye [preauth]
Jun 26 18:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13342]: Disconnected from 43.164.192.38 port 54130 [preauth]
Jun 26 18:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Invalid user admin from 91.92.40.176
Jun 26 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: input_userauth_request: invalid user admin [preauth]
Jun 26 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): check pass; user unknown
Jun 26 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.92.40.176
Jun 26 18:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Failed password for invalid user admin from 91.92.40.176 port 53382 ssh2
Jun 26 18:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Connection closed by 91.92.40.176 port 53382 [preauth]
Jun 26 18:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12126]: pam_unix(cron:session): session closed for user root
Jun 26 18:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jun 26 18:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.238.114  user=root
Jun 26 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: Failed password for root from 103.27.238.114 port 53024 ssh2
Jun 26 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: Connection closed by 103.27.238.114 port 53024 [preauth]
Jun 26 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13479]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13477]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13478]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13473]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13473]: pam_unix(cron:session): session closed for user root
Jun 26 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13479]: pam_unix(cron:session): session closed for user root
Jun 26 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13471]: pam_unix(cron:session): session closed for user p13x
Jun 26 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13563]: Successful su for rubyman by root
Jun 26 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13563]: + ??? root:rubyman
Jun 26 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598335 of user rubyman.
Jun 26 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13563]: pam_unix(su:session): session closed for user rubyman
Jun 26 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598335.
Jun 26 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10794]: pam_unix(cron:session): session closed for user root
Jun 26 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session closed for user root
Jun 26 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13472]: pam_unix(cron:session): session closed for user samftp
Jun 26 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session closed for user root
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13984]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13985]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13982]: pam_unix(cron:session): session closed for user p13x
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14048]: Successful su for rubyman by root
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14048]: + ??? root:rubyman
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: New session 598339 of user rubyman.
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14048]: pam_unix(su:session): session closed for user rubyman
Jun 26 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[411]: Removed session 598339.